openinfra
/
openstackid
Code Issues Proposed changes

[smarcet] - Refs # 4578 - OpenId - Server Core Logic - Authentication Workflow

This commit is contained in:
smarcet 2013-10-23 19:07:00 -03:00
parent f1ad337e3a
commit eebd196ad7
35 changed files with 882 additions and 1052 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

166
.idea/openidIdp.iml
View File

@ -61,100 +61,100 @@
</library>
</orderEntry>
<orderEntry type="module-library">
<library name="Composer Vendors">
<library name="PHP">
<CLASSES>
<root url="file://$MODULE_DIR$/vendor/psr/log" />
<root url="file://$MODULE_DIR$/vendor/filp/whoops" />
<root url="file://$MODULE_DIR$/vendor/nikic/php-parser" />
<root url="file://$MODULE_DIR$/vendor/nesbot/carbon" />
<root url="file://$MODULE_DIR$/vendor/predis/predis" />
<root url="file://$MODULE_DIR$/vendor/laravel/framework" />
<root url="file://$MODULE_DIR$/vendor/monolog/monolog" />
<root url="file://$MODULE_DIR$/vendor/phpunit/phpunit" />
<root url="file://$MODULE_DIR$/vendor/phpunit/php-timer" />
<root url="file://$MODULE_DIR$/vendor/phpunit/php-token-stream" />
<root url="file://$MODULE_DIR$/vendor/phpunit/php-code-coverage" />
<root url="file://$MODULE_DIR$/vendor/phpunit/php-file-iterator" />
<root url="file://$MODULE_DIR$/vendor/phpunit/php-text-template" />
<root url="file://$MODULE_DIR$/vendor/phpunit/phpunit-mock-objects" />
<root url="file://$MODULE_DIR$/vendor/symfony/yaml" />
<root url="file://$MODULE_DIR$/vendor/symfony/debug" />
<root url="file://$MODULE_DIR$/vendor/symfony/finder" />
<root url="file://$MODULE_DIR$/vendor/symfony/console" />
<root url="file://$MODULE_DIR$/vendor/symfony/process" />
<root url="file://$MODULE_DIR$/vendor/symfony/routing" />
<root url="file://$MODULE_DIR$/vendor/symfony/filesystem" />
<root url="file://$MODULE_DIR$/vendor/symfony/browser-kit" />
<root url="file://$MODULE_DIR$/vendor/symfony/dom-crawler" />
<root url="file://$MODULE_DIR$/vendor/symfony/http-kernel" />
<root url="file://$MODULE_DIR$/vendor/symfony/translation" />
<root url="file://$MODULE_DIR$/vendor/symfony/css-selector" />
<root url="file://$MODULE_DIR$/vendor/filp/whoops" />
<root url="file://$MODULE_DIR$/vendor/symfony/debug" />
<root url="file://$MODULE_DIR$/vendor/laravel/framework" />
<root url="file://$MODULE_DIR$/vendor/symfony/yaml" />
<root url="file://$MODULE_DIR$/vendor/symfony/http-foundation" />
<root url="file://$MODULE_DIR$/vendor/symfony/event-dispatcher" />
<root url="file://$MODULE_DIR$/vendor/composer" />
<root url="file://$MODULE_DIR$/vendor/doctrine/dbal" />
<root url="file://$MODULE_DIR$/vendor/doctrine/cache" />
<root url="file://$MODULE_DIR$/vendor/doctrine/lexer" />
<root url="file://$MODULE_DIR$/vendor/doctrine/common" />
<root url="file://$MODULE_DIR$/vendor/doctrine/inflector" />
<root url="file://$MODULE_DIR$/vendor/doctrine/annotations" />
<root url="file://$MODULE_DIR$/vendor/doctrine/collections" />
<root url="file://$MODULE_DIR$/vendor/ircmaxell/password-compat" />
<root url="file://$MODULE_DIR$/vendor/patchwork/utf8" />
<root url="file://$MODULE_DIR$/vendor/jeremeamia/SuperClosure" />
<root url="file://$MODULE_DIR$/vendor/swiftmailer/swiftmailer" />
<root url="file://$MODULE_DIR$/vendor/zendframework/zend-math" />
<root url="file://$MODULE_DIR$/vendor/zendframework/zend-crypt" />
<root url="file://$MODULE_DIR$/vendor/symfony/browser-kit" />
<root url="file://$MODULE_DIR$/vendor/zendframework/zend-stdlib" />
<root url="file://$MODULE_DIR$/vendor/zendframework/zend-servicemanager" />
<root url="file://$MODULE_DIR$/vendor/swiftmailer/swiftmailer" />
<root url="file://$MODULE_DIR$/vendor/symfony/console" />
<root url="file://$MODULE_DIR$/vendor/zendframework/zend-math" />
<root url="file://$MODULE_DIR$/vendor/psr/log" />
<root url="file://$MODULE_DIR$/vendor/symfony/translation" />
<root url="file://$MODULE_DIR$/vendor/classpreloader/classpreloader" />
<root url="file://$MODULE_DIR$/vendor/ircmaxell/password-compat" />
<root url="file://$MODULE_DIR$/vendor/zendframework/zend-servicemanager" />
<root url="file://$MODULE_DIR$/vendor/zendframework/zend-crypt" />
<root url="file://$MODULE_DIR$/vendor/jeremeamia/SuperClosure" />
<root url="file://$MODULE_DIR$/vendor/phpunit/php-text-template" />
<root url="file://$MODULE_DIR$/vendor/nikic/php-parser" />
<root url="file://$MODULE_DIR$/vendor/patchwork/utf8" />
<root url="file://$MODULE_DIR$/vendor/monolog/monolog" />
<root url="file://$MODULE_DIR$/vendor/nesbot/carbon" />
<root url="file://$MODULE_DIR$/vendor/symfony/process" />
<root url="file://$MODULE_DIR$/vendor/phpunit/php-timer" />
<root url="file://$MODULE_DIR$/vendor/phpunit/phpunit-mock-objects" />
<root url="file://$MODULE_DIR$/vendor/symfony/css-selector" />
<root url="file://$MODULE_DIR$/vendor/symfony/routing" />
<root url="file://$MODULE_DIR$/vendor/doctrine/dbal" />
<root url="file://$MODULE_DIR$/vendor/doctrine/inflector" />
<root url="file://$MODULE_DIR$/vendor/phpunit/phpunit" />
<root url="file://$MODULE_DIR$/vendor/symfony/http-kernel" />
<root url="file://$MODULE_DIR$/vendor/composer" />
<root url="file://$MODULE_DIR$/vendor/symfony/event-dispatcher" />
<root url="file://$MODULE_DIR$/vendor/phpunit/php-file-iterator" />
<root url="file://$MODULE_DIR$/vendor/symfony/dom-crawler" />
<root url="file://$MODULE_DIR$/vendor/symfony/filesystem" />
<root url="file://$MODULE_DIR$/vendor/doctrine/collections" />
<root url="file://$MODULE_DIR$/vendor/doctrine/annotations" />
<root url="file://$MODULE_DIR$/vendor/predis/predis" />
<root url="file://$MODULE_DIR$/vendor/doctrine/lexer" />
