From eaa70bd6bc9992dba6f6deebd8d36038de4795d2 Mon Sep 17 00:00:00 2001 From: Sasitha Asaranga Date: Mon, 30 Mar 2020 19:05:39 +0530 Subject: [PATCH 1/6] Created an api to login,get project list and submit a timesheet --- api/projects.php | 69 +++++++++++++++++++++++++++++++++++++++++ api/submitTime.php | 75 ++++++++++++++++++++++++++++++++++++++++++++ api/userlogin.php | 77 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 221 insertions(+) create mode 100644 api/projects.php create mode 100644 api/submitTime.php create mode 100644 api/userlogin.php diff --git a/api/projects.php b/api/projects.php new file mode 100644 index 000000000..b2189db16 --- /dev/null +++ b/api/projects.php @@ -0,0 +1,69 @@ + true, 'data' => 'sasitha asaranga']; + $response = json_encode($success_response); + print_r($response); + exit(); +} + +if (strtoupper($_SERVER['REQUEST_METHOD']) != 'POST') { + throw new Exception('Only POST requests are allowed'); +} + +$content_type = isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : ''; +if (stripos($content_type, 'application/json') === false) { + throw new Exception('Content-Type must be application/json'); +} + +$secret_key = "6D7E07D955DC0316597835BB18F810E6105EB8BCE2B4A9B2B241C4C8047800BE"; + +$body = file_get_contents("php://input"); +$object = json_decode($body); + +// $authHeader = $_SERVER['HTTP_AUTHORIZATION']; +// $arr = explode(" ", $authHeader); + +$jwt = $object->jwt; +// $jwt = true; +$isLoggedIn = false; + +if ($jwt) { + try { + error_log($jwt); + $decoded = JWT::decode($jwt, $secret_key, array('HS256')); + $isLoggedIn = true; + error_log($object->userId); + $user = new ttUser(null, $object->userId); + if ($isLoggedIn) { + error_log("success_response projects 1"); + $project_list = $user->getAssignedProjects(); + $success_response = ['success' => true, 'data' => $project_list]; + $response = json_encode($success_response); + error_log("success_response projects 2"); + print_r($response); + } + } catch (Exception $e) { + $isLoggedIn = false; + http_response_code(401); + print_r(json_encode(array( + "message" => "Access denied.", + "error" => $e->getMessage() + ))); + } +} + +exit(); diff --git a/api/submitTime.php b/api/submitTime.php new file mode 100644 index 000000000..27903e0ff --- /dev/null +++ b/api/submitTime.php @@ -0,0 +1,75 @@ +jwt; +if ($jwt) { + + $decoded = JWT::decode($jwt, $secret_key, array('HS256')); + + try { + $user = new ttUser(null, $object->userId); + + $cl_date = date("Y-m-d"); + $cl_project = $object->projectId; + $cl_duration = $object->duration; + $cl_note = $object->note; + + // Insert record. + $id = ttTimeHelper::insert(array( + 'date' => $cl_date, + 'user_id' => $user->getActiveUser(), + 'client' => $cl_client, + 'project' => $cl_project, + 'task' => $cl_task, + 'duration' => $cl_duration, + 'note' => $cl_note, + 'billable' => true + )); + + $result = true; + if ($id && $result) { + // header('Location: time.php'); + $success_response = ['success' => true, 'data' => $id]; + $response = json_encode($success_response); + print_r($response); + exit(); + } + } catch (Exception $e) { + $isLoggedIn = false; + http_response_code(401); + print_r(json_encode(array( + "message" => "Access denied.", + "error" => $e->getMessage() + ))); + exit(); + } +} diff --git a/api/userlogin.php b/api/userlogin.php new file mode 100644 index 000000000..cb5808d2c --- /dev/null +++ b/api/userlogin.php @@ -0,0 +1,77 @@ +login; +$cl_password = $object->password; + +@include('../plugins/limit/access_check.php'); +if ($auth->doLogin($cl_login, $cl_password)) { + // Set current user date (as determined by user browser) into session. + $current_user_date = $request->getParameter('browser_today', null); + if ($current_user_date) + $_SESSION['date'] = $current_user_date; + + // Remember user login in a cookie. + setcookie('tt_login', $cl_login, time() + COOKIE_EXPIRE, '/'); + + $user = new ttUser(null, $auth->getUserId()); + // Redirect, depending on user role. + $isLoggedIn = true; + + if ($isLoggedIn) { + $secret_key = "6D7E07D955DC0316597835BB18F810E6105EB8BCE2B4A9B2B241C4C8047800BE"; // (SHA256) HTL@BizOrientDevTeam2020 + $issuer_claim = "BizOrient"; // this can be the servername + $audience_claim = "THE_AUDIENCE"; + $issuedat_claim = time(); // issued at + $notbefore_claim = $issuedat_claim; //not before in seconds + $expire_claim = $issuedat_claim + 1800; // expire time in seconds + $token = array( + "iss" => $issuer_claim, + "aud" => $audience_claim, + "iat" => $issuedat_claim, + "nbf" => $notbefore_claim, + "exp" => $expire_claim, + "data" => array( + "firstname" => $user->name, + "id" => $user->id, + "email" => $user->email + ) + ); + + http_response_code(200); + $jwt = JWT::encode($token, $secret_key); + // $jwt = true; + + $success_response = ['success' => true, 'userId' => $user->id, 'jwt' => $jwt]; + $response = json_encode($success_response); + error_log("success_response"); + print_r($response); + } + exit(); +} else { + print_r(['success' => false, 'error' => 'Failed the login']); +} From e3b42de4c7369894de9939190966903babe40a0b Mon Sep 17 00:00:00 2001 From: Sasitha Asaranga Date: Mon, 30 Mar 2020 19:10:12 +0530 Subject: [PATCH 2/6] created an api to login, get projects and submit timesheet --- api/projects.php | 2 +- api/submitTime.php | 2 +- api/userlogin.php | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/api/projects.php b/api/projects.php index b2189db16..ce35f0116 100644 --- a/api/projects.php +++ b/api/projects.php @@ -29,7 +29,7 @@ throw new Exception('Content-Type must be application/json'); } -$secret_key = "6D7E07D955DC0316597835BB18F810E6105EB8BCE2B4A9B2B241C4C8047800BE"; +$secret_key = "91566E2C4E72AF394CAE190D1F2A6062E7826F84BB264962DD3450485C240117"; $body = file_get_contents("php://input"); $object = json_decode($body); diff --git a/api/submitTime.php b/api/submitTime.php index 27903e0ff..b0ed602b7 100644 --- a/api/submitTime.php +++ b/api/submitTime.php @@ -25,7 +25,7 @@ throw new Exception('Content-Type must be application/json'); } -$secret_key = "6D7E07D955DC0316597835BB18F810E6105EB8BCE2B4A9B2B241C4C8047800BE"; +$secret_key = "91566E2C4E72AF394CAE190D1F2A6062E7826F84BB264962DD3450485C240117"; $body = file_get_contents("php://input"); $object = json_decode($body); diff --git a/api/userlogin.php b/api/userlogin.php index cb5808d2c..623ffb31d 100644 --- a/api/userlogin.php +++ b/api/userlogin.php @@ -43,8 +43,8 @@ $isLoggedIn = true; if ($isLoggedIn) { - $secret_key = "6D7E07D955DC0316597835BB18F810E6105EB8BCE2B4A9B2B241C4C8047800BE"; // (SHA256) HTL@BizOrientDevTeam2020 - $issuer_claim = "BizOrient"; // this can be the servername + $secret_key = "91566E2C4E72AF394CAE190D1F2A6062E7826F84BB264962DD3450485C240117"; // (SHA256) TestTimetrackerAPI@2020 + $issuer_claim = "sasitha"; // this can be the servername $audience_claim = "THE_AUDIENCE"; $issuedat_claim = time(); // issued at $notbefore_claim = $issuedat_claim; //not before in seconds From 87d3183fb059dceed632ecc7e286e74957d8cffa Mon Sep 17 00:00:00 2001 From: Sasitha Asaranga Date: Mon, 30 Mar 2020 19:12:30 +0530 Subject: [PATCH 3/6] Update README.md --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index d6a1d2d34..30eb87104 100644 --- a/README.md +++ b/README.md @@ -11,3 +11,6 @@ Anuko [Time Tracker](https://www.anuko.com/time_tracker/index.htm) is a simple, * Forum: https://www.anuko.com/forum/viewforum.php?f=4 * Info for developers: https://www.anuko.com/time_tracker/info_for_developers.htm * How to contribute: https://www.anuko.com/time_tracker/contribute.htm + +## API +Created a small api to login with the username and password to get project list and to submit a timesheet. Have used a JWT authentication for login. From 0c73040ca66cebfd1c8a1f4338d0db5df0f616aa Mon Sep 17 00:00:00 2001 From: Sasitha Asaranga Date: Fri, 3 Apr 2020 13:40:27 +0530 Subject: [PATCH 4/6] defined secret key in config file and minor fixes --- WEB-INF/config.php.dist | 5 +++ api/projects.php | 27 ++++++---------- api/submitTime.php | 69 +++++++++++++++++++++++------------------ api/userlogin.php | 33 +++++++++++++------- composer.json | 5 +++ composer.lock | 68 ++++++++++++++++++++++++++++++++++++++++ 6 files changed, 147 insertions(+), 60 deletions(-) mode change 100644 => 100755 WEB-INF/config.php.dist mode change 100644 => 100755 api/projects.php mode change 100644 => 100755 api/submitTime.php mode change 100644 => 100755 api/userlogin.php create mode 100644 composer.json create mode 100644 composer.lock diff --git a/WEB-INF/config.php.dist b/WEB-INF/config.php.dist old mode 100644 new mode 100755 index 6ffdff08e..951c91821 --- a/WEB-INF/config.php.dist +++ b/WEB-INF/config.php.dist @@ -181,3 +181,8 @@ define('AUTH_MODULE', 'db'); // A comma-separated list of default plugins for new group registrations. // Example below enables charts and attachments. // define('DEFAULT_PLUGINS', 'ch,at'); + +// configuratios for jwt authentication +define('SECRET_KEY', 'YOUR_SECRET_KEY'); +define('ISSUER_CLAIM', 'TestTimetrackerApi'); // this can be the servername +define('AUDIENCE_CLAIM', 'THE_AUDIENCE'); diff --git a/api/projects.php b/api/projects.php old mode 100644 new mode 100755 index ce35f0116..57fd5be9a --- a/api/projects.php +++ b/api/projects.php @@ -1,8 +1,13 @@ true, 'data' => 'sasitha asaranga']; - $response = json_encode($success_response); - print_r($response); - exit(); -} - if (strtoupper($_SERVER['REQUEST_METHOD']) != 'POST') { throw new Exception('Only POST requests are allowed'); } @@ -29,31 +27,24 @@ throw new Exception('Content-Type must be application/json'); } -$secret_key = "91566E2C4E72AF394CAE190D1F2A6062E7826F84BB264962DD3450485C240117"; +$secret_key = SECRET_KEY; $body = file_get_contents("php://input"); $object = json_decode($body); - -// $authHeader = $_SERVER['HTTP_AUTHORIZATION']; -// $arr = explode(" ", $authHeader); - $jwt = $object->jwt; -// $jwt = true; -$isLoggedIn = false; +$isLoggedIn = false; if ($jwt) { try { error_log($jwt); $decoded = JWT::decode($jwt, $secret_key, array('HS256')); $isLoggedIn = true; - error_log($object->userId); - $user = new ttUser(null, $object->userId); + $userId = $decoded->data->id; + $user = new ttUser(null, $userId); if ($isLoggedIn) { - error_log("success_response projects 1"); $project_list = $user->getAssignedProjects(); $success_response = ['success' => true, 'data' => $project_list]; $response = json_encode($success_response); - error_log("success_response projects 2"); print_r($response); } } catch (Exception $e) { diff --git a/api/submitTime.php b/api/submitTime.php old mode 100644 new mode 100755 index b0ed602b7..a0623d1c9 --- a/api/submitTime.php +++ b/api/submitTime.php @@ -1,11 +1,18 @@ jwt; +$isLoggedIn = false; if ($jwt) { - - $decoded = JWT::decode($jwt, $secret_key, array('HS256')); - try { - $user = new ttUser(null, $object->userId); - - $cl_date = date("Y-m-d"); - $cl_project = $object->projectId; - $cl_duration = $object->duration; - $cl_note = $object->note; - - // Insert record. - $id = ttTimeHelper::insert(array( - 'date' => $cl_date, - 'user_id' => $user->getActiveUser(), - 'client' => $cl_client, - 'project' => $cl_project, - 'task' => $cl_task, - 'duration' => $cl_duration, - 'note' => $cl_note, - 'billable' => true - )); + $decoded = JWT::decode($jwt, $secret_key, array('HS256')); + $isLoggedIn = true; + $userId = $decoded->data->id; + $user = new ttUser(null, $userId); + if ($isLoggedIn) { + $group_id = $user->getGroup(); + $cl_date = date("Y-m-d"); + $cl_project = $object->projectId; + $cl_duration = $object->duration; + $cl_note = $object->note; - $result = true; - if ($id && $result) { - // header('Location: time.php'); - $success_response = ['success' => true, 'data' => $id]; - $response = json_encode($success_response); - print_r($response); - exit(); + // Insert record. + $id = ttTimeHelper::insert(array( + 'date' => $cl_date, + 'user_id' => $userId, + 'group_id' => $group_id, + 'org_id' => $user->org_id, + 'client' => $cl_client, + 'project' => $cl_project, + 'task' => $cl_task, + 'duration' => $cl_duration, + 'note' => $cl_note, + 'billable' => true + )); + $result = true; + if ($id && $result && $err->no()) { + $success_response = ['success' => true, 'data' => $id]; + $response = json_encode($success_response); + print_r($response); + exit(); + } } } catch (Exception $e) { $isLoggedIn = false; @@ -70,6 +80,5 @@ "message" => "Access denied.", "error" => $e->getMessage() ))); - exit(); } } diff --git a/api/userlogin.php b/api/userlogin.php old mode 100644 new mode 100755 index 623ffb31d..e1cb7bf64 --- a/api/userlogin.php +++ b/api/userlogin.php @@ -1,8 +1,13 @@ doLogin($cl_login, $cl_password)) { - // Set current user date (as determined by user browser) into session. $current_user_date = $request->getParameter('browser_today', null); if ($current_user_date) $_SESSION['date'] = $current_user_date; - // Remember user login in a cookie. setcookie('tt_login', $cl_login, time() + COOKIE_EXPIRE, '/'); $user = new ttUser(null, $auth->getUserId()); - // Redirect, depending on user role. - $isLoggedIn = true; + $isLoggedIn = false; + if (!empty($user)) { + $isLoggedIn = true; + } if ($isLoggedIn) { - $secret_key = "91566E2C4E72AF394CAE190D1F2A6062E7826F84BB264962DD3450485C240117"; // (SHA256) TestTimetrackerAPI@2020 - $issuer_claim = "sasitha"; // this can be the servername - $audience_claim = "THE_AUDIENCE"; + $secret_key = SECRET_KEY; + $issuer_claim = ISSUER_CLAIM; + $audience_claim = AUDIENCE_CLAIM; $issuedat_claim = time(); // issued at - $notbefore_claim = $issuedat_claim; //not before in seconds + $notbefore_claim = $issuedat_claim + 10; //not before in seconds $expire_claim = $issuedat_claim + 1800; // expire time in seconds $token = array( "iss" => $issuer_claim, @@ -64,14 +69,18 @@ http_response_code(200); $jwt = JWT::encode($token, $secret_key); - // $jwt = true; $success_response = ['success' => true, 'userId' => $user->id, 'jwt' => $jwt]; $response = json_encode($success_response); - error_log("success_response"); + print_r($response); + } else { + $error_response = ['success' => false, 'error' => 'Empty user']; + $response = json_encode($error_response); print_r($response); } - exit(); } else { - print_r(['success' => false, 'error' => 'Failed the login']); + $error_response = ['success' => false, 'error' => 'Failed the login']; + $response = json_encode($error_response); + print_r($response); } +exit(); diff --git a/composer.json b/composer.json new file mode 100644 index 000000000..c4818db14 --- /dev/null +++ b/composer.json @@ -0,0 +1,5 @@ +{ + "require": { + "firebase/php-jwt": "^5.2" + } +} diff --git a/composer.lock b/composer.lock new file mode 100644 index 000000000..c0a6eb572 --- /dev/null +++ b/composer.lock @@ -0,0 +1,68 @@ +{ + "_readme": [ + "This file locks the dependencies of your project to a known state", + "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", + "This file is @generated automatically" + ], + "content-hash": "2e81f436193da5b40f951c6849eda663", + "packages": [ + { + "name": "firebase/php-jwt", + "version": "v5.2.0", + "source": { + "type": "git", + "url": "https://github.com/firebase/php-jwt.git", + "reference": "feb0e820b8436873675fd3aca04f3728eb2185cb" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/firebase/php-jwt/zipball/feb0e820b8436873675fd3aca04f3728eb2185cb", + "reference": "feb0e820b8436873675fd3aca04f3728eb2185cb", + "shasum": "" + }, + "require": { + "php": ">=5.3.0" + }, + "require-dev": { + "phpunit/phpunit": ">=4.8 <=9" + }, + "type": "library", + "autoload": { + "psr-4": { + "Firebase\\JWT\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Neuman Vong", + "email": "neuman+pear@twilio.com", + "role": "Developer" + }, + { + "name": "Anant Narayanan", + "email": "anant@php.net", + "role": "Developer" + } + ], + "description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.", + "homepage": "https://github.com/firebase/php-jwt", + "keywords": [ + "jwt", + "php" + ], + "time": "2020-03-25T18:49:23+00:00" + } + ], + "packages-dev": [], + "aliases": [], + "minimum-stability": "stable", + "stability-flags": [], + "prefer-stable": false, + "prefer-lowest": false, + "platform": [], + "platform-dev": [] +} From 0b815e197064979294d90ca63cc57dbee9ff8591 Mon Sep 17 00:00:00 2001 From: sasithahtl Date: Fri, 3 Apr 2020 13:45:33 +0530 Subject: [PATCH 5/6] jwt issued at the time created --- api/userlogin.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/userlogin.php b/api/userlogin.php index e1cb7bf64..24d357642 100755 --- a/api/userlogin.php +++ b/api/userlogin.php @@ -52,7 +52,7 @@ $issuer_claim = ISSUER_CLAIM; $audience_claim = AUDIENCE_CLAIM; $issuedat_claim = time(); // issued at - $notbefore_claim = $issuedat_claim + 10; //not before in seconds + $notbefore_claim = $issuedat_claim; //not before in seconds $expire_claim = $issuedat_claim + 1800; // expire time in seconds $token = array( "iss" => $issuer_claim, From a11504181a57b2ab6d0f79bf904ab39678854fbc Mon Sep 17 00:00:00 2001 From: sasithahtl Date: Mon, 6 Apr 2020 19:05:30 +0530 Subject: [PATCH 6/6] removed unneccesary lines of session and cookie --- api/userlogin.php | 6 ------ 1 file changed, 6 deletions(-) diff --git a/api/userlogin.php b/api/userlogin.php index 24d357642..543071a47 100755 --- a/api/userlogin.php +++ b/api/userlogin.php @@ -35,12 +35,6 @@ @include('../plugins/limit/access_check.php'); if ($auth->doLogin($cl_login, $cl_password)) { - $current_user_date = $request->getParameter('browser_today', null); - if ($current_user_date) - $_SESSION['date'] = $current_user_date; - - setcookie('tt_login', $cl_login, time() + COOKIE_EXPIRE, '/'); - $user = new ttUser(null, $auth->getUserId()); $isLoggedIn = false;