I have been trying to get Opauth to pass params in a sane way to Yii-User. Here is the extension git repos for which ones I am using:
Opauth (via Yii Framework module) with updated libs from official Opauth repo
Yii-User Module repo
I have gotten proper array from Opauth showing my Google account information directly on the page after modifying the Callback controller for Opauth.
Here’s the code in the Callback controller:
class CallbackController extends Controller {
public $defaultAction = 'callback';
public function actionCallBack() {
if ( $this->module->getConfig() ) {
/**
* Instantiate Opauth with the loaded config but no run automatically
* Only create Opauth if one is not already there
*/
if (!$this->module->getOpauth()) {
$this->module->setOpauth (new Opauth($this->module->getConfig(), false));
$Opauth = $this->module->getOpauth();
} else {
$Opauth = $this->module->getOpauth();
}
/**
* Fetch auth response, based on transport configuration for callback
*/
$response = null;
switch($Opauth->env['callback_transport']) {
case 'session':
session_start();
$response = $_SESSION['opauth'];
unset($_SESSION['opauth']);
break;
case 'post':
$response = unserialize(base64_decode( $_POST['opauth'] ));
break;
case 'get':
$response = unserialize(base64_decode( $_GET['opauth'] ));
break;
default:
echo 'Error: Unsupported callback_transport.'."
\n";
break;
}
/**
* Check if it's an error callback
*/
if (array_key_exists('error', $response)) {
echo 'Authentication error: Opauth returns error auth response.'."
\n";
}
/**
* Auth response validation
*
* To validate that the auth response received is unaltered, especially auth response that
* is sent through GET or POST.
*/
else{
if (empty($response['auth']) || empty($response['timestamp']) || empty($response['signature']) || empty($response['auth']['provider']) || empty($response['auth']['uid'])) {
echo 'Invalid auth response: Missing key auth response components.'."
\n";
} elseif (!$Opauth->validate(sha1(print_r($response['auth'], true)), $response['timestamp'], $response['signature'], $reason)) {
echo 'Invalid auth response: '.$reason.".
\n";
} else {
echo 'OK: Auth response is validated.'."
\n";
/**
* It's all good. Go ahead with your application-specific authentication logic
*/
$Opauth->response = $response;
Yii::app()->getModule('opauth')->setOpauth($Opauth);
$this->redirect(Yii::app()->getModule('user')->returnUrl);
}
}
} else {
echo 'No configuration loaded!';
}
}
}
I have tried saving the response to the module (shown at the end of the controller) directly but this doesn’t work — I think the module class gets created every run. I am unsure how to move the response directly into the yii-user module.
Edit: I am trying something like this in the Callback controller:
$identity = new UserIdentity($response); if ($identity->authenticate()) { Yii::app()->user->login($identity); $this->redirect('/'); } else { $this->redirect(Yii::app()->getModule('user')->returnUrl); }For the $identity->authenticate(), I have this:
public function authenticate() { if (strpos($this->username,"@")) { $user=User::model()->notsafe()->findByAttributes(array('email'=>$this->username)); } else { $user=User::model()->notsafe()->findByAttributes(array('username'=>$this->username)); } if($user===null) if (strpos($this->username,"@")) { $this->errorCode=self::ERROR_EMAIL_INVALID; } else { $this->errorCode=self::ERROR_USERNAME_INVALID; } //else if(Yii::app()->getModule('user')->encrypting($this->password)!==$user->password) // $this->errorCode=self::ERROR_PASSWORD_INVALID; else if($user->status==0&&Yii::app()->getModule('user')->loginNotActiv==false) $this->errorCode=self::ERROR_STATUS_NOTACTIV; else if($user->status==-1) $this->errorCode=self::ERROR_STATUS_BAN; else { $this->_id=$user->id; $this->username=$user->username; $this->errorCode=self::ERROR_NONE; } return !$this->errorCode; }
Here’s what I did to get this part to work: