twitter verification

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>

6 files changed, 167 insertions, 7 deletions

diff --git a/server/config/config.sample.php b/server/config/config.sample.php
index 178518d..aa761cf 100755
--- a/server/config/config.sample.php
+++ b/server/config/config.sample.php
@@ -54,9 +54,11 @@ $CONFIG = [
 	'PUBLIC_URL' => 'http://dev/nextcloud/lookup-server',
 
     // twitter oauth credentials, needed to perform twitter verification
-    'TWITTER_CONSUMER_KEY' => '',
-    'TWITTER_CONSUMER_SECRET' => '',
-    'TWITTER_ACCESS_TOKEN' => '',
-    'TWITTER_ACCESS_TOKEN_SECRET' => '',
+	'TWITTER' => [
+		'CONSUMER_KEY' => '',
+		'CONSUMER_SECRET' => '',
+		'ACCESS_TOKEN' => '',
+		'ACCESS_TOKEN_SECRET' => '',
+	]
 ];
 
diff --git a/server/lib/UserManager.php b/server/lib/UserManager.php
index bf984c8..592341c 100644
--- a/server/lib/UserManager.php
+++ b/server/lib/UserManager.php
@@ -3,6 +3,7 @@
 namespace LookupServer;
 
 use LookupServer\Validator\Email;
+use LookupServer\Validator\Twitter;
 use LookupServer\Validator\Website;
 use \Psr\Http\Message\ServerRequestInterface as Request;
 use \Psr\Http\Message\ResponseInterface as Response;
@@ -18,6 +19,9 @@ class UserManager {
 	/** @var  Website */
 	private $websiteValidator;
 
+	/** @var Twitter */
+	private $twitterValidator;
+
 	/** @var SignatureHandler */
 	private $signatureHandler;
 
@@ -27,15 +31,18 @@ class UserManager {
 	 * @param \PDO $db
 	 * @param Email $emailValidator
 	 * @param Website $websiteValidator
+	 * @param Twitter $twitterValidator
 	 * @param SignatureHandler $signatureHandler
 	 */
 	public function __construct(\PDO $db,
 								Email $emailValidator,
 								Website $websiteValidator,
+								Twitter $twitterValidator,
 								SignatureHandler $signatureHandler) {
 		$this->db = $db;
 		$this->emailValidator = $emailValidator;
 		$this->websiteValidator = $websiteValidator;
+		$this->twitterValidator = $twitterValidator;
 		$this->signatureHandler = $signatureHandler;
 	}
 
