nextcloud與oauth2集成教程

時間 2019-11-16

標籤 nextcloud oauth2 oauth 集成教程简体版

原文原文鏈接

基礎環境

Nextcloud 15.0.5
oauth2

安裝 sociallogin

在官方app應用商店下載 sociallogin
解壓並拷貝 sociallogin 至 app 目錄
打開 Nextcloud 並在應用中啓用

配置oauth2

使用管理員帳號打開 Nextcloud 找到 sociallogin設置，選擇 Custom OAuth2 並添加oauth2信息，以下
設置只使用oauth2登陸，取消系統登陸
編輯 /var/www/html/config/config.php 添加如下配置：php
```
'social_login_auto_redirect' => true
```

使用Oauth2註銷 Nextcloud

使用中發現點擊登出後，Nextcloud只是註銷了自己的session，並無註銷oauth2的session，所以會登出失敗.
打開 core/Controller/LoginController.php 找到 logout 方法，修改 $response 值以下：html

$response = new RedirectResponse('http://10.0.4.3/logout?redirect_uri=http://10.0.4.33:8088');

http://10.0.4.3/logout 爲oauth2認證系統登出地址

使用用戶信息建立組

在使用oauth2登陸成功後，爲了與原有Nextcloud用戶區分，Nextcloud會在數據庫中建立一個用戶名爲 oauth2 Internal name + 登陸名稱的用戶，這樣使用起來及其不方便，咱們能夠經過修改如下代碼，保證用戶名正常不帶前綴：
根據返回用戶信息中其餘信息建立組

sociallogin/lib/Controller/LoginController.php數據庫

private function login($uid, Profile $profile)
{
    $user = $this->userManager->get($uid);
    if (null === $user) {
        $connectedUid = $this->socialConnect->findUID($uid);
        $user = $this->userManager->get($connectedUid);
    }
    if ($this->userSession->isLoggedIn()) {
        if (!$this->config->getAppValue($this->appName, 'allow_login_connect')) {
            throw new LoginException($this->l->t('Social login connect is disabled'));
        }
        if (null !== $user) {
            throw new LoginException($this->l->t('This account already connected'));
        }
        $currentUid = $this->userSession->getUser()->getUID();
        $this->socialConnect->connectLogin($currentUid, $uid);
        return new RedirectResponse($this->urlGenerator->linkToRoute('settings.PersonalSettings.index', ['section' => 'additional']));
    }
    if (null === $user) {
        if ($this->config->getAppValue($this->appName, 'disable_registration')) {
            throw new LoginException($this->l->t('Auto creating new users is disabled'));
        }
        if (
            $profile->email && $this->config->getAppValue($this->appName, 'prevent_create_email_exists')
            && count($this->userManager->getByEmail($profile->email)) !== 0
        ) {
            throw new LoginException($this->l->t('Email already registered'));
        }
        $password = substr(base64_encode(random_bytes(64)), 0, 30);
        $user = $this->userManager->createUser($uid, $password);
        $user->setDisplayName($profile->displayName ?: $profile->identifier);
        $user->setEMailAddress((string)$profile->email);

        $newUserGroup = $this->config->getAppValue($this->appName, 'new_user_group');
        if ($newUserGroup) {
            try {
                $group = $this->groupManager->get($newUserGroup);
                $group->addUser($user);
            } catch (\Exception $e) {
            }
        }

        if ($profile->photoURL) {
            $curl = new Curl();
            try {
                $photo = $curl->request($profile->photoURL);
                $avatar = $this->avatarManager->getAvatar($uid);
                $avatar->set($photo);
            } catch (\Exception $e) {
            }
        }
        $this->config->setUserValue($uid, $this->appName, 'disable_password_confirmation', 1);
        if ($profile->data['departmentName'] !== null) {
            $existGroup = $this->groupManager->get($profile->data['departmentName']);
            if ($existGroup === null) {
                $newGroup = $this->groupManager->createGroup($profile->data['departmentName']);
                $newGroup->addUser($user);
            } else {
                $existGroup->addUser($user);
            }
        }
    }

    $this->userSession->completeLogin($user, ['loginName' => $user->getUID(), 'password' => null]);
    $this->userSession->createSessionToken($this->request, $user->getUID(), $user->getUID());

    if ($redirectUrl = $this->session->get('login_redirect_url')) {
        return new RedirectResponse($redirectUrl);
    }

    $this->session->set('last-password-confirm', time());

    return new RedirectResponse($this->urlGenerator->getAbsoluteURL('/'));
}

sociallogin/lib/Provider/CustomOAuth2.php

public function getUserProfile()
    {
        $profileFields = array_filter(
            array_map('trim', explode(',', $this->config->get('profile_fields'))),
            function ($val) {
                return !empty($val);
            }
        );
        $profileUrl = $this->config->get('endpoints')->get('profile_url');

        if (count($profileFields) > 0) {
            $profileUrl .= (strpos($profileUrl, '?') !== false ? '&' : '?') . 'fields=' . implode(',', $profileFields);
        }
        $response = $this->apiRequest($profileUrl);
        if (!isset($response->identifier) && isset($response->id)) {
            $response->identifier = $response->id;
        }
        if (!isset($response->identifier) && isset($response->data->id)) {
            $response->identifier = $response->data->id;
        }
        if (!isset($response->identifier) && isset($response->user_id)) {
            $response->identifier = $response->user_id;
        }
        $data = new Data\Collection($response);
        if (!$data->exists('identifier')) {
            throw new UnexpectedApiResponseException('Provider API returned an unexpected response.');
        }
        $userProfile = new User\Profile();
        foreach ($data->toArray() as $key => $value) {
            if (property_exists($userProfile, $key)) {
                $userProfile->$key = $value;
            }
        }
        if (!empty($userProfile->email)) {
            $userProfile->emailVerified = $userProfile->email;
        }
        $attributes = new Data\Collection($data->get('attributes'));
        $userProfile->data = [
            "organizationName" => $attributes->get('organizationName'),
            "departmentName" => $attributes->get('departmentName'),
        ];
        if ($attributes->get('name') !== null) {
            $userProfile->displayName = $attributes->get('name');
        }
        return $userProfile;
    }

相關標籤/搜索

每日一句

每一个你不满意的现在，都有一个你没有努力的曾经。