* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License. You may obtain
* a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations
* under the License.
*
*/
require "OpenIDConnectClient.php5";
$oidc = new OpenIDConnectClient('http://myproviderURL.com/', 'ClientIDHere', 'ClientSecretHere');
$oidc->authenticate();
$name = $oidc->requestUserInfo('given_name');
?>
<html>
<head>
<title>Example OpenID Connect Client Use</title>
<style>
body {
font-family: 'Lucida Grande', Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<div>
public function uma_get_refresh_token()
{
$patient = DB::table('demographics_relate')->where('pid', '=', Session::get('pid'))->where('practice_id', '=', Session::get('practice_id'))->first();
$open_id_url = str_replace('/nosh', '/uma-server-webapp/', $patient->url);
$practice = DB::table('practiceinfo')->where('practice_id', '=', '1')->first();
$client_id = $patient->uma_client_id;
$client_secret = $patient->uma_client_secret;
$url = route('uma_get_refresh_token');
$oidc = new OpenIDConnectClient($open_id_url, $client_id, $client_secret);
$oidc->setRedirectURL($url);
$oidc->addScope('openid');
$oidc->addScope('email');
$oidc->addScope('profile');
$oidc->addScope('offline_access');
$oidc->addScope('uma_authorization');
$oidc->authenticate(true);
$firstname = $oidc->requestUserInfo('given_name');
$lastname = $oidc->requestUserInfo('family_name');
$email = $oidc->requestUserInfo('email');
$npi = $oidc->requestUserInfo('npi');
$access_token = $oidc->getAccessToken();
if ($oidc->getRefreshToken() != '') {
$refresh_data['uma_refresh_token'] = $oidc->getRefreshToken();
DB::table('demographics_relate')->where('demographics_relate_id', '=', $patient->demographics_relate_id)->update($refresh_data);
$this->audit('Update');
}
return Redirect::to('chart');
}
public function uma_auth()
{
$open_id_url = str_replace('/nosh', '/uma-server-webapp/', URL::to('/'));
$practice = DB::table('practiceinfo')->where('practice_id', '=', '1')->first();
$client_id = $practice->uma_client_id;
$client_secret = $practice->uma_client_secret;
$url = route('uma_auth');
$oidc = new OpenIDConnectClient($open_id_url, $client_id, $client_secret);
$oidc->setRedirectURL($url);
$oidc->authenticate(true, 'user');
$firstname = $oidc->requestUserInfo('given_name');
$lastname = $oidc->requestUserInfo('family_name');
$email = $oidc->requestUserInfo('email');
$npi = $oidc->requestUserInfo('npi');
$access_token = $oidc->getAccessToken();
if ($npi != '') {
$provider = DB::table('providers')->where('npi', '=', $npi)->first();
if ($provider) {
$user = User::where('id', '=', $provider->id)->first();
} else {
$user = false;
}
} else {
$user = User::where('uid', '=', $oidc->requestUserInfo('sub'))->first();
//$user = User::where('firstname', '=', $firstname)->where('email', '=', $email)->where('lastname', '=', $lastname)->where('active', '=', '1')->first();
}
if ($user) {
Auth::login($user);
$practice = Practiceinfo::find($user->practice_id);
Session::put('user_id', $user->id);
Session::put('group_id', $user->group_id);
Session::put('practice_id', $user->practice_id);
Session::put('version', $practice->version);
Session::put('practice_active', $practice->active);
Session::put('displayname', $user->displayname);
Session::put('documents_dir', $practice->documents_dir);
Session::put('rcopia', $practice->rcopia_extension);
Session::put('mtm_extension', $practice->mtm_extension);
Session::put('patient_centric', $practice->patient_centric);
Session::put('uma_auth_access_token', $access_token);
setcookie("login_attempts", 0, time() + 900, '/');
return Redirect::intended('/');
} else {
$practice_npi = $oidc->requestUserInfo('practice_npi');
$practice_id = false;
if ($practice_npi != '') {
$practice_npi_array = explode(',', $practice_npi);
$practice_npi_array_null = array();
foreach ($practice_npi_array as $practice_npi_item) {
$practice_query = DB::table('practiceinfo')->where('npi', '=', $practice_npi_item)->first();
if ($practice_query) {
$practice_id = $practice_query->practice_id;
} else {
$practice_npi_array_null[] = $practice_npi_item;
}
}
}
if ($practice_id == false) {
if (count($practice_npi_array_null) == 1) {
$url = 'http://docnpi.com/api/index.php?ident=' . $practice_npi_array_null[0] . '&is_ident=true&format=aha';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 15);
$data1 = curl_exec($ch);
curl_close($ch);
$html = new Htmldom($data1);
$practicename = '';
$address = '';
$street_address1 = '';
$city = '';
$state = '';
$zip = '';
if (isset($html)) {
$li = $html->find('li', 0);
if (isset($li)) {
$nomatch = $li->innertext;
if ($nomatch != ' no matching results ') {
$name_item = $li->find('span[class=org]', 0);
$practicename = $name_item->innertext;
$address_item = $li->find('span[class=address]', 0);
$address = $address_item->innertext;
}
}
}
if ($address != '') {
$address_array = explode(',', $address);
if (isset($address_array[0])) {
$street_address1 = trim($address_array[0]);
}
if (isset($address_array[1])) {
$zip = trim($address_array[1]);
}
if (isset($address_array[2])) {
$city = trim($address_array[2]);
}
if (isset($address_array[3])) {
$state = trim($address_array[3]);
}
}
$practice_data = array('npi' => $practice_npi_array_null[0], 'practice_name' => $practicename, 'street_address1' => $street_address1, 'city' => $city, 'state' => $state, 'zip' => $zip, 'documents_dir' => $practice->documents_dir, 'version' => $practice->version, 'active' => 'Y', 'fax_type' => '', 'vivacare' => '', 'patient_centric' => 'yp', 'smtp_user' => $practice->smtp_user, 'smtp_pass' => $practice->smtp_pass);
$practice_id = DB::table('practiceinfo')->insertGetId($practice_data);
$this->audit('Add');
} else {
Session::put('practice_npi_array', implode(',', $practice_npi_array_null));
Session::put('firstname', $firstname);
Session::put('lastname', $lastname);
Session::put('username', $oidc->requestUserInfo('sub'));
Session::put('middle', $oidc->requestUserInfo('middle_name'));
Session::put('displayname', $oidc->requestUserInfo('name'));
Session::put('email', $email);
Session::put('npi', $npi);
Session::put('practice_choose', 'y');
Session::put('uid', $oidc->requestUserInfo('sub'));
Session::put('uma_auth_access_token', $access_token);
return Redirect::to('practice_choose');
}
}
$data = array('username' => $oidc->requestUserInfo('sub'), 'firstname' => $firstname, 'middle' => $oidc->requestUserInfo('middle_name'), 'lastname' => $lastname, 'displayname' => $oidc->requestUserInfo('name'), 'email' => $email, 'group_id' => '2', 'active' => '1', 'practice_id' => $practice_id, 'secret_question' => 'Use HIEofOne to reset your password!', 'uid' => $oidc->requestUserInfo('sub'));
$id = DB::table('users')->insertGetId($data);
$this->audit('Add');
$data1 = array('id' => $id, 'npi' => $npi, 'practice_id' => $practice_id);
DB::table('providers')->insert($data1);
$this->audit('Add');
$user1 = User::where('id', '=', $id)->first();
Auth::login($user1);
$practice1 = Practiceinfo::find($user1->practice_id);
Session::put('user_id', $user1->id);
Session::put('group_id', $user1->group_id);
Session::put('practice_id', $user1->practice_id);
Session::put('version', $practice1->version);
Session::put('practice_active', $practice1->active);
Session::put('displayname', $user1->displayname);
Session::put('documents_dir', $practice1->documents_dir);
Session::put('rcopia', $practice1->rcopia_extension);
Session::put('mtm_extension', $practice1->mtm_extension);
Session::put('patient_centric', $practice1->patient_centric);
