vppa support

classes/class-PMSSO-Client.php

@@ -511,6 +511,10 @@ public function get_latest_pbs_userinfo($access_token = '') {
     	$userinfo = $response['profile'];
       // append the VPPA status
       $userinfo = $this->derive_and_append_vppa_status($userinfo);
+	  $vppa_redirect = $this->get_vppa_redirect($access_token);
+	  if (!empty($vppa_redirect)) {
+		$userinfo['vppa_redirect'] = $vppa_redirect;
+	  }
       return $userinfo;
     } else {
       $response['curlinfo'] = $info;
@@ -520,6 +524,38 @@ public function get_latest_pbs_userinfo($access_token = '') {
   }
 
 
+  public function get_vppa_redirect($access_token = '') {
+
+    // either returns false or, if needed, a vppa redirect that will allow the visitor to confirm their VPPA status
+    $url = 'https://profile.services.pbs.org/v2/login_resolve/';
+    $customheaders = array('Application-Id: ' . $this->app_id, 'Authorization: Bearer ' . $access_token);
+    $postfields = array(
+      'return_uri' => $this->redirect_uri,
+	  'handle_ux' => true
+    );
+    $requestbody = http_build_query($postfields);
+    //construct the curl request
+    $ch = $this->build_curl_handle($url);
+    curl_setopt($ch, CURLOPT_POST, true);
+    curl_setopt($ch, CURLOPT_POSTFIELDS, $requestbody);
+    curl_setopt($ch, CURLOPT_HTTPHEADER, $customheaders);
+    curl_setopt($ch, CURLINFO_HEADER_OUT, true);
+  	$response_json = curl_exec($ch);
+    $info = curl_getinfo($ch);
+    $errors = curl_error($ch);
+    curl_close($ch);
+	$return = false;
+    $response = json_decode($response_json, true);
+	error_log("login_resolve response: " . $response_json);
+	if (isset($response['show_vppa_screen'])) {
+    	if (isset($response['vppa_redirect'])) {
+        	$return = $response['vppa_redirect'];
+		}
+    }
+	return $return;
+  }
+
+
   private function store_pbs_userinfo($userinfo) {
     if (isset($userinfo['pid'])){
       //  store profile info in a cookie

templates/authenticate.php

@@ -86,8 +86,10 @@
 $userinfo["membership_info"] = array("offer" => null, "status" => "Off");
 if (isset ($mvaultinfo["membership_id"])) {
   $userinfo["membership_info"] = $mvaultinfo;
-  // we may as well setup a VPPA link
-  $vppa_links = $passport->get_oauth_links(array('scope' => 'account vppa'));
+  if (!$use_pmsso) {
+	  // we may as well setup a VPPA link
+	  $vppa_links = $passport->get_oauth_links(array('scope' => 'account vppa'));
+  }
   // We will now attempt to determine what the users current login_provider is
   // mvault is fallback
   $login_provider = !empty($mvaultinfo["pbs_profile"]["login_provider"]) ? strtolower($mvaultinfo["pbs_profile"]["login_provider"]) : false; 
@@ -96,7 +98,9 @@
   }
   // what they last used on the website is better option
   $login_provider = !empty($_COOKIE['pbsoauth_loginprovider']) ? $_COOKIE['pbsoauth_loginprovider'] : $login_provider;
-  $vppa_link = $login_provider ? $vppa_links[$login_provider] : false;
+  if (!$use_pmsso) {
+	  $vppa_link = $login_provider ? $vppa_links[$login_provider] : false;
+  }
   if (empty($_COOKIE['pbsoauth_loginprovider']) && !empty($mvaultinfo["pbs_profile"]["login_provider"])) {
     setcookie('pbsoauth_loginprovider', $login_provider, strtotime("+1 hour"), "/", $_SERVER['HTTP_HOST'], true, false);
   }

templates/oauthcallback.php

@@ -19,22 +19,21 @@
 $defaults = get_option('pbs_passport_authenticate');
 
 $passport = new PBS_Passport_Authenticate(dirname(__FILE__));
+
+$use_pmsso = isset($defaults['pmsso_is_default']) ? $defaults['pmsso_is_default'] : false;
 $auth_client = false;
-// code verifier will only come from PMSSO
 $code_verifier = '';
 if (!empty($_COOKIE["pkce_code_verifier"])){
   $code_verifier = $_COOKIE["pkce_code_verifier"];
   setcookie( 'pkce_code_verifier', '', 1, '/', $_SERVER['HTTP_HOST']);
+}
+if ($use_pmsso) {
   $auth_client = $passport->get_pmsso_client();
 } else {
   $auth_client = $passport->get_laas_client();
 }
 
 
-// log any current session out
-$auth_client->logout();
-
-
 $login_referrer = !empty($defaults['landing_page_url']) ? $defaults['landing_page_url'] : site_url();
 if (!empty($_COOKIE["pbsoauth_login_referrer"])){
   $login_referrer = $_COOKIE["pbsoauth_login_referrer"];
@@ -74,8 +73,16 @@
 
 $errors = array();
 if (isset($_GET["code"])){
-  $code = $_GET["code"];
-  $userinfo = $auth_client->authenticate($code, $rememberme, $nonce, $code_verifier);
+	// log any current session out
+  	$auth_client->logout();
+  	$code = $_GET["code"];
+  	$userinfo = $auth_client->authenticate($code, $rememberme, $nonce, $code_verifier);
+} else {
+    if ($use_pmsso) {
+        $userinfo = $auth_client->check_pmsso_login();
+    } else {
+        $userinfo = $auth_client->check_pbs_login();
+    }
 }
 
 // now we either have userinfo or null.

templates/userinfo.php

@@ -120,8 +120,13 @@
 
 /* Valid member needs VPPA */
 elseif ( $userinfo['vppa_status'] != 'valid' && $userinfo['membership_info']['status'] == "On") {
-  wp_redirect(site_url('pbsoauth/vppa'));
-  exit;
+	if (!$use_pmsso) {
+		wp_redirect(site_url('pbsoauth/vppa'));
+		exit;
+	} else if (isset($userinfo['vppa_redirect']))}
+		wp_redirect($userinfo['vppa_redirect']);
+		exit;
+	}
 }
 
 /* expired member */