/** * Helper function that handles Gigya API calls. * * @param mixed $method * The Gigya API method. * @param mixed $params * The method parameters. * * @return array * The Gigya response. */ public function call($method, $params) { // Initialize new request. $request = new GSRequest($this->api_key, $this->api_secret, $method); $user_info = NULL; if (!empty($params)) { foreach ($params as $param => $val) { $request->setParam($param, $val); } $user_info = in_array('getUserInfo', $params); } // To be define on CMS code (or not). $api_domain = GIGYA__API_DOMAIN; // Set the request path. $domain = !empty($api_domain) ? $api_domain : 'us1.gigya.com'; $request->setAPIDomain($domain); // Make the request. ini_set('arg_separator.output', '&'); $response = $request->send(); ini_restore('arg_separator.output'); // Check for errors $err_code = $response->getErrorCode(); if ($err_code != 0) { if (function_exists('_gigya_error_log')) { $log = explode("\r\n", $response->getLog()); _gigya_error_log($log); return new WP_Error($err_code, $response->getErrorMessage()); } } else { if (!empty($user_info)) { // Check validation in the response. $valid = SigUtils::validateUserSignature($response->getString("UID", ""), $response->getString("signatureTimestamp", ""), $this->api_secret, $response->getString("UIDSignature", "")); if (!empty($valid)) { return $err_code; } } } return $this->jsonToArray($response->getResponseText()); }
/** * This is Gigya login AJAX callback */ public function init() { // Get the data from the client (AJAX). $data = $_POST['data']; // Trap for login users if (is_user_logged_in()) { wp_send_json_error(array('msg' => __('There is already a logged in user'))); } // Check Gigya's signature validation. $is_sig_validate = SigUtils::validateUserSignature($data['UID'], $data['timestamp'], GIGYA__API_SECRET, $data['signature']); // Gigya user validate trap. if (empty($is_sig_validate)) { wp_send_json_error(array('msg' => __('There was a problem validating your user'))); } // Initialize Gigya user. $this->gigya_user = $data['user']; // Checking if the Gigya UID is a number. // When the Gigya UID is a number, it means // we already notifyRegistration for Gigya // and the Gigya UID is the WP UID. if (is_numeric($this->gigya_user['UID']) && $this->gigya_user['isSiteUID'] == true && is_object($wp_user = get_userdata($this->gigya_user['UID']))) { // Login the user. $this->login($wp_user); } else { // There might be a user who never verified his email. // So we are looking for a user who has 'gigya_uid' meta // with the value of the original (NOT-number) Gigya UID. $users = get_users('meta_key=gigya_uid&meta_value=' . $this->gigya_user['UID']); if (!empty($users)) { // If there one we return the login form to client. wp_send_json_success(array('type' => 'form', 'html' => $this->emailVerifyForm())); } else { // We now sure there no user in WP records connected // to this Gigya's UID. Lets try to register the user. $this->register(); } } wp_send_json_success(); }
public function validateUserSignature($uid, $signatureTimestamp, $uidSignature) { return \SigUtils::validateUserSignature($uid, $signatureTimestamp, $this->secretKey, $uidSignature); }
public function updateProfile($data) { if (is_user_logged_in()) { $is_sig_validate = SigUtils::validateUserSignature($data['UID'], $data['signatureTimestamp'], GIGYA__API_SECRET, $data['UIDSignature']); if ($is_sig_validate) { $gigyaCMS = new GigyaCMS(); $gigya_account = $gigyaCMS->getAccount($data['UID']); if (!is_wp_error($gigya_account)) { _gigya_add_to_wp_user_meta($gigya_account['profile'], get_current_user_id()); } } } }
/** * We want to verify our Gigya interactions are valid. * Since all interactions are via the JavaScript API, we'll need to verify these via AJAX * @return json * * @since HAL 9000 */ public function verify_user($uid, $timestamp, $sig) { // Validate the signature is authentic $valid = SigUtils::validateUserSignature(sanitize_text_field($uid), absint($timestamp), MAKE_GIGYA_PRIVATE_KEY, sanitize_text_field($sig)); if ($valid) { return true; } else { return false; } }