openinfra/openstackid
Code Issues Proposed changes

[smarcet] - #5020, #5030

Browse Source 
Basic Client Flow (with authorization code)

Token Store Cache (Redis Implementation)
This commit is contained in:
smarcet 2013-12-04 18:11:44 -03:00
parent 10180fdca3
commit 504a6f6276
50 changed files with 865 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/DiscoveryController.php
View File

@ -1,9 +1,9 @@
<?php
use openid\IOpenIdProtocol;
use openid\services\IAuthService;
use openid\services\IServerConfigurationService;
use openid\XRDS\XRDSDocumentBuilder;
use utils\services\IAuthService;
class DiscoveryController extends BaseController
{

33
app/controllers/UserController.php
View File

@ -1,6 +1,6 @@
<?php
use openid\services\IAuthService;
use openid\requests\OpenIdAuthenticationRequest;
use openid\services\IMementoOpenIdRequestService;
use openid\services\IServerConfigurationService;
use openid\services\ITrustedSitesService;
@ -11,12 +11,16 @@ use services\IUserActionService;
use strategies\DefaultLoginStrategy;
use strategies\OpenIdConsentStrategy;
use strategies\OpenIdLoginStrategy;
use openid\requests\OpenIdAuthenticationRequest;
use utils\services\IAuthService;
use oauth2\services\IMementoOAuth2AuthenticationRequestService;
use strategies\OAuth2LoginStrategy;
use strategies\OAuth2ConsentStrategy;
class UserController extends BaseController
{
private $memento_service;
private $openid_memento_service;
private $oauth2_memento_service;
private $auth_service;
private $server_configuration_service;
private $discovery;
@ -25,7 +29,8 @@ class UserController extends BaseController
private $login_strategy;
private $consent_strategy;
public function __construct(IMementoOpenIdRequestService $memento_service,
public function __construct(IMementoOpenIdRequestService $openid_memento_service,
IMementoOAuth2AuthenticationRequestService $oauth2_memento_service,
IAuthService $auth_service,
IServerConfigurationService $server_configuration_service,
ITrustedSitesService $trusted_sites_service,
@ -33,7 +38,8 @@ class UserController extends BaseController
IUserService $user_service,
IUserActionService $user_action_service)
{
$this->memento_service = $memento_service;
$this->openid_memento_service = $openid_memento_service;
$this->oauth2_memento_service = $oauth2_memento_service;
$this->auth_service = $auth_service;
$this->server_configuration_service = $server_configuration_service;
$this->trusted_sites_service = $trusted_sites_service;
@ -43,19 +49,26 @@ class UserController extends BaseController
//filters
$this->beforeFilter('csrf', array('only' => array('postLogin', 'postConsent')));
$msg = $this->memento_service->getCurrentRequest();
if (!is_null($msg) && $msg->isValid() && OpenIdAuthenticationRequest::IsOpenIdAuthenticationRequest($msg)) {
$openid_msg = $this->openid_memento_service->getCurrentRequest();
$oauth2_msg = $this->oauth2_memento_service->getCurrentRequest();
if (!is_null($openid_msg) && $openid_msg->isValid() && OpenIdAuthenticationRequest::IsOpenIdAuthenticationRequest($openid_msg)) {
//openid stuff
$this->beforeFilter('openid.save.request');
$this->beforeFilter('openid.needs.auth.request', array('only' => array('getConsent')));
$this->login_strategy = new OpenIdLoginStrategy($memento_service, $user_action_service, $auth_service);
$this->consent_strategy = new OpenIdConsentStrategy($memento_service, $auth_service, $server_configuration_service, $user_action_service);
$this->login_strategy = new OpenIdLoginStrategy($openid_memento_service, $user_action_service, $auth_service);
$this->consent_strategy = new OpenIdConsentStrategy($openid_memento_service, $auth_service, $server_configuration_service, $user_action_service);
}
else if(!is_null($oauth2_msg) && $oauth2_msg->isValid()){
$this->beforeFilter('oauth2.save.request');
$this->beforeFilter('oauth2.needs.auth.request', array('only' => array('getConsent')));
$this->login_strategy = new OAuth2LoginStrategy();
$this->consent_strategy = new OAuth2ConsentStrategy($auth_service);
} else {
//default stuff
$this->login_strategy = new DefaultLoginStrategy($user_action_service, $auth_service);
$this->consent_strategy = null;
}
//oauth2 stuff
}
public function getLogin()

45
app/database/migrations/2013_12_04_181145_create_oauth2_clients_table.php Normal file
View File

@ -0,0 +1,45 @@
<?php
use Illuminate\Database\Migrations\Migration;
class CreateOauth2ClientsTable extends Migration {
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
Schema::create('oauth2_client', function($table)
{
$table->bigIncrements('id')->unsigned();
$table->string('app_name',255)->unique();
$table->text('app_description');
$table->string('app_logo',255);
$table->string('client_id',32)->unique();
$table->string('client_secret',64)->unique();
$table->smallInteger('client_type');
$table->boolean('active');
$table->bigInteger("user_id")->unsigned();
$table->index('user_id');
$table->foreign('user_id')->references('id')->on('openid_users');
$table->timestamps();
});
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
Schema::table('oauth2_client', function($table)
{
$table->dropForeign('user_id');
});
Schema::dropIfExists('oauth2_client');
}
}

41
app/database/migrations/2013_12_04_182836_create_oauth2_clients_authorized_uris.php Normal file
View File

