/** * Renders the fbml into text and returns it. * * @param RingsideSocialSession $network_session * @param unknown_type $fbmlText * @return unknown */ public function render(RingsideSocialSession $network_session, $fbmlText) { $response = array(); $error = null; // Exceptions are valid FBML and should be returned // to the end user. //try { $api_key = $this->getParam('api_key'); // build a Social Session to get the properties for the api key passed in $apiSessionKey = RingsideSocialUtils::getApiSessionKey(RingsideSocialConfig::$apiKey, RingsideSocialConfig::$secretKey, $network_session); $apiClientSocial = new RingsideApiClientsRest(RingsideSocialConfig::$apiKey, RingsideSocialConfig::$secretKey, $apiSessionKey); // Get the app properties $result = $apiClientSocial->admin_getAppProperties("application_id,application_name,api_key,secret_key,callback_url", null, null, $api_key); $secret = $result['secret_key']; $app_id = $result['application_id']; // Now create the real session for this api $session_key = RingsideSocialUtils::getApiSessionKey($api_key, $secret, $network_session); $restClient = new RingsideApiClientsRest($api_key, $secret, $session_key); $text = $this->renderFbml($fbmlText, $network_session, $restClient, $app_id); if (!empty($text)) { $response['content'] = $text; } // } catch ( Exception $exception ) { // error_log( "Exception : " . $exception->getMessage()." \n".$exception->getTraceAsString() ); // $error = RingsideSocialUtils::SOCIAL_ERROR_RENDER_EXCEPTION; // } if ($error != null) { $response['error'] = $error; } return $response; }
public function execute($api_key, $callback_url, $params) { $admin_client = RingsideSocialUtils::getAdminClient(); // TODO: SECURITY: Possibly security hole. We're signing and giving the signed payload to any URL, just by using the API key, which is public. A 3rd-party could hijack the signed payload and implement an offline brute force attack on the secret key $app_props = $admin_client->admin_getAppProperties("application_id,application_name,api_key,secret_key,callback_url", null, null, $api_key); // From RingsideSocialServerRender: // Recreate Session if we have it if (array_key_exists('social_session_key', $params)) { $session_key = $params['social_session_key']; $network_session = new RingsideSocialSession($session_key); $uid = $network_session->getUserId(); if (null == $uid || strlen($uid) == 0) { setcookie('social_session_key', $network_session->getSessionKey()); $uid = $_REQUEST['uid']; $network_session->setUserId($uid); $network_session->setLoggedIn(true); } } else { if (isset($_COOKIE['PHPSESSID'])) { // Optimization if user is already logged into web front-end $network_session = new RingsideSocialSession($_COOKIE['PHPSESSID']); $uid = $network_session->getUserId(); } else { // Not logged in, so login via annonymous user $trust = new RingsideSocialApiTrust($request); $network_session = $trust->getAnonymousSession(); } } $ctx = self::buildCallContext($api_key, $network_session); $sig_params = $ctx->getParameters($app_props['secret_key']); $req_params = array_merge($params, $sig_params); // error_log("Ajax Proxy to $callback_url with params:".var_export($req_params, true)); $result = RingsideSocialUtils::get_request($callback_url, $req_params, $headers); echo str_replace('+', '+', $result); }
private static function determineAppCanvasUrl(&$params) { //get the api_key for the app and retrieve the current canvas $admin_rest = RingsideSocialUtils::getAdminClient(); $appKey = isset($_REQUEST['api_key']) ? $_REQUEST['api_key'] : NULL; $props = $admin_rest->admin_getAppProperties("canvas_url", null, NULL, $appKey); if ($props != null) { $params['app'] = $props["canvas_url"]; } else { throw new Exception('unknown application key supplied: ' . $params['appKey']); } }
function isAuthorized() { $params = array(); $params['xid'] = $_GET['xid']; if (!empty($callbackurl)) { $params['c_url'] = $_GET['callbackurl']; } if (!empty($returnurl)) { $params['r_url'] = $_GET['returnurl']; } $params['aid'] = $_GET['aid']; $params['sig'] = RingsideSocialUtils::makeSig($params, RingsideSocialConfig::$secretKey); // print 'secret: ' . RingsideSocialConfig::$secretKey . '<br />'; // print_r( $params ); // print '<br />received sig: ' . $_GET['sig'] . '<br />'; // print 'generated sig: ' . $params['sig'] . '<br />'; return $params['sig'] == $_GET['sig']; }
