Commit 49b4b93d authored by Aster's avatar Aster Committed by waltermazza
Browse files

General Bug Fixes and Improvements

parent d1ca7edd
{
"name": "arter/amos-social-auth",
"description": "Social Auth",
"keywords": [
"amos",
"auth",
"social",
"yii2"
],
"keywords": ["amos", "auth", "social", "yii2"],
"homepage": "https://bitbucket.org/arter/amos-social-auth",
"type": "component",
"require": {
"php": ">=5.4.0",
"arter/amos-admin": "^2.0.18",
"arter/amos-core": "^1.9.52",
"arter/amos-attachments": "^1.0",
"arter/amos-admin":"^2.0.18",
"arter/amos-core":"^1.9.52",
"arter/amos-attachments":"^1.0",
"hybridauth/hybridauth": "~2.9",
"google/apiclient": "^2.0"
"google/apiclient": "^2.0",
"yiisoft/yii2-authclient": "^2.1.0",
"conquer/oauth2": "*"
},
"autoload": {
"psr-4": {
......
......@@ -4,7 +4,7 @@
* EROI - Emilia Romagna Open Innovation is based on:
* https://www.open2.0.regione.lombardia.it
*
* @see https://repo.art-er.it Developers' community
* @see http://example.com Developers'community
* @license GPLv3
* @license https://opensource.org/licenses/gpl-3.0.html GNU General Public License version 3
*
......@@ -16,11 +16,14 @@
namespace arter\amos\socialauth;
use arter\amos\admin\AmosAdmin;
use arter\amos\admin\models\UserProfile;
use arter\amos\core\module\AmosModule;
use arter\amos\socialauth\controllers\ShibbolethController;
use arter\amos\socialauth\models\SocialAuthServices;
use arter\amos\socialauth\utility\SocialAuthUtility;
use Yii;
use yii\base\BootstrapInterface;
use yii\base\Event;
use yii\helpers\ArrayHelper;
/**
......@@ -46,6 +49,11 @@ class Module extends AmosModule implements BootstrapInterface
*/
public $enableSpid = false;
public $shibbolethConfig = [
'buttonLabel' => '#fullsize_login_spid_text',
'buttonDescription' => '#fullsize_login_spid_text_right'
];
/**
* @var $enableLogin bool Is Social Account Link Enabled?
*/
......@@ -95,6 +103,16 @@ class Module extends AmosModule implements BootstrapInterface
*/
public $enableSpidMultiUsersSameCF = false;
/**
* @var bool $shibbolethAutoLogin if true on shibboleth controller make automatic login
*/
public $shibbolethAutoLogin = false;
/**
* @var bool $shibbolethAutoRegistration if true on shibboleth controller make automatic registration
*/
public $shibbolethAutoRegistration = false;
/**
* @inheritdoc
*/
......@@ -108,6 +126,17 @@ class Module extends AmosModule implements BootstrapInterface
\Yii::configure($this, ArrayHelper::merge($config, $this));
}
/**
* @inheritdoc
*/
public static function getInstance() {
if(Yii::$app->session->has('socialAuthInstance')) {
return Yii::$app->getModule(Yii::$app->session->get('socialAuthInstance'));
}
return parent::getInstance();
}
/**
* @return array
*/
......@@ -276,6 +305,8 @@ class Module extends AmosModule implements BootstrapInterface
//Init a new shibboleth controller to link user
$shibbolethController = new ShibbolethController('shibboleth', $this);
Event::on(AmosAdmin::instance()->model('UserProfile'), UserProfile::EVENT_AFTER_INSERT, ['arter\amos\socialauth\utility\SocialAuthUtility', 'createIdmUser']);
//Get Session IDM datas (copy of headers)
$sessionIDM = \Yii::$app->session->get('IDM');
......
