/** * Method to call when redirected back from google after authentication * Grab the return URL if set and handle denial of app privileges from google * * @param object $credentials * @param object $options * @return void */ public function login(&$credentials, &$options) { $b64dreturn = ''; // Check the state for our return variable if ($return = Request::getVar('state', '', 'method', 'base64')) { $b64dreturn = base64_decode($return); if (!\Hubzero\Utility\Uri::isInternal($b64dreturn)) { $b64dreturn = ''; } } $options['return'] = $b64dreturn; // Set up the config for the google api instance $client = new Google_Client(); $client->setClientId($this->params->get('app_id')); $client->setClientSecret($this->params->get('app_secret')); $client->setRedirectUri(self::getRedirectUri('google')); // If we have a code comeing back, the user has authorized our app, and we can authenticate if ($code = Request::getVar('code', NULL)) { // Authenticate the user $client->authenticate($code); // Add the access token to the session $session = App::get('session'); $session->set('google.token', $client->getAccessToken()); } else { // User didn't authorize our app or clicked cancel App::redirect(Route::url('index.php?option=com_users&view=login&return=' . $return), Lang::txt('PLG_AUTHENTICATION_GOOGLE_MUST_AUTHORIZE_TO_LOGIN', Config::get('sitename')), 'error'); } }
/** * Actions to perform when logging in a user session * * @param array $credentials login credentials * @param array $options login options * @return void */ public function login(&$credentials, &$options) { // Check for return param if ($return = Request::getVar('return', '', 'method', 'base64')) { $return = base64_decode($return); if (!\Hubzero\Utility\Uri::isInternal($return)) { $return = ''; } } $options['return'] = $return; }
/** * Method to call when redirected back from twitter after authentication * Grab the return URL if set and handle denial of app privileges from twitter * * @param object $credentials * @param object $options * @return void */ public function login(&$credentials, &$options) { if ($return = Request::getVar('return', '', 'method', 'base64')) { $b64dreturn = base64_decode($return); if (!\Hubzero\Utility\Uri::isInternal($b64dreturn)) { $b64dreturn = ''; } } $options['return'] = $b64dreturn; // Check to make sure they didn't deny our application permissions if (Request::getWord('denied', false)) { // User didn't authorize our app or clicked cancel App::redirect(Route::url('index.php?option=com_users&view=login&return=' . $return), Lang::txt('PLG_AUTHENTICATION_TWITTER_MUST_AUTHORIZE_TO_LOGIN', Config::get('sitename')), 'error'); return; } }
/** * Method to call when redirected back from ORCID after authentication * Grab the return URL if set and handle denial of app privileges from ORCID * * @param object $credentials * @param object $options * @return void */ public function login(&$credentials, &$options) { $b64dreturn = ''; // Check the state for our return variable if ($return = Request::getVar('state', '', 'method', 'base64')) { $b64dreturn = base64_decode($return); if (!\Hubzero\Utility\Uri::isInternal($b64dreturn)) { $b64dreturn = ''; } } $options['return'] = $b64dreturn; // If we have a code coming back, the user has authorized our app, and we can authenticate if (!Request::getVar('code', NULL)) { // User didn't authorize our app or clicked cancel App::redirect(Route::url('index.php?option=com_users&view=login&return=' . $return), Lang::txt('PLG_AUTHENTICATION_ORCID_MUST_AUTHORIZE_TO_LOGIN', Config::get('sitename')), 'error'); } }
/** * Method to call when redirected back from linkedin after authentication * Grab the return URL if set and handle denial of app privileges from linkedin * * @param object $credentials * @param object $options * @return void */ public function login(&$credentials, &$options) { $jsession = App::get('session'); $b64dreturn = ''; // Check to see if a return parameter was specified if ($return = Request::getVar('return', '', 'method', 'base64')) { $b64dreturn = base64_decode($return); if (!\Hubzero\Utility\Uri::isInternal($b64dreturn)) { $b64dreturn = ''; } } // Set the return variable $options['return'] = $b64dreturn; // Set up linkedin configuration $linkedin_config['appKey'] = $this->params->get('api_key'); $linkedin_config['appSecret'] = $this->params->get('app_secret'); $linkedin_config['callbackUrl'] = self::getRedirectUri('linkedin'); // Create Object $linkedin_client = new LinkedIn($linkedin_config); if (!Request::getVar('oauth_verifier', NULL)) { // User didn't authorize our app, or, clicked cancel App::redirect(Route::url('index.php?option=com_users&view=login&return=' . $return), Lang::txt('PLG_AUTHENTICATION_LINKEDIN_MUST_AUTHORIZE_TO_LOGIN', Config::get('sitename')), 'error'); } // LinkedIn has sent a response, user has granted permission, take the temp access token, // the user's secret and the verifier to request the user's real secret key $request = $jsession->get('linkedin.oauth.request'); $reply = $linkedin_client->retrieveTokenAccess($request['oauth_token'], $request['oauth_token_secret'], Request::getVar('oauth_verifier')); if ($reply['success'] === TRUE) { // The request went through without an error, gather user's 'access' tokens $jsession->set('linkedin.oauth.access', $reply['linkedin']); // Set the user as authorized for future quick reference $jsession->set('linkedin.oauth.authorized', TRUE); } else { return new Exception(Lang::txt('PLG_AUTHENTICATION_LINKEDIN_ERROR'), 500); } }
/** * Actions to perform when logging in a user session * * @param unknown &$credentials Parameter description (if any) ... * @param array &$options Parameter description (if any) ... * @return void */ public function login(&$credentials, &$options) { if ($return = Request::getVar('return', '', 'method', 'base64')) { $return = base64_decode($return); if (!\Hubzero\Utility\Uri::isInternal($return)) { $return = ''; } } $options['return'] = $return; // If someone is logged in already, then we're linking an account if (!User::get('guest')) { self::log('already logged in, redirect for link'); list($service, $com_user, $task) = self::getLoginParams(); App::redirect($service . '/index.php?option=' . $com_user . '&task=' . $task . '&authenticator=shibboleth&shib-session=' . urlencode($_COOKIE['shib-session'])); } // extract variables set by mod_shib, if any // https://www.incommon.org/federation/attributesummary.html if ($sid = isset($_SERVER['REDIRECT_Shib-Session-ID']) ? $_SERVER['REDIRECT_Shib-Session-ID'] : (isset($_SERVER['Shib-Session-ID']) ? $_SERVER['Shib-Session-ID'] : NULL)) { $attrs = array('id' => $sid, 'idp' => isset($_SERVER['REDIRECT_Shib-Identity-Provider']) ? $_SERVER['REDIRECT_Shib-Identity-Provider'] : $_SERVER['Shib-Identity-Provider']); foreach (array('email', 'eppn', 'displayName', 'givenName', 'sn', 'mail') as $key) { if (isset($_SERVER[$key])) { $attrs[$key] = $_SERVER[$key]; } elseif (isset($_SERVER['REDIRECT_' . $key])) { $attrs[$key] = $_SERVER['REDIRECT_' . $key]; } } if (isset($attrs['mail']) && strpos($attrs['mail'], '@')) { $attrs['email'] = $attrs['mail']; unset($attrs['mail']); } // normalize things a bit if (!isset($attrs['username']) && isset($attrs['eppn'])) { $attrs['username'] = preg_replace('/@.*$/', '', $attrs['eppn']); } // eppn is sometimes or maybe always in practice an email address if (!isset($attrs['email']) && isset($attrs['eppn']) && strpos($attrs['eppn'], '@')) { $attrs['email'] = $attrs['eppn']; } if (!isset($attrs['displayName']) && isset($attrs['givenName']) && $attrs['sn']) { $attrs['displayName'] = $attrs['givenName'] . ' ' . $attrs['sn']; } $options['shibboleth'] = $attrs; self::log('session attributes: ', $attrs); self::log('cookie', $_COOKIE); self::log('server attributes: ', $_SERVER); //JFactory::getSession()->set('shibboleth.session', $attrs); $key = trim(base64_encode(openssl_random_pseudo_bytes(128))); setcookie('shib-session', $key); $dbh = App::get('db'); $dbh->setQuery('INSERT INTO #__shibboleth_sessions(session_key, data) VALUES(' . $dbh->quote($key) . ', ' . $dbh->quote(json_encode($attrs)) . ')'); $dbh->execute(); } }