ppoidc-8.x-1.2/src/Plugin/OpenIDConnectClientBase.php
src/Plugin/OpenIDConnectClientBase.php
<?php
namespace Drupal\pixelpin_openid_connect\Plugin;
use Drupal\Component\Plugin\PluginBase;
use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Logger\LoggerChannelFactory;
use Drupal\Core\Routing\TrustedRedirectResponse;
use Drupal\Core\Plugin\ContainerFactoryPluginInterface;
use Drupal\Core\Url;
use Drupal\pixelpin_openid_connect\StateToken;
use Exception;
use GuzzleHttp\ClientInterface;
use Symfony\Component\DependencyInjection\ContainerInterface;
use Symfony\Component\HttpFoundation\RequestStack;
use Drupal\Core\Language\LanguageInterface;
/**
* Base class for OpenID Connect client plugins.
*/
abstract class OpenIDConnectClientBase extends PluginBase implements OpenIDConnectClientInterface, ContainerFactoryPluginInterface {
/**
* The request stack used to access request globals.
*
* @var \Symfony\Component\HttpFoundation\RequestStack
*/
protected $requestStack;
/**
* The HTTP client to fetch the feed data with.
*
* @var \GuzzleHttp\ClientInterface
*/
protected $httpClient;
/**
* The logger factory used for logging.
*
* @var \Drupal\Core\Logger\LoggerChannelFactory
*/
protected $loggerFactory;
/**
* The constructor.
*
* @param array $configuration
* The plugin configuration.
* @param string $plugin_id
* The plugin identifier.
* @param mixed $plugin_definition
* The plugin definition.
* @param \Symfony\Component\HttpFoundation\RequestStack $request_stack
* The request stack.
* @param \GuzzleHttp\ClientInterface $http_client
* The http client.
* @param \Drupal\Core\Logger\LoggerChannelFactory $logger_factory
* The logger factory.
*/
public function __construct(
array $configuration,
$plugin_id,
$plugin_definition,
RequestStack $request_stack,
ClientInterface $http_client,
LoggerChannelFactory $logger_factory
) {
parent::__construct(
$configuration,
$plugin_id,
$plugin_definition
);
$this->requestStack = $request_stack;
$this->httpClient = $http_client;
$this->loggerFactory = $logger_factory;
}
/**
* {@inheritdoc}
*/
public static function create(
ContainerInterface $container,
array $configuration,
$plugin_id,
$plugin_definition
) {
return new static(
$configuration,
$plugin_id,
$plugin_definition,
$container->get('request_stack'),
$container->get('http_client'),
$container->get('logger.factory')
);
}
/**
* {@inheritdoc}
*/
public function buildConfigurationForm(array $form, FormStateInterface $form_state) {
$language_none = \Drupal::languageManager()
->getLanguage(LanguageInterface::LANGCODE_NOT_APPLICABLE);
$redirect_uri = Url::fromRoute(
'pixelpin_openid_connect.redirect_controller_redirect',
array(
'client_name' => 'pixelpin',
),
array(
'absolute' => TRUE,
'language' => $language_none,
)
)->toString(TRUE);
$form['client_id'] = array(
'#title' => t('Client ID'),
'#type' => 'textfield',
'#default_value' => $this->configuration['client_id'],
);
$form['client_secret'] = array(
'#title' => t('Client secret'),
'#type' => 'textfield',
'#maxlength' => 1024,
'#default_value' => $this->configuration['client_secret'],
);
$form['how_to'] = array(
'#markup' => t("<a href='https://developer.pixelpin.io/developeraccount.php' target='_blank'>How do i get my Client ID and Client Secret?</a>")
);
$form['redirect'] = array(
'#title' => t('Redirect URI'),
'#type' => 'textfield',
'#maxlength' => 1024,
'#default_value' => $redirect_uri->getGeneratedUrl(),
'#attributes' => array('disabled' => 'disabled'),
);
$form['notice'] = array(
'#markup' => t("<p><b>IMPORTANT: </b>After enabling the module and inputting your Client ID and Client Secret, you'll need to place the PixelPin login and registration blocks. A guide on how to do this can be found in our <a href='https://developer.pixelpin.io/drupal8.php#enabling' target='_blank'>Drupal 8 Plugin documentation</a></p>")
);
return $form;
}
/**
* {@inheritdoc}
*/
public function validateConfigurationForm(array &$form, FormStateInterface $form_state) {
// No need to do anything, but make the function have a body anyway
// so that it's callable by overriding methods.
}
/**
* {@inheritdoc}
*/
public function submitConfigurationForm(array &$form, FormStateInterface $form_state) {
// No need to do anything, but make the function have a body anyway
// so that it's callable by overriding methods.
}
/**
* Implements OpenIDConnectClientInterface::getEndpoints().
*/
public function getEndpoints() {
throw new Exception('Unimplemented method getEndpoints().');
}
/**
* Implements OpenIDConnectClientInterface::authorize().
*
* @param string $scope
* A string of scopes.
*
* @return \Drupal\Core\Routing\TrustedRedirectResponse
* A trusted redirect response object.
*/
public function authorize($scope = 'openid email profile address') {
$language_none = \Drupal::languageManager()
->getLanguage(LanguageInterface::LANGCODE_NOT_APPLICABLE);
$redirect_uri = Url::fromRoute(
'pixelpin_openid_connect.redirect_controller_redirect',
array(
'client_name' => 'pixelpin',
),
array(
'absolute' => TRUE,
'language' => $language_none,
)
)->toString(TRUE);
$url_options = array(
'query' => array(
'client_id' => $this->configuration['client_id'],
'response_type' => 'code',
'scope' => $scope,
'redirect_uri' => $redirect_uri->getGeneratedUrl(),
'state' => StateToken::create(),
),
);
$endpoints = $this->getEndpoints();
// Clear _GET['destination'] because we need to override it.
$this->requestStack->getCurrentRequest()->query->remove('destination');
$authorization_endpoint = Url::fromUri($endpoints['authorization'], $url_options)->toString(TRUE);
$response = new TrustedRedirectResponse($authorization_endpoint->getGeneratedUrl());
$response->addCacheableDependency($authorization_endpoint);
$response->addCacheableDependency($redirect_uri);
return $response;
}
/**
* Implements OpenIDConnectClientInterface::retrieveIDToken().
*
* @param string $authorization_code
* A authorization code string.
*
* @return array|bool
* A result array or false.
*/
public function retrieveTokens($authorization_code) {
// Exchange `code` for access token and ID token.
$language_none = \Drupal::languageManager()
->getLanguage(LanguageInterface::LANGCODE_NOT_APPLICABLE);
$redirect_uri = Url::fromRoute(
'pixelpin_openid_connect.redirect_controller_redirect',
array(
'client_name' => 'pixelpin',
),
array(
'absolute' => TRUE,
'language' => $language_none,
)
)->toString(TRUE);
$endpoints = $this->getEndpoints();
$request_options = array(
'form_params' => array(
'code' => $authorization_code,
'client_id' => $this->configuration['client_id'],
'client_secret' => $this->configuration['client_secret'],
'redirect_uri' => $redirect_uri->getGeneratedUrl(),
'grant_type' => 'authorization_code',
),
);
/* @var \GuzzleHttp\ClientInterface $client */
$client = $this->httpClient;
try {
$response = $client->post($endpoints['token'], $request_options);
$response_data = json_decode((string) $response->getBody(), TRUE);
// Expected result.
$tokens = array(
'id_token' => $response_data['id_token'],
'access_token' => $response_data['access_token'],
);
if (array_key_exists('expires_in', $response_data)) {
$tokens['expire'] = REQUEST_TIME + $response_data['expires_in'];
}
if (array_key_exists('refresh_token', $response_data)) {
$tokens['refresh_token'] = $response_data['refresh_token'];
}
return $tokens;
}
catch (Exception $e) {
$variables = array(
'@message' => 'Could not retrieve tokens',
'@error_message' => $e->getMessage(),
);
$this->loggerFactory->get('pixelpin_openid_connect_' . $this->pluginId)
->error('@message. Details: @error_message', $variables);
return FALSE;
}
}
/**
* Implements OpenIDConnectClientInterface::decodeIdToken().
*/
public function decodeIdToken($id_token) {
list($headerb64, $claims64, $signatureb64) = explode('.', $id_token);
$claims64 = str_replace(array('-', '_'), array('+', '/'), $claims64);
$claims64 = base64_decode($claims64);
return json_decode($claims64, TRUE);
}
/**
* Implements OpenIDConnectClientInterface::retrieveUserInfo().
*
* @param string $access_token
* An access token string.
*
* @return array|bool
* A result array or false.
*/
public function retrieveUserInfo($access_token) {
$request_options = array(
'headers' => array(
'Authorization' => 'Bearer ' . $access_token,
),
);
$endpoints = $this->getEndpoints();
$client = $this->httpClient;
try {
$response = $client->get($endpoints['userinfo'], $request_options);
$response_data = (string) $response->getBody();
return json_decode($response_data, TRUE);
}
catch (Exception $e) {
$variables = array(
'@message' => 'Could not retrieve user profile information',
'@error_message' => $e->getMessage(),
);
$this->loggerFactory->get('pixelpin_openid_connect_' . $this->pluginId)
->error('@message. Details: @error_message', $variables);
return FALSE;
}
}
}
