Loading README.md +90 −5 Original line number Diff line number Diff line # RAP 2 # RAP IA2 ## Installation ## Installation and configuration Requirements: * Apache httpd server (tested on Apache/2.4.6) * PHP (5.4+), composer for dependecies * MySQL/MariaDB (tested on MariaDB 5.5.52) ### PHP Put RAP sources in `/var/www/html/rap-ia2` For installing PHP dependencies run: Loading @@ -8,7 +18,82 @@ For installing PHP dependencies run: Install also the bcmath PHP package (used in X.509 parser). To setup the database edit scripts in the sql folder and run them: ### MySQL Create a dedicated database and user: CREATE DATABASE rap; CREATE USER rap@localhost IDENTIFIED BY 'XXXXXX'; GRANT ALL PRIVILEGES ON rap.* TO rap@localhost; Enable the event scheduler: * open MySQL configuration file (e.g. /etc/my.cnf) * set `event_scheduler=1` * restart MySQL Then run the setup script: mysql -u root -p < sql/setup-database.sql ### Apache (httpd) * Configure a valid HTTPS certificate on the server * Configure X.509 client certificate authentication: <Directory /var/www/html/rap-ia2/auth/x509/> Options Indexes FollowSymLinks AllowOverride None Order allow,deny allow from all SSLVerifyClient require SSLVerifyDepth 10 SSLOptions +ExportCertData </Directory> * Shibboleth authentication: <Directory /var/www/html/rap-ia2/auth/saml2/> AuthType shibboleth ShibRequestSetting requireSession 1 Require valid-user </Directory> * Protect log directory: <Directory /var/www/html/rap-ia2/logs/> Order deny,allow Deny From All </Directory> * Protect RAP Web Service in Basic-Auth: <Location "/rap-ia2/ws"> AuthType basic AuthName RAP AuthUserFile apachepasswd Require valid-user </Location> * Then creates a password file for RAP Web Service Basic-Auth: * `cd /etc/httpd/` * `htpasswd -c apachepasswd rap` * The last command creates an hashed password for an user "rap" and store it in a file named apachepasswd. * Finally, restart the Apache server. ### Social networks Before using social API it is necessary to register an application on each social network and obtain API keys and secrets: * https://console.developers.google.com * https://www.linkedin.com/developer/apps * https://developers.facebook.com/apps ### Configuration file Copy the `config-example.php` into `config.php` and edit it for matching your needs. ## Additional information and developer guide mysql -u root -p < sql/create-db-and-user.sql mysql -u root -p rap < sql/create-tables.sql See the wiki: https://www.ict.inaf.it/gitlab/zorba/rap-ia2/wikis/home auth/oauth2/facebook_login.php +5 −1 Original line number Diff line number Diff line Loading @@ -22,9 +22,12 @@ * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ /* This page uses the Facebook API for generating the redirect URL to use for Facebook login */ include '../../include/init.php'; startSession(); // Retrieve Facebook configuration $Facebook = $AUTHENTICATION_METHODS['Facebook']; $fb = new Facebook\Facebook([ Loading @@ -35,7 +38,8 @@ $fb = new Facebook\Facebook([ $helper = $fb->getRedirectLoginHelper(); $permissions = ['email']; // Optional permissions $permissions = ['email']; // Optional permissions: we need user email $loginUrl = $helper->getLoginUrl($Facebook['callback'], $permissions); header("Location: $loginUrl"); Loading auth/oauth2/facebook_token.php +5 −0 Original line number Diff line number Diff line Loading @@ -22,9 +22,12 @@ * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ /* Facebook callback page */ include '../../include/init.php'; startSession(); // Retrieve Facebook configuration $Facebook = $AUTHENTICATION_METHODS['Facebook']; $fb = new Facebook\Facebook([ Loading Loading @@ -80,9 +83,11 @@ $fbUser = $response->getGraphUser(); $typedId = $fbUser["id"]; // Search if the user is already registered into RAP using the Facebook ID. $user = $userHandler->findUserByIdentity(RAP\Identity::FACEBOOK, $typedId); if ($user === null) { // Create new user $user = new RAP\User(); $identity = new RAP\Identity(RAP\Identity::FACEBOOK); Loading auth/oauth2/google_token.php +6 −1 Original line number Diff line number Diff line Loading @@ -22,9 +22,12 @@ * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ /* Google redirect and callback page */ include '../../include/init.php'; startSession(); // Retrieve Google configuration $Google = $AUTHENTICATION_METHODS['Google']; $client = new Google_Client(array( Loading Loading @@ -53,7 +56,7 @@ if (isset($_GET['code'])) { if ($client->getAccessToken()) { // Query web service // Query web service for retrieving user information $service = new Google_Service_People($client); try { Loading @@ -74,9 +77,11 @@ if ($client->getAccessToken()) { $typedId = explode('/', $res->getResourceName())[1]; // Search if the user is already registered into RAP using the Google ID. $user = $userHandler->findUserByIdentity(RAP\Identity::GOOGLE, $typedId); if ($user === null) { // Create new user $user = new RAP\User(); $identity = new RAP\Identity(RAP\Identity::GOOGLE); Loading auth/oauth2/linkedin_login.php +3 −0 Original line number Diff line number Diff line Loading @@ -22,9 +22,12 @@ * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ /* This page redirects to LinkedIn login page */ include '../../include/init.php'; startSession(); // Retrieve LinkedIn configuration $LinkedIn = $AUTHENTICATION_METHODS['LinkedIn']; $url = "https://www.linkedin.com/oauth/v2/authorization?response_type=code"; Loading Loading
