From 7d48eca7d4023c119d86494e5f5d5758f8a9deba Mon Sep 17 00:00:00 2001
From: Angel Fernando Quiroz Campos <angelfqc.18@gmail.com>
Date: Tue, 17 Jan 2023 19:50:25 -0500
Subject: [PATCH] Plugin: Zoom: Allow to validate endpoint for server-to-server
 oauth application #4537

---
 plugin/zoom/endpoint.php | 29 +++++++++++++++++++++++++----
 1 file changed, 25 insertions(+), 4 deletions(-)

diff --git a/plugin/zoom/endpoint.php b/plugin/zoom/endpoint.php
index 488c78ec61..8f74aec881 100644
--- a/plugin/zoom/endpoint.php
+++ b/plugin/zoom/endpoint.php
@@ -6,19 +6,29 @@ use Chamilo\PluginBundle\Zoom\API\RecordingMeeting;
 use Chamilo\PluginBundle\Zoom\Meeting;
 use Chamilo\PluginBundle\Zoom\MeetingActivity;
 use Chamilo\PluginBundle\Zoom\Recording;
+use Symfony\Component\HttpFoundation\Request as HttpRequest;
 use Symfony\Component\HttpFoundation\Response;
 
 require_once __DIR__.'/config.php';
 
-if ('POST' !== $_SERVER['REQUEST_METHOD']) {
+$request = HttpRequest::createFromGlobals();
+
+if (!$request->isMethod('POST')) {
     http_response_code(Response::HTTP_NOT_FOUND);
     exit;
 }
 
-// @todo handle non-apache installations
-$authorizationHeaderValue = apache_request_headers()['Authorization'];
+$configAccountId = api_get_plugin_setting('zoom', ZoomPlugin::SETTING_ACCOUNT_ID);
+$configClientId = api_get_plugin_setting('zoom', ZoomPlugin::SETTING_CLIENT_ID);
+$configClientSecret = api_get_plugin_setting('zoom', ZoomPlugin::SETTING_CLIENT_SECRET);
+$configSecretToken = api_get_plugin_setting('zoom', ZoomPlugin::SETTING_SECRET_TOKEN);
+
+$isS2SApp = !empty($configAccountId) && !empty($configClientId) && !empty($configClientSecret);
+$isJwtApp = !$isS2SApp;
 
-if (api_get_plugin_setting('zoom', 'verificationToken') !== $authorizationHeaderValue) {
+$authorizationHeaderValue = $request->headers->get('Authorization');
+
+if ($isJwtApp && api_get_plugin_setting('zoom', 'verificationToken') !== $authorizationHeaderValue) {
     error_log('verificationToken not valid, please check your zoom configuration');
     http_response_code(Response::HTTP_UNAUTHORIZED);
     exit;
@@ -26,6 +36,17 @@ if (api_get_plugin_setting('zoom', 'verificationToken') !== $authorizationHeader
 
 $body = file_get_contents('php://input');
 $decoded = json_decode($body);
+
+if ('endpoint.url_validation' === $decoded->event) {
+    $json = json_encode([
+        'plainToken' => $decoded->payload->plainToken,
+        'encryptedToken' => hash_hmac('sha256', $decoded->payload->plainToken, $configSecretToken),
+    ]);
+
+    echo $json;
+    exit();
+}
+
 if (is_null($decoded) || !is_object($decoded) || !isset($decoded->event) || !isset($decoded->payload->object)) {
     error_log(sprintf('Did not recognize event notification: %s', $body));
     http_response_code(Response::HTTP_UNPROCESSABLE_ENTITY);