kritbit

kritbit Commit Details


Date:2015-11-14 16:18:57 (9 years 11 months ago)
Author:Natalie Adams
Branch:master
Commit:e4757e6912861f90bcfce3ef9b5c79b4ad0a649c
Parents: 55f82dba5425ad695cf27b7810e603931c0d2832
Message:adding phpoauthlib2 libraries
Changes:

File differences

web/system/vendor/phpoauthlib2/LICENSE
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Copyright (c) 2015 Nathan Adams <adamsna@datanethost.net>
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
web/system/vendor/phpoauthlib2/OAuth.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
<?php
namespace system\vendor\phpoauthlib2;
class OAuth {
protected $oauthProvider = null;
protected $request = null;
public function __construct($provider, $request) {
$this->oauthProvider = $provider;
$this->request = $request;
}
public function check() {
if (isset($this->request["code"]) && !empty($this->request["code"])) {
$this->oauthProvider->getProfile();
return true;
} else {
return $this->oauthProvider->getLoginUrl();
}
}
public function getProfile() {
return $this->oauthProvider->getProfile();
}
}
web/system/vendor/phpoauthlib2/OAuthDataProvider.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
<?php
namespace system\vendor\phpoauthlib2;
require "ccurl.php";
use phpoauthlib2\ccurl;
class OAUTH_SCOPES {
const EMAIL = "EMAIL";
}
class OAuthDataProvider {
protected $version = "2.0";
protected $name = "undefined";
protected $responseType = "code";
protected $header = "Authorization: Bearer";
protected $profile = "";
protected $dialog = "";
protected $nonce = null;
protected $accessToken = null;
protected $state = "";
protected $redirectURL = "";
protected $scope = "";
protected $clientId = "";
protected $client_secret = "";
protected $request = null;
protected $profileData = [];
public function __construct($profile, $dialog, $accessToken, $request, $header="Authorization: Bearer") {
$this->profile = $profile;
$this->dialog = $dialog;
$this->accessToken = $accessToken;
$this->header = $header;
$this->request = $request;
}
public function getLoginUrl() {
$urlBuilder = [];
$urlBuilder[] = "client_id=" . $this->clientId;
$urlBuilder[] = "response_type=" . $this->responseType;
$urlBuilder[] = "scope=" . $this->scope;
$urlBuilder[] = "state=" . $this->state;
$urlBuilder[] = "redirect_uri=" . urlencode($this->redirectURL);
return $this->dialog . "?" . implode("&", $urlBuilder);
}
protected function getToken() {
$tokenBuilder = [];
$tokenBuilder["client_id"] = $this->clientId;
$tokenBuilder["client_secret"] = $this->client_secret;
$tokenBuilder["grant_type"] = "authorization_code";
$tokenBuilder["redirect_uri"] = htmlspecialchars($this->redirectURL);
$tokenBuilder["code"] = $this->request["code"];
$curl = new ccurl($this->accessToken);
$curl->setPost($tokenBuilder);
$curl->createCurl();
return (string)$curl;
}
protected function parseToken() {
$token = $this->getToken();
$convertedToken = json_decode($token, true);
if (!$convertedToken) {
$realToken = $token;
} else {
$realToken = $convertedToken["access_token"];
}
return $realToken;
}
public function getProfile() {
$token = $this->parseToken();
$profileUrl = $this->profile . "=" . $token;
$curl = new ccurl($profileUrl);
$curl->addHeader($this->header . " " . $token);
$curl->createCurl();
$this->profileData = json_decode((string)$curl, true);
return (string)$curl;
}
public function getEmail() {
return null;
}
public function getFirstName() {
return null;
}
public function getLastName() {
return null;
}
public function getGender() {
return null;
}
public function getId() {
return null;
}
public function getRawProfile() {
return $this->profileData;
}
public function getSource() {
return null;
}
}
web/system/vendor/phpoauthlib2/ccurl.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
<?php
namespace phpoauthlib2;
// Copied from PHP manual comment section:
// http://php.net/manual/en/book.curl.php#90821
// Modified to fit Inefero's/srchub needs
// Now used for oauth lib
class ccurl {
protected $_useragent = 'phpoauthlib2 (http://www.srchub.org); https://srchub.org/p/phpoauthlib2 PHPOAuthLib';
protected $_url;
protected $_followlocation;
protected $_timeout;
protected $_maxRedirects;
protected $_cookieFileLocation = './cookie.txt';
protected $_post;
protected $_postFields;
protected $_referer ="";
// Get around some broken webservers *cough*IIS*cough*?
// http://stackoverflow.com/questions/14459704/does-empty-expect-header-mean-anything
protected $_header = array('Expect:');
protected $_session;
protected $_webpage;
protected $_includeHeader;
protected $_noBody;
protected $_status;
protected $_binaryTransfer;
public $authentication = 0;
public $auth_name = '';
public $auth_pass = '';
public function useAuth($use){
$this->authentication = 0;
if($use == true) $this->authentication = 1;
}
public function setName($name){
$this->auth_name = $name;
}
public function setPass($pass){
$this->auth_pass = $pass;
}
public function addHeader($head)
{
$this->_header[] = $head;
}
public function __construct($url,$followlocation = true,$timeOut = 30,$maxRedirecs = 4,$binaryTransfer = false,$includeHeader = false,$noBody = false)
{
$this->_url = $url;
$this->_followlocation = $followlocation;
$this->_timeout = $timeOut;
$this->_maxRedirects = $maxRedirecs;
$this->_noBody = $noBody;
$this->_includeHeader = $includeHeader;
$this->_binaryTransfer = $binaryTransfer;
$this->_cookieFileLocation = dirname(__FILE__).'/cookie.txt';
}
public function setReferer($referer){
$this->_referer = $referer;
}
public function setCookiFileLocation($path)
{
$this->_cookieFileLocation = $path;
}
public function setPost ($postFields)
{
$this->_post = true;
$this->_postFields = $postFields;
}
public function setUserAgent($userAgent)
{
$this->_useragent = $userAgent;
}
public function createCurl($url = 'nul')
{
if($url != 'nul'){
$this->_url = $url;
}
$s = curl_init();
curl_setopt($s,CURLOPT_URL,$this->_url);
// I understand the implications here - but this isn't a client application
// if my ISP is performing MITM sniffing I have bigger fish to fry
// also the security of a CA signed certificate is questionable at best
// https://www.schneier.com/blog/archives/2012/02/verisign_hacked.html
// Email me if you want to discus this adamsna@datanethost.net
// NA - 12/10/2014
curl_setopt($s, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($s,CURLOPT_HTTPHEADER,$this->_header);
curl_setopt($s,CURLOPT_TIMEOUT,$this->_timeout);
curl_setopt($s,CURLOPT_MAXREDIRS,$this->_maxRedirects);
curl_setopt($s,CURLOPT_RETURNTRANSFER,true);
curl_setopt($s,CURLOPT_FOLLOWLOCATION,$this->_followlocation);
curl_setopt($s,CURLOPT_COOKIEJAR,$this->_cookieFileLocation);
curl_setopt($s,CURLOPT_COOKIEFILE,$this->_cookieFileLocation);
if($this->authentication == 1){
curl_setopt($s, CURLOPT_USERPWD, $this->auth_name.':'.$this->auth_pass);
}
if($this->_post)
{
//curl_setopt($s,CURLOPT_POST,true);
curl_setopt($s, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($s,CURLOPT_POSTFIELDS,$this->_postFields);
}
if($this->_includeHeader)
{
curl_setopt($s,CURLOPT_HEADER,true);
}
if($this->_noBody)
{
curl_setopt($s,CURLOPT_NOBODY,true);
}
curl_setopt($s,CURLOPT_USERAGENT,$this->_useragent);
curl_setopt($s,CURLOPT_REFERER,$this->_referer);
$this->_webpage = curl_exec($s);
$this->_status = curl_getinfo($s,CURLINFO_HTTP_CODE);
curl_close($s);
}
public function getHttpStatus()
{
return $this->_status;
}
public function __tostring(){
return $this->_webpage;
}
}
web/system/vendor/phpoauthlib2/cookie.txt
1
2
3
4
5
# Netscape HTTP Cookie File
# http://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.
#HttpOnly_.google.comTRUE/FALSE1463331114NID73=wOGSMwy8vYCu7qJjpMYLVMQ_gYCNZXru2x8g0p5InvQIpj8X4P2uiXE8QdX50ZcpHvxCXo35XdDS8P5trQSsI0s3UmQ-tmG_01TTIVil6YeJIzFKqoGmKAdWo_0o8MOQ
web/system/vendor/phpoauthlib2/example.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
<?php
use \phpoauthlib2\providers\GoogleAuthProvider;
use \phpoauthlib2\OAuth;
require 'OAuth.php';
require 'providers/GoogleAuthProvider.php';
$authProvider = new GoogleAuthProvider($_GET, [
"client_id" => "apps.googleusercontent.com",
"client_secret" => "<KEY>",
"redirect_uri" => "http://example.com/phpoauthlib2/example.php"
]);
$oauth = new OAuth($authProvider, $_GET);
$check = $oauth->check();
if ($check === true) {
echo "Hello - " . $authProvider->getFirstName();
echo "<br>Your email is - " . $authProvider->getEmail();
} else {
header("Location: " . $check);
}
web/system/vendor/phpoauthlib2/providers/FacebookAuthProvider.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
<?php
namespace system\vendor\phpoauthlib2\providers;
require "OAuthDataProvider.php";
use phpoauthlib2\ccurl;
use phpoauthlib2\OAUTH_SCOPES;
use phpoauthlib2\OAuthDataProvider;
class FacebookAuthProvider extends OAuthDataProvider {
public function __construct($request, $conf, $scopes=[OAUTH_SCOPES::EMAIL]) {
parent::__construct(
"https://graph.facebook.com/me",
"https://www.facebook.com/dialog/oauth",
"https://graph.facebook.com/oauth/access_token",
$request
);
$this->client_secret = $conf["client_secret"];
$this->redirectURL = $conf["redirect_uri"];
$this->clientId = $conf["client_id"];
$tempScopes = [];
foreach($scopes as $scope) {
switch ($scope) {
case OAUTH_SCOPES::EMAIL:
$tempScopes[] = "email";
}
}
$tempScopes[] = "public_profile";
$this->scope = implode(" ", $tempScopes);
}
public function getEmail() {
return $this->profileData["email"];
}
public function getFirstName() {
return $this->profileData["first_name"];
}
public function getLastName() {
return $this->profileData["last_name"];
}
public function getId() {
return $this->profileData["id"];
}
public function getSource() {
return "FACEBOOK";
}
public function parseToken() {
$token = $this->getToken();
return explode("=", $token)[1];
}
public function getProfile() {
$token = $this->parseToken();
$profileUrl = $this->profile . "?fields=first_name,last_name,name,email,age_range&access_token=" . $token;
$curl = new ccurl($profileUrl);
$curl->createCurl();
$ret = (string)$curl;
$this->profileData = json_decode($ret, true);
return $ret;
}
}
web/system/vendor/phpoauthlib2/providers/GoogleAuthProvider.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
<?php
namespace system\vendor\phpoauthlib2\providers;
use phpoauthlib2\ccurl;
use system\vendor\phpoauthlib2\OAUTH_SCOPES;
use system\vendor\phpoauthlib2\OAuth;
use system\vendor\phpoauthlib2\OAuthDataProvider;
class GoogleAuthProvider extends OAuthDataProvider {
public function __construct($request, $conf, $scopes=[OAUTH_SCOPES::EMAIL]) {
parent::__construct(
"https://www.googleapis.com/oauth2/v1/userinfo?access_token",
"https://accounts.google.com/o/oauth2/auth",
"https://accounts.google.com/o/oauth2/token", $request);
$this->client_secret = $conf["client_secret"];
$this->redirectURL = $conf["redirect_uri"];
$this->clientId = $conf["client_id"];
$tmpScopes = [];
foreach($scopes as $scope) {
switch ($scope) {
case OAUTH_SCOPES::EMAIL:
$tmpScopes[] = "https://www.googleapis.com/auth/userinfo.email";
}
}
$this->scope = implode(" ", $tmpScopes);
}
public function getEmail() {
return $this->profileData["email"];
}
public function getFirstName() {
return $this->profileData["given_name"];
}
public function getLastName() {
return $this->profileData["family_name"];
}
public function getGender() {
return $this->profileData["gender"];
}
public function getId() {
return $this->profileData["id"];
}
public function getSource() {
return "GOOGLE";
}
}
web/system/vendor/phpoauthlib2/readme.md
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
# phpoauthlib2
phpoauthlib2 is another OAuth 2.0 library for PHP. The goal of the project is to make it as easy as possible to integrate OAuth into your web application.
You can think of phpoauthlib2 as a combination of ideas from the following projects:
- PHPoAuthLib
- li3_socialauth
- oauth-4-laravel
- PHPoAuthUserData
All wrapped in one simple library.
# Why phpoauthlib2?
Or more specifically why "2"?
For me this is version 2.0. Originally I developed this in private for PHP and it worked but after a refactoring to Django/Python (Python version coming soon to a pip repository near you) then I ported it back to PHP.
# How to use
It's very easy to use this library. Examine the following line -
$authProvider = new GoogleAuthProvider($_GET, [
"client_id" => "apps.googleusercontent.com",
"client_secret" => "<KEY>",
"redirect_uri" => "http://example.com/phpoauthlib2/example.php"
]);
