|
1
|
|
|
<?php namespace nyx\auth\id\protocols\oauth2\providers; |
|
2
|
|
|
|
|
3
|
|
|
// External dependencies |
|
4
|
|
|
use Psr\Http\Message\ResponseInterface as Response; |
|
5
|
|
|
use GuzzleHttp\Promise\PromiseInterface as Promise; |
|
6
|
|
|
|
|
7
|
|
|
// Internal dependencies |
|
8
|
|
|
use nyx\auth\id\protocols\oauth2; |
|
9
|
|
|
use nyx\auth; |
|
10
|
|
|
|
|
11
|
|
|
/** |
|
12
|
|
|
* GitHub Provider (OAuth 2.0) |
|
13
|
|
|
* |
|
14
|
|
|
* @package Nyx\Auth |
|
15
|
|
|
* @version 0.1.0 |
|
16
|
|
|
* @author Michal Chojnacki <[email protected]> |
|
17
|
|
|
* @copyright 2012-2017 Nyx Dev Team |
|
18
|
|
|
* @link https://github.com/unyx/nyx |
|
19
|
|
|
*/ |
|
20
|
|
|
class Github extends oauth2\Provider |
|
21
|
|
|
{ |
|
22
|
|
|
/** |
|
23
|
|
|
* {@inheritDoc} |
|
24
|
|
|
*/ |
|
25
|
|
|
const URL_AUTHORIZE = 'https://github.com/login/oauth/authorize'; |
|
26
|
|
|
const URL_EXCHANGE = 'https://github.com/login/oauth/access_token'; |
|
27
|
|
|
const URL_IDENTIFY = 'https://api.github.com/user'; |
|
28
|
|
|
|
|
29
|
|
|
/** |
|
30
|
|
|
* {@inheritDoc} |
|
31
|
|
|
*/ |
|
32
|
|
|
const IDENTITY = auth\id\identities\Github::class; |
|
33
|
|
|
|
|
34
|
|
|
/** |
|
35
|
|
|
* {@inheritDoc} |
|
36
|
|
|
*/ |
|
37
|
|
|
protected $defaultScopes = ['user:email']; |
|
38
|
|
|
|
|
39
|
|
|
/** |
|
40
|
|
|
* {@inheritdoc} |
|
41
|
|
|
*/ |
|
42
|
|
|
public function identify(oauth2\Token $token) : Promise |
|
43
|
|
|
{ |
|
44
|
|
|
$promise = $this->request('GET', $this->getIdentifyUrl(), $token); |
|
45
|
|
|
|
|
46
|
|
|
// GitHub makes an entity's e-mail addresses available at a different endpoint, so if we are asked |
|
47
|
|
|
// to fetch it, let's run that request in parallel to save some time on HTTP roundtrips. |
|
48
|
|
|
if ($this->shouldProvideEmailAddress()) { |
|
49
|
|
|
|
|
50
|
|
|
// Intercept the flow - instead of directly returning a Promise for the entity's identity data, |
|
51
|
|
|
// we will now return a Promise that resolves once both the email and identity |
|
52
|
|
|
// data have been resolved and the email has been mapped into the identity data. |
|
53
|
|
|
$promise = $this->getEmail($token)->then(function ($email) use ($token, $promise) { |
|
54
|
|
|
|
|
55
|
|
|
// Map the e-mail address in once the identity data is available (has successfully resolved). |
|
56
|
|
|
return $promise->then(function (array $data) use ($token, $email) { |
|
57
|
|
|
|
|
58
|
|
|
$data['email'] = $email ?? $data['email']; |
|
59
|
|
|
|
|
60
|
|
|
return $data; |
|
61
|
|
|
}); |
|
62
|
|
|
}); |
|
63
|
|
|
} |
|
64
|
|
|
|
|
65
|
|
|
return $promise->then(function (array $data) use ($token) { |
|
66
|
|
|
return $this->createIdentity($token, $data); |
|
67
|
|
|
}); |
|
68
|
|
|
} |
|
69
|
|
|
|
|
70
|
|
|
/** |
|
71
|
|
|
* Returns a Promise for the e-mail address (primary and verified) belonging to the entity whose Access Token |
|
72
|
|
|
* gets used to request that data. |
|
73
|
|
|
* |
|
74
|
|
|
* @param oauth2\Token $token The Access Token to use. |
|
75
|
|
|
* @return Promise A Promise for the entity's e-mail address. |
|
76
|
|
|
*/ |
|
77
|
|
|
protected function getEmail(oauth2\Token $token) : Promise |
|
78
|
|
|
{ |
|
79
|
|
|
return $this->request('GET', 'https://api.github.com/user/emails', $token)->then(function(array $data) { |
|
80
|
|
|
foreach ($data as $email) { |
|
81
|
|
|
if ($email['primary'] && $email['verified']) { |
|
82
|
|
|
return $email['email']; |
|
83
|
|
|
} |
|
84
|
|
|
} |
|
85
|
|
|
}); |
|
86
|
|
|
} |
|
87
|
|
|
|
|
88
|
|
|
/** |
|
89
|
|
|
* {@inheritdoc} |
|
90
|
|
|
*/ |
|
91
|
|
|
protected function onRequestSuccess(Response $response, auth\interfaces\Token $token = null) |
|
92
|
|
|
{ |
|
93
|
|
|
// GitHub provides the currently granted scopes with each response, so let's make use of that |
|
94
|
|
|
// and update our Token to reflect the currently granted scopes (Note: Users on GitHub can partially |
|
95
|
|
|
// revoke scope authorizations so it's wise to keep track of that even if the tokens themselves do not |
|
96
|
|
|
// expire unless revoked manually). |
|
97
|
|
|
if ($token instanceof oauth2\Token) { |
|
|
|
|
|
|
98
|
|
|
$token->setScopes($response->getHeader('X-OAuth-Scopes')); |
|
99
|
|
|
} |
|
100
|
|
|
|
|
101
|
|
|
return parent::onRequestSuccess($response, $token); |
|
102
|
|
|
} |
|
103
|
|
|
|
|
104
|
|
|
/** |
|
105
|
|
|
* {@inheritDoc} |
|
106
|
|
|
*/ |
|
107
|
|
|
protected function getDefaultRequestOptions(auth\interfaces\Token $token = null) : array |
|
108
|
|
|
{ |
|
109
|
|
|
return array_merge_recursive(parent::getDefaultRequestOptions($token), [ |
|
110
|
|
|
'headers' => [ |
|
111
|
|
|
'Accept' => 'application/vnd.github.v3+json' |
|
112
|
|
|
] |
|
113
|
|
|
]); |
|
114
|
|
|
} |
|
115
|
|
|
} |
|
116
|
|
|
|
unyx /
auth
This error could be the result of:
1. Missing dependencies
PHP Analyzer uses your
composer.jsonfile (if available) to determine the dependencies of your project and to determine all the available classes and functions. It expects thecomposer.jsonto be in the root folder of your repository.Are you sure this class is defined by one of your dependencies, or did you maybe not list a dependency in either the
requireorrequire-devsection?2. Missing use statement
PHP does not complain about undefined classes in
ìnstanceofchecks. For example, the following PHP code will work perfectly fine:If you have not tested against this specific condition, such errors might go unnoticed.