Initial version

Author: LukeTowers

Diff for: Plugin.php

@@ -0,0 +1,122 @@
+<?php namespace LukeTowers\AzureADSSO;
+
+use App;
+use View;
+use Event;
+use Config;
+use System\Classes\PluginBase;
+use System\Classes\CombineAssets;
+use Illuminate\Foundation\AliasLoader;
+use Backend\Controllers\Auth as AuthController;
+
+/**
+ * AzureADSSO Plugin Information File
+ */
+class Plugin extends PluginBase
+{
+    public $elevated = true;
+
+    /**
+     * Returns information about this plugin.
+     *
+     * @return array
+     */
+    public function pluginDetails()
+    {
+        return [
+            'name'        => 'AzureAD SSO',
+            'description' => 'Adds support for logging into the backend with Azure AD SSO OAuth',
+            'author'      => 'LukeTowers',
+            'icon'        => 'icon-lock'
+        ];
+    }
+
+    /**
+     * Boot method, called right before the request route.
+     *
+     * @return array
+     */
+    public function boot()
+    {
+        AuthController::extend(function($controller) {
+            $controller->bindEvent('page.beforeDisplay', function ($action, $params) {
+                if ($action === 'params') {
+                    $controller->addCss(CombineAssets::combine(['azureadsso.css'], plugins_path('luketowers/azureadsso/assets/css/')));
+                }
+            });
+        });
+
+        Event::listen('backend.auth.extendSigninView', function($controller) {
+            return View::make("luketowers.azureadsso::login");
+        });
+
+        $this->bootPackages();
+        $this->extendAzureAD();
+    }
+
+    /**
+     * Boots (configures and registers) any packages found within this plugin's packages.load configuration value
+     *
+     * @see https://luketowers.ca/blog/how-to-use-laravel-packages-in-october-plugins
+     * @author Luke Towers <[email protected]>
+     */
+    public function bootPackages()
+    {
+        // Get the namespace of the current plugin to use in accessing the Config of the plugin
+        $pluginNamespace = str_replace('\\', '.', strtolower(__NAMESPACE__));
+
+        // Instantiate the AliasLoader for any aliases that will be loaded
+        $aliasLoader = AliasLoader::getInstance();
+
+        // Get the packages to boot
+        $packages = Config::get($pluginNamespace . '::packages');
+
+        // Boot each package
+        foreach ($packages as $name => $options) {
+            // Setup the configuration for the package, pulling from this plugin's config
+            if (!empty($options['config']) && !empty($options['config_namespace'])) {
+                Config::set($options['config_namespace'], $options['config']);
+            }
+
+            // Register any Service Providers for the package
+            if (!empty($options['providers'])) {
+                foreach ($options['providers'] as $provider) {
+                    App::register($provider);
+                }
+            }
+
+            // Register any Aliases for the package
+            if (!empty($options['aliases'])) {
+                foreach ($options['aliases'] as $alias => $path) {
+                    $aliasLoader->alias($alias, $path);
+                }
+            }
+        }
+    }
+
+    /**
+     * Extend the base library used to make it compatible with OctoberCMS
+     *
+     * @return void
+     */
+    protected function extendAzureAD()
+    {
+        // Process the user object before saving it
+        \Metrogistics\AzureSocialite\UserFactory::userCallback(function($newUser) {
+            // Generate a random password for the user
+            $pass = str_random(60);
+            $newUser->password = $pass;
+            $newUser->password_confirmation = $pass;
+
+            // Ensure that the user has an email address
+            if (empty($newUser->email) && !empty($newUser->alt_email)) {
+                $newUser->email = $newUser->alt_email;
+            }
+
+            // @TODO: Enable assigning a default role to new users
+
+            // Clean up
+            unset($newUser->attributes['alt_email']);
+        });
+    }
+}

Diff for: README.md

@@ -0,0 +1,26 @@
+# About
+
+Adds support for logging into the backend with Azure Active Directory Single Sign On (SSO) OAuth.
+
+# Installation
+
+To install from the [Marketplace](https://octobercms.com/plugin/luketowers-azureadsso), click on the "Add to Project" button and then select the project you wish to add it to before updating the project to pull in the plugin.
+
+To install from the backend, go to **Settings -> Updates & Plugins -> Install Plugins** and then search for `LukeTowers.AzureADSSO`.
+
+To install from [the repository](https://github.com/luketowers/oc-azureadsso-plugin), clone it into **plugins/luketowers/azureadsso** and then run `composer update` from your project root in order to pull in the dependencies.
+
+To install it with Composer, run `composer require luketowers/oc-azureadsso-plugin` from your project root.
+
+# Setup
+
+1. Go to [`Azure Active Directory` -> `App registrations`](https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview)
+2. Create a new application (registration)
+3. Choose a name (Example: "My OctoberCMS Application Sign-in Helper")
+4. If asked, select the "Web app / API" Application Type
+5. Provide the Redirect URI (by default will be `https://example.com/luketowers/azureadsso/login/microsoft/callback`, replace `https://example.com` with the URL to your OctoberCMS instance)
+6. Click Register
+7. Select your newly created application
+8. Copy the "Application (client) ID" value and put it into your `.env` file for the `AZURE_AD_CLIENT_ID` env variable
+9. Select the permissions required for your app in the "API Permissions" tab (recommended at least Microsft Graph -> `User.Read`, `email`, & `profile`)
+10. Go to the Certificates & Secrets tab and create a new Client Secret (recommended to set it to "Never" expire). Copy this value down and use it for the `AZURE_AD_CLIENT_SECRET` env variable in your `.env` file.

Diff for: assets/css/azureadsso.css

@@ -0,0 +1,22 @@
+{
+    "name": "luketowers/oc-azureadsso-plugin",
+    "type": "october-plugin",
+    "description": "OctoberCMS plugin to add support for logging into the backend with Azure AD SSO OAuth.",
+    "keywords": ["october", "octobercms", "laravel", "azure", "sso", "single sign on", "active directory"],
+    "license": "MIT",
+    "authors": [
+        {
+            "name": "Luke Towers",
+            "email": "[email protected]"
+        }
+    ],
+    "require": {
+        "composer/installers": "~1.0",
+        "metrogistics/laravel-azure-ad-oauth": "^1.2"
+    },
+    "autoload": {
+        "files": [
+            "helpers.php"
+        ]
+    }
+}

Diff for: assets/images/login-dark.png

@@ -0,0 +1,58 @@
+<?php return [
+    'packages' => [
+        'metrogistics/laravel-azure-ad-oauth' => [
+            'providers' => [
+                '\Metrogistics\AzureSocialite\ServiceProvider'
+            ],
+
+            'aliases' => [
+                'AzureUser' => '\Metrogistics\AzureSocialite\AzureUserFacade'
+            ],
+
+            'config_namespace' => 'azure-oath',
+
+            'config' => [
+                'routes' => [
+                    // The middleware to wrap the auth routes in.
+                    // Must contain session handling otherwise login will fail.
+                    'middleware' => 'web',
+
+                    // The url that will redirect to the SSO URL.
+                    'login' => 'luketowers/azureadsso/login/microsoft',
+
+                    // The app route that SSO will redirect to
+                    // Make sure you update credentials.redirect as well
+                    'callback' => 'luketowers/azureadsso/login/microsoft/callback',
+                ],
+                'credentials' => [
+                    'client_id'     => env('AZURE_AD_CLIENT_ID', ''),
+                    'client_secret' => env('AZURE_AD_CLIENT_SECRET', ''),
+                    'redirect'      => Request::root().'/luketowers/azureadsso/login/microsoft/callback'
+                ],
+
+                // The route to redirect the user to upon login.
+                'redirect_on_login' => Backend::url(),
+
+                // The User Eloquent class.
+                'user_class' => '\Backend\Models\User',
+
+                // How much time should be left before the access
+                // token expires to attempt a refresh.
+                'refresh_token_within' => 30,
+
+                // The users table database column to store the user SSO ID.
+                'user_id_field' => 'azure_id',
+
+                // How to map azure user fields to Laravel user fields.
+                // Do not include the id field above.
+                // AzureUserField => LaravelUserField
+                'user_map' => [
+                    'givenName'         => 'first_name',
+                    'surname'           => 'last_name',
+                    'email'             => 'email',
+                    'userPrincipalName' => 'alt_email',
+                ]
+            ]
+        ]
+    ]
+];

Diff for: assets/images/login-light.png

@@ -0,0 +1,25 @@
+<?php namespace LukeTowers\AzureADSSO\Updates;
+
+use Schema;
+use October\Rain\Database\Updates\Migration;
+
+class AddAzureIdBackendUsers extends Migration
+{
+    public function up()
+    {
+        if (!Schema::hasColumn('backend_users', 'azure_id')) {
+            Schema::table('backend_users', function ($table) {
+                $table->string('azure_id');
+            });
+        }
+    }
+
+    public function down()
+    {
+        if (Schema::hasColumn('backend_users', 'azure_id')) {
+            Schema::table('backend_users', function ($table) {
+                $table->dropColumn('azure_id');
+            });
+        }
+    }
+}

Diff for: composer.json

@@ -1 +1,3 @@
-1.0.1: First version of AzureADSSO
+1.0.1:
+    - First version of AzureADSSO
+    - add_azure_id_backend_users.php

Diff for: config/config.php

@@ -0,0 +1,3 @@
+<div id="azureadsso-container">
+    <a id="azureadsso-button" href="{{ \Url::to(\Config::get('azure-oath.login', 'luketowers/azureadsso/login/microsoft')) }}"></a>
+</div>