/** * This verify try to check that an email match with a valid token * @param $email * @param $token * @return bool */ public function verify($email, $token) { $provider = new \League\OAuth2\Client\Provider\Google(['clientId' => env('GOOGLE_OAUTH_CLIENT_ID'), 'clientSecret' => env('GOOGLE_OAUTH_CLIENT_SECRET'), 'redirectUri' => env('GOOGLE_OAUTH_REDIRECT_URI'), 'hostedDomain' => env('GOOGLE_OAUTH_DOMAIN')]); $token = new \League\OAuth2\Client\Token\AccessToken(['access_token' => $token]); /** @var GoogleUser $ownerDetails */ $ownerDetails = $provider->getResourceOwner($token); if (!$ownerDetails->getEmail() === $email) { return false; } $user = App::make(\App\Libraries\Acl\Repositories\User::class)->getByEmail($email); Auth::loginUsingId($user->id); return $user->id; }
/** * Try to authenticate the user using one of the OAuth2 providers * @author Benjamin BALET <*****@*****.**> */ public function loginOAuth2() { require_once APPPATH . 'third_party/OAuthClient/vendor/autoload.php'; $oauth2Enabled = $this->config->item('oauth2_enabled'); $oauth2Provider = $this->config->item('oauth2_provider'); $oauth2ClientId = $this->config->item('oauth2_client_id'); $oauth2ClientSecret = $this->config->item('oauth2_client_secret'); if ($oauth2Enabled === FALSE) { echo 'ERROR: OAuth2 is disabled'; return; } $authCode = $this->input->post('auth_code'); if (!is_null($authCode)) { $this->load->model('users_model'); switch ($oauth2Provider) { case 'google': $provider = new League\OAuth2\Client\Provider\Google(array('clientId' => $oauth2ClientId, 'clientSecret' => $oauth2ClientSecret, 'redirectUri' => 'postmessage', 'accessType' => 'offline')); $token = $provider->getAccessToken('authorization_code', array('code' => $authCode)); try { //We try to get the e-mail address from the Google+ API $ownerDetails = $provider->getResourceOwner($token); $email = $ownerDetails->getEmail(); //If we find the e-mail address into the database, we're good $loggedin = $this->users_model->checkCredentialsEmail($email); if ($loggedin === TRUE) { echo 'OK'; } else { echo lang('session_login_flash_bad_credentials'); } } catch (Exception $e) { echo 'ERROR: ' . $e->getMessage(); } break; default: echo 'ERROR: unsupported OAuth2 provider'; } } else { echo 'ERROR: Invalid OAuth2 token'; } }