<root url="file://$MODULE_DIR$/vendor/doctrine/cache" />
<root url="file://$MODULE_DIR$/vendor/doctrine/common" />
<root url="file://$MODULE_DIR$/vendor/phpunit/php-code-coverage" />
<root url="file://$MODULE_DIR$/vendor/phpunit/php-token-stream" />
</CLASSES>
<SOURCES>
<root url="file://$MODULE_DIR$/vendor/psr/log" />
<root url="file://$MODULE_DIR$/vendor/filp/whoops" />
<root url="file://$MODULE_DIR$/vendor/nikic/php-parser" />
<root url="file://$MODULE_DIR$/vendor/nesbot/carbon" />
<root url="file://$MODULE_DIR$/vendor/predis/predis" />
<root url="file://$MODULE_DIR$/vendor/laravel/framework" />
<root url="file://$MODULE_DIR$/vendor/monolog/monolog" />
<root url="file://$MODULE_DIR$/vendor/phpunit/phpunit" />
<root url="file://$MODULE_DIR$/vendor/phpunit/php-timer" />
<root url="file://$MODULE_DIR$/vendor/phpunit/php-token-stream" />
<root url="file://$MODULE_DIR$/vendor/phpunit/php-code-coverage" />
<root url="file://$MODULE_DIR$/vendor/phpunit/php-file-iterator" />
<root url="file://$MODULE_DIR$/vendor/phpunit/php-text-template" />
<root url="file://$MODULE_DIR$/vendor/phpunit/phpunit-mock-objects" />
<root url="file://$MODULE_DIR$/vendor/symfony/yaml" />
<root url="file://$MODULE_DIR$/vendor/symfony/debug" />
<root url="file://$MODULE_DIR$/vendor/symfony/finder" />
<root url="file://$MODULE_DIR$/vendor/symfony/console" />
<root url="file://$MODULE_DIR$/vendor/symfony/process" />
<root url="file://$MODULE_DIR$/vendor/symfony/routing" />
<root url="file://$MODULE_DIR$/vendor/symfony/filesystem" />
<root url="file://$MODULE_DIR$/vendor/symfony/browser-kit" />
<root url="file://$MODULE_DIR$/vendor/symfony/dom-crawler" />
<root url="file://$MODULE_DIR$/vendor/symfony/http-kernel" />
<root url="file://$MODULE_DIR$/vendor/symfony/translation" />
<root url="file://$MODULE_DIR$/vendor/symfony/css-selector" />
<root url="file://$MODULE_DIR$/vendor/filp/whoops" />
<root url="file://$MODULE_DIR$/vendor/symfony/debug" />
<root url="file://$MODULE_DIR$/vendor/laravel/framework" />
<root url="file://$MODULE_DIR$/vendor/symfony/yaml" />
<root url="file://$MODULE_DIR$/vendor/symfony/http-foundation" />
<root url="file://$MODULE_DIR$/vendor/symfony/event-dispatcher" />
<root url="file://$MODULE_DIR$/vendor/composer" />
<root url="file://$MODULE_DIR$/vendor/doctrine/dbal" />
<root url="file://$MODULE_DIR$/vendor/doctrine/cache" />
<root url="file://$MODULE_DIR$/vendor/doctrine/lexer" />
<root url="file://$MODULE_DIR$/vendor/doctrine/common" />
<root url="file://$MODULE_DIR$/vendor/doctrine/inflector" />
<root url="file://$MODULE_DIR$/vendor/doctrine/annotations" />
<root url="file://$MODULE_DIR$/vendor/doctrine/collections" />
<root url="file://$MODULE_DIR$/vendor/ircmaxell/password-compat" />
<root url="file://$MODULE_DIR$/vendor/patchwork/utf8" />
<root url="file://$MODULE_DIR$/vendor/jeremeamia/SuperClosure" />
<root url="file://$MODULE_DIR$/vendor/swiftmailer/swiftmailer" />
<root url="file://$MODULE_DIR$/vendor/zendframework/zend-math" />
<root url="file://$MODULE_DIR$/vendor/zendframework/zend-crypt" />
<root url="file://$MODULE_DIR$/vendor/symfony/browser-kit" />
<root url="file://$MODULE_DIR$/vendor/zendframework/zend-stdlib" />
<root url="file://$MODULE_DIR$/vendor/zendframework/zend-servicemanager" />
<root url="file://$MODULE_DIR$/vendor/swiftmailer/swiftmailer" />
<root url="file://$MODULE_DIR$/vendor/symfony/console" />
<root url="file://$MODULE_DIR$/vendor/zendframework/zend-math" />
<root url="file://$MODULE_DIR$/vendor/psr/log" />
<root url="file://$MODULE_DIR$/vendor/symfony/translation" />
<root url="file://$MODULE_DIR$/vendor/classpreloader/classpreloader" />
<root url="file://$MODULE_DIR$/vendor/ircmaxell/password-compat" />
<root url="file://$MODULE_DIR$/vendor/zendframework/zend-servicemanager" />
<root url="file://$MODULE_DIR$/vendor/zendframework/zend-crypt" />
<root url="file://$MODULE_DIR$/vendor/jeremeamia/SuperClosure" />
<root url="file://$MODULE_DIR$/vendor/phpunit/php-text-template" />
<root url="file://$MODULE_DIR$/vendor/nikic/php-parser" />
<root url="file://$MODULE_DIR$/vendor/patchwork/utf8" />
<root url="file://$MODULE_DIR$/vendor/monolog/monolog" />
<root url="file://$MODULE_DIR$/vendor/nesbot/carbon" />
<root url="file://$MODULE_DIR$/vendor/symfony/process" />
<root url="file://$MODULE_DIR$/vendor/phpunit/php-timer" />
<root url="file://$MODULE_DIR$/vendor/phpunit/phpunit-mock-objects" />
<root url="file://$MODULE_DIR$/vendor/symfony/css-selector" />
<root url="file://$MODULE_DIR$/vendor/symfony/routing" />
<root url="file://$MODULE_DIR$/vendor/doctrine/dbal" />
<root url="file://$MODULE_DIR$/vendor/doctrine/inflector" />
<root url="file://$MODULE_DIR$/vendor/phpunit/phpunit" />
<root url="file://$MODULE_DIR$/vendor/symfony/http-kernel" />
<root url="file://$MODULE_DIR$/vendor/composer" />
<root url="file://$MODULE_DIR$/vendor/symfony/event-dispatcher" />
<root url="file://$MODULE_DIR$/vendor/phpunit/php-file-iterator" />
<root url="file://$MODULE_DIR$/vendor/symfony/dom-crawler" />
<root url="file://$MODULE_DIR$/vendor/symfony/filesystem" />
<root url="file://$MODULE_DIR$/vendor/doctrine/collections" />
<root url="file://$MODULE_DIR$/vendor/doctrine/annotations" />
<root url="file://$MODULE_DIR$/vendor/predis/predis" />
<root url="file://$MODULE_DIR$/vendor/doctrine/lexer" />
<root url="file://$MODULE_DIR$/vendor/doctrine/cache" />
<root url="file://$MODULE_DIR$/vendor/doctrine/common" />
<root url="file://$MODULE_DIR$/vendor/phpunit/php-code-coverage" />
<root url="file://$MODULE_DIR$/vendor/phpunit/php-token-stream" />
</SOURCES>
</library>
</orderEntry>

