diff --git a/app/controllers/OAuth2ProviderController.php b/app/controllers/OAuth2ProviderController.php new file mode 100644 index 00000000..7be84cbb --- /dev/null +++ b/app/controllers/OAuth2ProviderController.php @@ -0,0 +1,28 @@ +oauth2_protocol = $oauth2_protocol; + $this->memento_service = $memento_service; + } + + public function authorize(){ + $request = $this->memento_service->getCurrentRequest(); + if (is_null($request) || !$request->isValid()) + throw new \Exception(); + $response = $this->$oauth2_protocol->authorize($request); + } +} \ No newline at end of file diff --git a/app/controllers/UserController.php b/app/controllers/UserController.php index 0343e311..92f968fd 100644 --- a/app/controllers/UserController.php +++ b/app/controllers/UserController.php @@ -11,6 +11,7 @@ use services\IUserActionService; use strategies\DefaultLoginStrategy; use strategies\OpenIdConsentStrategy; use strategies\OpenIdLoginStrategy; +use openid\requests\OpenIdAuthenticationRequest; class UserController extends BaseController { @@ -32,19 +33,18 @@ class UserController extends BaseController IUserService $user_service, IUserActionService $user_action_service) { - $this->memento_service = $memento_service; - $this->auth_service = $auth_service; + $this->memento_service = $memento_service; + $this->auth_service = $auth_service; $this->server_configuration_service = $server_configuration_service; - $this->trusted_sites_service = $trusted_sites_service; - $this->discovery = $discovery; - $this->user_service = $user_service; - $this->user_action_service = $user_action_service; + $this->trusted_sites_service = $trusted_sites_service; + $this->discovery = $discovery; + $this->user_service = $user_service; + $this->user_action_service = $user_action_service; //filters $this->beforeFilter('csrf', array('only' => array('postLogin', 'postConsent'))); - $msg = $this->memento_service->getCurrentRequest(); - if (!is_null($msg) && $msg->isValid()) { + if (!is_null($msg) && $msg->isValid() && OpenIdAuthenticationRequest::IsOpenIdAuthenticationRequest($msg)) { //openid stuff $this->beforeFilter('openid.save.request'); $this->beforeFilter('openid.needs.auth.request', array('only' => array('getConsent'))); diff --git a/app/filters.php b/app/filters.php index 70a75131..50fd53fa 100644 --- a/app/filters.php +++ b/app/filters.php @@ -1,8 +1,8 @@ get(ServiceCatalog::CheckPointService); + $checkpoint_service = OpenIdRegistry::getInstance()->get(OpenIdServiceCatalog::CheckPointService); if (!$checkpoint_service->check()) { return View::make('404'); } @@ -111,7 +111,7 @@ Route::filter("openid.save.request", function () { Route::filter("ssl", function () { if (!Request::secure()) { - $memento_service = Registry::getInstance()->get("openid\\services\\IMementoOpenIdRequestService"); + $memento_service = OpenIdRegistry::getInstance()->get("openid\\services\\IMementoOpenIdRequestService"); $memento_service->saveCurrentRequest(); return Redirect::secure(Request::getRequestUri()); } diff --git a/app/libs/auth/AuthenticationServiceProvider.php b/app/libs/auth/AuthenticationServiceProvider.php index 8ea9d9e9..04dbac34 100644 --- a/app/libs/auth/AuthenticationServiceProvider.php +++ b/app/libs/auth/AuthenticationServiceProvider.php @@ -3,16 +3,16 @@ namespace auth; use Illuminate\Support\ServiceProvider; -use openid\services\Registry; -use openid\services\ServiceCatalog; +use openid\services\OpenIdRegistry; +use openid\services\OpenIdServiceCatalog; class AuthenticationServiceProvider extends ServiceProvider { public function boot() { - $this->app->singleton(ServiceCatalog::AuthenticationService, 