WrenchBoard/WrenchBoradWeb
1
0
Fork 0
Code Issues Pull Requests Releases Activity
Files
5cbcdb6c64bfed68589900d870082e5717680883
WrenchBoradWeb/www-api/app/Models/ExternalOAuth2Model.php
T
tokslaw7 5cbcdb6c64 Google auth fix (mobile)
2023-10-08 21:40:45 +00:00

498 lines
21 KiB
PHP
Raw Blame History

<?php
namespace App\Models;
use CodeIgniter\Model;
class ExternalOAuth2Model extends Model
{
public function prepareOauthEndPointData($endpoint, $in, &$call_backend=true,&$local_out=[]){
log_message('critical', "Started prepareOauthEndPointData -> ".$endpoint );
switch ($endpoint) {
case 'authstart':
// may not need to call back end , juet get the configurations
switch($in["auth_type"]){
case 'GOOGLE':
log_message('critical', "Reading prepareOauthEndPointData -> ".$endpoint );
// Skip token exchange if we habe the access token already
if (isset($in["access_token"]) && $in["access_token"]!="") {
$local_out["access_token"] = $in["access_token"];
} else {
$this->gooleOAuthCodeExchange($in, $local_out);
}
log_message('critical', "LET SEEEEE TOKEN prepareOauthEndPointData -> ".$local_out["access_token"] );
if ( isset($local_out["access_token"])){
log_message('critical', "XXXXXXXXXXXXXXXXX prepareOauthEndPointData -> ".$endpoint );
$l_out =[];
$local_out["user_info"] = $this->gooleOAuthGetUser($local_out["access_token"], $l_out);
log_message('critical', "prepareOauthEndPointDataL FINAL DATALOGIN DATA STEP 889993".serialize( $local_out["user_info"] ) );
$this->provisionGoogleAccount($local_out["user_info"] , $local_out);
}
break;
case 'FACEBOOK':
log_message('critical', "Reading prepareOauthEndPointData -> ".$endpoint );
// Skip token exchange if we habe the access token already
if (isset($in["access_token"]) && $in["access_token"]!="") {
$local_out["access_token"] = $in["access_token"];
} else {
$this->facebookOAuthCodeExchange($in, $local_out);
}
log_message('critical', "LET SEEEEE TOKEN prepareOauthEndPointData -> ".$local_out["access_token"] );
if ( isset($local_out["access_token"])){
log_message('critical', "XXXXXXXXXXXXXXXXX prepareOauthEndPointData -> ".$endpoint );
$l_out =[];
$local_out["user_info"] = $this->facebookOAuthGetUser($local_out["access_token"], $l_out);
log_message('critical', "prepareOauthEndPointDataL FINAL DATALOGIN DATA STEP 889993".serialize( $local_out["user_info"] ) );
$this->provisionFacebookAccount($local_out["user_info"] , $local_out);
}
break;
case 'APPLE':
log_message('critical', "Reading prepareOauthEndPointData -> ".$endpoint );
if (array_key_exists("identityToken",$in) && trim($in["identityToken"])!="") {
// User info is already present
$local_out["user_info"] = $in;
} else {
$this->appleOAuthCodeExchange($in, $local_out);
if ( isset($local_out["access_token"])){
log_message('critical', "XXXXXXXXXXXXXXXXX prepareOauthEndPointData -> ".$endpoint );
$l_out =[];
$local_out["user_info"] = $this->appleOAuthGetUser($local_out["access_token"], $l_out);
log_message('critical', "prepareOauthEndPointDataL FINAL DATALOGIN DATA STEP 889993".serialize( $local_out["user_info"] ) );
}
}
log_message('critical', "LET SEEEEE TOKEN prepareOauthEndPointData -> ".$local_out["access_token"] );
if (is_array($local_out["user_info"])) {
$this->provisionAppleAccount($local_out["user_info"] , $local_out);
}
break;
}
log_message('critical', "prepareOauthEndPointDataL FINAL DATA".serialize($local_out) );
$call_backend=false;
break;
case 'authlogin':
// not really implemented
switch($in["auth_type"]){
case 'GOOGLE33':
log_message('critical', "prepareOauthEndPointDataL LOGIN DATA STEP 2".serialize($in) );
