WebSVN – LeadersLinked - Services – /module/LeadersLinked/src/Controller/AuthController.php

<?php

declare(strict_types=1);

namespace LeadersLinked\Controller;

use Nullix\CryptoJsAes\CryptoJsAes;
use GeoIp2\Database\Reader as GeoIp2Reader;

use Laminas\Authentication\AuthenticationService;
use Laminas\Authentication\Result as AuthResult;
use Laminas\Mvc\Controller\AbstractActionController;
use Laminas\View\Model\JsonModel;


use LeadersLinked\Form\Auth\SigninForm;
use LeadersLinked\Form\Auth\ResetPasswordForm;
use LeadersLinked\Form\Auth\ForgotPasswordForm;
use LeadersLinked\Form\Auth\SignupForm;

use LeadersLinked\Mapper\ConnectionMapper;
use LeadersLinked\Mapper\EmailTemplateMapper;
use LeadersLinked\Mapper\NetworkMapper;
use LeadersLinked\Mapper\UserMapper;

use LeadersLinked\Model\User;
use LeadersLinked\Model\UserType;
use LeadersLinked\Library\QueueEmail;
use LeadersLinked\Library\Functions;
use LeadersLinked\Model\EmailTemplate;
use LeadersLinked\Mapper\UserPasswordMapper;
use LeadersLinked\Model\UserBrowser;
use LeadersLinked\Mapper\UserBrowserMapper;
use LeadersLinked\Mapper\UserIpMapper;
use LeadersLinked\Model\UserIp;
use LeadersLinked\Form\Auth\MoodleForm;
use LeadersLinked\Library\Rsa;
use LeadersLinked\Library\Image;

use LeadersLinked\Authentication\AuthAdapter;
use LeadersLinked\Authentication\AuthEmailAdapter;

use LeadersLinked\Model\UserPassword;

use LeadersLinked\Model\Connection;
use LeadersLinked\Authentication\AuthImpersonateAdapter;
use LeadersLinked\Model\Network;
use LeadersLinked\Model\JwtToken;
use LeadersLinked\Mapper\JwtTokenMapper;
use Firebase\JWT\JWT;
use Firebase\JWT\Key;
use LeadersLinked\Form\Auth\SigninDebugForm;
use LeadersLinked\Library\ExternalCredentials;
use LeadersLinked\Library\Storage;



class AuthController extends AbstractActionController
{


    /**
     *
     * @var \Laminas\Db\Adapter\AdapterInterface
     */
    private $adapter;

    /**
     *
     * @var \LeadersLinked\Cache\CacheInterface
     */
    private $cache;


    /**
     *
     * @var \Laminas\Log\LoggerInterface
     */
    private $logger;

    /**
     *
     * @var array
     */
    private $config;


    /**
     *
     * @var \Laminas\Mvc\I18n\Translator
     */
    private $translator;


    /**
     *
     * @param \Laminas\Db\Adapter\AdapterInterface $adapter
     * @param \LeadersLinked\Cache\CacheInterface $cache
     * @param \Laminas\Log\LoggerInterface LoggerInterface $logger
     * @param array $config
     * @param \Laminas\Mvc\I18n\Translator $translator
     */
    public function __construct($adapter, $cache, $logger, $config, $translator)
    {
        $this->adapter      = $adapter;
        $this->cache        = $cache;
        $this->logger       = $logger;
        $this->config       = $config;
        $this->translator   = $translator;
    }

    public function signinAction()
    {
        $currentNetworkPlugin = $this->plugin('currentNetworkPlugin');
        $currentNetwork = $currentNetworkPlugin->getNetwork();

        $request = $this->getRequest();

        if ($request->isPost()) {
            $currentNetworkPlugin = $this->plugin('currentNetworkPlugin');
            $currentNetwork = $currentNetworkPlugin->getNetwork();

            $jwtToken = null;
            $headers = getallheaders();


            if (!empty($headers['authorization']) || !empty($headers['Authorization'])) {

                $token = trim(empty($headers['authorization']) ? $headers['Authorization'] : $headers['authorization']);


                if (substr($token, 0, 6) == 'Bearer') {

                    $token = trim(substr($token, 7));

                    if (!empty($this->config['leaderslinked.jwt.key'])) {
                        $key = $this->config['leaderslinked.jwt.key'];


                        try {
                            $payload = JWT::decode($token, new Key($key, 'HS256'));


                            if (empty($payload->iss) || $payload->iss != $_SERVER['HTTP_HOST']) {
                                return new JsonModel(['success' => false, 'data' => 'Unauthorized - JWT - Wrong server',  'fatal'  => true]);
                            }

                            $uuid = empty($payload->uuid) ? '' : $payload->uuid;
                            $jwtTokenMapper = JwtTokenMapper::getInstance($this->adapter);
                            $jwtToken = $jwtTokenMapper->fetchOneByUuid($uuid);
                            if (!$jwtToken) {
                                return new JsonModel(['success' => false, 'data' => 'Unauthorized - JWT - Expired',  'fatal'  => true]);
                            }
                        } catch (\Exception $e) {
                            return new JsonModel(['success' => false, 'data' => 'Unauthorized - JWT - Wrong key',  'fatal'  => true]);
                        }
                    } else {
                        return new JsonModel(['success' => false, 'data' => 'Unauthorized - JWT - SecreteKey required',  'fatal'  => true]);
                    }
                } else {
                    return new JsonModel(['success' => false, 'data' => 'Unauthorized - JWT - Bearer required',  'fatal'  => true]);
                }
            } else {
                return new JsonModel(['success' => false, 'data' => 'Unauthorized - JWT - Required',  'fatal'  => true]);
            }



            $form = new  SigninForm($this->config);
            $dataPost = $request->getPost()->toArray();

            if (empty($_SESSION['aes'])) {
                return new JsonModel([
                    'success'   => false,
                    'data'      => 'ERROR_WEBSERVICE_ENCRYPTION_KEYS_NOT_FOUND'
                ]);
            }


            $aes = $_SESSION['aes'];
            unset($_SESSION['aes']);

            if (!empty($dataPost['email'])) {
                $dataPost['email'] = CryptoJsAes::decrypt($dataPost['email'], $aes);
            }


            if (!empty($dataPost['password'])) {
                $dataPost['password'] = CryptoJsAes::decrypt($dataPost['password'], $aes);
            }


            $form->setData($dataPost);

            if ($form->isValid()) {

                $dataPost = (array) $form->getData();


                $email      = $dataPost['email'];
                $password   = $dataPost['password'];





                $authAdapter = new AuthAdapter($this->adapter, $this->logger);
                $authAdapter->setData($email, $password, $currentNetwork->id);
                $authService = new AuthenticationService();

                $result = $authService->authenticate($authAdapter);

                if ($result->getCode() == AuthResult::SUCCESS) {

                    $identity = $result->getIdentity();


                    $userMapper = UserMapper::getInstance($this->adapter);
                    $user = $userMapper->fetchOne($identity['user_id']);


                    if ($token) {
                        $jwtToken->user_id = $user->id;
                        $jwtTokenMapper = JwtTokenMapper::getInstance($this->adapter);
                        $jwtTokenMapper->update($jwtToken);
                    }


                    $navigator = get_browser(null, true);
                    $device_type    =  isset($navigator['device_type']) ? $navigator['device_type'] : '';
                    $platform       =  isset($navigator['platform']) ? $navigator['platform'] : '';
                    $browser        =  isset($navigator['browser']) ? $navigator['browser'] : '';


                    $istablet = isset($navigator['istablet']) ?  intval($navigator['istablet']) : 0;
                    $ismobiledevice = isset($navigator['ismobiledevice']) ? intval($navigator['ismobiledevice']) : 0;
                    $version = isset($navigator['version']) ? $navigator['version'] : '';


                    $userBrowserMapper = UserBrowserMapper::getInstance($this->adapter);
                    $userBrowser = $userBrowserMapper->fetch($user->id, $device_type, $platform, $browser);
                    if ($userBrowser) {
                        $userBrowserMapper->update($userBrowser);
                    } else {
                        $userBrowser = new UserBrowser();
                        $userBrowser->user_id           = $user->id;
                        $userBrowser->browser           = $browser;
                        $userBrowser->platform          = $platform;
                        $userBrowser->device_type       = $device_type;
                        $userBrowser->is_tablet         = $istablet;
                        $userBrowser->is_mobile_device  = $ismobiledevice;
                        $userBrowser->version           = $version;

                        $userBrowserMapper->insert($userBrowser);
                    }
                    //

                    $ip = Functions::getUserIP();
                    $ip = $ip == '127.0.0.1' ? '148.240.211.148' : $ip;

                    $userIpMapper = UserIpMapper::getInstance($this->adapter);
                    $userIp = $userIpMapper->fetch($user->id, $ip);
                    if (empty($userIp)) {

                        if ($this->config['leaderslinked.runmode.sandbox']) {
                            $filename = $this->config['leaderslinked.geoip2.production_database'];
                        } else {
                            $filename = $this->config['leaderslinked.geoip2.sandbox_database'];
                        }

                        $reader = new GeoIp2Reader($filename); //GeoIP2-City.mmdb');
                        $record = $reader->city($ip);
                        if ($record) {
                            $userIp = new UserIp();
                            $userIp->user_id = $user->id;
                            $userIp->city = !empty($record->city->name) ? Functions::utf8_decode($record->city->name) : '';
                            $userIp->state_code = !empty($record->mostSpecificSubdivision->isoCode) ? Functions::utf8_decode($record->mostSpecificSubdivision->isoCode) : '';
                            $userIp->state_name = !empty($record->mostSpecificSubdivision->name) ? Functions::utf8_decode($record->mostSpecificSubdivision->name) : '';
                            $userIp->country_code = !empty($record->country->isoCode) ? Functions::utf8_decode($record->country->isoCode) : '';
                            $userIp->country_name = !empty($record->country->name) ? Functions::utf8_decode($record->country->name) : '';
                            $userIp->ip = $ip;
                            $userIp->latitude = !empty($record->location->latitude) ? $record->location->latitude : 0;
                            $userIp->longitude = !empty($record->location->longitude) ? $record->location->longitude : 0;
                            $userIp->postal_code = !empty($record->postal->code) ? $record->postal->code : '';

                            $userIpMapper->insert($userIp);
                        }
                    } else {
                        $userIpMapper->update($userIp);
                    }

                    /*
                    if ($remember) {
                        $expired = time() + 365 * 24 * 60 * 60;

                        $cookieEmail = new SetCookie('email', $email, $expired);
                    } else {
                        $expired = time() - 7200;
                        $cookieEmail = new SetCookie('email', '', $expired);
                    }


                    $response = $this->getResponse();
                    $response->getHeaders()->addHeader($cookieEmail);
                    */





                    $this->logger->info('Ingreso a LeadersLiked', ['user_id' => $user->id, 'ip' => Functions::getUserIP()]);

                    $user_share_invitation = $this->cache->getItem('user_share_invitation');

                    $url =  $this->url()->fromRoute('dashboard');

                    if ($user_share_invitation && is_array($user_share_invitation)) {

                        $content_uuid = $user_share_invitation['code'];
                        $content_type = $user_share_invitation['type'];
                        $content_user = $user_share_invitation['user'];



                        $userRedirect = $userMapper->fetchOneByUuid($content_user);
                        if ($userRedirect && $userRedirect->status == User::STATUS_ACTIVE && $user->id != $userRedirect->id) {
                            $connectionMapper = ConnectionMapper::getInstance($this->adapter);
                            $connection = $connectionMapper->fetchOneByUserId1AndUserId2($user->id, $userRedirect->id);

                            if ($connection) {

                                if ($connection->status != Connection::STATUS_ACCEPTED) {
                                    $connectionMapper->approve($connection);
                                }
                            } else {
                                $connection = new Connection();
                                $connection->request_from = $user->id;
                                $connection->request_to = $userRedirect->id;
                                $connection->status = Connection::STATUS_ACCEPTED;

