updated how all of the facebook authentication works

include/controllers/default/crunchbutton/api/user/index.php

@@ -236,62 +236,29 @@ class Controller_api_user extends Crunchbutton_Controller_Rest {
 			case 'facebook':
 				if ($_REQUEST['fbrtoken']) {
 					// log in from the app
-					
-					$fb = c::facebook();
-
-					$fb->setAccessToken($_REQUEST['fbrtoken']);
-					$user = $fb->getUser();
-			
-					if ($user) {
-						try {
-							$userObject = $fb->api('/'.$user);
-						} catch (Cana_Facebook_Exception $e) {
-							// debug for now
-							print_r($e);
-							$userObject = null;
-						}
-					}
-					echo json_encode($userObject);
+					c::auth()->facebook(new Crunchbutton_Auth_Facebook($_REQUEST['fbrtoken']));
+					c::auth()->facebook()->check();
+					c::auth()->fbauth();
+					echo c::user()->json();
 					break;
 				}
 
-				// Force register the facebook
-				foreach ( $_COOKIE as $key => $value ) {
-					if ( preg_match('/^fbsr_.*$/', $key ) ) {
-						$fb = new Crunchbutton_Auth_Facebook;
-						$user = c::user();
-						if ( $fb->user()->id ) {
-							// It seems the facebook user is already related with other user
-							$fb_user = User::facebook( $fb->user()->id );	
-							if ( $fb_user->id_user && $user->id_user ) {
-								if( $fb_user->id_user != $user->id_user ){
-									echo json_encode(['error' => 'facebook id already in use']);
-									exit;
-								}
+				// Force register or merge the facebook user and current user. do not merge if user has a facebook auth that is not current user auth
+				if (c::auth()->facebook()) {
+					$user = c::user();
+					$fb = c::auth()->facebook();
+
+					// @todo: changed alot of shit here. need to double check it all works
+					if ($fb->user()->id) {
+						// It seems the facebook user is already related with other user
+						$fb_user = User::facebook($fb->user()->id);
+						if ($fb_user->id_user && $user->id_user) {
+							if ($fb_user->id_user != $user->id_user) {
+								echo json_encode(['error' => 'facebook id already in use']);
+								exit;
 							}
-							if ( !$fb_user->id_user ) {
-								$user->active = 1;
-								$user->name = $fb->user()->name;
-								$user->email = $fb->user()->email;
-								$user->save();
-
-								$userAuth = new User_Auth;
-								$userAuth->active = 1;
-								$userAuth->id_user = $user->id_user;
-								$userAuth->type = 'facebook';
-								$userAuth->auth = $fb->user()->id;
-								$userAuth->save();
-
-								// This line will create a phone user auth just if the user already has an facebook auth
-								if( $user->phone ){
-									User_Auth::createPhoneAuthFromFacebook( $user->id_user, $user->phone );	
-								}
-								
-							} 
-						} else {
-							// we dont have a facebook user
 						}
-						break;
+
 					}
 				}
 				echo c::user()->json();

include/library/Crunchbutton/Auth.php

@@ -60,58 +60,49 @@ class Crunchbutton_Auth {
 		// not sure if theres any way to avoid this, but if a fb user is found, we have to make a fb request
 		// which take a little bit of time
 		if (!$this->_user) {
-
 			// check for a facebook cookie
 			foreach ($_COOKIE as $key => $value) {
 				if (preg_match('/^fbsr_.*$/', $key)) {
-				
-					// we found a cookie!
-					$fb = new Crunchbutton_Auth_Facebook;
-					
-					if ($fb->user()->id) {
-						// we have a facebook user
-						$user = User::facebook($fb->user()->id);
-	
-						if (!$user->id_user) {
-							// we dont have a user, and we need to make one
-							$user = new User;
-							$user->active = 1;
-							$user->name = $fb->user()->name;
-							$user->email = $fb->user()->email;
-							$user->save();
-							
-							$userAuth = new User_Auth;
-							$userAuth->active = 1;
-							$userAuth->id_user = $user->id_user;
-							$userAuth->type = 'facebook';
-							$userAuth->auth = $fb->user()->id;
-							$userAuth->save();
-						} else {
-							$user = $user->get(0);
-						}
-						
-						$this->_user = $user;
-						$this->session()->id_user = $user->id_user;
-						$this->session()->date_active = date('Y-m-d H:i:s');
-						$this->session()->generateAndSaveToken();
-						setcookie('token', $this->session()->token, (new DateTime('3000-01-01'))->getTimestamp(), '/');
-	
-					} else {
-						// we dont have a facebook user
-					}
-	
+					// we found a cookie! perform a facebook authentication via the api
+					$this->_facebook = new Crunchbutton_Auth_Facebook;
+					$this->fbauth();
 					break;
 				}
 			}
-		
 		}
-		
+
 		// we still dont have a user, so just set a blan object
 		if (!$this->_user) {
 			$this->_user = new Crunchbutton_User;
 		}
 
 	}
+	
+	public function facebook($fb = null) {
+		if (isset($fb)) {
+			$this->_facebook = $fb;
+		}
+		return $this->_facebook;
+	}
+	
+	public function fbauth() {
+		// we have a facebook user
+		if ($this->facebook()->fbuser()->id) {
+			$user = User::facebookCreate($this->facebook()->fbuser()->id, true);
+			if ($user) {
+				$this->setUser($user);
+			}
+		}
+		return $this;
+	}
+	
+	public function setUser($user) {
+		$this->_user = $user;
+		$this->session()->id_user = $user->id_user;
+		$this->session()->date_active = date('Y-m-d H:i:s');
+		$this->session()->generateAndSaveToken();
+		setcookie('token', $this->session()->token, (new DateTime('3000-01-01'))->getTimestamp(), '/');
+	}
 
 	public function doAuth($type, $id) {
 		$auth = Crunchbutton_User_Auth::byTypeId($type,$id);
@@ -140,9 +131,9 @@ class Crunchbutton_Auth {
 	}
 
 	public function user($user = null) {
-		if ($user) $this->_user = $user;
-
-		if (!isset($this->_user)) {
+		if (isset($user)) {
+			$this->_user = $user;
+		} elseif (!isset($this->_user)) {
 			$this->_user = new Crunchbutton_User;
 		}
 

include/library/Crunchbutton/Auth/Facebook.php

@@ -1,46 +1,50 @@
 <?php
 
 class Crunchbutton_Auth_Facebook extends Cana_Model {
-	public function __construct($data = null) {
-		if (!$data) {
+	public function __construct($token = null, $user = null) {
+		$this->_facebook = c::facebook();
+
+		if ($token) {
+			$this->facebook()->setAccessToken($token);
+		}
+
+		if (!$user) {
 			$this->check();
 		} else {
-			$this->_user = $data;
+			$this->_user = $user;
 		}
+		
 	}
 
 	public function check() {
-
-		$this->_facebook = new Cana_Facebook([
-			'appId'	=> Cana::config()->facebook->app,
-			'secret' => Cana::config()->facebook->secret
-		]);
-
-		$user = $this->_facebook->getUser();
+		$user = c::facebook()->getUser();
 
 		if ($user) {
 			try {
-				$userObject = $this->_facebook->api('/'.$user);
+				$userObject = $this->facebook()->api('/'.$user);
 			} catch (Cana_Facebook_Exception $e) {
-				// debug for now
 				$userObject = null;
 			}
 		}
 
-		$this->_user = Cana_Model::toModel($userObject);
+		$this->_fbuser = Cana_Model::toModel($userObject);
 		return $this;
 	}
 
 	public function login() {
-		header('Location: '.$this->_facebook->getLoginUrl().'&scope=email');	
+		header('Location: '.$this->facebook()->getLoginUrl().'&scope=email');	
 		exit;
 	}
 
 	public function logout() {
-		header('Location: '.$this->_facebook->getLogoutUrl());
+		header('Location: '.$this->facebook()->getLogoutUrl());
 		exit;
 	}
 
+	public function fbuser() {
+		return $this->_fbuser;
+	}
+	
 	public function user() {
 		return $this->_user;
 	}

include/library/Crunchbutton/User.php

@@ -51,6 +51,44 @@ class Crunchbutton_User extends Cana_Table {
 			');
 	}
 	
+	public static function facebookCreate($id, $auth = false) {
+		$fbuser = self::facebook($id);
+		$user = $auth ? null : c::user();
+
+		if (!$fbuser->id_user) {
+			// we dont have a user, and we need to make one
+			if (!$user->id_user) {
+				$user = new User;
+				$user->active = 1;
+			}
+			$user->name = c::facebook()->user()->name;
+			$user->email = c::facebook()->user()->email;
+			$user->save();
+
+			$userAuth = new User_Auth;
+			$userAuth->active = 1;
+			$userAuth->id_user = $user->id_user;
+			$userAuth->type = 'facebook';
+			$userAuth->auth = c::facebook()->user()->id;
+			$userAuth->save();
+			
+			if ($user->phone) {
+				User_Auth::createPhoneAuthFromFacebook($user->id_user, $user->phone);
+			}
+
+		} elseif ((!$auth && $fbuser->id_user != $user->id_user)) {
+			// somehow the user is logged into a crunchbutton account that is NOT associated with the logged in facebook account!!
+			// pretend that the facebook user isnt logged in. we trust our crunchbutton account more
+			// when loggin in we will never get here since the code to chceck for token is before facebook cookie
+			$user = false;
+		} else {
+			// we have a valid facebook authed user
+			$user = $fbuser->get(0);
+		}
+
+		return $user;
+	}
+	
 	public function auths() {
 		if (!isset($this->_auths)) {
 			$this->_auths = User_Auth::q('select * from user_auth where id_user="'.$this->id_user.'" and active=1');

www/assets/js/services.facebook.js

@@ -92,12 +92,13 @@ NGApp.factory( 'FacebookService', function( $http, $location, AccountService ){
 
 					// if it is phonegap call a special facebook connection
 					var data = {};
+					url = App.service + 'user/facebook';
 					if (App.isPhoneGap) {
-						data.fbrtoken = service.token;
+						url =+ '?fbrtoken=' + service.token;
 					}
 
 					// Just call the user api, this will create a facebook user
-					$http({method: 'GET', url: App.service + 'user/facebook', data: data, cache: false}).success(function(data) {
+					$http({method: 'GET', url: url, cache: false}).success(function(data) {
 	
 						App.log.account({'userID': status.authResponse.userID, 'running': service.running, 'data': data }, 'facebook ajax');