Sigin with Apple

This commit is contained in:
2022-06-01 09:14:47 -04:00
parent 320cbb11ee
commit 019e650090
5 changed files with 204 additions and 55 deletions
+2 -1
View File
@@ -31,7 +31,8 @@ class Home extends WRB_Controller {
$login_links = get_hybridauth_links($hybrid, $this->router);
*/
$login_links = array(
'Google' => get_google_login_link()
'Google' => get_google_login_link(),
'Apple' => get_apple_login_link()
);
// Pass login links to html template
$data['login_links'] = $login_links;
+157 -51
View File
@@ -174,7 +174,8 @@ class Login extends WRB_Controller {
$login_links = get_hybridauth_links($hybrid, $this->router);
*/
$login_links = array(
'Google' => get_google_login_link()
'Google' => get_google_login_link(),
'Apple' => get_apple_login_link()
);
// Pass login links to html template
$data['login_links'] = $login_links;
@@ -233,6 +234,10 @@ class Login extends WRB_Controller {
// Load Hybridauth's helper
$this->load->helper('hybridauth');
$code = $this->input->get('code');
$apple_code = '';
if ($provider == 'apple') {
$apple_code = $this->input->post('code');
}
if ($code!='') {
$client = get_google_client();
$token = $client->fetchAccessTokenWithAuthCode($code);
@@ -260,57 +265,8 @@ class Login extends WRB_Controller {
if ($proceed) {
$name = (string) $user["name"];
if (trim($name) == "") {
$name = strtok($user["email"], "@");
}
$data['google_id'] = $user["id"];
$data['firstname'] = strtok($name, " ");
$data['lastname'] = strtok(" ");
$data['email'] = $user["email"];
$data['sessionid'] = rand(10000, 99999) . "A" . rand(10000, 99999);
$data['action'] = WRENCHBOARD_GOOGLE_LOGIN;
$this->load->model('backend_model');
$out = array();
$this->provision_account($user, $data);
$res = $this->backend_model->wrenchboard_api($data, $out);
if ($res == PHP_LOGIN_OK) {
$this->load->model('account_model');
$ret = $this->account_model->username_data($out);
if ($res !== false) {
$data["login_message"] = "Welcome...";
// yes person has an account
$_SESSION['session_id'] = $out["session"];
$_SESSION['username'] = $ret->username;
$_SESSION['name'] = $ret->username;
$_SESSION['firstname'] = $ret->firstname;
$_SESSION['lastname'] = $ret->lastname;
$_SESSION['email'] = $ret->email;
$_SESSION['member_id'] = $ret->id;
$_SESSION['log_count'] = 0;
$_SESSION['mesaage_count'] = 0;
$this->findOffers($_SESSION['email']);
$_SESSION['message_snapshot'] = $this->myMessagesSnapshot();
$_SESSION['profile_picture'] = "../smedia/DEFAULTS/default-profile.png";
$this->logUser('Account login');
$this->refreshAccountDetail($_SESSION['member_id']);
$this->getSessionArray();
$this->excudedEmails();
redirect('dash');
} else {
// Cannot proceed - account model error?
$this->session->set_flashdata('login_message','Cannot proceed - account model error: '.$ret);
redirect('login');
}
} else {
// Cannot proceed - backend error?
$msg = (is_array($out) && array_key_exists('status',$out) && $out['status']!='')
? $out ['status'] : json_encode($out);
$this->session->set_flashdata('login_message','Cannot proceed - backend error: '.$msg);
redirect('login');
}
} else {
// Cannot proceed - duplicate email?
$this->session->set_flashdata('login_message','Cannot proceed - duplicate email');
@@ -326,6 +282,100 @@ class Login extends WRB_Controller {
$this->session->set_flashdata('login_message','Missing access token / invalid grant - expired credentials!');
redirect('login');
}
} else if ($apple_code != '') {
// Handle Apple
if($_SESSION['apple_state'] != $this->input->post('state')) {
// Invalid or missing state - login failed?
$this->session->set_flashdata('login_message','Authorization server returned an invalid state parameter'
.$_SESSION['apple_state'].'/'.$this->input->post('state'));
unset($_SESSION['apple_state']);
redirect('login');
return;
}
// Token endpoint docs:
// https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens
list($clientId, $clientSecret, $redirectUri) = get_apple_config();
$data = [
'grant_type' => 'authorization_code',
'code' => $apple_code,
'redirect_uri' => $redirectUri,
'client_id' => $clientId,
'client_secret' => $clientSecret,
];
$url = "https://appleid.apple.com/auth/token";
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_POST, true);
curl_setopt($ch,CURLOPT_POSTFIELDS, http_build_query($data));
curl_setopt($ch,CURLOPT_HTTPHEADER, [
'Accept: application/json',
'Content-type: application/x-www-form-urlencoded',
'User-Agent: curl', # Apple requires a user agent header at the token endpoint
]);
curl_setopt($ch,CURLOPT_RETURNTRANSFER, TRUE);
$result = curl_exec($ch);
curl_close($ch);
/*
{
"access_token": "adg61...67Or9",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "rca7...lABoQ"
"id_token": "eyJra...96sZg"
}
*/
$response = json_decode($result);
if(!isset($response->access_token)) {
$this->session->set_flashdata('login_message','Error getting an access token');
//echo '<pre>'; print_r($response); echo '</pre>';
//echo $result; die();
redirect('login');
return;
}
$claims = explode('.', $response->id_token)[1];
$claims = json_decode(base64_decode($claims));
//echo '<h3>Access Token Response</h3>';
//echo '<pre>'; print_r($response); echo '</pre>';
//echo '<h3>Parsed ID Token</h3>';
//echo '<pre>'; print_r($claims); echo '</pre>';
/*
eyJraWQiOiJmaDZCczhDIiwiYWxnIjoiUlMyNTYifQ
eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLndyZW5jaGJvYXJkLnVzZXJzLmNsaWVudCIsImV4cCI6MTY1NDE3MjM5NywiaWF0IjoxNjU0MDg1OTk3LCJzdWIiOiIwMDE4MTAuMjBlNzUwMjhkNDljNDJkOGI0MzBiNDJkMWQ3NDg3ZjMuMTE1NyIsImF0X2hhc2giOiJPSzNfZlNtLUJZTEMzd3R5QTB4Q2pRIiwiZW1haWwiOiJhY2lkdW1pcmFlQGdtYWlsLmNvbSIsImVtYWlsX3ZlcmlmaWVkIjoidHJ1ZSIsImF1dGhfdGltZSI6MTY1NDA4NTk2Mywibm9uY2Vfc3VwcG9ydGVkIjp0cnVlfQ
jHxcOMAxUYEJx7nlmAXPN6PuqKMxVVcklGU5p6k16UvSS4DOM7nDwduo8D9FrzcjnTMGmLAThBYw2reilKv3vod034iTfBoL-vno_I7Wa-Iig5uTji7leaoDpfWyDAT7kFXpa6LVGdtZ8KdcVfSY-GF58JpKKQtf-sKB4sqnN1HAeCgYKP3EO5sf0zOttA7noZ_i6ITrmFbx5Mndf8Ktw-gb-LM-Ux11TEApByn4FcpL5m3ycvxxyaWsnLrGtraNK2S5N7Sby2imSB0iT9MFQRCL-4ddyD1YUDbpKLQDTlaSQuTPCX09AdMeLpx0wK6TAiTUUrOf93ljYU724Flb4g
*/
//die();
if ($id !='' && $email != '') {
$user = array(
'id' => $claims->sub,
'name' => 'First Last',
'email' => $claims->email,
'apple' => 1
);
list($proceed, $data) = $this->checkUserExists($user, $data);
if ($proceed) {
$this->provision_account($user, $data);
} else {
// Cannot proceed - duplicate email?
$this->session->set_flashdata('login_message','Cannot proceed - duplicate email');
redirect('login');
}
} else {
// Invalid or missing id and/or email - login failed?
$this->session->set_flashdata('login_message','Invalid or missing id and/or email - login failed!');
redirect('login');
}
} else {
// Invalid or missing code - login failed?
$this->session->set_flashdata('login_message','Invalid or missing code - login failed!');
@@ -333,6 +383,62 @@ class Login extends WRB_Controller {
}
}
function provision_account($user, $data)
{
$name = (string) $user["name"];
if (trim($name) == "") {
$name = strtok($user["email"], "@");
}
$data['google_id'] = $user["id"];
$data['firstname'] = strtok($name, " ");
$data['lastname'] = strtok(" ");
$data['email'] = $user["email"];
$data['sessionid'] = rand(10000, 99999) . "A" . rand(10000, 99999);
$data['action'] = WRENCHBOARD_GOOGLE_LOGIN;
$this->load->model('backend_model');
$out = array();
$res = $this->backend_model->wrenchboard_api($data, $out);
if ($res == PHP_LOGIN_OK) {
$this->load->model('account_model');
$ret = $this->account_model->username_data($out);
if ($res !== false) {
$data["login_message"] = "Welcome...";
// yes person has an account
$_SESSION['session_id'] = $out["session"];
$_SESSION['username'] = $ret->username;
$_SESSION['name'] = $ret->username;
$_SESSION['firstname'] = $ret->firstname;
$_SESSION['lastname'] = $ret->lastname;
$_SESSION['email'] = $ret->email;
$_SESSION['member_id'] = $ret->id;
$_SESSION['log_count'] = 0;
$_SESSION['mesaage_count'] = 0;
$this->findOffers($_SESSION['email']);
$_SESSION['message_snapshot'] = $this->myMessagesSnapshot();
$_SESSION['profile_picture'] = "../smedia/DEFAULTS/default-profile.png";
$this->logUser('Account login');
$this->refreshAccountDetail($_SESSION['member_id']);
$this->getSessionArray();
$this->excudedEmails();
redirect('dash');
} else {
// Cannot proceed - account model error?
