/**
* This method should handle any authentication and report back to the subject
*
* @param array $credentials Array holding the user credentials
* @param array $options Array of extra options
* @param object $response Authentication response object
* @return boolean
*/
public function onUserAuthenticate($credentials, $options, &$response)
{
// Set up the config for the sdk instance
$config = array('appId' => $this->params->get('app_id'), 'secret' => $this->params->get('app_secret'));
// Set defaults
\Facebook\FacebookSession::setDefaultApplication($config['appId'], $config['secret']);
$helper = new \Facebook\FacebookRedirectLoginHelper(self::getReturnUrl($options['return'], true));
try {
$session = $helper->getSessionFromRedirect();
} catch (\Facebook\FacebookRequestException $ex) {
// When Facebook returns an error
} catch (\Exception $ex) {
// When validation fails or other local issues
}
// Make sure we have a user_id (facebook returns 0 for a non-logged in user)
if (isset($user_id) && $user_id > 0 || isset($session) && $session) {
try {
$request = new \Facebook\FacebookRequest($session, 'GET', '/me');
$user_profile = $request->execute()->getGraphObject(\Facebook\GraphUser::className());
$id = $user_profile->getId();
$fullname = $user_profile->getName();
$email = $user_profile->getProperty('email');
$username = $user_profile->getProperty('username');
} catch (\Facebook\FacebookRequestException $e) {
// Error message?
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_FACEBOOK_ERROR_RETRIEVING_PROFILE', $e->getMessage());
return;
}
// Create the hubzero auth link
$method = Component::params('com_users')->get('allowUserRegistration', false) ? 'find_or_create' : 'find';
$hzal = \Hubzero\Auth\Link::$method('authentication', 'facebook', null, $id);
if ($hzal === false) {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_FACEBOOK_UNKNOWN_USER');
return;
}
$hzal->email = $email;
// Set response variables
$response->auth_link = $hzal;
$response->type = 'facebook';
$response->status = \Hubzero\Auth\Status::SUCCESS;
$response->fullname = $fullname;
if (!empty($hzal->user_id)) {
$user = User::getInstance($hzal->user_id);
$response->username = $user->username;
$response->email = $user->email;
$response->fullname = $user->name;
} else {
$response->username = '******' . $hzal->id;
$response->email = $response->username . '@invalid';
// Also set a suggested username for their hub account
$sub_email = explode('@', $email, 2);
$tmp_username = !empty($username) ? $username : $sub_email[0];
App::get('session')->set('auth_link.tmp_username', $tmp_username);
}
$hzal->update();
// If we have a real user, drop the authenticator cookie
if (isset($user) && is_object($user)) {
// Set cookie with login preference info
$prefs = array('user_id' => $user->get('id'), 'user_img' => 'https://graph.facebook.com/v2.0/' . $id . '/picture?type=normal', 'authenticator' => 'facebook');
$namespace = 'authenticator';
$lifetime = time() + 365 * 24 * 60 * 60;
\Hubzero\Utility\Cookie::bake($namespace, $lifetime, $prefs);
}
} else {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_FACEBOOK_AUTHENTICATION_FAILED');
}
}
/**
* Clear all messages
*
* @param string $domain
* @return void
*/
public function clear($domain)
{
Monster::bake($this->key($domain), $this->expires(0), array());
}
/**
* Mark the overlay as having been viewed
*
* @return void
*/
public function _mark()
{
$this->view->setLayout('mark');
$member = $this->view->offering->member(User::get('id'));
if ($member->get('first_visit') && $member->get('first_visit') != '0000-00-00 00:00:00') {
return;
} elseif (!$member->get('id')) {
$cookie = \Hubzero\Utility\Cookie::eat('plugin.courses.guide');
if (!is_object($cookie) || !isset($cookie->first_visit)) {
// Drop cookie
$lifetime = time() + 365 * 24 * 60 * 60;
\Hubzero\Utility\Cookie::bake('plugin.courses.guide', $lifetime, array('first_visit' => Date::toSql()));
}
}
$member->set('first_visit', Date::toSql());
$member->store();
}
/**
* Method to log out a user.
