protected function _init() { $app = App::i(); $config = array_merge(['timeout' => '24 hours', 'salt' => 'LT_SECURITY_SALT_SECURITY_SALT_SECURITY_SALT_SECURITY_SALT_SECU', 'login_url' => 'https://www.google.com/accounts/o8/id', 'path' => preg_replace('#^https?\\:\\/\\/[^\\/]*(/.*)#', '$1', $app->createUrl('auth'))], $this->_config); $opauth_config = ['Strategy' => ['OpenID' => ['identifier_form' => THEMES_PATH . 'active/views/auth-form.php', 'url' => $config['login_url']]], 'security_salt' => $config['salt'], 'security_timeout' => $config['timeout'], 'path' => $config['path'], 'callback_url' => $app->createUrl('auth', 'response')]; $opauth = new \Opauth($opauth_config, false); $this->opauth = $opauth; if ($config['logout_url']) { $app->hook('auth.logout:after', function () use($app, $config) { $app->redirect($config['logout_url'] . '?next=' . $app->baseUrl); }); } // add actions to auth controller $app->hook('GET(auth.index)', function () use($app) { $app->redirect($this->createUrl('openid')); }); $app->hook('<<GET|POST>>(auth.openid)', function () use($opauth, $config) { $_POST['openid_url'] = $config['login_url']; $opauth->run(); }); $app->hook('GET(auth.response)', function () use($app) { $app->auth->processResponse(); if ($app->auth->isUserAuthenticated()) { $app->redirect($app->auth->getRedirectPath()); } else { if ($app->config['app.mode'] === 'production') { $app->redirect($this->createUrl('error')); } else { echo '<pre>'; var_dump($this->data, $_POST, $_GET, $_REQUEST, $_SESSION); die; } } }); }
protected function _init() { $app = App::i(); $url = $app->createUrl('auth'); $config = array_merge(['timeout' => '24 hours', 'salt' => 'LT_SECURITY_SALT_SECURITY_SALT_SECURITY_SALT_SECURITY_SALT_SECU', 'client_secret' => '', 'cliente_id' => '', 'path' => preg_replace('#^https?\\:\\/\\/[^\\/]*(/.*)#', '$1', $url)], $this->_config); $opauth_config = ['strategy_dir' => PROTECTED_PATH . '/vendor/opauth/', 'Strategy' => ['logincidadao' => $config], 'security_salt' => $config['salt'], 'security_timeout' => $config['timeout'], 'host' => preg_replace('#^(https?\\:\\/\\/[^\\/]*)/.*#', '$1', $url), 'path' => $config['path'], 'callback_url' => $app->createUrl('auth', 'response')]; if (isset($config['onCreateRedirectUrl'])) { $this->onCreateRedirectUrl = $config['onCreateRedirectUrl']; } $opauth = new \Opauth($opauth_config, false); $this->opauth = $opauth; // add actions to auth controller $app->hook('GET(auth.index)', function () use($app) { $app->redirect($this->createUrl('logincidadao')); }); $app->hook('<<GET|POST>>(auth.logincidadao)', function () use($opauth, $config) { // $_POST['openid_url'] = $config['login_url']; $opauth->run(); }); $app->hook('GET(auth.response)', function () use($app) { $app->auth->processResponse(); if ($app->auth->isUserAuthenticated()) { $app->redirect($app->auth->getRedirectPath()); } else { $app->redirect($this->createUrl('')); } }); }
/** * auth service callback * @param Base $f3 * @param $params */ function callback(\Base $f3, $params) { $Opauth = new \Opauth($this->config, false); switch ($Opauth->env['callback_transport']) { case 'session': $response = $f3->get('SESSION.opauth'); $f3->clear('SESSION.opauth'); break; case 'post': $response = unserialize(base64_decode($f3->get('POST.opauth'))); break; case 'get': $response = unserialize(base64_decode($f3->get('GET.opauth'))); break; default: $f3->error(400, 'Unsupported callback_transport'); break; } if (isset($response['error'])) { $f3->call($this->abortFunc, array($response)); return; } $data = $response['auth']; // validate if (empty($data) || empty($response['timestamp']) || empty($response['signature']) || empty($data['provider']) || empty($data['uid'])) { $f3->error(400, 'Invalid auth response: Missing key auth response components'); } elseif (!$Opauth->validate(sha1(print_r($data, true)), $response['timestamp'], $response['signature'], $reason)) { $f3->error(400, 'Invalid auth response: ' . $reason); } else { // It's all good $f3->call($this->successFunc, array($data)); } }
