search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
General onetime service (#6340)
[openemr.git] / oauth2 / provider / login.php
blobb2dd2275a006f2d7d17d719f6fb85c1319c076ac
1 <?php
2
3 /**
4 * Authorization Server Member
5 *
6 * @package OpenEMR
7 * @link http://www.open-emr.org
8 * @author Jerry Padgett <sjpadgett@gmail.com>
9 * @copyright Copyright (c) 2020 Jerry Padgett <sjpadgett@gmail.com>
10 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
11 */
12
13 use OpenEMR\Common\Session\SessionUtil;
14
15 if ($oauthLogin !== true) {
16 $message = xlt("Error. Not authorized");
17 SessionUtil::oauthSessionCookieDestroy();
18 echo $message;
19 exit();
20 }
21
22 use OpenEMR\Common\Csrf\CsrfUtils;
23 use OpenEMR\Core\Header;
24
25 ?>
26 <html>
27 <head>
28 <title><?php echo xlt("OpenEMR Authorization"); ?></title>
29 <?php Header::setupHeader(); ?>
30 <script src="<?php echo $GLOBALS['webroot'] ?>/library/js/u2f-api.js"></script>
31 </head>
32 <body class="container-fluid bg-dark">
33 <div class="row h-100 w-100 justify-content-center align-items-center">
34 <div class="col-sm-6 bg-light text-dark">
35 <div class="text-md-center">
36 <?php if (empty($authorize) && empty($mfaRequired)) { ?>
37 <h4 class="mb-4 mt-1"><?php echo xlt("Sign In"); ?></h4>
38 <?php } elseif (empty($authorize) && !empty($mfaRequired)) { ?>
39 <h4 class="mb-4 mt-1"><?php echo xlt('MFA Verification'); ?></h4>
40 <?php } else { ?>
41 <h4 class="mb-4 mt-1"><?php echo xlt("Authorizing"); ?></h4>
42 <?php } ?>
43 </div>
44 <hr />
45 <?php if (!empty($authorize)) { ?>
46 <div class="row w-100">
47 <div class="col-sm-6">
48 <div class="card">
49 <div class="card-body pt-1">
50 <h5 class="card-title text-sm-center"><?php echo xlt("Scopes"); ?><hr /></h5>
51 <ul class="pl-2 mt-1">
52 <?php {
53 $scopes = explode(' ', $_SESSION['scopes']);
54 foreach ($scopes as $key) {
55 echo "<li class='col-text'><strong>" . text($key) . "</strong> " . "</li>";
56 }
57 } ?>
58 </ul>
59 </div>
60 </div>
61 </div>
62 <div class="col-sm-6">
63 <div class="card">
64 <div class="card-body pt-1">
65 <h5 class="card-title text-sm-center"><?php echo xlt("Claims"); ?><hr /></h5>
66 <ul class="pl-2 mt-1">
67 <?php {
68 foreach ($_SESSION['claims'] as $key => $value) {
69 $key_n = explode('_', $key);
70 if (stripos($_SESSION['scopes'], $key_n[0]) === false) {
71 continue;
72 }
73 if ((int)$value === 1) {
74 $value = 'True';
75 }
76 $key = ucwords(str_replace("_", " ", $key));
77 echo "<li class='col-text'><strong>" . text($key) . ":</strong> " . text($value) . "</li>";
78 }
79 } ?>
80 </ul>
81 </div>
82 </div>
83 </div>
84 </div>
85 <?php } ?>
86 <form method="post" name="userLogin" id="userLogin" action="<?php echo $redirect ?>">
87 <input type="hidden" name="csrf_token_form" value="<?php echo attr(CsrfUtils::collectCsrfToken('oauth2')); ?>" />
88 <?php if (empty($authorize) && empty($mfaRequired)) { ?>
89 <div class="form-group">
90 <input class="form-control" placeholder="<?php echo xla("Email if required"); ?>" type="email" name="email">
91 </div>
92 <div class="form-group"><!-- TODO: remove test values -->
93 <input class="form-control" placeholder="<?php echo xla("Registered username"); ?>" type="text" name="username" value="">
94 </div>
95 <div class="form-group">
96 <input class="form-control" placeholder="******" type="password" name="password" value="">
97 </div>
98 <?php } ?>
99
100 <?php if (empty($authorize) && !empty($mfaRequired)) { ?>
101 <?php if (in_array($TOTP, $mfaType)) { ?>
102 <fieldset>
103 <legend><?php echo xlt('Provide TOTP code') ?></legend>
104 </fieldset>
105 <div class="form-group">
106 <input class="form-control" id="totp_token" autocomplete="false" placeholder="<?php echo xlt("Enter required authentication code"); ?>" type="text" name="mfa_token">
107 </div>
108 <div class="form-group">
