Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php namespace MiniOrange\OAuth\Controller\Actions; use Exception; use Magento\F..
Decoded Output download
<?php
namespace MiniOrange\OAuth\Controller\Actions;
use Exception;
use Magento\Framework\App\Action\Context;
use MiniOrange\OAuth\Helper\OAuth\AccessTokenRequestBodyForPasswordGrant;
use MiniOrange\OAuth\Helper\OAuth\AccessTokenRequestForPasswordGrant;
use MiniOrange\OAuth\Helper\OAuthConstants;
use MiniOrange\OAuth\Helper\OAuth\AccessTokenRequest;
use MiniOrange\OAuth\Helper\OAuth\AccessTokenRequestBody;
use MiniOrange\OAuth\Helper\Curl;
use MiniOrange\OAuth\Helper\OAuthUtility;
use Magento\Framework\App\Action\HttpPostActionInterface;
use Magento\Framework\App\Action\HttpGetActionInterface;
use MiniOrange\OAuth\Controller\Actions\ProcessResponseAction;
use MiniOrange\OAuth\Helper\JWTUtils;
use MiniOrange\OAuth\Helper\BigInteger;
use MiniOrange\OAuth\Helper\RSA;
use Magento\Customer\Api\AccountManagementInterface;
use Magento\Customer\Model\Session;
class ReadAuthorizationResponse extends BaseAction implements HttpPostActionInterface, HttpGetActionInterface
{
private $REQUEST;
private $POST;
private $processResponseAction;
protected $customerAccountManagement;
protected $session;
protected $setrelaystate;
protected $resultFactory;
protected $messageManager;
public function __construct(Context $aI, OAuthUtility $pG, AccountManagementInterface $iv, Session $gq, \Magento\Framework\Controller\ResultFactory $Ux, \Magento\Framework\Message\ManagerInterface $f3, ProcessResponseAction $Mw)
{
$this->processResponseAction = $Mw;
$this->customerAccountManagement = $iv;
$this->session = $gq;
$this->resultFactory = $Ux;
$this->messageManager = $f3;
parent::__construct($aI, $pG);
}
public function beforeLogin(\Magento\Backend\Model\Auth $RY, $aZ, $uL)
{
$oQ = $this->oauthUtility->getOAuthClientApps();
$gj = null;
foreach ($oQ as $yk) {
$ls = $yk->getData()["app_name"];
$this->oauthUtility->setSessionData(OAuthConstants::APP_NAME, $ls);
$this->oauthUtility->setAdminSessionData(OAuthConstants::APP_NAME, $ls);
$gj = $yk->getData();
Tp:
}
Dm:
if (!isset($gj["grant_type"])) {
goto i5;
}
$this->oauthUtility->setAdminSessionData("admin_post_logout", 1);
$wk = $gj["grant_type"];
$V7 = $gj["clientID"];
$iM = $gj["client_secret"];
$LA = $gj["access_token_endpoint"];
$uH = $gj["scope"];
$cF = $gj["values_in_header"];
$TN = $gj["values_in_body"];
$Pt = $this->oauthUtility->getCallBackUrl();
if (!($wk == "password_grant")) {
goto Sm;
}
$LB = $this->getRequest()->getParams();
$mj = null;
if (!isset($LB["Response"])) {
goto Mp;
}
$mj = $LB["Response"];
Mp:
$VK = $this->oauthUtility->getAdminBaseUrl();
$this->setrelaystate = $this->oauthUtility->getAdminBaseUrl();
if ($mj) {
goto ob;
}
if ($cF == 0 && $TN == 1) {
goto tY;
}
$iW = (new AccessTokenRequestBodyForPasswordGrant($wk, $Pt, $aZ, $uL, $uH))->build();
goto O0;
tY:
$iW = (new AccessTokenRequestForPasswordGrant($V7, $iM, $wk, $Pt, $aZ, $uL, $uH))->build();
O0:
$this->oauthUtility->log_debug("ReadAuthorizationResponse: accessTokenRequestForPasswordGrant", $iW);
$mj = Curl::mo_send_access_token_request_for_password_grant($iW, $LA, $V7, $iM, $aZ, $uL, $cF, $TN);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: accessTokenResponseForPasswordGrant", $mj);
ob:
$this->setrelaystate = $this->oauthUtility->getAdminBaseUrl();
if (!isset($LB["relayState"])) {
goto pv;
}
$this->setrelaystate = $LB["relayState"];
pv:
$this->mo_send_user_info_request($mj, $gj, $this->setrelaystate);
Sm:
i5:
return [$aZ, $uL];
}
public function execute()
{
if (!$this->oauthUtility->isTrialExpired()) {
goto jS;
}
$this->oauthUtility->log_debug("ProcessUserAction: execute : Your demo account has expired.");
print_r("Your Demo account has expired. Please contact to [email protected]");
exit;
jS:
$LB = $this->getRequest()->getParams();
$ls = $this->oauthUtility->getSessionData(OAuthConstants::APP_NAME);
$oQ = $this->oauthUtility->getOAuthClientApps();
$gj = null;
foreach ($oQ as $yk) {
if (!($yk->getData()["app_name"] === $ls)) {
goto Ht;
}
$gj = $yk->getData();
Ht:
kg:
}
Wf:
$wk = $gj["grant_type"];
$this->oauthUtility->log_debug("ReadAuthorizationResponse: execute");
$V7 = $gj["clientID"];
$iM = $gj["client_secret"];
$LA = $gj["access_token_endpoint"];
$uH = $gj["scope"];
