openinfra/openstackid
Code Issues Proposed changes

IDP Upgrade from Laravel 4.X to 5.X

Browse Source 
In order to migrate IDP from LV 4.x to
latest LV version, following task were performed:

* Updated namespace to be complain with PSR-4
* General Refactoring: moved all DB access code
  from services to repositories.
* Migration to LV 5.X: these migration guides
  were applied
  - https://laravel.com/docs/5.3/upgrade#upgrade-5.0
  - https://laravel.com/docs/5.3/upgrade#upgrade-5.1.0
  - https://laravel.com/docs/5.3/upgrade#upgrade-5.2.0
* Improved caching: added repositories decorators
  in order to add REDIS cache to queries, entities

Change-Id: I8edf9f5fce6585129701c88bb88332f242307534
This commit is contained in:
Sebastian Marcet
2016-04-13 20:11:36 -03:00
parent 9c8ed1ae7d
commit 6b0d6c36af
955 changed files with 24795 additions and 16477 deletions
Download Patch File Download Diff File Expand all files Collapse all files

82
app/Strategies/DefaultLoginStrategy.php Normal file
View File

@@ -0,0 +1,82 @@
<?php namespace Strategies;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use Utils\IPHelper;
use Services\IUserActionService;
use Utils\Services\IAuthService;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Redirect;
use Illuminate\Support\Facades\View;
use Illuminate\Support\Facades\URL;
/**
* Class DefaultLoginStrategy
* @package Strategies
*/
class DefaultLoginStrategy implements ILoginStrategy
{
/**
* @var IUserActionService
*/
protected $user_action_service;
/**
* @var IAuthService
*/
protected $auth_service;
public function __construct(IUserActionService $user_action_service,
IAuthService $auth_service)
{
$this->user_action_service = $user_action_service;
$this->auth_service = $auth_service;
}
public function getLogin()
{
if (Auth::guest())
return View::make("login");
return Redirect::action("UserController@getProfile");
}
public function postLogin()
{
$user = $this->auth_service->getCurrentUser();
$identifier = $user->getIdentifier();
$this->user_action_service->addUserAction($this->auth_service->getCurrentUser()->getId(), IPHelper::getUserIp(), IUserActionService::LoginAction);
$default_url = URL::action("UserController@getIdentity", array("identifier" => $identifier));
return Redirect::intended($default_url);
}
public function cancelLogin()
{
return Redirect::action("HomeController@index");
}
/**
* @param array $params
* @return mixed
*/
public function errorLogin(array $params)
{
$response = Redirect::action('UserController@getLogin')
->with('max_login_attempts_2_show_captcha', $params['max_login_attempts_2_show_captcha'])
->with('login_attempts', $params['login_attempts']);
if(isset($params['username']))
$response= $response->with('username', $params['username']);
if(isset($params['error_message']))
$response = $response->with('flash_notice', $params['error_message']);
if(isset($params['validator']))
$response = $response->withErrors($params['validator']);
return $response;
}
}

31
app/Strategies/DirectResponseStrategy.php Normal file
View File

@@ -0,0 +1,31 @@
<?php namespace Strategies;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use Utils\IHttpResponseStrategy;
use Illuminate\Support\Facades\Response;
/**
* Class DirectResponseStrategy
* @package Strategies
*/
class DirectResponseStrategy implements IHttpResponseStrategy
{
public function handle($response)
{
$http_response = Response::make($response->getContent(), $response->getHttpCode());
$http_response->header('Content-Type', $response->getContentType());
$http_response->header('Cache-Control','no-cache, no-store, max-age=0, must-revalidate');
$http_response->header('Pragma','no-cache');
return $http_response;
}
}

95
app/Strategies/DisplayResponseJsonStrategy.php Normal file
View File

@@ -0,0 +1,95 @@
<?php namespace Strategies;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use Illuminate\Contracts\Support\MessageProvider;
use Symfony\Component\HttpFoundation\Response as SymfonyResponse;
use Illuminate\Support\Facades\Response;
use Utils\Services\IAuthService;
use Illuminate\Support\Facades\URL;
/**
* Class DisplayResponseJsonStrategy
* @package Strategies
*/
class DisplayResponseJsonStrategy implements IDisplayResponseStrategy
{
/**
* @param array $data
* @return SymfonyResponse
*/
public function getConsentResponse(array $data = array())
{
// fix scopes
$requested_scopes = $data['requested_scopes'];
$data['requested_scopes'] = array();
foreach($requested_scopes as $scope)
{
array_push($data['requested_scopes'], $scope->toArray());
}
$data['required_params'] = array('_token', 'trust');
$data['required_params_valid_values'] = array
(
'trust' => array
(
IAuthService::AuthorizationResponse_AllowOnce,
IAuthService::AuthorizationResponse_DenyOnce,
),
'_token' => csrf_token()
);
$data['optional_params'] = array();
$data['url'] = URL::action('UserController@postConsent');
$data['method'] = 'POST';
return Response::json($data, 412);
}
/**
* @param array $data
* @return SymfonyResponse
*/
public function getLoginResponse(array $data = array())
{
$data['required_params'] = array('username','password', '_token');
$data['optional_params'] = array('remember');
$data['url'] = URL::action('UserController@postLogin');
$data['method'] = 'POST';
if(!isset($data['required_params_valid_values']))
{
$data['required_params_valid_values'] = array();
}
$data['required_params_valid_values']['_token'] = csrf_token();
return Response::json($data, 412);
}
/**
* @param array $data
* @return SymfonyResponse
*/
public function getLoginErrorResponse(array $data = array())
{
if(isset($data['validator']) && $data['validator'] instanceof MessageProvider )
{
$validator = $data['validator'];
unset($data['validator']);
$data['error_message'] = array();
$errors = $validator->getMessageBag()->getMessages();
foreach($errors as $e)
{
array_push($data['error_message'],$e[0]);
}
}
return Response::json($data, 412);
}
}

38
app/Strategies/DisplayResponseStrategyFactory.php Normal file
View File

@@ -0,0 +1,38 @@
<?php namespace Strategies;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use OAuth2\OAuth2Protocol;
/**
* Class DisplayResponseStrategyFactory
* @package Strategies
*/
final class DisplayResponseStrategyFactory
{
/**
* @param string $display
* @return IDisplayResponseStrategy
*/
static public function build($display)
{
switch($display)
{
case OAuth2Protocol::OAuth2Protocol_Display_Native:
return new DisplayResponseJsonStrategy;
break;
default:
return new DisplayResponseUserAgentStrategy;
break;
}
return null;
}
}

61
app/Strategies/DisplayResponseUserAgentStrategy.php Normal file
View File

@@ -0,0 +1,61 @@
<?php namespace Strategies;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use Symfony\Component\HttpFoundation\Response as SymfonyResponse;
use Illuminate\Support\Facades\Response;
use Illuminate\Support\Facades\Redirect;
/**
* Class DisplayResponseUserAgentStrategy
* @package Strategies
*/
class DisplayResponseUserAgentStrategy implements IDisplayResponseStrategy
{
/**
* @param array $data
* @return SymfonyResponse
*/
public function getConsentResponse(array $data = array())
{
return Response::view("oauth2.consent", $data, 200);
}
/**
* @param array $data
* @return SymfonyResponse
*/
public function getLoginResponse(array $data = array())
{
return Response::view("login", $data, 200);
}
/**
* @param array $data
* @return SymfonyResponse
*/
public function getLoginErrorResponse(array $data = array())
{
$response = Redirect::action('UserController@getLogin')
->with('max_login_attempts_2_show_captcha', $data['max_login_attempts_2_show_captcha'])
->with('login_attempts', $data['login_attempts']);
if(isset($data['username']))
$response= $response->with('username', $data['username']);
if(isset($data['error_message']))
$response = $response->with('flash_notice', $data['error_message']);
if(isset($data['validator']))
$response = $response->withErrors($data['validator']);
return $response;
}
}

17
app/Strategies/IConsentStrategy.php Normal file
View File

@@ -0,0 +1,17 @@
<?php namespace Strategies;
/**
* Interface IConsentStrategy
* @package Strategies
*/
interface IConsentStrategy {
/**
* @return mixed
*/
public function getConsent();
/**
* @param string $trust_action
* @return mixed
*/
public function postConsent($trust_action);
}

