public function execute($api_key, $callback_url, $params)
{
$admin_client = RingsideSocialUtils::getAdminClient();
// TODO: SECURITY: Possibly security hole. We're signing and giving the signed payload to any URL, just by using the API key, which is public. A 3rd-party could hijack the signed payload and implement an offline brute force attack on the secret key
$app_props = $admin_client->admin_getAppProperties("application_id,application_name,api_key,secret_key,callback_url", null, null, $api_key);
// From RingsideSocialServerRender:
// Recreate Session if we have it
if (array_key_exists('social_session_key', $params)) {
$session_key = $params['social_session_key'];
$network_session = new RingsideSocialSession($session_key);
$uid = $network_session->getUserId();
if (null == $uid || strlen($uid) == 0) {
setcookie('social_session_key', $network_session->getSessionKey());
$uid = $_REQUEST['uid'];
$network_session->setUserId($uid);
$network_session->setLoggedIn(true);
}
} else {
if (isset($_COOKIE['PHPSESSID'])) {
// Optimization if user is already logged into web front-end
$network_session = new RingsideSocialSession($_COOKIE['PHPSESSID']);
$uid = $network_session->getUserId();
} else {
// Not logged in, so login via annonymous user
$trust = new RingsideSocialApiTrust($request);
$network_session = $trust->getAnonymousSession();
}
}
$ctx = self::buildCallContext($api_key, $network_session);
$sig_params = $ctx->getParameters($app_props['secret_key']);
$req_params = array_merge($params, $sig_params);
// error_log("Ajax Proxy to $callback_url with params:".var_export($req_params, true));
$result = RingsideSocialUtils::get_request($callback_url, $req_params, $headers);
echo str_replace('+', '+', $result);
}
public function execute()
{
// TODO: This ONLY will work if API and Social tiers are co-located!
$response = array();
// Finish the API session, because we need to start a social session
session_regenerate_id(true);
$_SESSION = array();
$network_session = new RingsideSocialSession();
$rest = RingsideSocialUtils::getAdminClient();
$session_key = $rest->auth_createAppSession($this->uid, RingsideSocialConfig::$apiKey, false);
$network_session->addApiSessionKey(RingsideSocialConfig::$apiKey, $session_key);
$network_session->setNetwork($this->user_network_key);
//$network_session->addApiSessionKey($apiKey, $session_key);
$network_session->setUserId($this->uid);
// TODO: Do user identity mapping right now
//$network_session->setPrincipalId($pid);
//$network_session->setTrust($trust_key);
//$network_session->setCallbackUrl($social_callback);
$network_session->setLoggedIn(true);
$response[self::RESPONSE_SOCIAL_SESSION]['session_id'] = $network_session->getSessionKey();
$response[self::RESPONSE_SOCIAL_SESSION]['initial_expiry'] = $network_session->getExpiry();
session_write_close();
return $response;
}
/**
* Returns an array of all app fbml blocks
* formatted for display.
* $location enum(narrow|wide) indicates the style to be used when fbml is returned
* $arryExcludeAppNames is an array of app names which should not appear in the list
*
*/
function getAllFormattedHtmlForUserOpenSocialApps($location = "narrow", $arryExcludeAppNames = null)
{
$userAppList = Api_Bo_App::getApplicationListByUserId($this->uid);
$this->debug("******************** DUMPING OS userAppList for {$this->uid}" . " which is " . count($userAppList) . " apps");
$aggregateFbml = "";
$fbmlArry = array();
if (!empty($userAppList)) {
foreach ($userAppList as $index => $appInfo1) {
$appInfo = $appInfo1['RingsideApp'];
$this->debug("Processing " . $appInfo['name'] . " " . $appInfo['app_id']);
$this->debug("{$appInfo1}=" . var_export($appInfo1, true));
//$returnedFbml=$this->getFbmlForApp($appInfo1['app_id'],$this->uid);
$app_id = $appInfo1['app_id'];
$app_name = $appInfo['name'];
$enabled = true;
// Don't show this app if it is not open social
if ($appInfo['canvas_type'] != 2) {
$enabled = false;
$this->debug("{$app_name} rejected as not open social.");
}
if ($enabled) {
//$app_appBlock=$this->getFormatedFbmlFromAppName($app_name,$location,true,$returnedFbml);
//$fbmlArry=array_merge($fbmlArry,$app_appBlock);
$block = array("<div id='app-{$app_name}-header' class='wide_app_header'> ");
$block[] = $app_name;
//$block[]="<div style='float: right;' ><form id='formmove' name='formmove' method='post' ><input name='action' type='hidden' value='saveColChange'/><input name='appname' type='hidden' value='$app_name'/><a onClick='form.submit();' href=''> [move] </a></form></div>";
$block[] = "</div>";
$frameParams = $_REQUEST;
$callbackQuery = http_build_query($frameParams);
$owner_id = $_REQUEST['id'];
if ($owner_id == '') {
$owner_id = $this->uid;
}
// Get api_key
$keyService = Api_ServiceFactory::create('KeyService');
$domainService = Api_ServiceFactory::create('DomainService');
$domainId = $domainService->getNativeIdByName('Ringside');
$app_keysArray = $keyService->getKeyset($app_id, $domainId);
$app_keys = $app_keysArray;
/*
$app_keysArray=Api_Bo_App::getUsersAppKeys($this->uid,$app_id);
$app_keys=$app_keysArray[0];
$this->debug(var_export($app_keysArray,true));
foreach($app_keysArray as $testApp_keys){
if($testApp_keys['network_id']==$socialApiKey){
$app_keys=$testApp_keys;
}
}
$app_keys=$app_keysArray[0];
*/
$this->debug("{$app_keys}=" . var_export($app_keys, true));
$social_session = new RingsideSocialSession();
$social_session->addApiSessionKey($app_keys['api_key'], $app_keys['secret']);
$this->debug("Building Social Session with " . $app_keys['api_key'] . " and " . $app_keys['secret']);
$osGadgetUrl = RingsideSocialConfig::$socialRoot . '/gadgets/ifr?view=profile&synd=ringside&fb_sig_api_key=' . $app_keys['api_key'] . '&fb_sig_owner_id=' . $owner_id . '&url=' . urlencode($appInfo['callback_url']) . '&social_session_key=' . $social_session->getSessionKey();
$this->debug("osGadgetUrl= {$osGadgetUrl}");
$block[] = '<iframe src="' . $osGadgetUrl . '" height="400" width="450"></iframe>';
$fbmlArry = array_merge($fbmlArry, $block);
}
}
}
return $fbmlArry;
}
public function execute($params)
{
$this->debug('Entering');
$this->debugVar($params);
$network_session = null;
/*
foreach($params as $k => $v)
{
error_log("RingsideSocialServerRender: $k=$v");
}
*/
// Recreate Session if we have it
error_log("Parameters for widget render are: " . var_export($params, true));
error_log("PHPSESSID=" . (isset($_COOKIE['PHPSESSID']) ? $_COOKIE['PHPSESSID'] : '<empty>'));
if (array_key_exists('social_session_key', $params)) {
$session_key = $params['social_session_key'];
$network_session = new RingsideSocialSession($session_key);
$uid = $network_session->getUserId();
if (null == $uid || strlen($uid) == 0) {
setcookie('social_session_key', $network_session->getSessionKey());
$uid = $network_session->getUserId();
if (isset($_REQUEST['uid'])) {
// TODO: SECURITY: I don't think we should just be able to override the uid.
$uid = $_REQUEST['uid'];
// TODO: SECURITY: This shouldn't be a valid way to log in.
