openinfra/openstackid
Code Issues Proposed changes
68c10a2765
openstackid/app/Validators/CustomValidator.php
smarcet b52c932636 IDP - User Management 
* Added user registration process
* Added user password reset process
* Added user email verification proccess
* update token id to return custom claims
* update access token instrospection to return user custom claims
* Migrated to Doctrine ORM ( from eloquent)
* Added User CRUD
* Added User Groups CRUD
* Refactoring
* Bug Fixing
* added user registration oauth2 endpoint
  POST /api/v1/user-registration-requests

payload

* first_name ( required )
* last_name ( required)
* email ( required )
* country ( optional )

scope

user-registration ( private scope)

Change-Id: I36e8cd4473ccad734565051442e2c6033b204f27
2020-01-23 03:06:05 -03:00

372 lines
10 KiB
PHP
Raw Blame History

<?php namespace Validators;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use Illuminate\Validation\Validator;
use Models\OAuth2\Client;
use Illuminate\Contracts\Translation\Translator;
use jwk\JSONWebKeyPublicKeyUseValues;
use jwk\JSONWebKeyTypes;
use OAuth2\OAuth2Protocol;
use OAuth2\Models\IClient;
use Utils\Services\IAuthService;
use phpseclib\Crypt\RSA;
/**
* Class CustomValidator
* @package Validators
*/
class CustomValidator extends Validator
{
protected $implicitRules = array(
'Required',
'RequiredWith',
'RequiredWithout',
'RequiredIf',
'Accepted',
'RequiredWithoutField'
);
public function __construct(Translator $translator, $data, $rules, $messages = [])
{
parent::__construct($translator, $data, $rules, $messages);
$this->isImplicit('fail');
}
public function validateBoolean($attribute, $value)
{
if (is_bool($value)) {
return true;
}
if (is_int($value)) {
return true;
}
return strtoupper(trim($value)) == 'TRUE' || strtoupper(trim($value)) == 'FALSE' || strtoupper(trim($value)) == '1' || strtoupper(trim($value)) == '0';
}
public function validateText($attribute, $value)
{
$value = trim($value);
return preg_match("%^[a-zA-Z0-9\s\-\.\,\/\_]+$%i", $value) == 1;
}
public function validateHttpmethod($attribute, $value)
{
$value = strtoupper(trim($value));
//'GET', 'HEAD','POST','PUT','DELETE','TRACE','CONNECT','OPTIONS'
$allowed_http_verbs = array(
'GET' => 'GET',
'HEAD' => 'HEAD',
'POST' => 'POST',
'PUT' => 'PUT',
'DELETE' => 'DELETE',
'TRACE' => 'TRACE',
'CONNECT' => 'CONNECT',
'OPTIONS' => 'OPTIONS',
);
return array_key_exists($value, $allowed_http_verbs);
}
public function validateRoute($attribute, $value)
{
return true;
}
public function validateScopename($attribute, $value)
{
$value = trim($value);
return preg_match("/^[a-zA-Z0-9\-\.\,\:\_\/]+$/", $value) == 1;
}
public function validateHost($attribute, $value)
{
return filter_var(gethostbyname($value), FILTER_VALIDATE_IP) ? true : false;
}
public function validateApplicationtype($attribute, $value)
{
if (!is_string($value)) {
return false;
}
$value = trim($value);
return in_array($value, Client::$valid_app_types);
}
public function validateSslurl($attribute, $value)
{
return preg_match(";^https:\/\/([\w@][\w.:@]+)\/?[\w\.?=%&=\-@/$,]*$;i", $value) == 1;
}
public function validateFreeText($attribute, $value)
{
return preg_match('|^[a-z0-9A-Z\-@_.,()\'"\s\:\/]+$|i', $value) == 1;
}
public function validateSslorigin($attribute, $value)
{
if (filter_var($value, FILTER_VALIDATE_URL)) {
$parts = @parse_url($value);
if ($parts == false) {
return false;
}
if ($parts['scheme'] != 'https') {
return false;
}
if (isset($parts['query'])) {
return false;
}
if (isset($parts['fragment'])) {
return false;
}
if (isset($parts['path'])) {
return false;
}
if (isset($parts['user'])) {
return false;
}
if (isset($parts['pass'])) {
return false;
}
return true;
}
return false;
}
public function validateEmailSet($attribute, $value)
{
$emails = explode(',', $value);
$res = true;
foreach ($emails as $email) {
$res = $this->validateEmail($attribute, $email);
if (!$res) {
break;
}
}
return $res;
}
public function validateUrlSet($attribute, $value)
{
$urls = explode(',', $value);
$res = true;
foreach ($urls as $url) {
$res = $this->validateUrl($attribute, $url);
if (!$res) {
break;
}
}
return $res;
}
public function validateTokenEndpointAuthMethod($attribute, $value)
{
return in_array($value,OAuth2Protocol::$token_endpoint_auth_methods);
}
public function validateSigningAlg($attribute, $value)
{
return in_array($value,OAuth2Protocol::$supported_signing_algorithms);
}
