openinfra/openstackid
Code Issues Proposed changes

Implements: blueprint openid-oauth2-admin.backend-resource-server-administration

Browse Source 
[smarcet] - #5315 - Resource Server Administration

Change-Id: Ia5a560e0bfe39af673dcc60673839d561ebc1a8d
This commit is contained in:
smarcet 2014-01-10 13:28:36 -03:00
parent 0425678643
commit 224fd1f886
14 changed files with 864 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

197
app/controllers/apis/ApiResourceServerController.php Normal file
View File

@ -0,0 +1,197 @@
<?php
use oauth2\services\IResourceServerService;
use utils\services\ILogService;
/**
* Class ApiResourceServerController
*/
class ApiResourceServerController extends BaseController
{
/**
* @var IResourceServerService $resource_service
*/
private $resource_server_service;
private $log_service;
public function __construct(IResourceServerService $resource_server_service, ILogService $log_service)
{
$this->resource_server_service = $resource_server_service;
$this->log_service = $log_service;
}
public function get($id)
{
try {
$resource_server = $this->resource_server_service->get($id);
if (is_null($resource_server)) {
return Response::json(array(
'error' => 'resource server not found'
), 404);
} else {
$data = $resource_server->toArray();
$client = $resource_server->getClient();
if(!is_null($client)){
$data['client_id'] = $client->getClientId();
$data['client_secret'] = $client->getClientSecret();
}
return Response::json(
$data,
200);
}
} catch (Exception $ex) {
$this->log_service->error($ex);
return Response::json(
array(
'error' => 'server error'
), 500);
}
}
public function getByPage($page_nbr, $page_size)
{
try {
$list = $this->resource_server_service->getAll($page_size, $page_nbr);
$items = array();
foreach ($list->getItems() as $rs) {
array_push($items, $rs->toArray());
}
return Response::json(
array(
'page' => $items,
'total_items' => $list->getTotal()
), 200);
} catch (Exception $ex) {
$this->log_service->error($ex);
return Response::json(
array(
'error' => 'server error'
), 500);
}
}
public function create()
{
try {
$new_resource_server = Input::all();
$rules = array(
'host' => 'required|max:255',
'ip' => 'required|max:16',
'friendly_name' => 'required|max:512',
'active' => 'required',
);
// Creates a Validator instance and validates the data.
$validation = Validator::make($new_resource_server, $rules);
if ($validation->fails()) {
$messages = $validation->messages()->toArray();
return Response::json(
array(
'error' => $messages), 400);
}
$new_resource_server_model = $this->resource_server_service->addResourceServer($new_resource_server['host'],
$new_resource_server['ip'],
$new_resource_server['friendly_name'],
$new_resource_server['active']);
return Response::json(
array(
'resource_server_id' => $new_resource_server_model->id
)
, 200);
} catch (Exception $ex) {
$this->log_service->error($ex);
return Response::json(
array(
'error' => 'server error'
), 500);
}
}
public function delete($id)
{
try {
$res = $this->resource_server_service->delete($id);
return Response::json('ok',$res?200:404);
} catch (Exception $ex) {
$this->log_service->error($ex);
return Response::json(
array(
'error' => 'server error'
), 500);
}
}
public function regenerateClientSecret($id)
{
try {
$res = $this->resource_server_service->regenerateResourceServerClientSecret($id);
return Response::json(array('new_secret'=>$res),$res?200:404);
} catch (Exception $ex) {
$this->log_service->error($ex);
return Response::json(
array(
'error' => 'server error'
), 500);
}
}
public function update()
{
try {
$values = Input::all();
$rules = array(
'id' => 'required',
'host' => 'required|max:255',
'ip' => 'required|max:16',
'friendly_name' => 'required|max:512',
);
// Creates a Validator instance and validates the data.
$validation = Validator::make($values, $rules);
if ($validation->fails()) {
$messages = $validation->messages()->toArray();
return Response::json(
array(
'error' => $messages), 400);
}
$rs = $this->resource_server_service->get($values['id']);
$rs->setFriendlyName($values['friendly_name']);
$rs->setHost($values['host']);
$rs->setIp($values['ip']);
$this->resource_server_service->save($rs);
return Response::json('ok',200);
} catch (Exception $ex) {
$this->log_service->error($ex);
return Response::json(
array(
'error' => 'server error'
), 500);
}
}
public function updateStatus($id, $active){
try {
$active = is_string($active)?( strtoupper(trim($active))==='TRUE'?true:false ):$active;
$this->resource_server_service->setStatus($id,$active);
return Response::json('ok',200);
} catch (Exception $ex) {
$this->log_service->error($ex);
return Response::json(
array(
'error' => 'server error'
), 500);
}
}
}