1044
.idea/workspace.xml
View File

File diff suppressed because it is too large Load Diff

28
app/controllers/DiscoveryController.php
View File

@ -9,13 +9,16 @@
use openid\IOpenIdProtocol;
use openid\XRDS\XRDSDocumentBuilder;
use \openid\services\IAuthService;
class DiscoveryController extends BaseController {
private $openid_protocol;
private $auth_service;
public function __construct(IOpenIdProtocol $openid_protocol){
$this->openid_protocol=$openid_protocol;
public function __construct(IOpenIdProtocol $openid_protocol,IAuthService $auth_service ){
$this->openid_protocol = $openid_protocol;
$this->auth_service = $auth_service;
}
/**
@ -29,7 +32,7 @@ class DiscoveryController extends BaseController {
$accept_values = explode(",",$accept);
if(in_array(XRDSDocumentBuilder::ContentType,$accept_values))
{
$response = Response::make($this->openid_protocol->getXRDSDiscovery(), 200);
$response = Response::make($this->openid_protocol->getXRDSDiscovery(IOpenIdProtocol::OpenIdXRDSModeIdp), 200);
$response->header('Content-Type', "application/xrds+xml; charset=UTF-8");
}
else{
@ -38,8 +41,23 @@ class DiscoveryController extends BaseController {
return $response;
}
public function user(){
public function user($identifier){
$user = $this->auth_service->getUserByOpenId($identifier);
if(is_null($user))
return View::make("404");
//This field contains a semicolon-separated list of representation schemes
//which will be accepted in the response to this request.
$accept = Request::header('Accept');
$accept_values = explode(",",$accept);
if(in_array(XRDSDocumentBuilder::ContentType,$accept_values))
{
$response = Response::make($this->openid_protocol->getXRDSDiscovery(IOpenIdProtocol::OpenIdXRDSModeUser), 200);
$response->header('Content-Type', "application/xrds+xml; charset=UTF-8");
}
else{
$response = View::make("identity");
}
return $response;
}
}

2
app/controllers/UserController.php
View File

@ -10,7 +10,7 @@ use openid\services\IMementoOpenIdRequestService;
use openid\services\IAuthService;
use openid\requests\OpenIdAuthenticationRequest;
use openid\exceptions\InvalidRequestContextException;
use openid\XRDS\XRDSDocumentBuilder;
class UserController extends BaseController{
private $memento_service;

2
app/database/migrations/2013_10_17_210518_create_users_table.php
View File

@ -17,7 +17,9 @@ class CreateUsersTable extends Migration {
$table->string('identifier',255);
$table->string('external_id',100);
$table->boolean('active');
$table->boolean('lock');
$table->dateTime('last_login_date');
$table->integer('login_failed_attempt');
$table->timestamps();
});
}

5
app/libs/auth/AuthService.php
View File

@ -62,4 +62,9 @@ class AuthService implements IAuthService {
//todo : check valid response
Session::set("openid.authorization.response",$auth_response);
}
public function getUserByOpenId($openid){
$user = OpenIdUser::where('identifier','=',$openid)->first();
return $user;
}
}

60
app/libs/auth/CustomAuthProvider.php
View File

@ -13,7 +13,7 @@ use Illuminate\Auth\UserProviderInterface;
use auth\exceptions\AuthenticationException;
use \Member;
use \Zend\Crypt\Hash;
use openid\services\Registry;
class CustomAuthProvider implements UserProviderInterface{
/**
@ -33,7 +33,7 @@ class CustomAuthProvider implements UserProviderInterface{
*/
public function retrieveById($identifier)
{
$user = OpenIdUser::where('external_id', '=', $identifier)->first();
$user = OpenIdUser::where('external_id', '=', $identifier)->first();
$member = Member::where('Email', '=', $identifier)->first();
if(!is_null($member) && !is_null($user)){
$user->setMember($member);
@ -52,23 +52,52 @@ class CustomAuthProvider implements UserProviderInterface{
{
if(!isset($credentials['username']) || !isset($credentials['password']))
throw new AuthenticationException("invalid crendentials");
$identifier = $credentials['username'];
$password = $credentials['password'];
$user = OpenIdUser::where('external_id', '=', $identifier)->first();
$identifier = $credentials['username'];
$password = $credentials['password'];
$user = OpenIdUser::where('external_id', '=', $identifier)->first();
//check user status...
if(!is_null($user) && ($user->lock || !$user->active))
return null;
$user_service = Registry::getInstance()->get("openid\\services\\IUserService");
$member = Member::where('Email', '=', $identifier)->first();
if(!is_null($member) && $member->checkPassword($password)){
if(!is_null($member)){
$res = $member->checkPassword($password);
//if user does not exists, then create it
if(is_null($user)){
//create user
$user = new OpenIdUser();
$user->external_id = $member->Email;
$user->external_id = $member->Email;
$user->last_login_date = gmdate("Y-m-d H:i:s", time());
$user->login_failed_attempt = 0;
$user->active = true;
$user->identifier = Hash::compute("sha1",$user->external_id);
$user->lock = false;
$user->Save();
}
$user->setMember($member);
return $user;
$user_name = $member->FirstName.".".$member->Surname;
$user_service->associateUser($user->id,strtolower($user_name));
$server_configuration = Registry::getInstance()->get("openid\\services\\IServerConfigurationService");
if(!$res){
if($user->login_failed_attempt<$server_configuration->getMaxFailedLoginAttempts())
$user_service->updateFailedLoginAttempts($user->id);
else{
$user_service->lockUser($user->id);
}
$user = null;
}
else{
$user->last_login_date = gmdate("Y-m-d H:i:s", time());
$user->login_failed_attempt = 0;
$user->active = true;
$user->lock = false;
$user->Save();
}
}
return null;
return $user;
}
/**
@ -83,8 +112,11 @@ class CustomAuthProvider implements UserProviderInterface{
if(!isset($credentials['username']) || !isset($credentials['password']))
throw new AuthenticationException("invalid crendentials");
$identifier = $credentials['username'];
$password = $credentials['password'];
$member = Member::where('Email', '=', $identifier)->first();
return $member->checkPassword($password);
}
$password = $credentials['password'];
$user = OpenIdUser::where('external_id', '=', $identifier)->first();
if(is_null($user) || $user->lock || !$user->active)
return false;
$member = Member::where('Email', '=', $identifier)->first();
return is_null($member)?false:$member->checkPassword($password);
}
}

