public function actionExternal()
{
$this->_assertPostOnly();
$providerCode = $this->_input->filterSingle('provider', XenForo_Input::STRING);
$provider = bdApiConsumer_Option::getProviderByCode($providerCode);
if (empty($provider)) {
return $this->responseNoPermission();
}
$externalUserId = $this->_input->filterSingle('external_user_id', XenForo_Input::UINT);
if (empty($externalUserId)) {
return $this->responseNoPermission();
}
if (!bdApiConsumer_Helper_Api::verifyJsSdkSignature($provider, $_REQUEST)) {
return $this->responseNoPermission();
}
$userModel = $this->_getUserModel();
/** @var bdApiConsumer_XenForo_Model_UserExternal $userExternalModel */
$userExternalModel = $this->getModelFromCache('XenForo_Model_UserExternal');
$existingAssoc = $userExternalModel->getExternalAuthAssociation($userExternalModel->bdApiConsumer_getProviderCode($provider), $externalUserId);
if (!empty($existingAssoc)) {
$accessToken = $userExternalModel->bdApiConsumer_getAccessTokenFromAuth($provider, $existingAssoc);
if (empty($accessToken)) {
// no access token in the auth, consider no auth at all
$existingAssoc = null;
}
}
if (empty($existingAssoc)) {
$autoRegister = bdApiConsumer_Option::get('autoRegister');
if ($autoRegister === 'on' or $autoRegister === 'id_sync') {
// we have to do a refresh here
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, XenForo_Link::buildPublicLink('canonical:register/external', null, array('provider' => $providerCode, 'reg' => 1, 'redirect' => $this->getDynamicRedirect())), new XenForo_Phrase('bdapi_consumer_being_auto_login_auto_register_x', array('provider' => $provider['name'])));
}
}
if (!$existingAssoc) {
return $this->responseError(new XenForo_Phrase('bdapi_consumer_auto_login_with_x_failed', array('provider' => $provider['name'])));
}
$user = $userModel->getFullUserById($existingAssoc['user_id']);
if (empty($user)) {
return $this->responseError(new XenForo_Phrase('requested_user_not_found'));
}
if (XenForo_Application::$versionId > 1050000) {
/** @var XenForo_ControllerHelper_Login $loginHelper */
$loginHelper = $this->getHelper('Login');
if ($loginHelper->userTfaConfirmationRequired($user)) {
$loginHelper->setTfaSessionCheck($user['user_id']);
return $this->responseMessage(new XenForo_Phrase('bdapi_consumer_auto_login_user_x_requires_tfa', array('username' => $user['username'], 'twoStepLink' => XenForo_Link::buildPublicLink('login/two-step', null, array('redirect' => $this->getDynamicRedirect(), 'remember' => 1)))));
}
}
$userModel->setUserRememberCookie($user['user_id']);
XenForo_Model_Ip::log($user['user_id'], 'user', $user['user_id'], 'login_api_consumer');
$userModel->deleteSessionActivity(0, $this->_request->getClientIp(false));
if (XenForo_Application::$versionId < 1050000) {
XenForo_Application::getSession()->changeUserId($user['user_id']);
XenForo_Visitor::setup($user['user_id']);
} else {
$visitor = XenForo_Visitor::setup($user['user_id']);
XenForo_Application::getSession()->userLogin($user['user_id'], $visitor['password_date']);
}
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $this->getDynamicRedirect(), new XenForo_Phrase('bdapi_consumer_auto_login_with_x_succeeded_y', array('provider' => $provider['name'], 'username' => $user['username'])));
}
protected function _bdApiConsumer_tryExternalPasswordResetRequest(array $user)
{
if (!bdApiConsumer_Option::get('takeOver', 'login')) {
return false;
}
$userModel = $this->getModelFromCache('XenForo_Model_User');
$authentication = $userModel->getUserAuthenticationObjectByUserId($user['user_id']);
if ($authentication->hasPassword()) {
return false;
}
$userExternalModel = $this->getModelFromCache('XenForo_Model_UserExternal');
$auths = $userExternalModel->bdApiConsumer_getExternalAuthAssociations($user['user_id']);
if (empty($auths)) {
return false;
}
foreach ($auths as $auth) {
$provider = bdApiConsumer_Option::getProviderByCode($auth['provider']);
if (empty($provider)) {
continue;
