From ae4dc3906f54fa792b296036d7b3dcea9a4d259b Mon Sep 17 00:00:00 2001
From: Joel Butcher <joelbutcher@users.noreply.github.com>
Date: Fri, 20 Dec 2024 02:14:05 +0000
Subject: [PATCH] Merge commit from fork

---
 resources/views/oauth/prompt.blade.php    | 47 +++++++++++++++++
 routes/web.php                            | 12 +++++
 src/Actions/AuthenticateOAuthCallback.php | 14 +++--
 src/Http/Controllers/OAuthController.php  | 62 +++++++++++++++++++++++
 src/SocialstreamServiceProvider.php       |  1 +
 5 files changed, 128 insertions(+), 8 deletions(-)
 create mode 100644 resources/views/oauth/prompt.blade.php
 create mode 100644 routes/web.php

diff --git a/resources/views/oauth/prompt.blade.php b/resources/views/oauth/prompt.blade.php
new file mode 100644
index 00000000..371e7b28
--- /dev/null
+++ b/resources/views/oauth/prompt.blade.php
@@ -0,0 +1,47 @@
+<!DOCTYPE html>
+<html lang="{{ str_replace('_', '-', app()->getLocale()) }}">
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+
+    <title>Laravel</title>
+
+    <!-- Fonts -->
+    <link rel="preconnect" href="https://fonts.bunny.net">
+    <link href="https://fonts.bunny.net/css?family=figtree:400,500,600&display=swap" rel="stylesheet" />
+
+    <!-- Styles / Scripts -->
+    <script src="https://cdn.tailwindcss.com"></script>
+</head>
+<body class="font-sans antialiased">
+    <div class=" min-h-screen bg-gray-100 flex justify-center items-center dark:bg-gray-900">
+        <div class="w-full sm:max-w-sm bg-white dark:bg-gray-800 overflow-hidden shadow-xl sm:rounded-lg px-6 py-4">
+            <h2 class="mb-4 font-semibold text-xl text-gray-800 dark:text-gray-200 leading-tight">
+                Confirm connection of your {{ \JoelButcher\Socialstream\Providers::name($provider) }} account.
+            </h2>
+
+            <form method="POST" action="{{ route('oauth.callback.confirm', $provider) }}">
+                @csrf
+                <p class="text-sm text-gray-600 dark:text-gray-400">
+                    @if (config('socialstream.confirmation-prompt'))
+                        {{ config('socialstream.confirmation-prompt') }}
+                    @else
+                        To ensure you are the account owner of this {{ \JoelButcher\Socialstream\Providers::name($provider) }} account,
+                        please confirm or deny the request below to link this provider to your account.
+                    @endif
+                </p>
+
+                <div class="mt-4 flex items-center justify-between">
+                    <button type="submit" name="result" value="deny" class="inline-flex items-center justify-center px-4 py-2 bg-red-600 border border-transparent rounded-md font-semibold text-xs text-white uppercase tracking-widest hover:bg-red-500 active:bg-red-700 focus:outline-none focus:ring-2 focus:ring-red-500 focus:ring-offset-2 dark:focus:ring-offset-gray-800 transition ease-in-out duration-150">
+                        Deny
+                    </button>
+
+                    <button type="submit" name="result" value="confirm" class="inline-flex items-center px-4 py-2 bg-gray-800 dark:bg-gray-200 border border-transparent rounded-md font-semibold text-xs text-white dark:text-gray-800 uppercase tracking-widest hover:bg-gray-700 dark:hover:bg-white focus:bg-gray-700 dark:focus:bg-white active:bg-gray-900 dark:active:bg-gray-300 focus:outline-none focus:ring-2 focus:ring-indigo-500 focus:ring-offset-2 dark:focus:ring-offset-gray-800 disabled:opacity-50 transition ease-in-out duration-150">
+                        Confirm
+                    </button>
+                </div>
+            </form>
+        </div>
+    </div>
+</body>
+</html>
diff --git a/routes/web.php b/routes/web.php
new file mode 100644
index 00000000..dcc6b596
--- /dev/null
+++ b/routes/web.php
@@ -0,0 +1,12 @@
+<?php
+
+use Illuminate\Support\Facades\Route;
+use JoelButcher\Socialstream\Http\Controllers\OAuthController;
+
+
+Route::group(['middleware' => config('socialstream.middleware', ['web'])], function () {
+    Route::get('/oauth/{provider}/callback/prompt', [OAuthController::class, 'prompt'])->name('oauth.callback.prompt');
+    Route::post('/oauth/{provider}/callback/confirm', [OAuthController::class, 'confirm'])->name(
+        'oauth.callback.confirm'
+    );
+});
diff --git a/src/Actions/AuthenticateOAuthCallback.php b/src/Actions/AuthenticateOAuthCallback.php
index c874a288..f44cd0c4 100644
--- a/src/Actions/AuthenticateOAuthCallback.php
+++ b/src/Actions/AuthenticateOAuthCallback.php
@@ -65,7 +65,10 @@ public function authenticate(string $provider, ProviderUser $providerAccount): S
     {
         // If the user is authenticated, link the provider to the authenticated user.
         if ($user = auth()->user()) {
-            return $this->link($user, $provider, $providerAccount);
+            // cache the provider account for 10 mins whilst the user is redirected to the confirmation screen.
+            cache()->put("socialstream.{$user->id}:$provider.provider", $providerAccount, ttl: new \DateInterval('PT10M'));
+
+            return redirect()->route('oauth.callback.prompt', $provider);
         }
 
