Streams/streams
Streams/streams
1
0
Fork 0
mirror of https://codeberg.org/streams/streams.git synced 2024-09-19 16:15:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

remove external composer packages

Browse source
This commit is contained in:
nobody 2022-01-07 16:45:30 -08:00
parent 5a368a86cd
commit 92d749a2ea
4741 changed files with 1 additions and 970590 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -76,7 +76,7 @@ composer.phar
!composer.lock
# vendor/ is managed by composer, no need to include in our repository
# requires new deployment and needs discussion first
#vendor/
vendor/
# Exclude at least some vendor test files, examples, etc. so far
vendor/**/tests/
vendor/**/Test/

7
vendor/autoload.php vendored
View file

@ -1,7 +0,0 @@
<?php
// autoload.php @generated by Composer
require_once __DIR__ . '/composer/autoload_real.php';
return ComposerAutoloaderInit7b34d7e50a62201ec5d5e526a5b8b35d::getLoader();

1
vendor/bin/generate_vcards vendored
View file

@ -1 +0,0 @@
../sabre/vobject/bin/generate_vcards

1
vendor/bin/html-to-markdown vendored
View file

@ -1 +0,0 @@
../league/html-to-markdown/bin/html-to-markdown

1
vendor/bin/naturalselection vendored
View file

@ -1 +0,0 @@
../sabre/dav/bin/naturalselection

1
vendor/bin/sabredav vendored
View file

@ -1 +0,0 @@
../sabre/dav/bin/sabredav

1
vendor/bin/vobject vendored
View file

@ -1 +0,0 @@
../sabre/vobject/bin/vobject

1
vendor/bin/yaml-lint vendored
View file

@ -1 +0,0 @@
../symfony/yaml/Resources/bin/yaml-lint

1
vendor/blueimp/jquery-file-upload/.github/FUNDING.yml vendored
View file

@ -1 +0,0 @@
github: [blueimp]

80
vendor/blueimp/jquery-file-upload/.github/workflows/test.yml vendored
View file

@ -1,80 +0,0 @@
name: Test
on: [push, pull_request]
jobs:
lint:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [14, 16]
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
with:
node-version: ${{ matrix.node-version }}
- run: npm install
- run: npm run lint
mocha:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: chmod
run: chmod -R 777 server/php/files
- name: docker-compose build
run: docker-compose build example mocha
- name: mocha
run: docker-compose run --rm mocha
- name: docker-compose logs
if: always()
run: docker-compose logs example
- name: docker-compose down
if: always()
run: docker-compose down -v
wdio-chrome:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: chmod
run: chmod -R 777 server/php/files wdio/reports
- name: docker-compose build
run: docker-compose build example
- name: wdio chrome
run: docker-compose run --rm wdio
- name: docker-compose logs
if: always()
run: docker-compose logs example
- name: docker-compose down
if: always()
run: docker-compose down -v
- name: Upload reports
if: always()
uses: actions/upload-artifact@v2
with:
name: reports
path: wdio/reports
wdio-firefox:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: chmod
run: chmod -R 777 server/php/files wdio/reports
- name: docker-compose build
run: docker-compose build example
- name: wdio firefox
run: docker-compose run --rm wdio conf/firefox.js
- name: docker-compose logs
if: always()
run: docker-compose logs example
- name: docker-compose down
if: always()
run: docker-compose down -v
- name: Upload reports
if: always()
uses: actions/upload-artifact@v2
with:
name: reports
path: wdio/reports

3
vendor/blueimp/jquery-file-upload/.gitignore vendored
View file

@ -1,3 +0,0 @@
*.pyc
.env
node_modules

20
vendor/blueimp/jquery-file-upload/LICENSE.txt vendored
View file

@ -1,20 +0,0 @@
MIT License
Copyright © 2010 Sebastian Tschan, https://blueimp.net
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

224
vendor/blueimp/jquery-file-upload/README.md vendored
View file

@ -1,224 +0,0 @@
# jQuery File Upload
## Contents
- [Description](#description)
- [Demo](#demo)
- [Features](#features)
- [Security](#security)
- [Setup](#setup)
- [Requirements](#requirements)
- [Mandatory requirements](#mandatory-requirements)
- [Optional requirements](#optional-requirements)
- [Cross-domain requirements](#cross-domain-requirements)
- [Browsers](#browsers)
- [Desktop browsers](#desktop-browsers)
- [Mobile browsers](#mobile-browsers)
- [Extended browser support information](#extended-browser-support-information)
- [Testing](#testing)
- [Support](#support)
- [License](#license)
## Description
> File Upload widget with multiple file selection, drag&drop support, progress
> bars, validation and preview images, audio and video for jQuery.
> Supports cross-domain, chunked and resumable file uploads and client-side
> image resizing.
> Works with any server-side platform (PHP, Python, Ruby on Rails, Java,
> Node.js, Go etc.) that supports standard HTML form file uploads.
## Demo
[Demo File Upload](https://blueimp.github.io/jQuery-File-Upload/)
## Features
- **Multiple file upload:**
Allows to select multiple files at once and upload them simultaneously.
- **Drag & Drop support:**
Allows to upload files by dragging them from your desktop or file manager and
dropping them on your browser window.
- **Upload progress bar:**
Shows a progress bar indicating the upload progress for individual files and
for all uploads combined.
- **Cancelable uploads:**
Individual file uploads can be canceled to stop the upload progress.
- **Resumable uploads:**
Aborted uploads can be resumed with browsers supporting the Blob API.
- **Chunked uploads:**
Large files can be uploaded in smaller chunks with browsers supporting the
Blob API.
- **Client-side image resizing:**
Images can be automatically resized on client-side with browsers supporting
the required JS APIs.
- **Preview images, audio and video:**
A preview of image, audio and video files can be displayed before uploading
with browsers supporting the required APIs.
- **No browser plugins (e.g. Adobe Flash) required:**
The implementation is based on open standards like HTML5 and JavaScript and
requires no additional browser plugins.
- **Graceful fallback for legacy browsers:**
Uploads files via XMLHttpRequests if supported and uses iframes as fallback
for legacy browsers.
- **HTML file upload form fallback:**
Allows progressive enhancement by using a standard HTML file upload form as
widget element.
- **Cross-site file uploads:**
Supports uploading files to a different domain with cross-site XMLHttpRequests
or iframe redirects.
- **Multiple plugin instances:**
Allows to use multiple plugin instances on the same webpage.
- **Customizable and extensible:**
Provides an API to set individual options and define callback methods for
various upload events.
- **Multipart and file contents stream uploads:**
Files can be uploaded as standard "multipart/form-data" or file contents
stream (HTTP PUT file upload).
- **Compatible with any server-side application platform:**
Works with any server-side platform (PHP, Python, Ruby on Rails, Java,
Node.js, Go etc.) that supports standard HTML form file uploads.
## Security
⚠️ Please read the [VULNERABILITIES](VULNERABILITIES.md) document for a list of
fixed vulnerabilities
Please also read the [SECURITY](SECURITY.md) document for instructions on how to
securely configure your Web server for file uploads.
## Setup
jQuery File Upload can be installed via [NPM](https://www.npmjs.com/):
```sh
npm install blueimp-file-upload
```
This allows you to include [jquery.fileupload.js](js/jquery.fileupload.js) and
its extensions via `node_modules`, e.g:
```html
<script src="node_modules/blueimp-file-upload/js/jquery.fileupload.js"></script>
```
The widget can then be initialized on a file upload form the following way:
```js
$('#fileupload').fileupload();
```
For further information, please refer to the following guides:
- [Main documentation page](https://github.com/blueimp/jQuery-File-Upload/wiki)
- [List of all available Options](https://github.com/blueimp/jQuery-File-Upload/wiki/Options)
- [The plugin API](https://github.com/blueimp/jQuery-File-Upload/wiki/API)
- [How to setup the plugin on your website](https://github.com/blueimp/jQuery-File-Upload/wiki/Setup)
- [How to use only the basic plugin.](https://github.com/blueimp/jQuery-File-Upload/wiki/Basic-plugin)
## Requirements
### Mandatory requirements
- [jQuery](https://jquery.com/) v1.7+
- [jQuery UI widget factory](https://api.jqueryui.com/jQuery.widget/) v1.9+
(included): Required for the basic File Upload plugin, but very lightweight
without any other dependencies from the jQuery UI suite.
- [jQuery Iframe Transport plugin](https://github.com/blueimp/jQuery-File-Upload/blob/master/js/jquery.iframe-transport.js)
(included): Required for
[browsers without XHR file upload support](https://github.com/blueimp/jQuery-File-Upload/wiki/Browser-support).
### Optional requirements
- [JavaScript Templates engine](https://github.com/blueimp/JavaScript-Templates)
v3+: Used to render the selected and uploaded files.
- [JavaScript Load Image library](https://github.com/blueimp/JavaScript-Load-Image)
v2+: Required for the image previews and resizing functionality.
- [JavaScript Canvas to Blob polyfill](https://github.com/blueimp/JavaScript-Canvas-to-Blob)
v3+:Required for the resizing functionality.
- [blueimp Gallery](https://github.com/blueimp/Gallery) v2+: Used to display the
uploaded images in a lightbox.
- [Bootstrap](https://getbootstrap.com/) v3+: Used for the demo design.
- [Glyphicons](https://glyphicons.com/) Icon set used by Bootstrap.
### Cross-domain requirements
[Cross-domain File Uploads](https://github.com/blueimp/jQuery-File-Upload/wiki/Cross-domain-uploads)
using the
[Iframe Transport plugin](https://github.com/blueimp/jQuery-File-Upload/blob/master/js/jquery.iframe-transport.js)
require a redirect back to the origin server to retrieve the upload results. The
[example implementation](https://github.com/blueimp/jQuery-File-Upload/blob/master/js/main.js)
makes use of
[result.html](https://github.com/blueimp/jQuery-File-Upload/blob/master/cors/result.html)
as a static redirect page for the origin server.
The repository also includes the
[jQuery XDomainRequest Transport plugin](https://github.com/blueimp/jQuery-File-Upload/blob/master/js/cors/jquery.xdr-transport.js),
which enables limited cross-domain AJAX requests in Microsoft Internet Explorer
8 and 9 (IE 10 supports cross-domain XHR requests).
The XDomainRequest object allows GET and POST requests only and doesn't support
file uploads. It is used on the
[Demo](https://blueimp.github.io/jQuery-File-Upload/) to delete uploaded files
from the cross-domain demo file upload service.
## Browsers
### Desktop browsers
The File Upload plugin is regularly tested with the latest browser versions and
supports the following minimal versions:
- Google Chrome
- Apple Safari 4.0+
- Mozilla Firefox 3.0+
- Opera 11.0+
- Microsoft Internet Explorer 6.0+
### Mobile browsers
The File Upload plugin has been tested with and supports the following mobile
browsers:
- Apple Safari on iOS 6.0+
- Google Chrome on iOS 6.0+
- Google Chrome on Android 4.0+
- Default Browser on Android 2.3+
- Opera Mobile 12.0+
### Extended browser support information
For a detailed overview of the features supported by each browser version and
known operating system / browser bugs, please have a look at the
[Extended browser support information](https://github.com/blueimp/jQuery-File-Upload/wiki/Browser-support).
## Testing
The project comes with three sets of tests:
1. Code linting using [ESLint](https://eslint.org/).
2. Unit tests using [Mocha](https://mochajs.org/).
3. End-to-end tests using [blueimp/wdio](https://github.com/blueimp/wdio).
To run the tests, follow these steps:
1. Start [Docker](https://docs.docker.com/).
2. Install development dependencies:
```sh
npm install
```
3. Run the tests:
```sh
npm test
```
## Support
This project is actively maintained, but there is no official support channel.
If you have a question that another developer might help you with, please post
to
[Stack Overflow](https://stackoverflow.com/questions/tagged/blueimp+jquery+file-upload)
and tag your question with `blueimp jquery file upload`.
## License
Released under the [MIT license](https://opensource.org/licenses/MIT).

227
vendor/blueimp/jquery-file-upload/SECURITY.md vendored
View file

@ -1,227 +0,0 @@
# File Upload Security
## Contents
- [Introduction](#introduction)
- [Purpose of this project](#purpose-of-this-project)
- [Mitigations against file upload risks](#mitigations-against-file-upload-risks)
- [Prevent code execution on the server](#prevent-code-execution-on-the-server)
- [Prevent code execution in the browser](#prevent-code-execution-in-the-browser)
- [Prevent distribution of malware](#prevent-distribution-of-malware)
- [Secure file upload serving configurations](#secure-file-upload-serving-configurations)
- [Apache config](#apache-config)
- [NGINX config](#nginx-config)
- [Secure image processing configurations](#secure-image-processing-configurations)
- [ImageMagick config](#imagemagick-config)
## Introduction
For an in-depth understanding of the potential security risks of providing file
uploads and possible mitigations, please refer to the
[OWASP - Unrestricted File Upload](https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload)
documentation.
To securely setup the project to serve uploaded files, please refer to the
sample
[Secure file upload serving configurations](#secure-file-upload-serving-configurations).
To mitigate potential vulnerabilities in image processing libraries, please
refer to the
[Secure image processing configurations](#secure-image-processing-configurations).
By default, all sample upload handlers allow only upload of image files, which
mitigates some attack vectors, but should not be relied on as the only
protection.
Please also have a look at the
[list of fixed vulnerabilities](VULNERABILITIES.md) in jQuery File Upload, which
relates mostly to the sample server-side upload handlers and how they have been
configured.
## Purpose of this project
Please note that this project is not a complete file management product, but
foremost a client-side file upload library for [jQuery](https://jquery.com/).
The server-side sample upload handlers are just examples to demonstrate the
client-side file upload functionality.
To make this very clear, there is **no user authentication** by default:
- **everyone can upload files**
- **everyone can delete uploaded files**
In some cases this can be acceptable, but for most projects you will want to
extend the sample upload handlers to integrate user authentication, or implement
your own.
It is also up to you to configure your web server to securely serve the uploaded
files, e.g. using the
[sample server configurations](#secure-file-upload-serving-configurations).
## Mitigations against file upload risks
### Prevent code execution on the server
To prevent execution of scripts or binaries on server-side, the upload directory
must be configured to not execute files in the upload directory (e.g.
`server/php/files` as the default for the PHP upload handler) and only treat
uploaded files as static content.
The recommended way to do this is to configure the upload directory path to
point outside of the web application root.
Then the web server can be configured to serve files from the upload directory
with their default static files handler only.
Limiting file uploads to a whitelist of safe file types (e.g. image files) also
mitigates this issue, but should not be the only protection.
### Prevent code execution in the browser
To prevent execution of scripts on client-side, the following headers must be
sent when delivering generic uploaded files to the client:
```
Content-Type: application/octet-stream
X-Content-Type-Options: nosniff
```
The `Content-Type: application/octet-stream` header instructs browsers to
display a download dialog instead of parsing it and possibly executing script
content e.g. in HTML files.
The `X-Content-Type-Options: nosniff` header prevents browsers to try to detect
the file mime type despite the given content-type header.
For known safe files, the content-type header can be adjusted using a
**whitelist**, e.g. sending `Content-Type: image/png` for PNG files.
### Prevent distribution of malware
To prevent attackers from uploading and distributing malware (e.g. computer
viruses), it is recommended to limit file uploads only to a whitelist of safe
file types.
Please note that the detection of file types in the sample file upload handlers
is based on the file extension and not the actual file content. This makes it
still possible for attackers to upload malware by giving their files an image
file extension, but should prevent automatic execution on client computers when
opening those files.
It does not protect at all from exploiting vulnerabilities in image display
programs, nor from users renaming file extensions to inadvertently execute the
contained malicious code.
## Secure file upload serving configurations
The following configurations serve uploaded files as static files with the
proper headers as
[mitigation against file upload risks](#mitigations-against-file-upload-risks).
Please do not simply copy&paste these configurations, but make sure you
understand what they are doing and that you have implemented them correctly.
> Always test your own setup and make sure that it is secure!
e.g. try uploading PHP scripts (as "example.php", "example.php.png" and
"example.png") to see if they get executed by your web server, e.g. the content
of the following sample:
```php
GIF89ad <?php echo mime_content_type(__FILE__); phpinfo();
```
### Apache config
Add the following directive to the Apache config (e.g.
/etc/apache2/apache2.conf), replacing the directory path with the absolute path
to the upload directory:
```ApacheConf
<Directory "/path/to/project/server/php/files">
# Some of the directives require the Apache Headers module. If it is not
# already enabled, please execute the following command and reload Apache:
# sudo a2enmod headers
#
# Please note that the order of directives across configuration files matters,
# see also:
# https://httpd.apache.org/docs/current/sections.html#merging
# The following directive matches all files and forces them to be handled as
# static content, which prevents the server from parsing and executing files
# that are associated with a dynamic runtime, e.g. PHP files.
# It also forces their Content-Type header to "application/octet-stream" and
# adds a "Content-Disposition: attachment" header to force a download dialog,
# which prevents browsers from interpreting files in the context of the
# web server, e.g. HTML files containing JavaScript.
# Lastly it also prevents browsers from MIME-sniffing the Content-Type,
# preventing them from interpreting a file as a different Content-Type than
# the one sent by the webserver.
<FilesMatch ".*">
SetHandler default-handler
ForceType application/octet-stream
Header set Content-Disposition attachment
Header set X-Content-Type-Options nosniff
</FilesMatch>
# The following directive matches known image files and unsets the forced
# Content-Type so they can be served with their original mime type.
# It also unsets the Content-Disposition header to allow displaying them
# inline in the browser.
<FilesMatch ".+\.(?i:(gif|jpe?g|png))$">
ForceType none
Header unset Content-Disposition
</FilesMatch>
</Directory>
```
### NGINX config
Add the following directive to the NGINX config, replacing the directory path
with the absolute path to the upload directory:
```Nginx
location ^~ /path/to/project/server/php/files {
root html;
default_type application/octet-stream;
types {
image/gif gif;
image/jpeg jpg;
image/png png;
}
add_header X-Content-Type-Options 'nosniff';
if ($request_filename ~ /(((?!\.(jpg)|(png)|(gif)$)[^/])+$)) {
add_header Content-Disposition 'attachment; filename="$1"';
# Add X-Content-Type-Options again, as using add_header in a new context
# dismisses all previous add_header calls:
add_header X-Content-Type-Options 'nosniff';
}
}
```
## Secure image processing configurations
The following configuration mitigates
[potential image processing vulnerabilities with ImageMagick](VULNERABILITIES.md#potential-vulnerabilities-with-php-imagemagick)
by limiting the attack vectors to a small subset of image types
(`GIF/JPEG/PNG`).
Please also consider using alternative, safer image processing libraries like
[libvips](https://github.com/libvips/libvips) or
[imageflow](https://github.com/imazen/imageflow).
## ImageMagick config
It is recommended to disable all non-required ImageMagick coders via
[policy.xml](https://wiki.debian.org/imagemagick/security).
To do so, locate the ImageMagick `policy.xml` configuration file and add the
following policies:
```xml
<?xml version="1.0" encoding="UTF-8"?>
<!-- ... -->
<policymap>
<!-- ... -->
<policy domain="delegate" rights="none" pattern="*" />
<policy domain="coder" rights="none" pattern="*" />
<policy domain="coder" rights="read | write" pattern="{GIF,JPEG,JPG,PNG}" />
</policymap>
```

118
vendor/blueimp/jquery-file-upload/VULNERABILITIES.md vendored
View file

@ -1,118 +0,0 @@
# List of fixed vulnerabilities
## Contents
- [Potential vulnerabilities with PHP+ImageMagick](#potential-vulnerabilities-with-phpimagemagick)
- [Remote code execution vulnerability in the PHP component](#remote-code-execution-vulnerability-in-the-php-component)
- [Open redirect vulnerability in the GAE components](#open-redirect-vulnerability-in-the-gae-components)
- [Cross-site scripting vulnerability in the Iframe Transport](#cross-site-scripting-vulnerability-in-the-iframe-transport)
## Potential vulnerabilities with PHP+ImageMagick
> Mitigated: 2018-10-25 (GMT)
The sample [PHP upload handler](server/php/UploadHandler.php) before
[v9.25.1](https://github.com/blueimp/jQuery-File-Upload/releases/tag/v9.25.1)
did not validate file signatures before invoking
[ImageMagick](https://www.imagemagick.org/) (via
[Imagick](https://php.net/manual/en/book.imagick.php)).
Verifying those
[magic bytes](https://en.wikipedia.org/wiki/List_of_file_signatures) mitigates
potential vulnerabilities when handling input files other than `GIF/JPEG/PNG`.
Please also configure ImageMagick to only enable the coders required for
`GIF/JPEG/PNG` processing, e.g. with the sample
[ImageMagick config](SECURITY.md#imagemagick-config).
**Further information:**
- Commit containing the mitigation:
[fe44d34](https://github.com/blueimp/jQuery-File-Upload/commit/fe44d34be43be32c6b8d507932f318dababb25dd)
- [ImageTragick](https://imagetragick.com/)
- [CERT Vulnerability Note VU#332928](https://www.kb.cert.org/vuls/id/332928)
- [ImageMagick CVE entries](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=imagemagick)
## Remote code execution vulnerability in the PHP component
> Fixed: 2018-10-23 (GMT)
The sample [PHP upload handler](server/php/UploadHandler.php) before
[v9.24.1](https://github.com/blueimp/jQuery-File-Upload/releases/tag/v9.24.1)
allowed to upload all file types by default.
This opens up a remote code execution vulnerability, unless the server is
configured to not execute (PHP) files in the upload directory
(`server/php/files`).
The provided [.htaccess](server/php/files/.htaccess) file includes instructions
for Apache to disable script execution, however
[.htaccess support](https://httpd.apache.org/docs/current/howto/htaccess.html)
is disabled by default since Apache `v2.3.9` via
[AllowOverride Directive](https://httpd.apache.org/docs/current/mod/core.html#allowoverride).
**You are affected if you:**
1. A) Uploaded jQuery File Upload < `v9.24.1` on a Webserver that executes files
with `.php` as part of the file extension (e.g. "example.php.png"), e.g.
Apache with `mod_php` enabled and the following directive (_not a recommended
configuration_):
```ApacheConf
AddHandler php5-script .php
```
B) Uploaded jQuery File Upload < `v9.22.1` on a Webserver that executes files
with the file extension `.php`, e.g. Apache with `mod_php` enabled and the
following directive:
```ApacheConf
<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>
```
2. Did not actively configure your Webserver to not execute files in the upload
directory (`server/php/files`).
3. Are running Apache `v2.3.9+` with the default `AllowOverride` Directive set
to `None` or another Webserver with no `.htaccess` support.
**How to fix it:**
1. Upgrade to the latest version of jQuery File Upload.
2. Configure your Webserver to not execute files in the upload directory, e.g.
with the [sample Apache configuration](SECURITY.md#apache-config)
**Further information:**
- Commits containing the security fix:
[aeb47e5](https://github.com/blueimp/jQuery-File-Upload/commit/aeb47e51c67df8a504b7726595576c1c66b5dc2f),
[ad4aefd](https://github.com/blueimp/jQuery-File-Upload/commit/ad4aefd96e4056deab6fea2690f0d8cf56bb2d7d)
- [Full disclosure post on Hacker News](https://news.ycombinator.com/item?id=18267309).
- [CVE-2018-9206](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9206)
- [OWASP - Unrestricted File Upload](https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload)
## Open redirect vulnerability in the GAE components
> Fixed: 2015-06-12 (GMT)
The sample Google App Engine upload handlers before
v[9.10.1](https://github.com/blueimp/jQuery-File-Upload/releases/tag/9.10.1)
accepted any URL as redirect target, making it possible to use the Webserver's
domain for phishing attacks.
**Further information:**
- Commit containing the security fix:
[f74d2a8](https://github.com/blueimp/jQuery-File-Upload/commit/f74d2a8c3e3b1e8e336678d2899facd5bcdb589f)
- [OWASP - Unvalidated Redirects and Forwards Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html)
## Cross-site scripting vulnerability in the Iframe Transport
> Fixed: 2012-08-09 (GMT)
The [redirect page](cors/result.html) for the
[Iframe Transport](js/jquery.iframe-transport.js) before commit
[4175032](https://github.com/blueimp/jQuery-File-Upload/commit/41750323a464e848856dc4c5c940663498beb74a)
(_fixed in all tagged releases_) allowed executing arbitrary JavaScript in the
context of the Webserver.
**Further information:**
- Commit containing the security fix:
[4175032](https://github.com/blueimp/jQuery-File-Upload/commit/41750323a464e848856dc4c5c940663498beb74a)
- [OWASP - Cross-site Scripting (XSS)](https://owasp.org/www-community/attacks/xss/)

39
vendor/blueimp/jquery-file-upload/composer.json vendored
View file

@ -1,39 +0,0 @@
{
"name": "blueimp/jquery-file-upload"
, "description": "File Upload widget for jQuery."
, "keywords": ["jquery",
"file",
"upload",
"widget",
"multiple",
"selection",
"drag",
"drop",
"progress",
"preview",
"cross-domain",
"cross-site",
"chunk",
"resume",
"gae",
"go",
"python",
"php",
"bootstrap"]
, "homepage": "https://github.com/blueimp/jQuery-File-Upload"
, "authors": [
{
"name": "Sebastian Tschan",
"homepage": "https://blueimp.net"
}
]
, "support": {
"forum": "https://stackoverflow.com/questions/tagged/blueimp+jquery+file-upload"
}
, "license": "MIT"
, "autoload": {
"classmap": [
"server/php/UploadHandler.php"
]
}
}

85
vendor/blueimp/jquery-file-upload/cors/postmessage.html vendored
View file

@ -1,85 +0,0 @@
<!DOCTYPE html>
<!--
/*
* jQuery File Upload Plugin postMessage API
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2011, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
* https://opensource.org/licenses/MIT
*/
-->
<html lang="en">
<head>
<meta charset="utf-8" />
<title>jQuery File Upload Plugin postMessage API</title>
<script
src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"
integrity="sha384-nvAa0+6Qg9clwYCGGPpDQLVpLNn0fRaROjHqs13t4Ggj3Ez50XnGQqc/r8MhnRDZ"
crossorigin="anonymous"
></script>
</head>
<body>
<script>
'use strict';
var origin = /^https:\/\/example.org/,
target = new RegExp('^(http(s)?:)?\\/\\/' + location.host + '\\/');
$(window).on('message', function (e) {
e = e.originalEvent;
var s = e.data,
xhr = $.ajaxSettings.xhr(),
f;
if (!origin.test(e.origin)) {
throw new Error('Origin "' + e.origin + '" does not match ' + origin);
}
if (!target.test(e.data.url)) {
throw new Error(
'Target "' + e.data.url + '" does not match ' + target
);
}
$(xhr.upload).on('progress', function (ev) {
ev = ev.originalEvent;
e.source.postMessage(
{
id: s.id,
type: ev.type,
timeStamp: ev.timeStamp,
lengthComputable: ev.lengthComputable,
loaded: ev.loaded,
total: ev.total
},
e.origin
);
});
s.xhr = function () {
return xhr;
};
if (!(s.data instanceof Blob)) {
f = new FormData();
$.each(s.data, function (i, v) {
f.append(v.name, v.value);
});
s.data = f;
}
$.ajax(s).always(function (result, statusText, jqXHR) {
if (!jqXHR.done) {
jqXHR = result;
result = null;
}
e.source.postMessage(
{
id: s.id,
status: jqXHR.status,
statusText: statusText,
result: result,
headers: jqXHR.getAllResponseHeaders()
},
e.origin
);
});
});
</script>
</body>
</html>

26
vendor/blueimp/jquery-file-upload/cors/result.html vendored
View file

@ -1,26 +0,0 @@
<!DOCTYPE html>
<!--
/*
* jQuery Iframe Transport Plugin Redirect Page
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2010, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
* https://opensource.org/licenses/MIT
*/
-->
<html lang="en">
<head>
<meta charset="utf-8" />
<title>jQuery Iframe Transport Plugin Redirect Page</title>
</head>
<body>
<script>
document.body.innerText = document.body.textContent = decodeURIComponent(
window.location.search.slice(1)
);
</script>
</body>
</html>

22
vendor/blueimp/jquery-file-upload/css/jquery.fileupload-noscript.css vendored
View file

@ -1,22 +0,0 @@
@charset "UTF-8";
/*
* jQuery File Upload Plugin NoScript CSS
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2013, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
* https://opensource.org/licenses/MIT
*/
.fileinput-button input {
position: static;
opacity: 1;
filter: none;
font-size: inherit !important;
direction: inherit;
}
.fileinput-button span {
display: none;
}

17
vendor/blueimp/jquery-file-upload/css/jquery.fileupload-ui-noscript.css vendored
View file

@ -1,17 +0,0 @@
@charset "UTF-8";
/*
* jQuery File Upload UI Plugin NoScript CSS
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2012, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
* https://opensource.org/licenses/MIT
*/
.fileinput-button i,
.fileupload-buttonbar .delete,
.fileupload-buttonbar .toggle {
display: none;
}

68
vendor/blueimp/jquery-file-upload/css/jquery.fileupload-ui.css vendored
View file

@ -1,68 +0,0 @@
@charset "UTF-8";
/*
* jQuery File Upload UI Plugin CSS
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2010, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
* https://opensource.org/licenses/MIT
*/
.progress-animated .progress-bar,
.progress-animated .bar {
background: url('../img/progressbar.gif') !important;
filter: none;
}
.fileupload-process {
float: right;
display: none;
}
.fileupload-processing .fileupload-process,
.files .processing .preview {
display: block;
width: 32px;
height: 32px;
background: url('../img/loading.gif') center no-repeat;
background-size: contain;
}
.files audio,
.files video {
max-width: 300px;
}
.files .name {
word-wrap: break-word;
overflow-wrap: anywhere;
-webkit-hyphens: auto;
hyphens: auto;
}
.files button {
margin-bottom: 5px;
}
.toggle[type='checkbox'] {
transform: scale(2);
margin-left: 10px;
}
@media (max-width: 767px) {
.fileupload-buttonbar .btn {
margin-bottom: 5px;
}
.fileupload-buttonbar .delete,
.fileupload-buttonbar .toggle,
.files .toggle,
.files .btn span {
display: none;
}
.files audio,
.files video {
max-width: 80px;
}
}
@media (max-width: 480px) {
.files .image td:nth-child(2) {
display: none;
}
}

36
vendor/blueimp/jquery-file-upload/css/jquery.fileupload.css vendored
View file

@ -1,36 +0,0 @@
@charset "UTF-8";
/*
* jQuery File Upload Plugin CSS
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2013, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
* https://opensource.org/licenses/MIT
*/
.fileinput-button {
position: relative;
overflow: hidden;
display: inline-block;
}
.fileinput-button input {
position: absolute;
top: 0;
right: 0;
margin: 0;
height: 100%;
opacity: 0;
filter: alpha(opacity=0);
font-size: 200px !important;
direction: ltr;
cursor: pointer;
}
/* Fixes for IE < 8 */
@media screen\9 {
.fileinput-button input {
font-size: 150% !important;
}
}

55
vendor/blueimp/jquery-file-upload/docker-compose.yml vendored
View file

@ -1,55 +0,0 @@
version: '3.7'
services:
example:
build: server/php
ports:
- 127.0.0.1:80:80
volumes:
- .:/var/www/html
mocha:
image: blueimp/mocha-chrome
command: http://example/test
environment:
- WAIT_FOR_HOSTS=example:80
depends_on:
- example
chromedriver:
image: blueimp/chromedriver
tmpfs: /tmp
environment:
- DISABLE_X11=false
- ENABLE_VNC=true
- EXPOSE_X11=true
volumes:
- ./wdio/assets:/home/webdriver/assets:ro
ports:
- 127.0.0.1:5900:5900
geckodriver:
image: blueimp/geckodriver
tmpfs: /tmp
shm_size: 2g
environment:
- DISABLE_X11=false
- ENABLE_VNC=true
- EXPOSE_X11=true
volumes:
- ./wdio/assets:/home/webdriver/assets:ro
ports:
- 127.0.0.1:5901:5900
wdio:
image: blueimp/wdio
read_only: true
tmpfs:
- /tmp
environment:
- WAIT_FOR_HOSTS=chromedriver:4444 geckodriver:4444 example:80
- WINDOWS_HOST
- MACOS_ASSETS_DIR=$PWD/wdio/assets/
- WINDOWS_ASSETS_DIR
volumes:
- ./wdio:/app:ro
- ./wdio/reports:/app/reports
depends_on:
- chromedriver
- geckodriver
- example

BIN
vendor/blueimp/jquery-file-upload/img/loading.gif vendored
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 3.8 KiB

BIN
vendor/blueimp/jquery-file-upload/img/progressbar.gif vendored
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 3.2 KiB

357
vendor/blueimp/jquery-file-upload/index.html vendored
View file

@ -1,357 +0,0 @@
<!DOCTYPE html>
<!--
/*
* jQuery File Upload Demo
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2010, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
* https://opensource.org/licenses/MIT
*/
-->
<html lang="en">
<head>
<!-- Force latest IE rendering engine or ChromeFrame if installed -->
<!--[if IE]>
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
<![endif]-->
<meta charset="utf-8" />
<title>jQuery File Upload Demo</title>
<meta
name="description"
content="File Upload widget with multiple file selection, drag&amp;drop support, progress bars, validation and preview images, audio and video for jQuery. Supports cross-domain, chunked and resumable file uploads and client-side image resizing. Works with any server-side platform (PHP, Python, Ruby on Rails, Java, Node.js, Go etc.) that supports standard HTML form file uploads."
/>
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<!-- Bootstrap styles -->
<link
rel="stylesheet"
href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"
integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u"
crossorigin="anonymous"
/>
<!-- Generic page styles -->
<style>
#navigation {
margin: 10px 0;
}
@media (max-width: 767px) {
#title,
#description {
display: none;
}
}
</style>
<!-- blueimp Gallery styles -->
<link
rel="stylesheet"
href="https://blueimp.github.io/Gallery/css/blueimp-gallery.min.css"
/>
<!-- CSS to style the file input field as button and adjust the Bootstrap progress bars -->
<link rel="stylesheet" href="css/jquery.fileupload.css" />
<link rel="stylesheet" href="css/jquery.fileupload-ui.css" />
<!-- CSS adjustments for browsers with JavaScript disabled -->
<noscript
><link rel="stylesheet" href="css/jquery.fileupload-noscript.css"
/></noscript>
<noscript
><link rel="stylesheet" href="css/jquery.fileupload-ui-noscript.css"
/></noscript>
</head>
<body>
<div class="container">
<ul class="nav nav-tabs" id="navigation">
<li>
<a href="https://github.com/blueimp/jQuery-File-Upload">Project</a>
</li>
<li class="active">
<a href="#">Demo</a>
</li>
<li>
<a href="https://github.com/blueimp/jQuery-File-Upload/wiki">Wiki</a>
</li>
<li>
<a href="https://blueimp.net">Author</a>
</li>
</ul>
<h1 id="title">jQuery File Upload Demo</h1>
<blockquote id="description">
<p>
File Upload widget with multiple file selection, drag&amp;drop
support, progress bars, validation and preview images, audio and video
for jQuery.<br />
Supports cross-domain, chunked and resumable file uploads and
client-side image resizing.<br />
Works with any server-side platform (PHP, Python, Ruby on Rails, Java,
Node.js, Go etc.) that supports standard HTML form file uploads.
</p>
</blockquote>
<!-- The file upload form used as target for the file upload widget -->
<form
id="fileupload"
action="https://jquery-file-upload.appspot.com/"
method="POST"
enctype="multipart/form-data"
>
<!-- Redirect browsers with JavaScript disabled to the origin page -->
<noscript
><input
type="hidden"
name="redirect"
value="https://blueimp.github.io/jQuery-File-Upload/"
/></noscript>
<!-- The fileupload-buttonbar contains buttons to add/delete files and start/cancel the upload -->
<div class="row fileupload-buttonbar">
<div class="col-lg-7">
<!-- The fileinput-button span is used to style the file input field as button -->
<span class="btn btn-success fileinput-button">
<i class="glyphicon glyphicon-plus"></i>
<span>Add files...</span>
<input type="file" name="files[]" multiple />
</span>
<button type="submit" class="btn btn-primary start">
<i class="glyphicon glyphicon-upload"></i>
<span>Start upload</span>
</button>
<button type="reset" class="btn btn-warning cancel">
<i class="glyphicon glyphicon-ban-circle"></i>
<span>Cancel upload</span>
</button>
<button type="button" class="btn btn-danger delete">
<i class="glyphicon glyphicon-trash"></i>
<span>Delete selected</span>
</button>
<input type="checkbox" class="toggle" />
<!-- The global file processing state -->
<span class="fileupload-process"></span>
</div>
<!-- The global progress state -->
<div class="col-lg-5 fileupload-progress fade">
<!-- The global progress bar -->
<div
class="progress progress-striped active"
role="progressbar"
aria-valuemin="0"
aria-valuemax="100"
>
<div
class="progress-bar progress-bar-success"
style="width: 0%;"
></div>
</div>
<!-- The extended global progress state -->
<div class="progress-extended">&nbsp;</div>
</div>
</div>
<!-- The table listing the files available for upload/download -->
<table role="presentation" class="table table-striped">
<tbody class="files"></tbody>
</table>
</form>
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">Demo Notes</h3>
</div>
<div class="panel-body">
<ul>
<li>
The maximum file size for uploads in this demo is
<strong>999 KB</strong> (default file size is unlimited).
</li>
<li>
Only image files (<strong>JPG, GIF, PNG</strong>) are allowed in
this demo (by default there is no file type restriction).
</li>
<li>
Uploaded files will be deleted automatically after
<strong>5 minutes or less</strong> (demo files are stored in
memory).
</li>
<li>
You can <strong>drag &amp; drop</strong> files from your desktop
on this webpage (see
<a
href="https://github.com/blueimp/jQuery-File-Upload/wiki/Browser-support"
>Browser support</a
>).
</li>
<li>
Please refer to the
<a href="https://github.com/blueimp/jQuery-File-Upload"
>project website</a
>
and
<a href="https://github.com/blueimp/jQuery-File-Upload/wiki"
>documentation</a
>
for more information.
</li>
<li>
Built with the
<a href="https://getbootstrap.com/">Bootstrap</a> CSS framework
and Icons from <a href="https://glyphicons.com/">Glyphicons</a>.
</li>
</ul>
</div>
</div>
</div>
<!-- The blueimp Gallery widget -->
<div
id="blueimp-gallery"
class="blueimp-gallery blueimp-gallery-controls"
aria-label="image gallery"
aria-modal="true"
role="dialog"
data-filter=":even"
>
<div class="slides" aria-live="polite"></div>
<h3 class="title"></h3>
<a
class="prev"
aria-controls="blueimp-gallery"
aria-label="previous slide"
aria-keyshortcuts="ArrowLeft"
></a>
<a
class="next"
aria-controls="blueimp-gallery"
aria-label="next slide"
aria-keyshortcuts="ArrowRight"
></a>
<a
class="close"
aria-controls="blueimp-gallery"
aria-label="close"
aria-keyshortcuts="Escape"
></a>
<a
class="play-pause"
aria-controls="blueimp-gallery"
aria-label="play slideshow"
aria-keyshortcuts="Space"
aria-pressed="false"
role="button"
></a>
<ol class="indicator"></ol>
</div>
<!-- The template to display files available for upload -->
<script id="template-upload" type="text/x-tmpl">
{% for (var i=0, file; file=o.files[i]; i++) { %}
<tr class="template-upload fade{%=o.options.loadImageFileTypes.test(file.type)?' image':''%}">
<td>
<span class="preview"></span>
</td>
<td>
<p class="name">{%=file.name%}</p>
<strong class="error text-danger"></strong>
</td>
<td>
<p class="size">Processing...</p>
<div class="progress progress-striped active" role="progressbar" aria-valuemin="0" aria-valuemax="100" aria-valuenow="0"><div class="progress-bar progress-bar-success" style="width:0%;"></div></div>
</td>
<td>
{% if (!o.options.autoUpload && o.options.edit && o.options.loadImageFileTypes.test(file.type)) { %}
<button class="btn btn-success edit" data-index="{%=i%}" disabled>
<i class="glyphicon glyphicon-edit"></i>
<span>Edit</span>
</button>
{% } %}
{% if (!i && !o.options.autoUpload) { %}
<button class="btn btn-primary start" disabled>
<i class="glyphicon glyphicon-upload"></i>
<span>Start</span>
</button>
{% } %}
{% if (!i) { %}
<button class="btn btn-warning cancel">
<i class="glyphicon glyphicon-ban-circle"></i>
<span>Cancel</span>
</button>
{% } %}
</td>
</tr>
{% } %}
</script>
<!-- The template to display files available for download -->
<script id="template-download" type="text/x-tmpl">
{% for (var i=0, file; file=o.files[i]; i++) { %}
<tr class="template-download fade{%=file.thumbnailUrl?' image':''%}">
<td>
<span class="preview">
{% if (file.thumbnailUrl) { %}
<a href="{%=file.url%}" title="{%=file.name%}" download="{%=file.name%}" data-gallery><img src="{%=file.thumbnailUrl%}"></a>
{% } %}
</span>
</td>
<td>
<p class="name">
{% if (file.url) { %}
<a href="{%=file.url%}" title="{%=file.name%}" download="{%=file.name%}" {%=file.thumbnailUrl?'data-gallery':''%}>{%=file.name%}</a>
{% } else { %}
<span>{%=file.name%}</span>
{% } %}
</p>
{% if (file.error) { %}
<div><span class="label label-danger">Error</span> {%=file.error%}</div>
{% } %}
</td>
<td>
<span class="size">{%=o.formatFileSize(file.size)%}</span>
</td>
<td>
{% if (file.deleteUrl) { %}
<button class="btn btn-danger delete" data-type="{%=file.deleteType%}" data-url="{%=file.deleteUrl%}"{% if (file.deleteWithCredentials) { %} data-xhr-fields='{"withCredentials":true}'{% } %}>
<i class="glyphicon glyphicon-trash"></i>
<span>Delete</span>
</button>
<input type="checkbox" name="delete" value="1" class="toggle">
{% } else { %}
<button class="btn btn-warning cancel">
<i class="glyphicon glyphicon-ban-circle"></i>
<span>Cancel</span>
</button>
{% } %}
</td>
</tr>
{% } %}
</script>
<script
src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"
integrity="sha384-nvAa0+6Qg9clwYCGGPpDQLVpLNn0fRaROjHqs13t4Ggj3Ez50XnGQqc/r8MhnRDZ"
crossorigin="anonymous"
></script>
<!-- The jQuery UI widget factory, can be omitted if jQuery UI is already included -->
<script src="js/vendor/jquery.ui.widget.js"></script>
<!-- The Templates plugin is included to render the upload/download listings -->
<script src="https://blueimp.github.io/JavaScript-Templates/js/tmpl.min.js"></script>
<!-- The Load Image plugin is included for the preview images and image resizing functionality -->
<script src="https://blueimp.github.io/JavaScript-Load-Image/js/load-image.all.min.js"></script>
<!-- The Canvas to Blob plugin is included for image resizing functionality -->
<script src="https://blueimp.github.io/JavaScript-Canvas-to-Blob/js/canvas-to-blob.min.js"></script>
<!-- blueimp Gallery script -->
<script src="https://blueimp.github.io/Gallery/js/jquery.blueimp-gallery.min.js"></script>
<!-- The Iframe Transport is required for browsers without support for XHR file uploads -->
<script src="js/jquery.iframe-transport.js"></script>
<!-- The basic File Upload plugin -->
<script src="js/jquery.fileupload.js"></script>
<!-- The File Upload processing plugin -->
<script src="js/jquery.fileupload-process.js"></script>
<!-- The File Upload image preview & resize plugin -->
<script src="js/jquery.fileupload-image.js"></script>
<!-- The File Upload audio preview plugin -->
<script src="js/jquery.fileupload-audio.js"></script>
<!-- The File Upload video preview plugin -->
<script src="js/jquery.fileupload-video.js"></script>
<!-- The File Upload validation plugin -->
<script src="js/jquery.fileupload-validate.js"></script>
<!-- The File Upload user interface plugin -->
<script src="js/jquery.fileupload-ui.js"></script>
<!-- The main application script -->
<script src="js/demo.js"></script>
<!-- The XDomainRequest Transport is included for cross-domain file deletion for IE 8 and IE 9 -->
<!--[if (gte IE 8)&(lt IE 10)]>
<script src="js/cors/jquery.xdr-transport.js"></script>
<![endif]-->
</body>
</html>

126
vendor/blueimp/jquery-file-upload/js/cors/jquery.postmessage-transport.js vendored
View file

@ -1,126 +0,0 @@
/*
* jQuery postMessage Transport Plugin
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2011, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
* https://opensource.org/licenses/MIT
*/
/* global define, require */
(function (factory) {
'use strict';
if (typeof define === 'function' && define.amd) {
// Register as an anonymous AMD module:
define(['jquery'], factory);
} else if (typeof exports === 'object') {
// Node/CommonJS:
factory(require('jquery'));
} else {
// Browser globals:
factory(window.jQuery);
}
})(function ($) {
'use strict';
var counter = 0,
names = [
'accepts',
'cache',
'contents',
'contentType',
'crossDomain',
'data',
'dataType',
'headers',
'ifModified',
'mimeType',
'password',
'processData',
'timeout',
'traditional',
'type',
'url',
'username'
],
convert = function (p) {
return p;
};
$.ajaxSetup({
converters: {
'postmessage text': convert,
'postmessage json': convert,
'postmessage html': convert
}
});
$.ajaxTransport('postmessage', function (options) {
if (options.postMessage && window.postMessage) {
var iframe,
loc = $('<a></a>').prop('href', options.postMessage)[0],
target = loc.protocol + '//' + loc.host,
xhrUpload = options.xhr().upload;
// IE always includes the port for the host property of a link
// element, but not in the location.host or origin property for the
// default http port 80 and https port 443, so we strip it:
if (/^(http:\/\/.+:80)|(https:\/\/.+:443)$/.test(target)) {
target = target.replace(/:(80|443)$/, '');
}
return {
send: function (_, completeCallback) {
counter += 1;
var message = {
id: 'postmessage-transport-' + counter
},
eventName = 'message.' + message.id;
iframe = $(
'<iframe style="display:none;" src="' +
options.postMessage +
'" name="' +
message.id +
'"></iframe>'
)
.on('load', function () {
$.each(names, function (i, name) {
message[name] = options[name];
});
message.dataType = message.dataType.replace('postmessage ', '');
$(window).on(eventName, function (event) {
var e = event.originalEvent;
var data = e.data;
var ev;
if (e.origin === target && data.id === message.id) {
if (data.type === 'progress') {
ev = document.createEvent('Event');
ev.initEvent(data.type, false, true);
$.extend(ev, data);
xhrUpload.dispatchEvent(ev);
} else {
completeCallback(
data.status,
data.statusText,
{ postmessage: data.result },
data.headers
);
iframe.remove();
$(window).off(eventName);
}
}
});
iframe[0].contentWindow.postMessage(message, target);
})
.appendTo(document.body);
},
abort: function () {
if (iframe) {
iframe.remove();
}
}
};
}
});
});

97
vendor/blueimp/jquery-file-upload/js/cors/jquery.xdr-transport.js vendored
View file

@ -1,97 +0,0 @@
/*
* jQuery XDomainRequest Transport Plugin
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2011, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
* https://opensource.org/licenses/MIT
*
* Based on Julian Aubourg's ajaxHooks xdr.js:
* https://github.com/jaubourg/ajaxHooks/
*/
/* global define, require, XDomainRequest */
(function (factory) {
'use strict';
if (typeof define === 'function' && define.amd) {
// Register as an anonymous AMD module:
define(['jquery'], factory);
} else if (typeof exports === 'object') {
// Node/CommonJS:
factory(require('jquery'));
} else {
// Browser globals:
factory(window.jQuery);
}
})(function ($) {
'use strict';
if (window.XDomainRequest && !$.support.cors) {
$.ajaxTransport(function (s) {
if (s.crossDomain && s.async) {
if (s.timeout) {
s.xdrTimeout = s.timeout;
delete s.timeout;
}
var xdr;
return {
send: function (headers, completeCallback) {
var addParamChar = /\?/.test(s.url) ? '&' : '?';
/**
* Callback wrapper function
*
* @param {number} status HTTP status code
* @param {string} statusText HTTP status text
* @param {object} [responses] Content-type specific responses
* @param {string} [responseHeaders] Response headers string
*/
function callback(status, statusText, responses, responseHeaders) {
xdr.onload = xdr.onerror = xdr.ontimeout = $.noop;
xdr = null;
completeCallback(status, statusText, responses, responseHeaders);
}
xdr = new XDomainRequest();
// XDomainRequest only supports GET and POST:
if (s.type === 'DELETE') {
s.url = s.url + addParamChar + '_method=DELETE';
s.type = 'POST';
} else if (s.type === 'PUT') {
s.url = s.url + addParamChar + '_method=PUT';
s.type = 'POST';
} else if (s.type === 'PATCH') {
s.url = s.url + addParamChar + '_method=PATCH';
s.type = 'POST';
}
xdr.open(s.type, s.url);
xdr.onload = function () {
callback(
200,
'OK',
{ text: xdr.responseText },
'Content-Type: ' + xdr.contentType
);
};
xdr.onerror = function () {
callback(404, 'Not Found');
};
if (s.xdrTimeout) {
xdr.ontimeout = function () {
callback(0, 'timeout');
};
xdr.timeout = s.xdrTimeout;
}
xdr.send((s.hasContent && s.data) || null);
},
abort: function () {
if (xdr) {
xdr.onerror = $.noop();
xdr.abort();
}
}
};
}
});
}
});

75
vendor/blueimp/jquery-file-upload/js/demo.js vendored
View file

@ -1,75 +0,0 @@
/*
* jQuery File Upload Demo
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2010, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
* https://opensource.org/licenses/MIT
*/
/* global $ */
$(function () {
'use strict';
// Initialize the jQuery File Upload widget:
$('#fileupload').fileupload({
// Uncomment the following to send cross-domain cookies:
//xhrFields: {withCredentials: true},
url: 'server/php/'
});
// Enable iframe cross-domain access via redirect option:
$('#fileupload').fileupload(
'option',
'redirect',
window.location.href.replace(/\/[^/]*$/, '/cors/result.html?%s')
);
if (window.location.hostname === 'blueimp.github.io') {
// Demo settings:
$('#fileupload').fileupload('option', {
url: '//jquery-file-upload.appspot.com/',
// Enable image resizing, except for Android and Opera,
// which actually support image resizing, but fail to
// send Blob objects via XHR requests:
disableImageResize: /Android(?!.*Chrome)|Opera/.test(
window.navigator.userAgent
),
maxFileSize: 999000,
acceptFileTypes: /(\.|\/)(gif|jpe?g|png)$/i
});
// Upload server status check for browsers with CORS support:
if ($.support.cors) {
$.ajax({
url: '//jquery-file-upload.appspot.com/',
type: 'HEAD'
}).fail(function () {
$('<div class="alert alert-danger"></div>')
.text('Upload server currently unavailable - ' + new Date())
.appendTo('#fileupload');
});
}
} else {
// Load existing files:
$('#fileupload').addClass('fileupload-processing');
$.ajax({
// Uncomment the following to send cross-domain cookies:
//xhrFields: {withCredentials: true},
url: $('#fileupload').fileupload('option', 'url'),
dataType: 'json',
context: $('#fileupload')[0]
})
.always(function () {
$(this).removeClass('fileupload-processing');
})
.done(function (result) {
$(this)
.fileupload('option', 'done')
// eslint-disable-next-line new-cap
.call(this, $.Event('done'), { result: result });
});
}
});

101
vendor/blueimp/jquery-file-upload/js/jquery.fileupload-audio.js vendored
View file

@ -1,101 +0,0 @@
/*
* jQuery File Upload Audio Preview Plugin
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2013, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
* https://opensource.org/licenses/MIT
*/
/* global define, require */
(function (factory) {
'use strict';
if (typeof define === 'function' && define.amd) {
// Register as an anonymous AMD module:
define(['jquery', 'load-image', './jquery.fileupload-process'], factory);
} else if (typeof exports === 'object') {
// Node/CommonJS:
factory(
require('jquery'),
require('blueimp-load-image/js/load-image'),
require('./jquery.fileupload-process')
);
} else {
// Browser globals:
factory(window.jQuery, window.loadImage);
}
})(function ($, loadImage) {
'use strict';
// Prepend to the default processQueue:
$.blueimp.fileupload.prototype.options.processQueue.unshift(
{
action: 'loadAudio',
// Use the action as prefix for the "@" options:
prefix: true,
fileTypes: '@',
maxFileSize: '@',
disabled: '@disableAudioPreview'
},
{
action: 'setAudio',
name: '@audioPreviewName',
disabled: '@disableAudioPreview'
}
);
// The File Upload Audio Preview plugin extends the fileupload widget
// with audio preview functionality:
$.widget('blueimp.fileupload', $.blueimp.fileupload, {
options: {
// The regular expression for the types of audio files to load,
// matched against the file type:
loadAudioFileTypes: /^audio\/.*$/
},
_audioElement: document.createElement('audio'),
processActions: {
// Loads the audio file given via data.files and data.index
// as audio element if the browser supports playing it.
// Accepts the options fileTypes (regular expression)
// and maxFileSize (integer) to limit the files to load:
loadAudio: function (data, options) {
if (options.disabled) {
return data;
}
var file = data.files[data.index],
url,
audio;
if (
this._audioElement.canPlayType &&
this._audioElement.canPlayType(file.type) &&
($.type(options.maxFileSize) !== 'number' ||
file.size <= options.maxFileSize) &&
(!options.fileTypes || options.fileTypes.test(file.type))
) {
url = loadImage.createObjectURL(file);
if (url) {
audio = this._audioElement.cloneNode(false);
audio.src = url;
audio.controls = true;
data.audio = audio;
return data;
}
}
return data;
},
// Sets the audio element as a property of the file object:
setAudio: function (data, options) {
if (data.audio && !options.disabled) {
data.files[data.index][options.name || 'preview'] = data.audio;
}
return data;
}
}
});
});

347
vendor/blueimp/jquery-file-upload/js/jquery.fileupload-image.js vendored
View file

@ -1,347 +0,0 @@
/*
* jQuery File Upload Image Preview & Resize Plugin
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2013, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
* https://opensource.org/licenses/MIT
*/
/* global define, require */
(function (factory) {
'use strict';
if (typeof define === 'function' && define.amd) {
// Register as an anonymous AMD module:
define([
'jquery',
'load-image',
'load-image-meta',
'load-image-scale',
'load-image-exif',
'load-image-orientation',
'canvas-to-blob',
'./jquery.fileupload-process'
], factory);
} else if (typeof exports === 'object') {
// Node/CommonJS:
factory(
require('jquery'),
require('blueimp-load-image/js/load-image'),
require('blueimp-load-image/js/load-image-meta'),
require('blueimp-load-image/js/load-image-scale'),
require('blueimp-load-image/js/load-image-exif'),
require('blueimp-load-image/js/load-image-orientation'),
require('blueimp-canvas-to-blob'),
require('./jquery.fileupload-process')
);
} else {
// Browser globals:
factory(window.jQuery, window.loadImage);
}
})(function ($, loadImage) {
'use strict';
// Prepend to the default processQueue:
$.blueimp.fileupload.prototype.options.processQueue.unshift(
{
action: 'loadImageMetaData',
maxMetaDataSize: '@',
disableImageHead: '@',
disableMetaDataParsers: '@',
disableExif: '@',
disableExifOffsets: '@',
includeExifTags: '@',
excludeExifTags: '@',
disableIptc: '@',
disableIptcOffsets: '@',
includeIptcTags: '@',
excludeIptcTags: '@',
disabled: '@disableImageMetaDataLoad'
},
{
action: 'loadImage',
// Use the action as prefix for the "@" options:
prefix: true,
fileTypes: '@',
maxFileSize: '@',
noRevoke: '@',
disabled: '@disableImageLoad'
},
{
action: 'resizeImage',
// Use "image" as prefix for the "@" options:
prefix: 'image',
maxWidth: '@',
maxHeight: '@',
minWidth: '@',
minHeight: '@',
crop: '@',
orientation: '@',
forceResize: '@',
disabled: '@disableImageResize',
imageSmoothingQuality: '@imageSmoothingQuality'
},
{
action: 'saveImage',
quality: '@imageQuality',
type: '@imageType',
disabled: '@disableImageResize'
},
{
action: 'saveImageMetaData',
disabled: '@disableImageMetaDataSave'
},
{
action: 'resizeImage',
// Use "preview" as prefix for the "@" options:
prefix: 'preview',
maxWidth: '@',
maxHeight: '@',
minWidth: '@',
minHeight: '@',
crop: '@',
orientation: '@',
thumbnail: '@',
canvas: '@',
disabled: '@disableImagePreview'
},
{
action: 'setImage',
name: '@imagePreviewName',
disabled: '@disableImagePreview'
},
{
action: 'deleteImageReferences',
disabled: '@disableImageReferencesDeletion'
}
);
// The File Upload Resize plugin extends the fileupload widget
// with image resize functionality:
$.widget('blueimp.fileupload', $.blueimp.fileupload, {
options: {
// The regular expression for the types of images to load:
// matched against the file type:
loadImageFileTypes: /^image\/(gif|jpeg|png|svg\+xml)$/,
// The maximum file size of images to load:
loadImageMaxFileSize: 10000000, // 10MB
// The maximum width of resized images:
imageMaxWidth: 1920,
// The maximum height of resized images:
imageMaxHeight: 1080,
// Defines the image orientation (1-8) or takes the orientation
// value from Exif data if set to true:
imageOrientation: true,
// Define if resized images should be cropped or only scaled:
imageCrop: false,
// Disable the resize image functionality by default:
disableImageResize: true,
// The maximum width of the preview images:
previewMaxWidth: 80,
// The maximum height of the preview images:
previewMaxHeight: 80,
// Defines the preview orientation (1-8) or takes the orientation
// value from Exif data if set to true:
previewOrientation: true,
// Create the preview using the Exif data thumbnail:
previewThumbnail: true,
// Define if preview images should be cropped or only scaled:
previewCrop: false,
// Define if preview images should be resized as canvas elements:
previewCanvas: true
},
processActions: {
// Loads the image given via data.files and data.index
// as img element, if the browser supports the File API.
// Accepts the options fileTypes (regular expression)
// and maxFileSize (integer) to limit the files to load:
loadImage: function (data, options) {
if (options.disabled) {
return data;
}
var that = this,
file = data.files[data.index],
// eslint-disable-next-line new-cap
dfd = $.Deferred();
if (
($.type(options.maxFileSize) === 'number' &&
file.size > options.maxFileSize) ||
(options.fileTypes && !options.fileTypes.test(file.type)) ||
!loadImage(
file,
function (img) {
if (img.src) {
data.img = img;
}
dfd.resolveWith(that, [data]);
},
options
)
) {
return data;
}
return dfd.promise();
},
// Resizes the image given as data.canvas or data.img
// and updates data.canvas or data.img with the resized image.
// Also stores the resized image as preview property.
// Accepts the options maxWidth, maxHeight, minWidth,
// minHeight, canvas and crop:
resizeImage: function (data, options) {
if (options.disabled || !(data.canvas || data.img)) {
return data;
}
// eslint-disable-next-line no-param-reassign
options = $.extend({ canvas: true }, options);
var that = this,
// eslint-disable-next-line new-cap
dfd = $.Deferred(),
img = (options.canvas && data.canvas) || data.img,
resolve = function (newImg) {
if (
newImg &&
(newImg.width !== img.width ||
newImg.height !== img.height ||
options.forceResize)
) {
data[newImg.getContext ? 'canvas' : 'img'] = newImg;
}
data.preview = newImg;
dfd.resolveWith(that, [data]);
},
thumbnail,
thumbnailBlob;
if (data.exif && options.thumbnail) {
thumbnail = data.exif.get('Thumbnail');
thumbnailBlob = thumbnail && thumbnail.get('Blob');
if (thumbnailBlob) {
options.orientation = data.exif.get('Orientation');
loadImage(thumbnailBlob, resolve, options);
return dfd.promise();
}
}
if (data.orientation) {
// Prevent orienting the same image twice:
delete options.orientation;
} else {
data.orientation = options.orientation || loadImage.orientation;
}
if (img) {
resolve(loadImage.scale(img, options, data));
return dfd.promise();
}
return data;
},
// Saves the processed image given as data.canvas
// inplace at data.index of data.files:
saveImage: function (data, options) {
if (!data.canvas || options.disabled) {
return data;
}
var that = this,
file = data.files[data.index],
// eslint-disable-next-line new-cap
dfd = $.Deferred();
if (data.canvas.toBlob) {
data.canvas.toBlob(
function (blob) {
if (!blob.name) {
if (file.type === blob.type) {
blob.name = file.name;
} else if (file.name) {
blob.name = file.name.replace(
/\.\w+$/,
'.' + blob.type.substr(6)
);
}
}
// Don't restore invalid meta data:
if (file.type !== blob.type) {
delete data.imageHead;
}
// Store the created blob at the position
// of the original file in the files list:
data.files[data.index] = blob;
dfd.resolveWith(that, [data]);
},
options.type || file.type,
options.quality
);
} else {
return data;
}
return dfd.promise();
},
loadImageMetaData: function (data, options) {
if (options.disabled) {
return data;
}
var that = this,
// eslint-disable-next-line new-cap
dfd = $.Deferred();
loadImage.parseMetaData(
data.files[data.index],
function (result) {
$.extend(data, result);
dfd.resolveWith(that, [data]);
},
options
);
return dfd.promise();
},
saveImageMetaData: function (data, options) {
if (
!(
data.imageHead &&
data.canvas &&
data.canvas.toBlob &&
!options.disabled
)
) {
return data;
}
var that = this,
file = data.files[data.index],
// eslint-disable-next-line new-cap
dfd = $.Deferred();
if (data.orientation === true && data.exifOffsets) {
// Reset Exif Orientation data:
loadImage.writeExifData(data.imageHead, data, 'Orientation', 1);
}
loadImage.replaceHead(file, data.imageHead, function (blob) {
blob.name = file.name;
data.files[data.index] = blob;
dfd.resolveWith(that, [data]);
});
return dfd.promise();
},
// Sets the resized version of the image as a property of the
// file object, must be called after "saveImage":
setImage: function (data, options) {
if (data.preview && !options.disabled) {
data.files[data.index][options.name || 'preview'] = data.preview;
}
return data;
},
deleteImageReferences: function (data, options) {
if (!options.disabled) {
delete data.img;
delete data.canvas;
delete data.preview;
delete data.imageHead;
}
return data;
}
}
});
});

170
vendor/blueimp/jquery-file-upload/js/jquery.fileupload-process.js vendored
View file

@ -1,170 +0,0 @@
/*
* jQuery File Upload Processing Plugin
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2012, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
* https://opensource.org/licenses/MIT
*/
/* global define, require */
(function (factory) {
'use strict';
if (typeof define === 'function' && define.amd) {
// Register as an anonymous AMD module:
define(['jquery', './jquery.fileupload'], factory);
} else if (typeof exports === 'object') {
// Node/CommonJS:
factory(require('jquery'), require('./jquery.fileupload'));
} else {
// Browser globals:
factory(window.jQuery);
}
})(function ($) {
'use strict';
var originalAdd = $.blueimp.fileupload.prototype.options.add;
// The File Upload Processing plugin extends the fileupload widget
// with file processing functionality:
$.widget('blueimp.fileupload', $.blueimp.fileupload, {
options: {
// The list of processing actions:
processQueue: [
/*
{
action: 'log',
type: 'debug'
}
*/
],
add: function (e, data) {
var $this = $(this);
data.process(function () {
return $this.fileupload('process', data);
});
originalAdd.call(this, e, data);
}
},
processActions: {
/*
log: function (data, options) {
console[options.type](
'Processing "' + data.files[data.index].name + '"'
);
}
*/
},
_processFile: function (data, originalData) {
var that = this,
// eslint-disable-next-line new-cap
dfd = $.Deferred().resolveWith(that, [data]),
chain = dfd.promise();
this._trigger('process', null, data);
$.each(data.processQueue, function (i, settings) {
var func = function (data) {
if (originalData.errorThrown) {
// eslint-disable-next-line new-cap
return $.Deferred().rejectWith(that, [originalData]).promise();
}
return that.processActions[settings.action].call(
that,
data,
settings
);
};
chain = chain[that._promisePipe](func, settings.always && func);
});
chain
.done(function () {
that._trigger('processdone', null, data);
that._trigger('processalways', null, data);
})
.fail(function () {
that._trigger('processfail', null, data);
that._trigger('processalways', null, data);
});
return chain;
},
// Replaces the settings of each processQueue item that
// are strings starting with an "@", using the remaining
// substring as key for the option map,
// e.g. "@autoUpload" is replaced with options.autoUpload:
_transformProcessQueue: function (options) {
var processQueue = [];
$.each(options.processQueue, function () {
var settings = {},
action = this.action,
prefix = this.prefix === true ? action : this.prefix;
$.each(this, function (key, value) {
if ($.type(value) === 'string' && value.charAt(0) === '@') {
settings[key] =
options[
value.slice(1) ||
(prefix
? prefix + key.charAt(0).toUpperCase() + key.slice(1)
: key)
];
} else {
settings[key] = value;
}
});
processQueue.push(settings);
});
options.processQueue = processQueue;
},
// Returns the number of files currently in the processing queue:
processing: function () {
return this._processing;
},
// Processes the files given as files property of the data parameter,
// returns a Promise object that allows to bind callbacks:
process: function (data) {
var that = this,
options = $.extend({}, this.options, data);
if (options.processQueue && options.processQueue.length) {
this._transformProcessQueue(options);
if (this._processing === 0) {
this._trigger('processstart');
}
$.each(data.files, function (index) {
var opts = index ? $.extend({}, options) : options,
func = function () {
if (data.errorThrown) {
// eslint-disable-next-line new-cap
return $.Deferred().rejectWith(that, [data]).promise();
}
return that._processFile(opts, data);
};
opts.index = index;
that._processing += 1;
that._processingQueue = that._processingQueue[that._promisePipe](
func,
func
).always(function () {
that._processing -= 1;
if (that._processing === 0) {
that._trigger('processstop');
}
});
});
}
return this._processingQueue;
},
_create: function () {
this._super();
this._processing = 0;
// eslint-disable-next-line new-cap
this._processingQueue = $.Deferred().resolveWith(this).promise();
}
});
});

