Sigin with Apple
This commit is contained in:
@@ -31,7 +31,8 @@ class Home extends WRB_Controller {
|
||||
$login_links = get_hybridauth_links($hybrid, $this->router);
|
||||
*/
|
||||
$login_links = array(
|
||||
'Google' => get_google_login_link()
|
||||
'Google' => get_google_login_link(),
|
||||
'Apple' => get_apple_login_link()
|
||||
);
|
||||
// Pass login links to html template
|
||||
$data['login_links'] = $login_links;
|
||||
|
||||
@@ -174,7 +174,8 @@ class Login extends WRB_Controller {
|
||||
$login_links = get_hybridauth_links($hybrid, $this->router);
|
||||
*/
|
||||
$login_links = array(
|
||||
'Google' => get_google_login_link()
|
||||
'Google' => get_google_login_link(),
|
||||
'Apple' => get_apple_login_link()
|
||||
);
|
||||
// Pass login links to html template
|
||||
$data['login_links'] = $login_links;
|
||||
@@ -233,6 +234,10 @@ class Login extends WRB_Controller {
|
||||
// Load Hybridauth's helper
|
||||
$this->load->helper('hybridauth');
|
||||
$code = $this->input->get('code');
|
||||
$apple_code = '';
|
||||
if ($provider == 'apple') {
|
||||
$apple_code = $this->input->post('code');
|
||||
}
|
||||
if ($code!='') {
|
||||
$client = get_google_client();
|
||||
$token = $client->fetchAccessTokenWithAuthCode($code);
|
||||
@@ -260,57 +265,8 @@ class Login extends WRB_Controller {
|
||||
|
||||
if ($proceed) {
|
||||
|
||||
$name = (string) $user["name"];
|
||||
if (trim($name) == "") {
|
||||
$name = strtok($user["email"], "@");
|
||||
}
|
||||
$data['google_id'] = $user["id"];
|
||||
$data['firstname'] = strtok($name, " ");
|
||||
$data['lastname'] = strtok(" ");
|
||||
$data['email'] = $user["email"];
|
||||
$data['sessionid'] = rand(10000, 99999) . "A" . rand(10000, 99999);
|
||||
$data['action'] = WRENCHBOARD_GOOGLE_LOGIN;
|
||||
$this->load->model('backend_model');
|
||||
$out = array();
|
||||
$this->provision_account($user, $data);
|
||||
|
||||
$res = $this->backend_model->wrenchboard_api($data, $out);
|
||||
if ($res == PHP_LOGIN_OK) {
|
||||
$this->load->model('account_model');
|
||||
$ret = $this->account_model->username_data($out);
|
||||
if ($res !== false) {
|
||||
$data["login_message"] = "Welcome...";
|
||||
// yes person has an account
|
||||
$_SESSION['session_id'] = $out["session"];
|
||||
$_SESSION['username'] = $ret->username;
|
||||
$_SESSION['name'] = $ret->username;
|
||||
$_SESSION['firstname'] = $ret->firstname;
|
||||
$_SESSION['lastname'] = $ret->lastname;
|
||||
$_SESSION['email'] = $ret->email;
|
||||
$_SESSION['member_id'] = $ret->id;
|
||||
$_SESSION['log_count'] = 0;
|
||||
$_SESSION['mesaage_count'] = 0;
|
||||
$this->findOffers($_SESSION['email']);
|
||||
$_SESSION['message_snapshot'] = $this->myMessagesSnapshot();
|
||||
$_SESSION['profile_picture'] = "../smedia/DEFAULTS/default-profile.png";
|
||||
$this->logUser('Account login');
|
||||
$this->refreshAccountDetail($_SESSION['member_id']);
|
||||
$this->getSessionArray();
|
||||
|
||||
$this->excudedEmails();
|
||||
|
||||
redirect('dash');
|
||||
} else {
|
||||
// Cannot proceed - account model error?
|
||||
$this->session->set_flashdata('login_message','Cannot proceed - account model error: '.$ret);
|
||||
redirect('login');
|
||||
}
|
||||
} else {
|
||||
// Cannot proceed - backend error?
|
||||
$msg = (is_array($out) && array_key_exists('status',$out) && $out['status']!='')
|
||||
? $out ['status'] : json_encode($out);
|
||||
$this->session->set_flashdata('login_message','Cannot proceed - backend error: '.$msg);
|
||||
redirect('login');
|
||||
}
|
||||
} else {
|
||||
// Cannot proceed - duplicate email?
