Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-05-24 02:14:21 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fixes for OAuth (#3695)

Browse Source
This commit is contained in:
David Bomba 2020-05-13 19:02:38 +10:00 committed by GitHub
parent fb5a923639
commit 956c06c430
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 18 additions and 190 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

207
app/Http/Controllers/Auth/LoginController.php
View File

@ -246,134 +246,6 @@ class LoginController extends BaseController
return $this->listResponse($ct);
}
/**
* Redirect the user to the provider authentication page
*
* @return void
*/
public function redirectToProvider(string $provider)
{
//'https://www.googleapis.com/auth/gmail.send','email','profile','openid'
//
if (request()->has('code')) {
return $this->handleProviderCallback($provider);
} else {
return Socialite::driver($provider)->scopes(['https://www.googleapis.com/auth/gmail.send','email','profile','openid'])->redirect();
}
}
public function redirectToProviderAndCreate(string $provider)
{
$redirect_url = config('services.' . $provider . '.redirect') . '/create';
if (request()->has('code')) {
return $this->handleProviderCallbackAndCreate($provider);
} else {
return Socialite::driver($provider)->scopes(['https://www.googleapis.com/auth/gmail.send','email','profile','openid'])->redirectUrl($redirect_url)->redirect();
}
}
public function handleProviderCallbackAndCreate(string $provider)
{
$redirect_url = config('services.' . $provider . '.redirect') . '/create';
$socialite_user = Socialite::driver($provider)
->redirectUrl($redirect_url)
->stateless()
->user();
/* Handle existing users who attempt to create another account with existing OAuth credentials */
if ($user = OAuth::handleAuth($socialite_user, $provider)) {
$user->oauth_user_token = $socialite_user->refreshToken;
$user->save();
Auth::login($user, true);
return redirect($this->redirectTo);
} elseif (MultiDB::checkUserEmailExists($socialite_user->getEmail())) {
Session::flash('error', 'User exists in system, but not with this authentication method'); //todo add translations
return view('auth.login');
}
/** 3. Automagically creating a new account here. */
else {
//todo
$name = OAuth::splitName($socialite_user->getName());
$new_account = [
'first_name' => $name[0],
'last_name' => $name[1],
'password' => '',
'email' => $socialite_user->getEmail(),
'oauth_user_id' => $socialite_user->getId(),
'oauth_user_token' => $socialite_user->refreshToken,
'oauth_provider_id' => $provider
];
MultiDB::setDefaultDatabase();
$account = CreateAccount::dispatchNow($new_account);
Auth::login($account->default_company->owner(), true);
$cookie = cookie('db', $account->default_company->db);
return redirect($this->redirectTo)->withCookie($cookie);
}
}
/**
* We use this function when OAUTHING via the web interface
*
* @return redirect
*/
public function handleProviderCallback(string $provider)
{
$redirect_url = config('services.' . $provider . '.redirect');
$socialite_user = Socialite::driver($provider)
->redirectUrl($redirect_url)
->stateless()
->user();
if ($user = OAuth::handleAuth($socialite_user, $provider)) {
$user->oauth_user_token = $socialite_user->token;
$user->save();
Auth::login($user, true);
return redirect($this->redirectTo);
} elseif (MultiDB::checkUserEmailExists($socialite_user->getEmail())) {
Session::flash('error', 'User exists in system, but not with this authentication method'); //todo add translations
return view('auth.login');
}
/** 3. Automagically creating a new account here. */
else {
//todo
$name = OAuth::splitName($socialite_user->getName());
$new_account = [
'first_name' => $name[0],
'last_name' => $name[1],
'password' => '',
'email' => $socialite_user->getEmail(),
'oauth_user_id' => $socialite_user->getId(),
'oauth_user_token' => $socialite_user->token,
'oauth_provider_id' => $provider
];
$account = CreateAccount::dispatchNow($new_account);
Auth::login($account->default_company->owner(), true);
$cookie = cookie('db', $account->default_company->db);
