mirrored from git://git.moodle.org/moodle.git
-
Notifications
You must be signed in to change notification settings - Fork 6.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'MDL-51531-master' of git://github.com/damyon/moodle
- Loading branch information
Showing
128 changed files
with
53,084 additions
and
8,910 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,146 @@ | ||
<?php | ||
/* | ||
* Copyright 2014 Google Inc. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
if (!class_exists('Google_Client')) { | ||
require_once dirname(__FILE__) . '/../autoload.php'; | ||
} | ||
|
||
/** | ||
* Authentication via built-in Compute Engine service accounts. | ||
* The instance must be pre-configured with a service account | ||
* and the appropriate scopes. | ||
* @author Jonathan Parrott <jon.wayne.parrott@gmail.com> | ||
*/ | ||
class Google_Auth_ComputeEngine extends Google_Auth_Abstract | ||
{ | ||
const METADATA_AUTH_URL = | ||
'http://metadata/computeMetadata/v1/instance/service-accounts/default/token'; | ||
private $client; | ||
private $token; | ||
|
||
public function __construct(Google_Client $client, $config = null) | ||
{ | ||
$this->client = $client; | ||
} | ||
|
||
/** | ||
* Perform an authenticated / signed apiHttpRequest. | ||
* This function takes the apiHttpRequest, calls apiAuth->sign on it | ||
* (which can modify the request in what ever way fits the auth mechanism) | ||
* and then calls apiCurlIO::makeRequest on the signed request | ||
* | ||
* @param Google_Http_Request $request | ||
* @return Google_Http_Request The resulting HTTP response including the | ||
* responseHttpCode, responseHeaders and responseBody. | ||
*/ | ||
public function authenticatedRequest(Google_Http_Request $request) | ||
{ | ||
$request = $this->sign($request); | ||
return $this->client->getIo()->makeRequest($request); | ||
} | ||
|
||
/** | ||
* @param string $token | ||
* @throws Google_Auth_Exception | ||
*/ | ||
public function setAccessToken($token) | ||
{ | ||
$token = json_decode($token, true); | ||
if ($token == null) { | ||
throw new Google_Auth_Exception('Could not json decode the token'); | ||
} | ||
if (! isset($token['access_token'])) { | ||
throw new Google_Auth_Exception("Invalid token format"); | ||
} | ||
$token['created'] = time(); | ||
$this->token = $token; | ||
} | ||
|
||
public function getAccessToken() | ||
{ | ||
return json_encode($this->token); | ||
} | ||
|
||
/** | ||
* Acquires a new access token from the compute engine metadata server. | ||
* @throws Google_Auth_Exception | ||
*/ | ||
public function acquireAccessToken() | ||
{ | ||
$request = new Google_Http_Request( | ||
self::METADATA_AUTH_URL, | ||
'GET', | ||
array( | ||
'Metadata-Flavor' => 'Google' | ||
) | ||
); | ||
$request->disableGzip(); | ||
$response = $this->client->getIo()->makeRequest($request); | ||
|
||
if ($response->getResponseHttpCode() == 200) { | ||
$this->setAccessToken($response->getResponseBody()); | ||
$this->token['created'] = time(); | ||
return $this->getAccessToken(); | ||
} else { | ||
throw new Google_Auth_Exception( | ||
sprintf( | ||
"Error fetching service account access token, message: '%s'", | ||
$response->getResponseBody() | ||
), | ||
$response->getResponseHttpCode() | ||
); | ||
} | ||
} | ||
|
||
/** | ||
* Include an accessToken in a given apiHttpRequest. | ||
* @param Google_Http_Request $request | ||
* @return Google_Http_Request | ||
* @throws Google_Auth_Exception | ||
*/ | ||
public function sign(Google_Http_Request $request) | ||
{ | ||
if ($this->isAccessTokenExpired()) { | ||
$this->acquireAccessToken(); | ||
} | ||
|
||
$this->client->getLogger()->debug('Compute engine service account authentication'); | ||
|
||
$request->setRequestHeaders( | ||
array('Authorization' => 'Bearer ' . $this->token['access_token']) | ||
); | ||
|
||
return $request; | ||
} | ||
|
||
/** | ||
* Returns if the access_token is expired. | ||
* @return bool Returns True if the access_token is expired. | ||
*/ | ||
public function isAccessTokenExpired() | ||
{ | ||
if (!$this->token || !isset($this->token['created'])) { | ||
return true; | ||
} | ||
|
||
// If the token is set to expire in the next 30 seconds. | ||
$expired = ($this->token['created'] | ||
+ ($this->token['expires_in'] - 30)) < time(); | ||
|
||
return $expired; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.