|
||||
$this->session->set_flashdata('login_message','Cannot proceed - duplicate email');
|
||||
@@ -326,6 +282,100 @@ class Login extends WRB_Controller {
|
||||
$this->session->set_flashdata('login_message','Missing access token / invalid grant - expired credentials!');
|
||||
redirect('login');
|
||||
}
|
||||
} else if ($apple_code != '') {
|
||||
// Handle Apple
|
||||
if($_SESSION['apple_state'] != $this->input->post('state')) {
|
||||
// Invalid or missing state - login failed?
|
||||
$this->session->set_flashdata('login_message','Authorization server returned an invalid state parameter'
|
||||
.$_SESSION['apple_state'].'/'.$this->input->post('state'));
|
||||
unset($_SESSION['apple_state']);
|
||||
redirect('login');
|
||||
return;
|
||||
}
|
||||
// Token endpoint docs:
|
||||
// https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens
|
||||
list($clientId, $clientSecret, $redirectUri) = get_apple_config();
|
||||
$data = [
|
||||
'grant_type' => 'authorization_code',
|
||||
'code' => $apple_code,
|
||||
'redirect_uri' => $redirectUri,
|
||||
'client_id' => $clientId,
|
||||
'client_secret' => $clientSecret,
|
||||
];
|
||||
$url = "https://appleid.apple.com/auth/token";
|
||||
$ch = curl_init();
|
||||
curl_setopt($ch,CURLOPT_URL, $url);
|
||||
curl_setopt($ch,CURLOPT_POST, true);
|
||||
curl_setopt($ch,CURLOPT_POSTFIELDS, http_build_query($data));
|
||||
curl_setopt($ch,CURLOPT_HTTPHEADER, [
|
||||
'Accept: application/json',
|
||||
'Content-type: application/x-www-form-urlencoded',
|
||||
'User-Agent: curl', # Apple requires a user agent header at the token endpoint
|
||||
]);
|
||||
curl_setopt($ch,CURLOPT_RETURNTRANSFER, TRUE);
|
||||
$result = curl_exec($ch);
|
||||
curl_close($ch);
|
||||
|
||||
/*
|
||||
{
|
||||
"access_token": "adg61...67Or9",
|
||||
"token_type": "Bearer",
|
||||
"expires_in": 3600,
|
||||
"refresh_token": "rca7...lABoQ"
|
||||
"id_token": "eyJra...96sZg"
|
||||
}
|
||||
*/
|
||||
|
||||
$response = json_decode($result);
|
||||
|
||||
if(!isset($response->access_token)) {
|
||||
$this->session->set_flashdata('login_message','Error getting an access token');
|
||||
//echo '<pre>'; print_r($response); echo '</pre>';
|
||||
//echo $result; die();
|
||||
redirect('login');
|
||||
return;
|
||||
}
|
||||
|
||||
$claims = explode('.', $response->id_token)[1];
|
||||
$claims = json_decode(base64_decode($claims));
|
||||
|
||||
//echo '<h3>Access Token Response</h3>';
|
||||
//echo '<pre>'; print_r($response); echo '</pre>';
|
||||
|
||||
//echo '<h3>Parsed ID Token</h3>';
|
||||
//echo '<pre>'; print_r($claims); echo '</pre>';
|
||||
/*
|
||||
eyJraWQiOiJmaDZCczhDIiwiYWxnIjoiUlMyNTYifQ
|
||||
eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLndyZW5jaGJvYXJkLnVzZXJzLmNsaWVudCIsImV4cCI6MTY1NDE3MjM5NywiaWF0IjoxNjU0MDg1OTk3LCJzdWIiOiIwMDE4MTAuMjBlNzUwMjhkNDljNDJkOGI0MzBiNDJkMWQ3NDg3ZjMuMTE1NyIsImF0X2hhc2giOiJPSzNfZlNtLUJZTEMzd3R5QTB4Q2pRIiwiZW1haWwiOiJhY2lkdW1pcmFlQGdtYWlsLmNvbSIsImVtYWlsX3ZlcmlmaWVkIjoidHJ1ZSIsImF1dGhfdGltZSI6MTY1NDA4NTk2Mywibm9uY2Vfc3VwcG9ydGVkIjp0cnVlfQ
|
||||
jHxcOMAxUYEJx7nlmAXPN6PuqKMxVVcklGU5p6k16UvSS4DOM7nDwduo8D9FrzcjnTMGmLAThBYw2reilKv3vod034iTfBoL-vno_I7Wa-Iig5uTji7leaoDpfWyDAT7kFXpa6LVGdtZ8KdcVfSY-GF58JpKKQtf-sKB4sqnN1HAeCgYKP3EO5sf0zOttA7noZ_i6ITrmFbx5Mndf8Ktw-gb-LM-Ux11TEApByn4FcpL5m3ycvxxyaWsnLrGtraNK2S5N7Sby2imSB0iT9MFQRCL-4ddyD1YUDbpKLQDTlaSQuTPCX09AdMeLpx0wK6TAiTUUrOf93ljYU724Flb4g
|
||||
*/
|
||||
|
||||
//die();
|
||||
|
||||
if ($id !='' && $email != '') {
|
||||
$user = array(
|
||||
'id' => $claims->sub,
|
||||
'name' => 'First Last',
|
||||
'email' => $claims->email,
|
||||
'apple' => 1
|
||||
);
|
||||
list($proceed, $data) = $this->checkUserExists($user, $data);
|
||||
|
||||
if ($proceed) {
|
||||
|
||||
$this->provision_account($user, $data);
|
||||
|
||||
} else {
|
||||
// Cannot proceed - duplicate email?
