Skip to content

Commit e8689ac

Browse files
djbusbydjbusby
committed
Improve the Verify Process
1 parent 4c9f450 commit e8689ac

File tree

13 files changed

+252
-202
lines changed

13 files changed

+252
-202
lines changed

lib/Auth_Context_Ticket.php

+10-1
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77

88
namespace OpenTHC\SSO;
99

10-
class Auth_Context_Ticket extends \OpenTHC\Auth_Context_Ticket
10+
class Auth_Context_Ticket // extends \OpenTHC\Auth_Context_Ticket
1111
{
1212
/**
1313
*
@@ -17,6 +17,15 @@ static function get($key)
1717
$rdb = \OpenTHC\Service\Redis::factory();
1818
$ret = $rdb->get(sprintf('/auth-ticket/%s', $key));
1919
$ret = json_decode($ret, true);
20+
21+
// if (empty($ret)) {
22+
23+
// $sql = 'SELECT * FROM auth_context_ticket WHERE id = ?';
24+
// $arg = array($_POST['code']);
25+
// $res = $this->_dbc->fetchRow($sql, $arg);
26+
27+
// }
28+
2029
return $ret;
2130
}
2231

lib/Controller/Account/Create.php

-1
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,6 @@
88
namespace OpenTHC\SSO\Controller\Account;
99

1010
use OpenTHC\SSO\CSRF;
11-
use OpenTHC\SSO\Auth_Context_Ticket;
1211

1312
class Create extends \OpenTHC\SSO\Controller\Base
1413
{

lib/Controller/Auth/Once.php

+39-15
Original file line numberDiff line numberDiff line change
@@ -18,33 +18,50 @@ class Once extends \OpenTHC\SSO\Controller\Base
1818
*/
1919
function __invoke($REQ, $RES, $ARG)
2020
{
21+
session_regenerate_id(true);
22+
23+
$_SESSION = [];
24+
2125
// Token Links
2226
if (empty($_GET['_'])) {
23-
__exit_text('Invalid Request [CAO-016]', 400);
27+
return $RES->withJSON([
28+
'data' => null,
29+
'meta' => [ 'note' => 'Invalid Request [CAO-016]' ]
30+
], 400);
2431
}
2532

2633
if (!preg_match('/^([\w\-]{32,128})$/i', $_GET['_'], $m)) {
2734
return $RES->withJSON([
2835
'data' => null,
29-
'meta' => [ 'detail' => 'Invalid Request [CAO-022]' ]
36+
'meta' => [ 'note' => 'Invalid Request [CAO-022]' ]
3037
], 400);
3138
}
3239

33-
$act = \OpenTHC\SSO\Auth_Context_Ticket::get($_GET['_']);
34-
if (empty($act)) {
35-
return $RES->withRedirect('/done?e=CAO-077');
40+
// Get Token
41+
$act = new \OpenTHC\Auth_Context_Ticket($this->_container->DBC_AUTH, $_GET['_']);
42+
if ( ! $act->isValid()) {
43+
$data = [
44+
'error_code' => 'CAO-040'
45+
];
46+
$RES = $RES->withStatus(400);
47+
$RES = $RES->write( $this->render('done.php', $data) );
48+
return $RES;
3649
}
3750

51+
$act = $act->getMeta();
52+
3853
// Intention Router
3954
switch ($act['intent']) {
4055
case 'account-create':
4156
return $this->accountCreate($RES, $act);
4257
break;
4358
case 'email-verify':
44-
return $RES->withRedirect(sprintf('/verify/email?_=%s', $_GET['_']));
59+
$tok = \OpenTHC\SSO\Auth_Context_Ticket::set($act);
60+
return $RES->withRedirect(sprintf('/verify/email?_=%s', $tok));
4561
break;
4662
case 'password-reset':
47-
return $RES->withRedirect('/account/password?_=' . $_GET['_']);
63+
$tok = \OpenTHC\SSO\Auth_Context_Ticket::set($act);
64+
return $RES->withRedirect(sprintf('/account/password?_=%s', $tok));
4865
break;
4966
case 'account-open':
5067
case 'oauth-migrate':
@@ -56,8 +73,8 @@ function __invoke($REQ, $RES, $ARG)
5673
$data['Page']['title'] = 'Error';
5774
$data['body'] = '<div class="alert alert-danger">Invalid Request [CAO-061]</div>';
5875

59-
$RES = $RES->write( $this->render('done.php', $data) );
6076
$RES = $RES->withStatus(400);
77+
$RES = $RES->write( $this->render('done.php', $data) );
6178

6279
return $RES;
6380

@@ -72,8 +89,16 @@ private function accountCreate($RES, $act_data)
7289
$dbc_main = $this->_container->DBC_MAIN;
7390

7491
// Update Contact, Promote Email to Username
75-
$chk = $dbc_auth->fetchOne('SELECT id, flag, stat FROM auth_contact WHERE id = :c0', [ ':c0' => $act_data['contact']['id'] ]);
92+
$sql = 'SELECT id, flag, stat FROM auth_contact WHERE id = :c0';
93+
$arg = [ ':c0' => $act_data['contact']['id'] ];
94+
$chk = $dbc_auth->fetchOne($sql, $arg);
7695
if (empty($chk)) {
96+
$data = [
97+
'error_code' => 'CAO-094'
98+
];
99+
$RES = $RES->withStatus(400);
100+
$RES = $RES->write( $this->render('done.php', $data) );
101+
return $RES;
77102
__exit_text('Invalid Account [CAO-079]', 400);
78103
}
79104

@@ -88,22 +113,21 @@ private function accountCreate($RES, $act_data)
88113
$dbc_main->query('BEGIN');
89114

90115
// Update Auth Contact
91-
$ct_auth = new Auth_Contact($dbc_auth, $act_data['contact']);
92-
$ct_auth['username'] = $act_data['contact']['email'];
93-
$ct_auth['password'] = null;
116+
$ct_auth = new Auth_Contact($dbc_auth, $act_data['contact']['id']);
94117
$ct_auth->setFlag(\OpenTHC\Contact::FLAG_EMAIL_GOOD | \OpenTHC\Contact::FLAG_PHONE_WANT);
95118
$ct_auth->save();
96119

97120
// Update Base Contact
98-
$ct_main = new \OpenTHC\Contact($dbc_main, $act_data['contact']);
121+
$ct_main = new \OpenTHC\Contact($dbc_main, $act_data['contact']['id']);
99122
$ct_main->setFlag(\OpenTHC\Contact::FLAG_EMAIL_GOOD | \OpenTHC\Contact::FLAG_PHONE_WANT);
100123
$ct_main->save();
101124

102125
$dbc_auth->query('COMMIT');
103126
$dbc_main->query('COMMIT');
104127

105-
// Init with this same token
106-
return $RES->withRedirect(sprintf('/auth/init?_=%s', $_GET['_']));
128+
// Verify after Create
129+
$tok = \OpenTHC\SSO\Auth_Context_Ticket::set($act_data);
130+
return $RES->withRedirect(sprintf('/verify?_=%s', $tok));
107131

108132
}
109133

lib/Controller/Done.php

-1
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,6 @@ function __invoke($REQ, $RES, $ARG)
3636
$data['body'] = '<p>We have just sent you an email, with the next steps.<p><p>You will need to confirm your request through a link in that message.</p><p>Maybe you want to read more about regulations?</p><div><a class="btn btn-outline-success" href="https://openthc.com/intro">Introduction to Track and Trace <i class="icon icon-arrow-right"></i></a></div>';
3737
break;
3838
case 'CAO-066':
39-
case 'CAO-077':
4039
$data['Page']['title'] = 'Error';
4140
$data['fail'] = 'The link you followed is not valid';
4241
break;

