Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php namespace MiniOrange\OAuth\Controller\Actions; use Exception; use Magento\F..
Decoded Output download
<?php
namespace MiniOrange\OAuth\Controller\Actions;
use Exception;
use Magento\Framework\App\Action\Context;
use MiniOrange\OAuth\Helper\OAuth\AccessTokenRequestBodyForPasswordGrant;
use MiniOrange\OAuth\Helper\OAuth\AccessTokenRequestForPasswordGrant;
use MiniOrange\OAuth\Helper\OAuthConstants;
use MiniOrange\OAuth\Helper\OAuth\AccessTokenRequest;
use MiniOrange\OAuth\Helper\OAuth\AccessTokenRequestBody;
use MiniOrange\OAuth\Helper\Curl;
use MiniOrange\OAuth\Helper\OAuthUtility;
use Magento\Framework\App\Action\HttpPostActionInterface;
use Magento\Framework\App\Action\HttpGetActionInterface;
use MiniOrange\OAuth\Controller\Actions\ProcessResponseAction;
use MiniOrange\OAuth\Helper\JWTUtils;
use MiniOrange\OAuth\Helper\BigInteger;
use MiniOrange\OAuth\Helper\RSA;
use Magento\Customer\Api\AccountManagementInterface;
use Magento\Customer\Model\Session;
class ReadAuthorizationResponse extends BaseAction implements HttpPostActionInterface, HttpGetActionInterface
{
private $REQUEST;
private $POST;
private $processResponseAction;
protected $customerAccountManagement;
protected $session;
protected $setrelaystate;
protected $resultFactory;
protected $messageManager;
public function __construct(Context $RM, OAuthUtility $ca, AccountManagementInterface $Fr, Session $m9, \Magento\Framework\Controller\ResultFactory $Sj, \Magento\Framework\Message\ManagerInterface $oP, ProcessResponseAction $FZ)
{
$this->processResponseAction = $FZ;
$this->customerAccountManagement = $Fr;
$this->session = $m9;
$this->resultFactory = $Sj;
$this->messageManager = $oP;
parent::__construct($RM, $ca);
}
public function beforeLogin(\Magento\Backend\Model\Auth $Bx, $mu, $Up)
{
$Wu = $this->oauthUtility->getOAuthClientApps();
$O4 = null;
foreach ($Wu as $nN) {
$CE = $nN->getData()["app_name"];
$this->oauthUtility->setSessionData(OAuthConstants::APP_NAME, $CE);
$this->oauthUtility->setAdminSessionData(OAuthConstants::APP_NAME, $CE);
$O4 = $nN->getData();
YI:
}
v1:
if (!isset($O4["grant_type"])) {
goto VI;
}
$this->oauthUtility->setAdminSessionData("admin_post_logout", 1);
$Ou = $O4["grant_type"];
$Au = $O4["clientID"];
$hw = $O4["client_secret"];
$tX = $O4["access_token_endpoint"];
$Px = $O4["scope"];
$r1 = $O4["values_in_header"];
$bR = $O4["values_in_body"];
$Py = $this->oauthUtility->getCallBackUrl();
if (!($Ou == "password_grant")) {
goto wz;
}
$D8 = $this->getRequest()->getParams();
$I2 = null;
if (!isset($D8["Response"])) {
goto Xn;
}
$I2 = $D8["Response"];
Xn:
$We = $this->oauthUtility->getAdminBaseUrl();
$this->setrelaystate = $this->oauthUtility->getAdminBaseUrl();
if ($I2) {
goto zQ;
}
if ($r1 == 0 && $bR == 1) {
goto XB;
}
$G1 = (new AccessTokenRequestBodyForPasswordGrant($Ou, $Py, $mu, $Up, $Px))->build();
goto hv;
XB:
$G1 = (new AccessTokenRequestForPasswordGrant($Au, $hw, $Ou, $Py, $mu, $Up, $Px))->build();
hv:
$this->oauthUtility->log_debug("ReadAuthorizationResponse: accessTokenRequestForPasswordGrant", $G1);
$I2 = Curl::mo_send_access_token_request_for_password_grant($G1, $tX, $Au, $hw, $mu, $Up, $r1, $bR);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: accessTokenResponseForPasswordGrant", $I2);
zQ:
$this->setrelaystate = $this->oauthUtility->getAdminBaseUrl();
if (!isset($D8["relayState"])) {
goto NQ;
}
$this->setrelaystate = $D8["relayState"];
NQ:
$this->mo_send_user_info_request($I2, $O4);
wz:
VI:
return [$mu, $Up];
}
public function execute()
{
if (!$this->oauthUtility->isTrialExpired()) {
goto mM;
}
$this->oauthUtility->log_debug("ProcessUserAction: execute : Your demo account has expired.");
print_r("Your Demo account has expired. Please contact to [email protected]");
exit;
mM:
$D8 = $this->getRequest()->getParams();
$CE = $this->oauthUtility->getSessionData(OAuthConstants::APP_NAME);
$Wu = $this->oauthUtility->getOAuthClientApps();
$O4 = null;
foreach ($Wu as $nN) {
if (!($nN->getData()["app_name"] === $CE)) {
goto ss;
}
$O4 = $nN->getData();
ss:
kj:
}
CK:
$Ou = $O4["grant_type"];
$this->oauthUtility->log_debug("ReadAuthorizationResponse: execute");
$Au = $O4["clientID"];
$hw = $O4["client_secret"];
$tX = $O4["access_token_endpoint"];
$Px = $O4["scope"];
$r1 = $O4["values_in_header"];
$bR = $O4["values_in_body"];
$Py = $this->oauthUtility->getCallBackUrl();
$this->oauthUtility->log_debug("ReadAuthorizationResponse: clientID" . $Au);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: clientSecret" . $hw);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: grantType" . $Ou);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: redirectURL" . $Py);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: accessTokenURL" . $tX);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: header" . $r1);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: body" . $bR);
if (!is_null($Ou)) {
goto XO;
}
$Ou = "authorization_code";
XO:
if ($Ou == "authorization_code") {
goto dm;
}
if ($Ou == "password_grant") {
goto Ox;
}
if ($Ou == "implicit_grant") {
goto pt;
}
if ($Ou == "hybrid_grant") {
goto QF;
}
if ($Ou == "client_credentials_grant") {
goto F1;
}
goto RF;
dm:
if (isset($D8["code"])) {
goto M7;
}
$this->oauthUtility->log_debug("ReadAuthorizationResponse: params['code'] not set");
if (!isset($D8["error"])) {
goto Pe;
}
return $this->sendHTTPRedirectRequest("?error=" . urlencode($D8["error"]), $this->oauthUtility->getBaseUrl());
Pe:
return $this->sendHTTPRedirectRequest("?error=code+not+received", $this->oauthUtility->getBaseUrl());
M7:
$lX = $D8["code"];
$We = $D8["state"];
$this->setrelaystate = $D8["state"];
$this->oauthUtility->log_debug("ReadAuthorizationResponse: authorizationCode" . $lX);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: relayState" . $We);
$DC = $O4["pkce_flow"] === "1" ? true : false;
$fF = '';
if (!$DC) {
goto j6;
}
if (isset($_SESSION["mo_code_verifier"])) {
goto rM;
}
return $this->getResponse()->setBody("Something went wrong. PKCE Code verifier not found in session please try again");
rM:
$fF = $_SESSION["mo_code_verifier"];
j6:
if ($r1 == 0 && $bR == 1) {
goto Rq;
}
$G1 = (new AccessTokenRequestBody($Ou, $Py, $lX, $DC, $fF))->build();
goto NG;
Rq:
$G1 = (new AccessTokenRequest($Au, $hw, $Ou, $Py, $lX, $DC, $fF))->build();
NG:
$this->oauthUtility->log_debug("ReadAuthorizationResponse: accessTokenRequest" . json_encode($G1));
$I2 = Curl::mo_send_access_token_request($G1, $tX, $Au, $hw, $r1, $bR);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: accessTokenResponse" . json_encode($I2));
goto RF;
Ox:
$D8 = $this->getRequest()->getParams();
$this->setrelaystate = $this->oauthUtility->getBaseUrl();
if (!isset($D8["relayState"])) {
goto C2;
}
$this->setrelaystate = $D8["relayState"];
C2:
$I2 = null;
$We = $this->oauthUtility->getBaseUrl();
$sH = $this->getRequest()->getPost("login");
$mu = $this->oauthUtility->getSessionData(OAuthConstants::USERNAME);
$Up = $this->oauthUtility->getSessionData(OAuthConstants::PASSWORD);
$this->oauthUtility->unsetSessionData(OAuthConstants::PASSWORD);
$this->oauthUtility->unsetSessionData(OAuthConstants::USERNAME);
$mu = $this->oauthUtility->getSessionData(OAuthConstants::USERNAME);
$Up = $this->oauthUtility->getSessionData(OAuthConstants::PASSWORD);
if (!(isset($D8["relayState"]) && $D8["relayState"] == OAuthConstants::TEST_RELAYSTATE)) {
goto cn;
}
$mu = $D8["username"];
$Up = $D8["password"];
cn:
if ($I2) {
goto Ej;
}
if ($r1 == 0 && $bR == 1) {
goto AP;
}
$G1 = (new AccessTokenRequestBodyForPasswordGrant($Ou, $Py, $mu, $Up, $Px))->build();
goto x3;
AP:
$G1 = (new AccessTokenRequestForPasswordGrant($Au, $hw, $Ou, $Py, $mu, $Up, $Px))->build();
x3:
$this->oauthUtility->log_debug("ReadAuthorizationResponse: accessTokenRequestForPasswordGrant", $G1);
$I2 = Curl::mo_send_access_token_request_for_password_grant($G1, $tX, $Au, $hw, $mu, $Up, $r1, $bR);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: accessTokenResponseForPasswordGrant", $I2);
Ej:
goto RF;
pt:
goto RF;
QF:
goto RF;
F1:
RF:
$this->mo_send_user_info_request($I2, $O4);
}
public function mo_send_user_info_request($I2, $O4)
{
$KD = json_decode($I2, "true");
$this->oauthUtility->log_debug("ReadAuthorizationResponse: accessTokenResponseData" . json_encode($KD));
if (!isset($KD["id_token"])) {
goto tN;
}
$Oa = $KD["id_token"];
$this->oauthUtility->log_debug("ReadAuthorizationResponse: idToken: " . $Oa);
$this->oauthUtility->setSessionData(OAuthConstants::ID_TOKEN, $Oa);
$this->oauthUtility->setAdminSessionData(OAuthConstants::ID_TOKEN, $Oa);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: idToken stored: " . $Oa);
