Jump to content

OAuth Login with Google


unplugged_web

Recommended Posts

I've been asked to add extra security to our site. We're using Google to login people in and currently this is the security we have:
$googleService = $serviceFactory->createService('google', $credentials, $storage, array('userinfo_email', 'userinfo_profile'));$app->get('/login', function () use ($app, $googleService) {if($app['session']->get('userinfo')) {return new RedirectResponse('/');}return $app['twig']->render('login.twig', array('login_url' => $googleService->getAuthorizationUri()->__toString(),'user'      => $app['session']->get('userinfo'),));});

and
$app->match('/auth/callback', function (Request $request) use ($app, $googleService) {// This was a callback request from google, get the token$googleService->requestAccessToken($request->get('code'));// Send a request with it$user = json_decode($googleService->request('https://www.googleapis.com/oauth2/v1/userinfo'), true);if (substr($user['email'],-11)==='@domain.com' || $user['email']==='web@anotherdomain.com') {$user['logged_in_date'] = date('Y-m-d');$app['session']->set('userinfo', $user);$log = new UserLoggedinLog();$log->setEmail($user['email']);$log->setDate(time());$log->save();} else {$message = Swift_Message::newInstance()->setSubject('Site :: unauthorized login')->setFrom(array('server@domain.com' => 'robot'))->setTo(array('admin@domain.com','web@domain.com'))->setBody(sprintf("The following email [%s] tried to login from IP [%s]", $user['email'], $request->getClientIp()));$app['mailer']->send($message);}return $app->redirect('/');});
Is there a way to set the email addresses/users that can log in? So if a member of staff leaves they can be prevent from logging in immediately? 

I've built a database table with all of the 'allowed' users in it but I didn't know if there was a way of getting Google login to check that and then only allow somebody if they're in the database?
Edited by thehappyappy
Link to comment
Share on other sites

If that google allows that else you'll need to code it . My guess is that you'll need to code it.

Link to comment
Share on other sites

At a minimum you'd have to add a value to whatever you're using to regulate a user's session.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...