-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathclef.module
More file actions
332 lines (307 loc) · 10.8 KB
/
clef.module
File metadata and controls
332 lines (307 loc) · 10.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
<?php
/**
* @file
* Provides the ability to log in with Clef.
*
* TODO: Associate the Clef ID with a user so that if they change their email
* address they can still log in
*/
define('CLEF_DEFAULT_PASSWORD_LENGTH', 32);
/**
* Implements hook_init().
*/
function clef_init() {
_initialize_state();
}
/**
* Implements hook_menu().
*/
function clef_menu() {
$items = array();
$items['admin/people/clef'] = array(
'title' => 'Clef',
'page callback' => 'drupal_get_form',
'page arguments' => array('clef_admin'),
'access arguments' => array('administer site configuration'),
'description' => 'Allows administrators to configure settings for the Clef module.',
);
$items['clef/verify'] = array(
'title' => 'Clef',
'description' => 'Clef verification page',
'page callback' => 'clef_verify_callback',
'access callback' => TRUE,
'type' => MENU_CALLBACK,
);
return $items;
}
/**
* Implements hook_block_info().
*/
function clef_block_info() {
return array(
'login' => array(
'info' => t('Log in with Clef'),
),
);
}
/**
* Implements hook_block_view().
*/
function clef_block_view($delta = '') {
if ($delta == 'login' && !user_is_logged_in()) {
return array(
'subject' => t('Log in'),
'content' => clef_login_button(),
);
}
}
/**
* Implements hook_form_FORM_ID_alter().
*/
function clef_form_user_login_alter(&$form, $form_state) {
if (variable_get('clef_login_form', 1)) {
$form['actions']['clef'] = array(
'#markup' => clef_login_button(),
);
}
}
/**
* Implements hook_form_FORM_ID_alter().
*/
function clef_form_user_login_block_alter(&$form, $form_state) {
clef_form_user_login_alter($form, $form_state);
}
/**
* Implements hook_form_FORM_ID_alter().
*/
function clef_form_user_register_form_alter(&$form, $form_state) {
if (!empty($_GET['email'])) {
$form['account']['name']['#default_value'] = _clef_get_name($_GET);
// user_validate_mail() has the opposite return value you'd expect
if (!user_validate_mail($_GET['email'])) {
$form['account']['mail'] = array(
'#type' => 'value',
'#value' => $_GET['email'],
);
$form['account']['mail_info'] = array(
'#type' => 'item',
'#title' => t('E-mail address'),
'#markup' => '<p>' . check_plain($_GET['email']) . '</p>',
'#required' => TRUE,
'#weight' => -1,
);
}
if (!variable_get('user_email_verification', TRUE)) {
$form['account']['pass'] = array(
'#type' => 'value',
'#value' => user_password(CLEF_DEFAULT_PASSWORD_LENGTH),
);
}
}
}
/**
* Returns the HTML script tag for the "Log in with Clef" button.
*/
function clef_login_button() {
return '<div class="clef-wrapper"><script data-redirect-url="' . variable_get('clef_url', url('clef/verify', array('absolute' => TRUE))) .
'" data-style="' . variable_get('clef_button_type', 'button') .
'" data-color="' . variable_get('clef_color', 'blue') .
'" data-app-id="' . variable_get('clef_app_id', '') .
'" data-state="' . _get_state() .
'" class="clef-button" src="https://clef.io/v3/clef.js" type="text/javascript"></script></div>';
}
/**
* The callback for the Clef verify page.
*/
function clef_verify_callback() {
if ($info = clef_verify()) {
// Clef is authorized to log into accounts using this email address
if ($account = user_load_by_mail($info['email'])) {
$form_state = array('uid' => $account->uid);
user_login_submit(array(), $form_state);
drupal_goto('user/' . $account->uid);
}
// If we're not auto-registering, go to the registration form
elseif (!variable_get('clef_auto_register', 0)) {
unset($info['id'], $info['phone_number']);
drupal_goto('user/register', array('query' => $info));
}
// Error 403 if only admins can create accounts
elseif (variable_get('user_register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL) == USER_REGISTER_ADMINISTRATORS_ONLY) {
drupal_set_message('Your Clef email address is not associated with any user accounts on this site, and only administrators may create new accounts.', 'error');
return MENU_ACCESS_DENIED;
}
// Register the user
else {
$form = $form_state = array();
$form['#user'] = drupal_anonymous_user();
$form['#user_category'] = 'register';
$form_state['values']['administer_users'] = FALSE;
$form_state['values']['name'] = _clef_get_name($info);
$form_state['values']['mail'] = $info['email'];
$form_state['values']['pass'] = user_password(CLEF_DEFAULT_PASSWORD_LENGTH);
user_register_submit($form, $form_state);
drupal_goto();
}
}
else {
drupal_set_message(t('Drupal was unable to authenticate with Clef.'), 'error');
return MENU_ACCESS_DENIED;
}
}
/**
* Verifies a user who is attempting to log in with Clef.
*
* @param $code
* (Optional) The verification code. Defaults to $_REQUEST['code'].
*
* @return
* FALSE if the verification failed or an associative array containing the
* following keys if it succeeded:
* - id
* - first_name
* - last_name
* - phone_number
* - email
* "id" is guaranteed to appear but the other values must be authorized in
* the app's settings.
