PageRenderTime 128ms CodeModel.GetById 27ms RepoModel.GetById 4ms app.codeStats 1ms

/Application/Library/facebook_full/src/Facebook/FacebookSession.php

https://gitlab.com/hoanghung.dev/aloads
PHP | 367 lines | 130 code | 30 blank | 207 comment | 6 complexity | a41daaa68e1e6e8b6d464d28fc7671c4 MD5 | raw file
    

  1. <?php
    2. 

  2. /**
    3. 

  3.  * Copyright 2014 Facebook, Inc.
    4. 

  4.  *
    5. 

  5.  * You are hereby granted a non-exclusive, worldwide, royalty-free license to
    6. 

  6.  * use, copy, modify, and distribute this software in source code or binary
    7. 

  7.  * form for use in connection with the web services and APIs provided by
    8. 

  8.  * Facebook.
    9. 

  9.  *
    10. 

  10.  * As with any software that integrates with the Facebook platform, your use
    11. 

  11.  * of this software is subject to the Facebook Developer Principles and
    12. 

  12.  * Policies [http://developers.facebook.com/policy/]. This copyright notice
    13. 

  13.  * shall be included in all copies or substantial portions of the software.
    14. 

  14.  *
    15. 

  15.  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    16. 

  16.  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    17. 

  17.  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
    18. 

  18.  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    19. 

  19.  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
    20. 

  20.  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
    21. 

  21.  * DEALINGS IN THE SOFTWARE.
    22. 

  22.  *
    23. 

  23.  */
    24. 

  24. namespace Facebook;
    25. 

  25. 

  26. use Facebook\Entities\AccessToken;
    27. 

  27. use Facebook\Entities\SignedRequest;
    28. 

  28. 

  29. /**
    30. 

  30.  * Class FacebookSession
    31. 

  31.  * @package Facebook
    32. 

  32.  * @author Fosco Marotto <fjm@fb.com>
    33. 

  33.  * @author David Poll <depoll@fb.com>
    34. 

  34.  */
    35. 

  35. class FacebookSession
    36. 

  36. {
    37. 

  37. 

  38.   /**
    39. 

  39.    * @var string
    40. 

  40.    */
    41. 

  41.   private static $defaultAppId;
    42. 

  42. 

  43.   /**
    44. 

  44.    * @var string
    45. 

  45.    */
    46. 

  46.   private static $defaultAppSecret;
    47. 

  47. 

  48.   /**
    49. 

  49.    * @var AccessToken The AccessToken entity for this connection.
    50. 

  50.    */
    51. 

  51.   private $accessToken;
    52. 

  52. 

  53.   /**
    54. 

  54.    * @var SignedRequest
    55. 

  55.    */
    56. 

  56.   private $signedRequest;
    57. 

  57. 

  58.   /**
    59. 

  59.    * @var bool
    60. 

  60.    */
    61. 

  61.   protected static $useAppSecretProof = true;
    62. 

  62. 

  63.   /**
    64. 

  64.    * When creating a Session from an access_token, use:
    65. 

  65.    *   var $session = new FacebookSession($accessToken);
    66. 

  66.    * This will validate the token and provide a Session object ready for use.
    67. 

  67.    * It will throw a SessionException in case of error.
    68. 

  68.    *
    69. 

  69.    * @param AccessToken|string $accessToken
    70. 

  70.    * @param SignedRequest $signedRequest The SignedRequest entity
    71. 

  71.    */
    72. 

  72.   public function __construct($accessToken, SignedRequest $signedRequest = null)
    73. 

  73.   {
    74. 

  74.     $this->accessToken = $accessToken instanceof AccessToken ? $accessToken : new AccessToken($accessToken);
    75. 

  75.     $this->signedRequest = $signedRequest;
    76. 

  76.   }
    77. 

  77. 

  78.   /**
    79. 

  79.    * Returns the access token.
    80. 

  80.    *
    81. 

  81.    * @return string
    82. 

  82.    */
    83. 

  83.   public function getToken()
    84. 

  84.   {
    85. 

  85.     return (string) $this->accessToken;
    86. 

  86.   }
    87. 

  87. 

  88.   /**
    89. 

  89.    * Returns the access token entity.
    90. 

  90.    *
    91. 

  91.    * @return AccessToken
    92. 

  92.    */
    93. 

