/**
* First step in the Google authentication process.
* @return Redirection
*/
private function getStartGoogleAuthenticationResponse()
{
$response = new Redirection($this->getRequest());
$currentUser = Users::getCurrent();
try {
// Set up the redirection to Google's authentication URL.
$identityProvider = new GoogleIdentityProvider();
$response->setNextUrl($identityProvider->getAuthenticationUrl());
} catch (AuthenticationException $exception) {
$response->setErrorMessage('Google authentication did not succeed.');
$response->setNextUrl($this->getRequest()->getCurrentUrl());
}
return $response;
}
/**
* The default behaviour consists of executing a function named after the
* HTTP method and the eventual action contained in the request, to produce
* a Response object.
*
* @return \Eix\Core\Response
* @throws \Eix\Core\Exception
*/
public final function getResponse()
{
if (empty($this->response)) {
$httpMethod = $this->getRequest() ? strtoupper($this->getRequest()->getMethod()) : 'GET';
if ($this->isHttpMethodSupported($httpMethod)) {
$functionName = $this->getFunctionName($httpMethod);
Logger::get()->debug("Running responder method '{$functionName}'...");
// If the responder is a restricted one...
if ($this instanceof \Eix\Core\Responders\Restricted) {
// ... ensure the user is allowed to use that function.
Users::getCurrent()->checkAuthorisation($this, $functionName);
}
// The response is the result of executing the appropriate
// responder function.
$this->response = $this->{$functionName}();
} else {
throw new \Eix\Services\Net\Http\MethodNotAllowedException("This responder does not support {$httpMethod} requests.");
}
}
return $this->response;
}
/**
* Generates an ID for a new user.
*
* @return string
*/
private static function getNewUserId()
{
// Get an Eix-compliant user ID from a unique ID.
return Users::getUserId(array(uniqid()));
}
/**
* Use the specified identity provider to establish an authenticated
* user.
*/
public static function getFromIdentityProvider(Provider $identityProvider)
{
// Have the identity provider authenticate the current identity.
$identityProvider->authenticate();
// The identity is valid according to the provider, so authentication is
// passed.
$userId = $identityProvider->getUserId();
// Check for authorisation.
try {
Logger::get()->debug(sprintf('Checking OpenID user %s...', $userId));
$user = Users::getInstance()->findEntity($userId);
// The user is valid according to our records. Keep it in the session.
$user->authenticate($identityProvider);
} catch (NotFoundException $exception) {
Logger::get()->warning(sprintf('OpenID user %s is not known.', $userId));
throw new NotAuthorisedException('OpenID user is not authorised.');
}
return $user;
}
