diff --git a/auth/oauth2/linkedin_login.php b/auth/oauth2/linkedin_login.php index 2c64969c6e03d78549090327a7af3cc67fa5b61a..ac03db4e5ed33b4aad2be905ecd50260d99b8a47 100644 --- a/auth/oauth2/linkedin_login.php +++ b/auth/oauth2/linkedin_login.php @@ -34,7 +34,7 @@ $url = "https://www.linkedin.com/oauth/v2/authorization?response_type=code"; $url .= "&client_id=" . $LinkedIn['id']; $url .= "&redirect_uri=" . $LinkedIn['callback']; $url .= "&state=789654123"; -$url .= "&scope=r_basicprofile r_emailaddress"; +$url .= "&scope=r_liteprofile%20r_emailaddress%20w_member_social"; header("Location: $url"); ?> diff --git a/auth/oauth2/linkedin_token.php b/auth/oauth2/linkedin_token.php index 64a564733dcc1ddd1d79c8cfa1ba866aaf0e2046..c35a7d248bfa6ca661ae803a7865ae6f3dd025e8 100644 --- a/auth/oauth2/linkedin_token.php +++ b/auth/oauth2/linkedin_token.php @@ -82,7 +82,7 @@ if ($info1['http_code'] === 200) { // Call to API $conn2 = curl_init(); -curl_setopt($conn2, CURLOPT_URL, "https://api.linkedin.com/v1/people/~:(first-name,last-name,email-address,id)?format=json"); +curl_setopt($conn2, CURLOPT_URL, "https://api.linkedin.com/v2/me"); curl_setopt($conn2, CURLOPT_HTTPHEADER, array( 'Authorization: Bearer ' . $access_token )); @@ -107,13 +107,41 @@ if ($info2['http_code'] === 200) { $user = $userHandler->findUserByIdentity(RAP\Identity::LINKEDIN, $typedId); if ($user === null) { + + // Recall to API for email + $conn2 = curl_init(); + curl_setopt($conn2, CURLOPT_URL, "https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))"); + curl_setopt($conn2, CURLOPT_HTTPHEADER, array( + 'Authorization: Bearer ' . $access_token + )); + + curl_setopt($conn2, CURLOPT_RETURNTRANSFER, true); + $result = curl_exec($conn2); + $info2 = curl_getinfo($conn2); + + if ($info2['http_code'] === 200) { + $data2 = json_decode($result, TRUE); + + curl_close($conn2); + + if (isset($data['errorCode'])) { + $errorMessage = $data['message']; + die($errorMessage); + } + } else { + //show information regarding the error + $errorMessage = "Error: LinkedIn server response code: " . $info2['http_code'] . " - "; + $errorMessage = $errorMessage . curl_error($conn2); + curl_close($conn2); + die($errorMessage); + } // Create new user $user = new RAP\User(); $identity = new RAP\Identity(RAP\Identity::LINKEDIN); - $identity->email = $data['emailAddress']; - $identity->name = $data['firstName']; - $identity->surname = $data['lastName']; + $identity->email = $data2['elements'][0]['handle~']['emailAddress']; + $identity->name = $data['localizedFirstName']; + $identity->surname = $data['localizedLastName']; $identity->typedId = $typedId; $user->addIdentity($identity); diff --git a/classes/CallbackHandler.php b/classes/CallbackHandler.php index dfd6c5d935ea772fb6bbe867ec4ad96615fbf7a4..7fa4718f3bbc688259837928fd2bd0d627acdb2b 100644 --- a/classes/CallbackHandler.php +++ b/classes/CallbackHandler.php @@ -91,6 +91,27 @@ class CallbackHandler { return null; } + /** + * Each callback has a title,a logo and auth in order to avoid confusion in + * user and show in which application they are logging in using RAP. + * @param type $callbackURL + * @return type the callback auth or null if the callback URL is not listed + * in configuration file or it doesn't have a auth. + */ + public function getCallbackAuth($callbackURL) { + + foreach ($this->callbacks as $callback) { + if ($callback['url'] === $callbackURL) { + if (array_key_exists('auth', $callback)) { + return $callback['auth']; + } else { + return null; + } + } + } + + return null; + } public function manageLoginRedirect($user, SessionData $session) { if ($session->getCallbackURL() === null) { diff --git a/classes/SessionData.php b/classes/SessionData.php index ef5c8a8f410f45c46f79bfa2a8ca548081821c73..97f0d25b831f27c53a7d53a5f66e6937bb908bf7 100644 --- a/classes/SessionData.php +++ b/classes/SessionData.php @@ -34,6 +34,7 @@ class SessionData { private $callbackURL; private $callbackTitle; private $callbackLogo; + private $callbackAuth; public $user; public $userSearchResults; public $x509DataToRegister; @@ -75,6 +76,7 @@ class SessionData { $this->callbackURL = $callbackHandler->filterCallbackURL($callbackURL); $this->callbackTitle = $callbackHandler->getCallbackTitle($callbackURL); $this->callbackLogo = $callbackHandler->getCallbackLogo($callbackURL); + $this->callbackAuth = $callbackHandler->getCallbackAuth($callbackURL); $this->save(); } @@ -90,6 +92,10 @@ class SessionData { return $this->callbackLogo; } + public function getCallbackAuth() { + return $this->callbackAuth; + } + /** * Perform a user search and store the results inside the session. This is * used for achieving the user selection using the dropdown menu in the join diff --git a/views/index.php b/views/index.php index ebcc6d96c47ac5b80f4f3c2e137ca99b7a99a938..774a7d85ab98a2e7bd5abbd58aa59a5bfe56972e 100644 --- a/views/index.php +++ b/views/index.php @@ -18,9 +18,16 @@ include 'include/header.php'; </h1> </div> </div> + + <?php + if ($session->getCallbackAuth() != null) { + $authType = $session->getCallbackAuth(); + } + ?> <div class="row" id="auth-panel"> <div class="col-xs-12 text-center"> - <?php if (isset($auth['eduGAIN'])) { ?> + <?php if (isset($auth['eduGAIN']) and + ( !isset($authType) or in_array('eduGAIN', $authType))) { ?> <div class="home-box"> <div class="img-wrapper"> <a href="edugain?callback=<?php echo $session->getCallbackURL(); ?>"> @@ -33,26 +40,60 @@ include 'include/header.php'; <?php if (isset($auth['Google']) || isset($auth['Facebook']) || isset($auth['LinkedIn'])) { ?> <div class="home-box"> <div class="img-wrapper"> - <?php if (isset($auth['Google'])) { ?> + <?php if (isset($auth['Google']) and + ( !isset($authType) or + in_array('Google', $authType))) { ?> <a href="google?callback=<?php echo $session->getCallbackURL(); ?>" class="animated pulse"> + <?php if ((isset($auth['Facebook']) and + ( !isset($authType) or + in_array('Facebook', $authType))) or + (isset($auth['LinkedIn']) and + ( !isset($authType) or + in_array('LinkedIn', $authType)))) { ?> <img src="img/google-60.png" alt="Google Logo" /> </a> - <?php } ?> - <?php if (isset($auth['Facebook'])) { ?> + <?php } else {?> + <img src="img/google-200.png" alt="Google Logo" /> + </a> + <?php } } ?> + <?php if (isset($auth['Facebook']) and + ( !isset($authType) or + in_array('Facebook', $authType))) { ?> <a href="facebook?callback=<?php echo $session->getCallbackURL(); ?>"> + <?php if ((isset($auth['Google']) and + ( !isset($authType) or + in_array('Google', $authType))) or + (isset($auth['LinkedIn']) and + ( !isset($authType) or + in_array('LinkedIn', $authType)))) { ?> <img src="img/facebook-60.png" alt="Facebook Logo" /> </a> - <?php } ?> - <?php if (isset($auth['LinkedIn'])) { ?> + <?php } else {?> + <img src="img/facebook-200.png" alt="Facebook Logo" /> + </a> + <?php } } ?> + <?php if (isset($auth['LinkedIn']) and + ( !isset($authType) or + in_array('LinkedIn', $authType))) { ?> <a href="linkedin?callback=<?php echo $session->getCallbackURL(); ?>"> + <?php if ((isset($auth['Facebook']) and + ( !isset($authType) or + in_array('Facebook', $authType))) or + (isset($auth['Google']) and + ( !isset($authType) or + in_array('Google', $authType)))) { ?> <img src="img/linkedin-60.png" alt="LinkedIn Logo" /> </a> - <?php } ?> + <?php } else {?> + <img src="img/linkedin-200.png" alt="LinkedIn Logo" /> + </a> + <?php } } ?> </div> Use these Logos to Login or Register to the RAP facility with your social identity </div> <?php } ?> - <?php if (isset($auth['X.509'])) { ?> + <?php if (isset($auth['X.509']) and + ( !isset($authType) or in_array('X.509', $authType))) { ?> <div class="home-box"> <div class="img-wrapper"> <a href="x509?callback=<?php echo $session->getCallbackURL(); ?>"> @@ -62,7 +103,8 @@ include 'include/header.php'; Use the X.509 Logo to Login with your personal certificate (IGTF and TERENA-TACAR, are allowed). </div> <?php } ?> - <?php if (isset($auth['DirectIdP'])) { ?> + <?php if (isset($auth['DirectIdP']) and (!isset($authType) or + in_array('DirectIdP', $authType))) { ?> <div class="home-box"> <div class="img-wrapper"> <a href="direct?callback=<?php echo $session->getCallbackURL(); ?>">