diff --git a/www/application/controllers/Home.php b/www/application/controllers/Home.php index 223d64e6..b70bb9e2 100644 --- a/www/application/controllers/Home.php +++ b/www/application/controllers/Home.php @@ -31,7 +31,8 @@ class Home extends WRB_Controller { $login_links = get_hybridauth_links($hybrid, $this->router); */ $login_links = array( - 'Google' => get_google_login_link() + 'Google' => get_google_login_link(), + 'Apple' => get_apple_login_link() ); // Pass login links to html template $data['login_links'] = $login_links; diff --git a/www/application/controllers/Login.php b/www/application/controllers/Login.php index 149c1595..e23ab9a2 100644 --- a/www/application/controllers/Login.php +++ b/www/application/controllers/Login.php @@ -174,7 +174,8 @@ class Login extends WRB_Controller { $login_links = get_hybridauth_links($hybrid, $this->router); */ $login_links = array( - 'Google' => get_google_login_link() + 'Google' => get_google_login_link(), + 'Apple' => get_apple_login_link() ); // Pass login links to html template $data['login_links'] = $login_links; @@ -233,6 +234,10 @@ class Login extends WRB_Controller { // Load Hybridauth's helper $this->load->helper('hybridauth'); $code = $this->input->get('code'); + $apple_code = ''; + if ($provider == 'apple') { + $apple_code = $this->input->post('code'); + } if ($code!='') { $client = get_google_client(); $token = $client->fetchAccessTokenWithAuthCode($code); @@ -260,57 +265,8 @@ class Login extends WRB_Controller { if ($proceed) { - $name = (string) $user["name"]; - if (trim($name) == "") { - $name = strtok($user["email"], "@"); - } - $data['google_id'] = $user["id"]; - $data['firstname'] = strtok($name, " "); - $data['lastname'] = strtok(" "); - $data['email'] = $user["email"]; - $data['sessionid'] = rand(10000, 99999) . "A" . rand(10000, 99999); - $data['action'] = WRENCHBOARD_GOOGLE_LOGIN; - $this->load->model('backend_model'); - $out = array(); + $this->provision_account($user, $data); - $res = $this->backend_model->wrenchboard_api($data, $out); - if ($res == PHP_LOGIN_OK) { - $this->load->model('account_model'); - $ret = $this->account_model->username_data($out); - if ($res !== false) { - $data["login_message"] = "Welcome..."; - // yes person has an account - $_SESSION['session_id'] = $out["session"]; - $_SESSION['username'] = $ret->username; - $_SESSION['name'] = $ret->username; - $_SESSION['firstname'] = $ret->firstname; - $_SESSION['lastname'] = $ret->lastname; - $_SESSION['email'] = $ret->email; - $_SESSION['member_id'] = $ret->id; - $_SESSION['log_count'] = 0; - $_SESSION['mesaage_count'] = 0; - $this->findOffers($_SESSION['email']); - $_SESSION['message_snapshot'] = $this->myMessagesSnapshot(); - $_SESSION['profile_picture'] = "../smedia/DEFAULTS/default-profile.png"; - $this->logUser('Account login'); - $this->refreshAccountDetail($_SESSION['member_id']); - $this->getSessionArray(); - - $this->excudedEmails(); - - redirect('dash'); - } else { - // Cannot proceed - account model error? - $this->session->set_flashdata('login_message','Cannot proceed - account model error: '.$ret); - redirect('login'); - } - } else { - // Cannot proceed - backend error? - $msg = (is_array($out) && array_key_exists('status',$out) && $out['status']!='') - ? $out ['status'] : json_encode($out); - $this->session->set_flashdata('login_message','Cannot proceed - backend error: '.$msg); - redirect('login'); - } } else { // Cannot proceed - duplicate email? $this->session->set_flashdata('login_message','Cannot proceed - duplicate email'); @@ -326,6 +282,100 @@ class Login extends WRB_Controller { $this->session->set_flashdata('login_message','Missing access token / invalid grant - expired credentials!'); redirect('login'); } + } else if ($apple_code != '') { + // Handle Apple + if($_SESSION['apple_state'] != $this->input->post('state')) { + // Invalid or missing state - login failed? + $this->session->set_flashdata('login_message','Authorization server returned an invalid state parameter' + .$_SESSION['apple_state'].'