mirror of
https://github.com/YunoHost-Apps/kanboard_ynh.git
synced 2024-09-03 19:36:17 +02:00
130 lines
3.9 KiB
PHP
130 lines
3.9 KiB
PHP
<?php
|
|
|
|
namespace Kanboard\Controller;
|
|
|
|
use Kanboard\Core\Security\OAuthAuthenticationProviderInterface;
|
|
|
|
/**
|
|
* OAuth controller
|
|
*
|
|
* @package controller
|
|
* @author Frederic Guillot
|
|
*/
|
|
class Oauth extends Base
|
|
{
|
|
/**
|
|
* Redirect to the provider if no code received
|
|
*
|
|
* @access private
|
|
* @param string $provider
|
|
*/
|
|
protected function step1($provider)
|
|
{
|
|
$code = $this->request->getStringParam('code');
|
|
$state = $this->request->getStringParam('state');
|
|
|
|
if (! empty($code)) {
|
|
$this->step2($provider, $code, $state);
|
|
} else {
|
|
$this->response->redirect($this->authenticationManager->getProvider($provider)->getService()->getAuthorizationUrl());
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Link or authenticate the user
|
|
*
|
|
* @access protected
|
|
* @param string $providerName
|
|
* @param string $code
|
|
* @param string $state
|
|
*/
|
|
protected function step2($providerName, $code, $state)
|
|
{
|
|
$provider = $this->authenticationManager->getProvider($providerName);
|
|
$provider->setCode($code);
|
|
$hasValidState = $provider->getService()->isValidateState($state);
|
|
|
|
if ($this->userSession->isLogged()) {
|
|
if ($hasValidState) {
|
|
$this->link($provider);
|
|
} else {
|
|
$this->flash->failure(t('The OAuth2 state parameter is invalid'));
|
|
$this->response->redirect($this->helper->url->to('user', 'external', array('user_id' => $this->userSession->getId())));
|
|
}
|
|
} else {
|
|
if ($hasValidState) {
|
|
$this->authenticate($providerName);
|
|
} else {
|
|
$this->authenticationFailure(t('The OAuth2 state parameter is invalid'));
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Link the account
|
|
*
|
|
* @access protected
|
|
* @param OAuthAuthenticationProviderInterface $provider
|
|
*/
|
|
protected function link(OAuthAuthenticationProviderInterface $provider)
|
|
{
|
|
if (! $provider->authenticate()) {
|
|
$this->flash->failure(t('External authentication failed'));
|
|
} else {
|
|
$this->userProfile->assign($this->userSession->getId(), $provider->getUser());
|
|
$this->flash->success(t('Your external account is linked to your profile successfully.'));
|
|
}
|
|
|
|
$this->response->redirect($this->helper->url->to('user', 'external', array('user_id' => $this->userSession->getId())));
|
|
}
|
|
|
|
/**
|
|
* Unlink external account
|
|
*
|
|
* @access public
|
|
*/
|
|
public function unlink()
|
|
{
|
|
$backend = $this->request->getStringParam('backend');
|
|
$this->checkCSRFParam();
|
|
|
|
if ($this->authenticationManager->getProvider($backend)->unlink($this->userSession->getId())) {
|
|
$this->flash->success(t('Your external account is not linked anymore to your profile.'));
|
|
} else {
|
|
$this->flash->failure(t('Unable to unlink your external account.'));
|
|
}
|
|
|
|
$this->response->redirect($this->helper->url->to('user', 'external', array('user_id' => $this->userSession->getId())));
|
|
}
|
|
|
|
/**
|
|
* Authenticate the account
|
|
*
|
|
* @access protected
|
|
* @param string $providerName
|
|
*/
|
|
protected function authenticate($providerName)
|
|
{
|
|
if ($this->authenticationManager->oauthAuthentication($providerName)) {
|
|
$this->response->redirect($this->helper->url->to('app', 'index'));
|
|
} else {
|
|
$this->authenticationFailure(t('External authentication failed'));
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Show login failure page
|
|
*
|
|
* @access protected
|
|
* @param string $message
|
|
*/
|
|
protected function authenticationFailure($message)
|
|
{
|
|
$this->response->html($this->helper->layout->app('auth/index', array(
|
|
'errors' => array('login' => $message),
|
|
'values' => array(),
|
|
'no_layout' => true,
|
|
'title' => t('Login')
|
|
)));
|
|
}
|
|
}
|