private function callback() { global $wgOpauthConfig; /** * Instantiate Opauth with the loaded config but not run automatically */ $Opauth = new Opauth($wgOpauthConfig, false); /** * Fetch auth response, based on transport configuration for callback */ $response = null; switch ($Opauth->env['callback_transport']) { case 'session': session_start(); $response = $_SESSION['opauth']; unset($_SESSION['opauth']); break; case 'post': $response = unserialize(base64_decode($_POST['opauth'])); break; case 'get': $response = unserialize(base64_decode($_GET['opauth'])); break; default: die('<strong style="color: red;">Error: </strong>Unsupported callback_transport.' . "<br>\n"); break; } /** * Check if it's an error callback */ if (array_key_exists('error', $response)) { die('<strong style="color: red;">Authentication error: </strong> Opauth returns error auth response.' . "<br>\n"); print_r($response); die; } /** * Auth response validation * * To validate that the auth response received is unaltered, especially auth response that * is sent through GET or POST. */ if (empty($response['auth']) || empty($response['timestamp']) || empty($response['signature']) || empty($response['auth']['provider']) || empty($response['auth']['uid'])) { echo '<strong style="color: red;">Invalid auth response: </strong>Missing key auth response components.' . "<br>\n"; print_r($response); die; } elseif (!$Opauth->validate(sha1(print_r($response['auth'], true)), $response['timestamp'], $response['signature'], $reason)) { echo '<strong style="color: red;">Invalid auth response: </strong>' . $reason . ".<br>\n"; print_r($response); die; } //echo( '<strong style="color: green;">OK: </strong>Auth response is validated.'."<br>\n" ); /** * It's all good. Go ahead with your application-specific authentication logic */ // echo "<pre>".print_r($response,1)."</pre>"; // die(); wfRunHooks('OpauthUserAuthorized', array(strtolower($response['auth']['provider']), $response['auth']['uid'], $response['auth']['info'], $response['auth'])); }
/** * * * @return void */ public function callback() { $config = Config::get('opauth'); $Opauth = new Opauth($config, FALSE); if (!session_id()) { session_start(); } $response = isset($_SESSION['opauth']) ? $_SESSION['opauth'] : array(); $err_msg = null; unset($_SESSION['opauth']); if (array_key_exists('error', $response)) { $err_msg = 'Authentication error:Opauth returns error auth response.'; } else { if (empty($response['auth']) || empty($response['timestamp']) || empty($response['signature']) || empty($response['auth']['provider']) || empty($response['auth']['uid'])) { $err_msg = 'Invalid auth response: Missing key auth response components.'; } elseif (!$Opauth->validate(sha1(print_r($response['auth'], true)), $response['timestamp'], $response['signature'], $reason)) { $err_msg = 'Invalid auth response: ' . $reason; } } if ($err_msg) { return Redirect::to('account/login')->with('error', $err_msg); } else { $email = $response['auth']['info']['email']; $authentication = new Authentication(); $authentication->provider = $response['auth']['provider']; $authentication->provider_uid = $response['auth']['uid']; $authentication_exist = Authentication::where('provider', $authentication->provider)->where('provider_uid', '=', $authentication->provider_uid)->first(); if (!$authentication_exist) { if (Sentry::check()) { $user = Sentry::getUser(); $authentication->user_id = $user->id; } else { try { $user = Sentry::getUserProvider()->findByLogin($email); } catch (Cartalyst\Sentry\Users\UserNotFoundException $e) { $user = Sentry::register(array('first_name' => $response['auth']['info']['first_name'], 'last_name' => $response['auth']['info']['last_name'], 'email' => $email, 'password' => Str::random(14)), TRUE); } $authentication->user_id = $user->id; } $authentication->save(); } else { $user = Sentry::getUserProvider()->findById($authentication_exist->user_id); Sentry::login($user); Session::put('user_image', $response['auth']['info']['image']); return Redirect::to('/'); } } }