tN:
$lS = $O4["user_info_endpoint"];
if (!($lS == NULL || $lS == '') && isset($KD["access_token"])) {
goto fD;
}
if (isset($KD["id_token"])) {
goto PC;
}
if (isset($KD["error"])) {
goto jF;
}
$this->oauthUtility->log_debug("ReadAuthorizationResponse: accessTokenResponseData", $KD);
$pT = false;
$tJ = false;
$tJ = $this->oauthUtility->checkIfFlowStartedFromBackend($this->setrelaystate);
if ($tJ) {
goto c4;
}
$mu = $this->oauthUtility->getSessionData(OAuthConstants::USERNAME);
$Up = $this->oauthUtility->getSessionData(OAuthConstants::PASSWORD);
try {
$hG = $this->customerAccountManagement->authenticate($mu, $Up);
} catch (\Exception $B3) {
$this->messageManager->addErrorMessage("You did not sign in correctly or your account is temporarily disabled.");
return $this->getResponse()->setRedirect($this->oauthUtility->getBaseUrl() . "customer/account/login")->sendResponse();
}
$this->session->setCustomerDataAsLoggedIn($hG);
$this->session->regenerateId();
return $this->getResponse()->setRedirect($this->oauthUtility->getBaseUrl())->sendResponse();
c4:
return $this->getResponse()->setBody("Invalid response. Please try again.|M002. User Info Responce Data is empty.");
goto q0;
fD:
$this->oauthUtility->log_debug("ReadAuthorizationResponse: accessTokenResponseData['access_token'] is set");
$kU = $KD["access_token"];
$lS = $O4["user_info_endpoint"];
$this->oauthUtility->log_debug("ReadAuthorizationResponse: accessToken: " . $kU);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: userInfoURL: " . $lS);
if (!($lS == NULL || $lS == '')) {
goto Wv;
}
return $this->getResponse()->setBody("Invalid response. Please enter User Info URL.");
Wv:
$r1 = "Bearer " . $kU;
$fA = ["Authorization: {$r1}"];
$hc = Curl::mo_send_user_info_request($lS, $fA);
$t9 = json_decode($hc, "true");
$this->oauthUtility->log_debug("ReadAuthorizationResponse: userInfoResponse" . json_encode($hc));
goto q0;
PC:
$this->oauthUtility->log_debug("ReadAuthorizationResponse: if accessTokenResponseData['id_token'] ");
if (empty($Oa)) {
goto oS;
}
$TC = $O4["jwks_endpoint"];
$RZ = explode(".", $Oa);
$kV = $this->decodeJWT($Oa);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: idTokenArray", json_encode($RZ));
if (sizeof($RZ) > 2) {
goto Qr;
}
$this->oauthUtility->log_debug("ReadAuthorizationResponse: idTokenArray" . json_encode($RZ));
return $this->getResponse()->setBody("Invalid response. Please try again.|M001. ");
goto dq;
Qr:
if (empty($TC)) {
goto ZK;
}
$VC = trim($TC);
$Lm = new JWTUtils($Oa);
$D3 = json_decode(file_get_contents($VC))->keys[0];
if ($Lm->verify_from_jwks($VC)) {
goto SD;
}
return $this->getResponse()->setBody("Invalid signature received.");
SD:
ZK:
$t9 = $RZ[1];
$t9 = (array) json_decode(base64_decode($t9));
$this->oauthUtility->log_debug("ReadAuthorizationResponse: userInfoResponseData" . json_encode($t9));
dq:
oS:
goto q0;
jF:
if (isset($KD["error_description"])) {
goto uO;
}
return $this->getResponse()->setBody("Invalid response. Please try again.|M001. User Info Responce Data is empty.");
goto WT;
uO:
return $this->getResponse()->setBody($KD["error_description"]);
WT:
q0:
if (!empty($t9)) {
goto vq;
}
return $this->getResponse()->setBody("Invalid response. Please try again.|M003. User Info Responce Data is empty.");
vq:
$t9["relayState"] = $this->setrelaystate;
$this->processResponseAction->setUserInfoResponse($t9)->execute();
}
public function setRequestParam($Lo)
{
$this->REQUEST = $Lo;
return $this;
}
public function setPostParam($post)
{
$this->POST = $post;
return $this;
}
public function verifySign($kV, $D3)
{
$this->oauthUtility->log_debug("ReadAuthorizationResponse: inside verifySign");
$p_ = new Crypt_RSA();
$p_->loadKey(["n" => new Math_BigInteger($this->get_base64_from_url($D3->n), 256), "e" => new Math_BigInteger($this->get_base64_from_url($D3->e), 256)]);
$p_->setHash("sha256");
$p_->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
return $p_->verify($kV["data"], $kV["sign"]) ? true : false;
}
public function get_base64_from_url($kg)
{
return base64_decode(str_replace(["-", "_"], ["+", "/"], $kg));
}
public function decodeJWT($f0)
{
$this->oauthUtility->log_debug("ReadAuthorizationResponse: inside decodeJWT");
$hQ = explode(".", $f0);
$r1 = json_decode($this->get_base64_from_url($hQ[0]));
$JV = json_decode($this->get_base64_from_url($hQ[1]));
