/** * Sends the OTP writen by the user in the form to the Latch server to check it * if OK stores the appId and secret in the Latch server. * Receives the accountId from the Latch server and stores it in the Mediwiki DB. * @param OTP sent to the mobile phone of the user and writen by user in the Mediawiki pairing form * @ret 1: pairing OK, -1: pairing error */ public static function doPair($otp) { $toRet = -1; //return value=-1, error during unpairing process $api = new Latch(LatchConfig::appId, LatchConfig::secret); //creation of a Latch API object $response = $api->pair($otp); //send the OTP writen by the user in the textbox $data = $response->getData(); //echo( $data->accountId ); if (!is_null($data) && property_exists($data, "accountId")) { $accountId = $data->accountId; dbHelper::storeAccountId($accountId); $toRet = 1; //return value=1, pairing process successful } return $toRet; }
/** * Invoke Latch library for pair an admin account with Latch app * * @param string $token * @param Mage_Admin_Model_User $user Administrator user object * @return array with status and message of the api response */ public function pairAdmin($token, $user = null) { $appId = $this->getApplicationId(); $appSecret = $this->getSecretKey(); $apiUrl = $this->getApiUrl(); if (!empty($appId) && !empty($appSecret) && !empty($token)) { require_once Mage::getBaseDir('lib') . '/Latch/latch.php'; if ($apiUrl) { $api = new Latch($appId, $appSecret, $apiUrl); } else { $api = new Latch($appId, $appSecret); } $apiResponse = $api->pair($token); $responseData = $apiResponse->getData(); if (!empty($responseData)) { $accountId = $responseData->{"accountId"}; } if (!empty($accountId)) { if ($user) { /* @var $user Mage_Admin_Model_User */ $user->setData('latch_id', $accountId); $mustSave = Mage::getSingleton('core/session')->getAdminMustSave(); if ($mustSave) { $user->save(); } return array("status" => 1, "message" => $this->__("The account was linked with Latch successfully.")); } else { return array("status" => 0, "message" => $this->__("Can't link non admin user with Latch.")); } } elseif ($apiResponse->getError() == NULL) { return array("status" => 0, "message" => $this->__("Latch pairing error: Cannot connect to the server. Please, try again later.")); } else { return array("status" => 0, "message" => $this->__("Couldn't link the given token with Latch: ") . $this->__($apiResponse->getError()->getMessage())); } } else { return array("status" => 0, "message" => $this->__("Latch pairing error: Invalid parameters.")); } }
static function wfPrefHook($user, &$preferences) { global $wgUser, $wgRequest, $wgOut; $user_id = ""; $acc_id = ""; $app_id = ""; $secret = ""; $error_msg = ""; $pairResponse = null; # If app_id, secret, user_id and the account_id are already in the DB, we take them SpecialLatch::accDB_appsecret($app_id, $secret); SpecialLatch::accDB_useraccid($wgUser->getId(), $user_id, $acc_id); # We create a new Latch object from the Latch SDK $api = new Latch($app_id, $secret); # We print the Latch preferences SpecialLatch::drawUserPreferences($acc_id, $wgUser, $preferences); # If the Pair button is pressed, we try to pair the account if ($wgRequest->getCheck('latchTokBot')) { # CSRF protection if (!$wgUser->matchEditToken($wgRequest->getVal('hiddToken'))) { return; } else { $pair_token = $wgRequest->getText('latchTok'); # Not empty or extrange characters if (empty($pair_token) || preg_match('/\\.([^\\.]*$)/', $pair_token)) { throw new DBExpectedError(null, wfMsg('latch-error-pair')); } else { $pairResponse = $api->pair($pair_token); $responseData = $pairResponse->getData(); if (!empty($responseData)) { $accountId = $responseData->{"accountId"}; } # If everything is OK, we insert the data in the DB if (!empty($accountId)) { SpecialLatch::insDB_useraccid($wgUser, $accountId); } elseif ($pairResponse->getError() == NULL) { throw new DBExpectedError(null, wfMsg('default-error-pair')); } else { switch ($pairResponse->getError()->getCode()) { case 205: $error_msg = wfMsg('205-pair'); break; case 206: $error_msg = wfMsg('206-pair'); break; case 401: $error_msg = wfMsg('error-401'); break; default: $error_msg = wfMsg('default-error-pair'); break; } throw new DBExpectedError(null, $pairResponse->getError()->getCode() . " - " . $error_msg); } } } } # If the Unpair button is pressed, we try to unpair the account if ($wgRequest->getCheck('latchUnpair')) { SpecialLatch::accDB_useraccid($wgUser->getId(), $user_id, $acc_id); # CSRF protection if (!$wgUser->matchEditToken($wgRequest->getVal('hiddToken'))) { return; } else { $pairResponse = $api->unpair($acc_id); # If Account ID is empty and no error fields are found, there are problems with the connection to the server if ($pairResponse->getError() == NULL) { SpecialLatch::delDB_useraccid($wgUser); } else { switch ($pairResponse->getError()->getCode()) { case 201: $error_msg = wfMsg('201-unpair'); break; case 401: $error_msg = wfMsg('error-401'); break; default: $error_msg = wfMsg('error-unpair'); break; } throw new DBExpectedError(null, $pairResponse->getError()->getCode() . " - " . $error_msg); } } } # We print the Latch preferences again to make sure that nothing strange happens SpecialLatch::drawUserPreferences($acc_id, $wgUser, $preferences); # Required return value of a hook function. return true; }