openinfra
/
openstackid
Code Issues Proposed changes

[smarcet]- Refs #4578 - OpenId - Server Core Logic - Authentication Workflow

This commit is contained in:
smarcet 2013-10-18 18:50:27 -03:00
parent d1e6d73f8f
commit e278608a15
59 changed files with 1386 additions and 636 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

792
.idea/workspace.xml
View File

File diff suppressed because it is too large Load Diff

1
app/config/app.php
View File

@ -114,7 +114,6 @@ return array(
'Illuminate\View\ViewServiceProvider',
'Illuminate\Workbench\WorkbenchServiceProvider',
'openid\OpenIdServiceProvider',
'repositories\RepositoriesServiceProvider',
'auth\AuthenticationServiceProvider',
'services\ServicesProvider',
'strategies\OpenIdResponseStrategyProvider'

33
app/config/database.php
View File

@ -46,11 +46,6 @@ return array(
'connections' => array(
'sqlite' => array(
'driver' => 'sqlite',
'database' => __DIR__.'/../database/production.sqlite',
'prefix' => '',
),
'mysql' => array(
'driver' => 'mysql',
@ -63,25 +58,17 @@ return array(
'prefix' => '',
),
'pgsql' => array(
'driver' => 'pgsql',
'host' => 'localhost',
'database' => 'database',
'username' => 'root',
'password' => '',
'charset' => 'utf8',
'prefix' => '',
'schema' => 'public',
),
'sqlsrv' => array(
'driver' => 'sqlsrv',
'host' => 'localhost',
'database' => 'database',
'username' => 'root',
'password' => '',
'prefix' => '',
),
'mysql_external' => array(
'driver' => 'mysql',
'host' => 'localhost',
'database' => 'database',
'username' => 'root',
'password' => '',
'charset' => 'utf8',
'collation' => 'utf8_unicode_ci',
'prefix' => '',
),
),

12
app/config/dev/database.php
View File

@ -54,7 +54,17 @@ return array(
'charset' => 'utf8',
'collation' => 'utf8_unicode_ci',
'prefix' => '',
)
),
'mysql_external' => array(
'driver' => 'mysql',
'host' => 'localhost',
'database' => '506635_oslive',
'username' => 'root',
'password' => 'Koguryo@1981',
'charset' => 'utf8',
'collation' => 'utf8_unicode_ci',
'prefix' => '',
),
),
/*

28
app/config/testing/database.php
View File

@ -26,7 +26,7 @@ return array(
|
*/
'default' => 'sqlite',
'default' => 'mysql',
/*
|--------------------------------------------------------------------------
@ -45,10 +45,28 @@ return array(
*/
'connections' => array(
'sqlite' => array(
'driver' => 'sqlite',
'database' => ':memory:',
'prefix' => '',
'mysql' => array(
'driver' => 'mysql',
'host' => 'localhost',
'database' => 'openstackid_openid',
'username' => 'root',
'password' => 'Koguryo@1981',
'charset' => 'utf8',
'collation' => 'utf8_unicode_ci',
'prefix' => '',
),
'mysql_external' => array(
'driver' => 'mysql',
'host' => 'localhost',
'database' => '506635_oslive',
'username' => 'root',
'password' => 'Koguryo@1981',
'charset' => 'utf8',
'collation' => 'utf8_unicode_ci',
'prefix' => '',
),
),

2
app/controllers/OpenIdProviderController.php
View File

@ -15,7 +15,6 @@ use openid\services\IMementoOpenIdRequestService;
class OpenIdProviderController extends BaseController
{
private $openid_protocol;
private $memento_service;
@ -25,7 +24,6 @@ class OpenIdProviderController extends BaseController
$this->memento_service = $memento_service;
}
public function op_endpoint()
{
$msg = $this->memento_service->getCurrentRequest();

6
app/controllers/UserController.php
View File

@ -72,6 +72,10 @@ class UserController extends BaseController{
}
public function postConsent(){
return Redirect::to('/accounts/openid/v2');
$trust_action = input::get("trust");
if(!is_null($trust_action) && is_array($trust_action)){
$this->auth_service->setUserAuthorizationResponse($trust_action[0]);
return Redirect::to('/accounts/openid/v2');
}
}
}

40
app/libs/auth/AuthHelper.php Normal file
View File

@ -0,0 +1,40 @@
<?php
/**
* Created by JetBrains PhpStorm.
* User: smarcet
* Date: 10/18/13
* Time: 11:31 AM
* To change this template use File | Settings | File Templates.
*/
namespace auth;
use Zend\Crypt\Hash;
class AuthHelper {
private static $algorithms = array(
"none"=>"none",
"md5"=>"md5",
"sha1"=>"sha1",
"md5_v2.4"=>"md5",
"sha1_v2.4"=>"sha1",
);
/**
* @param $password user password
* @param $salt password salt
* @param string $algorithm Name of selected hashing algorithm (i.e. "md5", "sha256", "haval160,4", etc..)
*/
public static function encrypt_password($password, $salt, $algorithm="sha1"){
if(!isset(self::$algorithms[$algorithm]))
throw new \Exception(sprintf("non supported algorithm %s",$algorithm));
if($algorithm!='none')
return Hash::compute(self::$algorithms[$algorithm],$password.$salt);
return $password;
}
public static function compare($hash1, $hash2) {
// Due to flawed base_convert() floating poing precision,
// only the first 10 characters are consistently useful for comparisons.
return (substr($hash1, 0, 10) === substr($hash2, 0, 10));
}
}

9
app/libs/auth/AuthService.php
View File

@ -50,6 +50,13 @@ class AuthService implements IAuthService {
*/
public function getUserAuthorizationResponse()
{
return Session::get("openid.authorization.response");
if(Session::has("openid.authorization.response"))
return Session::get("openid.authorization.response");
return IAuthService::AuthorizationResponse_None;
}
public function setUserAuthorizationResponse($auth_response){
//todo : check valid response
Session::set("openid.authorization.response",$auth_response);
}
}

2
app/libs/auth/AuthenticationServiceProvider.php
View File

@ -9,11 +9,13 @@
namespace auth;
use Illuminate\Support\ServiceProvider;
use openid\services\Registry;
class AuthenticationServiceProvider extends ServiceProvider {
public function register()
{
$this->app->singleton('openid\\services\\IAuthService','auth\\AuthService');
Registry::getInstance()->set("openid\\services\\IAuthService",$this->app->make("openid\\services\\IAuthService"));
}
}

