Source of file GSuiteAuthenticator.php
Size: 3,827 Bytes - Last Modified: 2021-12-24T05:17:21+00:00
/var/www/docs.ssmods.com/process/src/code/authenticators/GSuiteAuthenticator.php
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119 | <?php /** * Created by IntelliJ IDEA. * User: dave * Date: 8/11/18 * Time: 1:59 PM */ class GSuiteAuthenticator extends Authenticator { /** * @var string */ private $domain; public function __construct() { $this->domain = Config::inst()->get('GSuiteAuthenticator', 'domain'); } /** * @return string */ public static function get_name() { return Config::inst()->get('GSuiteAuthenticator', 'name'); } /** * @param Controller $controller * @return GSuiteLoginForm */ public static function get_login_form(Controller $controller) { return GSuiteLoginForm::create($controller, "LoginForm"); } /** * Authenticate a user with Google and verify the domain matches the one * specified in config * * @param array $data * @param Form $form * @return Member */ public static function authenticate($data, Form $form = null) { $token = $data['token']; $clientId = Config::inst()->get('GSuiteAuthExtension', 'client_id'); $domain = Config::inst()->get('GSuiteAuthenticator', 'domain'); # TODO: move to separate service, make testable $client = new Google_Client([ 'client_id' => $clientId ]); $payload = $client->verifyIdToken($token); if ($payload) { if (!array_key_exists('hd', $payload) || $payload['hd'] != $domain) { $form->sessionMessage(_t('GSuiteAuthenticator.DomainError', 'Domain Error'), 'warning'); return null; } $email = $payload['email']; $firstName = $payload['given_name']; $lastName = $payload['family_name']; # Note: these may never be needed..leaving here for reference # $photo = $payload['picture']; # $emailVerified = $payload['email_verified']; # not sure what this var is for $member = Member::get() ->filter(Member::config()->unique_identifier_field, $email) ->first(); # TODO: if no member exists, create one with a default group $createNew = Config::inst()->get('GSuiteAuthenticator', 'create_new_users'); if (!$member && $createNew) { $member = self::create_member($email, $firstName, $lastName); } else { $form->sessionMessage(_t('GSuiteAuthenticator.UserError', 'User does not exist'), 'warning'); } if ($member) { $passwordLength = Config::inst()->get('GSuiteAuthenticator', 'new_password_length'); $newPassword = self::generate_password($passwordLength); $member->changePassword($newPassword); } return $member; } } private static function create_member($email, $firstName, $lastName) { $defaultGroupCode = Config::inst()->get('GSuiteAuthenticator', 'default_new_user_group'); # TODO: handle non-existing group or force a default if it doesn't exist $defaultGroup = Group::get() ->filter('Code', $defaultGroupCode) ->first(); $member = new Member(); $member->FirstName = $firstName; $member->Surname = $lastName; $member->Email = $email; $member->write(); $member->Groups()->add($defaultGroup); return $member; } private static function generate_password($length) { $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; $charactersLength = strlen($characters); $randomString = ''; for ($i = 0; $i < $length; $i++) { $randomString .= $characters[rand(0, $charactersLength - 1)]; } return $randomString; } } |