/**
* Authenticates a user against an identity provider.
*
* @param IdentityProvider $identityProvider
*/
public function authenticate(IdentityProvider $identityProvider)
{
try {
// Authenticate the user.
$identityProvider->authenticate();
// Success!
$this->isAuthenticated = true;
// Set the data obtained from the identity provider.
$this->name = $identityProvider->getUserName();
$this->email = $identityProvider->getUserEmail();
} catch (IdentityException $exception) {
$this->isAuthenticated = false;
throw $exception;
}
}
/**
* Use the specified identity provider to establish an authenticated
* user.
*/
public static function getFromIdentityProvider(Provider $identityProvider)
{
// Have the identity provider authenticate the current identity.
$identityProvider->authenticate();
// The identity is valid according to the provider, so authentication is
// passed.
$userId = $identityProvider->getUserId();
// Check for authorisation.
try {
Logger::get()->debug(sprintf('Checking OpenID user %s...', $userId));
$user = Users::getInstance()->findEntity($userId);
// The user is valid according to our records. Keep it in the session.
$user->authenticate($identityProvider);
} catch (NotFoundException $exception) {
Logger::get()->warning(sprintf('OpenID user %s is not known.', $userId));
throw new NotAuthorisedException('OpenID user is not authorised.');
}
return $user;
}