|
||||
$this->session->set_flashdata('login_message','Cannot proceed - duplicate email');
|
||||
redirect('login');
|
||||
}
|
||||
} else {
|
||||
// Invalid or missing id and/or email - login failed?
|
||||
$this->session->set_flashdata('login_message','Invalid or missing id and/or email - login failed!');
|
||||
redirect('login');
|
||||
}
|
||||
|
||||
} else {
|
||||
// Invalid or missing code - login failed?
|
||||
$this->session->set_flashdata('login_message','Invalid or missing code - login failed!');
|
||||
@@ -333,6 +383,62 @@ class Login extends WRB_Controller {
|
||||
}
|
||||
}
|
||||
|
||||
function provision_account($user, $data)
|
||||
{
|
||||
$name = (string) $user["name"];
|
||||
if (trim($name) == "") {
|
||||
$name = strtok($user["email"], "@");
|
||||
}
|
||||
$data['google_id'] = $user["id"];
|
||||
$data['firstname'] = strtok($name, " ");
|
||||
$data['lastname'] = strtok(" ");
|
||||
$data['email'] = $user["email"];
|
||||
$data['sessionid'] = rand(10000, 99999) . "A" . rand(10000, 99999);
|
||||
$data['action'] = WRENCHBOARD_GOOGLE_LOGIN;
|
||||
$this->load->model('backend_model');
|
||||
$out = array();
|
||||
|
||||
$res = $this->backend_model->wrenchboard_api($data, $out);
|
||||
if ($res == PHP_LOGIN_OK) {
|
||||
$this->load->model('account_model');
|
||||
$ret = $this->account_model->username_data($out);
|
||||
if ($res !== false) {
|
||||
$data["login_message"] = "Welcome...";
|
||||
// yes person has an account
|
||||
$_SESSION['session_id'] = $out["session"];
|
||||
$_SESSION['username'] = $ret->username;
|
||||
$_SESSION['name'] = $ret->username;
|
||||
$_SESSION['firstname'] = $ret->firstname;
|
||||
$_SESSION['lastname'] = $ret->lastname;
|
||||
$_SESSION['email'] = $ret->email;
|
||||
$_SESSION['member_id'] = $ret->id;
|
||||
$_SESSION['log_count'] = 0;
|
||||
$_SESSION['mesaage_count'] = 0;
|
||||
$this->findOffers($_SESSION['email']);
|
||||
$_SESSION['message_snapshot'] = $this->myMessagesSnapshot();
|
||||
$_SESSION['profile_picture'] = "../smedia/DEFAULTS/default-profile.png";
|
||||
$this->logUser('Account login');
|
||||
$this->refreshAccountDetail($_SESSION['member_id']);
|
||||
$this->getSessionArray();
|
||||
|
||||
$this->excudedEmails();
|
||||
|
||||
redirect('dash');
|
||||
} else {
|
||||
// Cannot proceed - account model error?
|
||||
$this->session->set_flashdata('login_message','Cannot proceed - account model error: '.$ret);
|
||||
redirect('login');
|
||||
}
|
||||
} else {
|
||||
// Cannot proceed - backend error?
