AS1024
/
Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Refactoring of Google Authentication (new callback url)

This commit is contained in:
Frederic Guillot 2015-07-16 07:28:46 -04:00
parent 0bbc6da50a
commit 12036aa21f
9 changed files with 247 additions and 118 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
app/Auth/Google.php
View File

@ -3,11 +3,6 @@
namespace Auth;
use Event\AuthEvent;
use OAuth\Common\Storage\Session;
use OAuth\Common\Consumer\Credentials;
use OAuth\Common\Http\Uri\UriFactory;
use OAuth\ServiceFactory;
use OAuth\Common\Http\Exception\TokenResponseException;
/**
* Google backend
@ -24,6 +19,13 @@ class Google extends Base
*/
const AUTH_NAME = 'Google';
/**
* OAuth2 instance
*
* @var \Core\OAuth2
*/
private $service;
/**
* Authenticate a Google user
*
@ -78,63 +80,41 @@ class Google extends Base
}
/**
* Get the Google service instance
* Get OAuth2 configured service
*
* @access public
* @return \OAuth\OAuth2\Service\Google
* @return \Core\OAuth2
*/
public function getService()
{
$uriFactory = new UriFactory();
$currentUri = $uriFactory->createFromSuperGlobalArray($_SERVER);
$currentUri->setQuery('controller=user&action=google');
if (empty($this->service)) {
$this->service = $this->oauth->createService(
GOOGLE_CLIENT_ID,
GOOGLE_CLIENT_SECRET,
$this->helper->url->to('oauth', 'google', array(), '', true),
'https://accounts.google.com/o/oauth2/auth',
'https://accounts.google.com/o/oauth2/token',
array('https://www.googleapis.com/auth/userinfo.email', 'https://www.googleapis.com/auth/userinfo.profile')
);
}
$storage = new Session(false);
$credentials = new Credentials(
GOOGLE_CLIENT_ID,
GOOGLE_CLIENT_SECRET,
$currentUri->getAbsoluteUri()
);
$serviceFactory = new ServiceFactory();
return $serviceFactory->createService(
'google',
$credentials,
$storage,
array('userinfo_email', 'userinfo_profile')
);
return $this->service;
}
/**
* Get the authorization URL
* Get Google profile
*
* @access public
* @return \OAuth\Common\Http\Uri\Uri
* @param string $code
* @return array
*/
public function getAuthorizationUrl()
public function getProfile($code)
{
return $this->getService()->getAuthorizationUri();
}
$this->getService()->getAccessToken($code);
/**
* Get Google profile information from the API
*
* @access public
* @param string $code Google authorization code
* @return bool|array
*/
public function getGoogleProfile($code)
{
try {
$googleService = $this->getService();
$googleService->requestAccessToken($code);
return json_decode($googleService->request('https://www.googleapis.com/oauth2/v1/userinfo'), true);
}
catch (TokenResponseException $e) {
return false;
}
return $this->httpClient->getJson(
'https://www.googleapis.com/oauth2/v1/userinfo',
array($this->getService()->getAuthorizationHeader()
));
}
}

114
app/Controller/Oauth.php Normal file
View File

@ -0,0 +1,114 @@
<?php
namespace Controller;
/**
* OAuth controller
*
* @package controller
* @author Frederic Guillot
*/
class Oauth extends Base
{
/**
* Link or authenticate a Google account
*
* @access public
*/
public function google()
{
$this->step1('google');
}
/**
* Unlink external account
*
* @access public
*/
public function unlink($backend = '')
{
$backend = $this->request->getStringParam('backend', $backend);
$this->checkCSRFParam();
if ($this->authentication->backend($backend)->unlink($this->userSession->getId())) {
$this->session->flash(t('Your external account is not linked anymore to your profile.'));
}
else {
$this->session->flashError(t('Unable to unlink your external account.'));
}
$this->response->redirect($this->helper->url->to('user', 'external', array('user_id' => $this->userSession->getId())));
}
/**
* Redirect to the provider if no code received
*
* @access private
*/
private function step1($backend)
{
$code = $this->request->getStringParam('code');
if (! empty($code)) {
$this->step2($backend, $code);
}
else {
$this->response->redirect($this->authentication->backend($backend)->getService()->getAuthorizationUrl());
}
}
/**
* Link or authenticate the user
*
* @access private
*/
private function step2($backend, $code)
{
$profile = $this->authentication->backend($backend)->getProfile($code);
if ($this->userSession->isLogged()) {
$this->link($backend, $profile);
}
$this->authenticate($backend, $profile);
}
/**
* Link the account
*
* @access private
*/
private function link($backend, $profile)
{
if (empty($profile)) {
$this->session->flashError(t('External authentication failed'));
}
else {
$this->session->flash(t('Your external account is linked to your profile successfully.'));
$this->authentication->backend($backend)->updateUser($this->userSession->getId(), $profile);
}
$this->response->redirect($this->helper->url->to('user', 'external', array('user_id' => $this->userSession->getId())));
}
/**
* Authenticate the account
*
* @access private
*/
private function authenticate($backend, $profile)
{
if (! empty($profile) && $this->authentication->backend($backend)->authenticate($profile['id'])) {
$this->response->redirect($this->helper->url->to('app', 'index'));
}
else {
$this->response->html($this->template->layout('auth/index', array(
'errors' => array('login' => t('External authentication failed')),
'values' => array(),
'no_layout' => true,
'redirect_query' => '',
'title' => t('Login')
)));
}
}
}