}
$accessToken = $userExternalModel->bdApiConsumer_getAccessTokenFromAuth($provider, $auth);
if (empty($accessToken)) {
continue;
}
bdApiConsumer_Helper_Api::postPasswordResetRequest($provider, $accessToken);
}
return true;
}
protected function _prepareAlertAfterAction(array $item, $content, array $viewingUser)
{
$provider = bdApiConsumer_Option::getProviderByCode($item['action']);
if (!empty($provider) && !empty($item['extra']['notification']['notification_html'])) {
$item['notificationHtml'] = strip_tags($item['extra']['notification']['notification_html'], '<a>');
$item['notificationProvider'] = $provider;
}
return $item;
}
public static function updateResponseRedirect(XenForo_Controller $controller, XenForo_ControllerResponse_Redirect $controllerResponse)
{
$action = false;
$userId = 0;
if ($controller instanceof XenForo_ControllerPublic_Login) {
/** @var bdApiConsumer_XenForo_ControllerPublic_Login $controller */
if (XenForo_Visitor::getUserId() > 0 && XenForo_Visitor::getUserId() != $controller->bdApiConsumer_getBeforeLoginVisitorId()) {
// a successful login
$action = 'login';
$userId = XenForo_Visitor::getUserId();
}
} elseif ($controller instanceof XenForo_ControllerPublic_Logout) {
/** @var bdApiConsumer_XenForo_ControllerPublic_Logout $controller */
if (XenForo_Visitor::getUserId() == 0) {
// a successful logout
$action = 'logout';
$userId = $controller->bdApiConsumer_getBeforeLogoutVisitorId();
}
}
if ($action !== false && $userId > 0) {
$redirectTarget = $controllerResponse->redirectTarget;
$originalTarget = $redirectTarget;
/** @var bdApiConsumer_XenForo_Model_UserExternal $userExternalModel */
$userExternalModel = $controller->getModelFromCache('XenForo_Model_UserExternal');
$auths = $userExternalModel->bdApiConsumer_getExternalAuthAssociations($userId);
if (!empty($auths)) {
foreach ($auths as $auth) {
$provider = bdApiConsumer_Option::getProviderByCode($auth['provider']);
if (empty($provider)) {
continue;
}
$accessToken = $userExternalModel->bdApiConsumer_getAccessTokenFromAuth($provider, $auth);
if (empty($accessToken)) {
continue;
}
$ott = bdApiConsumer_Helper_Api::generateOneTimeToken($provider, $auth['provider_key'], $accessToken);
$redirectTarget = XenForo_Link::convertUriToAbsoluteUri($redirectTarget, true);
switch ($action) {
case 'login':
$redirectTarget = bdApiConsumer_Helper_Api::getLoginLink($provider, $ott, $redirectTarget);
break;
case 'logout':
$redirectTarget = bdApiConsumer_Helper_Api::getLogoutLink($provider, $ott, $redirectTarget);
break;
}
}
}
if ($redirectTarget !== $originalTarget) {
$controllerResponse->redirectTarget = $redirectTarget;
}
}
}
public function actionExternal()
{
$this->_assertPostOnly();
$providerCode = $this->_input->filterSingle('provider', XenForo_Input::STRING);
$provider = bdApiConsumer_Option::getProviderByCode($providerCode);
if (empty($provider)) {
return $this->responseNoPermission();
}
$externalUserId = $this->_input->filterSingle('external_user_id', XenForo_Input::UINT);
if (empty($externalUserId)) {
return $this->responseNoPermission();
}
if (!bdApiConsumer_Helper_Api::verifyJsSdkSignature($provider, $_REQUEST)) {
return $this->responseNoPermission();
}
$userModel = $this->_getUserModel();
$userExternalModel = $this->getModelFromCache('XenForo_Model_UserExternal');
$existingAssoc = $userExternalModel->getExternalAuthAssociation($userExternalModel->bdApiConsumer_getProviderCode($provider), $externalUserId);
if (!empty($existingAssoc)) {
$accessToken = $userExternalModel->bdApiConsumer_getAccessTokenFromAuth($provider, $existingAssoc);
if (empty($accessToken)) {
// no access token in the auth, consider no auth at all
$existingAssoc = null;
}
}
if (empty($existingAssoc)) {
$autoRegister = bdApiConsumer_Option::get('autoRegister');
if ($autoRegister === 'on' or $autoRegister === 'id_sync') {
// we have to do a refresh here
