From 7eec8ad45b0db1c75dcedf394e05d69bea8c4472 Mon Sep 17 00:00:00 2001 From: Vaishali K Date: Tue, 30 Jan 2018 17:50:49 +0530 Subject: [PATCH 1/6] support for x-identifier pushed --- elements/integration.php | 111 ++++++++++++ language/en-GB/en-GB.plg_api_users.ini | 10 ++ language/en-GB/en-GB.plg_api_users.sys.ini | 8 + users.php | 43 +++++ users.xml | 35 ++++ users/user.php | 197 +++++++++++++++++++++ 6 files changed, 404 insertions(+) create mode 100644 elements/integration.php create mode 100644 language/en-GB/en-GB.plg_api_users.ini create mode 100644 language/en-GB/en-GB.plg_api_users.sys.ini create mode 100644 users.php create mode 100644 users.xml create mode 100644 users/user.php diff --git a/elements/integration.php b/elements/integration.php new file mode 100644 index 0000000..cec2342 --- /dev/null +++ b/elements/integration.php @@ -0,0 +1,111 @@ + + * @package Com_Tjlms + * @copyright Copyright (C) 2005 - 2014. All rights reserved. + * @license GNU General Public License version 2 or later; see LICENSE.txt + * Shika is free software. This version may have been modified pursuant + * to the GNU General Public License, and as distributed it includes or + * is derivative of works licensed under the GNU General Public License or + * other free or open source software licenses. + */ + +// No direct access +defined('_JEXEC') or die; + +jimport('joomla.html.pane'); +jimport('joomla.application.component.helper'); +jimport('joomla.filesystem.folder'); +jimport('joomla.form.formfield'); + +/** + * Class for custom Integration element + * + * @since 1.0.0 + */ +class JFormFieldIntegration extends JFormField +{ + /** + * Function to genarate html of custom element + * + * @return HTML + * + * @since 1.0.0 + */ + public function getInput() + { + return $this->fetchElement($this->name, $this->value, $this->element, $this->options['controls']); + } + + /** + * Function to genarate html of custom element + * + * @param STRING $name Name of the element + * @param STRING $value Default value of the element + * @param STRING $node asa + * @param STRING $control_name asda + * + * @return HTML + * + * @since 1.0.0 + */ + public function fetchElement($name, $value, $node, $control_name) + { + $communitymainfile = JPATH_SITE . '/components/com_community/libraries/core.php'; + $esfolder = JPATH_SITE . '/components/com_easysocial'; + + $jsString = ""; + echo $jsString; + + $options[] = JHTML::_('select.option', 'joomla', JText::_('PLG_USER_API_JOOMLA')); + /* $options[] = JHTML::_('select.option', 'jomsocial', JText::_('PLG_USER_API_JOMSOCIAL')); */ + $options[] = JHTML::_('select.option', 'easysocial', JText::_('PLG_USER_API_EASYSOCIAL')); + + $fieldName = $name; + + return JHtml::_('select.genericlist', + $options, $fieldName, + 'class="inputbox tjlmsintegration btn-group" onchange="checkIfExtInstalled(this.name, this.value)" ', + 'value', 'text', $value, $control_name . $name + ); + } +} diff --git a/language/en-GB/en-GB.plg_api_users.ini b/language/en-GB/en-GB.plg_api_users.ini new file mode 100644 index 0000000..4be7780 --- /dev/null +++ b/language/en-GB/en-GB.plg_api_users.ini @@ -0,0 +1,10 @@ +; +PLG_API_USERS="API - USERS" +PLG_API_USERS_DESCRIPTION="This plugin exposes Joomla! user CRUD API. suppose create, update, delete, get user and get users" +PLG_USER_API_SOCIAL_INTEGRATION_LABEL="Select Social Integration" +PLG_USER_API_SOCIAL_INTEGRATION_DESC="Selected Social component's user custom fields will be created after Joomla user creation or updating" + +:Social Integration +PLG_USER_API_JOOMLA="Joomla" +PLG_USER_API_JOMSOCIAL="JomSocial" +PLG_USER_API_EASYSOCIAL="EasySocial" \ No newline at end of file diff --git a/language/en-GB/en-GB.plg_api_users.sys.ini b/language/en-GB/en-GB.plg_api_users.sys.ini new file mode 100644 index 0000000..670ea2c --- /dev/null +++ b/language/en-GB/en-GB.plg_api_users.sys.ini @@ -0,0 +1,8 @@ +; Joomla! Project +; Copyright (C) 2005 - 2017 Open Source Matters. All rights reserved. +; License