63
app/Controller/User.php
View File

@ -361,69 +361,6 @@ class User extends Base
)));
}
/**
* Google authentication
*
* @access public
*/
public function google()
{
$code = $this->request->getStringParam('code');
if ($code) {
$profile = $this->authentication->backend('google')->getGoogleProfile($code);
if (is_array($profile)) {
// If the user is already logged, link the account otherwise authenticate
if ($this->userSession->isLogged()) {
if ($this->authentication->backend('google')->updateUser($this->userSession->getId(), $profile)) {
$this->session->flash(t('Your Google Account is linked to your profile successfully.'));
}
else {
$this->session->flashError(t('Unable to link your Google Account.'));
}
$this->response->redirect($this->helper->url->to('user', 'external', array('user_id' => $this->userSession->getId())));
}
else if ($this->authentication->backend('google')->authenticate($profile['id'])) {
$this->response->redirect($this->helper->url->to('app', 'index'));
}
else {
$this->response->html($this->template->layout('auth/index', array(
'errors' => array('login' => t('Google authentication failed')),
'values' => array(),
'no_layout' => true,
'redirect_query' => '',
'title' => t('Login')
)));
}
}
}
$this->response->redirect($this->authentication->backend('google')->getAuthorizationUrl());
}
/**
* Unlink a Google account
*
* @access public
*/
public function unlinkGoogle()
{
$this->checkCSRFParam();
if ($this->authentication->backend('google')->unlink($this->userSession->getId())) {
$this->session->flash(t('Your Google Account is not linked anymore to your profile.'));
}
else {
$this->session->flashError(t('Unable to unlink your Google Account.'));
}
$this->response->redirect($this->helper->url->to('user', 'external', array('user_id' => $this->userSession->getId())));
}
/**
* GitHub authentication
*

21
app/Core/HttpClient.php
View File

@ -31,6 +31,20 @@ class HttpClient extends Base
*/
const HTTP_USER_AGENT = 'Kanboard';
/**
* Send a GET HTTP request and parse JSON response
*
* @access public
* @param string $url
* @param string[] $headers
* @return array
*/
public function getJson($url, array $headers = array())
{
$response = $this->doRequest('GET', $url, '', array_merge(array('Accept: application/json'), $headers));
return json_decode($response, true) ?: array();
}
/**
* Send a POST HTTP request encoded in JSON
*
@ -43,6 +57,7 @@ class HttpClient extends Base
public function postJson($url, array $data, array $headers = array())
{
return $this->doRequest(
'POST',
$url,
json_encode($data),
array_merge(array('Content-type: application/json'), $headers)
@ -61,6 +76,7 @@ class HttpClient extends Base
public function postForm($url, array $data, array $headers = array())
{
return $this->doRequest(
'POST',
$url,
http_build_query($data),
array_merge(array('Content-type: application/x-www-form-urlencoded'), $headers)
@ -71,12 +87,13 @@ class HttpClient extends Base
* Make the HTTP request
*
* @access private
* @param string $method
* @param string $url
* @param string $content
* @param string[] $headers
* @return string
*/
private function doRequest($url, $content, array $headers)
private function doRequest($method, $url, $content, array $headers)
{
if (empty($url)) {
return '';
@ -86,7 +103,7 @@ class HttpClient extends Base
$context = stream_context_create(array(
'http' => array(
'method' => 'POST',
'method' => $method,
'protocol_version' => 1.1,
'timeout' => self::HTTP_TIMEOUT,
'max_redirects' => self::HTTP_MAX_REDIRECTS,

75
app/Core/OAuth2.php Normal file
View File

@ -0,0 +1,75 @@
<?php
namespace Core;
/**
* OAuth2 client
*
* @package core
* @author Frederic Guillot
*/
class OAuth2 extends Base
{
private $clientId;
private $secret;
private $callbackUrl;
private $authUrl;
private $tokenUrl;
private $scopes;
private $tokenType;
private $accessToken;
public function createService($clientId, $secret, $callbackUrl, $authUrl, $tokenUrl, array $scopes)
{
$this->clientId = $clientId;
$this->secret = $secret;
$this->callbackUrl = $callbackUrl;
$this->authUrl = $authUrl;
$this->tokenUrl = $tokenUrl;
$this->scopes = $scopes;
return $this;
}
public function getAuthorizationUrl()
{
$params = array(
'response_type' => 'code',
'client_id' => $this->clientId,
'redirect_uri' => $this->callbackUrl,
'scope' => implode(' ', $this->scopes),
);
return $this->authUrl.'?'.http_build_query($params);
}
public function getAuthorizationHeader()
{
if ($this->tokenType === 'Bearer') {
return 'Authorization: Bearer '.$this->accessToken;
}
return '';
}
public function getAccessToken($code)
{
if (empty($this->accessToken) && ! empty($code)) {
$params = array(
'code' => $code,
'client_id' => $this->clientId,
'client_secret' => $this->secret,
'redirect_uri' => $this->callbackUrl,
'grant_type' => 'authorization_code',
);
$response = json_decode($this->httpClient->postForm($this->tokenUrl, $params), true);
$this->tokenType = isset($response['token_type']) ? $response['token_type'] : '';
$this->accessToken = isset($response['access_token']) ? $response['access_token'] : '';
}
return $this->accessToken;
}
}

3
app/Model/Acl.php
View File

@ -18,12 +18,13 @@ class Acl extends Base
*/
private $public_acl = array(
'auth' => array('login', 'check'),
'user' => array('google', 'github'),
'user' => array('github'),
'task' => array('readonly'),
'board' => array('readonly'),
'webhook' => '*',
'ical' => '*',
'feed' => '*',
'oauth' => array('google'),
);
/**

5
app/ServiceProvider/ClassProvider.php
View File

@ -3,6 +3,7 @@
namespace ServiceProvider;
use Core\Paginator;
use Core\OAuth2;
use Model\Config;
use Model\Project;
use Model\Webhook;
@ -107,5 +108,9 @@ class ClassProvider implements ServiceProviderInterface
$container['paginator'] = $container->factory(function ($c) {
return new Paginator($c);
});
$container['oauth'] = $container->factory(function ($c) {
return new OAuth2($c);
});
}
}

2
app/Template/auth/index.php
View File

@ -17,7 +17,7 @@
<?= $this->form->checkbox('remember_me', t('Remember Me'), 1, true) ?><br/>
<?php if (GOOGLE_AUTH): ?>
<?= $this->url->link(t('Login with my Google Account'), 'user', 'google') ?>
<?= $this->url->link(t('Login with my Google Account'), 'oauth', 'google') ?>
<?php endif ?>
<?php if (GITHUB_AUTH): ?>

4
app/Template/user/external.php
View File

@ -8,9 +8,9 @@
<p class="listing">
<?php if ($this->user->isCurrentUser($user['id'])): ?>
<?php if (empty($user['google_id'])): ?>
<?= $this->url->link(t('Link my Google Account'), 'user', 'google', array(), true) ?>
<?= $this->url->link(t('Link my Google Account'), 'oauth', 'google', array(), true) ?>
<?php else: ?>
<?= $this->url->link(t('Unlink my Google Account'), 'user', 'unlinkGoogle', array(), true) ?>
<?= $this->url->link(t('Unlink my Google Account'), 'oauth', 'unlink', array('backend' => 'google'), true) ?>
<?php endif ?>
<?php else: ?>
<?= empty($user['google_id']) ? t('No account linked.') : t('Account linked.') ?>