$cF = $gj["values_in_header"];
$TN = $gj["values_in_body"];
$Pt = $this->oauthUtility->getCallBackUrl();
$this->oauthUtility->log_debug("ReadAuthorizationResponse: clientID " . $V7);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: clientSecret " . $iM);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: grantType " . $wk);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: redirectURL " . $Pt);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: accessTokenURL " . $LA);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: header" . $cF);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: body" . $TN);
if (!is_null($wk)) {
goto Fz;
}
$wk = "authorization_code";
Fz:
if ($wk == "authorization_code") {
goto gb;
}
if ($wk == "password_grant") {
goto PD;
}
if ($wk == "implicit_grant") {
goto z2;
}
if ($wk == "hybrid_grant") {
goto cs;
}
if ($wk == "client_credentials_grant") {
goto Dj;
}
goto op;
gb:
if (isset($LB["code"])) {
goto gU;
}
$this->oauthUtility->log_debug("ReadAuthorizationResponse: params['code'] not set");
if (!isset($LB["error"])) {
goto yW;
}
return $this->sendHTTPRedirectRequest("?error=" . urlencode($LB["error"]), $this->oauthUtility->getBaseUrl());
yW:
return $this->sendHTTPRedirectRequest("?error=code+not+received", $this->oauthUtility->getBaseUrl());
gU:
$zg = $LB["code"];
$VK = $LB["state"];
$this->setrelaystate = $LB["state"];
$this->oauthUtility->log_debug("ReadAuthorizationResponse: authorizationCode" . $zg);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: relayState" . $VK);
$an = $gj["pkce_flow"] === "1" ? true : false;
$mz = '';
if (!$an) {
goto Bv;
}
if (isset($_SESSION["mo_code_verifier"])) {
goto dX;
}
return $this->getResponse()->setBody("Something went wrong. PKCE Code verifier not found in session please try again");
dX:
$mz = $_SESSION["mo_code_verifier"];
Bv:
if ($cF == 0 && $TN == 1) {
goto TA;
}
$iW = (new AccessTokenRequestBody($wk, $Pt, $zg, $an, $mz))->build();
goto Ml;
TA:
$iW = (new AccessTokenRequest($V7, $iM, $wk, $Pt, $zg, $an, $mz))->build();
Ml:
$this->oauthUtility->log_debug("ReadAuthorizationResponse: accessTokenRequest" . json_encode($iW));
$mj = Curl::mo_send_access_token_request($iW, $LA, $V7, $iM, $cF, $TN);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: accessTokenResponse" . json_encode($mj));
goto op;
PD:
$LB = $this->getRequest()->getParams();
$this->setrelaystate = $this->oauthUtility->getBaseUrl();
if (!isset($LB["relayState"])) {
goto i1;
}
$this->setrelaystate = $LB["relayState"];
i1:
$mj = null;
$Di = $this->getRequest()->getPost("login");
$aZ = $this->oauthUtility->getSessionData(OAuthConstants::USERNAME);
$uL = $this->oauthUtility->getSessionData(OAuthConstants::PASSWORD);
$this->oauthUtility->unsetSessionData(OAuthConstants::PASSWORD);
$this->oauthUtility->unsetSessionData(OAuthConstants::USERNAME);
$aZ = $this->oauthUtility->getSessionData(OAuthConstants::USERNAME);
$uL = $this->oauthUtility->getSessionData(OAuthConstants::PASSWORD);
if (!(isset($LB["relayState"]) && $LB["relayState"] == OAuthConstants::TEST_RELAYSTATE)) {
goto iD;
}
$aZ = $LB["username"];
$uL = $LB["password"];
iD:
if ($mj) {
goto Im;
}
if ($cF == 0 && $TN == 1) {
goto ez;
}
$iW = (new AccessTokenRequestBodyForPasswordGrant($wk, $Pt, $aZ, $uL, $uH))->build();
goto yj;
ez:
$iW = (new AccessTokenRequestForPasswordGrant($V7, $iM, $wk, $Pt, $aZ, $uL, $uH))->build();
yj:
$this->oauthUtility->log_debug("ReadAuthorizationResponse: accessTokenRequestForPasswordGrant", $iW);
$mj = Curl::mo_send_access_token_request_for_password_grant($iW, $LA, $V7, $iM, $aZ, $uL, $cF, $TN);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: accessTokenResponseForPasswordGrant", $mj);
Im:
goto op;
z2:
goto op;
cs:
goto op;
Dj:
op:
$this->mo_send_user_info_request($mj, $gj, $this->setrelaystate);
}
public function mo_send_user_info_request($mj, $gj, $VK)
{
$o9 = json_decode($mj, "true");
$this->oauthUtility->log_debug("ReadAuthorizationResponse: accessTokenResponseData" . json_encode($o9));
if (!isset($o9["id_token"])) {
goto QN;
}
$v2 = $o9["id_token"];
$this->oauthUtility->log_debug("ReadAuthorizationResponse: idToken: " . $v2);
$this->oauthUtility->setSessionData(OAuthConstants::ID_TOKEN, $v2);
$this->oauthUtility->setAdminSessionData(OAuthConstants::ID_TOKEN, $v2);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: idToken stored: " . $v2);
