Fixes to make SO login work. GitHub now works also (was a FF plugin bug)

config/app.php

@@ -220,4 +220,10 @@ return [
 
     // -------------- added keys --------------
     'pretty_json' => env('PRETTY_JSON', false),
+
+    'debug_blacklist' => [
+        '_COOKIE' => array_keys($_COOKIE),
+        '_SERVER' => array_keys($_SERVER),
+        '_ENV' => array_keys($_ENV),
+    ],
 ];

config/session.php

@@ -177,7 +177,7 @@ return [
     |
     */
 
-    'http_only' => true,
+    'http_only' => env('SESSION_HTTPONLY', true),
 
     /*
     |--------------------------------------------------------------------------
@@ -192,6 +192,6 @@ return [
     |
     */
 
-    'same_site' => 'lax', // this was changed, leaving it as 'null' caused session to be reset during oAuth2 login
+    'same_site' => env('SESSION_SAMESITE', null), // this was changed, leaving it as 'null' caused session to be reset during oAuth2 login
 
 ];

database/migrations/2014_10_12_000000_create_users_table.php

@@ -16,7 +16,7 @@ class CreateUsersTable extends Migration
         Schema::create('users', function (Blueprint $table) {
             $table->increments('id');
 	        $table->timestamps();
-            $table->string('name');
+            $table->string('name')->unique();
             $table->string('email')->unique()->nullable();
             $table->string('password')->nullable();
             $table->rememberToken();

sideload/adamwathan/eloquent-oauth/src/EloquentIdentityStore.php

@@ -25,7 +25,7 @@ class EloquentIdentityStore implements IdentityStore
 	{
 		$first = User::where('email', $providerUser->email)->first();
 
-		if($first->email) return $first;
+		if($first && $first->email) return $first;
 		return null;
 	}
 

sideload/socialnorm/github/src/GitHubProvider.php

@@ -1,5 +1,6 @@
 <?php namespace SocialNorm\GitHub;
 
+use SocialNorm\Exceptions\AuthNotUsableException;
 use SocialNorm\Exceptions\InvalidAuthorizationCodeException;
 use SocialNorm\Providers\OAuth2Provider;
 
@@ -15,7 +16,8 @@ class GitHubProvider extends OAuth2Provider
     protected $headers = [
         'authorize' => [],
         'access_token' => [
-            'Accept' => 'application/json'
+            'Accept' => 'application/json',
+            'Content-Type' => 'application/x-www-form-urlencoded'
         ],
         'user_details' => [
             'Accept' => 'application/vnd.github.v3'
@@ -72,10 +74,13 @@ class GitHubProvider extends OAuth2Provider
     protected function getPrimaryEmail($emails)
     {
         foreach ($emails as $email) {
-            if ($email['primary']) {
+            if ($email['primary'] && $email['verified']) {
                 return $email['email'];
             }
         }
+        if (!$emails[0]['verified']) {
+            throw new AuthNotUsableException("No verified e-mail.");
+        }
         return $emails[0]['email'];
     }
 

sideload/socialnorm/socialnorm/src/Exceptions/AuthNotUsableException.php

@@ -0,0 +1,7 @@
+<?php namespace SocialNorm\Exceptions;
+
+/**
+ * oauth granted ok but user has no verified e-mail
+ * or no users were found (in the case of SO)
+ */
+class AuthNotUsableException extends \RuntimeException {}

sideload/socialnorm/socialnorm/src/Providers/OAuth2Provider.php

@@ -99,6 +99,7 @@ abstract class OAuth2Provider implements Provider
         } catch (BadResponseException $e) {
             throw new InvalidAuthorizationCodeException((string) $e->getResponse()->getBody());
         }
+
         return $this->parseTokenResponse((string) $response->getBody());
     }
 
@@ -128,11 +129,15 @@ abstract class OAuth2Provider implements Provider
 
     protected function parseJsonTokenResponse($response)
     {
-        $response = json_decode($response);
+        $parsed = json_decode($response);
-        if (! isset($response->access_token)) {
+
-            throw new InvalidAuthorizationCodeException;
+        if ($parsed === false || json_last_error())
+            throw new InvalidAuthorizationCodeException('No access token in response: ' . $response . ", error " . json_last_error_msg());
+
+        if (! isset($parsed->access_token)) {
+            throw new InvalidAuthorizationCodeException('No access token in response: ' . $response);
         }
-        return $response->access_token;
+        return $parsed->access_token;
     }
 
     abstract protected function getAuthorizeUrl();

sideload/socialnorm/socialnorm/src/Request.php

@@ -31,7 +31,7 @@ final class Request
     public function authorizationCode()
     {
         if (! isset($this->queryParams['code'])) {
-            throw new ApplicationRejectedException;
+            throw new ApplicationRejectedException("Did not receive auth code. " . json_encode($this->queryParams));
         }
         return $this->queryParams['code'];
     }

sideload/socialnorm/socialnorm/src/SocialNorm.php

@@ -53,8 +53,11 @@ class SocialNorm
 
 	protected function verifyState()
 	{
-        if ($this->session->get('oauth.state') !== $this->request->state()) {
+	    $expected = $this->session->get('oauth.state');
-            throw new InvalidAuthorizationCodeException("State failed to verify");
+	    $received = $this->request->state();
+
+        if ($expected !== $received) {
+            throw new InvalidAuthorizationCodeException("State failed to verify - session: $expected, from provider: $received");
         }
 	}
 }

sideload/socialnorm/stackoverflow/src/StackOverflowProvider.php

@@ -1,5 +1,7 @@
 <?php namespace SocialNorm\StackOverflow;
 
+use SocialNorm\Exceptions\AuthNotUsableException;
+use SocialNorm\Exceptions\InvalidAuthorizationCodeException;
 use SocialNorm\Providers\OAuth2Provider;
 use GuzzleHttp\Client as HttpClient;
 use SocialNorm\Request;
@@ -21,6 +23,7 @@ class StackOverflowProvider extends OAuth2Provider
     protected $headers = [
         'authorize' => [],
         'access_token' => [
+            'Accept' => 'application/json',
             'Content-Type' => 'application/x-www-form-urlencoded'
         ],
         'user_details' => [],
@@ -65,12 +68,21 @@ class StackOverflowProvider extends OAuth2Provider
 
     protected function parseTokenResponse($response)
     {
-        return $this->parseJsonTokenResponse($response);
+        return explode('=', $response, 2)[1];
     }
 
     protected function parseUserDataResponse($response)
     {
-        return json_decode($response, true);
+        $decoded = (array)json_decode($response, true);
+
+        if ($decoded === false || json_last_error())
+            throw new InvalidAuthorizationCodeException('Corrupt response json: ' . $response . ", error " . json_last_error_msg());
+
+        if (0 == count(array_get($decoded, 'items'))) {
+            throw new AuthNotUsableException('No profile on StackOverflow. Resp: '.$response);
+        }
+
+        return $decoded;
     }
 
     protected function userId()