summaryrefslogtreecommitdiff
path: root/app/Auth/GitHub.php
blob: 0910367aebd4dde1f103ed5888cdf44dffbc6085 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
<?php

namespace Auth;

require __DIR__.'/../../vendor/OAuth/bootstrap.php';

use OAuth\Common\Storage\Session;
use OAuth\Common\Consumer\Credentials;
use OAuth\Common\Http\Uri\UriFactory;
use OAuth\ServiceFactory;
use OAuth\Common\Http\Exception\TokenResponseException;

/**
 * GitHub backend
 *
 * @package auth
 */
class GitHub extends Base
{
    /**
     * Backend name
     *
     * @var string
     */
    const AUTH_NAME = 'Github';

    /**
     * Authenticate a GitHub user
     *
     * @access public
     * @param  string  $github_id   GitHub user id
     * @return boolean
     */
    public function authenticate($github_id)
    {
        $user = $this->user->getByGitHubId($github_id);

        if ($user) {

            // Create the user session
            $this->user->updateSession($user);

            // Update login history
            $this->lastLogin->create(
                self::AUTH_NAME,
                $user['id'],
                $this->user->getIpAddress(),
                $this->user->getUserAgent()
            );

            return true;
        }

        return false;
    }

    /**
     * Unlink a GitHub account for a given user
     *
     * @access public
     * @param  integer   $user_id    User id
     * @return boolean
     */
    public function unlink($user_id)
    {
        return $this->user->update(array(
            'id' => $user_id,
            'github_id' => '',
        ));
    }

    /**
     * Update the user table based on the GitHub profile information
     *
     * @access public
     * @param  integer   $user_id    User id
     * @param  array     $profile    GitHub profile
     * @return boolean
     * @todo Don't overwrite existing email/name with empty GitHub data
     */
    public function updateUser($user_id, array $profile)
    {
        return $this->user->update(array(
            'id' => $user_id,
            'github_id' => $profile['id'],
            'email' => $profile['email'],
            'name' => $profile['name'],
        ));
    }

    /**
     * Get the GitHub service instance
     *
     * @access public
     * @return \OAuth\OAuth2\Service\GitHub
     */
    public function getService()
    {
        $uriFactory = new UriFactory();
        $currentUri = $uriFactory->createFromSuperGlobalArray($_SERVER);
        $currentUri->setQuery('controller=user&action=gitHub');

        $storage = new Session(false);

        $credentials = new Credentials(
            GITHUB_CLIENT_ID,
            GITHUB_CLIENT_SECRET,
            $currentUri->getAbsoluteUri()
        );

        $serviceFactory = new ServiceFactory();

        return $serviceFactory->createService(
            'gitHub',
            $credentials,
            $storage,
            array('')
        );
    }

    /**
     * Get the authorization URL
     *
     * @access public
     * @return \OAuth\Common\Http\Uri\Uri
     */
    public function getAuthorizationUrl()
    {
        return $this->getService()->getAuthorizationUri();
    }

    /**
     * Get GitHub profile information from the API
     *
     * @access public
     * @param  string    $code   GitHub authorization code
     * @return bool|array
     */
    public function getGitHubProfile($code)
    {
        try {
            $gitHubService = $this->getService();
            $gitHubService->requestAccessToken($code);

            return json_decode($gitHubService->request('user'), true);
        }
        catch (TokenResponseException $e) {
            return false;
        }
    }

    /**
     * Revokes this user's GitHub tokens for Kanboard
     *
     * @access public
     * @return bool|array
     * @todo Currently this simply removes all our tokens for this user, ideally it should
     *       restrict itself to the one in question
     */
    public function revokeGitHubAccess()
    {
        try {
            $gitHubService = $this->getService();

            $basicAuthHeader = array('Authorization' => 'Basic ' .
            base64_encode(GITHUB_CLIENT_ID.':'.GITHUB_CLIENT_SECRET));

            return json_decode($gitHubService->request('/applications/'.GITHUB_CLIENT_ID.'/tokens', 'DELETE', null, $basicAuthHeader), true);
        }
        catch (TokenResponseException $e) {
            return false;
        }
    }
}