cupcakearmy
/
plugin-oauth2
mirror of https://github.com/cupcakearmy/plugin-oauth2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

First commit

This commit is contained in:
Frederic Guillot 2016-12-03 22:18:47 -05:00
commit f81f83dd9e
No known key found for this signature in database
GPG Key ID: 92D77191BA7FBC99
19 changed files with 716 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
*.zip

35
.travis.yml Normal file
View File

@ -0,0 +1,35 @@
language: php
sudo: false
php:
- 7.1
- 7.0
- 5.6
- 5.5
- 5.4
- 5.3
env:
global:
- PLUGIN=OAuth2
- KANBOARD_REPO=https://github.com/kanboard/kanboard.git
matrix:
- DB=sqlite
- DB=mysql
- DB=postgres
matrix:
fast_finish: true
install:
- git clone --depth 1 $KANBOARD_REPO
- ln -s $TRAVIS_BUILD_DIR kanboard/plugins/$PLUGIN
before_script:
- cd kanboard
- phpenv config-add tests/php.ini
- composer install
- ls -la plugins/
script:
- phpunit -c tests/units.$DB.xml plugins/$PLUGIN/Test/

206
Auth/GenericOAuth2Provider.php Normal file
View File

@ -0,0 +1,206 @@
<?php
namespace Kanboard\Plugin\OAuth2\Auth;
use Kanboard\Core\Base;
use Kanboard\Core\Security\OAuthAuthenticationProviderInterface;
use Kanboard\Plugin\OAuth2\User\GenericOAuth2UserProvider;
/**
* GenericOAuth2Provider
*
* @package Kanboard\Auth
* @author Frederic Guillot
*/
class GenericOAuth2Provider extends Base implements OAuthAuthenticationProviderInterface
{
/**
* User properties
*
* @access private
* @var GenericOAuth2UserProvider
*/
private $userInfo = null;
/**
* OAuth2 instance
*
* @access protected
* @var \Kanboard\Core\Http\OAuth2
*/
protected $service;
/**
* OAuth2 code
*
* @access protected
* @var string
*/
protected $code = '';
/**
* Get authentication provider name
*
* @access public
* @return string
*/
public function getName()
{
return 'OAuth2';
}
/**
* Authenticate the user
*
* @access public
* @return boolean
*/
public function authenticate()
{
$profile = $this->getProfile();
if (! empty($profile)) {
$this->userInfo = new GenericOAuth2UserProvider($this->container, $profile);
return true;
}
return false;
}
/**
* Set Code
*
* @access public
* @param string $code
* @return $this
*/
public function setCode($code)
{
$this->code = $code;
return $this;
}
/**
* Get user object
*
* @access public
* @return GenericOAuth2UserProvider
*/
public function getUser()
{
return $this->userInfo;
}
/**
* Get configured OAuth2 service
*
* @access public
* @return \Kanboard\Core\Http\OAuth2
*/
public function getService()
{
if (empty($this->service)) {
$this->service = $this->oauth->createService(
$this->getClientId(),
$this->getClientSecret(),
$this->helper->url->to('OAuthController', 'handler', array('plugin' => 'OAuth2'), '', true),
$this->getOAuthAuthorizeUrl(),
$this->getOAuthTokenUrl(),
array()
);
}
return $this->service;
}
/**
* Get user profile
*
* @access public
* @return array
*/
public function getProfile()
{
$token = $this->getService()->getAccessToken($this->code);
if (DEBUG) {
$this->logger->debug(__METHOD__.': Got access token: '.(empty($token) ? 'No' : 'Yes'));
$this->logger->debug(__METHOD__.': Fetch user profile from '.$this->getUserAPiUrl());
}
return $this->httpClient->getJson(
$this->getUserAPiUrl(),
array($this->getService()->getAuthorizationHeader())
);
}
/**
* Unlink user
*
* @access public
* @param integer $userId
* @return bool
*/
public function unlink($userId)
{
return $this->userModel->update(array(
'id' => $userId,
'oauth2_user_id' => '',
));
}
/**
* Get client id
*
* @access public
* @return string
*/
public function getClientId()
{
return $this->configModel->get('oauth2_client_id');
}
/**
* Get client secret
*
* @access public
* @return string
*/
public function getClientSecret()
{
return $this->configModel->get('oauth2_client_secret');
}
/**
* Get authorize url
*
* @access public
* @return string
*/
public function getOAuthAuthorizeUrl()
{
return $this->configModel->get('oauth2_authorize_url');
}
/**
* Get token url
*
* @access public
* @return string
*/
public function getOAuthTokenUrl()
{
return $this->configModel->get('oauth2_token_url');
}
/**
* Get User API url
*
* @access public
* @return string
*/
public function getUserAPiUrl()
{
return $this->configModel->get('oauth2_user_api_url');
}
}