@ -0,0 +1,41 @@
<?php
use Illuminate\Database\Migrations\Migration;
class CreateOauth2ClientsAuthorizedUris extends Migration {
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
Schema::create('oauth2_client_authorized_uri', function($table)
{
$table->bigIncrements('id')->unsigned();
$table->string('uri',255);
$table->bigInteger("client_id")->unsigned();
$table->index('client_id');
$table->foreign('client_id')->references('id')->on('oauth2_client');
$table->timestamps();
});
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
Schema::table('oauth2_client_authorized_uri', function($table)
{
$table->dropForeign('client_id');
});
Schema::dropIfExists('oauth2_client_authorized_uri');
}
}

36
app/database/migrations/2013_12_04_182948_create_oauth2_clients_authorized_realm.php Normal file
View File

@ -0,0 +1,36 @@
<?php
use Illuminate\Database\Migrations\Migration;
class CreateOauth2ClientsAuthorizedRealm extends Migration {
public function up()
{
Schema::create('oauth2_client_authorized_realm', function($table)
{
$table->bigIncrements('id')->unsigned();
$table->string('realm',255);
$table->bigInteger("client_id")->unsigned();
$table->index('client_id');
$table->foreign('client_id')->references('id')->on('oauth2_client');
$table->timestamps();
});
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
Schema::table('oauth2_client_authorized_realm', function($table)
{
$table->dropForeign('client_id');
});
Schema::dropIfExists('oauth2_client_authorized_realm');
}
}

35
app/database/migrations/2013_12_04_183057_create_oauth2_api.php Normal file
View File

@ -0,0 +1,35 @@
<?php
use Illuminate\Database\Migrations\Migration;
class CreateOauth2Api extends Migration {
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
Schema::create('oauth2_api', function($table)
{
$table->bigIncrements('id')->unsigned();
$table->string('name',255);
$table->string('url',255);
$table->string('logo',255);
$table->boolean('active');
$table->timestamps();
});
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
Schema::dropIfExists('oauth2_api');
}
}

42
app/database/migrations/2013_12_04_183247_create_oauth2_api_scope.php Normal file
View File

@ -0,0 +1,42 @@
<?php
use Illuminate\Database\Migrations\Migration;
class CreateOauth2ApiScope extends Migration {
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
Schema::create('oauth2_api_scope', function($table)
{
$table->bigIncrements('id')->unsigned();
$table->string('name',512);
$table->text('description');
$table->boolean('active');
$table->timestamps();
$table->bigInteger("api_id")->unsigned();
$table->index('api_id');
$table->foreign('api_id')->references('id')->on('oauth2_api');
});
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
Schema::table('oauth2_api_scope', function($table)
{
$table->dropForeign('api_id');
});
Schema::dropIfExists('oauth2_api_scope');
}
}

47
app/database/migrations/2013_12_04_183522_create_oauth2_client_api_scope.php Normal file
View File

@ -0,0 +1,47 @@
<?php
use Illuminate\Database\Migrations\Migration;
class CreateOauth2ClientApiScope extends Migration {
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
Schema::create('oauth2_client_api_scope', function($table)
{
$table->timestamps();
$table->bigInteger("client_id")->unsigned();
$table->index('client_id');
$table->foreign('client_id')->references('id')->on('oauth2_client');
$table->bigInteger("scope_id")->unsigned();
$table->index('scope_id');
$table->foreign('scope_id')->references('id')->on('oauth2_api_scope');
});
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
Schema::table('oauth2_client_api_scope', function($table)
{
$table->dropForeign('client_id');
});
Schema::table('oauth2_client_api_scope', function($table)
{
$table->dropForeign('scope_id');
});
Schema::dropIfExists('oauth2_client_api_scope');
}
}

26
app/filters.php
View File

@ -3,7 +3,9 @@ use openid\exceptions\InvalidOpenIdMessageException;
use openid\requests\OpenIdAuthenticationRequest;
use openid\services\OpenIdServiceCatalog;
use utils\services\Registry;
use \utils\services\UtilsServiceCatalog;
use utils\services\UtilsServiceCatalog;
use oauth2\services\OAuth2ServiceCatalog;
use oauth2\exceptions\InvalidAuthorizationRequestException;
/*
|--------------------------------------------------------------------------
| Application & Route Filters
@ -91,11 +93,12 @@ Route::filter('csrf', function () {
Route::filter("openid.needs.auth.request", function () {
$memento_service = App::make("openid\\services\\IMementoOpenIdRequestService");
$memento_service = App::make(OpenIdServiceCatalog::MementoService);
$openid_message = $memento_service->getCurrentRequest();
if ($openid_message == null || !$openid_message->isValid())
throw new InvalidOpenIdMessageException();
$auth_request = new OpenIdAuthenticationRequest($openid_message);
if (!$auth_request->isValid())
throw new InvalidOpenIdMessageException();
@ -103,11 +106,26 @@ Route::filter("openid.needs.auth.request", function () {
Route::filter("openid.save.request", function () {
$memento_service = App::make("openid\\services\\IMementoOpenIdRequestService");
$memento_service = App::make(OpenIdServiceCatalog::MementoService);
$memento_service->saveCurrentRequest();
});
Route::filter("oauth2.save.request", function () {
$memento_service = App::make(OAuth2ServiceCatalog::MementoService);
$memento_service->saveCurrentRequest();
});
Route::filter("oauth2.needs.auth.request", function () {
$memento_service = App::make(OAuth2ServiceCatalog::MementoService);
$oauth2_message = $memento_service->getCurrentRequest();
if ($oauth2_message == null || !$oauth2_message->isValid())
throw new InvalidAuthorizationRequestException();
});
Route::filter("ssl", function () {
if (!Request::secure()) {

3
app/libs/auth/AuthService.php
View File

@ -3,9 +3,8 @@
namespace auth;
use Auth;
use openid\services\AuthorizationResponse_;
use openid\services\IAuthService;
use Session;
use utils\services\IAuthService;
class AuthService implements IAuthService
{

5
app/libs/auth/AuthenticationServiceProvider.php
View File

@ -5,14 +5,15 @@ namespace auth;
use Illuminate\Support\ServiceProvider;
use openid\services\OpenIdServiceCatalog;
use utils\services\Registry;
use utils\services\UtilsServiceCatalog;
class AuthenticationServiceProvider extends ServiceProvider
{
public function boot()
{
$this->app->singleton(OpenIdServiceCatalog::AuthenticationService, 'auth\\AuthService');
Registry::getInstance()->set(OpenIdServiceCatalog::AuthenticationService, $this->app->make(OpenIdServiceCatalog::AuthenticationService));
$this->app->singleton(UtilsServiceCatalog::AuthenticationService, 'auth\\AuthService');
Registry::getInstance()->set(UtilsServiceCatalog::AuthenticationService, $this->app->make(UtilsServiceCatalog::AuthenticationService));
}
public function register()

49
app/libs/oauth2/OAuth2Protocol.php
View File

@ -9,17 +9,37 @@ use oauth2\exceptions\InvalidOAuth2Request;
use oauth2\exceptions\InvalidClientException;
use oauth2\exceptions\UriNotAllowedException;
use oauth2\exceptions\ScopeNotAllowedException;
use oauth2\responses\OAuth2ErrorResponse;
use oauth2\exceptions\UnsupportedResponseTypeException;
use oauth2\exceptions\UnAuthorizedClientException;
use oauth2\exceptions\OAuth2GenericException;
use oauth2\exceptions\AccessDeniedException;
use Exception;
use oauth2\responses\OAuth2ErrorResponse;
use utils\services\ILogService;
use oauth2\services\IClientService;
use oauth2\services\IMementoOAuth2AuthenticationRequestService;
use oauth2\services\ITokenService;
use utils\services\IAuthService;
use oauth2\strategies\IOAuth2AuthenticationStrategy;
/**
* Class OAuth2Protocol
* @package oauth2
*/
class OAuth2Protocol implements IOAuth2Protocol{
private $log_service;
public function __construct(ILogService $log_service){
public function __construct(ILogService $log_service,
IClientService $client_service,
ITokenService $token_service,
IAuthService $auth_service,
IMementoOAuth2AuthenticationRequestService $memento_service,
IOAuth2AuthenticationStrategy $auth_strategy)
{
$this->log_service = $log_service;
$this->authorize_endpoint = new AuthorizationEndpoint;
$this->authorize_endpoint = new AuthorizationEndpoint($client_service,$token_service,$auth_service,$memento_service,$auth_strategy);
$this->token_endpoint = new TokenEndpoint;
}
@ -79,15 +99,15 @@ class OAuth2Protocol implements IOAuth2Protocol{
}
catch(InvalidOAuth2Request $ex1){
$this->log_service->error($ex1);
return new OAuth2ErrorResponse(OAuth2Protocol::OAuth2Protocol_Error_InvalidRequest);
return new OAuth2ErrorResponse(OAuth2Protocol::OAuth2Protocol_Error_InvalidRequest, $request->getRedirectUri());
}
catch(UnsupportedResponseTypeException $ex2){
$this->log_service->error($ex2);
return new OAuth2ErrorResponse(OAuth2Protocol::OAuth2Protocol_Error_UnsupportedResponseType);
return new OAuth2ErrorResponse(OAuth2Protocol::OAuth2Protocol_Error_UnsupportedResponseType, $request->getRedirectUri());
}
catch(InvalidClientException $ex3){
$this->log_service->error($ex3);
return new OAuth2ErrorResponse(OAuth2Protocol::OAuth2Protocol_Error_UnauthorizedClient);
return new OAuth2ErrorResponse(OAuth2Protocol::OAuth2Protocol_Error_UnauthorizedClient, $request->getRedirectUri());
}
catch(UriNotAllowedException $ex4){
$this->log_service->error($ex4);
@ -95,14 +115,23 @@ class OAuth2Protocol implements IOAuth2Protocol{
}
catch(ScopeNotAllowedException $ex5){
$this->log_service->error($ex5);
return new OAuth2ErrorResponse(OAuth2Protocol::OAuth2Protocol_Error_InvalidScope);
return new OAuth2ErrorResponse(OAuth2Protocol::OAuth2Protocol_Error_InvalidScope, $request->getRedirectUri());
}
catch(UnAuthorizedClientException $ex6){
$this->log_service->error($ex6);
return new OAuth2ErrorResponse(OAuth2Protocol::OAuth2Protocol_Error_UnauthorizedClient);
return new OAuth2ErrorResponse(OAuth2Protocol::OAuth2Protocol_Error_UnauthorizedClient, $request->getRedirectUri());
}
catch(\Exception $ex){
return new OAuth2ErrorResponse(OAuth2Protocol::OAuth2Protocol_Error_ServerError);
catch(AccessDeniedException $ex7){
$this->log_service->error($ex7);
return new OAuth2ErrorResponse(OAuth2Protocol::OAuth2Protocol_Error_AccessDenied, $request->getRedirectUri());
}
catch(OAuth2GenericException $ex8){
$this->log_service->error($ex8);
return new OAuth2ErrorResponse(OAuth2Protocol::OAuth2Protocol_Error_ServerError, $request->getRedirectUri());
}
catch(Exception $ex){
$this->log_service->error($ex);
return new OAuth2ErrorResponse(OAuth2Protocol::OAuth2Protocol_Error_ServerError, $request->getRedirectUri());
}
}

16
app/libs/oauth2/endpoints/AuthorizationEndpoint.php
View File

@ -5,6 +5,12 @@ use oauth2\requests\OAuth2Request;
use oauth2\OAuth2Protocol;
use oauth2\grant_types\AuthorizationCodeGrantType;
use oauth2\exceptions\InvalidOAuth2Request;
use oauth2\services\IClientService;
use oauth2\services\IMementoOAuth2AuthenticationRequestService;
use oauth2\services\ITokenService;
use utils\services\IAuthService;
use oauth2\strategies\IOAuth2AuthenticationStrategy;
/**
* Class AuthorizationEndpoint
@ -14,8 +20,12 @@ class AuthorizationEndpoint implements IOAuth2Endpoint {
private $grant_types = array ();
public function __construct(){
$this->grant_types[OAuth2Protocol::OAuth2Protocol_GrantType_AuthCode] = new AuthorizationCodeGrantType;
public function __construct(IClientService $client_service,
ITokenService $token_service,
IAuthService $auth_service,
IMementoOAuth2AuthenticationRequestService $memento_service,
IOAuth2AuthenticationStrategy $auth_strategy){
$this->grant_types[OAuth2Protocol::OAuth2Protocol_GrantType_AuthCode] = new AuthorizationCodeGrantType($client_service,$token_service,$auth_service,$memento_service,$auth_strategy);
}
/**
@ -27,6 +37,8 @@ class AuthorizationEndpoint implements IOAuth2Endpoint {
* @throws \oauth2\exceptions\ScopeNotAllowedException
* @throws \oauth2\exceptions\UnsupportedResponseTypeException
* @throws \oauth2\exceptions\UnAuthorizedClientException
* @throws \oauth2\exceptions\AccessDeniedException
* @throws \oauth2\exceptions\OAuth2GenericException
*/
public function handle(OAuth2Request $request)
{

16
app/libs/oauth2/exceptions/AccessDeniedException.php Normal file
View File

@ -0,0 +1,16 @@
<?php
namespace oauth2\exceptions;
use \Exception;
class AccessDeniedException extends Exception
{
public function __construct($message = "")
{
$message = "Access Denied : " . $message;
parent::__construct($message, 0, null);
}
}

6
app/libs/oauth2/exceptions/InvalidAuthorizationRequestException.php
View File

@ -1,10 +1,4 @@
<?php
/**
* Created by PhpStorm.
* User: smarcet
* Date: 12/3/13
* Time: 10:04 AM
*/
namespace oauth2\exceptions;

16
app/libs/oauth2/exceptions/OAuth2GenericException.php Normal file
View File

@ -0,0 +1,16 @@
<?php
namespace oauth2\exceptions;
use Exception;
class OAuth2GenericException extends Exception
{
public function __construct($message = "")
{
$message = "OAuth2 Generic Exception : " . $message;
parent::__construct($message, 0, null);
}
}

47
app/libs/oauth2/grant_types/AuthorizationCodeGrantType.php
View File

@ -5,6 +5,7 @@ namespace oauth2\grant_types;
use oauth2\requests\OAuth2Request;
use oauth2\OAuth2Protocol;
use oauth2\services\IClientService;
use oauth2\services\IMementoOAuth2AuthenticationRequestService;
use oauth2\services\ITokenService;
use ReflectionClass;
use oauth2\responses\OAuth2AuthorizationResponse;
@ -13,15 +14,27 @@ use oauth2\exceptions\UriNotAllowedException;
use oauth2\exceptions\ScopeNotAllowedException;
use oauth2\exceptions\UnsupportedResponseTypeException;
use oauth2\exceptions\UnAuthorizedClientException;
use oauth2\exceptions\OAuth2GenericException;
use utils\services\IAuthService;
use oauth2\strategies\IOAuth2AuthenticationStrategy;
use oauth2\exceptions\AccessDeniedException;
use oauth2\models\IClient;
class AuthorizationCodeGrantType implements IGrantType {
private $client_service;
private $token_service;
private $auth_service;
private $auth_strategy;
private $memento_service;
public function __construct(IClientService $client_service, ITokenService $token_service){
$this->client_service = $client_service;
$this->token_service = $token_service;
public function __construct(IClientService $client_service, ITokenService $token_service, IAuthService $auth_service, IMementoOAuth2AuthenticationRequestService $memento_service, IOAuth2AuthenticationStrategy $auth_strategy){
$this->client_service = $client_service;
$this->token_service = $token_service;
$this->auth_service = $auth_service;
$this->memento_service = $memento_service;
$this->auth_strategy = $auth_strategy;
}
public function canHandle(OAuth2Request $request)
@ -38,6 +51,8 @@ class AuthorizationCodeGrantType implements IGrantType {
* @throws \oauth2\exceptions\UnsupportedResponseTypeException
* @throws \oauth2\exceptions\UriNotAllowedException
* @throws \oauth2\exceptions\UnAuthorizedClientException
* @throws \oauth2\exceptions\AccessDeniedException
* @throws \oauth2\exceptions\OAuth2GenericException
*/
public function handle(OAuth2Request $request)
{
@ -45,7 +60,7 @@ class AuthorizationCodeGrantType implements IGrantType {
$response_type = $request->getResponseType();
if($response_type !== OAuth2Protocol::OAuth2Protocol_GrantType_AuthCode)
if($response_type !== OAuth2Protocol::OAuth2Protocol_ResponseType_Code)
throw new UnsupportedResponseTypeException(sprintf("response_type %s",$response_type));
$client = $this->client_service->getClientById($client_id);
@ -65,18 +80,37 @@ class AuthorizationCodeGrantType implements IGrantType {
throw new ScopeNotAllowedException(sprintf("redirect_to %s",$redirect_uri));
$state = $request->getState();
//check user logged
if (!$this->auth_service->isUserLogged()) {
$this->memento_service->saveCurrentRequest();
return $this->auth_strategy->doLogin($this->memento_service->getCurrentRequest());
}
$authorization_response = $this->auth_service->getUserAuthorizationResponse();
if($authorization_response === IAuthService::AuthorizationResponse_None){
$this->memento_service->saveCurrentRequest();
return $this->auth_strategy->doConsent($this->memento_service->getCurrentRequest());
}
else if ($authorization_response === IAuthService::AuthorizationResponse_DenyOnce){
throw new AccessDeniedException;
}
$response = new OAuth2AuthorizationResponse();
$token = $this->token_service->getAuthorizationCode($client_id,$redirect_uri);
if(is_null($token))
throw new OAuth2GenericException("Invalid Token");
$response->setAuthorizationCode($token->getValue());
$response->setReturnTo($redirect_uri);
//if state is present, return it on response
if(!is_null($state))
$response->setState($state);
return $response;
}
public function getResponseType()
{
return OAuth2Protocol::OAuth2Protocol_ResponseType_Code;
@ -86,4 +120,5 @@ class AuthorizationCodeGrantType implements IGrantType {
{
// TODO: Implement getType() method.
}
}
}

16
app/libs/oauth2/models/AccessToken.php Normal file
View File

@ -0,0 +1,16 @@
<?php
namespace oauth2\models;
class AccessToken extends Token {
private $scopes = array();
public function addScope($scope){
array_push($this->scopes, $scope);
}
public function toJSON(){
return '{}';
}
}

28
app/libs/oauth2/models/AuthorizationCode.php Normal file
View File

@ -0,0 +1,28 @@
<?php
namespace oauth2\models;
use Zend\Math\Rand;
class AuthorizationCode extends Token {
private $redirect_uri;
public function __construct($client_id,$redirect_uri,$lifetime=3600){
parent::__construct(Token::DefaultByteLength);
$this->value = Rand::getString(Token::DefaultByteLength,null,true);
$this->redirect_uri = $redirect_uri;
$this->client_id = $client_id;
$this->lifetime = $lifetime;
}
public function toJSON()
{
$o = array(
'redirect_uri' =>$this->redirect_uri,
'client_id' =>$this->client_id,
);
return json_encode($o);
}
}

5
app/libs/oauth2/models/IClient.php
View File

@ -10,8 +10,9 @@ namespace oauth2\models;
interface IClient {
const ClientType_Public = "public";
const ClientType_Confidential = "confidential";
const ClientType_Public = 1;
const ClientType_Confidential = 2;
public function getClientId();
public function getClientSecret();

19
app/libs/oauth2/models/Token.php
View File

@ -9,14 +9,31 @@
namespace oauth2\models;
class Token {
abstract class Token {
protected $value;
protected $lifetime;
protected $issued;
protected $client_id;
protected $len;
const DefaultByteLength = 32;
public function __construct($len = self::DefaultByteLength){
$this->len = $len;
$this->issued = gmdate("Y-m-d H:i:s", time());
}
public function getIssued(){
return $this->issued;
}
public function getValue(){
return $this->value;
}
public function getLifetime(){
return $this->lifetime;
}
public abstract function toJSON();
}

14
app/libs/oauth2/responses/OAuth2ErrorResponse.php
View File

@ -1,18 +1,16 @@
<?php
/**
* Created by PhpStorm.
* User: smarcet
* Date: 12/3/13
* Time: 5:25 PM
*/
namespace oauth2\responses;
use oauth2\OAuth2Protocol;
use openid\responses\OpenIdIndirectResponse;
class OAuth2ErrorResponse extends OpenIdIndirectResponse {
class OAuth2ErrorResponse extends OAuth2IndirectResponse {
public function __construct($error,$return_to=null){
$this[OAuth2Protocol::OAuth2Protocol_Error] = $error;
$this->return_to = $return_to;
}
public function setError($error){
$this[OAuth2Protocol::OAuth2Protocol_Error] = $error;

4
app/libs/oauth2/services/OAuth2ServiceCatalog.php
View File

@ -4,5 +4,7 @@ namespace oauth2\services;
class OAuth2ServiceCatalog {
const MementoService = "oauth2\\services\\IMementoOAuth2AuthenticationRequestService";
const MementoService = 'oauth2\\services\\IMementoOAuth2AuthenticationRequestService';
const TokenService = 'oauth2\\services\\ITokenService';
const ClientService = 'oauth2\\services\\IClientService';
}

19
app/libs/oauth2/strategies/IOAuth2AuthenticationStrategy.php Normal file
View File

@ -0,0 +1,19 @@
<?php
/**
* Created by PhpStorm.
* User: smarcet
* Date: 12/4/13
* Time: 11:08 AM
*/
namespace oauth2\strategies;
use oauth2\requests\OAuth2AuthorizationRequest;
interface IOAuth2AuthenticationStrategy {
public function doLogin(OAuth2AuthorizationRequest $request);
public function doConsent(OAuth2AuthorizationRequest $request);
}

2
app/libs/openid/OpenIdProtocol.php
View File

@ -117,7 +117,7 @@ class OpenIdProtocol implements IOpenIdProtocol
{
//create chain of responsibility
$auth_service = Registry::getInstance()->get(OpenIdServiceCatalog::AuthenticationService);
$auth_service = Registry::getInstance()->get(UtilsServiceCatalog::AuthenticationService);
$memento_request_service = Registry::getInstance()->get(OpenIdServiceCatalog::MementoService);
$auth_strategy = Registry::getInstance()->get(OpenIdServiceCatalog::AuthenticationStrategy);
$server_extension_service = Registry::getInstance()->get(OpenIdServiceCatalog::ServerExtensionsService);

