Skip to content
Snippets Groups Projects
Verified Commit 5f1e82c0 authored by Andrej Ramašeuski's avatar Andrej Ramašeuski
Browse files

Initial commit

parents
Branches
No related tags found
No related merge requests found
Pipeline #200 passed
Stage: build
Show whitespace changes
Inline Side-by-side
Showing
with 945 additions and 0 deletions
.gitlab-ci.yml 0 → 100644
+ 17
0
View file @ 5f1e82c0
image: docker:19.03.1
variables:
DOCKER_TLS_CERTDIR: "/certs"
IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
services:
- docker:19.03.1-dind
before_script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
build:
stage: build
script:
- docker build -t $IMAGE_TAG .
- docker push $IMAGE_TAG
Dockerfile 0 → 100644
+ 4
0
View file @ 5f1e82c0
FROM matomo:3.13.2
MAINTAINER Andrej Ramašeuski <andrej.ramaseuski@pirati.cz>
COPY LoginOIDC /var/www/html/plugins/LoginOIDC
LoginOIDC/Controller.php 0 → 100644
+ 381
0
View file @ 5f1e82c0
<?php
/**
* Piwik - free/libre analytics platform
*
* @link http://piwik.org
* @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
*/
namespace Piwik\Plugins\LoginOIDC;
use Exception;
use Piwik\Access;
use Piwik\Auth;
use Piwik\Common;
use Piwik\Container\StaticContainer;
use Piwik\Db;
use Piwik\Nonce;
use Piwik\Piwik;
use Piwik\Plugins\UsersManager\API as UsersManagerAPI;
use Piwik\Plugins\UsersManager\Model;
use Piwik\Session\SessionInitializer;
use Piwik\Url;
use Piwik\View;
class Controller extends \Piwik\Plugin\Controller
{
/**
* Name of the none used in forms by this plugin.
*
* @var string
*/
const OIDC_NONCE = "LoginOIDC.nonce";
/**
* Auth implementation to login users.
* https://developer.matomo.org/api-reference/Piwik/Auth
*
* @var Auth
*/
protected $auth;
/**
* Initializes authenticated sessions.
*
* @var SessionInitializer
*/
protected $sessionInitializer;
/**
* Constructor.
*
* @param Auth $auth
* @param SessionInitializer $sessionInitializer
*/
public function __construct(Auth $auth = null, SessionInitializer $sessionInitializer = null)
{
parent::__construct();
if (empty($auth)) {
$auth = StaticContainer::get("Piwik\Auth");
}
$this->auth = $auth;
if (empty($sessionInitializer)) {
$sessionInitializer = new SessionInitializer();
}
$this->sessionInitializer = $sessionInitializer;
}
/**
* Render the custom user settings layout.
*
* @return string
*/
public function userSettings() : string
{
$providerUser = $this->getProviderUser("oidc");
return $this->renderTemplate("userSettings", array(
"isLinked" => !empty($providerUser),
"remoteUserId" => $providerUser["provider_user"],
"nonce" => Nonce::getNonce(self::OIDC_NONCE)
));
}
/**
* Render the oauth login button.
*
* @return string
*/
public function loginMod() : string
{
$settings = new \Piwik\Plugins\LoginOIDC\SystemSettings();
return $this->renderTemplate("loginMod", array(
"caption" => $settings->authenticationName->getValue(),
"nonce" => Nonce::getNonce(self::OIDC_NONCE)
));
}
/**
* Remove link between the currently signed user and the remote user.
*
* @return void
*/
public function unlink()
{
if ($_SERVER["REQUEST_METHOD"] !== "POST") {
throw new Exception(Piwik::translate("LoginOIDC_MethodNotAllowed"));
}
// csrf protection
Nonce::checkNonce(self::OIDC_NONCE, $_POST["form_nonce"]);
$sql = "DELETE FROM " . Common::prefixTable("loginoidc_provider") . " WHERE user=? AND provider=?";
$bind = array(Piwik::getCurrentUserLogin(), "oidc");
Db::query($sql, $bind);
$this->redirectToIndex("UsersManager", "userSettings");
}
/**
* Redirect to the authorize url of the remote oauth service.
