/**
* Method to call when redirected back from google after authentication
* Grab the return URL if set and handle denial of app privileges from google
*
* @param object $credentials
* @param object $options
* @return void
*/
public function login(&$credentials, &$options)
{
$b64dreturn = '';
// Check the state for our return variable
if ($return = Request::getVar('state', '', 'method', 'base64')) {
$b64dreturn = base64_decode($return);
if (!\Hubzero\Utility\Uri::isInternal($b64dreturn)) {
$b64dreturn = '';
}
}
$options['return'] = $b64dreturn;
// Set up the config for the google api instance
$client = new Google_Client();
$client->setClientId($this->params->get('app_id'));
$client->setClientSecret($this->params->get('app_secret'));
$client->setRedirectUri(self::getRedirectUri('google'));
// If we have a code comeing back, the user has authorized our app, and we can authenticate
if ($code = Request::getVar('code', NULL)) {
// Authenticate the user
$client->authenticate($code);
// Add the access token to the session
$session = App::get('session');
$session->set('google.token', $client->getAccessToken());
} else {
// User didn't authorize our app or clicked cancel
App::redirect(Route::url('index.php?option=com_users&view=login&return=' . $return), Lang::txt('PLG_AUTHENTICATION_GOOGLE_MUST_AUTHORIZE_TO_LOGIN', Config::get('sitename')), 'error');
}
}
/**
* Actions to perform when logging in a user session
*
* @param array $credentials login credentials
* @param array $options login options
* @return void
*/
public function login(&$credentials, &$options)
{
// Check for return param
if ($return = Request::getVar('return', '', 'method', 'base64')) {
$return = base64_decode($return);
if (!\Hubzero\Utility\Uri::isInternal($return)) {
$return = '';
}
}
$options['return'] = $return;
}
/**
* Method to call when redirected back from twitter after authentication
* Grab the return URL if set and handle denial of app privileges from twitter
*
* @param object $credentials
* @param object $options
* @return void
*/
public function login(&$credentials, &$options)
{
if ($return = Request::getVar('return', '', 'method', 'base64')) {
$b64dreturn = base64_decode($return);
if (!\Hubzero\Utility\Uri::isInternal($b64dreturn)) {
$b64dreturn = '';
}
}
$options['return'] = $b64dreturn;
// Check to make sure they didn't deny our application permissions
if (Request::getWord('denied', false)) {
// User didn't authorize our app or clicked cancel
App::redirect(Route::url('index.php?option=com_users&view=login&return=' . $return), Lang::txt('PLG_AUTHENTICATION_TWITTER_MUST_AUTHORIZE_TO_LOGIN', Config::get('sitename')), 'error');
return;
}
}
/**
* Method to call when redirected back from ORCID after authentication
* Grab the return URL if set and handle denial of app privileges from ORCID
*
* @param object $credentials
* @param object $options
* @return void
*/
public function login(&$credentials, &$options)
{
$b64dreturn = '';
// Check the state for our return variable
if ($return = Request::getVar('state', '', 'method', 'base64')) {
$b64dreturn = base64_decode($return);
if (!\Hubzero\Utility\Uri::isInternal($b64dreturn)) {
$b64dreturn = '';
}
}
$options['return'] = $b64dreturn;
// If we have a code coming back, the user has authorized our app, and we can authenticate
if (!Request::getVar('code', NULL)) {
// User didn't authorize our app or clicked cancel
App::redirect(Route::url('index.php?option=com_users&view=login&return=' . $return), Lang::txt('PLG_AUTHENTICATION_ORCID_MUST_AUTHORIZE_TO_LOGIN', Config::get('sitename')), 'error');
}
}
/**
* Method to call when redirected back from linkedin after authentication
* Grab the return URL if set and handle denial of app privileges from linkedin
*
* @param object $credentials
* @param object $options
* @return void
*/
public function login(&$credentials, &$options)
{
$jsession = App::get('session');
$b64dreturn = '';
// Check to see if a return parameter was specified
if ($return = Request::getVar('return', '', 'method', 'base64')) {
$b64dreturn = base64_decode($return);
