Exemple #1
0
 public function execute($api_key, $callback_url, $params)
 {
     $admin_client = RingsideSocialUtils::getAdminClient();
     // TODO: SECURITY: Possibly security hole. We're signing and giving the signed payload to any URL, just by using the API key, which is public. A 3rd-party could hijack the signed payload and implement an offline brute force attack on the secret key
     $app_props = $admin_client->admin_getAppProperties("application_id,application_name,api_key,secret_key,callback_url", null, null, $api_key);
     // From RingsideSocialServerRender:
     // Recreate Session if we have it
     if (array_key_exists('social_session_key', $params)) {
         $session_key = $params['social_session_key'];
         $network_session = new RingsideSocialSession($session_key);
         $uid = $network_session->getUserId();
         if (null == $uid || strlen($uid) == 0) {
             setcookie('social_session_key', $network_session->getSessionKey());
             $uid = $_REQUEST['uid'];
             $network_session->setUserId($uid);
             $network_session->setLoggedIn(true);
         }
     } else {
         if (isset($_COOKIE['PHPSESSID'])) {
             // Optimization if user is already logged into web front-end
             $network_session = new RingsideSocialSession($_COOKIE['PHPSESSID']);
             $uid = $network_session->getUserId();
         } else {
             // Not logged in, so login via annonymous user
             $trust = new RingsideSocialApiTrust($request);
             $network_session = $trust->getAnonymousSession();
         }
     }
     $ctx = self::buildCallContext($api_key, $network_session);
     $sig_params = $ctx->getParameters($app_props['secret_key']);
     $req_params = array_merge($params, $sig_params);
     //		error_log("Ajax Proxy to $callback_url with params:".var_export($req_params, true));
     $result = RingsideSocialUtils::get_request($callback_url, $req_params, $headers);
     echo str_replace('+', '+', $result);
 }
 public function execute()
 {
     // TODO: This ONLY will work if API and Social tiers are co-located!
     $response = array();
     // Finish the API session, because we need to start a social session
     session_regenerate_id(true);
     $_SESSION = array();
     $network_session = new RingsideSocialSession();
     $rest = RingsideSocialUtils::getAdminClient();
     $session_key = $rest->auth_createAppSession($this->uid, RingsideSocialConfig::$apiKey, false);
     $network_session->addApiSessionKey(RingsideSocialConfig::$apiKey, $session_key);
     $network_session->setNetwork($this->user_network_key);
     //$network_session->addApiSessionKey($apiKey, $session_key);
     $network_session->setUserId($this->uid);
     // TODO: Do user identity mapping right now
     //$network_session->setPrincipalId($pid);
     //$network_session->setTrust($trust_key);
     //$network_session->setCallbackUrl($social_callback);
     $network_session->setLoggedIn(true);
     $response[self::RESPONSE_SOCIAL_SESSION]['session_id'] = $network_session->getSessionKey();
     $response[self::RESPONSE_SOCIAL_SESSION]['initial_expiry'] = $network_session->getExpiry();
     session_write_close();
     return $response;
 }
Exemple #3
0
 /**
  * Returns an array of all app fbml blocks
  * formatted for display.
  * $location enum(narrow|wide) indicates the style to be used when fbml is returned
  * $arryExcludeAppNames is an array of app names which should not appear in the list
  * 
  */
 function getAllFormattedHtmlForUserOpenSocialApps($location = "narrow", $arryExcludeAppNames = null)
 {
     $userAppList = Api_Bo_App::getApplicationListByUserId($this->uid);
     $this->debug("******************** DUMPING OS userAppList for {$this->uid}" . " which is " . count($userAppList) . " apps");
     $aggregateFbml = "";
     $fbmlArry = array();
     if (!empty($userAppList)) {
         foreach ($userAppList as $index => $appInfo1) {
             $appInfo = $appInfo1['RingsideApp'];
             $this->debug("Processing " . $appInfo['name'] . " " . $appInfo['app_id']);
             $this->debug("{$appInfo1}=" . var_export($appInfo1, true));
             //$returnedFbml=$this->getFbmlForApp($appInfo1['app_id'],$this->uid);
             $app_id = $appInfo1['app_id'];
             $app_name = $appInfo['name'];
             $enabled = true;
             // Don't show this app if it is not open social
             if ($appInfo['canvas_type'] != 2) {
                 $enabled = false;
                 $this->debug("{$app_name} rejected as not open social.");
             }
             if ($enabled) {
                 //$app_appBlock=$this->getFormatedFbmlFromAppName($app_name,$location,true,$returnedFbml);
                 //$fbmlArry=array_merge($fbmlArry,$app_appBlock);
                 $block = array("<div id='app-{$app_name}-header' class='wide_app_header'> ");
                 $block[] = $app_name;
                 //$block[]="<div style='float: right;' ><form id='formmove' name='formmove'  method='post' ><input name='action' type='hidden' value='saveColChange'/><input name='appname' type='hidden' value='$app_name'/><a onClick='form.submit();' href=''> [move] </a></form></div>";
                 $block[] = "</div>";
                 $frameParams = $_REQUEST;
                 $callbackQuery = http_build_query($frameParams);
                 $owner_id = $_REQUEST['id'];
                 if ($owner_id == '') {
                     $owner_id = $this->uid;
                 }
                 // Get api_key
                 $keyService = Api_ServiceFactory::create('KeyService');
                 $domainService = Api_ServiceFactory::create('DomainService');
                 $domainId = $domainService->getNativeIdByName('Ringside');
                 $app_keysArray = $keyService->getKeyset($app_id, $domainId);
                 $app_keys = $app_keysArray;
                 /*
                 		      	 $app_keysArray=Api_Bo_App::getUsersAppKeys($this->uid,$app_id);
                 		      	 $app_keys=$app_keysArray[0];
                 		      	 $this->debug(var_export($app_keysArray,true));
                 		      	 foreach($app_keysArray as $testApp_keys){
                 		      	 	if($testApp_keys['network_id']==$socialApiKey){
                 		      	 		$app_keys=$testApp_keys;
                 		      	 	}
                 		      	 }
                 		      	 $app_keys=$app_keysArray[0];
                 */
                 $this->debug("{$app_keys}=" . var_export($app_keys, true));
                 $social_session = new RingsideSocialSession();
                 $social_session->addApiSessionKey($app_keys['api_key'], $app_keys['secret']);
                 $this->debug("Building Social Session with " . $app_keys['api_key'] . " and " . $app_keys['secret']);
                 $osGadgetUrl = RingsideSocialConfig::$socialRoot . '/gadgets/ifr?view=profile&synd=ringside&fb_sig_api_key=' . $app_keys['api_key'] . '&fb_sig_owner_id=' . $owner_id . '&url=' . urlencode($appInfo['callback_url']) . '&social_session_key=' . $social_session->getSessionKey();
                 $this->debug("osGadgetUrl= {$osGadgetUrl}");
                 $block[] = '<iframe src="' . $osGadgetUrl . '" height="400" width="450"></iframe>';
                 $fbmlArry = array_merge($fbmlArry, $block);
             }
         }
     }
     return $fbmlArry;
 }
 public function execute($params)
 {
     $this->debug('Entering');
     $this->debugVar($params);
     $network_session = null;
     /*
     		foreach($params as $k => $v)
     		{
     			error_log("RingsideSocialServerRender: $k=$v");
     		}
     */
     // Recreate Session if we have it
     error_log("Parameters for widget render are: " . var_export($params, true));
     error_log("PHPSESSID=" . (isset($_COOKIE['PHPSESSID']) ? $_COOKIE['PHPSESSID'] : '<empty>'));
     if (array_key_exists('social_session_key', $params)) {
         $session_key = $params['social_session_key'];
         $network_session = new RingsideSocialSession($session_key);
         $uid = $network_session->getUserId();
         if (null == $uid || strlen($uid) == 0) {
             setcookie('social_session_key', $network_session->getSessionKey());
             $uid = $network_session->getUserId();
             if (isset($_REQUEST['uid'])) {
                 // TODO: SECURITY: I don't think we should just be able to override the uid.
                 $uid = $_REQUEST['uid'];
                 // TODO: SECURITY: This shouldn't be a valid way to log in.
                 $network_session->setUserId($uid);
                 $network_session->setLoggedIn(true);
             }
         }
     } else {
         if (isset($_COOKIE['PHPSESSID'])) {
             // Optimization if user is already logged into web front-end
             $network_session = new RingsideSocialSession($_COOKIE['PHPSESSID']);
             error_log("PHPSESSID says session is as follows: " . var_export($network_session, true));
             $uid = $network_session->getUserId();
             if (!isset($uid)) {
                 // The user has a network session but is not logged in
                 // Run as an anonymous user
                 $trust = new RingsideSocialApiTrust($_REQUEST);
                 $network_session = $trust->getAnonymousSession();
             }
         } else {
             // Not logged in, so login via annonymous user
             $trust = new RingsideSocialApiTrust($_REQUEST);
             $network_session = $trust->getAnonymousSession();
         }
     }
     $api_session_key = $network_session->getApiSessionKey($params['api_key']);
     if (null == $api_session_key) {
         $rest = RingsideSocialUtils::getAdminClient();
         $app_props = $rest->admin_getAppProperties(array('secret_key'), null, null, $params['api_key'], $network_session->getNetwork());
         error_log("Adding API key for " . $params['api_key'] . " to social session for user " . $network_session->getUserID());
         RingsideSocialUtils::getApiSessionKey($params['api_key'], $app_props['secret_key'], $network_session);
     } else {
         error_log("Using API session key {$api_session_key} for user " . $network_session->getUserID());
     }
     if (array_key_exists('method', $params)) {
         $method = $params['method'];
         if (strcasecmp($method, 'fbml') == 0 && array_key_exists('fbml', $params)) {
             $fbml = $params['fbml'];
             //error_log("fbml: $fbml");
             $render = new RingsideSocialApiRenderFBML($params);
             $result = $render->render($network_session, $fbml);
             //error_log("content: ".$result['content']);
             return isset($result['content']) ? $result['content'] : $result['error'];
         } else {
             if (strcasecmp($method, 'app') == 0) {
                 $social = new RingsideSocialClientLocal(RingsideWebConfig::$networkKey, null, $network_session->getSessionKey());
                 $inSession = $social->inSession();
                 error_log("User " . ($inSession ? 'is' : 'is not') . " in session");
                 if ($inSession) {
                     $path = '';
                     if (array_key_exists('path', $params)) {
                         $path = $params['path'];
                     }
                     $view = 'canvas';
                     if (array_key_exists('view', $params)) {
                         $view = $params['view'];
                     }
                     //error_log("About to render: ".$params['app']." view: $view, path: $path");
                     $rest = RingsideSocialUtils::getAdminClient();
                     $app_props = $rest->admin_getAppProperties(array('application_id', 'canvas_url'), null, null, $params['api_key'], null, $network_session->getNetwork());
                     $domain_props = $rest->admin_getDomainProperties(array('resize_url'), null, $network_session->getNetwork());
                     $content = $social->render($view, $app_props['application_id'], $app_props['canvas_url'], $path);
                     // TODO: Is this where error reporting should happen?
                     //error_log("content: $content");
                     if (isset($domain_props['resize_url'])) {
                         $content = "<html><head><script type=\"text/javascript\">\n      function resizeIframe(id) {\n        var iframe = document.getElementById( 'xdiframe' );\n        var wrapper = document.getElementById( 'wrapper' );\n        var height = Math.max( document.body.offsetHeight, document.body.scrollHeight );\n        var width = Math.max( document.body.offsetWidth, document.body.scrollWidth );\n        iframe.src = '{$domain_props['resize_url']}?height='+height+'&width='+width+'&id='+id;\n      }\n</script></head><body onload=\"resizeIframe('if_" . $params['api_key'] . "');\">" . $content . "<iframe id='xdiframe' width='1' height='1' frameborder='0'/></body></html>";
                     }
                     return $content;
                 } else {
                     echo "<error>User not Logged in!</error>";
                 }
             }
         }
     } else {
         error_log("No method specified for render request");
     }
 }
 /**
  * Re-routes an api request to another network. If trust.php is used as a rest server URL
  * and a path info is provided such that the request looks like the one below:
  * 
  *        http://localhost/trust.php/facebook/footprints/restserver.php 
  *            or
  *        http://localhost/trust.php/{network}/{canvas url}/{restserver path}
  *  
  * Attempts to remap and resign the api call using the app's secret on the new network
  * and then to change the uid to the equivelent uid on the forgin network.
  * 
  * The api call is then re-signed and issued and the response is returned.
  * 
  * @param unknown_type $params
  */
 private static function proxy_app_request(&$params)
 {
     $matches = array();
     // All these special cases are to ensure we aren't adding an additional "/" character to the URL.
     preg_match(',^/([^/]*)/([^/]*)(/?.*)$,', $_SERVER['PATH_INFO'], $matches);
     $network_key = $matches[1];
     $canvas_url = $matches[2];
     $rest = $matches[3];
     if ($rest == '') {
         $rest = '/';
     }
     if ($network_key != RingsideSocialConfig::$apiKey) {
         $skey = isset($_REQUEST['fb_sig_session_key']) ? $_REQUEST['fb_sig_session_key'] : '';
         $apiKey = isset($_REQUEST['fb_sig_api_key']) ? $_REQUEST['fb_sig_api_key'] : '';
         $ringside_rest = self::createRestClient($params['fb_sig_session_key']);
         $admin_rest = RingsideSocialUtils::getAdminClient();
         $props = $admin_rest->admin_getAppProperties("application_id,application_name,api_key,secret_key,callback_url", null, $canvas_url, NULL);
         $network_app_props = $admin_rest->admin_getAppKeys(null, null, $props['api_key']);
         $network_api_key = $props['api_key'];
         $network_secret = $props['secret_key'];
         self::getApiKeyAndSecretForNetwork($network_key, $network_app_props, $network_api_key, $network_secret);
         $network_session = new RingsideSocialSession($params['fb_sig_session_key']);
         $idmaps = $ringside_rest->users_mapToPrincipal(array($params['fb_sig_user']), $network_key, $props['application_id']);
         // Create openFB request. These are just overrides for the original request.
         $has_fb_sig = isset($params['fb_sig']);
         $cbReq = array();
         // We can't append fb_sig unless Facebook has already passed fb_sig; this would prevent the app's client from creating a session during login
         if ($has_fb_sig) {
             if (isset($params['fb_sig_nuser'])) {
                 // Since we're proxying a request, do NOT forward the user mapping!
                 unset($params['fb_sig_nuser']);
             }
             $cbReq['fb_sig_flavor'] = 'canvas';
             //				      $cbReq['fb_sig_in_iframe'] = 0;
             $cbReq['fb_sig_nid'] = $network_key;
             // The social session key needs to be for _this_ social session!
             $cbReq['fb_sig_soc_session_key'] = $network_session->getSessionKey();
             if (!empty($idmaps) && isset($idmaps[0]) && $idmaps[0] !== null) {
                 $cbReq['fb_sig_nuser'] = $idmaps[0]['pid'];
             }
         }
         // error_log("cbReq social session key is {$cbReq['fb_sig_soc_session_key']}; params is $fb_sig_soc_session_key");
         // TODO: Set up social session key for trust-based proxy
         // $cbReq['fb_sig_soc_session_key'] = ;
         $req_params = array_merge($params, $cbReq);
         error_log("Invoking {$canvas_url} with params: " . var_export($req_params, true));
         // Now, we need to re-sign the parameters, since we've added the "nid" and "nuser" fb_sig params
         if ($has_fb_sig) {
             unset($req_params['fb_sig']);
             $sig = RingsideSocialUtils::makeSig($req_params, $network_secret, 'fb_sig');
             $req_params['fb_sig'] = $sig;
         }
         //					error_log("Logged in user is principal ".$pids[0]);
         //					error_log("Proxying to app callback URL ".$props['callback_url']);
         $headers = array();
         $callback_url = self::safe_append_url($props['callback_url'], $rest);
         $result = RingsideSocialUtils::get_request($callback_url, $req_params, $headers);
         //					error_log("Result: $result");
         if (isset($headers['location'])) {
             $proxy_redir_url = self::buildProxyUrl($props['callback_url'], $headers['location']);
             error_log("Proxying for redirect to {$proxy_redir_url}");
             // Build the remote network's callback_url
             // We'll redirect _within_ the frame (the commented-out script will redirect the _top_ of the frame
             if (isset($params['fb_sig_in_iframe']) && 0 != $params['fb_sig_in_iframe']) {
                 //							RingsideWebUtils::redirect($headers['location']);
                 $apps_url = RingsideApiClientsConfig::$webUrl . '/canvas.php';
                 if ($nid == 'facebook') {
                     $apps_url = 'http://apps.facebook.com/';
                 }
                 //							$real_location = self::buildProxyUrl($props['callback_url'], $headers['location']);
                 //							echo "<script>top.location.href='".$real_location."';</script>";
                 RingsideWebUtils::redirect($proxy_redir_url);
             } else {
                 //							$real_location = self::buildProxyUrl($props['callback_url'], $headers['location']);
                 if (isset($params['fb_sig_in_canvas']) && 0 != $params['fb_sig_in_canvas']) {
                     echo "<fb:redirect url='{$proxy_redir_url}'/>";
                 } else {
                     RingsideWebUtils::redirect($proxy_redir_url);
                 }
             }
             return;
         }
         echo $result;
         return;
     }
     // Map network user to principal
     // Rewrite fb_sig
     // Proxy to callback_url
     echo '<ERROR>Unknown Callback_Url!</ERROR>';
 }
Exemple #6
0
?>
<br/>
<label>Trust:</label><?php 
echo $network_session->getTrust();
?>
<br/>
<label>Expiry:</label><?php 
echo $network_session->getExpiry();
?>
<br/>
<label>Network:</label><?php 
echo $network_session->getNetwork();
?>
<br/>
<label>Session Key:</label><?php 
echo $network_session->getSessionKey();
?>
<br/>
<label>Callback:</label><?php 
echo $network_session->getCallbackUrl();
?>
<br/>
<label>Logged In?:</label><?php 
echo $network_session->isLoggedIn();
?>
<br/>
<label>Keys:</label><?php 
echo $network_session;
?>
<br/>
 /**
  * Authorize the user against the api_key, app_id, or canvas_url
  *
  * This produces a SocialSession Object.
  *
  * Possible Params:
  * network_key
  * trust_key
  * api_key
  * canvas_url
  * auth_token
  * social_callback
  */
 public function authorize()
 {
     $network_session = null;
     $network_key = $this->getParam('network_key');
     $auth_token = $this->getParam('auth_token');
     $social_callback = $this->getParam('social_callback');
     $api_key = $this->getParam('api_key');
     $canvas_url = $this->getParam('canvas_url');
     $user_name = $this->getParam('user_name');
     $trust_key = $this->getParam('trust_key');
     if (!isset($trust_key)) {
         $trust_key = $socialApiKey;
     }
     $result = $this->getAppProperties();
     if ($result) {
         $callback = isset($result['callback_url']) ? $result['callback_url'] : '';
         $apiKey = isset($result['api_key']) ? $result['api_key'] : '';
         $apiSecret = isset($result['secret_key']) ? $result['secret_key'] : '';
         if (!isset($social_callback)) {
             $social_callback = $callback;
         }
         try {
             if (isset($apiKey) && isset($apiSecret)) {
                 $auth_url = $this->getAuthUrl($trust_key);
                 $fb = new RingsideApiClients($apiKey, $apiSecret, null, $auth_url);
                 //public function __construct($api_key, $secret, $session_key = null, $url = null) {
                 $result = $fb->do_get_session($auth_token);
                 $session_key = $fb->api_client->session_key;
                 $uid = $fb->api_client->users_getLoggedInUser();
                 $pids = $fb->api_client->users_mapToSubject(array($uid), $network_key, $result['application_id']);
                 //					RingsideSocialDbPrincipal::getPrincipalForSubject($uid, $network_key, $user_name, $trust_key);
                 //if ( isset($pids) ) {
                 // getPrincipalForSubject accepts and returns multiple IDs
                 $pid = 0;
                 if (isset($pids)) {
                     $pid = $pids[0];
                 }
                 // bool setcookie ( string $name [, string $value [, int $expire [, string $path [, string $domain [, bool $secure [, bool $httponly ]]]]]] )
                 $network_session = new RingsideSocialSession();
                 $network_session->setNetwork($network_key);
                 $network_session->addApiSessionKey($apiKey, $session_key);
                 $network_session->setUserId($uid);
                 $network_session->setPrincipalId($pid);
                 $network_session->setTrust($trust_key);
                 $network_session->setCallbackUrl($social_callback);
                 $network_session->setLoggedIn(true);
                 $context = $this->getContext($fb->api_client, $network_session);
                 if (strrpos($social_callback, '?') == 0) {
                     return $social_callback . '?' . $context;
                 } else {
                     return $social_callback . '&' . $context;
                 }
                 //} else {
                 //	$this->error = "Unable to set Principle!";
                 //}
             }
         } catch (Exception $exception) {
             error_log("Exception : " . $exception->getMessage() . "\n" . $exception->getTraceAsString());
             $this->error = "Exception : " . $exception->getMessage() . "\n" . $exception->getTraceAsString();
         }
     }
     if (!isset($network_session)) {
         error_log("Application with api_key: {$api_key} or canvas_url: {$canvas_url} not found!  Creating session and redirecting to {$social_callback}!");
         $network_session = new RingsideSocialSession(null);
         $network_session->setNetwork($network_key);
         $network_session->setTrust($trust_key);
         $network_session->setCallbackUrl($social_callback);
         if (strrpos($social_callback, '?') == 0) {
             return $social_callback . "?social_session_key=" . $network_session->getSessionKey();
         } else {
             return $social_callback . "?social_session_key=" . $network_session->getSessionKey();
         }
     }
 }