3
app/libs/openid/extensions/implementations/OpenIdAXExtension.php
View File

@ -11,6 +11,7 @@ use openid\responses\contexts\ResponseContext;
use openid\responses\OpenIdResponse;
use openid\services\OpenIdServiceCatalog;
use utils\services\Registry;
use utils\services\UtilsServiceCatalog;
/**
@ -73,7 +74,7 @@ class OpenIdAXExtension extends OpenIdExtension
$response->addParam(self::param(self::Mode), self::FetchResponse);
$context->addSignParam(self::param(self::Mode));
$attributes = $ax_request->getRequiredAttributes();
$auth_service = Registry::getInstance()->get(OpenIdServiceCatalog::AuthenticationService);
$auth_service = Registry::getInstance()->get(UtilsServiceCatalog::AuthenticationService);
$user = $auth_service->getCurrentUser();
foreach ($attributes as $attr) {
$response->addParam(self::param(self::Type) . "." . $attr, self::$available_properties[$attr]);

3
app/libs/openid/extensions/implementations/OpenIdSREGExtension.php
View File

@ -18,6 +18,7 @@ use openid\responses\contexts\ResponseContext;
use openid\responses\OpenIdResponse;
use openid\services\OpenIdServiceCatalog;
use utils\services\Registry;
use utils\services\UtilsServiceCatalog;
/**
* Class OpenIdSREGExtension
@ -96,7 +97,7 @@ class OpenIdSREGExtension extends OpenIdExtension
$opt_attributes = $simple_reg_request->getOptionalAttributes();
$attributes = array_merge($attributes, $opt_attributes);
$auth_service = Registry::getInstance()->get(OpenIdServiceCatalog::AuthenticationService);
$auth_service = Registry::getInstance()->get(UtilsServiceCatalog::AuthenticationService);
$user = $auth_service->getCurrentUser();
foreach ($attributes as $attr => $value) {

2
app/libs/openid/handlers/OpenIdAuthenticationRequestHandler.php
View File

@ -23,12 +23,12 @@ use openid\responses\OpenIdIndirectGenericErrorResponse;
use openid\responses\OpenIdNonImmediateNegativeAssertion;
use openid\responses\OpenIdPositiveAssertionResponse;
use openid\services\IAssociationService;
use openid\services\IAuthService;
use openid\services\IMementoOpenIdRequestService;
use openid\services\INonceService;
use openid\services\IServerConfigurationService;
use openid\services\IServerExtensionsService;
use openid\services\ITrustedSitesService;
use utils\services\IAuthService;
use utils\services\ILogService;
/**

1
app/libs/openid/services/OpenIdServiceCatalog.php
View File

@ -13,5 +13,4 @@ class OpenIdServiceCatalog
const ServerConfigurationService = 'openid\\services\\IServerConfigurationService';
const UserService = 'openid\\services\\IUserService';
const NonceService = 'openid\\services\\INonceService';
const AuthenticationService = 'openid\\services\\IAuthService';
}

17
app/libs/openid/services/IAuthService.php → app/libs/utils/services/IAuthService.php
View File

@ -1,15 +1,7 @@
<?php
/**
* Created by JetBrains PhpStorm.
* User: smarcet
* Date: 10/15/13
* Time: 4:39 PM
* To change this template use File | Settings | File Templates.
*/
namespace openid\services;
namespace utils\services;
use openid\model\IOpenIdUser;
interface IAuthService
{
@ -24,11 +16,7 @@ interface IAuthService
*/
public function isUserLogged();
/**
* @return IOpenIdUser
*/
public function getCurrentUser();
/**
* @param $username
* @param $password
@ -39,9 +27,6 @@ interface IAuthService
public function getUserByUsername($username);
/**
* @return AuthorizationResponse_*
*/
public function getUserAuthorizationResponse();
public function setUserAuthorizationResponse($auth_response);

5
app/libs/utils/services/UtilsServiceCatalog.php
View File

@ -10,6 +10,7 @@ namespace utils\services;
class UtilsServiceCatalog {
const CheckPointService = 'utils\\services\\ICheckPointService';
const LogService = '\utils\services\ILogService';
const CheckPointService = 'utils\\services\\ICheckPointService';
const LogService = 'utils\\services\\ILogService';
const AuthenticationService = 'utils\\services\\IAuthService';
}

11
app/models/Api.php Normal file
View File

@ -0,0 +1,11 @@
<?php
/**
* Created by PhpStorm.
* User: smarcet
* Date: 12/4/13
* Time: 4:06 PM
*/
class Api extends Eloquent {
protected $table = 'oauth2_api';
}

11
app/models/ApiScope.php Normal file
View File

@ -0,0 +1,11 @@
<?php
/**
* Created by PhpStorm.
* User: smarcet
* Date: 12/4/13
* Time: 4:06 PM
*/
class ApiScope extends Eloquent {
protected $table = 'oauth2_api_scope';
}

67
app/models/Client.php Normal file
View File

@ -0,0 +1,67 @@
<?php
use oauth2\models\IClient;
class Client extends Eloquent implements IClient {
protected $table = 'oauth2_client';
public function scopes()
{
return $this->belongsToMany('ApiScope','oauth2_client_api_scope','client_id','scope_id');
}
public function getClientId()
{
return $this->client_id;
}
public function getClientSecret()
{
return $this->client_secret;
}
public function getClientType()
{
return $this->client_type;
}
public function getClientAuthorizedRealms()
{
// TODO: Implement getClientAuthorizedRealms() method.
}
public function getClientScopes()
{
// TODO: Implement getClientScopes() method.
}
public function getClientRegisteredUris()
{
// TODO: Implement getClientRegisteredUris() method.
}
public function isScopeAllowed($scope)
{
$res = true;
$desired_scopes = explode(" ",$scope);
foreach($desired_scopes as $desired_scope){
$db_scope = $this->scopes()->where('name', '=', $desired_scope)->first();
if(is_null($db_scope)){
$res = false;
break;
}
}
return $res;
}
public function isRealmAllowed($realm)
{
return false;
}
public function isUriAllowed($uri)
{
$uri = ClientAuthorizedUri::where('client_id', '=', $this->id)->where('uri','=',$uri)->first();
return !is_null($uri);
}
}