9
app/libs/auth/OpenIdUser.php
View File

@ -57,7 +57,10 @@ class OpenIdUser extends \Eloquent implements UserInterface , IOpenIdUser{
public function getEmail()
{
$this->external_id;
if(is_null($this->member)){
$this->member = Member::where('Email', '=', $this->external_id)->first();
}
return $this->external_id;
}
public function getFirstName()
@ -125,4 +128,8 @@ class OpenIdUser extends \Eloquent implements UserInterface , IOpenIdUser{
}
return "";
}
public function getId(){
return $this->id;
}
}

15
app/libs/openid/IOpenIdProtocol.php
View File

@ -11,22 +11,19 @@ namespace openid;
use openid\responses\OpenIdResponse;
interface IOpenIdProtocol {
const OpenIdXRDSModeUser = "OpenIdXRDSModeUser";
const OpenIdXRDSModeIdp = "OpenIdXRDSModeIdp";
/**
* With OpenID 2.0, the relying party discovers the OpenID provider URL by requesting
* the XRDS document (also called the Yadis document) with the content type application/xrds+xml;
* this document may be available at the target URL and is always available for a target XRI.
* @return mixed
*/
public function getXRDSDiscovery();
public function getXRDSDiscovery($mode,$canonical_id=null);
/**
* With OpenID 1.0, the relying party then requests the HTML resource identified by the URL
* and reads an HTML link tag to discover the OpenID provider's URL
* (e.g. http://openid.example.org/openid-auth.php). The relying party also discovers whether to use a
* delegated identity
* @return mixed
*/
public function getHtmlDiscovery();
/**
* @param OpenIdMessage $openIdMessage

7
app/libs/openid/OpenIdProtocol.php
View File

@ -116,7 +116,8 @@ class OpenIdProtocol implements IOpenIdProtocol {
$this->request_handlers = new OpenIdAuthenticationRequestHandler($auth_service,$memento_request_service,$auth_strategy,$server_extension_service,$association_service,$trusted_sites_service,$server_config_service,$successor);
}
public function getXRDSDiscovery(){
public function getXRDSDiscovery($mode, $canonical_id=null){
//todo: check valid mode
$server_extension_service = \App::make("openid\\services\\IServerExtensionsService");
$server_config_service = \App::make("openid\\services\\IServerConfigurationService");
$active_extensions = $server_extension_service->getAllActiveExtensions();
@ -126,8 +127,8 @@ class OpenIdProtocol implements IOpenIdProtocol {
}
$services = array();
array_push($services, new XRDSService(0,self::OPIdentifierType,$server_config_service->getOPEndpointURL(),$extensions));
$builder = new XRDSDocumentBuilder($services);
array_push($services, new XRDSService(0, $mode == IOpenIdProtocol::OpenIdXRDSModeUser ? self::ClaimedIdentifierType: self::OPIdentifierType,$server_config_service->getOPEndpointURL(),$extensions,$canonical_id));
$builder = new XRDSDocumentBuilder($services,$canonical_id);
$xrds = $builder->render();
return $xrds;
}

7
app/libs/openid/XRDS/XRDSDocumentBuilder.php
View File

@ -11,13 +11,15 @@ namespace openid\XRDS;
class XRDSDocumentBuilder {
private $elements;
private $canonical_id;
const ContentType ='application/xrds+xml';
const XRDNamespace ='xri://$xrd*($v*2.0)';
const XRDSNamespace ='xXRDSServiceri://$xrds';
public function __construct($elements){
public function __construct($elements,$canonical_id=null){
$this->elements = $elements;
$this->canonical_id = $canonical_id;
}
public function render(){
@ -26,6 +28,9 @@ class XRDSDocumentBuilder {
$header = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<xrds:XRDS xmlns:xrds=\"{$XRDSNamespace}\" xmlns=\"{$XRDNamespace}\">\n<XRD>\n";
$footer = "</XRD>\n</xrds:XRDS>";
$xrds = $header;
if(!is_null($this->canonical_id)){
$xrds .= "<CanonicalID>{$this->canonical_id}</CanonicalID>\n";
}
foreach($this->elements as $service){
$xrds .= $service->render();
}

1
app/libs/openid/extensions/OpenIdExtension.php
View File

@ -36,5 +36,6 @@ abstract class OpenIdExtension {
* @throws InvalidOpenIdMessageException
*/
abstract public function parseRequest(OpenIdRequest $request,RequestContext $context);
abstract public function getTrustedData(OpenIdRequest $request);
abstract public function prepareResponse(OpenIdRequest $request,OpenIdResponse $response ,ResponseContext $context);
}

13
app/libs/openid/extensions/implementations/OpenIdAXExtension.php
View File

@ -147,5 +147,18 @@ class OpenIdAXExtension extends OpenIdExtension
}
}
public function getTrustedData(OpenIdRequest $request){
$data = array();
$ax_request = new OpenIdAXRequest($request->getMessage());
if ($ax_request->IsValid()){
$attributes = $ax_request->getRequiredAttributes();
foreach($attributes as $attr){
array_push($data,$attr);
}
}
return $data;
}
}

4
app/libs/openid/extensions/implementations/OpenIdOAuthExtension.php
View File

@ -30,4 +30,8 @@ class OpenIdOAuthExtension extends OpenIdExtension {
{
// TODO: Implement prepareResponse() method.
}
public function getTrustedData(OpenIdRequest $request){
}
}

4
app/libs/openid/extensions/implementations/OpenIdPAPEExtension.php
View File

@ -31,4 +31,8 @@ class OpenIdPAPEExtension extends OpenIdExtension {
{
// TODO: Implement prepareResponse() method.
}
public function getTrustedData(OpenIdRequest $request){
}
}

4
app/libs/openid/extensions/implementations/OpenIdSREGExtension.php
View File

@ -30,4 +30,8 @@ class OpenIdSREGExtension extends OpenIdExtension
{
// TODO: Implement prepareResponse() method.
}
public function getTrustedData(OpenIdRequest $request){
}
}

