Kumi
83e171bc5d
Refactored the OIDC Admin Login for WHMCS to improve usability and configuration management. The module now supports dynamic configuration via the WHMCS admin interface, removing the need for manual edits to a config file. This change facilitates easier module activation, configuration, and management directly from the WHCMS admin panel. Key changes include: - Transitioned the installation path to the more appropriate `/modules/addons` directory. - Eliminated the `config.dist.php` file in favor of storing configuration details in the database, which are set through the WHMCS admin UI. - Added admin UI components for module activation and configuration, including fields for OIDC provider URL, client ID, client secret, OIDC claim, and OIDC scopes. - Introduced a login handler script that dynamically fetches configuration from the database, authenticates users via their OIDC provider, and handles session setup within WHMCS based on the `preferred_username` claim. - Implemented instructional comments and setup guidelines in README to guide users through the new installation and configuration process. This upgrade streamlines the setup process for administrators and strengthens the module's integration with WHMCS, making it more accessible and easier to manage.
90 lines
2.9 KiB
PHP
90 lines
2.9 KiB
PHP
<?php
|
|
|
|
/*
|
|
* This file is part of a project developed by Kumi Systems e.U.
|
|
*
|
|
* Copyright (c) 2023 Kumi Systems e.U.
|
|
*
|
|
* This software is released under the MIT License.
|
|
* See the LICENSE file in the project root for more information.
|
|
*/
|
|
|
|
// Error reporting
|
|
error_reporting(E_ALL);
|
|
ini_set('display_errors', 1);
|
|
|
|
|
|
require_once 'vendor/autoload.php';
|
|
require_once "../../../init.php";
|
|
|
|
use Jumbojett\OpenIDConnectClient;
|
|
use WHMCS\Database\Capsule;
|
|
|
|
// Check if the module is activated
|
|
$moduleActivated = Capsule::table('tbladdonmodules')
|
|
->where('module', '=', 'oidc_admin_login')
|
|
->count() > 0;
|
|
|
|
if (!$moduleActivated) {
|
|
// Handle the error case where the module is not activated
|
|
error_log("OIDC SSO login failed: Module not activated");
|
|
die("OIDC SSO login failed: Module not activated");
|
|
}
|
|
|
|
// Fetch the module configuration
|
|
$moduleConfig = Capsule::table('tbladdonmodules')
|
|
->where('module', '=', 'oidc_admin_login')
|
|
->get();
|
|
|
|
$oidcProviderUrl = $moduleConfig->where('setting', '=', 'oidcProviderUrl')->first()->value;
|
|
$clientID = $moduleConfig->where('setting', '=', 'clientId')->first()->value;
|
|
$clientSecret = $moduleConfig->where('setting', '=', 'clientSecret')->first()->value;
|
|
$oidcScopes = $moduleConfig->where('setting', '=', 'oidcScopes')->first()->value;
|
|
$oidcClaim = $moduleConfig->where('setting', '=', 'oidcClaim')->first()->value;
|
|
|
|
$oidcScopes = explode(',', $oidcScopes);
|
|
|
|
// Initialize the OIDC client
|
|
$oidc = new OpenIDConnectClient($oidcProviderUrl, $clientID, $clientSecret);
|
|
$oidc->addScope($oidcScopes);
|
|
|
|
try {
|
|
// Authenticate the user with the OIDC provider
|
|
$oidc->authenticate();
|
|
|
|
// Fetch the user's details
|
|
$userInfo = $oidc->requestUserInfo();
|
|
|
|
// Get the value of the claim to use as the WHMCS username
|
|
if (isset($userInfo->$oidcClaim)) {
|
|
$username = $userInfo->$oidcClaim;
|
|
|
|
// Initialize WHMCS authentication class
|
|
$auth = new WHMCS\Auth();
|
|
|
|
// Attempt to find and authenticate the user by username
|
|
if ($auth->getInfobyUsername($username)) {
|
|
// Set session variables for the logged-in user
|
|
$auth->setSessionVars();
|
|
|
|
$redirectUri = '/admin/';
|
|
// TODO: Preserve the original redirect URL
|
|
header('Location: ' . $redirectUri);
|
|
exit;
|
|
} else {
|
|
// Handle the error case where the username doesn't exist in WHMCS
|
|
error_log("OIDC SSO login failed: Username not found in WHMCS");
|
|
// TODO: Redirect to a failure page
|
|
die("OIDC SSO login failed: Username not found in WHMCS");
|
|
}
|
|
} else {
|
|
// Handle missing username claim
|
|
error_log("OIDC SSO login failed: Username claim not found in user info");
|
|
exit;
|
|
}
|
|
} catch (Exception $e) {
|
|
// Handle errors, such as authentication failures
|
|
error_log("OIDC SSO login error: " . $e->getMessage());
|
|
die("OIDC SSO login error: " . $e->getMessage());
|
|
}
|