input('provider') == 'google') { return $this->handleGoogleOauth(); } if ($request->input('provider') == 'microsoft') { return $this->handleMicrosoftOauth($request); } return response() ->json(['message' => 'Provider not supported'], 400) ->header('X-App-Version', config('ninja.app_version')) ->header('X-Api-Version', config('ninja.minimum_client_version')); } private function handleMicrosoftOauth($request) { $access_token = false; $access_token = $request->has('access_token') ? $request->input('access_token') : $request->input('accessToken'); if (!$access_token) { return response()->json(['message' => 'No access_token parameter found!'], 400); } $graph = new \Microsoft\Graph\Graph(); $graph->setAccessToken($access_token); $user = $graph->createRequest("GET", "/me") ->setReturnType(Model\User::class) ->execute(); if ($user) { $email = $user->getUserPrincipalName() ?? false; nlog("microsoft"); nlog($email); if (auth()->user()->email != $email && MultiDB::checkUserEmailExists($email)) { return response()->json(['message' => ctrans('texts.email_already_register')], 400); } $connected_account = [ 'email' => $email, 'oauth_user_id' => $user->getId(), 'oauth_provider_id' => 'microsoft', 'email_verified_at' =>now() ]; auth()->user()->update($connected_account); auth()->user()->email_verified_at = now(); auth()->user()->save(); $this->setLoginCache(auth()->user()); return $this->itemResponse(auth()->user()); } return response() ->json(['message' => ctrans('texts.invalid_credentials')], 401) ->header('X-App-Version', config('ninja.app_version')) ->header('X-Api-Version', config('ninja.minimum_client_version')); } private function handleGoogleOauth() { $user = false; $google = new Google(); $user = $google->getTokenResponse(request()->input('id_token')); if ($user) { $client = new Google_Client(); $client->setClientId(config('ninja.auth.google.client_id')); $client->setClientSecret(config('ninja.auth.google.client_secret')); $client->setRedirectUri(config('ninja.app_url')); $refresh_token = ''; $token = ''; $email = $google->harvestEmail($user); if (auth()->user()->email != $email && MultiDB::checkUserEmailExists($email)) { return response()->json(['message' => ctrans('texts.email_already_register')], 400); } $connected_account = [ 'email' => $email, 'oauth_user_id' => $google->harvestSubField($user), 'oauth_provider_id' => 'google', 'email_verified_at' =>now(), ]; auth()->user()->update($connected_account); auth()->user()->email_verified_at = now(); auth()->user()->save(); $this->setLoginCache(auth()->user()); return $this->itemResponse(auth()->user()); } return response() ->json(['message' => ctrans('texts.invalid_credentials')], 401) ->header('X-App-Version', config('ninja.app_version')) ->header('X-Api-Version', config('ninja.minimum_client_version')); } public function handleGmailOauth(Request $request) { $user = false; $google = new Google(); $user = $google->getTokenResponse($request->input('id_token')); if ($user) { $client = new Google_Client(); $client->setClientId(config('ninja.auth.google.client_id')); $client->setClientSecret(config('ninja.auth.google.client_secret')); $client->setRedirectUri(config('ninja.app_url')); $token = $client->authenticate($request->input('server_auth_code')); $refresh_token = ''; if (array_key_exists('refresh_token', $token)) { $refresh_token = $token['refresh_token']; } $connected_account = [ 'email' => $google->harvestEmail($user), 'oauth_user_id' => $google->harvestSubField($user), // 'oauth_user_token' => $token, // 'oauth_user_refresh_token' => $refresh_token, 'oauth_provider_id' => 'google', // 'email_verified_at' =>now(), ]; if (auth()->user()->email != $google->harvestEmail($user)) { return response()->json(['message' => 'Primary Email differs to OAuth email. Emails must match.'], 400); } auth()->user()->update($connected_account); auth()->user()->email_verified_at = now(); auth()->user()->oauth_user_token = $token; auth()->user()->oauth_user_refresh_token = $refresh_token; auth()->user()->save(); $this->activateGmail(auth()->user()); return $this->itemResponse(auth()->user()); } return response() ->json(['message' => ctrans('texts.invalid_credentials')], 401) ->header('X-App-Version', config('ninja.app_version')) ->header('X-Api-Version', config('ninja.minimum_client_version')); } private function activateGmail(User $user) { $company = $user->company(); $settings = $company->settings; if ($settings->email_sending_method == 'default') { $settings->email_sending_method = 'gmail'; $settings->gmail_sending_user_id = (string) $user->hashed_id; $company->settings = $settings; $company->save(); } } }