$local_out["user_info"] = $this->gooleOAuthGetUser($in["access_token"], $local_out);
log_message('critical', "prepareOauthEndPointDataL FINAL DATALOGIN DATA STEP 3".serialize($local_out) );
$this->provisionGoogleAccount($local_out["user_info"] , $local_out);
break;
}
$in["action"] = WRENCHBOARD_ACCOUNT_AUXLOGIN;
if (!isset($in["login_mode"])){
$in["login_mode"] = MOBILE_LOGIN;
}
break;
}
$in["pid"] = 100;
return $in;
}
public function getSiteConfigurations($config_item){
$wrenchboard = new \App\Models\BackendModel();
return $wrenchboard->cfgReadChar($config_item);
}
private function gooleOAuthCodeExchange($in, &$local_out) {
/*
POST /token HTTP/1.1
Host: oauth2.googleapis.com
Content-Type: application/x-www-form-urlencoded
code=4/P7q7W91a-oMsCeLvIaQm6bTrgtp7&
client_id=your_client_id&
client_secret=your_client_secret&
redirect_uri=https%3A//oauth2.example.com/code&
grant_type=authorization_code
*/
$data = [
"code" => $in["code"],
"client_id" => $this->getSiteConfigurations("google.google_client_id"),
"client_secret" => $this->getSiteConfigurations("google.google_client_secret"),
"redirect_uri" => $in["redirect_uri"],
"grant_type" => "authorization_code"
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,"https://oauth2.googleapis.com/token");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
// Receive server response ...
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$server_output = curl_exec($ch);
curl_close($ch);
$local_out = json_decode($server_output,true);
if (!is_array($local_out) || !array_key_exists("message",$local_out)) {
$local_out["message"] = "Received from Google token API: ".$server_output;
}
}
private function gooleOAuthGetUser($access_token, &$local_out) {
$urlInfp = "https://www.googleapis.com/oauth2/v1/userinfo?alt=json&access_token=" . $access_token;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$urlInfp);
//curl_setopt($ch, CURLOPT_POST, 1);
//curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
// Receive server response ...
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$server_output = curl_exec($ch);
curl_close($ch);
$local_out = json_decode($server_output,true);
if (!is_array($local_out) || !array_key_exists("message",$local_out)) {
$local_out["message"] = "Received from Google token API: ".$server_output;
}
return $local_out;
}
private function facebookOAuthCodeExchange($in, &$local_out) {
/*
https://developers.facebook.com/docs/facebook-login/guides/advanced/manual-flow/#exchangecode
Step 1. Get access token by code
GET https://graph.facebook.com/v17.0/oauth/access_token?
client_id={app-id}
&redirect_uri={redirect-uri}
&client_secret={app-secret}
&code={code-parameter}
https://developers.facebook.com/docs/facebook-login/guides/access-tokens/get-long-lived
Step 2. Get long-lived token by access token
curl -i -X GET "https://graph.facebook.com/{graph-api-version}/oauth/access_token?
grant_type=fb_exchange_token&
client_id={app-id}&
client_secret={app-secret}&
fb_exchange_token={your-access-token}"
*/
// Step 1. Get access token
$data = [
"client_id" => $this->getSiteConfigurations("facebook.facebook_client_id"),
"client_secret" => $this->getSiteConfigurations("facebook.facebook_client_secret"),
"redirect_uri" => $in["redirect_uri"],
"code" => $in["code"]
];
$ch = curl_init();
$url = "https://graph.facebook.com/v17.0/oauth/access_token?" . http_build_query($data);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 0);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
// Receive server response ...
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$server_output = curl_exec($ch);
curl_close($ch);
/*
{
"access_token": "EAAJogfssZCgYBOz16ZBqoASjMwZAGNfcISyfjSmPdQDJON3NLxnlSYmludsX1S6Hp9ZC7ZAeUIZBHLnC7HGIh3KRoxksrqdLO5lp1aNhXvB4ecUlRzUe1OOhaf0CAyuYkE4iJfDJr3Q05gjChWjVYr3gj0502kSCvZAxnwsbsyRtlFcXTzzXeJKqrnwAxZB9EzVkXcimas2ZBRdQ4mcutSZBLNYZCdvCcnIL61ypZCwlASvIfRlaenaZAgp4LnCf06w4ZD",
"token_type": "bearer",
"expires_in": 5181637
}
*/
$local_out = json_decode($server_output,true);
if (!is_array($local_out) || !array_key_exists("message",$local_out)) {
$local_out["message"] = "Received from Facebook token API: ".$server_output;
}
///////////////////////////////////////////////////////////////////////////////////////
// IT LOOKS LIKE THE STEP 2 IS NOT NEEDED - BOTH TOKENS HAVE THE SAME EXPIRATION LENGTH
///////////////////////////////////////////////////////////////////////////////////////
/*
// Step 2. Get long-lived token
$data = [
"grant_type" => "fb_exchange_token",
"client_id" => $this->getSiteConfigurations("facebook.facebook_client_id"),
"client_secret" => $this->getSiteConfigurations("facebook.facebook_client_secret"),
"fb_exchange_token" => $local_out["access_token"]
];
$ch = curl_init();
$url = "https://graph.facebook.com/v17.0/oauth/access_token" . http_build_query($data);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 0);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
// Receive server response ...
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$server_output = curl_exec($ch);
curl_close($ch);
$local_out = json_decode($server_output,true);
//*/
}
private function facebookOAuthGetUser($access_token, &$local_out) {
// https://developers.facebook.com/docs/graph-api/reference/user/
$urlInfp = "https://graph.facebook.com/me?fields=id,email,name,first_name,last_name&access_token=" . $access_token;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$urlInfp);
//curl_setopt($ch, CURLOPT_POST, 1);
//curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
// Receive server response ...
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$server_output = curl_exec($ch);
curl_close($ch);
$local_out = json_decode($server_output,true);
if (!is_array($local_out) || !array_key_exists("message",$local_out)) {
$local_out["message"] = "Received from Google token API: ".$server_output;
}
return $local_out;
}
private function appleOAuthCodeExchange($in, &$local_out) {
/*
https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens
POST https://appleid.apple.com/auth/token
Content-Type: application/x-www-form-urlencoded
client_id
client_secret
code
grant_type = authorization_code | refresh_token
refresh_token - when using refresh
redirect_uri - no required?
https://developer.apple.com/documentation/sign_in_with_apple/tokenresponse
access_token
expires_in
id_token
refresh_token
token_type = bearer
curl -v POST "https://appleid.apple.com/auth/token" \
-H 'content-type: application/x-www-form-urlencoded' \
-d 'client_id=CLIENT_ID' \
-d 'client_secret=CLIENT_SECRET' \
-d 'code=CODE' \
-d 'grant_type=authorization_code' \
-d 'redirect_uri=REDIRECT_URI'
*/
// Step 1. Get access token
$data = [
"client_id" => $this->getSiteConfigurations("apple.apple_client_id"),
"client_secret" => $this->getSiteConfigurations("apple.apple_client_secret"),
/* "redirect_uri" => $in["redirect_uri"], */
"code" => $in["code"],
"grant_type" => "authorization_code"
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,"https://appleid.apple.com/auth/token");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
// Receive server response ...
