LoginOidcAction.class.php (2012B)
1 <?php 2 namespace cms\action\login; 3 use cms\action\LoginAction; 4 use cms\action\Method; 5 use cms\action\RequestParams; 6 use cms\base\Configuration; 7 use cms\base\Startup; 8 use cms\model\User; 9 use Exception; 10 use openid_connect\OpenIDConnectClient; 11 use util\Request; 12 use util\Session; 13 14 /** 15 * Authentication via OpenID-Connect. 16 */ 17 class LoginOidcAction extends LoginAction implements Method { 18 19 20 public function view() { 21 22 if ( $providerName = $this->request->getAlphanum('id') ) 23 Session::set(Session::KEY_OIDC_PROVIDER,$providerName); 24 else 25 $providerName = Session::get( Session::KEY_OIDC_PROVIDER); 26 27 28 $providerConfig = Configuration::subset(['security','oidc','provider',$providerName]); 29 30 $oidc = new OpenIDConnectClient(); 31 $oidc->setProviderURL ( $providerConfig->get('url' )); 32 $oidc->setIssuer ( $providerConfig->get('url' )); 33 $oidc->setClientID ( $providerConfig->get('client_id' )); 34 $oidc->setClientSecret( $providerConfig->get('client_secret')); 35 36 try { 37 $oidc->authenticate(); 38 $subjectIdentifier = $oidc->requestUserInfo('sub'); 39 40 $user = User::loadWithName( $subjectIdentifier,User::AUTH_TYPE_OIDC,$providerName ); 41 42 if ( ! $user ) { 43 44 if ( Startup::readonly() ) { 45 throw new \LogicException('Cannot add authenticated user to database, because the system is readonly'); 46 } 47 elseif (Configuration::subset(['security', 'newuser'])->is('autoadd', true)) { 48 49 // Create user 50 $user = new User(); 51 $user->name = $subjectIdentifier; 52 $user->type = User::AUTH_TYPE_OIDC; 53 $user->issuer = $providerName; 54 $user->persist(); 55 } 56 else { 57 throw new \LogicException('Cannot add authenticated user to database, because auto adding is disabled.'); 58 } 59 60 } 61 62 Request::setUser( $user ); 63 64 } catch( Exception $e) { 65 throw new \RuntimeException('OpenId-Connect authentication failed',0,$e); 66 } 67 68 $this->addHeader( 'Location','./'); 69 } 70 71 72 public function post() { 73 } 74 }