ushahidi · willdoran · Feb 7, 2018 · Mar 30, 2017 · Mar 30, 2017 · Mar 30, 2017
diff --git a/application/classes/Controller/Api/Apikeys.php b/application/classes/Controller/Api/Apikeys.php
@@ -0,0 +1,18 @@
+<?php defined('SYSPATH') OR die('No direct access allowed.');
+
+/**
+ * Ushahidi API Keys Controller
+ *
+ * @author     Ushahidi Team <team@ushahidi.com>
+ * @package    Ushahidi\Application\Controllers
+ * @copyright  2013 Ushahidi
+ * @license    https://www.gnu.org/licenses/agpl-3.0.html GNU Affero General Public License Version 3 (AGPL3)
+ */
+
+class Controller_Api_ApiKeys extends Ushahidi_Rest {
+
+	protected function _scope()
+	{
+		return 'apikeys';
+	}
+}
diff --git a/application/classes/Controller/Api/Webhooks/Posts.php b/application/classes/Controller/Api/Webhooks/Posts.php
@@ -0,0 +1,67 @@
+<?php defined('SYSPATH') OR die('No direct access allowed.');
+
+/**
+ * Ushahidi API External Webhook Posts Controller
+ *
+ * @author     Ushahidi Team <team@ushahidi.com>
+ * @package    Ushahidi\Application\Controllers
+ * @copyright  2013 Ushahidi
+ * @license    https://www.gnu.org/licenses/agpl-3.0.html GNU Affero General Public License Version 3 (AGPL3)
+ */
+
+use Ushahidi\Core\Tool\Signer;
+
+class Controller_Api_Webhooks_Posts extends Controller_Api_Posts {
+
+	protected function _is_auth_required()
+	{
+		return false;
+	}
+
+	public function checkApiKey($data)
+	{
+
+		if (isset($data['api_key'])) {
+			// Get api key and compare
+			return service('repository.apikey')->apiKeyExists($data['api_key']);
+		}
+
+		return false;
+	}
+
+	public function checkSignature($data)
+	{
+		$signature = $this->request->headers('X-Ushahidi-Signature');
+
+		if (isset($data['webhook_uuid']) && $signature) {
+
+			// Get webhook and validate signature
+			$webhook = service('repository.webhook')->getByUUID($data['webhook_uuid']);
+			$signer = new Signer($webhook->shared_secret);
+			$fullURL = URL::site(Request::detect_uri(), TRUE) . URL::query();
+
+			return $signer->validate($signature, $fullURL, $data);
+		}
+		return false;
+	}
+
+	public function before()
+	{
+		parent::before();
+
+		$post = $this->_request_payload;
+
+		if (!$this->checkApiKey($post) || !$this->checkSignature($post))
+		{
+			throw HTTP_Exception::factory(403, 'Forbidden');
+		}
+	}
+
+	public function action_put_index()
+	{
+		$this->_usecase = service('factory.usecase')
+			->get($this->_resource(), 'webhook-update')
+			->setIdentifiers($this->_identifiers())
+			->setPayload($this->_payload());
+	}
+}
diff --git a/application/classes/Ushahidi/Console/Webhook.php b/application/classes/Ushahidi/Console/Webhook.php
@@ -105,27 +105,46 @@ protected function executeSend(InputInterface $input, OutputInterface $output)
 	private function generateRequest($webhook_request)
 	{
 		// Delete queued webhook request
-		//$this->webhookJobRepository->delete($webhook_request);
+		$this->webhookJobRepository->delete($webhook_request);
 
 		// Get post data
 		$post = $this->postRepository->get($webhook_request->post_id);
-		$json = json_encode($post->asArray());
 
 		// Get webhook data
-		$webhook = $this->webhookRepository->getByEventType($webhook_request->event_type);
+		$webhooks = $this->webhookRepository->getAllByEventType($webhook_request->event_type);
 
-		$this->signer = new Signer($webhook->shared_secret);
+		foreach ($webhooks as $webhook) {
 
-		$signature = $this->signer->sign($webhook->url, $json);
+			if ($post->form_id == $webhook['form_id']) {
+				$this->signer = new Signer($webhook['shared_secret']);
 