                                $connectionMapper->insert($connection);
                            }
                        }

                        if ($content_type == 'feed') {
                            $url = $this->url()->fromRoute('dashboard', ['feed' => $content_uuid]);
                        } else if ($content_type == 'post') {
                            $url = $this->url()->fromRoute('post', ['id' => $content_uuid]);
                        } else {
                            $url = $this->url()->fromRoute('dashboard');
                        }
                    }


                    $hostname = empty($_SERVER['HTTP_HOST']) ?  '' : $_SERVER['HTTP_HOST'];

                    $networkMapper = NetworkMapper::getInstance($this->adapter);
                    $network = $networkMapper->fetchOneByHostnameForFrontend($hostname);

                    if (!$network) {
                        $network = $networkMapper->fetchOneByDefault();
                    }

                    $hostname = trim($network->main_hostname);
                    $url = 'https://' . $hostname . $url;


                    $data = [
                        'redirect'  => $url,
                        'uuid'      => $user->uuid,
                    ];




                    if ($currentNetwork->xmpp_active) {
                        $externalCredentials = ExternalCredentials::getInstancia($this->config, $this->adapter);
                        $externalCredentials->getUserBy($user->id);


                        $data['xmpp_domain'] = $currentNetwork->xmpp_domain;
                        $data['xmpp_hostname'] = $currentNetwork->xmpp_hostname;
                        $data['xmpp_port'] = $currentNetwork->xmpp_port;
                        $data['xmpp_username'] = $externalCredentials->getUsernameXmpp();
                        $data['xmpp_pasword'] = $externalCredentials->getPasswordXmpp();
                        $data['inmail_username'] = $externalCredentials->getUsernameInmail();
                        $data['inmail_pasword'] = $externalCredentials->getPasswordInmail();
                    }

                    $data = [
                        'success'   => true,
                        'data'      => $data
                    ];


                    $this->cache->removeItem('user_share_invitation');
                } else {

                    $message = $result->getMessages()[0];
                    if (!in_array($message, [
                        'ERROR_USER_NOT_FOUND',
                        'ERROR_USER_EMAIL_HASNT_BEEN_VARIFIED',
                        'ERROR_USER_IS_BLOCKED',
                        'ERROR_USER_IS_INACTIVE',
                        'ERROR_ENTERED_PASS_INCORRECT_USER_IS_BLOCKED',
                        'ERROR_ENTERED_PASS_INCORRECT_2',
                        'ERROR_ENTERED_PASS_INCORRECT_1',
                        'ERROR_USER_REQUEST_ACCESS_IS_PENDING',
                        'ERROR_USER_REQUEST_ACCESS_IS_REJECTED'


                    ])) {
                    }

                    switch ($message) {
                        case 'ERROR_USER_NOT_FOUND':
                            $this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - Email no existe', ['ip' => Functions::getUserIP()]);
                            break;

                        case 'ERROR_USER_EMAIL_HASNT_BEEN_VARIFIED':
                            $this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - Email no verificado', ['ip' => Functions::getUserIP()]);
                            break;

                        case 'ERROR_USER_IS_BLOCKED':
                            $this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - Usuario bloqueado', ['ip' => Functions::getUserIP()]);
                            break;

                        case 'ERROR_USER_IS_INACTIVE':
                            $this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - Usuario inactivo', ['ip' => Functions::getUserIP()]);
                            break;


                        case 'ERROR_ENTERED_PASS_INCORRECT_USER_IS_BLOCKED':
                            $this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - 3er Intento Usuario bloqueado', ['ip' => Functions::getUserIP()]);
                            break;


                        case 'ERROR_ENTERED_PASS_INCORRECT_2':
                            $this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - 1er Intento', ['ip' => Functions::getUserIP()]);
                            break;


                        case 'ERROR_ENTERED_PASS_INCORRECT_1':
                            $this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - 2do Intento', ['ip' => Functions::getUserIP()]);
                            break;


                        case 'ERROR_USER_REQUEST_ACCESS_IS_PENDING':
                            $this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - Falta verificar que pertence a la Red Privada', ['ip' => Functions::getUserIP()]);
                            break;

                        case  'ERROR_USER_REQUEST_ACCESS_IS_REJECTED':
                            $this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - Rechazado por no pertence a la Red Privada', ['ip' => Functions::getUserIP()]);
                            break;


                        default:
                            $message = 'ERROR_UNKNOWN';
                            $this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - Error desconocido', ['ip' => Functions::getUserIP()]);
                            break;
                    }




                    $data = [
                        'success'   => false,
                        'data'   => $message
                    ];
                }

                return new JsonModel($data);
            } else {
                $messages = [];



                $form_messages = (array) $form->getMessages();
                foreach ($form_messages  as $fieldname => $field_messages) {

                    $messages[$fieldname] = array_values($field_messages);
                }

                return new JsonModel([
                    'success'   => false,
                    'data'   => $messages
                ]);
            }
        } else if ($request->isGet()) {

            $aes = '';
            $jwtToken = null;
            $headers = getallheaders();


            if (!empty($headers['authorization']) || !empty($headers['Authorization'])) {

                $token = trim(empty($headers['authorization']) ? $headers['Authorization'] : $headers['authorization']);


                if (substr($token, 0, 6) == 'Bearer') {

                    $token = trim(substr($token, 7));

                    if (!empty($this->config['leaderslinked.jwt.key'])) {
                        $key = $this->config['leaderslinked.jwt.key'];


                        try {
                            $payload = JWT::decode($token, new Key($key, 'HS256'));


                            if (empty($payload->iss) || $payload->iss != $_SERVER['HTTP_HOST']) {
                                return new JsonModel(['success' => false, 'data' => 'Unauthorized - JWT - Wrong server',  'fatal'  => true]);
                            }

                            $uuid = empty($payload->uuid) ? '' : $payload->uuid;
                            $jwtTokenMapper = JwtTokenMapper::getInstance($this->adapter);
                            $jwtToken = $jwtTokenMapper->fetchOneByUuid($uuid);
                        } catch (\Exception $e) {
                            //Token invalido
                        }
                    }
                }
            }

            if (!$jwtToken) {

                $aes = Functions::generatePassword(16);

                $jwtToken = new JwtToken();
                $jwtToken->aes = $aes;

                $jwtTokenMapper = JwtTokenMapper::getInstance($this->adapter);
                if ($jwtTokenMapper->insert($jwtToken)) {
                    $jwtToken = $jwtTokenMapper->fetchOne($jwtToken->id);
                }

                $token = '';

                if (!empty($this->config['leaderslinked.jwt.key'])) {
                    $issuedAt   = new \DateTimeImmutable();
                    $expire     = $issuedAt->modify('+365 days')->getTimestamp();
                    $serverName = $_SERVER['HTTP_HOST'];
                    $payload = [
                        'iat'  => $issuedAt->getTimestamp(),
                        'iss'  => $serverName,
                        'nbf'  => $issuedAt->getTimestamp(),
                        'exp'  => $expire,
                        'uuid' => $jwtToken->uuid,
                    ];


                    $key = $this->config['leaderslinked.jwt.key'];
                    $token = JWT::encode($payload, $key, 'HS256');
                }
            } else {
                if (!$jwtToken->user_id) {
                    $aes = Functions::generatePassword(16);
                    $jwtToken->aes = $aes;
                    $jwtTokenMapper->update($jwtToken);
                }
            }







            if ($this->config['leaderslinked.runmode.sandbox']) {
                $site_key      = $this->config['leaderslinked.google_captcha.sandbox_site_key'];
            } else {
                $site_key      = $this->config['leaderslinked.google_captcha.production_site_key'];
            }


            $access_usign_social_networks = $this->config['leaderslinked.runmode.access_usign_social_networks'];

            $sandbox = $this->config['leaderslinked.runmode.sandbox'];
            if ($sandbox) {
                $google_map_key  = $this->config['leaderslinked.google_map.sandbox_api_key'];
            } else {
                $google_map_key  = $this->config['leaderslinked.google_map.production_api_key'];
            }


            $parts = explode('.', $currentNetwork->main_hostname);
            if ($parts[1] === 'com') {
                $replace_main = false;
            } else {
                $replace_main = true;
            }


            $storage = Storage::getInstance($this->config, $this->adapter);
            $path = $storage->getPathNetwork();

            if ($currentNetwork->logo) {
                $logo_url = $storage->getGenericImage($path, $currentNetwork->uuid, $currentNetwork->logo);
            } else {
                $logo_url = '';
            }

            if ($currentNetwork->navbar) {
                $navbar_url = $storage->getGenericImage($path, $currentNetwork->uuid, $currentNetwork->navbar);
            } else {
                $navbar_url = '';
            }

            if ($currentNetwork->favico) {
                $favico_url = $storage->getGenericImage($path, $currentNetwork->uuid, $currentNetwork->favico);
            } else {
                $favico_url = '';
            }




            $data = [
                'google_map_key'                => $google_map_key,
                'email'                         => '',
                'remember'                      => false,
                'site_key'                      => $site_key,
                'theme_id'                      => $currentNetwork->theme_id,
                'aes'                           => $aes,
                'jwt'                           => $token,
                'defaultNetwork'                => $currentNetwork->default,
                'access_usign_social_networks'  => $access_usign_social_networks && $currentNetwork->default == Network::DEFAULT_YES ? 'y' : 'n',
                'logo_url'                      => $logo_url,
                'navbar_url'                    => $navbar_url,
                'favico_url'                    => $favico_url,
                'intro'                         => $currentNetwork->intro ? $currentNetwork->intro : '',
                'is_logged_in'                  => $jwtToken->user_id ? true : false,

            ];

            if ($currentNetwork->default == Network::DEFAULT_YES) {



                $currentUserPlugin = $this->plugin('currentUserPlugin');
                if ($currentUserPlugin->hasIdentity()) {


                    $externalCredentials = ExternalCredentials::getInstancia($this->config, $this->adapter);
                    $externalCredentials->getUserBy($currentUserPlugin->getUserId());


                    if ($currentNetwork->xmpp_active) {
                        $data['xmpp_domain']      = $currentNetwork->xmpp_domain;
                        $data['xmpp_hostname']    = $currentNetwork->xmpp_hostname;
                        $data['xmpp_port']        = $currentNetwork->xmpp_port;
                        $data['xmpp_username']    = $externalCredentials->getUsernameXmpp();
                        $data['xmpp_password']    = $externalCredentials->getPasswordXmpp();
                        $data['inmail_username']    = $externalCredentials->getUsernameInmail();
                        $data['inmail_password']    = $externalCredentials->getPasswordInmail();
                    }
                }
            }

            $data = [
                'success' => true,
                'data' =>  $data
            ];
        } else {
            $data = [
                'success' => false,
                'data' => 'ERROR_METHOD_NOT_ALLOWED'
            ];

            return new JsonModel($data);
        }

        return new JsonModel($data);
    }

    public function facebookAction()
    {

        $request = $this->getRequest();
        if ($request->isGet()) {
            /*
          //  try {
                $app_id = $this->config['leaderslinked.facebook.app_id'];
                $app_password = $this->config['leaderslinked.facebook.app_password'];
                $app_graph_version = $this->config['leaderslinked.facebook.app_graph_version'];
                //$app_url_auth = $this->config['leaderslinked.facebook.app_url_auth'];
                //$redirect_url = $this->config['leaderslinked.facebook.app_redirect_url'];
                
                [facebook]
                app_id=343770226993130
                app_password=028ee729090fd591e50a17a786666c12
                app_graph_version=v17
                app_redirect_url=https://leaderslinked.com/oauth/facebook
                
                https://www.facebook.com/v17.0/dialog/oauth?client_id=343770226993130&redirect_uri= https://dev.leaderslinked.com/oauth/facebook&state=AE12345678
                

                $s = 'https://www.facebook.com/v17.0/dialog/oauth' . 
                    '?client_id=' 
                    '&redirect_uri={"https://www.domain.com/login"}
                    '&state={"{st=state123abc,ds=123456789}"}

                $fb = new \Facebook\Facebook([
                    'app_id' => $app_id,
                    'app_secret' => $app_password,
                    'default_graph_version' => $app_graph_version,
                ]);
                
                $app_url_auth =  $this->url()->fromRoute('oauth/facebook', [], ['force_canonical' => true]);
                $helper = $fb->getRedirectLoginHelper();
                $permissions = ['email', 'public_profile']; // Optional permissions
                $facebookUrl = $helper->getLoginUrl($app_url_auth, $permissions);
                
                
                
                return new JsonModel([
                    'success' => false,
                    'data' => $facebookUrl
                ]);
            } catch (\Throwable $e) {
                return new JsonModel([
                    'success' => false,
                    'data' =>  'ERROR_WE_COULD_NOT_CONNECT_TO_FACEBOOK'
                ]);
            }*/
        } else {
            return new JsonModel([
                'success' => false,
                'data' => 'ERROR_METHOD_NOT_ALLOWED'
            ]);
        }
    }

    public function twitterAction()
    {
        $request = $this->getRequest();
        if ($request->isGet()) {

            try {
                if ($this->config['leaderslinked.runmode.sandbox']) {

                    $twitter_api_key = $this->config['leaderslinked.twitter.sandbox_api_key'];
                    $twitter_api_secret = $this->config['leaderslinked.twitter.sandbox_api_secret'];
                } else {
                    $twitter_api_key = $this->config['leaderslinked.twitter.production_api_key'];
                    $twitter_api_secret = $this->config['leaderslinked.twitter.production_api_secret'];
                }

                /*
                 echo '$twitter_api_key = ' . $twitter_api_key . PHP_EOL;
                 echo '$twitter_api_secret = ' . $twitter_api_secret . PHP_EOL;
                 exit;
                 */

                //Twitter
                //$redirect_url =  $this->url()->fromRoute('oauth/twitter', [], ['force_canonical' => true]);
                $redirect_url = $this->config['leaderslinked.twitter.app_redirect_url'];
                $twitter = new \Abraham\TwitterOAuth\TwitterOAuth($twitter_api_key, $twitter_api_secret);
                $request_token =  $twitter->oauth('oauth/request_token', ['oauth_callback' => $redirect_url]);
                $twitterUrl = $twitter->url('oauth/authorize', ['oauth_token' => $request_token['oauth_token']]);

                $twitterSession = new \Laminas\Session\Container('twitter');
                $twitterSession->oauth_token = $request_token['oauth_token'];
                $twitterSession->oauth_token_secret = $request_token['oauth_token_secret'];

                return new JsonModel([
                    'success' => true,
                    'data' =>  $twitterUrl
                ]);
            } catch (\Throwable $e) {
                return new JsonModel([
                    'success' => false,
                    'data' =>  'ERROR_WE_COULD_NOT_CONNECT_TO_TWITTER'
                ]);
            }
        } else {
            return new JsonModel([
                'success' => false,
                'data' => 'ERROR_METHOD_NOT_ALLOWED'
            ]);
        }
    }

    public function googleAction()
    {
        $request = $this->getRequest();
        if ($request->isGet()) {

            try {


                //Google
                $google = new \Google_Client();
                $google->setAuthConfig('data/google/auth-leaderslinked/apps.google.com_secreto_cliente.json');
                $google->setAccessType("offline");        // offline access

                $google->setIncludeGrantedScopes(true);   // incremental auth

                $google->addScope('profile');
                $google->addScope('email');

                // $redirect_url =  $this->url()->fromRoute('oauth/google', [], ['force_canonical' => true]);
                $redirect_url = $this->config['leaderslinked.google_auth.app_redirect_url'];

                $google->setRedirectUri($redirect_url);
                $googleUrl = $google->createAuthUrl();

                return new JsonModel([
                    'success' => true,
                    'data' =>  $googleUrl
                ]);
            } catch (\Throwable $e) {
                return new JsonModel([
                    'success' => false,
                    'data' =>  'ERROR_WE_COULD_NOT_CONNECT_TO_GOOGLE'
                ]);
            }
        } else {
            return new JsonModel([
                'success' => false,
                'data' => 'ERROR_METHOD_NOT_ALLOWED'
            ]);
        }
    }

    public function signoutAction()
    {
        $currentUserPlugin = $this->plugin('currentUserPlugin');
        $currentUser = $currentUserPlugin->getRawUser();
        if ($currentUserPlugin->hasImpersonate()) {


            $userMapper = UserMapper::getInstance($this->adapter);
            $userMapper->leaveImpersonate($currentUser->id);

            $networkMapper = NetworkMapper::getInstance($this->adapter);
            $network = $networkMapper->fetchOne($currentUser->network_id);


            if (!$currentUser->one_time_password) {
                $one_time_password = Functions::generatePassword(25);

                $currentUser->one_time_password = $one_time_password;

                $userMapper = UserMapper::getInstance($this->adapter);
                $userMapper->updateOneTimePassword($currentUser, $one_time_password);
            }


            $sandbox = $this->config['leaderslinked.runmode.sandbox'];
            if ($sandbox) {
                $salt = $this->config['leaderslinked.backend.sandbox_salt'];
            } else {
                $salt = $this->config['leaderslinked.backend.production_salt'];
            }

            $rand = 1000 + mt_rand(1, 999);
            $timestamp = time();
            $password = md5($currentUser->one_time_password . '-' . $rand . '-' . $timestamp . '-' . $salt);

            $params = [
                'user_uuid' => $currentUser->uuid,
                'password' => $password,
                'rand' => $rand,
                'time' => $timestamp,
            ];

            $currentUserPlugin->clearIdentity();

            return new JsonModel([
                'success'   => true,
                'data'      => [
                    'message' => 'LABEL_SIGNOUT_SUCCESSFULLY',
                    'url' => 'https://' . $network->main_hostname . '/signin/impersonate' . '?' . http_build_query($params)
                ],

            ]);


            // $url = 'https://' . $network->main_hostname . '/signin/impersonate' . '?' . http_build_query($params);
            // return $this->redirect()->toUrl($url);
        } else {


            if ($currentUserPlugin->hasIdentity()) {

                $this->logger->info('Desconexión de LeadersLinked', ['user_id' => $currentUserPlugin->getUserId(), 'ip' => Functions::getUserIP()]);
            }

            $currentUserPlugin->clearIdentity();

            // return $this->redirect()->toRoute('home');

            return new JsonModel([
                'success'   => true,
                'data'      => [
                    'message' => 'LABEL_SIGNOUT_SUCCESSFULLY',
                    'url' => '',
                ],

            ]);
        }
    }


    public function resetPasswordAction()
    {
        $currentNetworkPlugin = $this->plugin('currentNetworkPlugin');
        $currentNetwork  = $currentNetworkPlugin->getNetwork();


        $code =  Functions::sanitizeFilterString($this->params()->fromRoute('code', ''));

        $userMapper = UserMapper::getInstance($this->adapter);
        $user = $userMapper->fetchOneByPasswordResetKeyAndNetworkId($code, $currentNetwork->id);
        if (!$user) {
            $this->logger->err('Restablecer contraseña - Error código no existe', ['ip' => Functions::getUserIP()]);

            return new JsonModel([
                'success'   => false,
                'data'      => 'ERROR_PASSWORD_RECOVER_CODE_IS_INVALID'
            ]);
        }



        $password_generated_on = strtotime($user->password_generated_on);
        $expiry_time = $password_generated_on + $this->config['leaderslinked.security.reset_password_expired'];
        if (time() > $expiry_time) {
            $this->logger->err('Restablecer contraseña - Error código expirado', ['ip' => Functions::getUserIP()]);

            return new JsonModel([
                'success'   => false,
                'data'      => 'ERROR_PASSWORD_RECOVER_CODE_HAS_EXPIRED'
            ]);
        }

        $request = $this->getRequest();
        if ($request->isPost()) {
            $dataPost = $request->getPost()->toArray();
            if (empty($_SESSION['aes'])) {
                return new JsonModel([
                    'success'   => false,
                    'data'      => 'ERROR_WEBSERVICE_ENCRYPTION_KEYS_NOT_FOUND'
                ]);
            }

            if (!empty($dataPost['password'])) {
                $dataPost['password'] = CryptoJsAes::decrypt($dataPost['password'], $_SESSION['aes']);
            }
            if (!empty($dataPost['confirmation'])) {
                $dataPost['confirmation'] = CryptoJsAes::decrypt($dataPost['confirmation'], $_SESSION['aes']);
            }



            $form = new ResetPasswordForm($this->config);
            $form->setData($dataPost);

            if ($form->isValid()) {
                $data = (array) $form->getData();
                $password = $data['password'];


                $userPasswordMapper = UserPasswordMapper::getInstance($this->adapter);
                $userPasswords = $userPasswordMapper->fetchAllByUserId($user->id);

                $oldPassword = false;
                foreach ($userPasswords as $userPassword) {
                    if (password_verify($password, $userPassword->password) || (md5($password) == $userPassword->password)) {
                        $oldPassword = true;
                        break;
                    }
                }

                if ($oldPassword) {
                    $this->logger->err('Restablecer contraseña - Error contraseña ya utilizada anteriormente', ['user_id' => $user->id, 'ip' => Functions::getUserIP()]);

                    return new JsonModel([
                        'success'   => false,
                        'data'      => 'ERROR_PASSWORD_HAS_ALREADY_BEEN_USED'

                    ]);
                } else {
                    $password_hash = password_hash($password, PASSWORD_DEFAULT);


                    $result = $userMapper->updatePassword($user, $password_hash);
                    if ($result) {

                        $userPassword = new UserPassword();
                        $userPassword->user_id = $user->id;
                        $userPassword->password = $password_hash;
                        $userPasswordMapper->insert($userPassword);


                        $this->logger->info('Restablecer contraseña realizado', ['user_id' => $user->id, 'ip' => Functions::getUserIP()]);



                        return new JsonModel([
                            'success'   => true,
                            'data'      => 'LABEL_YOUR_PASSWORD_HAS_BEEN_UPDATED'

                        ]);
                    } else {
                        $this->logger->err('Restablecer contraseña - Error desconocido', ['user_id' => $user->id, 'ip' => Functions::getUserIP()]);

                        return new JsonModel([
                            'success'   => false,
                            'data'      => 'ERROR_THERE_WAS_AN_ERROR'

                        ]);
                    }
                }
            } else {
                $form_messages =  $form->getMessages('captcha');
                if (!empty($form_messages)) {
                    return new JsonModel([
                        'success'   => false,
                        'data'      => 'ERROR_RECAPTCHA_EMPTY'
                    ]);
                }

                $messages = [];

                $form_messages = (array) $form->getMessages();
                foreach ($form_messages  as $fieldname => $field_messages) {
                    $messages[$fieldname] = array_values($field_messages);
                }

                return new JsonModel([
                    'success'   => false,
                    'data'   => $messages
                ]);
            }
        } else if ($request->isGet()) {

            if (empty($_SESSION['aes'])) {
                $_SESSION['aes'] = Functions::generatePassword(16);
            }

            if ($this->config['leaderslinked.runmode.sandbox']) {
                $site_key      = $this->config['leaderslinked.google_captcha.sandbox_site_key'];
            } else {
                $site_key      = $this->config['leaderslinked.google_captcha.production_site_key'];
            }


            return new JsonModel([
                'code' => $code,
                'site_key' => $site_key,
                'aes'       => $_SESSION['aes'],
                'defaultNetwork' => $currentNetwork->default,
            ]);
        }



        return new JsonModel([
            'success' => false,
            'data' => 'ERROR_METHOD_NOT_ALLOWED'
        ]);
    }

    public function forgotPasswordAction()
    {
        // Obtiene el plugin de la red actual.
        $currentNetworkPlugin = $this->plugin('currentNetworkPlugin');
        // Obtiene la información de la red actual.
        $currentNetwork  = $currentNetworkPlugin->getNetwork();



        // Obtiene la petición HTTP actual.
        $request = $this->getRequest();
        // Verifica si la petición es de tipo POST.
        if ($request->isPost()) {
            // Obtiene los datos enviados por POST y los convierte a un array.
            $dataPost = $request->getPost()->toArray();
            // Verifica si la clave AES no está presente en la sesión.
            if (empty($_SESSION['aes'])) {
                // Retorna un error si no se encuentran las claves de encriptación.
                return new JsonModel([
                    'success'   => false,
                    'data'      => 'ERROR_WEBSERVICE_ENCRYPTION_KEYS_NOT_FOUND'
                ]);
            }

            // Verifica si el campo 'email' no está vacío en los datos POST.
            if (!empty($dataPost['email'])) {
                // Desencripta el email utilizando la clave AES de la sesión.
                $dataPost['email'] = CryptoJsAes::decrypt($dataPost['email'], $_SESSION['aes']);
            }

            // Crea una nueva instancia del formulario ForgotPasswordForm, pasando la configuración.
            $form = new ForgotPasswordForm($this->config);
            // Establece los datos del POST en el formulario.
            $form->setData($dataPost);

            // Verifica si el formulario es válido.
            if ($form->isValid()) {
                // Obtiene los datos validados del formulario como un array.
                $dataPost = (array) $form->getData();
                // Extrae el email de los datos del formulario.
                $email      = $dataPost['email'];

                // Obtiene una instancia del UserMapper.
                $userMapper = UserMapper::getInstance($this->adapter);
                // Busca un usuario por email y ID de red.
                $user = $userMapper->fetchOneByEmailAndNetworkId($email, $currentNetwork->id);
                // Verifica si no se encontró ningún usuario.
                if (!$user) {
                    // Registra un error si el email no existe.
                    $this->logger->err('Olvidó contraseña ' . $email . '- Email no existe ', ['ip' => Functions::getUserIP()]);

                    // Retorna un error indicando que el email no está registrado.
                    return new JsonModel([
                        'success' => false,
                        'data' =>  'ERROR_EMAIL_IS_NOT_REGISTERED'
                    ]);
                } else {
                    // Verifica si el estado del usuario es inactivo.
                    if ($user->status == User::STATUS_INACTIVE) {
                        // Retorna un error indicando que el usuario está inactivo.
                        return new JsonModel([
                            'success' => false,
                            'data' =>  'ERROR_USER_IS_INACTIVE'
                        ]);
                        // Verifica si el email del usuario no ha sido verificado.
                    } else if ($user->email_verified == User::EMAIL_VERIFIED_NO) {
                        // Registra un error si el email no ha sido verificado.
                        $this->logger->err('Olvidó contraseña - Email no verificado ', ['user_id' => $user->id, 'ip' => Functions::getUserIP()]);

                        // Retorna un error indicando que el email no ha sido verificado.
                        return new JsonModel([
                            'success' => false,
                            'data' => 'ERROR_EMAIL_HAS_NOT_BEEN_VERIFIED'
                        ]);
                    } else {
                        // Genera una clave de reseteo de contraseña utilizando el email del usuario y el timestamp actual.
                        $password_reset_key = md5($user->email . time());
                        // Actualiza la clave de reseteo de contraseña del usuario en la base de datos.
                        $userMapper->updatePasswordResetKey((int) $user->id, $password_reset_key);

                        // Obtiene una instancia del EmailTemplateMapper.
                        $emailTemplateMapper = EmailTemplateMapper::getInstance($this->adapter);
                        // Busca una plantilla de email por código y ID de red.
                        $emailTemplate = $emailTemplateMapper->fetchOneByCodeAndNetworkId(EmailTemplate::CODE_RESET_PASSWORD, $currentNetwork->id);
                        // Verifica si se encontró la plantilla de email.
                        if ($emailTemplate) {
                            // Prepara los datos para la plantilla de email.
                            $arrayCont = [
                                'firstname'             => $user->first_name,
                                'lastname'              => $user->last_name,
                                'other_user_firstname'  => '',
                                'other_user_lastname'   => '',
                                'company_name'          => '',
                                'group_name'            => '',
                                'content'               => '',
                                'code'                  => '',
                                // Genera el enlace para resetear la contraseña.
                                'link'                  => $this->url()->fromRoute('reset-password', ['code' => $password_reset_key], ['force_canonical' => true])
                            ];

                            // Crea una nueva instancia de QueueEmail.
                            $email = new QueueEmail($this->adapter);
                            // Procesa y envía el email utilizando la plantilla y los datos preparados.
                            $email->processEmailTemplate($emailTemplate, $arrayCont, $user->email, trim($user->first_name . ' ' . $user->last_name));
                        }

                        // Registra una información indicando que se envió el link de recuperación.
                        $this->logger->info('Olvidó contraseña - Se envio link de recuperación ', ['user_id' => $user->id, 'ip' => Functions::getUserIP()]);

                        // Retorna una respuesta exitosa indicando que el link de recuperación fue enviado.
                        return new JsonModel([
                            'success' => true,
                            'data' => 'LABEL_RECOVERY_LINK_WAS_SENT_TO_YOUR_EMAIL'
                        ]);
                    }
                }
            } else {

                // Obtiene los mensajes de error del campo 'captcha' del formulario.
                $form_messages =  $form->getMessages('captcha');


                // Verifica si hay mensajes de error para el captcha.
                if (!empty($form_messages)) {
                    // Retorna un error indicando que el reCAPTCHA está vacío o es inválido.
                    return new JsonModel([
                        'success'   => false,
                        'data'      => 'ERROR_RECAPTCHA_EMPTY'
                    ]);
                }

                // Inicializa un array para almacenar los mensajes de error del formulario.
                $messages = [];
                // Obtiene todos los mensajes de error del formulario como un array.
                $form_messages = (array) $form->getMessages();
                // Itera sobre los mensajes de error del formulario.
                foreach ($form_messages  as $fieldname => $field_messages) {
                    // Agrupa los mensajes de error por nombre de campo.
                    $messages[$fieldname] = array_values($field_messages);
                }

                // Retorna una respuesta de error con los mensajes del formulario.
                return new JsonModel([
                    'success'   => false,
                    'data'      => $messages
                ]);
            }
            // Verifica si la petición es de tipo GET.
        } else  if ($request->isGet()) {

            // Verifica si la clave AES no está presente en la sesión.
            if (empty($_SESSION['aes'])) {
                // Genera una nueva clave AES y la guarda en la sesión.
                $_SESSION['aes'] = Functions::generatePassword(16);
            }

            // Verifica si el entorno es sandbox.
            if ($this->config['leaderslinked.runmode.sandbox']) {
                // Obtiene la clave del sitio de Google reCAPTCHA para sandbox.
                $site_key      = $this->config['leaderslinked.google_captcha.sandbox_site_key'];
            } else {
                // Obtiene la clave del sitio de Google reCAPTCHA para producción.
                $site_key      = $this->config['leaderslinked.google_captcha.production_site_key'];
            }

            // Retorna los datos necesarios para el frontend (clave del sitio, clave AES y si es la red por defecto).
            return new JsonModel([
                'site_key'  => $site_key,
                'aes'       => $_SESSION['aes'],
                'defaultNetwork' => $currentNetwork->default,
            ]);
        }

        // Retorna un error si el método HTTP no está permitido (ni POST ni GET).
        return new JsonModel([
            'success' => false,
            'data' => 'ERROR_METHOD_NOT_ALLOWED'
        ]);
    }

    public function signupAction()
    {
        $currentNetworkPlugin = $this->plugin('currentNetworkPlugin');
        $currentNetwork  = $currentNetworkPlugin->getNetwork();


        $request = $this->getRequest();
        if ($request->isPost()) {
            $dataPost = $request->getPost()->toArray();

            if (empty($_SESSION['aes'])) {
                return new JsonModel([
                    'success'   => false,
                    'data'      => 'ERROR_WEBSERVICE_ENCRYPTION_KEYS_NOT_FOUND'
                ]);
            }

            if (!empty($dataPost['email'])) {
                $dataPost['email'] = CryptoJsAes::decrypt($dataPost['email'], $_SESSION['aes']);
            }

            if (!empty($dataPost['password'])) {
                $dataPost['password'] = CryptoJsAes::decrypt($dataPost['password'], $_SESSION['aes']);
            }

            if (!empty($dataPost['confirmation'])) {
                $dataPost['confirmation'] = CryptoJsAes::decrypt($dataPost['confirmation'], $_SESSION['aes']);
            }

            if (empty($dataPost['is_adult'])) {
                $dataPost['is_adult'] = User::IS_ADULT_NO;
            } else {
                $dataPost['is_adult'] = $dataPost['is_adult'] == User::IS_ADULT_YES ? User::IS_ADULT_YES : User::IS_ADULT_NO;
            }



            $form = new SignupForm($this->config);
            $form->setData($dataPost);

            if ($form->isValid()) {
                $dataPost = (array) $form->getData();

                $email = $dataPost['email'];

                $userMapper = UserMapper::getInstance($this->adapter);
                $user = $userMapper->fetchOneByEmailAndNetworkId($email, $currentNetwork->id);
                if ($user) {
                    $this->logger->err('Registro ' . $email . '- Email ya  existe ', ['ip' => Functions::getUserIP()]);



                    return new JsonModel([
                        'success' => false,
                        'data' => 'ERROR_EMAIL_IS_REGISTERED'
                    ]);
                } else {

                    $user_share_invitation = $this->cache->getItem('user_share_invitation');


                    if ($user_share_invitation && is_array($user_share_invitation)) {

                        $content_uuid = $user_share_invitation['code'];
                        $content_type = $user_share_invitation['type'];
                        $content_user = $user_share_invitation['user'];


                        $userRedirect = $userMapper->fetchOneByUuid($content_user);
                        if ($userRedirect && $userRedirect->status == User::STATUS_ACTIVE) {
                            $password_hash = password_hash($dataPost['password'], PASSWORD_DEFAULT);

                            $user = new User();
                            $user->network_id           = $currentNetwork->id;
                            $user->email                = $dataPost['email'];
                            $user->first_name           = $dataPost['first_name'];
                            $user->last_name            = $dataPost['last_name'];
                            $user->timezone             = $dataPost['timezone'];
                            $user->usertype_id          = UserType::USER;
                            $user->password             = $password_hash;
                            $user->password_updated_on  = date('Y-m-d H:i:s');
                            $user->status               = User::STATUS_ACTIVE;
                            $user->blocked              = User::BLOCKED_NO;
                            $user->email_verified       = User::EMAIL_VERIFIED_YES;
                            $user->login_attempt        = 0;
                            $user->is_adult             = $dataPost['is_adult'];
                            $user->request_access       = User::REQUEST_ACCESS_APPROVED;





                            if ($userMapper->insert($user)) {

                                $userPassword = new UserPassword();
                                $userPassword->user_id = $user->id;
                                $userPassword->password = $password_hash;

                                $userPasswordMapper = UserPasswordMapper::getInstance($this->adapter);
                                $userPasswordMapper->insert($userPassword);


                                $connectionMapper = ConnectionMapper::getInstance($this->adapter);
                                $connection = $connectionMapper->fetchOneByUserId1AndUserId2($user->id, $userRedirect->id);

                                if ($connection) {

                                    if ($connection->status != Connection::STATUS_ACCEPTED) {
                                        $connectionMapper->approve($connection);
                                    }
                                } else {
                                    $connection = new Connection();
                                    $connection->request_from = $user->id;
                                    $connection->request_to = $userRedirect->id;
                                    $connection->status = Connection::STATUS_ACCEPTED;

                                    $connectionMapper->insert($connection);
                                }


                                $this->cache->removeItem('user_share_invitation');



                                if ($content_type == 'feed') {
                                    $url = $this->url()->fromRoute('dashboard', ['feed' => $content_uuid]);
                                } else if ($content_type == 'post') {
                                    $url = $this->url()->fromRoute('post', ['id' => $content_uuid]);
                                } else {
                                    $url = $this->url()->fromRoute('dashboard');
                                }

                                $hostname = empty($_SERVER['HTTP_HOST']) ?  '' : $_SERVER['HTTP_HOST'];

                                $networkMapper = NetworkMapper::getInstance($this->adapter);
                                $network = $networkMapper->fetchOneByHostnameForFrontend($hostname);

                                if (!$network) {
                                    $network = $networkMapper->fetchOneByDefault();
                                }

                                $hostname = trim($network->main_hostname);
                                $url = 'https://' . $hostname . $url;


                                $data = [
                                    'success'   => true,
                                    'data'      => $url
                                ];


                                $this->logger->info('Registro con Exito ', ['user_id' => $user->id, 'ip' => Functions::getUserIP()]);

                                return new JsonModel($data);
                            }
                        }
                    }




                    $timestamp = time();
                    $activation_key = sha1($dataPost['email'] . uniqid() . $timestamp);

                    $password_hash = password_hash($dataPost['password'], PASSWORD_DEFAULT);

                    $user = new User();
                    $user->network_id           = $currentNetwork->id;
                    $user->email                = $dataPost['email'];
                    $user->first_name           = $dataPost['first_name'];
                    $user->last_name            = $dataPost['last_name'];
                    $user->usertype_id          = UserType::USER;
                    $user->password             = $password_hash;
                    $user->password_updated_on  = date('Y-m-d H:i:s');
                    $user->activation_key       = $activation_key;
                    $user->status               = User::STATUS_INACTIVE;
                    $user->blocked              = User::BLOCKED_NO;
                    $user->email_verified       = User::EMAIL_VERIFIED_NO;
                    $user->login_attempt        = 0;

                    if ($currentNetwork->default == Network::DEFAULT_YES) {
                        $user->request_access = User::REQUEST_ACCESS_APPROVED;
                    } else {
                        $user->request_access = User::REQUEST_ACCESS_PENDING;
                    }

                    $externalCredentials = ExternalCredentials::getInstancia($this->config, $this->adapter);
                    $externalCredentials->completeDataFromNewUser($user);

                    if ($userMapper->insert($user)) {

                        $userPassword = new UserPassword();
                        $userPassword->user_id = $user->id;
                        $userPassword->password = $password_hash;

                        $userPasswordMapper = UserPasswordMapper::getInstance($this->adapter);
                        $userPasswordMapper->insert($userPassword);

                        $emailTemplateMapper = EmailTemplateMapper::getInstance($this->adapter);
                        $emailTemplate = $emailTemplateMapper->fetchOneByCodeAndNetworkId(EmailTemplate::CODE_USER_REGISTER, $currentNetwork->id);
                        if ($emailTemplate) {
                            $arrayCont = [
                                'firstname'             => $user->first_name,
                                'lastname'              => $user->last_name,
                                'other_user_firstname'  => '',
                                'other_user_lastname'   => '',
                                'company_name'          => '',
                                'group_name'            => '',
                                'content'               => '',
                                'code'                  => '',
                                'link'                  => $this->url()->fromRoute('activate-account', ['code' => $user->activation_key], ['force_canonical' => true])
                            ];

                            $email = new QueueEmail($this->adapter);
                            $email->processEmailTemplate($emailTemplate, $arrayCont, $user->email, trim($user->first_name . ' ' . $user->last_name));
                        }

                        $this->logger->info('Registro con Exito ', ['user_id' => $user->id, 'ip' => Functions::getUserIP()]);

                        return new JsonModel([
                            'success' => true,
                            'data' => 'LABEL_REGISTRATION_DONE'
                        ]);
                    } else {
                        $this->logger->err('Registro ' . $email . '- Ha ocurrido un error ', ['ip' => Functions::getUserIP()]);

                        return new JsonModel([
                            'success' => false,
                            'data' => 'ERROR_THERE_WAS_AN_ERROR'
                        ]);
                    }
                }
            } else {

                $form_messages =  $form->getMessages('captcha');
                if (!empty($form_messages)) {
                    return new JsonModel([
                        'success'   => false,
                        'data'      => 'ERROR_RECAPTCHA_EMPTY'
                    ]);
                }

                $messages = [];

                $form_messages = (array) $form->getMessages();
                foreach ($form_messages  as $fieldname => $field_messages) {
                    $messages[$fieldname] = array_values($field_messages);
                }

                return new JsonModel([
                    'success'   => false,
                    'data'   => $messages
                ]);
            }
        } else if ($request->isGet()) {

            if (empty($_SESSION['aes'])) {
                $_SESSION['aes'] = Functions::generatePassword(16);
            }

            if ($this->config['leaderslinked.runmode.sandbox']) {
                $site_key      = $this->config['leaderslinked.google_captcha.sandbox_site_key'];
            } else {
                $site_key      = $this->config['leaderslinked.google_captcha.production_site_key'];
            }

            $email      = isset($_COOKIE['email']) ? $_COOKIE['email'] : '';

            return new JsonModel([
                'site_key'  => $site_key,
                'aes'       => $_SESSION['aes'],
                'defaultNetwork' => $currentNetwork->default,
            ]);
        }

        return new JsonModel([
            'success' => false,
            'data' => 'ERROR_METHOD_NOT_ALLOWED'
        ]);
    }

    public function activateAccountAction()
    {

        $currentNetworkPlugin = $this->plugin('currentNetworkPlugin');
        $currentNetwork  = $currentNetworkPlugin->getNetwork();



        $request = $this->getRequest();
        if ($request->isGet()) {
            $code   =  Functions::sanitizeFilterString($this->params()->fromRoute('code'));
            $userMapper = UserMapper::getInstance($this->adapter);
            $user = $userMapper->fetchOneByActivationKeyAndNetworkId($code, $currentNetwork->id);



            if ($user) {
                if (User::EMAIL_VERIFIED_YES == $user->email_verified) {

                    $this->logger->err('Verificación email - El código ya habia sido verificao ', ['user_id' => $user->id, 'ip' => Functions::getUserIP()]);

                    $response = [
                        'success' => false,
                        'data' => 'ERROR_EMAIL_HAS_BEEN_PREVIOUSLY_VERIFIED'
                    ];

                    return new JsonModel($response);
                } else {

                    if ($userMapper->activateAccount((int) $user->id)) {

                        $this->logger->info('Verificación email realizada ', ['user_id' => $user->id, 'ip' => Functions::getUserIP()]);



                        $user_share_invitation = $this->cache->getItem('user_share_invitation');

                        if ($user_share_invitation) {
                            $userRedirect = $userMapper->fetchOneByUuid($user_share_invitation);
                            if ($userRedirect && $userRedirect->status == User::STATUS_ACTIVE && $user->id != $userRedirect->id) {
                                $connectionMapper = ConnectionMapper::getInstance($this->adapter);
                                $connection = $connectionMapper->fetchOneByUserId1AndUserId2($user->id, $userRedirect->id);

                                if ($connection) {

                                    if ($connection->status != Connection::STATUS_ACCEPTED) {
                                        $connectionMapper->approve($connection);
                                    }
                                } else {
                                    $connection = new Connection();
                                    $connection->request_from = $user->id;
                                    $connection->request_to = $userRedirect->id;
                                    $connection->status = Connection::STATUS_ACCEPTED;

                                    $connectionMapper->insert($connection);
                                }
                            }
                        }



                        $this->cache->removeItem('user_share_invitation');


                        if ($currentNetwork->default == Network::DEFAULT_YES) {

                            $response = [
                                'success' => true,
                                'data' => 'LABEL_YOUR_EMAIL_HAS_BEEN_VERIFIED'
                            ];

                            return new JsonModel($response);
                        } else {

                            $emailTemplateMapper = EmailTemplateMapper::getInstance($this->adapter);
                            $emailTemplate = $emailTemplateMapper->fetchOneByCodeAndNetworkId(EmailTemplate::CODE_REQUEST_ACCESS_PENDING, $currentNetwork->id);

                            if ($emailTemplate) {
                                $arrayCont = [
                                    'firstname'             => $user->first_name,
                                    'lastname'              => $user->last_name,
                                    'other_user_firstname'  => '',
                                    'other_user_lastname'   => '',
                                    'company_name'          => '',
                                    'group_name'            => '',
                                    'content'               => '',
                                    'code'                  => '',
                                    'link'                  => '',
                                ];

                                $email = new QueueEmail($this->adapter);
                                $email->processEmailTemplate($emailTemplate, $arrayCont, $user->email, trim($user->first_name . ' ' . $user->last_name));
                            }

                            $response = [
                                'success' => true,
                                'data' => 'LABEL_YOUR_EMAIL_HAS_BEEN_VERIFIED_WE_ARE_VERIFYING_YOUR_INFORMATION'
                            ];

                            return new JsonModel($response);
                        }
                    } else {
                        $this->logger->err('Verificación email - Ha ocurrido un error ', ['user_id' => $user->id, 'ip' => Functions::getUserIP()]);

                        $response = [
                            'success' => false,
                            'data' => 'ERROR_THERE_WAS_AN_ERROR'
                        ];

                        return new JsonModel($response);
                    }
                }
            } else {


                $this->logger->err('Verificación email - El código no existe ', ['ip' => Functions::getUserIP()]);

                $response = [
                    'success' => false,
                    'data' => 'ERROR_ACTIVATION_CODE_IS_NOT_VALID'
                ];

                return new JsonModel($response);
            }
        } else {
            $response = [
                'success' => false,
                'data' => 'ERROR_METHOD_NOT_ALLOWED'
            ];
        }

        return new JsonModel($response);
    }

    public function onroomAction()
    {
        $currentNetworkPlugin = $this->plugin('currentNetworkPlugin');
        $currentNetwork  = $currentNetworkPlugin->getNetwork();



        $request = $this->getRequest();

        if ($request->isPost()) {

            $dataPost = $request->getPost()->toArray();


            $form = new  MoodleForm();
            $form->setData($dataPost);
            if ($form->isValid()) {

                $dataPost   = (array) $form->getData();
                $username   = $dataPost['username'];
                $password   = $dataPost['password'];
                $timestamp  = $dataPost['timestamp'];
                $rand       = $dataPost['rand'];
                $data       = $dataPost['data'];

                $config_username    = $this->config['leaderslinked.moodle.username'];
                $config_password    = $this->config['leaderslinked.moodle.password'];
                $config_rsa_n       = $this->config['leaderslinked.moodle.rsa_n'];
                $config_rsa_d       = $this->config['leaderslinked.moodle.rsa_d'];
                $config_rsa_e       = $this->config['leaderslinked.moodle.rsa_e'];




                if (empty($username) || empty($password) || empty($timestamp) || empty($rand) || !is_integer($rand)) {
                    echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY1']);
                    exit;
                }

                if ($username != $config_username) {
                    echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY2']);
                    exit;
                }

                $dt = \DateTime::createFromFormat('Y-m-d\TH:i:s', $timestamp);
                if (!$dt) {
                    echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY3']);
                    exit;
                }

                $t0 = $dt->getTimestamp();
                $t1 = strtotime('-5 minutes');
                $t2 = strtotime('+5 minutes');

                if ($t0 < $t1 || $t0 > $t2) {
                    //echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY4']) ;
                    //exit;
                }

                if (!password_verify($username . '-' . $config_password . '-' . $rand . '-' . $timestamp, $password)) {
                    echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY5']);
                    exit;
                }

                if (empty($data)) {
                    echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS1']);
                    exit;
                }

                $data = base64_decode($data);
                if (empty($data)) {
                    echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS2']);
                    exit;
                }


                try {
                    $rsa = Rsa::getInstance();
                    $data = $rsa->decrypt($data,  $config_rsa_d,  $config_rsa_n);
                } catch (\Throwable $e) {
                    echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS3']);
                    exit;
                }

                $data = (array) json_decode($data);
                if (empty($data)) {
                    echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS4']);
                    exit;
                }

                $email      = isset($data['email']) ? Functions::sanitizeFilterString($data['email']) : '';
                $first_name = isset($data['first_name']) ? Functions::sanitizeFilterString($data['first_name']) : '';
                $last_name  = isset($data['last_name']) ? Functions::sanitizeFilterString($data['last_name']) : '';

                if (!filter_var($email, FILTER_VALIDATE_EMAIL) || empty($first_name) || empty($last_name)) {
                    echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS5']);
                    exit;
                }

                $userMapper = UserMapper::getInstance($this->adapter);
                $user = $userMapper->fetchOneByEmail($email);
                if (!$user) {


                    $user = new User();
                    $user->network_id = $currentNetwork->id;
                    $user->blocked = User::BLOCKED_NO;
                    $user->email = $email;
                    $user->email_verified = User::EMAIL_VERIFIED_YES;
                    $user->first_name = $first_name;
                    $user->last_name = $last_name;
                    $user->login_attempt = 0;
                    $user->password = '-NO-PASSWORD-';
                    $user->usertype_id = UserType::USER;
                    $user->status = User::STATUS_ACTIVE;
                    $user->show_in_search = User::SHOW_IN_SEARCH_YES;

                    if ($userMapper->insert($user)) {
                        echo json_encode(['success' => false, 'data' => $userMapper->getError()]);
                        exit;
                    }

                    $user = $userMapper->fetchOne($user->id);




                    $filename   = trim(isset($data['avatar_filename']) ? filter_var($data['avatar_filename'], FILTER_SANITIZE_EMAIL) : '');
                    $content    = isset($data['avatar_content']) ? Functions::sanitizeFilterString($data['avatar_content']) : '';

                    if ($filename && $content) {
                        $source = sys_get_temp_dir() . DIRECTORY_SEPARATOR . $filename;
                        try {


                            file_put_contents($source, base64_decode($content));
                            if (file_exists($source)) {
                                list($target_width, $target_height) = explode('x', $this->config['leaderslinked.image_sizes.user_size']);

                                $target_filename    = 'user-' . uniqid() . '.png';
                                $crop_to_dimensions = true;

                                $image = Image::getInstance($this->config);
                                $target_path    = $image->getStorage()->getPathUser();
                                $unlink_source  = true;


                                if (!$image->uploadProcessChangeSize($source, $target_path, $user->uuid, $target_filename, $target_width, $target_height, $crop_to_dimensions, $unlink_source)) {
                                    return new JsonModel([
                                        'success'   => false,
                                        'data'   =>  'ERROR_THERE_WAS_AN_ERROR'
                                    ]);
                                }

                                $user->image = $target_filename;
                                $userMapper->updateImage($user);
                            }
                        } catch (\Throwable $e) {
                        } finally {
                            if (file_exists($source)) {
                                unlink($source);
                            }
                        }
                    }
                }

                $auth = new AuthEmailAdapter($this->adapter);
                $auth->setData($email);

                $result = $auth->authenticate();
                if ($result->getCode() == AuthResult::SUCCESS) {
                    return $this->redirect()->toRoute('dashboard');
                } else {
                    $message = $result->getMessages()[0];
                    if (!in_array($message, [
                        'ERROR_USER_NOT_FOUND',
                        'ERROR_USER_EMAIL_HASNT_BEEN_VARIFIED',
                        'ERROR_USER_IS_BLOCKED',
                        'ERROR_USER_IS_INACTIVE',
                        'ERROR_ENTERED_PASS_INCORRECT_USER_IS_BLOCKED',
                        'ERROR_ENTERED_PASS_INCORRECT_2',
                        'ERROR_ENTERED_PASS_INCORRECT_1'
                    ])) {
                    }

                    switch ($message) {
                        case 'ERROR_USER_NOT_FOUND':
                            $this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - Email no existe', ['ip' => Functions::getUserIP()]);
                            break;

                        case 'ERROR_USER_EMAIL_HASNT_BEEN_VARIFIED':
                            $this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - Email no verificado', ['ip' => Functions::getUserIP()]);
                            break;

                        case 'ERROR_USER_IS_BLOCKED':
                            $this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - Usuario bloqueado', ['ip' => Functions::getUserIP()]);
                            break;

                        case 'ERROR_USER_IS_INACTIVE':
                            $this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - Usuario inactivo', ['ip' => Functions::getUserIP()]);
                            break;


                        case 'ERROR_ENTERED_PASS_INCORRECT_USER_IS_BLOCKED':
                            $this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - 3er Intento Usuario bloqueado', ['ip' => Functions::getUserIP()]);
                            break;


                        case 'ERROR_ENTERED_PASS_INCORRECT_2':
                            $this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - 1er Intento', ['ip' => Functions::getUserIP()]);
                            break;


                        case 'ERROR_ENTERED_PASS_INCORRECT_1':
                            $this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - 2do Intento', ['ip' => Functions::getUserIP()]);
                            break;


                        default:
                            $message = 'ERROR_UNKNOWN';
                            $this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - Error desconocido', ['ip' => Functions::getUserIP()]);
                            break;
                    }




                    return new JsonModel([
                        'success'   => false,
                        'data'   => $message
                    ]);
                }
            } else {
                $messages = [];



                $form_messages = (array) $form->getMessages();
                foreach ($form_messages  as $fieldname => $field_messages) {

                    $messages[$fieldname] = array_values($field_messages);
                }

                return new JsonModel([
                    'success'   => false,
                    'data'   => $messages
                ]);
            }
        } else {
            $data = [
                'success' => false,
                'data' => 'ERROR_METHOD_NOT_ALLOWED'
            ];

            return new JsonModel($data);
        }

        return new JsonModel($data);
    }



    public function cesamsAction()
    {
        $currentNetworkPlugin = $this->plugin('currentNetworkPlugin');
        $currentNetwork  = $currentNetworkPlugin->getNetwork();

        $request = $this->getRequest();

        if ($request->isPost()) {

            $dataPost = $request->getPost()->toArray();


            $form = new  MoodleForm();
            $form->setData($dataPost);
            if ($form->isValid()) {

                $dataPost   = (array) $form->getData();
                $username   = $dataPost['username'];
                $password   = $dataPost['password'];
                $timestamp  = $dataPost['timestamp'];
                $rand       = $dataPost['rand'];
                $data       = $dataPost['data'];

                $config_username    = $this->config['leaderslinked.moodle.username'];
                $config_password    = $this->config['leaderslinked.moodle.password'];
                $config_rsa_n       = $this->config['leaderslinked.moodle.rsa_n'];
                $config_rsa_d       = $this->config['leaderslinked.moodle.rsa_d'];
                //$config_rsa_e       = $this->config['leaderslinked.moodle.rsa_e'];

                if (empty($username) || empty($password) || empty($timestamp) || empty($rand) || !is_integer($rand)) {
                    echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY1']);
                    exit;
                }

                if ($username != $config_username) {
                    echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY2']);
                    exit;
                }

                $dt = \DateTime::createFromFormat('Y-m-d\TH:i:s', $timestamp);
                if (!$dt) {
                    echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY3']);
                    exit;
                }

                $dt = \DateTimeImmutable::createFromFormat('Y-m-d\TH:i:s',  gmdate('Y-m-d\TH:i:s'));
                $dtMax = $dt->add(\DateInterval::createFromDateString('5 minutes'));
                $dtMin = $dt->sub(\DateInterval::createFromDateString('5 minutes'));


                $t0 = $dt->getTimestamp();
                $t1 = $dtMin->getTimestamp();
                $t2 = $dtMax->getTimestamp();
                if ($t0 < $t1 || $t0 > $t2) {
                    echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY4']);
                    exit;
                }

                if (!password_verify($username . '-' . $config_password . '-' . $rand . '-' . $timestamp, $password)) {
                    echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY5']);
                    exit;
                }

                if (empty($data)) {
                    echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS1']);
                    exit;
                }

                $data = base64_decode($data);
                if (empty($data)) {
                    echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS2']);
                    exit;
                }

                try {
                    $rsa = Rsa::getInstance();
                    $data = $rsa->decrypt($data,  $config_rsa_d,  $config_rsa_n);
                } catch (\Throwable $e) {
                    echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS3']);
                    exit;
                }

                $data = (array) json_decode($data);
                if (empty($data)) {
                    echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS4']);
                    exit;
                }

                $email      = isset($data['email']) ? Functions::sanitizeFilterString($data['email']) : '';
                $first_name = isset($data['first_name']) ? Functions::sanitizeFilterString($data['first_name']) : '';
                $last_name  = isset($data['last_name']) ? Functions::sanitizeFilterString($data['last_name']) : '';
                $password   = isset($data['password']) ? Functions::sanitizeFilterString($data['password']) : '';

                if (!filter_var($email, FILTER_VALIDATE_EMAIL) || empty($first_name) || empty($last_name) || empty($password)) {
                    echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS5']);
                    exit;
                }

                $userMapper = UserMapper::getInstance($this->adapter);
                $user = $userMapper->fetchOneByEmail($email);
                if (!$user) {

                    $user = new User();
                    $user->network_id = $currentNetwork->id;
                    $user->blocked = User::BLOCKED_NO;
                    $user->email = $email;
                    $user->email_verified = User::EMAIL_VERIFIED_YES;
                    $user->first_name = $first_name;
                    $user->last_name = $last_name;
                    $user->login_attempt = 0;
                    $user->password = password_hash($password, PASSWORD_DEFAULT);
                    $user->usertype_id = UserType::USER;
                    $user->status = User::STATUS_ACTIVE;
                    $user->show_in_search = User::SHOW_IN_SEARCH_YES;

                    if ($userMapper->insert($user)) {
                        echo json_encode(['success' => false, 'data' => $userMapper->getError()]);
                        exit;
                    }

                    $user = $userMapper->fetchOne($user->id);

                    $userPassword = new UserPassword();
                    $userPassword->user_id = $user->id;
                    $userPassword->password = password_hash($password, PASSWORD_DEFAULT);

                    $userPasswordMapper = UserPasswordMapper::getInstance($this->adapter);
                    $userPasswordMapper->insert($userPassword);

                    $userDefaultForConnection = $userMapper->fetchOneDefaultForConnection();
                    if ($userDefaultForConnection) {

                        $connection = new Connection();
                        $connection->request_from = $userDefaultForConnection->id;
                        $connection->request_to = $user->id;
                        $connection->status = Connection::STATUS_ACCEPTED;

                        $connectionMapper = ConnectionMapper::getInstance($this->adapter);
                        $connectionMapper->insert($connection);
                    }
                }

                return new JsonModel([
                    'success'   => true,
                    'data'   => $user->uuid
                ]);
            } else {
                $messages = [];



                $form_messages = (array) $form->getMessages();
                foreach ($form_messages  as $fieldname => $field_messages) {

                    $messages[$fieldname] = array_values($field_messages);
                }

                return new JsonModel([
                    'success'   => false,
                    'data'   => $messages
                ]);
            }
        } else {
            $data = [
                'success' => false,
                'data' => 'ERROR_METHOD_NOT_ALLOWED'
            ];

            return new JsonModel($data);
        }

        return new JsonModel($data);
    }

    public function csrfAction()
    {
        $request = $this->getRequest();
        if ($request->isGet()) {

            $jwtToken = null;
            $headers = getallheaders();


            if (!empty($headers['authorization']) || !empty($headers['Authorization'])) {

                $token = trim(empty($headers['authorization']) ? $headers['Authorization'] : $headers['authorization']);


                if (substr($token, 0, 6) == 'Bearer') {

                    $token = trim(substr($token, 7));

                    if (!empty($this->config['leaderslinked.jwt.key'])) {
                        $key = $this->config['leaderslinked.jwt.key'];


                        try {
                            $payload = JWT::decode($token, new Key($key, 'HS256'));


                            if (empty($payload->iss) || $payload->iss != $_SERVER['HTTP_HOST']) {
                                return new JsonModel(['success' => false, 'data' => 'Unauthorized - JWT - Wrong server',  'fatal'  => true]);
                            }

                            $uuid = empty($payload->uuid) ? '' : $payload->uuid;
                            $jwtTokenMapper = JwtTokenMapper::getInstance($this->adapter);
                            $jwtToken = $jwtTokenMapper->fetchOneByUuid($uuid);
                            if (!$jwtToken) {
                                return new JsonModel(['success' => false, 'data' => 'Unauthorized - JWT - Expired',  'fatal'  => true]);
                            }
                        } catch (\Exception $e) {
                            return new JsonModel(['success' => false, 'data' => 'Unauthorized - JWT - Wrong key',  'fatal'  => true]);
                        }
                    } else {
                        return new JsonModel(['success' => false, 'data' => 'Unauthorized - JWT - SecreteKey required',  'fatal'  => true]);
                    }
                } else {
                    return new JsonModel(['success' => false, 'data' => 'Unauthorized - JWT - Bearer required',  'fatal'  => true]);
                }
            } else {
                return new JsonModel(['success' => false, 'data' => 'Unauthorized - JWT - Required',  'fatal'  => true]);
            }

            $jwtToken->csrf = md5(uniqid('CSFR-' . mt_rand(), true));
            $jwtTokenMapper = JwtTokenMapper::getInstance($this->adapter);
            $jwtTokenMapper->update($jwtToken);


            // error_log('token id = ' . $jwtToken->id . ' csrf = ' . $jwtToken->csrf);


            return new JsonModel([
                'success' => true,
                'data' => $jwtToken->csrf
            ]);
        } else {
            return new JsonModel([
                'success' => false,
                'data' => 'ERROR_METHOD_NOT_ALLOWED'
            ]);
        }
    }

    public function impersonateAction()
    {
        $request = $this->getRequest();
        if ($request->isGet()) {
            $user_uuid  = Functions::sanitizeFilterString($this->params()->fromQuery('user_uuid'));
            $rand       = filter_var($this->params()->fromQuery('rand'), FILTER_SANITIZE_NUMBER_INT);
            $timestamp  = filter_var($this->params()->fromQuery('time'), FILTER_SANITIZE_NUMBER_INT);
            $password   = Functions::sanitizeFilterString($this->params()->fromQuery('password'));


            if (!$user_uuid || !$rand || !$timestamp || !$password) {
                throw new \Exception('ERROR_PARAMETERS_ARE_INVALID');
            }


            $currentUserPlugin = $this->plugin('currentUserPlugin');
            $currentUserPlugin->clearIdentity();


            $authAdapter = new AuthImpersonateAdapter($this->adapter, $this->config);
            $authAdapter->setDataAdmin($user_uuid, $password, $timestamp, $rand);

            $authService = new AuthenticationService();
            $result = $authService->authenticate($authAdapter);


            if ($result->getCode() == AuthResult::SUCCESS) {
                return $this->redirect()->toRoute('dashboard');
            } else {
                throw new \Exception($result->getMessages()[0]);
            }
        }

        return new JsonModel([
            'success' => false,
            'data' => 'ERROR_METHOD_NOT_ALLOWED'
        ]);
    }



    public function debugAction()
    {
        $currentNetworkPlugin = $this->plugin('currentNetworkPlugin');
        $currentNetwork = $currentNetworkPlugin->getNetwork();

        $request = $this->getRequest();

        if ($request->isPost()) {
            $currentNetworkPlugin = $this->plugin('currentNetworkPlugin');
            $currentNetwork = $currentNetworkPlugin->getNetwork();

            $jwtToken = null;
            $headers = getallheaders();


            if (!empty($headers['authorization']) || !empty($headers['Authorization'])) {

                $token = trim(empty($headers['authorization']) ? $headers['Authorization'] : $headers['authorization']);


                if (substr($token, 0, 6) == 'Bearer') {

                    $token = trim(substr($token, 7));

                    if (!empty($this->config['leaderslinked.jwt.key'])) {
                        $key = $this->config['leaderslinked.jwt.key'];


                        try {
                            $payload = JWT::decode($token, new Key($key, 'HS256'));


                            if (empty($payload->iss) || $payload->iss != $_SERVER['HTTP_HOST']) {
                                return new JsonModel(['success' => false, 'data' => 'Unauthorized - JWT - Wrong server',  'fatal'  => true]);
                            }

                            $uuid = empty($payload->uuid) ? '' : $payload->uuid;
                            $jwtTokenMapper = JwtTokenMapper::getInstance($this->adapter);
                            $jwtToken = $jwtTokenMapper->fetchOneByUuid($uuid);
                            if (!$jwtToken) {
                                return new JsonModel(['success' => false, 'data' => 'Unauthorized - JWT - Expired',  'fatal'  => true]);
                            }
                        } catch (\Exception $e) {
                            return new JsonModel(['success' => false, 'data' => 'Unauthorized - JWT - Wrong key',  'fatal'  => true]);
                        }
                    } else {
                        return new JsonModel(['success' => false, 'data' => 'Unauthorized - JWT - SecreteKey required',  'fatal'  => true]);
                    }
                } else {
                    return new JsonModel(['success' => false, 'data' => 'Unauthorized - JWT - Bearer required',  'fatal'  => true]);
                }
            } else {
                return new JsonModel(['success' => false, 'data' => 'Unauthorized - JWT - Required',  'fatal'  => true]);
            }



            $form = new  SigninDebugForm($this->config);
            $dataPost = $request->getPost()->toArray();

            if (empty($_SESSION['aes'])) {
                return new JsonModel([
                    'success'   => false,
                    'data'      => 'ERROR_WEBSERVICE_ENCRYPTION_KEYS_NOT_FOUND'
                ]);
            }

            error_log(print_r($dataPost, true));

            $aes = $_SESSION['aes'];
            error_log('aes : ' . $aes);


            unset($_SESSION['aes']);

            if (!empty($dataPost['email'])) {
                $dataPost['email'] = CryptoJsAes::decrypt($dataPost['email'], $aes);
            }


            if (!empty($dataPost['password'])) {
                $dataPost['password'] = CryptoJsAes::decrypt($dataPost['password'], $aes);
            }


            error_log(print_r($dataPost, true));

            $form->setData($dataPost);

            if ($form->isValid()) {

                $dataPost = (array) $form->getData();


                $email      = $dataPost['email'];
                $password   = $dataPost['password'];





                $authAdapter = new AuthAdapter($this->adapter, $this->logger);
                $authAdapter->setData($email, $password, $currentNetwork->id);
                $authService = new AuthenticationService();

                $result = $authService->authenticate($authAdapter);

                if ($result->getCode() == AuthResult::SUCCESS) {

                    $identity = $result->getIdentity();


                    $userMapper = UserMapper::getInstance($this->adapter);
                    $user = $userMapper->fetchOne($identity['user_id']);


                    if ($token) {
                        $jwtToken->user_id = $user->id;
                        $jwtTokenMapper = JwtTokenMapper::getInstance($this->adapter);
                        $jwtTokenMapper->update($jwtToken);
                    }


                    $navigator = get_browser(null, true);
                    $device_type    =  isset($navigator['device_type']) ? $navigator['device_type'] : '';
                    $platform       =  isset($navigator['platform']) ? $navigator['platform'] : '';
                    $browser        =  isset($navigator['browser']) ? $navigator['browser'] : '';


                    $istablet = isset($navigator['istablet']) ?  intval($navigator['istablet']) : 0;
                    $ismobiledevice = isset($navigator['ismobiledevice']) ? intval($navigator['ismobiledevice']) : 0;
                    $version = isset($navigator['version']) ? $navigator['version'] : '';


                    $userBrowserMapper = UserBrowserMapper::getInstance($this->adapter);
                    $userBrowser = $userBrowserMapper->fetch($user->id, $device_type, $platform, $browser);
                    if ($userBrowser) {
                        $userBrowserMapper->update($userBrowser);
                    } else {
                        $userBrowser = new UserBrowser();
                        $userBrowser->user_id           = $user->id;
                        $userBrowser->browser           = $browser;
                        $userBrowser->platform          = $platform;
                        $userBrowser->device_type       = $device_type;
                        $userBrowser->is_tablet         = $istablet;
                        $userBrowser->is_mobile_device  = $ismobiledevice;
                        $userBrowser->version           = $version;

                        $userBrowserMapper->insert($userBrowser);
                    }
                    //

                    $ip = Functions::getUserIP();
                    $ip = $ip == '127.0.0.1' ? '148.240.211.148' : $ip;

                    $userIpMapper = UserIpMapper::getInstance($this->adapter);
                    $userIp = $userIpMapper->fetch($user->id, $ip);
                    if (empty($userIp)) {

                        if ($this->config['leaderslinked.runmode.sandbox']) {
                            $filename = $this->config['leaderslinked.geoip2.production_database'];
                        } else {
                            $filename = $this->config['leaderslinked.geoip2.sandbox_database'];
                        }

                        $reader = new GeoIp2Reader($filename); //GeoIP2-City.mmdb');
                        $record = $reader->city($ip);
                        if ($record) {
                            $userIp = new UserIp();
                            $userIp->user_id = $user->id;
                            $userIp->city = !empty($record->city->name) ? Functions::utf8_decode($record->city->name) : '';
                            $userIp->state_code = !empty($record->mostSpecificSubdivision->isoCode) ? Functions::utf8_decode($record->mostSpecificSubdivision->isoCode) : '';
                            $userIp->state_name = !empty($record->mostSpecificSubdivision->name) ? Functions::utf8_decode($record->mostSpecificSubdivision->name) : '';
                            $userIp->country_code = !empty($record->country->isoCode) ? Functions::utf8_decode($record->country->isoCode) : '';
                            $userIp->country_name = !empty($record->country->name) ? Functions::utf8_decode($record->country->name) : '';
                            $userIp->ip = $ip;
                            $userIp->latitude = !empty($record->location->latitude) ? $record->location->latitude : 0;
                            $userIp->longitude = !empty($record->location->longitude) ? $record->location->longitude : 0;
                            $userIp->postal_code = !empty($record->postal->code) ? $record->postal->code : '';

                            $userIpMapper->insert($userIp);
                        }
                    } else {
                        $userIpMapper->update($userIp);
                    }

                    /*
                     if ($remember) {
                     $expired = time() + 365 * 24 * 60 * 60;
                     
                     $cookieEmail = new SetCookie('email', $email, $expired);
                     } else {
                     $expired = time() - 7200;
                     $cookieEmail = new SetCookie('email', '', $expired);
                     }
                     
                     
                     $response = $this->getResponse();
                     $response->getHeaders()->addHeader($cookieEmail);
                     */





                    $this->logger->info('Ingreso a LeadersLiked', ['user_id' => $user->id, 'ip' => Functions::getUserIP()]);

                    $user_share_invitation = $this->cache->getItem('user_share_invitation');

                    $url =  $this->url()->fromRoute('dashboard');

                    if ($user_share_invitation && is_array($user_share_invitation)) {

                        $content_uuid = $user_share_invitation['code'];
                        $content_type = $user_share_invitation['type'];
                        $content_user = $user_share_invitation['user'];



                        $userRedirect = $userMapper->fetchOneByUuid($content_user);
                        if ($userRedirect && $userRedirect->status == User::STATUS_ACTIVE && $user->id != $userRedirect->id) {
                            $connectionMapper = ConnectionMapper::getInstance($this->adapter);
                            $connection = $connectionMapper->fetchOneByUserId1AndUserId2($user->id, $userRedirect->id);

                            if ($connection) {

                                if ($connection->status != Connection::STATUS_ACCEPTED) {
                                    $connectionMapper->approve($connection);
                                }
                            } else {
                                $connection = new Connection();
                                $connection->request_from = $user->id;
                                $connection->request_to = $userRedirect->id;
                                $connection->status = Connection::STATUS_ACCEPTED;

                                $connectionMapper->insert($connection);
                            }
                        }

                        if ($content_type == 'feed') {
                            $url = $this->url()->fromRoute('dashboard', ['feed' => $content_uuid]);
                        } else if ($content_type == 'post') {
                            $url = $this->url()->fromRoute('post', ['id' => $content_uuid]);
                        } else {
                            $url = $this->url()->fromRoute('dashboard');
                        }
                    }


                    $hostname = empty($_SERVER['HTTP_HOST']) ?  '' : $_SERVER['HTTP_HOST'];

                    $networkMapper = NetworkMapper::getInstance($this->adapter);
                    $network = $networkMapper->fetchOneByHostnameForFrontend($hostname);

                    if (!$network) {
                        $network = $networkMapper->fetchOneByDefault();
                    }

                    $hostname = trim($network->main_hostname);
                    $url = 'https://' . $hostname . $url;


                    $data = [
                        'redirect'  => $url,
                        'uuid'      => $user->uuid,
                    ];




                    if ($currentNetwork->xmpp_active) {
                        $externalCredentials = ExternalCredentials::getInstancia($this->config, $this->adapter);
                        $externalCredentials->getUserBy($user->id);


                        $data['xmpp_domain'] = $currentNetwork->xmpp_domain;
                        $data['xmpp_hostname'] = $currentNetwork->xmpp_hostname;
                        $data['xmpp_port'] = $currentNetwork->xmpp_port;
                        $data['xmpp_username'] = $externalCredentials->getUsernameXmpp();
                        $data['xmpp_pasword'] = $externalCredentials->getPasswordXmpp();
                        $data['inmail_username'] = $externalCredentials->getUsernameInmail();
                        $data['inmail_pasword'] = $externalCredentials->getPasswordInmail();
                    }

                    $data = [
                        'success'   => true,
                        'data'      => $data
                    ];


                    $this->cache->removeItem('user_share_invitation');
                } else {

                    $message = $result->getMessages()[0];
                    if (!in_array($message, [
                        'ERROR_USER_NOT_FOUND',
                        'ERROR_USER_EMAIL_HASNT_BEEN_VARIFIED',
                        'ERROR_USER_IS_BLOCKED',
                        'ERROR_USER_IS_INACTIVE',
                        'ERROR_ENTERED_PASS_INCORRECT_USER_IS_BLOCKED',
                        'ERROR_ENTERED_PASS_INCORRECT_2',
                        'ERROR_ENTERED_PASS_INCORRECT_1',
                        'ERROR_USER_REQUEST_ACCESS_IS_PENDING',
                        'ERROR_USER_REQUEST_ACCESS_IS_REJECTED'


                    ])) {
                    }

                    switch ($message) {
                        case 'ERROR_USER_NOT_FOUND':
                            $this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - Email no existe', ['ip' => Functions::getUserIP()]);
                            break;

                        case 'ERROR_USER_EMAIL_HASNT_BEEN_VARIFIED':
                            $this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - Email no verificado', ['ip' => Functions::getUserIP()]);
                            break;

                        case 'ERROR_USER_IS_BLOCKED':
                            $this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - Usuario bloqueado', ['ip' => Functions::getUserIP()]);
                            break;

                        case 'ERROR_USER_IS_INACTIVE':
                            $this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - Usuario inactivo', ['ip' => Functions::getUserIP()]);
                            break;


                        case 'ERROR_ENTERED_PASS_INCORRECT_USER_IS_BLOCKED':
                            $this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - 3er Intento Usuario bloqueado', ['ip' => Functions::getUserIP()]);
                            break;


                        case 'ERROR_ENTERED_PASS_INCORRECT_2':
                            $this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - 1er Intento', ['ip' => Functions::getUserIP()]);
                            break;


                        case 'ERROR_ENTERED_PASS_INCORRECT_1':
                            $this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - 2do Intento', ['ip' => Functions::getUserIP()]);
                            break;


                        case 'ERROR_USER_REQUEST_ACCESS_IS_PENDING':
                            $this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - Falta verificar que pertence a la Red Privada', ['ip' => Functions::getUserIP()]);
                            break;

                        case  'ERROR_USER_REQUEST_ACCESS_IS_REJECTED':
                            $this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - Rechazado por no pertence a la Red Privada', ['ip' => Functions::getUserIP()]);
                            break;


                        default:
                            $message = 'ERROR_UNKNOWN';
                            $this->logger->err('Error de ingreso a LeadersLinked de ' . $email . ' - Error desconocido', ['ip' => Functions::getUserIP()]);
                            break;
                    }




                    $data = [
                        'success'   => false,
                        'data'   => $message
                    ];
                }

                return new JsonModel($data);
            } else {
                $messages = [];



                $form_messages = (array) $form->getMessages();
                foreach ($form_messages  as $fieldname => $field_messages) {

                    $messages[$fieldname] = array_values($field_messages);
                }

                return new JsonModel([
                    'success'   => false,
                    'data'   => $messages
                ]);
            }
        } else if ($request->isGet()) {

            $aes = '';
            $jwtToken = null;
            $headers = getallheaders();


            if (!empty($headers['authorization']) || !empty($headers['Authorization'])) {

                $token = trim(empty($headers['authorization']) ? $headers['Authorization'] : $headers['authorization']);


                if (substr($token, 0, 6) == 'Bearer') {

                    $token = trim(substr($token, 7));

                    if (!empty($this->config['leaderslinked.jwt.key'])) {
                        $key = $this->config['leaderslinked.jwt.key'];


                        try {
                            $payload = JWT::decode($token, new Key($key, 'HS256'));


                            if (empty($payload->iss) || $payload->iss != $_SERVER['HTTP_HOST']) {
                                return new JsonModel(['success' => false, 'data' => 'Unauthorized - JWT - Wrong server',  'fatal'  => true]);
                            }

                            $uuid = empty($payload->uuid) ? '' : $payload->uuid;
                            $jwtTokenMapper = JwtTokenMapper::getInstance($this->adapter);
                            $jwtToken = $jwtTokenMapper->fetchOneByUuid($uuid);
                        } catch (\Exception $e) {
                            //Token invalido
                        }
                    }
                }
            }


            if (!$jwtToken) {

                $aes = Functions::generatePassword(16);

                $jwtToken = new JwtToken();
                $jwtToken->aes = $aes;

                $jwtTokenMapper = JwtTokenMapper::getInstance($this->adapter);
                if ($jwtTokenMapper->insert($jwtToken)) {
                    $jwtToken = $jwtTokenMapper->fetchOne($jwtToken->id);
                }

                $token = '';

                if (!empty($this->config['leaderslinked.jwt.key'])) {
                    $issuedAt   = new \DateTimeImmutable();
                    $expire     = $issuedAt->modify('+365 days')->getTimestamp();
                    $serverName = $_SERVER['HTTP_HOST'];
                    $payload = [
                        'iat'  => $issuedAt->getTimestamp(),
                        'iss'  => $serverName,
                        'nbf'  => $issuedAt->getTimestamp(),
                        'exp'  => $expire,
                        'uuid' => $jwtToken->uuid,
                    ];


                    $key = $this->config['leaderslinked.jwt.key'];
                    $token = JWT::encode($payload, $key, 'HS256');
                }
            }







            if ($this->config['leaderslinked.runmode.sandbox']) {
                $site_key      = $this->config['leaderslinked.google_captcha.sandbox_site_key'];
            } else {
                $site_key      = $this->config['leaderslinked.google_captcha.production_site_key'];
            }


            $access_usign_social_networks = $this->config['leaderslinked.runmode.access_usign_social_networks'];

            $sandbox = $this->config['leaderslinked.runmode.sandbox'];
            if ($sandbox) {
                $google_map_key  = $this->config['leaderslinked.google_map.sandbox_api_key'];
            } else {
                $google_map_key  = $this->config['leaderslinked.google_map.production_api_key'];
            }


            $parts = explode('.', $currentNetwork->main_hostname);
            if ($parts[1] === 'com') {
                $replace_main = false;
            } else {
                $replace_main = true;
            }


            $storage = Storage::getInstance($this->config, $this->adapter);
            $path = $storage->getPathNetwork();

            if ($currentNetwork->logo) {
                $logo_url = $storage->getGenericImage($path, $currentNetwork->uuid, $currentNetwork->logo);
            } else {
                $logo_url = '';
            }

            if ($currentNetwork->navbar) {
                $navbar_url = $storage->getGenericImage($path, $currentNetwork->uuid, $currentNetwork->navbar);
            } else {
                $navbar_url = '';
            }

            if ($currentNetwork->favico) {
                $favico_url = $storage->getGenericImage($path, $currentNetwork->uuid, $currentNetwork->favico);
            } else {
                $favico_url = '';
            }




            $data = [
                'google_map_key'                => $google_map_key,
                'email'                         => '',
                'remember'                      => false,
                'site_key'                      => $site_key,
                'theme_id'                      => $currentNetwork->theme_id,
                'aes'                           => $aes,
                'jwt'                           => $token,
                'defaultNetwork'                => $currentNetwork->default,
                'access_usign_social_networks'  => $access_usign_social_networks && $currentNetwork->default == Network::DEFAULT_YES ? 'y' : 'n',
                'logo_url'                      => $logo_url,
                'navbar_url'                    => $navbar_url,
                'favico_url'                    => $favico_url,
                'intro'                         => $currentNetwork->intro ? $currentNetwork->intro : '',
                'is_logged_in'                  => $jwtToken->user_id ? true : false,

            ];

            if ($currentNetwork->default == Network::DEFAULT_YES) {



                $currentUserPlugin = $this->plugin('currentUserPlugin');
                if ($currentUserPlugin->hasIdentity()) {


                    $externalCredentials = ExternalCredentials::getInstancia($this->config, $this->adapter);
                    $externalCredentials->getUserBy($currentUserPlugin->getUserId());


                    if ($currentNetwork->xmpp_active) {
                        $data['xmpp_domain']      = $currentNetwork->xmpp_domain;
                        $data['xmpp_hostname']    = $currentNetwork->xmpp_hostname;
                        $data['xmpp_port']        = $currentNetwork->xmpp_port;
                        $data['xmpp_username']    = $externalCredentials->getUsernameXmpp();
                        $data['xmpp_password']    = $externalCredentials->getPasswordXmpp();
                        $data['inmail_username']    = $externalCredentials->getUsernameInmail();
                        $data['inmail_password']    = $externalCredentials->getPasswordInmail();
                    }
                }
            }

            $data = [
                'success' => true,
                'data' =>  $data
            ];
        } else {
            $data = [
                'success' => false,
                'data' => 'ERROR_METHOD_NOT_ALLOWED'
            ];

            return new JsonModel($data);
        }

        return new JsonModel($data);
    }
}
Proyectos de Subversion LeadersLinked - Services

(root)/module/LeadersLinked/src/Controller/AuthController.php – Rev 616
