public function github() { $provider = new \League\OAuth2\Client\Provider\Github(['clientId' => env('GITHUB_CLIENT_ID'), 'clientSecret' => env('GITHUB_CLIENT_SECRET'), 'redirectUri' => env('GITHUB_REDIRECT_URI')]); if (!isset($this->request->query['code'])) { // If we don't have an authorization code then get one $authUrl = $provider->getAuthorizationUrl($options); // $_SESSION['oauth2state'] = $provider->getState(); // stateをつけるともっとセキュアに! $this->redirect($authUrl); // Check given state against previously stored one to mitigate CSRF attack // stateのチェック // } elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) { // unset($_SESSION['oauth2state']); // exit('Invalid state'); } else { // Try to get an access token (using the authorization code grant) $token = $provider->getAccessToken('authorization_code', ['code' => $this->request->query['code']]); // Optional: Now you have a token you can look up a users profile data try { // We got an access token, let's now get the user's details $user = $provider->getResourceOwner($token); // githubユーザー情報を配列で取得 $user_to_array = $user->toArray(); // 登録済みか確認 $query = TableRegistry::get('Users')->find(); $signed_up_user = $query->where(['uid' => $user_to_array['id']])->first(); if (isset($signed_up_user['uid'])) { // access_tokenをGitHubから取得してきた値で更新 $usersTable = TableRegistry::get('Users'); $data = ['access_token' => $token->getToken()]; $signed_up_user->set($data); $usersTable->save($signed_up_user); $this->loginAndRedirect($signed_up_user); } else { // 未登録の場合はデータベースに登録する $data = ['name' => empty($user->getName()) ? $user->getNickname() : $user->getName(), 'uid' => $user->getId(), 'nickname' => $user->getNickname(), 'avatar' => $user_to_array['avatar_url'], 'access_token' => $token->getToken(), 'email' => $user->getEmail()]; if (is_null($user->getEmail())) { $this->request->session()->write('user_data', $data); $this->redirect('/oauth/edit'); } else { $this->saveUserAndLogin($data); } } } catch (Exception $e) { // TODO: 後でちゃんとすること // Failed to get user details exit('Oh dear...'); } } }
$authUrl = $provider->getAuthorizationUrl($options); $_SESSION['oauth2state'] = $provider->getState(); header('Location: ' . $authUrl); exit; // Check given state against previously stored one to mitigate CSRF attack } elseif (empty($_GET['state']) || $_GET['state'] != $_SESSION['oauth2state']) { echo "state is : " . $_GET['state']; echo "session state is : " . $_SESSION['oauth2state']; //unset($_SESSION['oauth2state']); exit('Invalid state'); } else { // Try to get an access token (using the authorization code grant) $token = $provider->getAccessToken('authorization_code', ['code' => $_GET['code']]); // Optional: Now you have a token you can look up a users profile data try { // We got an access token, let's now get the user's details $user = $provider->getResourceOwner($token); // Use these details to create a new profile //printf('Hello %s - testing - login functionality coming soon ...!', $user->getNickname()); $_SESSION['loggedin'] = 'true'; $_SESSION['login'] = $user->getNickname(); $scheme = 'https://'; header("Location: " . $scheme . $_SERVER['SERVER_NAME'] . dirname($_SERVER['REQUEST_URI']) . $user->getNickname()); exit; } catch (Exception $e) { // Failed to get user details exit('Oh dear...'); } // Use this to interact with an API on the users behalf // echo $token->getToken(); }