<?php
namespace Webfan\ElggPatch\Controller;
use Elgg\Request;
class Connect {
use \Webfan\Webfat\getWebfatTrait;
protected $request;
protected $provider = null;
protected $providers = [
];
protected $dir;
protected $configDirProviders;
public function __construct(){
$this->dir = getcwd().\DIRECTORY_SEPARATOR
.'mod'
.\DIRECTORY_SEPARATOR
.'webfan_webfat_elgg_bridge'
.\DIRECTORY_SEPARATOR
.'.data'
.\DIRECTORY_SEPARATOR
.'connected'
.\DIRECTORY_SEPARATOR;
$this->configDirProviders = getcwd().\DIRECTORY_SEPARATOR
.'mod'
.\DIRECTORY_SEPARATOR
.'webfan_webfat_elgg_bridge'
.\DIRECTORY_SEPARATOR
.'.config'
.\DIRECTORY_SEPARATOR
.'providers'
.\DIRECTORY_SEPARATOR;
$this->getWebfat(getcwd().\DIRECTORY_SEPARATOR.'webfat.php', true, false);
}
public function getConnectionFile(string $provider,string $id){
$file = $this->dir.$provider.\DIRECTORY_SEPARATOR.strlen($id)
.\DIRECTORY_SEPARATOR.sha1($id).\DIRECTORY_SEPARATOR.'connected-account.php';
return $file;
}
public function getConnectionFileReverse(string $provider,$elgg_user_guid){
$file = $this->dir.$provider.\DIRECTORY_SEPARATOR.strlen($elgg_user_guid)
.\DIRECTORY_SEPARATOR.$elgg_user_guid.\DIRECTORY_SEPARATOR.'connected-account-reverse.php';
return $file;
}
protected function client(?string $provider = null){
if(!is_string($provider)){
$provider = $this->provider;
}
if(!isset($this->providers[$provider])){
switch($provider){
case 'webfan' :
if(file_exists($this->configDirProviders.'webfan'.'.php')){
$this->providers['webfan'] =
[
'client' => new \League\OAuth2\Client\Provider\GenericProvider( require $this->configDirProviders.'webfan.php' ),
'authorize' => [$this, 'authorize_webfan'],
]
;
}
break;
case 'google' :
if(file_exists($this->configDirProviders.'google'.'.php')){
$this->providers['google'] =
[
'client' => new \League\OAuth2\Client\Provider\Google( require $this->configDirProviders.'google.php' ),
'authorize' => [$this, 'authorize_google'],
]
;
}
break;
case 'github' :
if(file_exists($this->configDirProviders.'github'.'.php')){
$this->providers['github'] =
[
'client' => new \League\OAuth2\Client\Provider\Github( require $this->configDirProviders.'github.php' ),
'authorize' => [$this, 'authorize_github'],
]
;
}
break;
default:
if(file_exists($this->configDirProviders.$provider.'.php')){
$this->providers[$provider] =
[
'client' => new \League\OAuth2\Client\Provider\GenericProvider(
require $this->configDirProviders.$provider.'.php'
),
'authorize' => [$this, 'authorize_'.$provider],
];
}
break;
}
}
return isset($this->providers[$provider]) ? $this->providers[$provider] : null;
}
protected function authorize_webfan(){
$data = $this->oauth_connect('webfan');
$data = $data->toArray();
$id = isset($data['ocs']['data']['id']) ? $data['ocs']['data']['id'] : null;
$name = isset($data['ocs']['data']['display-name']) ? $data['ocs']['data']['display-name'] : null;
$email = isset($data['ocs']['data']['email']) ? $data['ocs']['data']['email'] : null;
if(!$id && !$email){
die('Authentication failed!');
\elgg_gatekeeper() ;
}
return $this->oauth_try_with_provider($id, $name, $email, 'webfan');
}
protected function authorize_github(){
$data = $this->oauth_connect('github');
// $data = $data->toArray();
$id = $data->getId();
$name = $data->getNickname();
$email = $data->getEmail();
if(!$id && !$email){
die('Authentication failed!');
\elgg_gatekeeper() ;
}
//return $this->oauth_try_with_provider($id, $this->slugify($name), $email, 'google');
return $this->oauth_try_with_provider($id, $name, $email, 'github');
}
protected function authorize_google(){
$data = $this->oauth_connect('google');
// $data = $data->toArray();
$id = $data->getId();
$name = $data->getName();
$email = $data->getEmail();
if(!$id && !$email){
die('Authentication failed!');
\elgg_gatekeeper() ;
}
//return $this->oauth_try_with_provider($id, $this->slugify($name), $email, 'google');
return $this->oauth_try_with_provider($id, $name, $email, 'google');
}
public function slugify($text, string $divider = '-')
{
// replace non letter or digits by divider
$text = preg_replace('~[^\pL\d]+~u', $divider, $text);
// transliterate
$text = \iconv('utf-8', 'us-ascii//TRANSLIT', $text);
// remove unwanted characters
$text = preg_replace('~[^-\w]+~', '', $text);
// trim
$text = trim($text, $divider);
// remove duplicate divider
$text = preg_replace('~-+~', $divider, $text);
// lowercase
$text = strtolower($text);
if (empty($text)) {
return 'non';
}
return $text;
}
protected function oauth_login_connect_accounts($guid, string $provider,string $id){
$file = $this->getConnectionFile( $provider, $id);
$elgg_uid=(string)$guid;
$code=<<<PHPCODE
<?php
return '$elgg_uid';
PHPCODE;
if(!is_dir(dirname($file))){
mkdir(dirname($file), 0755, true);
}
file_put_contents($file, $code);
$file = $this->getConnectionFileReverse( $provider, $guid);
$provider_guid=(string)$id;
$code=<<<PHPCODE
<?php
return '$provider_guid';
PHPCODE;
if(!is_dir(dirname($file))){
mkdir(dirname($file), 0755, true);
}
file_put_contents($file, $code);
}
//user is registered and logged in
protected function oauth_try_with_provider(string|int $id, string|int $name, string $email, ?string $provider = null){
if(!is_string($provider)){
$provider = $this->provider;
}
$profile = [
'id'=>(string)$id,
'name'=>(string)$name,
'email'=>$email,
];
$user = false;
$file = $this->getConnectionFile( $provider, $id);
if(file_exists($file)){
$elgg_guid = require $file;
$user = \get_user($elgg_guid);
if($user){
if(!file_exists($this->getConnectionFileReverse($provider,$elgg_guid) ) ){
$this->oauth_login_connect_accounts($elgg_guid, $provider, $id);
}
\elgg_login($user);
@header('Location: https://frdl.de/dashboard');
echo '<a href="https://frdl.de/dashboard">Continue...</a><meta http-equiv="refresh" content="0; url=https://frdl.de/dashboard">';
die();
}
}
if(false === $user){
$user = \elgg_is_logged_in() ? \elgg_get_logged_in_user_entity() : false;
}
$UserData = !is_object($user) ? false : [
'guid'=>$user->guid,
'name'=>$user->name,
'email'=>$user->email,
];
//elgg_get_plugin_user_setting('email_validated', $user->guid, 'uservalidationbyemail')
//elgg_set_plugin_user_setting('WebfanOauthSimpleSingle', $id, $user->guid, 'zzzzelgg_hybridauth');
//if(false ==== $user){
// $_id= elgg_get_plugin_user_setting('email_validated', $user->guid, 'zzzzelgg_hybridauth');
// $user = elgg_get_user_by_email($email);
//}
if(false === $user){
$user = \elgg_get_user_by_email($email);
}
if($user){
\elgg_login($user);
}
$user = \elgg_is_logged_in() ? \elgg_get_logged_in_user_entity() : false;
/*
Parameters
array $params Array of options with keys: (string) username => The username of the new user (string) password => The password (string) name => The user's display name (string) email => The user's email address (string) subtype => (optional) Subtype of the user entity (string) language => (optional) user language (defaults to current language) (bool) allow_multiple_emails => (optional) Allow the same email address to be registered multiple times (default false) (bool) validated => (optional) Is the user validated (default true)
*/
if(false === $user && !empty($email) && !empty($profile['id']) ){
//$username = $profile['id'];
$username = $this->slugify(!empty($profile['name']) && is_numeric($profile['id']) ? $profile['name'] : $profile['id']);
while(\elgg_get_user_by_username($username)){
$username = $profile['id'] . mt_rand(100000,99999999);
}
$dirty_pass =base64_encode(\random_bytes(16));
$password = substr(str_replace(['/', '+', '='], ['', '', ''], $dirty_pass), 0, 8);
$user = \elgg_register_user( [
'username'=>$username,
'password'=>$password,
'name'=>$profile['name'],
'email'=>$profile['email'],
'validated'=>true,
] );
// echo '$user<pre>';
// echo print_r($user, true);
}elseif($user){
//\elgg_set_plugin_user_setting('WebfanOauthSimpleSingle', $id, $user->guid, 'zzzzelgg_hybridauth');
$this->oauth_login_connect_accounts($user->guid, $provider, $profile['id']);
}else{
// die('Authentication failed!');
//elgg_gatekeeper() ;
}
if($user){
\elgg_login($user);
$this->redirect('https://frdl.de/dashboard', 'Continue...');
}else{
die('Authentication failed! <a href="/">Home</a>');
//elgg_gatekeeper() ;
}
echo '<a href="/">Continue...</a><pre>';
echo print_r($UserData, true);
// echo print_r($data, true);
echo print_r($profile, true);
// The provider provides a way to get an authenticated API request for
// the service, using the access token; it returns an object conforming
// to Psr\Http\Message\RequestInterface.
// $request = $provider->getAuthenticatedRequest(
// 'GET',
// 'https://service.example.com/resource',
// $accessToken
// );
return \elgg_ok_response();
}
protected function oauth_connect(?string $provider = null){
// echo $request->getParam('action');
if(!is_string($provider)){
$provider = $this->provider;
}
$client = $this->client($provider)['client'];
$stateKey = 'oauth2state_'.$provider;
$pkceCodeKey = 'oauth2pkceCode_'.$provider;
// If we don't have an authorization code then get one
if (!isset($_GET['code'])) {
// Fetch the authorization URL from the provider; this returns the
// urlAuthorize option and generates and applies any necessary parameters
// (e.g. state).
$authorizationUrl = $client->getAuthorizationUrl();
// Get the state generated for you and store it to the session.
$_SESSION[$stateKey] = $client->getState();
// Optional, only required when PKCE is enabled.
// Get the PKCE code generated for you and store it to the session.
$_SESSION[$pkceCodeKey] = $client->getPkceCode();
// Redirect the user to the authorization URL.
header('Location: ' . $authorizationUrl);
exit;
// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || empty($_SESSION[$stateKey]) || $_GET['state'] !== $_SESSION[$stateKey]) {
if (isset($_SESSION[$stateKey])) {
unset($_SESSION[$stateKey]);
}
exit('Invalid state');
} else {
try {
// Optional, only required when PKCE is enabled.
// Restore the PKCE code stored in the session.
$client->setPkceCode($_SESSION[$pkceCodeKey]);
// Try to get an access token using the authorization code grant.
$accessToken = $client->getAccessToken('authorization_code', [
'code' => $_GET['code']
]);
// We have an access token, which we may use in authenticated
// requests against the service provider's API.
// echo 'Access Token: ' . $accessToken->getToken() . "<br>";
// echo 'Refresh Token: ' . $accessToken->getRefreshToken() . "<br>";
// echo 'Expired in: ' . $accessToken->getExpires() . "<br>";
// echo 'Already expired? ' . ($accessToken->hasExpired() ? 'expired' : 'not expired') . "<br>";
// Using the access token, we may look up details about the
// resource owner.
$resourceOwner = $client->getResourceOwner($accessToken);
//$data = $resourceOwner->toArray();//->toArray();
} catch (\League\OAuth2\Client\Provider\Exception\IdentityProviderException $e) {
// Failed to get the access token or user details.
// exit('Error in '.__LINE__.': '.$e->getMessage());
throw $e;
}catch (\Exception $e2) {
throw $e2;
}
return $resourceOwner;
}
}
public function echo($str){
\elgg_echo( $str );
}
/**
* Handles single sign on request
*
* @param Request $request the Request
*
* @return void
*/
protected function redirect($url, $text='Continue...'){
@header('Location: '.$url);
echo '<a href="'.$url.'">'.$text.'</a><meta http-equiv="refresh" content="0; url='.$url.'">';
die();
}
protected function disconnect(?string $provider = null){
if(!is_string($provider)){
$provider = $this->provider;
}
$html = '';
//$html.= '<a href="/" class="elgg-anchor-label elgg-button elgg-button-action">Frdlweb Network Home</a>';
//$html.= elgg_view('default/page/default' );
$css = elgg_get_simplecache_url('elgg.css');
//$html.= '<link rel="stylesheet" href="'.$css.'">';
$html.= '<form method="POST">';
if('GET' === $_SERVER['REQUEST_METHOD'] || !isset($_POST['disconnect_confirm'])){
$html.= '<h1>Disconnect from '.ucfirst($provider).'?</h1>';
}elseif('POST' === $_SERVER['REQUEST_METHOD'] && isset($_POST['disconnect_confirm'])){
$html.= '<h1>Disconnect from '.ucfirst($provider).'...</h1>';
$user = \elgg_is_logged_in() ? \elgg_get_logged_in_user_entity() : false;