public static function get_request($server, $params, &$headers, &$status) { $post_string = http_build_query($params, '', '&'); $result = null; // error_log("Posting social request $post_string"); if (function_exists('curl_init')) { // Use CURL if installed... $ch = curl_init(); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_URL, $server); curl_setopt($ch, CURLOPT_POSTFIELDS, $post_string); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_USERAGENT, 'Ringside.API Client (curl) ' . phpversion()); curl_setopt($ch, CURLOPT_HEADER, true); $result = curl_exec($ch); $headersize = curl_getinfo($ch, CURLINFO_HEADER_SIZE); $status = curl_getinfo($ch, CURLINFO_HTTP_CODE); // error_log("CURL status for $server is $status"); $http_headers = substr($result, 0, $headersize - 1); $result = substr($result, $headersize); if ($headers !== null) { $parsed_headers = RingsideSocialUtils::parse_headers($http_headers); // error_log("Render headers are"); // error_log(var_export($parsed_headers, true)); foreach ($parsed_headers as $http_header => $value) { $headers[$http_header] = $value; } } curl_close($ch); } else { // Non-CURL based version... $context = array('http' => array('method' => 'POST', 'header' => 'Content-type: application/x-www-form-urlencoded' . "\r\n" . 'User-Agent: OpenFB Client (non-curl) ' . phpversion() . "\r\n" . 'Content-length: ' . strlen($post_string), 'content' => $post_string)); $contextid = stream_context_create($context); $sock = fopen($server, 'r', false, $contextid); if ($sock) { $result = ''; while (!feof($sock)) { $result .= fgets($sock, 4096); } fclose($sock); } } return $result; }
public function execute() { // TODO: This ONLY will work if API and Social tiers are co-located! $response = array(); // Finish the API session, because we need to start a social session session_regenerate_id(true); $_SESSION = array(); $network_session = new RingsideSocialSession(); $rest = RingsideSocialUtils::getAdminClient(); $session_key = $rest->auth_createAppSession($this->uid, RingsideSocialConfig::$apiKey, false); $network_session->addApiSessionKey(RingsideSocialConfig::$apiKey, $session_key); $network_session->setNetwork($this->user_network_key); //$network_session->addApiSessionKey($apiKey, $session_key); $network_session->setUserId($this->uid); // TODO: Do user identity mapping right now //$network_session->setPrincipalId($pid); //$network_session->setTrust($trust_key); //$network_session->setCallbackUrl($social_callback); $network_session->setLoggedIn(true); $response[self::RESPONSE_SOCIAL_SESSION]['session_id'] = $network_session->getSessionKey(); $response[self::RESPONSE_SOCIAL_SESSION]['initial_expiry'] = $network_session->getExpiry(); session_write_close(); return $response; }
/** * Returns a valid app client using the information inside this gadget token. * The client will act on behalf of the api_key inside this gadget token. * * @return unknown */ public function getAppClient() { $apiKey = $this->getAppId(); $socialSession = $this->getSocialSession(); $secretKey = $this->getAppSecret(); error_log("OS Producing Client: apiKey= {$apiKey} secretKey= {$secretKey} "); $apiSessionKeyApp = RingsideSocialUtils::getApiSessionKey($apiKey, $secretKey, $socialSession); $apiClientApplication = new RingsideApiClientsRest($apiKey, $secretKey, $apiSessionKeyApp); return $apiClientApplication; }
public function renderRemote($callbackUrl, $apiKey, $secretKey, $canvasType, $isAppAdded, $sessionKey, RingsideSocialClientInterface $socialClient, &$headers, &$status) { // error_log( "renderRemote : enter ($callbackUrl) ($apiKey) " ); $response = null; if (!empty($this->path)) { // error_log( "renderRemote : path set" ); $callbackUrl .= $this->path; } // Create openFB request. $ctx = new RingsideSocialAppContext(); $ctx->setFlavor($this->flavor); if ($canvasType == RingsideSocialApiRender::CANVASTYPE_IFRAME || $canvasType == RingsideSocialApiRender::CANVASTYPE_OS) { $ctx->setIFrame(1); } else { $ctx->setIFrame(0); } $ctx->setInCanvas(1); $ctx->setTime(time()); if ($socialClient->inSession()) { // We don't know whether the app is added unless the user is logged in, so don't send that part of the context $ctx->setIsAppAdded($isAppAdded); $ctx->setUser($socialClient->getCurrentUser()); $ctx->setSessionKey($sessionKey); // $ctx->setProfileUpdateTime(); $ctx->setExpires(0); if ($socialClient->getNetworkSession()->getPrincipalId()) { $ctx->setPrincipalId($socialClient->getNetworkSession()->getPrincipalId()); } } $ctx->setApiKey($apiKey); $ctx->setRequestMethod($_SERVER['REQUEST_METHOD']); $ctx->setNetworkId($socialClient->getCurrentNetwork()); // $ctx->setDeployedNetwork( RingsideSocialConfig::$apiKey ); // $ctx->setHostNetwork(RingsideSocialConfig::$apiKey); $ctx->setSocialSessionKey($socialClient->getNetworkSession()->getSessionKey()); $deployed_ctx = new RingsideSocialAppContext(array(), RingsideSocialConfig::$apiKey); // $deployed_ctx->setRestUrl(RingsideApiClientsConfig::$serverUrl); // $deployed_ctx->setLoginUrl(RingsideApiClientsConfig::$webUrl.'/login.php'); // $deployed_ctx->setCanvasUrl(RingsideApiClientsConfig::$webUrl.'/canvas.php'); // $ctx->addNetwork($deployed_ctx); $cbReq = $ctx->getParameters($secretKey); // error_log(var_export($cbReq, true)); /* * Special case if we are to return an IFRAME, then the only thing we are returning is the * URL to ship out. It is up to the returning application to place this inside some form of content * frame. */ if ($this->flavor == 'canvas' && $canvasType == RingsideSocialApiRender::CANVASTYPE_IFRAME) { $callbackQuery = http_build_query(array_merge($cbReq, $this->params)); // TODO iframe generationg is off should be more expressive and configurable. $this->iframe = "{$callbackUrl}?{$callbackQuery}"; // error_log( "renderRemote: iframe : " . $this->iframe ); } else { if ($this->flavor == 'canvas' && $canvasType == RingsideSocialApiRender::CANVASTYPE_OS) { //Open Social Gadget description is the $callbackUrl $callbackQuery = http_build_query(array_merge($cbReq, $this->params)); // We also need to define fbsig_owner_id if the param id is present if (array_key_exists('id', $this->params)) { $callbackQuery . '&fb_sig_owner_id=' . $this->params['id']; } //TODO These parm options should be configurable $callbackQuery = $callbackQuery . '&view=canvas&synd=ringside&nocache=1'; //If you change this you must change container.js $this->iframe = RingsideApiClientsConfig::$socialUrl . "/gadgets/ifr?url=" . urlencode($callbackUrl) . "&{$callbackQuery}"; if (isset($this->params['forceIFrame']) && $this->params['forceIFrame'] == 'true') { $headers['content-type'] = 'text/html'; $response = "<iframe width='100%' frameborder='0' src='" . $this->iframe . "' height='" . $this->params['forceIFrameHeight'] . "'/>"; } // error_log( "renderRemote: OS iframe : " . $this->iframe ); } else { $response = RingsideSocialUtils::get_request($callbackUrl, array_merge($cbReq, $this->params), $headers, $status); if (isset($headers['location'])) { $this->redirect = $headers['location']; } } } return $response; }
public function execute($params) { $this->debug('Entering'); $this->debugVar($params); $network_session = null; /* foreach($params as $k => $v) { error_log("RingsideSocialServerRender: $k=$v"); } */ // Recreate Session if we have it error_log("Parameters for widget render are: " . var_export($params, true)); error_log("PHPSESSID=" . (isset($_COOKIE['PHPSESSID']) ? $_COOKIE['PHPSESSID'] : '<empty>')); if (array_key_exists('social_session_key', $params)) { $session_key = $params['social_session_key']; $network_session = new RingsideSocialSession($session_key); $uid = $network_session->getUserId(); if (null == $uid || strlen($uid) == 0) { setcookie('social_session_key', $network_session->getSessionKey()); $uid = $network_session->getUserId(); if (isset($_REQUEST['uid'])) { // TODO: SECURITY: I don't think we should just be able to override the uid. $uid = $_REQUEST['uid']; // TODO: SECURITY: This shouldn't be a valid way to log in. $network_session->setUserId($uid); $network_session->setLoggedIn(true); } } } else { if (isset($_COOKIE['PHPSESSID'])) { // Optimization if user is already logged into web front-end $network_session = new RingsideSocialSession($_COOKIE['PHPSESSID']); error_log("PHPSESSID says session is as follows: " . var_export($network_session, true)); $uid = $network_session->getUserId(); if (!isset($uid)) { // The user has a network session but is not logged in // Run as an anonymous user $trust = new RingsideSocialApiTrust($_REQUEST); $network_session = $trust->getAnonymousSession(); } } else { // Not logged in, so login via annonymous user $trust = new RingsideSocialApiTrust($_REQUEST); $network_session = $trust->getAnonymousSession(); } } $api_session_key = $network_session->getApiSessionKey($params['api_key']); if (null == $api_session_key) { $rest = RingsideSocialUtils::getAdminClient(); $app_props = $rest->admin_getAppProperties(array('secret_key'), null, null, $params['api_key'], $network_session->getNetwork()); error_log("Adding API key for " . $params['api_key'] . " to social session for user " . $network_session->getUserID()); RingsideSocialUtils::getApiSessionKey($params['api_key'], $app_props['secret_key'], $network_session); } else { error_log("Using API session key {$api_session_key} for user " . $network_session->getUserID()); } if (array_key_exists('method', $params)) { $method = $params['method']; if (strcasecmp($method, 'fbml') == 0 && array_key_exists('fbml', $params)) { $fbml = $params['fbml']; //error_log("fbml: $fbml"); $render = new RingsideSocialApiRenderFBML($params); $result = $render->render($network_session, $fbml); //error_log("content: ".$result['content']); return isset($result['content']) ? $result['content'] : $result['error']; } else { if (strcasecmp($method, 'app') == 0) { $social = new RingsideSocialClientLocal(RingsideWebConfig::$networkKey, null, $network_session->getSessionKey()); $inSession = $social->inSession(); error_log("User " . ($inSession ? 'is' : 'is not') . " in session"); if ($inSession) { $path = ''; if (array_key_exists('path', $params)) { $path = $params['path']; } $view = 'canvas'; if (array_key_exists('view', $params)) { $view = $params['view']; } //error_log("About to render: ".$params['app']." view: $view, path: $path"); $rest = RingsideSocialUtils::getAdminClient(); $app_props = $rest->admin_getAppProperties(array('application_id', 'canvas_url'), null, null, $params['api_key'], null, $network_session->getNetwork()); $domain_props = $rest->admin_getDomainProperties(array('resize_url'), null, $network_session->getNetwork()); $content = $social->render($view, $app_props['application_id'], $app_props['canvas_url'], $path); // TODO: Is this where error reporting should happen? //error_log("content: $content"); if (isset($domain_props['resize_url'])) { $content = "<html><head><script type=\"text/javascript\">\n function resizeIframe(id) {\n var iframe = document.getElementById( 'xdiframe' );\n var wrapper = document.getElementById( 'wrapper' );\n var height = Math.max( document.body.offsetHeight, document.body.scrollHeight );\n var width = Math.max( document.body.offsetWidth, document.body.scrollWidth );\n iframe.src = '{$domain_props['resize_url']}?height='+height+'&width='+width+'&id='+id;\n }\n</script></head><body onload=\"resizeIframe('if_" . $params['api_key'] . "');\">" . $content . "<iframe id='xdiframe' width='1' height='1' frameborder='0'/></body></html>"; } return $content; } else { echo "<error>User not Logged in!</error>"; } } } } else { error_log("No method specified for render request"); } }
/** * Emits form and comments as divs. */ public function emitDivs($application, $parentHandler, $args) { $xid = $args['xid']; $canpost = isset($args['canpost']) ? $args['canpost'] : "false"; $candelete = isset($args['candelete']) ? $args['candelete'] : "false"; $numposts = isset($args['numposts']) ? $args['numposts'] : 10; $uid = $application->getCurrentUser(); $aid = isset($args['aid']) ? $args['aid'] : $application->getApplicationId(); $callbackurl = isset($args['callbackurl']) ? $args['callbackurl'] : ''; $returnurl = isset($args['returnurl']) ? $args['returnurl'] : ''; $showform = isset($args['showform']) ? $args['showform'] : 'false'; $client = $application->getClient(); $comments = $client->comments_get($xid, null, null, $aid); $params = array(); $params['xid'] = $xid; if (!empty($callbackurl)) { $params['c_url'] = $callbackurl; } if (!empty($returnurl)) { $params['r_url'] = $returnurl; } $params['aid'] = $aid; $params['sig'] = RingsideSocialUtils::makeSig($params, RingsideSocialConfig::$secretKey); //number of comments $theString = ""; if (!isset($comments) || empty($comments)) { $theString .= ' <div class="comments_numposts">There are no posts yet.</div>'; if ($canpost == 'true' && $showform == 'false') { $theString .= '<div class="comments_top_links"><a href="' . RingsideSocialConfig::$webRoot . '/wall.php?xid=' . $xid . '&aid=' . $aid . '&sig=' . $params['sig']; if (!empty($callbackurl) && isset($callbackurl)) { $theString .= '&r_url=' . $callbackurl; } $theString .= '">Write Something</a>'; $theString .= '</div>'; } } else { if (sizeof($comments) === 1) { $theString .= ' <div class="comments_numposts">Displaying the only post.</div>'; if ($canpost == 'true' && $showform == 'false') { $theString .= '<div class="comments_top_links"><a href="' . RingsideSocialConfig::$webRoot . '/wall.php?xid=' . $xid . '&aid=' . $aid . '&sig=' . $params['sig']; if (!empty($callbackurl) && isset($callbackurl)) { $theString .= '&r_url=' . $callbackurl; } $theString .= '">Write Something</a>'; $theString .= '</div>'; } } else { if (sizeof($comments) > 0 && sizeof($comments) < $numposts) { $theString .= ' <div class="comments_numposts">Displaying all ' . sizeof($comments) . ' posts.</div>'; if ($canpost == 'true' && $showform == 'false') { $theString .= '<div class="comments_top_links"><a href="' . RingsideSocialConfig::$webRoot . '/wall.php?xid=' . $xid . '&aid=' . $aid . '&sig=' . $params['sig']; if (!empty($callbackurl) && isset($callbackurl)) { $theString .= '&r_url=' . $callbackurl; } $theString .= '">Write Something</a>'; $theString .= '</div>'; } } else { $theString .= ' <div class="comments_numposts">Displaying ' . $numposts . ' of ' . sizeof($comments) . '.</div>'; $theString .= '<div class="comments_top_links">'; if ($canpost == 'true' && $showform == 'false') { $theString .= '<a href="' . RingsideSocialConfig::$webRoot . '/wall.php?xid=' . $xid . '&aid=' . $aid . '&sig=' . $params['sig']; if (!empty($callbackurl) && isset($callbackurl)) { $theString .= '&r_url=' . $callbackurl; } $theString .= '">Write Something</a> '; } $theString .= '<a href="' . RingsideSocialConfig::$webRoot . '/wall.php?xid=' . $xid . '&aid=' . $aid . '">See All</a>'; $theString .= '</div>'; } } } //showform if ($showform == 'true') { $theString .= ' <div class="comments_post_form">'; $theString .= ' <form name="form1" id="form1" method="get" action="' . RingsideSocialConfig::$webRoot . '/wall.php">'; $theString .= ' <input type="hidden" name="xid" value="' . $xid . '"/>'; $theString .= ' <input type="hidden" name="xid_action" value="post"/>'; $theString .= ' <input type="hidden" name="aid" value="' . $aid . '"/>'; $theString .= ' <input type="hidden" name="sig" value="' . $params['sig'] . '"/>'; if (!empty($callbackurl)) { $theString .= ' <input type="hidden" name="callbackurl" value="' . $callbackurl . '"/>'; } $theString .= ' <div class="comments_text_box"><textarea class="comments_text_area" name="text" cols="80"></textarea></div>'; $theString .= ' <br/>'; $theString .= ' <div class="comments_submit_button"><input type="submit" name="Submit" value="Post" /></div>'; $theString .= ' </form>'; $theString .= ' </div>'; } //comments $currentCount = 0; if (isset($comments) && !empty($comments)) { foreach ($comments as $comment) { $params['xid_action'] = 'delete'; $params['cid'] = $comment['cid']; $paramString = http_build_query($params, '', '&'); if ($currentCount < $numposts) { $theString .= ' <div class="comment">'; $name = $client->users_getInfo($comment['uid'], "first_name,pic"); $theString .= ' <div class="comment_author_pic"><image src="' . $name[0]['pic'] . '" width="50"/></div>'; $theString .= ' <div class="comment_author">' . $name[0]['first_name'] . ' wrote</div>'; $time = $comment['created']; $theString .= ' <div class="comment_time">at ' . $time . '</div>'; $theString .= ' <div class="comment_text">' . $comment['text'] . '</div>'; $theString .= ' <div class="comment_links"><a href="#">message</a>'; if (isset($candelete) && $candelete == 'true') { $theString .= ' - <a href="' . RingsideSocialConfig::$webRoot . '/wall.php?' . $paramString . '">delete</a></div>'; } $theString .= ' </div>'; $currentCount++; } } } $theString .= '</div>'; echo $theString; }
$snid = isset($_REQUEST['snid']) ? $_REQUEST['snid'] : null; $api_key = isset($_REQUEST['api_key']) ? $_REQUEST['api_key'] : null; $canvas = isset($_REQUEST['canvas']) ? true : false; $network = isset($_REQUEST['network']) ? true : false; $social_session_key = isset($_REQUEST['social_session_key']) ? $_REQUEST['social_session_key'] : null; $sig = ''; $network_session = null; $authorities = null; try { // We are expecting a social session key in the request, this can help us understand the current map request // the network it is coming from and more. // In the map process not sure where we need this, but its good to load it here. $network_session = new RingsideSocialSession($social_session_key); // The mapping process is happening relative to some NETWORK, the user might not be logged in to the DEPLOYED NETWORK. // And we should not care. However we have to ask some system questions. $ringside_rest = RingsideSocialUtils::getAdminClient($snid); $authorities = $ringside_rest->admin_getTrustInfo(); } catch (Exception $e) { include "ringside/templates/error.tpl"; return; } $this_authority = null; foreach ($authorities as $authority) { if ($authority['trust_key'] == $snid) { $this_authority = $authority; break; } } $hiddenInputs = <<<heredoc <input type="hidden" name="method" value="bindmap" /> <input type="hidden" name="next" value="{$next}" />
