Changed display type from touch to native
changed display type to a custom one to prevent collision with OIDC specs, also did some refactoring Change-Id: Ib8b4cea7a2791f8e72d421097648b6cbabf28e18
This commit is contained in:
parent
09b303df8a
commit
3610cd0f2e
|
@ -278,15 +278,21 @@ final class OAuth2Protocol implements IOAuth2Protocol
|
||||||
*/
|
*/
|
||||||
const OAuth2Protocol_Display_Wap ='wap';
|
const OAuth2Protocol_Display_Wap ='wap';
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Extension: display the login/consent interaction like a json doc
|
||||||
|
*/
|
||||||
|
const OAuth2Protocol_Display_Native ='native';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @var array
|
* @var array
|
||||||
*/
|
*/
|
||||||
static public $valid_display_values = array
|
static public $valid_display_values = array
|
||||||
(
|
(
|
||||||
self::OAuth2Protocol_Display_Page,
|
self::OAuth2Protocol_Display_Page,
|
||||||
//self::OAuth2Protocol_Display_PopUp,
|
self::OAuth2Protocol_Display_PopUp,
|
||||||
self::OAuth2Protocol_Display_Touch,
|
self::OAuth2Protocol_Display_Touch,
|
||||||
//self::OAuth2Protocol_Display_Wap
|
self::OAuth2Protocol_Display_Wap,
|
||||||
|
self::OAuth2Protocol_Display_Native,
|
||||||
);
|
);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -1299,6 +1305,11 @@ final class OAuth2Protocol implements IOAuth2Protocol
|
||||||
->addResponseModeSupported(self::OAuth2Protocol_ResponseMode_FormPost)
|
->addResponseModeSupported(self::OAuth2Protocol_ResponseMode_FormPost)
|
||||||
->addResponseModeSupported(self::OAuth2Protocol_ResponseMode_Query)
|
->addResponseModeSupported(self::OAuth2Protocol_ResponseMode_Query)
|
||||||
->addResponseModeSupported(self::OAuth2Protocol_ResponseMode_Fragment)
|
->addResponseModeSupported(self::OAuth2Protocol_ResponseMode_Fragment)
|
||||||
|
->addDisplayValueSupported(self::OAuth2Protocol_Display_Page)
|
||||||
|
->addDisplayValueSupported(self::OAuth2Protocol_Display_PopUp)
|
||||||
|
->addDisplayValueSupported(self::OAuth2Protocol_Display_Touch)
|
||||||
|
->addDisplayValueSupported(self::OAuth2Protocol_Display_Wap)
|
||||||
|
->addDisplayValueSupported(self::OAuth2Protocol_Display_Native)
|
||||||
->render();
|
->render();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -138,6 +138,14 @@ final class DiscoveryDocumentBuilder
|
||||||
return $this;
|
return $this;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param string $display_value
|
||||||
|
* @return $this
|
||||||
|
*/
|
||||||
|
public function addDisplayValueSupported($display_value){
|
||||||
|
$this->addArrayValue(OpenIDProviderMetadata::DisplayValuesSupported, $display_value);
|
||||||
|
return $this;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param string $response_mode
|
* @param string $response_mode
|
||||||
|
|
|
@ -273,4 +273,5 @@ abstract class OpenIDProviderMetadata
|
||||||
|
|
||||||
|
|
||||||
const IntrospectionEndpoint = 'introspection_endpoint';
|
const IntrospectionEndpoint = 'introspection_endpoint';
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,88 @@
|
||||||
|
<?php
|
||||||
|
/**
|
||||||
|
* Copyright 2015 OpenStack Foundation
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
**/
|
||||||
|
|
||||||
|
namespace strategies;
|
||||||
|
|
||||||
|
use Symfony\Component\HttpFoundation\Response as SymfonyResponse;
|
||||||
|
use Illuminate\Support\Facades\Response;
|
||||||
|
use Redirect;
|
||||||
|
use utils\services\IAuthService;
|
||||||
|
use URL;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Class DisplayResponseJsonStrategy
|
||||||
|
* @package strategies
|
||||||
|
*/
|
||||||
|
class DisplayResponseJsonStrategy implements IDisplayResponseStrategy
|
||||||
|
{
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param array $data
|
||||||
|
* @return SymfonyResponse
|
||||||
|
*/
|
||||||
|
public function getConsentResponse(array $data = array())
|
||||||
|
{
|
||||||
|
// fix scopes
|
||||||
|
$requested_scopes = $data['requested_scopes'];
|
||||||
|
$data['requested_scopes'] = array();
|
||||||
|
foreach($requested_scopes as $scope)
|
||||||
|
{
|
||||||
|
array_push($data['requested_scopes'], $scope->toArray());
|
||||||
|
}
|
||||||
|
|
||||||
|
$data['required_params'] = array('_token', 'trust');
|
||||||
|
$data['required_params_valid_values'] = array
|
||||||
|
(
|
||||||
|
'trust' => array
|
||||||
|
(
|
||||||
|
IAuthService::AuthorizationResponse_AllowOnce,
|
||||||
|
IAuthService::AuthorizationResponse_DenyOnce,
|
||||||
|
),
|
||||||
|
'_token' => csrf_token()
|
||||||
|
);
|
||||||
|
$data['optional_params'] = array();
|
||||||
|
$data['url'] = URL::action('UserController@postConsent');
|
||||||
|
$data['method'] = 'POST';
|
||||||
|
return Response::json($data, 412);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param array $data
|
||||||
|
* @return SymfonyResponse
|
||||||
|
*/
|
||||||
|
public function getLoginResponse(array $data = array())
|
||||||
|
{
|
||||||
|
$data['required_params'] = array('username','password', '_token');
|
||||||
|
$data['optional_params'] = array('remember');
|
||||||
|
$data['url'] = URL::action('UserController@postLogin');
|
||||||
|
$data['method'] = 'POST';
|
||||||
|
|
||||||
|
if(!isset($data['required_params_valid_values']))
|
||||||
|
{
|
||||||
|
$data['required_params_valid_values'] = array();
|
||||||
|
}
|
||||||
|
|
||||||
|
$data['required_params_valid_values']['_token'] = csrf_token();
|
||||||
|
return Response::json($data, 412);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param array $data
|
||||||
|
* @return SymfonyResponse
|
||||||
|
*/
|
||||||
|
public function getLoginErrorResponse(array $data = array())
|
||||||
|
{
|
||||||
|
return Response::json($data, 412);
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,41 @@
|
||||||
|
<?php
|
||||||
|
/**
|
||||||
|
* Copyright 2015 OpenStack Foundation
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
**/
|
||||||
|
|
||||||
|
namespace strategies;
|
||||||
|
|
||||||
|
use oauth2\OAuth2Protocol;
|
||||||
|
/**
|
||||||
|
* Class DisplayResponseStrategyFactory
|
||||||
|
* @package strategies
|
||||||
|
*/
|
||||||
|
final class DisplayResponseStrategyFactory
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* @param string $display
|
||||||
|
* @return IDisplayResponseStrategy
|
||||||
|
*/
|
||||||
|
static public function build($display)
|
||||||
|
{
|
||||||
|
switch($display)
|
||||||
|
{
|
||||||
|
case OAuth2Protocol::OAuth2Protocol_Display_Native:
|
||||||
|
return new DisplayResponseJsonStrategy;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
return new DisplayResponseUserAgentStrategy;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,58 @@
|
||||||
|
<?php
|
||||||
|
/**
|
||||||
|
* Copyright 2015 OpenStack Foundation
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
**/
|
||||||
|
|
||||||
|
namespace strategies;
|
||||||
|
|
||||||
|
use Symfony\Component\HttpFoundation\Response as SymfonyResponse;
|
||||||
|
use Illuminate\Support\Facades\Response;
|
||||||
|
use Redirect;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Class DisplayResponseUserAgentStrategy
|
||||||
|
* @package strategies
|
||||||
|
*/
|
||||||
|
class DisplayResponseUserAgentStrategy implements IDisplayResponseStrategy
|
||||||
|
{
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param array $data
|
||||||
|
* @return SymfonyResponse
|
||||||
|
*/
|
||||||
|
public function getConsentResponse(array $data = array())
|
||||||
|
{
|
||||||
|
return Response::view("oauth2.consent", $data, 200);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param array $data
|
||||||
|
* @return SymfonyResponse
|
||||||
|
*/
|
||||||
|
public function getLoginResponse(array $data = array())
|
||||||
|
{
|
||||||
|
return Response::view("login", $data, 200);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param array $data
|
||||||
|
* @return SymfonyResponse
|
||||||
|
*/
|
||||||
|
public function getLoginErrorResponse(array $data = array())
|
||||||
|
{
|
||||||
|
return Redirect::action('UserController@getLogin')
|
||||||
|
->with('max_login_attempts_2_show_captcha', $data['max_login_attempts_2_show_captcha'])
|
||||||
|
->with('login_attempts', $data['login_attempts'])
|
||||||
|
->with('username', $data['username'])
|
||||||
|
->with('flash_notice', $data['error_message']);
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,40 @@
|
||||||
|
<?php
|
||||||
|
/**
|
||||||
|
* Copyright 2015 OpenStack Foundation
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
**/
|
||||||
|
|
||||||
|
namespace strategies;
|
||||||
|
|
||||||
|
use Symfony\Component\HttpFoundation\Response as SymfonyResponse;
|
||||||
|
/**
|
||||||
|
* Interface IDisplayResponseStrategy
|
||||||
|
* @package strategies
|
||||||
|
*/
|
||||||
|
interface IDisplayResponseStrategy
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* @param array $data
|
||||||
|
* @return SymfonyResponse
|
||||||
|
*/
|
||||||
|
public function getConsentResponse(array $data = array());
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param array $data
|
||||||
|
* @return SymfonyResponse
|
||||||
|
*/
|
||||||
|
public function getLoginResponse(array $data = array());
|
||||||
|
/**
|
||||||
|
* @param array $data
|
||||||
|
* @return SymfonyResponse
|
||||||
|
*/
|
||||||
|
public function getLoginErrorResponse(array $data = array());
|
||||||
|
}
|
|
@ -73,7 +73,7 @@ class OAuth2ConsentStrategy implements IConsentStrategy
|
||||||
$scopes = explode(' ',$auth_request->getScope());
|
$scopes = explode(' ',$auth_request->getScope());
|
||||||
$requested_scopes = $this->scope_service->getScopesByName($scopes);
|
$requested_scopes = $this->scope_service->getScopesByName($scopes);
|
||||||
|
|
||||||
$data = array();
|
$data = array();
|
||||||
$data['requested_scopes'] = $requested_scopes;
|
$data['requested_scopes'] = $requested_scopes;
|
||||||
$data['app_name'] = $client->getApplicationName();
|
$data['app_name'] = $client->getApplicationName();
|
||||||
$data['redirect_to'] = $auth_request->getRedirectUri();
|
$data['redirect_to'] = $auth_request->getRedirectUri();
|
||||||
|
@ -87,33 +87,9 @@ class OAuth2ConsentStrategy implements IConsentStrategy
|
||||||
$data['app_description'] = $client->getApplicationDescription();
|
$data['app_description'] = $client->getApplicationDescription();
|
||||||
$data['dev_info_email'] = $client->getDeveloperEmail();
|
$data['dev_info_email'] = $client->getDeveloperEmail();
|
||||||
|
|
||||||
$display = $auth_request->getDisplay();
|
$response_strategy = DisplayResponseStrategyFactory::build($auth_request->getDisplay());
|
||||||
|
|
||||||
if($display === OAuth2Protocol::OAuth2Protocol_Display_Page)
|
return $response_strategy->getConsentResponse($data);
|
||||||
return Response::view("oauth2.consent", $data, 200);
|
|
||||||
|
|
||||||
if($display === OAuth2Protocol::OAuth2Protocol_Display_Touch)
|
|
||||||
{
|
|
||||||
$data['requested_scopes'] = array();
|
|
||||||
foreach($requested_scopes as $scope)
|
|
||||||
{
|
|
||||||
array_push($data['requested_scopes'], $scope->toArray());
|
|
||||||
}
|
|
||||||
$data['required_params'] = array('_token', 'trust');
|
|
||||||
$data['required_params_valid_values'] = array
|
|
||||||
(
|
|
||||||
'trust' => array
|
|
||||||
(
|
|
||||||
IAuthService::AuthorizationResponse_AllowOnce,
|
|
||||||
IAuthService::AuthorizationResponse_DenyOnce,
|
|
||||||
),
|
|
||||||
'_token' => csrf_token()
|
|
||||||
);
|
|
||||||
$data['optional_params'] = array();
|
|
||||||
$data['url'] = URL::action('UserController@postConsent');
|
|
||||||
$data['method'] = 'POST';
|
|
||||||
return Response::json($data, 412);
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -55,47 +55,24 @@ class OAuth2LoginStrategy extends DefaultLoginStrategy
|
||||||
|
|
||||||
public function getLogin()
|
public function getLogin()
|
||||||
{
|
{
|
||||||
if (Auth::guest())
|
if (!Auth::guest())
|
||||||
{
|
|
||||||
$requested_user_id = $this->security_context_service->get()->getRequestedUserId();
|
|
||||||
if(!is_null($requested_user_id))
|
|
||||||
{
|
|
||||||
Session::put('username', $this->auth_service->getUserById($requested_user_id)->getEmail());
|
|
||||||
Session::save();
|
|
||||||
}
|
|
||||||
$auth_request = OAuth2AuthorizationRequestFactory::getInstance()->build(
|
|
||||||
OAuth2Message::buildFromMemento(
|
|
||||||
$this->memento_service->load()
|
|
||||||
)
|
|
||||||
);
|
|
||||||
$display = $auth_request->getDisplay();
|
|
||||||
|
|
||||||
if($display === OAuth2Protocol::OAuth2Protocol_Display_Page)
|
|
||||||
return Response::view("login", array(), 200);
|
|
||||||
|
|
||||||
if($display === OAuth2Protocol::OAuth2Protocol_Display_Touch)
|
|
||||||
{
|
|
||||||
$data = array
|
|
||||||
(
|
|
||||||
'required_params' => array('username','password', '_token'),
|
|
||||||
'optional_params' => array('remember'),
|
|
||||||
'required_params_valid_values' => array
|
|
||||||
(
|
|
||||||
'_token' => csrf_token()
|
|
||||||
),
|
|
||||||
'url' => URL::action('UserController@postLogin'),
|
|
||||||
'method' => 'POST',
|
|
||||||
);
|
|
||||||
if(!is_null($requested_user_id))
|
|
||||||
{
|
|
||||||
$data['required_params_valid_values']['username'] = $this->auth_service->getUserById($requested_user_id)->getEmail();
|
|
||||||
}
|
|
||||||
return Response::json($data, 412);
|
|
||||||
}
|
|
||||||
|
|
||||||
} else {
|
|
||||||
return Redirect::action("UserController@getProfile");
|
return Redirect::action("UserController@getProfile");
|
||||||
|
|
||||||
|
$requested_user_id = $this->security_context_service->get()->getRequestedUserId();
|
||||||
|
if (!is_null($requested_user_id)) {
|
||||||
|
Session::put('username', $this->auth_service->getUserById($requested_user_id)->getEmail());
|
||||||
|
Session::save();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$auth_request = OAuth2AuthorizationRequestFactory::getInstance()->build(
|
||||||
|
OAuth2Message::buildFromMemento(
|
||||||
|
$this->memento_service->load()
|
||||||
|
)
|
||||||
|
);
|
||||||
|
|
||||||
|
$response_strategy = DisplayResponseStrategyFactory::build($auth_request->getDisplay());
|
||||||
|
|
||||||
|
return $response_strategy->getLoginResponse();
|
||||||
}
|
}
|
||||||
|
|
||||||
public function postLogin()
|
public function postLogin()
|
||||||
|
@ -130,14 +107,9 @@ class OAuth2LoginStrategy extends DefaultLoginStrategy
|
||||||
$this->memento_service->load()
|
$this->memento_service->load()
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
$display = $auth_request->getDisplay();
|
|
||||||
|
|
||||||
if($display === OAuth2Protocol::OAuth2Protocol_Display_Page)
|
$response_strategy = DisplayResponseStrategyFactory::build($auth_request->getDisplay());
|
||||||
return parent::errorLogin($params);
|
|
||||||
|
|
||||||
if($display === OAuth2Protocol::OAuth2Protocol_Display_Touch)
|
return $response_strategy->getLoginErrorResponse($params);
|
||||||
{
|
|
||||||
return Response::json($params, 412);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
Loading…
Reference in New Issue