protected function _init()
{
$app = App::i();
$config = array_merge(['timeout' => '24 hours', 'salt' => 'LT_SECURITY_SALT_SECURITY_SALT_SECURITY_SALT_SECURITY_SALT_SECU', 'login_url' => 'https://www.google.com/accounts/o8/id', 'path' => preg_replace('#^https?\\:\\/\\/[^\\/]*(/.*)#', '$1', $app->createUrl('auth'))], $this->_config);
$opauth_config = ['Strategy' => ['OpenID' => ['identifier_form' => THEMES_PATH . 'active/views/auth-form.php', 'url' => $config['login_url']]], 'security_salt' => $config['salt'], 'security_timeout' => $config['timeout'], 'path' => $config['path'], 'callback_url' => $app->createUrl('auth', 'response')];
$opauth = new \Opauth($opauth_config, false);
$this->opauth = $opauth;
if ($config['logout_url']) {
$app->hook('auth.logout:after', function () use($app, $config) {
$app->redirect($config['logout_url'] . '?next=' . $app->baseUrl);
});
}
// add actions to auth controller
$app->hook('GET(auth.index)', function () use($app) {
$app->redirect($this->createUrl('openid'));
});
$app->hook('<<GET|POST>>(auth.openid)', function () use($opauth, $config) {
$_POST['openid_url'] = $config['login_url'];
$opauth->run();
});
$app->hook('GET(auth.response)', function () use($app) {
$app->auth->processResponse();
if ($app->auth->isUserAuthenticated()) {
$app->redirect($app->auth->getRedirectPath());
} else {
if ($app->config['app.mode'] === 'production') {
$app->redirect($this->createUrl('error'));
} else {
echo '<pre>';
var_dump($this->data, $_POST, $_GET, $_REQUEST, $_SESSION);
die;
}
}
});
}
protected function _init()
{
$app = App::i();
$url = $app->createUrl('auth');
$config = array_merge(['timeout' => '24 hours', 'salt' => 'LT_SECURITY_SALT_SECURITY_SALT_SECURITY_SALT_SECURITY_SALT_SECU', 'client_secret' => '', 'cliente_id' => '', 'path' => preg_replace('#^https?\\:\\/\\/[^\\/]*(/.*)#', '$1', $url)], $this->_config);
$opauth_config = ['strategy_dir' => PROTECTED_PATH . '/vendor/opauth/', 'Strategy' => ['logincidadao' => $config], 'security_salt' => $config['salt'], 'security_timeout' => $config['timeout'], 'host' => preg_replace('#^(https?\\:\\/\\/[^\\/]*)/.*#', '$1', $url), 'path' => $config['path'], 'callback_url' => $app->createUrl('auth', 'response')];
if (isset($config['onCreateRedirectUrl'])) {
$this->onCreateRedirectUrl = $config['onCreateRedirectUrl'];
}
$opauth = new \Opauth($opauth_config, false);
$this->opauth = $opauth;
// add actions to auth controller
$app->hook('GET(auth.index)', function () use($app) {
$app->redirect($this->createUrl('logincidadao'));
});
$app->hook('<<GET|POST>>(auth.logincidadao)', function () use($opauth, $config) {
// $_POST['openid_url'] = $config['login_url'];
$opauth->run();
});
$app->hook('GET(auth.response)', function () use($app) {
$app->auth->processResponse();
if ($app->auth->isUserAuthenticated()) {
$app->redirect($app->auth->getRedirectPath());
} else {
$app->redirect($this->createUrl(''));
}
});
}
/**
* auth service callback
* @param Base $f3
* @param $params
*/
function callback(\Base $f3, $params)
{
$Opauth = new \Opauth($this->config, false);
switch ($Opauth->env['callback_transport']) {
case 'session':
$response = $f3->get('SESSION.opauth');
$f3->clear('SESSION.opauth');
break;
case 'post':
$response = unserialize(base64_decode($f3->get('POST.opauth')));
break;
case 'get':
$response = unserialize(base64_decode($f3->get('GET.opauth')));
break;
default:
$f3->error(400, 'Unsupported callback_transport');
break;
}
if (isset($response['error'])) {
$f3->call($this->abortFunc, array($response));
return;
}
$data = $response['auth'];
// validate
if (empty($data) || empty($response['timestamp']) || empty($response['signature']) || empty($data['provider']) || empty($data['uid'])) {
$f3->error(400, 'Invalid auth response: Missing key auth response components');
} elseif (!$Opauth->validate(sha1(print_r($data, true)), $response['timestamp'], $response['signature'], $reason)) {
$f3->error(400, 'Invalid auth response: ' . $reason);
} else {
// It's all good
$f3->call($this->successFunc, array($data));
}
}
private function callback()
{
global $wgOpauthConfig;
/**
* Instantiate Opauth with the loaded config but not run automatically
*/
$Opauth = new Opauth($wgOpauthConfig, false);
/**
* Fetch auth response, based on transport configuration for callback
*/
$response = null;
switch ($Opauth->env['callback_transport']) {
case 'session':
session_start();
$response = $_SESSION['opauth'];
unset($_SESSION['opauth']);
break;
case 'post':
$response = unserialize(base64_decode($_POST['opauth']));
break;
case 'get':
$response = unserialize(base64_decode($_GET['opauth']));
break;
default:
die('<strong style="color: red;">Error: </strong>Unsupported callback_transport.' . "<br>\n");
break;
}
/**
* Check if it's an error callback
*/
if (array_key_exists('error', $response)) {
die('<strong style="color: red;">Authentication error: </strong> Opauth returns error auth response.' . "<br>\n");
print_r($response);
die;
}
/**
* Auth response validation
*
* To validate that the auth response received is unaltered, especially auth response that
* is sent through GET or POST.
*/
if (empty($response['auth']) || empty($response['timestamp']) || empty($response['signature']) || empty($response['auth']['provider']) || empty($response['auth']['uid'])) {
echo '<strong style="color: red;">Invalid auth response: </strong>Missing key auth response components.' . "<br>\n";
print_r($response);
die;
} elseif (!$Opauth->validate(sha1(print_r($response['auth'], true)), $response['timestamp'], $response['signature'], $reason)) {
echo '<strong style="color: red;">Invalid auth response: </strong>' . $reason . ".<br>\n";
print_r($response);
die;
}
//echo( '<strong style="color: green;">OK: </strong>Auth response is validated.'."<br>\n" );
/**
* It's all good. Go ahead with your application-specific authentication logic
*/
// echo "<pre>".print_r($response,1)."</pre>";
// die();
wfRunHooks('OpauthUserAuthorized', array(strtolower($response['auth']['provider']), $response['auth']['uid'], $response['auth']['info'], $response['auth']));
}
/**
*
*
* @return void
*/
public function callback()
{
$config = Config::get('opauth');
$Opauth = new Opauth($config, FALSE);
if (!session_id()) {
session_start();
}
$response = isset($_SESSION['opauth']) ? $_SESSION['opauth'] : array();
$err_msg = null;
unset($_SESSION['opauth']);
if (array_key_exists('error', $response)) {
$err_msg = 'Authentication error:Opauth returns error auth response.';
} else {
if (empty($response['auth']) || empty($response['timestamp']) || empty($response['signature']) || empty($response['auth']['provider']) || empty($response['auth']['uid'])) {
$err_msg = 'Invalid auth response: Missing key auth response components.';
} elseif (!$Opauth->validate(sha1(print_r($response['auth'], true)), $response['timestamp'], $response['signature'], $reason)) {
$err_msg = 'Invalid auth response: ' . $reason;
}
}
if ($err_msg) {
return Redirect::to('account/login')->with('error', $err_msg);
} else {
$email = $response['auth']['info']['email'];
$authentication = new Authentication();
$authentication->provider = $response['auth']['provider'];
$authentication->provider_uid = $response['auth']['uid'];
$authentication_exist = Authentication::where('provider', $authentication->provider)->where('provider_uid', '=', $authentication->provider_uid)->first();
if (!$authentication_exist) {
if (Sentry::check()) {
$user = Sentry::getUser();
$authentication->user_id = $user->id;
} else {
try {
$user = Sentry::getUserProvider()->findByLogin($email);
} catch (Cartalyst\Sentry\Users\UserNotFoundException $e) {
$user = Sentry::register(array('first_name' => $response['auth']['info']['first_name'], 'last_name' => $response['auth']['info']['last_name'], 'email' => $email, 'password' => Str::random(14)), TRUE);
}
$authentication->user_id = $user->id;
}
$authentication->save();
} else {
$user = Sentry::getUserProvider()->findById($authentication_exist->user_id);
Sentry::login($user);
Session::put('user_image', $response['auth']['info']['image']);
return Redirect::to('/');
}
}
}
/**
* @return LoginProviderEntity
* @throws \Nette\InvalidStateException
* @throws \Nette\InvalidArgumentException
*/
protected function createLoginProviderEntity()
{
$type = $this->getOpauthType();
$params = array('path' => $this->getCallbackUrl(), 'callback_url' => $this->getCallbackUrl(), 'Strategy' => array($type => $this->getConfig()));
Debugger::$maxLen = 10000;
$this->opauth = new Opauth($params, FALSE);
$this->opauth->strategy = Strings::lower($type);
$response = null;
switch ($this->opauth->env['callback_transport']) {
case 'session':
$response = $_SESSION['opauth'];
unset($_SESSION['opauth']);
break;
case 'post':
$response = unserialize(base64_decode($_POST['opauth']));
break;
case 'get':
$response = unserialize(base64_decode($_GET['opauth']));
break;
default:
throw new InvalidArgumentException("Unsupported callback transport.");
break;
}
if ($response === NULL) {
if (isset($_GET['_opauth_action'])) {
$action = explode('/', $_GET['_opauth_action']);
$this->opauth->action = $action[1];
}
$this->opauth->run();
}
if (array_key_exists('error', $response)) {
throw new InvalidStateException($response['error']['message']);
}
if (empty($response['auth']) || empty($response['timestamp']) || empty($response['signature']) || empty($response['auth']['provider']) || empty($response['auth']['uid'])) {
throw new InvalidStateException('Invalid auth response: Missing key auth response components');
} elseif (!$this->opauth->validate(sha1(print_r($response['auth'], true)), $response['timestamp'], $response['signature'], $reason)) {
throw new InvalidStateException('Invalid auth response: ' . $reason);
}
$ret = new LoginProviderEntity($response['auth']['uid'], static::getType());
$this->fillLoginEntity($ret, $response['auth']['raw']);
return $ret;
}
/**
* Call
*
* @return bool|void
*/
public function call()
{
$options = $this->injectors;
$app = $this->app;
$that = $this;
$callback = function ($req, $res, $next) use($that, $app, $options) {
$opauth = new OPAuthService($options, false);
$response = unserialize(base64_decode($app->input->data('opauth')));
$reason = null;
$auth = false;
if (isset($response['error'])) {
$reason = $response['error'];
} else {
if (empty($response['auth']) || empty($response['timestamp']) || empty($response['signature']) || empty($response['auth']['provider']) || empty($response['auth']['uid'])) {
$reason = 'Missing key auth response components';
} elseif (!$opauth->validate(sha1(print_r($response['auth'], true)), $response['timestamp'], $response['signature'], $_reason)) {
$reason = $_reason;
} else {
$auth = $response['auth'];
}
}
$req->auth = $auth;
$req->auth_error = $reason;
$next();
};
$init = function ($req, $res, $next) use($options) {
if (isset($options['Strategy'][$req->params['strategy']])) {
new OPAuthService($options);
} else {
$next();
}
};
// Register url routes
$app->post($options['callback_url'], $callback, $options['callback']);
$app->get($options['login_url'] . '/:strategy', $init);
$app->all($options['login_url'] . '/:strategy/:return', $init);
$this->next();
}
public function action_callback()
{
$_opauth = new Opauth($this->_config, false);
switch ($_opauth->env['callback_transport']) {
case 'session':
session_start();
$response = $_SESSION['opauth'];
$s = var_export($_SESSION, true);
unset($_SESSION['opauth']);
break;
}
if (array_key_exists('error', $response)) {
return $this->login_failed();
} else {
if (empty($response['auth']) || empty($response['timestamp']) || empty($response['signature']) || empty($response['auth']['provider']) || empty($response['auth']['uid'])) {
return $this->login_failed();
} elseif (!$_opauth->validate(sha1(print_r($response['auth'], true)), $response['timestamp'], $response['signature'], $reason)) {
return $this->login_failed();
} else {
return $this->opauth_login($response);
}
}
}
/**
* @param string|null $strategy
* @return IOpauthIdentity
* @throws InvalidArgumentException
* @throws InvalidLoginException
*/
public function callback($strategy)
{
if ($strategy === NULL) {
throw new InvalidLoginException('No auth response. Probably user cancelled the process.');
}
if ($this->isFakeStrategy($strategy)) {
if ($this->config['debug'] != true) {
throw new InvalidLoginException("Fake login available only in debug mode!");
}
return $this->createIdentity(array('uid' => "123123123", 'info' => array('name' => "Chuck Norris", 'image' => "http://placekitten.com/465/465"), 'raw' => array('link' => "http://www.google.com/search?q=chuck+norris", 'email' => "*****@*****.**", 'given_name' => "Chuck", 'family_name' => "Norris"), 'provider' => 'Google'));
}
$Opauth = new \Opauth($this->config, false);
$response = null;
switch ($Opauth->env['callback_transport']) {
case 'session':
$response = $_SESSION['opauth'];
unset($_SESSION['opauth']);
break;
case 'post':
$response = unserialize(base64_decode($_POST['opauth']));
break;
case 'get':
$response = unserialize(base64_decode($_GET['opauth']));
break;
default:
throw new InvalidArgumentException("Unsupported callback transport.");
break;
}
if (array_key_exists('error', $response)) {
throw new InvalidLoginException($response['error']['message']);
}
if (empty($response['auth']) || empty($response['timestamp']) || empty($response['signature']) || empty($response['auth']['provider']) || empty($response['auth']['uid'])) {
throw new InvalidLoginException('Invalid auth response: Missing key auth response components');
} elseif (!$Opauth->validate(sha1(print_r($response['auth'], true)), $response['timestamp'], $response['signature'], $reason)) {
throw new InvalidLoginException('Invalid auth response: ' . $reason);
}
\Nette\Diagnostics\Debugger::barDump($response['auth'], 'authInfo');
return $this->createIdentity($response['auth']);
}
/**
* Callback action. Redirected after auth
*/
public function callbackAction()
{
$response = null;
try {
$opauth = new Opauth($this->_opauthConfig, false);
if (isset($opauth->env['callback_transport']) && $opauth->env['callback_transport'] == 'session') {
if (isset($_SESSION['opauth'])) {
$response = $_SESSION['opauth'];
unset($_SESSION['opauth']);
/**
* Check if it's an error callback
*/
if (array_key_exists('error', $response)) {
throw new Zend_Controller_Action_Exception('Opauth returns error auth response');
} else {
if (empty($response['auth']) || empty($response['timestamp']) || empty($response['signature']) || empty($response['auth']['provider']) || empty($response['auth']['uid'])) {
throw new Zend_Controller_Action_Exception('Invalid auth response: Missing key auth response components.');
} elseif (!$opauth->validate(sha1(print_r($response['auth'], true)), $response['timestamp'], $response['signature'], $reason)) {
//Auth response validation error
throw new Zend_Controller_Action_Exception('Invalid auth response: ' . $reason);
} else {
//Auth Ok!
$this->_oauthLogin($response);
}
}
} else {
throw new Zend_Controller_Action_Exception('Auth session is empty.');
}
} else {
throw new Zend_Controller_Action_Exception('Incorrect callback transport.');
}
} catch (Exception $ex) {
//Display error and redirect to login page
$this->_flashMessenger->addMessage($ex->getMessage());
$this->_helper->redirector->gotoRoute(array(), 'login');
}
}
/**
* Authentication callback
*
* This method handles the `final` callback from Opauth
* to verify the response, handle errors and pass handling
* of user profile to the Provider class.
*
* @since 1.0
*/
public function callback()
{
// Create a new Opauth instance without triggering authentication
$opauth = new Opauth($this->config, false);
try {
// only GET/POST supported
switch ($opauth->env['callback_transport']) {
case 'post':
$response = maybe_unserialize(base64_decode($_POST['opauth']));
break;
case 'get':
$response = maybe_unserialize(base64_decode($_GET['opauth']));
break;
default:
throw new Exception('Opauth unsupported transport callback');
}
$validation_reason = null;
// check for error response
if (array_key_exists('error', $response)) {
throw new Exception('Response error');
} elseif (empty($response['auth']) || empty($response['timestamp']) || empty($response['signature']) || empty($response['auth']['provider']) || empty($response['auth']['uid'])) {
// ensure required data
throw new Exception('Invalid auth response - missing required components');
} elseif (!$opauth->validate(sha1(print_r($response['auth'], true)), $response['timestamp'], $response['signature'], $validation_reason)) {
// validate response has not been modified
throw new Exception(sprintf('Invalid auth response - %s', $validation_reason));
}
} catch (Exception $e) {
// log error messages and response data
$GLOBALS['wc_social_login']->log(sprintf('Error: %s, Response: %s', $e->getMessage(), print_r($response, true)));
$this->redirect('error');
}
// valid response, get provider
$provider = $GLOBALS['wc_social_login']->get_provider(strtolower($response['auth']['provider']));
$profile = new WC_Social_Login_Provider_Profile($response['auth']);
// Let the provider handle processing user profile and logging in
$user_id = $provider->process_profile($profile);
// Redirect back to where we came from
$this->redirect(null, $user_id);
}
/**
* Assign opauth expected route params then run.
