silverstripe /
silverstripe-sharedraftcontent
@@ -14,39 +14,39 @@ |
||
| 14 | 14 | */ |
| 15 | 15 | class ShareToken extends DataObject |
| 16 | 16 | { |
| 17 | - /** |
|
| 18 | - * @var array |
|
| 19 | - */ |
|
| 20 | - private static $db = array( |
|
| 21 | - 'Token' => 'Varchar(16)', |
|
| 22 | - 'ValidForDays' => 'Int', |
|
| 23 | - ); |
|
| 24 | - |
|
| 25 | - /** |
|
| 26 | - * @var array |
|
| 27 | - */ |
|
| 28 | - private static $has_one = array( |
|
| 29 | - 'Page' => Page::class |
|
| 30 | - ); |
|
| 31 | - |
|
| 32 | - /** |
|
| 33 | - * @var string |
|
| 34 | - */ |
|
| 35 | - private static $table_name = 'ShareToken'; |
|
| 36 | - |
|
| 37 | - /** |
|
| 38 | - * Determines whether the token is still valid (from days since it was created). |
|
| 39 | - * |
|
| 40 | - * @return bool |
|
| 41 | - */ |
|
| 42 | - public function isExpired() |
|
| 43 | - { |
|
| 44 | - $createdSeconds = strtotime($this->Created); |
|
| 45 | - |
|
| 46 | - $validForSeconds = (int) $this->ValidForDays * 24 * 60 * 60; |
|
| 47 | - |
|
| 48 | - $nowSeconds = DBDatetime::now()->getTimestamp(); |
|
| 49 | - |
|
| 50 | - return ($createdSeconds + $validForSeconds) <= $nowSeconds; |
|
| 51 | - } |
|
| 17 | + /** |
|
| 18 | + * @var array |
|
| 19 | + */ |
|
| 20 | + private static $db = array( |
|
| 21 | + 'Token' => 'Varchar(16)', |
|
| 22 | + 'ValidForDays' => 'Int', |
|
| 23 | + ); |
|
| 24 | + |
|
| 25 | + /** |
|
| 26 | + * @var array |
|
| 27 | + */ |
|
| 28 | + private static $has_one = array( |
|
| 29 | + 'Page' => Page::class |
|
| 30 | + ); |
|
| 31 | + |
|
| 32 | + /** |
|
| 33 | + * @var string |
|
| 34 | + */ |
|
| 35 | + private static $table_name = 'ShareToken'; |
|
| 36 | + |
|
| 37 | + /** |
|
| 38 | + * Determines whether the token is still valid (from days since it was created). |
|
| 39 | + * |
|
| 40 | + * @return bool |
|
| 41 | + */ |
|
| 42 | + public function isExpired() |
|
| 43 | + { |
|
| 44 | + $createdSeconds = strtotime($this->Created); |
|
| 45 | + |
|
| 46 | + $validForSeconds = (int) $this->ValidForDays * 24 * 60 * 60; |
|
| 47 | + |
|
| 48 | + $nowSeconds = DBDatetime::now()->getTimestamp(); |
|
| 49 | + |
|
| 50 | + return ($createdSeconds + $validForSeconds) <= $nowSeconds; |
|
| 51 | + } |
|
| 52 | 52 | } |
@@ -14,24 +14,24 @@ |
||
| 14 | 14 | */ |
| 15 | 15 | class RemoveExpiredShareTokens extends BuildTask |
| 16 | 16 | { |
| 17 | - private static $segment = 'RemoveExpiredShareTokens'; |
|
| 17 | + private static $segment = 'RemoveExpiredShareTokens'; |
|
| 18 | 18 | |
| 19 | - protected $title = 'Remove expired share tokens'; |
|
| 19 | + protected $title = 'Remove expired share tokens'; |
|
| 20 | 20 | |
| 21 | - protected $description = 'Remove all expired ShareTokens from the database'; |
|
| 21 | + protected $description = 'Remove all expired ShareTokens from the database'; |
|
| 22 | 22 | |
| 23 | - public function run($request) |
|
| 24 | - { |
|
| 25 | - $shareTokens = ShareToken::get(); |
|
| 26 | - $removeCount = 0; |
|
| 23 | + public function run($request) |
|
| 24 | + { |
|
| 25 | + $shareTokens = ShareToken::get(); |
|
| 26 | + $removeCount = 0; |
|
| 27 | 27 | |
| 28 | - foreach ($shareTokens as $token) { |
|
| 29 | - if ($token->isExpired()) { |
|
| 30 | - $token->delete(); |
|
| 31 | - $removeCount++; |
|
| 32 | - } |
|
| 33 | - } |
|
| 28 | + foreach ($shareTokens as $token) { |
|
| 29 | + if ($token->isExpired()) { |
|
| 30 | + $token->delete(); |
|
| 31 | + $removeCount++; |
|
| 32 | + } |
|
| 33 | + } |
|
| 34 | 34 | |
| 35 | - echo "Removed $removeCount expired share tokens.\n"; |
|
| 36 | - } |
|
| 35 | + echo "Removed $removeCount expired share tokens.\n"; |
|
| 36 | + } |
|
| 37 | 37 | } |
@@ -7,37 +7,37 @@ |
||
| 7 | 7 | |
| 8 | 8 | class ShareDraftContentControllerExtension extends Extension |
| 9 | 9 | { |
| 10 | - /** |
|
| 11 | - * @var array |
|
| 12 | - */ |
|
| 13 | - private static $allowed_actions = array( |
|
| 14 | - 'MakeShareDraftLink', |
|
| 15 | - ); |
|
| 10 | + /** |
|
| 11 | + * @var array |
|
| 12 | + */ |
|
| 13 | + private static $allowed_actions = array( |
|
| 14 | + 'MakeShareDraftLink', |
|
| 15 | + ); |
|
| 16 | 16 | |
| 17 | - /** |
|
| 18 | - * @return mixed |
|
| 19 | - */ |
|
| 20 | - public function MakeShareDraftLink() |
|
| 21 | - { |
|
| 22 | - if ($member = Security::getCurrentUser()) { |
|
| 23 | - if ($this->owner->hasMethod('CurrentPage') && $this->owner->CurrentPage()->canEdit($member)) { |
|
| 24 | - return $this->owner->CurrentPage()->ShareTokenLink(); |
|
| 25 | - } elseif ($this->owner->hasMethod('canEdit') && $this->owner->canEdit($member)) { |
|
| 26 | - return $this->owner->ShareTokenLink(); |
|
| 27 | - } |
|
| 28 | - } |
|
| 17 | + /** |
|
| 18 | + * @return mixed |
|
| 19 | + */ |
|
| 20 | + public function MakeShareDraftLink() |
|
| 21 | + { |
|
| 22 | + if ($member = Security::getCurrentUser()) { |
|
| 23 | + if ($this->owner->hasMethod('CurrentPage') && $this->owner->CurrentPage()->canEdit($member)) { |
|
| 24 | + return $this->owner->CurrentPage()->ShareTokenLink(); |
|
| 25 | + } elseif ($this->owner->hasMethod('canEdit') && $this->owner->canEdit($member)) { |
|
| 26 | + return $this->owner->ShareTokenLink(); |
|
| 27 | + } |
|
| 28 | + } |
|
| 29 | 29 | |
| 30 | - return Security::permissionFailure(); |
|
| 31 | - } |
|
| 30 | + return Security::permissionFailure(); |
|
| 31 | + } |
|
| 32 | 32 | |
| 33 | - /** |
|
| 34 | - * @return string |
|
| 35 | - */ |
|
| 36 | - public function getShareDraftLinkAction() |
|
| 37 | - { |
|
| 38 | - if ($this->owner->config()->get('url_segment')) { |
|
| 39 | - return $this->owner->Link('MakeShareDraftLink'); |
|
| 40 | - } |
|
| 41 | - return ''; |
|
| 42 | - } |
|
| 33 | + /** |
|
| 34 | + * @return string |
|
| 35 | + */ |
|
| 36 | + public function getShareDraftLinkAction() |
|
| 37 | + { |
|
| 38 | + if ($this->owner->config()->get('url_segment')) { |
|
| 39 | + return $this->owner->Link('MakeShareDraftLink'); |
|
| 40 | + } |
|
| 41 | + return ''; |
|
| 42 | + } |
|
| 43 | 43 | } |
@@ -7,9 +7,9 @@ |
||
| 7 | 7 | |
| 8 | 8 | class ShareDraftContentRequirementsExtension extends DataExtension |
| 9 | 9 | { |
| 10 | - public function init() |
|
| 11 | - { |
|
| 12 | - Requirements::css('silverstripe/sharedraftcontent: client/dist/styles/share-component.css'); |
|
| 13 | - Requirements::javascript('silverstripe/sharedraftcontent: client/dist/js/main.js'); |
|
| 14 | - } |
|
| 10 | + public function init() |
|
| 11 | + { |
|
| 12 | + Requirements::css('silverstripe/sharedraftcontent: client/dist/styles/share-component.css'); |
|
| 13 | + Requirements::javascript('silverstripe/sharedraftcontent: client/dist/js/main.js'); |
|
| 14 | + } |
|
| 15 | 15 | } |
@@ -20,148 +20,148 @@ |
||
| 20 | 20 | |
| 21 | 21 | class ShareDraftController extends Controller |
| 22 | 22 | { |
| 23 | - /** |
|
| 24 | - * Controller for rendering draft pages. |
|
| 25 | - * |
|
| 26 | - * @config |
|
| 27 | - * |
|
| 28 | - * @var string |
|
| 29 | - */ |
|
| 30 | - private static $controller = PageController::class; |
|
| 31 | - |
|
| 32 | - /** |
|
| 33 | - * @var array |
|
| 34 | - */ |
|
| 35 | - private static $allowed_actions = array( |
|
| 36 | - 'preview' |
|
| 37 | - ); |
|
| 38 | - |
|
| 39 | - /** |
|
| 40 | - * @var array |
|
| 41 | - */ |
|
| 42 | - private static $url_handlers = array( |
|
| 43 | - '$Key/$Token' => 'preview' |
|
| 44 | - ); |
|
| 45 | - |
|
| 46 | - /** |
|
| 47 | - * @param HTTPRequest $request |
|
| 48 | - * |
|
| 49 | - * @return string|DBHTMLText |
|
| 50 | - */ |
|
| 51 | - public function preview(HTTPRequest $request) |
|
| 52 | - { |
|
| 53 | - $key = $request->param('Key'); |
|
| 54 | - $token = $request->param('Token'); |
|
| 55 | - try { |
|
| 56 | - $session = $this->getRequest()->getSession(); |
|
| 57 | - } catch (BadMethodCallException $e) { |
|
| 58 | - // Create a new session |
|
| 59 | - $session = $this->getRequest() |
|
| 60 | - ->setSession(Injector::inst()->create(Session::class, [])) |
|
| 61 | - ->getSession(); |
|
| 62 | - } |
|
| 63 | - /** @var ShareToken $shareToken */ |
|
| 64 | - $shareToken = ShareToken::get()->filter('Token', $token)->first(); |
|
| 65 | - |
|
| 66 | - if (!$shareToken) { |
|
| 67 | - return $this->errorPage(); |
|
| 68 | - } |
|
| 69 | - |
|
| 70 | - /** @var SiteTree|ShareDraftContentSiteTreeExtension $page */ |
|
| 71 | - $page = Versioned::get_by_stage(SiteTree::class, Versioned::DRAFT) |
|
| 72 | - ->byID($shareToken->PageID); |
|
| 73 | - |
|
| 74 | - $latest = Versioned::get_latest_version(SiteTree::class, $shareToken->PageID); |
|
| 75 | - |
|
| 76 | - $controller = $this->getControllerFor($page); |
|
| 77 | - |
|
| 78 | - if (!$shareToken->isExpired() && $page->generateKey($shareToken->Token) === $key) { |
|
| 79 | - Requirements::css('silverstripe/sharedraftcontent: client/dist/styles/top-bar.css'); |
|
| 80 | - |
|
| 81 | - // Temporarily un-secure the draft site and switch to draft |
|
| 82 | - $oldSecured = $this->getIsDraftSecured($session); |
|
| 83 | - $oldMode = Versioned::get_reading_mode(); |
|
| 84 | - |
|
| 85 | - // Process page inside an unsecured draft container |
|
| 86 | - try { |
|
| 87 | - $this->setIsDraftSecured($session, false); |
|
| 88 | - Versioned::set_stage('Stage'); |
|
| 89 | - |
|
| 90 | - // Hack to get around ContentController::init() redirecting on home page |
|
| 91 | - $_FILES = array(array()); |
|
| 92 | - |
|
| 93 | - // Create mock request; Simplify request to single top level request |
|
| 94 | - $pageRequest = new HTTPRequest('GET', $page->URLSegment); |
|
| 95 | - $pageRequest->match('$URLSegment//$Action/$ID/$OtherID', true); |
|
| 96 | - $pageRequest->setSession($session); |
|
| 97 | - $rendered = $controller->handleRequest($pageRequest); |
|
| 98 | - |
|
| 99 | - // Render draft heading |
|
| 100 | - $data = new ArrayData(array( |
|
| 101 | - 'Page' => $page, |
|
| 102 | - 'Latest' => $latest, |
|
| 103 | - )); |
|
| 104 | - $include = (string) $data->renderWith('Includes/TopBar'); |
|
| 105 | - } finally { |
|
| 106 | - $this->setIsDraftSecured($session, $oldSecured); |
|
| 107 | - Versioned::set_reading_mode($oldMode); |
|
| 108 | - } |
|
| 109 | - |
|
| 110 | - return str_replace('</body>', $include . '</body>', (string) $rendered->getBody()); |
|
| 111 | - } else { |
|
| 112 | - return $this->errorPage(); |
|
| 113 | - } |
|
| 114 | - } |
|
| 115 | - |
|
| 116 | - /** |
|
| 117 | - * @return DBHTMLText |
|
| 118 | - */ |
|
| 119 | - protected function errorPage() |
|
| 120 | - { |
|
| 121 | - Requirements::css('silverstripe/sharedraftcontent: client/dist/styles/error-page.css'); |
|
| 122 | - return $this->renderWith('ShareDraftContentError'); |
|
| 123 | - } |
|
| 124 | - |
|
| 125 | - /** |
|
| 126 | - * @param SiteTree $page |
|
| 127 | - * @return ContentController |
|
| 128 | - */ |
|
| 129 | - protected function getControllerFor($page) |
|
| 130 | - { |
|
| 131 | - return ModelAsController::controller_for($page); |
|
| 132 | - } |
|
| 133 | - |
|
| 134 | - /** |
|
| 135 | - * Check if the draft site is secured |
|
| 136 | - * |
|
| 137 | - * @param Session $session |
|
| 138 | - * @return bool True if the draft site is secured |
|
| 139 | - */ |
|
| 140 | - protected function getIsDraftSecured(Session $session) |
|
| 141 | - { |
|
| 142 | - // Versioned >=1.2 |
|
| 143 | - if (method_exists(Versioned::class, 'get_draft_site_secured')) { |
|
| 144 | - return Versioned::get_draft_site_secured(); |
|
| 145 | - } |
|
| 146 | - |
|
| 147 | - // Fall back to session |
|
| 148 | - return !$session->get('unsecuredDraftSite'); |
|
| 149 | - } |
|
| 150 | - |
|
| 151 | - /** |
|
| 152 | - * Set draft site security |
|
| 153 | - * |
|
| 154 | - * @param Session $session |
|
| 155 | - * @param bool $secured True if draft site should be secured |
|
| 156 | - */ |
|
| 157 | - protected function setIsDraftSecured(Session $session, $secured) |
|
| 158 | - { |
|
| 159 | - // Versioned >=1.2 |
|
| 160 | - if (method_exists(Versioned::class, 'set_draft_site_secured')) { |
|
| 161 | - Versioned::set_draft_site_secured($secured); |
|
| 162 | - } |
|
| 163 | - |
|
| 164 | - // Set session variable anyway |
|
| 165 | - $session->set('unsecuredDraftSite', !$secured); |
|
| 166 | - } |
|
| 23 | + /** |
|
