Skip to content
Browse files

Ridiculous redirect games for requesting perms from inside FB frame

  • Loading branch information...
1 parent 84ed804 commit 1ae015a001d8462854ebf2588594e653439cffaa @brendonh committed Sep 14, 2011
View
3 engine/.gitignore
@@ -1,2 +1,3 @@
+yiic
+*.config
*.dump
-dev.config
View
48 yii/modules/Yiidis/components/FacebookConnection.php
@@ -7,16 +7,26 @@ class FacebookConnection extends CApplicationComponent {
public $params;
public $conn;
public $appUserClass;
+ public $breakFrame = true;
+
+ public $_session;
public function init() {
$this->conn = new Facebook($this->params['connection']);
parent::init();
}
+ public function getSession() {
+ if (!$this->_session) {
+ $sessionID = Yii::app()->session->sessionID;
+ $this->_session = RedisSession::ensure($sessionID);
+ }
+ return $this->_session;
+ }
+
public function getUser($login=true) {
- $sessionID = Yii::app()->session->sessionID;
- $session = RedisSession::ensure($sessionID);
+ $session = $this->getSession();
if ($session->userID) {
return $session->getUser();
@@ -32,6 +42,7 @@ public function getUser($login=true) {
try {
$info = $this->conn->api('/me');
+ $perms = $this->conn->api('/me/permissions');
$friends = $this->conn->api('/me/friends');
$friends = $friends['data'];
} catch (FacebookApiException $e) {
@@ -42,6 +53,7 @@ public function getUser($login=true) {
$user = FacebookUser::ensure($userKey);
$user->name = $info['name'];
+ $user->perms = array_keys($perms['data'][0]);
$user->put();
$profile = FacebookProfile::ensure($userKey);
@@ -56,15 +68,37 @@ public function getUser($login=true) {
return $user;
}
- public function doLogin() {
+ public function doLogin($scope=array()) {
+ $session = $this->getSession();
+ $session->clearUser();
+
$app = Yii::app();
- $request = $app->getRequest();
- $cb = $request->getBaseUrl() . $app->createUrl("yiidis/facebook/afterLogin");
- $url = $this->conn->getLoginUrl(array('redirect_uri'=>$cb));
- $request->redirect($url);
+
+ if ($this->breakFrame) {
+ $app->request->redirect($app->createUrl("yiidis/facebook/login", array('scope'=>implode(",", $scope))));
+ } else {
+ $app->request->redirect($this->getLoginUrl($scope));
+ }
+ }
+
+ public function getLoginUrl($scope=array(), $appRedirect=false) {
+ $app = Yii::app();
+ $request = $app->getRequest();
+
+ if ($appRedirect) {
+ $cb = $this->params['appUrl'];
+ } else {
+ $cb = $request->getBaseUrl() . $app->createUrl("yiidis/facebook/afterLogin");
+ }
+
+ $strScope = implode(",", $scope);
+ return $this->conn->getLoginUrl(array('redirect_uri'=>$cb, 'scope'=>$strScope));
}
public function doLogout() {
+ $session = $this->getSession();
+ $session->clearUser();
+
$app = Yii::app();
$request = $app->getRequest();
$cb = $request->getBaseUrl() . $app->createUrl("yiidis/facebook/afterLogout");
View
1 yii/modules/Yiidis/components/FacebookUser.php
@@ -5,6 +5,7 @@ class FacebookUser extends RedisModel {
public static $_keyPrefix = 'user';
public $name;
+ public $perms;
public function afterConstruct() {
if (isset(Yii::app()->params->appUserClass)) {
View
6 yii/modules/Yiidis/components/RedisSession.php
@@ -21,7 +21,13 @@ public function getUser() {
}
return $this->_user;
+ }
+ public function clearUser() {
+ if ($this->userID) {
+ $this->userID = null;
+ $this->put();
+ }
}
}
View
19 yii/modules/Yiidis/components/YiidisController.php
@@ -6,23 +6,34 @@ class YiidisController extends CController {
public $user;
public function beforeAction() {
+ if (strstr(Yii::app()->request->getUrlReferrer(), 'facebook') && isset($_GET['state'])) {
+ $this->getUser(true);
+ $this->redirect(array('yiidis/facebook/cleanupUrl'));
+ }
return $this->getUser();
}
- public function getUser($login = null) {
+ public function getUser($login = null, $scope=array()) {
if ($login === null) $login = $this->requireLogin;
try {
$this->user = Yii::app()->facebook->getUser($login);
} catch (FacebookNeedsLogin $e) {
- Yii::app()->facebook->doLogin();
+ Yii::app()->facebook->doLogin($scope);
return false;
}
+
+ foreach ($scope as $perm) {
+ if (!in_array($perm, $this->user->perms)) {
+ Yii::app()->facebook->doLogin($scope);
+ return false;
+ }
+ }
return true;
}
- public function getUserOrRedirect($to=array('site/index')) {
- if ($this->getUser(true)) return true;
+ public function getUserOrRedirect($to=array('site/index'), $scope=array()) {
+ if ($this->getUser(true, $scope)) return true;
$this->redirect($to);
return false;
}
View
24 yii/modules/Yiidis/controllers/FacebookController.php
@@ -2,12 +2,34 @@
class FacebookController extends YiidisController {
+ public $requireLogin = false;
+
public function actions() {
return array();
}
+ public function actionLogin($scope) {
+ $scope = explode(',', $scope);
+ $url = Yii::app()->facebook->getLoginUrl($scope, true);
+ $this->renderPartial('jsredirect', array('url'=>$url));
+ }
+
+ public function actionCleanupUrl() {
+ $url = Yii::app()->facebook->params['appUrl'];
+ $this->renderPartial('jsredirect', array('url'=>$url));
+ }
+
public function actionAfterLogin() {
- Yii::log("Facebook login successful", "info");
+ try {
+ if (Yii::app()->facebook->getUser()) {
+ Yii::log("Facebook login successful", "info");
+ } else {
+ Yii::log("Facebook login failed", "info");
+ }
+ } catch (Exception $e) {
+ Yii::log("Facebook login error", "info");
+ Yii::log(CVarDumper::dumpAsString($e), "info");
+ }
Yii::app()->request->redirect("/");
}
View
3 yii/modules/Yiidis/views/facebook/jsredirect.php
@@ -0,0 +1,3 @@
+<script type="text/javascript">
+ top.location='<?= $url; ?>';
+</script>
View
3 yii/modules/Yiidis/views/facebook/login.php
@@ -0,0 +1,3 @@
+<script type="text/javascript">
+ top.location='<?= $url; ?>';
+</script>

0 comments on commit 1ae015a

Please sign in to comment.
Something went wrong with that request. Please try again.