FEAT #6207 User Creation if does not exist

apps/maarch_entreprise/ozwilloConnect.php

@@ -13,35 +13,32 @@ if (!empty($_SESSION['ozwillo']['code']) && !empty($_SESSION['ozwillo']['state']
 $oidc = new OpenIDConnectClient($ozwilloConfig['uri'], $ozwilloConfig['clientId'], $ozwilloConfig['clientSecret']);
 $oidc->addScope('openid');
 $oidc->addScope('email');
+$oidc->addScope('profile');
 $oidc->authenticate();
 
-$userId = $oidc->requestUserInfo('email');
-$user = \Core\Models\UserModel::getById(['userId' => $userId]);
+$idToken = $oidc->getIdTokenPayload();
+if (empty($idToken->app_user) && empty($idToken->app_admin)) {
+    echo '<br>Utilisateur non autorisé';
+    exit;
+}
+
+$profile = $oidc->requestUserInfo();
+$user = \Core\Models\UserModel::getByUserId(['userId' => $idToken->sub]);
 
 if (empty($user)) {
-    echo '<br>' . _USER_NOT_EXIST;
-    exit;
+    $firstname = empty($profile->given_name) ? 'utilisateur' : $profile->given_name;
+    $lastname = empty($profile->family_name) ? 'utilisateur' : $profile->family_name;
+    \Core\Models\UserModel::create(['user' => ['userId' => $idToken->sub, 'firstname' => $firstname, 'lastname' => $lastname, 'changePassword' => 'N']]);
+    $user = \Core\Models\UserModel::getByUserId(['userId' => $idToken->sub]);
+    \Core\Models\UserModel::addGroup(['id' => $user['id'], 'groupId' => 'AGENT']);
+    \Core\Models\UserModel::addEntity(['id' => $user['id'], 'entityId' => 'VILLE', 'primaryEntity' => 'Y']);
 }
 
-$_SESSION['ozwillo']['userId'] = $userId;
+$_SESSION['ozwillo']['userId'] =  $idToken->sub;
 $_SESSION['ozwillo']['accessToken'] = $oidc->getAccessToken();
 unset($_REQUEST['code']);
 unset($_REQUEST['state']);
 
+header("location: log.php");
 $trace = new history();
-if ($restMode) {
-    $_SESSION['error'] = '';
-    $security = new security();
-    $pass = $security->getPasswordHash('maarch');
-    $res  = $security->login($userId, $pass);
-
-    $_SESSION['user'] = $res['user'];
-    if (!empty($res['error'])) {
-        $_SESSION['error'] = $res['error'];
-    }
-
-    $trace->add('users', $userId, 'LOGIN', 'userlogin', 'Ozwillo Connection', $_SESSION['config']['databasetype'], 'ADMIN', false);
-} else {
-    header("location: log.php");
-    $trace->add('users', $userId, 'LOGIN', 'userlogin', 'Ozwillo Connection', $_SESSION['config']['databasetype'], 'ADMIN', false);
-}
+$trace->add('users', $idToken->sub, 'LOGIN', 'userlogin', 'Ozwillo Connection', $_SESSION['config']['databasetype'], 'ADMIN', false);

core/Models/UserModelAbstract.php

@@ -57,7 +57,7 @@ class UserModelAbstract
     {
         ValidatorModel::notEmpty($aArgs, ['user']);
         ValidatorModel::notEmpty($aArgs['user'], ['userId', 'firstname', 'lastname']);
-        ValidatorModel::stringType($aArgs['user'], ['userId', 'firstname', 'lastname', 'mail', 'initials', 'thumbprint', 'phone']);
+        ValidatorModel::stringType($aArgs['user'], ['userId', 'firstname', 'lastname', 'mail', 'initials', 'thumbprint', 'phone', 'changePassword']);
 
         DatabaseModel::insert([
             'table'         => 'users',
@@ -71,7 +71,7 @@ class UserModelAbstract
                 'thumbprint'        => $aArgs['user']['thumbprint'],
                 'enabled'           => 'Y',
                 'status'            => 'OK',
-                'change_password'   => 'Y',
+                'change_password'   => empty($aArgs['user']['changePassword']) ? 'Y' : $aArgs['user']['changePassword'],
                 'loginmode'         => 'standard',
                 'password'          => SecurityModel::getPasswordHash('maarch')
             ]

[Florian Azizian]

rendre paramétrage groupid et entityid dans ozwilloconfig