24
Controller/OAuthController.php Normal file
View File

@ -0,0 +1,24 @@
<?php
namespace Kanboard\Plugin\OAuth2\Controller;
use Kanboard\Controller\OAuthController as BaseOAuthController;
/**
* OAuth Controller
*
* @package Kanboard\Controller
* @author Frederic Guillot
*/
class OAuthController extends BaseOAuthController
{
/**
* Handle authentication
*
* @access public
*/
public function handler()
{
$this->step1('OAuth2');
}
}

21
LICENSE Normal file
View File

@ -0,0 +1,21 @@
The MIT License (MIT)
Copyright (c) 2016 Frédéric Guillot
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

3
Locale/fr_FR/translations.php Normal file
View File

@ -0,0 +1,3 @@
<?php
return array();

5
Makefile Normal file
View File

@ -0,0 +1,5 @@
plugin=OAuth2
all:
@ echo "Build archive for plugin ${plugin} version=${version}"
@ git archive HEAD --prefix=${plugin}/ --format=zip -o ${plugin}-${version}.zip

56
Plugin.php Normal file
View File

@ -0,0 +1,56 @@
<?php
namespace Kanboard\Plugin\OAuth2;
use Kanboard\Core\Plugin\Base;
use Kanboard\Core\Security\Role;
use Kanboard\Core\Translator;
use Kanboard\Plugin\OAuth2\Auth\GenericOAuth2Provider;
class Plugin extends Base
{
public function initialize()
{
$this->authenticationManager->register(new GenericOAuth2Provider($this->container));
$this->applicationAccessMap->add('OAuthController', 'handler', Role::APP_PUBLIC);
$this->route->addRoute('/oauth/callback', 'OAuthController', 'handler', 'OAuth2');
$this->template->hook->attach('template:auth:login-form:after', 'OAuth2:auth/login');
$this->template->hook->attach('template:config:integrations', 'OAuth2:config/integration');
$this->template->hook->attach('template:user:external', 'OAuth2:user/external');
$this->template->hook->attach('template:user:authentication:form', 'OAuth2:user/authentication');
$this->template->hook->attach('template:user:create-remote:form', 'OAuth2:user/create_remote');
}
public function onStartup()
{
Translator::load($this->languageModel->getCurrentLanguage(), __DIR__.'/Locale');
}
public function getPluginName()
{
return 'OAuth2';
}
public function getPluginDescription()
{
return t('Generic OAuth2 authentication plugin');
}
public function getPluginAuthor()
{
return 'Frédéric Guillot';
}
public function getPluginVersion()
{
return '1.0.0';
}
public function getPluginHomepage()
{
return 'https://github.com/kanboard/plugin-oauth2';
}
}

31
README.md Normal file
View File

@ -0,0 +1,31 @@
OAuth2 Authentication
=====================
Generic OAuth2 authentication plugin.
Author
------
- Frédéric Guillot
- License MIT
Requirements
------------
- Kanboard >= 1.0.34
Installation
------------
You have the choice between 3 methods:
1. Install the plugin from the Kanboard plugin manager in one click
2. Download the zip file and decompress everything under the directory `plugins/OAuth2`
3. Clone this repository into the folder `plugins/OAuth2`
Note: Plugin folder is case-sensitive.
Configuration
-------------
Go to the application settings > integrations > OAuth2 Authentication.

12
Schema/Mysql.php Normal file
View File

@ -0,0 +1,12 @@
<?php
namespace Kanboard\Plugin\OAuth2\Schema;
use PDO;
const VERSION = 1;
function version_1(PDO $pdo)
{
$pdo->exec('ALTER TABLE users ADD COLUMN oauth2_user_id VARCHAR(255)');
}

12
Schema/Postgres.php Normal file
View File

@ -0,0 +1,12 @@
<?php
namespace Kanboard\Plugin\OAuth2\Schema;
use PDO;
const VERSION = 1;
function version_1(PDO $pdo)
{
$pdo->exec('ALTER TABLE users ADD COLUMN oauth2_user_id VARCHAR(255)');
}

