php_analyzer.type_inference.infeasible_condition.generic
1 | <?php |
||
2 | /** |
||
3 | * Get an OAuth2 token from Google. |
||
4 | * * Install this script on your server so that it's accessible |
||
5 | * as [https/http]://<yourdomain>/<folder>/get_oauth_token.php |
||
6 | * e.g.: http://localhost/phpmail/get_oauth_token.php |
||
7 | * * Ensure dependencies are installed with 'composer install' |
||
8 | * * Set up an app in your Google developer console |
||
9 | * * Set the script address as the app's redirect URL |
||
10 | * If no refresh token is obtained when running this file, revoke access to your app |
||
11 | * using link: https://accounts.google.com/b/0/IssuedAuthSubTokens and run the script again. |
||
12 | * This script requires PHP 5.4 or later |
||
13 | * PHP Version 5.4 |
||
14 | */ |
||
15 | |||
16 | namespace League\OAuth2\Client\Provider; |
||
17 | |||
18 | require 'vendor/autoload.php'; |
||
19 | |||
20 | use League\OAuth2\Client\Provider\Exception\IdentityProviderException; |
||
21 | use League\OAuth2\Client\Token\AccessToken; |
||
22 | use League\OAuth2\Client\Tool\BearerAuthorizationTrait; |
||
23 | use Psr\Http\Message\ResponseInterface; |
||
24 | |||
25 | session_start(); |
||
26 | |||
27 | //If this automatic URL doesn't work, set it yourself manually |
||
28 | $redirectUri = isset($_SERVER['HTTPS']) ? 'https://' : 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']; |
||
29 | //$redirectUri = 'http://localhost/phpmailer/get_oauth_token.php'; |
||
30 | |||
31 | //These details obtained are by setting up app in Google developer console. |
||
32 | $clientId = 'RANDOMCHARS-----duv1n2.apps.googleusercontent.com'; |
||
33 | $clientSecret = 'RANDOMCHARS-----lGyjPcRtvP'; |
||
34 | |||
35 | class Google extends AbstractProvider |
||
36 | { |
||
37 | use BearerAuthorizationTrait; |
||
38 | |||
39 | const ACCESS_TOKEN_RESOURCE_OWNER_ID = 'id'; |
||
40 | |||
41 | /** |
||
42 | * @var string If set, this will be sent to google as the "access_type" parameter. |
||
43 | * @link https://developers.google.com/accounts/docs/OAuth2WebServer#offline |
||
44 | */ |
||
45 | protected $accessType; |
||
46 | |||
47 | /** |
||
48 | * @var string If set, this will be sent to google as the "hd" parameter. |
||
49 | * @link https://developers.google.com/accounts/docs/OAuth2Login#hd-param |
||
50 | */ |
||
51 | protected $hostedDomain; |
||
52 | |||
53 | /** |
||
54 | * @var string If set, this will be sent to google as the "scope" parameter. |
||
55 | * @link https://developers.google.com/gmail/api/auth/scopes |
||
56 | */ |
||
57 | protected $scope; |
||
58 | |||
59 | public function getBaseAuthorizationUrl() |
||
60 | { |
||
61 | return 'https://accounts.google.com/o/oauth2/auth'; |
||
62 | } |
||
63 | |||
64 | public function getBaseAccessTokenUrl(array $params) |
||
65 | { |
||
66 | return 'https://accounts.google.com/o/oauth2/token'; |
||
67 | } |
||
68 | |||
69 | public function getResourceOwnerDetailsUrl(AccessToken $token) |
||
70 | { |
||
71 | return ' '; |
||
72 | } |
||
73 | |||
74 | protected function getAuthorizationParameters(array $options) |
||
75 | { |
||
76 | if (is_array($this->scope)) { |
||
0 ignored issues
–
show
introduced
by
![]() |
|||
77 | $separator = $this->getScopeSeparator(); |
||
78 | $this->scope = implode($separator, $this->scope); |
||
79 | } |
||
80 | |||
81 | $params = array_merge( |
||
82 | parent::getAuthorizationParameters($options), |
||
83 | array_filter([ |
||
84 | 'hd' => $this->hostedDomain, |
||
85 | 'access_type' => $this->accessType, |
||
86 | 'scope' => $this->scope, |
||
87 | // if the user is logged in with more than one account ask which one to use for the login! |
||
88 | 'authuser' => '-1' |
||
89 | ]) |
||
90 | ); |
||
91 | return $params; |
||
92 | } |
||
93 | |||
94 | protected function getDefaultScopes() |
||
95 | { |
||
96 | return [ |
||
97 | 'email', |
||
98 | 'openid', |
||
99 | 'profile', |
||
100 | ]; |
||
101 | } |
||
102 | |||
103 | protected function getScopeSeparator() |
||
104 | { |
||
105 | return ' '; |
||
106 | } |
||
107 | |||
108 | protected function checkResponse(ResponseInterface $response, $data) |
||
109 | { |
||
110 | if (!empty($data['error'])) { |
||
111 | $code = 0; |
||
112 | $error = $data['error']; |
||
113 | |||
114 | if (is_array($error)) { |
||
115 | $code = $error['code']; |
||
116 | $error = $error['message']; |
||
117 | } |
||
118 | |||
119 | throw new IdentityProviderException($error, $code, $data); |
||
120 | } |
||
121 | } |
||
122 | |||
123 | protected function createResourceOwner(array $response, AccessToken $token) |
||
124 | { |
||
125 | return new GoogleUser($response); |
||
126 | } |
||
127 | } |
||
128 | |||
129 | |||
130 | //Set Redirect URI in Developer Console as [https/http]://<yourdomain>/<folder>/get_oauth_token.php |
||
131 | $provider = new Google( |
||
132 | array( |
||
133 | 'clientId' => $clientId, |
||
134 | 'clientSecret' => $clientSecret, |
||
135 | 'redirectUri' => $redirectUri, |
||
136 | 'scope' => array('https://mail.google.com/'), |
||
137 | 'accessType' => 'offline' |
||
138 | ) |
||
139 | ); |
||
140 | |||
141 | if (!isset($_GET['code'])) { |
||
142 | // If we don't have an authorization code then get one |
||
143 | $authUrl = $provider->getAuthorizationUrl(); |
||
144 | $_SESSION['oauth2state'] = $provider->getState(); |
||
145 | header('Location: ' . $authUrl); |
||
146 | exit; |
||
147 | // Check given state against previously stored one to mitigate CSRF attack |
||
148 | } elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) { |
||
149 | unset($_SESSION['oauth2state']); |
||
150 | exit('Invalid state'); |
||
151 | } else { |
||
152 | // Try to get an access token (using the authorization code grant) |
||
153 | $token = $provider->getAccessToken( |
||
154 | 'authorization_code', |
||
155 | array( |
||
156 | 'code' => $_GET['code'] |
||
157 | ) |
||
158 | ); |
||
159 | |||
160 | // Use this to get a new access token if the old one expires |
||
161 | echo 'Refresh Token: ' . $token->getRefreshToken(); |
||
162 | } |
||
163 |