adminnasl/register
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ac168868ee62bc7e9aae6340164e3e07d9240316
register/marko_unpacked/marko/cms/services/openid/OpenIdService.php
T
Admin Nasledstvo ac168868ee Initial import
2026-05-01 20:52:04 +03:00

155 lines
6.1 KiB
PHP
Raw Blame History

<?php
namespace app\services\openid;
use app\models\CmsRoles;
use app\models\UserAdminGlobal;
use app\models\UserPartner;
use app\models\UserSession;
use app\services\Auth;
class OpenIdService
{
private $client_id;
private $client_secret;
private $redirect_uri;
private $metadata_url;
private $locale_from_portal;
public function __construct()
{
$this->locale_from_portal = !empty($_GET['lg']) ? '?lg=' . $_GET['lg'] : '' ;
$this->redirect_uri = \Yii::$app->params['cms'] . '/partner-register-login/'.$this->locale_from_portal;
$this->metadata_url = \Yii::$app->params['id_server'] . '/realms/nasledstvo.bg/.well-known/openid-configuration';
$this->client_id = \Yii::$app->params['id_server_client_id'];
$this->client_secret = \Yii::$app->params['id_server_client_secret'];
}
public function authenticationServerCheckout($isAdmin = false)
{
if ($isAdmin) {
$this->redirect_uri = \Yii::$app->params['cms'] . '/admin-register-login/'.$this->locale_from_portal;
}
$metadata = $this->http($this->metadata_url);
if (!isset($_GET['code'])) {
$_SESSION['state'] = bin2hex(random_bytes(5));
$_SESSION['code_verifier'] = bin2hex(random_bytes(50));
$code_challenge = $this->base64_urlencode(hash('sha256', $_SESSION['code_verifier'], true));
$authorize_url = $metadata->authorization_endpoint . '?' . http_build_query([
'response_type' => 'code',
'client_id' => $this->client_id,
'redirect_uri' => $this->redirect_uri,
'state' => $_SESSION['state'],
'scope' => 'openid profile',
'code_challenge' => $code_challenge,
'code_challenge_method' => 'S256',
]);
header("Location: $authorize_url");
exit;
} else {
if ($_SESSION['state'] != $_GET['state']) {
die('Authorization server returned an invalid state parameter');
}
if (isset($_GET['error'])) {
die('Authorization server returned an error: ' . htmlspecialchars($_GET['error']));
}
$response = $this->http($metadata->token_endpoint, [
'grant_type' => 'authorization_code',
'code' => $_GET['code'],
'redirect_uri' => $this->redirect_uri,
'client_id' => $this->client_id,
'client_secret' => $this->client_secret,
'code_verifier' => $_SESSION['code_verifier'],
]);
if (!isset($response->access_token)) {
die('Error fetching access token');
}
$userinfo = $this->http($metadata->userinfo_endpoint, [
'access_token' => $response->access_token,
]);
if (!empty($userinfo->groups_user) && in_array('public_user', $userinfo->groups_user)) {
header('Location: ' . \Yii::$app->params['portal'] . '/bg/user/wrong-user/');
exit;
}
if(!empty($_GET['lg'])) {
setcookie('cookie_lg', $_GET['lg'], time() + (86400 * 30), "/");
} else {
if (!empty($userinfo->locale)) {
if ($userinfo->locale == 'bg' || $userinfo->locale == 'en') {
setcookie('cookie_lg', $userinfo->locale, time() + (86400 * 30), "/");
}
} else {
setcookie('cookie_lg', 'bg', time() + (86400 * 30), "/");
}
}
//echo json_encode($userinfo);
// exit;
if (empty($userinfo->sub))
die('sub is empty');
//echo json_encode($response);
//exit;
if (!empty($userinfo->sub)) {
if (!empty($userinfo->realm_access)) {
if (!empty($userinfo->realm_access->roles)) {
if (in_array('cms-partner-admin', $userinfo->realm_access->roles)) {
//exit;
if (empty($userinfo->partner_id))
die('missing parameter: partner_id');
$_SESSION['id_token_hint'] = $response->id_token;
//Login as partner user
UserSession::log('partner-admin', 2, $userinfo->sub);
UserPartner::prepareRegisterUser($userinfo, 1);
} else if (in_array('cms-partner-editor', $userinfo->realm_access->roles)) {
//exit;
if (empty($userinfo->partner_id))
die('missing parameter: partner_id');
$_SESSION['id_token_hint'] = $response->id_token;
//Login as partner user
UserSession::log('partner-editor', 2, $userinfo->sub);
UserPartner::prepareRegisterUser($userinfo, 2);
} else if (in_array('cms-super-admin', $userinfo->realm_access->roles)) {
$_SESSION['id_token_hint'] = $response->id_token;
//Login as global administrator
UserSession::log('admin', 2, $userinfo->sub);
UserAdminGlobal::prepareRegisterUser($userinfo);
} else {
require_once __DIR__ . '/access_denied_page.php';
exit;
}
}
}
}
echo 'Error: Some parameters are missing';
exit;
}
}
private function http($url, $params = false)
{
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
if ($params)
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params));
return json_decode(curl_exec($ch));
}
private function base64_urlencode($string)
{
return rtrim(strtr(base64_encode($string), '+/', '-_'), '=');
}
}
Reference in New Issue View Git Blame Copy Permalink