|
||||
$msg = (is_array($out) && array_key_exists('status',$out) && $out['status']!='')
|
||||
? $out ['status'] : json_encode($out);
|
||||
$this->session->set_flashdata('login_message','Cannot proceed - backend error: '.$msg);
|
||||
redirect('login');
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
//Processes social login
|
||||
function authh($provider = NULL)
|
||||
{
|
||||
|
||||
@@ -25,7 +25,8 @@ class Site extends WRB_Controller {
|
||||
$login_links = get_hybridauth_links($hybrid, $this->router);
|
||||
*/
|
||||
$login_links = array(
|
||||
'Google' => get_google_login_link()
|
||||
'Google' => get_google_login_link(),
|
||||
'Apple' => get_apple_login_link()
|
||||
);
|
||||
// Pass login links to html template
|
||||
$data['login_links'] = $login_links;
|
||||
|
||||
@@ -45,6 +45,47 @@ if ( ! function_exists('get_google_client'))
|
||||
}
|
||||
}
|
||||
|
||||
if (! function_exists('get_apple_config'))
|
||||
{
|
||||
function get_apple_config() {
|
||||
return array(
|
||||
/* 'client_id' => */ 'com.wrenchboard.users.client',
|
||||
/* 'client_secret' => */ 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6Ilc1V1RXQzlEVEoifQ.eyJpc3MiOiJKUjM2M0ZFWThSIiwiaWF0IjoxNjU0MDgzODQxLCJleHAiOjE2NTkyNjc4NDEsImF1ZCI6Imh0dHBzOi8vYXBwbGVpZC5hcHBsZS5jb20iLCJzdWIiOiJjb20ud3JlbmNoYm9hcmQudXNlcnMuY2xpZW50In0.TIPMwjS2MgSysqEuw3yu1nrOcrH-6omzerDhx0CadjWn2yCO8wZhQiAlhIFs7F-WPektIJ6h-2BT62yGrILiTA',
|
||||
/* 'redirect_uri' => */ site_url('login/auth/apple')
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
if ( ! function_exists('get_apple_login_link'))
|
||||
{
|
||||
// Configure Apple CLient
|
||||
function get_apple_login_link()
|
||||
{
|
||||
// init configuration
|
||||
list($clientID, $clientSecret, $redirectUri) = get_apple_config();
|
||||
|
||||
$_SESSION['apple_state'] = bin2hex(random_bytes(5));
|
||||
|
||||
$authorize_url = 'https://appleid.apple.com/auth/authorize'.'?'.http_build_query([
|
||||
'response_type' => 'code',
|
||||
'response_mode' => 'form_post',
|
||||
'client_id' => $clientID,
|
||||
'redirect_uri' => $redirectUri,
|
||||
'state' => $_SESSION['apple_state'],
|
||||
'scope' => 'name email',
|
||||
]);
|
||||
|
||||
return $authorize_url;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
Client ID: com.wrenchboard.users.client
|
||||
Key ID: W5WTWC9DTJ
|
||||
Sign In with Apple: JR363FEY8R.com.wrenchboard.users
|
||||
Secret: eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6Ilc1V1RXQzlEVEoifQ.eyJpc3MiOiJKUjM2M0ZFWThSIiwiaWF0IjoxNjU0MDgzODQxLCJleHAiOjE2NTkyNjc4NDEsImF1ZCI6Imh0dHBzOi8vYXBwbGVpZC5hcHBsZS5jb20iLCJzdWIiOiJjb20ud3JlbmNoYm9hcmQudXNlcnMuY2xpZW50In0.TIPMwjS2MgSysqEuw3yu1nrOcrH-6omzerDhx0CadjWn2yCO8wZhQiAlhIFs7F-WPektIJ6h-2BT62yGrILiTA
|
||||
*/
|
||||
|
||||
if ( ! function_exists('get_google_login_link'))
|
||||
{
|
||||
// Get Google login link
|
||||
|
||||
+2
-2
@@ -74,8 +74,8 @@
|
||||
<img alt="Logo" src="/site3/assets/media/svg/brand-logos/facebook-4.svg" class="h-20px me-3" />Continue with Facebook</a>
|
||||
<!--end::Facebook link-->
|
||||
<!--begin::Apple link-->
|
||||
<!-- a href="#" class="btn btn-flex flex-center btn-light btn-lg w-100">
|
||||
<img alt="Logo" src="/site3/assets/media/svg/brand-logos/apple-black.svg" class="h-20px me-3" />Continue with Apple</a -->
|
||||
<a href="<?php echo isset($login_links)?$login_links['Apple']:'#'; ?>" class="btn btn-flex flex-center btn-light btn-lg w-100">
|
||||
<img alt="Logo" src="/site3/assets/media/svg/brand-logos/apple-black.svg" class="h-20px me-3" />Continue with Apple</a>
|
||||
<!--end::Apple link-->
|
||||
<?php /* echo isset($login_links) ? $login_links :''; */ ?>
|
||||
</div>
|
||||
|
||||
Reference in New Issue
Block a user