/**
* Clear all messages
*
* @param string $domain
* @return void
*/
public function clear($domain)
{
Monster::bake($this->key($domain), $this->expires(0), array());
}
/**
* Mark the overlay as having been viewed
*
* @return void
*/
public function _mark()
{
$this->view->setLayout('mark');
$member = $this->view->offering->member(User::get('id'));
if ($member->get('first_visit') && $member->get('first_visit') != '0000-00-00 00:00:00') {
return;
} elseif (!$member->get('id')) {
$cookie = \Hubzero\Utility\Cookie::eat('plugin.courses.guide');
if (!is_object($cookie) || !isset($cookie->first_visit)) {
// Drop cookie
$lifetime = time() + 365 * 24 * 60 * 60;
\Hubzero\Utility\Cookie::bake('plugin.courses.guide', $lifetime, array('first_visit' => Date::toSql()));
}
}
$member->set('first_visit', Date::toSql());
$member->store();
}
/**
* This method should handle any authentication and report back to the subject
*
* @param array $credentials Array holding the user credentials
* @param array $options Array of extra options
* @param object $response Authentication response object
* @return boolean
*/
public function onUserAuthenticate($credentials, $options, &$response)
{
// Set up the config for the sdk instance
$config = array('appId' => $this->params->get('app_id'), 'secret' => $this->params->get('app_secret'));
// Set defaults
\Facebook\FacebookSession::setDefaultApplication($config['appId'], $config['secret']);
$helper = new \Facebook\FacebookRedirectLoginHelper(self::getReturnUrl($options['return'], true));
try {
$session = $helper->getSessionFromRedirect();
} catch (\Facebook\FacebookRequestException $ex) {
// When Facebook returns an error
} catch (\Exception $ex) {
// When validation fails or other local issues
}
// Make sure we have a user_id (facebook returns 0 for a non-logged in user)
if (isset($user_id) && $user_id > 0 || isset($session) && $session) {
try {
$request = new \Facebook\FacebookRequest($session, 'GET', '/me');
$user_profile = $request->execute()->getGraphObject(\Facebook\GraphUser::className());
$id = $user_profile->getId();
$fullname = $user_profile->getName();
$email = $user_profile->getProperty('email');
$username = $user_profile->getProperty('username');
} catch (\Facebook\FacebookRequestException $e) {
// Error message?
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_FACEBOOK_ERROR_RETRIEVING_PROFILE', $e->getMessage());
return;
}
// Create the hubzero auth link
$method = Component::params('com_users')->get('allowUserRegistration', false) ? 'find_or_create' : 'find';
$hzal = \Hubzero\Auth\Link::$method('authentication', 'facebook', null, $id);
if ($hzal === false) {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_FACEBOOK_UNKNOWN_USER');
return;
}
$hzal->email = $email;
// Set response variables
$response->auth_link = $hzal;
$response->type = 'facebook';
$response->status = \Hubzero\Auth\Status::SUCCESS;
$response->fullname = $fullname;
if (!empty($hzal->user_id)) {
$user = User::getInstance($hzal->user_id);
$response->username = $user->username;
$response->email = $user->email;
$response->fullname = $user->name;
} else {
$response->username = '******' . $hzal->id;
$response->email = $response->username . '@invalid';
// Also set a suggested username for their hub account
$sub_email = explode('@', $email, 2);
$tmp_username = !empty($username) ? $username : $sub_email[0];
App::get('session')->set('auth_link.tmp_username', $tmp_username);
}
$hzal->update();
// If we have a real user, drop the authenticator cookie
if (isset($user) && is_object($user)) {
// Set cookie with login preference info
$prefs = array('user_id' => $user->get('id'), 'user_img' => 'https://graph.facebook.com/v2.0/' . $id . '/picture?type=normal', 'authenticator' => 'facebook');
$namespace = 'authenticator';
$lifetime = time() + 365 * 24 * 60 * 60;
\Hubzero\Utility\Cookie::bake($namespace, $lifetime, $prefs);
}
} else {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_FACEBOOK_AUTHENTICATION_FAILED');
}
}
/**
* This method should handle any authentication and report back to the subject
*
* @access public
* @param array $credentials Array holding the user credentials
* @param array $options Array of extra options
* @param object $response Authentication response object
* @return boolean
* @since 1.5
*/
public function onUserAuthenticate($credentials, $options, &$response)
{
// eppn is eduPersonPrincipalName and is the absolute lowest common
// denominator for InCommon attribute exchanges. we can't really do
// anything without it
if (isset($options['shibboleth']['eppn'])) {
$this->log('auth with', $options['shibboleth']);
$method = \Component::params('com_users')->get('allowUserRegistration', FALSE) ? 'find_or_create' : 'find';
$hzal = \Hubzero\Auth\Link::$method('authentication', 'shibboleth', $options['shibboleth']['idp'], $options['shibboleth']['eppn']);
if ($hzal === FALSE) {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = 'Unknown user and new user registration is not permitted.';
return;
}
$hzal->email = isset($options['shibboleth']['email']) ? $options['shibboleth']['email'] : NULL;
$this->log('hzal', $hzal);
$response->auth_link = $hzal;
$response->type = 'shibboleth';
$response->status = \Hubzero\Auth\Status::SUCCESS;
$response->fullname = isset($options['shibboleth']['displayName']) ? ucwords(strtolower($options['shibboleth']['displayName'])) : $options['shibboleth']['username'];
if (!empty($hzal->user_id)) {
$user = User::getInstance($hzal->user_id);
// Bring this in line with the rest of the system
$response->username = $user->username;
$response->email = $user->email;
$response->fullname = $user->name;
} else {
$response->username = '******' . $hzal->id;
// The Open Group Base Specifications Issue 6, Section 3.426
$response->email = $response->username . '@invalid';
// RFC2606, section 2
// Also set a suggested username for their hub account
App::get('session')->set('auth_link.tmp_username', $options['shibboleth']['username']);
}
$hzal->update();
// If we have a real user, drop the authenticator cookie
if (isset($user) && is_object($user)) {
// Set cookie with login preference info
$prefs = array('user_id' => $user->get('id'), 'user_img' => \Hubzero\User\Profile::getInstance($user->get('id'))->getPicture(0, false), 'authenticator' => 'shibboleth');
$this->log('auth cookie', $prefs);
$namespace = 'authenticator';
$lifetime = time() + 365 * 24 * 60 * 60;
\Hubzero\Utility\Cookie::bake($namespace, $lifetime, $prefs);
}
} else {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = 'An error occurred verifying your credentials.';
}
}
/**
* This method should handle any authentication and report back to the subject
*
* @param array $credentials the user credentials
* @param array $options any extra options
* @param object $response authentication response object
* @return void
*/
public function onUserAuthenticate($credentials, $options, &$response)
{
// Check for the required subject dn field
if (isset($_SERVER['SSL_CLIENT_S_DN']) && $_SERVER['SSL_CLIENT_S_DN']) {
$domain = $_SERVER['SSL_CLIENT_I_DN_CN'];
$username = $_SERVER['SSL_CLIENT_S_DN_CN'];
$method = Component::params('com_users')->get('allowUserRegistration', false) ? 'find_or_create' : 'find';
$hzal = \Hubzero\Auth\Link::$method('authentication', 'certificate', $domain, $username);
if ($hzal === false) {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_CERTIFICATE_UNKNOWN_USER');
return;
}
$hzal->email = $_SERVER['SSL_CLIENT_S_DN_Email'];
$response->auth_link = $hzal;
$response->type = 'certificate';
$response->status = \Hubzero\Auth\Status::SUCCESS;
$response->fullname = $username;
// Try to deduce fullname from potential patern (ex: LAST.FIRST.MIDDLE.ID)
if (preg_match('/([[:alpha:]]*)\\.([[:alpha:]]*)\\.([[:alpha:]]*)/', $username, $matches)) {
$response->fullname = ucfirst($matches[2]) . ' ' . ucfirst($matches[3]) . ' ' . ucfirst($matches[1]);
}
if (!empty($hzal->user_id)) {
$user = User::getInstance($hzal->user_id);
$response->username = $user->get('username');
$response->email = $user->get('email');
$response->fullname = $user->get('name');
} else {
$response->username = '******' . $hzal->id;
$response->email = $response->username . '@invalid';
// Also set a suggested username for their hub account
App::get('session')->set('auth_link.tmp_username', $username);
}
$hzal->update();
// If we have a real user, drop the authenticator cookie
if (isset($user) && is_object($user)) {
// Set cookie with login preference info
$prefs = array('user_id' => $user->get('id'), 'user_img' => $user->picture(0, false), 'authenticator' => 'certificate');
$namespace = 'authenticator';
$lifetime = time() + 365 * 24 * 60 * 60;
\Hubzero\Utility\Cookie::bake($namespace, $lifetime, $prefs);
}
} else {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_CERTIFICATE_AUTHENTICATION_FAILED');
}
}
/**
* This method should handle any authentication and report back to the subject
*
* @param array $credentials Array holding the user credentials
* @param array $options Array of extra options
* @param object $response Authentication response object
* @return boolean
*/
public function onUserAuthenticate($credentials, $options, &$response)
{
// Make sure we have authorization
$jsession = App::get('session');
if ($jsession->get('linkedin.oauth.authorized') == TRUE) {
// User initiated LinkedIn connection, set up config
$config = array('appKey' => $this->params->get('api_key'), 'appSecret' => $this->params->get('app_secret'), 'callbackUrl' => self::getRedirectUri('linkedin'));
// Create the object
$linkedin_client = new LinkedIn($config);
$linkedin_client->setTokenAccess($jsession->get('linkedin.oauth.access'));
// Get the linked in profile
$profile = $linkedin_client->profile('~:(id,first-name,last-name,email-address,picture-urls::(original))');
$profile = $profile['linkedin'];
// Parse the profile XML
$profile = new SimpleXMLElement($profile);
// Get the profile values
$li_id = $profile->{'id'};
$first_name = $profile->{'first-name'};
$last_name = $profile->{'last-name'};
$full_name = $first_name . ' ' . $last_name;
$username = (string) $li_id;
// (make sure this is unique)
$method = Component::params('com_users')->get('allowUserRegistration', false) ? 'find_or_create' : 'find';
$hzal = \Hubzero\Auth\Link::$method('authentication', 'linkedin', null, $username);
if ($hzal === false) {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_LINKEDIN_UNKNOWN_USER');
return;
}
$hzal->email = (string) $profile->{'email-address'};
// Set response variables
$response->auth_link = $hzal;
$response->type = 'linkedin';
$response->status = \Hubzero\Auth\Status::SUCCESS;
$response->fullname = $full_name;
if (!empty($hzal->user_id)) {
$user = User::getInstance($hzal->user_id);
$response->username = $user->username;
$response->email = $user->email;
$response->fullname = $user->name;
} else {
$response->username = '******' . $hzal->id;
$response->email = $response->username . '@invalid';
// Also set a suggested username for their hub account
$sub_email = explode('@', (string) $profile->{'email-address'}, 2);
$tmp_username = $sub_email[0];
$jsession->set('auth_link.tmp_username', $tmp_username);
}
$hzal->update();
// If we have a real user, drop the authenticator cookie
if (isset($user) && is_object($user)) {
// Set cookie with login preference info
$prefs = array('user_id' => $user->get('id'), 'user_img' => (string) $profile->{'picture-urls'}->{'picture-url'}, 'authenticator' => 'linkedin');
$namespace = 'authenticator';
$lifetime = time() + 365 * 24 * 60 * 60;
\Hubzero\Utility\Cookie::bake($namespace, $lifetime, $prefs);
}
} else {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_LINKEDIN_AUTHENTICATION_FAILED');
}
}
/**
* This method should handle any authentication and report back to the subject
*
