Changed display type from touch to native
changed display type to a custom one to prevent collision with OIDC specs, also did some refactoring Change-Id: Ib8b4cea7a2791f8e72d421097648b6cbabf28e18
This commit is contained in:
parent
09b303df8a
commit
3610cd0f2e
|
@ -278,15 +278,21 @@ final class OAuth2Protocol implements IOAuth2Protocol
|
|||
*/
|
||||
const OAuth2Protocol_Display_Wap ='wap';
|
||||
|
||||
/**
|
||||
* Extension: display the login/consent interaction like a json doc
|
||||
*/
|
||||
const OAuth2Protocol_Display_Native ='native';
|
||||
|
||||
/**
|
||||
* @var array
|
||||
*/
|
||||
static public $valid_display_values = array
|
||||
(
|
||||
self::OAuth2Protocol_Display_Page,
|
||||
//self::OAuth2Protocol_Display_PopUp,
|
||||
self::OAuth2Protocol_Display_PopUp,
|
||||
self::OAuth2Protocol_Display_Touch,
|
||||
//self::OAuth2Protocol_Display_Wap
|
||||
self::OAuth2Protocol_Display_Wap,
|
||||
self::OAuth2Protocol_Display_Native,
|
||||
);
|
||||
|
||||
/**
|
||||
|
@ -1299,6 +1305,11 @@ final class OAuth2Protocol implements IOAuth2Protocol
|
|||
->addResponseModeSupported(self::OAuth2Protocol_ResponseMode_FormPost)
|
||||
->addResponseModeSupported(self::OAuth2Protocol_ResponseMode_Query)
|
||||
->addResponseModeSupported(self::OAuth2Protocol_ResponseMode_Fragment)
|
||||
->addDisplayValueSupported(self::OAuth2Protocol_Display_Page)
|
||||
->addDisplayValueSupported(self::OAuth2Protocol_Display_PopUp)
|
||||
->addDisplayValueSupported(self::OAuth2Protocol_Display_Touch)
|
||||
->addDisplayValueSupported(self::OAuth2Protocol_Display_Wap)
|
||||
->addDisplayValueSupported(self::OAuth2Protocol_Display_Native)
|
||||
->render();
|
||||
}
|
||||
|
||||
|
|
|
@ -138,6 +138,14 @@ final class DiscoveryDocumentBuilder
|
|||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $display_value
|
||||
* @return $this
|
||||
*/
|
||||
public function addDisplayValueSupported($display_value){
|
||||
$this->addArrayValue(OpenIDProviderMetadata::DisplayValuesSupported, $display_value);
|
||||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $response_mode
|
||||
|
|
|
@ -273,4 +273,5 @@ abstract class OpenIDProviderMetadata
|
|||
|
||||
|
||||
const IntrospectionEndpoint = 'introspection_endpoint';
|
||||
|
||||
}
|
||||
|
|
|
@ -0,0 +1,88 @@
|
|||
<?php
|
||||
/**
|
||||
* Copyright 2015 OpenStack Foundation
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
**/
|
||||
|
||||
namespace strategies;
|
||||
|
||||
use Symfony\Component\HttpFoundation\Response as SymfonyResponse;
|
||||
use Illuminate\Support\Facades\Response;
|
||||
use Redirect;
|
||||
use utils\services\IAuthService;
|
||||
use URL;
|
||||
|
||||
/**
|
||||
* Class DisplayResponseJsonStrategy
|
||||
* @package strategies
|
||||
*/
|
||||
class DisplayResponseJsonStrategy implements IDisplayResponseStrategy
|
||||
{
|
||||
|
||||
/**
|
||||
* @param array $data
|
||||
* @return SymfonyResponse
|
||||
*/
|
||||
public function getConsentResponse(array $data = array())
|
||||
{
|
||||
// fix scopes
|
||||
$requested_scopes = $data['requested_scopes'];
|
||||
$data['requested_scopes'] = array();
|
||||
foreach($requested_scopes as $scope)
|
||||
{
|
||||
array_push($data['requested_scopes'], $scope->toArray());
|
||||
}
|
||||
|
||||
$data['required_params'] = array('_token', 'trust');
|
||||
$data['required_params_valid_values'] = array
|
||||
(
|
||||
'trust' => array
|
||||
(
|
||||
IAuthService::AuthorizationResponse_AllowOnce,
|
||||
IAuthService::AuthorizationResponse_DenyOnce,
|
||||
),
|
||||
'_token' => csrf_token()
|
||||
);
|
||||
$data['optional_params'] = array();
|
||||
$data['url'] = URL::action('UserController@postConsent');
|
||||
$data['method'] = 'POST';
|
||||
return Response::json($data, 412);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array $data
|
||||
* @return SymfonyResponse
|
||||
*/
|
||||
public function getLoginResponse(array $data = array())
|
||||
{
|
||||
$data['required_params'] = array('username','password', '_token');
|
||||
$data['optional_params'] = array('remember');
|
||||
$data['url'] = URL::action('UserController@postLogin');
|
||||
$data['method'] = 'POST';
|
||||
|
||||
