Pony.fm/app/Http/Controllers/AuthController.php

167 lines
5.7 KiB
PHP
Raw Permalink Normal View History

2015-08-31 16:30:02 +02:00
<?php
/**
* Pony.fm - A community for pony fan music.
* Copyright (C) 2015 Feld0.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
2021-02-14 03:34:58 +01:00
namespace App\Http\Controllers;
2015-09-06 19:21:11 +02:00
use App\Models\Activity;
use App\Models\User;
use Carbon\Carbon;
2021-02-14 20:46:41 +01:00
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
2021-02-14 20:45:51 +01:00
use Illuminate\Support\Facades\DB;
2021-02-14 20:46:41 +01:00
use Illuminate\Support\Facades\Log;
use Illuminate\Support\Facades\Redirect;
use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
use League\OAuth2\Client\Token\AccessToken;
use Poniverse\Lib\Client;
2015-08-31 16:30:02 +02:00
class AuthController extends Controller
{
protected $poniverse;
public function __construct()
{
$this->poniverse = new Client(config('poniverse.client_id'), config('poniverse.secret'), new \GuzzleHttp\Client());
2015-08-31 16:30:02 +02:00
}
public function getLogin()
{
if (Auth::guest()) {
return redirect(
$this->poniverse
->getOAuthProvider(['redirectUri' => action([static::class, 'getOAuth'])])
->getAuthorizationUrl());
2015-08-31 16:30:02 +02:00
}
return redirect()->to('/');
2015-08-31 16:30:02 +02:00
}
public function postLogout()
{
Auth::logout();
return redirect()->to('/');
2015-08-31 16:30:02 +02:00
}
public function getOAuth(Request $request)
2015-08-31 16:30:02 +02:00
{
$oauthProvider = $this->poniverse->getOAuthProvider();
try {
$accessToken = $oauthProvider->getAccessToken('authorization_code', [
'code' => $request->query('code'),
'redirect_uri' => action([static::class, 'getOAuth']),
]);
$this->poniverse->setAccessToken($accessToken);
$resourceOwner = $oauthProvider->getResourceOwner($accessToken);
} catch (IdentityProviderException $e) {
Log::error($e);
2015-08-31 16:30:02 +02:00
return redirect()->to('/')->with(
Laravel 5.2 Update (#106) * Adopt PSR-2 coding style The Laravel framework adopts the PSR-2 coding style in version 5.1. Laravel apps *should* adopt this coding style as well. Read the [PSR-2 coding style guide][1] for more details and check out [PHPCS][2] to use as a code formatting tool. [1]: https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style-guide.md [2]: https://github.com/squizlabs/PHP_CodeSniffer * Adopt PHP short array syntax Laravel 5 adopted the short array syntax which became available in PHP 5.4. * Remove SelfHandling from Jobs Jobs are self handling by default in Laravel 5.2. * Add new exceptions to `$dontReport` property * Shift core files * Shift Middleware Laravel 5.2 adjusts the `Guard` object used within middleware. In addition, new `can` and `throttles` middleware were added. * Shift Input to Request facade Laravel 5.2 no longer registers the `Input` facade by default. Laravel now prefers using the `Request` facade or the `$request` object within *Controllers* instead. Review the [HTTP Requests][1] documentation for more details. [1]: https://laravel.com/docs/5.2/requests * Shift configuration Laravel 5.2 introduces the `env` app configuration option and removes the `pretend` mail configuration option. In addition, a few of the default `providers` and `aliases` bindings were removed. * Shift Laravel dependencies * Shift cleanup * Updated composer.lock * Updated Middleware to 5.2 * Config update for Laravel 5.2 * [Laravel 5.2] Updated validation strings * Updated auth config * Updated to use middleware groups * Added laravel 5.2 sessions migration
2016-09-30 00:26:31 +02:00
'message',
'Unfortunately we are having problems attempting to log you in at the moment. Please try again at a later time.'
);
2015-08-31 16:30:02 +02:00
}
/** @var \Poniverse\Lib\Entity\Poniverse\User $poniverseUser */
$poniverseUser = $resourceOwner;
2015-08-31 16:30:02 +02:00
$token = DB::table('oauth2_tokens')
->where('external_user_id', '=', $poniverseUser->id)
->where('service', '=', 'poniverse')
->first();
2015-08-31 16:30:02 +02:00
$setData = [
'access_token' => $accessToken,
'expires' => Carbon::createFromTimestampUTC($accessToken->getExpires()),
'type' => 'Bearer',
];
2015-08-31 16:30:02 +02:00
if (! empty($accessToken->getRefreshToken())) {
$setData['refresh_token'] = $accessToken->getRefreshToken();
}
2015-08-31 16:30:02 +02:00
if ($token) {
//User already exists, update access token and refresh token if provided.