*
* @since 1.6
*/
public function logout()
{
$app = JFactory::getApplication();
$user = User::getInstance();
$authenticator = Request::getVar('authenticator', '', 'method');
$singleSignOn = Request::getVar('sso', false);
if (empty($authenticator) || $authenticator == '') {
$cookie = \Hubzero\Utility\Cookie::eat('authenticator');
if (isset($cookie->authenticator)) {
$authenticator = $cookie->authenticator;
} else {
$authenticator = null;
}
}
// If a specific authenticator is specified try to call the logout method for that plugin
if (!empty($authenticator)) {
Plugin::import('authentication');
$plugins = Plugin::byType('authentication');
foreach ($plugins as $plugin) {
$className = 'plg' . $plugin->type . $plugin->name;
if ($plugin->name != $authenticator) {
continue;
}
if (class_exists($className)) {
if (method_exists($className, 'logout')) {
$myplugin = new $className($this, (array) $plugin);
// Redirect to user third party signout view
// Only do this for PUCAS for the time being (it's the one that doesn't lose session info after hub logout)
if ($authenticator == 'pucas') {
// Get plugin params
$plugin = Plugin::byType('authentication', $authenticator);
$pparams = new \Hubzero\Config\Registry($plugin->params);
$auto_logoff = $pparams->get('auto_logoff', false);
if ($auto_logoff || $singleSignOn == 'all') {
$result = $myplugin->logout();
break;
} elseif ($singleSignOn === false) {
App::redirect(Route::url('index.php?option=com_users&view=endsinglesignon&authenticator=' . $authenticator, false));
return;
} else {
break;
}
} else {
$result = $myplugin->logout();
break;
}
// Normal path
}
// End verification of logout() method
}
// End plugin check
}
// End foreach
}
// End check for specified authenticator
// Perform the log out
$error = $app->logout();
// Check if the log out succeeded.
if (!$error instanceof Exception) {
// If the authenticator is empty, but they have an active third party session,
// redirect to a page indicating this and offering complete signout
if (isset($user->auth_link_id) && $user->auth_link_id && empty($authenticator)) {
$auth_domain_name = '';
$auth_domain = \Hubzero\Auth\Link::find_by_id($user->auth_link_id);
if (is_object($auth_domain)) {
$auth_domain_id = $auth_domain->auth_domain_id;
$auth_domain_name = \Hubzero\Auth\Domain::find_by_id($auth_domain_id)->authenticator;
}
// Redirect to user third party signout view
// Only do this for PUCAS for the time being (it's the one that doesn't lose session info after hub logout)
if ($auth_domain_name == 'pucas') {
// Get plugin params
$plugin = Plugin::byType('authentication', $auth_domain_name);
$pparams = new \Hubzero\Config\Registry($plugin->params);
$auto_logoff = $pparams->get('auto_logoff', false);
if ($auto_logoff) {
App::redirect(Route::url('index.php?option=com_users&task=user.logout&authenticator=' . $auth_domain_name, false));
return;
} else {
App::redirect(Route::url('index.php?option=com_users&view=endsinglesignon&authenticator=' . $auth_domain_name, false));
return;
}
}
}
// Get the return url from the request and validate that it is internal.
$return = Request::getVar('return', '', 'method', 'base64');
$return = base64_decode($return);
if (!JURI::isInternal($return)) {
$return = '';
}
// Redirect the user.
App::redirect(Route::url($return, false));
} else {
App::redirect(Route::url('index.php?option=com_users&view=login', false));
}
}
/**
* This method should handle any authentication and report back to the subject
*
* @param array $credentials the user credentials
* @param array $options any extra options
* @param object $response authentication response object
* @return void
*/
public function onUserAuthenticate($credentials, $options, &$response)
{
// Check for the required subject dn field
if (isset($_SERVER['SSL_CLIENT_S_DN']) && $_SERVER['SSL_CLIENT_S_DN']) {
$domain = $_SERVER['SSL_CLIENT_I_DN_CN'];
$username = $_SERVER['SSL_CLIENT_S_DN_CN'];
$method = Component::params('com_users')->get('allowUserRegistration', false) ? 'find_or_create' : 'find';
$hzal = \Hubzero\Auth\Link::$method('authentication', 'certificate', $domain, $username);
if ($hzal === false) {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_CERTIFICATE_UNKNOWN_USER');
return;
}
$hzal->email = $_SERVER['SSL_CLIENT_S_DN_Email'];
$response->auth_link = $hzal;
$response->type = 'certificate';
$response->status = \Hubzero\Auth\Status::SUCCESS;
$response->fullname = $username;
// Try to deduce fullname from potential patern (ex: LAST.FIRST.MIDDLE.ID)
if (preg_match('/([[:alpha:]]*)\\.([[:alpha:]]*)\\.([[:alpha:]]*)/', $username, $matches)) {
$response->fullname = ucfirst($matches[2]) . ' ' . ucfirst($matches[3]) . ' ' . ucfirst($matches[1]);
}
if (!empty($hzal->user_id)) {
$user = User::getInstance($hzal->user_id);
$response->username = $user->get('username');
$response->email = $user->get('email');
$response->fullname = $user->get('name');
} else {
$response->username = '******' . $hzal->id;
$response->email = $response->username . '@invalid';
// Also set a suggested username for their hub account
App::get('session')->set('auth_link.tmp_username', $username);
}
$hzal->update();
// If we have a real user, drop the authenticator cookie
if (isset($user) && is_object($user)) {
// Set cookie with login preference info
$prefs = array('user_id' => $user->get('id'), 'user_img' => $user->picture(0, false), 'authenticator' => 'certificate');
$namespace = 'authenticator';
$lifetime = time() + 365 * 24 * 60 * 60;
\Hubzero\Utility\Cookie::bake($namespace, $lifetime, $prefs);
}
} else {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_CERTIFICATE_AUTHENTICATION_FAILED');
}
}
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*
* HUBzero is a registered trademark of Purdue University.
