/** * Request oauth protected resources * @param string $method * @param string $url * @param string $token * @param string $secret */ public function request($method, $url, $params = array(), $token = '', $secret = '') { if (empty($token)) { $token = $this->access_token; } if (empty($secret)) { $secret = $this->access_token_secret; } // to access protected resource, sign_secret will alwasy be consumer_secret+token_secret $this->sign_secret = $this->consumer_secret . '&' . $secret; if (strtolower($method) === 'post' && !empty($params)) { $oauth_params = $this->prepare_oauth_parameters($url, array('oauth_token' => $token) + $params, $method); } else { $oauth_params = $this->prepare_oauth_parameters($url, array('oauth_token' => $token), $method); } $this->setup_oauth_http_header($oauth_params); $content = call_user_func_array(array($this->http, strtolower($method)), array($url, $params, $this->http_options)); // reset http header and options to prepare for the next request $this->http->resetHeader(); // return request return value return $content; }
/** * @link http://docs.moodle.org/dev/Authentication_plugins#loginpage_hook.28.29 * * Hook for overriding behaviour of login page. * Another auth hook. Process login if $authorizationcode is defined in OAuth url. * Makes cURL POST/GET request to social webservice and fill response data to Moodle user. * We check access tokens in cookies, if the ones exists - get it from $_COOKIE, if no - setcookie * * @uses $SESSION, $CFG, $DB core global objects/variables * @return void or @moodle_exception if OAuth request returns error or fail * * @author Igor Sazonov ( @tigusigalpa ) */ function loginpage_hook() { global $SESSION, $CFG, $DB; $access_token = false; $authorizationcode = optional_param('oauthcode', '', PARAM_TEXT); // get authorization code from url if (!empty($authorizationcode)) { $authprovider = required_param('authprovider', PARAM_TEXT); // get authorization provider (webservice name) $hack_authprovider = $authprovider == 'yahoo1' || $authprovider == 'yahoo2' ? 'yahoo' : $authprovider; $config_field_str = 'auth_lenauth_' . $hack_authprovider . '_social_id_field'; $this->_field_shortname = $this->_oauth_config->{$config_field_str}; $this->_field_id = $this->_lenauth_get_fieldid(); $params = array(); // params to generate data for token request $encode_params = true; $code = true; $redirect_uri = true; $curl_header = false; $curl_options = array(); //if we have access_token in $_COOKIE, so do not need to make request fot the one $this->_send_oauth_request = !isset($_COOKIE[$authprovider]['access_token']) ? true : false; //if service is not enabled, why should we make request? hack protect. maybe $enabled_str = 'auth_lenauth_' . $hack_authprovider . '_enabled'; if (empty($this->_oauth_config->{$enabled_str})) { throw new moodle_exception('Service not enabled in your LenAuth Settings', 'auth_lenauth'); } switch ($authprovider) { case 'facebook': /** * @link https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/v2.0#exchangecode */ $params['client_id'] = $this->_oauth_config->auth_lenauth_facebook_app_id; $params['client_secret'] = $this->_oauth_config->auth_lenauth_facebook_app_secret; break; case 'google': /** * @link https://developers.google.com/accounts/docs/OAuth2Login#exchangecode */ $params['client_id'] = $this->_oauth_config->auth_lenauth_google_client_id; $params['client_secret'] = $this->_oauth_config->auth_lenauth_google_client_secret; $params['grant_type'] = $this->_settings[$authprovider]['grant_type']; break; case 'yahoo1': if (!isset($_COOKIE[$authprovider]['access_token']) && !isset($_COOKIE[$authprovider]['oauth_verifier'])) { $params = array_merge($this->_lenauth_yahoo_request_array($this->_oauth_config->auth_lenauth_yahoo_consumer_secret . '&'), array('oauth_callback' => $this->_lenauth_redirect_uri($authprovider))); $code = false; $redirect_uri = false; $this->_send_oauth_request = isset($_REQUEST['oauth_token'], $_REQUEST['oauth_verifier']) ? false : true; $oauth_verifier = false; // yahoo =)) if (!