function webservices_user_submit(Pieform $form, $values) { global $SESSION, $USER; if ($values['action'] == 'add') { if (!empty($values['userid'][0])) { $dbuser = get_record('usr', 'id', $values['userid'][0]); if ($auth_instance = webservice_validate_user($dbuser)) { // make sure that this account is not already in use $existing = get_record('external_services_users', 'userid', $dbuser->id); if (empty($existing)) { $services = get_records_array('external_services', 'restrictedusers', 1); if (empty($services)) { $SESSION->add_error_msg(get_string('noservices', 'auth.webservice')); } else { // just pass the first one for the moment $service = array_shift($services); $dbserviceuser = (object) array('externalserviceid' => $service->id, 'userid' => $dbuser->id, 'institution' => $auth_instance->institution, 'ctime' => db_format_timestamp(time()), 'publickeyexpires' => time(), 'wssigenc' => 0, 'publickey' => ''); $dbserviceuser->id = insert_record('external_services_users', $dbserviceuser, 'id', true); redirect('/webservice/admin/userconfig.php?suid=' . $dbserviceuser->id); } } else { $SESSION->add_error_msg(get_string('duplicateuser', 'auth.webservice')); } } else { $SESSION->add_error_msg(get_string('invaliduserselected', 'auth.webservice')); } } else { $SESSION->add_error_msg(get_string('nouser', 'auth.webservice')); } } else { $dbserviceuser = get_record('external_services_users', 'id', $values['suid']); if (!empty($dbserviceuser)) { if ($values['action'] == 'edit') { redirect('/webservice/admin/userconfig.php?suid=' . $values['suid']); } else { if ($values['action'] == 'delete') { // remove everything associated with a service $params = array($values['suid']); delete_records_select('external_services_users', "id = ?", $params); $SESSION->add_ok_msg(get_string('configsaved', 'auth.webservice')); } } } } // default back to where we came from redirect('/webservice/admin/index.php?open=webservices_user'); }
/** * Authenticate user using username+password or token. * This function sets up $USER global. * It is safe to use has_capability() after this. * This method also verifies user is allowed to use this * server. * @return void */ protected function authenticate_user() { global $USER, $SESSION, $WEBSERVICE_INSTITUTION, $WEBSERVICE_OAUTH_USER; if ($this->authmethod == WEBSERVICE_AUTHMETHOD_USERNAME) { $this->auth = 'USER'; //we check that authentication plugin is enabled //it is only required by simple authentication $plugin = get_record('auth_installed', 'name', 'webservice'); if (empty($plugin) || $plugin->active != 1) { throw new WebserviceAccessException(get_string('wsauthnotenabled', 'auth.webservice')); } if (!$this->username) { throw new WebserviceAccessException(get_string('missingusername', 'auth.webservice')); } if (!$this->password) { throw new WebserviceAccessException(get_string('missingpassword', 'auth.webservice')); } // special web service login safe_require('auth', 'webservice'); // get the user $user = get_record('usr', 'username', $this->username); if (empty($user)) { throw new WebserviceAccessException(get_string('wrongusernamepassword', 'auth.webservice')); } // user account is nolonger validly configured if (!($auth_instance = webservice_validate_user($user))) { throw new WebserviceAccessException(get_string('invalidaccount', 'auth.webservice')); } // set the global for the web service users defined institution $WEBSERVICE_INSTITUTION = $auth_instance->institution; // get the institution from the external user $ext_user = get_record('external_services_users', 'userid', $user->id); if (empty($ext_user)) { throw new WebserviceAccessException(get_string('wrongusernamepassword', 'auth.webservice')); } // determine the internal auth instance $auth_instance = get_record('auth_instance', 'institution', $ext_user->institution, 'authname', 'webservice'); if (empty($auth_instance)) { throw new WebserviceAccessException(get_string('wrongusernamepassword', 'auth.webservice')); } // authenticate the user $auth = new AuthWebservice($auth_instance->id); if (!$auth->authenticate_user_account($user, $this->password, 'webservice')) { // log failed login attempts throw new WebserviceAccessException(get_string('wrongusernamepassword', 'auth.webservice')); } } else { if ($this->authmethod == WEBSERVICE_AUTHMETHOD_PERMANENT_TOKEN) { $this->auth = 'TOKEN'; $user = $this->authenticate_by_token(EXTERNAL_TOKEN_PERMANENT); } else { if ($this->authmethod == WEBSERVICE_AUTHMETHOD_OAUTH_TOKEN) { //OAuth $this->auth = 'OAUTH'; // special web service login safe_require('auth', 'webservice'); // get the user - the user that authorised the token $user = get_record('usr', 'id', $this->oauth_token_details['user_id']); if (empty($user)) { throw new WebserviceAccessException(get_string('wrongusernamepassword', 'auth.webservice')); } // check user is member of configured OAuth institution $institutions = array_keys(load_user_institutions($this->oauth_token_details['user_id'])); $auth_instance = get_record('auth_instance', 'id', $user->authinstance); $institutions[] = $auth_instance->institution; if (!in_array($this->oauth_token_details['institution'], $institutions)) { throw new WebserviceAccessException(get_string('institutiondenied', 'auth.webservice')); } // set the global for the web service users defined institution $WEBSERVICE_INSTITUTION = $this->oauth_token_details['institution']; // set the note of the OAuth service owner $WEBSERVICE_OAUTH_USER = $this->oauth_token_details['service_user']; } else { $this->auth = 'OTHER'; $user = $this->authenticate_by_token(EXTERNAL_TOKEN_USER); } } } // now fake user login, the session is completely empty too $USER->reanimate($user->id, $user->authinstance); }