*
* @package hubzero-cms
* @author Sam Wilson <*****@*****.**>
* @copyright Copyright 2005-2015 HUBzero Foundation, LLC.
* @license http://opensource.org/licenses/MIT MIT
*/
// no direct access
defined('_HZEXEC_') or die;
$hash = App::hash(App::get('client')->name . ':authenticator');
if (($cookie = \Hubzero\Utility\Cookie::eat('authenticator')) && !Request::getInt('reset', false)) {
$primary = $cookie->authenticator;
$user = User::getInstance($cookie->user_id);
$user_img = $cookie->user_img;
Request::setVar('primary', $primary);
}
$usersConfig = Component::params('com_members');
$primary = Request::getWord('primary', false);
// use some reflections to inspect plugins for special behavior (added for shibboleth)
$refl = array();
foreach ($authenticators as $a) {
$refl[$a['name']] = new \ReflectionClass("plgAuthentication{$a['name']}");
}
$current = Hubzero\Utility\Uri::getInstance()->toString();
$current .= strstr($current, '?') ? '&' : '?';
?>
/**
* This method should handle any authentication and report back to the subject
*
* @param array $credentials Array holding the user credentials
* @param array $options Array of extra options
* @param object $response Authentication response object
* @return boolean
*/
public function onUserAuthenticate($credentials, $options, &$response)
{
// Build twitter object using temp credentials saved in session
$twitter = new TwitterOAuth($this->params->get('app_id'), $this->params->get('app_secret'), App::get('session')->get('twitter.oauth.token'), App::get('session')->get('twitter.oauth.token_secret'));
// Request user specific (longer lasting) credentials
$token_credentials = $twitter->getAccessToken(Request::getVar('oauth_verifier'));
// Build new twitter object with user credentials
$twitter = new TwitterOAuth($this->params->get('app_id'), $this->params->get('app_secret'), $token_credentials['oauth_token'], $token_credentials['oauth_token_secret']);
// Get user account info
$account = $twitter->get('account/verify_credentials');
// Make sure we have a twitter account
if (!$account->errors && $account->id > 0) {
// Get id as username (silly, but we cast to string, otherwise find_or_create bellow fails)
$username = (string) $account->id;
// Create the hubzero auth link
$method = Component::params('com_users')->get('allowUserRegistration', false) ? 'find_or_create' : 'find';
$hzal = \Hubzero\Auth\Link::$method('authentication', 'twitter', null, $username);
if ($hzal === false) {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_TWITTER_UNKNOWN_USER');
return;
}
// Set response variables
$response->auth_link = $hzal;
$response->type = 'twitter';
$response->status = \Hubzero\Auth\Status::SUCCESS;
$response->fullname = $account->name;
if (!empty($hzal->user_id)) {
$user = User::getInstance($hzal->user_id);
$response->username = $user->username;
$response->email = $user->email;
$response->fullname = $user->name;
} else {
$response->username = '******' . $hzal->id;
$response->email = $response->username . '@invalid';
// Also set a suggested username for their hub account
App::get('session')->set('auth_link.tmp_username', $account->screen_name);
}
$hzal->update();
// If we have a real user, drop the authenticator cookie
if (isset($user) && is_object($user)) {
// Set cookie with login preference info
$prefs = array('user_id' => $user->get('id'), 'user_img' => str_replace('_normal', '', $account->profile_image_url_https), 'authenticator' => 'twitter');
$namespace = 'authenticator';
$lifetime = time() + 365 * 24 * 60 * 60;
\Hubzero\Utility\Cookie::bake($namespace, $lifetime, $prefs);
}
} else {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_TWITTER_AUTHENTICATION_FAILED');
}
}
/**
* This method should handle any authentication and report back to the subject
*
* @access public
* @param array $credentials Array holding the user credentials
* @param array $options Array of extra options
* @param object $response Authentication response object
* @return boolean
* @since 1.5
*/
public function onUserAuthenticate($credentials, $options, &$response)
{
// eppn is eduPersonPrincipalName and is the absolute lowest common
// denominator for InCommon attribute exchanges. we can't really do
// anything without it
if (isset($options['shibboleth']['eppn'])) {
$this->log('auth with', $options['shibboleth']);
