public function testAuthorizationUrl()
{
$url = $this->provider->getAuthorizationUrl();
$uri = parse_url($url);
parse_str($uri['query'], $query);
$this->assertArrayHasKey('client_id', $query);
$this->assertArrayHasKey('redirect_uri', $query);
$this->assertArrayHasKey('state', $query);
$this->assertArrayHasKey('scope', $query);
$this->assertArrayHasKey('response_type', $query);
$this->assertArrayHasKey('approval_prompt', $query);
$this->assertNotNull($this->provider->state);
}
/**
* @param Request $request
* @param array $routeParams
* @return \Psr\Http\Message\ResponseInterface|RedirectResponse
*/
public function handle(Request $request, array $routeParams = [])
{
session_start();
$provider = new Facebook(['clientId' => $this->settings->get('flarum-auth-facebook.app_id'), 'clientSecret' => $this->settings->get('flarum-auth-facebook.app_secret'), 'redirectUri' => $this->url->toRoute('auth.facebook'), 'graphApiVersion' => 'v2.4']);
if (!isset($_GET['code'])) {
$authUrl = $provider->getAuthorizationUrl(['scope' => ['email']]);
$_SESSION['oauth2state'] = $provider->getState();
return new RedirectResponse($authUrl);
} elseif (empty($_GET['state']) || $_GET['state'] !== $_SESSION['oauth2state']) {
unset($_SESSION['oauth2state']);
echo 'Invalid state.';
exit;
}
$token = $provider->getAccessToken('authorization_code', ['code' => $_GET['code']]);
$owner = $provider->getResourceOwner($token);
$email = $owner->getEmail();
$username = preg_replace('/[^a-z0-9-_]/i', '', $owner->getName());
return $this->authenticate(compact('email'), compact('username'));
}
/**
* It will return uid, token and information user to save database
*
* @return array
*/
public function authorize()
{
$this->view->disable();
$provider = new Facebook(['clientId' => $this->clientId, 'clientSecret' => $this->clientSecret, 'redirectUri' => $this->redirectUriAuthorize]);
$code = $this->request->getQuery('code');
$state = $this->request->getQuery('state');
if (!isset($code)) {
// If we don't have an authorization code then get one
$authUrl = $provider->getAuthorizationUrl();
$this->session->set('oauth2state', $provider->state);
return $this->response->redirect($authUrl);
// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($state) || $state !== $this->session->get('oauth2state')) {
$this->session->remove('oauth2state');
exit('Invalid state');
} else {
// Try to get an access token (using the authorization code grant)
$token = $provider->getAccessToken('authorization_code', ['code' => $code]);
$uid = $provider->getUserUid($token);
$userDetails = $provider->getUserDetails($token);
return array($uid, $token, $userDetails);
}
}
/**
* Get Facebook authentication URL
* @return string
*/
public function getAuthUrl()
{
return $this->facebookProvider->getAuthorizationUrl();
}
public function getAuthorizationUrl()
{
$options = [self::STATE_KEY => $this->csrf->generateCsrfToken(__CLASS__)];
return $this->provider->getAuthorizationUrl($options);
}
