openinfra
/
openstackid
Code Issues Proposed changes

[smarcet] - #5020 - Basic Client Flow (with authorization code)

This commit is contained in:
smarcet 2013-11-28 18:05:40 -03:00
parent 4d5059c257
commit f7a33f067c
6 changed files with 242 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

122
app/controllers/UserController.php
View File

@ -1,19 +1,16 @@
<?php
use openid\exceptions\InvalidOpenIdMessageException;
use openid\exceptions\InvalidRequestContextException;
use openid\OpenIdProtocol;
use openid\responses\OpenIdNonImmediateNegativeAssertion;
use openid\services\IAuthService;
use openid\services\IMementoOpenIdRequestService;
use openid\services\IServerConfigurationService;
use openid\services\ITrustedSitesService;
use openid\services\IUserService;
use openid\strategies\OpenIdResponseStrategyFactoryMethod;
use openid\XRDS\XRDSDocumentBuilder;
use services\IUserActionService;
use \openid\requests\OpenIdAuthenticationRequest;
use services\IPHelper;
use services\IUserActionService;
use strategies\DefaultLoginStrategy;
use strategies\OpenIdConsentStrategy;
use strategies\OpenIdLoginStrategy;
class UserController extends BaseController
{
@ -24,6 +21,8 @@ class UserController extends BaseController
private $discovery;
private $user_service;
private $user_action_service;
private $login_strategy;
private $consent_strategy;
public function __construct(IMementoOpenIdRequestService $memento_service,
IAuthService $auth_service,
@ -42,47 +41,31 @@ class UserController extends BaseController
$this->user_action_service = $user_action_service;
//filters
$this->beforeFilter('csrf', array('only' => array('postLogin', 'postConsent')));
$this->beforeFilter('openid.save.request');
$this->beforeFilter('openid.needs.auth.request', array('only' => array('getConsent')));
$msg = $this->memento_service->getCurrentRequest();
if (!is_null($msg) && $msg->isValid()) {
//openid stuff
$this->beforeFilter('openid.save.request');
$this->beforeFilter('openid.needs.auth.request', array('only' => array('getConsent')));
$this->login_strategy = new OpenIdLoginStrategy($memento_service, $user_action_service, $auth_service);
$this->consent_strategy = new OpenIdConsentStrategy($memento_service, $auth_service, $server_configuration_service, $user_action_service);
} else {
//default stuff
$this->login_strategy = new DefaultLoginStrategy($user_action_service, $auth_service);
$this->consent_strategy = null;
}
//oauth2 stuff
}
public function getLogin()
{
if (Auth::guest()){
$msg = $this->memento_service->getCurrentRequest();
if (is_null($msg) || !$msg->isValid() || !OpenIdAuthenticationRequest::IsOpenIdAuthenticationRequest($msg))
return View::make("login");
else{
$auth_request = new OpenIdAuthenticationRequest($msg);
$params = array('realm'=>$auth_request->getRealm());
if(!$auth_request->isIdentitySelectByOP()){
$params['claimed_id'] = $auth_request->getClaimedId();
$params['identity'] = $auth_request->getIdentity();
$params['identity_select'] = false;
}
else{
$params['identity_select'] = true;
}
return View::make("login",$params);
}
}
else {
return Redirect::action("UserController@getProfile");
}
return $this->login_strategy->getLogin();
}
public function cancelLogin()
{
$msg = $this->memento_service->getCurrentRequest();
if (!is_null($msg) && $msg->isValid()) {
$cancel_response = new OpenIdNonImmediateNegativeAssertion();
$cancel_response->setReturnTo($msg->getParam(OpenIdProtocol::OpenIDProtocol_ReturnTo));
$strategy = OpenIdResponseStrategyFactoryMethod::buildStrategy($cancel_response);
return $strategy->handle($cancel_response);
} else {
return Redirect::action("HomeController@index");
}
return $this->login_strategy->cancelLogin();
}
public function postLogin()
@ -102,31 +85,17 @@ class UserController extends BaseController
// Create a new validator instance.
$validator = Validator::make($data, $rules);
if ($validator->passes()) {
$username = Input::get("username");
$password = Input::get("password");
$remember = Input::get("remember");
if (is_null($remember))
$remember = false;
else
$remember = true;
$remember = !is_null($remember);
if ($this->auth_service->login($username, $password, $remember)) {
$msg = $this->memento_service->getCurrentRequest();
if (!is_null($msg) && $msg->isValid()) {
//go to authentication flow again
$this->user_action_service->addUserAction($this->auth_service->getCurrentUser(), IPHelper::getUserIp(), IUserActionService::LoginAction, $msg->getParam(OpenIdProtocol::OpenIDProtocol_Realm));
return Redirect::action("OpenIdProviderController@op_endpoint");
} else {
$user = $this->auth_service->getCurrentUser();
$identifier = $user->getIdentifier();
$this->user_action_service->addUserAction($this->auth_service->getCurrentUser(), IPHelper::getUserIp(), IUserActionService::LoginAction);
return Redirect::action("UserController@getIdentity", array("identifier" => $identifier));
}
return $this->login_strategy->postLogin();
}
//failed login attempt...
$user = $this->auth_service->getUserByUsername($username);
if ($user) {
$login_attempts = $user->login_failed_attempt;
@ -140,46 +109,21 @@ class UserController extends BaseController
}
}
public function getConsent()
{
$data = $this->getViewData();
return View::make("consent", $data);
}
private function getViewData()
{
$context = Session::get('context');
if (is_null($context))
throw new InvalidRequestContextException();
$partial_views = $context->getPartials();
$data = array();
$views = array();
foreach ($partial_views as $partial) {
$views[$partial->getName()] = View::make($partial->getName(), $partial->getData());
}
$request = $this->memento_service->getCurrentRequest();
$user = $this->auth_service->getCurrentUser();
$data['realm'] = $request->getParam(OpenIdProtocol::OpenIDProtocol_Realm);
$data['openid_url'] = $this->server_configuration_service->getUserIdentityEndpointURL($user->getIdentifier());
$data['views'] = $views;
return $data;
if (is_null($this->consent_strategy))
return View::make("404");
return $this->consent_strategy->getConsent();
}
public function postConsent()
{
try {
$trust_action = input::get("trust");
if (!is_null($trust_action) && is_array($trust_action)) {
$msg = $this->memento_service->getCurrentRequest();
if (is_null($msg) || !$msg->isValid())
throw new InvalidOpenIdMessageException();
$this->user_action_service->addUserAction($this->auth_service->getCurrentUser(), IPHelper::getUserIp(), IUserActionService::ConsentAction, $msg->getParam(OpenIdProtocol::OpenIDProtocol_Realm));
$this->auth_service->setUserAuthorizationResponse($trust_action[0]);
return Redirect::action('OpenIdProviderController@op_endpoint');
if (!is_null($trust_action) && !is_null($this->consent_strategy)) {
return $this->consent_strategy->postConsent($trust_action);
}
return Redirect::action('UserController@getConsent');
} catch (Exception $ex) {
Log::error($ex);
return Redirect::action('UserController@getConsent');
@ -188,7 +132,6 @@ class UserController extends BaseController
public function getIdentity($identifier)
{
try {
$user = $this->auth_service->getUserByOpenId($identifier);
if (is_null($user))
@ -265,7 +208,6 @@ class UserController extends BaseController
$show_email = Input::get("show_email");
$show_pic = Input::get("show_pic");
$user = $this->auth_service->getCurrentUser();
$this->user_service->saveProfileInfo($user->getId(), $show_pic, $show_full_name, $show_email);
return Redirect::action("UserController@getProfile");
}

