Search moodle.org's
Developer Documentation

See Release Notes
Long Term Support Release

  • Bug fixes for general core bugs in 4.1.x will end 13 November 2023 (12 months).
  • Bug fixes for security issues in 4.1.x will end 10 November 2025 (36 months).
  • PHP version: minimum PHP 7.4.0 Note: minimum PHP version has increased since Moodle 4.0. PHP 8.0.x is supported too.

Differences Between: [Versions 401 and 402] [Versions 401 and 403]

   1  <?php
   2  /*
   3   * Copyright 2010 Google Inc.
   4   *
   5   * Licensed under the Apache License, Version 2.0 (the "License");
   6   * you may not use this file except in compliance with the License.
   7   * You may obtain a copy of the License at
   8   *
   9   *     http://www.apache.org/licenses/LICENSE-2.0
  10   *
  11   * Unless required by applicable law or agreed to in writing, software
  12   * distributed under the License is distributed on an "AS IS" BASIS,
  13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14   * See the License for the specific language governing permissions and
  15   * limitations under the License.
  16   */
  17  
  18  if (!class_exists('Google_Client')) {
  19    require_once dirname(__FILE__) . '/autoload.php';
  20  }
  21  
  22  /**
  23   * The Google API Client
  24   * https://github.com/google/google-api-php-client
  25   */
  26  class Google_Client
  27  {
  28    const LIBVER = "1.1.5";
  29    const USER_AGENT_SUFFIX = "google-api-php-client/";
  30    /**
  31     * @var Google_Auth_Abstract $auth
  32     */
  33    private $auth;
  34  
  35    /**
  36     * @var Google_IO_Abstract $io
  37     */
  38    private $io;
  39  
  40    /**
  41     * @var Google_Cache_Abstract $cache
  42     */
  43    private $cache;
  44  
  45    /**
  46     * @var Google_Config $config
  47     */
  48    private $config;
  49  
  50    /**
  51     * @var Google_Logger_Abstract $logger
  52     */
  53    private $logger;
  54  
  55    /**
  56     * @var boolean $deferExecution
  57     */
  58    private $deferExecution = false;
  59  
  60    /** @var array $scopes */
  61    // Scopes requested by the client
  62    protected $requestedScopes = array();
  63  
  64    // definitions of services that are discovered.
  65    protected $services = array();
  66  
  67    // Used to track authenticated state, can't discover services after doing authenticate()
  68    private $authenticated = false;
  69  
  70    /**
  71     * Construct the Google Client.
  72     *
  73     * @param $config Google_Config or string for the ini file to load
  74     */
  75    public function __construct($config = null)
  76    {
  77      if (is_string($config) && strlen($config)) {
  78        $config = new Google_Config($config);
  79      } else if ( !($config instanceof Google_Config)) {
  80        $config = new Google_Config();
  81  
  82        if ($this->isAppEngine()) {
  83          // Automatically use Memcache if we're in AppEngine.
  84          $config->setCacheClass('Google_Cache_Memcache');
  85        }
  86  
  87        if (version_compare(phpversion(), "5.3.4", "<=") || $this->isAppEngine()) {
  88          // Automatically disable compress.zlib, as currently unsupported.
  89          $config->setClassConfig('Google_Http_Request', 'disable_gzip', true);
  90        }
  91      }
  92  
  93      if ($config->getIoClass() == Google_Config::USE_AUTO_IO_SELECTION) {
  94        if (function_exists('curl_version') && function_exists('curl_exec')
  95            && !$this->isAppEngine()) {
  96          $config->setIoClass("Google_IO_Curl");
  97        } else {
  98          $config->setIoClass("Google_IO_Stream");
  99        }
 100      }
 101  
 102      $this->config = $config;
 103    }
 104  
 105    /**
 106     * Get a string containing the version of the library.
 107     *
 108     * @return string
 109     */
 110    public function getLibraryVersion()
 111    {
 112      return self::LIBVER;
 113    }
 114  
 115    /**
 116     * Attempt to exchange a code for an valid authentication token.