/'.$this->input->post('state')); + unset($_SESSION['apple_state']); + redirect('login'); + return; + } + // Token endpoint docs: + // https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens + list($clientId, $clientSecret, $redirectUri) = get_apple_config(); + $data = [ + 'grant_type' => 'authorization_code', + 'code' => $apple_code, + 'redirect_uri' => $redirectUri, + 'client_id' => $clientId, + 'client_secret' => $clientSecret, + ]; + $url = "https://appleid.apple.com/auth/token"; + $ch = curl_init(); + curl_setopt($ch,CURLOPT_URL, $url); + curl_setopt($ch,CURLOPT_POST, true); + curl_setopt($ch,CURLOPT_POSTFIELDS, http_build_query($data)); + curl_setopt($ch,CURLOPT_HTTPHEADER, [ + 'Accept: application/json', + 'Content-type: application/x-www-form-urlencoded', + 'User-Agent: curl', # Apple requires a user agent header at the token endpoint + ]); + curl_setopt($ch,CURLOPT_RETURNTRANSFER, TRUE); + $result = curl_exec($ch); + curl_close($ch); + + /* + { + "access_token": "adg61...67Or9", + "token_type": "Bearer", + "expires_in": 3600, + "refresh_token": "rca7...lABoQ" + "id_token": "eyJra...96sZg" + } + */ + + $response = json_decode($result); + + if(!isset($response->access_token)) { + $this->session->set_flashdata('login_message','Error getting an access token'); + //echo '
'; print_r($response); echo ''; + //echo $result; die(); + redirect('login'); + return; + } + + $claims = explode('.', $response->id_token)[1]; + $claims = json_decode(base64_decode($claims)); + + //echo '
'; print_r($response); echo ''; + + //echo '
'; print_r($claims); echo ''; +/* + eyJraWQiOiJmaDZCczhDIiwiYWxnIjoiUlMyNTYifQ + eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLndyZW5jaGJvYXJkLnVzZXJzLmNsaWVudCIsImV4cCI6MTY1NDE3MjM5NywiaWF0IjoxNjU0MDg1OTk3LCJzdWIiOiIwMDE4MTAuMjBlNzUwMjhkNDljNDJkOGI0MzBiNDJkMWQ3NDg3ZjMuMTE1NyIsImF0X2hhc2giOiJPSzNfZlNtLUJZTEMzd3R5QTB4Q2pRIiwiZW1haWwiOiJhY2lkdW1pcmFlQGdtYWlsLmNvbSIsImVtYWlsX3ZlcmlmaWVkIjoidHJ1ZSIsImF1dGhfdGltZSI6MTY1NDA4NTk2Mywibm9uY2Vfc3VwcG9ydGVkIjp0cnVlfQ + jHxcOMAxUYEJx7nlmAXPN6PuqKMxVVcklGU5p6k16UvSS4DOM7nDwduo8D9FrzcjnTMGmLAThBYw2reilKv3vod034iTfBoL-vno_I7Wa-Iig5uTji7leaoDpfWyDAT7kFXpa6LVGdtZ8KdcVfSY-GF58JpKKQtf-sKB4sqnN1HAeCgYKP3EO5sf0zOttA7noZ_i6ITrmFbx5Mndf8Ktw-gb-LM-Ux11TEApByn4FcpL5m3ycvxxyaWsnLrGtraNK2S5N7Sby2imSB0iT9MFQRCL-4ddyD1YUDbpKLQDTlaSQuTPCX09AdMeLpx0wK6TAiTUUrOf93ljYU724Flb4g +*/ + + //die(); + + if ($id !='' && $email != '') { + $user = array( + 'id' => $claims->sub, + 'name' => 'First Last', + 'email' => $claims->email, + 'apple' => 1 + ); + list($proceed, $data) = $this->checkUserExists($user, $data); + + if ($proceed) { + + $this->provision_account($user, $data); + + } else { + // Cannot proceed - duplicate email? + $this->session->set_flashdata('login_message','Cannot proceed - duplicate email'); + redirect('login'); + } + } else { + // Invalid or missing id and/or email - login failed? + $this->session->set_flashdata('login_message','Invalid or missing id and/or email - login failed!'); + redirect('login'); + } + } else { // Invalid or missing code - login failed? $this->session->set_flashdata('login_message','Invalid or missing code - login failed!'); @@ -333,6 +383,62 @@ class Login extends WRB_Controller { } } + function provision_account($user, $data) + { + $name = (string) $user["name"]; + if (trim($name) == "") { + $name = strtok($user["email"], "@"); + } + $data['google_id'] = $user["id"]; + $data['firstname'] = strtok($name, " "); + $data['lastname'] = strtok(" "); + $data['email'] = $user["email"]; + $data['sessionid'] = rand(10000, 99999) . "A" . rand(10000, 99999); + $data['action'] = WRENCHBOARD_GOOGLE_LOGIN; + $this->load->model('backend_model'); + $out = array(); + + $res = $this->backend_model->wrenchboard_api($data, $out); + if ($res == PHP_LOGIN_OK) { + $this->load->model('account_model'); + $ret = $this->account_model->username_data($out); + if ($res !