Duo/Provider.php at master · SocialiteProviders/Duo · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
<?php

namespace SocialiteProviders\Duo;

use GuzzleHttp\RequestOptions;
use Illuminate\Support\Arr;
use Illuminate\Support\Str;
use InvalidArgumentException;
use SocialiteProviders\Manager\OAuth2\AbstractProvider;
use SocialiteProviders\Manager\OAuth2\User;

class Provider extends AbstractProvider
{
    public const IDENTIFIER = 'DUO';

    protected $scopes = ['openid', 'profile', 'email'];

    protected $scopeSeparator = ' ';

    public static function additionalConfigKeys(): array
    {
        return ['domain'];
    }

    /**
     * {@inheritdoc}
     */
    protected function getAuthUrl($state): string
    {
        return $this->buildAuthUrlFromBase($this->getDuoUrl('/oauth2/v1/authorize'), $state);
    }

    /**
     * {@inheritdoc}
     */
    protected function getTokenUrl(): string
    {
        return $this->getDuoUrl('/oauth2/v1/token');
    }

    /**
     * {@inheritdoc}
     */
    protected function getUserByToken($token): array
    {
        $response = $this->getHttpClient()->get($this->getDuoUrl('/oauth2/v1/userinfo'), [
            RequestOptions::HEADERS => [
                'Authorization' => 'Bearer '.$token,
            ],
        ]);

        return json_decode((string) $response->getBody(), true);
    }

    /**
     * {@inheritdoc}
     */
    protected function mapUserToObject(array $user): User
    {
        return (new User)->setRaw($user)->map([
            'id'       => Arr::get($user, 'sub'),
            'nickname' => Arr::get($user, 'preferred_username') ?? Arr::get($user, 'email'),
            'name'     => Arr::get($user, 'name'),
            'email'    => Arr::get($user, 'email'),
            'avatar'   => Arr::get($user, 'picture'),
        ]);
    }

    /**
     * {@inheritdoc}
     */
    protected function getTokenFields($code): array
    {
        return array_merge(parent::getTokenFields($code), [
            'grant_type' => 'authorization_code',
        ]);
    }

    /**
     * Get the base Duo SSO URL with an optional appended path.
     *
     * @param  string  $path
     * @return string
     *
     * @throws InvalidArgumentException
     */
    protected function getDuoUrl(string $path = ''): string
    {
        $domain = $this->getConfig('domain');

        if (empty($domain)) {
            throw new InvalidArgumentException('Duo SSO domain is required. Set DUO_DOMAIN in your .env file.');
        }

        // Supporting both full URL and subdomain
        $baseUrl = (string) Str::startsWith($domain, ['http://', 'https://'])
            ? Str::of($domain)->rtrim('/')->value()
            : Str::of($domain)
                ->rtrim('.')
                ->prepend('https://')
                ->append('.sso.duosecurity.com')
                ->value();

        return $baseUrl.$path;
    }
}