$method = \Component::params('com_users')->get('allowUserRegistration', FALSE) ? 'find_or_create' : 'find';
$hzal = \Hubzero\Auth\Link::$method('authentication', 'shibboleth', $options['shibboleth']['idp'], $options['shibboleth']['eppn']);
if ($hzal === FALSE) {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = 'Unknown user and new user registration is not permitted.';
return;
}
$hzal->email = isset($options['shibboleth']['email']) ? $options['shibboleth']['email'] : NULL;
$this->log('hzal', $hzal);
$response->auth_link = $hzal;
$response->type = 'shibboleth';
$response->status = \Hubzero\Auth\Status::SUCCESS;
$response->fullname = isset($options['shibboleth']['displayName']) ? ucwords(strtolower($options['shibboleth']['displayName'])) : $options['shibboleth']['username'];
if (!empty($hzal->user_id)) {
$user = User::getInstance($hzal->user_id);
// Bring this in line with the rest of the system
$response->username = $user->username;
$response->email = $user->email;
$response->fullname = $user->name;
} else {
$response->username = '******' . $hzal->id;
// The Open Group Base Specifications Issue 6, Section 3.426
$response->email = $response->username . '@invalid';
// RFC2606, section 2
// Also set a suggested username for their hub account
App::get('session')->set('auth_link.tmp_username', $options['shibboleth']['username']);
}
$hzal->update();
// If we have a real user, drop the authenticator cookie
if (isset($user) && is_object($user)) {
// Set cookie with login preference info
$prefs = array('user_id' => $user->get('id'), 'user_img' => \Hubzero\User\Profile::getInstance($user->get('id'))->getPicture(0, false), 'authenticator' => 'shibboleth');
$this->log('auth cookie', $prefs);
$namespace = 'authenticator';
$lifetime = time() + 365 * 24 * 60 * 60;
\Hubzero\Utility\Cookie::bake($namespace, $lifetime, $prefs);
}
} else {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = 'An error occurred verifying your credentials.';
}
}
/**
* This method should handle any authentication and report back to the subject
*
* @param array $credentials Array holding the user credentials
* @param array $options Array of extra options
* @param object $response Authentication response object
* @return boolean
*/
public function onUserAuthenticate($credentials, $options, &$response)
{
// Set up the config for the google api instance
$client = new Google_Client();
$client->setClientId($this->params->get('app_id'));
$client->setClientSecret($this->params->get('app_secret'));
// Create OAuth2 Instance
$oauth2 = new Google_Service_Oauth2($client);
// Check if there's an active token in the session
$jsession = App::get('session');
if ($jsession->get('google.token', NULL)) {
$client->setAccessToken($jsession->get('google.token'));
}
// If we have an access token set, carry on
if ($client->getAccessToken()) {
// Get the user info
$user_profile = $oauth2->userinfo->get();
// Set username to email address, which will fail and force registration update
// (we have to make sure we get something unique from google)
$username = $user_profile['email'];
// Create the hubzero auth link
$method = Component::params('com_users')->get('allowUserRegistration', false) ? 'find_or_create' : 'find';
$hzal = \Hubzero\Auth\Link::$method('authentication', 'google', null, $username);
if ($hzal === false) {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_GOOGLE_UNKNOWN_USER');
return;
}
$hzal->email = $user_profile['email'];
// Set response variables
$response->auth_link = $hzal;
$response->type = 'google';
$response->status = \Hubzero\Auth\Status::SUCCESS;
$response->fullname = $user_profile['name'];
if (!empty($hzal->user_id)) {
$user = User::getInstance($hzal->user_id);
$response->username = $user->username;
$response->email = $user->email;
$response->fullname = $user->name;
} else {
$response->username = '******' . $hzal->id;
$response->email = $response->username . '@invalid';
// Also set a suggested username for their hub account
$sub_email = explode('@', $user_profile['email'], 2);
$tmp_username = $sub_email[0];
$jsession->set('auth_link.tmp_username', $tmp_username);
}
$hzal->update();
// If we have a real user, drop the authenticator cookie
if (isset($user) && is_object($user)) {
// Set cookie with login preference info