$fT = $this->get_base64_from_url($hQ[2]);
return ["header" => $r1, "payload" => $JV, "sign" => $fT, "data" => $hQ[0] . "." . $hQ[1]];
}
}
?>
Did this file decode correctly?
Original Code
<?php
namespace MiniOrange\OAuth\Controller\Actions;
use Exception;
use Magento\Framework\App\Action\Context;
use MiniOrange\OAuth\Helper\OAuth\AccessTokenRequestBodyForPasswordGrant;
use MiniOrange\OAuth\Helper\OAuth\AccessTokenRequestForPasswordGrant;
use MiniOrange\OAuth\Helper\OAuthConstants;
use MiniOrange\OAuth\Helper\OAuth\AccessTokenRequest;
use MiniOrange\OAuth\Helper\OAuth\AccessTokenRequestBody;
use MiniOrange\OAuth\Helper\Curl;
use MiniOrange\OAuth\Helper\OAuthUtility;
use Magento\Framework\App\Action\HttpPostActionInterface;
use Magento\Framework\App\Action\HttpGetActionInterface;
use MiniOrange\OAuth\Controller\Actions\ProcessResponseAction;
use MiniOrange\OAuth\Helper\JWTUtils;
use MiniOrange\OAuth\Helper\BigInteger;
use MiniOrange\OAuth\Helper\RSA;
use Magento\Customer\Api\AccountManagementInterface;
use Magento\Customer\Model\Session;
class ReadAuthorizationResponse extends BaseAction implements HttpPostActionInterface, HttpGetActionInterface
{
private $REQUEST;
private $POST;
private $processResponseAction;
protected $customerAccountManagement;
protected $session;
protected $setrelaystate;
protected $resultFactory;
protected $messageManager;
public function __construct(Context $RM, OAuthUtility $ca, AccountManagementInterface $Fr, Session $m9, \Magento\Framework\Controller\ResultFactory $Sj, \Magento\Framework\Message\ManagerInterface $oP, ProcessResponseAction $FZ)
{
$this->processResponseAction = $FZ;
$this->customerAccountManagement = $Fr;
$this->session = $m9;
$this->resultFactory = $Sj;
$this->messageManager = $oP;
parent::__construct($RM, $ca);
}
public function beforeLogin(\Magento\Backend\Model\Auth $Bx, $mu, $Up)
{
$Wu = $this->oauthUtility->getOAuthClientApps();
$O4 = null;
foreach ($Wu as $nN) {
$CE = $nN->getData()["\141\160\160\x5f\156\x61\155\145"];
$this->oauthUtility->setSessionData(OAuthConstants::APP_NAME, $CE);
$this->oauthUtility->setAdminSessionData(OAuthConstants::APP_NAME, $CE);
$O4 = $nN->getData();
YI:
}
v1:
if (!isset($O4["\x67\x72\141\x6e\x74\x5f\164\171\160\145"])) {
goto VI;
}
$this->oauthUtility->setAdminSessionData("\x61\144\155\x69\156\137\x70\157\163\x74\137\154\157\x67\157\x75\x74", 1);
$Ou = $O4["\x67\x72\x61\x6e\164\x5f\x74\x79\x70\x65"];
$Au = $O4["\x63\x6c\151\x65\x6e\164\111\x44"];
$hw = $O4["\x63\154\x69\145\x6e\x74\137\163\x65\143\x72\145\x74"];
$tX = $O4["\141\x63\143\x65\x73\x73\137\x74\157\153\145\x6e\x5f\x65\x6e\x64\x70\x6f\151\156\164"];
$Px = $O4["\163\143\x6f\160\145"];
$r1 = $O4["\166\141\x6c\165\x65\x73\x5f\x69\x6e\x5f\x68\x65\x61\144\145\x72"];
$bR = $O4["\x76\x61\154\165\x65\163\137\x69\x6e\x5f\x62\157\144\x79"];
$Py = $this->oauthUtility->getCallBackUrl();
if (!($Ou == "\x70\141\163\163\167\x6f\x72\144\137\x67\x72\141\x6e\164")) {
goto wz;
}
$D8 = $this->getRequest()->getParams();
$I2 = null;
if (!isset($D8["\x52\145\x73\x70\x6f\x6e\163\145"])) {
goto Xn;
}
$I2 = $D8["\122\145\163\160\x6f\156\163\145"];
Xn:
$We = $this->oauthUtility->getAdminBaseUrl();
$this->setrelaystate = $this->oauthUtility->getAdminBaseUrl();
if ($I2) {
goto zQ;
}
if ($r1 == 0 && $bR == 1) {
goto XB;
}
$G1 = (new AccessTokenRequestBodyForPasswordGrant($Ou, $Py, $mu, $Up, $Px))->build();
goto hv;
XB:
$G1 = (new AccessTokenRequestForPasswordGrant($Au, $hw, $Ou, $Py, $mu, $Up, $Px))->build();
hv:
$this->oauthUtility->log_debug("\122\145\141\x64\x41\165\x74\x68\x6f\162\x69\x7a\141\164\x69\x6f\x6e\x52\x65\163\160\x6f\x6e\x73\145\x3a\40\141\x63\143\145\x73\163\124\157\x6b\145\156\x52\145\x71\165\145\163\164\x46\x6f\162\120\x61\163\x73\167\157\x72\144\107\162\141\156\x74", $G1);
$I2 = Curl::mo_send_access_token_request_for_password_grant($G1, $tX, $Au, $hw, $mu, $Up, $r1, $bR);
$this->oauthUtility->log_debug("\122\x65\x61\x64\x41\165\164\150\x6f\162\151\x7a\141\x74\x69\x6f\x6e\122\x65\163\160\x6f\156\x73\x65\x3a\40\141\x63\x63\x65\x73\x73\124\x6f\153\145\156\122\x65\163\160\157\156\x73\x65\106\x6f\x72\120\x61\163\x73\167\157\x72\144\x47\x72\141\x6e\x74", $I2);
zQ:
$this->setrelaystate = $this->oauthUtility->getAdminBaseUrl();
if (!isset($D8["\x72\x65\154\x61\x79\x53\x74\141\x74\x65"])) {
goto NQ;
}