37
app/Strategies/IDisplayResponseStrategy.php Normal file
View File

@@ -0,0 +1,37 @@
<?php namespace Strategies;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use Symfony\Component\HttpFoundation\Response as SymfonyResponse;
/**
* Interface IDisplayResponseStrategy
* @package Strategies
*/
interface IDisplayResponseStrategy
{
/**
* @param array $data
* @return SymfonyResponse
*/
public function getConsentResponse(array $data = array());
/**
* @param array $data
* @return SymfonyResponse
*/
public function getLoginResponse(array $data = array());
/**
* @param array $data
* @return SymfonyResponse
*/
public function getLoginErrorResponse(array $data = array());
}

28
app/Strategies/ILoginStrategy.php Normal file
View File

@@ -0,0 +1,28 @@
<?php namespace Strategies;
/**
* Interface ILoginStrategy
* @package Strategies
*/
interface ILoginStrategy
{
/**
* @return mixed
*/
public function getLogin();
/**
* @return mixed
*/
public function postLogin();
/**
* @return mixed
*/
public function cancelLogin();
/**
* @param array $params
* @return mixed
*/
public function errorLogin(array $params);
}

43
app/Strategies/IndirectResponseQueryStringStrategy.php Normal file
View File

@@ -0,0 +1,43 @@
<?php namespace Strategies;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use Utils\IHttpResponseStrategy;
use Illuminate\Support\Facades\Redirect;
use Illuminate\Support\Facades\Response;
/**
* Class IndirectResponseQueryStringStrategy
* Redirect and http response using a 302 adding params on query string
* @package Strategies
*/
class IndirectResponseQueryStringStrategy implements IHttpResponseStrategy
{
/**
* @param $response
* @return mixed
*/
public function handle($response)
{
$query_string = $response->getContent();
$return_to = $response->getReturnTo();
if (is_null($return_to) || empty($return_to)) {
return Response::view('errors.404', array(), 404);
}
$return_to = (strpos($return_to, "?") == false) ? $return_to . "?" . $query_string : $return_to . "&" . $query_string;
return Redirect::to($return_to)
->header('Cache-Control', 'no-cache, no-store, max-age=0, must-revalidate')
->header('Pragma','no-cache');
}
}

44
app/Strategies/IndirectResponseUrlFragmentStrategy.php Normal file
View File

@@ -0,0 +1,44 @@
<?php namespace Strategies;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use Utils\IHttpResponseStrategy;
use Illuminate\Support\Facades\Redirect;
use Illuminate\Support\Facades\Response;
/**
* Class IndirectResponseUrlFragmentStrategy
* Redirect and http response using a 302 adding params on url fragment
* @package Strategies
*/
class IndirectResponseUrlFragmentStrategy implements IHttpResponseStrategy
{
/**
* @param $response
* @return mixed
*/
public function handle($response)
{
$fragment = $response->getContent();
$return_to = $response->getReturnTo();
if (is_null($return_to) || empty($return_to)) {
return Response::view('errors.404', array(), 404);;
}
$return_to = (strpos($return_to, "#") == false) ? $return_to . "#" . $fragment : $return_to . "&" . $fragment;
return Redirect::to($return_to)
->header('Cache-Control', 'no-cache, no-store, max-age=0, must-revalidate')
->header('Pragma','no-cache');
}
}

32
app/Strategies/OAuth2AuthenticationStrategy.php Normal file
View File

@@ -0,0 +1,32 @@
<?php namespace Strategies;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use OAuth2\Requests\OAuth2AuthorizationRequest;
use OAuth2\Strategies\IOAuth2AuthenticationStrategy;
use Illuminate\Support\Facades\Redirect;
/**
* Class OAuth2AuthenticationStrategy
* @package Strategies
*/
class OAuth2AuthenticationStrategy implements IOAuth2AuthenticationStrategy {
public function doLogin(OAuth2AuthorizationRequest $request)
{
return Redirect::action('UserController@getLogin');
}
public function doConsent(OAuth2AuthorizationRequest $request)
{
return Redirect::action('UserController@getConsent');
}
}