301
app/libs/openid/handlers/OpenIdAuthenticationRequestHandler.php
View File

@ -31,9 +31,12 @@ use openid\responses\OpenIdPositiveAssertionResponse;
use openid\services\IServerConfigurationService;
use openid\helpers\OpenIdSignatureBuilder;
use openid\exceptions\InvalidOpenIdMessageException;
use openid\model\ITrustedSite;
/**
* Class OpenIdAuthenticationRequestHandler
* Implements
* http://openid.net/specs/openid-authentication-2_0.html#requesting_authentication
* http://openid.net/specs/openid-authentication-2_0.html#responding_to_authentication
* @package openid\handlers
*/
class OpenIdAuthenticationRequestHandler extends OpenIdMessageHandler
@ -45,6 +48,9 @@ class OpenIdAuthenticationRequestHandler extends OpenIdMessageHandler
private $association_service;
private $trusted_sites_service;
private $server_configuration_service;
private $extensions;
private $current_request;
private $current_request_context;
public function __construct(IAuthService $authService,
IMementoOpenIdRequestService $mementoRequestService,
@ -56,7 +62,6 @@ class OpenIdAuthenticationRequestHandler extends OpenIdMessageHandler
$successor)
{
parent::__construct($successor);
$this->authService = $authService;
$this->mementoRequestService = $mementoRequestService;
$this->auth_strategy = $auth_strategy;
@ -64,10 +69,17 @@ class OpenIdAuthenticationRequestHandler extends OpenIdMessageHandler
$this->association_service = $association_service;
$this->trusted_sites_service = $trusted_sites_service;
$this->server_configuration_service = $server_configuration_service;
$this->extensions = $this->server_extensions_service->getAllActiveExtensions();
}
private function doAssertion(OpenIdAuthenticationRequest $request, $extensions)
/**
* Create Positive Identity Assertion
* implements http://openid.net/specs/openid-authentication-2_0.html#positive_assertions
* @param OpenIdAuthenticationRequest $request
* @return OpenIdPositiveAssertionResponse
*/
private function doAssertion()
{
$currentUser = $this->authService->getCurrentUser();
@ -82,10 +94,10 @@ class OpenIdAuthenticationRequestHandler extends OpenIdMessageHandler
$context->addSignParam(OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Identity));
$op_endpoint = $this->server_configuration_service->getOPEndpointURL();
$identity = $currentUser->getIdentifier();
$response = new OpenIdPositiveAssertionResponse($op_endpoint, $identity, $identity, $request->getReturnTo());
foreach ($extensions as $ext) {
$ext->prepareResponse($request, $response, $context);
$identity = $this->server_configuration_service->getUserIdentityEndpointURL($currentUser->getIdentifier());
$response = new OpenIdPositiveAssertionResponse($op_endpoint, $identity, $identity, $this->current_request->getReturnTo());
foreach ($this->extensions as $ext) {
$ext->prepareResponse($this->current_request, $response, $context);
}
//check former assoc handle...
$assoc_handle = $request->getAssocHandle();
@ -109,122 +121,213 @@ class OpenIdAuthenticationRequestHandler extends OpenIdMessageHandler
return $response;
}
/**
* @param OpenIdAuthenticationRequest $request
* @param RequestContext $context
* @return mixed
*/
private function doConsentProcess(){
//do consent process
$this->mementoRequestService->saveCurrentRequest();
$this->current_request_context->setStage(RequestContext::StageConsent);
foreach ($this->extensions as $ext) {
$ext->parseRequest($this->current_request, $this->current_request_context);
}
return $this->auth_strategy->doConsent($this->current_request, $this->current_request_context);
}
private function doLogin(){
//do login process
foreach ($this->extensions as $ext) {
$ext->parseRequest($this->current_request, $this->current_request_context);
}
$this->mementoRequestService->saveCurrentRequest();
return $this->auth_strategy->doLogin($this->current_request, $this->current_request_context);
}
private function checkTrustedSite(ITrustedSite $site){
$policy = $site->getAuthorizationPolicy();
switch ($policy) {
case IAuthService::AuthorizationResponse_AllowForever:
{
foreach ($this->extensions as $ext) {
$data = $ext->getTrustedData($this->current_request);
$this->current_request_context->setTrustedData($data);
}
$requested_data = $this->current_request_context->getTrustedData();
$trusted_data = $site->getData();
$diff = array_diff($requested_data,$trusted_data);
if(!count($diff)) //already approved request
return $this->doAssertion();
else
{
return $this->doConsentProcess();
}
}
break;
case IAuthService::AuthorizationResponse_DenyForever:
// black listed site
return new OpenIdIndirectGenericErrorResponse(sprintf(OpenIdErrorMessages::RealmNotAllowedByUserMessage, $site->getRealm()));
break;
default:
throw new \Exception("Invalid Realm Policy");
break;
}
}
private function checkAuthorizationResponse($authorization_response){
// check response
$currentUser = $this->authService->getCurrentUser();
switch ($authorization_response) {
case IAuthService::AuthorizationResponse_AllowForever:
{
foreach ($this->extensions as $ext) {
$data = $ext->getTrustedData($this->current_request);
$this->current_request_context->setTrustedData($data);
}
$this->trusted_sites_service->addTrustedSite($currentUser, $this->current_request->getRealm(), IAuthService::AuthorizationResponse_AllowForever,$this->current_request_context->getTrustedData());
return $this->doAssertion();
}
break;
case IAuthService::AuthorizationResponse_AllowOnce:
return $this->doAssertion();
break;
case IAuthService::AuthorizationResponse_DenyOnce:
{
return new OpenIdNonImmediateNegativeAssertion($this->current_request->getReturnTo());
}
break;
case IAuthService::AuthorizationResponse_DenyForever:{
$this->trusted_sites_service->addTrustedSite($currentUser, $this->current_request->getRealm(), IAuthService::AuthorizationResponse_DenyForever);
return new OpenIdNonImmediateNegativeAssertion($this->current_request->getReturnTo());
}
break;
default:
throw new \Exception("Invalid Authorization response!");
break;
}
}
/**
* @param OpenIdAuthenticationRequest $request
* @param RequestContext $context
* @return OpenIdIndirectGenericErrorResponse|OpenIdNonImmediateNegativeAssertion|OpenIdPositiveAssertionResponse
* @throws \Exception
*/
private function doSetupMode(){
if (!$this->authService->isUserLogged()) {
return $this->doLogin();
} else {
//user already logged
$currentUser = $this->authService->getCurrentUser();
