From c1c0ee9cb4a296bf628aec021ccdc8743b769e29 Mon Sep 17 00:00:00 2001 From: Angel Fernando Quiroz Campos Date: Fri, 27 May 2016 17:20:07 -0500 Subject: [PATCH] Create Azure Active Directory plugin - refs BT#11214 --- plugin/azure_active_directory/README.md | 17 +++ plugin/azure_active_directory/index.php | 14 +++ .../azure_active_directory/lang/english.php | 20 ++++ plugin/azure_active_directory/plugin.php | 9 ++ plugin/azure_active_directory/readme.txt | 30 ++++++ .../src/AzureActiveDirectory.php | 102 ++++++++++++++++++ .../azure_active_directory/src/callback.php | 55 ++++++++++ plugin/azure_active_directory/view/block.tpl | 12 +++ 8 files changed, 259 insertions(+) create mode 100644 plugin/azure_active_directory/README.md create mode 100644 plugin/azure_active_directory/index.php create mode 100644 plugin/azure_active_directory/lang/english.php create mode 100644 plugin/azure_active_directory/plugin.php create mode 100644 plugin/azure_active_directory/readme.txt create mode 100644 plugin/azure_active_directory/src/AzureActiveDirectory.php create mode 100644 plugin/azure_active_directory/src/callback.php create mode 100644 plugin/azure_active_directory/view/block.tpl diff --git a/plugin/azure_active_directory/README.md b/plugin/azure_active_directory/README.md new file mode 100644 index 0000000000..37f5386a3e --- /dev/null +++ b/plugin/azure_active_directory/README.md @@ -0,0 +1,17 @@ +# The Azure Active Directory Plugin +Allow authentication with Microsoft's Azure Active Directory + +### To configure Azure Active Directory +* [Create an Azure AD B2C tenant](https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2c-get-started/) +* [Register your application](https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2c-app-registration/) +* [Configure Facebook, Google+, Microsoft account, Amazon, and LinkedIn accounts for use in your consumer-facing applications](https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2c-overview/#how-to-articles) + +### To configure this plugin +* Enable +* Application ID: Enter the Application Id assinged to your app by the Azure portal, e.g. 580e250c-8f26-49d0-bee8-1c078add1609 +* Tenant: Enter the name of your B2C directory, e.g. contoso.onmicrosoft.com +* Sign up policy: Enter your sign up policy name, e.g. b2c_1_sign_up +* Sign in policy: Enter your sign in policy name, e.g. b2c_1_sign_in +* Block name: (Optional) The name to show above the buttons + +And assign a region. Preferably `login_bottom` diff --git a/plugin/azure_active_directory/index.php b/plugin/azure_active_directory/index.php new file mode 100644 index 0000000000..6055876ef3 --- /dev/null +++ b/plugin/azure_active_directory/index.php @@ -0,0 +1,14 @@ + + * @package chamilo.plugin.azure_active_directory + */ +$activeDirectoryPlugin = AzureActiveDirectory::create(); + +if ($activeDirectoryPlugin->get(AzureActiveDirectory::SETTING_ENABLE) === 'true') { + $_template['block_title'] = $activeDirectoryPlugin->get(AzureActiveDirectory::SETTING_BLOCK_NAME); + $_template['signup_url'] = $activeDirectoryPlugin->getUrl(AzureActiveDirectory::URL_TYPE_SIGNUP); + $_template['signin_url'] = $activeDirectoryPlugin->getUrl(AzureActiveDirectory::URL_TYPE_SIGNIN); + $_template['signout_url'] = $activeDirectoryPlugin->getUrl(AzureActiveDirectory::URL_TYPE_SIGNOUT); +} diff --git a/plugin/azure_active_directory/lang/english.php b/plugin/azure_active_directory/lang/english.php new file mode 100644 index 0000000000..545ec61f7a --- /dev/null +++ b/plugin/azure_active_directory/lang/english.php @@ -0,0 +1,20 @@ + + * @package chamilo.plugin.azure_active_directory + */ +$strings['plugin_title'] = 'Azure Active Directory'; +$strings['plugin_comment'] = 'Allow authentication with Microsoft\'s Azure Active Directory'; + +$strings['enable'] = 'Enable'; +$strings['app_id'] = 'Application ID'; +$strings['app_id_help'] = 'Enter the Application Id assinged to your app by the Azure portal, e.g. 580e250c-8f26-49d0-bee8-1c078add1609'; +$strings['tenant'] = 'Tenant'; +$strings['tenant_help'] = 'Enter the name of your B2C directory, e.g. contoso.onmicrosoft.com'; +$strings['signup_policy'] = 'Sign up policy'; +$strings['signup_policy_help'] = 'Enter your sign up policy name, e.g.g b2c_1_sign_up'; +$strings['signin_policy'] = 'Sign in policy'; +$strings['signin_policy_help'] = 'Enter your sign in policy name, e.g. b2c_1_sign_in'; +$strings['block_name'] = 'Block name'; diff --git a/plugin/azure_active_directory/plugin.php b/plugin/azure_active_directory/plugin.php new file mode 100644 index 0000000000..0f6bc99e73 --- /dev/null +++ b/plugin/azure_active_directory/plugin.php @@ -0,0 +1,9 @@ + + * @package chamilo.plugin.azure_active_directory + */ +$plugin_info = AzureActiveDirectory::create()->get_info(); + +$plugin_info['templates'] = array('view/block.tpl'); diff --git a/plugin/azure_active_directory/readme.txt b/plugin/azure_active_directory/readme.txt new file mode 100644 index 0000000000..c987a07acd --- /dev/null +++ b/plugin/azure_active_directory/readme.txt @@ -0,0 +1,30 @@ +

The Azure Active Directory Plugin

+

Allow authentication with Microsoft's Azure Active Directory

+

To configure Azure Active Directory

+ +

To configure this plugin

+ +

And assign a region. Preferably login_bottom

diff --git a/plugin/azure_active_directory/src/AzureActiveDirectory.php b/plugin/azure_active_directory/src/AzureActiveDirectory.php new file mode 100644 index 0000000000..ceac516234 --- /dev/null +++ b/plugin/azure_active_directory/src/AzureActiveDirectory.php @@ -0,0 +1,102 @@ + + * @package chamilo.plugin.azure_active_directory + */ +class AzureActiveDirectory extends Plugin +{ + const SETTING_ENABLE = 'enable'; + const SETTING_APP_ID = 'app_id'; + const SETTING_TENANT = 'tenant'; + const SETTING_SIGNUP_POLICY = 'signup_policy'; + const SETTING_SIGNIN_POLICY = 'signin_policy'; + const SETTING_BLOCK_NAME = 'block_name'; + const URL_TYPE_SIGNUP = 'sign-up'; + const URL_TYPE_SIGNIN = 'sign-in'; + const URL_TYPE_SIGNOUT = 'sign-out'; + + /** + * AzureActiveDirectory constructor. + */ + protected function __construct() + { + $settings = [ + self::SETTING_ENABLE => 'boolean', + self::SETTING_APP_ID => 'text', + self::SETTING_TENANT => 'text', + self::SETTING_SIGNUP_POLICY => 'text', + self::SETTING_SIGNIN_POLICY => 'text', + self::SETTING_BLOCK_NAME => 'text' + ]; + + parent::__construct('1.0', 'Angel Fernando Quiroz Campos', $settings); + } + + /** + * Instance the plugin + * @staticvar null $result + * @return Tour + */ + static function create() + { + static $result = null; + + return $result ? $result : $result = new self(); + } + + /** + * @return string + */ + public function get_name() + { + return 'azure_active_directory'; + } + + /** + * @param $urlType Type of URL to generate + * @return string + */ + public function getUrl($urlType) + { + $settingsInfo = $this->get_settings(); + $settings = []; + + foreach ($settingsInfo as $settingInfo) { + $variable = str_replace($this->get_name() . '_', '', $settingInfo['variable']); + + $settings[$variable] = $settingInfo['selected_value']; + } + + $url = "https://login.microsoftonline.com/{$settings[self::SETTING_TENANT]}/oauth2/v2.0/"; + $callback = api_get_path(WEB_PLUGIN_PATH) . $this->get_name() . '/src/callback.php'; + + if ($urlType === self::URL_TYPE_SIGNOUT) { + $action = 'logout'; + $urlParams = [ + 'p' => $settings[self::SETTING_SIGNIN_POLICY], + 'post_logout_redirect_uri' => $callback + ]; + } else { + $action = 'authorize'; + $policy = $settings[self::SETTING_SIGNUP_POLICY]; + + if ($urlType === self::URL_TYPE_SIGNIN) { + $policy = $settings[self::SETTING_SIGNIN_POLICY]; + } + + $urlParams = [ + 'client_id' => $settings[self::SETTING_APP_ID], + 'response_type' => 'id_token', + 'redirect_uri' => $callback, + 'scope' => 'openid', + 'response_mode' => 'form_post', + 'state' => time(), + 'nonce' => time(), + 'p' => $policy + ]; + } + + return $url . $action . '?' . http_build_query($urlParams); + } +} \ No newline at end of file diff --git a/plugin/azure_active_directory/src/callback.php b/plugin/azure_active_directory/src/callback.php new file mode 100644 index 0000000000..40f33baa13 --- /dev/null +++ b/plugin/azure_active_directory/src/callback.php @@ -0,0 +1,55 @@ + $jwtPayload->given_name, + 'lastname' => $jwtPayload->family_name, + 'status' => STUDENT, + 'email' => $jwtPayload->emails[0], + 'username' => $jwtPayload->emails[0], + 'language' => 'en', + 'password' => 'azure_active_directory', + 'auth_source' => 'azure_active_directory ' . $jwtPayload->idp, + 'extra' => array() +); + +$userInfo = api_get_user_info_from_email($jwtPayload->emails[0]); + +if ($userInfo === false) { + // we have to create the user + $chamilo_uid = external_add_user($u); + + if ($chamilo_uid !== false) { + $_user['user_id'] = $chamilo_uid; + $_user['uidReset'] = true; + $_SESSION['_user'] = $_user; + } +} else { + // User already exists, update info and login + $chamilo_uid = $userInfo['user_id']; + $u['user_id'] = $chamilo_uid; + external_update_user($u); + + $_user['user_id'] = $chamilo_uid; + $_user['uidReset'] = true; + $_SESSION['_user'] = $_user; +} + +header('Location: ' . api_get_path(WEB_PATH)); +exit; diff --git a/plugin/azure_active_directory/view/block.tpl b/plugin/azure_active_directory/view/block.tpl new file mode 100644 index 0000000000..85605bb08e --- /dev/null +++ b/plugin/azure_active_directory/view/block.tpl @@ -0,0 +1,12 @@ +
+ {% if _u.logged %} + {# {{ 'Logout'|get_lang }} #} + {% else %} + {% if not azure_active_directory.block_title is empty %} +

{{ azure_active_directory.block_title }}

+ {% endif %} + + {{ 'SignIn'|get_lang }} + {{ 'SignUp'|get_lang }} + {% endif %} +