Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Announcement: SSO Server/Client 3.7.2 released
#1
It has been a couple of years since the last SSO server/client release.  During that time, PHP 7.x was released, stabilized, and started being deployed fairly widely in the last few months with server adoption.  I'm a fairly late adopter of shiny new technology so that it has lots of time to settle into a stable state.  This release adds PHP 7 series support and upgrades all core library components to the latest and greatest.  HTML Purifier is gone in favor of the much lighter-weight, faster, and more powerful TagFilter class.

Without further ado, the changelog (I haven't done one of these in a while).

Server:
  • [DROPPED] Oracle database support is now relegated to beta status and only available to testing environments.
  • [BREAKING CHANGE] Old style BCrypt password hashing uses phpseclib.  Installs using the older approach will require users to reset their passwords.
  • [NEW] PHP 7.x support.  Multiple deprecation issues fixed.
  • [UPDATED] Latest Ultimate Web Scraper Toolkit.
  • [UPDATED] Latest Ultimate E-mail Toolkit.
  • [REMOVED] HTML Purifier no longer needed.

Client:
  • [NEW] PHP 7.x support
  • [UPDATED] Latest Ultimate Web Scraper Toolkit.

Learn more about and download the SSO server/client software today:

http://barebonescms.com/documentation/sso/
Author of Barebones CMS

If you found my reply to be helpful, be sure to donate!
All funding goes toward future product development.
Reply
#2
Good to hear about the new version and congrats for the excellent work!
But i just tried to download the new version and ...
"Fatal error: Uncaught Error: Class 'MySQL' not found in ..."

I hope this is a temp glitch !

Thanks again
Reply
#3
Download fixed. Thanks for bringing it to my attention.
Author of Barebones CMS

If you found my reply to be helpful, be sure to donate!
All funding goes toward future product development.
Reply
#4
Any time and anything i can do to help!
Reply
#5
I could use a little help and i hope you don't find my questions foolish Smile
I have set up and running an sso server ver 3.7.1.
In order to upgrade to ver 3.7.2. do ineed to replace everything or specific files / folders ?
Will i loose any data or database entries ?

Thanks in advance!
Reply
#6
Depends on the installation. There are upgrade directions in the documentation. Generally speaking, only major releases (e.g. 2.x to 3.x) have database changes and require more involved upgrade procedures. Otherwise, the changes are file related that add features or fix known bugs.
Author of Barebones CMS

If you found my reply to be helpful, be sure to donate!
All funding goes toward future product development.
Reply
#7
Hi

I was evaluating your SSO product - well done. Smile

Was doing the integration testing with facebook and having issue with the provider.

Maybe not a bug - because of facebook sdk update ...anyway it is about 
"oauth/access_token"

In your code in https://github.com/cubiclesoft/sso-server/blob/master/providers/sso_facebook/facebook-sdk-src/base_facebook.php,
in 2 locations you are using the graph function oauth/access_token - and you are decoding them not as json.


In the current facebook sdk, the graph function is returning as json. I modified in my code and now it can authenticate correctly with facebook and managed to get the user details.



Hope you can update the master copy.

Regards
Reply
#8
Can you specify your changes in better detail? What lines did you add/modify? Thanks.
Author of Barebones CMS

If you found my reply to be helpful, be sure to donate!
All funding goes toward future product development.
Reply
#9
(06-12-2017, 06:32 PM)thruska Wrote: Can you specify your changes in better detail?  What lines did you add/modify?  Thanks.

Hi.

Attached below is the patch file contents.

Index: server/providers/sso_facebook/facebook-sdk-src/base_facebook.php
==================================================================
--- server/providers/sso_facebook/facebook-sdk-src/base_facebook.php
+++ server/providers/sso_facebook/facebook-sdk-src/base_facebook.php
@@ -387,11 +387,14 @@
    * Extend an access token, while removing the short-lived token that might
    * have been generated via client-side flow. Thanks to http://bit.ly/b0Pt0H
    * for the workaround.
    */
   public function setExtendedAccessToken() {
-    try {
+        
+         // TODO: json here
+        
+         try {
       // need to circumvent json_decode by calling _oauthRequest
       // directly, since response isn't JSON format.
       $access_token_response = $this->_oauthRequest(
         $this->getUrl('graph', '/oauth/access_token'),
         $params = array(
@@ -410,10 +413,24 @@

     if (empty($access_token_response)) {
       return false;
     }

+       $result = json_decode($access_token_response, true);
+
+    if (!is_array($result) || (!isset($result['access_token']))) {
+              return false;
+    }
+             
+    $this->destroySession();
+
+    $this->setPersistentData(
+      'access_token', $result['access_token']
+    );
+      
+
+       /*
     $response_params = array();
     parse_str($access_token_response, $response_params);

     if (!isset($response_params['access_token'])) {
       return false;
@@ -422,10 +439,11 @@
     $this->destroySession();

     $this->setPersistentData(
       'access_token', $response_params['access_token']
     );
+       */
   }

   /**
    * Determines the access token that should be used for API calls.
    * The first time this is called, $this->accessToken is set equal
@@ -800,10 +818,11 @@

     if ($redirect_uri === null) {
       $redirect_uri = $this->getCurrentUrl();
     }

+              // TODO: This is json !!
     try {
       // need to circumvent json_decode by calling _oauthRequest
       // directly, since response isn't JSON format.
       $access_token_response =
         $this->_oauthRequest(
@@ -816,21 +835,32 @@
       // most likely that user very recently revoked authorization.
       // In any event, we don't have an access token, so say so.
       return false;
     }

-    if (empty($access_token_response)) {
+       if (empty($access_token_response)) {
       return false;
     }
+
+       $result = json_decode($access_token_response, true);
+
+    if (is_array($result) && isset($result['access_token'])) {
+      return $result['access_token'];
+    }
+             
+       return false;
+      
+       /*

     $response_params = array();
     parse_str($access_token_response, $response_params);
     if (!isset($response_params['access_token'])) {
       return false;
     }

     return $response_params['access_token'];
+       */
   }

   /**
    * Invoke the old restserver.php endpoint.
    *
Reply
#10
Ah. It's buried in the ol' PHP Facebook SDK. Thanks.
Author of Barebones CMS

If you found my reply to be helpful, be sure to donate!
All funding goes toward future product development.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
© CubicleSoft