759
vendor/blueimp/jquery-file-upload/js/jquery.fileupload-ui.js vendored
View file

@ -1,759 +0,0 @@
/*
* jQuery File Upload User Interface Plugin
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2010, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
* https://opensource.org/licenses/MIT
*/
/* global define, require */
(function (factory) {
'use strict';
if (typeof define === 'function' && define.amd) {
// Register as an anonymous AMD module:
define([
'jquery',
'blueimp-tmpl',
'./jquery.fileupload-image',
'./jquery.fileupload-audio',
'./jquery.fileupload-video',
'./jquery.fileupload-validate'
], factory);
} else if (typeof exports === 'object') {
// Node/CommonJS:
factory(
require('jquery'),
require('blueimp-tmpl'),
require('./jquery.fileupload-image'),
require('./jquery.fileupload-audio'),
require('./jquery.fileupload-video'),
require('./jquery.fileupload-validate')
);
} else {
// Browser globals:
factory(window.jQuery, window.tmpl);
}
})(function ($, tmpl) {
'use strict';
$.blueimp.fileupload.prototype._specialOptions.push(
'filesContainer',
'uploadTemplateId',
'downloadTemplateId'
);
// The UI version extends the file upload widget
// and adds complete user interface interaction:
$.widget('blueimp.fileupload', $.blueimp.fileupload, {
options: {
// By default, files added to the widget are uploaded as soon
// as the user clicks on the start buttons. To enable automatic
// uploads, set the following option to true:
autoUpload: false,
// The class to show/hide UI elements:
showElementClass: 'in',
// The ID of the upload template:
uploadTemplateId: 'template-upload',
// The ID of the download template:
downloadTemplateId: 'template-download',
// The container for the list of files. If undefined, it is set to
// an element with class "files" inside of the widget element:
filesContainer: undefined,
// By default, files are appended to the files container.
// Set the following option to true, to prepend files instead:
prependFiles: false,
// The expected data type of the upload response, sets the dataType
// option of the $.ajax upload requests:
dataType: 'json',
// Error and info messages:
messages: {
unknownError: 'Unknown error'
},
// Function returning the current number of files,
// used by the maxNumberOfFiles validation:
getNumberOfFiles: function () {
return this.filesContainer.children().not('.processing').length;
},
// Callback to retrieve the list of files from the server response:
getFilesFromResponse: function (data) {
if (data.result && $.isArray(data.result.files)) {
return data.result.files;
}
return [];
},
// The add callback is invoked as soon as files are added to the fileupload
// widget (via file input selection, drag & drop or add API call).
// See the basic file upload widget for more information:
add: function (e, data) {
if (e.isDefaultPrevented()) {
return false;
}
var $this = $(this),
that = $this.data('blueimp-fileupload') || $this.data('fileupload'),
options = that.options;
data.context = that
._renderUpload(data.files)
.data('data', data)
.addClass('processing');
options.filesContainer[options.prependFiles ? 'prepend' : 'append'](
data.context
);
that._forceReflow(data.context);
that._transition(data.context);
data
.process(function () {
return $this.fileupload('process', data);
})
.always(function () {
data.context
.each(function (index) {
$(this)
.find('.size')
.text(that._formatFileSize(data.files[index].size));
})
.removeClass('processing');
that._renderPreviews(data);
})
.done(function () {
data.context.find('.edit,.start').prop('disabled', false);
if (
that._trigger('added', e, data) !== false &&
(options.autoUpload || data.autoUpload) &&
data.autoUpload !== false
) {
data.submit();
}
})
.fail(function () {
if (data.files.error) {
data.context.each(function (index) {
var error = data.files[index].error;
if (error) {
$(this).find('.error').text(error);
}
});
}
});
},
// Callback for the start of each file upload request:
send: function (e, data) {
if (e.isDefaultPrevented()) {
return false;
}
var that =
$(this).data('blueimp-fileupload') || $(this).data('fileupload');
if (
data.context &&
data.dataType &&
data.dataType.substr(0, 6) === 'iframe'
) {
// Iframe Transport does not support progress events.
// In lack of an indeterminate progress bar, we set
// the progress to 100%, showing the full animated bar:
data.context
.find('.progress')
.addClass(!$.support.transition && 'progress-animated')
.attr('aria-valuenow', 100)
.children()
.first()
.css('width', '100%');
}
return that._trigger('sent', e, data);
},
// Callback for successful uploads:
done: function (e, data) {
if (e.isDefaultPrevented()) {
return false;
}
var that =
$(this).data('blueimp-fileupload') || $(this).data('fileupload'),
getFilesFromResponse =
data.getFilesFromResponse || that.options.getFilesFromResponse,
files = getFilesFromResponse(data),
template,
deferred;
if (data.context) {
data.context.each(function (index) {
var file = files[index] || { error: 'Empty file upload result' };
deferred = that._addFinishedDeferreds();
that._transition($(this)).done(function () {
var node = $(this);
template = that._renderDownload([file]).replaceAll(node);
that._forceReflow(template);
that._transition(template).done(function () {
data.context = $(this);
that._trigger('completed', e, data);
that._trigger('finished', e, data);
deferred.resolve();
});
});
});
} else {
template = that
._renderDownload(files)
[that.options.prependFiles ? 'prependTo' : 'appendTo'](
that.options.filesContainer
);
that._forceReflow(template);
deferred = that._addFinishedDeferreds();
that._transition(template).done(function () {
data.context = $(this);
that._trigger('completed', e, data);
that._trigger('finished', e, data);
deferred.resolve();
});
}
},
// Callback for failed (abort or error) uploads:
fail: function (e, data) {
if (e.isDefaultPrevented()) {
return false;
}
var that =
$(this).data('blueimp-fileupload') || $(this).data('fileupload'),
template,
deferred;
if (data.context) {
data.context.each(function (index) {
if (data.errorThrown !== 'abort') {
var file = data.files[index];
file.error =
file.error || data.errorThrown || data.i18n('unknownError');
deferred = that._addFinishedDeferreds();
that._transition($(this)).done(function () {
var node = $(this);
template = that._renderDownload([file]).replaceAll(node);
that._forceReflow(template);
that._transition(template).done(function () {
data.context = $(this);
that._trigger('failed', e, data);
that._trigger('finished', e, data);
deferred.resolve();
});
});
} else {
deferred = that._addFinishedDeferreds();
that._transition($(this)).done(function () {
$(this).remove();
that._trigger('failed', e, data);
that._trigger('finished', e, data);
deferred.resolve();
});
}
});
} else if (data.errorThrown !== 'abort') {
data.context = that
._renderUpload(data.files)
[that.options.prependFiles ? 'prependTo' : 'appendTo'](
that.options.filesContainer
)
.data('data', data);
that._forceReflow(data.context);
deferred = that._addFinishedDeferreds();
that._transition(data.context).done(function () {
data.context = $(this);
that._trigger('failed', e, data);
that._trigger('finished', e, data);
deferred.resolve();
});
} else {
that._trigger('failed', e, data);
that._trigger('finished', e, data);
that._addFinishedDeferreds().resolve();
}
},
// Callback for upload progress events:
progress: function (e, data) {
if (e.isDefaultPrevented()) {
return false;
}
var progress = Math.floor((data.loaded / data.total) * 100);
if (data.context) {
data.context.each(function () {
$(this)
.find('.progress')
.attr('aria-valuenow', progress)
.children()
.first()
.css('width', progress + '%');
});
}
},
// Callback for global upload progress events:
progressall: function (e, data) {
if (e.isDefaultPrevented()) {
return false;
}
var $this = $(this),
progress = Math.floor((data.loaded / data.total) * 100),
globalProgressNode = $this.find('.fileupload-progress'),
extendedProgressNode = globalProgressNode.find('.progress-extended');
if (extendedProgressNode.length) {
extendedProgressNode.html(
(
$this.data('blueimp-fileupload') || $this.data('fileupload')
)._renderExtendedProgress(data)
);
}
globalProgressNode
.find('.progress')
.attr('aria-valuenow', progress)
.children()
.first()
.css('width', progress + '%');
},
// Callback for uploads start, equivalent to the global ajaxStart event:
start: function (e) {
if (e.isDefaultPrevented()) {
return false;
}
var that =
$(this).data('blueimp-fileupload') || $(this).data('fileupload');
that._resetFinishedDeferreds();
that
._transition($(this).find('.fileupload-progress'))
.done(function () {
that._trigger('started', e);
});
},
// Callback for uploads stop, equivalent to the global ajaxStop event:
stop: function (e) {
if (e.isDefaultPrevented()) {
return false;
}
var that =
$(this).data('blueimp-fileupload') || $(this).data('fileupload'),
deferred = that._addFinishedDeferreds();
$.when.apply($, that._getFinishedDeferreds()).done(function () {
that._trigger('stopped', e);
});
that
._transition($(this).find('.fileupload-progress'))
.done(function () {
$(this)
.find('.progress')
.attr('aria-valuenow', '0')
.children()
.first()
.css('width', '0%');
$(this).find('.progress-extended').html('&nbsp;');
deferred.resolve();
});
},
processstart: function (e) {
if (e.isDefaultPrevented()) {
return false;
}
$(this).addClass('fileupload-processing');
},
processstop: function (e) {
if (e.isDefaultPrevented()) {
return false;
}
$(this).removeClass('fileupload-processing');
},
// Callback for file deletion:
destroy: function (e, data) {
if (e.isDefaultPrevented()) {
return false;
}
var that =
$(this).data('blueimp-fileupload') || $(this).data('fileupload'),
removeNode = function () {
that._transition(data.context).done(function () {
$(this).remove();
that._trigger('destroyed', e, data);
});
};
if (data.url) {
data.dataType = data.dataType || that.options.dataType;
$.ajax(data)
.done(removeNode)
.fail(function () {
that._trigger('destroyfailed', e, data);
});
} else {
removeNode();
}
}
},
_resetFinishedDeferreds: function () {
this._finishedUploads = [];
},
_addFinishedDeferreds: function (deferred) {
// eslint-disable-next-line new-cap
var promise = deferred || $.Deferred();
this._finishedUploads.push(promise);
return promise;
},
_getFinishedDeferreds: function () {
return this._finishedUploads;
},
// Link handler, that allows to download files
// by drag & drop of the links to the desktop:
_enableDragToDesktop: function () {
var link = $(this),
url = link.prop('href'),
name = link.prop('download'),
type = 'application/octet-stream';
link.on('dragstart', function (e) {
try {
e.originalEvent.dataTransfer.setData(
'DownloadURL',
[type, name, url].join(':')
);
} catch (ignore) {
// Ignore exceptions
}
});
},
_formatFileSize: function (bytes) {
if (typeof bytes !== 'number') {
return '';
}
if (bytes >= 1000000000) {
return (bytes / 1000000000).toFixed(2) + ' GB';
}
if (bytes >= 1000000) {
return (bytes / 1000000).toFixed(2) + ' MB';
}
return (bytes / 1000).toFixed(2) + ' KB';
},
_formatBitrate: function (bits) {
if (typeof bits !== 'number') {
return '';
}
if (bits >= 1000000000) {
return (bits / 1000000000).toFixed(2) + ' Gbit/s';
}
if (bits >= 1000000) {
return (bits / 1000000).toFixed(2) + ' Mbit/s';
}
if (bits >= 1000) {
return (bits / 1000).toFixed(2) + ' kbit/s';
}
return bits.toFixed(2) + ' bit/s';
},
_formatTime: function (seconds) {
var date = new Date(seconds * 1000),
days = Math.floor(seconds / 86400);
days = days ? days + 'd ' : '';
return (
days +
('0' + date.getUTCHours()).slice(-2) +
':' +
('0' + date.getUTCMinutes()).slice(-2) +
':' +
('0' + date.getUTCSeconds()).slice(-2)
);
},
_formatPercentage: function (floatValue) {
return (floatValue * 100).toFixed(2) + ' %';
},
_renderExtendedProgress: function (data) {
return (
this._formatBitrate(data.bitrate) +
' | ' +
this._formatTime(((data.total - data.loaded) * 8) / data.bitrate) +
' | ' +
this._formatPercentage(data.loaded / data.total) +
' | ' +
this._formatFileSize(data.loaded) +
' / ' +
this._formatFileSize(data.total)
);
},
_renderTemplate: function (func, files) {
if (!func) {
return $();
}
var result = func({
files: files,
formatFileSize: this._formatFileSize,
options: this.options
});
if (result instanceof $) {
return result;
}
return $(this.options.templatesContainer).html(result).children();
},
_renderPreviews: function (data) {
data.context.find('.preview').each(function (index, elm) {
$(elm).empty().append(data.files[index].preview);
});
},
_renderUpload: function (files) {
return this._renderTemplate(this.options.uploadTemplate, files);
},
_renderDownload: function (files) {
return this._renderTemplate(this.options.downloadTemplate, files)
.find('a[download]')
.each(this._enableDragToDesktop)
.end();
},
_editHandler: function (e) {
e.preventDefault();
if (!this.options.edit) return;
var that = this,
button = $(e.currentTarget),
template = button.closest('.template-upload'),
data = template.data('data'),
index = button.data().index;
this.options.edit(data.files[index]).then(function (file) {
if (!file) return;
data.files[index] = file;
data.context.addClass('processing');
template.find('.edit,.start').prop('disabled', true);
$(that.element)
.fileupload('process', data)
.always(function () {
template
.find('.size')
.text(that._formatFileSize(data.files[index].size));
data.context.removeClass('processing');
that._renderPreviews(data);
})
.done(function () {
template.find('.edit,.start').prop('disabled', false);
})
.fail(function () {
template.find('.edit').prop('disabled', false);
var error = data.files[index].error;
if (error) {
template.find('.error').text(error);
}
});
});
},
_startHandler: function (e) {
e.preventDefault();
var button = $(e.currentTarget),
template = button.closest('.template-upload'),
data = template.data('data');
button.prop('disabled', true);
if (data && data.submit) {
data.submit();
}
},
_cancelHandler: function (e) {
e.preventDefault();
var template = $(e.currentTarget).closest(
'.template-upload,.template-download'
),
data = template.data('data') || {};
data.context = data.context || template;
if (data.abort) {
data.abort();
} else {
data.errorThrown = 'abort';
this._trigger('fail', e, data);
}
},
_deleteHandler: function (e) {
e.preventDefault();
var button = $(e.currentTarget);
this._trigger(
'destroy',
e,
$.extend(
{
context: button.closest('.template-download'),
type: 'DELETE'
},
button.data()
)
);
},
_forceReflow: function (node) {
return $.support.transition && node.length && node[0].offsetWidth;
},
_transition: function (node) {
// eslint-disable-next-line new-cap
var dfd = $.Deferred();
if (
$.support.transition &&
node.hasClass('fade') &&
node.is(':visible')
) {
var transitionEndHandler = function (e) {
// Make sure we don't respond to other transition events
// in the container element, e.g. from button elements:
if (e.target === node[0]) {
node.off($.support.transition.end, transitionEndHandler);
dfd.resolveWith(node);
}
};
node
.on($.support.transition.end, transitionEndHandler)
.toggleClass(this.options.showElementClass);
} else {
node.toggleClass(this.options.showElementClass);
dfd.resolveWith(node);
}
return dfd;
},
_initButtonBarEventHandlers: function () {
var fileUploadButtonBar = this.element.find('.fileupload-buttonbar'),
filesList = this.options.filesContainer;
this._on(fileUploadButtonBar.find('.start'), {
click: function (e) {
e.preventDefault();
filesList.find('.start').trigger('click');
}
});
this._on(fileUploadButtonBar.find('.cancel'), {
click: function (e) {
e.preventDefault();
filesList.find('.cancel').trigger('click');
}
});
this._on(fileUploadButtonBar.find('.delete'), {
click: function (e) {
e.preventDefault();
filesList
.find('.toggle:checked')
.closest('.template-download')
.find('.delete')
.trigger('click');
fileUploadButtonBar.find('.toggle').prop('checked', false);
}
});
this._on(fileUploadButtonBar.find('.toggle'), {
change: function (e) {
filesList
.find('.toggle')
.prop('checked', $(e.currentTarget).is(':checked'));
}
});
},
_destroyButtonBarEventHandlers: function () {
this._off(
this.element
.find('.fileupload-buttonbar')
.find('.start, .cancel, .delete'),
'click'
);
this._off(this.element.find('.fileupload-buttonbar .toggle'), 'change.');
},
_initEventHandlers: function () {
this._super();
this._on(this.options.filesContainer, {
'click .edit': this._editHandler,
'click .start': this._startHandler,
'click .cancel': this._cancelHandler,
'click .delete': this._deleteHandler
});
this._initButtonBarEventHandlers();
},
_destroyEventHandlers: function () {
this._destroyButtonBarEventHandlers();
this._off(this.options.filesContainer, 'click');
this._super();
},
_enableFileInputButton: function () {
this.element
.find('.fileinput-button input')
.prop('disabled', false)
.parent()
.removeClass('disabled');
},
_disableFileInputButton: function () {
this.element
.find('.fileinput-button input')
.prop('disabled', true)
.parent()
.addClass('disabled');
},
_initTemplates: function () {
var options = this.options;
options.templatesContainer = this.document[0].createElement(
options.filesContainer.prop('nodeName')
);
if (tmpl) {
if (options.uploadTemplateId) {
options.uploadTemplate = tmpl(options.uploadTemplateId);
}
if (options.downloadTemplateId) {
options.downloadTemplate = tmpl(options.downloadTemplateId);
}
}
},
_initFilesContainer: function () {
var options = this.options;
if (options.filesContainer === undefined) {
options.filesContainer = this.element.find('.files');
} else if (!(options.filesContainer instanceof $)) {
options.filesContainer = $(options.filesContainer);
}
},
_initSpecialOptions: function () {
this._super();
this._initFilesContainer();
this._initTemplates();
},
_create: function () {
this._super();
this._resetFinishedDeferreds();
if (!$.support.fileInput) {
this._disableFileInputButton();
}
},
enable: function () {
var wasDisabled = false;
if (this.options.disabled) {
wasDisabled = true;
}
this._super();
if (wasDisabled) {
this.element.find('input, button').prop('disabled', false);
this._enableFileInputButton();
}
},
disable: function () {
if (!this.options.disabled) {
this.element.find('input, button').prop('disabled', true);
this._disableFileInputButton();
}
this._super();
}
});
});

119
vendor/blueimp/jquery-file-upload/js/jquery.fileupload-validate.js vendored
View file

@ -1,119 +0,0 @@
/*
* jQuery File Upload Validation Plugin
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2013, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
* https://opensource.org/licenses/MIT
*/
/* global define, require */
(function (factory) {
'use strict';
if (typeof define === 'function' && define.amd) {
// Register as an anonymous AMD module:
define(['jquery', './jquery.fileupload-process'], factory);
} else if (typeof exports === 'object') {
// Node/CommonJS:
factory(require('jquery'), require('./jquery.fileupload-process'));
} else {
// Browser globals:
factory(window.jQuery);
}
})(function ($) {
'use strict';
// Append to the default processQueue:
$.blueimp.fileupload.prototype.options.processQueue.push({
action: 'validate',
// Always trigger this action,
// even if the previous action was rejected:
always: true,
// Options taken from the global options map:
acceptFileTypes: '@',
maxFileSize: '@',
minFileSize: '@',
maxNumberOfFiles: '@',
disabled: '@disableValidation'
});
// The File Upload Validation plugin extends the fileupload widget
// with file validation functionality:
$.widget('blueimp.fileupload', $.blueimp.fileupload, {
options: {
/*
// The regular expression for allowed file types, matches
// against either file type or file name:
acceptFileTypes: /(\.|\/)(gif|jpe?g|png)$/i,
// The maximum allowed file size in bytes:
maxFileSize: 10000000, // 10 MB
// The minimum allowed file size in bytes:
minFileSize: undefined, // No minimal file size
// The limit of files to be uploaded:
maxNumberOfFiles: 10,
*/
// Function returning the current number of files,
// has to be overridden for maxNumberOfFiles validation:
getNumberOfFiles: $.noop,
// Error and info messages:
messages: {
maxNumberOfFiles: 'Maximum number of files exceeded',
acceptFileTypes: 'File type not allowed',
maxFileSize: 'File is too large',
minFileSize: 'File is too small'
}
},
processActions: {
validate: function (data, options) {
if (options.disabled) {
return data;
}
// eslint-disable-next-line new-cap
var dfd = $.Deferred(),
settings = this.options,
file = data.files[data.index],
fileSize;
if (options.minFileSize || options.maxFileSize) {
fileSize = file.size;
}
if (
$.type(options.maxNumberOfFiles) === 'number' &&
(settings.getNumberOfFiles() || 0) + data.files.length >
options.maxNumberOfFiles
) {
file.error = settings.i18n('maxNumberOfFiles');
} else if (
options.acceptFileTypes &&
!(
options.acceptFileTypes.test(file.type) ||
options.acceptFileTypes.test(file.name)
)
) {
file.error = settings.i18n('acceptFileTypes');
} else if (fileSize > options.maxFileSize) {
file.error = settings.i18n('maxFileSize');
} else if (
$.type(fileSize) === 'number' &&
fileSize < options.minFileSize
) {
file.error = settings.i18n('minFileSize');
} else {
delete file.error;
}
if (file.error || data.files.error) {
data.files.error = true;
dfd.rejectWith(this, [data]);
} else {
dfd.resolveWith(this, [data]);
}
return dfd.promise();
}
}
});
});

101
vendor/blueimp/jquery-file-upload/js/jquery.fileupload-video.js vendored
View file

@ -1,101 +0,0 @@
/*
* jQuery File Upload Video Preview Plugin
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2013, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
* https://opensource.org/licenses/MIT
*/
/* global define, require */
(function (factory) {
'use strict';
if (typeof define === 'function' && define.amd) {
// Register as an anonymous AMD module:
define(['jquery', 'load-image', './jquery.fileupload-process'], factory);
} else if (typeof exports === 'object') {
// Node/CommonJS:
factory(
require('jquery'),
require('blueimp-load-image/js/load-image'),
require('./jquery.fileupload-process')
);
} else {
// Browser globals:
factory(window.jQuery, window.loadImage);
}
})(function ($, loadImage) {
'use strict';
// Prepend to the default processQueue:
$.blueimp.fileupload.prototype.options.processQueue.unshift(
{
action: 'loadVideo',
// Use the action as prefix for the "@" options:
prefix: true,
fileTypes: '@',
maxFileSize: '@',
disabled: '@disableVideoPreview'
},
{
action: 'setVideo',
name: '@videoPreviewName',
disabled: '@disableVideoPreview'
}
);
// The File Upload Video Preview plugin extends the fileupload widget
// with video preview functionality:
$.widget('blueimp.fileupload', $.blueimp.fileupload, {
options: {
// The regular expression for the types of video files to load,
// matched against the file type:
loadVideoFileTypes: /^video\/.*$/
},
_videoElement: document.createElement('video'),
processActions: {
// Loads the video file given via data.files and data.index
// as video element if the browser supports playing it.
// Accepts the options fileTypes (regular expression)
// and maxFileSize (integer) to limit the files to load:
loadVideo: function (data, options) {
if (options.disabled) {
return data;
}
var file = data.files[data.index],
url,
video;
if (
this._videoElement.canPlayType &&
this._videoElement.canPlayType(file.type) &&
($.type(options.maxFileSize) !== 'number' ||
file.size <= options.maxFileSize) &&
(!options.fileTypes || options.fileTypes.test(file.type))
) {
url = loadImage.createObjectURL(file);
if (url) {
video = this._videoElement.cloneNode(false);
video.src = url;
video.controls = true;
data.video = video;
return data;
}
}
return data;
},
// Sets the video element as a property of the file object:
setVideo: function (data, options) {
if (data.video && !options.disabled) {
data.files[data.index][options.name || 'preview'] = data.video;
}
return data;
}
}
});
});

1604
vendor/blueimp/jquery-file-upload/js/jquery.fileupload.js vendored
View file

File diff suppressed because it is too large Load diff

227
vendor/blueimp/jquery-file-upload/js/jquery.iframe-transport.js vendored
View file

@ -1,227 +0,0 @@
/*
* jQuery Iframe Transport Plugin
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2011, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
* https://opensource.org/licenses/MIT
*/
/* global define, require */
(function (factory) {
'use strict';
if (typeof define === 'function' && define.amd) {
// Register as an anonymous AMD module:
define(['jquery'], factory);
} else if (typeof exports === 'object') {
// Node/CommonJS:
factory(require('jquery'));
} else {
// Browser globals:
factory(window.jQuery);
}
})(function ($) {
'use strict';
// Helper variable to create unique names for the transport iframes:
var counter = 0,
jsonAPI = $,
jsonParse = 'parseJSON';
if ('JSON' in window && 'parse' in JSON) {
jsonAPI = JSON;
jsonParse = 'parse';
}
// The iframe transport accepts four additional options:
// options.fileInput: a jQuery collection of file input fields
// options.paramName: the parameter name for the file form data,
// overrides the name property of the file input field(s),
// can be a string or an array of strings.
// options.formData: an array of objects with name and value properties,
// equivalent to the return data of .serializeArray(), e.g.:
// [{name: 'a', value: 1}, {name: 'b', value: 2}]
// options.initialIframeSrc: the URL of the initial iframe src,
// by default set to "javascript:false;"
$.ajaxTransport('iframe', function (options) {
if (options.async) {
// javascript:false as initial iframe src
// prevents warning popups on HTTPS in IE6:
// eslint-disable-next-line no-script-url
var initialIframeSrc = options.initialIframeSrc || 'javascript:false;',
form,
iframe,
addParamChar;
return {
send: function (_, completeCallback) {
form = $('<form style="display:none;"></form>');
form.attr('accept-charset', options.formAcceptCharset);
addParamChar = /\?/.test(options.url) ? '&' : '?';
// XDomainRequest only supports GET and POST:
if (options.type === 'DELETE') {
options.url = options.url + addParamChar + '_method=DELETE';
options.type = 'POST';
} else if (options.type === 'PUT') {
options.url = options.url + addParamChar + '_method=PUT';
options.type = 'POST';
} else if (options.type === 'PATCH') {
options.url = options.url + addParamChar + '_method=PATCH';
options.type = 'POST';
}
// IE versions below IE8 cannot set the name property of
// elements that have already been added to the DOM,
// so we set the name along with the iframe HTML markup:
counter += 1;
iframe = $(
'<iframe src="' +
initialIframeSrc +
'" name="iframe-transport-' +
counter +
'"></iframe>'
).on('load', function () {
var fileInputClones,
paramNames = $.isArray(options.paramName)
? options.paramName
: [options.paramName];
iframe.off('load').on('load', function () {
var response;
// Wrap in a try/catch block to catch exceptions thrown
// when trying to access cross-domain iframe contents:
try {
response = iframe.contents();
// Google Chrome and Firefox do not throw an
// exception when calling iframe.contents() on
// cross-domain requests, so we unify the response:
if (!response.length || !response[0].firstChild) {
throw new Error();
}
} catch (e) {
response = undefined;
}
// The complete callback returns the
// iframe content document as response object:
completeCallback(200, 'success', { iframe: response });
// Fix for IE endless progress bar activity bug
// (happens on form submits to iframe targets):
$('<iframe src="' + initialIframeSrc + '"></iframe>').appendTo(
form
);
window.setTimeout(function () {
// Removing the form in a setTimeout call
// allows Chrome's developer tools to display
// the response result
form.remove();
}, 0);
});
form
.prop('target', iframe.prop('name'))
.prop('action', options.url)
.prop('method', options.type);
if (options.formData) {
$.each(options.formData, function (index, field) {
$('<input type="hidden"/>')
.prop('name', field.name)
.val(field.value)
.appendTo(form);
});
}
if (
options.fileInput &&
options.fileInput.length &&
options.type === 'POST'
) {
fileInputClones = options.fileInput.clone();
// Insert a clone for each file input field:
options.fileInput.after(function (index) {
return fileInputClones[index];
});
if (options.paramName) {
options.fileInput.each(function (index) {
$(this).prop('name', paramNames[index] || options.paramName);
});
}
// Appending the file input fields to the hidden form
// removes them from their original location:
form
.append(options.fileInput)
.prop('enctype', 'multipart/form-data')
// enctype must be set as encoding for IE:
.prop('encoding', 'multipart/form-data');
// Remove the HTML5 form attribute from the input(s):
options.fileInput.removeAttr('form');
}
window.setTimeout(function () {
// Submitting the form in a setTimeout call fixes an issue with
// Safari 13 not triggering the iframe load event after resetting
// the load event handler, see also:
// https://github.com/blueimp/jQuery-File-Upload/issues/3633
form.submit();
// Insert the file input fields at their original location
// by replacing the clones with the originals:
if (fileInputClones && fileInputClones.length) {
options.fileInput.each(function (index, input) {
var clone = $(fileInputClones[index]);
// Restore the original name and form properties:
$(input)
.prop('name', clone.prop('name'))
.attr('form', clone.attr('form'));
clone.replaceWith(input);
});
}
}, 0);
});
form.append(iframe).appendTo(document.body);
},
abort: function () {
if (iframe) {
// javascript:false as iframe src aborts the request
// and prevents warning popups on HTTPS in IE6.
iframe.off('load').prop('src', initialIframeSrc);
}
if (form) {
form.remove();
}
}
};
}
});
// The iframe transport returns the iframe content document as response.
// The following adds converters from iframe to text, json, html, xml
// and script.
// Please note that the Content-Type for JSON responses has to be text/plain
// or text/html, if the browser doesn't include application/json in the
// Accept header, else IE will show a download dialog.
// The Content-Type for XML responses on the other hand has to be always
// application/xml or text/xml, so IE properly parses the XML response.
// See also
// https://github.com/blueimp/jQuery-File-Upload/wiki/Setup#content-type-negotiation
$.ajaxSetup({
converters: {
'iframe text': function (iframe) {
return iframe && $(iframe[0].body).text();
},
'iframe json': function (iframe) {
return iframe && jsonAPI[jsonParse]($(iframe[0].body).text());
},
'iframe html': function (iframe) {
return iframe && $(iframe[0].body).html();
},
'iframe xml': function (iframe) {
var xmlDoc = iframe && iframe[0];
return xmlDoc && $.isXMLDoc(xmlDoc)
? xmlDoc
: $.parseXML(
(xmlDoc.XMLDocument && xmlDoc.XMLDocument.xml) ||
$(xmlDoc.body).html()
);
},
'iframe script': function (iframe) {
return iframe && $.globalEval($(iframe[0].body).text());
}
}
});
});

805
vendor/blueimp/jquery-file-upload/js/vendor/jquery.ui.widget.js vendored
View file