README.md +90 −5 Original line number Diff line number Diff line # RAP 2 # RAP IA2 ## Installation ## Installation and configuration Requirements: * Apache httpd server (tested on Apache/2.4.6) * PHP (5.4+), composer for dependecies * MySQL/MariaDB (tested on MariaDB 5.5.52) ### PHP Put RAP sources in `/var/www/html/rap-ia2` For installing PHP dependencies run: Loading @@ -8,7 +18,82 @@ For installing PHP dependencies run: Install also the bcmath PHP package (used in X.509 parser). To setup the database edit scripts in the sql folder and run them: ### MySQL Create a dedicated database and user: CREATE DATABASE rap; CREATE USER rap@localhost IDENTIFIED BY 'XXXXXX'; GRANT ALL PRIVILEGES ON rap.* TO rap@localhost; Enable the event scheduler: * open MySQL configuration file (e.g. /etc/my.cnf) * set `event_scheduler=1` * restart MySQL Then run the setup script: mysql -u root -p < sql/setup-database.sql ### Apache (httpd) * Configure a valid HTTPS certificate on the server * Configure X.509 client certificate authentication: <Directory /var/www/html/rap-ia2/auth/x509/> Options Indexes FollowSymLinks AllowOverride None Order allow,deny allow from all SSLVerifyClient require SSLVerifyDepth 10 SSLOptions +ExportCertData </Directory> * Shibboleth authentication: <Directory /var/www/html/rap-ia2/auth/saml2/> AuthType shibboleth ShibRequestSetting requireSession 1 Require valid-user </Directory> * Protect log directory: <Directory /var/www/html/rap-ia2/logs/> Order deny,allow Deny From All </Directory> * Protect RAP Web Service in Basic-Auth: <Location "/rap-ia2/ws"> AuthType basic AuthName RAP AuthUserFile apachepasswd Require valid-user </Location> * Then creates a password file for RAP Web Service Basic-Auth: * `cd /etc/httpd/` * `htpasswd -c apachepasswd rap` * The last command creates an hashed password for an user "rap" and store it in a file named apachepasswd. * Finally, restart the Apache server. ### Social networks Before using social API it is necessary to register an application on each social network and obtain API keys and secrets: * https://console.developers.google.com * https://www.linkedin.com/developer/apps * https://developers.facebook.com/apps ### Configuration file Copy the `config-example.php` into `config.php` and edit it for matching your needs. ## Additional information and developer guide mysql -u root -p < sql/create-db-and-user.sql mysql -u root -p rap < sql/create-tables.sql See the wiki: https://www.ict.inaf.it/gitlab/zorba/rap-ia2/wikis/home
auth/oauth2/facebook_login.php +5 −1 Original line number Diff line number Diff line Loading @@ -22,9 +22,12 @@ * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ /* This page uses the Facebook API for generating the redirect URL to use for Facebook login */ include '../../include/init.php'; startSession(); // Retrieve Facebook configuration $Facebook = $AUTHENTICATION_METHODS['Facebook']; $fb = new Facebook\Facebook([ Loading @@ -35,7 +38,8 @@ $fb = new Facebook\Facebook([ $helper = $fb->getRedirectLoginHelper(); $permissions = ['email']; // Optional permissions $permissions = ['email']; // Optional permissions: we need user email $loginUrl = $helper->getLoginUrl($Facebook['callback'], $permissions); header("Location: $loginUrl"); Loading
auth/oauth2/facebook_token.php +5 −0 Original line number Diff line number Diff line Loading @@ -22,9 +22,12 @@ * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ /* Facebook callback page */ include '../../include/init.php'; startSession(); // Retrieve Facebook configuration $Facebook = $AUTHENTICATION_METHODS['Facebook']; $fb = new Facebook\Facebook([ Loading Loading @@ -80,9 +83,11 @@ $fbUser = $response->getGraphUser(); $typedId = $fbUser["id"]; // Search if the user is already registered into RAP using the Facebook ID. $user = $userHandler->findUserByIdentity(RAP\Identity::FACEBOOK, $typedId); if ($user === null) { // Create new user $user = new RAP\User(); $identity = new RAP\Identity(RAP\Identity::FACEBOOK); Loading
auth/oauth2/google_token.php +6 −1 Original line number Diff line number Diff line Loading @@ -22,9 +22,12 @@ * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ /* Google redirect and callback page */ include '../../include/init.php'; startSession(); // Retrieve Google configuration $Google = $AUTHENTICATION_METHODS['Google']; $client = new Google_Client(array( Loading Loading @@ -53,7 +56,7 @@ if (isset($_GET['code'])) { if ($client->getAccessToken()) { // Query web service // Query web service for retrieving user information $service = new Google_Service_People($client); try { Loading @@ -74,9 +77,11 @@ if ($client->getAccessToken()) { $typedId = explode('/', $res->getResourceName())[1]; // Search if the user is already registered into RAP using the Google ID. $user = $userHandler->findUserByIdentity(RAP\Identity::GOOGLE, $typedId); if ($user === null) { // Create new user $user = new RAP\User(); $identity = new RAP\Identity(RAP\Identity::GOOGLE); Loading
auth/oauth2/linkedin_login.php +3 −0 Original line number Diff line number Diff line Loading @@ -22,9 +22,12 @@ * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ /* This page redirects to LinkedIn login page */ include '../../include/init.php'; startSession(); // Retrieve LinkedIn configuration $LinkedIn = $AUTHENTICATION_METHODS['LinkedIn']; $url = "https://www.linkedin.com/oauth/v2/authorization?response_type=code"; Loading
