/Facebook/FacebookSessionPersistence.php

http://github.com/FriendsOfSymfony/FOSFacebookBundle · PHP · 199 lines · 121 code · 30 blank · 48 comment · 12 complexity · 06e932406dd06efad4b03631587c1fda MD5 · raw file 

    

  1. <?php
    2. 

  2. 

  3. namespace FOS\FacebookBundle\Facebook;
    4. 

  4. 

  5. use Symfony\Component\HttpFoundation\Session\Session;
    6. 

  6. use Symfony\Component\HttpFoundation\Request;
    7. 

  7. 

  8. /**
    9. 

  9.  * Implements Symfony2 session persistence for Facebook.
    10. 

  10.  *
    11. 

  11.  * @author Johannes M. Schmitt <schmittjoh@gmail.com>
    12. 

  12.  */
    13. 

  13. class FacebookSessionPersistence extends \BaseFacebook
    14. 

  14. {
    15. 

  15.     const PREFIX = '_fos_facebook_';
    16. 

  16. 

  17.     protected $session;
    18. 

  18.     protected $prefix;
    19. 

  19.     protected static $kSupportedKeys = array('state', 'code', 'access_token', 'user_id');
    20. 

  20. 

  21.     /**
    22. 

  22.      * @param array   $config
    23. 

  23.      * @param Session $session
    24. 

  24.      * @param string  $prefix
    25. 

  25.      */
    26. 

  26.     public function __construct($config, Session $session, $prefix = self::PREFIX)
    27. 

  27.     {
    28. 

  28.         $this->session = $session;
    29. 

  29.         $this->prefix  = $prefix;
    30. 

  30. 

  31.         $this->setAppId($config['appId']);
    32. 

  32.         $this->setAppSecret($config['secret']);
    33. 

  33.         if (isset($config['fileUpload'])) {
    34. 

  34.             $this->setFileUploadSupport($config['fileUpload']);
    35. 

  35.         }
    36. 

  36.         // Add trustProxy configuration
    37. 

  37.         $this->trustForwarded = isset($config['trustForwarded']) ? $config['trustForwarded'] : Request::getTrustedProxies();
    38. 

  38.     }
    39. 

  39. 

  40.     /**
    41. 

  41.      * @param  array  $params
    42. 

  42.      * @return string
    43. 

  43.      */
    44. 

  44.     public function getLoginUrl($params = array())
    45. 

  45.     {
    46. 

  46.         $this->establishCSRFTokenState();
    47. 

  47.         $currentUrl = $this->getCurrentUrl();
    48. 

  48. 

  49.         // if 'scope' is passed as an array, convert to comma separated list
    50. 

  50.         $scopeParams = isset($params['scope']) ? $params['scope'] : null;
    51. 

  51.         if ($scopeParams && is_array($scopeParams)) {
    52. 

  52.             $params['scope'] = implode(',', $scopeParams);
    53. 

  53.         }
    54. 

  54. 

  55.         return $this->getUrl(
    56. 

  56.             'www',
    57. 

  57.             'dialog/oauth',
    58. 

  58.             array_merge(
    59. 

  59.                 array(
    60. 

  60.                     'client_id' => $this->getAppId(),
    61. 

  61.                     'redirect_uri' => $currentUrl, // possibly overwritten
    62. 

  62.                     'state' => $this->getState(),
    63. 

  63.                 ),
    64. 

  64.                 $params
    65. 

  65.             )
    66. 

  66.         );
    67. 

  67.     }
    68. 

  68. 

  69.     /**
    70. 

  70.      * @return bool|mixed
    71. 

  71.      */
    72. 

  72.     protected function getCode()
    73. 

  73.     {
    74. 

  74.         if (isset($_REQUEST['code'])) {
    75. 

  75.             if ($this->getState() !== null &&
    76. 

  76.                 isset($_REQUEST['state']) &&
    77. 

  77.                 $this->getState() === $_REQUEST['state']) {
    78. 

  78. 

  79.                     // CSRF state has done its job, so clear it
    80. 

  80.                     $this->setState(null);
    81. 

  81.                     $this->clearPersistentData('state');
    82. 

  82. 

  83.                     return $_REQUEST['code'];
    84. 

  84.             } else {
    85. 

  85.                 self::errorLog('CSRF state token does not match one provided.');
    86. 

  86. 

  87.                 return false;
    88. 

  88.             }
    89. 

  89.         }
    90. 

