First commit
This commit is contained in:
commit
f81f83dd9e
|
@ -0,0 +1 @@
|
|||
*.zip
|
|
@ -0,0 +1,35 @@
|
|||
language: php
|
||||
sudo: false
|
||||
|
||||
php:
|
||||
- 7.1
|
||||
- 7.0
|
||||
- 5.6
|
||||
- 5.5
|
||||
- 5.4
|
||||
- 5.3
|
||||
|
||||
env:
|
||||
global:
|
||||
- PLUGIN=OAuth2
|
||||
- KANBOARD_REPO=https://github.com/kanboard/kanboard.git
|
||||
matrix:
|
||||
- DB=sqlite
|
||||
- DB=mysql
|
||||
- DB=postgres
|
||||
|
||||
matrix:
|
||||
fast_finish: true
|
||||
|
||||
install:
|
||||
- git clone --depth 1 $KANBOARD_REPO
|
||||
- ln -s $TRAVIS_BUILD_DIR kanboard/plugins/$PLUGIN
|
||||
|
||||
before_script:
|
||||
- cd kanboard
|
||||
- phpenv config-add tests/php.ini
|
||||
- composer install
|
||||
- ls -la plugins/
|
||||
|
||||
script:
|
||||
- phpunit -c tests/units.$DB.xml plugins/$PLUGIN/Test/
|
|
@ -0,0 +1,206 @@
|
|||
<?php
|
||||
|
||||
namespace Kanboard\Plugin\OAuth2\Auth;
|
||||
|
||||
use Kanboard\Core\Base;
|
||||
use Kanboard\Core\Security\OAuthAuthenticationProviderInterface;
|
||||
use Kanboard\Plugin\OAuth2\User\GenericOAuth2UserProvider;
|
||||
|
||||
/**
|
||||
* GenericOAuth2Provider
|
||||
*
|
||||
* @package Kanboard\Auth
|
||||
* @author Frederic Guillot
|
||||
*/
|
||||
class GenericOAuth2Provider extends Base implements OAuthAuthenticationProviderInterface
|
||||
{
|
||||
/**
|
||||
* User properties
|
||||
*
|
||||
* @access private
|
||||
* @var GenericOAuth2UserProvider
|
||||
*/
|
||||
private $userInfo = null;
|
||||
|
||||
/**
|
||||
* OAuth2 instance
|
||||
*
|
||||
* @access protected
|
||||
* @var \Kanboard\Core\Http\OAuth2
|
||||
*/
|
||||
protected $service;
|
||||
|
||||
/**
|
||||
* OAuth2 code
|
||||
*
|
||||
* @access protected
|
||||
* @var string
|
||||
*/
|
||||
protected $code = '';
|
||||
|
||||
/**
|
||||
* Get authentication provider name
|
||||
*
|
||||
* @access public
|
||||
* @return string
|
||||
*/
|
||||
public function getName()
|
||||
{
|
||||
return 'OAuth2';
|
||||
}
|
||||
|
||||
/**
|
||||
* Authenticate the user
|
||||
*
|
||||
* @access public
|
||||
* @return boolean
|
||||
*/
|
||||
public function authenticate()
|
||||
{
|
||||
$profile = $this->getProfile();
|
||||
|
||||
if (! empty($profile)) {
|
||||
$this->userInfo = new GenericOAuth2UserProvider($this->container, $profile);
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set Code
|
||||
*
|
||||
* @access public
|
||||
* @param string $code
|
||||
* @return $this
|
||||
*/
|
||||
public function setCode($code)
|
||||
{
|
||||
$this->code = $code;
|
||||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get user object
|
||||
*
|
||||
* @access public
|
||||
* @return GenericOAuth2UserProvider
|
||||
*/
|
||||
public function getUser()
|
||||
{
|
||||
return $this->userInfo;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get configured OAuth2 service
|
||||
*
|
||||
* @access public
|
||||
* @return \Kanboard\Core\Http\OAuth2
|
||||
*/
|
||||
public function getService()
|
||||
{
|
||||
if (empty($this->service)) {
|
||||
$this->service = $this->oauth->createService(
|
||||
$this->getClientId(),
|
||||
$this->getClientSecret(),
|
||||
$this->helper->url->to('OAuthController', 'handler', array('plugin' => 'OAuth2'), '', true),
|
||||
$this->getOAuthAuthorizeUrl(),
|
||||
$this->getOAuthTokenUrl(),
|
||||
array()
|
||||
);
|
||||
}
|
||||
|
||||
return $this->service;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get user profile
|
||||
*
|
||||
* @access public
|
||||
* @return array
|
||||
*/
|
||||
public function getProfile()
|
||||
{
|
||||
$token = $this->getService()->getAccessToken($this->code);
|
||||
|
||||
if (DEBUG) {
|
||||
$this->logger->debug(__METHOD__.': Got access token: '.(empty($token) ? 'No' : 'Yes'));
|
||||
$this->logger->debug(__METHOD__.': Fetch user profile from '.$this->getUserAPiUrl());
|
||||
}
|
||||
|
||||
return $this->httpClient->getJson(
|
||||
$this->getUserAPiUrl(),
|
||||
array($this->getService()->getAuthorizationHeader())
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Unlink user
|
||||
*
|
||||
* @access public
|
||||
* @param integer $userId
|
||||
* @return bool
|
||||
*/
|
||||
public function unlink($userId)
|
||||
{
|
||||
return $this->userModel->update(array(
|
||||
'id' => $userId,
|
||||
'oauth2_user_id' => '',
|
||||
));
|
||||
}
|
||||
|
||||
/**
|
||||
* Get client id
|
||||
*
|
||||
* @access public
|
||||
* @return string
|
||||
*/
|
||||
public function getClientId()
|
||||
{
|
||||
return $this->configModel->get('oauth2_client_id');
|
||||
}
|
||||
|
||||
/**
|
||||
* Get client secret
|
||||
*
|
||||
* @access public
|
||||
* @return string
|
||||
*/
|
||||
public function getClientSecret()
|
||||
{
|
||||
return $this->configModel->get('oauth2_client_secret');
|
||||
}
|
||||
|
||||
/**
|
||||
* Get authorize url
|
||||
*
|
||||
* @access public
|
||||
* @return string
|
||||
*/
|
||||
public function getOAuthAuthorizeUrl()
|
||||
{
|
||||
return $this->configModel->get('oauth2_authorize_url');
|
||||
}
|
||||
|
||||
/**
|
||||
* Get token url
|
||||
*
|
||||
* @access public
|
||||
* @return string
|
||||
*/
|
||||
public function getOAuthTokenUrl()
|
||||
{
|
||||
return $this->configModel->get('oauth2_token_url');
|
||||
}
|
||||
|
||||
/**
|
||||
* Get User API url
|
||||
*
|
||||
* @access public
|
||||
* @return string
|
||||
*/
|
||||
public function getUserAPiUrl()
|
||||
{
|
||||
return $this->configModel->get('oauth2_user_api_url');
|
||||
}
|
||||
}
|
|
@ -0,0 +1,24 @@
|
|||
<?php
|
||||
|
||||
namespace Kanboard\Plugin\OAuth2\Controller;
|
||||
|
||||
use Kanboard\Controller\OAuthController as BaseOAuthController;
|
||||
|
||||
/**
|
||||
* OAuth Controller
|
||||
*
|
||||
* @package Kanboard\Controller
|
||||
* @author Frederic Guillot
|
||||
*/
|
||||
class OAuthController extends BaseOAuthController
|
||||
{
|
||||
/**
|
||||
* Handle authentication
|
||||
*
|
||||
* @access public
|
||||
*/
|
||||
public function handler()
|
||||
{
|
||||
$this->step1('OAuth2');
|
||||
}
|
||||
}
|
|
@ -0,0 +1,21 @@
|
|||
The MIT License (MIT)
|
||||
|
||||
Copyright (c) 2016 Frédéric Guillot
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in
|
||||
all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
THE SOFTWARE.
|
|
@ -0,0 +1,3 @@
|
|||
<?php
|
||||
|
||||
return array();
|
|
@ -0,0 +1,5 @@
|
|||
plugin=OAuth2
|
||||
|
||||
all:
|
||||
@ echo "Build archive for plugin ${plugin} version=${version}"
|
||||
@ git archive HEAD --prefix=${plugin}/ --format=zip -o ${plugin}-${version}.zip
|
|
@ -0,0 +1,56 @@
|
|||
<?php
|
||||
|
||||
namespace Kanboard\Plugin\OAuth2;
|
||||
|
||||
use Kanboard\Core\Plugin\Base;
|
||||
use Kanboard\Core\Security\Role;
|
||||
use Kanboard\Core\Translator;
|
||||
use Kanboard\Plugin\OAuth2\Auth\GenericOAuth2Provider;
|
||||
|
||||
class Plugin extends Base
|
||||
{
|
||||
public function initialize()
|
||||
{
|
||||
$this->authenticationManager->register(new GenericOAuth2Provider($this->container));
|
||||
$this->applicationAccessMap->add('OAuthController', 'handler', Role::APP_PUBLIC);
|
||||
|
||||
$this->route->addRoute('/oauth/callback', 'OAuthController', 'handler', 'OAuth2');
|
||||
|
||||
$this->template->hook->attach('template:auth:login-form:after', 'OAuth2:auth/login');
|
||||
$this->template->hook->attach('template:config:integrations', 'OAuth2:config/integration');
|
||||
$this->template->hook->attach('template:user:external', 'OAuth2:user/external');
|
||||
$this->template->hook->attach('template:user:authentication:form', 'OAuth2:user/authentication');
|
||||
$this->template->hook->attach('template:user:create-remote:form', 'OAuth2:user/create_remote');
|
||||
}
|
||||
|
||||
public function onStartup()
|
||||
{
|
||||
Translator::load($this->languageModel->getCurrentLanguage(), __DIR__.'/Locale');
|
||||
}
|
||||
|
||||
public function getPluginName()
|
||||
{
|
||||
return 'OAuth2';
|
||||
}
|
||||
|
||||
public function getPluginDescription()
|
||||
{
|
||||
return t('Generic OAuth2 authentication plugin');
|
||||
}
|
||||
|
||||
public function getPluginAuthor()
|
||||
{
|
||||
return 'Frédéric Guillot';
|
||||
}
|
||||
|
||||
public function getPluginVersion()
|
||||
{
|
||||
return '1.0.0';
|
||||
}
|
||||
|
||||
public function getPluginHomepage()
|
||||
{
|
||||
return 'https://github.com/kanboard/plugin-oauth2';
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
OAuth2 Authentication
|
||||
=====================
|
||||
|
||||
Generic OAuth2 authentication plugin.
|
||||
|
||||
Author
|
||||
------
|
||||
|
||||
- Frédéric Guillot
|
||||
- License MIT
|
||||
|
||||
Requirements
|
||||
------------
|
||||
|
||||
- Kanboard >= 1.0.34
|
||||
|
||||
Installation
|
||||
------------
|
||||
|
||||
You have the choice between 3 methods:
|
||||
|
||||
1. Install the plugin from the Kanboard plugin manager in one click
|
||||
2. Download the zip file and decompress everything under the directory `plugins/OAuth2`
|
||||
3. Clone this repository into the folder `plugins/OAuth2`
|
||||
|
||||
Note: Plugin folder is case-sensitive.
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
||||
Go to the application settings > integrations > OAuth2 Authentication.
