|
1
|
|
|
<?php namespace nyx\auth\id\protocols\oauth2\providers; |
|
2
|
|
|
|
|
3
|
|
|
// External dependencies |
|
4
|
|
|
use Psr\Http\Message\ResponseInterface as Response; |
|
5
|
|
|
use GuzzleHttp\Promise\PromiseInterface as Promise; |
|
6
|
|
|
|
|
7
|
|
|
// Internal dependencies |
|
8
|
|
|
use nyx\auth\id\protocols\oauth2; |
|
9
|
|
|
use nyx\auth; |
|
10
|
|
|
|
|
11
|
|
|
/** |
|
12
|
|
|
* GitHub Provider (OAuth 2.0) |
|
13
|
|
|
* |
|
14
|
|
|
* @package Nyx\Auth |
|
15
|
|
|
* @version 0.1.0 |
|
16
|
|
|
* @author Michal Chojnacki <[email protected]> |
|
17
|
|
|
* @copyright 2012-2017 Nyx Dev Team |
|
18
|
|
|
* @link https://github.com/unyx/nyx |
|
19
|
|
|
*/ |
|
20
|
|
|
class Github extends oauth2\Provider |
|
21
|
|
|
{ |
|
22
|
|
|
/** |
|
23
|
|
|
* {@inheritDoc} |
|
24
|
|
|
*/ |
|
25
|
|
|
const SCOPE_SEPARATOR = ','; |
|
26
|
|
|
|
|
27
|
|
|
/** |
|
28
|
|
|
* {@inheritDoc} |
|
29
|
|
|
*/ |
|
30
|
|
|
const URL_AUTHORIZE = 'https://github.com/login/oauth/authorize'; |
|
31
|
|
|
const URL_EXCHANGE = 'https://github.com/login/oauth/access_token'; |
|
32
|
|
|
const URL_IDENTIFY = 'https://api.github.com/user'; |
|
33
|
|
|
|
|
34
|
|
|
/** |
|
35
|
|
|
* {@inheritDoc} |
|
36
|
|
|
*/ |
|
37
|
|
|
const IDENTITY = auth\id\identities\Github::class; |
|
38
|
|
|
|
|
39
|
|
|
/** |
|
40
|
|
|
* {@inheritDoc} |
|
41
|
|
|
*/ |
|
42
|
|
|
protected $defaultScopes = ['user:email']; |
|
43
|
|
|
|
|
44
|
|
|
/** |
|
45
|
|
|
* {@inheritdoc} |
|
46
|
|
|
*/ |
|
47
|
|
View Code Duplication |
public function identify(oauth2\Token $token) : Promise |
|
|
|
|
|
|
48
|
|
|
{ |
|
49
|
|
|
$promise = $this->request('GET', $this->getIdentifyUrl(), $token); |
|
50
|
|
|
|
|
51
|
|
|
// GitHub makes an entity's e-mail addresses available at a different endpoint, so if we are asked |
|
52
|
|
|
// to fetch it, let's run that request in parallel to save some time on HTTP roundtrips. |
|
53
|
|
|
if ($this->shouldProvideEmailAddress()) { |
|
54
|
|
|
|
|
55
|
|
|
// Intercept the flow - instead of directly returning a Promise for the entity's identity data, |
|
56
|
|
|
// we will now return a Promise that resolves once both the email and identity |
|
57
|
|
|
// data have been resolved and the email has been mapped into the identity data. |
|
58
|
|
|
$promise = $this->getEmail($token)->then(function ($email) use ($token, $promise) { |
|
59
|
|
|
|
|
60
|
|
|
// Map the e-mail address in once the identity data is available (has successfully resolved). |
|
61
|
|
|
return $promise->then(function (array $data) use ($token, $email) { |
|
62
|
|
|
|
|
63
|
|
|
$data['email'] = $email ?? $data['email']; |
|
64
|
|
|
|
|
65
|
|
|
return $data; |
|
66
|
|
|
}); |
|
67
|
|
|
}); |
|
68
|
|
|
} |
|
69
|
|
|
|
|
70
|
|
|
return $promise->then(function (array $data) use ($token) { |
|
71
|
|
|
return $this->createIdentity($token, $data); |
|
72
|
|
|
}); |
|
73
|
|
|
} |
|
74
|
|
|
|
|
75
|
|
|
/** |
|
76
|
|
|
* Returns a Promise for the e-mail address (primary and verified) belonging to the entity whose Access Token |
|
77
|
|
|
* gets used to request that data. |
|
78
|
|
|
* |
|
79
|
|
|
* @param oauth2\Token $token The Access Token to use. |
|
80
|
|
|
* @return Promise A Promise for the entity's e-mail address. |
|
81
|
|
|
*/ |
|
82
|
|
View Code Duplication |
protected function getEmail(oauth2\Token $token) : Promise |
|
|
|
|
|
|
83
|
|
|
{ |
|
84
|
|
|
return $this->request('GET', 'https://api.github.com/user/emails', $token)->then(function(array $data) { |
|
85
|
|
|
foreach ($data as $email) { |
|
86
|
|
|
if ($email['primary'] && $email['verified']) { |
|
87
|
|
|
return $email['email']; |
|
88
|
|
|
} |
|
89
|
|
|
} |
|
90
|
|
|
}); |
|
91
|
|
|
} |
|
92
|
|
|
|
|
93
|
|
|
/** |
|
94
|
|
|
* {@inheritdoc} |
|
95
|
|
|
*/ |
|
96
|
|
|
protected function onRequestSuccess(Response $response, auth\interfaces\Token $token = null) |
|
97
|
|
|
{ |
|
98
|
|
|
// GitHub provides the currently granted scopes with each response, so let's make use of that |
|
99
|
|
|
// and update our Token to reflect the currently granted scopes (Note: Users on GitHub can partially |
|
100
|
|
|
// revoke scope authorizations so it's wise to keep track of that even if the tokens themselves do not |
|
101
|
|
|
// expire unless revoked manually). |
|
102
|
|
|
if ($token instanceof oauth2\Token) { |
|
103
|
|
|
$token->setScopes($response->getHeader('X-OAuth-Scopes')); |
|
104
|
|
|
} |
|
105
|
|
|
|
|
106
|
|
|
return parent::onRequestSuccess($response, $token); |
|
107
|
|
|
} |
|
108
|
|
|
|
|
109
|
|
|
/** |
|
110
|
|
|
* {@inheritDoc} |
|
111
|
|
|
*/ |
|
112
|
|
View Code Duplication |
protected function getDefaultRequestOptions(auth\interfaces\Token $token = null) : array |
|
|
|
|
|
|
113
|
|
|
{ |
|
114
|
|
|
return array_merge_recursive(parent::getDefaultRequestOptions($token), [ |
|
115
|
|
|
'headers' => [ |
|
116
|
|
|
'Accept' => 'application/vnd.github.v3+json' |
|
117
|
|
|
] |
|
118
|
|
|
]); |
|
119
|
|
|
} |
|
120
|
|
|
} |
|
121
|
|
|
|
unyx /
auth
Loading history...
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.