34
app/libs/auth/CustomAuthProvider.php
View File

@ -10,6 +10,9 @@ namespace auth;
use Illuminate\Auth\UserInterface;
use Illuminate\Auth\UserProviderInterface;
use auth\exceptions\AuthenticationException;
use \Member;
use \Zend\Crypt\Hash;
class CustomAuthProvider implements UserProviderInterface{
@ -30,6 +33,12 @@ class CustomAuthProvider implements UserProviderInterface{
*/
public function retrieveById($identifier)
{
$user = OpenIdUser::where('external_id', '=', $identifier)->first();
$member = Member::where('Email', '=', $identifier)->first();
if(!is_null($member) && !is_null($user)){
$user->setMember($member);
return $user;
}
return null;
}
@ -41,8 +50,24 @@ class CustomAuthProvider implements UserProviderInterface{
*/
public function retrieveByCredentials(array $credentials)
{
$username = $credentials['username'];
if(!isset($credentials['username']) || !isset($credentials['password']))
throw new AuthenticationException("invalid crendentials");
$identifier = $credentials['username'];
$password = $credentials['password'];
$user = OpenIdUser::where('external_id', '=', $identifier)->first();
$member = Member::where('Email', '=', $identifier)->first();
if(!is_null($member) && $member->checkPassword($password)){
if(is_null($user)){
//create user
$user = new OpenIdUser();
$user->external_id = $member->Email;
$user->active = true;
$user->identifier = Hash::compute("sha1",$user->external_id);
$user->Save();
}
$user->setMember($member);
return $user;
}
return null;
}
@ -55,8 +80,11 @@ class CustomAuthProvider implements UserProviderInterface{
*/
public function validateCredentials(UserInterface $user, array $credentials)
{
$username = $credentials['username'];
if(!isset($credentials['username']) || !isset($credentials['password']))
throw new AuthenticationException("invalid crendentials");
$identifier = $credentials['username'];
$password = $credentials['password'];
return null;
$member = Member::where('Email', '=', $identifier)->first();
return $member->checkPassword($password);
}
}

65
app/libs/auth/OpenIdUser.php
View File

@ -12,8 +12,15 @@ namespace auth;
use Illuminate\Auth\UserInterface;
use openid\model\IOpenIdUser;
class OpenIdUser extends Eloquent implements UserInterface , IOpenIdUser{
class OpenIdUser extends \Eloquent implements UserInterface , IOpenIdUser{
protected $table = 'openid_users';
private $member;
public function setMember($member){
$this->member=$member;
}
/**
* Get the unique identifier for the user.
*
@ -21,7 +28,10 @@ class OpenIdUser extends Eloquent implements UserInterface , IOpenIdUser{
*/
public function getAuthIdentifier()
{
// TODO: Implement getAuthIdentifier() method.
if(is_null($this->member)){
$this->member = Member::where('Email', '=', $this->external_id)->first();
}
return $this->external_id;
}
/**
@ -31,61 +41,88 @@ class OpenIdUser extends Eloquent implements UserInterface , IOpenIdUser{
*/
public function getAuthPassword()
{
// TODO: Implement getAuthPassword() method.
if(is_null($this->member)){
$this->member = Member::where('Email', '=', $this->external_id)->first();
}
return $this->member->Password;
}
public function getIdentifier()
{
// TODO: Implement getIdentifier() method.
if(is_null($this->member)){
$this->member = Member::where('Email', '=', $this->external_id)->first();
}
return $this->identifier;
}
public function getEmail()
{
// TODO: Implement getEmail() method.
$this->external_id;
}
public function getFirstName()
{
// TODO: Implement getFirstName() method.
if(is_null($this->member)){
$this->member = Member::where('Email', '=', $this->external_id)->first();
}
return $this->member->FirstName;
}
public function getLastName()
{
// TODO: Implement getLastName() method.
if(is_null($this->member)){
$this->member = Member::where('Email', '=', $this->external_id)->first();
}
return $this->member->Surname;
}
public function getFullName()
{
// TODO: Implement getFullName() method.
return $this->getFirstName()." ". $this->getLastName();
}
public function getNickName()
{
// TODO: Implement getNickName() method.
return $this->getFullName;
}
public function getGender()
{
// TODO: Implement getGender() method.
if(is_null($this->member)){
$this->member = Member::where('Email', '=', $this->external_id)->first();
}
return "";
}
public function getCountry()
{
// TODO: Implement getCountry() method.
if(is_null($this->member)){
$this->member = Member::where('Email', '=', $this->external_id)->first();
}
return $this->member->Country;
}
public function getLanguage()
{
// TODO: Implement getLanguage() method.
if(is_null($this->member)){
$this->member = Member::where('Email', '=', $this->external_id)->first();
}
return $this->member->Locale;
}
public function getTimeZone()
{
// TODO: Implement getTimeZone() method.
if(is_null($this->member)){
$this->member = Member::where('Email', '=', $this->external_id)->first();
}
return "";
}
public function getDateOfBirth()
{
// TODO: Implement getDateOfBirth() method.
if(is_null($this->member)){
$this->member = Member::where('Email', '=', $this->external_id)->first();
}
return "";
}
}

21
app/libs/auth/exceptions/AuthenticationException.php Normal file
View File

@ -0,0 +1,21 @@
<?php
/**
* Created by JetBrains PhpStorm.
* User: smarcet
* Date: 10/18/13
* Time: 12:06 PM
* To change this template use File | Settings | File Templates.
*/
namespace auth\exceptions;
use \Exception;
class AuthenticationException extends Exception{
public function __construct($message = "") {
$message = "AuthenticationException : ".$message;
parent::__construct($message, 0 , null);
}
}

13
app/libs/openid/OpenIdProtocol.php
View File

@ -15,8 +15,6 @@ use openid\handlers\OpenIdAuthenticationRequestHandler;
use openid\handlers\OpenIdSessionAssociationRequestHandler;
use openid\handlers\OpenIdCheckAuthenticationRequestHandler;
use openid\repositories\IServerExtensionsRepository;
use openid\repositories\IServerConfigurationRepository;
use openid\XRDS\XRDSService;
use openid\XRDS\XRDSDocumentBuilder;
use openid\IOpenIdProtocol;
@ -99,16 +97,12 @@ class OpenIdProtocol implements IOpenIdProtocol {
}
public static function param($param, $separator='.'){
return Self::OpenIdPrefix.$separator.self::$protocol_definition[$param];
return self::OpenIdPrefix.$separator.self::$protocol_definition[$param];
}
private $server_extension_repository;
private $server_configuration;
private $request_handlers;
public function __construct(IServerConfigurationRepository $server_configuration,IServerExtensionsRepository $server_extension_repository){
$this->server_extension_repository = $server_extension_repository;
$this->server_configuration = $server_configuration;
public function __construct(){
//create chain of responsibility
$auth_service = \App::make("openid\\services\\IAuthService");
$memento_request_service = \App::make("openid\\services\\IMementoOpenIdRequestService");
@ -116,9 +110,10 @@ class OpenIdProtocol implements IOpenIdProtocol {
$server_extension_service = \App::make("openid\\services\\IServerExtensionsService");
$association_service = \App::make("openid\\services\\IAssociationService");
$trusted_sites_service = \App::make("openid\\services\\ITrustedSitesService");
$server_config_service = \App::make("openid\\services\\IServerConfigurationService");
$successor = new OpenIdSessionAssociationRequestHandler(new OpenIdCheckAuthenticationRequestHandler(null));
$this->request_handlers = new OpenIdAuthenticationRequestHandler($auth_service,$memento_request_service,$auth_strategy,$server_extension_service,$association_service,$trusted_sites_service,$successor);
$this->request_handlers = new OpenIdAuthenticationRequestHandler($auth_service,$memento_request_service,$auth_strategy,$server_extension_service,$association_service,$trusted_sites_service,$server_config_service,$successor);
}
public function getXRDSDiscovery(){

20
app/libs/openid/exceptions/OpenIdCrytoException.php Normal file
View File

@ -0,0 +1,20 @@
<?php
/**
* Created by JetBrains PhpStorm.
* User: smarcet
* Date: 10/18/13
* Time: 1:50 PM
* To change this template use File | Settings | File Templates.
*/
namespace openid\exceptions;
use \Exception;
class OpenIdCrytoException extends Exception{
public function __construct($message = "") {
$message = "OpenIdCrytoException : ".$message;
parent::__construct($message, 0 , null);
}
}

21
app/libs/openid/extensions/IOpenIdExtension.php
View File

@ -1,21 +0,0 @@
<?php
/**
* Created by JetBrains PhpStorm.
* User: smarcet
* Date: 10/16/13
* Time: 2:29 PM
* To change this template use File | Settings | File Templates.
*/
namespace openid\extensions;
use openid\requests\OpenIdRequest;
use openid\requests\contexts\RequestContext;
use openid\responses\OpenIdResponse;
use openid\responses\contexts\ResponseContext;
interface IOpenIdExtension {
public function apply(OpenIdRequest $request,RequestContext $context);
public function transform(OpenIdRequest $request,OpenIdResponse $response ,ResponseContext $context);
}

36
app/libs/openid/extensions/OpenIdExtension.php Normal file
View File

@ -0,0 +1,36 @@
<?php
/**
* Created by JetBrains PhpStorm.
* User: smarcet
* Date: 10/16/13
* Time: 2:29 PM
* To change this template use File | Settings | File Templates.
*/
namespace openid\extensions;
use openid\requests\OpenIdRequest;
use openid\requests\contexts\RequestContext;
use openid\responses\OpenIdResponse;
use openid\responses\contexts\ResponseContext;
abstract class OpenIdExtension {
protected $namespace;
protected $name;
protected $description;
public function __construct($name,$namespace,$description){
$this->namespace=$namespace;
$this->name=$name;
$this->description = $description;
}
/**
* @param OpenIdRequest $request
* @param RequestContext $context
* @return mixed
* @throws InvalidOpenIdMessageException
*/
abstract public function parseRequest(OpenIdRequest $request,RequestContext $context);
abstract public function prepareResponse(OpenIdRequest $request,OpenIdResponse $response ,ResponseContext $context);
}

131
app/libs/openid/extensions/implementations/OpenIdAXExtension.php
View File

@ -10,21 +10,140 @@
namespace openid\extensions\implementations;
use openid\extensions\IOpenIdExtension;
use openid\extensions\OpenIdExtension;
use openid\OpenIdProtocol;
use openid\requests\contexts\RequestContext;
use openid\requests\OpenIdRequest;
use openid\responses\contexts\ResponseContext;
use openid\responses\OpenIdResponse;
use openid\services\Registry;
use openid\OpenIdMessage;
class OpenIdAXExtension implements IOpenIdExtension {
class OpenIdAXRequest extends OpenIdRequest
{
public function apply(OpenIdRequest $request, RequestContext $context)
private $attributes;
public function __construct(OpenIdMessage $message)
{
// TODO: Implement apply() method.
parent::__construct($message);
$this->attributes = array();
}
public function transform(OpenIdRequest $request, OpenIdResponse $response, ResponseContext $context)
/**
* @return bool
* @throws InvalidOpenIdMessageException
*/
public function IsValid()
{
// TODO: Implement transform() method.
//check identifier
if (
isset($this->message[OpenIdProtocol::OpenIdPrefix . "_" . OpenIdProtocol::OpenIDProtocol_NS . "_" . OpenIdAXExtension::Prefix])
&& $this->message[OpenIdProtocol::OpenIdPrefix . "_" . OpenIdProtocol::OpenIDProtocol_NS . "_" . OpenIdAXExtension::Prefix] == OpenIdAXExtension::NamespaceUrl
) {
//check required fields
if (!isset($this->message[OpenIdProtocol::OpenIdPrefix . "_" . OpenIdAXExtension::Prefix . "_" . OpenIdAXExtension::Mode])
|| $this->message[OpenIdProtocol::OpenIdPrefix . "_" . OpenIdAXExtension::Prefix . "_" . OpenIdAXExtension::Mode] != OpenIdAXExtension::FetchRequest
)
throw new InvalidOpenIdMessageException("AX: not set or invalid mode mode");
if (isset($this->message[OpenIdProtocol::OpenIdPrefix . "_" . OpenIdAXExtension::Prefix . "_" . OpenIdAXExtension::RequiredAttributes]))
throw new InvalidOpenIdMessageException("AX: not set required attributes!");
$attributes = $this->message[OpenIdProtocol::OpenIdPrefix . "_" . OpenIdAXExtension::Prefix . "_" . OpenIdAXExtension::RequiredAttributes];
$attributes = explode(",", $attributes);
foreach ($attributes as $attr) {
$attr = trim($attr);
if (!isset(OpenIdAXExtension::$available_properties[$attr]))
throw new InvalidOpenIdMessageException(sprintf("AX: invalid attribute requested %s", $attr));
if (!isset($this->message[OpenIdProtocol::OpenIdPrefix . "_" . self::Prefix . "_" . self::Type . "_" . $attr]))
throw new InvalidOpenIdMessageException(sprintf("AX: invalid ns for attribute %s", $attr));
$ns = $this->message[OpenIdProtocol::OpenIdPrefix . "_" . self::Prefix . "_" . self::Type . "_" . $attr];
if ($ns != OpenIdAXExtension::$available_properties[$attr])
throw new InvalidOpenIdMessageException(sprintf("AX: invalid ns for attribute %s", $attr));
array_push($this->$attributes, $attr);
}
return true;
}
return false;
}
public function getRequiredAttributes()
{
return $this->attributes;
}
}
class OpenIdAXExtension extends OpenIdExtension
{
public static $available_properties;
const Prefix = "ax";
const NamespaceUrl = "http://openid.net/srv/ax/1.0";
const RequiredAttributes = "required";
const Mode = "mode";
const Country = "country";
const Email = "email";
const FirstMame = "firstname";
const Language = "language";
const LastName = "lastname";
const Type = "type";
const Value = "value";
const FetchResponse = "fetch_response";
const FetchRequest = "fetch_request";
public function __construct($name, $namespace, $description)
{
parent::__construct($name, $namespace, $description);
self::$available_properties[OpenIdAXExtension::Country] = "http://axschema.org/contact/country/home";
self::$available_properties[OpenIdAXExtension::Email] = "http://axschema.org/contact/email";
self::$available_properties[OpenIdAXExtension::FirstMame] = "http://axschema.org/namePerson/first";
self::$available_properties[OpenIdAXExtension::LastName] = "http://axschema.org/pref/language";
self::$available_properties[OpenIdAXExtension::Language] = "http://axschema.org/pref/language";
}
public function parseRequest(OpenIdRequest $request, RequestContext $context)
{
$ax_request = new OpenIdAXRequest($request->getMessage());
if (!$ax_request->IsValid()) return;
//todo : build sub view ....
}
public function prepareResponse(OpenIdRequest $request, OpenIdResponse $response, ResponseContext $context)
{
$ax_request = new OpenIdAXRequest($request->getMessage());
if (!$ax_request->IsValid()) return;
$response->addParam(OpenIdProtocol::OpenIdPrefix . "." . OpenIdProtocol::OpenIDProtocol_NS . "." . self::Prefix, self::NamespaceUrl);
$response->addParam(OpenIdProtocol::OpenIdPrefix . "." . self::Prefix . "." . self::Mode, self::FetchResponse);
$context->addSignParam(OpenIdProtocol::OpenIdPrefix . "." . self::Prefix . "." . self::Mode);
$attributes = $ax_request->getRequiredAttributes();
$auth_service = Registry::getInstance()->get("openid\\services\\IAuthService");
$user = $auth_service->getCurrentUser();
foreach ($attributes as $attr) {
$response->addParam(OpenIdProtocol::OpenIdPrefix . "." . self::Prefix . "." . self::Type . "." . $attr, self::$available_properties[$attr]);
$context->addSignParam(OpenIdProtocol::OpenIdPrefix . "." . self::Prefix . "." . self::Type . "." . $attr);
$context->addSignParam(OpenIdProtocol::OpenIdPrefix . "." . self::Prefix . "." . self::Value . "." . $attr);
if ($attr == "email") {
$response->addParam(OpenIdProtocol::OpenIdPrefix . "." . self::Prefix . "." . self::Value . "." . $attr, $user->getEmail());
}
if ($attr == "country") {
$response->addParam(OpenIdProtocol::OpenIdPrefix . "." . self::Prefix . "." . self::Value . "." . $attr, $user->getCountry());
}
if ($attr == "firstname") {
$response->addParam(OpenIdProtocol::OpenIdPrefix . "." . self::Prefix . "." . self::Value . "." . $attr, $user->getFirstName());
}
if ($attr == "lastname") {
$response->addParam(OpenIdProtocol::OpenIdPrefix . "." . self::Prefix . "." . self::Value . "." . $attr, $user->getLastName());
}
if ($attr == "language") {
$response->addParam(OpenIdProtocol::OpenIdPrefix . "." . self::Prefix . "." . self::Value . "." . $attr, $user->getLanguage());
}
}
}
}

17
app/libs/openid/extensions/implementations/OpenIdOAuthExtension.php
View File

@ -8,21 +8,26 @@
*/
namespace openid\extensions\implementations;
use openid\extensions\IOpenIdExtension;
use openid\extensions\OpenIdExtension;
use openid\requests\contexts\RequestContext;
use openid\requests\OpenIdRequest;
use openid\responses\contexts\ResponseContext;
use openid\responses\OpenIdResponse;
class OpenIdOAuthExtension implements IOpenIdExtension {
class OpenIdOAuthExtension extends OpenIdExtension {
public function apply(OpenIdRequest $request, RequestContext $context)
protected function populateProperties()
{
// TODO: Implement apply() method.
// TODO: Implement populateProperties() method.
}
public function transform(OpenIdRequest $request, OpenIdResponse $response, ResponseContext $context)
public function parseRequest(OpenIdRequest $request, RequestContext $context)
{
// TODO: Implement transform() method.
// TODO: Implement parseRequest() method.
}
public function prepareResponse(OpenIdRequest $request, OpenIdResponse $response, ResponseContext $context)
{
// TODO: Implement prepareResponse() method.
}
}

18
app/libs/openid/extensions/implementations/OpenIdPAPEExtension.php
View File

@ -8,21 +8,27 @@
*/
namespace openid\extensions\implementations;
use openid\extensions\IOpenIdExtension;
use openid\extensions\OpenIdExtension;
use openid\requests\contexts\RequestContext;
use openid\requests\OpenIdRequest;
use openid\responses\contexts\ResponseContext;
use openid\responses\OpenIdResponse;
class OpenIdPAPEExtension implements IOpenIdExtension {
class OpenIdPAPEExtension extends OpenIdExtension {
public function apply(OpenIdRequest $request, RequestContext $context)
protected function populateProperties()
{
// TODO: Implement apply() method.
// TODO: Implement populateProperties() method.
}
public function transform(OpenIdRequest $request, OpenIdResponse $response, ResponseContext $context)
public function parseRequest(OpenIdRequest $request, RequestContext $context)
{
// TODO: Implement transform() method.
// TODO: Implement parseRequest() method.
}
public function prepareResponse(OpenIdRequest $request, OpenIdResponse $response, ResponseContext $context)
{
// TODO: Implement prepareResponse() method.
}
}

18
app/libs/openid/extensions/implementations/OpenIdSREGExtension.php
View File

@ -8,22 +8,26 @@
*/
namespace openid\extensions\implementations;
use openid\extensions\IOpenIdExtension;
use openid\extensions\OpenIdExtension;
use openid\requests\contexts\RequestContext;
use openid\requests\OpenIdRequest;
use openid\responses\contexts\ResponseContext;
use openid\responses\OpenIdResponse;
class OpenIdSREGExtension implements IOpenIdExtension
class OpenIdSREGExtension extends OpenIdExtension
{
public function apply(OpenIdRequest $request, RequestContext $context)
protected function populateProperties()
{
// TODO: Implement apply() method.
// TODO: Implement populateProperties() method.
}
public function transform(OpenIdRequest $request, OpenIdResponse $response, ResponseContext $context)
public function parseRequest(OpenIdRequest $request, RequestContext $context)
{
// TODO: Implement transform() method.
// TODO: Implement parseRequest() method.
}
public function prepareResponse(OpenIdRequest $request, OpenIdResponse $response, ResponseContext $context)
{
// TODO: Implement prepareResponse() method.
}
}

227
app/libs/openid/handlers/OpenIdAuthenticationRequestHandler.php
View File

@ -30,6 +30,7 @@ use openid\model\IAssociation;
use openid\responses\OpenIdPositiveAssertionResponse;
use openid\services\IServerConfigurationService;
use openid\helpers\OpenIdSignatureBuilder;
use openid\exceptions\InvalidOpenIdMessageException;
/**
* Class OpenIdAuthenticationRequestHandler
@ -56,144 +57,156 @@ class OpenIdAuthenticationRequestHandler extends OpenIdMessageHandler
{
parent::__construct($successor);
$this->authService = $authService;
$this->mementoRequestService = $mementoRequestService;
$this->auth_strategy = $auth_strategy;
$this->server_extensions_service = $server_extensions_service;
$this->association_service = $association_service;
$this->trusted_sites_service = $trusted_sites_service;
$this->authService = $authService;
$this->mementoRequestService = $mementoRequestService;
$this->auth_strategy = $auth_strategy;
$this->server_extensions_service = $server_extensions_service;
$this->association_service = $association_service;
$this->trusted_sites_service = $trusted_sites_service;
$this->server_configuration_service = $server_configuration_service;
}
private function doAssertion(OpenIdAuthenticationRequest $request,$extensions){
private function doAssertion(OpenIdAuthenticationRequest $request, $extensions)
{
$currentUser = $this->authService->getCurrentUser();
$context = new ResponseContext;
//initial signature params
$context->addSignParam(OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_OpEndpoint));
$context->addSignParam(OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_ReturnTo));
$context->addSignParam(OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Nonce));
$context->addSignParam(OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_AssocHandle));
$context->addSignParam(OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_ClaimedId));
$context->addSignParam(OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Identity));
$op_endpoint = $this->server_configuration_service->getOPEndpointURL();
$identity = $currentUser->getIdentifier();
$response = new OpenIdPositiveAssertionResponse($op_endpoint,$identity,$identity,$request->getReturnTo());
foreach($extensions as $ext){
$ext->transform($request,$response,$context);
$response = new OpenIdPositiveAssertionResponse($op_endpoint, $identity, $identity, $request->getReturnTo());
foreach ($extensions as $ext) {
$ext->prepareResponse($request, $response, $context);
}
//check former assoc handle...
$assoc_handle = $request->getAssocHandle();
$association = $this->association_service->getAssociation($assoc_handle);
if(empty($assoc_handle) || is_null($association)){
if (empty($assoc_handle) || is_null($association)) {
// if not present or if it already void then enter on dumb mode
$new_secret = OpenIdCryptoHelper::generateSecret(OpenIdProtocol::SignatureAlgorithmHMAC_SHA256);
$new_handle = uniqid();
//todo: get from somewhere?
$lifetime = 120;
$issued = gmdate("Y-m-d H:i:s", time());
$this->association_service->addAssociation($new_handle,$new_secret,$lifetime,$issued,IAssociation::TypePrivate);
$lifetime = $this->server_configuration_service->getPrivateAssociationLifetime();
$issued = gmdate("Y-m-d H:i:s", time());
$this->association_service->addAssociation($new_handle, $new_secret,OpenIdProtocol::SignatureAlgorithmHMAC_SHA256,$lifetime, $issued,IAssociation::TypePrivate);
$response->setAssocHandle($new_handle);
if(!empty($assoc_handle)){
if (!empty($assoc_handle)) {
$response->setInvalidateHandle($assoc_handle);
}
$association = $this->association_service->getAssociation($new_handle);
}
else{
} else {
$response->setAssocHandle($assoc_handle);
}
OpenIdSignatureBuilder::build($context,$association->getMacFunction(),$association->getSecret(),$response);
OpenIdSignatureBuilder::build($context, $association->getMacFunction(), $association->getSecret(), $response);
return $response;
}
protected function InternalHandle(OpenIdMessage $message)
{
$request = new OpenIdAuthenticationRequest($message);
$extensions = $this->server_extensions_service->getAllActiveExtensions();
$context = new RequestContext;
$mode = $request->getMode();
switch($mode){
case OpenIdProtocol::SetupMode:
{
if(!$this->authService->isUserLogged()){
//do login process
$context->setStage(RequestContext::StageLogin);
foreach($extensions as $ext){
$ext->apply($request,$context);
}
$this->mementoRequestService->saveCurrentRequest();
return $this->auth_strategy->doLogin($request,$context);
}
else {
//user already logged
$currentUser = $this->authService->getCurrentUser();
$site = $this->trusted_sites_service->getTrustedSite($currentUser,$request->getTrustedRoot());
$authorization_response = $this->authService->getUserAuthorizationResponse();
if($authorization_response == IAuthService::AuthorizationResponse_None){
if(is_null($site)){
//do consent process
$this->mementoRequestService->saveCurrentRequest();
$context->setStage(RequestContext::StageConsent);
foreach($extensions as $ext){
$ext->apply($request,$context);
try
{
$request = new OpenIdAuthenticationRequest($message);
$extensions = $this->server_extensions_service->getAllActiveExtensions();
$context = new RequestContext;
$mode = $request->getMode();
switch ($mode) {
case OpenIdProtocol::SetupMode:
{
if (!$this->authService->isUserLogged()) {
//do login process
$context->setStage(RequestContext::StageLogin);
foreach ($extensions as $ext) {
$ext->parseRequest($request, $context);
}
$this->mementoRequestService->saveCurrentRequest();
return $this->auth_strategy->doLogin($request, $context);
} else {
//user already logged
$currentUser = $this->authService->getCurrentUser();
$site = $this->trusted_sites_service->getTrustedSite($currentUser, $request->getTrustedRoot());
$authorization_response = $this->authService->getUserAuthorizationResponse();
if ($authorization_response == IAuthService::AuthorizationResponse_None) {
if (is_null($site)) {
//do consent process
$this->mementoRequestService->saveCurrentRequest();
$context->setStage(RequestContext::StageConsent);
foreach ($extensions as $ext) {
$ext->parseRequest($request, $context);
}
return $this->auth_strategy->doConsent($request, $context);
} else {
$policy = $site->getAuthorizationPolicy();
switch ($policy) {
case IAuthService::AuthorizationResponse_AllowForever:
return $this->doAssertion($request, $extensions);
break;
case IAuthService::AuthorizationResponse_DenyForever:
// black listed site
return new OpenIdIndirectGenericErrorResponse(sprintf(OpenIdErrorMessages::RealmNotAllowedByUserMessage, $site->getRealm()));
break;
default:
throw new \Exception("Invalid Realm Policy");
break;
}
}
} else {
// check response
switch ($authorization_response) {
case IAuthService::AuthorizationResponse_AllowForever:
$this->trusted_sites_service->addTrustedSite($currentUser, $request->getTrustedRoot(), IAuthService::AuthorizationResponse_AllowForever);
return $this->doAssertion($request, $extensions);
break;
case IAuthService::AuthorizationResponse_AllowOnce:
return $this->doAssertion($request, $extensions);
break;
case IAuthService::AuthorizationResponse_DenyOnce:
return new OpenIdNonImmediateNegativeAssertion;
break;
case IAuthService::AuthorizationResponse_DenyForever:
$this->trusted_sites_service->addTrustedSite($currentUser, $request->getTrustedRoot(), IAuthService::AuthorizationResponse_DenyForever);
return new OpenIdNonImmediateNegativeAssertion;
break;
default:
throw new \Exception("Invalid Authorization response!");
break;
}
$this->auth_strategy->doConsent($request,$context);
}
else{
$policy = $site->getAuthorizationPolicy();
switch($policy){
case IAuthService::AuthorizationResponse_AllowForever:
return $this->doAssertion($request,$extensions);
break;
case IAuthService::AuthorizationResponse_DenyForever:
// black listed site
return new OpenIdIndirectGenericErrorResponse(sprintf(OpenIdErrorMessages::RealmNotAllowedByUserMessage,$site->getRealm()));
break;
default:
throw new \Exception("Invalid Realm Policy");
break;
}
}
}
else {
// check response
switch ($authorization_response){
case IAuthService::AuthorizationResponse_AllowForever:
$this->trusted_sites_service->addTrustedSite($currentUser,$request->getTrustedRoot(),IAuthService::AuthorizationResponse_AllowForever);
return $this->doAssertion($request,$extensions);
break;
case IAuthService::AuthorizationResponse_AllowOnce:
return $this->doAssertion($request,$extensions);
break;
case IAuthService::AuthorizationResponse_DenyOnce:
return new OpenIdNonImmediateNegativeAssertion;
break;
case IAuthService::AuthorizationResponse_DenyForever:
$this->trusted_sites_service->addTrustedSite($currentUser,$request->getTrustedRoot(),IAuthService::AuthorizationResponse_DenyForever);
return new OpenIdNonImmediateNegativeAssertion;
break;
default:
throw new \Exception("Invalid Authorization response!");
break;
}
}
}
break;
case OpenIdProtocol::ImmediateMode:
{
if (!$this->authService->isUserLogged()) {
return new OpenIdImmediateNegativeAssertion;
}
$currentUser = $this->authService->getCurrentUser();
$site = $this->trusted_sites_service->getTrustedSite($currentUser, $request->getTrustedRoot());
if (is_null($site)) {
return new OpenIdImmediateNegativeAssertion;
}
$policy = $site->getAuthorizationPolicy();
if ($policy == IAuthService::AuthorizationResponse_DenyForever) {
// black listed site
return new OpenIdIndirectGenericErrorResponse(sprintf(OpenIdErrorMessages::RealmNotAllowedByUserMessage, $site->getRealm()));
}
return $this->doAssertion($request, $extensions);
}
break;
default:
throw new InvalidOpenIdAuthenticationRequestMode;
break;
}
break;
case OpenIdProtocol::ImmediateMode:
{
if(!$this->authService->isUserLogged()){
return new OpenIdImmediateNegativeAssertion;
}
$currentUser = $this->authService->getCurrentUser();
$site = $this->trusted_sites_service->getTrustedSite($currentUser,$request->getTrustedRoot());
if(is_null($site)){
return new OpenIdImmediateNegativeAssertion;
}
$policy = $site->getAuthorizationPolicy();
if($policy == IAuthService::AuthorizationResponse_DenyForever){
// black listed site
return new OpenIdIndirectGenericErrorResponse(sprintf(OpenIdErrorMessages::RealmNotAllowedByUserMessage,$site->getRealm()));
}
return $this->doAssertion($request,$extensions);
}
break;
default:
throw new InvalidOpenIdAuthenticationRequestMode;
break;
}
catch (InvalidOpenIdMessageException $ex) {
return new OpenIdIndirectGenericErrorResponse($ex->getMessage());
}
}

22
app/libs/openid/helpers/OpenIdCryptoHelper.php
View File

@ -10,10 +10,16 @@
namespace openid\helpers;
use openid\OpenIdProtocol;
use Zend\Math\Rand;
use openid\exceptions\OpenIdCrytoException;
class OpenIdCryptoHelper
{
private static $signature_algorithms= array(
OpenIdProtocol::SignatureAlgorithmHMAC_SHA1 => "sha1",
OpenIdProtocol::SignatureAlgorithmHMAC_SHA256 => "sha256",
);
public static function generateSecret($func)
{
if ($func == OpenIdProtocol::SignatureAlgorithmHMAC_SHA1) {
@ -23,7 +29,8 @@ class OpenIdCryptoHelper
} else {
return false;
}
return self::randomBytes($macLen);
$bytes = self::randomBytes($macLen);
return base64_encode($bytes);
}
/**
@ -34,11 +41,22 @@ class OpenIdCryptoHelper
*/
static public function randomBytes($len)
{
Rand::getBytes($len,true);
return Rand::getBytes($len,true);
}
/**
* @param $macFunc
* @param $data
* @param $secret
* @return string
* @throws \openid\exceptions\OpenIdCrytoException
*/
static public function computeHMAC($macFunc, $data, $secret)
{
if(!isset(self::$signature_algorithms[$macFunc]))
throw new OpenIdCrytoException(sprintf("Invalid mac function %s",$macFunc));
$macFunc = self::$signature_algorithms[$macFunc];
if (function_exists('hash_hmac')) {
return hash_hmac($macFunc, $data, $secret, 1);
} else {

9
app/libs/openid/helpers/OpenIdSignatureBuilder.php
View File

@ -13,14 +13,21 @@ use openid\responses\OpenIdPositiveAssertionResponse;
class OpenIdSignatureBuilder {
/**
* @param ResponseContext $context
* @param $macAlg
* @param $secret
* @param OpenIdPositiveAssertionResponse $response
*/
public static function build(ResponseContext $context,$macAlg,$secret,OpenIdPositiveAssertionResponse &$response){
//do signing ...
$signed = '';
$data = '';
$params = $context->getSignParams();
foreach($params as $key => $val){
foreach($params as $key){
if (strpos($key, 'openid.') === 0) {
$val = $response[$key];
$key = substr($key, strlen('openid.'));
if (!empty($signed)) {
$signed .= ',';

15
app/libs/openid/repositories/IServerConfigurationRepository.php
View File

@ -1,15 +0,0 @@
<?php
/**
* Created by JetBrains PhpStorm.
* User: smarcet
* Date: 10/14/13
* Time: 4:16 PM
* To change this template use File | Settings | File Templates.
*/
namespace openid\repositories;
interface IServerConfigurationRepository {
public function getOPEndpointURL();
}

18
app/libs/openid/repositories/IServerExtensionsRepository.php
View File

@ -1,18 +0,0 @@
<?php
/**
* Created by JetBrains PhpStorm.
* User: smarcet
* Date: 10/14/13
* Time: 4:12 PM
* To change this template use File | Settings | File Templates.
*/
namespace openid\repositories;
interface IServerExtensionsRepository {
/**
* @return array of IOpenIdExtension
*/
public function getAllActiveExtensions();
}

6
app/libs/openid/requests/OpenIdAuthenticationRequest.php
View File

@ -44,10 +44,10 @@ class OpenIdAuthenticationRequest extends OpenIdRequest{
public function getTrustedRoot() {
if (isset($this[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Realm,"_")])) {
$root = $this[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Realm,"_")];
if (isset($this->message[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Realm,"_")])) {
$root = $this->message[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Realm,"_")];
} else if (isset($this[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_ReturnTo,"_")])) {
$root = $this[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_ReturnTo,"_")];
$root = $this->message[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_ReturnTo,"_")];
} else {
return null;
}

4
app/libs/openid/requests/OpenIdRequest.php
View File

@ -18,6 +18,10 @@ abstract class OpenIdRequest {
$this->message = $message;
}
public function getMessage(){
return $this->message;
}
public function getMode(){
return $this->message->getMode();
}

4
app/libs/openid/responses/contexts/ResponseContext.php
View File

@ -10,6 +10,8 @@
namespace openid\responses\contexts;
use openid\OpenIdProtocol;
class ResponseContext
{
@ -20,7 +22,7 @@ class ResponseContext
$this->sign_params = array();
}
public function addSignParam(string $param)
public function addSignParam($param)
{
array_push($this->sign_params, $param);
}

2
app/libs/openid/services/IAssociationService.php
View File

@ -21,7 +21,7 @@ interface IAssociationService {
* @param IAssociation $association
* @return bool
*/
public function addAssociation($handle,$secret,$type,$lifetime,$issued);
public function addAssociation($handle,$secret,$mac_function,$lifetime,$issued,$type);
/**
* @param $handle

1
app/libs/openid/services/IAuthService.php
View File

@ -37,6 +37,7 @@ interface IAuthService {
* @return AuthorizationResponse_*
*/
public function getUserAuthorizationResponse();
public function setUserAuthorizationResponse($auth_response);
public function logout();
}

2
app/libs/openid/services/IServerConfigurationService.php
View File

@ -12,4 +12,6 @@ namespace openid\services;
interface IServerConfigurationService {
public function getOPEndpointURL();
public function getPrivateAssociationLifetime();
public function getSessionAssociationLifetime();
}

43
app/libs/openid/services/Registry.php Normal file
View File

@ -0,0 +1,43 @@
<?php
/**
* Created by JetBrains PhpStorm.
* User: smarcet
* Date: 10/18/13
* Time: 5:08 PM
* To change this template use File | Settings | File Templates.
*/
namespace openid\services;
class Registry {
private static $instance = null;
public static function getInstance() {
if(self::$instance === null) {
self::$instance = new Registry();
}
return self::$instance;
}
private function __construct() {}
private function __clone() {}
public function set($key, $value) {
if (isset($this->registry[$key])) {
throw new Exception("There is already an entry for key " . $key);
}
$this->registry[$key] = $value;
}
public function get($key) {
if (!isset($this->registry[$key])) {
throw new Exception("There is no entry for key " . $key);
}
return $this->registry[$key];
}
}

21
app/models/Member.php Normal file
View File

@ -0,0 +1,21 @@
<?php
/**
* Created by JetBrains PhpStorm.
* User: smarcet
* Date: 10/18/13
* Time: 11:11 AM
* To change this template use File | Settings | File Templates.
*/
use auth\AuthHelper;
class Member extends Eloquent {
protected $table = 'Member';
protected $connection='mysql_external';
public function checkPassword($password){
$digest = AuthHelper::encrypt_password($password,$this->Salt,$this->PasswordEncryption);
$res = AuthHelper::compare($this->Password , $digest);
return $res;
}
}

13
app/models/OpenIdAssociation.php
View File

@ -10,9 +10,12 @@ use openid\model\IAssociation;
class OpenIdAssociation extends Eloquent implements IAssociation{
protected $table = 'openid_associations';
public $timestamps = false;
public function getMacFunction()
{
// TODO: Implement getMacFunction() method.
return $this->mac_function;
}
public function setMacFunction($mac_function)
@ -22,7 +25,7 @@ class OpenIdAssociation extends Eloquent implements IAssociation{
public function getSecret()
{
// TODO: Implement getSecret() method.
return $this->secret;
}
public function setSecret($secret)
@ -32,7 +35,7 @@ class OpenIdAssociation extends Eloquent implements IAssociation{
public function getLifetime()
{
// TODO: Implement getLifetime() method.
return $this->lifetime;
}
public function setLifetime($lifetime)
@ -42,7 +45,7 @@ class OpenIdAssociation extends Eloquent implements IAssociation{
public function getIssued()
{
// TODO: Implement getIssued() method.
return $this->issued;
}
public function setIssued($issued)
@ -52,7 +55,7 @@ class OpenIdAssociation extends Eloquent implements IAssociation{
public function getType()
{
// TODO: Implement getType() method.
return $this->type;
}
public function setType($type)

3
app/models/OpenIdTrustedSite.php
View File

@ -1,3 +1,4 @@
<?php
/**
* Created by JetBrains PhpStorm.
@ -10,6 +11,8 @@ use openid\model\ITrustedSite;
class OpenIdTrustedSite extends Eloquent implements ITrustedSite{
protected $table = 'openid_trusted_sites';
public function setRealm($realm)
{
// TODO: Implement setRealm() method.

1
app/models/ServerExtension.php
View File

@ -9,4 +9,5 @@
class ServerExtension extends Eloquent {
protected $table = 'server_extensions';
}

20
app/repositories/RepositoriesServiceProvider.php
View File

@ -1,20 +0,0 @@
<?php
/**
* Created by JetBrains PhpStorm.
* User: smarcet
* Date: 10/14/13
* Time: 4:56 PM
* To change this template use File | Settings | File Templates.
*/
namespace repositories;
use Illuminate\Support\ServiceProvider;
class RepositoriesServiceProvider extends ServiceProvider {
public function register()
{
$this->app->bind("openid\\repositories\\IServerConfigurationRepository","repositories\ServerConfigurationRepositoryEloquent");
$this->app->bind("openid\\repositories\\IServerExtensionsRepository","repositories\ServerExtensionsRepositoryEloquent");
}
}

19
app/repositories/ServerConfigurationRepositoryEloquent.php
View File

@ -1,19 +0,0 @@
<?php
/**
* Created by JetBrains PhpStorm.
* User: smarcet
* Date: 10/14/13
* Time: 5:04 PM
* To change this template use File | Settings | File Templates.
*/
namespace repositories;
use openid\repositories\IServerConfigurationRepository;
class ServerConfigurationRepositoryEloquent implements IServerConfigurationRepository {
public function getOPEndpointURL()
{
return "https://dev.openstack.id.com";
}
}

42
app/repositories/ServerExtensionsRepositoryEloquent.php
View File

@ -1,42 +0,0 @@
<?php
/**
* Created by JetBrains PhpStorm.
* User: smarcet
* Date: 10/14/13
* Time: 5:05 PM
* To change this template use File | Settings | File Templates.
*/
namespace repositories;
use openid\repositories\all;
use openid\repositories\IServerExtensionsRepository;
class ServerExtensionsRepositoryEloquent implements IServerExtensionsRepository{
/**
* @return all active server extensions
*/
public function getAllActiveExtensions()
{
$extensions = array();
$ext1 = new \ServerExtension();
$ext1->name='AX';
$ext1->description='OpenID service extension for exchanging identity information between endpoints';
$ext1->namespace='http://openid.net/srv/ax/1.0';
$ext1->active = true;
$ext1->extension_class='';
array_push($extensions,$ext1) ;
$ext2 = new \ServerExtension();
$ext2->name='PAPE';
$ext2->description='OpenID service extension for exchanging identity information between endpoints';
$ext2->namespace='http://specs.openid.net/extensions/pape/1.0';
$ext2->active = true;
$ext2->extension_class='';
array_push($extensions,$ext2) ;
return $extensions;
}
}

52
app/services/AssociationService.php Normal file
View File

@ -0,0 +1,52 @@
<?php
/**
* Created by JetBrains PhpStorm.
* User: smarcet
* Date: 10/18/13
* Time: 12:28 PM
* To change this template use File | Settings | File Templates.
*/
namespace services;
use openid\model\IAssociation;
use openid\services\IAssociationService;
use \OpenIdAssociation;
class AssociationService implements IAssociationService{
/**
* @param $handle
* @return IAssociation
*/
public function getAssociation($handle)
{
//todo: need to add expiration logic
return OpenIdAssociation::where('identifier','=',$handle)->first();
}
/**
* @param IAssociation $association
* @return bool
*/
public function addAssociation($handle, $secret,$mac_function, $lifetime, $issued,$type)
{
$assoc = new OpenIdAssociation();
$assoc->identifier = $handle;
$assoc->secret = $secret;
$assoc->type = $type;
$assoc->mac_function = $mac_function;
$assoc->lifetime = $lifetime;
$assoc->issued = $issued;
$assoc->Save();
}
/**
* @param $handle
* @return bool
*/
public function deleteAssociation($handle)
{
$assoc = OpenIdAssociation::where('identifier','=',$handle)->first();
$assoc->delete();
}
}

30
app/services/ServerConfigurationService.php Normal file
View File

@ -0,0 +1,30 @@
<?php
/**
* Created by JetBrains PhpStorm.
* User: smarcet
* Date: 10/18/13
* Time: 12:30 PM
* To change this template use File | Settings | File Templates.
*/
namespace services;
use openid\services\IServerConfigurationService;
class ServerConfigurationService implements IServerConfigurationService{
public function getOPEndpointURL()
{
$url = action("OpenIdProviderController@op_endpoint");
return $url;
}
public function getPrivateAssociationLifetime()
{
return 120;
}
public function getSessionAssociationLifetime()
{
return 360;
}
}

10
app/services/ServerExtensionsService.php
View File

@ -15,6 +15,14 @@ class ServerExtensionsService implements IServerExtensionsService{
public function getAllActiveExtensions()
{
return array();
$extensions = \ServerExtension::where('active', '=', true)->get();
$res = array();
foreach($extensions as $extension){
$class = $extension->extension_class;
if(empty($class) /*|| !class_exists($class)*/) continue;
$implementation = new $class($extension->name,$extension->namespace,$extension->description);
array_push($res,$implementation);
}
return $res;
}
}