$this->_send_oauth_request && isset($SESSION->yahoo_expires) && !empty($SESSION->yahoo_expires)) { $access_token = $SESSION->yahoo_access_token = optional_param('oauth_token', '', PARAM_TEXT); setcookie($authprovider . '[access_token]', $access_token, time() + $SESSION->yahoo_expires); $oauth_verifier = $SESSION->yahoo_oauth_verifier = optional_param('oauth_verifier', '', PARAM_TEXT); setcookie($authprovider . '[oauth_verifier]', $oauth_verifier, time() + $SESSION->yahoo_expires); } else { } } else { $this->_send_oauth_request = false; } break; case 'yahoo2': $params['grant_type'] = $this->_settings[$authprovider]['grant_type']; $curl_options = array('USERPWD' => $this->_oauth_config->auth_lenauth_yahoo_consumer_key . ':' . $this->_oauth_config->auth_lenauth_yahoo_consumer_secret); break; case 'twitter': if (!empty($this->_oauth_config->auth_lenauth_twitter_enabled)) { if (!isset($_COOKIE[$authprovider]['access_token'])) { $params = array_merge($this->_lenauth_twitter_request_array($this->_oauth_config->auth_lenauth_twitter_consumer_secret . '&'), array('oauth_callback' => $this->_lenauth_redirect_uri($authprovider))); $code = false; $redirect_uri = false; $this->_send_oauth_request = isset($_REQUEST['oauth_token'], $_REQUEST['oauth_verifier']) ? false : true; $oauth_verifier = false; if (!$this->_send_oauth_request && isset($_COOKIE[$authprovider]['oauth_token_secret'])) { $access_token = $SESSION->twitter_access_token = optional_param('oauth_token', '', PARAM_TEXT); setcookie($authprovider . '[access_token]', $access_token, time() + $this->_settings[$authprovider]['expire'], '/'); $oauth_verifier = $SESSION->twitter_oauth_verifier = optional_param('oauth_verifier', '', PARAM_TEXT); setcookie($authprovider . '[oauth_verifier]', $oauth_verifier, time() + $this->_settings[$authprovider]['expire'], '/'); } else { $curl_header = $this->_lenauth_set_twitter_header($params); } //$curl_header = $this->_lenauth_set_twitter_header($params, $access_token/*, $oauth_token_secret = false*/); /*$curl_options = array( 'CURLOPT_RETURNTRANSFER' => true, 'CURLOPT_FOLLOWLOCATION' => true ); if ( !empty( $params['oauth_callback'] ) ) { $curl_options['CURLOPT_POSTFIELDS'] = http_build_query( array() ); }*/ //TWITTER IS GOOD!! $encode_params = false; } else { $this->_send_oauth_request = false; } } break; case 'vk': /** * @link http://vk.com/dev/auth_sites */ $params['client_id'] = $this->_oauth_config->auth_lenauth_vk_app_id; $params['client_secret'] = $this->_oauth_config->auth_lenauth_vk_app_secret; break; case 'yandex': $params['grant_type'] = $this->_settings[$authprovider]['grant_type']; $params['client_id'] = $this->_oauth_config->auth_lenauth_yandex_app_id; $params['client_secret'] = $this->_oauth_config->auth_lenauth_yandex_app_password; break; case 'mailru': $params['client_id'] = $this->_oauth_config->auth_lenauth_mailru_site_id; $params['client_secret'] = $this->_oauth_config->auth_lenauth_mailru_client_secret; $params['grant_type'] = $this->_settings[$authprovider]['grant_type']; break; //odnoklassniki.ru was wrote by school programmers at 1st class and it not used mojority. bye-bye! /*case 'ok': $params['client_id'] = $this->_oauth_config->ok_app_id; $params['client_secret'] = $this->_oauth_config->ok_secret_key; break;*/ //odnoklassniki.ru was wrote by school programmers at 1st class and it not used mojority. bye-bye! /*case 'ok': $params['client_id'] = $this->_oauth_config->ok_app_id; $params['client_secret'] = $this->_oauth_config->ok_secret_key; break;*/ default: // if authorization provider is wrong throw new moodle_exception('Unknown OAuth Provider', 'auth_lenauth'); } // url for catch token value // exception for Yahoo OAuth, because it like.. if ($code) { $params['code'] = $authorizationcode; } if ($redirect_uri) { $params['redirect_uri'] = $this->_lenauth_redirect_uri($authprovider); } //require cURL from Moodle core require_once $CFG->libdir . '/filelib.php'; // requires library with cURL class $curl = new curl(); //hack for twitter and Yahoo if (!empty($curl_options) && is_array($curl_options)) { $curl->setopt($curl_options); } $curl->resetHeader(); // clean cURL header from garbage //Twitter and Yahoo has an own cURL headers, so let them to be! if (!$curl_header) { $curl->setHeader('Content-Type: application/x-www-form-urlencoded'); } else { $curl->setHeader($curl_header); } // cURL REQUEST for tokens if we hasnt it in $_COOKIE if ($this->_send_oauth_request) { if ($this->_curl_type == 'post') { $curl_tokens_values = $curl->post($this->_settings[$authprovider]['request_token_url'], $encode_params ? $this->_generate_query_data($params) : $params); } else { $curl_tokens_values = $curl->get($this->_settings[$authprovider]['request_token_url'] . '?' . ($encode_params ? $this->_generate_query_data($params) : $params)); } } // check for token response if (!empty($curl_tokens_values) || !