         // Check if the user has an existing OAuth account.
@@ -198,16 +201,11 @@ function ($request, $next) {
         ]));
     }
 
-    /**
-     * Attempt to link the provider to the authenticated user.
-     *
-     * Attempt to link the provider with the authenticated user.
-     */
-    private function link(Authenticatable $user, string $provider, ProviderUser $providerAccount): SocialstreamResponse
+    public function link(Authenticatable $user, string $provider, ProviderUser $providerAccount): SocialstreamResponse
     {
         $account = Socialstream::findConnectedAccountForProviderAndId($provider, $providerAccount->getId());
 
-        if ($account && $user?->id !== $account->user_id) {
+        if ($account && $user->id !== $account->user_id) {
             event(new OAuthProviderLinkFailed($user, $provider, $account, $providerAccount));
 
             $this->flashError(
diff --git a/src/Http/Controllers/OAuthController.php b/src/Http/Controllers/OAuthController.php
index 17d5b9ea..8414a78f 100644
--- a/src/Http/Controllers/OAuthController.php
+++ b/src/Http/Controllers/OAuthController.php
@@ -2,17 +2,25 @@
 
 namespace JoelButcher\Socialstream\Http\Controllers;
 
+use Illuminate\Contracts\View\View;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
 use Illuminate\Http\Response;
 use Illuminate\Routing\Controller;
+use Illuminate\Support\Facades\Cache;
 use Illuminate\Support\Facades\Session;
+use Illuminate\Support\MessageBag;
+use Illuminate\Support\ViewErrorBag;
 use JoelButcher\Socialstream\Contracts\AuthenticatesOAuthCallback;
 use JoelButcher\Socialstream\Contracts\GeneratesProviderRedirect;
 use JoelButcher\Socialstream\Contracts\HandlesInvalidState;
 use JoelButcher\Socialstream\Contracts\HandlesOAuthCallbackErrors;
 use JoelButcher\Socialstream\Contracts\ResolvesSocialiteUsers;
 use JoelButcher\Socialstream\Contracts\SocialstreamResponse;
+use JoelButcher\Socialstream\Events\OAuthProviderLinkFailed;
+use JoelButcher\Socialstream\Http\Responses\OAuthProviderLinkFailedResponse;
+use JoelButcher\Socialstream\Providers;
+use Laravel\Jetstream\Jetstream;
 use Laravel\Socialite\Two\InvalidStateException;
 use Symfony\Component\HttpFoundation\RedirectResponse as SymfonyRedirectResponse;
 
@@ -59,4 +67,58 @@ public function callback(Request $request, string $provider): SocialstreamRespon
 
         return $this->authenticator->authenticate($provider, $providerAccount);
     }
+
+    /**
+     * Show the oauth confirmation page.
+     */
+    public function prompt(string $provider): View
+    {
+        return view('socialstream::oauth.prompt', [
+            'provider' => $provider,
+        ]);
+    }
+
+    public function confirm(string $provider): SocialstreamResponse|RedirectResponse
+    {
+        $user = auth()->user();
+        $providerAccount = cache()->pull("socialstream.{$user->id}:$provider.provider");
+
+        $result = request()->input('result');
+
+        if ($result === 'deny') {
+            event(new OAuthProviderLinkFailed($user, $provider, null, $providerAccount));
+
+            $this->flashError(
+                __('Failed to link :provider account. User denied request.', ['provider' => Providers::name($provider)]),
+            );
+
+            return app(OAuthProviderLinkFailedResponse::class);
+        }
+
+        if (!$providerAccount) {
+            throw new \DomainException(
+                message: 'Could not retrieve social provider information.'
+            );
+        }
+
+        return $this->authenticator->link($user, $provider, $providerAccount);
+    }
+
+    private function flashError(string $error): void
+    {
+        if (auth()->check()) {
+            if (class_exists(Jetstream::class)) {
+                Session::flash('flash.banner', $error);
+                Session::flash('flash.bannerStyle', 'danger');
+
+                return;
+            }
+        }
+
+        Session::flash('errors', (new ViewErrorBag())->put(
+            'default',
+            new MessageBag(['socialstream' => $error])
+        ));
+    }
+
 }
diff --git a/src/SocialstreamServiceProvider.php b/src/SocialstreamServiceProvider.php
index 1ecb4826..0a9ea12c 100644
--- a/src/SocialstreamServiceProvider.php
+++ b/src/SocialstreamServiceProvider.php
@@ -141,6 +141,7 @@ private function configureRoutes(): void
             'domain' => config('socialstream.domain'),
             'prefix' => config('socialstream.prefix', config('socialstream.path')),
         ], function () {
+            $this->loadRoutesFrom(path: __DIR__.'/../routes/web.php');
             $this->loadRoutesFrom(path: __DIR__.'/../routes/'.config('jetstream.stack', 'livewire').'.php');
         });
     }