client_id and client_secret are provided by the OAauth provider (in this case Google) and the redirect_uri is where you want to the user to end up on successful login. It should go without saying that client_id and client_secret should be kept private - you should avoid committing them a public place like github (yes - people have services running and monitoring for people who commit credentials. Don't believe me? Commit your Amazon AWS keys and see how fast people will spin up VMs). The library will handle the verification and present you with some simple base methods to extract data you might be interested in or the ability to work with the entire OAuth data.
$oauth = new OAuth($authProvider, $_GET);
OAuth is really a wrapper to do the verification check. In both this line and the previous one we are passing $_GET but phpoauthlib2 can accept any request array from your framework (provided your framework can emit the GET request as an array - which I know at least Symfony can do this).
$check = $oauth->check();
The check method will return true or a string. Not ideal but I couldn't think of any simpler way to do it (obviously not a problem in a lose typed language - but I don't personally like mixing return types). true indicates that the user successfully logged in and you have access to the user's information. A string indicates that you need to redirect them to the OAuth provider to login (the string itself is the redirect URL).
if ($check === true) {
echo "Hello - " . $authProvider->getFirstName();
echo "<br>Your email is - " . $authProvider->getEmail();
} else {
header("Location: " . $check);
}
This library is designed to be very minimal - so you need to decide how to hook into the login subsystem of your web application. In the example file - it's checking to make sure that the login was successful and then can call $authProvider->getXXX (such as getFirstName and getEmail in this example) and the provider class will return those fields from the raw profile data so you don't have to worry about it.
The work flow to integrate to your system is usually:
if ($check === true) {
$mySystem->login($authProvider->getEmail()); // which sets a cookie or session that they logged in with this specific user
header("Location: http://example.com/yoursystem/user.php"); // The line above logs them in to your system - then immediately bounce back to your system and potentially send them straight to their user dashboard
The reasoning behind the getXXX methods is to provide some commonality between providers. That way you can present a OAuth login prompt for different services to the user and you can just call $provider->getEmail() to get their email without having to worry about the actual field that the OAuth provider decided to put it in.
If after you have verified the login was successful you may call
$provider->getRawProfile();
To return the raw return from the OAuth provider (which will be an associative array).
# Google
To get OAuth credentials for Google just go to this URL: https://console.developers.google.com/
And create a project (which is free) and go to APIs & auth -> Credentials.
If you are creating a new project - it may complain that you need to setup the OAuth consent screen. Do this and return to the credentials section and you should be able to setup the project.
Add credentials -> OAuth 2.0 client ID
Then select Web application
It is very important that you input a correct authorized redirect URI. This will be where the user will be sent back on successful login.
# License
I am licensing this under the MIT license. Which essentially grants you the right TDWTFYWWI (to do whatever the f you want with it) - assuming that you acknowledge that I don't provide a warranty.
# What this library is/is not
- This library is a simple interface to use PHP OAuth 2.0 in your web application.
- This library is designed to be as flexible as possible to use in any framework.
- This library is not designed to hold your hand to secure your client_id, client_secret, or other data.
- This library is not designed to be specific to a certain framework.
- This library is not designed to be abstract. The only class you should ever have to extend is OAuthDataProvider - and that is to create a "provider" for different OAuth providers (which merely contains the URLs to send for login, where to query for user data and normalizing data).

Archive Download the corresponding diff file

Branches

Number of commits:
Page rendered in 0.13126s using 14 queries.