$network_session->setUserId($uid);
$network_session->setLoggedIn(true);
}
}
} else {
if (isset($_COOKIE['PHPSESSID'])) {
// Optimization if user is already logged into web front-end
$network_session = new RingsideSocialSession($_COOKIE['PHPSESSID']);
error_log("PHPSESSID says session is as follows: " . var_export($network_session, true));
$uid = $network_session->getUserId();
if (!isset($uid)) {
// The user has a network session but is not logged in
// Run as an anonymous user
$trust = new RingsideSocialApiTrust($_REQUEST);
$network_session = $trust->getAnonymousSession();
}
} else {
// Not logged in, so login via annonymous user
$trust = new RingsideSocialApiTrust($_REQUEST);
$network_session = $trust->getAnonymousSession();
}
}
$api_session_key = $network_session->getApiSessionKey($params['api_key']);
if (null == $api_session_key) {
$rest = RingsideSocialUtils::getAdminClient();
$app_props = $rest->admin_getAppProperties(array('secret_key'), null, null, $params['api_key'], $network_session->getNetwork());
error_log("Adding API key for " . $params['api_key'] . " to social session for user " . $network_session->getUserID());
RingsideSocialUtils::getApiSessionKey($params['api_key'], $app_props['secret_key'], $network_session);
} else {
error_log("Using API session key {$api_session_key} for user " . $network_session->getUserID());
}
if (array_key_exists('method', $params)) {
$method = $params['method'];
if (strcasecmp($method, 'fbml') == 0 && array_key_exists('fbml', $params)) {
$fbml = $params['fbml'];
//error_log("fbml: $fbml");
$render = new RingsideSocialApiRenderFBML($params);
$result = $render->render($network_session, $fbml);
//error_log("content: ".$result['content']);
return isset($result['content']) ? $result['content'] : $result['error'];
} else {
if (strcasecmp($method, 'app') == 0) {
$social = new RingsideSocialClientLocal(RingsideWebConfig::$networkKey, null, $network_session->getSessionKey());
$inSession = $social->inSession();
error_log("User " . ($inSession ? 'is' : 'is not') . " in session");
if ($inSession) {
$path = '';
if (array_key_exists('path', $params)) {
$path = $params['path'];
}
$view = 'canvas';
if (array_key_exists('view', $params)) {
$view = $params['view'];
}
//error_log("About to render: ".$params['app']." view: $view, path: $path");
$rest = RingsideSocialUtils::getAdminClient();
$app_props = $rest->admin_getAppProperties(array('application_id', 'canvas_url'), null, null, $params['api_key'], null, $network_session->getNetwork());
$domain_props = $rest->admin_getDomainProperties(array('resize_url'), null, $network_session->getNetwork());
$content = $social->render($view, $app_props['application_id'], $app_props['canvas_url'], $path);
// TODO: Is this where error reporting should happen?
//error_log("content: $content");
if (isset($domain_props['resize_url'])) {
$content = "<html><head><script type=\"text/javascript\">\n function resizeIframe(id) {\n var iframe = document.getElementById( 'xdiframe' );\n var wrapper = document.getElementById( 'wrapper' );\n var height = Math.max( document.body.offsetHeight, document.body.scrollHeight );\n var width = Math.max( document.body.offsetWidth, document.body.scrollWidth );\n iframe.src = '{$domain_props['resize_url']}?height='+height+'&width='+width+'&id='+id;\n }\n</script></head><body onload=\"resizeIframe('if_" . $params['api_key'] . "');\">" . $content . "<iframe id='xdiframe' width='1' height='1' frameborder='0'/></body></html>";
}
return $content;
} else {
echo "<error>User not Logged in!</error>";
}
}
}
} else {
error_log("No method specified for render request");
}
}
/**
* Re-routes an api request to another network. If trust.php is used as a rest server URL
* and a path info is provided such that the request looks like the one below:
*
* http://localhost/trust.php/facebook/footprints/restserver.php
* or
* http://localhost/trust.php/{network}/{canvas url}/{restserver path}
*
* Attempts to remap and resign the api call using the app's secret on the new network
* and then to change the uid to the equivelent uid on the forgin network.
*
* The api call is then re-signed and issued and the response is returned.
*
* @param unknown_type $params
*/
private static function proxy_app_request(&$params)
{
$matches = array();
// All these special cases are to ensure we aren't adding an additional "/" character to the URL.