QN:
$ZX = $gj["user_info_endpoint"];
if (!($ZX == NULL || $ZX == '') && isset($o9["access_token"])) {
goto gF;
}
if (isset($o9["id_token"])) {
goto Kg;
}
if (isset($o9["error"])) {
goto a3;
}
$this->oauthUtility->log_debug("ReadAuthorizationResponse: accessTokenResponseData", $o9);
$km = false;
$QY = false;
$QY = $this->oauthUtility->checkIfFlowStartedFromBackend($this->setrelaystate);
if ($QY) {
goto uT;
}
$aZ = $this->oauthUtility->getSessionData(OAuthConstants::USERNAME);
$uL = $this->oauthUtility->getSessionData(OAuthConstants::PASSWORD);
try {
$XM = $this->customerAccountManagement->authenticate($aZ, $uL);
} catch (\Exception $Z3) {
$this->messageManager->addErrorMessage("You did not sign in correctly or your account is temporarily disabled.");
return $this->getResponse()->setRedirect($this->oauthUtility->getBaseUrl() . "customer/account/login")->sendResponse();
}
$this->session->setCustomerDataAsLoggedIn($XM);
$this->session->regenerateId();
return $this->getResponse()->setRedirect($this->oauthUtility->getBaseUrl())->sendResponse();
uT:
return $this->getResponse()->setBody("Invalid response. Please try again.|M002. User Info Responce Data is empty.");
goto Yc;
gF:
$this->oauthUtility->log_debug("ReadAuthorizationResponse: accessTokenResponseData['access_token'] is set");
$In = $o9["access_token"];
$this->oauthUtility->log_debug("ReadAuthorizationResponse: accessToken: " . $In);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: userInfoURL: " . $ZX);
if (!($ZX == NULL || $ZX == '')) {
goto Rp;
}
return $this->getResponse()->setBody("Invalid response. Please enter User Info URL.");
Rp:
$cF = "Bearer " . $In;
$tt = ["Authorization: {$cF}"];
$oc = Curl::mo_send_user_info_request($ZX, $tt);
$nL = json_decode($oc, "true");
$this->oauthUtility->log_debug("ReadAuthorizationResponse: userInfoResponse" . json_encode($oc));
goto Yc;
Kg:
$this->oauthUtility->log_debug("ReadAuthorizationResponse: if accessTokenResponseData['id_token'] ");
if (empty($v2)) {
goto xx;
}
$nX = $gj["jwks_endpoint"];
$kz = explode(".", $v2);
$tU = $this->decodeJWT($v2);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: idTokenArray", json_encode($kz));
if (sizeof($kz) > 2) {
goto ew;
}
$this->oauthUtility->log_debug("ReadAuthorizationResponse: idTokenArray" . json_encode($kz));
return $this->getResponse()->setBody("Invalid response. Please try again.|M001. ");
goto vF;
ew:
if (empty($nX)) {
goto lf;
}
$T4 = trim($nX);
$jc = new JWTUtils($v2);
$ib = json_decode(file_get_contents($T4))->keys[0];
if ($jc->verify_from_jwks($T4)) {
goto hp;
}
return $this->getResponse()->setBody("Invalid signature received.");
hp:
lf:
$nL = $kz[1];
$nL = (array) json_decode(base64_decode($nL));
$this->oauthUtility->log_debug("ReadAuthorizationResponse: userInfoResponseData" . json_encode($nL));
vF:
xx:
goto Yc;
a3:
if (isset($o9["error_description"])) {
goto IE;
}
return $this->getResponse()->setBody("Invalid response. Please try again.|M001. User Info Responce Data is empty.");
goto Yl;
IE:
return $this->getResponse()->setBody($o9["error_description"]);
Yl:
Yc:
if (!empty($nL)) {
goto A2;
}
return $this->getResponse()->setBody("Invalid response. Please try again.|M003. User Info Responce Data is empty.");
A2:
$nL["relayState"] = $VK;
$this->processResponseAction->setUserInfoResponse($nL)->execute();
}
public function setRequestParam($n_)
{
$this->REQUEST = $n_;
return $this;
}
public function setPostParam($post)
{
$this->POST = $post;
return $this;
}
public function verifySign($tU, $ib)
{
$this->oauthUtility->log_debug("ReadAuthorizationResponse: inside verifySign");
$Lf = new Crypt_RSA();
$Lf->loadKey(["n" => new Math_BigInteger($this->get_base64_from_url($ib->n), 256), "e" => new Math_BigInteger($this->get_base64_from_url($ib->e), 256)]);
$Lf->setHash("sha256");
$Lf->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
return $Lf->verify($tU["data"], $tU["sign"]) ? true : false;
}
public function get_base64_from_url($t0)
{
return base64_decode(str_replace(["-", "_"], ["+", "/"], $t0));
}
public function decodeJWT($SG)
{
$this->oauthUtility->log_debug("ReadAuthorizationResponse: inside decodeJWT");
$MR = explode(".", $SG);
$cF = json_decode($this->get_base64_from_url($MR[0]));
$Jy = json_decode($this->get_base64_from_url($MR[1]));