$this->setrelaystate = $D8["\x72\145\x6c\141\171\x53\x74\141\x74\x65"];
NQ:
$this->mo_send_user_info_request($I2, $O4);
wz:
VI:
return [$mu, $Up];
}
public function execute()
{
if (!$this->oauthUtility->isTrialExpired()) {
goto mM;
}
$this->oauthUtility->log_debug("\120\162\157\x63\x65\163\x73\125\x73\x65\162\101\x63\164\x69\157\156\x3a\x20\145\170\x65\x63\x75\x74\x65\40\72\40\131\157\165\162\x20\x64\x65\155\x6f\x20\141\143\143\x6f\165\x6e\x74\x20\x68\x61\x73\x20\145\170\x70\151\x72\x65\x64\x2e");
print_r("\131\x6f\x75\162\x20\x44\145\155\157\x20\x61\x63\143\157\165\156\164\40\150\141\x73\x20\x65\x78\160\151\x72\145\x64\56\40\120\x6c\145\x61\163\145\40\x63\x6f\156\164\x61\143\x74\40\x74\157\x20\155\x61\x67\x65\x6e\164\x6f\x73\165\x70\160\157\x72\x74\100\170\145\143\x75\x72\x69\146\171\x2e\143\157\x6d");
exit;
mM:
$D8 = $this->getRequest()->getParams();
$CE = $this->oauthUtility->getSessionData(OAuthConstants::APP_NAME);
$Wu = $this->oauthUtility->getOAuthClientApps();
$O4 = null;
foreach ($Wu as $nN) {
if (!($nN->getData()["\141\x70\160\x5f\156\x61\155\145"] === $CE)) {
goto ss;
}
$O4 = $nN->getData();
ss:
kj:
}
CK:
$Ou = $O4["\147\162\x61\156\x74\x5f\164\x79\160\145"];
$this->oauthUtility->log_debug("\122\145\x61\x64\101\165\x74\150\x6f\x72\151\x7a\x61\164\x69\157\156\122\x65\x73\160\x6f\156\163\145\72\x20\x65\170\x65\143\165\x74\x65");
$Au = $O4["\143\x6c\x69\x65\156\x74\x49\x44"];
$hw = $O4["\x63\154\151\x65\x6e\164\137\x73\145\143\162\145\x74"];
$tX = $O4["\x61\143\x63\x65\x73\x73\137\x74\157\x6b\145\x6e\x5f\x65\156\144\x70\x6f\151\x6e\x74"];
$Px = $O4["\163\143\157\x70\x65"];
$r1 = $O4["\166\x61\154\x75\145\163\137\151\156\x5f\150\x65\141\x64\x65\x72"];
$bR = $O4["\x76\141\x6c\165\145\x73\137\151\156\x5f\x62\x6f\x64\x79"];
$Py = $this->oauthUtility->getCallBackUrl();
$this->oauthUtility->log_debug("\x52\x65\x61\x64\x41\x75\164\x68\x6f\x72\x69\172\x61\x74\151\x6f\x6e\x52\x65\163\x70\157\156\163\145\x3a\40\143\154\151\145\156\164\x49\x44" . $Au);
$this->oauthUtility->log_debug("\x52\x65\141\144\x41\165\164\150\157\162\151\172\x61\x74\x69\x6f\156\x52\x65\163\x70\157\156\x73\145\x3a\40\x63\154\x69\145\x6e\164\x53\x65\143\x72\x65\x74" . $hw);
$this->oauthUtility->log_debug("\122\145\x61\x64\x41\x75\164\150\157\162\151\x7a\141\164\x69\x6f\x6e\x52\x65\x73\160\157\156\x73\145\72\x20\x67\x72\x61\156\164\124\171\x70\145" . $Ou);
$this->oauthUtility->log_debug("\122\x65\x61\x64\x41\x75\164\x68\x6f\162\151\x7a\141\164\151\x6f\x6e\122\x65\163\x70\157\156\x73\x65\x3a\x20\x72\145\x64\x69\162\x65\143\164\x55\x52\x4c" . $Py);
$this->oauthUtility->log_debug("\122\x65\x61\x64\x41\165\164\150\x6f\x72\151\x7a\141\x74\x69\157\x6e\x52\x65\163\160\157\156\x73\145\72\40\141\x63\143\145\x73\x73\x54\x6f\153\x65\x6e\x55\x52\x4c" . $tX);
$this->oauthUtility->log_debug("\122\145\141\144\x41\165\164\x68\x6f\x72\151\172\141\164\151\x6f\156\122\145\163\160\x6f\x6e\x73\x65\72\40\150\145\141\144\145\162" . $r1);
$this->oauthUtility->log_debug("\x52\x65\141\x64\101\165\x74\x68\x6f\162\151\172\141\x74\151\x6f\x6e\122\145\x73\x70\x6f\156\x73\145\72\40\x62\x6f\x64\x79" . $bR);
if (!is_null($Ou)) {
goto XO;
}
$Ou = "\141\165\x74\x68\157\x72\151\x7a\x61\164\x69\157\156\137\x63\x6f\x64\x65";
XO:
if ($Ou == "\141\165\164\150\157\162\x69\x7a\141\x74\151\x6f\x6e\137\x63\157\144\x65") {
goto dm;
}
if ($Ou == "\x70\141\163\x73\167\157\x72\x64\x5f\x67\x72\141\156\164") {
goto Ox;
}
if ($Ou == "\x69\x6d\160\x6c\x69\143\x69\x74\x5f\147\162\x61\156\x74") {
goto pt;
}
if ($Ou == "\150\171\x62\x72\151\x64\137\147\x72\x61\x6e\164") {
goto QF;
}
if ($Ou == "\x63\154\151\x65\x6e\x74\x5f\x63\x72\x65\x64\145\x6e\164\151\141\154\163\x5f\147\162\x61\x6e\164") {
goto F1;
}
goto RF;
dm:
if (isset($D8["\143\157\x64\x65"])) {
goto M7;
}
$this->oauthUtility->log_debug("\x52\145\141\144\101\165\164\x68\x6f\162\x69\x7a\x61\164\151\x6f\156\122\145\163\x70\157\156\163\145\72\x20\160\141\x72\141\x6d\x73\133\47\143\x6f\x64\145\x27\x5d\40\x6e\157\x74\x20\x73\145\164");
if (!isset($D8["\x65\x72\x72\x6f\x72"])) {
goto Pe;
}
return $this->sendHTTPRedirectRequest("\x3f\145\162\x72\x6f\x72\x3d" . urlencode($D8["\145\x72\x72\157\x72"]), $this->oauthUtility->getBaseUrl());
Pe:
return $this->sendHTTPRedirectRequest("\77\145\x72\x72\x6f\162\75\x63\157\x64\x65\53\156\x6f\x74\53\x72\145\143\x65\x69\x76\145\x64", $this->oauthUtility->getBaseUrl());
