<?php

/**
 * HybridAuth
 * http://hybridauth.sourceforge.net | http://github.com/hybridauth/hybridauth
 * (c) 2009-2015, HybridAuth authors | http://hybridauth.sourceforge.net/licenses.html
 */

/**
 * Hybrid_Endpoint class
 *
 * Provides a simple way to handle the OpenID and OAuth endpoint
 */
class Hybrid_Endpoint {

	protected $request = null;
	protected $initDone = false;

	/**
	 * Process the current request
	 *
	 * @param array $request The current request parameters. Leave as null to default to use $_REQUEST.
	 */
	public function __construct($request = null) {
		if (is_null($request)) {
			// Fix a strange behavior when some provider call back ha endpoint
			// with /index.php?hauth.done={provider}?{args}...
			// >here we need to parse $_SERVER[QUERY_STRING]
			$request = $_REQUEST;
			if (strrpos($_SERVER["QUERY_STRING"], '?')) {
				$_SERVER["QUERY_STRING"] = str_replace("?", "&", $_SERVER["QUERY_STRING"]);
				parse_str($_SERVER["QUERY_STRING"], $request);
			}
		}

		// Setup request variable
		$this->request = $request;

		// If openid_policy requested, we return our policy document
		if (isset($this->request["get"]) && $this->request["get"] == "openid_policy") {
			$this->processOpenidPolicy();
		}

		// If openid_xrds requested, we return our XRDS document
		if (isset($this->request["get"]) && $this->request["get"] == "openid_xrds") {
			$this->processOpenidXRDS();
		}

		// If we get a hauth.start
		if (isset($this->request["hauth_start"]) && $this->request["hauth_start"]) {
			$this->processAuthStart();
		}
		// Else if hauth.done
		elseif (isset($this->request["hauth_done"]) && $this->request["hauth_done"]) {
			$this->processAuthDone();
		}
		// Else we advertise our XRDS document, something supposed to be done from the Realm URL page
		else {
			$this->processOpenidRealm();
		}
	}

	/**
	 * Process the current request
	 *
	 * @param array $request The current request parameters. Leave as null to default to use $_REQUEST.
	 * @return Hybrid_Endpoint
	 */
	public static function process($request = null) {
		// Trick for PHP 5.2, because it doesn't support late static binding
		$class = function_exists('get_called_class') ? get_called_class() : __CLASS__;
		new $class($request);
	}

	/**
	 * Process OpenID policy request
	 * @return void
	 */
	protected function processOpenidPolicy() {
		$output = file_get_contents(dirname(__FILE__) . "/resources/openid_policy.html");
		print $output;
		die();
	}

	/**
	 * Process OpenID XRDS request
	 * @return void
	 */
	protected function processOpenidXRDS() {
		header("Content-Type: application/xrds+xml");

		$output = str_replace("{RETURN_TO_URL}", str_replace(
						array("<", ">", "\"", "'", "&"), array("&lt;", "&gt;", "&quot;", "&apos;", "&amp;"), Hybrid_Auth::getCurrentUrl(false)
				), file_get_contents(dirname(__FILE__) . "/resources/openid_xrds.xml"));
		print $output;
		die();
	}

	/**
	 * Process OpenID realm request
	 * @return void
	 */
	protected function processOpenidRealm() {
		$output = str_replace("{X_XRDS_LOCATION}", htmlentities(Hybrid_Auth::getCurrentUrl(false), ENT_QUOTES, 'UTF-8')
				. "?get=openid_xrds&v="
				. Hybrid_Auth::$version, file_get_contents(dirname(__FILE__) . "/resources/openid_realm.html"));
		print $output;
		die();
	}

	/**
	 * Define: endpoint step 3
	 * @return void
	 * @throws Hybrid_Exception
	 */
	protected function processAuthStart() {
		$this->authInit();

		$provider_id = trim(strip_tags($this->request["hauth_start"]));

		// check if page accessed directly
		if (!Hybrid_Auth::storage()->get("hauth_session.$provider_id.hauth_endpoint")) {
			Hybrid_Logger::error("Endpoint: hauth_endpoint parameter is not defined on hauth_start, halt login process!");

			throw new Hybrid_Exception("You cannot access this page directly.");
		}

		// define:hybrid.endpoint.php step 2.
		$hauth = Hybrid_Auth::setup($provider_id);

		// if REQUESTed hauth_idprovider is wrong, session not created, etc.
		if (!$hauth) {
			Hybrid_Logger::error("Endpoint: Invalid parameter on hauth_start!");
			throw new Hybrid_Exception("Invalid parameter! Please return to the login page and try again.");
		}

		try {
			Hybrid_Logger::info("Endpoint: call adapter [{$provider_id}] loginBegin()");

			$hauth->adapter->loginBegin();
		} catch (Exception $e) {
			Hybrid_Logger::error("Exception:" . $e->getMessage(), $e);
			Hybrid_Error::setError($e->getMessage(), $e->getCode(), $e->getTraceAsString(), $e->getPrevious());

			$hauth->returnToCallbackUrl();
		}

		die();
	}

	/**
	 * Define: endpoint step 3.1 and 3.2
	 * @return void
	 * @throws Hybrid_Exception
	 */
	protected function processAuthDone() {
		$this->authInit();

		$provider_id = trim(strip_tags($this->request["hauth_done"]));

		$hauth = Hybrid_Auth::setup($provider_id);

		if (!$hauth) {
			Hybrid_Logger::error("Endpoint: Invalid parameter on hauth_done!");

			$hauth->adapter->setUserUnconnected();

			throw new Hybrid_Exception("Invalid parameter! Please return to the login page and try again.");
		}

		try {
			Hybrid_Logger::info("Endpoint: call adapter [{$provider_id}] loginFinish() ");
			$hauth->adapter->loginFinish();
		} catch (Exception $e) {
			Hybrid_Logger::error("Exception:" . $e->getMessage(), $e);
			Hybrid_Error::setError($e->getMessage(), $e->getCode(), $e->getTraceAsString(), $e->getPrevious());

			$hauth->adapter->setUserUnconnected();
		}

		Hybrid_Logger::info("Endpoint: job done. return to callback url.");

		$hauth->returnToCallbackUrl();
		die();
	}

	/**
	 * Initializes authentication
	 * @throws Hybrid_Exception
	 */
	protected function authInit() {
		if (!$this->initDone) {
			$this->initDone = true;

			// Init Hybrid_Auth
			try {
				if (!class_exists("Hybrid_Storage", false)) {
					require_once realpath(dirname(__FILE__)) . "/Storage.php";
				}
				if (!class_exists("Hybrid_Exception", false)) {
					require_once realpath(dirname(__FILE__)) . "/Exception.php";
				}
				if (!class_exists("Hybrid_Logger", false)) {
					require_once realpath(dirname(__FILE__)) . "/Logger.php";
				}

				$storage = new Hybrid_Storage();

				// Check if Hybrid_Auth session already exist
				if (!$storage->config("CONFIG")) {
					throw new Hybrid_Exception("You cannot access this page directly.");
				}

				Hybrid_Auth::initialize($storage->config("CONFIG"));
			} catch (Exception $e) {
				Hybrid_Logger::error("Endpoint: Error while trying to init Hybrid_Auth: " . $e->getMessage());
				throw new Hybrid_Exception( "Endpoint: Error while trying to init Hybrid_Auth: " . $e->getMessage(), $e->getCode(), $e );
			}
		}
	}

}