Skip to content
Snippets Groups Projects
Commit e5cbf5bb authored by Tomáš Valenta's avatar Tomáš Valenta
Browse files

add desync option, readme

parent e57e7539
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
README.md
+ 2
97
View file @ e5cbf5bb
# RESTApiForPhpBB
An unofficial REST API for [PhpBB](https://www.phpbb.com/) with example client.
### Licenses:
* PhpBB extension: GPLv2
* Example client: MIT
### Preamble
Project is provided as-is. It was built to support a particular website and will not see regular updates. If you want to try to add this to the PhpBB extension database, add new features, or fix integration with future versions of PhpBB, please feel free to clone the repo and do with it as you please.
### What this project intended to solve
* Single sign-on with PhpBB
* Auth integration with sites not written in PHP.
* Avoid conflicts when PhpBB and the integrated site use different versions of Symfony components.
### What this project does not intend to solve
* It is not a replacement for whatever PhpBB ultimately releases for their [REST API](https://wiki.phpbb.com/Proposed_REST_API). It is just a workaround until PhpBB releases something that can allow for integrating with their auth system more cleanly.
* It does not try to do more than was needed for the website I help with:
* It is currently meant to be accessed via https from a client on the same server, and so some security features that you find in some public apis may be missing.
* It doesn't alter the way authentication works. It mearly exposes PhpBB's existing cookie-based auth system via a json interface.
* It does not try to qualify for upload to the PhpBB extension database. I did my best to to adhere to the [extension guidelines](https://www.phpbb.com/extensions/rules-and-policies/validation-policy/), but in the end there are some issues I couldn't avoid such as _"15. login_forum_box() or login_box() is used for login."_ for obvious reasons.
### Known Issues
* None at this time, but there are likely some which exist.
### How to install
Extension:
1) Install the extension as you would [any other extension](https://www.phpbb.com/extensions/installing/).
Example client:
1) Copy the client files to a directory on your server
2) [Install composer](https://getcomposer.org/doc/00-intro.md#installation-linux-unix-osx)
3) [Use composer](https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies) to download the GuzzleHttp dependency
* Command will look something like "php composer.phar install" and needs to be run from the directory with the composer.json file.
### Using the API
The root path of the API will be: _https://\<hostname\>\<forum path\>/app.php/restApiV1/_ If you have url rewriting enabled (in General->Server Settings of the control panel) and working for your forum, the path can be shortened to _https://\<hostname\>\<forum path\>/restApiV1/_
NOTE: Due to PhpBB's cookie based auth, you will need to handle cookies passed to and returned by the api. You shouldn't directly store these. Your client should act as a proxy for these cookies. I recommend looking at the example client and reusing the code if you are working with PHP on the client side.
### Logging in
**Request**
Request Property | Value
--- | ---
method | POST
url | \<apiRoot\>/login
Parameters | Current cookies and the following form parameters in the POST body:<ul><li>**'username'** : (string) The user's name</li><li>**'password'** : (string) The user's password</li><li>**'persistLogin'** : (boolean) Flag indicating if inactivity should cause the user to be logged out.</li></ul>
**Response**
401 status code on auth failure, otherwise user data json for logged in user. (See [current user API](#current-user))
### Logging out
**Request**
Request Property | Value
--- | ---
method | POST
url | \<apiRoot\>/logout
parameters | Current cookies
**Response**
User data json for anonymous user. (See [current user API](#current-user))
