-
Notifications
You must be signed in to change notification settings - Fork 0
/
inacademia.php
120 lines (103 loc) · 3.23 KB
/
inacademia.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
<?php
/**
* InAcademia
*
* @package InAcademia
*/
defined( 'ABSPATH' ) || exit;
/**
* Autoload OpenOIConnectClient
*
* @package InAcademia
*/
require 'vendor/autoload.php';
use Jumbojett\OpenIDConnectClient;
/**
* Start URL.
*/
function inacademia_create_start_url() {
$rest_url = get_rest_url();
$url = $rest_url . INACADEMIA_SLUG . '/start';
return $url;
}
/**
* Redirect URL.
*/
function inacademia_create_redirect_url() {
$rest_url = get_rest_url();
$url = $rest_url . INACADEMIA_SLUG . '/redirect';
return $url;
}
/**
* Dummy validation routine
*/
function inacademia_validate_dummy() {
session_start( array( 'name' => 'inacademia' ) );
$validate = true;
$_SESSION['inacademia_validated'] = $validate;
if ( ! $validate ) {
$_SESSION['inacademia_error'] = 'Error';
}
if ( isset( $_SERVER['HTTP_REFERER'] ) ) {
$http_referer = filter_input( INPUT_SERVER, 'HTTP_REFERER', FILTER_VALIDATE_URL );
} else {
$http_referer = '/';
}
header( 'Location: ' . $http_referer, true );
}
/**
* Validation routing
*/
function inacademia_validate() {
session_start( array( 'name' => 'inacademia' ) );
if ( ! isset( $_SESSION['inacademia_referrer'] ) && isset( $_SERVER['HTTP_REFERER'] ) ) {
$_SESSION['inacademia_referrer'] = filter_input( INPUT_SERVER, 'HTTP_REFERER', FILTER_VALIDATE_URL );
}
/*
* Bikeshed
// $op_url = $_SESSION['inacademia_op_url']; // https://op.inacademia.local/
// $scope = $_SESSION['inacademia_scope']; // student
*/
$op_url = INACADEMIA_OP_URL;
$scope = 'student'; // scope is now fixed.
$client_id = isset( $_SESSION['inacademia_client_id'] ) ? filter_var( $_SESSION['inacademia_client_id'], FILTER_SANITIZE_STRING ) : '';
$client_secret = isset( $_SESSION['inacademia_client_secret'] ) ? filter_var( $_SESSION['inacademia_client_secret'], FILTER_SANITIZE_STRING ) : '';
$oidc = new OpenIDConnectClient( $op_url, $client_id, $client_secret );
// For debug purposes on local dev.
$oidc->setVerifyHost( false );
$oidc->setVerifyPeer( false );
$oidc->setHttpUpgradeInsecureRequests( false );
$oidc->addScope( explode( ' ', 'transient ' . $scope ) );
/*
* Bikeshed
// $oidc->addAuthParam(array('aarc_idp_hint' => $aarc_idp_hint));
// $oidc->addAuthParam(array('claims' => 'student'));
// $oidc->addAuthParam(array('response_mode' => 'form_post'));
*/
$oidc->setResponseTypes( array( 'code' ) );
/*
* Bikeshed
// $oidc->setAllowImplicitFlow(true);
*/
$oidc->setRedirectURL( inacademia_create_redirect_url() );
$claims = isset( $_SESSION['inacademia_claims'] ) ? filter_var( $_SESSION['inacademia_claims'], FILTER_SANITIZE_STRING ) : null;
$validated = false;
try {
if ( ! $claims ) {
$oidc->authenticate();
$claims = $oidc->getVerifiedClaims();
if ( in_array( $scope, $claims->returned_scopes->values ) ) {
$validated = true;
}
}
} catch ( Exception $e ) {
$_SESSION['inacademia_error'] = $e->getMessage();
error_log( json_encode( $e->getMessage(), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES ) );
}
$_SESSION['inacademia_validated'] = $validated;
if ( isset( $_SESSION['inacademia_referrer'] ) ) {
$location = filter_var( $_SESSION['inacademia_referrer'], FILTER_SANITIZE_URL );
unset( $_SESSION['inacademia_referrer'] );
header( 'Location: ' . $location, true );
}
}