106
app/Strategies/OAuth2ConsentStrategy.php Normal file
View File

@@ -0,0 +1,106 @@
<?php namespace Strategies;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use Illuminate\Support\Facades\Redirect;
use OAuth2\Factories\OAuth2AuthorizationRequestFactory;
use OAuth2\OAuth2Message;
use OAuth2\Repositories\IApiScopeRepository;
use OAuth2\Repositories\IClientRepository;
use OAuth2\Services\IMementoOAuth2SerializerService;
use Utils\Services\IAuthService;
/**
* Class OAuth2ConsentStrategy
* @package Strategies
*/
class OAuth2ConsentStrategy implements IConsentStrategy
{
/**
* @var IAuthService
*/
private $auth_service;
/**
* @var IMementoOAuth2SerializerService
*/
private $memento_service;
/**
* @var IApiScopeRepository
*/
private $scope_repository;
/**
* @var IClientRepository
*/
private $client_repository;
/**
* OAuth2ConsentStrategy constructor.
* @param IAuthService $auth_service
* @param IMementoOAuth2SerializerService $memento_service
* @param IApiScopeRepository $scope_repository
* @param IClientRepository $client_repository
*/
public function __construct
(
IAuthService $auth_service,
IMementoOAuth2SerializerService $memento_service,
IApiScopeRepository $scope_repository,
IClientRepository $client_repository
)
{
$this->auth_service = $auth_service;
$this->memento_service = $memento_service;
$this->scope_repository = $scope_repository;
$this->client_repository = $client_repository;
}
public function getConsent()
{
$auth_request = OAuth2AuthorizationRequestFactory::getInstance()->build
(
OAuth2Message::buildFromMemento
(
$this->memento_service->load()
)
);
$client_id = $auth_request->getClientId();
$client = $this->client_repository->getClientById($client_id);
$scopes = explode(' ',$auth_request->getScope());
$requested_scopes = $this->scope_repository->getByName($scopes);
$data = array();
$data['requested_scopes'] = $requested_scopes;
$data['app_name'] = $client->getApplicationName();
$data['redirect_to'] = $auth_request->getRedirectUri();
$data['website'] = $client->getWebsite();
$data['tos_uri'] = $client->getTermOfServiceUri();
$data['policy_uri'] = $client->getPolicyUri();
$app_logo = $client->getApplicationLogo();
$data['app_logo'] = $app_logo;
$data['app_description'] = $client->getApplicationDescription();
$data['dev_info_email'] = $client->getDeveloperEmail();
$response_strategy = DisplayResponseStrategyFactory::build($auth_request->getDisplay());
return $response_strategy->getConsentResponse($data);
}
public function postConsent($trust_action)
{
$this->auth_service->setUserAuthorizationResponse($trust_action);
return Redirect::action('OAuth2\OAuth2ProviderController@auth');
}
}

