diff --git a/core/controllers/UserController.php b/core/controllers/UserController.php index 38a6cd0c8..42630e52f 100644 --- a/core/controllers/UserController.php +++ b/core/controllers/UserController.php @@ -154,6 +154,8 @@ public function recoverpasswordAction() public function logoutAction() { session_start(); // we closed session before, must restart it to logout + $notifier = new MIDAS_Notifier(false, null); + $notifier->callback('CALLBACK_CORE_USER_LOGOUT'); $this->userSession->Dao = null; Zend_Session::ForgetMe(); $request = $this->getRequest(); @@ -1322,6 +1324,8 @@ public function deleteAction() $this->requireAdminPrivileges(); } else { // log out if user is deleting his or her own account + $notifier = new MIDAS_Notifier(false, null); + $notifier->callback('CALLBACK_CORE_USER_LOGOUT'); if (!$this->isTestingEnv()) { session_start(); $this->userSession->Dao = null; diff --git a/modules/googleauth/Notification.php b/modules/googleauth/Notification.php index 3ad40991c..970348349 100644 --- a/modules/googleauth/Notification.php +++ b/modules/googleauth/Notification.php @@ -18,11 +18,20 @@ limitations under the License. =========================================================================*/ -/** Notification manager for the googleauth module */ +/** + * Notification manager for the googleauth module. + * + * @property Googleauth_UserModel $Googleauth_User + */ class Googleauth_Notification extends MIDAS_Notification { + /** @var string */ public $moduleName = 'googleauth'; + + /** @var array */ public $_models = array('Setting', 'User', 'Userapi'); + + /** @var array */ public $_moduleModels = array('User'); /** init notification process */ @@ -31,6 +40,7 @@ public function init() $this->addCallBack('CALLBACK_CORE_LOGIN_EXTRA_HTML', 'googleAuthLink'); $this->addCallBack('CALLBACK_CORE_USER_DELETED', 'handleUserDeleted'); $this->addCallBack('CALLBACK_CORE_USER_COOKIE', 'checkUserCookie'); + $this->addCallBack('CALLBACK_CORE_USER_LOGOUT', 'handleUserLogout'); } /** @@ -38,69 +48,128 @@ public function init() * This link redirects the user to google so they can approve of the requested * oauth scopes, and in turn google will redirect them back to our callback * url with an authorization code. + * + * @return string */ public function googleAuthLink() { + $baseUrl = Zend_Controller_Front::getInstance()->getBaseUrl(); + $clientId = $this->Setting->getValueByName(GOOGLE_AUTH_CLIENT_ID_KEY, $this->moduleName); - $scheme = (array_key_exists('HTTPS', $_SERVER) && $_SERVER['HTTPS']) ? 'https://' : 'http://'; - $fc = Zend_Controller_Front::getInstance(); + $redirectUri = UtilityComponent::getServerURL().$baseUrl.'/'.$this->moduleName.'/callback'; + $additionalScopes = preg_split('/\n|\r/', $this->Setting->getValueByName(GOOGLE_AUTH_CLIENT_ADDITIONAL_SCOPES_KEY, $this->moduleName), -1, PREG_SPLIT_NO_EMPTY); /** @var RandomComponent $randomComponent */ $randomComponent = MidasLoader::loadComponent('Random'); - $csrfToken = $randomComponent->generateString(30); - $redirectUri = $scheme.$_SERVER['HTTP_HOST'].$fc->getBaseUrl().'/'.$this->moduleName.'/callback'; - $scopes = array('profile', 'email'); - - $href = 'https://accounts.google.com/o/oauth2/auth?response_type=code'.'&client_id='.urlencode( - $clientId - ).'&redirect_uri='.urlencode($redirectUri).'&scope='.urlencode( - implode( - ' ', - $scopes - ) - ).'&state='.urlencode($csrfToken); - - $userNs = new Zend_Session_Namespace('Auth_User'); - $userNs->oauthToken = $csrfToken; + $csrf = $randomComponent->generateString(32); + + $client = new Google_Client(); + $client->setAccessType('offline'); + $client->setClientId($clientId); + $client->setRedirectUri($redirectUri); + $client->setScopes(array_merge(array('email', 'profile'), $additionalScopes)); + $client->setState($csrf); + + $namespace = new Zend_Session_Namespace('Auth_User'); + $namespace->oauthToken = $csrf; session_write_close(); - return '
Or '.''.'Login with your Google account
'; + $authUrl = $client->createAuthUrl(); + + return '
Or '.''.'Login with your Google account
'; } /** * If a user is deleted, we must delete any corresponding google auth user. + * + * @param array $args */ - public function handleUserDeleted($params) + public function handleUserDeleted($args) { - $this->Googleauth_User->deleteByUser($params['userDao']); + $this->Googleauth_User->deleteByUser($args['userDao']); } - /** Check user cookie */ + /** + * Check user cookie. + * + * @param array $args + * @return false|UserDao + * @throws Zend_Exception + */ public function checkUserCookie($args) { $cookie = $args['value']; if (strpos($cookie, 'googleauth') === 0) { - list(, $userId, $apikey) = preg_split('/:/', $cookie); - $userDao = $this->User->load($userId); + list(, $userId, $apiKey) = preg_split('/:/', $cookie); - if (!$userDao) { + $userDao = $this->User->load($userId); + if ($userDao === false) { return false; } - $userapi = $this->Userapi->getByAppAndUser('Default', $userDao); - - if (!$userapi) { + $userApiDao = $this->Userapi->getByAppAndUser('Default', $userDao); + if ($userApiDao === false || md5($userApiDao->getApikey()) !== $apiKey) { return false; } - if (md5($userapi->getApikey()) === $apikey) { - return $userDao; - } else { - return false; + + /** @var Zend_Controller_Request_Http $request */ + $request = Zend_Controller_Front::getInstance()->getRequest(); + $accessToken = $request->getCookie(GOOGLE_AUTH_ACCESS_TOKEN_COOKIE_NAME, false); + + if ($accessToken !== false) { + $clientId = $this->Setting->getValueByName(GOOGLE_AUTH_CLIENT_ID_KEY, $this->moduleName); + $clientSecret = $this->Setting->getValueByName(GOOGLE_AUTH_CLIENT_SECRET_KEY, $this->moduleName); + + $client = new Google_Client(); + $client->setAccessToken($accessToken); + $client->setAccessType('offline'); + $client->setClientId($clientId); + $client->setClientSecret($clientSecret); + + if ($client->isAccessTokenExpired()) { + $refreshToken = $client->getRefreshToken(); + $client->refreshToken($refreshToken); + + $date = new DateTime(); + $interval = new DateInterval('P1M'); + setcookie( + GOOGLE_AUTH_ACCESS_TOKEN_COOKIE_NAME, + $client->getAccessToken(), + $date->add($interval)->getTimestamp(), + '/', + $request->getHttpHost(), + (int) Zend_Registry::get('configGlobal')->get('cookie_secure', 1) === 1, + true + ); + } } - } else { - return false; + + return $userDao; } + + return false; + } + + /** + * Handle the core CALLBACK_CORE_USER_LOGOUT notification. + * + * @param array $args + */ + public function handleUserLogout($args) + { + /** @var Zend_Controller_Request_Http $request */ + $request = Zend_Controller_Front::getInstance()->getRequest(); + $date = new DateTime(); + $interval = new DateInterval('P1M'); + setcookie( + GOOGLE_AUTH_ACCESS_TOKEN_COOKIE_NAME, + null, + $date->sub($interval)->getTimestamp(), + '/', + $request->getHttpHost(), + (int) Zend_Registry::get('configGlobal')->get('cookie_secure', 1) === 1, + true + ); } } diff --git a/modules/googleauth/configs/module.ini b/modules/googleauth/configs/module.ini index cef3fdf40..824f38d08 100644 --- a/modules/googleauth/configs/module.ini +++ b/modules/googleauth/configs/module.ini @@ -6,4 +6,4 @@ description = "Authenticate users using Google accounts" category = "Authentication" dependencies = api uuid = "1f331c86-b1ca-4b42-ba49-5102aed4965e" -version = "1.1.0" +version = "1.1.1" diff --git a/modules/googleauth/constant/module.php b/modules/googleauth/constant/module.php index af6ca42cc..3372d4b08 100644 --- a/modules/googleauth/constant/module.php +++ b/modules/googleauth/constant/module.php @@ -18,11 +18,13 @@ limitations under the License. =========================================================================*/ +define('GOOGLE_AUTH_ACCESS_TOKEN_COOKIE_NAME', 'wnka5bnrkmvhzybg9w8ezckrjn6hnk6awpwxtkxb'); + define('GOOGLE_AUTH_CLIENT_ID_KEY', 'client_id'); define('GOOGLE_AUTH_CLIENT_ID_DEFAULT_VALUE', ''); define('GOOGLE_AUTH_CLIENT_SECRET_KEY', 'client_secret'); define('GOOGLE_AUTH_CLIENT_SECRET_DEFAULT_VALUE', ''); -define('GOOGLE_AUTH_OAUTH2_URL', 'https://accounts.google.com/o/oauth2/token'); -define('GOOGLE_AUTH_PLUS_URL', 'https://www.googleapis.com/plus/v1/people/me'); +define('GOOGLE_AUTH_CLIENT_ADDITIONAL_SCOPES_KEY', 'additional_scopes'); +define('GOOGLE_AUTH_CLIENT_ADDITIONAL_SCOPES_DEFAULT_VALUE', ''); diff --git a/modules/googleauth/controllers/CallbackController.php b/modules/googleauth/controllers/CallbackController.php index b9e5537ee..c9ce34140 100644 --- a/modules/googleauth/controllers/CallbackController.php +++ b/modules/googleauth/controllers/CallbackController.php @@ -18,10 +18,17 @@ limitations under the License. =========================================================================*/ -/** Callback controller for the googleauth module */ +/** + * Callback controller for the googleauth module. + * + * @property Googleauth_UserModel $Googleauth_User + */ class Googleauth_CallbackController extends Googleauth_AppController { + /** @var array */ public $_models = array('Setting', 'User', 'Userapi'); + + /** @var array */ public $_moduleModels = array('User'); /** @@ -31,113 +38,70 @@ class Googleauth_CallbackController extends Googleauth_AppController */ public function indexAction() { - $this->disableLayout(); - $this->disableView(); - - $code = $this->getParam('code'); + /** @var string $state */ $state = $this->getParam('state'); if (strpos($state, ' ') !== false) { - list($csrfToken, $redirect) = preg_split('/ /', $state); + list($csrf, $url) = preg_split('/ /', $state); } else { - $redirect = null; + $csrf = false; + $url = false; } - if (!$code) { - $error = $this->getParam('error'); - throw new Zend_Exception('Failed to log in with Google OAuth: '.$error); - } + $clientId = $this->Setting->getValueByName(GOOGLE_AUTH_CLIENT_ID_KEY, $this->moduleName); + $clientSecret = $this->Setting->getValueByName(GOOGLE_AUTH_CLIENT_SECRET_KEY, $this->moduleName); + $redirectUri = UtilityComponent::getServerURL().$this->getFrontController()->getBaseUrl().'/'.$this->moduleName.'/callback'; - $info = $this->_getUserInfo($code); + $client = new Google_Client(); + $client->setAccessType('offline'); + $client->setClientId($clientId); + $client->setClientSecret($clientSecret); + $client->setRedirectUri($redirectUri); - $user = $this->_createOrGetUser($info); + /** @var string $code */ + $code = $this->getParam('code'); + $client->authenticate($code); + $userDao = $this->_createOrGetUser($client); session_start(); - $this->userSession->Dao = $user; + $this->userSession->Dao = $userDao; - $userNs = new Zend_Session_Namespace('Auth_User'); - $sessionToken = $userNs->oauthToken; + $namespace = new Zend_Session_Namespace('Auth_User'); + $token = $namespace->oauthToken; session_write_close(); - if ($redirect && $csrfToken === $sessionToken) { - $this->redirect($redirect); + $this->disableLayout(); + $this->disableView(); + + if ($url !