 117     * If $crossClient is set to true, the request body will not include
 118     * the request_uri argument
 119     * Helper wrapped around the OAuth 2.0 implementation.
 120     *
 121     * @param $code string code from accounts.google.com
 122     * @param $crossClient boolean, whether this is a cross-client authentication
 123     * @return string token
 124     */
 125    public function authenticate($code, $crossClient = false)
 126    {
 127      $this->authenticated = true;
 128      return $this->getAuth()->authenticate($code, $crossClient);
 129    }
 130    
 131    /**
 132     * Loads a service account key and parameters from a JSON
 133     * file from the Google Developer Console. Uses that and the
 134     * given array of scopes to return an assertion credential for
 135     * use with refreshTokenWithAssertionCredential.
 136     *
 137     * @param string $jsonLocation File location of the project-key.json.
 138     * @param array $scopes The scopes to assert.
 139     * @return Google_Auth_AssertionCredentials.
 140     * @
 141     */
 142    public function loadServiceAccountJson($jsonLocation, $scopes)
 143    {
 144      $data = json_decode(file_get_contents($jsonLocation));
 145      if (isset($data->type) && $data->type == 'service_account') {
 146        // Service Account format.
 147        $cred = new Google_Auth_AssertionCredentials(
 148            $data->client_email,
 149            $scopes,
 150            $data->private_key
 151        );
 152        return $cred;
 153      } else {
 154        throw new Google_Exception("Invalid service account JSON file.");
 155      }
 156    }
 157  
 158    /**
 159     * Set the auth config from the JSON string provided.
 160     * This structure should match the file downloaded from
 161     * the "Download JSON" button on in the Google Developer
 162     * Console.
 163     * @param string $json the configuration json
 164     * @throws Google_Exception
 165     */
 166    public function setAuthConfig($json)
 167    {
 168      $data = json_decode($json);
 169      $key = isset($data->installed) ? 'installed' : 'web';
 170      if (!isset($data->$key)) {
 171        throw new Google_Exception("Invalid client secret JSON file.");
 172      }
 173      $this->setClientId($data->$key->client_id);
 174      $this->setClientSecret($data->$key->client_secret);
 175      if (isset($data->$key->redirect_uris)) {
 176        $this->setRedirectUri($data->$key->redirect_uris[0]);
 177      }
 178    }
 179  
 180    /**
 181     * Set the auth config from the JSON file in the path
 182     * provided. This should match the file downloaded from
 183     * the "Download JSON" button on in the Google Developer
 184     * Console.
 185     * @param string $file the file location of the client json
 186     */
 187    public function setAuthConfigFile($file)
 188    {
 189      $this->setAuthConfig(file_get_contents($file));
 190    }
 191  
 192    /**
 193     * @throws Google_Auth_Exception
 194     * @return array
 195     * @visible For Testing
 196     */
 197    public function prepareScopes()
 198    {
 199      if (empty($this->requestedScopes)) {
 200        throw new Google_Auth_Exception("No scopes specified");
 201      }
 202      $scopes = implode(' ', $this->requestedScopes);
 203      return $scopes;
 204    }
 205  
 206    /**
 207     * Set the OAuth 2.0 access token using the string that resulted from calling createAuthUrl()
 208     * or Google_Client#getAccessToken().
