RedKingOne Posted July 7, 2023 Report Posted July 7, 2023 Would it be possible to integrate the VATSIM single sign-on (vatsim connect) with phpVMS? I am building my VA to operate solely on the VATSIM network, and since we already have the capability to store the VATSIM CID and use it to direct members to the stats area. I think it would be great if we can also use it for the actual member account. Quote
swaluver480 Posted July 8, 2023 Report Posted July 8, 2023 I would think you would need to go into multiple files and make changes. KiloSierraCharlie / VATSIM-SSO Quote
swaluver480 Posted July 8, 2023 Report Posted July 8, 2023 (edited) after some research through multiple forms and talking to some other VA owners on discord (since im interested in this too) looks like youll have to do some extensive work. first youll need to navigate to app/Http/Controllers/Auth/LoginController.php and make the necessary changes use VATSIMSSO\VATSIMSSO; use VATSIMSSO\Auth\Token; use VATSIMSSO\Auth\User; then it looks like youll have to navigate (i belive in that same file) and find handleProviderCallback() code this is where i got told youll have to make a php code below it that verifies the incoming request, gets the Users access token, and details, and logins the user. (have no idea without recreating it what that code will be) then navigate to routes/web.php there add in the vatsim sso callback Route::get('/auth/vatsim/callback', 'App\Http\Controllers\Auth\LoginController@handleProviderCallback'); youll also probably will need to modify the config file and a few more but he told me thats a start as he didnt go all the way through becuase he gained the info needed for what his needs were. i hope this helps you out Edited July 8, 2023 by swaluver480 Quote
swaluver480 Posted July 8, 2023 Report Posted July 8, 2023 I also could see another option would be to create a API that would log you in and then redirect you. That would be a lot easier if you have the necessary information that goes with it. Quote
DisposableHero Posted July 8, 2023 Report Posted July 8, 2023 (edited) What will be the benefit of this effort ? Are you willing to automatically create the v7 user with data provided by VATSIM (like name, mail, VATSIM CID etc.) or just willing to use it for login/authentication ? If this will be used for authentication only, what is the difference between using your username and password compared to VATSIM CID and password ? If you are wishing to create the user record, is VATSIM returning all necessary data for you to create a user record when someone signs in within their system ? There can be more questions regarding this, but the main one is at the top Good luck and God speed Edited July 8, 2023 by DisposableHero Quote
swaluver480 Posted July 8, 2023 Report Posted July 8, 2023 3 hours ago, DisposableHero said: What will be the benefit of this effort ? Are you willing to automatically create the v7 user with data provided by VATSIM (like name, mail, VATSIM CID etc.) or just willing to use it for login/authentication ? If this will be used for authentication only, what is the difference between using your username and password compared to VATSIM CID and password ? If you are wishing to create the user record, is VATSIM returning all necessary data for you to create a user record when someone signs in within their system ? There can be more questions regarding this, but the main one is at the top Good luck and God speed it sounds to me like how swavirtual.com isl, where you have to be a member of vatsim in order to join but adding in to login in using vatsim SSO as well. Quote
RedKingOne Posted July 9, 2023 Author Report Posted July 9, 2023 6 hours ago, DisposableHero said: What will be the benefit of this effort ? Are you willing to automatically create the v7 user with data provided by VATSIM (like name, mail, VATSIM CID etc.) or just willing to use it for login/authentication ? If this will be used for authentication only, what is the difference between using your username and password compared to VATSIM CID and password ? If you are wishing to create the user record, is VATSIM returning all necessary data for you to create a user record when someone signs in within their system ? There can be more questions regarding this, but the main one is at the top Good luck and God speed Correct. I want users to be able to register via the vatsim sso with all of their relevant data pulled from vatsim and used to create the user account. This will validate the user is in good standing with the network and provide us with accurate info while allowing the user to use one account for all of it. In turn, if a user gets banned or suspended on the network, that status will reflect with us since they won't be able to use the sso to access their account. A great way to provide automatic checks and balances between our pilot roster and the vatsim network. Quote
DisposableHero Posted July 9, 2023 Report Posted July 9, 2023 @RedKingOne this can happen only if "vatsim sso" provides you all relevant data needed for user creation, at minimum you will need full name, email and a password for the person. You can auto assign some values to other required fields, also you will need to somehow bypass (disable) or find a way to be sure captcha checks during registration. Still will be tricky and if "vatsim sso" returns minimal data then it will be impossible to create a user directly. In this case, what you can do is a vatsim membership check before reaching your registration form, at least you will be sure that person has an active account on the network during that exact moment. To be honest, I think only benefit of this implementation will be the network status check (banned/suspended/inactive etc.) for administrative purposes. Good luck Quote
RedKingOne Posted July 9, 2023 Author Report Posted July 9, 2023 (edited) 6 hours ago, DisposableHero said: @RedKingOne this can happen only if "vatsim sso" provides you all relevant data needed for user creation, at minimum you will need full name, email and a password for the person. You can auto assign some values to other required fields, also you will need to somehow bypass (disable) or find a way to be sure captcha checks during registration. Still will be tricky and if "vatsim sso" returns minimal data then it will be impossible to create a user directly. In this case, what you can do is a vatsim membership check before reaching your registration form, at least you will be sure that person has an active account on the network during that exact moment. To be honest, I think only benefit of this implementation will be the network status check (banned/suspended/inactive etc.) for administrative purposes. Good luck If I want to know anything about anyone on VATSIM I can look up the CID in the stats page or I can look up the CID via the direct feed. For example, if I look myself up I would go to https://api.vatsim.net/api/ratings/1289149/ and I would get back id: "1289149" rating: 10 pilotrating: 0 militaryrating: 0 susp_date: null reg_date: "2014-04-22T20:09:18" region: "AMAS" division: "CAR" subdivision: "SDO" lastratingchange: "2021-04-06T23:12:47" In reality, VATSIM also stores more data that can be pulled and validated via the API. It also includes: VATSIM Registered Email VATSIM Registered First Name VATSIM Registered Last Name VATSIM Registered Country Code VATSIM Registered Country Name With the exception of Hub selection, The pilot would not need to add anything. All the relevant data would be pulled through the API. Edited July 9, 2023 by RedKingOne spelling Quote
RedKingOne Posted July 9, 2023 Author Report Posted July 9, 2023 The following is a section of the code used on a custom WordPress plugin to create a user account. Although I can read the file and make slight modifications to it; I have no clue how to apply the principles used here to phpVMS. Quote <?php //=========================================// // VATSIM CONNECT FUNCTIONS //=========================================// function vatsimConnect(){ //require_once("vatsim_connect_functions.php"); require_once("vendor/autoload.php"); // Required for VATSIM Connect $clientID = get_option('vatsim_connect_client_id'); // VATSIM Connect Client ID $clientSecret = get_option('vatsim_connect_client_secret'); // VATSIM Connect Client Secret $scopes = get_option('vatsim_connect_scopes'); // VATSIM Connect Scopes $redirectURL = get_option('vatsim_connect_redirect_url'); // VATSIM Connect Redirect URL // Required for Plugin $loginDeniedURL = get_option('vatsim_connect_login_denied_url'); // LOCAL Redirect URL Login Denied $logoutURL = get_option('vatsim_connect_logout_url'); // LOCAL