mirror of
https://we.phorge.it/source/phorge.git
synced 2025-02-11 14:28:31 +01:00
d0f4554dbe
Summary: Ref T13493. Google returns a lower-quality account identifier ("email") and a higher-quality account identifier ("id"). We currently read only "email". Change the logic to read both "email" and "id", so that if Google ever moves away from "email" the transition will be a bit easier. Test Plan: Linked/unlinked a Google account, looked at the external account identifier table. Maniphest Tasks: T13493 Differential Revision: https://secure.phabricator.com/D21028
120 lines
2.7 KiB
PHP
120 lines
2.7 KiB
PHP
<?php
|
|
|
|
/**
|
|
* Authentication adapter for Google OAuth2.
|
|
*/
|
|
final class PhutilGoogleAuthAdapter extends PhutilOAuthAuthAdapter {
|
|
|
|
public function getAdapterType() {
|
|
return 'google';
|
|
}
|
|
|
|
public function getAdapterDomain() {
|
|
return 'google.com';
|
|
}
|
|
|
|
protected function newAccountIdentifiers() {
|
|
$identifiers = array();
|
|
|
|
$account_id = $this->getOAuthAccountData('id');
|
|
if ($account_id !== null) {
|
|
$account_id = sprintf(
|
|
'id(%s)',
|
|
$account_id);
|
|
$identifiers[] = $this->newAccountIdentifier($account_id);
|
|
}
|
|
|
|
$email = $this->getAccountEmail();
|
|
if ($email !== null) {
|
|
$identifiers[] = $this->newAccountIdentifier($email);
|
|
}
|
|
|
|
return $identifiers;
|
|
}
|
|
|
|
public function getAccountEmail() {
|
|
return $this->getOAuthAccountData('email');
|
|
}
|
|
|
|
public function getAccountName() {
|
|
// Guess account name from email address, this is just a hint anyway.
|
|
$email = $this->getAccountEmail();
|
|
$email = explode('@', $email);
|
|
$email = head($email);
|
|
return $email;
|
|
}
|
|
|
|
public function getAccountImageURI() {
|
|
$uri = $this->getOAuthAccountData('picture');
|
|
|
|
// Change the "sz" parameter ("size") from the default to 100 to ask for
|
|
// a 100x100px image.
|
|
if ($uri !== null) {
|
|
$uri = new PhutilURI($uri);
|
|
$uri->replaceQueryParam('sz', 100);
|
|
$uri = (string)$uri;
|
|
}
|
|
|
|
return $uri;
|
|
}
|
|
|
|
public function getAccountURI() {
|
|
return $this->getOAuthAccountData('link');
|
|
}
|
|
|
|
public function getAccountRealName() {
|
|
return $this->getOAuthAccountData('name');
|
|
}
|
|
|
|
protected function getAuthenticateBaseURI() {
|
|
return 'https://accounts.google.com/o/oauth2/auth';
|
|
}
|
|
|
|
protected function getTokenBaseURI() {
|
|
return 'https://accounts.google.com/o/oauth2/token';
|
|
}
|
|
|
|
public function getScope() {
|
|
$scopes = array(
|
|
'email',
|
|
'profile',
|
|
);
|
|
|
|
return implode(' ', $scopes);
|
|
}
|
|
|
|
public function getExtraAuthenticateParameters() {
|
|
return array(
|
|
'response_type' => 'code',
|
|
);
|
|
}
|
|
|
|
public function getExtraTokenParameters() {
|
|
return array(
|
|
'grant_type' => 'authorization_code',
|
|
);
|
|
}
|
|
|
|
protected function loadOAuthAccountData() {
|
|
$uri = new PhutilURI('https://www.googleapis.com/userinfo/v2/me');
|
|
$uri->replaceQueryParam('access_token', $this->getAccessToken());
|
|
|
|
$future = new HTTPSFuture($uri);
|
|
list($status, $body) = $future->resolve();
|
|
|
|
if ($status->isError()) {
|
|
throw $status;
|
|
}
|
|
|
|
try {
|
|
$result = phutil_json_decode($body);
|
|
} catch (PhutilJSONParserException $ex) {
|
|
throw new PhutilProxyException(
|
|
pht('Expected valid JSON response from Google account data request.'),
|
|
$ex);
|
|
}
|
|
|
|
return $result;
|
|
}
|
|
|
|
}
|