Session::put('uma_auth_access_token', $access_token);
setcookie("login_attempts", 0, time() + 900, '/');
return Redirect::intended('/');
}
}
protected function uma_resource_set($url, $name = null, $icon = null, $scopes = null)
{
$open_id_url = str_replace('/nosh', '/uma-server-webapp/', URL::to('/'));
$practice = DB::table('practiceinfo')->where('practice_id', '=', '1')->first();
$client_id = $practice->uma_client_id;
$client_secret = $practice->uma_client_secret;
$oidc = new OpenIDConnectClient($open_id_url, $client_id, $client_secret);
$oidc->setRedirectURL($url);
if (Session::has('uma_auth_pat')) {
$oidc->setAccessToken(Session::get('uma_auth_pat'));
} else {
$oidc->authenticate(true, 'pat');
Session::put('uma_auth_pat', $oidc->getAccessToken());
}
$response = $oidc->resource_set($name, $icon, $scopes);
return $response;
}
function do_login_oidc()
{
global $DB, $userdata, $username, $ip;
if (AUTH_METHOD != "PHP_SESSIONS") {
error("You can only use OpenID Connect if the site is using PHP Sessions for authentication.");
}
if (dbconfig_get('allow_openid_auth', false) == false) {
error("OpenID authentication disabled by administrator.");
}
if (empty(BASEURL)) {
error("OpenID authentication requires that 'BASEURL' be configured.");
}
$provider = dbconfig_get('openid_provider', '');
$clientID = dbconfig_get('openid_clientid', '');
$clientSecret = dbconfig_get('openid_clientsecret', '');
if (empty($provider) || empty($clientID) || empty($clientSecret)) {
error("OpenID details are not configured.");
}
$oidc = new OpenIDConnectClient($provider, $clientID, $clientSecret);
$oidc->addScope(array("openid", "email"));
// TODO: how to dynamically figure this out properly on all/most servers
$oidc->setRedirectURL(BASEURL . "/auth/oid_cb.php");
// For google, forces asking the user what account they want to use every time.
$oidc->addAuthParam(array("prompt" => "select_account"));
if (isset($_REQUEST["code"])) {
// authenticate the code we've received
$oidc->authenticate();
} else {
// save destination url in session so we can redirect after log in
$_SESSION['redirect_after_login'] = $_SERVER['PHP_SELF'];
// Launch the OpenID Connect process
$oidc->authenticate();
}
// we are logged in now, get a bunch of user information from the OID Provider
$username = "******" . $oidc->requestUserInfo("sub");
$email = $oidc->requestUserInfo("email");
// Create the user if they don't exist
$user = $DB->q('MAYBETUPLE SELECT * FROM user WHERE username = %s', $username);
if (!$user) {
$u = array();
// Create a team for the user as well
if (dbconfig_get("openid_autocreate_team", true)) {
$i = array();
$i['name'] = $email;
$i['categoryid'] = 2;
// Self-registered category id
$i['enabled'] = 1;
$i['comments'] = "Registered via OIDC by {$ip} on " . date('r');
$teamid = $DB->q("RETURNID INSERT INTO team SET %S", $i);
auditlog('team', $teamid, 'registered via OIDC by ' . $ip);
$u['teamid'] = $teamid;
}
$u['username'] = $username;
$u['email'] = $email;
$u['name'] = $email;
$u['password'] = NULL;
$newid = $DB->q("RETURNID INSERT INTO user SET %S", $u);
auditlog('user', $newid, 'registered via OIDC', $ip);
// Assign the team role if we created a team for them
if (isset($u['teamid'])) {
$DB->q("INSERT INTO `userrole` (`userid`, `roleid`) VALUES ({$newid}, 3)");
}
}
// Load the information about the user
$userdata = $DB->q('MAYBETUPLE SELECT * FROM user WHERE
username = %s AND enabled = 1', $username);
// Save the username in the session so they are logged in
session_start();
$_SESSION['username'] = $username;
auditlog('user', $userdata['userid'], 'logged in', $ip);
// Update the user's last login time
$DB->q('UPDATE user SET last_login = %s, last_ip_address = %s
WHERE username = %s', now(), $ip, $username);
}
