diff --git a/app/controllers/HomeController.php b/app/controllers/HomeController.php index 719c0372..b1ddd53d 100644 --- a/app/controllers/HomeController.php +++ b/app/controllers/HomeController.php @@ -15,8 +15,8 @@ class HomeController extends BaseController { //This field contains a semicolon-separated list of representation schemes //which will be accepted in the response to this request. - $accept = Request::header('Accept'); - $accept_values = explode(",", $accept); + $accept = Request::header('Accept'); + $accept_values = explode(",", $accept); if (in_array(XRDSDocumentBuilder::ContentType, $accept_values)) return $this->discovery->idp(); if (Auth::guest()) diff --git a/app/controllers/UserController.php b/app/controllers/UserController.php index af9c2fbf..63ce8579 100644 --- a/app/controllers/UserController.php +++ b/app/controllers/UserController.php @@ -1,9 +1,10 @@ openid_memento_service = $openid_memento_service; $this->oauth2_memento_service = $oauth2_memento_service; @@ -56,6 +58,7 @@ class UserController extends BaseController $this->user_action_service = $user_action_service; $this->client_service = $client_service; $this->scope_service = $scope_service; + $this->token_service = $token_service; //filters $this->beforeFilter('csrf', array('only' => array('postLogin', 'postConsent'))); @@ -89,15 +92,15 @@ class UserController extends BaseController 'postUseRefreshTokenClient', 'postRotateRefreshTokenPolicy'))); - $this->beforeFilter('ajax', array('only' => array( - 'postAddAllowedScope', - 'getRegenerateClientSecret', - 'getDeleteClientAllowedUri', - 'postAddAllowedRedirectUri', - 'getRegisteredClientUris', - 'postActivateClient', - 'postUseRefreshTokenClient', - 'postRotateRefreshTokenPolicy'))); + $this->beforeFilter('ajax', array('only' => array( + 'postAddAllowedScope', + 'getRegenerateClientSecret', + 'getDeleteClientAllowedUri', + 'postAddAllowedRedirectUri', + 'getRegisteredClientUris', + 'postActivateClient', + 'postUseRefreshTokenClient', + 'postRotateRefreshTokenPolicy'))); } @@ -115,7 +118,7 @@ class UserController extends BaseController { try { $max_login_attempts_2_show_captcha = $this->server_configuration_service->getConfigValue("MaxFailed.LoginAttempts.2ShowCaptcha"); - $data = Input::all(); + $data = Input::all(); $login_attempts = intval(Input::get('login_attempts')); // Build the validation constraint set. $rules = array( @@ -200,13 +203,13 @@ class UserController extends BaseController } $params = array( 'show_fullname' => $user->getShowProfileFullName(), - 'username' => $user->getFullName(), - 'show_email' => $user->getShowProfileEmail(), - 'email' => $user->getEmail(), - 'identifier' => $user->getIdentifier(), - 'show_pic' => $user->getShowProfilePic(), - 'pic' => $user->getPic(), - 'another_user' => $another_user, + 'username' => $user->getFullName(), + 'show_email' => $user->getShowProfileEmail(), + 'email' => $user->getEmail(), + 'identifier' => $user->getIdentifier(), + 'show_pic' => $user->getShowProfilePic(), + 'pic' => $user->getPic(), + 'another_user' => $another_user, ); return View::make("identity", $params); } catch (Exception $ex) { @@ -224,21 +227,21 @@ class UserController extends BaseController public function getProfile() { - $user = $this->auth_service->getCurrentUser(); - $sites = $this->trusted_sites_service->getAllTrustedSitesByUser($user); + $user = $this->auth_service->getCurrentUser(); + $sites = $this->trusted_sites_service->getAllTrustedSitesByUser($user); $actions = $user->getActions(); $clients = $user->getClients(); return View::make("profile", array( - "username" => $user->getFullName(), - "openid_url" => $this->server_configuration_service->getUserIdentityEndpointURL($user->getIdentifier()), - "identifier " => $user->getIdentifier(), - "sites" => $sites, - "show_pic" => $user->getShowProfilePic(), + "username" => $user->getFullName(), + "openid_url" => $this->server_configuration_service->getUserIdentityEndpointURL($user->getIdentifier()), + "identifier " => $user->getIdentifier(), + "sites" => $sites, + "show_pic" => $user->getShowProfilePic(), "show_full_name" => $user->getShowProfileFullName(), - "show_email" => $user->getShowProfileEmail(), - 'actions' => $actions, - 'clients' => $clients, + "show_email" => $user->getShowProfileEmail(), + 'actions' => $actions, + 'clients' => $clients, )); } @@ -267,33 +270,51 @@ class UserController extends BaseController return View::make("404"); } - $allowed_uris = $client->getClientRegisteredUris(); + $allowed_uris = $client->getClientRegisteredUris(); $selected_scopes = $client->getClientScopes(); $aux_scopes = array(); foreach ($selected_scopes as $scope) { array_push($aux_scopes, $scope->id); } - $scopes = $this->scope_service->getAvailableScopes(); + $scopes = $this->scope_service->getAvailableScopes(); - return View::make("edit-registered-client", - array('client' => $client, - 'allowed_uris' => $allowed_uris, + $access_tokens = $this->token_service->getAccessTokenByClient($client->client_id); + + foreach($access_tokens as $token){ + $friendly_scopes = $this->scope_service->getFriendlyScopesByName(explode(' ',$token->scope)); + $token->setFriendlyScopes(implode(',',$friendly_scopes)); + } + + $refresh_tokens = $this->token_service->getRefreshTokenByClient($client->client_id); + + foreach($refresh_tokens as $token){ + $friendly_scopes = $this->scope_service->getFriendlyScopesByName(explode(' ',$token->scope)); + $token->setFriendlyScopes(implode(',',$friendly_scopes)); + } + + return View::make("oauth2.profile.edit-client", + array( + 'client' => $client, + 'allowed_uris' => $allowed_uris, 'selected_scopes' => $aux_scopes, - 'scopes' => $scopes + 'scopes' => $scopes, + 'access_tokens' => $access_tokens, + 'refresh_tokens' => $refresh_tokens, )); } - public function getRegisteredClientUris($id){ + public function getRegisteredClientUris($id) + { try { $client = $this->client_service->getClientByIdentifier($id); $allowed_uris = $client->getClientRegisteredUris(); $container = array(); - foreach($allowed_uris as $uri){ - array_push($container,array('id'=>$uri->id,'redirect_uri'=>$uri->uri)); + foreach ($allowed_uris as $uri) { + array_push($container, array('id' => $uri->id, 'redirect_uri' => $uri->uri)); } - return Response::json(array('status' => 'OK','allowed_uris'=>$container)); + return Response::json(array('status' => 'OK', 'allowed_uris' => $container)); } catch (Exception $ex) { Log::error($ex); return Response::json(array('status' => 'ERROR')); @@ -332,8 +353,7 @@ class UserController extends BaseController $app_desc = trim($input['app_desc']); $app_type = $input['app_type']; - if($this->client_service->existClientAppName($app_name)) - { + if ($this->client_service->existClientAppName($app_name)) { throw new Exception("Application Name already exists!"); } @@ -343,23 +363,23 @@ class UserController extends BaseController $clients_response = array(); - foreach($clients as $client){ + foreach ($clients as $client) { array_push($clients_response, array( - 'id' => $client->id, - 'app_name' => $client->app_name, + 'id' => $client->id, + 'app_name' => $client->app_name, 'client_type' => $client->getFriendlyClientType(), - 'active' => $client->active, - 'locked' => $client->locked, - 'updated_at' => $client->updated_at->format('Y-m-d H:i:s') + 'active' => $client->active, + 'locked' => $client->locked, + 'updated_at' => $client->updated_at->format('Y-m-d H:i:s') )); } - return Response::json(array('status' => 'OK','clients'=> $clients_response)); + return Response::json(array('status' => 'OK', 'clients' => $clients_response)); } throw new Exception("invalid param!"); } catch (Exception $ex) { Log::error($ex); - return Response::json(array('status' => 'ERROR', 'msg'=> $ex->getMessage())); + return Response::json(array('status' => 'ERROR', 'msg' => $ex->getMessage())); } } @@ -383,14 +403,12 @@ class UserController extends BaseController } else { return Response::json(array('status' => 'ERROR')); } - } - catch (AllowedClientUriAlreadyExistsException $ex1) { + } catch (AllowedClientUriAlreadyExistsException $ex1) { Log::error($ex1); - return Response::json(array('status' => 'ERROR','msg'=>'Uri already exists!')); - } - catch (Exception $ex) { + return Response::json(array('status' => 'ERROR', 'msg' => 'Uri already exists!')); + } catch (Exception $ex) { Log::error($ex); - return Response::json(array('status' => 'ERROR','msg'=>'There was an error!')); + return Response::json(array('status' => 'ERROR', 'msg' => 'There was an error!')); } } @@ -409,7 +427,7 @@ class UserController extends BaseController { try { $new_secret = $this->client_service->regenerateClientSecret($id); - return Response::json(array('status' => 'OK','new_secret'=>$new_secret)); + return Response::json(array('status' => 'OK', 'new_secret' => $new_secret)); } catch (Exception $ex) { Log::error($ex); return Response::json(array('status' => 'ERROR')); @@ -424,21 +442,20 @@ class UserController extends BaseController // Build the validation constraint set. $rules = array( - 'scope_id' => 'required', - 'checked' => 'required', + 'scope_id' => 'required', + 'checked' => 'required', ); // Create a new validator instance. $validator = Validator::make($input, $rules); if ($validator->passes()) { $client_id = $id; - $checked = $input['checked']; - $scope_id = $input['scope_id']; - if($checked){ - $this->client_service->addClientScope($client_id,$scope_id); - } - else{ - $this->client_service->deleteClientScope($client_id,$scope_id); + $checked = $input['checked']; + $scope_id = $input['scope_id']; + if ($checked) { + $this->client_service->addClientScope($client_id, $scope_id); + } else { + $this->client_service->deleteClientScope($client_id, $scope_id); } return Response::json(array('status' => 'OK')); } @@ -448,22 +465,23 @@ class UserController extends BaseController } } - public function postActivateClient($id){ + public function postActivateClient($id) + { try { $input = Input::All(); // Build the validation constraint set. $rules = array( - 'active' => 'required', + 'active' => 'required', ); // Create a new validator instance. $validator = Validator::make($input, $rules); if ($validator->passes()) { - $active = $input['active']; + $active = $input['active']; - $this->client_service->activateClient($id,$active); + $this->client_service->activateClient($id, $active); return Response::json(array('status' => 'OK')); } @@ -473,22 +491,23 @@ class UserController extends BaseController } } - public function postUseRefreshTokenClient($id){ + public function postUseRefreshTokenClient($id) + { try { $input = Input::All(); // Build the validation constraint set. $rules = array( - 'use_refresh_token' => 'required' + 'use_refresh_token' => 'required' ); // Create a new validator instance. $validator = Validator::make($input, $rules); if ($validator->passes()) { - $use_refresh_token = $input['use_refresh_token']; + $use_refresh_token = $input['use_refresh_token']; - $this->client_service->setRefreshTokenUsage($id,$use_refresh_token); + $this->client_service->setRefreshTokenUsage($id, $use_refresh_token); return Response::json(array('status' => 'OK')); } @@ -498,13 +517,14 @@ class UserController extends BaseController } } - public function postRotateRefreshTokenPolicy($id){ + public function postRotateRefreshTokenPolicy($id) + { try { $input = Input::All(); // Build the validation constraint set. $rules = array( - 'rotate_refresh_token' => 'required' + 'rotate_refresh_token' => 'required' ); // Create a new validator instance. @@ -512,9 +532,9 @@ class UserController extends BaseController if ($validator->passes()) { - $rotate_refresh_token = $input['rotate_refresh_token']; + $rotate_refresh_token = $input['rotate_refresh_token']; - $this->client_service->setRotateRefreshTokenPolicy($id,$rotate_refresh_token); + $this->client_service->setRotateRefreshTokenPolicy($id, $rotate_refresh_token); return Response::json(array('status' => 'OK')); } @@ -523,4 +543,43 @@ class UserController extends BaseController return Response::json(array('status' => 'ERROR')); } } + + public function getRevokeToken($value, $hint) + { + try { + $res = false; + switch ($hint) { + case 'access-token': + $res = $this->token_service->revokeAccessToken($value, true); + break; + case 'refresh-token': + $res = $this->token_service->revokeRefreshToken($value, true); + break; + default: + break; + } + + return $res ? Response::json(array('status' => 'OK')) : Response::json(array('status' => 'ERROR')); + } + catch (Exception $ex) { + Log::error($ex); + return Response::json(array('status' => 'ERROR')); + } + } + + public function getAccessTokens($client_id){ + + $access_tokens = $this->token_service->getAccessTokenByClient($client_id); + $res = array(); + foreach($access_tokens as $token){ + $friendly_scopes = $this->scope_service->getFriendlyScopesByName(explode(' ',$token->scope)); + array_push($res,array( + 'value' => $token->value, + 'scope' => implode(',',$friendly_scopes), + 'lifetime' => $token->getRemainingLifetime(), + 'issued' => $token->created_at->format('Y-m-d H:i:s') + )); + } + return Response::json(array('status' => 'OK','access_tokens'=>$res)); + } } diff --git a/app/database/migrations/2013_10_17_211051_create_trusted_sites_table.php b/app/database/migrations/2013_10_17_211051_create_trusted_sites_table.php index c01e3921..01102ce0 100644 --- a/app/database/migrations/2013_10_17_211051_create_trusted_sites_table.php +++ b/app/database/migrations/2013_10_17_211051_create_trusted_sites_table.php @@ -10,7 +10,7 @@ class CreateTrustedSitesTable extends Migration { { $table->bigIncrements('id')->unsigned(); $table->string('realm',1024); - $table->string('data',5000)->nullable(); + $table->text('data')->nullable(); $table->string('policy',255); $table->bigInteger("user_id")->unsigned(); }); diff --git a/app/filters.php b/app/filters.php index 9d23f171..44b29b49 100644 --- a/app/filters.php +++ b/app/filters.php @@ -49,7 +49,14 @@ App::after(function ($request, $response) { */ Route::filter('auth', function () { - if (Auth::guest()) return Redirect::action('HomeController@index'); + if (Auth::guest()) { + Session::put('url.intended', URL::full()); + return Redirect::action('HomeController@index'); + } + if ($redirect = Session::get('url.intended')) { + Session::forget('url.intended'); + return Redirect::to($redirect); + } }); diff --git a/app/libs/oauth2/grant_types/AbstractGrantType.php b/app/libs/oauth2/grant_types/AbstractGrantType.php index 37ea979d..3ead81e9 100644 --- a/app/libs/oauth2/grant_types/AbstractGrantType.php +++ b/app/libs/oauth2/grant_types/AbstractGrantType.php @@ -53,12 +53,12 @@ abstract class AbstractGrantType implements IGrantType throw new InvalidClientException; if (!$this->current_client->isActive() || $this->current_client->isLocked()) { - throw new UnAuthorizedClientException(); + throw new UnAuthorizedClientException(sprintf('client id %s',$this->current_client_id)); } //verify client credentials (only for confidential clients ) if ($this->current_client->getClientType() == IClient::ClientType_Confidential && $this->current_client->getClientSecret() !