if(!isset($data['required_params_valid_values']))
|
||||
{
|
||||
$data['required_params_valid_values'] = array();
|
||||
}
|
||||
|
||||
$data['required_params_valid_values']['_token'] = csrf_token();
|
||||
return Response::json($data, 412);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array $data
|
||||
* @return SymfonyResponse
|
||||
*/
|
||||
public function getLoginErrorResponse(array $data = array())
|
||||
{
|
||||
return Response::json($data, 412);
|
||||
}
|
||||
}
|
|
@ -0,0 +1,41 @@
|
|||
<?php
|
||||
/**
|
||||
* Copyright 2015 OpenStack Foundation
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
**/
|
||||
|
||||
namespace strategies;
|
||||
|
||||
use oauth2\OAuth2Protocol;
|
||||
/**
|
||||
* Class DisplayResponseStrategyFactory
|
||||
* @package strategies
|
||||
*/
|
||||
final class DisplayResponseStrategyFactory
|
||||
{
|
||||
/**
|
||||
* @param string $display
|
||||
* @return IDisplayResponseStrategy
|
||||
*/
|
||||
static public function build($display)
|
||||
{
|
||||
switch($display)
|
||||
{
|
||||
case OAuth2Protocol::OAuth2Protocol_Display_Native:
|
||||
return new DisplayResponseJsonStrategy;
|
||||
break;
|
||||
default:
|
||||
return new DisplayResponseUserAgentStrategy;
|
||||
break;
|
||||
}
|
||||
return null;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,58 @@
|
|||
<?php
|
||||
/**
|
||||
* Copyright 2015 OpenStack Foundation
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
**/
|
||||
|
||||
namespace strategies;
|
||||
|
||||
use Symfony\Component\HttpFoundation\Response as SymfonyResponse;
|
||||
use Illuminate\Support\Facades\Response;
|
||||
use Redirect;
|
||||
|
||||
/**
|
||||
* Class DisplayResponseUserAgentStrategy
|
||||
* @package strategies
|
||||
*/
|
||||
class DisplayResponseUserAgentStrategy implements IDisplayResponseStrategy
|
||||
{
|
||||
|
||||
/**
|
||||
* @param array $data
|
||||
* @return SymfonyResponse
|
||||
*/
|
||||
public function getConsentResponse(array $data = array())
|
||||
{
|
||||
return Response::view("oauth2.consent", $data, 200);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array $data
|
||||
* @return SymfonyResponse
|
||||
*/
|
||||
public function getLoginResponse(array $data = array())
|
||||
{
|
||||
return Response::view("login", $data, 200);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array $data
|
||||
* @return SymfonyResponse
|
||||
*/
|
||||
public function getLoginErrorResponse(array $data = array())
|
||||
{
|
||||
return Redirect::action('UserController@getLogin')
|
||||
->with('max_login_attempts_2_show_captcha', $data['max_login_attempts_2_show_captcha'])
|
||||
->with('login_attempts', $data['login_attempts'])
|
||||
->with('username', $data['username'])
|
||||
->with('flash_notice', $data['error_message']);
|
||||
}
|
||||
}
|
|
@ -0,0 +1,40 @@
|
|||
<?php
|
||||
/**
|
||||
* Copyright 2015 OpenStack Foundation
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
**/
|
||||
|
||||
namespace strategies;
|
||||
|
||||
use Symfony\Component\HttpFoundation\Response as SymfonyResponse;
|
||||
/**
|
||||
* Interface IDisplayResponseStrategy
|
||||
* @package strategies
|
||||
*/
|
||||
interface IDisplayResponseStrategy
|
||||
{
|
||||
/**
|
||||
* @param array $data
|
||||
* @return SymfonyResponse
|
||||
*/
|
||||
public function getConsentResponse(array $data = array());
|
||||
|
||||
/**
|
||||
* @param array $data
|
||||
* @return SymfonyResponse
|
||||
*/
|
||||
public function getLoginResponse(array $data = array());
|
||||
/**
|
||||
* @param array $data
|
||||
* @return SymfonyResponse
|
||||
*/
|
||||
public function getLoginErrorResponse(array $data = array());
|
||||
}
|
|
@ -73,7 +73,7 @@ class OAuth2ConsentStrategy implements IConsentStrategy
|
|||
$scopes = explode(' ',$auth_request->getScope());
|
||||
$requested_scopes = $this->scope_service->getScopesByName($scopes);
|
||||
|
||||
$data = array();
|
||||
$data = array();
|
||||
$data['requested_scopes'] = $requested_scopes;
|
||||
$data['app_name'] = $client->getApplicationName();
|
||||
$data['redirect_to'] = $auth_request->getRedirectUri();
|
||||
|
@ -87,33 +87,9 @@ class OAuth2ConsentStrategy implements IConsentStrategy