  93.   public function getAccessToken()
    94. 

  94.   {
    95. 

  95.     return $this->accessToken;
    96. 

  96.   }
    97. 

  97. 

  98.   /**
    99. 

  99.    * Returns the SignedRequest entity.
    100. 

  100.    *
    101. 

  101.    * @return SignedRequest
    102. 

  102.    */
    103. 

  103.   public function getSignedRequest()
    104. 

  104.   {
    105. 

  105.     return $this->signedRequest;
    106. 

  106.   }
    107. 

  107. 

  108.   /**
    109. 

  109.    * Returns the signed request payload.
    110. 

  110.    *
    111. 

  111.    * @return null|array
    112. 

  112.    */
    113. 

  113.   public function getSignedRequestData()
    114. 

  114.   {
    115. 

  115.     return $this->signedRequest ? $this->signedRequest->getPayload() : null;
    116. 

  116.   }
    117. 

  117. 

  118.   /**
    119. 

  119.    * Returns a property from the signed request data if available.
    120. 

  120.    *
    121. 

  121.    * @param string $key
    122. 

  122.    *
    123. 

  123.    * @return null|mixed
    124. 

  124.    */
    125. 

  125.   public function getSignedRequestProperty($key)
    126. 

  126.   {
    127. 

  127.     return $this->signedRequest ? $this->signedRequest->get($key) : null;
    128. 

  128.   }
    129. 

  129. 

  130.   /**
    131. 

  131.    * Returns user_id from signed request data if available.
    132. 

  132.    *
    133. 

  133.    * @return null|string
    134. 

  134.    */
    135. 

  135.   public function getUserId()
    136. 

  136.   {
    137. 

  137.     return $this->signedRequest ? $this->signedRequest->getUserId() : null;
    138. 

  138.   }
    139. 

  139. 

  140.   // @TODO Remove getSessionInfo() in 4.1: can be accessed from AccessToken directly
    141. 

  141.   /**
    142. 

  142.    * getSessionInfo - Makes a request to /debug_token with the appropriate
    143. 

  143.    *   arguments to get debug information about the sessions token.
    144. 

  144.    *
    145. 

  145.    * @param string|null $appId
    146. 

  146.    * @param string|null $appSecret
    147. 

  147.    *
    148. 

  148.    * @return GraphSessionInfo
    149. 

  149.    */
    150. 

  150.   public function getSessionInfo($appId = null, $appSecret = null)
    151. 

  151.   {
    152. 

  152.     return $this->accessToken->getInfo($appId, $appSecret);
    153. 

  153.   }
    154. 

  154. 

  155.   // @TODO Remove getLongLivedSession() in 4.1: can be accessed from AccessToken directly
    156. 

  156.   /**
    157. 

  157.    * getLongLivedSession - Returns a new Facebook session resulting from
    158. 

  158.    *   extending a short-lived access token.  If this session is not
    159. 

  159.    *   short-lived, returns $this.
    160. 

  160.    *
    161. 

  161.    * @param string|null $appId
    162. 

  162.    * @param string|null $appSecret
    163. 

  163.    *
    164. 

  164.    * @return FacebookSession
    165. 

  165.    */
    166. 

  166.   public function getLongLivedSession($appId = null, $appSecret = null)
    167. 

  167.   {
    168. 

  168.     $longLivedAccessToken = $this->accessToken->extend($appId, $appSecret);
    169. 

  169.     return new static($longLivedAccessToken, $this->signedRequest);
    170. 

  170.   }
    171. 

  171. 

  172.   // @TODO Remove getExchangeToken() in 4.1: can be accessed from AccessToken directly
    173. 

  173.   /**
    174. 

  174.    * getExchangeToken - Returns an exchange token string which can be sent
    175. 

  175.    *   back to clients and exchanged for a device-linked access token.
    176. 

  176.    *
    177. 

  177.    * @param string|null $appId
    178. 

  178.    * @param string|null $appSecret
    179. 

  179.    *
    180. 

  180.    * @return string
    181. 

  181.    */
    182. 

  182.   public function getExchangeToken($appId = null, $appSecret = null)
    183. 

  183.   {
    184. 

  184.     return AccessToken::getCodeFromAccessToken($this->accessToken, $appId, $appSecret);
    185. 

  185.   }
    186. 

  186. 

