Skip to content
Snippets Groups Projects
Commit 92183733 authored by Jaime Pérez's avatar Jaime Pérez
Browse files

Reformat for full compliance to our coding standards.

parent 923ad7d5
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
modules/authwindowslive/lib/Auth/Source/LiveID.php
+ 52
32
View file @ 92183733
...@@ -4,9 +4,11 @@ ...@@ -4,9 +4,11 @@
* Authenticate using LiveID. * Authenticate using LiveID.
* *
* @author Brook Schofield, TERENA. * @author Brook Schofield, TERENA.
* @author Guy Halse, TENET.
* @package SimpleSAMLphp * @package SimpleSAMLphp
*/ */
class sspmod_authwindowslive_Auth_Source_LiveID extends SimpleSAML_Auth_Source { class sspmod_authwindowslive_Auth_Source_LiveID extends SimpleSAML_Auth_Source
{
/** /**
* The string used to identify our states. * The string used to identify our states.
...@@ -27,8 +29,11 @@ class sspmod_authwindowslive_Auth_Source_LiveID extends SimpleSAML_Auth_Source { ...@@ -27,8 +29,11 @@ class sspmod_authwindowslive_Auth_Source_LiveID extends SimpleSAML_Auth_Source {
* *
* @param array $info Information about this authentication source. * @param array $info Information about this authentication source.
* @param array $config Configuration. * @param array $config Configuration.
*
* @throws Exception In case of misconfiguration.
*/ */
public function __construct($info, $config) { public function __construct($info, $config)
{
assert('is_array($info)'); assert('is_array($info)');
assert('is_array($config)'); assert('is_array($config)');
...@@ -54,18 +59,20 @@ class sspmod_authwindowslive_Auth_Source_LiveID extends SimpleSAML_Auth_Source { ...@@ -54,18 +59,20 @@ class sspmod_authwindowslive_Auth_Source_LiveID extends SimpleSAML_Auth_Source {
* *
* @param array &$state Information about the current authentication. * @param array &$state Information about the current authentication.
*/ */
public function authenticate(&$state) { public function authenticate(&$state)
{
assert('is_array($state)'); assert('is_array($state)');
// We are going to need the authId in order to retrieve this authentication source later // we are going to need the authId in order to retrieve this authentication source later
$state[self::AUTHID] = $this->authId; $state[self::AUTHID] = $this->authId;
$stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT); $stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
SimpleSAML\Logger::debug('authwindowslive auth state id = ' . $stateID); SimpleSAML\Logger::debug('authwindowslive auth state id = ' . $stateID);
// Authenticate the user // authenticate the user
// Documentation at: https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-protocols-oauth-code/ // documentation at:
// https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-protocols-oauth-code/
$authorizeURL = 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize' $authorizeURL = 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize'
. '?client_id=' . $this->key . '?client_id=' . $this->key
. '&response_type=code' . '&response_type=code'
...@@ -79,14 +86,20 @@ class sspmod_authwindowslive_Auth_Source_LiveID extends SimpleSAML_Auth_Source { ...@@ -79,14 +86,20 @@ class sspmod_authwindowslive_Auth_Source_LiveID extends SimpleSAML_Auth_Source {
} }
/**
* @param $state
*
* @throws Exception
*/
public function finalStep(&$state)
{
SimpleSAML\Logger::debug(
"authwindowslive oauth: Using this verification code [".$state['authwindowslive:verification_code']."]"
);
public function finalStep(&$state) { // retrieve Access Token
// documentation at:
SimpleSAML\Logger::debug("authwindowslive oauth: Using this verification code [" . // https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-protocols-oauth-code/#request-an-access-token
$state['authwindowslive:verification_code'] . "]");
// Retrieve Access Token
// Documentation at: https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-protocols-oauth-code/#request-an-access-token
$postData = 'client_id=' . urlencode($this->key) $postData = 'client_id=' . urlencode($this->key)
. '&client_secret=' . urlencode($this->secret) . '&client_secret=' . urlencode($this->secret)
. '&scope=' . urlencode('https://graph.microsoft.com/user.read') . '&scope=' . urlencode('https://graph.microsoft.com/user.read')
...@@ -104,39 +117,46 @@ class sspmod_authwindowslive_Auth_Source_LiveID extends SimpleSAML_Auth_Source { ...@@ -104,39 +117,46 @@ class sspmod_authwindowslive_Auth_Source_LiveID extends SimpleSAML_Auth_Source {
$result = \SimpleSAML\Utils\HTTP::fetch('https://login.microsoftonline.com/common/oauth2/v2.0/token', $context); $result = \SimpleSAML\Utils\HTTP::fetch('https://login.microsoftonline.com/common/oauth2/v2.0/token', $context);
$response = json_decode($result,true); $response = json_decode($result, true);
// error checking of $response to make sure we can proceed // error checking of $response to make sure we can proceed
if (!array_key_exists('access_token',$response)) { if (!array_key_exists('access_token', $response)) {
throw new Exception('[' . $response['error'] . '] ' . $response['error_description'] . throw new Exception(
"\r\nNo access_token returned - cannot proceed\r\n" . implode(', ', $response['error_codes'])); '['.$response['error'].'] '.$response['error_description'].