DB::table('oauth2_tokens')->where('id', '=', $token->id)->update($setData);
return $this->loginRedirect(User::find($token->user_id));
}
2015-08-31 16:30:02 +02:00
// Check by login name to see if they already have an account
$user = User::findOrCreate($poniverseUser->username, $poniverseUser->display_name, $poniverseUser->email);
2015-08-31 16:30:02 +02:00
if ($user->wasRecentlyCreated) {
// We need to insert a new token row :O
Laravel 5.2 Update (#106) * Adopt PSR-2 coding style The Laravel framework adopts the PSR-2 coding style in version 5.1. Laravel apps *should* adopt this coding style as well. Read the [PSR-2 coding style guide][1] for more details and check out [PHPCS][2] to use as a code formatting tool. [1]: https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style-guide.md [2]: https://github.com/squizlabs/PHP_CodeSniffer * Adopt PHP short array syntax Laravel 5 adopted the short array syntax which became available in PHP 5.4. * Remove SelfHandling from Jobs Jobs are self handling by default in Laravel 5.2. * Add new exceptions to `$dontReport` property * Shift core files * Shift Middleware Laravel 5.2 adjusts the `Guard` object used within middleware. In addition, new `can` and `throttles` middleware were added. * Shift Input to Request facade Laravel 5.2 no longer registers the `Input` facade by default. Laravel now prefers using the `Request` facade or the `$request` object within *Controllers* instead. Review the [HTTP Requests][1] documentation for more details. [1]: https://laravel.com/docs/5.2/requests * Shift configuration Laravel 5.2 introduces the `env` app configuration option and removes the `pretend` mail configuration option. In addition, a few of the default `providers` and `aliases` bindings were removed. * Shift Laravel dependencies * Shift cleanup * Updated composer.lock * Updated Middleware to 5.2 * Config update for Laravel 5.2 * [Laravel 5.2] Updated validation strings * Updated auth config * Updated to use middleware groups * Added laravel 5.2 sessions migration
2016-09-30 00:26:31 +02:00
$setData['user_id'] = $user->id;
$setData['external_user_id'] = $poniverseUser->id;
Laravel 5.2 Update (#106) * Adopt PSR-2 coding style The Laravel framework adopts the PSR-2 coding style in version 5.1. Laravel apps *should* adopt this coding style as well. Read the [PSR-2 coding style guide][1] for more details and check out [PHPCS][2] to use as a code formatting tool. [1]: https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style-guide.md [2]: https://github.com/squizlabs/PHP_CodeSniffer * Adopt PHP short array syntax Laravel 5 adopted the short array syntax which became available in PHP 5.4. * Remove SelfHandling from Jobs Jobs are self handling by default in Laravel 5.2. * Add new exceptions to `$dontReport` property * Shift core files * Shift Middleware Laravel 5.2 adjusts the `Guard` object used within middleware. In addition, new `can` and `throttles` middleware were added. * Shift Input to Request facade Laravel 5.2 no longer registers the `Input` facade by default. Laravel now prefers using the `Request` facade or the `$request` object within *Controllers* instead. Review the [HTTP Requests][1] documentation for more details. [1]: https://laravel.com/docs/5.2/requests * Shift configuration Laravel 5.2 introduces the `env` app configuration option and removes the `pretend` mail configuration option. In addition, a few of the default `providers` and `aliases` bindings were removed. * Shift Laravel dependencies * Shift cleanup * Updated composer.lock * Updated Middleware to 5.2 * Config update for Laravel 5.2 * [Laravel 5.2] Updated validation strings * Updated auth config * Updated to use middleware groups * Added laravel 5.2 sessions migration
2016-09-30 00:26:31 +02:00
$setData['service'] = 'poniverse';
DB::table('oauth2_tokens')->insert($setData);
// Subscribe the user to default email notifications
foreach (Activity::DEFAULT_EMAIL_TYPES as $activityType) {
$user->emailSubscriptions()->create(['activity_type' => $activityType]);
}
}
2015-08-31 16:30:02 +02:00
return $this->loginRedirect($user);
}
/**
* Processes requests to update a user's Poniverse information.
*
* @return \Illuminate\Http\JsonResponse
*/
public function postPoniverseAccountSync(Request $request)
{
$poniverseId = $request->get('id');
$updatedAttribute = $request->get('attribute');
// Only email address updates are supported at this time.
if ('email' !== $updatedAttribute) {
return response()->json(['message' => 'Unsupported Poniverse account attribute.'], 400);
}
$user = User::wherePoniverseId($poniverseId)->first();
/** @var AccessToken $accessToken */
$accessToken = $user->getAccessToken();
if ($accessToken->hasExpired()) {
$accessToken = $this->poniverse->getOAuthProvider()->getAccessToken('refresh_token', ['refresh_token' => $accessToken->getRefreshToken()]);
$user->setAccessToken($accessToken);
}
/** @var \Poniverse\Lib\Entity\Poniverse\User $newUserData */
$newUserData = $this->poniverse->getOAuthProvider()->getResourceOwner($accessToken);
$user->{$updatedAttribute} = $newUserData->{$updatedAttribute};
$user->save();
return response()->json(['message' => 'Successfully updated this user!'], 200);
2015-08-31 16:30:02 +02:00
}
protected function loginRedirect($user, $rememberMe = true)
{
Auth::login($user, $rememberMe);
return redirect()->to('/');
2015-08-31 16:30:02 +02:00
}
}