function webservices_user_submit(Pieform $form, $values)
{
global $SESSION, $USER;
if ($values['action'] == 'add') {
if (!empty($values['userid'][0])) {
$dbuser = get_record('usr', 'id', $values['userid'][0]);
if ($auth_instance = webservice_validate_user($dbuser)) {
// make sure that this account is not already in use
$existing = get_record('external_services_users', 'userid', $dbuser->id);
if (empty($existing)) {
$services = get_records_array('external_services', 'restrictedusers', 1);
if (empty($services)) {
$SESSION->add_error_msg(get_string('noservices', 'auth.webservice'));
} else {
// just pass the first one for the moment
$service = array_shift($services);
$dbserviceuser = (object) array('externalserviceid' => $service->id, 'userid' => $dbuser->id, 'institution' => $auth_instance->institution, 'ctime' => db_format_timestamp(time()), 'publickeyexpires' => time(), 'wssigenc' => 0, 'publickey' => '');
$dbserviceuser->id = insert_record('external_services_users', $dbserviceuser, 'id', true);
redirect('/webservice/admin/userconfig.php?suid=' . $dbserviceuser->id);
}
} else {
$SESSION->add_error_msg(get_string('duplicateuser', 'auth.webservice'));
}
} else {
$SESSION->add_error_msg(get_string('invaliduserselected', 'auth.webservice'));
}
} else {
$SESSION->add_error_msg(get_string('nouser', 'auth.webservice'));
}
} else {
$dbserviceuser = get_record('external_services_users', 'id', $values['suid']);
if (!empty($dbserviceuser)) {
if ($values['action'] == 'edit') {
redirect('/webservice/admin/userconfig.php?suid=' . $values['suid']);
} else {
if ($values['action'] == 'delete') {
// remove everything associated with a service
$params = array($values['suid']);
delete_records_select('external_services_users', "id = ?", $params);
$SESSION->add_ok_msg(get_string('configsaved', 'auth.webservice'));
}
}
}
}
// default back to where we came from
redirect('/webservice/admin/index.php?open=webservices_user');
}
/**
* Authenticate user using username+password or token.
* This function sets up $USER global.
* It is safe to use has_capability() after this.
* This method also verifies user is allowed to use this
* server.
* @return void
*/
protected function authenticate_user()
{
global $USER, $SESSION, $WEBSERVICE_INSTITUTION, $WEBSERVICE_OAUTH_USER;
if ($this->authmethod == WEBSERVICE_AUTHMETHOD_USERNAME) {
$this->auth = 'USER';
//we check that authentication plugin is enabled
//it is only required by simple authentication
$plugin = get_record('auth_installed', 'name', 'webservice');
if (empty($plugin) || $plugin->active != 1) {
throw new WebserviceAccessException(get_string('wsauthnotenabled', 'auth.webservice'));
}
if (!$this->username) {
throw new WebserviceAccessException(get_string('missingusername', 'auth.webservice'));
}
if (!$this->password) {
throw new WebserviceAccessException(get_string('missingpassword', 'auth.webservice'));
}
// special web service login
safe_require('auth', 'webservice');
// get the user
$user = get_record('usr', 'username', $this->username);
if (empty($user)) {
throw new WebserviceAccessException(get_string('wrongusernamepassword', 'auth.webservice'));
}
// user account is nolonger validly configured
if (!($auth_instance = webservice_validate_user($user))) {
throw new WebserviceAccessException(get_string('invalidaccount', 'auth.webservice'));
}
// set the global for the web service users defined institution
$WEBSERVICE_INSTITUTION = $auth_instance->institution;
// get the institution from the external user
$ext_user = get_record('external_services_users', 'userid', $user->id);
if (empty($ext_user)) {
throw new WebserviceAccessException(get_string('wrongusernamepassword', 'auth.webservice'));
}
// determine the internal auth instance
$auth_instance = get_record('auth_instance', 'institution', $ext_user->institution, 'authname', 'webservice');
if (empty($auth_instance)) {
throw new WebserviceAccessException(get_string('wrongusernamepassword', 'auth.webservice'));
}
// authenticate the user
$auth = new AuthWebservice($auth_instance->id);
if (!$auth->authenticate_user_account($user, $this->password, 'webservice')) {
// log failed login attempts
throw new WebserviceAccessException(get_string('wrongusernamepassword', 'auth.webservice'));
}
} else {
if ($this->authmethod == WEBSERVICE_AUTHMETHOD_PERMANENT_TOKEN) {
$this->auth = 'TOKEN';
$user = $this->authenticate_by_token(EXTERNAL_TOKEN_PERMANENT);
} else {
if ($this->authmethod == WEBSERVICE_AUTHMETHOD_OAUTH_TOKEN) {
//OAuth
$this->auth = 'OAUTH';
// special web service login
safe_require('auth', 'webservice');
// get the user - the user that authorised the token
$user = get_record('usr', 'id', $this->oauth_token_details['user_id']);
if (empty($user)) {
throw new WebserviceAccessException(get_string('wrongusernamepassword', 'auth.webservice'));
}
// check user is member of configured OAuth institution
$institutions = array_keys(load_user_institutions($this->oauth_token_details['user_id']));
$auth_instance = get_record('auth_instance', 'id', $user->authinstance);
$institutions[] = $auth_instance->institution;
if (!in_array($this->oauth_token_details['institution'], $institutions)) {
throw new WebserviceAccessException(get_string('institutiondenied', 'auth.webservice'));
}
// set the global for the web service users defined institution
$WEBSERVICE_INSTITUTION = $this->oauth_token_details['institution'];
// set the note of the OAuth service owner
$WEBSERVICE_OAUTH_USER = $this->oauth_token_details['service_user'];
} else {
$this->auth = 'OTHER';
$user = $this->authenticate_by_token(EXTERNAL_TOKEN_USER);
}
}
}
// now fake user login, the session is completely empty too
$USER->reanimate($user->id, $user->authinstance);
}
