public function auth() { $email = $this->getParam('email', ''); $token = $this->getParam('token', ''); $client = new \Google_Client(); $client->setClientId(Setting::get('google-identity', 'client_id')); $client->setClientSecret(Setting::get('google-identity', 'client_secret')); $client->setRedirectUri($this->config->get('site.full_admin_url') . '/google-identity/auth'); $client->setScopes('email'); $data = $client->verifyIdToken($token)->getAttributes(); if (empty($data['payload']['email']) || $data['payload']['email'] != $email) { return $this->redirect('/session/login?logout=1')->error('There was a problem signing you in, please try again.'); } $userStore = Store::get('User'); $user = $userStore->getByEmail($email); if (is_null($user)) { $authDomains = Setting::get('google-identity', 'login_auto_create'); $authDomains = explode(',', $authDomains); $parts = explode('@', $email, 2); if (!in_array($parts[1], $authDomains)) { return $this->redirect('/session/login?logout=1')->error('You do not have permission to sign in.'); } $user = new User(); $user->setActive(1); $user->setIsAdmin(1); $user->setDateAdded(new \DateTime()); $user->setEmail($email); $user->setName($data['payload']['name']); $user = $userStore->save($user); } $_SESSION['user_id'] = $user->getId(); if (isset($_SESSION['previous_url'])) { return $this->redirect($_SESSION['previous_url']); } return $this->redirect('/'); }