diff options
author | Bjoern Schiessle <bjoern@schiessle.org> | 2017-04-28 19:04:52 +0300 |
---|---|---|
committer | Bjoern Schiessle <bjoern@schiessle.org> | 2017-04-28 22:01:40 +0300 |
commit | 99d60d01859d2910d6934c9b7a2c8b50ca76be5c (patch) | |
tree | d0b9522887fc0705cf40d26e7abbe6a649de1801 | |
parent | 341c8fd74a6dd92e76f458ec6412877df86d5a8b (diff) |
twitter verify
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
-rw-r--r-- | server/lib/UserManager.php | 44 | ||||
-rw-r--r-- | server/lib/Validator/Twitter.php | 55 | ||||
-rw-r--r-- | server/src/config.php | 6 | ||||
-rw-r--r-- | server/src/dependencies.php | 2 |
4 files changed, 56 insertions, 51 deletions
diff --git a/server/lib/UserManager.php b/server/lib/UserManager.php index 592341c..6953ec8 100644 --- a/server/lib/UserManager.php +++ b/server/lib/UserManager.php @@ -140,20 +140,6 @@ LIMIT 50'); } /** - * Split a cloud id in a user and host post - * - * @param $cloudId - * @return string[] - */ - private function splitCloudId($cloudId) { - $loc = strrpos($cloudId, '@'); - - $user = substr($cloudId, 0, $loc); - $host = substr($cloudId, $loc+1); - return [$user, $host]; - } - - /** * @param string $cloudId * @param string[] $data * @param int $timestamp @@ -166,7 +152,7 @@ LIMIT 50'); $id = $this->db->lastInsertId(); $stmt->closeCursor(); - $fields = ['name', 'email', 'address', 'website', 'twitter', 'phone']; + $fields = ['name', 'email', 'address', 'website', 'twitter', 'phone', 'twitter_signature', 'website_signature']; foreach ($fields as $field) { if (!isset($data[$field]) || $data[$field] === '') { @@ -198,7 +184,7 @@ LIMIT 50'); $stmt->bindParam(':timestamp', $timestamp, \PDO::PARAM_INT); $stmt->execute(); $stmt->closeCursor(); - $fields = ['name', 'email', 'address', 'website', 'twitter', 'phone']; + $fields = ['name', 'email', 'address', 'website', 'twitter', 'phone', 'twitter_signature', 'website_signature']; $stmt = $this->db->prepare('SELECT * FROM store WHERE userId = :userId'); $stmt->bindParam(':userId', $id, \PDO::PARAM_INT); @@ -229,7 +215,6 @@ LIMIT 50'); $stmt->bindParam(':v', $data[$key]); $stmt->execute(); $stmt->closeCursor(); - if ($key === 'email') { $this->emailValidator->emailUpdated($data[$key], $row['id']); } @@ -259,7 +244,12 @@ LIMIT 50'); } private function needToVerify($userId, $storeId, $data, $key) { - if (isset($data['verificationStatus'][$key]) && $data['verificationStatus'][$key] === '1') { + $stmt = $this->db->prepare('SELECT * FROM toVerify WHERE storeId = :storeId'); + $stmt->bindParam(':storeId', $storeId, \PDO::PARAM_INT); + $stmt->execute(); + $alreadyExists = $stmt->fetch(); + + if ($alreadyExists === false && isset($data['verificationStatus'][$key]) && $data['verificationStatus'][$key] === '1') { $tries = 0; $stmt = $this->db->prepare('INSERT INTO toVerify (userId, storeId, property, location, tries) VALUES (:userId, :storeId, :property, :location, :tries)'); $stmt->bindParam(':userId', $userId, \PDO::PARAM_INT); @@ -268,6 +258,7 @@ LIMIT 50'); $stmt->bindParam(':location', $data[$key]); $stmt->bindParam(':tries', $tries, \PDO::PARAM_INT); $stmt->execute(); + $stmt->closeCursor(); } } @@ -376,7 +367,6 @@ LIMIT 50'); * @param $id */ private function removeOpenVerificationRequest($id) { - return true; // Fixme... just for testing purpose. $stmt = $this->db->prepare('DELETE FROM toVerify WHERE id = :id'); $stmt->bindParam(':id', $id); $stmt->execute(); @@ -397,28 +387,12 @@ LIMIT 50'); } /** - * @param array $data - * @return bool - */ - private function verifyTwitter($data) { - // ToDo get data from verify table (includes $cloudId, $location) - // ToDo get proof from twitter user $location - // ToDo split $message & $signature - // ToDo "verifyRequest" needs to be able to handle the shortened md5 signature from twitter - $result = $this->signatureHandler->verify($cloudId, $message, $signature); - - return result; - - } - - /** * @param string $cloudId * @param string[] $data * @param int $timestamp * @return bool */ private function insertOrUpdate($cloudId, $data, $timestamp) { - $stmt = $this->db->prepare('SELECT * FROM users WHERE federationId = :federationId'); $stmt->bindParam(':federationId', $cloudId); $stmt->execute(); diff --git a/server/lib/Validator/Twitter.php b/server/lib/Validator/Twitter.php index 4999ff6..7cd3724 100644 --- a/server/lib/Validator/Twitter.php +++ b/server/lib/Validator/Twitter.php @@ -34,15 +34,20 @@ class Twitter { /** @var SignatureHandler */ private $signatureHandler; + /** @var \PDO */ + private $db; + /** * Twitter constructor. * * @param TwitterOAuth $twitterOAuth * @param SignatureHandler $signatureHandler + * @param \PDO $db */ - public function __construct(TwitterOAuth $twitterOAuth, SignatureHandler $signatureHandler) { + public function __construct(TwitterOAuth $twitterOAuth, SignatureHandler $signatureHandler, \PDO $db) { $this->twitterOAuth = $twitterOAuth; $this->signatureHandler = $signatureHandler; + $this->db = $db; } /** @@ -63,18 +68,20 @@ class Twitter { try { $userName = substr($twitterHandle, 1); - list($id, $text) = $this->getTweet($userName); + list($tweetId, $text) = $this->getTweet($userName); if ($text !== null) { $cloudId = $userData['federationId']; - list($message, $signature) = $this->splitMessageSignature($text); + list($message, $md5signature) = $this->splitMessageSignature($text); + $signature = $userData['twitter_signature']['value']; $result = $this->signatureHandler->verify($cloudId, $message, $signature); + $result = $result && md5($signature) === $md5signature; } } catch (\Exception $e) { // do nothing, just return false; } if ($result === true) { - $this->storeReference($userData, $id); + $this->storeReference((int)$verificationData['userId'], $tweetId); } return $result; @@ -87,12 +94,14 @@ class Twitter { * @return array */ private function getTweet($userName) { - $search = 'from:' . $userName . ' What I am searching for'; - $statuses = $this->twitterOAuth->get('"search/tweets', ['q' => $search]); - if (isset($statuses[0])) { - $id = $statuses[0]->id; - $text = $statuses[0]->text; - } else { + + try { + $search = 'from:' . $userName . ' Use my Federated Cloud ID to share with me'; + $statuses = $this->twitterOAuth->get('search/tweets', ['q' => $search]); + + $id = $statuses->statuses[0]->id; + $text = $statuses->statuses[0]->text; + } catch (\Exception $e) { return [null, null]; } @@ -117,8 +126,8 @@ class Twitter { * @return array */ private function splitMessageSignature($proof) { - $signature = substr($proof, -344); - $message = substr($proof, 0, -344); + $signature = substr($proof, -32); + $message = substr($proof, 0, -32); return [trim($message), trim($signature)]; } @@ -126,11 +135,27 @@ class Twitter { /** * store reference to tweet * - * @param $userData + * @param $userId * @param $tweetId */ - private function storeReference($userData, $tweetId) { - + private function storeReference($userId, $tweetId) { + + $key = 'tweet_id'; + + // delete old value, if exists + $stmt = $this->db->prepare('DELETE FROM store WHERE userId = :userId AND k = :k'); + $stmt->bindParam(':userId', $userId, \PDO::PARAM_INT); + $stmt->bindParam(':k', $key, \PDO::PARAM_STR); + $stmt->execute(); + $stmt->closeCursor(); + + // add new value + $stmt = $this->db->prepare('INSERT INTO store (userId, k, v) VALUES (:userId, :k, :v)'); + $stmt->bindParam(':userId', $userId, \PDO::PARAM_INT); + $stmt->bindParam(':k', $key, \PDO::PARAM_STR); + $stmt->bindParam(':v', $tweetId, \PDO::PARAM_STR); + $stmt->execute(); + $stmt->closeCursor(); } } diff --git a/server/src/config.php b/server/src/config.php index dc53e67..a702141 100644 --- a/server/src/config.php +++ b/server/src/config.php @@ -16,5 +16,11 @@ return [ 'emailfrom' => $CONFIG['EMAIL_SENDER'], 'replication_auth' => $CONFIG['REPLICATION_AUTH'], 'replication_hosts' => $CONFIG['REPLICATION_HOSTS'], + 'twitter' => [ + 'consumer_key' => $CONFIG['TWITTER']['CONSUMER_KEY'], + 'consumer_secret' => $CONFIG['TWITTER']['CONSUMER_SECRET'], + 'access_token' => $CONFIG['TWITTER']['ACCESS_TOKEN'], + 'access_token_secret' => $CONFIG['TWITTER']['ACCESS_TOKEN_SECRET'], + ], ] ]; diff --git a/server/src/dependencies.php b/server/src/dependencies.php index d8140ae..32cedf3 100644 --- a/server/src/dependencies.php +++ b/server/src/dependencies.php @@ -36,7 +36,7 @@ $container['WebsiteValidator'] = function($c) { return new \LookupServer\Validator\Website($c->SignatureHandler); }; $container['TwitterValidator'] = function($c) { - return new \LookupServer\Validator\Twitter($c->TwitterOAuth, $c->SignatureHandler); + return new \LookupServer\Validator\Twitter($c->TwitterOAuth, $c->SignatureHandler, $c->db); }; $container['Status'] = function($c) { return new \LookupServer\Status(); |