forked from MarcoLodini/MantisAzureOauth
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathMantisAzureOauth.php
More file actions
131 lines (107 loc) · 3.86 KB
/
Copy pathMantisAzureOauth.php
File metadata and controls
131 lines (107 loc) · 3.86 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
<?php
class MantisAzureOauthPlugin extends MantisPlugin {
var $cmv_pages;
var $current_page;
function register() {
$this->name = 'Azure SSO Authentication Module';
$this->description = 'Azure SSO authentication to MantisBT.';
$this->page = 'config';
$this->version = '1.0';
$this->requires = array(
'MantisCore' => '2.0.0',
);
$this->author = 'Ugleiton, Dev4Side Software Team';
$this->contact = 'ugletion@gmail.com, info@dev4side.com';
$this->url = 'https://github.com/dev4side/MantisEntraOauth';
}
// Define the default settings for the plugin
function config() {
return array(
'tenantId' => '',
'clientId' => '',
'clientSecret' => '',
'redirectUri' => '',
'blockedUsersStandardLogin' => '',
'blockedDomainsStandardLogin' => '',
);
}
function init() {
$this->cmv_pages = array(
'login_page.php',
'login_password_page.php'
);
$this->current_page = basename( $_SERVER['PHP_SELF'] );
}
// Hook to add the login button to the main menu of MantisBT
function hooks() {
return array(
'EVENT_LAYOUT_RESOURCES' => 'add_azure_login_button',
'EVENT_AUTH_USER_FLAGS' => 'check_authentication',
);
}
function check_authentication( $p_event, $p_args ) {
$p_username = $p_args['username'];
// Get list of users allowed to use standard login
$blocked_users = plugin_config_get('blockedUsersStandardLogin', '');
$blocked_domains = plugin_config_get('blockedDomainsStandardLogin', '');
$blocked_users_array = array_map('trim', explode(',', $blocked_users));
$blocked_domains_array = array_map('trim', explode(',', $blocked_domains));
$t_flags = new AuthFlags();
// Check if user is from a blocked domain
$domain = '';
if (strpos($p_username, '@') !== false) {
list($user, $domain) = explode('@', $p_username);
// If user's domain is in the blocked list, disable standard login
if (in_array(strtolower($domain), $blocked_domains_array)) {
$t_flags->setCanUseStandardLogin( false );
$t_flags->setPasswordManagedExternallyMessage( plugin_lang_get('passwordManagedElsewhereMessage') );
# No long term session for identity provider to be able to kick users out.
$t_flags->setPermSessionEnabled( false );
# Enable re-authentication and use more aggressive timeout.
$t_flags->setReauthenticationEnabled( true );
$t_flags->setReauthenticationLifetime( 3600 );
return $t_flags;
}
}
// NEW LOGIC (lets people in locally by default)
// This is coherent with the domain blocking logic above
if (!empty($blocked_users) && in_array($p_username, $blocked_users_array)) {
$t_flags->setCanUseStandardLogin( false );
}
//TODO: Add option to use B2C capabilities
return $t_flags;
}
// Adds the Azure login button to the main menu
function add_azure_login_button() {
//return array('<a href="' . plugin_page("auth") . '">Login with Azure</a>');
if ( ! in_array( $this->current_page, $this->cmv_pages ) ) {
return '';
}
return '
<meta name="azureauthuri" content="' . substr(config_get('path'), 0, -1).plugin_page('auth') . '" />
<meta name="microsoftlogo" content="' . plugin_file("microsoft-logo.png") . '" />
<meta name="microsoftlogintext" content="' . plugin_lang_get('microsoftLoginText') . '" />
<style>
.btn-microsoft {
background-color: #fff;
color: #000;
padding: 10px 27px;
border: none;
border-radius: 5px;
font-size: 14px;
cursor: pointer;
text-align: center;
display: inline-block;
text-decoration: none;
}
.btn-microsoft i {
margin-right: 8px;
}
.btn-microsoft:hover {
background-color: #cdcdcd;
}
</style>
<script type="text/javascript" src="'.plugin_file("plugin.js").'"></script>
';
}
}