return redirect($this->redirectTo)->withCookie($cookie);
}
}
/**
* A client side authentication has taken place.
* We now digest the token and confirm authentication with
@ -392,62 +264,12 @@ class LoginController extends BaseController
if(request()->input('provider') == 'google')
return $this->handleGoogleOauth();
// $user = false;
// $oauth = new OAuth();
// $user = $oauth->getProvider(request()->input('provider'))->getTokenResponse(request()->input('id_token'));
// if ($user = OAuth::handleAuth($socialite_user, $provider)) {
// $user->oauth_user_token = $socialite_user->token;
// $user->save();
// Auth::login($user, true);
// return redirect($this->redirectTo);
// } elseif (MultiDB::checkUserEmailExists($socialite_user->getEmail())) {
// Session::flash('error', 'User exists in system, but not with this authentication method'); //todo add translations
// return view('auth.login');
// }
// * 3. Automagically creating a new account here.
// else {
// //todo
// $name = OAuth::splitName($socialite_user->getName());
// $new_account = [
// 'first_name' => $name[0],
// 'last_name' => $name[1],
// 'password' => '',
// 'email' => $socialite_user->getEmail(),
// 'oauth_user_id' => $socialite_user->getId(),
// 'oauth_user_token' => $socialite_user->token,
// 'oauth_provider_id' => $provider
// ];
// $account = CreateAccount::dispatchNow($new_account);
// Auth::login($account->default_company->owner(), true);
// $cookie = cookie('db', $account->default_company->db);
// return redirect($this->redirectTo)->withCookie($cookie);
// }
// if ($user) {
// $ct = CompanyUser::whereUserId($user);
// return $this->listResponse($ct);
// // return $this->itemResponse($user);
// } else {
// return $this->errorResponse(['message' => 'Invalid credentials'], 401);
// }
return response()
->json(['message' => 'Provider not supported'], 400)
->header('X-App-Version', config('ninja.app_version'))
->header('X-Api-Version', config('ninja.api_version'));
}
//// // server_auth_code
// // access_token
// // id_token
//
private function handleGoogleOauth()
{
$user = false;
@ -467,6 +289,7 @@ class LoginController extends BaseController
{
Auth::login($existing_user, true);
$existing_user->setCompany($existing_user->account->default_company);
$ct = CompanyUser::whereUserId(auth()->user()->id);
return $this->listResponse($ct);
@ -477,19 +300,19 @@ class LoginController extends BaseController
}
if($user){
//if($user && request()->input('create') == 'true') {
//server_auth_code
$client = new \Google_Client();
$client->setClientId(config('ninja.auth.google.client_id'));
$client->setClientSecret(config('ninja.auth.google.client_secret'));
$accessToken = $client->fetchAccessTokenWithAuthCode(request()->input('server_auth_code'));
info($accessToken);
$token = $client->authenticate(request()->input('server_auth_code'));
$client->setAccessToken($accessToken);
//$client->setAccessToken(request()->input('access_token'));
$refresh_token = $client->getRefreshToken();
$refresh_token = '';
if(array_key_exists('refresh_token', $token))
$refresh_token = $token['refresh_token'];
$access_token = $token['access_token'];
$name = OAuth::splitName($google->harvestName($user));
@ -499,7 +322,7 @@ class LoginController extends BaseController
'password' => '',
'email' => $google->harvestEmail($user),
'oauth_user_id' => $google->harvestSubField($user),
'oauth_user_token' => request()->input('access_token'),
'oauth_user_token' => $access_token,
'oauth_user_refresh_token' => $refresh_token,
'oauth_provider_id' => 'google'
];
@ -509,6 +332,10 @@ class LoginController extends BaseController
$account = CreateAccount::dispatchNow($new_account);
Auth::login($account->default_company->owner(), true);
auth()->user()->email_verified_at = now();
auth()->user()->save();
$ct = CompanyUser::whereUserId(auth()->user()->id);
return $this->listResponse($ct);
}

1
app/Models/User.php
View File

@ -73,6 +73,7 @@ class User extends Authenticatable implements MustVerifyEmail
'oauth_user_id',
'oauth_provider_id',
'oauth_user_token',
'oauth_user_refresh_token',
'custom_value1',
'custom_value2',
'custom_value3',