Add openshift_ca configuration

andrewklau · Mar 30, 2017 · f319c5d · f319c5d
1 parent 21624eb
commit f319c5d
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -49,6 +49,7 @@ If you add environment values to your `.env` as exactly shown below, you do not
 ```
 // other values above
 OPENSHIFT_URL=https://api.xyz.com
+OPENSHIFT_CA=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
 OPENSHIFT_OAUTH_CLIENT_ID=yourkeyfortheservice
 OPENSHIFT_OAUTH_CLIENT_SECRET=yoursecretfortheservice
 ```
@@ -62,6 +63,7 @@ You do not need to add this if you add the values to the `.env` exactly as shown
     'client_id'     => env('OPENSHIFT_OAUTH_CLIENT_ID'),
     'client_secret' => env('OPENSHIFT_OAUTH_CLIENT_SECRET'),
     'url'           => env('OPENSHIFT_URL'),
+    'ca'            => env('OPENSHIFT_CA'),
     'redirect'      => env('APP_URL').'/login/callback',
 ],
 ```

diff --git a/composer.json b/composer.json
@@ -8,7 +8,8 @@
     }],
     "require": {
         "php": ">=5.5.9",
-        "socialiteproviders/manager": "3.*"
+        "socialiteproviders/manager": "3.*",
+        "guzzlehttp/guzzle": "~6.0"
     },
     "autoload": {
         "psr-4": {

diff --git a/src/Provider.php b/src/Provider.php
@@ -2,6 +2,7 @@
 
 namespace Andrewklau\Socialite\OpenShift;
 
+use GuzzleHttp\Client;
 use Laravel\Socialite\Two\ProviderInterface;
 use SocialiteProviders\Manager\OAuth2\AbstractProvider;
 use SocialiteProviders\Manager\OAuth2\User;
@@ -13,11 +14,33 @@ class Provider extends AbstractProvider implements ProviderInterface
      */
     const IDENTIFIER = 'OPENSHIFT';
 
+    /**
+     * The HTTP Client instance.
+     *
+     * @var \GuzzleHttp\Client
+     */
+    protected $httpClient;
+
     /**
      * {@inheritdoc}
      */
     protected $scopes = [];
 
+    /**
+     * Get a instance of the Guzzle HTTP client.
+     *
+     * @return \GuzzleHttp\Client
+     */
+    protected function getHttpClient()
+    {
+        if (is_null($this->httpClient)) {
+            $this->httpClient = new Client([
+                'verify'   => config('services.openshift.ca') ?: '',
+            ]);
+        }
+        return $this->httpClient;
+    }
+
     /**
      * Get the authentication URL for the provider.
      *
@@ -52,8 +75,9 @@ protected function getUserByToken($token)
         $url = config('services.openshift.url').'oapi/v1/users/~';
 
         $response = $this->getHttpClient()->get($url, [
-          'headers' => [
-            'Accept' => 'application/json',
+          'verify'   => config('services.openshift.ca') ?: '',
+          'headers'  => [
+            'Accept'        => 'application/json',
             'Authorization' => 'Bearer '.$token,
           ],
         ]);