[smarcet] - Refs # 4578 - OpenId - Server Core Logic - Authentication Workflow
This commit is contained in:
parent
f1ad337e3a
commit
eebd196ad7
|
@ -61,100 +61,100 @@
|
|||
</library>
|
||||
</orderEntry>
|
||||
<orderEntry type="module-library">
|
||||
<library name="Composer Vendors">
|
||||
<library name="PHP">
|
||||
<CLASSES>
|
||||
<root url="file://$MODULE_DIR$/vendor/psr/log" />
|
||||
<root url="file://$MODULE_DIR$/vendor/filp/whoops" />
|
||||
<root url="file://$MODULE_DIR$/vendor/nikic/php-parser" />
|
||||
<root url="file://$MODULE_DIR$/vendor/nesbot/carbon" />
|
||||
<root url="file://$MODULE_DIR$/vendor/predis/predis" />
|
||||
<root url="file://$MODULE_DIR$/vendor/laravel/framework" />
|
||||
<root url="file://$MODULE_DIR$/vendor/monolog/monolog" />
|
||||
<root url="file://$MODULE_DIR$/vendor/phpunit/phpunit" />
|
||||
<root url="file://$MODULE_DIR$/vendor/phpunit/php-timer" />
|
||||
<root url="file://$MODULE_DIR$/vendor/phpunit/php-token-stream" />
|
||||
<root url="file://$MODULE_DIR$/vendor/phpunit/php-code-coverage" />
|
||||
<root url="file://$MODULE_DIR$/vendor/phpunit/php-file-iterator" />
|
||||
<root url="file://$MODULE_DIR$/vendor/phpunit/php-text-template" />
|
||||
<root url="file://$MODULE_DIR$/vendor/phpunit/phpunit-mock-objects" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/yaml" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/debug" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/finder" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/console" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/process" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/routing" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/filesystem" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/browser-kit" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/dom-crawler" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/http-kernel" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/translation" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/css-selector" />
|
||||
<root url="file://$MODULE_DIR$/vendor/filp/whoops" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/debug" />
|
||||
<root url="file://$MODULE_DIR$/vendor/laravel/framework" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/yaml" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/http-foundation" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/event-dispatcher" />
|
||||
<root url="file://$MODULE_DIR$/vendor/composer" />
|
||||
<root url="file://$MODULE_DIR$/vendor/doctrine/dbal" />
|
||||
<root url="file://$MODULE_DIR$/vendor/doctrine/cache" />
|
||||
<root url="file://$MODULE_DIR$/vendor/doctrine/lexer" />
|
||||
<root url="file://$MODULE_DIR$/vendor/doctrine/common" />
|
||||
<root url="file://$MODULE_DIR$/vendor/doctrine/inflector" />
|
||||
<root url="file://$MODULE_DIR$/vendor/doctrine/annotations" />
|
||||
<root url="file://$MODULE_DIR$/vendor/doctrine/collections" />
|
||||
<root url="file://$MODULE_DIR$/vendor/ircmaxell/password-compat" />
|
||||
<root url="file://$MODULE_DIR$/vendor/patchwork/utf8" />
|
||||
<root url="file://$MODULE_DIR$/vendor/jeremeamia/SuperClosure" />
|
||||
<root url="file://$MODULE_DIR$/vendor/swiftmailer/swiftmailer" />
|
||||
<root url="file://$MODULE_DIR$/vendor/zendframework/zend-math" />
|
||||
<root url="file://$MODULE_DIR$/vendor/zendframework/zend-crypt" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/browser-kit" />
|
||||
<root url="file://$MODULE_DIR$/vendor/zendframework/zend-stdlib" />
|
||||
<root url="file://$MODULE_DIR$/vendor/zendframework/zend-servicemanager" />
|
||||
<root url="file://$MODULE_DIR$/vendor/swiftmailer/swiftmailer" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/console" />
|
||||
<root url="file://$MODULE_DIR$/vendor/zendframework/zend-math" />
|
||||
<root url="file://$MODULE_DIR$/vendor/psr/log" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/translation" />
|
||||
<root url="file://$MODULE_DIR$/vendor/classpreloader/classpreloader" />
|
||||
<root url="file://$MODULE_DIR$/vendor/ircmaxell/password-compat" />
|
||||
<root url="file://$MODULE_DIR$/vendor/zendframework/zend-servicemanager" />
|
||||
<root url="file://$MODULE_DIR$/vendor/zendframework/zend-crypt" />
|
||||
<root url="file://$MODULE_DIR$/vendor/jeremeamia/SuperClosure" />
|
||||
<root url="file://$MODULE_DIR$/vendor/phpunit/php-text-template" />
|
||||
<root url="file://$MODULE_DIR$/vendor/nikic/php-parser" />
|
||||
<root url="file://$MODULE_DIR$/vendor/patchwork/utf8" />
|
||||
<root url="file://$MODULE_DIR$/vendor/monolog/monolog" />
|
||||
<root url="file://$MODULE_DIR$/vendor/nesbot/carbon" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/process" />
|
||||
<root url="file://$MODULE_DIR$/vendor/phpunit/php-timer" />
|
||||
<root url="file://$MODULE_DIR$/vendor/phpunit/phpunit-mock-objects" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/css-selector" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/routing" />
|
||||
<root url="file://$MODULE_DIR$/vendor/doctrine/dbal" />
|
||||
<root url="file://$MODULE_DIR$/vendor/doctrine/inflector" />
|
||||
<root url="file://$MODULE_DIR$/vendor/phpunit/phpunit" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/http-kernel" />
|
||||
<root url="file://$MODULE_DIR$/vendor/composer" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/event-dispatcher" />
|
||||
<root url="file://$MODULE_DIR$/vendor/phpunit/php-file-iterator" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/dom-crawler" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/filesystem" />
|
||||
<root url="file://$MODULE_DIR$/vendor/doctrine/collections" />
|
||||
<root url="file://$MODULE_DIR$/vendor/doctrine/annotations" />
|
||||
<root url="file://$MODULE_DIR$/vendor/predis/predis" />
|
||||
<root url="file://$MODULE_DIR$/vendor/doctrine/lexer" />
|
||||
<root url="file://$MODULE_DIR$/vendor/doctrine/cache" />
|
||||
<root url="file://$MODULE_DIR$/vendor/doctrine/common" />
|
||||
<root url="file://$MODULE_DIR$/vendor/phpunit/php-code-coverage" />
|
||||
<root url="file://$MODULE_DIR$/vendor/phpunit/php-token-stream" />
|
||||
</CLASSES>
|
||||
<SOURCES>
|
||||
<root url="file://$MODULE_DIR$/vendor/psr/log" />
|
||||
<root url="file://$MODULE_DIR$/vendor/filp/whoops" />
|
||||
<root url="file://$MODULE_DIR$/vendor/nikic/php-parser" />
|
||||
<root url="file://$MODULE_DIR$/vendor/nesbot/carbon" />
|
||||
<root url="file://$MODULE_DIR$/vendor/predis/predis" />
|
||||
<root url="file://$MODULE_DIR$/vendor/laravel/framework" />
|
||||
<root url="file://$MODULE_DIR$/vendor/monolog/monolog" />
|
||||
<root url="file://$MODULE_DIR$/vendor/phpunit/phpunit" />
|
||||
<root url="file://$MODULE_DIR$/vendor/phpunit/php-timer" />
|
||||
<root url="file://$MODULE_DIR$/vendor/phpunit/php-token-stream" />
|
||||
<root url="file://$MODULE_DIR$/vendor/phpunit/php-code-coverage" />
