protected function register_scope($id, $type, $table) { if ($type == 'Condition') { if ($table == 'encounters') { $table_key = 'eid_'; } if ($table == 'issues') { $table_key = 'issue_id'; } $resource_set_array = array('name' => 'Condition', 'icon' => 'https://noshchartingsystem.com/i-condition.png', 'scopes' => array(URL::to('/') . '/fhir/Condition/' . $table_key . $id, URL::to('/') . '/fhir/Condition?identifier=' . $table_key . $id)); } if ($type == 'MedicationStatement') { $resource_set_array = array('name' => 'Medication List', 'icon' => 'https://noshchartingsystem.com/i-pharmacy.png', 'scopes' => array(URL::to('/') . '/fhir/MedicationStatement/' . $id, URL::to('/') . '/fhir/MedicationStatement?identifier=' . $id)); } if ($type == 'Allergy') { $resource_set_array = array('name' => 'Allergy', 'icon' => 'https://noshchartingsystem.com/i-allergy.png', 'scopes' => array(URL::to('/') . '/fhir/AllergyIntolerance/' . $id, URL::to('/') . '/fhir/AllergyIntolerance?identifier=' . $id)); } if ($type == 'Immunization') { $resource_set_array = array('name' => 'Immunization', 'icon' => 'https://noshchartingsystem.com/i-immunization.png', 'scopes' => array(URL::to('/') . '/fhir/Immunization/' . $id, URL::to('/') . '/fhir/Immunization?identifier=' . $id)); } if ($type == 'Encounter') { $resource_set_array = array('name' => 'Encounter', 'icon' => 'https://noshchartingsystem.com/i-medical-records.png', 'scopes' => array(URL::to('/') . '/fhir/Encounter/' . $id, URL::to('/') . '/fhir/Encounter?identifier=' . $id)); } if ($type == 'FamilyHistory') { $resource_set_array = array('name' => 'Family History', 'icon' => 'https://noshchartingsystem.com/i-family-practice.png', 'scopes' => array(URL::to('/') . '/fhir/FamilyHistory/' . $id, URL::to('/') . '/fhir/FamilyHistory?identifier=' . $id)); } if ($type == 'Binary') { $resource_set_array[] = array('name' => 'Binary Files', 'icon' => 'https://noshchartingsystem.com/i-file.png', 'scopes' => array(URL::to('/') . '/fhir/Binary/' . $id, URL::to('/') . '/fhir/Binary?identifier=' . $id)); } if ($type == 'Observation') { $resource_set_array = array('name' => 'Observation', 'icon' => 'https://noshchartingsystem.com/i-cardiology.png', 'scopes' => array(URL::to('/') . '/fhir/Observation/' . $id, URL::to('/') . '/fhir/Observation?identifier=' . $id)); } $open_id_url = str_replace('/nosh', '/uma-server-webapp/', URL::to('/')); $practice = DB::table('practiceinfo')->where('practice_id', '=', '1')->first(); $client_id = $practice->uma_client_id; $client_secret = $practice->uma_client_secret; $refresh_token = $practice->uma_refresh_token; $oidc1 = new OpenIDConnectClient($open_id_url, $client_id, $client_secret); $oidc1->refresh($refresh_token, true); $response = $oidc1->resource_set($resource_set_array['name'], $resource_set_array['icon'], $resource_set_array['scopes']); if (isset($response['resource_set_id'])) { foreach ($resource_set_array['scopes'] as $scope_item) { $response_data1 = array('resource_set_id' => $response['resource_set_id'], 'scope' => $scope_item, 'user_access_policy_uri' => $response['user_access_policy_uri'], 'table_id' => $id, 'table' => $table); DB::table('uma')->insert($response_data1); $this->audit('Add'); } } return true; }
public function uma_auth() { $open_id_url = str_replace('/nosh', '/uma-server-webapp/', URL::to('/')); $practice = DB::table('practiceinfo')->where('practice_id', '=', '1')->first(); $client_id = $practice->uma_client_id; $client_secret = $practice->uma_client_secret; $url = route('uma_auth'); $oidc = new OpenIDConnectClient($open_id_url, $client_id, $client_secret); $oidc->setRedirectURL($url); if ($practice->uma_refresh_token == '') { $oidc->addScope('openid'); $oidc->addScope('email'); $oidc->addScope('profile'); $oidc->addScope('offline_access'); $oidc->addScope('uma_protection'); } else { $oidc->addScope('openid'); $oidc->addScope('email'); $oidc->addScope('profile'); } $oidc->authenticate(true); $firstname = $oidc->requestUserInfo('given_name'); $lastname = $oidc->requestUserInfo('family_name'); $email = $oidc->requestUserInfo('email'); $npi = $oidc->requestUserInfo('npi'); $access_token = $oidc->getAccessToken(); if ($npi != '') { $provider = DB::table('providers')->where('npi', '=', $npi)->first(); if ($provider) { $user = User::where('id', '=', $provider->id)->first(); } else { $user = false; } } else { $user = User::where('uid', '=', $oidc->requestUserInfo('sub'))->first(); //$user = User::where('firstname', '=', $firstname)->where('email', '=', $email)->where('lastname', '=', $lastname)->where('active', '=', '1')->first(); } if ($user) { // Add refresh token, if there is one if ($oidc->getRefreshToken() != '') { $refresh_data['uma_refresh_token'] = $oidc->getRefreshToken(); DB::table('practiceinfo')->where('practice_id', '=', '1')->update($refresh_data); // Register scopes, if none are set yet $uma = DB::table('uma')->first(); if (!$uma) { $resource_set_array[] = array('name' => 'Patient', 'icon' => 'https://noshchartingsystem.com/i-patient.png', 'scopes' => array(URL::to('/') . '/fhir/Patient/1', URL::to('/') . '/fhir/Patient?identifier=1', URL::to('/') . '/fhir/Patient?_id=1', URL::to('/') . '/fhir/Medication', URL::to('/') . '/fhir/Practitioner')); $resource_set_array[] = array('name' => 'Condition', 'icon' => 'https://noshchartingsystem.com/i-condition.png', 'scopes' => array(URL::to('/') . '/fhir/Condition/?subject:Patient=1')); $resource_set_array[] = array('name' => 'Medication List', 'icon' => 'https://noshchartingsystem.com/i-pharmacy.png', 'scopes' => array(URL::to('/') . '/fhir/MedicationStatement/?subject:Patient=1')); $resource_set_array[] = array('name' => 'Allergy', 'icon' => 'https://noshchartingsystem.com/i-allergy.png', 'scopes' => array(URL::to('/') . '/fhir/AllergyIntolerance/?subject:Patient=1')); $resource_set_array[] = array('name' => 'Immunization', 'icon' => 'https://noshchartingsystem.com/i-immunization.png', 'scopes' => array(URL::to('/') . '/fhir/Immunization/?subject:Patient=1')); $resource_set_array[] = array('name' => 'Encounter', 'icon' => 'https://noshchartingsystem.com/i-medical-records.png', 'scopes' => array(URL::to('/') . '/fhir/Encounter/?subject:Patient=1')); $resource_set_array[] = array('name' => 'Family History', 'icon' => 'https://noshchartingsystem.com/i-family-practice.png', 'scopes' => array(URL::to('/') . '/fhir/FamilyHistory/?subject:Patient=1')); $resource_set_array[] = array('name' => 'Binary Files', 'icon' => 'https://noshchartingsystem.com/i-file.png', 'scopes' => array(URL::to('/') . '/fhir/Binary/?subject:Patient=1')); $resource_set_array[] = array('name' => 'Observation', 'icon' => 'https://noshchartingsystem.com/i-cardiology.png', 'scopes' => array(URL::to('/') . '/fhir/Observation/?subject:Patient=1')); $oidc1 = new OpenIDConnectClient($open_id_url, $client_id, $client_secret); $oidc1->refresh($refresh_data['uma_refresh_token'], true); foreach ($resource_set_array as $resource_set_item) { $response = $oidc1->resource_set($resource_set_item['name'], $resource_set_item['icon'], $resource_set_item['scopes']); if (isset($response['resource_set_id'])) { foreach ($resource_set_item['scopes'] as $scope_item) { $response_data1 = array('resource_set_id' => $response['resource_set_id'], 'scope' => $scope_item, 'user_access_policy_uri' => $response['user_access_policy_uri']); DB::table('uma')->insert($response_data1); $this->audit('Add'); } } } } } Auth::login($user); $practice = Practiceinfo::find($user->practice_id); Session::put('user_id', $user->id); Session::put('group_id', $user->group_id); Session::put('practice_id', $user->practice_id); Session::put('version', $practice->version); Session::put('practice_active', $practice->active); Session::put('displayname', $user->displayname); Session::put('documents_dir', $practice->documents_dir); Session::put('rcopia', $practice->rcopia_extension); Session::put('mtm_extension', $practice->mtm_extension); Session::put('patient_centric', $practice->patient_centric); Session::put('uma_auth_access_token', $access_token); setcookie("login_attempts", 0, time() + 900, '/'); return Redirect::intended('/'); } else { $practice_npi = $oidc->requestUserInfo('practice_npi'); $practice_id = false; if ($practice_npi != '') { $practice_npi_array = explode(',', $practice_npi); $practice_npi_array_null = array(); foreach ($practice_npi_array as $practice_npi_item) { $practice_query = DB::table('practiceinfo')->where('npi', '=', $practice_npi_item)->first(); if ($practice_query) { $practice_id = $practice_query->practice_id; } else { $practice_npi_array_null[] = $practice_npi_item; } } } if ($practice_id == false) { if (count($practice_npi_array_null) == 1) { $url = 'http://docnpi.com/api/index.php?ident=' . $practice_npi_array_null[0] . '&is_ident=true&format=aha'; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_FAILONERROR, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 15); $data1 = curl_exec($ch); curl_close($ch); $html = new Htmldom($data1); $practicename = ''; $address = ''; $street_address1 = ''; $city = ''; $state = ''; $zip = ''; if (isset($html)) { $li = $html->find('li', 0); if (isset($li)) { $nomatch = $li->innertext; if ($nomatch != ' no matching results ') { $name_item = $li->find('span[class=org]', 0); $practicename = $name_item->innertext; $address_item = $li->find('span[class=address]', 0); $address = $address_item->innertext; } } } if ($address != '') { $address_array = explode(',', $address); if (isset($address_array[0])) { $street_address1 = trim($address_array[0]); } if (isset($address_array[1])) { $zip = trim($address_array[1]); } if (isset($address_array[2])) { $city = trim($address_array[2]); } if (isset($address_array[3])) { $state = trim($address_array[3]); } } $practice_data = array('npi' => $practice_npi_array_null[0], 'practice_name' => $practicename, 'street_address1' => $street_address1, 'city' => $city, 'state' => $state, 'zip' => $zip, 'documents_dir' => $practice->documents_dir, 'version' => $practice->version, 'active' => 'Y', 'fax_type' => '', 'vivacare' => '', 'patient_centric' => 'yp', 'smtp_user' => $practice->smtp_user, 'smtp_pass' => $practice->smtp_pass); $practice_id = DB::table('practiceinfo')->insertGetId($practice_data); $this->audit('Add'); } else { Session::put('practice_npi_array', implode(',', $practice_npi_array_null)); Session::put('firstname', $firstname); Session::put('lastname', $lastname); Session::put('username', $oidc->requestUserInfo('sub')); Session::put('middle', $oidc->requestUserInfo('middle_name')); Session::put('displayname', $oidc->requestUserInfo('name')); Session::put('email', $email); Session::put('npi', $npi); Session::put('practice_choose', 'y'); Session::put('uid', $oidc->requestUserInfo('sub')); Session::put('uma_auth_access_token', $access_token); return Redirect::to('practice_choose'); } } $data = array('username' => $oidc->requestUserInfo('sub'), 'firstname' => $firstname, 'middle' => $oidc->requestUserInfo('middle_name'), 'lastname' => $lastname, 'displayname' => $oidc->requestUserInfo('name'), 'email' => $email, 'group_id' => '2', 'active' => '1', 'practice_id' => $practice_id, 'secret_question' => 'Use HIEofOne to reset your password!', 'uid' => $oidc->requestUserInfo('sub')); $id = DB::table('users')->insertGetId($data); $this->audit('Add'); $data1 = array('id' => $id, 'npi' => $npi, 'practice_id' => $practice_id); DB::table('providers')->insert($data1); $this->audit('Add'); $user1 = User::where('id', '=', $id)->first(); Auth::login($user1); $practice1 = Practiceinfo::find($user1->practice_id); Session::put('user_id', $user1->id); Session::put('group_id', $user1->group_id); Session::put('practice_id', $user1->practice_id); Session::put('version', $practice1->version); Session::put('practice_active', $practice1->active); Session::put('displayname', $user1->displayname); Session::put('documents_dir', $practice1->documents_dir); Session::put('rcopia', $practice1->rcopia_extension); Session::put('mtm_extension', $practice1->mtm_extension); Session::put('patient_centric', $practice1->patient_centric); Session::put('uma_auth_access_token', $access_token); setcookie("login_attempts", 0, time() + 900, '/'); return Redirect::intended('/'); } }
} else { // No RPT, Request Permission Ticket $url = Request::url(); $query = DB::table('uma')->where('scope', '=', $url)->first(); $as_uri = str_replace('/nosh', '/uma-server-webapp/', URL::to('/')); $header = ['WWW-Authenticate' => 'UMA realm = "pNOSH_UMA", as_uri = "' . $as_uri . '"']; $statusCode = 403; if ($query) { // Look for additional scopes for resource_set_id $query1 = DB::table('uma')->where('resource_set_id', '=', $query->resource_set_id)->get(); $scopes = array(); foreach ($query1 as $row1) { $scopes[] = $row1->scope; } $oidc = new OpenIDConnectClient($open_id_url, $client_id, $client_secret); $oidc->refresh($practice->uma_refresh_token, true); $permission_ticket = $oidc->permission_request($query->resource_set_id, $scopes); if (isset($permission_ticket['error'])) { $response = ['error' => $permission_ticket['error'], 'error_description' => $permission_ticket['error_description']]; } else { $response = ['ticket' => $permission_ticket['ticket']]; } } else { $response = ['error' => 'invalid_scope', 'error_description' => 'At least one of the scopes included in the request was not registered previously by this resource server.']; } return Response::json($response, $statusCode, $header); } //$payload = Request::header('X-Auth-Token'); //$user = DB::table('users')->where('oauth_token', '=', $payload)->where('oauth_token_secret', '>', time())->first(); //if(!$payload || !$user) { //$statusCode = 401;