public function create(RecordInterface $record)
{
if ($record->hasFields('status', 'name', 'email', 'url', 'title', 'description')) {
$record->consumerKey = Security::generateToken();
$record->consumerSecret = Security::generateToken();
$date = new DateTime('NOW', $this->registry['core.default_timezone']);
$record->date = $date->format(DateTime::SQL);
$this->table->insert($record->getData());
$record->id = $this->sql->getLastInsertId();
$this->notify(RecordAbstract::INSERT, $record);
return $record;
} else {
throw new Exception('Missing field in record');
}
}
public function onPost()
{
try {
$email = $this->post->email('string', array(new Filter\Length(3, 64), new Filter\Email()));
$captcha = $this->post->captcha('string');
// check captcha if anonymous
$captchaProvider = Captcha::factory($this->config['amun_captcha']);
if (!$captchaProvider->verify($captcha)) {
throw new Exception('Invalid captcha');
}
if (!$this->validate->hasError()) {
$handler = $this->getHandler('AmunService\\User\\Account');
$account = $handler->getOneByIdentity(sha1($this->config['amun_salt'] . $email), array('id', 'name', 'status', 'email'), Sql::FETCH_OBJECT);
if ($account instanceof Account\Record) {
if (!in_array($account->status, array(Account\Record::NORMAL, Account\Record::ADMINISTRATOR))) {
throw new Exception('Account has an invalid status');
}
if (!empty($account->email)) {
$token = Security::generateToken();
$link = $this->page->getUrl() . '/login/resetPw?token=' . $token;
$date = new DateTime('NOW', $this->registry['core.default_timezone']);
// update status
$account->setStatus(Account\Record::RECOVER);
$account->setToken($token);
$handler->update($account);
// send mail
$values = array('account.name' => $account->name, 'host.name' => $this->base->getHost(), 'recover.ip' => $_SERVER['REMOTE_ADDR'], 'recover.link' => $this->page->getUrl() . '/resetPw?token=' . $token, 'recover.date' => $date->format($this->registry['core.format_date']));
$mail = new Mail($this->registry);
$mail->send('LOGIN_RECOVER', $account->email, $values);
$this->template->assign('success', true);
} else {
throw new Exception('No public email address is set for this account');
}
} else {
throw new Exception('Account does not exist');
}
} else {
throw new Exception($this->validate->getLastError());
}
} catch (\Exception $e) {
$this->template->assign('error', $e->getMessage());
}
}
public function create(RecordInterface $record)
{
if ($record->hasFields('url', 'type')) {
$record->globalId = $this->base->getUUID('vcshook:' . uniqid());
$record->userId = $this->user->getId();
$record->secret = Security::generateToken(40);
// check whether project exists
$type = TypeAbstract::factory($record->type);
if (!$type->hasProject($record->url)) {
throw new Exception('Project doesnt exist');
}
$date = new DateTime('NOW', $this->registry['core.default_timezone']);
$record->date = $date->format(DateTime::SQL);
$this->table->insert($record->getData());
$record->id = $this->sql->getLastInsertId();
$this->notify(RecordAbstract::INSERT, $record);
return $record;
} else {
throw new Exception('Missing field in record');
}
}
public function testRequest()
{
// discover endpoints
$yadis = new Yadis($this->http);
$xrds = $yadis->discover(new Url($this->config['psx_url']));
// get oauth request uri
$requestUri = null;
foreach ($xrds->getService() as $service) {
if (in_array('http://oauth.net/core/1.0/endpoint/request', $service->getType())) {
$requestUri = $service->getUri();
break;
}
}
$this->assertEquals(true, !empty($requestUri), 'Could not find http://oauth.net/core/1.0/endpoint/request in xrds');
// get request token
$response = $this->oauth->requestToken(new Url($requestUri), $this->consumerKey, $this->consumerSecret);
$this->assertEquals(true, strlen($response->getToken()) > 4, $this->http->getResponse());
$this->assertEquals(true, strlen($response->getTokenSecret()) > 4, $this->http->getResponse());
$token = $response->getToken();
$tokenSecret = $response->getTokenSecret();
// since we can not login and approve the request we do this manually in
// the table
$verifier = Security::generateToken(32);
$con = new Condition(array('token', '=', $token));
$this->sql->update($this->registry['table.oauth_request'], array('userId' => 1, 'status' => Oauth\Record::APPROVED, 'verifier' => $verifier), $con);
// get oauth access uri
$accessUri = null;
foreach ($xrds->getService() as $service) {
if (in_array('http://oauth.net/core/1.0/endpoint/access', $service->getType())) {
$accessUri = $service->getUri();
break;
}
}
$this->assertEquals(true, !empty($accessUri), 'Could not find http://oauth.net/core/1.0/endpoint/access in xrds');
// get access token
$response = $this->oauth->accessToken(new Url($accessUri), $this->consumerKey, $this->consumerSecret, $token, $tokenSecret, $verifier);
$this->assertEquals(true, strlen($response->getToken()) > 4, $this->http->getResponse());
$this->assertEquals(true, strlen($response->getTokenSecret()) > 4, $this->http->getResponse());
}
private function handleOauthExt()
{
$consumerKey = isset($this->oauth['consumer']) ? $this->oauth['consumer'] : null;
$row = $this->getHandler('AmunService\\Openid')->getOneByConsumerKey($consumerKey);
if (!empty($row)) {
$token = Security::generateToken(40);
$verifier = Security::generateToken(32);
$date = new DateTime('NOW', $this->registry['core.default_timezone']);
$this->getSql()->insert($this->registry['table.oauth_request'], array('apiId' => $row['id'], 'userId' => $this->user->getId(), 'status' => Oauth\Record::APPROVED, 'ip' => $_SERVER['REMOTE_ADDR'], 'nonce' => Security::generateToken(16), 'callback' => 'oob', 'token' => $token, 'tokenSecret' => '', 'verifier' => $verifier, 'timestamp' => time(), 'expire' => 'PT30M', 'date' => $date->format(DateTime::SQL)));
// insert access
$this->getSql()->replace($this->registry['table.oauth_access'], array('apiId' => $row['id'], 'userId' => $this->user->getId(), 'allowed' => 1, 'date' => $date->format(DateTime::SQL)));
// return params
$params = array();
$params['openid.ns.oauth'] = Extension\Oauth::NS;
$params['openid.oauth.request_token'] = $token;
$params['openid.oauth.verifier'] = $verifier;
return $params;
} else {
throw new Exception('Invalid consumer');
}
}
protected function getResponse(Provider\Consumer $consumer, Provider\Request $request)
{
if ($this->nonce == $request->getNonce()) {
throw new Exception('Nonce hasnt changed');
}
if ($this->verifier != $request->getVerifier()) {
throw new Exception('Invalid verifier');
}
// the access token can be used six month
$expire = 'P6M';
// generate a new access token
$token = Security::generateToken();
$tokenSecret = Security::generateToken();
$date = new DateTime('NOW', $this->registry['core.default_timezone']);
$con = new Condition(array('id', '=', $this->requestId));
$this->sql->update($this->registry['table.oauth_request'], array('status' => Oauth\Record::ACCESS, 'token' => $token, 'tokenSecret' => $tokenSecret, 'expire' => $expire, 'date' => $date->format(DateTime::SQL)), $con);
$response = new Provider\Response();
$response->setToken($token);
$response->setTokenSecret($tokenSecret);
return $response;
}
private function allowAccess($token, $callback, $insertAccess = true)
{
// insert or update access
if ($insertAccess) {
$now = new DateTime('NOW', $this->registry['core.default_timezone']);
$this->getSql()->replace($this->registry['table.oauth_access'], array('apiId' => $this->apiId, 'userId' => $this->user->getId(), 'allowed' => 1, 'date' => $now->format(DateTime::SQL)));
$accessId = $this->getSql()->getLastInsertId();
// insert rights
$this->insertAppRights($accessId);
}
// approve token
$verifier = Security::generateToken(32);
$con = new Condition(array('token', '=', $token));
$this->getSql()->update($this->registry['table.oauth_request'], array('userId' => $this->user->getId(), 'status' => Oauth\Record::APPROVED, 'verifier' => $verifier), $con);
// redirect if callback available
if ($callback != 'oob') {
$url = new Url($callback);
$url->addParam('oauth_token', $token);
$url->addParam('oauth_verifier', $verifier);
header('Location: ' . strval($url));
exit;
} else {
$this->template->assign('verifier', $verifier);
}
}
public function create(RecordInterface $record)
{
if ($record->hasFields('groupId', 'status', 'identity', 'name', 'pw')) {
// check whether identity exists
$con = new Condition();
$con->add('identity', '=', $record->identity);
if ($this->table->count($con) > 0) {
throw new Exception('Identity already exists');
}
// check whether name and hostid exists
$con = new Condition();
$con->add('hostId', '=', !empty($record->hostId) ? $record->hostId : 0);
$con->add('name', '=', $record->name);
if ($this->table->count($con) > 0) {
throw new Exception('Identity already exists');
}
// default values
if (!isset($record->countryId)) {
$record->setCountryId(1);
}
if (!isset($record->timezone)) {
$record->setTimezone('UTC');
}
$date = new DateTime('NOW', $this->registry['core.default_timezone']);
$record->token = Security::generateToken();
$record->ip = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '127.0.0.1';
$record->lastSeen = $date->format(DateTime::SQL);
$record->updated = $date->format(DateTime::SQL);
$record->date = $date->format(DateTime::SQL);
// set host id if we have an remote host discover the profile url
if (empty($record->hostId)) {
$record->hostId = 0;
$record->profileUrl = $this->config['psx_url'] . '/' . $this->config['psx_dispatch'] . 'profile/' . $record->name;
} else {
$record->status = Record::REMOTE;
$record->profileUrl = $this->discoverProfileUrl($record->hostId, $record->name);
}
// set global id
if (!isset($record->globalId)) {
$profileUrl = new Url($record->profileUrl);
$record->globalId = $this->base->getUUID('user:account:' . $profileUrl->getHost() . ':' . $record->name . ':' . uniqid());
}
// set thumbnail if email available and thumbnail not set
if (!isset($record->thumbnailUrl)) {
$default = $this->config['psx_url'] . '/img/avatar/no_image.png';
if (!empty($record->email)) {
$record->thumbnailUrl = 'http://www.gravatar.com/avatar/' . md5(strtolower(trim($record->email))) . '?d=' . urlencode($default) . '&s=48';
} else {
$record->thumbnailUrl = $default;
}
}
$this->table->insert($record->getData());
$record->id = $this->sql->getLastInsertId();
// insert relation to self
$this->sql->insert($this->registry['table.user_friend'], array('status' => Friend\Record::NORMAL, 'userId' => $record->id, 'friendId' => $record->id, 'date' => $date->format(DateTime::SQL)));
$this->notify(RecordAbstract::INSERT, $record);
return $record;
} else {
throw new Exception('Missing field in record');
}
}
protected function getResponse(Provider\Consumer $consumer, Provider\Request $request)
{
// we check how often this ip has requested an token ... because
// of security reasons each consumer can have max 5 request tokens
$maxCount = 5;
$ip = $_SERVER['REMOTE_ADDR'];
$con = new Condition(array('ip', '=', $ip), array('status', '=', Oauth\Record::TEMPORARY));
$count = $this->sql->count($this->registry['table.oauth_request'], $con);
if ($count >= $maxCount) {
$conDelete = new Condition();
$result = $this->sql->select($this->registry['table.oauth_request'], array('id', 'expire', 'date'), $con, Sql::SELECT_ALL);
foreach ($result as $row) {
$now = new DateTime('NOW', $this->registry['core.default_timezone']);
$date = new DateTime($row['date'], $this->registry['core.default_timezone']);
$date->add(new DateInterval($row['expire']));
if ($now > $date) {
$conDelete->add('id', '=', $row['id'], 'OR');
}
}
if ($conDelete->hasCondition()) {
$this->sql->delete($this->registry['table.oauth_request'], $conDelete);
}
throw new Exception('You can only have max. ' . $maxCount . ' active request tokens');
}
// get nonce
$nonce = $request->getNonce();
// assign callback
$callback = $request->getCallback();
// generate tokens
$token = Security::generateToken();
$tokenSecret = Security::generateToken();
// we save the timestamp in the request but because it comes from
// the user we doesnt use them to check the expire date
$timestamp = $request->getTimestamp();
// you have 30 minutes to authorize the request token and to exchange
// them for an access token
$expire = 'PT30M';
$date = new DateTime('NOW', $this->registry['core.default_timezone']);
$this->sql->insert($this->registry['table.oauth_request'], array('apiId' => $this->apiId, 'status' => Oauth\Record::TEMPORARY, 'ip' => $ip, 'nonce' => $nonce, 'callback' => $callback, 'token' => $token, 'tokenSecret' => $tokenSecret, 'timestamp' => $timestamp, 'expire' => $expire, 'date' => $date->format(DateTime::SQL)));
$response = new Provider\Response();
$response->setToken($token);
$response->setTokenSecret($tokenSecret);
return $response;
}
