From 37df5aa0e903a737d9256ee3c46abff3e2266d49 Mon Sep 17 00:00:00 2001
From: Markus Birth <mbirth@gmail.com>
Date: Wed, 13 Jul 2016 22:17:56 +0200
Subject: [PATCH] Move session management to separate class.

---
 index.php                  |  59 +++++----------------
 lib/Frs/SessionManager.php | 102 +++++++++++++++++++++++++++++++++++++
 2 files changed, 116 insertions(+), 45 deletions(-)
 create mode 100644 lib/Frs/SessionManager.php

diff --git a/index.php b/index.php
index bd3590c..ee6e5dd 100644
--- a/index.php
+++ b/index.php
@@ -3,6 +3,7 @@
 require_once __DIR__ . '/vendor' . '/autoload.php';
 
 use \Frs\FieldDefinition;
+use \Frs\SessionManager;
 use \Frs\Output\HtmlOutput;
 use \Frs\Output\MailOutput;
 
@@ -12,11 +13,7 @@ $data = array(
     'session_time_left' => 0,
 );
 
-$client = new Google_Client();
-$client->setAuthConfigFile('client_secret.json');
-$client->addScope(Google_Service_Oauth2::USERINFO_EMAIL);
-
-session_start();
+$sm = new SessionManager();
 
 $action = '';
 if (isset($_GET['action'])) {
@@ -26,11 +23,7 @@ $data['action']    = $action;
 $data['action_uc'] = ucwords($action);
 
 if (isset($_GET['code']) && $_GET['code']) {
-    // Validate OAuth2 result, set access token and redirect to self
-    $client->authenticate($_GET['code']);
-    $_SESSION['access_token'] = $client->getAccessToken();
-    header('Location: ' . $client->getRedirectUri());
-    exit(0);
+    $sm->authAndRedirect($_GET['code']);  // exits
 }
 
 $tpl_done = false;
@@ -38,30 +31,18 @@ $tpl_done = false;
 // route pages that work with and without login
 switch ($action) {
     case 'logout':
-        // Delete session and redirect to self
-        #$client->setAccessToken($_SESSION['access_token']);
-        #$client->revokeToken();   // removed granted permissions from account
-        $_SESSION = array();
-        if (ini_get('session.use_cookies')) {
-            $params = session_get_cookie_params();
-            setcookie(session_name(), '', time()-42000, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
-        }
-        session_destroy();
-        header('Location: ' . $client->getRedirectUri());
-        exit(0);
+        $sm->logoutAndRedirect();  // exits
     case 'faq':
         $ho->setTemplate('faq_html');
         $tpl_done = true;
         break;
     case 'send':
-        // Store input in session
-        $form_type = $_POST['form_type'];
-        $skey = 'form_' . $form_type;
-        $_SESSION[$skey] = $_POST;
+        // Store input in session, in case the token timed out
+        $sm->storeFormData($_POST['form_type']);
         break;
 }
 
-if (!$tpl_done && isset($_SESSION['access_token']) && $_SESSION['access_token']) {
+if (!$tpl_done && $sm->hasSessionToken()) {
     // Authenticated
     $created = $_SESSION['access_token']['created'];
     $expires = $_SESSION['access_token']['expires_in'];
@@ -70,31 +51,19 @@ if (!$tpl_done && isset($_SESSION['access_token']) && $_SESSION['access_token'])
     $data['session_expires'] = $expires;
     $data['session_time_left'] = ($expire_stamp) - time();
 
-    $client->setAccessToken($_SESSION['access_token']);
-    if ($client->isAccessTokenExpired()) {
-        // TODO: Redirect to $client->createAuthUrl(); to reauthenticate
-        echo 'Token expired! <a href="' . $client->createAuthUrl() . '">Request new one</a>.';
+    try {
+        $sm->verifySession();
+    } catch (Exception $e) {
+        echo $e->getMessage();
         #session_destroy();
         die();
     }
 
-    $oauth = new Google_Service_Oauth2($client);
-    $userdata = $oauth->userinfo->get();
-
-    $data['user'] = array(
-        'name_first' => $userdata->givenName,
-        'name_last'  => $userdata->familyName,
-        'name'       => $userdata->name,
-        'picture'    => $userdata->picture,
-        'email'      => $userdata->email,
-        'gender'     => $userdata->gender,
-    );
-
+    $data['user'] = $sm->getUserinfo();
     $data['date_today'] = date('Y-m-d');
 