$prefs = array('user_id' => $user->get('id'), 'user_img' => $user_profile['picture'] . '?sz=100', 'authenticator' => 'google');
$namespace = 'authenticator';
$lifetime = time() + 365 * 24 * 60 * 60;
\Hubzero\Utility\Cookie::bake($namespace, $lifetime, $prefs);
}
} else {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_GOOGLE_AUTHENTICATION_FAILED');
}
}
/**
* This method should handle any authentication and report back to the subject
*
* @param array $credentials Array holding the user credentials
* @param array $options Array of extra options
* @param object $response Authentication response object
* @return boolean
*/
public function onUserAuthenticate($credentials, $options, &$response)
{
// Make sure we have authorization
$jsession = App::get('session');
if ($jsession->get('linkedin.oauth.authorized') == TRUE) {
// User initiated LinkedIn connection, set up config
$config = array('appKey' => $this->params->get('api_key'), 'appSecret' => $this->params->get('app_secret'), 'callbackUrl' => self::getRedirectUri('linkedin'));
// Create the object
$linkedin_client = new LinkedIn($config);
$linkedin_client->setTokenAccess($jsession->get('linkedin.oauth.access'));
// Get the linked in profile
$profile = $linkedin_client->profile('~:(id,first-name,last-name,email-address,picture-urls::(original))');
$profile = $profile['linkedin'];
// Parse the profile XML
$profile = new SimpleXMLElement($profile);
// Get the profile values
$li_id = $profile->{'id'};
$first_name = $profile->{'first-name'};
$last_name = $profile->{'last-name'};
$full_name = $first_name . ' ' . $last_name;
$username = (string) $li_id;
// (make sure this is unique)
$method = Component::params('com_users')->get('allowUserRegistration', false) ? 'find_or_create' : 'find';
$hzal = \Hubzero\Auth\Link::$method('authentication', 'linkedin', null, $username);
if ($hzal === false) {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_LINKEDIN_UNKNOWN_USER');
return;
}
$hzal->email = (string) $profile->{'email-address'};
// Set response variables
$response->auth_link = $hzal;
$response->type = 'linkedin';
$response->status = \Hubzero\Auth\Status::SUCCESS;
$response->fullname = $full_name;
if (!empty($hzal->user_id)) {
$user = User::getInstance($hzal->user_id);
$response->username = $user->username;
$response->email = $user->email;
$response->fullname = $user->name;
} else {
$response->username = '******' . $hzal->id;
$response->email = $response->username . '@invalid';
// Also set a suggested username for their hub account
$sub_email = explode('@', (string) $profile->{'email-address'}, 2);
$tmp_username = $sub_email[0];
$jsession->set('auth_link.tmp_username', $tmp_username);
}
$hzal->update();
// If we have a real user, drop the authenticator cookie
if (isset($user) && is_object($user)) {
// Set cookie with login preference info
$prefs = array('user_id' => $user->get('id'), 'user_img' => (string) $profile->{'picture-urls'}->{'picture-url'}, 'authenticator' => 'linkedin');
$namespace = 'authenticator';
$lifetime = time() + 365 * 24 * 60 * 60;
\Hubzero\Utility\Cookie::bake($namespace, $lifetime, $prefs);
}
} else {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_LINKEDIN_AUTHENTICATION_FAILED');
}
}
/**
* Confirm user's registration code
*
* @return void
*/
public function confirmTask()
{
// Incoming
$code = Request::getVar('confirm', false);
if (!$code) {
$code = Request::getVar('code', false);
}
$cookie = \Hubzero\Utility\Cookie::eat('authenticator');
// Check if the user is logged in
if (User::isGuest()) {
$return = base64_encode(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&task=' . $this->_task . '&confirm=' . $code, false, true));
App::redirect(Route::url('index.php?option=com_users&view=login&return=' . $return, false), Lang::txt('Please login in so we can confirm your account.'), 'warning');
}
// @FIXME The session is overriding the activation code
$xprofile = User::oneByActivationToken(-$code);
$user = User::getInstance();
if ($xprofile->get('id') != $user->get('id')) {
// Profile and logged in user does not math
$this->setError('login mismatch');
// Build logout/login/confirm redirect flow
$login_return = base64_encode(Route::url('index.php?option=' . $this->option . '&controller=' . $this->_controller . '&task=' . $this->_task . '&confirm=' . $code));
$logout_return = base64_encode(Route::url('index.php?option=com_users&view=login&return=' . $login_return));
