/**
* Hook for after parsing route
*
* @return void
*/
public function onAfterRoute()
{
// First, check for presence of subject dn, which is the minimum required field
if (!isset($_SERVER['SSL_CLIENT_S_DN']) || !$_SERVER['SSL_CLIENT_S_DN']) {
\App::redirect($this->params->get('failure_location', '/invalidcert.php'));
return;
}
if (\User::isGuest()) {
// If so, redirect to login
Request::setVar('option', 'com_users');
Request::setVar('task', 'user.login');
Request::setVar('authenticator', 'certificate');
Request::setVar('return', base64_encode(\Request::current()));
return;
}
// Check if user is registered and if current session is linked to cert identity
$hzad = \Hubzero\Auth\Domain::getInstance('authentication', 'certificate', $_SERVER['SSL_CLIENT_I_DN_CN']);
if ($link = \Hubzero\Auth\Link::getInstance($hzad->id, $_SERVER['SSL_CLIENT_S_DN_CN'])) {
if ($link->user_id == \User::get('id')) {
// All clear...return nothing
return;
}
}
// Otherwise, we have a cert-based user that doesn't match the current user
Request::setVar('option', 'com_users');
Request::setVar('task', 'user.logout');
$this->event->stop();
}
function display($tpl = null)
{
$user = User::getRoot();
// If this is an auth_link account update, carry on, otherwise raise an error
if (!is_object($user) || !array_key_exists('auth_link_id', $user) || !is_numeric($user->get('username')) || !$user->get('username') < 0) {
App::abort('405', 'Method not allowed');
return;
}
// Get and add the js and extra css to the page
\Hubzero\Document\Assets::addComponentStylesheet('com_users', 'link.css');
\Hubzero\Document\Assets::addComponentStylesheet('com_users', 'providers.css');
\Hubzero\Document\Assets::addComponentScript('com_users', 'link');
// Import a few things
jimport('joomla.user.helper');
// Look up a few things
$hzal = \Hubzero\Auth\Link::find_by_id($user->get("auth_link_id"));
$hzad = \Hubzero\Auth\Domain::find_by_id($hzal->auth_domain_id);
$plugins = Plugin::byType('authentication');
// Get the display name for the current plugin being used
Plugin::import('authentication', $hzad->authenticator);
$plugin = Plugin::byType('authentication', $hzad->authenticator);
$pparams = new \Hubzero\Config\Registry($plugin->params);
$refl = new ReflectionClass("plgAuthentication{$plugin->name}");
$display_name = $pparams->get('display_name', $refl->hasMethod('onGetLinkDescription') ? $refl->getMethod('onGetLinkDescription')->invoke(NULL) : ucfirst($plugin->name));
// Look for conflicts - first check in the hub accounts
$profile_conflicts = \Hubzero\User\Profile\Helper::find_by_email($hzal->email);
// Now check the auth_link table
$link_conflicts = \Hubzero\Auth\Link::find_by_email($hzal->email, array($hzad->id));
$conflict = array();
if ($profile_conflicts) {
foreach ($profile_conflicts as $p) {
$user_id = JUserHelper::getUserId($p);
$juser = User::getInstance($user_id);
$auth_link = \Hubzero\Auth\Link::find_by_user_id($juser->id);
$dname = is_object($auth_link) && $auth_link->auth_domain_name ? $auth_link->auth_domain_name : 'hubzero';
$conflict[] = array("auth_domain_name" => $dname, "name" => $juser->name, "email" => $juser->email);
}
}
if ($link_conflicts) {
foreach ($link_conflicts as $l) {
$juser = User::getInstance($l['user_id']);
$conflict[] = array("auth_domain_name" => $l['auth_domain_name'], "name" => $juser->name, "email" => $l['email']);
}
}
// Make sure we don't somehow have any duplicate conflicts
$conflict = array_map("unserialize", array_unique(array_map("serialize", $conflict)));
// @TODO: Could also check for high probability of name matches???