preg_match(',^/([^/]*)/([^/]*)(/?.*)$,', $_SERVER['PATH_INFO'], $matches);
$network_key = $matches[1];
$canvas_url = $matches[2];
$rest = $matches[3];
if ($rest == '') {
$rest = '/';
}
if ($network_key != RingsideSocialConfig::$apiKey) {
$skey = isset($_REQUEST['fb_sig_session_key']) ? $_REQUEST['fb_sig_session_key'] : '';
$apiKey = isset($_REQUEST['fb_sig_api_key']) ? $_REQUEST['fb_sig_api_key'] : '';
$ringside_rest = self::createRestClient($params['fb_sig_session_key']);
$admin_rest = RingsideSocialUtils::getAdminClient();
$props = $admin_rest->admin_getAppProperties("application_id,application_name,api_key,secret_key,callback_url", null, $canvas_url, NULL);
$network_app_props = $admin_rest->admin_getAppKeys(null, null, $props['api_key']);
$network_api_key = $props['api_key'];
$network_secret = $props['secret_key'];
self::getApiKeyAndSecretForNetwork($network_key, $network_app_props, $network_api_key, $network_secret);
$network_session = new RingsideSocialSession($params['fb_sig_session_key']);
$idmaps = $ringside_rest->users_mapToPrincipal(array($params['fb_sig_user']), $network_key, $props['application_id']);
// Create openFB request. These are just overrides for the original request.
$has_fb_sig = isset($params['fb_sig']);
$cbReq = array();
// We can't append fb_sig unless Facebook has already passed fb_sig; this would prevent the app's client from creating a session during login
if ($has_fb_sig) {
if (isset($params['fb_sig_nuser'])) {
// Since we're proxying a request, do NOT forward the user mapping!
unset($params['fb_sig_nuser']);
}
$cbReq['fb_sig_flavor'] = 'canvas';
// $cbReq['fb_sig_in_iframe'] = 0;
$cbReq['fb_sig_nid'] = $network_key;
// The social session key needs to be for _this_ social session!
$cbReq['fb_sig_soc_session_key'] = $network_session->getSessionKey();
if (!empty($idmaps) && isset($idmaps[0]) && $idmaps[0] !== null) {
$cbReq['fb_sig_nuser'] = $idmaps[0]['pid'];
}
}
// error_log("cbReq social session key is {$cbReq['fb_sig_soc_session_key']}; params is $fb_sig_soc_session_key");
// TODO: Set up social session key for trust-based proxy
// $cbReq['fb_sig_soc_session_key'] = ;
$req_params = array_merge($params, $cbReq);
error_log("Invoking {$canvas_url} with params: " . var_export($req_params, true));
// Now, we need to re-sign the parameters, since we've added the "nid" and "nuser" fb_sig params
if ($has_fb_sig) {
unset($req_params['fb_sig']);
$sig = RingsideSocialUtils::makeSig($req_params, $network_secret, 'fb_sig');
$req_params['fb_sig'] = $sig;
}
// error_log("Logged in user is principal ".$pids[0]);
// error_log("Proxying to app callback URL ".$props['callback_url']);
$headers = array();
$callback_url = self::safe_append_url($props['callback_url'], $rest);
$result = RingsideSocialUtils::get_request($callback_url, $req_params, $headers);
// error_log("Result: $result");
if (isset($headers['location'])) {
$proxy_redir_url = self::buildProxyUrl($props['callback_url'], $headers['location']);
error_log("Proxying for redirect to {$proxy_redir_url}");
// Build the remote network's callback_url
// We'll redirect _within_ the frame (the commented-out script will redirect the _top_ of the frame
if (isset($params['fb_sig_in_iframe']) && 0 != $params['fb_sig_in_iframe']) {
// RingsideWebUtils::redirect($headers['location']);
$apps_url = RingsideApiClientsConfig::$webUrl . '/canvas.php';
if ($nid == 'facebook') {
$apps_url = 'http://apps.facebook.com/';
}
// $real_location = self::buildProxyUrl($props['callback_url'], $headers['location']);
// echo "<script>top.location.href='".$real_location."';</script>";
RingsideWebUtils::redirect($proxy_redir_url);
} else {
// $real_location = self::buildProxyUrl($props['callback_url'], $headers['location']);
if (isset($params['fb_sig_in_canvas']) && 0 != $params['fb_sig_in_canvas']) {
echo "<fb:redirect url='{$proxy_redir_url}'/>";
} else {
RingsideWebUtils::redirect($proxy_redir_url);
}
}
return;
}
echo $result;
return;
}
// Map network user to principal
// Rewrite fb_sig
// Proxy to callback_url
echo '<ERROR>Unknown Callback_Url!</ERROR>';
}
?> <br/> <label>Trust:</label><?php echo $network_session->getTrust(); ?> <br/> <label>Expiry:</label><?php echo $network_session->getExpiry(); ?> <br/> <label>Network:</label><?php echo $network_session->getNetwork(); ?> <br/> <label>Session Key:</label><?php echo $network_session->getSessionKey(); ?> <br/> <label>Callback:</label><?php echo $network_session->getCallbackUrl(); ?> <br/> <label>Logged In?:</label><?php echo $network_session->isLoggedIn(); ?> <br/> <label>Keys:</label><?php echo $network_session; ?> <br/>
/**
* Authorize the user against the api_key, app_id, or canvas_url
*
* This produces a SocialSession Object.
*
* Possible Params:
* network_key
* trust_key
* api_key
* canvas_url
* auth_token
* social_callback
*/
public function authorize()
{
$network_session = null;
$network_key = $this->getParam('network_key');
$auth_token = $this->getParam('auth_token');
$social_callback = $this->getParam('social_callback');
$api_key = $this->getParam('api_key');
$canvas_url = $this->getParam('canvas_url');
$user_name = $this->getParam('user_name');
$trust_key = $this->getParam('trust_key');
if (!isset($trust_key)) {
$trust_key = $socialApiKey;
}
$result = $this->getAppProperties();
if ($result) {
$callback = isset($result['callback_url']) ? $result['callback_url'] : '';
$apiKey = isset($result['api_key']) ? $result['api_key'] : '';
$apiSecret = isset($result['secret_key']) ? $result['secret_key'] : '';
if (!isset($social_callback)) {
$social_callback = $callback;
}
try {
if (isset($apiKey) && isset($apiSecret)) {
$auth_url = $this->getAuthUrl($trust_key);
$fb = new RingsideApiClients($apiKey, $apiSecret, null, $auth_url);
//public function __construct($api_key, $secret, $session_key = null, $url = null) {
$result = $fb->do_get_session($auth_token);
$session_key = $fb->api_client->session_key;
$uid = $fb->api_client->users_getLoggedInUser();
$pids = $fb->api_client->users_mapToSubject(array($uid), $network_key, $result['application_id']);
// RingsideSocialDbPrincipal::getPrincipalForSubject($uid, $network_key, $user_name, $trust_key);
//if ( isset($pids) ) {
// getPrincipalForSubject accepts and returns multiple IDs
$pid = 0;
if (isset($pids)) {
$pid = $pids[0];
}
// bool setcookie ( string $name [, string $value [, int $expire [, string $path [, string $domain [, bool $secure [, bool $httponly ]]]]]] )
$network_session = new RingsideSocialSession();
$network_session->setNetwork($network_key);
$network_session->addApiSessionKey($apiKey, $session_key);
$network_session->setUserId($uid);
$network_session->setPrincipalId($pid);
$network_session->setTrust($trust_key);
$network_session->setCallbackUrl($social_callback);
$network_session->setLoggedIn(true);
$context = $this->getContext($fb->api_client, $network_session);
if (strrpos($social_callback, '?') == 0) {
return $social_callback . '?' . $context;
} else {
return $social_callback . '&' . $context;
}
//} else {
// $this->error = "Unable to set Principle!";
//}
}
} catch (Exception $exception) {
error_log("Exception : " . $exception->getMessage() . "\n" . $exception->getTraceAsString());
$this->error = "Exception : " . $exception->getMessage() . "\n" . $exception->getTraceAsString();
}
}
if (!isset($network_session)) {
error_log("Application with api_key: {$api_key} or canvas_url: {$canvas_url} not found! Creating session and redirecting to {$social_callback}!");
$network_session = new RingsideSocialSession(null);
$network_session->setNetwork($network_key);
$network_session->setTrust($trust_key);
$network_session->setCallbackUrl($social_callback);
if (strrpos($social_callback, '?') == 0) {
return $social_callback . "?social_session_key=" . $network_session->getSessionKey();
} else {
return $social_callback . "?social_session_key=" . $network_session->getSessionKey();
}
}
}