== false && $csrf === $token) { + $this->redirect($url); } else { $this->redirect('/'); } } /** - * Use the authorization code to get an access token, then use that access - * token to request the user's email and profile info. Returns the necessary - * user info in an array. + * Create or return a user. + * + * @param Google_Client $client + * @return false|UserDao + * @throws Zend_Exception */ - protected function _getUserInfo($code) + protected function _createOrGetUser($client) { - $clientId = $this->Setting->getValueByName(GOOGLE_AUTH_CLIENT_ID_KEY, $this->moduleName); - $clientSecret = $this->Setting->getValueByName(GOOGLE_AUTH_CLIENT_SECRET_KEY, $this->moduleName); - $scheme = (array_key_exists('HTTPS', $_SERVER) && $_SERVER['HTTPS']) ? 'https://' : 'http://'; - $redirectUri = $scheme.$_SERVER['HTTP_HOST'].Zend_Controller_Front::getInstance()->getBaseUrl( - ).'/'.$this->moduleName.'/callback'; - $headers = "Content-Type: application/x-www-form-urlencoded;charset=UTF-8\r\nConnection: Keep-Alive"; - $content = implode( - '&', - array( - 'grant_type=authorization_code', - 'code='.$code, - 'client_id='.$clientId, - 'client_secret='.$clientSecret, - 'redirect_uri='.$redirectUri, - ) - ); - - // Make the request for the access token. - $context = array('http' => array('method' => 'POST', 'header' => $headers, 'content' => $content)); - $context = stream_context_create($context); - $response = file_get_contents(GOOGLE_AUTH_OAUTH2_URL, false, $context); - - if ($response === false) { - throw new Zend_Exception('Access token request failed.'); - } - - $response = json_decode($response); - $accessToken = $response->access_token; - $tokenType = $response->token_type; - - // Use the access token to request info about the user. - $headers = 'Authorization: '.$tokenType.' '.$accessToken; - $context = array('http' => array('header' => $headers)); - $context = stream_context_create($context); - $params = 'fields=emails/value,id,name(familyName,givenName)'; - $response = file_get_contents(GOOGLE_AUTH_PLUS_URL.'?'.urlencode($params), false, $context); - - if ($response === false) { - throw new Zend_Exception('Get Google user info request failed.'); - } - - $response = json_decode($response); - - if (isset($response->error)) { - throw new Zend_Exception('Get Google user info request failed.'); - } - - // Extract the relevant user information from the response. - return array( - 'googlePersonId' => $response->id, - 'firstName' => $response->name->givenName, - 'lastName' => $response->name->familyName, - 'email' => strtolower($response->emails[0]->value), - ); - } - - /** Create or return a user */ - protected function _createOrGetUser($info) - { - $personId = $info['googlePersonId']; - $existing = $this->Googleauth_User->getByGooglePersonId($personId); - - if (!$existing) { - $user = $this->User->getByEmail($info['email']); - if (!$user) { + $plus = new Google_Service_Plus($client); + + /** @var Google_Service_Plus_Person $person */ + $me = $plus->people->get('me'); + $personId = $me['id']; + $googleAuthUserDao = $this->Googleauth_User->getByGooglePersonId($personId); + $givenName = $me['name']['givenName']; + $familyName = $me['name']['familyName']; + $email = strtolower($me['emails'][0]['value']); + + if ($googleAuthUserDao === false) { + $userDao = $this->User->getByEmail($email); + if ($userDao === false) { // Only create new user this way if registration is not closed. $closeRegistration = (int) $this->Setting->getValueByNameWithDefault('close_registration', 1); if ($closeRegistration === 1) { @@ -145,35 +109,46 @@ protected function _createOrGetUser($info) 'Access to this instance is by invitation only, please contact an administrator.' ); } - $user = $this->User->createUser($info['email'], null, $info['firstName'], $info['lastName'], 0, ''); + $userDao = $this->User->createUser($email, null, $givenName, $familyName, 0, ''); } else { - $user->setFirstname($info['firstName']); - $user->setLastname($info['lastName']); - $this->User->save($user); + $userDao->setFirstname($givenName); + $userDao->setLastname($familyName); + $this->User->save($userDao); } - - $this->Googleauth_User->createGoogleUser($user, $personId); + $this->Googleauth_User->createGoogleUser($userDao, $personId); } else { - $user = $this->User->load($existing->getUserId()); - $user->setFirstname($info['firstName']); - $user->setLastname($info['lastName']); - $this->User->save($user); + $userDao = $this->User->load($googleAuthUserDao->getUserId()); + $userDao->setFirstname($givenName); + $userDao->setLastname($familyName); + $this->User->save($userDao); } + $userApi = $this->Userapi->getByAppAndUser('Default', $userDao); - $userapi = $this->Userapi->getByAppAndUser('Default', $user); + /** @var Zend_Controller_Request_Http $request */ $request = $this->getRequest(); + $date = new DateTime(); $interval = new DateInterval('P1M'); + $expires = $date->add($interval)->getTimestamp(); setcookie( MIDAS_USER_COOKIE_NAME, - 'googleauth:'.$user->getKey().':'.md5($userapi->getApikey()), - $date->add($interval)->getTimestamp(), + 'googleauth:'.$userDao->getUserId().':'.md5($userApi->getApikey().':'), + $expires, + '/', + $request->getHttpHost(), + (int) Zend_Registry::get('configGlobal')->get('cookie_secure', 1) === 1, + true + ); + setcookie( + GOOGLE_AUTH_ACCESS_TOKEN_COOKIE_NAME, + $client->getAccessToken(), + $expires, '/', $request->getHttpHost(), (int) Zend_Registry::get('configGlobal')->get('cookie_secure', 1) === 1, true ); - return $user; + return $userDao; } } diff --git a/modules/googleauth/database/InstallScript.php b/modules/googleauth/database/InstallScript.php index 927e3dc24..4aded345a 100644 --- a/modules/googleauth/database/InstallScript.php +++ b/modules/googleauth/database/InstallScript.php @@ -33,5 +33,6 @@ public function postInstall() $settingModel = MidasLoader::loadModel('Setting'); $settingModel->setConfig(GOOGLE_AUTH_CLIENT_ID_KEY, GOOGLE_AUTH_CLIENT_ID_DEFAULT_VALUE, $this->moduleName); $settingModel->setConfig(GOOGLE_AUTH_CLIENT_SECRET_KEY, GOOGLE_AUTH_CLIENT_SECRET_DEFAULT_VALUE, $this->moduleName); + $settingModel->setConfig(GOOGLE_AUTH_CLIENT_ADDITIONAL_SCOPES_KEY, GOOGLE_AUTH_CLIENT_ADDITIONAL_SCOPES_DEFAULT_VALUE, $this->moduleName); } } diff --git a/modules/googleauth/database/mysql/1.1.0.sql b/modules/googleauth/database/mysql/1.1.1.sql similarity index 100% rename from modules/googleauth/database/mysql/1.1.0.sql rename to modules/googleauth/database/mysql/1.1.1.sql diff --git a/modules/googleauth/database/pgsql/1.1.0.sql b/modules/googleauth/database/pgsql/1.1.1.sql similarity index 100% rename from modules/googleauth/database/pgsql/1.1.0.sql rename to modules/googleauth/database/pgsql/1.1.1.sql diff --git a/modules/googleauth/database/sqlite/1.1.0.sql b/modules/googleauth/database/sqlite/1.1.1.sql similarity index 100% rename from modules/googleauth/database/sqlite/1.1.0.sql rename to modules/googleauth/database/sqlite/1.1.1.sql diff --git a/modules/googleauth/database/upgrade/1.1.0.php b/modules/googleauth/database/upgrade/1.1.1.php similarity index 72% rename from modules/googleauth/database/upgrade/1.1.0.php rename to modules/googleauth/database/upgrade/1.1.1.php index ed85de59a..6e557a985 100644 --- a/modules/googleauth/database/upgrade/1.1.0.php +++ b/modules/googleauth/database/upgrade/1.1.1.php @@ -18,16 +18,14 @@ limitations under the License. =========================================================================*/ -/** Upgrade the googleauth module to version 1.1.0. */ -class Googleauth_Upgrade_1_1_0 extends MIDASUpgrade +/** Upgrade the googleauth module to version 1.1.1. */ +class Googleauth_Upgrade_1_1_1 extends MIDASUpgrade { - /** Pre database upgrade. */ - public function preUpgrade() - { - } - /** Post database upgrade. */ public function postUpgrade() { + /** @var SettingModel $settingModel */ + $settingModel = MidasLoader::loadModel('Setting'); + $settingModel->setConfig(GOOGLE_AUTH_CLIENT_ADDITIONAL_SCOPES_KEY, GOOGLE_AUTH_CLIENT_ADDITIONAL_SCOPES_DEFAULT_VALUE, $this->moduleName); } } diff --git a/modules/googleauth/forms/Admin.php b/modules/googleauth/forms/Admin.php index e96c52384..e1e85ca65 100644 --- a/modules/googleauth/forms/Admin.php +++ b/modules/googleauth/forms/Admin.php @@ -41,11 +41,17 @@ public function init() $clientSecret->setRequired(true); $clientSecret->addValidator('NotEmpty', true); - $this->addDisplayGroup(array($clientId, $clientSecret), 'global'); + $additionalScopes = new Zend_Form_Element_Textarea(GOOGLE_AUTH_CLIENT_ADDITIONAL_SCOPES_KEY); + $additionalScopes->setLabel('Additional Scopes (One per Line)'); + $additionalScopes->addValidator('NotEmpty', true); + $additionalScopes->setAttrib('cols', '80'); + $additionalScopes->setAttrib('rows', '4'); + + $this->addDisplayGroup(array($clientId, $clientSecret, $additionalScopes), 'global'); $submit = new Zend_Form_Element_Submit('submit'); $submit->setLabel('Save'); - $this->addElements(array($csrf, $clientId, $clientSecret, $submit)); + $this->addElements(array($csrf, $clientId, $clientSecret, $additionalScopes, $submit)); } } diff --git a/modules/googleauth/models/base/UserModelBase.php b/modules/googleauth/models/base/UserModelBase.php index 299fbc499..7f8776c65 100644 --- a/modules/googleauth/models/base/UserModelBase.php +++ b/modules/googleauth/models/base/UserModelBase.php @@ -19,12 +19,14 @@ =========================================================================*/ /** + * Google user base model for the googleauth module. + * * We must store the fact that a given user record represents a user who has - * authenticated via Google Oauth, so we use this model to store that info. + * authenticated via Google OAuth, so we use this model to store that info. */ abstract class Googleauth_UserModelBase extends Googleauth_AppModel { - /** constructor */ + /** Constructor. */ public function __construct() { parent::__construct(); @@ -45,28 +47,38 @@ public function __construct() $this->initialize(); // required } - /** Get by Google person id */ - abstract public function getByGooglePersonId($pid); + /** + * Retrieve a Google user DAO with the given Google person id, or false if + * no such user exists. + * + * @param string $googlePersonId Google person id to check + * @return false|Googleauth_UserDao Google user DAO + */ + abstract public function getByGooglePersonId($googlePersonId); - /** Delete by user */ + /** + * Delete this to wipe the link between a Google user and a core user + * record. Must call when a core user record is being deleted. + * + * @param UserDao $userDao User DAO + */ abstract public function deleteByUser($userDao); /** - * Create a new record of a user who authenticates via google auth. + * Create a new record of a user who authenticates via Google OAuth. * - * @param $user The user dao representing this user's information - * @param $googlePersonId