-
Notifications
You must be signed in to change notification settings - Fork 10
/
AuthOpenIDConnect.php
126 lines (109 loc) · 4.74 KB
/
AuthOpenIDConnect.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
<?php
require_once(__DIR__."/vendor/autoload.php");
use Jumbojett\OpenIDConnectClient;
class AuthOpenIDConnect extends AuthPluginBase {
protected $storage = 'DbStorage';
protected $settings = [
'info' => [
'type' => 'info',
'content' => '<h1>OpenID Connect</h1><p>Please provide the following settings.</br>If necessary settings are missing, the default authdb login will be shown.</p>'
],
'providerURL' => [
'type' => 'string',
'label' => 'Provider URL',
'help' => 'Required',
'default' => ''
],
'clientID' => [
'type' => 'string',
'label' => 'Client ID',
'help' => 'Required',
'default' => ''
],
'clientSecret' => [
'type' => 'string',
'label' => 'Client Secret',
'help' => 'Required',
'default' => ''
],
'redirectURL' => [
'type' => 'string',
'label' => 'Redirect URL',
'help' => 'The Redirect URL is automatically set on plugin activation.',
'default' => '',
]
];
static protected $description = 'OpenID Connect Authenticaton Plugin for LimeSurvey.';
static protected $name = 'AuthOpenIDConnect';
public function init(){
$this->subscribe('beforeActivate');
$this->subscribe('beforeLogin');
$this->subscribe('newUserSession');
$this->subscribe('afterLogout');
}
public function beforeActivate(){
$baseURL = 'http' . (isset($_SERVER['HTTPS']) ? 's' : '') . '://' . "{$_SERVER['HTTP_HOST']}";
$this->set('redirectURL', $baseURL . '/index.php/admin/authentication/sa/login');
}
public function beforeLogin(){
$providerURL = $this->get('providerURL', null, null, false);
$clientID = $this->get('clientID', null, null, false);
$clientSecret = $this->get('clientSecret', null, null, false);
$redirectURL = $this->get('redirectURL', null, null, false);
if(!$providerURL || !$clientSecret || !$clientID || !$redirectURL){
// Display authdb login if necessary plugin settings are missing.
return;
}
$oidc = new OpenIDConnectClient($providerURL, $clientID, $clientSecret);
$oidc->setRedirectURL($redirectURL);
if(isset($_REQUEST['error'])){
return;
}
try {
if($oidc->authenticate()){
$username = $oidc->requestUserInfo('preferred_username');
$email = $oidc->requestUserInfo('email');
$givenName = $oidc->requestUserInfo('given_name');
$familyName = $oidc->requestUserInfo('family_name');
$user = $this->api->getUserByName($username);
if(empty($user)){
$user = new User;
$user->users_name = $username;
$user->setPassword(createPassword());
$user->full_name = $givenName.' '.$familyName;
$user->parent_id = 1;
$user->lang = $this->api->getConfigKey('defaultlang', 'en');
$user->email = $email;
if(!$user->save()){
// Couldn't create user, navigate to authdb login.
return;
}
// User successfully created.
}
$this->setUsername($user->users_name);
$this->setAuthPlugin();
return;
}
} catch (\Throwable $error) {
// Error occurred during authentication process, redirect to authdb login.
return;
}
}
public function newUserSession(){
$identity = $this->getEvent()->get('identity');
if ($identity->plugin != 'AuthOpenIDConnect') {
return;
}
$user = $this->api->getUserByName($this->getUsername());
// Shouldn't happen, but just to be sure.
if(empty($user)){
$this->setAuthFailure(self::ERROR_UNKNOWN_IDENTITY, gT('User not found.'));
} else {
$this->setAuthSuccess($user);
}
}
public function afterLogout(){
Yii::app()->getRequest()->redirect('/', true, 302);
}
}
?>