Loading classes/login/FacebookLogin.php +1 −1 Original line number Diff line number Diff line Loading @@ -23,7 +23,7 @@ class FacebookLogin extends LoginHandler { $permissions = ['email']; // Optional permissions: we need user email $loginUrl = $helper->getLoginUrl($Facebook->callback, $permissions); $loginUrl = $helper->getLoginUrl($this->locator->getBasePath() . $Facebook->callback, $permissions); return $loginUrl; } Loading classes/login/LinkedInLogin.php +40 −10 Original line number Diff line number Diff line Loading @@ -5,7 +5,7 @@ namespace RAP; class LinkedInLogin extends LoginHandler { public function __construct(Locator $locator) { parent::__construct($locator, Identity::FACEBOOK); parent::__construct($locator, Identity::LINKEDIN); } public function login(): string { Loading @@ -14,9 +14,9 @@ class LinkedInLogin extends LoginHandler { $url = "https://www.linkedin.com/oauth/v2/authorization?response_type=code"; $url .= "&client_id=" . $LinkedIn->id; $url .= "&redirect_uri=" . $LinkedIn->callback; $url .= "&state=789654123"; $url .= "&scope=r_basicprofile r_emailaddress"; $url .= "&redirect_uri=" . $this->locator->getBasePath() . $LinkedIn->callback; $url .= "&state=" . bin2hex(random_bytes(5)); $url .= "&scope=r_liteprofile%20r_emailaddress%20w_member_social"; return $url; } Loading @@ -33,7 +33,7 @@ class LinkedInLogin extends LoginHandler { $post_data = array( 'grant_type' => "authorization_code", 'code' => $_REQUEST['code'], 'redirect_uri' => $LinkedIn->callback, 'redirect_uri' => $this->locator->getBasePath() . $LinkedIn->callback, 'client_id' => $LinkedIn->id, 'client_secret' => $LinkedIn->secret ); Loading Loading @@ -71,6 +71,7 @@ class LinkedInLogin extends LoginHandler { //show information regarding the error $errorMessage = "Error: LinkedIn server response code: " . $info1['http_code'] . " - "; $errorMessage .= curl_error($conn1); error_log($result1); curl_close($conn1); http_response_code(500); die($errorMessage); Loading @@ -78,7 +79,7 @@ class LinkedInLogin extends LoginHandler { // Call to API $conn2 = curl_init(); curl_setopt($conn2, CURLOPT_URL, "https://api.linkedin.com/v1/people/~:(first-name,last-name,email-address,id)?format=json"); curl_setopt($conn2, CURLOPT_URL, "https://api.linkedin.com/v2/me"); curl_setopt($conn2, CURLOPT_HTTPHEADER, array( 'Authorization: Bearer ' . $access_token )); Loading @@ -99,15 +100,44 @@ class LinkedInLogin extends LoginHandler { $typedId = $data['id']; return $this->onIdentityDataReceived($typedId, function($identity) use($data) { $identity->email = $data['emailAddress']; $identity->name = $data['firstName']; $identity->surname = $data['lastName']; // Recall to API for email $conn2 = curl_init(); curl_setopt($conn2, CURLOPT_URL, "https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))"); curl_setopt($conn2, CURLOPT_HTTPHEADER, array( 'Authorization: Bearer ' . $access_token )); curl_setopt($conn2, CURLOPT_RETURNTRANSFER, true); $result = curl_exec($conn2); $info2 = curl_getinfo($conn2); if ($info2['http_code'] === 200) { $data2 = json_decode($result, TRUE); curl_close($conn2); if (isset($data['errorCode'])) { $errorMessage = $data['message']; die($errorMessage); } } else { //show information regarding the error $errorMessage = "Error: LinkedIn server response code: " . $info2['http_code'] . " - "; $errorMessage = $errorMessage . curl_error($conn2); curl_close($conn2); die($errorMessage); } return $this->onIdentityDataReceived($typedId, function($identity) use($data, $data2) { $identity->email = $data2['elements'][0]['handle~']['emailAddress']; $identity->name = $data['localizedFirstName']; $identity->surname = $data['localizedLastName']; }); } else { //show information regarding the error $errorMessage = "Error: LinkedIn server response code: " . $info2['http_code'] . " - "; $errorMessage = $errorMessage . curl_error($conn2); error_log($result); curl_close($conn2); die($errorMessage); } Loading classes/login/ShibbolethLogin.php +13 −6 Original line number Diff line number Diff line Loading @@ -9,20 +9,27 @@ class ShibbolethLogin extends LoginHandler { } public function login() { if (isset($_SERVER['Shib-Session-ID'])) { $prefix = ''; if (isset($_SERVER['Shib-Session-ID']) || $redirect = isset($_SERVER['REDIRECT_Shib-Session-ID'])) { if (isset($_SERVER['REDIRECT_Shib-Session-ID'])) { $prefix = 'REDIRECT_'; } // Retrieving eduPersonPrincipalName (eppn) $eppn = $_SERVER['eppn']; $eppn = $_SERVER[$prefix . 