openinfra
/
openstackid
Code Issues Proposed changes

Changed display type from touch to native 

changed display type to a custom one to prevent collision with
OIDC specs, also did some refactoring

Change-Id: Ib8b4cea7a2791f8e72d421097648b6cbabf28e18
This commit is contained in:
Sebastian Marcet 2016-02-18 10:05:01 -03:00
parent 09b303df8a
commit 3610cd0f2e
9 changed files with 270 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
app/libs/oauth2/OAuth2Protocol.php
View File

@ -278,15 +278,21 @@ final class OAuth2Protocol implements IOAuth2Protocol
*/
const OAuth2Protocol_Display_Wap ='wap';
/**
* Extension: display the login/consent interaction like a json doc
*/
const OAuth2Protocol_Display_Native ='native';
/**
* @var array
*/
static public $valid_display_values = array
(
self::OAuth2Protocol_Display_Page,
//self::OAuth2Protocol_Display_PopUp,
self::OAuth2Protocol_Display_PopUp,
self::OAuth2Protocol_Display_Touch,
//self::OAuth2Protocol_Display_Wap
self::OAuth2Protocol_Display_Wap,
self::OAuth2Protocol_Display_Native,
);
/**
@ -1299,6 +1305,11 @@ final class OAuth2Protocol implements IOAuth2Protocol
->addResponseModeSupported(self::OAuth2Protocol_ResponseMode_FormPost)
->addResponseModeSupported(self::OAuth2Protocol_ResponseMode_Query)
->addResponseModeSupported(self::OAuth2Protocol_ResponseMode_Fragment)
->addDisplayValueSupported(self::OAuth2Protocol_Display_Page)
->addDisplayValueSupported(self::OAuth2Protocol_Display_PopUp)
->addDisplayValueSupported(self::OAuth2Protocol_Display_Touch)
->addDisplayValueSupported(self::OAuth2Protocol_Display_Wap)
->addDisplayValueSupported(self::OAuth2Protocol_Display_Native)
->render();
}

8
app/libs/oauth2/discovery/DiscoveryDocumentBuilder.php
View File

@ -138,6 +138,14 @@ final class DiscoveryDocumentBuilder
return $this;
}
/**
* @param string $display_value
* @return $this
*/
public function addDisplayValueSupported($display_value){
$this->addArrayValue(OpenIDProviderMetadata::DisplayValuesSupported, $display_value);
return $this;
}
/**
* @param string $response_mode

1
app/libs/oauth2/discovery/OpenIDProviderMetadata.php
View File

@ -273,4 +273,5 @@ abstract class OpenIDProviderMetadata
const IntrospectionEndpoint = 'introspection_endpoint';
}

88
app/strategies/DisplayResponseJsonStrategy.php Normal file
View File

@ -0,0 +1,88 @@
<?php
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
namespace strategies;
use Symfony\Component\HttpFoundation\Response as SymfonyResponse;
use Illuminate\Support\Facades\Response;
use Redirect;
use utils\services\IAuthService;
use URL;
/**
* Class DisplayResponseJsonStrategy
* @package strategies
*/
class DisplayResponseJsonStrategy implements IDisplayResponseStrategy
{
/**
* @param array $data
* @return SymfonyResponse
*/
public function getConsentResponse(array $data = array())
{
// fix scopes
$requested_scopes = $data['requested_scopes'];
$data['requested_scopes'] = array();
foreach($requested_scopes as $scope)
{
array_push($data['requested_scopes'], $scope->toArray());
}
$data['required_params'] = array('_token', 'trust');
$data['required_params_valid_values'] = array
(
'trust' => array
(
IAuthService::AuthorizationResponse_AllowOnce,
IAuthService::AuthorizationResponse_DenyOnce,
),
'_token' => csrf_token()
);
$data['optional_params'] = array();
$data['url'] = URL::action('UserController@postConsent');
$data['method'] = 'POST';
return Response::json($data, 412);
}
/**
* @param array $data
* @return SymfonyResponse
*/
public function getLoginResponse(array $data = array())
{
$data['required_params'] = array('username','password', '_token');
$data['optional_params'] = array('remember');
$data['url'] = URL::action('UserController@postLogin');
$data['method'] = 'POST';
if(!isset($data['required_params_valid_values']))
{
$data['required_params_valid_values'] = array();
}
$data['required_params_valid_values']['_token'] = csrf_token();
return Response::json($data, 412);
}
/**
* @param array $data
* @return SymfonyResponse
*/
public function getLoginErrorResponse(array $data = array())
{
return Response::json($data, 412);
}
}

41
app/strategies/DisplayResponseStrategyFactory.php Normal file
View File

@ -0,0 +1,41 @@
<?php
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
namespace strategies;
use oauth2\OAuth2Protocol;
/**
* Class DisplayResponseStrategyFactory
* @package strategies
*/
final class DisplayResponseStrategyFactory
{
/**
* @param string $display
* @return IDisplayResponseStrategy
*/
static public function build($display)
{
switch($display)
{
case OAuth2Protocol::OAuth2Protocol_Display_Native:
return new DisplayResponseJsonStrategy;
break;
default:
return new DisplayResponseUserAgentStrategy;
break;
}
return null;
}
}

