blob: c0fc07803d1e811043e8e6215443592ca5a81e6d [file] [log] [blame]
avm9996370995382020-09-23 01:03:01 +02001<?php
2namespace DAFME\Covid;
3
4class Auth {
5 private $client;
6
7 public function __construct() {
8 global $conf;
9 $this->client = new \Google_Client();
10 $this->client->setApplicationName = 'dafme-covid-tracability-backend';
11 $this->client->setClientId($conf['goog']['clientId']);
12 $this->client->setClientSecret($conf['goog']['secret']);
13 $this->client->addScope('https://www.googleapis.com/auth/userinfo.email');
14 $this->client->setRedirectUri($conf['fullPath'].'oauth2callback.php');
15 $this->client->setAccessType('online');
16 }
17
18 public function getAuthUrl() {
19 return $this->client->createAuthUrl();
20 }
21
22 public function handleCallback() {
23 global $_GET, $con;
24 if (isset($_GET['error']) || !isset($_GET['code'])) return 1;
25
26 $accessToken = null;
27
28 try {
29 $accessToken = $this->client->fetchAccessTokenWithAuthCode($_GET['code']);
30 } catch (\Exception $exception) {
31 return 2;
32 }
33
34 $id = $this->client->verifyIdToken();
35 if ($id === false)
36 return 3;
37
38 if (!isset($id['sub']) || !isset($id['email']) || !isset($id['email_verified']))
39 return 4;
40
41 if ($id['email_verified'] === false)
42 return 5;
43
44 $sub = $id['sub'];
45 $email = $id['email'];
46
47 if (preg_match('/upc.edu$/', $id['email']) !== 1)
48 return 6;
49
50 if (!Users::signIn($sub, $email))
51 return 7;
52
53 return 0;
54 }
55
56 public function setAccessToken($token) {
57 $this->client->setAccessToken($token);
58 }
59}