lib/Controller/Verify/Base.php

+43-43
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
<?php
22
/**
3+
* Base Controller for Verify
34
*
45
* SPDX-License-Identifier: MIT
56
*/
@@ -14,58 +15,57 @@ class Base extends \OpenTHC\SSO\Controller\Base
1415
*/
1516
function loadTicket() : ?array
1617
{
17-
// Load Auth Ticket
18-
$rdb = \OpenTHC\Service\Redis::factory();
19-
$tmp = $rdb->get(sprintf('/auth-ticket/%s', $_GET['_']));
20-
if (empty($tmp)) {
21-
_exit_html_warn('<h1>Invalid Request [CAI-034]</a></h1>', 400);
18+
// Load Auth Ticket or DIE
19+
$act = \OpenTHC\SSO\Auth_Context_Ticket::get($_GET['_']);
20+
// $act = new \OpenTHC\Auth_Context_Ticket($dbc_auth, $_GET['_']);
21+
// if ( ! $act->isValid()) {
22+
if (empty($act)) {
23+
_exit_html_warn('<h1>Invalid Request [CVB-026]</a></h1>', 400);
2224
}
25+
// $act = $act->getMeta();
2326

24-
// Auth Context Ticket
25-
$act = json_decode($tmp, true);
27+
if (empty($act['contact_cache'])) {
2628

27-
if (empty($act)) {
28-
_exit_html_fail('<h1>Invalid Request [CVB-024]</h1>', 400);
29-
}
29+
$dbc_auth = $this->_container->DBC_AUTH;
3030

31-
$dbc_auth = $this->_container->DBC_AUTH;
31+
// Load Contact
32+
$sql = <<<SQL
33+
SELECT auth_contact.id
34+
, auth_contact.stat
35+
, auth_contact.flag
36+
, auth_contact.username
37+
, auth_contact.password
38+
, auth_contact.iso3166
39+
, auth_contact.tz
40+
FROM auth_contact
41+
WHERE auth_contact.id = :c0
42+
SQL;
43+
$arg = [
44+
':c0' => $act['contact']['id']
45+
];
3246

33-
// Load Contact
34-
$sql = <<<SQL
35-
SELECT auth_contact.id
36-
, auth_contact.stat
37-
, auth_contact.flag
38-
, auth_contact.username
39-
, auth_contact.password
40-
, auth_contact.iso3166
41-
, auth_contact.tz
42-
FROM auth_contact
43-
WHERE auth_contact.id = :c0
44-
SQL;
45-
$arg = [
46-
':c0' => $act['contact']['id']
47-
];
47+
// Inflate this onto the ACT
48+
$CT0 = $dbc_auth->fetchRow($sql, $arg);
49+
if (empty($CT0['id'])) {
50+
_exit_html_fail('<h1>Invalid Request [CAV-037]</h1>', 400);
51+
}
4852

49-
// Inflate this onto the ACT
50-
$CT0 = $dbc_auth->fetchRow($sql, $arg);
51-
if (empty($CT0['id'])) {
52-
_exit_html_fail('<h1>Invalid Request [CAV-037]</h1>', 400);
53-
}
53+
$CT1 = $this->_container->DBC_MAIN->fetchRow('SELECT id, email, phone FROM contact WHERE id = :c0', $arg);
54+
if (empty($CT1['id'])) {
55+
_exit_html_fail('<h1>Invalid Request [CAV-040]</h1>', 400);
56+
}
5457

55-
$CT1 = $this->_container->DBC_MAIN->fetchRow('SELECT id, email, phone FROM contact WHERE id = :c0', $arg);
56-
if (empty($CT1['id'])) {
57-
_exit_html_fail('<h1>Invalid Request [CAV-040]</h1>', 400);
58-
}
58+
$act['contact']['flag'] = $CT0['flag'];
59+
$act['contact']['stat'] = $CT0['stat'];
60+
$act['contact']['username'] = $CT0['username'];
61+
$act['contact']['password'] = $CT0['password'];
62+
$act['contact']['iso3166'] = $CT0['iso3166'];
63+
$act['contact']['tz'] = $CT0['tz'];
5964

60-
$act['contact']['flag'] = $CT0['flag'];
61-
$act['contact']['stat'] = $CT0['stat'];
62-
$act['contact']['username'] = $CT0['username'];
63-
$act['contact']['password'] = $CT0['password'];
64-
$act['contact']['iso3166'] = $CT0['iso3166'];
65-
$act['contact']['tz'] = $CT0['tz'];
65+
$act['contact']['email'] = $CT1['email'];
66+
$act['contact']['phone'] = $CT1['phone'];
6667

67-
$act['contact']['email'] = $CT1['email'];
68-
$act['contact']['phone'] = $CT1['phone'];
68+
}
6969

7070
return $act;
7171

lib/Controller/Verify/Email.php

+2-2
Original file line numberDiff line numberDiff line change
@@ -151,8 +151,8 @@ function emailVerifySend($RES, $ARG)
151151

152152
try {
153153

154-
$cic = new \OpenTHC\Service\OpenTHC('cic');
155-
$res = $cic->post('/api/v2018/email/send', [ 'form_params' => $arg ]);
154+
$ops = new \OpenTHC\Service\OpenTHC('ops');
155+
$res = $ops->post('/api/v2018/email/send', [ 'form_params' => $arg ]);
156156

157157
if (201 == $res['code']) {
158158
$ret_args['s'] = 't';

lib/Controller/Verify/Location.php

+9-6
Original file line numberDiff line numberDiff line change
@@ -9,18 +9,22 @@
99

1010
class Location extends \OpenTHC\SSO\Controller\Verify\Base
1111
{
12+
/**
13+
*
14+
*/
1215
function __invoke($REQ, $RES, $ARG)
1316
{
1417
$data = $this->data;
1518
$data['Page']['title'] = 'Verify Profile Location';
1619

1720
$act = $this->loadTicket();
21+
$this->loadGeoIP();
1822

19-
if (!empty($_SESSION['iso3166_1'])) {
23+
if ( ! empty($_SESSION['iso3166_1'])) {
2024
$data['iso3166_1_pick'] = $_SESSION['iso3166_1'];
2125
}
2226

23-
if (!empty($_SESSION['iso3166_2'])) {
27+
if ( ! empty($_SESSION['iso3166_2'])) {
2428
$data['iso3166_2_pick'] = $_SESSION['iso3166_2'];
2529
}
2630

@@ -34,7 +38,7 @@ function __invoke($REQ, $RES, $ARG)
3438
return $RES->write( $this->render('verify/location-2.php', $data) );
3539
}
3640

37-
__exit_text('Invalid Request [CVL-057]', 400);
41+
return $RES->withRedirect(sprintf('/verify?_=%s', $_GET['_']));
3842

3943
}
4044

@@ -43,6 +47,8 @@ function __invoke($REQ, $RES, $ARG)
4347
*/
4448
function post($REQ, $RES, $ARG)
4549
{
50+
$act = $this->loadTicket();
51+
4652
switch ($_POST['a']) {
4753
case 'iso3166-1-save-next':
4854

@@ -81,9 +87,6 @@ function post($REQ, $RES, $ARG)
8187

8288
$_SESSION['iso3166_2_pick'] = $iso3166_2_pick;
8389

84-
// Or Save till the end to save?
85-
$act = $this->loadTicket();
86-
8790
$dbc = $this->_container->DBC_AUTH;
8891
$sql = 'UPDATE auth_contact SET flag = flag | :f1::int, iso3166 = :iso, tz = :tz WHERE id = :ct0';
8992
$sql = 'UPDATE auth_contact SET iso3166 = :iso WHERE id = :ct0';

0 commit comments

Comments
 (0)