*
* @return void
*/
public function signin()
{
if ($_SERVER["REQUEST_METHOD"] !== "POST") {
throw new Exception(Piwik::translate("LoginOIDC_MethodNotAllowed"));
}
// csrf protection
Nonce::checkNonce(self::OIDC_NONCE, $_POST["form_nonce"]);
$settings = new \Piwik\Plugins\LoginOIDC\SystemSettings();
if (!$this->isPluginSetup($settings)) {
throw new Exception(Piwik::translate("LoginOIDC_ExceptionNotConfigured"));
}
$_SESSION["loginoidc_state"] = $this->generateKey(32);
$params = array(
"client_id" => $settings->clientId->getValue(),
"scope" => $settings->scope->getValue(),
"redirect_uri"=> $this->getRedirectUri(),
"state" => $_SESSION["loginoidc_state"],
"response_type" => "code"
);
$url = $settings->authorizeUrl->getValue();
$url .= (parse_url($url, PHP_URL_QUERY) ? "&" : "?") . http_build_query($params);
Url::redirectToUrl($url);
}
/**
* Handle callback from oauth service.
* Verify callback code, exchange for authorization token and fetch userinfo.
*
* @return void
*/
public function callback()
{
$settings = new \Piwik\Plugins\LoginOIDC\SystemSettings();
if (!$this->isPluginSetup($settings)) {
throw new Exception(Piwik::translate("LoginOIDC_ExceptionNotConfigured"));
}
if ($_SESSION["loginoidc_state"] !== Common::getRequestVar("state")) {
throw new Exception(Piwik::translate("LoginOIDC_ExceptionStateMismatch"));
} else {
unset($_SESSION["loginoidc_state"]);
}
if (Common::getRequestVar("provider") !== "oidc") {
throw new Exception(Piwik::translate("LoginOIDC_ExceptionUnknownProvider"));
}
// payload for token request
$data = array(
"client_id" => $settings->clientId->getValue(),
"client_secret" => $settings->clientSecret->getValue(),
"code" => Common::getRequestVar("code"),
"redirect_uri" => $this->getRedirectUri(),
"grant_type" => "authorization_code",
"state" => Common::getRequestVar("state")
);
$dataString = http_build_query($data);
$curl = curl_init();
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, $dataString);
curl_setopt($curl, CURLOPT_HTTPHEADER, array(
"Content-Type: application/x-www-form-urlencoded",
"Content-Length: " . strlen($dataString),
"Accept: application/json",
"User-Agent: LoginOIDC-Matomo-Plugin"
));
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_URL, $settings->tokenUrl->getValue());
// request authorization token
$response = curl_exec($curl);
curl_close($curl);
$result = json_decode($response);
if (empty($result) || empty($result->access_token)) {
throw new Exception(Piwik::translate("LoginOIDC_ExceptionInvalidResponse"));
}
$curl = curl_init();
curl_setopt($curl, CURLOPT_HTTPHEADER, array(
"Authorization: Bearer " . $result->access_token,
"Accept: application/json",
"User-Agent: LoginOIDC-Matomo-Plugin"
));
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_URL, $settings->userinfoUrl->getValue());
// request remote userinfo and remote user id
$response = curl_exec($curl);
curl_close($curl);
$result = json_decode($response);
$userinfoId = $settings->userinfoId->getValue();
$providerUserId = $result->$userinfoId;
if (empty($providerUserId)) {
throw new Exception(Piwik::translate("LoginOIDC_ExceptionInvalidResponse"));
}
$user = $this->getUserByRemoteId("oidc", $providerUserId);
if (empty($user)) {
// user with the remote id is currently not in our database
if (Piwik::isUserIsAnonymous()) {
if ($settings->allowSignup->getValue()) {
if (empty($result->email)) {
throw new Exception(Piwik::translate("LoginOIDC_ExceptionUserNotFoundAndNoEmail"));
}
$matomoUserLogin = $result->email;
// Set an invalid pre-hashed password, to block the user from logging in by password
Access::getInstance()->doAsSuperUser(function () use ($matomoUserLogin, $result) {
UsersManagerApi::getInstance()->addUser($matomoUserLogin,
"(disallow password login)",
$result->email,
/* $alias = */ false,
/* $_isPasswordHashed = */ true);
});
$userModel = new Model();
$user = $userModel->getUser($matomoUserLogin);
$this->linkAccount($providerUserId, $matomoUserLogin);
$this->signinAndRedirect($user);
} else {
throw new Exception(Piwik::translate("LoginOIDC_ExceptionUserNotFoundAndSignupDisabled"));
}
} else {
// link current user with the remote user
$this->linkAccount($providerUserId);
$this->redirectToIndex("UsersManager", "userSettings");
}
} else {
// users identity has been successfully confirmed by the remote oidc server
if (Piwik::isUserIsAnonymous()) {
if ($settings->disableSuperuser->getValue() && Piwik::hasTheUserSuperUserAccess($user["login"])) {
throw new Exception(Piwik::translate("LoginOIDC_ExceptionSuperUserOauthDisabled"));
} else {
$this->signinAndRedirect($user);
}
} else {
Url::redirectToUrl("index.php");
}
}
}
/**
* Create a link between the remote user and the currently signed in user.
*
* @param string $providerUserId
* @param string $matomoUserLogin Override the local user if non-null
* @return void
*/
private function linkAccount(string $providerUserId, string $matomoUserLogin = null)
{
if ($matomoUserLogin === null) {
$matomoUserLogin = Piwik::getCurrentUserLogin();
}
$sql = "INSERT INTO " . Common::prefixTable("loginoidc_provider") . " (user, provider_user, provider, date_connected) VALUES (?, ?, ?, ?)";
$bind = array($matomoUserLogin, $providerUserId, "oidc", date("Y-m-d H:i:s"));
Db::query($sql, $bind);
}
/**
* Determine if all the required settings have been setup.
*
* @param SystemSettings $settings
* @return bool
*/
private function isPluginSetup($settings) : bool
{
return !empty($settings->authorizeUrl->getValue())
&& !empty($settings->tokenUrl->getValue())
&& !empty($settings->userinfoUrl->getValue())
&& !empty($settings->clientId->getValue())
&& !empty($settings->clientSecret->getValue());
}
/**
* Sign in the given user and redirect to the front page.
*
* @param array $user
* @return void
*/
private function signinAndRedirect(array $user)
{
$this->auth->setLogin($user["login"]);
$this->auth->setTokenAuth($user["token_auth"]);
$this->sessionInitializer->initSession($this->auth);
Url::redirectToUrl("index.php");
}
/**
* Generate cryptographically secure random string.
*
* @param int $length
* @return string
*/
private function generateKey(int $length = 64) : string
{
// thanks ccbsschucko at gmail dot com
// http://docs.php.net/manual/pl/function.random-bytes.php#122766
$length = ($length < 4) ? 4 : $length;
return bin2hex(random_bytes(($length - ($length % 2)) / 2));
}
/**
* Generate the redirect url on which the oauth service has to redirect.
*
* @return string
*/
private function getRedirectUri() : string
{
$settings = new \Piwik\Plugins\LoginOIDC\SystemSettings();
if (!empty($settings->redirectUriOverride->getValue())) {
return $settings->redirectUriOverride->getValue();
} else {
$params = array(
"module" => "LoginOIDC",
"action" => "callback",
"provider" => "oidc"
);
return Url::getCurrentUrlWithoutQueryString() . "?" . http_build_query($params);
}
}
/**
* Fetch user from database given the provider and remote user id.
*
* @param string $provider
* @param string $remoteId
* @return array
*/
private function getUserByRemoteId($provider, $remoteId)
{
$sql = "SELECT user FROM " . Common::prefixTable("loginoidc_provider") . " WHERE provider=? AND provider_user=?";
$result = Db::fetchRow($sql, array($provider, $remoteId));
if (empty($result)) {
return $result;
} else {
$userModel = new Model();
return $userModel->getUser($result["user"]);
}
}
/**
* Fetch provider information for the currently signed in user.