12
Schema/Sqlite.php Normal file
View File

@ -0,0 +1,12 @@
<?php
namespace Kanboard\Plugin\OAuth2\Schema;
use PDO;
const VERSION = 1;
function version_1(PDO $pdo)
{
$pdo->exec('ALTER TABLE users ADD COLUMN oauth2_user_id VARCHAR(255)');
}

6
Template/auth/login.php Normal file
View File

@ -0,0 +1,6 @@
<ul class="no-bullet">
<li>
<i class="fa fa-lock fa-fw" aria-hidden="true"></i>
<?= $this->url->link(t('OAuth2 login'), 'OAuthController', 'handler', array('plugin' => 'OAuth2')) ?>
</li>
</ul>

44
Template/config/integration.php Normal file
View File

@ -0,0 +1,44 @@
<h3><i class="fa fa-lock fa-fw" aria-hidden="true"></i><?= t('OAuth2 Authentication') ?></h3>
<div class="listing">
<?= $this->form->label(t('Callback URL'), 'oauth2_callback_url') ?>
<input type="text" class="auto-select" readonly="readonly" value="<?= $this->url->href('OAuthController', 'handler', array('plugin' => 'OAuth2'), false, '', true) ?>"/>
<?= $this->form->label(t('Client ID'), 'oauth2_client_id') ?>
<?= $this->form->password('oauth2_client_id', $values) ?>
<?= $this->form->label(t('Client Secret'), 'oauth2_client_secret') ?>
<?= $this->form->password('oauth2_client_secret', $values) ?>
<?= $this->form->label(t('Authorize URL'), 'oauth2_authorize_url') ?>
<?= $this->form->text('oauth2_authorize_url', $values) ?>
<?= $this->form->label(t('Token URL'), 'oauth2_token_url') ?>
<?= $this->form->text('oauth2_token_url', $values) ?>
<?= $this->form->label(t('User API URL'), 'oauth2_user_api_url') ?>
<?= $this->form->text('oauth2_user_api_url', $values) ?>
<?= $this->form->label(t('Username Key'), 'oauth2_key_username') ?>
<?= $this->form->text('oauth2_key_username', $values) ?>
<?= $this->form->label(t('Name Key'), 'oauth2_key_name') ?>
<?= $this->form->text('oauth2_key_name', $values) ?>
<?= $this->form->label(t('Email Key'), 'oauth2_key_email') ?>
<?= $this->form->text('oauth2_key_email', $values) ?>
<?= $this->form->label(t('User ID Key'), 'oauth2_key_user_id') ?>
<?= $this->form->text('oauth2_key_user_id', $values) ?>
<?= $this->form->hidden('oauth2_account_creation', array('oauth2_account_creation' => 0)) ?>
<?= $this->form->checkbox('oauth2_account_creation', t('Allow Account Creation'), 1, isset($values['oauth2_account_creation']) && $values['oauth2_account_creation'] == 1) ?>
<?= $this->form->label(t('Allow account creation only for those domains'), 'oauth2_email_domains') ?>
<?= $this->form->text('oauth2_email_domains', $values) ?>
<p class="form-help"><?= t('Use a comma to enter multiple domains: domain1.tld, domain2.tld') ?></p>
<div class="form-actions">
<input type="submit" value="<?= t('Save') ?>" class="btn btn-blue"/>
</div>
</div>

2
Template/user/authentication.php Normal file
View File

@ -0,0 +1,2 @@
<?= $this->form->label(t('OAuth2 ID'), 'oauth2_user_id') ?>
<?= $this->form->text('oauth2_user_id', $values, $errors) ?>

2
Template/user/create_remote.php Normal file
View File

@ -0,0 +1,2 @@
<?= $this->form->label(t('OAuth2 ID'), 'oauth2_user_id') ?>
<?= $this->form->text('oauth2_user_id', $values, $errors) ?>

13
Template/user/external.php Normal file
View File

@ -0,0 +1,13 @@
<h3><i class="fa fa-lock fa-fw" aria-hidden="true"></i><?= t('OAuth2 Account') ?></h3>
<p class="listing">
<?php if ($this->user->isCurrentUser($user['id'])): ?>
<?php if (empty($user['oauth2_user_id'])): ?>
<?= $this->url->link(t('Link OAuth2 account'), 'OAuthController', 'handler', array('plugin' => 'OAuth2'), true) ?>
<?php else: ?>
<?= $this->url->link(t('Unlink my OAuth2 account'), 'OAuthController', 'unlink', array('backend' => 'OAuth2'), true) ?>
<?php endif ?>
<?php else: ?>
<?= empty($user['oauth2_user_id']) ? t('No account linked.') : t('Account linked.') ?>
<?php endif ?>
</p>

