[GitHub/WoltLab/WCF.git] / wcfsetup / install / files / lib / action / GoogleAuthAction.class.php

<?php

namespace wcf\action;

use GuzzleHttp\Psr7\Request;
use wcf\system\request\LinkHandler;
use wcf\system\user\authentication\oauth\User as OauthUser;
use wcf\util\JSON;
use wcf\util\StringUtil;

/**
 * Performs authentication against Google (GAIA).
 *
 * @author  Tim Duesterhus
 * @copyright   2001-2021 WoltLab GmbH
 * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
 */
final class GoogleAuthAction extends AbstractOauth2AuthAction
{
    const AVAILABLE_DURING_OFFLINE_MODE = true;

    private array $configuration;

    /**
     * Returns Google's OpenID Connect configuration.
     */
    private function getConfiguration(): array
    {
        if (!isset($this->configuration)) {
            $request = new Request('GET', 'https://accounts.google.com/.well-known/openid-configuration');
            $response = $this->getHttpClient()->send($request);

            $this->configuration = JSON::decode((string)$response->getBody());
        }

        return $this->configuration;
    }

    #[\Override]
    protected function getTokenEndpoint(): string
    {
        return $this->getConfiguration()['token_endpoint'];
    }

    #[\Override]
    protected function getClientId(): string
    {
        return StringUtil::trim(GOOGLE_PUBLIC_KEY);
    }

    #[\Override]
    protected function getClientSecret(): string
    {
        return StringUtil::trim(GOOGLE_PRIVATE_KEY);
    }

    #[\Override]
    protected function getScope(): string
    {
        return 'profile openid email';
    }

    #[\Override]
    protected function getAuthorizeUrl(): string
    {
        return $this->getConfiguration()['authorization_endpoint'];
    }

    #[\Override]
    protected function getCallbackUrl(): string
    {
        return LinkHandler::getInstance()->getControllerLink(self::class);
    }

    #[\Override]
    protected function supportsState(): bool
    {
        return true;
    }

    #[\Override]
    protected function getUser(array $accessToken): OauthUser
    {
        $request = new Request('GET', $this->getConfiguration()['userinfo_endpoint'], [
            'accept' => 'application/json',
            'authorization' => \sprintf('Bearer %s', $accessToken['access_token']),
        ]);
        $response = $this->getHttpClient()->send($request);
        $parsed = JSON::decode((string)$response->getBody());

        $parsed['__id'] = $parsed['sub'];
        $parsed['__username'] = $parsed['name'];
        if ($parsed['email']) {
            $parsed['__email'] = $parsed['email'];
        }
        $parsed['accessToken'] = $accessToken;

        return new OauthUser($parsed);
    }

    #[\Override]
    protected function getProviderName(): string
    {
        return 'google';
    }
}
Commit	Line	Data
320f4a6d	1	<?php
a9229942	2
320f4a6d	3	namespace wcf\action;
a9229942	4
8b2a995f	5	use GuzzleHttp\Psr7\Request;
320f4a6d	6	use wcf\system\request\LinkHandler;
8b2a995f	7	use wcf\system\user\authentication\oauth\User as OauthUser;
320f4a6d MW	8	use wcf\util\JSON;
	9	use wcf\util\StringUtil;
	10
	11	/**
8b2a995f	12	* Performs authentication against Google (GAIA).
a9229942 TD	13	*
	14	* @author Tim Duesterhus
	15	* @copyright 2001-2021 WoltLab GmbH
	16	* @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
320f4a6d	17	*/
34de730b	18	final class GoogleAuthAction extends AbstractOauth2AuthAction
a9229942	19	{
3dbbe12f MW	20	const AVAILABLE_DURING_OFFLINE_MODE = true;
3dbbe12f MW	21
34de730b	22	private array $configuration;
a9229942 TD	23
	24	/**
	25	* Returns Google's OpenID Connect configuration.
	26	*/
34de730b	27	private function getConfiguration(): array
a9229942	28	{
f41cd47c	29	if (!isset($this->configuration)) {
a9229942 TD	30	$request = new Request('GET', 'https://accounts.google.com/.well-known/openid-configuration');
	31	$response = $this->getHttpClient()->send($request);
	32
	33	$this->configuration = JSON::decode((string)$response->getBody());
	34	}
	35
	36	return $this->configuration;
	37	}
	38
34de730b	39	#[\Override]
a9229942 TD	40	protected function getTokenEndpoint(): string
	41	{
	42	return $this->getConfiguration()['token_endpoint'];
	43	}
	44
34de730b	45	#[\Override]
a9229942 TD	46	protected function getClientId(): string
	47	{
	48	return StringUtil::trim(GOOGLE_PUBLIC_KEY);
	49	}
	50
34de730b	51	#[\Override]
a9229942 TD	52	protected function getClientSecret(): string
	53	{
	54	return StringUtil::trim(GOOGLE_PRIVATE_KEY);
	55	}
	56
34de730b	57	#[\Override]
a9229942 TD	58	protected function getScope(): string
	59	{
	60	return 'profile openid email';
	61	}
	62
34de730b	63	#[\Override]
a9229942 TD	64	protected function getAuthorizeUrl(): string
	65	{
	66	return $this->getConfiguration()['authorization_endpoint'];
	67	}
	68
34de730b	69	#[\Override]
a9229942 TD	70	protected function getCallbackUrl(): string
	71	{
	72	return LinkHandler::getInstance()->getControllerLink(self::class);
	73	}
	74
34de730b	75	#[\Override]
a9229942 TD	76	protected function supportsState(): bool
	77	{
	78	return true;
	79	}
	80
34de730b	81	#[\Override]
a9229942 TD	82	protected function getUser(array $accessToken): OauthUser
	83	{
	84	$request = new Request('GET', $this->getConfiguration()['userinfo_endpoint'], [
	85	'accept' => 'application/json',
	86	'authorization' => \sprintf('Bearer %s', $accessToken['access_token']),
	87	]);
	88	$response = $this->getHttpClient()->send($request);
	89	$parsed = JSON::decode((string)$response->getBody());
	90
	91	$parsed['__id'] = $parsed['sub'];
	92	$parsed['__username'] = $parsed['name'];
	93	if ($parsed['email']) {
	94	$parsed['__email'] = $parsed['email'];
	95	}
	96	$parsed['accessToken'] = $accessToken;
	97
	98	return new OauthUser($parsed);
	99	}
	100
34de730b C	101	#[\Override]
34de730b C	102	protected function getProviderName(): string
a9229942	103	{
34de730b	104	return 'google';
a9229942	105	}
320f4a6d	106	}