@ -1,805 +0,0 @@
/*! jQuery UI - v1.12.1+0b7246b6eeadfa9e2696e22f3230f6452f8129dc - 2020-02-20
* http://jqueryui.com
* Includes: widget.js
* Copyright jQuery Foundation and other contributors; Licensed MIT */
/* global define, require */
/* eslint-disable no-param-reassign, new-cap, jsdoc/require-jsdoc */
(function (factory) {
'use strict';
if (typeof define === 'function' && define.amd) {
// AMD. Register as an anonymous module.
define(['jquery'], factory);
} else if (typeof exports === 'object') {
// Node/CommonJS
factory(require('jquery'));
} else {
// Browser globals
factory(window.jQuery);
}
})(function ($) {
('use strict');
$.ui = $.ui || {};
$.ui.version = '1.12.1';
/*!
* jQuery UI Widget 1.12.1
* http://jqueryui.com
*
* Copyright jQuery Foundation and other contributors
* Released under the MIT license.
* http://jquery.org/license
*/
//>>label: Widget
//>>group: Core
//>>description: Provides a factory for creating stateful widgets with a common API.
//>>docs: http://api.jqueryui.com/jQuery.widget/
//>>demos: http://jqueryui.com/widget/
// Support: jQuery 1.9.x or older
// $.expr[ ":" ] is deprecated.
if (!$.expr.pseudos) {
$.expr.pseudos = $.expr[':'];
}
// Support: jQuery 1.11.x or older
// $.unique has been renamed to $.uniqueSort
if (!$.uniqueSort) {
$.uniqueSort = $.unique;
}
var widgetUuid = 0;
var widgetHasOwnProperty = Array.prototype.hasOwnProperty;
var widgetSlice = Array.prototype.slice;
$.cleanData = (function (orig) {
return function (elems) {
var events, elem, i;
// eslint-disable-next-line eqeqeq
for (i = 0; (elem = elems[i]) != null; i++) {
// Only trigger remove when necessary to save time
events = $._data(elem, 'events');
if (events && events.remove) {
$(elem).triggerHandler('remove');
}
}
orig(elems);
};
})($.cleanData);
$.widget = function (name, base, prototype) {
var existingConstructor, constructor, basePrototype;
// ProxiedPrototype allows the provided prototype to remain unmodified
// so that it can be used as a mixin for multiple widgets (#8876)
var proxiedPrototype = {};
var namespace = name.split('.')[0];
name = name.split('.')[1];
var fullName = namespace + '-' + name;
if (!prototype) {
prototype = base;
base = $.Widget;
}
if ($.isArray(prototype)) {
prototype = $.extend.apply(null, [{}].concat(prototype));
}
// Create selector for plugin
$.expr.pseudos[fullName.toLowerCase()] = function (elem) {
return !!$.data(elem, fullName);
};
$[namespace] = $[namespace] || {};
existingConstructor = $[namespace][name];
constructor = $[namespace][name] = function (options, element) {
// Allow instantiation without "new" keyword
if (!this._createWidget) {
return new constructor(options, element);
}
// Allow instantiation without initializing for simple inheritance
// must use "new" keyword (the code above always passes args)
if (arguments.length) {
this._createWidget(options, element);
}
};
// Extend with the existing constructor to carry over any static properties
$.extend(constructor, existingConstructor, {
version: prototype.version,
// Copy the object used to create the prototype in case we need to
// redefine the widget later
_proto: $.extend({}, prototype),
// Track widgets that inherit from this widget in case this widget is
// redefined after a widget inherits from it
_childConstructors: []
});
basePrototype = new base();
// We need to make the options hash a property directly on the new instance
// otherwise we'll modify the options hash on the prototype that we're
// inheriting from
basePrototype.options = $.widget.extend({}, basePrototype.options);
$.each(prototype, function (prop, value) {
if (!$.isFunction(value)) {
proxiedPrototype[prop] = value;
return;
}
proxiedPrototype[prop] = (function () {
function _super() {
return base.prototype[prop].apply(this, arguments);
}
function _superApply(args) {
return base.prototype[prop].apply(this, args);
}
return function () {
var __super = this._super;
var __superApply = this._superApply;
var returnValue;
this._super = _super;
this._superApply = _superApply;
returnValue = value.apply(this, arguments);
this._super = __super;
this._superApply = __superApply;
return returnValue;
};
})();
});
constructor.prototype = $.widget.extend(
basePrototype,
{
// TODO: remove support for widgetEventPrefix
// always use the name + a colon as the prefix, e.g., draggable:start
// don't prefix for widgets that aren't DOM-based
widgetEventPrefix: existingConstructor
? basePrototype.widgetEventPrefix || name
: name
},
proxiedPrototype,
{
constructor: constructor,
namespace: namespace,
widgetName: name,
widgetFullName: fullName
}
);
// If this widget is being redefined then we need to find all widgets that
// are inheriting from it and redefine all of them so that they inherit from
// the new version of this widget. We're essentially trying to replace one
// level in the prototype chain.
if (existingConstructor) {
$.each(existingConstructor._childConstructors, function (i, child) {
var childPrototype = child.prototype;
// Redefine the child widget using the same prototype that was
// originally used, but inherit from the new version of the base
$.widget(
childPrototype.namespace + '.' + childPrototype.widgetName,
constructor,
child._proto
);
});
// Remove the list of existing child constructors from the old constructor
// so the old child constructors can be garbage collected
delete existingConstructor._childConstructors;
} else {
base._childConstructors.push(constructor);
}
$.widget.bridge(name, constructor);
return constructor;
};
$.widget.extend = function (target) {
var input = widgetSlice.call(arguments, 1);
var inputIndex = 0;
var inputLength = input.length;
var key;
var value;
for (; inputIndex < inputLength; inputIndex++) {
for (key in input[inputIndex]) {
value = input[inputIndex][key];
if (
widgetHasOwnProperty.call(input[inputIndex], key) &&
value !== undefined
) {
// Clone objects
if ($.isPlainObject(value)) {
target[key] = $.isPlainObject(target[key])
? $.widget.extend({}, target[key], value)
: // Don't extend strings, arrays, etc. with objects
$.widget.extend({}, value);
// Copy everything else by reference
} else {
target[key] = value;
}
}
}
}
return target;
};
$.widget.bridge = function (name, object) {
var fullName = object.prototype.widgetFullName || name;
$.fn[name] = function (options) {
var isMethodCall = typeof options === 'string';
var args = widgetSlice.call(arguments, 1);
var returnValue = this;
if (isMethodCall) {
// If this is an empty collection, we need to have the instance method
// return undefined instead of the jQuery instance
if (!this.length && options === 'instance') {
returnValue = undefined;
} else {
this.each(function () {
var methodValue;
var instance = $.data(this, fullName);
if (options === 'instance') {
returnValue = instance;
return false;
}
if (!instance) {
return $.error(
'cannot call methods on ' +
name +
' prior to initialization; ' +
"attempted to call method '" +
options +
"'"
);
}
if (!$.isFunction(instance[options]) || options.charAt(0) === '_') {
return $.error(
"no such method '" +
options +
"' for " +
name +
' widget instance'
);
}
methodValue = instance[options].apply(instance, args);
if (methodValue !== instance && methodValue !== undefined) {
returnValue =
methodValue && methodValue.jquery
? returnValue.pushStack(methodValue.get())
: methodValue;
return false;
}
});
}
} else {
// Allow multiple hashes to be passed on init
if (args.length) {
options = $.widget.extend.apply(null, [options].concat(args));
}
this.each(function () {
var instance = $.data(this, fullName);
if (instance) {
instance.option(options || {});
if (instance._init) {
instance._init();
}
} else {
$.data(this, fullName, new object(options, this));
}
});
}
return returnValue;
};
};
$.Widget = function (/* options, element */) {};
$.Widget._childConstructors = [];
$.Widget.prototype = {
widgetName: 'widget',
widgetEventPrefix: '',
defaultElement: '<div>',
options: {
classes: {},
disabled: false,
// Callbacks
create: null
},
_createWidget: function (options, element) {
element = $(element || this.defaultElement || this)[0];
this.element = $(element);
this.uuid = widgetUuid++;
this.eventNamespace = '.' + this.widgetName + this.uuid;
this.bindings = $();
this.hoverable = $();
this.focusable = $();
this.classesElementLookup = {};
if (element !== this) {
$.data(element, this.widgetFullName, this);
this._on(true, this.element, {
remove: function (event) {
if (event.target === element) {
this.destroy();
}
}
});
this.document = $(
element.style
? // Element within the document
element.ownerDocument
: // Element is window or document
element.document || element
);
this.window = $(
this.document[0].defaultView || this.document[0].parentWindow
);
}
this.options = $.widget.extend(
{},
this.options,
this._getCreateOptions(),
options
);
this._create();
if (this.options.disabled) {
this._setOptionDisabled(this.options.disabled);
}
this._trigger('create', null, this._getCreateEventData());
this._init();
},
_getCreateOptions: function () {
return {};
},
_getCreateEventData: $.noop,
_create: $.noop,
_init: $.noop,
destroy: function () {
var that = this;
this._destroy();
$.each(this.classesElementLookup, function (key, value) {
that._removeClass(value, key);
});
// We can probably remove the unbind calls in 2.0
// all event bindings should go through this._on()
this.element.off(this.eventNamespace).removeData(this.widgetFullName);
this.widget().off(this.eventNamespace).removeAttr('aria-disabled');
// Clean up events and states
this.bindings.off(this.eventNamespace);
},
_destroy: $.noop,
widget: function () {
return this.element;
},
option: function (key, value) {
var options = key;
var parts;
var curOption;
var i;
if (arguments.length === 0) {
// Don't return a reference to the internal hash
return $.widget.extend({}, this.options);
}
if (typeof key === 'string') {
// Handle nested keys, e.g., "foo.bar" => { foo: { bar: ___ } }
options = {};
parts = key.split('.');
key = parts.shift();
if (parts.length) {
curOption = options[key] = $.widget.extend({}, this.options[key]);
for (i = 0; i < parts.length - 1; i++) {
curOption[parts[i]] = curOption[parts[i]] || {};
curOption = curOption[parts[i]];
}
key = parts.pop();
if (arguments.length === 1) {
return curOption[key] === undefined ? null : curOption[key];
}
curOption[key] = value;
} else {
if (arguments.length === 1) {
return this.options[key] === undefined ? null : this.options[key];
}
options[key] = value;
}
}
this._setOptions(options);
return this;
},
_setOptions: function (options) {
var key;
for (key in options) {
this._setOption(key, options[key]);
}
return this;
},
_setOption: function (key, value) {
if (key === 'classes') {
this._setOptionClasses(value);
}
this.options[key] = value;
if (key === 'disabled') {
this._setOptionDisabled(value);
}
return this;
},
_setOptionClasses: function (value) {
var classKey, elements, currentElements;
for (classKey in value) {
currentElements = this.classesElementLookup[classKey];
if (
value[classKey] === this.options.classes[classKey] ||
!currentElements ||
!currentElements.length
) {
continue;
}
// We are doing this to create a new jQuery object because the _removeClass() call
// on the next line is going to destroy the reference to the current elements being
// tracked. We need to save a copy of this collection so that we can add the new classes
// below.
elements = $(currentElements.get());
this._removeClass(currentElements, classKey);
// We don't use _addClass() here, because that uses this.options.classes
// for generating the string of classes. We want to use the value passed in from
// _setOption(), this is the new value of the classes option which was passed to
// _setOption(). We pass this value directly to _classes().
elements.addClass(
this._classes({
element: elements,
keys: classKey,
classes: value,
add: true
})
);
}
},
_setOptionDisabled: function (value) {
this._toggleClass(
this.widget(),
this.widgetFullName + '-disabled',
null,
!!value
);
// If the widget is becoming disabled, then nothing is interactive
if (value) {
this._removeClass(this.hoverable, null, 'ui-state-hover');
this._removeClass(this.focusable, null, 'ui-state-focus');
}
},
enable: function () {
return this._setOptions({ disabled: false });
},
disable: function () {
return this._setOptions({ disabled: true });
},
_classes: function (options) {
var full = [];
var that = this;
options = $.extend(
{
element: this.element,
classes: this.options.classes || {}
},
options
);
function bindRemoveEvent() {
options.element.each(function (_, element) {
var isTracked = $.map(that.classesElementLookup, function (elements) {
return elements;
}).some(function (elements) {
return elements.is(element);
});
if (!isTracked) {
that._on($(element), {
remove: '_untrackClassesElement'
});
}
});
}
function processClassString(classes, checkOption) {
var current, i;
for (i = 0; i < classes.length; i++) {
current = that.classesElementLookup[classes[i]] || $();
if (options.add) {
bindRemoveEvent();
current = $(
$.uniqueSort(current.get().concat(options.element.get()))
);
} else {
current = $(current.not(options.element).get());
}
that.classesElementLookup[classes[i]] = current;
full.push(classes[i]);
if (checkOption && options.classes[classes[i]]) {
full.push(options.classes[classes[i]]);
}
}
}
if (options.keys) {
processClassString(options.keys.match(/\S+/g) || [], true);
}
if (options.extra) {
processClassString(options.extra.match(/\S+/g) || []);
}
return full.join(' ');
},
_untrackClassesElement: function (event) {
var that = this;
$.each(that.classesElementLookup, function (key, value) {
if ($.inArray(event.target, value) !== -1) {
that.classesElementLookup[key] = $(value.not(event.target).get());
}
});
this._off($(event.target));
},
_removeClass: function (element, keys, extra) {
return this._toggleClass(element, keys, extra, false);
},
_addClass: function (element, keys, extra) {
return this._toggleClass(element, keys, extra, true);
},
_toggleClass: function (element, keys, extra, add) {
add = typeof add === 'boolean' ? add : extra;
var shift = typeof element === 'string' || element === null,
options = {
extra: shift ? keys : extra,
keys: shift ? element : keys,
element: shift ? this.element : element,
add: add
};
options.element.toggleClass(this._classes(options), add);
return this;
},
_on: function (suppressDisabledCheck, element, handlers) {
var delegateElement;
var instance = this;
// No suppressDisabledCheck flag, shuffle arguments
if (typeof suppressDisabledCheck !== 'boolean') {
handlers = element;
element = suppressDisabledCheck;
suppressDisabledCheck = false;
}
// No element argument, shuffle and use this.element
if (!handlers) {
handlers = element;
element = this.element;
delegateElement = this.widget();
} else {
element = delegateElement = $(element);
this.bindings = this.bindings.add(element);
}
$.each(handlers, function (event, handler) {
function handlerProxy() {
// Allow widgets to customize the disabled handling
// - disabled as an array instead of boolean
// - disabled class as method for disabling individual parts
if (
!suppressDisabledCheck &&
(instance.options.disabled === true ||
$(this).hasClass('ui-state-disabled'))
) {
return;
}
return (
typeof handler === 'string' ? instance[handler] : handler
).apply(instance, arguments);
}
// Copy the guid so direct unbinding works
if (typeof handler !== 'string') {
handlerProxy.guid = handler.guid =
handler.guid || handlerProxy.guid || $.guid++;
}
var match = event.match(/^([\w:-]*)\s*(.*)$/);
var eventName = match[1] + instance.eventNamespace;
var selector = match[2];
if (selector) {
delegateElement.on(eventName, selector, handlerProxy);
} else {
element.on(eventName, handlerProxy);
}
});
},
_off: function (element, eventName) {
eventName =
(eventName || '').split(' ').join(this.eventNamespace + ' ') +
this.eventNamespace;
element.off(eventName);
// Clear the stack to avoid memory leaks (#10056)
this.bindings = $(this.bindings.not(element).get());
this.focusable = $(this.focusable.not(element).get());
this.hoverable = $(this.hoverable.not(element).get());
},
_delay: function (handler, delay) {
var instance = this;
function handlerProxy() {
return (
typeof handler === 'string' ? instance[handler] : handler
).apply(instance, arguments);
}
return setTimeout(handlerProxy, delay || 0);
},
_hoverable: function (element) {
this.hoverable = this.hoverable.add(element);
this._on(element, {
mouseenter: function (event) {
this._addClass($(event.currentTarget), null, 'ui-state-hover');
},
mouseleave: function (event) {
this._removeClass($(event.currentTarget), null, 'ui-state-hover');
}
});
},
_focusable: function (element) {
this.focusable = this.focusable.add(element);
this._on(element, {
focusin: function (event) {
this._addClass($(event.currentTarget), null, 'ui-state-focus');
},
focusout: function (event) {
this._removeClass($(event.currentTarget), null, 'ui-state-focus');
}
});
},
_trigger: function (type, event, data) {
var prop, orig;
var callback = this.options[type];
data = data || {};
event = $.Event(event);
event.type = (
type === this.widgetEventPrefix ? type : this.widgetEventPrefix + type
).toLowerCase();
// The original event may come from any element
// so we need to reset the target on the new event
event.target = this.element[0];
// Copy original event properties over to the new event
orig = event.originalEvent;
if (orig) {
for (prop in orig) {
if (!(prop in event)) {
event[prop] = orig[prop];
}
}
}
this.element.trigger(event, data);
return !(
($.isFunction(callback) &&
callback.apply(this.element[0], [event].concat(data)) === false) ||
event.isDefaultPrevented()
);
}
};
$.each({ show: 'fadeIn', hide: 'fadeOut' }, function (method, defaultEffect) {
$.Widget.prototype['_' + method] = function (element, options, callback) {
if (typeof options === 'string') {
options = { effect: options };
}
var hasOptions;
var effectName = !options
? method
: options === true || typeof options === 'number'
? defaultEffect
: options.effect || defaultEffect;
options = options || {};
if (typeof options === 'number') {
options = { duration: options };
}
hasOptions = !$.isEmptyObject(options);
options.complete = callback;
if (options.delay) {
element.delay(options.delay);
}
if (hasOptions && $.effects && $.effects.effect[effectName]) {
element[method](options);
} else if (effectName !== method && element[effectName]) {
element[effectName](options.duration, options.easing, callback);
} else {
element.queue(function (next) {
$(this)[method]();
if (callback) {
callback.call(element[0]);
}
next();
});
}
};
});
});

6853
vendor/blueimp/jquery-file-upload/package-lock.json generated vendored
View file

File diff suppressed because it is too large Load diff

116
vendor/blueimp/jquery-file-upload/package.json vendored
View file

@ -1,116 +0,0 @@
{
"name": "blueimp-file-upload",
"version": "10.32.0",
"title": "jQuery File Upload",
"description": "File Upload widget with multiple file selection, drag&drop support, progress bar, validation and preview images, audio and video for jQuery. Supports cross-domain, chunked and resumable file uploads. Works with any server-side platform (Google App Engine, PHP, Python, Ruby on Rails, Java, etc.) that supports standard HTML form file uploads.",
"keywords": [
"jquery",
"file",
"upload",
"widget",
"multiple",
"selection",
"drag",
"drop",
"progress",
"preview",
"cross-domain",
"cross-site",
"chunk",
"resume",
"gae",
"go",
"python",
"php",
"bootstrap"
],
"homepage": "https://github.com/blueimp/jQuery-File-Upload",
"author": {
"name": "Sebastian Tschan",
"url": "https://blueimp.net"
},
"repository": {
"type": "git",
"url": "git://github.com/blueimp/jQuery-File-Upload.git"
},
"license": "MIT",
"peerDependencies": {
"jquery": ">=1.7"
},
"optionalDependencies": {
"blueimp-canvas-to-blob": "3",
"blueimp-load-image": "5",
"blueimp-tmpl": "3"
},
"devDependencies": {
"eslint": "7",
"eslint-config-blueimp": "2",
"eslint-config-prettier": "8",
"eslint-plugin-jsdoc": "36",
"eslint-plugin-prettier": "4",
"prettier": "2",
"stylelint": "13",
"stylelint-config-prettier": "8",
"stylelint-config-recommended": "5"
},
"stylelint": {
"extends": [
"stylelint-config-recommended",
"stylelint-config-prettier"
],
"ignoreFiles": [
"css/*.min.css",
"css/vendor/*",
"test/vendor/*"
]
},
"eslintConfig": {
"extends": [
"blueimp",
"plugin:jsdoc/recommended",
"plugin:prettier/recommended"
],
"env": {
"browser": true
}
},
"eslintIgnore": [
"js/*.min.js",
"test/vendor"
],
"prettier": {
"arrowParens": "avoid",
"proseWrap": "always",
"singleQuote": true,
"trailingComma": "none"
},
"scripts": {
"lint": "stylelint '**/*.css' && eslint .",
"unit": "docker-compose run --rm mocha",
"wdio": "docker-compose run --rm wdio",
"test": "npm run lint && npm run unit && npm run wdio && npm run wdio -- conf/firefox.js",
"posttest": "docker-compose down -v",
"preversion": "npm test",
"postversion": "git push --tags origin master && npm publish"
},
"files": [
"css/jquery.fileupload-noscript.css",
"css/jquery.fileupload-ui-noscript.css",
"css/jquery.fileupload-ui.css",
"css/jquery.fileupload.css",
"img/loading.gif",
"img/progressbar.gif",
"js/cors/jquery.postmessage-transport.js",
"js/cors/jquery.xdr-transport.js",
"js/vendor/jquery.ui.widget.js",
"js/jquery.fileupload-audio.js",
"js/jquery.fileupload-image.js",
"js/jquery.fileupload-process.js",
"js/jquery.fileupload-ui.js",
"js/jquery.fileupload-validate.js",
"js/jquery.fileupload-video.js",
"js/jquery.fileupload.js",
"js/jquery.iframe-transport.js"
],
"main": "js/jquery.fileupload.js"
}

18
vendor/blueimp/jquery-file-upload/server/gae-python/app.yaml vendored
View file

@ -1,18 +0,0 @@
runtime: python27
api_version: 1
threadsafe: true
libraries:
- name: PIL
version: latest
handlers:
- url: /(favicon\.ico|robots\.txt)
static_files: static/\1
upload: static/(.*)
expiration: '1d'
- url: /.*
script: main.app
automatic_scaling:
max_instances: 1

204
vendor/blueimp/jquery-file-upload/server/gae-python/main.py vendored
View file

@ -1,204 +0,0 @@
# -*- coding: utf-8 -*-
#
# jQuery File Upload Plugin GAE Python Example
# https://github.com/blueimp/jQuery-File-Upload
#
# Copyright 2011, Sebastian Tschan
# https://blueimp.net
#
# Licensed under the MIT license:
# https://opensource.org/licenses/MIT
#
from google.appengine.api import memcache, images
import json
import os
import re
import urllib
import webapp2
DEBUG=os.environ.get('SERVER_SOFTWARE', '').startswith('Dev')
WEBSITE = 'https://blueimp.github.io/jQuery-File-Upload/'
MIN_FILE_SIZE = 1 # bytes
# Max file size is memcache limit (1MB) minus key size minus overhead:
MAX_FILE_SIZE = 999000 # bytes
IMAGE_TYPES = re.compile('image/(gif|p?jpeg|(x-)?png)')
ACCEPT_FILE_TYPES = IMAGE_TYPES
THUMB_MAX_WIDTH = 80
THUMB_MAX_HEIGHT = 80
THUMB_SUFFIX = '.'+str(THUMB_MAX_WIDTH)+'x'+str(THUMB_MAX_HEIGHT)+'.png'
EXPIRATION_TIME = 300 # seconds
# If set to None, only allow redirects to the referer protocol+host.
# Set to a regexp for custom pattern matching against the redirect value:
REDIRECT_ALLOW_TARGET = None
class CORSHandler(webapp2.RequestHandler):
def cors(self):
headers = self.response.headers
headers['Access-Control-Allow-Origin'] = '*'
headers['Access-Control-Allow-Methods'] =\
'OPTIONS, HEAD, GET, POST, DELETE'
headers['Access-Control-Allow-Headers'] =\
'Content-Type, Content-Range, Content-Disposition'
def initialize(self, request, response):
super(CORSHandler, self).initialize(request, response)
self.cors()
def json_stringify(self, obj):
return json.dumps(obj, separators=(',', ':'))
def options(self, *args, **kwargs):
pass
class UploadHandler(CORSHandler):
def validate(self, file):
if file['size'] < MIN_FILE_SIZE:
file['error'] = 'File is too small'
elif file['size'] > MAX_FILE_SIZE:
file['error'] = 'File is too big'
elif not ACCEPT_FILE_TYPES.match(file['type']):
file['error'] = 'Filetype not allowed'
else:
return True
return False
def validate_redirect(self, redirect):
if redirect:
if REDIRECT_ALLOW_TARGET:
return REDIRECT_ALLOW_TARGET.match(redirect)
referer = self.request.headers['referer']
if referer:
from urlparse import urlparse
parts = urlparse(referer)
redirect_allow_target = '^' + re.escape(
parts.scheme + '://' + parts.netloc + '/'
)
return re.match(redirect_allow_target, redirect)
return False
def get_file_size(self, file):
file.seek(0, 2) # Seek to the end of the file
size = file.tell() # Get the position of EOF
file.seek(0) # Reset the file position to the beginning
return size
def write_blob(self, data, info):
key = urllib.quote(info['type'].encode('utf-8'), '') +\
'/' + str(hash(data)) +\
'/' + urllib.quote(info['name'].encode('utf-8'), '')
try:
memcache.set(key, data, time=EXPIRATION_TIME)
except: #Failed to add to memcache
return (None, None)
thumbnail_key = None
if IMAGE_TYPES.match(info['type']):
try:
img = images.Image(image_data=data)
img.resize(
width=THUMB_MAX_WIDTH,
height=THUMB_MAX_HEIGHT
)
thumbnail_data = img.execute_transforms()
thumbnail_key = key + THUMB_SUFFIX
memcache.set(
thumbnail_key,
thumbnail_data,
time=EXPIRATION_TIME
)
except: #Failed to resize Image or add to memcache
thumbnail_key = None
return (key, thumbnail_key)
def handle_upload(self):
results = []
for name, fieldStorage in self.request.POST.items():
if type(fieldStorage) is unicode:
continue
result = {}
result['name'] = urllib.unquote(fieldStorage.filename)
result['type'] = fieldStorage.type
result['size'] = self.get_file_size(fieldStorage.file)
if self.validate(result):
key, thumbnail_key = self.write_blob(
fieldStorage.value,
result
)
if key is not None:
result['url'] = self.request.host_url + '/' + key
result['deleteUrl'] = result['url']
result['deleteType'] = 'DELETE'
if thumbnail_key is not None:
result['thumbnailUrl'] = self.request.host_url +\
'/' + thumbnail_key
else:
result['error'] = 'Failed to store uploaded file.'
results.append(result)
return results
def head(self):
pass
def get(self):
self.redirect(WEBSITE)
def post(self):
if (self.request.get('_method') == 'DELETE'):
return self.delete()
result = {'files': self.handle_upload()}
s = self.json_stringify(result)
redirect = self.request.get('redirect')
if self.validate_redirect(redirect):
return self.redirect(str(
redirect.replace('%s', urllib.quote(s, ''), 1)
))
if 'application/json' in self.request.headers.get('Accept'):
self.response.headers['Content-Type'] = 'application/json'
self.response.write(s)
class FileHandler(CORSHandler):
def normalize(self, str):
return urllib.quote(urllib.unquote(str), '')
def get(self, content_type, data_hash, file_name):
content_type = self.normalize(content_type)
file_name = self.normalize(file_name)
key = content_type + '/' + data_hash + '/' + file_name
data = memcache.get(key)
if data is None:
return self.error(404)
# Prevent browsers from MIME-sniffing the content-type:
self.response.headers['X-Content-Type-Options'] = 'nosniff'
content_type = urllib.unquote(content_type)
if not IMAGE_TYPES.match(content_type):
# Force a download dialog for non-image types:
content_type = 'application/octet-stream'
elif file_name.endswith(THUMB_SUFFIX):
content_type = 'image/png'
self.response.headers['Content-Type'] = content_type
# Cache for the expiration time:
self.response.headers['Cache-Control'] = 'public,max-age=%d' \
% EXPIRATION_TIME
self.response.write(data)
def delete(self, content_type, data_hash, file_name):
content_type = self.normalize(content_type)
file_name = self.normalize(file_name)
key = content_type + '/' + data_hash + '/' + file_name
result = {key: memcache.delete(key)}
content_type = urllib.unquote(content_type)
if IMAGE_TYPES.match(content_type):
thumbnail_key = key + THUMB_SUFFIX
result[thumbnail_key] = memcache.delete(thumbnail_key)
if 'application/json' in self.request.headers.get('Accept'):
self.response.headers['Content-Type'] = 'application/json'
s = self.json_stringify(result)
self.response.write(s)
app = webapp2.WSGIApplication(
[
('/', UploadHandler),
('/(.+)/([^/]+)/([^/]+)', FileHandler)
],
debug=DEBUG
)

2
vendor/blueimp/jquery-file-upload/server/gae-python/static/robots.txt vendored
View file

@ -1,2 +0,0 @@
User-agent: *
Disallow:

2
vendor/blueimp/jquery-file-upload/server/php/.dockerignore vendored
View file

@ -1,2 +0,0 @@
*
!php.ini

44
vendor/blueimp/jquery-file-upload/server/php/Dockerfile vendored
View file

@ -1,44 +0,0 @@
FROM php:8.0.11-apache
# Enable the Apache Headers module:
RUN ln -s /etc/apache2/mods-available/headers.load \
/etc/apache2/mods-enabled/headers.load
# Enable the Apache Rewrite module:
RUN ln -s /etc/apache2/mods-available/rewrite.load \
/etc/apache2/mods-enabled/rewrite.load
# Install GD, Imagick and ImageMagick as image conversion options:
RUN DEBIAN_FRONTEND=noninteractive \
apt-get update && apt-get install -y --no-install-recommends \
libpng-dev \
libjpeg-dev \
libmagickwand-dev \
imagemagick \
&& pecl install \
imagick \
&& docker-php-ext-enable \
imagick \
&& docker-php-ext-configure \
gd --with-jpeg=/usr/include/ \
&& docker-php-ext-install \
gd \
# Uninstall obsolete packages:
&& apt-get autoremove -y \
libpng-dev \
libjpeg-dev \
libmagickwand-dev \
# Remove obsolete files:
&& apt-get clean \
&& rm -rf \
/tmp/* \
/usr/share/doc/* \
/var/cache/* \
/var/lib/apt/lists/* \
/var/tmp/*
# Use the default development configuration:
RUN mv "$PHP_INI_DIR/php.ini-development" "$PHP_INI_DIR/php.ini"
# Add a custom configuration file:
COPY php.ini "$PHP_INI_DIR/conf.d/"

1480
vendor/blueimp/jquery-file-upload/server/php/UploadHandler.php vendored
View file

File diff suppressed because it is too large Load diff

3
vendor/blueimp/jquery-file-upload/server/php/files/.gitignore vendored
View file

@ -1,3 +0,0 @@
*
!.gitignore
!.htaccess

50
vendor/blueimp/jquery-file-upload/server/php/files/.htaccess vendored
View file

@ -1,50 +0,0 @@
# If you have not done so already, please first read SECURITY.md in the root
# directory of this project or online:
# https://github.com/blueimp/jQuery-File-Upload/blob/master/SECURITY.md
#
# The settings in this file require Apache to support configuration overrides
# in .htaccess files, which is disabled by default since Apache v2.3.9 and needs
# to be enabled for the directives in this file to have any effect, see also:
# https://httpd.apache.org/docs/current/mod/core.html#allowoverride
#
# If you have full control over the web server, it is preferrable to define the
# settings in the Apache configuration (e.g. /etc/apache2/apache2.conf) itself.
#
# Some of the directives require the Apache Headers module. If it is not
# already enabled, please execute the following command and reload Apache:
# sudo a2enmod headers
#
# Please note that the order of directives across configuration files matters,
# see also:
# https://httpd.apache.org/docs/current/sections.html#merging
# The following directive matches all files and forces them to be handled as
# static content, which prevents the server from parsing and executing files
# that are associated with a dynamic runtime, e.g. PHP files.
# It also forces their Content-Type header to "application/octet-stream" and
# adds a "Content-Disposition: attachment" header to force a download dialog,
# which prevents browsers from interpreting files in the context of the
# web server, e.g. HTML files containing JavaScript.
# Lastly it also prevents browsers from MIME-sniffing the Content-Type,
# preventing them from interpreting a file as a different Content-Type than
# the one sent by the webserver.
<FilesMatch ".*">
SetHandler default-handler
ForceType application/octet-stream
Header set Content-Disposition attachment
Header set X-Content-Type-Options nosniff
</FilesMatch>
# The following directive matches known image files and unsets the forced
# Content-Type so they can be served with their original mime type.
# It also unsets the Content-Disposition header to allow displaying them
# inline in the browser.
<FilesMatch ".+\.(?i:(gif|jpe?g|png))$">
ForceType none
Header unset Content-Disposition
</FilesMatch>
# Uncomment the following lines to prevent unauthorized download of files:
#AuthName "Authorization required"
#AuthType Basic
#require valid-user

15
vendor/blueimp/jquery-file-upload/server/php/index.php vendored
View file

@ -1,15 +0,0 @@
<?php
/*
* jQuery File Upload Plugin PHP Example
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2010, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
* https://opensource.org/licenses/MIT
*/
error_reporting(E_ALL | E_STRICT);
require('UploadHandler.php');
$upload_handler = new UploadHandler();

5
vendor/blueimp/jquery-file-upload/server/php/php.ini vendored
View file

@ -1,5 +0,0 @@
max_execution_time = 300
memory_limit = 500M
post_max_size = 4G
upload_max_filesize = 4G
max_file_uploads = 50

