[smarcet] - #5020 - Basic Client Flow (with authorization code)
This commit is contained in:
parent
4d5059c257
commit
f7a33f067c
|
@ -1,19 +1,16 @@
|
|||
<?php
|
||||
|
||||
use openid\exceptions\InvalidOpenIdMessageException;
|
||||
use openid\exceptions\InvalidRequestContextException;
|
||||
use openid\OpenIdProtocol;
|
||||
use openid\responses\OpenIdNonImmediateNegativeAssertion;
|
||||
use openid\services\IAuthService;
|
||||
use openid\services\IMementoOpenIdRequestService;
|
||||
use openid\services\IServerConfigurationService;
|
||||
use openid\services\ITrustedSitesService;
|
||||
use openid\services\IUserService;
|
||||
use openid\strategies\OpenIdResponseStrategyFactoryMethod;
|
||||
use openid\XRDS\XRDSDocumentBuilder;
|
||||
use services\IUserActionService;
|
||||
use \openid\requests\OpenIdAuthenticationRequest;
|
||||
use services\IPHelper;
|
||||
use services\IUserActionService;
|
||||
use strategies\DefaultLoginStrategy;
|
||||
use strategies\OpenIdConsentStrategy;
|
||||
use strategies\OpenIdLoginStrategy;
|
||||
|
||||
class UserController extends BaseController
|
||||
{
|
||||
|
@ -24,6 +21,8 @@ class UserController extends BaseController
|
|||
private $discovery;
|
||||
private $user_service;
|
||||
private $user_action_service;
|
||||
private $login_strategy;
|
||||
private $consent_strategy;
|
||||
|
||||
public function __construct(IMementoOpenIdRequestService $memento_service,
|
||||
IAuthService $auth_service,
|
||||
|
@ -42,47 +41,31 @@ class UserController extends BaseController
|
|||
$this->user_action_service = $user_action_service;
|
||||
//filters
|
||||
$this->beforeFilter('csrf', array('only' => array('postLogin', 'postConsent')));
|
||||
$this->beforeFilter('openid.save.request');
|
||||
$this->beforeFilter('openid.needs.auth.request', array('only' => array('getConsent')));
|
||||
|
||||
|
||||
$msg = $this->memento_service->getCurrentRequest();
|
||||
if (!is_null($msg) && $msg->isValid()) {
|
||||
//openid stuff
|
||||
$this->beforeFilter('openid.save.request');
|
||||
$this->beforeFilter('openid.needs.auth.request', array('only' => array('getConsent')));
|
||||
$this->login_strategy = new OpenIdLoginStrategy($memento_service, $user_action_service, $auth_service);
|
||||
$this->consent_strategy = new OpenIdConsentStrategy($memento_service, $auth_service, $server_configuration_service, $user_action_service);
|
||||
} else {
|
||||
//default stuff
|
||||
$this->login_strategy = new DefaultLoginStrategy($user_action_service, $auth_service);
|
||||
$this->consent_strategy = null;
|
||||
}
|
||||
//oauth2 stuff
|
||||
}
|
||||
|
||||
public function getLogin()
|
||||
{
|
||||
if (Auth::guest()){
|
||||
$msg = $this->memento_service->getCurrentRequest();
|
||||
if (is_null($msg) || !$msg->isValid() || !OpenIdAuthenticationRequest::IsOpenIdAuthenticationRequest($msg))
|
||||
return View::make("login");
|
||||
else{
|
||||
$auth_request = new OpenIdAuthenticationRequest($msg);
|
||||
$params = array('realm'=>$auth_request->getRealm());
|
||||
|
||||
if(!$auth_request->isIdentitySelectByOP()){
|
||||
$params['claimed_id'] = $auth_request->getClaimedId();
|
||||
$params['identity'] = $auth_request->getIdentity();
|
||||
$params['identity_select'] = false;
|
||||
}
|
||||
else{
|
||||
$params['identity_select'] = true;
|
||||
}
|
||||
return View::make("login",$params);
|
||||
}
|
||||
}
|
||||
else {
|
||||
return Redirect::action("UserController@getProfile");
|
||||
}
|
||||
return $this->login_strategy->getLogin();
|
||||
}
|
||||
|
||||
public function cancelLogin()
|
||||
{
|
||||
$msg = $this->memento_service->getCurrentRequest();
|
||||
if (!is_null($msg) && $msg->isValid()) {
|
||||
$cancel_response = new OpenIdNonImmediateNegativeAssertion();
|
||||
$cancel_response->setReturnTo($msg->getParam(OpenIdProtocol::OpenIDProtocol_ReturnTo));
|
||||
$strategy = OpenIdResponseStrategyFactoryMethod::buildStrategy($cancel_response);
|
||||
return $strategy->handle($cancel_response);
|
||||
} else {
|
||||
return Redirect::action("HomeController@index");
|
||||
}
|
||||
return $this->login_strategy->cancelLogin();
|
||||
}
|
||||
|
||||
public function postLogin()
|
||||
|
@ -102,31 +85,17 @@ class UserController extends BaseController
|
|||
// Create a new validator instance.
|
||||
$validator = Validator::make($data, $rules);
|
||||
|
||||
|
||||
if ($validator->passes()) {
|
||||
|
||||
$username = Input::get("username");
|
||||
$password = Input::get("password");
|
||||
$remember = Input::get("remember");
|
||||
|
||||
if (is_null($remember))
|
||||
$remember = false;
|
||||
else
|
||||
$remember = true;
|
||||
$remember = !is_null($remember);
|
||||
|
||||
if ($this->auth_service->login($username, $password, $remember)) {
|
||||
$msg = $this->memento_service->getCurrentRequest();
|
||||
if (!is_null($msg) && $msg->isValid()) {
|
||||
//go to authentication flow again
|
||||
$this->user_action_service->addUserAction($this->auth_service->getCurrentUser(), IPHelper::getUserIp(), IUserActionService::LoginAction, $msg->getParam(OpenIdProtocol::OpenIDProtocol_Realm));
|
||||
return Redirect::action("OpenIdProviderController@op_endpoint");
|
||||
} else {
|
||||
$user = $this->auth_service->getCurrentUser();
|
||||
$identifier = $user->getIdentifier();
|
||||
$this->user_action_service->addUserAction($this->auth_service->getCurrentUser(), IPHelper::getUserIp(), IUserActionService::LoginAction);
|
||||
return Redirect::action("UserController@getIdentity", array("identifier" => $identifier));
|
||||
}
|
||||
return $this->login_strategy->postLogin();
|
||||
}
|
||||
//failed login attempt...
|
||||
$user = $this->auth_service->getUserByUsername($username);
|
||||
if ($user) {
|
||||
$login_attempts = $user->login_failed_attempt;
|
||||
|
@ -140,46 +109,21 @@ class UserController extends BaseController
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
public function getConsent()
|
||||
{
|
||||
$data = $this->getViewData();
|
||||
return View::make("consent", $data);
|
||||
}
|
||||
|
||||
private function getViewData()
|
||||
{
|
||||
$context = Session::get('context');
|
||||
if (is_null($context))
|
||||
throw new InvalidRequestContextException();
|
||||
$partial_views = $context->getPartials();
|
||||
$data = array();
|
||||
$views = array();
|
||||
foreach ($partial_views as $partial) {
|
||||
$views[$partial->getName()] = View::make($partial->getName(), $partial->getData());
|
||||
}
|
||||
$request = $this->memento_service->getCurrentRequest();
|
||||
$user = $this->auth_service->getCurrentUser();
|
||||
$data['realm'] = $request->getParam(OpenIdProtocol::OpenIDProtocol_Realm);
|
||||
$data['openid_url'] = $this->server_configuration_service->getUserIdentityEndpointURL($user->getIdentifier());
|
||||
$data['views'] = $views;
|
||||
return $data;
|
||||
if (is_null($this->consent_strategy))
|
||||
return View::make("404");
|
||||
return $this->consent_strategy->getConsent();
|
||||
}
|
||||
|
||||
public function postConsent()
|
||||
{
|
||||
try {
|
||||
$trust_action = input::get("trust");
|
||||
if (!is_null($trust_action) && is_array($trust_action)) {
|
||||
|
||||
$msg = $this->memento_service->getCurrentRequest();
|
||||
if (is_null($msg) || !$msg->isValid())
|
||||
throw new InvalidOpenIdMessageException();
|
||||
|
||||
$this->user_action_service->addUserAction($this->auth_service->getCurrentUser(), IPHelper::getUserIp(), IUserActionService::ConsentAction, $msg->getParam(OpenIdProtocol::OpenIDProtocol_Realm));
|
||||
$this->auth_service->setUserAuthorizationResponse($trust_action[0]);
|
||||
return Redirect::action('OpenIdProviderController@op_endpoint');
|
||||
if (!is_null($trust_action) && !is_null($this->consent_strategy)) {
|
||||
return $this->consent_strategy->postConsent($trust_action);
|
||||
}
|
||||
return Redirect::action('UserController@getConsent');
|
||||
} catch (Exception $ex) {
|
||||
Log::error($ex);
|
||||
return Redirect::action('UserController@getConsent');
|
||||
|
@ -188,7 +132,6 @@ class UserController extends BaseController
|
|||
|
||||
public function getIdentity($identifier)
|
||||
{
|
||||
|
||||
try {
|
||||
$user = $this->auth_service->getUserByOpenId($identifier);
|
||||
if (is_null($user))
|
||||
|
@ -265,7 +208,6 @@ class UserController extends BaseController
|
|||
$show_email = Input::get("show_email");
|
||||
$show_pic = Input::get("show_pic");
|
||||
$user = $this->auth_service->getCurrentUser();
|
||||
|
||||
$this->user_service->saveProfileInfo($user->getId(), $show_pic, $show_full_name, $show_email);
|
||||
return Redirect::action("UserController@getProfile");
|
||||
}
|
||||
|
|
|
@ -0,0 +1,43 @@
|
|||
<?php
|
||||
namespace strategies;
|
||||
|
||||
use \Auth;
|
||||
use \Redirect;
|
||||
use \View;
|
||||
use services\IPHelper;
|
||||
use services\IUserActionService;
|
||||
use openid\services\IAuthService;
|
||||
|
||||
class DefaultLoginStrategy implements ILoginStrategy
|
||||
{
|
||||
|
||||
private $user_action_service;
|
||||
private $auth_service;
|
||||
|
||||
public function __construct(IUserActionService $user_action_service,
|
||||
IAuthService $auth_service)
|
||||
{
|
||||
$this->user_action_service = $user_action_service;
|
||||
$this->auth_service = $auth_service;
|
||||
}
|
||||
|
||||
public function getLogin()
|
||||
{
|
||||
if (Auth::guest())
|
||||
return View::make("login");
|
||||
return Redirect::action("UserController@getProfile");
|
||||
}
|
||||
|
||||
public function postLogin()
|
||||
{
|
||||
$user = $this->auth_service->getCurrentUser();
|
||||
$identifier = $user->getIdentifier();
|
||||
$this->user_action_service->addUserAction($this->auth_service->getCurrentUser(), IPHelper::getUserIp(), IUserActionService::LoginAction);
|
||||
return Redirect::action("UserController@getIdentity", array("identifier" => $identifier));
|
||||
}
|
||||
|
||||
public function cancelLogin()
|
||||
{
|
||||
return Redirect::action("HomeController@index");
|
||||
}
|
||||
}
|
|
@ -0,0 +1,8 @@
|
|||
<?php
|
||||
|
||||
namespace strategies;
|
||||
|
||||
interface IConsentStrategy {
|
||||
public function getConsent();
|
||||
public function postConsent($trust_action);
|
||||
}
|
|
@ -0,0 +1,16 @@
|
|||
<?php
|
||||
/**
|
||||
* Created by PhpStorm.
|
||||
* User: smarcet
|
||||
* Date: 11/28/13
|
||||
* Time: 3:11 PM
|
||||
*/
|
||||
|
||||
namespace strategies;
|
||||
|
||||
|
||||
interface ILoginStrategy {
|
||||
public function getLogin();
|
||||
public function postLogin();
|
||||
public function cancelLogin();
|
||||
}
|
|
@ -0,0 +1,71 @@
|
|||
<?php
|
||||
|
||||
namespace strategies;
|
||||
|
||||
use openid\exceptions\InvalidOpenIdMessageException;
|
||||
use openid\exceptions\InvalidRequestContextException;
|
||||
use openid\OpenIdProtocol;
|
||||
use openid\services\IAuthService;
|
||||
use openid\services\IMementoOpenIdRequestService;
|
||||
use openid\services\IServerConfigurationService;
|
||||
use services\IPHelper;
|
||||
use services\IUserActionService;
|
||||
use \Auth;
|
||||
use \Redirect;
|
||||
use \View;
|
||||
|
||||
class OpenIdConsentStrategy implements IConsentStrategy
|
||||
{
|
||||
|
||||
|
||||
private $memento_service;
|
||||
private $auth_service;
|
||||
private $server_configuration_service;
|
||||
private $user_action_service;
|
||||
|
||||
public function __construct(IMementoOpenIdRequestService $memento_service, IAuthService $auth_service, IServerConfigurationService $server_configuration_service, IUserActionService $user_action_service)
|
||||
{
|
||||
$this->memento_service = $memento_service;
|
||||
$this->auth_service = $auth_service;
|
||||
$this->server_configuration_service = $server_configuration_service;
|
||||
$this->user_action_service = $user_action_service;
|
||||
}
|
||||
|
||||
public function getConsent()
|
||||
{
|
||||
$data = $this->getViewData();
|
||||
return View::make("consent", $data);
|
||||
}
|
||||
|
||||
private function getViewData()
|
||||
{
|
||||
$context = Session::get('context');
|
||||
if (is_null($context))
|
||||
throw new InvalidRequestContextException();
|
||||
$partial_views = $context->getPartials();
|
||||
$data = array();
|
||||
$views = array();
|
||||
foreach ($partial_views as $partial) {
|
||||
$views[$partial->getName()] = View::make($partial->getName(), $partial->getData());
|
||||
}
|
||||
$request = $this->memento_service->getCurrentRequest();
|
||||
$user = $this->auth_service->getCurrentUser();
|
||||
$data['realm'] = $request->getParam(OpenIdProtocol::OpenIDProtocol_Realm);
|
||||
$data['openid_url'] = $this->server_configuration_service->getUserIdentityEndpointURL($user->getIdentifier());
|
||||
$data['views'] = $views;
|
||||
return $data;
|
||||
}
|
||||
|
||||
public function postConsent($trust_action)
|
||||
{
|
||||
if (is_array($trust_action)) {
|
||||
$msg = $this->memento_service->getCurrentRequest();
|
||||
if (is_null($msg) || !$msg->isValid())
|
||||
throw new InvalidOpenIdMessageException();
|
||||
$this->user_action_service->addUserAction($this->auth_service->getCurrentUser(), IPHelper::getUserIp(), IUserActionService::ConsentAction, $msg->getParam(OpenIdProtocol::OpenIDProtocol_Realm));
|
||||
$this->auth_service->setUserAuthorizationResponse($trust_action[0]);
|
||||
return Redirect::action('OpenIdProviderController@op_endpoint');
|
||||
}
|
||||
return Redirect::action('UserController@getConsent');
|
||||
}
|
||||
}
|
|
@ -0,0 +1,72 @@
|
|||
<?php
|
||||
|
||||
namespace strategies;
|
||||
|
||||
use openid\OpenIdProtocol;
|
||||
use openid\requests\OpenIdAuthenticationRequest;
|
||||
use openid\responses\OpenIdNonImmediateNegativeAssertion;
|
||||
use openid\services\IMementoOpenIdRequestService;
|
||||
use openid\strategies\OpenIdResponseStrategyFactoryMethod;
|
||||
use services\IPHelper;
|
||||
use services\IUserActionService;
|
||||
use \Auth;
|
||||
use \Redirect;
|
||||
use \View;
|
||||
|
||||
class OpenIdLoginStrategy implements ILoginStrategy
|
||||
{
|
||||
|
||||
private $memento_service;
|
||||
private $user_action_service;
|
||||
private $auth_service;
|
||||
|
||||
public function __construct(IMementoOpenIdRequestService $memento_service,
|
||||
IUserActionService $user_action_service,
|
||||
IAuthService $auth_service)
|
||||
{
|
||||
$this->memento_service = $memento_service;
|
||||
$this->user_action_service = $user_action_service;
|
||||
$this->auth_service = $auth_service;
|
||||
}
|
||||
|
||||
public function getLogin()
|
||||
{
|
||||
if (Auth::guest()) {
|
||||
$msg = $this->memento_service->getCurrentRequest();
|
||||
if (is_null($msg) || !$msg->isValid() || !OpenIdAuthenticationRequest::IsOpenIdAuthenticationRequest($msg))
|
||||
return View::make("login");
|
||||
else {
|
||||
$auth_request = new OpenIdAuthenticationRequest($msg);
|
||||
$params = array('realm' => $auth_request->getRealm());
|
||||
|
||||
if (!$auth_request->isIdentitySelectByOP()) {
|
||||
$params['claimed_id'] = $auth_request->getClaimedId();
|
||||
$params['identity'] = $auth_request->getIdentity();
|
||||
$params['identity_select'] = false;
|
||||
} else {
|
||||
$params['identity_select'] = true;
|
||||
}
|
||||
return View::make("login", $params);
|
||||
}
|
||||
} else {
|
||||
return Redirect::action("UserController@getProfile");
|
||||
}
|
||||
}
|
||||
|
||||
public function postLogin()
|
||||
{
|
||||
//go to authentication flow again
|
||||
$msg = $this->memento_service->getCurrentRequest();
|
||||
$this->user_action_service->addUserAction($this->auth_service->getCurrentUser(), IPHelper::getUserIp(), IUserActionService::LoginAction, $msg->getParam(OpenIdProtocol::OpenIDProtocol_Realm));
|
||||
return Redirect::action("OpenIdProviderController@op_endpoint");
|
||||
}
|
||||
|
||||
public function cancelLogin()
|
||||
{
|
||||
$msg = $this->memento_service->getCurrentRequest();
|
||||
$cancel_response = new OpenIdNonImmediateNegativeAssertion();
|
||||
$cancel_response->setReturnTo($msg->getParam(OpenIdProtocol::OpenIDProtocol_ReturnTo));
|
||||
$strategy = OpenIdResponseStrategyFactoryMethod::buildStrategy($cancel_response);
|
||||
return $strategy->handle($cancel_response);
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue