p3k
/
Compass
mirror of https://github.com/aaronpk/Compass.git
1
0
Fork 0
Code Issues 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
4 Branches
88 MiB
Tree: 2d35f382c0
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2d35f382c0'
${ noResults }
Compass/compass/app/Http/Controllers/IndieAuth.php

166 lines
5.4 KiB
Raw Normal View History

adds basic login flow using indieauth
8 years ago
also support native github login
8 years ago
adds basic login flow using indieauth
8 years ago
also support native github login
8 years ago
adds basic login flow using indieauth
8 years ago
also support native github login
8 years ago
adds basic login flow using indieauth
8 years ago
 
  1. <?php
  2. 

  3. namespace App\Http\Controllers;
  4. 

  5. use Laravel\Lumen\Routing\Controller as BaseController;
  6. use Illuminate\Http\Request;
  7. use GuzzleHttp;
  8. 

  9. class IndieAuth extends BaseController
  10. {
  11.   private function _redirectURI() {
  12.     return env('BASE_URL') . 'auth/callback';
  13.   }
  14. 

  15.   public function start(Request $request) {
  16.     $me = \IndieAuth\Client::normalizeMeURL($request->input('me'));
  17.     if(!$me) {
  18.       return view('auth/error', ['error' => 'Invalid URL']);
  19.     }
  20. 

  21.     $state = \IndieAuth\Client::generateStateParameter();
  22. 

  23.     if(preg_match('/https?:\/\/github\.com\/[^ \/]+/', $me)) {
  24.       $authorizationURL = 'https://github.com/login/oauth/authorize'
  25.         . '?client_id=' . env('GITHUB_ID')
  26.         . '&state=' . $state;
  27. 

  28.       session([
  29.         'auth_state' => $state, 
  30.         'attempted_me' => $me,
  31.       ]);
  32. 

  33.     } else {
  34.       $authorizationEndpoint = \IndieAuth\Client::discoverAuthorizationEndpoint($me);
  35.       $tokenEndpoint = \IndieAuth\Client::discoverTokenEndpoint($me);
  36. 

  37.       session([
  38.         'auth_state' => $state, 
  39.         'attempted_me' => $me,
  40.         'authorization_endpoint' => $authorizationEndpoint,
  41.         'token_endpoint' => $tokenEndpoint
  42.       ]);
  43. 

  44.       // If the user specified only an authorization endpoint, use that

  45.       if(!$authorizationEndpoint) {
  46.         // Otherwise, fall back to indieauth.com

  47.         $authorizationEndpoint = env('DEFAULT_AUTH_ENDPOINT');
  48.       }
  49.       $authorizationURL = \IndieAuth\Client::buildAuthorizationURL($authorizationEndpoint, $me, $this->_redirectURI(), env('BASE_URL'), $state);
  50.     }
  51. 

  52.     return redirect($authorizationURL);
  53.   }
  54. 

  55.   public function callback(Request $request) {
  56.     if(!session('auth_state') || !session('attempted_me')) {
  57.       return view('auth/error', ['error' => 'Missing state information. Start over.']);
  58.     }
  59. 

  60.     if($request->input('error')) {
  61.       return view('auth/error', ['error' => $request->input('error')]);
  62.     }
  63. 

  64.     if(session('auth_state') != $request->input('state')) {
  65.       return view('auth/error', ['error' => 'State did not match. Start over.']);
  66.     }
  67. 

  68.     $tokenEndpoint = false;
  69.     if(session('token_endpoint')) {
  70.       $tokenEndpoint = session('token_endpoint');
  71.     } else if(session('authorization_endpoint')) {
  72.       $authorizationEndpoint = session('authorization_endpoint');
  73.     } else {
  74.       $authorizationEndpoint = env('DEFAULT_AUTH_ENDPOINT');
  75.     }
  76.     if($tokenEndpoint) {
  77.       $token = \IndieAuth\Client::getAccessToken($tokenEndpoint, $request->input('code'), session('attempted_me'), $this->_redirectURI(), env('BASE_URL'), $request->input('state'));
  78.     } else {
  79.       $token = \IndieAuth\Client::verifyIndieAuthCode($authorizationEndpoint, $request->input('code'), session('attempted_me'), $this->_redirectURI(), env('BASE_URL'), $request->input('state'));
  80.     }
  81. 

  82.     if($token && array_key_exists('me', $token)) {
  83.       session()->flush();
  84.       session(['me' => $token['me']]);
  85.     }
  86. 

  87.     return redirect('/');
  88.   }
  89. 

  90.   public function github(Request $request) {
  91.     if(!session('auth_state') || !session('attempted_me')) {
  92.       return view('auth/error', ['error' => 'Missing state information. Start over.']);
  93.     }
  94. 

  95.     if($request->input('error')) {
  96.       return view('auth/error', ['error' => $request->input('error')]);
  97.     }
  98. 

  99.     if(session('auth_state') != $request->input('state')) {
  100.       return view('auth/error', ['error' => 'State did not match. Start over.']);
  101.     }
  102. 

  103.     if(!$request->input('code')) {
  104.       return view('auth/error', ['error' => 'An unknown error occurred']);
  105.     }
  106. 

  107.     $client = new GuzzleHttp\Client([
  108.       'http_errors' => false
  109.     ]);
  110.     $res = $client->post('https://github.com/login/oauth/access_token', [
  111.       'form_params' => [
  112.         'client_id' => env('GITHUB_ID'),
  113.         'client_secret' => env('GITHUB_SECRET'),
  114.         // 'redirect_uri' => env('BASE_URL') . 'auth/github',

  115.         'code' => $request->input('code'),
  116.         'state' => session('auth_state')
  117.       ],
  118.       'headers' => [
  119.         'Accept' => 'application/json'
  120.       ]
  121.     ]);
  122.     if($res->getStatusCode() == 200) {
  123.       $body = $res->getBody();
  124.       $data = json_decode($body);
  125.       if($data) {
  126.         if(property_exists($data, 'access_token')) {
  127. 

  128.           // Now check the username of the user that just logged in

  129.           $res = $client->get('https://api.github.com/user', [
  130.             'headers' => [
  131.               'Authorization' => 'token ' . $data->access_token
  132.             ]
  133.           ]);
  134.           if($res->getStatusCode() == 200) {
  135.             $data = json_decode($res->getBody());
  136.             if(property_exists($data, 'login')) {
  137.               session()->flush();
  138.               session(['me' => 'https://github.com/' . $data->login]);
  139.               return redirect('/');
  140.             } else {
  141.               return view('auth/error', ['error' => 'Login failed']);
  142.             }
  143.           } else {
  144.             return view('auth/error', ['error' => 'Login failed']);
  145.           }
  146.         } else {
  147.           $err = '';
  148.           if(property_exists($data, 'error_description')) {
  149.             $err = ': ' . $data->error_description;
  150.           }
  151.           return view('auth/error', ['error' => 'Login failed' . $err]);
  152.         }
  153.       } else {
  154.         return view('auth/error', ['error' => 'Error parsing response body from GitHub']);
  155.       }
  156.     } else {
  157.       return view('auth/error', ['error' => 'Could not verify login from GitHub: ' . $res->getBody()]);
  158.     }
  159.   }
  160. 

  161.   public function logout(Request $request) {
  162.     session()->flush();
  163.     return redirect('/');
  164.   }
  165. 

  166. }