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$server_output = curl_exec($ch);
curl_close($ch);
$local_out = json_decode($server_output,true);
if (!is_array($local_out) || !array_key_exists("message",$local_out)) {
$local_out["message"] = "Received from Apple token API: ".$server_output;
}
}
private function appleOAuthGetUser($access_token, &$local_out) {
// Empty stub
return $local_out;
}
/*
*essage";s:326:"Received from Google token API: {
"id": "112113008943138678578",
"email": "jubaworker@gmail.com",
"verified_email": true,
"name": "Juba Juba",
"given_name": "Juba",
"family_name": "Juba",
"picture": "https://lh3.googleusercontent.com/a/AAcHTtcVmXN4sjpZiUCZI5X6AwJWUhi46g4VRJqtIqW2G2cb=s96-c",
"locale": "en"
}
*/
private function provisionGoogleAccount($user, &$out) {
log_message('critical', "YYYYYYYYYYYYYYYYYYY prepareOauthEndPointData -> " );
$name = (string) $user["name"];
if (trim($name) == "") {
$name = strtok($user["email"], "@");
}
$data['google_id'] = $user["id"];
$data['action'] = WRENCHBOARD_GOOGLE_LOGIN;
$data['firstname'] = $user["given_name"];
$data['lastname'] = $user["family_name"];
$data['email'] = $user["email"];
$data['login_channel'] = LOGIN_GOOGLE;
$data['sessionid'] = rand(10000, 99999) . "A" . rand(10000, 99999);
// $this->load->model('backend_model');
$out = array();
$wrenchboard = new \App\Models\BackendModel();
$ret = $wrenchboard->wrenchboard_api($data, $out);
$out['internal_return'] = $ret;
if ($ret == PHP_LOGIN_OK) {
} else {
// Cannot proceed - backend error?
// $msg = (is_array($out) && array_key_exists('status',$out) && $out['status']!='')
// ? $out ['status'] : json_encode($out);
// $this->session->set_flashdata('login_message','Cannot proceed - error: '.$msg);
// redirect('login');
}
}
/*
{
"id": "10154230206933215",
"email": "acidumirae@gmail.com",
"name": "Anatolii Okhotnikov",
"first_name": "Anatolii",
"last_name": "Okhotnikov"
}
*/
private function provisionFacebookAccount($user, &$out) {
log_message('critical', "YYYYYYYYYYYYYYYYYYY prepareOauthEndPointData -> " );
$name = (string) $user["name"];
if (trim($name) == "") {
$name = strtok($user["email"], "@");
}
$data['fb_id'] = $user["id"];
$data['action'] = WRENCHBOARD_FACEBOOK_LOGIN;
$data['firstname'] = $user["first_name"];
$data['lastname'] = $user["last_name"];
$data['email'] = $user["email"];
$data['login_channel'] = LOGIN_FACEBOOK;
$data['sessionid'] = rand(10000, 99999) . "A" . rand(10000, 99999);
// $this->load->model('backend_model');
$out = array();
$wrenchboard = new \App\Models\BackendModel();
$ret = $wrenchboard->wrenchboard_api($data, $out);
$out['internal_return'] = $ret;
if ($ret == PHP_LOGIN_OK) {
} else {
// Cannot proceed - backend error?
