protected function _bdApiConsumer_tryExternalPasswordResetRequest(array $user) { if (!bdApiConsumer_Option::get('takeOver', 'login')) { return false; } $userModel = $this->getModelFromCache('XenForo_Model_User'); $authentication = $userModel->getUserAuthenticationObjectByUserId($user['user_id']); if ($authentication->hasPassword()) { return false; } $userExternalModel = $this->getModelFromCache('XenForo_Model_UserExternal'); $auths = $userExternalModel->bdApiConsumer_getExternalAuthAssociations($user['user_id']); if (empty($auths)) { return false; } foreach ($auths as $auth) { $provider = bdApiConsumer_Option::getProviderByCode($auth['provider']); if (empty($provider)) { continue; } $accessToken = $userExternalModel->bdApiConsumer_getAccessTokenFromAuth($provider, $auth); if (empty($accessToken)) { continue; } bdApiConsumer_Helper_Api::postPasswordResetRequest($provider, $accessToken); } return true; }
public function bdApiConsumer_getAccessTokenFromAuth(array $provider, array &$auth) { if (!is_array($auth['extra_data'])) { $auth['extra_data'] = @unserialize($auth['extra_data']); } if (empty($auth['extra_data']['token']['access_token'])) { // old version... return false; } if (empty($auth['extra_data']['token']['expire_date'])) { // old version... return false; } if ($auth['extra_data']['token']['expire_date'] < time()) { // expired // note: we are checking against time() here, not XenForo_Application::$time $externalToken = bdApiConsumer_Helper_Api::getAccessTokenFromRefreshToken($provider, $auth['extra_data']['token']['refresh_token']); if (empty($externalToken)) { $auth['extra_data']['token'] = false; } else { $auth['extra_data']['token'] = $externalToken; } $this->bdApiConsumer_updateExternalAuthAssociation($provider, $auth['provider_key'], $auth['user_id'], $auth['extra_data']); } return $auth['extra_data']['token']['access_token']; }
public function actionExternal() { $this->_assertPostOnly(); $providerCode = $this->_input->filterSingle('provider', XenForo_Input::STRING); $provider = bdApiConsumer_Option::getProviderByCode($providerCode); if (empty($provider)) { return $this->responseNoPermission(); } $externalUserId = $this->_input->filterSingle('external_user_id', XenForo_Input::UINT); if (empty($externalUserId)) { return $this->responseNoPermission(); } if (!bdApiConsumer_Helper_Api::verifyJsSdkSignature($provider, $_REQUEST)) { return $this->responseNoPermission(); } $userModel = $this->_getUserModel(); /** @var bdApiConsumer_XenForo_Model_UserExternal $userExternalModel */ $userExternalModel = $this->getModelFromCache('XenForo_Model_UserExternal'); $existingAssoc = $userExternalModel->getExternalAuthAssociation($userExternalModel->bdApiConsumer_getProviderCode($provider), $externalUserId); if (!empty($existingAssoc)) { $accessToken = $userExternalModel->bdApiConsumer_getAccessTokenFromAuth($provider, $existingAssoc); if (empty($accessToken)) { // no access token in the auth, consider no auth at all $existingAssoc = null; } } if (empty($existingAssoc)) { $autoRegister = bdApiConsumer_Option::get('autoRegister'); if ($autoRegister === 'on' or $autoRegister === 'id_sync') { // we have to do a refresh here return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, XenForo_Link::buildPublicLink('canonical:register/external', null, array('provider' => $providerCode, 'reg' => 1, 'redirect' => $this->getDynamicRedirect())), new XenForo_Phrase('bdapi_consumer_being_auto_login_auto_register_x', array('provider' => $provider['name']))); } } if (!$existingAssoc) { return $this->responseError(new XenForo_Phrase('bdapi_consumer_auto_login_with_x_failed', array('provider' => $provider['name']))); } $user = $userModel->getFullUserById($existingAssoc['user_id']); if (empty($user)) { return $this->responseError(new XenForo_Phrase('requested_user_not_found')); } if (XenForo_Application::$versionId > 1050000) { /** @var XenForo_ControllerHelper_Login $loginHelper */ $loginHelper = $this->getHelper('Login'); if ($loginHelper->userTfaConfirmationRequired($user)) { $loginHelper->setTfaSessionCheck($user['user_id']); return $this->responseMessage(new XenForo_Phrase('bdapi_consumer_auto_login_user_x_requires_tfa', array('username' => $user['username'], 'twoStepLink' => XenForo_Link::buildPublicLink('login/two-step', null, array('redirect' => $this->getDynamicRedirect(), 'remember' => 1))))); } } $userModel->setUserRememberCookie($user['user_id']); XenForo_Model_Ip::log($user['user_id'], 'user', $user['user_id'], 'login_api_consumer'); $userModel->deleteSessionActivity(0, $this->_request->getClientIp(false)); if (XenForo_Application::$versionId < 1050000) { XenForo_Application::getSession()->changeUserId($user['user_id']); XenForo_Visitor::setup($user['user_id']); } else { $visitor = XenForo_Visitor::setup($user['user_id']); XenForo_Application::getSession()->userLogin($user['user_id'], $visitor['password_date']); } return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $this->getDynamicRedirect(), new XenForo_Phrase('bdapi_consumer_auto_login_with_x_succeeded_y', array('provider' => $provider['name'], 'username' => $user['username']))); }
public function validateAuthentication($nameOrEmail, $password, &$error = '') { $userId = parent::validateAuthentication($nameOrEmail, $password, $error); if (empty($userId) and strpos($nameOrEmail, '@') === false and bdApiConsumer_Option::get('takeOver', 'login')) { // try to login with external providers $providers = bdApiConsumer_Option::getProviders(); foreach ($providers as $provider) { $externalToken = bdApiConsumer_Helper_Api::getAccessTokenFromUsernamePassword($provider, $nameOrEmail, $password); if (empty($externalToken)) { continue; } $externalVisitor = bdApiConsumer_Helper_Api::getVisitor($provider, $externalToken['access_token']); if (empty($externalVisitor)) { continue; } /** @var bdApiConsumer_XenForo_Model_UserExternal $userExternalModel */ $userExternalModel = $this->getModelFromCache('XenForo_Model_UserExternal'); $existingAssoc = $userExternalModel->getExternalAuthAssociation($userExternalModel->bdApiConsumer_getProviderCode($provider), $externalVisitor['user_id']); if (!empty($existingAssoc)) { // yay, found an associated user! $error = ''; $userExternalModel->bdApiConsumer_updateExternalAuthAssociation($provider, $externalVisitor['user_id'], $existingAssoc['user_id'], $externalVisitor + array('token' => $externalToken)); return $existingAssoc['user_id']; } $existingUser = $this->getUserByEmail($externalVisitor['user_email']); if (!empty($existingUser)) { // this is not good, an user with matched email // this user will have to associate manually continue; } $sameName = $this->getUserByName($externalVisitor['username']); if (!empty($sameName)) { // not good continue; } $data = array('username' => $externalVisitor['username']); if (bdApiConsumer_Option::get('autoRegister') === 'id_sync') { // additionally look for user with same ID $sameId = $this->getUserById($externalVisitor['user_id']); if (!empty($sameId)) { // not good continue; } $data['user_id'] = $externalVisitor['user_id']; } $user = bdApiConsumer_Helper_AutoRegister::createUser($data, $provider, $externalToken, $externalVisitor, $userExternalModel); if (!empty($user)) { $error = ''; return $user['user_id']; } } } return $userId; }
public static function getLoginSocial(array $provider) { if (!isset($provider['login/social'])) { $provider['login/social'] = bdApiConsumer_Helper_Api::postLoginSocial($provider); if (!empty($provider['login/social'])) { unset($provider['login/social']['_headers']); unset($provider['login/social']['_responseStatus']); self::_updateProvider($provider); } } return $provider['login/social']; }
public static function updateResponseRedirect(XenForo_Controller $controller, XenForo_ControllerResponse_Redirect $controllerResponse) { $action = false; $userId = 0; if ($controller instanceof XenForo_ControllerPublic_Login) { /** @var bdApiConsumer_XenForo_ControllerPublic_Login $controller */ if (XenForo_Visitor::getUserId() > 0 && XenForo_Visitor::getUserId() != $controller->bdApiConsumer_getBeforeLoginVisitorId()) { // a successful login $action = 'login'; $userId = XenForo_Visitor::getUserId(); } } elseif ($controller instanceof XenForo_ControllerPublic_Logout) { /** @var bdApiConsumer_XenForo_ControllerPublic_Logout $controller */ if (XenForo_Visitor::getUserId() == 0) { // a successful logout $action = 'logout'; $userId = $controller->bdApiConsumer_getBeforeLogoutVisitorId(); } } if ($action !== false && $userId > 0) { $redirectTarget = $controllerResponse->redirectTarget; $originalTarget = $redirectTarget; /** @var bdApiConsumer_XenForo_Model_UserExternal $userExternalModel */ $userExternalModel = $controller->getModelFromCache('XenForo_Model_UserExternal'); $auths = $userExternalModel->bdApiConsumer_getExternalAuthAssociations($userId); if (!empty($auths)) { foreach ($auths as $auth) { $provider = bdApiConsumer_Option::getProviderByCode($auth['provider']); if (empty($provider)) { continue; } $accessToken = $userExternalModel->bdApiConsumer_getAccessTokenFromAuth($provider, $auth); if (empty($accessToken)) { continue; } $ott = bdApiConsumer_Helper_Api::generateOneTimeToken($provider, $auth['provider_key'], $accessToken); $redirectTarget = XenForo_Link::convertUriToAbsoluteUri($redirectTarget, true); switch ($action) { case 'login': $redirectTarget = bdApiConsumer_Helper_Api::getLoginLink($provider, $ott, $redirectTarget); break; case 'logout': $redirectTarget = bdApiConsumer_Helper_Api::getLogoutLink($provider, $ott, $redirectTarget); break; } } } if ($redirectTarget !== $originalTarget) { $controllerResponse->redirectTarget = $redirectTarget; } } }
public function actionExternal() { $this->_assertPostOnly(); $providerCode = $this->_input->filterSingle('provider', XenForo_Input::STRING); $provider = bdApiConsumer_Option::getProviderByCode($providerCode); if (empty($provider)) { return $this->responseNoPermission(); } $externalUserId = $this->_input->filterSingle('external_user_id', XenForo_Input::UINT); if (empty($externalUserId)) { return $this->responseNoPermission(); } if (!bdApiConsumer_Helper_Api::verifyJsSdkSignature($provider, $_REQUEST)) { return $this->responseNoPermission(); } $userModel = $this->_getUserModel(); $userExternalModel = $this->getModelFromCache('XenForo_Model_UserExternal'); $existingAssoc = $userExternalModel->getExternalAuthAssociation($userExternalModel->bdApiConsumer_getProviderCode($provider), $externalUserId); if (!empty($existingAssoc)) { $accessToken = $userExternalModel->bdApiConsumer_getAccessTokenFromAuth($provider, $existingAssoc); if (empty($accessToken)) { // no access token in the auth, consider no auth at all $existingAssoc = null; } } if (empty($existingAssoc)) { $autoRegister = bdApiConsumer_Option::get('autoRegister'); if ($autoRegister === 'on' or $autoRegister === 'id_sync') { // we have to do a refresh here return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, XenForo_Link::buildPublicLink('canonical:register/external', null, array('provider' => $providerCode, 'reg' => 1, 'redirect' => $this->getDynamicRedirect())), new XenForo_Phrase('bdapi_consumer_being_auto_login_auto_register_x', array('provider' => $provider['name']))); } } if ($existingAssoc and $user = $userModel->getUserById($existingAssoc['user_id'])) { $userModel->setUserRememberCookie($user['user_id']); XenForo_Model_Ip::log($user['user_id'], 'user', $user['user_id'], 'login_api_consumer'); $userModel->deleteSessionActivity(0, $this->_request->getClientIp(false)); $session = XenForo_Application::get('session'); $session->changeUserId($user['user_id']); XenForo_Visitor::setup($user['user_id']); $message = new XenForo_Phrase('bdapi_consumer_auto_login_with_x_succeeded_y', array('provider' => $provider['name'], 'username' => $user['username'])); return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $this->getDynamicRedirect(), $message); } else { return $this->responseError(new XenForo_Phrase('bdapi_consumer_auto_login_with_x_failed', array('provider' => $provider['name']))); } }
protected function _handleUserPings(array $provider, array &$pings) { $userExternalModel = $this->getModelFromCache('XenForo_Model_UserExternal'); $providerKeys = array(); foreach ($pings as &$ping) { $providerKeys[] = $ping['object_data']; } $auths = $userExternalModel->bdApiConsumer_getExternalAuthAssociationsForProviderUser($provider, $providerKeys); foreach ($auths as $auth) { $accessToken = $userExternalModel->bdApiConsumer_getAccessTokenFromAuth($provider, $auth); if (empty($accessToken)) { continue; } $externalVisitor = bdApiConsumer_Helper_Api::getVisitor($provider, $accessToken, false); if (empty($externalVisitor)) { continue; } $userExternalModel->bdApiConsumer_updateExternalAuthAssociation($provider, $auth['provider_key'], $auth['user_id'], array_merge($auth['extra_data'], $externalVisitor)); foreach ($pings as &$ping) { if ($ping['object_data'] == $auth['provider_key']) { $ping['result'] = 'updated user data'; } } } }
protected function _bdApiConsumer_markExternalAlertsRead(array $viewingUser, array $providerCodes) { $userExternalModel = $this->getModelFromCache('XenForo_Model_UserExternal'); $auths = $this->getModelFromCache('XenForo_Model_UserExternal')->bdApiConsumer_getExternalAuthAssociations($viewingUser['user_id']); foreach ($auths as &$authRef) { $provider = bdApiConsumer_Option::getProviderByCode($authRef['provider']); if (empty($provider)) { continue; } if (!in_array($provider['code'], $providerCodes, true)) { continue; } $accessToken = $userExternalModel->bdApiConsumer_getAccessTokenFromAuth($provider, $authRef); if (empty($accessToken)) { continue; } bdApiConsumer_Helper_Api::postNotificationsRead($provider, $accessToken); } }
public function actionExternalRegister() { $this->_assertPostOnly(); $redirect = $this->_bdApiConsumer_getRedirect(); $userModel = $this->_getUserModel(); /** @var bdApiConsumer_XenForo_Model_UserExternal $userExternalModel */ $userExternalModel = $this->_getUserExternalModel(); $providerCode = $this->_input->filterSingle('provider', XenForo_Input::STRING); $provider = bdApiConsumer_Option::getProviderByCode($providerCode); if (empty($provider)) { return $this->responseNoPermission(); } $doAssoc = $this->_input->filterSingle('associate', XenForo_Input::STRING) || $this->_input->filterSingle('force_assoc', XenForo_Input::UINT); $userId = 0; if ($doAssoc) { $associate = $this->_input->filter(array('associate_login' => XenForo_Input::STRING, 'associate_password' => XenForo_Input::STRING)); $loginModel = $this->_getLoginModel(); if ($loginModel->requireLoginCaptcha($associate['associate_login'])) { return $this->responseError(new XenForo_Phrase('your_account_has_temporarily_been_locked_due_to_failed_login_attempts')); } $userId = $userModel->validateAuthentication($associate['associate_login'], $associate['associate_password'], $error); if (!$userId) { $loginModel->logLoginAttempt($associate['associate_login']); return $this->responseError($error); } } $refreshToken = $this->_input->filterSingle('refresh_token', XenForo_Input::STRING); $externalToken = bdApiConsumer_Helper_Api::getAccessTokenFromRefreshToken($provider, $refreshToken); if (empty($externalToken)) { return $this->responseError(new XenForo_Phrase('bdapi_consumer_error_occurred_while_connecting_with_x', array('provider' => $provider['name']))); } $externalVisitor = bdApiConsumer_Helper_Api::getVisitor($provider, $externalToken['access_token']); if (empty($externalVisitor)) { return $this->responseError(new XenForo_Phrase('bdapi_consumer_error_occurred_while_connecting_with_x', array('provider' => $provider['name']))); } if (empty($externalVisitor['user_email'])) { return $this->responseError(new XenForo_Phrase('bdapi_consumer_x_returned_unknown_error', array('provider' => $provider['name']))); } if (isset($externalVisitor['user_is_valid']) and isset($externalVisitor['user_is_verified'])) { if (empty($externalVisitor['user_is_valid']) or empty($externalVisitor['user_is_verified'])) { return $this->responseError(new XenForo_Phrase('bdapi_consumer_x_account_not_good_standing', array('provider' => $provider['name']))); } } if ($doAssoc) { $userExternalModel->bdApiConsumer_updateExternalAuthAssociation($provider, $externalVisitor['user_id'], $userId, array_merge($externalVisitor, array('token' => $externalToken))); XenForo_Application::getSession()->changeUserId($userId); XenForo_Visitor::setup($userId); return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect); } if (bdApiConsumer_Option::get('bypassRegistrationActive')) { // do not check for registration active option } else { $this->_assertRegistrationActive(); } $data = $this->_input->filter(array('username' => XenForo_Input::STRING, 'timezone' => XenForo_Input::STRING)); // TODO: custom fields if (XenForo_Dependencies_Public::getTosUrl() && !$this->_input->filterSingle('agree', XenForo_Input::UINT)) { return $this->responseError(new XenForo_Phrase('you_must_agree_to_terms_of_service')); } $user = bdApiConsumer_Helper_AutoRegister::createUser($data, $provider, $externalToken, $externalVisitor, $this->_getUserExternalModel()); XenForo_Application::getSession()->changeUserId($user['user_id']); XenForo_Visitor::setup($user['user_id']); $viewParams = array('user' => $user, 'redirect' => $redirect); return $this->responseView('XenForo_ViewPublic_Register_Process', 'register_process', $viewParams, $this->_getRegistrationContainerParams()); }