1<?php
2
3use dokuwiki\plugin\oauth\Adapter;
4use dokuwiki\plugin\oauthauthsch\DotAccess;
5use dokuwiki\plugin\oauthauthsch\Generic;
6
7/**
8 * Service Implementation for oAuth Doorkeeper authentication
9 */
10class action_plugin_oauthauthsch extends Adapter
11{
12
13    /** @inheritdoc */
14    public function registerServiceClass()
15    {
16        return Generic::class;
17    }
18
19    /** * @inheritDoc */
20    public function getUser()
21    {
22        $oauth = $this->getOAuthService();
23        $data = array();
24
25        $url = 'https://auth.sch.bme.hu/api/profile/';  //$this->getConf('userurl');
26        $raw = $oauth->request($url);
27
28        if (!$raw) throw new OAuthException('Failed to fetch data from userurl');
29        $result = json_decode($raw, true);
30        if (!$result) throw new OAuthException('Failed to parse data from userurl');
31
32        $user = DotAccess::get($result, $this->getConf('authsch_username'), '');
33        $name = DotAccess::get($result, 'displayName', '');
34        $mail = DotAccess::get($result, $this->getConf('authsch_mail'), '').($this->getConf('authsch_mail')=='linkedAccounts.schacc'?'@sch.bme.hu':'');
35        // $grps = DotAccess::get($result, '', []);
36        if($this->getConf('authsch_circles')){
37            $circles2groups = json_decode($this->getConf('authsch_circles'), true);
38            $roles2groups = json_decode($this->getConf('authsch_roles'), true);
39
40            $grps = array();
41            $combine = $this->getConf('authsch_combine_circles_roles');
42            foreach($result['eduPersonEntitlement'] as $circle){
43                if(isset($circles2groups[$circle['id']])){
44                    $circle_groupname = $circles2groups[$circle['id']];
45                    if($circle['status']=='körvezető' || $circle['status']=='tag' || $circle['status']=='öregtag'){
46                        $grps[]=$circle_groupname;
47                        foreach($roles2groups as $rol => $role_groupname){
48                            if(in_array($rol,$circle['title'])){
49                                $grps[]=$role_groupname;
50                                if($combine){
51                                    $grps[]=$circle_groupname.'-'.$role_groupname;
52                                }
53                            }
54                        }
55                        print($circle['status']);
56                        if($circle['status']=='körvezető'){
57                            $role_x_groupname=$this->getConf('authsch_korvez_role');
58                        }else if($circle['status']=='öregtag'){
59                            $role_x_groupname=$this->getConf('authsch_oreg_role');
60                        }else{
61                            $role_x_groupname=$this->getConf('authsch_tag_role');
62                        }
63                        if(! in_array($role_x_groupname, $grps)){
64                            $grps[]=$role_x_groupname;
65                        }
66                        if($combine){
67                            $grps[]=$circle_groupname.'-'.$role_x_groupname;
68                        }
69                    }
70
71                }
72
73            }
74
75            if($this->getConf('authsch_allow_outside_circles')){
76                if(count($result['eduPersonEntitlement'])>0)$grps[]='user';
77            }
78            if(count($grps)==0)return null;
79        }else{
80            $grps[]='user';
81        }
82
83
84        // type fixes
85        if (is_array($user)) $user = array_shift($user);
86        if (is_array($name)) $user = array_shift($name);
87        if (is_array($mail)) $user = array_shift($mail);
88        if (!is_array($grps)) {
89            $grps = explode(',', $grps);
90            $grps = array_map('trim', $grps);
91        }
92
93        // fallbacks for user name
94        if (empty($user)) {
95            if (!empty($name)) {
96                $user = $name;
97            } elseif (!empty($mail)) {
98                list($user) = explode('@', $mail);
99            }
100        }
101
102        // fallback for full name
103        if (empty($name)) {
104            $name = $user;
105        }
106        return compact('user', 'name', 'mail', 'grps');
107    }
108
109    /** @inheritdoc */
110    public function checkToken()
111    {
112        global $INPUT;
113        $oauth = $this->getOAuthService();
114
115        /** @var Abstract2Service $oauth */
116        if (!$INPUT->get->has('code')) return false;
117        $state = $INPUT->get->str('state', null);
118        if(!$state)$state=null;
119        $accessToken = $oauth->requestAccessToken($INPUT->get->str('code'), $state);
120
121        if (
122            $accessToken->getEndOfLife() !== $accessToken::EOL_NEVER_EXPIRES &&
123            !$accessToken->getRefreshToken()) {
124            msg('Service did not provide a Refresh Token. You will be logged out when the session expires.');
125        }
126
127        return true;
128    }
129
130
131    /** @inheritdoc */
132    public function getScopes()
133    {
134        $scopes = array('basic', 'displayName');
135        if ($this->getConf('authsch_mail')=='linkedAccounts.schacc' || $this->getConf('authsch_username')=='linkedAccounts.schacc'){
136            $scopes[] = 'linkedAccounts';
137        }
138        if ($this->getConf('authsch_mail')=='mail'){
139            $scopes[] = 'mail';
140        }
141        if($this->getConf('authsch_circles')){
142            $scopes[] = 'eduPersonEntitlement';
143        }
144        return $scopes; // $this->getConf('scopes');
145    }
146
147    /** @inheritDoc */
148    public function getLabel()
149    {
150        return $this->getConf('label');
151    }
152
153    /** @inheritDoc */
154    public function getColor()
155    {
156        return $this->getConf('color');
157    }
158}
159