|
||||
<root url="file://$MODULE_DIR$/vendor/phpunit/php-file-iterator" />
|
||||
<root url="file://$MODULE_DIR$/vendor/phpunit/php-text-template" />
|
||||
<root url="file://$MODULE_DIR$/vendor/phpunit/phpunit-mock-objects" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/yaml" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/debug" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/finder" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/console" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/process" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/routing" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/filesystem" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/browser-kit" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/dom-crawler" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/http-kernel" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/translation" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/css-selector" />
|
||||
<root url="file://$MODULE_DIR$/vendor/filp/whoops" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/debug" />
|
||||
<root url="file://$MODULE_DIR$/vendor/laravel/framework" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/yaml" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/http-foundation" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/event-dispatcher" />
|
||||
<root url="file://$MODULE_DIR$/vendor/composer" />
|
||||
<root url="file://$MODULE_DIR$/vendor/doctrine/dbal" />
|
||||
<root url="file://$MODULE_DIR$/vendor/doctrine/cache" />
|
||||
<root url="file://$MODULE_DIR$/vendor/doctrine/lexer" />
|
||||
<root url="file://$MODULE_DIR$/vendor/doctrine/common" />
|
||||
<root url="file://$MODULE_DIR$/vendor/doctrine/inflector" />
|
||||
<root url="file://$MODULE_DIR$/vendor/doctrine/annotations" />
|
||||
<root url="file://$MODULE_DIR$/vendor/doctrine/collections" />
|
||||
<root url="file://$MODULE_DIR$/vendor/ircmaxell/password-compat" />
|
||||
<root url="file://$MODULE_DIR$/vendor/patchwork/utf8" />
|
||||
<root url="file://$MODULE_DIR$/vendor/jeremeamia/SuperClosure" />
|
||||
<root url="file://$MODULE_DIR$/vendor/swiftmailer/swiftmailer" />
|
||||
<root url="file://$MODULE_DIR$/vendor/zendframework/zend-math" />
|
||||
<root url="file://$MODULE_DIR$/vendor/zendframework/zend-crypt" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/browser-kit" />
|
||||
<root url="file://$MODULE_DIR$/vendor/zendframework/zend-stdlib" />
|
||||
<root url="file://$MODULE_DIR$/vendor/zendframework/zend-servicemanager" />
|
||||
<root url="file://$MODULE_DIR$/vendor/swiftmailer/swiftmailer" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/console" />
|
||||
<root url="file://$MODULE_DIR$/vendor/zendframework/zend-math" />
|
||||
<root url="file://$MODULE_DIR$/vendor/psr/log" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/translation" />
|
||||
<root url="file://$MODULE_DIR$/vendor/classpreloader/classpreloader" />
|
||||
<root url="file://$MODULE_DIR$/vendor/ircmaxell/password-compat" />
|
||||
<root url="file://$MODULE_DIR$/vendor/zendframework/zend-servicemanager" />
|
||||
<root url="file://$MODULE_DIR$/vendor/zendframework/zend-crypt" />
|
||||
<root url="file://$MODULE_DIR$/vendor/jeremeamia/SuperClosure" />
|
||||
<root url="file://$MODULE_DIR$/vendor/phpunit/php-text-template" />
|
||||
<root url="file://$MODULE_DIR$/vendor/nikic/php-parser" />
|
||||
<root url="file://$MODULE_DIR$/vendor/patchwork/utf8" />
|
||||
<root url="file://$MODULE_DIR$/vendor/monolog/monolog" />
|
||||
<root url="file://$MODULE_DIR$/vendor/nesbot/carbon" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/process" />
|
||||
<root url="file://$MODULE_DIR$/vendor/phpunit/php-timer" />
|
||||
<root url="file://$MODULE_DIR$/vendor/phpunit/phpunit-mock-objects" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/css-selector" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/routing" />
|
||||
<root url="file://$MODULE_DIR$/vendor/doctrine/dbal" />
|
||||
<root url="file://$MODULE_DIR$/vendor/doctrine/inflector" />
|
||||
<root url="file://$MODULE_DIR$/vendor/phpunit/phpunit" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/http-kernel" />
|
||||
<root url="file://$MODULE_DIR$/vendor/composer" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/event-dispatcher" />
|
||||
<root url="file://$MODULE_DIR$/vendor/phpunit/php-file-iterator" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/dom-crawler" />
|
||||
<root url="file://$MODULE_DIR$/vendor/symfony/filesystem" />
|
||||
<root url="file://$MODULE_DIR$/vendor/doctrine/collections" />
|
||||
<root url="file://$MODULE_DIR$/vendor/doctrine/annotations" />
|
||||
<root url="file://$MODULE_DIR$/vendor/predis/predis" />
|
||||
<root url="file://$MODULE_DIR$/vendor/doctrine/lexer" />
|
||||
<root url="file://$MODULE_DIR$/vendor/doctrine/cache" />
|
||||
<root url="file://$MODULE_DIR$/vendor/doctrine/common" />
|
||||
<root url="file://$MODULE_DIR$/vendor/phpunit/php-code-coverage" />
|
||||
<root url="file://$MODULE_DIR$/vendor/phpunit/php-token-stream" />
|
||||
</SOURCES>
|
||||
</library>
|
||||
</orderEntry>
|
||||
|
|
1044
.idea/workspace.xml
1044
.idea/workspace.xml
File diff suppressed because it is too large
Load Diff
|
@ -9,13 +9,16 @@
|
|||
|
||||
use openid\IOpenIdProtocol;
|
||||
use openid\XRDS\XRDSDocumentBuilder;
|
||||
use \openid\services\IAuthService;
|
||||
|
||||
class DiscoveryController extends BaseController {
|
||||
|
||||
private $openid_protocol;
|
||||
private $auth_service;
|
||||
|
||||
public function __construct(IOpenIdProtocol $openid_protocol){
|
||||
$this->openid_protocol=$openid_protocol;
|
||||
public function __construct(IOpenIdProtocol $openid_protocol,IAuthService $auth_service ){
|
||||
$this->openid_protocol = $openid_protocol;
|
||||
$this->auth_service = $auth_service;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -29,7 +32,7 @@ class DiscoveryController extends BaseController {
|
|||
$accept_values = explode(",",$accept);
|
||||
if(in_array(XRDSDocumentBuilder::ContentType,$accept_values))
|
||||
{
|
||||
$response = Response::make($this->openid_protocol->getXRDSDiscovery(), 200);
|
||||
$response = Response::make($this->openid_protocol->getXRDSDiscovery(IOpenIdProtocol::OpenIdXRDSModeIdp), 200);
|
||||
$response->header('Content-Type', "application/xrds+xml; charset=UTF-8");
|
||||
}
|
||||
else{
|
||||
|
@ -38,8 +41,23 @@ class DiscoveryController extends BaseController {
|
|||
return $response;
|
||||
}
|
||||
|
||||
public function user(){
|
||||
|
||||
public function user($identifier){
|
||||
$user = $this->auth_service->getUserByOpenId($identifier);
|
||||
if(is_null($user))
|
||||
return View::make("404");
|
||||
//This field contains a semicolon-separated list of representation schemes
|
||||
//which will be accepted in the response to this request.