Redirect URL Logout Message $urlAuthorize = 'https://auth.vatsim.net/oauth/authorize'; // VATSIM Authorize URL $urlAccessToken = 'https://auth.vatsim.net/oauth/token'; // VATSIM Token URL $urlResourceOwnerDetails = 'https://auth.vatsim.net/api/user'; // VATSIM User Details URL // Create Provider with VATSIM Connect Details $provider = new \League\OAuth2\Client\Provider\GenericProvider([ 'clientId' => $clientID, 'clientSecret' => $clientSecret, 'redirectUri' => $redirectURL, 'urlAuthorize' => $urlAuthorize, 'urlAccessToken' => $urlAccessToken, 'urlResourceOwnerDetails' => $urlResourceOwnerDetails, 'scopes' => $scopes ]); // Check if login / logout request is found in URI if(isset($_GET['vatsim_connect'])){ $code = $_GET['vatsim_connect']; if($code == 'logout'){ wp_logout(); header('Location: ' . $logoutURL); exit(); }elseif($code == 'login'){ $authorizationURL = $provider->getAuthorizationUrl(); $_SESSION['oauth2state'] = $provider->getState(); header('Location: ' . $authorizationURL); exit(); } } // Check if VATSIM Connect code is found in URI & user is not logged in yet if(isset($_GET['code']) && (!is_user_logged_in())){ // Check if session state against previously stored one to mitigate CSRF attack if(empty($_GET['state']) || (isset($_SESSION['oauth2state']) && $_GET['state'] !== $_SESSION['oauth2state'])){ if (isset($_SESSION['oauth2state'])){ unset($_SESSION['oauth2state']); } exit('Invalid state'); } else { try{ // Try to get an access token using the authorization code grant. $accessToken = $provider->getAccessToken('authorization_code', [ 'code' => $_GET['code'] ]); // Fetch Token Data $vatsimAccessToken = $accessToken->getToken(); $vatsimRefreshToken = $accessToken->getRefreshToken(); $vatsimTokenExpireDate = $accessToken->getExpires(); $vatsimIsTokenExpired = $accessToken->hasExpired(); // Using the access token, we may look up details about the resource owner. $resourceOwner = $provider->getResourceOwner($accessToken); // Fetch VATSIM data from resource owner $userData = $resourceOwner->toArray(); $vatsimEmail = $userData['data']['personal']['email']; // VATSIM Registered Email $vatsimCID = $userData['data']['cid']; // VATSIM CID $vatsimNameFirst = $userData['data']['personal']['name_first']; // VATSIM Registered First Name $vatsimNameLast = $userData['data']['personal']['name_last']; // VATSIM Registered Last Name $vatsimCountryCode = $userData['data']['personal']['country']['id']; // VATSIM Registered Country Code $vatsimCountryName = $userData['data']['personal']['country']['name']; // VATSIM Registered Country Name $vatsimRatingID = $userData['data']['vatsim']['rating']['id']; // VATSIM ATC Rating ID $vatsimRatingShort = $userData['data']['vatsim']['rating']['short']; // VATSIM ATC Rating Short $vatsimRatingLong = $userData['data']['vatsim']['rating']['long']; // VATSIM ATC Rating Long $vatsimRegionName = $userData['data']['vatsim']['region']['name']; // VATSIM Region Name $vatsimRegionID = $userData['data']['vatsim']['region']['id']; // VATSIM Region ID $vatsimDivisionName = $userData['data']['vatsim']['division']['name']; // VATSIM Division Name $vatsimDivisionID = $userData['data']['vatsim']['division']['id']; // VATSIM Division ID $vatsimSubDivisionName = $userData['data']['vatsim']['subdivision']['name']; // VATSIM SubDivision Name $vatsimSubDivisionID = $userData['data']['vatsim']['subdivision']['id']; // VATSIM SubDivision ID $vatsimToken = $userData['data']['oauth']['token_valid']; // VATSIM Oauth Token Valid Boolean // Check if correct scopes have been approved for login / registration if(!$vatsimToken && !$vatsimNameFirst && !$vatsimNameLast && !$vatsimEmail){ wp_redirect($loginDeniedURL); exit(); } // Check if user with VATSIM CID already in WP User database $isUser = get_user_by('login',$vatsimCID); // Update WP User if($isUser){ $userData = array( 'ID' => $isUser->ID, 'user_login' => $vatsimCID, 'user_email' => $vatsimEmail, 'display_name' => $vatsimNameFirst . ' ' . $vatsimNameLast, 'nickname' => $vatsimNameFirst . ' ' . $vatsimNameLast, 'first_name' => $vatsimNameFirst, 'last_name' => $vatsimNameLast, 'show_admin_bar_front' => 'false' ); $userID = wp_insert_user($userData) ; if (!is_wp_error($userID)){ // Create array of VATSIM Data $vatsimData = array( 'vatsim_country_code' => $vatsimCountryCode, 