// $msg = (is_array($out) && array_key_exists('status',$out) && $out['status']!='')
// ? $out ['status'] : json_encode($out);
// $this->session->set_flashdata('login_message','Cannot proceed - error: '.$msg);
// redirect('login');
}
}
/*
/*
{
"identityToken":"eyJraWQiOiJZdXlYb1kiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLndyZW5jaGJvYXJkLnVzZXJzIiwiZXhwIjoxNjk0MzkzMzE3LCJpYXQiOjE2OTQzMDY5MTcsInN1YiI6IjAwMTgxMC4yMGU3NTAyOGQ0OWM0MmQ4YjQzMGI0MmQxZDc0ODdmMy4xMTU3Iiwibm9uY2UiOiIxLnB1ZmJwZGFhMzYiLCJjX2hhc2giOiJQRE1PNXNGa2pjOEtPclNNZDRjUGZnIiwiZW1haWwiOiJhY2lkdW1pcmFlQGdtYWlsLmNvbSIsImVtYWlsX3ZlcmlmaWVkIjoidHJ1ZSIsImF1dGhfdGltZSI6MTY5NDMwNjkxNywibm9uY2Vfc3VwcG9ydGVkIjp0cnVlLCJyZWFsX3VzZXJfc3RhdHVzIjoyfQ.fEnzaVgB2JaOZbQm2fkpC_J8if5tIIfAphQptZ9Bxp2wrjnDsGvN1b0gvB3KBswv7d6n4A1U46GpaGpShJDhN-e2lKw_lzgFJlRi9-1B-Fudp_gzK61r6W8JzzbPiD0GZgfp_ITPDdxdC7hzixVx4TW8djrV4TIXYjus0b5XnzqRVz2t3ed4Et55s_SZ53SVhM9qnDruVB-KgeGrvDVUks71iM1etuP2vO3xsSFoiKfMEcankX3JUJaCNRSdvVVeUBqH9TfhvmHrCopjnlJ8N2B8o8RDhbnt99OAJtE_dw_Qt5YAAg2ITYQVLBb2dniJ5FBsOBBwbiA0-W1hPJ3RpQ","authorizationCode":"ce0061e5858a34e468a373c3ea7344cdb.0.rryrq.rK6JjdqlVVi6S9coEcTgVQ",
"email":null,
"givenName":null,
"familyName":null,
"user":"001810.20e75028d49c42d8b430b42d1d7487f3.1157",
"sub": "001810.20e75028d49c42d8b430b42d1d7487f3.1157",
"jwt_email": "acidumirae@gmail.com",
"email_verified": "true",
"real_user_status": 2
}
*/
// real_user_status => The possible values are: 0 (or Unsupported), 1 (or Unknown), 2 (or LikelyReal).
private function provisionAppleAccount($user, &$out) {
log_message('critical', "YYYYYYYYYYYYYYYYYYY provisionAppleAccount -> " );
$email = "";
if ($user["email"] != null && $user["email"] != "null" && $user["email"] != "") {
$email = $user["email"];
} else if ($user["jwt_email"] != null && $user["jwt_email"] != "null" && $user["jwt_email"] != "") {
$email = $user["jwt_email"];
}
$givenName = "";
if ($user["givenName"] != null && $user["givenName"] != "null" && $user["givenName"] != "") {
$givenName = $user["givenName"];
}
$familyName = "";
if ($user["familyName"] != null && $user["familyName"] != "null" && $user["familyName"] != "") {
$familyName = $user["familyName"];
}
$name = trim($givenName." ".$familyName);
if (trim($name) == "") {
$name = strtok($email, "@");
if ($givenName == "") {
$givenName = $name;
}
}
$apple_id = "";
if ($user["sub"] != null && $user["sub"] != "null" && $user["sub"] != "") {
$apple_id = $user["sub"];
} else if ($user["user"] != null && $user["user"] != "null" && $user["user"] != "") {
$apple_id = $user["user"];
}
$data['apple_id'] = $apple_id;
$data['action'] = WRENCHBOARD_APPLE_LOGIN; // WRENCHBOARD_FACEBOOK_LOGIN
$data['firstname'] = $givenName;
$data['lastname'] = $familyName;
$data['email'] = $email;
$data['login_channel'] = LOGIN_APPLE; // LOGIN_FACEBOOK;
$data['sessionid'] = rand(10000, 99999) . "A" . rand(10000, 99999);
// $this->load->model('backend_model');
$out = array();
$wrenchboard = new \App\Models\BackendModel();
$ret = $wrenchboard->wrenchboard_api($data, $out);
$out['internal_return'] = $ret;
if ($ret == PHP_LOGIN_OK) {
} else {
// Cannot proceed - backend error?
// $msg = (is_array($out) && array_key_exists('status',$out) && $out['status']!='')
// ? $out ['status'] : json_encode($out);
// $this->session->set_flashdata('login_message','Cannot proceed - error: '.$msg);
// redirect('login');
}
}
}
Reference in New Issue View Git Blame Copy Permalink