 209     * @param string $accessToken JSON encoded string containing in the following format:
 210     * {"access_token":"TOKEN", "refresh_token":"TOKEN", "token_type":"Bearer",
 211     *  "expires_in":3600, "id_token":"TOKEN", "created":1320790426}
 212     */
 213    public function setAccessToken($accessToken)
 214    {
 215      if ($accessToken == 'null') {
 216        $accessToken = null;
 217      }
 218      $this->getAuth()->setAccessToken($accessToken);
 219    }
 220  
 221  
 222  
 223    /**
 224     * Set the authenticator object
 225     * @param Google_Auth_Abstract $auth
 226     */
 227    public function setAuth(Google_Auth_Abstract $auth)
 228    {
 229      $this->config->setAuthClass(get_class($auth));
 230      $this->auth = $auth;
 231    }
 232  
 233    /**
 234     * Set the IO object
 235     * @param Google_IO_Abstract $io
 236     */
 237    public function setIo(Google_IO_Abstract $io)
 238    {
 239      $this->config->setIoClass(get_class($io));
 240      $this->io = $io;
 241    }
 242  
 243    /**
 244     * Set the Cache object
 245     * @param Google_Cache_Abstract $cache
 246     */
 247    public function setCache(Google_Cache_Abstract $cache)
 248    {
 249      $this->config->setCacheClass(get_class($cache));
 250      $this->cache = $cache;
 251    }
 252  
 253    /**
 254     * Set the Logger object
 255     * @param Google_Logger_Abstract $logger
 256     */
 257    public function setLogger(Google_Logger_Abstract $logger)
 258    {
 259      $this->config->setLoggerClass(get_class($logger));
 260      $this->logger = $logger;
 261    }
 262  
 263    /**
 264     * Construct the OAuth 2.0 authorization request URI.
 265     * @return string
 266     */
 267    public function createAuthUrl()
 268    {
 269      $scopes = $this->prepareScopes();
 270      return $this->getAuth()->createAuthUrl($scopes);
 271    }
 272  
 273    /**
 274     * Get the OAuth 2.0 access token.
 275     * @return string $accessToken JSON encoded string in the following format:
 276     * {"access_token":"TOKEN", "refresh_token":"TOKEN", "token_type":"Bearer",
 277     *  "expires_in":3600,"id_token":"TOKEN", "created":1320790426}
 278     */
 279    public function getAccessToken()
 280    {
 281      $token = $this->getAuth()->getAccessToken();
 282      // The response is json encoded, so could be the string null.
 283      // It is arguable whether this check should be here or lower
 284      // in the library.
 285      return (null == $token || 'null' == $token || '[]' == $token) ? null : $token;
 286    }
 287  
 288    /**
 289     * Get the OAuth 2.0 refresh token.
 290     * @return string $refreshToken refresh token or null if not available
 291     */
 292    public function getRefreshToken()
 293    {
 294      return $this->getAuth()->getRefreshToken();
 295    }
 296  
 297    /**
 298     * Returns if the access_token is expired.
 299     * @return bool Returns True if the access_token is expired.
 300     */
 301    public function isAccessTokenExpired()
 302    {
 303      return $this->getAuth()->isAccessTokenExpired();
 304    }
 305  
 306    /**
 307     * Set OAuth 2.0 "state" parameter to achieve per-request customization.
 308     * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-3.1.2.2
 309     * @param string $state
 310     */
 311    public function setState($state)
 312    {
 313      $this->getAuth()->setState($state);
 314    }
 315  
 316    /**
 317     * @param string $accessType Possible values for access_type include:
 318     *  {@code "offline"} to request offline access from the user.
 319     *  {@code "online"} to request online access from the user.
 320     */
 321    public function setAccessType($accessType)
 322    {
 323      $this->config->setAccessType($accessType);
 324    }
 325  
 326    /**
 327     * @param string $approvalPrompt Possible values for approval_prompt include:
 328     *  {@code "force"} to force the approval UI to appear. (This is the default value)
 329     *  {@code "auto"} to request auto-approval when possible.
 330     */
 331    public function setApprovalPrompt($approvalPrompt)
 332    {
 333      $this->config->setApprovalPrompt($approvalPrompt);
 334    }
 335  
 336    /**
 337     * Set the login hint, email address or sub id.
 338     * @param string $loginHint
 339     */
 340    public function setLoginHint($loginHint)
 341    {
 342        $this->config->setLoginHint($loginHint);
 343    }
 344  
 345    /**
 346     * Set the application name, this is included in the User-Agent HTTP header.
 347     * @param string $applicationName
 348     */
 349    public function setApplicationName($applicationName)
 350    {
 351      $this->config->setApplicationName($applicationName);
 352    }
 353  
 354    /**
 355     * Set the OAuth 2.0 Client ID.
