Merge branch 'release/2.1.0'

CHANGELOG.md

@@ -1,3 +1,18 @@
+# v2.1.0
+## 05/13/2021
+
+1. [](#new)
+   * Require **Grav 1.7.0**
+   * Added configuration option to require existing Grav user
+   * Assign OAuth2 to existing user [#35](https://github.com/trilbymedia/grav-plugin-login-oauth2/issues/35)
+1. [](#improved)
+   * Code improvements and updates
+   * Only enable configured oauth2 providers
+1. [](#bugfix)
+    * Google: non-hosted google accounts cannot be used [#25](https://github.com/trilbymedia/grav-plugin-login-oauth2/issues/25)
+    * Fixed missing translations in the template file [#37](https://github.com/trilbymedia/grav-plugin-login-oauth2/pull/37)
+    * Fixed login buttons exceeding available width on mobile screens [#31](https://github.com/trilbymedia/grav-plugin-login-oauth2/pull/31)
+
 # v2.0.5
 ## 12/02/2020
 
@@ -30,7 +45,7 @@
 ## 04/28/2019
 
 1. [](#bugfix)
-    * Fixed login verison requirements (`~3.0`) [#17](https://github.com/trilbymedia/grav-plugin-login-oauth2/issues/17)
+    * Fixed login version requirements (`~3.0`) [#17](https://github.com/trilbymedia/grav-plugin-login-oauth2/issues/17)
 
 # v2.0.0
 ## 04/26/2019

README.md

@@ -72,12 +72,13 @@ enabled: true
 
 built_in_css: true
 button_style: row
+require_grav_user: false
 save_grav_user: false
 store_provider_data: true
 default_access_levels:
   access:
     site:
-      login: 'true'
+      login: true
 default_groups:
 
 providers:
@@ -175,9 +176,10 @@ admin:
 |enabled|Enables the plugin | [default: `true`] \| `false`|
 |built_in_css|Enables the plugin-provided CSS to be loaded| [default: `true`] \| `false`|
 |button_style|If you want to provide your own custom CSS, feel free to disable the CSS provided by the plugin| [default: `row`] \| `square`|
-|save_grav_user|Store the grav user account as a local YAML account | true \| [default: `false`] |
-|store_provider_data|If storing a local Grav user, you can also store OAuth2 Provider data so its available in Grav| true \| [default: `false`] |
-|default_access_levels.access|You can find more information on access levels in the https://learn.getgrav.org/advanced/groups-and-permissions#permissions|[default: `site: { login: 'true' }`]|
+|require_grav_user|Allow oauth login only for existing users | `true` \| [default: `false`] |
+|save_grav_user|Store the grav user account as a local YAML account | `true` \| [default: `false`] |
+|store_provider_data|If storing a local Grav user, you can also store OAuth2 Provider data so its available in Grav| `true` \| [default: `false`] |
+|default_access_levels.access|You can find more information on access levels in the https://learn.getgrav.org/advanced/groups-and-permissions#permissions|[default: `site: { login: true }`]|
 |default_groups| You can find more information on access levels in the https://learn.getgrav.org/advanced/groups-and-permissions#permissions|[default: `[]`]|
 
 
@@ -285,10 +287,10 @@ For admin logins to be useful, you need to ensure you set `store_grav_user: true
 ```yaml
   access:
     admin:
-      login: 'true'
-      super: 'true'
+      login: true
+      super: true
     site:
-      login: 'true'
+      login: true
 ```
 
 Of course adjust this `access.admin:` settings to whatever you need, but **NEVER** set this in the `default_access_levels:` setting for the plugin, or every user will have admin access.  You want to maintain control over who can access and who can't, especially those logging in with OAuth2 providers as there is no control over 'who' can sign in.

blueprints.yaml

@@ -1,7 +1,7 @@
 name: Login OAuth2
 type: login-oauth2
 slug: form
-version: 2.0.5
+version: 2.1.0
 description: OAuth2 Client Plugin to integrate with Grav's Login
 icon: plug
 author:
@@ -13,7 +13,8 @@ bugs: https://github.com/trilbymedia/grav-plugin-login-oauth2/issues
 docs: https://github.com/trilbymedia/grav-plugin-login-oauth2/blob/develop/README.md
 license: MIT
 dependencies:
-  - { name: login, version: '>=3.3.2' }
+  - { name: grav, version: '>=1.7.0' }
+  - { name: login, version: '>=3.4' }
 
 form:
   validation: strict
@@ -77,10 +78,22 @@ form:
                 row: Horizontal Row
                 square: Square Block
 
