Commit | Line | Data |
---|---|---|
320f4a6d | 1 | <?php |
a9229942 | 2 | |
320f4a6d | 3 | namespace wcf\action; |
a9229942 | 4 | |
8b2a995f | 5 | use GuzzleHttp\Psr7\Request; |
320f4a6d | 6 | use wcf\system\request\LinkHandler; |
8b2a995f | 7 | use wcf\system\user\authentication\oauth\User as OauthUser; |
320f4a6d MW |
8 | use wcf\util\JSON; |
9 | use wcf\util\StringUtil; | |
10 | ||
11 | /** | |
8b2a995f | 12 | * Performs authentication against Google (GAIA). |
a9229942 TD |
13 | * |
14 | * @author Tim Duesterhus | |
15 | * @copyright 2001-2021 WoltLab GmbH | |
16 | * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php> | |
320f4a6d | 17 | */ |
34de730b | 18 | final class GoogleAuthAction extends AbstractOauth2AuthAction |
a9229942 | 19 | { |
3dbbe12f MW |
20 | const AVAILABLE_DURING_OFFLINE_MODE = true; |
21 | ||
34de730b | 22 | private array $configuration; |
a9229942 TD |
23 | |
24 | /** | |
25 | * Returns Google's OpenID Connect configuration. | |
26 | */ | |
34de730b | 27 | private function getConfiguration(): array |
a9229942 | 28 | { |
f41cd47c | 29 | if (!isset($this->configuration)) { |
a9229942 TD |
30 | $request = new Request('GET', 'https://accounts.google.com/.well-known/openid-configuration'); |
31 | $response = $this->getHttpClient()->send($request); | |
32 | ||
33 | $this->configuration = JSON::decode((string)$response->getBody()); | |
34 | } | |
35 | ||
36 | return $this->configuration; | |
37 | } | |
38 | ||
34de730b | 39 | #[\Override] |
a9229942 TD |
40 | protected function getTokenEndpoint(): string |
41 | { | |
42 | return $this->getConfiguration()['token_endpoint']; | |
43 | } | |
44 | ||
34de730b | 45 | #[\Override] |
a9229942 TD |
46 | protected function getClientId(): string |
47 | { | |
48 | return StringUtil::trim(GOOGLE_PUBLIC_KEY); | |
49 | } | |
50 | ||
34de730b | 51 | #[\Override] |
a9229942 TD |
52 | protected function getClientSecret(): string |
53 | { | |
54 | return StringUtil::trim(GOOGLE_PRIVATE_KEY); | |
55 | } | |
56 | ||
34de730b | 57 | #[\Override] |
a9229942 TD |
58 | protected function getScope(): string |
59 | { | |
60 | return 'profile openid email'; | |
61 | } | |
62 | ||
34de730b | 63 | #[\Override] |
a9229942 TD |
64 | protected function getAuthorizeUrl(): string |
65 | { | |
66 | return $this->getConfiguration()['authorization_endpoint']; | |
67 | } | |
68 | ||
34de730b | 69 | #[\Override] |
a9229942 TD |
70 | protected function getCallbackUrl(): string |
71 | { | |
72 | return LinkHandler::getInstance()->getControllerLink(self::class); | |
73 | } | |
74 | ||
34de730b | 75 | #[\Override] |
a9229942 TD |
76 | protected function supportsState(): bool |
77 | { | |
78 | return true; | |
79 | } | |
80 | ||
34de730b | 81 | #[\Override] |
a9229942 TD |
82 | protected function getUser(array $accessToken): OauthUser |
83 | { | |
84 | $request = new Request('GET', $this->getConfiguration()['userinfo_endpoint'], [ | |
85 | 'accept' => 'application/json', | |
86 | 'authorization' => \sprintf('Bearer %s', $accessToken['access_token']), | |
87 | ]); | |
88 | $response = $this->getHttpClient()->send($request); | |
89 | $parsed = JSON::decode((string)$response->getBody()); | |
90 | ||
91 | $parsed['__id'] = $parsed['sub']; | |
92 | $parsed['__username'] = $parsed['name']; | |
93 | if ($parsed['email']) { | |
94 | $parsed['__email'] = $parsed['email']; | |
95 | } | |
96 | $parsed['accessToken'] = $accessToken; | |
97 | ||
98 | return new OauthUser($parsed); | |
99 | } | |
100 | ||
34de730b C |
101 | #[\Override] |
102 | protected function getProviderName(): string | |
a9229942 | 103 | { |
34de730b | 104 | return 'google'; |
a9229942 | 105 | } |
320f4a6d | 106 | } |