From ea0e53db8b5a264b6e231038815d2c350076d02a Mon Sep 17 00:00:00 2001 From: Iain Patterson Date: Thu, 21 Jun 2018 17:19:08 -0400 Subject: [PATCH] Support Auth0. Set AUTH0_AUDIENCE, AUTH0_CALLBACK_URL, AUTH0_CLIENT_ID, AUTH0_CLIENT_SECRET, AUTH0_DOMAIN and AUTH0_LOGOUT_CALLBACK_URL in .env under the document root. Auth0 takes care of setting up sessions. To use memcache, set MEMCACHED to a comma-separated list of memcache endpoints. --- composer.json | 4 +++- lib/auth0.php | 33 +++++++++++++++++++++++++++++++++ lib/footer.php | 1 - lib/functions.php | 1 + lib/header.php | 2 +- lib/session.php | 2 -- www/index.php | 40 ++++++++++++++++++++++++---------------- www/login.php | 19 ++++++++++++++++++- www/logout.php | 14 ++++++++++++++ 9 files changed, 94 insertions(+), 22 deletions(-) create mode 100644 lib/auth0.php mode change 120000 => 100644 www/login.php create mode 100644 www/logout.php diff --git a/composer.json b/composer.json index 8a13e95..bdd515f 100644 --- a/composer.json +++ b/composer.json @@ -2,6 +2,8 @@ "name": "readifood/readifood", "description": "Readifood", "require": { - "propel/propel1": "1.6.9" + "auth0/auth0-php": "~5.0", + "propel/propel1": "1.6.9", + "vlucas/phpdotenv": "2.4.0" } } diff --git a/lib/auth0.php b/lib/auth0.php new file mode 100644 index 0000000..96412f2 --- /dev/null +++ b/lib/auth0.php @@ -0,0 +1,33 @@ +load(); + + $AUTH0_AUDIENCE = getenv('AUTH0_AUDIENCE'); + $AUTH0_CALLBACK_URL = getenv('AUTH0_CALLBACK_URL'); + $AUTH0_CLIENT_ID = getenv('AUTH0_CLIENT_ID'); + $AUTH0_CLIENT_SECRET = getenv('AUTH0_CLIENT_SECRET'); + $AUTH0_DOMAIN = getenv('AUTH0_DOMAIN'); + $AUTH0_LOGOUT_CALLBACK_URL = getenv('AUTH0_LOGOUT_CALLBACK_URL'); + + if (getenv("MEMCACHED")) { + ini_set("session.save_handler", "memcached"); + ini_set("session.save_path", getenv("MEMCACHED")); + } + + $auth0 = new Auth0([ + 'domain' => $AUTH0_DOMAIN, + 'client_id' => $AUTH0_CLIENT_ID, + 'client_secret' => $AUTH0_CLIENT_SECRET, + 'redirect_uri' => $AUTH0_CALLBACK_URL, + 'audience' => $AUTH0_AUDIENCE, + 'scope' => 'openid profile', + 'persist_id_token' => true, + 'persist_access_token' => true, + 'persist_refresh_token' => true, + 'state_handler' => false + ]); + +?> diff --git a/lib/footer.php b/lib/footer.php index da9130d..3ccf4a8 100644 --- a/lib/footer.php +++ b/lib/footer.php @@ -2,4 +2,3 @@ - diff --git a/lib/functions.php b/lib/functions.php index 7f937dd..eda4153 100644 --- a/lib/functions.php +++ b/lib/functions.php @@ -659,6 +659,7 @@ } include_once(join(DIRECTORY_SEPARATOR, array($lib_root, "admin.php"))); + include_once(join(DIRECTORY_SEPARATOR, array($lib_root, "auth0.php"))); include_once(join(DIRECTORY_SEPARATOR, array($lib_root, "forms.php"))); ?> diff --git a/lib/header.php b/lib/header.php index 1451a04..928b741 100644 --- a/lib/header.php +++ b/lib/header.php @@ -30,7 +30,7 @@ Reports @ -logout +logout $charity"; ?>

diff --git a/lib/session.php b/lib/session.php index da4e986..f0178cf 100644 --- a/lib/session.php +++ b/lib/session.php @@ -17,6 +17,4 @@ $_SESSION[$key] = $value; } - session_start(); - ?> diff --git a/www/index.php b/www/index.php index f8434a9..d88b321 100644 --- a/www/index.php +++ b/www/index.php @@ -30,27 +30,35 @@ #echo "request: $request; module: $module; params: " . print_r($parameters, true); $http = (isset($_SERVER['HTTPS'])) ? "https" : "http"; - $username = $_SERVER['REMOTE_USER']; include_once(join(DIRECTORY_SEPARATOR, array($lib_root, "constants.php"))); include_once(join(DIRECTORY_SEPARATOR, array($lib_root, "functions.php"))); include_once(join(DIRECTORY_SEPARATOR, array($lib_root, "session.php"))); + + $auth0_user = $auth0->getUser(); + if (isset($auth0_user)) $username = $auth0_user["sub"]; + else $username = null; + include_once(join(DIRECTORY_SEPARATOR, array($lib_root, "header.php"))); - $q = new UserQuery; - $user = $q->findOneByUsername($username); - if (! $q->count()) { - echo "

$charity

\n"; - echo "

Not logged in!

\n"; - if ($_SERVER['REMOTE_USER']) echo "

User " . $_SERVER['REMOTE_USER'] . " needs an entry in the user table.

\n"; - } - else { - $user_id = $user->getContactId(); - $admin_level = $user->getAdmin(); - if ($module) { - echo "

$charity $module

\n"; - include_once(join(DIRECTORY_SEPARATOR, array($lib_root, "$module.php"))); + + if ($username) { + $q = new UserQuery; + $user = $q->findOneByUsername($username); + if (! $q->count()) { + echo "

$charity

\n"; + echo "

Not logged in!

\n"; + echo "

User $username needs an entry in the user table.

\n"; } + else { + $user_id = $user->getContactId(); + $admin_level = $user->getAdmin(); + if ($module) { + echo "

$charity $module

\n"; + include_once(join(DIRECTORY_SEPARATOR, array($lib_root, "$module.php"))); + } - #else include_once(join(DIRECTORY_SEPARATOR, array($lib_root, "menu.php"))); - } + #else include_once(join(DIRECTORY_SEPARATOR, array($lib_root, "menu.php"))); + } + } + else $auth0->login(); include_once(join(DIRECTORY_SEPARATOR, array($lib_root, "footer.php"))); ?> diff --git a/www/login.php b/www/login.php deleted file mode 120000 index 0012f7d..0000000 --- a/www/login.php +++ /dev/null @@ -1 +0,0 @@ -index.php \ No newline at end of file diff --git a/www/login.php b/www/login.php new file mode 100644 index 0000000..a9f9d22 --- /dev/null +++ b/www/login.php @@ -0,0 +1,18 @@ +getUser(); + header("Location: https://" . $_SERVER['HTTP_HOST'] . "/"); + exit; + } + catch (\Exception $e) { + } + } + +?> diff --git a/www/logout.php b/www/logout.php new file mode 100644 index 0000000..3a4ebf4 --- /dev/null +++ b/www/logout.php @@ -0,0 +1,14 @@ +logout(); + session_destroy(); + + $url = sprintf("https://%s/v2/logout?client_id=%s&returnTo=%s", $AUTH0_DOMAIN, $AUTH0_CLIENT_ID, $AUTH0_LOGOUT_CALLBACK_URL); + header('Location: ' . $url); + +?> -- 2.7.4