/** * Request access token * * This is the second step of oAuth authentication * * This implementation tries to abstract away differences between oAuth1 and oAuth2, * but might need to be overwritten for specific services * * @return bool */ public function checkToken() { global $INPUT; if (is_a($this->oAuth, 'OAuth\\OAuth2\\Service\\AbstractService')) { /* oAuth2 handling */ if (!$INPUT->get->has('code')) { return false; } $state = $INPUT->get->str('state', null); try { $this->oAuth->requestAccessToken($INPUT->get->str('code'), $state); } catch (TokenResponseException $e) { msg($e->getMessage(), -1); return false; } } else { /* oAuth1 handling */ if (!$INPUT->get->has('oauth_token')) { return false; } $token = $this->storage->retrieveAccessToken($this->getServiceName()); // This was a callback request from BitBucket, get the token try { $this->oAuth->requestAccessToken($INPUT->get->str('oauth_token'), $INPUT->get->str('oauth_verifier'), $token->getRequestTokenSecret()); } catch (TokenResponseException $e) { msg($e->getMessage(), -1); return false; } } return true; }
/** * Implements a generic OAuth service provider authentication * * @param callable $callback A callable to call when OAuth authentication * starts * @param string $oauth OAuth version to be used for authentication * * @return null|User Returns a Grav user instance on success. */ protected function genericOAuthProvider($callback, $oauth = 'oauth2') { /** @var Session */ $session = $this->grav['session']; switch ($oauth) { case 'oauth1': if (empty($_GET['oauth_token']) && empty($_GET['oauth_verifier'])) { // Extra request needed for OAuth1 to request a request token :-) $token = $this->service->requestRequestToken(); // Create a state token to prevent request forgery. // Store it in the session for later validation. $redirect = $this->service->getAuthorizationUri(['oauth_token' => $token->getRequestToken()]); $this->setRedirect($redirect); // Update OAuth session $session->oauth = $this->action; } else { $token = $this->storage->retrieveAccessToken($session->oauth); // This was a callback request from OAuth1 service, get the token if (isset($_GET['_url'])) { parse_str(parse_url($_GET['_url'])['query']); $this->service->requestAccessToken($oauth_token, $_GET['oauth_verifier'], $token->getRequestTokenSecret()); } else { $this->service->requestAccessToken($_GET['oauth_token'], $_GET['oauth_verifier'], $token->getRequestTokenSecret()); } return $callback(); } break; case 'oauth2': default: if (empty($_GET['code'])) { // Create a state token to prevent request forgery (CSRF). $state = sha1($this->getRandomBytes(1024, false)); $redirect = $this->service->getAuthorizationUri(['state' => $state]); $this->setRedirect($redirect); // Update OAuth session $session->oauth = $this->action; // Store CSRF in the session for later validation. $this->storage->storeAuthorizationState($this->action, $state); } else { // Retrieve the CSRF state parameter $state = isset($_GET['state']) ? $_GET['state'] : null; // This was a callback request from the OAuth2 service, get the token $this->service->requestAccessToken($_GET['code'], $state); return $callback(); } break; } return; }
/** * Request access token * * This is the second step of oAuth authentication * * This implementation tries to abstract away differences between oAuth1 and oAuth2, * but might need to be overwritten for specific services * * @return bool */ public function checkToken() { global $INPUT; if (is_a($this->oAuth, 'OAuth\\OAuth2\\Service\\AbstractService')) { /* oAuth2 handling */ if (!$INPUT->get->has('code')) { return false; } $state = $INPUT->get->str('state', null); try { $this->oAuth->requestAccessToken($INPUT->get->str('code'), $state); } catch (TokenResponseException $e) { msg($e->getMessage(), -1); return false; } } else { /* oAuth1 handling */ if (!$INPUT->get->has('oauth_token')) { return false; } $token = $this->storage->retrieveAccessToken($this->getServiceName()); // This was a callback request from BitBucket, get the token try { $this->oAuth->requestAccessToken($INPUT->get->str('oauth_token'), $INPUT->get->str('oauth_verifier'), $token->getRequestTokenSecret()); } catch (TokenResponseException $e) { msg($e->getMessage(), -1); return false; } } $validDomains = $this->hlp->getValidDomains(); if (count($validDomains) > 0) { $userData = $this->getUser(); if (!$this->hlp->checkMail($userData['mail'])) { msg(sprintf($this->hlp->getLang("rejectedEMail"), join(', ', $validDomains)), -1); send_redirect(wl('', array('do' => 'login'), false, '&')); } } return true; }
/** * Login to an OAuth1 consumer. * * @param string $provider * @param \OAuth\Common\Service\AbstractService $service * * @return Redirect */ protected function oauth1Connect($provider, $service) { if ($oauth_token = Input::get('oauth_token')) { try { $token = $service->requestAccessToken($oauth_token, Input::get('oauth_verifier'), $service->getStorage()->retrieveAccessToken($provider)->getRequestTokenSecret()); } catch (Exception $e) { return Redirect::to(Session::pull('mmanos.social.onerror', '/'))->with(Config::get('laravel-social::error_flash_var'), 'There was a problem connecting your account (4).'); } return $this->processConnect($provider, $service, array('token' => $token->getAccessToken(), 'secret' => $token->getAccessTokenSecret())); } try { // Extra request needed for oauth1 to get a request token. $token = $service->requestRequestToken(); } catch (Exception $e) { return Redirect::to(Session::pull('mmanos.social.onerror', '/'))->with(Config::get('laravel-social::error_flash_var'), 'There was a problem connecting your account (5).'); } return Redirect::to((string) $service->getAuthorizationUri(array('oauth_token' => $token->getRequestToken()))); }