if(false === $user){
return $this->redirect('https://frdl.de/login', 'Continue...');
}
$fileReverse = $this->getConnectionFileReverse( $provider, $user->guid);
$provider_guid = !file_exists($fileReverse) ? false : require $fileReverse;
if(false === $provider_guid){
$html.= 'Sorry, we could not the connection info for your account with '.ucfirst($provider).'!';
$html.= '<br />';
$html.= '<a href="https://frdl.de/auth/login/'.$provider.'/connect/">(Re-)Connect with '.ucfirst($provider).'...</a>';
$html.= '<br />';
}else{
$file = $this->getConnectionFile( $provider, $provider_guid);
$elgg_uid = !file_exists($file) ? false : require $file;
if(false === $elgg_uid){
$html.= 'Sorry, we could not the connection info for your account with '.ucfirst($provider).'!';
$html.= '<br />';
$html.= '<a href="/auth/login/'.$provider.'/connect/">(Re-)Connect with '.ucfirst($provider).'...</a>';
$html.= '<br />';
}else{
unlink($fileReverse);
unlink($file);
return $this->redirect('https://frdl.de/dashboard', ucfirst($provider).' disconnected...');
}
}
}
$html.= '<input type="checkbox" name="disconnect_confirm" '.(isset($_POST['disconnect_confirm'])?'checked':'').' />';
$html.= 'Yes, disconnect my account from '.ucfirst($provider).'!';
$html.= '<br />';
$html.= '<a href="/auth/login/'.$provider.'/connect/" class="elgg-anchor-label elgg-button elgg-button-action">';
$html.='(Re-)Connect with '.ucfirst($provider);
$html.='</a>';
$html.= '<input type="submit" value="disconnect" class="elgg-anchor-label elgg-button elgg-button-action" style="color:red;" />';
$html.= '<a href="/" class="elgg-anchor-label elgg-button elgg-button-action">no - keep connected</a>';
$html.= '<a href="javascript:history.back();" class="elgg-anchor-label elgg-button elgg-button-action">Back</a>';
$html.='</form>';
//////return \elgg_ok_response($html);
return \elgg_ok_response(\elgg_view_page('Disconnect from '.ucfirst($provider), [
'content' => $html,
]));
}
public function __invoke(Request $request) {
$this->request = $request;
$this->provider = is_array($this->client($this->request->getParam('provider'))) ? $this->request->getParam('provider') : null;
if(!is_string($this->provider)){
echo 'Provider not found in '.__CLASS__ ;
return \elgg_ok_response();
}
switch($request->getParam('action')){
case 'connect' :
return \call_user_func_array($this->client($this->provider)['authorize'], [$this->provider]);
break;
case 'disconnect' :
return \call_user_func_array([$this, 'disconnect'], [$this->provider]);
break;
default :
\elgg_echo( 'Action not found in '.__CLASS__);
return;
break;
}
/** echo '<pre>';
echo $request->getParam('provider');
echo $request->getParam('action');
$user = elgg_get_logged_in_user_entity();
echo print_r($user, true);
echo $user->email;
echo '</pre>';
return elgg_ok_response(); */
}
}
__halt_compiler();----SIGNATURE:----m7St85GnU8Id3DX8LfadePBHhP9q0h6ju5LhynmtgIbqz2y6fU1sUpjrSnpIr87NTDSQh+x9Yqv/Phdek/FgJ9DsJ92MLMstiCOFHZtFu0PADqSwqvhzF4KmI2WP4hNvWwmGX1esG7oAsv84eNAE6QHtdmhUSkm/VaCViM451i85xLLZHOkd9O9OgM2Xqu+3cp5nZcfugM73zJ7wVj/YD7mcGvie0yQdzxQwT5QBm8736/OLFPzIX9BpkyjkIC+PURUioE+Bc5cqYIxmEFZpv3vTCKVIRlEoDQskk0q8CSMdXJonMM5tNH4wCqAGzmagG7/6/sIGjIUm4Q9X9p72MgomODyHU0EgujRAesrdY1Km5DjmF675oW4zLqhspPV6tcPFTZX9atlMfZKIVaoywq85CBO7K1pnvFKDExAjVa+8+pZX6K/v0Y5qv9L5tVa2SMbYfpTBQjtyeTfCyEvyIk7AqtyIrgm4Ssh3TYukh9MFFTXVqrTc7YSjV6kGiTJeJGxHZKez/1/7IWSCbhANY6q3xKWUmNnW0ObSc1YD5pbfCVFVNAcrbmC1hbFLpj8klPDDKtD8vKcdpb+pg684d0sUPPWtGi4AdywkX4QxeNhu4nWS+q2AdNKHwepigucaF/9lT7RuxKczm+mNshECUCYugoJVqTwc7Abhdk990XU=----ATTACHMENT:----OTIxODgyNjk0MzM4NzY4NyA5NTk2MDQ3NDI1NjM1NTY1IDkzOTU3NzIwNzA2NDY3Mw==