Direct Login to service (e.g. cPanel/Plesk)

[Seb]

I just put a very simple proof of concept together for a client to give them endpoints, so am putting this here in case any one wants to use it as a base for something. This is not production-ready code and I've just put it together very quickly as an example. But it would let a client enter their username and password to Upmind and then log them directly in to their service (e.g. cPanel) as long as they only had one service:

<?php
// Input fields
$brandurl = "https://my.brandurl.com";

class upmindAuth {

    public $api_url;
    public $origin;
    public $token;

    function __construct($origin){
        $this->api_url = 'api.upmind.io'; //live api url
        $this->origin = $origin; // Brand Origin
    }

    public function validate($username,$password){
        if (!$this->api_token('/oauth/access_token',array('username'=>$username,'password'=>$password,'grant_type'=>'password'))){
          return false;
        }
        $account = $this->get('/api/accounts');
        $this->post('/api/accounts/select',array('account_id'=>$account->data[0]->id));
        return $this->get('/api/clients/'.$account->data[0]->pivot->client_id.'?with=custom_fields,tags');
    }

    public function api_token($endpoint,$params){

        $curl = curl_init();
        curl_setopt_array($curl, array(
          CURLOPT_URL => "https://".$this->api_url."/oauth/access_token",
          CURLOPT_RETURNTRANSFER => true,
          CURLOPT_ENCODING => "",
          CURLOPT_MAXREDIRS => 10,
          CURLOPT_TIMEOUT => 30,
          CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
          CURLOPT_CUSTOMREQUEST => "POST",
          CURLOPT_POSTFIELDS => json_encode($params),
          CURLOPT_HTTPHEADER => array(
            "accept: application/vnd.pub.v1+json",
            "cache-control: no-cache",
            "content-type: application/json",
            "origin: $this->origin",
          ),
        ));

        $response = curl_exec($curl);
        $err = curl_error($curl);

        if ($err) {
            return array('success'=>false,'error'=>"cURL Error #:" . $err);
        } else {
            $actor = json_decode($response);           
            if ($actor->status == 'error') {
                return false;
            } 
            if ($actor->second_factor_required){
              $this->token = $actor->access_token;
              $authresponse = $this->post('/oauth/access_token',array('grant_type'=>'twofa','twofa_code'=>$_POST['2fakey']));
              if ($authresponse->status == 'error'){  
                return false;
              } 
              $this->token = $authresponse->access_token;
              return true;
            }
            $this->token = $actor->access_token;
            return true;
        }
    }

    public function get($endpoint){
      
        $curl = curl_init();
        curl_setopt_array($curl, array(
        CURLOPT_URL => "https://".$this->api_url.$endpoint,
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_ENCODING => "",
        CURLOPT_MAXREDIRS => 10,
        CURLOPT_TIMEOUT => 30,
        CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
        CURLOPT_CUSTOMREQUEST => "GET",
        CURLOPT_HTTPHEADER => array(
          "authorization: Bearer ".$this->token,
          "cache-control: no-cache",
          "origin: ".$this->origin,
        ),
      ));

      $response = curl_exec($curl);
      $err = curl_error($curl);
      
      if ($err) {
        echo "cURL Error #:" . $err;
      } else {
          return json_decode($response);
      }
    }

    public function post($endpoint,$params){

      $curl = curl_init();
      curl_setopt_array($curl, array(
      CURLOPT_URL => "https://".$this->api_url.$endpoint,
      CURLOPT_RETURNTRANSFER => true,
      CURLOPT_ENCODING => "",
      CURLOPT_MAXREDIRS => 10,
      CURLOPT_TIMEOUT => 30,
      CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
      CURLOPT_CUSTOMREQUEST => "POST",
      CURLOPT_POSTFIELDS => http_build_query($params),
      CURLOPT_HTTPHEADER => array(
        "authorization: Bearer ".$this->token,
        "cache-control: no-cache",
        "origin: ".$this->origin,
      ),
    ));

    $response = curl_exec($curl);
    $err = curl_error($curl);
    
    if ($err) {
      echo "cURL Error #:" . $err;
    } else {
        return json_decode($response);
    }
  }

}

$upmind = new upmindAuth($brandurl);
$userobject = $upmind->validate($_POST['email'],$_POST['password']);
if (!$userobject){
    $values['error'] = "Login details incorrect";
} else {
    $contractproducts = $upmind->get('/api/contracts_products?filter[status.code]=contract_active');
    if (sizeof($contractproducts->data) !== 1){
        die('not just one product');
    }
    $provisionfunctions = $upmind->get('/api/contracts/' . $contractproducts->data[0]->contract_id . '/products/' . $contractproducts->data[0]->id.'/provision_functions');
    foreach ($provisionfunctions->data as $f){
        if ($f->name == 'getLoginUrl'){
            $login = $upmind->post(
                '/api/contracts/' . $contractproducts->data[0]->contract_id . '/products/' . $contractproducts->data[0]->id.'/provision_requests',
                array(
                    'provision_field_values' => array(),
                    'blueprint_function_id' => $f->id
            ));
            foreach ($login->data->action_logs as $l){
                if (isset($l->data->redirect_url)){
                    header("Location: " . $l->data->redirect_url);
                }
            } 
        }
    }
}

               
?>

<form method="post">
    <input type="text" name="email" placeholder="[email protected]"><br />
    <input type="password" name="password" placeholder="password"><br />
    <input type="text" name="2fakey" placeholder="2fa (optional)"><br />
<input type="submit">