  90. 

  91.         return false;
    92. 

  92.     }
    93. 

  93. 

  94.     protected function establishCSRFTokenState()
    95. 

  95.     {
    96. 

  96.         if ($this->getState() === null) {
    97. 

  97.             $this->setState(md5(uniqid(mt_rand(), true)));
    98. 

  98.         }
    99. 

  99.     }
    100. 

  100. 

  101.     /**
    102. 

  102.      * Stores the given ($key, $value) pair, so that future calls to
    103. 

  103.      * getPersistentData($key) return $value. This call may be in another request.
    104. 

  104.      *
    105. 

  105.      * @param string $key
    106. 

  106.      * @param array  $value
    107. 

  107.      *
    108. 

  108.      * @return void
    109. 

  109.      */
    110. 

  110.     protected function setPersistentData($key, $value)
    111. 

  111.     {
    112. 

  112.         if (!in_array($key, self::$kSupportedKeys)) {
    113. 

  113.             self::errorLog('Unsupported key passed to setPersistentData.');
    114. 

  114. 

  115.             return;
    116. 

  116.         }
    117. 

  117. 

  118.         $this->session->set($this->constructSessionVariableName($key), $value);
    119. 

  119.     }
    120. 

  120. 

  121.     /**
    122. 

  122.      * Get the data for $key, persisted by BaseFacebook::setPersistentData()
    123. 

  123.      *
    124. 

  124.      * @param string  $key     The key of the data to retrieve
    125. 

  125.      * @param boolean $default The default value to return if $key is not found
    126. 

  126.      *
    127. 

  127.      * @return mixed
    128. 

  128.      */
    129. 

  129.     protected function getPersistentData($key, $default = false)
    130. 

  130.     {
    131. 

  131.         if (!in_array($key, self::$kSupportedKeys)) {
    132. 

  132.             self::errorLog('Unsupported key passed to getPersistentData.');
    133. 

  133. 

  134.             return $default;
    135. 

  135.         }
    136. 

  136. 

  137.         $sessionVariableName = $this->constructSessionVariableName($key);
    138. 

  138.         if ($this->session->has($sessionVariableName)) {
    139. 

  139.             return $this->session->get($sessionVariableName);
    140. 

  140.         }
    141. 

  141. 

  142.         return $default;
    143. 

  143.     }
    144. 

  144. 

  145.     /**
    146. 

  146.      * Clear the data with $key from the persistent storage
    147. 

  147.      *
    148. 

  148.      * @param  string $key
    149. 

  149.      * @return void
    150. 

  150.      */
    151. 

  151.     protected function clearPersistentData($key)
    152. 

  152.     {
    153. 

  153.         if (!in_array($key, self::$kSupportedKeys)) {
    154. 

  154.             self::errorLog('Unsupported key passed to clearPersistentData.');
    155. 

  155. 

  156.             return;
    157. 

  157.         }
    158. 

  158. 

  159.         $this->session->remove($this->constructSessionVariableName($key));
    160. 

  160.     }
    161. 

  161. 

  162.     /**
    163. 

  163.      * Clear all data from the persistent storage
    164. 

  164.      *
    165. 

  165.      * @return void
    166. 

  166.      */
    167. 

  167.     protected function clearAllPersistentData()
    168. 

  168.     {
    169. 

  169.         foreach ($this->session->all() as $k => $v) {
    170. 

  170.             if (0 !== strpos($k, $this->prefix)) {
    171. 

  171.                 continue;
    172. 

  172.             }
    173. 

  173. 

  174.             $this->session->remove($k);
    175. 

  175.         }
    176. 

  176.     }
    177. 

  177. 

  178.     protected function constructSessionVariableName($key)
    179. 

  179.     {
    180. 

  180.         return $this->prefix.implode(
    181. 

  181.             '_',
    182. 

  182.             array(
    183. 

  183.                 'fb',
    184. 

  184.                 $this->getAppId(),
    185. 

  185.                 $key,
    186. 

  186.             )
    187. 

  187.         );
    188. 

  188.     }
    189. 

  189. 

  190.     private function getState()
    191. 

  191.     {
    192. 

  192.         return $this->getPersistentData('state', null);
    193. 

  193.     }
    194. 

  194. 

  195.     private function setState($state)
    196. 

  196.     {
    197. 

  197.         $this->setPersistentData('state', $state);
    198. 

  198.     }
    199. 

  199. }
    200.