### Current user
**Request**
Request Property | Value
--- | ---
method | GET
url | \<apiRoot\>/users/me
parameters | Current cookies
**Resonse**
Received cookies should be proxied to browser
JSON:
```javascript
{
"isRegistered":true,
"isBanned":true,
"isPasswordChangeNeeded":true,
"userId":15,
"userName":"Banned"
}
```
Field | Value
------------ | -------------
**isRegistered** | Will be true if the user is logged in.
**isBanned** | True if user is banned from forum.
**isPasswordChangeNeeded** | If true, you should notify or redirect user to the forum's user control panel so they can change their password.
**userId** | The user's forum id
**userName** | The user's user name.
PhpBB rozšíření založené na původním rozšíření od [Eric Parsons](https://github.com/eparsons/RESTApiForPhpBB).
Využívané (zatím výhradně) pro synchronizaci s Nástěnkou.
nastenka_desync.php 0 → 100755
+ 97
0
View file @ e5cbf5bb
<?php
define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);
// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup();
if ($user->data['user_id'] == ANONYMOUS)
{
header('Location: /ucp.php?mode=login');
exit;
}
$request->enable_super_globals();
if (!isset($_GET["next"])) {
http_response_code(400);
die();
}
$next_url = $_GET["next"];
if (filter_var($next_url, FILTER_VALIDATE_URL) === false) {
http_response_code(400);
die();
}
if (
substr($next_url, 0, 27) !== "https://nastenka.pirati.cz/"
&& substr($next_url, 0, 29) !== "https://nastenka.pir-test.eu/"
) {
http_response_code(401);
die();
}
$db->sql_query(
'CREATE TABLE IF NOT EXISTS ' . $table_prefix . 'api_tokens (
user_id INT(10) UNSIGNED,
allowed_forum_ids TEXT NOT NULL,
token VARCHAR(32) NOT NULL,
PRIMARY KEY (user_id),
FOREIGN KEY (user_id)
REFERENCES ' . $table_prefix . 'users (user_id)
ON DELETE CASCADE
) ENGINE=INNODB'
);
$existing_token_query = $db->sql_query(
'SELECT user_id, token FROM ' . $table_prefix . 'api_tokens
WHERE user_id = ' . $user->data["user_id"]
);
$token_exists = false;
$token = null;
while ($row = $db->sql_fetchrow($existing_token_query)) {
$token_exists = true;
$token = $row["token"];
}
if (!$token_exists) {
http_response_code(401);
die();
}
page_header('Synchronizace s Nástěnkou');
$desync_key = "nastenka_desync";
add_form_key($desync_key);
if ($request->is_set_post('submit')) {
if (!check_form_key($desync_key)) {
trigger_error('FORM_INVALID');
}
$db->sql_query(
'DELETE FROM ' . $table_prefix . 'api_tokens
WHERE user_id = ' . $user->data["user_id"]
);
header("Location: " . $next_url);
die();
}
$template->set_filenames(array(
'body' => 'nastenka_desync.html',
));
$template->assign_vars(array(
'NEXT_URL' => $next_url
));
page_footer();
?>
styles/all/template/nastenka_desync.html 0 → 100644
+ 39
0
View file @ e5cbf5bb
<!-- INCLUDE overall_header.html -->
<h2>Zrušení synchronizace s Nástěnkou</h2>
<div class="panel">
<div class="inner">
<span class="corners-top">
<span></span>
</span>
<form
class="content"
method="post"
action="?next={NEXT_URL}"
>
<p>
Pro zrušení synchronizace tvého účtu s Nástěnkou klikni,
prosím, na tlačítko níže.<br>
Souhlas můžeš kdykoli znovu udělit.
</p>
{S_FORM_TOKEN}
<button
class="button"
type="submit"
name="submit"
id="desynchronize"
>Zrušit synchronizaci</button>
</form>
<span class="corners-bottom">
<span></span>
</span>
</div>
</div>
<!-- INCLUDE jumpbox.html -->
<!-- INCLUDE overall_footer.html -->
styles/all/template/nastenka_sync.html
+ 3
2
View file @ e5cbf5bb
......@@ -10,8 +10,9 @@
<div class="content">
<p>
Pro synchronizaci tvého účtu s Nástěnkou po dobu 1 roku
klikni, prosím, na tlačítko níže.
Pro synchronizaci tvého účtu s Nástěnkou klikni, prosím,
na tlačítko níže.<br>
Souhlas můžeš později odvolat v nastavení Nástěnky.
</p>
<button class="button" id="synchronize">Synchronizovat</button>
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

Pirátský GitLab - Home of the CopyLeft