/**
* auth service callback
* @param Base $f3
* @param $params
*/
function callback(\Base $f3, $params)
{
$Opauth = new \Opauth($this->config, false);
switch ($Opauth->env['callback_transport']) {
case 'session':
$response = $f3->get('SESSION.opauth');
$f3->clear('SESSION.opauth');
break;
case 'post':
$response = unserialize(base64_decode($f3->get('POST.opauth')));
break;
case 'get':
$response = unserialize(base64_decode($f3->get('GET.opauth')));
break;
default:
$f3->error(400, 'Unsupported callback_transport');
break;
}
if (isset($response['error'])) {
$f3->call($this->abortFunc, array($response));
return;
}
$data = $response['auth'];
// validate
if (empty($data) || empty($response['timestamp']) || empty($response['signature']) || empty($data['provider']) || empty($data['uid'])) {
$f3->error(400, 'Invalid auth response: Missing key auth response components');
} elseif (!$Opauth->validate(sha1(print_r($data, true)), $response['timestamp'], $response['signature'], $reason)) {
$f3->error(400, 'Invalid auth response: ' . $reason);
} else {
// It's all good
$f3->call($this->successFunc, array($data));
}
}
public function database(\Base $f3)
{
$this->response->data['SUBPART'] = 'settings_database.html';
$cfg = \Config::instance();
if ($f3->get('VERB') == 'POST' && $f3->exists('POST.active_db')) {
$type = $f3->get('POST.active_db');
$cfg->{'DB_' . $type} = $f3->get('POST.DB_' . $type);
$cfg->ACTIVE_DB = $type;
$cfg->save();
\Flash::instance()->addMessage('Config saved', 'success');
$setup = new \Setup();
$setup->install($type);
// logout
$f3->clear('SESSION.user_id');
}
$cfg->copyto('POST');
$f3->set('JIG_format', array('JSON', 'Serialized'));
}
/**
* Get all required static config data for program initialization
* @param \Base $f3
*/
public function init(\Base $f3)
{
// expire time in seconds
$expireTimeHead = 60 * 60 * 12;
$expireTimeSQL = 60 * 60 * 12;
$f3->expire($expireTimeHead);
$return = (object) [];
$return->error = [];
// static program data ----------------------------------------------------------------------------------------
$return->timer = $f3->get('PATHFINDER.TIMER');
// get all available map types --------------------------------------------------------------------------------
$mapType = Model\BasicModel::getNew('MapTypeModel');
$rows = $mapType->find('active = 1', null, $expireTimeSQL);
$mapTypeData = [];
foreach ((array) $rows as $rowData) {
$data = ['id' => $rowData->id, 'label' => $rowData->label, 'class' => $rowData->class, 'classTab' => $rowData->classTab];
$mapTypeData[$rowData->name] = $data;
}
$return->mapTypes = $mapTypeData;
// get all available map scopes -------------------------------------------------------------------------------
$mapScope = Model\BasicModel::getNew('MapScopeModel');
$rows = $mapScope->find('active = 1', null, $expireTimeSQL);
$mapScopeData = [];
foreach ((array) $rows as $rowData) {
$data = ['id' => $rowData->id, 'label' => $rowData->label];
$mapScopeData[$rowData->name] = $data;
}
$return->mapScopes = $mapScopeData;
// get all available system status ----------------------------------------------------------------------------
$systemStatus = Model\BasicModel::getNew('SystemStatusModel');
$rows = $systemStatus->find('active = 1', null, $expireTimeSQL);
$systemScopeData = [];
foreach ((array) $rows as $rowData) {
$data = ['id' => $rowData->id, 'label' => $rowData->label, 'class' => $rowData->class];
$systemScopeData[$rowData->name] = $data;
}
$return->systemStatus = $systemScopeData;
// get all available system types -----------------------------------------------------------------------------
$systemType = Model\BasicModel::getNew('SystemTypeModel');
$rows = $systemType->find('active = 1', null, $expireTimeSQL);
$systemTypeData = [];
foreach ((array) $rows as $rowData) {
$data = ['id' => $rowData->id, 'name' => $rowData->name];
$systemTypeData[$rowData->name] = $data;
}
$return->systemType = $systemTypeData;
// get available connection scopes ----------------------------------------------------------------------------
$connectionScope = Model\BasicModel::getNew('ConnectionScopeModel');
$rows = $connectionScope->find('active = 1', null, $expireTimeSQL);
$connectionScopeData = [];
foreach ((array) $rows as $rowData) {
$data = ['id' => $rowData->id, 'label' => $rowData->label, 'connectorDefinition' => $rowData->connectorDefinition];
$connectionScopeData[$rowData->name] = $data;
}
$return->connectionScopes = $connectionScopeData;
// get available character status -----------------------------------------------------------------------------
$characterStatus = Model\BasicModel::getNew('CharacterStatusModel');
$rows = $characterStatus->find('active = 1', null, $expireTimeSQL);
$characterStatusData = [];
foreach ((array) $rows as $rowData) {
$data = ['id' => $rowData->id, 'name' => $rowData->name, 'class' => $rowData->class];
$characterStatusData[$rowData->name] = $data;
}
$return->characterStatus = $characterStatusData;
// get max number of shared entities per map ------------------------------------------------------------------
$maxSharedCount = ['character' => $f3->get('PATHFINDER.MAP.PRIVATE.MAX_SHARED'), 'corporation' => $f3->get('PATHFINDER.MAP.CORPORATION.MAX_SHARED'), 'alliance' => $f3->get('PATHFINDER.MAP.ALLIANCE.MAX_SHARED')];
$return->maxSharedCount = $maxSharedCount;
// get program routes -----------------------------------------------------------------------------------------
$return->routes = ['ssoLogin' => $this->getF3()->alias('sso', ['action' => 'requestAuthorization'])];
// get notification status ------------------------------------------------------------------------------------
$return->notificationStatus = ['rallySet' => (bool) Config::getNotificationMail('RALLY_SET')];
// get SSO error messages that should be shown immediately ----------------------------------------------------
// -> e.g. errors while character switch from previous HTTP requests
if ($f3->exists(Controller\Ccp\Sso::SESSION_KEY_SSO_ERROR)) {
$ssoError = (object) [];
$ssoError->type = 'error';
$ssoError->title = 'Login failed';
$ssoError->message = $f3->get(Controller\Ccp\Sso::SESSION_KEY_SSO_ERROR);
$return->error[] = $ssoError;
$f3->clear(Controller\Ccp\Sso::SESSION_KEY_SSO_ERROR);
}
echo json_encode($return);
}
/**
* delete current user account from DB
* @param \Base $f3
*/
public function deleteAccount(\Base $f3)
{
$data = $f3->get('POST.formData');
$return = (object) [];
$captcha = $f3->get(self::SESSION_CAPTCHA_ACCOUNT_DELETE);
// reset captcha -> forces user to enter new one
$f3->clear(self::SESSION_CAPTCHA_ACCOUNT_DELETE);
if (isset($data['captcha']) && !empty($data['captcha']) && $data['captcha'] === $captcha) {
$activeCharacter = $this->getCharacter(0);
$user = $activeCharacter->getUser();
if ($user) {
// send delete account mail
$msg = 'Hello ' . $user->name . ',<br><br>';
$msg .= 'your account data has been successfully deleted.';
$mailController = new MailController();
$status = $mailController->sendDeleteAccount($user->email, $msg);
if ($status) {
// save log
self::getLogger('DELETE_ACCOUNT')->write(sprintf(self::LOG_DELETE_ACCOUNT, $user->id, $user->name, $f3->get('IP')));
// remove user
$user->erase();
$this->logout($f3);
die;
}
}
} else {
// captcha not valid -> return error
$captchaError = (object) [];
$captchaError->type = 'error';
$captchaError->message = 'Captcha does not match';
$return->error[] = $captchaError;
}
echo json_encode($return);
}
/**
* callback handler for CCP SSO user Auth
* -> see requestAuthorization()
* @param \Base $f3
*/
public function callbackAuthorization($f3)
{
$getParams = (array) $f3->get('GET');
