testlink-code/lib/functions/oauth_providers/oidc.php at d7f72dc3fd1d52223fd66f0883549aca5243e34d · TestLinkOpenSourceTRMS/testlink-code · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
<?php
/**
 * TestLink Open Source Project - http://testlink.sourceforge.net/
 * This script is distributed under the GNU General Public License 2 or later.
 *
 * @filesource  oidc.php
 *
 * OIDC OAUTH API (authentication)
 *
 * @internal revisions
 * @since 1.9.20
 *
 */

// Get token
function oauth_get_token($authCfg, $code) {

  $result = new stdClass();
  $result->status = array('status' => tl::OK, 'msg' => null);

  // Params to get token
  $oauthParams = array(
     'code'          => $code,
     'client_id'     => $authCfg['oauth_client_id'],
     'client_secret' => $authCfg['oauth_client_secret'],
     'grant_type'    => $authCfg['oauth_grant_type']
  );

  $oauthParams['redirect_uri'] = $authCfg['redirect_uri'];
  if( isset($authCfg['https']) ) {
    $oauthParams['redirect_uri'] =
      str_replace('http://', 'https://', $oauthParams['redirect_uri']);
  }

  // Step #1 - Get the token
  $curl = curl_init();
  curl_setopt($curl, CURLOPT_URL, $authCfg['token_url']);
  curl_setopt($curl, CURLOPT_POST, 1);
  curl_setopt($curl, CURLOPT_HTTPHEADER, array('Accept: application/json'));
  curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($oauthParams));
  curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
  curl_setopt($curl, CURLOPT_COOKIESESSION, true);
  curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
  $result_curl = curl_exec($curl);

  if( $result_curl === false ) {
    echo 'Curl error: ' . curl_error($curl);
    echo '<pre>';
    var_dump(curl_getinfo($curl));
    echo '</pre>';
    return false;
  }
  curl_close($curl);
  $tokenInfo = json_decode($result_curl);

  // If token is received start session
  if (isset($tokenInfo->access_token)) {

    $tokens = explode('.', $tokenInfo->id_token);
    if (count($tokens) != 3)
      return false;

    $base64payload = $tokens[1];

    $payload = json_decode(base64_decode($base64payload));
    if ($payload==false){
      return false;
    }

    $result->options = new stdClass();
    $result->options->givenName = $payload->name;
    $result->options->familyName = $payload->name;
    $result->options->user = $payload->email;
    $result->options->auth = 'oauth';
    return $result;
  }
  $result->status['msg'] = 'An error occurred during getting token';
  $result->status['status'] = tl::ERROR;

  return $result;
}