$Wy = $this->get_base64_from_url($MR[2]);
return ["header" => $cF, "payload" => $Jy, "sign" => $Wy, "data" => $MR[0] . "." . $MR[1]];
}
}
?>Did this file decode correctly?
Original Code
<?php
namespace MiniOrange\OAuth\Controller\Actions;
use Exception;
use Magento\Framework\App\Action\Context;
use MiniOrange\OAuth\Helper\OAuth\AccessTokenRequestBodyForPasswordGrant;
use MiniOrange\OAuth\Helper\OAuth\AccessTokenRequestForPasswordGrant;
use MiniOrange\OAuth\Helper\OAuthConstants;
use MiniOrange\OAuth\Helper\OAuth\AccessTokenRequest;
use MiniOrange\OAuth\Helper\OAuth\AccessTokenRequestBody;
use MiniOrange\OAuth\Helper\Curl;
use MiniOrange\OAuth\Helper\OAuthUtility;
use Magento\Framework\App\Action\HttpPostActionInterface;
use Magento\Framework\App\Action\HttpGetActionInterface;
use MiniOrange\OAuth\Controller\Actions\ProcessResponseAction;
use MiniOrange\OAuth\Helper\JWTUtils;
use MiniOrange\OAuth\Helper\BigInteger;
use MiniOrange\OAuth\Helper\RSA;
use Magento\Customer\Api\AccountManagementInterface;
use Magento\Customer\Model\Session;
class ReadAuthorizationResponse extends BaseAction implements HttpPostActionInterface, HttpGetActionInterface
{
private $REQUEST;
private $POST;
private $processResponseAction;
protected $customerAccountManagement;
protected $session;
protected $setrelaystate;
protected $resultFactory;
protected $messageManager;
public function __construct(Context $aI, OAuthUtility $pG, AccountManagementInterface $iv, Session $gq, \Magento\Framework\Controller\ResultFactory $Ux, \Magento\Framework\Message\ManagerInterface $f3, ProcessResponseAction $Mw)
{
$this->processResponseAction = $Mw;
$this->customerAccountManagement = $iv;
$this->session = $gq;
$this->resultFactory = $Ux;
$this->messageManager = $f3;
parent::__construct($aI, $pG);
}
public function beforeLogin(\Magento\Backend\Model\Auth $RY, $aZ, $uL)
{
$oQ = $this->oauthUtility->getOAuthClientApps();
$gj = null;
foreach ($oQ as $yk) {
$ls = $yk->getData()["\141\x70\x70\x5f\x6e\141\155\x65"];
$this->oauthUtility->setSessionData(OAuthConstants::APP_NAME, $ls);
$this->oauthUtility->setAdminSessionData(OAuthConstants::APP_NAME, $ls);
$gj = $yk->getData();
Tp:
}
Dm:
if (!isset($gj["\x67\162\141\156\164\137\164\x79\160\145"])) {
goto i5;
}
$this->oauthUtility->setAdminSessionData("\x61\x64\x6d\x69\x6e\x5f\x70\x6f\163\x74\137\x6c\157\147\157\165\164", 1);
$wk = $gj["\x67\162\141\156\x74\x5f\164\171\160\145"];
$V7 = $gj["\x63\154\151\x65\156\x74\111\x44"];
$iM = $gj["\x63\154\151\145\156\x74\137\163\145\x63\162\145\164"];
$LA = $gj["\141\143\x63\x65\x73\163\x5f\164\157\153\145\156\x5f\145\156\x64\x70\x6f\x69\156\164"];
$uH = $gj["\x73\x63\157\x70\x65"];
$cF = $gj["\x76\141\154\x75\145\163\x5f\151\156\x5f\x68\x65\141\x64\145\x72"];
$TN = $gj["\166\141\154\165\145\163\137\151\x6e\137\142\x6f\x64\x79"];
$Pt = $this->oauthUtility->getCallBackUrl();
if (!($wk == "\x70\141\163\x73\x77\x6f\162\x64\137\147\x72\141\x6e\164")) {
goto Sm;
}
$LB = $this->getRequest()->getParams();
$mj = null;
if (!isset($LB["\122\145\163\x70\157\x6e\x73\145"])) {
goto Mp;
}
$mj = $LB["\122\145\163\x70\157\x6e\163\x65"];
Mp:
$VK = $this->oauthUtility->getAdminBaseUrl();
$this->setrelaystate = $this->oauthUtility->getAdminBaseUrl();
if ($mj) {
goto ob;
}
if ($cF == 0 && $TN == 1) {
goto tY;
}
$iW = (new AccessTokenRequestBodyForPasswordGrant($wk, $Pt, $aZ, $uL, $uH))->build();
goto O0;
tY:
$iW = (new AccessTokenRequestForPasswordGrant($V7, $iM, $wk, $Pt, $aZ, $uL, $uH))->build();
O0:
$this->oauthUtility->log_debug("\122\145\x61\144\x41\165\x74\150\x6f\x72\x69\172\141\x74\x69\157\156\122\145\x73\x70\157\156\x73\145\x3a\x20\x61\x63\x63\145\x73\163\124\157\153\145\156\122\x65\161\165\145\x73\x74\106\x6f\162\120\141\163\163\x77\x6f\162\144\107\162\141\156\x74", $iW);
$mj = Curl::mo_send_access_token_request_for_password_grant($iW, $LA, $V7, $iM, $aZ, $uL, $cF, $TN);
$this->oauthUtility->log_debug("\122\145\x61\144\101\x75\x74\150\x6f\162\151\x7a\x61\x74\x69\157\156\x52\x65\x73\160\x6f\156\163\x65\72\40\141\143\x63\x65\163\x73\x54\x6f\x6b\x65\156\x52\x65\163\x70\x6f\156\163\x65\106\157\162\120\141\x73\163\167\x6f\162\144\107\x72\141\x6e\x74", $mj);
ob:
$this->setrelaystate = $this->oauthUtility->getAdminBaseUrl();
if (!isset($LB["\162\x65\x6c\x61\171\x53\164\141\164\145"])) {
goto pv;
}
