/** * Get authentication URL. * * @param array $params Auth parameters. * @return string */ function getAuthURL(array $params = array()) { $params[RublonAuthParams::FIELD_VERSION] = $this->getVersionDate(); $authString = array(); if (!empty($params)) { $authString['consumerParams'] = RublonSignatureWrapper::wrap($this->getSecretKey(), $params); } $authString[RublonAuthParams::FIELD_SYSTEM_TOKEN] = $this->getSystemToken(); $authString[RublonAuthParams::FIELD_LANG] = $this->getLang(); $authString[RublonAuthParams::FIELD_WINDOW_TYPE] = 'window'; return $this->getAPIDomain() . $this->urlPath . urlencode(base64_encode(json_encode($authString))); }
public function retrieveRegistrationForm() { $temp_key = RublonSignatureWrapper::generateRandomString(self::SECRET_KEY_LENGTH); $this->saveInitialParameters($temp_key, time()); $reg_form = $this->getRegistrationForm(); return $reg_form; }
/** * Handle state logout: parse input and call logout for given user. * * @throws MissingField_RublonClientException * @throws RublonException */ protected function handleStateLogout() { if ($input = file_get_contents("php://input")) { $message = RublonSignatureWrapper::parseMessage($input, $this->getRublon()->getSecretKey()); $requiredFields = array(self::FIELD_LOGOUT_ACCESS_TOKEN, self::FIELD_LOGOUT_USER_ID, self::FIELD_LOGOUT_DEVICE_ID); foreach ($requiredFields as $field) { if (empty($message[$field])) { $response = array('status' => 'ERROR', 'msg' => 'Missing field.', 'field' => $field); break; } } if (empty($response)) { $this->handleLogout($message['userId'], $message['deviceId']); $response = array('status' => 'OK', 'msg' => 'Success'); } } else { $response = array('status' => 'ERROR', 'msg' => 'Empty JSON input.'); } header('content-type: application/json'); echo json_encode($response); exit; }
/** * Get signed script input parameters. * * @return string */ protected function getParamsWrapper() { if ($this->getRublon()->isConfigured()) { $wrapper = new RublonSignatureWrapper(); $wrapper->setSecretKey($this->getRublon()->getSecretKey()); $wrapper->setBody($this->getParams()); return (string) $wrapper; } else { return json_encode($this->getParams()); } }
/** * Get the consumer parameters wrapper to apply in the Rublon button. * * Returns the Signature Wrapper-signed consumer params * to apply in the HTML wrapper of the Rublon button. * * @return array|NULL */ public function getConsumerParamsWrapper() { $consumerParams = $this->getConsumerParams(); if (!empty($consumerParams)) { return RublonSignatureWrapper::wrap($this->getRublon()->getSecretKey(), $consumerParams); } else { return null; } }
/** * Parse signed message. * * @throws Exception * @param mixed $jsonStr * @param string $secretKey * @param array $config * @return mixed */ static function parseMessage($jsonStr, $secretKey, $config = array()) { if (empty($secretKey)) { throw new RublonException('Empty secret'); } if (empty($jsonStr)) { throw new RublonException('Empty response', RublonException::CODE_INVALID_RESPONSE); } // Verify response JSON $response = json_decode($jsonStr, true); if (empty($response)) { throw new RublonException('Invalid response: ' . $jsonStr, RublonException::CODE_INVALID_RESPONSE); } if (!empty($response[self::FIELD_STATUS]) and $response[self::FIELD_STATUS] == self::STATUS_ERROR) { $msg = isset($response[self::FIELD_MSG]) ? $response[self::FIELD_STATUS] : 'Error response: ' . $jsonStr; throw new RublonException($msg, RublonException::CODE_INVALID_RESPONSE); } if (empty($response[self::FIELD_DATA])) { throw new RublonException('Missing data field', RublonException::CODE_INVALID_RESPONSE); } if (empty($response[self::FIELD_SIGN])) { throw new RublonException('Missing sign field', RublonException::CODE_INVALID_RESPONSE); } if (!RublonSignatureWrapper::verifyData($response[self::FIELD_DATA], $secretKey, $response[self::FIELD_SIGN])) { throw new RublonException('Invalid signature', RublonException::CODE_INVALID_RESPONSE); } // Verify data field $data = json_decode($response[self::FIELD_DATA], true); if (empty($data) or !is_array($data)) { throw new RublonException('Invalid response', RublonException::CODE_INVALID_RESPONSE); } if (!isset($data[self::FIELD_HEAD]) or !is_array($data[self::FIELD_HEAD]) or empty($data[self::FIELD_HEAD])) { throw new RublonException('Invalid response data (invalid header)', RublonException::CODE_INVALID_RESPONSE); } // Verify head field $head = $data[self::FIELD_HEAD]; if (empty($config[self::CONFIG_SKIP_TIME]) and !(isset($head[self::FIELD_HEAD_TIME]) and abs(time() - $head[self::FIELD_HEAD_TIME]) <= self::MESSAGE_LIFETIME)) { throw new RublonException('Invalid message time', RublonException::CODE_TIMESTAMP_ERROR); } if (!isset($data[self::FIELD_BODY]) or !is_string($data[self::FIELD_BODY])) { throw new RublonException('Invalid response data (no body)', RublonException::CODE_INVALID_RESPONSE); } // Verify body field $body = json_decode($data[self::FIELD_BODY], true); if (is_array($body) and !empty($body)) { return $body; } else { return $data[self::FIELD_BODY]; } }
/** * Parse signed message. * * @throws Exception * @param mixed $jsonStr * @param string $secretKey * @param array $config * @return mixed */ static function parseMessage($jsonStr, $secretKey, $config = array()) { if (empty($secretKey)) { throw new RublonException('Invalid API response', RublonException::CODE_INVALID_RESPONSE_EMPTY_SECRET_KEY); } if (empty($jsonStr)) { throw new RublonException('Empty API response', RublonException::CODE_INVALID_RESPONSE_EMPTY_JSON_STRING); } // Verify response JSON $response = json_decode($jsonStr, true); if (empty($response)) { throw new RublonException('Cannot parse empty API response: ' . $jsonStr, RublonException::CODE_EMPTY_JSON_RESPONSE); } if (!empty($response[self::FIELD_STATUS]) and $response[self::FIELD_STATUS] == self::STATUS_ERROR) { $msg = isset($response[self::FIELD_MSG]) ? $response[self::FIELD_MSG] : 'Cannot parse incorrect API response'; throw new RublonException($msg, RublonException::CODE_API_RESPONSE_STATUS_ERROR); } if (empty($response[self::FIELD_DATA])) { throw new RublonException('Invalid API response', RublonException::CODE_INVALID_RESPONSE_MISSING_JSON_DATA_FIELD); } if (empty($response[self::FIELD_SIGN])) { throw new RublonException('Invalid API response', RublonException::CODE_INVALID_RESPONSE_MISSING_JSON_SIGN_FIELD); } if (!RublonSignatureWrapper::verifyData($response[self::FIELD_DATA], $secretKey, $response[self::FIELD_SIGN])) { throw new RublonException('Invalid signature', RublonException::CODE_INVALID_RESPONSE_INVALID_SIGNATURE); } // Verify data field $data = json_decode($response[self::FIELD_DATA], true); if (empty($data) or !is_array($data)) { throw new RublonException('Invalid API response', RublonException::CODE_INVALID_RESPONSE_INVALID_JSON_DATA_FIELD); } if (!isset($data[self::FIELD_HEAD]) or !is_array($data[self::FIELD_HEAD]) or empty($data[self::FIELD_HEAD])) { throw new RublonException('Invalid API response', RublonException::CODE_INVALID_RESPONSE_INVALID_JSON_HEAD_FIELD); } // Verify head field $head = $data[self::FIELD_HEAD]; if (empty($config[self::CONFIG_SKIP_TIME]) and !(isset($head[self::FIELD_HEAD_TIME]) and abs(time() - $head[self::FIELD_HEAD_TIME]) <= self::MESSAGE_LIFETIME)) { throw new RublonException('Invalid message time', RublonException::CODE_TIMESTAMP_ERROR); } if (!isset($data[self::FIELD_BODY]) or !is_string($data[self::FIELD_BODY])) { throw new RublonException('Invalid API response', RublonException::CODE_INVALID_RESPONSE_MISSING_JSON_BODY_FIELD); } // Verify body field $body = json_decode($data[self::FIELD_BODY], true); if (is_array($body) and !empty($body)) { return $body; } else { return $data[self::FIELD_BODY]; } }
/** * Get System Token from base64 parameter. * * @param string $data Base64 decoded data * @return bool If the sign is valid return true the false * @throws RublonException */ protected function parseSystemToken($data) { $body = RublonSignatureWrapper::parseMessage(base64_decode(urldecode($data)), $this->getTempKey()); return $body[self::FIELD_SYSTEM_TOKEN]; }