|
||||
$accept = Request::header('Accept');
|
||||
$accept_values = explode(",",$accept);
|
||||
if(in_array(XRDSDocumentBuilder::ContentType,$accept_values))
|
||||
{
|
||||
$response = Response::make($this->openid_protocol->getXRDSDiscovery(IOpenIdProtocol::OpenIdXRDSModeUser), 200);
|
||||
$response->header('Content-Type', "application/xrds+xml; charset=UTF-8");
|
||||
}
|
||||
else{
|
||||
$response = View::make("identity");
|
||||
}
|
||||
return $response;
|
||||
}
|
||||
|
||||
}
|
|
@ -10,7 +10,7 @@ use openid\services\IMementoOpenIdRequestService;
|
|||
use openid\services\IAuthService;
|
||||
use openid\requests\OpenIdAuthenticationRequest;
|
||||
use openid\exceptions\InvalidRequestContextException;
|
||||
|
||||
use openid\XRDS\XRDSDocumentBuilder;
|
||||
class UserController extends BaseController{
|
||||
|
||||
private $memento_service;
|
||||
|
|
|
@ -17,7 +17,9 @@ class CreateUsersTable extends Migration {
|
|||
$table->string('identifier',255);
|
||||
$table->string('external_id',100);
|
||||
$table->boolean('active');
|
||||
$table->boolean('lock');
|
||||
$table->dateTime('last_login_date');
|
||||
$table->integer('login_failed_attempt');
|
||||
$table->timestamps();
|
||||
});
|
||||
}
|
||||
|
|
|
@ -62,4 +62,9 @@ class AuthService implements IAuthService {
|
|||
//todo : check valid response
|
||||
Session::set("openid.authorization.response",$auth_response);
|
||||
}
|
||||
|
||||
public function getUserByOpenId($openid){
|
||||
$user = OpenIdUser::where('identifier','=',$openid)->first();
|
||||
return $user;
|
||||
}
|
||||
}
|
|
@ -13,7 +13,7 @@ use Illuminate\Auth\UserProviderInterface;
|
|||
use auth\exceptions\AuthenticationException;
|
||||
use \Member;
|
||||
use \Zend\Crypt\Hash;
|
||||
|
||||
use openid\services\Registry;
|
||||
class CustomAuthProvider implements UserProviderInterface{
|
||||
|
||||
/**
|
||||
|
@ -33,7 +33,7 @@ class CustomAuthProvider implements UserProviderInterface{
|
|||
*/
|
||||
public function retrieveById($identifier)
|
||||
{
|
||||
$user = OpenIdUser::where('external_id', '=', $identifier)->first();
|
||||
$user = OpenIdUser::where('external_id', '=', $identifier)->first();
|
||||
$member = Member::where('Email', '=', $identifier)->first();
|
||||
if(!is_null($member) && !is_null($user)){
|
||||
$user->setMember($member);
|
||||
|
@ -52,23 +52,52 @@ class CustomAuthProvider implements UserProviderInterface{
|
|||
{
|
||||
if(!isset($credentials['username']) || !isset($credentials['password']))
|
||||
throw new AuthenticationException("invalid crendentials");
|
||||
$identifier = $credentials['username'];
|
||||
$password = $credentials['password'];
|
||||
$user = OpenIdUser::where('external_id', '=', $identifier)->first();
|
||||
|
||||
$identifier = $credentials['username'];
|
||||
$password = $credentials['password'];
|
||||
$user = OpenIdUser::where('external_id', '=', $identifier)->first();
|
||||
|
||||
//check user status...
|
||||
if(!is_null($user) && ($user->lock || !$user->active))
|
||||
return null;
|
||||
|
||||
$user_service = Registry::getInstance()->get("openid\\services\\IUserService");
|
||||
$member = Member::where('Email', '=', $identifier)->first();
|
||||
if(!is_null($member) && $member->checkPassword($password)){
|
||||
if(!is_null($member)){
|
||||
$res = $member->checkPassword($password);
|
||||
//if user does not exists, then create it
|
||||
if(is_null($user)){
|
||||
//create user
|
||||
$user = new OpenIdUser();
|
||||
$user->external_id = $member->Email;
|
||||
$user->external_id = $member->Email;
|
||||
$user->last_login_date = gmdate("Y-m-d H:i:s", time());
|
||||
$user->login_failed_attempt = 0;
|
||||
$user->active = true;
|
||||
$user->identifier = Hash::compute("sha1",$user->external_id);
|
||||
$user->lock = false;
|
||||
$user->Save();
|
||||
}
|
||||
|
||||
$user->setMember($member);
|
||||
return $user;
|
||||
$user_name = $member->FirstName.".".$member->Surname;
|
||||
$user_service->associateUser($user->id,strtolower($user_name));
|
||||
$server_configuration = Registry::getInstance()->get("openid\\services\\IServerConfigurationService");
|
||||
if(!$res){
|
||||
if($user->login_failed_attempt<$server_configuration->getMaxFailedLoginAttempts())
|
||||
$user_service->updateFailedLoginAttempts($user->id);
|
||||
else{
|
||||
$user_service->lockUser($user->id);
|
||||
}
|
||||
$user = null;
|
||||
}
|
||||
else{
|
||||
$user->last_login_date = gmdate("Y-m-d H:i:s", time());
|
||||
$user->login_failed_attempt = 0;
|
||||
$user->active = true;
|
||||
$user->lock = false;
|
||||
$user->Save();
|
||||
}
|
||||
}
|
||||
return null;
|
||||
return $user;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -83,8 +112,11 @@ class CustomAuthProvider implements UserProviderInterface{
|
|||
if(!isset($credentials['username']) || !isset($credentials['password']))
|
||||
throw new AuthenticationException("invalid crendentials");
|
||||
$identifier = $credentials['username'];
|
||||
$password = $credentials['password'];
|
||||
$member = Member::where('Email', '=', $identifier)->first();
|
||||
return $member->checkPassword($password);
|
||||
}
|
||||
$password = $credentials['password'];
|
||||
$user = OpenIdUser::where('external_id', '=', $identifier)->first();
|
||||
if(is_null($user) || $user->lock || !$user->active)
|
||||
return false;
|
||||
$member = Member::where('Email', '=', $identifier)->first();
|
||||
return is_null($member)?false:$member->checkPassword($password);
|
||||
}
|
||||
}
|
|
@ -57,7 +57,10 @@ class OpenIdUser extends \Eloquent implements UserInterface , IOpenIdUser{
|
|||
|
||||
public function getEmail()
|
||||
{
|
||||
$this->external_id;
|
||||
if(is_null($this->member)){
|
||||
$this->member = Member::where('Email', '=', $this->external_id)->first();
|
||||
}
|
||||
return $this->external_id;
|
||||
}
|
||||
|
||||
public function getFirstName()
|
||||
|
@ -125,4 +128,8 @@ class OpenIdUser extends \Eloquent implements UserInterface , IOpenIdUser{
|
|||
}
|
||||
return "";
|
||||
}
|
||||
|
||||
public function getId(){
|
||||
return $this->id;
|
||||
}
|
||||
}
|
|
@ -11,22 +11,19 @@ namespace openid;
|
|||
use openid\responses\OpenIdResponse;
|
||||
|
||||
interface IOpenIdProtocol {
|
||||
|
||||
const OpenIdXRDSModeUser = "OpenIdXRDSModeUser";
|
||||
const OpenIdXRDSModeIdp = "OpenIdXRDSModeIdp";
|
||||
|
||||
/**
|
||||
* With OpenID 2.0, the relying party discovers the OpenID provider URL by requesting
|
||||
* the XRDS document (also called the Yadis document) with the content type application/xrds+xml;
|
||||
* this document may be available at the target URL and is always available for a target XRI.
|
||||
* @return mixed
|
||||
*/
|
||||
public function getXRDSDiscovery();
|
||||
public function getXRDSDiscovery($mode,$canonical_id=null);
|
||||
|
||||
|
||||
/**
|
||||
* With OpenID 1.0, the relying party then requests the HTML resource identified by the URL
|
||||
* and reads an HTML link tag to discover the OpenID provider's URL
|
||||
* (e.g. http://openid.example.org/openid-auth.php). The relying party also discovers whether to use a
|
||||
* delegated identity
|
||||
* @return mixed
|
||||
*/
|
||||
public function getHtmlDiscovery();
|
||||
|
||||
/**
|
||||
* @param OpenIdMessage $openIdMessage
|
||||
|
|
|
@ -116,7 +116,8 @@ class OpenIdProtocol implements IOpenIdProtocol {
|
|||
$this->request_handlers = new OpenIdAuthenticationRequestHandler($auth_service,$memento_request_service,$auth_strategy,$server_extension_service,$association_service,$trusted_sites_service,$server_config_service,$successor);
|
||||
}
|
||||
|
||||
public function getXRDSDiscovery(){
|
||||
public function getXRDSDiscovery($mode, $canonical_id=null){
|
||||
//todo: check valid mode
|
||||
$server_extension_service = \App::make("openid\\services\\IServerExtensionsService");
|
||||
$server_config_service = \App::make("openid\\services\\IServerConfigurationService");
|
||||
$active_extensions = $server_extension_service->getAllActiveExtensions();
|
||||
|
@ -126,8 +127,8 @@ class OpenIdProtocol implements IOpenIdProtocol {
|
|||
}
|
||||
|
||||
$services = array();
|
||||
array_push($services, new XRDSService(0,self::OPIdentifierType,$server_config_service->getOPEndpointURL(),$extensions));
|
||||
$builder = new XRDSDocumentBuilder($services);
|
||||
array_push($services, new XRDSService(0, $mode == IOpenIdProtocol::OpenIdXRDSModeUser ? self::ClaimedIdentifierType: self::OPIdentifierType,$server_config_service->getOPEndpointURL(),$extensions,$canonical_id));
|
||||
$builder = new XRDSDocumentBuilder($services,$canonical_id);
|
||||
$xrds = $builder->render();
|
||||
return $xrds;
|
||||
}
|
||||
|
|
|
@ -11,13 +11,15 @@ namespace openid\XRDS;
|
|||
class XRDSDocumentBuilder {
|
||||
|
||||
private $elements;
|
||||
private $canonical_id;
|
||||
|
||||
const ContentType ='application/xrds+xml';
|
||||
const XRDNamespace ='xri://$xrd*($v*2.0)';
|
||||
const XRDSNamespace ='xXRDSServiceri://$xrds';
|
||||
|
||||
public function __construct($elements){
|
||||
public function __construct($elements,$canonical_id=null){
|
||||
$this->elements = $elements;
|
||||
$this->canonical_id = $canonical_id;
|
||||
}
|
||||
|
||||
public function render(){
|
||||
|
@ -26,6 +28,9 @@ class XRDSDocumentBuilder {
|
|||
$header = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<xrds:XRDS xmlns:xrds=\"{$XRDSNamespace}\" xmlns=\"{$XRDNamespace}\">\n<XRD>\n";
|
||||
$footer = "</XRD>\n</xrds:XRDS>";
|
||||
$xrds = $header;
|
||||
if(!is_null($this->canonical_id)){
|
||||
$xrds .= "<CanonicalID>{$this->canonical_id}</CanonicalID>\n";
|
||||
}
|
||||
foreach($this->elements as $service){
|
||||
$xrds .= $service->render();
|
||||
}
|
||||
|
|
|
@ -36,5 +36,6 @@ abstract class OpenIdExtension {
|
|||
* @throws InvalidOpenIdMessageException
|
||||
*/
|
||||
abstract public function parseRequest(OpenIdRequest $request,RequestContext $context);
|
||||
abstract public function getTrustedData(OpenIdRequest $request);
|
||||
abstract public function prepareResponse(OpenIdRequest $request,OpenIdResponse $response ,ResponseContext $context);
|
||||
}
|
|
@ -147,5 +147,18 @@ class OpenIdAXExtension extends OpenIdExtension
|
|||
}
|
||||
}
|
||||
|
||||
public function getTrustedData(OpenIdRequest $request){
|
||||
|
||||
$data = array();
|
||||
$ax_request = new OpenIdAXRequest($request->getMessage());
|
||||
if ($ax_request->IsValid()){
|
||||
$attributes = $ax_request->getRequiredAttributes();
|
||||
foreach($attributes as $attr){
|
||||
array_push($data,$attr);
|
||||
}
|
||||
}
|
||||
return $data;
|
||||
}
|
||||
|
||||
|
||||
}
|
|
@ -30,4 +30,8 @@ class OpenIdOAuthExtension extends OpenIdExtension {
|
|||
{
|
||||
// TODO: Implement prepareResponse() method.
|
||||
}
|
||||
|
||||
public function getTrustedData(OpenIdRequest $request){
|
||||
|
||||
}
|
||||
}
|
|
@ -31,4 +31,8 @@ class OpenIdPAPEExtension extends OpenIdExtension {
|
|||
{
|
||||
// TODO: Implement prepareResponse() method.
|
||||
}
|
||||
|
||||
public function getTrustedData(OpenIdRequest $request){
|
||||
|
||||
}
|
||||
}
|
|
@ -30,4 +30,8 @@ class OpenIdSREGExtension extends OpenIdExtension
|
|||
{
|
||||
// TODO: Implement prepareResponse() method.
|
||||
}
|
||||
|
||||
public function getTrustedData(OpenIdRequest $request){
|
||||
|
||||
}
|
||||
}
|
|
@ -31,9 +31,12 @@ use openid\responses\OpenIdPositiveAssertionResponse;
|
|||
use openid\services\IServerConfigurationService;
|
||||
use openid\helpers\OpenIdSignatureBuilder;
|
||||
use openid\exceptions\InvalidOpenIdMessageException;
|
||||
|
||||
use openid\model\ITrustedSite;
|
||||
/**
|
||||
* Class OpenIdAuthenticationRequestHandler
|
||||
* Implements
|
||||
* http://openid.net/specs/openid-authentication-2_0.html#requesting_authentication
|
||||
* http://openid.net/specs/openid-authentication-2_0.html#responding_to_authentication
|
||||
* @package openid\handlers
|
||||
*/
|
||||
class OpenIdAuthenticationRequestHandler extends OpenIdMessageHandler
|
||||
|
@ -45,6 +48,9 @@ class OpenIdAuthenticationRequestHandler extends OpenIdMessageHandler
|
|||
private $association_service;
|
||||
private $trusted_sites_service;
|
||||
private $server_configuration_service;
|
||||
private $extensions;
|
||||
private $current_request;
|
||||
private $current_request_context;
|
||||
|
||||
public function __construct(IAuthService $authService,
|
||||
IMementoOpenIdRequestService $mementoRequestService,
|
||||
|
@ -56,7 +62,6 @@ class OpenIdAuthenticationRequestHandler extends OpenIdMessageHandler
|
|||
$successor)
|
||||
{
|
||||
parent::__construct($successor);
|
||||
|
||||
$this->authService = $authService;
|
||||
$this->mementoRequestService = $mementoRequestService;
|
||||
$this->auth_strategy = $auth_strategy;
|
||||
|
@ -64,10 +69,17 @@ class OpenIdAuthenticationRequestHandler extends OpenIdMessageHandler
|
|||
$this->association_service = $association_service;
|
||||
$this->trusted_sites_service = $trusted_sites_service;
|
||||
$this->server_configuration_service = $server_configuration_service;
|
||||
$this->extensions = $this->server_extensions_service->getAllActiveExtensions();
|
||||
}
|
||||
|
||||
|
||||
private function doAssertion(OpenIdAuthenticationRequest $request, $extensions)
|
||||
/**
|
||||
* Create Positive Identity Assertion
|
||||
* implements http://openid.net/specs/openid-authentication-2_0.html#positive_assertions
|
||||
* @param OpenIdAuthenticationRequest $request
|
||||
* @return OpenIdPositiveAssertionResponse
|
||||
*/
|
||||
private function doAssertion()
|
||||
{
|
||||
|
||||
$currentUser = $this->authService->getCurrentUser();
|
||||
|
@ -82,10 +94,10 @@ class OpenIdAuthenticationRequestHandler extends OpenIdMessageHandler
|
|||
$context->addSignParam(OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Identity));
|
||||
|
||||
$op_endpoint = $this->server_configuration_service->getOPEndpointURL();
|
||||
$identity = $currentUser->getIdentifier();
|
||||
$response = new OpenIdPositiveAssertionResponse($op_endpoint, $identity, $identity, $request->getReturnTo());
|
||||
foreach ($extensions as $ext) {
|
||||
$ext->prepareResponse($request, $response, $context);
|
||||
$identity = $this->server_configuration_service->getUserIdentityEndpointURL($currentUser->getIdentifier());
|
||||
$response = new OpenIdPositiveAssertionResponse($op_endpoint, $identity, $identity, $this->current_request->getReturnTo());
|
||||
foreach ($this->extensions as $ext) {
|
||||
$ext->prepareResponse($this->current_request, $response, $context);
|
||||
}
|
||||
//check former assoc handle...
|
||||
$assoc_handle = $request->getAssocHandle();
|
||||
|
@ -109,122 +121,213 @@ class OpenIdAuthenticationRequestHandler extends OpenIdMessageHandler
|
|||
return $response;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param OpenIdAuthenticationRequest $request
|
||||
* @param RequestContext $context
|
||||
* @return mixed
|
||||
*/
|
||||
private function doConsentProcess(){
|
||||
//do consent process
|
||||
$this->mementoRequestService->saveCurrentRequest();
|
||||
$this->current_request_context->setStage(RequestContext::StageConsent);
|
||||
foreach ($this->extensions as $ext) {
|
||||
$ext->parseRequest($this->current_request, $this->current_request_context);
|
||||
}
|
||||
return $this->auth_strategy->doConsent($this->current_request, $this->current_request_context);
|
||||
}
|
||||
|
||||
|
||||
private function doLogin(){
|
||||
//do login process
|
||||
foreach ($this->extensions as $ext) {
|
||||
$ext->parseRequest($this->current_request, $this->current_request_context);
|
||||
}
|
||||
$this->mementoRequestService->saveCurrentRequest();
|
||||
return $this->auth_strategy->doLogin($this->current_request, $this->current_request_context);
|
||||
}
|
||||
|
||||
private function checkTrustedSite(ITrustedSite $site){
|
||||
$policy = $site->getAuthorizationPolicy();
|
||||
|
||||
switch ($policy) {
|
||||
case IAuthService::AuthorizationResponse_AllowForever:
|
||||
{
|
||||
|
||||
foreach ($this->extensions as $ext) {
|
||||
$data = $ext->getTrustedData($this->current_request);
|
||||
$this->current_request_context->setTrustedData($data);
|
||||
}
|
||||
|
||||
$requested_data = $this->current_request_context->getTrustedData();
|
||||
$trusted_data = $site->getData();
|
||||
$diff = array_diff($requested_data,$trusted_data);
|
||||
if(!count($diff)) //already approved request
|
||||
return $this->doAssertion();
|
||||
else
|
||||
{
|
||||
return $this->doConsentProcess();
|
||||
}
|
||||
}
|
||||
break;
|
||||
case IAuthService::AuthorizationResponse_DenyForever:
|
||||
// black listed site
|
||||
return new OpenIdIndirectGenericErrorResponse(sprintf(OpenIdErrorMessages::RealmNotAllowedByUserMessage, $site->getRealm()));
|
||||
break;
|
||||
default:
|
||||
throw new \Exception("Invalid Realm Policy");
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
private function checkAuthorizationResponse($authorization_response){
|
||||
// check response
|
||||
$currentUser = $this->authService->getCurrentUser();
|
||||
switch ($authorization_response) {
|
||||
case IAuthService::AuthorizationResponse_AllowForever:
|
||||
{
|
||||
foreach ($this->extensions as $ext) {
|
||||
$data = $ext->getTrustedData($this->current_request);
|
||||
$this->current_request_context->setTrustedData($data);
|
||||
}
|
||||
$this->trusted_sites_service->addTrustedSite($currentUser, $this->current_request->getRealm(), IAuthService::AuthorizationResponse_AllowForever,$this->current_request_context->getTrustedData());
|
||||
return $this->doAssertion();
|
||||
}
|
||||
break;
|
||||
case IAuthService::AuthorizationResponse_AllowOnce:
|
||||
return $this->doAssertion();
|
||||
break;
|
||||
case IAuthService::AuthorizationResponse_DenyOnce:
|
||||
{
|
||||
return new OpenIdNonImmediateNegativeAssertion($this->current_request->getReturnTo());
|
||||
}
|
||||
break;
|
||||
case IAuthService::AuthorizationResponse_DenyForever:{
|
||||
$this->trusted_sites_service->addTrustedSite($currentUser, $this->current_request->getRealm(), IAuthService::AuthorizationResponse_DenyForever);
|
||||
return new OpenIdNonImmediateNegativeAssertion($this->current_request->getReturnTo());
|
||||
}
|
||||
break;
|
||||
default:
|
||||
throw new \Exception("Invalid Authorization response!");
|
||||
break;
|
||||
}
|
||||
}
|
||||
/**
|
||||
* @param OpenIdAuthenticationRequest $request
|
||||
* @param RequestContext $context
|
||||
* @return OpenIdIndirectGenericErrorResponse|OpenIdNonImmediateNegativeAssertion|OpenIdPositiveAssertionResponse
|
||||
* @throws \Exception
|
||||
*/
|
||||
private function doSetupMode(){
|
||||
if (!$this->authService->isUserLogged()) {
|
||||
return $this->doLogin();
|
||||
} else {
|
||||
//user already logged
|
||||
$currentUser = $this->authService->getCurrentUser();
|
||||
$site = $this->trusted_sites_service->getTrustedSite($currentUser, $this->current_request->getRealm());
|
||||
$authorization_response = $this->authService->getUserAuthorizationResponse();
|
||||
|
||||
if ($authorization_response == IAuthService::AuthorizationResponse_None) {
|
||||
if (!is_null($site)) {
|
||||
return $this->checkTrustedSite($site);
|
||||
} else {
|
||||
return $this->doConsentProcess();
|
||||
}
|
||||
} else {
|
||||
return $this->checkAuthorizationResponse($authorization_response);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param OpenIdAuthenticationRequest $request
|
||||
* @return OpenIdImmediateNegativeAssertion|OpenIdIndirectGenericErrorResponse|OpenIdPositiveAssertionResponse
|
||||
*/
|
||||
protected function doImmediateMode(){
|
||||
if (!$this->authService->isUserLogged()) {
|
||||
return new OpenIdImmediateNegativeAssertion;
|
||||
}
|
||||
$currentUser = $this->authService->getCurrentUser();
|
||||
$site = $this->trusted_sites_service->getTrustedSite($currentUser, $this->current_request->getRealm());
|
||||
if (is_null($site)) {
|
||||
//need setup to continue
|
||||
return new OpenIdImmediateNegativeAssertion($this->current_request->getReturnTo());
|
||||
}
|
||||
$policy = $site->getAuthorizationPolicy();
|
||||
|
||||
switch($policy){
|
||||
case IAuthService::AuthorizationResponse_DenyForever:
|
||||
{
|
||||
// black listed site by user
|
||||
return new OpenIdIndirectGenericErrorResponse(sprintf(OpenIdErrorMessages::RealmNotAllowedByUserMessage, $site->getRealm()));
|
||||
}
|
||||
break;
|
||||
case IAuthService::AuthorizationResponse_AllowForever:
|
||||
{
|
||||
foreach ($this->extensions as $ext) {
|
||||
$data = $ext->getTrustedData($this->current_request);
|
||||
$this->current_request_context->setTrustedData($data);
|
||||
}
|
||||
$requested_data = $this->current_request_context->getTrustedData();
|
||||
$trusted_data = $site->getData();
|
||||
$diff = array_diff($requested_data,$trusted_data);
|
||||
if(!count($diff)) //already approved request
|
||||
return $this->doAssertion();
|
||||
else
|
||||
{
|
||||
//need setup to continue
|
||||
return new OpenIdImmediateNegativeAssertion($this->current_request->getReturnTo());
|
||||
}
|
||||
}
|
||||
break;
|
||||
default:
|
||||
return new OpenIdIndirectGenericErrorResponse(sprintf(OpenIdErrorMessages::RealmNotAllowedByUserMessage, $this->current_request->getRealm()));
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param OpenIdMessage $message
|
||||
* @return OpenIdImmediateNegativeAssertion|OpenIdIndirectGenericErrorResponse|OpenIdNonImmediateNegativeAssertion|OpenIdPositiveAssertionResponse
|
||||
* @throws \openid\exceptions\InvalidOpenIdAuthenticationRequestMode
|
||||
*/
|
||||
protected function InternalHandle(OpenIdMessage $message)
|
||||
{
|
||||
$request = null;
|
||||
try
|
||||
{
|
||||
$request = new OpenIdAuthenticationRequest($message);
|
||||
