Example #1
0
 /**
  * @param Request $request
  * @return \Illuminate\Http\RedirectResponse|\Laravel\Lumen\Http\Redirector
  */
 public function callback(Request $request)
 {
     $state = $request->get('state');
     $sessionState = Session::get('google.oauth2state');
     $code = $request->get('code');
     if ($request->get('error')) {
         $request->session()->flash('error', 'auth.error');
         return redirect(route('auth.loginForm'));
     }
     if (empty($state) || $state !== $sessionState) {
         Session::forget('google.oauth2state');
         $request->session()->flash('error', 'auth.error');
         return redirect(route('auth.loginForm'));
     }
     $token = $this->provider->getAccessToken('authorization_code', ['code' => $code]);
     try {
         /** @var GoogleUser $ownerDetails */
         $ownerDetails = $this->provider->getResourceOwner($token);
         $email = $ownerDetails->getEmail();
         // if we already have the email in DB we log the user
         if (!$this->repository->exists(['email' => $email])) {
             $lastName = $ownerDetails->getLastName();
             $firstName = $ownerDetails->getFirstName();
             $this->createUser($firstName, $lastName, $email);
         }
         // we try to logged in the user with the email and the google oauth access token
         Input::merge(['client_id' => Config::get('oauth2.web_client.client_id')]);
         Input::merge(['client_secret' => Config::get('oauth2.web_client.client_secret')]);
         Input::merge(['grant_type' => 'google']);
         Input::merge(['username' => $email]);
         Input::merge(['password' => $token->getToken()]);
         try {
             Authorizer::issueAccessToken();
             return redirect('/');
         } catch (\Exception $e) {
             $request->session()->flash('error', 'auth.login_error');
             return redirect(route('auth.loginForm'));
         }
     } catch (ModelNotValid $e) {
         $request->session()->flash('error', 'auth.error');
         Log::warn($e->getMessage());
         return redirect(route('auth.loginForm'));
     } catch (\Exception $e) {
         $request->session()->flash('error', 'auth.error');
         Log::warn($e->getMessage());
         return redirect(route('auth.loginForm'));
     }
 }
Example #2
0
 protected function startFlow()
 {
     $client = new Client(["clientId" => self::$ID, "clientSecret" => self::$secret, "redirectUri" => "http://localhost:8080/", "scopes" => ["profile", "email"], "hostedDomain" => "localhost:8080"]);
     if (!empty($_GET["error"])) {
         // User probably denied access.
         die("Got an error: {$_GET['error']}");
     } else {
         if (empty($_GET["code"])) {
             // We need to get an authorisation code.
             $authUrl = $client->getAuthorizationUrl();
             $_SESSION["oauth2state"] = $client->state;
             Headers::redirect($authUrl);
             exit;
         } else {
             if (empty($_GET["state"]) || $_GET["state"] !== $_SESSION["oauth2state"]) {
                 // State is invalid - possible CSRF attack.
                 unset($_SESSION["oauth2state"]);
                 die("Invalid state");
             } else {
                 // Try to get an access token using the authorisation grant.