0
app/filters/.gitkeep Normal file
View File

43
app/libs/oauth2/models/IResourceServer.php Normal file
View File

@ -0,0 +1,43 @@
<?php
namespace oauth2\models;
interface IResourceServer {
/**
* get resource server host
* @return string
*/
public function getHost();
public function setHost($host);
/**
* tells if resource server is active or not
* @return bool
*/
public function isActive();
public function setActive($active);
/**
* get resource server ip address
* @return string
*/
public function getIp();
public function setIp($ip);
/**
* get resource server friendly name
* @return mixed
*/
public function getFriendlyName();
public function setFriendlyName($friendly_name);
/**
* @return IClient
*/
public function getClient();
}

10
app/libs/oauth2/services/IClientService.php
View File

@ -29,6 +29,16 @@ interface IClientService {
public function getCurrentClientAuthInfo(); public function getCurrentClientAuthInfo();
public function getClientByIdentifier($id); public function getClientByIdentifier($id);
/**
* Creates a new client
* @param $client_type
* @param $user_id
* @param $app_name
* @param $app_description
* @param string $app_logo
* @return IClient
*/
public function addClient($client_type, $user_id, $app_name, $app_description, $app_logo=''); public function addClient($client_type, $user_id, $app_name, $app_description, $app_logo='');
public function addClientScope($id,$scope_id); public function addClientScope($id,$scope_id);
public function deleteClientScope($id,$scope_id); public function deleteClientScope($id,$scope_id);

63
app/libs/oauth2/services/IResourceServerService.php Normal file
View File

@ -0,0 +1,63 @@
<?php
namespace oauth2\services;
use oauth2\models\IResourceServer;
/**
* Interface IResourceServerService
* @package oauth2\services
*/
interface IResourceServerService {
/**
* @param int $page_size
* @param int $page_nbr
* @return mixed
*/
public function getAll($page_size=10,$page_nbr=1);
/**
* @param IResourceServer $resource_server
* @return void
*/
public function save(IResourceServer $resource_server);
/**
* sets resource server status (active/deactivated)
* @param $resource_server_id id of resource server
* @param bool $status status (active/non active)
* @return void
*/
public function setStatus($resource_server_id,$status);
/**
* deletes a resource server
* @param $resource_server_id id of resource server
* @return bool
*/
public function delete($resource_server_id);
/**
* get a resource server by id
* @param $resource_server_id id of resource server
* @return IResourceServer
*/
public function get($resource_server_id);
/** Creates a new resource server instance
* @param $host
* @param $ip
* @param $friendly_name
* @param bool $active
* @return IResourceServer
*/
public function addResourceServer($host,$ip,$friendly_name, $active);
/**
* @param $resource_server_id
* @return string
*/
public function regenerateResourceServerClientSecret($resource_server_id);
}

9
app/libs/oauth2/services/OAuth2ServiceCatalog.php
View File

@ -4,8 +4,9 @@ namespace oauth2\services;
class OAuth2ServiceCatalog { class OAuth2ServiceCatalog {
const MementoService = 'oauth2\\services\\IMementoOAuth2AuthenticationRequestService'; const MementoService = 'oauth2\\services\\IMementoOAuth2AuthenticationRequestService';
const TokenService = 'oauth2\\services\\ITokenService'; const TokenService = 'oauth2\\services\\ITokenService';
const ClientService = 'oauth2\\services\\IClientService'; const ClientService = 'oauth2\\services\\IClientService';
const ScopeService = 'oauth2\\services\\IApiScopeService'; const ScopeService = 'oauth2\\services\\IApiScopeService';
const ResourceServerService = 'oauth2\\services\\IResourceServerService';
} }