49
vendor/blueimp/jquery-file-upload/test/index.html vendored
View file

@ -1,49 +0,0 @@
<!DOCTYPE html>
<!--
/*
* jQuery File Upload Test
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2010, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
* https://opensource.org/licenses/MIT
*/
-->
<html lang="en">
<head>
<meta charset="utf-8" />
<title>jQuery File Upload Test</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link rel="stylesheet" href="vendor/mocha.css" />
</head>
<body>
<div id="mocha"></div>
<script src="vendor/mocha.js"></script>
<script src="vendor/chai.js"></script>
<script>
mocha.setup('bdd');
</script>
<script src="https://blueimp.github.io/JavaScript-Load-Image/js/load-image.all.min.js"></script>
<script src="https://blueimp.github.io/JavaScript-Canvas-to-Blob/js/canvas-to-blob.min.js"></script>
<script
src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"
integrity="sha384-nvAa0+6Qg9clwYCGGPpDQLVpLNn0fRaROjHqs13t4Ggj3Ez50XnGQqc/r8MhnRDZ"
crossorigin="anonymous"
></script>
<script src="../js/vendor/jquery.ui.widget.js"></script>
<script src="../js/jquery.iframe-transport.js"></script>
<script src="../js/jquery.fileupload.js"></script>
<script src="../js/jquery.fileupload-process.js"></script>
<script src="../js/jquery.fileupload-image.js"></script>
<script src="../js/jquery.fileupload-audio.js"></script>
<script src="../js/jquery.fileupload-video.js"></script>
<script src="../js/jquery.fileupload-validate.js"></script>
<script src="unit.js"></script>
<script>
mocha.checkLeaks();
mocha.run();
</script>
</body>
</html>

989
vendor/blueimp/jquery-file-upload/test/unit.js vendored
View file

@ -1,989 +0,0 @@
/*
* jQuery File Upload Test
* https://github.com/blueimp/JavaScript-Load-Image
*
* Copyright 2010, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
* https://opensource.org/licenses/MIT
*/
/* global beforeEach, afterEach, describe, it */
/* eslint-disable new-cap */
(function (expect, $) {
'use strict';
var canCreateBlob = !!window.dataURLtoBlob;
// 80x60px GIF image (color black, base64 data):
var b64DataGIF =
'R0lGODdhUAA8AIABAAAAAP///ywAAAAAUAA8AAACS4SPqcvtD6' +
'OctNqLs968+w+G4kiW5omm6sq27gvH8kzX9o3n+s73/g8MCofE' +
'ovGITCqXzKbzCY1Kp9Sq9YrNarfcrvcLDovH5PKsAAA7';
var imageUrlGIF = 'data:image/gif;base64,' + b64DataGIF;
var blobGIF = canCreateBlob && window.dataURLtoBlob(imageUrlGIF);
// 2x1px JPEG (color white, with the Exif orientation flag set to 6 and the
// IPTC ObjectName (2:5) set to 'objectname'):
var b64DataJPEG =
'/9j/4AAQSkZJRgABAQEAYABgAAD/4QAiRXhpZgAASUkqAAgAAAABABIBAwABAAAA' +
'BgASAAAAAAD/7QAsUGhvdG9zaG9wIDMuMAA4QklNBAQAAAAAAA8cAgUACm9iamVj' +
'dG5hbWUA/9sAQwABAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB' +
'AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB/9sAQwEBAQEBAQEBAQEBAQEBAQEB' +
'AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB' +
'/8AAEQgAAQACAwEiAAIRAQMRAf/EAB8AAAEFAQEBAQEBAAAAAAAAAAABAgMEBQYH' +
'CAkKC//EALUQAAIBAwMCBAMFBQQEAAABfQECAwAEEQUSITFBBhNRYQcicRQygZGh' +
'CCNCscEVUtHwJDNicoIJChYXGBkaJSYnKCkqNDU2Nzg5OkNERUZHSElKU1RVVldY' +
'WVpjZGVmZ2hpanN0dXZ3eHl6g4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1' +
'tre4ubrCw8TFxsfIycrS09TV1tfY2drh4uPk5ebn6Onq8fLz9PX29/j5+v/EAB8B' +
'AAMBAQEBAQEBAQEAAAAAAAABAgMEBQYHCAkKC//EALURAAIBAgQEAwQHBQQEAAEC' +
'dwABAgMRBAUhMQYSQVEHYXETIjKBCBRCkaGxwQkjM1LwFWJy0QoWJDThJfEXGBka' +
'JicoKSo1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoKDhIWG' +
'h4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ' +
'2uLj5OXm5+jp6vLz9PX29/j5+v/aAAwDAQACEQMRAD8A/v4ooooA/9k=';
var imageUrlJPEG = 'data:image/jpeg;base64,' + b64DataJPEG;
var blobJPEG = canCreateBlob && window.dataURLtoBlob(imageUrlJPEG);
var fileGIF, fileJPEG, files, items, eventObject;
var uploadURL = '../server/php/';
/**
* Creates a fileupload form and adds it to the DOM
*
* @returns {object} jQuery node
*/
function createFileuploadForm() {
return $('<form><input type="file" name="files[]" multiple></form>')
.prop({
action: uploadURL,
method: 'POST',
enctype: 'multipart/form-data'
})
.css({ display: 'none' })
.appendTo(document.body);
}
/**
* Deletes all files from the upload server
*
* @param {Array} files Response files list
* @param {Function} callback Callback function
*/
function deleteFiles(files, callback) {
$.when(
files.map(function (file) {
return $.ajax({
type: file.deleteType,
url: file.deleteUrl
});
})
).always(function () {
callback();
});
}
beforeEach(function () {
fileGIF = new File([blobGIF], 'example.gif', { type: 'image/gif' });
fileJPEG = new File([blobJPEG], 'example.jpg', { type: 'image/jpeg' });
files = [fileGIF, fileJPEG];
items = [
{
getAsFile: function () {
return files[0];
}
},
{
getAsFile: function () {
return files[1];
}
}
];
eventObject = {
originalEvent: {
dataTransfer: { files: files, types: ['Files'] },
clipboardData: { items: items }
}
};
});
afterEach(function (done) {
$.getJSON(uploadURL).then(function (result) {
deleteFiles(result.files, done);
});
});
describe('Initialization', function () {
var form;
beforeEach(function () {
form = createFileuploadForm();
});
afterEach(function () {
form.remove();
});
it('widget', function () {
form.fileupload();
expect(form.data('blueimp-fileupload')).to.be.an('object');
});
it('file input', function () {
form.fileupload();
expect(form.fileupload('option', 'fileInput').length).to.equal(1);
});
it('drop zone', function () {
form.fileupload();
expect(form.fileupload('option', 'dropZone').length).to.equal(1);
});
it('paste zone', function () {
form.fileupload({ pasteZone: document });
expect(form.fileupload('option', 'pasteZone').length).to.equal(1);
});
it('data attributes', function () {
form.attr('data-url', 'https://example.org');
form.fileupload();
expect(form.fileupload('option', 'url')).to.equal('https://example.org');
expect(form.data('blueimp-fileupload')).to.be.an('object');
});
it('event listeners', function () {
var eventsData = {};
form.fileupload({
autoUpload: false,
pasteZone: document,
dragover: function () {
eventsData.dragover = true;
},
dragenter: function () {
eventsData.dragenter = true;
},
dragleave: function () {
eventsData.dragleave = true;
},
drop: function (e, data) {
eventsData.drop = data;
},
paste: function (e, data) {
eventsData.paste = data;
},
change: function () {
eventsData.change = true;
}
});
form
.fileupload('option', 'fileInput')
.trigger($.Event('change', eventObject));
expect(eventsData.change).to.equal(true);
form
.fileupload('option', 'dropZone')
.trigger($.Event('dragover', eventObject))
.trigger($.Event('dragenter', eventObject))
.trigger($.Event('dragleave', eventObject))
.trigger($.Event('drop', eventObject));
expect(eventsData.dragover).to.equal(true);
expect(eventsData.dragenter).to.equal(true);
expect(eventsData.dragleave).to.equal(true);
expect(eventsData.drop.files).to.deep.equal(files);
form
.fileupload('option', 'pasteZone')
.trigger($.Event('paste', eventObject));
expect(eventsData.paste.files).to.deep.equal(files);
});
});
describe('API', function () {
var form;
beforeEach(function () {
form = createFileuploadForm().fileupload({
dataType: 'json',
autoUpload: false
});
});
afterEach(function () {
form.remove();
});
it('destroy', function () {
var eventsData = {};
form.fileupload('option', {
pasteZone: document,
dragover: function () {
eventsData.dragover = true;
},
dragenter: function () {
eventsData.dragenter = true;
},
dragleave: function () {
eventsData.dragleave = true;
},
drop: function (e, data) {
eventsData.drop = data;
},
paste: function (e, data) {
eventsData.paste = data;
},
change: function () {
eventsData.change = true;
}
});
var fileInput = form.fileupload('option', 'fileInput');
var dropZone = form.fileupload('option', 'dropZone');
var pasteZone = form.fileupload('option', 'pasteZone');
form.fileupload('destroy');
expect(form.data('blueimp-fileupload')).to.equal();
fileInput.trigger($.Event('change', eventObject));
expect(eventsData.change).to.equal();
dropZone
.trigger($.Event('dragover', eventObject))
.trigger($.Event('dragenter', eventObject))
.trigger($.Event('dragleave', eventObject))
.trigger($.Event('drop', eventObject));
expect(eventsData.dragover).to.equal();
expect(eventsData.dragenter).to.equal();
expect(eventsData.dragleave).to.equal();
expect(eventsData.drop).to.equal();
pasteZone.trigger($.Event('paste', eventObject));
expect(eventsData.paste).to.equal();
});
it('disable', function () {
var eventsData = {};
form.fileupload('option', {
pasteZone: document,
dragover: function () {
eventsData.dragover = true;
},
dragenter: function () {
eventsData.dragenter = true;
},
dragleave: function () {
eventsData.dragleave = true;
},
drop: function (e, data) {
eventsData.drop = data;
},
paste: function (e, data) {
eventsData.paste = data;
},
change: function () {
eventsData.change = true;
}
});
form.fileupload('disable');
form
.fileupload('option', 'fileInput')
.trigger($.Event('change', eventObject));
expect(eventsData.change).to.equal();
form
.fileupload('option', 'dropZone')
.trigger($.Event('dragover', eventObject))
.trigger($.Event('dragenter', eventObject))
.trigger($.Event('dragleave', eventObject))
.trigger($.Event('drop', eventObject));
expect(eventsData.dragover).to.equal();
expect(eventsData.dragenter).to.equal();
expect(eventsData.dragleave).to.equal();
expect(eventsData.drop).to.equal();
form
.fileupload('option', 'pasteZone')
.trigger($.Event('paste', eventObject));
expect(eventsData.paste).to.equal();
});
it('enable', function () {
var eventsData = {};
form.fileupload('option', {
pasteZone: document,
dragover: function () {
eventsData.dragover = true;
},
dragenter: function () {
eventsData.dragenter = true;
},
dragleave: function () {
eventsData.dragleave = true;
},
drop: function (e, data) {
eventsData.drop = data;
},
paste: function (e, data) {
eventsData.paste = data;
},
change: function () {
eventsData.change = true;
}
});
form.fileupload('disable');
form.fileupload('enable');
form
.fileupload('option', 'fileInput')
.trigger($.Event('change', eventObject));
expect(eventsData.change).to.equal(true);
form
.fileupload('option', 'dropZone')
.trigger($.Event('dragover', eventObject))
.trigger($.Event('dragenter', eventObject))
.trigger($.Event('dragleave', eventObject))
.trigger($.Event('drop', eventObject));
expect(eventsData.dragover).to.equal(true);
expect(eventsData.dragenter).to.equal(true);
expect(eventsData.dragleave).to.equal(true);
expect(eventsData.drop.files).to.deep.equal(files);
form
.fileupload('option', 'pasteZone')
.trigger($.Event('paste', eventObject));
expect(eventsData.paste.files).to.deep.equal(files);
});
it('option', function () {
var eventsData = {};
form.fileupload('option', 'drop', function (e, data) {
eventsData.drop = data;
});
var dropZone = form
.fileupload('option', 'dropZone')
.trigger($.Event('drop', eventObject));
expect(eventsData.drop.files).to.deep.equal(files);
delete eventsData.drop;
form.fileupload('option', 'dropZone', null);
dropZone.trigger($.Event('drop', eventObject));
expect(eventsData.drop).to.equal();
form.fileupload('option', {
dropZone: dropZone
});
dropZone.trigger($.Event('drop', eventObject));
expect(eventsData.drop.files).to.deep.equal(files);
});
it('add', function () {
var eventData = [];
form.fileupload('option', 'add', function (e, data) {
eventData.push(data);
});
form.fileupload('add', { files: files });
expect(eventData.length).to.equal(2);
expect(eventData[0].files[0]).to.equal(files[0]);
expect(eventData[1].files[0]).to.equal(files[1]);
});
it('send', function (done) {
this.slow(200);
form.fileupload('send', { files: files }).complete(function (result) {
var uploadedFiles = result.responseJSON.files;
expect(uploadedFiles.length).to.equal(2);
expect(uploadedFiles[0].type).to.equal(files[0].type);
expect(uploadedFiles[0].error).to.equal();
expect(uploadedFiles[1].type).to.equal(files[1].type);
expect(uploadedFiles[1].error).to.equal();
done();
});
});
});
describe('Callbacks', function () {
var form;
beforeEach(function () {
form = createFileuploadForm().fileupload({ dataType: 'json' });
});
afterEach(function () {
form.remove();
});
it('add', function () {
var eventData = [];
form.fileupload('option', 'add', function (e, data) {
eventData.push(data);
});
form.fileupload('add', { files: files });
expect(eventData.length).to.equal(2);
expect(eventData[0].files[0]).to.equal(files[0]);
expect(eventData[1].files[0]).to.equal(files[1]);
});
it('submit', function (done) {
this.slow(200);
var eventData = [];
form.fileupload('option', {
submit: function (e, data) {
eventData.push(data);
},
stop: function () {
if (eventData.length < 2) return;
expect(eventData[0].files[0]).to.equal(files[0]);
expect(eventData[1].files[0]).to.equal(files[1]);
done();
}
});
form.fileupload('add', { files: files });
});
it('send', function (done) {
this.slow(200);
var eventData = [];
form.fileupload('option', {
send: function (e, data) {
eventData.push(data);
},
stop: function () {
expect(eventData.length).to.equal(1);
expect(eventData[0].files).to.deep.equal(files);
done();
}
});
form.fileupload('send', { files: files });
});
it('done', function (done) {
this.slow(200);
var eventData = [];
form.fileupload('option', {
done: function (e, data) {
eventData.push(data);
},
stop: function () {
if (eventData.length < 2) return;
expect(eventData[0].result.files.length).to.equal(1);
expect(eventData[1].result.files.length).to.equal(1);
done();
}
});
form.fileupload('add', { files: files });
});
it('fail', function (done) {
this.slow(200);
var eventData = [];
form.fileupload('option', {
url: uploadURL + '404',
fail: function (e, data) {
eventData.push(data);
},
stop: function () {
if (eventData.length < 2) return;
expect(eventData[0].result).to.equal();
expect(eventData[1].result).to.equal();
done();
}
});
form.fileupload('add', { files: files });
});
it('always', function (done) {
this.slow(200);
var eventData = [];
form.fileupload('option', {
always: function (e, data) {
eventData.push(data);
},
stop: function () {
if (eventData.length < 2) {
expect(eventData[0].result).to.equal();
form.fileupload('add', { files: [fileGIF] });
return;
}
expect(eventData[1].result.files.length).to.equal(1);
done();
}
});
form.fileupload('add', { files: [fileGIF], url: uploadURL + '404' });
});
it('progress', function (done) {
this.slow(200);
var loaded;
var total;
form.fileupload('option', {
progress: function (e, data) {
loaded = data.loaded;
total = data.total;
expect(loaded).to.be.at.most(total);
},
stop: function () {
expect(loaded).to.equal(total);
done();
}
});
form.fileupload('add', { files: [fileGIF] });
});
it('progressall', function (done) {
this.slow(200);
var loaded;
var total;
var completed = 0;
form.fileupload('option', {
progressall: function (e, data) {
loaded = data.loaded;
total = data.total;
expect(loaded).to.be.at.most(total);
},
always: function () {
completed++;
},
stop: function () {
if (completed < 2) return;
expect(loaded).to.equal(total);
done();
}
});
form.fileupload('add', { files: files });
});
it('start', function (done) {
this.slow(200);
var started;
form.fileupload('option', {
start: function () {
started = true;
},
stop: function () {
expect(started).to.equal(true);
done();
}
});
form.fileupload('add', { files: [fileGIF] });
});
it('stop', function (done) {
this.slow(200);
form.fileupload('option', {
stop: function () {
done();
}
});
form.fileupload('add', { files: [fileGIF] });
});
it('dragover', function () {
var eventsData = {};
form.fileupload('option', {
autoUpload: false,
dragover: function () {
eventsData.dragover = true;
}
});
form
.fileupload('option', 'dropZone')
.trigger($.Event('dragover', eventObject));
expect(eventsData.dragover).to.equal(true);
});
it('dragenter', function () {
var eventsData = {};
form.fileupload('option', {
autoUpload: false,
dragenter: function () {
eventsData.dragenter = true;
}
});
form
.fileupload('option', 'dropZone')
.trigger($.Event('dragenter', eventObject));
expect(eventsData.dragenter).to.equal(true);
});
it('dragleave', function () {
var eventsData = {};
form.fileupload('option', {
autoUpload: false,
dragleave: function () {
eventsData.dragleave = true;
}
});
form
.fileupload('option', 'dropZone')
.trigger($.Event('dragleave', eventObject));
expect(eventsData.dragleave).to.equal(true);
});
it('drop', function () {
var eventsData = {};
form.fileupload('option', {
autoUpload: false,
drop: function (e, data) {
eventsData.drop = data;
}
});
form
.fileupload('option', 'dropZone')
.trigger($.Event('drop', eventObject));
expect(eventsData.drop.files).to.deep.equal(files);
});
it('paste', function () {
var eventsData = {};
form.fileupload('option', {
autoUpload: false,
pasteZone: document,
paste: function (e, data) {
eventsData.paste = data;
}
});
form
.fileupload('option', 'pasteZone')
.trigger($.Event('paste', eventObject));
expect(eventsData.paste.files).to.deep.equal(files);
});
it('change', function () {
var eventsData = {};
form.fileupload('option', {
autoUpload: false,
change: function () {
eventsData.change = true;
}
});
form
.fileupload('option', 'fileInput')
.trigger($.Event('change', eventObject));
expect(eventsData.change).to.equal(true);
});
});
describe('Options', function () {
var form;
beforeEach(function () {
form = createFileuploadForm();
});
afterEach(function () {
form.remove();
});
it('paramName', function (done) {
form.fileupload({
send: function (e, data) {
expect(data.paramName[0]).to.equal(
form.fileupload('option', 'fileInput').prop('name')
);
done();
return false;
}
});
form.fileupload('add', { files: [fileGIF] });
});
it('url', function (done) {
form.fileupload({
send: function (e, data) {
expect(data.url).to.equal(form.prop('action'));
done();
return false;
}
});
form.fileupload('add', { files: [fileGIF] });
});
it('type', function (done) {
form.fileupload({
type: 'PUT',
send: function (e, data) {
expect(data.type).to.equal('PUT');
done();
return false;
}
});
form.fileupload('add', { files: [fileGIF] });
});
it('replaceFileInput', function () {
form.fileupload();
var fileInput = form.fileupload('option', 'fileInput');
fileInput.trigger($.Event('change', eventObject));
expect(form.fileupload('option', 'fileInput')[0]).to.not.equal(
fileInput[0]
);
form.fileupload('option', 'replaceFileInput', false);
fileInput = form.fileupload('option', 'fileInput');
fileInput.trigger($.Event('change', eventObject));
expect(form.fileupload('option', 'fileInput')[0]).to.equal(fileInput[0]);
});
it('forceIframeTransport', function (done) {
form.fileupload({
forceIframeTransport: 'PUT',
send: function (e, data) {
expect(data.dataType.substr(0, 6)).to.equal('iframe');
done();
return false;
}
});
form.fileupload('add', { files: [fileGIF] });
});
it('singleFileUploads', function (done) {
form.fileupload({
singleFileUploads: false,
send: function (e, data) {
expect(data.files).to.deep.equal(files);
done();
return false;
}
});
form.fileupload('add', { files: files });
});
it('limitMultiFileUploads', function (done) {
var completed = 0;
form.fileupload({
singleFileUploads: false,
limitMultiFileUploads: 2,
send: function (e, data) {
expect(data.files).to.deep.equal(files);
completed++;
if (completed < 2) return;
done();
return false;
}
});
form.fileupload('add', { files: files.concat(files) });
});
it('limitMultiFileUploadSize', function (done) {
var completed = 0;
form.fileupload({
singleFileUploads: false,
limitMultiFileUploadSize: files[0].size + files[1].size,
limitMultiFileUploadSizeOverhead: 0,
send: function (e, data) {
expect(data.files).to.deep.equal(files);
completed++;
if (completed < 2) return;
done();
return false;
}
});
form.fileupload('add', { files: files.concat(files) });
});
it('sequentialUploads', function (done) {
this.slow(400);
var completed = 0;
var events = [];
form.fileupload({
sequentialUploads: true,
dataType: 'json',
send: function () {
events.push('send');
},
always: function () {
events.push('complete');
completed++;
},
stop: function () {
if (completed === 4) {
expect(events.join(',')).to.equal(
[
'send',
'complete',
'send',
'complete',
'send',
'complete',
'send',
'complete'
].join(',')
);
done();
}
}
});
form.fileupload('add', { files: files.concat(files) });
});
it('limitConcurrentUploads', function (done) {
this.slow(800);
var completed = 0;
var loadCount = 0;
form.fileupload({
limitConcurrentUploads: 2,
dataType: 'json',
send: function () {
loadCount++;
expect(loadCount).to.be.at.most(2);
},
always: function () {
completed++;
loadCount--;
},
stop: function () {
if (completed === 8) {
done();
}
}
});
form.fileupload('add', {
files: files.concat(files).concat(files).concat(files)
});
});
it('multipart', function (done) {
form.fileupload({
multipart: false,
send: function (e, data) {
expect(data.contentType).to.equal(fileGIF.type);
expect(data.headers['Content-Disposition']).to.equal(
'attachment; filename="' + fileGIF.name + '"'
);
done();
return false;
}
});
form.fileupload('add', { files: [fileGIF] });
});
it('uniqueFilenames', function (done) {
form.fileupload({
uniqueFilenames: {},
send: function (e, data) {
var formFiles = data.data.getAll('files[]');
expect(formFiles[0].name).to.equal(fileGIF.name);
expect(formFiles[1].name).to.equal(
fileGIF.name.replace('.gif', ' (1).gif')
);
expect(formFiles[2].name).to.equal(
fileGIF.name.replace('.gif', ' (2).gif')
);
done();
return false;
}
});
form.fileupload('send', { files: [fileGIF, fileGIF, fileGIF] });
});
it('maxChunkSize', function (done) {
this.slow(400);
var events = [];
form.fileupload({
maxChunkSize: 32,
dataType: 'json',
chunkbeforesend: function () {
events.push('chunkbeforesend');
},
chunksend: function () {
events.push('chunksend');
},
chunkdone: function () {
events.push('chunkdone');
},
done: function (e, data) {
var uploadedFile = data.result.files[0];
expect(uploadedFile.type).to.equal(fileGIF.type);
expect(uploadedFile.size).to.equal(fileGIF.size);
},
stop: function () {
expect(events.join(',')).to.equal(
[
'chunkbeforesend',
'chunksend',
'chunkdone',
'chunkbeforesend',
'chunksend',
'chunkdone',
'chunkbeforesend',
'chunksend',
'chunkdone',
'chunkbeforesend',
'chunksend',
'chunkdone'
].join(',')
);
done();
}
});
form.fileupload('send', { files: [fileGIF] });
});
it('acceptFileTypes', function (done) {
var processData;
form.fileupload({
acceptFileTypes: /^image\/gif$/,
singleFileUploads: false,
processalways: function (e, data) {
processData = data;
},
processstop: function () {
expect(processData.files[0].error).to.equal();
expect(processData.files[1].error).to.equal(
form.fileupload('option').i18n('acceptFileTypes')
);
done();
}
});
form.fileupload('add', { files: files });
});
it('maxFileSize', function (done) {
var processData;
form.fileupload({
maxFileSize: 200,
singleFileUploads: false,
processalways: function (e, data) {
processData = data;
},
processstop: function () {
expect(processData.files[0].error).to.equal();
expect(processData.files[1].error).to.equal(
form.fileupload('option').i18n('maxFileSize')
);
done();
}
});
form.fileupload('add', { files: files });
});
it('minFileSize', function (done) {
var processData;
form.fileupload({
minFileSize: 200,
singleFileUploads: false,
processalways: function (e, data) {
processData = data;
},
processstop: function () {
expect(processData.files[0].error).to.equal(
form.fileupload('option').i18n('minFileSize')
);
expect(processData.files[1].error).to.equal();
done();
}
});
form.fileupload('add', { files: files });
});
it('maxNumberOfFiles', function (done) {
var processData;
form.fileupload({
maxNumberOfFiles: 2,
getNumberOfFiles: function () {
return 2;
},
singleFileUploads: false,
processalways: function (e, data) {
processData = data;
},
processstop: function () {
expect(processData.files[0].error).to.equal(
form.fileupload('option').i18n('maxNumberOfFiles')
);
expect(processData.files[1].error).to.equal(
form.fileupload('option').i18n('maxNumberOfFiles')
);
done();
}
});
form.fileupload('add', { files: files });
});
});
})(this.chai.expect, this.jQuery);

10854
vendor/blueimp/jquery-file-upload/test/vendor/chai.js vendored
View file

File diff suppressed because it is too large Load diff

325
vendor/blueimp/jquery-file-upload/test/vendor/mocha.css vendored
View file

@ -1,325 +0,0 @@
@charset "utf-8";
body {
margin:0;
}
#mocha {
font: 20px/1.5 "Helvetica Neue", Helvetica, Arial, sans-serif;
margin: 60px 50px;
}
#mocha ul,
#mocha li {
margin: 0;
padding: 0;
}
#mocha ul {
list-style: none;
}
#mocha h1,
#mocha h2 {
margin: 0;
}
#mocha h1 {
margin-top: 15px;
font-size: 1em;
font-weight: 200;
}
#mocha h1 a {
text-decoration: none;
color: inherit;
}
#mocha h1 a:hover {
text-decoration: underline;
}
#mocha .suite .suite h1 {
margin-top: 0;
font-size: .8em;
}
#mocha .hidden {
display: none;
}
#mocha h2 {
font-size: 12px;
font-weight: normal;
cursor: pointer;
}
#mocha .suite {
margin-left: 15px;
}
#mocha .test {
margin-left: 15px;
overflow: hidden;
}
#mocha .test.pending:hover h2::after {
content: '(pending)';
font-family: arial, sans-serif;
}
#mocha .test.pass.medium .duration {
background: #c09853;
}
#mocha .test.pass.slow .duration {
background: #b94a48;
}
#mocha .test.pass::before {
content: '✓';
font-size: 12px;
display: block;
float: left;
margin-right: 5px;
color: #00d6b2;
}
#mocha .test.pass .duration {
font-size: 9px;
margin-left: 5px;
padding: 2px 5px;
color: #fff;
-webkit-box-shadow: inset 0 1px 1px rgba(0,0,0,.2);
-moz-box-shadow: inset 0 1px 1px rgba(0,0,0,.2);
box-shadow: inset 0 1px 1px rgba(0,0,0,.2);
-webkit-border-radius: 5px;
-moz-border-radius: 5px;
-ms-border-radius: 5px;
-o-border-radius: 5px;
border-radius: 5px;
}
#mocha .test.pass.fast .duration {
display: none;
}
#mocha .test.pending {
color: #0b97c4;
}
#mocha .test.pending::before {
content: '◦';
color: #0b97c4;
}
#mocha .test.fail {
color: #c00;
}
#mocha .test.fail pre {
color: black;
}
#mocha .test.fail::before {
content: '✖';
font-size: 12px;
display: block;
float: left;
margin-right: 5px;
color: #c00;
}
#mocha .test pre.error {
color: #c00;
max-height: 300px;
overflow: auto;
}
#mocha .test .html-error {
overflow: auto;
color: black;
display: block;
float: left;
clear: left;
font: 12px/1.5 monaco, monospace;
margin: 5px;
padding: 15px;
border: 1px solid #eee;
max-width: 85%; /*(1)*/
max-width: -webkit-calc(100% - 42px);
max-width: -moz-calc(100% - 42px);
max-width: calc(100% - 42px); /*(2)*/
max-height: 300px;
word-wrap: break-word;
border-bottom-color: #ddd;
-webkit-box-shadow: 0 1px 3px #eee;
-moz-box-shadow: 0 1px 3px #eee;
box-shadow: 0 1px 3px #eee;
-webkit-border-radius: 3px;
-moz-border-radius: 3px;
border-radius: 3px;
}
#mocha .test .html-error pre.error {
border: none;
-webkit-border-radius: 0;
-moz-border-radius: 0;
border-radius: 0;
-webkit-box-shadow: 0;
-moz-box-shadow: 0;
box-shadow: 0;
padding: 0;
margin: 0;
margin-top: 18px;
max-height: none;
}
/**
* (1): approximate for browsers not supporting calc
* (2): 42 = 2*15 + 2*10 + 2*1 (padding + margin + border)
* ^^ seriously
*/
#mocha .test pre {
display: block;
float: left;
clear: left;
font: 12px/1.5 monaco, monospace;
margin: 5px;
padding: 15px;
border: 1px solid #eee;
max-width: 85%; /*(1)*/
max-width: -webkit-calc(100% - 42px);
max-width: -moz-calc(100% - 42px);
max-width: calc(100% - 42px); /*(2)*/
word-wrap: break-word;
border-bottom-color: #ddd;
-webkit-box-shadow: 0 1px 3px #eee;
-moz-box-shadow: 0 1px 3px #eee;
box-shadow: 0 1px 3px #eee;
-webkit-border-radius: 3px;
-moz-border-radius: 3px;
border-radius: 3px;
}
#mocha .test h2 {
position: relative;
}
#mocha .test a.replay {
position: absolute;
top: 3px;
right: 0;
text-decoration: none;
vertical-align: middle;
display: block;
width: 15px;
height: 15px;
line-height: 15px;
text-align: center;
background: #eee;
font-size: 15px;
-webkit-border-radius: 15px;
-moz-border-radius: 15px;
border-radius: 15px;
-webkit-transition:opacity 200ms;
-moz-transition:opacity 200ms;
-o-transition:opacity 200ms;
transition: opacity 200ms;
opacity: 0.3;
color: #888;
}
#mocha .test:hover a.replay {
opacity: 1;
}
#mocha-report.pass .test.fail {
display: none;
}
#mocha-report.fail .test.pass {
display: none;
}
#mocha-report.pending .test.pass,
#mocha-report.pending .test.fail {
display: none;
}
#mocha-report.pending .test.pass.pending {
display: block;
}
#mocha-error {
color: #c00;
font-size: 1.5em;
font-weight: 100;
letter-spacing: 1px;
}
#mocha-stats {
position: fixed;
top: 15px;
right: 10px;
font-size: 12px;
margin: 0;
color: #888;
z-index: 1;
}
#mocha-stats .progress {
float: right;
padding-top: 0;
/**
* Set safe initial values, so mochas .progress does not inherit these
* properties from Bootstrap .progress (which causes .progress height to
* equal line height set in Bootstrap).
*/
height: auto;
-webkit-box-shadow: none;
-moz-box-shadow: none;
box-shadow: none;
background-color: initial;
}
#mocha-stats em {
color: black;
}
#mocha-stats a {
text-decoration: none;
color: inherit;
}
#mocha-stats a:hover {
border-bottom: 1px solid #eee;
}
#mocha-stats li {
display: inline-block;
margin: 0 5px;
list-style: none;
padding-top: 11px;
}
#mocha-stats canvas {
width: 40px;
height: 40px;
}
#mocha code .comment { color: #ddd; }
#mocha code .init { color: #2f6fad; }
#mocha code .string { color: #5890ad; }
#mocha code .keyword { color: #8a6343; }
#mocha code .number { color: #2f6fad; }
@media screen and (max-device-width: 480px) {
#mocha {
margin: 60px 0px;
}
#mocha #stats {
position: absolute;
}
}

18178
vendor/blueimp/jquery-file-upload/test/vendor/mocha.js vendored
View file

File diff suppressed because one or more lines are too long

10
vendor/blueimp/jquery-file-upload/wdio/.eslintrc.js vendored
View file

@ -1,10 +0,0 @@
'use strict'
module.exports = {
env: {
node: true
},
parserOptions: {
ecmaVersion: 2019
}
}

9
vendor/blueimp/jquery-file-upload/wdio/.prettierrc.js vendored
View file

@ -1,9 +0,0 @@
'use strict'
module.exports = {
arrowParens: 'avoid',
proseWrap: 'always',
semi: false,
singleQuote: true,
trailingComma: 'none'
}

20
vendor/blueimp/jquery-file-upload/wdio/LICENSE.txt vendored
View file

@ -1,20 +0,0 @@
MIT License
Copyright © 2019 Sebastian Tschan, https://blueimp.net
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

BIN
vendor/blueimp/jquery-file-upload/wdio/assets/black+white-3x2.jpg vendored
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 407 B

BIN
vendor/blueimp/jquery-file-upload/wdio/assets/black+white-60x40.gif vendored
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 145 B

40
vendor/blueimp/jquery-file-upload/wdio/conf/chrome.js vendored
View file

@ -1,40 +0,0 @@
'use strict'
/* eslint-disable jsdoc/valid-types */
/** @type WebdriverIO.Config */
const config = {
hostname: 'chromedriver',
path: '/',
capabilities: [
{
// Set maxInstances to 1 if screen recordings are enabled:
// maxInstances: 1,
browserName: 'chrome',
'goog:chromeOptions': {
// Disable headless mode if screen recordings are enabled:
args: ['--headless', '--window-size=1440,900']
}
}
],
logLevel: 'warn',
reporters: ['spec'],
framework: 'mocha',
mochaOpts: {
timeout: 60000
},
specs: ['test/specs/**/*.js'],
maximizeWindow: true,
screenshots: {
saveOnFail: true
},
videos: {
enabled: false,
resolution: '1440x900',
startDelay: 500,
stopDelay: 500
},
assetsDir: '/home/webdriver/assets/',
baseUrl: 'http://example'
}
exports.config = Object.assign({}, require('../hooks'), config)

25
vendor/blueimp/jquery-file-upload/wdio/conf/firefox.js vendored
View file

@ -1,25 +0,0 @@
'use strict'
/* eslint-disable jsdoc/valid-types */
/** @type WebdriverIO.Config */
const config = {
hostname: 'geckodriver',
capabilities: [
{
// geckodriver supports no parallel sessions:
maxInstances: 1,
browserName: 'firefox',
'moz:firefoxOptions': {
//args: ['-headless', '--window-size=1440,900']
}
}
],
videos: {
enabled: true,
resolution: '1440x900',
startDelay: 500,
stopDelay: 500
}
}
exports.config = Object.assign({}, require('./chrome').config, config)

36
vendor/blueimp/jquery-file-upload/wdio/hooks/index.js vendored
View file

@ -1,36 +0,0 @@
'use strict'
/* global browser, Promise */
const cmds = require('wdio-screen-commands')
/* eslint-disable jsdoc/valid-types */
/** @type WebdriverIO.HookFunctionExtension */
const config = {
before: async () => {
// Add browser commands:
browser.addCommand('saveScreenshotByName', cmds.saveScreenshotByName)
browser.addCommand('saveAndDiffScreenshot', cmds.saveAndDiffScreenshot)
// Add element commands:
browser.addCommand('saveScreenshotByName', cmds.saveScreenshotByName, true)
browser.addCommand(
'saveAndDiffScreenshot',
cmds.saveAndDiffScreenshot,
true
)
if (browser.config.appium)
await browser.updateSettings(browser.config.appium)
if (browser.config.maximizeWindow) await browser.maximizeWindow()
},
beforeTest: async test => {
await cmds.startScreenRecording(test)
},
afterTest: async (test, context, result) => {
await Promise.all([
cmds.stopScreenRecording(test, result),
cmds.saveScreenshotByTest(test, result)
])
}
}
module.exports = config

2
vendor/blueimp/jquery-file-upload/wdio/reports/.gitignore vendored
View file

@ -1,2 +0,0 @@
*
!/.gitignore

79
vendor/blueimp/jquery-file-upload/wdio/test/pages/file-upload.js vendored
View file

@ -1,79 +0,0 @@
'use strict'
/* global browser, $, $$ */
/* eslint-disable class-methods-use-this */
class FileUpload {
get fileinput() {
return $('.fileinput-button input')
}
get start() {
return $('.fileupload-buttonbar .start')
}
get toggle() {
return $('.fileupload-buttonbar .toggle')
}
get remove() {
return $('.fileupload-buttonbar .delete')
}
get processing() {
return $$('.files .processing')
}
get uploads() {
return $$('.files .template-upload')
}
get downloads() {
return $$('.files .template-download')
}
get checked() {
return $$('.files .toggle:checked')
}
/**
* Opens the file upload form.
*
* @param {number} [timeout] Wait timeout
*/
async open(timeout) {
await browser.url('/')
await this.fileinput.waitForExist({ timeout })
}
/**
* Uploads files.
*
* @param {Array<string>} files Files to upload
* @param {number} [timeout] Wait timeout
*/
async upload(files, timeout) {
await this.fileinput.addValue(files.join('\n'))
await browser.waitUntil(async () => !(await this.processing.length), {
timeout
})
await this.start.click()
await browser.waitUntil(async () => !!(await this.downloads.length), {
timeout
})
await browser.waitUntil(async () => !(await this.uploads.length), {
timeout
})
}
/**
* Deletes uploaded files.
*
* @param {number} [timeout] Wait timeout
*/
async delete(timeout) {
await this.toggle.click()
await browser.waitUntil(
async () => (await this.downloads.length) === (await this.checked.length),
{
timeout
}
)
await this.remove.click()
await browser.waitUntil(async () => !(await this.downloads.length), {
timeout
})
}
}
module.exports = new FileUpload()

25
vendor/blueimp/jquery-file-upload/wdio/test/specs/01-file-upload.js vendored
View file

@ -1,25 +0,0 @@
'use strict'
/* global browser, describe, it */
const FileUpload = require('../pages/file-upload')
const assetsDir = browser.config.assetsDir
describe('File Upload', () => {
if (!assetsDir) return
it('uploads files', async () => {
await FileUpload.open()
await FileUpload.upload([
assetsDir + 'black+white-60x40.gif',
assetsDir + 'black+white-3x2.jpg'
])
await browser.saveAndDiffScreenshot('Files uploaded')
})
it('deletes files', async () => {
await FileUpload.open()
await FileUpload.delete()
await browser.saveAndDiffScreenshot('Files deleted')
})
})

4
vendor/blueimp/jquery-file-upload/wdio/wdio.conf.js vendored
View file

@ -1,4 +0,0 @@
'use strict'
// Default to the Chrome config:
exports.config = require('./conf/chrome').config

200
vendor/bshaffer/oauth2-server-php/CHANGELOG.md vendored
View file

@ -1,200 +0,0 @@
CHANGELOG for 1.x
=================
This changelog references the relevant changes (bug and security fixes) done
in 1.x minor versions.
To see the files changed for a given bug, go to https://github.com/bshaffer/oauth2-server-php/issues/### where ### is the bug number
To get the diff between two versions, go to https://github.com/bshaffer/oauth2-server-php/compare/v1.0...v1.1
To get the diff for a specific change, go to https://github.com/bshaffer/oauth2-server-php/commit/XXX where XXX is the change hash
* 1.10.0 (2017-11-15)
PR: https://github.com/bshaffer/oauth2-server-php/pull/889
* #795 - [feature] added protected createPayload method to allow easier customization of JWT payload
* #807 - [refactor] simplifies UserInfoController constructor
* #814 - [docs] Adds https to README link
* #827 - [testing] Explicitly pulls in phpunit 4
* #828 - [docs] PHPDoc improvements and type hinting of variables.
* #829 - [bug] Fix CORS issue for revoking and requesting an access token
* #869 - [testing] Remove php 5.3 from travis and use vendored phpunit
* #834 - [feature] use random_bytes if available
* #851 - [docs] Fix PHPDoc
* #872 - [bug] Fix count() error on PHP 7.2
* #873 - [testing] adds php 7.2 to travis
* #794 - [docs] Fix typo in composer.json
* #885 - [testing] Use PHPUnit\Framework\TestCase instead of PHPUnit_Framework_TestCase
* 1.9.0 (2017-01-06)
PR: https://github.com/bshaffer/oauth2-server-php/pull/788
* bug #645 - Allow null for client_secret
* bug #651 - Fix bug in isPublicClient of Cassandra Storage
* bug #670 - Bug in client's scope restriction
* bug #672 - Implemented method to override the password hashing algorithm
* bug #698 - Fix Token Response's Content-Type to application/json
* bug #729 - Ensures unsetAccessToken and unsetRefreshToken return a bool
* bug #749 - Fix UserClaims for CodeIdToken
* bug #784 - RFC6750 compatibility
* bug #776 - Fix "redirect_uri_mismatch" for URIs with encoded characters
* bug #759 - no access token supplied to resource controller results in empty request body
* bug #773 - Use OpenSSL random method before attempting Mcrypt's.
* bug #790 - Add mongo db
* 1.8.0 (2015-09-18)
PR: https://github.com/bshaffer/oauth2-server-php/pull/643
* bug #594 - adds jti
* bug #598 - fixes lifetime configurations for JWTs
* bug #634 - fixes travis builds, upgrade to containers
* bug #586 - support for revoking tokens
* bug #636 - Adds FirebaseJWT bridge
* bug #639 - Mongo HHVM compatibility
* 1.7.0 (2015-04-23)
PR: https://github.com/bshaffer/oauth2-server-php/pull/572
* bug #500 - PDO fetch mode changed from FETCH_BOTH to FETCH_ASSOC
* bug #508 - Case insensitive for Bearer token header name ba716d4
* bug #512 - validateRedirectUri is now public
* bug #530 - Add PublicKeyInterface, UserClaimsInterface to Cassandra Storage
* bug #505 - DynamoDB storage fixes
* bug #556 - adds "code id_token" return type to openid connect
* bug #563 - Include "issuer" config key for JwtAccessToken
* bug #564 - Fixes JWT vulnerability
* bug #571 - Added unset_refresh_token_after_use option
* 1.6 (2015-01-16)
PR: https://github.com/bshaffer/oauth2-server-php/pull/496
* bug 437 - renames CryptoToken to JwtAccessToken / use_crypto_tokens to use_jwt_access_tokens
* bug 447 - Adds a Couchbase storage implementation
* bug 460 - Rename JWT claims to match spec
* bug 470 - order does not matter for multi-valued response types
* bug 471 - Make validateAuthorizeRequest available for POST in addition to GET
* bug 475 - Adds JTI table definitiion
* bug 481 - better randomness for generating access tokens
* bug 480 - Use hash_equals() for signature verification (prevents remote timing attacks)
* bugs 489, 491, 498 - misc other fixes
* 1.5 (2014-08-27)
PR: https://github.com/bshaffer/oauth2-server-php/pull/446
* bug #399 - Add DynamoDB Support
* bug #404 - renamed error name for malformed/expired tokens
* bug #412 - Openid connect: fixes for claims with more than one scope / Add support for the prompt parameter ('consent' and 'none')
* bug #411 - fixes xml output
* bug #413 - fixes invalid format error
* bug #401 - fixes code standards / whitespace
* bug #354 - bundles PDO SQL with the library
* [BC] bug #397 - refresh tokens should not be encrypted
* bug #423 - makes "scope" optional for refresh token storage
* 1.4 (2014-06-12)
PR: https://github.com/bshaffer/oauth2-server-php/pull/392
* bug #189 Storage\PDO - allows DSN string in constructor
* bug #233 Bearer Tokens - allows token in request body for PUT requests
* bug #346 Fixes open_basedir warning
* bug #351 Adds OpenID Connect support
* bug #355 Adds php 5.6 and HHVM to travis.ci testing
* [BC] bug #358 Adds `getQueryStringIdentifier()` to the GrantType interface
* bug #363 Encryption\JWT - Allows for subclassing JWT Headers
* bug #349 Bearer Tokens - adds requestHasToken method for when access tokens are optional
* bug #301 Encryption\JWT - fixes urlSafeB64Encode(): ensures newlines are replaced as expected
* bug #323 ResourceController - client_id is no longer required to be returned when calling getAccessToken
* bug #367 Storage\PDO - adds Postgres support
* bug #368 Access Tokens - use mcrypt_create_iv or openssl_random_pseudo_bytes to create token string
* bug #376 Request - allows case insensitive headers
* bug #384 Storage\PDO - can pass in PDO options in constructor of PDO storage
* misc fixes #361, #292, #373, #374, #379, #396
* 1.3 (2014-02-27)
PR: https://github.com/bshaffer/oauth2-server-php/pull/325
* bug #311 adds cassandra storage
* bug #298 fixes response code for user credentials grant type
* bug #318 adds 'use_crypto_tokens' config to Server class for better DX
* [BC] bug #320 pass client_id to getDefaultScope
* bug #324 better feedback when running tests
* bug #335 adds support for non-expiring refresh tokens
* bug #333 fixes Pdo storage for getClientKey
* bug #336 fixes Redis storage for expireAuthorizationCode
* 1.3 (2014-02-27)
PR: https://github.com/bshaffer/oauth2-server-php/pull/325
* bug #311 adds cassandra storage
* bug #298 fixes response code for user credentials grant type
* bug #318 adds 'use_crypto_tokens' config to Server class for better DX
* bug #320 pass client_id to getDefaultScope
* bug #324 better feedback when running tests
* bug #335 adds support for non-expiring refresh tokens
* bug #333 fixes Pdo storage for getClientKey
* bug #336 fixes Redis storage for expireAuthorizationCode
* 1.2 (2014-01-03)
PR: https://github.com/bshaffer/oauth2-server-php/pull/288
* bug #285 changed response header from 200 to 401 when empty token received
* bug #286 adds documentation and links to spec for not including error messages when no token is supplied
* bug #280 ensures PHP warnings do not get thrown as a result of an invalid argument to $jwt->decode()
* bug #279 predis wrong number of arguments
* bug #277 Securing JS WebApp client secret w/ password grant type
* 1.1 (2013-12-17)
PR: https://github.com/bshaffer/oauth2-server-php/pull/276
* bug #278 adds refresh token configuration to Server class
* bug #274 Supplying a null client_id and client_secret grants API access
* bug #244 [MongoStorage] More detailed implementation info
* bug #268 Implement jti for JWT Bearer tokens to prevent replay attacks.
* bug #266 Removing unused argument to getAccessTokenData
* bug #247 Make Bearer token type consistent
* bug #253 Fixing CryptoToken refresh token lifetime
* bug #246 refactors public key logic to be more intuitive
* bug #245 adds support for JSON crypto tokens
* bug #230 Remove unused columns in oauth_clients
* bug #215 makes Redis Scope Storage obey the same paradigm as PDO
* bug #228 removes scope group
* bug #227 squelches open basedir restriction error
* bug #223 Updated docblocks for RefreshTokenInterface.php
* bug #224 Adds protected properties
* bug #217 Implement ScopeInterface for PDO, Redis
* 1.0 (2013-08-12)
* bug #203 Add redirect\_status_code config param for AuthorizeController
* bug #205 ensures unnecessary ? is not set when ** bug
* bug #204 Fixed call to LogicException
* bug #202 Add explode to checkRestrictedGrant in PDO Storage
* bug #197 adds support for 'false' default scope ** bug
* bug #192 reference errors and adds tests
* bug #194 makes some appropriate properties ** bug
* bug #191 passes config to HttpBasic
* bug #190 validates client credentials before ** bug
* bug #171 Fix wrong redirect following authorization step
* bug #187 client_id is now passed to getDefaultScope().
* bug #176 Require refresh_token in getRefreshToken response
* bug #174 make user\_id not required for refresh_token grant
* bug #173 Duplication in JwtBearer Grant
* bug #168 user\_id not required for authorization_code grant
* bug #133 hardens default security for user object
* bug #163 allows redirect\_uri on authorization_code to be NULL in docs example
* bug #162 adds getToken on ResourceController for convenience
* bug #161 fixes fatal error
* bug #163 Invalid redirect_uri handling
* bug #156 user\_id in OAuth2\_Storage_AuthorizationCodeInterface::getAuthorizationCode() response
* bug #157 Fix for extending access and refresh tokens
* bug #154 ResponseInterface: getParameter method is used in the library but not defined in the interface
* bug #148 Add more detail to examples in Readme.md

21
vendor/bshaffer/oauth2-server-php/LICENSE vendored
View file

@ -1,21 +0,0 @@
The MIT License
Copyright (c) 2014 Brent Shaffer
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

8
vendor/bshaffer/oauth2-server-php/README.md vendored
View file

@ -1,8 +0,0 @@
oauth2-server-php
=================
[![Build Status](https://travis-ci.org/bshaffer/oauth2-server-php.svg?branch=master)](https://travis-ci.org/bshaffer/oauth2-server-php)
[![Total Downloads](https://poser.pugx.org/bshaffer/oauth2-server-php/downloads.png)](https://packagist.org/packages/bshaffer/oauth2-server-php)
View the [complete documentation](https://bshaffer.github.io/oauth2-server-php-docs/)

36
vendor/bshaffer/oauth2-server-php/composer.json vendored
View file

@ -1,36 +0,0 @@
{
"name": "bshaffer/oauth2-server-php",
"description":"OAuth2 Server for PHP",
"keywords":["oauth","oauth2","auth"],
"type":"library",
"license":"MIT",
"authors":[
{
"name":"Brent Shaffer",
"email": "bshafs@gmail.com",
"homepage":"http://brentertainment.com"
}
],
"homepage": "http://github.com/bshaffer/oauth2-server-php",
"autoload": {
"psr-0": { "OAuth2": "src/" }
},
"require":{
"php":">=5.3.9"
},
"require-dev": {
"phpunit/phpunit": "^4.0",
"aws/aws-sdk-php": "~2.8",
"firebase/php-jwt": "~2.2",
"predis/predis": "dev-master",
"thobbs/phpcassa": "dev-master",
"mongodb/mongodb": "^1.1"
},
"suggest": {
"predis/predis": "Required to use Redis storage",
"thobbs/phpcassa": "Required to use Cassandra storage",
"aws/aws-sdk-php": "~2.8 is required to use DynamoDB storage",
"firebase/php-jwt": "~2.2 is required to use JWT features",
"mongodb/mongodb": "^1.1 is required to use MongoDB storage"
}
}

54
vendor/bshaffer/oauth2-server-php/src/OAuth2/Autoloader.php vendored
View file

@ -1,54 +0,0 @@
<?php
namespace OAuth2;
/**
* Autoloads OAuth2 classes
*
* @author Brent Shaffer <bshafs at gmail dot com>
* @license MIT License
*/
class Autoloader
{
/**
* @var string
*/
private $dir;
/**
* @param string $dir
*/
public function __construct($dir = null)
{
if (is_null($dir)) {
$dir = dirname(__FILE__).'/..';
}
$this->dir = $dir;
}
/**
* Registers OAuth2\Autoloader as an SPL autoloader.
*/
public static function register($dir = null)
{
ini_set('unserialize_callback_func', 'spl_autoload_call');
spl_autoload_register(array(new self($dir), 'autoload'));
}
/**
* Handles autoloading of classes.
*
* @param string $class - A class name.
* @return boolean - Returns true if the class has been loaded
*/
public function autoload($class)
{
if (0 !== strpos($class, 'OAuth2')) {
return;
}
if (file_exists($file = $this->dir.'/'.str_replace('\\', '/', $class).'.php')) {
require $file;
}
}
}

28
vendor/bshaffer/oauth2-server-php/src/OAuth2/ClientAssertionType/ClientAssertionTypeInterface.php vendored
View file

@ -1,28 +0,0 @@
<?php
namespace OAuth2\ClientAssertionType;
use OAuth2\RequestInterface;
use OAuth2\ResponseInterface;
/**
* Interface for all OAuth2 Client Assertion Types
*/
interface ClientAssertionTypeInterface
{
/**
* Validate the OAuth request
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return mixed
*/
public function validateRequest(RequestInterface $request, ResponseInterface $response);
/**
* Get the client id
*
* @return mixed
*/
public function getClientId();
}

139
vendor/bshaffer/oauth2-server-php/src/OAuth2/ClientAssertionType/HttpBasic.php vendored
View file

@ -1,139 +0,0 @@
<?php
namespace OAuth2\ClientAssertionType;
use OAuth2\Storage\ClientCredentialsInterface;
use OAuth2\RequestInterface;
use OAuth2\ResponseInterface;
use LogicException;
/**
* Validate a client via Http Basic authentication
*
* @author Brent Shaffer <bshafs at gmail dot com>
*/
class HttpBasic implements ClientAssertionTypeInterface
{
private $clientData;
protected $storage;
protected $config;
/**
* Config array $config should look as follows:
* @code
* $config = array(
* 'allow_credentials_in_request_body' => true, // whether to look for credentials in the POST body in addition to the Authorize HTTP Header
* 'allow_public_clients' => true // if true, "public clients" (clients without a secret) may be authenticated
* );
* @endcode
*
* @param ClientCredentialsInterface $storage Storage
* @param array $config Configuration options for the server
*/
public function __construct(ClientCredentialsInterface $storage, array $config = array())
{
$this->storage = $storage;
$this->config = array_merge(array(
'allow_credentials_in_request_body' => true,
'allow_public_clients' => true,
), $config);
}
/**
* Validate the OAuth request
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return bool|mixed
* @throws LogicException
*/
public function validateRequest(RequestInterface $request, ResponseInterface $response)
{
if (!$clientData = $this->getClientCredentials($request, $response)) {
return false;
}
if (!isset($clientData['client_id'])) {
throw new LogicException('the clientData array must have "client_id" set');
}
if (!isset($clientData['client_secret']) || $clientData['client_secret'] == '') {
if (!$this->config['allow_public_clients']) {
$response->setError(400, 'invalid_client', 'client credentials are required');
return false;
}
if (!$this->storage->isPublicClient($clientData['client_id'])) {
$response->setError(400, 'invalid_client', 'This client is invalid or must authenticate using a client secret');
return false;
}
} elseif ($this->storage->checkClientCredentials($clientData['client_id'], $clientData['client_secret']) === false) {
$response->setError(400, 'invalid_client', 'The client credentials are invalid');
return false;
}
$this->clientData = $clientData;
return true;
}
/**
* Get the client id
*
* @return mixed
*/
public function getClientId()
{
return $this->clientData['client_id'];
}
/**
* Internal function used to get the client credentials from HTTP basic
* auth or POST data.
*
* According to the spec (draft 20), the client_id can be provided in
* the Basic Authorization header (recommended) or via GET/POST.
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return array|null A list containing the client identifier and password, for example:
* @code
* return array(
* "client_id" => CLIENT_ID, // REQUIRED the client id
* "client_secret" => CLIENT_SECRET, // OPTIONAL the client secret (may be omitted for public clients)
* );
* @endcode
*
* @see http://tools.ietf.org/html/rfc6749#section-2.3.1
*
* @ingroup oauth2_section_2
*/
public function getClientCredentials(RequestInterface $request, ResponseInterface $response = null)
{
if (!is_null($request->headers('PHP_AUTH_USER')) && !is_null($request->headers('PHP_AUTH_PW'))) {
return array('client_id' => $request->headers('PHP_AUTH_USER'), 'client_secret' => $request->headers('PHP_AUTH_PW'));
}
if ($this->config['allow_credentials_in_request_body']) {
// Using POST for HttpBasic authorization is not recommended, but is supported by specification
if (!is_null($request->request('client_id'))) {
/**
* client_secret can be null if the client's password is an empty string
* @see http://tools.ietf.org/html/rfc6749#section-2.3.1
*/
return array('client_id' => $request->request('client_id'), 'client_secret' => $request->request('client_secret'));
}
}
if ($response) {
$message = $this->config['allow_credentials_in_request_body'] ? ' or body' : '';
$response->setError(400, 'invalid_client', 'Client credentials were not found in the headers'.$message);
}
return null;
}
}

480
vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/AuthorizeController.php vendored
View file

@ -1,480 +0,0 @@
<?php
namespace OAuth2\Controller;
use OAuth2\Storage\ClientInterface;
use OAuth2\ScopeInterface;
use OAuth2\RequestInterface;
use OAuth2\ResponseInterface;
use OAuth2\Scope;
use InvalidArgumentException;
/**
* @see AuthorizeControllerInterface
*/
class AuthorizeController implements AuthorizeControllerInterface
{
/**
* @var string
*/
private $scope;
/**
* @var int
*/
private $state;
/**
* @var mixed
*/
private $client_id;
/**
* @var string
*/
private $redirect_uri;
/**
* The response type
*
* @var string
*/
private $response_type;
/**
* @var ClientInterface
*/
protected $clientStorage;
/**
* @var array
*/
protected $responseTypes;
/**
* @var array
*/
protected $config;
/**
* @var ScopeInterface
*/
protected $scopeUtil;
/**
* Constructor
*
* @param ClientInterface $clientStorage REQUIRED Instance of OAuth2\Storage\ClientInterface to retrieve client information
* @param array $responseTypes OPTIONAL Array of OAuth2\ResponseType\ResponseTypeInterface objects. Valid array
* keys are "code" and "token"
* @param array $config OPTIONAL Configuration options for the server:
* @param ScopeInterface $scopeUtil OPTIONAL Instance of OAuth2\ScopeInterface to validate the requested scope
* @code
* $config = array(
* 'allow_implicit' => false, // if the controller should allow the "implicit" grant type
* 'enforce_state' => true // if the controller should require the "state" parameter
* 'require_exact_redirect_uri' => true, // if the controller should require an exact match on the "redirect_uri" parameter
* 'redirect_status_code' => 302, // HTTP status code to use for redirect responses
* );
* @endcode
*/
public function __construct(ClientInterface $clientStorage, array $responseTypes = array(), array $config = array(), ScopeInterface $scopeUtil = null)
{
$this->clientStorage = $clientStorage;
$this->responseTypes = $responseTypes;
$this->config = array_merge(array(
'allow_implicit' => false,
'enforce_state' => true,
'require_exact_redirect_uri' => true,
'redirect_status_code' => 302,
), $config);
if (is_null($scopeUtil)) {
$scopeUtil = new Scope();
}
$this->scopeUtil = $scopeUtil;
}
/**
* Handle the authorization request
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @param boolean $is_authorized
* @param mixed $user_id
* @return mixed|void
* @throws InvalidArgumentException
*/
public function handleAuthorizeRequest(RequestInterface $request, ResponseInterface $response, $is_authorized, $user_id = null)
{
if (!is_bool($is_authorized)) {
throw new InvalidArgumentException('Argument "is_authorized" must be a boolean. This method must know if the user has granted access to the client.');
}
// We repeat this, because we need to re-validate. The request could be POSTed
// by a 3rd-party (because we are not internally enforcing NONCEs, etc)
if (!$this->validateAuthorizeRequest($request, $response)) {
return;
}
// If no redirect_uri is passed in the request, use client's registered one
if (empty($this->redirect_uri)) {
$clientData = $this->clientStorage->getClientDetails($this->client_id);
$registered_redirect_uri = $clientData['redirect_uri'];
}
// the user declined access to the client's application
if ($is_authorized === false) {
$redirect_uri = $this->redirect_uri ?: $registered_redirect_uri;
$this->setNotAuthorizedResponse($request, $response, $redirect_uri, $user_id);
return;
}
// build the parameters to set in the redirect URI
if (!$params = $this->buildAuthorizeParameters($request, $response, $user_id)) {
return;
}
$authResult = $this->responseTypes[$this->response_type]->getAuthorizeResponse($params, $user_id);
list($redirect_uri, $uri_params) = $authResult;
if (empty($redirect_uri) && !empty($registered_redirect_uri)) {
$redirect_uri = $registered_redirect_uri;
}
$uri = $this->buildUri($redirect_uri, $uri_params);
// return redirect response
$response->setRedirect($this->config['redirect_status_code'], $uri);
}
/**
* Set not authorized response
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @param string $redirect_uri
* @param mixed $user_id
*/
protected function setNotAuthorizedResponse(RequestInterface $request, ResponseInterface $response, $redirect_uri, $user_id = null)
{
$error = 'access_denied';
$error_message = 'The user denied access to your application';
$response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $this->state, $error, $error_message);
}
/**
* We have made this protected so this class can be extended to add/modify
* these parameters
*
* @TODO: add dependency injection for the parameters in this method
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @param mixed $user_id
* @return array
*/
protected function buildAuthorizeParameters($request, $response, $user_id)
{
// @TODO: we should be explicit with this in the future
$params = array(
'scope' => $this->scope,
'state' => $this->state,
'client_id' => $this->client_id,
'redirect_uri' => $this->redirect_uri,
'response_type' => $this->response_type,
);
return $params;
}
/**
* Validate the OAuth request
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return bool
*/
public function validateAuthorizeRequest(RequestInterface $request, ResponseInterface $response)
{
// Make sure a valid client id was supplied (we can not redirect because we were unable to verify the URI)
if (!$client_id = $request->query('client_id', $request->request('client_id'))) {
// We don't have a good URI to use
$response->setError(400, 'invalid_client', "No client id supplied");
return false;
}
// Get client details
if (!$clientData = $this->clientStorage->getClientDetails($client_id)) {
$response->setError(400, 'invalid_client', 'The client id supplied is invalid');
return false;
}
$registered_redirect_uri = isset($clientData['redirect_uri']) ? $clientData['redirect_uri'] : '';
// Make sure a valid redirect_uri was supplied. If specified, it must match the clientData URI.
// @see http://tools.ietf.org/html/rfc6749#section-3.1.2
// @see http://tools.ietf.org/html/rfc6749#section-4.1.2.1
// @see http://tools.ietf.org/html/rfc6749#section-4.2.2.1
if ($supplied_redirect_uri = $request->query('redirect_uri', $request->request('redirect_uri'))) {
// validate there is no fragment supplied
$parts = parse_url($supplied_redirect_uri);
if (isset($parts['fragment']) && $parts['fragment']) {
$response->setError(400, 'invalid_uri', 'The redirect URI must not contain a fragment');
return false;
}
// validate against the registered redirect uri(s) if available
if ($registered_redirect_uri && !$this->validateRedirectUri($supplied_redirect_uri, $registered_redirect_uri)) {
$response->setError(400, 'redirect_uri_mismatch', 'The redirect URI provided is missing or does not match', '#section-3.1.2');
return false;
}
$redirect_uri = $supplied_redirect_uri;
} else {
// use the registered redirect_uri if none has been supplied, if possible
if (!$registered_redirect_uri) {
$response->setError(400, 'invalid_uri', 'No redirect URI was supplied or stored');
return false;
}
if (count(explode(' ', $registered_redirect_uri)) > 1) {
$response->setError(400, 'invalid_uri', 'A redirect URI must be supplied when multiple redirect URIs are registered', '#section-3.1.2.3');
return false;
}
$redirect_uri = $registered_redirect_uri;
}
// Select the response type
$response_type = $request->query('response_type', $request->request('response_type'));
// for multiple-valued response types - make them alphabetical
if (false !== strpos($response_type, ' ')) {
$types = explode(' ', $response_type);
sort($types);
$response_type = ltrim(implode(' ', $types));
}
$state = $request->query('state', $request->request('state'));
// type and client_id are required
if (!$response_type || !in_array($response_type, $this->getValidResponseTypes())) {
$response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $state, 'invalid_request', 'Invalid or missing response type', null);
return false;
}
if ($response_type == self::RESPONSE_TYPE_AUTHORIZATION_CODE) {
if (!isset($this->responseTypes['code'])) {
$response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $state, 'unsupported_response_type', 'authorization code grant type not supported', null);
return false;
}
if (!$this->clientStorage->checkRestrictedGrantType($client_id, 'authorization_code')) {
$response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $state, 'unauthorized_client', 'The grant type is unauthorized for this client_id', null);
return false;
}
if ($this->responseTypes['code']->enforceRedirect() && !$redirect_uri) {
$response->setError(400, 'redirect_uri_mismatch', 'The redirect URI is mandatory and was not supplied');
return false;
}
} else {
if (!$this->config['allow_implicit']) {
$response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $state, 'unsupported_response_type', 'implicit grant type not supported', null);
return false;
}
if (!$this->clientStorage->checkRestrictedGrantType($client_id, 'implicit')) {
$response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $state, 'unauthorized_client', 'The grant type is unauthorized for this client_id', null);
return false;
}
}
// validate requested scope if it exists
$requestedScope = $this->scopeUtil->getScopeFromRequest($request);
if ($requestedScope) {
// restrict scope by client specific scope if applicable,
// otherwise verify the scope exists
$clientScope = $this->clientStorage->getClientScope($client_id);
if ((empty($clientScope) && !$this->scopeUtil->scopeExists($requestedScope))
|| (!empty($clientScope) && !$this->scopeUtil->checkScope($requestedScope, $clientScope))) {
$response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $state, 'invalid_scope', 'An unsupported scope was requested', null);
return false;
}
} else {
// use a globally-defined default scope
$defaultScope = $this->scopeUtil->getDefaultScope($client_id);
if (false === $defaultScope) {
$response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $state, 'invalid_client', 'This application requires you specify a scope parameter', null);
return false;
}
$requestedScope = $defaultScope;
}
// Validate state parameter exists (if configured to enforce this)
if ($this->config['enforce_state'] && !$state) {
$response->setRedirect($this->config['redirect_status_code'], $redirect_uri, null, 'invalid_request', 'The state parameter is required');
return false;
}
// save the input data and return true
$this->scope = $requestedScope;
$this->state = $state;
$this->client_id = $client_id;
// Only save the SUPPLIED redirect URI (@see http://tools.ietf.org/html/rfc6749#section-4.1.3)
$this->redirect_uri = $supplied_redirect_uri;
$this->response_type = $response_type;
return true;
}
/**
* Build the absolute URI based on supplied URI and parameters.
*
* @param string $uri An absolute URI.
* @param array $params Parameters to be append as GET.
*
* @return string
* An absolute URI with supplied parameters.
*
* @ingroup oauth2_section_4
*/
private function buildUri($uri, $params)
{
$parse_url = parse_url($uri);
// Add our params to the parsed uri
foreach ($params as $k => $v) {
if (isset($parse_url[$k])) {
$parse_url[$k] .= "&" . http_build_query($v, '', '&');
} else {
$parse_url[$k] = http_build_query($v, '', '&');
}
}
// Put the uri back together
return
((isset($parse_url["scheme"])) ? $parse_url["scheme"] . "://" : "")
. ((isset($parse_url["user"])) ? $parse_url["user"]
. ((isset($parse_url["pass"])) ? ":" . $parse_url["pass"] : "") . "@" : "")
. ((isset($parse_url["host"])) ? $parse_url["host"] : "")
. ((isset($parse_url["port"])) ? ":" . $parse_url["port"] : "")
. ((isset($parse_url["path"])) ? $parse_url["path"] : "")
. ((isset($parse_url["query"]) && !empty($parse_url['query'])) ? "?" . $parse_url["query"] : "")
. ((isset($parse_url["fragment"])) ? "#" . $parse_url["fragment"] : "")
;
}
protected function getValidResponseTypes()
{
return array(
self::RESPONSE_TYPE_ACCESS_TOKEN,
self::RESPONSE_TYPE_AUTHORIZATION_CODE,
);
}
/**
* Internal method for validating redirect URI supplied
*
* @param string $inputUri The submitted URI to be validated
* @param string $registeredUriString The allowed URI(s) to validate against. Can be a space-delimited string of URIs to
* allow for multiple URIs
* @return bool
* @see http://tools.ietf.org/html/rfc6749#section-3.1.2
*/
protected function validateRedirectUri($inputUri, $registeredUriString)
{
if (!$inputUri || !$registeredUriString) {
return false; // if either one is missing, assume INVALID
}
$registered_uris = preg_split('/\s+/', $registeredUriString);
foreach ($registered_uris as $registered_uri) {
if ($this->config['require_exact_redirect_uri']) {
// the input uri is validated against the registered uri using exact match
if (strcmp($inputUri, $registered_uri) === 0) {
return true;
}
} else {
$registered_uri_length = strlen($registered_uri);
if ($registered_uri_length === 0) {
return false;
}
// the input uri is validated against the registered uri using case-insensitive match of the initial string
// i.e. additional query parameters may be applied
if (strcasecmp(substr($inputUri, 0, $registered_uri_length), $registered_uri) === 0) {
return true;
}
}
}
return false;
}
/**
* Convenience method to access the scope
*
* @return string
*/
public function getScope()
{
return $this->scope;
}
/**
* Convenience method to access the state
*
* @return int
*/
public function getState()
{
return $this->state;
}
/**
* Convenience method to access the client id
*
* @return mixed
*/
public function getClientId()
{
return $this->client_id;
}
/**
* Convenience method to access the redirect url
*
* @return string
*/
public function getRedirectUri()
{
return $this->redirect_uri;
}
/**
* Convenience method to access the response type
*
* @return string
*/
public function getResponseType()
{
return $this->response_type;
}
}

58
vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/AuthorizeControllerInterface.php vendored
View file

@ -1,58 +0,0 @@
<?php
namespace OAuth2\Controller;
use OAuth2\RequestInterface;
use OAuth2\ResponseInterface;
/**
* This controller is called when a user should be authorized
* by an authorization server. As OAuth2 does not handle
* authorization directly, this controller ensures the request is valid, but
* requires the application to determine the value of $is_authorized
*
* @code
* $user_id = $this->somehowDetermineUserId();
* $is_authorized = $this->somehowDetermineUserAuthorization();
* $response = new OAuth2\Response();
* $authorizeController->handleAuthorizeRequest(
* OAuth2\Request::createFromGlobals(),
* $response,
* $is_authorized,
* $user_id
* );
* $response->send();
* @endcode
*/
interface AuthorizeControllerInterface
{
/**
* List of possible authentication response types.
* The "authorization_code" mechanism exclusively supports 'code'
* and the "implicit" mechanism exclusively supports 'token'.
*
* @var string
* @see http://tools.ietf.org/html/rfc6749#section-4.1.1
* @see http://tools.ietf.org/html/rfc6749#section-4.2.1
*/
const RESPONSE_TYPE_AUTHORIZATION_CODE = 'code';
const RESPONSE_TYPE_ACCESS_TOKEN = 'token';
/**
* Handle the OAuth request
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @param $is_authorized
* @param null $user_id
* @return mixed
*/
public function handleAuthorizeRequest(RequestInterface $request, ResponseInterface $response, $is_authorized, $user_id = null);
/**
* @param RequestInterface $request
* @param ResponseInterface $response
* @return bool
*/
public function validateAuthorizeRequest(RequestInterface $request, ResponseInterface $response);
}

156
vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/ResourceController.php vendored
View file

@ -1,156 +0,0 @@
<?php
namespace OAuth2\Controller;
use OAuth2\TokenType\TokenTypeInterface;
use OAuth2\Storage\AccessTokenInterface;
use OAuth2\ScopeInterface;
use OAuth2\RequestInterface;
use OAuth2\ResponseInterface;
use OAuth2\Scope;
/**
* @see ResourceControllerInterface
*/
class ResourceController implements ResourceControllerInterface
{
/**
* @var array
*/
private $token;
/**
* @var TokenTypeInterface
*/
protected $tokenType;
/**
* @var AccessTokenInterface
*/
protected $tokenStorage;
/**
* @var array
*/
protected $config;
/**
* @var ScopeInterface
*/
protected $scopeUtil;
/**
* Constructor
*
* @param TokenTypeInterface $tokenType
* @param AccessTokenInterface $tokenStorage
* @param array $config
* @param ScopeInterface $scopeUtil
*/
public function __construct(TokenTypeInterface $tokenType, AccessTokenInterface $tokenStorage, $config = array(), ScopeInterface $scopeUtil = null)
{
$this->tokenType = $tokenType;
$this->tokenStorage = $tokenStorage;
$this->config = array_merge(array(
'www_realm' => 'Service',
), $config);
if (is_null($scopeUtil)) {
$scopeUtil = new Scope();
}
$this->scopeUtil = $scopeUtil;
}
/**
* Verify the resource request
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @param null $scope
* @return bool
*/
public function verifyResourceRequest(RequestInterface $request, ResponseInterface $response, $scope = null)
{
$token = $this->getAccessTokenData($request, $response);
// Check if we have token data
if (is_null($token)) {
return false;
}
/**
* Check scope, if provided
* If token doesn't have a scope, it's null/empty, or it's insufficient, then throw 403
* @see http://tools.ietf.org/html/rfc6750#section-3.1
*/
if ($scope && (!isset($token["scope"]) || !$token["scope"] || !$this->scopeUtil->checkScope($scope, $token["scope"]))) {
$response->setError(403, 'insufficient_scope', 'The request requires higher privileges than provided by the access token');
$response->addHttpHeaders(array(
'WWW-Authenticate' => sprintf('%s realm="%s", scope="%s", error="%s", error_description="%s"',
$this->tokenType->getTokenType(),
$this->config['www_realm'],
$scope,
$response->getParameter('error'),
$response->getParameter('error_description')
)
));
return false;
}
// allow retrieval of the token
$this->token = $token;
return (bool) $token;
}
/**
* Get access token data.
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return array|null
*/
public function getAccessTokenData(RequestInterface $request, ResponseInterface $response)
{
// Get the token parameter
if ($token_param = $this->tokenType->getAccessTokenParameter($request, $response)) {
// Get the stored token data (from the implementing subclass)
// Check we have a well formed token
// Check token expiration (expires is a mandatory paramter)
if (!$token = $this->tokenStorage->getAccessToken($token_param)) {
$response->setError(401, 'invalid_token', 'The access token provided is invalid');
} elseif (!isset($token["expires"]) || !isset($token["client_id"])) {
$response->setError(401, 'malformed_token', 'Malformed token (missing "expires")');
} elseif (time() > $token["expires"]) {
$response->setError(401, 'invalid_token', 'The access token provided has expired');
} else {
return $token;
}
}
$authHeader = sprintf('%s realm="%s"', $this->tokenType->getTokenType(), $this->config['www_realm']);
if ($error = $response->getParameter('error')) {
$authHeader = sprintf('%s, error="%s"', $authHeader, $error);
if ($error_description = $response->getParameter('error_description')) {
$authHeader = sprintf('%s, error_description="%s"', $authHeader, $error_description);
}
}
$response->addHttpHeaders(array('WWW-Authenticate' => $authHeader));
return null;
}
/**
* convenience method to allow retrieval of the token.
*
* @return array
*/
public function getToken()
{
return $this->token;
}
}

41
vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/ResourceControllerInterface.php vendored
View file

@ -1,41 +0,0 @@
<?php
namespace OAuth2\Controller;
use OAuth2\RequestInterface;
use OAuth2\ResponseInterface;
/**
* This controller is called when a "resource" is requested.
* call verifyResourceRequest in order to determine if the request
* contains a valid token.
*
* @code
* if (!$resourceController->verifyResourceRequest(OAuth2\Request::createFromGlobals(), $response = new OAuth2\Response())) {
* $response->send(); // authorization failed
* die();
* }
* return json_encode($resource); // valid token! Send the stuff!
* @endcode
*/
interface ResourceControllerInterface
{
/**
* Verify the resource request
*
* @param RequestInterface $request - Request object
* @param ResponseInterface $response - Response object
* @param string $scope
* @return mixed
*/
public function verifyResourceRequest(RequestInterface $request, ResponseInterface $response, $scope = null);
/**
* Get access token data.
*
* @param RequestInterface $request - Request object
* @param ResponseInterface $response - Response object
* @return mixed
*/
public function getAccessTokenData(RequestInterface $request, ResponseInterface $response);
}

333
vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/TokenController.php vendored
View file

@ -1,333 +0,0 @@
<?php
namespace OAuth2\Controller;
use OAuth2\ResponseType\AccessTokenInterface;
use OAuth2\ClientAssertionType\ClientAssertionTypeInterface;
use OAuth2\GrantType\GrantTypeInterface;
use OAuth2\ScopeInterface;
use OAuth2\Scope;
use OAuth2\Storage\ClientInterface;
use OAuth2\RequestInterface;
use OAuth2\ResponseInterface;
use InvalidArgumentException;
use LogicException;
use RuntimeException;
/**
* @see TokenControllerInterface
*/
class TokenController implements TokenControllerInterface
{
/**
* @var AccessTokenInterface
*/
protected $accessToken;
/**
* @var array<GrantTypeInterface>
*/
protected $grantTypes;
/**
* @var ClientAssertionTypeInterface
*/
protected $clientAssertionType;
/**
* @var ScopeInterface
*/
protected $scopeUtil;
/**
* @var ClientInterface
*/
protected $clientStorage;
/**
* Constructor
*
* @param AccessTokenInterface $accessToken
* @param ClientInterface $clientStorage
* @param array $grantTypes
* @param ClientAssertionTypeInterface $clientAssertionType
* @param ScopeInterface $scopeUtil
* @throws InvalidArgumentException
*/
public function __construct(AccessTokenInterface $accessToken, ClientInterface $clientStorage, array $grantTypes = array(), ClientAssertionTypeInterface $clientAssertionType = null, ScopeInterface $scopeUtil = null)
{
if (is_null($clientAssertionType)) {
foreach ($grantTypes as $grantType) {
if (!$grantType instanceof ClientAssertionTypeInterface) {
throw new InvalidArgumentException('You must supply an instance of OAuth2\ClientAssertionType\ClientAssertionTypeInterface or only use grant types which implement OAuth2\ClientAssertionType\ClientAssertionTypeInterface');
}
}
}
$this->clientAssertionType = $clientAssertionType;
$this->accessToken = $accessToken;
$this->clientStorage = $clientStorage;
foreach ($grantTypes as $grantType) {
$this->addGrantType($grantType);
}
if (is_null($scopeUtil)) {
$scopeUtil = new Scope();
}
$this->scopeUtil = $scopeUtil;
}
/**
* Handle the token request.
*
* @param RequestInterface $request - Request object to grant access token
* @param ResponseInterface $response - Response object
*/
public function handleTokenRequest(RequestInterface $request, ResponseInterface $response)
{
if ($token = $this->grantAccessToken($request, $response)) {
// @see http://tools.ietf.org/html/rfc6749#section-5.1
// server MUST disable caching in headers when tokens are involved
$response->setStatusCode(200);
$response->addParameters($token);
$response->addHttpHeaders(array(
'Cache-Control' => 'no-store',
'Pragma' => 'no-cache',
'Content-Type' => 'application/json'
));
}
}
/**
* Grant or deny a requested access token.
* This would be called from the "/token" endpoint as defined in the spec.
* You can call your endpoint whatever you want.
*
* @param RequestInterface $request - Request object to grant access token
* @param ResponseInterface $response - Response object
*
* @return bool|null|array
*
* @throws \InvalidArgumentException
* @throws \LogicException
*
* @see http://tools.ietf.org/html/rfc6749#section-4
* @see http://tools.ietf.org/html/rfc6749#section-10.6
* @see http://tools.ietf.org/html/rfc6749#section-4.1.3
*
* @ingroup oauth2_section_4
*/
public function grantAccessToken(RequestInterface $request, ResponseInterface $response)
{
if (strtolower($request->server('REQUEST_METHOD')) === 'options') {
$response->addHttpHeaders(array('Allow' => 'POST, OPTIONS'));
return null;
}
if (strtolower($request->server('REQUEST_METHOD')) !== 'post') {
$response->setError(405, 'invalid_request', 'The request method must be POST when requesting an access token', '#section-3.2');
$response->addHttpHeaders(array('Allow' => 'POST, OPTIONS'));
return null;
}
/**
* Determine grant type from request
* and validate the request for that grant type
*/
if (!$grantTypeIdentifier = $request->request('grant_type')) {
$response->setError(400, 'invalid_request', 'The grant type was not specified in the request');
return null;
}
if (!isset($this->grantTypes[$grantTypeIdentifier])) {
/* TODO: If this is an OAuth2 supported grant type that we have chosen not to implement, throw a 501 Not Implemented instead */
$response->setError(400, 'unsupported_grant_type', sprintf('Grant type "%s" not supported', $grantTypeIdentifier));
return null;
}
/** @var GrantTypeInterface $grantType */
$grantType = $this->grantTypes[$grantTypeIdentifier];
/**
* Retrieve the client information from the request
* ClientAssertionTypes allow for grant types which also assert the client data
* in which case ClientAssertion is handled in the validateRequest method
*
* @see \OAuth2\GrantType\JWTBearer
* @see \OAuth2\GrantType\ClientCredentials
*/
if (!$grantType instanceof ClientAssertionTypeInterface) {
if (!$this->clientAssertionType->validateRequest($request, $response)) {
return null;
}
$clientId = $this->clientAssertionType->getClientId();
}
/**
* Retrieve the grant type information from the request
* The GrantTypeInterface object handles all validation
* If the object is an instance of ClientAssertionTypeInterface,
* That logic is handled here as well
*/
if (!$grantType->validateRequest($request, $response)) {
return null;
}
if ($grantType instanceof ClientAssertionTypeInterface) {
$clientId = $grantType->getClientId();
} else {
// validate the Client ID (if applicable)
if (!is_null($storedClientId = $grantType->getClientId()) && $storedClientId != $clientId) {
$response->setError(400, 'invalid_grant', sprintf('%s doesn\'t exist or is invalid for the client', $grantTypeIdentifier));
return null;
}
}
/**
* Validate the client can use the requested grant type
*/
if (!$this->clientStorage->checkRestrictedGrantType($clientId, $grantTypeIdentifier)) {
$response->setError(400, 'unauthorized_client', 'The grant type is unauthorized for this client_id');
return false;
}
/**
* Validate the scope of the token
*
* requestedScope - the scope specified in the token request
* availableScope - the scope associated with the grant type
* ex: in the case of the "Authorization Code" grant type,
* the scope is specified in the authorize request
*
* @see http://tools.ietf.org/html/rfc6749#section-3.3
*/
$requestedScope = $this->scopeUtil->getScopeFromRequest($request);
$availableScope = $grantType->getScope();
if ($requestedScope) {
// validate the requested scope
if ($availableScope) {
if (!$this->scopeUtil->checkScope($requestedScope, $availableScope)) {
$response->setError(400, 'invalid_scope', 'The scope requested is invalid for this request');
return null;
}
} else {
// validate the client has access to this scope
if ($clientScope = $this->clientStorage->getClientScope($clientId)) {
if (!$this->scopeUtil->checkScope($requestedScope, $clientScope)) {
$response->setError(400, 'invalid_scope', 'The scope requested is invalid for this client');
return false;
}
} elseif (!$this->scopeUtil->scopeExists($requestedScope)) {
$response->setError(400, 'invalid_scope', 'An unsupported scope was requested');
return null;
}
}
} elseif ($availableScope) {
// use the scope associated with this grant type
$requestedScope = $availableScope;
} else {
// use a globally-defined default scope
$defaultScope = $this->scopeUtil->getDefaultScope($clientId);
// "false" means default scopes are not allowed
if (false === $defaultScope) {
$response->setError(400, 'invalid_scope', 'This application requires you specify a scope parameter');
return null;
}
$requestedScope = $defaultScope;
}
return $grantType->createAccessToken($this->accessToken, $clientId, $grantType->getUserId(), $requestedScope);
}
/**
* Add grant type
*
* @param GrantTypeInterface $grantType - the grant type to add for the specified identifier
* @param string|null $identifier - a string passed in as "grant_type" in the response that will call this grantType
*/
public function addGrantType(GrantTypeInterface $grantType, $identifier = null)
{
if (is_null($identifier) || is_numeric($identifier)) {
$identifier = $grantType->getQueryStringIdentifier();
}
$this->grantTypes[$identifier] = $grantType;
}
/**
* @param RequestInterface $request
* @param ResponseInterface $response
*/
public function handleRevokeRequest(RequestInterface $request, ResponseInterface $response)
{
if ($this->revokeToken($request, $response)) {
$response->setStatusCode(200);
$response->addParameters(array('revoked' => true));
}
}
/**
* Revoke a refresh or access token. Returns true on success and when tokens are invalid
*
* Note: invalid tokens do not cause an error response since the client
* cannot handle such an error in a reasonable way. Moreover, the
* purpose of the revocation request, invalidating the particular token,
* is already achieved.
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @throws RuntimeException
* @return bool|null
*/
public function revokeToken(RequestInterface $request, ResponseInterface $response)
{
if (strtolower($request->server('REQUEST_METHOD')) === 'options') {
$response->addHttpHeaders(array('Allow' => 'POST, OPTIONS'));
return null;
}
if (strtolower($request->server('REQUEST_METHOD')) !== 'post') {
$response->setError(405, 'invalid_request', 'The request method must be POST when revoking an access token', '#section-3.2');
$response->addHttpHeaders(array('Allow' => 'POST, OPTIONS'));
return null;
}
$token_type_hint = $request->request('token_type_hint');
if (!in_array($token_type_hint, array(null, 'access_token', 'refresh_token'), true)) {
$response->setError(400, 'invalid_request', 'Token type hint must be either \'access_token\' or \'refresh_token\'');
return null;
}
$token = $request->request('token');
if ($token === null) {
$response->setError(400, 'invalid_request', 'Missing token parameter to revoke');
return null;
}
// @todo remove this check for v2.0
if (!method_exists($this->accessToken, 'revokeToken')) {
$class = get_class($this->accessToken);
throw new RuntimeException("AccessToken {$class} does not implement required revokeToken method");
}
$this->accessToken->revokeToken($token, $token_type_hint);
return true;
}
}

39
vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/TokenControllerInterface.php vendored
View file

@ -1,39 +0,0 @@
<?php
namespace OAuth2\Controller;
use OAuth2\RequestInterface;
use OAuth2\ResponseInterface;
/**
* This controller is called when a token is being requested.
* it is called to handle all grant types the application supports.
* It also validates the client's credentials
*
* @code
* $tokenController->handleTokenRequest(OAuth2\Request::createFromGlobals(), $response = new OAuth2\Response());
* $response->send();
* @endcode
*/
interface TokenControllerInterface
{
/**
* Handle the token request
*
* @param RequestInterface $request - The current http request
* @param ResponseInterface $response - An instance of OAuth2\ResponseInterface to contain the response data
*/
public function handleTokenRequest(RequestInterface $request, ResponseInterface $response);
/**
* Grant or deny a requested access token.
* This would be called from the "/token" endpoint as defined in the spec.
* You can call your endpoint whatever you want.
*
* @param RequestInterface $request - Request object to grant access token
* @param ResponseInterface $response - Response object
*
* @return mixed
*/
public function grantAccessToken(RequestInterface $request, ResponseInterface $response);
}

34
vendor/bshaffer/oauth2-server-php/src/OAuth2/Encryption/EncryptionInterface.php vendored
View file

@ -1,34 +0,0 @@
<?php
namespace OAuth2\Encryption;
interface EncryptionInterface
{
/**
* @param $payload
* @param $key
* @param null $algorithm
* @return mixed
*/
public function encode($payload, $key, $algorithm = null);
/**
* @param $payload
* @param $key
* @param null $algorithm
* @return mixed
*/
public function decode($payload, $key, $algorithm = null);
/**
* @param $data
* @return mixed
*/
public function urlSafeB64Encode($data);
/**
* @param $b64
* @return mixed
*/
public function urlSafeB64Decode($b64);
}

47
vendor/bshaffer/oauth2-server-php/src/OAuth2/Encryption/FirebaseJwt.php vendored
View file

@ -1,47 +0,0 @@
<?php
namespace OAuth2\Encryption;
/**
* Bridge file to use the firebase/php-jwt package for JWT encoding and decoding.
* @author Francis Chuang <francis.chuang@gmail.com>
*/
class FirebaseJwt implements EncryptionInterface
{
public function __construct()
{
if (!class_exists('\JWT')) {
throw new \ErrorException('firebase/php-jwt must be installed to use this feature. You can do this by running "composer require firebase/php-jwt"');
}
}
public function encode($payload, $key, $alg = 'HS256', $keyId = null)
{
return \JWT::encode($payload, $key, $alg, $keyId);
}
public function decode($jwt, $key = null, $allowedAlgorithms = null)
{
try {
//Maintain BC: Do not verify if no algorithms are passed in.
if (!$allowedAlgorithms) {
$key = null;
}
return (array)\JWT::decode($jwt, $key, $allowedAlgorithms);
} catch (\Exception $e) {
return false;
}
}
public function urlSafeB64Encode($data)
{
return \JWT::urlsafeB64Encode($data);
}
public function urlSafeB64Decode($b64)
{
return \JWT::urlsafeB64Decode($b64);
}
}

223
vendor/bshaffer/oauth2-server-php/src/OAuth2/Encryption/Jwt.php vendored
View file

@ -1,223 +0,0 @@
<?php
namespace OAuth2\Encryption;
use Exception;
use InvalidArgumentException;
/**
* @link https://github.com/F21/jwt
* @author F21
*/
class Jwt implements EncryptionInterface
{
/**
* @param $payload
* @param $key
* @param string $algo
* @return string
*/
public function encode($payload, $key, $algo = 'HS256')
{
$header = $this->generateJwtHeader($payload, $algo);
$segments = array(
$this->urlSafeB64Encode(json_encode($header)),
$this->urlSafeB64Encode(json_encode($payload))
);
$signing_input = implode('.', $segments);
$signature = $this->sign($signing_input, $key, $algo);
$segments[] = $this->urlsafeB64Encode($signature);
return implode('.', $segments);
}
/**
* @param string $jwt
* @param null $key
* @param array|bool $allowedAlgorithms
* @return bool|mixed
*/
public function decode($jwt, $key = null, $allowedAlgorithms = true)
{
if (!strpos($jwt, '.')) {
return false;
}
$tks = explode('.', $jwt);
if (count($tks) != 3) {
return false;
}
list($headb64, $payloadb64, $cryptob64) = $tks;
if (null === ($header = json_decode($this->urlSafeB64Decode($headb64), true))) {
return false;
}
if (null === $payload = json_decode($this->urlSafeB64Decode($payloadb64), true)) {
return false;
}
$sig = $this->urlSafeB64Decode($cryptob64);
if ((bool) $allowedAlgorithms) {
if (!isset($header['alg'])) {
return false;
}
// check if bool arg supplied here to maintain BC
if (is_array($allowedAlgorithms) && !in_array($header['alg'], $allowedAlgorithms)) {
return false;
}
if (!$this->verifySignature($sig, "$headb64.$payloadb64", $key, $header['alg'])) {
return false;
}
}
return $payload;
}
/**
* @param $signature
* @param $input
* @param $key
* @param string $algo
* @return bool
* @throws InvalidArgumentException
*/
private function verifySignature($signature, $input, $key, $algo = 'HS256')
{
// use constants when possible, for HipHop support
switch ($algo) {
case'HS256':
case'HS384':
case'HS512':
return $this->hash_equals(
$this->sign($input, $key, $algo),
$signature
);
case 'RS256':
return openssl_verify($input, $signature, $key, defined('OPENSSL_ALGO_SHA256') ? OPENSSL_ALGO_SHA256 : 'sha256') === 1;
case 'RS384':
return @openssl_verify($input, $signature, $key, defined('OPENSSL_ALGO_SHA384') ? OPENSSL_ALGO_SHA384 : 'sha384') === 1;
case 'RS512':
return @openssl_verify($input, $signature, $key, defined('OPENSSL_ALGO_SHA512') ? OPENSSL_ALGO_SHA512 : 'sha512') === 1;
default:
throw new InvalidArgumentException("Unsupported or invalid signing algorithm.");
}
}
/**
* @param $input
* @param $key
* @param string $algo
* @return string
* @throws Exception
*/
private function sign($input, $key, $algo = 'HS256')
{
switch ($algo) {
case 'HS256':
return hash_hmac('sha256', $input, $key, true);
case 'HS384':
return hash_hmac('sha384', $input, $key, true);
case 'HS512':
return hash_hmac('sha512', $input, $key, true);
case 'RS256':
return $this->generateRSASignature($input, $key, defined('OPENSSL_ALGO_SHA256') ? OPENSSL_ALGO_SHA256 : 'sha256');
case 'RS384':
return $this->generateRSASignature($input, $key, defined('OPENSSL_ALGO_SHA384') ? OPENSSL_ALGO_SHA384 : 'sha384');
case 'RS512':
return $this->generateRSASignature($input, $key, defined('OPENSSL_ALGO_SHA512') ? OPENSSL_ALGO_SHA512 : 'sha512');
default:
throw new Exception("Unsupported or invalid signing algorithm.");
}
}
/**
* @param $input
* @param $key
* @param string $algo
* @return mixed
* @throws Exception
*/
private function generateRSASignature($input, $key, $algo)
{
if (!openssl_sign($input, $signature, $key, $algo)) {
throw new Exception("Unable to sign data.");
}
return $signature;
}
/**
* @param string $data
* @return string
*/
public function urlSafeB64Encode($data)
{
$b64 = base64_encode($data);
$b64 = str_replace(array('+', '/', "\r", "\n", '='),
array('-', '_'),
$b64);
return $b64;
}
/**
* @param string $b64
* @return mixed|string
*/
public function urlSafeB64Decode($b64)
{
$b64 = str_replace(array('-', '_'),
array('+', '/'),
$b64);
return base64_decode($b64);
}
/**
* Override to create a custom header
*/
protected function generateJwtHeader($payload, $algorithm)
{
return array(
'typ' => 'JWT',
'alg' => $algorithm,
);
}
/**
* @param string $a
* @param string $b
* @return bool
*/
protected function hash_equals($a, $b)
{
if (function_exists('hash_equals')) {
return hash_equals($a, $b);
}
$diff = strlen($a) ^ strlen($b);
for ($i = 0; $i < strlen($a) && $i < strlen($b); $i++) {
$diff |= ord($a[$i]) ^ ord($b[$i]);
}
return $diff === 0;
}
}

142
vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/AuthorizationCode.php vendored
View file

@ -1,142 +0,0 @@
<?php
namespace OAuth2\GrantType;
use OAuth2\Storage\AuthorizationCodeInterface;
use OAuth2\ResponseType\AccessTokenInterface;
use OAuth2\RequestInterface;
use OAuth2\ResponseInterface;
use Exception;
/**
* @author Brent Shaffer <bshafs at gmail dot com>
*/
class AuthorizationCode implements GrantTypeInterface
{
/**
* @var AuthorizationCodeInterface
*/
protected $storage;
/**
* @var array
*/
protected $authCode;
/**
* @param AuthorizationCodeInterface $storage - REQUIRED Storage class for retrieving authorization code information
*/
public function __construct(AuthorizationCodeInterface $storage)
{
$this->storage = $storage;
}
/**
* @return string
*/
public function getQueryStringIdentifier()
{
return 'authorization_code';
}
/**
* Validate the OAuth request
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return bool
* @throws Exception
*/
public function validateRequest(RequestInterface $request, ResponseInterface $response)
{
if (!$request->request('code')) {
$response->setError(400, 'invalid_request', 'Missing parameter: "code" is required');
return false;
}
$code = $request->request('code');
if (!$authCode = $this->storage->getAuthorizationCode($code)) {
$response->setError(400, 'invalid_grant', 'Authorization code doesn\'t exist or is invalid for the client');
return false;
}
/*
* 4.1.3 - ensure that the "redirect_uri" parameter is present if the "redirect_uri" parameter was included in the initial authorization request
* @uri - http://tools.ietf.org/html/rfc6749#section-4.1.3
*/
if (isset($authCode['redirect_uri']) && $authCode['redirect_uri']) {
if (!$request->request('redirect_uri') || urldecode($request->request('redirect_uri')) != urldecode($authCode['redirect_uri'])) {
$response->setError(400, 'redirect_uri_mismatch', "The redirect URI is missing or do not match", "#section-4.1.3");
return false;
}
}
if (!isset($authCode['expires'])) {
throw new \Exception('Storage must return authcode with a value for "expires"');
}
if ($authCode["expires"] < time()) {
$response->setError(400, 'invalid_grant', "The authorization code has expired");
return false;
}
if (!isset($authCode['code'])) {
$authCode['code'] = $code; // used to expire the code after the access token is granted
}
$this->authCode = $authCode;
return true;
}
/**
* Get the client id
*
* @return mixed
*/
public function getClientId()
{
return $this->authCode['client_id'];
}
/**
* Get the scope
*
* @return string
*/
public function getScope()
{
return isset($this->authCode['scope']) ? $this->authCode['scope'] : null;
}
/**
* Get the user id
*
* @return mixed
*/
public function getUserId()
{
return isset($this->authCode['user_id']) ? $this->authCode['user_id'] : null;
}
/**
* Create access token
*
* @param AccessTokenInterface $accessToken
* @param mixed $client_id - client identifier related to the access token.
* @param mixed $user_id - user id associated with the access token
* @param string $scope - scopes to be stored in space-separated string.
* @return array
*/
public function createAccessToken(AccessTokenInterface $accessToken, $client_id, $user_id, $scope)
{
$token = $accessToken->createAccessToken($client_id, $user_id, $scope);
$this->storage->expireAuthorizationCode($this->authCode['code']);
return $token;
}
}

98
vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/ClientCredentials.php vendored
View file

@ -1,98 +0,0 @@
<?php
namespace OAuth2\GrantType;
use OAuth2\ClientAssertionType\HttpBasic;
use OAuth2\ResponseType\AccessTokenInterface;
use OAuth2\Storage\ClientCredentialsInterface;
/**
* @author Brent Shaffer <bshafs at gmail dot com>
*
* @see HttpBasic
*/
class ClientCredentials extends HttpBasic implements GrantTypeInterface
{
/**
* @var array
*/
private $clientData;
/**
* @param ClientCredentialsInterface $storage
* @param array $config
*/
public function __construct(ClientCredentialsInterface $storage, array $config = array())
{
/**
* The client credentials grant type MUST only be used by confidential clients
*
* @see http://tools.ietf.org/html/rfc6749#section-4.4
*/
$config['allow_public_clients'] = false;
parent::__construct($storage, $config);
}
/**
* Get query string identifier
*
* @return string
*/
public function getQueryStringIdentifier()
{
return 'client_credentials';
}
/**
* Get scope
*
* @return string|null
*/
public function getScope()
{
$this->loadClientData();
return isset($this->clientData['scope']) ? $this->clientData['scope'] : null;
}
/**
* Get user id
*
* @return mixed
*/
public function getUserId()
{
$this->loadClientData();
return isset($this->clientData['user_id']) ? $this->clientData['user_id'] : null;
}
/**
* Create access token
*
* @param AccessTokenInterface $accessToken
* @param mixed $client_id - client identifier related to the access token.
* @param mixed $user_id - user id associated with the access token
* @param string $scope - scopes to be stored in space-separated string.
* @return array
*/
public function createAccessToken(AccessTokenInterface $accessToken, $client_id, $user_id, $scope)
{
/**
* Client Credentials Grant does NOT include a refresh token
*
* @see http://tools.ietf.org/html/rfc6749#section-4.4.3
*/
$includeRefreshToken = false;
return $accessToken->createAccessToken($client_id, $user_id, $scope, $includeRefreshToken);
}
private function loadClientData()
{
if (!$this->clientData) {
$this->clientData = $this->storage->getClientDetails($this->getClientId());
}
}
}

