From c2c7af38a520b867fecdc1316612611d231cdaae Mon Sep 17 00:00:00 2001 From: Mark Wane Date: Wed, 17 Jul 2024 19:50:39 +0100 Subject: [PATCH] Added support for multiple users --- index.php | 36 ++++++++++++++++++++++++------------ 1 file changed, 24 insertions(+), 12 deletions(-) diff --git a/index.php b/index.php index 9a4a22f..e05ed8b 100644 --- a/index.php +++ b/index.php @@ -1,5 +1,5 @@ USER_URL); - $code_parts = explode(':', $code, 3); + $response = array('me' => USER_URLS[$user]); + $accept_header = $_SERVER['HTTP_ACCEPT'] ?: '*/*'; - if ( '' !== $code_parts[2] ) { - $response['scope'] = base64_url_decode($code_parts[2]); + if ( '' !== $suffix_parts[1] ) { + $response['scope'] = $suffix_parts[1]; } $json = get_q_value('application/json', $accept_header); @@ -52,13 +62,14 @@ if ( ! is_null($code) ){ // No code submitted, // Check login -if ( is_null($_SERVER["REMOTE_USER"]) ) { +$user = $_SERVER["REMOTE_USER"]; +if ( is_null($user) ) { $error = 'Not logged in. Login on the SSO portal'; http_response_code(403); include 'form.php'; die(); -} elseif ( USER_NAME !== $_SERVER["REMOTE_USER"] ){ - $error = 'This system is for ' . USER_NAME . ' only.'; +} elseif ( ! array_key_exists( $user, USER_URLS ) ){ + $error = 'Account not provisioned'; http_response_code(403); include 'form.php'; die(); @@ -108,7 +119,8 @@ if ( ! is_null($csrf_code) ) { $scope = implode( ' ', $scope ); } - $code = create_signed_code( APP_KEY, USER_URL . $redirect_uri . $client_id, 5 * 60, $scope ); + $suffix = $user . ':' . $scope; + $code = create_signed_code( APP_KEY, $user . $redirect_uri . $client_id, 5 * 60, $suffix ); $final_redir = $redirect_uri; if ( strpos($redirect_uri, '?') === false ) { @@ -119,7 +131,7 @@ if ( ! is_null($csrf_code) ) { $parameters = array( 'code' => $code, - 'me' => USER_URL + 'me' => USER_URLS[$user] ); if ( ! is_null($state) ) { $parameters['state'] = $state;