keksAccount/app/Http/Controllers/oAuthController.php

<?php

namespace App\Http\Controllers;

use App\Entity\Token;
use App\Exceptions\HTTPException;
use App\Models\AccessToken;
use App\Models\App;
use App\Models\AppAccess;
use App\Models\AppCode;
use App\Models\RefreshToken;
use App\Models\User;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Log;

class oAuthController extends Controller
{
    /**
     * Create a new controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        //
    }

    public function authorizeView(Request $request) {
        $app = App::query()->where("apiKey", "=", $request->input("client_id"))->first();
        $user = Auth::user();
        $redirect = false;
        if($user != null) {
            $access = AppAccess::getOrCreate($user->id, $app->id);
            if($access->status == "allowed") {
                $redirect = true;
            }
            if($app->auto_accept == true) {
                $access->status = "allowed";
                $access->saveOrFail();
                $redirect = true;
            }
            // @ToDo: if access is already granted redirect direct without ask user again
        }

        if($redirect) {
            $returnUrl = urldecode($request->input("redirect_uri"));
            if(strpos($returnUrl, "?") > 0) {
                Log::debug("Found questionmark in redirect_uri");
                if(substr($returnUrl, -1, 1) != "&") {
                    Log::debug("Add & to the redirect_uri");
                    $returnUrl .= "&";
                }
            } else {
                $returnUrl .= "?";

            }
            $appCode = AppCode::createCode($access);
            $returnUrl.="code=".$appCode->code."&state=".$request->input("state");

            Log::debug("Return URL: ".$returnUrl);

            return redirect($returnUrl);

        }

        return view('oAuth/authorizeLogin', ["msg"=>"", "app"=>$app]);
    }

    public function authorizeDo(Request $request)
    {
        //Check user
        $user = Auth::user();
        $app = App::query()->where("apiKey", "=", $request->input("client_id"))->first();

        //Check if user send username/password if not logged in
        if(is_null($user)) {
            $user = User::query()->where("username", "=", $request->input("username"))->first();
            if($user == null){
                return view('oAuth/authorizeLogin', ["msg"=>"Username or Password wrong", "app"=>$app]);
            }
            if(!password_verify($request->input("password"), $user->password)) {
                return view('oAuth/authorizeLogin', ["msg"=>"Username or Password wrong", "app"=>$app]);
            }
        }

        $access = AppAccess::getOrCreate($user->id, $app->id);
        $access->status = "allowed";
        $access->saveOrFail();

        $returnUrl = urldecode($request->input("redirect_uri"));
        if(strpos($returnUrl, "?") > 0) {
            Log::debug("Found questionmark in redirect_uri");
            if(substr($returnUrl, -1, 1) != "&") {
                Log::debug("Add & to the redirect_uri");
                $returnUrl .= "&";
            }
        } else {
            $returnUrl .= "?";

        }
        $appCode = AppCode::createCode($access);
        $returnUrl.="code=".$appCode->code."&state=".$request->input("state");

        Log::debug("Return URL: ".$returnUrl);

        return redirect($returnUrl);
    }

    public function token(Request $request) {
        $code = AppCode::query()->where("code", "=", $request->input("code"))->first();
        $access = $code->getAccess();
        if($access->status != "allowed") {
            throw new HTTPException("401", "Code has no access");
        }


        $accessToken = AccessToken::createToken($access);
        $refreshToken = RefreshToken::createToken($access);

        $token = new Token();
        $token->expires_at = $accessToken->expires_at;
        $token->token = $accessToken->token;
        $token->refreshToken = $refreshToken->token;

        $d = [
            'access_token' => $accessToken->token,
            'token_type' => 'bearer',
            'expires_in' => strtotime($accessToken->expires_at)-time(),
            'refresh_token' => $refreshToken->token
        ];

        echo json_encode($d);
    }

    public function getUserTMP() {

        $user = Auth::user();
        $data = [];
        $data["id"] = $user->id;
        $data["username"] = $user->username;
        $data["sub"] = $user->username;
        $data["email"]  = $user->getMail();
        $data["name"] = $user->username;
        $data["state"] = "active";
        $data["avatar_url"] = "https://www.alzforum.org/sites/default/files/member-default.jpg";
        #$data["web_url"] = "http://www.kekskurse.de";
        $data["is_admin"] = false;
        $data["public_email"] = $user->getMail();

        echo json_encode($data);
    }

    public function getGroupsTMP() {
        echo "[]";
    }

    //
}