if(!$request->IsValid())
|
||||
$this->current_request = new OpenIdAuthenticationRequest($message);
|
||||
|
||||
if(!$this->current_request->IsValid())
|
||||
throw new InvalidOpenIdMessageException("OpenIdAuthenticationRequest is Invalid!");
|
||||
$extensions = $this->server_extensions_service->getAllActiveExtensions();
|
||||
$context = new RequestContext;
|
||||
$mode = $request->getMode();
|
||||
|
||||
$this->current_request_context = new RequestContext;
|
||||
$mode = $request->getMode();
|
||||
|
||||
switch ($mode) {
|
||||
case OpenIdProtocol::SetupMode:
|
||||
{
|
||||
if (!$this->authService->isUserLogged()) {
|
||||
//do login process
|
||||
$context->setStage(RequestContext::StageLogin);
|
||||
foreach ($extensions as $ext) {
|
||||
$ext->parseRequest($request, $context);
|
||||
}
|
||||
$this->mementoRequestService->saveCurrentRequest();
|
||||
return $this->auth_strategy->doLogin($request, $context);
|
||||
} else {
|
||||
//user already logged
|
||||
$currentUser = $this->authService->getCurrentUser();
|
||||
$site = $this->trusted_sites_service->getTrustedSite($currentUser, $request->getTrustedRoot());
|
||||
$authorization_response = $this->authService->getUserAuthorizationResponse();
|
||||
if ($authorization_response == IAuthService::AuthorizationResponse_None) {
|
||||
if (is_null($site)) {
|
||||
//do consent process
|
||||
$this->mementoRequestService->saveCurrentRequest();
|
||||
$context->setStage(RequestContext::StageConsent);
|
||||
foreach ($extensions as $ext) {
|
||||
$ext->parseRequest($request, $context);
|
||||
}
|
||||
return $this->auth_strategy->doConsent($request, $context);
|
||||
} else {
|
||||
$policy = $site->getAuthorizationPolicy();
|
||||
switch ($policy) {
|
||||
case IAuthService::AuthorizationResponse_AllowForever:
|
||||
return $this->doAssertion($request, $extensions);
|
||||
break;
|
||||
case IAuthService::AuthorizationResponse_DenyForever:
|
||||
// black listed site
|
||||
return new OpenIdIndirectGenericErrorResponse(sprintf(OpenIdErrorMessages::RealmNotAllowedByUserMessage, $site->getRealm()));
|
||||
break;
|
||||
default:
|
||||
throw new \Exception("Invalid Realm Policy");
|
||||
break;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
// check response
|
||||
switch ($authorization_response) {
|
||||
case IAuthService::AuthorizationResponse_AllowForever:
|
||||
$this->trusted_sites_service->addTrustedSite($currentUser, $request->getTrustedRoot(), IAuthService::AuthorizationResponse_AllowForever);
|
||||
return $this->doAssertion($request, $extensions);
|
||||
break;
|
||||
case IAuthService::AuthorizationResponse_AllowOnce:
|
||||
return $this->doAssertion($request, $extensions);
|
||||
break;
|
||||
case IAuthService::AuthorizationResponse_DenyOnce:
|
||||
{
|
||||
$response = new OpenIdNonImmediateNegativeAssertion;
|
||||
$response->setReturnTo($request->getReturnTo());
|
||||
return $response;
|
||||
}
|
||||
break;
|
||||
case IAuthService::AuthorizationResponse_DenyForever:{
|
||||
$this->trusted_sites_service->addTrustedSite($currentUser, $request->getTrustedRoot(), IAuthService::AuthorizationResponse_DenyForever);
|
||||
$response = new OpenIdNonImmediateNegativeAssertion;
|
||||
$response->setReturnTo($request->getReturnTo());
|
||||
return $response;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
throw new \Exception("Invalid Authorization response!");
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
return $this->doSetupMode();
|
||||
}
|
||||
break;
|
||||
break;
|
||||
case OpenIdProtocol::ImmediateMode:
|
||||
{
|
||||
if (!$this->authService->isUserLogged()) {
|
||||
return new OpenIdImmediateNegativeAssertion;
|
||||
}
|
||||
$currentUser = $this->authService->getCurrentUser();
|
||||
$site = $this->trusted_sites_service->getTrustedSite($currentUser, $request->getTrustedRoot());
|
||||
if (is_null($site)) {
|
||||
return new OpenIdImmediateNegativeAssertion;
|
||||
}
|
||||
$policy = $site->getAuthorizationPolicy();
|
||||
if ($policy == IAuthService::AuthorizationResponse_DenyForever) {
|
||||
// black listed site
|
||||
return new OpenIdIndirectGenericErrorResponse(sprintf(OpenIdErrorMessages::RealmNotAllowedByUserMessage, $site->getRealm()));
|
||||
}
|
||||
return $this->doAssertion($request, $extensions);
|
||||
return $this->doImmediateMode();
|
||||
}
|
||||
break;
|
||||
break;
|
||||
default:
|
||||
throw new InvalidOpenIdAuthenticationRequestMode;
|
||||
break;
|
||||
break;
|
||||
}
|
||||
}
|
||||
catch (InvalidOpenIdMessageException $ex) {
|
||||
$response = new OpenIdIndirectGenericErrorResponse($ex->getMessage());
|
||||
|
||||
if(!is_null($request)){
|
||||
$return_to = $request->getReturnTo();
|
||||
if(!empty($return_to))
|
||||
$response->setReturnTo($return_to);
|
||||
}
|
||||
|
||||
return $response ;
|
||||
return $response;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -12,6 +12,7 @@ namespace openid\model;
|
|||
|
||||
interface IOpenIdUser {
|
||||
|
||||
public function getId();
|
||||
public function getIdentifier();
|
||||
public function getEmail();
|
||||
public function getFirstName();
|
||||
|
|
|
@ -12,14 +12,9 @@ namespace openid\model;
|
|||
|
||||
interface ITrustedSite {
|
||||
|
||||
public function setRealm($realm);
|
||||
public function getRealm();
|
||||
|
||||
public function setData($data);
|
||||
public function getData();
|
||||
|
||||
public function getUser();
|
||||
|
||||
public function getAuthorizationPolicy();
|
||||
public function setAuthorizationPolicy($policy);
|
||||
|
||||
}
|
|
@ -12,18 +12,14 @@ namespace openid\requests\contexts;
|
|||
|
||||
class RequestContext
|
||||
{
|
||||
|
||||
private $trusted_data;
|
||||
private $partial_views;
|
||||
const StageNull = -1;
|
||||
const StageLogin = 0;
|
||||
const StageConsent = 1;
|
||||
|
||||
private $stage;
|
||||
|
||||
public function __construct()
|
||||
{
|
||||
$this->partial_views = array();
|
||||
$this->stage = self::StageNull;
|
||||
$this->trusted_data = array();
|
||||
}
|
||||
|
||||
public function addPartialView(PartialView $partial_view)
|
||||
|
@ -36,13 +32,16 @@ class RequestContext
|
|||
return $this->partial_views;
|
||||
}
|
||||
|
||||
public function setStage($stage)
|
||||
{
|
||||
$this->stage = $stage;
|
||||
|
||||
/**
|
||||
* Gets an associative array of current request trusted data
|
||||
* @return array
|
||||
*/
|
||||
public function getTrustedData(){
|
||||
return $this->trusted_data;
|
||||
}
|
||||
|
||||
public function getStage()
|
||||
{
|
||||
return $this->stage;
|
||||
public function setTrustedData($trusted_data){
|
||||
$this->trusted_data = array_merge($this->trusted_data,$trusted_data);
|
||||
}
|
||||
}
|
|
@ -14,8 +14,11 @@ use openid\OpenIdProtocol;
|
|||
|
||||
class OpenIdImmediateNegativeAssertion extends OpenIdIndirectResponse{
|
||||
|
||||
public function __construct(){
|
||||
public function __construct($return_url=null){
|
||||
parent::__construct();
|
||||
$this->setMode(OpenIdProtocol::SetupNeededMode);
|
||||
if(!is_null($return_url) && !empty($return_url)){
|
||||
$this->setReturnTo($return_url);
|
||||
}
|
||||
}
|
||||
}
|
|
@ -13,7 +13,11 @@ use openid\OpenIdProtocol;
|
|||
|
||||
class OpenIdNonImmediateNegativeAssertion extends OpenIdIndirectResponse {
|
||||
|
||||
public function __construct(){
|
||||
public function __construct($return_url=null){
|
||||
parent::__construct();
|
||||
$this->setMode(OpenIdProtocol::CancelMode);
|
||||
if(!is_null($return_url) && !empty($return_url)){
|
||||
$this->setReturnTo($return_url);
|
||||
}
|
||||
}
|
||||
}
|
|
@ -15,6 +15,7 @@ use openid\OpenIdProtocol;
|
|||
class OpenIdPositiveAssertionResponse extends OpenIdIndirectResponse {
|
||||
|
||||
public function __construct($op_endpoint,$claimed_id,$identity,$return_to){
|
||||
parent::__construct();
|
||||
$this->setMode(OpenIdProtocol::IdMode);
|
||||
$this[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_OpEndpoint)] = $op_endpoint;
|
||||
$this[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_ClaimedId)] = $claimed_id;
|
||||
|
|
|
@ -40,4 +40,6 @@ interface IAuthService {
|
|||
public function setUserAuthorizationResponse($auth_response);
|
||||
|
||||
public function logout();
|
||||
|
||||
public function getUserByOpenId($openid);
|
||||
}
|
|
@ -12,6 +12,8 @@ namespace openid\services;
|
|||
|
||||
interface IServerConfigurationService {
|
||||
public function getOPEndpointURL();
|
||||
public function getUserIdentityEndpointURL($identifier);
|
||||
public function getPrivateAssociationLifetime();
|
||||
public function getSessionAssociationLifetime();
|
||||
public function getMaxFailedLoginAttempts();
|
||||
}
|
|
@ -19,5 +19,5 @@ interface ITrustedSitesService {
|
|||
* @param $return_to
|
||||
* @return ITrustedSite
|
||||
*/
|
||||
public function getTrustedSite(IOpenIdUser $user,$return_to);
|
||||
public function getTrustedSite(IOpenIdUser $user,$realm);
|
||||
}
|
|
@ -0,0 +1,21 @@
|
|||
<?php
|
||||
/**
|
||||
* Created by JetBrains PhpStorm.
|
||||
* User: smarcet
|
||||
* Date: 10/22/13
|
||||
* Time: 4:58 PM
|
||||
* To change this template use File | Settings | File Templates.
|
||||
*/
|
||||
|
||||
namespace openid\services;
|
||||
|
||||
|
||||
interface IUserService {
|
||||
public function associateUser($id,$proposed_username);
|
||||
public function updateLastLoginDate($identifier);
|
||||
public function updateFailedLoginAttempts($identifier);
|
||||
public function lockUser($identifier);
|
||||
public function unlockUser($identifier);
|
||||
public function activateUser($identifier);
|
||||
public function deActivateUser($identifier);
|
||||
}
|
|
@ -12,25 +12,17 @@ use openid\model\ITrustedSite;
|
|||
class OpenIdTrustedSite extends Eloquent implements ITrustedSite{
|
||||
|
||||
protected $table = 'openid_trusted_sites';
|
||||
|
||||
public function setRealm($realm)
|
||||
{
|
||||
// TODO: Implement setRealm() method.
|
||||
}
|
||||
public $timestamps = false;
|
||||
|
||||
public function getRealm()
|
||||
{
|
||||
// TODO: Implement getRealm() method.
|
||||
}
|
||||
|
||||
public function setData($data)
|
||||
{
|
||||
// TODO: Implement setData() method.
|
||||
return $this->realm;
|
||||
}
|
||||
|
||||
public function getData()
|
||||
{
|
||||
// TODO: Implement getData() method.
|
||||
$res = $this->data;
|
||||
return json_decode($res);
|
||||
}
|
||||
|
||||
public function getUser()
|
||||
|
@ -40,11 +32,7 @@ class OpenIdTrustedSite extends Eloquent implements ITrustedSite{
|
|||
|
||||
public function getAuthorizationPolicy()
|
||||
{
|
||||
// TODO: Implement getAuthorizationPolicy() method.
|
||||
return $this->policy;
|
||||
}
|
||||
|
||||
public function setAuthorizationPolicy($policy)
|
||||
{
|
||||
// TODO: Implement setAuthorizationPolicy() method.
|
||||
}
|
||||
}
|
|
@ -13,6 +13,7 @@
|
|||
|
||||
Route::get('/', "HomeController@index");
|
||||
Route::get('/discovery', "DiscoveryController@idp");
|
||||
|
||||
//op endpoint url
|
||||
Route::post('/accounts/openid/v2','OpenIdProviderController@op_endpoint');
|
||||
Route::get('/accounts/openid/v2','OpenIdProviderController@op_endpoint');
|
||||
|
@ -21,7 +22,7 @@ Route::get('/accounts/openid/v2','OpenIdProviderController@op_endpoint');
|
|||
Route::get('/accounts/user/login',"UserController@getLogin");
|
||||
|
||||
Route::post('/accounts/user/login',"UserController@postLogin");
|
||||
|
||||
Route::get("/accounts/user/ud/{identifier}","DiscoveryController@user");
|
||||
|
||||
Route::get('/accounts/user/consent',"UserController@getConsent");
|
||||
|
||||
|
|
|
@ -12,6 +12,12 @@ use openid\services\IServerConfigurationService;
|
|||
|
||||
class ServerConfigurationService implements IServerConfigurationService{
|
||||
|
||||
|
||||
public function getUserIdentityEndpointURL($identifier){
|
||||
$url = action("DiscoveryController@user",array("identifier"=>$identifier));
|
||||
return $url;
|
||||
}
|
||||
|
||||
public function getOPEndpointURL()
|
||||
{
|
||||
$url = action("OpenIdProviderController@op_endpoint");
|
||||
|
@ -27,4 +33,8 @@ class ServerConfigurationService implements IServerConfigurationService{
|
|||
{
|
||||
return 360;
|
||||
}
|
||||
|
||||
public function getMaxFailedLoginAttempts(){
|
||||
return 3;
|
||||
}
|
||||
}
|
|
@ -9,6 +9,7 @@
|
|||
|
||||
namespace services;
|
||||
use Illuminate\Support\ServiceProvider;
|
||||
use openid\services\Registry;
|
||||
|
||||
class ServicesProvider extends ServiceProvider {
|
||||
|
||||
|
@ -20,5 +21,15 @@ class ServicesProvider extends ServiceProvider {
|
|||
$this->app->singleton('openid\\services\\IAssociationService','services\\AssociationService');
|
||||
$this->app->singleton('openid\\services\\ITrustedSitesService','services\\TrustedSitesService');
|
||||
$this->app->singleton('openid\\services\\IServerConfigurationService','services\\ServerConfigurationService');
|
||||
$this->app->singleton('openid\\services\\IUserService','services\\UserService');
|
||||
|
||||
Registry::getInstance()->set("openid\\services\\IMementoOpenIdRequestService",\App::make("openid\\services\\IMementoOpenIdRequestService"));
|
||||
Registry::getInstance()->set("openid\\handlers\\IOpenIdAuthenticationStrategy",\App::make("openid\\handlers\\IOpenIdAuthenticationStrategy"));
|
||||
Registry::getInstance()->set("openid\\services\\IServerExtensionsService",\App::make("openid\\services\\IMementoOpenIdRequestService"));
|
||||
Registry::getInstance()->set("openid\\services\\IAssociationService",\App::make("openid\\services\\IAssociationService"));
|
||||
Registry::getInstance()->set("openid\\services\\ITrustedSitesService",\App::make("openid\\services\\ITrustedSitesService"));
|
||||
Registry::getInstance()->set("openid\\services\\IServerConfigurationService",\App::make("openid\\services\\IServerConfigurationService"));
|
||||
Registry::getInstance()->set("openid\\services\\IUserService",\App::make("openid\\services\\IUserService"));
|
||||
|
||||
}
|
||||
}
|
|
@ -11,17 +11,25 @@ namespace services;
|
|||
use openid\model\IOpenIdUser;
|
||||
use openid\model\ITrustedSite;
|
||||
use openid\services\ITrustedSitesService;
|
||||
use \OpenIdTrustedSite;
|
||||
|
||||
class TrustedSitesService implements ITrustedSitesService {
|
||||
|
||||
public function addTrustedSite(IOpenIdUser $user, $realm, $policy, $data = array())
|
||||
{
|
||||
// TODO: Implement addTrustedSite() method.