== false) { + $data["login_message"] = "Welcome..."; + // yes person has an account + $_SESSION['session_id'] = $out["session"]; + $_SESSION['username'] = $ret->username; + $_SESSION['name'] = $ret->username; + $_SESSION['firstname'] = $ret->firstname; + $_SESSION['lastname'] = $ret->lastname; + $_SESSION['email'] = $ret->email; + $_SESSION['member_id'] = $ret->id; + $_SESSION['log_count'] = 0; + $_SESSION['mesaage_count'] = 0; + $this->findOffers($_SESSION['email']); + $_SESSION['message_snapshot'] = $this->myMessagesSnapshot(); + $_SESSION['profile_picture'] = "../smedia/DEFAULTS/default-profile.png"; + $this->logUser('Account login'); + $this->refreshAccountDetail($_SESSION['member_id']); + $this->getSessionArray(); + + $this->excudedEmails(); + + redirect('dash'); + } else { + // Cannot proceed - account model error? + $this->session->set_flashdata('login_message','Cannot proceed - account model error: '.$ret); + redirect('login'); + } + } else { + // Cannot proceed - backend error? + $msg = (is_array($out) && array_key_exists('status',$out) && $out['status']!='') + ? $out ['status'] : json_encode($out); + $this->session->set_flashdata('login_message','Cannot proceed - backend error: '.$msg); + redirect('login'); + } + + } + //Processes social login function authh($provider = NULL) { diff --git a/www/application/controllers/Site.php b/www/application/controllers/Site.php index ad9e2eee..67302212 100644 --- a/www/application/controllers/Site.php +++ b/www/application/controllers/Site.php @@ -25,7 +25,8 @@ class Site extends WRB_Controller { $login_links = get_hybridauth_links($hybrid, $this->router); */ $login_links = array( - 'Google' => get_google_login_link() + 'Google' => get_google_login_link(), + 'Apple' => get_apple_login_link() ); // Pass login links to html template $data['login_links'] = $login_links; diff --git a/www/application/helpers/hybridauth_helper.php b/www/application/helpers/hybridauth_helper.php index 5e35f080..1b6efcdd 100644 --- a/www/application/helpers/hybridauth_helper.php +++ b/www/application/helpers/hybridauth_helper.php @@ -45,6 +45,47 @@ if ( ! function_exists('get_google_client')) } } +if (! function_exists('get_apple_config')) +{ + function get_apple_config() { + return array( + /* 'client_id' => */ 'com.wrenchboard.users.client', + /* 'client_secret' => */ 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6Ilc1V1RXQzlEVEoifQ.eyJpc3MiOiJKUjM2M0ZFWThSIiwiaWF0IjoxNjU0MDgzODQxLCJleHAiOjE2NTkyNjc4NDEsImF1ZCI6Imh0dHBzOi8vYXBwbGVpZC5hcHBsZS5jb20iLCJzdWIiOiJjb20ud3JlbmNoYm9hcmQudXNlcnMuY2xpZW50In0.TIPMwjS2MgSysqEuw3yu1nrOcrH-6omzerDhx0CadjWn2yCO8wZhQiAlhIFs7F-WPektIJ6h-2BT62yGrILiTA', + /* 'redirect_uri' => */ site_url('login/auth/apple') + ); + } +} + +if ( ! function_exists('get_apple_login_link')) +{ + // Configure Apple CLient + function get_apple_login_link() + { + // init configuration + list($clientID, $clientSecret, $redirectUri) = get_apple_config(); + + $_SESSION['apple_state'] = bin2hex(random_bytes(5)); + + $authorize_url = 'https://appleid.apple.com/auth/authorize'.'?'.http_build_query([ + 'response_type' => 'code', + 'response_mode' => 'form_post', + 'client_id' => $clientID, + 'redirect_uri' => $redirectUri, + 'state' => $_SESSION['apple_state'], + 'scope' => 'name email', + ]); + + return $authorize_url; + } +} + +/* +Client ID: com.wrenchboard.users.client +Key ID: W5WTWC9DTJ +Sign In with Apple: JR363FEY8R.com.wrenchboard.users +Secret: eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6Ilc1V1RXQzlEVEoifQ.eyJpc3MiOiJKUjM2M0ZFWThSIiwiaWF0IjoxNjU0MDgzODQxLCJleHAiOjE2NTkyNjc4NDEsImF1ZCI6Imh0dHBzOi8vYXBwbGVpZC5hcHBsZS5jb20iLCJzdWIiOiJjb20ud3JlbmNoYm9hcmQudXNlcnMuY2xpZW50In0.TIPMwjS2MgSysqEuw3yu1nrOcrH-6omzerDhx0CadjWn2yCO8wZhQiAlhIFs7F-WPektIJ6h-2BT62yGrILiTA +*/ + if ( ! function_exists('get_google_login_link')) { // Get Google login link diff --git a/www/application/views/site3/external/view_home.php b/www/application/views/site3/external/view_home.php index 402cb2fe..bf4107c9 100644 --- a/www/application/views/site3/external/view_home.php +++ b/www/application/views/site3/external/view_home.php @@ -74,8 +74,8 @@