$redirect = Route::url('index.php?option=com_users&view=logout&return=' . $logout_return);
}
$email_confirmed = $xprofile->get('activation');
if ($email_confirmed == 1 || $email_confirmed == 3) {
// The current user is confirmed - check to see if the incoming code is valid at all
if (\Components\Members\Helpers\Utility::isActiveCode($code)) {
$this->setError('login mismatch');
// Build logout/login/confirm redirect flow
$login_return = base64_encode(Route::url('index.php?option=' . $this->option . '&controller=' . $this->_controller . '&task=' . $this->_task . '&confirm=' . $code));
$logout_return = base64_encode(Route::url('index.php?option=com_users&view=login&return=' . $login_return));
$redirect = Route::url('index.php?option=com_users&view=logout&return=' . $logout_return);
}
} elseif ($email_confirmed < 0 && $email_confirmed == -$code) {
//var to hold return path
$return = '';
// get return path
$cReturn = $this->config->get('ConfirmationReturn');
if ($cReturn) {
$return = $cReturn;
}
//check to see if we have a return param
$pReturn = base64_decode(urldecode($xprofile->getParam('return')));
if ($pReturn) {
$return = $pReturn;
$xprofile->setParam('return', '');
}
// make as confirmed
$xprofile->set('activation', 1);
// set public setting
$xprofile->set('access', $this->config->get('privacy', 1));
// upload profile
if (!$xprofile->save()) {
$this->setError(Lang::txt('COM_MEMBERS_REGISTER_ERROR_CONFIRMING'));
}
// if the user just changed their email & confirmed
// reset 'userchangedemail' key
if (Session::get('userchangedemail', 0) == 1) {
Session::set('userchangedemail', 0);
}
// Redirect
if (empty($return)) {
$r = $this->config->get('ConfirmationReturn');
$return = $r ? $r : Route::url('index.php?option=com_members&task=myaccount');
// consume cookie (yum) if available to return to whatever action prompted registration
if (isset($_COOKIE['return'])) {
$return = $_COOKIE['return'];
setcookie('return', '', time() - 3600);
}
}
App::redirect($return, '', 'message', true);
} else {
$this->setError(Lang::txt('COM_MEMBERS_REGISTER_ERROR_INVALID_CONFIRMATION'));
}
// Set the pathway
$this->_buildPathway();
// Set the page title
$this->_buildTitle();
// Instantiate a new view
$this->view->set('title', Lang::txt('COM_MEMBERS_REGISTER_CONFIRM'))->set('login', $xprofile->get('username'))->set('email', $xprofile->get('email'))->set('code', $code)->set('redirect', isset($return) ? $return : '')->set('sitename', Config::get('sitename'))->setErrors($this->getErrors())->display();
}
/**
* This method should handle any authentication and report back to the subject
*
* @param array $credentials Array holding the user credentials
* @param array $options Array of extra options
* @param object $response Authentication response object
* @return boolean
*/
public function onUserAuthenticate($credentials, $options, &$response)
{
// Set up the config for the api instance
$client = new Oauth();
if ($this->params->get('environment') == 'sandbox') {
$client->useSandboxEnvironment();
}
$client->setClientId($this->params->get('app_id'))->setClientSecret($this->params->get('app_secret'))->setRedirectUri(self::getRedirectUri('scistarter'));
if (App::get('session')->get('scistarter.token', NULL)) {
$client->setAccessToken(App::get('session')->get('scistarter.token'));
}
// If we have an access token set, carry on
if ($client->isAuthenticated()) {
$account = $client->getUserData();
// Make sure we have a Scistarter account
if ($account->scistarter_user_id > 0) {
$username = (string) $account->email;
// Create the hubzero auth link
$method = Component::params('com_users')->get('allowUserRegistration', false) ? 'find_or_create' : 'find';
$hzal = \Hubzero\Auth\Link::$method('authentication', 'scistarter', null, $username);
if ($hzal === false) {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_SCISTARTER_UNKNOWN_USER');
return;
}
$hzal->email = $account->email;
// Set response variables
$response->auth_link = $hzal;
$response->type = 'scistarter';
$response->status = \Hubzero\Auth\Status::SUCCESS;
$response->fullname = $account->email;
if (!empty($hzal->user_id)) {
$user = User::getInstance($hzal->user_id);
$response->username = $user->username;
$response->email = $user->email;
$response->fullname = $user->name;
} else {