68
app/models/oauth2/ResourceServer.php
View File

@ -1,6 +1,9 @@
<?php <?php
class ResourceServer extends Eloquent { use oauth2\models\IResourceServer;
use oauth2\models\IClient;
class ResourceServer extends Eloquent implements IResourceServer {
protected $table = 'oauth2_resource_server'; protected $table = 'oauth2_resource_server';
@ -13,4 +16,67 @@ class ResourceServer extends Eloquent {
return $this->hasOne('Client'); return $this->hasOne('Client');
} }
/**
* get resource server host
* @return string
*/
public function getHost()
{
return $this->host;
}
/**
* tells if resource server is active or not
* @return bool
*/
public function isActive()
{
return $this->active;
}
/**
* get resource server ip address
* @return string
*/
public function getIp()
{
return $this->ip;
}
/**
* get resource server friendly name
* @return mixed
*/
public function getFriendlyName()
{
return $this->friendly_name;
}
/**
* @return \oauth2\models\IClient
*/
public function getClient()
{
return $this->client()->first();
}
public function setHost($host)
{
$this->host = $host;
}
public function setActive($active)
{
$this->active = $active;
}
public function setIp($ip)
{
$this->ip = $ip;
}
public function setFriendlyName($friendly_name)
{
$this->friendly_name = $friendly_name;
}
} }

17
app/routes.php
View File

@ -41,6 +41,23 @@ Route::group(array("before" => "ssl"), function () {
Route::post('/oauth2/token/introspection',"OAuth2ProviderController@introspection"); Route::post('/oauth2/token/introspection',"OAuth2ProviderController@introspection");
}); });
// Route group for API
Route::group(array('prefix' => 'api/v1', 'before' => 'ssl'), function()
{
//resource server api
Route::group(array('prefix' => 'resource-server'), function(){
Route::post('/',"ApiResourceServerController@create");
Route::get('/regenerate-client-secret/{id}',"ApiResourceServerController@regenerateClientSecret");
Route::get('/{id}',"ApiResourceServerController@get");
Route::get('/{page_nbr}/{page_size}',"ApiResourceServerController@getByPage");
Route::delete('/{id}',"ApiResourceServerController@delete");
Route::put('/',"ApiResourceServerController@update");
Route::get('/status/{id}/{active}',"ApiResourceServerController@updateStatus");
});
});
Route::group(array("before" => array("ssl", "auth")), function () { Route::group(array("before" => array("ssl", "auth")), function () {
Route::get('/accounts/user/consent', "UserController@getConsent"); Route::get('/accounts/user/consent', "UserController@getConsent");
Route::post('/accounts/user/consent', "UserController@postConsent"); Route::post('/accounts/user/consent', "UserController@postConsent");

2
app/services/ServicesProvider.php
View File

@ -77,11 +77,13 @@ class ServicesProvider extends ServiceProvider
$this->app->singleton(OAuth2ServiceCatalog::ClientService, 'services\\oauth2\\ClientService'); $this->app->singleton(OAuth2ServiceCatalog::ClientService, 'services\\oauth2\\ClientService');
$this->app->singleton(OAuth2ServiceCatalog::TokenService, 'services\\oauth2\\TokenService'); $this->app->singleton(OAuth2ServiceCatalog::TokenService, 'services\\oauth2\\TokenService');
$this->app->singleton(OAuth2ServiceCatalog::ScopeService, 'services\\oauth2\\ApiScopeService'); $this->app->singleton(OAuth2ServiceCatalog::ScopeService, 'services\\oauth2\\ApiScopeService');
$this->app->singleton(OAuth2ServiceCatalog::ResourceServerService, 'services\\oauth2\\ResourceServerService');
Registry::getInstance()->set(OAuth2ServiceCatalog::MementoService, $this->app->make(OAuth2ServiceCatalog::MementoService)); Registry::getInstance()->set(OAuth2ServiceCatalog::MementoService, $this->app->make(OAuth2ServiceCatalog::MementoService));
Registry::getInstance()->set(OAuth2ServiceCatalog::TokenService, $this->app->make(OAuth2ServiceCatalog::TokenService)); Registry::getInstance()->set(OAuth2ServiceCatalog::TokenService, $this->app->make(OAuth2ServiceCatalog::TokenService));
Registry::getInstance()->set(OAuth2ServiceCatalog::ScopeService, $this->app->make(OAuth2ServiceCatalog::ScopeService)); Registry::getInstance()->set(OAuth2ServiceCatalog::ScopeService, $this->app->make(OAuth2ServiceCatalog::ScopeService));
Registry::getInstance()->set(OAuth2ServiceCatalog::ClientService, $this->app->make(OAuth2ServiceCatalog::ClientService)); Registry::getInstance()->set(OAuth2ServiceCatalog::ClientService, $this->app->make(OAuth2ServiceCatalog::ClientService));
Registry::getInstance()->set(OAuth2ServiceCatalog::ResourceServerService, $this->app->make(OAuth2ServiceCatalog::ResourceServerService));
} }
public function register() public function register()

163
app/services/oauth2/ClientService.php
View File

@ -4,18 +4,19 @@ namespace services\oauth2;
use Client; use Client;
use ClientAuthorizedUri; use ClientAuthorizedUri;
use DB;
use Input; use Input;
use oauth2\models\IClient;
use oauth2\OAuth2Protocol;
use oauth2\services\IClientService;
use oauth2\exceptions\AllowedClientUriAlreadyExistsException; use oauth2\exceptions\AllowedClientUriAlreadyExistsException;
use oauth2\exceptions\InvalidClientException; use oauth2\exceptions\InvalidClientException;
use oauth2\models\IClient;
use oauth2\OAuth2Protocol;
use oauth2\services\IClientService;
use oauth2\services\OAuth2ServiceCatalog;
use Request; use Request;
use utils\services\IAuthService; use utils\services\IAuthService;
use utils\services\Registry; use utils\services\Registry;
use Zend\Math\Rand; use Zend\Math\Rand;
use oauth2\services\OAuth2ServiceCatalog;
/** /**
* Class ClientService * Class ClientService
@ -25,22 +26,11 @@ class ClientService implements IClientService
{ {
const PrintableNonWhitespaceCharactersUrl = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-_'; const PrintableNonWhitespaceCharactersUrl = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-_';
private $auth_service; private $auth_service;
public function __construct(IAuthService $auth_service) public function __construct(IAuthService $auth_service)
{ {
$this->auth_service = $auth_service; $this->auth_service = $auth_service;
}
/**
* @param $client_id
* @return IClient
*/
public function getClientById($client_id)
{
$client = Client::where('client_id', '=', $client_id)->first();
return $client;
} }
/** /**
@ -60,52 +50,63 @@ class ClientService implements IClientService
$auth_header = Request::header('Authorization'); $auth_header = Request::header('Authorization');
if (!is_null($auth_header) && !empty($auth_header)) { if (!is_null($auth_header) && !empty($auth_header)) {
$auth_header = trim($auth_header); $auth_header = trim($auth_header);
$auth_header = explode(' ', $auth_header); $auth_header = explode(' ', $auth_header);
if(!is_array($auth_header) || count($auth_header)<2) if (!is_array($auth_header) || count($auth_header) < 2)
throw new InvalidClientException; throw new InvalidClientException;
$auth_header_content = $auth_header[1]; $auth_header_content = $auth_header[1];
$auth_header_content = base64_decode($auth_header_content); $auth_header_content = base64_decode($auth_header_content);
$auth_header_content = explode(':', $auth_header_content); $auth_header_content = explode(':', $auth_header_content);
if(!is_array($auth_header_content) || count($auth_header_content)!==2) if (!is_array($auth_header_content) || count($auth_header_content) !== 2)
throw new InvalidClientException; throw new InvalidClientException;
//client_id:client_secret //client_id:client_secret
return array($auth_header_content[0], $auth_header_content[1]); return array($auth_header_content[0], $auth_header_content[1]);
} }
//if not get from http input //if not get from http input
$client_id = Input::get(OAuth2Protocol::OAuth2Protocol_ClientId, ''); $client_id = Input::get(OAuth2Protocol::OAuth2Protocol_ClientId, '');
$client_secret = Input::get(OAuth2Protocol::OAuth2Protocol_ClientSecret, ''); $client_secret = Input::get(OAuth2Protocol::OAuth2Protocol_ClientSecret, '');
return array($client_id, $client_secret); return array($client_id, $client_secret);
} }
public function getClientByIdentifier($id)
{
$client = Client::where('id', '=', $id)->first();
return $client;
}
public function addClient($client_type, $user_id, $app_name, $app_description, $app_logo = '') public function addClient($client_type, $user_id, $app_name, $app_description, $app_logo = '')
{ {
$instance = null;
$client = new Client; DB::transaction(function () use ($client_type, $user_id, $app_name, $app_description, $app_logo, &$instance) {
$client->app_name = $app_name; $instance = new Client;
$client->app_logo = $app_logo; $instance->app_name = $app_name;
$client->client_id = Rand::getString(32, self::PrintableNonWhitespaceCharactersUrl,true) . '.openstack.client'; $instance->app_logo = $app_logo;
//only generates secret for confidential clients $instance->client_id = Rand::getString(32, self::PrintableNonWhitespaceCharactersUrl, true) . '.openstack.client';
if($client_type==IClient::ClientType_Confidential) //only generates secret for confidential clients
$client->client_secret = Rand::getString(16, self::PrintableNonWhitespaceCharactersUrl,true); if ($client_type == IClient::ClientType_Confidential)
$client->client_type = $client_type; $instance->client_secret = Rand::getString(16, self::PrintableNonWhitespaceCharactersUrl, true);
$client->user_id = $user_id; $instance->client_type = $client_type;
$client->active = true; $instance->user_id = $user_id;