$this->session->set_flashdata('login_message','Cannot proceed - account model error: '.$ret);
redirect('login');
}
} else {
// Cannot proceed - backend error?
$msg = (is_array($out) && array_key_exists('status',$out) && $out['status']!='')
? $out ['status'] : json_encode($out);
$this->session->set_flashdata('login_message','Cannot proceed - backend error: '.$msg);
redirect('login');
}
}
//Processes social login
function authh($provider = NULL)
{
+2 -1
View File
@@ -25,7 +25,8 @@ class Site extends WRB_Controller {
$login_links = get_hybridauth_links($hybrid, $this->router);
*/
$login_links = array(
'Google' => get_google_login_link()
'Google' => get_google_login_link(),
'Apple' => get_apple_login_link()
);
// Pass login links to html template
$data['login_links'] = $login_links;
@@ -45,6 +45,47 @@ if ( ! function_exists('get_google_client'))
}
}
if (! function_exists('get_apple_config'))
{
function get_apple_config() {
return array(
/* 'client_id' => */ 'com.wrenchboard.users.client',
/* 'client_secret' => */ 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6Ilc1V1RXQzlEVEoifQ.eyJpc3MiOiJKUjM2M0ZFWThSIiwiaWF0IjoxNjU0MDgzODQxLCJleHAiOjE2NTkyNjc4NDEsImF1ZCI6Imh0dHBzOi8vYXBwbGVpZC5hcHBsZS5jb20iLCJzdWIiOiJjb20ud3JlbmNoYm9hcmQudXNlcnMuY2xpZW50In0.TIPMwjS2MgSysqEuw3yu1nrOcrH-6omzerDhx0CadjWn2yCO8wZhQiAlhIFs7F-WPektIJ6h-2BT62yGrILiTA',
/* 'redirect_uri' => */ site_url('login/auth/apple')
);
}
}
if ( ! function_exists('get_apple_login_link'))
{
// Configure Apple CLient
function get_apple_login_link()
{
// init configuration
list($clientID, $clientSecret, $redirectUri) = get_apple_config();
$_SESSION['apple_state'] = bin2hex(random_bytes(5));
$authorize_url = 'https://appleid.apple.com/auth/authorize'.'?'.http_build_query([
'response_type' => 'code',
'response_mode' => 'form_post',
'client_id' => $clientID,
'redirect_uri' => $redirectUri,
'state' => $_SESSION['apple_state'],
'scope' => 'name email',
]);
return $authorize_url;
}
}
/*
Client ID: com.wrenchboard.users.client
Key ID: W5WTWC9DTJ
Sign In with Apple: JR363FEY8R.com.wrenchboard.users
Secret: eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6Ilc1V1RXQzlEVEoifQ.eyJpc3MiOiJKUjM2M0ZFWThSIiwiaWF0IjoxNjU0MDgzODQxLCJleHAiOjE2NTkyNjc4NDEsImF1ZCI6Imh0dHBzOi8vYXBwbGVpZC5hcHBsZS5jb20iLCJzdWIiOiJjb20ud3JlbmNoYm9hcmQudXNlcnMuY2xpZW50In0.TIPMwjS2MgSysqEuw3yu1nrOcrH-6omzerDhx0CadjWn2yCO8wZhQiAlhIFs7F-WPektIJ6h-2BT62yGrILiTA
*/
if ( ! function_exists('get_google_login_link'))
{
// Get Google login link
+2 -2
View File
@@ -74,8 +74,8 @@
<img alt="Logo" src="/site3/assets/media/svg/brand-logos/facebook-4.svg" class="h-20px me-3" />Continue with Facebook</a>
<!--end::Facebook link-->
<!--begin::Apple link-->
<!-- a href="#" class="btn btn-flex flex-center btn-light btn-lg w-100">
<img alt="Logo" src="/site3/assets/media/svg/brand-logos/apple-black.svg" class="h-20px me-3" />Continue with Apple</a -->
<a href="<?php echo isset($login_links)?$login_links['Apple']:'#'; ?>" class="btn btn-flex flex-center btn-light btn-lg w-100">
<img alt="Logo" src="/site3/assets/media/svg/brand-logos/apple-black.svg" class="h-20px me-3" />Continue with Apple</a>
<!--end::Apple link-->
<?php /* echo isset($login_links) ? $login_links :''; */ ?>
</div>