|
||||
$old_site = OpenIdTrustedSite::where("realm","=",$realm)->first();
|
||||
$site = new OpenIdTrustedSite;
|
||||
$site->realm = $realm;
|
||||
$site->policy = $policy;
|
||||
$site->user_id =$user->getId();
|
||||
$site->data = json_encode($data);
|
||||
$site->Save();
|
||||
}
|
||||
|
||||
public function delTrustedSite($realm)
|
||||
{
|
||||
// TODO: Implement delTrustedSite() method.
|
||||
$site = OpenIdTrustedSite::where("realm","=",$realm)->first();
|
||||
if(!is_null($site)) $site->delete();
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -29,8 +37,9 @@ class TrustedSitesService implements ITrustedSitesService {
|
|||
* @param $return_to
|
||||
* @return ITrustedSite
|
||||
*/
|
||||
public function getTrustedSite(IOpenIdUser $user, $return_to)
|
||||
public function getTrustedSite(IOpenIdUser $user, $realm)
|
||||
{
|
||||
// TODO: Implement getTrustedSite() method.
|
||||
$site = OpenIdTrustedSite::where("realm","=",$realm)->where("user_id","=",$user->getId())->first();
|
||||
return $site;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,110 @@
|
|||
<?php
|
||||
/**
|
||||
* Created by JetBrains PhpStorm.
|
||||
* User: smarcet
|
||||
* Date: 10/22/13
|
||||
* Time: 5:04 PM
|
||||
* To change this template use File | Settings | File Templates.
|
||||
*/
|
||||
|
||||
namespace services;
|
||||
use openid\services\IUserService;
|
||||
use auth\OpenIdUser;
|
||||
|
||||
class UserService implements IUserService{
|
||||
|
||||
public function associateUser($id, $proposed_username)
|
||||
{
|
||||
$user = OpenIdUser::where('id', '=', $id)->first();
|
||||
if(!empty($user->identifier)) return $user->identifier;
|
||||
if(!is_null($user)){
|
||||
\DB::transaction(function() use ($id,$proposed_username)
|
||||
{
|
||||
$done = false;
|
||||
$fragment_nbr = 1;
|
||||
do{
|
||||
$old_user = \DB::table('openid_users')->where('identifier', '=', $proposed_username)->first();
|
||||
if(is_null($old_user)){
|
||||
\DB::table('openid_users')->where('id', '=', $id)->update(array('identifier' => $proposed_username));
|
||||
$done = true;
|
||||
}
|
||||
else{
|
||||
$proposed_username = $proposed_username."#".$fragment_nbr;
|
||||
$fragment_nbr++;
|
||||
}
|
||||
|
||||
}while(!$done);
|
||||
return $proposed_username;
|
||||
});
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public function updateLastLoginDate($identifier)
|
||||
{
|
||||
$user = OpenIdUser::where('id', '=', $identifier)->first();
|
||||
if(!is_null($user)){
|
||||
\DB::transaction(function() use ($identifier)
|
||||
{
|
||||
\DB::table('openid_users')->where('id', '=', $identifier)->update(array('last_login_date' => gmdate("Y-m-d H:i:s", time())));
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
public function updateFailedLoginAttempts($identifier)
|
||||
{
|
||||
$user = OpenIdUser::where('id', '=', $identifier)->first();
|
||||
if(!is_null($user)){
|
||||
$attempts = $user->login_failed_attempt;
|
||||
++$attempts;
|
||||
\DB::transaction(function() use ($identifier,$attempts)
|
||||
{
|
||||
\DB::table('openid_users')->where('id', '=', $identifier)->update(array('login_failed_attempt' => $attempts));
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
public function lockUser($identifier)
|
||||
{
|
||||
$user = OpenIdUser::where('id', '=', $identifier)->first();
|
||||
if(!is_null($user)){
|
||||
\DB::transaction(function() use ($identifier)
|
||||
{
|
||||
\DB::table('openid_users')->where('id', '=', $identifier)->update(array('lock' => 1));
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
public function unlockUser($identifier)
|
||||
{
|
||||
$user = OpenIdUser::where('id', '=', $identifier)->first();
|
||||
if(!is_null($user)){
|
||||
\DB::transaction(function() use ($identifier)
|
||||
{
|
||||
\DB::table('openid_users')->where('id', '=', $identifier)->update(array('lock' => 0));
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
public function activateUser($identifier)
|
||||
{
|
||||
$user = OpenIdUser::where('id', '=', $identifier)->first();
|
||||
if(!is_null($user)){
|
||||
\DB::transaction(function() use ($identifier)
|
||||
{
|
||||
\DB::table('openid_users')->where('id', '=', $identifier)->update(array('active' => 1));
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
public function deActivateUser($identifier)
|
||||
{
|
||||
$user = OpenIdUser::where('id', '=', $identifier)->first();
|
||||
if(!is_null($user)){
|
||||
\DB::transaction(function() use ($identifier)
|
||||
{
|
||||
\DB::table('openid_users')->where('id', '=', $identifier)->update(array('active' => 0));
|
||||
});
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,12 @@
|
|||
@extends('layout')
|
||||
@section('content')
|
||||
<h1>OpenstackId Idp - 404</h1>
|
||||
<div class="container">
|
||||
<p>
|
||||
404. That's an error.
|
||||
</p>
|
||||
<p>
|
||||
The page you requested is invalid. That's all we know.
|
||||
</p>
|
||||
</div>
|
||||
@stop
|
|
@ -0,0 +1,7 @@
|
|||
@extends('layout')
|
||||
@section('content')
|
||||
<h1>OpenstackId Idp</h1>
|
||||
<div class="container">
|
||||
<p>Welcome to OpenstackId Idp!!!</p>
|
||||
</div>
|
||||
@stop
|
Loading…
Reference in New Issue