diff options
author | Bjoern Schiessle <bjoern@schiessle.org> | 2017-04-28 16:06:12 +0300 |
---|---|---|
committer | Bjoern Schiessle <bjoern@schiessle.org> | 2017-04-28 16:47:16 +0300 |
commit | 341c8fd74a6dd92e76f458ec6412877df86d5a8b (patch) | |
tree | 3ea008f10f913d4537a70205e9b4d4195aec433b | |
parent | e4f43f4930e3f5b8be625f636badf79aa59b3154 (diff) |
twitter verification
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
-rwxr-xr-x | server/config/config.sample.php | 10 | ||||
-rw-r--r-- | server/lib/UserManager.php | 10 | ||||
-rw-r--r-- | server/lib/Validator/Twitter.php | 136 | ||||
-rw-r--r-- | server/src/dependencies.php | 16 | ||||
-rw-r--r-- | server/vendor/composer/autoload_classmap.php | 1 | ||||
-rw-r--r-- | server/vendor/composer/autoload_static.php | 1 |
6 files changed, 167 insertions, 7 deletions
diff --git a/server/config/config.sample.php b/server/config/config.sample.php index 178518d..aa761cf 100755 --- a/server/config/config.sample.php +++ b/server/config/config.sample.php @@ -54,9 +54,11 @@ $CONFIG = [ 'PUBLIC_URL' => 'http://dev/nextcloud/lookup-server', // twitter oauth credentials, needed to perform twitter verification - 'TWITTER_CONSUMER_KEY' => '', - 'TWITTER_CONSUMER_SECRET' => '', - 'TWITTER_ACCESS_TOKEN' => '', - 'TWITTER_ACCESS_TOKEN_SECRET' => '', + 'TWITTER' => [ + 'CONSUMER_KEY' => '', + 'CONSUMER_SECRET' => '', + 'ACCESS_TOKEN' => '', + 'ACCESS_TOKEN_SECRET' => '', + ] ]; diff --git a/server/lib/UserManager.php b/server/lib/UserManager.php index bf984c8..592341c 100644 --- a/server/lib/UserManager.php +++ b/server/lib/UserManager.php @@ -3,6 +3,7 @@ namespace LookupServer; use LookupServer\Validator\Email; +use LookupServer\Validator\Twitter; use LookupServer\Validator\Website; use \Psr\Http\Message\ServerRequestInterface as Request; use \Psr\Http\Message\ResponseInterface as Response; @@ -18,6 +19,9 @@ class UserManager { /** @var Website */ private $websiteValidator; + /** @var Twitter */ + private $twitterValidator; + /** @var SignatureHandler */ private $signatureHandler; @@ -27,15 +31,18 @@ class UserManager { * @param \PDO $db * @param Email $emailValidator * @param Website $websiteValidator + * @param Twitter $twitterValidator * @param SignatureHandler $signatureHandler */ public function __construct(\PDO $db, Email $emailValidator, Website $websiteValidator, + Twitter $twitterValidator, SignatureHandler $signatureHandler) { $this->db = $db; $this->emailValidator = $emailValidator; $this->websiteValidator = $websiteValidator; + $this->twitterValidator = $twitterValidator; $this->signatureHandler = $signatureHandler; } @@ -336,7 +343,8 @@ LIMIT 50'); switch ($verificationData['property']) { case 'twitter': //ToDo try to Verify Twitter account - $success = $this->verifyTwitter(); + $userData = $this->getForUserId($verificationData['userId']); + $success = $this->twitterValidator->verify($verificationData, $userData); break; case 'website': $userData = $this->getForUserId($verificationData['userId']); diff --git a/server/lib/Validator/Twitter.php b/server/lib/Validator/Twitter.php new file mode 100644 index 0000000..4999ff6 --- /dev/null +++ b/server/lib/Validator/Twitter.php @@ -0,0 +1,136 @@ +<?php +/** + * @copyright Copyright (c) 2017 Bjoern Schiessle <bjoern@schiessle.org> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + + +namespace LookupServer\Validator; + + +use Abraham\TwitterOAuth\TwitterOAuth; +use LookupServer\SignatureHandler; + +class Twitter { + + /** @var TwitterOAuth */ + private $twitterOAuth; + + /** @var SignatureHandler */ + private $signatureHandler; + + /** + * Twitter constructor. + * + * @param TwitterOAuth $twitterOAuth + * @param SignatureHandler $signatureHandler + */ + public function __construct(TwitterOAuth $twitterOAuth, SignatureHandler $signatureHandler) { + $this->twitterOAuth = $twitterOAuth; + $this->signatureHandler = $signatureHandler; + } + + /** + * verify Twitter proof + * + * @param array $verificationData from toVerify table + * @param array $userData stored user data + * @return bool + */ + public function verify(array $verificationData, array $userData) { + $twitterHandle = $verificationData['location']; + $isValid = $this->isValidTwitterHandle($twitterHandle); + $result = false; + + if ($isValid === false) { + return $result; + } + + try { + $userName = substr($twitterHandle, 1); + list($id, $text) = $this->getTweet($userName); + if ($text !== null) { + $cloudId = $userData['federationId']; + list($message, $signature) = $this->splitMessageSignature($text); + $result = $this->signatureHandler->verify($cloudId, $message, $signature); + } + } catch (\Exception $e) { + // do nothing, just return false; + } + + if ($result === true) { + $this->storeReference($userData, $id); + } + + return $result; + } + + /** + * get tweet text and id + * + * @param string $userName user name without the '@' + * @return array + */ + private function getTweet($userName) { + $search = 'from:' . $userName . ' What I am searching for'; + $statuses = $this->twitterOAuth->get('"search/tweets', ['q' => $search]); + if (isset($statuses[0])) { + $id = $statuses[0]->id; + $text = $statuses[0]->text; + } else { + return [null, null]; + } + + return [$id, $text]; + } + + /** + * check if we have a correct twitter Handle + * + * @param $twitterHandle + * @return bool + */ + private function isValidTwitterHandle($twitterHandle) { + $result = preg_match('/^@[A-Za-z0-9_]+$/', $twitterHandle); + return $result === 1; + } + + /** + * split message and signature + * + * @param string $proof + * @return array + */ + private function splitMessageSignature($proof) { + $signature = substr($proof, -344); + $message = substr($proof, 0, -344); + + return [trim($message), trim($signature)]; + } + + /** + * store reference to tweet + * + * @param $userData + * @param $tweetId + */ + private function storeReference($userData, $tweetId) { + + } + +} diff --git a/server/src/dependencies.php b/server/src/dependencies.php index 38e7fc4..d8140ae 100644 --- a/server/src/dependencies.php +++ b/server/src/dependencies.php @@ -9,11 +9,21 @@ $container['db'] = function($c) { return $pdo; }; $container['UserManager'] = function($c) { - return new \LookupServer\UserManager($c->db, $c->EmailValidator, $c->WebsiteValidator, $c->SignatureHandler); + return new \LookupServer\UserManager($c->db, $c->EmailValidator, $c->WebsiteValidator, $c->TwitterValidator, $c->SignatureHandler); }; $container['SignatureHandler'] = function($c) { return new \LookupServer\SignatureHandler(); }; +$container['TwitterOAuth'] = function($c) { + $twitterConf = $c['settings']['twitter']; + return new \Abraham\TwitterOAuth\TwitterOAuth( + $twitterConf['consumer_key'], + $twitterConf['consumer_secret'], + $twitterConf['access_token'], + $twitterConf['access_token_secret'] + ); +}; + $container['EmailValidator'] = function($c) { return new \LookupServer\Validator\Email( $c->db, @@ -25,7 +35,9 @@ $container['EmailValidator'] = function($c) { $container['WebsiteValidator'] = function($c) { return new \LookupServer\Validator\Website($c->SignatureHandler); }; - +$container['TwitterValidator'] = function($c) { + return new \LookupServer\Validator\Twitter($c->TwitterOAuth, $c->SignatureHandler); +}; $container['Status'] = function($c) { return new \LookupServer\Status(); }; diff --git a/server/vendor/composer/autoload_classmap.php b/server/vendor/composer/autoload_classmap.php index 0c0d91d..49923d6 100644 --- a/server/vendor/composer/autoload_classmap.php +++ b/server/vendor/composer/autoload_classmap.php @@ -111,6 +111,7 @@ return array( 'LookupServer\\Status' => $baseDir . '/lib/Status.php', 'LookupServer\\UserManager' => $baseDir . '/lib/UserManager.php', 'LookupServer\\Validator\\Email' => $baseDir . '/lib/Validator/Email.php', + 'LookupServer\\Validator\\Twitter' => $baseDir . '/lib/Validator/Twitter.php', 'LookupServer\\Validator\\Website' => $baseDir . '/lib/Validator/Website.php', 'Pimple\\Container' => $vendorDir . '/pimple/pimple/src/Pimple/Container.php', 'Pimple\\ServiceProviderInterface' => $vendorDir . '/pimple/pimple/src/Pimple/ServiceProviderInterface.php', diff --git a/server/vendor/composer/autoload_static.php b/server/vendor/composer/autoload_static.php index 9726f0f..247990e 100644 --- a/server/vendor/composer/autoload_static.php +++ b/server/vendor/composer/autoload_static.php @@ -206,6 +206,7 @@ class ComposerStaticInit509ee4e79733fbe3199b97373b795eca 'LookupServer\\Status' => __DIR__ . '/../..' . '/lib/Status.php', 'LookupServer\\UserManager' => __DIR__ . '/../..' . '/lib/UserManager.php', 'LookupServer\\Validator\\Email' => __DIR__ . '/../..' . '/lib/Validator/Email.php', + 'LookupServer\\Validator\\Twitter' => __DIR__ . '/../..' . '/lib/Validator/Twitter.php', 'LookupServer\\Validator\\Website' => __DIR__ . '/../..' . '/lib/Validator/Website.php', 'Pimple\\Container' => __DIR__ . '/..' . '/pimple/pimple/src/Pimple/Container.php', 'Pimple\\ServiceProviderInterface' => __DIR__ . '/..' . '/pimple/pimple/src/Pimple/ServiceProviderInterface.php', |