File modules/cms/action/login/LoginOidcAction.class.php

Last commit: Sun Dec 4 16:40:34 2022 +0100	Jan Dankert	Refactoring without changes.


     1 <?php
     2 namespace cms\action\login;
     3 use cms\action\LoginAction;
     4 use cms\action\Method;
     5 use cms\action\RequestParams;
     6 use cms\base\Configuration;
     7 use cms\base\Startup;
     8 use cms\model\User;
     9 use Exception;
    10 use openid_connect\OpenIDConnectClient;
    11 use util\Request;
    12 use util\Session;
    13 
    14 /**
    15  * Authentication via OpenID-Connect.
    16  */
    17 class LoginOidcAction extends LoginAction implements Method {
    18 
    19 
    20     public function view() {
    21 
    22     	if   ( $providerName = $this->request->getAlphanum('id') )
    23 			Session::set(Session::KEY_OIDC_PROVIDER,$providerName);
    24 		else
    25 			$providerName = Session::get( Session::KEY_OIDC_PROVIDER);
    26 
    27 
    28     	$providerConfig = Configuration::subset(['security','oidc','provider',$providerName]);
    29 
    30     	$oidc = new OpenIDConnectClient();
    31     	$oidc->setProviderURL ( $providerConfig->get('url'          ));
    32     	$oidc->setIssuer      ( $providerConfig->get('url'          ));
    33     	$oidc->setClientID    ( $providerConfig->get('client_id'    ));
    34     	$oidc->setClientSecret( $providerConfig->get('client_secret'));
    35 
    36     	try {
    37 			$oidc->authenticate();
    38 			$subjectIdentifier = $oidc->requestUserInfo('sub');
    39 
    40 			$user = User::loadWithName( $subjectIdentifier,User::AUTH_TYPE_OIDC,$providerName );
    41 
    42 			if   ( ! $user ) {
    43 				// User does not exist already
    44 				// Maybe we are able to add the user
    45 
    46 				// Check, if system is readonly
    47 				if ( Startup::readonly() ) {
    48 					throw new \LogicException('Cannot add authenticated user to database, because the system is readonly');
    49 				}
    50 
    51 				// Check, if auto-adding users is enabled
    52 				if (! Configuration::subset(['security', 'newuser'])->is('autoadd', true)) {
    53 					throw new \LogicException('Cannot add authenticated user to database, because auto adding is disabled.');
    54 				}
    55 
    56 				// Create the user
    57 				$user = new User();
    58 				$user->name   = $subjectIdentifier;
    59 				$user->type   = User::AUTH_TYPE_OIDC;
    60 				$user->issuer = $providerName;
    61 				$user->persist();
    62 
    63 			}
    64 
    65 			Request::setUser( $user );
    66 
    67 		} catch( Exception $e) {
    68     		throw new \RuntimeException('OpenId-Connect authentication failed',0,$e);
    69 		}
    70 
    71 		// Redirect to the UI, because the login process succeeded.
    72     	$this->addHeader( 'Location','./');
    73     }
    74 
    75 }



Download modules/cms/action/login/LoginOidcAction.class.php


History
Sun, 4 Dec 2022 16:40:34 +0100	Jan Dankert	Refactoring without changes.
Fri, 15 Apr 2022 14:51:22 +0200	dankert	Refactoring: User,Config and Database info is now stored in the Request, because so there is no session required for clients which are using Basic Authorization.
Wed, 9 Mar 2022 13:28:52 +0100	dankert	Refactoring: Checkbox values are always sent to the server. In the actions we must test the value with 'isTrue()'
Sun, 13 Feb 2022 23:35:26 +0100	dankert	Refactoring: New class "Response" which stores all output information.
Fri, 26 Feb 2021 01:06:01 +0100	Jan Dankert	Refactoring accessing the request parameter values.
Sun, 29 Nov 2020 21:46:57 +0100	Jan Dankert	Auth modules should only use the Auth::STATUS_* constants as return value.
Thu, 19 Nov 2020 16:07:35 +0100	Jan Dankert	Fix: Import missing classes.
Wed, 18 Nov 2020 01:46:36 +0100	Jan Dankert	Refactoring of model classes: New method persist() and some other cleanups.
Tue, 17 Nov 2020 23:51:00 +0100	Jan Dankert	Refactoring: Every Actionmethod has now its own class.