如何使用Rest API在Processmaker 3.0中创建Logout功能？

Question

I am developing one REST API in Process-maker 3.0. In which user can login using password oauth2.0 authorization.

We get access token and Oauthcredential.json get automatically updated. When user logged in with credentials (client_id, client_secret, username and password) cookie sets. And it directs to REST endpoints as suggesting in the link: http://wiki.processmaker.com/3.0/Calling_REST_Endpoints

When cookies are not set or get cleared it should redirect to login page or when user click on logout button it will redirect to login page.

code for login page

'<html><head>
 <meta charset="utf-8">
 <meta http-equiv="X-UA-Compatible" content="IE=edge">
 <meta name="viewport" content="width=device-width, initial-scale=1">  
</head>
<body>
<form action="check_login.php" method="post">
 Client ID<br>
 <input type="text" name="client_id" value="" width=32 /><br>
 Client Secret<br>
 <input type="text" name="client_secret" value="" width=32 /><br>
 Username<br>
 <input type="text" name="username" value="" width=20 /><br>
 Password<br>
<input type="text" name="password" value="" width=20 /><br>
<input type="submit" value="Login"/>
</form>
</body>
</html>

After successful login it goes to checklogin.php page

<?php
$clientId=isset($_POST['client_id']);
$clientSecret=isset($_POST['clientSecret']);
$username=isset($_POST['username']);
$password=isset($_POST['password']);


//change the server address and workspace to match your system:
$pmServer    = "http://127.0.0.1/api/1.0/workflow";
$pmWorkspace = 'workflow';

function pmRestLogin($clientId, $clientSecret, $username, $password) {
  global $pmServer, $pmWorkspace;
  $postParams = array(
  'grant_type'    => 'password',
  'scope'         => '*',       //set to 'view_process' if not changing the process
  'client_id'     => $clientId,
  'client_secret' => $clientSecret,
  'username'      => $username,
  'password'      => $password
   );
 echo "after function";
  $ch = curl_init("$pmServer/oauth2/token");
  curl_setopt($ch, CURLOPT_TIMEOUT, 30);
  curl_setopt($ch, CURLOPT_POST, 1);
  curl_setopt($ch, CURLOPT_POSTFIELDS, $postParams);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

  $oToken = json_decode(curl_exec($ch));
  $httpStatus = curl_getinfo($ch, CURLINFO_HTTP_CODE);
  curl_close($ch);

  if ($httpStatus != 200) {
  print "Error in HTTP status code: $httpStatus\n";
  return null;
  }
  else if (isset($oToken->error)) {
  print "Error logging into $pmServer:\n" .
     "Error:       {$oToken->error}\n" .
     "Description: {$oToken->error_description}\n";
    }
   else {
  //At this point $oToken->access_token can be used to call REST endpoints.

  //If planning to use the access_token later, either save the access_token
  //and refresh_token as cookies or save them to a file in a secure location.

  //If saving them as cookies:
    setcookie("access_token",  $oToken->access_token,  time() + 60*5);
    setcookie("refresh_token", $oToken->refresh_token); //refresh token doesn't expire
  setcookie("client_id",     $clientId);
  setcookie("client_secret", $clientSecret);


echo "saving cred in file";
  //If saving to a file:
  file_put_contents("oauthCredentials.json", json_encode($oToken));
  //include the path in the filename if not located in the same directory:  

    }

   return $oToken;
 }


 $oToken = pmRestLogin($_POST['client_id'], $_POST['client_secret'],$_POST['username'], $_POST['password']);

if (isset($oToken) and isset($oToken->access_token)) {
 //can now call REST endpoints using $oToken->access_token
 // $oRet = pmRestRequest("GET", "/api/1.0/workflow/users", null, $oToken-  >access_token);
   header("location: cases.php");

 }
?>

after successfully login it goes to cases.php `

            <?php
            $pmServer = "http://127.0.0.1"; //set to your ProcessMaker address

            $accessToken = isset($_COOKIE['access_token']) ? $_COOKIE['access_token'] : getAccessToken();

             /*check cookie expired or not*/
              if (empty($accessToken) and isset($_COOKIE['access_token']))
                  $accessToken = $_COOKIE['access_token'];

               if (empty($accessToken)) { //if the access token has expired
                  //To check if the PM login session has expired: !isset($_COOKIE['PHPSESSID'])
                  header("Location: formLogin.php"); //change to match your login method
                  die();
               }
               /***************************/


            $ch = curl_init($pmServer . "/api/1.0/workflow/users");
            curl_setopt($ch, CURLOPT_HTTPHEADER, array("Authorization: Bearer " . $accessToken));
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
            $aUsers = json_decode(curl_exec($ch));
            $statusCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
            curl_close($ch);

            if ($statusCode != 200) {
               /*if (isset ($aUsers) and isset($aUsers->error))
                  print "Error code: {$aUsers->error->code}\nMessage: {$aUsers->error->message}\n";
               else
                  print "Error: HTTP status code: $statusCode\n";*/
              header("Location: formLogin.php"); //change to match your login method
                  die();

            }
            else {
               foreach ($aUsers as $oUser) {
                  if ($oUser->usr_status == "ACTIVE") {
                     print "{$oUser->usr_firstname} {$oUser->usr_lastname} ({$oUser->usr_username})\n";
                  }
               }
            }
            ?>



            <body>
              <div data-role="page">
                  <div data-role="header" data-position="fixed">
                      <h1>My Cases</h1>
                  </div>

                  <div role="main" class="ui-content">
                    <ul data-role="listview" data-inset="false" data-divider-theme="a">
                        <li data-role="list-divider">Home</li>
                        <li><a href="todo-list.html">Inbox</a></li>
                        <li><a href="jlogin.html">Logout</a></li>
                    </ul>
                  </div>

                  <div data-role="footer" data-position="fixed">  
                  </div>
              </div>


            </body>


            </html>` 

In cases.php when session id is not set it should redirect to formLogin.php but this functionality is not work properly.

Thanks in advance.

Answer 1

I would advise against using http codes for checking if someone is logged in. Reason being: if there was an error code, for example, a 404 or something else did not work properly, but the user didn't wish to log out, you should be able to handle that in your application UI.

Instead, I would suggest using a session variable to store the access token and then when the user clicks on the logout button, simply destroy the variable and then redirect them to the login page.

Here is an example of an application I built using the ProcessMaker rest api that allows you to login via oauth 2 with authorization code grant type and also handles logging out. The only difference between my application and yours is that mine is a SPA written in angularjs and yours in php. The concepts are the same though.

https://github.com/ethnp/pmangular