/** * @param Request $request * @throws SingleSOException * @return \Psr\Http\Message\ResponseInterface|RedirectResponse */ public function createCodeResponse(Request $request) { $session = $request->getAttribute('session'); // Load settings or fail. $authSettings = SingleSO::settingsAuth($this->settings, true); // Get parameters. $params = $request->getQueryParams(); $code = array_get($params, 'code'); $state = array_get($params, 'state'); // Get the state from the URL or fail. if (!$state) { throw new SingleSOException(['No state parameter supplied.']); } // Check the state against the session and remove or throw. $stateData = $this->sessionStateValid($session, $state); $this->sessionStateRemove($session); // Get user info from supplied token. $userInfo = SingleSO::getOauthUserInfo($authSettings['endpoint_url'], ['code' => $code, 'client_id' => $authSettings['client_id'], 'client_secret' => $authSettings['client_secret'], 'redirect_uri' => $this->getRedirectURI()], $authSettings['endpoint_ip_forced'] ? $authSettings['endpoint_ip_forced'] : null); // Ensure a user for the info. $actor = $request->getAttribute('actor'); $user = SingleSO::ensureUser($userInfo, $this->events, $actor); // Create the redirect response, with redirect from state if set. $response = new RedirectResponse($this->expandRedirect($stateData)); // Authenticate user on the current session. $session = $request->getAttribute('session'); $this->authenticator->logIn($session, $user->id); // Generate remember me token (3600 is the time Flarum uses). $token = AccessToken::generate($user->id, 3600); $token->save(); // Trigger the login event. $this->events->fire(new UserLoggedIn($user, $token)); // Attach the token as a remember me cookie unless using auto-login. // If using auto-login, let the auth server handled remembering. if (!$authSettings['global_cookie']) { $response = $this->rememberer->remember($response, $token); } // Return the redirect response. return $response; }