twitter verify

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>

4 files changed, 56 insertions, 51 deletions

diff --git a/server/lib/UserManager.php b/server/lib/UserManager.php
index 592341c..6953ec8 100644
--- a/server/lib/UserManager.php
+++ b/server/lib/UserManager.php
@@ -140,20 +140,6 @@ LIMIT 50');
 	}
 
 	/**
-	 * Split a cloud id in a user and host post
-	 *
-	 * @param $cloudId
-	 * @return string[]
-	 */
-	private function splitCloudId($cloudId) {
-		$loc = strrpos($cloudId, '@');
-
-		$user = substr($cloudId, 0, $loc);
-		$host = substr($cloudId, $loc+1);
-		return [$user, $host];
-	}
-
-	/**
 	 * @param string $cloudId
 	 * @param string[] $data
 	 * @param int $timestamp
@@ -166,7 +152,7 @@ LIMIT 50');
 		$id = $this->db->lastInsertId();
 		$stmt->closeCursor();
 
-		$fields = ['name', 'email', 'address', 'website', 'twitter', 'phone'];
+		$fields = ['name', 'email', 'address', 'website', 'twitter', 'phone', 'twitter_signature', 'website_signature'];
 
 		foreach ($fields as $field) {
 			if (!isset($data[$field]) || $data[$field] === '') {
@@ -198,7 +184,7 @@ LIMIT 50');
 		$stmt->bindParam(':timestamp', $timestamp, \PDO::PARAM_INT);
 		$stmt->execute();
 		$stmt->closeCursor();
-		$fields = ['name', 'email', 'address', 'website', 'twitter', 'phone'];
+		$fields = ['name', 'email', 'address', 'website', 'twitter', 'phone', 'twitter_signature', 'website_signature'];
 
 		$stmt = $this->db->prepare('SELECT * FROM store WHERE userId = :userId');
 		$stmt->bindParam(':userId', $id, \PDO::PARAM_INT);
@@ -229,7 +215,6 @@ LIMIT 50');
 				$stmt->bindParam(':v', $data[$key]);
 				$stmt->execute();
 				$stmt->closeCursor();
-
 				if ($key === 'email') {
 					$this->emailValidator->emailUpdated($data[$key], $row['id']);
 				}
@@ -259,7 +244,12 @@ LIMIT 50');
 	}
 
 	private function needToVerify($userId, $storeId, $data, $key) {
-		if (isset($data['verificationStatus'][$key]) && $data['verificationStatus'][$key] === '1') {
+		$stmt = $this->db->prepare('SELECT * FROM toVerify WHERE  storeId = :storeId');
+		$stmt->bindParam(':storeId', $storeId, \PDO::PARAM_INT);
+		$stmt->execute();
+		$alreadyExists = $stmt->fetch();
+
+		if ($alreadyExists === false && isset($data['verificationStatus'][$key]) && $data['verificationStatus'][$key] === '1') {
 			$tries = 0;
 			$stmt = $this->db->prepare('INSERT INTO toVerify (userId, storeId, property, location, tries) VALUES (:userId, :storeId, :property, :location, :tries)');
 			$stmt->bindParam(':userId', $userId, \PDO::PARAM_INT);
@@ -268,6 +258,7 @@ LIMIT 50');
 			$stmt->bindParam(':location', $data[$key]);
 			$stmt->bindParam(':tries', $tries, \PDO::PARAM_INT);
 			$stmt->execute();
+			$stmt->closeCursor();
 		}
 	}
 
@@ -376,7 +367,6 @@ LIMIT 50');
 	 * @param $id
 	 */
 	private function removeOpenVerificationRequest($id) {
-		return true; // Fixme... just for testing purpose.
 		$stmt = $this->db->prepare('DELETE FROM toVerify WHERE id = :id');
 		$stmt->bindParam(':id', $id);
 		$stmt->execute();
@@ -397,28 +387,12 @@ LIMIT 50');
 	}
 
 	/**
-	 * @param array $data
-	 * @return bool
-	 */
-	private function verifyTwitter($data) {
-		// ToDo get data from verify table (includes $cloudId, $location)
-		// ToDo get proof from twitter user $location
-		// ToDo split $message & $signature
-		// ToDo "verifyRequest" needs to be able to handle the shortened md5 signature from twitter
-		$result = $this->signatureHandler->verify($cloudId, $message, $signature);
-
-		return result;
-
-	}
-
-	/**
 	 * @param string $cloudId
 	 * @param string[] $data
 	 * @param int $timestamp
 	 * @return bool
 	 */
 	private function insertOrUpdate($cloudId, $data, $timestamp) {
-
 		$stmt = $this->db->prepare('SELECT * FROM users WHERE federationId = :federationId');
 		$stmt->bindParam(':federationId', $cloudId);
 		$stmt->execute();
diff --git a/server/lib/Validator/Twitter.php b/server/lib/Validator/Twitter.php
index 4999ff6..7cd3724 100644
--- a/server/lib/Validator/Twitter.php
+++ b/server/lib/Validator/Twitter.php
@@ -34,15 +34,20 @@ class Twitter {
 	/** @var SignatureHandler */
 	private $signatureHandler;
 