M7:
$lX = $D8["\143\x6f\144\x65"];
$We = $D8["\163\164\141\x74\x65"];
$this->setrelaystate = $D8["\163\164\141\164\x65"];
$this->oauthUtility->log_debug("\x52\x65\141\144\x41\x75\x74\150\157\162\x69\x7a\x61\x74\x69\x6f\156\x52\x65\x73\x70\x6f\156\163\145\72\40\x61\165\x74\150\x6f\x72\x69\x7a\141\x74\x69\157\x6e\103\x6f\144\x65" . $lX);
$this->oauthUtility->log_debug("\x52\x65\x61\144\101\x75\164\150\x6f\x72\151\172\x61\164\151\157\x6e\x52\x65\163\x70\x6f\x6e\163\x65\x3a\40\x72\x65\x6c\x61\x79\123\x74\x61\164\x65" . $We);
$DC = $O4["\160\x6b\143\x65\137\x66\154\157\x77"] === "\61" ? true : false;
$fF = '';
if (!$DC) {
goto j6;
}
if (isset($_SESSION["\x6d\157\x5f\143\157\x64\145\137\166\x65\x72\151\146\x69\x65\x72"])) {
goto rM;
}
return $this->getResponse()->setBody("\123\157\x6d\x65\x74\x68\151\156\x67\x20\167\145\x6e\164\40\167\162\x6f\156\147\56\40\x50\x4b\x43\105\40\103\x6f\x64\x65\40\166\x65\162\151\146\x69\x65\x72\x20\x6e\157\164\x20\x66\x6f\x75\156\x64\x20\x69\x6e\x20\163\145\163\x73\x69\x6f\156\40\160\154\145\x61\163\x65\40\164\x72\171\x20\141\147\x61\x69\x6e");
rM:
$fF = $_SESSION["\155\157\137\x63\157\144\x65\137\166\145\x72\151\x66\151\x65\x72"];
j6:
if ($r1 == 0 && $bR == 1) {
goto Rq;
}
$G1 = (new AccessTokenRequestBody($Ou, $Py, $lX, $DC, $fF))->build();
goto NG;
Rq:
$G1 = (new AccessTokenRequest($Au, $hw, $Ou, $Py, $lX, $DC, $fF))->build();
NG:
$this->oauthUtility->log_debug("\122\x65\x61\144\101\165\164\x68\x6f\x72\x69\172\141\x74\151\157\156\122\145\163\x70\x6f\156\x73\x65\72\40\141\143\143\x65\163\x73\x54\157\153\x65\156\x52\x65\x71\x75\x65\x73\x74" . json_encode($G1));
$I2 = Curl::mo_send_access_token_request($G1, $tX, $Au, $hw, $r1, $bR);
$this->oauthUtility->log_debug("\122\145\141\144\101\x75\164\x68\157\x72\x69\172\141\164\151\x6f\156\122\x65\x73\x70\x6f\x6e\x73\145\x3a\40\x61\143\143\x65\163\163\124\157\x6b\145\x6e\122\x65\x73\160\x6f\x6e\163\145" . json_encode($I2));
goto RF;
Ox:
$D8 = $this->getRequest()->getParams();
$this->setrelaystate = $this->oauthUtility->getBaseUrl();
if (!isset($D8["\x72\x65\x6c\x61\171\123\164\141\164\145"])) {
goto C2;
}
$this->setrelaystate = $D8["\x72\145\x6c\x61\171\123\x74\141\164\145"];
C2:
$I2 = null;
$We = $this->oauthUtility->getBaseUrl();
$sH = $this->getRequest()->getPost("\154\x6f\x67\151\156");
$mu = $this->oauthUtility->getSessionData(OAuthConstants::USERNAME);
$Up = $this->oauthUtility->getSessionData(OAuthConstants::PASSWORD);
$this->oauthUtility->unsetSessionData(OAuthConstants::PASSWORD);
$this->oauthUtility->unsetSessionData(OAuthConstants::USERNAME);
$mu = $this->oauthUtility->getSessionData(OAuthConstants::USERNAME);
$Up = $this->oauthUtility->getSessionData(OAuthConstants::PASSWORD);
if (!(isset($D8["\x72\145\x6c\141\x79\123\x74\x61\x74\145"]) && $D8["\x72\x65\154\141\x79\123\x74\x61\x74\x65"] == OAuthConstants::TEST_RELAYSTATE)) {
goto cn;
}
$mu = $D8["\x75\x73\145\x72\156\x61\x6d\x65"];
$Up = $D8["\x70\x61\x73\x73\x77\x6f\x72\144"];
cn:
if ($I2) {
goto Ej;
}
if ($r1 == 0 && $bR == 1) {
goto AP;
}
$G1 = (new AccessTokenRequestBodyForPasswordGrant($Ou, $Py, $mu, $Up, $Px))->build();
goto x3;
AP:
$G1 = (new AccessTokenRequestForPasswordGrant($Au, $hw, $Ou, $Py, $mu, $Up, $Px))->build();
x3:
$this->oauthUtility->log_debug("\122\x65\x61\x64\101\165\164\150\157\162\x69\x7a\141\164\151\157\x6e\x52\145\x73\x70\157\156\x73\x65\72\40\x61\143\143\145\x73\163\124\x6f\x6b\x65\156\x52\x65\161\165\145\x73\164\106\157\x72\120\x61\163\x73\x77\157\162\x64\x47\x72\x61\x6e\x74", $G1);
$I2 = Curl::mo_send_access_token_request_for_password_grant($G1, $tX, $Au, $hw, $mu, $Up, $r1, $bR);
$this->oauthUtility->log_debug("\x52\x65\141\144\101\165\x74\150\157\x72\151\172\x61\x74\x69\x6f\x6e\122\x65\163\x70\x6f\156\163\145\72\x20\x61\143\143\145\163\163\x54\157\153\145\x6e\122\x65\x73\160\x6f\x6e\x73\145\106\157\x72\x50\x61\163\163\x77\x6f\162\144\107\162\141\156\x74", $I2);
Ej:
goto RF;
pt:
goto RF;
QF:
goto RF;
F1:
RF:
$this->mo_send_user_info_request($I2, $O4);
}
public function mo_send_user_info_request($I2, $O4)
{
$KD = json_decode($I2, "\164\x72\x75\x65");
$this->oauthUtility->log_debug("\122\145\141\x64\x41\165\x74\150\x6f\x72\x69\x7a\x61\164\x69\157\x6e\x52\x65\163\160\157\x6e\x73\x65\72\40\x61\143\x63\x65\163\163\x54\157\x6b\145\x6e\x52\x65\x73\160\157\x6e\163\145\104\x61\x74\141" . json_encode($KD));