== $this->current_client_secret) - throw new UnAuthorizedClientException; + throw new UnAuthorizedClientException(sprintf('client id %s',$this->current_client_id)); } } \ No newline at end of file diff --git a/app/libs/oauth2/services/IApiScopeService.php b/app/libs/oauth2/services/IApiScopeService.php index 456064ca..bd9bb2bf 100644 --- a/app/libs/oauth2/services/IApiScopeService.php +++ b/app/libs/oauth2/services/IApiScopeService.php @@ -8,6 +8,8 @@ interface IApiScopeService { */ public function getScopesByName(array $scopes_names); + public function getFriendlyScopesByName(array $scopes_names); + /** get all active scopes * @return mixed */ diff --git a/app/libs/oauth2/services/ITokenService.php b/app/libs/oauth2/services/ITokenService.php index df4de8c3..7bbc9280 100644 --- a/app/libs/oauth2/services/ITokenService.php +++ b/app/libs/oauth2/services/ITokenService.php @@ -108,6 +108,10 @@ interface ITokenService { */ public function revokeClientRelatedTokens($client_id); + public function getAccessTokenByClient($client_id); + + public function getRefreshTokenByClient($client_id); + /** * Revokes a given access token diff --git a/app/libs/openid/requests/contexts/RequestContext.php b/app/libs/openid/requests/contexts/RequestContext.php index 20e64904..46ec7d66 100644 --- a/app/libs/openid/requests/contexts/RequestContext.php +++ b/app/libs/openid/requests/contexts/RequestContext.php @@ -11,7 +11,7 @@ class RequestContext public function __construct() { $this->partial_views = array(); - $this->trusted_data = array(); + $this->trusted_data = array(); } public function addPartialView(PartialView $partial_view) diff --git a/app/models/oauth2/AccessToken.php b/app/models/oauth2/AccessToken.php index 7685f93c..882ebfca 100644 --- a/app/models/oauth2/AccessToken.php +++ b/app/models/oauth2/AccessToken.php @@ -1,11 +1,14 @@ belongsTo('RefreshToken'); @@ -14,4 +17,34 @@ class AccessToken extends Eloquent { public function client(){ return $this->belongsTo('Client'); } + + public function isVoid(){ + //check lifetime... + $created_at = $this->created_at; + $created_at->add(new DateInterval('PT' . $this->lifetime . 'S')); + $now = new DateTime(gmdate("Y-m-d H:i:s", time())); + return ($now > $created_at); + } + + public function getFriendlyScopes(){ + return $this->friendly_scopes; + } + + public function setFriendlyScopes($friendly_scopes){ + $this->friendly_scopes = $friendly_scopes; + } + + public function getRemainingLifetime() + { + //check is refresh token is stills alive... (ZERO is infinite lifetime) + if ($this->lifetime === 0) return 0; + $created_at = new DateTime($this->created_at); + $created_at->add(new DateInterval('PT' . $this->lifetime . 'S')); + $now = new DateTime(gmdate("Y-m-d H:i:s", time())); + //check validity... + if ($now > $created_at) + return -1; + $seconds = abs($created_at->getTimestamp() - $now->getTimestamp());; + return $seconds; + } } \ No newline at end of file diff --git a/app/models/oauth2/RefreshToken.php b/app/models/oauth2/RefreshToken.php index 3c4bf908..1a8d2c7b 100644 --- a/app/models/oauth2/RefreshToken.php +++ b/app/models/oauth2/RefreshToken.php @@ -4,6 +4,8 @@ class RefreshToken extends Eloquent { protected $table = 'oauth2_refresh_token'; + private $friendly_scopes; + protected $fillable = array('value', 'from_ip', 'lifetime','scope','audience','void','created_at','updated_at','client_id'); public function access_tokens() @@ -15,4 +17,35 @@ class RefreshToken extends Eloquent { return $this->belongsTo('Client'); } + public function isVoid(){ + if($this->lifetime === 0) return false; + //check lifetime... + $created_at = $this->created_at; + $created_at->add(new DateInterval('PT' . $this->lifetime . 'S')); + $now = new DateTime(gmdate("Y-m-d H:i:s", time())); + return ($now > $created_at); + } + + + public function getRemainingLifetime() + { + //check is refresh token is stills alive... (ZERO is infinite lifetime) + if ($this->lifetime === 0) return 0; + $created_at = new DateTime($this->created_at); + $created_at->add(new DateInterval('PT' . $this->lifetime . 