GNU General Public License version 2 or later; see LICENSE.txt, see LICENSE.php +; Note : All ini files need to be saved as UTF-8 + +PLG_API_USERS="API - USERS" +PLG_API_USERS_DESCRIPTION="This plugin exposes Joomla! user CRUD API. suppose create, update, delete, get user and get users" + diff --git a/users.php b/users.php new file mode 100644 index 0000000..d4136db --- /dev/null +++ b/users.php @@ -0,0 +1,43 @@ +load('plg_api_users', JPATH_ADMINISTRATOR, '', true); + $this->setResourceAccess('login', 'public','get'); + $this->setResourceAccess('user', 'public', 'post'); + $this->setResourceAccess('config', 'public', 'get'); + } +} diff --git a/users.xml b/users.xml new file mode 100644 index 0000000..8f09041 --- /dev/null +++ b/users.xml @@ -0,0 +1,35 @@ + + + PLG_API_USERS + 1.8.7 + 10/11/2014 + Techjoomla + extensions@techjoomla.com + www.techjoomla.com + Techjoomla. All rights reserved. + http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL + PLG_API_USERS_DESCRIPTION + + users.php + users + elements + + + en-GB/en-GB.plg_api_users.ini + en-GB/en-GB.plg_api_users.sys.ini + + + +
+ + +
+ + + diff --git a/users/user.php b/users/user.php new file mode 100644 index 0000000..f8c7af3 --- /dev/null +++ b/users/user.php @@ -0,0 +1,197 @@ +result = new stdClass; + + $identifier = $app->input->server->get('HTTP_X_IDENTIFIER'); + + $data = array(); + + if (!$identifier || $identifier == 'id') + { + $data['id'] = $app->input->getInt('id', 0, 'INT'); + } + else + { + if (!in_array($identifier, array('id', 'email', 'username'))) + { + ApiError::raiseError("400", JText::_('PLG_API_USERS_INCORRECT_IDENTIFIER'), 'APIValidationException'); + + return $returnData; + } + + $temp = $app->input->getString('id'); + + if ($identifier == 'username') + { + $data['id'] = JUserHelper::getUserId($temp); + } + elseif ($identifier == 'email') + { + $data['id'] = $this->getUserId($temp); + } + } + + $groups = array(2); + + $user = new JUser($data['id']); + + if ($user->id) + { + $groups = $app->input->get('groups', array(), 'ARRAY'); + + if (empty($groups)) + { + $groups = $user->groups; + } + } + /*else + { + ApiError::raiseError("400", JText::_('PLG_API_USERS_USER_DOES_NOT_EXISTS'), 'APIValidationException'); + + return $returnData; + }*/ + + + $data['username'] = $app->input->getString('username', $user->get('username')); + $data['name'] = $app->input->getString('name', $user->get('name')); + $data['password'] = $app->input->getString('password', ''); + $data['email'] = $app->input->getString('email', $user->get('email')); + $data['groups'] = $app->input->get('groups', $groups, 'ARRAY'); + $data['block'] = $app->input->getInt('block', $user->get('block')); + $data['fields'] = $app->input->get('fields', '', 'ARRAY'); + + $newUser = false; + + if ($data['id'] == '' && ($data['name'] == '' || $data['email'] == '')) + { + ApiError::raiseError("400", JText::_('PLG_API_USERS_REQUIRED_DATA_EMPTY_MESSAGE'), 'APIValidationException'); + + return $returnData; + } + + + if (!$data['username']) + { + $data['username'] = $data['email']; + } + + // Check new or old user + if (!$user->id) + { + $newUser = true; + } + //echo $newUser; + //print_r($user); + if ($user->bind($data)) + { + // If $newUser is true it will update the user else create new user + //print_r($user);die; + + if ($user->save()) + { + if ($data['fields']) + { + $libraryObject = $this->getSocialLibraryObject(); + $libraryObject->addUserFields($data['fields'], $user->id); + } + + unset($data['password']); + unset($data['password2']); + + $data['id'] = $user->id; + $returnData->result = $data; + $this->plugin->setResponse($returnData); + + return $returnData; + } + } + + ApiError::raiseError("400", $user->getError()); + + return $returnData; + } + + /** + * Returns userid if a user exists + * + * @param string $email The email to search on. + * + * @return integer The user id or 0 if not found. + * + * @since 11.1 + */ + private function getUserId($email) + { + // Initialise some variables + $db = \JFactory::getDbo(); + $query = $db->getQuery(true) + ->select($db->quoteName('id')) + ->from($db->quoteName('#__users')) + ->where($db->quoteName('email') . ' = ' . $db->quote($email)); + $db->setQuery($query, 0, 1); + + return $db->loadResult(); + } + /** + * Get social library object depending on the integration set. + * + * @return Soical library object + * + * @since 1.0.0 + */ + public function getSocialLibraryObject() + { + $plugin = JPluginHelper::getPlugin('api', 'users'); + $params = new JRegistry($plugin->params); + $socialIntegration = $params->get('social_integration', 'joomla'); + + if ($socialIntegration == 'joomla') + { + jimport('techjoomla.jsocial.joomla'); + $SocialLibraryObject = new JSocialJoomla; + } + elseif ($socialIntegration == 'jomsocial') + { + jimport('techjoomla.jsocial.jomsocial'); + $SocialLibraryObject = new JSocialJomSocial; + } + elseif ($socialIntegration == 'easysocial') + { + jimport('techjoomla.jsocial.easysocial'); + $SocialLibraryObject = new JSocialEasySocial; + } + + return $SocialLibraryObject; + } +} From 3a8c9fc83bf80406c1c3b9cf029f4f6620af5bfa Mon Sep 17 00:00:00 2001 From: vaishali Date: Thu, 9 May 2019 18:06:54 +0530 Subject: [PATCH 2/6] Issue #15 fix: User update (patch) is not working for resource #16 --- src/language/en-GB/en-GB.plg_api_users.ini | 6 +- src/users/user.php | 191 ++++++++++----------- 2 files changed, 100 insertions(+), 97 deletions(-) diff --git a/src/language/en-GB/en-GB.plg_api_users.ini b/src/language/en-GB/en-GB.plg_api_users.ini index 1e75e9c..aac665d 100755 --- a/src/language/en-GB/en-GB.plg_api_users.ini +++ b/src/language/en-GB/en-GB.plg_api_users.ini @@ -2,7 +2,7 @@ PLG_API_USERS="API - Users" PLG_API_USERS_DESCRIPTION="This plugin exposes users to the Joomla! API. Supports creation, listing and login for users." PLG_API_USERS_BAD_REQUEST_MESSAGE="Bad request" PLG_API_USERS_REQUIRED_DATA_EMPTY_MESSAGE="Required data is empty" -PLG_API_USERS_ACCOUNT_CREATED_SUCCESSFULLY_MESSAGE="Congratulations! Your account has been created successfully" +PLG_API_USERS_ACCOUNT_CREATED_SUCCESSFULLY_MESSAGE="Congratulations! Account has been created successfully" PLG_API_USERS_PROFILE_CREATED_SUCCESSFULLY_MESSAGE="profile created successfully" PLG_API_USERS_UNABLE_CREATE_PROFILE_MESSAGE="Unable to create profile" PLG_API_USERS_EASYSOCIAL_NOT_INSTALL_MESSAGE="Easysocial is not installed properly" @@ -15,3 +15,7 @@ PLG_API_USERS_UNSUPPORTED_METHOD_POST="unsupported method,please use get method" PLG_API_USERS_USERS="users/" PLG_API_USERS_IN_DELETE="in delete" PLG_API_USERS_IN_POST="in post" + +; Since v2.0.1 +PLG_API_USERS_ACCOUNT_UPDATED_SUCCESSFULLY_MESSAGE="Account details updated successfully" +PLG_API_USERS_USER_DELETE_MESSAGE="Account deleted successfully" diff --git a/src/users/user.php b/src/users/user.php index bee8825..65fe662 100644 --- a/src/users/user.php +++ b/src/users/user.php @@ -28,77 +28,38 @@ class UsersApiResourceUser extends ApiResource */ public function post() { - $app = JFactory::getApplication(); - $userIdentifier = $app->input->get('id', 0, 'String'); - $formData = $app->input->getArray(); - $params = JComponentHelper::getParams("com_users"); - $response = new stdClass; - - $xidentifier = $app->input->server->get('HTTP_X_IDENTIFIER'); - $fidentifier = $app->input->server->get('HTTP_FORCECREATE'); - - if ($formData['username'] == '' || $formData['name'] == '' || $formData['email'] == '') - { - ApiError::raiseError(400, JText::_('PLG_API_USERS_REQUIRED_DATA_EMPTY_MESSAGE')); - - return; - } + $app = JFactory::getApplication(); + $params = JComponentHelper::getParams("com_users"); + $formData = $app->input->getArray(); + $userIdentifier = $app->input->get('id', 0, 'string'); // Get current logged in user. - $my = JFactory::getUser(); + $me = $this->plugin->get('user'); - // Check if $userIdentifier is not set - if (empty($userIdentifier)) + if (!empty($userIdentifier)) { - if ($formData['password'] == '') - { - ApiError::raiseError(400, JText::_('PLG_API_USERS_REQUIRED_DATA_EMPTY_MESSAGE')); - - return; - } + $user = $this->retriveUser($userIdentifier); - // Set default group if nothing is passed for group. - if (empty($formData['groups'])) - { - $formData['groups'] = array($params->get("new_usertype", 2)); - } - - // Get a blank user object - $user = new JUser; - - // Create new user. - $response = $this->storeUser($user, $formData, 1); - $this->plugin->setResponse($response); - - return; - } - else - { - // Get a user object - $user = $this->retriveUser($xidentifier, $userIdentifier); - $passedUserGroups = array(); - - // If user is already present then update it according to access. if (!empty($user->id)) { - $iAmSuperAdmin = $my->authorise('core.admin'); + $iAmSuperAdmin = $me->authorise('core.admin'); - // Check if regular user is tring to update himself. - if ($my->id == $user->id || $iAmSuperAdmin) + // Check if regular user is trying to update his/her own profile OR if user is superadmin + if ($me->id == $user->id || $iAmSuperAdmin) { - // If present then update or else dont include. + // If password present then update password2 or else dont include. if (!empty($formData['password'])) { $formData['password2'] = $formData['password']; } - // Add newly added groups and keep the old one as it is. + /*// Add newly added groups and keep the old one as it is. if (!empty($formData['groups'])) { - $passedUserGroups['groups'] = array_unique(array_merge($user->groups, $formData['groups'])); - } + $formData['groups'] = array_unique(array_merge($user->groups, $formData['groups'])); + }*/ - $response = $this->storeUser($user, $passedUserGroups); + $response = $this->storeUser($user, $formData); $this->plugin->setResponse($response); return; @@ -112,37 +73,60 @@ public function post() } else { - if ($fidentifier) - { - $user = new JUser; + ApiError::raiseError(400, JText::_('PLG_API_USERS_USER_NOT_FOUND_MESSAGE')); - if ($formData['password'] == '') - { - ApiError::raiseError(400, JText::_('PLG_API_USERS_REQUIRED_DATA_EMPTY_MESSAGE')); + return; + } + } + // Check if $userIdentifier is not set - POST / CREATE user case + else + { + // Validate required fields + if ($formData['username'] == '' || $formData['name'] == '' || $formData['email'] == '') + { + ApiError::raiseError(400, JText::_('PLG_API_USERS_REQUIRED_DATA_EMPTY_MESSAGE')); - return; - } + return; + } - // Set default group if nothing is passed for group. - if (empty($formData['groups'])) - { - $formData['groups'] = array($params->get("new_usertype", 2)); - } + // Set default group if nothing is passed for group. + if (empty($formData['groups'])) + { + $formData['groups'] = array($params->get("new_usertype", 2)); + } - // Create new user. - $response = $this->storeUser($user, $formData, 1); - $this->plugin->setResponse($response); + // Get a blank user object + $user = new JUser; - return; - } - else - { - ApiError::raiseError(400, JText::_('PLG_API_USERS_USER_ABSENT_MESSAGE')); + // Create new user. + $response = $this->storeUser($user, $formData, 1); + $this->plugin->setResponse($response); - return; - } + return; + } + } + + /** + * Funtion to remove sensitive user info fields like password + * + * @param Object $user The user object. + * @param Array $fields Array of fields to be unset + * + * @return object|void $user + * + * @since 2.0.1 + */ + protected function sanitizeUserFields($user, $fields = array('password', 'password_clear', 'otpKey', 'otep')) + { + foreach ($fields as $f) + { + if (isset($user->{$f})) + { + unset($user->{$f}); } } + + return $user; } /** @@ -154,9 +138,8 @@ public function post() */ public function get() { - $input = JFactory::getApplication()->input; - $id = $input->get('id', 0, 'int'); - $xidentifier = $input->server->get('HTTP_X_IDENTIFIER', '', 'String'); + $input = JFactory::getApplication()->input; + $id = $input->get('id', 0, 'string'); /* * If we have an id try to fetch the user @@ -164,17 +147,15 @@ public function get() */ if ($id) { - // Get a user object - $user = $this->retriveUser($xidentifier, $id); + // Get user object + $user = $this->retriveUser($id); - if (! $user->id) + if (!