if (!isset($KD["\x69\x64\x5f\164\x6f\x6b\145\156"])) {
goto tN;
}
$Oa = $KD["\151\x64\x5f\164\157\x6b\x65\x6e"];
$this->oauthUtility->log_debug("\x52\145\x61\x64\x41\x75\x74\150\157\162\x69\172\141\x74\151\x6f\156\x52\x65\x73\x70\157\x6e\x73\x65\x3a\x20\151\144\124\x6f\x6b\145\x6e\x3a\40" . $Oa);
$this->oauthUtility->setSessionData(OAuthConstants::ID_TOKEN, $Oa);
$this->oauthUtility->setAdminSessionData(OAuthConstants::ID_TOKEN, $Oa);
$this->oauthUtility->log_debug("\122\x65\x61\144\101\x75\x74\x68\x6f\x72\151\172\141\x74\x69\157\156\x52\145\x73\x70\157\156\x73\145\72\40\151\144\x54\157\x6b\x65\156\40\163\x74\x6f\162\x65\144\72\x20" . $Oa);
tN:
$lS = $O4["\x75\x73\145\162\x5f\x69\x6e\146\157\137\145\156\144\160\157\x69\156\x74"];
if (!($lS == NULL || $lS == '') && isset($KD["\141\143\143\x65\163\x73\x5f\164\x6f\x6b\145\156"])) {
goto fD;
}
if (isset($KD["\x69\x64\137\164\157\153\145\156"])) {
goto PC;
}
if (isset($KD["\x65\162\162\157\x72"])) {
goto jF;
}
$this->oauthUtility->log_debug("\122\x65\x61\x64\101\165\x74\x68\x6f\x72\151\172\x61\x74\x69\157\156\122\145\163\160\157\x6e\163\x65\72\40\141\143\143\145\163\163\124\x6f\153\x65\156\122\x65\163\x70\x6f\x6e\163\145\x44\x61\164\141", $KD);
$pT = false;
$tJ = false;
$tJ = $this->oauthUtility->checkIfFlowStartedFromBackend($this->setrelaystate);
if ($tJ) {
goto c4;
}
$mu = $this->oauthUtility->getSessionData(OAuthConstants::USERNAME);
$Up = $this->oauthUtility->getSessionData(OAuthConstants::PASSWORD);
try {
$hG = $this->customerAccountManagement->authenticate($mu, $Up);
} catch (\Exception $B3) {
$this->messageManager->addErrorMessage("\131\x6f\x75\40\144\x69\144\40\x6e\157\164\x20\x73\x69\147\156\x20\x69\x6e\40\143\x6f\162\x72\x65\x63\x74\154\x79\40\157\x72\40\171\157\165\x72\40\x61\143\x63\x6f\165\x6e\164\40\x69\163\40\x74\145\x6d\160\157\x72\x61\162\151\154\x79\40\144\x69\163\x61\142\x6c\x65\x64\x2e");
return $this->getResponse()->setRedirect($this->oauthUtility->getBaseUrl() . "\143\x75\163\164\157\155\145\x72\x2f\x61\143\x63\157\165\156\x74\57\x6c\157\x67\151\x6e")->sendResponse();
}
$this->session->setCustomerDataAsLoggedIn($hG);
$this->session->regenerateId();
return $this->getResponse()->setRedirect($this->oauthUtility->getBaseUrl())->sendResponse();
c4:
return $this->getResponse()->setBody("\x49\156\166\x61\x6c\151\144\40\x72\x65\163\x70\x6f\x6e\163\145\56\40\120\x6c\x65\141\163\145\40\164\x72\x79\x20\141\x67\141\x69\x6e\56\x7c\x4d\60\x30\x32\56\x20\x55\163\x65\162\40\x49\156\146\157\40\122\145\163\160\157\x6e\143\x65\40\104\x61\x74\x61\40\x69\x73\40\x65\x6d\160\164\171\x2e");
goto q0;
fD:
$this->oauthUtility->log_debug("\x52\x65\141\x64\101\165\164\x68\x6f\162\151\172\141\164\x69\x6f\156\x52\x65\x73\160\157\x6e\163\145\x3a\40\141\x63\x63\145\x73\x73\124\157\x6b\x65\156\x52\145\163\x70\x6f\x6e\x73\x65\x44\x61\x74\141\x5b\x27\141\x63\x63\x65\163\x73\x5f\x74\157\153\145\156\x27\x5d\x20\x69\x73\40\x73\x65\164");
$kU = $KD["\x61\x63\143\145\163\163\x5f\164\x6f\x6b\145\x6e"];
$lS = $O4["\x75\x73\x65\162\137\x69\x6e\x66\x6f\137\145\156\x64\160\x6f\151\156\x74"];
$this->oauthUtility->log_debug("\122\x65\141\144\101\165\164\150\x6f\x72\x69\172\141\x74\x69\157\156\122\145\163\x70\157\x6e\163\x65\72\40\x61\x63\x63\145\163\x73\x54\x6f\x6b\x65\156\x3a\40" . $kU);
$this->oauthUtility->log_debug("\x52\145\141\144\101\x75\x74\x68\157\162\151\172\141\x74\x69\157\156\122\145\163\x70\157\x6e\x73\x65\x3a\x20\165\x73\145\162\x49\x6e\x66\x6f\x55\122\114\72\x20" . $lS);
if (!($lS == NULL || $lS == '')) {
goto Wv;
}
return $this->getResponse()->setBody("\x49\156\166\141\x6c\x69\x64\40\162\x65\x73\160\x6f\x6e\x73\145\x2e\40\120\x6c\x65\x61\x73\145\x20\145\156\164\x65\162\x20\x55\163\x65\162\x20\x49\x6e\146\x6f\40\125\122\114\56");
Wv:
$r1 = "\102\x65\141\x72\145\x72\x20" . $kU;
$fA = ["\x41\x75\x74\150\157\x72\151\172\141\164\x69\157\156\x3a\40{$r1}"];
$hc = Curl::mo_send_user_info_request($lS, $fA);
$t9 = json_decode($hc, "\x74\162\165\x65");
$this->oauthUtility->log_debug("\x52\x65\141\x64\x41\x75\164\150\x6f\x72\151\172\x61\164\x69\157\156\x52\x65\163\x70\x6f\156\x73\145\72\40\165\x73\x65\162\111\x6e\146\x6f\x52\145\x73\160\157\156\163\x65" . json_encode($hc));
goto q0;
PC:
$this->oauthUtility->log_debug("\x52\x65\x61\x64\x41\165\164\x68\157\162\x69\x7a\x61\164\x69\157\156\122\x65\x73\160\157\x6e\x73\145\72\x20\151\x66\40\141\x63\x63\145\163\x73\x54\157\153\145\x6e\122\x65\163\x70\157\156\163\145\104\x61\x74\x61\133\x27\151\x64\x5f\164\x6f\153\x65\x6e\x27\135\40");
if (empty($Oa)) {
goto oS;
}
$TC = $O4["\152\x77\x6b\163\137\x65\156\144\160\157\151\156\164"];
$RZ = explode("\x2e", $Oa);
$kV = $this->decodeJWT($Oa);
$this->oauthUtility->log_debug("\122\145\141\x64\x41\165\x74\x68\157\162\x69\172\x61\164\151\x6f\x6e\x52\145\x73\x70\x6f\x6e\x73\x65\72\40\x69\144\124\157\153\145\x6e\x41\162\x72\x61\171", json_encode($RZ));
if (sizeof($RZ) > 2) {
goto Qr;
}
$this->oauthUtility->log_debug("\x52\145\141\144\101\x75\x74\150\157\162\x69\172\x61\x74\x69\157\156\122\x65\x73\x70\x6f\156\163\x65\72\x20\151\x64\124\x6f\153\145\x6e\101\162\162\141\x79" . json_encode($RZ));
return $this->getResponse()->setBody("\x49\x6e\x76\x61\154\151\144\x20\162\145\x73\160\157\156\163\145\x2e\x20\x50\x6c\145\x61\163\x65\40\164\162\x79\x20\x61\147\x61\151\156\56\174\115\60\60\x31\x2e\x20");
goto dq;
Qr:
if (empty($TC)) {
goto ZK;
}
$VC = trim($TC);
$Lm = new JWTUtils($Oa);
$D3 = json_decode(file_get_contents($VC))->keys[0];
if ($Lm->verify_from_jwks($VC)) {
goto SD;
}
return $this->getResponse()->setBody("\111\156\x76\141\154\151\144\40\x73\151\x67\x6e\x61\x74\165\x72\x65\x20\162\145\x63\145\151\x76\145\144\x2e");
SD:
ZK:
$t9 = $RZ[1];
$t9 = (array) json_decode(base64_decode($t9));
$this->oauthUtility->log_debug("\122\x65\141\144\101\x75\164\x68\x6f\162\x69\x7a\x61\164\x69\157\156\122\145\163\x70\x6f\x6e\x73\x65\72\40\165\x73\x65\162\x49\156\x66\157\x52\145\163\160\157\x6e\163\145\x44\141\x74\x61" . json_encode($t9));
dq:
oS:
goto q0;
jF:
if (isset($KD["\145\x72\x72\157\162\x5f\144\x65\x73\x63\x72\x69\x70\164\x69\157\x6e"])) {
goto uO;
}
return $this->getResponse()->setBody("\x49\156\x76\141\x6c\x69\x64\40\x72\x65\163\160\x6f\x6e\163\x65\56\40\x50\x6c\x65\141\163\145\40\164\162\x79\x20\x61\147\x61\x69\156\x2e\174\115\60\60\x31\56\x20\125\163\145\162\x20\x49\156\x66\157\x20\122\145\x73\160\157\156\x63\145\40\x44\x61\164\141\40\x69\x73\x20\145\155\160\164\171\x2e");
goto WT;
uO:
return $this->getResponse()->setBody($KD["\x65\162\x72\157\162\137\144\145\163\x63\x72\x69\160\x74\x69\x6f\156"]);
WT:
q0:
if (!empty($t9)) {
goto vq;
}
return $this->getResponse()->setBody("\x49\156\166\141\x6c\151\x64\x20\x72\x65\x73\x70\x6f\156\x73\145\56\40\x50\x6c\145\141\163\145\40\164\x72\x79\x20\x61\147\x61\x69\156\56\x7c\x4d\60\60\x33\56\x20\x55\163\x65\162\x20\x49\x6e\x66\157\40\122\x65\163\x70\157\156\x63\145\x20\104\x61\164\x61\x20\x69\x73\40\x65\x6d\160\x74\x79\56");
vq:
$t9["\x72\x65\x6c\141\x79\123\164\141\x74\145"] = $this->setrelaystate;
$this->processResponseAction->setUserInfoResponse($t9)->execute();
}
public function setRequestParam($Lo)
{
$this->REQUEST = $Lo;
return $this;
}
public function setPostParam($post)
{
$this->POST = $post;
return $this;
}
public function verifySign($kV, $D3)
{
$this->oauthUtility->log_debug("\x52\x65\141\x64\101\x75\x74\x68\157\x72\x69\x7a\x61\x74\x69\x6f\x6e\122\145\x73\160\157\x6e\163\x65\x3a\x20\x69\x6e\163\151\x64\145\40\x76\x65\x72\x69\x66\171\x53\x69\147\x6e");
$p_ = new Crypt_RSA();
$p_->loadKey(["\x6e" => new Math_BigInteger($this->get_base64_from_url($D3->n), 256), "\x65" => new Math_BigInteger($this->get_base64_from_url($D3->e), 256)]);
$p_->setHash("\163\150\x61\x32\x35\66");
$p_->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
return $p_->verify($kV["\144\141\164\141"], $kV["\163\x69\x67\x6e"]) ? true : false;
}
public function get_base64_from_url($kg)
{
return base64_decode(str_replace(["\x2d", "\137"], ["\x2b", "\57"], $kg));
}
public function decodeJWT($f0)
{
$this->oauthUtility->log_debug("\x52\x65\x61\x64\x41\x75\164\150\x6f\162\151\172\x61\164\151\x6f\156\122\x65\163\x70\x6f\x6e\x73\145\x3a\x20\151\156\163\151\144\145\x20\x64\145\x63\157\x64\x65\x4a\x57\x54");
$hQ = explode("\56", $f0);
$r1 = json_decode($this->get_base64_from_url($hQ[0]));
$JV = json_decode($this->get_base64_from_url($hQ[1]));
$fT = $this->get_base64_from_url($hQ[2]);
return ["\150\145\141\x64\145\162" => $r1, "\x70\141\171\154\157\x61\144" => $JV, "\163\151\147\x6e" => $fT, "\x64\141\164\x61" => $hQ[0] . "\x2e" . $hQ[1]];
}
}
Function Calls
None |
Stats
MD5 | 7a8c3b5a430c55ea9628e68cd1754f76 |
Eval Count | 0 |
Decode Time | 92 ms |