1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
|
<?php
/*!
* HybridAuth
* http://hybridauth.sourceforge.net | http://github.com/hybridauth/hybridauth
* (c) 2009-2012, HybridAuth authors | http://hybridauth.sourceforge.net/licenses.html
*/
/**
* To implement an OAuth 2 based service provider, Hybrid_Provider_Model_OAuth2
* can be used to save the hassle of the authentication flow.
*
* Each class that inherit from Hybrid_Provider_Model_OAuth2 have to implemenent
* at least 2 methods:
* Hybrid_Providers_{provider_name}::initialize() to setup the provider api end-points urls
* Hybrid_Providers_{provider_name}::getUserProfile() to grab the user profile
*
* Hybrid_Provider_Model_OAuth2 use OAuth2Client v0.1 which can be found on
* Hybrid/thirdparty/OAuth/OAuth2Client.php
*/
class Hybrid_Provider_Model_OAuth2 extends Hybrid_Provider_Model
{
// default permissions
public $scope = "";
/**
* try to get the error message from provider api
*/
function errorMessageByStatus( $code = null ) {
$http_status_codes = ARRAY(
200 => "OK: Success!",
304 => "Not Modified: There was no new data to return.",
400 => "Bad Request: The request was invalid.",
401 => "Unauthorized.",
403 => "Forbidden: The request is understood, but it has been refused.",
404 => "Not Found: The URI requested is invalid or the resource requested does not exists.",
406 => "Not Acceptable.",
500 => "Internal Server Error: Something is broken.",
502 => "Bad Gateway.",
503 => "Service Unavailable."
);
if( ! $code && $this->api )
$code = $this->api->http_code;
if( isset( $http_status_codes[ $code ] ) )
return $code . " " . $http_status_codes[ $code ];
}
// --------------------------------------------------------------------
/**
* adapter initializer
*/
function initialize()
{
if ( ! $this->config["keys"]["id"] || ! $this->config["keys"]["secret"] ){
throw new Exception( "Your application id and secret are required in order to connect to {$this->providerId}.", 4 );
}
// override requested scope
if( isset( $this->config["scope"] ) && ! empty( $this->config["scope"] ) ){
$this->scope = $this->config["scope"];
}
// include OAuth2 client
require_once Hybrid_Auth::$config["path_libraries"] . "OAuth/OAuth2Client.php";
// create a new OAuth2 client instance
$this->api = new OAuth2Client( $this->config["keys"]["id"], $this->config["keys"]["secret"], $this->endpoint );
// If we have an access token, set it
if( $this->token( "access_token" ) ){
$this->api->access_token = $this->token( "access_token" );
$this->api->refresh_token = $this->token( "refresh_token" );
$this->api->access_token_expires_in = $this->token( "expires_in" );
$this->api->access_token_expires_at = $this->token( "expires_at" );
}
// Set curl proxy if exist
if( isset( Hybrid_Auth::$config["proxy"] ) ){
$this->api->curl_proxy = Hybrid_Auth::$config["proxy"];
}
}
// --------------------------------------------------------------------
/**
* begin login step
*/
function loginBegin()
{
// redirect the user to the provider authentication url
Hybrid_Auth::redirect( $this->api->authorizeUrl( array( "scope" => $this->scope ) ) );
}
// --------------------------------------------------------------------
/**
* finish login step
*/
function loginFinish()
{
$error = (array_key_exists('error',$_REQUEST))?$_REQUEST['error']:"";
// check for errors
if ( $error ){
throw new Exception( "Authentication failed! {$this->providerId} returned an error: $error", 5 );
}
// try to authenicate user
$code = (array_key_exists('code',$_REQUEST))?$_REQUEST['code']:"";
try{
$this->api->authenticate( $code );
}
catch( Exception $e ){
throw new Exception( "User profile request failed! {$this->providerId} returned an error: $e", 6 );
}
// check if authenticated
if ( ! $this->api->access_token ){
throw new Exception( "Authentication failed! {$this->providerId} returned an invalid access token.", 5 );
}
// store tokens
$this->token( "access_token" , $this->api->access_token );
$this->token( "refresh_token", $this->api->refresh_token );
$this->token( "expires_in" , $this->api->access_token_expires_in );
$this->token( "expires_at" , $this->api->access_token_expires_at );
// set user connected locally
$this->setUserConnected();
}
function refreshToken()
{
// have an access token?
if( $this->api->access_token ){
// have to refresh?
if( $this->api->refresh_token && $this->api->access_token_expires_at ){
// expired?
if( $this->api->access_token_expires_at <= time() ){
$response = $this->api->refreshToken( array( "refresh_token" => $this->api->refresh_token ) );
if( ! isset( $response->access_token ) || ! $response->access_token ){
// set the user as disconnected at this point and throw an exception
$this->setUserUnconnected();
throw new Exception( "The Authorization Service has return an invalid response while requesting a new access token. " . (string) $response->error );
}
// set new access_token
$this->api->access_token = $response->access_token;
if( isset( $response->refresh_token ) )
$this->api->refresh_token = $response->refresh_token;
if( isset( $response->expires_in ) ){
$this->api->access_token_expires_in = $response->expires_in;
// even given by some idp, we should calculate this
$this->api->access_token_expires_at = time() + $response->expires_in;
}
}
}
// re store tokens
$this->token( "access_token" , $this->api->access_token );
$this->token( "refresh_token", $this->api->refresh_token );
$this->token( "expires_in" , $this->api->access_token_expires_in );
$this->token( "expires_at" , $this->api->access_token_expires_at );
}
}
}
|