*/
public function run()
{
$this->env['params'][0] = Request::$current->param('strategy');
$this->env['params'][1] = Request::$current->param('callback');
parent::run();
}
*/
define('CONF_FILE', dirname(__FILE__) . '/' . 'opauth.conf.php');
define('OPAUTH_LIB_DIR', dirname(dirname(__FILE__)) . '/lib/Opauth/');
/**
* Load config
*/
if (!file_exists(CONF_FILE)) {
trigger_error('Config file missing at ' . CONF_FILE, E_USER_ERROR);
exit;
}
require CONF_FILE;
/**
* Instantiate Opauth with the loaded config but not run automatically
*/
require OPAUTH_LIB_DIR . 'Opauth.php';
$Opauth = new Opauth($config, false);
/**
* Fetch auth response, based on transport configuration for callback
*/
$response = null;
switch ($Opauth->env['callback_transport']) {
case 'session':
session_start();
$response = $_SESSION['opauth'];
unset($_SESSION['opauth']);
break;
case 'post':
$response = unserialize(base64_decode($_POST['opauth']));
break;
case 'get':
$response = unserialize(base64_decode($_GET['opauth']));
public function endpoint()
{
if ($this->Auth->user()) {
$this->set('redirect_to', array('plugin' => null, 'controller' => 'users', 'action' => 'linked'));
} else {
$this->set('redirect_to', array('plugin' => null, 'controller' => 'users', 'action' => 'login'));
}
$Opauth = new Opauth(Configure::read('Opauth'), false);
/**
* Fetch auth response, based on transport configuration for callback
*/
$response = null;
switch ($Opauth->env['callback_transport']) {
case 'session':
$response = $_SESSION['opauth'];
unset($_SESSION['opauth']);
break;
case 'post':
$response = unserialize(base64_decode($_POST['opauth']));
break;
case 'get':
$response = unserialize(base64_decode($_GET['opauth']));
break;
default:
$this->Session->setFlash('Unsupported callback_transport.', 'flash', array('type' => 'error'));
return $this->render('endpoint');
break;
}
/**
* Check if it's an error callback
*/
if (array_key_exists('error', $response)) {
$this->Session->setFlash('Authentication error: Opauth returns error auth response.', 'flash', array('type' => 'error'));
} else {
if (empty($response['auth']) || empty($response['timestamp']) || empty($response['signature']) || empty($response['auth']['provider']) || empty($response['auth']['uid'])) {
$this->Session->setFlash('Invalid auth response: Missing key auth response components.', 'flash', array('type' => 'error'));
} elseif (!$Opauth->validate(sha1(print_r($response['auth'], true)), $response['timestamp'], $response['signature'], $reason)) {
$this->Session->setFlash(sprintf('Invalid auth response: %s', $reason), 'flash', array('type' => 'error'));
} else {
/**
* It's all good. Go ahead with your application-specific authentication logic
*/
if (!$this->Auth->user()) {
$auth = $this->User->Authentication->find('first', array('conditions' => array('Authentication.provider' => $response['auth']['provider'], 'Authentication.identifier' => $response['auth']['uid']), 'contain' => array('User')));
if (!empty($auth)) {
$this->Auth->login($auth['User']);
$this->set('redirect_to', array('plugin' => null, 'controller' => 'users', 'action' => 'play', 'demo'));
} else {
if (($id = $this->User->register($response, User::REGISTER_SOCIAL)) != false) {
$auth = $this->User->find('first', array('conditions' => array('User.id' => $id)));
$this->Auth->login($auth['User']);
$this->set('redirect_to', array('plugin' => null, 'controller' => 'users', 'action' => 'play', 'demo'));
} else {
$this->set('redirect_to', array('plugin' => null, 'controller' => 'users', 'action' => 'login'));
}
}
} else {
if (!$this->User->Authentication->hasAny(array('Authentication.user_id' => $this->Auth->user('id'), 'Authentication.provider' => $response['auth']['provider']))) {
$data = array('Authentication' => array('user_id' => $this->Auth->user('id'), 'provider' => $response['auth']['provider'], 'identifier' => $response['auth']['uid'], 'email' => $data['auth']['info']['email'], 'display_name' => $data['auth']['info']['name'], 'avatar' => $data['auth']['info']['image']));
$this->User->Authentication->create();
if ($this->User->Authentication->save($data)) {
$this->Session->setFlash('Social linked succesfully', 'flash', array('type' => 'success'));
}
} else {
$this->Session->setFlash('Social was linked already', 'flash', array('type' => 'error'));
}
}
}
}
}