......@@ -4,11 +4,11 @@
* EROI - Emilia Romagna Open Innovation is based on:
* https://www.open2.0.regione.lombardia.it
*
* @see https://repo.art-er.it Developers' community
* @see http://example.com Developers'community
* @license GPLv3
* @license https://opensource.org/licenses/gpl-3.0.html GNU General Public License version 3
*
* @package arter\amos\socialauth\components
* @package arter\amos\socialauth
* @category CategoryName
* @author Elite Division S.r.l.
*/
......
......@@ -4,11 +4,11 @@
* EROI - Emilia Romagna Open Innovation is based on:
* https://www.open2.0.regione.lombardia.it
*
* @see https://repo.art-er.it Developers' community
* @see http://example.com Developers'community
* @license GPLv3
* @license https://opensource.org/licenses/gpl-3.0.html GNU General Public License version 3
*
* @package arter\amos\socialauth\components
* @package arter\amos\socialauth
* @category CategoryName
* @author Elite Division S.r.l.
*/
......
......@@ -4,7 +4,7 @@
* EROI - Emilia Romagna Open Innovation is based on:
* https://www.open2.0.regione.lombardia.it
*
* @see https://repo.art-er.it Developers' community
* @see http://example.com Developers'community
* @license GPLv3
* @license https://opensource.org/licenses/gpl-3.0.html GNU General Public License version 3
*
......
......@@ -4,11 +4,11 @@
* EROI - Emilia Romagna Open Innovation is based on:
* https://www.open2.0.regione.lombardia.it
*
* @see https://repo.art-er.it Developers' community
* @see http://example.com Developers'community
* @license GPLv3
* @license https://opensource.org/licenses/gpl-3.0.html GNU General Public License version 3
*
* @package arter\amos\socialauth\components
* @package arter\amos\socialauth
* @category CategoryName
* @author Elite Division S.r.l.
*/
......
......@@ -4,11 +4,11 @@
* EROI - Emilia Romagna Open Innovation is based on:
* https://www.open2.0.regione.lombardia.it
*
* @see https://repo.art-er.it Developers' community
* @see http://example.com Developers'community
* @license GPLv3
* @license https://opensource.org/licenses/gpl-3.0.html GNU General Public License version 3
*
* @package arter\amos\socialauth\components\views
* @package arter\amos\socialauth
* @category CategoryName
* @author Elite Division S.r.l.
*/
......
......@@ -4,11 +4,11 @@
* EROI - Emilia Romagna Open Innovation is based on:
* https://www.open2.0.regione.lombardia.it
*
* @see https://repo.art-er.it Developers' community
* @see http://example.com Developers'community
* @license GPLv3
* @license https://opensource.org/licenses/gpl-3.0.html GNU General Public License version 3
*
* @package arter\amos\socialauth\components\views
* @package arter\amos\socialauth
* @category CategoryName
* @author Elite Division S.r.l.
*/
......
......@@ -4,11 +4,11 @@
* EROI - Emilia Romagna Open Innovation is based on:
* https://www.open2.0.regione.lombardia.it
*
* @see https://repo.art-er.it Developers' community
* @see http://example.com Developers'community
* @license GPLv3
* @license https://opensource.org/licenses/gpl-3.0.html GNU General Public License version 3
*
* @package arter\amos\socialauth\components\views
* @package arter\amos\socialauth
* @category CategoryName
* @author Elite Division S.r.l.
*/
......
......@@ -4,11 +4,11 @@
* EROI - Emilia Romagna Open Innovation is based on:
* https://www.open2.0.regione.lombardia.it
*
* @see https://repo.art-er.it Developers' community
* @see http://example.com Developers'community
* @license GPLv3
* @license https://opensource.org/licenses/gpl-3.0.html GNU General Public License version 3
*
* @package arter\amos\socialauth\components\views
* @package arter\amos\socialauth
* @category CategoryName
* @author Elite Division S.r.l.
*/
......
......@@ -4,11 +4,11 @@
* EROI - Emilia Romagna Open Innovation is based on:
* https://www.open2.0.regione.lombardia.it
*
* @see https://repo.art-er.it Developers' community
* @see http://example.com Developers'community
* @license GPLv3
* @license https://opensource.org/licenses/gpl-3.0.html GNU General Public License version 3
*
* @package arter\amos\socialauth\config
* @package arter\amos\socialauth
* @category CategoryName
* @author Elite Division S.r.l.
*/
......
<?php
/**
* Copyright 2020 Art-ER S. Cons. P.A.
* EROI - Emilia Romagna Open Innovation is based on:
* https://www.open2.0.regione.lombardia.it
*
* @see http://example.com Developers'community
* @license GPLv3
* @license https://opensource.org/licenses/gpl-3.0.html GNU General Public License version 3
*
* @package arter\amos\socialauth
* @category CategoryName
* @author Elite Division S.r.l.
*/
namespace arter\amos\socialauth\controllers;
use conquer\oauth2\models\Client;
use arter\amos\admin\models\LoginForm;
use arter\amos\admin\models\UserProfile;
use arter\amos\core\controllers\CrudController;
use arter\amos\core\helpers\Html;
use arter\amos\core\icons\AmosIcons;
use arter\amos\socialauth\models\search\ClientSearch;
use arter\amos\socialauth\Module;
use Yii;
use yii\filters\AccessControl;
use yii\web\Response;
class Oauth2Controller extends CrudController
{
/**
* @var string $layout
*/
public $layout = 'login';
/**
* @inheritdoc
*/
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'allow' => true,
'actions' => [
'token',
'back',
'auth',
'userinfo',
'index',
],
//'roles' => ['*']
],
[
'allow' => true,
'actions' => [
'manage',
],
'roles' => ['ADMIN']
]
],
],
'oauth2Auth' => [
'class' => \conquer\oauth2\AuthorizeFilter::className(),
'only' => ['auth'],
'allowImplicit' => false
],
'tokenAuth' => [
'class' => \conquer\oauth2\TokenAuth::className(),
'only' => ['userinfo'],
],
];
}
/**
* @inheritdoc
*/
public function init()
{
$this->setModelObj(new Client());
$this->setModelSearch(new ClientSearch());
$this->setAvailableViews(
[
'grid' => [
'name' => 'grid',
'label' => Module::t(
'amosdiscussioni',
'{iconaTabella}' . Html::tag('p', Module::t('amosdiscussioni', 'Table')),
[
'iconaTabella' => AmosIcons::show('view-list-alt')
]
),
'url' => '?currentView=grid'
],
]
);
parent::init();
$this->setUpLayout();
// custom initialization code goes here
}
public function beforeAction($action)
{
if ($action->id == 'userinfo') {
Yii::$app->response->format = Response::FORMAT_JSON;
}
return parent::beforeAction($action);
}
public function actions()
{
return [
/**
* Returns an access token.
*/
'token' => [
'class' => \conquer\oauth2\TokenAction::classname(),
],
/**
* OPTIONAL
* Third party oauth providers also can be used.
*/
'back' => [
'class' => \yii\authclient\AuthAction::className(),
'successCallback' => [$this, 'successCallback'],
],
];
}
public function actionManage($layout = null)
{
$this->setUpLayout('list');
//se il layout di default non dovesse andar bene si può aggiuntere il layout desiderato
//in questo modo nel controller "return parent::actionIndex($this->layout);"
if ($layout) {
$this->setUpLayout($layout);
}
return $this->render(
'index',
[
'dataProvider' => $this->getDataProvider(),
'model' => $this->getModelSearch(),
'currentView' => $this->getCurrentView(),
'availableViews' => $this->getAvailableViews(),
'url' => ($this->url) ? $this->url : null,
'parametro' => ($this->parametro) ? $this->parametro : null
]
);
}
/**
* Display login form, signup or something else.
* AuthClients such as Google also may be used
*/
public function actionAuth()
{
$model = new LoginForm();
if (Yii::$app->request->isPost && $model->load(\Yii::$app->request->post()) && $model->login()) {
if ($this->isOauthRequest) {
$this->finishAuthorization();
} else {
return $this->goBack();
}
} else {
return $this->render(
'login',
[
'model' => $model,
]
);
}
}
public function actionUserinfo($access_token)
{
$userProfile = UserProfile::findOne(Yii::$app->user->id);
return [
'sub' => $userProfile->id,
'given_name' => $userProfile->user->username,
'family_name' => $userProfile->cognome,
'name' => $userProfile->nome,
'picture' => $userProfile ? $userProfile->getAvatarWebUrl() : null,
'profile' => '',
'gender' => $userProfile->sesso,
'locale' => $userProfile->language,
'email' => $userProfile->user->email
];
}
}
......@@ -4,26 +4,28 @@
* EROI - Emilia Romagna Open Innovation is based on:
* https://www.open2.0.regione.lombardia.it
*
* @see https://repo.art-er.it Developers' community
* @see http://example.com Developers'community
* @license GPLv3
* @license https://opensource.org/licenses/gpl-3.0.html GNU General Public License version 3
*
* @package arter\amos\socialauth\controllers
* @package arter\amos\socialauth
* @category CategoryName
* @author Elite Division S.r.l.
*/
namespace arter\amos\socialauth\controllers;
use arter\amos\admin\AmosAdmin;
use arter\amos\admin\models\UserProfile;
use arter\amos\core\controllers\BackendController;
use arter\amos\core\user\User;
use arter\amos\socialauth\models\SocialIdmUser;
use arter\amos\socialauth\Module;
use arter\amos\socialauth\utility\SocialAuthUtility;
use http\Exception\RuntimeException;
use yii\filters\AccessControl;
use Yii;
use yii\base\Action;
use yii\filters\AccessControl;
use yii\helpers\Url;
/**
* Class ShibbolethController
......@@ -31,6 +33,8 @@ use Yii;
*/
class ShibbolethController extends BackendController
{
const LOGGED_WITH_SPID_SESSION_ID = 'logged_with_spid_user_id';
/**
* @var string $layout
*/
......@@ -56,6 +60,7 @@ class ShibbolethController extends BackendController
'endpoint',
'mobile',
'sign-up',
'set-module-instance',
],
//'roles' => ['*']
]
......@@ -101,7 +106,7 @@ class ShibbolethController extends BackendController
{
$result = $this->tryIdmLink(false, true, false);
if(is_array($result) && isset($result['status'])) {
if (is_array($result) && isset($result['status'])) {
$user = \arter\amos\mobile\bridge\modules\v1\models\User::findOne(Yii::$app->user->id);
$user->refreshAccessToken('', '');
......@@ -119,21 +124,39 @@ class ShibbolethController extends BackendController
public function tryIdmLink($confirmLink = false, $render = true, $redirect = true)
{
$procedure = $this->procedure($confirmLink, $render);
$adminModule = AmosAdmin::getInstance();
$urlRedirectPersonalized = \Yii::$app->session->get('redirect_url_spid');
if (!empty($urlRedirectPersonalized)) {
$redirect = true;
\Yii::$app->session->remove('redirect_url_spid');
}
if (!is_array($procedure)) {
if (!empty($urlRedirectPersonalized)) {
return $this->redirect($urlRedirectPersonalized);
}
return $procedure;
}
if($redirect) {
if ($redirect) {
switch ($procedure['status']) {
case 'success':
case 'rl':
case 'fc':
case 'ND':
case 'override':
case 'conf':
{
return $this->redirect(['/', 'done' => $procedure['status']]);
};
if (!empty($urlRedirectPersonalized)) {
return $this->redirect($urlRedirectPersonalized);
}
Yii::debug("Login Status for {$procedure['user_id']} : {$procedure['status']}");
return $this->goHome(); }
break;
case 'disabled':
\Yii::$app->session->set(self::LOGGED_WITH_SPID_SESSION_ID, $procedure['user_id']);