*
* @param string $provider
* @return array
*/
private function getProviderUser($provider)
{
$sql = "SELECT user, provider_user, provider FROM " . Common::prefixTable("loginoidc_provider") . " WHERE provider=? AND user=?";
return Db::fetchRow($sql, array($provider, Piwik::getCurrentUserLogin()));
}
}
LoginOIDC/LoginOIDC.php 0 → 100644
+ 112
0
View file @ 5f1e82c0
<?php
/**
* Piwik - free/libre analytics platform
*
* @link http://piwik.org
* @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
*/
namespace Piwik\Plugins\LoginOIDC;
use Exception;
use Piwik\Common;
use Piwik\Db;
use Piwik\FrontController;
class LoginOIDC extends \Piwik\Plugin
{
/**
* Subscribe to Matomo events and assign handlers.
* https://developer.matomo.org/api-reference/Piwik/Plugin#registerevents
*
* @return array
*/
public function registerEvents() : array
{
return array(
"AssetManager.getStylesheetFiles" => "getStylesheetFiles",
"Template.userSettings.afterTokenAuth" => "renderLoginOIDCUserSettings",
"Template.loginNav" => "renderLoginOIDCMod"
);
}
/**
* Append additional stylesheets.
*
* @param array $files
* @return void
*/
public function getStylesheetFiles(array &$files)
{
$files[] = "plugins/LoginOIDC/stylesheets/loginMod.css";
}
/**
* Append custom user settings layout.
*
* @param string $out
* @return void
*/
public function renderLoginOIDCUserSettings(string &$out)
{
$content = FrontController::getInstance()->dispatch("LoginOIDC", "userSettings");
if (!empty($content)) {
$out .= $content;
}
}
/**
* Append login oauth button layout.
*
* @param string $out
* @param string|null $payload
* @return void
*/
public function renderLoginOIDCMod(string &$out, string $payload = null)
{
if (!empty($payload) && $payload === "bottom") {
$content = FrontController::getInstance()->dispatch("LoginOIDC", "loginMod");
if (!empty($content)) {
$out .= $content;
}
}
}
/**
* Extend database.
*
* @return void
*/
public function install()
{
try {
// right now there is just one provider but we already add a column to support multiple providers later on
$sql = "CREATE TABLE " . Common::prefixTable("loginoidc_provider") . " (
user VARCHAR( 100 ) NOT NULL,
provider_user VARCHAR( 255 ) NOT NULL,
provider VARCHAR( 255 ) NOT NULL,
date_connected TIMESTAMP NOT NULL,
PRIMARY KEY ( provider_user, provider ),
FOREIGN KEY ( user ) REFERENCES " . Common::prefixTable("user") . "( login ) ON DELETE CASCADE,
CONSTRAINT user_provider UNIQUE ( user, provider )
) DEFAULT CHARSET=utf8";
Db::exec($sql);
} catch(Exception $e) {
// ignore error if table already exists (1050 code is for 'table already exists')
if (!Db::get()->isErrNo($e, "1050")) {
throw $e;
}
}
}
/**
* Undo database changes from install.
*
* @return void
*/
public function uninstall()
{
Db::dropTables(Common::prefixTable("loginoidc_provider"));
}
}
LoginOIDC/SystemSettings.php 0 → 100644
+ 276
0
View file @ 5f1e82c0
<?php
/**
* Piwik - free/libre analytics platform
*
* @link http://piwik.org
* @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
*/
namespace Piwik\Plugins\LoginOIDC;
use Piwik\Piwik;
use Piwik\Settings\FieldConfig;
use Piwik\Settings\Plugin\SystemSetting;
use Piwik\Settings\Setting;
use Piwik\Validators\NotEmpty;
use Piwik\Validators\UrlLike;
class SystemSettings extends \Piwik\Settings\Plugin\SystemSettings
{
/**
* The disable superuser setting.
*
* @var bool
*/
public $disableSuperuser;
/**
* Whether new Matomo accounts should be created for unknown users
*
* @var bool
*/
public $allowSignup;
/**
* The name of the oauth provider, which is also shown on the login screen.
*
* @var string
*/
public $authenticationName;
/**
* The url where the external service authenticates the user.