  187.   // @TODO Remove validate() in 4.1: can be accessed from AccessToken directly
    188. 

  188.   /**
    189. 

  189.    * validate - Ensures the current session is valid, throwing an exception if
    190. 

  190.    *   not.  Fetches token info from Facebook.
    191. 

  191.    *
    192. 

  192.    * @param string|null $appId Application ID to use
    193. 

  193.    * @param string|null $appSecret App secret value to use
    194. 

  194.    * @param string|null $machineId
    195. 

  195.    *
    196. 

  196.    * @return boolean
    197. 

  197.    *
    198. 

  198.    * @throws FacebookSDKException
    199. 

  199.    */
    200. 

  200.   public function validate($appId = null, $appSecret = null, $machineId = null)
    201. 

  201.   {
    202. 

  202.     if ($this->accessToken->isValid($appId, $appSecret, $machineId)) {
    203. 

  203.       return true;
    204. 

  204.     }
    205. 

  205. 

  206.     // @TODO For v4.1 this should not throw an exception, but just return false.
    207. 

  207.     throw new FacebookSDKException(
    208. 

  208.       'Session has expired, or is not valid for this app.', 601
    209. 

  209.     );
    210. 

  210.   }
    211. 

  211. 

  212.   // @TODO Remove validateSessionInfo() in 4.1: can be accessed from AccessToken directly
    213. 

  213.   /**
    214. 

  214.    * validateTokenInfo - Ensures the provided GraphSessionInfo object is valid,
    215. 

  215.    *   throwing an exception if not.  Ensures the appId matches,
    216. 

  216.    *   that the token is valid and has not expired.
    217. 

  217.    *
    218. 

  218.    * @param GraphSessionInfo $tokenInfo
    219. 

  219.    * @param string|null $appId Application ID to use
    220. 

  220.    * @param string|null $machineId
    221. 

  221.    *
    222. 

  222.    * @return boolean
    223. 

  223.    *
    224. 

  224.    * @throws FacebookSDKException
    225. 

  225.    */
    226. 

  226.   public static function validateSessionInfo(GraphSessionInfo $tokenInfo,
    227. 

  227.                                            $appId = null,
    228. 

  228.                                            $machineId = null)
    229. 

  229.   {
    230. 

  230.     if (AccessToken::validateAccessToken($tokenInfo, $appId, $machineId)) {
    231. 

  231.       return true;
    232. 

  232.     }
    233. 

  233. 

  234.     // @TODO For v4.1 this should not throw an exception, but just return false.
    235. 

  235.     throw new FacebookSDKException(
    236. 

  236.       'Session has expired, or is not valid for this app.', 601
    237. 

  237.     );
    238. 

  238.   }
    239. 

  239. 

  240.   /**
    241. 

  241.    * newSessionFromSignedRequest - Returns a FacebookSession for a
    242. 

  242.    *   given signed request.
    243. 

  243.    *
    244. 

  244.    * @param SignedRequest $signedRequest
    245. 

  245.    *
    246. 

  246.    * @return FacebookSession
    247. 

  247.    */
    248. 

  248.   public static function newSessionFromSignedRequest(SignedRequest $signedRequest)
    249. 

  249.   {
    250. 

  250.     if ($signedRequest->get('code')
    251. 

  251.       && !$signedRequest->get('oauth_token')) {
    252. 

  252.       return self::newSessionAfterValidation($signedRequest);
    253. 

  253.     }
    254. 

  254.     $accessToken = $signedRequest->get('oauth_token');
    255. 

  255.     $expiresAt = $signedRequest->get('expires', 0);
    256. 

  256.     $accessToken = new AccessToken($accessToken, $expiresAt);
    257. 

  257.     return new static($accessToken, $signedRequest);
    258. 

  258.   }
    259. 

  259. 

  260.   /**
    261. 

  261.    * newSessionAfterValidation - Returns a FacebookSession for a
    262. 

  262.    *   validated & parsed signed request.
    263. 

  263.    *
    264. 

  264.    * @param SignedRequest $signedRequest
    265. 

  265.    *
    266. 

  266.    * @return FacebookSession
    267. 

  267.    */
    268. 

  268.   protected static function newSessionAfterValidation(SignedRequest $signedRequest)
    269. 

  269.   {
    270. 

  270.     $code = $signedRequest->get('code');
    271. 

