基础环境Nextcloud15.0.5oauth2installsociallogin在官方应用商店下载sociallogin,解压复制sociallogin到app目录,打开Nextcloud并在app中启用oauth2配置用管理员账号打开Nextcloud,找到sociallogin设置,选择CustomOAuth2并添加oauth2信息,如下设置为只使用oauth2登录,取消系统登录编辑/var/www/html/config/config.php添加如下配置:'social_login_auto_redirect'=>true使用Oauth2登出Nextcloud在使用中,它发现点击注销后,Nextcloud只是注销了自己的session,并没有注销oauth2的session,所以会注销失败。打开core/Controller/LoginController.php找到logout方法,修改$response的值如下:$response=newRedirectResponse('http://10.0.4.3/logout?redirect_uri=http://10.0.4.33:8088');http://10.0.4.3/logout为oauth2认证系统注销地址,使用用户信息创建群组。使用oauth2登录成功后,为了区别于原来的Nextcloud用户,Nextcloud会在数据库中创建一个名为oauth2内部名+登录名的用户,使用起来极其不便。我们可以修改如下代码,保证用户名正常不带前缀:根据返回的用户信息集合中的其他信息创建sociallogin/lib/Controller/LoginController.phpprivatefunctionlogin($uid,Profile$profile){$user=$this->userManager->get($uid);if(null===$user){$connectedUid=$this->socialConnect->findUID($uid);$user=$this->userManager->get($connectedUid);}if($this->userSession->isLoggedIn()){if(!$this->config->getAppValue($this->appName,'allow_login_connect')){thrownewLoginException($this->l->t('社交登录连接被禁用'));}if(null!==$user){thrownewLoginException($this->l->t('这个账号已经连接'));$currentUid=$this->userSession->getUser()->getUID();$this->socialConnect->connectLogin($currentUid,$uid);返回新的RedirectResponse($this->urlGenerator->linkToRoute('settings.PersonalSettings.index',['section'=>'additional']));}if(null===$user){if($this->config->getAppValue($this->appName,'disable_registration')){thrownewLoginException($this->l->t('自动创建新用户被禁用'));}如果($profile->email&&$this->config->getAppValue($this->appName,'prevent_create_email_exists')&&count($this->userManager->getByEmail($profile->email))!==0){thrownewLoginException($this->l->t('Emailalreadyregistered'));}$password=substr(base64_encode(random_bytes(64)),0,30);$user=$this->userManager->createUser($uid,$password);$user->setDisplayName($profile->displayName?:$profile->identifier);$user->setEMailAddress((string)$profile->email);$newUserGroup=$this->config->getAppValue($this->appName,'new_user_group');如果($newUserGroup){尝试{$group=$this->groupManager->get($newUserGroup);$group->addUser($user);}catch(\Exception$e){}}if($profile->photoURL){$curl=新卷曲();尝试{$photo=$curl->request($profile->photoURL);$avatar=$this->avatarManager->getAvatar($uid);$avatar->set($photo);}catch(\Exception$e){}}$this->config->setUserValue($uid,$this->appName,'disable_password_confirmation',1);如果($profile->data['departmentName']!==null){$existGroup=$this->groupManager->get($profile->data['departmentName']);如果($existGroup===null){$newGroup=$this->groupManager->createGroup($profile->data['departmentName']);$newGroup->addUser($user);}else{$existGroup->addUser($user);$this->userSession->completeLogin($user,['loginName'=>$user->getUID(),'password'=>null]);$this->userSession->createSessionToken($this->request,$user->getUID(),$user->getUID());如果($redirectUrl=$this->session->get('login_redirect_url')){returnnewRedirectResponse($redirectUrl);}$this->session->set('last-password-confirm',time());返回新的RedirectResponse($this->urlGenerator->getAbsoluteURL('/'));}sociallogin/lib/Provider/CustomOAuth2.phppublicfunctiongetUserProfile(){$profileFields=array_filter(array_map('trim',explode(',',$this->config->get('profile_fields'))),function($val){return!empty($val);});$profileUrl=$this->config->get('endpoints')->get('profile_url');if(count($profileFields)>0){$profileUrl.=(strpos($profileUrl,'?')!==false?'&':'?').'字段='。内爆(',',$profileFields);}$response=$this->apiRequest($profileUrl);如果(!isset($response->identifier)&&isset($response->id)){$response->identifier=$response->id;}if(!isset($response->identifier)&&isset($response->data->id)){$response->identifier=$response->data->id;}if(!isset($response->identifier)&&isset($response->user_id)){$response->identifier=$response->user_id;}$data=newData\Collection($response);if(!$data->exists('identifier')){thrownewUnexpectedApiResponseException('ProviderAPI返回了意外响应。');}$userProfile=newUser\Profile();foreach($data->toArray()as$key=>$value){if(property_exists($userProfile,$key)){$userProfile->$key=$value;}}if(!empty($userProfile->email)){$userProfile->emailVerified=$userProfile->email;}$attributes=newData\Collection($data->get('attributes'));$userProfile->data=["organizationName"=>$attributes->get('organizationName'),"departmentName"=>$attributes->get('departmentName'),];如果($attributes->get('name')!==null){$userProfile->displayName=$attributes->get('name');}返回$userProfile;}