43
app/strategies/DefaultLoginStrategy.php Normal file
View File

@ -0,0 +1,43 @@
<?php
namespace strategies;
use \Auth;
use \Redirect;
use \View;
use services\IPHelper;
use services\IUserActionService;
use openid\services\IAuthService;
class DefaultLoginStrategy implements ILoginStrategy
{
private $user_action_service;
private $auth_service;
public function __construct(IUserActionService $user_action_service,
IAuthService $auth_service)
{
$this->user_action_service = $user_action_service;
$this->auth_service = $auth_service;
}
public function getLogin()
{
if (Auth::guest())
return View::make("login");
return Redirect::action("UserController@getProfile");
}
public function postLogin()
{
$user = $this->auth_service->getCurrentUser();
$identifier = $user->getIdentifier();
$this->user_action_service->addUserAction($this->auth_service->getCurrentUser(), IPHelper::getUserIp(), IUserActionService::LoginAction);
return Redirect::action("UserController@getIdentity", array("identifier" => $identifier));
}
public function cancelLogin()
{
return Redirect::action("HomeController@index");
}
}

8
app/strategies/IConsentStrategy.php Normal file
View File

@ -0,0 +1,8 @@
<?php
namespace strategies;
interface IConsentStrategy {
public function getConsent();
public function postConsent($trust_action);
}

16
app/strategies/ILoginStrategy.php Normal file
View File

@ -0,0 +1,16 @@
<?php
/**
* Created by PhpStorm.
* User: smarcet
* Date: 11/28/13
* Time: 3:11 PM
*/
namespace strategies;
interface ILoginStrategy {
public function getLogin();
public function postLogin();
public function cancelLogin();
}