$site = $this->trusted_sites_service->getTrustedSite($currentUser, $this->current_request->getRealm());
$authorization_response = $this->authService->getUserAuthorizationResponse();
if ($authorization_response == IAuthService::AuthorizationResponse_None) {
if (!is_null($site)) {
return $this->checkTrustedSite($site);
} else {
return $this->doConsentProcess();
}
} else {
return $this->checkAuthorizationResponse($authorization_response);
}
}
}
/**
* @param OpenIdAuthenticationRequest $request
* @return OpenIdImmediateNegativeAssertion|OpenIdIndirectGenericErrorResponse|OpenIdPositiveAssertionResponse
*/
protected function doImmediateMode(){
if (!$this->authService->isUserLogged()) {
return new OpenIdImmediateNegativeAssertion;
}
$currentUser = $this->authService->getCurrentUser();
$site = $this->trusted_sites_service->getTrustedSite($currentUser, $this->current_request->getRealm());
if (is_null($site)) {
//need setup to continue
return new OpenIdImmediateNegativeAssertion($this->current_request->getReturnTo());
}
$policy = $site->getAuthorizationPolicy();
switch($policy){
case IAuthService::AuthorizationResponse_DenyForever:
{
// black listed site by user
return new OpenIdIndirectGenericErrorResponse(sprintf(OpenIdErrorMessages::RealmNotAllowedByUserMessage, $site->getRealm()));
}
break;
case IAuthService::AuthorizationResponse_AllowForever:
{
foreach ($this->extensions as $ext) {
$data = $ext->getTrustedData($this->current_request);
$this->current_request_context->setTrustedData($data);
}
$requested_data = $this->current_request_context->getTrustedData();
$trusted_data = $site->getData();
$diff = array_diff($requested_data,$trusted_data);
if(!count($diff)) //already approved request
return $this->doAssertion();
else
{
//need setup to continue
return new OpenIdImmediateNegativeAssertion($this->current_request->getReturnTo());
}
}
break;
default:
return new OpenIdIndirectGenericErrorResponse(sprintf(OpenIdErrorMessages::RealmNotAllowedByUserMessage, $this->current_request->getRealm()));
break;
}
}
/**
* @param OpenIdMessage $message
* @return OpenIdImmediateNegativeAssertion|OpenIdIndirectGenericErrorResponse|OpenIdNonImmediateNegativeAssertion|OpenIdPositiveAssertionResponse
* @throws \openid\exceptions\InvalidOpenIdAuthenticationRequestMode
*/
protected function InternalHandle(OpenIdMessage $message)
{
$request = null;
try
{
$request = new OpenIdAuthenticationRequest($message);
if(!$request->IsValid())
$this->current_request = new OpenIdAuthenticationRequest($message);
if(!$this->current_request->IsValid())
throw new InvalidOpenIdMessageException("OpenIdAuthenticationRequest is Invalid!");
$extensions = $this->server_extensions_service->getAllActiveExtensions();
$context = new RequestContext;
$mode = $request->getMode();
$this->current_request_context = new RequestContext;
$mode = $request->getMode();
switch ($mode) {
case OpenIdProtocol::SetupMode:
{
if (!$this->authService->isUserLogged()) {
//do login process
$context->setStage(RequestContext::StageLogin);
foreach ($extensions as $ext) {
$ext->parseRequest($request, $context);
}
$this->mementoRequestService->saveCurrentRequest();
return $this->auth_strategy->doLogin($request, $context);
} else {
//user already logged
$currentUser = $this->authService->getCurrentUser();
$site = $this->trusted_sites_service->getTrustedSite($currentUser, $request->getTrustedRoot());
$authorization_response = $this->authService->getUserAuthorizationResponse();
if ($authorization_response == IAuthService::AuthorizationResponse_None) {
if (is_null($site)) {
//do consent process
$this->mementoRequestService->saveCurrentRequest();
$context->setStage(RequestContext::StageConsent);
foreach ($extensions as $ext) {
$ext->parseRequest($request, $context);
}
return $this->auth_strategy->doConsent($request, $context);
} else {
$policy = $site->getAuthorizationPolicy();
switch ($policy) {
case IAuthService::AuthorizationResponse_AllowForever:
return $this->doAssertion($request, $extensions);
break;
case IAuthService::AuthorizationResponse_DenyForever:
// black listed site
return new OpenIdIndirectGenericErrorResponse(sprintf(OpenIdErrorMessages::RealmNotAllowedByUserMessage, $site->getRealm()));
break;
default:
throw new \Exception("Invalid Realm Policy");
break;
}
}
} else {
// check response
switch ($authorization_response) {
case IAuthService::AuthorizationResponse_AllowForever:
$this->trusted_sites_service->addTrustedSite($currentUser, $request->getTrustedRoot(), IAuthService::AuthorizationResponse_AllowForever);
return $this->doAssertion($request, $extensions);
break;
case IAuthService::AuthorizationResponse_AllowOnce:
return $this->doAssertion($request, $extensions);
break;
case IAuthService::AuthorizationResponse_DenyOnce:
{
$response = new OpenIdNonImmediateNegativeAssertion;
$response->setReturnTo($request->getReturnTo());
return $response;
}
break;
case IAuthService::AuthorizationResponse_DenyForever:{
$this->trusted_sites_service->addTrustedSite($currentUser, $request->getTrustedRoot(), IAuthService::AuthorizationResponse_DenyForever);
$response = new OpenIdNonImmediateNegativeAssertion;
$response->setReturnTo($request->getReturnTo());
return $response;
}
break;
default:
throw new \Exception("Invalid Authorization response!");
break;
}
}
}
return $this->doSetupMode();
}
break;
break;
case OpenIdProtocol::ImmediateMode:
{
if (!$this->authService->isUserLogged()) {
return new OpenIdImmediateNegativeAssertion;
}
$currentUser = $this->authService->getCurrentUser();
$site = $this->trusted_sites_service->getTrustedSite($currentUser, $request->getTrustedRoot());
if (is_null($site)) {
return new OpenIdImmediateNegativeAssertion;
}
$policy = $site->getAuthorizationPolicy();
if ($policy == IAuthService::AuthorizationResponse_DenyForever) {
// black listed site
return new OpenIdIndirectGenericErrorResponse(sprintf(OpenIdErrorMessages::RealmNotAllowedByUserMessage, $site->getRealm()));
}
return $this->doAssertion($request, $extensions);
return $this->doImmediateMode();
}
break;
break;
default:
throw new InvalidOpenIdAuthenticationRequestMode;
break;
break;
}
}
catch (InvalidOpenIdMessageException $ex) {
$response = new OpenIdIndirectGenericErrorResponse($ex->getMessage());
if(!is_null($request)){
$return_to = $request->getReturnTo();
if(!empty($return_to))
$response->setReturnTo($return_to);
}
return $response ;
return $response;
}
}

1
app/libs/openid/model/IOpenIdUser.php
View File

@ -12,6 +12,7 @@ namespace openid\model;
interface IOpenIdUser {
public function getId();
public function getIdentifier();
public function getEmail();
public function getFirstName();

7
app/libs/openid/model/ITrustedSite.php
View File

@ -12,14 +12,9 @@ namespace openid\model;
interface ITrustedSite {
public function setRealm($realm);
public function getRealm();
public function setData($data);
public function getData();
public function getUser();
public function getAuthorizationPolicy();
public function setAuthorizationPolicy($policy);
}

23
app/libs/openid/requests/contexts/RequestContext.php
View File

@ -12,18 +12,14 @@ namespace openid\requests\contexts;
class RequestContext
{
private $trusted_data;
private $partial_views;
const StageNull = -1;
const StageLogin = 0;
const StageConsent = 1;
private $stage;
public function __construct()
{
$this->partial_views = array();
$this->stage = self::StageNull;
$this->trusted_data = array();
}
public function addPartialView(PartialView $partial_view)
@ -36,13 +32,16 @@ class RequestContext
return $this->partial_views;
}
public function setStage($stage)
{
$this->stage = $stage;
/**
* Gets an associative array of current request trusted data
* @return array
*/
public function getTrustedData(){
return $this->trusted_data;
}
public function getStage()
{
return $this->stage;
public function setTrustedData($trusted_data){
$this->trusted_data = array_merge($this->trusted_data,$trusted_data);
}
}

5
app/libs/openid/responses/OpenIdImmediateNegativeAssertion.php
View File

@ -14,8 +14,11 @@ use openid\OpenIdProtocol;
class OpenIdImmediateNegativeAssertion extends OpenIdIndirectResponse{
public function __construct(){
public function __construct($return_url=null){
parent::__construct();
$this->setMode(OpenIdProtocol::SetupNeededMode);
if(!is_null($return_url) && !empty($return_url)){
$this->setReturnTo($return_url);
}
}
}

6
app/libs/openid/responses/OpenIdNonImmediateNegativeAssertion.php
View File

@ -13,7 +13,11 @@ use openid\OpenIdProtocol;
class OpenIdNonImmediateNegativeAssertion extends OpenIdIndirectResponse {
public function __construct(){
public function __construct($return_url=null){
parent::__construct();
$this->setMode(OpenIdProtocol::CancelMode);
if(!is_null($return_url) && !empty($return_url)){
$this->setReturnTo($return_url);
}
}
}

1
app/libs/openid/responses/OpenIdPositiveAssertionResponse.php
View File

@ -15,6 +15,7 @@ use openid\OpenIdProtocol;
class OpenIdPositiveAssertionResponse extends OpenIdIndirectResponse {
public function __construct($op_endpoint,$claimed_id,$identity,$return_to){
parent::__construct();
$this->setMode(OpenIdProtocol::IdMode);
$this[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_OpEndpoint)] = $op_endpoint;
$this[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_ClaimedId)] = $claimed_id;

2
app/libs/openid/services/IAuthService.php
View File

@ -40,4 +40,6 @@ interface IAuthService {
public function setUserAuthorizationResponse($auth_response);
public function logout();
public function getUserByOpenId($openid);
}

2
app/libs/openid/services/IServerConfigurationService.php
View File

@ -12,6 +12,8 @@ namespace openid\services;
interface IServerConfigurationService {
public function getOPEndpointURL();
public function getUserIdentityEndpointURL($identifier);
public function getPrivateAssociationLifetime();
public function getSessionAssociationLifetime();
public function getMaxFailedLoginAttempts();
}

2
app/libs/openid/services/ITrustedSitesService.php
View File

@ -19,5 +19,5 @@ interface ITrustedSitesService {
* @param $return_to
* @return ITrustedSite
*/
public function getTrustedSite(IOpenIdUser $user,$return_to);
public function getTrustedSite(IOpenIdUser $user,$realm);
}

21
app/libs/openid/services/IUserService.php Normal file
View File

@ -0,0 +1,21 @@
<?php
/**
* Created by JetBrains PhpStorm.
* User: smarcet
* Date: 10/22/13
* Time: 4:58 PM
* To change this template use File | Settings | File Templates.
*/
namespace openid\services;
interface IUserService {
public function associateUser($id,$proposed_username);
public function updateLastLoginDate($identifier);
public function updateFailedLoginAttempts($identifier);
public function lockUser($identifier);
public function unlockUser($identifier);
public function activateUser($identifier);
public function deActivateUser($identifier);
}

22
app/models/OpenIdTrustedSite.php
View File

@ -12,25 +12,17 @@ use openid\model\ITrustedSite;
class OpenIdTrustedSite extends Eloquent implements ITrustedSite{
protected $table = 'openid_trusted_sites';
public function setRealm($realm)
{
// TODO: Implement setRealm() method.
}
public $timestamps = false;
public function getRealm()
{
// TODO: Implement getRealm() method.
}
public function setData($data)
{
// TODO: Implement setData() method.
return $this->realm;
}
public function getData()
{
// TODO: Implement getData() method.
$res = $this->data;
return json_decode($res);
}
public function getUser()
@ -40,11 +32,7 @@ class OpenIdTrustedSite extends Eloquent implements ITrustedSite{
public function getAuthorizationPolicy()
{
// TODO: Implement getAuthorizationPolicy() method.
return $this->policy;
}
public function setAuthorizationPolicy($policy)
{
// TODO: Implement setAuthorizationPolicy() method.
}
}

3
app/routes.php
View File

@ -13,6 +13,7 @@
Route::get('/', "HomeController@index");
Route::get('/discovery', "DiscoveryController@idp");
//op endpoint url
Route::post('/accounts/openid/v2','OpenIdProviderController@op_endpoint');
Route::get('/accounts/openid/v2','OpenIdProviderController@op_endpoint');
@ -21,7 +22,7 @@ Route::get('/accounts/openid/v2','OpenIdProviderController@op_endpoint');
Route::get('/accounts/user/login',"UserController@getLogin");
Route::post('/accounts/user/login',"UserController@postLogin");
Route::get("/accounts/user/ud/{identifier}","DiscoveryController@user");
Route::get('/accounts/user/consent',"UserController@getConsent");

10
app/services/ServerConfigurationService.php
View File

@ -12,6 +12,12 @@ use openid\services\IServerConfigurationService;
class ServerConfigurationService implements IServerConfigurationService{
public function getUserIdentityEndpointURL($identifier){
$url = action("DiscoveryController@user",array("identifier"=>$identifier));
return $url;
}
public function getOPEndpointURL()
{
$url = action("OpenIdProviderController@op_endpoint");
@ -27,4 +33,8 @@ class ServerConfigurationService implements IServerConfigurationService{
{
return 360;
}
public function getMaxFailedLoginAttempts(){
return 3;
}
}

11
app/services/ServicesProvider.php
View File

@ -9,6 +9,7 @@
namespace services;
use Illuminate\Support\ServiceProvider;
use openid\services\Registry;
class ServicesProvider extends ServiceProvider {
@ -20,5 +21,15 @@ class ServicesProvider extends ServiceProvider {
$this->app->singleton('openid\\services\\IAssociationService','services\\AssociationService');
$this->app->singleton('openid\\services\\ITrustedSitesService','services\\TrustedSitesService');
$this->app->singleton('openid\\services\\IServerConfigurationService','services\\ServerConfigurationService');
$this->app->singleton('openid\\services\\IUserService','services\\UserService');
Registry::getInstance()->set("openid\\services\\IMementoOpenIdRequestService",\App::make("openid\\services\\IMementoOpenIdRequestService"));
Registry::getInstance()->set("openid\\handlers\\IOpenIdAuthenticationStrategy",\App::make("openid\\handlers\\IOpenIdAuthenticationStrategy"));
Registry::getInstance()->set("openid\\services\\IServerExtensionsService",\App::make("openid\\services\\IMementoOpenIdRequestService"));
Registry::getInstance()->set("openid\\services\\IAssociationService",\App::make("openid\\services\\IAssociationService"));
Registry::getInstance()->set("openid\\services\\ITrustedSitesService",\App::make("openid\\services\\ITrustedSitesService"));
Registry::getInstance()->set("openid\\services\\IServerConfigurationService",\App::make("openid\\services\\IServerConfigurationService"));
Registry::getInstance()->set("openid\\services\\IUserService",\App::make("openid\\services\\IUserService"));
}
}

17
app/services/TrustedSitesService.php
View File

@ -11,17 +11,25 @@ namespace services;
use openid\model\IOpenIdUser;
use openid\model\ITrustedSite;
use openid\services\ITrustedSitesService;
use \OpenIdTrustedSite;
class TrustedSitesService implements ITrustedSitesService {
public function addTrustedSite(IOpenIdUser $user, $realm, $policy, $data = array())
{
// TODO: Implement addTrustedSite() method.
$old_site = OpenIdTrustedSite::where("realm","=",$realm)->first();
$site = new OpenIdTrustedSite;
$site->realm = $realm;
$site->policy = $policy;
$site->user_id =$user->getId();
$site->data = json_encode($data);
$site->Save();
}
public function delTrustedSite($realm)
{
// TODO: Implement delTrustedSite() method.
$site = OpenIdTrustedSite::where("realm","=",$realm)->first();
if(!is_null($site)) $site->delete();
}
/**
@ -29,8 +37,9 @@ class TrustedSitesService implements ITrustedSitesService {
* @param $return_to
* @return ITrustedSite
*/
public function getTrustedSite(IOpenIdUser $user, $return_to)
public function getTrustedSite(IOpenIdUser $user, $realm)
{
// TODO: Implement getTrustedSite() method.
$site = OpenIdTrustedSite::where("realm","=",$realm)->where("user_id","=",$user->getId())->first();
return $site;
}
}

110
app/services/UserService.php Normal file
View File

@ -0,0 +1,110 @@
<?php
/**
* Created by JetBrains PhpStorm.
* User: smarcet
* Date: 10/22/13
* Time: 5:04 PM
* To change this template use File | Settings | File Templates.
*/
namespace services;
use openid\services\IUserService;
use auth\OpenIdUser;
class UserService implements IUserService{
public function associateUser($id, $proposed_username)
{
$user = OpenIdUser::where('id', '=', $id)->first();
if(!empty($user->identifier)) return $user->identifier;
if(!is_null($user)){
\DB::transaction(function() use ($id,$proposed_username)
{
$done = false;
$fragment_nbr = 1;
do{
$old_user = \DB::table('openid_users')->where('identifier', '=', $proposed_username)->first();
if(is_null($old_user)){
\DB::table('openid_users')->where('id', '=', $id)->update(array('identifier' => $proposed_username));
$done = true;
}
else{
$proposed_username = $proposed_username."#".$fragment_nbr;
$fragment_nbr++;
}
}while(!$done);
return $proposed_username;
});
}
return false;
}
public function updateLastLoginDate($identifier)
{
$user = OpenIdUser::where('id', '=', $identifier)->first();
if(!is_null($user)){
\DB::transaction(function() use ($identifier)
{
\DB::table('openid_users')->where('id', '=', $identifier)->update(array('last_login_date' => gmdate("Y-m-d H:i:s", time())));
});
}
}
public function updateFailedLoginAttempts($identifier)
{
$user = OpenIdUser::where('id', '=', $identifier)->first();
if(!is_null($user)){
$attempts = $user->login_failed_attempt;
++$attempts;
\DB::transaction(function() use ($identifier,$attempts)
{
\DB::table('openid_users')->where('id', '=', $identifier)->update(array('login_failed_attempt' => $attempts));
});
}
}
public function lockUser($identifier)
{
$user = OpenIdUser::where('id', '=', $identifier)->first();
if(!is_null($user)){
\DB::transaction(function() use ($identifier)
{
\DB::table('openid_users')->where('id', '=', $identifier)->update(array('lock' => 1));
});
}
}
public function unlockUser($identifier)
{
$user = OpenIdUser::where('id', '=', $identifier)->first();
if(!is_null($user)){
\DB::transaction(function() use ($identifier)
{
\DB::table('openid_users')->where('id', '=', $identifier)->update(array('lock' => 0));
});
}
}
public function activateUser($identifier)
{
$user = OpenIdUser::where('id', '=', $identifier)->first();
if(!is_null($user)){
\DB::transaction(function() use ($identifier)
{
\DB::table('openid_users')->where('id', '=', $identifier)->update(array('active' => 1));
});
}
}
public function deActivateUser($identifier)
{
$user = OpenIdUser::where('id', '=', $identifier)->first();
if(!is_null($user)){
\DB::transaction(function() use ($identifier)
{
\DB::table('openid_users')->where('id', '=', $identifier)->update(array('active' => 0));
});
}
}
}

12
app/views/404.blade.php Normal file
View File

@ -0,0 +1,12 @@
@extends('layout')
@section('content')
<h1>OpenstackId Idp - 404</h1>
<div class="container">
<p>
404. That's an error.
</p>
<p>
The page you requested is invalid. That's all we know.
</p>
</div>
@stop

7
app/views/identity.blade.php Normal file
View File

@ -0,0 +1,7 @@
@extends('layout')
@section('content')
<h1>OpenstackId Idp</h1>
<div class="container">
<p>Welcome to OpenstackId Idp!!!</p>
</div>
@stop