// Get the site name
$sitename = Config::get('sitename');
// Assign variables to the view
$this->assign('hzal', $hzal);
$this->assign('hzad', $hzad);
$this->assign('plugins', $plugins);
$this->assign('display_name', $display_name);
$this->assign('conflict', $conflict);
$this->assign('sitename', $sitename);
$this->assignref('juser', $user);
parent::display($tpl);
}
/**
* Similar to onAuthenticate, except we already have a logged in user, we're just linking accounts
*
* @param array $options
* @return void
*/
public function link($options = array())
{
// Set up the config for the sdk instance
$config = array('appId' => $this->params->get('app_id'), 'secret' => $this->params->get('app_secret'));
// Set defaults
\Facebook\FacebookSession::setDefaultApplication($config['appId'], $config['secret']);
$helper = new \Facebook\FacebookRedirectLoginHelper(self::getReturnUrl($options['return']));
try {
$session = $helper->getSessionFromRedirect();
} catch (\Facebook\FacebookRequestException $ex) {
// When Facebook returns an error
} catch (\Exception $ex) {
// When validation fails or other local issues
}
// Make sure we have a user_id (facebook returns 0 for a non-logged in user)
if (isset($user_id) && $user_id > 0 || isset($session) && $session) {
try {
$request = new \Facebook\FacebookRequest($session, 'GET', '/me');
$user_profile = $request->execute()->getGraphObject(\Facebook\GraphUser::className());
$id = $user_profile->getId();
$email = $user_profile->getProperty('email');
} catch (\Facebook\FacebookRequestException $e) {
// Error message?
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_FACEBOOK_ERROR_RETRIEVING_PROFILE', $e->getMessage());
return;
}
$hzad = \Hubzero\Auth\Domain::getInstance('authentication', 'facebook', '');
// Create the link
if (\Hubzero\Auth\Link::getInstance($hzad->id, $id)) {
// This facebook account is already linked to another hub account
App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_FACEBOOK_ACCOUNT_ALREADY_LINKED'), 'error');
} else {
$hzal = \Hubzero\Auth\Link::find_or_create('authentication', 'facebook', null, $id);
$hzal->user_id = User::get('id');
$hzal->email = $email;
$hzal->update();
}
} else {
// User didn't authorize our app, or, clicked cancel
App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_FACEBOOK_MUST_AUTHORIZE_TO_LINK', Config::get('sitename')), 'error');
}
}
/**
* This method will return a user object
*
* If options['autoregister'] is true, if the user doesn't exist yet he will be created
*
* @param array $user Holds the user data.
* @param array $options Array holding options (remember, autoregister, group).
* @return object A User object
*/
protected function _getUser($user, $options = array())
{
$instance = JUser::getInstance();
if ($id = intval(JUserHelper::getUserId($user['username']))) {
$instance->load($id);
return $instance;
}
//TODO : move this out of the plugin
$config = Component::params('com_users');
// Default to Registered.
$defaultUserGroup = $config->get('new_usertype', 2);
$acl = JFactory::getACL();
$instance->set('id', 0);
$instance->set('name', $user['fullname']);
$instance->set('username', $user['username']);
$instance->set('password_clear', isset($user['password_clear']) ? $user['password_clear'] : '');
$instance->set('email', $user['email']);
// Result should contain an email (check)
$instance->set('usertype', 'deprecated');
$instance->set('groups', array($defaultUserGroup));
// Check joomla user activation setting
// 0 = automatically confirmed
// 1 = require email confirmation (the norm)
// 2 = require admin confirmation
$useractivation = $config->get('useractivation', 1);
// If requiring admin approval, set user to not approved
if ($useractivation == 2) {
$instance->set('approved', 0);
} else {
$instance->set('approved', 2);
}
// Now, also check to see if user came in via an auth plugin, as that may affect their approval status
if (isset($user['auth_link'])) {
$domain = \Hubzero\Auth\Domain::find_by_id($user['auth_link']->auth_domain_id);
if ($domain && is_object($domain)) {
$params = Plugin::params('authentication', $domain->authenticator);
if ($params && is_object($params) && $params->get('auto_approve', false)) {
$instance->set('approved', 2);
}
}
}
// If autoregister is set let's register the user
$autoregister = isset($options['autoregister']) ? $options['autoregister'] : $this->params->get('autoregister', 1);
if ($autoregister) {
if (!$instance->save()) {
return new Exception($instance->getError());
}
} else {
// No existing user and autoregister off, this is a temporary user.
$instance->set('tmp_user', true);
}
return $instance;
}
/**
* Similar to onAuthenticate, except we already have a logged in user, we're just linking accounts
*
* @param array $options additional options
* @return void
*/
public function link($options = array())
{
// Check for the required subject dn field
if ($this->isAuthenticated()) {
$domain = $_SERVER['SSL_CLIENT_I_DN_CN'];
$username = $_SERVER['SSL_CLIENT_S_DN_CN'];
$hzad = \Hubzero\Auth\Domain::getInstance('authentication', 'certificate', $domain);
// Create the link
if (\Hubzero\Auth\Link::getInstance($hzad->id, $username)) {
// This certificate account is already linked to another hub account
App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_CERTIFICATE_ACCOUNT_ALREADY_LINKED'), 'error');
} else {
$hzal = \Hubzero\Auth\Link::find_or_create('authentication', 'certificate', $domain, $username);
$hzal->user_id = User::get('id');
$hzal->email = $_SERVER['SSL_CLIENT_S_DN_Email'];
$hzal->update();
}
} else {
// User somehow got redirect back without being authenticated (not sure how this would happen?)
App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_CERTIFICATE_ERROR_LINKING_CERT'), 'error');
}
}
/**
* Method to log out a user.
*
* @since 1.6
*/
public function logout()
{
$app = JFactory::getApplication();
$user = User::getInstance();
$authenticator = Request::getVar('authenticator', '', 'method');
$singleSignOn = Request::getVar('sso', false);
if (empty($authenticator) || $authenticator == '') {
$cookie = \Hubzero\Utility\Cookie::eat('authenticator');
if (isset($cookie->authenticator)) {
$authenticator = $cookie->authenticator;
} else {
$authenticator = null;
}
}
// If a specific authenticator is specified try to call the logout method for that plugin
if (!empty($authenticator)) {
Plugin::import('authentication');
$plugins = Plugin::byType('authentication');
foreach ($plugins as $plugin) {
$className = 'plg' . $plugin->type . $plugin->name;
if ($plugin->name != $authenticator) {
continue;
}
if (class_exists($className)) {
if (method_exists($className, 'logout')) {
$myplugin = new $className($this, (array) $plugin);
// Redirect to user third party signout view
// Only do this for PUCAS for the time being (it's the one that doesn't lose session info after hub logout)
if ($authenticator == 'pucas') {
// Get plugin params
$plugin = Plugin::byType('authentication', $authenticator);
$pparams = new \Hubzero\Config\Registry($plugin->params);
$auto_logoff = $pparams->get('auto_logoff', false);
if ($auto_logoff || $singleSignOn == 'all') {
$result = $myplugin->logout();
break;
} elseif ($singleSignOn === false) {
App::redirect(Route::url('index.php?option=com_users&view=endsinglesignon&authenticator=' . $authenticator, false));
return;
} else {
break;
}
} else {
$result = $myplugin->logout();
break;
}
// Normal path
}
// End verification of logout() method
}
// End plugin check
}
// End foreach
}
// End check for specified authenticator
// Perform the log out
$error = $app->logout();
// Check if the log out succeeded.
if (!$error instanceof Exception) {
// If the authenticator is empty, but they have an active third party session,
// redirect to a page indicating this and offering complete signout
if (isset($user->auth_link_id) && $user->auth_link_id && empty($authenticator)) {
$auth_domain_name = '';
$auth_domain = \Hubzero\Auth\Link::find_by_id($user->auth_link_id);
if (is_object($auth_domain)) {
$auth_domain_id = $auth_domain->auth_domain_id;
$auth_domain_name = \Hubzero\Auth\Domain::find_by_id($auth_domain_id)->authenticator;
}
// Redirect to user third party signout view
// Only do this for PUCAS for the time being (it's the one that doesn't lose session info after hub logout)
if ($auth_domain_name == 'pucas') {
// Get plugin params
$plugin = Plugin::byType('authentication', $auth_domain_name);
$pparams = new \Hubzero\Config\Registry($plugin->params);
$auto_logoff = $pparams->get('auto_logoff', false);
if ($auto_logoff) {
App::redirect(Route::url('index.php?option=com_users&task=user.logout&authenticator=' . $auth_domain_name, false));
return;
} else {
App::redirect(Route::url('index.php?option=com_users&view=endsinglesignon&authenticator=' . $auth_domain_name, false));
return;
}
}
}
// Get the return url from the request and validate that it is internal.
$return = Request::getVar('return', '', 'method', 'base64');
$return = base64_decode($return);
if (!JURI::isInternal($return)) {
$return = '';
}
// Redirect the user.
App::redirect(Route::url($return, false));
} else {
App::redirect(Route::url('index.php?option=com_users&view=login', false));
}
}
/**
* Similar to onAuthenticate, except we already have a logged in user, we're just linking accounts
*
* @param array $options
* @return void
*/
public function link($options = array())
{
// Build twitter object using temp credentials saved in session
$twitter = new TwitterOAuth($this->params->get('app_id'), $this->params->get('app_secret'), App::get('session')->get('twitter.oauth.token'), App::get('session')->get('twitter.oauth.token_secret'));
// Request user specific (longer lasting) credentials
$token_credentials = $twitter->getAccessToken(Request::getVar('oauth_verifier'));
// Build new twitter object with user credentials
$twitter = new TwitterOAuth($this->params->get('app_id'), $this->params->get('app_secret'), $token_credentials['oauth_token'], $token_credentials['oauth_token_secret']);
// Get user account info
$account = $twitter->get('account/verify_credentials');
// Make sure we have a twitter account
if (!$account->errors && $account->id > 0) {
// Get unique username
$username = (string) $account->id;
$hzad = \Hubzero\Auth\Domain::getInstance('authentication', 'twitter', '');
// Create the link
if (\Hubzero\Auth\Link::getInstance($hzad->id, $username)) {
// This twitter account is already linked to another hub account
App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_TWITTER_ACCOUNT_ALREADY_LINKED'), 'error');
return;
} else {
$hzal = \Hubzero\Auth\Link::find_or_create('authentication', 'twitter', null, $username);
$hzal->user_id = User::get('id');
$hzal->update();
}
} else {
// User didn't authorize our app, or, clicked cancel
App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_TWITTER_MUST_AUTHORIZE_TO_LINK', Config::get('sitename')), 'error');
return;
}
}
/**
* @access public
* @param array - $options
* @return void
*/
public function link($options = array())
{
if ($status = $this->status()) {
$this->log('link', $status);
// Get unique username
$username = $status['eppn'];
$hzad = \Hubzero\Auth\Domain::getInstance('authentication', 'shibboleth', $status['idp']);
if (\Hubzero\Auth\Link::getInstance($hzad->id, $username)) {
$this->log('already linked', array('domain' => $hzad->id, 'username' => $username));
App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), 'This account appears to already be linked to a hub account', 'error');
} else {
$hzal = \Hubzero\Auth\Link::find_or_create('authentication', 'shibboleth', $status['idp'], $username);
$hzal->user_id = User::get('id');
$this->log('setting link', $hzal);
$hzal->update();
}
} else {
// User somehow got redirect back without being authenticated (not sure how this would happen?)
App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), 'There was an error linking your account, please try again later.', 'error');
}
}
/**
* Similar to onAuthenticate, except we already have a logged in user, we're just linking accounts
*
* @param array $options
* @return void
*/
public function link($options = array())
{
$jsession = App::get('session');
// Set up linkedin configuration
$linkedin_config['appKey'] = $this->params->get('api_key');
$linkedin_config['appSecret'] = $this->params->get('app_secret');
// Create Object
$linkedin_client = new LinkedIn($linkedin_config);
if (!Request::getVar('oauth_verifier', NULL)) {
// User didn't authorize our app, or, clicked cancel
App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_LINKEDIN_MUST_AUTHORIZE_TO_LOGIN', App::get('sitename')), 'error');
}
// LinkedIn has sent a response, user has granted permission, take the temp access token,
// the user's secret and the verifier to request the user's real secret key
$request = $jsession->get('linkedin.oauth.request');
$reply = $linkedin_client->retrieveTokenAccess($request['oauth_token'], $request['oauth_token_secret'], Request::getVar('oauth_verifier'));
if ($reply['success'] === TRUE) {
// The request went through without an error, gather user's 'access' tokens
$jsession->set('linkedin.oauth.access', $reply['linkedin']);
// Set the user as authorized for future quick reference
$jsession->set('linkedin.oauth.authorized', TRUE);
} else {
return new Exception(Lang::txt('Access token retrieval failed'), 500);
}
if ($jsession->get('linkedin.oauth.authorized') == TRUE) {
$linkedin_client->setTokenAccess($jsession->get('linkedin.oauth.access'));
// Get the linked in profile
$profile = $linkedin_client->profile('~:(id,first-name,last-name,email-address)');
$profile = $profile['linkedin'];
// Parse the profile XML
$profile = new SimpleXMLElement($profile);
// Get the profile values
$li_id = $profile->{'id'};
$username = (string) $li_id;
// (make sure this is unique)
$hzad = \Hubzero\Auth\Domain::getInstance('authentication', 'linkedin', '');
// Create the link
if (\Hubzero\Auth\Link::getInstance($hzad->id, $username)) {
// This linkedin account is already linked to another hub account
App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_LINKEDIN_ACCOUNT_ALREADY_LINKED'), 'error');
} else {
$hzal = \Hubzero\Auth\Link::find_or_create('authentication', 'linkedin', null, $username);
$hzal->user_id = User::get('id');
$hzal->email = (string) $profile->{'email-address'};
$hzal->update();
}
} else {
// User didn't authorize our app, or, clicked cancel
App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_LINKEDIN_MUST_AUTHORIZE_TO_LINK', Config::get('sitename')), 'error');
}
}
/**
* Similar to onAuthenticate, except we already have a logged in user, we're just linking accounts
*
* @param array $options
* @return void
*/
public function link($options = array())
{
// Set up the config for the google api instance
$client = new Google_Client();
$client->setClientId($this->params->get('app_id'));
$client->setClientSecret($this->params->get('app_secret'));
$client->setRedirectUri(self::getRedirectUri('google'));
// Create OAuth2 Instance
$oauth2 = new Google_Service_Oauth2($client);
// If we have this code, we know we have a successful return from google
if ($code = Request::getVar('code', NULL)) {
// Authenticate the user
$client->authenticate($code);
}
// If we have an access token set, carry on
if ($client->getAccessToken()) {
// Get the user info
$user_profile = $oauth2->userinfo->get();
// Make sure we use something unique and consistent here!
$username = $user_profile['email'];
$hzad = \Hubzero\Auth\Domain::getInstance('authentication', 'google', '');
// Create the link
if (\Hubzero\Auth\Link::getInstance($hzad->id, $username)) {
// This google account is already linked to another hub account
App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_GOOGLE_ACCOUNT_ALREADY_LINKED'), 'error');
} else {
// Create the hubzero auth link
$hzal = \Hubzero\Auth\Link::find_or_create('authentication', 'google', null, $username);
$hzal->user_id = User::get('id');
$hzal->email = $user_profile['email'];
$hzal->update();
}
} else {
// User didn't authorize our app, or, clicked cancel...
App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_GOOGLE_MUST_AUTHORIZE_TO_LINK', Config::get('sitename')), 'error');
}
}
/**
* Similar to onAuthenticate, except we already have a logged in user, we're just linking accounts
*
* @param array $options
* @return void
*/
public function link($options = array())
{
// Set up the config for the api instance
$client = new Oauth();
if ($this->params->get('environment') == 'sandbox') {
$client->useSandboxEnvironment();
}
$client->setClientId($this->params->get('app_id'))->setClientSecret($this->params->get('app_secret'))->setRedirectUri(self::getRedirectUri('orcid'));
// If we have a code coming back, the user has authorized our app, and we can authenticate
if ($code = Request::getVar('code', NULL)) {
// Authenticate the user
$client->authenticate($code);
} else {
// User didn't authorize our app or clicked cancel
App::redirect(Route::url('index.php?option=com_users&view=login&return=' . base64_encode('/members/myaccount')), Lang::txt('PLG_AUTHENTICATION_SCISTARTER_MUST_AUTHORIZE_TO_LOGIN', Config::get('sitename')), 'error');
}
if ($client->isAuthenticated()) {
$account = $client->getUserData();
} else {
// User didn't authorize our app or clicked cancel
App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_SCISTARTER_MUST_AUTHORIZE_TO_LINK', Config::get('sitename')), 'error');
}
// Make sure we have a scistarter account
if ($account->scistarter_user_id > 0) {
$username = (string) $account->email;
$hzad = \Hubzero\Auth\Domain::getInstance('authentication', 'scistarter', '');
// Create the link
if (\Hubzero\Auth\Link::getInstance($hzad->id, $username)) {
// This scistarter account is already linked to another hub account
App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_SCISTARTER_ACCOUNT_ALREADY_LINKED'), 'error');
} else {
$hzal = \Hubzero\Auth\Link::find_or_create('authentication', 'scistarter', null, $username);
$hzal->user_id = User::get('id');
$hzal->update();
}
} else {
// User didn't authorize our app, or, clicked cancel
App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_SCISTARTER_AUTHENTICATION_FAILED', Config::get('sitename')), 'error');
}
}
/**
* Similar to onAuthenticate, except we already have a logged in user, we're just linking accounts
*
* @param array $options
* @return void
*/
public function link($options = array())
{
if (Config::get('debug')) {
$debug_location = $this->params->get('debug_location', '/var/log/apache2/php/phpCAS.log');
phpCAS::setDebug($debug_location);
}
$this->initialize();
if (phpCAS::isAuthenticated() && $this->checkBoilerkey()) {
// Get unique username
$username = phpCAS::getUser();
$hzad = \Hubzero\Auth\Domain::getInstance('authentication', 'pucas', '');
// Create the link
if (\Hubzero\Auth\Link::getInstance($hzad->id, $username)) {
// This purdue cas account is already linked to another hub account
App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_PUCAS_ACCOUNT_ALREADY_LINKED'), 'error');
} else {
$hzal = \Hubzero\Auth\Link::find_or_create('authentication', 'pucas', null, $username);
$hzal->user_id = User::get('id');
$hzal->email = phpCAS::getAttribute('email');
$hzal->update();
}
} else {
// User somehow got redirect back without being authenticated (not sure how this would happen?)
App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_PUCAS_ERROR_LINKING'), 'error');
}
}
/**
* Similar to onAuthenticate, except we already have a logged in user, we're just linking accounts
*
* @param array $options
* @return void
*/
public function link($options = array())
{
// Set up the config for the ORCID api instance
$oauth = new Oauth();
$oauth->setClientId($this->params->get('client_id'))->setClientSecret($this->params->get('client_secret'))->setRedirectUri(self::getRedirectUri('orcid'));
// If we have a code coming back, the user has authorized our app, and we can authenticate
if (!Request::getVar('code', NULL)) {
// User didn't authorize our app, or, clicked cancel...
App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_ORCID_MUST_AUTHORIZE_TO_LINK', Config::get('sitename')), 'error');
}
// Authenticate the user
$oauth->authenticate(Request::getVar('code'));
// Check for successful authentication
if ($oauth->isAuthenticated()) {
$orcid = new Profile($oauth);
// Set username to ORCID iD
$username = $orcid->id();
$hzad = \Hubzero\Auth\Domain::getInstance('authentication', 'orcid', '');
// Create the link
if (\Hubzero\Auth\Link::getInstance($hzad->id, $username)) {
// This orcid account is already linked to another hub account
App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_ORCID_ACCOUNT_ALREADY_LINKED'), 'error');
} else {
// Create the hubzero auth link
$hzal = \Hubzero\Auth\Link::find_or_create('authentication', 'orcid', null, $username);
$hzal->user_id = User::get('id');
$hzal->email = $orcid->email();
$hzal->update();
}
} else {
// User didn't authorize our app, or, clicked cancel...
App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_ORCID_MUST_AUTHORIZE_TO_LINK', Config::get('sitename')), 'error');
}
}