'auth\\AuthService'); - Registry::getInstance()->set(ServiceCatalog::AuthenticationService, $this->app->make(ServiceCatalog::AuthenticationService)); + $this->app->singleton(OpenIdServiceCatalog::AuthenticationService, 'auth\\AuthService'); + OpenIdRegistry::getInstance()->set(OpenIdServiceCatalog::AuthenticationService, $this->app->make(OpenIdServiceCatalog::AuthenticationService)); } public function register() diff --git a/app/libs/auth/CustomAuthProvider.php b/app/libs/auth/CustomAuthProvider.php index 75cd422b..f51eefd5 100644 --- a/app/libs/auth/CustomAuthProvider.php +++ b/app/libs/auth/CustomAuthProvider.php @@ -10,8 +10,8 @@ use Log; use Member; use openid\helpers\OpenIdErrorMessages; use openid\requests\OpenIdAuthenticationRequest; -use openid\services\Registry; -use openid\services\ServiceCatalog; +use openid\services\OpenIdRegistry; +use openid\services\OpenIdServiceCatalog; use auth\exceptions\AuthenticationInvalidPasswordAttemptException; class CustomAuthProvider implements UserProviderInterface @@ -60,8 +60,8 @@ class CustomAuthProvider implements UserProviderInterface throw new AuthenticationException("invalid crendentials"); $identifier = $credentials['username']; - $password = $credentials['password']; - $user = OpenIdUser::where('external_id', '=', $identifier)->first(); + $password = $credentials['password']; + $user = OpenIdUser::where('external_id', '=', $identifier)->first(); //check user status... if (!is_null($user) && ($user->lock || !$user->active)){ @@ -90,13 +90,13 @@ class CustomAuthProvider implements UserProviderInterface $user = OpenIdUser::where('external_id', '=', $identifier)->first(); } - $user_service = Registry::getInstance()->get(ServiceCatalog::UserService); + $user_service = OpenIdRegistry::getInstance()->get(OpenIdServiceCatalog::UserService); $user_name = $member->FirstName . "." . $member->Surname; //do association between user and member $user_service->associateUser($user->id, strtolower($user_name)); - $server_configuration = Registry::getInstance()->get(ServiceCatalog::ServerConfigurationService); + $server_configuration = OpenIdRegistry::getInstance()->get(OpenIdServiceCatalog::ServerConfigurationService); //update user fields $user->last_login_date = gmdate("Y-m-d H:i:s", time()); @@ -110,7 +110,7 @@ class CustomAuthProvider implements UserProviderInterface $user->setMember($member); //check if we have a current openid message - $memento_service = Registry::getInstance()->get(ServiceCatalog::MementoService); + $memento_service = OpenIdRegistry::getInstance()->get(OpenIdServiceCatalog::MementoService); $msg = $memento_service->getCurrentRequest(); if (is_null($msg) || !$msg->isValid() || !OpenIdAuthenticationRequest::IsOpenIdAuthenticationRequest($msg)) return $user; @@ -130,7 +130,7 @@ class CustomAuthProvider implements UserProviderInterface } } catch (Exception $ex) { - $checkpoint_service = Registry::getInstance()->get(ServiceCatalog::CheckPointService); + $checkpoint_service = OpenIdRegistry::getInstance()->get(OpenIdServiceCatalog::CheckPointService); $checkpoint_service->trackException($ex); Log::error($ex); return null; diff --git a/app/libs/auth/OpenIdUser.php b/app/libs/auth/OpenIdUser.php index 13327e05..2bfaeb43 100644 --- a/app/libs/auth/OpenIdUser.php +++ b/app/libs/auth/OpenIdUser.php @@ -6,8 +6,8 @@ use Illuminate\Auth\UserInterface; use Member; use MemberPhoto; use openid\model\IOpenIdUser; -use openid\services\Registry; -use openid\services\ServiceCatalog; +use openid\services\OpenIdRegistry; +use openid\services\OpenIdServiceCatalog; class OpenIdUser extends \Eloquent implements UserInterface, IOpenIdUser { @@ -185,7 +185,7 @@ class OpenIdUser extends \Eloquent implements UserInterface, IOpenIdUser $photoId = $this->member->PhotoID; if (!is_null($photoId) && is_numeric($photoId) && $photoId > 0) { $photo = MemberPhoto::where('ID', '=', $photoId)->first(); - $server_configuration_service = Registry::getInstance()->get(ServiceCatalog::ServerConfigurationService); + $server_configuration_service = OpenIdRegistry::getInstance()->get(OpenIdServiceCatalog::ServerConfigurationService); $url = $server_configuration_service->getConfigValue("Assets.Url").