Cutlery/beestat
1
0
Fork 0
mirror of https://github.com/beestat/app.git synced 2025-07-09 03:04:07 -04:00
Code Actions Packages Releases Activity

Polished up ecobee account ID getter to support invalid JWTs

Browse Source
This commit is contained in:
Jon Ziebell 2022-01-08 07:56:45 -05:00
parent 8c507918b6
commit ee6a196a72
1 changed files with 36 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
api/ecobee_token.php
View File

@ -73,32 +73,49 @@ class ecobee_token extends cora\crud {
} }
/** /**
* Get an ecobee_account_id from the ecobee JWT. * Get an ecobee_account_id from the ecobee JWT. Check a bunch of stuff to
* make sure it's valid.
* *
* @param ecobee_token $ecobee_token The ecobee_token. * @param ecobee_token $ecobee_token The ecobee_token.
* *
* @return string The ecobee_account_id. * @return string The ecobee_account_id.
*/ */
public function get_ecobee_account_id($ecobee_token) { public function get_ecobee_account_id($ecobee_token) {
$access_token_decoded = json_decode( $parts = explode('.', $ecobee_token['access_token']);
base64_decode( if(count($parts) !== 3) {
str_replace( return null;
'_', }
'/',
str_replace(
'-',
'+',
explode(
'.',
$ecobee_token['access_token']
)[1]
)
)
),
true
);
return explode('|', $access_token_decoded['sub'])[1]; $payload = $parts[1];
$payload = str_replace(['_', '-'], ['/', '+'], $payload);
$json = base64_decode($payload);
if($json === false) {
return null;
}
$object = json_decode($json, true);
if($object === null) {
return null;
}
if(isset($object['sub']) === false) {
return null;
}
$sub_parts = explode('|', $object['sub']);
if(count($sub_parts) !== 2) {
return null;
}
$ecobee_account_id = $sub_parts[1];
if(strlen($ecobee_account_id) !== 36) {
return null;
}
return $ecobee_account_id;
} }
/** /**