|
|||
$data['app_description'] = $client->getApplicationDescription();
|
||||
$data['dev_info_email'] = $client->getDeveloperEmail();
|
||||
|
||||
$display = $auth_request->getDisplay();
|
||||
$response_strategy = DisplayResponseStrategyFactory::build($auth_request->getDisplay());
|
||||
|
||||
if($display === OAuth2Protocol::OAuth2Protocol_Display_Page)
|
||||
return Response::view("oauth2.consent", $data, 200);
|
||||
|
||||
if($display === OAuth2Protocol::OAuth2Protocol_Display_Touch)
|
||||
{
|
||||
$data['requested_scopes'] = array();
|
||||
foreach($requested_scopes as $scope)
|
||||
{
|
||||
array_push($data['requested_scopes'], $scope->toArray());
|
||||
}
|
||||
$data['required_params'] = array('_token', 'trust');
|
||||
$data['required_params_valid_values'] = array
|
||||
(
|
||||
'trust' => array
|
||||
(
|
||||
IAuthService::AuthorizationResponse_AllowOnce,
|
||||
IAuthService::AuthorizationResponse_DenyOnce,
|
||||
),
|
||||
'_token' => csrf_token()
|
||||
);
|
||||
$data['optional_params'] = array();
|
||||
$data['url'] = URL::action('UserController@postConsent');
|
||||
$data['method'] = 'POST';
|
||||
return Response::json($data, 412);
|
||||
}
|
||||
return $response_strategy->getConsentResponse($data);
|
||||
|
||||
}
|
||||
|
||||
|
|
|
@ -55,47 +55,24 @@ class OAuth2LoginStrategy extends DefaultLoginStrategy
|
|||
|
||||
public function getLogin()
|
||||
{
|
||||
if (Auth::guest())
|
||||
{
|
||||
$requested_user_id = $this->security_context_service->get()->getRequestedUserId();
|
||||
if(!is_null($requested_user_id))
|
||||
{
|
||||
Session::put('username', $this->auth_service->getUserById($requested_user_id)->getEmail());
|
||||
Session::save();
|
||||
}
|
||||
$auth_request = OAuth2AuthorizationRequestFactory::getInstance()->build(
|
||||
OAuth2Message::buildFromMemento(
|
||||
$this->memento_service->load()
|
||||
)
|
||||
);
|
||||
$display = $auth_request->getDisplay();
|
||||
|
||||
if($display === OAuth2Protocol::OAuth2Protocol_Display_Page)
|
||||
return Response::view("login", array(), 200);
|
||||
|
||||
if($display === OAuth2Protocol::OAuth2Protocol_Display_Touch)
|
||||
{
|
||||
$data = array
|
||||
(
|
||||
'required_params' => array('username','password', '_token'),
|
||||
'optional_params' => array('remember'),
|
||||
'required_params_valid_values' => array
|
||||
(
|
||||
'_token' => csrf_token()
|
||||
),
|
||||
'url' => URL::action('UserController@postLogin'),
|
||||
'method' => 'POST',
|
||||
);
|
||||
if(!is_null($requested_user_id))
|
||||
{
|
||||
$data['required_params_valid_values']['username'] = $this->auth_service->getUserById($requested_user_id)->getEmail();
|
||||
}
|
||||
return Response::json($data, 412);
|
||||
}
|
||||
|
||||
} else {
|
||||
if (!Auth::guest())
|
||||
return Redirect::action("UserController@getProfile");
|
||||
|
||||
$requested_user_id = $this->security_context_service->get()->getRequestedUserId();
|
||||
if (!is_null($requested_user_id)) {
|
||||
Session::put('username', $this->auth_service->getUserById($requested_user_id)->getEmail());
|
||||
Session::save();
|
||||
}
|
||||
|
||||
$auth_request = OAuth2AuthorizationRequestFactory::getInstance()->build(
|
||||
OAuth2Message::buildFromMemento(
|
||||
$this->memento_service->load()
|
||||
)
|
||||
);
|
||||
|
||||
$response_strategy = DisplayResponseStrategyFactory::build($auth_request->getDisplay());
|
||||
|
||||
return $response_strategy->getLoginResponse();
|
||||
}
|
||||
|
||||
public function postLogin()
|
||||
|
@ -130,14 +107,9 @@ class OAuth2LoginStrategy extends DefaultLoginStrategy
|
|||
$this->memento_service->load()
|
||||
)
|
||||
);
|
||||
$display = $auth_request->getDisplay();
|
||||
|
||||
if($display === OAuth2Protocol::OAuth2Protocol_Display_Page)
|
||||
return parent::errorLogin($params);
|
||||
$response_strategy = DisplayResponseStrategyFactory::build($auth_request->getDisplay());
|
||||
|
||||
if($display === OAuth2Protocol::OAuth2Protocol_Display_Touch)
|
||||
{
|
||||
return Response::json($params, 412);
|
||||
}
|
||||
return $response_strategy->getLoginErrorResponse($params);
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue