Enabled OAuth/OAuth2 logins

modules/oauth/classes/Auth/Facebook.php

@@ -9,133 +9,6 @@
  * @copyright  (c) 2009-2013 Open Source Billing
  * @license    http://dev.osbill.net/license.html
  */
-class Auth_Facebook extends Auth_ORM {
-	// Our Facebook config data
-	private $config;
-	private $data;
-	// Our Facebook Object
-	private $fb;
-	private $me;
-	// Our OAuth Object
-	private $oo;
-	// Facebook UID
-	private $uid;
-
-	/**
-	 * Perform the login processing
-	 *
-	 * We ignore password, since it is required in the parent(), we dont need it in Oauth
-	 */
-	protected function _login($user,$password,$remember) {
-		$this->complete_login($user);
-
-		if ($remember) {
-	                $aoo = ORM::factory('Account_Oauth',array('account_id'=>$user->id));
-
-	                // Record our user in the DB
-	                $aoo->account_id = $user->id;
-	                $aoo->oauth_id = $this->oo->id;
-			$aoo->userid = $remember->user_id();
-
-			switch ($this->oo->name) {
-				case 'facebook':
-					$aoo->oauth_data = $remember->fb->getAccessToken();
-					break;
-			}
-
-			return $aoo->save();
-		}
-	}
-	public function __construct(Model_Oauth $oo) {
-		include Kohana::find_file('vendor', 'facebook');
-		$this->oo = $oo;
-
-		// Load configuration "config/facebook"
-		$this->config = Kohana::$config->load('facebook');
-
-		parent::__construct((array)Kohana::$config->load('auth'));
-
-		// Create new Facebook object
-		$this->fb = new Facebook(array(
-			'appId' =>  $oo->app_id,
-			'secret' =>  $oo->secret,
-			'cookie' =>  $this->config->cookie,
-			'session_type' => $this->config->session_type,
-		));
-
-		try {
-			$this->me = $this->fb->api('/' . $this->fb->getUser(), 'GET');
-
-		} catch (FacebookApiException $e) {
-			// Do nothing.
-		}
-	}
-
-	/**
-	 * Returns user data, default in case of failure.
-	 *
-	 * @param $key
-	 * @param null $default
-	 * @return mixed
-	 * @throws FacebookApiException
-	 */
-	public function get($key,$default=NULL) {
-		if (! $uid = $this->user_id()) {
-			$this->login_url();
-
-			throw new FacebookApiException('User is not logged in.');
-		}
-
-		if (empty($this->data))
-			$this->data = $this->fb->api(array(
-				'method' => 'fql.query',
-				'query' => sprintf('SELECT %s FROM user WHERE uid = %s',$this->config_fields,$uid),
-			));
-
-		return (! empty($this->data[0][$key])) ? $this->data[0][$key] : $default;
-	}
-
-	/**
-	 * Is user currently logged into facebook?
-	 */
-	public function logged_in($role=NULL,$debug=NULL) {
-		return $this->fb->getUser() ? TRUE : FALSE;
-	}
-
-	/**
-	 * Creates a login url, based on scope, redirect_uri and display.
-	 *
-	 * @return string
-	 */
-	public function login_url() {
-		return urldecode($this->fb->getLoginUrl(array(
-			'scope' => $this->config->scope,
-			'redirect_uri' => $this->config->redirect_uri,
-			'display' => $this->config->display,
-		)));
-	}
-
-	/**
-	 * Creates a logout url based on next.
-	 *
-	 * @return string
-	 */
-	public function logout_url() {
-		return urldecode($this->fb->getLogoutUrl(array('next'=>$this->config->next)));
-	}
-
-	/**
-	 * Return user id if success, otherwise FALSE.
-	 */
-	public function user_id() {
-		if ($this->logged_in()) {
-			$this->uid = $this->fb->getUser();
-
-			return $this->uid;
-
-		} else {
-			return FALSE;
-		}
-	}
+class Auth_Facebook extends Auth_ORM_External_OAuth2 {
 }
 ?>

modules/oauth/classes/Auth/Facebook_Connect.php

@@ -0,0 +1,121 @@
+<?php defined('SYSPATH') or die('No direct access allowed.');
+
+/**
+ * This class provides Authentication using Facebook
+ *
+ * @package    OAuth
+ * @category   Classes
+ * @author     Deon George
+ * @copyright  (c) 2009-2013 Open Source Billing
+ * @license    http://dev.osbill.net/license.html
+ */
+class Auth_Facebook extends Auth_ORM_External {
+	// Our Facebook config data
+	private $config;
+	private $data;
+	private $me;
+	// Facebook UID
+	private $uid;
+
+	public function __construct(Model_Oauth $oo) {
+		// If our user refused, then no point continuing
+		if ($problem = Arr::get($_REQUEST,'error'))
+			switch ($problem) {
+				case 'access_denied':
+					HTTP::redirect('login');
+
+				default:
+					throw HTTP_Exception::factory(501,'Unknown OAuth Problem :problem',array(':problem'=>$problem));
+			}
+
+		parent::__construct($oo);
+
+		include Kohana::find_file('vendor', 'facebook');
+
+		// Load configuration "config/facebook"
+		$this->config = Kohana::$config->load('facebook');
+
+		// Create new Facebook object
+		$this->ao = new Facebook(array(
+			'appId' =>  $oo->app_id,
+			'secret' =>  $oo->secret,
+			'cookie' =>  $this->config->cookie,
+			'session_type' => $this->config->session_type,
+		));
+
+		try {
+			$this->me = $this->ao->api('/' . $this->ao->getUser(), 'GET');
+
+		} catch (FacebookApiException $e) {
+			// Do nothing.
+		}
+	}
+
+	/**
+	 * Returns user data, default in case of failure.
+	 *
+	 * @param $key
+	 * @param null $default
+	 * @return mixed
+	 * @throws FacebookApiException
+	 */
+	public function get($key,$default=NULL) {
+		if (! $uid = $this->user_id()) {
+			$this->login_url();
+
+			throw new FacebookApiException('User is not logged in.');
+		}
+
+		if (empty($this->data))
+			$this->data = $this->ao->api(array(
+				'method' => 'fql.query',
+				'query' => sprintf('SELECT %s FROM user WHERE uid = %s',$this->config_fields,$uid),
+			));
+
+		return (! empty($this->data[0][$key])) ? $this->data[0][$key] : $default;
+	}
+
+	/**
+	 * Is user currently logged into facebook?
+	 */
+	public function logged_in($role=NULL,$debug=NULL) {
+		return $this->ao->getUser() ? TRUE : FALSE;
+	}
+
+	/**
+	 * Creates a login url, based on scope, redirect_uri and display.
+	 *
+	 * @return string
+	 */
+	public function login_url() {
+		return urldecode($this->ao->getLoginUrl(array(
+			'scope' => $this->config->scope,
+			'redirect_uri' => $this->config->redirect_uri,
+			'display' => $this->config->display,
+		)));
+	}
+
+	/**
+	 * Creates a logout url based on next.
+	 *
+	 * @return string
+	 */
+	public function logout_url() {
+		return urldecode($this->ao->getLogoutUrl(array('next'=>$this->config->next)));
+	}
+
+	/**
+	 * Return user id if success, otherwise FALSE.
+	 */
+	public function user_id() {
+		if ($this->logged_in()) {
+			$this->uid = $this->ao->getUser();
+
+			return $this->uid;
+
+		} else {
+			return FALSE;
+		}
+	}
+}
+?>

modules/oauth/classes/Auth/Google.php

@@ -0,0 +1,14 @@
+<?php defined('SYSPATH') or die('No direct access allowed.');
+
+/**
+ * This class provides Authentication using Google
+ *
+ * @package    OAuth
+ * @category   Classes
+ * @author     Deon George
+ * @copyright  (c) 2009-2013 Open Source Billing
+ * @license    http://dev.osbill.net/license.html
+ */
+class Auth_Google extends Auth_ORM_External_OAuth2 {
+}
+?>

modules/oauth/classes/Auth/Linkedin.php

@@ -0,0 +1,14 @@
+<?php defined('SYSPATH') or die('No direct access allowed.');
+
+/**
+ * This class provides Authentication using Google
+ *
+ * @package    OAuth
+ * @category   Classes
+ * @author     Deon George
+ * @copyright  (c) 2009-2013 Open Source Billing
+ * @license    http://dev.osbill.net/license.html
+ */
+class Auth_Linkedin extends Auth_ORM_External_OAuth {
+}
+?>

modules/oauth/classes/Auth/ORM/External.php

@@ -0,0 +1,50 @@
+<?php defined('SYSPATH') or die('No direct access allowed.');
+
+/**
+ * This class extends Auth_ORM to enable external authentication
+ *
+ * @package    OAuth
+ * @category   Classes
+ * @author     Deon George
+ * @copyright  (c) 2009-2013 Deon George
+ * @license    http://dev.leenooks.net/license.html
+ */
+abstract class Auth_ORM_External extends Auth_ORM {
+	// Our Authentication Object
+	protected $ao;
+	// Our OAuth Model Object
+	protected $oo;
+
+	public function __construct(Model_Oauth $oo) {
+		parent::__construct((array)Kohana::$config->load('auth'));
+
+		$this->oo = $oo;
+	}
+
+	protected function _login($user,$password,$remember) {
+		$this->complete_login($user);
+
+		if ($remember) {
+			$aoo = $this->oo->account_oauth->where('account_id','=',$user->id)->find();
+
+			// Record our user in the DB
+			$aoo->account_id = $user->id;
+			$aoo->oauth_id = $this->oo->id;
+			$aoo->userid = $remember->user_id();
+
+			if ($user instanceof Auth_ORM_External_OAuth2 OR $user instanceof Auth_ORM_External_OAuth)
+				$aoo->oauth_data = array(
+					'token'=>$remember->token,
+				);
+			elseif ($user instanceof Auth_ORM_External)
+				$aoo->oauth_data = array(
+					'token'=>$remember->ao->getAccessToken(),
+				);
+
+			return $aoo->save();
+		}
+
+		return TRUE;
+	}
+}
+?>

modules/oauth/classes/Auth/ORM/External/OAuth.php

@@ -0,0 +1,97 @@
+<?php defined('SYSPATH') or die('No direct access allowed.');
+
+/**
+ * This class extends Auth_ORM to enable external authentication
+ *
+ * @package    OAuth
+ * @category   Classes
+ * @author     Deon George
+ * @copyright  (c) 2009-2013 Deon George
+ * @license    http://dev.leenooks.net/license.html
+ */
+abstract class Auth_ORM_External_OAuth extends Auth_ORM_External {
+	// OAuth Objects
+	protected $consumer;
+	protected $provider;
+	protected $token;
+
+	public function __construct(Model_Oauth $oo) {
+		// If our user refused, then no point continuing
+		if ($problem = Arr::get($_REQUEST,'oauth_problem'))
+			switch ($problem) {
+				case 'user_refused':
+					HTTP::redirect('login');
+				default:
+					throw HTTP_Exception::factory(501,'Unknown OAuth Problem :problem',array(':problem'=>$problem));
+			}
+			
+		parent::__construct($oo);
+
+		// Load the provider
+		$this->provider = OAuth_Provider::factory($this->oo->name);
+
+		// Load the consumer for this provider
+		$this->consumer = OAuth_Consumer::factory(array(
+			'key'=>$this->oo->app_id,
+			'secret'=>$this->oo->secret,
+		));
+	}
+
+	protected function _login($user,$password,$remember) {
+		// During login, we dont need to keep out token anymore
+		Session::instance()->delete('oauth.token');
+
+		return parent::_login($user,$password,$remember);
+	}
+
+	/**
+	 * Is user currently log in??
+	 * If we have a valid token, then we are.
+	 */
+	public function logged_in($role=NULL,$debug=NULL) {
+		// Attempt to complete signin
+		if ($verifier = Arr::get($_REQUEST,'oauth_verifier')) {
+			// Restart the login process
+			if (! $token = Session::instance()->get_once('oauth.request') OR $token->token !== Arr::get($_REQUEST,'oauth_token'))
+				return FALSE;
+
+			// Store the verifier in the token
+			$token->verifier($verifier);
+
+			// Exchange the request token for an access token
+			$this->token = $this->provider->access_token($this->consumer,$token);
+
+			// Store the access token
+			Session::instance()->set('oauth.token',$this->token);
+
+		// Otherwise try and get our token from our session.
+		} else {
+			$this->token = Session::instance()->get('oauth.token');
+		}
+
+		// @todo We need to check that the token is still valid.
+		return $this->token ? TRUE : FALSE;
+	}
+
+	/**
+	 * Our URL that starts the login process
+	 */
+	public function login_url() {
+		// Add the callback URL to the consumer
+		$this->consumer->callback(URL::site('oauth/login/'.$this->oo->name,TRUE));
+
+		// Get a request token for the consumer
+		$token = $this->provider->request_token($this->consumer);
+
+		// Store the token
+		Session::instance()->set('oauth.request',$token);
+
+		// Get the login URL from the provider
+		return $this->provider->authorize_url($token);
+	}
+
+	public function user_id() {
+		return $this->provider->user_details($this->consumer,$this->token)->id();
+	}
+}
+?>

modules/oauth/classes/Auth/ORM/External/OAuth2.php

@@ -0,0 +1,86 @@
+<?php defined('SYSPATH') or die('No direct access allowed.');
+
+/**
+ * This class extends Auth_ORM to enable external authentication
+ *
+ * @package    OAuth
+ * @category   Classes
+ * @author     Deon George
+ * @copyright  (c) 2009-2013 Deon George
+ * @license    http://dev.leenooks.net/license.html
+ */
+abstract class Auth_ORM_External_OAuth2 extends Auth_ORM_External {
+	// OAuth Objects
+	protected $client;
+	protected $provider;
+	protected $token;
+
+	public function __construct(Model_Oauth $oo) {
+		// If our user refused, then no point continuing
+		if ($problem = Arr::get($_REQUEST,'error'))
+			switch ($problem) {
+				case 'access_denied':
+					HTTP::redirect('login');
+
+				default:
+					throw HTTP_Exception::factory(501,'Unknown OAuth Problem :problem',array(':problem'=>$problem));
+			}
+
+		parent::__construct($oo);
+
+		// Load the provider
+		$this->provider = OAuth2_Provider::factory($this->oo->name);
+
+		// Load the client for this provider
+		$this->client = OAuth2_Client::factory(array(
+			'id'=>$this->oo->app_id,
+			'secret'=>$this->oo->secret,
+		));
+	}
+
+	/**
+	 * Is user currently log in??
+	 * If we have a valid token, then we are.
+	 */
+	public function logged_in($role=NULL,$debug=NULL) {
+		// Attempt to complete signin
+		if ($code = Arr::get($_REQUEST,'code')) {
+			$state = Arr::get($_REQUEST,'state');
+			if (! $state OR $state != Session::instance()->get_once('oauth.state'))
+				return FALSE;
+
+			// Add the callback URL to the consumer
+			$this->client->callback(URL::site('oauth/login/'.$this->oo->name,TRUE));
+
+			// Exchange the authorization code for an access token
+			$this->token = $this->provider->access_token($this->client,$code);
+			Session::instance()->set('oauth.token',$this->token);
+
+		// Otherwise try and get our token from our session.
+		} else {
+			$this->token = Session::instance()->get_once('oauth.token');
+		}
+
+		// @todo We need to check that the token is still valid.
+		return $this->token ? TRUE : FALSE;
+	}
+
+	/**
+	 * Our URL that starts the login process
+	 */
+	public function login_url() {
+		$state = sha1($this->oo->name.time());
+		Session::instance()->set('oauth.state',$state);
+
+		// Add the callback URL to the consumer
+		$this->client->callback(URL::site('oauth/login/'.$this->oo->name,TRUE));
+
+		// Get the login URL from the provider
+		return $this->provider->authorize_url($this->client,array('state'=>$state));
+	}
+
+	public function user_id() {
+		return $this->provider->user_details($this->client,array('access_token'=>$this->token))->id();
+	}
+}
+?>