From 3c53556bb0160406221ceb9a0563d8b86bbf4df2 Mon Sep 17 00:00:00 2001
From: davide.cucurnia@vola.it <davide.cucurnia@vola.it>
Date: Fri, 09 Feb 2024 16:31:40 +0100
Subject: [PATCH] gestione cookie / gestione parametro t

---
 app/Vola/Classes/Utils.php |   45 ++++++++++++++++++++++++++++++++++++++++-----
 1 files changed, 40 insertions(+), 5 deletions(-)

diff --git a/app/Vola/Classes/Utils.php b/app/Vola/Classes/Utils.php
index 070f937..c510f04 100644
--- a/app/Vola/Classes/Utils.php
+++ b/app/Vola/Classes/Utils.php
@@ -3,6 +3,7 @@
 namespace App\Vola\Classes;
 
 use App\Models\MailTemplate;
+use App\Vola\Services\VolaFakeHTTPResponder\VolaFakeHTTPResponder;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Log;
 
@@ -95,6 +96,16 @@
         return FALSE;
     }
 
+    public static function get_string_between(string $string, string $start, string $end): string
+    {
+        $string = ' ' . $string;
+        $ini = strpos($string, $start);
+        if ($ini == 0) return '';
+        $ini += strlen($start);
+        $len = strpos($string, $end, $ini) - $ini;
+        return substr($string, $ini, $len);
+    }
+
     public static function getLegacyAuthCookie(Request $request): ?string
     {
         return $request->cookie('CAuthCookie', null);
@@ -108,15 +119,39 @@
     public static function getRequestedUser(Request $request): ?string
     {
         $picassoRequest = (str_starts_with($request->getRequestUri(), '/picasso/',));
+        $isLoggedRequest = str_contains( self::get_string_between($request->getRequestUri(), '/', '?'), 'islogged' );
+        $profile = null;
 
-        if (!$picassoRequest && self::getLegacyAuthCookie($request)) {
-            $profile = intval(str_replace("xno:", "", self::getLegacyAuthCookie($request)));
-        } else if ($picassoRequest && self::getPicassoAuthCookie($request)) {
-            $profile = intval(str_replace("xno:", "", self::getPicassoAuthCookie($request)));
+        if ((!$picassoRequest) && (!$isLoggedRequest)) {
+            // la rotta sso islogged usa solo il cookie per identificare l'utente
+            $reqParams = !empty($request->query()) ? $request->query() : [];
+            if (isset($reqParams["t"])) {
+                $profile = $reqParams["t"];
+            }
+        } else {
+            // tutte le chiamate che non sono islogged usano il parametro t (token) per identificare l'utente
+            $profile = self::getLegacyAuthCookie($request);
         }
 
-        return (isset($profile)) ? $profile : null;
+        if ($picassoRequest) {
+            // picasso usa sempre il cookie per identifcare l'utente
+            $profile = self::getPicassoAuthCookie($request);
+        }
+
+        $profile = (is_null($profile)) ? null : intval(str_replace("xno:", "", $profile));
+        return $profile;
     }
 
+    public static function getLoggedUser(Request $request): array
+    {
+        $cookie = self::getLegacyAuthCookie($request);
+        $profile = (is_null($cookie)) ? null : intval(str_replace("xno:", "", $cookie));
+        $isLogged = (new VolaFakeHTTPResponder())->getLoggedLegacy($profile);
+        $xml = self::convertXMLStrToArray($isLogged);
+        if (is_string($xml) || is_bool($xml)) {
+            return ["logged" => '0', 'message' => $isLogged];
+        }
+        return $xml;
+    }
 }
 

--
Gitblit v1.8.0