/** * @return LoginProviderEntity * @throws \Nette\InvalidStateException * @throws \Nette\InvalidArgumentException */ protected function createLoginProviderEntity() { $type = $this->getOpauthType(); $params = array('path' => $this->getCallbackUrl(), 'callback_url' => $this->getCallbackUrl(), 'Strategy' => array($type => $this->getConfig())); Debugger::$maxLen = 10000; $this->opauth = new Opauth($params, FALSE); $this->opauth->strategy = Strings::lower($type); $response = null; switch ($this->opauth->env['callback_transport']) { case 'session': $response = $_SESSION['opauth']; unset($_SESSION['opauth']); break; case 'post': $response = unserialize(base64_decode($_POST['opauth'])); break; case 'get': $response = unserialize(base64_decode($_GET['opauth'])); break; default: throw new InvalidArgumentException("Unsupported callback transport."); break; } if ($response === NULL) { if (isset($_GET['_opauth_action'])) { $action = explode('/', $_GET['_opauth_action']); $this->opauth->action = $action[1]; } $this->opauth->run(); } if (array_key_exists('error', $response)) { throw new InvalidStateException($response['error']['message']); } if (empty($response['auth']) || empty($response['timestamp']) || empty($response['signature']) || empty($response['auth']['provider']) || empty($response['auth']['uid'])) { throw new InvalidStateException('Invalid auth response: Missing key auth response components'); } elseif (!$this->opauth->validate(sha1(print_r($response['auth'], true)), $response['timestamp'], $response['signature'], $reason)) { throw new InvalidStateException('Invalid auth response: ' . $reason); } $ret = new LoginProviderEntity($response['auth']['uid'], static::getType()); $this->fillLoginEntity($ret, $response['auth']['raw']); return $ret; }
/** * Call * * @return bool|void */ public function call() { $options = $this->injectors; $app = $this->app; $that = $this; $callback = function ($req, $res, $next) use($that, $app, $options) { $opauth = new OPAuthService($options, false); $response = unserialize(base64_decode($app->input->data('opauth'))); $reason = null; $auth = false; if (isset($response['error'])) { $reason = $response['error']; } else { if (empty($response['auth']) || empty($response['timestamp']) || empty($response['signature']) || empty($response['auth']['provider']) || empty($response['auth']['uid'])) { $reason = 'Missing key auth response components'; } elseif (!$opauth->validate(sha1(print_r($response['auth'], true)), $response['timestamp'], $response['signature'], $_reason)) { $reason = $_reason; } else { $auth = $response['auth']; } } $req->auth = $auth; $req->auth_error = $reason; $next(); }; $init = function ($req, $res, $next) use($options) { if (isset($options['Strategy'][$req->params['strategy']])) { new OPAuthService($options); } else { $next(); } }; // Register url routes $app->post($options['callback_url'], $callback, $options['callback']); $app->get($options['login_url'] . '/:strategy', $init); $app->all($options['login_url'] . '/:strategy/:return', $init); $this->next(); }
public function action_callback() { $_opauth = new Opauth($this->_config, false); switch ($_opauth->env['callback_transport']) { case 'session': session_start(); $response = $_SESSION['opauth']; $s = var_export($_SESSION, true); unset($_SESSION['opauth']); break; } if (array_key_exists('error', $response)) { return $this->login_failed(); } else { if (empty($response['auth']) || empty($response['timestamp']) || empty($response['signature']) || empty($response['auth']['provider']) || empty($response['auth']['uid'])) { return $this->login_failed(); } elseif (!$_opauth->validate(sha1(print_r($response['auth'], true)), $response['timestamp'], $response['signature'], $reason)) { return $this->login_failed(); } else { return $this->opauth_login($response); } } }
/** * @param string|null $strategy * @return IOpauthIdentity * @throws InvalidArgumentException * @throws InvalidLoginException */ public function callback($strategy) { if ($strategy === NULL) { throw new InvalidLoginException('No auth response. Probably user cancelled the process.'); } if ($this->isFakeStrategy($strategy)) { if ($this->config['debug'] != true) { throw new InvalidLoginException("Fake login available only in debug mode!"); } return $this->createIdentity(array('uid' => "123123123", 'info' => array('name' => "Chuck Norris", 'image' => "http://placekitten.com/465/465"), 'raw' => array('link' => "http://www.google.com/search?q=chuck+norris", 'email' => "*****@*****.