-		// This is an asynchronous request, we don't expect a result
-		// this can be extended to allow for handling of the returned promise
-		$promise = $this->client->request('POST', $webhook->url, [
-			'headers' => [
-				'X-Platform-Signature' => $signature,
-				'Accept'               => 'application/json'
-			],
-			'json' => $post->asArray()
-		]);
+				$data = $post->asArray();
+
+				// Attach Webhook Uuid so that service can subsequently identify itself
+				// when sending data to the Platform
+				$data['webhook_uuid'] = $webhook['webhook_uuid'];
+
+				// If set append the source and destination fields to the request
+				// These fields identify the UUIDs of the Post fields which the remot service should
+				// treat as the source of data and the destination for any data to be posted back to the Platform
+				$data['source_field_key'] = $webhook['source_field_key'] ?: null;
+				$data['destination_field_key'] = $webhook['destination_field_key'] ?: null;
+
+				$json = json_encode($data);
+				$signature = $this->signer->sign($webhook['url'], $json);
+
+				// This is an asynchronous request, we don't expect a result
+				// this can be extended to allow for handling of the returned promise
+				//TODO: HANDLE HTTP ERRORS
+				$promise = $this->client->request('POST', $webhook['url'], [
+					'headers' => [
+						'X-Ushahidi-Signature' => $signature,
+						'Accept'               => 'application/json'
+					],
+					'json' => $data
+				]);
+
+			}
+		}
 	}
 }
diff --git a/application/classes/Ushahidi/Core.php b/application/classes/Ushahidi/Core.php
@@ -248,6 +248,8 @@ public static function init()
 		];
 		$di->params['Ushahidi\Factory\ValidatorFactory']['map']['posts'] = [
 			'create' => $di->lazyNew('Ushahidi_Validator_Post_Create'),
+			'update' => $di->lazyNew('Ushahidi_Validator_Post_Create'),
+			'webhook-update' => $di->lazyNew('Ushahidi_Validator_Post_Create'),
 			'update' => $di->lazyNew('Ushahidi_Validator_Post_Update'),
 			'import' => $di->lazyNew('Ushahidi_Validator_Post_Import'),
 		];
@@ -287,6 +289,10 @@ public static function init()
 			'create' => $di->lazyNew('Ushahidi_Validator_Notification_Create'),
 			'update' => $di->lazyNew('Ushahidi_Validator_Notification_Update'),
 		];
+		$di->params['Ushahidi\Factory\ValidatorFactory']['map']['apikeys'] = [
+			'create' => $di->lazyNew('Ushahidi_Validator_ApiKey_Create'),
+			'update' => $di->lazyNew('Ushahidi_Validator_ApiKey_Update'),
+		];
 		$di->params['Ushahidi\Factory\ValidatorFactory']['map']['webhooks'] = [
 			'create' => $di->lazyNew('Ushahidi_Validator_Webhook_Create'),
 			'update' => $di->lazyNew('Ushahidi_Validator_Webhook_Update'),
@@ -339,7 +345,8 @@ public static function init()
 			'savedsearches_posts'  => $di->lazyNew('Ushahidi_Formatter_Post'),
 			'users'                => $di->lazyNew('Ushahidi_Formatter_User'),
 			'notifications'        => $di->lazyNew('Ushahidi_Formatter_Notification'),
-			'webhooks'              => $di->lazyNew('Ushahidi_Formatter_Webhook'),
+			'webhooks'             => $di->lazyNew('Ushahidi_Formatter_Webhook'),
+			'apikeys'              => $di->lazyNew('Ushahidi_Formatter_Apikey'),
 			'contacts'             => $di->lazyNew('Ushahidi_Formatter_Contact'),
 			'csv'                  => $di->lazyNew('Ushahidi_Formatter_CSV'),
 			'roles'                => $di->lazyNew('Ushahidi_Formatter_Role'),
@@ -368,6 +375,7 @@ public static function init()
 			'set_post',
 			'notification',
 			'webhook',
+			'apikey',
 			'contact',
 			'role',
 			'permission',
@@ -436,6 +444,7 @@ public static function init()
 		$di->set('repository.role', $di->lazyNew('Ushahidi_Repository_Role'));
 		$di->set('repository.notification', $di->lazyNew('Ushahidi_Repository_Notification'));
 		$di->set('repository.webhook', $di->lazyNew('Ushahidi_Repository_Webhook'));
+		$di->set('repository.apikey', $di->lazyNew('Ushahidi_Repository_ApiKey'));
 		$di->set('repository.csv', $di->lazyNew('Ushahidi_Repository_CSV'));
 		$di->set('repository.notification.queue', $di->lazyNew('Ushahidi_Repository_Notification_Queue'));
 		$di->set('repository.webhook.job', $di->lazyNew('Ushahidi_Repository_Webhook_Job'));

diff --git a/application/classes/Ushahidi/DataProvider.php b/application/classes/Ushahidi/DataProvider.php
@@ -35,15 +35,15 @@ public function send($to, $message, $title = "")
 	 * @param  string data_provider_message_id Message ID
 	 * @return void
 	 */
-	public function receive($type, $from, $message, $to = NULL, $title = NULL, $data_provider_message_id = NULL, Array $additional_data = NULL)
+	public function receive($type, $from, $message, $to = NULL, $title = NULL, $date = NULL, $data_provider_message_id = NULL, Array $additional_data = NULL)
 	{
 		$data_provider = $this->provider_name();
 		$contact_type = $this->contact_type;
 
