From 3610cd0f2e915d1af5452b4db02362707afd91cb Mon Sep 17 00:00:00 2001
From: Sebastian Marcet <smarcet@gmail.com>
Date: Thu, 18 Feb 2016 10:05:01 -0300
Subject: [PATCH] Changed display type from touch to native

changed display type to a custom one to prevent collision with
OIDC specs, also did some refactoring

Change-Id: Ib8b4cea7a2791f8e72d421097648b6cbabf28e18
---
 app/libs/oauth2/OAuth2Protocol.php            | 15 +++-
 .../discovery/DiscoveryDocumentBuilder.php    |  8 ++
 .../discovery/OpenIDProviderMetadata.php      |  1 +
 .../DisplayResponseJsonStrategy.php           | 88 +++++++++++++++++++
 .../DisplayResponseStrategyFactory.php        | 41 +++++++++
 .../DisplayResponseUserAgentStrategy.php      | 58 ++++++++++++
 app/strategies/IDisplayResponseStrategy.php   | 40 +++++++++
 app/strategies/OAuth2ConsentStrategy.php      | 30 +------
 app/strategies/OAuth2LoginStrategy.php        | 64 ++++----------
 9 files changed, 270 insertions(+), 75 deletions(-)
 create mode 100644 app/strategies/DisplayResponseJsonStrategy.php
 create mode 100644 app/strategies/DisplayResponseStrategyFactory.php
 create mode 100644 app/strategies/DisplayResponseUserAgentStrategy.php
 create mode 100644 app/strategies/IDisplayResponseStrategy.php

diff --git a/app/libs/oauth2/OAuth2Protocol.php b/app/libs/oauth2/OAuth2Protocol.php
index 9ebb2fce..23b05be0 100644
--- a/app/libs/oauth2/OAuth2Protocol.php
+++ b/app/libs/oauth2/OAuth2Protocol.php
@@ -278,15 +278,21 @@ final class OAuth2Protocol implements IOAuth2Protocol
      */
     const OAuth2Protocol_Display_Wap ='wap';
 
+    /**
+     *  Extension: display the login/consent interaction like a json doc
+     */
+    const OAuth2Protocol_Display_Native ='native';
+
     /**
      * @var array
      */
     static public $valid_display_values = array
     (
         self::OAuth2Protocol_Display_Page,
-        //self::OAuth2Protocol_Display_PopUp,
+        self::OAuth2Protocol_Display_PopUp,
         self::OAuth2Protocol_Display_Touch,
-        //self::OAuth2Protocol_Display_Wap
+        self::OAuth2Protocol_Display_Wap,
+        self::OAuth2Protocol_Display_Native,
     );
 
     /**
@@ -1299,6 +1305,11 @@ final class OAuth2Protocol implements IOAuth2Protocol
             ->addResponseModeSupported(self::OAuth2Protocol_ResponseMode_FormPost)
             ->addResponseModeSupported(self::OAuth2Protocol_ResponseMode_Query)
             ->addResponseModeSupported(self::OAuth2Protocol_ResponseMode_Fragment)
+            ->addDisplayValueSupported(self::OAuth2Protocol_Display_Page)
+            ->addDisplayValueSupported(self::OAuth2Protocol_Display_PopUp)
+            ->addDisplayValueSupported(self::OAuth2Protocol_Display_Touch)
+            ->addDisplayValueSupported(self::OAuth2Protocol_Display_Wap)
+            ->addDisplayValueSupported(self::OAuth2Protocol_Display_Native)
             ->render();
     }
 
diff --git a/app/libs/oauth2/discovery/DiscoveryDocumentBuilder.php b/app/libs/oauth2/discovery/DiscoveryDocumentBuilder.php
index 7f8e3f5d..4b7a9c7d 100644
--- a/app/libs/oauth2/discovery/DiscoveryDocumentBuilder.php
+++ b/app/libs/oauth2/discovery/DiscoveryDocumentBuilder.php
@@ -138,6 +138,14 @@ final class DiscoveryDocumentBuilder
         return $this;
     }
 
