2021-07-27 10:16:10 +02:00
|
|
|
<?php
|
2021-09-23 17:13:19 +02:00
|
|
|
/*
|
|
|
|
* OpenSTAManager: il software gestionale open source per l'assistenza tecnica e la fatturazione
|
|
|
|
* Copyright (C) DevCode s.r.l.
|
|
|
|
*
|
|
|
|
* This program is free software: you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
|
|
* (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
|
|
*/
|
|
|
|
|
|
|
|
namespace Models;
|
|
|
|
|
|
|
|
use Common\SimpleModelTrait;
|
|
|
|
use Illuminate\Database\Eloquent\Model;
|
2021-07-27 10:16:10 +02:00
|
|
|
use InvalidArgumentException;
|
|
|
|
use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
|
|
|
|
use League\OAuth2\Client\Token\AccessToken;
|
|
|
|
|
2021-09-23 17:13:19 +02:00
|
|
|
class OAuth2 extends Model
|
2021-07-27 10:16:10 +02:00
|
|
|
{
|
2021-09-23 17:13:19 +02:00
|
|
|
use SimpleModelTrait;
|
2021-07-27 14:49:18 +02:00
|
|
|
|
2021-07-27 10:16:10 +02:00
|
|
|
protected $provider;
|
|
|
|
|
2021-09-23 17:13:19 +02:00
|
|
|
protected $table = 'zz_oauth2';
|
2021-07-27 10:16:10 +02:00
|
|
|
|
2021-09-23 17:13:19 +02:00
|
|
|
protected $casts = [
|
|
|
|
'config' => 'array',
|
|
|
|
];
|
2021-07-27 10:16:10 +02:00
|
|
|
|
|
|
|
public function getProvider()
|
|
|
|
{
|
2021-09-23 17:13:19 +02:00
|
|
|
// Inizializza il provider per l'autenticazione OAuth2.
|
|
|
|
if (!isset($this->provider)) {
|
|
|
|
$config = $this->config ?? [];
|
|
|
|
$config = array_merge($config, [
|
|
|
|
'clientId' => $this->client_id,
|
|
|
|
'clientSecret' => $this->client_secret,
|
|
|
|
'redirectUri' => base_url().'/oauth2.php',
|
|
|
|
'accessType' => 'offline',
|
|
|
|
]);
|
2021-07-27 10:16:10 +02:00
|
|
|
|
2021-09-23 17:13:19 +02:00
|
|
|
$class = $this->class;
|
|
|
|
if (!class_exists($class)) {
|
|
|
|
throw new InvalidArgumentException('Classe non esistente');
|
|
|
|
}
|
|
|
|
|
|
|
|
$this->provider = new $class($config);
|
|
|
|
}
|
|
|
|
|
|
|
|
return $this->provider;
|
2021-07-27 10:16:10 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
public function needsConfiguration()
|
|
|
|
{
|
|
|
|
$access_token = $this->getAccessToken();
|
|
|
|
|
|
|
|
return empty($access_token);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Gestisce le operazioni di configurazione per l'autenticazione OAuth2.
|
|
|
|
* Restituisce l'URL di redirect per le operazioni di aggiornamento dei dati, lancia un eccezione in caso di errori e restituisce null in caso di completamento della configurazione.
|
|
|
|
*
|
|
|
|
* Nota: l'autenticazione OAuth2 richiede una serie di richieste su una singola pagina
|
|
|
|
* - Richiesta di autenticazione al server remoto (code, state vuoti)
|
|
|
|
* - Conferma di autenticazione alla pagina di redirect (code, state impostati)
|
|
|
|
* - Richiesta del token di accesso dalla pagina di redirect al server remoto
|
|
|
|
*
|
|
|
|
* @param string|null $code
|
|
|
|
* @param string|null $state
|
|
|
|
*
|
|
|
|
* @throws IdentityProviderException
|
|
|
|
* @throws InvalidArgumentException
|
|
|
|
*
|
|
|
|
* @return string|null
|
|
|
|
*/
|
|
|
|
public function configure($code, $state)
|
|
|
|
{
|
|
|
|
if (!$this->needsConfiguration()) {
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
|
|
|
|
$provider = $this->getProvider();
|
2021-09-23 17:13:19 +02:00
|
|
|
$options = method_exists($provider, 'getOptions') ? $provider->getOptions() : [];
|
2021-07-27 10:16:10 +02:00
|
|
|
if (empty($code)) {
|
|
|
|
// Fetch the authorization URL from the provider; this returns the
|
|
|
|
// urlAuthorize option and generates and applies any necessary parameters
|
|
|
|
// (e.g. state).
|
2021-07-27 14:49:18 +02:00
|
|
|
$authorization_url = $provider->getAuthorizationUrl($options);
|
2021-07-27 10:16:10 +02:00
|
|
|
|
|
|
|
// Get the state generated for you and store it to the session.
|
2021-09-23 17:13:19 +02:00
|
|
|
$this->state = $provider->getState();
|
|
|
|
$this->save();
|
2021-07-27 10:16:10 +02:00
|
|
|
|
|
|
|
// Redirect the user to the authorization URL.
|
2021-07-27 14:49:18 +02:00
|
|
|
return $authorization_url;
|
2021-09-23 17:13:19 +02:00
|
|
|
} elseif (!empty($this->state) && $this->state !== $state) {
|
|
|
|
$this->state = null;
|
|
|
|
$this->save();
|
2021-07-27 10:16:10 +02:00
|
|
|
|
|
|
|
throw new InvalidArgumentException();
|
|
|
|
} else {
|
2021-09-23 17:13:19 +02:00
|
|
|
$this->state = null;
|
|
|
|
$this->save();
|
2021-07-27 10:16:10 +02:00
|
|
|
|
2021-07-27 14:49:18 +02:00
|
|
|
// Try to get an access token using the authorization code grant
|
|
|
|
$access_token = $provider->getAccessToken('authorization_code', [
|
2021-07-27 10:16:10 +02:00
|
|
|
'code' => $code,
|
|
|
|
]);
|
2021-07-27 14:49:18 +02:00
|
|
|
$refresh_token = $access_token->getRefreshToken();
|
2021-07-27 10:16:10 +02:00
|
|
|
|
2021-07-27 14:49:18 +02:00
|
|
|
$this->updateTokens($access_token, $refresh_token);
|
2021-07-27 10:16:10 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
|
2021-09-23 17:13:19 +02:00
|
|
|
/**
|
|
|
|
* @return string|null
|
|
|
|
*/
|
2021-07-27 14:49:18 +02:00
|
|
|
public function getRefreshToken()
|
2021-07-27 10:16:10 +02:00
|
|
|
{
|
2021-07-27 14:49:18 +02:00
|
|
|
$this->checkTokens();
|
|
|
|
|
2021-09-23 17:13:19 +02:00
|
|
|
return $this->attributes['refresh_token'];
|
2021-07-27 10:16:10 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Restituisce l'access token per l'autenticazione OAuth2.
|
|
|
|
*
|
|
|
|
* @return AccessToken|null
|
|
|
|
*/
|
|
|
|
public function getAccessToken()
|
|
|
|
{
|
2021-07-27 14:49:18 +02:00
|
|
|
$this->checkTokens();
|
|
|
|
|
2021-09-23 17:13:19 +02:00
|
|
|
return unserialize($this->attributes['access_token']);
|
2021-07-27 14:49:18 +02:00
|
|
|
}
|
|
|
|
|
2021-07-27 14:55:59 +02:00
|
|
|
/**
|
2021-09-23 17:13:19 +02:00
|
|
|
* Imposta Access Token e Refresh Token per l'autenticazione OAuth2.
|
2021-07-27 14:55:59 +02:00
|
|
|
*
|
|
|
|
* @param AccessToken|null
|
|
|
|
*/
|
2021-09-23 17:13:19 +02:00
|
|
|
protected function updateTokens($access_token, $refresh_token)
|
2021-07-27 14:55:59 +02:00
|
|
|
{
|
2021-09-23 17:13:19 +02:00
|
|
|
$this->access_token = serialize($access_token);
|
2021-08-05 12:31:47 +02:00
|
|
|
|
2021-09-23 17:13:19 +02:00
|
|
|
$previous_refresh_token = $this->refresh_token;
|
|
|
|
$this->refresh_token = $refresh_token ?: $previous_refresh_token;
|
2021-08-05 12:31:47 +02:00
|
|
|
|
2021-09-23 17:13:19 +02:00
|
|
|
$this->save();
|
2021-07-27 14:55:59 +02:00
|
|
|
}
|
|
|
|
|
2021-09-23 17:13:19 +02:00
|
|
|
/**
|
|
|
|
* Controlla la validità dei token correnti e ne effettua il refresh se necessario.
|
|
|
|
*/
|
2021-07-27 14:55:59 +02:00
|
|
|
protected function checkTokens()
|
|
|
|
{
|
2021-09-23 17:13:19 +02:00
|
|
|
$access_token = unserialize($this->access_token);
|
2021-07-27 10:16:10 +02:00
|
|
|
|
|
|
|
if (!empty($access_token) && $access_token->hasExpired()) {
|
2021-07-27 14:49:18 +02:00
|
|
|
// Tentativo di refresh del token di accesso
|
2021-09-23 17:13:19 +02:00
|
|
|
$refresh_token = $this->refresh_token;
|
2021-07-27 14:49:18 +02:00
|
|
|
if (!empty($refresh_token)) {
|
2021-07-27 10:16:10 +02:00
|
|
|
$access_token = $this->getProvider()->getAccessToken('refresh_token', [
|
2021-09-23 17:13:19 +02:00
|
|
|
'refresh_token' => $this->refresh_token,
|
2021-07-27 10:16:10 +02:00
|
|
|
]);
|
2021-07-27 14:55:59 +02:00
|
|
|
|
2021-07-27 14:49:18 +02:00
|
|
|
$refresh_token = $access_token->getRefreshToken();
|
2021-07-27 10:16:10 +02:00
|
|
|
} else {
|
|
|
|
$access_token = null;
|
2021-07-27 14:49:18 +02:00
|
|
|
$refresh_token = null;
|
2021-07-27 10:16:10 +02:00
|
|
|
}
|
|
|
|
|
2021-07-27 14:49:18 +02:00
|
|
|
$this->updateTokens($access_token, $refresh_token);
|
2021-07-27 10:16:10 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|