4 * Authorization Server Member
7 * @link http://www.open-emr.org
8 * @author Jerry Padgett <sjpadgett@gmail.com>
9 * @copyright Copyright (c) 2020 Jerry Padgett <sjpadgett@gmail.com>
10 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
13 use OpenEMR\Common\Session\SessionUtil
;
15 if ($oauthLogin !== true) {
16 $message = xlt("Error. Not authorized");
17 SessionUtil
::oauthSessionCookieDestroy();
22 use OpenEMR\Common\Csrf\CsrfUtils
;
23 use OpenEMR\Core\Header
;
28 <title
><?php
echo xlt("OpenEMR Authorization"); ?
></title
>
29 <?php Header
::setupHeader(); ?
>
30 <script src
="<?php echo $GLOBALS['webroot'] ?>/library/js/u2f-api.js"></script
>
32 <body
class="container-fluid bg-dark">
33 <div
class="row h-100 w-100 justify-content-center align-items-center">
34 <div
class="col-sm-6 bg-light text-dark">
35 <div
class="text-md-center">
36 <?php
if (empty($authorize) && empty($mfaRequired)) { ?
>
37 <h4
class="mb-4 mt-1"><?php
echo xlt("Sign In"); ?
></h4
>
38 <?php
} elseif (empty($authorize) && !empty($mfaRequired)) { ?
>
39 <h4
class="mb-4 mt-1"><?php
echo xlt('MFA Verification'); ?
></h4
>
41 <h4
class="mb-4 mt-1"><?php
echo xlt("Authorizing"); ?
></h4
>
45 <?php
if (!empty($authorize)) { ?
>
46 <div
class="row w-100">
47 <div
class="col-sm-6">
49 <div
class="card-body pt-1">
50 <h5
class="card-title text-sm-center"><?php
echo xlt("Scopes"); ?
><hr
/></h5
>
51 <ul
class="pl-2 mt-1">
53 $scopes = explode(' ', $_SESSION['scopes']);
54 foreach ($scopes as $key) {
55 echo "<li class='col-text'><strong>" . text($key) . "</strong> " . "</li>";
62 <div
class="col-sm-6">
64 <div
class="card-body pt-1">
65 <h5
class="card-title text-sm-center"><?php
echo xlt("Claims"); ?
><hr
/></h5
>
66 <ul
class="pl-2 mt-1">
68 foreach ($_SESSION['claims'] as $key => $value) {
69 $key_n = explode('_', $key);
70 if (stripos($_SESSION['scopes'], $key_n[0]) === false) {
73 if ((int)$value === 1) {
76 $key = ucwords(str_replace("_", " ", $key));
77 echo "<li class='col-text'><strong>" . text($key) . ":</strong> " . text($value) . "</li>";
86 <form method
="post" name
="userLogin" id
="userLogin" action
="<?php echo $redirect ?>">
87 <input type
="hidden" name
="csrf_token_form" value
="<?php echo attr(CsrfUtils::collectCsrfToken('oauth2')); ?>" />
88 <?php
if (empty($authorize) && empty($mfaRequired)) { ?
>
89 <div
class="form-group">
90 <input
class="form-control" placeholder
="<?php echo xla("Email
if required
"); ?>" type
="email" name
="email">
92 <div
class="form-group"><!-- TODO
: remove test values
-->
93 <input
class="form-control" placeholder
="<?php echo xla("Registered username
"); ?>" type
="text" name
="username" value
="">
95 <div
class="form-group">
96 <input
class="form-control" placeholder
="******" type
="password" name
="password" value
="">
100 <?php
if (empty($authorize) && !empty($mfaRequired)) { ?
>
101 <?php
if (in_array($TOTP, $mfaType)) { ?
>
103 <legend
><?php
echo xlt('Provide TOTP code') ?
