Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
path: root/scripts/oauth.php
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/oauth.php')
-rw-r--r--scripts/oauth.php201
1 files changed, 201 insertions, 0 deletions
diff --git a/scripts/oauth.php b/scripts/oauth.php
new file mode 100644
index 0000000..48dface
--- /dev/null
+++ b/scripts/oauth.php
@@ -0,0 +1,201 @@
+<?php
+
+if (!defined('IN_FS')) {
+ die('Do not access this file directly.');
+}
+
+$providers = array(
+ 'github' => function() use ($conf) {
+ if (empty($conf['oauth']['github_secret']) ||
+ empty($conf['oauth']['github_id']) ||
+ empty($conf['oauth']['github_redirect'])) {
+
+ throw new Exception('Config error make sure the github_* variables are set.');
+ }
+ return new GithubProvider(array(
+ 'clientId' => $conf['oauth']['github_id'],
+ 'clientSecret' => $conf['oauth']['github_secret'],
+ 'redirectUri' => $conf['oauth']['github_redirect'],
+ 'scopes' => array('user:email')
+ ));
+ },
+ 'google' => function() use ($conf) {
+ if (empty($conf['oauth']['google_secret']) ||
+ empty($conf['oauth']['google_id']) ||
+ empty($conf['oauth']['google_redirect'])) {
+
+ throw new Exception('Config error make sure the google_* variables are set.');
+ }
+ return new League\OAuth2\Client\Provider\Google(array(
+ 'clientId' => $conf['oauth']['google_id'],
+ 'clientSecret' => $conf['oauth']['google_secret'],
+ 'redirectUri' => $conf['oauth']['google_redirect'],
+ 'scopes' => array('email', 'profile')
+ ));
+ },
+ 'facebook' => function() use ($conf) {
+ if (empty($conf['oauth']['facebook_secret']) ||
+ empty($conf['oauth']['facebook_id']) ||
+ empty($conf['oauth']['facebook_redirect'])) {
+
+ throw new Exception('Config error make sure the facebook_* variables are set.');
+ }
+ return new League\OAuth2\Client\Provider\Facebook(array(
+ 'clientId' => $conf['oauth']['facebook_id'],
+ 'clientSecret' => $conf['oauth']['facebook_secret'],
+ 'redirectUri' => $conf['oauth']['facebook_redirect'],
+ ));
+ },
+ 'microsoft' => function() use ($conf) {
+ if (empty($conf['oauth']['microsoft_secret']) ||
+ empty($conf['oauth']['microsoft_id']) ||
+ empty($conf['oauth']['microsoft_redirect'])) {
+
+ throw new Exception('Config error make sure the microsoft_* variables are set.');
+ }
+ return new League\OAuth2\Client\Provider\Microsoft(array(
+ 'clientId' => $conf['oauth']['microsoft_id'],
+ 'clientSecret' => $conf['oauth']['microsoft_secret'],
+ 'redirectUri' => $conf['oauth']['microsoft_redirect'],
+ ));
+ },
+ 'instagram' => function() use ($conf) {
+ if (empty($conf['oauth']['instagram_secret']) ||
+ empty($conf['oauth']['instagram_id']) ||
+ empty($conf['oauth']['instagram_redirect'])) {
+
+ throw new Exception('Config error make sure the instagram_* variables are set.');
+ }
+ return new League\OAuth2\Client\Provider\Instagram(array(
+ 'clientId' => $conf['oauth']['instagram_id'],
+ 'clientSecret' => $conf['oauth']['instagram_secret'],
+ 'redirectUri' => $conf['oauth']['instagram_redirect'],
+ ));
+ },
+ 'eventbrite' => function() use ($conf) {
+ if (empty($conf['oauth']['eventbrite_secret']) ||
+ empty($conf['oauth']['eventbrite_id']) ||
+ empty($conf['oauth']['eventbrite_redirect'])) {
+
+ throw new Exception('Config error make sure the eventbrite_* variables are set.');
+ }
+ return new League\OAuth2\Client\Provider\Eventbrite(array(
+ 'clientId' => $conf['oauth']['eventbrite_id'],
+ 'clientSecret' => $conf['oauth']['eventbrite_secret'],
+ 'redirectUri' => $conf['oauth']['eventbrite_redirect'],
+ ));
+ },
+ 'linkedin' => function() use ($conf) {
+ if (empty($conf['oauth']['linkedin_secret']) ||
+ empty($conf['oauth']['linkedin_id']) ||
+ empty($conf['oauth']['linkedin_redirect'])) {
+
+ throw new Exception('Config error make sure the linkedin_* variables are set.');
+ }
+ return new League\OAuth2\Client\Provider\LinkedIn(array(
+ 'clientId' => $conf['oauth']['linkedin_id'],
+ 'clientSecret' => $conf['oauth']['linkedin_secret'],
+ 'redirectUri' => $conf['oauth']['linkedin_redirect'],
+ ));
+ },
+ 'vkontakte' => function() use ($conf) {
+ if (empty($conf['oauth']['vkontakte_secret']) ||
+ empty($conf['oauth']['vkontakte_id']) ||
+ empty($conf['oauth']['vkontakte_redirect'])) {
+
+ throw new Exception('Config error make sure the vkontakte_* variables are set.');
+ }
+ return new League\OAuth2\Client\Provider\Vkontakte(array(
+ 'clientId' => $conf['oauth']['vkontakte_id'],
+ 'clientSecret' => $conf['oauth']['vkontakte_secret'],
+ 'redirectUri' => $conf['oauth']['vkontakte_redirect'],
+ ));
+ },
+);
+
+if (! isset($_SESSION['return_to'])) {
+ $_SESSION['return_to'] = base64_decode(Get::val('return_to', ''));
+ $_SESSION['return_to'] = $_SESSION['return_to'] ?: $baseurl;
+}
+
+$provider = isset($_SESSION['oauth_provider']) ? $_SESSION['oauth_provider'] : 'none';
+$provider = strtolower(Get::val('provider', $provider));
+unset($_SESSION['oauth_provider']);
+
+$active_oauths = explode(' ', $fs->prefs['active_oauths']);
+if (!in_array($provider, $active_oauths)) {
+ Flyspray::show_error(26);
+}
+
+$obj = $providers[$provider]();
+
+if ( ! Get::has('code') && ! Post::has('username')) {
+ // get authorization code
+ header('Location: '.$obj->getAuthorizationUrl());
+ exit;
+}
+
+if (isset($_SESSION['oauth_token'])) {
+ $token = unserialize($_SESSION['oauth_token']);
+ unset($_SESSION['oauth_token']);
+} else {
+ // Try to get an access token
+ try {
+ $token = $obj->getAccessToken('authorization_code', array('code' => $_GET['code']));
+ } catch (\League\OAuth2\Client\Exception\IDPException $e) {
+ throw new Exception($e->getMessage());
+ }
+}
+
+$user_details = $obj->getUserDetails($token);
+$uid = $user_details->uid;
+
+if (Post::has('username')) {
+ $username = Post::val('username');
+} else {
+ $username = $user_details->nickname;
+}
+
+// First time logging in
+if (! Flyspray::checkForOauthUser($uid, $provider)) {
+ if (! $user_details->email) {
+ Flyspray::show_error(27);
+ }
+
+ $success = false;
+
+ if ($username) {
+ $group_in = $fs->prefs['anon_group'];
+ $name = $user_details->name ?: $username;
+ $success = Backend::create_user($username, null, $name, '', $user_details->email, 0, 0, $group_in, 1, $uid, $provider);
+ }
+
+ // username taken or not provided, ask for it
+ if (!$success) {
+ $_SESSION['oauth_token'] = serialize($token);
+ $_SESSION['oauth_provider'] = $provider;
+ $page->assign('provider', ucfirst($provider));
+ $page->assign('username', $username);
+ $page->pushTpl('register.oauth.tpl');
+ return;
+ }
+}
+
+if (($user_id = Flyspray::checkLogin($user_details->email, null, 'oauth')) < 1) {
+ Flyspray::show_error(23); // account disabled
+}
+
+$user = new User($user_id);
+
+// Set a couple of cookies
+$passweirded = crypt($user->infos['user_pass'], $conf['general']['cookiesalt']);
+Flyspray::setCookie('flyspray_userid', $user->id, 0,null,null,null,true);
+Flyspray::setCookie('flyspray_passhash', $passweirded, 0,null,null,null,true);
+$_SESSION['SUCCESS'] = L('loginsuccessful');
+$db->query("UPDATE {users} SET last_login = ? WHERE user_id=?", array(time(), $user->id));
+
+$return_to = $_SESSION['return_to'];
+unset($_SESSION['return_to']);
+
+Flyspray::redirect($return_to);
+?>