/** * Re-routes an api request to another network. If trust.php is used as a rest server URL * and a path info is provided such that the request looks like the one below: * * http://localhost/trust.php/facebook/footprints/restserver.php * or * http://localhost/trust.php/{network}/{canvas url}/{restserver path} * * Attempts to remap and resign the api call using the app's secret on the new network * and then to change the uid to the equivelent uid on the forgin network. * * The api call is then re-signed and issued and the response is returned. * * @param unknown_type $params */ private static function proxy_app_request(&$params) { $matches = array(); // All these special cases are to ensure we aren't adding an additional "/" character to the URL. preg_match(',^/([^/]*)/([^/]*)(/?.*)$,', $_SERVER['PATH_INFO'], $matches); $network_key = $matches[1]; $canvas_url = $matches[2]; $rest = $matches[3]; if ($rest == '') { $rest = '/'; } if ($network_key != RingsideSocialConfig::$apiKey) { $skey = isset($_REQUEST['fb_sig_session_key']) ? $_REQUEST['fb_sig_session_key'] : ''; $apiKey = isset($_REQUEST['fb_sig_api_key']) ? $_REQUEST['fb_sig_api_key'] : ''; $ringside_rest = self::createRestClient($params['fb_sig_session_key']); $admin_rest = RingsideSocialUtils::getAdminClient(); $props = $admin_rest->admin_getAppProperties("application_id,application_name,api_key,secret_key,callback_url", null, $canvas_url, NULL); $network_app_props = $admin_rest->admin_getAppKeys(null, null, $props['api_key']); $network_api_key = $props['api_key']; $network_secret = $props['secret_key']; self::getApiKeyAndSecretForNetwork($network_key, $network_app_props, $network_api_key, $network_secret); $network_session = new RingsideSocialSession($params['fb_sig_session_key']); $idmaps = $ringside_rest->users_mapToPrincipal(array($params['fb_sig_user']), $network_key, $props['application_id']); // Create openFB request. These are just overrides for the original request. $has_fb_sig = isset($params['fb_sig']); $cbReq = array(); // We can't append fb_sig unless Facebook has already passed fb_sig; this would prevent the app's client from creating a session during login if ($has_fb_sig) { if (isset($params['fb_sig_nuser'])) { // Since we're proxying a request, do NOT forward the user mapping! unset($params['fb_sig_nuser']); } $cbReq['fb_sig_flavor'] = 'canvas'; // $cbReq['fb_sig_in_iframe'] = 0; $cbReq['fb_sig_nid'] = $network_key; // The social session key needs to be for _this_ social session! $cbReq['fb_sig_soc_session_key'] = $network_session->getSessionKey(); if (!empty($idmaps) && isset($idmaps[0]) && $idmaps[0] !== null) { $cbReq['fb_sig_nuser'] = $idmaps[0]['pid']; } } // error_log("cbReq social session key is {$cbReq['fb_sig_soc_session_key']}; params is $fb_sig_soc_session_key"); // TODO: Set up social session key for trust-based proxy // $cbReq['fb_sig_soc_session_key'] = ; $req_params = array_merge($params, $cbReq); error_log("Invoking {$canvas_url} with params: " . var_export($req_params, true)); // Now, we need to re-sign the parameters, since we've added the "nid" and "nuser" fb_sig params if ($has_fb_sig) { unset($req_params['fb_sig']); $sig = RingsideSocialUtils::makeSig($req_params, $network_secret, 'fb_sig'); $req_params['fb_sig'] = $sig; } // error_log("Logged in user is principal ".$pids[0]); // error_log("Proxying to app callback URL ".$props['callback_url']); $headers = array(); $callback_url = self::safe_append_url($props['callback_url'], $rest); $result = RingsideSocialUtils::get_request($callback_url, $req_params, $headers); // error_log("Result: $result"); if (isset($headers['location'])) { $proxy_redir_url = self::buildProxyUrl($props['callback_url'], $headers['location']); error_log("Proxying for redirect to {$proxy_redir_url}"); // Build the remote network's callback_url // We'll redirect _within_ the frame (the commented-out script will redirect the _top_ of the frame if (isset($params['fb_sig_in_iframe']) && 0 != $params['fb_sig_in_iframe']) { // RingsideWebUtils::redirect($headers['location']); $apps_url = RingsideApiClientsConfig::$webUrl . '/canvas.php'; if ($nid == 'facebook') { $apps_url = 'http://apps.facebook.com/'; } // $real_location = self::buildProxyUrl($props['callback_url'], $headers['location']); // echo "<script>top.location.href='".$real_location."';</script>"; RingsideWebUtils::redirect($proxy_redir_url); } else { // $real_location = self::buildProxyUrl($props['callback_url'], $headers['location']); if (isset($params['fb_sig_in_canvas']) && 0 != $params['fb_sig_in_canvas']) { echo "<fb:redirect url='{$proxy_redir_url}'/>"; } else { RingsideWebUtils::redirect($proxy_redir_url); } } return; } echo $result; return; } // Map network user to principal // Rewrite fb_sig // Proxy to callback_url echo '<ERROR>Unknown Callback_Url!</ERROR>'; }
/** * Builds the expected results, emitting divs. * * @param $inputs Array containing fb:comments parameters. * @param $comments Array of mock comments * @return string Expected results */ public static function makeExpectedResultsDivs($inputs, $comments, $aid) { $xid = $inputs[0]; $canpost = $inputs[1]; $candelete = $inputs[2]; $numposts = $inputs[3]; $callbackurl = $inputs[4]; $returnurl = $inputs[5]; $showform = isset($inputs[6]) ? $inputs[6] : 'false'; $uid = $inputs[7]; $title = $inputs[8]; $params = array(); $params['xid'] = $xid; if (!empty($callbackurl)) { $params['c_url'] = $callbackurl; } if (!empty($returnurl)) { $params['r_url'] = $returnurl; } $params['aid'] = $aid; $params['sig'] = RingsideSocialUtils::makeSig($params, RingsideSocialConfig::$secretKey); $expected = '<div class="comments">'; //title if (!isset($title) || empty($title)) { $expected .= ' <div class="comments_title">Comments</div>'; } else { $expected .= ' <div class="comments_title">' . $title . '</div>'; } //number of comments if (!isset($comments) || empty($comments)) { $expected .= ' <div class="comments_numposts">There are no posts yet.</div>'; if ($canpost == 'true' && $showform == 'false') { $expected .= '<div class="comments_top_links"><a href="' . RingsideSocialConfig::$webRoot . '/wall.php?xid=' . $xid . '&aid=' . $aid . '&sig=' . $params['sig']; if (!empty($callbackurl) && isset($callbackurl)) { $expected .= '&r_url=' . $callbackurl; } $expected .= '">Write Something</a>'; $expected .= '</div>'; } } else { if (sizeof($comments) === 1) { $expected .= ' <div class="comments_numposts">Displaying the only post.</div>'; if ($canpost == 'true' && $showform == 'false') { $expected .= '<div class="comments_top_links"><a href="' . RingsideSocialConfig::$webRoot . '/wall.php?xid=' . $xid . '&aid=' . $aid . '&sig=' . $params['sig']; if (!empty($callbackurl) && isset($callbackurl)) { $expected .= '&r_url=' . $callbackurl; } $expected .= '">Write Something</a>'; $expected .= '</div>'; } } else { if (sizeof($comments) > 0 && sizeof($comments) < $numposts) { $expected .= ' <div class="comments_numposts">Displaying all ' . sizeof($comments) . ' posts.</div>'; if ($canpost == 'true' && $showform == 'false') { $expected .= '<div class="comments_top_links"><a href="' . RingsideSocialConfig::$webRoot . '/wall.php?xid=' . $xid . '&aid=' . $aid . '&sig=' . $params['sig']; if (!empty($callbackurl) && isset($callbackurl)) { $expected .= '&r_url=' . $callbackurl; } $expected .= '">Write Something</a>'; $expected .= '</div>'; } } else { $expected .= ' <div class="comments_numposts">Displaying ' . $numposts . ' of ' . sizeof($comments) . '.</div>'; $expected .= '<div class="comments_top_links">'; if ($canpost == 'true' && $showform == 'false') { $expected .= '<a href="' . RingsideSocialConfig::$webRoot . '/wall.php?xid=' . $xid . '&aid=' . $aid . '&sig=' . $params['sig']; if (!empty($callbackurl) && isset($callbackurl)) { $expected .= '&r_url=' . $callbackurl; } $expected .= '">Write Something</a> '; } $expected .= '<a href="' . RingsideSocialConfig::$webRoot . '/wall.php?xid=' . $xid . '&aid=' . $aid . '">See All</a>'; $expected .= '</div>'; } } } self::handleShowForm($showform, $expected, $xid, $aid, $callbackurl, $params['sig']); //comments $currentCount = 0; if (isset($comments) && !empty($comments)) { foreach ($comments as $comment) { $params['xid_action'] = 'delete'; $params['cid'] = $comment['cid']; $paramString = http_build_query($params, '', '&'); if ($currentCount < $numposts) { $expected .