58
app/strategies/DisplayResponseUserAgentStrategy.php Normal file
View File

@ -0,0 +1,58 @@
<?php
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
namespace strategies;
use Symfony\Component\HttpFoundation\Response as SymfonyResponse;
use Illuminate\Support\Facades\Response;
use Redirect;
/**
* Class DisplayResponseUserAgentStrategy
* @package strategies
*/
class DisplayResponseUserAgentStrategy implements IDisplayResponseStrategy
{
/**
* @param array $data
* @return SymfonyResponse
*/
public function getConsentResponse(array $data = array())
{
return Response::view("oauth2.consent", $data, 200);
}
/**
* @param array $data
* @return SymfonyResponse
*/
public function getLoginResponse(array $data = array())
{
return Response::view("login", $data, 200);
}
/**
* @param array $data
* @return SymfonyResponse
*/
public function getLoginErrorResponse(array $data = array())
{
return Redirect::action('UserController@getLogin')
->with('max_login_attempts_2_show_captcha', $data['max_login_attempts_2_show_captcha'])
->with('login_attempts', $data['login_attempts'])
->with('username', $data['username'])
->with('flash_notice', $data['error_message']);
}
}

40
app/strategies/IDisplayResponseStrategy.php Normal file
View File

@ -0,0 +1,40 @@
<?php
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
namespace strategies;
use Symfony\Component\HttpFoundation\Response as SymfonyResponse;
/**
* Interface IDisplayResponseStrategy
* @package strategies
*/
interface IDisplayResponseStrategy
{
/**
* @param array $data
* @return SymfonyResponse
*/
public function getConsentResponse(array $data = array());
/**
* @param array $data
* @return SymfonyResponse
*/
public function getLoginResponse(array $data = array());
/**
* @param array $data
* @return SymfonyResponse
*/
public function getLoginErrorResponse(array $data = array());
}

30
app/strategies/OAuth2ConsentStrategy.php
View File

@ -73,7 +73,7 @@ class OAuth2ConsentStrategy implements IConsentStrategy
$scopes = explode(' ',$auth_request->getScope());
$requested_scopes = $this->scope_service->getScopesByName($scopes);
$data = array();
$data = array();
$data['requested_scopes'] = $requested_scopes;
$data['app_name'] = $client->getApplicationName();
$data['redirect_to'] = $auth_request->getRedirectUri();
@ -87,33 +87,9 @@ class OAuth2ConsentStrategy implements IConsentStrategy
$data['app_description'] = $client->getApplicationDescription();
$data['dev_info_email'] = $client->getDeveloperEmail();
$display = $auth_request->getDisplay();
$response_strategy = DisplayResponseStrategyFactory::build($auth_request->getDisplay());
if($display === OAuth2Protocol::OAuth2Protocol_Display_Page)
return Response::view("oauth2.consent", $data, 200);
if($display === OAuth2Protocol::OAuth2Protocol_Display_Touch)
{
$data['requested_scopes'] = array();
foreach($requested_scopes as $scope)
{
array_push($data['requested_scopes'], $scope->toArray());
}
$data['required_params'] = array('_token', 'trust');
$data['required_params_valid_values'] = array
(
'trust' => array
(
IAuthService::AuthorizationResponse_AllowOnce,
IAuthService::AuthorizationResponse_DenyOnce,
),
'_token' => csrf_token()
);
$data['optional_params'] = array();
$data['url'] = URL::action('UserController@postConsent');
$data['method'] = 'POST';
return Response::json($data, 412);
}
return $response_strategy->getConsentResponse($data);
}

64
app/strategies/OAuth2LoginStrategy.php
View File

@ -55,47 +55,24 @@ class OAuth2LoginStrategy extends DefaultLoginStrategy
public function getLogin()
{
if (Auth::guest())
{
$requested_user_id = $this->security_context_service->get()->getRequestedUserId();
if(!is_null($requested_user_id))
{
Session::put('username', $this->auth_service->getUserById($requested_user_id)->getEmail());
Session::save();
}
$auth_request = OAuth2AuthorizationRequestFactory::getInstance()->build(
OAuth2Message::buildFromMemento(
$this->memento_service->load()
)
);
$display = $auth_request->getDisplay();
if($display === OAuth2Protocol::OAuth2Protocol_Display_Page)
return Response::view("login", array(), 200);
if($display === OAuth2Protocol::OAuth2Protocol_Display_Touch)
{
$data = array
(
'required_params' => array('username','password', '_token'),
'optional_params' => array('remember'),
'required_params_valid_values' => array
(
'_token' => csrf_token()
),
'url' => URL::action('UserController@postLogin'),
'method' => 'POST',
);
if(!is_null($requested_user_id))
{
$data['required_params_valid_values']['username'] = $this->auth_service->getUserById($requested_user_id)->getEmail();
}
return Response::json($data, 412);
}
} else {
if (!Auth::guest())
return Redirect::action("UserController@getProfile");
$requested_user_id = $this->security_context_service->get()->getRequestedUserId();
if (!is_null($requested_user_id)) {
Session::put('username', $this->auth_service->getUserById($requested_user_id)->getEmail());
Session::save();
}
$auth_request = OAuth2AuthorizationRequestFactory::getInstance()->build(
OAuth2Message::buildFromMemento(
$this->memento_service->load()
)
);
$response_strategy = DisplayResponseStrategyFactory::build($auth_request->getDisplay());
return $response_strategy->getLoginResponse();
}
public function postLogin()
@ -130,14 +107,9 @@ class OAuth2LoginStrategy extends DefaultLoginStrategy
$this->memento_service->load()
)
);
$display = $auth_request->getDisplay();
if($display === OAuth2Protocol::OAuth2Protocol_Display_Page)
return parent::errorLogin($params);
$response_strategy = DisplayResponseStrategyFactory::build($auth_request->getDisplay());
if($display === OAuth2Protocol::OAuth2Protocol_Display_Touch)
{
return Response::json($params, 412);
}
return $response_strategy->getLoginErrorResponse($params);
}
}