From ede1f1d9b0c06a05845f4125d59c97c29b6d9842 Mon Sep 17 00:00:00 2001 From: Frederic Guillot Date: Thu, 16 Jul 2015 20:35:56 -0400 Subject: Refactoring of Github authentication (oauth url change) --- app/Auth/GitHub.php | 163 ---------------------------------------------------- app/Auth/Github.php | 122 +++++++++++++++++++++++++++++++++++++++ app/Auth/Google.php | 11 ++-- 3 files changed, 129 insertions(+), 167 deletions(-) delete mode 100644 app/Auth/GitHub.php create mode 100644 app/Auth/Github.php (limited to 'app/Auth') diff --git a/app/Auth/GitHub.php b/app/Auth/GitHub.php deleted file mode 100644 index 816cc9c1..00000000 --- a/app/Auth/GitHub.php +++ /dev/null @@ -1,163 +0,0 @@ -user->getByGitHubId($github_id); - - if (! empty($user)) { - $this->userSession->refresh($user); - $this->container['dispatcher']->dispatch('auth.success', new AuthEvent(self::AUTH_NAME, $user['id'])); - return true; - } - - return false; - } - - /** - * Unlink a GitHub account for a given user - * - * @access public - * @param integer $user_id User id - * @return boolean - */ - public function unlink($user_id) - { - return $this->user->update(array( - 'id' => $user_id, - 'github_id' => '', - )); - } - - /** - * Update the user table based on the GitHub profile information - * - * @access public - * @param integer $user_id User id - * @param array $profile GitHub profile - * @return boolean - * @todo Don't overwrite existing email/name with empty GitHub data - */ - public function updateUser($user_id, array $profile) - { - return $this->user->update(array( - 'id' => $user_id, - 'github_id' => $profile['id'], - 'email' => $profile['email'], - 'name' => $profile['name'], - )); - } - - /** - * Get the GitHub service instance - * - * @access public - * @return \OAuth\OAuth2\Service\GitHub - */ - public function getService() - { - $uriFactory = new UriFactory(); - $currentUri = $uriFactory->createFromSuperGlobalArray($_SERVER); - $currentUri->setQuery('controller=user&action=gitHub'); - - $storage = new Session(false); - - $credentials = new Credentials( - GITHUB_CLIENT_ID, - GITHUB_CLIENT_SECRET, - $currentUri->getAbsoluteUri() - ); - - $serviceFactory = new ServiceFactory(); - - return $serviceFactory->createService( - 'gitHub', - $credentials, - $storage, - array('') - ); - } - - /** - * Get the authorization URL - * - * @access public - * @return \OAuth\Common\Http\Uri\Uri - */ - public function getAuthorizationUrl() - { - return $this->getService()->getAuthorizationUri(); - } - - /** - * Get GitHub profile information from the API - * - * @access public - * @param string $code GitHub authorization code - * @return bool|array - */ - public function getGitHubProfile($code) - { - try { - $gitHubService = $this->getService(); - $gitHubService->requestAccessToken($code); - - return json_decode($gitHubService->request('user'), true); - } - catch (TokenResponseException $e) { - return false; - } - } - - /** - * Revokes this user's GitHub tokens for Kanboard - * - * @access public - * @return bool|array - * @todo Currently this simply removes all our tokens for this user, ideally it should - * restrict itself to the one in question - */ - public function revokeGitHubAccess() - { - try { - $gitHubService = $this->getService(); - - $basicAuthHeader = array('Authorization' => 'Basic ' . - base64_encode(GITHUB_CLIENT_ID.':'.GITHUB_CLIENT_SECRET)); - - return json_decode($gitHubService->request('/applications/'.GITHUB_CLIENT_ID.'/tokens', 'DELETE', null, $basicAuthHeader), true); - } - catch (TokenResponseException $e) { - return false; - } - } -} diff --git a/app/Auth/Github.php b/app/Auth/Github.php new file mode 100644 index 00000000..44bcc6c8 --- /dev/null +++ b/app/Auth/Github.php @@ -0,0 +1,122 @@ +user->getByGithubId($github_id); + + if (! empty($user)) { + $this->userSession->refresh($user); + $this->container['dispatcher']->dispatch('auth.success', new AuthEvent(self::AUTH_NAME, $user['id'])); + return true; + } + + return false; + } + + /** + * Unlink a Github account for a given user + * + * @access public + * @param integer $user_id User id + * @return boolean + */ + public function unlink($user_id) + { + return $this->user->update(array( + 'id' => $user_id, + 'github_id' => '', + )); + } + + /** + * Update the user table based on the Github profile information + * + * @access public + * @param integer $user_id User id + * @param array $profile Github profile + * @return boolean + */ + public function updateUser($user_id, array $profile) + { + $user = $this->user->getById($user_id); + + return $this->user->update(array( + 'id' => $user_id, + 'github_id' => $profile['id'], + 'email' => $profile['email'] ?: $user['email'], + 'name' => $profile['name'] ?: $user['name'], + )); + } + + /** + * Get OAuth2 configured service + * + * @access public + * @return \Core\OAuth2 + */ + public function getService() + { + if (empty($this->service)) { + $this->service = $this->oauth->createService( + GITHUB_CLIENT_ID, + GITHUB_CLIENT_SECRET, + $this->helper->url->to('oauth', 'github', array(), '', true), + 'https://github.com/login/oauth/authorize', + 'https://github.com/login/oauth/access_token', + array() + ); + } + + return $this->service; + } + + /** + * Get Github profile + * + * @access public + * @param string $code + * @return array + */ + public function getProfile($code) + { + $this->getService()->getAccessToken($code); + + return $this->httpClient->getJson( + 'https://api.github.com/user', + array($this->getService()->getAuthorizationHeader()) + ); + } +} diff --git a/app/Auth/Google.php b/app/Auth/Google.php index dd8f3834..972dd748 100644 --- a/app/Auth/Google.php +++ b/app/Auth/Google.php @@ -22,6 +22,7 @@ class Google extends Base /** * OAuth2 instance * + * @access private * @var \Core\OAuth2 */ private $service; @@ -71,11 +72,13 @@ class Google extends Base */ public function updateUser($user_id, array $profile) { + $user = $this->user->getById($user_id); + return $this->user->update(array( 'id' => $user_id, 'google_id' => $profile['id'], - 'email' => $profile['email'], - 'name' => $profile['name'], + 'email' => $profile['email'] ?: $user['email'], + 'name' => $profile['name'] ?: $user['name'], )); } @@ -114,7 +117,7 @@ class Google extends Base return $this->httpClient->getJson( 'https://www.googleapis.com/oauth2/v1/userinfo', - array($this->getService()->getAuthorizationHeader() - )); + array($this->getService()->getAuthorizationHeader()) + ); } } -- cgit v1.2.3