svn commit: r796255 - /incubator/shindig/trunk/php/src/gadgets/MetadataHandler.php

Tue, 21 Jul 2009 04:28:39 -0700 

Author: chabotc
Date: Tue Jul 21 11:28:13 2009
New Revision: 796255

URL: http://svn.apache.org/viewvc?rev=796255&view=rev
Log:
Add SecurityToken parsing to the metadata handler so that gadgets with signed 
preloads can be added correctly

Modified:
    incubator/shindig/trunk/php/src/gadgets/MetadataHandler.php

Modified: incubator/shindig/trunk/php/src/gadgets/MetadataHandler.php
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/gadgets/MetadataHandler.php?rev=796255&r1=796254&r2=796255&view=diff
==============================================================================
--- incubator/shindig/trunk/php/src/gadgets/MetadataHandler.php (original)
+++ incubator/shindig/trunk/php/src/gadgets/MetadataHandler.php Tue Jul 21 
11:28:13 2009
@@ -1,4 +1,5 @@
 <?php
+
 /**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
@@ -27,16 +28,40 @@
         $gadgetUrl = $gadget->url;
         $gadgetModuleId = $gadget->moduleId;
         $context = new MetadataGadgetContext($requests->context, $gadgetUrl);
-        $gadgetServer = new GadgetFactory($context, null);
+        $token = $this->getSecurityToken();
+        $gadgetServer = new GadgetFactory($context, $token);
         $gadget = $gadgetServer->createGadget($gadgetUrl);
         $response[] = $this->makeResponse($gadget, $gadgetModuleId, 
$gadgetUrl, $context);
       } catch (Exception $e) {
-        $response[] = array('errors' => array($e->getMessage()), 'moduleId' => 
$gadgetModuleId, 'url' => $gadgetUrl);
+        $response[] = array('errors' => array($e->getMessage()),
+            'moduleId' => $gadgetModuleId, 'url' => $gadgetUrl);
       }
     }
     return $response;
   }
 
+  private function getSecurityToken() {
+    $token = isset($_POST['st']) ? $_POST['st'] : (isset($_GET['st']) ? 
$_GET['st'] : '');
+    if (empty($token)) {
+      if (Config::get('allow_anonymous_token')) {
+        // no security token, continue anonymously, remeber to check
+        // for private profiles etc in your code so their not publicly
+        // accessable to anoymous users! Anonymous == owner = viewer = appId = 
modId = 0
+        // create token with 0 values, no gadget url, no domain and 0 duration
+        $gadgetSigner = Config::get('security_token');
+        return new $gadgetSigner(null, 0, SecurityToken::$ANONYMOUS, 
SecurityToken::$ANONYMOUS, 0, '', '', 0, Config::get('container_id'));
+      } else {
+        return null;
+      }
+    }
+    if (count(explode(':', $token)) != 7) {
+      $token = urldecode(base64_decode($token));
+    }
+    $gadgetSigner = Config::get('security_token_signer');
+    $gadgetSigner = new $gadgetSigner();
+    return $gadgetSigner->createToken($token);
+  }
+
   private function getIframeURL(Gadget $gadget, GadgetContext $context) {
     $v = $gadget->getChecksum();
     $view = $gadget->getView($context->getView());
@@ -49,7 +74,6 @@
     return Config::get('default_iframe_prefix') . 'container=' . 
$context->getContainer() . ($context->getIgnoreCache() ? '&nocache=1' : '&v=' . 
$v) . ($context->getModuleId() != 0 ? '&mid=' . $context->getModuleId() : '') . 
'&lang=' . $locale['lang'] . '&country=' . $locale['country'] . '&view=' . 
$view['view'] . $up . '&url=' . urlencode($context->getUrl());
   }
 
-
   private function makeResponse($gadget, $gadgetModuleId, $gadgetUrl, 
$context) {
     $response = array();
     $prefs = array();

Reply via email to