Exemple #1
0
 function beforeroute()
 {
     global $upgrade_access_check;
     parent::beforeroute();
     $auth = AuthManager::instance();
     if ($upgrade_access_check) {
         if (!$auth->isLoggedIn() || !$auth->getUser()->isAdministrator()) {
             $this->accessDenied();
         }
     }
     $this->f3->set('upgrade_access_check', $upgrade_access_check);
     $this->f3->set('@import url(' . $this->f3->get('base_path') . 'upgrade/upgrade.css);');
 }
Exemple #2
0
 /**
  * The default route, called when the q parameter is missing or is invalid.
  *
  * This function performs the following:
  *
  * - This calls the index hook to determine whether other modules would handle this
  *   request
  * - Otherwise, if MyModule is loaded, the dashboard is displayed
  * - If MyModule is not loaded, a blank page is displayed
  *
  */
 public function index()
 {
     $mgr = ModuleManager::instance();
     $this->logger->log(LogLevel::DEBUG, 'SimpleID\\Base\\IndexModule->index');
     header('Vary: Accept');
     $result = $mgr->invokeAll('index', $_REQUEST);
     if ($result) {
         return;
     }
     $auth = AuthManager::instance();
     if (!$auth->isLoggedIn()) {
         $auth_module = $mgr->getModule('SimpleID\\Auth\\AuthModule');
         $auth_module->loginForm();
     } elseif ($mgr->isModuleLoaded('SimpleID\\Base\\MyModule')) {
         $this->f3->mock('GET /my/dashboard');
     } else {
         $tpl = new \Template();
         $this->f3->set('user_header', true);
         $this->f3->set('title', 'SimpleID');
         print $tpl->render('page.html');
     }
 }
 public function __construct()
 {
     parent::__construct();
     $this->auth = AuthManager::instance();
 }
Exemple #4
0
 /**
  * Returns the welcome block.
  *
  * @return array the welcome block
  */
 public function dashboardBlocksHook()
 {
     $auth = AuthManager::instance();
     $user = $auth->getUser();
     $tpl = new \Template();
     $blocks = array();
     $blocks[] = array('id' => 'welcome', 'title' => $this->t('Welcome'), 'content' => $this->t('You are logged in as %identity (%uid).', array('%uid' => $user['uid'], '%identity' => $user->getDisplayName())), 'weight' => -10);
     $this->f3->mset(array('access_type' => $this->t('Access type'), 'location' => $this->t('Location'), 'time' => $this->t('Date/time'), 'browser_label' => $this->t('Browser'), 'app_label' => $this->t('Authorized application')));
     $blocks[] = array('id' => 'activity', 'title' => $this->t('Recent activity'), 'content' => $tpl->render('my_activity.html', false), 'weight' => 0);
     if ($this->f3->get('config.debug')) {
         $blocks[] = array('id' => 'auth', 'title' => $this->t('Authentication'), 'content' => '<pre class="code">' . $this->f3->encode($auth->toString()) . '</pre>', 'weight' => 10);
         $blocks[] = array('id' => 'user', 'title' => $this->t('User'), 'content' => '<pre class="code">' . $this->f3->encode($user->toString()) . '</pre>', 'weight' => 10);
     }
     return $blocks;
 }
Exemple #5
0
 /** @see SimpleID\API\MyHooks::revokeAppHook() */
 public function revokeAppHook($cid)
 {
     $auth = AuthManager::instance();
     $store = StoreManager::instance();
     $user = $auth->getUser();
     $client = $store->loadClient($cid, 'SimpleID\\Protocols\\OAuth\\OAuthClient');
     $aid = Authorization::buildID($user, $client);
     $authorization = $store->loadAuth($aid);
     if ($authorization != null) {
         $authorization->revokeAllTokens();
         $store->deleteAuth($authorization);
     }
 }
 /**
  * @see SimpleID\API\AuthHooks::loginHook()
  */
 public function loginHook($user, $level, $modules, $form_state)
 {
     $auth = AuthManager::instance();
     $store = StoreManager::instance();
     if ($level >= AuthManager::AUTH_LEVEL_VERIFIED && isset($form_state['otp_remember']) && $form_state['otp_remember'] == 1) {
         $uaid = $auth->assignUAID();
         if (!isset($user->auth[$uaid])) {
             $user->auth[$uaid] = array();
         }
         if (!isset($user->auth[$uaid]['otp'])) {
             $user->auth[$uaid]['otp'] = array();
         }
         $user->auth[$uaid]['otp']['remember'] = true;
         $store->saveUser($user);
     }
 }
Exemple #7
0
 /**
  * FatFree Framework event handler.
