aboutsummaryrefslogtreecommitdiffstats
path: root/mayor-orig/mayor-base/www/include/share
diff options
context:
space:
mode:
authorM.Gergo2021-05-17 17:50:05 +0200
committerM.Gergo2021-05-17 17:50:05 +0200
commitef8b3fd973fa34b303370d5acc21744e57bca507 (patch)
tree67a42f55b0f36f024c33d8892c1112e8c5746556 /mayor-orig/mayor-base/www/include/share
parentfb24a50c54d5776468e49def08aea44c4077eb47 (diff)
downloadmayor-rev4787.tar.gz
mayor-rev4787.zip
Rev: 4787rev4787
Diffstat (limited to 'mayor-orig/mayor-base/www/include/share')
-rw-r--r--mayor-orig/mayor-base/www/include/share/auth/base.php3
-rw-r--r--mayor-orig/mayor-base/www/include/share/net/googleapi.php74
-rw-r--r--mayor-orig/mayor-base/www/include/share/session/base.php4
3 files changed, 75 insertions, 6 deletions
diff --git a/mayor-orig/mayor-base/www/include/share/auth/base.php b/mayor-orig/mayor-base/www/include/share/auth/base.php
index 8ff27f5e..b5143af5 100644
--- a/mayor-orig/mayor-base/www/include/share/auth/base.php
+++ b/mayor-orig/mayor-base/www/include/share/auth/base.php
@@ -47,8 +47,7 @@
$ret = db_query($query, array('fv' => 'newSession', 'modul' => 'login', 'result' => 'idonly', 'values' => array($sessionID)), $lr);
if (is_array($ret) && count($ret) > 0) {
reset($ret);
- while ((list($key, $_policy) = each($ret)) && $toRegister) {
- //while ((list($_policy) = m_ysql_fetch_row($r)) && $toRegister) {
+ while ((list($key, $_policy) = each($ret)) && $toRegister) { // --TODO
if ($_policy == $policy) $toRegister = false;
// mégsem kell bejegyezni, már van; és ez az. $sessionID=$sessionID
// else be kell jegyezni, de ezt a $sessionID-t, nem generálunk
diff --git a/mayor-orig/mayor-base/www/include/share/net/googleapi.php b/mayor-orig/mayor-base/www/include/share/net/googleapi.php
index bfe3642d..5d8e09fe 100644
--- a/mayor-orig/mayor-base/www/include/share/net/googleapi.php
+++ b/mayor-orig/mayor-base/www/include/share/net/googleapi.php
@@ -21,18 +21,35 @@ function mayorGoogleApiAuth() {
$client->setRedirectUri($redirect_uri);
$client->setScopes('email');
+
+
try {
$payload = $client->verifyIdToken($_GET['id_token']);
} catch(Exception $e) {
$_SESSION['alert'][] = 'info::googleapi SDK hiba: ' . $e->getMessage();
}
+
if (isset($payload['sub'])) { // subject
$_SESSION['googleapi_object'] = $payload;
// mayor auth start
$accountInformation=array();
$toPolicy = 'public';
$data = getUserByGoogleSub($payload['sub']); // subject=google user id
- if ($data === false) {
+ if ($data === false || is_null($data)) {
+ // allow automatic authentication through these domains:
+ if (in_array($payload['hd'], array('kanizsay.sulinet.hu','kanizsay.edu.hu','vmg.sulinet.hu','vmg.edu.hu'))) {
+ $_REGISTER['googleSub'] = $payload['sub'];
+ $_REGISTER['googleUserCn'] = $payload['name'];
+ $_REGISTER['googleUserEmail'] = $payload['email'];
+ $registered = googleapiGrant_light($_REGISTER);
+ if ($registered===true) {
+ $data = getUserByGoogleSub($payload['sub']); // subject=google user id
+ if (is_array($data)) {
+ setGoogleToken($payload['sub'],$_GET['id_token']); // a verifyIdToken igazolja
+ return array('userAccount'=>$data['userAccount'],'toPolicy'=>$data['policy'],'googleUserEmail'=>$data['googleUserEmail'],'studyId'=>$data['studyId'],'googleUserCn'=>$data['googleUserCn'],'accessToken'=>$accessToken);
+ }
+ }
+ }
$_SESSION['alert'][] = 'info:Nincs ilyen user (még) a MaYoR-ral összekötve, kérjük jelentkezz be jelszóval!';
} elseif (is_array($data)) {
// Ha van, akkor ki az? Mert ő bemehet.
@@ -62,4 +79,57 @@ function setGoogleToken($googleSub, $id_token) {
$_SESSION['googleapi_id_token'] = $id_token;
}
-?>
+function googleapiGrant_light($ADAT) {
+
+ require_once('include/modules/session/search/searchAccount.php');
+
+ if ($ADAT['googleSub']=='') return false;
+ if ($ADAT['googleUserEmail']=='') return false;
+
+ $searchAttrList = array('userCn', 'userAccount', 'studyId');
+
+ $attr = 'mail';
+ $pattern = $ADAT['googleUserEmail'];
+ $searchResult = searchAccount($attr, $pattern, $searchAttrList, 'private');
+
+ if ($searchResult['count']!==1) {
+ // több ugyanolyan oktatási azonosítóval bíró user van, így nem autholjuk be
+ return false;
+ }
+
+ $userAccount = $searchResult[0]['userAccount'][0];
+ $studyId = $searchResult[0]['studyId'][0];
+ $policy = 'private';
+
+// version b, using naplo
+/*
+ $q = "SELECT oId FROM tanar WHERE email='%s'";
+ $v = array($ADAT['googleUserEmail']);
+ $studyId = $oktId = db_query($q,array('debug'=>false,'fv'=>'googleapiGrant_light','modul'=>'naplo_intezmeny','result'=>'value','values'=>$v));
+
+ if ($studyId=='') return false;
+
+ if ($AUTH[_POLICY]['backend'] == 'ad') $searchAttrList = array('userCn', 'userAccount', 'uidNumber', 'studyId');
+ else $searchAttrList = array('userCn', 'userAccount', 'studyId');
+
+ $attr = 'studyId';
+ $pattern = $studyId;
+ $searchResult = searchAccount($attr, $pattern, $searchAttrList, 'private');
+
+ if ($searchResult['count']!==1) {
+ // több ugyanolyan oktatási azonosítóval bíró user van, így nem autholjuk be
+ return false;
+ }
+
+ $userAccount = $searchResult[0]['userAccount'][0];
+ $policy = 'private';
+*/
+ $q = "INSERT IGNORE INTO googleConnect (userAccount,policy,googleSub,googleUserCn,googleUserEmail,studyId) VALUES ('%s','%s','%s','%s','%s','%s')";
+ $v = array('userAccount'=>$userAccount,'policy'=>$policy,'googleSub'=>$ADAT['googleSub'],$ADAT['googleUserCn'],$ADAT['googleUserEmail'],$studyId);
+ $r = db_query($q,array('debug'=>false,'fv'=>'googleapiGrant','modul'=>'login','result'=>'insert','values'=>$v));
+
+ return ($r!==false) ? true : false;
+
+}
+
+?> \ No newline at end of file
diff --git a/mayor-orig/mayor-base/www/include/share/session/base.php b/mayor-orig/mayor-base/www/include/share/session/base.php
index 337c72df..1e952518 100644
--- a/mayor-orig/mayor-base/www/include/share/session/base.php
+++ b/mayor-orig/mayor-base/www/include/share/session/base.php
@@ -86,7 +86,7 @@
else $return[] = $_eArr;
}
} else $cacheable = false;
- if (count($r)>0) return $return;
+ if (is_array($r) && count($r)>0) return $return;
else {
$return = array();
if (is_array($AUTH[$toPolicy]['categories']))
@@ -144,7 +144,7 @@
$backendAttrDef[$attr]['rights'] = $rights;
} else $rights = $def['rights'];
- if ($rights[_ACCESS_AS] != '-') $attrList[] = $attr;
+ if (defined('_ACCESS_AS') && $rights[_ACCESS_AS] != '-') $attrList[] = $attr;
}
return array($attrList,$backendAttrDef);