toArray();
$username = strtoupper($a['preferred_username']);
$username_lower = strtolower($a['preferred_username']);
if($type=='staff'){
return in_array($username_lower, array('swc', 'vansindata1'));
}
$check = '';
if($type=='mgr'){$check='M';
}elseif($type=='tech'){$check='T';}
if(!$check){return null;}
if(substr($username,1,1)===$check){
return true;
}
return false;
}
function is_mgr_student($KEYCLOAK_USER){
return is_keycloak_what_type_user($KEYCLOAK_USER, 'mgr');
}
function is_tech_student($KEYCLOAK_USER){
return is_keycloak_what_type_user($KEYCLOAK_USER, 'tech');
}
function is_internal_staff($KEYCLOAK_USER){
return is_keycloak_what_type_user($KEYCLOAK_USER, 'staff');
}
/*
https://id.testing.aiacademy.tw/auth/realms/aiacademy/protocol/openid-connect/auth?state=c11e6839d9fd0420d3fe443b53bd6f4e&scope=name%2Cemail&response_type=code&approval_prompt=auto&redirect_uri=http%3A%2F%2Ftestteststudents.aiacademy.tw%2Ftest_oauth2%2F1220%2F1.php&client_id=wordpress
https://id.testing.aiacademy.tw/auth/realms/aiacademy/protocol/openid-connect/auth
https://id.aiacademy.tw/auth/realms/aiacademy/.well-known/openid-configuration
*/
$URL_AFTER_LOGINED_OPENID = '/';
$ID_SERVER_DOMAIN = 'id.aiacademy.tw';
$KEYCLOAK_CLIENT_ID = 'mgr_aiacademy_tw';
$provider = new Stevenmaguire\OAuth2\Client\Provider\Keycloak([
#'authServerUrl' => 'https://id.testing.aiacademy.tw/auth/realms/aiacademy/account',
'authServerUrl' => 'https://'.$ID_SERVER_DOMAIN.'/auth',
'realm' => 'aiacademy',
'clientId' => $KEYCLOAK_CLIENT_ID,
#'clientSecret' => '8117f3e6-8ff8-4ccb-8fe4-03c32cdac02a',
#'clientSecret' => '64a67a14-e2a8-4b5e-b8a1-200f4bd87bb7',
'clientSecret' => '10bbfc98-b692-4521-93db-407bebe455f0',
#'redirectUri' => 'http://class.aiacademy.tw/', #<--- need ?
]);
#print_r($_SESSION); echo'
';
if(isset($_GET['student_logout'])){
unset($_SESSION['keycloak_user']);
if(defined('KEYCLOAK_COOKIE_KEY') and isset($_COOKIE[KEYCLOAK_COOKIE_KEY])){
unset($_COOKIE[KEYCLOAK_COOKIE_KEY]);
setcookie(KEYCLOAK_COOKIE_KEY, null, -1, '/');
}
}
if(isset($_GET['student_login'])){
if(isset($_SESSION['keycloak_user']) and $_SESSION['keycloak_user']){
$user = unserialize($_SESSION['keycloak_user']);
if($user){
$a = $user->toArray();
if(is_student_keycloak_user($a['preferred_username'])){
$URL_AFTER_LOGINED_OPENID = get_calendar_url($a['preferred_username']);
}
header('location:'.$URL_AFTER_LOGINED_OPENID.'?logined_before');exit();
}
}
if(!$user){
header('location: https://'.$ID_SERVER_DOMAIN.'/auth/realms/aiacademy/protocol/openid-connect/auth?client_id='.$KEYCLOAK_CLIENT_ID.'&response_type=code&aia_debug=1');
exit();
}
}
$GET_scope = isset($_GET['scope']) ? $_GET['scope'] : '';
$IS_NOT_GOOGLEAPI = strpos($GET_scope,'www.googleapis.com/auth/')===false;
if(isset($_GET['code']) and $IS_NOT_GOOGLEAPI){
# fail debug code file_put_contents(__DIR__.'/test_code.txt', "\nrefer: ".$_SERVER['HTTP_REFERER']."\ncode: ". $_GET['code']."\n\n", FILE_APPEND|LOCK_EX);
$keycloak_code = isset($_GET['code'])&&$_GET['code'] ? $_GET['code'] : '';
if(!$keycloak_code){
header('location: https://'.$ID_SERVER_DOMAIN.'/auth/realms/aiacademy/protocol/openid-connect/auth?client_id='.$KEYCLOAK_CLIENT_ID.'&response_type=code&aia_debug=2');
exit();
}
try {
$token = $provider->getAccessToken('authorization_code', [
'code' => $keycloak_code
]);
$user = $provider->getResourceOwner($token);
} catch (Exception $e) {
//pass
}
if(!$token or !$user){
header('location: https://'.$ID_SERVER_DOMAIN.'/auth/realms/aiacademy/protocol/openid-connect/auth?client_id='.$KEYCLOAK_CLIENT_ID.'&response_type=code&aia_debug=3');
exit();
}else{
$_SESSION['keycloak_user'] = serialize($user);
$a = $user->toArray();
if(is_student_keycloak_user($a['preferred_username'])){
$URL_AFTER_LOGINED_OPENID = get_calendar_url($a['preferred_username']);
}
header('location:'.$URL_AFTER_LOGINED_OPENID.'?logined_just_now');
exit();
}
}
$KEYCLOAK_USER = isset($_SESSION['keycloak_user']) && $_SESSION['keycloak_user'] ? unserialize($_SESSION['keycloak_user']) : null;
if(0){
echo('the following is modified from github.com/stevenmaguire/oauth2-keycloak/');
if (!isset($_GET['code'])) {
// If we don't have an authorization code then get one
$authUrl = $provider->getAuthorizationUrl();
$_SESSION['oauth2state'] = $provider->getState();
header('Location: '.$authUrl);
exit;
/*
// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {
unset($_SESSION['oauth2state']);
exit('Invalid state, make sure HTTP sessions are enabled.');
*/
} else {
// Try to get an access token (using the authorization coe grant)
try {
$token = $provider->getAccessToken('authorization_code', [
'code' => $_GET['code']
]);
} catch (Exception $e) {
exit('Failed to get access token: '.$e->getMessage());
}
// Optional: Now you have a token you can look up a users profile data
try {
// We got an access token, let's now get the user's details
$user = $provider->getResourceOwner($token);
// Use these details to create a new profile
printf('Hello %s!', $user->getName());
} catch (Exception $e) {
exit('Failed to get resource owner: '.$e->getMessage());
}
// Use this to interact with an API on the users behalf
$token_value = $token->getToken();
echo '
'.$token_value;
if(isset($user)){
echo'
';
echo $user->getId();
echo'
';
echo $user->getEmail();
echo'
';
echo $user->getName();
echo '
';
echo $_SESSION['keycloak_token'] = $token_value;
}
echo '
';
}
}//end of if(0)