$user->id) { ApiError::raiseError(400, JText::_('PLG_API_USERS_USER_NOT_FOUND_MESSAGE')); return; } - - $this->plugin->setResponse($user); } else { @@ -184,9 +165,11 @@ public function get() { ApiError::raiseError(400, JText::_('JERROR_ALERTNOAUTHOR')); } - - $this->plugin->setResponse($user); } + + $user = $this->sanitizeUserFields($user); + + $this->plugin->setResponse($user); } /** @@ -224,8 +207,22 @@ private function getUserId($email) private function storeUser($user, $formData, $isNew = 0) { $response = new stdClass; + $ignore = array(); + + // Ignore pasword field if not set to avoid warning on bind() + if (!isset($formData['password'])) + { + $ignore[] = 'password'; + } - if (!$user->bind($formData)) + // In case of edit user, set formData->id as $user->id no matter what is passed in x-identifier + // Otherwise - it will try to create new user + if (!$isNew) + { + $formData['id'] = $user->id; + } + + if (!$user->bind($formData, $ignore)) { ApiError::raiseError(400, $user->getError()); @@ -239,6 +236,7 @@ private function storeUser($user, $formData, $isNew = 0) return; } + // Set user id to be returned $response->id = $user->id; if ($isNew) @@ -262,16 +260,15 @@ private function storeUser($user, $formData, $isNew = 0) */ public function delete() { - $app = JFactory::getApplication(); - $userIdentifier = $app->input->get('id', 0, 'STRING'); - $xidentifier = $app->input->server->get('HTTP_X_IDENTIFIER', '', 'String'); + $app = JFactory::getApplication(); + $userIdentifier = $app->input->get('id', 0, 'string'); $loggedUser = JFactory::getUser(); // Check if I am a Super Admin $iAmSuperAdmin = $loggedUser->authorise('core.admin'); - $userToDelete = $this->retriveUser($xidentifier, $userIdentifier); + $userToDelete = $this->retriveUser($xIdentifier, $userIdentifier); if (!$userToDelete->id) { @@ -319,19 +316,21 @@ public function delete() /** * Function retriveUser for get user details depending upon the identifier. * - * @param string $xidentifier Flag to differentiate the column value. - * * @param string $userIdentifier username * * @return object $user Juser object if user exist otherwise std class. * * @since 2.0 */ - private function retriveUser($xidentifier, $userIdentifier) + private function retriveUser($userIdentifier) { $user = new stdClass; - switch ($xidentifier) + // Flag to differentiate the column value + $app = JFactory::getApplication(); + $xIdentifier = $app->input->server->get('HTTP_X_IDENTIFIER', '', 'string'); + + switch ($xIdentifier) { case 'username': $userId = JUserHelper::getUserId($userIdentifier); From b088c84dcc7e07c6c37856aa28aa633a1b7a65b6 Mon Sep 17 00:00:00 2001 From: vaishali Date: Thu, 9 May 2019 18:15:51 +0530 Subject: [PATCH 3/6] Issue #15 fix: removed folders from fork --- elements/integration.php | 111 ------------ language/en-GB/en-GB.plg_api_users.ini | 10 -- language/en-GB/en-GB.plg_api_users.sys.ini | 8 - users.php | 43 ----- users.xml | 35 ---- users/user.php | 197 --------------------- 6 files changed, 404 deletions(-) delete mode 100644 elements/integration.php delete mode 100644 language/en-GB/en-GB.plg_api_users.ini delete mode 100644 language/en-GB/en-GB.plg_api_users.sys.ini delete mode 100644 users.php delete mode 100644 users.xml delete mode 100644 users/user.php diff --git a/elements/integration.php b/elements/integration.php deleted file mode 100644 index cec2342..0000000 --- a/elements/integration.php +++ /dev/null @@ -1,111 +0,0 @@ - - * @package Com_Tjlms - * @copyright Copyright (C) 2005 - 2014. All rights reserved. - * @license GNU General Public License version 2 or later; see LICENSE.txt - * Shika is free software. This version may have been modified pursuant - * to the GNU General Public License, and as distributed it includes or - * is derivative of works licensed under the GNU General Public License or - * other free or open source software licenses. - */ - -// No direct access -defined('_JEXEC') or die; - -jimport('joomla.html.pane'); -jimport('joomla.application.component.helper'); -jimport('joomla.filesystem.folder'); -jimport('joomla.form.formfield'); - -/** - * Class for custom Integration element - * - * @since 1.0.0 - */ -class JFormFieldIntegration extends JFormField -{ - /** - * Function to genarate html of custom element - * - * @return HTML - * - * @since 1.0.0 - */ - public function getInput() - { - return $this->fetchElement($this->name, $this->value, $this->element, $this->options['controls']); - } - - /** - * Function to genarate html of custom element - * - * @param STRING $name Name of the element - * @param STRING $value Default value of the element - * @param STRING $node asa - * @param STRING $control_name asda - * - * @return HTML - * - * @since 1.0.0 - */ - public function fetchElement($name, $value, $node, $control_name) - { - $communitymainfile = JPATH_SITE . '/components/com_community/libraries/core.php'; - $esfolder = JPATH_SITE . '/components/com_easysocial'; - - $jsString = ""; - echo $jsString; - - $options[] = JHTML::_('select.option', 'joomla', JText::_('PLG_USER_API_JOOMLA')); - /* $options[] = JHTML::_('select.option', 'jomsocial', JText::_('PLG_USER_API_JOMSOCIAL')); */ - $options[] = JHTML::_('select.option', 'easysocial', JText::_('PLG_USER_API_EASYSOCIAL')); - - $fieldName = $name; - - return JHtml::_('select.genericlist', - $options, $fieldName, - 'class="inputbox tjlmsintegration btn-group" onchange="checkIfExtInstalled(this.name, this.value)" ', - 'value', 'text', $value, $control_name . $name - ); - } -} diff --git a/language/en-GB/en-GB.plg_api_users.ini b/language/en-GB/en-GB.plg_api_users.ini deleted file mode 100644 index 4be7780..0000000 --- a/language/en-GB/en-GB.plg_api_users.ini +++ /dev/null @@ -1,10 +0,0 @@ -; -PLG_API_USERS="API - USERS" -PLG_API_USERS_DESCRIPTION="This plugin exposes Joomla! user CRUD API. suppose create, update, delete, get user and get users" -PLG_USER_API_SOCIAL_INTEGRATION_LABEL="Select Social Integration" -PLG_USER_API_SOCIAL_INTEGRATION_DESC="Selected Social component's user custom fields will be created after Joomla user creation or updating" - -:Social Integration -PLG_USER_API_JOOMLA="Joomla" -PLG_USER_API_JOMSOCIAL="JomSocial" -PLG_USER_API_EASYSOCIAL="EasySocial" \ No newline at end of file diff --git a/language/en-GB/en-GB.plg_api_users.sys.ini b/language/en-GB/en-GB.plg_api_users.sys.ini deleted file mode 100644 index 670ea2c..0000000 --- a/language/en-GB/en-GB.plg_api_users.sys.ini +++ /dev/null @@ -1,8 +0,0 @@ -; Joomla! Project -; Copyright (C) 2005 - 2017 Open Source Matters. All rights reserved. -; License GNU General Public License version 2 or later; see LICENSE.txt, see LICENSE.php -; Note : All ini files need to be saved as UTF-8 - -PLG_API_USERS="API - USERS" -PLG_API_USERS_DESCRIPTION="This plugin exposes Joomla! user CRUD API. suppose create, update, delete, get user and get users" - diff --git a/users.php b/users.php deleted file mode 100644 index d4136db..0000000 --- a/users.php +++ /dev/null @@ -1,43 +0,0 @@ -load('plg_api_users', JPATH_ADMINISTRATOR, '', true); - $this->setResourceAccess('login', 'public','get'); - $this->setResourceAccess('user', 'public', 'post'); - $this->setResourceAccess('config', 'public', 'get'); - } -} diff --git a/users.xml b/users.xml deleted file mode 100644 index 8f09041..0000000 --- a/users.xml +++ /dev/null @@ -1,35 +0,0 @@ - - - PLG_API_USERS - 1.8.7 - 10/11/2014 - Techjoomla - extensions@techjoomla.com - www.techjoomla.com - Techjoomla. All rights reserved. - http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL - PLG_API_USERS_DESCRIPTION - - users.php - users - elements - - - en-GB/en-GB.plg_api_users.ini - en-GB/en-GB.plg_api_users.sys.ini - - - -
- - -
