-
Notifications
You must be signed in to change notification settings - Fork 146
Expand file tree
/
Copy pathGithubAuthAction.class.php
More file actions
113 lines (96 loc) · 3.12 KB
/
Copy pathGithubAuthAction.class.php
File metadata and controls
113 lines (96 loc) · 3.12 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
<?php
namespace wcf\action;
use GuzzleHttp\Psr7\Request;
use Psr\Http\Client\ClientExceptionInterface;
use Psr\Http\Message\ResponseInterface;
use wcf\system\request\LinkHandler;
use wcf\system\user\authentication\oauth\User as OauthUser;
use wcf\util\StringUtil;
/**
* Performs authentication against GitHub.com
*
* @author Tim Duesterhus
* @copyright 2001-2021 WoltLab GmbH
* @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
*/
final class GithubAuthAction extends AbstractOauth2AuthAction
{
const AVAILABLE_DURING_OFFLINE_MODE = true;
#[\Override]
protected function getTokenEndpoint(): string
{
return 'https://github.com/login/oauth/access_token';
}
#[\Override]
protected function getClientId(): string
{
return StringUtil::trim(GITHUB_PUBLIC_KEY);
}
#[\Override]
protected function getClientSecret(): string
{
return StringUtil::trim(GITHUB_PRIVATE_KEY);
}
#[\Override]
protected function getScope(): string
{
return 'user:email';
}
#[\Override]
protected function getAuthorizeUrl(): string
{
return 'https://github.com/login/oauth/authorize';
}
#[\Override]
protected function getCallbackUrl(): string
{
return LinkHandler::getInstance()->getControllerLink(self::class);
}
#[\Override]
protected function supportsState(): bool
{
return true;
}
#[\Override]
protected function getUser(array $accessToken): OauthUser
{
$request = new Request('GET', 'https://api.github.com/user', [
'accept' => 'application/json',
'authorization' => \sprintf('Bearer %s', $accessToken['access_token']),
]);
$response = $this->getHttpClient()->send($request);
$parsed = \json_decode((string)$response->getBody(), true, flags: \JSON_THROW_ON_ERROR);
$parsed['__id'] = $parsed['id'];
$parsed['__username'] = $parsed['login'];
$parsed['accessToken'] = $accessToken;
return new OauthUser($parsed);
}
#[\Override]
protected function getProviderName(): string
{
return 'github';
}
#[\Override]
protected function redirectToRegistration(OauthUser $oauthUser): ResponseInterface
{
try {
$request = new Request('GET', 'https://api.github.com/user/emails', [
'accept' => 'application/json',
'authorization' => \sprintf('Bearer %s', $oauthUser["accessToken"]["access_token"]),
]);
$response = $this->getHttpClient()->send($request);
$emails = \json_decode((string)$response->getBody(), true, flags: \JSON_THROW_ON_ERROR);
// search primary email
$email = $emails[0]['email'];
foreach ($emails as $tmp) {
if ($tmp['primary']) {
$email = $tmp['email'];
break;
}
}
$oauthUser["__email"] = $email;
} catch (ClientExceptionInterface $e) {
}
return parent::redirectToRegistration($oauthUser);
}
}