3 files changed, 75 insertions, 6 deletions

diff --git a/mayor-orig/mayor-base/www/include/share/auth/base.php b/mayor-orig/mayor-base/www/include/share/auth/base.php
index 8ff27f5e..b5143af5 100644
--- a/mayor-orig/mayor-base/www/include/share/auth/base.php
+++ b/mayor-orig/mayor-base/www/include/share/auth/base.php
@@ -47,8 +47,7 @@
 	    $ret = db_query($query, array('fv' => 'newSession', 'modul' => 'login', 'result' => 'idonly', 'values' => array($sessionID)), $lr);
             if (is_array($ret) && count($ret) > 0) {
 		reset($ret);
-		while ((list($key, $_policy) = each($ret)) && $toRegister) {
-                //while ((list($_policy) = m_ysql_fetch_row($r)) && $toRegister) {
+		while ((list($key, $_policy) = each($ret)) && $toRegister) { // --TODO
                     if ($_policy == $policy) $toRegister = false;
                     // mégsem kell bejegyezni, már van; és ez az. $sessionID=$sessionID
                     // else be kell jegyezni, de ezt a $sessionID-t, nem generálunk
diff --git a/mayor-orig/mayor-base/www/include/share/net/googleapi.php b/mayor-orig/mayor-base/www/include/share/net/googleapi.php
index bfe3642d..5d8e09fe 100644
--- a/mayor-orig/mayor-base/www/include/share/net/googleapi.php
+++ b/mayor-orig/mayor-base/www/include/share/net/googleapi.php
@@ -21,18 +21,35 @@ function mayorGoogleApiAuth() {
 	    $client->setRedirectUri($redirect_uri);
 	    $client->setScopes('email');
 
+
+
 	    try {
 		$payload = $client->verifyIdToken($_GET['id_token']);
 	    } catch(Exception $e) {
     		$_SESSION['alert'][] = 'info::googleapi SDK hiba: ' . $e->getMessage();
 	    }
+
 	    if (isset($payload['sub'])) { // subject
     		$_SESSION['googleapi_object'] = $payload;
     		// mayor auth start
 		$accountInformation=array();
 		$toPolicy = 'public';
 		$data = getUserByGoogleSub($payload['sub']); // subject=google user id
-		if ($data === false) {
+		if ($data === false || is_null($data)) {
+		    // allow automatic authentication through these domains:
+		    if (in_array($payload['hd'], array('kanizsay.sulinet.hu','kanizsay.edu.hu','vmg.sulinet.hu','vmg.edu.hu'))) {
+			$_REGISTER['googleSub'] = $payload['sub'];
+			$_REGISTER['googleUserCn'] = $payload['name'];
+			$_REGISTER['googleUserEmail'] = $payload['email'];
+			$registered = googleapiGrant_light($_REGISTER);
+			if ($registered===true) {
+			    $data = getUserByGoogleSub($payload['sub']); // subject=google user id
+			    if (is_array($data)) {
+				setGoogleToken($payload['sub'],$_GET['id_token']); // a verifyIdToken igazolja
+				return array('userAccount'=>$data['userAccount'],'toPolicy'=>$data['policy'],'googleUserEmail'=>$data['googleUserEmail'],'studyId'=>$data['studyId'],'googleUserCn'=>$data['googleUserCn'],'accessToken'=>$accessToken);
+			    }
+			}
+		    }
 		    $_SESSION['alert'][] = 'info:Nincs ilyen user (még) a MaYoR-ral összekötve, kérjük jelentkezz be jelszóval!';
 		} elseif (is_array($data)) {
 		    // Ha van, akkor ki az? Mert ő bemehet.
@@ -62,4 +79,57 @@ function setGoogleToken($googleSub, $id_token) {
 	$_SESSION['googleapi_id_token'] = $id_token;
 }
 
-?>
+function googleapiGrant_light($ADAT) {
+
+	require_once('include/modules/session/search/searchAccount.php');
+
+        if ($ADAT['googleSub']=='') return false;
+        if ($ADAT['googleUserEmail']=='') return false;
+
+	$searchAttrList = array('userCn', 'userAccount', 'studyId');
+
+        $attr = 'mail';
+        $pattern = $ADAT['googleUserEmail'];
+        $searchResult = searchAccount($attr, $pattern, $searchAttrList, 'private');
+
+	if ($searchResult['count']!==1) {
+	    // több ugyanolyan oktatási azonosítóval bíró user van, így nem autholjuk be
+	    return false;
+	} 
+
+	$userAccount = $searchResult[0]['userAccount'][0];
+	$studyId = $searchResult[0]['studyId'][0];
+	$policy = 'private';
+
+// version b, using naplo
+/*
+	$q = "SELECT oId FROM tanar WHERE email='%s'";
+	$v = array($ADAT['googleUserEmail']);
+        $studyId = $oktId = db_query($q,array('debug'=>false,'fv'=>'googleapiGrant_light','modul'=>'naplo_intezmeny','result'=>'value','values'=>$v));
+
+	if ($studyId=='') return false;
+
+	if ($AUTH[_POLICY]['backend'] == 'ad') $searchAttrList = array('userCn', 'userAccount', 'uidNumber', 'studyId');
+	else $searchAttrList = array('userCn', 'userAccount', 'studyId');
+
+        $attr = 'studyId';
+        $pattern = $studyId;
+        $searchResult = searchAccount($attr, $pattern, $searchAttrList, 'private');
+
+	if ($searchResult['count']!==1) {
+	    // több ugyanolyan oktatási azonosítóval bíró user van, így nem autholjuk be
+	    return false;
+	} 
+
+	$userAccount = $searchResult[0]['userAccount'][0];
+	$policy = 'private';
+*/
+        $q = "INSERT IGNORE INTO googleConnect (userAccount,policy,googleSub,googleUserCn,googleUserEmail,studyId) VALUES ('%s','%s','%s','%s','%s','%s')";
+        $v = array('userAccount'=>$userAccount,'policy'=>$policy,'googleSub'=>$ADAT['googleSub'],$ADAT['googleUserCn'],$ADAT['googleUserEmail'],$studyId);
+        $r = db_query($q,array('debug'=>false,'fv'=>'googleapiGrant','modul'=>'login','result'=>'insert','values'=>$v));
+
+	return ($r!==false) ? true : false;
+
+}
+
+?>
\ No newline at end of file
diff --git a/mayor-orig/mayor-base/www/include/share/session/base.php b/mayor-orig/mayor-base/www/include/share/session/base.php
index 337c72df..1e952518 100644
--- a/mayor-orig/mayor-base/www/include/share/session/base.php
+++ b/mayor-orig/mayor-base/www/include/share/session/base.php
@@ -86,7 +86,7 @@
 		else $return[] = $_eArr;
 	    }
 	} else $cacheable = false;
-	if (count($r)>0) return $return;
+	if (is_array($r) && count($r)>0) return $return;
 	else {
     	    $return = array();
 	    if (is_array($AUTH[$toPolicy]['categories']))
@@ -144,7 +144,7 @@
 		$backendAttrDef[$attr]['rights'] = $rights;
 	    } else $rights = $def['rights'];
 
-            if ($rights[_ACCESS_AS] != '-') $attrList[] = $attr;
+            if (defined('_ACCESS_AS') && $rights[_ACCESS_AS] != '-') $attrList[] = $attr;
 
         }
 	return array($attrList,$backendAttrDef);