118 lines
5.5 KiB
PHP
118 lines
5.5 KiB
PHP
<?php
|
|
|
|
namespace services;
|
|
|
|
use Exception;
|
|
use openid\services\IServerConfigurationService as IOpenIdServerConfigurationService;
|
|
use ServerConfiguration;
|
|
use utils\services\ICacheService;
|
|
use utils\services\IServerConfigurationService;
|
|
|
|
class ServerConfigurationService implements IOpenIdServerConfigurationService,IServerConfigurationService
|
|
{
|
|
|
|
const DefaultAssetsUrl = 'http://www.openstack.org/';
|
|
const DefaultPrivateAssociationLifetime = 120;
|
|
const DefaultSessionAssociationLifetime = 21600;
|
|
const DefaultMaxFailedLoginAttempts = 10;
|
|
const DefaultMaxFailedLoginAttempts2ShowCaptcha = 3;
|
|
const DefaultNonceLifetime = 360;
|
|
|
|
private $default_config_params;
|
|
|
|
private $cache_service;
|
|
|
|
public function __construct(ICacheService $cache_service)
|
|
{
|
|
|
|
$this->cache_service = $cache_service;
|
|
//default config values
|
|
$this->default_config_params = array();
|
|
$this->default_config_params["Private.Association.Lifetime"] = 240;
|
|
$this->default_config_params["Session.Association.Lifetime"] = 21600;
|
|
$this->default_config_params["MaxFailed.Login.Attempts"] = 10;
|
|
$this->default_config_params["MaxFailed.LoginAttempts.2ShowCaptcha"] = 3;
|
|
$this->default_config_params["Nonce.Lifetime"] = 360;
|
|
$this->default_config_params["Assets.Url"] = 'http://www.openstack.org/';
|
|
|
|
$this->default_config_params["BlacklistSecurityPolicy.BannedIpLifeTimeSeconds"] = 21600;
|
|
$this->default_config_params["BlacklistSecurityPolicy.MinutesWithoutExceptions"] = 5;
|
|
$this->default_config_params["BlacklistSecurityPolicy.ReplayAttackExceptionInitialDelay"] = 10;
|
|
$this->default_config_params["BlacklistSecurityPolicy.MaxInvalidNonceAttempts"] = 10;
|
|
$this->default_config_params["BlacklistSecurityPolicy.InvalidNonceInitialDelay"] = 10;
|
|
$this->default_config_params["BlacklistSecurityPolicy.MaxInvalidOpenIdMessageExceptionAttempts"] = 10;
|
|
$this->default_config_params["BlacklistSecurityPolicy.InvalidOpenIdMessageExceptionInitialDelay"] = 10;
|
|
$this->default_config_params["BlacklistSecurityPolicy.MaxOpenIdInvalidRealmExceptionAttempts"] = 10;
|
|
$this->default_config_params["BlacklistSecurityPolicy.OpenIdInvalidRealmExceptionInitialDelay"] = 10;
|
|
$this->default_config_params["BlacklistSecurityPolicy.MaxInvalidOpenIdMessageModeAttempts"] = 10;
|
|
$this->default_config_params["BlacklistSecurityPolicy.InvalidOpenIdMessageModeInitialDelay"] = 10;
|
|
$this->default_config_params["BlacklistSecurityPolicy.MaxInvalidOpenIdAuthenticationRequestModeAttempts"] = 10;
|
|
$this->default_config_params["BlacklistSecurityPolicy.InvalidOpenIdAuthenticationRequestModeInitialDelay"] = 10;
|
|
$this->default_config_params["BlacklistSecurityPolicy.MaxAuthenticationExceptionAttempts"] = 10;
|
|
$this->default_config_params["BlacklistSecurityPolicy.AuthenticationExceptionInitialDelay"] = 20;
|
|
$this->default_config_params["BlacklistSecurityPolicy.MaxInvalidAssociationAttempts"] = 10;
|
|
$this->default_config_params["BlacklistSecurityPolicy.InvalidAssociationInitialDelay"] = 20;
|
|
|
|
|
|
$this->default_config_params["BlacklistSecurityPolicy.OAuth2.MaxAuthCodeReplayAttackAttempts"] = 3;
|
|
$this->default_config_params["BlacklistSecurityPolicy.OAuth2.AuthCodeReplayAttackInitialDelay"] = 10;
|
|
|
|
$this->default_config_params["BlacklistSecurityPolicy.OAuth2.MaxInvalidAuthorizationCodeAttempts"] = 3;
|
|
$this->default_config_params["BlacklistSecurityPolicy.OAuth2.InvalidAuthorizationCodeInitialDelay"] = 10;
|
|
|
|
$this->default_config_params["BlacklistSecurityPolicy.OAuth2.MaxInvalidBearerTokenDisclosureAttempt"] = 3;
|
|
$this->default_config_params["BlacklistSecurityPolicy.OAuth2.BearerTokenDisclosureAttemptInitialDelay"] = 10;
|
|
|
|
|
|
$this->default_config_params["OAuth2.AuthorizationCode.Lifetime"] = 600;
|
|
$this->default_config_params["OAuth2.AccessToken.Lifetime"] = 3600;
|
|
//infinite by default
|
|
$this->default_config_params["OAuth2.RefreshToken.Lifetime"] = 0;
|
|
|
|
}
|
|
|
|
public function getUserIdentityEndpointURL($identifier)
|
|
{
|
|
$url = action("UserController@getIdentity", array("identifier" => $identifier));
|
|
return $url;
|
|
}
|
|
|
|
public function getOPEndpointURL()
|
|
{
|
|
$url = action("OpenIdProviderController@op_endpoint");
|
|
return $url;
|
|
}
|
|
|
|
/**
|
|
* get config value from cache and if not in cache check for it on table server_configuration
|
|
* @param $key
|
|
* @return mixed
|
|
*/
|
|
public function getConfigValue($key)
|
|
{
|
|
$res = null;
|
|
try {
|
|
|
|
if (!$this->cache_service->exists($key)) {
|
|
|
|
if (!is_null($conf = ServerConfiguration::where('key', '=', $key)->first()))
|
|
$this->cache_service->addSingleValue($key, $conf->value);
|
|
else
|
|
if (isset($this->default_config_params[$key]))
|
|
$this->cache_service->addSingleValue($key, $this->default_config_params[$key]);
|
|
else
|
|
return null;
|
|
}
|
|
|
|
$res = $this->cache_service->getSingleValue($key);
|
|
|
|
} catch (Exception $ex) {
|
|
Log::error($ex);
|
|
if (isset($this->default_config_params[$key])) {
|
|
$res = $this->default_config_params[$key];
|
|
}
|
|
}
|
|
return $res;
|
|
}
|
|
|
|
} |