diff options
Diffstat (limited to 'app/Controller/OAuthController.php')
| -rw-r--r-- | app/Controller/OAuthController.php | 130 |
1 files changed, 130 insertions, 0 deletions
diff --git a/app/Controller/OAuthController.php b/app/Controller/OAuthController.php new file mode 100644 index 00000000..7663ddcc --- /dev/null +++ b/app/Controller/OAuthController.php @@ -0,0 +1,130 @@ +<?php + +namespace Kanboard\Controller; + +use Kanboard\Core\Security\OAuthAuthenticationProviderInterface; + +/** + * OAuth Controller + * + * @package Kanboard\Controller + * @author Frederic Guillot + */ +class OAuthController extends BaseController +{ + /** + * Redirect to the provider if no code received + * + * @access private + * @param string $provider + */ + protected function step1($provider) + { + $code = $this->request->getStringParam('code'); + $state = $this->request->getStringParam('state'); + + if (! empty($code)) { + $this->step2($provider, $code, $state); + } else { + $this->response->redirect($this->authenticationManager->getProvider($provider)->getService()->getAuthorizationUrl()); + } + } + + /** + * Link or authenticate the user + * + * @access protected + * @param string $providerName + * @param string $code + * @param string $state + */ + protected function step2($providerName, $code, $state) + { + $provider = $this->authenticationManager->getProvider($providerName); + $provider->setCode($code); + $hasValidState = $provider->getService()->isValidateState($state); + + if ($this->userSession->isLogged()) { + if ($hasValidState) { + $this->link($provider); + } else { + $this->flash->failure(t('The OAuth2 state parameter is invalid')); + $this->response->redirect($this->helper->url->to('UserViewController', 'external', array('user_id' => $this->userSession->getId()))); + } + } else { + if ($hasValidState) { + $this->authenticate($providerName); + } else { + $this->authenticationFailure(t('The OAuth2 state parameter is invalid')); + } + } + } + + /** + * Link the account + * + * @access protected + * @param OAuthAuthenticationProviderInterface $provider + */ + protected function link(OAuthAuthenticationProviderInterface $provider) + { + if (! $provider->authenticate()) { + $this->flash->failure(t('External authentication failed')); + } else { + $this->userProfile->assign($this->userSession->getId(), $provider->getUser()); + $this->flash->success(t('Your external account is linked to your profile successfully.')); + } + + $this->response->redirect($this->helper->url->to('UserViewController', 'external', array('user_id' => $this->userSession->getId()))); + } + + /** + * Unlink external account + * + * @access public + */ + public function unlink() + { + $backend = $this->request->getStringParam('backend'); + $this->checkCSRFParam(); + + if ($this->authenticationManager->getProvider($backend)->unlink($this->userSession->getId())) { + $this->flash->success(t('Your external account is not linked anymore to your profile.')); + } else { + $this->flash->failure(t('Unable to unlink your external account.')); + } + + $this->response->redirect($this->helper->url->to('UserViewController', 'external', array('user_id' => $this->userSession->getId()))); + } + + /** + * Authenticate the account + * + * @access protected + * @param string $providerName + */ + protected function authenticate($providerName) + { + if ($this->authenticationManager->oauthAuthentication($providerName)) { + $this->response->redirect($this->helper->url->to('DashboardController', 'show')); + } else { + $this->authenticationFailure(t('External authentication failed')); + } + } + + /** + * Show login failure page + * + * @access protected + * @param string $message + */ + protected function authenticationFailure($message) + { + $this->response->html($this->helper->layout->app('auth/index', array( + 'errors' => array('login' => $message), + 'values' => array(), + 'no_layout' => true, + 'title' => t('Login') + ))); + } +} |