e3cb2675dd
All checks were successful
Build MapleDeploy Coolify Image / build (push) Successful in 1m26s
54 lines
1.7 KiB
PHP
54 lines
1.7 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Controllers;
|
|
|
|
use App\Models\User;
|
|
use Illuminate\Support\Facades\Auth;
|
|
use Symfony\Component\HttpKernel\Exception\HttpException;
|
|
|
|
class OauthController extends Controller
|
|
{
|
|
public function redirect(string $provider)
|
|
{
|
|
$socialite_provider = get_socialite_provider($provider);
|
|
|
|
return $socialite_provider->redirect();
|
|
}
|
|
|
|
public function callback(string $provider)
|
|
{
|
|
try {
|
|
$oauthUser = get_socialite_provider($provider)->user();
|
|
$email = trim((string) $oauthUser->email);
|
|
if ($email === '') {
|
|
abort(403, 'OAuth provider did not return an email address');
|
|
}
|
|
$email = strtolower($email);
|
|
$user = User::whereEmail($email)->first();
|
|
// MapleDeploy branding: dashboard revocation scrambles passwords,
|
|
// clears sessions, and marks the user so email-matched OAuth cannot
|
|
// reopen access.
|
|
if ($user?->isMapledeployRevoked()) {
|
|
abort(403, 'User access has been revoked');
|
|
}
|
|
if (! $user) {
|
|
$settings = instanceSettings();
|
|
if (! $settings->is_registration_enabled) {
|
|
abort(403, 'Registration is disabled');
|
|
}
|
|
|
|
$user = User::create([
|
|
'name' => $oauthUser->name,
|
|
'email' => $email,
|
|
]);
|
|
}
|
|
Auth::login($user);
|
|
|
|
return redirect('/');
|
|
} catch (\Exception $e) {
|
|
$errorCode = $e instanceof HttpException ? 'auth.failed' : 'auth.failed.callback';
|
|
|
|
return redirect()->route('login')->withErrors([__($errorCode)]);
|
|
}
|
|
}
|
|
}
|