20
Test/PluginTest.php Normal file
View File

@ -0,0 +1,20 @@
<?php
require_once 'tests/units/Base.php';
use Kanboard\Plugin\OAuth2\Plugin;
class PluginTest extends Base
{
public function testPlugin()
{
$plugin = new Plugin($this->container);
$this->assertSame(null, $plugin->initialize());
$this->assertSame(null, $plugin->onStartup());
$this->assertNotEmpty($plugin->getPluginName());
$this->assertNotEmpty($plugin->getPluginDescription());
$this->assertNotEmpty($plugin->getPluginAuthor());
$this->assertNotEmpty($plugin->getPluginVersion());
$this->assertNotEmpty($plugin->getPluginHomepage());
}
}

211
User/GenericOAuth2UserProvider.php Normal file
View File

@ -0,0 +1,211 @@
<?php
namespace Kanboard\Plugin\OAuth2\User;
use Kanboard\Core\Base;
use Kanboard\Core\User\UserProviderInterface;
use Pimple\Container;
/**
* GenericOAuth2UserProvider
*
* @package Kanboard\User
* @author Frederic Guillot
*/
class GenericOAuth2UserProvider extends Base implements UserProviderInterface
{
/**
* @var array
*/
protected $userData = array();
/**
* Constructor
*
* @access public
* @param Container $container
* @param array $user
*/
public function __construct(Container $container, array $user)
{
parent::__construct($container);
$this->userData = $user;
}
/**
* Return true to allow automatic user creation
*
* @access public
* @return boolean
*/
public function isUserCreationAllowed()
{
return $this->configModel->get('oauth2_account_creation', 0) == 1;
}
/**
* Get username
*
* @access public
* @return string
*/
public function getUsername()
{
if ($this->isUserCreationAllowed()) {
return $this->getKey('oauth2_key_username');
}
return '';
}
/**
* Get external id column name
*
* @access public
* @return string
*/
public function getExternalIdColumn()
{
return 'oauth2_user_id';
}
/**
* Get extra user attributes
*
* @access public
* @return array
*/
public function getExtraAttributes()
{
if ($this->isUserCreationAllowed()) {
return array(
'is_ldap_user' => 1,
'disable_login_form' => 1,
);
}
return array();
}
/**
* Get internal id
*
* If a value is returned the user properties won't be updated in the local database
*
* @access public
* @return integer
*/
public function getInternalId()
{
return '';
}
/**
* Get external id
*
* @access public
* @return string
*/
public function getExternalId()
{
return $this->getKey('oauth2_key_user_id');
}
/**
* Get user role
*
* Return an empty string to not override role stored in the database
*
* @access public
* @return string
*/
public function getRole()
{
return '';
}
/**
* Get user full name
*
* @access public
* @return string
*/
public function getName()
{
return $this->getKey('oauth2_key_name');
}
/**
* Get user email
*
* @access public
* @return string
*/
public function getEmail()
{
return $this->getKey('oauth2_key_email');
}
/**
* Get external group ids
*
* A synchronization is done at login time,
* the user will be member of those groups if they exists in the database
*
* @access public
* @return string[]
*/
public function getExternalGroupIds()
{
return array();
}
/**
* Return true if the account creation is allowed according to the settings
*
* @access public
* @param array $profile
* @return bool
*/
public function isAccountCreationAllowed(array $profile)
{
if ($this->isUserCreationAllowed()) {
$domains = $this->configModel->get('oauth2_email_domains');
if (! empty($domains)) {
return $this->validateDomainRestriction($profile, $domains);
}
return true;
}
return false;
}
/**
* Validate domain restriction
*
* @access private
* @param array $profile
* @param string $domains
* @return bool
*/
public function validateDomainRestriction(array $profile, $domains)
{
foreach (explode(',', $domains) as $domain) {
$domain = trim($domain);
if (strpos($profile['email'], $domain) > 0) {
return true;
}
}
return false;
}
protected function getKey($key)
{
$key = $this->configModel->get($key);
return ! empty($key) && isset($this->userData[$key]) ? $this->userData[$key] : '';
}
}