-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathcypress-session.php
102 lines (74 loc) · 3 KB
/
cypress-session.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
<?php
// this allows us to pass a username/password credential
// and # to auth0 using these credentials
// in the background
use Auth0\SDK\API\Authentication;
use Auth0\SDK\Auth0;
use Auth0\SDK\Exception\StateException;
use Auth0\SDK\Utility\HttpResponse;
include 'library/lib/session.php';
header('Content-type:application/json;charset=utf-8');
$hostName = @parse_url('http://'.$_SERVER['HTTP_HOST'], PHP_URL_HOST);
if ('localhost' !== $hostName && 'staging.boxtribute.org' !== $hostName) {
echo json_encode(['success' => false]);
return;
}
// extracted from Auth0 client source
// https://docs.cypress.io/guides/testing-strategies/auth0-authentication#Adapting-the-front-end and
// https://auth0.com/blog/end-to-end-testing-with-cypress-and-auth0/
// otherwise doesn't seem to work for a PHP server-side scenario vs react SPA
// as the client won't process access_token automatically
// u need to enable grant Type "Password in your Auth0 application for this to work.
$auth0 = getAuth0($settings);
// Authentication instance
$auth = getAuth0Authentication($settings);
if (isset($_POST['logout'])) {
$auth0->logout();
echo json_encode(['success' => true]);
exit;
}
if (!isset($_POST['email']) || !isset($_POST['password'])) {
echo json_encode(['success' => false]);
return;
}
$response = $auth->loginWithDefaultDirectory(
$_POST['email'],
$_POST['password'],
['scope' => 'openid profile email']
);
if (!HttpResponse::wasSuccessful($response)) {
echo json_encode(['success' => false]);
return;
}
$oauth_token = HttpResponse::decodeContent($response);
if (!isset($oauth_token['access_token']) || !$oauth_token['access_token']) {
$auth0->clear();
throw StateException::badAccessToken();
}
$auth0->setAccessToken($oauth_token['access_token']);
if (isset($oauth_token['scope'])) {
$auth0->setAccessTokenScope(explode(' ', $oauth_token['scope']));
}
if (isset($oauth_token['refresh_token'])) {
$auth0->setRefreshToken($oauth_token['refresh_token']);
}
if (isset($oauth_token['id_token'])) {
$auth0->setIdToken($oauth_token['id_token']);
// this is removed to resolve "Nonce (nonce) claim must be a string present in the token"
// related to https://sentry.io/organizations/boxwise/issues/2956621368/events/3c27d970d0fc4b9d9672d7ef0d2c3554/
// $user = $auth0->decode($oauth_token['id_token'])->toArray();
}
if (isset($oauth_token['expires_in']) && is_numeric($oauth_token['expires_in'])) {
$expiresIn = time() + (int) $oauth_token['expires_in'];
$auth0->setAccessTokenExpiration($expiresIn);
}
if (null === $user || true === $auth0->configuration()->getQueryUserInfo()) {
$response = $auth0->authentication()->userInfo($oauth_token['access_token']);
if (HttpResponse::wasSuccessful($response)) {
$user = HttpResponse::decodeContent($response);
} else {
throw new Exception($response->getReasonPhrase(), $response->getStatusCode());
}
}
$auth0->setUser($user ?? []);
echo json_encode(['success' => true, 'user' => $user]);