-
Notifications
You must be signed in to change notification settings - Fork 163
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
oauth: Introduce external authentication with Google+
- Loading branch information
Jared Hancock
committed
Apr 29, 2014
1 parent
a7e3a08
commit e17c89f
Showing
4 changed files
with
233 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| <?php | ||
|
|
||
| require_once(INCLUDE_DIR.'class.plugin.php'); | ||
| require_once('config.php'); | ||
|
|
||
| class OauthAuthPlugin extends Plugin { | ||
| var $config_class = "OauthPluginConfig"; | ||
|
|
||
| function bootstrap() { | ||
| $config = $this->getConfig(); | ||
|
|
||
| # ----- Google Plus --------------------- | ||
| $google = $config->get('g-enabled'); | ||
| if (in_array($google, array('all', 'staff'))) { | ||
| require_once('google.php'); | ||
| StaffAuthenticationBackend::register( | ||
| new GoogleStaffAuthBackend($this->getConfig())); | ||
| } | ||
| if (in_array($google, array('all', 'client'))) { | ||
| require_once('google.php'); | ||
| UserAuthenticationBackend::register( | ||
| new GoogleClientAuthBackend($this->getConfig())); | ||
| } | ||
| } | ||
| } | ||
|
|
||
| require_once(INCLUDE_DIR.'UniversalClassLoader.php'); | ||
| use Symfony\Component\ClassLoader\UniversalClassLoader_osTicket; | ||
| $loader = new UniversalClassLoader_osTicket(); | ||
| $loader->registerNamespaceFallbacks(array( | ||
| dirname(__file__).'/lib')); | ||
| $loader->register(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| <?php | ||
|
|
||
| require_once INCLUDE_DIR . 'class.plugin.php'; | ||
|
|
||
| class OauthPluginConfig extends PluginConfig { | ||
| function getOptions() { | ||
| $modes = new ChoiceField(array( | ||
| 'label' => 'Authenticate', | ||
| 'choices' => array( | ||
| '0' => 'Disabled', | ||
| 'staff' => 'Agents Only', | ||
| 'client' => 'Clients Only', | ||
| 'all' => 'Agents and Clients', | ||
| ), | ||
| )); | ||
| return array( | ||
| 'google' => new SectionBreakField(array( | ||
| 'label' => 'Google+ Authentication', | ||
| )), | ||
| 'g-client-id' => new TextboxField(array( | ||
| 'label' => 'Client ID', | ||
| 'configuration' => array('size'=>60, 'length'=>100), | ||
| )), | ||
| 'g-client-secret' => new TextboxField(array( | ||
| 'label' => 'Client Secret', | ||
| 'configuration' => array('size'=>60, 'length'=>100), | ||
| )), | ||
| 'g-enabled' => clone $modes, | ||
| ); | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,147 @@ | ||
| <?php | ||
|
|
||
| use ohmy\Auth2; | ||
|
|
||
| class GoogleAuth { | ||
| var $config; | ||
| var $access_token; | ||
|
|
||
| function __construct($config) { | ||
| $this->config = $config; | ||
| } | ||
|
|
||
| function triggerAuth() { | ||
| $self = $this; | ||
| return Auth2::legs(3) | ||
| ->set('id', $this->config->get('g-client-id')) | ||
| ->set('secret', $this->config->get('g-client-secret')) | ||
| ->set('redirect', 'http://' . $_SERVER['HTTP_HOST'] | ||
| . ROOT_PATH . 'api/auth/ext') | ||
| ->set('scope', 'profile email') | ||
|
|
||
| ->authorize('https://accounts.google.com/o/oauth2/auth') | ||
| ->access('https://accounts.google.com/o/oauth2/token') | ||
|
|
||
| ->finally(function($data) use ($self) { | ||
| $self->access_token = $data['access_token']; | ||
| }); | ||
| } | ||
| } | ||
|
|
||
| class GoogleStaffAuthBackend extends ExternalStaffAuthenticationBackend { | ||
| static $id = "google"; | ||
| static $name = "Google Plus"; | ||
|
|
||
| static $sign_in_image_url = "https://developers.google.com/+/images/branding/sign-in-buttons/White-signin_Long_base_44dp.png"; | ||
| static $service_name = "Google+"; | ||
|
|
||
| var $config; | ||
|
|
||
| function __construct($config) { | ||
| $this->config = $config; | ||
| $this->google = new GoogleAuth($config); | ||
| } | ||
|
|
||
| function signOn() { | ||
| // TODO: Check session for auth token | ||
| if (isset($_SESSION[':oauth']['email'])) { | ||
| if (($staff = new StaffSession($_SESSION[':oauth']['email'])) | ||
| && $staff->getId()) | ||
| return $staff; | ||
|
|
||
| else | ||
| $_SESSION['_staff']['auth']['msg'] = 'Have your administrator create a local account'; | ||
| } | ||
| } | ||
|
|
||
| static function signOut($user) { | ||
| parent::signOut($user); | ||
| unset($_SESSION[':oauth']); | ||
| } | ||
|
|
||
|
|
||
| function triggerAuth() { | ||
| parent::triggerAuth(); | ||
| $google = $this->google->triggerAuth(); | ||
| $google->GET( | ||
| "https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=" | ||
| . $this->google->access_token) | ||
| ->then(function($response) { | ||
| require_once INCLUDE_DIR . 'class.json.php'; | ||
| if ($json = JsonDataParser::decode($response->text)) | ||
| $_SESSION[':oauth']['email'] = $json['email']; | ||
| Http::redirect(ROOT_PATH . 'scp'); | ||
| } | ||
| ); | ||
| } | ||
| } | ||
|
|
||
| class GoogleClientAuthBackend extends ExternalUserAuthenticationBackend { | ||
| static $id = "google.client"; | ||
| static $name = "Google Plus"; | ||
|
|
||
| static $sign_in_image_url = "https://developers.google.com/+/images/branding/sign-in-buttons/Red-signin_Long_base_44dp.png"; | ||
| static $service_name = "Google+"; | ||
|
|
||
| function __construct($config) { | ||
| $this->config = $config; | ||
| $this->google = new GoogleAuth($config); | ||
| } | ||
|
|
||
| function supportsInteractiveAuthentication() { | ||
| return false; | ||
| } | ||
|
|
||
| function signOn() { | ||
| // TODO: Check session for auth token | ||
| if (isset($_SESSION[':oauth']['email'])) { | ||
| if (($acct = ClientAccount::lookupByUsername($_SESSION[':oauth']['email'])) | ||
| && $acct->getId() | ||
| && ($client = new ClientSession(new EndUser($acct->getUser())))) | ||
| return $client; | ||
|
|
||
| elseif (isset($_SESSION[':oauth']['profile'])) { | ||
| // TODO: Prepare ClientCreateRequest | ||
| $profile = $_SESSION[':oauth']['profile']; | ||
| $info = array( | ||
| 'email' => $_SESSION[':oauth']['email'], | ||
| 'name' => $profile['displayName'], | ||
| ); | ||
| return new ClientCreateRequest($this, $info['email'], $info); | ||
| } | ||
| } | ||
| } | ||
|
|
||
| static function signOut($user) { | ||
| parent::signOut($user); | ||
| unset($_SESSION[':oauth']); | ||
| } | ||
|
|
||
| function triggerAuth() { | ||
| require_once INCLUDE_DIR . 'class.json.php'; | ||
| parent::triggerAuth(); | ||
| $google = $this->google->triggerAuth(); | ||
| $token = $this->google->access_token; | ||
| $google->GET( | ||
| "https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=" | ||
| . $token) | ||
| ->then(function($response) use ($google, $token) { | ||
| if (!($json = JsonDataParser::decode($response->text))) | ||
| return; | ||
| $_SESSION[':oauth']['email'] = $json['email']; | ||
| $google->GET( | ||
| "https://www.googleapis.com/plus/v1/people/me?access_token=" | ||
| . $token) | ||
| ->then(function($response) { | ||
| if (!($json = JsonDataParser::decode($response->text))) | ||
| return; | ||
| $_SESSION[':oauth']['profile'] = $json; | ||
| Http::redirect(ROOT_PATH . 'login.php'); | ||
| } | ||
| ); | ||
| } | ||
| ); | ||
| } | ||
| } | ||
|
|
||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| <?php | ||
|
|
||
| return array( | ||
| 'id' => 'auth:oath2', # notrans | ||
| 'version' => '0.1', | ||
| 'name' => 'Oauth2 Authentication and Lookup', | ||
| 'author' => 'Jared Hancock', | ||
| 'description' => 'Provides a configurable authentication backend | ||
| for authenticating staff and clients using an OATH2 server | ||
| interface.', | ||
| 'url' => 'http://www.osticket.com/plugins/auth/oauth', | ||
| 'plugin' => 'authentication.php:OauthAuthPlugin', | ||
| 'requires' => array( | ||
| "ohmy/auth" => array( | ||
| "version" => "*", | ||
| "map" => array( | ||
| "ohmy/auth/src" => 'lib', | ||
| ) | ||
| ), | ||
| ), | ||
| ); | ||
|
|
||
| ?> |
e17c89fThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good day! Where can I find the intall notes of this plugin? Have you tested it with google apps accounts to SSO? thank you in advance.
e17c89fThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It was never technically released or it would be on osticket.com/download on the plugins tab.
If you want to play with it though you can down load the plugins from github by clicking the Download Zip button at: https://github.com/osTicket/core-plugins
I dont know if it works though... since its never been released in a .phar format.