public function github()
{
$provider = new \League\OAuth2\Client\Provider\Github(['clientId' => env('GITHUB_CLIENT_ID'), 'clientSecret' => env('GITHUB_CLIENT_SECRET'), 'redirectUri' => env('GITHUB_REDIRECT_URI')]);
if (!isset($this->request->query['code'])) {
// If we don't have an authorization code then get one
$authUrl = $provider->getAuthorizationUrl($options);
// $_SESSION['oauth2state'] = $provider->getState(); // stateをつけるともっとセキュアに!
$this->redirect($authUrl);
// Check given state against previously stored one to mitigate CSRF attack
// stateのチェック
// } elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {
// unset($_SESSION['oauth2state']);
// exit('Invalid state');
} else {
// Try to get an access token (using the authorization code grant)
$token = $provider->getAccessToken('authorization_code', ['code' => $this->request->query['code']]);
// Optional: Now you have a token you can look up a users profile data
try {
// We got an access token, let's now get the user's details
$user = $provider->getResourceOwner($token);
// githubユーザー情報を配列で取得
$user_to_array = $user->toArray();
// 登録済みか確認
$query = TableRegistry::get('Users')->find();
$signed_up_user = $query->where(['uid' => $user_to_array['id']])->first();
if (isset($signed_up_user['uid'])) {
// access_tokenをGitHubから取得してきた値で更新
$usersTable = TableRegistry::get('Users');
$data = ['access_token' => $token->getToken()];
$signed_up_user->set($data);
$usersTable->save($signed_up_user);
$this->loginAndRedirect($signed_up_user);
} else {
// 未登録の場合はデータベースに登録する
$data = ['name' => empty($user->getName()) ? $user->getNickname() : $user->getName(), 'uid' => $user->getId(), 'nickname' => $user->getNickname(), 'avatar' => $user_to_array['avatar_url'], 'access_token' => $token->getToken(), 'email' => $user->getEmail()];
if (is_null($user->getEmail())) {
$this->request->session()->write('user_data', $data);
$this->redirect('/oauth/edit');
} else {
$this->saveUserAndLogin($data);
}
}
} catch (Exception $e) {
// TODO: 後でちゃんとすること
// Failed to get user details
exit('Oh dear...');
}
}
}
/**
* Constructor.
*
* @throws Exception
* @throws dml_exception
*/
public function __construct()
{
global $CFG;
parent::__construct(['clientId' => get_config('auth/googleoauth2', $this->name . 'clientid'), 'clientSecret' => get_config('auth/googleoauth2', $this->name . 'clientsecret'), 'redirectUri' => $CFG->wwwroot . '/auth/googleoauth2/' . $this->name . '_redirect.php', 'scopes' => $this->scopes]);
}
<?php
require_once 'vendor/autoload.php';
session_start();
$provider = new League\OAuth2\Client\Provider\Github(['clientId' => '12d07069b2df91c0e52f', 'clientSecret' => '13c275356c9eadfb73d4a13f14b2539a5d6a74b7', 'redirectUri' => 'https://gitpay.org/oauth.php']);
$options = ['state' => rand(1, 999999999), 'scope' => ['user']];
if (!isset($_GET['code'])) {
// If we don't have an authorization code then get one
$authUrl = $provider->getAuthorizationUrl($options);
$_SESSION['oauth2state'] = $provider->getState();
header('Location: ' . $authUrl);
exit;
// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || $_GET['state'] != $_SESSION['oauth2state']) {
echo "state is : " . $_GET['state'];
echo "session state is : " . $_SESSION['oauth2state'];
//unset($_SESSION['oauth2state']);
exit('Invalid state');
} else {
// Try to get an access token (using the authorization code grant)
$token = $provider->getAccessToken('authorization_code', ['code' => $_GET['code']]);
// Optional: Now you have a token you can look up a users profile data
try {
// We got an access token, let's now get the user's details
$user = $provider->getResourceOwner($token);
// Use these details to create a new profile
//printf('Hello %s - testing - login functionality coming soon ...!', $user->getNickname());
$_SESSION['loggedin'] = 'true';
$_SESSION['login'] = $user->getNickname();
$scheme = 'https://';
header("Location: " . $scheme . $_SERVER['SERVER_NAME'] . dirname($_SERVER['REQUEST_URI']) . $user->getNickname());
function handle_oauth()
{
// If the form was just submitted, save the values
// (Step 1 above)
if (isset($_POST["client_id"]) && isset($_POST["client_secret"])) {
update_option("client_id", $_POST["client_id"], TRUE);
update_option("client_secret", $_POST["client_secret"], TRUE);
}
// Get the saved application info
$client_id = get_option("client_id");
$client_secret = get_option("client_secret");
if ($client_id && $client_secret) {
$provider = new League\OAuth2\Client\Provider\Github(["clientId" => $client_id, "clientSecret" => $client_secret, "redirectUri" => admin_url("options-general.php?page=github")]);
}
// If this is a form submission start the workflow...
// (Step 2)
if (!isset($_GET["code"]) && $_SERVER["REQUEST_METHOD"] === "POST") {
// If we don"t have an authorization code then get one
$authUrl = $provider->getAuthorizationUrl();
$_SESSION["oauth2state"] = $provider->getState();
header("Location: " . $authUrl);
exit;
// Check given state against previously stored one to mitigate CSRF attack
// (Step 3 just happened and the user was redirected back)
} elseif (empty($_GET["state"]) || $_GET["state"] !== $_SESSION["oauth2state"]) {
unset($_SESSION["oauth2state"]);
exit("Invalid state");
} else {
// Try to get an access token (using the authorization code grant)
// (Step 4)
$token = $provider->getAccessToken("authorization_code", ["code" => $_GET["code"]]);
// Save the token for future use
update_option("github_token", $token->getToken(), TRUE);
}
}