1/* Part of SWISH 2 3 Author: Jan Wielemaker 4 E-mail: J.Wielemaker@cs.vu.nl 5 WWW: http://www.swi-prolog.org 6 Copyright (C): 2017, VU University Amsterdam 7 CWI Amsterdam 8 All rights reserved. 9 10 Redistribution and use in source and binary forms, with or without 11 modification, are permitted provided that the following conditions 12 are met: 13 14 1. Redistributions of source code must retain the above copyright 15 notice, this list of conditions and the following disclaimer. 16 17 2. Redistributions in binary form must reproduce the above copyright 18 notice, this list of conditions and the following disclaimer in 19 the documentation and/or other materials provided with the 20 distribution. 21 22 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25 FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26 COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 27 INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 28 BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 29 LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 30 CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 32 ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 33 POSSIBILITY OF SUCH DAMAGE. 34*/ 35 36:- module(config_auth_google, []). 37:- use_module(swish(lib/oauth2)). 38:- use_module(swish(lib/plugin/login)). 39:- use_module(library(http/http_dispatch)). 40:- use_module(library(http/http_session)). 41:- use_module(library(http/http_json)). 42:- use_module(library(http/http_path)). 43:- use_module(library(debug)). 44 45/** <module> Enable login with Google 46 47This module allows for configures _login with Google_. To enable this 48module: 49 50 1. Follow these 51 [steps](https://developers.google.com/accounts/docs/OpenIDConnect) to 52 create a Google project and get 53 54 - A client ID 55 - A client secret 56 - Register a redirect url. To test from localhost, this should be 57 `http://localhost:3050/oauth2/google/reply` 58 59 2. COPY this file to =config-enabled= 60 61 3. EDIT the following server attributes (near the end of this file) 62 - redirect_uri: the location of your swish server. 63 - client_id: the client id you obtained from Google. 64 - client_secret: the client secret you obtained from Google. 65*/ 66 67:- multifile 68 oauth2:login/3, 69 oauth2:server_attribute/3, 70 swish_config:login_item/2, % -Server, -HTML_DOM 71 swish_config:login/2, % +Server, +Request 72 swish_config:user_info/2. % +Request, ?Server, -Info 73 74:- http_set_session_options([create(noauto)]). 75 76:- http_handler(swish(logout), google_logout, []). 77 78swish_configlogin_item(google, 10-Item) :- 79 http_absolute_location(icons('social_google_box.png'), Img, []), 80 Item = img([ src(Img), 81 class('login-with'), 82 'data-server'(google), 83 'data-frame'(popup), 84 title('Login with Google') 85 ]). 86 87swish_configlogin(google, Request) :- 88 oauth2_login(Request, [server(google)]). 89 90oauth2login(_Request, google, TokenInfo) :- 91 token_info_to_user_info(TokenInfo, UserInfo), 92 debug(oauth, 'UserInfo: ~p', [UserInfo]), 93 http_open_session(_SessionID, []), 94 http_session_assert(oauth2(google, TokenInfo)), 95 reply_logged_in([ identity_provider('Google'), 96 % name(UserInfo.name), Google's 'email' scope does not include name 97 name(UserInfo.email), 98 user_info(UserInfo) 99 ]). 100 101%! google_logout(+Request) 102% 103% Logout by removing the session data 104 105google_logout(_Request) :- 106 catch(http_session_retractall(oauth2(_,_)), _, true), 107 reply_logged_out([]). 108 109%! swish_config:user_info(+Request, ?Server, -Info:dict) is semidet. 110% 111% True if Info represents describes the currently logged in user. 112 113swish_configuser_info(_Request, google, UserInfo) :- 114 http_in_session(_SessionID), 115 http_session_data(oauth2(google, TokenInfo)), 116 token_info_to_user_info(TokenInfo, UserInfo). 117 118token_info_to_user_info(TokenInfo, UserInfo) :- 119 oauth2_claim(TokenInfo, Claim), 120 map_user_info(Claim, Claim1), 121 http_link_to_id(google_logout, [], LogoutURL), 122 UserInfo = Claim1.put(_{ auth_method:oauth2, 123 logout_url:LogoutURL, 124 identity_provider:google 125 }). 126 127%! map_user_info(+OAuthInfo, -UserInfo) is det. 128% 129% u{user:User, group:Group, name:Name, email:Email} 130 131map_user_info(Dict, Dict) :- 132 debug(oauth, 'Got: ~p', [Dict]). 133 134%! oauth2:server_attribute(?ServerID, ?Attribute, ?Value) 135% 136% Declare properties of an oauth2 identity provider. The values below 137% are for a [Unity](http://www.unity-idm.eu/) server. 138% 139% @see swish(lib/oauth2) for a description of the attributes. 140 141% from https://accounts.google.com/.well-known/openid-configuration 142 143oauth2server_attribute(google, url, 144 'https://accounts.google.com'). 145oauth2server_attribute(google, redirect_uri, 146 'http://demo.logicalcontracts.com/oauth2/google/reply'). 147oauth2server_attribute(google, client_id, 148 '243112776181-v3j5l45j9qqvatemj7bm4a7g9178km1b.apps.googleusercontent.com'). 149oauth2server_attribute(google, client_secret, 150 'u3XAKeyvxG-qQSGgS5W6Fv1n'). 151oauth2server_attribute(google, scope, 152% profile). 153 email). % so we get the user email