/** * Generates a token from an input array of values * @param owner owner of this gadget * @param viewer viewer of this gadget * @param app application id * @param domain domain of the container * @param appUrl url where the application lives * @param moduleId module id of this gadget * @throws BlobCrypterException */ public static function createFromSocialSession($stringToken) { ini_set('session.use_cookies', '0'); ini_set('session.save_handler', 'user'); session_set_save_handler(array('Session', 'open'), array('Session', 'close'), array('Session', 'read'), array('Session', 'write'), array('Session', 'destroy'), array('Session', 'gc')); $partsArry = explode(":", $stringToken); $session_key = $partsArry[0]; $api_key = $partsArry[2]; $network_session = new RingsideSocialSession($session_key); $uid = $network_session->getUserId(); $owner = $partsArry[5]; if ($owner == '' || $owner == 'null' || $owner == 'undefined') { $owner = $uid; } $viewer = $uid; $app = $api_key; $domain = $partsArry[4]; $adminClient = RingsideSocialUtils::getAdminClient(); $app_properties = $adminClient->admin_getAppProperties(array('api_key', 'callback_url', 'canvas_url'), null, null, $api_key); $moduleId = $app_properties['canvas_url']; $appUrl = $app_properties['callback_url']; $app = $app_properties['api_key']; error_log("******* Creating RingsideGadgetToken(null,null,{$owner}, {$viewer}, {$app}, {$domain}, {$appUrl}, {$moduleId})"); $rsToken = new RingsideGadgetToken(null, null, $owner, $viewer, $app, $domain, $appUrl, $moduleId); $rsToken->setSocialSession($network_session); return $rsToken; }
/** * Get the session key between an application and the API server. * * @param unknown_type $api_key * @param unknown_type $secret_key * @param RingsideSocialSession $socialSession * @return string session key for the API container */ public static function getApiSessionKey($api_key, $secret_key, RingsideSocialSession $socialSession) { $uid = $socialSession->getUserId(); $sessionKey = $socialSession->getApiSessionKey($api_key); if ($sessionKey != null) { // Validate Session Key is still valid. $apiClient = new RingsideApiClientsRest($api_key, $secret_key, $sessionKey); $apiClient->setNetworkKey($socialSession->getNetwork()); try { $apiClient->users_getLoggedInUser(); } catch (Exception $e) { // error_log( "Session expired? " . $e->getMessage() ) ; // error_log($e->getTraceAsString()); $sessionKey = null; $socialSession->unsetApiSessionKey($api_key); } } if ($sessionKey == null && $uid != null) { // Need to simulate being app and auth, approve, get... which of course // TODO we need to re-think once we are working. // TODO catch some exceptions. try { // Configure where we get the URL for the REST SERVER from. $apiClient = new RingsideApiClientsRest($api_key, $secret_key, null, null, RingsideSocialConfig::$apiKey); // Once the client is authenticated with a session, the network key will be associated via the session $apiClient->setNetworkKey($socialSession->getNetwork()); $auth_token = $apiClient->auth_createToken($socialSession->getExpiry() == null ? true : false); $result = $apiClient->auth_approveToken($uid); $result = $apiClient->auth_getSession($auth_token); if (!empty($apiClient->session_key)) { $sessionKey = trim($apiClient->session_key); $socialSession->addApiSessionKey($api_key, $sessionKey); } } catch (Exception $exception) { error_log("Error creating session key " . $exception); } } return $sessionKey; }
public function execute($params) { $this->debug('Entering'); $this->debugVar($params); $network_session = null; /* foreach($params as $k => $v) { error_log("RingsideSocialServerRender: $k=$v"); } */ // Recreate Session if we have it error_log("Parameters for widget render are: " . var_export($params, true)); error_log("PHPSESSID=" . (isset($_COOKIE['PHPSESSID']) ? $_COOKIE['PHPSESSID'] : '<empty>')); if (array_key_exists('social_session_key', $params)) { $session_key = $params['social_session_key']; $network_session = new RingsideSocialSession($session_key); $uid = $network_session->getUserId(); if (null == $uid || strlen($uid) == 0) { setcookie('social_session_key', $network_session->getSessionKey()); $uid = $network_session->getUserId(); if (isset($_REQUEST['uid'])) { // TODO: SECURITY: I don't think we should just be able to override the uid. $uid = $_REQUEST['uid']; // TODO: SECURITY: This shouldn't be a valid way to log in. $network_session->setUserId($uid); $network_session->setLoggedIn(true); } } } else { if (isset($_COOKIE['PHPSESSID'])) { // Optimization if user is already logged into web front-end $network_session = new RingsideSocialSession($_COOKIE['PHPSESSID']); error_log("PHPSESSID says session is as follows: " . var_export($network_session, true)); $uid = $network_session->getUserId(); if (!isset($uid)) { // The user has a network session but is not logged in // Run as an anonymous user $trust = new RingsideSocialApiTrust($_REQUEST); $network_session = $trust->getAnonymousSession(); } } else { // Not logged in, so login via annonymous user $trust = new RingsideSocialApiTrust($_REQUEST); $network_session = $trust->getAnonymousSession(); } } $api_session_key = $network_session->getApiSessionKey($params['api_key']); if (null == $api_session_key) { $rest = RingsideSocialUtils::getAdminClient(); $app_props = $rest->admin_getAppProperties(array('secret_key'), null, null, $params['api_key'], $network_session->getNetwork()); error_log("Adding API key for " . $params['api_key'] . " to social session for user " . $network_session->getUserID()); RingsideSocialUtils::getApiSessionKey($params['api_key'], $app_props['secret_key'], $network_session); } else { error_log("Using API session key {$api_session_key} for user " . $network_session->getUserID()); } if (array_key_exists('method', $params)) { $method = $params['method']; if (strcasecmp($method, 'fbml') == 0 && array_key_exists('fbml', $params)) { $fbml = $params['fbml']; //error_log("fbml: $fbml"); $render = new RingsideSocialApiRenderFBML($params); $result = $render->render($network_session, $fbml); //error_log("content: ".$result['content']); return isset($result['content']) ? $result['content'] : $result['error']; } else { if (strcasecmp($method, 'app') == 0) { $social = new RingsideSocialClientLocal(RingsideWebConfig::$networkKey, null, $network_session->getSessionKey()); $inSession = $social->inSession(); error_log("User " . ($inSession ? 'is' : 'is not') . " in session"); if ($inSession) { $path = ''; if (array_key_exists('path', $params)) { $path = $params['path']; } $view = 'canvas'; if (array_key_exists('view', $params)) { $view = $params['view']; } //error_log("About to render: ".$params['app']." view: $view, path: $path"); $rest = RingsideSocialUtils::getAdminClient(); $app_props = $rest->admin_getAppProperties(array('application_id', 'canvas_url'), null, null, $params['api_key'], null, $network_session->getNetwork()); $domain_props = $rest->admin_getDomainProperties(array('resize_url'), null, $network_session->getNetwork()); $content = $social->render($view, $app_props['application_id'], $app_props['canvas_url'], $path); // TODO: Is this where error reporting should happen? //error_log("content: $content"); if (isset($domain_props['resize_url'])) { $content = "<html><head><script type=\"text/javascript\">\n function resizeIframe(id) {\n var iframe = document.getElementById( 'xdiframe' );\n var wrapper = document.getElementById( 'wrapper' );\n var height = Math.max( document.body.offsetHeight, document.body.scrollHeight );\n var width = Math.max( document.body.offsetWidth, document.body.scrollWidth );\n iframe.src = '{$domain_props['resize_url']}?height='+height+'&width='+width+'&id='+id;\n }\n</script></head><body onload=\"resizeIframe('if_" . $params['api_key'] . "');\">" . $content . "<iframe id='xdiframe' width='1' height='1' frameborder='0'/></body></html>"; } return $content; } else { echo "<error>User not Logged in!</error>"; } } } } else { error_log("No method specified for render request"); } }
/** * Creates a REST client for the session. * * @param string $social_session_key the session key generated by the social renderer when the application was rendered. * @return RingsideApiClientsRest the REST client */ private static function createRestClient(&$social_session_key) { if (empty($social_session_key)) { unset($social_session_key); } // error_log("Using session key $social_session_key"); $network_session = new RingsideSocialSession(isset($social_session_key) ? $social_session_key : null); if ($network_session->getUserId() == null) { // This is the Ringside user $network_session->setUserId(1); } $api_session_key = RingsideSocialUtils::getApiSessionKey(RingsideSocialConfig::$apiKey, RingsideSocialConfig::$secretKey, $network_session); // error_log("API session key is $api_session_key"); $social_session_key = $network_session->getSessionKey(); return new RingsideApiClientsRest(RingsideSocialConfig::$apiKey, RingsideSocialConfig::$secretKey, $api_session_key, RingsideApiClientsConfig::$serverUrl, RingsideApiClientsConfig::$webUrl, RingsideApiClientsConfig::$socialUrl); }
/** * Builds a calling context to invoke the application's AJAX endpoint. * * @param array $request the request array * @param RingsideSocialSession $session the social session * @return RingsideSocialAppContext the context */ private static function buildCallContext($api_key, RingsideSocialSession $session) { $ctx = new RingsideSocialAppContext(); $ctx->setApiKey($api_key); $ctx->setIsAjax(1); $ctx->setFlavor('ajax'); // TODO: $ctx->setNetworkId(); $ctx->setSessionKey($session->getApiSessionKey($api_key)); $ctx->setExpires($session->getExpiry() == null ? 0 : $session->getExpiry()); $ctx->setNetworkId(RingsideSocialConfig::$apiKey); if ($session->isLoggedIn()) { // We only know these if the user is logged in $ctx->setUser($session->getUserId()); // TODO: Is App Added? $ctx->setIsAppAdded(1); } $ctx->setTime(microtime(true)); return $ctx; }
<?php require_once 'LocalSettings.php'; require_once "ringside/social/session/RingsideSocialSession.php"; require_once 'ringside/api/Session.php'; ini_set('session.use_cookies', '0'); ini_set('session.save_handler', 'user'); session_set_save_handler(array('Session', 'open'), array('Session', 'close'), array('Session', 'read'), array('Session', 'write'), array('Session', 'destroy'), array('Session', 'gc')); $network_session = new RingsideSocialSession($_REQUEST['social_session']); ?> <html> <h1>Social Session Dump</h1> <label>User ID:</label><?php echo $network_session->getUserId(); ?> <br/> <label>Principal Id:</label><?php echo $network_session->getPrincipalId(); ?> <br/> <label>Trust:</label><?php echo $network_session->getTrust(); ?> <br/> <label>Expiry:</label><?php echo $network_session->getExpiry(); ?> <br/> <label>Network:</label><?php echo $network_session->getNetwork();