summaryrefslogtreecommitdiff
path: root/app/Controller/OAuthController.php
diff options
context:
space:
mode:
Diffstat (limited to 'app/Controller/OAuthController.php')
-rw-r--r--app/Controller/OAuthController.php130
1 files changed, 130 insertions, 0 deletions
diff --git a/app/Controller/OAuthController.php b/app/Controller/OAuthController.php
new file mode 100644
index 00000000..7663ddcc
--- /dev/null
+++ b/app/Controller/OAuthController.php
@@ -0,0 +1,130 @@
+<?php
+
+namespace Kanboard\Controller;
+
+use Kanboard\Core\Security\OAuthAuthenticationProviderInterface;
+
+/**
+ * OAuth Controller
+ *
+ * @package Kanboard\Controller
+ * @author Frederic Guillot
+ */
+class OAuthController extends BaseController
+{
+ /**
+ * Redirect to the provider if no code received
+ *
+ * @access private
+ * @param string $provider
+ */
+ protected function step1($provider)
+ {
+ $code = $this->request->getStringParam('code');
+ $state = $this->request->getStringParam('state');
+
+ if (! empty($code)) {
+ $this->step2($provider, $code, $state);
+ } else {
+ $this->response->redirect($this->authenticationManager->getProvider($provider)->getService()->getAuthorizationUrl());
+ }
+ }
+
+ /**
+ * Link or authenticate the user
+ *
+ * @access protected
+ * @param string $providerName
+ * @param string $code
+ * @param string $state
+ */
+ protected function step2($providerName, $code, $state)
+ {
+ $provider = $this->authenticationManager->getProvider($providerName);
+ $provider->setCode($code);
+ $hasValidState = $provider->getService()->isValidateState($state);
+
+ if ($this->userSession->isLogged()) {
+ if ($hasValidState) {
+ $this->link($provider);
+ } else {
+ $this->flash->failure(t('The OAuth2 state parameter is invalid'));
+ $this->response->redirect($this->helper->url->to('UserViewController', 'external', array('user_id' => $this->userSession->getId())));
+ }
+ } else {
+ if ($hasValidState) {
+ $this->authenticate($providerName);
+ } else {
+ $this->authenticationFailure(t('The OAuth2 state parameter is invalid'));
+ }
+ }
+ }
+
+ /**
+ * Link the account
+ *
+ * @access protected
+ * @param OAuthAuthenticationProviderInterface $provider
+ */
+ protected function link(OAuthAuthenticationProviderInterface $provider)
+ {
+ if (! $provider->authenticate()) {
+ $this->flash->failure(t('External authentication failed'));
+ } else {
+ $this->userProfile->assign($this->userSession->getId(), $provider->getUser());
+ $this->flash->success(t('Your external account is linked to your profile successfully.'));
+ }
+
+ $this->response->redirect($this->helper->url->to('UserViewController', 'external', array('user_id' => $this->userSession->getId())));
+ }
+
+ /**
+ * Unlink external account
+ *
+ * @access public
+ */
+ public function unlink()
+ {
+ $backend = $this->request->getStringParam('backend');
+ $this->checkCSRFParam();
+
+ if ($this->authenticationManager->getProvider($backend)->unlink($this->userSession->getId())) {
+ $this->flash->success(t('Your external account is not linked anymore to your profile.'));
+ } else {
+ $this->flash->failure(t('Unable to unlink your external account.'));
+ }
+
+ $this->response->redirect($this->helper->url->to('UserViewController', 'external', array('user_id' => $this->userSession->getId())));
+ }
+
+ /**
+ * Authenticate the account
+ *
+ * @access protected
+ * @param string $providerName
+ */
+ protected function authenticate($providerName)
+ {
+ if ($this->authenticationManager->oauthAuthentication($providerName)) {
+ $this->response->redirect($this->helper->url->to('DashboardController', 'show'));
+ } else {
+ $this->authenticationFailure(t('External authentication failed'));
+ }
+ }
+
+ /**
+ * Show login failure page
+ *
+ * @access protected
+ * @param string $message
+ */
+ protected function authenticationFailure($message)
+ {
+ $this->response->html($this->helper->layout->app('auth/index', array(
+ 'errors' => array('login' => $message),
+ 'values' => array(),
+ 'no_layout' => true,
+ 'title' => t('Login')
+ )));
+ }
+}