**", 'given_name' => "Chuck", 'family_name' => "Norris"), 'provider' => 'Google')); } $Opauth = new \Opauth($this->config, false); $response = null; switch ($Opauth->env['callback_transport']) { case 'session': $response = $_SESSION['opauth']; unset($_SESSION['opauth']); break; case 'post': $response = unserialize(base64_decode($_POST['opauth'])); break; case 'get': $response = unserialize(base64_decode($_GET['opauth'])); break; default: throw new InvalidArgumentException("Unsupported callback transport."); break; } if (array_key_exists('error', $response)) { throw new InvalidLoginException($response['error']['message']); } if (empty($response['auth']) || empty($response['timestamp']) || empty($response['signature']) || empty($response['auth']['provider']) || empty($response['auth']['uid'])) { throw new InvalidLoginException('Invalid auth response: Missing key auth response components'); } elseif (!$Opauth->validate(sha1(print_r($response['auth'], true)), $response['timestamp'], $response['signature'], $reason)) { throw new InvalidLoginException('Invalid auth response: ' . $reason); } \Nette\Diagnostics\Debugger::barDump($response['auth'], 'authInfo'); return $this->createIdentity($response['auth']); }
/** * Callback action. Redirected after auth */ public function callbackAction() { $response = null; try { $opauth = new Opauth($this->_opauthConfig, false); if (isset($opauth->env['callback_transport']) && $opauth->env['callback_transport'] == 'session') { if (isset($_SESSION['opauth'])) { $response = $_SESSION['opauth']; unset($_SESSION['opauth']); /** * Check if it's an error callback */ if (array_key_exists('error', $response)) { throw new Zend_Controller_Action_Exception('Opauth returns error auth response'); } else { if (empty($response['auth']) || empty($response['timestamp']) || empty($response['signature']) || empty($response['auth']['provider']) || empty($response['auth']['uid'])) { throw new Zend_Controller_Action_Exception('Invalid auth response: Missing key auth response components.'); } elseif (!$opauth->validate(sha1(print_r($response['auth'], true)), $response['timestamp'], $response['signature'], $reason)) { //Auth response validation error throw new Zend_Controller_Action_Exception('Invalid auth response: ' . $reason); } else { //Auth Ok! $this->_oauthLogin($response); } } } else { throw new Zend_Controller_Action_Exception('Auth session is empty.'); } } else { throw new Zend_Controller_Action_Exception('Incorrect callback transport.'); } } catch (Exception $ex) { //Display error and redirect to login page $this->_flashMessenger->addMessage($ex->getMessage()); $this->_helper->redirector->gotoRoute(array(), 'login'); } }
/** * Authentication callback * * This method handles the `final` callback from Opauth * to verify the response, handle errors and pass handling * of user profile to the Provider class. * * @since 1.0 */ public function callback() { // Create a new Opauth instance without triggering authentication $opauth = new Opauth($this->config, false); try { // only GET/POST supported switch ($opauth->env['callback_transport']) { case 'post': $response = maybe_unserialize(base64_decode($_POST['opauth'])); break; case 'get': $response = maybe_unserialize(base64_decode($_GET['opauth'])); break; default: throw new Exception('Opauth unsupported transport callback'); } $validation_reason = null; // check for error response if (array_key_exists('error', $response)) { throw new Exception('Response error'); } elseif (empty($response['auth']) || empty($response['timestamp']) || empty($response['signature']) || empty($response['auth']['provider']) || empty($response['auth']['uid'])) { // ensure required data throw new Exception('Invalid auth response - missing required components'); } elseif (!$opauth->validate(sha1(print_r($response['auth'], true)), $response['timestamp'], $response['signature'], $validation_reason)) { // validate response has not been modified throw new Exception(sprintf('Invalid auth response - %s', $validation_reason)); } } catch (Exception $e) { // log error messages and response data $GLOBALS['wc_social_login']->log(sprintf('Error: %s, Response: %s', $e->getMessage(), print_r($response, true))); $this->redirect('error'); } // valid response, get provider $provider = $GLOBALS['wc_social_login']->get_provider(strtolower($response['auth']['provider'])); $profile = new WC_Social_Login_Provider_Profile($response['auth']); // Let the provider handle processing user profile and logging in $user_id = $provider->process_profile($profile); // Redirect back to where we came from $this->redirect(null, $user_id); }