$client->Save(); $instance->active = true;
//default allowed url $instance->Save();
$this->addClientAllowedUri($client->getId(), 'https://localhost'); //default allowed url
$this->addClientAllowedUri($instance->getId(), 'https://localhost');
});
return $instance;
} }
public function addClientAllowedUri($id, $uri)
{
$client = Client::find($id);
if (!is_null($client)) {
$client_uri = ClientAuthorizedUri::where('uri', '=', $uri)->where('client_id', '=', $id)->first();
if (!is_null($client_uri)) {
throw new AllowedClientUriAlreadyExistsException(sprintf('uri : %s', $uri));
}
$client_authorized_uri = new ClientAuthorizedUri;
$client_authorized_uri->client_id = $id;
$client_authorized_uri->uri = $uri;
$client_authorized_uri->Save();
}
}
public function addClientScope($id, $scope_id) public function addClientScope($id, $scope_id)
{ {
@ -135,22 +136,6 @@ class ClientService implements IClientService
$uri->Delete(); $uri->Delete();
} }
public function addClientAllowedUri($id, $uri)
{
$client = Client::find($id);
if (!is_null($client)) {
$client_uri = ClientAuthorizedUri::where('uri', '=', $uri)->where('client_id', '=', $id)->first();
if(!is_null($client_uri)){
throw new AllowedClientUriAlreadyExistsException(sprintf('uri : %s',$uri));
}
$client_authorized_uri = new ClientAuthorizedUri;
$client_authorized_uri->client_id = $id;
$client_authorized_uri->uri = $uri;
$client_authorized_uri->Save();
}
}
public function addClientAllowedRealm($id, $realm) public function addClientAllowedRealm($id, $realm)
{ {
// TODO: Implement addClientAllowedRealm() method. // TODO: Implement addClientAllowedRealm() method.
@ -180,17 +165,19 @@ class ClientService implements IClientService
*/ */
public function regenerateClientSecret($id) public function regenerateClientSecret($id)
{ {
$new_secret = '';
$client = Client::find($id); DB::transaction(function () use ($id, &$new_secret) {
if (!is_null($client)) { $client = Client::find($id);
$client_secret = Rand::getString(16, self::PrintableNonWhitespaceCharactersUrl,true); if (!is_null($client)) {
$client->client_secret = $client_secret; $client_secret = Rand::getString(16, self::PrintableNonWhitespaceCharactersUrl, true);
$client->Save(); $client->client_secret = $client_secret;
$token_service = Registry::getInstance()->get(OAuth2ServiceCatalog::TokenService); $client->Save();
$token_service->revokeClientRelatedTokens($client->client_id); $token_service = Registry::getInstance()->get(OAuth2ServiceCatalog::TokenService);
return $client->client_secret; $token_service->revokeClientRelatedTokens($client->client_id);
} $new_secret = $client->client_secret;
return ''; }
});
return $new_secret;
} }
/** /**
@ -201,37 +188,57 @@ class ClientService implements IClientService
public function lockClient($client_id) public function lockClient($client_id)
{ {
$client = $this->getClientById($client_id); $client = $this->getClientById($client_id);
if(!is_null($client)){ if (!is_null($client)) {
$client->locked = true; $client->locked = true;
$client->Save(); $client->Save();
} }
} }
public function activateClient($id,$active){ /**
* @param $client_id
* @return IClient
*/
public function getClientById($client_id)
{
$client = Client::where('client_id', '=', $client_id)->first();
return $client;
}
public function activateClient($id, $active)
{
$client = $this->getClientByIdentifier($id); $client = $this->getClientByIdentifier($id);
if(!is_null($client)){ if (!is_null($client)) {
$client->active = $active; $client->active = $active;
$client->Save(); $client->Save();
} }
} }
public function setRefreshTokenUsage($id, $use_refresh_token){ public function getClientByIdentifier($id)
{
$client = Client::where('id', '=', $id)->first();
return $client;
}
public function setRefreshTokenUsage($id, $use_refresh_token)
{
$client = $this->getClientByIdentifier($id); $client = $this->getClientByIdentifier($id);
if(!is_null($client)){ if (!is_null($client)) {
$client->use_refresh_token = $use_refresh_token; $client->use_refresh_token = $use_refresh_token;
$client->Save(); $client->Save();
} }
} }
public function setRotateRefreshTokenPolicy($id, $rotate_refresh_token){ public function setRotateRefreshTokenPolicy($id, $rotate_refresh_token)
{
$client = $this->getClientByIdentifier($id); $client = $this->getClientByIdentifier($id);
if(!is_null($client)){ if (!is_null($client)) {
$client->rotate_refresh_token = $rotate_refresh_token; $client->rotate_refresh_token = $rotate_refresh_token;
$client->Save(); $client->Save();
} }
} }
public function existClientAppName($app_name){ public function existClientAppName($app_name)
return Client::where('app_name','=',$app_name)->count() > 0; {
return Client::where('app_name', '=', $app_name)->count() > 0;
} }
} }

