Skip to content

Commit

Permalink
closed #138 added new cookie based login
Browse files Browse the repository at this point in the history
  • Loading branch information
exodus4d committed May 1, 2016
1 parent 7f23e31 commit 2b58853
Show file tree
Hide file tree
Showing 20 changed files with 1,017 additions and 220 deletions.
34 changes: 3 additions & 31 deletions app/main/controller/accesscontroller.php
Original file line number Diff line number Diff line change
Expand Up @@ -19,42 +19,14 @@ class AccessController extends Controller {
function beforeroute(\Base $f3) {
parent::beforeroute($f3);

// Any CMS route of a child class of this one, requires a
// valid logged in user!
$loginCheck = $this->checkLogIn($f3);
// Any route/endpoint of a child class of this one,
// requires a valid logged in user!
$loginCheck = $this->checkLogTimer($f3);

if( !$loginCheck ){
// no user found or LogIn timer expired
$this->logOut($f3);
}
}

/**
* checks weather a user is currently logged in
* @param \Base $f3
* @return bool
*/
private function checkLogIn($f3){
$loginCheck = false;

if($f3->get(Api\User::SESSION_KEY_CHARACTER_TIME) > 0){
// check logIn time
$logInTime = new \DateTime();
$logInTime->setTimestamp( $f3->get(Api\User::SESSION_KEY_CHARACTER_TIME) );
$now = new \DateTime();

$timeDiff = $now->diff($logInTime);

$minutes = $timeDiff->days * 60 * 24 * 60;
$minutes += $timeDiff->h * 60;
$minutes += $timeDiff->i;

if($minutes <= $f3->get('PATHFINDER.TIMER.LOGGED')){
$loginCheck = true;
}
}

return $loginCheck;
}

}
1 change: 0 additions & 1 deletion app/main/controller/api/route.php
Original file line number Diff line number Diff line change
Expand Up @@ -568,7 +568,6 @@ public function search($f3){
$item = false;
}
$data[0]->reset();

}

}, [$map, $validMaps, $activeCharacter]);
Expand Down
87 changes: 29 additions & 58 deletions app/main/controller/api/user.php
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,35 @@ protected function loginByCharacter(Model\CharacterModel &$characterModel){
return $login;
}

/**
* validate cookie character information
* -> return character data (if valid)
* @param \Base $f3
*/
public function getCookieCharacter($f3){
$data = $f3->get('POST');

$return = (object) [];
$return->error = [];

if( !empty($data['cookie']) ){
if( !empty($cookieData = $this->getCookieByName($data['cookie']) )){
// cookie data is valid -> validate data against DB (security check!)
if( !empty($characters = $this->getCookieCharacters(array_slice($cookieData, 0, 1, true))) ){
// character is valid and allowed to login
$return->character = reset($characters)->getData();
}else{
$characterError = (object) [];
$characterError->type = 'warning';
$characterError->message = 'This can happen through "invalid cookie data", "login restrictions", "CREST problems".';
$return->error[] = $characterError;
}
}
}

echo json_encode($return);
}

/**
* get captcha image and store key to session
* @param \Base $f3
Expand Down Expand Up @@ -149,64 +178,6 @@ public function logOut(\Base $f3){
parent::logOut($f3);
}

/**
* save/update "map sharing" configurations for all map types
* the user has access to
* @param \Base $f3
*/
public function saveSharingConfig(\Base $f3){
$data = $f3->get('POST');

$return = (object) [];

$activeCharacter = $this->getCharacter();

if($activeCharacter){
$privateSharing = 0;
$corporationSharing = 0;
$allianceSharing = 0;

// form values
if(isset($data['formData'])){
$formData = $data['formData'];

if(isset($formData['privateSharing'])){
$privateSharing = 1;
}

if(isset($formData['corporationSharing'])){
$corporationSharing = 1;
}

if(isset($formData['allianceSharing'])){
$allianceSharing = 1;
}
}

$activeCharacter->shared = $privateSharing;
$activeCharacter = $activeCharacter->save();

// update corp/ally ---------------------------------------------------------------
$corporation = $activeCharacter->getCorporation();
$alliance = $activeCharacter->getAlliance();

if(is_object($corporation)){
$corporation->shared = $corporationSharing;
$corporation->save();
}

if(is_object($alliance)){
$alliance->shared = $allianceSharing;
$alliance->save();
}

$user = $activeCharacter->getUser();
$return->userData = $user->getData();
}

echo json_encode($return);
}

/**
* update user account data
* -> a fresh user automatically generated on first login with a new character
Expand Down
7 changes: 7 additions & 0 deletions app/main/controller/appcontroller.php
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@

namespace Controller;
use Controller\Ccp as Ccp;
use Model;

class AppController extends Controller {

Expand Down Expand Up @@ -43,6 +44,12 @@ public function init(\Base $f3) {

// JS main file
$f3->set('jsView', 'login');

// characters from cookies
$f3->set('cookieCharacters', $this->getCookieByName(self::COOKIE_PREFIX_CHARACTER, true));
$f3->set('getCharacterGrid', function($characters){
return ( ((12 / count($characters)) <= 4) ? 4 : (12 / count($characters)) );
});
}

}
42 changes: 39 additions & 3 deletions app/main/controller/ccp/sso.php
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ class Sso extends Api\User{
const ERROR_CHARACTER_FORBIDDEN = 'Character "%s" is not authorized to log in';
const ERROR_CHARACTER_MISMATCH = 'The character "%s" you tried to log in, does not match';
const ERROR_SERVICE_TIMEOUT = 'CCP SSO service timeout (%ss). Try again later';
const ERROR_COOKIE_LOGIN = 'Login from Cookie failed. Please retry by CCP SSO';

/**
* CREST "Scopes" are used by pathfinder
Expand Down Expand Up @@ -156,7 +157,7 @@ public function callbackAuthorization($f3){
// get character data from CREST
$characterData = $this->getCharacterData($accessData->accessToken);

if(isset($characterData->character)){
if( isset($characterData->character) ){
// add "ownerHash" and CREST tokens
$characterData->character['ownerHash'] = $verificationCharacterData->CharacterOwnerHash;
$characterData->character['crestAccessToken'] = $accessData->accessToken;
Expand Down Expand Up @@ -203,6 +204,9 @@ public function callbackAuthorization($f3){
$loginCheck = $this->loginByCharacter($characterModel);

if($loginCheck){
// set "login" cookie
$this->setLoginCookie($characterModel);

// route to "map"
$f3->reroute('@map');
}else{
Expand Down Expand Up @@ -235,6 +239,38 @@ public function callbackAuthorization($f3){
}
}

/**
* login by cookie
* @param \Base $f3
*/
public function login(\Base $f3){
$data = (array)$f3->get('GET');
$character = null;

if( !empty($data['cookie']) ){
if( !empty($cookieData = $this->getCookieByName($data['cookie']) )){
// cookie data is valid -> validate data against DB (security check!)
if( !empty($characters = $this->getCookieCharacters(array_slice($cookieData, 0, 1, true))) ){
// character is valid and allowed to login
$character = $characters[$data['cookie']];
}
}
}

if( is_object($character)){
// login by character
$loginCheck = $this->loginByCharacter($character);
if($loginCheck){
// route to "map"
$f3->reroute('@map');
}
}

// on error -> route back to login form
$f3->set(self::SESSION_KEY_SSO_ERROR, self::ERROR_COOKIE_LOGIN);
$f3->reroute('@login');
}

/**
* get a valid "access_token" for oAuth 2.0 verification
* -> if $authCode is set -> request NEW "access_token"
Expand Down Expand Up @@ -357,7 +393,7 @@ protected function requestAccessData($requestParams){
* @param $accessToken
* @return mixed|null
*/
protected function verifyCharacterData($accessToken){
public function verifyCharacterData($accessToken){
$verifyUserUrl = self::getVerifyUserEndpoint();
$verifyUrlParts = parse_url($verifyUserUrl);
$characterData = null;
Expand Down Expand Up @@ -492,7 +528,7 @@ protected function walkEndpoint($accessToken, $endpoint, $path = [], $additional
* @param array $additionalOptions
* @return object
*/
protected function getCharacterData($accessToken, $additionalOptions = []){
public function getCharacterData($accessToken, $additionalOptions = []){
$endpoints = $this->getEndpoints($accessToken, $additionalOptions);
$characterData = (object) [];

Expand Down
Loading

0 comments on commit 2b58853

Please sign in to comment.