'vatsim_country_name' => $vatsimCountryName, 'vatsim_atc_rating_id' => $vatsimRatingID, 'vatsim_atc_rating_short' => $vatsimRatingShort, 'vatsim_atc_rating_long' => $vatsimRatingLong, 'vatsim_region_name' => $vatsimRegionName, 'vatsim_region_id' => $vatsimRegionID, 'vatsim_division_name' => $vatsimDivisionName, 'vatsim_division_id' => $vatsimDivisionID, 'vatsim_sub_division_name' => $vatsimSubDivisionName, 'vatsim_sub_division_id' => $vatsimSubDivisionID ); // Loop through VATSIM Data and update WP User Meta database foreach($vatsimData as $k => $v){ update_user_meta($userID, $k, $v ); } //Login User vatsimConnectLogin($vatsimCID); }else{ $errorString = $userID->get_error_message(); //echo $errorString; } // Create New WP User }else{ $userData = array( 'user_pass' => NULL, 'user_login' => $vatsimCID, 'user_email' => $vatsimEmail, 'display_name' => $vatsimNameFirst . ' ' . $vatsimNameLast, 'nickname' => $vatsimNameFirst . ' ' . $vatsimNameLast, 'first_name' => $vatsimNameFirst, 'last_name' => $vatsimNameLast, 'show_admin_bar_front' => 'false' ); $userID = wp_insert_user($userData) ; if (!is_wp_error($userID)){ // Create array of VATSIM Data $vatsimData = array( 'vatsim_country_code' => $vatsimCountryCode, 'vatsim_country_name' => $vatsimCountryName, 'vatsim_atc_rating_id' => $vatsimRatingID, 'vatsim_atc_rating_short' => $vatsimRatingShort, 'vatsim_atc_rating_long' => $vatsimRatingLong, 'vatsim_region_name' => $vatsimRegionName, 'vatsim_region_id' => $vatsimRegionID, 'vatsim_division_name' => $vatsimDivisionName, 'vatsim_division_id' => $vatsimDivisionID, 'vatsim_sub_division_name' => $vatsimSubDivisionName, 'vatsim_sub_division_id' => $vatsimSubDivisionID ); // Loop through VATSIM Data and insert into WP User Meta database foreach($vatsimData as $k => $v){ update_user_meta($userID, $k, $v ); } //Login User vatsimConnectLogin($vatsimCID); }else{ $errorString = $userID->get_error_message(); //echo $errorString; } } } catch (\League\OAuth2\Client\Provider\Exception\IdentityProviderException $e) { // Failed to get the access token or user details. //echo "Error: "; //exit($e->getMessage()); } } } } add_action('init','vatsimConnect'); //User Login with VATSIM CID function vatsimConnectLogin($vatsimCID){ $user = get_user_by('login',$vatsimCID); if(!is_wp_error($user)) { // Set Cookies for Login wp_clear_auth_cookie(); wp_set_current_user($user->ID); wp_set_auth_cookie($user->ID); // Redirect back to selected URL $redirect = get_option('vatsim_connect_redirect_url'); wp_safe_redirect($redirect); exit(); } } //=========================================// // UPDATE USER DATA EVERY 24H BASED ON VATSIM API //=========================================// function vatsimUpdateUserData(){ //Get list of all Ratings $dataFeed = json_decode(file_get_contents("https://data.vatsim.net/v3/vatsim-data.json")); //Get list of all Regions $regionsData = json_decode(file_get_contents("https://api.vatsim.net/api/regions/")); //Get list of all Divisions $divisionsData = json_decode(file_get_contents("https://api.vatsim.net/api/divisions/")); //Get list of all SubDivisions $SubDivisionsData = json_decode(file_get_contents("https://api.vatsim.net/api/subdivisions/")); //Get all Users $users = get_users(); foreach($users as $user){ $userID = $user->ID; $vatsimCID = $user->user_login; if(is_numeric($vatsimCID)){ //Fetch Latest Data from Public API $updatedData = json_decode(file_get_contents("https://api.vatsim.net/api/ratings/$vatsimCID/")); if($updatedData){ $vatsimRatingID = $updatedData->rating; // VATSIM ATC Rating ID $vatsimRatingShort = "Not Found"; $vatsimRatingLong = "Not Found"; foreach($dataFeed->ratings as $rating){ if($vatsimRatingID == $rating->id){ $vatsimRatingShort = $rating->short; $vatsimRatingLong = $rating->long; } } $vatsimRegionID = $updatedData->region; // VATSIM Region ID $vatsimRegionName = "-"; foreach($regionsData as $region){ if($vatsimRegionID == $region->id){ $vatsimRegionName = $region->name; } } $vatsimDivisionID = $updatedData->division; // VATSIM Division ID $vatsimDivisionName = "-"; foreach($divisionsData as $division){ if($vatsimDivisionID == $division->id){ $vatsimDivisionName = $division->name; } } $vatsimSubDivisionID = $updatedData->subdivision; // VATSIM SubDivision ID $vatsimSubDivisionName = "-"; foreach($SubDivisionsData as $subDivision){ if($vatsimSubDivisionID == $subDivision->code){ $vatsimSubDivisionName = $subDivision->fullname; } } // Create array of VATSIM Data $vatsimData = array( 'vatsim_atc_rating_id' => $vatsimRatingID, 'vatsim_atc_rating_short' => $vatsimRatingShort, 'vatsim_atc_rating_long' => $vatsimRatingLong, 'vatsim_region_name' => $vatsimRegionName, 'vatsim_region_id' => $vatsimRegionID, 'vatsim_division_name' => $vatsimDivisionName, 'vatsim_division_id' => $vatsimDivisionID, 'vatsim_sub_division_name' => $vatsimSubDivisionName, 'vatsim_sub_division_id' => $vatsimSubDivisionID ); // Loop through VATSIM Data and update WP User Meta database foreach($vatsimData as $k => $v){ update_user_meta($userID, $k, $v ); } } } } } add_action('vatsim_update_users_data_cron','vatsimUpdateUserData'); //=========================================// // RESTRICT NON-ADMIN PROFILE EDITING //=========================================// function vatsimStopProfileAccess() { if(get_option('vatsim_connect_disable_profile_access') == 1){ if(!current_user_can('manage_options')){ remove_menu_page( 'profile.php' ); remove_submenu_page( 'users.php', 'profile.php' ); if(defined('IS_PROFILE_PAGE')){ if(IS_PROFILE_PAGE === true) { wp_die( 'To change your VATSIM profile information visit https://www.vatsim.net.' ); } } } } } add_action( 'admin_menu', 'vatsimStopProfileAccess' ); //=========================================// // FORCE VATSIM Connect OAuth //=========================================// function vatsimConnectForceLogin(){ if(get_option('vatsim_connect_force_login') == 1){ global $pagenow; // Login and Logout Redirect URL $loginURL = get_site_url() . '/?vatsim_connect=login'; $logoutURL = get_option('vatsim_connect_logout_url'); // Create Backdoor for Admin Access without VATSIM Connect if('wp-login.php' == $pagenow || 'wp-admin' == $pagenow){ $status = 0; //Default Status if(!empty($_GET['adminbackdoor']) && $_GET['adminbackdoor'] == true){ $status = 1; } if(!empty($_GET['loggedout']) && $_GET['loggedout'] == true){ $status = 2; } if(!empty($_GET['action']) && $_GET['action'] == "logout"){ $status = 3; } switch($status){ case 0: wp_redirect($loginURL); break; case 1: if($_SERVER['REQUEST_METHOD'] === 'POST'){ // Continue regular login without using VATSIM Connect } break; case 2: wp_redirect($logoutURL); break; case 3: wp_redirect($logoutURL); break; default: wp_redirect($loginURL); break; } } } } add_action('init','vatsimConnectForceLogin'); ?> Quote
RedKingOne Posted July 9, 2023 Author Report Posted July 9, 2023 On 7/8/2023 at 7:17 AM, swaluver480 said: after some research through multiple forms and talking to some other VA owners on discord (since im interested in this too) looks like youll have to do some extensive work. first youll need to navigate to app/Http/Controllers/Auth/LoginController.php and make the necessary changes use VATSIMSSO\VATSIMSSO; use VATSIMSSO\Auth\Token; use VATSIMSSO\Auth\User; then it looks like youll have to navigate (i belive in that same file) and find handleProviderCallback() code this is where i got told youll have to make a php code below it that verifies the incoming request, gets the Users access token, and details, and logins the user. (have no idea without recreating it what that code will be) then navigate to routes/web.php there add in the vatsim sso callback Route::get('/auth/vatsim/callback', 'App\Http\Controllers\Auth\LoginController@handleProviderCallback'); youll also probably will need to modify the config file and a few more but he told me thats a start as he didnt go all the way through becuase he gained the info needed for what his needs were. i hope this helps you out It certainly gives me something to think about. Appreciate the pointer. Quote
DisposableHero Posted July 9, 2023 Report Posted July 9, 2023 Well, looks like enough data is provided by Vatsim via their api, so you can simply create the user if you wish too... Also you can build something to replace laravel's authentication (or at best let it return a valid authentication) You can then force people to select their hub if you have more than one, or define the closest one as their hub etc. What you need is some custom profile fields, to store Vatsim data Quote
Strider Posted July 16, 2023 Report Posted July 16, 2023 It would be nice to have this as an option. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.