71
app/strategies/OpenIdConsentStrategy.php Normal file
View File

@ -0,0 +1,71 @@
<?php
namespace strategies;
use openid\exceptions\InvalidOpenIdMessageException;
use openid\exceptions\InvalidRequestContextException;
use openid\OpenIdProtocol;
use openid\services\IAuthService;
use openid\services\IMementoOpenIdRequestService;
use openid\services\IServerConfigurationService;
use services\IPHelper;
use services\IUserActionService;
use \Auth;
use \Redirect;
use \View;
class OpenIdConsentStrategy implements IConsentStrategy
{
private $memento_service;
private $auth_service;
private $server_configuration_service;
private $user_action_service;
public function __construct(IMementoOpenIdRequestService $memento_service, IAuthService $auth_service, IServerConfigurationService $server_configuration_service, IUserActionService $user_action_service)
{
$this->memento_service = $memento_service;
$this->auth_service = $auth_service;
$this->server_configuration_service = $server_configuration_service;
$this->user_action_service = $user_action_service;
}
public function getConsent()
{
$data = $this->getViewData();
return View::make("consent", $data);
}
private function getViewData()
{
$context = Session::get('context');
if (is_null($context))
throw new InvalidRequestContextException();
$partial_views = $context->getPartials();
$data = array();
$views = array();
foreach ($partial_views as $partial) {
$views[$partial->getName()] = View::make($partial->getName(), $partial->getData());
}
$request = $this->memento_service->getCurrentRequest();
$user = $this->auth_service->getCurrentUser();
$data['realm'] = $request->getParam(OpenIdProtocol::OpenIDProtocol_Realm);
$data['openid_url'] = $this->server_configuration_service->getUserIdentityEndpointURL($user->getIdentifier());
$data['views'] = $views;
return $data;
}
public function postConsent($trust_action)
{
if (is_array($trust_action)) {
$msg = $this->memento_service->getCurrentRequest();
if (is_null($msg) || !$msg->isValid())
throw new InvalidOpenIdMessageException();
$this->user_action_service->addUserAction($this->auth_service->getCurrentUser(), IPHelper::getUserIp(), IUserActionService::ConsentAction, $msg->getParam(OpenIdProtocol::OpenIDProtocol_Realm));
$this->auth_service->setUserAuthorizationResponse($trust_action[0]);
return Redirect::action('OpenIdProviderController@op_endpoint');
}
return Redirect::action('UserController@getConsent');
}
}

72
app/strategies/OpenIdLoginStrategy.php Normal file
View File

@ -0,0 +1,72 @@
<?php
namespace strategies;
use openid\OpenIdProtocol;
use openid\requests\OpenIdAuthenticationRequest;
use openid\responses\OpenIdNonImmediateNegativeAssertion;
use openid\services\IMementoOpenIdRequestService;
use openid\strategies\OpenIdResponseStrategyFactoryMethod;
use services\IPHelper;
use services\IUserActionService;
use \Auth;
use \Redirect;
use \View;
class OpenIdLoginStrategy implements ILoginStrategy
{
private $memento_service;
private $user_action_service;
private $auth_service;
public function __construct(IMementoOpenIdRequestService $memento_service,
IUserActionService $user_action_service,
IAuthService $auth_service)
{
$this->memento_service = $memento_service;
$this->user_action_service = $user_action_service;
$this->auth_service = $auth_service;
}
public function getLogin()
{
if (Auth::guest()) {
$msg = $this->memento_service->getCurrentRequest();
if (is_null($msg) || !$msg->isValid() || !OpenIdAuthenticationRequest::IsOpenIdAuthenticationRequest($msg))
return View::make("login");
else {
$auth_request = new OpenIdAuthenticationRequest($msg);
$params = array('realm' => $auth_request->getRealm());
if (!$auth_request->isIdentitySelectByOP()) {
$params['claimed_id'] = $auth_request->getClaimedId();
$params['identity'] = $auth_request->getIdentity();
$params['identity_select'] = false;
} else {
$params['identity_select'] = true;
}
return View::make("login", $params);
}
} else {
return Redirect::action("UserController@getProfile");
}
}
public function postLogin()
{
//go to authentication flow again
$msg = $this->memento_service->getCurrentRequest();
$this->user_action_service->addUserAction($this->auth_service->getCurrentUser(), IPHelper::getUserIp(), IUserActionService::LoginAction, $msg->getParam(OpenIdProtocol::OpenIDProtocol_Realm));
return Redirect::action("OpenIdProviderController@op_endpoint");
}
public function cancelLogin()
{
$msg = $this->memento_service->getCurrentRequest();
$cancel_response = new OpenIdNonImmediateNegativeAssertion();
$cancel_response->setReturnTo($msg->getParam(OpenIdProtocol::OpenIDProtocol_ReturnTo));
$strategy = OpenIdResponseStrategyFactoryMethod::buildStrategy($cancel_response);
return $strategy->handle($cancel_response);
}
}