135
app/services/oauth2/ResourceServerService.php Normal file
View File

@ -0,0 +1,135 @@
<?php
namespace services\oauth2;
use oauth2\models\IResourceServer;
use oauth2\models\IClient;
use oauth2\services\id;
use oauth2\services\IResourceServerService;
use oauth2\services\IClientService;
use ResourceServer;
use DB;
class ResourceServerService implements IResourceServerService {
private $client_service;
public function __construct(IClientService $client_service){
$this->client_service = $client_service;
}
/**
* @param int $page_size
* @param int $page_nbr
* @return mixed
*/
public function getAll($page_size = 10, $page_nbr = 1)
{
DB::getPaginator()->setCurrentPage($page_nbr);
return ResourceServer::paginate($page_size);
}
/**
* @param IResourceServer $resource_server
* @return void
*/
public function save(IResourceServer $resource_server)
{
$resource_server->Save();
}
/**
* sets resource server status (active/deactivated)
* @param $resource_server_id id of resource server
* @param bool $status status (active/non active)
* @return void
*/
public function setStatus($resource_server_id, $status)
{
ResourceServer::find($resource_server_id)->update(array('active'=>$status));
}
/**
* deletes a resource server
* @param $resource_server_id id of resource server
* @return bool
*/
public function delete($resource_server_id)
{
$res = false;
DB::transaction(function () use ($resource_server_id,&$res) {
$resource_server = ResourceServer::find($resource_server_id);
if(!is_null($resource_server)){
$client = $resource_server->client()->first();
if(!is_null($client)){
$this->client_service->deleteClientByIdentifier($client->id);
}
$resource_server->delete();
$res = true;
}
});
return $res;
}
/**
* get a resource server by id
* @param $resource_server_id id of resource server
* @return IResourceServer
*/
public function get($resource_server_id)
{
return ResourceServer::find($resource_server_id);
}
/** Creates a new resource server instance
* @param $host
* @param $ip
* @param $friendly_name
* @param bool $active
* @return IResourceServer
*/
public function addResourceServer($host, $ip, $friendly_name, $active)
{
$instance = null;
if(is_string($active)){
$active = $active==='true'?true:false;
}
DB::transaction(function () use ($host, $ip, $friendly_name, $active, &$instance) {
$instance = new ResourceServer(
array(
'host' => $host,
'ip' => $ip,
'active' => $active,
'friendly_name' => $friendly_name
)
);
$instance->Save();
// creates a new client for this brand new resource server
$new_client = $this->client_service->addClient(IClient::ClientType_Confidential,null,$host.'.confidential.application',$friendly_name.' confidential oauth2 application');
$new_client->resource_server()->associate($instance);
$new_client->Save();
});
return $instance;
}
/**
* @param $resource_server_id
* @return bool
*/
public function regenerateResourceServerClientSecret($resource_server_id){
$res = '';
DB::transaction(function () use ($resource_server_id,&$res) {
$resource_server = ResourceServer::find($resource_server_id);
if(!is_null($resource_server)){
$client = $resource_server->client()->first();
if(!is_null($client)){
$res = $this->client_service->regenerateClientSecret($client->id);
}
}
});
return $res;
}
}

7
app/services/oauth2/TokenService.php
View File

@ -552,8 +552,11 @@ class TokenService implements ITokenService
DB::transaction(function () use ($client_id, $auth_codes, $access_tokens) { DB::transaction(function () use ($client_id, $auth_codes, $access_tokens) {
$this->redis->del($auth_codes); if(count($auth_codes)>0)
$this->redis->del($access_tokens); $this->redis->del($auth_codes);
if(count($access_tokens)>0)
$this->redis->del($access_tokens);
DBAccessToken::where('client_id','=',$client_id)->delete(); DBAccessToken::where('client_id','=',$client_id)->delete();
DBRefreshToken::where('client_id','=',$client_id)->delete(); DBRefreshToken::where('client_id','=',$client_id)->delete();