"\r\nNo access_token returned - cannot proceed\r\n" . implode(', ', $response['error_codes'])
);
} }
SimpleSAML\Logger::debug("authwindowslive: Got an access token from the OAuth service provider [" . SimpleSAML\Logger::debug(
$response['access_token'] . "]"); "authwindowslive: Got an access token from the OAuth service provider [".$response['access_token']."]"
);
// Documentation at: http://graph.microsoft.io/en-us/docs/overview/call_api
$opts = array('http' => array('header' => "Accept: application/json\r\nAuthorization: Bearer " .
$response['access_token'] . "\r\n"));
$data = \SimpleSAML\Utils\HTTP::fetch('https://graph.microsoft.com/v1.0/me',$opts);
$userdata = json_decode($data, TRUE);
// This is the simplest case // documentation at: http://graph.microsoft.io/en-us/docs/overview/call_api
if(!array_key_exists('@odata.context',$userdata) || array_key_exists('error',$userdata)) { $opts = array('http' => array('header' => "Accept: application/json\r\nAuthorization: Bearer ".
throw new Exception('Unable to retrieve userdata from Microsoft Graph [' . $userdata['error']['code'] . '] ' . $userdata['error']['message']); $response['access_token']."\r\n"));
$data = \SimpleSAML\Utils\HTTP::fetch('https://graph.microsoft.com/v1.0/me', $opts);
$userdata = json_decode($data, true);
// this is the simplest case
if (!array_key_exists('@odata.context', $userdata) || array_key_exists('error', $userdata)) {
throw new Exception(
'Unable to retrieve userdata from Microsoft Graph ['.$userdata['error']['code'].'] '.
$userdata['error']['message']
);
} }
$attributes = array(); $attributes = array();
$attributes['windowslive_targetedID'] = array('https://graph.microsoft.com!' . (!empty($userdata['id']) ? $userdata['id'] : 'unknown')); $attributes['windowslive_targetedID'] = array(
foreach($userdata as $key => $value) { 'https://graph.microsoft.com!'.(!empty($userdata['id']) ? $userdata['id'] : 'unknown')
);
foreach ($userdata as $key => $value) {
if (is_string($value)) { if (is_string($value)) {
$attributes['windowslive.' . $key] = array((string)$value); $attributes['windowslive.' . $key] = array((string)$value);
} }
} }
SimpleSAML\Logger::debug('LiveID Returned Attributes: '. implode(", ",array_keys($attributes))); SimpleSAML\Logger::debug('LiveID Returned Attributes: '. implode(", ", array_keys($attributes)));
$state['Attributes'] = $attributes; $state['Attributes'] = $attributes;
} }
} }
modules/authwindowslive/www/linkback.php
+ 6
9
View file @ 92183733
...@@ -11,14 +11,12 @@ $state = SimpleSAML_Auth_State::loadState($_REQUEST['state'], sspmod_authwindows ...@@ -11,14 +11,12 @@ $state = SimpleSAML_Auth_State::loadState($_REQUEST['state'], sspmod_authwindows
// http://msdn.microsoft.com/en-us/library/ff749771.aspx // http://msdn.microsoft.com/en-us/library/ff749771.aspx
if (array_key_exists('code', $_REQUEST)) { if (array_key_exists('code', $_REQUEST)) {
// good
// Good
$state['authwindowslive:verification_code'] = $_REQUEST['code']; $state['authwindowslive:verification_code'] = $_REQUEST['code'];
if (array_key_exists('exp', $_REQUEST)) { if (array_key_exists('exp', $_REQUEST)) {
$state['authwindowslive:exp'] = $_REQUEST['exp']; $state['authwindowslive:exp'] = $_REQUEST['exp'];
} }
} else { } else {
// In the OAuth WRAP service, error_reason = 'user_denied' means user chose // In the OAuth WRAP service, error_reason = 'user_denied' means user chose
// not to login with LiveID. It isn't clear that this is still true in the // not to login with LiveID. It isn't clear that this is still true in the
...@@ -30,20 +28,19 @@ if (array_key_exists('code', $_REQUEST)) { ...@@ -30,20 +28,19 @@ if (array_key_exists('code', $_REQUEST)) {
SimpleSAML_Auth_State::throwException($state, $e); SimpleSAML_Auth_State::throwException($state, $e);
} }
// Error // error
throw new Exception('Authentication failed: [' . $_REQUEST['error'] . '] ' . $_REQUEST['error_description']); throw new Exception('Authentication failed: ['.$_REQUEST['error'].'] '.$_REQUEST['error_description']);
} }
// Find authentication source // find authentication source
assert('array_key_exists(sspmod_authwindowslive_Auth_Source_LiveID::AUTHID, $state)'); assert('array_key_exists(sspmod_authwindowslive_Auth_Source_LiveID::AUTHID, $state)');
$sourceId = $state[sspmod_authwindowslive_Auth_Source_LiveID::AUTHID]; $sourceId = $state[sspmod_authwindowslive_Auth_Source_LiveID::AUTHID];
$source = SimpleSAML_Auth_Source::getById($sourceId); $source = SimpleSAML_Auth_Source::getById($sourceId);
if ($source === NULL) { if ($source === null) {
throw new Exception('Could not find authentication source with id ' . $sourceId); throw new Exception('Could not find authentication source with id '.$sourceId);
} }
$source->finalStep($state); $source->finalStep($state);
SimpleSAML_Auth_Source::completeAuth($state); SimpleSAML_Auth_Source::completeAuth($state);
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment