From 4975f923b159484560e2bb9d745a13bb0aaad8e4 Mon Sep 17 00:00:00 2001 From: arzynik Date: Fri, 16 Aug 2013 00:03:11 -0700 Subject: [PATCH] updated how all of the facebook authentication works --- .../default/crunchbutton/api/user/index.php | 69 +++++------------ include/library/Crunchbutton/Auth.php | 75 ++++++++----------- .../library/Crunchbutton/Auth/Facebook.php | 34 +++++---- include/library/Crunchbutton/User.php | 38 ++++++++++ www/assets/js/services.facebook.js | 5 +- 5 files changed, 111 insertions(+), 110 deletions(-) diff --git a/include/controllers/default/crunchbutton/api/user/index.php b/include/controllers/default/crunchbutton/api/user/index.php index 46fd819be..3a03e4789 100644 --- a/include/controllers/default/crunchbutton/api/user/index.php +++ b/include/controllers/default/crunchbutton/api/user/index.php @@ -236,62 +236,29 @@ class Controller_api_user extends Crunchbutton_Controller_Rest { case 'facebook': if ($_REQUEST['fbrtoken']) { // log in from the app - - $fb = c::facebook(); - - $fb->setAccessToken($_REQUEST['fbrtoken']); - $user = $fb->getUser(); - - if ($user) { - try { - $userObject = $fb->api('/'.$user); - } catch (Cana_Facebook_Exception $e) { - // debug for now - print_r($e); - $userObject = null; - } - } - echo json_encode($userObject); + c::auth()->facebook(new Crunchbutton_Auth_Facebook($_REQUEST['fbrtoken'])); + c::auth()->facebook()->check(); + c::auth()->fbauth(); + echo c::user()->json(); break; } - // Force register the facebook - foreach ( $_COOKIE as $key => $value ) { - if ( preg_match('/^fbsr_.*$/', $key ) ) { - $fb = new Crunchbutton_Auth_Facebook; - $user = c::user(); - if ( $fb->user()->id ) { - // It seems the facebook user is already related with other user - $fb_user = User::facebook( $fb->user()->id ); - if ( $fb_user->id_user && $user->id_user ) { - if( $fb_user->id_user != $user->id_user ){ - echo json_encode(['error' => 'facebook id already in use']); - exit; - } + // Force register or merge the facebook user and current user. do not merge if user has a facebook auth that is not current user auth + if (c::auth()->facebook()) { + $user = c::user(); + $fb = c::auth()->facebook(); + + // @todo: changed alot of shit here. need to double check it all works + if ($fb->user()->id) { + // It seems the facebook user is already related with other user + $fb_user = User::facebook($fb->user()->id); + if ($fb_user->id_user && $user->id_user) { + if ($fb_user->id_user != $user->id_user) { + echo json_encode(['error' => 'facebook id already in use']); + exit; } - if ( !$fb_user->id_user ) { - $user->active = 1; - $user->name = $fb->user()->name; - $user->email = $fb->user()->email; - $user->save(); - - $userAuth = new User_Auth; - $userAuth->active = 1; - $userAuth->id_user = $user->id_user; - $userAuth->type = 'facebook'; - $userAuth->auth = $fb->user()->id; - $userAuth->save(); - - // This line will create a phone user auth just if the user already has an facebook auth - if( $user->phone ){ - User_Auth::createPhoneAuthFromFacebook( $user->id_user, $user->phone ); - } - - } - } else { - // we dont have a facebook user } - break; + } } echo c::user()->json(); diff --git a/include/library/Crunchbutton/Auth.php b/include/library/Crunchbutton/Auth.php index ccf8fa1e6..37cd14d27 100644 --- a/include/library/Crunchbutton/Auth.php +++ b/include/library/Crunchbutton/Auth.php @@ -60,58 +60,49 @@ class Crunchbutton_Auth { // not sure if theres any way to avoid this, but if a fb user is found, we have to make a fb request // which take a little bit of time if (!$this->_user) { - // check for a facebook cookie foreach ($_COOKIE as $key => $value) { if (preg_match('/^fbsr_.*$/', $key)) { - - // we found a cookie! - $fb = new Crunchbutton_Auth_Facebook; - - if ($fb->user()->id) { - // we have a facebook user - $user = User::facebook($fb->user()->id); - - if (!$user->id_user) { - // we dont have a user, and we need to make one - $user = new User; - $user->active = 1; - $user->name = $fb->user()->name; - $user->email = $fb->user()->email; - $user->save(); - - $userAuth = new User_Auth; - $userAuth->active = 1; - $userAuth->id_user = $user->id_user; - $userAuth->type = 'facebook'; - $userAuth->auth = $fb->user()->id; - $userAuth->save(); - } else { - $user = $user->get(0); - } - - $this->_user = $user; - $this->session()->id_user = $user->id_user; - $this->session()->date_active = date('Y-m-d H:i:s'); - $this->session()->generateAndSaveToken(); - setcookie('token', $this->session()->token, (new DateTime('3000-01-01'))->getTimestamp(), '/'); - - } else { - // we dont have a facebook user - } - + // we found a cookie! perform a facebook authentication via the api + $this->_facebook = new Crunchbutton_Auth_Facebook; + $this->fbauth(); break; } } - } - + // we still dont have a user, so just set a blan object if (!$this->_user) { $this->_user = new Crunchbutton_User; } } + + public function facebook($fb = null) { + if (isset($fb)) { + $this->_facebook = $fb; + } + return $this->_facebook; + } + + public function fbauth() { + // we have a facebook user + if ($this->facebook()->fbuser()->id) { + $user = User::facebookCreate($this->facebook()->fbuser()->id, true); + if ($user) { + $this->setUser($user); + } + } + return $this; + } + + public function setUser($user) { + $this->_user = $user; + $this->session()->id_user = $user->id_user; + $this->session()->date_active = date('Y-m-d H:i:s'); + $this->session()->generateAndSaveToken(); + setcookie('token', $this->session()->token, (new DateTime('3000-01-01'))->getTimestamp(), '/'); + } public function doAuth($type, $id) { $auth = Crunchbutton_User_Auth::byTypeId($type,$id); @@ -140,9 +131,9 @@ class Crunchbutton_Auth { } public function user($user = null) { - if ($user) $this->_user = $user; - - if (!isset($this->_user)) { + if (isset($user)) { + $this->_user = $user; + } elseif (!isset($this->_user)) { $this->_user = new Crunchbutton_User; } diff --git a/include/library/Crunchbutton/Auth/Facebook.php b/include/library/Crunchbutton/Auth/Facebook.php index 6ed7fcdd6..cb6c0e21d 100644 --- a/include/library/Crunchbutton/Auth/Facebook.php +++ b/include/library/Crunchbutton/Auth/Facebook.php @@ -1,46 +1,50 @@ _facebook = c::facebook(); + + if ($token) { + $this->facebook()->setAccessToken($token); + } + + if (!$user) { $this->check(); } else { - $this->_user = $data; + $this->_user = $user; } + } public function check() { - - $this->_facebook = new Cana_Facebook([ - 'appId' => Cana::config()->facebook->app, - 'secret' => Cana::config()->facebook->secret - ]); - - $user = $this->_facebook->getUser(); + $user = c::facebook()->getUser(); if ($user) { try { - $userObject = $this->_facebook->api('/'.$user); + $userObject = $this->facebook()->api('/'.$user); } catch (Cana_Facebook_Exception $e) { - // debug for now $userObject = null; } } - $this->_user = Cana_Model::toModel($userObject); + $this->_fbuser = Cana_Model::toModel($userObject); return $this; } public function login() { - header('Location: '.$this->_facebook->getLoginUrl().'&scope=email'); + header('Location: '.$this->facebook()->getLoginUrl().'&scope=email'); exit; } public function logout() { - header('Location: '.$this->_facebook->getLogoutUrl()); + header('Location: '.$this->facebook()->getLogoutUrl()); exit; } + public function fbuser() { + return $this->_fbuser; + } + public function user() { return $this->_user; } diff --git a/include/library/Crunchbutton/User.php b/include/library/Crunchbutton/User.php index 1c5697bae..907aa40dc 100644 --- a/include/library/Crunchbutton/User.php +++ b/include/library/Crunchbutton/User.php @@ -51,6 +51,44 @@ class Crunchbutton_User extends Cana_Table { '); } + public static function facebookCreate($id, $auth = false) { + $fbuser = self::facebook($id); + $user = $auth ? null : c::user(); + + if (!$fbuser->id_user) { + // we dont have a user, and we need to make one + if (!$user->id_user) { + $user = new User; + $user->active = 1; + } + $user->name = c::facebook()->user()->name; + $user->email = c::facebook()->user()->email; + $user->save(); + + $userAuth = new User_Auth; + $userAuth->active = 1; + $userAuth->id_user = $user->id_user; + $userAuth->type = 'facebook'; + $userAuth->auth = c::facebook()->user()->id; + $userAuth->save(); + + if ($user->phone) { + User_Auth::createPhoneAuthFromFacebook($user->id_user, $user->phone); + } + + } elseif ((!$auth && $fbuser->id_user != $user->id_user)) { + // somehow the user is logged into a crunchbutton account that is NOT associated with the logged in facebook account!! + // pretend that the facebook user isnt logged in. we trust our crunchbutton account more + // when loggin in we will never get here since the code to chceck for token is before facebook cookie + $user = false; + } else { + // we have a valid facebook authed user + $user = $fbuser->get(0); + } + + return $user; + } + public function auths() { if (!isset($this->_auths)) { $this->_auths = User_Auth::q('select * from user_auth where id_user="'.$this->id_user.'" and active=1'); diff --git a/www/assets/js/services.facebook.js b/www/assets/js/services.facebook.js index c0121f5db..6a5b978d6 100644 --- a/www/assets/js/services.facebook.js +++ b/www/assets/js/services.facebook.js @@ -92,12 +92,13 @@ NGApp.factory( 'FacebookService', function( $http, $location, AccountService ){ // if it is phonegap call a special facebook connection var data = {}; + url = App.service + 'user/facebook'; if (App.isPhoneGap) { - data.fbrtoken = service.token; + url =+ '?fbrtoken=' + service.token; } // Just call the user api, this will create a facebook user - $http({method: 'GET', url: App.service + 'user/facebook', data: data, cache: false}).success(function(data) { + $http({method: 'GET', url: url, cache: false}).success(function(data) { App.log.account({'userID': status.authResponse.userID, 'running': service.running, 'data': data }, 'facebook ajax');