/**
* auth service callback
* @param Base $f3
* @param $params
*/
function callback(\Base $f3, $params)
{
$Opauth = new \Opauth($this->config, false);
switch ($Opauth->env['callback_transport']) {
case 'session':
$response = $f3->get('SESSION.opauth');
$f3->clear('SESSION.opauth');
break;
case 'post':
$response = unserialize(base64_decode($f3->get('POST.opauth')));
break;
case 'get':
$response = unserialize(base64_decode($f3->get('GET.opauth')));
break;
default:
$f3->error(400, 'Unsupported callback_transport');
break;
}
if (isset($response['error'])) {
$f3->call($this->abortFunc, array($response));
return;
}
$data = $response['auth'];
// validate
if (empty($data) || empty($response['timestamp']) || empty($response['signature']) || empty($data['provider']) || empty($data['uid'])) {
$f3->error(400, 'Invalid auth response: Missing key auth response components');
} elseif (!$Opauth->validate(sha1(print_r($data, true)), $response['timestamp'], $response['signature'], $reason)) {
$f3->error(400, 'Invalid auth response: ' . $reason);
} else {
// It's all good
$f3->call($this->successFunc, array($data));
}
}
private function callback()
{
global $wgOpauthConfig;
/**
* Instantiate Opauth with the loaded config but not run automatically
*/
$Opauth = new Opauth($wgOpauthConfig, false);
/**
* Fetch auth response, based on transport configuration for callback
*/
$response = null;
switch ($Opauth->env['callback_transport']) {
case 'session':
session_start();
$response = $_SESSION['opauth'];
unset($_SESSION['opauth']);
break;
case 'post':
$response = unserialize(base64_decode($_POST['opauth']));
break;
case 'get':
$response = unserialize(base64_decode($_GET['opauth']));
break;
default:
die('<strong style="color: red;">Error: </strong>Unsupported callback_transport.' . "<br>\n");
break;
}
/**
* Check if it's an error callback
*/
if (array_key_exists('error', $response)) {
die('<strong style="color: red;">Authentication error: </strong> Opauth returns error auth response.' . "<br>\n");
print_r($response);
die;
}
/**
* Auth response validation
*
* To validate that the auth response received is unaltered, especially auth response that
* is sent through GET or POST.
*/
if (empty($response['auth']) || empty($response['timestamp']) || empty($response['signature']) || empty($response['auth']['provider']) || empty($response['auth']['uid'])) {
echo '<strong style="color: red;">Invalid auth response: </strong>Missing key auth response components.' . "<br>\n";
print_r($response);
die;
} elseif (!$Opauth->validate(sha1(print_r($response['auth'], true)), $response['timestamp'], $response['signature'], $reason)) {
echo '<strong style="color: red;">Invalid auth response: </strong>' . $reason . ".<br>\n";
print_r($response);
die;
}
//echo( '<strong style="color: green;">OK: </strong>Auth response is validated.'."<br>\n" );
/**
* It's all good. Go ahead with your application-specific authentication logic
*/
// echo "<pre>".print_r($response,1)."</pre>";
// die();
wfRunHooks('OpauthUserAuthorized', array(strtolower($response['auth']['provider']), $response['auth']['uid'], $response['auth']['info'], $response['auth']));
}
/**
* @return LoginProviderEntity
* @throws \Nette\InvalidStateException
* @throws \Nette\InvalidArgumentException
*/
protected function createLoginProviderEntity()
{
$type = $this->getOpauthType();
$params = array('path' => $this->getCallbackUrl(), 'callback_url' => $this->getCallbackUrl(), 'Strategy' => array($type => $this->getConfig()));
Debugger::$maxLen = 10000;
$this->opauth = new Opauth($params, FALSE);
$this->opauth->strategy = Strings::lower($type);
$response = null;
switch ($this->opauth->env['callback_transport']) {
case 'session':
$response = $_SESSION['opauth'];
unset($_SESSION['opauth']);
break;
case 'post':
$response = unserialize(base64_decode($_POST['opauth']));
break;
case 'get':
$response = unserialize(base64_decode($_GET['opauth']));
break;
default:
throw new InvalidArgumentException("Unsupported callback transport.");
break;
}
if ($response === NULL) {
if (isset($_GET['_opauth_action'])) {
$action = explode('/', $_GET['_opauth_action']);
$this->opauth->action = $action[1];
}
$this->opauth->run();
}
if (array_key_exists('error', $response)) {
throw new InvalidStateException($response['error']['message']);
}
if (empty($response['auth']) || empty($response['timestamp']) || empty($response['signature']) || empty($response['auth']['provider']) || empty($response['auth']['uid'])) {
throw new InvalidStateException('Invalid auth response: Missing key auth response components');
} elseif (!$this->opauth->validate(sha1(print_r($response['auth'], true)), $response['timestamp'], $response['signature'], $reason)) {
throw new InvalidStateException('Invalid auth response: ' . $reason);
}
$ret = new LoginProviderEntity($response['auth']['uid'], static::getType());
$this->fillLoginEntity($ret, $response['auth']['raw']);
return $ret;
}
/**
*
*
* @return void
*/
public function callback()
{
$config = Config::get('opauth');
$Opauth = new Opauth($config, FALSE);
if (!session_id()) {
session_start();
}
$response = isset($_SESSION['opauth']) ? $_SESSION['opauth'] : array();
$err_msg = null;
unset($_SESSION['opauth']);
if (array_key_exists('error', $response)) {
$err_msg = 'Authentication error:Opauth returns error auth response.';
} else {
if (empty($response['auth']) || empty($response['timestamp']) || empty($response['signature']) || empty($response['auth']['provider']) || empty($response['auth']['uid'])) {
$err_msg = 'Invalid auth response: Missing key auth response components.';
} elseif (!$Opauth->validate(sha1(print_r($response['auth'], true)), $response['timestamp'], $response['signature'], $reason)) {
$err_msg = 'Invalid auth response: ' . $reason;
}
}
if ($err_msg) {
return Redirect::to('account/login')->with('error', $err_msg);
} else {
$email = $response['auth']['info']['email'];
$authentication = new Authentication();
$authentication->provider = $response['auth']['provider'];
$authentication->provider_uid = $response['auth']['uid'];
$authentication_exist = Authentication::where('provider', $authentication->provider)->where('provider_uid', '=', $authentication->provider_uid)->first();
if (!$authentication_exist) {
if (Sentry::check()) {
$user = Sentry::getUser();
$authentication->user_id = $user->id;
} else {
try {
$user = Sentry::getUserProvider()->findByLogin($email);
} catch (Cartalyst\Sentry\Users\UserNotFoundException $e) {
$user = Sentry::register(array('first_name' => $response['auth']['info']['first_name'], 'last_name' => $response['auth']['info']['last_name'], 'email' => $email, 'password' => Str::random(14)), TRUE);
}
$authentication->user_id = $user->id;
}
$authentication->save();
} else {
$user = Sentry::getUserProvider()->findById($authentication_exist->user_id);
Sentry::login($user);
Session::put('user_image', $response['auth']['info']['image']);
return Redirect::to('/');
}
}
}
/**
* Call
*
* @return bool|void
*/
public function call()
{
$options = $this->injectors;
$app = $this->app;
$that = $this;
$callback = function ($req, $res, $next) use($that, $app, $options) {
$opauth = new OPAuthService($options, false);
$response = unserialize(base64_decode($app->input->data('opauth')));
$reason = null;
$auth = false;
if (isset($response['error'])) {
$reason = $response['error'];
} else {
if (empty($response['auth']) || empty($response['timestamp']) || empty($response['signature']) || empty($response['auth']['provider']) || empty($response['auth']['uid'])) {
$reason = 'Missing key auth response components';
} elseif (!$opauth->validate(sha1(print_r($response['auth'], true)), $response['timestamp'], $response['signature'], $_reason)) {
$reason = $_reason;
} else {
$auth = $response['auth'];
}
}
$req->auth = $auth;
$req->auth_error = $reason;
$next();
};
$init = function ($req, $res, $next) use($options) {
if (isset($options['Strategy'][$req->params['strategy']])) {
new OPAuthService($options);
} else {
$next();
}
};
// Register url routes
$app->post($options['callback_url'], $callback, $options['callback']);
$app->get($options['login_url'] . '/:strategy', $init);
$app->all($options['login_url'] . '/:strategy/:return', $init);
$this->next();
}
public function action_callback()
{
$_opauth = new Opauth($this->_config, false);
switch ($_opauth->env['callback_transport']) {
case 'session':
session_start();
$response = $_SESSION['opauth'];
$s = var_export($_SESSION, true);
unset($_SESSION['opauth']);
break;
}
if (array_key_exists('error', $response)) {
return $this->login_failed();
} else {
if (empty($response['auth']) || empty($response['timestamp']) || empty($response['signature']) || empty($response['auth']['provider']) || empty($response['auth']['uid'])) {
return $this->login_failed();
} elseif (!$_opauth->validate(sha1(print_r($response['auth'], true)), $response['timestamp'], $response['signature'], $reason)) {
return $this->login_failed();
} else {
return $this->opauth_login($response);
}
}
}
/**
* Authentication callback
*
* This method handles the `final` callback from Opauth
* to verify the response, handle errors and pass handling
* of user profile to the Provider class.