234
app/tests/ResourceServerApiTest.php Normal file
View File

@ -0,0 +1,234 @@
<?php
class ResourceServerApiTest extends TestCase {
public function testGetById(){
$resource_server = ResourceServer::where('host','=','https://www.resource.test1.com')->first();
$response = $this->action("GET", "ApiResourceServerController@get",
$parameters = array('id' => $resource_server->id),
$files = array(),
$server = array(),
$content = array());
$content = $response->getContent();
$response_resource_server = json_decode($content);
$this->assertResponseStatus(200);
$this->assertTrue($response_resource_server->id === $resource_server->id);
}
public function testGetByPage(){
$response = $this->action("GET", "ApiResourceServerController@getByPage",
$parameters = array('page_nbr' => 1,'page_size'=>10),
$files = array(),
$server = array(),
$content = array());
$content = $response->getContent();
$list = json_decode($content);
$this->assertResponseStatus(200);
}
public function testCreate(){
$data = array(
'host' => 'www.resource.server.2.test.com',
'ip' => '127.0.0.1',
'friendly_name' => 'Resource Server 2',
'active' => 'true',
);
$response = $this->action("POST", "ApiResourceServerController@create",
$wildcards = array(),
$parameters = $data,
$files = array(),
$server = array(),
$content = null);
$content = $response->getContent();
$json_response = json_decode($content);
$this->assertResponseStatus(200);
}
public function testRegenerateClientSecret(){
$data = array(
'host' => 'www.resource.server.3.test.com',
'ip' => '127.0.0.1',
'friendly_name' => 'Resource Server 3',
'active' => true,
);
$response = $this->action("POST", "ApiResourceServerController@create",
$wildcards = array(),
$parameters = $data,
$files = array(),
$server = array(),
$content = null);
$content = $response->getContent();
$json_response = json_decode($content);
$new_id = $json_response->resource_server_id;
$response = $this->action("GET", "ApiResourceServerController@get",$parameters = array('id' => $new_id));
$content = $response->getContent();
$json_response = json_decode($content);
$client_secret = $json_response->client_secret;
$response = $this->action("GET", "ApiResourceServerController@regenerateClientSecret",$parameters = array('id'=>$new_id));
$content = $response->getContent();
$json_response = json_decode($content);
$new_secret = $json_response->new_secret;
$this->assertTrue(!empty($new_secret));
$this->assertTrue($new_secret!==$client_secret);
$this->assertResponseStatus(200);
}
public function testDelete(){
$data = array(
'host' => 'www.resource.server.4.test.com',
'ip' => '127.0.0.1',
'friendly_name' => 'Resource Server 4',
'active' => true,
);
$response = $this->action("POST", "ApiResourceServerController@create",
$wildcards = array(),
$parameters = $data,
$files = array(),
$server = array(),
$content = null);
$content = $response->getContent();
$json_response = json_decode($content);
