/**
* Step 2 in oAuth process
* this is when linkedin redirected the user back
* to our callback url, which calls this controller
* @return object $this
*
* @throws Exception in case something goes wrong with oAuth class
*/
protected function step2()
{
try {
/**
* This is a callback (redirected back from linkedin page
* after user authorized us)
* In this case we must: create account or update account
* in USER table
* Re-create oViewer object
* send cookie to remember user
* and then send out HTML with js instruction to close the popup window
*/
d('Looks like we are at step 2 of authentication. Request: ' . print_r($_REQUEST, 1));
/**
* @todo check first to make sure we do have oauth_token
* on REQUEST, else close the window
*/
$this->oAuth->setToken($this->Request['oauth_token'], $_SESSION['linkedin_oauth']['oauth_token_secret']);
$ver = $this->Registry->Request->get('oauth_verifier', 's', '');
d(' $ver: ' . $ver);
$url = empty($var) ? self::ACCESS_TOKEN_URL : self::ACCESS_TOKEN_URL . '?oauth_verifier=' . $ver;
d('url: ' . $url);
$this->aAccessToken = $this->oAuth->getAccessToken($url);
d('$this->aAccessToken: ' . print_r($this->aAccessToken, 1));
unset($_SESSION['linkedin_oauth']);
$this->oAuth->setToken($this->aAccessToken['oauth_token'], $this->aAccessToken['oauth_token_secret']);
$this->oAuth->fetch(self::PROFILE_URL);
$resp = $this->oAuth->getLastResponse();
$this->parseXML($resp);
$this->createOrUpdate();
if (!$this->bConnect) {
\Lampcms\Cookie::sendLoginCookie($this->Registry->Viewer->getUid(), $this->User->rs);
} else {
/**
* The b_li flag in Viewer is necessary
* for the social checkboxes to set
* the checkbox to 'checked' state
*
*/
$this->Registry->Viewer['b_li'] = true;
}
$this->closeWindow();
} catch (\OAuthException $e) {
e('OAuthException: ' . $e->getMessage() . ' ' . print_r($e, 1));
$err = 'Something went wrong during authorization. Please try again later' . $e->getMessage();
throw new \Exception($err);
}
return $this;
}
/**
* Step 2 in oAuth process
* this is when Twitter redirected the user back
* to our callback url, which calls this controller
* @return object $this
*
* @throws Exception in case something goes wrong with oAuth class
*/
protected function finishOauthDance()
{
try {
/**
* This is a callback (redirected back from twitter page
* after user authorized us)
* In this case we must: create account or update account
* in USER table
* Re-create oViewer object
* send cookie to remember user
* and then send out HTML with js instruction to close the popup window
*/
d('Looks like we are at step 2 of authentication. Request: ' . print_r($_REQUEST, 1));
// State 1 - Handle callback from Twitter and get and store an access token
/**
* @todo check first to make sure we do have oauth_token
* on REQUEST, else close the window
*/
$this->oAuth->setToken($this->Request['oauth_token'], $_SESSION['oauth']['oauth_token_secret']);
$aAccessToken = $this->oAuth->getAccessToken(self::ACCESS_TOKEN_URL);
d('$aAccessToken: ' . print_r($aAccessToken, 1));
unset($_SESSION['oauth']);
/**
* @todo
* there is a slight possibility that
* we don't get the oData back like if
* request for verify_credentials with token/secret fails
* This should not happend because user has just authorized us - this
* is a callback url after all.
* But still, what if... what if Twitter hickups and does not
* return valid response, then what should be do?
*
* Probably throw some generic exception telling user to try
* again in a few minutes
*
* So basically we should delegate this whole process to
* the Twitter->verifyCredentials()
*
*/
$this->oAuth->setToken($aAccessToken['oauth_token'], $aAccessToken['oauth_token_secret']);
$this->oAuth->fetch('http://api.twitter.com/1/account/verify_credentials.json');
if (false === ($this->aUserData = \json_decode($this->oAuth->getLastResponse(), true))) {
e('Unable to json_decode data returned by Twitter API: ' . $this->oAuth->getLastResponse());
$this->closeWindow();
exit;
}
if (isset($this->aUserData['status'])) {
unset($this->aUserData['status']);
}
d('json: ' . var_export($this->aUserData, true));
$aDebug = $this->oAuth->getLastResponseInfo();
d('debug: ' . print_r($aDebug, 1));
$this->aUserData = array_merge($this->aUserData, $aAccessToken);
d('$this->aUserData ' . print_r($this->aUserData, 1));
$this->aUserData['_id'] = !empty($this->aUserData['id_str']) ? $this->aUserData['id_str'] : (string) $this->aUserData['id'];
unset($this->aUserData['user_id']);
$this->updateTwitterUserRecord();
$this->createOrUpdate();
if (!$this->bConnect) {
Cookie::sendLoginCookie($this->Registry->Viewer->getUid(), $this->User->rs);
} else {
/**
* Set flag to session indicating that user just
* connected Twitter Account
*/
$this->Registry->Viewer['b_tw'] = true;
}
$this->closeWindow();
} catch (\OAuthException $e) {
e('OAuthException: ' . $e->getMessage() . ' ' . print_r($e, 1));
// throw new \Lampcms\Exception('Something went wrong during authorization. Please try again later'.$e->getMessage());
/*
/**
* Cannot throw exception because then it would be
* displayed as regular page, with login block
* but the currently opened window is a popup window
* for showing twitter oauth page and we don't need
* a login form or any other elements of regular page there
*/
$err = 'Something went wrong during authorization. Please try again later' . $e->getMessage();
exit(\Lampcms\Responder::makeErrorPage($err));
}
return $this;
}
public function main()
{
/**
* Will not check for the valid 'form token'
* in this form because potential
* hacher has nothing to gain by
* exploiting CSRF of a login form because
* the user using this form is be definition
* 'not yet logged in', so there is really
* nothing to gain by tricking someonw to login
*/
$bRemember = isset($this->Request['chkRemember']) ? (bool) $this->Request['chkRemember'] : false;
d('$bRemember ' . $bRemember . ' $this->Request ' . print_r($this->Request->getArrayCopy(), 1));
try {
$oCheckLogin = new UserAuth($this->Registry);
$User = $oCheckLogin->validateLogin($this->Request['login'], $this->Request['pwd']);
/**
* If user logged in that means he got the email
* with password,
* thus we confirmed email address
* and can activate user
*/
$User->activate();
} catch (\Lampcms\LoginException $e) {
/**
* @todo may add extra setting to !config.ini to send login errors
* to special dedicated email address that will receive all security (hacking attempts)
* related errors.
*/
d('Login error: ' . $e->getMessage() . ' in file: ' . $e->getFile() . ' on line: ' . $e->getLine());
if (Request::isAjax()) {
Responder::sendJSON(array('error' => $e->getMessage()));
}
$_SESSION['login_error'] = $e->getMessage();
d('$_SESSION[login_error] ' . $_SESSION['login_error']);
Responder::redirectToPage();
}
d('User: '******'onUserLogin');
if ($bRemember) {
\Lampcms\Cookie::sendLoginCookie($User->getUid(), $User['rs']);
}
Responder::redirectToPage();
}
/**
* Based on value of email address in the data received
* from Google API
* Login existing user or create a new account
* and login the new user
*
*/
protected function createOrUpdate()
{
$User = null;
$this->email = \mb_strtolower($this->userInfo['email']);
/**
* @todo this can be refactored for php 5.4
* Search EMAILS collection
* try to find user that has this email address
*/
$res = $this->Registry->Mongo->EMAILS->findOne(array(Schema::EMAIL => $this->email), array('i_uid' => true));
if (!empty($res) && !empty($res['i_uid'])) {
d('found user id by email address. uid: ' . $res['i_uid']);
$aUser = $this->Registry->Mongo->USERS->findOne(array(Schema::PRIMARY => $res['i_uid']));
$User = User::userFactory($this->Registry, $aUser);
$this->updateUser($User);
}
/**
* Was Not able to find user by search EMAILS collection
* Search USERS collection by email address
*/
if (null === $User) {
$a = $this->Registry->Mongo->USERS->findOne(array(Schema::EMAIL => $this->email));
if (!empty($a)) {
d('found user id by email address. uid: ' . $a['_id']);
$User = User::userFactory($this->Registry, $a);
$this->updateUser($User);
}
}
if (null === $User) {
$User = $this->createUser();
}
try {
$this->processLogin($User);
Cookie::sendLoginCookie($User->getUid(), $User->rs);
$this->Registry->Dispatcher->post($this, 'onGoogleLogin');
$this->closeWindow();
} catch (\Lampcms\LoginException $e) {
/**
* re-throw as regular exception
* so that it can be caught and shown in popup window
*/
e('Unable to process login: ' . $e->getMessage());
exit(\Lampcms\Responder::makeErrorPage($e->getMessage()));
}
}
/**
* Step 2 in oAuth process
* this is when linkedin redirected the user back
* to our callback url, which calls this controller
*
* @throws \Exception in case something goes wrong with oAuth class
* @return object $this
*/
protected function step2()
{
try {
/**
* This is a callback (redirected back from linkedin page
* after user authorized us)
* In this case we must: create account or update account
* in USER table
* Re-create oViewer object
* send cookie to remember user
* and then send out HTML with js instruction to close the popup window
*/
d('We are at step 2 of authentication. $_REQUEST: ' . print_r($_REQUEST, 1));
$token = $this->Request['oauth_token'];
d('$token: ' . $token);
/**
* @todo check first to make sure we do have oauth_token
* on REQUEST, else close the window
*/
$this->oAuth->setToken($token, $_SESSION['linkedin_oauth']['oauth_token_secret']);
/**
* Get 'oauth_verifier' request param which was sent from LinkedIn
*/
$ver = $this->Registry->Request->get('oauth_verifier', 's', '');
d('$ver: ' . $ver);
if (empty($ver)) {
$ver = null;
}
$url = self::ACCESS_TOKEN_URL;
d('url: ' . $url);
$this->aAccessToken = $this->oAuth->getAccessToken($url, null, $ver);
d('$this->aAccessToken: ' . \print_r($this->aAccessToken, 1));
$this->setTokenExpirationTime();
unset($_SESSION['linkedin_oauth']);
$this->oAuth->setToken($this->aAccessToken['oauth_token'], $this->aAccessToken['oauth_token_secret']);
d('getting profile from PROFILE_URL');
$this->oAuth->fetch(self::PROFILE_URL, null, OAUTH_HTTP_METHOD_GET, array('Connection' => 'close'));
$aDebug = $this->oAuth->getLastResponseInfo();
d('debug: ' . \print_r($aDebug, 1));
$resp = $this->oAuth->getLastResponse();
$this->parseXML($resp);
$this->getEmailAddress();
$this->createOrUpdate();
if (!$this->bConnect) {
\Lampcms\Cookie::sendLoginCookie($this->Registry->Viewer->getUid(), $this->User->rs);
} else {
/**
* The b_li flag in Viewer is necessary
* for the social checkboxes to set
* the checkbox to 'checked' state
*
*/
$this->Registry->Viewer['b_li'] = true;
}
$this->closeWindow();
} catch (\OAuthException $e) {
e('OAuthException: ' . $e->getMessage());
$aDebug = $this->oAuth->getLastResponseInfo();
d('debug: ' . print_r($aDebug, 1));
$err = '@@Something went wrong during authorization. Please try again later@@ ' . $e->getMessage();
throw new \Exception($err);
}
return $this;
}
