Plugin: OAuth2: Add message about redirect to provider when user's auth_source has been changed - refs BT#20611

main/auth/external_login/login.oauth2.php

@@ -23,11 +23,16 @@ if ('oauth2' === $uData['auth_source']) {
 
     $provider = $plugin->getProvider();
 
+    // Redirect to OAuth2 login.
     $authUrl = $provider->getAuthorizationUrl();
 
     ChamiloSession::write('oauth2state', $provider->getState());
 
-    // Redirect to OAuth2 login.
+    if (OAuth2::isFirstLoginAfterAuthSource($uData['user_id'])) {
+        ChamiloSession::write('aouth2_authorization_url', $authUrl);
+        $authUrl = api_get_path(WEB_PLUGIN_PATH).'oauth2/redirect_info.php';
+    }
+
     header('Location: '.$authUrl);
     // Avoid execution from here in local.inc.php script.
     exit;

plugin/oauth2/lang/english.php

@@ -130,3 +130,5 @@ $strings['UserNotAllowedOnThisPortal'] = 'This user account is not enabled on th
 $strings['WrongResponseResourceOwnerId'] = 'OAuth2 resource owner identifier value not found at the configured key';
 $strings['IssuerNotFound'] = 'Issuer not found';
 $strings['AuthorizeUrlNotAllowed'] = 'Authorize URL not allowed';
+
+$strings['MessageInfoAboutRedirectToProvider'] = 'You are getting redirected to the common authentication system. Your credentials there are the ones that you typically use for other applications of your organisation. These might be different from the ones you used here previously.';

plugin/oauth2/redirect_info.php

@@ -0,0 +1,37 @@
+<?php
+
+/* For licensing terms, see /license.txt */
+
+require __DIR__.'/../../main/inc/global.inc.php';
+
+$plugin = OAuth2::create();
+
+if ('true' !== $plugin->get(OAuth2::SETTING_ENABLE)
+    || !ChamiloSession::has('oauth2state')
+    || !ChamiloSession::has('aouth2_authorization_url')
+) {
+    api_not_allowed(true);
+}
+
+$oauth2authorizationUrl = ChamiloSession::read('aouth2_authorization_url');
+
+$htmlHeadXtra[] = '<meta http-equiv="refresh" content="15; url='.$oauth2authorizationUrl.'">';
+
+ChamiloSession::erase('aouth2_authorization_url');
+
+$content = '<div class="row">
+        <div class="col-md-6 col-md-offset-3">
+            <div class="alert alert-info text-center lead">
+                <span class="fa fa-info-circle fa-2x fa-fw" aria-hidden="true"></span>
+                '.$plugin->get_lang('MessageInfoAboutRedirectToProvider').'
+                <hr>
+                '.$plugin->get_lang('PleaseWaitThisCouldTakeAWhile').'
+                <span class="fa fa-spinner fa-pulse fa-fw" aria-hidden="true"></span>
+            </div>
+        </div>
+    </div>
+';
+
+$template = new Template();
+$template->assign('content', $content);
+$template->display_one_col_template();

plugin/oauth2/src/OAuth2.php

@@ -1,6 +1,8 @@
 <?php
 /* For license terms, see /license.txt */
 
+use Chamilo\CoreBundle\Entity\ExtraFieldValues;
+use Chamilo\CoreBundle\Entity\TrackELogin;
 use League\OAuth2\Client\Provider\AbstractProvider;
 use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
 use League\OAuth2\Client\Provider\GenericProvider;
@@ -470,4 +472,37 @@ class OAuth2 extends Plugin
             error_log("OAuth2 plugin: $key: $content");
         }
     }
+
+    public static function isFirstLoginAfterAuthSource(int $userId): bool
+    {
+        $em = Database::getManager();
+
+        $lastLogin = $em
+            ->getRepository(TrackELogin::class)
+            ->findOneBy(
+                ['loginUserId' => $userId],
+                ['loginDate' => 'DESC']
+            )
+        ;
+
+        if (!$lastLogin) {
+            return false;
+        }
+
+        $objExtraField = new ExtraField('user');
+        $field = $objExtraField->getHandlerEntityByFieldVariable(self::EXTRA_FIELD_OAUTH2_ID);
+
+        $fieldValue = $em
+            ->getRepository(ExtraFieldValues::class)
+            ->findOneBy(
+                ['itemId' => $userId, 'field' => $field]
+            )
+        ;
+
+        if (!$fieldValue) {
+            return false;
+        }
+
+        return $fieldValue->getCreatedAt() >= $lastLogin->getLoginDate();
+    }
 }