/**
* Get authentication URL.
*
* @param array $params Auth parameters.
* @return string
*/
function getAuthURL(array $params = array())
{
$params[RublonAuthParams::FIELD_VERSION] = $this->getVersionDate();
$authString = array();
if (!empty($params)) {
$authString['consumerParams'] = RublonSignatureWrapper::wrap($this->getSecretKey(), $params);
}
$authString[RublonAuthParams::FIELD_SYSTEM_TOKEN] = $this->getSystemToken();
$authString[RublonAuthParams::FIELD_LANG] = $this->getLang();
$authString[RublonAuthParams::FIELD_WINDOW_TYPE] = 'window';
return $this->getAPIDomain() . $this->urlPath . urlencode(base64_encode(json_encode($authString)));
}
public function retrieveRegistrationForm()
{
$temp_key = RublonSignatureWrapper::generateRandomString(self::SECRET_KEY_LENGTH);
$this->saveInitialParameters($temp_key, time());
$reg_form = $this->getRegistrationForm();
return $reg_form;
}
/**
* Handle state logout: parse input and call logout for given user.
*
* @throws MissingField_RublonClientException
* @throws RublonException
*/
protected function handleStateLogout()
{
if ($input = file_get_contents("php://input")) {
$message = RublonSignatureWrapper::parseMessage($input, $this->getRublon()->getSecretKey());
$requiredFields = array(self::FIELD_LOGOUT_ACCESS_TOKEN, self::FIELD_LOGOUT_USER_ID, self::FIELD_LOGOUT_DEVICE_ID);
foreach ($requiredFields as $field) {
if (empty($message[$field])) {
$response = array('status' => 'ERROR', 'msg' => 'Missing field.', 'field' => $field);
break;
}
}
if (empty($response)) {
$this->handleLogout($message['userId'], $message['deviceId']);
$response = array('status' => 'OK', 'msg' => 'Success');
}
} else {
$response = array('status' => 'ERROR', 'msg' => 'Empty JSON input.');
}
header('content-type: application/json');
echo json_encode($response);
exit;
}
/**
* Get signed script input parameters.
*
* @return string
*/
protected function getParamsWrapper()
{
if ($this->getRublon()->isConfigured()) {
$wrapper = new RublonSignatureWrapper();
$wrapper->setSecretKey($this->getRublon()->getSecretKey());
$wrapper->setBody($this->getParams());
return (string) $wrapper;
} else {
return json_encode($this->getParams());
}
}
/**
* Get the consumer parameters wrapper to apply in the Rublon button.
*
* Returns the Signature Wrapper-signed consumer params
* to apply in the HTML wrapper of the Rublon button.
*
* @return array|NULL
*/
public function getConsumerParamsWrapper()
{
$consumerParams = $this->getConsumerParams();
if (!empty($consumerParams)) {
return RublonSignatureWrapper::wrap($this->getRublon()->getSecretKey(), $consumerParams);
} else {
return null;
}
}
/**
* Parse signed message.
*
* @throws Exception
* @param mixed $jsonStr
* @param string $secretKey
* @param array $config
* @return mixed
*/
static function parseMessage($jsonStr, $secretKey, $config = array())
{
if (empty($secretKey)) {
throw new RublonException('Empty secret');
}
if (empty($jsonStr)) {
throw new RublonException('Empty response', RublonException::CODE_INVALID_RESPONSE);
}
// Verify response JSON
$response = json_decode($jsonStr, true);
if (empty($response)) {
throw new RublonException('Invalid response: ' . $jsonStr, RublonException::CODE_INVALID_RESPONSE);
}
if (!empty($response[self::FIELD_STATUS]) and $response[self::FIELD_STATUS] == self::STATUS_ERROR) {
$msg = isset($response[self::FIELD_MSG]) ? $response[self::FIELD_STATUS] : 'Error response: ' . $jsonStr;
throw new RublonException($msg, RublonException::CODE_INVALID_RESPONSE);
}
if (empty($response[self::FIELD_DATA])) {
throw new RublonException('Missing data field', RublonException::CODE_INVALID_RESPONSE);
}
if (empty($response[self::FIELD_SIGN])) {
throw new RublonException('Missing sign field', RublonException::CODE_INVALID_RESPONSE);
}
if (!RublonSignatureWrapper::verifyData($response[self::FIELD_DATA], $secretKey, $response[self::FIELD_SIGN])) {
throw new RublonException('Invalid signature', RublonException::CODE_INVALID_RESPONSE);
}
// Verify data field
$data = json_decode($response[self::FIELD_DATA], true);
if (empty($data) or !is_array($data)) {
throw new RublonException('Invalid response', RublonException::CODE_INVALID_RESPONSE);
}
if (!isset($data[self::FIELD_HEAD]) or !is_array($data[self::FIELD_HEAD]) or empty($data[self::FIELD_HEAD])) {
throw new RublonException('Invalid response data (invalid header)', RublonException::CODE_INVALID_RESPONSE);
}
// Verify head field
$head = $data[self::FIELD_HEAD];
if (empty($config[self::CONFIG_SKIP_TIME]) and !(isset($head[self::FIELD_HEAD_TIME]) and abs(time() - $head[self::FIELD_HEAD_TIME]) <= self::MESSAGE_LIFETIME)) {
throw new RublonException('Invalid message time', RublonException::CODE_TIMESTAMP_ERROR);
}
if (!isset($data[self::FIELD_BODY]) or !is_string($data[self::FIELD_BODY])) {
throw new RublonException('Invalid response data (no body)', RublonException::CODE_INVALID_RESPONSE);
}
// Verify body field
$body = json_decode($data[self::FIELD_BODY], true);
if (is_array($body) and !empty($body)) {
return $body;
} else {
return $data[self::FIELD_BODY];
}
}
/**
* Parse signed message.
*
* @throws Exception
* @param mixed $jsonStr
* @param string $secretKey
* @param array $config
* @return mixed
*/
static function parseMessage($jsonStr, $secretKey, $config = array())
{
if (empty($secretKey)) {
throw new RublonException('Invalid API response', RublonException::CODE_INVALID_RESPONSE_EMPTY_SECRET_KEY);
}
if (empty($jsonStr)) {
throw new RublonException('Empty API response', RublonException::CODE_INVALID_RESPONSE_EMPTY_JSON_STRING);
}
// Verify response JSON
$response = json_decode($jsonStr, true);
if (empty($response)) {
throw new RublonException('Cannot parse empty API response: ' . $jsonStr, RublonException::CODE_EMPTY_JSON_RESPONSE);
}
if (!empty($response[self::FIELD_STATUS]) and $response[self::FIELD_STATUS] == self::STATUS_ERROR) {
$msg = isset($response[self::FIELD_MSG]) ? $response[self::FIELD_MSG] : 'Cannot parse incorrect API response';
throw new RublonException($msg, RublonException::CODE_API_RESPONSE_STATUS_ERROR);
}
if (empty($response[self::FIELD_DATA])) {
throw new RublonException('Invalid API response', RublonException::CODE_INVALID_RESPONSE_MISSING_JSON_DATA_FIELD);
}
if (empty($response[self::FIELD_SIGN])) {
throw new RublonException('Invalid API response', RublonException::CODE_INVALID_RESPONSE_MISSING_JSON_SIGN_FIELD);
}
if (!RublonSignatureWrapper::verifyData($response[self::FIELD_DATA], $secretKey, $response[self::FIELD_SIGN])) {
throw new RublonException('Invalid signature', RublonException::CODE_INVALID_RESPONSE_INVALID_SIGNATURE);
}
// Verify data field
$data = json_decode($response[self::FIELD_DATA], true);
if (empty($data) or !is_array($data)) {
throw new RublonException('Invalid API response', RublonException::CODE_INVALID_RESPONSE_INVALID_JSON_DATA_FIELD);
}
if (!isset($data[self::FIELD_HEAD]) or !is_array($data[self::FIELD_HEAD]) or empty($data[self::FIELD_HEAD])) {
throw new RublonException('Invalid API response', RublonException::CODE_INVALID_RESPONSE_INVALID_JSON_HEAD_FIELD);
}
// Verify head field
$head = $data[self::FIELD_HEAD];
if (empty($config[self::CONFIG_SKIP_TIME]) and !(isset($head[self::FIELD_HEAD_TIME]) and abs(time() - $head[self::FIELD_HEAD_TIME]) <= self::MESSAGE_LIFETIME)) {
throw new RublonException('Invalid message time', RublonException::CODE_TIMESTAMP_ERROR);
}
if (!isset($data[self::FIELD_BODY]) or !is_string($data[self::FIELD_BODY])) {
throw new RublonException('Invalid API response', RublonException::CODE_INVALID_RESPONSE_MISSING_JSON_BODY_FIELD);
}
// Verify body field
$body = json_decode($data[self::FIELD_BODY], true);
if (is_array($body) and !empty($body)) {
return $body;
} else {
return $data[self::FIELD_BODY];
}
}
/**
* Get System Token from base64 parameter.
*
* @param string $data Base64 decoded data
* @return bool If the sign is valid return true the false
* @throws RublonException
*/
protected function parseSystemToken($data)
{
$body = RublonSignatureWrapper::parseMessage(base64_decode(urldecode($data)), $this->getTempKey());
return $body[self::FIELD_SYSTEM_TOKEN];
}