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, XenForo_Link::buildPublicLink('canonical:register/external', null, array('provider' => $providerCode, 'reg' => 1, 'redirect' => $this->getDynamicRedirect())), new XenForo_Phrase('bdapi_consumer_being_auto_login_auto_register_x', array('provider' => $provider['name'])));
}
}
if ($existingAssoc and $user = $userModel->getUserById($existingAssoc['user_id'])) {
$userModel->setUserRememberCookie($user['user_id']);
XenForo_Model_Ip::log($user['user_id'], 'user', $user['user_id'], 'login_api_consumer');
$userModel->deleteSessionActivity(0, $this->_request->getClientIp(false));
$session = XenForo_Application::get('session');
$session->changeUserId($user['user_id']);
XenForo_Visitor::setup($user['user_id']);
$message = new XenForo_Phrase('bdapi_consumer_auto_login_with_x_succeeded_y', array('provider' => $provider['name'], 'username' => $user['username']));
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $this->getDynamicRedirect(), $message);
} else {
return $this->responseError(new XenForo_Phrase('bdapi_consumer_auto_login_with_x_failed', array('provider' => $provider['name'])));
}
}
public function actionSecurity()
{
$response = parent::actionSecurity();
if (bdApiConsumer_Option::get('takeOver', 'login')) {
if ($response instanceof XenForo_ControllerResponse_View and !empty($response->subView) and empty($response->subView->params['hasPassword'])) {
$userExternalModel = $this->getModelFromCache('XenForo_Model_UserExternal');
$auths = $userExternalModel->bdApiConsumer_getExternalAuthAssociations(XenForo_Visitor::getUserId());
if (!empty($auths)) {
foreach ($auths as $auth) {
$provider = bdApiConsumer_Option::getProviderByCode($auth['provider']);
$link = bdApiConsumer_Helper_Provider::getAccountSecurityLink($provider);
if (!empty($link)) {
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $link);
}
}
}
}
}
return $response;
}
protected function _handleUserNotificationPings(array $provider, array &$pings)
{
$providerKeys = array();
foreach ($pings as &$pingRef) {
$providerKeys[] = $pingRef['topic_id'];
}
$auths = $this->getModelFromCache('XenForo_Model_UserExternal')->bdApiConsumer_getExternalAuthAssociationsForProviderUser($provider, $providerKeys);
$userIds = array();
foreach ($auths as &$authRef) {
$provider = bdApiConsumer_Option::getProviderByCode($authRef['provider']);
if (empty($provider)) {
continue;
}
$authRef['_provider'] = $provider;
$userIds[] = $authRef['user_id'];
}
$users = $this->getModelFromCache('XenForo_Model_User')->getUsersByIds($userIds, array('join' => XenForo_Model_User::FETCH_USER_OPTION));
foreach ($pings as &$pingRef) {
$auth = null;
foreach ($auths as $_auth) {
if ($_auth['provider_key'] == $pingRef['topic_id']) {
$auth = $_auth;
}
}
if (empty($auth)) {
continue;
}
$user = null;
if (!isset($users[$auth['user_id']])) {
continue;
}
$user = $users[$auth['user_id']];
if ($pingRef['action'] == 'insert' and !empty($pingRef['object_data']['notification_id'])) {
if (XenForo_Model_Alert::userReceivesAlert($user, 'bdapi_consumer', $auth['provider'])) {
$this->getModelFromCache('XenForo_Model_Alert')->bdApiConsumer_alertUser($auth['_provider'], $user, $pingRef['object_data']);
$pingRef['result'] = 'inserted alert';
} else {
$pingRef['result'] = 'user opted out';
}
} elseif ($pingRef['action'] = 'read') {
$this->getModelFromCache('XenForo_Model_Alert')->bdApiConsumer_markAlertsRead($auth['_provider'], $user);
$pingRef['result'] = 'marked as read';
}
}
}
protected function _bdApiConsumer_markExternalAlertsRead(array $viewingUser, array $providerCodes)
{
$userExternalModel = $this->getModelFromCache('XenForo_Model_UserExternal');
$auths = $this->getModelFromCache('XenForo_Model_UserExternal')->bdApiConsumer_getExternalAuthAssociations($viewingUser['user_id']);
foreach ($auths as &$authRef) {
$provider = bdApiConsumer_Option::getProviderByCode($authRef['provider']);
if (empty($provider)) {
continue;
}
if (!in_array($provider['code'], $providerCodes, true)) {
continue;
}
$accessToken = $userExternalModel->bdApiConsumer_getAccessTokenFromAuth($provider, $authRef);
if (empty($accessToken)) {
continue;
}
bdApiConsumer_Helper_Api::postNotificationsRead($provider, $accessToken);
}
}
public function actionExternalRegister()
{
$this->_assertPostOnly();
$redirect = $this->_bdApiConsumer_getRedirect();
$userModel = $this->_getUserModel();
/** @var bdApiConsumer_XenForo_Model_UserExternal $userExternalModel */
$userExternalModel = $this->_getUserExternalModel();
$providerCode = $this->_input->filterSingle('provider', XenForo_Input::STRING);
$provider = bdApiConsumer_Option::getProviderByCode($providerCode);
if (empty($provider)) {
return $this->responseNoPermission();
}
$doAssoc = $this->_input->filterSingle('associate', XenForo_Input::STRING) || $this->_input->filterSingle('force_assoc', XenForo_Input::UINT);
$userId = 0;
if ($doAssoc) {
$associate = $this->_input->filter(array('associate_login' => XenForo_Input::STRING, 'associate_password' => XenForo_Input::STRING));
$loginModel = $this->_getLoginModel();
if ($loginModel->requireLoginCaptcha($associate['associate_login'])) {
return $this->responseError(new XenForo_Phrase('your_account_has_temporarily_been_locked_due_to_failed_login_attempts'));
}
$userId = $userModel->validateAuthentication($associate['associate_login'], $associate['associate_password'], $error);
if (!$userId) {
$loginModel->logLoginAttempt($associate['associate_login']);
return $this->responseError($error);
}
}
$refreshToken = $this->_input->filterSingle('refresh_token', XenForo_Input::STRING);
$externalToken = bdApiConsumer_Helper_Api::getAccessTokenFromRefreshToken($provider, $refreshToken);
if (empty($externalToken)) {
return $this->responseError(new XenForo_Phrase('bdapi_consumer_error_occurred_while_connecting_with_x', array('provider' => $provider['name'])));
}
$externalVisitor = bdApiConsumer_Helper_Api::getVisitor($provider, $externalToken['access_token']);
if (empty($externalVisitor)) {
return $this->responseError(new XenForo_Phrase('bdapi_consumer_error_occurred_while_connecting_with_x', array('provider' => $provider['name'])));
}
if (empty($externalVisitor['user_email'])) {
return $this->responseError(new XenForo_Phrase('bdapi_consumer_x_returned_unknown_error', array('provider' => $provider['name'])));
}
if (isset($externalVisitor['user_is_valid']) and isset($externalVisitor['user_is_verified'])) {
if (empty($externalVisitor['user_is_valid']) or empty($externalVisitor['user_is_verified'])) {
return $this->responseError(new XenForo_Phrase('bdapi_consumer_x_account_not_good_standing', array('provider' => $provider['name'])));
}
}
if ($doAssoc) {
$userExternalModel->bdApiConsumer_updateExternalAuthAssociation($provider, $externalVisitor['user_id'], $userId, array_merge($externalVisitor, array('token' => $externalToken)));
XenForo_Application::getSession()->changeUserId($userId);
XenForo_Visitor::setup($userId);
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect);
}
if (bdApiConsumer_Option::get('bypassRegistrationActive')) {
// do not check for registration active option
} else {
$this->_assertRegistrationActive();
}
$data = $this->_input->filter(array('username' => XenForo_Input::STRING, 'timezone' => XenForo_Input::STRING));
// TODO: custom fields
if (XenForo_Dependencies_Public::getTosUrl() && !$this->_input->filterSingle('agree', XenForo_Input::UINT)) {
return $this->responseError(new XenForo_Phrase('you_must_agree_to_terms_of_service'));
}
$user = bdApiConsumer_Helper_AutoRegister::createUser($data, $provider, $externalToken, $externalVisitor, $this->_getUserExternalModel());
XenForo_Application::getSession()->changeUserId($user['user_id']);
XenForo_Visitor::setup($user['user_id']);
$viewParams = array('user' => $user, 'redirect' => $redirect);
return $this->responseView('XenForo_ViewPublic_Register_Process', 'register_process', $viewParams, $this->_getRegistrationContainerParams());
}