 356     * @param string $clientId
 357     */
 358    public function setClientId($clientId)
 359    {
 360      $this->config->setClientId($clientId);
 361    }
 362  
 363    /**
 364     * Set the OAuth 2.0 Client Secret.
 365     * @param string $clientSecret
 366     */
 367    public function setClientSecret($clientSecret)
 368    {
 369      $this->config->setClientSecret($clientSecret);
 370    }
 371  
 372    /**
 373     * Set the OAuth 2.0 Redirect URI.
 374     * @param string $redirectUri
 375     */
 376    public function setRedirectUri($redirectUri)
 377    {
 378      $this->config->setRedirectUri($redirectUri);
 379    }
 380  
 381    /**
 382     * If 'plus.login' is included in the list of requested scopes, you can use
 383     * this method to define types of app activities that your app will write.
 384     * You can find a list of available types here:
 385     * @link https://developers.google.com/+/api/moment-types
 386     *
 387     * @param array $requestVisibleActions Array of app activity types
 388     */
 389    public function setRequestVisibleActions($requestVisibleActions)
 390    {
 391      if (is_array($requestVisibleActions)) {
 392        $requestVisibleActions = join(" ", $requestVisibleActions);
 393      }
 394      $this->config->setRequestVisibleActions($requestVisibleActions);
 395    }
 396  
 397    /**
 398     * Set the developer key to use, these are obtained through the API Console.
 399     * @see http://code.google.com/apis/console-help/#generatingdevkeys
 400     * @param string $developerKey
 401     */
 402    public function setDeveloperKey($developerKey)
 403    {
 404      $this->config->setDeveloperKey($developerKey);
 405    }
 406  
 407    /**
 408     * Set the hd (hosted domain) parameter streamlines the login process for
 409     * Google Apps hosted accounts. By including the domain of the user, you
 410     * restrict sign-in to accounts at that domain.
 411     * @param $hd string - the domain to use.
 412     */
 413    public function setHostedDomain($hd)
 414    {
 415      $this->config->setHostedDomain($hd);
 416    }
 417  
 418    /**
 419     * Set the prompt hint. Valid values are none, consent and select_account.
 420     * If no value is specified and the user has not previously authorized
 421     * access, then the user is shown a consent screen.
 422     * @param $prompt string
 423     */
 424    public function setPrompt($prompt)
 425    {
 426      $this->config->setPrompt($prompt);
 427    }
 428  
 429    /**
 430     * openid.realm is a parameter from the OpenID 2.0 protocol, not from OAuth
 431     * 2.0. It is used in OpenID 2.0 requests to signify the URL-space for which
 432     * an authentication request is valid.
 433     * @param $realm string - the URL-space to use.
 434     */
 435    public function setOpenidRealm($realm)
 436    {
 437      $this->config->setOpenidRealm($realm);
 438    }
 439  
 440    /**
 441     * If this is provided with the value true, and the authorization request is
 442     * granted, the authorization will include any previous authorizations
 443     * granted to this user/application combination for other scopes.
 444     * @param $include boolean - the URL-space to use.
 445     */
 446    public function setIncludeGrantedScopes($include)
 447    {
 448      $this->config->setIncludeGrantedScopes($include);
 449    }
 450  
 451    /**
 452     * Fetches a fresh OAuth 2.0 access token with the given refresh token.
 453     * @param string $refreshToken
 454     */
 455    public function refreshToken($refreshToken)
 456    {
 457      $this->getAuth()->refreshToken($refreshToken);
 458    }
 459  
 460    /**
 461     * Revoke an OAuth2 access token or refresh token. This method will revoke the current access
 462     * token, if a token isn't provided.
 463     * @throws Google_Auth_Exception
 464     * @param string|null $token The token (access token or a refresh token) that should be revoked.
 465     * @return boolean Returns True if the revocation was successful, otherwise False.
