aiden
/
pixelfed
mirror of https://github.com/pixelfed/pixelfed
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
dev
staging
l10n_staging
shleeable-patch-1
groups
vue3
v0.1.9
v0.10.0
v0.10.1
v0.10.10
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.10.6
v0.10.7
v0.10.8
v0.10.9
v0.11.0
v0.11.1
v0.11.10
v0.11.11
v0.11.12
v0.11.13
v0.11.2
v0.11.3
v0.11.4
v0.11.5
v0.11.6
v0.11.7
v0.11.8
v0.11.9
v0.12.0
v0.12.1
v0.12.2
v0.12.3
v0.12.4
v0.12.5
v0.5.9
v0.6.0
v0.6.1
v0.7.6
v0.8.0
v0.8.5
v0.8.6
v0.9.0
v0.9.4
v0.9.5
v0.9.6
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3861e7ddfe'
${ noResults }
pixelfed/app/Http/Controllers/RemoteOidcController.php

122 lines
3.5 KiB
PHP
Raw Blame History

<?php
namespace App\Http\Controllers;
use App\Models\UserOidcMapping;
use Purify;
use App\Services\EmailService;
use App\Services\UserOidcService;
use App\User;
use Illuminate\Auth\Events\Registered;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Str;
use App\Rules\EmailNotBanned;
use App\Rules\PixelfedUsername;
class RemoteOidcController extends Controller
{
protected $fractal;
public function start(UserOidcService $provider, Request $request)
{
abort_unless((bool) config('remote-auth.oidc.enabled'), 404);
if ($request->user()) {
return redirect('/');
}
$url = $provider->getAuthorizationUrl([
'scope' => $provider->getDefaultScopes(),
]);
$request->session()->put('oauth2state', $provider->getState());
return redirect($url);
}
public function handleCallback(UserOidcService $provider, Request $request)
{
abort_unless((bool) config('remote-auth.oidc.enabled'), 404);
if ($request->user()) {
return redirect('/');
}
abort_unless($request->input("state"), 400);
abort_unless($request->input("code"), 400);
abort_unless(hash_equals($request->session()->pull('oauth2state'), $request->input("state")), 400, "invalid state");
$accessToken = $provider->getAccessToken('authorization_code', [
'code' => $request->get('code')
]);
$userInfo = $provider->getResourceOwner($accessToken);
$userInfoId = $userInfo->getId();
$userInfoData = $userInfo->toArray();
$mappedUser = UserOidcMapping::where('oidc_id', $userInfoId)->first();
if ($mappedUser) {
$this->guarder()->login($mappedUser->user);
return redirect('/');
}
abort_if(EmailService::isBanned($userInfoData["email"]), 400, 'Banned email.');
$user = $this->createUser([
'username' => $userInfoData[config('remote-auth.oidc.field_username')],
'name' => $userInfoData["name"] ?? $userInfoData["display_name"] ?? $userInfoData[config('remote-auth.oidc.field_username')] ?? null,
'email' => $userInfoData["email"],
]);
UserOidcMapping::create([
'user_id' => $user->id,
'oidc_id' => $userInfoId,
]);
return redirect('/');
}
protected function createUser($data)
{
$this->validate(new Request($data), [
'email' => [
'required',
'string',
'email:strict,filter_unicode,dns,spoof',
'max:255',
'unique:users',
new EmailNotBanned(),
],
'username' => [
'required',
'min:2',
'max:30',
'unique:users,username',
new PixelfedUsername(),
],
'name' => 'nullable|max:30',
]);
event(new Registered($user = User::create([
'name' => Purify::clean($data['name']),
'username' => $data['username'],
'email' => $data['email'],
'password' => Hash::make(Str::password()),
'email_verified_at' => now(),
'app_register_ip' => request()->ip(),
'register_source' => 'oidc',
])));
$this->guarder()->login($user);
return $user;
}
protected function guarder()
{
return Auth::guard();
}
}
Reference in New Issue View Git Blame Copy Permalink