*
* @var string
*/
public $authorizeUrl;
/**
* The url where an access token can be retreived (json response expected).
*
* @var string
*/
public $tokenUrl;
/**
* The url where the external service provides the users unique id (json response expected).
*
* @var string
*/
public $userinfoUrl;
/**
* The name of the unique user id field in $userinfoUrl response.
*
* @var string
*/
public $userinfoId;
/**
* The client id given by the provider.
*
* @var string
*/
public $clientId;
/**
* The client secret given by the provider.
*
* @var string
*/
public $clientSecret;
/**
* The oauth scopes.
*
* @var string
*/
public $scope;
/**
* The optional redirect uri override.
*
* @var string
*/
public $redirectUriOverride;
/**
* Initialize the plugin settings.
*
* @return void
*/
protected function init()
{
$this->disableSuperuser = $this->createDisableSuperuserSetting();
$this->allowSignup = $this->createAllowSignupSetting();
$this->authenticationName = $this->createAuthenticationNameSetting();
$this->authorizeUrl = $this->createAuthorizeUrlSetting();
$this->tokenUrl = $this->createTokenUrlSetting();
$this->userinfoUrl = $this->createUserinfoUrlSetting();
$this->userinfoId = $this->createUserinfoIdSetting();
$this->clientId = $this->createClientIdSetting();
$this->clientSecret = $this->createClientSecretSetting();
$this->scope = $this->createScopeSetting();
$this->redirectUriOverride = $this->createRedirectUriOverrideSetting();
}
/**
* Add disable superuser setting.
*
* @return SystemSetting
*/
private function createDisableSuperuserSetting() : SystemSetting
{
return $this->makeSetting("disableSuperuser", $default = false, FieldConfig::TYPE_BOOL, function(FieldConfig $field) {
$field->title = Piwik::translate("LoginOIDC_SettingDisableSuperuser");
$field->description = Piwik::translate("LoginOIDC_SettingDisableSuperuserHelp");
$field->uiControl = FieldConfig::UI_CONTROL_CHECKBOX;
});
}
/**
* Add allowSignup setting.
*
* @return SystemSetting
*/
private function createAllowSignupSetting() : SystemSetting
{
return $this->makeSetting("allowSignup", $default = false, FieldConfig::TYPE_BOOL, function(FieldConfig $field) {
$field->title = Piwik::translate("LoginOIDC_SettingAllowSignup");
$field->description = Piwik::translate("LoginOIDC_SettingAllowSignupHelp");
$field->uiControl = FieldConfig::UI_CONTROL_CHECKBOX;
});
}
/**
* Add authentication name setting.
*
* @return SystemSetting
*/
private function createAuthenticationNameSetting() : SystemSetting
{
return $this->makeSetting("authenticationName", $default = "OAuth login", FieldConfig::TYPE_STRING, function(FieldConfig $field) {
$field->title = Piwik::translate("LoginOIDC_SettingAuthenticationName");
$field->description = Piwik::translate("LoginOIDC_SettingAuthenticationNameHelp");
$field->uiControl = FieldConfig::UI_CONTROL_TEXT;
});
}
/**
* Add authorization url setting.
*
* @return SystemSetting
*/
private function createAuthorizeUrlSetting() : SystemSetting
{
return $this->makeSetting("authorizeUrl", $default = "https://github.com/login/oauth/authorize", FieldConfig::TYPE_STRING, function(FieldConfig $field) {
$field->title = Piwik::translate("LoginOIDC_SettingAuthorizeUrl");
$field->description = Piwik::translate("LoginOIDC_SettingAuthorizeUrlHelp");
$field->uiControl = FieldConfig::UI_CONTROL_URL;
$field->validators[] = new UrlLike();
});
}
/**
* Add token url setting.
*
* @return SystemSetting
*/
private function createTokenUrlSetting() : SystemSetting
{
return $this->makeSetting("tokenUrl", $default = "https://github.com/login/oauth/access_token", FieldConfig::TYPE_STRING, function(FieldConfig $field) {
$field->title = Piwik::translate("LoginOIDC_SettingTokenUrl");
$field->description = Piwik::translate("LoginOIDC_SettingTokenUrlHelp");
$field->uiControl = FieldConfig::UI_CONTROL_URL;
$field->validators[] = new UrlLike();
});
}
/**
* Add userinfo url setting.
*
* @return SystemSetting
*/
private function createUserinfoUrlSetting() : SystemSetting
{
return $this->makeSetting("userinfoUrl", $default = "https://api.github.com/user", FieldConfig::TYPE_STRING, function(FieldConfig $field) {
$field->title = Piwik::translate("LoginOIDC_SettingUserinfoUrl");
$field->description = Piwik::translate("LoginOIDC_SettingUserinfoUrlHelp");
$field->uiControl = FieldConfig::UI_CONTROL_URL;
$field->validators[] = new UrlLike();
});
}
/**
* Add userinfo id setting.
*
* @return SystemSetting
*/
private function createUserinfoIdSetting() : SystemSetting
{
return $this->makeSetting("userinfoId", $default = "id", FieldConfig::TYPE_STRING, function(FieldConfig $field) {
$field->title = Piwik::translate("LoginOIDC_SettingUserinfoId");
$field->description = Piwik::translate("LoginOIDC_SettingUserinfoIdHelp");
$field->uiControl = FieldConfig::UI_CONTROL_TEXT;
$field->validators[] = new NotEmpty();
});
}
/**
* Add client id setting.
*
* @return SystemSetting
*/
private function createClientIdSetting() : SystemSetting
{
return $this->makeSetting("clientId", $default = "", FieldConfig::TYPE_STRING, function(FieldConfig $field) {
$field->title = Piwik::translate("LoginOIDC_SettingClientId");
$field->description = Piwik::translate("LoginOIDC_SettingClientIdHelp");
$field->uiControl = FieldConfig::UI_CONTROL_TEXT;
});
}
/**
* Add client secret setting.
*
* @return SystemSetting
*/
private function createClientSecretSetting() : SystemSetting
{
return $this->makeSetting("clientSecret", $default = "", FieldConfig::TYPE_STRING, function(FieldConfig $field) {
$field->title = Piwik::translate("LoginOIDC_SettingClientSecret");
$field->description = Piwik::translate("LoginOIDC_SettingClientSecretHelp");
$field->uiControl = FieldConfig::UI_CONTROL_TEXT;
});
}
/**
* Add scope setting.
*
* @return SystemSetting
*/
private function createScopeSetting() : SystemSetting
{
return $this->makeSetting("scope", $default = "", FieldConfig::TYPE_STRING, function(FieldConfig $field) {
$field->title = Piwik::translate("LoginOIDC_SettingScope");
$field->description = Piwik::translate("LoginOIDC_SettingScopeHelp");
$field->uiControl = FieldConfig::UI_CONTROL_TEXT;
});
}
/**
* Add redirect uri override setting.
*
* @return SystemSetting
*/
private function createRedirectUriOverrideSetting() : SystemSetting
{
return $this->makeSetting("redirectUriOverride", $default = "", FieldConfig::TYPE_STRING, function(FieldConfig $field) {
$field->title = Piwik::translate("LoginOIDC_SettingRedirectUriOverride");
$field->description = Piwik::translate("LoginOIDC_SettingRedirectUriOverrideHelp");
$field->uiControl = FieldConfig::UI_CONTROL_URL;
});
}
}
LoginOIDC/lang/de.json 0 → 100644
+ 39
0
View file @ 5f1e82c0
{
"LoginOIDC":{
"SettingDisableSuperuser": "Deaktiviere externen Login-Service für Superuser.",
"SettingDisableSuperuserHelp": "",
"SettingAllowSignup": "Erstelle automatisch einen neuen Account, wenn sich ein unbekannter neuer Benutzer einloggt.",
"SettingAllowSignupHelp": "",
"SettingAuthenticationName": "Name",
"SettingAuthenticationNameHelp": "Name des externen Login-Services, der auf der Login-Seite angezeigt wird.",
"SettingAuthorizeUrl": "Authorize URL",
"SettingAuthorizeUrlHelp": "z.B. https://<USERNAME>.eu.auth0.com/authorize",
"SettingTokenUrl": "Token URL",
"SettingTokenUrlHelp": "z.B. https://<USERNAME>.eu.auth0.com/oauth/token",
"SettingUserinfoUrl": "Userinfo URL",
"SettingUserinfoUrlHelp": "z.B. https://<USERNAME>.eu.auth0.com/userinfo",
"SettingUserinfoId": "Userinfo ID",
"SettingUserinfoIdHelp": "Name des Feldes, in dem die Benutzer-ID enthalten ist. Normalerweise, für OpenID Connect Dienste wie Auth0, ist das 'sub'. Github gibt die eindeutige Benutzer-ID in dem Feld 'id' an.",
"SettingClientId": "Client ID",
"SettingClientIdHelp": "",
"SettingClientSecret": "Client Secret",
"SettingClientSecretHelp": "",
"SettingScope": "OAuth Scopes",
"SettingScopeHelp": "z.B. openid",
"SettingRedirectUriOverride": "Benutzerdefinierte Redirect URI",
"SettingRedirectUriOverrideHelp": "In manchen Fällen ist es nützlich, die Redirect URI, die an den Provider übergeben wird, zu überschreiben. Bei Unklarheit sollte dieses Feld freigelassen werden.",
"OpenIDConnect": "OpenID Connect",
"OIDCIntro": "Dies erlaubt es Dir, Dich über einen externen Service bei Matomo einzuloggen.",
"AccountLinked": "Dein Account ist zur Zeit verknüpft (Entfernte Benutzer-ID: %1$s).",
"AccountNotLinked": "Dein Account ist zur Zeit nicht verknüpft.",
"Link": "Verknüpfe Account",
"Unlink": "Verknüpfung auflösen",
"ExceptionNotConfigured": "LoginOIDC wurde noch nicht vollständig konfiguriert.",
"ExceptionStateMismatch": "OAuth State Fehler.",
"ExceptionUnknownProvider": "Unbekannter OAuth-Service.",
"ExceptionInvalidResponse": "Unerwartete Antwort vom OAuth-Service.",
"ExceptionUserNotFoundAndSignupDisabled": "Benutzer nicht gefunden. Neue Registrierungen über OAuth werden nicht unterstützt.",
"ExceptionUserNotFoundAndNoEmail": "Benutzer nicht gefunden. Benutzer konnte nicht erstellt werden, weil der OAuth Service keine E-Mail Adresse zurückgab.",
"ExceptionSuperUserOauthDisabled": "OAuth Login für Superuser ist deaktiviert."
}
}
LoginOIDC/lang/en.json 0 → 100644
+ 39
0
View file @ 5f1e82c0
{
"LoginOIDC":{
"SettingDisableSuperuser": "Disable external login for superusers.",
"SettingDisableSuperuserHelp": "",
"SettingAllowSignup": "Create new users when users try to log in with unknown OIDC accounts.",
"SettingAllowSignupHelp": "",
"SettingAuthenticationName": "Name",
"SettingAuthenticationNameHelp": "Name of the authentication source which will be displayed on the login screen.",
"SettingAuthorizeUrl": "Authorize URL",
"SettingAuthorizeUrlHelp": "e.g. https://<USERNAME>.eu.auth0.com/authorize",
"SettingTokenUrl": "Token URL",
"SettingTokenUrlHelp": "e.g. https://<USERNAME>.eu.auth0.com/oauth/token",
"SettingUserinfoUrl": "Userinfo URL",
"SettingUserinfoUrlHelp": "e.g. https://<USERNAME>.eu.auth0.com/userinfo",
"SettingUserinfoId": "Userinfo ID",
"SettingUserinfoIdHelp": "Name of the unique user id field in the userinfo response. Usually for OpenID Connect services like Auth0 this is 'sub'. Github provides the user id in 'id'.",
"SettingClientId": "Client ID",
"SettingClientIdHelp": "",
"SettingClientSecret": "Client Secret",
"SettingClientSecretHelp": "",
"SettingScope": "OAuth Scopes",
"SettingScopeHelp": "e.g. openid",
"SettingRedirectUriOverride": "Redirect URI override",
"SettingRedirectUriOverrideHelp": "In some cases it might be useful to manipulate the redirect uri which is given to the provider. If you are unsure, just leave this field empty.",
"OpenIDConnect": "OpenID Connect",
"OIDCIntro": "This allows you to sign in using an external authentication service.",
"AccountLinked": "Your account is currently linked (Remote User ID: %1$s).",
"AccountNotLinked": "Your account is currently not linked.",
"Link": "Link account",
"Unlink": "Unlink account",
"ExceptionNotConfigured": "LoginOIDC has not been configured yet.",
"ExceptionStateMismatch": "OAuth state mismatch.",
"ExceptionUnknownProvider": "Unknown OAuth provider.",
"ExceptionInvalidResponse": "Unexpected response from OAuth service.",
"ExceptionUserNotFoundAndSignupDisabled": "User not found. OAuth registrations are disabled.",
"ExceptionUserNotFoundAndNoEmail": "User not found. User could not be created because the OAuth service did not return an email address.",
"ExceptionSuperUserOauthDisabled": "OAuth login disabled for superusers."
}
}
LoginOIDC/plugin.json 0 → 100644
+ 27
0
View file @ 5f1e82c0
{
"name": "LoginOIDC",
"version": "0.1.4",
"description": "Adds support for integrating external authentication services",
"keywords": ["authentication", "login", "oauth", "openid", "connect", "sso"],
"license": "GPL v3+",
"homepage": "https://github.com/dominik-th/matomo-plugin-LoginOIDC",
"authors": [
{
"name": "Dominik Thiemermann",
"email": "hello@dthiemermann.org",
"homepage": "https://www.dthiemermann.org"
}
],
"require": {
"piwik": ">=3.8.0-b4,<4.0.0-b1",
"php": ">=7.0.0"
},
"donate": {
"paypal": "matomo-loginoidc@dthiemermann.org"
},
"support": {
"email": "matomo-loginoidc@dthiemermann.org",
"issues": "https://github.com/dominik-th/matomo-plugin-LoginOIDC/issues",
"source": "https://github.com/dominik-th/matomo-plugin-LoginOIDC"
}
}
LoginOIDC/stylesheets/loginMod.css 0 → 100644
+ 3
0
View file @ 5f1e82c0
.loginoidc-auth-button {
width: 100%;
}
LoginOIDC/templates/loginMod.twig 0 → 100644
+ 12
0
View file @ 5f1e82c0
{# This is right below the 'forgot password' #}
<hr />
<div class="center-align">
<form method="post" action="{{ linkTo({'module': 'LoginOIDC', 'action': 'signin'}) }}">
<input type="hidden" name="form_nonce" value="{{ nonce }}" />
<button class="btn loginoidc-auth-button" type="submit">
{{ caption }}
</button>
</form>
</div>
LoginOIDC/templates/userSettings.twig 0 → 100644
+ 35
0
View file @ 5f1e82c0
{# This is rendered in the users settings menu as a separate card #}
<div piwik-content-block content-title="{{ 'LoginOIDC_OpenIDConnect'|translate }}">
<p>
{{ 'LoginOIDC_OIDCIntro'|translate }}
</p>
{% if isLinked %}
<p>
<strong>{{ 'LoginOIDC_AccountLinked'|translate(remoteUserId) }}</strong>
<br />
<br />
<form method="post" action="{{ linkTo({'module': 'LoginOIDC', 'action': 'unlink'}) }}">
<input type="hidden" name="form_nonce" value="{{ nonce }}" />
<button class="red lighten-2 btn" type="submit">
{{ 'LoginOIDC_Unlink'|translate }}
</button>
</form>
</p>
{% else %}
<p>
<strong>{{ 'LoginOIDC_AccountNotLinked'|translate }}</strong>
<br />
<br />
<form method="post" action="{{ linkTo({'module': 'LoginOIDC', 'action': 'signin'}) }}">
<input type="hidden" name="form_nonce" value="{{ nonce }}" />
<button class="btn" type="submit">
{{ 'LoginOIDC_Link'|translate }}
</button>
</form>
</p>
{% endif %}
</div>
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

Pirátský GitLab - Home of the CopyLeft