| 24 | + * Controller for rendering draft pages. |
|
| 25 | + * |
|
| 26 | + * @config |
|
| 27 | + * |
|
| 28 | + * @var string |
|
| 29 | + */ |
|
| 30 | + private static $controller = PageController::class; |
|
| 31 | + |
|
| 32 | + /** |
|
| 33 | + * @var array |
|
| 34 | + */ |
|
| 35 | + private static $allowed_actions = array( |
|
| 36 | + 'preview' |
|
| 37 | + ); |
|
| 38 | + |
|
| 39 | + /** |
|
| 40 | + * @var array |
|
| 41 | + */ |
|
| 42 | + private static $url_handlers = array( |
|
| 43 | + '$Key/$Token' => 'preview' |
|
| 44 | + ); |
|
| 45 | + |
|
| 46 | + /** |
|
| 47 | + * @param HTTPRequest $request |
|
| 48 | + * |
|
| 49 | + * @return string|DBHTMLText |
|
| 50 | + */ |
|
| 51 | + public function preview(HTTPRequest $request) |
|
| 52 | + { |
|
| 53 | + $key = $request->param('Key'); |
|
| 54 | + $token = $request->param('Token'); |
|
| 55 | + try { |
|
| 56 | + $session = $this->getRequest()->getSession(); |
|
| 57 | + } catch (BadMethodCallException $e) { |
|
| 58 | + // Create a new session |
|
| 59 | + $session = $this->getRequest() |
|
| 60 | + ->setSession(Injector::inst()->create(Session::class, [])) |
|
| 61 | + ->getSession(); |
|
| 62 | + } |
|
| 63 | + /** @var ShareToken $shareToken */ |
|
| 64 | + $shareToken = ShareToken::get()->filter('Token', $token)->first(); |
|
| 65 | + |
|
| 66 | + if (!$shareToken) { |
|
| 67 | + return $this->errorPage(); |
|
| 68 | + } |
|
| 69 | + |
|
| 70 | + /** @var SiteTree|ShareDraftContentSiteTreeExtension $page */ |
|
| 71 | + $page = Versioned::get_by_stage(SiteTree::class, Versioned::DRAFT) |
|
| 72 | + ->byID($shareToken->PageID); |
|
| 73 | + |
|
| 74 | + $latest = Versioned::get_latest_version(SiteTree::class, $shareToken->PageID); |
|
| 75 | + |
|
| 76 | + $controller = $this->getControllerFor($page); |
|
| 77 | + |
|
| 78 | + if (!$shareToken->isExpired() && $page->generateKey($shareToken->Token) === $key) { |
|
| 79 | + Requirements::css('silverstripe/sharedraftcontent: client/dist/styles/top-bar.css'); |
|
| 80 | + |
|
| 81 | + // Temporarily un-secure the draft site and switch to draft |
|
| 82 | + $oldSecured = $this->getIsDraftSecured($session); |
|
| 83 | + $oldMode = Versioned::get_reading_mode(); |
|
| 84 | + |
|
| 85 | + // Process page inside an unsecured draft container |
|
| 86 | + try { |
|
| 87 | + $this->setIsDraftSecured($session, false); |
|
| 88 | + Versioned::set_stage('Stage'); |
|
| 89 | + |
|
| 90 | + // Hack to get around ContentController::init() redirecting on home page |
|
| 91 | + $_FILES = array(array()); |
|
| 92 | + |
|
| 93 | + // Create mock request; Simplify request to single top level request |
|
| 94 | + $pageRequest = new HTTPRequest('GET', $page->URLSegment); |
|
| 95 | + $pageRequest->match('$URLSegment//$Action/$ID/$OtherID', true); |
|
| 96 | + $pageRequest->setSession($session); |
|
| 97 | + $rendered = $controller->handleRequest($pageRequest); |
|
| 98 | + |
|
| 99 | + // Render draft heading |
|
| 100 | + $data = new ArrayData(array( |
|
| 101 | + 'Page' => $page, |
|
| 102 | + 'Latest' => $latest, |
|
| 103 | + )); |
|
| 104 | + $include = (string) $data->renderWith('Includes/TopBar'); |
|
| 105 | + } finally { |
|
| 106 | + $this->setIsDraftSecured($session, $oldSecured); |
|
| 107 | + Versioned::set_reading_mode($oldMode); |
|
| 108 | + } |
|
| 109 | + |
|
| 110 | + return str_replace('</body>', $include . '</body>', (string) $rendered->getBody()); |
|
| 111 | + } else { |
|
| 112 | + return $this->errorPage(); |
|
| 113 | + } |
|
| 114 | + } |
|
| 115 | + |
|
| 116 | + /** |
|
| 117 | + * @return DBHTMLText |
|
| 118 | + */ |
|
| 119 | + protected function errorPage() |
|
| 120 | + { |
|
| 121 | + Requirements::css('silverstripe/sharedraftcontent: client/dist/styles/error-page.css'); |
|
| 122 | + return $this->renderWith('ShareDraftContentError'); |
|
| 123 | + } |
|
| 124 | + |
|
| 125 | + /** |
|
| 126 | + * @param SiteTree $page |
|
| 127 | + * @return ContentController |
|
| 128 | + */ |
|
| 129 | + protected function getControllerFor($page) |
|
| 130 | + { |
|
| 131 | + return ModelAsController::controller_for($page); |
|
| 132 | + } |
|
| 133 | + |
|
| 134 | + /** |
|
| 135 | + * Check if the draft site is secured |
|
| 136 | + * |
|
| 137 | + * @param Session $session |
|
| 138 | + * @return bool True if the draft site is secured |
|
| 139 | + */ |
|
| 140 | + protected function getIsDraftSecured(Session $session) |
|
| 141 | + { |
|
| 142 | + // Versioned >=1.2 |
|
| 143 | + if (method_exists(Versioned::class, 'get_draft_site_secured')) { |
|
| 144 | + return Versioned::get_draft_site_secured(); |
|
| 145 | + } |
|
| 146 | + |
|
| 147 | + // Fall back to session |
|
| 148 | + return !$session->get('unsecuredDraftSite'); |
|
| 149 | + } |
|
| 150 | + |
|
| 151 | + /** |
|
| 152 | + * Set draft site security |
|
| 153 | + * |
|
| 154 | + * @param Session $session |
|
| 155 | + * @param bool $secured True if draft site should be secured |
|
| 156 | + */ |
|
| 157 | + protected function setIsDraftSecured(Session $session, $secured) |
|
| 158 | + { |
|
| 159 | + // Versioned >=1.2 |
|
| 160 | + if (method_exists(Versioned::class, 'set_draft_site_secured')) { |
|
| 161 | + Versioned::set_draft_site_secured($secured); |
|
| 162 | + } |
|
| 163 | + |
|
| 164 | + // Set session variable anyway |
|
| 165 | + $session->set('unsecuredDraftSite', !$secured); |
|
| 166 | + } |
|
| 167 | 167 | } |
@@ -107,7 +107,7 @@ |
||
| 107 | 107 | Versioned::set_reading_mode($oldMode); |
| 108 | 108 | } |
| 109 | 109 | |
| 110 | - return str_replace('</body>', $include . '</body>', (string) $rendered->getBody()); |
|
| 110 | + return str_replace('</body>', $include.'</body>', (string) $rendered->getBody()); |
|
| 111 | 111 | } else { |
| 112 | 112 | return $this->errorPage(); |
| 113 | 113 | } |
@@ -18,115 +18,115 @@ |
||
| 18 | 18 | */ |
| 19 | 19 | class ShareDraftContentSiteTreeExtension extends DataExtension |
| 20 | 20 | { |
| 21 | - /** |
|
| 22 | - * The number of days a shared link should be valid for, before expiring. |
|
| 23 | - * |
|
| 24 | - * @config |
|
| 25 | - * |
|
| 26 | - * @var int |
|
| 27 | - */ |
|
| 28 | - private static $valid_for_days = 30; |
|
| 29 | - |
|
| 30 | - /** |
|
| 31 | - * @var array |
|
| 32 | - */ |
|
| 33 | - private static $db = array( |
|
| 34 | - 'ShareTokenSalt' => 'Varchar(16)', |
|
| 35 | - ); |
|
| 36 | - |
|
| 37 | - /** |
|
| 38 | - * @var array |
|
| 39 | - */ |
|
| 40 | - private static $has_many = array( |
|
| 41 | - 'ShareTokens' => ShareToken::class, |
|
| 42 | - ); |
|
| 43 | - |
|
| 44 | - /** |
|
| 45 | - * @var array |
|
| 46 | - */ |
|
| 47 | - private static $allowed_actions = array( |
|
| 48 | - 'MakeShareDraftLink' |
|
| 49 | - ); |
|
| 50 | - |
|
| 51 | - /** |
|
| 52 | - * @return string |
|
| 53 | - */ |
|
| 54 | - public function ShareTokenLink() |
|
| 55 | - { |
|
| 56 | - $shareToken = $this->getNewShareToken(); |
|
| 57 | - |
|
| 58 | - return Controller::join_links( |
|
| 59 | - Director::absoluteBaseURL(), |
|
| 60 | - 'preview', |
|
| 61 | - $this->generateKey($shareToken->Token), |
|
| 62 | - $shareToken->Token |
|
| 63 | - ); |
|
| 64 | - } |
|
| 65 | - |
|
| 66 | - /** |
|
| 67 | - * @return ShareToken |
|
| 68 | - */ |
|
| 69 | - protected function getNewShareToken() |
|
| 70 | - { |
|
| 71 | - if (!$this->owner->ShareTokenSalt) { |
|
| 72 | - $this->owner->ShareTokenSalt = $this->getNewToken(); |
|
| 73 | - $this->owner->write(); |
|
| 74 | - } |
|
| 75 | - |
|
| 76 | - $found = null; |
|
| 77 | - $token = null; |
|
| 78 | - $tries = 1; |
|
| 79 | - $limit = 5; |
|
| 80 | - |
|
| 81 | - while (!$found && ($tries++ < $limit)) { |
|
| 82 | - $token = $this->getNewToken(); |
|
| 83 | - |
|
| 84 | - $found = ShareToken::get()->filter(array( |
|
| 85 | - "Token" => $token, |
|
| 86 | - "PageID" => $this->owner->ID, |
|
| 87 | - ))->first(); |
|
| 88 | - } |
|
| 89 | - |
|
| 90 | - $config = Config::forClass(__CLASS__); |
|
| 91 | - |
|
| 92 | - $validForDays = $config->get('valid_for_days'); |
|
| 93 | - |
|
| 94 | - $token = ShareToken::create(array( |
|
| 95 | - "Token" => $token, |
|
| 96 | - "ValidForDays" => $validForDays, |
|
| 97 | - "PageID" => $this->owner->ID, |
|
| 98 | - )); |
|
| 99 | - |
|
| 100 | - $token->write(); |
|
| 101 | - |
|
| 102 | - return $token; |
|
| 103 | - } |
|
| 104 | - |
|
| 105 | - /** |
|
| 106 | - * @return string |
|
| 107 | - */ |
|
| 108 | - protected function getNewToken() |
|
| 109 | - { |
|
| 110 | - $generator = new RandomGenerator(); |
|
| 111 | - |
|
| 112 | - return substr($generator->randomToken('sha256'), 0, 16); |
|
| 113 | - } |
|
| 114 | - |
|
| 115 | - /** |
|
| 116 | - * @param string $salt |
|
| 117 | - * |
|
| 118 | - * @return string |
|
| 119 | - */ |
|
| 120 | - public function generateKey($salt) |
|
| 121 | - { |
|
| 122 | - return hash_pbkdf2('sha256', $salt, $this->owner->ShareTokenSalt, 1000, 16); |
|
| 123 | - } |
|
| 124 | - |
|
| 125 | - /** |
|
| 126 | - * @return string |
|
| 127 | - */ |
|
| 128 | - public function getShareDraftLinkAction() |
|
| 129 | - { |
|
| 130 | - return $this->owner->Link('MakeShareDraftLink'); |
|
| 131 | - } |
|
| 21 | + /** |
|
| 22 | + * The number of days a shared link should be valid for, before expiring. |
|
| 23 | + * |
|
| 24 | + * @config |
|
| 25 | + * |
|
| 26 | + * @var int |
|
| 27 | + */ |
|
| 28 | + private static $valid_for_days = 30; |
|
| 29 | + |
|
| 30 | + /** |
|
| 31 | + * @var array |
|
| 32 | + */ |
|
| 33 | + private static $db = array( |
|
| 34 | + 'ShareTokenSalt' => 'Varchar(16)', |
|
| 35 | + ); |
|
| 36 | + |
|
| 37 | + /** |
|
| 38 | + * @var array |
|
| 39 | + */ |
|
| 40 | + private static $has_many = array( |
|
| 41 | + 'ShareTokens' => ShareToken::class, |
|
| 42 | + ); |
|
| 43 | + |
|
| 44 | + /** |
|
| 45 | + * @var array |
|
| 46 | + */ |
|
| 47 | + private static $allowed_actions = array( |
|
| 48 | + 'MakeShareDraftLink' |
|
| 49 | + ); |
|
| 50 | + |
|
| 51 | + /** |
|
| 52 | + * @return string |
|
| 53 | + */ |
|
| 54 | + public function ShareTokenLink() |
|
| 55 | + { |
|
| 56 | + $shareToken = $this->getNewShareToken(); |
|
| 57 | + |
|
| 58 | + return Controller::join_links( |
|
| 59 | + Director::absoluteBaseURL(), |
|
| 60 | + 'preview', |
|
| 61 | + $this->generateKey($shareToken->Token), |
|
| 62 | + $shareToken->Token |
|
| 63 | + ); |
|
| 64 | + } |
|
| 65 | + |
|
| 66 | + /** |
|
| 67 | + * @return ShareToken |
|
| 68 | + */ |
|
| 69 | + protected function getNewShareToken() |
|
| 70 | + { |
|
| 71 | + if (!$this->owner->ShareTokenSalt) { |
|
| 72 | + $this->owner->ShareTokenSalt = $this->getNewToken(); |
|
| 73 | + $this->owner->write(); |
|
| 74 | + } |
|
| 75 | + |
|
| 76 | + $found = null; |
|
| 77 | + $token = null; |
|
| 78 | + $tries = 1; |
|
| 79 | + $limit = 5; |
|
| 80 | + |
|
| 81 | + while (!$found && ($tries++ < $limit)) { |
|
| 82 | + $token = $this->getNewToken(); |
|
| 83 | + |
|
| 84 | + $found = ShareToken::get()->filter(array( |
|
| 85 | + "Token" => $token, |
|
| 86 | + "PageID" => $this->owner->ID, |
|
| 87 | + ))->first(); |
|
| 88 | + } |
|
| 89 | + |
|
| 90 | + $config = Config::forClass(__CLASS__); |
|
| 91 | + |
|
| 92 | + $validForDays = $config->get('valid_for_days'); |
|
| 93 | + |
|
| 94 | + $token = ShareToken::create(array( |
|
| 95 | + "Token" => $token, |
|
| 96 | + "ValidForDays" => $validForDays, |
|
| 97 | + "PageID" => $this->owner->ID, |
|
| 98 | + )); |
|
| 99 | + |
|
| 100 | + $token->write(); |
|
| 101 | + |
|
| 102 | + return $token; |
|
| 103 | + } |
|
| 104 | + |
|
| 105 | + /** |
|
| 106 | + * @return string |
|
| 107 | + */ |
|
| 108 | + protected function getNewToken() |
|
| 109 | + { |
|
| 110 | + $generator = new RandomGenerator(); |
|
| 111 | + |
|
| 112 | + return substr($generator->randomToken('sha256'), 0, 16); |
|
| 113 | + } |
|
| 114 | + |
|
| 115 | + /** |
|
| 116 | + * @param string $salt |
|
| 117 | + * |
|
| 118 | + * @return string |
|
| 119 | + */ |
|
| 120 | + public function generateKey($salt) |
|
| 121 | + { |
|
| 122 | + return hash_pbkdf2('sha256', $salt, $this->owner->ShareTokenSalt, 1000, 16); |
|
| 123 | + } |
|
| 124 | + |
|
| 125 | + /** |
|
| 126 | + * @return string |
|
| 127 | + */ |
|
| 128 | + public function getShareDraftLinkAction() |
|
| 129 | + { |
|
| 130 | + return $this->owner->Link('MakeShareDraftLink'); |
|
| 131 | + } |
|
| 132 | 132 | } |
@@ -8,27 +8,27 @@ |
||
| 8 | 8 | |
| 9 | 9 | class ShareTokenTest extends FunctionalTest |
| 10 | 10 | { |
| 11 | - /** |
|
| 12 | - * @var string |
|
| 13 | - */ |
|
| 14 | - protected static $fixture_file = 'ShareTokenTest.yml'; |
|
| 11 | + /** |
|
| 12 | + * @var string |
|
| 13 | + */ |
|
| 14 | + protected static $fixture_file = 'ShareTokenTest.yml'; |
|
| 15 | 15 | |
| 16 | - public function testValidForDays() |
|
| 17 | - { |
|
| 18 | - DBDatetime::set_mock_now('2015-03-15 00:00:00'); |
|
| 16 | + public function testValidForDays() |
|
| 17 | + { |
|
| 18 | + DBDatetime::set_mock_now('2015-03-15 00:00:00'); |
|
| 19 | 19 | |
| 20 | - /** |
|
| 21 | - * @var ShareToken $validToken |
|
| 22 | - */ |
|
| 23 | - $validToken = $this->objFromFixture(ShareToken::class, 'ValidToken'); |
|
| 20 | + /** |
|
| 21 | + * @var ShareToken $validToken |
|
| 22 | + */ |
|
| 23 | + $validToken = $this->objFromFixture(ShareToken::class, 'ValidToken'); |
|
| 24 | 24 | |
| 25 | - $this->assertFalse($validToken->isExpired()); |
|
| 25 | + $this->assertFalse($validToken->isExpired()); |
|
| 26 | 26 | |
| 27 | - /** |
|
| 28 | - * @var ShareToken $invalidToken |
|
| 29 | - */ |
|
| 30 | - $invalidToken = $this->objFromFixture(ShareToken::class, 'InvalidToken'); |
|
| 27 | + /** |
|
| 28 | + * @var ShareToken $invalidToken |
|
| 29 | + */ |
|
| 30 | + $invalidToken = $this->objFromFixture(ShareToken::class, 'InvalidToken'); |
|
| 31 | 31 | |
| 32 | - $this->assertTrue($invalidToken->isExpired()); |
|
| 33 | - } |
|
| 32 | + $this->assertTrue($invalidToken->isExpired()); |
|
| 33 | + } |
|
| 34 | 34 | } |
@@ -10,85 +10,85 @@ |
||
| 10 | 10 | |
| 11 | 11 | class ShareDraftContentSiteTreeExtensionTest extends FunctionalTest |
| 12 | 12 | { |
| 13 | - /** |
|
| 14 | - * @var string |
|
| 15 | - */ |
|
| 16 | - protected static $fixture_file = 'ShareDraftContentSiteTreeExtensionTest.yml'; |
|
| 13 | + /** |
|
| 14 | + * @var string |
|
| 15 | + */ |
|
| 16 | + protected static $fixture_file = 'ShareDraftContentSiteTreeExtensionTest.yml'; |
|
| 17 | 17 | |
| 18 | - public function testShareTokenLink() |
|
| 19 | - { |
|
| 20 | - /** |
|
| 21 | - * First we check if both pages generate new ShareTokenSalt values. Then we check that |
|
| 22 | - * these values are not the same. |
|
| 23 | - */ |
|
| 18 | + public function testShareTokenLink() |
|
| 19 | + { |
|
| 20 | + /** |
|
| 21 | + * First we check if both pages generate new ShareTokenSalt values. Then we check that |
|
| 22 | + * these values are not the same. |
|
| 23 | + */ |
|
| 24 | 24 | |
| 25 | - /** @var Page|ShareDraftContentSiteTreeExtension $firstSharedPage */ |
|
| 26 | - $firstSharedPage = $this->objFromFixture(Page::class, 'FirstSharedPage'); |
|
| 25 | + /** @var Page|ShareDraftContentSiteTreeExtension $firstSharedPage */ |
|
| 26 | + $firstSharedPage = $this->objFromFixture(Page::class, 'FirstSharedPage'); |
|
| 27 | 27 | |
| 28 | - $firstShareLink = $firstSharedPage->ShareTokenLink(); |
|
| 28 | + $firstShareLink = $firstSharedPage->ShareTokenLink(); |
|
| 29 | 29 | |
| 30 | - $this->assertNotEmpty($firstSharedPage->ShareTokenSalt); |
|
| 30 | + $this->assertNotEmpty($firstSharedPage->ShareTokenSalt); |
|
| 31 | 31 | |
| 32 | - /** @var Page|ShareDraftContentSiteTreeExtension $secondSharedPage */ |
|
| 33 | - $secondSharedPage = $this->objFromFixture(Page::class, 'SecondSharedPage'); |
|
| 32 | + /** @var Page|ShareDraftContentSiteTreeExtension $secondSharedPage */ |
|
| 33 | + $secondSharedPage = $this->objFromFixture(Page::class, 'SecondSharedPage'); |
|
| 34 | 34 | |
| 35 | - $secondShareLink = $secondSharedPage->ShareTokenLink(); |
|
| 35 | + $secondShareLink = $secondSharedPage->ShareTokenLink(); |
|
| 36 | 36 | |
| 37 | - $this->assertNotEmpty($secondSharedPage->ShareTokenSalt); |
|
| 37 | + $this->assertNotEmpty($secondSharedPage->ShareTokenSalt); |
|
| 38 | 38 | |
| 39 | - $this->assertNotEquals($firstShareLink, $secondShareLink); |
|
