forked from UN-OCHA/hr_hid_auth
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhid_auth.module
168 lines (148 loc) · 6.22 KB
/
hid_auth.module
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
<?php
/**
* @file
* Code for the Humanitarian ID Auth Integration feature.
*/
include_once 'hid_auth.features.inc';
/**
* Implements hook_menu_alter().
*/
function hid_auth_menu_alter(&$items) {
// Disable the user registration page for all users.
$items['user/register']['access callback'] = FALSE;
}
/**
* Implements hook_user_logout().
*
* When a user logs out, redirect them to the logout page on the authentication
* server to ensure that session is destroyed.
*
* The only method to alter the redirect to the front page is to set a global
* variable that can be checked in hook_drupal_goto_alter().
*/
function hid_auth_user_logout($account) {
$GLOBALS['hid_auth_user_logout'] = 1;
}
/**
* Implements hook_drupal_goto_alter().
*
* When the hid_auth_user_logout global variable is set, redirect users
* to the authentication server's logout page.
*/
function hid_auth_drupal_goto_alter(&$path, $options, $http_response_code) {
if (!empty($GLOBALS['hid_auth_user_logout'])) {
$path = hid_auth_get_base_url() . '/logout?redirect=' . url('<front>', array('absolute' => TRUE));
}
}
/**
* Implements hook_form_FORM_ID_alter().
*
* For users with an Oauthconnector connection, disable the email field, hide
* the password fields, and add a link to the profile management page on the
* authentication server.
*/
function hid_auth_form_user_profile_form_alter(&$form, &$form_state) {
// Check if the user has a Connector module account.
$uid = !empty($form['#user']->uid) ? $form['#user']->uid : FALSE;
$authname = $uid ? db_query("SELECT authname FROM {authmap} WHERE module = 'connector' AND uid = :uid", array(':uid' => $uid))->fetchField() : FALSE;
if ($authname) {
// Make the email field readonly
$form['account']['mail']['#disabled'] = TRUE;
$form['account']['mail']['#weight'] = -4;
// Hide and disable the username field
$form['account']['name']['#type'] = 'value';
// Hide and disable password fields
$form['account']['current_pass']['#type'] = 'value';
$form['account']['pass']['#type'] = 'value';
// Add a link to the authentication server's account update page.
$form['account']['auth_link'] = array(
'#type' => 'item',
'#title' => t('Change your email address or password'),
'#markup' => t('Click !here to update your email address and password for Humanitarian ID Sign In applications.', array('!here' => l(t('here'), hid_auth_get_base_url() . '/account', array('query' => array('redirect_uri' => url(current_path(), array('absolute' => TRUE))))))),
'#weight' => -5,
);
}
}
/**
* Helper function to lookup the base URL for the Humanitarian ID auth system.
*/
function hid_auth_get_base_url() {
$connector = _connector_get_connectors('oauthconnector_hid_oauth');
return !empty($connector['oauthconnector provider']->url) ? $connector['oauthconnector provider']->url : '';
}
/**
* Helper function to lookup the Humanitarian ID auth system ID for a Drupal user.
*/
function hid_auth_get_user_id($account = NULL) {
if (empty($account)) {
global $user;
$account = $user;
}
$connectors = _connector_get_connectors();
$connections = _connector_get_user_connections($account);
// Find the connection using the "oauthconnector_hid_oauth" connector,
// and return the related cid.
foreach ($connections as $connection) {
if (array_key_exists($connection->connector, $connectors)) {
$connector = $connectors[$connection->connector];
if (!empty($connection->connector) && $connection->connector === 'oauthconnector_hid_oauth' && !empty($connection->cid)) {
return $connection->cid;
}
}
}
return FALSE;
}
/**
* Helper function to register a user with a given email address, and optional
* first and last name.
*/
function hid_auth_register_user($email, $name_first = '', $name_last = '') {
$data = array(
'email' => $email,
'nameFirst' => $name_first,
'nameLast' => $name_last,
);
$response = hid_auth_api_post('api/register', $data);
if (!empty($response->code) && $response->code == 200 && !empty($response->data)) {
$response_data = drupal_json_decode($response->data);
if (!empty($response_data['status']) && $response_data['status'] == 'ok') {
if (!empty($response_data['data']['user_id']) && isset($response_data['data']['is_new'])) {
watchdog('hid_auth', 'User %user_id registered with email %email (@nameFirst @nameLast)', array('%user_id' => $response_data['response']['data']['user_id'], '%email' => $email, '@nameFirst' => $name_first, '@nameLast' => $name_last));
return $response_data['data'];
}
}
watchdog('hid_auth', 'API error when attempting to register user with email %email (@nameFirst @nameLast)', array('%email' => $email, '@nameFirst' => $name_first, '@nameLast' => $name_last));
return FALSE;
}
else {
watchdog('hid_auth', 'API error when attempting to register user. Received: <pre>@response</pre>', array('@response' => var_dump($response)));
return FALSE;
}
}
/**
* Helper function for making a POST request to the HID Authentication API.
*/
function hid_auth_api_post($resource_path, $data = array()) {
$connector = _connector_get_connectors('oauthconnector_hid_oauth');
$base_url = !empty($connector['oauthconnector provider']->url) ? $connector['oauthconnector provider']->url : '';
$csid = !empty($connector['oauthconnector provider']->csid) ? $connector['oauthconnector provider']->csid : FALSE;
$consumer = !empty($csid) ? oauth_common_consumer_load($csid) : FALSE;
$key = !empty($consumer->key) ? $consumer->key : '';
$secret = !empty($consumer->secret) ? $consumer->secret : '';
if (empty($base_url) || empty($key) || empty($secret)) {
watchdog('contactsid_profiles', 'Attempted to make a POST request to the Contacts ID Profiles API, but the API endpoint, key, or secret is not set.');
return;
}
$values_string = NULL;
$it = new RecursiveIteratorIterator(new RecursiveArrayIterator($data));
foreach($it as $v) {
$values_string .= $v;
}
$key_hash = hash('sha256', $values_string . $secret);
$data['client_key'] = $key;
$data['access_key'] = $key_hash;
$variables = array();
$variables['data'] = $data;
$variables['endpoint'] = $base_url;
return restclient_post($resource_path, $variables);
}