/** * Similar to onAuthenticate, except we already have a logged in user, we're just linking accounts * * @param array $options additional options * @return void */ public function link($options = array()) { // Check for the required subject dn field if ($this->isAuthenticated()) { $domain = $_SERVER['SSL_CLIENT_I_DN_CN']; $username = $_SERVER['SSL_CLIENT_S_DN_CN']; $hzad = \Hubzero\Auth\Domain::getInstance('authentication', 'certificate', $domain); // Create the link if (\Hubzero\Auth\Link::getInstance($hzad->id, $username)) { // This certificate account is already linked to another hub account App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_CERTIFICATE_ACCOUNT_ALREADY_LINKED'), 'error'); } else { $hzal = \Hubzero\Auth\Link::find_or_create('authentication', 'certificate', $domain, $username); $hzal->user_id = User::get('id'); $hzal->email = $_SERVER['SSL_CLIENT_S_DN_Email']; $hzal->update(); } } else { // User somehow got redirect back without being authenticated (not sure how this would happen?) App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_CERTIFICATE_ERROR_LINKING_CERT'), 'error'); } }
/** * Similar to onAuthenticate, except we already have a logged in user, we're just linking accounts * * @param array $options * @return void */ public function link($options = array()) { // Set up the config for the sdk instance $config = array('appId' => $this->params->get('app_id'), 'secret' => $this->params->get('app_secret')); // Set defaults \Facebook\FacebookSession::setDefaultApplication($config['appId'], $config['secret']); $helper = new \Facebook\FacebookRedirectLoginHelper(self::getReturnUrl($options['return'])); try { $session = $helper->getSessionFromRedirect(); } catch (\Facebook\FacebookRequestException $ex) { // When Facebook returns an error } catch (\Exception $ex) { // When validation fails or other local issues } // Make sure we have a user_id (facebook returns 0 for a non-logged in user) if (isset($user_id) && $user_id > 0 || isset($session) && $session) { try { $request = new \Facebook\FacebookRequest($session, 'GET', '/me'); $user_profile = $request->execute()->getGraphObject(\Facebook\GraphUser::className()); $id = $user_profile->getId(); $email = $user_profile->getProperty('email'); } catch (\Facebook\FacebookRequestException $e) { // Error message? $response->status = \Hubzero\Auth\Status::FAILURE; $response->error_message = Lang::txt('PLG_AUTHENTICATION_FACEBOOK_ERROR_RETRIEVING_PROFILE', $e->getMessage()); return; } $hzad = \Hubzero\Auth\Domain::getInstance('authentication', 'facebook', ''); // Create the link if (\Hubzero\Auth\Link::getInstance($hzad->id, $id)) { // This facebook account is already linked to another hub account App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_FACEBOOK_ACCOUNT_ALREADY_LINKED'), 'error'); } else { $hzal = \Hubzero\Auth\Link::find_or_create('authentication', 'facebook', null, $id); $hzal->user_id = User::get('id'); $hzal->email = $email; $hzal->update(); } } else { // User didn't authorize our app, or, clicked cancel App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_FACEBOOK_MUST_AUTHORIZE_TO_LINK', Config::get('sitename')), 'error'); } }
/** * Similar to onAuthenticate, except we already have a logged in user, we're just linking accounts * * @param array $options * @return void */ public function link($options = array()) { // Build twitter object using temp credentials saved in session $twitter = new TwitterOAuth($this->params->get('app_id'), $this->params->get('app_secret'), App::get('session')->get('twitter.oauth.token'), App::get('session')->get('twitter.oauth.token_secret')); // Request user specific (longer lasting) credentials $token_credentials = $twitter->getAccessToken(Request::getVar('oauth_verifier')); // Build new twitter object with user credentials $twitter = new TwitterOAuth($this->params->get('app_id'), $this->params->get('app_secret'), $token_credentials['oauth_token'], $token_credentials['oauth_token_secret']); // Get user account info $account = $twitter->get('account/verify_credentials'); // Make sure we have a twitter account if (!$account->errors && $account->id > 0) { // Get unique username $username = (string) $account->id; $hzad = \Hubzero\Auth\Domain::getInstance('authentication', 'twitter', ''); // Create the link if (\Hubzero\Auth\Link::getInstance($hzad->id, $username)) { // This twitter account is already linked to another hub account App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_TWITTER_ACCOUNT_ALREADY_LINKED'), 'error'); return; } else { $hzal = \Hubzero\Auth\Link::find_or_create('authentication', 'twitter', null, $username); $hzal->user_id = User::get('id'); $hzal->update(); } } else { // User didn't authorize our app, or, clicked cancel App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_TWITTER_MUST_AUTHORIZE_TO_LINK', Config::get('sitename')), 'error'); return; } }
/** * @access public * @param array - $options * @return void */ public function link($options = array()) { if ($status = $this->status()) { $this->log('link', $status); // Get unique username $username = $status['eppn']; $hzad = \Hubzero\Auth\Domain::getInstance('authentication', 'shibboleth', $status['idp']); if (\Hubzero\Auth\Link::getInstance($hzad->id, $username)) { $this->log('already linked', array('domain' => $hzad->id, 'username' => $username)); App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), 'This account appears to already be linked to a hub account', 'error'); } else { $hzal = \Hubzero\Auth\Link::find_or_create('authentication', 'shibboleth', $status['idp'], $username); $hzal->user_id = User::get('id'); $this->log('setting link', $hzal); $hzal->update(); } } else { // User somehow got redirect back without being authenticated (not sure how this would happen?) App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), 'There was an error linking your account, please try again later.', 'error'); } }
/** * Similar to onAuthenticate, except we already have a logged in user, we're just linking accounts * * @param array $options * @return void */ public function link($options = array()) { $jsession = App::get('session'); // Set up linkedin configuration $linkedin_config['appKey'] = $this->params->get('api_key'); $linkedin_config['appSecret'] = $this->params->get('app_secret'); // Create Object $linkedin_client = new LinkedIn($linkedin_config); if (!Request::getVar('oauth_verifier', NULL)) { // User didn't authorize our app, or, clicked cancel App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_LINKEDIN_MUST_AUTHORIZE_TO_LOGIN', App::get('sitename')), 'error'); } // LinkedIn has sent a response, user has granted permission, take the temp access token, // the user's secret and the verifier to request the user's real secret key $request = $jsession->get('linkedin.oauth.request'); $reply = $linkedin_client->retrieveTokenAccess($request['oauth_token'], $request['oauth_token_secret'], Request::getVar('oauth_verifier')); if ($reply['success'] === TRUE) { // The request went through without an error, gather user's 'access' tokens $jsession->set('linkedin.oauth.access', $reply['linkedin']); // Set the user as authorized for future quick reference $jsession->set('linkedin.oauth.authorized', TRUE); } else { return new Exception(Lang::txt('Access token retrieval failed'), 500); } if ($jsession->get('linkedin.oauth.authorized') == TRUE) { $linkedin_client->setTokenAccess($jsession->get('linkedin.oauth.access')); // Get the linked in profile $profile = $linkedin_client->profile('~:(id,first-name,last-name,email-address)'); $profile = $profile['linkedin']; // Parse the profile XML $profile = new SimpleXMLElement($profile); // Get the profile values $li_id = $profile->{'id'}; $username = (string) $li_id; // (make sure this is unique) $hzad = \Hubzero\Auth\Domain::getInstance('authentication', 'linkedin', ''); // Create the link if (\Hubzero\Auth\Link::getInstance($hzad->id, $username)) { // This linkedin account is already linked to another hub account App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_LINKEDIN_ACCOUNT_ALREADY_LINKED'), 'error'); } else { $hzal = \Hubzero\Auth\Link::find_or_create('authentication', 'linkedin', null, $username); $hzal->user_id = User::get('id'); $hzal->email = (string) $profile->{'email-address'}; $hzal->update(); } } else { // User didn't authorize our app, or, clicked cancel App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_LINKEDIN_MUST_AUTHORIZE_TO_LINK', Config::get('sitename')), 'error'); } }
/** * Similar to onAuthenticate, except we already have a logged in user, we're just linking accounts * * @param array $options * @return void */ public function link($options = array()) { // Set up the config for the google api instance $client = new Google_Client(); $client->setClientId($this->params->get('app_id')); $client->setClientSecret($this->params->get('app_secret')); $client->setRedirectUri(self::getRedirectUri('google')); // Create OAuth2 Instance $oauth2 = new Google_Service_Oauth2($client); // If we have this code, we know we have a successful return from google if ($code = Request::getVar('code', NULL)) { // Authenticate the user $client->authenticate($code); } // If we have an access token set, carry on if ($client->getAccessToken()) { // Get the user info $user_profile = $oauth2->userinfo->get(); // Make sure we use something unique and consistent here! $username = $user_profile['email']; $hzad = \Hubzero\Auth\Domain::getInstance('authentication', 'google', ''); // Create the link if (\Hubzero\Auth\Link::getInstance($hzad->id, $username)) { // This google account is already linked to another hub account App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_GOOGLE_ACCOUNT_ALREADY_LINKED'), 'error'); } else { // Create the hubzero auth link $hzal = \Hubzero\Auth\Link::find_or_create('authentication', 'google', null, $username); $hzal->user_id = User::get('id'); $hzal->email = $user_profile['email']; $hzal->update(); } } else { // User didn't authorize our app, or, clicked cancel... App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_GOOGLE_MUST_AUTHORIZE_TO_LINK', Config::get('sitename')), 'error'); } }
/** * Similar to onAuthenticate, except we already have a logged in user, we're just linking accounts * * @param array $options * @return void */ public function link($options = array()) { // Set up the config for the api instance $client = new Oauth(); if ($this->params->get('environment') == 'sandbox') { $client->useSandboxEnvironment(); } $client->setClientId($this->params->get('app_id'))->setClientSecret($this->params->get('app_secret'))->setRedirectUri(self::getRedirectUri('orcid')); // If we have a code coming back, the user has authorized our app, and we can authenticate if ($code = Request::getVar('code', NULL)) { // Authenticate the user $client->authenticate($code); } else { // User didn't authorize our app or clicked cancel App::redirect(Route::url('index.php?option=com_users&view=login&return=' . base64_encode('/members/myaccount')), Lang::txt('PLG_AUTHENTICATION_SCISTARTER_MUST_AUTHORIZE_TO_LOGIN', Config::get('sitename')), 'error'); } if ($client->isAuthenticated()) { $account = $client->getUserData(); } else { // User didn't authorize our app or clicked cancel App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_SCISTARTER_MUST_AUTHORIZE_TO_LINK', Config::get('sitename')), 'error'); } // Make sure we have a scistarter account if ($account->scistarter_user_id > 0) { $username = (string) $account->email; $hzad = \Hubzero\Auth\Domain::getInstance('authentication', 'scistarter', ''); // Create the link if (\Hubzero\Auth\Link::getInstance($hzad->id, $username)) { // This scistarter account is already linked to another hub account App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_SCISTARTER_ACCOUNT_ALREADY_LINKED'), 'error'); } else { $hzal = \Hubzero\Auth\Link::find_or_create('authentication', 'scistarter', null, $username); $hzal->user_id = User::get('id'); $hzal->update(); } } else { // User didn't authorize our app, or, clicked cancel App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_SCISTARTER_AUTHENTICATION_FAILED', Config::get('sitename')), 'error'); } }
/** * Similar to onAuthenticate, except we already have a logged in user, we're just linking accounts * * @param array $options * @return void */ public function link($options = array()) { if (Config::get('debug')) { $debug_location = $this->params->get('debug_location', '/var/log/apache2/php/phpCAS.log'); phpCAS::setDebug($debug_location); } $this->initialize(); if (phpCAS::isAuthenticated() && $this->checkBoilerkey()) { // Get unique username $username = phpCAS::getUser(); $hzad = \Hubzero\Auth\Domain::getInstance('authentication', 'pucas', ''); // Create the link if (\Hubzero\Auth\Link::getInstance($hzad->id, $username)) { // This purdue cas account is already linked to another hub account App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_PUCAS_ACCOUNT_ALREADY_LINKED'), 'error'); } else { $hzal = \Hubzero\Auth\Link::find_or_create('authentication', 'pucas', null, $username); $hzal->user_id = User::get('id'); $hzal->email = phpCAS::getAttribute('email'); $hzal->update(); } } else { // User somehow got redirect back without being authenticated (not sure how this would happen?) App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_PUCAS_ERROR_LINKING'), 'error'); } }
/** * Similar to onAuthenticate, except we already have a logged in user, we're just linking accounts * * @param array $options * @return void */ public function link($options = array()) { // Set up the config for the ORCID api instance $oauth = new Oauth(); $oauth->setClientId($this->params->get('client_id'))->setClientSecret($this->params->get('client_secret'))->setRedirectUri(self::getRedirectUri('orcid')); // If we have a code coming back, the user has authorized our app, and we can authenticate if (!Request::getVar('code', NULL)) { // User didn't authorize our app, or, clicked cancel... App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_ORCID_MUST_AUTHORIZE_TO_LINK', Config::get('sitename')), 'error'); } // Authenticate the user $oauth->authenticate(Request::getVar('code')); // Check for successful authentication if ($oauth->isAuthenticated()) { $orcid = new Profile($oauth); // Set username to ORCID iD $username = $orcid->id(); $hzad = \Hubzero\Auth\Domain::getInstance('authentication', 'orcid', ''); // Create the link if (\Hubzero\Auth\Link::getInstance($hzad->id, $username)) { // This orcid account is already linked to another hub account App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_ORCID_ACCOUNT_ALREADY_LINKED'), 'error'); } else { // Create the hubzero auth link $hzal = \Hubzero\Auth\Link::find_or_create('authentication', 'orcid', null, $username); $hzal->user_id = User::get('id'); $hzal->email = $orcid->email(); $hzal->update(); } } else { // User didn't authorize our app, or, clicked cancel... App::redirect(Route::url('index.php?option=com_members&id=' . User::get('id') . '&active=account'), Lang::txt('PLG_AUTHENTICATION_ORCID_MUST_AUTHORIZE_TO_LINK', Config::get('sitename')), 'error'); } }