  *
  * This event handler initialises the user system.  It starts the PHP session
  * and loads data for the currently logged-in user, if any.
  *
  */
 public function beforeroute()
 {
     $auth = AuthManager::instance();
     $auth->initSession();
     $auth->initUser();
 }
Exemple #8
0
 /**
  * Build a set of claims to be included in an ID token or UserInfo response
  *
  * @param SimpleID\Models\User $user the user about which the ID
  * token is created
  * @param SimpleID\Models\Client $client the client to which the
  * ID token will be sent
  * @param string $context the context, either `id_token` or `userinfo`
  * @param array $scopes the scope
  * @param array $claims_requested the claims requested in the request object,
  * or null if the request object is not present
  * @return array an array of claims
  */
 private function buildClaims($user, $client, $context, $scopes, $claims_requested = NULL)
 {
     $auth = AuthManager::instance();
     $mgr = ModuleManager::instance();
     $scope_settings = $mgr->invokeAll('scopes');
     $claims = array();
     $claims['sub'] = $this->getSubject($user, $client);
     if ($claims_requested != null) {
         foreach ($claims_requested as $claim => $properties) {
             switch ($claim) {
                 case 'acr':
                     // Processed later
                     break;
                 case 'updated_at':
                     // Not supported
                     break;
                 default:
                     $consent_scope = null;
                     foreach (array_keys($scope_settings['oauth']) as $scope => $settings) {
                         if (!isset($settings['claims'])) {
                             continue;
                         }
                         if (in_array($claim, $settings['claims'])) {
                             $consent_scope = $scope;
                         }
                     }
                     if ($consent_scope == null) {
                         continue;
                     }
                     // No consent given for this claim
                     if (isset($user['userinfo'][$claim])) {
                         $claims[$claim] = $user['userinfo'][$claim];
                         if ($claim == 'email') {
                             $claims['email_verified'] = false;
                         }
                         if ($claim == 'phone_number') {
                             $claims['phone_number_verified'] = false;
                         }
                     }
                     break;
             }
         }
     } else {
         foreach (array('profile', 'email', 'address', 'phone') as $scope) {
             if (in_array($scope, $scopes)) {
                 if (isset($scope_settings['oauth'][$scope]['claims'])) {
                     foreach ($scope_settings['oauth'][$scope]['claims'] as $claim) {
                         if (isset($user['userinfo'][$claim])) {
                             $claims[$claim] = $user['userinfo'][$claim];
                         }
                         if ($claim == 'email') {
                             $claims['email_verified'] = false;
                         }
                         if ($claim == 'phone_number') {
                             $claims['phone_number_verified'] = false;
                         }
                     }
                 }
             }
         }
     }
     if ($context == 'id_token') {
         $now = time();
         $claims['exp'] = $now + SIMPLEID_LONG_TOKEN_EXPIRES_IN - SIMPLEID_LONG_TOKEN_EXPIRES_BUFFER;
         $claims['iat'] = $now;
         $claims['auth_time'] = $auth->getAuthTime();
         $claims['acr'] = $auth->getACR();
     }
     $hook_claims = $mgr->invokeAll('connectBuildClaims', $user, $client, $context, $scopes, $claims_requested);
     return array_merge($claims, $hook_claims);
 }
Exemple #9
0
 /**
  * Returns a block containing OpenID Connect user information.