+	/** @var \PDO */
+	private $db;
+
 	/**
 	 * Twitter constructor.
 	 *
 	 * @param TwitterOAuth $twitterOAuth
 	 * @param SignatureHandler $signatureHandler
+	 * @param \PDO $db
 	 */
-	public function __construct(TwitterOAuth $twitterOAuth, SignatureHandler $signatureHandler) {
+	public function __construct(TwitterOAuth $twitterOAuth, SignatureHandler $signatureHandler, \PDO $db) {
 		$this->twitterOAuth = $twitterOAuth;
 		$this->signatureHandler = $signatureHandler;
+		$this->db = $db;
 	}
 
 	/**
@@ -63,18 +68,20 @@ class Twitter {
 
 		try {
 			$userName = substr($twitterHandle, 1);
-			list($id, $text) = $this->getTweet($userName);
+			list($tweetId, $text) = $this->getTweet($userName);
 			if ($text !== null) {
 				$cloudId = $userData['federationId'];
-				list($message, $signature) = $this->splitMessageSignature($text);
+				list($message, $md5signature) = $this->splitMessageSignature($text);
+				$signature = $userData['twitter_signature']['value'];
 				$result = $this->signatureHandler->verify($cloudId, $message, $signature);
+				$result = $result && md5($signature) === $md5signature;
 			}
 		} catch (\Exception $e) {
 			// do nothing, just return false;
 		}
 
 		if ($result === true) {
-			$this->storeReference($userData, $id);
+			$this->storeReference((int)$verificationData['userId'], $tweetId);
 		}
 
 		return $result;
@@ -87,12 +94,14 @@ class Twitter {
 	 * @return array
 	 */
 	private function getTweet($userName) {
-		$search = 'from:' . $userName . ' What I am searching for';
-		$statuses = $this->twitterOAuth->get('"search/tweets', ['q' => $search]);
-		if (isset($statuses[0])) {
-			$id = $statuses[0]->id;
-			$text = $statuses[0]->text;
-		} else {
+
+		try {
+			$search = 'from:' . $userName . ' Use my Federated Cloud ID to share with me';
+			$statuses = $this->twitterOAuth->get('search/tweets', ['q' => $search]);
+
+			$id = $statuses->statuses[0]->id;
+			$text = $statuses->statuses[0]->text;
+		} catch (\Exception $e) {
 			return [null, null];
 		}
 
@@ -117,8 +126,8 @@ class Twitter {
 	 * @return array
 	 */
 	private function splitMessageSignature($proof) {
-		$signature = substr($proof, -344);
-		$message = substr($proof, 0, -344);
+		$signature = substr($proof, -32);
+		$message = substr($proof, 0, -32);
 
 		return [trim($message), trim($signature)];
 	}
@@ -126,11 +135,27 @@ class Twitter {
 	/**
 	 * store reference to tweet
 	 *
-	 * @param $userData
+	 * @param $userId
 	 * @param $tweetId
 	 */
-	private function storeReference($userData, $tweetId) {
-
+	private function storeReference($userId, $tweetId) {
+
+		$key = 'tweet_id';
+
+		// delete old value, if exists
+		$stmt = $this->db->prepare('DELETE FROM store WHERE userId = :userId AND k = :k');
+		$stmt->bindParam(':userId', $userId, \PDO::PARAM_INT);
+		$stmt->bindParam(':k', $key, \PDO::PARAM_STR);
+		$stmt->execute();
+		$stmt->closeCursor();
+
+		// add new value
+		$stmt = $this->db->prepare('INSERT INTO store (userId, k, v) VALUES (:userId, :k, :v)');
+		$stmt->bindParam(':userId', $userId, \PDO::PARAM_INT);
+		$stmt->bindParam(':k', $key, \PDO::PARAM_STR);
+		$stmt->bindParam(':v', $tweetId, \PDO::PARAM_STR);
+		$stmt->execute();
+		$stmt->closeCursor();
 	}
 
 }
diff --git a/server/src/config.php b/server/src/config.php
index dc53e67..a702141 100644
--- a/server/src/config.php
+++ b/server/src/config.php
@@ -16,5 +16,11 @@ return [
 		'emailfrom' => $CONFIG['EMAIL_SENDER'],
 		'replication_auth' => $CONFIG['REPLICATION_AUTH'],
 		'replication_hosts' => $CONFIG['REPLICATION_HOSTS'],
+		'twitter' => [
+			'consumer_key' => $CONFIG['TWITTER']['CONSUMER_KEY'],
+			'consumer_secret' => $CONFIG['TWITTER']['CONSUMER_SECRET'],
+			'access_token' => $CONFIG['TWITTER']['ACCESS_TOKEN'],
+			'access_token_secret' => $CONFIG['TWITTER']['ACCESS_TOKEN_SECRET'],
+		],
 	]
 ];
diff --git a/server/src/dependencies.php b/server/src/dependencies.php
index d8140ae..32cedf3 100644
--- a/server/src/dependencies.php
+++ b/server/src/dependencies.php
@@ -36,7 +36,7 @@ $container['WebsiteValidator'] = function($c) {
 	return new \LookupServer\Validator\Website($c->SignatureHandler);
 };
 $container['TwitterValidator'] = function($c) {
-	return new \LookupServer\Validator\Twitter($c->TwitterOAuth, $c->SignatureHandler);
+	return new \LookupServer\Validator\Twitter($c->TwitterOAuth, $c->SignatureHandler, $c->db);
 };
 $container['Status'] = function($c) {
 	return new \LookupServer\Status();