- - - diff --git a/users/user.php b/users/user.php deleted file mode 100644 index f8c7af3..0000000 --- a/users/user.php +++ /dev/null @@ -1,197 +0,0 @@ -result = new stdClass; - - $identifier = $app->input->server->get('HTTP_X_IDENTIFIER'); - - $data = array(); - - if (!$identifier || $identifier == 'id') - { - $data['id'] = $app->input->getInt('id', 0, 'INT'); - } - else - { - if (!in_array($identifier, array('id', 'email', 'username'))) - { - ApiError::raiseError("400", JText::_('PLG_API_USERS_INCORRECT_IDENTIFIER'), 'APIValidationException'); - - return $returnData; - } - - $temp = $app->input->getString('id'); - - if ($identifier == 'username') - { - $data['id'] = JUserHelper::getUserId($temp); - } - elseif ($identifier == 'email') - { - $data['id'] = $this->getUserId($temp); - } - } - - $groups = array(2); - - $user = new JUser($data['id']); - - if ($user->id) - { - $groups = $app->input->get('groups', array(), 'ARRAY'); - - if (empty($groups)) - { - $groups = $user->groups; - } - } - /*else - { - ApiError::raiseError("400", JText::_('PLG_API_USERS_USER_DOES_NOT_EXISTS'), 'APIValidationException'); - - return $returnData; - }*/ - - - $data['username'] = $app->input->getString('username', $user->get('username')); - $data['name'] = $app->input->getString('name', $user->get('name')); - $data['password'] = $app->input->getString('password', ''); - $data['email'] = $app->input->getString('email', $user->get('email')); - $data['groups'] = $app->input->get('groups', $groups, 'ARRAY'); - $data['block'] = $app->input->getInt('block', $user->get('block')); - $data['fields'] = $app->input->get('fields', '', 'ARRAY'); - - $newUser = false; - - if ($data['id'] == '' && ($data['name'] == '' || $data['email'] == '')) - { - ApiError::raiseError("400", JText::_('PLG_API_USERS_REQUIRED_DATA_EMPTY_MESSAGE'), 'APIValidationException'); - - return $returnData; - } - - - if (!$data['username']) - { - $data['username'] = $data['email']; - } - - // Check new or old user - if (!$user->id) - { - $newUser = true; - } - //echo $newUser; - //print_r($user); - if ($user->bind($data)) - { - // If $newUser is true it will update the user else create new user - //print_r($user);die; - - if ($user->save()) - { - if ($data['fields']) - { - $libraryObject = $this->getSocialLibraryObject(); - $libraryObject->addUserFields($data['fields'], $user->id); - } - - unset($data['password']); - unset($data['password2']); - - $data['id'] = $user->id; - $returnData->result = $data; - $this->plugin->setResponse($returnData); - - return $returnData; - } - } - - ApiError::raiseError("400", $user->getError()); - - return $returnData; - } - - /** - * Returns userid if a user exists - * - * @param string $email The email to search on. - * - * @return integer The user id or 0 if not found. - * - * @since 11.1 - */ - private function getUserId($email) - { - // Initialise some variables - $db = \JFactory::getDbo(); - $query = $db->getQuery(true) - ->select($db->quoteName('id')) - ->from($db->quoteName('#__users')) - ->where($db->quoteName('email') . ' = ' . $db->quote($email)); - $db->setQuery($query, 0, 1); - - return $db->loadResult(); - } - /** - * Get social library object depending on the integration set. - * - * @return Soical library object - * - * @since 1.0.0 - */ - public function getSocialLibraryObject() - { - $plugin = JPluginHelper::getPlugin('api', 'users'); - $params = new JRegistry($plugin->params); - $socialIntegration = $params->get('social_integration', 'joomla'); - - if ($socialIntegration == 'joomla') - { - jimport('techjoomla.jsocial.joomla'); - $SocialLibraryObject = new JSocialJoomla; - } - elseif ($socialIntegration == 'jomsocial') - { - jimport('techjoomla.jsocial.jomsocial'); - $SocialLibraryObject = new JSocialJomSocial; - } - elseif ($socialIntegration == 'easysocial') - { - jimport('techjoomla.jsocial.easysocial'); - $SocialLibraryObject = new JSocialEasySocial; - } - - return $SocialLibraryObject; - } -} From d5b736f56ae58c6cb7e3bbffcbd1145af008c64d Mon Sep 17 00:00:00 2001 From: vaishali Date: Fri, 10 May 2019 14:32:05 +0530 Subject: [PATCH 4/6] Issue #15 santinize method