* @param array $credentials Array holding the user credentials
* @param array $options Array of extra options
* @param object $response Authentication response object
* @return boolean
*/
public function onUserAuthenticate($credentials, $options, &$response)
{
// Build twitter object using temp credentials saved in session
$twitter = new TwitterOAuth($this->params->get('app_id'), $this->params->get('app_secret'), App::get('session')->get('twitter.oauth.token'), App::get('session')->get('twitter.oauth.token_secret'));
// Request user specific (longer lasting) credentials
$token_credentials = $twitter->getAccessToken(Request::getVar('oauth_verifier'));
// Build new twitter object with user credentials
$twitter = new TwitterOAuth($this->params->get('app_id'), $this->params->get('app_secret'), $token_credentials['oauth_token'], $token_credentials['oauth_token_secret']);
// Get user account info
$account = $twitter->get('account/verify_credentials');
// Make sure we have a twitter account
if (!$account->errors && $account->id > 0) {
// Get id as username (silly, but we cast to string, otherwise find_or_create bellow fails)
$username = (string) $account->id;
// Create the hubzero auth link
$method = Component::params('com_users')->get('allowUserRegistration', false) ? 'find_or_create' : 'find';
$hzal = \Hubzero\Auth\Link::$method('authentication', 'twitter', null, $username);
if ($hzal === false) {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_TWITTER_UNKNOWN_USER');
return;
}
// Set response variables
$response->auth_link = $hzal;
$response->type = 'twitter';
$response->status = \Hubzero\Auth\Status::SUCCESS;
$response->fullname = $account->name;
if (!empty($hzal->user_id)) {
$user = User::getInstance($hzal->user_id);
$response->username = $user->username;
$response->email = $user->email;
$response->fullname = $user->name;
} else {
$response->username = '******' . $hzal->id;
$response->email = $response->username . '@invalid';
// Also set a suggested username for their hub account
App::get('session')->set('auth_link.tmp_username', $account->screen_name);
}
$hzal->update();
// If we have a real user, drop the authenticator cookie
if (isset($user) && is_object($user)) {
// Set cookie with login preference info
$prefs = array('user_id' => $user->get('id'), 'user_img' => str_replace('_normal', '', $account->profile_image_url_https), 'authenticator' => 'twitter');
$namespace = 'authenticator';
$lifetime = time() + 365 * 24 * 60 * 60;
\Hubzero\Utility\Cookie::bake($namespace, $lifetime, $prefs);
}
} else {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_TWITTER_AUTHENTICATION_FAILED');
}
}
/**
* This method should handle any authentication and report back to the subject
*
* @param array $credentials Array holding the user credentials
* @param array $options Array of extra options
* @param object $response Authentication response object
* @return boolean
*/
public function onUserAuthenticate($credentials, $options, &$response)
{
// Set up the config for the google api instance
$client = new Google_Client();
$client->setClientId($this->params->get('app_id'));
$client->setClientSecret($this->params->get('app_secret'));
// Create OAuth2 Instance
$oauth2 = new Google_Service_Oauth2($client);
// Check if there's an active token in the session
$jsession = App::get('session');
if ($jsession->get('google.token', NULL)) {
$client->setAccessToken($jsession->get('google.token'));
}
// If we have an access token set, carry on
if ($client->getAccessToken()) {
// Get the user info
$user_profile = $oauth2->userinfo->get();
// Set username to email address, which will fail and force registration update
// (we have to make sure we get something unique from google)
$username = $user_profile['email'];
// Create the hubzero auth link
$method = Component::params('com_users')->get('allowUserRegistration', false) ? 'find_or_create' : 'find';
$hzal = \Hubzero\Auth\Link::$method('authentication', 'google', null, $username);
if ($hzal === false) {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_GOOGLE_UNKNOWN_USER');
return;
}
$hzal->email = $user_profile['email'];
// Set response variables
$response->auth_link = $hzal;
$response->type = 'google';
$response->status = \Hubzero\Auth\Status::SUCCESS;
$response->fullname = $user_profile['name'];
if (!empty($hzal->user_id)) {
$user = User::getInstance($hzal->user_id);
$response->username = $user->username;
$response->email = $user->email;
$response->fullname = $user->name;
} else {
$response->username = '******' . $hzal->id;
$response->email = $response->username . '@invalid';
// Also set a suggested username for their hub account
$sub_email = explode('@', $user_profile['email'], 2);
$tmp_username = $sub_email[0];
$jsession->set('auth_link.tmp_username', $tmp_username);
}
$hzal->update();
// If we have a real user, drop the authenticator cookie
if (isset($user) && is_object($user)) {
// Set cookie with login preference info
$prefs = array('user_id' => $user->get('id'), 'user_img' => $user_profile['picture'] . '?sz=100', 'authenticator' => 'google');
$namespace = 'authenticator';
$lifetime = time() + 365 * 24 * 60 * 60;
\Hubzero\Utility\Cookie::bake($namespace, $lifetime, $prefs);
}
} else {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_GOOGLE_AUTHENTICATION_FAILED');
}
}
/**
* This method should handle any authentication and report back to the subject
*
* @param array $credentials Array holding the user credentials
* @param array $options Array of extra options
* @param object $response Authentication response object
* @return boolean
*/
public function onUserAuthenticate($credentials, $options, &$response)
{
// Set up the config for the api instance
$client = new Oauth();
if ($this->params->get('environment') == 'sandbox') {
$client->useSandboxEnvironment();
}
$client->setClientId($this->params->get('app_id'))->setClientSecret($this->params->get('app_secret'))->setRedirectUri(self::getRedirectUri('scistarter'));
if (App::get('session')->get('scistarter.token', NULL)) {
$client->setAccessToken(App::get('session')->get('scistarter.token'));
}
// If we have an access token set, carry on
if ($client->isAuthenticated()) {
$account = $client->getUserData();
// Make sure we have a Scistarter account
if ($account->scistarter_user_id > 0) {
$username = (string) $account->email;
// Create the hubzero auth link
$method = Component::params('com_users')->get('allowUserRegistration', false) ? 'find_or_create' : 'find';
$hzal = \Hubzero\Auth\Link::$method('authentication', 'scistarter', null, $username);
if ($hzal === false) {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_SCISTARTER_UNKNOWN_USER');
return;
}
$hzal->email = $account->email;
// Set response variables
$response->auth_link = $hzal;
$response->type = 'scistarter';
$response->status = \Hubzero\Auth\Status::SUCCESS;
$response->fullname = $account->email;
if (!empty($hzal->user_id)) {
$user = User::getInstance($hzal->user_id);
$response->username = $user->username;
$response->email = $user->email;
$response->fullname = $user->name;
} else {
$response->username = '******' . $hzal->id;
$response->email = $response->username . '@invalid';
// Also set a suggested username for their hub account
$sub_email = explode('@', $account->email, 2);
$tmp_username = $sub_email[0];
Session::set('auth_link.tmp_username', $tmp_username);
}
$hzal->update();
// If we have a real user, drop the authenticator cookie
if (isset($user) && is_object($user)) {
// Set cookie with login preference info
$prefs = array('user_id' => $user->get('id'), 'user_img' => $user->picture(0, false), 'authenticator' => 'scistarter');
$namespace = 'authenticator';
$lifetime = time() + 365 * 24 * 60 * 60;
\Hubzero\Utility\Cookie::bake($namespace, $lifetime, $prefs);
}
} else {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_SCISTARTER_AUTHENTICATION_FAILED');
}