$this->setrelaystate = $LB["\x72\x65\154\141\x79\x53\x74\x61\x74\145"];
pv:
$this->mo_send_user_info_request($mj, $gj, $this->setrelaystate);
Sm:
i5:
return [$aZ, $uL];
}
public function execute()
{
if (!$this->oauthUtility->isTrialExpired()) {
goto jS;
}
$this->oauthUtility->log_debug("\x50\162\x6f\x63\x65\163\163\x55\163\x65\162\101\143\164\x69\x6f\156\72\40\145\170\x65\x63\x75\164\x65\40\72\x20\x59\157\165\x72\40\x64\145\155\157\40\141\143\143\157\165\156\x74\x20\x68\x61\x73\x20\145\x78\160\x69\x72\145\144\56");
print_r("\x59\x6f\165\162\x20\104\145\x6d\x6f\x20\x61\143\x63\157\165\x6e\x74\40\x68\x61\x73\40\x65\170\160\x69\162\x65\144\x2e\x20\x50\x6c\145\x61\163\x65\40\143\157\156\164\141\x63\164\x20\x74\x6f\40\155\141\x67\145\156\164\x6f\x73\x75\160\x70\x6f\x72\x74\100\x78\x65\x63\165\162\x69\x66\x79\x2e\143\157\155");
exit;
jS:
$LB = $this->getRequest()->getParams();
$ls = $this->oauthUtility->getSessionData(OAuthConstants::APP_NAME);
$oQ = $this->oauthUtility->getOAuthClientApps();
$gj = null;
foreach ($oQ as $yk) {
if (!($yk->getData()["\x61\160\160\x5f\x6e\141\x6d\145"] === $ls)) {
goto Ht;
}
$gj = $yk->getData();
Ht:
kg:
}
Wf:
$wk = $gj["\147\x72\x61\156\x74\137\164\x79\160\x65"];
$this->oauthUtility->log_debug("\x52\145\141\144\x41\x75\164\x68\157\x72\151\x7a\x61\164\x69\x6f\x6e\x52\145\x73\160\x6f\156\x73\145\72\40\145\x78\145\143\165\x74\x65");
$V7 = $gj["\x63\154\x69\x65\156\x74\x49\x44"];
$iM = $gj["\143\154\x69\145\x6e\x74\x5f\163\145\143\x72\145\164"];
$LA = $gj["\x61\x63\143\145\163\x73\x5f\164\x6f\153\x65\x6e\137\145\x6e\144\160\157\151\x6e\164"];
$uH = $gj["\163\143\157\160\145"];
$cF = $gj["\166\141\154\x75\145\x73\x5f\151\x6e\x5f\150\145\141\x64\145\162"];
$TN = $gj["\166\141\x6c\x75\x65\x73\x5f\x69\x6e\x5f\x62\x6f\x64\171"];
$Pt = $this->oauthUtility->getCallBackUrl();
$this->oauthUtility->log_debug("\122\145\141\144\101\165\x74\150\x6f\162\x69\x7a\141\164\x69\x6f\156\122\x65\163\160\157\156\163\x65\x3a\x20\x63\154\x69\x65\x6e\x74\x49\x44\40" . $V7);
$this->oauthUtility->log_debug("\x52\x65\141\x64\x41\165\x74\x68\157\162\151\x7a\x61\164\151\157\156\x52\145\163\x70\157\x6e\163\x65\72\x20\143\x6c\151\145\156\x74\123\x65\x63\162\x65\x74\x20" . $iM);
$this->oauthUtility->log_debug("\122\x65\x61\x64\101\x75\164\x68\x6f\x72\151\x7a\x61\x74\x69\x6f\x6e\122\145\x73\160\x6f\156\x73\145\x3a\x20\x67\162\141\156\x74\x54\171\x70\145\40" . $wk);
$this->oauthUtility->log_debug("\122\x65\x61\144\101\x75\164\x68\x6f\x72\151\172\x61\164\x69\x6f\156\x52\145\163\x70\x6f\156\163\x65\x3a\40\x72\x65\x64\151\x72\x65\x63\x74\125\122\114\x20" . $Pt);
$this->oauthUtility->log_debug("\122\x65\x61\144\x41\x75\x74\x68\x6f\x72\x69\x7a\x61\164\151\157\x6e\x52\145\163\160\x6f\x6e\163\145\x3a\x20\141\x63\143\x65\x73\x73\x54\x6f\x6b\145\x6e\x55\x52\114\x20" . $LA);
$this->oauthUtility->log_debug("\x52\x65\x61\x64\x41\165\x74\150\x6f\x72\151\x7a\x61\164\x69\157\156\x52\x65\x73\x70\157\x6e\163\145\72\x20\x68\145\141\x64\145\162" . $cF);
$this->oauthUtility->log_debug("\x52\x65\x61\x64\x41\x75\x74\x68\x6f\x72\x69\172\141\x74\x69\x6f\x6e\x52\x65\x73\160\x6f\156\163\x65\x3a\x20\x62\x6f\144\x79" . $TN);
if (!is_null($wk)) {
goto Fz;
}
$wk = "\141\165\x74\x68\157\162\x69\172\141\x74\x69\157\x6e\x5f\143\157\144\145";
Fz:
if ($wk == "\x61\x75\x74\x68\x6f\162\151\x7a\x61\164\x69\157\156\137\x63\157\144\145") {
goto gb;
}
if ($wk == "\160\141\x73\x73\167\157\x72\144\137\x67\x72\141\156\x74") {
goto PD;
}
if ($wk == "\151\x6d\x70\x6c\151\x63\151\x74\137\x67\x72\x61\x6e\164") {
goto z2;
}
if ($wk == "\x68\x79\x62\162\x69\144\x5f\x67\x72\141\156\x74") {
goto cs;
}
if ($wk == "\143\x6c\151\145\x6e\164\x5f\x63\x72\145\x64\145\156\164\151\x61\154\x73\x5f\x67\162\141\156\164") {
goto Dj;
}
goto op;
gb:
if (isset($LB["\x63\157\144\145"])) {
goto gU;
}
$this->oauthUtility->log_debug("\122\x65\x61\x64\x41\165\x74\150\x6f\x72\x69\172\x61\x74\151\x6f\156\x52\145\x73\x70\x6f\x6e\x73\145\72\40\160\x61\x72\x61\155\163\133\x27\143\x6f\144\x65\x27\135\40\156\x6f\164\x20\163\x65\x74");
if (!isset($LB["\x65\x72\x72\x6f\162"])) {
goto yW;
}
return $this->sendHTTPRedirectRequest("\77\145\162\x72\x6f\162\75" . urlencode($LB["\145\162\x72\x6f\x72"]), $this->oauthUtility->getBaseUrl());
yW:
return $this->sendHTTPRedirectRequest("\77\145\162\162\157\x72\x3d\143\157\144\x65\53\x6e\157\x74\53\x72\x65\x63\x65\151\x76\145\x64", $this->oauthUtility->getBaseUrl());