if (!\Hubzero\Utility\Uri::isInternal($b64dreturn)) {
$b64dreturn = '';
}
}
// Set the return variable
$options['return'] = $b64dreturn;
// Set up linkedin configuration
$linkedin_config['appKey'] = $this->params->get('api_key');
$linkedin_config['appSecret'] = $this->params->get('app_secret');
$linkedin_config['callbackUrl'] = self::getRedirectUri('linkedin');
// Create Object
$linkedin_client = new LinkedIn($linkedin_config);
if (!Request::getVar('oauth_verifier', NULL)) {
// User didn't authorize our app, or, clicked cancel
App::redirect(Route::url('index.php?option=com_users&view=login&return=' . $return), Lang::txt('PLG_AUTHENTICATION_LINKEDIN_MUST_AUTHORIZE_TO_LOGIN', Config::get('sitename')), 'error');
}
// LinkedIn has sent a response, user has granted permission, take the temp access token,
// the user's secret and the verifier to request the user's real secret key
$request = $jsession->get('linkedin.oauth.request');
$reply = $linkedin_client->retrieveTokenAccess($request['oauth_token'], $request['oauth_token_secret'], Request::getVar('oauth_verifier'));
if ($reply['success'] === TRUE) {
// The request went through without an error, gather user's 'access' tokens
$jsession->set('linkedin.oauth.access', $reply['linkedin']);
// Set the user as authorized for future quick reference
$jsession->set('linkedin.oauth.authorized', TRUE);
} else {
return new Exception(Lang::txt('PLG_AUTHENTICATION_LINKEDIN_ERROR'), 500);
}
}
/**
* Actions to perform when logging in a user session
*
* @param unknown &$credentials Parameter description (if any) ...
* @param array &$options Parameter description (if any) ...
* @return void
*/
public function login(&$credentials, &$options)
{
if ($return = Request::getVar('return', '', 'method', 'base64')) {
$return = base64_decode($return);
if (!\Hubzero\Utility\Uri::isInternal($return)) {
$return = '';
}
}
$options['return'] = $return;
// If someone is logged in already, then we're linking an account
if (!User::get('guest')) {
self::log('already logged in, redirect for link');
list($service, $com_user, $task) = self::getLoginParams();
App::redirect($service . '/index.php?option=' . $com_user . '&task=' . $task . '&authenticator=shibboleth&shib-session=' . urlencode($_COOKIE['shib-session']));
}
// extract variables set by mod_shib, if any
// https://www.incommon.org/federation/attributesummary.html
if ($sid = isset($_SERVER['REDIRECT_Shib-Session-ID']) ? $_SERVER['REDIRECT_Shib-Session-ID'] : (isset($_SERVER['Shib-Session-ID']) ? $_SERVER['Shib-Session-ID'] : NULL)) {
$attrs = array('id' => $sid, 'idp' => isset($_SERVER['REDIRECT_Shib-Identity-Provider']) ? $_SERVER['REDIRECT_Shib-Identity-Provider'] : $_SERVER['Shib-Identity-Provider']);
foreach (array('email', 'eppn', 'displayName', 'givenName', 'sn', 'mail') as $key) {
if (isset($_SERVER[$key])) {
$attrs[$key] = $_SERVER[$key];
} elseif (isset($_SERVER['REDIRECT_' . $key])) {
$attrs[$key] = $_SERVER['REDIRECT_' . $key];
}
}
if (isset($attrs['mail']) && strpos($attrs['mail'], '@')) {
$attrs['email'] = $attrs['mail'];
unset($attrs['mail']);
}
// normalize things a bit
if (!isset($attrs['username']) && isset($attrs['eppn'])) {
$attrs['username'] = preg_replace('/@.*$/', '', $attrs['eppn']);
}
// eppn is sometimes or maybe always in practice an email address
if (!isset($attrs['email']) && isset($attrs['eppn']) && strpos($attrs['eppn'], '@')) {
$attrs['email'] = $attrs['eppn'];
}
if (!isset($attrs['displayName']) && isset($attrs['givenName']) && $attrs['sn']) {
$attrs['displayName'] = $attrs['givenName'] . ' ' . $attrs['sn'];
}
$options['shibboleth'] = $attrs;
self::log('session attributes: ', $attrs);
self::log('cookie', $_COOKIE);
self::log('server attributes: ', $_SERVER);
//JFactory::getSession()->set('shibboleth.session', $attrs);
$key = trim(base64_encode(openssl_random_pseudo_bytes(128)));
setcookie('shib-session', $key);
$dbh = App::get('db');
$dbh->setQuery('INSERT INTO #__shibboleth_sessions(session_key, data) VALUES(' . $dbh->quote($key) . ', ' . $dbh->quote(json_encode($attrs)) . ')');
$dbh->execute();
}
}
