X-Git-Url: https://feistymeow.org/gitweb/?a=blobdiff_plain;f=production%2Fexample_apps%2Fshared_calendar%2Fsrc%2FController%2FAuthorizerController.php;fp=production%2Fexample_apps%2Fshared_calendar%2Fsrc%2FController%2FAuthorizerController.php;h=5ae438692be49681e9267c1254f56339f071e726;hb=34d1cb2e8687b826357db1d3821bf9e05cf6f13d;hp=0000000000000000000000000000000000000000;hpb=21f30bb859e6c15393e23ac0e5ef417b82f628a5;p=feisty_meow.git

diff --git a/production/example_apps/shared_calendar/src/Controller/AuthorizerController.php b/production/example_apps/shared_calendar/src/Controller/AuthorizerController.php
new file mode 100644
index 00000000..5ae43869
--- /dev/null
+++ b/production/example_apps/shared_calendar/src/Controller/AuthorizerController.php
@@ -0,0 +1,83 @@
+<?php
+namespace App\Controller;
+
+use App\Controller\AppController;
+use Cake\Log\Log;
+use App\Traits\GoogleOauthTrait;
+
+/**
+ * Authorizer Controller
+ * 
+ * This controller provides an entry point for authorization processes.
+ * So far this is just for Google's OAuth 2.0.
+ */
+class AuthorizerController extends AppController
+{
+	use GoogleOauthTrait;
+	
+	/*
+	 * Routing note:
+	 * 
+	 * This controller will provide a link for /authorizer/google_login where the oauth
+	 * process can come back to our application from google.  To make your client secret setup
+	 * simpler, add a route at the top level like so:
+	 * 	 $routes->connect('/google_oauth', [ 'controller'=>'authorizer', 'action' => 'google_login']);
+	 */
+	
+	public function initialize()
+	{
+		parent::initialize();
+	}
+	
+	/**
+	 * our callback from google oauth that is passed the oauth access token (or an error
+	 * if authorization failed).
+	 * before redirecting to this URL, one must use the GoogleOauth trait's
+	 * setPostAuthorizationURL() and setRequestedScopes() methods to provide session
+	 * parameters (since this link is invoked by google later, and they will not be
+	 * providing any of this info).
+	 */
+	public function googleLogin() {
+		if (session_status() == PHP_SESSION_NONE) {
+			session_start ();
+		}
+		
+		// retrieve the scopes out of the session.
+		$scopes = $this->getRequestedScopes();
+		Log::debug('loaded scopes: ' . var_export($scopes, true));
+		
+		// use the scopes in a new google client.
+		$client = $this->createGoogleClient ( $scopes );		
+		
+		// see if we already have the 'code' available from the google side.
+		if (! isset ( $_GET ['code'] )) {
+			// no code, so we need to jump over to google.
+			Log::Debug ( 'creating auth url to redirect to google oauth' );
+			$auth_url = $client->createAuthUrl ();
+			$this->redirect ( $auth_url );
+		} else {						
+			// we've got our code, so now we can try to fetch our access token.
+			Log::Debug ( 'access token being actively acquired...' );
+			$client->fetchAccessTokenWithAuthCode ( $_GET ['code'] );
+			// clean out the scopes in session now that we're done with them.
+			$this->dropRequestedScopes();
+			
+			// record the new token in our session.
+			$token = $client->getAccessToken ();
+			$this->setLastOAuthToken($token);
+			
+			// fabulously bad idea to show this...
+			//Log::debug ( 'got access token: ' . var_export ( $token, true ) );			
+						
+			// go to the next point in our app where we can handle the newly stored token.
+			$redirect =  $this->getPostAuthorizationURL();
+			if (! $redirect) {
+				// jump home if they registered no continuation.  this is a serious error in flow.
+				$redirect = 'http://' . $_SERVER ['HTTP_HOST'] . '/';
+				Log::debug('failure to find the redirection location for our app after successful oauth');
+			}
+			$this->redirect ( $redirect );
+		}
+	}
+	
+}