| 39 | + $this->assertNotEquals($firstShareLink, $secondShareLink); |
|
| 40 | 40 | |
| 41 | - // Ensure that salt between two pages causes key to differ for null token |
|
| 42 | - $this->assertNotEquals( |
|
| 43 | - $firstSharedPage->generateKey(null), |
|
| 44 | - $secondSharedPage->generateKey(null) |
|
| 45 | - ); |
|
| 41 | + // Ensure that salt between two pages causes key to differ for null token |
|
| 42 | + $this->assertNotEquals( |
|
| 43 | + $firstSharedPage->generateKey(null), |
|
| 44 | + $secondSharedPage->generateKey(null) |
|
| 45 | + ); |
|
| 46 | 46 | |
| 47 | - /** |
|
| 48 | - * Then we get the underlying token and send a preview request. With a valid key and token, |
|
| 49 | - * this will return a draft page. With an invalid key or token, this will return an expired |
|
| 50 | - * link page. |
|
| 51 | - */ |
|
| 47 | + /** |
|
| 48 | + * Then we get the underlying token and send a preview request. With a valid key and token, |
|
| 49 | + * this will return a draft page. With an invalid key or token, this will return an expired |
|
| 50 | + * link page. |
|
| 51 | + */ |
|
| 52 | 52 | |
| 53 | - $firstSharedPageToken = $firstSharedPage->ShareTokens()->first(); |
|
| 53 | + $firstSharedPageToken = $firstSharedPage->ShareTokens()->first(); |
|
| 54 | 54 | |
| 55 | - $this->assertNotEmpty($firstSharedPageToken); |
|
| 55 | + $this->assertNotEmpty($firstSharedPageToken); |
|
| 56 | 56 | |
| 57 | - // Ensure that salt between two pages causes key to differ for either token |
|
| 58 | - $this->assertNotEquals( |
|
| 59 | - $firstSharedPage->generateKey($firstSharedPageToken->Token), |
|
| 60 | - $secondSharedPage->generateKey($firstSharedPageToken->Token) |
|
| 61 | - ); |
|
| 57 | + // Ensure that salt between two pages causes key to differ for either token |
|
| 58 | + $this->assertNotEquals( |
|
| 59 | + $firstSharedPage->generateKey($firstSharedPageToken->Token), |
|
| 60 | + $secondSharedPage->generateKey($firstSharedPageToken->Token) |
|
| 61 | + ); |
|
| 62 | 62 | |
| 63 | - $parts = explode('/', $firstShareLink); |
|
| 63 | + $parts = explode('/', $firstShareLink); |
|
| 64 | 64 | |
| 65 | - $token = array_pop($parts); |
|
| 66 | - $key = array_pop($parts); |
|
| 65 | + $token = array_pop($parts); |
|
| 66 | + $key = array_pop($parts); |
|
| 67 | 67 | |
| 68 | - $this->assertEquals($token, $firstSharedPageToken->Token); |
|
| 68 | + $this->assertEquals($token, $firstSharedPageToken->Token); |
|
| 69 | 69 | |
| 70 | - $request = new HTTPRequest('GET', $firstShareLink); |
|
| 70 | + $request = new HTTPRequest('GET', $firstShareLink); |
|
| 71 | 71 | |
| 72 | - $request->setRouteParams(array( |
|
| 73 | - 'Token' => $token, |
|
| 74 | - 'Key' => $key, |
|
| 75 | - )); |
|
| 72 | + $request->setRouteParams(array( |
|
| 73 | + 'Token' => $token, |
|
| 74 | + 'Key' => $key, |
|
| 75 | + )); |
|
| 76 | 76 | |
| 77 | - $controller = new ShareDraftController(); |
|
| 78 | - $response = $controller->preview($request); |
|
| 77 | + $controller = new ShareDraftController(); |
|
| 78 | + $response = $controller->preview($request); |
|
| 79 | 79 | |
| 80 | - $this->assertContains('share-draft-content-message', $response); |
|
| 80 | + $this->assertContains('share-draft-content-message', $response); |
|
| 81 | 81 | |
| 82 | - $request = new HTTPRequest('GET', $firstShareLink); |
|
| 82 | + $request = new HTTPRequest('GET', $firstShareLink); |
|
| 83 | 83 | |
| 84 | - $request->setRouteParams(array( |
|
| 85 | - 'Token' => $token, |
|
| 86 | - 'Key' => '', |
|
| 87 | - )); |
|
| 84 | + $request->setRouteParams(array( |
|
| 85 | + 'Token' => $token, |
|
| 86 | + 'Key' => '', |
|
| 87 | + )); |
|
| 88 | 88 | |
| 89 | - $controller = new ShareDraftController(); |
|
| 90 | - $response = $controller->preview($request); |
|
| 89 | + $controller = new ShareDraftController(); |
|
| 90 | + $response = $controller->preview($request); |
|
| 91 | 91 | |
| 92 | - $this->assertContains('share-draft-error-page', $response); |
|
| 93 | - } |
|
| 92 | + $this->assertContains('share-draft-error-page', $response); |
|
| 93 | + } |
|
| 94 | 94 | } |