109 <button type="submit" name="user_role" class="btn btn-primary btn-save" value="api"><?php echo xlt("Authenticate TOTP"); ?></button>
110 </div>
111 <?php } ?>
112
113 <?php if (in_array($U2F, $mfaType)) { ?>
114 <div class="form-group">
115 <fieldset>
116 <legend><?php echo xlt('Insert U2F Key') ?></legend>
117 <div>
118 <ul>
119 <li><?php echo xlt('Insert your key into a USB port and click the Authenticate button below.') ?></li>
120 <li><?php echo xlt('Then press the flashing button on your key within 1 minute.') ?></li>
121 </ul>
122 </div>
123 </fieldset>
124 <button type="button" id="authutf" class="btn btn-primary btn-save" onclick="doAuth()"><?php echo xlt('Authenticate U2F') ?></button>
125 <input type="hidden" name="form_requests" value="<?php echo attr($requests ?? '') ?>" />
126 <input type="hidden" name="user_role" value="api">
127 </div>
128 <?php } ?>
129
130 <div class="form-group">
131 <input class="form-control" type="hidden" value="<?php echo attr($_POST['email'] ?? ''); ?>">
132 </div>
133 <div class="form-group"><!-- TODO: remove test values -->
134 <input class="form-control" type="hidden" name="username" value="<?php echo attr($_POST['username']); ?>">
135 </div>
136 <div class="form-group">
137 <input class="form-control" type="hidden" name="password" value="<?php echo attr($_POST['password']); ?>">
138 </div>
139 <input class="form-control" type="hidden" name="mfa_type" value="TOTP">
140 <?php } ?>
141 <hr />
142 <div class="row">
143 <div class="col-md-12">
144 <?php if (!empty($authorize)) { ?>
145 <div class="btn-group">
146 <button type="submit" name="proceed" value="1" class="btn btn-primary"><?php echo xlt("Authorize"); ?></button>
147 </div>
148 <?php } else { ?>
149 <div class="btn-group">
150 <?php if (empty($mfaRequired)) { ?>
151 <button type="submit" name="user_role" class="btn btn-outline-primary" value="api"><?php echo xlt("OpenEMR Login"); ?> <i class="fa fa-sign-in-alt"></i></button>
152 <?php if (!empty($patientRoleSupport)) { ?>
153 <button type="submit" name="user_role" class="btn btn-outline-info" value="portal-api"><?php echo xlt("Patient Login"); ?> <i class="fa fa-sign-in-alt"></i></button>
154 <?php } ?>
155 <?php } ?>
156 </div>
157 <div class="form-check-inline float-right">
158 <input class="form-check-input" type="checkbox" name="persist_login" id="persist_login" value="1">
159 <label for="persist_login" class="form-check-label"><?php echo xlt("Remember Me"); ?></label>
160 </div>
161 <?php } ?>
162 </div>
163 </div>
164 </form>
165 </div>
166 </div>
167 </body>
168
169 <script>
170 function doAuth() {
171 var f = document.getElementById("userLogin");
172 var requests = JSON.parse(f.form_requests.value);
173 // The server's getAuthenticateData() repeats the same challenge in all requests.
174 var challenge = requests[0].challenge;
175 var registeredKeys = new Array();
176 for (var i = 0; i < requests.length; ++i) {
177 registeredKeys[i] = {"version": requests[i].version, "keyHandle": requests[i].keyHandle};
178 }
179 u2f.sign(
180 <?php echo js_escape($appId ?? ''); ?>,
181 challenge,
182 registeredKeys,
183 function (data) {
184 if (data.errorCode && data.errorCode != 0) {
185 alert(<?php echo xlj("Key access failed with error"); ?> +' ' + data.errorCode);
186 return;
187 }
188 //hide totp input if both on used
189 if (document.getElementById('totp_token')) {
190 document.getElementById('totp_token').style.display = 'none';
191 }
192 //create new mfa_token input
193 var elInput = document.createElement('input');
194 elInput.setAttribute('type', 'hidden');
195 elInput.setAttribute('name', 'mfa_token');
196 elInput.setAttribute('value', JSON.stringify(data));
197 f.appendChild(elInput);
198 f.mfa_type.value = 'U2F';
199 f.submit();
200 },
201 60
202 );
203 }
204
205 </script>
206
207 </html>
Mirror of official OpenEMR Sourceforge repository