/** * @return string */ protected function _toHtml() { if ($this->dataHelper->isActive()) { return parent::_toHtml(); } return ''; }
/** * Get Application Token from FB cookie * * @return string * @throws \RuntimeException */ public function getToken() { $app_id = $this->dataHelper->getAppId(); $secret = $this->dataHelper->getAppSecret(); if ($data = $this->cookie->getParsedCookie()) { if (isset($data['code'])) { $url = sprintf(self::FB_REQUEST_URL, $app_id, $secret, $data['code']); $tokenResponse = $this->getFbData($url); parse_str($tokenResponse, $signedRequest); if (isset($signedRequest['access_token'])) { return $signedRequest['access_token']; } throw new \RuntimeException('Access Token not found'); } throw new \RuntimeException('Request code not found'); } else { throw new \RuntimeException('False Signed Request'); } }
/** * Decode and parce FB cookie * * @return array|NULL * @throws \RuntimeException */ private function parseCookie() { if (!empty($this->fbCookie)) { if (list($encoded_sig, $payload) = explode('.', $this->fbCookie, 2)) { // decode the data $sig = $this->base64UrlDecode($encoded_sig); $data = json_decode($this->base64UrlDecode($payload), true); if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') { throw new \RuntimeException('Unknown algorithm. Expected HMAC-SHA256'); } $secret = $this->dataHelper->getAppSecret(); // Adding the verification of the signed_request below $expected_sig = hash_hmac('sha256', $payload, $secret, true); if ($sig !== $expected_sig) { throw new \RuntimeException('Bad Signed JSON signature!'); } return $data; } } return null; }
/** * Return applicaton Id * @return string */ public function getAppId() { return $this->dataHelper->getAppId(); }