$new_id = $json_response->resource_server_id;
$response = $this->action("DELETE", "ApiResourceServerController@delete",$parameters = array('id' => $new_id));
$content = $response->getContent();
$json_response = json_decode($content);
$this->assertTrue($json_response==='ok');
$this->assertResponseStatus(200);
$response = $this->action("GET", "ApiResourceServerController@get",$parameters = array('id' => $new_id));
$content = $response->getContent();
$json_response = json_decode($content);
$this->assertResponseStatus(404);
$this->assertTrue($json_response->error==='resource server not found');
}
public function testUpdate(){
$data = array(
'host' => 'www.resource.server.5.test.com',
'ip' => '127.0.0.1',
'friendly_name' => 'Resource Server 5',
'active' => true,
);
$response = $this->action("POST", "ApiResourceServerController@create",$parameters = $data);
$content = $response->getContent();
$json_response = json_decode($content);
$new_id = $json_response->resource_server_id;
$data_update = array(
'id' => $new_id,
'host' => 'www.resource.server.5.test.com',
'ip' => '127.0.0.2',
'friendly_name' => 'Resource Server 6',
);
$response = $this->action("PUT", "ApiResourceServerController@update",$parameters = $data_update);
$content = $response->getContent();
$json_response = json_decode($content);
$this->assertResponseStatus(200);
$response = $this->action("GET", "ApiResourceServerController@get",$parameters = array('id' => $new_id));
$content = $response->getContent();
$updated_values = json_decode($content);
$this->assertTrue($updated_values->ip === '127.0.0.2');
$this->assertTrue($updated_values->friendly_name === 'Resource Server 6');
$this->assertResponseStatus(200);
}
public function testUpdateStatus(){
$data = array(
'host' => 'www.resource.server.7.test.com',
'ip' => '127.0.0.1',
'friendly_name' => 'Resource Server 7',
'active' => true,
);
$response = $this->action("POST", "ApiResourceServerController@create",$parameters = $data);
$content = $response->getContent();
$json_response = json_decode($content);
$new_id = $json_response->resource_server_id;
$response = $this->action("GET", "ApiResourceServerController@updateStatus",array(
'id' => $new_id,
'active' => 'false'));
$content = $response->getContent();
$json_response = json_decode($content);
$this->assertTrue($json_response==='ok');
$this->assertResponseStatus(200);
$response = $this->action("GET", "ApiResourceServerController@get",$parameters = array('id' => $new_id));
$content = $response->getContent();
$updated_values = json_decode($content);
$this->assertTrue($updated_values->active === 0);
$this->assertResponseStatus(200);
}
}

1
app/tests/TestCase.php
View File

@ -19,6 +19,7 @@ class TestCase extends Illuminate\Foundation\Testing\TestCase {
Artisan::call('migrate'); Artisan::call('migrate');
Mail::pretend(true); Mail::pretend(true);
$this->seed('TestSeeder'); $this->seed('TestSeeder');
Route::enableFilters();
} }
/** /**