$this->_send_oauth_request) { $token_values = array(); // parse token values switch ($authprovider) { case 'facebook': if ($this->_send_oauth_request || !isset($_COOKIE[$authprovider]['access_token'])) { parse_str($curl_tokens_values, $token_values); $expires = $token_values['expires']; //5183999 = 2 months $access_token = $token_values['access_token']; if (!empty($expires) && !empty($access_token)) { setcookie($authprovider . '[access_token]', $access_token, time() + $expires, '/'); } else { throw new moodle_exception('Can not get access for "access_token" or/and "expires" params after request', 'auth_lenauth'); } } else { if (isset($_COOKIE[$authprovider]['access_token'])) { $access_token = $_COOKIE[$authprovider]['access_token']; } else { throw new moodle_exception('Someting wrong, maybe expires', 'auth_lenauth'); } } break; case 'google': if ($this->_send_oauth_request || !isset($_COOKIE[$authprovider]['access_token'])) { $token_values = json_decode($curl_tokens_values, true); $expires = $token_values['expires_in']; //3600 = 1 hour $access_token = $token_values['access_token']; if (!empty($access_token) && !empty($expires)) { setcookie($authprovider . '[access_token]', $access_token, time() + $expires, '/'); } else { throw new moodle_exception('Can not get access for "access_token" or/and "expires" params after request', 'auth_lenauth'); } } else { if (isset($_COOKIE[$authprovider]['access_token'])) { $access_token = $_COOKIE[$authprovider]['access_token']; } else { throw new moodle_exception('Someting wrong, maybe expires', 'auth_lenauth'); } } break; case 'yahoo1': if ($this->_send_oauth_request || !isset($_COOKIE[$authprovider]['oauth_token_secret'])) { parse_str($curl_tokens_values, $token_values); $expires = $SESSION->yahoo_expires = $token_values['oauth_expires_in']; //3600 = 1 hour $access_token = $SESSION->yahoo_access_token = $token_values['oauth_token']; setcookie($authprovider . '[oauth_token_secret]', $token_values['oauth_token_secret'], time() + $SESSION->yahoo_expires); $xoauth_request_auth_url = $token_values['xoauth_request_auth_url']; } else { if (isset($_COOKIE[$authprovider]['access_token'], $_COOKIE[$authprovider]['oauth_verifier']) || isset($SESSION->yahoo_access_token, $SESSION->yahoo_oauth_verifier)) { $access_token = isset($_COOKIE[$authprovider]['access_token']) ? $_COOKIE[$authprovider]['access_token'] : $SESSION->yahoo_access_token; $oauth_verifier = isset($_COOKIE[$authprovider]['oauth_verifier']) ? $_COOKIE[$authprovider]['oauth_verifier'] : $SESSION->yahoo_oauth_verifier; } else { throw new moodle_exception('Someting wrong, maybe expires', 'auth_lenauth'); } } break; case 'yahoo2': if ($this->_send_oauth_request || !isset($_COOKIE[$authprovider]['access_token'])) { $token_values = json_decode($curl_tokens_values, true); $expires = $token_values['expires_in']; //3600 = 1 hour $access_token = $token_values['access_token']; $refresh_token = $token_values['refresh_token']; $user_id = $token_values['xoauth_yahoo_guid']; if (!empty($expires) && !empty($access_token)) { setcookie($authprovider . '[access_token]', $access_token, time() + $expires, '/'); if (!empty($user_id)) { setcookie($authprovider . '[user_id]', $user_id, time() + $expires, '/'); } } else { throw new moodle_exception('Can not get access for "access_token" or/and "expires" params after request', 'auth_lenauth'); } } else { if (isset($_COOKIE[$authprovider]['access_token'], $_COOKIE[$authprovider]['user_id'])) { $access_token = $_COOKIE[$authprovider]['access_token']; $user_id = $_COOKIE[$authprovider]['user_id']; } else { throw new moodle_exception('Someting wrong, maybe expires', 'auth_lenauth'); } } break; case 'twitter': if ($this->_send_oauth_request || !isset($_COOKIE[$authprovider]['oauth_token_secret'])) { parse_str($curl_tokens_values, $token_values); $access_token = $SESSION->twitter_access_token = $token_values['oauth_token']; setcookie($authprovider . '[oauth_token_secret]', $token_values['oauth_token_secret'], time() + $this->_settings[$authprovider]['expire'], '/'); } else { if (isset($_COOKIE[$authprovider]['access_token'], $_COOKIE[$authprovider]['oauth_token_secret']) || isset($SESSION->twitter_access_token, $SESSION->twitter_oauth_verifier)) { $access_token = isset($_COOKIE[$authprovider]['access_token']) ? $_COOKIE[$authprovider]['access_token'] : $SESSION->twitter_access_token; $oauth_verifier = isset($_COOKIE[$authprovider]['oauth_verifier']) ? $_COOKIE[$authprovider]['oauth_verifier'] : $SESSION->twitter_oauth_verifier; } else { throw new moodle_exception('Someting wrong, maybe expires', 'auth_lenauth'); } } break; case 'vk': if ($this->_send_oauth_request || !isset($_COOKIE[$authprovider]['access_token'])) { $token_values = json_decode($curl_tokens_values, true); if (isset($token_values['error'])) { throw new moodle_exception('Native VK Error ' . $token_values['error'] . (isset($token_values['error_description']) ? ' with description: ' . $token_values['error_description'] : ''), 'auth_lenauth'); } $expires = $token_values['expires_in']; //86400 = 24 hours $access_token = $token_values['access_token']; if (!empty($access_token) && !empty($expires)) { setcookie($authprovider . '[access_token]', $access_token, time() + $expires, '/'); } $user_id = $token_values['user_id']; if (!empty($user_id)) { setcookie($authprovider . '[user_id]', $user_id, time() + $expires, '/'); } /** * VK user may do not enter email, soooo =(( */ $user_email = isset($token_values['email']) ? $token_values['email'] : false; // WOW!!! So early???))) Awesome! if (!empty($user_email)) { setcookie($authprovider . '[user_email]', $user_email, time() + $expires, '/'); } } else { if (isset($_COOKIE[$authprovider]['access_token'], $_COOKIE[$authprovider]['user_id'])) { $access_token = $_COOKIE[$authprovider]['access_token']; $user_id = $_COOKIE[$authprovider]['user_id']; if (isset($_COOKIE[$authprovider]['user_email'])) { $user_email = $_COOKIE[$authprovider]['user_email']; } } else { throw new moodle_exception('Someting wrong, maybe expires', 'auth_lenauth'); } } break; case 'yandex': if ($this->_send_oauth_request || !isset($_COOKIE[$authprovider]['access_token'])) { $token_values = json_decode($curl_tokens_values, true); $expires = $token_values['expires_in']; //31536000 = 1 year $access_token = $token_values['access_token']; if (!empty($expires) && !empty($access_token)) { setcookie($authprovider . '[access_token]', $access_token, time() + $expires, '/'); } else { throw new moodle_exception('Can not get access for "access_token" or/and "expires" params after request', 'auth_lenauth'); } } else { if (isset($_COOKIE[$authprovider]['access_token'])) { $access_token = $_COOKIE[$authprovider]['access_token']; } else { throw new moodle_exception('Someting wrong, maybe expires', 'auth_lenauth'); } } break; case 'mailru': if ($this->_send_oauth_request || !isset($_COOKIE[$authprovider]['access_token'])) { $token_values = json_decode($curl_tokens_values, true); $expires = $token_values['expires_in']; //86400 = 24 hours $access_token = $token_values['access_token']; if (!empty($expires) && !empty($access_token)) { setcookie($authprovider . '[access_token]', $access_token, time() + $expires, '/'); } else { //check native errors if exists if (isset($token_values['error'])) { switch ($token_values['error']) { case 'invalid_client': throw new moodle_exception('Mail.RU invalid OAuth settings. Check your Private Key and Secret Key', 'auth_lenauth'); default: throw new moodle_exception('Mail.RU Unknown Error with code: ' . $token_values['error']); } } if (empty($expires) || empty($access_token)) { throw new moodle_exception('Can not get access for "access_token" or/and "expires" params after request', 'auth_lenauth'); } } } else { if (isset($_COOKIE[$authprovider]['access_token'])) { $access_token = $_COOKIE[$authprovider]['access_token']; } else { throw new moodle_exception('Someting wrong, maybe expires', 'auth_lenauth'); } } break; /*case 'ok': $token_values = json_decode( $curl_tokens_values, true ); $access_token = $token_values['access_token']; break;*/ /*case 'ok': $token_values = json_decode( $curl_tokens_values, true ); $access_token = $token_values['access_token']; break;*/ default: throw new moodle_exception('Unknown OAuth Provider', 'auth_lenauth'); } } if (!empty($access_token)) { $queryparams = array(); // array to generate data for final request to get user data $request_api_url = $this->_settings[$authprovider]['request_api_url']; //some services check accounts for verifier, so we will check it too. No unverified accounts, only verified! only hardCORE! $is_verified = true; $image_url = ''; switch ($authprovider) { case 'facebook': $queryparams['access_token'] = $access_token; $curl_response = $curl->get($request_api_url . '?' . $this->_generate_query_data($queryparams)); $curl_final_data = json_decode($curl_response, true); $social_uid = $curl_final_data['id']; $user_email = $curl_final_data['email']; $first_name = $curl_final_data['first_name']; $last_name = $curl_final_data['last_name']; $is_verified = $curl_final_data['verified']; if ($this->_oauth_config->auth_lenauth_retrieve_avatar) { $image_url = 'http://graph.facebook.com/' . $social_uid . '/picture'; } break; /** * @link https://developers.google.com/accounts/docs/OAuth2Login#obtaininguserprofileinformation */ /** * @link https://developers.google.com/accounts/docs/OAuth2Login#obtaininguserprofileinformation */ case 'google': $queryparams['access_token'] = $access_token; $queryparams['alt'] = 'json'; $curl_response = $curl->get($request_api_url . '?' . $this->_generate_query_data($queryparams)); $curl_final_data = json_decode($curl_response, true); if (isset($curl_final_data['error'])) { if (!empty($curl_final_data['error']['errors']) && is_array($curl_final_data['error']['errors'])) { foreach ($curl_final_data['error']['errors'] as $error) { throw new moodle_exception('Native Google error. Message: ' . $error['message'], 'auth_lenauth'); } } else { throw new moodle_exception('Native Google error', 'auth_lenauth'); } } $social_uid = $curl_final_data['id']; $user_email = $curl_final_data['emails'][0]['value']; $first_name = $curl_final_data['name']['givenName']; $last_name = $curl_final_data['name']['familyName']; if ($this->_oauth_config->auth_lenauth_retrieve_avatar) { $image_url = isset($curl_final_data['image']['url']) ? $curl_final_data['image']['url'] : ''; } break; case 'yahoo1': if (!$oauth_verifier) { header('Location: ' . $xoauth_request_auth_url); // yahoo =)) die; } $queryparams1 = array_merge($this->_lenauth_yahoo_request_array($this->_oauth_config->auth_lenauth_yahoo_consumer_secret . '&' . $_COOKIE[$authprovider]['oauth_token_secret']), array('oauth_token' => $access_token, 'oauth_verifier' => $oauth_verifier)); $curl_response_pre = $curl->get($request_api_url . '?' . $this->_generate_query_data($queryparams1)); parse_str($curl_response_pre, $values); $queryparams2 = array_merge($this->_lenauth_yahoo_request_array($this->_oauth_config->auth_lenauth_yahoo_consumer_secret . '&' . $values['oauth_token_secret']), array('oauth_token' => $values['oauth_token'], 'oauth_session_handle' => $values['oauth_session_handle'])); $yet_another = $curl->post($request_api_url . '?' . $this->_generate_query_data($queryparams2)); parse_str($yet_another, $yet_another_values); $params = array('q' => 'SELECT * FROM social.profile where guid="' . $yet_another_values['xoauth_yahoo_guid'] . '"', 'format' => 'json', 'env' => 'http://datatables.org/alltables.env'); $auth_array = array_merge($this->_lenauth_yahoo_request_array($this->_oauth_config->auth_lenauth_yahoo_consumer_secret . '&' . $yet_another_values['oauth_token_secret']), array('realm' => 'yahooapis.com', 'oauth_token' => $yet_another_values['oauth_token'])); $header = ''; foreach ($auth_array as $key => $value) { $header .= ($header === '' ? ' ' : ',') . $this->urlEncodeRfc3986($key) . '="' . $this->urlEncodeRfc3986($value) . '"'; } $curl->setHeader(array('Expect:', 'Accept: application/json', 'Authorization: OAuth ' . $header)); $curl_response = $curl->post($this->_settings[$authprovider]['yql_url'] . '?' . $this->_generate_query_data($params)); $curl_final_data = json_decode($curl_response, true); $social_uid = $curl_final_data['query']['results']['profile']['guid']; $emails = $curl_final_data['query']['results']['profile']['emails']; if (!empty($emails) && is_array($emails)) { foreach ($emails as $email_array) { $user_email = $email_array['handle']; if (isset($email_array['primary'])) { break; } } } $first_name = $curl_final_data['query']['results']['profile']['givenName']; $last_name = $curl_final_data['query']['results']['profile']['familyName']; if ($this->_oauth_config->auth_lenauth_retrieve_avatar) { $image_url = isset($curl_final_data['query']['results']['profile']['image']['imageUrl']) ? $curl_final_data['query']['results']['profile']['image']['imageUrl'] : ''; } break; case 'yahoo2': $request_api_url = 'https://social.yahooapis.com/v1/user/' . $user_id . '/profile?format=json'; $queryparams['access_token'] = $access_token; $now_header = array('Authorization: Bearer ' . $access_token, 'Accept: application/json', 'Content-Type: application/json'); $curl->resetHeader(); $curl->setHeader($now_header); $curl_response = $curl->get($request_api_url, $queryparams); $curl->resetHeader(); $curl_final_data = json_decode($curl_response, true); $social_uid = $curl_final_data['profile']['guid']; $emails = $curl_final_data['profile']['emails']; if (!empty($emails) && is_array($emails)) { foreach ($emails as $email_array) { $user_email = $email_array['handle']; if (isset($email_array['primary'])) { break; } } } $first_name = $curl_final_data['profile']['givenName']; $last_name = $curl_final_data['profile']['familyName']; if ($this->_oauth_config->auth_lenauth_retrieve_avatar) { $image_url = isset($curl_final_data['profile']['image']['imageUrl']) ? $curl_final_data['profile']['image']['imageUrl'] : ''; } break; case 'twitter': if (!$oauth_verifier) { header('Location: ' . $this->_settings[$authprovider]['request_api_url'] . '?' . http_build_query(array('oauth_token' => $access_token))); die; } $queryparams = array_merge($this->_lenauth_twitter_request_array(), array('oauth_verifier' => $oauth_verifier, 'oauth_token' => $access_token, 'oauth_token_secret' => $_COOKIE[$authprovider]['oauth_token_secret'])); $curl_header = $this->_lenauth_set_twitter_header($queryparams, $access_token, $_COOKIE[$authprovider]['oauth_token_secret']); $curl->setHeader($curl_header); $curl_final_data_pre = $curl->post($this->_settings[$authprovider]['token_url'], $queryparams); $json_decoded = json_decode($curl_final_data_pre, true); if (isset($json_decoded['error']) && isset($json_decoded['request'])) { throw new moodle_exception('Native Twitter Error: ' . $json_decoded['error'] . '. For request ' . $json_decoded['request'], 'auth_lenauth'); } parse_str($curl_final_data_pre, $curl_final_data); $social_uid = $curl_final_data['user_id']; if ($this->_oauth_config->auth_lenauth_retrieve_avatar) { $image_url_pre = 'https://twitter.com/' . $curl_final_data['screen_name'] . '/profile_image?size=original'; $image_header = get_headers($image_url_pre, 1); $image_url = $image_header['location']; } break; case 'vk': /** * @link http://vk.com/dev/api_requests */ $queryparams['access_token'] = $access_token; $queryparams['user_id'] = !empty($user_id) ? $user_id : false; $queryparams['v'] = self::$vk_api_version; $curl_response = $curl->post($request_api_url, $this->_generate_query_data($queryparams)); $curl_final_data = json_decode($curl_response, true); //$social_uid = ( isset( $user_id ) ) ? $user_id : $curl_final_data['response'][0]['id']; //dont forget about this $social_uid = $queryparams['user_id']; /** * If user_email is empty, its not so scare, because its second login and */ $user_email = isset($user_email) ? $user_email : false; //hack, because VK has bugs sometimes $first_name = $curl_final_data['response'][0]['first_name']; $last_name = $curl_final_data['response'][0]['last_name']; /** * @link http://vk.com/dev/users.get */ $fields_array = array('avatar' => 'photo_200'); $additional_fields_pre = $curl->get('http://api.vk.com/method/users.get?user_ids=' . $social_uid . '&fields=' . join(',', $fields_array)); $additional_fields = json_decode($additional_fields_pre, true); if ($this->_oauth_config->auth_lenauth_retrieve_avatar) { $image_url = isset($additional_fields['response'][0][$fields_array['avatar']]) ? $additional_fields['response'][0][$fields_array['avatar']] : ''; } break; /** * @link http://api.yandex.ru/oauth/doc/dg/reference/accessing-protected-resource.xml * @link http://api.yandex.ru/login/doc/dg/reference/request.xml */ /** * @link http://api.yandex.ru/oauth/doc/dg/reference/accessing-protected-resource.xml * @link http://api.yandex.ru/login/doc/dg/reference/request.xml */ case 'yandex': $queryparams['format'] = $this->_settings[$authprovider]['format']; $queryparams['oauth_token'] = $access_token; $curl_response = $curl->get($request_api_url . '?' . $this->_generate_query_data($queryparams)); $curl_final_data = json_decode($curl_response, true); $social_uid = $curl_final_data['id']; /** * fix @since 24.12.2014. Thanks for Yandex Tech team guys!! * @link https://tech.yandex.ru/passport/ */ $user_email = $curl_final_data['default_email']; //was $curl_final_data['emails'][0]; - wrong! $first_name = $curl_final_data['first_name']; $last_name = $curl_final_data['last_name']; $nickname = $curl_final_data['display_name']; //for future if ($this->_oauth_config->auth_lenauth_retrieve_avatar) { /** * @link https://tech.yandex.ru/passport/doc/dg/reference/response-docpage/#norights_5 */ $yandex_avatar_size = 'islands-200'; if (isset($curl_final_data['default_avatar_id'])) { $image_url = 'https://avatars.yandex.net/get-yapic/' . $curl_final_data['default_avatar_id'] . '/' . $yandex_avatar_size; } } break; case 'mailru': $queryparams['app_id'] = $params['client_id']; $secret_key = $params['client_secret']; /** * @link http://api.mail.ru/docs/reference/rest/users-getinfo/ */ $queryparams['method'] = 'users.getInfo'; $queryparams['session_key'] = $access_token; $queryparams['secure'] = 1; /** * Additional security from mail.ru * @link http://api.mail.ru/docs/guides/restapi/#sig */ ksort($queryparams); $sig = ''; foreach ($queryparams as $k => $v) { $sig .