119
app/Strategies/OAuth2LoginStrategy.php Normal file
View File

@@ -0,0 +1,119 @@
<?php namespace Strategies;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use Illuminate\Support\Facades\Auth;
use OAuth2\Factories\OAuth2AuthorizationRequestFactory;
use OAuth2\OAuth2Message;
use OAuth2\Services\IMementoOAuth2SerializerService;
use OAuth2\Services\ISecurityContextService;
use Services\IUserActionService;
use Utils\IPHelper;
use Utils\Services\IAuthService;
use Illuminate\Support\Facades\Redirect;
use Illuminate\Support\Facades\Session;
/**
* Class OAuth2LoginStrategy
* @package Strategies
*/
class OAuth2LoginStrategy extends DefaultLoginStrategy
{
/**
* @var IMementoOAuth2SerializerService
*/
private $memento_service;
/**
* @var ISecurityContextService
*/
private $security_context_service;
/**
* @param IAuthService $auth_service
* @param IMementoOAuth2SerializerService $memento_service
* @param IUserActionService $user_action_service
* @param ISecurityContextService $security_context_service
*/
public function __construct
(
IAuthService $auth_service,
IMementoOAuth2SerializerService $memento_service,
IUserActionService $user_action_service,
ISecurityContextService $security_context_service
)
{
parent::__construct($user_action_service, $auth_service);
$this->memento_service = $memento_service;
$this->security_context_service = $security_context_service;
}
public function getLogin()
{
if (!Auth::guest())
return Redirect::action("UserController@getProfile");
$requested_user_id = $this->security_context_service->get()->getRequestedUserId();
if (!is_null($requested_user_id)) {
Session::put('username', $this->auth_service->getUserById($requested_user_id)->getEmail());
Session::save();
}
$auth_request = OAuth2AuthorizationRequestFactory::getInstance()->build(
OAuth2Message::buildFromMemento(
$this->memento_service->load()
)
);
$response_strategy = DisplayResponseStrategyFactory::build($auth_request->getDisplay());
return $response_strategy->getLoginResponse();
}
public function postLogin()
{
$auth_request = OAuth2AuthorizationRequestFactory::getInstance()->build(
OAuth2Message::buildFromMemento(
$this->memento_service->load()
)
);
$this->user_action_service->addUserAction($this->auth_service->getCurrentUser()->getId(), IPHelper::getUserIp(),
IUserActionService::LoginAction, $auth_request->getRedirectUri());
return Redirect::action("OAuth2\OAuth2ProviderController@auth");
}
public function cancelLogin()
{
$this->auth_service->setUserAuthenticationResponse(IAuthService::AuthenticationResponse_Cancel);
return Redirect::action("OAuth2\OAuth2ProviderController@auth");
}
/**
* @param array $params
* @return mixed
*/
public function errorLogin(array $params)
{
$auth_request = OAuth2AuthorizationRequestFactory::getInstance()->build(
OAuth2Message::buildFromMemento(
$this->memento_service->load()
)
);
$response_strategy = DisplayResponseStrategyFactory::build($auth_request->getDisplay());
return $response_strategy->getLoginErrorResponse($params);
}
}

50
app/Strategies/OpenIdAuthenticationStrategy.php Normal file
View File

@@ -0,0 +1,50 @@
<?php namespace Strategies;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use Illuminate\Http\RedirectResponse;
use OpenId\Handlers\IOpenIdAuthenticationStrategy;
use OpenId\Requests\Contexts\RequestContext;
use OpenId\Requests\OpenIdAuthenticationRequest;
use Illuminate\Support\Facades\Redirect;
use Illuminate\Support\Facades\Session;
/**
* Class OpenIdAuthenticationStrategy
* @package Strategies
*/
final class OpenIdAuthenticationStrategy implements IOpenIdAuthenticationStrategy
{
/**
* @param OpenIdAuthenticationRequest $request
* @param RequestContext $context
* @return RedirectResponse
*/
public function doLogin(OpenIdAuthenticationRequest $request, RequestContext $context)
{
Session::put('openid.auth.context', $context);
Session::save();
return Redirect::action('UserController@getLogin');
}
/**
* @param OpenIdAuthenticationRequest $request
* @param RequestContext $context
* @return RedirectResponse
*/
public function doConsent(OpenIdAuthenticationRequest $request, RequestContext $context)
{
Session::put('openid.auth.context', $context);
Session::save();
return Redirect::action('UserController@getConsent');
}
}

