[GitHub/WoltLab/WCF.git] / wcfsetup / install / files / lib / action / GithubAuthAction.class.php

<?php

namespace wcf\action;

use GuzzleHttp\Psr7\Request;
use Psr\Http\Client\ClientExceptionInterface;
use Psr\Http\Message\ResponseInterface;
use wcf\system\request\LinkHandler;
use wcf\system\user\authentication\oauth\User as OauthUser;
use wcf\util\JSON;
use wcf\util\StringUtil;

/**
 * Performs authentication against GitHub.com
 *
 * @author  Tim Duesterhus
 * @copyright   2001-2021 WoltLab GmbH
 * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
 */
final class GithubAuthAction extends AbstractOauth2AuthAction
{
    const AVAILABLE_DURING_OFFLINE_MODE = true;

    #[\Override]
    protected function getTokenEndpoint(): string
    {
        return 'https://github.com/login/oauth/access_token';
    }

    #[\Override]
    protected function getClientId(): string
    {
        return StringUtil::trim(GITHUB_PUBLIC_KEY);
    }

    #[\Override]
    protected function getClientSecret(): string
    {
        return StringUtil::trim(GITHUB_PRIVATE_KEY);
    }

    #[\Override]
    protected function getScope(): string
    {
        return 'user:email';
    }

    #[\Override]
    protected function getAuthorizeUrl(): string
    {
        return 'https://github.com/login/oauth/authorize';
    }

    #[\Override]
    protected function getCallbackUrl(): string
    {
        return LinkHandler::getInstance()->getControllerLink(self::class);
    }

    #[\Override]
    protected function supportsState(): bool
    {
        return true;
    }

    #[\Override]
    protected function getUser(array $accessToken): OauthUser
    {
        $request = new Request('GET', 'https://api.github.com/user', [
            'accept' => 'application/json',
            'authorization' => \sprintf('Bearer %s', $accessToken['access_token']),
        ]);
        $response = $this->getHttpClient()->send($request);
        $parsed = JSON::decode((string)$response->getBody());

        $parsed['__id'] = $parsed['id'];
        $parsed['__username'] = $parsed['login'];
        $parsed['accessToken'] = $accessToken;

        return new OauthUser($parsed);
    }

    #[\Override]
    protected function getProviderName(): string
    {
        return 'github';
    }

    #[\Override]
    protected function redirectToRegistration(OauthUser $oauthUser): ResponseInterface
    {
        try {
            $request = new Request('GET', 'https://api.github.com/user/emails', [
                'accept' => 'application/json',
                'authorization' => \sprintf('Bearer %s', $oauthUser["accessToken"]["access_token"]),
            ]);
            $response = $this->getHttpClient()->send($request);
            $emails = JSON::decode((string)$response->getBody());

            // search primary email
            $email = $emails[0]['email'];
            foreach ($emails as $tmp) {
                if ($tmp['primary']) {
                    $email = $tmp['email'];
                    break;
                }
            }
            $oauthUser["__email"] = $email;
        } catch (ClientExceptionInterface $e) {
        }

        return parent::redirectToRegistration($oauthUser);
    }
}
Commit	Line	Data
320f4a6d	1	<?php
a9229942	2
320f4a6d	3	namespace wcf\action;
a9229942	4
8b2a995f	5	use GuzzleHttp\Psr7\Request;
85176ea5	6	use Psr\Http\Client\ClientExceptionInterface;
f41cd47c	7	use Psr\Http\Message\ResponseInterface;
320f4a6d	8	use wcf\system\request\LinkHandler;
8b2a995f	9	use wcf\system\user\authentication\oauth\User as OauthUser;
320f4a6d MW	10	use wcf\util\JSON;
	11	use wcf\util\StringUtil;
	12
	13	/**
8b2a995f	14	* Performs authentication against GitHub.com
a9229942 TD	15	*
	16	* @author Tim Duesterhus
	17	* @copyright 2001-2021 WoltLab GmbH
	18	* @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
320f4a6d	19	*/
34de730b	20	final class GithubAuthAction extends AbstractOauth2AuthAction
a9229942	21	{
3dbbe12f MW	22	const AVAILABLE_DURING_OFFLINE_MODE = true;
3dbbe12f MW	23
34de730b	24	#[\Override]
a9229942 TD	25	protected function getTokenEndpoint(): string
	26	{
	27	return 'https://github.com/login/oauth/access_token';
	28	}
	29
34de730b	30	#[\Override]
a9229942 TD	31	protected function getClientId(): string
	32	{
	33	return StringUtil::trim(GITHUB_PUBLIC_KEY);
	34	}
	35
34de730b	36	#[\Override]
a9229942 TD	37	protected function getClientSecret(): string
	38	{
	39	return StringUtil::trim(GITHUB_PRIVATE_KEY);
	40	}
	41
34de730b	42	#[\Override]
a9229942 TD	43	protected function getScope(): string
	44	{
	45	return 'user:email';
	46	}
	47
34de730b	48	#[\Override]
a9229942 TD	49	protected function getAuthorizeUrl(): string
	50	{
	51	return 'https://github.com/login/oauth/authorize';
	52	}
	53
34de730b	54	#[\Override]
a9229942 TD	55	protected function getCallbackUrl(): string
	56	{
	57	return LinkHandler::getInstance()->getControllerLink(self::class);
	58	}
	59
34de730b	60	#[\Override]
a9229942 TD	61	protected function supportsState(): bool
	62	{
	63	return true;
	64	}
	65
34de730b	66	#[\Override]
a9229942 TD	67	protected function getUser(array $accessToken): OauthUser
	68	{
	69	$request = new Request('GET', 'https://api.github.com/user', [
	70	'accept' => 'application/json',
	71	'authorization' => \sprintf('Bearer %s', $accessToken['access_token']),
	72	]);
	73	$response = $this->getHttpClient()->send($request);
	74	$parsed = JSON::decode((string)$response->getBody());
	75
	76	$parsed['__id'] = $parsed['id'];
	77	$parsed['__username'] = $parsed['login'];
	78	$parsed['accessToken'] = $accessToken;
	79
	80	return new OauthUser($parsed);
	81	}
	82
34de730b	83	#[\Override]
34de730b C	84	protected function getProviderName(): string
	85	{
	86	return 'github';
	87	}
a9229942	88
34de730b	89	#[\Override]
359c5313	90	protected function redirectToRegistration(OauthUser $oauthUser): ResponseInterface
34de730b C	91	{
	92	try {
	93	$request = new Request('GET', 'https://api.github.com/user/emails', [
	94	'accept' => 'application/json',
	95	'authorization' => \sprintf('Bearer %s', $oauthUser["accessToken"]["access_token"]),
	96	]);
	97	$response = $this->getHttpClient()->send($request);
	98	$emails = JSON::decode((string)$response->getBody());
	99
	100	// search primary email
	101	$email = $emails[0]['email'];
	102	foreach ($emails as $tmp) {
	103	if ($tmp['primary']) {
	104	$email = $tmp['email'];
	105	break;
	106	}
a9229942	107	}
34de730b C	108	$oauthUser["__email"] = $email;
34de730b C	109	} catch (ClientExceptionInterface $e) {
a9229942	110	}
34de730b	111
359c5313	112	return parent::redirectToRegistration($oauthUser);
a9229942	113	}
320f4a6d	114	}