/** * Assign opauth expected route params then run. */ public function run() { $this->env['params'][0] = Request::$current->param('strategy'); $this->env['params'][1] = Request::$current->param('callback'); parent::run(); }
*/ define('CONF_FILE', dirname(__FILE__) . '/' . 'opauth.conf.php'); define('OPAUTH_LIB_DIR', dirname(dirname(__FILE__)) . '/lib/Opauth/'); /** * Load config */ if (!file_exists(CONF_FILE)) { trigger_error('Config file missing at ' . CONF_FILE, E_USER_ERROR); exit; } require CONF_FILE; /** * Instantiate Opauth with the loaded config but not run automatically */ require OPAUTH_LIB_DIR . 'Opauth.php'; $Opauth = new Opauth($config, false); /** * Fetch auth response, based on transport configuration for callback */ $response = null; switch ($Opauth->env['callback_transport']) { case 'session': session_start(); $response = $_SESSION['opauth']; unset($_SESSION['opauth']); break; case 'post': $response = unserialize(base64_decode($_POST['opauth'])); break; case 'get': $response = unserialize(base64_decode($_GET['opauth']));
public function endpoint() { if ($this->Auth->user()) { $this->set('redirect_to', array('plugin' => null, 'controller' => 'users', 'action' => 'linked')); } else { $this->set('redirect_to', array('plugin' => null, 'controller' => 'users', 'action' => 'login')); } $Opauth = new Opauth(Configure::read('Opauth'), false); /** * Fetch auth response, based on transport configuration for callback */ $response = null; switch ($Opauth->env['callback_transport']) { case 'session': $response = $_SESSION['opauth']; unset($_SESSION['opauth']); break; case 'post': $response = unserialize(base64_decode($_POST['opauth'])); break; case 'get': $response = unserialize(base64_decode($_GET['opauth'])); break; default: $this->Session->setFlash('Unsupported callback_transport.', 'flash', array('type' => 'error')); return $this->render('endpoint'); break; } /** * Check if it's an error callback */ if (array_key_exists('error', $response)) { $this->Session->setFlash('Authentication error: Opauth returns error auth response.', 'flash', array('type' => 'error')); } else { if (empty($response['auth']) || empty($response['timestamp']) || empty($response['signature']) || empty($response['auth']['provider']) || empty($response['auth']['uid'])) { $this->Session->setFlash('Invalid auth response: Missing key auth response components.', 'flash', array('type' => 'error')); } elseif (!$Opauth->validate(sha1(print_r($response['auth'], true)), $response['timestamp'], $response['signature'], $reason)) { $this->Session->setFlash(sprintf('Invalid auth response: %s', $reason), 'flash', array('type' => 'error')); } else { /** * It's all good. Go ahead with your application-specific authentication logic */ if (!$this->Auth->user()) { $auth = $this->User->Authentication->find('first', array('conditions' => array('Authentication.provider' => $response['auth']['provider'], 'Authentication.identifier' => $response['auth']['uid']), 'contain' => array('User'))); if (!empty($auth)) { $this->Auth->login($auth['User']); $this->set('redirect_to', array('plugin' => null, 'controller' => 'users', 'action' => 'play', 'demo')); } else { if (($id = $this->User->register($response, User::REGISTER_SOCIAL)) != false) { $auth = $this->User->find('first', array('conditions' => array('User.id' => $id))); $this->Auth->login($auth['User']); $this->set('redirect_to', array('plugin' => null, 'controller' => 'users', 'action' => 'play', 'demo')); } else { $this->set('redirect_to', array('plugin' => null, 'controller' => 'users', 'action' => 'login')); } } } else { if (!$this->User->Authentication->hasAny(array('Authentication.user_id' => $this->Auth->user('id'), 'Authentication.provider' => $response['auth']['provider']))) { $data = array('Authentication' => array('user_id' => $this->Auth->user('id'), 'provider' => $response['auth']['provider'], 'identifier' => $response['auth']['uid'], 'email' => $data['auth']['info']['email'], 'display_name' => $data['auth']['info']['name'], 'avatar' => $data['auth']['info']['image'])); $this->User->Authentication->create(); if ($this->User->Authentication->save($data)) { $this->Session->setFlash('Social linked succesfully', 'flash', array('type' => 'success')); } } else { $this->Session->setFlash('Social was linked already', 'flash', array('type' => 'error')); } } } } }