} else {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_SCISTARTER_AUTHENTICATION_FAILED');
}
}
/**
* This method should handle any authentication and report back to the subject
*
* @param array $credentials Array holding the user credentials
* @param array $options Array of extra options
* @param object $response Authentication response object
* @return boolean
*/
public function onUserAuthenticate($credentials, $options, &$response)
{
jimport('joomla.user.helper');
// For JLog
$response->type = 'hubzero';
// HUBzero does not like blank passwords
if (empty($credentials['password'])) {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_HUBZERO_ERROR_EMPTY_PASS');
return false;
}
// Initialize variables
$conditions = '';
// Get a database object
$db = \App::get('db');
// Determine if attempting to log in via username or email address
if (strpos($credentials['username'], '@')) {
$conditions = ' WHERE email=' . $db->Quote($credentials['username']);
} else {
$conditions = ' WHERE username='******'username']);
}
$query = 'SELECT `id`, `username`, `password`' . ' FROM `#__users`' . $conditions . ' AND `block` != 1';
$db->setQuery($query);
$result = $db->loadObjectList();
if (is_array($result) && count($result) > 1) {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_HUBZERO_UNKNOWN_USER');
return false;
} elseif (is_array($result) && isset($result[0])) {
$result = $result[0];
}
// Now make sure they haven't made too many failed login attempts
if (\Hubzero\User\User::oneOrFail($result->id)->hasExceededLoginLimit()) {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_HUBZERO_TOO_MANY_ATTEMPTS');
return false;
}
if ($result) {
if (\Hubzero\User\Password::passwordMatches($result->username, $credentials['password'], true)) {
$user = User::getInstance($result->id);
$response->username = $user->username;
$response->email = $user->email;
$response->fullname = $user->name;
$response->status = \Hubzero\Auth\Status::SUCCESS;
$response->error_message = '';
// Check validity and age of password
$password_rules = \Hubzero\Password\Rule::getRules();
$msg = \Hubzero\Password\Rule::validate($credentials['password'], $password_rules, $result->username);
if (is_array($msg) && !empty($msg[0])) {
App::get('session')->set('badpassword', '1');
}
if (\Hubzero\User\Password::isPasswordExpired($result->username)) {
App::get('session')->set('expiredpassword', '1');
}
// Set cookie with login preference info
$prefs = array('user_id' => $user->get('id'), 'user_img' => \Hubzero\User\Profile::getInstance($user->get('id'))->getPicture(0, false), 'authenticator' => 'hubzero');
$namespace = 'authenticator';
$lifetime = time() + 365 * 24 * 60 * 60;
\Hubzero\Utility\Cookie::bake($namespace, $lifetime, $prefs);
} else {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_HUBZERO_AUTHENTICATION_FAILED');
}
} else {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_HUBZERO_AUTHENTICATION_FAILED');
}
}
/**
* This method should handle any authentication and report back to the subject
*
* @param array $credentials Array holding the user credentials
* @param array $options Array of extra options
* @param object $response Authentication response object
* @return boolean
*/
public function onUserAuthenticate($credentials, $options, &$response)
{
if (Config::get('debug')) {
$debug_location = $this->params->get('debug_location', '/var/log/apache2/php/phpCAS.log');
phpCAS::setDebug($debug_location);
}
$this->initialize();
try {
$authenticated = phpCAS::isAuthenticated();
} catch (CAS_AuthenticationException $e) {
throw new Exception(Lang::txt('PLG_AUTHENTICATION_PUCAS_ERROR_EXPIRED_TICKET'), 400);
}
$return = isset($options['return']) ? $options['return'] : '';
if ($authenticated && $this->checkBoilerkey($return)) {
$username = phpCAS::getUser();
$method = Component::params('com_users')->get('allowUserRegistration', false) ? 'find_or_create' : 'find';
$hzal = \Hubzero\Auth\Link::$method('authentication', 'pucas', null, $username);
if ($hzal === false) {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_PUCAS_UNKNOWN_USER');
return;
}
$hzal->email = $username . '@purdue.edu';
$response->auth_link = $hzal;
$response->type = 'pucas';
$response->status = \Hubzero\Auth\Status::SUCCESS;
$email = phpCAS::getAttribute('email');
$name = phpCAS::getAttribute('fullname');
if (!empty($email)) {
$hzal->email = $email;
}
if (!empty($name)) {
$response->fullname = ucwords(strtolower($name));
}
if (!empty($hzal->user_id)) {
$user = User::getInstance($hzal->user_id);
// Bring this in line with the rest of the system
$response->username = $user->username;
$response->email = $user->email;
$response->fullname = $user->name;
} else {
$response->username = '******' . $hzal->id;
// The Open Group Base Specifications Issue 6, Section 3.426
$response->email = $response->username . '@invalid';
// RFC2606, section 2
// Also set a suggested username for their hub account
App::get('session')->set('auth_link.tmp_username', $username);
}
$hzal->update();
// If we have a real user, drop the authenticator cookie
if (isset($user) && is_object($user)) {
// Set cookie with login preference info
$prefs = array('user_id' => $user->get('id'), 'user_img' => \Hubzero\User\Profile::getInstance($user->get('id'))->getPicture(0, false), 'authenticator' => 'pucas');
$namespace = 'authenticator';
$lifetime = time() + 365 * 24 * 60 * 60;
\Hubzero\Utility\Cookie::bake($namespace, $lifetime, $prefs);
}
} else {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_PUCAS_AUTHENTICATION_FAILED');
}
}
/**
* This method should handle any authentication and report back to the subject
*
* @param array $credentials Array holding the user credentials
* @param array $options Array of extra options
* @param object $response Authentication response object
* @return boolean
*/
public function onUserAuthenticate($credentials, $options, &$response)
{
// Set up the config for the ORCID api instance
$oauth = new Oauth();
$oauth->setClientId($this->params->get('client_id'))->setClientSecret($this->params->get('client_secret'))->setRedirectUri(self::getRedirectUri('orcid'));
// Authenticate the user
$oauth->authenticate(Request::getVar('code'));
// Check for successful authentication
if ($oauth->isAuthenticated()) {
$orcid = new Profile($oauth);
// Set username to ORCID iD
$username = $orcid->id();
// Create the hubzero auth link
$method = Component::params('com_users')->get('allowUserRegistration', false) ? 'find_or_create' : 'find';
$hzal = \Hubzero\Auth\Link::$method('authentication', 'orcid', null, $username);
if ($hzal === false) {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_ORCID_UNKNOWN_USER');
return;
}
$hzal->email = $orcid->email() ? $orcid->email() : null;
// Set response variables
$response->auth_link = $hzal;
$response->type = 'orcid';
$response->status = \Hubzero\Auth\Status::SUCCESS;
$response->fullname = $orcid->fullName();
if (!empty($hzal->user_id)) {
$user = User::getInstance($hzal->user_id);
$response->username = $user->username;
$response->email = $user->email;
$response->fullname = $user->name;
} else {
$response->username = '******' . $hzal->id;
$response->email = $response->username . '@invalid';
// Also set a suggested username for their hub account
Session::set('auth_link.tmp_username', str_replace(' ', '', strtolower($response->fullname)));
Session::set('auth_link.tmp_orcid', $username);
}
$hzal->update();
// If we have a real user, drop the authenticator cookie
if (isset($user) && is_object($user)) {
// Set cookie with login preference info
$prefs = array('user_id' => $user->get('id'), 'user_img' => null, 'authenticator' => 'orcid');
$namespace = 'authenticator';
$lifetime = time() + 365 * 24 * 60 * 60;
\Hubzero\Utility\Cookie::bake($namespace, $lifetime, $prefs);
}
} else {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_ORCID_AUTHENTICATION_FAILED');
}
}