+    /**
+     * @param string $display_value
+     * @return $this
+     */
+    public function addDisplayValueSupported($display_value){
+        $this->addArrayValue(OpenIDProviderMetadata::DisplayValuesSupported, $display_value);
+        return $this;
+    }
 
     /**
      * @param string $response_mode
diff --git a/app/libs/oauth2/discovery/OpenIDProviderMetadata.php b/app/libs/oauth2/discovery/OpenIDProviderMetadata.php
index 98608530..7665cdad 100644
--- a/app/libs/oauth2/discovery/OpenIDProviderMetadata.php
+++ b/app/libs/oauth2/discovery/OpenIDProviderMetadata.php
@@ -273,4 +273,5 @@ abstract class OpenIDProviderMetadata
 
 
     const IntrospectionEndpoint = 'introspection_endpoint';
+
 }
diff --git a/app/strategies/DisplayResponseJsonStrategy.php b/app/strategies/DisplayResponseJsonStrategy.php
new file mode 100644
index 00000000..6f549857
--- /dev/null
+++ b/app/strategies/DisplayResponseJsonStrategy.php
@@ -0,0 +1,88 @@
+<?php
+/**
+ * Copyright 2015 OpenStack Foundation
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ **/
+
+namespace strategies;
+
+use Symfony\Component\HttpFoundation\Response as SymfonyResponse;
+use Illuminate\Support\Facades\Response;
+use Redirect;
+use utils\services\IAuthService;
+use URL;
+
+/**
+ * Class DisplayResponseJsonStrategy
+ * @package strategies
+ */
+class DisplayResponseJsonStrategy implements IDisplayResponseStrategy
+{
+
+    /**
+     * @param array $data
+     * @return SymfonyResponse
+     */
+    public function getConsentResponse(array $data = array())
+    {
+        // fix scopes
+        $requested_scopes                     = $data['requested_scopes'];
+        $data['requested_scopes']             = array();
+        foreach($requested_scopes as $scope)
+        {
+            array_push($data['requested_scopes'], $scope->toArray());
+        }
+
+        $data['required_params']              = array('_token', 'trust');
+        $data['required_params_valid_values'] = array
+        (
+            'trust' => array
+            (
+                IAuthService::AuthorizationResponse_AllowOnce,
+                IAuthService::AuthorizationResponse_DenyOnce,
+            ),
+            '_token' => csrf_token()
+        );
+        $data['optional_params'] = array();
+        $data['url']             = URL::action('UserController@postConsent');
+        $data['method']          = 'POST';
+        return Response::json($data, 412);
+    }
+
+    /**
+     * @param array $data
+     * @return SymfonyResponse
+     */
+    public function getLoginResponse(array $data = array())
+    {
+        $data['required_params'] = array('username','password', '_token');
+        $data['optional_params'] = array('remember');
+        $data['url']             = URL::action('UserController@postLogin');
+        $data['method']          = 'POST';
+
+        if(!isset($data['required_params_valid_values']))
+        {
+            $data['required_params_valid_values'] = array();
+        }
+
+        $data['required_params_valid_values']['_token'] = csrf_token();
+        return Response::json($data, 412);
+    }
+
+    /**
+     * @param array $data
+     * @return SymfonyResponse
+     */
+    public function getLoginErrorResponse(array $data = array())
+    {
+        return Response::json($data, 412);
+    }
+}
\ No newline at end of file
diff --git a/app/strategies/DisplayResponseStrategyFactory.php b/app/strategies/DisplayResponseStrategyFactory.php
new file mode 100644
index 00000000..b71ed264
--- /dev/null
+++ b/app/strategies/DisplayResponseStrategyFactory.php
@@ -0,0 +1,41 @@
+<?php
+/**
+ * Copyright 2015 OpenStack Foundation
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ **/
+
+namespace strategies;
+
+use oauth2\OAuth2Protocol;
+/**
+ * Class DisplayResponseStrategyFactory
+ * @package strategies
+ */
+final class DisplayResponseStrategyFactory
+{
+    /**
+     * @param string $display
+     * @return IDisplayResponseStrategy
+     */
+    static public function  build($display)
+    {
+       switch($display)
+       {
+            case OAuth2Protocol::OAuth2Protocol_Display_Native:
+                 return new DisplayResponseJsonStrategy;
+            break;
+            default:
+                 return new DisplayResponseUserAgentStrategy;
+            break;
+        }
+        return null;
+    }
+}
\ No newline at end of file
diff --git a/app/strategies/DisplayResponseUserAgentStrategy.php b/app/strategies/DisplayResponseUserAgentStrategy.php
new file mode 100644
index 00000000..02307443
--- /dev/null
+++ b/app/strategies/DisplayResponseUserAgentStrategy.php
@@ -0,0 +1,58 @@
+<?php
+/**
+ * Copyright 2015 OpenStack Foundation
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ **/
+
+namespace strategies;
+
+use Symfony\Component\HttpFoundation\Response as SymfonyResponse;
+use Illuminate\Support\Facades\Response;
+use Redirect;
+
+/**
+ * Class DisplayResponseUserAgentStrategy
+ * @package strategies
+ */
+class DisplayResponseUserAgentStrategy implements IDisplayResponseStrategy
+{
+
+    /**
+     * @param array $data
+     * @return SymfonyResponse
+     */
+    public function getConsentResponse(array $data = array())
+    {
+        return Response::view("oauth2.consent", $data, 200);
+    }
+
+    /**
+     * @param array $data
+     * @return SymfonyResponse
+     */
+    public function getLoginResponse(array $data = array())
+    {
+        return Response::view("login", $data, 200);
+    }
+
+    /**
+     * @param array $data
+     * @return SymfonyResponse
+     */
+    public function getLoginErrorResponse(array $data = array())
+    {
+        return Redirect::action('UserController@getLogin')
+            ->with('max_login_attempts_2_show_captcha', $data['max_login_attempts_2_show_captcha'])
+            ->with('login_attempts', $data['login_attempts'])
+            ->with('username', $data['username'])
+            ->with('flash_notice', $data['error_message']);
+    }
+}
\ No newline at end of file
diff --git a/app/strategies/IDisplayResponseStrategy.php b/app/strategies/IDisplayResponseStrategy.php
new file mode 100644
index 00000000..4e0b2fa5
--- /dev/null
+++ b/app/strategies/IDisplayResponseStrategy.php
@@ -0,0 +1,40 @@
+<?php
+/**
+ * Copyright 2015 OpenStack Foundation
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ **/
+
+namespace strategies;
+
+use Symfony\Component\HttpFoundation\Response as SymfonyResponse;
+/**
+ * Interface IDisplayResponseStrategy
+ * @package strategies
+ */
+interface IDisplayResponseStrategy
+{
+    /**
+     * @param array $data
+     * @return SymfonyResponse
+     */
+    public function getConsentResponse(array $data = array());
+
+    /**
+     * @param array $data
+     * @return SymfonyResponse
+     */
+    public function getLoginResponse(array $data = array());
+    /**
+     * @param array $data
+     * @return SymfonyResponse
+     */
+    public function getLoginErrorResponse(array $data = array());
+}
\ No newline at end of file
diff --git a/app/strategies/OAuth2ConsentStrategy.php b/app/strategies/OAuth2ConsentStrategy.php
index 0a61d70d..ff4c1bd9 100644
--- a/app/strategies/OAuth2ConsentStrategy.php
+++ b/app/strategies/OAuth2ConsentStrategy.php
@@ -73,7 +73,7 @@ class OAuth2ConsentStrategy implements IConsentStrategy
         $scopes                   = explode(' ',$auth_request->getScope());
         $requested_scopes         = $this->scope_service->getScopesByName($scopes);
 
-        $data = array();
+        $data                      = array();
         $data['requested_scopes'] = $requested_scopes;
         $data['app_name']         = $client->getApplicationName();
         $data['redirect_to']      = $auth_request->getRedirectUri();
@@ -87,33 +87,9 @@ class OAuth2ConsentStrategy implements IConsentStrategy
         $data['app_description']  = $client->getApplicationDescription();
         $data['dev_info_email']   = $client->getDeveloperEmail();
 
-        $display = $auth_request->getDisplay();
+        $response_strategy = DisplayResponseStrategyFactory::build($auth_request->getDisplay());
 
