From ef8b3fd973fa34b303370d5acc21744e57bca507 Mon Sep 17 00:00:00 2001 From: M.Gergo Date: Mon, 17 May 2021 17:50:05 +0200 Subject: Rev: 4787 --- .../mayor-base/www/include/share/auth/base.php | 3 +- .../mayor-base/www/include/share/net/googleapi.php | 74 +++++++++++++++++++++- .../mayor-base/www/include/share/session/base.php | 4 +- 3 files changed, 75 insertions(+), 6 deletions(-) (limited to 'mayor-orig/mayor-base/www/include/share') diff --git a/mayor-orig/mayor-base/www/include/share/auth/base.php b/mayor-orig/mayor-base/www/include/share/auth/base.php index 8ff27f5e..b5143af5 100644 --- a/mayor-orig/mayor-base/www/include/share/auth/base.php +++ b/mayor-orig/mayor-base/www/include/share/auth/base.php @@ -47,8 +47,7 @@ $ret = db_query($query, array('fv' => 'newSession', 'modul' => 'login', 'result' => 'idonly', 'values' => array($sessionID)), $lr); if (is_array($ret) && count($ret) > 0) { reset($ret); - while ((list($key, $_policy) = each($ret)) && $toRegister) { - //while ((list($_policy) = m_ysql_fetch_row($r)) && $toRegister) { + while ((list($key, $_policy) = each($ret)) && $toRegister) { // --TODO if ($_policy == $policy) $toRegister = false; // mégsem kell bejegyezni, már van; és ez az. $sessionID=$sessionID // else be kell jegyezni, de ezt a $sessionID-t, nem generálunk diff --git a/mayor-orig/mayor-base/www/include/share/net/googleapi.php b/mayor-orig/mayor-base/www/include/share/net/googleapi.php index bfe3642d..5d8e09fe 100644 --- a/mayor-orig/mayor-base/www/include/share/net/googleapi.php +++ b/mayor-orig/mayor-base/www/include/share/net/googleapi.php @@ -21,18 +21,35 @@ function mayorGoogleApiAuth() { $client->setRedirectUri($redirect_uri); $client->setScopes('email'); + + try { $payload = $client->verifyIdToken($_GET['id_token']); } catch(Exception $e) { $_SESSION['alert'][] = 'info::googleapi SDK hiba: ' . $e->getMessage(); } + if (isset($payload['sub'])) { // subject $_SESSION['googleapi_object'] = $payload; // mayor auth start $accountInformation=array(); $toPolicy = 'public'; $data = getUserByGoogleSub($payload['sub']); // subject=google user id - if ($data === false) { + if ($data === false || is_null($data)) { + // allow automatic authentication through these domains: + if (in_array($payload['hd'], array('kanizsay.sulinet.hu','kanizsay.edu.hu','vmg.sulinet.hu','vmg.edu.hu'))) { + $_REGISTER['googleSub'] = $payload['sub']; + $_REGISTER['googleUserCn'] = $payload['name']; + $_REGISTER['googleUserEmail'] = $payload['email']; + $registered = googleapiGrant_light($_REGISTER); + if ($registered===true) { + $data = getUserByGoogleSub($payload['sub']); // subject=google user id + if (is_array($data)) { + setGoogleToken($payload['sub'],$_GET['id_token']); // a verifyIdToken igazolja + return array('userAccount'=>$data['userAccount'],'toPolicy'=>$data['policy'],'googleUserEmail'=>$data['googleUserEmail'],'studyId'=>$data['studyId'],'googleUserCn'=>$data['googleUserCn'],'accessToken'=>$accessToken); + } + } + } $_SESSION['alert'][] = 'info:Nincs ilyen user (még) a MaYoR-ral összekötve, kérjük jelentkezz be jelszóval!'; } elseif (is_array($data)) { // Ha van, akkor ki az? Mert ő bemehet. @@ -62,4 +79,57 @@ function setGoogleToken($googleSub, $id_token) { $_SESSION['googleapi_id_token'] = $id_token; } -?> +function googleapiGrant_light($ADAT) { + + require_once('include/modules/session/search/searchAccount.php'); + + if ($ADAT['googleSub']=='') return false; + if ($ADAT['googleUserEmail']=='') return false; + + $searchAttrList = array('userCn', 'userAccount', 'studyId'); + + $attr = 'mail'; + $pattern = $ADAT['googleUserEmail']; + $searchResult = searchAccount($attr, $pattern, $searchAttrList, 'private'); + + if ($searchResult['count']!==1) { + // több ugyanolyan oktatási azonosítóval bíró user van, így nem autholjuk be + return false; + } + + $userAccount = $searchResult[0]['userAccount'][0]; + $studyId = $searchResult[0]['studyId'][0]; + $policy = 'private'; + +// version b, using naplo +/* + $q = "SELECT oId FROM tanar WHERE email='%s'"; + $v = array($ADAT['googleUserEmail']); + $studyId = $oktId = db_query($q,array('debug'=>false,'fv'=>'googleapiGrant_light','modul'=>'naplo_intezmeny','result'=>'value','values'=>$v)); + + if ($studyId=='') return false; + + if ($AUTH[_POLICY]['backend'] == 'ad') $searchAttrList = array('userCn', 'userAccount', 'uidNumber', 'studyId'); + else $searchAttrList = array('userCn', 'userAccount', 'studyId'); + + $attr = 'studyId'; + $pattern = $studyId; + $searchResult = searchAccount($attr, $pattern, $searchAttrList, 'private'); + + if ($searchResult['count']!==1) { + // több ugyanolyan oktatási azonosítóval bíró user van, így nem autholjuk be + return false; + } + + $userAccount = $searchResult[0]['userAccount'][0]; + $policy = 'private'; +*/ + $q = "INSERT IGNORE INTO googleConnect (userAccount,policy,googleSub,googleUserCn,googleUserEmail,studyId) VALUES ('%s','%s','%s','%s','%s','%s')"; + $v = array('userAccount'=>$userAccount,'policy'=>$policy,'googleSub'=>$ADAT['googleSub'],$ADAT['googleUserCn'],$ADAT['googleUserEmail'],$studyId); + $r = db_query($q,array('debug'=>false,'fv'=>'googleapiGrant','modul'=>'login','result'=>'insert','values'=>$v)); + + return ($r!==false) ? true : false; + +} + +?> \ No newline at end of file diff --git a/mayor-orig/mayor-base/www/include/share/session/base.php b/mayor-orig/mayor-base/www/include/share/session/base.php index 337c72df..1e952518 100644 --- a/mayor-orig/mayor-base/www/include/share/session/base.php +++ b/mayor-orig/mayor-base/www/include/share/session/base.php @@ -86,7 +86,7 @@ else $return[] = $_eArr; } } else $cacheable = false; - if (count($r)>0) return $return; + if (is_array($r) && count($r)>0) return $return; else { $return = array(); if (is_array($AUTH[$toPolicy]['categories'])) @@ -144,7 +144,7 @@ $backendAttrDef[$attr]['rights'] = $rights; } else $rights = $def['rights']; - if ($rights[_ACCESS_AS] != '-') $attrList[] = $attr; + if (defined('_ACCESS_AS') && $rights[_ACCESS_AS] != '-') $attrList[] = $attr; } return array($attrList,$backendAttrDef); -- cgit v1.2.3