protected function startFlow() { $client = new Client(["clientId" => self::$ID, "clientSecret" => self::$secret, "redirectUri" => "http://localhost:8080/", "scopes" => ["profile", "email"], "hostedDomain" => "localhost:8080"]); if (!empty($_GET["error"])) { // User probably denied access. die("Got an error: {$_GET['error']}"); } else { if (empty($_GET["code"])) { // We need to get an authorisation code. $authUrl = $client->getAuthorizationUrl(); $_SESSION["oauth2state"] = $client->state; Headers::redirect($authUrl); exit; } else { if (empty($_GET["state"]) || $_GET["state"] !== $_SESSION["oauth2state"]) { // State is invalid - possible CSRF attack. unset($_SESSION["oauth2state"]); die("Invalid state"); } else { // Try to get an access token using the authorisation grant. try { $token = $client->getAccessToken("authorization_code", ["code" => $_GET["code"]]); $this->details = $client->getUserDetails($token); unset($_SESSION["oauth2state"]); } catch (\Exception $ex) { unset($_SESSION["oauth2state"]); die("Something went wrong! " . $ex->getMessage()); } } } } }
public static function remember(Provider $auth) { $_SESSION["User"] = new User($auth->getDetails()); if (isset($_COOKIE[self::COOKIE_REMEMBER])) { // Read rememberme cookie, log in user automatically. $username = base64_decode($_COOKIE[self::COOKIE_REMEMBER]); $hash = hash_hmac("sha256", $username, self::COOKIE_SALT); if ($hash !== $_COOKIE[self::COOKIE_SECRET]) { // Force user to be logged out. unset($_SESSION["User"]); } } else { if (!empty($_SESSION["User"])) { // Save rememberme cookie. $username = $_SESSION["User"]->email; $hash = hash_hmac("sha256", $username, self::COOKIE_SALT); $usernameEncoded = base64_encode($username); setcookie(self::COOKIE_REMEMBER, $usernameEncoded, time() + self::COOKIE_LIFE); setcookie(self::COOKIE_SECRET, $hash, time() + self::COOKIE_LIFE); // Force refresh, so cookies are sent. Headers::redirect($_SERVER["REQUEST_URI"]); exit; } } }
public function go() { $uri = strtok($_SERVER["REQUEST_URI"], "?"); if ($uri !== "/" && empty($_SESSION["User"])) { Headers::redirect("/"); exit; } }
public function go() { // Only perform the authentication from this one page. // Other pages will redirect here if authentication expires. if (!empty($_SESSION["User"])) { Headers::redirect("/dashboard"); exit; } // For now, only implement Google auth. $auth = new Google(); if ($auth->isAuthenticated()) { PersistentLogin::remember($auth); } else { die("ERROR!"); } }