|
|
|
|
@ -62,6 +62,8 @@ class OAuth2 extends Plugin |
|
|
|
|
|
|
|
|
|
public const EXTRA_FIELD_OAUTH2_ID = 'oauth2_id'; |
|
|
|
|
|
|
|
|
|
private const DEBUG = false; |
|
|
|
|
|
|
|
|
|
protected function __construct() |
|
|
|
|
{ |
|
|
|
|
parent::__construct( |
|
|
|
|
@ -189,7 +191,10 @@ class OAuth2 extends Plugin |
|
|
|
|
$url = $provider->getResourceOwnerDetailsUrl($accessToken); |
|
|
|
|
$request = $provider->getAuthenticatedRequest($provider::METHOD_GET, $url, $accessToken); |
|
|
|
|
$response = $provider->getParsedResponse($request); |
|
|
|
|
$this->log('response', print_r($response, true)); |
|
|
|
|
|
|
|
|
|
if (false === is_array($response)) { |
|
|
|
|
$this->log('invalid response', print_r($response, true)); |
|
|
|
|
throw new UnexpectedValueException($this->get_lang('InvalidJsonReceivedFromProvider')); |
|
|
|
|
} |
|
|
|
|
$resourceOwnerId = $this->getValueByKey( |
|
|
|
|
@ -197,6 +202,7 @@ class OAuth2 extends Plugin |
|
|
|
|
$this->get(self::SETTING_RESPONSE_RESOURCE_OWNER_ID) |
|
|
|
|
); |
|
|
|
|
if (empty($resourceOwnerId)) { |
|
|
|
|
$this->log('missing setting', 'response_resource_owner_id'); |
|
|
|
|
throw new RuntimeException($this->get_lang('WrongResponseResourceOwnerId')); |
|
|
|
|
} |
|
|
|
|
$extraFieldValue = new ExtraFieldValue('user'); |
|
|
|
|
@ -205,8 +211,10 @@ class OAuth2 extends Plugin |
|
|
|
|
$resourceOwnerId |
|
|
|
|
); |
|
|
|
|
if (false === $result) { |
|
|
|
|
$this->log('user not found', "extrafield 'oauth2_id' with value '$resourceOwnerId'"); |
|
|
|
|
// authenticated user not found in internal database |
|
|
|
|
if ('true' !== $this->get(self::SETTING_CREATE_NEW_USERS)) { |
|
|
|
|
$this->log('exception', 'create_new_users setting is disabled'); |
|
|
|
|
$message = sprintf( |
|
|
|
|
$this->get_lang('NoUserAccountAndUserCreationNotAllowed'), |
|
|
|
|
Display::encrypted_mailto_link(api_get_setting('emailAdministrator')) |
|
|
|
|
@ -243,29 +251,32 @@ class OAuth2 extends Plugin |
|
|
|
|
$userInfo = api_get_user_info_from_username($username); |
|
|
|
|
|
|
|
|
|
if (false !== $userInfo && !empty($userInfo['id']) && 'platform' === $userInfo['auth_source']) { |
|
|
|
|
$this->log('platform user exists', print_r($userInfo, true)); |
|
|
|
|
$userId = $userInfo['id']; |
|
|
|
|
} else { |
|
|
|
|
require_once __DIR__.'/../../../main/auth/external_login/functions.inc.php'; |
|
|
|
|
|
|
|
|
|
$userId = external_add_user( |
|
|
|
|
[ |
|
|
|
|
'firstname' => $firstName, |
|
|
|
|
'lastname' => $lastName, |
|
|
|
|
'status' => $status, |
|
|
|
|
'email' => $email, |
|
|
|
|
'username' => $username, |
|
|
|
|
'auth_source' => 'oauth2', |
|
|
|
|
] |
|
|
|
|
); |
|
|
|
|
$userInfo = [ |
|
|
|
|
'firstname' => $firstName, |
|
|
|
|
'lastname' => $lastName, |
|
|
|
|
'status' => $status, |
|
|
|
|
'email' => $email, |
|
|
|
|
'username' => $username, |
|
|
|
|
'auth_source' => 'oauth2', |
|
|
|
|
]; |
|
|
|
|
$userId = external_add_user($userInfo); |
|
|
|
|
if (false === $userId) { |
|
|
|
|
$this->log('user not created', print_r($userInfo, true)); |
|
|
|
|
throw new RuntimeException($this->get_lang('FailedUserCreation')); |
|
|
|
|
} |
|
|
|
|
$this->log('user created', (string) $userId); |
|
|
|
|
} |
|
|
|
|
$this->updateUser($userId, $response); |
|
|
|
|
// Not checking function update_extra_field_value return value because not reliable |
|
|
|
|
UserManager::update_extra_field_value($userId, self::EXTRA_FIELD_OAUTH2_ID, $resourceOwnerId); |
|
|
|
|
$this->updateUserUrls($userId, $response); |
|
|
|
|
} else { |
|
|
|
|
$this->log('user found', "extrafield 'oauth2_id' with value '$resourceOwnerId'"); |
|
|
|
|
// authenticated user found in internal database |
|
|
|
|
if (is_array($result) and array_key_exists('item_id', $result)) { |
|
|
|
|
$userId = $result['item_id']; |
|
|
|
|
@ -279,9 +290,12 @@ class OAuth2 extends Plugin |
|
|
|
|
} |
|
|
|
|
$userInfo = api_get_user_info($userId); |
|
|
|
|
if (empty($userInfo)) { |
|
|
|
|
$this->log('user info not found', (string) $userId); |
|
|
|
|
throw new LogicException($this->get_lang('InternalErrorCannotGetUserInfo')); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
$this->log('user info', print_r($userInfo, true)); |
|
|
|
|
|
|
|
|
|
return $userInfo; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
@ -444,4 +458,11 @@ class OAuth2 extends Plugin |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
private function log(string $key, string $content) |
|
|
|
|
{ |
|
|
|
|
if (self::DEBUG) { |
|
|
|
|
error_log("OAuth2 plugin: $key: $content"); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
Angel Fernando Quiroz Campos
4 years ago