11
app/models/ClientAuthorizedUri.php Normal file
View File

@ -0,0 +1,11 @@
<?php
/**
* Created by PhpStorm.
* User: smarcet
* Date: 12/4/13
* Time: 3:59 PM
*/
class ClientAuthorizedUri extends Eloquent {
protected $table = 'oauth2_client_authorized_uri';
}

2
app/services/LogService.php
View File

@ -4,7 +4,7 @@ namespace services;
use Exception;
use Log;
use \utils\services\ILogService;
use utils\services\ILogService;
class LogService implements ILogService
{

7
app/services/ServicesProvider.php
View File

@ -63,8 +63,13 @@ class ServicesProvider extends ServiceProvider
Registry::getInstance()->set(UtilsServiceCatalog::LogService, $this->app->make(UtilsServiceCatalog::LogService));
Registry::getInstance()->set(UtilsServiceCatalog::CheckPointService, $this->app->make(UtilsServiceCatalog::CheckPointService));
$this->app->singleton(OAuth2ServiceCatalog::MementoService, 'services\oauth2\MementoOAuth2AuthenticationRequestService');
$this->app->singleton(OAuth2ServiceCatalog::MementoService, 'services\\oauth2\\MementoOAuth2AuthenticationRequestService');
$this->app->singleton(OAuth2ServiceCatalog::ClientService, 'services\\oauth2\\ClientService');
$this->app->singleton(OAuth2ServiceCatalog::TokenService, 'services\\oauth2\\TokenService');
Registry::getInstance()->set(OAuth2ServiceCatalog::MementoService, $this->app->make(OAuth2ServiceCatalog::MementoService));
Registry::getInstance()->set(OAuth2ServiceCatalog::ClientService, $this->app->make(OAuth2ServiceCatalog::ClientService));
Registry::getInstance()->set(OAuth2ServiceCatalog::TokenService, $this->app->make(OAuth2ServiceCatalog::TokenService));
}
public function register()

2
app/services/TrustedSitesService.php
View File

@ -4,9 +4,9 @@ namespace services;
use openid\model\IOpenIdUser;
use openid\model\ITrustedSite;
use openid\services\IAuthService;
use openid\services\ITrustedSitesService;
use OpenIdTrustedSite;
use utils\services\IAuthService;
use utils\services\ILogService;
class TrustedSitesService implements ITrustedSitesService

25
app/services/oauth2/ClientService.php Normal file
View File

@ -0,0 +1,25 @@
<?php
/**
* Created by PhpStorm.
* User: smarcet
* Date: 12/4/13
* Time: 12:45 PM
*/
namespace services\oauth2;
use oauth2\models\IClient;
use oauth2\services\IClientService;
use Client;
class ClientService implements IClientService{
/**
* @param $client_id
* @return IClient
*/
public function getClientById($client_id)
{
$client = Client::where('client_id', '=', $client_id)->first();
return $client;
}
}

1
app/services/oauth2/MementoOAuth2AuthenticationRequestService.php
View File

@ -6,6 +6,7 @@ use oauth2\services\IMementoOAuth2AuthenticationRequestService;
use oauth2\services\OAuth2Request;
use oauth2\requests\OAuth2AuthorizationRequest;
use Input;
use Session;
class MementoOAuth2AuthenticationRequestService implements IMementoOAuth2AuthenticationRequestService{

57
app/services/oauth2/TokenService.php Normal file
View File

@ -0,0 +1,57 @@
<?php
namespace services\oauth2;
use oauth2\models\AuthorizationCode;
use oauth2\models\Token;
use oauth2\services\ITokenService;
/**
* Class TokenService
* @package services\oauth2
*/
class TokenService implements ITokenService{
private $redis;
public function __construct(){
$this->redis = \RedisLV4::connection();
}
/**
* @param $client_id
* @param null $redirect_uri
* @return Token
*/
public function getAuthorizationCode($client_id, $redirect_uri = null)
{
$code = new AuthorizationCode($client_id,$redirect_uri);
$this->redis->setex($code->getValue(), $code->getLifetime(),$code->toJSON());
return $code;
}
/**
* @param $auth_code
* @param $client_id
* @param $scope
* @param null $redirect_uri
* @return Token
*/
public function getAccessToken($auth_code, $client_id, $scope, $redirect_uri = null)
{
// TODO: Implement getAccessToken() method.
}
/**
* @param $client_id
* @param $scope
* @return Token
*/
public function getRefreshToken($client_id, $scope)
{
// TODO: Implement getRefreshToken() method.
}
}

8
app/strategies/DefaultLoginStrategy.php
View File

@ -1,12 +1,12 @@
<?php
namespace strategies;
use \Auth;
use \Redirect;
use \View;
use Auth;
use Redirect;
use services\IPHelper;
use services\IUserActionService;
use openid\services\IAuthService;
use utils\services\IAuthService;
use View;
class DefaultLoginStrategy implements ILoginStrategy
{

26
app/strategies/OAuth2AuthenticationStrategy.php Normal file
View File

@ -0,0 +1,26 @@
<?php
/**
* Created by PhpStorm.
* User: smarcet
* Date: 12/4/13
* Time: 11:32 AM
*/
namespace strategies;
use oauth2\requests\OAuth2AuthorizationRequest;
use oauth2\strategies\IOAuth2AuthenticationStrategy;
use Redirect;
class OAuth2AuthenticationStrategy implements IOAuth2AuthenticationStrategy {
public function doLogin(OAuth2AuthorizationRequest $request)
{
return Redirect::action('UserController@getLogin');
}
public function doConsent(OAuth2AuthorizationRequest $request)
{
return Redirect::action('UserController@getConsent');
}
}

31
app/strategies/OAuth2ConsentStrategy.php Normal file
View File

@ -0,0 +1,31 @@
<?php
namespace strategies;
use utils\services\IAuthService;
use Redirect;
use View;
/**
* Class OAuth2ConsentStrategy
* @package strategies
*/
class OAuth2ConsentStrategy implements IConsentStrategy {
private $auth_service;
public function __construct(IAuthService $auth_service)
{
$this->auth_service = $auth_service;
}
public function getConsent()
{
return View::make("oauth2.consent");
}
public function postConsent($trust_action)
{
$this->auth_service->setUserAuthorizationResponse($trust_action[0]);
return Redirect::action('OAuth2ProviderController@authorize');
}
}

29
app/strategies/OAuth2LoginStrategy.php Normal file
View File

@ -0,0 +1,29 @@
<?php
namespace strategies;
use Auth;
use Redirect;
use View;
class OAuth2LoginStrategy implements ILoginStrategy{
public function getLogin()
{
if (Auth::guest()) {
return View::make("login");
} else {
return Redirect::action("UserController@getProfile");
}
}
public function postLogin()
{
return Redirect::action("OAuth2ProviderController@authorize");
}
public function cancelLogin()
{
return Redirect::action("OAuth2ProviderController@authorize");
}
}

12
app/strategies/OpenIdConsentStrategy.php
View File

@ -2,18 +2,18 @@
namespace strategies;
use Auth;
use openid\exceptions\InvalidOpenIdMessageException;
use openid\exceptions\InvalidRequestContextException;
use openid\OpenIdProtocol;
use openid\services\IAuthService;
use openid\services\IMementoOpenIdRequestService;
use openid\services\IServerConfigurationService;
use Redirect;
use services\IPHelper;
use services\IUserActionService;
use \Auth;
use \Redirect;
use \View;
use \Session;
use Session;
use utils\services\IAuthService;
use View;
class OpenIdConsentStrategy implements IConsentStrategy
{
@ -35,7 +35,7 @@ class OpenIdConsentStrategy implements IConsentStrategy
public function getConsent()
{
$data = $this->getViewData();
return View::make("consent", $data);
return View::make("openid.consent", $data);
}
private function getViewData()

8
app/strategies/OpenIdLoginStrategy.php
View File

@ -3,16 +3,18 @@
namespace strategies;
use Auth;
use Redirect;
use View;
use openid\OpenIdProtocol;
use openid\requests\OpenIdAuthenticationRequest;
use openid\responses\OpenIdNonImmediateNegativeAssertion;
use openid\services\IMementoOpenIdRequestService;
use openid\strategies\OpenIdResponseStrategyFactoryMethod;
use Redirect;
use services\IPHelper;
use services\IUserActionService;
use View;
use openid\services\IAuthService;
use utils\services\IAuthService;
class OpenIdLoginStrategy implements ILoginStrategy
{

1
app/strategies/StrategyProvider.php
View File

@ -17,6 +17,7 @@ class StrategyProvider extends ServiceProvider
$this->app->singleton(OpenIdDirectResponse::OpenIdDirectResponse, 'strategies\\DirectResponseStrategy');
$this->app->singleton(OpenIdIndirectResponse::OpenIdIndirectResponse, 'strategies\\IndirectResponseStrategy');
$this->app->singleton(OAuth2IndirectResponse::OpenIdIndirectResponse, 'strategies\\IndirectResponseStrategy');
$this->app->singleton('oauth2\\strategies\\IOAuth2AuthenticationStrategy', 'strategies\\OAuth2AuthenticationStrategy');
Registry::getInstance()->set(OpenIdDirectResponse::OpenIdDirectResponse, $this->app->make(OpenIdDirectResponse::OpenIdDirectResponse));
Registry::getInstance()->set(OpenIdIndirectResponse::OpenIdIndirectResponse, $this->app->make(OpenIdIndirectResponse::OpenIdIndirectResponse));

47
app/views/oauth2/consent.blade.php Normal file
View File

@ -0,0 +1,47 @@
@extends('layout')
@section('title')
<title>Welcome to openstackId - consent </title>
@stop
@section('content')
<div class="container">
<h4>OpenstackId - OAuth2 verification</h4>
{{ Form::open(array('url' => '/accounts/user/consent','id'=>'authorization_form', 'method' => 'post', "autocomplete" => "off")) }}
<fieldset>
<div>
<label class="radio">
{{ Form::radio('trust[]', 'AllowOnce','true',array('id'=>'allow_once','class'=>'input-block-level')) }}
Allow Once
</label>
<label class="radio">
{{ Form::radio('trust[]', 'AllowForever','',array('id'=>'allow_forever','class'=>'input-block-level')) }}
Allow Forever
</label>
<label class="radio">
{{ Form::radio('trust[]', 'DenyOnce','',array('id'=>'deny_once','class'=>'input-block-level')) }}
Deny Once
</label>
<label class="radio">
{{ Form::radio('trust[]', 'DenyForever','',array('id'=>'deny_forever','class'=>'input-block-level')) }}
Deny Forever
</label>
</div>
{{ Form::submit('Ok',array("id"=>"send_authorization",'class'=>'btn')) }}
{{ Form::button('Cancel',array('id'=>'cancel_authorization','class'=>'btn cancel_authorization')) }}
</fieldset>
{{ Form::close() }}
</div>
@stop
@section('scripts')
<script type="application/javascript">
$(document).ready(function() {
$("body").on('click',"#cancel_authorization",function(event){
$form = $('#authorization_form');
$("#deny_once").prop("checked", true)
$form.submit();
event.preventDefault();
return false;
});
});
</script>
@stop

0
app/views/consent.blade.php → app/views/openid/consent.blade.php
View File