modified to take user param by reference --- src/users/user.php | 37 +++++++++++++++++++++++++++---------- 1 file changed, 27 insertions(+), 10 deletions(-) diff --git a/src/users/user.php b/src/users/user.php index 65fe662..8fd0674 100644 --- a/src/users/user.php +++ b/src/users/user.php @@ -19,6 +19,14 @@ */ class UsersApiResourceUser extends ApiResource { + /** + * Array of fields to be unset + * + * @var array + * @since 2.0.1 + */ + private $fieldsToSanitize = array('password', 'password_clear', 'otpKey', 'otep'); + /** * Function to create and edit user record. * @@ -33,8 +41,15 @@ public function post() $formData = $app->input->getArray(); $userIdentifier = $app->input->get('id', 0, 'string'); + if (isset($formData['fields'])) + { + $formData['com_fields'] = $formData['fields']; + unset($formData['fields']); + } + // Get current logged in user. $me = $this->plugin->get('user'); + $iAmSuperAdmin = $me->authorise('core.create'); if (!empty($userIdentifier)) { @@ -42,8 +57,6 @@ public function post() if (!empty($user->id)) { - $iAmSuperAdmin = $me->authorise('core.admin'); - // Check if regular user is trying to update his/her own profile OR if user is superadmin if ($me->id == $user->id || $iAmSuperAdmin) { @@ -81,6 +94,13 @@ public function post() // Check if $userIdentifier is not set - POST / CREATE user case else { + if (!$iAmSuperAdmin) + { + ApiError::raiseError(400, JText::_('JERROR_ALERTNOAUTHOR')); + + return; + } + // Validate required fields if ($formData['username'] == '' || $formData['name'] == '' || $formData['email'] == '') { @@ -109,24 +129,21 @@ public function post() /** * Funtion to remove sensitive user info fields like password * - * @param Object $user The user object. - * @param Array $fields Array of fields to be unset + * @param Object &$user The user object. * * @return object|void $user * * @since 2.0.1 */ - protected function sanitizeUserFields($user, $fields = array('password', 'password_clear', 'otpKey', 'otep')) + protected function sanitizeUserFields(&$user) { - foreach ($fields as $f) + foreach ($this->fieldsToSanitize as $f) { if (isset($user->{$f})) { unset($user->{$f}); } } - - return $user; } /** @@ -167,7 +184,7 @@ public function get() } } - $user = $this->sanitizeUserFields($user); + $this->sanitizeUserFields($user); $this->plugin->setResponse($user); } @@ -328,7 +345,7 @@ private function retriveUser($userIdentifier) // Flag to differentiate the column value $app = JFactory::getApplication(); - $xIdentifier = $app->input->server->get('HTTP_X_IDENTIFIER', '', 'string'); + $xIdentifier = $app->input->server->get('HTTP_X_IDENTIFIER', '', 'WORD'); switch ($xIdentifier) { From 1f16a953aeac0b5167a656aa004bf187e3f220d6 Mon Sep 17 00:00:00 2001 From: twsvaishali Date: Fri, 10 May 2019 14:39:40 +0530 Subject: [PATCH 5/6] Changes in Delete method --- src/users/user.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/users/user.php b/src/users/user.php index 8fd0674..b5194cf 100644 --- a/src/users/user.php +++ b/src/users/user.php @@ -285,7 +285,7 @@ public function delete() // Check if I am a Super Admin $iAmSuperAdmin = $loggedUser->authorise('core.admin'); - $userToDelete = $this->retriveUser($xIdentifier, $userIdentifier); + $userToDelete = $this->retriveUser($userIdentifier); if (!$userToDelete->id) { From 5e6ef1a5e331c679dc0d10b1ced07d46b757d453 Mon Sep 17 00:00:00 2001 From: twsvaishali Date: Fri, 10 May 2019 17:17:57 +0530 Subject: [PATCH 6/6] The type for x-identifier changed to CMD --- src/users/user.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/users/user.php b/src/users/user.php index b5194cf..080b104 100644 --- a/src/users/user.php +++ b/src/users/user.php @@ -345,7 +345,7 @@ private function retriveUser($userIdentifier) // Flag to differentiate the column value $app = JFactory::getApplication(); - $xIdentifier = $app->input->server->get('HTTP_X_IDENTIFIER', '', 'WORD'); + $xIdentifier = $app->input->server->get('HTTP_X_IDENTIFIER', ''); switch ($xIdentifier) {