*/
function clef_verify($code = '') {
if (!_verify_state()) return FALSE;
if (empty($code)) {
$code = isset($_REQUEST['code']) ? $_REQUEST['code'] : '';
if (empty($code)) {
return FALSE;
}
}
$postdata = http_build_query(array(
'code' => $code,
'app_id' => variable_get('clef_app_id', ''),
'app_secret' => variable_get('clef_app_secret', ''),
));
$response = json_decode(drupal_http_request('https://clef.io/api/v1/authorize', array(
'method' => 'POST',
'headers' => array('Content-Type' => 'application/x-www-form-urlencoded'),
'data' => $postdata,
))->data, TRUE);
if ($response && !empty($response['access_token'])) {
$url = 'https://clef.io/api/v1/info?access_token=' . $response['access_token'];
$response = json_decode(drupal_http_request($url)->data, TRUE);
if ($response && !empty($response['info']) && !empty($response['success'])) {
return $response['info'];
}
watchdog('clef', 'Clef information retrieval failed with error: %error', array('%error' => isset($response['error']) ? $response['error'] : 'Unknown'), WATCHDOG_WARNING);
}
else {
watchdog('clef', 'Clef authorization failed with error: %error', array('%error' => isset($response['error']) ? $response['error'] : 'Unknown'), WATCHDOG_WARNING);
}
return FALSE;
}
/**
* The administrative settings form.
*/
function clef_admin($form, $form_state) {
if (variable_get('user_register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL) == USER_REGISTER_ADMINISTRATORS_ONLY) {
drupal_set_message(t('Currently, only administrators can create user accounts.') . ' ' .
t('As a result, people logging in with Clef who use an email address not already associated with a Drupal user will encounter an access denied error.') . ' ' .
t('If this is not the desired behavior, you should <a href="!url">change the registration setting</a>.',
array('!url' => url('admin/config/people/accounts', array('fragment' => 'edit-user-register')))
), 'warning');
}
if (!variable_get('clef_app_id', '')) {
drupal_set_message(t('Before allowing users to log in with Clef, you must <a href="@create">create a Clef application</a>.', array(
'@create' => 'https://getclef.com/developer',
)) . ' ' .
t('You must give the app at least the "Email" permission, and the name-related permissions are recommended.') . ' ' .
t('Use <a href="@url">@url</a> for the "Application domain."', array('@url' => url())) . ' ' .
t('Clef will then give you an Application ID and Application Secret which you must copy-paste below.'),
'warning');
}
$form['clef_app_id'] = array(
'#type' => 'textfield',
'#title' => t('Application ID'),
'#description' => t('You can find this in your Clef developer dashboard. You must first register an application.'),
'#default_value' => variable_get('clef_app_id', ''),
'#required' => TRUE,
);
$form['clef_app_secret'] = array(
'#type' => 'textfield',
'#title' => t('Application Secret'),
'#description' => t('You can find this in your Clef developer dashboard. You must first register an application.'),
'#default_value' => variable_get('clef_app_secret', ''),
'#required' => TRUE,
);
$form['clef_button_type'] = array(
'#type' => 'radios',
'#title' => t('Button type'),
'#default_value' => variable_get('clef_button_type', 'button'),
'#required' => TRUE,
'#options' => array(
'button' => t('Rounded'),
'flat' => t('Flat'),
),
);
$form['clef_color'] = array(
'#type' => 'radios',
'#title' => t('Button color'),
'#default_value' => variable_get('clef_color', 'blue'),
'#required' => TRUE,
'#options' => array(
'blue' => t('Blue'),
'white' => t('White'),
),
);
$form['clef_login_form'] = array(
'#type' => 'checkbox',
'#title' => t('Add a "Log in with your phone" button to the normal user login form'),
'#default_value' => variable_get('clef_login_form', 1),
);
$form['clef_auto_register'] = array(
'#type' => 'checkbox',
'#title' => t('Automatically register users who attempt to log in with Clef but are not registered'),
'#description' => t('If enabled, this setting bypasses non-default fields added to the registration form.'),
'#default_value' => variable_get('clef_auto_register', 0),
);
return system_settings_form($form);
}
/**
* Get a username for the user.
*
* Tries to use the name if available, then tries the email.
*/
function _clef_get_name($info) {
if (!empty($info['first_name'])) {
return $info['first_name'] . (empty($info['last_name']) ? '' : ' ' . $info['last_name']);
}
elseif (!empty($info['last_name'])) {
return $info['last_name'];
}
elseif (!empty($info['email'])) {
return drupal_ucfirst(drupal_substr($info['email'], 0, strpos($info['email'], '@')));
}
return '';
}
function _get_state() {
if (!isset($_COOKIE['_clef_state']) || !$_COOKIE['_clef_state']) {
return _initialize_state();
} else {
return $_COOKIE['_clef_state'];
}
}
function _verify_state() {
$request_state = $code = isset($_REQUEST['state']) ? $_REQUEST['state'] : '';
$correct_state = _get_state();
if ($request_state && $correct_state && $correct_state == $request_state) {
_initialize_state(true);
return true;
} else {
return false;
}
}
function _initialize_state($override=false) {
if (!$override && isset($_COOKIE['_clef_state']) && $_COOKIE['_clef_state']) return;
$state = md5(uniqid(rand(), true));
@setcookie('_clef_state', $state, (time() + 60 * 60 * 24), '/', '', isset($_SERVER['HTTPS']), true);
$_COOKIE['state'] = $state;
return $state;
}