></legend
>
105 <div
class="form-group">
106 <input
class="form-control" id
="totp_token" autocomplete
="false" placeholder
="<?php echo xlt("Enter required authentication code
"); ?>" type
="text" name
="mfa_token">
108 <div
class="form-group">
109 <button type
="submit" name
="user_role" class="btn btn-primary btn-save" value
="api"><?php
echo xlt("Authenticate TOTP"); ?
></button
>
113 <?php
if (in_array($U2F, $mfaType)) { ?
>
114 <div
class="form-group">
116 <legend
><?php
echo xlt('Insert U2F Key') ?
></legend
>
119 <li
><?php
echo xlt('Insert your key into a USB port and click the Authenticate button below.') ?
></li
>
120 <li
><?php
echo xlt('Then press the flashing button on your key within 1 minute.') ?
></li
>
124 <button type
="button" id
="authutf" class="btn btn-primary btn-save" onclick
="doAuth()"><?php
echo xlt('Authenticate U2F') ?
></button
>
125 <input type
="hidden" name
="form_requests" value
="<?php echo attr($requests ?? '') ?>" />
126 <input type
="hidden" name
="user_role" value
="api">
130 <div
class="form-group">
131 <input
class="form-control" type
="hidden" value
="<?php echo attr($_POST['email'] ?? ''); ?>">
133 <div
class="form-group"><!-- TODO
: remove test values
-->
134 <input
class="form-control" type
="hidden" name
="username" value
="<?php echo attr($_POST['username']); ?>">
136 <div
class="form-group">
137 <input
class="form-control" type
="hidden" name
="password" value
="<?php echo attr($_POST['password']); ?>">
139 <input
class="form-control" type
="hidden" name
="mfa_type" value
="TOTP">
143 <div
class="col-md-12">
144 <?php
if (!empty($authorize)) { ?
>
145 <div
class="btn-group">
146 <button type
="submit" name
="proceed" value
="1" class="btn btn-primary"><?php
echo xlt("Authorize"); ?
></button
>
149 <div
class="btn-group">
150 <?php
if (empty($mfaRequired)) { ?
>
151 <button type
="submit" name
="user_role" class="btn btn-outline-primary" value
="api"><?php
echo xlt("OpenEMR Login"); ?
> <i
class="fa fa-sign-in-alt"></i
></button
>
152 <?php
if (!empty($patientRoleSupport)) { ?
>
153 <button type
="submit" name
="user_role" class="btn btn-outline-info" value
="portal-api"><?php
echo xlt("Patient Login"); ?
> <i
class="fa fa-sign-in-alt"></i
></button
>
157 <div
class="form-check-inline float-right">
158 <input
class="form-check-input" type
="checkbox" name
="persist_login" id
="persist_login" value
="1">
159 <label
for="persist_login" class="form-check-label"><?php
echo xlt("Remember Me"); ?
></label
>
171 var f
= document
.getElementById("userLogin");
172 var requests
= JSON
.parse(f
.form_requests
.value
);
173 // The server's getAuthenticateData() repeats the same challenge in all requests.
174 var challenge
= requests
[0].challenge
;
175 var registeredKeys
= new Array();
176 for (var i
= 0; i
< requests
.length
; ++i
) {
177 registeredKeys
[i
] = {"version": requests
[i
].version
, "keyHandle": requests
[i
].keyHandle
};
180 <?php
echo js_escape($appId ??
''); ?
>,
184 if (data
.errorCode
&& data
.errorCode
!= 0) {
185 alert(<?php
echo xlj("Key access failed with error"); ?
> +
' ' + data
.errorCode
);
188 //hide totp input if both on used
189 if (document
.getElementById('totp_token')) {
190 document
.getElementById('totp_token').style
.display
= 'none';
192 //create new mfa_token input
193 var elInput
= document
.createElement('input');
194 elInput
.setAttribute('type', 'hidden');
195 elInput
.setAttribute('name', 'mfa_token');
196 elInput
.setAttribute('value', JSON
.stringify(data
));
197 f
.appendChild(elInput
);
198 f
.mfa_type
.value
= 'U2F';