diff --git a/app/config/providers.php b/app/config/providers.php index 9e5f329eb..3dae33c61 100644 --- a/app/config/providers.php +++ b/app/config/providers.php @@ -19,7 +19,7 @@ return [ 'gitlab' => [ 'developers' => 'https://docs.gitlab.com/ee/api/', 'icon' => 'icon-gitlab', - 'enabled' => true, + 'enabled' => false, ], 'google' => [ 'developers' => 'https://developers.google.com/', diff --git a/app/controllers/auth.php b/app/controllers/auth.php index 96bf3ae64..f4538275e 100644 --- a/app/controllers/auth.php +++ b/app/controllers/auth.php @@ -716,7 +716,7 @@ $utopia->get('/v1/auth/oauth/:provider/redirect') } $oauthID = $oauth->getUserID($accessToken); - + if (empty($oauthID)) { if (!empty($state['failure'])) { $response->redirect($state['failure'], 301, 0); @@ -726,7 +726,7 @@ $utopia->get('/v1/auth/oauth/:provider/redirect') } $current = Auth::tokenVerify($user->getAttribute('tokens', []), Auth::TOKEN_TYPE_LOGIN, Auth::$secret); - + if ($current) { $projectDB->deleteDocument($current); //throw new Exception('User already logged in', 401); } @@ -740,6 +740,7 @@ $utopia->get('/v1/auth/oauth/:provider/redirect') ], ]) : $user; + if (empty($user)) { // No user logged in or with oauth provider ID, create new one or connect with account with same email $name = $oauth->getUserName($accessToken); $email = $oauth->getUserEmail($accessToken); diff --git a/public/images/oauth/google.png b/public/images/oauth/google.png index bcd5be41e..cd60f3a11 100644 Binary files a/public/images/oauth/google.png and b/public/images/oauth/google.png differ diff --git a/src/Auth/OAuth.php b/src/Auth/OAuth.php index ae9539fa4..ec1ae9eff 100644 --- a/src/Auth/OAuth.php +++ b/src/Auth/OAuth.php @@ -94,13 +94,15 @@ abstract class OAuth curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_USERAGENT, 'Console_OAuth_Agent'); - curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); if (!empty($payload)) { curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); } - // Send the request & save response to $resp + $headers[] = "Content-length: ".strlen($payload); + curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); + + // Send the request & save response to $response $response = curl_exec($ch); curl_close($ch); diff --git a/src/Auth/OAuth/Gitlab.php b/src/Auth/OAuth/Gitlab.php deleted file mode 100644 index 0f2da4ac9..000000000 --- a/src/Auth/OAuth/Gitlab.php +++ /dev/null @@ -1,121 +0,0 @@ -version.'/dialog/oauth?client_id='.urlencode($this->appID).'&redirect_uri='.urlencode($this->callback).'&scope=email&state='.urlencode(json_encode($this->state)); - } - - /** - * @param string $code - * - * @return string - */ - public function getAccessToken(string $code):string - { - $accessToken = $this->request('GET', 'https://graph.google.com/'.$this->version.'/oauth/access_token?'. - 'client_id='.urlencode($this->appID). - '&redirect_uri='.urlencode($this->callback). - '&client_secret='.urlencode($this->appSecret). - '&code='.urlencode($code) - ); - - $accessToken = json_decode($accessToken, true); // - - if (isset($accessToken['access_token'])) { - return $accessToken['access_token']; - } - - return ''; - } - - /** - * @param string $accessToken - * - * @return string - */ - public function getUserID(string $accessToken):string - { - $user = $this->getUser($accessToken); - - if (isset($user['id'])) { - return $user['id']; - } - - return ''; - } - - /** - * @param string $accessToken - * - * @return string - */ - public function getUserEmail(string $accessToken):string - { - $user = $this->getUser($accessToken); - - if (isset($user['email'])) { - return $user['email']; - } - - return ''; - } - - /** - * @param string $accessToken - * - * @return string - */ - public function getUserName(string $accessToken):string - { - $user = $this->getUser($accessToken); - - if (isset($user['name'])) { - return $user['name']; - } - - return ''; - } - - /** - * @param string $accessToken - * - * @return array - */ - protected function getUser(string $accessToken):array - { - if (empty($this->user)) { - $user = $this->request('GET', 'https://graph.google.com/'.$this->version.'/me?fields=email,name&access_token='.urlencode($accessToken)); - - $this->user = json_decode($user, true); - } - - return $this->user; - } -} diff --git a/src/Auth/OAuth/Google.php b/src/Auth/OAuth/Google.php index de4cd546a..252d629ab 100644 --- a/src/Auth/OAuth/Google.php +++ b/src/Auth/OAuth/Google.php @@ -9,8 +9,7 @@ class Google extends OAuth /** * @var string */ - protected $version = 'v2.8'; - + protected $version = 'v4'; /** * @var array */ @@ -19,7 +18,7 @@ class Google extends OAuth /** * @return string */ - public function getName():string + public function getName(): string { return 'google'; } @@ -27,9 +26,14 @@ class Google extends OAuth /** * @return string */ - public function getLoginURL():string + public function getLoginURL(): string { - return 'https://www.google.com/'.$this->version.'/dialog/oauth?client_id='.urlencode($this->appID).'&redirect_uri='.urlencode($this->callback).'&scope=email&state='.urlencode(json_encode($this->state)); + return 'https://accounts.google.com/o/oauth2/v2/auth?' . + 'client_id=' . urlencode($this->appID) . + '&redirect_uri=' . urlencode($this->callback) . + '&scope=https://www.googleapis.com/auth/userinfo.email+https://www.googleapis.com/auth/userinfo.profile' . + '&state=' . urlencode(json_encode($this->state)) . + '&response_type=code'; } /** @@ -37,16 +41,20 @@ class Google extends OAuth * * @return string */ - public function getAccessToken(string $code):string + public function getAccessToken(string $code): string { - $accessToken = $this->request('GET', 'https://graph.google.com/'.$this->version.'/oauth/access_token?'. - 'client_id='.urlencode($this->appID). - '&redirect_uri='.urlencode($this->callback). - '&client_secret='.urlencode($this->appSecret). - '&code='.urlencode($code) + $accessToken = $this->request( + 'POST', + 'https://www.googleapis.com/oauth2/' . $this->version . '/token?' . + 'code=' . urlencode($code) . + '&client_id=' . urlencode($this->appID) . + '&client_secret=' . urlencode($this->appSecret) . + '&redirect_uri=' . urlencode($this->callback) . + '&scope=' . + '&grant_type=authorization_code' ); - $accessToken = json_decode($accessToken, true); // + $accessToken = json_decode($accessToken, true); if (isset($accessToken['access_token'])) { return $accessToken['access_token']; @@ -60,7 +68,7 @@ class Google extends OAuth * * @return string */ - public function getUserID(string $accessToken):string + public function getUserID(string $accessToken): string { $user = $this->getUser($accessToken); @@ -76,7 +84,7 @@ class Google extends OAuth * * @return string */ - public function getUserEmail(string $accessToken):string + public function getUserEmail(string $accessToken): string { $user = $this->getUser($accessToken); @@ -92,7 +100,7 @@ class Google extends OAuth * * @return string */ - public function getUserName(string $accessToken):string + public function getUserName(string $accessToken): string { $user = $this->getUser($accessToken); @@ -108,14 +116,12 @@ class Google extends OAuth * * @return array */ - protected function getUser(string $accessToken):array + protected function getUser(string $accessToken): array { if (empty($this->user)) { - $user = $this->request('GET', 'https://graph.google.com/'.$this->version.'/me?fields=email,name&access_token='.urlencode($accessToken)); - + $user = $this->request('GET', 'https://www.googleapis.com/oauth2/v2/userinfo?access_token=' . urlencode($accessToken)); $this->user = json_decode($user, true); } - return $this->user; } }