index : flyspray | |
Archlinux32 customized Flyspray installation | gitolite user |
summaryrefslogtreecommitdiff |
-rw-r--r-- | scripts/oauth.php | 201 |
diff --git a/scripts/oauth.php b/scripts/oauth.php new file mode 100644 index 0000000..48dface --- /dev/null +++ b/scripts/oauth.php @@ -0,0 +1,201 @@ +<?php + +if (!defined('IN_FS')) { + die('Do not access this file directly.'); +} + +$providers = array( + 'github' => function() use ($conf) { + if (empty($conf['oauth']['github_secret']) || + empty($conf['oauth']['github_id']) || + empty($conf['oauth']['github_redirect'])) { + + throw new Exception('Config error make sure the github_* variables are set.'); + } + return new GithubProvider(array( + 'clientId' => $conf['oauth']['github_id'], + 'clientSecret' => $conf['oauth']['github_secret'], + 'redirectUri' => $conf['oauth']['github_redirect'], + 'scopes' => array('user:email') + )); + }, + 'google' => function() use ($conf) { + if (empty($conf['oauth']['google_secret']) || + empty($conf['oauth']['google_id']) || + empty($conf['oauth']['google_redirect'])) { + + throw new Exception('Config error make sure the google_* variables are set.'); + } + return new League\OAuth2\Client\Provider\Google(array( + 'clientId' => $conf['oauth']['google_id'], + 'clientSecret' => $conf['oauth']['google_secret'], + 'redirectUri' => $conf['oauth']['google_redirect'], + 'scopes' => array('email', 'profile') + )); + }, + 'facebook' => function() use ($conf) { + if (empty($conf['oauth']['facebook_secret']) || + empty($conf['oauth']['facebook_id']) || + empty($conf['oauth']['facebook_redirect'])) { + + throw new Exception('Config error make sure the facebook_* variables are set.'); + } + return new League\OAuth2\Client\Provider\Facebook(array( + 'clientId' => $conf['oauth']['facebook_id'], + 'clientSecret' => $conf['oauth']['facebook_secret'], + 'redirectUri' => $conf['oauth']['facebook_redirect'], + )); + }, + 'microsoft' => function() use ($conf) { + if (empty($conf['oauth']['microsoft_secret']) || + empty($conf['oauth']['microsoft_id']) || + empty($conf['oauth']['microsoft_redirect'])) { + + throw new Exception('Config error make sure the microsoft_* variables are set.'); + } + return new League\OAuth2\Client\Provider\Microsoft(array( + 'clientId' => $conf['oauth']['microsoft_id'], + 'clientSecret' => $conf['oauth']['microsoft_secret'], + 'redirectUri' => $conf['oauth']['microsoft_redirect'], + )); + }, + 'instagram' => function() use ($conf) { + if (empty($conf['oauth']['instagram_secret']) || + empty($conf['oauth']['instagram_id']) || + empty($conf['oauth']['instagram_redirect'])) { + + throw new Exception('Config error make sure the instagram_* variables are set.'); + } + return new League\OAuth2\Client\Provider\Instagram(array( + 'clientId' => $conf['oauth']['instagram_id'], + 'clientSecret' => $conf['oauth']['instagram_secret'], + 'redirectUri' => $conf['oauth']['instagram_redirect'], + )); + }, + 'eventbrite' => function() use ($conf) { + if (empty($conf['oauth']['eventbrite_secret']) || + empty($conf['oauth']['eventbrite_id']) || + empty($conf['oauth']['eventbrite_redirect'])) { + + throw new Exception('Config error make sure the eventbrite_* variables are set.'); + } + return new League\OAuth2\Client\Provider\Eventbrite(array( + 'clientId' => $conf['oauth']['eventbrite_id'], + 'clientSecret' => $conf['oauth']['eventbrite_secret'], + 'redirectUri' => $conf['oauth']['eventbrite_redirect'], + )); + }, + 'linkedin' => function() use ($conf) { + if (empty($conf['oauth']['linkedin_secret']) || + empty($conf['oauth']['linkedin_id']) || + empty($conf['oauth']['linkedin_redirect'])) { + + throw new Exception('Config error make sure the linkedin_* variables are set.'); + } + return new League\OAuth2\Client\Provider\LinkedIn(array( + 'clientId' => $conf['oauth']['linkedin_id'], + 'clientSecret' => $conf['oauth']['linkedin_secret'], + 'redirectUri' => $conf['oauth']['linkedin_redirect'], + )); + }, + 'vkontakte' => function() use ($conf) { + if (empty($conf['oauth']['vkontakte_secret']) || + empty($conf['oauth']['vkontakte_id']) || + empty($conf['oauth']['vkontakte_redirect'])) { + + throw new Exception('Config error make sure the vkontakte_* variables are set.'); + } + return new League\OAuth2\Client\Provider\Vkontakte(array( + 'clientId' => $conf['oauth']['vkontakte_id'], + 'clientSecret' => $conf['oauth']['vkontakte_secret'], + 'redirectUri' => $conf['oauth']['vkontakte_redirect'], + )); + }, +); + +if (! isset($_SESSION['return_to'])) { + $_SESSION['return_to'] = base64_decode(Get::val('return_to', '')); + $_SESSION['return_to'] = $_SESSION['return_to'] ?: $baseurl; +} + +$provider = isset($_SESSION['oauth_provider']) ? $_SESSION['oauth_provider'] : 'none'; +$provider = strtolower(Get::val('provider', $provider)); +unset($_SESSION['oauth_provider']); + +$active_oauths = explode(' ', $fs->prefs['active_oauths']); +if (!in_array($provider, $active_oauths)) { + Flyspray::show_error(26); +} + +$obj = $providers[$provider](); + +if ( ! Get::has('code') && ! Post::has('username')) { + // get authorization code + header('Location: '.$obj->getAuthorizationUrl()); + exit; +} + +if (isset($_SESSION['oauth_token'])) { + $token = unserialize($_SESSION['oauth_token']); + unset($_SESSION['oauth_token']); +} else { + // Try to get an access token + try { + $token = $obj->getAccessToken('authorization_code', array('code' => $_GET['code'])); + } catch (\League\OAuth2\Client\Exception\IDPException $e) { + throw new Exception($e->getMessage()); + } +} + +$user_details = $obj->getUserDetails($token); +$uid = $user_details->uid; + +if (Post::has('username')) { + $username = Post::val('username'); +} else { + $username = $user_details->nickname; +} + +// First time logging in +if (! Flyspray::checkForOauthUser($uid, $provider)) { + if (! $user_details->email) { + Flyspray::show_error(27); + } + + $success = false; + + if ($username) { + $group_in = $fs->prefs['anon_group']; + $name = $user_details->name ?: $username; + $success = Backend::create_user($username, null, $name, '', $user_details->email, 0, 0, $group_in, 1, $uid, $provider); + } + + // username taken or not provided, ask for it + if (!$success) { + $_SESSION['oauth_token'] = serialize($token); + $_SESSION['oauth_provider'] = $provider; + $page->assign('provider', ucfirst($provider)); + $page->assign('username', $username); + $page->pushTpl('register.oauth.tpl'); + return; + } +} + +if (($user_id = Flyspray::checkLogin($user_details->email, null, 'oauth')) < 1) { + Flyspray::show_error(23); // account disabled +} + +$user = new User($user_id); + +// Set a couple of cookies +$passweirded = crypt($user->infos['user_pass'], $conf['general']['cookiesalt']); +Flyspray::setCookie('flyspray_userid', $user->id, 0,null,null,null,true); +Flyspray::setCookie('flyspray_passhash', $passweirded, 0,null,null,null,true); +$_SESSION['SUCCESS'] = L('loginsuccessful'); +$db->query("UPDATE {users} SET last_login = ? WHERE user_id=?", array(time(), $user->id)); + +$return_to = $_SESSION['return_to']; +unset($_SESSION['return_to']); + +Flyspray::redirect($return_to); +?> |