diff --git a/apps/maarch_entreprise/index.php b/apps/maarch_entreprise/index.php
index 542fbc71e0bbdf5d15bb2439f11d48196070b687..075409905d4e20549edd22d8abc88d1c9caa9c75 100755
--- a/apps/maarch_entreprise/index.php
+++ b/apps/maarch_entreprise/index.php
@@ -168,12 +168,12 @@ if (
. $_SESSION['user']['UserId'] . '%' . $_SESSION['user']['UserId']
. '%' . date('dmYHmi') . '%'
);
+}
- // $db->query(
- // 'UPDATE ' . $_SESSION['tablename']['users']
- // . " SET cookie_key = ?, cookie_date = CURRENT_TIMESTAMP WHERE user_id = ? and mail = ?",
- // array($key, $_SESSION['user']['UserId'], $_SESSION['user']['Mail']),1
- // );
+//Ozwillo
+if (!empty($_REQUEST['code']) && !empty($_REQUEST['state'])) {
+ $_SESSION['ozwillo']['code'] = $_REQUEST['code'];
+ $_SESSION['ozwillo']['state'] = $_REQUEST['state'];
}
if (
diff --git a/apps/maarch_entreprise/log.php b/apps/maarch_entreprise/log.php
index 7ba922e4a829584d5df3ffee0dd79ba0613d9488..274cee2d71915e7b45c8e98538572c5370c8755b 100755
--- a/apps/maarch_entreprise/log.php
+++ b/apps/maarch_entreprise/log.php
@@ -56,7 +56,9 @@ if(isset($_SESSION['web_cas_url'])){
}
$_REQUEST['pass'] = 'maarch';
-
+} else if (!empty($_SESSION['ozwillo']['userId'])) {
+ $login = $_SESSION['ozwillo']['userId'];
+ $_REQUEST['pass'] = 'maarch';
} else if (isset($_REQUEST['login'])) {
$login = $func->wash($_REQUEST['login'], 'no', _THE_ID, 'yes');
} else {
diff --git a/apps/maarch_entreprise/logout.php b/apps/maarch_entreprise/logout.php
index 958912d67e19292b764db1af2ea310df0986ece1..3217be5282f5ad0739e56d3fb7e2040085ab07a2 100755
--- a/apps/maarch_entreprise/logout.php
+++ b/apps/maarch_entreprise/logout.php
@@ -64,12 +64,15 @@ if(isset($_SESSION['web_sso_url'])){
} else if(isset($_SESSION['web_cas_url'])){
$webSSOurl = $_SESSION['web_cas_url'];
}
+if(!empty($_SESSION['ozwillo']['accessToken'])){
+ $accessToken = $_SESSION['ozwillo']['accessToken'];
+}
session_unset();
session_destroy(); // Suppression physique de la session
unset($_SESSION['sessionName']);
-$_SESSION = array();
+$_SESSION = [];
$_SESSION['custom_override_id'] = $custom;
$_SESSION['config']['corepath'] = $corePath ;
$_SESSION['config']['app_id'] = $appId ;
@@ -83,6 +86,10 @@ if (isset($_GET['logout']) && $_GET['logout']) {
if(isset($webSSOurl) && $webSSOurl <> ''){
header("location: " . $webSSOurl );
exit();
+} else if (!empty($accessToken)) {
+ $ozwilloConfig = \Core\Models\CoreConfigModel::getOzwilloConfiguration();
+ $oidc = new OpenIDConnectClient($ozwilloConfig['uri'], $ozwilloConfig['clientId'], $ozwilloConfig['clientSecret']);
+ $oidc->signOut($accessToken, null);
} else {
header(
"location: " . $appUrl . "index.php?display=true&page=login"
diff --git a/apps/maarch_entreprise/ozwilloConnect.php b/apps/maarch_entreprise/ozwilloConnect.php
new file mode 100644
index 0000000000000000000000000000000000000000..9793b8897f9887449597a39d92dd31b2800d4b92
--- /dev/null
+++ b/apps/maarch_entreprise/ozwilloConnect.php
@@ -0,0 +1,47 @@
+<?php
+
+require 'vendor/autoload.php';