|
|
@ -0,0 +1,12 @@
|
|||
<?php
|
||||
|
||||
namespace Kanboard\Plugin\OAuth2\Schema;
|
||||
|
||||
use PDO;
|
||||
|
||||
const VERSION = 1;
|
||||
|
||||
function version_1(PDO $pdo)
|
||||
{
|
||||
$pdo->exec('ALTER TABLE users ADD COLUMN oauth2_user_id VARCHAR(255)');
|
||||
}
|
|
@ -0,0 +1,12 @@
|
|||
<?php
|
||||
|
||||
namespace Kanboard\Plugin\OAuth2\Schema;
|
||||
|
||||
use PDO;
|
||||
|
||||
const VERSION = 1;
|
||||
|
||||
function version_1(PDO $pdo)
|
||||
{
|
||||
$pdo->exec('ALTER TABLE users ADD COLUMN oauth2_user_id VARCHAR(255)');
|
||||
}
|
|
@ -0,0 +1,12 @@
|
|||
<?php
|
||||
|
||||
namespace Kanboard\Plugin\OAuth2\Schema;
|
||||
|
||||
use PDO;
|
||||
|
||||
const VERSION = 1;
|
||||
|
||||
function version_1(PDO $pdo)
|
||||
{
|
||||
$pdo->exec('ALTER TABLE users ADD COLUMN oauth2_user_id VARCHAR(255)');
|
||||
}
|
|
@ -0,0 +1,6 @@
|
|||
<ul class="no-bullet">
|
||||
<li>
|
||||
<i class="fa fa-lock fa-fw" aria-hidden="true"></i>
|
||||
<?= $this->url->link(t('OAuth2 login'), 'OAuthController', 'handler', array('plugin' => 'OAuth2')) ?>
|
||||
</li>
|
||||
</ul>
|
|
@ -0,0 +1,44 @@
|
|||
<h3><i class="fa fa-lock fa-fw" aria-hidden="true"></i><?= t('OAuth2 Authentication') ?></h3>
|
||||
<div class="listing">
|
||||
|
||||
<?= $this->form->label(t('Callback URL'), 'oauth2_callback_url') ?>
|
||||
<input type="text" class="auto-select" readonly="readonly" value="<?= $this->url->href('OAuthController', 'handler', array('plugin' => 'OAuth2'), false, '', true) ?>"/>
|
||||
|
||||
<?= $this->form->label(t('Client ID'), 'oauth2_client_id') ?>
|
||||
<?= $this->form->password('oauth2_client_id', $values) ?>
|
||||
|
||||
<?= $this->form->label(t('Client Secret'), 'oauth2_client_secret') ?>
|
||||
<?= $this->form->password('oauth2_client_secret', $values) ?>
|
||||
|
||||
<?= $this->form->label(t('Authorize URL'), 'oauth2_authorize_url') ?>
|
||||
<?= $this->form->text('oauth2_authorize_url', $values) ?>
|
||||
|
||||
<?= $this->form->label(t('Token URL'), 'oauth2_token_url') ?>
|
||||
<?= $this->form->text('oauth2_token_url', $values) ?>
|
||||
|
||||
<?= $this->form->label(t('User API URL'), 'oauth2_user_api_url') ?>
|
||||
<?= $this->form->text('oauth2_user_api_url', $values) ?>
|
||||
|
||||
<?= $this->form->label(t('Username Key'), 'oauth2_key_username') ?>
|
||||
<?= $this->form->text('oauth2_key_username', $values) ?>
|
||||
|
||||
<?= $this->form->label(t('Name Key'), 'oauth2_key_name') ?>
|
||||
<?= $this->form->text('oauth2_key_name', $values) ?>
|
||||
|
||||
<?= $this->form->label(t('Email Key'), 'oauth2_key_email') ?>
|
||||
<?= $this->form->text('oauth2_key_email', $values) ?>
|
||||
|
||||
<?= $this->form->label(t('User ID Key'), 'oauth2_key_user_id') ?>
|
||||
<?= $this->form->text('oauth2_key_user_id', $values) ?>
|
||||
|
||||
<?= $this->form->hidden('oauth2_account_creation', array('oauth2_account_creation' => 0)) ?>
|
||||
<?= $this->form->checkbox('oauth2_account_creation', t('Allow Account Creation'), 1, isset($values['oauth2_account_creation']) && $values['oauth2_account_creation'] == 1) ?>
|
||||
|
||||
<?= $this->form->label(t('Allow account creation only for those domains'), 'oauth2_email_domains') ?>
|
||||
<?= $this->form->text('oauth2_email_domains', $values) ?>
|
||||
<p class="form-help"><?= t('Use a comma to enter multiple domains: domain1.tld, domain2.tld') ?></p>
|
||||
|
||||
<div class="form-actions">
|
||||
<input type="submit" value="<?= t('Save') ?>" class="btn btn-blue"/>
|
||||
</div>
|
||||
</div>
|
|
@ -0,0 +1,2 @@
|
|||
<?= $this->form->label(t('OAuth2 ID'), 'oauth2_user_id') ?>
|
||||
<?= $this->form->text('oauth2_user_id', $values, $errors) ?>
|
|
@ -0,0 +1,2 @@
|
|||
<?= $this->form->label(t('OAuth2 ID'), 'oauth2_user_id') ?>
|
||||
<?= $this->form->text('oauth2_user_id', $values, $errors) ?>
|
|
@ -0,0 +1,13 @@
|
|||
<h3><i class="fa fa-lock fa-fw" aria-hidden="true"></i><?= t('OAuth2 Account') ?></h3>
|
||||
|
||||
<p class="listing">
|
||||
<?php if ($this->user->isCurrentUser($user['id'])): ?>
|
||||
<?php if (empty($user['oauth2_user_id'])): ?>
|
||||
<?= $this->url->link(t('Link OAuth2 account'), 'OAuthController', 'handler', array('plugin' => 'OAuth2'), true) ?>
|
||||
<?php else: ?>
|
||||
<?= $this->url->link(t('Unlink my OAuth2 account'), 'OAuthController', 'unlink', array('backend' => 'OAuth2'), true) ?>
|
||||
<?php endif ?>
|
||||
<?php else: ?>
|
||||
<?= empty($user['oauth2_user_id']) ? t('No account linked.') : t('Account linked.') ?>
|
||||
<?php endif ?>
|
||||
</p>
|
|
@ -0,0 +1,20 @@
|
|||
<?php
|
||||
|
||||
require_once 'tests/units/Base.php';
|
||||
|
||||
use Kanboard\Plugin\OAuth2\Plugin;
|
||||
|
||||
class PluginTest extends Base
|
||||
{
|
||||
public function testPlugin()
|
||||
{
|
||||
$plugin = new Plugin($this->container);
|
||||
$this->assertSame(null, $plugin->initialize());
|
||||
$this->assertSame(null, $plugin->onStartup());
|
||||
$this->assertNotEmpty($plugin->getPluginName());
|
||||
$this->assertNotEmpty($plugin->getPluginDescription());
|
||||
$this->assertNotEmpty($plugin->getPluginAuthor());
|
||||
$this->assertNotEmpty($plugin->getPluginVersion());
|
||||
$this->assertNotEmpty($plugin->getPluginHomepage());
|
||||
}
|
||||
}
|
|
@ -0,0 +1,211 @@
|
|||
<?php
|
||||
|
||||
namespace Kanboard\Plugin\OAuth2\User;
|
||||
|
||||
use Kanboard\Core\Base;
|
||||
use Kanboard\Core\User\UserProviderInterface;
|
||||
use Pimple\Container;
|
||||
|
||||
/**
|
||||
* GenericOAuth2UserProvider
|
||||
*
|
||||
* @package Kanboard\User
|
||||
* @author Frederic Guillot
|
||||
*/
|
||||
class GenericOAuth2UserProvider extends Base implements UserProviderInterface
|
||||
{
|
||||
/**
|
||||
* @var array
|
||||
*/
|
||||
protected $userData = array();
|
||||
|
||||
/**
|
||||
* Constructor
|
||||
*
|
||||
* @access public
|
||||
* @param Container $container
|
||||
* @param array $user
|
||||
*/
|
||||
public function __construct(Container $container, array $user)
|
||||
{
|
||||
parent::__construct($container);
|
||||
$this->userData = $user;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return true to allow automatic user creation
|
||||
*
|
||||
* @access public
|
||||
* @return boolean
|
||||
*/
|
||||
public function isUserCreationAllowed()
|
||||
{
|
||||
return $this->configModel->get('oauth2_account_creation', 0) == 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get username
|
||||
*
|
||||
* @access public
|
||||
* @return string
|
||||
*/
|
||||
public function getUsername()
|
||||
{
|
||||
if ($this->isUserCreationAllowed()) {
|
||||
return $this->getKey('oauth2_key_username');
|
||||
}
|
||||
|
||||
return '';
|
||||
}
|
||||
|
||||
/**
|
||||
* Get external id column name
|
||||
*
|
||||
* @access public
|
||||
* @return string
|
||||
*/
|
||||
public function getExternalIdColumn()
|
||||
{
|
||||
return 'oauth2_user_id';
|
||||
}
|
||||
|
||||
/**
|
||||
* Get extra user attributes
|
||||
*
|
||||
* @access public
|
||||
* @return array
|
||||
*/
|
||||
public function getExtraAttributes()
|
||||
{
|
||||
if ($this->isUserCreationAllowed()) {
|
||||
return array(
|
||||
'is_ldap_user' => 1,
|
||||
'disable_login_form' => 1,
|
||||
);
|
||||
}
|
||||
|
||||
return array();
|
||||
}
|
||||
|
||||
/**
|
||||
* Get internal id
|
||||
*
|
||||
* If a value is returned the user properties won't be updated in the local database
|
||||
*
|
||||
* @access public
|
||||
* @return integer
|
||||
*/
|
||||
public function getInternalId()
|
||||
{
|
||||
return '';
|
||||
}
|
||||
|
||||
/**
|
||||
* Get external id
|
||||
*
|
||||
* @access public
|
||||
* @return string
|
||||
*/
|
||||
public function getExternalId()
|
||||
{
|
||||
return $this->getKey('oauth2_key_user_id');
|
||||
}
|
||||
|
||||
/**
|
||||
* Get user role
|
||||
*
|
||||
* Return an empty string to not override role stored in the database
|
||||
*
|
||||
* @access public
|
||||
* @return string
|
||||
*/
|
||||
public function getRole()
|
||||
{
|
||||
return '';
|
||||
}
|
||||
|
||||
/**
|
||||
* Get user full name
|
||||
*
|
||||
* @access public
|
||||
* @return string
|
||||
*/
|
||||
public function getName()
|
||||
{
|
||||
return $this->getKey('oauth2_key_name');
|
||||
}
|
||||
|
||||
/**
|
||||
* Get user email
|
||||
*
|
||||
* @access public
|
||||
* @return string
|
||||
*/
|
||||
public function getEmail()
|
||||
{
|
||||
return $this->getKey('oauth2_key_email');
|
||||
}
|
||||
|
||||
/**
|
||||
* Get external group ids
|
||||
*
|
||||
* A synchronization is done at login time,
|
||||
* the user will be member of those groups if they exists in the database
|
||||
*
|
||||
* @access public
|
||||
* @return string[]
|
||||
*/
|
||||
public function getExternalGroupIds()
|
||||
{
|
||||
return array();
|
||||
}
|
||||
|
||||
/**
|
||||
* Return true if the account creation is allowed according to the settings
|
||||
*
|
||||
* @access public
|
||||
* @param array $profile
|
||||
* @return bool
|
||||
*/
|
||||
public function isAccountCreationAllowed(array $profile)
|
||||
{
|
||||
if ($this->isUserCreationAllowed()) {
|
||||
$domains = $this->configModel->get('oauth2_email_domains');
|
||||
|
||||
if (! empty($domains)) {
|
||||
return $this->validateDomainRestriction($profile, $domains);
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Validate domain restriction
|
||||
*
|
||||
* @access private
|
||||
* @param array $profile
|
||||
* @param string $domains
|
||||
* @return bool
|
||||
*/
|
||||
public function validateDomainRestriction(array $profile, $domains)
|
||||
{
|
||||
foreach (explode(',', $domains) as $domain) {
|
||||
$domain = trim($domain);
|
||||
|
||||
if (strpos($profile['email'], $domain) > 0) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
protected function getKey($key)
|
||||
{
|
||||
$key = $this->configModel->get($key);
|
||||
return ! empty($key) && isset($this->userData[$key]) ? $this->userData[$key] : '';
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue