class OAuth2ControllerBase in Social Auth 3.x

Same name and namespace in other branches

8.2 src/Controller/OAuth2ControllerBase.php \Drupal\social_auth\Controller\OAuth2ControllerBase

Handle responses for Social Auth implementer controllers.

View source

class OAuth2ControllerBase extends ControllerBase {

  /**
   * The Messenger service.
   *
   * @var \Drupal\Core\Messenger\MessengerInterface
   */
  protected $messenger;

  /**
   * The network plugin manager.
   *
   * @var \Drupal\social_api\Plugin\NetworkManager
   */
  protected $networkManager;

  /**
   * The Social Auth user authenticator..
   *
   * @var \Drupal\social_auth\User\UserAuthenticator
   */
  protected $userAuthenticator;

  /**
   * The provider authentication manager.
   *
   * @var \Drupal\social_auth\AuthManager\OAuth2ManagerInterface
   */
  protected $providerManager;

  /**
   * Used to access GET parameters.
   *
   * @var \Symfony\Component\HttpFoundation\RequestStack
   */
  protected $request;

  /**
   * The Social Auth data handler.
   *
   * @var \Drupal\social_auth\SocialAuthDataHandler
   */
  protected $dataHandler;

  /**
   * The renderer service.
   *
   * @var \Drupal\Core\Render\Renderer
   */
  protected $renderer;

  /**
   * The implement plugin id.
   *
   * @var string
   */
  protected $pluginId;

  /**
   * The module name.
   *
   * @var string
   */
  protected $module;

  /**
   * SocialAuthControllerBase constructor.
   *
   * @param string $module
   *   The module name.
   * @param string $plugin_id
   *   The plugin id.
   * @param \Drupal\Core\Messenger\MessengerInterface $messenger
   *   The messenger service.
   * @param \Drupal\social_api\Plugin\NetworkManager $network_manager
   *   Used to get an instance of the network plugin.
   * @param \Drupal\social_auth\User\UserAuthenticator $user_authenticator
   *   Used to manage user authentication/registration.
   * @param \Drupal\social_auth\AuthManager\OAuth2ManagerInterface $provider_manager
   *   Used to manage authentication methods.
   * @param \Symfony\Component\HttpFoundation\RequestStack $request
   *   Used to access GET parameters.
   * @param \Drupal\social_auth\SocialAuthDataHandler $data_handler
   *   The Social Auth data handler.
   * @param \Drupal\Core\Render\RendererInterface $renderer
   *   Used to handle metadata for redirection to authentication URL.
   */
  public function __construct($module, $plugin_id, MessengerInterface $messenger, NetworkManager $network_manager, UserAuthenticator $user_authenticator, OAuth2ManagerInterface $provider_manager, RequestStack $request, SocialAuthDataHandler $data_handler, RendererInterface $renderer = NULL) {
    $this->module = $module;
    $this->pluginId = $plugin_id;
    $this->messenger = $messenger;
    $this->networkManager = $network_manager;
    $this->userAuthenticator = $user_authenticator;
    $this->providerManager = $provider_manager;
    $this->request = $request;
    $this->dataHandler = $data_handler;
    $this->renderer = $renderer;

    /*
     * TODO: Added for backward compatibility.
     *
     * Remove after implementers have been updated.
     * @see https://www.drupal.org/project/social_auth/issues/3033444
     */
    if (!$this->renderer) {
      $this->renderer = \Drupal::service('renderer');
    }

    // Sets the plugin id in user authenticator.
    $this->userAuthenticator
      ->setPluginId($plugin_id);

    // Sets the session prefix.
    $this->dataHandler
      ->setSessionPrefix($plugin_id);

    // Sets the session keys to nullify if user could not logged in.
    $this->userAuthenticator
      ->setSessionKeysToNullify([
      'access_token',
      'oauth2state',
    ]);
  }

  /**
   * Response for implementer authentication url.
   *
   * Redirects the user to provider for authentication.
   *
   * This is done in a render context in order to bubble cacheable metadata
   * created during authentication URL generation.
   *
   * @see https://www.drupal.org/project/social_auth/issues/3033444
   */
  public function redirectToProvider() {
    $context = new RenderContext();

    /** @var \Drupal\Core\Routing\TrustedRedirectResponse|\Symfony\Component\HttpFoundation\RedirectResponse $response */
    $response = $this->renderer
      ->executeInRenderContext($context, function () {
      try {

        /** @var \League\OAuth2\Client\Provider\AbstractProvider|false $client */
        $client = $this->networkManager
          ->createInstance($this->pluginId)
          ->getSdk();

        // If provider client could not be obtained.
        if (!$client) {
          $this->messenger
            ->addError($this
            ->t('%module not configured properly. Contact site administrator.', [
            '%module' => $this->module,
          ]));
          return $this
            ->redirect('user.login');
        }

        /*
         * If destination parameter is set, save it.
         *
         * The destination parameter is also _removed_ from the current request
         * to prevent it from overriding Social Auth's TrustedRedirectResponse.
         *
         * @see https://www.drupal.org/project/drupal/issues/2950883
         *
         * TODO: Remove the remove() call after 2950883 is solved.
         */
        $destination = $this->request
          ->getCurrentRequest()
          ->get('destination');
        if ($destination) {
          $this->userAuthenticator
            ->setDestination($destination);
          $this->request
            ->getCurrentRequest()->query
            ->remove('destination');
        }

        // Provider service was returned, inject it to $providerManager.
        $this->providerManager
          ->setClient($client);

        // Generates the URL for authentication.
        $auth_url = $this->providerManager
          ->getAuthorizationUrl();
        $state = $this->providerManager
          ->getState();
        $this->dataHandler
          ->set('oauth2state', $state);
        $this->userAuthenticator
          ->dispatchBeforeRedirect($destination);
        return new TrustedRedirectResponse($auth_url);
      } catch (PluginException $exception) {
        $this->messenger
          ->addError($this
          ->t('There has been an error when creating plugin.'));
        return $this
          ->redirect('user.login');
      }
    });

    // Add bubbleable metadata to the response.
    if ($response instanceof TrustedRedirectResponse && !$context
      ->isEmpty()) {
      $bubbleable_metadata = $context
        ->pop();
      $response
        ->addCacheableDependency($bubbleable_metadata);
    }
    return $response;
  }

  /**
   * Process implementer callback path.
   *
   * @return \League\OAuth2\Client\Provider\GenericResourceOwner|null
   *   The user info if successful.
   *   Null otherwise.
   */
  public function processCallback() {
    try {

      /** @var \League\OAuth2\Client\Provider\AbstractProvider|false $client */
      $client = $this->networkManager
        ->createInstance($this->pluginId)
        ->getSdk();

      // If provider client could not be obtained.
      if (!$client) {
        $this->messenger
          ->addError($this
          ->t('%module not configured properly. Contact site administrator.', [
          '%module' => $this->module,
        ]));
        return NULL;
      }
      $state = $this->dataHandler
        ->get('oauth2state');

      // Retrieves $_GET['state'].
      $retrievedState = $this->request
        ->getCurrentRequest()->query
        ->get('state');
      if (empty($retrievedState) || $retrievedState !== $state) {
        $this->userAuthenticator
          ->nullifySessionKeys();
        $this->messenger
          ->addError($this
          ->t('Login failed. Invalid OAuth2 state.'));
        return NULL;
      }
      $this->providerManager
        ->setClient($client)
        ->authenticate();

      // Saves access token to session.
      $this->dataHandler
        ->set('access_token', $this->providerManager
        ->getAccessToken());

      // Gets user's info from provider.
      if (!($profile = $this->providerManager
        ->getUserInfo())) {
        $this->messenger
          ->addError($this
          ->t('Login failed, could not load user profile. Contact site administrator.'));
        return NULL;
      }
      return $profile;
    } catch (PluginException $exception) {
      $this->messenger
        ->addError($this
        ->t('There has been an error when creating plugin.'));
      return NULL;
    }
  }

  /**
   * Checks if there was an error during authentication with provider.
   *
   * When there is an authentication problem in a provider (e.g. user did not
   * authorize the app), a query to the client containing an error key is often
   * returned. This method checks for such key, dispatches an event, and returns
   * a redirect object where there is an authentication error.
   *
   * @param string $key
   *   The query parameter key to check for authentication error.
   *
   * @return \Symfony\Component\HttpFoundation\RedirectResponse|null
   *   Redirect response object that may be returned by the controller or null.
   */
  protected function checkAuthError($key = 'error') {
    $request_query = $this->request
      ->getCurrentRequest()->query;

    // Checks if authentication failed.
    if ($request_query
      ->has($key)) {
      $this->messenger
        ->addError($this
        ->t('You could not be authenticated.'));
      $response = $this->userAuthenticator
        ->dispatchAuthenticationError($request_query
        ->get($key));
      if ($response) {
        return $response;
      }
      return $this
        ->redirect('user.login');
    }
    return NULL;
  }

}

Members

Name	Modifiers	Type	Description	Overrides
ControllerBase::$configFactory	protected	property	The configuration factory.
ControllerBase::$currentUser	protected	property	The current user service.	1
ControllerBase::$entityFormBuilder	protected	property	The entity form builder.
ControllerBase::$entityTypeManager	protected	property	The entity type manager.
ControllerBase::$formBuilder	protected	property	The form builder.	2
ControllerBase::$keyValue	protected	property	The key-value storage.	1
ControllerBase::$languageManager	protected	property	The language manager.	1
ControllerBase::$moduleHandler	protected	property	The module handler.	2
ControllerBase::$stateService	protected	property	The state service.
ControllerBase::cache	protected	function	Returns the requested cache bin.
ControllerBase::config	protected	function	Retrieves a configuration object.
ControllerBase::container	private	function	Returns the service container.
ControllerBase::create	public static	function	Instantiates a new instance of this class. Overrides ContainerInjectionInterface::create	46
ControllerBase::currentUser	protected	function	Returns the current user.	1
ControllerBase::entityFormBuilder	protected	function	Retrieves the entity form builder.
ControllerBase::entityTypeManager	protected	function	Retrieves the entity type manager.
ControllerBase::formBuilder	protected	function	Returns the form builder service.	2
ControllerBase::keyValue	protected	function	Returns a key/value storage collection.	1
ControllerBase::languageManager	protected	function	Returns the language manager service.	1
ControllerBase::moduleHandler	protected	function	Returns the module handler.	2
ControllerBase::redirect	protected	function	Returns a redirect response object for the specified route.
ControllerBase::state	protected	function	Returns the state storage service.
LoggerChannelTrait::$loggerFactory	protected	property	The logger channel factory service.
LoggerChannelTrait::getLogger	protected	function	Gets the logger for a specific channel.
LoggerChannelTrait::setLoggerFactory	public	function	Injects the logger channel factory.
MessengerTrait::messenger	public	function	Gets the messenger.	27
MessengerTrait::setMessenger	public	function	Sets the messenger.
OAuth2ControllerBase::$dataHandler	protected	property	The Social Auth data handler.
OAuth2ControllerBase::$messenger	protected	property	The Messenger service. Overrides MessengerTrait::$messenger
OAuth2ControllerBase::$module	protected	property	The module name.
OAuth2ControllerBase::$networkManager	protected	property	The network plugin manager.
OAuth2ControllerBase::$pluginId	protected	property	The implement plugin id.
OAuth2ControllerBase::$providerManager	protected	property	The provider authentication manager.
OAuth2ControllerBase::$renderer	protected	property	The renderer service.
OAuth2ControllerBase::$request	protected	property	Used to access GET parameters.
OAuth2ControllerBase::$userAuthenticator	protected	property	The Social Auth user authenticator..
OAuth2ControllerBase::checkAuthError	protected	function	Checks if there was an error during authentication with provider.
OAuth2ControllerBase::processCallback	public	function	Process implementer callback path.
OAuth2ControllerBase::redirectToProvider	public	function	Response for implementer authentication url.
OAuth2ControllerBase::__construct	public	function	SocialAuthControllerBase constructor.
RedirectDestinationTrait::$redirectDestination	protected	property	The redirect destination service.	1
RedirectDestinationTrait::getDestinationArray	protected	function	Prepares a 'destination' URL query parameter for use with \Drupal\Core\Url.
RedirectDestinationTrait::getRedirectDestination	protected	function	Returns the redirect destination service.
RedirectDestinationTrait::setRedirectDestination	public	function	Sets the redirect destination service.
StringTranslationTrait::$stringTranslation	protected	property	The string translation service.	4
StringTranslationTrait::formatPlural	protected	function	Formats a string containing a count of items.
StringTranslationTrait::getNumberOfPlurals	protected	function	Returns the number of plurals supported by a given language.
StringTranslationTrait::getStringTranslation	protected	function	Gets the string translation service.
StringTranslationTrait::setStringTranslation	public	function	Sets the string translation service to use.	2
StringTranslationTrait::t	protected	function	Translates a string to the current language or to a given language.

You are here

class OAuth2ControllerBase in Social Auth 3.x

Hierarchy

File

Namespace

Members

API Navigation