/**
* @return string
*/
protected function _toHtml()
{
if ($this->dataHelper->isActive()) {
return parent::_toHtml();
}
return '';
}
/**
* Get Application Token from FB cookie
*
* @return string
* @throws \RuntimeException
*/
public function getToken()
{
$app_id = $this->dataHelper->getAppId();
$secret = $this->dataHelper->getAppSecret();
if ($data = $this->cookie->getParsedCookie()) {
if (isset($data['code'])) {
$url = sprintf(self::FB_REQUEST_URL, $app_id, $secret, $data['code']);
$tokenResponse = $this->getFbData($url);
parse_str($tokenResponse, $signedRequest);
if (isset($signedRequest['access_token'])) {
return $signedRequest['access_token'];
}
throw new \RuntimeException('Access Token not found');
}
throw new \RuntimeException('Request code not found');
} else {
throw new \RuntimeException('False Signed Request');
}
}
/**
* Decode and parce FB cookie
*
* @return array|NULL
* @throws \RuntimeException
*/
private function parseCookie()
{
if (!empty($this->fbCookie)) {
if (list($encoded_sig, $payload) = explode('.', $this->fbCookie, 2)) {
// decode the data
$sig = $this->base64UrlDecode($encoded_sig);
$data = json_decode($this->base64UrlDecode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
throw new \RuntimeException('Unknown algorithm. Expected HMAC-SHA256');
}
$secret = $this->dataHelper->getAppSecret();
// Adding the verification of the signed_request below
$expected_sig = hash_hmac('sha256', $payload, $secret, true);
if ($sig !== $expected_sig) {
throw new \RuntimeException('Bad Signed JSON signature!');
}
return $data;
}
}
return null;
}
/**
* Return applicaton Id
* @return string
*/
public function getAppId()
{
return $this->dataHelper->getAppId();
}
