public function uma_get_refresh_token() { $patient = DB::table('demographics_relate')->where('pid', '=', Session::get('pid'))->where('practice_id', '=', Session::get('practice_id'))->first(); $open_id_url = str_replace('/nosh', '/uma-server-webapp/', $patient->url); $practice = DB::table('practiceinfo')->where('practice_id', '=', '1')->first(); $client_id = $patient->uma_client_id; $client_secret = $patient->uma_client_secret; $url = route('uma_get_refresh_token'); $oidc = new OpenIDConnectClient($open_id_url, $client_id, $client_secret); $oidc->setRedirectURL($url); $oidc->addScope('openid'); $oidc->addScope('email'); $oidc->addScope('profile'); $oidc->addScope('offline_access'); $oidc->addScope('uma_authorization'); $oidc->authenticate(true); $firstname = $oidc->requestUserInfo('given_name'); $lastname = $oidc->requestUserInfo('family_name'); $email = $oidc->requestUserInfo('email'); $npi = $oidc->requestUserInfo('npi'); $access_token = $oidc->getAccessToken(); if ($oidc->getRefreshToken() != '') { $refresh_data['uma_refresh_token'] = $oidc->getRefreshToken(); DB::table('demographics_relate')->where('demographics_relate_id', '=', $patient->demographics_relate_id)->update($refresh_data); $this->audit('Update'); } return Redirect::to('chart'); }
function do_login_oidc() { global $DB, $userdata, $username, $ip; if (AUTH_METHOD != "PHP_SESSIONS") { error("You can only use OpenID Connect if the site is using PHP Sessions for authentication."); } if (dbconfig_get('allow_openid_auth', false) == false) { error("OpenID authentication disabled by administrator."); } if (empty(BASEURL)) { error("OpenID authentication requires that 'BASEURL' be configured."); } $provider = dbconfig_get('openid_provider', ''); $clientID = dbconfig_get('openid_clientid', ''); $clientSecret = dbconfig_get('openid_clientsecret', ''); if (empty($provider) || empty($clientID) || empty($clientSecret)) { error("OpenID details are not configured."); } $oidc = new OpenIDConnectClient($provider, $clientID, $clientSecret); $oidc->addScope(array("openid", "email")); // TODO: how to dynamically figure this out properly on all/most servers $oidc->setRedirectURL(BASEURL . "/auth/oid_cb.php"); // For google, forces asking the user what account they want to use every time. $oidc->addAuthParam(array("prompt" => "select_account")); if (isset($_REQUEST["code"])) { // authenticate the code we've received $oidc->authenticate(); } else { // save destination url in session so we can redirect after log in $_SESSION['redirect_after_login'] = $_SERVER['PHP_SELF']; // Launch the OpenID Connect process $oidc->authenticate(); } // we are logged in now, get a bunch of user information from the OID Provider $username = "******" . $oidc->requestUserInfo("sub"); $email = $oidc->requestUserInfo("email"); // Create the user if they don't exist $user = $DB->q('MAYBETUPLE SELECT * FROM user WHERE username = %s', $username); if (!$user) { $u = array(); // Create a team for the user as well if (dbconfig_get("openid_autocreate_team", true)) { $i = array(); $i['name'] = $email; $i['categoryid'] = 2; // Self-registered category id $i['enabled'] = 1; $i['comments'] = "Registered via OIDC by {$ip} on " . date('r'); $teamid = $DB->q("RETURNID INSERT INTO team SET %S", $i); auditlog('team', $teamid, 'registered via OIDC by ' . $ip); $u['teamid'] = $teamid; } $u['username'] = $username; $u['email'] = $email; $u['name'] = $email; $u['password'] = NULL; $newid = $DB->q("RETURNID INSERT INTO user SET %S", $u); auditlog('user', $newid, 'registered via OIDC', $ip); // Assign the team role if we created a team for them if (isset($u['teamid'])) { $DB->q("INSERT INTO `userrole` (`userid`, `roleid`) VALUES ({$newid}, 3)"); } } // Load the information about the user $userdata = $DB->q('MAYBETUPLE SELECT * FROM user WHERE username = %s AND enabled = 1', $username); // Save the username in the session so they are logged in session_start(); $_SESSION['username'] = $username; auditlog('user', $userdata['userid'], 'logged in', $ip); // Update the user's last login time $DB->q('UPDATE user SET last_login = %s, last_ip_address = %s WHERE username = %s', now(), $ip, $username); }