// users can log in either from @login (new user) or @map (existing user) root alias
// -> in case login fails, users should be redirected differently
$authFromMapAlias = false;
if ($f3->exists(self::SESSION_KEY_SSO_STATE)) {
// check response and validate 'state'
if (isset($getParams['code']) && isset($getParams['state']) && !empty($getParams['code']) && !empty($getParams['state']) && $f3->get(self::SESSION_KEY_SSO_STATE) === $getParams['state']) {
// check if user came from map (for redirect)
if ($f3->get(self::SESSION_KEY_SSO_FROM_MAP)) {
$authFromMapAlias = true;
}
// clear 'state' for new next login request
$f3->clear(self::SESSION_KEY_SSO_STATE);
$f3->clear(self::SESSION_KEY_SSO_FROM_MAP);
$accessData = $this->getCrestAccessData($getParams['code']);
if (isset($accessData->accessToken) && isset($accessData->refreshToken)) {
// login succeeded -> get basic character data for current login
$verificationCharacterData = $this->verifyCharacterData($accessData->accessToken);
if (!is_null($verificationCharacterData)) {
// check if login is restricted to a characterID
// verification available data. Data is needed for "ownerHash" check
// get character data from CREST
$characterData = $this->getCharacterData($accessData->accessToken);
if (isset($characterData->character)) {
// add "ownerHash" and CREST tokens
$characterData->character['ownerHash'] = $verificationCharacterData->CharacterOwnerHash;
$characterData->character['crestAccessToken'] = $accessData->accessToken;
$characterData->character['crestRefreshToken'] = $accessData->refreshToken;
// add/update static character data
$characterModel = $this->updateCharacter($characterData);
if (!is_null($characterModel)) {
// check if character is authorized to log in
if ($characterModel->isAuthorized()) {
// character is authorized to log in
// -> update character log (current location,...)
$characterModel = $characterModel->updateLog();
// check if there is already an active user logged in
if ($activeCharacter = $this->getCharacter()) {
// connect character with current user
$user = $activeCharacter->getUser();
} elseif (is_null($user = $characterModel->getUser())) {
// no user found (new character) -> create new user and connect to character
$user = Model\BasicModel::getNew('UserModel');
$user->name = $characterModel->name;
$user->save();
}
/**
* @var $userCharactersModel Model\UserCharacterModel
*/
if (is_null($userCharactersModel = $characterModel->userCharacter)) {
$userCharactersModel = Model\BasicModel::getNew('UserCharacterModel');
$userCharactersModel->characterId = $characterModel;
}
// user might have changed
$userCharactersModel->userId = $user;
$userCharactersModel->save();
// get updated character model
$characterModel = $userCharactersModel->getCharacter();
// login by character
$loginCheck = $this->loginByCharacter($characterModel);
if ($loginCheck) {
// set "login" cookie
$this->setLoginCookie($characterModel);
// route to "map"
$f3->reroute('@map');
} else {
$f3->set(self::SESSION_KEY_SSO_ERROR, sprintf(self::ERROR_LOGIN_FAILED, $characterModel->name));
}
} else {
// character is not authorized to log in
$f3->set(self::SESSION_KEY_SSO_ERROR, sprintf(self::ERROR_CHARACTER_FORBIDDEN, $characterModel->name));
}
}
}
} else {
// failed to verify character by CREST
$f3->set(self::SESSION_KEY_SSO_ERROR, self::ERROR_CHARACTER_VERIFICATION);
}
} else {
// CREST "accessData" missing (e.g. timeout)
$f3->set(self::SESSION_KEY_SSO_ERROR, sprintf(self::ERROR_SERVICE_TIMEOUT, self::CREST_TIMEOUT));
}
} else {
// invalid CREST response
$f3->set(self::SESSION_KEY_SSO_ERROR, sprintf(self::ERROR_LOGIN_FAILED, 'Invalid response'));
}
}
if ($authFromMapAlias) {
// on error -> route back to map
$f3->reroute('@map');
} else {
// on error -> route back to login form
$f3->reroute('@login');
}
}
