Skip to content

Commit

Permalink
Deactivating verification
Browse files Browse the repository at this point in the history 
The user data from Arrsys are not trusted because of no verification process. Other platforms MUST verify the users via email or mobile number before connecting them.
  • Loading branch information
@slogan-15
slogan-15 committed Jan 13, 2025
1 parent 37e73c8 commit 45e2dd3
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 1 deletion.
11 changes: 11 additions & 0 deletions src/Http/Handlers/AuthenticateHandler.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,13 @@ public function handle( Request $request, Response $response ): Response {
'form_fields' => $request->getAllQueryParameters(),
);

// IMPORTANT NOTE - UKM Norge: We are not checking permissions here.
// The goal is to connect Arrsys users with users from other platforms (like delta.ukm.no).
// Since there is no verification process and users are added by other users,
// along with the use of multisite functionality and users may have different permissions across various sites,
// we do not need to check permissions.
// The user data from Arrsys are not trusted because of no verification process. Other platforms MUST verify the users via email or mobile number before connecting them.
/*
$has_permission = current_user_can( apply_filters( 'oidc_minimal_capability', OIDC_DEFAULT_MINIMAL_CAPABILITY ) );
if ( ! $has_permission ) {
login_header( 'OIDC Connect', null, new \WP_Error( 'OIDC_NO_PERMISSION', __( "You don't have permission to use OpenID Connect.", 'openid-connect-server' ) ) );
Expand All @@ -53,6 +60,10 @@ public function handle( Request $request, Response $response ): Response {
login_header( 'OIDC Connect' );
$this->render_consent_screen( $data );
}
*/
// Therefore we will always render the consent screen when the user is logged in.
login_header( 'OIDC Connect' );
$this->render_consent_screen( $data );

login_footer();

Expand Down
2 changes: 1 addition & 1 deletion src/Http/Handlers/AuthorizeHandler.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
use OpenIDConnectServer\Http\RequestHandler;
use OpenIDConnectServer\Storage\ConsentStorage;

const OIDC_DEFAULT_MINIMAL_CAPABILITY = 'edit_posts';
const OIDC_DEFAULT_MINIMAL_CAPABILITY = 'edit_posts'; // This feature is not used by UKM. Read the information in README.md for more information.

class AuthorizeHandler extends RequestHandler {
private OAuth2Server $server;
Expand Down

0 comments on commit 45e2dd3

Please sign in to comment.