public function connect($UniqueID, $ProviderKey, $UserData, $Options = [])
{
trace('UserModel->Connect()');
$provider = Gdn_AuthenticationProviderModel::getProviderByKey($ProviderKey);
// Trusted providers can sync roles.
if (val('Trusted', $provider) && (!empty($UserData['Roles']) || !empty($UserData['Roles']))) {
saveToConfig('Garden.SSO.SyncRoles', true, false);
}
$UserID = false;
if (!isset($UserData['UserID'])) {
// Check to see if the user already exists.
$Auth = $this->getAuthentication($UniqueID, $ProviderKey);
$UserID = val('UserID', $Auth);
if ($UserID) {
$UserData['UserID'] = $UserID;
}
}
if ($UserID) {
// Save the user.
$this->syncUser($UserID, $UserData);
return $UserID;
} else {
// The user hasn't already been connected. We want to see if we can't find the user based on some critera.
// Check to auto-connect based on email address.
if (c('Garden.SSO.AutoConnect', c('Garden.Registration.AutoConnect')) && isset($UserData['Email'])) {
$User = $this->getByEmail($UserData['Email']);
trace($User, "Autoconnect User");
if ($User) {
$User = (array) $User;
// Save the user.
$this->syncUser($User, $UserData);
$UserID = $User['UserID'];
}
}
if (!$UserID) {
// Create a new user.
$UserData['Password'] = md5(microtime());
$UserData['HashMethod'] = 'Random';
touchValue('CheckCaptcha', $Options, false);
touchValue('NoConfirmEmail', $Options, true);
touchValue('NoActivity', $Options, true);
// Translate SSO style roles to an array of role IDs suitable for registration.
if (!empty($UserData['Roles']) && !isset($UserData['RoleID'])) {
$UserData['RoleID'] = $this->lookupRoleIDs($UserData['Roles']);
}
touchValue('SaveRoles', $Options, !empty($UserData['RoleID']) && c('Garden.SSO.SyncRoles', false));
trace($UserData, 'Registering User');
$UserID = $this->register($UserData, $Options);
}
if ($UserID) {
// Save the authentication.
$this->saveAuthentication(['UniqueID' => $UniqueID, 'Provider' => $ProviderKey, 'UserID' => $UserID]);
} else {
trace($this->Validation->resultsText(), TRACE_ERROR);
}
}
return $UserID;
}