SavvyMoney_8i_source.html

<?php

/*
 * SSO flow
 * smo_config to set parameters
 * smo_getToken to get access token
 * smo_embcurl to make curl calls to SavvyMoney
 * redirect to URI - iframe or form post? Still deciding
 */

/**
 * Configure details for connection to SavvyMoney and logging, etc
 * at HomeCU
 *
 * @param resource $dbh  database handle
 * @param string $accountToUse member account number
 * @param string $email member email saved at HomeCU
 * @param array $parms to hold config settings based on trusted detail
 * @throws Exception
 */
function smo_config($dbh, $accountToUse, $email='', &$parms) {
    $authparms = array();
    $platform = HCU_array_key_value('platform', $parms);
    if (HCU_array_key_value('beta', $parms)) {
        $authparms['authId'] = HCU_array_key_value('betaAuthId', $parms);
        $authparms['Key'] = HCU_array_key_value('betaAuthKey', $parms);
        $authparms['Domain'] = HCU_array_key_value('betaAuthDomain', $parms);
        $authparms['partnerId'] = HCU_array_key_value('betaPartnerId', $parms);
        $authparms['encKey'] = HCU_array_key_value('betaEncKey', $parms);
        $authparms['apiURL'] = HCU_array_key_value('betaAPIurl', $parms);
        $authparms['redirURL'] = (in_array ($platform, ['APP','ADA'] ) ? HCU_array_key_value('betaMBLurl', $parms) : HCU_array_key_value('betaSSOurl', $parms));
//        $authparms['redirURL'] = HCU_array_key_value('betaSSOurl', $parms);
//        $authparms['mblreURL'] = HCU_array_key_value('betaMBLurl', $parms);
    } else {
        $authparms['authId'] = HCU_array_key_value('prodAuthId', $parms);
        $authparms['Key'] = HCU_array_key_value('prodAuthKey', $parms);
        $authparms['Domain'] = HCU_array_key_value('prodAuthDomain', $parms);
        $authparms['partnerId'] = HCU_array_key_value('prodPartnerId', $parms);
        $authparms['encKey'] = HCU_array_key_value('prodEncKey', $parms);
        $authparms['apiURL'] = HCU_array_key_value('prodAPIurl', $parms);
        $authparms['redirURL'] = (in_array ($platform, ['APP','ADA'] ) ? HCU_array_key_value('prodMBLurl', $parms) : HCU_array_key_value('prodSSOurl', $parms));
//        $authparms['redirURL'] = HCU_array_key_value('prodSSOurl', $parms);
//        $authparms['mblreURL'] = HCU_array_key_value('prodMBLurl', $parms);
    }

    if (HCU_array_key_value('PadMbrSize', $parms) > 0) {
        $authparms['memberId'] = substr(str_repeat('0', $parms['PadMbrSize']) . $accountToUse, (-1 * $parms['PadMbrSize']), $parms['PadMbrSize']);
    } else {
        # default no padding
        $authparms['memberId'] = $accountToUse;
    }
    if (!empty($email)) {
        $authparms['email'] = $email;
    }

        $reqparms = array('authId'=>1,
            'Key'=>1,
            'Domain'=>1,
            'partnerId'=>1,
            'encKey'=>1,
            'memberId' => 1,
            'apiURL' => 1,
            'redirURL' => 1
            );
        $missing = array_diff_key($reqparms,$authparms);
        if (sizeof($missing)) {
                throw new Exception("Missing Parameters (" . join(", ",array_keys($missing)) . " )", 100);
        }
    $parms['authparms'] = $authparms;
}

/**
 * Get access token from SavvyMoney
 *
 * @param array $parms trusted detail and hcu config settings
 * @return array results of curl call to SavvyMoney
 */
function smo_getAuthorization( $parms ) {
    $reqparms = array('apiURL' => 1);
    $missing = array_diff_key($reqparms,$parms['authparms']);
    if (sizeof($missing)) {
            throw new Exception("Missing Parameters (" . join(", ",array_keys($missing)) . " )", 100);
    }
    $request = smo_request($parms);
    $reqURL = "{$parms['authparms']['apiURL']}/auth";
    $parms["environment"]["logPoint"] = "smo_getAuthToken";
    $token = smo_embcurl($parms, $reqURL, 'POST', ["Content-Type:application/json"], $request) ;
    return array('request' => $request, 'token' => $token);
}
/**
 * Get access token from SavvyMoney
 *
 * @param array $parms trusted detail and hcu config settings
 * @return array results of curl call to SavvyMoney
 */
function smo_getRedirect( $parms ) {
    $reqparms = array('apiURL' => 1, 'redirURL' => 1, 'smoToken' => 1);
    $missing = array_diff_key($reqparms,$parms['authparms']);
    if (sizeof($missing)) {
            throw new Exception("Missing Parameters (" . join(", ",array_keys($missing)) . " )", 100);
    }
    # if desktop / mobile responsive use redirURL; if app use mblreURL
    $request = json_encode(array('authCode' => $parms['authparms']['smoToken'], 'appUrl' => "{$parms['authparms']['redirURL']}"));
    $reqURL = "{$parms['authparms']['apiURL']}/redirect";
    $parms["environment"]["logPoint"] = "smo_getRedirect";
    $redirection = smo_embcurl($parms, $reqURL, 'POST', ["Content-Type:application/json"], $request) ;
    return array('request' => $request, 'redirect' => $redirection);
}
/**
 * Build json request to get access token from SavvyMoney
 *
 * @param array $parms trusted detail settings in $parms['authparms']
 * @return json
 */
function smo_request( $parms ) {
    $reqparms = array('partnerId' => 1,
                      'encKey' => 1, 'memberId' => 1,
                      'authId' => 1,
                      'Key' => 1,
                      'Domain' => 1);
    $missing = array_diff_key($reqparms,$parms['authparms']);
    if (sizeof($missing)) {
            throw new Exception("Missing Parameters (" . join(", ",array_keys($missing)) . " )", 100);
    }

    $enc_partnerId = encrypt_smo_openssl($parms['authparms']['partnerId'], $parms['authparms']['encKey']);
    $enc_partnerMemberId = encrypt_smo_openssl($parms['authparms']['memberId'], $parms['authparms']['encKey']); # uses 'accountToUse'
    # testing remove for prod
    $enc_partnerMemberId = encrypt_smo_openssl($parms['MIR']['data']['accountnumber'], $parms['authparms']['encKey']); # uses 'accountToUse'

    $attributes = array(
        ['key' => 'partnerId',
            'value' => $enc_partnerId,
            'encrypted' => true],
        ['key' => 'partnerMemberId',
            'value' => $enc_partnerMemberId,
            'encrypted' => true]);

    if (HCU_array_key_value('email', $parms['authparms']) ) {
        $enc_email = encrypt_smo_openssl($parms['authparms']['email'], $parms['authparms']['encKey']);
        $attributes[] =
                ['key' => 'email',
                    'value' => $enc_email,
                    'encrypted' => true];
    }

    if (HCU_array_key_value('firstname', $parms['MIR']['data']) ) {
        $enc_attrib = encrypt_smo_openssl($parms['MIR']['data']['firstname'], $parms['authparms']['encKey']);
        $attributes[] =
                ['key' => 'firstName',
                    'value' => $enc_attrib,
                    'encrypted' => true];
    }

    if (HCU_array_key_value('lastname', $parms['MIR']['data']) ) {
        $enc_attrib = encrypt_smo_openssl($parms['MIR']['data']['lastname'], $parms['authparms']['encKey']);
        $attributes[] =
                ['key' => 'lastName',
                    'value' => $enc_attrib,
                    'encrypted' => true];
    }

    if (HCU_array_key_value('address1', $parms['MIR']['data']) ) {
        $enc_attrib = encrypt_smo_openssl($parms['MIR']['data']['address1'], $parms['authparms']['encKey']);
        $attributes[] =
                ['key' => 'address1',
                    'value' => $enc_attrib,
                    'encrypted' => true];
    }

    if (HCU_array_key_value('city', $parms['MIR']['data']) ) {
        $enc_attrib = encrypt_smo_openssl($parms['MIR']['data']['city'], $parms['authparms']['encKey']);
        $attributes[] =
                ['key' => 'city',
                    'value' => $enc_attrib,
                    'encrypted' => true];
    }

    if (HCU_array_key_value('state', $parms['MIR']['data']) ) {
        $enc_attrib = encrypt_smo_openssl($parms['MIR']['data']['state'], $parms['authparms']['encKey']);
        $attributes[] =
                ['key' => 'state',
                    'value' => $enc_attrib,
                    'encrypted' => true];
    }

    if (HCU_array_key_value('zip', $parms['MIR']['data']) ) {
        $enc_attrib = encrypt_smo_openssl($parms['MIR']['data']['zip'], $parms['authparms']['encKey']);
        $attributes[] =
                ['key' => 'zip',
                    'value' => $enc_attrib,
                    'encrypted' => true];
    }

    if (HCU_array_key_value('dob', $parms['MIR']['data']) ) {
        $enc_attrib = encrypt_smo_openssl($parms['MIR']['data']['dob'], $parms['authparms']['encKey']);
        $attributes[] =
                ['key' => 'dob',
                    'value' => $enc_attrib,
                    'encrypted' => true];
    }

    if (HCU_array_key_value('ssn', $parms['MIR']['data']) ) {
        $enc_attrib = encrypt_smo_openssl($parms['MIR']['data']['ssn'], $parms['authparms']['encKey']);
        $attributes[] =
                ['key' => 'ssn',
                    'value' => $enc_attrib,
                    'encrypted' => true];
    }


    $request = json_encode(array('authId' => $parms['authparms']['authId'],
            'authKey' => $parms['authparms']['Key'],
            'domain' => $parms['authparms']['Domain'],
            'attributes' => $attributes) );
    return $request;

}


/**
 *
 * @param array $parms trusted detail settings and hcu config settings
 * @param string $reqURL URL for connection
 * @param string $reqMethod connection method - defaults to GET
 * @param array $reqHeaders http headers to be included on curl call
 * @param string $reqData payload data to be included on curl call
 * @return array response from curl call, or error if necessary
 */
function smo_embcurl($parms, $reqURL, $reqMethod, $reqHeaders, $reqData = '') {
    $curlopts = array(
        CURLOPT_RETURNTRANSFER => 1,
        CURLOPT_SSL_VERIFYPEER => 0,
        CURLOPT_SSL_VERIFYHOST => 0,
        CURLOPT_HEADER => FALSE,
        CURLOPT_URL => "$reqURL");

    $ch = @curl_init();
    @curl_setopt_array($ch, $curlopts);
    if ($reqMethod != 'GET') {
        @curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $reqMethod);
    }
    if (strlen($reqData) > 0) {
        @curl_setopt($ch, CURLOPT_POSTFIELDS, $reqData);
    }
    @curl_setopt($ch, CURLOPT_HTTPHEADER, $reqHeaders);

    $response = @curl_exec($ch);
    if ($parms["logging"] == "enabled") {
        $logParms = $parms["environment"];      // get the environment info passed in
        $logParms["token"] = '';                // the id used across all communications in session
        $logParms["txnId"] = time();               // the id for this transaction
        $logParms["request"] = "curl ";               // the request
        if ($reqMethod != 'GET') {
            $logParms["request"] .= "-X $reqMethod ";
        }
        if (is_array($reqHeaders)) {
            foreach ($reqHeaders as $hdr) {
                $logParms["request"] .= "-H '$hdr' ";
            }
        }
        if (strlen($reqData) > 0) {
            $logParms["request"] .= "-d '$reqData' ";               // the request
        }
        $logParms["request"] .= "'$reqURL' ";               // the request

        $logParms["request"] .= "\n{$parms['platform']}";

        $logParms["reply"] = print_r(curl_getinfo($ch),true);
        $logParms["reply"] .= "\n$response";            // the response

        LogSSOActivity($logParms);
    }
    $respHTTP = curl_getinfo($ch, CURLINFO_HTTP_CODE);
    if ($respHTTP >= 400 && $respHTTP < 600) {
        # HTTP Response 4xx client error or 5xx server error
        $respArr = array("error" => array("status" => "hcuH" . $respHTTP, "message" => "Connection Failed HTTP Error"));
    } elseif (curl_errno($ch)) {
        $respArr = array("error" => array("status" => "hcuC" . curl_errno($ch), "message" => "Curl Error"));
    } elseif (!isset($response) || $response == '') {
        $respArr = array("error" => array("status" => "hcuE" . curl_errno($ch), "message" => "Empty Response"));
    } else {
        $respArr = json_decode($response, TRUE);
        if (HCU_array_key_value('hasErrors', $respArr) ) {
            $respArr['error'] = array("status" => "dmiE", "message" => HCU_array_key_value('errorMessage',$respArr));
        }
    }

    @curl_close($ch);
    return $respArr;
}

/**
 * Format / verify provided MIR data as required for calls to SavvyMoney
 * Note that SavvyMoney only requires member number and email, member will be
 * prompted to enter other values if they are not passed.
 *
 * @param array $MIR Member info if available
 * @param string $Ml email address
 * @param array $reqMIR list of required values from MIR
 * @param string $datefmt desired format for date values
 * @param boolean $noEmpty are empty responses acceptable?
 * @return array member info formatted as needed for SavvyMoney
 * @throws Exception
 */
function smo_populateMIR($MIR, $Ml, $reqMIR, $datefmt = 'mdY', $noEmpty = false) {
    try {
/*
//$mirFields = Array(
//    "accountnumber",
//    "firstname",
//    "middlename",
//    "lastname",
//    "email",
//    "homephone",
//    "workphone",
//    "cellphone",
//    "fax",
//    "ssn",
//    "address1",
//    "address2",
//    "city",
//    "state",
//    "zip",
//    "cc",
//    "dob",
//    "class"
//  );

*/

  date_default_timezone_set('America/Denver');
  if ( HCU_array_key_value('dob', $MIR) && ($st=strtotime($MIR['dob'])) && $st > strtotime('-100 year') && $st < time()) {
            $MIR['dob'] = date($datefmt, $st);
        } else {
            $MIR['dob'] = '';
        }

        $rmlist = array(' ', '-');
        $MIR['ssn'] = str_replace($rmlist, '', HCU_array_key_value('ssn', $MIR) );
        if (!ctype_digit($MIR['ssn']) || strlen($MIR['ssn']) <> 9) {
            unset($MIR['ssn']);
        }

        $MIR['zip'] = str_replace($rmlist, '',  HCU_array_key_value('zip', $MIR) );
        if (strlen($MIR['zip']) < 5) {
            unset($MIR['zip']);
        } else {
            $MIR['zip'] = substr($MIR['zip'],0,5); # 5 digits only
        }

        $rmlist = array("#", "&", "/", "%", ",", ":", "=", "?", "'");

        $Ml = str_replace($rmlist, "", $Ml);
        if (validateEmail($Ml)) {
            $MIR['email'] = $Ml;
        } else {
            $MIR['email'] = str_replace($rmlist, "",  HCU_array_key_value('email', $MIR) );
            if (!validateEmail($MIR['email'])) {
                unset($MIR['email']);
            }
        }

        $MIR['firstname'] = str_replace($rmlist, "",  HCU_array_key_value('firstname', $MIR) );
        $MIR['lastname'] = str_replace($rmlist, "",  HCU_array_key_value('lastname', $MIR) );
        $MIR['address1'] = str_replace($rmlist, "",  HCU_array_key_value('address1', $MIR) );
        $MIR['address2'] = str_replace($rmlist, "",  HCU_array_key_value('address2', $MIR) );
        $MIR['city'] = str_replace($rmlist, "",  HCU_array_key_value('city', $MIR) );
        $MIR['state'] = str_replace($rmlist, "",  HCU_array_key_value('state', $MIR) );
        if (strlen($MIR['state']) <> 2) {
            unset($MIR['state']);
        }
        $MIR['accountnumber'] = str_replace($rmlist, "", $MIR['accountnumber']);
        # default country code to US.  Assume CU will specify for other countries
        if (!HCU_array_key_value('cc', $MIR) ) {
            $MIR['cc'] = 'US';
        }

        if ($noEmpty) {
            if (!HCU_array_key_value('email',$MIR)) {
                unset($MIR['email']);
            }
            if (!HCU_array_key_value('firstname',$MIR)) {
                unset($MIR['firstname']);
            }
            if (!HCU_array_key_value('lastname',$MIR)) {
                unset($MIR['lastname']);
            }
            if (!HCU_array_key_value('address1',$MIR)) {
                unset($MIR['address1']);
            }
            if (!HCU_array_key_value('address2',$MIR)) {
                unset($MIR['address2']);
            }
            if (!HCU_array_key_value('city',$MIR)) {
                unset($MIR['city']);
            }
            if (!HCU_array_key_value('state',$MIR)) {
                unset($MIR['state']);
            }
            if (!HCU_array_key_value('zip',$MIR)) {
                unset($MIR['zip']);
            }
            if (!HCU_array_key_value('accountnumber',$MIR)) {
                unset($MIR['accountnumber']);
            }
            if (!HCU_array_key_value('dob',$MIR)) {
                unset($MIR['dob']);
            }
            if (!HCU_array_key_value('ssn',$MIR)) {
                unset($MIR['ssn']);
            }
        }

        $missing = array_diff_key($reqMIR, $MIR);
        if (sizeof($missing)) {
            throw new Exception("Invalid Member Info (" . join(", ", array_keys($missing)) . ")");
        }
        $return['status']['response'] = true;
        $return['status']['message'] = 'Success';
        $return['data'] = $MIR;
    } catch (Exception $e) {
        $return['status']['response'] = false;
        $return['status']['message'] = $e->getMessage();
        $return['data'] = array();
    }
    return $return;
}


/**
 * Get MIR data for member, or create minimal MIR w/account and email only
 * @param array $HB_ENV
 * @param string $accountToUse
 * @return array
 * @throws Exception
 */
function smo_getMIR($HB_ENV, $accountToUse, $useBeta=false) {
    try {
        //$mirFields = Array(
//    "accountnumber",
//    "firstname",
//    "middlename",
//    "lastname",
//    "email",
//    "homephone",
//    "workphone",
//    "cellphone",
//    "fax",
//    "ssn",
//    "address1",
//    "address2",
//    "city",
//    "state",
//    "zip",
//    "cc",
//    "dob",
//    "class"
//  );


        if ($HB_ENV['live']) {
            /*
             * just because they are live doesn't guarantee I can get a MIR
             * consider trusted detail parameter for 'UseMIR' ?
             */
            $MIR = GetMemberInfo($HB_ENV, array("member" => $accountToUse));
            $MIRcode = HCU_array_key_value('code', $MIR);
            if ( $MIRcode !== "000") {
                throw new Exception("Invalid MIR {$MIRcode}");
            }
        } else {
            $MIR = array('data' =>  array('accountnumber' => $accountToUse,
                            'email' => $HB_ENV['Ml'] ) );
        }
#============== begin test hack
        if ($useBeta) {
            # If we are in testing mode, override the MIR with some of the
            # test data from SavvyMoney.  Beta site only works with beta data.
            # note that keys to the array are member numbers from the list of
            # of testers. 261758,542728,815796,552537 are ISUCU testers
            # 666665 is localhost scrubcu
            # 177701, 958777 are localhost cruisecu
            # not sure 177701 will work right, as first attmept made before
            # override data  - may have trashed it on the far side. Or might
            # be a timing thing.

            $testData = array(
                '261758' => array('data' => [
                        'accountnumber' => "$accountToUse",
                        'email' => $HB_ENV['Ml'],
                        'firstname' => 'DONALD',
                        'lastname' => 'THOMAS',
                        'address1' => '9883 2131 TR N',
                        'city' => 'FOSS',
                        'state' => 'OK',
                        'zip' => '73647',
                        'ssn' => '666026470',
                        'dob' => '01/01/1982',
                        'expectedScore' => '665']),
                '542728' => array('data' => [
                        'accountnumber' => "$accountToUse",
                        'email' => $HB_ENV['Ml'],
                        'firstname' => 'LARRY',
                        'lastname' => 'RAVETZ',
                        'address1' => '7802 21ST AV',
                        'city' => 'FLUSHING',
                        'state' => 'NY',
                        'zip' => '11370',
                        'ssn' => '666111996',
                        'dob' => '01/01/1995',
                        'expectedScore' => '732']),
                '815796' => array('data' => [
                        'accountnumber' => "$accountToUse",
                        'email' => $HB_ENV['Ml'],
                        'firstname' => 'MARGARET',
                        'lastname' => 'DANESHMAND',
                        'address1' => '7536 21ST AV',
                        'city' => 'KENOSHA',
                        'state' => 'WI',
                        'zip' => '53143',
                        'ssn' => '666081975',
                        'dob' => '01/01/1977',
                        'expectedScore' => '776']),
                '552537' => array('data' => [
                        'accountnumber' => "$accountToUse",
                        'email' => $HB_ENV['Ml'],
                        'firstname' => 'JAMES',
                        'lastname' => 'FOLEY',
                        'address1' => '8840 21ST ST SW',
                        'city' => 'MIRAMAR',
                        'state' => 'FL',
                        'zip' => '33025',
                        'ssn' => '666706646',
                        'dob' => '01/01/1960',
                        'expectedScore' => '557']),
                '177701' => array('data' => [
                        'accountnumber' => "$accountToUse",
                        'email' => $HB_ENV['Ml'],
                        'firstname' => 'MARGARET',
                        'lastname' => 'DANESHMAND',
                        'address1' => '7536 21ST AV',
                        'city' => 'KENOSHA',
                        'state' => 'WI',
                        'zip' => '53143',
                        'ssn' => '666081975',
                        'dob' => '01/01/1977',
                        'expectedScore' => '776']),
                '958777' => array('data' => [
                        'accountnumber' => "$accountToUse",
                        'email' => $HB_ENV['Ml'],
                        'firstname' => 'JAMES',
                        'lastname' => 'FOLEY',
                        'address1' => '8840 21ST ST SW',
                        'city' => 'MIRAMAR',
                        'state' => 'FL',
                        'zip' => '33025',
                        'ssn' => '666706646',
                        'dob' => '01/01/1960',
                        'expectedScore' => '557']),
                '666665' => array('data' => [
                        'accountnumber' => "$accountToUse",
                        'email' => $HB_ENV['Ml'],
                        'firstname' => 'JAMES',
                        'lastname' => 'FOLEY',
                        'address1' => '8840 21ST ST SW',
                        'city' => 'MIRAMAR',
                        'state' => 'FL',
                        'zip' => '33025',
                        'ssn' => '666706646',
                        'dob' => '01/01/1960',
                        'expectedScore' => '557'])
            );
            if (HCU_array_key_exists($accountToUse, $testData)) {
                $MIR = $testData[$accountToUse];
            }
        }
#============== end test hack

        $Ml = HCU_array_key_value('email',$HB_ENV);
        # integration uses other values, but if missing user is prompted to
        # key them in
        $reqMIR = array(
            'accountnumber' => 1,
            'email' => 1
        );

        $parsedMIR = smo_populateMIR($MIR['data'], $Ml, $reqMIR, 'mdY', true);
        if (!$parsedMIR['status']['response']) {
            throw new Exception($parsedMIR['status']['message']);
        }

    } catch (Exception $e) {
        $parsedMIR = array('status' => array('response' => false,
            'message' =>  $e->getMessage() ), 'data' => array() );
    }
    return($parsedMIR);
}