+
+$ozwilloConfig = \Core\Models\CoreConfigModel::getOzwilloConfiguration();
+
+if (!empty($_SESSION['ozwillo']['code']) && !empty($_SESSION['ozwillo']['state'])) {
+ $_REQUEST['code'] = $_SESSION['ozwillo']['code'];
+ $_REQUEST['state'] = $_SESSION['ozwillo']['state'];
+ $_SESSION['ozwillo'] = null;
+}
+
+$oidc = new OpenIDConnectClient($ozwilloConfig['uri'], $ozwilloConfig['clientId'], $ozwilloConfig['clientSecret']);
+$oidc->addScope('openid');
+$oidc->addScope('email');
+$oidc->authenticate();
+
+$userId = $oidc->requestUserInfo('email');
+$user = \Core\Models\UserModel::getById(['userId' => $userId]);
+
+if (empty($user)) {
+ echo '<br>' . _USER_NOT_EXIST;
+ exit;
+}
+
+$_SESSION['ozwillo']['userId'] = $userId;
+$_SESSION['ozwillo']['accessToken'] = $oidc->getAccessToken();
+unset($_REQUEST['code']);
+unset($_REQUEST['state']);
+
+$trace = new history();
+if ($restMode) {
+ $_SESSION['error'] = '';
+ $security = new security();
+ $pass = $security->getPasswordHash('maarch');
+ $res = $security->login($userId, $pass);
+
+ $_SESSION['user'] = $res['user'];
+ if (!empty($res['error'])) {
+ $_SESSION['error'] = $res['error'];
+ }
+
+ $trace->add('users', $userId, 'LOGIN', 'userlogin', 'Ozwillo Connection', $_SESSION['config']['databasetype'], 'ADMIN', false);
+} else {
+ header("location: log.php");
+ $trace->add('users', $userId, 'LOGIN', 'userlogin', 'Ozwillo Connection', $_SESSION['config']['databasetype'], 'ADMIN', false);
+}
diff --git a/apps/maarch_entreprise/xml/login_method.xml b/apps/maarch_entreprise/xml/login_method.xml
index 59ff4d4787be3c055fbfb093c23b45d18edc05b7..c712aa045ce37ad6041230359434ea7fbe146fd6 100755
--- a/apps/maarch_entreprise/xml/login_method.xml
+++ b/apps/maarch_entreprise/xml/login_method.xml
@@ -24,4 +24,10 @@
<SCRIPT>cas_connect.php</SCRIPT>
<ENABLED>true</ENABLED>
</METHOD> -->
+ <!--<METHOD>-->
+ <!--<ID>ozwillo</ID>-->
+ <!--<NAME>Ozwillo</NAME>-->
+ <!--<SCRIPT>ozwilloConnect.php</SCRIPT>-->
+ <!--<ENABLED>true</ENABLED>-->
+ <!--</METHOD>-->
</ROOT>
diff --git a/apps/maarch_entreprise/xml/ozwilloConfig.xml b/apps/maarch_entreprise/xml/ozwilloConfig.xml
new file mode 100644
index 0000000000000000000000000000000000000000..9d5c7fc76ea4325e3297e510b09aff50e094cabb
--- /dev/null
+++ b/apps/maarch_entreprise/xml/ozwilloConfig.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<ROOT>
+ <URI>https://accounts.ozwillo-preprod.eu/</URI>
+ <CLIENT_ID>db8aa58f-e578-4ad9-96c6-47d95faa5c65</CLIENT_ID>
+ <CLIENT_SECRET>P4RO8tUhERQLWFIuqVvgtPPaoY16jtZ+4bUTI94AzzM</CLIENT_SECRET>
+</ROOT>
diff --git a/composer.json b/composer.json
index adbdb30c8146199defe6d2d7be6f62136a97f205..38bce39374a68153f0bef2539f752e189cd88193 100755
--- a/composer.json
+++ b/composer.json
@@ -16,6 +16,7 @@
"slim/slim": "^3.8",
"respect/validation": "^1.1",
"php-http/curl-client": "^1.7",
- "m4tthumphrey/php-gitlab-api": "dev-master"
+ "m4tthumphrey/php-gitlab-api": "dev-master",
+ "jumbojett/openid-connect-php": "^0.3.0"
}
}