avm99963 | 7099538 | 2020-09-23 01:03:01 +0200 | [diff] [blame] | 1 | <?php |
| 2 | namespace DAFME\Covid; |
| 3 | |
| 4 | class Auth { |
| 5 | private $client; |
| 6 | |
| 7 | public function __construct() { |
| 8 | global $conf; |
| 9 | $this->client = new \Google_Client(); |
| 10 | $this->client->setApplicationName = 'dafme-covid-tracability-backend'; |
| 11 | $this->client->setClientId($conf['goog']['clientId']); |
| 12 | $this->client->setClientSecret($conf['goog']['secret']); |
| 13 | $this->client->addScope('https://www.googleapis.com/auth/userinfo.email'); |
| 14 | $this->client->setRedirectUri($conf['fullPath'].'oauth2callback.php'); |
| 15 | $this->client->setAccessType('online'); |
| 16 | } |
| 17 | |
| 18 | public function getAuthUrl() { |
| 19 | return $this->client->createAuthUrl(); |
| 20 | } |
| 21 | |
| 22 | public function handleCallback() { |
| 23 | global $_GET, $con; |
| 24 | if (isset($_GET['error']) || !isset($_GET['code'])) return 1; |
| 25 | |
| 26 | $accessToken = null; |
| 27 | |
| 28 | try { |
| 29 | $accessToken = $this->client->fetchAccessTokenWithAuthCode($_GET['code']); |
| 30 | } catch (\Exception $exception) { |
| 31 | return 2; |
| 32 | } |
| 33 | |
| 34 | $id = $this->client->verifyIdToken(); |
| 35 | if ($id === false) |
| 36 | return 3; |
| 37 | |
| 38 | if (!isset($id['sub']) || !isset($id['email']) || !isset($id['email_verified'])) |
| 39 | return 4; |
| 40 | |
| 41 | if ($id['email_verified'] === false) |
| 42 | return 5; |
| 43 | |
| 44 | $sub = $id['sub']; |
| 45 | $email = $id['email']; |
| 46 | |
| 47 | if (preg_match('/upc.edu$/', $id['email']) !== 1) |
| 48 | return 6; |
| 49 | |
| 50 | if (!Users::signIn($sub, $email)) |
| 51 | return 7; |
| 52 | |
| 53 | return 0; |
| 54 | } |
| 55 | |
| 56 | public function setAccessToken($token) { |
| 57 | $this->client->setAccessToken($token); |
| 58 | } |
| 59 | } |