From 75c7c2c984f8c29bb71466e962dc4aa784bdeb41 Mon Sep 17 00:00:00 2001
From: Lucas Bartholemy <lucas.bartholemy@humhub.com>
Date: Tue, 25 Oct 2016 19:38:44 +0200
Subject: [PATCH] More flexibility for custom AuthClients; also deny automatic
 authclient registration when disabled

---
 .../modules/user/authclient/AuthAction.php    | 46 +++++++++++++++++++
 .../authclient/interfaces/ApprovalBypass.php  |  5 +-
 .../interfaces/StandaloneAuthClient.php       | 31 +++++++++++++
 .../user/controllers/AuthController.php       |  9 +++-
 4 files changed, 88 insertions(+), 3 deletions(-)
 create mode 100644 protected/humhub/modules/user/authclient/AuthAction.php
 create mode 100644 protected/humhub/modules/user/authclient/interfaces/StandaloneAuthClient.php

diff --git a/protected/humhub/modules/user/authclient/AuthAction.php b/protected/humhub/modules/user/authclient/AuthAction.php
new file mode 100644
index 0000000000..4631195511
--- /dev/null
+++ b/protected/humhub/modules/user/authclient/AuthAction.php
@@ -0,0 +1,46 @@
+<?php
+
+/**
+ * @link https://www.humhub.org/
+ * @copyright Copyright (c) 2016 HumHub GmbH & Co. KG
+ * @license https://www.humhub.com/licences
+ */
+
+namespace humhub\modules\user\authclient;
+
+use humhub\modules\user\authclient\interfaces\StandaloneAuthClient;
+
+/**
+ * Extended version of AuthAction with AuthClient support which are not handled
+ * by AuthAction directly
+ *
+ * @sicne 1.1.2
+ * @author Luke
+ */
+class AuthAction extends \yii\authclient\AuthAction
+{
+
+    /**
+     * @inheritdoc
+     * 
+     * @param StandaloneAuthClient $client
+     * @return response
+     */
+    public function auth($client)
+    {
+        if ($client instanceof StandaloneAuthClient) {
+            return $client->authAction($this);
+        }
+
+        return parent::auth($client);
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function authSuccess($client)
+    {
+        return parent::authSuccess($client);
+    }
+
+}
diff --git a/protected/humhub/modules/user/authclient/interfaces/ApprovalBypass.php b/protected/humhub/modules/user/authclient/interfaces/ApprovalBypass.php
index 2c96ca8a20..c0fa590738 100644
--- a/protected/humhub/modules/user/authclient/interfaces/ApprovalBypass.php
+++ b/protected/humhub/modules/user/authclient/interfaces/ApprovalBypass.php
@@ -9,8 +9,9 @@
 namespace humhub\modules\user\authclient\interfaces;
 
 /**
- * ApprovalBypass interface allow user approvals of an authclient
- *
+ * ApprovalBypass interface allow automatic user approvals of an authclient.
+ * If registration is disabled, users can register via this authclient anyway.
+ * 
  * @since 1.1
  * @author luke
  */
diff --git a/protected/humhub/modules/user/authclient/interfaces/StandaloneAuthClient.php b/protected/humhub/modules/user/authclient/interfaces/StandaloneAuthClient.php
new file mode 100644
index 0000000000..edb2156cbf
--- /dev/null
+++ b/protected/humhub/modules/user/authclient/interfaces/StandaloneAuthClient.php
@@ -0,0 +1,31 @@
+<?php
+
+/**
+ * @link https://www.humhub.org/
+ * @copyright Copyright (c) 2016 HumHub GmbH & Co. KG
+ * @license https://www.humhub.com/licences
+ */
+
+namespace humhub\modules\user\authclient\interfaces;
+
+use humhub\modules\user\authclient\AuthAction;
+
+/**
+ * StandaloneAuthClient allows implementation of custom authclients
+ * which not relies on auth handling by AuthAction
+ *
+ * @see \yii\authclient\AuthAction
+ * @since 1.1.2
+ * @author Luke
+ */
+interface StandaloneAuthClient
+{
+
+    /**
+     * Custom auth action implementation
+     * 
+     * @param AuthAction $authAction
+     * @return Response response instance.
+     */
+    public function authAction($authAction);
+}
diff --git a/protected/humhub/modules/user/controllers/AuthController.php b/protected/humhub/modules/user/controllers/AuthController.php
index 0d77804dfd..91e46186c4 100644
--- a/protected/humhub/modules/user/controllers/AuthController.php
+++ b/protected/humhub/modules/user/controllers/AuthController.php
@@ -11,9 +11,11 @@ namespace humhub\modules\user\controllers;
 use Yii;
 use humhub\components\Controller;
 use humhub\modules\user\models\User;
+use humhub\modules\user\authclient\AuthAction;
 use humhub\modules\user\models\Invite;
 use humhub\modules\user\models\forms\Login;
 use humhub\modules\user\authclient\AuthClientHelpers;
+use humhub\modules\user\authclient\interfaces\ApprovalBypass;
 
 /**
  * AuthController handles login and logout
@@ -43,7 +45,7 @@ class AuthController extends Controller
                 'class' => 'yii\captcha\CaptchaAction',
             ],
             'external' => [
-                'class' => 'yii\authclient\AuthAction',
+                'class' => AuthAction::className(),
                 'successCallback' => [$this, 'onAuthSuccess'],
             ],
         ];
@@ -115,6 +117,11 @@ class AuthController extends Controller
             return $this->login($user, $authClient);
         }
 
+        if (!$authClient instanceof ApprovalBypass && !Yii::$app->getModule('user')->settings->get('auth.anonymousRegistration')) {
+            Yii::$app->session->setFlash('error', Yii::t('UserModule.base', "You're not registered."));
+            return $this->redirect(['/user/auth/login']);
+        }
+
         // Check if E-Mail is given
         if (!isset($attributes['email'])) {
             Yii::$app->session->setFlash('error', "Missing E-Mail Attribute from AuthClient.");