public function SSO($String) { if (!$String) { return; } $Parts = explode(' ', $String); $String = $Parts[0]; $Data = json_decode(base64_decode($String), TRUE); Trace($Data, 'RAW SSO Data'); $Errors = 0; if (!isset($Parts[1])) { Trace('Missing SSO signature', TRACE_ERROR); $Errors++; } if (!isset($Parts[2])) { Trace('Missing SSO timestamp', TRACE_ERROR); $Errors++; } if ($Errors) { return; } $Signature = $Parts[1]; $Timestamp = $Parts[2]; $HashMethod = GetValue(3, $Parts, 'hmacsha1'); $ClientID = GetValue('client_id', $Data); if (!$ClientID) { Trace('Missing SSO client_id', TRACE_ERROR); return; } $Provider = Gdn_AuthenticationProviderModel::GetProviderByKey($ClientID); if (!$Provider) { Trace("Unknown SSO Provider: {$ClientID}", TRACE_ERROR); return; } $Secret = $Provider['AssociationSecret']; // Check the signature. switch ($HashMethod) { case 'hmacsha1': $CalcSignature = hash_hmac('sha1', "{$String} {$Timestamp}", $Secret); break; default: Trace("Invalid SSO hash method {$HashMethod}.", TRACE_ERROR); return; } if ($CalcSignature != $Signature) { Trace("Invalid SSO signature.", TRACE_ERROR); return; } $UniqueID = $Data['uniqueid']; $User = ArrayTranslate($Data, array('name' => 'Name', 'email' => 'Email', 'photourl' => 'Photo', 'uniqueid' => NULL, 'client_id' => NULL), TRUE); Trace($User, 'SSO User'); $UserID = Gdn::UserModel()->Connect($UniqueID, $ClientID, $User); return $UserID; }
public function GetProvider($ProviderKey = NULL, $Force = FALSE) { static $AuthModel = NULL; static $Provider = NULL; if (is_null($AuthModel)) { $AuthModel = new Gdn_AuthenticationProviderModel(); } $AuthenticationSchemeAlias = $this->GetAuthenticationSchemeAlias(); if (is_null($Provider) || $Force === TRUE) { if (!is_null($ProviderKey)) { $ProviderData = $AuthModel->GetProviderByKey($ProviderKey); } else { $ProviderData = $AuthModel->GetProviderByScheme($AuthenticationSchemeAlias, $UserID); } if ($ProviderData) { $Provider = $ProviderData; } else { return FALSE; } } return $Provider; }
public function SSO($UserID = FALSE) { $this->Permission('Garden.Users.Edit'); $ProviderModel = new Gdn_AuthenticationProviderModel(); $Form = new Gdn_Form(); if ($this->Request->IsPostBack()) { // Make sure everything has been posted. $Form->ValidateRule('ClientID', 'ValidateRequired'); $Form->ValidateRule('UniqueID', 'ValidateRequired'); if (!ValidateRequired($Form->GetFormValue('Username')) && !ValidateRequired($Form->GetFormValue('Email'))) { $Form->AddError('Username or Email is required.'); } $Provider = $ProviderModel->GetProviderByKey($Form->GetFormValue('ClientID')); if (!$Provider) { $Form->AddError(sprintf('%1$s "%2$s" not found.', T('Provider'), $Form->GetFormValue('ClientID'))); } if ($Form->ErrorCount() > 0) { throw new Gdn_UserException($Form->ErrorString()); } // Grab the user. $User = FALSE; if ($Email = $Form->GetFormValue('Email')) { $User = Gdn::UserModel()->GetByEmail($Email); } if (!$User && ($Username = $Form->GetFormValue('Username'))) { $User = Gdn::UserModel()->GetByUsername($Username); } if (!$User) { throw new Gdn_UserException(sprintf(T('User not found.'), strtolower(T(UserModel::SigninLabelCode()))), 404); } // Validate the user's password. $PasswordHash = new Gdn_PasswordHash(); $Password = $this->Form->GetFormValue('Password', NULL); if ($Password !== NULL && !$PasswordHash->CheckPassword($Password, GetValue('Password', $User), GetValue('HashMethod', $User))) { throw new Gdn_UserException(T('Invalid password.'), 401); } // Okay. We've gotten this far. Let's save the authentication. $User = (array) $User; Gdn::UserModel()->SaveAuthentication(array('UserID' => $User['UserID'], 'Provider' => $Form->GetFormValue('ClientID'), 'UniqueID' => $Form->GetFormValue('UniqueID'))); $Row = Gdn::UserModel()->GetAuthentication($Form->GetFormValue('UniqueID'), $Form->GetFormValue('ClientID')); if ($Row) { $this->SetData('Result', $Row); } else { throw new Gdn_UserException(T('There was an error saving the data.')); } } else { $User = Gdn::UserModel()->GetID($UserID); if (!$User) { throw NotFoundException('User'); } $Result = Gdn::SQL()->Select('ua.ProviderKey', '', 'ClientID')->Select('ua.ForeignUserKey', '', 'UniqueID')->Select('ua.UserID')->Select('p.Name')->Select('p.AuthenticationSchemeAlias', '', 'Type')->From('UserAuthentication ua')->Join('UserAuthenticationProvider p', 'ua.ProviderKey = p.AuthenticationKey')->Where('UserID', $UserID)->Get()->ResultArray(); $this->SetData('Result', $Result); } $this->Render('Blank', 'Utility', 'Dashboard'); }