Commit | Line | Data |
---|---|---|
320f4a6d | 1 | <?php |
a9229942 | 2 | |
320f4a6d | 3 | namespace wcf\action; |
a9229942 | 4 | |
8b2a995f | 5 | use GuzzleHttp\Psr7\Request; |
85176ea5 | 6 | use Psr\Http\Client\ClientExceptionInterface; |
f41cd47c | 7 | use Psr\Http\Message\ResponseInterface; |
320f4a6d | 8 | use wcf\system\request\LinkHandler; |
8b2a995f | 9 | use wcf\system\user\authentication\oauth\User as OauthUser; |
320f4a6d MW |
10 | use wcf\util\JSON; |
11 | use wcf\util\StringUtil; | |
12 | ||
13 | /** | |
8b2a995f | 14 | * Performs authentication against GitHub.com |
a9229942 TD |
15 | * |
16 | * @author Tim Duesterhus | |
17 | * @copyright 2001-2021 WoltLab GmbH | |
18 | * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php> | |
320f4a6d | 19 | */ |
34de730b | 20 | final class GithubAuthAction extends AbstractOauth2AuthAction |
a9229942 | 21 | { |
3dbbe12f MW |
22 | const AVAILABLE_DURING_OFFLINE_MODE = true; |
23 | ||
34de730b | 24 | #[\Override] |
a9229942 TD |
25 | protected function getTokenEndpoint(): string |
26 | { | |
27 | return 'https://github.com/login/oauth/access_token'; | |
28 | } | |
29 | ||
34de730b | 30 | #[\Override] |
a9229942 TD |
31 | protected function getClientId(): string |
32 | { | |
33 | return StringUtil::trim(GITHUB_PUBLIC_KEY); | |
34 | } | |
35 | ||
34de730b | 36 | #[\Override] |
a9229942 TD |
37 | protected function getClientSecret(): string |
38 | { | |
39 | return StringUtil::trim(GITHUB_PRIVATE_KEY); | |
40 | } | |
41 | ||
34de730b | 42 | #[\Override] |
a9229942 TD |
43 | protected function getScope(): string |
44 | { | |
45 | return 'user:email'; | |
46 | } | |
47 | ||
34de730b | 48 | #[\Override] |
a9229942 TD |
49 | protected function getAuthorizeUrl(): string |
50 | { | |
51 | return 'https://github.com/login/oauth/authorize'; | |
52 | } | |
53 | ||
34de730b | 54 | #[\Override] |
a9229942 TD |
55 | protected function getCallbackUrl(): string |
56 | { | |
57 | return LinkHandler::getInstance()->getControllerLink(self::class); | |
58 | } | |
59 | ||
34de730b | 60 | #[\Override] |
a9229942 TD |
61 | protected function supportsState(): bool |
62 | { | |
63 | return true; | |
64 | } | |
65 | ||
34de730b | 66 | #[\Override] |
a9229942 TD |
67 | protected function getUser(array $accessToken): OauthUser |
68 | { | |
69 | $request = new Request('GET', 'https://api.github.com/user', [ | |
70 | 'accept' => 'application/json', | |
71 | 'authorization' => \sprintf('Bearer %s', $accessToken['access_token']), | |
72 | ]); | |
73 | $response = $this->getHttpClient()->send($request); | |
74 | $parsed = JSON::decode((string)$response->getBody()); | |
75 | ||
76 | $parsed['__id'] = $parsed['id']; | |
77 | $parsed['__username'] = $parsed['login']; | |
78 | $parsed['accessToken'] = $accessToken; | |
79 | ||
80 | return new OauthUser($parsed); | |
81 | } | |
82 | ||
34de730b | 83 | #[\Override] |
34de730b C |
84 | protected function getProviderName(): string |
85 | { | |
86 | return 'github'; | |
87 | } | |
a9229942 | 88 | |
34de730b | 89 | #[\Override] |
359c5313 | 90 | protected function redirectToRegistration(OauthUser $oauthUser): ResponseInterface |
34de730b C |
91 | { |
92 | try { | |
93 | $request = new Request('GET', 'https://api.github.com/user/emails', [ | |
94 | 'accept' => 'application/json', | |
95 | 'authorization' => \sprintf('Bearer %s', $oauthUser["accessToken"]["access_token"]), | |
96 | ]); | |
97 | $response = $this->getHttpClient()->send($request); | |
98 | $emails = JSON::decode((string)$response->getBody()); | |
99 | ||
100 | // search primary email | |
101 | $email = $emails[0]['email']; | |
102 | foreach ($emails as $tmp) { | |
103 | if ($tmp['primary']) { | |
104 | $email = $tmp['email']; | |
105 | break; | |
106 | } | |
a9229942 | 107 | } |
34de730b C |
108 | $oauthUser["__email"] = $email; |
109 | } catch (ClientExceptionInterface $e) { | |
a9229942 | 110 | } |
34de730b | 111 | |
359c5313 | 112 | return parent::redirectToRegistration($oauthUser); |
a9229942 | 113 | } |
320f4a6d | 114 | } |