function beforeroute() { global $upgrade_access_check; parent::beforeroute(); $auth = AuthManager::instance(); if ($upgrade_access_check) { if (!$auth->isLoggedIn() || !$auth->getUser()->isAdministrator()) { $this->accessDenied(); } } $this->f3->set('upgrade_access_check', $upgrade_access_check); $this->f3->set('@import url(' . $this->f3->get('base_path') . 'upgrade/upgrade.css);'); }
/** * The default route, called when the q parameter is missing or is invalid. * * This function performs the following: * * - This calls the index hook to determine whether other modules would handle this * request * - Otherwise, if MyModule is loaded, the dashboard is displayed * - If MyModule is not loaded, a blank page is displayed * */ public function index() { $mgr = ModuleManager::instance(); $this->logger->log(LogLevel::DEBUG, 'SimpleID\\Base\\IndexModule->index'); header('Vary: Accept'); $result = $mgr->invokeAll('index', $_REQUEST); if ($result) { return; } $auth = AuthManager::instance(); if (!$auth->isLoggedIn()) { $auth_module = $mgr->getModule('SimpleID\\Auth\\AuthModule'); $auth_module->loginForm(); } elseif ($mgr->isModuleLoaded('SimpleID\\Base\\MyModule')) { $this->f3->mock('GET /my/dashboard'); } else { $tpl = new \Template(); $this->f3->set('user_header', true); $this->f3->set('title', 'SimpleID'); print $tpl->render('page.html'); } }
public function __construct() { parent::__construct(); $this->auth = AuthManager::instance(); }
/** * Returns the welcome block. * * @return array the welcome block */ public function dashboardBlocksHook() { $auth = AuthManager::instance(); $user = $auth->getUser(); $tpl = new \Template(); $blocks = array(); $blocks[] = array('id' => 'welcome', 'title' => $this->t('Welcome'), 'content' => $this->t('You are logged in as %identity (%uid).', array('%uid' => $user['uid'], '%identity' => $user->getDisplayName())), 'weight' => -10); $this->f3->mset(array('access_type' => $this->t('Access type'), 'location' => $this->t('Location'), 'time' => $this->t('Date/time'), 'browser_label' => $this->t('Browser'), 'app_label' => $this->t('Authorized application'))); $blocks[] = array('id' => 'activity', 'title' => $this->t('Recent activity'), 'content' => $tpl->render('my_activity.html', false), 'weight' => 0); if ($this->f3->get('config.debug')) { $blocks[] = array('id' => 'auth', 'title' => $this->t('Authentication'), 'content' => '<pre class="code">' . $this->f3->encode($auth->toString()) . '</pre>', 'weight' => 10); $blocks[] = array('id' => 'user', 'title' => $this->t('User'), 'content' => '<pre class="code">' . $this->f3->encode($user->toString()) . '</pre>', 'weight' => 10); } return $blocks; }
/** @see SimpleID\API\MyHooks::revokeAppHook() */ public function revokeAppHook($cid) { $auth = AuthManager::instance(); $store = StoreManager::instance(); $user = $auth->getUser(); $client = $store->loadClient($cid, 'SimpleID\\Protocols\\OAuth\\OAuthClient'); $aid = Authorization::buildID($user, $client); $authorization = $store->loadAuth($aid); if ($authorization != null) { $authorization->revokeAllTokens(); $store->deleteAuth($authorization); } }
/** * @see SimpleID\API\AuthHooks::loginHook() */ public function loginHook($user, $level, $modules, $form_state) { $auth = AuthManager::instance(); $store = StoreManager::instance(); if ($level >= AuthManager::AUTH_LEVEL_VERIFIED && isset($form_state['otp_remember']) && $form_state['otp_remember'] == 1) { $uaid = $auth->assignUAID(); if (!isset($user->auth[$uaid])) { $user->auth[$uaid] = array(); } if (!isset($user->auth[$uaid]['otp'])) { $user->auth[$uaid]['otp'] = array(); } $user->auth[$uaid]['otp']['remember'] = true; $store->saveUser($user); } }
/** * FatFree Framework event handler. * * This event handler initialises the user system. It starts the PHP session * and loads data for the currently logged-in user, if any. * */ public function beforeroute() { $auth = AuthManager::instance(); $auth->initSession(); $auth->initUser(); }
/** * Build a set of claims to be included in an ID token or UserInfo response * * @param SimpleID\Models\User $user the user about which the ID * token is created * @param SimpleID\Models\Client $client the client to which the * ID token will be sent * @param string $context the context, either `id_token` or `userinfo` * @param array $scopes the scope * @param array $claims_requested the claims requested in the request object, * or null if the request object is not present * @return array an array of claims */ private function buildClaims($user, $client, $context, $scopes, $claims_requested = NULL) { $auth = AuthManager::instance(); $mgr = ModuleManager::instance(); $scope_settings = $mgr->invokeAll('scopes'); $claims = array(); $claims['sub'] = $this->getSubject($user, $client); if ($claims_requested != null) { foreach ($claims_requested as $claim => $properties) { switch ($claim) { case 'acr': // Processed later break; case 'updated_at': // Not