Viewing File: /usr/local/cpanel/whostmgr/docroot/cgi/ncssl/source/src/Service/OAuth/Provider.php

<?php

namespace App\Service\OAuth;

use App\Model\NamecheapUser;
use League\OAuth2\Client\Provider\AbstractProvider;
use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
use League\OAuth2\Client\Token\AccessToken;
use League\OAuth2\Client\Token\AccessTokenInterface;
use League\OAuth2\Client\Tool\BearerAuthorizationTrait;
use Psr\Http\Message\ResponseInterface;

class Provider extends AbstractProvider
{
    use BearerAuthorizationTrait;
    public const SESSION_LAST_TAB_PARAMETER = 'SESSION_LAST_TAB_PARAMETER';
    private const OAUTH2_CALLBACK_URL_PATTERN = '%s%s%s%s?%s%s';
    public const SESSION_REDIRECT_PARAMETER = 'r';
    public string $replacedRedirectUri;
    public string $authHost;

    public function getBaseAuthorizationUrl(): string
    {
        return $this->authHost . '/connect/authorize';
    }

    public function getBaseAccessTokenUrl(array $params = []): string
    {
        return $this->authHost . '/connect/token';
    }

    public function getResourceOwnerDetailsUrl(AccessToken $token): string
    {
        return $this->authHost . '/connect/userinfo';
    }

    public function getDefaultScopes(): array
    {
        return ['openid', 'email', 'profile', 'offline_access'];
    }

    public function getAccessToken($grant, array $options = []): AccessTokenInterface
    {
        $this->setRedirectUri();
        return parent::getAccessToken($grant, $options); // TODO: Change the autogenerated stub
    }

    private function setRedirectUri(array $options = []): void
    {
        if (PHP_SAPI != 'cli') {
            $this->redirectUri = self::prepareOAuth2CallbackUrl($this->replacedRedirectUri, [
                'p' => 'oauth/callback',
                'r' => 'lists.created',
            ]);
        }
    }

    public function getAuthorizationUrl(array $options = []): string
    {
        $this->setRedirectUri($options);

        return parent::getAuthorizationUrl($options);
    }

    private static function prepareOAuth2CallbackUrl(string $proxyPageUrlRedirect, array $params = []): string
    {
        $lastTab = !empty($_COOKIE[self::SESSION_LAST_TAB_PARAMETER]) ?
            sprintf('&%s=%s', self::SESSION_REDIRECT_PARAMETER, $_COOKIE[self::SESSION_LAST_TAB_PARAMETER]) :
            '';

        return $proxyPageUrlRedirect . urlencode(sprintf(static::OAUTH2_CALLBACK_URL_PATTERN,
                empty($_SERVER['HTTPS']) ? 'http://' : 'https://',
                empty($_SERVER['HTTP_HOST']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST'],
                !empty($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] != 80 && $_SERVER['SERVER_PORT'] != 443 ? ':' . $_SERVER['SERVER_PORT'] : '',
                $_SERVER['SCRIPT_NAME'],
                http_build_query($params),
                $lastTab
            ));
    }

    protected function getScopeSeparator(): string
    {
        return ' ';
    }

    protected function checkResponse(ResponseInterface $response, $data): bool
    {
        if ($response->getReasonPhrase() == 'OK') {
            return true;
        }

        throw new IdentityProviderException($response->getReasonPhrase(), $response->getStatusCode(), $response);
    }

    protected function createResourceOwner(array $response, AccessToken $token): NamecheapUser
    {
        return new NamecheapUser($response, $token);
    }
}