-        if($display === OAuth2Protocol::OAuth2Protocol_Display_Page)
-            return Response::view("oauth2.consent", $data, 200);
-
-        if($display === OAuth2Protocol::OAuth2Protocol_Display_Touch)
-        {
-            $data['requested_scopes']             = array();
-            foreach($requested_scopes as $scope)
-            {
-                array_push($data['requested_scopes'], $scope->toArray());
-            }
-            $data['required_params']              = array('_token', 'trust');
-            $data['required_params_valid_values'] = array
-            (
-                'trust' => array
-                (
-                    IAuthService::AuthorizationResponse_AllowOnce,
-                    IAuthService::AuthorizationResponse_DenyOnce,
-                ),
-                '_token' => csrf_token()
-            );
-            $data['optional_params'] = array();
-            $data['url']             = URL::action('UserController@postConsent');
-            $data['method']          = 'POST';
-            return Response::json($data, 412);
-        }
+        return $response_strategy->getConsentResponse($data);
 
     }
 
diff --git a/app/strategies/OAuth2LoginStrategy.php b/app/strategies/OAuth2LoginStrategy.php
index 96847326..7b89c0b5 100644
--- a/app/strategies/OAuth2LoginStrategy.php
+++ b/app/strategies/OAuth2LoginStrategy.php
@@ -55,47 +55,24 @@ class OAuth2LoginStrategy extends DefaultLoginStrategy
 
     public function getLogin()
     {
-        if (Auth::guest())
-        {
-            $requested_user_id = $this->security_context_service->get()->getRequestedUserId();
-            if(!is_null($requested_user_id))
-            {
-                Session::put('username', $this->auth_service->getUserById($requested_user_id)->getEmail());
-                Session::save();
-            }
-            $auth_request = OAuth2AuthorizationRequestFactory::getInstance()->build(
-                OAuth2Message::buildFromMemento(
-                    $this->memento_service->load()
-                )
-            );
-            $display = $auth_request->getDisplay();
-
-            if($display === OAuth2Protocol::OAuth2Protocol_Display_Page)
-                return Response::view("login", array(), 200);
-
-            if($display === OAuth2Protocol::OAuth2Protocol_Display_Touch)
-            {
-                $data = array
-                (
-                    'required_params'   => array('username','password', '_token'),
-                    'optional_params'   => array('remember'),
-                    'required_params_valid_values' => array
-                    (
-                        '_token' => csrf_token()
-                    ),
-                    'url'               => URL::action('UserController@postLogin'),
-                    'method'            => 'POST',
-                );
-                if(!is_null($requested_user_id))
-                {
-                    $data['required_params_valid_values']['username'] = $this->auth_service->getUserById($requested_user_id)->getEmail();
-                }
-                return Response::json($data, 412);
-            }
-
-        } else {
+        if (!Auth::guest())
             return Redirect::action("UserController@getProfile");
+
+        $requested_user_id = $this->security_context_service->get()->getRequestedUserId();
+        if (!is_null($requested_user_id)) {
+            Session::put('username', $this->auth_service->getUserById($requested_user_id)->getEmail());
+            Session::save();
         }
+
+        $auth_request = OAuth2AuthorizationRequestFactory::getInstance()->build(
+            OAuth2Message::buildFromMemento(
+                $this->memento_service->load()
+            )
+        );
+
+        $response_strategy = DisplayResponseStrategyFactory::build($auth_request->getDisplay());
+
+        return $response_strategy->getLoginResponse();
     }
 
     public function postLogin()
@@ -130,14 +107,9 @@ class OAuth2LoginStrategy extends DefaultLoginStrategy
                 $this->memento_service->load()
             )
         );
-        $display = $auth_request->getDisplay();
 
-        if($display === OAuth2Protocol::OAuth2Protocol_Display_Page)
-            return parent::errorLogin($params);
+        $response_strategy = DisplayResponseStrategyFactory::build($auth_request->getDisplay());
 
-        if($display === OAuth2Protocol::OAuth2Protocol_Display_Touch)
-        {
-            return Response::json($params, 412);
-        }
+        return $response_strategy->getLoginErrorResponse($params);
     }
 }
\ No newline at end of file