The unique identifier value for the google user - * @return The created googleauth_user dao. + * @param UserDao $user User DAO representing this user's information + * @param int $googlePersonId Unique identifier value for the Google user + * @return Googleauth_UserDao Created Google user DAO */ public function createGoogleUser($user, $googlePersonId) { - /** @var Googleauth_UserDao $guserDao */ - $guserDao = MidasLoader::newDao('UserDao', 'googleauth'); - $guserDao->setUserId($user->getKey()); - $guserDao->setGooglePersonId($googlePersonId); - - $this->save($guserDao); + /** @var Googleauth_UserDao $googleAuthUserDao */ + $googleAuthUserDao = MidasLoader::newDao('UserDao', 'googleauth'); + $googleAuthUserDao->setUserId($user->getKey()); + $googleAuthUserDao->setGooglePersonId($googlePersonId); + $this->save($googleAuthUserDao); - return $guserDao; + return $googleAuthUserDao; } } diff --git a/modules/googleauth/models/dao/UserDao.php b/modules/googleauth/models/dao/UserDao.php index 1804a1a87..46cea6b6f 100644 --- a/modules/googleauth/models/dao/UserDao.php +++ b/modules/googleauth/models/dao/UserDao.php @@ -18,9 +18,23 @@ limitations under the License. =========================================================================*/ -/** DAO for the googleauth_user model */ +/** + * Google user DAO for the googleauth module. + * + * @method int getGoogleauthUserId() + * @method void setGoogleauthUserId(int $googleauthUserId) + * @method int getUserId() + * @method void setUserId(int $userId) + * @method int getGooglePersonId() + * @method void setGooglePersonId(int $googlePersonId) + * @method UserDao getUser() + * @method void setUser(UserDao $user) + */ class Googleauth_UserDao extends AppDao { + /** @var string */ public $_model = 'User'; + + /** @var string */ public $_module = 'googleauth'; } diff --git a/modules/googleauth/models/pdo/UserModel.php b/modules/googleauth/models/pdo/UserModel.php index 490afc2f0..123fb6b3c 100644 --- a/modules/googleauth/models/pdo/UserModel.php +++ b/modules/googleauth/models/pdo/UserModel.php @@ -20,33 +20,32 @@ require_once BASE_PATH.'/modules/googleauth/models/base/UserModelBase.php'; -/** pdo model implementation */ +/** Google user model for the googleauth module. */ class Googleauth_UserModel extends Googleauth_UserModelBase { /** - * Retrieve a DAO with the given google person ID, or false if no such user - * exists. + * Retrieve a Google user DAO with the given Google person id, or false if + * no such user exists. * - * @param string $pid The google person ID to check. - * @return false|Googleauth_UserDao - * @throws Zend_Exception + * @param string $googlePersonId Google person id to check + * @return false|Googleauth_UserDao Google user DAO */ - public function getByGooglePersonId($pid) + public function getByGooglePersonId($googlePersonId) { - $sql = $this->database->select()->where('google_person_id = ?', $pid); + $sql = $this->database->select()->where('google_person_id = ?', $googlePersonId); $row = $this->database->fetchRow($sql); return $this->initDao('User', $row, 'googleauth'); } /** - * Delete this to wipe the link between a google OAuth user and a core user + * Delete this to wipe the link between a Google user and a core user * record. Must call when a core user record is being deleted. * - * @param UserDao $userDao The core user dao. + * @param UserDao $userDao User DAO */ public function deleteByUser($userDao) { - $this->database->getDB()->delete('googleauth_user', 'user_id = '.$userDao->getKey()); + $this->database->getDB()->delete('googleauth_user', 'user_id = '.$userDao->getUserId()); } }