*
* @since 1.0
*/
public function callback()
{
// Create a new Opauth instance without triggering authentication
$opauth = new Opauth($this->config, false);
try {
// only GET/POST supported
switch ($opauth->env['callback_transport']) {
case 'post':
$response = maybe_unserialize(base64_decode($_POST['opauth']));
break;
case 'get':
$response = maybe_unserialize(base64_decode($_GET['opauth']));
break;
default:
throw new Exception('Opauth unsupported transport callback');
}
$validation_reason = null;
// check for error response
if (array_key_exists('error', $response)) {
throw new Exception('Response error');
} elseif (empty($response['auth']) || empty($response['timestamp']) || empty($response['signature']) || empty($response['auth']['provider']) || empty($response['auth']['uid'])) {
// ensure required data
throw new Exception('Invalid auth response - missing required components');
} elseif (!$opauth->validate(sha1(print_r($response['auth'], true)), $response['timestamp'], $response['signature'], $validation_reason)) {
// validate response has not been modified
throw new Exception(sprintf('Invalid auth response - %s', $validation_reason));
}
} catch (Exception $e) {
// log error messages and response data
$GLOBALS['wc_social_login']->log(sprintf('Error: %s, Response: %s', $e->getMessage(), print_r($response, true)));
$this->redirect('error');
}
// valid response, get provider
$provider = $GLOBALS['wc_social_login']->get_provider(strtolower($response['auth']['provider']));
$profile = new WC_Social_Login_Provider_Profile($response['auth']);
// Let the provider handle processing user profile and logging in
$user_id = $provider->process_profile($profile);
// Redirect back to where we came from
$this->redirect(null, $user_id);
}
break;
case 'get':
$response = unserialize(base64_decode($_GET['opauth']));
break;
default:
echo '<strong style="color: red;">Error: </strong>Unsupported callback_transport.' . "<br>\n";
break;
}
/**
* Check if it's an error callback
*/
if (array_key_exists('error', $response)) {
echo '<strong style="color: red;">Authentication error: </strong> Opauth returns error auth response.' . "<br>\n";
} else {
if (empty($response['auth']) || empty($response['timestamp']) || empty($response['signature']) || empty($response['auth']['provider']) || empty($response['auth']['uid'])) {
echo '<strong style="color: red;">Invalid auth response: </strong>Missing key auth response components.' . "<br>\n";
} elseif (!$Opauth->validate(sha1(print_r($response['auth'], true)), $response['timestamp'], $response['signature'], $reason)) {
echo '<strong style="color: red;">Invalid auth response: </strong>' . $reason . ".<br>\n";
} else {
echo '<strong style="color: green;">OK: </strong>Auth response is validated.' . "<br>\n";
/**
* It's all good. Go ahead with your application-specific authentication logic
*/
}
}
/**
* Auth response dump
*/
echo "<pre>";
print_r($response);
echo "</pre>";
/**
* @param string|null $strategy
* @return IOpauthIdentity
* @throws InvalidArgumentException
* @throws InvalidLoginException
*/
public function callback($strategy)
{
if ($strategy === NULL) {
throw new InvalidLoginException('No auth response. Probably user cancelled the process.');
}
if ($this->isFakeStrategy($strategy)) {
if ($this->config['debug'] != true) {
throw new InvalidLoginException("Fake login available only in debug mode!");
}
return $this->createIdentity(array('uid' => "123123123", 'info' => array('name' => "Chuck Norris", 'image' => "http://placekitten.com/465/465"), 'raw' => array('link' => "http://www.google.com/search?q=chuck+norris", 'email' => "*****@*****.**", 'given_name' => "Chuck", 'family_name' => "Norris"), 'provider' => 'Google'));
}
$Opauth = new \Opauth($this->config, false);
$response = null;
switch ($Opauth->env['callback_transport']) {
case 'session':
$response = $_SESSION['opauth'];
unset($_SESSION['opauth']);
break;
case 'post':
$response = unserialize(base64_decode($_POST['opauth']));
break;
case 'get':
$response = unserialize(base64_decode($_GET['opauth']));
break;
default:
throw new InvalidArgumentException("Unsupported callback transport.");
break;
}
if (array_key_exists('error', $response)) {
throw new InvalidLoginException($response['error']['message']);
}
if (empty($response['auth']) || empty($response['timestamp']) || empty($response['signature']) || empty($response['auth']['provider']) || empty($response['auth']['uid'])) {
throw new InvalidLoginException('Invalid auth response: Missing key auth response components');
} elseif (!$Opauth->validate(sha1(print_r($response['auth'], true)), $response['timestamp'], $response['signature'], $reason)) {
throw new InvalidLoginException('Invalid auth response: ' . $reason);
}
\Nette\Diagnostics\Debugger::barDump($response['auth'], 'authInfo');
return $this->createIdentity($response['auth']);
}
public function endpoint()
{
if ($this->Auth->user()) {
$this->set('redirect_to', array('plugin' => null, 'controller' => 'users', 'action' => 'linked'));
} else {
$this->set('redirect_to', array('plugin' => null, 'controller' => 'users', 'action' => 'login'));
}
$Opauth = new Opauth(Configure::read('Opauth'), false);
/**
* Fetch auth response, based on transport configuration for callback
*/
$response = null;
switch ($Opauth->env['callback_transport']) {
case 'session':
$response = $_SESSION['opauth'];
unset($_SESSION['opauth']);
break;
case 'post':
$response = unserialize(base64_decode($_POST['opauth']));
break;
case 'get':
$response = unserialize(base64_decode($_GET['opauth']));
break;
default:
$this->Session->setFlash('Unsupported callback_transport.', 'flash', array('type' => 'error'));
return $this->render('endpoint');
break;
}
/**
* Check if it's an error callback
*/
if (array_key_exists('error', $response)) {
$this->Session->setFlash('Authentication error: Opauth returns error auth response.', 'flash', array('type' => 'error'));
} else {
if (empty($response['auth']) || empty($response['timestamp']) || empty($response['signature']) || empty($response['auth']['provider']) || empty($response['auth']['uid'])) {
$this->Session->setFlash('Invalid auth response: Missing key auth response components.', 'flash', array('type' => 'error'));
} elseif (!$Opauth->validate(sha1(print_r($response['auth'], true)), $response['timestamp'], $response['signature'], $reason)) {
$this->Session->setFlash(sprintf('Invalid auth response: %s', $reason), 'flash', array('type' => 'error'));
} else {
/**
* It's all good. Go ahead with your application-specific authentication logic
*/
if (!$this->Auth->user()) {
$auth = $this->User->Authentication->find('first', array('conditions' => array('Authentication.provider' => $response['auth']['provider'], 'Authentication.identifier' => $response['auth']['uid']), 'contain' => array('User')));
if (!empty($auth)) {
$this->Auth->login($auth['User']);
$this->set('redirect_to', array('plugin' => null, 'controller' => 'users', 'action' => 'play', 'demo'));
} else {
if (($id = $this->User->register($response, User::REGISTER_SOCIAL)) != false) {
$auth = $this->User->find('first', array('conditions' => array('User.id' => $id)));
$this->Auth->login($auth['User']);
$this->set('redirect_to', array('plugin' => null, 'controller' => 'users', 'action' => 'play', 'demo'));
} else {
$this->set('redirect_to', array('plugin' => null, 'controller' => 'users', 'action' => 'login'));
}
}
} else {
if (!$this->User->Authentication->hasAny(array('Authentication.user_id' => $this->Auth->user('id'), 'Authentication.provider' => $response['auth']['provider']))) {
$data = array('Authentication' => array('user_id' => $this->Auth->user('id'), 'provider' => $response['auth']['provider'], 'identifier' => $response['auth']['uid'], 'email' => $data['auth']['info']['email'], 'display_name' => $data['auth']['info']['name'], 'avatar' => $data['auth']['info']['image']));
$this->User->Authentication->create();
if ($this->User->Authentication->save($data)) {
$this->Session->setFlash('Social linked succesfully', 'flash', array('type' => 'success'));
}
} else {
$this->Session->setFlash('Social was linked already', 'flash', array('type' => 'error'));
}
}
}
}
}
/**
* Callback action. Redirected after auth
*/
public function callbackAction()
{
$response = null;
try {
$opauth = new Opauth($this->_opauthConfig, false);
if (isset($opauth->env['callback_transport']) && $opauth->env['callback_transport'] == 'session') {
if (isset($_SESSION['opauth'])) {
$response = $_SESSION['opauth'];
unset($_SESSION['opauth']);
/**
* Check if it's an error callback
*/
if (array_key_exists('error', $response)) {
throw new Zend_Controller_Action_Exception('Opauth returns error auth response');
} else {
if (empty($response['auth']) || empty($response['timestamp']) || empty($response['signature']) || empty($response['auth']['provider']) || empty($response['auth']['uid'])) {
throw new Zend_Controller_Action_Exception('Invalid auth response: Missing key auth response components.');
} elseif (!$opauth->validate(sha1(print_r($response['auth'], true)), $response['timestamp'], $response['signature'], $reason)) {
//Auth response validation error
throw new Zend_Controller_Action_Exception('Invalid auth response: ' . $reason);
} else {
//Auth Ok!
$this->_oauthLogin($response);
}
}
} else {
throw new Zend_Controller_Action_Exception('Auth session is empty.');
}
} else {
throw new Zend_Controller_Action_Exception('Incorrect callback transport.');
}
} catch (Exception $ex) {
//Display error and redirect to login page
$this->_flashMessenger->addMessage($ex->getMessage());
$this->_helper->redirector->gotoRoute(array(), 'login');
}
}