 		$usecase = service('factory.usecase')->get('messages', 'receive');
 		try
 		{
-			$usecase->setPayload(compact(['type', 'from', 'message', 'to', 'title', 'data_provider_message_id', 'data_provider', 'contact_type', 'additional_data']))
+			$usecase->setPayload(compact(['type', 'from', 'message', 'to', 'title', 'date', 'data_provider_message_id', 'data_provider', 'contact_type', 'additional_data']))
 				->interact();
 		}
 		catch (Ushahidi\Core\Exception\NotFoundException $e)

diff --git a/application/classes/Ushahidi/Formatter/Apikey.php b/application/classes/Ushahidi/Formatter/Apikey.php
@@ -0,0 +1,17 @@
+<?php defined('SYSPATH') OR die('No direct access allowed.');
+
+/**
+ * Ushahidi API Formatter for Api Keys
+ *
+ * @author     Ushahidi Team <team@ushahidi.com>
+ * @package    Ushahidi\Application
+ * @copyright  2014 Ushahidi
+ * @license    https://www.gnu.org/licenses/agpl-3.0.html GNU Affero General Public License Version 3 (AGPL3)
+ */
+
+use Ushahidi\Core\Traits\FormatterAuthorizerMetadata;
+
+class Ushahidi_Formatter_Apikey extends Ushahidi_Formatter_API
+{
+	use FormatterAuthorizerMetadata;
+}
diff --git a/application/classes/Ushahidi/Repository/ApiKey.php b/application/classes/Ushahidi/Repository/ApiKey.php
@@ -0,0 +1,88 @@
+<?php defined('SYSPATH') OR die('No direct access allowed.');
+
+/**
+ * Ushahidi ApiKey Repository
+ *
+ * @author     Ushahidi Team <team@ushahidi.com>
+ * @package    Ushahidi\Application
+ * @copyright  2014 Ushahidi
+ * @license    https://www.gnu.org/licenses/agpl-3.0.html GNU Affero General Public License Version 3 (AGPL3)
+ */
+
+use Ushahidi\Core\Entity;
+use Ushahidi\Core\SearchData;
+use Ushahidi\Core\Entity\ApiKey;
+use Ushahidi\Core\Entity\ApiKeyRepository;
+use Ushahidi\Core\Traits\AdminAccess;
+
+use Ramsey\Uuid\Uuid;
+use Ramsey\Uuid\Exception\UnsatisfiedDependencyException;
+
+class Ushahidi_Repository_ApiKey extends Ushahidi_Repository implements ApiKeyRepository
+{
+	use AdminAccess;
+
+	protected function getTable()
+	{
+		return 'apikeys';
+	}
+
+	public function getEntity(Array $data = null)
+	{
+		return new ApiKey($data);
+	}
+
+	// Ushahidi_Repository
+	public function setSearchConditions(SearchData $search)
+	{
+		$query = $this->search_query;
+
+		return $query;
+	}
+
+	// CreateRepository
+	public function create(Entity $entity)
+	{
+
+		$record = $entity->asArray();
+		try {
+			$uuid = Uuid::uuid4();
+			$record['api_key'] = $uuid->toString();
+		} catch (UnsatisfiedDependencyException $e) {
+			Kohana::$log->add(Log::ERROR, $e->getMessage());
+		}
+
+		$state = [
+			'created' => time(),
+		];
+
+		return $this->executeInsert($this->removeNullValues($record));
+	}
+
+	// UpdateRepository
+	public function update(Entity $entity)
+	{
+
+		$record = $entity->asArray();
+		$record['updated'] = time();
+		try {
+			$uuid = Uuid::uuid4();
+			$record['api_key'] = $uuid->toString();
+		} catch (UnsatisfiedDependencyException $e) {
+			Kohana::$log->add(Log::ERROR, $e->getMessage());
+		}
+
+		return $this->executeUpdate(['id' => $entity->id], $record);
+	}
+
+	public function apiKeyExists($api_key)
+	{
+		return (bool) $this->selectCount(compact('api_key'));
+	}
+
+	public function getSearchFields()
+	{
+		return [
+		];
+	}
+}