Changeset 2522576

Timestamp:

04/28/2021 08:53:27 AM (5 years ago)

Author:

integromat

Message:

v1.4

Location:

integromat-connector/trunk

Files:

• api/authentication.php (modified) (3 diffs)
• class/Logger.php (modified) (3 diffs)
• index.php (modified) (3 diffs)
• readme.txt (modified) (2 diffs)
• settings/render.php (modified) (1 diff)

integromat-connector/trunk/api/authentication.php

@@ -4 +4 @@
 
     $skip = false;
-    $skipReason = [];
+    $codes = [];
+    $log = (get_option('iwc-logging-enabled') == 'true') ? true : false;
 
-    // Don't use our middleware when another authentication method is in use
-    if (isset($_GET['consumer_key']) && isset($_GET['consumer_secret'])) {
-        $skip = true;
-        $skipReason[] = 'WooCommerce credentials provided.';
-    }
 
     if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
         $skip = true;
-        $skipReason[] = 'Basic Auth credentials provided.';
+        $codes[] = 1;
     }
 
     if (is_user_logged_in()) {
         $skip = true;
-        $skipReason[] = 'User is logged in.';
+        $codes[] = 2;
     }
 
@@ -25 +21 @@
     if ($userId === 0) {
         $skip = true;
-        $skipReason[] = 'Can\'t find an admin user.';
+        $codes[] = 3;
     }
 
-    if (get_option('iwc-logging-enabled') == 'true') {
-        \Integromat\Logger::write($skip, implode(' ', $skipReason));
-    }
-
-    // Skip our authorization and let the request pass through
     if ($skip) {
+        $log && \Integromat\Logger::write(implode(', ', $codes));
         return $result;
     }
@@ -40 +32 @@
 
         $token = $_SERVER['HTTP_IWC_API_KEY'];
+
         if (strlen($token) !== \Integromat\ApiToken::API_TOKEN_LENGTH || !\Integromat\ApiToken::isValid($token)) {
+            $log && \Integromat\Logger::write(6);
             \Integromat\RestResponse::renderError(401, 'Provided API key is invalid', 'invalid_token');
         } else {
             \Integromat\User::login($userId);
+            $log && \Integromat\Logger::write(7);
+            \Integromat\RestRequest::dispatch();
         }
 
-        \Integromat\RestRequest::dispatch();
+    } else {
+        if (\Integromat\Guard::isProtected()) {
+            $log && \Integromat\Logger::write(5);
+            \Integromat\RestResponse::renderError(401, 'API key is missing', 'missing_token');
 
-    } else {
-        \Integromat\RestResponse::renderError(401, 'API key is missing', 'missing_token');
+        } else {
+            $log && \Integromat\Logger::write(4);
+            return $result;
+        }
     }
 

integromat-connector/trunk/class/Logger.php

@@ -79 +79 @@
 
 
-    private static function getRecord($skip, $skipReason)
+    private static function getRecord($codes)
     {
         $r = [
-            'requestUri'  => self::stripRequestQuery($_SERVER['REQUEST_URI']),
-            'clientIp'    => $_SERVER['REMOTE_ADDR'],
-            'skipIwcAuth' => (string) $skip,
-            'skipReason'  => $skipReason,
-            'userLogged'  => (string) is_user_logged_in(),
+            'request' => $_SERVER['REQUEST_METHOD'] . ' ' . self::stripRequestQuery($_SERVER['REQUEST_URI']),
+            'ip'      => $_SERVER['REMOTE_ADDR'],
+            'codes'   => $codes . '(' . (string) is_user_logged_in() . ')',
         ];
         $r = str_replace(['[', 'Array', ']'], '', print_r($r, true));
@@ -94 +92 @@
 
 
-    public static function write($skip, $skipReason)
+    public static function write($codes)
     {
         self::check();
         $logData = self::getPlainFileContent();
-        $newLogData = self::encrypt($logData . self::getRecord($skip, $skipReason));
+        $newLogData = self::encrypt($logData . self::getRecord($codes));
         file_put_contents(self::getFileLocation(), $newLogData);
     }
@@ -117 +115 @@
         $key = get_option('iwc_api_key');
         if (empty($key)) {
-            file_put_contents(self::getFileLocation(), 'iwc-api-key Not Found');
+            file_put_contents(self::getFileLocation(), 'iwc_api_key Not Found');
         }
         return $key;

integromat-connector/trunk/index.php

@@ -3 +3 @@
 /**
  * @package Integromat_Connector
- * @version 1.3
+ * @version 1.4
  */
 
@@ -11 +11 @@
 Author: Integromat
 Author URI: https://www.integromat.com/
-Version: 1.3
+Version: 1.4
 */
 
@@ -22 +22 @@
 include __DIR__ . '/class/RestResponse.php';
 include __DIR__ . '/class/ApiToken.php';
+include __DIR__ . '/class/Guard.php';
 include __DIR__ . '/class/Logger.php';
 

integromat-connector/trunk/readme.txt

@@ -5 +5 @@
 Tested up to: 5.7
 Requires PHP: 5.6
-Stable tag: 1.2
+Stable tag: 1.4
 License: GPLv2 or later
 
@@ -24 +24 @@
 == Changelog ==
 
+= 1.4 =
+* Enhanced API calls logging
+* Fixed blocking of some internal API calls
+
 = 1.3 =
 * Added possibility of API calls logging

integromat-connector/trunk/settings/render.php

@@ -18 +18 @@
             include_once __DIR__ . '/template/connector.phtml';
         },
-        plugin_dir_url('') . IWC_PLUGIN_NAME_SAFE . '/assets/integromat-white.svg'
+        plugin_dir_url('') . '/integromat-connector/assets/integromat-white.svg'
     );