[GitHub/WoltLab/WCF.git] / wcfsetup / install / files / lib / action / GoogleAuthAction.class.php

<?php

namespace wcf\action;

use GuzzleHttp\Psr7\Request;
use wcf\system\request\LinkHandler;
use wcf\system\user\authentication\oauth\User as OauthUser;
use wcf\util\JSON;
use wcf\util\StringUtil;

/**
 * Performs authentication against Google (GAIA).
 *
 * @author  Tim Duesterhus
 * @copyright   2001-2021 WoltLab GmbH
 * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
 */
final class GoogleAuthAction extends AbstractOauth2AuthAction
{
    private array $configuration;

    /**
     * Returns Google's OpenID Connect configuration.
     */
    private function getConfiguration(): array
    {
        if (!isset($this->configuration)) {
            $request = new Request('GET', 'https://accounts.google.com/.well-known/openid-configuration');
            $response = $this->getHttpClient()->send($request);

            $this->configuration = JSON::decode((string)$response->getBody());
        }

        return $this->configuration;
    }

    #[\Override]
    protected function isEnabled(): bool
    {
        return !empty(GOOGLE_PUBLIC_KEY) && !empty(GOOGLE_PRIVATE_KEY);
    }

    #[\Override]
    protected function getTokenEndpoint(): string
    {
        return $this->getConfiguration()['token_endpoint'];
    }

    #[\Override]
    protected function getClientId(): string
    {
        return StringUtil::trim(GOOGLE_PUBLIC_KEY);
    }

    #[\Override]
    protected function getClientSecret(): string
    {
        return StringUtil::trim(GOOGLE_PRIVATE_KEY);
    }

    #[\Override]
    protected function getScope(): string
    {
        return 'profile openid email';
    }

    #[\Override]
    protected function getAuthorizeUrl(): string
    {
        return $this->getConfiguration()['authorization_endpoint'];
    }

    #[\Override]
    protected function getCallbackUrl(): string
    {
        return LinkHandler::getInstance()->getControllerLink(self::class);
    }

    #[\Override]
    protected function supportsState(): bool
    {
        return true;
    }

    #[\Override]
    protected function getUser(array $accessToken): OauthUser
    {
        $request = new Request('GET', $this->getConfiguration()['userinfo_endpoint'], [
            'accept' => 'application/json',
            'authorization' => \sprintf('Bearer %s', $accessToken['access_token']),
        ]);
        $response = $this->getHttpClient()->send($request);
        $parsed = JSON::decode((string)$response->getBody());

        $parsed['__id'] = $parsed['sub'];
        $parsed['__username'] = $parsed['name'];
        if ($parsed['email']) {
            $parsed['__email'] = $parsed['email'];
        }
        $parsed['accessToken'] = $accessToken;

        return new OauthUser($parsed);
    }

    #[\Override]
    protected function getProviderName(): string
    {
        return 'google';
    }
}
Commit	Line	Data
320f4a6d	1	<?php
a9229942	2
320f4a6d	3	namespace wcf\action;
a9229942	4
8b2a995f	5	use GuzzleHttp\Psr7\Request;
320f4a6d	6	use wcf\system\request\LinkHandler;
8b2a995f	7	use wcf\system\user\authentication\oauth\User as OauthUser;
320f4a6d MW	8	use wcf\util\JSON;
	9	use wcf\util\StringUtil;
	10
	11	/**
8b2a995f	12	* Performs authentication against Google (GAIA).
a9229942 TD	13	*
	14	* @author Tim Duesterhus
	15	* @copyright 2001-2021 WoltLab GmbH
	16	* @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
320f4a6d	17	*/
34de730b	18	final class GoogleAuthAction extends AbstractOauth2AuthAction
a9229942	19	{
34de730b	20	private array $configuration;
a9229942 TD	21
	22	/**
	23	* Returns Google's OpenID Connect configuration.
	24	*/
34de730b	25	private function getConfiguration(): array
a9229942	26	{
f41cd47c	27	if (!isset($this->configuration)) {
a9229942 TD	28	$request = new Request('GET', 'https://accounts.google.com/.well-known/openid-configuration');
	29	$response = $this->getHttpClient()->send($request);
	30
	31	$this->configuration = JSON::decode((string)$response->getBody());
	32	}
	33
	34	return $this->configuration;
	35	}
	36
34de730b C	37	#[\Override]
	38	protected function isEnabled(): bool
	39	{
	40	return !empty(GOOGLE_PUBLIC_KEY) && !empty(GOOGLE_PRIVATE_KEY);
	41	}
	42
	43	#[\Override]
a9229942 TD	44	protected function getTokenEndpoint(): string
	45	{
	46	return $this->getConfiguration()['token_endpoint'];
	47	}
	48
34de730b	49	#[\Override]
a9229942 TD	50	protected function getClientId(): string
	51	{
	52	return StringUtil::trim(GOOGLE_PUBLIC_KEY);
	53	}
	54
34de730b	55	#[\Override]
a9229942 TD	56	protected function getClientSecret(): string
	57	{
	58	return StringUtil::trim(GOOGLE_PRIVATE_KEY);
	59	}
	60
34de730b	61	#[\Override]
a9229942 TD	62	protected function getScope(): string
	63	{
	64	return 'profile openid email';
	65	}
	66
34de730b	67	#[\Override]
a9229942 TD	68	protected function getAuthorizeUrl(): string
	69	{
	70	return $this->getConfiguration()['authorization_endpoint'];
	71	}
	72
34de730b	73	#[\Override]
a9229942 TD	74	protected function getCallbackUrl(): string
	75	{
	76	return LinkHandler::getInstance()->getControllerLink(self::class);
	77	}
	78
34de730b	79	#[\Override]
a9229942 TD	80	protected function supportsState(): bool
	81	{
	82	return true;
	83	}
	84
34de730b	85	#[\Override]
a9229942 TD	86	protected function getUser(array $accessToken): OauthUser
	87	{
	88	$request = new Request('GET', $this->getConfiguration()['userinfo_endpoint'], [
	89	'accept' => 'application/json',
	90	'authorization' => \sprintf('Bearer %s', $accessToken['access_token']),
	91	]);
	92	$response = $this->getHttpClient()->send($request);
	93	$parsed = JSON::decode((string)$response->getBody());
	94
	95	$parsed['__id'] = $parsed['sub'];
	96	$parsed['__username'] = $parsed['name'];
	97	if ($parsed['email']) {
	98	$parsed['__email'] = $parsed['email'];
	99	}
	100	$parsed['accessToken'] = $accessToken;
	101
	102	return new OauthUser($parsed);
	103	}
	104
34de730b C	105	#[\Override]
34de730b C	106	protected function getProviderName(): string
a9229942	107	{
34de730b	108	return 'google';
a9229942	109	}
320f4a6d	110	}