[5.x] confirm account link for logged in users (#391)

Author: joelbutcher

config/socialstream.php

@@ -6,6 +6,7 @@
 return [
     'middleware' => ['web'],
     'prompt' => 'Or Login Via',
+    'confirmation-prompt' => null,
     'providers' => [
         // Providers::github(),
     ],

resources/views/oauth/prompt.blade.php

@@ -0,0 +1,47 @@
+<!DOCTYPE html>
+<html lang="{{ str_replace('_', '-', app()->getLocale()) }}">
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+
+    <title>Laravel</title>
+
+    <!-- Fonts -->
+    <link rel="preconnect" href="https://fonts.bunny.net">
+    <link href="https://fonts.bunny.net/css?family=figtree:400,500,600&display=swap" rel="stylesheet" />
+
+    <!-- Styles / Scripts -->
+    <script src="https://cdn.tailwindcss.com"></script>
+</head>
+<body class="font-sans antialiased">
+<div class=" min-h-screen bg-gray-100 flex justify-center items-center dark:bg-gray-900">
+    <div class="w-full sm:max-w-sm bg-white dark:bg-gray-800 overflow-hidden shadow-xl sm:rounded-lg px-6 py-4">
+        <h2 class="mb-4 font-semibold text-xl text-gray-800 dark:text-gray-200 leading-tight">
+            Confirm connection of your {{ \JoelButcher\Socialstream\Providers::name($provider) }} account.
+        </h2>
+
+        <form method="POST" action="{{ route('oauth.callback.confirm', $provider) }}">
+            @csrf
+            <p class="text-sm text-gray-600 dark:text-gray-400">
+                @if (config('socialstream.confirmation-prompt'))
+                    {{ config('socialstream.confirmation-prompt') }}
+                @else
+                    To ensure you are the account owner of this {{ \JoelButcher\Socialstream\Providers::name($provider) }} account,
+                    please confirm or deny the request below to link this provider to your account.
+                @endif
+            </p>
+
+            <div class="mt-4 flex items-center justify-between">
+                <button type="submit" name="result" value="deny" class="inline-flex items-center justify-center px-4 py-2 bg-red-600 border border-transparent rounded-md font-semibold text-xs text-white uppercase tracking-widest hover:bg-red-500 active:bg-red-700 focus:outline-none focus:ring-2 focus:ring-red-500 focus:ring-offset-2 dark:focus:ring-offset-gray-800 transition ease-in-out duration-150">
+                    Deny
+                </button>
+
+                <button type="submit" name="result" value="confirm" class="inline-flex items-center px-4 py-2 bg-gray-800 dark:bg-gray-200 border border-transparent rounded-md font-semibold text-xs text-white dark:text-gray-800 uppercase tracking-widest hover:bg-gray-700 dark:hover:bg-white focus:bg-gray-700 dark:focus:bg-white active:bg-gray-900 dark:active:bg-gray-300 focus:outline-none focus:ring-2 focus:ring-indigo-500 focus:ring-offset-2 dark:focus:ring-offset-gray-800 disabled:opacity-50 transition ease-in-out duration-150">
+                    Confirm
+                </button>
+            </div>
+        </form>
+    </div>
+</div>
+</body>
+</html>

src/Actions/AuthenticateOAuthCallback.php

@@ -136,7 +136,7 @@ protected function login(Authenticatable $user, mixed $account, string $provider
     /**
      * Attempt to link the provider to the authenticated user.
      */
-    private function linkProvider(Authenticatable $user, string $provider, ProviderUser $providerAccount): SocialstreamResponse
+    public function linkProvider(Authenticatable $user, string $provider, ProviderUser $providerAccount): SocialstreamResponse
     {
         $account = $this->findAccount($provider, $providerAccount);
 

src/Filament/web.php

@@ -0,0 +1,12 @@
+<?php
+
+use Illuminate\Support\Facades\Route;
+use JoelButcher\Socialstream\Http\Controllers\OAuthController;
+
+
+Route::group(['middleware' => config('socialstream.middleware', ['web'])], function () {
+    Route::get('/oauth/{provider}/callback/prompt', [OAuthController::class, 'prompt'])->name('oauth.callback.prompt');
+    Route::post('/oauth/{provider}/callback/confirm', [OAuthController::class, 'confirm'])->name(
+        'oauth.callback.confirm'
+    );
+});

src/HasProfilePhoto.php

@@ -2,16 +2,24 @@
 
 namespace JoelButcher\Socialstream\Http\Controllers;
 
+use Illuminate\Contracts\View\View;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
 use Illuminate\Http\Response;
 use Illuminate\Routing\Controller;
+use Illuminate\Support\Facades\Session;
+use Illuminate\Support\MessageBag;
+use Illuminate\Support\ViewErrorBag;
 use JoelButcher\Socialstream\Contracts\AuthenticatesOAuthCallback;
 use JoelButcher\Socialstream\Contracts\GeneratesProviderRedirect;
 use JoelButcher\Socialstream\Contracts\HandlesInvalidState;
 use JoelButcher\Socialstream\Contracts\HandlesOAuthCallbackErrors;
+use JoelButcher\Socialstream\Contracts\OAuthProviderLinkFailedResponse;
 use JoelButcher\Socialstream\Contracts\ResolvesSocialiteUsers;
 use JoelButcher\Socialstream\Contracts\SocialstreamResponse;
+use JoelButcher\Socialstream\Events\OAuthProviderLinkFailed;
+use JoelButcher\Socialstream\Providers;
+use Laravel\Jetstream\Jetstream;
 use Laravel\Socialite\Two\InvalidStateException;
 use Symfony\Component\HttpFoundation\RedirectResponse as SymfonyRedirectResponse;
 
@@ -58,4 +66,57 @@ public function callback(Request $request, string $provider): SocialstreamRespon
 
         return $this->authenticator->authenticate($provider, $providerAccount);
     }
+
+    /**
+     * Show the oauth confirmation page.
+     */
+    public function prompt(string $provider): View
+    {
+        return view('socialstream::oauth.prompt', [
+            'provider' => $provider,
+        ]);
+    }
+
+    public function confirm(string $provider): SocialstreamResponse|RedirectResponse
+    {
+        $user = auth()->user();
+        $providerAccount = cache()->pull("socialstream.{$user->id}:$provider.provider");
+
+        $result = request()->input('result');
+
+        if ($result === 'deny') {
+            event(new OAuthProviderLinkFailed($user, $provider, null, $providerAccount));
+
+            $this->flashError(
+                __('Failed to link :provider account. User denied the request.', ['provider' => Providers::name($provider)]),
+            );
+
+            return app(OAuthProviderLinkFailedResponse::class);
+        }
+
+        if (!$providerAccount) {
+            throw new \DomainException(
+                message: 'Could not retrieve social provider information.'
+            );
+        }
+
+        return $this->authenticator->linkProvider($user, $provider, $providerAccount);
+    }
+
+    private function flashError(string $error): void
+    {
+        if (auth()->check()) {
+            if (class_exists(Jetstream::class)) {
+                Session::flash('flash.banner', $error);
+                Session::flash('flash.bannerStyle', 'danger');
+
+                return;
+            }
+        }
+
+        Session::flash('errors', (new ViewErrorBag())->put(
+            'default',
+            new MessageBag(['socialstream' => $error])
+        ));
+    }
 }

src/Http/Controllers/OAuthController.php

@@ -68,7 +68,7 @@ class User extends Authenticatable
     /**
      * Get the URL to the user's profile photo.
      */
-    public function profilePhotoUrl(): Attribute
+    protected function profilePhotoUrl(): Attribute
     {
         return filter_var($this->profile_photo_path, FILTER_VALIDATE_URL)
             ? Attribute::get(fn () => $this->profile_photo_path)

stubs/jetstream/app/Models/User.php

@@ -70,7 +70,7 @@ class User extends Authenticatable
     /**
      * Get the URL to the user's profile photo.
      */
-    public function profilePhotoUrl(): Attribute
+    protected function profilePhotoUrl(): Attribute
     {
         return filter_var($this->profile_photo_path, FILTER_VALIDATE_URL)
             ? Attribute::get(fn () => $this->profile_photo_path)