supported break; default: $consent_scope = null; foreach (array_keys($scope_settings['oauth']) as $scope => $settings) { if (!isset($settings['claims'])) { continue; } if (in_array($claim, $settings['claims'])) { $consent_scope = $scope; } } if ($consent_scope == null) { continue; } // No consent given for this claim if (isset($user['userinfo'][$claim])) { $claims[$claim] = $user['userinfo'][$claim]; if ($claim == 'email') { $claims['email_verified'] = false; } if ($claim == 'phone_number') { $claims['phone_number_verified'] = false; } } break; } } } else { foreach (array('profile', 'email', 'address', 'phone') as $scope) { if (in_array($scope, $scopes)) { if (isset($scope_settings['oauth'][$scope]['claims'])) { foreach ($scope_settings['oauth'][$scope]['claims'] as $claim) { if (isset($user['userinfo'][$claim])) { $claims[$claim] = $user['userinfo'][$claim]; } if ($claim == 'email') { $claims['email_verified'] = false; } if ($claim == 'phone_number') { $claims['phone_number_verified'] = false; } } } } } } if ($context == 'id_token') { $now = time(); $claims['exp'] = $now + SIMPLEID_LONG_TOKEN_EXPIRES_IN - SIMPLEID_LONG_TOKEN_EXPIRES_BUFFER; $claims['iat'] = $now; $claims['auth_time'] = $auth->getAuthTime(); $claims['acr'] = $auth->getACR(); } $hook_claims = $mgr->invokeAll('connectBuildClaims', $user, $client, $context, $scopes, $claims_requested); return array_merge($claims, $hook_claims); }
/** * Returns a block containing OpenID Connect user information. * * @return array the OpenID Connect user information block */ function profileBlocksHook() { $auth = AuthManager::instance(); $user = $auth->getUser(); $html = '<p>' . $this->t('SimpleID may, with your consent, send the following information to sites.') . '</p>'; $html .= "<table><tr><th>" . $this->t('Member') . "</th><th>" . $this->t('Value') . "</th></tr>"; if (isset($user['userinfo'])) { foreach ($user['userinfo'] as $member => $value) { if (is_array($value)) { foreach ($value as $submember => $subvalue) { $html .= "<tr><td>" . $this->f3->clean($member) . " (" . $this->f3->clean($submember) . ")</td><td>" . $this->f3->clean($subvalue) . "</td></tr>"; } } else { $html .= "<tr><td>" . $this->f3->clean($member) . "</td><td>" . $this->f3->clean($value) . "</td></tr>"; } } } $html .= "</table>"; return array(array('id' => 'userinfo', 'title' => $this->t('User information'), 'content' => $html, 'weight' => -1)); }
/** * Returns a block containing discovery information. * * @return array the discovery block */ public function profileBlocksHook() { $auth = AuthManager::instance(); $user = $auth->getUser(); $tpl = new \Template(); $this->f3->set('js_locale', array('code' => addslashes($this->t('<em>You need to set at least one of OpenID 1.x or OpenID 2 to generate the code.</em>')))); $xrds_url = $this->getCanonicalURL('user/' . $user['uid'] . '/xrds', '', true); $hive = array('config' => $this->f3->get('config'), 'user' => $user, 'link_tags_label' => $this->t('<link> tags'), 'openid1_label' => $this->t('OpenID 1.x'), 'openid2_label' => $this->t('OpenID 2.x'), 'localid_label' => $this->t('Claim a different identifier'), 'yadis_label' => $this->t('YADIS'), 'yadis_doc_label' => $this->t('Write your own or <a href="!url">download</a> your YADIS document', array('!url' => $xrds_url)), 'yadis_add_label' => $this->t('Add HTTP headers or <meta> tag, e.g.:'), 'xrds_url' => $xrds_url); return array(array('id' => 'discovery', 'title' => $this->t('OpenID 2'), 'content' => $tpl->render('openid_profile.html', false, $hive), 'links' => array(array('href' => 'http://simpleid.koinic.net/documentation/getting-started/setting-identity/claim-your-identifier', 'name' => $this->t('More information'))), 'weight' => 1)); }
/** * @see hook_response() */ public function openIDResponseHook($assertion, $request, $response) { $auth = AuthManager::instance(); // We only deal with positive assertions if (!$assertion) { return array(); } // We only respond if we are using OpenID 2 or later if ($request->getVersion() < Message::OPENID_VERSION_2) { return array(); } // Get what is requested $pape_request = $request->getParamsForExtension(self::OPENID_NS_PAPE); // If the extension is requested, we use the same alias, otherwise, we // make one up $alias = $response->getAliasForExtension(self::OPENID_NS_PAPE, 'pape'); // The PAPE specification recommends us to respond even when the extension // is not present in the request. $response['ns.' . $alias] = self::OPENID_NS_PAPE; // We return the last time the user logged in using the login form $response[$alias . '.auth_time'] = gmstrftime('%Y-%m-%dT%H:%M:%SZ', $auth->getAuthTime()); // We don't comply with NIST_SP800-63 $response[$alias . '.auth_level.ns.nist'] = self::PAPE_LEVEL_NIST800_63; $response[$alias . '.auth_level.nist'] = 0; // The default is that we don't apply any authentication policies. $response[$alias . '.auth_policies'] = self::PAPE_POLICY_NONE; }