public function githubAction(Application $app, Request $request) { $clientID = getenv('GITHUB_API_KEY'); $clientSecret = getenv('GITHUB_API_SECRET'); $code = $request->query->get('code'); $redirectUri = $request->getScheme() . '://' . $request->getHost(); if (80 != $request->getPort()) { $redirectUri .= ':' . $request->getPort(); } $redirectUri .= '/auth/github'; $provider = new Github(['clientId' => $clientID, 'clientSecret' => $clientSecret, 'redirectUri' => $redirectUri, 'scopes' => ['user:email']]); if (empty($code)) { $authUrl = $provider->getAuthorizationUrl(); $app['session']->set('oauth2state', $provider->state); return $app->redirect($authUrl); } else { $token = $provider->getAccessToken('authorization_code', ['code' => $code]); $userDetails = $provider->getUserDetails($token); try { $user = $app['user.manager']->fetchUserByGithubUid($userDetails->uid); } catch (UserNotFoundException $exception) { $email = null; foreach ($provider->getUserEmails($token) as $providerEmail) { if ($providerEmail->primary) { $email = $providerEmail->email; break; } } $user = $app['user.manager']->createUser(['email' => $email, 'roles' => ['ROLE_USER'], 'name' => $userDetails->name, 'githubUid' => $userDetails->uid]); $app['user.manager']->saveUser($user); } $app['session']->set('user', $user); return $app->redirect($app['url_generator']->generate('account.profile')); } }
/** * Register a new user using their Github account. * * @param string $code * @return \Tricks\User */ public function register($code) { $token = $this->provider->getAccessToken('authorization_code', ['code' => $code]); $userDetails = $this->provider->getUserDetails($token); $verifiedEmails = $this->getVerifiedEmails($token->accessToken); $userDetails->email = $this->getPrimaryEmail($verifiedEmails); $profile = $this->profiles->findByUid($userDetails->uid); if (is_null($profile)) { $user = $this->users->findByEmail($userDetails->email); if (is_null($user)) { $user = $this->users->createFromGithubData($userDetails); } $profile = $this->profiles->createFromGithubData($userDetails, $user, $token->accessToken); } else { $profile = $this->profiles->updateToken($profile, $token->accessToken); $user = $profile->user; } return $user; }
/** * @param Application $app * * @return string token */ public function handleAuth(Application $app) { $code = $app->request()->get('code'); $state = $app->request()->get('state'); $key = sprintf('github.oauth2state.%s', session_id()); $sessionState = $this->redisClient->get($key); if (is_null($code)) { // If we don't have an authorization code then get one $url = $this->oauth2Provider->getAuthorizationUrl(); $this->redisClient->setex($key, 300, $this->oauth2Provider->state); $app->redirect($url); } elseif (empty($state) || isset($sessionState) && $state !== $sessionState) { // Check given state against previously stored one to mitigate CSRF attack $this->redisClient->del($key); throw new \RuntimeException('Invalid state'); } // clean session $this->redisClient->del($key); // Try to get an access token (using the authorization code grant) return $this->oauth2Provider->getAccessToken('authorization_code', ['code' => $code])->accessToken; }
/** * @param Request $request * @param array $routeParams * @return RedirectResponse|EmptyResponse */ public function handle(Request $request, array $routeParams = []) { session_start(); $provider = new Github(['clientId' => $this->settings->get('github.client_id'), 'clientSecret' => $this->settings->get('github.client_secret'), 'redirectUri' => $this->url->toRoute('github.login')]); if (!isset($_GET['code'])) { $authUrl = $provider->getAuthorizationUrl(['scope' => ['user:email']]); $_SESSION['oauth2state'] = $provider->getState(); return new RedirectResponse($authUrl); } elseif (empty($_GET['state']) || $_GET['state'] !== $_SESSION['oauth2state']) { unset($_SESSION['oauth2state']); echo 'Invalid state.'; exit; } $token = $provider->getAccessToken('authorization_code', ['code' => $_GET['code']]); $owner = $provider->getResourceOwner($token); $email = $owner->getEmail(); $username = preg_replace('/[^a-z0-9-_]/i', '', $owner->getNickname()); return $this->authenticated(compact('email'), compact('username')); }
/** * */ public function authorize() { $this->view->disable(); $provider = new Github(['clientId' => $this->clientId, 'clientSecret' => $this->clientSecret, 'redirectUri' => $this->redirectUriAuthorize]); $code = $this->request->getQuery('code'); $state = $this->request->getQuery('state'); if (!isset($code)) { // If we don't have an authorization code then get one $authUrl = $provider->getAuthorizationUrl(); $this->session->set('oauth2state', $provider->state); return $this->response->redirect($authUrl); // Check given state against previously stored one to mitigate CSRF attack } elseif (empty($state) || $state !== $this->session->get('oauth2state')) { $this->session->remove('oauth2state'); exit('Invalid state'); } else { // Try to get an access token (using the authorization code grant) $token = $provider->getAccessToken('authorization_code', ['code' => $code]); $uid = $provider->getUserUid($token); $userDetails = $provider->getUserDetails($token); return array($uid, $token, $userDetails); } }
/** * Authenticate with GitHub and cache the access token * * @param Request $request * @return \Illuminate\Http\RedirectResponse */ public function github(Request $request) { if (Cache::has('github_token')) { return redirect('/'); } $provider = new Provider\Github(['clientId' => env('GITHUB_CLIENT_ID'), 'clientSecret' => env('GITHUB_CLIENT_SECRET'), 'redirectUri' => url('auth/github')]); if (!$request->get('code')) { $authorizationUrl = $provider->getAuthorizationUrl(['scope' => ['notifications']]); $request->session()->put('oauth2state', $provider->getState()); return redirect($authorizationUrl); } elseif (empty($request->get('state')) || $request->get('state') !== $request->session()->get('oauth2state')) { $request->session()->forget('oauth2state'); exit('Invalid state'); } else { try { $accessToken = $provider->getAccessToken('authorization_code', ['code' => $request->get('code')]); $token = $accessToken->getToken(); Cache::put('github_token', $token, 60 * 24 * 30); } catch (IdentityProviderException $e) { exit($e->getMessage()); } } return redirect('/'); }