public function callbackAction()
{
$provider = $this->getProvider();
$provider->authenticate();
$profile = $provider->getUserProfile();
$providerName = strtolower($this->getRequest()->getQuery('provider'));
/** @var User $user */
$user = $this->entityManager->getRepository(\Application\Model\User::class)->createOrUpdate($providerName, $profile);
$this->entityManager->flush();
$jwt = new \OAuth2\Encryption\Jwt();
$filename = null;
if ($user->getImage()) {
$filename = (new ImageHydrator())->extract($user->getImage()->getFilename());
}
$message = ['id' => $user->getId(), 'name' => $user->getName(), 'photo' => $user->getPhoto(), 'image' => $filename, 'language' => $user->getLanguage()];
$token = $jwt->encode($message, $this->cryptoKey);
$uri = $this->getRequest()->getUri();
$base = sprintf('%s://%s', $uri->getScheme(), $uri->getHost());
return $this->redirect()->toUrl($base . '/receive.html?token=' . $token);
}
/**
* If the AUTHORIZATION HTTP header is found, validate and return the user, otherwise default to 'guest'
* @param \ZF\MvcAuth\MvcAuthEvent $e
* @return \Application\Authentication\AuthenticatedIdentity|\ZF\MvcAuth\Identity\GuestIdentity
*/
public function __invoke(\ZF\MvcAuth\MvcAuthEvent $e)
{
$guest = new \ZF\MvcAuth\Identity\GuestIdentity();
$header = $e->getMvcEvent()->getRequest()->getHeader('AUTHORIZATION');
if (!$header) {
return $guest;
}
$token = $header->getFieldValue();
$jwt = new \OAuth2\Encryption\Jwt();
$key = $this->config['cryptoKey'];
$tokenData = $jwt->decode($token, $key);
// If the token is invalid, give up
if (!$tokenData) {
return $guest;
}
$user = $this->entityManager->getRepository(\Application\Model\User::class)->findOneById($tokenData['id']);
if (!$user) {
return $guest;
}
\Application\Model\User::setCurrentUser($user);
$identity = new \Application\Authentication\AuthenticatedIdentity($user);
return $identity;
}
/**
* Generate a JWT
*
* @param string $privateKey The private key to use to sign the token
* @param string $iss The issuer, usually the client_id
* @param string $sub The subject, usually a user_id
* @param string $aud The audience, usually the URI for the oauth server
* @param string $exp The expiration date. If the current time is greater than the exp, the JWT is invalid
* @param string $nbf The "not before" time. If the current time is less than the nbf, the JWT is invalid
* @param string $jti The "jwt token identifier", or nonce for this JWT
*
* @return string JWT
*/
public static function generateJWT($privateKey, $iss, $sub, $aud, $exp = null, $nbf = null, $jti = null)
{
if (!$exp) {
$exp = time() + 1000;
}
$params = array('iss' => $iss, 'sub' => $sub, 'aud' => $aud, 'exp' => $exp, 'iat' => time());
if ($nbf) {
$params['nbf'] = $nbf;
}
if ($jti) {
$params['jti'] = $jti;
}
$jwtUtil = new \OAuth2\Encryption\Jwt();
return $jwtUtil->encode($params, $privateKey, 'RS256');
}