public function validateSubjectType($attribute, $value)
{
return in_array($value, Client::$valid_subject_types);
}
public function validateEncryptedAlg($attribute, $value)
{
return in_array($value,OAuth2Protocol::$supported_key_management_algorithms);
}
public function validateEncryptedEnc($attribute, $value)
{
return in_array($value,OAuth2Protocol::$supported_content_encryption_algorithms);
}
public function validatePublicKeyPem($attribute, $value)
{
$res1 = strpos($value,'-----BEGIN PUBLIC KEY-----');
$res2 = strpos($value,'-----BEGIN RSA PUBLIC KEY-----');
$res3 = strpos($value,'-----END PUBLIC KEY-----');
$res4 = strpos($value,'-----END RSA PUBLIC KEY-----');
$PKCS8 = $res1 !== false && $res3 !== false;
$PKCS1 = $res2 !== false && $res4 !== false;
$rsa = new RSA;
$parsed = $rsa->loadKey($value);
return ($PKCS8 || $PKCS1) && $parsed;
}
public function validatePublicKeyPemLength($attribute, $value)
{
$rsa = new RSA();
$parsed = $rsa->loadKey($value);
return $parsed && $rsa->getSize() > 1024;
}
public function validatePrivateKeyPem($attribute, $value, $parameters)
{
$res1 = strpos($value,'-----BEGIN PRIVATE KEY-----');
$res2 = strpos($value,'-----BEGIN RSA PRIVATE KEY-----');
$res3 = strpos($value,'-----END PRIVATE KEY-----');
$res4 = strpos($value,'-----END RSA PRIVATE KEY-----');
$PKCS8 = $res1 !== false && $res3 !== false;
$PKCS1 = $res2 !== false && $res4 !== false;
$encrypted = strpos($value,'ENCRYPTED') !== false ;
$password_param = $parameters[0];
$rsa = new RSA;
if(isset($this->data[$password_param]) && $encrypted){
$rsa->setPassword($this->data[$password_param]);
}
$parsed = $rsa->loadKey($value);
return ($PKCS8 || $PKCS1) && $parsed;
}
public function validatePrivateKeyPemLength($attribute, $value, $parameters)
{
$encrypted = strpos($value,'ENCRYPTED') !== false ;
$password_param = $parameters[0];
$rsa = new RSA;
if(isset($this->data[$password_param]) && $encrypted){
$rsa->setPassword($this->data[$password_param]);
}
$parsed = $rsa->loadKey($value);
return $parsed && $rsa->getSize() >= 2048;
}
public function validatePublicKeyUsage($attribute, $value, $parameters)
{
return in_array($value, JSONWebKeyPublicKeyUseValues::$valid_uses);
}
public function validatePublicKeyType($attribute, $value, $parameters)
{
return in_array($value, JSONWebKeyTypes::$valid_keys_set);
}
public function validatePrivateKeyPassword($attribute, $value, $parameters){
$pem_param = $parameters[0];
if(!isset($this->data[$pem_param])) return true;
$pem_content = $this->data[$pem_param];
$rsa = new RSA;
$rsa->setPassword($value);
$parsed = $rsa->loadKey($pem_content);
return $parsed;
}
public function validateCustomUrlSet($attribute, $value, $parameters)
{
$app_type_param = $parameters[0];
if(!isset($this->data[$app_type_param])) return true;
$app_type = $this->data[$app_type_param];
$urls = explode(',', $value);
$res = true;
foreach ($urls as $url) {
$res = $app_type === IClient::ApplicationType_Native ? $this->validateCustomUrl($attribute, $url, $parameters): $this->validateSslurl($attribute, $url);
if (!$res) {
break;
}
}
return $res;
}
public function validateCustomUrl($attribute, $value, $paramenters){
$uri = @parse_url($value);
if (!isset($uri['scheme'])) {
return false;
}
return true;
}
public function validateSslUrlSet($attribute, $value, $parameters)
{
$urls = explode(',', $value);
$res = true;
foreach ($urls as $url) {
$res = $this->validateSslurl($attribute, $url);
if (!$res) {
break;
}
}
return $res;
}
public function validateKeyAlg($attribute, $value, $parameters)
{
$key_type_param = $parameters[0];
$key_type = $this->data[$key_type_param];
if($key_type === JSONWebKeyPublicKeyUseValues::Signature)
{
return in_array($value, OAuth2Protocol::$supported_signing_algorithms);
}
else
{
return in_array($value, OAuth2Protocol::$supported_key_management_algorithms);
}
}
public function validateOauth2TrustResponse($attribute, $value, $parameters){
$valid_values = array
(
IAuthService::AuthorizationResponse_AllowOnce,
IAuthService::AuthorizationResponse_DenyOnce,
IAuthService::AuthorizationResponse_AllowForever,
IAuthService::AuthorizationResponse_DenyForever,
);
if(is_array($value)) $value = $value[0];
return in_array($value, $valid_values);
}
public function validateUserIds($attribute, $value, $parameters)
{
$user_ids = explode(',',$value);
foreach($user_ids as $id)
{
if(!intval($id)) return false;
}
return true;
}
}
View Git Blame Copy Permalink