private function getUser($string)
{
$parts = explode('=', trim($string));
if (isset($parts[0]) && $parts[0] === 'userId') {
return User::find($parts[1]);
}
}
/**
* @param Request $request
* @return Request
*/
protected function logIn(Request $request)
{
$header = $request->getHeaderLine('authorization');
$parts = explode(';', $header);
$actor = new Guest();
if (isset($parts[0]) && starts_with($parts[0], $this->prefix)) {
$token = substr($parts[0], strlen($this->prefix));
if (($accessToken = AccessToken::find($token)) && $accessToken->isValid()) {
$actor = $accessToken->user;
$actor->updateLastSeen()->save();
} elseif (isset($parts[1]) && ($apiKey = ApiKey::valid($token))) {
$userParts = explode('=', trim($parts[1]));
if (isset($userParts[0]) && $userParts[0] === 'userId') {
$actor = User::find($userParts[1]);
}
}
}
if ($actor->exists) {
$locale = $actor->getPreference('locale');
} else {
$locale = array_get($request->getCookieParams(), 'locale');
}
if ($locale && $this->locales->hasLocale($locale)) {
$this->locales->setLocale($locale);
}
return $request->withAttribute('actor', $actor ?: new Guest());
}
/**
* @param ServerRequestInterface $request
*
* @return \Psr\Http\Message\ResponseInterface
*/
public function handle(ServerRequestInterface $request)
{
$userId = array_get($request->getQueryParams(), 'id');
$testCheck = new Ip(User::find($userId));
$testCheck->run();
return json_encode($testCheck->getReport());
}
private function getActor(SessionInterface $session)
{
$actor = User::find($session->get('user_id')) ?: new Guest();
if ($actor->exists) {
$actor->updateLastSeen()->save();
}
return $actor;
}
/**
* @param Request $request
* @return \Psr\Http\Message\ResponseInterface
* @throws TokenMismatchException
*/
public function handle(Request $request)
{
$session = $request->getAttribute('session');
$response = new RedirectResponse($this->app->url());
if ($user = User::find($session->get('user_id'))) {
if (array_get($request->getQueryParams(), 'token') !== $session->get('csrf_token')) {
throw new TokenMismatchException();
}
$this->authenticator->logOut($session);
$user->accessTokens()->delete();
$this->events->fire(new UserLoggedOut($user));
$response = $this->rememberer->forget($response);
}
return $response;
}
/**
* @param Request $request
* @throws SingleSOException
* @return \Psr\Http\Message\ResponseInterface|JsonResponse|JsonpResponse
*/
public function createLogoutTokenResponse(Request $request)
{
$params = $request->getQueryParams();
// Get the user session.
$session = $request->getAttribute('session');
// Get the Flarum user if authenticated.
$user_id = $session ? $session->get('user_id') : null;
$user = $user_id ? User::find($user_id) : null;
// Success flag.
$success = 0;
$message = null;
// Flag to logout user.
$logout = false;
// If there a managed user, possibly log out.
if ($user && isset($user->singleso_id)) {
// Load settings, check success.
$authSettings = SingleSO::settingsAuth($this->settings, false);
if (!$authSettings) {
$message = 'Invalid configuration.';
} else {
// Verify token.
if (!SingleSO::logoutTokenVerify($user->singleso_id, $authSettings['client_secret'], array_get($params, 'token'))) {
$message = 'Invalid token.';
} else {
// Remember to do logout.
$logout = true;
// User is logged out.
$success = 1;
}
}
} else {
// No user to logout.
$success = -1;
}
// Create the response data.
$responseData = ['success' => $success];
if ($message) {
$responseData['message'] = $message;
}
$response = null;
// Get the JSONP callback if present.
$callback = array_get($params, 'callback');
// Try to create response or convert failure to catchable exception.
try {
// If a JSONP callback, use JSONP, else JSON.
$response = $callback ? new JsonpResponse($responseData, $callback) : new JsonResponse($responseData);
} catch (InvalidArgumentException $ex) {
throw new SingleSOException([$ex->getMessage() . '.']);
}
// Logout the current user if set to do.
if ($logout) {
// Remember the state after destroying session.
$sessionData = $this->sessionStateGet($session);
// Trigger the actual logout.
$this->authenticator->logOut($session);
$user->accessTokens()->delete();
$this->events->fire(new UserLoggedOut($user));
$response = $this->rememberer->forget($response);
// Set the state back on the new session if existed.
if ($sessionData) {
$this->sessionStateSet($session, $sessionData);
}
}
return $response;
}