119
app/Strategies/OpenIdConsentStrategy.php Normal file
View File

@@ -0,0 +1,119 @@
<?php namespace Strategies;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use Illuminate\Support\Facades\Auth;
use OpenId\Exceptions\InvalidOpenIdMessageException;
use OpenId\Exceptions\InvalidRequestContextException;
use OpenId\OpenIdMessage;
use OpenId\OpenIdProtocol;
use OpenId\Services\IMementoOpenIdSerializerService;
use OpenId\Services\IServerConfigurationService;
use Utils\IPHelper;
use Services\IUserActionService;
use Utils\Services\IAuthService;
use Illuminate\Support\Facades\Redirect;
use Illuminate\Support\Facades\Session;
use Illuminate\Support\Facades\View;
/**
* Class OpenIdConsentStrategy
* @package Strategies
*/
final class OpenIdConsentStrategy implements IConsentStrategy
{
/**
* @var IMementoOpenIdSerializerService
*/
private $memento_service;
/**
* @var IAuthService
*/
private $auth_service;
/**
* @var IServerConfigurationService
*/
private $server_configuration_service;
/**
* @var IUserActionService
*/
private $user_action_service;
/**
* @param IMementoOpenIdSerializerService $memento_service
* @param IAuthService $auth_service
* @param IServerConfigurationService $server_configuration_service
* @param IUserActionService $user_action_service
*/
public function __construct(
IMementoOpenIdSerializerService $memento_service,
IAuthService $auth_service,
IServerConfigurationService $server_configuration_service,
IUserActionService $user_action_service
)
{
$this->memento_service = $memento_service;
$this->auth_service = $auth_service;
$this->server_configuration_service = $server_configuration_service;
$this->user_action_service = $user_action_service;
}
public function getConsent()
{
$data = $this->getViewData();
return View::make("openid.consent", $data);
}
/**
* @return array
* @throws InvalidRequestContextException
*/
private function getViewData()
{
$context = Session::get('openid.auth.context');
if (is_null($context))
throw new InvalidRequestContextException();
$partial_views = $context->getPartials();
$data = array();
$request = OpenIdMessage::buildFromMemento( $this->memento_service->load());
$user = $this->auth_service->getCurrentUser();
$data['realm'] = $request->getParam(OpenIdProtocol::OpenIDProtocol_Realm);
$data['openid_url'] = $this->server_configuration_service->getUserIdentityEndpointURL($user->getIdentifier());
$data['views'] = $partial_views;
return $data;
}
/**
* @param $trust_action
* @return mixed
* @throws InvalidOpenIdMessageException
*/
public function postConsent($trust_action)
{
if (is_array($trust_action)) {
$msg = OpenIdMessage::buildFromMemento( $this->memento_service->load());
if (is_null($msg) || !$msg->isValid())
throw new InvalidOpenIdMessageException();
$this->user_action_service->addUserAction($this->auth_service->getCurrentUser()->getId(), IPHelper::getUserIp(), IUserActionService::ConsentAction, $msg->getParam(OpenIdProtocol::OpenIDProtocol_Realm));
$this->auth_service->setUserAuthorizationResponse($trust_action[0]);
Session::remove('openid.auth.context');
Session::save();
return Redirect::action('OpenId\OpenIdProviderController@endpoint');
}
return Redirect::action('UserController@getConsent');
}
}

93
app/Strategies/OpenIdLoginStrategy.php Normal file
View File

@@ -0,0 +1,93 @@
<?php namespace Strategies;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use OpenId\OpenIdMessage;
use OpenId\OpenIdProtocol;
use OpenId\Requests\OpenIdAuthenticationRequest;
use OpenId\Services\IMementoOpenIdSerializerService;
use Services\IUserActionService;
use Utils\IPHelper;
use Utils\Services\IAuthService;
use Illuminate\Support\Facades\View;
use Illuminate\Support\Facades\Redirect;
use Illuminate\Support\Facades\Auth;
/**
* Class OpenIdLoginStrategy
* @package Strategies
*/
final class OpenIdLoginStrategy extends DefaultLoginStrategy
{
/**
* @var IMementoOpenIdSerializerService
*/
private $memento_service;
/**
* @param IMementoOpenIdSerializerService $memento_service
* @param IUserActionService $user_action_service
* @param IAuthService $auth_service
*/
public function __construct(
IMementoOpenIdSerializerService $memento_service,
IUserActionService $user_action_service,
IAuthService $auth_service
) {
$this->memento_service = $memento_service;
parent::__construct($user_action_service, $auth_service);
}
public function getLogin()
{
if (Auth::guest()) {
$msg = OpenIdMessage::buildFromMemento($this->memento_service->load());
$auth_request = new OpenIdAuthenticationRequest($msg);
$params = array('realm' => $auth_request->getRealm());
if (!$auth_request->isIdentitySelectByOP()) {
$params['claimed_id'] = $auth_request->getClaimedId();
$params['identity'] = $auth_request->getIdentity();
$params['identity_select'] = false;
} else {
$params['identity_select'] = true;
}
return View::make("login", $params);
}
return Redirect::action("UserController@getProfile");
}
public function postLogin()
{
//go to authentication flow again
$msg = OpenIdMessage::buildFromMemento($this->memento_service->load());
$this->user_action_service->addUserAction
(
$this->auth_service->getCurrentUser()->getId(),
IPHelper::getUserIp(),
IUserActionService::LoginAction,
$msg->getParam(OpenIdProtocol::OpenIDProtocol_Realm)
);
return Redirect::action("OpenId\OpenIdProviderController@endpoint");
}
public function cancelLogin()
{
$this->auth_service->setUserAuthenticationResponse(IAuthService::AuthenticationResponse_Cancel);
return Redirect::action("OpenId\OpenIdProviderController@endpoint");
}
}

35
app/Strategies/PostResponseStrategy.php Normal file
View File

@@ -0,0 +1,35 @@
<?php namespace Strategies;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use Utils\IHttpResponseStrategy;
use Illuminate\Support\Facades\Response;
/**
* Class PostResponseStrategy
* @package Strategies
*/
final class PostResponseStrategy implements IHttpResponseStrategy
{
/**
* @param $response
* @return mixed
*/
public function handle($response)
{
$http_response = Response::make($response->getContent(), $response->getHttpCode());
$http_response->header('Content-Type', $response->getContentType());
$http_response->header('Cache-Control','no-cache, no-store, max-age=0, must-revalidate');
$http_response->header('Pragma','no-cache');
return $http_response;
}
}

66
app/Strategies/StrategyProvider.php Normal file
View File

@@ -0,0 +1,66 @@
<?php namespace Strategies;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use Illuminate\Support\Facades\App;
use Illuminate\Support\ServiceProvider;
use OAuth2\Responses\OAuth2DirectResponse;
use OAuth2\Responses\OAuth2IndirectResponse;
use OAuth2\Responses\OAuth2PostResponse;
use OpenId\Responses\OpenIdDirectResponse;
use OpenId\Responses\OpenIdIndirectResponse;
use OAuth2\Responses\OAuth2IndirectFragmentResponse;
use OpenId\Services\OpenIdServiceCatalog;
use OAuth2\Services\OAuth2ServiceCatalog;
/**
* Class StrategyProvider
* @package Strategies
*/
final class StrategyProvider extends ServiceProvider
{
protected $defer = true;
public function boot()
{
}
public function register()
{
//direct response strategy
App::singleton(OAuth2PostResponse::OAuth2PostResponse, \Strategies\PostResponseStrategy::class);
App::singleton(OAuth2DirectResponse::OAuth2DirectResponse, \Strategies\DirectResponseStrategy::class);
App::singleton(OpenIdDirectResponse::OpenIdDirectResponse, \Strategies\DirectResponseStrategy::class);
//indirect response strategy
App::singleton(OpenIdIndirectResponse::OpenIdIndirectResponse, \Strategies\IndirectResponseQueryStringStrategy::class);
App::singleton(OAuth2IndirectResponse::OAuth2IndirectResponse, \Strategies\IndirectResponseQueryStringStrategy::class);
App::singleton(OAuth2IndirectFragmentResponse::OAuth2IndirectFragmentResponse,\Strategies\IndirectResponseUrlFragmentStrategy::class);
// authentication strategies
App::singleton(OAuth2ServiceCatalog::AuthenticationStrategy, \Strategies\OAuth2AuthenticationStrategy::class);
App::singleton(OpenIdServiceCatalog::AuthenticationStrategy, \Strategies\OpenIdAuthenticationStrategy::class);
}
public function provides()
{
return [
OAuth2PostResponse::OAuth2PostResponse,
OAuth2DirectResponse::OAuth2DirectResponse,
OpenIdDirectResponse::OpenIdDirectResponse,
OpenIdIndirectResponse::OpenIdIndirectResponse,
OAuth2IndirectResponse::OAuth2IndirectResponse,
OAuth2IndirectFragmentResponse::OAuth2IndirectFragmentResponse,
OAuth2ServiceCatalog::AuthenticationStrategy,
OpenIdServiceCatalog::AuthenticationStrategy,
];
}
}