@@ -336,7 +343,8 @@ LIMIT 50');
 			switch ($verificationData['property']) {
 				case 'twitter':
 					//ToDo try to Verify Twitter account
-					$success = $this->verifyTwitter();
+					$userData = $this->getForUserId($verificationData['userId']);
+					$success = $this->twitterValidator->verify($verificationData, $userData);
 					break;
 				case 'website':
 					$userData = $this->getForUserId($verificationData['userId']);
diff --git a/server/lib/Validator/Twitter.php b/server/lib/Validator/Twitter.php
new file mode 100644
index 0000000..4999ff6
--- /dev/null
+++ b/server/lib/Validator/Twitter.php
@@ -0,0 +1,136 @@
+<?php
+/**
+ * @copyright Copyright (c) 2017 Bjoern Schiessle <bjoern@schiessle.org>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+namespace LookupServer\Validator;
+
+
+use Abraham\TwitterOAuth\TwitterOAuth;
+use LookupServer\SignatureHandler;
+
+class Twitter {
+
+	/** @var TwitterOAuth */
+	private $twitterOAuth;
+
+	/** @var SignatureHandler */
+	private $signatureHandler;
+
+	/**
+	 * Twitter constructor.
+	 *
+	 * @param TwitterOAuth $twitterOAuth
+	 * @param SignatureHandler $signatureHandler
+	 */
+	public function __construct(TwitterOAuth $twitterOAuth, SignatureHandler $signatureHandler) {
+		$this->twitterOAuth = $twitterOAuth;
+		$this->signatureHandler = $signatureHandler;
+	}
+
+	/**
+	 * verify Twitter proof
+	 *
+	 * @param array $verificationData from toVerify table
+	 * @param array $userData stored user data
+	 * @return bool
+	 */
+	public function verify(array $verificationData, array $userData) {
+		$twitterHandle = $verificationData['location'];
+		$isValid = $this->isValidTwitterHandle($twitterHandle);
+		$result = false;
+
+		if ($isValid === false) {
+			return $result;
+		}
+
+		try {
+			$userName = substr($twitterHandle, 1);
+			list($id, $text) = $this->getTweet($userName);
+			if ($text !== null) {
+				$cloudId = $userData['federationId'];
+				list($message, $signature) = $this->splitMessageSignature($text);
+				$result = $this->signatureHandler->verify($cloudId, $message, $signature);
+			}
+		} catch (\Exception $e) {
+			// do nothing, just return false;
+		}
+
+		if ($result === true) {
+			$this->storeReference($userData, $id);
+		}
+
+		return $result;
+	}
+
+	/**
+	 * get tweet text and id
+	 *
+	 * @param string $userName user name without the '@'
+	 * @return array
+	 */
+	private function getTweet($userName) {
+		$search = 'from:' . $userName . ' What I am searching for';
+		$statuses = $this->twitterOAuth->get('"search/tweets', ['q' => $search]);
+		if (isset($statuses[0])) {
+			$id = $statuses[0]->id;
+			$text = $statuses[0]->text;
+		} else {
+			return [null, null];
+		}
+
+		return [$id, $text];
+	}
+
+	/**
+	 * check if we have a correct twitter Handle
+	 *
+	 * @param $twitterHandle
+	 * @return bool
+	 */
+	private function isValidTwitterHandle($twitterHandle) {
+		$result = preg_match('/^@[A-Za-z0-9_]+$/', $twitterHandle);
+		return $result === 1;
+	}
+
+	/**
+	 * split message and signature
+	 *
+	 * @param string $proof
+	 * @return array
+	 */
+	private function splitMessageSignature($proof) {
+		$signature = substr($proof, -344);
+		$message = substr($proof, 0, -344);
+
+		return [trim($message), trim($signature)];
+	}
+
+	/**
+	 * store reference to tweet
+	 *
+	 * @param $userData
+	 * @param $tweetId
+	 */
+	private function storeReference($userData, $tweetId) {
+
+	}
+
+}
diff --git a/server/src/dependencies.php b/server/src/dependencies.php
index 38e7fc4..d8140ae 100644
--- a/server/src/dependencies.php
+++ b/server/src/dependencies.php
@@ -9,11 +9,21 @@ $container['db'] = function($c) {
 	return $pdo;
 };
 $container['UserManager'] = function($c) {
-	return new \LookupServer\UserManager($c->db, $c->EmailValidator, $c->WebsiteValidator, $c->SignatureHandler);
+	return new \LookupServer\UserManager($c->db, $c->EmailValidator, $c->WebsiteValidator, $c->TwitterValidator, $c->SignatureHandler);
 };
 $container['SignatureHandler'] = function($c) {
 	return new \LookupServer\SignatureHandler();
 };
+$container['TwitterOAuth'] = function($c) {
+	$twitterConf = $c['settings']['twitter'];
+	return new \Abraham\TwitterOAuth\TwitterOAuth(
+		$twitterConf['consumer_key'],
+		$twitterConf['consumer_secret'],
+		$twitterConf['access_token'],
+		$twitterConf['access_token_secret']
+	);
+};
+
 $container['EmailValidator'] = function($c) {
 	return new \LookupServer\Validator\Email(
 		$c->db,
@@ -25,7 +35,9 @@ $container['EmailValidator'] = function($c) {
 $container['WebsiteValidator'] = function($c) {
 	return new \LookupServer\Validator\Website($c->SignatureHandler);
 };
-
+$container['TwitterValidator'] = function($c) {
+	return new \LookupServer\Validator\Twitter($c->TwitterOAuth, $c->SignatureHandler);
+};
 $container['Status'] = function($c) {
 	return new \LookupServer\Status();
 };
diff --git a/server/vendor/composer/autoload_classmap.php b/server/vendor/composer/autoload_classmap.php
index 0c0d91d..49923d6 100644
--- a/server/vendor/composer/autoload_classmap.php
+++ b/server/vendor/composer/autoload_classmap.php
@@ -111,6 +111,7 @@ return array(
     'LookupServer\\Status' => $baseDir . '/lib/Status.php',
     'LookupServer\\UserManager' => $baseDir . '/lib/UserManager.php',
     'LookupServer\\Validator\\Email' => $baseDir . '/lib/Validator/Email.php',
+    'LookupServer\\Validator\\Twitter' => $baseDir . '/lib/Validator/Twitter.php',
     'LookupServer\\Validator\\Website' => $baseDir . '/lib/Validator/Website.php',
     'Pimple\\Container' => $vendorDir . '/pimple/pimple/src/Pimple/Container.php',
     'Pimple\\ServiceProviderInterface' => $vendorDir . '/pimple/pimple/src/Pimple/ServiceProviderInterface.php',
diff --git a/server/vendor/composer/autoload_static.php b/server/vendor/composer/autoload_static.php
index 9726f0f..247990e 100644
--- a/server/vendor/composer/autoload_static.php
+++ b/server/vendor/composer/autoload_static.php
@@ -206,6 +206,7 @@ class ComposerStaticInit509ee4e79733fbe3199b97373b795eca
         'LookupServer\\Status' => __DIR__ . '/../..' . '/lib/Status.php',
         'LookupServer\\UserManager' => __DIR__ . '/../..' . '/lib/UserManager.php',
         'LookupServer\\Validator\\Email' => __DIR__ . '/../..' . '/lib/Validator/Email.php',
+        'LookupServer\\Validator\\Twitter' => __DIR__ . '/../..' . '/lib/Validator/Twitter.php',
         'LookupServer\\Validator\\Website' => __DIR__ . '/../..' . '/lib/Validator/Website.php',
         'Pimple\\Container' => __DIR__ . '/..' . '/pimple/pimple/src/Pimple/Container.php',
         'Pimple\\ServiceProviderInterface' => __DIR__ . '/..' . '/pimple/pimple/src/Pimple/ServiceProviderInterface.php',