Skip to content

Commit

Permalink
Add ORCID support.
Browse files Browse the repository at this point in the history
  • Loading branch information
@terrencegf
terrencegf committed May 26, 2017
1 parent c49dc08 commit 0bed7f7
Show file tree
Hide file tree
Showing 5 changed files with 68 additions and 13 deletions.
1 change: 1 addition & 0 deletions composer.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
"php": ">=5.6.0",
"league/oauth2-google": "^2.0",
"league/oauth2-github": "^2.0",
"cilogon/oauth2-orcid": "^1.0",
"duosecurity/duo_php": "dev-master",
"endroid/qrcode": "^1.9",
"phpgangsta/googleauthenticator": "dev-master",
Expand Down
70 changes: 59 additions & 11 deletions src/Service/Content.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -475,6 +475,18 @@ public static function printWAYF($showremember = true, $incommonidps = false)
</p>
';
}
$orcidauthz = Util::getAuthzUrl('ORCID');
if ((isset($idps[$orcidauthz])) &&
($skin->idpAvailable($orcidauthz))) {
echo '
<p>
If you have a <a target="_blank"
href="https://orcid.org/my-orcid">ORCID</a>
account, you can select it for
authenticating to the CILogon Service.
</p>
';
}
}

echo '
Expand Down Expand Up @@ -931,8 +943,8 @@ public static function handleLogOnButtonClicked()
Util::setCookieVar('providerId', $providerId);
}
$providerName = Util::getAuthzIdP($providerId);
if (in_array($providerName, [ 'Google' , 'GitHub' ])) {
// Log in with Google or GitHub
if (in_array($providerName, ['Google' , 'GitHub', 'ORCID'])) {
// Log in with Google, GitHub, or ORCID
static::redirectToGetOAuth2User($providerId);
} else { // Use InCommon authn
static::redirectToGetShibUser($providerId);
Expand Down Expand Up @@ -1060,8 +1072,8 @@ public static function handleNoSubmitButtonClicked()
// then show the Logon page and uncheck the keepidp checkbox.
if ((strlen($selected_idp) == 0) || ($selected_idp == $providerId)) {
$providerName = Util::getAuthzIdP($providerId);
if (in_array($providerName, [ 'Google', 'GitHub' ])) {
// Log in with Google or GitHub
if (in_array($providerName, ['Google', 'GitHub', 'ORCID'])) {
// Log in with Google, GitHub, or ORCID
static::redirectToGetOAuth2User($providerId);
} elseif (Util::getIdpList()->exists($providerId)) {
// Log in with InCommon
Expand Down Expand Up @@ -1484,8 +1496,8 @@ public static function handleGotUser()
name or email address was missing. To rectify this problem,
go to the <a target="_blank"
href="https://myaccount.google.com/privacy#personalinfo">Google
Account Personal Information page</a>, and enter your First
Name, Last Name, and email address. (All other Google
Account Personal Information page</a>, and enter your first
name, last name, and email address. (All other Google
account information is not required by the CILogon Service.)
</p>
<p>
Expand Down Expand Up @@ -1518,7 +1530,7 @@ public static function handleGotUser()
name or email address was missing. To rectify this problem,
go to the <a target="_blank"
href="https://github.com/settings/profile">GitHub
Public Profile page</a>, and enter your Name and email address.
Public Profile page</a>, and enter your name and email address.
(All other GitHub account information is not required by
the CILogon Service.)
</p>
Expand All @@ -1544,6 +1556,41 @@ public static function handleGotUser()
</form>
</div>
';
} elseif ($idpname == 'ORCID') {
static::printErrorBox('
<p>
There was a problem logging on. It appears that you have
attempted to use ORCID as your identity provider, but your
name or email address was missing. To rectify this problem,
go to your <a target="_blank"
href="https://orcid.org/my-orcid">ORCID
Profile page</a>, enter your name and email address, and
make sure they can be viewed by Everyone.
(All other ORCID account information is not required by
the CILogon Service.)
</p>
<p>
After you have updated your ORCID account profile, click
the "Proceed" button below and attempt to log on
with your ORCID account again. If you have any questions,
please contact us at the email address at the bottom of the
page.</p>
');