$response->username = '******' . $hzal->id;
$response->email = $response->username . '@invalid';
// Also set a suggested username for their hub account
$sub_email = explode('@', $account->email, 2);
$tmp_username = $sub_email[0];
Session::set('auth_link.tmp_username', $tmp_username);
}
$hzal->update();
// If we have a real user, drop the authenticator cookie
if (isset($user) && is_object($user)) {
// Set cookie with login preference info
$prefs = array('user_id' => $user->get('id'), 'user_img' => $user->picture(0, false), 'authenticator' => 'scistarter');
$namespace = 'authenticator';
$lifetime = time() + 365 * 24 * 60 * 60;
\Hubzero\Utility\Cookie::bake($namespace, $lifetime, $prefs);
}
} else {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_SCISTARTER_AUTHENTICATION_FAILED');
}
} else {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_SCISTARTER_AUTHENTICATION_FAILED');
}
}
/**
* This method should handle any authentication and report back to the subject
*
* @param array $credentials Array holding the user credentials
* @param array $options Array of extra options
* @param object $response Authentication response object
* @return boolean
*/
public function onUserAuthenticate($credentials, $options, &$response)
{
jimport('joomla.user.helper');
// For JLog
$response->type = 'hubzero';
// HUBzero does not like blank passwords
if (empty($credentials['password'])) {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_HUBZERO_ERROR_EMPTY_PASS');
return false;
}
// Initialize variables
$conditions = '';
// Get a database object
$db = \App::get('db');
// Determine if attempting to log in via username or email address
if (strpos($credentials['username'], '@')) {
$conditions = ' WHERE email=' . $db->Quote($credentials['username']);
} else {
$conditions = ' WHERE username='******'username']);
}
$query = 'SELECT `id`, `username`, `password`' . ' FROM `#__users`' . $conditions . ' AND `block` != 1';
$db->setQuery($query);
$result = $db->loadObjectList();
if (is_array($result) && count($result) > 1) {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_HUBZERO_UNKNOWN_USER');
return false;
} elseif (is_array($result) && isset($result[0])) {
$result = $result[0];
}
// Now make sure they haven't made too many failed login attempts
if (\Hubzero\User\User::oneOrFail($result->id)->hasExceededLoginLimit()) {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_HUBZERO_TOO_MANY_ATTEMPTS');
return false;
}
if ($result) {
if (\Hubzero\User\Password::passwordMatches($result->username, $credentials['password'], true)) {
$user = User::getInstance($result->id);
$response->username = $user->username;
$response->email = $user->email;
$response->fullname = $user->name;
$response->status = \Hubzero\Auth\Status::SUCCESS;
$response->error_message = '';
// Check validity and age of password
$password_rules = \Hubzero\Password\Rule::getRules();
$msg = \Hubzero\Password\Rule::validate($credentials['password'], $password_rules, $result->username);
if (is_array($msg) && !empty($msg[0])) {
App::get('session')->set('badpassword', '1');
}
if (\Hubzero\User\Password::isPasswordExpired($result->username)) {
App::get('session')->set('expiredpassword', '1');
}
// Set cookie with login preference info
$prefs = array('user_id' => $user->get('id'), 'user_img' => \Hubzero\User\Profile::getInstance($user->get('id'))->getPicture(0, false), 'authenticator' => 'hubzero');
$namespace = 'authenticator';
$lifetime = time() + 365 * 24 * 60 * 60;
\Hubzero\Utility\Cookie::bake($namespace, $lifetime, $prefs);
} else {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_HUBZERO_AUTHENTICATION_FAILED');
}
} else {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_HUBZERO_AUTHENTICATION_FAILED');
}
}
/**
* This method should handle any authentication and report back to the subject
*
* @param array $credentials Array holding the user credentials
* @param array $options Array of extra options
* @param object $response Authentication response object
* @return boolean
*/
public function onUserAuthenticate($credentials, $options, &$response)
{
if (Config::get('debug')) {
$debug_location = $this->params->get('debug_location', '/var/log/apache2/php/phpCAS.log');
phpCAS::setDebug($debug_location);
}
$this->initialize();
try {
$authenticated = phpCAS::isAuthenticated();
} catch (CAS_AuthenticationException $e) {
