Swtich to serverside auth

DeuxHuitHuit · Jun 4, 2015 · dc9eda3 · dc9eda3
1 parent 6007ae4
commit dc9eda3
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 62 deletions.
diff --git a/content/content.index.php b/content/content.index.php
@@ -44,10 +44,13 @@ public function build() {
 			$config = unserialize($panel['config']);
 			$client = extension_google_analytics_dashboard::createClient($config, $panel['id']);
 
-			if (!isset($config['access-token'])) {
-				$auth_url = $client->createAuthUrl();
+			if (!isset($config['at'])) {
+				$config['at'] = $client->getAccessToken();
+			}
+
+			if (!($at = @json_decode($config['at']))) {
 				$html = <<<HTML
-<a href="$auth_url" target="_top">Authenticate</a>
+<h1>Server auth failed! Please check your configuration and make sure you have a valid access token</h1>
 HTML;
 			}
 			else {
@@ -69,11 +72,12 @@ public function build() {
 
 <script>
 gapi.analytics.ready(function() {
-  var CLIENT_ID = '$CLIENT_ID';
   gapi.analytics.auth.authorize({
-    container: 'auth-button',
-    clientid: CLIENT_ID,
+    serverAuth: {
+      access_token: '$at->access_token'
+    }
   });
+  console.log('Autorized ? ' + gapi.analytics.auth.isAuthorized());
   var viewSelector = new gapi.analytics.ViewSelector({
     container: 'view-selector'
   });
@@ -90,10 +94,6 @@ public function build() {
       container: 'timeline'
     }
   });
-  gapi.analytics.auth.on('success', function(response) {
-    viewSelector.execute();
-  });
-
   viewSelector.on('change', function(ids) {
     var newIds = {
       query: {
@@ -102,6 +102,7 @@ public function build() {
     }
     timeline.set(newIds).execute();
   });
+  viewSelector.execute();
 });
 </script>
 

diff --git a/content/content.oauth.php b/content/content.oauth.php
diff --git a/extension.driver.php b/extension.driver.php
@@ -93,15 +93,10 @@ public function dashboard_panel_options($context) {
 			$fieldset = new XMLElement('fieldset', NULL, array('class' => 'settings two cols'));
 			$fieldset->appendChild(new XMLElement('legend', 'Google Analytics Options'));
 
-			$label = Widget::Label('Google Analytics Client ID', Widget::Input('config[cid]', $config['cid']));
+			$label = Widget::Label('Google Analytics Service account email', Widget::Input('config[email]', $config['email']));
 			$fieldset->appendChild($label);
 
-			$label = Widget::Label('Google Analytics Client Secret', Widget::Input('config[csec]', $config['csec']));
-			$fieldset->appendChild($label);
-
-			$client = static::createClient($config, $context['id']);
-			$auth = Widget::Anchor('Get a token', $client->createAuthUrl());
-			$label = Widget::Label('Google Access Token ' . $auth->generate(), Widget::Input('config[at]', $config['at'], null, array('disabled' => 'disabled')));
+			$label = Widget::Label('Google Analytics p12 key file path', Widget::Input('config[keyfile]', $config['keyfile']));
 			$fieldset->appendChild($label);
 
 			$label = Widget::Label('Height (include units)', Widget::Input('config[height]', $config['height']));
@@ -120,7 +115,13 @@ public function dashboard_panel_validate($context) {
 			if (isset($_POST['default']) && $_POST['default'] == 'on') {
 				$config = $context['existing_config'];
 				$handle = General::createHandle(self::EXT_NAME);
-				Symphony::Configuration()->set($handle, $config);
+				$client = static::createClient($config, $context['id']);
+				if (!isset($config['at'])) {
+					$config['at'] = $client->getAccessToken();
+				}
+				foreach ($config as $key => $value) {
+					Symphony::Configuration()->set($key, $value, $handle);
+				}
 				Symphony::Configuration()->write();
 			}
 		}
@@ -129,11 +130,18 @@ public function dashboard_panel_validate($context) {
 
 		public static function createClient(array $config, $panelId) {
 			$client = new Google_Client();
-			$client->setClientId($config['cid']);
-			//$client->setClientSecret($config['csec']);
-			$client->setScopes('https://www.googleapis.com/auth/analytics.readonly');
-			$client->setAccessType('offline');
-			$client->setRedirectUri(APPLICATION_URL . self::URL . 'oauth/?p=' . $panelId);
+			$key = @file_get_contents($config['keyfile']);
+			if (!!$key) {
+				$cred = new Google_Auth_AssertionCredentials(
+					$config['email'],
+					array(Google_Service_Analytics::ANALYTICS_READONLY),
+					$key
+				);
+				$client->setAssertionCredentials($cred);
+				if ($client->getAuth()->isAccessTokenExpired()) {
+					$client->getAuth()->refreshTokenWithAssertion($cred);
+				}
+			}
 			return $client;
 		}