                 try {
                     $token = $client->getAccessToken("authorization_code", ["code" => $_GET["code"]]);
                     $this->details = $client->getUserDetails($token);
                     unset($_SESSION["oauth2state"]);
                 } catch (\Exception $ex) {
                     unset($_SESSION["oauth2state"]);
                     die("Something went wrong! " . $ex->getMessage());
                 }
             }
         }
     }
 }
Example #3
0
 /**
  * @param Application $app
  *
  * @return string token
  */
 public function handleAuth(Application $app)
 {
     $code = $app->request()->get('code');
     $state = $app->request()->get('state');
     $key = sprintf('google.oauth2state.%s', session_id());
     $sessionState = $this->redisClient->get($key);
     if (is_null($code)) {
         // If we don't have an authorization code then get one
         $url = $this->oauth2Provider->getAuthorizationUrl();
         $this->redisClient->setex($key, 300, $this->oauth2Provider->state);
         $app->redirect($url);
     } elseif (empty($state) || isset($sessionState) && $state !== $sessionState) {
         // Check given state against previously stored one to mitigate CSRF attack
         $this->redisClient->del($key);
         throw new \RuntimeException('Invalid state');
     }
     // clean session
     $this->redisClient->del($key);
     // Try to get an access token (using the authorization code grant)
     return $this->oauth2Provider->getAccessToken('authorization_code', ['code' => $code])->accessToken;
 }
Example #4
0
 /**
  * It will return uid, token and information user to save database
  *
  * @return array
  */
 public function authorize()
 {
     $this->view->disable();
     $provider = new Google(['clientId' => $this->clientId, 'clientSecret' => $this->clientSecret, 'redirectUri' => $this->redirectUriAuthorize]);
     $code = $this->request->getQuery('code');
     $state = $this->request->getQuery('state');
     if (!isset($code)) {
         // If we don't have an authorization code then get one
         $authUrl = $provider->getAuthorizationUrl();
         $this->session->set('oauth2state', $provider->state);
         return $this->response->redirect($authUrl);
         // Check given state against previously stored one to mitigate CSRF attack
     } elseif (empty($state) || $state !== $this->session->get('oauth2state')) {
         $this->session->remove('oauth2state');
         exit('Invalid state');
     } else {
         // Try to get an access token (using the authorization code grant)
         $token = $provider->getAccessToken('authorization_code', ['code' => $code]);
         $uid = $provider->getUserUid($token);
         $userDetails = $provider->getUserDetails($token);
         return array($uid, $token, $userDetails);
     }
 }
Example #5
0
            $error = $data['error'];
            if (is_array($error)) {
                $code = $error['code'];
                $error = $error['message'];
            }
            throw new IdentityProviderException($error, $code, $data);
        }
    }
    protected function createResourceOwner(array $response, AccessToken $token)
    {
        return new GoogleUser($response);
    }
}
//Set Redirect URI in Developer Console as [https/http]://<yourdomain>/<folder>/get_oauth_token.php
$provider = new Google(array('clientId' => $clientId, 'clientSecret' => $clientSecret, 'redirectUri' => $redirectUri, 'scope' => array('https://mail.google.com/'), 'accessType' => 'offline'));
if (!isset($_GET['code'])) {
    // If we don't have an authorization code then get one
    $authUrl = $provider->getAuthorizationUrl();
    $_SESSION['oauth2state'] = $provider->getState();
    header('Location: ' . $authUrl);
    exit;
    // Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || $_GET['state'] !== $_SESSION['oauth2state']) {
    unset($_SESSION['oauth2state']);
    exit('Invalid state');
} else {
    // Try to get an access token (using the authorization code grant)
    $token = $provider->getAccessToken('authorization_code', array('code' => $_GET['code']));
    // Use this to get a new access token if the old one expires
    echo 'Refresh Token: ' . $token->getRefreshToken();
}
            $error = $data['error'];
            if (is_array($error)) {
                $code = $error['code'];
                $error = $error['message'];
            }
            throw new IdentityProviderException($error, $code, $data);
        }
    }
    protected function createResourceOwner(array $response, AccessToken $token)
    {
        return new GoogleUser($response);
    }
}
//Set Redirect URI in Developer Console as [https/http]://<yourdomain>/<folder>/get_oauth_token.php
$provider = new Google(array('clientId' => $clientId, 'clientSecret' => $clientSecret, 'redirectUri' => $redirectUri, 'scope' => array('https://mail.google.com/'), 'accessType' => 'offline'));
if (!isset($_GET['code'])) {
    // If we don't have an authorization code then get one
    $authUrl = $provider->getAuthorizationUrl();
    $_SESSION['oauth2state'] = $provider->getState();
    header('Location: ' . $authUrl);
    exit;
    // Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || $_GET['state'] !== $_SESSION['oauth2state']) {
    unset($_SESSION['oauth2state']);
    exit('Invalid state');
} else {
    // Try to get an access token (using the authorization code grant)
    $token = $provider->getAccessToken('authorization_code', ['code' => $_GET['code']]);
    // Use this to get a new access token if the old one expires
    echo 'Refresh Token: ' . $token->getRefreshToken();
}