+            require_grav_user:
+              type: toggle
+              label: PLUGIN_LOGIN_OAUTH2.REQUIRE_GRAV_USER
+              help: PLUGIN_LOGIN_OAUTH2.REQUIRE_GRAV_USER_DESC
+              highlight: 0
+              default: 0
+              options:
+                1: Enabled
+                0: Disabled
+              validate:
+                type: bool
+
             save_grav_user:
               type: toggle
               label: PLUGIN_LOGIN_OAUTH2.SAVE_GRAV_USER
-              help: Get up shitSAVE_GRAV_USER_DESC
+              help: PLUGIN_LOGIN_OAUTH2.SAVE_GRAV_USER_DESC
               highlight: 0
               default: 0
               options:

classes/OAuth2.php

@@ -1,69 +1,84 @@
 <?php
+
 namespace Grav\Plugin\Login\OAuth2;
 
 use Grav\Common\Grav;
 
 class OAuth2
 {
+    /** @var array */
     protected $config;
+    /** @var array */
     protected $providers = [];
+    /** @var bool */
     protected $admin;
 
+    /**
+     * OAuth2 constructor.
+     * @param bool $admin
+     */
     public function __construct($admin = false)
     {
-        $this->config = Grav::instance()['config']->get('plugins.login-oauth2');
-        $this->admin = $admin;
+        $this->config = (array)(Grav::instance()['config']->get('plugins.login-oauth2') ?? []);
+        $this->admin = (bool)$admin;
     }
 
-    public function getConfig()
+    public function getConfig(): array
     {
         return $this->config;
     }
 
-    public function isAdmin()
+    public function isAdmin(): bool
     {
         return $this->admin;
     }
 
-    public function addEnabledProviders()
+    public function addEnabledProviders(): void
     {
         if ($this->admin) {
-            $providers = isset($this->config['admin']['providers']) ? (array)$this->config['admin']['providers'] : [];
+            $providers = (array)($this->config['admin']['providers'] ?? []);
         } else {
-            $providers = isset($this->config['providers']) ? (array)$this->config['providers'] : [];
+            $providers = (array)($this->config['providers'] ?? []);
         }
 
         foreach ($providers as $provider => $options) {
-            if ($options['enabled']) {
+            $enabled = $options['enabled'] ?? false;
+            $client_id = $options['client_id'] ?? false;
+            if ($enabled && $client_id) {
                 $this->addProvider($provider, $options);
             }
         }
     }
 
-    public function addProvider($provider = null, $options = null)
+    /**
+     * @param string $provider
+     * @param array|null $options
+     */
+    public function addProvider(string $provider, array $options = null): void
     {
         $this->providers[$provider] = $options;
     }
 
-    public function getProviders()
+    public function getProviders(): array
     {
         return $this->providers;
     }
 
-    public function getProviderOptions($provider)
+    /**
+     * @param string $provider
+     * @return mixed|null
+     */
+    public function getProviderOptions(string $provider)
     {
-        if (isset($this->providers[$provider])) {
-            return $this->providers[$provider];
-        } else {
-            return null;
-        }
+        return $this->providers[$provider] ?? null;
     }
 
-    public function isValidProvider($provider)
+    /**
+     * @param string $provider
+     * @return bool
+     */
+    public function isValidProvider(string $provider): bool
     {
-        if (in_array($provider, array_keys($this->providers),true)) {
-            return true;
-        }
-        return false;
+        return array_key_exists($provider, $this->providers);
     }
 }

classes/ProviderFactory.php

@@ -1,4 +1,5 @@
 <?php
+
 namespace Grav\Plugin\Login\OAuth2;
 
 use Grav\Plugin\Login\OAuth2\Providers\ProviderInterface;
@@ -10,12 +11,17 @@ class ProviderFactory
      * @param array $options
      * @return ProviderInterface
      */
-    public static function create($provider, array $options = [])
+    public static function create($provider, array $options = []): ProviderInterface
     {
         $provider_classname = 'Grav\\Plugin\\Login\\OAuth2\\Providers\\' . ucfirst($provider) . 'Provider';
 
+        if (!class_exists($provider_classname)) {
+            throw new \RuntimeException('Invalid OAuth2 provider');
+        }
+
         $class = new $provider_classname();
         $class->initProvider($options);
+
         return $class;
     }
 }

classes/Providers/BaseProvider.php

@@ -1,15 +1,19 @@
 <?php
+
 namespace Grav\Plugin\Login\OAuth2\Providers;
 
 use Grav\Common\Data\Data;
 use Grav\Common\Grav;
 use Grav\Common\Utils;
 use League\OAuth2\Client\Provider\AbstractProvider;
+use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
 use League\OAuth2\Client\Provider\ResourceOwnerInterface;
 use League\OAuth2\Client\Token\AccessToken;
+use League\OAuth2\Client\Token\AccessTokenInterface;
 
 abstract class BaseProvider implements ProviderInterface
 {
+    /** @var string */
     const CALLBACK_URI = '/task:callback.oauth2';
 
     /** @var string */
@@ -20,9 +24,9 @@ abstract class BaseProvider implements ProviderInterface
     protected $provider;
     /** @var string */
     protected $state;
-    /** @var stdClass */
+    /** @var AccessTokenInterface */
     protected $token;
-
+    /** @var Data */
     protected $config;
 
     /**
@@ -40,25 +44,24 @@ public function __construct()
      *
      * @param array $options
      */
-    public function initProvider(array $options)
+    public function initProvider(array $options): void
     {
-        $options['redirectUri'] = $this->getCallbackUri();
+        $options['redirectUri'] = self::getCallbackUri();
         $this->provider = new $this->classname($options);
     }
 
-
     /**
      * @return string
      */
-    public function getName()
+    public function getName(): string
     {
         return $this->name;
     }
 
     /**
      * @return string
      */
-    public function getState()
+    public function getState(): string
     {
         return $this->state;
     }
@@ -67,7 +70,7 @@ public function getState()
      * @param string $state
      * @return $this
      */
-    public function setState($state)
+    public function setState(string $state)
     {
         $this->state = $state;
 
@@ -77,18 +80,22 @@ public function setState($state)
     /**
      * @return AbstractProvider
      */
-    public function getProvider()
+    public function getProvider(): AbstractProvider
     {
         return $this->provider;
     }
 
-    public static function getCallbackUri($admin = 'auto')
+    /**
+     * @param string $admin
+     * @return string
+     */
+    public static function getCallbackUri(string $admin = 'auto'): string
     {
         if ($admin === 'auto') {
             $admin = Grav::instance()['oauth2']->isAdmin();
         }
 
-        $callback_uri = ((bool) $admin ? Grav::instance()['config']->get('plugins.admin.route', '') : '') . static::CALLBACK_URI;
+        $callback_uri = ($admin ? Grav::instance()['config']->get('plugins.admin.route', '') : '') . static::CALLBACK_URI;
 
         $base_url = rtrim(Grav::instance()['uri']->rootUrl(true), '/');
 
@@ -98,13 +105,15 @@ public static function getCallbackUri($admin = 'auto')
     /**
      * Requests an access token using a specified grant and option set.
      *
-     * @param  mixed $grant
-     * @param  array $options
-     * @return AccessToken
+     * @param mixed $grant
+     * @param array $options
+     * @return AccessTokenInterface
+     * @throws IdentityProviderException
      */
-    public function getAccessToken($grant, array $options = [])
+    public function getAccessToken($grant, array $options = []): AccessTokenInterface
     {
         $this->token = $this->provider->getAccessToken($grant, $options);
+
         return $this->token;
     }
 
@@ -114,7 +123,7 @@ public function getAccessToken($grant, array $options = [])
      * @param  AccessToken $token
      * @return ResourceOwnerInterface
      */
-    public function getResourceOwner(AccessToken $token)
+    public function getResourceOwner(AccessToken $token): ResourceOwnerInterface
     {
         return $this->provider->getResourceOwner($token);
     }