-
     // Check $userdata->verifiedEmail and deny if not verified.
-    if (!$userdata->verifiedEmail) {
+    if (!$data['user']['verifiedEmail']) {
         $ho->setTemplate('notverified_html');
         $tpl_done = true;
     } else {
@@ -150,7 +119,7 @@ if (!$tpl_done && isset($_SESSION['access_token']) && $_SESSION['access_token'])
     }
 } elseif (!$tpl_done) {
     // Not authenticated
-    $data['auth_url'] = $client->createAuthUrl();
+    $data['auth_url'] = $sm->getAuthUrl();
     $ho->setTemplate('index_html');
 }
 
diff --git a/lib/Frs/SessionManager.php b/lib/Frs/SessionManager.php
new file mode 100644
index 0000000..46d18e1
--- /dev/null
+++ b/lib/Frs/SessionManager.php
@@ -0,0 +1,102 @@
+<?php
+
+namespace Frs;
+
+class SessionManager
+{
+    private $client;
+    private $userinfo;
+    private $googleAuthValid;
+
+    public function __construct()
+    {
+        $this->googleAuthValid = false;
+        $this->client = new \Google_Client();
+        $this->client->setAuthConfigFile('client_secret.json');
+        $this->client->addScope(\Google_Service_Oauth2::USERINFO_EMAIL);
+
+        session_start();
+    }
+
+    public function getAuthUrl()
+    {
+        return $this->client->createAuthUrl();
+    }
+
+    public function authAndRedirect($authCode)
+    {
+        // Validate OAuth2 result, set access token and redirect to self
+        $this->client->authenticate($authCode);
+        $_SESSION['access_token'] = $this->client->getAccessToken();
+        $this->redirectAndExit();
+    }
+
+    public function logoutAndRedirect()
+    {
+        // Delete session and redirect to self
+        #$this->client->setAccessToken($_SESSION['access_token']);
+        #$this->client->revokeToken();   // removed granted permissions from account
+        $_SESSION = array();
+        if (ini_get('session.use_cookies')) {
+            $params = session_get_cookie_params();
+            setcookie(session_name(), '', time()-42000, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
+        }
+        session_destroy();
+        $this->redirectAndExit();
+    }
+
+    private function redirectAndExit()
+    {
+        header('Location: ' . $this->client->getRedirectUri());
+        exit(0);
+    }
+
+    public function storeFormData($form_type)
+    {
+        $skey = 'form_' . $form_type;
+        $_SESSION[$skey] = $_POST;
+    }
+
+    public function hasSessionToken()
+    {
+        return (isset($_SESSION['access_token']) && $_SESSION['access_token']);
+    }
+
+    public function verifySession()
+    {
+        // Authenticated
+        $created = $_SESSION['access_token']['created'];
+        $expires = $_SESSION['access_token']['expires_in'];
+        $expire_stamp = intval($created) + intval($expires);
+        $data['session_created'] = $created;
+        $data['session_expires'] = $expires;
+        $data['session_time_left'] = ($expire_stamp) - time();
+
+        $this->client->setAccessToken($_SESSION['access_token']);
+        if ($this->client->isAccessTokenExpired()) {
+            throw new \Exception('Token expired. <a href="' . $this->getAuthUrl() . '">Request new one</a>.');
+        }
+
+        $this->googleAuthValid = true;
+    }
+
+    public function getUserinfo()
+    {
+        if (!$this->googleAuthValid) {
+            return array();
+        }
+        $oauth = new \Google_Service_Oauth2($this->client);
+        $userdata = $oauth->userinfo->get();
+
+        $result = array(
+            'name_first' => $userdata->givenName,
+            'name_last'  => $userdata->familyName,
+            'name'       => $userdata->name,
+            'picture'    => $userdata->picture,
+            'email'      => $userdata->email,
+            'gender'     => $userdata->gender,
+            'verifiedEmail' => $userdata->verifiedEmail,
+        );
+        return $result;
+    }
+}