  *
  * @return array the OpenID Connect user information block
  */
 function profileBlocksHook()
 {
     $auth = AuthManager::instance();
     $user = $auth->getUser();
     $html = '<p>' . $this->t('SimpleID may, with your consent, send the following information to sites.') . '</p>';
     $html .= "<table><tr><th>" . $this->t('Member') . "</th><th>" . $this->t('Value') . "</th></tr>";
     if (isset($user['userinfo'])) {
         foreach ($user['userinfo'] as $member => $value) {
             if (is_array($value)) {
                 foreach ($value as $submember => $subvalue) {
                     $html .= "<tr><td>" . $this->f3->clean($member) . " (" . $this->f3->clean($submember) . ")</td><td>" . $this->f3->clean($subvalue) . "</td></tr>";
                 }
             } else {
                 $html .= "<tr><td>" . $this->f3->clean($member) . "</td><td>" . $this->f3->clean($value) . "</td></tr>";
             }
         }
     }
     $html .= "</table>";
     return array(array('id' => 'userinfo', 'title' => $this->t('User information'), 'content' => $html, 'weight' => -1));
 }
Exemple #10
0
 /**
  * Returns a block containing discovery information.
  *
  * @return array the discovery block
  */
 public function profileBlocksHook()
 {
     $auth = AuthManager::instance();
     $user = $auth->getUser();
     $tpl = new \Template();
     $this->f3->set('js_locale', array('code' => addslashes($this->t('<em>You need to set at least one of OpenID 1.x or OpenID 2 to generate the code.</em>'))));
     $xrds_url = $this->getCanonicalURL('user/' . $user['uid'] . '/xrds', '', true);
     $hive = array('config' => $this->f3->get('config'), 'user' => $user, 'link_tags_label' => $this->t('<link> tags'), 'openid1_label' => $this->t('OpenID 1.x'), 'openid2_label' => $this->t('OpenID 2.x'), 'localid_label' => $this->t('Claim a different identifier'), 'yadis_label' => $this->t('YADIS'), 'yadis_doc_label' => $this->t('Write your own or <a href="!url">download</a> your YADIS document', array('!url' => $xrds_url)), 'yadis_add_label' => $this->t('Add HTTP headers or <meta> tag, e.g.:'), 'xrds_url' => $xrds_url);
     return array(array('id' => 'discovery', 'title' => $this->t('OpenID 2'), 'content' => $tpl->render('openid_profile.html', false, $hive), 'links' => array(array('href' => 'http://simpleid.koinic.net/documentation/getting-started/setting-identity/claim-your-identifier', 'name' => $this->t('More information'))), 'weight' => 1));
 }
 /**
  * @see hook_response()
  */
 public function openIDResponseHook($assertion, $request, $response)
 {
     $auth = AuthManager::instance();
     // We only deal with positive assertions
     if (!$assertion) {
         return array();
     }
     // We only respond if we are using OpenID 2 or later
     if ($request->getVersion() < Message::OPENID_VERSION_2) {
         return array();
     }
     // Get what is requested
     $pape_request = $request->getParamsForExtension(self::OPENID_NS_PAPE);
     // If the extension is requested, we use the same alias, otherwise, we
     // make one up
     $alias = $response->getAliasForExtension(self::OPENID_NS_PAPE, 'pape');
     // The PAPE specification recommends us to respond even when the extension
     // is not present in the request.
     $response['ns.' . $alias] = self::OPENID_NS_PAPE;
     // We return the last time the user logged in using the login form
     $response[$alias . '.auth_time'] = gmstrftime('%Y-%m-%dT%H:%M:%SZ', $auth->getAuthTime());
     // We don't comply with NIST_SP800-63
     $response[$alias . '.auth_level.ns.nist'] = self::PAPE_LEVEL_NIST800_63;
     $response[$alias . '.auth_level.nist'] = 0;
     // The default is that we don't apply any authentication policies.
     $response[$alias . '.auth_policies'] = self::PAPE_POLICY_NONE;
 }