protected function doGetSession()
{
// get authorization code from query parameters
$code = $this->getCode();
// check whether it is a CSRF attack request
if ($code && $code != $this->store->get('code')) {
$oauth2 = $this->getBaiduOAuth2Service();
$session = $oauth2->getAccessTokenByAuthorizationCode($code);
if ($session) {
$this->store->set('code', $code);
$this->setSession($session);
$apiClient = new BaiduApiClient($this->clientId, $session['access_token']);
$user = $apiClient->api('passport/users/getLoggedInUser');
if ($user) {
$session = array_merge($session, $user);
$this->setSession($session);
}
return $session;
}
// code was bogus, so everything based on it should be invalidated.
$this->store->removeAll();
return false;
}
// as a fallback, just return whatever is in the storage
$session = $this->store->get('session');
$this->setSession($session);
if ($session && !isset($session['uid'])) {
$apiClient = new BaiduApiClient($this->clientId, $session['access_token']);
$user = $apiClient->api('passport/users/getLoggedInUser');
if ($user) {
$session = array_merge($session, $user);
$this->setSession($session);
}
}
return $session;
}