return $this->redirect(['/Shibboleth.sso/Logout', 'return' => Url::to('/'.$adminModule->id.'/login-info-request/activate-user?id=' . $procedure['user_id'], true)]);
break;
}
} else {
......@@ -148,16 +171,23 @@ class ShibbolethController extends BackendController
//Find for existing relation
$relation = SocialIdmUser::findOne(['numeroMatricola' => $userDatas['matricola']]);
//pr($relation->toArray());die;
//Find by other attributes
$usersByCF = UserProfile::find()->andWhere(['codice_fiscale' => $userDatas['codiceFiscale']])->all();
$countUsersByCF = count($usersByCF);
$usersByCF = [];
$countUsersByCF = 0;
if ($userDatas['codiceFiscale']) {
$usersByCF = UserProfile::find()->andWhere(['codice_fiscale' => $userDatas['codiceFiscale']])->all();
$countUsersByCF = count($usersByCF);
}
/** @var UserProfile|null $existsByFC */
$existsByFC = (($countUsersByCF == 1) ? reset($usersByCF) : null);
$existsByEmail = User::findOne(['email' => $userDatas['emailAddress']]);
/** @var Module $socialAuthModule */
$socialAuthModule = Module::instance();
$adminModule = AmosAdmin::getInstance();
//Get timeout for app login
$loginTimeout = \Yii::$app->params['loginTimeout'] ?: 3600;
......@@ -169,9 +199,13 @@ class ShibbolethController extends BackendController
if (in_array($post['user_by_fiscal_code'], $usersByCFUserIds)) {
$user = User::findOne($post['user_by_fiscal_code']);
if (!is_null($user)) {
//Store IDM user
$this->createIdmUser($userDatas, $user->id);
$signIn = \Yii::$app->user->login($user, $loginTimeout);
if ($signIn === true) {
$this->updateFiscalCode($userDatas);
SocialAuthUtility::updateFiscalCode(\Yii::$app->user->id, $userDatas['codiceFiscale']);
return ['status' => 'fc'];
//return $this->redirect(['/', 'done' => 'fc']);
......@@ -191,6 +225,13 @@ class ShibbolethController extends BackendController
'usersByCF' => $usersByCF
]);
} elseif ($relation && $relation->id && \Yii::$app->user->isGuest) {
if ($this->isUserDisabled($relation->user_id)) {
return ['status' => 'disabled', 'user_id' => $relation->user_id];
}
//pr($relation->user_id);die;
//Store IDM user
$this->createIdmUser($userDatas, $relation->user_id);
//Se l'utente è già collegato logga in automatico
$signIn = \Yii::$app->user->login($relation->user, $loginTimeout);
......@@ -200,10 +241,14 @@ class ShibbolethController extends BackendController
return ['status' => 'rl'];
//return $this->redirect(['/', 'done' => 'rl']);
} elseif ($existsByFC && $existsByFC->id && \Yii::$app->user->isGuest) {
$signIn = \Yii::$app->user->login($existsByFC->user, $loginTimeout);
if ($this->isUserDisabled($existsByFC->user_id)) {
return ['status' => 'disabled', 'user_id' => $existsByFC->user_id];
}
//Store IDM user
$this->createIdmUser($userDatas);
$this->createIdmUser($userDatas, $existsByFC->user_id);
$signIn = \Yii::$app->user->login($existsByFC->user, $loginTimeout);
return ['status' => 'fc'];
//return $this->redirect(['/', 'done' => 'fc']);
......@@ -211,6 +256,11 @@ class ShibbolethController extends BackendController
//User logged and idm exists, go to home, case not allowed
//return $this->redirect(['/', 'error' => 'overload']);
} elseif ($existsByEmail && $existsByEmail->id && \Yii::$app->user->isGuest && !$confirmLink && $render) {
// AUTOMATIC LOGIN & AUTOMATIC REGISTRATION
if ($socialAuthModule->shibbolethAutoLogin) {
return $this->redirect(['/socialauth/shibboleth/endpoint', 'confirm' => true]);
}
//Form to confirm identity and log-in
return $this->render('log-in', [
'userDatas' => $userDatas,
......@@ -218,15 +268,24 @@ class ShibbolethController extends BackendController