/**
* Request access token
*
* This is the second step of oAuth authentication
*
* This implementation tries to abstract away differences between oAuth1 and oAuth2,
* but might need to be overwritten for specific services
*
* @return bool
*/
public function checkToken()
{
global $INPUT;
if (is_a($this->oAuth, 'OAuth\\OAuth2\\Service\\AbstractService')) {
/* oAuth2 handling */
if (!$INPUT->get->has('code')) {
return false;
}
$state = $INPUT->get->str('state', null);
try {
$this->oAuth->requestAccessToken($INPUT->get->str('code'), $state);
} catch (TokenResponseException $e) {
msg($e->getMessage(), -1);
return false;
}
} else {
/* oAuth1 handling */
if (!$INPUT->get->has('oauth_token')) {
return false;
}
$token = $this->storage->retrieveAccessToken($this->getServiceName());
// This was a callback request from BitBucket, get the token
try {
$this->oAuth->requestAccessToken($INPUT->get->str('oauth_token'), $INPUT->get->str('oauth_verifier'), $token->getRequestTokenSecret());
} catch (TokenResponseException $e) {
msg($e->getMessage(), -1);
return false;
}
}
return true;
}
/**
* Implements a generic OAuth service provider authentication
*
* @param callable $callback A callable to call when OAuth authentication
* starts
* @param string $oauth OAuth version to be used for authentication
*
* @return null|User Returns a Grav user instance on success.
*/
protected function genericOAuthProvider($callback, $oauth = 'oauth2')
{
/** @var Session */
$session = $this->grav['session'];
switch ($oauth) {
case 'oauth1':
if (empty($_GET['oauth_token']) && empty($_GET['oauth_verifier'])) {
// Extra request needed for OAuth1 to request a request token :-)
$token = $this->service->requestRequestToken();
// Create a state token to prevent request forgery.
// Store it in the session for later validation.
$redirect = $this->service->getAuthorizationUri(['oauth_token' => $token->getRequestToken()]);
$this->setRedirect($redirect);
// Update OAuth session
$session->oauth = $this->action;
} else {
$token = $this->storage->retrieveAccessToken($session->oauth);
// This was a callback request from OAuth1 service, get the token
if (isset($_GET['_url'])) {
parse_str(parse_url($_GET['_url'])['query']);
$this->service->requestAccessToken($oauth_token, $_GET['oauth_verifier'], $token->getRequestTokenSecret());
} else {
$this->service->requestAccessToken($_GET['oauth_token'], $_GET['oauth_verifier'], $token->getRequestTokenSecret());
}
return $callback();
}
break;
case 'oauth2':
default:
if (empty($_GET['code'])) {
// Create a state token to prevent request forgery (CSRF).
$state = sha1($this->getRandomBytes(1024, false));
$redirect = $this->service->getAuthorizationUri(['state' => $state]);
$this->setRedirect($redirect);
// Update OAuth session
$session->oauth = $this->action;
// Store CSRF in the session for later validation.
$this->storage->storeAuthorizationState($this->action, $state);
} else {
// Retrieve the CSRF state parameter
$state = isset($_GET['state']) ? $_GET['state'] : null;
// This was a callback request from the OAuth2 service, get the token
$this->service->requestAccessToken($_GET['code'], $state);
return $callback();
}
break;
}
return;
}
/**
* Request access token
*
* This is the second step of oAuth authentication
*
* This implementation tries to abstract away differences between oAuth1 and oAuth2,
* but might need to be overwritten for specific services
*
* @return bool
*/
public function checkToken()
{
global $INPUT;
if (is_a($this->oAuth, 'OAuth\\OAuth2\\Service\\AbstractService')) {
/* oAuth2 handling */
if (!$INPUT->get->has('code')) {
return false;
}
$state = $INPUT->get->str('state', null);
try {
$this->oAuth->requestAccessToken($INPUT->get->str('code'), $state);
} catch (TokenResponseException $e) {
msg($e->getMessage(), -1);
return false;
}
} else {
/* oAuth1 handling */
if (!$INPUT->get->has('oauth_token')) {
return false;
}
$token = $this->storage->retrieveAccessToken($this->getServiceName());
// This was a callback request from BitBucket, get the token
try {
$this->oAuth->requestAccessToken($INPUT->get->str('oauth_token'), $INPUT->get->str('oauth_verifier'), $token->getRequestTokenSecret());
} catch (TokenResponseException $e) {
msg($e->getMessage(), -1);
return false;
}
}
$validDomains = $this->hlp->getValidDomains();
if (count($validDomains) > 0) {
$userData = $this->getUser();
if (!$this->hlp->checkMail($userData['mail'])) {
msg(sprintf($this->hlp->getLang("rejectedEMail"), join(', ', $validDomains)), -1);
send_redirect(wl('', array('do' => 'login'), false, '&'));
}
}
return true;
}
/**
* Login to an OAuth1 consumer.
*
* @param string $provider
* @param \OAuth\Common\Service\AbstractService $service
*
* @return Redirect
*/
protected function oauth1Connect($provider, $service)
{
if ($oauth_token = Input::get('oauth_token')) {
try {
$token = $service->requestAccessToken($oauth_token, Input::get('oauth_verifier'), $service->getStorage()->retrieveAccessToken($provider)->getRequestTokenSecret());
} catch (Exception $e) {
return Redirect::to(Session::pull('mmanos.social.onerror', '/'))->with(Config::get('laravel-social::error_flash_var'), 'There was a problem connecting your account (4).');
}
return $this->processConnect($provider, $service, array('token' => $token->getAccessToken(), 'secret' => $token->getAccessTokenSecret()));
}
try {
// Extra request needed for oauth1 to get a request token.
$token = $service->requestRequestToken();
} catch (Exception $e) {
return Redirect::to(Session::pull('mmanos.social.onerror', '/'))->with(Config::get('laravel-social::error_flash_var'), 'There was a problem connecting your account (5).');
}
return Redirect::to((string) $service->getAuthorizationUri(array('oauth_token' => $token->getRequestToken())));
}