gU:
$zg = $LB["\x63\x6f\144\x65"];
$VK = $LB["\163\164\x61\164\145"];
$this->setrelaystate = $LB["\x73\x74\141\164\x65"];
$this->oauthUtility->log_debug("\x52\145\x61\144\101\x75\x74\x68\157\x72\x69\172\x61\x74\151\157\x6e\x52\145\x73\160\157\156\x73\x65\x3a\x20\x61\x75\164\150\x6f\162\x69\x7a\x61\164\x69\x6f\x6e\x43\x6f\144\x65" . $zg);
$this->oauthUtility->log_debug("\x52\x65\x61\x64\101\165\x74\150\157\162\x69\172\x61\164\x69\157\x6e\122\x65\163\160\157\156\x73\x65\x3a\40\x72\x65\x6c\x61\x79\x53\x74\x61\164\x65" . $VK);
$an = $gj["\160\153\x63\145\x5f\146\154\157\167"] === "\x31" ? true : false;
$mz = '';
if (!$an) {
goto Bv;
}
if (isset($_SESSION["\x6d\x6f\x5f\143\157\144\145\137\166\145\162\x69\x66\x69\145\x72"])) {
goto dX;
}
return $this->getResponse()->setBody("\x53\x6f\x6d\145\164\x68\x69\156\x67\40\167\145\x6e\164\40\x77\162\x6f\x6e\147\56\40\120\x4b\x43\x45\x20\x43\157\x64\145\40\166\145\x72\151\x66\151\145\162\40\x6e\157\x74\x20\146\x6f\165\156\144\x20\151\156\40\x73\x65\163\x73\x69\x6f\156\40\x70\x6c\x65\x61\x73\145\x20\164\162\171\x20\x61\147\x61\151\x6e");
dX:
$mz = $_SESSION["\155\157\x5f\x63\157\x64\x65\x5f\166\145\162\151\x66\151\x65\162"];
Bv:
if ($cF == 0 && $TN == 1) {
goto TA;
}
$iW = (new AccessTokenRequestBody($wk, $Pt, $zg, $an, $mz))->build();
goto Ml;
TA:
$iW = (new AccessTokenRequest($V7, $iM, $wk, $Pt, $zg, $an, $mz))->build();
Ml:
$this->oauthUtility->log_debug("\122\x65\x61\x64\x41\x75\x74\x68\x6f\x72\x69\x7a\141\x74\151\157\x6e\x52\x65\x73\160\x6f\156\x73\x65\72\x20\x61\x63\x63\x65\163\163\124\x6f\153\145\x6e\x52\x65\x71\165\x65\163\x74" . json_encode($iW));
$mj = Curl::mo_send_access_token_request($iW, $LA, $V7, $iM, $cF, $TN);
$this->oauthUtility->log_debug("\122\x65\x61\x64\101\165\164\x68\157\162\151\x7a\x61\x74\151\157\156\x52\145\163\x70\x6f\x6e\163\x65\x3a\40\141\143\x63\x65\163\163\124\x6f\153\145\156\122\145\x73\x70\x6f\x6e\x73\x65" . json_encode($mj));
goto op;
PD:
$LB = $this->getRequest()->getParams();
$this->setrelaystate = $this->oauthUtility->getBaseUrl();
if (!isset($LB["\162\x65\x6c\x61\171\x53\164\x61\164\x65"])) {
goto i1;
}
$this->setrelaystate = $LB["\x72\x65\x6c\x61\171\123\164\141\x74\145"];
i1:
$mj = null;
$Di = $this->getRequest()->getPost("\x6c\157\147\x69\156");
$aZ = $this->oauthUtility->getSessionData(OAuthConstants::USERNAME);
$uL = $this->oauthUtility->getSessionData(OAuthConstants::PASSWORD);
$this->oauthUtility->unsetSessionData(OAuthConstants::PASSWORD);
$this->oauthUtility->unsetSessionData(OAuthConstants::USERNAME);
$aZ = $this->oauthUtility->getSessionData(OAuthConstants::USERNAME);
$uL = $this->oauthUtility->getSessionData(OAuthConstants::PASSWORD);
if (!(isset($LB["\x72\x65\154\x61\x79\x53\164\x61\x74\145"]) && $LB["\x72\x65\154\141\x79\x53\x74\x61\x74\145"] == OAuthConstants::TEST_RELAYSTATE)) {
goto iD;
}
$aZ = $LB["\x75\x73\x65\x72\156\x61\155\145"];
$uL = $LB["\160\x61\x73\163\x77\x6f\x72\144"];
iD:
if ($mj) {
goto Im;
}
if ($cF == 0 && $TN == 1) {
goto ez;
}
$iW = (new AccessTokenRequestBodyForPasswordGrant($wk, $Pt, $aZ, $uL, $uH))->build();
goto yj;
ez:
$iW = (new AccessTokenRequestForPasswordGrant($V7, $iM, $wk, $Pt, $aZ, $uL, $uH))->build();
yj:
$this->oauthUtility->log_debug("\122\x65\141\x64\101\x75\x74\x68\x6f\162\151\x7a\141\164\151\157\x6e\122\x65\x73\x70\x6f\x6e\x73\x65\72\40\x61\x63\143\145\x73\163\x54\x6f\x6b\x65\x6e\122\145\161\x75\x65\x73\x74\x46\x6f\162\120\x61\x73\x73\167\157\162\144\x47\x72\141\156\x74", $iW);
$mj = Curl::mo_send_access_token_request_for_password_grant($iW, $LA, $V7, $iM, $aZ, $uL, $cF, $TN);
$this->oauthUtility->log_debug("\122\145\141\144\101\165\164\x68\157\x72\x69\x7a\141\164\151\x6f\x6e\122\x65\x73\x70\x6f\156\163\145\72\40\141\143\143\145\163\x73\124\x6f\153\145\156\x52\x65\163\160\x6f\x6e\x73\x65\x46\x6f\x72\120\x61\x73\163\x77\x6f\x72\x64\x47\162\x61\x6e\x74", $mj);
Im:
goto op;
z2:
goto op;
cs:
goto op;
Dj:
op:
$this->mo_send_user_info_request($mj, $gj, $this->setrelaystate);
}
public function mo_send_user_info_request($mj, $gj, $VK)
{
$o9 = json_decode($mj, "\164\x72\x75\145");
$this->oauthUtility->log_debug("\122\145\141\x64\x41\165\x74\150\x6f\162\x69\172\141\x74\x69\157\x6e\x52\x65\x73\160\157\156\163\x65\72\40\x61\x63\143\145\163\x73\124\x6f\x6b\145\x6e\x52\145\x73\x70\x6f\x6e\163\145\104\x61\164\141" . json_encode($o9));
