git://git.iain.cx/iain / readifood.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: eeeda82)
Support Auth0. 2018-06-21
authorIain Patterson <me@iain.cx>
Thu, 21 Jun 2018 21:19:08 +0000 (17:19 -0400)
committerIain Patterson <me@iain.cx>
Thu, 21 Jun 2018 21:22:17 +0000 (17:22 -0400)
Set AUTH0_AUDIENCE, AUTH0_CALLBACK_URL, AUTH0_CLIENT_ID,
AUTH0_CLIENT_SECRET, AUTH0_DOMAIN and AUTH0_LOGOUT_CALLBACK_URL in .env
under the document root.

Auth0 takes care of setting up sessions.  To use memcache, set MEMCACHED
to a comma-separated list of memcache endpoints.

composer.json patch | blob | history
lib/auth0.php [new file with mode: 0644] patch | blob
lib/footer.php patch | blob | history
lib/functions.php patch | blob | history
lib/header.php patch | blob | history
lib/session.php patch | blob | history
www/index.php patch | blob | history
www/login.php [changed from symlink to file mode: 0644] patch | blob | history
www/logout.php [new file with mode: 0644] patch | blob

diff --git a/composer.json b/composer.json
index 8a13e95..bdd515f 100644 (file)
--- a/composer.json
+++ b/composer.json
@@ -2,6 +2,8 @@
   "name": "readifood/readifood",
   "description": "Readifood",
   "require": {
-    "propel/propel1": "1.6.9"
+    "auth0/auth0-php": "~5.0",
+    "propel/propel1": "1.6.9",
+    "vlucas/phpdotenv": "2.4.0"
   }
 }
diff --git a/lib/auth0.php b/lib/auth0.php
new file mode 100644 (file)
index 0000000..96412f2
--- /dev/null
+++ b/lib/auth0.php
@@ -0,0 +1,33 @@
+<?php
+
+  use Auth0\SDK\Auth0;
+
+  $dotenv = new Dotenv\Dotenv($root);
+  $dotenv->load();
+
+  $AUTH0_AUDIENCE = getenv('AUTH0_AUDIENCE');
+  $AUTH0_CALLBACK_URL = getenv('AUTH0_CALLBACK_URL');
+  $AUTH0_CLIENT_ID = getenv('AUTH0_CLIENT_ID');
+  $AUTH0_CLIENT_SECRET = getenv('AUTH0_CLIENT_SECRET');
+  $AUTH0_DOMAIN = getenv('AUTH0_DOMAIN');
+  $AUTH0_LOGOUT_CALLBACK_URL = getenv('AUTH0_LOGOUT_CALLBACK_URL');
+
+  if (getenv("MEMCACHED")) {
+    ini_set("session.save_handler", "memcached");
+    ini_set("session.save_path", getenv("MEMCACHED"));
+  }
+
+  $auth0 = new Auth0([
+    'domain' => $AUTH0_DOMAIN,
+    'client_id' => $AUTH0_CLIENT_ID,
+    'client_secret' => $AUTH0_CLIENT_SECRET,
+    'redirect_uri' => $AUTH0_CALLBACK_URL,
+    'audience' => $AUTH0_AUDIENCE,
+    'scope' => 'openid profile',
+    'persist_id_token' => true,
+    'persist_access_token' => true,
+    'persist_refresh_token' => true,
+    'state_handler' => false
+  ]);
+
+?>
diff --git a/lib/footer.php b/lib/footer.php
index da9130d..3ccf4a8 100644 (file)
--- a/lib/footer.php
+++ b/lib/footer.php
@@ -2,4 +2,3 @@
 <div id="popup"></div>
 </body>
 </html>
-<?php session_write_close(); ?>
diff --git a/lib/functions.php b/lib/functions.php
index 7f937dd..eda4153 100644 (file)
--- a/lib/functions.php
+++ b/lib/functions.php
@@ -659,6 +659,7 @@
   }
 
   include_once(join(DIRECTORY_SEPARATOR, array($lib_root, "admin.php")));
+  include_once(join(DIRECTORY_SEPARATOR, array($lib_root, "auth0.php")));
   include_once(join(DIRECTORY_SEPARATOR, array($lib_root, "forms.php")));
 
 ?>
diff --git a/lib/header.php b/lib/header.php
index 1451a04..928b741 100644 (file)
--- a/lib/header.php
+++ b/lib/header.php
@@ -30,7 +30,7 @@
 <a href="/report">Reports</a>
 
 <strong class="small"><em><?php echo $username; ?></em>@<?php echo $charity; ?></strong>
-<a href="/logout" class="smaller">logout</a>
+<a href="/logout.php" class="smaller">logout</a>
 <?php } else echo "<strong>$charity</strong>"; ?>
 </p>
 
diff --git a/lib/session.php b/lib/session.php
index da4e986..f0178cf 100644 (file)
--- a/lib/session.php
+++ b/lib/session.php
@@ -17,6 +17,4 @@
     $_SESSION[$key] = $value;
   }
 
-  session_start();
-
 ?>
diff --git a/www/index.php b/www/index.php
index f8434a9..d88b321 100644 (file)
--- a/www/index.php
+++ b/www/index.php
@@ -30,27 +30,35 @@
   #echo "request: $request; module: $module; params: " . print_r($parameters, true);
 
   $http = (isset($_SERVER['HTTPS'])) ? "https" : "http";
-  $username = $_SERVER['REMOTE_USER'];
   include_once(join(DIRECTORY_SEPARATOR, array($lib_root, "constants.php")));
   include_once(join(DIRECTORY_SEPARATOR, array($lib_root, "functions.php")));
   include_once(join(DIRECTORY_SEPARATOR, array($lib_root, "session.php")));
+
+  $auth0_user = $auth0->getUser();
+  if (isset($auth0_user)) $username = $auth0_user["sub"];
+  else $username = null;
+
   include_once(join(DIRECTORY_SEPARATOR, array($lib_root, "header.php")));
-  $q = new UserQuery;
-  $user = $q->findOneByUsername($username);
-  if (! $q->count()) {
-    echo "<h1 class=\"printonly\">$charity</h1>\n";
-    echo "<h1>Not logged in!</h1>\n";
-    if ($_SERVER['REMOTE_USER']) echo "<p>User <em>" . $_SERVER['REMOTE_USER'] . "</em> needs an entry in the user table.</p>\n";
-  }
-  else {
-    $user_id = $user->getContactId();
-    $admin_level = $user->getAdmin();
-    if ($module) {
-      echo "<h3 class=\"printonly\">$charity $module</h3>\n";
-      include_once(join(DIRECTORY_SEPARATOR, array($lib_root, "$module.php")));
+
+  if ($username) {
+    $q = new UserQuery;
+    $user = $q->findOneByUsername($username);
+    if (! $q->count()) {
+      echo "<h1 class=\"printonly\">$charity</h1>\n";
+      echo "<h1>Not logged in!</h1>\n";
+      echo "<p>User <em>$username</em> needs an entry in the user table.</p>\n";
     }
+    else {
+      $user_id = $user->getContactId();
+      $admin_level = $user->getAdmin();
+      if ($module) {
+        echo "<h3 class=\"printonly\">$charity $module</h3>\n";
+        include_once(join(DIRECTORY_SEPARATOR, array($lib_root, "$module.php")));
+      }
 
-    #else include_once(join(DIRECTORY_SEPARATOR, array($lib_root, "menu.php")));
-   }
+      #else include_once(join(DIRECTORY_SEPARATOR, array($lib_root, "menu.php")));
+    }
+  }
+  else $auth0->login();
   include_once(join(DIRECTORY_SEPARATOR, array($lib_root, "footer.php")));
 ?>
diff --git a/www/login.php b/www/login.php
deleted file mode 120000 (symlink)
index 0012f7d2344777b9c670a71722eb0930093ce57f..0000000000000000000000000000000000000000
--- a/www/login.php
+++ /dev/null
@@ -1 +0,0 @@
-index.php
\ No newline at end of file
diff --git a/www/login.php b/www/login.php
new file mode 100644 (file)
index 0000000000000000000000000000000000000000..a9f9d22802021ce2673a84450a7bee5020e5e102
--- /dev/null
+++ b/www/login.php
@@ -0,0 +1,18 @@
+<?php
+
+  $root = join(DIRECTORY_SEPARATOR, array($_SERVER['DOCUMENT_ROOT'], ".."));
+  $lib_root = join(DIRECTORY_SEPARATOR, array($root, "lib"));
+  require_once(join(DIRECTORY_SEPARATOR, array($root, "vendor", "autoload.php")));
+  include_once(join(DIRECTORY_SEPARATOR, array($lib_root, "auth0.php")));
+
+  if (isset($_GET['code'])) {
+    try {
+      $auth0->getUser();
+      header("Location: https://" . $_SERVER['HTTP_HOST'] . "/");
+      exit;
+    }
+    catch (\Exception $e) {
+    }
+  }
+
+?>
diff --git a/www/logout.php b/www/logout.php
new file mode 100644 (file)
index 0000000..3a4ebf4
--- /dev/null
+++ b/www/logout.php
@@ -0,0 +1,14 @@
+<?php
+
+  $root = join(DIRECTORY_SEPARATOR, array($_SERVER['DOCUMENT_ROOT'], ".."));
+  $lib_root = join(DIRECTORY_SEPARATOR, array($root, "lib"));
+  require_once(join(DIRECTORY_SEPARATOR, array($root, "vendor", "autoload.php")));
+  include_once(join(DIRECTORY_SEPARATOR, array($lib_root, "auth0.php")));
+
+  $auth0->logout();
+  session_destroy();
+
+  $url = sprintf("https://%s/v2/logout?client_id=%s&returnTo=%s", $AUTH0_DOMAIN, $AUTH0_CLIENT_ID, $AUTH0_LOGOUT_CALLBACK_URL);
+  header('Location: ' . $url);
+
+?>
Order tracking for Readifood charity.