summaryrefslogtreecommitdiff
path: root/app/Auth
diff options
context:
space:
mode:
Diffstat (limited to 'app/Auth')
-rw-r--r--app/Auth/GitHub.php163
-rw-r--r--app/Auth/Github.php122
-rw-r--r--app/Auth/Google.php85
-rw-r--r--app/Auth/Ldap.php2
-rw-r--r--app/Auth/RememberMe.php4
5 files changed, 159 insertions, 217 deletions
diff --git a/app/Auth/GitHub.php b/app/Auth/GitHub.php
deleted file mode 100644
index 816cc9c1..00000000
--- a/app/Auth/GitHub.php
+++ /dev/null
@@ -1,163 +0,0 @@
-<?php
-
-namespace Auth;
-
-use Event\AuthEvent;
-use OAuth\Common\Storage\Session;
-use OAuth\Common\Consumer\Credentials;
-use OAuth\Common\Http\Uri\UriFactory;
-use OAuth\ServiceFactory;
-use OAuth\Common\Http\Exception\TokenResponseException;
-
-/**
- * GitHub backend
- *
- * @package auth
- */
-class GitHub extends Base
-{
- /**
- * Backend name
- *
- * @var string
- */
- const AUTH_NAME = 'Github';
-
- /**
- * Authenticate a GitHub user
- *
- * @access public
- * @param string $github_id GitHub user id
- * @return boolean
- */
- public function authenticate($github_id)
- {
- $user = $this->user->getByGitHubId($github_id);
-
- if (! empty($user)) {
- $this->userSession->refresh($user);
- $this->container['dispatcher']->dispatch('auth.success', new AuthEvent(self::AUTH_NAME, $user['id']));
- return true;
- }
-
- return false;
- }
-
- /**
- * Unlink a GitHub account for a given user
- *
- * @access public
- * @param integer $user_id User id
- * @return boolean
- */
- public function unlink($user_id)
- {
- return $this->user->update(array(
- 'id' => $user_id,
- 'github_id' => '',
- ));
- }
-
- /**
- * Update the user table based on the GitHub profile information
- *
- * @access public
- * @param integer $user_id User id
- * @param array $profile GitHub profile
- * @return boolean
- * @todo Don't overwrite existing email/name with empty GitHub data
- */
- public function updateUser($user_id, array $profile)
- {
- return $this->user->update(array(
- 'id' => $user_id,
- 'github_id' => $profile['id'],
- 'email' => $profile['email'],
- 'name' => $profile['name'],
- ));
- }
-
- /**
- * Get the GitHub service instance
- *
- * @access public
- * @return \OAuth\OAuth2\Service\GitHub
- */
- public function getService()
- {
- $uriFactory = new UriFactory();
- $currentUri = $uriFactory->createFromSuperGlobalArray($_SERVER);
- $currentUri->setQuery('controller=user&action=gitHub');
-
- $storage = new Session(false);
-
- $credentials = new Credentials(
- GITHUB_CLIENT_ID,
- GITHUB_CLIENT_SECRET,
- $currentUri->getAbsoluteUri()
- );
-
- $serviceFactory = new ServiceFactory();
-
- return $serviceFactory->createService(
- 'gitHub',
- $credentials,
- $storage,
- array('')
- );
- }
-
- /**
- * Get the authorization URL
- *
- * @access public
- * @return \OAuth\Common\Http\Uri\Uri
- */
- public function getAuthorizationUrl()
- {
- return $this->getService()->getAuthorizationUri();
- }
-
- /**
- * Get GitHub profile information from the API
- *
- * @access public
- * @param string $code GitHub authorization code
- * @return bool|array
- */
- public function getGitHubProfile($code)
- {
- try {
- $gitHubService = $this->getService();
- $gitHubService->requestAccessToken($code);
-
- return json_decode($gitHubService->request('user'), true);
- }
- catch (TokenResponseException $e) {
- return false;
- }
- }
-
- /**
- * Revokes this user's GitHub tokens for Kanboard
- *
- * @access public
- * @return bool|array
- * @todo Currently this simply removes all our tokens for this user, ideally it should
- * restrict itself to the one in question
- */
- public function revokeGitHubAccess()
- {
- try {
- $gitHubService = $this->getService();
-
- $basicAuthHeader = array('Authorization' => 'Basic ' .
- base64_encode(GITHUB_CLIENT_ID.':'.GITHUB_CLIENT_SECRET));
-
- return json_decode($gitHubService->request('/applications/'.GITHUB_CLIENT_ID.'/tokens', 'DELETE', null, $basicAuthHeader), true);
- }
- catch (TokenResponseException $e) {
- return false;
- }
- }
-}
diff --git a/app/Auth/Github.php b/app/Auth/Github.php
new file mode 100644
index 00000000..44bcc6c8
--- /dev/null
+++ b/app/Auth/Github.php
@@ -0,0 +1,122 @@
+<?php
+
+namespace Auth;
+
+use Event\AuthEvent;
+
+/**
+ * Github backend
+ *
+ * @package auth
+ */
+class Github extends Base
+{
+ /**
+ * Backend name
+ *
+ * @var string
+ */
+ const AUTH_NAME = 'Github';
+
+ /**
+ * OAuth2 instance
+ *
+ * @access private
+ * @var \Core\OAuth2
+ */
+ private $service;
+
+ /**
+ * Authenticate a Github user
+ *
+ * @access public
+ * @param string $github_id Github user id
+ * @return boolean
+ */
+ public function authenticate($github_id)
+ {
+ $user = $this->user->getByGithubId($github_id);
+
+ if (! empty($user)) {
+ $this->userSession->refresh($user);
+ $this->container['dispatcher']->dispatch('auth.success', new AuthEvent(self::AUTH_NAME, $user['id']));
+ return true;
+ }
+
+ return false;
+ }
+
+ /**
+ * Unlink a Github account for a given user
+ *
+ * @access public
+ * @param integer $user_id User id
+ * @return boolean
+ */
+ public function unlink($user_id)
+ {
+ return $this->user->update(array(
+ 'id' => $user_id,
+ 'github_id' => '',
+ ));
+ }
+
+ /**
+ * Update the user table based on the Github profile information
+ *
+ * @access public
+ * @param integer $user_id User id
+ * @param array $profile Github profile
+ * @return boolean
+ */
+ public function updateUser($user_id, array $profile)
+ {
+ $user = $this->user->getById($user_id);
+
+ return $this->user->update(array(
+ 'id' => $user_id,
+ 'github_id' => $profile['id'],
+ 'email' => $profile['email'] ?: $user['email'],
+ 'name' => $profile['name'] ?: $user['name'],
+ ));
+ }
+
+ /**
+ * Get OAuth2 configured service
+ *
+ * @access public
+ * @return \Core\OAuth2
+ */
+ public function getService()
+ {
+ if (empty($this->service)) {
+ $this->service = $this->oauth->createService(
+ GITHUB_CLIENT_ID,
+ GITHUB_CLIENT_SECRET,
+ $this->helper->url->to('oauth', 'github', array(), '', true),
+ 'https://github.com/login/oauth/authorize',
+ 'https://github.com/login/oauth/access_token',
+ array()
+ );
+ }
+
+ return $this->service;
+ }
+
+ /**
+ * Get Github profile
+ *
+ * @access public
+ * @param string $code
+ * @return array
+ */
+ public function getProfile($code)
+ {
+ $this->getService()->getAccessToken($code);
+
+ return $this->httpClient->getJson(
+ 'https://api.github.com/user',
+ array($this->getService()->getAuthorizationHeader())
+ );
+ }
+}
diff --git a/app/Auth/Google.php b/app/Auth/Google.php
index 9a977037..972dd748 100644
--- a/app/Auth/Google.php
+++ b/app/Auth/Google.php
@@ -3,11 +3,6 @@
namespace Auth;
use Event\AuthEvent;
-use OAuth\Common\Storage\Session;
-use OAuth\Common\Consumer\Credentials;
-use OAuth\Common\Http\Uri\UriFactory;
-use OAuth\ServiceFactory;
-use OAuth\Common\Http\Exception\TokenResponseException;
/**
* Google backend
@@ -25,6 +20,14 @@ class Google extends Base
const AUTH_NAME = 'Google';
/**
+ * OAuth2 instance
+ *
+ * @access private
+ * @var \Core\OAuth2
+ */
+ private $service;
+
+ /**
* Authenticate a Google user
*
* @access public
@@ -69,72 +72,52 @@ class Google extends Base
*/
public function updateUser($user_id, array $profile)
{
+ $user = $this->user->getById($user_id);
+
return $this->user->update(array(
'id' => $user_id,
'google_id' => $profile['id'],
- 'email' => $profile['email'],
- 'name' => $profile['name'],
+ 'email' => $profile['email'] ?: $user['email'],
+ 'name' => $profile['name'] ?: $user['name'],
));
}
/**
- * Get the Google service instance
+ * Get OAuth2 configured service
*
* @access public
- * @return \OAuth\OAuth2\Service\Google
+ * @return \Core\OAuth2
*/
public function getService()
{
- $uriFactory = new UriFactory();
- $currentUri = $uriFactory->createFromSuperGlobalArray($_SERVER);
- $currentUri->setQuery('controller=user&action=google');
-
- $storage = new Session(false);
-
- $credentials = new Credentials(
- GOOGLE_CLIENT_ID,
- GOOGLE_CLIENT_SECRET,
- $currentUri->getAbsoluteUri()
- );
-
- $serviceFactory = new ServiceFactory();
-
- return $serviceFactory->createService(
- 'google',
- $credentials,
- $storage,
- array('userinfo_email', 'userinfo_profile')
- );
- }
+ if (empty($this->service)) {
+ $this->service = $this->oauth->createService(
+ GOOGLE_CLIENT_ID,
+ GOOGLE_CLIENT_SECRET,
+ $this->helper->url->to('oauth', 'google', array(), '', true),
+ 'https://accounts.google.com/o/oauth2/auth',
+ 'https://accounts.google.com/o/oauth2/token',
+ array('https://www.googleapis.com/auth/userinfo.email', 'https://www.googleapis.com/auth/userinfo.profile')
+ );
+ }
- /**
- * Get the authorization URL
- *
- * @access public
- * @return \OAuth\Common\Http\Uri\Uri
- */
- public function getAuthorizationUrl()
- {
- return $this->getService()->getAuthorizationUri();
+ return $this->service;
}
/**
- * Get Google profile information from the API
+ * Get Google profile
*
* @access public
- * @param string $code Google authorization code
- * @return bool|array
+ * @param string $code
+ * @return array
*/
- public function getGoogleProfile($code)
+ public function getProfile($code)
{
- try {
+ $this->getService()->getAccessToken($code);
- $googleService = $this->getService();
- $googleService->requestAccessToken($code);
- return json_decode($googleService->request('https://www.googleapis.com/oauth2/v1/userinfo'), true);
- }
- catch (TokenResponseException $e) {
- return false;
- }
+ return $this->httpClient->getJson(
+ 'https://www.googleapis.com/oauth2/v1/userinfo',
+ array($this->getService()->getAuthorizationHeader())
+ );
}
}
diff --git a/app/Auth/Ldap.php b/app/Auth/Ldap.php
index 3ee6ec9b..c1459b4e 100644
--- a/app/Auth/Ldap.php
+++ b/app/Auth/Ldap.php
@@ -46,7 +46,7 @@ class Ldap extends Base
else {
// We create automatically a new user
- if ($this->createUser($username, $result['name'], $result['email'])) {
+ if (LDAP_ACCOUNT_CREATION && $this->createUser($username, $result['name'], $result['email'])) {
$user = $this->user->getByUsername($username);
}
else {
diff --git a/app/Auth/RememberMe.php b/app/Auth/RememberMe.php
index eebf4f4b..54e60422 100644
--- a/app/Auth/RememberMe.php
+++ b/app/Auth/RememberMe.php
@@ -282,7 +282,7 @@ class RememberMe extends Base
self::COOKIE_NAME,
$this->encodeCookie($token, $sequence),
$expiration,
- BASE_URL_DIRECTORY,
+ $this->helper->url->dir(),
null,
Request::isHTTPS(),
true
@@ -315,7 +315,7 @@ class RememberMe extends Base
self::COOKIE_NAME,
'',
time() - 3600,
- BASE_URL_DIRECTORY,
+ $this->helper->url->dir(),
null,
Request::isHTTPS(),
true
generated by cgit v1.2.3 (git 2.46.0) at 2024-11-30 23:16:55 +0000