throw new Exception(Lang::txt('PLG_AUTHENTICATION_PUCAS_ERROR_EXPIRED_TICKET'), 400);
}
$return = isset($options['return']) ? $options['return'] : '';
if ($authenticated && $this->checkBoilerkey($return)) {
$username = phpCAS::getUser();
$method = Component::params('com_users')->get('allowUserRegistration', false) ? 'find_or_create' : 'find';
$hzal = \Hubzero\Auth\Link::$method('authentication', 'pucas', null, $username);
if ($hzal === false) {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_PUCAS_UNKNOWN_USER');
return;
}
$hzal->email = $username . '@purdue.edu';
$response->auth_link = $hzal;
$response->type = 'pucas';
$response->status = \Hubzero\Auth\Status::SUCCESS;
$email = phpCAS::getAttribute('email');
$name = phpCAS::getAttribute('fullname');
if (!empty($email)) {
$hzal->email = $email;
}
if (!empty($name)) {
$response->fullname = ucwords(strtolower($name));
}
if (!empty($hzal->user_id)) {
$user = User::getInstance($hzal->user_id);
// Bring this in line with the rest of the system
$response->username = $user->username;
$response->email = $user->email;
$response->fullname = $user->name;
} else {
$response->username = '******' . $hzal->id;
// The Open Group Base Specifications Issue 6, Section 3.426
$response->email = $response->username . '@invalid';
// RFC2606, section 2
// Also set a suggested username for their hub account
App::get('session')->set('auth_link.tmp_username', $username);
}
$hzal->update();
// If we have a real user, drop the authenticator cookie
if (isset($user) && is_object($user)) {
// Set cookie with login preference info
$prefs = array('user_id' => $user->get('id'), 'user_img' => \Hubzero\User\Profile::getInstance($user->get('id'))->getPicture(0, false), 'authenticator' => 'pucas');
$namespace = 'authenticator';
$lifetime = time() + 365 * 24 * 60 * 60;
\Hubzero\Utility\Cookie::bake($namespace, $lifetime, $prefs);
}
} else {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_PUCAS_AUTHENTICATION_FAILED');
}
}
/**
* This method should handle any authentication and report back to the subject
*
* @param array $credentials Array holding the user credentials
* @param array $options Array of extra options
* @param object $response Authentication response object
* @return boolean
*/
public function onUserAuthenticate($credentials, $options, &$response)
{
// Set up the config for the ORCID api instance
$oauth = new Oauth();
$oauth->setClientId($this->params->get('client_id'))->setClientSecret($this->params->get('client_secret'))->setRedirectUri(self::getRedirectUri('orcid'));
// Authenticate the user
$oauth->authenticate(Request::getVar('code'));
// Check for successful authentication
if ($oauth->isAuthenticated()) {
$orcid = new Profile($oauth);
// Set username to ORCID iD
$username = $orcid->id();
// Create the hubzero auth link
$method = Component::params('com_users')->get('allowUserRegistration', false) ? 'find_or_create' : 'find';
$hzal = \Hubzero\Auth\Link::$method('authentication', 'orcid', null, $username);
if ($hzal === false) {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_ORCID_UNKNOWN_USER');
return;
}
$hzal->email = $orcid->email() ? $orcid->email() : null;
// Set response variables
$response->auth_link = $hzal;
$response->type = 'orcid';
$response->status = \Hubzero\Auth\Status::SUCCESS;
$response->fullname = $orcid->fullName();
if (!empty($hzal->user_id)) {
$user = User::getInstance($hzal->user_id);
$response->username = $user->username;
$response->email = $user->email;
$response->fullname = $user->name;
} else {
$response->username = '******' . $hzal->id;
$response->email = $response->username . '@invalid';
// Also set a suggested username for their hub account
Session::set('auth_link.tmp_username', str_replace(' ', '', strtolower($response->fullname)));
Session::set('auth_link.tmp_orcid', $username);
}
$hzal->update();
// If we have a real user, drop the authenticator cookie
if (isset($user) && is_object($user)) {
// Set cookie with login preference info
$prefs = array('user_id' => $user->get('id'), 'user_img' => null, 'authenticator' => 'orcid');
$namespace = 'authenticator';
$lifetime = time() + 365 * 24 * 60 * 60;
\Hubzero\Utility\Cookie::bake($namespace, $lifetime, $prefs);
}
} else {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_ORCID_AUTHENTICATION_FAILED');
}
}
