From 2b615f7d6ae77d7efe3661c4e63c66c32e16e759 Mon Sep 17 00:00:00 2001 From: Ronan Dowling Date: Wed, 1 Jul 2015 16:37:39 -0500 Subject: [PATCH 1/9] Add print_r version of auth0 user tab For php < 5.4 compatibility --- auth0.module | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/auth0.module b/auth0.module index 995c327..2775564 100644 --- a/auth0.module +++ b/auth0.module @@ -90,7 +90,12 @@ function auth0_menu() { */ function auth0_user_info_page($user) { if ($object = auth0_get_auth0_object_from_drupal_uid($user->uid)) { - return '
' . json_encode($object, JSON_PRETTY_PRINT) . '
'; + if (defined('JSON_PRETTY_PRINT')) { + return '
' . json_encode($object, JSON_PRETTY_PRINT) . '
'; + } + else { + return '
' . print_r($object, true) . '
'; + } } else { return t('This user has not authenticated with Auth0'); From e8d84bfbf3b2035065cdfa9378207a77424a29fd Mon Sep 17 00:00:00 2001 From: Ronan Dowling Date: Wed, 1 Jul 2015 16:38:03 -0500 Subject: [PATCH 2/9] Add php 5.3 requirement for namespaces --- auth0.info | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/auth0.info b/auth0.info index 3bf6dfd..4df0572 100644 --- a/auth0.info +++ b/auth0.info @@ -1,3 +1,4 @@ name = Auth0 description = "Provides single sign on for drupal pages" -core = "7.x" \ No newline at end of file +core = "7.x" +php = 5.3 From 2e64da4fc7efaee2d6066e50f6e500106e31f5b0 Mon Sep 17 00:00:00 2001 From: Ronan Dowling Date: Wed, 1 Jul 2015 17:50:11 -0500 Subject: [PATCH 3/9] Add alter to allow pre-login modification --- auth0.module | 3 +++ 1 file changed, 3 insertions(+) diff --git a/auth0.module b/auth0.module index 980a886..da462e8 100644 --- a/auth0.module +++ b/auth0.module @@ -183,6 +183,9 @@ function auth0_login_auth0_user($user_info, $id_token) { $requires_email = variable_get('auth0_requires_email', TRUE); $requires_verified_email = $requires_email && variable_get('user_email_verification', TRUE); + // Allow other modules to modify the Auth0 user before processing the login. + drupal_alter('auth0_user_pre_login', $user_info, $id_token); + // Check that the user account has an e-mail address if one is required. if ($requires_email && empty($user_info['email'])) { return drupal_set_message( From 66be801ce1bddc7274770de37affec0ef16d2869 Mon Sep 17 00:00:00 2001 From: Ronan Dowling Date: Thu, 2 Jul 2015 12:44:59 -0500 Subject: [PATCH 4/9] Fix issue logging in first time Conflicts: auth0.module --- auth0.module | 49 ++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 42 insertions(+), 7 deletions(-) diff --git a/auth0.module b/auth0.module index da462e8..fee4a64 100644 --- a/auth0.module +++ b/auth0.module @@ -157,10 +157,11 @@ function auth0_callback() { // var_dump($auth0); die; + $success = FALSE; if ($user_info) { - auth0_login_auth0_user($user_info, $id_token); + $success =auth0_login_auth0_user($user_info, $id_token); } - else { + if (!$success) { drupal_set_message(t('There was a problem logging you in, sorry for the inconvenience.'), 'error'); } @@ -195,7 +196,7 @@ function auth0_login_auth0_user($user_info, $id_token) { } // Check that the user has a verified e-mail address if that is required. if ($requires_verified_email && isset($user_info['email']) && empty($user_info['email_verified'])) { - auth0_fail_with_verify_email($id_token); + return auth0_fail_with_verify_email($id_token); } // See if there is a user in the auth0_user table with the user info client id @@ -206,8 +207,8 @@ function auth0_login_auth0_user($user_info, $id_token) { auth0_update_auth0_object($user_info); // Log in the user. - $form_state['uid'] = $uid; - user_login_submit(array(), $form_state); + $account = user_load(array('uid' => $uid)); + return auth0_authenticate_user($account); } else { // If the user doesn't exist we need to either create a new one, or assign @@ -249,8 +250,38 @@ function auth0_login_auth0_user($user_info, $id_token) { auth0_insert_auth0_user($user_info, $uid); // Log in the user. - $form_state['uid'] = $uid; - user_login_submit(array(), $form_state); + $account = user_load(array('uid' => $uid)); + return auth0_authenticate_user($account); + } + + return FALSE; +} + +/** + * Authenticate the given user. + * + * We use our own login form because user_external_login loads the login form which + * we are modifying. + */ +function auth0_authenticate_user($account) { + if (user_is_blocked($account->name) || drupal_is_denied('user', $account->name)) { + watchdog('Auth0', 'Attempted login by blocked user %name', array('%name' => $user->name)); + return FALSE; + } + + global $user; + $user = $account; + $values = array('name' => $account->name); + user_authenticate_finalize($values); + return TRUE; +} + +/** + * Implements hook_user(). + */ +function auth0_user($op, &$edit, &$account, $category = NULL) { + if ($op == 'delete') { + return auth0_user_delete($account); } } @@ -329,6 +360,10 @@ function auth0_create_user_from_auth0($user_info) { $user->pass = user_password(); $new_user = user_save($user); + if ($user) { + watchdog('Auth0', 'Account created for %name', array('%name' => $user->name), WATCHDOG_NOTICE, l(t('edit'), 'user/'. $user->uid .'/edit')); + } + // Notify the user if they must have approval. if (!$user->status) { drupal_set_message(t('Thank you for applying for an account. Your account is currently pending approval by the site administrator.')); From ad120d1a495432d57fd99fdc7a5e9700434eb402 Mon Sep 17 00:00:00 2001 From: Ronan Dowling Date: Thu, 2 Jul 2015 12:47:47 -0500 Subject: [PATCH 5/9] Simplify login call --- auth0.module | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/auth0.module b/auth0.module index fee4a64..40bf6e6 100644 --- a/auth0.module +++ b/auth0.module @@ -207,8 +207,7 @@ function auth0_login_auth0_user($user_info, $id_token) { auth0_update_auth0_object($user_info); // Log in the user. - $account = user_load(array('uid' => $uid)); - return auth0_authenticate_user($account); + return auth0_authenticate_user($uid); } else { // If the user doesn't exist we need to either create a new one, or assign @@ -250,8 +249,7 @@ function auth0_login_auth0_user($user_info, $id_token) { auth0_insert_auth0_user($user_info, $uid); // Log in the user. - $account = user_load(array('uid' => $uid)); - return auth0_authenticate_user($account); + return auth0_authenticate_user($uid); } return FALSE; @@ -263,7 +261,9 @@ function auth0_login_auth0_user($user_info, $id_token) { * We use our own login form because user_external_login loads the login form which * we are modifying. */ -function auth0_authenticate_user($account) { +function auth0_authenticate_user($uid) { + $account = user_load(array('uid' => $uid)); + if (user_is_blocked($account->name) || drupal_is_denied('user', $account->name)) { watchdog('Auth0', 'Attempted login by blocked user %name', array('%name' => $user->name)); return FALSE; From 3fa813418d016b105580e1bb1c55017e9dd5574b Mon Sep 17 00:00:00 2001 From: Ronan Dowling Date: Thu, 2 Jul 2015 12:53:46 -0500 Subject: [PATCH 6/9] Port login function to D7 --- auth0.module | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/auth0.module b/auth0.module index 40bf6e6..74b9b46 100644 --- a/auth0.module +++ b/auth0.module @@ -262,17 +262,8 @@ function auth0_login_auth0_user($user_info, $id_token) { * we are modifying. */ function auth0_authenticate_user($uid) { - $account = user_load(array('uid' => $uid)); - - if (user_is_blocked($account->name) || drupal_is_denied('user', $account->name)) { - watchdog('Auth0', 'Attempted login by blocked user %name', array('%name' => $user->name)); - return FALSE; - } - - global $user; - $user = $account; - $values = array('name' => $account->name); - user_authenticate_finalize($values); + $form_state['uid'] = $uid; + user_login_submit(array(), $form_state); return TRUE; } From 49946abc33b5909dc706657db3ef623d876152ad Mon Sep 17 00:00:00 2001 From: Ronan Dowling Date: Thu, 30 Jul 2015 11:28:11 -0500 Subject: [PATCH 7/9] Add soft dependency on Composer Manager and add INSTALL.txt --- INSTALL.txt | 23 +++++++++++++++++++ auth0.module | 64 ++++++++++++++++++++++++++++++++++++++++++++-------- 2 files changed, 77 insertions(+), 10 deletions(-) create mode 100644 INSTALL.txt diff --git a/INSTALL.txt b/INSTALL.txt new file mode 100644 index 0000000..5ebe6e4 --- /dev/null +++ b/INSTALL.txt @@ -0,0 +1,23 @@ +Installing the Auth0 module +--------------------------- + +Auth0 requires some additional PHP packages to function. These packages are +managed by Composer (https://getcomposer.org/) and must be installed before +you can use this module. There are 2 ways to install these packages: + +1) Directly with Composer +If you have composer already installed you can run: + + > composer install + +from inside the module directory. Composer will then download and install all +of the required dependencies. + +2) With Composer Manager +Composer Manager (https://www.drupal.org/project/composer_manager) is a Drupal +module to help with the management of dependencies accross all installed modules. + +Follow the Composer Manager instructions: https://www.drupal.org/node/2405805 +to install Composer Manager and use it to download and install the Auth0 module +dependencies. + diff --git a/auth0.module b/auth0.module index 74b9b46..ad12121 100644 --- a/auth0.module +++ b/auth0.module @@ -1,8 +1,5 @@ uid)) { if (defined('JSON_PRETTY_PRINT')) { return '
' . json_encode($object, JSON_PRETTY_PRINT) . '
'; @@ -106,6 +102,10 @@ function auth0_user_info_page($user) { * Verify email page callback. */ function auth0_verify_email_page() { + if (!auth0_enabled('login')) { + return drupal_goto(); + } + $token = $_REQUEST['token']; $secret = variable_get('auth0_client_secret', ''); @@ -138,8 +138,11 @@ function auth0_verify_email_page() { * the user if the parameters are valid. */ function auth0_callback() { + if (!auth0_enabled('login')) { + return drupal_goto(); + } - $auth0 = new Auth0(array( + $auth0 = new \Auth0SDK\Auth0(array( 'domain' => variable_get('auth0_domain', ''), 'client_id' => variable_get('auth0_client_id', ''), 'client_secret' => variable_get('auth0_client_secret', ''), @@ -159,7 +162,7 @@ function auth0_callback() { $success = FALSE; if ($user_info) { - $success =auth0_login_auth0_user($user_info, $id_token); + $success = auth0_login_auth0_user($user_info, $id_token); } if (!$success) { drupal_set_message(t('There was a problem logging you in, sorry for the inconvenience.'), 'error'); @@ -381,6 +384,11 @@ function auth0_theme() { * The Auth0 basic configuration settings form callback. */ function auth0_login_form($form, &$form_state) { + if (!auth0_check_dependencies()) { + // Set message. + auth0_missing_dependencies_message(); + } + // Text field for the e-mail subject. $form['auth0_client_id'] = array( '#type' => 'textfield', @@ -411,6 +419,11 @@ function auth0_login_form($form, &$form_state) { * The Auth0 advanced configuration settings form callback. */ function auth0_advanced_form($form, &$form_state) { + if (!auth0_check_dependencies()) { + // Set message. + auth0_missing_dependencies_message(); + } + // Text field for the e-mail subject. $form['auth0_form_title'] = array( '#type' => 'textfield', @@ -480,7 +493,7 @@ function auth0_user_logout($account) { * Replace the user login forms with the Auth0 login widget. */ function auth0_form_alter(&$form, $form_state, $form_id) { - if ($form_id == 'user_login_block' || $form_id == 'user_login' && auth0_enabled('login')) { + if (($form_id == 'user_login_block' || $form_id == 'user_login') && auth0_enabled('login')) { _auth0_form_replace_with_lock($form, 'signin'); } @@ -611,6 +624,10 @@ function template_preprocess_auth0_lock(&$vars) { * Determine if Auth0 is enabled and can be used. */ function auth0_enabled($operation = '') { + if (!auth0_check_dependencies()) { + return FALSE; + } + $out = FALSE; // Check that the module has been configured. @@ -634,3 +651,30 @@ function auth0_enabled($operation = '') { return $out; } + +/** + * Check that the dependencies were autoloaded. + */ +function auth0_check_dependencies() { + if (class_exists('\Auth0SDK\Auth0')) { + return TRUE; + } + if (file_exists(DRUPAL_ROOT . '/' . drupal_get_path('module', 'auth0') . '/vendor/autoload.php')) { + require_once DRUPAL_ROOT . '/' . drupal_get_path('module', 'auth0') . '/vendor/autoload.php'; + return TRUE; + } + return FALSE; +} + +/** + * Set a message explaining how to install the dependencies. + */ +function auth0_missing_dependencies_message() { + drupal_set_message( + t( + 'Auth0 is not fully installed. See the module\'s INSTALL.txt file for installation instructions.', + array('!url' => 'https://www.drupal.org/project/composer_manager') + ), + 'warning' + ); +} From a983b103af3e2dd88c2aabb62f9ec7522a3ebfa8 Mon Sep 17 00:00:00 2001 From: Ronan Dowling Date: Thu, 30 Jul 2015 11:32:55 -0500 Subject: [PATCH 8/9] Clean up configuration a little Add link on module page. Rename callback to be more descriptive. Reorder tabs. Reorder credentials fields to match Auth0 dashboard --- auth0.info | 2 ++ auth0.module | 26 +++++++++++++------------- 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/auth0.info b/auth0.info index 4df0572..495a9c1 100644 --- a/auth0.info +++ b/auth0.info @@ -2,3 +2,5 @@ name = Auth0 description = "Provides single sign on for drupal pages" core = "7.x" php = 5.3 + +configure = admin/config/people/auth0 diff --git a/auth0.module b/auth0.module index ad12121..a6dd7b0 100644 --- a/auth0.module +++ b/auth0.module @@ -51,7 +51,7 @@ function auth0_menu() { 'title' => 'Auth0 Login Settings', 'description' => 'Configure your auth0 account and widget.', 'page callback' => 'drupal_get_form', - 'page arguments' => array('auth0_login_form'), + 'page arguments' => array('auth0_basic_settings_form'), 'access arguments' => array('administer site configuration'), ); @@ -60,7 +60,7 @@ function auth0_menu() { 'title' => 'Basic', 'description' => 'Configure your auth0 account and widget.', 'page callback' => 'drupal_get_form', - 'page arguments' => array('auth0_login_form'), + 'page arguments' => array('auth0_basic_settings_form'), 'access arguments' => array('administer site configuration'), 'type' => MENU_DEFAULT_LOCAL_TASK, ); @@ -70,9 +70,10 @@ function auth0_menu() { 'title' => 'Advanced', 'description' => 'Configure your auth0 account and widget.', 'page callback' => 'drupal_get_form', - 'page arguments' => array('auth0_advanced_form'), + 'page arguments' => array('auth0_advanced_settings_form'), 'access arguments' => array('administer site configuration'), 'type' => MENU_LOCAL_TASK, + 'weight' => 10 ); return $items; @@ -383,13 +384,19 @@ function auth0_theme() { /** * The Auth0 basic configuration settings form callback. */ -function auth0_login_form($form, &$form_state) { +function auth0_basic_settings_form($form, &$form_state) { if (!auth0_check_dependencies()) { // Set message. auth0_missing_dependencies_message(); } - // Text field for the e-mail subject. + $form['auth0_domain'] = array( + '#type' => 'textfield', + '#title' => t('Domain'), + '#default_value' => variable_get('auth0_domain', ''), + '#description' => t('Your Auth0 domain, you can see it in the auth0 dashboard.'), + '#required' => TRUE, + ); $form['auth0_client_id'] = array( '#type' => 'textfield', '#title' => t('Client id'), @@ -404,13 +411,6 @@ function auth0_login_form($form, &$form_state) { '#description' => t('Application secret, copy from the auth0 dashboard.'), '#required' => TRUE, ); - $form['auth0_domain'] = array( - '#type' => 'textfield', - '#title' => t('Domain'), - '#default_value' => variable_get('auth0_domain', ''), - '#description' => t('Your Auth0 domain, you can see it in the auth0 dashboard.'), - '#required' => TRUE, - ); return system_settings_form($form); } @@ -418,7 +418,7 @@ function auth0_login_form($form, &$form_state) { /** * The Auth0 advanced configuration settings form callback. */ -function auth0_advanced_form($form, &$form_state) { +function auth0_advanced_settings_form($form, &$form_state) { if (!auth0_check_dependencies()) { // Set message. auth0_missing_dependencies_message(); From fc257bf2034e093c5db3eb1c9cbedba7bee51756 Mon Sep 17 00:00:00 2001 From: Ronan Dowling Date: Thu, 30 Jul 2015 