blob: c0fc07803d1e811043e8e6215443592ca5a81e6d [file] [log] [blame]
<?php
namespace DAFME\Covid;
class Auth {
private $client;
public function __construct() {
global $conf;
$this->client = new \Google_Client();
$this->client->setApplicationName = 'dafme-covid-tracability-backend';
$this->client->setClientId($conf['goog']['clientId']);
$this->client->setClientSecret($conf['goog']['secret']);
$this->client->addScope('https://www.googleapis.com/auth/userinfo.email');
$this->client->setRedirectUri($conf['fullPath'].'oauth2callback.php');
$this->client->setAccessType('online');
}
public function getAuthUrl() {
return $this->client->createAuthUrl();
}
public function handleCallback() {
global $_GET, $con;
if (isset($_GET['error']) || !isset($_GET['code'])) return 1;
$accessToken = null;
try {
$accessToken = $this->client->fetchAccessTokenWithAuthCode($_GET['code']);
} catch (\Exception $exception) {
return 2;
}
$id = $this->client->verifyIdToken();
if ($id === false)
return 3;
if (!isset($id['sub']) || !isset($id['email']) || !isset($id['email_verified']))
return 4;
if ($id['email_verified'] === false)
return 5;
$sub = $id['sub'];
$email = $id['email'];
if (preg_match('/upc.edu$/', $id['email']) !== 1)
return 6;
if (!Users::signIn($sub, $email))
return 7;
return 0;
}
public function setAccessToken($token) {
$this->client->setAccessToken($token);
}
}