echo '
<div>
';
static::printFormHead($redirect, 'get');
echo '
<p class="centered">
<input type="hidden" name="providerId" value="' ,
Util::getAuthzUrl('ORCID') , '" /> ' , $redirectform , '
<input type="submit" name="submit" class="submit"
value="Proceed" />
</p>
</form>
</div>
';
} else { // Problem was missing SAML attribute from Shib IdP
static::printAttributeReleaseErrorMessage(
$ePPN,
Expand Down Expand Up @@ -2354,12 +2401,13 @@ public static function getCompositeIdPList($incommonidps = false)
$idplist = Util::getIdpList();
if ($incommonidps) { // Get all InCommon IdPs only
$retarray = $idplist->getInCommonIdPs();
} else { // Get the whitelisted InCommon IdPs, plus maybe Google/GitHub
} else { // Get the whitelisted InCommon IdPs, plus maybe Google/GitHub/ORCID
$retarray = $idplist->getWhitelistedIdPs();

// Add Google and GitHub to the list
// Add Google, GitHub, and ORCID to the list
$retarray[Util::getAuthzUrl('Google')] = 'Google';
$retarray[Util::getAuthzUrl('GitHub')] = 'GitHub';
$retarray[Util::getAuthzUrl('ORCID')] = 'ORCID';

// Check to see if the skin's config.xml has a whitelist of IDPs.
// If so, go thru master IdP list and keep only those IdPs in the
Expand Down Expand Up @@ -2625,11 +2673,11 @@ public static function isEduGAINAndGetCert($idp = '', $idpname = '')
}
}

// First, make sure $idp was set and is not Google/GitHub.
// First, make sure $idp was set and is not Google/GitHub/ORCID.
$idplist = Util::getIdpList();
if (((strlen($idp) > 0) &&
(strlen($idpname) > 0) &&
(!in_array($idpname, ['Google', 'GitHub']))) &&
(!in_array($idpname, ['Google', 'GitHub', 'ORCID']))) &&
(
// Next, check for eduGAIN without REFEDS R&S and SIRTFI
((!$idplist->isRegisteredByInCommon($idp)) &&
Expand Down
3 changes: 1 addition & 2 deletions src/Service/DBService.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -422,8 +422,7 @@ public function getUser(...$args)
$idp = $args[1];
$idp_display_name = $args[2];
if ((Util::getIdpList()->isRegisteredByInCommon($idp)) ||
($idp_display_name == 'Google') ||
($idp_display_name == 'GitHub')) {
(in_array($idp_display_name, ['Google', 'GitHub', 'ORCID']))) {
$us_idp = 1;
}
$cmd .= "&us_idp=$us_idp";
Expand Down
5 changes: 5 additions & 0 deletions src/Service/OAuth2Provider.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
use CILogon\Service\Util;
use League\OAuth2\Client\Provider\Github;
use League\OAuth2\Client\Provider\Google;
use CILogon\OAuth2\Client\Provider\ORCID;

/**
* OAuth2Provider
Expand Down Expand Up @@ -57,6 +58,10 @@ public function __construct($idp)
$client_secret = Util::getConfigVar('githuboauth2.clientsecret');
$classname = 'League\OAuth2\Client\Provider\Github';
$this->authzUrlOpts = [ 'scope' => ['user:email'] ];
} elseif ($idp == 'orcid') {
$client_id = Util::getConfigVar('orcidoauth2.clientid');
$client_secret = Util::getConfigVar('orcidoauth2.clientsecret');
$classname = 'League\OAuth2\Client\Provider\ORCID';
}

if ((strlen($client_id) > 0) && (strlen($client_secret) > 0)) {
Expand Down
2 changes: 2 additions & 0 deletions src/Service/Util.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -801,6 +801,7 @@ public static function getAuthzUrl($idp)
$idptourl = array(
'Google' => 'https://accounts.google.com/o/oauth2/auth',
'GitHub' => 'https://github.com/login/oauth/authorize',
'ORCID' => 'https://orcid.org/oauth/authorize',
);
if (array_key_exists($idp, $idptourl)) {
$url = $idptourl[$idp];
Expand All @@ -823,6 +824,7 @@ public static function getAuthzIdP($url)
$urltoidp = array(
'https://accounts.google.com/o/oauth2/auth' => 'Google',
'https://github.com/login/oauth/authorize' => 'GitHub',
'https://orcid.org/oauth/authorize' => 'ORCID',
);
if (array_key_exists($url, $urltoidp)) {
$idp = $urltoidp[$url];
Expand Down

0 comments on commit 0bed7f7

Please sign in to comment.