11:34:38 -0500 Subject: [PATCH 9/9] Renove second README --- README.txt | 76 ------------------------------------------------------ 1 file changed, 76 deletions(-) delete mode 100644 README.txt diff --git a/README.txt b/README.txt deleted file mode 100644 index 09aec1e..0000000 --- a/README.txt +++ /dev/null @@ -1,76 +0,0 @@ -SUMMARY -------- - -Single Sign On for Enterprises + Social Login + User/Passwords. For all your Drupal instances. -Powered by Auth0. - -INSTALLATION ------------- -Before you start, **make sure the admin user has a valid email that you own**, read the Technical Notes for more information. - -1. On the modules configuration page, select `install new module` and upload the latest release of this plugin - as a `.tar.gz` file - -2. Enable it on the module page - -3. Configure it using your auth0 account. - -INSTALLATION FROM GITHUB ------------------------- -1. Clone the repo to your modules directory: - $ git clone https://github.com/auth0/auth0-drupal.git $DRUPAL_ROOT/sites/all/modules/auth0-drupal - -2. Install composer dependencies: - $ cd auth0-drupal - $ curl -sS https://getcomposer.org/installer | php - $ php composer.phar install - -3. Enable it on the module page - -4. Configure it using your auth0 account. - - - -AUTH0 CONFIGURATION -------------------- -1. Go to your auth0 dashboard https://app.auth0.com/ -2. Create a new PHP application. -3. On App Callbacks URLs add a url like this `http:///auth0/callback` -4. Open "API Access" tab. -5. Keep notice of your domain, client id and client secret - -MODULE CONFIGURATION --------------------- -You can go to the module configuration by this url http:///admin/config/people/auth0 or using the menu under the people configuration tab. You need to at least configure the domain, client id and client secret on the basic tab, using the information of the auth0 dashboard. - -The advance tab contains: -* Form title: -The title to be printed on top of the login widget - -* Allow user signup: -This only matters if you have database users enabled, and you want that users can sign up using the -login widget - -* Widget CDN: -Changing this url you can use the latest version of the widget without updating this plugin - -* Requires verified email: -Some of the authentication providers have email, other doesnt (example twitter). When they do, that email can be verified or not. Meaning, we know that the user really owns that email account. -If you check this box, users will be required to have a verified email in order to login. - -* Login widget css: -This is the basic css used to fit the login widget to the drupal default theme, but if you have a custom theme, you may want to change this as well - -TECHNICAL NOTES ---------------- - -**IMPORTANT**: By using this plugin you are delegating the site authentication to Auth0. That means that you won't be using the drupal database to authenticate users anymore and the default login box won't show anymore. However, we can still associate your existing users by merging them by email. This section explains how. - -When you install this plugin you have at least one existing user in the database (the admin user). If the site is already being used, you probably have more than just the admin. We want you to keep those users, of course. - -Auth0 allows multiple authentication providers. You can have social providers like Facebook, Twitter, Google+, etc., you can have a database of users/passwords (just like drupal but hosted in Auth0) or you can use an Enterprise directory like Active Directory, LDAP, Office365, SAML and others. All those authentication providers might give you an email and a flag indicating whether the email was verified or not. We use that email (only if its verified) to associate a previous **existing** user with the one coming from Auth0. - -If the email was not verified and there is an account with that email in drupal, the user will be presented with a message saying that the email was not verified and a link to "Re-send the verification email". - - -