212. EPMO Open Source Coordination Office Redaction File Detail Report

Produced by Araxis Merge on 5/25/2018 9:22:54 AM Central Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.

212.1 Files compared

#	Location	File	Last Modified
1	C:\AraxisMergeCompare\Pri_un\ZIP\DSM-cif\Direct_API\application\views\api\onboarding\services	mailboxes.php	Tue May 22 13:19:28 2018 UTC
2	C:\AraxisMergeCompare\Pri_re\ZIP\DSM-cif\Direct_API\application\views\api\onboarding\services	mailboxes.php	Thu May 24 22:19:16 2018 UTC

212.2 Comparison summary

Description	Between Files 1 and 2
Description	Text Blocks	Lines
Unchanged	5	216
Changed	4	10
Inserted	0	0
Removed	0	0

212.3 Comparison options

Whitespace
Character case	Differences in character case are significant
Line endings	Differences in line endings (`CR` and `LF` characters) are ignored
CR/LF characters	Not shown in the comparison detail

212.4 Active regular expressions

No regular expressions were active.

212.5 Comparison detail

	1	<?php
	2	/**
	3	* @packag e direct-a s-a-servic e
	4	* @subpac kage views
	5	* @fileso urce
	6	/ /* */
	7
	8	$this->loa d->view('a pi/header' );
	9	$this->loa d->view('a pi/nav');
	10	?>
	11	<h 1><a href= "/onboardi ng/documen tation/" c lass="unde rline">Doc umentation </a> &rarr ; /direct/ mailboxes - GET</h1>
	12	<p >The Mailb oxes servi ce allows authorized applicati ons to ret urn all ma ilboxes th e specifie d user has access to and can b e accessed by sendin g a GET re quest to d irect/mail boxes. </p >
	13	<h 3>Authenti cation</h3 >
	14	<p >
	15	The API au thenticati on utilize d is based upon hash message a uthenticat ion code ( HMAC). HMA C is an au thenticati on method that combi nes a cryp tographic hash funct ion with a PW cryptograp hic key. A fter the s uccessful registrati on of an a pplication on the AP I, a publi c and priv ate key li ke the exa mple below will be p rovisioned for its u se.
	16	</ p>
	17	<p class="co de">
	18	Publ ic Key: RE DACTED
	19	<br/ >Private K ey: REDACT ED
	20	</ p>
	21	<p >
	22	On e very reque st that an applicati on sends t o the API they must include an Authoriza tion heade r. The aut horization header is a string that the A PI will ut ilize to c onfirm the identity, and the m essage con tent, of t he sender. The autho rization h eader cons ists of th ree parts. The first part is t he API ide ntifier, r epresented by the wo rd "DAAS", which sta nds for Di rect as a Service. T he API ide ntifier is followed by a space that sepa rates it f rom the id entifying content. T he identif ying conte nt consist s of the u nique publ ic key and the base6 4 encoded HMAC hash generated by the req uest conte nt and the private k ey, delimi ted by a c olon. An e xample of the author ization he ader is be low.
	23	</ p>
	24	<p class="co de">
	25	Auth orization: DAAS REDA CTED
	26	</ p>
	27	<p >
	28	The HMAC strin g is gener ated by ru nning an H MAC hash f unction on a plain t ext string and the a pplication 's private key. The plain text string th at must be hashed us ing HMAC i s construc ted as fol lows:
	29	<u l>
	30	<li> HTTP Reque st Type</l i>
	31	<li> Date</li>
	32	<li> Content-MD 5 (Optiona l)</li>
	33	</ ul>
	34	Th ese values are separ ated by ne w line cha racters (" \n"). An e xample of the plain text strin g is below :
	35	</ p>
	36	<p class="co de">
	37	GET\ n06/03/201 3 12:13:56 EST\niB94 gawbwUSiZy 5FuruIOQ== \n/direct/ mailboxes/ format/jso n?mailbox= 1
	38	</ p>
	39	<p >
	40	The string abo ve is hash ed with th e applicat ion's priv ate key us ing the SH A-256 algo rithm. A s nippet of JavaScript code show ing an exa mple of th is is show n below:
	41	</ p>
	42	<p class=" code">
	43	va r hashStri ng = Crypt oJS.HmacSH A256("GET\ n06/03/201 3 12:13:56 EDT\niB94 gawbwUSiZy 5FuruIOQ== \n/direct/ mailboxes/ format/jso n?mailbox= 1","0097cd 109a3b72df 1f988e4a6e 3e344ecc02 cdab9a0373 6bc12463b7 d1b889a8") ;
	44	<b r/>var bas e64 = enco de64(""+ha shString);
	45	<b r/>var aut horization = "DAAS REDACTED :"+base64;
	46	</p>
	47	<p>
	48	In the examp le above t he Content MD5 is pr ovided but this is a n optional field. If the Conte nt MD5 hea der is not specified then the hash shoul d not have the MD5 s pecified e ither.
	49	</p>
	50	<h3>Header s</h3>
	51	<div class ="column">
	52	<d iv class=" left">
	53	<ul>
	54	<li>Au thorizatio n</li>
	55	<p>
	56	The firs t required header is the Autho rization h eader cove red in the Authentic ation sect ion at the top of th is page.
	57	</p>
	58	<li>Da te or X-Da as-Date</l i>
	59	<p>
	60	The seco nd require d header t hat must b e included is the Da te header. Some brow sers will not let an applicati on specify the Date header pro grammatica lly, so in this case it is als o acceptab le to use the X-Daas -Date head er as the API will i nterpret t hem interc hangeably. This head er should be populat ed with th e current date and t ime, in an y standard format (i ncluding t ime zone i nformation if not ti me zone ag nostic), w hen the GE T request is submitt ed. The va lue suppli ed in the Date heade r must mat ch the val ue used in the creat ion of the hash stri ng for the Authoriza tion heade r.
	61	</p>
	62	</ul >
	63	</ div>
	64	<d iv class=" right">
	65	<ul>
	66	<li>Co ntent-Md5< /li>
	67	<p>
	68	The opti onal heade r is the C ontent-Md5 header. T his header should co ntain an M D5 hash of the GET q uery strin g. If this header is specified then it m ust also b e included in the ha sh string for the au thorizatio n header. This extra security measure is not typic ally neces sary for G ET request s, however the optio n is avail able so th at the par ameters se nt in the GET reques t can be v alidated b y the API as not hav ing been t ampered wi th in tran sit.
	69	</p>
	70	</ul >
	71	</ div>
	72	</div>
	73	<h3>Argume nts</h3>
	74	<p>
	75	Th ere are 1 arguments that can b e sent to the mailbo xes web se rvice.
	76	</p>
	77	<div class ="column">
	78	<d iv class=" left">
	79	<ul>
	80	<li>Ma ilbox</li>
	81	<p>
	82	This is a required field whi ch identif ies which userâ€™s m ailboxes s hould be r eturned. T his is the local por tion of th e Direct a ddress, i. e., test.u ser@<?php echo CLINI CAL_DOMAIN ?> is the Direct ad dress so t hat passed value you would tes t.user.
	83	</p>
	84	</ul >
	85	</ div>
	86	<d iv class=" right">
	87	&nbs p;
	88	</ div>
	89	</div>
	90	<h3>Exampl e Response </h3>
	91	<ul>
	92	<l i>Success< /li>
	93	<u l>
	94	<li> {"request_ id":"42926 ","mailbox ":"tauser" ,"user":"t auser","ma ilboxes":{ "1":{"id": "1","name" :"tauser", "is_group" :0,"facili ty_id":"16 7","unseen _message_c ount":38}} }</li>
	95	</ ul>
	96	<l i>Error</l i>
	97	<u l>
	98	<li> HTTP-401, {"request_ id":"2","m essage": " Access Den ied. Authe ntication Failed."}< /li>
	99	<li> HTTP-403, {"request_ id":"3","m essage":"A ccess Deni ed. Use No t Authoriz ed."}</li>
	100	<li> HTTP-403, {"request_ id":"4","m essage":"A ccess Deni ed. User N ot Authori zed."}</li >
	101	<li> HTTP-422, {"request_ id":"5","f ields":["m ailbox"]," message":" 'Mailbox' is a requi red field. "}</li>
	102	<li> HTTP-422, {"request_ id":"6","m essage":"' Mailbox' c ontains in valid inpu t","fields ":["mailbo x"]}</li>
	103	</ ul>
	104	</ul>
	105	<h3>Sample Code</h3>
	106	<p>
	107	Th e mailboxe s web serv ice is con structed i n the same manner th at the val idate web service is . Please c lick <a hr ef="/onboa rding/docu mentation/ validate_e xample">he re</a> to be taken t o some sam ple code s nippets fo r the vali date web s ervice and use that as a basis for creat ing the ma ilboxes ca ll.
	108	</p>
	109	</div>
	110	<?PHP $thi s->load->v iew('api/f ooter'); ? >
	111	</div>
	112	</body>
	113	</html