'eppn']; // Search if the user is already registered into RAP using the eppn. // The persistent id should be a more appropriate identifier, however at IA2 // we need to import all INAF user into RAP, even if they will never register, // and in that case we know only their eppn. $this->onIdentityDataReceived($eppn, function($identity) use($eppn) { $identity->email = $_SERVER['mail']; $identity->name = $_SERVER['givenName']; $identity->surname = $_SERVER['sn']; return $this->onIdentityDataReceived($eppn, function($identity) use($eppn, $prefix) { $identity->email = $_SERVER[$prefix . 'mail']; $identity->name = $_SERVER[$prefix . 'givenName']; $identity->surname = $_SERVER[$prefix . 'sn']; $identity->eppn = $eppn; }); } else { Loading config-example.json +3 −3 Original line number Diff line number Diff line Loading @@ -24,12 +24,12 @@ "id": "XXXXXX", "secret": "XXXXXX", "version": "v3.0", "callback": "/auth/social/facebook_token.php" "callback": "/auth/social/facebook/token" }, "LinkedIn": { "id": "XXXXXX", "secret": "XXXXXX", "callback": "/auth/social/linkedin_token.php" "callback": "/auth/social/linkedin/token" }, "X.509": {}, "LocalIdP": { Loading include/front-controller.php +1 −1 Original line number Diff line number Diff line Loading @@ -220,7 +220,7 @@ Flight::route('/auth/eduGAIN', function() { session_start(); global $locator; $shibbolethLogin = new \RAP\ShibbolethLogin($locator); $shibbolethLogin->login(); Flight::redirect($shibbolethLogin->login()); }); Flight::route('/auth/x509', function() { Loading Loading
classes/login/FacebookLogin.php +1 −1 Original line number Diff line number Diff line Loading @@ -23,7 +23,7 @@ class FacebookLogin extends LoginHandler { $permissions = ['email']; // Optional permissions: we need user email $loginUrl = $helper->getLoginUrl($Facebook->callback, $permissions); $loginUrl = $helper->getLoginUrl($this->locator->getBasePath() . $Facebook->callback, $permissions); return $loginUrl; } Loading
classes/login/LinkedInLogin.php +40 −10 Original line number Diff line number Diff line Loading @@ -5,7 +5,7 @@ namespace RAP; class LinkedInLogin extends LoginHandler { public function __construct(Locator $locator) { parent::__construct($locator, Identity::FACEBOOK); parent::__construct($locator, Identity::LINKEDIN); } public function login(): string { Loading @@ -14,9 +14,9 @@ class LinkedInLogin extends LoginHandler { $url = "https://www.linkedin.com/oauth/v2/authorization?response_type=code"; $url .= "&client_id=" . $LinkedIn->id; $url .= "&redirect_uri=" . $LinkedIn->callback; $url .= "&state=789654123"; $url .= "&scope=r_basicprofile r_emailaddress"; $url .= "&redirect_uri=" . $this->locator->getBasePath() . $LinkedIn->callback; $url .= "&state=" . bin2hex(random_bytes(5)); $url .= "&scope=r_liteprofile%20r_emailaddress%20w_member_social"; return $url; } Loading @@ -33,7 +33,7 @@ class LinkedInLogin extends LoginHandler { $post_data = array( 'grant_type' => "authorization_code", 'code' => $_REQUEST['code'], 'redirect_uri' => $LinkedIn->callback, 'redirect_uri' => $this->locator->getBasePath() . $LinkedIn->callback, 'client_id' => $LinkedIn->id, 'client_secret' => $LinkedIn->secret ); Loading Loading @@ -71,6 +71,7 @@ class LinkedInLogin extends LoginHandler { //show information regarding the error $errorMessage = "Error: LinkedIn server response code: " . $info1['http_code'] . " - "; $errorMessage .