|
1
|
|
|
<?php namespace nyx\auth\id\protocols\oauth2\providers; |
|
2
|
|
|
|
|
3
|
|
|
// External dependencies |
|
4
|
|
|
use GuzzleHttp\Promise\PromiseInterface as Promise; |
|
5
|
|
|
|
|
6
|
|
|
// Internal dependencies |
|
7
|
|
|
use nyx\auth\id\protocols\oauth2; |
|
8
|
|
|
use nyx\auth; |
|
9
|
|
|
|
|
10
|
|
|
/** |
|
11
|
|
|
* Bitbucket Provider (OAuth 2.0) |
|
12
|
|
|
* |
|
13
|
|
|
* Bitbucket provides both OAuth version implementations and 2 versions of their public API. We are utilizing v2.0 |
|
14
|
|
|
* of both of those. |
|
15
|
|
|
* |
|
16
|
|
|
* @package Nyx\Auth |
|
17
|
|
|
* @version 0.1.0 |
|
18
|
|
|
* @author Michal Chojnacki <[email protected]> |
|
19
|
|
|
* @copyright 2012-2017 Nyx Dev Team |
|
20
|
|
|
* @link https://github.com/unyx/nyx |
|
21
|
|
|
*/ |
|
22
|
|
|
class Bitbucket extends oauth2\Provider |
|
23
|
|
|
{ |
|
24
|
|
|
/** |
|
25
|
|
|
* {@inheritDoc} |
|
26
|
|
|
*/ |
|
27
|
|
|
const URL_AUTHORIZE = 'https://bitbucket.org/site/oauth2/authorize'; |
|
28
|
|
|
const URL_EXCHANGE = 'https://bitbucket.org/site/oauth2/access_token'; |
|
29
|
|
|
const URL_IDENTIFY = 'https://api.bitbucket.org/2.0/user'; |
|
30
|
|
|
|
|
31
|
|
|
/** |
|
32
|
|
|
* {@inheritDoc} |
|
33
|
|
|
* |
|
34
|
|
|
* Note: self::createIdentity() is an override in Bitbucket's case - we provide subclasses to make a distinction |
|
35
|
|
|
* between User and Team Identities, but the below class name points to the shared parent of those. |
|
36
|
|
|
*/ |
|
37
|
|
|
const IDENTITY = auth\id\identities\Bitbucket::class; |
|
38
|
|
|
|
|
39
|
|
|
/** |
|
40
|
|
|
* {@inheritDoc} |
|
41
|
|
|
* |
|
42
|
|
|
* Note: BitBucket's OAuth 2.0 implementation does not currently (Sept 3rd 2016) support scope requests |
|
43
|
|
|
* on the Authorize requests. Scopes are defined on a per-consumer basis in their admin panel instead, |
|
44
|
|
|
* so this below is just a reminder of what scope needs to be set in the panel for this Provider to be able |
|
45
|
|
|
* to request basic Identity data. Also - the 'account' scope already includes the 'email' scope. |
|
46
|
|
|
*/ |
|
47
|
|
|
protected $defaultScopes = ['account']; |
|
48
|
|
|
|
|
49
|
|
|
/** |
|
50
|
|
|
* {@inheritdoc} |
|
51
|
|
|
*/ |
|
52
|
|
View Code Duplication |
public function identify(oauth2\Token $token) : Promise |
|
|
|
|
|
|
53
|
|
|
{ |
|
54
|
|
|
$promise = $this->request('GET', $this->getIdentifyUrl(), $token); |
|
55
|
|
|
|
|
56
|
|
|
// Bitbucket, similar to GitHub, makes an entity's e-mail addresses available at a different endpoint, |
|
57
|
|
|
// so if we are asked to fetch it, let's run that request in parallel to save some time on HTTP roundtrips. |
|
58
|
|
|
if ($this->shouldProvideEmailAddress()) { |
|
59
|
|
|
|
|
60
|
|
|
// Intercept the flow - instead of directly returning a Promise for the entity's identity data, |
|
61
|
|
|
// we will now return a Promise that resolves once both the email and identity |
|
62
|
|
|
// data have been resolved and the email has been mapped into the identity data. |
|
63
|
|
|
$promise = $this->getEmail($token)->then(function ($email) use ($token, $promise) { |
|
64
|
|
|
|
|
65
|
|
|
// Map the email in once the identity data is available (has succesfully resolved). |
|
66
|
|
|
return $promise->then(function (array $data) use ($token, $email) { |
|
67
|
|
|
|
|
68
|
|
|
$data['email'] = $email ?? $data['email']; |
|
69
|
|
|
|
|
70
|
|
|
return $data; |
|
71
|
|
|
}); |
|
72
|
|
|
}); |
|
73
|
|
|
} |
|
74
|
|
|
|
|
75
|
|
|
return $promise->then(function (array $data) use ($token) { |
|
76
|
|
|
return $this->createIdentity($token, $data); |
|
77
|
|
|
}); |
|
78
|
|
|
} |
|
79
|
|
|
|
|
80
|
|
|
/** |
|
81
|
|
|
* Returns a Promise for the e-mail address (primary and verified) belonging to the entity whose Access Token |
|
82
|
|
|
* gets used to request that data. |
|
83
|
|
|
* |
|
84
|
|
|
* @param oauth2\Token $token The Access Token to use. |
|
85
|
|
|
* @return Promise A Promise for the entity's e-mail address. |
|
86
|
|
|
*/ |
|
87
|
|
View Code Duplication |
protected function getEmail(oauth2\Token $token) : Promise |
|
|
|
|
|
|
88
|
|
|
{ |
|
89
|
|
|
return $this->request('GET', 'https://api.bitbucket.org/2.0/user/emails', $token)->then(function(array $data) { |
|
90
|
|
|
foreach ($data['values'] as $email) { |
|
91
|
|
|
if ($email['is_primary'] && $email['is_confirmed']) { |
|
92
|
|
|
return $email['email']; |
|
93
|
|
|
} |
|
94
|
|
|
} |
|
95
|
|
|
}); |
|
96
|
|
|
} |
|
97
|
|
|
|
|
98
|
|
|
/** |
|
99
|
|
|
* {@inheritdoc} |
|
100
|
|
|
* |
|
101
|
|
|
* Overridden because we return different Identity objects depending on what kind of entity's data we got. |
|
102
|
|
|
*/ |
|
103
|
|
|
protected function createIdentity(oauth2\Token $token, array $data) : oauth2\Identity |
|
104
|
|
|
{ |
|
105
|
|
|
$class = $data['type'] === 'team' |
|
106
|
|
|
? auth\id\identities\bitbucket\Team::class |
|
107
|
|
|
: auth\id\identities\bitbucket\User::class; |
|
108
|
|
|
|
|
109
|
|
|
return new $class($token, $data); |
|
110
|
|
|
} |
|
111
|
|
|
} |
|
112
|
|
|
|
unyx /
auth
Loading history...
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.