/**
* Gets the package_update.xml from an update server.
*
* @param \wcf\data\package\update\server\PackageUpdateServer $updateServer
* @param boolean $forceHTTP
*/
protected function getPackageUpdateXML(PackageUpdateServer $updateServer, $forceHTTP = false)
{
$settings = array();
$authData = $updateServer->getAuthData();
if ($authData) {
$settings['auth'] = $authData;
}
$secureConnection = $updateServer->attemptSecureConnection();
if ($secureConnection && !$forceHTTP) {
$settings['timeout'] = 5;
}
$request = new HTTPRequest($updateServer->getListURL($forceHTTP), $settings);
if ($updateServer->apiVersion == '2.1') {
$metaData = $updateServer->getMetaData();
if (isset($metaData['list']['etag'])) {
$request->addHeader('if-none-match', $metaData['list']['etag']);
}
if (isset($metaData['list']['lastModified'])) {
$request->addHeader('if-modified-since', $metaData['list']['lastModified']);
}
}
try {
$request->execute();
$reply = $request->getReply();
} catch (HTTPUnauthorizedException $e) {
throw new PackageUpdateUnauthorizedException($request, $updateServer);
} catch (SystemException $e) {
$reply = $request->getReply();
$statusCode = is_array($reply['statusCode']) ? reset($reply['statusCode']) : $reply['statusCode'];
// status code 0 is a connection timeout
if (!$statusCode && $secureConnection) {
if (preg_match('~https?://(?:update|store)\\.woltlab\\.com~', $updateServer->serverURL)) {
// woltlab.com servers are most likely to be available, thus we assume that SSL connections are dropped
RemoteFile::disableSSL();
}
// retry via http
$this->getPackageUpdateXML($updateServer, true);
return;
}
throw new SystemException(WCF::getLanguage()->get('wcf.acp.package.update.error.listNotFound') . ' (' . $statusCode . ')');
}
// parse given package update xml
$allNewPackages = false;
if ($updateServer->apiVersion == '2.0' || $reply['statusCode'] != 304) {
$allNewPackages = $this->parsePackageUpdateXML($reply['body']);
}
$data = array('lastUpdateTime' => TIME_NOW, 'status' => 'online', 'errorMessage' => '');
// check if server indicates support for a newer API
if ($updateServer->apiVersion == '2.0' && !empty($reply['httpHeaders']['wcf-update-server-api'])) {
$apiVersions = explode(' ', reset($reply['httpHeaders']['wcf-update-server-api']));
if (in_array('2.1', $apiVersions)) {
$data['apiVersion'] = '2.1';
}
}
$metaData = array();
if ($updateServer->apiVersion == '2.1' || isset($data['apiVersion']) && $data['apiVersion'] == '2.1') {
if (empty($reply['httpHeaders']['etag']) && empty($reply['httpHeaders']['last-modified'])) {
throw new SystemException("Missing required HTTP headers 'etag' and 'last-modified'.");
} else {
if (empty($reply['httpHeaders']['wcf-update-server-ssl'])) {
throw new SystemException("Missing required HTTP header 'wcf-update-server-ssl'.");
}
}
$metaData['list'] = array();
if (!empty($reply['httpHeaders']['etag'])) {
$metaData['list']['etag'] = reset($reply['httpHeaders']['etag']);
}
if (!empty($reply['httpHeaders']['last-modified'])) {
$metaData['list']['lastModified'] = reset($reply['httpHeaders']['last-modified']);
}
$metaData['ssl'] = reset($reply['httpHeaders']['wcf-update-server-ssl']) == 'true' ? true : false;
}
$data['metaData'] = serialize($metaData);
unset($request, $reply);
if ($allNewPackages !== false) {
// purge package list
$sql = "DELETE FROM\twcf" . WCF_N . "_package_update\n\t\t\t\tWHERE\t\tpackageUpdateServerID = ?";
$statement = WCF::getDB()->prepareStatement($sql);
$statement->execute(array($updateServer->packageUpdateServerID));
// save packages
if (!empty($allNewPackages)) {
$this->savePackageUpdates($allNewPackages, $updateServer->packageUpdateServerID);
}
unset($allNewPackages);
}
// update server status
$updateServerEditor = new PackageUpdateServerEditor($updateServer);
$updateServerEditor->update($data);
}
/**
* @see \wcf\action\IAction::execute()
*/
public function execute()
{
parent::execute();
// user accepted
if (isset($_GET['oauth_token']) && isset($_GET['oauth_verifier'])) {
// fetch data created in the first step
$initData = WCF::getSession()->getVar('__twitterInit');
WCF::getSession()->unregister('__twitterInit');
if (!$initData) {
throw new IllegalLinkException();
}
// validate oauth_token
if ($_GET['oauth_token'] !== $initData['oauth_token']) {
throw new IllegalLinkException();
}
try {
// fetch access_token
$oauthHeader = array('oauth_consumer_key' => StringUtil::trim(TWITTER_PUBLIC_KEY), 'oauth_nonce' => StringUtil::getRandomID(), 'oauth_signature_method' => 'HMAC-SHA1', 'oauth_timestamp' => TIME_NOW, 'oauth_version' => '1.0', 'oauth_token' => $initData['oauth_token']);
$postData = array('oauth_verifier' => $_GET['oauth_verifier']);
$signature = $this->createSignature('https://api.twitter.com/oauth/access_token', array_merge($oauthHeader, $postData));
$oauthHeader['oauth_signature'] = $signature;
$request = new HTTPRequest('https://api.twitter.com/oauth/access_token', array(), $postData);
$request->addHeader('Authorization', 'OAuth ' . $this->buildOAuthHeader($oauthHeader));
$request->execute();
$reply = $request->getReply();
$content = $reply['body'];
} catch (SystemException $e) {
// force logging
$e->getExceptionID();
throw new IllegalLinkException();
}
parse_str($content, $data);
// check whether a user is connected to this twitter account
$user = $this->getUser($data['user_id']);
if ($user->userID) {
// a user is already connected, but we are logged in, break
if (WCF::getUser()->userID) {
throw new NamedUserException(WCF::getLanguage()->get('wcf.user.3rdparty.twitter.connect.error.inuse'));
} else {
if (UserAuthenticationFactory::getInstance()->getUserAuthentication()->supportsPersistentLogins()) {
$password = StringUtil::getRandomID();
$userEditor = new UserEditor($user);
$userEditor->update(array('password' => $password));
// reload user to retrieve salt
$user = new User($user->userID);
UserAuthenticationFactory::getInstance()->getUserAuthentication()->storeAccessData($user, $user->username, $password);
}
WCF::getSession()->changeUser($user);
WCF::getSession()->update();
HeaderUtil::redirect(LinkHandler::getInstance()->getLink());
}
} else {
WCF::getSession()->register('__3rdPartyProvider', 'twitter');
// save data for connection
if (WCF::getUser()->userID) {
WCF::getSession()->register('__twitterUsername', $data['screen_name']);
WCF::getSession()->register('__twitterData', $data);
HeaderUtil::redirect(LinkHandler::getInstance()->getLink('AccountManagement') . '#3rdParty');
} else {
// fetch user data
$twitterData = null;
try {
$request = new HTTPRequest('https://api.twitter.com/1.1/users/show.json?screen_name=' . $data['screen_name']);
$request->execute();
$reply = $request->getReply();
$twitterData = json_decode($reply['body'], true);
} catch (SystemException $e) {
/* ignore errors */
}
WCF::getSession()->register('__username', $data['screen_name']);
if ($twitterData !== null) {
$data = $twitterData;
}
WCF::getSession()->register('__twitterData', $data);
// we assume that bots won't register on twitter first
// thus no need for a captcha
if (REGISTER_USE_CAPTCHA) {
WCF::getSession()->register('noRegistrationCaptcha', true);
}
WCF::getSession()->update();
HeaderUtil::redirect(LinkHandler::getInstance()->getLink('Register'));
}
}
$this->executed();
exit;
}
// user declined
if (isset($_GET['denied'])) {
throw new NamedUserException(WCF::getLanguage()->get('wcf.user.3rdparty.twitter.login.error.denied'));
}
// start auth by fetching request_token
try {
$callbackURL = LinkHandler::getInstance()->getLink('TwitterAuth', array('appendSession' => false));
$oauthHeader = array('oauth_callback' => $callbackURL, 'oauth_consumer_key' => StringUtil::trim(TWITTER_PUBLIC_KEY), 'oauth_nonce' => StringUtil::getRandomID(), 'oauth_signature_method' => 'HMAC-SHA1', 'oauth_timestamp' => TIME_NOW, 'oauth_version' => '1.0');
$signature = $this->createSignature('https://api.twitter.com/oauth/request_token', $oauthHeader);
$oauthHeader['oauth_signature'] = $signature;
// call api
$request = new HTTPRequest('https://api.twitter.com/oauth/request_token', array('method' => 'POST'));
$request->addHeader('Authorization', 'OAuth ' . $this->buildOAuthHeader($oauthHeader));
$request->execute();
$reply = $request->getReply();
$content = $reply['body'];
} catch (SystemException $e) {
// force logging
$e->getExceptionID();
throw new IllegalLinkException();
}
parse_str($content, $data);
if ($data['oauth_callback_confirmed'] != 'true') {
throw new IllegalLinkException();
}
WCF::getSession()->register('__twitterInit', $data);
// redirect to twitter
HeaderUtil::redirect('https://api.twitter.com/oauth/authenticate?oauth_token=' . rawurlencode($data['oauth_token']));
$this->executed();
exit;
}
/**
* @see \wcf\action\IAction::execute()
*/
public function execute()
{
parent::execute();
$callbackURL = LinkHandler::getInstance()->getLink('GoogleAuth', array('appendSession' => false));
// user accepted the connection
if (isset($_GET['code'])) {
try {
// fetch access_token
$request = new HTTPRequest('https://accounts.google.com/o/oauth2/token', array(), array('code' => $_GET['code'], 'client_id' => StringUtil::trim(GOOGLE_PUBLIC_KEY), 'client_secret' => StringUtil::trim(GOOGLE_PRIVATE_KEY), 'redirect_uri' => $callbackURL, 'grant_type' => 'authorization_code'));
$request->execute();
$reply = $request->getReply();
$content = $reply['body'];
} catch (SystemException $e) {
// force logging
$e->getExceptionID();
throw new IllegalLinkException();
}
// validate state, validation of state is executed after fetching the access_token to invalidate 'code'
if (!isset($_GET['state']) || $_GET['state'] != WCF::getSession()->getVar('__googleInit')) {
throw new IllegalLinkException();
}
WCF::getSession()->unregister('__googleInit');
$data = JSON::decode($content);
try {
// fetch userdata
$request = new HTTPRequest('https://www.googleapis.com/plus/v1/people/me');
$request->addHeader('Authorization', 'Bearer ' . $data['access_token']);
$request->execute();
$reply = $request->getReply();
$content = $reply['body'];
} catch (SystemException $e) {
// force logging
$e->getExceptionID();
throw new IllegalLinkException();
}
$userData = JSON::decode($content);
// check whether a user is connected to this google account
$user = $this->getUser($userData['id']);
if ($user->userID) {
// a user is already connected, but we are logged in, break
if (WCF::getUser()->userID) {
throw new NamedUserException(WCF::getLanguage()->get('wcf.user.3rdparty.google.connect.error.inuse'));
} else {
if (UserAuthenticationFactory::getInstance()->getUserAuthentication()->supportsPersistentLogins()) {
$password = StringUtil::getRandomID();
$userEditor = new UserEditor($user);
$userEditor->update(array('password' => $password));
// reload user to retrieve salt
$user = new User($user->userID);
UserAuthenticationFactory::getInstance()->getUserAuthentication()->storeAccessData($user, $user->username, $password);
}
WCF::getSession()->changeUser($user);
WCF::getSession()->update();
HeaderUtil::redirect(LinkHandler::getInstance()->getLink());
}
} else {
WCF::getSession()->register('__3rdPartyProvider', 'google');
// save data for connection
if (WCF::getUser()->userID) {
WCF::getSession()->register('__googleUsername', $userData['displayName']);
WCF::getSession()->register('__googleData', $userData);
HeaderUtil::redirect(LinkHandler::getInstance()->getLink('AccountManagement') . '#3rdParty');
} else {
WCF::getSession()->register('__username', $userData['displayName']);
if (isset($userData['emails'][0]['value'])) {
WCF::getSession()->register('__email', $userData['emails'][0]['value']);
}
WCF::getSession()->register('__googleData', $userData);
// we assume that bots won't register on google first
// thus no need for a captcha
if (REGISTER_USE_CAPTCHA) {
WCF::getSession()->register('noRegistrationCaptcha', true);
}
WCF::getSession()->update();
HeaderUtil::redirect(LinkHandler::getInstance()->getLink('Register'));
}
}
$this->executed();
exit;
}
// user declined or any other error that may occur
if (isset($_GET['error'])) {
throw new NamedUserException(WCF::getLanguage()->get('wcf.user.3rdparty.google.login.error.' . $_GET['error']));
}
// start auth by redirecting to google
$token = StringUtil::getRandomID();
WCF::getSession()->register('__googleInit', $token);
HeaderUtil::redirect("https://accounts.google.com/o/oauth2/auth?client_id=" . rawurlencode(StringUtil::trim(GOOGLE_PUBLIC_KEY)) . "&redirect_uri=" . rawurlencode($callbackURL) . "&state=" . $token . "&scope=profile+email&response_type=code");
$this->executed();
exit;
}
