Commit de993c75 authored by Pål Karlsrud's avatar Pål Karlsrud

When a user logs in using dataporten, check whether they are member of

any MAS groups. If so, add them to owncloud group corresponding to this
MAS group, and allow them to access group specific files.
parent 656c5601
......@@ -42,7 +42,7 @@ class Dataporten extends OAuth2
/**
* {@inheritdoc}
*/
protected $scope = 'email, profile, userid, openid';
protected $scope = 'email profile userid openid gk_daas-mas';
/**
* {@inheritdoc}
......@@ -72,6 +72,7 @@ class Dataporten extends OAuth2
{
$response = $this->apiRequest('https://auth.dataporten.no/userinfo');
$data = new Data\Collection($response);
if (! $data->exists('user')) {
......@@ -79,6 +80,9 @@ class Dataporten extends OAuth2
}
$user = new Data\Collection($data->get('user'));
if (! $user->exists('userid')) {
throw new UnexpectedApiResponseException('Provider API returned an unexpected response. user.userid is missing.');
}
$userProfile = new User\Profile();
......
......@@ -3,4 +3,6 @@
require __DIR__ . '/../3rdparty/autoload.php';
$app = new \OCA\SocialLogin\AppInfo\Application();
$app->getContainer()->query('OCA\SocialLogin\Hooks\UserHooks')->register();
$app->getContainer()->query('OCA\SocialLogin\Hooks\GroupHooks')->register();
$app->register();
......@@ -225,6 +225,8 @@ class LoginController extends Controller
try {
$adapter = new $class($config, null, $this->storage);
$adapter->authenticate();
$this->session->set('oauth_access_token', $adapter->getAccessToken()['access_token'] ?? null);
/** @var Profile $profile */
$profile = $adapter->getUserProfile($config['id.scope'] ?? null);
} catch (\Exception $e) {
......@@ -238,7 +240,7 @@ class LoginController extends Controller
if (strlen($uid) > 64) {
$uid = $provider.'-'.md5($profileId);
}
return $this->login($uid, $profile, $config['id.scope']);
return $this->login($uid, $profile, $config['id.scope'] ?? null);
}
/**
......
<?php
namespace OCA\SocialLogin\Hooks;
use OCP\ILogger;
use \OCP\IGroupManager;
use OCP\Files\IRootFolder;
use OCP\Share\IShare;
use OCP\Share\IManager;
use OCP\Files\Mount\IMountManager;
use OCP\Files\Mount\IMountPoint;
use OC\Files\External\StorageConfig;
use OC\Files\External\StoragesBackendService;
use OC\Files\Storage\Local;
use OC\Files\External\Auth\NullMechanism;
use OCP\Files\External\NotFoundException;
use OC\Files\Filesystem;
use OC\Files\Mount\MountPoint;
class GroupHooks {
const MAS_PREFIX = "fc:mas:";
const MAS_PREFIX_LEN = 7;
private $groupManager;
public function __construct(ILogger $logger, IGroupManager $groupManager, \OCP\Share\IManager $shareManager) {
$this->groupManager = $groupManager;
$this->shareManager = $shareManager;
$this->log = $logger;
}
public function register() {
$storageService = \OC::$server->query('GlobalStoragesService');
// If the group is a MAS group (i.e. has prefix fc:mas:$ID_HERE)
// map it to the appropriate folder
$callback = function($group) {
$group_gid = $group->getGID();
if (substr($group_gid, 0, self::MAS_PREFIX_LEN) !== self::MAS_PREFIX) return;
$group_mas_id = substr($group_gid, self::MAS_PREFIX_LEN);
$storageService = \OC::$server->query('GlobalStoragesService');
$storage_id = $group_gid . "-mount";
// Don'ẗ modify the storage if it already exists.
try {
if ($storageService->getStorage($storage_id)) return;
} catch (NotFoundException $e) {
}
$storage = new StorageConfig();
$storage->setId($storage_id);
$storage->setMountPoint($group_mas_id);
$storage->setMountOptions(["enable_sharing" => true]);
$storage->setAuthMechanism(new NullMechanism());
$storage->setBackend(\OC::$server->query('StoragesBackendService')->getBackend("local"));
$storage->setApplicableGroups([$group_gid]);
$storage->setBackendOptions(["datadir" => "/data/" . $group_mas_id]);
$storageService->addStorage($storage);
};
$this->groupManager->listen('\OC\Group', 'postCreate', $callback);
}
}
<?php
namespace OCA\SocialLogin\Hooks;
use OCP\IConfig;
use OCP\ILogger;
use OCP\ISession;
use \OCP\IUserManager;
use \OCP\IGroupManager;
use \OCP\IUserSession;
class UserHooks {
private $userManager;
private $groupManager;
public function __construct(IUserManager $userManager, ISession $session, ILogger $logger, IUserSession $usersession, IConfig $config, IGroupManager $groupManager){
$this->userManager = $userManager;
$this->groupManager = $groupManager;
$this->session = $session;
$this->userSession = $usersession;
$this->log = $logger;
}
public function register() {
$callback = function($user) {
$groups = $this->fetchGroups($this->session->get('oauth_access_token'));
// If a group the user is part of does not exist, create it,
// otherwise add them to the list of members.
foreach ($groups as $group) {
$oc_group = $this->groupManager->get($group->id);
if (!$oc_group) {
$this->groupManager->createGroup($group->id)->addUser($user);
continue;
}
if ($oc_group->inGroup($user)) continue;
$oc_group->addUser($user);
}
};
$this->userManager->listen('\OC\User', 'postLogin', $callback);
}
private function fetchJsonAPI($accesstoken, $url) {
$opts = array(
'http' => array(
'method' => "GET",
'header' => "Authorization: Bearer $accesstoken\r\n",
)
);
$context = stream_context_create($opts);
$content = file_get_contents($url, false, $context);
return json_decode($content);
}
private function fetchGroups($accesstoken) {
//return $this->fetchJsonAPI($accesstoken, "https://daas-mas.dataporten-api.no/groups/me/groups");
return json_decode('[{"gid": 42, "displayName": "bare en test", "id": "fc:mas:halla"}]');
}
private function logout() {
$this->userSession->logout();
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment