160 lines
5 KiB
PHP
160 lines
5 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Controllers;
|
|
|
|
use App\Entity\Token;
|
|
use App\Exceptions\HTTPException;
|
|
use App\Models\AccessToken;
|
|
use App\Models\App;
|
|
use App\Models\AppAccess;
|
|
use App\Models\AppCode;
|
|
use App\Models\RefreshToken;
|
|
use App\Models\User;
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Support\Facades\Auth;
|
|
use Illuminate\Support\Facades\Log;
|
|
|
|
class oAuthController extends Controller
|
|
{
|
|
/**
|
|
* Create a new controller instance.
|
|
*
|
|
* @return void
|
|
*/
|
|
public function __construct()
|
|
{
|
|
//
|
|
}
|
|
|
|
public function authorizeView(Request $request) {
|
|
$app = App::query()->where("apiKey", "=", $request->input("client_id"))->first();
|
|
$user = Auth::user();
|
|
$redirect = false;
|
|
if($user != null) {
|
|
$access = AppAccess::getOrCreate($user->id, $app->id);
|
|
if($access->status == "allowed") {
|
|
$redirect = true;
|
|
}
|
|
if($app->auto_accept == true) {
|
|
$access->status = "allowed";
|
|
$access->saveOrFail();
|
|
$redirect = true;
|
|
}
|
|
// @ToDo: if access is already granted redirect direct without ask user again
|
|
}
|
|
|
|
if($redirect) {
|
|
$returnUrl = urldecode($request->input("redirect_uri"));
|
|
if(strpos($returnUrl, "?") > 0) {
|
|
Log::debug("Found questionmark in redirect_uri");
|
|
if(substr($returnUrl, -1, 1) != "&") {
|
|
Log::debug("Add & to the redirect_uri");
|
|
$returnUrl .= "&";
|
|
}
|
|
} else {
|
|
$returnUrl .= "?";
|
|
|
|
}
|
|
$appCode = AppCode::createCode($access);
|
|
$returnUrl.="code=".$appCode->code."&state=".$request->input("state");
|
|
|
|
Log::debug("Return URL: ".$returnUrl);
|
|
|
|
return redirect($returnUrl);
|
|
|
|
}
|
|
|
|
return view('oAuth/authorizeLogin', ["msg"=>"", "app"=>$app]);
|
|
}
|
|
|
|
public function authorizeDo(Request $request)
|
|
{
|
|
//Check user
|
|
$user = Auth::user();
|
|
$app = App::query()->where("apiKey", "=", $request->input("client_id"))->first();
|
|
|
|
//Check if user send username/password if not logged in
|
|
if(is_null($user)) {
|
|
$user = User::query()->where("username", "=", $request->input("username"))->first();
|
|
if($user == null){
|
|
return view('oAuth/authorizeLogin', ["msg"=>"Username or Password wrong", "app"=>$app]);
|
|
}
|
|
if(!password_verify($request->input("password"), $user->password)) {
|
|
return view('oAuth/authorizeLogin', ["msg"=>"Username or Password wrong", "app"=>$app]);
|
|
}
|
|
}
|
|
|
|
$access = AppAccess::getOrCreate($user->id, $app->id);
|
|
$access->status = "allowed";
|
|
$access->saveOrFail();
|
|
|
|
$returnUrl = urldecode($request->input("redirect_uri"));
|
|
if(strpos($returnUrl, "?") > 0) {
|
|
Log::debug("Found questionmark in redirect_uri");
|
|
if(substr($returnUrl, -1, 1) != "&") {
|
|
Log::debug("Add & to the redirect_uri");
|
|
$returnUrl .= "&";
|
|
}
|
|
} else {
|
|
$returnUrl .= "?";
|
|
|
|
}
|
|
$appCode = AppCode::createCode($access);
|
|
$returnUrl.="code=".$appCode->code."&state=".$request->input("state");
|
|
|
|
Log::debug("Return URL: ".$returnUrl);
|
|
|
|
return redirect($returnUrl);
|
|
}
|
|
|
|
public function token(Request $request) {
|
|
$code = AppCode::query()->where("code", "=", $request->input("code"))->first();
|
|
$access = $code->getAccess();
|
|
if($access->status != "allowed") {
|
|
throw new HTTPException("401", "Code has no access");
|
|
}
|
|
|
|
|
|
$accessToken = AccessToken::createToken($access);
|
|
$refreshToken = RefreshToken::createToken($access);
|
|
|
|
$token = new Token();
|
|
$token->expires_at = $accessToken->expires_at;
|
|
$token->token = $accessToken->token;
|
|
$token->refreshToken = $refreshToken->token;
|
|
|
|
$d = [
|
|
'access_token' => $accessToken->token,
|
|
'token_type' => 'bearer',
|
|
'expires_in' => strtotime($accessToken->expires_at)-time(),
|
|
'refresh_token' => $refreshToken->token
|
|
];
|
|
|
|
echo json_encode($d);
|
|
}
|
|
|
|
public function getUserTMP() {
|
|
|
|
$user = Auth::user();
|
|
$data = [];
|
|
$data["id"] = $user->id;
|
|
$data["username"] = $user->username;
|
|
$data["sub"] = $user->username;
|
|
$data["email"] = $user->getMail();
|
|
$data["name"] = $user->username;
|
|
$data["displayName"] = $user->username; //Param for Nextcloud
|
|
$data["state"] = "active";
|
|
$data["avatar_url"] = "https://www.alzforum.org/sites/default/files/member-default.jpg";
|
|
#$data["web_url"] = "http://www.kekskurse.de";
|
|
$data["is_admin"] = false;
|
|
$data["public_email"] = $user->getMail();
|
|
|
|
echo json_encode($data);
|
|
}
|
|
|
|
public function getGroupsTMP() {
|
|
echo "[]";
|
|
}
|
|
|
|
//
|
|
}
|