= ' <div class="comment">'; $expected .= ' <div class="comment_author">' . $uid . ' wrote</div>'; $time = $comment['created']; $expected .= ' <div class="comment_time">at ' . $time . '</div>'; $expected .= ' <div class="comment_text">' . $comment['text'] . '</div>'; $expected .= ' <div class="comment_links"><a href="#">message</a>'; if (isset($candelete) && $candelete == 'true') { $expected .= ' - <a href="' . RingsideSocialConfig::$webRoot . '/wall.php?' . $paramString . '">delete</a></div>'; } $expected .= ' </div>'; $currentCount++; } } } $expected .= '</div>'; return $expected; }
<?php /** * Document this file. * * @author Jason Kinner <*****@*****.**> */ require_once 'ringside/api/clients/RingsideApiClients.php'; require_once 'ringside/social/RingsideSocialUtils.php'; if (isset($_REQUEST['social_session_key'])) { $client = RingsideSocialUtils::getAdminClient(); $domain_info = $client->admin_getDomainProperties(array('secret_key'), null, $_REQUEST['network_key']); error_log("For network " . $_REQUEST['network_key'] . ", the values are: " . var_export($domain_info, true)); $secret = $domain_info['secret_key']; $params = array('social_session_key' => $_GET['social_session_key'], 'next' => $_GET['next']); error_log("Verifying signature with params: " . var_export($params, true) . " and secret '{$secret}'"); $check_sig = Facebook::generate_sig($params, $secret); if ($check_sig == $_REQUEST['sig']) { $social_session_key = $_GET['social_session_key']; error_log("Site connect signature verified. Setting cookie."); setcookie('PHPSESSID', $social_session_key); $next = $_REQUEST['next']; // TODO: Think about restricting this redirect to the registered site's domain, like app login redirection if (strpos($next, '?') !== false) { $next .= "&"; } else { $next .= "?"; } $params = array('sc_social_session_key' => $social_session_key, 'sc_sig' => Facebook::generate_sig(array('social_session_key' => $social_session_key), $domain_info['secret'])); $next .= http_build_query($params); header('Location: ' . $next, null, 302);
/** * Handle the trust situation for a web application, this * will force redirects to canvas or callback url as specified. * * @param Application $application * @param int $uid * @param boolean $infinite * @param boolean $canvas * @param string next * @return boolean success failure */ function handleWebAppTrust($apikey, $application, $uid, $infinite, $canvas, $trust, $next) { $this->trustUser($application, $uid, $infinite); try { // Get a client which is represents this SOCIAL engine to API relationship $apiSessionKey = RingsideSocialUtils::getApiSessionKey(RingsideSocialConfig::$apiKey, RingsideSocialConfig::$secretKey, $application->getSocialSession()); $apiClientSocial = new RingsideApiClientsRest(RingsideSocialConfig::$apiKey, RingsideSocialConfig::$secretKey, $apiSessionKey, null, RingsideSocialConfig::$apiKey); // Get information about a given application. $result = $apiClientSocial->admin_getAppProperties("application_id,secret_key,canvas_url,callback_url", null, null, $apikey); $canvas_url = isset($result['canvas_url']) ? $result['canvas_url'] : ""; $callback_url = isset($result['callback_url']) ? $result['callback_url'] : ""; $secret = isset($result['secret_key']) ? $result['secret_key'] : ""; if ($canvas === true) { $trust_info = $apiClientSocial->admin_getTrustInfo(array(RingsideSocialConfig::$apiKey)); $canvas_root = $trust_info[0]['trust_canvas_url']; $this->redirect = $canvas_root . '/' . $canvas_url . $next; } else { // get the clients applications and create $appClient = new RingsideApiClientsRest($apikey, $secret, null, null, RingsideSocialConfig::$apiKey); $token = $appClient->auth_createToken($infinite); $appClient->auth_approveToken($uid); if (strpos($next, "?") === false) { $next = $next . "?"; } else { if (strpos($next, "&") !== false) { $next = $next . "&"; } } if ($trust === true) { $redir = $next . "auth_token=" . $token; } else { if (strpos($next, $callback_url) === 0) { $redir = $next . "auth_token=" . $token; } else { $redir = $callback_url . $next . "auth_token=" . $token; } } $this->redirect = $redir; } return true; } catch (Exception $e) { error_log($e->getMessage()); $this->removeTrust($application, $uid); return false; } }