Loading auth/oauth2/linkedin_login.php 0 → 100644 +37 −0 Original line number Diff line number Diff line <?php /* ---------------------------------------------------------------------------- * INAF - National Institute for Astrophysics * IRA - Radioastronomical Institute - Bologna * OATS - Astronomical Observatory - Trieste * ---------------------------------------------------------------------------- * * Copyright (C) 2016 Istituto Nazionale di Astrofisica * * This program is free software; you can redistribute it and/or modify it under * the terms of the GNU General Public License Version 3 as published by the * Free Software Foundation. * * This program is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more * details. * * You should have received a copy of the GNU General Public License along with * this program; if not, write to the Free Software Foundation, Inc., 51 * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ include '../../include/init.php'; startSession(); $LinkedIn = $AUTHENTICATION_METHODS['LinkedIn']; $url = "https://www.linkedin.com/oauth/v2/authorization?response_type=code"; $url .= "&client_id=" . $LinkedIn['id']; $url .= "&redirect_uri=" . $LinkedIn['callback']; $url .= "&state=789654123"; $url .= "&scope=r_basicprofile r_emailaddress"; header("Location: $url"); ?> auth/oauth2/linkedin_token.php 0 → 100644 +124 −0 Original line number Diff line number Diff line <?php /* ---------------------------------------------------------------------------- * INAF - National Institute for Astrophysics * IRA - Radioastronomical Institute - Bologna * OATS - Astronomical Observatory - Trieste * ---------------------------------------------------------------------------- * * Copyright (C) 2016 Istituto Nazionale di Astrofisica * * This program is free software; you can redistribute it and/or modify it under * the terms of the GNU General Public License Version 3 as published by the * Free Software Foundation. * * This program is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more * details. * * You should have received a copy of the GNU General Public License along with * this program; if not, write to the Free Software Foundation, Inc., 51 * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ include '../../include/init.php'; startSession(); $LinkedIn = $AUTHENTICATION_METHODS['LinkedIn']; if (!isset($_REQUEST['code'])) { die("Unable to get LinkedIn client code"); } //create array of data to be posted to get AccessToken $post_data = array( 'grant_type' => "authorization_code", 'code' => $_REQUEST['code'], 'redirect_uri' => $LinkedIn['callback'], 'client_id' => $LinkedIn['id'], 'client_secret' => $LinkedIn['secret']); //traverse array and prepare data for posting (key1=value1) foreach ($post_data as $key => $value) { $post_items[] = $key . '=' . $value; } //create the final string to be posted $post_string = implode('&', $post_items); //create cURL connection $conn1 = curl_init('https://www.linkedin.com/oauth/v2/accessToken'); //set options curl_setopt($conn1, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($conn1, CURLOPT_RETURNTRANSFER, true); curl_setopt($conn1, CURLOPT_SSL_VERIFYPEER, true); curl_setopt($conn1, CURLOPT_FOLLOWLOCATION, 1); //set data to be posted curl_setopt($conn1, CURLOPT_POSTFIELDS, $post_string); //perform our request $result1 = curl_exec($conn1); if ($result1) { $my_token = json_decode($result1, TRUE); $access_token = $my_token['access_token']; $expires_in = $my_token['expires_in']; curl_close($conn1); } else { //show information regarding the error $errorMessage = curl_errno($conn1) . "-"; $errorMessage = $errorMessage . curl_error($conn1); curl_close($conn1); die($errorMessage); } // Call to API $conn2 = curl_init(); curl_setopt($conn2, CURLOPT_URL, "https://api.linkedin.com/v1/people/~:(first-name,last-name,email-address,id)?format=json"); curl_setopt($conn2, CURLOPT_HTTPHEADER, array( 'Authorization: Bearer ' . $access_token )); curl_setopt($conn2, CURLOPT_RETURNTRANSFER, true); $result = curl_exec($conn2); if ($result) { $data = json_decode($result, TRUE); curl_close($conn2); if (isset($data['errorCode'])) { $errorMessage = $data['message']; die($errorMessage); } $typedId = $data['id']; $user = $userHandler->findUserByIdentity(RAP\Identity::LINKEDIN, $typedId); if ($user === null) { $user = new RAP\User(); $identity = new RAP\Identity(RAP\Identity::LINKEDIN); $identity->email = $data['emailAddress']; $identity->name = $data['firstName']; $identity->surname = $data['lastName']; $identity->typedId = $typedId; $user->addIdentity($identity); $userHandler->saveUser($user); } $callbackHandler->manageLoginRedirect($user, $session); } else { //show information regarding the error $errorMessage = curl_errno($conn2) . "-"; $errorMessage = $errorMessage . curl_error($conn2); curl_close($conn2); die($errorMessage); } ?> classes/CallbackHandler.php +10 −4 Original line number Diff line number Diff line Loading @@ -39,7 +39,7 @@ class CallbackHandler { /** * returns null if the callback URL is not listed in configuration file. */ public static function getCallbackTitle($callbackURL) { public function getCallbackTitle($callbackURL) { if ($callbackURL === null) { return "Account Management"; Loading @@ -58,16 +58,22 @@ class CallbackHandler { if ($session->getCallbackURL() !== null) { // External login using token $token = Util::createNewToken(); $this->dao->createLoginToken($token, $user->id); header('Location: ' . $session->getCallbackURL() . '?token=' . $token); header('Location: ' . $this->getLoginWithTokenURL($user->id, $session->getCallbackURL())); die(); } else { // Login in session $session->user = $user; $session->save(); // Return to index header('Location: ' . $this->basePath); die(); } } public function getLoginWithTokenURL($userId, $callbackURL) { $token = Util::createNewToken(); $this->dao->createLoginToken($token, $userId); return $callbackURL . '?token=' . $token; } } classes/MailSender.php +54 −2 Original line number Diff line number Diff line Loading @@ -26,8 +26,60 @@ namespace RAP; class MailSender { public static function sendJoinEmail(User $recipientUser, User $applicantUser) { private $serverName; private $basePath; public function __construct($serverName, $basePath) { $this->serverName = $serverName; $this->basePath = $basePath; } public function sendJoinEmail(User $recipientUser, User $applicantUser, $token) { $subject = "IA2 RAP: Join request"; $header = "From: noreply@" . $this->serverName . "\r\n"; $header .= "Content-Type: text/html; charset=UTF-8"; $confirmJoinURL = $this->basePath . '/confirm-join?token=' . $token; $body = "Dear IA2 user,<br/><br/>"; $body .= "the following user requested to join your accounts on the " . "<a href=\"https://sso.ia2.inaf.it/rap-ia2/\" target=\"blank_\">RAP facility</a>:<br/><br/>"; foreach ($applicantUser->identities as $identity) { $body .= "<b>Type</b>: " . $identity->type . "<br/>"; if ($identity->name !== null) { $body .= "<b>Name</b>: " . $identity->name . "<br/>"; } if ($identity->surname !== null) { $body .= "<b>Surname</b>: " . $identity->surname . "<br/>"; } $body .= "<b>E-mail</b>: " . $identity->email . "<br/>"; if ($identity->eppn !== null) { $body .= "<b>Eppn</b>: " . $identity->eppn . "<br/>"; } if ($identity->institution !== null) { $body .= "<b>Institution</b>: " . $identity->institution . "<br/>"; } $body .= "<br/>"; } $body .= "<br/>If you and this user are the same person click on the following link for joining your accounts:<br/>"; $body .= "<a href=\"$confirmJoinURL\" target=\"blank_\">$confirmJoinURL</a>"; $body .= "<br/><br/>Otherwise you can ignore this email<br/><br/>"; $body .= "<b>*** This is an automatically generated email, please do not reply to this message ***</b><br/>"; $body .= "If you need information please contact <a href=\"mailto:ia2@oats.inaf.it\">IA2 Staff</a>"; mail($recipientUser->getPrimaryEmail(), $subject, $body, $header); } } classes/MySQLDAO.php +4 −0 Original line number Diff line number Diff line Loading @@ -246,6 +246,10 @@ class MySQLDAO implements DAO { public function createJoinRequest($token, $applicantUserId, $targetUserId) { if($applicantUserId === $targetUserId) { throw new \Exception("Invalid target user id"); } $dbh = $this->getDBHandler(); $stmt = $dbh->prepare("INSERT INTO `join_request`(`token`, `applicant_user_id`, `target_user_id`)" Loading Loading
auth/oauth2/linkedin_login.php 0 → 100644 +37 −0 Original line number Diff line number Diff line <?php /* ---------------------------------------------------------------------------- * INAF - National Institute for Astrophysics * IRA - Radioastronomical Institute - Bologna * OATS - Astronomical Observatory - Trieste * ---------------------------------------------------------------------------- * * Copyright (C) 2016 Istituto Nazionale di Astrofisica * * This program is free software; you can redistribute it and/or modify it under * the terms of the GNU General Public License Version 3 as published by the * Free Software Foundation. * * This program is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more * details. * * You should have received a copy of the GNU General Public License along with * this program; if not, write to the Free Software Foundation, Inc., 51 * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ include '../../include/init.php'; startSession(); $LinkedIn = $AUTHENTICATION_METHODS['LinkedIn']; $url = "https://www.linkedin.com/oauth/v2/authorization?response_type=code"; $url .= "&client_id=" . $LinkedIn['id']; $url .= "&redirect_uri=" . $LinkedIn['callback']; $url .= "&state=789654123"; $url .= "&scope=r_basicprofile r_emailaddress"; header("Location: $url"); ?>
auth/oauth2/linkedin_token.php 0 → 100644 +124 −0 Original line number Diff line number Diff line <?php /* ---------------------------------------------------------------------------- * INAF - National Institute for Astrophysics * IRA - Radioastronomical Institute - Bologna * OATS - Astronomical Observatory - Trieste * ---------------------------------------------------------------------------- * * Copyright (C) 2016 Istituto Nazionale di Astrofisica * * This program is free software; you can redistribute it and/or modify it under * the terms of the GNU General Public License Version 3 as published by the * Free Software Foundation. * * This program is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more * details. * * You should have received a copy of the GNU General Public License along with * this program; if not, write to the Free Software Foundation, Inc., 51 * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ include '../../include/init.php'; startSession(); $LinkedIn = $AUTHENTICATION_METHODS['LinkedIn']; if (!isset($_REQUEST['code'])) { die("Unable to get LinkedIn client code"); } //create array of data to be posted to get AccessToken $post_data = array( 'grant_type' => "authorization_code", 'code' => $_REQUEST['code'], 'redirect_uri' => $LinkedIn['callback'], 'client_id' => $LinkedIn['id'], 'client_secret' => $LinkedIn['secret']); //traverse array and prepare data for posting (key1=value1) foreach ($post_data as $key => $value) { $post_items[] = $key . '=' . $value; } //create the final string to be posted $post_string = implode('&', $post_items); //create cURL connection $conn1 = curl_init('https://www.linkedin.com/oauth/v2/accessToken'); //set options curl_setopt($conn1, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($conn1, CURLOPT_RETURNTRANSFER, true); curl_setopt($conn1, CURLOPT_SSL_VERIFYPEER, true); curl_setopt($conn1, CURLOPT_FOLLOWLOCATION, 1); //set data to be posted curl_setopt($conn1, CURLOPT_POSTFIELDS, $post_string); //perform our request $result1 = curl_exec($conn1); if ($result1) { $my_token = json_decode($result1, TRUE); $access_token = $my_token['access_token']; $expires_in = $my_token['expires_in']; curl_close($conn1); } else { //show information regarding the error $errorMessage = curl_errno($conn1) . "-"; $errorMessage = $errorMessage . curl_error($conn1); curl_close($conn1); die($errorMessage); } // Call to API $conn2 = curl_init(); curl_setopt($conn2, CURLOPT_URL, "https://api.linkedin.com/v1/people/~:(first-name,last-name,email-address,id)?format=json"); curl_setopt($conn2, CURLOPT_HTTPHEADER, array( 'Authorization: Bearer ' . $access_token )); curl_setopt($conn2, CURLOPT_RETURNTRANSFER, true); $result = curl_exec($conn2); if ($result) { $data = json_decode($result, TRUE); curl_close($conn2); if (isset($data['errorCode'])) { $errorMessage = $data['message']; die($errorMessage); } $typedId = $data['id']; $user = $userHandler->findUserByIdentity(RAP\Identity::LINKEDIN, $typedId); if ($user === null) { $user = new RAP\User(); $identity = new RAP\Identity(RAP\Identity::LINKEDIN); $identity->email = $data['emailAddress']; $identity->name = $data['firstName']; $identity->surname = $data['lastName']; $identity->typedId = $typedId; $user->addIdentity($identity); $userHandler->saveUser($user); } $callbackHandler->manageLoginRedirect($user, $session); } else { //show information regarding the error $errorMessage = curl_errno($conn2) . "-"; $errorMessage = $errorMessage . curl_error($conn2); curl_close($conn2); die($errorMessage); } ?>
classes/CallbackHandler.php +10 −4 Original line number Diff line number Diff line Loading @@ -39,7 +39,7 @@ class CallbackHandler { /** * returns null if the callback URL is not listed in configuration file. */ public static function getCallbackTitle($callbackURL) { public function getCallbackTitle($callbackURL) { if ($callbackURL === null) { return "Account Management"; Loading @@ -58,16 +58,22 @@ class CallbackHandler { if ($session->getCallbackURL() !== null) { // External login using token $token = Util::createNewToken(); $this->dao->createLoginToken($token, $user->id); header('Location: ' . $session->getCallbackURL() . '?token=' . $token); header('Location: ' . $this->getLoginWithTokenURL($user->id, $session->getCallbackURL())); die(); } else { // Login in session $session->user = $user; $session->save(); // Return to index header('Location: ' . $this->basePath); die(); } } public function getLoginWithTokenURL($userId, $callbackURL) { $token = Util::createNewToken(); $this->dao->createLoginToken($token, $userId); return $callbackURL . '?token=' . $token; } }
classes/MailSender.php +54 −2 Original line number Diff line number Diff line Loading @@ -26,8 +26,60 @@ namespace RAP; class MailSender { public static function sendJoinEmail(User $recipientUser, User $applicantUser) { private $serverName; private $basePath; public function __construct($serverName, $basePath) { $this->serverName = $serverName; $this->basePath = $basePath; } public function sendJoinEmail(User $recipientUser, User $applicantUser, $token) { $subject = "IA2 RAP: Join request"; $header = "From: noreply@" . $this->serverName . "\r\n"; $header .= "Content-Type: text/html; charset=UTF-8"; $confirmJoinURL = $this->basePath . '/confirm-join?token=' . $token; $body = "Dear IA2 user,<br/><br/>"; $body .= "the following user requested to join your accounts on the " . "<a href=\"https://sso.ia2.inaf.it/rap-ia2/\" target=\"blank_\">RAP facility</a>:<br/><br/>"; foreach ($applicantUser->identities as $identity) { $body .= "<b>Type</b>: " . $identity->type . "<br/>"; if ($identity->name !== null) { $body .= "<b>Name</b>: " . $identity->name . "<br/>"; } if ($identity->surname !== null) { $body .= "<b>Surname</b>: " . $identity->surname . "<br/>"; } $body .= "<b>E-mail</b>: " . $identity->email . "<br/>"; if ($identity->eppn !== null) { $body .= "<b>Eppn</b>: " . $identity->eppn . "<br/>"; } if ($identity->institution !== null) { $body .= "<b>Institution</b>: " . $identity->institution . "<br/>"; } $body .= "<br/>"; } $body .= "<br/>If you and this user are the same person click on the following link for joining your accounts:<br/>"; $body .= "<a href=\"$confirmJoinURL\" target=\"blank_\">$confirmJoinURL</a>"; $body .= "<br/><br/>Otherwise you can ignore this email<br/><br/>"; $body .= "<b>*** This is an automatically generated email, please do not reply to this message ***</b><br/>"; $body .= "If you need information please contact <a href=\"mailto:ia2@oats.inaf.it\">IA2 Staff</a>"; mail($recipientUser->getPrimaryEmail(), $subject, $body, $header); } }
classes/MySQLDAO.php +4 −0 Original line number Diff line number Diff line Loading @@ -246,6 +246,10 @@ class MySQLDAO implements DAO { public function createJoinRequest($token, $applicantUserId, $targetUserId) { if($applicantUserId === $targetUserId) { throw new \Exception("Invalid target user id"); } $dbh = $this->getDBHandler(); $stmt = $dbh->prepare("INSERT INTO `join_request`(`token`, `applicant_user_id`, `target_user_id`)" Loading
