Enabled OAuth/OAuth2 logins

modules/oauth/classes/Auth/ORM/External/OAuth.php

@@ -0,0 +1,97 @@
+<?php defined('SYSPATH') or die('No direct access allowed.');
+
+/**
+ * This class extends Auth_ORM to enable external authentication
+ *
+ * @package    OAuth
+ * @category   Classes
+ * @author     Deon George
+ * @copyright  (c) 2009-2013 Deon George
+ * @license    http://dev.leenooks.net/license.html
+ */
+abstract class Auth_ORM_External_OAuth extends Auth_ORM_External {
+	// OAuth Objects
+	protected $consumer;
+	protected $provider;
+	protected $token;
+
+	public function __construct(Model_Oauth $oo) {
+		// If our user refused, then no point continuing
+		if ($problem = Arr::get($_REQUEST,'oauth_problem'))
+			switch ($problem) {
+				case 'user_refused':
+					HTTP::redirect('login');
+				default:
+					throw HTTP_Exception::factory(501,'Unknown OAuth Problem :problem',array(':problem'=>$problem));
+			}
+			
+		parent::__construct($oo);
+
+		// Load the provider
+		$this->provider = OAuth_Provider::factory($this->oo->name);
+
+		// Load the consumer for this provider
+		$this->consumer = OAuth_Consumer::factory(array(
+			'key'=>$this->oo->app_id,
+			'secret'=>$this->oo->secret,
+		));
+	}
+
+	protected function _login($user,$password,$remember) {
+		// During login, we dont need to keep out token anymore
+		Session::instance()->delete('oauth.token');
+
+		return parent::_login($user,$password,$remember);
+	}
+
+	/**
+	 * Is user currently log in??
+	 * If we have a valid token, then we are.
+	 */
+	public function logged_in($role=NULL,$debug=NULL) {
+		// Attempt to complete signin
+		if ($verifier = Arr::get($_REQUEST,'oauth_verifier')) {
+			// Restart the login process
+			if (! $token = Session::instance()->get_once('oauth.request') OR $token->token !== Arr::get($_REQUEST,'oauth_token'))
+				return FALSE;
+
+			// Store the verifier in the token
+			$token->verifier($verifier);
+
+			// Exchange the request token for an access token
+			$this->token = $this->provider->access_token($this->consumer,$token);
+
+			// Store the access token
+			Session::instance()->set('oauth.token',$this->token);
+
+		// Otherwise try and get our token from our session.
+		} else {
+			$this->token = Session::instance()->get('oauth.token');
+		}
+
+		// @todo We need to check that the token is still valid.
+		return $this->token ? TRUE : FALSE;
+	}
+
+	/**
+	 * Our URL that starts the login process
+	 */
+	public function login_url() {
+		// Add the callback URL to the consumer
+		$this->consumer->callback(URL::site('oauth/login/'.$this->oo->name,TRUE));
+
+		// Get a request token for the consumer
+		$token = $this->provider->request_token($this->consumer);
+
+		// Store the token
+		Session::instance()->set('oauth.request',$token);
+
+		// Get the login URL from the provider
+		return $this->provider->authorize_url($token);
+	}
+
+	public function user_id() {
+		return $this->provider->user_details($this->consumer,$this->token)->id();
+	}
+}
+?>

modules/oauth/classes/Auth/ORM/External/OAuth2.php

@@ -0,0 +1,86 @@
+<?php defined('SYSPATH') or die('No direct access allowed.');
+
+/**
+ * This class extends Auth_ORM to enable external authentication
+ *
+ * @package    OAuth
+ * @category   Classes
+ * @author     Deon George
+ * @copyright  (c) 2009-2013 Deon George
+ * @license    http://dev.leenooks.net/license.html
+ */
+abstract class Auth_ORM_External_OAuth2 extends Auth_ORM_External {
+	// OAuth Objects
+	protected $client;
+	protected $provider;
+	protected $token;
+
+	public function __construct(Model_Oauth $oo) {
+		// If our user refused, then no point continuing
+		if ($problem = Arr::get($_REQUEST,'error'))
+			switch ($problem) {
+				case 'access_denied':
+					HTTP::redirect('login');
+
+				default:
+					throw HTTP_Exception::factory(501,'Unknown OAuth Problem :problem',array(':problem'=>$problem));
+			}
+
+		parent::__construct($oo);
+
+		// Load the provider
+		$this->provider = OAuth2_Provider::factory($this->oo->name);
+
+		// Load the client for this provider
+		$this->client = OAuth2_Client::factory(array(
+			'id'=>$this->oo->app_id,
+			'secret'=>$this->oo->secret,
+		));
+	}
+
+	/**
+	 * Is user currently log in??
+	 * If we have a valid token, then we are.
+	 */
+	public function logged_in($role=NULL,$debug=NULL) {
+		// Attempt to complete signin
+		if ($code = Arr::get($_REQUEST,'code')) {
+			$state = Arr::get($_REQUEST,'state');
+			if (! $state OR $state != Session::instance()->get_once('oauth.state'))
+				return FALSE;
+
+			// Add the callback URL to the consumer
+			$this->client->callback(URL::site('oauth/login/'.$this->oo->name,TRUE));
+
+			// Exchange the authorization code for an access token
+			$this->token = $this->provider->access_token($this->client,$code);
+			Session::instance()->set('oauth.token',$this->token);
+
+		// Otherwise try and get our token from our session.
+		} else {
+			$this->token = Session::instance()->get_once('oauth.token');
+		}
+
+		// @todo We need to check that the token is still valid.
+		return $this->token ? TRUE : FALSE;
+	}
+
+	/**
+	 * Our URL that starts the login process
+	 */
+	public function login_url() {
+		$state = sha1($this->oo->name.time());
+		Session::instance()->set('oauth.state',$state);
+
+		// Add the callback URL to the consumer
+		$this->client->callback(URL::site('oauth/login/'.$this->oo->name,TRUE));
+
+		// Get the login URL from the provider
+		return $this->provider->authorize_url($this->client,array('state'=>$state));
+	}
+
+	public function user_id() {
+		return $this->provider->user_details($this->client,array('access_token'=>$this->token))->id();
+	}
+}
+?>