4
app/services/ServicesProvider.php
View File

@ -17,6 +17,8 @@ class ServicesProvider extends ServiceProvider {
$this->app->singleton('openid\\services\\IMementoOpenIdRequestService','services\\MementoRequestService');
$this->app->singleton('openid\\handlers\\IOpenIdAuthenticationStrategy','services\\AuthenticationStrategy');
$this->app->singleton('openid\\services\\IServerExtensionsService','services\\ServerExtensionsService');
$this->app->singleton('openid\\services\\IAssociationService','services\\AssociationService');
$this->app->singleton('openid\\services\\ITrustedSitesService','services\\TrustedSitesService');
$this->app->singleton('openid\\services\\IServerConfigurationService','services\\ServerConfigurationService');
}
}

36
app/services/TrustedSitesService.php Normal file
View File

@ -0,0 +1,36 @@
<?php
/**
* Created by JetBrains PhpStorm.
* User: smarcet
* Date: 10/18/13
* Time: 12:29 PM
* To change this template use File | Settings | File Templates.
*/
namespace services;
use openid\model\IOpenIdUser;
use openid\model\ITrustedSite;
use openid\services\ITrustedSitesService;
class TrustedSitesService implements ITrustedSitesService {
public function addTrustedSite(IOpenIdUser $user, $realm, $policy, $data = array())
{
// TODO: Implement addTrustedSite() method.
}
public function delTrustedSite($realm)
{
// TODO: Implement delTrustedSite() method.
}
/**
* @param IOpenIdUser $user
* @param $return_to
* @return ITrustedSite
*/
public function getTrustedSite(IOpenIdUser $user, $return_to)
{
// TODO: Implement getTrustedSite() method.
}
}

0
app/storage/.gitignore vendored Normal file → Executable file
View File

0
app/storage/cache/.gitignore vendored Normal file → Executable file
View File

0
app/storage/logs/.gitignore vendored Normal file → Executable file
View File

0
app/storage/meta/.gitignore vendored Normal file → Executable file
View File

0
app/storage/sessions/.gitignore vendored Normal file → Executable file
View File

0
app/storage/views/.gitignore vendored Normal file → Executable file
View File

2
app/tests/DiscoveryControllerTest.php
View File

@ -10,8 +10,6 @@
class DiscoveryControllerTest extends TestCase {
public function testIdpDiscovery(){
App::bind("openid\\repositories\\IServerConfigurationRepository","ServerConfigurationRepositoryMock");
App::bind("openid\\repositories\\IServerExtensionsRepository","ServerExtensionsRepositoryMock");
$response = $this->call('GET', '/discovery');
//"application/xrds+xml"
$this->assertTrue($response->getStatusCode()===200 );

2
app/tests/OpenIdProtocolTest.php
View File

@ -12,8 +12,6 @@ use openid\OpenIdProtocol;
class OpenIdProtocolTest extends TestCase {
public function testProtocolIdpDiscovery(){
App::bind("openid\\repositories\\IServerConfigurationRepository","ServerConfigurationRepositoryMock");
App::bind("openid\\repositories\\IServerExtensionsRepository","ServerExtensionsRepositoryMock");
$protocol = App::make("openid\OpenIdProtocol");
$xrds = $protocol->getXRDSDiscovery();
$this->assertTrue(!empty($xrds) && str_contains($xrds,"http://specs.openid.net/auth/2.0/server") && str_contains($xrds,"http://openid.net/srv/ax/1.0") && str_contains($xrds,"http://specs.openid.net/extensions/pape/1.0"));

24
app/tests/UserTest.php Normal file
View File

@ -0,0 +1,24 @@
<?php
/**
* Created by JetBrains PhpStorm.
* User: smarcet
* Date: 10/18/13
* Time: 11:10 AM
* To change this template use File | Settings | File Templates.
*/
use auth\AuthHelper;
class UserTest extends TestCase {
public function testMember(){
$member = Member::findOrFail(1);
$this->assertTrue($member->FirstName=='Todd');
}
public function testOpenIdUserAssociation(){
$username='sebastian@tipit.net';
$password ='Koguryo@1981';
$member = Member::where('Email', '=', $username)->firstOrFail();
$this->assertTrue($member->checkPassword($password));
}
}

18
app/tests/mocks/ServerConfigurationRepositoryMock.php
View File

@ -1,18 +0,0 @@
<?php
/**
* Created by JetBrains PhpStorm.
* User: smarcet
* Date: 10/14/13
* Time: 5:10 PM
* To change this template use File | Settings | File Templates.
*/
use openid\repositories\IServerConfigurationRepository;
class ServerConfigurationRepositoryMock implements IServerConfigurationRepository{
public function getOPEndpointURL()
{
return "https://dev.openstack.id.com";
}
}

38
app/tests/mocks/ServerExtensionsRepositoryMock.php
View File

@ -1,38 +0,0 @@
<?php
/**
* Created by JetBrains PhpStorm.
* User: smarcet
* Date: 10/14/13
* Time: 5:10 PM
* To change this template use File | Settings | File Templates.
*/
use openid\repositories\IServerExtensionsRepository;
class ServerExtensionsRepositoryMock implements IServerExtensionsRepository{
/**
* @return all active server extensions
*/
public function GetAllExtensions()
{
$extensions = array();
$ext1 = new ServerExtension();
$ext1->name='AX';
$ext1->description='OpenID service extension for exchanging identity information between endpoints';
$ext1->namespace='http://openid.net/srv/ax/1.0';
$ext1->active = true;
$ext1->extension_class='';
array_push($extensions,$ext1) ;
$ext2 = new ServerExtension();
$ext2->name='PAPE';
$ext2->description='OpenID service extension for exchanging identity information between endpoints';
$ext2->namespace='http://specs.openid.net/extensions/pape/1.0';
$ext2->active = true;
$ext2->extension_class='';
array_push($extensions,$ext2) ;
return $extensions;
}
}

11
app/views/consent.blade.php
View File

@ -5,6 +5,17 @@
<label>
This Site {{ $realm }} is requesting permissions
</label>
<div>
{{ Form::label("allow_forever","Allow Forever")}}
{{ Form::radio('trust[]', 'AllowForever','true',array('id'=>'allow_forever')) }}
{{ Form::label("allow_once","Allow Once")}}
{{ Form::radio('trust[]', 'AllowOnce','',array('id'=>'allow_once')) }}
{{ Form::label("deny_once","Deny Once")}}
{{ Form::radio('trust[]', 'DenyOnce','',array('id'=>'deny_once')) }}
{{ Form::label("deny_forever","Deny Forever")}}
{{ Form::radio('trust[]', 'DenyForever','',array('id'=>'deny_forever')) }}
</div>
{{ Form::submit('Ok') }}
{{ Form::submit('Cancel') }}
{{ Form::close() }}

2
bootstrap/start.php
View File

@ -28,7 +28,7 @@ $app->redirectIfTrailingSlash();
$env = $app->detectEnvironment(array(
'local' => array('your-machine-name'),
'dev' => array('dev.openstackid.com'),
));

2
composer.json
View File

@ -17,8 +17,6 @@
"app/database/seeds",
"app/tests/TestCase.php",
"app/libs",
"app/repositories",
"app/tests/mocks",
"app/services",
"app/strategies"
]