public function auth()
{
$email = $this->getParam('email', '');
$token = $this->getParam('token', '');
$client = new \Google_Client();
$client->setClientId(Setting::get('google-identity', 'client_id'));
$client->setClientSecret(Setting::get('google-identity', 'client_secret'));
$client->setRedirectUri($this->config->get('site.full_admin_url') . '/google-identity/auth');
$client->setScopes('email');
$data = $client->verifyIdToken($token)->getAttributes();
if (empty($data['payload']['email']) || $data['payload']['email'] != $email) {
return $this->redirect('/session/login?logout=1')->error('There was a problem signing you in, please try again.');
}
$userStore = Store::get('User');
$user = $userStore->getByEmail($email);
if (is_null($user)) {
$authDomains = Setting::get('google-identity', 'login_auto_create');
$authDomains = explode(',', $authDomains);
$parts = explode('@', $email, 2);
if (!in_array($parts[1], $authDomains)) {
return $this->redirect('/session/login?logout=1')->error('You do not have permission to sign in.');
}
$user = new User();
$user->setActive(1);
$user->setIsAdmin(1);
$user->setDateAdded(new \DateTime());
$user->setEmail($email);
$user->setName($data['payload']['name']);
$user = $userStore->save($user);
}
$_SESSION['user_id'] = $user->getId();
if (isset($_SESSION['previous_url'])) {
return $this->redirect($_SESSION['previous_url']);
}
return $this->redirect('/');
}