59
vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/GrantTypeInterface.php vendored
View file

@ -1,59 +0,0 @@
<?php
namespace OAuth2\GrantType;
use OAuth2\ResponseType\AccessTokenInterface;
use OAuth2\RequestInterface;
use OAuth2\ResponseInterface;
/**
* Interface for all OAuth2 Grant Types
*/
interface GrantTypeInterface
{
/**
* Get query string identifier
*
* @return string
*/
public function getQueryStringIdentifier();
/**
* @param RequestInterface $request
* @param ResponseInterface $response
* @return mixed
*/
public function validateRequest(RequestInterface $request, ResponseInterface $response);
/**
* Get client id
*
* @return mixed
*/
public function getClientId();
/**
* Get user id
*
* @return mixed
*/
public function getUserId();
/**
* Get scope
*
* @return string|null
*/
public function getScope();
/**
* Create access token
*
* @param AccessTokenInterface $accessToken
* @param mixed $client_id - client identifier related to the access token.
* @param mixed $user_id - user id associated with the access token
* @param string $scope - scopes to be stored in space-separated string.
* @return array
*/
public function createAccessToken(AccessTokenInterface $accessToken, $client_id, $user_id, $scope);
}

247
vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/JwtBearer.php vendored
View file

@ -1,247 +0,0 @@
<?php
namespace OAuth2\GrantType;
use OAuth2\ClientAssertionType\ClientAssertionTypeInterface;
use OAuth2\Storage\JwtBearerInterface;
use OAuth2\Encryption\Jwt;
use OAuth2\Encryption\EncryptionInterface;
use OAuth2\ResponseType\AccessTokenInterface;
use OAuth2\RequestInterface;
use OAuth2\ResponseInterface;
/**
* The JWT bearer authorization grant implements JWT (JSON Web Tokens) as a grant type per the IETF draft.
*
* @see http://tools.ietf.org/html/draft-ietf-oauth-jwt-bearer-04#section-4
*
* @author F21
* @author Brent Shaffer <bshafs at gmail dot com>
*/
class JwtBearer implements GrantTypeInterface, ClientAssertionTypeInterface
{
private $jwt;
protected $storage;
protected $audience;
protected $jwtUtil;
protected $allowedAlgorithms;
/**
* Creates an instance of the JWT bearer grant type.
*
* @param JwtBearerInterface $storage - A valid storage interface that implements storage hooks for the JWT
* bearer grant type.
* @param string $audience - The audience to validate the token against. This is usually the full
* URI of the OAuth token requests endpoint.
* @param EncryptionInterface|JWT $jwtUtil - OPTONAL The class used to decode, encode and verify JWTs.
* @param array $config
*/
public function __construct(JwtBearerInterface $storage, $audience, EncryptionInterface $jwtUtil = null, array $config = array())
{
$this->storage = $storage;
$this->audience = $audience;
if (is_null($jwtUtil)) {
$jwtUtil = new Jwt();
}
$this->config = array_merge(array(
'allowed_algorithms' => array('RS256', 'RS384', 'RS512')
), $config);
$this->jwtUtil = $jwtUtil;
$this->allowedAlgorithms = $this->config['allowed_algorithms'];
}
/**
* Returns the grant_type get parameter to identify the grant type request as JWT bearer authorization grant.
*
* @return string - The string identifier for grant_type.
*
* @see GrantTypeInterface::getQueryStringIdentifier()
*/
public function getQueryStringIdentifier()
{
return 'urn:ietf:params:oauth:grant-type:jwt-bearer';
}
/**
* Validates the data from the decoded JWT.
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return bool|mixed|null TRUE if the JWT request is valid and can be decoded. Otherwise, FALSE is returned.@see GrantTypeInterface::getTokenData()
*/
public function validateRequest(RequestInterface $request, ResponseInterface $response)
{
if (!$request->request("assertion")) {
$response->setError(400, 'invalid_request', 'Missing parameters: "assertion" required');
return null;
}
// Store the undecoded JWT for later use
$undecodedJWT = $request->request('assertion');
// Decode the JWT
$jwt = $this->jwtUtil->decode($request->request('assertion'), null, false);
if (!$jwt) {
$response->setError(400, 'invalid_request', "JWT is malformed");
return null;
}
// ensure these properties contain a value
// @todo: throw malformed error for missing properties
$jwt = array_merge(array(
'scope' => null,
'iss' => null,
'sub' => null,
'aud' => null,
'exp' => null,
'nbf' => null,
'iat' => null,
'jti' => null,
'typ' => null,
), $jwt);
if (!isset($jwt['iss'])) {
$response->setError(400, 'invalid_grant', "Invalid issuer (iss) provided");
return null;
}
if (!isset($jwt['sub'])) {
$response->setError(400, 'invalid_grant', "Invalid subject (sub) provided");
return null;
}
if (!isset($jwt['exp'])) {
$response->setError(400, 'invalid_grant', "Expiration (exp) time must be present");
return null;
}
// Check expiration
if (ctype_digit($jwt['exp'])) {
if ($jwt['exp'] <= time()) {
$response->setError(400, 'invalid_grant', "JWT has expired");
return null;
}
} else {
$response->setError(400, 'invalid_grant', "Expiration (exp) time must be a unix time stamp");
return null;
}
// Check the not before time
if ($notBefore = $jwt['nbf']) {
if (ctype_digit($notBefore)) {
if ($notBefore > time()) {
$response->setError(400, 'invalid_grant', "JWT cannot be used before the Not Before (nbf) time");
return null;
}
} else {
$response->setError(400, 'invalid_grant', "Not Before (nbf) time must be a unix time stamp");
return null;
}
}
// Check the audience if required to match
if (!isset($jwt['aud']) || ($jwt['aud'] != $this->audience)) {
$response->setError(400, 'invalid_grant', "Invalid audience (aud)");
return null;
}
// Check the jti (nonce)
// @see http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-13#section-4.1.7
if (isset($jwt['jti'])) {
$jti = $this->storage->getJti($jwt['iss'], $jwt['sub'], $jwt['aud'], $jwt['exp'], $jwt['jti']);
//Reject if jti is used and jwt is still valid (exp parameter has not expired).
if ($jti && $jti['expires'] > time()) {
$response->setError(400, 'invalid_grant', "JSON Token Identifier (jti) has already been used");
return null;
} else {
$this->storage->setJti($jwt['iss'], $jwt['sub'], $jwt['aud'], $jwt['exp'], $jwt['jti']);
}
}
// Get the iss's public key
// @see http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-06#section-4.1.1
if (!$key = $this->storage->getClientKey($jwt['iss'], $jwt['sub'])) {
$response->setError(400, 'invalid_grant', "Invalid issuer (iss) or subject (sub) provided");
return null;
}
// Verify the JWT
if (!$this->jwtUtil->decode($undecodedJWT, $key, $this->allowedAlgorithms)) {
$response->setError(400, 'invalid_grant', "JWT failed signature verification");
return null;
}
$this->jwt = $jwt;
return true;
}
/**
* Get client id
*
* @return mixed
*/
public function getClientId()
{
return $this->jwt['iss'];
}
/**
* Get user id
*
* @return mixed
*/
public function getUserId()
{
return $this->jwt['sub'];
}
/**
* Get scope
*
* @return null
*/
public function getScope()
{
return null;
}
/**
* Creates an access token that is NOT associated with a refresh token.
* If a subject (sub) the name of the user/account we are accessing data on behalf of.
*
* @see GrantTypeInterface::createAccessToken()
*
* @param AccessTokenInterface $accessToken
* @param mixed $client_id - client identifier related to the access token.
* @param mixed $user_id - user id associated with the access token
* @param string $scope - scopes to be stored in space-separated string.
* @return array
*/
public function createAccessToken(AccessTokenInterface $accessToken, $client_id, $user_id, $scope)
{
$includeRefreshToken = false;
return $accessToken->createAccessToken($client_id, $user_id, $scope, $includeRefreshToken);
}
}

154
vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/RefreshToken.php vendored
View file

@ -1,154 +0,0 @@
<?php
namespace OAuth2\GrantType;
use OAuth2\Storage\RefreshTokenInterface;
use OAuth2\ResponseType\AccessTokenInterface;
use OAuth2\RequestInterface;
use OAuth2\ResponseInterface;
/**
* @author Brent Shaffer <bshafs at gmail dot com>
*/
class RefreshToken implements GrantTypeInterface
{
/**
* @var array
*/
private $refreshToken;
/**
* @var RefreshTokenInterface
*/
protected $storage;
/**
* @var array
*/
protected $config;
/**
* @param RefreshTokenInterface $storage - REQUIRED Storage class for retrieving refresh token information
* @param array $config - OPTIONAL Configuration options for the server
* @code
* $config = array(
* 'always_issue_new_refresh_token' => true, // whether to issue a new refresh token upon successful token request
* 'unset_refresh_token_after_use' => true // whether to unset the refresh token after after using
* );
* @endcode
*/
public function __construct(RefreshTokenInterface $storage, $config = array())
{
$this->config = array_merge(array(
'always_issue_new_refresh_token' => false,
'unset_refresh_token_after_use' => true
), $config);
// to preserve B.C. with v1.6
// @see https://github.com/bshaffer/oauth2-server-php/pull/580
// @todo - remove in v2.0
if (isset($config['always_issue_new_refresh_token']) && !isset($config['unset_refresh_token_after_use'])) {
$this->config['unset_refresh_token_after_use'] = $config['always_issue_new_refresh_token'];
}
$this->storage = $storage;
}
/**
* @return string
*/
public function getQueryStringIdentifier()
{
return 'refresh_token';
}
/**
* Validate the OAuth request
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return bool|mixed|null
*/
public function validateRequest(RequestInterface $request, ResponseInterface $response)
{
if (!$request->request("refresh_token")) {
$response->setError(400, 'invalid_request', 'Missing parameter: "refresh_token" is required');
return null;
}
if (!$refreshToken = $this->storage->getRefreshToken($request->request("refresh_token"))) {
$response->setError(400, 'invalid_grant', 'Invalid refresh token');
return null;
}
if ($refreshToken['expires'] > 0 && $refreshToken["expires"] < time()) {
$response->setError(400, 'invalid_grant', 'Refresh token has expired');
return null;
}
// store the refresh token locally so we can delete it when a new refresh token is generated
$this->refreshToken = $refreshToken;
return true;
}
/**
* Get client id
*
* @return mixed
*/
public function getClientId()
{
return $this->refreshToken['client_id'];
}
/**
* Get user id
*
* @return mixed|null
*/
public function getUserId()
{
return isset($this->refreshToken['user_id']) ? $this->refreshToken['user_id'] : null;
}
/**
* Get scope
*
* @return null|string
*/
public function getScope()
{
return isset($this->refreshToken['scope']) ? $this->refreshToken['scope'] : null;
}
/**
* Create access token
*
* @param AccessTokenInterface $accessToken
* @param mixed $client_id - client identifier related to the access token.
* @param mixed $user_id - user id associated with the access token
* @param string $scope - scopes to be stored in space-separated string.
* @return array
*/
public function createAccessToken(AccessTokenInterface $accessToken, $client_id, $user_id, $scope)
{
/*
* It is optional to force a new refresh token when a refresh token is used.
* However, if a new refresh token is issued, the old one MUST be expired
* @see http://tools.ietf.org/html/rfc6749#section-6
*/
$issueNewRefreshToken = $this->config['always_issue_new_refresh_token'];
$unsetRefreshToken = $this->config['unset_refresh_token_after_use'];
$token = $accessToken->createAccessToken($client_id, $user_id, $scope, $issueNewRefreshToken);
if ($unsetRefreshToken) {
$this->storage->unsetRefreshToken($this->refreshToken['refresh_token']);
}
return $token;
}
}

123
vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/UserCredentials.php vendored
View file

@ -1,123 +0,0 @@
<?php
namespace OAuth2\GrantType;
use OAuth2\Storage\UserCredentialsInterface;
use OAuth2\ResponseType\AccessTokenInterface;
use OAuth2\RequestInterface;
use OAuth2\ResponseInterface;
use LogicException;
/**
* @author Brent Shaffer <bshafs at gmail dot com>
*/
class UserCredentials implements GrantTypeInterface
{
/**
* @var array
*/
private $userInfo;
/**
* @var UserCredentialsInterface
*/
protected $storage;
/**
* @param UserCredentialsInterface $storage - REQUIRED Storage class for retrieving user credentials information
*/
public function __construct(UserCredentialsInterface $storage)
{
$this->storage = $storage;
}
/**
* @return string
*/
public function getQueryStringIdentifier()
{
return 'password';
}
/**
* @param RequestInterface $request
* @param ResponseInterface $response
* @return bool|mixed|null
*
* @throws LogicException
*/
public function validateRequest(RequestInterface $request, ResponseInterface $response)
{
if (!$request->request("password") || !$request->request("username")) {
$response->setError(400, 'invalid_request', 'Missing parameters: "username" and "password" required');
return null;
}
if (!$this->storage->checkUserCredentials($request->request("username"), $request->request("password"))) {
$response->setError(401, 'invalid_grant', 'Invalid username and password combination');
return null;
}
$userInfo = $this->storage->getUserDetails($request->request("username"));
if (empty($userInfo)) {
$response->setError(400, 'invalid_grant', 'Unable to retrieve user information');
return null;
}
if (!isset($userInfo['user_id'])) {
throw new \LogicException("you must set the user_id on the array returned by getUserDetails");
}
$this->userInfo = $userInfo;
return true;
}
/**
* Get client id
*
* @return mixed|null
*/
public function getClientId()
{
return null;
}
/**
* Get user id
*
* @return mixed
*/
public function getUserId()
{
return $this->userInfo['user_id'];
}
/**
* Get scope
*
* @return null|string
*/
public function getScope()
{
return isset($this->userInfo['scope']) ? $this->userInfo['scope'] : null;
}
/**
* Create access token
*
* @param AccessTokenInterface $accessToken
* @param mixed $client_id - client identifier related to the access token.
* @param mixed $user_id - user id associated with the access token
* @param string $scope - scopes to be stored in space-separated string.
* @return array
*/
public function createAccessToken(AccessTokenInterface $accessToken, $client_id, $user_id, $scope)
{
return $accessToken->createAccessToken($client_id, $user_id, $scope);
}
}

135
vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeController.php vendored
View file

@ -1,135 +0,0 @@
<?php
namespace OAuth2\OpenID\Controller;
use OAuth2\Controller\AuthorizeController as BaseAuthorizeController;
use OAuth2\RequestInterface;
use OAuth2\ResponseInterface;
/**
* @see OAuth2\Controller\AuthorizeControllerInterface
*/
class AuthorizeController extends BaseAuthorizeController implements AuthorizeControllerInterface
{
/**
* @var mixed
*/
private $nonce;
/**
* Set not authorized response
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @param string $redirect_uri
* @param null $user_id
*/
protected function setNotAuthorizedResponse(RequestInterface $request, ResponseInterface $response, $redirect_uri, $user_id = null)
{
$prompt = $request->query('prompt', 'consent');
if ($prompt == 'none') {
if (is_null($user_id)) {
$error = 'login_required';
$error_message = 'The user must log in';
} else {
$error = 'interaction_required';
$error_message = 'The user must grant access to your application';
}
} else {
$error = 'consent_required';
$error_message = 'The user denied access to your application';
}
$response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $this->getState(), $error, $error_message);
}
/**
* @TODO: add dependency injection for the parameters in this method
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @param mixed $user_id
* @return array
*/
protected function buildAuthorizeParameters($request, $response, $user_id)
{
if (!$params = parent::buildAuthorizeParameters($request, $response, $user_id)) {
return;
}
// Generate an id token if needed.
if ($this->needsIdToken($this->getScope()) && $this->getResponseType() == self::RESPONSE_TYPE_AUTHORIZATION_CODE) {
$params['id_token'] = $this->responseTypes['id_token']->createIdToken($this->getClientId(), $user_id, $this->nonce);
}
// add the nonce to return with the redirect URI
$params['nonce'] = $this->nonce;
return $params;
}
/**
* @param RequestInterface $request
* @param ResponseInterface $response
* @return bool
*/
public function validateAuthorizeRequest(RequestInterface $request, ResponseInterface $response)
{
if (!parent::validateAuthorizeRequest($request, $response)) {
return false;
}
$nonce = $request->query('nonce');
// Validate required nonce for "id_token" and "id_token token"
if (!$nonce && in_array($this->getResponseType(), array(self::RESPONSE_TYPE_ID_TOKEN, self::RESPONSE_TYPE_ID_TOKEN_TOKEN))) {
$response->setError(400, 'invalid_nonce', 'This application requires you specify a nonce parameter');
return false;
}
$this->nonce = $nonce;
return true;
}
/**
* Array of valid response types
*
* @return array
*/
protected function getValidResponseTypes()
{
return array(
self::RESPONSE_TYPE_ACCESS_TOKEN,
self::RESPONSE_TYPE_AUTHORIZATION_CODE,
self::RESPONSE_TYPE_ID_TOKEN,
self::RESPONSE_TYPE_ID_TOKEN_TOKEN,
self::RESPONSE_TYPE_CODE_ID_TOKEN,
);
}
/**
* Returns whether the current request needs to generate an id token.
*
* ID Tokens are a part of the OpenID Connect specification, so this
* method checks whether OpenID Connect is enabled in the server settings
* and whether the openid scope was requested.
*
* @param string $request_scope - A space-separated string of scopes.
* @return boolean - TRUE if an id token is needed, FALSE otherwise.
*/
public function needsIdToken($request_scope)
{
// see if the "openid" scope exists in the requested scope
return $this->scopeUtil->checkScope('openid', $request_scope);
}
/**
* @return mixed
*/
public function getNonce()
{
return $this->nonce;
}
}

12
vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeControllerInterface.php vendored
View file

@ -1,12 +0,0 @@
<?php
namespace OAuth2\OpenID\Controller;
interface AuthorizeControllerInterface
{
const RESPONSE_TYPE_ID_TOKEN = 'id_token';
const RESPONSE_TYPE_ID_TOKEN_TOKEN = 'id_token token';
const RESPONSE_TYPE_CODE_ID_TOKEN = 'code id_token';
}

62
vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/UserInfoController.php vendored
View file

@ -1,62 +0,0 @@
<?php
namespace OAuth2\OpenID\Controller;
use OAuth2\Scope;
use OAuth2\TokenType\TokenTypeInterface;
use OAuth2\Storage\AccessTokenInterface;
use OAuth2\OpenID\Storage\UserClaimsInterface;
use OAuth2\Controller\ResourceController;
use OAuth2\ScopeInterface;
use OAuth2\RequestInterface;
use OAuth2\ResponseInterface;
/**
* @see OAuth2\Controller\UserInfoControllerInterface
*/
class UserInfoController extends ResourceController implements UserInfoControllerInterface
{
/**
* @var UserClaimsInterface
*/
protected $userClaimsStorage;
/**
* Constructor
*
* @param TokenTypeInterface $tokenType
* @param AccessTokenInterface $tokenStorage
* @param UserClaimsInterface $userClaimsStorage
* @param array $config
* @param ScopeInterface $scopeUtil
*/
public function __construct(TokenTypeInterface $tokenType, AccessTokenInterface $tokenStorage, UserClaimsInterface $userClaimsStorage, $config = array(), ScopeInterface $scopeUtil = null)
{
parent::__construct($tokenType, $tokenStorage, $config, $scopeUtil);
$this->userClaimsStorage = $userClaimsStorage;
}
/**
* Handle the user info request
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return void
*/
public function handleUserInfoRequest(RequestInterface $request, ResponseInterface $response)
{
if (!$this->verifyResourceRequest($request, $response, 'openid')) {
return;
}
$token = $this->getToken();
$claims = $this->userClaimsStorage->getUserClaims($token['user_id'], $token['scope']);
// The sub Claim MUST always be returned in the UserInfo Response.
// http://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse
$claims += array(
'sub' => $token['user_id'],
);
$response->addParameters($claims);
}
}

30
vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/UserInfoControllerInterface.php vendored
View file

@ -1,30 +0,0 @@
<?php
namespace OAuth2\OpenID\Controller;
use OAuth2\RequestInterface;
use OAuth2\ResponseInterface;
/**
* This controller is called when the user claims for OpenID Connect's
* UserInfo endpoint should be returned.
*
* @code
* $response = new OAuth2\Response();
* $userInfoController->handleUserInfoRequest(
* OAuth2\Request::createFromGlobals(),
* $response
* );
* $response->send();
* @endcode
*/
interface UserInfoControllerInterface
{
/**
* Handle user info request
*
* @param RequestInterface $request
* @param ResponseInterface $response
*/
public function handleUserInfoRequest(RequestInterface $request, ResponseInterface $response);
}

41
vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/GrantType/AuthorizationCode.php vendored
View file

@ -1,41 +0,0 @@
<?php
namespace OAuth2\OpenID\GrantType;
use OAuth2\GrantType\AuthorizationCode as BaseAuthorizationCode;
use OAuth2\ResponseType\AccessTokenInterface;
/**
* @author Brent Shaffer <bshafs at gmail dot com>
*/
class AuthorizationCode extends BaseAuthorizationCode
{
/**
* Create access token
*
* @param AccessTokenInterface $accessToken
* @param mixed $client_id - client identifier related to the access token.
* @param mixed $user_id - user id associated with the access token
* @param string $scope - scopes to be stored in space-separated string.
* @return array
*/
public function createAccessToken(AccessTokenInterface $accessToken, $client_id, $user_id, $scope)
{
$includeRefreshToken = true;
if (isset($this->authCode['id_token'])) {
// OpenID Connect requests include the refresh token only if the
// offline_access scope has been requested and granted.
$scopes = explode(' ', trim($scope));
$includeRefreshToken = in_array('offline_access', $scopes);
}
$token = $accessToken->createAccessToken($client_id, $user_id, $scope, $includeRefreshToken);
if (isset($this->authCode['id_token'])) {
$token['id_token'] = $this->authCode['id_token'];
}
$this->storage->expireAuthorizationCode($this->authCode['code']);
return $token;
}
}

66
vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/AuthorizationCode.php vendored
View file

@ -1,66 +0,0 @@
<?php
namespace OAuth2\OpenID\ResponseType;
use OAuth2\ResponseType\AuthorizationCode as BaseAuthorizationCode;
use OAuth2\OpenID\Storage\AuthorizationCodeInterface as AuthorizationCodeStorageInterface;
/**
* @author Brent Shaffer <bshafs at gmail dot com>
*/
class AuthorizationCode extends BaseAuthorizationCode implements AuthorizationCodeInterface
{
/**
* Constructor
*
* @param AuthorizationCodeStorageInterface $storage
* @param array $config
*/
public function __construct(AuthorizationCodeStorageInterface $storage, array $config = array())
{
parent::__construct($storage, $config);
}
/**
* @param $params
* @param null $user_id
* @return array
*/
public function getAuthorizeResponse($params, $user_id = null)
{
// build the URL to redirect to
$result = array('query' => array());
$params += array('scope' => null, 'state' => null, 'id_token' => null);
$result['query']['code'] = $this->createAuthorizationCode($params['client_id'], $user_id, $params['redirect_uri'], $params['scope'], $params['id_token']);
if (isset($params['state'])) {
$result['query']['state'] = $params['state'];
}
return array($params['redirect_uri'], $result);
}
/**
* Handle the creation of the authorization code.
*
* @param mixed $client_id - Client identifier related to the authorization code
* @param mixed $user_id - User ID associated with the authorization code
* @param string $redirect_uri - An absolute URI to which the authorization server will redirect the
* user-agent to when the end-user authorization step is completed.
* @param string $scope - OPTIONAL Scopes to be stored in space-separated string.
* @param string $id_token - OPTIONAL The OpenID Connect id_token.
*
* @return string
* @see http://tools.ietf.org/html/rfc6749#section-4
* @ingroup oauth2_section_4
*/
public function createAuthorizationCode($client_id, $user_id, $redirect_uri, $scope = null, $id_token = null)
{
$code = $this->generateAuthorizationCode();
$this->storage->setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, time() + $this->config['auth_code_lifetime'], $scope, $id_token);
return $code;
}
}

27
vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/AuthorizationCodeInterface.php vendored
View file

@ -1,27 +0,0 @@
<?php
namespace OAuth2\OpenID\ResponseType;
use OAuth2\ResponseType\AuthorizationCodeInterface as BaseAuthorizationCodeInterface;
/**
* @author Brent Shaffer <bshafs at gmail dot com>
*/
interface AuthorizationCodeInterface extends BaseAuthorizationCodeInterface
{
/**
* Handle the creation of the authorization code.
*
* @param mixed $client_id - Client identifier related to the authorization code
* @param mixed $user_id - User ID associated with the authorization code
* @param string $redirect_uri - An absolute URI to which the authorization server will redirect the
* user-agent to when the end-user authorization step is completed.
* @param string $scope - OPTIONAL Scopes to be stored in space-separated string.
* @param string $id_token - OPTIONAL The OpenID Connect id_token.
* @return string
*
* @see http://tools.ietf.org/html/rfc6749#section-4
* @ingroup oauth2_section_4
*/
public function createAuthorizationCode($client_id, $user_id, $redirect_uri, $scope = null, $id_token = null);
}

40
vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/CodeIdToken.php vendored
View file

@ -1,40 +0,0 @@
<?php
namespace OAuth2\OpenID\ResponseType;
class CodeIdToken implements CodeIdTokenInterface
{
/**
* @var AuthorizationCodeInterface
*/
protected $authCode;
/**
* @var IdTokenInterface
*/
protected $idToken;
/**
* @param AuthorizationCodeInterface $authCode
* @param IdTokenInterface $idToken
*/
public function __construct(AuthorizationCodeInterface $authCode, IdTokenInterface $idToken)
{
$this->authCode = $authCode;
$this->idToken = $idToken;
}
/**
* @param array $params
* @param mixed $user_id
* @return mixed
*/
public function getAuthorizeResponse($params, $user_id = null)
{
$result = $this->authCode->getAuthorizeResponse($params, $user_id);
$resultIdToken = $this->idToken->getAuthorizeResponse($params, $user_id);
$result[1]['query']['id_token'] = $resultIdToken[1]['fragment']['id_token'];
return $result;
}
}

9
vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/CodeIdTokenInterface.php vendored
View file

@ -1,9 +0,0 @@
<?php
namespace OAuth2\OpenID\ResponseType;
use OAuth2\ResponseType\ResponseTypeInterface;
interface CodeIdTokenInterface extends ResponseTypeInterface
{
}

178
vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/IdToken.php vendored
View file

@ -1,178 +0,0 @@
<?php
namespace OAuth2\OpenID\ResponseType;
use OAuth2\Encryption\EncryptionInterface;
use OAuth2\Encryption\Jwt;
use OAuth2\Storage\PublicKeyInterface;
use OAuth2\OpenID\Storage\UserClaimsInterface;
use LogicException;
class IdToken implements IdTokenInterface
{
/**
* @var UserClaimsInterface
*/
protected $userClaimsStorage;
/**
* @var PublicKeyInterface
*/
protected $publicKeyStorage;
/**
* @var array
*/
protected $config;
/**
* @var EncryptionInterface
*/
protected $encryptionUtil;
/**
* Constructor
*
* @param UserClaimsInterface $userClaimsStorage
* @param PublicKeyInterface $publicKeyStorage
* @param array $config
* @param EncryptionInterface $encryptionUtil
* @throws LogicException
*/
public function __construct(UserClaimsInterface $userClaimsStorage, PublicKeyInterface $publicKeyStorage, array $config = array(), EncryptionInterface $encryptionUtil = null)
{
$this->userClaimsStorage = $userClaimsStorage;
$this->publicKeyStorage = $publicKeyStorage;
if (is_null($encryptionUtil)) {
$encryptionUtil = new Jwt();
}
$this->encryptionUtil = $encryptionUtil;
if (!isset($config['issuer'])) {
throw new LogicException('config parameter "issuer" must be set');
}
$this->config = array_merge(array(
'id_lifetime' => 3600,
), $config);
}
/**
* @param array $params
* @param null $userInfo
* @return array|mixed
*/
public function getAuthorizeResponse($params, $userInfo = null)
{
// build the URL to redirect to
$result = array('query' => array());
$params += array('scope' => null, 'state' => null, 'nonce' => null);
// create the id token.
list($user_id, $auth_time) = $this->getUserIdAndAuthTime($userInfo);
$userClaims = $this->userClaimsStorage->getUserClaims($user_id, $params['scope']);
$id_token = $this->createIdToken($params['client_id'], $userInfo, $params['nonce'], $userClaims, null);
$result["fragment"] = array('id_token' => $id_token);
if (isset($params['state'])) {
$result["fragment"]["state"] = $params['state'];
}
return array($params['redirect_uri'], $result);
}
/**
* Create id token
*
* @param string $client_id
* @param mixed $userInfo
* @param mixed $nonce
* @param mixed $userClaims
* @param mixed $access_token
* @return mixed|string
*/
public function createIdToken($client_id, $userInfo, $nonce = null, $userClaims = null, $access_token = null)
{
// pull auth_time from user info if supplied
list($user_id, $auth_time) = $this->getUserIdAndAuthTime($userInfo);
$token = array(
'iss' => $this->config['issuer'],
'sub' => $user_id,
'aud' => $client_id,
'iat' => time(),
'exp' => time() + $this->config['id_lifetime'],
'auth_time' => $auth_time,
);
if ($nonce) {
$token['nonce'] = $nonce;
}
if ($userClaims) {
$token += $userClaims;
}
if ($access_token) {
$token['at_hash'] = $this->createAtHash($access_token, $client_id);
}
return $this->encodeToken($token, $client_id);
}
/**
* @param $access_token
* @param null $client_id
* @return mixed|string
*/
protected function createAtHash($access_token, $client_id = null)
{
// maps HS256 and RS256 to sha256, etc.
$algorithm = $this->publicKeyStorage->getEncryptionAlgorithm($client_id);
$hash_algorithm = 'sha' . substr($algorithm, 2);
$hash = hash($hash_algorithm, $access_token, true);
$at_hash = substr($hash, 0, strlen($hash) / 2);
return $this->encryptionUtil->urlSafeB64Encode($at_hash);
}
/**
* @param array $token
* @param null $client_id
* @return mixed|string
*/
protected function encodeToken(array $token, $client_id = null)
{
$private_key = $this->publicKeyStorage->getPrivateKey($client_id);
$algorithm = $this->publicKeyStorage->getEncryptionAlgorithm($client_id);
return $this->encryptionUtil->encode($token, $private_key, $algorithm);
}
/**
* @param $userInfo
* @return array
* @throws LogicException
*/
private function getUserIdAndAuthTime($userInfo)
{
$auth_time = null;
// support an array for user_id / auth_time
if (is_array($userInfo)) {
if (!isset($userInfo['user_id'])) {
throw new LogicException('if $user_id argument is an array, user_id index must be set');
}
$auth_time = isset($userInfo['auth_time']) ? $userInfo['auth_time'] : null;
$user_id = $userInfo['user_id'];
} else {
$user_id = $userInfo;
}
if (is_null($auth_time)) {
$auth_time = time();
}
// userInfo is a scalar, and so this is the $user_id. Auth Time is null
return array($user_id, $auth_time);
}
}

30
vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/IdTokenInterface.php vendored
View file

@ -1,30 +0,0 @@
<?php
namespace OAuth2\OpenID\ResponseType;
use OAuth2\ResponseType\ResponseTypeInterface;
interface IdTokenInterface extends ResponseTypeInterface
{
/**
* Create the id token.
*
* If Authorization Code Flow is used, the id_token is generated when the
* authorization code is issued, and later returned from the token endpoint
* together with the access_token.
* If the Implicit Flow is used, the token and id_token are generated and
* returned together.
*
* @param string $client_id - The client id.
* @param mixed $userInfo - User info
* @param string $nonce - OPTIONAL The nonce.
* @param string $userClaims - OPTIONAL Claims about the user.
* @param string $access_token - OPTIONAL The access token, if known.
* @internal param string $user_id - The user id.
* @return string The ID Token represented as a JSON Web Token (JWT).
*
* @see http://openid.net/specs/openid-connect-core-1_0.html#IDToken
*/
public function createIdToken($client_id, $userInfo, $nonce = null, $userClaims = null, $access_token = null);
}

Some files were not shown because too many files have changed in this diff Show more