/**
* This method is used to process the second part of authentication workflow, after redirect
*
* @return array Array with status and user details
*/
public function processAuth()
{
$ngConnectINI = eZINI::instance('ngconnect.ini');
$http = eZHTTPTool::instance();
$appID = trim($ngConnectINI->variable('LoginMethod_facebook', 'FacebookAppID'));
$appSecret = trim($ngConnectINI->variable('LoginMethod_facebook', 'FacebookAppSecret'));
if (empty($appID) || empty($appSecret)) {
return array('status' => 'error', 'message' => 'Facebook app ID or Facebook app secret undefined.');
}
$code = trim($http->getVariable('code', ''));
$state = trim($http->getVariable('state', ''));
if (empty($code) || empty($state)) {
return array('status' => 'error', 'message' => 'code or state GET parameters undefined.');
}
if (!$http->hasSessionVariable('NGConnectOAuthState') || $state != $http->sessionVariable('NGConnectOAuthState')) {
$http->removeSessionVariable('NGConnectOAuthState');
return array('status' => 'error', 'message' => 'State parameter does not match stored value.');
} else {
$http->removeSessionVariable('NGConnectOAuthState');
}
$callbackUri = self::CALLBACK_URI_PART;
$loginWindowType = trim($ngConnectINI->variable('ngconnect', 'LoginWindowType'));
if ($loginWindowType == 'popup') {
$callbackUri = '/layout/set/ngconnect' . self::CALLBACK_URI_PART;
}
eZURI::transformURI($callbackUri, false, 'full');
$tokenUri = str_replace(array('%app_id%', '%site_url%', '%app_secret%', '%code%'), array(urlencode($appID), urlencode($callbackUri), urlencode($appSecret), urlencode($code)), self::TOKEN_URI);
$accessToken = ngConnectFunctions::fetchDataFromUrl($tokenUri);
if (!$accessToken) {
return array('status' => 'error', 'message' => 'Error while retrieving access token.');
}
$accessTokenJson = json_decode($accessToken, true);
if ($accessTokenJson !== null) {
return array('status' => 'error', 'message' => $accessTokenJson['error']['message']);
}
$graphUri = str_replace(array('%access_token%'), array(trim($accessToken)), self::GRAPH_URI);
$graphResponse = ngConnectFunctions::fetchDataFromUrl($graphUri);
if (!$graphResponse) {
return array('status' => 'error', 'message' => 'Error while retrieving graph response.');
}
$user = json_decode($graphResponse, true);
if ($user === null) {
return array('status' => 'error', 'message' => 'Invalid JSON data returned.');
}
if (!isset($user['id'])) {
return array('status' => 'error', 'message' => 'Invalid Facebook user.');
}
$pictureUri = self::PICTURE_URI;
$imageSize = trim($ngConnectINI->variable('LoginMethod_facebook', 'ImageSize'));
if ($imageSize == 'original') {
$pictureUri = $pictureUri . '?type=large';
}
$result = array('status' => 'success', 'login_method' => 'facebook', 'id' => $user['id'], 'first_name' => isset($user['first_name']) ? $user['first_name'] : '', 'last_name' => isset($user['last_name']) ? $user['last_name'] : '', 'email' => isset($user['email']) ? $user['email'] : '', 'picture' => str_replace('%user_id%', $user['id'], $pictureUri));
return $result;
}
$forceRedirect = false;
if (eZUser::requireUniqueEmail() && eZUser::fetchByEmail($result['email']) instanceof eZUser && trim($ngConnectINI->variable('ngconnect', 'DuplicateEmailForceRedirect')) == 'enabled') {
$forceRedirect = true;
}
if ($regularRegistration || $forceRedirect) {
if (!$regularRegistration && $forceRedirect) {
$http->setSessionVariable('NGConnectForceRedirect', 'true');
}
$http->setSessionVariable('NGConnectAuthResult', $result);
if ($loginWindowType == 'page') {
return $module->redirectToView('profile');
} else {
$http->setSessionVariable('NGConnectRedirectToProfile', 'true');
}
} else {
$user = ngConnectFunctions::createUser($result);
if ($user instanceof eZUser && $user->canLoginToSiteAccess($GLOBALS['eZCurrentAccess'])) {
$user->loginCurrent();
} else {
eZUser::logoutCurrent();
}
}
}
}
}
} else {
if ($debugEnabled && isset($result['message'])) {
eZDebug::writeError($result['message'], 'ngconnect/callback');
} else {
if ($debugEnabled) {
eZDebug::writeError('Unknown error', 'ngconnect/callback');
if ($user instanceof eZUser) {
$login = trim($http->postVariable('data_user_login'));
$email = trim($http->postVariable('data_user_email'));
$password = trim($http->postVariable('data_user_password'));
if (empty($password) && $siteINI->variable('UserSettings', 'GeneratePasswordIfEmpty') == 'true') {
$password = $user->createPassword($siteINI->variable('UserSettings', 'GeneratePasswordLength'));
}
// we created the new account, but still need to set things up so users can login using a regular login form
$db = eZDB::instance();
$db->begin();
$user->setAttribute('login', $login);
$user->setAttribute('email', $email);
$user->setAttribute('password_hash', eZUser::createHash($login, $password, eZUser::site(), eZUser::hashType()));
$user->setAttribute('password_hash_type', eZUser::hashType());
$user->store();
ngConnectFunctions::connectUser($user->ContentObjectID, $authResult['login_method'], $authResult['id']);
$db->commit();
$http->removeSessionVariable('NGConnectStartedRegistration');
$http->removeSessionVariable('NGConnectAuthResult');
$http->removeSessionVariable('NGConnectForceRedirect');
$verifyUserType = $siteINI->variable('UserSettings', 'VerifyUserType');
if ($verifyUserType === 'email' && $siteINI->hasVariable('UserSettings', 'VerifyUserEmail') && $siteINI->variable('UserSettings', 'VerifyUserEmail') !== 'enabled') {
$verifyUserType = false;
}
if ($authResult['email'] == '' || $email != $authResult['email'] && $verifyUserType) {
// we only validate the account if no email was provided by social network or entered email is not the same
// as the one from social network and if email verification is active of course
ngConnectUserActivation::processUserActivation($user, $siteINI->variable('UserSettings', 'GeneratePasswordIfEmpty') == 'true' ? $password : false);
return $module->redirectToView('success');
} else {
if ($user->canLoginToSiteAccess($GLOBALS['eZCurrentAccess'])) {
/**
* Fills the user object data map with auth data
*
* @param array $dataMap
* @param array $authResult
*/
private static function fillUserObject($dataMap, $authResult)
{
if (isset($dataMap['first_name'])) {
$dataMap['first_name']->fromString($authResult['first_name']);
$dataMap['first_name']->store();
}
if (isset($dataMap['last_name'])) {
$dataMap['last_name']->fromString($authResult['last_name']);
$dataMap['last_name']->store();
}
if (isset($dataMap['image']) && !empty($authResult['picture'])) {
$storageDir = eZSys::storageDirectory() . '/ngconnect';
if (!file_exists($storageDir)) {
mkdir($storageDir);
}
$fileName = $storageDir . '/' . $authResult['login_method'] . '_' . $authResult['id'];
$image = ngConnectFunctions::fetchDataFromUrl($authResult['picture'], true, $fileName);
if ($image) {
$dataMap['image']->fromString($fileName);
$dataMap['image']->store();
unlink($fileName);
}
}
}