= "{$k}={$v}"; } $queryparams['sig'] = md5($sig . $secret_key); $curl_response = $curl->post($request_api_url, $this->_generate_query_data($queryparams)); $curl_final_data = json_decode($curl_response, true); $social_uid = $curl_final_data[0]['uid']; $user_email = $curl_final_data[0]['email']; $first_name = $curl_final_data[0]['first_name']; $last_name = $curl_final_data[0]['last_name']; $is_verified = $curl_final_data[0]['is_verified']; $birthday = $curl_final_data[0]['birthday']; //dd.mm.YYYY if ($this->_oauth_config->auth_lenauth_retrieve_avatar) { $image_url = isset($curl_final_data[0]['pic_big']) ? $curl_final_data[0]['pic_big'] : ''; } break; /*case 'ok': $queryparams['access_token'] = $access_token; $queryparams['method'] = 'users.getCurrentUser'; $queryparams['sig'] = md5( 'application_key=' . $this->_oauth_config->ok_public_key . 'method=' . $queryparams['method'] . md5( $queryparams['access_token'] . $this->_oauth_config->ok_secret_key ) ); $queryparams['application_key'] = $this->_oauth_config->ok_public_key; $curl_response = $curl->get( $request_api_url . '?' . $this->_generate_query_data( $queryparams ) ); $curl_final_data = json_decode( $curl_response, true ); $first_name = $curl_final_data['first_name']; $last_name = $curl_final_data['last_name']; $social_uid = $curl_final_data['uid']; break;*/ /*case 'ok': $queryparams['access_token'] = $access_token; $queryparams['method'] = 'users.getCurrentUser'; $queryparams['sig'] = md5( 'application_key=' . $this->_oauth_config->ok_public_key . 'method=' . $queryparams['method'] . md5( $queryparams['access_token'] . $this->_oauth_config->ok_secret_key ) ); $queryparams['application_key'] = $this->_oauth_config->ok_public_key; $curl_response = $curl->get( $request_api_url . '?' . $this->_generate_query_data( $queryparams ) ); $curl_final_data = json_decode( $curl_response, true ); $first_name = $curl_final_data['first_name']; $last_name = $curl_final_data['last_name']; $social_uid = $curl_final_data['uid']; break;*/ default: throw new moodle_exception('Unknown OAuth Provider', 'auth_lenauth'); } /** * Check for email returned by webservice. If exist - check for user with this email in Moodle Database */ if (!empty($curl_final_data)) { if (!empty($social_uid)) { if ($is_verified) { if (!empty($user_email)) { if ($err = email_is_not_allowed($user_email)) { throw new moodle_exception($err, 'auth_lenauth'); } $user_lenauth = $DB->get_record('user', array('email' => $user_email, 'deleted' => 0, 'mnethostid' => $CFG->mnet_localhost_id)); } else { if (empty($user_lenauth)) { $user_lenauth = $this->_lenauth_get_userdata_by_social_id($social_uid); } /*if ( empty( $user_lenauth ) ) { $user_lenauth = $DB->get_record('user', array('username' => $username, 'deleted' => 0, 'mnethostid' => $CFG->mnet_localhost_id)); }*/ } } else { throw new moodle_exception('Your social account is not verified', 'auth_lenauth'); } } else { throw new moodle_exception('Empty Social UID', 'auth_lenauth'); } } else { /** * addon @since 24.12.2014 * I forgot about clear $_COOKIE, thanks again for Yandex Tech Team guys!!! */ @setcookie($authprovider, null, time() - 3600); throw new moodle_exception('Final request returns nothing', 'auth_lenauth'); } $last_user_number = intval($this->_oauth_config->auth_lenauth_last_user_number); $last_user_number = empty($last_user_number) ? 1 : $last_user_number + 1; //$username = $this->_oauth_config->auth_lenauth_user_prefix . $last_user_number; //@todo /** * If user with email from webservice not exists, we will create an account */ if (empty($user_lenauth)) { $username = $this->_oauth_config->auth_lenauth_user_prefix . $last_user_number; //check for username exists in DB $user_lenauth_check = $DB->get_record('user', array('username' => $username)); $i_check = 0; while (!empty($user_lenauth_check)) { $user_lenauth_check = $user_lenauth_check + 1; $username = $this->_oauth_config->auth_lenauth_user_prefix . $last_user_number; $user_lenauth_check = $DB->get_record('user', array('username' => $username)); $i_check++; if ($i_check > 20) { throw new moodle_exception('Something wrong with usernames of LenAuth users. Limit of 20 queries is out. Check last mdl_user table of Moodle', 'auth_lenauth'); } } // create user HERE $user_lenauth = create_user_record($username, '', 'lenauth'); /** * User exists... */ } else { $username = $user_lenauth->username; } set_config('auth_lenauth_last_user_number', $last_user_number, 'auth/lenauth'); if (!empty($social_uid)) { $user_social_uid_custom_field = new stdClass(); $user_social_uid_custom_field->userid = $user_lenauth->id; $user_social_uid_custom_field->fieldid = $this->_field_id; $user_social_uid_custom_field->data = $social_uid; if (!$DB->record_exists('user_info_data', array('userid' => $user_lenauth->id, 'fieldid' => $this->_field_id))) { $DB->insert_record('user_info_data', $user_social_uid_custom_field); } else { $record = $DB->get_record('user_info_data', array('userid' => $user_lenauth->id, 'fieldid' => $this->_field_id)); $user_social_uid_custom_field->id = $record->id; $DB->update_record('user_info_data', $user_social_uid_custom_field); } } //add_to_log( SITEID, 'auth_lenauth', '', '', $username . '/' . $user_email . '/' . $userid ); // complete Authenticate user authenticate_user_login($username, null); // fill $newuser object with response data from webservices $newuser = new stdClass(); if (!empty($user_email)) { $newuser->email = $user_email; } if (!empty($first_name)) { $newuser->firstname = $first_name; } if (!empty($last_name)) { $newuser->lastname = $last_name; } if (!empty($this->_oauth_config->auth_lenauth_default_country)) { $newuser->country = $this->_oauth_config->auth_lenauth_default_country; } if ($user_lenauth) { // update user record if (!empty($newuser)) { $newuser->id = $user_lenauth->id; /*require_once( $CFG->libdir . '/gdlib.php' ); $fs = get_file_storage(); $file_obj = $fs->create_file_from_url( array( 'contextid' => context_user::instance( $newuser->id, MUST_EXIST )->id, 'component' => 'user', 'filearea' => 'icon', 'itemid' => 0, 'filepath' => '/', 'source' => '', 'filename' => 'f' . $newuser->id . '.' . $ext ), $image_url ); //$newuser->picture = $file_obj->get_id();*/ $user_lenauth = (object) array_merge((array) $user_lenauth, (array) $newuser); $DB->update_record('user', $user_lenauth); if ($this->_oauth_config->auth_lenauth_retrieve_avatar) { //processing user avatar from social webservice if (!empty($image_url) && intval($user_lenauth->picture) === 0) { $image_header = get_headers($image_url, 1); if (isset($image_header['Content-Type']) && is_string($image_header['Content-Type']) && in_array($image_header['Content-Type'], array_keys(self::$_allowed_icons_types))) { $mime = $image_header['Content-Type']; } else { if (isset($image_header['Content-Type'][0]) && is_string($image_header['Content-Type'][0]) && in_array($image_header['Content-Type'][0], array_keys(self::$_allowed_icons_types))) { $mime = $image_header['Content-Type'][0]; } } $ext = $this->_lenauth_get_image_extension_from_mime($mime); if ($ext) { //create temp file $tempfilename = substr(microtime(), 0, 10) . '.tmp'; $templfolder = $CFG->tempdir . '/filestorage'; if (!file_exists($templfolder)) { mkdir($templfolder, $CFG->directorypermissions); } @chmod($templfolder, 0777); $tempfile = $templfolder . '/' . $tempfilename; if (copy($image_url, $tempfile)) { require_once $CFG->libdir . '/gdlib.php'; $usericonid = process_new_icon(context_user::instance($newuser->id, MUST_EXIST), 'user', 'icon', 0, $tempfile); if ($usericonid) { $DB->set_field('user', 'picture', $usericonid, array('id' => $newuser->id)); } unset($tempfile); } @chmod($templfolder, $CFG->directorypermissions); } } } } complete_user_login($user_lenauth); // complete user login // Redirection $urltogo = $CFG->wwwroot; if (user_not_fully_set_up($user_lenauth)) { $urltogo = $CFG->wwwroot . '/user/edit.php'; } else { if (isset($SESSION->wantsurl) && strpos($SESSION->wantsurl, $CFG->wwwroot) === 0) { $urltogo = $SESSION->wantsurl; unset($SESSION->wantsurl); } else { unset($SESSION->wantsurl); } } } redirect($urltogo); } else { throw new moodle_exception('Could not get access to access token. Check your App Settings', 'auth_lenauth'); } } }