 466     */
 467    public function revokeToken($token = null)
 468    {
 469      return $this->getAuth()->revokeToken($token);
 470    }
 471  
 472    /**
 473     * Verify an id_token. This method will verify the current id_token, if one
 474     * isn't provided.
 475     * @throws Google_Auth_Exception
 476     * @param string|null $token The token (id_token) that should be verified.
 477     * @return Google_Auth_LoginTicket Returns an apiLoginTicket if the verification was
 478     * successful.
 479     */
 480    public function verifyIdToken($token = null)
 481    {
 482      return $this->getAuth()->verifyIdToken($token);
 483    }
 484  
 485    /**
 486     * Verify a JWT that was signed with your own certificates.
 487     *
 488     * @param $id_token string The JWT token
 489     * @param $cert_location array of certificates
 490     * @param $audience string the expected consumer of the token
 491     * @param $issuer string the expected issuer, defaults to Google
 492     * @param [$max_expiry] the max lifetime of a token, defaults to MAX_TOKEN_LIFETIME_SECS
 493     * @return mixed token information if valid, false if not
 494     */
 495    public function verifySignedJwt($id_token, $cert_location, $audience, $issuer, $max_expiry = null)
 496    {
 497      $auth = new Google_Auth_OAuth2($this);
 498      $certs = $auth->retrieveCertsFromLocation($cert_location);
 499      return $auth->verifySignedJwtWithCerts($id_token, $certs, $audience, $issuer, $max_expiry);
 500    }
 501  
 502    /**
 503     * @param $creds Google_Auth_AssertionCredentials
 504     */
 505    public function setAssertionCredentials(Google_Auth_AssertionCredentials $creds)
 506    {
 507      $this->getAuth()->setAssertionCredentials($creds);
 508    }
 509  
 510    /**
 511     * Set the scopes to be requested. Must be called before createAuthUrl().
 512     * Will remove any previously configured scopes.
 513     * @param array $scopes, ie: array('https://www.googleapis.com/auth/plus.login',
 514     * 'https://www.googleapis.com/auth/moderator')
 515     */
 516    public function setScopes($scopes)
 517    {
 518      $this->requestedScopes = array();
 519      $this->addScope($scopes);
 520    }
 521  
 522    /**
 523     * This functions adds a scope to be requested as part of the OAuth2.0 flow.
 524     * Will append any scopes not previously requested to the scope parameter.
 525     * A single string will be treated as a scope to request. An array of strings
 526     * will each be appended.
 527     * @param $scope_or_scopes string|array e.g. "profile"
 528     */
 529    public function addScope($scope_or_scopes)
 530    {
 531      if (is_string($scope_or_scopes) && !in_array($scope_or_scopes, $this->requestedScopes)) {
 532        $this->requestedScopes[] = $scope_or_scopes;
 533      } else if (is_array($scope_or_scopes)) {
 534        foreach ($scope_or_scopes as $scope) {
 535          $this->addScope($scope);
 536        }
 537      }
 538    }
 539  
 540    /**
 541     * Returns the list of scopes requested by the client
 542     * @return array the list of scopes
 543     *
 544     */
 545    public function getScopes()
 546    {
 547       return $this->requestedScopes;
 548    }
 549  
 550    /**
 551     * Declare whether batch calls should be used. This may increase throughput
 552     * by making multiple requests in one connection.
 553     *
 554     * @param boolean $useBatch True if the batch support should
 555     * be enabled. Defaults to False.
 556     */
 557    public function setUseBatch($useBatch)
 558    {
 559      // This is actually an alias for setDefer.
 560      $this->setDefer($useBatch);
 561    }
 562  
 563    /**
 564     * Declare whether making API calls should make the call immediately, or
 565     * return a request which can be called with ->execute();
 566     *
 567     * @param boolean $defer True if calls should not be executed right away.
 568     */
 569    public function setDefer($defer)
 570    {
 571      $this->deferExecution = $defer;
 572    }
 573  
 574    /**
 575     * Helper method to execute deferred HTTP requests.
 576     *
 577     * @param $request Google_Http_Request|Google_Http_Batch
 578     * @throws Google_Exception
 579     * @return object of the type of the expected class or array.