'S')); + $now = new DateTime(gmdate("Y-m-d H:i:s", time())); + //check validity... + if ($now > $created_at) + return -1; + $seconds = abs($created_at->getTimestamp() - $now->getTimestamp());; + return $seconds; + } + + public function getFriendlyScopes(){ + return $this->friendly_scopes; + } + + public function setFriendlyScopes($friendly_scopes){ + $this->friendly_scopes = $friendly_scopes; + } } \ No newline at end of file diff --git a/app/routes.php b/app/routes.php index a3af86dd..971974fa 100644 --- a/app/routes.php +++ b/app/routes.php @@ -58,8 +58,10 @@ Route::group(array("before" => array("ssl", "auth")), function () { Route::get('/accounts/user/profile/clients/redirect_uri/delete/{id}/{uri_id}','UserController@getDeleteClientAllowedUri'); Route::post('/accounts/user/profile/clients/scope/add/{id}','UserController@postAddAllowedScope'); Route::post('/accounts/user/profile/clients/activate/{id}','UserController@postActivateClient'); - Route::post('/accounts/user/profile/clients/use/refresh_token/{id}','UserController@postUseRefreshTokenClient'); - Route::post('/accounts/user/profile/clients/rotate/refresh_token/{id}','UserController@postRotateRefreshTokenPolicy'); + Route::post('/accounts/user/profile/clients/token/use/refresh_token/{id}','UserController@postUseRefreshTokenClient'); + Route::post('/accounts/user/profile/clients/token/rotate/refresh_token/{id}','UserController@postRotateRefreshTokenPolicy'); + Route::get('/accounts/user/profile/clients/token/revoke/{value}/{hint}','UserController@getRevokeToken'); + Route::get('/accounts/user/profile/clients/token/access_tokens/{client_id}','UserController@getAccessTokens'); }); diff --git a/app/services/oauth2/ApiScopeService.php b/app/services/oauth2/ApiScopeService.php index 6932364a..3b0a9876 100644 --- a/app/services/oauth2/ApiScopeService.php +++ b/app/services/oauth2/ApiScopeService.php @@ -4,6 +4,7 @@ namespace services\oauth2; use oauth2\services\IApiScopeService; use ApiScope; +use DB; class ApiScopeService implements IApiScopeService { @@ -16,6 +17,11 @@ class ApiScopeService implements IApiScopeService { return ApiScope::where('active','=',true)->whereIn('name',$scopes_names)->get(); } + public function getFriendlyScopesByName(array $scopes_names){ + + return DB::table('oauth2_api_scope')->where('active','=',true)->whereIn('name',$scopes_names)->lists('short_description'); + } + /** get all active scopes * @return mixed */ diff --git a/app/services/oauth2/ClientService.php b/app/services/oauth2/ClientService.php index e9e79c03..df9c6cd4 100644 --- a/app/services/oauth2/ClientService.php +++ b/app/services/oauth2/ClientService.php @@ -82,7 +82,7 @@ class ClientService implements IClientService $instance->client_id = Rand::getString(32, OAuth2Protocol::VsChar, true) . '.openstack.client'; //only generates secret for confidential clients if ($client_type == IClient::ClientType_Confidential) - $instance->client_secret = Rand::getString(16, OAuth2Protocol::VsChar, true); + $instance->client_secret = Rand::getString(24, OAuth2Protocol::VsChar, true); $instance->client_type = $client_type; $instance->user_id = $user_id; $instance->active = true; @@ -169,7 +169,7 @@ class ClientService implements IClientService DB::transaction(function () use ($id, &$new_secret) { $client = Client::find($id); if (!is_null($client)) { - $client_secret = Rand::getString(16, OAuth2Protocol::VsChar, true); + $client_secret = Rand::getString(24, OAuth2Protocol::VsChar, true); $client->client_secret = $client_secret; $client->Save(); $token_service = Registry::getInstance()->get(OAuth2ServiceCatalog::TokenService); diff --git a/app/services/oauth2/TokenService.php b/app/services/oauth2/TokenService.php index 4fad5220..8ae8098b 100644 --- a/app/services/oauth2/TokenService.php +++ b/app/services/oauth2/TokenService.php @@ -359,12 +359,8 @@ class TokenService implements ITokenService $lock_name = 'lock.get.accesstoken.' . $hashed_value; $this->lock_manager_service->acquireLock($lock_name); - //check lifetime... - $lifetime = $access_token_db->lifetime; - $created_at = $access_token_db->created_at; - $created_at->add(new DateInterval('PT' . $lifetime . 'S')); - $now = new DateTime(gmdate("Y-m-d H:i:s", time())); - if ($now > $created_at) { + + if ($access_token_db->isVoid()){ //invalid one ... $access_token_db->delete(); throw new InvalidGrantTypeException(sprintf('Access token %s is expired!', $value)); @@ -496,14 +492,8 @@ class TokenService implements ITokenService } //check is refresh token is stills alive... (ZERO is infinite lifetime) - if ($refresh_token_db->lifetime !== 0) { - $created_at = $refresh_token_db->created_at; - $created_at->add(new DateInterval('PT' . $refresh_token_db->lifetime . 'S')); - $now = new DateTime(gmdate("Y-m-d H:i:s", time())); - //check validity... - if ($now > $created_at) - throw new InvalidGrantTypeException(sprintf("Refresh token %s is expired!", $value)); - } + if($refresh_token_db->isVoid()) + throw new InvalidGrantTypeException(sprintf("Refresh token %s is expired!", $value)); $client = $refresh_token_db->client()->first(); @@ -589,13 +579,14 @@ class TokenService implements ITokenService $access_tokens = $this->cache_service->getSet($client_id . self::ClientAccessTokenPrefixList); DB::transaction(function () use ($client_id, $auth_codes, $access_tokens) { - + $client = $this->client_service->getClientById($client_id); + if(is_null($client)) return; + //revoke on cache $this->cache_service->deleteArray($auth_codes); $this->cache_service->deleteArray($access_tokens); - - DBAccessToken::where('client_id','=',$client_id)->delete(); - DBRefreshToken::where('client_id','=',$client_id)->delete(); - + //revoke on db + $client->access_tokens()->delete(); + $client->refresh_tokens()->delete(); //delete client list (auth codes and access tokens) $this->cache_service->delete($client_id . self::ClientAuthCodePrefixList); $this->cache_service->delete($client_id . self::ClientAccessTokenPrefixList); @@ -641,11 +632,12 @@ class TokenService implements ITokenService public function clearAccessTokensForRefreshToken($value, $is_hashed = false){ $hashed_value = !$is_hashed?Hash::compute('sha256', $value):$value; - - DB::transaction(function () use ($hashed_value) { + $res = false; + DB::transaction(function () use ($hashed_value, &$res) { $refresh_token_db = DBRefreshToken::where('value','=',$hashed_value)->first(); if(!is_null($refresh_token_db)){ $access_tokens_db = DBAccessToken::where('refresh_token_id','=',$refresh_token_db->id)->get(); + if(!count($access_tokens_db)) $res = true; foreach($access_tokens_db as $access_token_db){ $res = $this->cache_service->delete($access_token_db->value); $client = $access_token_db->client()->first(); @@ -654,7 +646,27 @@ class TokenService implements ITokenService } } }); + return $res; } + public function getAccessTokenByClient($client_id){ + $client = $this->client_service->getClientById($client_id); + $res = array(); + $access_tokens = $client->access_tokens()->get(); + foreach($access_tokens as $access_token){ + if(!$access_token->isVoid()) array_push($res,$access_token); + } + return $res; + } + + public function getRefreshTokenByClient($client_id){ + $client = $this->client_service->getClientById($client_id); + $res = array(); + $refresh_tokens = $client->refresh_tokens()->where('void','=',false)->get(); + foreach($refresh_tokens as $refresh_token){ + if(!$refresh_token->isVoid()) array_push($res,$refresh_token); + } + return $res; + } } diff --git a/app/strategies/DefaultLoginStrategy.php b/app/strategies/DefaultLoginStrategy.php index 78bf63fb..d82a37c2 100644 --- a/app/strategies/DefaultLoginStrategy.php +++ b/app/strategies/DefaultLoginStrategy.php @@ -7,6 +7,7 @@ use services\IPHelper; use services\IUserActionService; use utils\services\IAuthService; use View; +use URL; class DefaultLoginStrategy implements ILoginStrategy { @@ -33,7 +34,9 @@ class DefaultLoginStrategy implements ILoginStrategy $user = $this->auth_service->getCurrentUser(); $identifier = $user->getIdentifier(); $this->user_action_service->addUserAction($this->auth_service->getCurrentUser(), IPHelper::getUserIp(), IUserActionService::LoginAction); - return Redirect::action("UserController@getIdentity", array("identifier" => $identifier)); + $default_url = URL::action("UserController@getIdentity", array("identifier" => $identifier)); + return Redirect::intended($default_url); + } public function cancelLogin() diff --git a/app/strategies/OpenIdConsentStrategy.php b/app/strategies/OpenIdConsentStrategy.php index 3ce129f0..b90c24ed 100644 --- a/app/strategies/OpenIdConsentStrategy.php +++ b/app/strategies/OpenIdConsentStrategy.php @@ -26,10 +26,10 @@ class OpenIdConsentStrategy implements IConsentStrategy public function __construct(IMementoOpenIdRequestService $memento_service, IAuthService $auth_service, IServerConfigurationService $server_configuration_service, IUserActionService $user_action_service) { - $this->memento_service = $memento_service; - $this->auth_service = $auth_service; + $this->memento_service = $memento_service; + $this->auth_service = $auth_service; $this->server_configuration_service = $server_configuration_service; - $this->user_action_service = $user_action_service; + $this->user_action_service = $user_action_service; } public function getConsent() @@ -44,16 +44,12 @@ class OpenIdConsentStrategy implements IConsentStrategy if (is_null($context)) throw new InvalidRequestContextException(); $partial_views = $context->getPartials(); - $data = array(); - $views = array(); - foreach ($partial_views as $partial) { - $views[$partial->getName()] = View::make($partial->getName(), $partial->getData()); - } - $request = $this->memento_service->getCurrentRequest(); - $user = $this->auth_service->getCurrentUser(); - $data['realm'] = $request->getParam(OpenIdProtocol::OpenIDProtocol_Realm); + $data = array(); + $request = $this->memento_service->getCurrentRequest(); + $user = $this->auth_service->getCurrentUser(); + $data['realm'] = $request->getParam(OpenIdProtocol::OpenIDProtocol_Realm); $data['openid_url'] = $this->server_configuration_service->getUserIdentityEndpointURL($user->getIdentifier()); - $data['views'] = $views; + $data['views'] = $partial_views; return $data; } diff --git a/app/views/edit-registered-client.blade.php b/app/views/edit-registered-client.blade.php deleted file mode 100644 index 29af161a..00000000 --- a/app/views/edit-registered-client.blade.php +++ /dev/null @@ -1,363 +0,0 @@ -@extends('layout') - -@section('title') -Welcome to openstackId - Edit Registered Application -@stop - -@section('content') -Go Back - -{{ $client->app_name }} - -@if($errors->any()) -
- -
-@endif -
-

 OAuth 2.0 Client ID

-
-
- -
-
- - {{ $client->client_id }} -
-
- @if($client->client_type === oauth2\models\IClient::ClientType_Confidential) -
-
- - {{ $client->client_secret }} - {{ HTML::link(URL::action("UserController@getRegenerateClientSecret",array("id"=>$client->id)),'Regenerate',array('class'=>'btn regenerate-client-secret','title'=>'Regenerates Client Secret')) }} -
-
-
-
- -
-
-
-
- -
-
-
-
- -
-
- @endif -
-
-

 Authorized Redirection Uris

-
-
- -
-
- - - {{ HTML::link(URL::action("UserController@postAddAllowedRedirectUri",array("id"=>$client->id)),'Add',array('class'=>'btn add-uri-client','title'=>'Add a new Registered Client Uri')) }} -
-
- @if (count($allowed_uris)>0) -
-
- - - - - - - - - @foreach ($allowed_uris as $uri) - - - - - @endforeach - -
Authorized Uri 
{{ $uri->uri }} {{ HTML::link(URL::action("UserController@getDeleteClientAllowedUri",array("id"=>$client->id,'uri_id'=>$uri->id)),'Delete',array('class'=>'btn del-allowed-uri','title'=>'Deletes a Allowed Uri')) }}
-
-
- @endif -
-
-

 Application Allowed Scopes

-
-
-
  • - - @foreach ($scopes as $scope) - getApiName(); ?> - @if($last_api!=$current_api) - @if($last_api!='') -
-
  • - @endif - - {{ $current_api }}  -
      - - @endif -
    • - -
      • - @endforeach -
    -
    • -
    -
    -
    -@stop - -@section('scripts') - -@stop \ No newline at end of file diff --git a/app/views/extensions/oauth2.blade.php b/app/views/extensions/oauth2.blade.php index 8668782a..bfdee339 100644 --- a/app/views/extensions/oauth2.blade.php +++ b/app/views/extensions/oauth2.blade.php @@ -28,7 +28,8 @@ @endif -@section('subscripts') +@section('scripts') +@parent +@stop diff --git a/app/views/oauth2/profile/edit-client-redirect-uris.blade.php b/app/views/oauth2/profile/edit-client-redirect-uris.blade.php new file mode 100644 index 00000000..33b9be70 --- /dev/null +++ b/app/views/oauth2/profile/edit-client-redirect-uris.blade.php @@ -0,0 +1,158 @@ +
    +
    + +
    +
    + + + {{HTML::link(URL::action("UserController@postAddAllowedRedirectUri",array("id"=>$client->id)),'Add',array('class'=>'btn add-uri-client','title'=>'Add a new Registered Client Uri')) }} + +
    +
    + @if (count($allowed_uris)>0) +
    +
    + + + + + + + + + @foreach ($allowed_uris as $uri) + + + + + @endforeach + +
    Authorized Uri 
    {{ $uri->uri }} {{ HTML::link(URL::action("UserController@getDeleteClientAllowedUri",array("id"=>$client->id,'uri_id'=>$uri->id)),'Delete',array('class'=>'btn del-allowed-uri','title'=>'Deletes a Allowed Uri')) }}
    +
    +
    + @endif +
    +
    +@section('scripts') +@parent + +@stop \ No newline at end of file diff --git a/app/views/oauth2/profile/edit-client-scopes.blade.php b/app/views/oauth2/profile/edit-client-scopes.blade.php new file mode 100644 index 00000000..e6564571 --- /dev/null +++ b/app/views/oauth2/profile/edit-client-scopes.blade.php @@ -0,0 +1,58 @@ +
    +
    + +
  • + @endif + + {{ $current_api }}  +
      + + @endif +
    • + +
      • + @endforeach +
    +
    • +
    +
    +@section('scripts') +@parent + +@stop \ No newline at end of file diff --git a/app/views/oauth2/profile/edit-client-tokens.blade.php b/app/views/oauth2/profile/edit-client-tokens.blade.php new file mode 100644 index 00000000..e056b211 --- /dev/null +++ b/app/views/oauth2/profile/edit-client-tokens.blade.php @@ -0,0 +1,196 @@ +
    +
    +

    Issued Access Tokens

    +
    +
    +
    +
    +
    + +
    + + + + + + + + + + + @foreach ($access_tokens as $access_token) + + + + + + + @endforeach + + +
    +

    Issued Refresh Tokens

    +
    +
    +
    +
    +
    + +
    + + + + + + + + + + @foreach ($refresh_tokens as $refresh_token) + + + + @if($refresh_token->getRemainingLifetime()===0) + + @else + + @endif + + + @endforeach + + + +
    +@section('scripts') +@parent + +@stop + + + + + + diff --git a/app/views/oauth2/profile/edit-client.blade.php b/app/views/oauth2/profile/edit-client.blade.php new file mode 100644 index 00000000..f113a930 --- /dev/null +++ b/app/views/oauth2/profile/edit-client.blade.php @@ -0,0 +1,54 @@ +@extends('layout') + +@section('title') +Welcome to openstackId - Edit Registered Application +@stop + +@section('content') +Go Back + +{{ $client->app_name }} + +@if($errors->any()) +
    + +
    +@endif +
    +

     OAuth 2.0 Client ID

    + @include('oauth2.profile.edit-client-data',array('access_tokens' => $access_tokens, 'refresh_tokens' => $refresh_tokens,'client'=>$client,'allowed_uris'=>$allowed_uris)) +

     Authorized Redirection Uris

    + @include('oauth2.profile.edit-client-redirect-uris',array('access_tokens' => $access_tokens, 'refresh_tokens' => $refresh_tokens,'client'=>$client,'allowed_uris'=>$allowed_uris)) +

     Application Allowed Scopes

    + @include('oauth2.profile.edit-client-scopes',array('access_tokens' => $access_tokens, 'refresh_tokens' => $refresh_tokens,'client'=>$client) ) +

     Application Grants

    + @include('oauth2.profile.edit-client-tokens',array('access_tokens' => $access_tokens, 'refresh_tokens' => $refresh_tokens,'client'=>$client) ) + +
    +@stop +@section('scripts') + +@stop \ No newline at end of file diff --git a/app/views/openid/consent.blade.php b/app/views/openid/consent.blade.php index 16861ea2..e723c645 100644 --- a/app/views/openid/consent.blade.php +++ b/app/views/openid/consent.blade.php @@ -19,8 +19,8 @@ Welcome, {{Auth::user()

    A site identifying itself as {{ $realm }}

    has asked us for confirmation that {{ str_replace("%23","#",$openid_url) }} is your identity URL

    - @foreach ($views as $view) - {{ $view}} + @foreach ($views as $partial) + @include($partial->getName(),$partial->getData()) @endforeach