public function execute($api_key, $callback_url, $params) { $admin_client = RingsideSocialUtils::getAdminClient(); // TODO: SECURITY: Possibly security hole. We're signing and giving the signed payload to any URL, just by using the API key, which is public. A 3rd-party could hijack the signed payload and implement an offline brute force attack on the secret key $app_props = $admin_client->admin_getAppProperties("application_id,application_name,api_key,secret_key,callback_url", null, null, $api_key); // From RingsideSocialServerRender: // Recreate Session if we have it if (array_key_exists('social_session_key', $params)) { $session_key = $params['social_session_key']; $network_session = new RingsideSocialSession($session_key); $uid = $network_session->getUserId(); if (null == $uid || strlen($uid) == 0) { setcookie('social_session_key', $network_session->getSessionKey()); $uid = $_REQUEST['uid']; $network_session->setUserId($uid); $network_session->setLoggedIn(true); } } else { if (isset($_COOKIE['PHPSESSID'])) { // Optimization if user is already logged into web front-end $network_session = new RingsideSocialSession($_COOKIE['PHPSESSID']); $uid = $network_session->getUserId(); } else { // Not logged in, so login via annonymous user $trust = new RingsideSocialApiTrust($request); $network_session = $trust->getAnonymousSession(); } } $ctx = self::buildCallContext($api_key, $network_session); $sig_params = $ctx->getParameters($app_props['secret_key']); $req_params = array_merge($params, $sig_params); // error_log("Ajax Proxy to $callback_url with params:".var_export($req_params, true)); $result = RingsideSocialUtils::get_request($callback_url, $req_params, $headers); echo str_replace('+', '+', $result); }
public function execute() { // TODO: This ONLY will work if API and Social tiers are co-located! $response = array(); // Finish the API session, because we need to start a social session session_regenerate_id(true); $_SESSION = array(); $network_session = new RingsideSocialSession(); $rest = RingsideSocialUtils::getAdminClient(); $session_key = $rest->auth_createAppSession($this->uid, RingsideSocialConfig::$apiKey, false); $network_session->addApiSessionKey(RingsideSocialConfig::$apiKey, $session_key); $network_session->setNetwork($this->user_network_key); //$network_session->addApiSessionKey($apiKey, $session_key); $network_session->setUserId($this->uid); // TODO: Do user identity mapping right now //$network_session->setPrincipalId($pid); //$network_session->setTrust($trust_key); //$network_session->setCallbackUrl($social_callback); $network_session->setLoggedIn(true); $response[self::RESPONSE_SOCIAL_SESSION]['session_id'] = $network_session->getSessionKey(); $response[self::RESPONSE_SOCIAL_SESSION]['initial_expiry'] = $network_session->getExpiry(); session_write_close(); return $response; }
/** * Returns an array of all app fbml blocks * formatted for display. * $location enum(narrow|wide) indicates the style to be used when fbml is returned * $arryExcludeAppNames is an array of app names which should not appear in the list * */ function getAllFormattedHtmlForUserOpenSocialApps($location = "narrow", $arryExcludeAppNames = null) { $userAppList = Api_Bo_App::getApplicationListByUserId($this->uid); $this->debug("******************** DUMPING OS userAppList for {$this->uid}" . " which is " . count($userAppList) . " apps"); $aggregateFbml = ""; $fbmlArry = array(); if (!empty($userAppList)) { foreach ($userAppList as $index => $appInfo1) { $appInfo = $appInfo1['RingsideApp']; $this->debug("Processing " . $appInfo['name'] . " " . $appInfo['app_id']); $this->debug("{$appInfo1}=" . var_export($appInfo1, true)); //$returnedFbml=$this->getFbmlForApp($appInfo1['app_id'],$this->uid); $app_id = $appInfo1['app_id']; $app_name = $appInfo['name']; $enabled = true; // Don't show this app if it is not open social if ($appInfo['canvas_type'] != 2) { $enabled = false; $this->debug("{$app_name} rejected as not open social."); } if ($enabled) { //$app_appBlock=$this->getFormatedFbmlFromAppName($app_name,$location,true,$returnedFbml); //$fbmlArry=array_merge($fbmlArry,$app_appBlock); $block = array("<div id='app-{$app_name}-header' class='wide_app_header'> "); $block[] = $app_name; //$block[]="<div style='float: right;' ><form id='formmove' name='formmove' method='post' ><input name='action' type='hidden' value='saveColChange'/><input name='appname' type='hidden' value='$app_name'/><a onClick='form.submit();' href=''> [move] </a></form></div>"; $block[] = "</div>"; $frameParams = $_REQUEST; $callbackQuery = http_build_query($frameParams); $owner_id = $_REQUEST['id']; if ($owner_id == '') { $owner_id = $this->uid; } // Get api_key $keyService = Api_ServiceFactory::create('KeyService'); $domainService = Api_ServiceFactory::create('DomainService'); $domainId = $domainService->getNativeIdByName('Ringside'); $app_keysArray = $keyService->getKeyset($app_id, $domainId); $app_keys = $app_keysArray; /* $app_keysArray=Api_Bo_App::getUsersAppKeys($this->uid,$app_id); $app_keys=$app_keysArray[0]; $this->debug(var_export($app_keysArray,true)); foreach($app_keysArray as $testApp_keys){ if($testApp_keys['network_id']==$socialApiKey){ $app_keys=$testApp_keys; } } $app_keys=$app_keysArray[0]; */ $this->debug("{$app_keys}=" . var_export($app_keys, true)); $social_session = new RingsideSocialSession(); $social_session->addApiSessionKey($app_keys['api_key'], $app_keys['secret']); $this->debug("Building Social Session with " . $app_keys['api_key'] . " and " . $app_keys['secret']); $osGadgetUrl = RingsideSocialConfig::$socialRoot . '/gadgets/ifr?view=profile&synd=ringside&fb_sig_api_key=' . $app_keys['api_key'] . '&fb_sig_owner_id=' . $owner_id . '&url=' . urlencode($appInfo['callback_url']) . '&social_session_key=' . $social_session->getSessionKey(); $this->debug("osGadgetUrl= {$osGadgetUrl}"); $block[] = '<iframe src="' . $osGadgetUrl . '" height="400" width="450"></iframe>'; $fbmlArry = array_merge($fbmlArry, $block); } } } return $fbmlArry; }
public function execute($params) { $this->debug('Entering'); $this->debugVar($params); $network_session = null; /* foreach($params as $k => $v) { error_log("RingsideSocialServerRender: $k=$v"); } */ // Recreate Session if we have it error_log("Parameters for widget render are: " . var_export($params, true)); error_log("PHPSESSID=" . (isset($_COOKIE['PHPSESSID']) ? $_COOKIE['PHPSESSID'] : '<empty>')); if (array_key_exists('social_session_key', $params)) { $session_key = $params['social_session_key']; $network_session = new RingsideSocialSession($session_key); $uid = $network_session->getUserId(); if (null == $uid || strlen($uid) == 0) { setcookie('social_session_key', $network_session->getSessionKey()); $uid = $network_session->getUserId(); if (isset($_REQUEST['uid'])) { // TODO: SECURITY: I don't think we should just be able to override the uid. $uid = $_REQUEST['uid']; // TODO: SECURITY: This shouldn't be a valid way to log in. $network_session->setUserId($uid); $network_session->setLoggedIn(true); } } } else { if (isset($_COOKIE['PHPSESSID'])) { // Optimization if user is already logged into web front-end $network_session = new RingsideSocialSession($_COOKIE['PHPSESSID']); error_log("PHPSESSID says session is as follows: " . var_export($network_session, true)); $uid = $network_session->getUserId(); if (!isset($uid)) { // The user has a network session but is not logged in // Run as an anonymous user $trust = new RingsideSocialApiTrust($_REQUEST); $network_session = $trust->getAnonymousSession(); } } else { // Not logged in, so login via annonymous user $trust = new RingsideSocialApiTrust($_REQUEST); $network_session = $trust->getAnonymousSession(); } } $api_session_key = $network_session->getApiSessionKey($params['api_key']); if (null == $api_session_key) { $rest = RingsideSocialUtils::getAdminClient(); $app_props = $rest->admin_getAppProperties(array('secret_key'), null, null, $params['api_key'], $network_session->getNetwork()); error_log("Adding API key for " . $params['api_key'] . " to social session for user " . $network_session->getUserID()); RingsideSocialUtils::getApiSessionKey($params['api_key'], $app_props['secret_key'], $network_session); } else { error_log("Using API session key {$api_session_key} for user " . $network_session->getUserID()); } if (array_key_exists('method', $params)) { $method = $params['method']; if (strcasecmp($method, 'fbml') == 0 && array_key_exists('fbml', $params)) { $fbml = $params['fbml']; //error_log("fbml: $fbml"); $render = new RingsideSocialApiRenderFBML($params); $result = $render->render($network_session, $fbml); //error_log("content: ".$result['content']); return isset($result['content']) ? $result['content'] : $result['error']; } else { if (strcasecmp($method, 'app') == 0) { $social = new RingsideSocialClientLocal(RingsideWebConfig::$networkKey, null, $network_session->getSessionKey()); $inSession = $social->inSession(); error_log("User " . ($inSession ? 'is' : 'is not') . " in session"); if ($inSession) { $path = ''; if (array_key_exists('path', $params)) { $path = $params['path']; } $view = 'canvas'; if (array_key_exists('view', $params)) { $view = $params['view']; } //error_log("About to render: ".$params['app']." view: $view, path: $path"); $rest = RingsideSocialUtils::getAdminClient(); $app_props = $rest->admin_getAppProperties(array('application_id', 'canvas_url'), null, null, $params['api_key'], null, $network_session->getNetwork()); $domain_props = $rest->admin_getDomainProperties(array('resize_url'), null, $network_session->getNetwork()); $content = $social->render($view, $app_props['application_id'], $app_props['canvas_url'], $path); // TODO: Is this where error reporting should happen? //error_log("content: $content"); if (isset($domain_props['resize_url'])) { $content = "<html><head><script type=\"text/javascript\">\n function resizeIframe(id) {\n var iframe = document.getElementById( 'xdiframe' );\n var wrapper = document.getElementById( 'wrapper' );\n var height = Math.max( document.body.offsetHeight, document.body.scrollHeight );\n var width = Math.max( document.body.offsetWidth, document.body.scrollWidth );\n iframe.src = '{$domain_props['resize_url']}?height='+height+'&width='+width+'&id='+id;\n }\n</script></head><body onload=\"resizeIframe('if_" . $params['api_key'] . "');\">" . $content . "<iframe id='xdiframe' width='1' height='1' frameborder='0'/></body></html>"; } return $content; } else { echo "<error>User not Logged in!</error>"; } } } } else { error_log("No method specified for render request"); } }
/** * Re-routes an api request to another network. If trust.php is used as a rest server URL * and a path info is provided such that the request looks like the one below: * * http://localhost/trust.php/facebook/footprints/restserver.php * or * http://localhost/trust.php/{network}/{canvas url}/{restserver path} * * Attempts to remap and resign the api call using the app's secret on the new network * and then to change the uid to the equivelent uid on the forgin network. * * The api call is then re-signed and issued and the response is returned. * * @param unknown_type $params */ private static function proxy_app_request(&$params) { $matches = array(); // All these special cases are to ensure we aren't adding an additional "/" character to the URL. preg_match(',^/([^/]*)/([^/]*)(/?.*)$,', $_SERVER['PATH_INFO'], $matches); $network_key = $matches[1]; $canvas_url = $matches[2]; $rest = $matches[3]; if ($rest == '') { $rest = '/'; } if ($network_key != RingsideSocialConfig::$apiKey) { $skey = isset($_REQUEST['fb_sig_session_key']) ? $_REQUEST['fb_sig_session_key'] : ''; $apiKey = isset($_REQUEST['fb_sig_api_key']) ? $_REQUEST['fb_sig_api_key'] : ''; $ringside_rest = self::createRestClient($params['fb_sig_session_key']); $admin_rest = RingsideSocialUtils::getAdminClient(); $props = $admin_rest->admin_getAppProperties("application_id,application_name,api_key,secret_key,callback_url", null, $canvas_url, NULL); $network_app_props = $admin_rest->admin_getAppKeys(null, null, $props['api_key']); $network_api_key = $props['api_key']; $network_secret = $props['secret_key']; self::getApiKeyAndSecretForNetwork($network_key, $network_app_props, $network_api_key, $network_secret); $network_session = new RingsideSocialSession($params['fb_sig_session_key']); $idmaps = $ringside_rest->users_mapToPrincipal(array($params['fb_sig_user']), $network_key, $props['application_id']); // Create openFB request. These are just overrides for the original request. $has_fb_sig = isset($params['fb_sig']); $cbReq = array(); // We can't append fb_sig unless Facebook has already passed fb_sig; this would prevent the app's client from creating a session during login if ($has_fb_sig) { if (isset($params['fb_sig_nuser'])) { // Since we're proxying a request, do NOT forward the user mapping! unset($params['fb_sig_nuser']); } $cbReq['fb_sig_flavor'] = 'canvas'; // $cbReq['fb_sig_in_iframe'] = 0; $cbReq['fb_sig_nid'] = $network_key; // The social session key needs to be for _this_ social session! $cbReq['fb_sig_soc_session_key'] = $network_session->getSessionKey(); if (!empty($idmaps) && isset($idmaps[0]) && $idmaps[0] !== null) { $cbReq['fb_sig_nuser'] = $idmaps[0]['pid']; } } // error_log("cbReq social session key is {$cbReq['fb_sig_soc_session_key']}; params is $fb_sig_soc_session_key"); // TODO: Set up social session key for trust-based proxy // $cbReq['fb_sig_soc_session_key'] = ; $req_params = array_merge($params, $cbReq); error_log("Invoking {$canvas_url} with params: " . var_export($req_params, true)); // Now, we need to re-sign the parameters, since we've added the "nid" and "nuser" fb_sig params if ($has_fb_sig) { unset($req_params['fb_sig']); $sig = RingsideSocialUtils::makeSig($req_params, $network_secret, 'fb_sig'); $req_params['fb_sig'] = $sig; } // error_log("Logged in user is principal ".$pids[0]); // error_log("Proxying to app callback URL ".$props['callback_url']); $headers = array(); $callback_url = self::safe_append_url($props['callback_url'], $rest); $result = RingsideSocialUtils::get_request($callback_url, $req_params, $headers); // error_log("Result: $result"); if (isset($headers['location'])) { $proxy_redir_url = self::buildProxyUrl($props['callback_url'], $headers['location']); error_log("Proxying for redirect to {$proxy_redir_url}"); // Build the remote network's callback_url // We'll redirect _within_ the frame (the commented-out script will redirect the _top_ of the frame if (isset($params['fb_sig_in_iframe']) && 0 != $params['fb_sig_in_iframe']) { // RingsideWebUtils::redirect($headers['location']); $apps_url = RingsideApiClientsConfig::$webUrl . '/canvas.php'; if ($nid == 'facebook') { $apps_url = 'http://apps.facebook.com/'; } // $real_location = self::buildProxyUrl($props['callback_url'], $headers['location']); // echo "<script>top.location.href='".$real_location."';</script>"; RingsideWebUtils::redirect($proxy_redir_url); } else { // $real_location = self::buildProxyUrl($props['callback_url'], $headers['location']); if (isset($params['fb_sig_in_canvas']) && 0 != $params['fb_sig_in_canvas']) { echo "<fb:redirect url='{$proxy_redir_url}'/>"; } else { RingsideWebUtils::redirect($proxy_redir_url); } } return; } echo $result; return; } // Map network user to principal // Rewrite fb_sig // Proxy to callback_url echo '<ERROR>Unknown Callback_Url!</ERROR>'; }
?> <br/> <label>Trust:</label><?php echo $network_session->getTrust(); ?> <br/> <label>Expiry:</label><?php echo $network_session->getExpiry(); ?> <br/> <label>Network:</label><?php echo $network_session->getNetwork(); ?> <br/> <label>Session Key:</label><?php echo $network_session->getSessionKey(); ?> <br/> <label>Callback:</label><?php echo $network_session->getCallbackUrl(); ?> <br/> <label>Logged In?:</label><?php echo $network_session->isLoggedIn(); ?> <br/> <label>Keys:</label><?php echo $network_session; ?> <br/>
/** * Authorize the user against the api_key, app_id, or canvas_url * * This produces a SocialSession Object. * * Possible Params: * network_key * trust_key * api_key * canvas_url * auth_token * social_callback */ public function authorize() { $network_session = null; $network_key = $this->getParam('network_key'); $auth_token = $this->getParam('auth_token'); $social_callback = $this->getParam('social_callback'); $api_key = $this->getParam('api_key'); $canvas_url = $this->getParam('canvas_url'); $user_name = $this->getParam('user_name'); $trust_key = $this->getParam('trust_key'); if (!isset($trust_key)) { $trust_key = $socialApiKey; } $result = $this->getAppProperties(); if ($result) { $callback = isset($result['callback_url']) ? $result['callback_url'] : ''; $apiKey = isset($result['api_key']) ? $result['api_key'] : ''; $apiSecret = isset($result['secret_key']) ? $result['secret_key'] : ''; if (!isset($social_callback)) { $social_callback = $callback; } try { if (isset($apiKey) && isset($apiSecret)) { $auth_url = $this->getAuthUrl($trust_key); $fb = new RingsideApiClients($apiKey, $apiSecret, null, $auth_url); //public function __construct($api_key, $secret, $session_key = null, $url = null) { $result = $fb->do_get_session($auth_token); $session_key = $fb->api_client->session_key; $uid = $fb->api_client->users_getLoggedInUser(); $pids = $fb->api_client->users_mapToSubject(array($uid), $network_key, $result['application_id']); // RingsideSocialDbPrincipal::getPrincipalForSubject($uid, $network_key, $user_name, $trust_key); //if ( isset($pids) ) { // getPrincipalForSubject accepts and returns multiple IDs $pid = 0; if (isset($pids)) { $pid = $pids[0]; } // bool setcookie ( string $name [, string $value [, int $expire [, string $path [, string $domain [, bool $secure [, bool $httponly ]]]]]] ) $network_session = new RingsideSocialSession(); $network_session->setNetwork($network_key); $network_session->addApiSessionKey($apiKey, $session_key); $network_session->setUserId($uid); $network_session->setPrincipalId($pid); $network_session->setTrust($trust_key); $network_session->setCallbackUrl($social_callback); $network_session->setLoggedIn(true); $context = $this->getContext($fb->api_client, $network_session); if (strrpos($social_callback, '?') == 0) { return $social_callback . '?' . $context; } else { return $social_callback . '&' . $context; } //} else { // $this->error = "Unable to set Principle!"; //} } } catch (Exception $exception) { error_log("Exception : " . $exception->getMessage() . "\n" . $exception->getTraceAsString()); $this->error = "Exception : " . $exception->getMessage() . "\n" . $exception->getTraceAsString(); } } if (!isset($network_session)) { error_log("Application with api_key: {$api_key} or canvas_url: {$canvas_url} not found! Creating session and redirecting to {$social_callback}!"); $network_session = new RingsideSocialSession(null); $network_session->setNetwork($network_key); $network_session->setTrust($trust_key); $network_session->setCallbackUrl($social_callback); if (strrpos($social_callback, '?') == 0) { return $social_callback . "?social_session_key=" . $network_session->getSessionKey(); } else { return $social_callback . "?social_session_key=" . $network_session->getSessionKey(); } } }