 580     */
 581    public function execute($request)
 582    {
 583      if ($request instanceof Google_Http_Request) {
 584        $request->setUserAgent(
 585            $this->getApplicationName()
 586            . " " . self::USER_AGENT_SUFFIX
 587            . $this->getLibraryVersion()
 588        );
 589        if (!$this->getClassConfig("Google_Http_Request", "disable_gzip")) {
 590          $request->enableGzip();
 591        }
 592        $request->maybeMoveParametersToBody();
 593        return Google_Http_REST::execute($this, $request);
 594      } else if ($request instanceof Google_Http_Batch) {
 595        return $request->execute();
 596      } else {
 597        throw new Google_Exception("Do not know how to execute this type of object.");
 598      }
 599    }
 600  
 601    /**
 602     * Whether or not to return raw requests
 603     * @return boolean
 604     */
 605    public function shouldDefer()
 606    {
 607      return $this->deferExecution;
 608    }
 609  
 610    /**
 611     * @return Google_Auth_Abstract Authentication implementation
 612     */
 613    public function getAuth()
 614    {
 615      if (!isset($this->auth)) {
 616        $class = $this->config->getAuthClass();
 617        $this->auth = new $class($this);
 618      }
 619      return $this->auth;
 620    }
 621  
 622    /**
 623     * @return Google_IO_Abstract IO implementation
 624     */
 625    public function getIo()
 626    {
 627      if (!isset($this->io)) {
 628        $class = $this->config->getIoClass();
 629        $this->io = new $class($this);
 630      }
 631      return $this->io;
 632    }
 633  
 634    /**
 635     * @return Google_Cache_Abstract Cache implementation
 636     */
 637    public function getCache()
 638    {
 639      if (!isset($this->cache)) {
 640        $class = $this->config->getCacheClass();
 641        $this->cache = new $class($this);
 642      }
 643      return $this->cache;
 644    }
 645  
 646    /**
 647     * @return Google_Logger_Abstract Logger implementation
 648     */
 649    public function getLogger()
 650    {
 651      if (!isset($this->logger)) {
 652        $class = $this->config->getLoggerClass();
 653        $this->logger = new $class($this);
 654      }
 655      return $this->logger;
 656    }
 657  
 658    /**
 659     * Retrieve custom configuration for a specific class.
 660     * @param $class string|object - class or instance of class to retrieve
 661     * @param $key string optional - key to retrieve
 662     * @return array
 663     */
 664    public function getClassConfig($class, $key = null)
 665    {
 666      if (!is_string($class)) {
 667        $class = get_class($class);
 668      }
 669      return $this->config->getClassConfig($class, $key);
 670    }
 671  
 672    /**
 673     * Set configuration specific to a given class.
 674     * $config->setClassConfig('Google_Cache_File',
 675     *   array('directory' => '/tmp/cache'));
 676     * @param $class string|object - The class name for the configuration
 677     * @param $config string key or an array of configuration values
 678     * @param $value string optional - if $config is a key, the value
 679     *
 680     */
 681    public function setClassConfig($class, $config, $value = null)
 682    {
 683      if (!is_string($class)) {
 684        $class = get_class($class);
 685      }
 686      $this->config->setClassConfig($class, $config, $value);
 687  
 688    }
 689  
 690    /**
 691     * @return string the base URL to use for calls to the APIs
 692     */
 693    public function getBasePath()
 694    {
 695      return $this->config->getBasePath();
 696    }
 697  
 698    /**
 699     * @return string the name of the application
 700     */
 701    public function getApplicationName()
 702    {
 703      return $this->config->getApplicationName();
 704    }
 705  
 706    /**
 707     * Are we running in Google AppEngine?
 708     * return bool
 709     */
 710    public function isAppEngine()
 711    {
 712      return (isset($_SERVER['SERVER_SOFTWARE']) &&
 713          strpos($_SERVER['SERVER_SOFTWARE'], 'Google App Engine') !== false);
 714    }
 715  }