Commit | Line | Data |
---|---|---|
320f4a6d | 1 | <?php |
a9229942 | 2 | |
320f4a6d | 3 | namespace wcf\action; |
a9229942 | 4 | |
8b2a995f | 5 | use GuzzleHttp\Psr7\Request; |
320f4a6d | 6 | use wcf\system\request\LinkHandler; |
8b2a995f | 7 | use wcf\system\user\authentication\oauth\User as OauthUser; |
320f4a6d MW |
8 | use wcf\util\JSON; |
9 | use wcf\util\StringUtil; | |
10 | ||
11 | /** | |
8b2a995f | 12 | * Performs authentication against Google (GAIA). |
a9229942 TD |
13 | * |
14 | * @author Tim Duesterhus | |
15 | * @copyright 2001-2021 WoltLab GmbH | |
16 | * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php> | |
320f4a6d | 17 | */ |
34de730b | 18 | final class GoogleAuthAction extends AbstractOauth2AuthAction |
a9229942 | 19 | { |
34de730b | 20 | private array $configuration; |
a9229942 TD |
21 | |
22 | /** | |
23 | * Returns Google's OpenID Connect configuration. | |
24 | */ | |
34de730b | 25 | private function getConfiguration(): array |
a9229942 | 26 | { |
f41cd47c | 27 | if (!isset($this->configuration)) { |
a9229942 TD |
28 | $request = new Request('GET', 'https://accounts.google.com/.well-known/openid-configuration'); |
29 | $response = $this->getHttpClient()->send($request); | |
30 | ||
31 | $this->configuration = JSON::decode((string)$response->getBody()); | |
32 | } | |
33 | ||
34 | return $this->configuration; | |
35 | } | |
36 | ||
34de730b C |
37 | #[\Override] |
38 | protected function isEnabled(): bool | |
39 | { | |
40 | return !empty(GOOGLE_PUBLIC_KEY) && !empty(GOOGLE_PRIVATE_KEY); | |
41 | } | |
42 | ||
43 | #[\Override] | |
a9229942 TD |
44 | protected function getTokenEndpoint(): string |
45 | { | |
46 | return $this->getConfiguration()['token_endpoint']; | |
47 | } | |
48 | ||
34de730b | 49 | #[\Override] |
a9229942 TD |
50 | protected function getClientId(): string |
51 | { | |
52 | return StringUtil::trim(GOOGLE_PUBLIC_KEY); | |
53 | } | |
54 | ||
34de730b | 55 | #[\Override] |
a9229942 TD |
56 | protected function getClientSecret(): string |
57 | { | |
58 | return StringUtil::trim(GOOGLE_PRIVATE_KEY); | |
59 | } | |
60 | ||
34de730b | 61 | #[\Override] |
a9229942 TD |
62 | protected function getScope(): string |
63 | { | |
64 | return 'profile openid email'; | |
65 | } | |
66 | ||
34de730b | 67 | #[\Override] |
a9229942 TD |
68 | protected function getAuthorizeUrl(): string |
69 | { | |
70 | return $this->getConfiguration()['authorization_endpoint']; | |
71 | } | |
72 | ||
34de730b | 73 | #[\Override] |
a9229942 TD |
74 | protected function getCallbackUrl(): string |
75 | { | |
76 | return LinkHandler::getInstance()->getControllerLink(self::class); | |
77 | } | |
78 | ||
34de730b | 79 | #[\Override] |
a9229942 TD |
80 | protected function supportsState(): bool |
81 | { | |
82 | return true; | |
83 | } | |
84 | ||
34de730b | 85 | #[\Override] |
a9229942 TD |
86 | protected function getUser(array $accessToken): OauthUser |
87 | { | |
88 | $request = new Request('GET', $this->getConfiguration()['userinfo_endpoint'], [ | |
89 | 'accept' => 'application/json', | |
90 | 'authorization' => \sprintf('Bearer %s', $accessToken['access_token']), | |
91 | ]); | |
92 | $response = $this->getHttpClient()->send($request); | |
93 | $parsed = JSON::decode((string)$response->getBody()); | |
94 | ||
95 | $parsed['__id'] = $parsed['sub']; | |
96 | $parsed['__username'] = $parsed['name']; | |
97 | if ($parsed['email']) { | |
98 | $parsed['__email'] = $parsed['email']; | |
99 | } | |
100 | $parsed['accessToken'] = $accessToken; | |
101 | ||
102 | return new OauthUser($parsed); | |
103 | } | |
104 | ||
34de730b C |
105 | #[\Override] |
106 | protected function getProviderName(): string | |
a9229942 | 107 | { |
34de730b | 108 | return 'google'; |
a9229942 | 109 | } |
320f4a6d | 110 | } |