· 6 years ago · Feb 06, 2019, 07:20 PM
1<?php
2
3abstract class Photonic_OAuth2_Processor extends Photonic_Processor {
4 public $scope, $response_type, $client_id, $client_secret, $state, $access_token, $refresh_token_valid;
5
6 function __construct() {
7 parent::__construct();
8 }
9
10 public abstract function authentication_url();
11
12 public abstract function access_token_url();
13
14 public function redirect_url() {
15 return get_site_url();
16 }
17
18 public function get_authorization_url($args = array()) {
19 $url = add_query_arg('test', 'test');
20 $url = remove_query_arg('test', $url);
21 $parameters = array_merge(array(
22 'response_type' => $this->response_type,
23 'redirect_uri' => $this->redirect_url(),
24 'client_id' => $this->client_id,
25 'scope' => $this->scope,
26 'access_type' => 'offline',
27 'state' => md5($this->client_secret.$this->provider).'::'.urlencode($url),
28 ), $args);
29 return $this->authentication_url()."?".$this->build_query($parameters);
30 }
31
32 /**
33 * Takes an OAuth request token and exchanges it for an access token.
34 *
35 * @param $request_token
36 */
37 function get_access_token($request_token) {
38 $code = $request_token['code'];
39 $state_args = explode('::', $request_token['state']);
40 $secret = md5($this->client_secret, false);
41
42 if ($state_args[0] == md5($this->client_secret.$this->provider)) {
43 $url = urldecode($state_args[1]);
44 $response = Photonic::http($this->access_token_URL(), 'POST', array(
45 'code' => $code,
46 'grant_type' => 'authorization_code',
47 'client_id' => $this->client_id,
48 'client_secret' => $this->client_secret,
49 'redirect_uri' => $this->redirect_url(),
50 ));
51 if (is_wp_error($response)) {
52 $url = add_query_arg('error', $response->get_error_code(), $url);
53 }
54 else if ($response == null) {
55 $url = add_query_arg('error', 'null', $url);
56 }
57 else {
58 $body = $response['body'];
59 $body = json_decode($body);
60
61 if (isset($_COOKIE['photonic-' . $secret . '-oauth-token'])) {
62 unset($_COOKIE['photonic-' . $secret . '-oauth-token']);
63 }
64 if (isset($_COOKIE['photonic-' . $secret . '-oauth-refresh-token']) && isset($body->refresh_token)) {
65 unset($_COOKIE['photonic-' . $secret . '-oauth-refresh-token']);
66 }
67 if (isset($_COOKIE['photonic-' . $secret . '-oauth-token-type'])) {
68 unset($_COOKIE['photonic-' . $secret . '-oauth-token-type']);
69 }
70 if (isset($_COOKIE['photonic-' . $secret . '-oauth-token-created'])) {
71 unset($_COOKIE['photonic-' . $secret . '-oauth-token-created']);
72 }
73 if (isset($_COOKIE['photonic-' . $secret . '-oauth-token-expires'])) {
74 unset($_COOKIE['photonic-' . $secret . '-oauth-token-expires']);
75 }
76 $cookie_expiration = 365 * 24 * 60 * 60;
77 setcookie('photonic-' . $secret . '-oauth-token', $body->access_token, time() + $cookie_expiration, COOKIEPATH);
78 if (isset($body->refresh_token)) {
79 setcookie('photonic-' . $secret . '-oauth-refresh-token', $body->refresh_token, time() + $cookie_expiration, COOKIEPATH);
80 }
81 setcookie('photonic-' . $secret . '-oauth-token-type', $body->token_type, time() + $cookie_expiration, COOKIEPATH);
82 setcookie('photonic-' . $secret . '-oauth-token-created', time(), time() + $cookie_expiration, COOKIEPATH);
83 setcookie('photonic-' . $secret . '-oauth-token-expires', $body->expires_in, time() + $cookie_expiration, COOKIEPATH);
84 }
85 }
86 else {
87 $url = remove_query_arg(array('token', 'code', 'state'));
88 }
89 wp_redirect($url);
90 exit();
91 }
92
93 function refresh_token($refresh_token) {
94 $token = $this->get_access_token_from_refresh($refresh_token, false);
95 if (!empty($token)) {
96 $secret = md5($this->client_secret, false);
97 if (isset($_COOKIE['photonic-' . $secret . '-oauth-token'])) {
98 unset($_COOKIE['photonic-' . $secret . '-oauth-token']);
99 }
100 if (isset($_COOKIE['photonic-' . $secret . '-oauth-token-type'])) {
101 unset($_COOKIE['photonic-' . $secret . '-oauth-token-type']);
102 }
103 if (isset($_COOKIE['photonic-' . $secret . '-oauth-token-created'])) {
104 unset($_COOKIE['photonic-' . $secret . '-oauth-token-created']);
105 }
106 if (isset($_COOKIE['photonic-' . $secret . '-oauth-token-expires'])) {
107 unset($_COOKIE['photonic-' . $secret . '-oauth-token-expires']);
108 }
109 $cookie_expiration = 365 * 24 * 60 * 60;
110 setcookie('photonic-' . $secret . '-oauth-token', $token['oauth_token'], time() + $cookie_expiration, COOKIEPATH);
111 setcookie('photonic-' . $secret . '-oauth-token-type', $token['oauth_token_type'], time() + $cookie_expiration, COOKIEPATH);
112 setcookie('photonic-' . $secret . '-oauth-token-created', $token['oauth_token_created'], time() + $cookie_expiration, COOKIEPATH);
113 setcookie('photonic-' . $secret . '-oauth-token-expires', $token['oauth_token_expires'], time() + $cookie_expiration, COOKIEPATH);
114 }
115 }
116
117 /**
118 * @param $refresh_token
119 */
120 public function perform_back_end_authentication($refresh_token) {
121 $photonic_authentication = get_option('photonic_authentication');
122 if (!isset($photonic_authentication)) {
123 $photonic_authentication = array();
124 }
125
126 if (!isset($photonic_authentication[$this->provider]) && !empty($refresh_token)) {
127 $token = $this->get_access_token_from_refresh($refresh_token, true);
128print_r('Token did not exist<br/>');
129print_r($token);
130 }
131 else if (isset($photonic_authentication[$this->provider])) {
132 $token = $photonic_authentication[$this->provider];
133print_r('Existing token<br/>');
134print_r($token);
135 if (isset($token)) {
136 if ($this->is_token_expired($token)) {
137 $token = $this->get_access_token_from_refresh($refresh_token, true);
138print_r('Token had expired. New token<br/>');
139print_r($token);
140 }
141 else {
142print_r('Token is valid<br/>');
143 $this->refresh_token_valid = true;
144 }
145 }
146 }
147
148 if (!empty($token)) {
149 $this->access_token = $token['oauth_token'];
150 }
151 }
152
153 function get_access_token_from_refresh($refresh_token, $save) {
154 $token = array();
155 $response = Photonic::http($this->access_token_url(), 'POST', array(
156 'client_id' => $this->client_id,
157 'client_secret' => $this->client_secret,
158 'refresh_token' => $refresh_token,
159 'grant_type' => 'refresh_token'
160 ));
161
162 if (!is_wp_error($response)) {
163 $token = $this->parse_token($response);
164 if (!empty($token)) {
165 $token['client_id'] = $this->client_id;
166 }
167 if ($save) {
168 $this->save_token($token);
169 }
170 }
171 return $token;
172 }
173
174 function is_token_expired($token) {
175 if (empty($token)) {
176 return true;
177 }
178 if (!isset($token['oauth_token']) || !isset($token['oauth_token_created']) || !isset($token['oauth_token_expires'])) {
179 return true;
180 }
181 if (!isset($token['client_id']) || (isset($token['client_id']) && $token['client_id'] !== $this->client_id)) {
182 return true;
183 }
184 $current = time();
185 if ($token['oauth_token_created'] + $token['oauth_token_expires'] < $current) {
186 return true;
187 }
188 return false;
189 }
190}