From f0c909c0de4b9a20f3bc824900d534fb23e01b9a Mon Sep 17 00:00:00 2001 From: William Tam Date: Thu, 19 Sep 2024 15:36:12 -0400 Subject: [PATCH] vppa support --- classes/class-PMSSO-Client.php | 36 ++++++++++++++++++++++++++++++++++ templates/authenticate.php | 10 +++++++--- templates/oauthcallback.php | 21 +++++++++++++------- templates/userinfo.php | 9 +++++++-- 4 files changed, 64 insertions(+), 12 deletions(-) diff --git a/classes/class-PMSSO-Client.php b/classes/class-PMSSO-Client.php index ab88c17..9bc5ebc 100644 --- a/classes/class-PMSSO-Client.php +++ b/classes/class-PMSSO-Client.php @@ -511,6 +511,10 @@ public function get_latest_pbs_userinfo($access_token = '') { $userinfo = $response['profile']; // append the VPPA status $userinfo = $this->derive_and_append_vppa_status($userinfo); + $vppa_redirect = $this->get_vppa_redirect($access_token); + if (!empty($vppa_redirect)) { + $userinfo['vppa_redirect'] = $vppa_redirect; + } return $userinfo; } else { $response['curlinfo'] = $info; @@ -520,6 +524,38 @@ public function get_latest_pbs_userinfo($access_token = '') { } + public function get_vppa_redirect($access_token = '') { + + // either returns false or, if needed, a vppa redirect that will allow the visitor to confirm their VPPA status + $url = 'https://profile.services.pbs.org/v2/login_resolve/'; + $customheaders = array('Application-Id: ' . $this->app_id, 'Authorization: Bearer ' . $access_token); + $postfields = array( + 'return_uri' => $this->redirect_uri, + 'handle_ux' => true + ); + $requestbody = http_build_query($postfields); + //construct the curl request + $ch = $this->build_curl_handle($url); + curl_setopt($ch, CURLOPT_POST, true); + curl_setopt($ch, CURLOPT_POSTFIELDS, $requestbody); + curl_setopt($ch, CURLOPT_HTTPHEADER, $customheaders); + curl_setopt($ch, CURLINFO_HEADER_OUT, true); + $response_json = curl_exec($ch); + $info = curl_getinfo($ch); + $errors = curl_error($ch); + curl_close($ch); + $return = false; + $response = json_decode($response_json, true); + error_log("login_resolve response: " . $response_json); + if (isset($response['show_vppa_screen'])) { + if (isset($response['vppa_redirect'])) { + $return = $response['vppa_redirect']; + } + } + return $return; + } + + private function store_pbs_userinfo($userinfo) { if (isset($userinfo['pid'])){ // store profile info in a cookie diff --git a/templates/authenticate.php b/templates/authenticate.php index daadedd..22154d1 100644 --- a/templates/authenticate.php +++ b/templates/authenticate.php @@ -86,8 +86,10 @@ $userinfo["membership_info"] = array("offer" => null, "status" => "Off"); if (isset ($mvaultinfo["membership_id"])) { $userinfo["membership_info"] = $mvaultinfo; - // we may as well setup a VPPA link - $vppa_links = $passport->get_oauth_links(array('scope' => 'account vppa')); + if (!$use_pmsso) { + // we may as well setup a VPPA link + $vppa_links = $passport->get_oauth_links(array('scope' => 'account vppa')); + } // We will now attempt to determine what the users current login_provider is // mvault is fallback $login_provider = !empty($mvaultinfo["pbs_profile"]["login_provider"]) ? strtolower($mvaultinfo["pbs_profile"]["login_provider"]) : false; @@ -96,7 +98,9 @@ } // what they last used on the website is better option $login_provider = !empty($_COOKIE['pbsoauth_loginprovider']) ? $_COOKIE['pbsoauth_loginprovider'] : $login_provider; - $vppa_link = $login_provider ? $vppa_links[$login_provider] : false; + if (!$use_pmsso) { + $vppa_link = $login_provider ? $vppa_links[$login_provider] : false; + } if (empty($_COOKIE['pbsoauth_loginprovider']) && !empty($mvaultinfo["pbs_profile"]["login_provider"])) { setcookie('pbsoauth_loginprovider', $login_provider, strtotime("+1 hour"), "/", $_SERVER['HTTP_HOST'], true, false); } diff --git a/templates/oauthcallback.php b/templates/oauthcallback.php index c270045..c75c63e 100644 --- a/templates/oauthcallback.php +++ b/templates/oauthcallback.php @@ -19,22 +19,21 @@ $defaults = get_option('pbs_passport_authenticate'); $passport = new PBS_Passport_Authenticate(dirname(__FILE__)); + +$use_pmsso = isset($defaults['pmsso_is_default']) ? $defaults['pmsso_is_default'] : false; $auth_client = false; -// code verifier will only come from PMSSO $code_verifier = ''; if (!empty($_COOKIE["pkce_code_verifier"])){ $code_verifier = $_COOKIE["pkce_code_verifier"]; setcookie( 'pkce_code_verifier', '', 1, '/', $_SERVER['HTTP_HOST']); +} +if ($use_pmsso) { $auth_client = $passport->get_pmsso_client(); } else { $auth_client = $passport->get_laas_client(); } -// log any current session out -$auth_client->logout(); - - $login_referrer = !empty($defaults['landing_page_url']) ? $defaults['landing_page_url'] : site_url(); if (!empty($_COOKIE["pbsoauth_login_referrer"])){ $login_referrer = $_COOKIE["pbsoauth_login_referrer"]; @@ -74,8 +73,16 @@ $errors = array(); if (isset($_GET["code"])){ - $code = $_GET["code"]; - $userinfo = $auth_client->authenticate($code, $rememberme, $nonce, $code_verifier); + // log any current session out + $auth_client->logout(); + $code = $_GET["code"]; + $userinfo = $auth_client->authenticate($code, $rememberme, $nonce, $code_verifier); +} else { + if ($use_pmsso) { + $userinfo = $auth_client->check_pmsso_login(); + } else { + $userinfo = $auth_client->check_pbs_login(); + } } // now we either have userinfo or null. diff --git a/templates/userinfo.php b/templates/userinfo.php index e636007..dfb8c49 100644 --- a/templates/userinfo.php +++ b/templates/userinfo.php @@ -120,8 +120,13 @@ /* Valid member needs VPPA */ elseif ( $userinfo['vppa_status'] != 'valid' && $userinfo['membership_info']['status'] == "On") { - wp_redirect(site_url('pbsoauth/vppa')); - exit; + if (!$use_pmsso) { + wp_redirect(site_url('pbsoauth/vppa')); + exit; + } else if (isset($userinfo['vppa_redirect']))} + wp_redirect($userinfo['vppa_redirect']); + exit; + } } /* expired member */