From 17eb395c848712a516dfd1a4bcb9a522761d67cc Mon Sep 17 00:00:00 2001
From: Guilherme Saade <saade@outlook.com.br>
Date: Tue, 28 Feb 2023 19:03:48 -0300
Subject: [PATCH] add GovBR oauth2 provider (#983)

Co-authored-by: atymic <atymicq@gmail.com>
---
 GovBRExtendSocialite.php |  18 +++++
 Provider.php             | 142 +++++++++++++++++++++++++++++++++++++++
 README.md                |  55 +++++++++++++++
 composer.json            |  33 +++++++++
 4 files changed, 248 insertions(+)
 create mode 100644 GovBRExtendSocialite.php
 create mode 100644 Provider.php
 create mode 100644 README.md
 create mode 100644 composer.json

diff --git a/GovBRExtendSocialite.php b/GovBRExtendSocialite.php
new file mode 100644
index 0000000..e25f33b
--- /dev/null
+++ b/GovBRExtendSocialite.php
@@ -0,0 +1,18 @@
+<?php
+
+namespace SocialiteProviders\GovBR;
+
+use SocialiteProviders\Manager\SocialiteWasCalled;
+
+class GovBRExtendSocialite
+{
+    /**
+     * Register the provider.
+     *
+     * @param \SocialiteProviders\Manager\SocialiteWasCalled $socialiteWasCalled
+     */
+    public function handle(SocialiteWasCalled $socialiteWasCalled)
+    {
+        $socialiteWasCalled->extendSocialite('govbr', Provider::class);
+    }
+}
diff --git a/Provider.php b/Provider.php
new file mode 100644
index 0000000..bcf1875
--- /dev/null
+++ b/Provider.php
@@ -0,0 +1,142 @@
+<?php
+
+namespace SocialiteProviders\GovBR;
+
+use RuntimeException;
+use SocialiteProviders\Manager\Contracts\OAuth2\ProviderInterface;
+use SocialiteProviders\Manager\OAuth2\AbstractProvider;
+use SocialiteProviders\Manager\OAuth2\User;
+
+class Provider extends AbstractProvider implements ProviderInterface
+{
+    /**
+     * Unique Provider Identifier.
+     */
+    const IDENTIFIER = 'GOVBR';
+
+    const SCOPE_OPENID = 'openid';
+
+    const SCOPE_EMAIL = 'email';
+
+    const SCOPE_PROFILE = 'profile';
+
+    const SCOPE_GOVBR_EMPRESA = 'govbr_empresa';
+
+    const SCOPE_GOVBR_CONFIABILIDADES = 'govbr_confiabilidades';
+
+    /**
+     * Staging URL.
+     *
+     * @var string
+     */
+    protected $stagingUrl = 'https://sso.staging.acesso.gov.br';
+
+    /**
+     * Production URL.
+     *
+     * @var string
+     */
+    protected $productionUrl = 'https://sso.acesso.gov.br';
+
+    /**
+     * {@inheritdoc}
+     */
+    protected $scopeSeparator = ' ';
+
+    /**
+     * {@inheritdoc}
+     */
+    protected $scopes = [
+        self::SCOPE_OPENID,
+        self::SCOPE_EMAIL,
+        self::SCOPE_PROFILE,
+        self::SCOPE_GOVBR_CONFIABILIDADES,
+    ];
+
+    /**
+     * {@inheritdoc}
+     */
+    protected $usesPKCE = true;
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function getAuthUrl($state)
+    {
+        return $this->buildAuthUrlFromBase($this->getBaseUrlForEnvironment().'/authorize', $state);
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function getTokenUrl()
+    {
+        return $this->getBaseUrlForEnvironment().'/token';
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function getUserByToken($token)
+    {
+        $response = $this->getHttpClient()->get($this->getBaseUrlForEnvironment().'/userinfo', [
+            'headers' => [
+                'Authorization' => 'Bearer '.$token,
+            ],
+        ]);
+
+        return json_decode($response->getBody(), true);
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function mapUserToObject(array $user)
+    {
+        return (new User())->setRaw($user)->map([
+            'id'                    => $user['sub'],
+            'cpf'                   => $user['sub'],
+            'name'                  => $user['name'],
+            'email'                 => $user['email'] ?? null,
+            'email_verified'        => $user['email_verified'] ?? null,
+            'phone_number'          => $user['phone_number'] ?? null,
+            'phone_number_verified' => $user['phone_number_verified'] ?? null,
+            'avatar_url'            => $user['picture'] ?? null,
+            'profile'               => $user['profile'] ?? null,
+        ]);
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function getTokenFields($code)
+    {
+        return array_merge(parent::getTokenFields($code), [
+            'grant_type' => 'authorization_code',
+        ]);
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public static function additionalConfigKeys()
+    {
+        return ['environment'];
+    }
+
+    /**
+     * Get the URL for the given environment.
+     *
+     * @throws RuntimeException
+     */
+    protected function getBaseUrlForEnvironment(): string
+    {
+        $environment = $this->getConfig('environment', 'production');
+
+        return match ($environment) {
+            'staging'    => $this->stagingUrl,
+            'production' => $this->productionUrl,
+            default      => throw new RuntimeException("Invalid environment '{$environment}' selected for GovBR provider."),
+        };
+    }
+}
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..bb7ae14
--- /dev/null
+++ b/README.md
@@ -0,0 +1,55 @@
+# GovBR
+
+```bash
+composer require socialiteproviders/govbr
+```
+
+## Installation & Basic Usage
+
+Please see the [Base Installation Guide](https://socialiteproviders.com/usage/), then follow the provider specific instructions below.
+
+### Add configuration to `config/services.php`
+
+```php
+'govbr' => [
+    'client_id' => env('GOVBR_CLIENT_ID'),
+    'client_secret' => env('GOVBR_CLIENT_SECRET'),
+    'redirect' => env('GOVBR_REDIRECT_URI'),
+    'environment' => env('GOVBR_ENVIRONMENT', 'production'),
+],
+```
+
+### Add provider event listener
+
+Configure the package's listener to listen for `SocialiteWasCalled` events.
+
+Add the event to your `listen[]` array in `app/Providers/EventServiceProvider`. See the [Base Installation Guide](https://socialiteproviders.com/usage/) for detailed instructions.
+
+```php
+protected $listen = [
+    \SocialiteProviders\Manager\SocialiteWasCalled::class => [
+        // ... other providers
+        \SocialiteProviders\GovBR\GovBRExtendSocialite::class.'@handle',
+    ],
+];
+```
+
+### Usage
+
+You should now be able to use the provider like you would regularly use Socialite (assuming you have the facade installed):
+
+```php
+return Socialite::driver('govbr')->redirect();
+```
+
+### Returned User fields
+
+-   `id`
+-   `cpf`
+-   `name`
+-   `email`
+-   `email_verified`
+-   `phone_number`
+-   `phone_number_verified`
+-   `avatar_url`
+-   `profile`
diff --git a/composer.json b/composer.json
new file mode 100644
index 0000000..4ff2378
--- /dev/null
+++ b/composer.json
@@ -0,0 +1,33 @@
+{
+    "name": "socialiteproviders/govbr",
+    "description": "GovBR OAuth2 Provider for Laravel Socialite",
+    "keywords": [
+        "laravel",
+        "govbr",
+        "oauth",
+        "provider",
+        "socialite"
+    ],
+    "license": "MIT",
+    "authors": [
+        {
+            "name": "Saade",
+            "email": "saade@outlook.com.br"
+        }
+    ],
+    "support": {
+        "issues": "https://github.com/socialiteproviders/providers/issues",
+        "source": "https://github.com/socialiteproviders/providers",
+        "docs": "https://socialiteproviders.com/govbr"
+    },
+    "require": {
+        "php": "^8.0",
+        "socialiteproviders/manager": "~4.0",
+        "ext-json": "*"
+    },
+    "autoload": {
+        "psr-4": {
+            "SocialiteProviders\\GovBR\\": ""
+        }
+    }
+}