if (!isset($o9["\x69\144\x5f\x74\x6f\x6b\x65\x6e"])) {
goto QN;
}
$v2 = $o9["\x69\x64\x5f\164\x6f\153\x65\x6e"];
$this->oauthUtility->log_debug("\x52\145\141\144\x41\165\164\x68\157\162\x69\x7a\x61\164\x69\157\156\122\x65\163\160\157\156\x73\x65\x3a\x20\x69\144\x54\x6f\x6b\x65\156\x3a\x20" . $v2);
$this->oauthUtility->setSessionData(OAuthConstants::ID_TOKEN, $v2);
$this->oauthUtility->setAdminSessionData(OAuthConstants::ID_TOKEN, $v2);
$this->oauthUtility->log_debug("\x52\x65\141\144\x41\x75\x74\150\x6f\x72\151\x7a\141\x74\151\157\x6e\x52\x65\x73\160\157\156\163\145\x3a\40\151\144\x54\x6f\153\x65\x6e\x20\163\164\x6f\162\x65\x64\x3a\x20" . $v2);
QN:
$ZX = $gj["\x75\163\145\162\137\x69\156\146\x6f\x5f\x65\x6e\144\160\x6f\151\x6e\x74"];
if (!($ZX == NULL || $ZX == '') && isset($o9["\x61\143\143\x65\163\x73\137\164\x6f\x6b\x65\x6e"])) {
goto gF;
}
if (isset($o9["\x69\x64\x5f\x74\157\x6b\x65\156"])) {
goto Kg;
}
if (isset($o9["\145\x72\162\157\162"])) {
goto a3;
}
$this->oauthUtility->log_debug("\x52\x65\x61\x64\101\x75\x74\x68\x6f\x72\151\x7a\x61\x74\151\157\156\x52\x65\x73\x70\157\x6e\x73\145\72\x20\141\143\143\145\163\x73\124\157\x6b\145\156\x52\x65\x73\160\x6f\x6e\x73\x65\x44\x61\164\141", $o9);
$km = false;
$QY = false;
$QY = $this->oauthUtility->checkIfFlowStartedFromBackend($this->setrelaystate);
if ($QY) {
goto uT;
}
$aZ = $this->oauthUtility->getSessionData(OAuthConstants::USERNAME);
$uL = $this->oauthUtility->getSessionData(OAuthConstants::PASSWORD);
try {
$XM = $this->customerAccountManagement->authenticate($aZ, $uL);
} catch (\Exception $Z3) {
$this->messageManager->addErrorMessage("\131\157\165\40\x64\x69\144\x20\x6e\x6f\164\40\163\x69\x67\x6e\40\x69\x6e\40\x63\x6f\162\x72\145\143\164\154\171\x20\157\x72\x20\171\157\165\x72\40\141\x63\143\x6f\165\x6e\x74\40\x69\x73\x20\x74\x65\155\160\x6f\162\141\x72\x69\154\171\40\x64\151\x73\x61\x62\154\145\144\x2e");
return $this->getResponse()->setRedirect($this->oauthUtility->getBaseUrl() . "\x63\165\163\164\x6f\x6d\145\162\57\141\143\x63\157\165\156\164\x2f\x6c\x6f\147\151\156")->sendResponse();
}
$this->session->setCustomerDataAsLoggedIn($XM);
$this->session->regenerateId();
return $this->getResponse()->setRedirect($this->oauthUtility->getBaseUrl())->sendResponse();
uT:
return $this->getResponse()->setBody("\111\156\166\141\154\151\x64\40\x72\x65\163\160\x6f\x6e\x73\145\x2e\40\x50\x6c\145\x61\163\x65\x20\x74\x72\171\40\x61\147\141\x69\x6e\x2e\174\115\x30\x30\62\56\x20\125\163\x65\162\40\111\x6e\x66\x6f\x20\x52\145\163\160\157\156\x63\145\40\104\141\x74\141\x20\151\163\x20\145\155\x70\x74\171\x2e");
goto Yc;
gF:
$this->oauthUtility->log_debug("\x52\145\141\x64\x41\x75\164\150\x6f\x72\x69\x7a\141\x74\x69\x6f\x6e\122\145\x73\x70\x6f\156\163\145\x3a\40\141\x63\x63\145\x73\163\124\x6f\153\145\156\x52\x65\x73\x70\157\156\163\145\104\141\164\x61\x5b\x27\141\x63\x63\x65\163\x73\137\x74\157\153\x65\x6e\47\x5d\40\x69\163\40\x73\145\164");
$In = $o9["\x61\x63\x63\x65\163\x73\137\164\157\153\145\x6e"];
$this->oauthUtility->log_debug("\x52\145\x61\144\101\165\x74\150\157\x72\151\x7a\x61\164\x69\x6f\x6e\x52\x65\x73\160\x6f\156\163\x65\72\x20\x61\x63\x63\x65\x73\163\124\x6f\153\x65\x6e\x3a\x20" . $In);
$this->oauthUtility->log_debug("\x52\145\x61\144\x41\x75\164\150\x6f\x72\x69\172\x61\164\151\x6f\156\122\145\x73\x70\x6f\x6e\163\x65\x3a\x20\165\x73\x65\x72\111\156\x66\x6f\x55\x52\x4c\72\40" . $ZX);
if (!($ZX == NULL || $ZX == '')) {
goto Rp;
}
return $this->getResponse()->setBody("\111\x6e\x76\x61\154\151\144\x20\x72\145\163\160\x6f\156\x73\x65\x2e\x20\x50\154\145\x61\x73\x65\40\145\156\x74\145\x72\40\x55\x73\145\162\40\x49\x6e\x66\157\x20\125\x52\x4c\56");
Rp:
$cF = "\102\x65\141\162\145\162\40" . $In;
$tt = ["\x41\x75\164\150\157\162\151\x7a\141\x74\151\157\x6e\x3a\40{$cF}"];
$oc = Curl::mo_send_user_info_request($ZX, $tt);
$nL = json_decode($oc, "\x74\x72\x75\145");
$this->oauthUtility->log_debug("\x52\x65\x61\144\101\165\x74\150\157\x72\151\x7a\141\x74\x69\x6f\156\x52\x65\x73\x70\157\x6e\163\145\72\40\165\163\145\162\x49\156\x66\x6f\x52\x65\x73\160\x6f\156\163\145" . json_encode($oc));
goto Yc;
Kg:
$this->oauthUtility->log_debug("\x52\145\141\144\x41\x75\x74\x68\x6f\x72\151\x7a\x61\x74\151\x6f\156\122\x65\x73\160\157\156\163\x65\72\x20\151\146\40\141\x63\x63\x65\x73\163\x54\157\153\145\156\x52\145\163\x70\x6f\156\163\x65\x44\x61\164\x61\x5b\x27\x69\144\x5f\164\157\153\x65\x6e\x27\135\40");
if (empty($v2)) {
goto xx;
}
$nX = $gj["\x6a\167\x6b\x73\137\x65\156\x64\160\157\x69\x6e\164"];
$kz = explode("\56", $v2);
$tU = $this->decodeJWT($v2);
$this->oauthUtility->log_debug("\122\145\x61\144\x41\165\x74\x68\x6f\162\151\x7a\x61\164\151\157\x6e\122\x65\x73\x70\157\156\163\x65\72\40\151\144\124\157\153\145\156\x41\162\x72\x61\171", json_encode($kz));
if (sizeof($kz) > 2) {
goto ew;
}
$this->oauthUtility->log_debug("\x52\x65\141\x64\x41\165\x74\150\157\162\x69\x7a\141\164\151\157\156\x52\x65\163\x70\157\x6e\x73\x65\72\40\151\144\x54\157\153\145\x6e\101\x72\162\141\x79" . json_encode($kz));
return $this->getResponse()->setBody("\111\156\x76\x61\x6c\x69\144\40\x72\x65\x73\x70\x6f\x6e\163\x65\56\40\x50\154\x65\x61\163\x65\40\x74\x72\x79\40\x61\147\141\151\156\56\174\115\60\60\x31\56\x20");
goto vF;
ew:
if (empty($nX)) {
goto lf;
}
$T4 = trim($nX);
$jc = new JWTUtils($v2);
$ib = json_decode(file_get_contents($T4))->keys[0];
if ($jc->verify_from_jwks($T4)) {
goto hp;
}
return $this->getResponse()->setBody("\111\x6e\166\141\x6c\x69\144\40\163\x69\147\x6e\141\x74\x75\162\145\40\x72\145\143\x65\151\x76\145\x64\56");
hp:
lf:
$nL = $kz[1];
$nL = (array) json_decode(base64_decode($nL));
$this->oauthUtility->log_debug("\122\145\141\x64\x41\x75\164\x68\157\x72\151\x7a\x61\164\151\x6f\156\122\145\x73\x70\157\x6e\163\x65\72\x20\x75\x73\x65\x72\x49\156\x66\157\x52\x65\163\x70\157\156\163\145\104\141\164\x61" . json_encode($nL));
vF:
xx:
goto Yc;
a3:
if (isset($o9["\x65\162\x72\x6f\x72\137\x64\145\x73\143\x72\151\x70\x74\x69\x6f\x6e"])) {
goto IE;
}
return $this->getResponse()->setBody("\111\x6e\x76\x61\154\151\144\x20\x72\145\163\x70\157\x6e\x73\x65\x2e\40\x50\x6c\145\141\x73\145\x20\x74\x72\x79\40\x61\x67\141\x69\x6e\x2e\174\x4d\x30\x30\61\56\x20\x55\x73\145\x72\40\111\156\x66\x6f\x20\x52\x65\x73\x70\x6f\x6e\143\145\x20\x44\141\164\x61\x20\x69\x73\40\x65\155\x70\x74\171\56");
goto Yl;
IE:
return $this->getResponse()->setBody($o9["\145\162\x72\157\x72\137\144\x65\x73\x63\x72\151\160\x74\151\x6f\156"]);
Yl:
Yc:
if (!empty($nL)) {
goto A2;
}
return $this->getResponse()->setBody("\111\156\166\141\x6c\151\x64\x20\x72\x65\x73\x70\157\x6e\163\145\x2e\40\x50\154\145\x61\x73\x65\40\x74\x72\171\x20\141\147\141\151\x6e\56\174\x4d\60\x30\63\x2e\x20\x55\x73\145\x72\x20\x49\x6e\146\157\x20\122\x65\163\160\157\x6e\x63\145\x20\x44\x61\x74\141\x20\x69\x73\40\145\x6d\x70\x74\171\56");
A2:
$nL["\162\145\154\x61\x79\123\x74\x61\x74\145"] = $VK;
$this->processResponseAction->setUserInfoResponse($nL)->execute();
}
public function setRequestParam($n_)
{
$this->REQUEST = $n_;
return $this;
}
public function setPostParam($post)
{
$this->POST = $post;
return $this;
}
public function verifySign($tU, $ib)
{
$this->oauthUtility->log_debug("\122\145\x61\144\101\165\x74\150\157\x72\x69\x7a\141\164\151\x6f\x6e\122\x65\163\160\x6f\x6e\x73\145\72\40\151\156\163\151\144\145\40\166\x65\x72\151\146\x79\123\x69\147\x6e");
$Lf = new Crypt_RSA();
$Lf->loadKey(["\x6e" => new Math_BigInteger($this->get_base64_from_url($ib->n), 256), "\x65" => new Math_BigInteger($this->get_base64_from_url($ib->e), 256)]);
$Lf->setHash("\x73\150\x61\x32\x35\66");
$Lf->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
return $Lf->verify($tU["\144\141\x74\x61"], $tU["\x73\151\x67\156"]) ? true : false;
}
public function get_base64_from_url($t0)
{
return base64_decode(str_replace(["\55", "\137"], ["\53", "\x2f"], $t0));
}
public function decodeJWT($SG)
{
$this->oauthUtility->log_debug("\x52\x65\x61\x64\101\x75\x74\150\x6f\162\x69\172\x61\x74\151\x6f\156\122\145\x73\160\x6f\x6e\x73\145\72\40\x69\156\x73\151\144\145\x20\x64\145\143\x6f\144\145\x4a\x57\124");
$MR = explode("\x2e", $SG);
$cF = json_decode($this->get_base64_from_url($MR[0]));
$Jy = json_decode($this->get_base64_from_url($MR[1]));
$Wy = $this->get_base64_from_url($MR[2]);
return ["\150\145\x61\x64\145\x72" => $cF, "\x70\x61\x79\x6c\x6f\141\x64" => $Jy, "\163\151\x67\x6e" => $Wy, "\x64\x61\164\x61" => $MR[0] . "\56" . $MR[1]];
}
}
Function Calls
| None |
Stats
| MD5 | 68cc4e322df00e019c4ffb664818f628 |
| Eval Count | 0 |
| Decode Time | 60 ms |