| |
153 |
153 |
dict set fields $target [dict get $claims $field] |
| |
154 |
154 |
} |
| |
155 |
155 |
dict set result fields $fields |
| |
156 |
156 |
foreach field [:required_fields] { |
| |
157 |
157 |
if {![dict exists $fields $field] |
| |
158 |
158 |
|| [dict get $fields $field] in {"" "null"} |
| |
159 |
159 |
} { |
| |
160 |
160 |
set not_enough_data $field |
| |
161 |
161 |
break |
| |
162 |
162 |
} |
| |
163 |
163 |
} |
| |
164 |
164 |
|
| |
165 |
165 |
if {[info exists not_enough_data]} { |
| |
166 |
166 |
ns_log warning "[self] get_user_data: not enough data:" \ |
| |
167 |
167 |
$not_enough_data "is missing" |
| |
168 |
168 |
dict set result error oacs-not_enough_data |
| |
169 |
169 |
} |
| |
170 |
170 |
return $result |
| |
171 |
171 |
} |
| |
172 |
172 |
|
| |
|
173 |
:method record_oauth_registration {user_id} { |
| |
|
174 |
# |
| |
|
175 |
# Record the fact that this user_id was created via an |
| |
|
176 |
# OAuth identity provider. |
| |
|
177 |
# |
| |
|
178 |
set auth_obj [self] |
| |
|
179 |
db_dml _ { |
| |
|
180 |
INSERT INTO xooauth_authorized_users (user_id, auth_obj) |
| |
|
181 |
VALUES (:user_id, :auth_obj) |
| |
|
182 |
} |
| |
|
183 |
} |
| |
|
184 |
|
| |
173 |
185 |
:method register_new_user { |
| |
174 |
186 |
{-first_names} |
| |
175 |
187 |
{-last_name} |
| |
176 |
188 |
{-email} |
| |
177 |
189 |
} -returns integer { |
| |
178 |
190 |
# |
| |
179 |
191 |
# Register the user and return the user_id. In case, the |
| |
180 |
192 |
# registration of the new user fails, raise an exception. |
| |
181 |
193 |
# |
| |
182 |
194 |
# not tested |
| |
183 |
195 |
# |
| |
184 |
196 |
db_transaction { |
| |
185 |
197 |
set user_info(first_names) $first_names |
| |
186 |
198 |
set user_info(last_name) $last_name |
| |
187 |
199 |
if {![util_email_unique_p $email]} { |
| |
188 |
200 |
error "Email is not unique: $email" |
| |
189 |
201 |
} |
| |
190 |
202 |
set user_info(email) $email |
| |
191 |
203 |
array set creation_info [auth::create_local_account \ |
| |
192 |
204 |
-authority_id [auth::authority::local] \ |
| |
193 |
205 |
-username $email \ |
| |
194 |
206 |
-array user_info] |
| |
195 |
207 |
if {$creation_info(creation_status) ne "ok"} { |
| |
196 |
|
error "Error when creating user: $creation_info(creation_status) $creation_info(element_messages)" |
| |
|
208 |
set errorMsg "" |
| |
|
209 |
error [append errorMsg "Error when creating user: " \ |
| |
|
210 |
$creation_info(creation_status) " " \ |
| |
|
211 |
$creation_info(element_messages)] |
| |
197 |
212 |
} |
| |
|
213 |
|
| |
198 |
214 |
set user_id $creation_info(user_id) |
| |
199 |
|
# |
| |
200 |
|
# One might add here a callback to handle cases, where |
| |
201 |
|
# externally provided identities should be added to a |
| |
202 |
|
# database. |
| |
203 |
|
# |
| |
204 |
|
#db_dml _ "INSERT INTO azure_users VALUES (:user_id)" |
| |
205 |
|
#db_dml _ "INSERT INTO azure_user_mails (user_id, email) VALUES (:user_id, :email)" |
| |
|
215 |
:record_oauth_registration $user_id |
| |
206 |
216 |
|
| |
207 |
217 |
if {[apm_package_installed_p dotlrn] && ${:create_with_dotlrn_role} ne ""} { |
| |
208 |
218 |
# |
| |
209 |
219 |
# We have DotLRN installed, and we want to create |
| |
210 |
220 |
# for this register object the new users in the |
| |
211 |
221 |
# provided role. Note that one can define |
| |
212 |
222 |
# different instances of this class behaving |
| |
213 |
223 |
# differently. |
| |
214 |
224 |
# |
| |
215 |
225 |
dotlrn::user_add \ |
| |
216 |
226 |
-type ${:create_with_dotlrn_role} \ |
| |
217 |
227 |
-can_browse=1 \ |
| |
218 |
228 |
-id $email \ |
| |
219 |
229 |
-user_id $user_id |
| |
220 |
230 |
|
| |
221 |
231 |
acs_privacy::set_user_read_private_data \ |
| |
222 |
232 |
-user_id $user_id \ |
| |
223 |
233 |
-object_id [dotlrn::get_package_id] \ |
| |
224 |
234 |
-value 1 |
| |
225 |
235 |
} |
|
| |
378 |
388 |
dict set result first_names $first_names |
| |
379 |
389 |
dict set result last_name $last_name |
| |
380 |
390 |
} |
| |
381 |
391 |
} |
| |
382 |
392 |
} |
| |
383 |
393 |
ns_log notice "[self] get_user_data returns $result" |
| |
384 |
394 |
return $result |
| |
385 |
395 |
} |
| |
386 |
396 |
|
| |
387 |
397 |
:public method logout_url { {page ""} } { |
| |
388 |
398 |
# |
| |
389 |
399 |
# Returns the URL for logging out. E.g., GitHub has no |
| |
390 |
400 |
# logout, so provide simply a redirect URL (maybe, we |
| |
391 |
401 |
# should logout from the application?) |
| |
392 |
402 |
# |
| |
393 |
403 |
return $page |
| |
394 |
404 |
} |
| |
395 |
405 |
|
| |
396 |
406 |
} |
| |
397 |
407 |
|
| |
|
408 |
# |
| |
|
409 |
# In general it might be possible, that a user is identified over |
| |
|
410 |
# multiple OAuth identity providers, so the unique constraint |
| |
|
411 |
# might be too strong. For now, we add only users to this table, |
| |
|
412 |
# which were created from this authority - such that the unique |
| |
|
413 |
# constraint holds. |
| |
|
414 |
# |
| |
|
415 |
::xo::db::require table xooauth_authorized_users [subst { |
| |
|
416 |
user_id {integer references users(user_id) on delete cascade} |
| |
|
417 |
auth_obj {character varying(255)} |
| |
|
418 |
}] |
| |
|
419 |
::xo::db::require index -table xooauth_authorized_users -col user_id -unique true |
| |
398 |
420 |
} |
| |
399 |
421 |
::xo::library source_dependent |
| |
400 |
422 |
# |
| |
401 |
423 |
# Local variables: |
| |
402 |
424 |
# mode: tcl |
| |
403 |
425 |
# tcl-indent-level: 2 |
| |
404 |
426 |
# indent-tabs-mode: nil |
| |
405 |
427 |
# End |