  271.     $accessToken = AccessToken::getAccessTokenFromCode($code);
    272. 

  272.     return new static($accessToken, $signedRequest);
    273. 

  273.   }
    274. 

  274. 

  275.   /**
    276. 

  276.    * newAppSession - Returns a FacebookSession configured with a token for the
    277. 

  277.    *   application which can be used for publishing and requesting app-level
    278. 

  278.    *   information.
    279. 

  279.    *
    280. 

  280.    * @param string|null $appId Application ID to use
    281. 

  281.    * @param string|null $appSecret App secret value to use
    282. 

  282.    *
    283. 

  283.    * @return FacebookSession
    284. 

  284.    */
    285. 

  285.   public static function newAppSession($appId = null, $appSecret = null)
    286. 

  286.   {
    287. 

  287.     $targetAppId = static::_getTargetAppId($appId);
    288. 

  288.     $targetAppSecret = static::_getTargetAppSecret($appSecret);
    289. 

  289.     return new FacebookSession(
    290. 

  290.       $targetAppId . '|' . $targetAppSecret
    291. 

  291.     );
    292. 

  292.   }
    293. 

  293. 

  294.   /**
    295. 

  295.    * setDefaultApplication - Will set the static default appId and appSecret
    296. 

  296.    *   to be used for API requests.
    297. 

  297.    *
    298. 

  298.    * @param string $appId Application ID to use by default
    299. 

  299.    * @param string $appSecret App secret value to use by default
    300. 

  300.    */
    301. 

  301.   public static function setDefaultApplication($appId, $appSecret)
    302. 

  302.   {
    303. 

  303.     self::$defaultAppId = $appId;
    304. 

  304.     self::$defaultAppSecret = $appSecret;
    305. 

  305.   }
    306. 

  306. 

  307.   /**
    308. 

  308.    * _getTargetAppId - Will return either the provided app Id or the default,
    309. 

  309.    *   throwing if neither are populated.
    310. 

  310.    *
    311. 

  311.    * @param string $appId
    312. 

  312.    *
    313. 

  313.    * @return string
    314. 

  314.    *
    315. 

  315.    * @throws FacebookSDKException
    316. 

  316.    */
    317. 

  317.   public static function _getTargetAppId($appId = null) {
    318. 

  318.     $target = ($appId ?: self::$defaultAppId);
    319. 

  319.     if (!$target) {
    320. 

  320.       throw new FacebookSDKException(
    321. 

  321.         'You must provide or set a default application id.', 700
    322. 

  322.       );
    323. 

  323.     }
    324. 

  324.     return $target;
    325. 

  325.   }
    326. 

  326. 

  327.   /**
    328. 

  328.    * _getTargetAppSecret - Will return either the provided app secret or the
    329. 

  329.    *   default, throwing if neither are populated.
    330. 

  330.    *
    331. 

  331.    * @param string $appSecret
    332. 

  332.    *
    333. 

  333.    * @return string
    334. 

  334.    *
    335. 

  335.    * @throws FacebookSDKException
    336. 

  336.    */
    337. 

  337.   public static function _getTargetAppSecret($appSecret = null) {
    338. 

  338.     $target = ($appSecret ?: self::$defaultAppSecret);
    339. 

  339.     if (!$target) {
    340. 

  340.       throw new FacebookSDKException(
    341. 

  341.         'You must provide or set a default application secret.', 701
    342. 

  342.       );
    343. 

  343.     }
    344. 

  344.     return $target;
    345. 

  345.   }
    346. 

  346. 

  347.   /**
    348. 

  348.    * Enable or disable sending the appsecret_proof with requests.
    349. 

  349.    *
    350. 

  350.    * @param bool $on
    351. 

  351.    */
    352. 

  352.   public static function enableAppSecretProof($on = true)
    353. 

  353.   {
    354. 

  354.     static::$useAppSecretProof = ($on ? true : false);
    355. 

  355.   }
    356. 

  356. 

  357.   /**
    358. 

  358.    * Get whether or not appsecret_proof should be sent with requests.
    359. 

  359.    *
    360. 

  360.    * @return bool
    361. 

  361.    */
    362. 

  362.   public static function useAppSecretProof()
    363. 

  363.   {
    364. 

  364.     return static::$useAppSecretProof;
    365. 

  365.   }
    366. 

  366. 

  367. }
    368. 

  368.