= curl_error($conn1); error_log($result1); curl_close($conn1); http_response_code(500); die($errorMessage); Loading @@ -78,7 +79,7 @@ class LinkedInLogin extends LoginHandler { // Call to API $conn2 = curl_init(); curl_setopt($conn2, CURLOPT_URL, "https://api.linkedin.com/v1/people/~:(first-name,last-name,email-address,id)?format=json"); curl_setopt($conn2, CURLOPT_URL, "https://api.linkedin.com/v2/me"); curl_setopt($conn2, CURLOPT_HTTPHEADER, array( 'Authorization: Bearer ' . $access_token )); Loading @@ -99,15 +100,44 @@ class LinkedInLogin extends LoginHandler { $typedId = $data['id']; return $this->onIdentityDataReceived($typedId, function($identity) use($data) { $identity->email = $data['emailAddress']; $identity->name = $data['firstName']; $identity->surname = $data['lastName']; // Recall to API for email $conn2 = curl_init(); curl_setopt($conn2, CURLOPT_URL, "https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))"); curl_setopt($conn2, CURLOPT_HTTPHEADER, array( 'Authorization: Bearer ' . $access_token )); curl_setopt($conn2, CURLOPT_RETURNTRANSFER, true); $result = curl_exec($conn2); $info2 = curl_getinfo($conn2); if ($info2['http_code'] === 200) { $data2 = json_decode($result, TRUE); curl_close($conn2); if (isset($data['errorCode'])) { $errorMessage = $data['message']; die($errorMessage); } } else { //show information regarding the error $errorMessage = "Error: LinkedIn server response code: " . $info2['http_code'] . " - "; $errorMessage = $errorMessage . curl_error($conn2); curl_close($conn2); die($errorMessage); } return $this->onIdentityDataReceived($typedId, function($identity) use($data, $data2) { $identity->email = $data2['elements'][0]['handle~']['emailAddress']; $identity->name = $data['localizedFirstName']; $identity->surname = $data['localizedLastName']; }); } else { //show information regarding the error $errorMessage = "Error: LinkedIn server response code: " . $info2['http_code'] . " - "; $errorMessage = $errorMessage . curl_error($conn2); error_log($result); curl_close($conn2); die($errorMessage); } Loading
classes/login/ShibbolethLogin.php +13 −6 Original line number Diff line number Diff line Loading @@ -9,20 +9,27 @@ class ShibbolethLogin extends LoginHandler { } public function login() { if (isset($_SERVER['Shib-Session-ID'])) { $prefix = ''; if (isset($_SERVER['Shib-Session-ID']) || $redirect = isset($_SERVER['REDIRECT_Shib-Session-ID'])) { if (isset($_SERVER['REDIRECT_Shib-Session-ID'])) { $prefix = 'REDIRECT_'; } // Retrieving eduPersonPrincipalName (eppn) $eppn = $_SERVER['eppn']; $eppn = $_SERVER[$prefix . 'eppn']; // Search if the user is already registered into RAP using the eppn. // The persistent id should be a more appropriate identifier, however at IA2 // we need to import all INAF user into RAP, even if they will never register, // and in that case we know only their eppn. $this->onIdentityDataReceived($eppn, function($identity) use($eppn) { $identity->email = $_SERVER['mail']; $identity->name = $_SERVER['givenName']; $identity->surname = $_SERVER['sn']; return $this->onIdentityDataReceived($eppn, function($identity) use($eppn, $prefix) { $identity->email = $_SERVER[$prefix . 'mail']; $identity->name = $_SERVER[$prefix . 'givenName']; $identity->surname = $_SERVER[$prefix . 'sn']; $identity->eppn = $eppn; }); } else { Loading
config-example.json +3 −3 Original line number Diff line number Diff line Loading @@ -24,12 +24,12 @@ "id": "XXXXXX", "secret": "XXXXXX", "version": "v3.0", "callback": "/auth/social/facebook_token.php" "callback": "/auth/social/facebook/token" }, "LinkedIn": { "id": "XXXXXX", "secret": "XXXXXX", "callback": "/auth/social/linkedin_token.php" "callback": "/auth/social/linkedin/token" }, "X.509": {}, "LocalIdP": { Loading
include/front-controller.php +1 −1 Original line number Diff line number Diff line Loading @@ -220,7 +220,7 @@ Flight::route('/auth/eduGAIN', function() { session_start(); global $locator; $shibbolethLogin = new \RAP\ShibbolethLogin($locator); $shibbolethLogin->login(); Flight::redirect($shibbolethLogin->login()); }); Flight::route('/auth/x509', function() { Loading