$photo->Filename; return $url; } diff --git a/app/libs/oauth2/.gitkeep b/app/libs/oauth2/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/app/libs/oauth2/IOAuth2Protocol.php b/app/libs/oauth2/IOAuth2Protocol.php new file mode 100644 index 00000000..5747151e --- /dev/null +++ b/app/libs/oauth2/IOAuth2Protocol.php @@ -0,0 +1,15 @@ +container = $values; + } + + /** + * arrayaccess methods + * */ + public function offsetSet($offset, $value) + { + if (is_null($offset)) { + $this->container[] = $value; + } else { + $this->container[$offset] = $value; + } + } + + public function offsetExists($offset) + { + return isset($this->container[$offset]); + } + + public function offsetUnset($offset) + { + unset($this->container[$offset]); + } + + public function offsetGet($offset) + { + return isset($this->container[$offset]) ? $this->container[$offset] : null; + } +} \ No newline at end of file diff --git a/app/libs/oauth2/OAuth2Protocol.php b/app/libs/oauth2/OAuth2Protocol.php new file mode 100644 index 00000000..ace93b71 --- /dev/null +++ b/app/libs/oauth2/OAuth2Protocol.php @@ -0,0 +1,43 @@ + self::OAuth2Protocol_ResponseType, + self::OAuth2Protocol_ClientId => self::OAuth2Protocol_ClientId, + self::OAuth2Protocol_RedirectUri => self::OAuth2Protocol_RedirectUri, + self::OAuth2Protocol_Scope => self::OAuth2Protocol_Scope, + self::OAuth2Protocol_State => self::OAuth2Protocol_State + ); + + public function __construct(){ + $this->authorize_endpoint = new AuthorizationEndpoint; + $this->token_endpoint = new TokenEndpoint; + } + + public function authorize(OAuth2Request $request) + { + return $this->authorize_endpoint->handle($request); + } + + public function token(OAuth2Request $request) + { + return $this->token_endpoint->handle($request); + } +} \ No newline at end of file diff --git a/app/libs/oauth2/endpoints/.gitkeep b/app/libs/oauth2/endpoints/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/app/libs/oauth2/endpoints/AuthorizationEndpoint.php b/app/libs/oauth2/endpoints/AuthorizationEndpoint.php new file mode 100644 index 00000000..46421872 --- /dev/null +++ b/app/libs/oauth2/endpoints/AuthorizationEndpoint.php @@ -0,0 +1,16 @@ + OAuth2Protocol::OAuth2Protocol_ResponseType, + OAuth2Protocol::OAuth2Protocol_ClientId => OAuth2Protocol::OAuth2Protocol_ClientId, + OAuth2Protocol::OAuth2Protocol_RedirectUri => OAuth2Protocol::OAuth2Protocol_RedirectUri, + OAuth2Protocol::OAuth2Protocol_Scope => OAuth2Protocol::OAuth2Protocol_Scope, + OAuth2Protocol::OAuth2Protocol_State => OAuth2Protocol::OAuth2Protocol_State + ); + + public function isValid() + { + // TODO: Implement isValid() method. + } +} \ No newline at end of file diff --git a/app/libs/oauth2/requests/OAuth2Request.php b/app/libs/oauth2/requests/OAuth2Request.php new file mode 100644 index 00000000..6f687a2a --- /dev/null +++ b/app/libs/oauth2/requests/OAuth2Request.php @@ -0,0 +1,13 @@ +get(ServiceCatalog::AuthenticationService); - $memento_request_service = Registry::getInstance()->get(ServiceCatalog::MementoService); - $auth_strategy = Registry::getInstance()->get(ServiceCatalog::AuthenticationStrategy); - $server_extension_service = Registry::getInstance()->get(ServiceCatalog::ServerExtensionsService); - $association_service = Registry::getInstance()->get(ServiceCatalog::AssociationService); - $trusted_sites_service = Registry::getInstance()->get(ServiceCatalog::TrustedSitesService); - $server_config_service = Registry::getInstance()->get(ServiceCatalog::ServerConfigurationService); - $nonce_service = Registry::getInstance()->get(ServiceCatalog::NonceService); - $log = Registry::getInstance()->get(ServiceCatalog::LogService); + $auth_service = OpenIdRegistry::getInstance()->get(OpenIdServiceCatalog::AuthenticationService); + $memento_request_service = OpenIdRegistry::getInstance()->get(OpenIdServiceCatalog::MementoService); + $auth_strategy = OpenIdRegistry::getInstance()->get(OpenIdServiceCatalog::AuthenticationStrategy); + $server_extension_service = OpenIdRegistry::getInstance()->get(OpenIdServiceCatalog::ServerExtensionsService); + $association_service = OpenIdRegistry::getInstance()->get(OpenIdServiceCatalog::AssociationService); + $trusted_sites_service = OpenIdRegistry::getInstance()->get(OpenIdServiceCatalog::TrustedSitesService); + $server_config_service = OpenIdRegistry::getInstance()->get(OpenIdServiceCatalog::ServerConfigurationService); + $nonce_service = OpenIdRegistry::getInstance()->get(OpenIdServiceCatalog::NonceService); + $log = OpenIdRegistry::getInstance()->get(OpenIdServiceCatalog::LogService); $check_auth = new OpenIdCheckAuthenticationRequestHandler($association_service, $nonce_service, $log, null); $session_assoc = new OpenIdSessionAssociationRequestHandler($log, $check_auth); @@ -158,8 +158,8 @@ class OpenIdProtocol implements IOpenIdProtocol public function getXRDSDiscovery($mode, $canonical_id = null) { - $server_extension_service = Registry::getInstance()->get(ServiceCatalog::ServerExtensionsService); - $server_config_service = Registry::getInstance()->get(ServiceCatalog::ServerConfigurationService); + $server_extension_service = OpenIdRegistry::getInstance()->get(OpenIdServiceCatalog::ServerExtensionsService); + $server_config_service = OpenIdRegistry::getInstance()->get(OpenIdServiceCatalog::ServerConfigurationService); $active_extensions = $server_extension_service->getAllActiveExtensions(); $extensions = array(); diff --git a/app/libs/openid/extensions/OpenIdExtension.php b/app/libs/openid/extensions/OpenIdExtension.php index 72ada15c..fffa1a48 100644 --- a/app/libs/openid/extensions/OpenIdExtension.php +++ b/app/libs/openid/extensions/OpenIdExtension.php @@ -13,8 +13,8 @@ use openid\requests\contexts\RequestContext; use openid\requests\OpenIdRequest; use openid\responses\contexts\ResponseContext; use openid\responses\OpenIdResponse; -use openid\services\Registry; -use openid\services\ServiceCatalog; +use openid\services\OpenIdRegistry; +use openid\services\OpenIdServiceCatalog; /** * Class OpenIdExtension @@ -43,7 +43,7 @@ abstract class OpenIdExtension $this->name = $name; $this->view = $view; $this->description = $description; - $this->log = Registry::getInstance()->get(ServiceCatalog::LogService); + $this->log = OpenIdRegistry::getInstance()->get(OpenIdServiceCatalog::LogService); } public function getNamespace() diff --git a/app/libs/openid/extensions/implementations/OpenIdAXExtension.php b/app/libs/openid/extensions/implementations/OpenIdAXExtension.php index b71c67e7..bf03b132 100644 --- a/app/libs/openid/extensions/implementations/OpenIdAXExtension.php +++ b/app/libs/openid/extensions/implementations/OpenIdAXExtension.php @@ -9,8 +9,8 @@ use openid\requests\contexts\RequestContext; use openid\requests\OpenIdRequest; use openid\responses\contexts\ResponseContext; use openid\responses\OpenIdResponse; -use openid\services\Registry; -use openid\services\ServiceCatalog; +use openid\services\OpenIdRegistry; +use openid\services\OpenIdServiceCatalog; /** @@ -73,7 +73,7 @@ class OpenIdAXExtension extends OpenIdExtension $response->addParam(self::param(self::Mode), self::FetchResponse); $context->addSignParam(self::param(self::Mode)); $attributes = $ax_request->getRequiredAttributes(); - $auth_service = Registry::getInstance()->get(ServiceCatalog::AuthenticationService); + $auth_service = OpenIdRegistry::getInstance()->get(OpenIdServiceCatalog::AuthenticationService); $user = $auth_service->getCurrentUser(); foreach ($attributes as $attr) { $response->addParam(self::param(self::Type) . "." . $attr, self::$available_properties[$attr]); diff --git a/app/libs/openid/extensions/implementations/OpenIdSREGExtension.php b/app/libs/openid/extensions/implementations/OpenIdSREGExtension.php index d3c13875..e6cd033f 100644 --- a/app/libs/openid/extensions/implementations/OpenIdSREGExtension.php +++ b/app/libs/openid/extensions/implementations/OpenIdSREGExtension.php @@ -16,8 +16,8 @@ use openid\requests\contexts\RequestContext; use openid\requests\OpenIdRequest; use openid\responses\contexts\ResponseContext; use openid\responses\OpenIdResponse; -use openid\services\Registry; -use openid\services\ServiceCatalog; +use openid\services\OpenIdRegistry; +use openid\services\OpenIdServiceCatalog; /** * Class OpenIdSREGExtension @@ -96,7 +96,7 @@ class OpenIdSREGExtension extends OpenIdExtension $opt_attributes = $simple_reg_request->getOptionalAttributes(); $attributes = array_merge($attributes, $opt_attributes); - $auth_service = Registry::getInstance()->get(ServiceCatalog::AuthenticationService); + $auth_service = OpenIdRegistry::getInstance()->get(OpenIdServiceCatalog::AuthenticationService); $user = $auth_service->getCurrentUser(); foreach ($attributes as $attr => $value) { diff --git a/app/libs/openid/extensions/implementations/OpenIdSREGRequest.php b/app/libs/openid/extensions/implementations/OpenIdSREGRequest.php index aaa9b966..698efddc 100644 --- a/app/libs/openid/extensions/implementations/OpenIdSREGRequest.php +++ b/app/libs/openid/extensions/implementations/OpenIdSREGRequest.php @@ -11,8 +11,8 @@ namespace openid\extensions\implementations; use Exception; use openid\OpenIdMessage; use openid\requests\OpenIdRequest; -use openid\services\Registry; -use openid\services\ServiceCatalog; +use openid\services\OpenIdRegistry; +use openid\services\OpenIdServiceCatalog; /** * Class OpenIdSREGRequest @@ -32,7 +32,7 @@ class OpenIdSREGRequest extends OpenIdRequest parent::__construct($message); $this->attributes = array(); $this->optional_attributes = array(); - $this->log = Registry::getInstance()->get(ServiceCatalog::LogService); + $this->log = OpenIdRegistry::getInstance()->get(OpenIdServiceCatalog::LogService); } public function isValid() diff --git a/app/libs/openid/handlers/OpenIdMessageHandler.php b/app/libs/openid/handlers/OpenIdMessageHandler.php index 2f2731c6..d78a551c 100644 --- a/app/libs/openid/handlers/OpenIdMessageHandler.php +++ b/app/libs/openid/handlers/OpenIdMessageHandler.php @@ -13,8 +13,8 @@ use openid\exceptions\InvalidOpenIdMessageException; use openid\helpers\OpenIdErrorMessages; use openid\OpenIdMessage; use openid\services\ILogService; -use openid\services\Registry; -use openid\services\ServiceCatalog; +use openid\services\OpenIdRegistry; +use openid\services\OpenIdServiceCatalog; /** * Class OpenIdMessageHandler @@ -34,7 +34,7 @@ abstract class OpenIdMessageHandler { $this->successor = $successor; $this->log = $log; - $this->checkpoint_service = Registry::getInstance()->get(ServiceCatalog::CheckPointService); + $this->checkpoint_service = OpenIdRegistry::getInstance()->get(OpenIdServiceCatalog::CheckPointService); } /** diff --git a/app/libs/openid/handlers/strategies/session_association/implementations/SessionAssociationDHStrategy.php b/app/libs/openid/handlers/strategies/session_association/implementations/SessionAssociationDHStrategy.php index 4b1576a7..abebf1fe 100644 --- a/app/libs/openid/handlers/strategies/session_association/implementations/SessionAssociationDHStrategy.php +++ b/app/libs/openid/handlers/strategies/session_association/implementations/SessionAssociationDHStrategy.php @@ -14,8 +14,8 @@ use openid\responses\OpenIdDiffieHellmanAssociationSessionResponse; use Zend\Crypt\PublicKey\DiffieHellman; use openid\helpers\OpenIdCryptoHelper; use openid\model\IAssociation; -use openid\services\Registry; -use openid\services\ServiceCatalog; +use openid\services\OpenIdRegistry; +use openid\services\OpenIdServiceCatalog; use openid\helpers\AssocHandleGenerator; class SessionAssociationDHStrategy implements ISessionAssociationStrategy @@ -32,9 +32,9 @@ class SessionAssociationDHStrategy implements ISessionAssociationStrategy public function __construct(OpenIdDHAssociationSessionRequest $request) { $this->current_request = $request; - $this->association_service = Registry::getInstance()->get(ServiceCatalog::AssociationService); - $this->server_configuration_service = Registry::getInstance()->get(ServiceCatalog:: ServerConfigurationService); - $this->log = Registry::getInstance()->get(ServiceCatalog:: LogService); + $this->association_service = OpenIdRegistry::getInstance()->get(OpenIdServiceCatalog::AssociationService); + $this->server_configuration_service = OpenIdRegistry::getInstance()->get(OpenIdServiceCatalog:: ServerConfigurationService); + $this->log = OpenIdRegistry::getInstance()->get(OpenIdServiceCatalog:: LogService); } /** diff --git a/app/libs/openid/handlers/strategies/session_association/implementations/SessionAssociationUnencryptedStrategy.php b/app/libs/openid/handlers/strategies/session_association/implementations/SessionAssociationUnencryptedStrategy.php index 061a08c6..1f776487 100644 --- a/app/libs/openid/handlers/strategies/session_association/implementations/SessionAssociationUnencryptedStrategy.php +++ b/app/libs/openid/handlers/strategies/session_association/implementations/SessionAssociationUnencryptedStrategy.php @@ -17,8 +17,8 @@ use Zend\Crypt\Exception\InvalidArgumentException; use Zend\Crypt\Exception\RuntimeException; use openid\helpers\OpenIdCryptoHelper; use openid\model\IAssociation; -use openid\services\Registry; -use openid\services\ServiceCatalog; +use openid\services\OpenIdRegistry; +use openid\services\OpenIdServiceCatalog; use openid\helpers\AssocHandleGenerator; class SessionAssociationUnencryptedStrategy implements ISessionAssociationStrategy { @@ -32,9 +32,9 @@ class SessionAssociationUnencryptedStrategy implements ISessionAssociationStrate public function __construct(OpenIdAssociationSessionRequest $request) { $this->current_request = $request; - $this->association_service = Registry::getInstance()->get(ServiceCatalog::AssociationService); - $this->server_configuration_service = Registry::getInstance()->get(ServiceCatalog:: ServerConfigurationService); - $this->log = Registry::getInstance()->get(ServiceCatalog:: LogService); + $this->association_service = OpenIdRegistry::getInstance()->get(OpenIdServiceCatalog::AssociationService); + $this->server_configuration_service = OpenIdRegistry::getInstance()->get(OpenIdServiceCatalog:: ServerConfigurationService); + $this->log = OpenIdRegistry::getInstance()->get(OpenIdServiceCatalog:: LogService); } /** diff --git a/app/libs/openid/model/OpenIdNonce.php b/app/libs/openid/model/OpenIdNonce.php index ad9ea950..182ef530 100644 --- a/app/libs/openid/model/OpenIdNonce.php +++ b/app/libs/openid/model/OpenIdNonce.php @@ -4,7 +4,7 @@ namespace openid\model; use openid\exceptions\InvalidNonce; use openid\helpers\OpenIdErrorMessages; -use openid\services\Registry; +use openid\services\OpenIdRegistry; class OpenIdNonce { @@ -71,7 +71,7 @@ class OpenIdNonce */ public function isValid() { - $server_configuration_service = Registry::getInstance()->get("openid\\services\\IServerConfigurationService"); + $server_configuration_service = OpenIdRegistry::getInstance()->get("openid\\services\\IServerConfigurationService"); $allowed_skew = $server_configuration_service->getConfigValue("Nonce.Lifetime"); $now = time(); // Time after which we should not use the nonce diff --git a/app/libs/openid/requests/OpenIdAuthenticationRequest.php b/app/libs/openid/requests/OpenIdAuthenticationRequest.php index 21da9933..5eb9453b 100644 --- a/app/libs/openid/requests/OpenIdAuthenticationRequest.php +++ b/app/libs/openid/requests/OpenIdAuthenticationRequest.php @@ -5,8 +5,8 @@ namespace openid\requests; use openid\helpers\OpenIdUriHelper; use openid\OpenIdMessage; use openid\OpenIdProtocol; -use openid\services\Registry; -use openid\services\ServiceCatalog; +use openid\services\OpenIdRegistry; +use openid\services\OpenIdServiceCatalog; class OpenIdAuthenticationRequest extends OpenIdRequest { @@ -91,7 +91,7 @@ class OpenIdAuthenticationRequest extends OpenIdRequest * other information in its payload, using extensions. */ - $server_configuration_service = Registry::getInstance()->get(ServiceCatalog::ServerConfigurationService); + $server_configuration_service = OpenIdRegistry::getInstance()->get(OpenIdServiceCatalog::ServerConfigurationService); if (is_null($claimed_id) && is_null($identity)) return false; //http://specs.openid.net/auth/2.0/identifier_select diff --git a/app/libs/openid/requests/OpenIdCheckAuthenticationRequest.php b/app/libs/openid/requests/OpenIdCheckAuthenticationRequest.php index 0088721a..263666be 100644 --- a/app/libs/openid/requests/OpenIdCheckAuthenticationRequest.php +++ b/app/libs/openid/requests/OpenIdCheckAuthenticationRequest.php @@ -5,7 +5,7 @@ namespace openid\requests; use openid\helpers\OpenIdUriHelper; use openid\OpenIdMessage; use openid\OpenIdProtocol; -use openid\services\Registry; +use openid\services\OpenIdRegistry; class OpenIdCheckAuthenticationRequest extends OpenIdAuthenticationRequest { @@ -32,7 +32,7 @@ class OpenIdCheckAuthenticationRequest extends OpenIdAuthenticationRequest $claimed_identity = $this->getClaimedId(); $claimed_realm = $this->getRealm(); $claimed_returnTo = $this->getReturnTo(); - $server_configuration_service = Registry::getInstance()->get("openid\\services\\IServerConfigurationService"); + $server_configuration_service = OpenIdRegistry::getInstance()->get("openid\\services\\IServerConfigurationService"); if ( !is_null($mode) && !empty($mode) && $mode == OpenIdProtocol::CheckAuthenticationMode && !is_null($claimed_returnTo) && !empty($claimed_returnTo) && OpenIdUriHelper::checkReturnTo($claimed_returnTo) diff --git a/app/libs/openid/services/Registry.php b/app/libs/openid/services/OpenIdRegistry.php similarity index 89% rename from app/libs/openid/services/Registry.php rename to app/libs/openid/services/OpenIdRegistry.php index 6ff8bf62..ed9c5a7e 100644 --- a/app/libs/openid/services/Registry.php +++ b/app/libs/openid/services/OpenIdRegistry.php @@ -3,7 +3,7 @@ namespace openid\services; -class Registry +class OpenIdRegistry { private static $instance = null; @@ -14,7 +14,7 @@ class Registry public static function getInstance() { if (self::$instance === null) { - self::$instance = new Registry(); + self::$instance = new OpenIdRegistry(); } return self::$instance; diff --git a/app/libs/openid/services/ServiceCatalog.php b/app/libs/openid/services/OpenIdServiceCatalog.php similarity index 96% rename from app/libs/openid/services/ServiceCatalog.php rename to app/libs/openid/services/OpenIdServiceCatalog.php index cc862586..ca5f56e3 100644 --- a/app/libs/openid/services/ServiceCatalog.php +++ b/app/libs/openid/services/OpenIdServiceCatalog.php @@ -3,7 +3,7 @@ namespace openid\services; -class ServiceCatalog +class OpenIdServiceCatalog { const MementoService = 'openid\\services\\IMementoOpenIdRequestService'; const AuthenticationStrategy = 'openid\\handlers\\IOpenIdAuthenticationStrategy'; diff --git a/app/libs/openid/strategies/OpenIdResponseStrategyFactoryMethod.php b/app/libs/openid/strategies/OpenIdResponseStrategyFactoryMethod.php index eece4e14..d0f4b56e 100644 --- a/app/libs/openid/strategies/OpenIdResponseStrategyFactoryMethod.php +++ b/app/libs/openid/strategies/OpenIdResponseStrategyFactoryMethod.php @@ -5,7 +5,7 @@ namespace openid\strategies; use openid\responses\OpenIdDirectResponse; use openid\responses\OpenIdIndirectResponse; use openid\responses\OpenIdResponse; -use openid\services\Registry; +use openid\services\OpenIdRegistry; class OpenIdResponseStrategyFactoryMethod { @@ -19,12 +19,12 @@ class OpenIdResponseStrategyFactoryMethod switch ($type) { case OpenIdIndirectResponse::OpenIdIndirectResponse: { - return Registry::getInstance()->get(OpenIdIndirectResponse::OpenIdIndirectResponse); + return OpenIdRegistry::getInstance()->get(OpenIdIndirectResponse::OpenIdIndirectResponse); } break; case OpenIdDirectResponse::OpenIdDirectResponse: { - return Registry::getInstance()->get(OpenIdDirectResponse::OpenIdDirectResponse); + return OpenIdRegistry::getInstance()->get(OpenIdDirectResponse::OpenIdDirectResponse); } break; default: diff --git a/app/services/LockUserCounterMeasure.php b/app/services/LockUserCounterMeasure.php index dd95e936..31e5a895 100644 --- a/app/services/LockUserCounterMeasure.php +++ b/app/services/LockUserCounterMeasure.php @@ -10,8 +10,8 @@ namespace services; use Log; use openid\services\ISecurityPolicyCounterMeasure; -use openid\services\Registry; -use openid\services\ServiceCatalog; +use openid\services\OpenIdRegistry; +use openid\services\OpenIdServiceCatalog; use auth\OpenIdUser; use Exception; @@ -23,8 +23,8 @@ class LockUserCounterMeasure implements ISecurityPolicyCounterMeasure try { if (!isset($params["user_identifier"])) return; $user_identifier = $params["user_identifier"]; - $server_configuration = Registry::getInstance()->get(ServiceCatalog::ServerConfigurationService); - $user_service = Registry::getInstance()->get(ServiceCatalog::UserService); + $server_configuration = OpenIdRegistry::getInstance()->get(OpenIdServiceCatalog::ServerConfigurationService); + $user_service = OpenIdRegistry::getInstance()->get(OpenIdServiceCatalog::UserService); $user = OpenIdUser::where('external_id', '=', $user_identifier)->first(); if(is_null($user)) diff --git a/app/services/ServicesProvider.php b/app/services/ServicesProvider.php index ddbd7e3b..b4a22c22 100644 --- a/app/services/ServicesProvider.php +++ b/app/services/ServicesProvider.php @@ -3,8 +3,8 @@ namespace services; use Illuminate\Support\ServiceProvider; -use openid\services\Registry; -use openid\services\ServiceCatalog; +use openid\services\OpenIdRegistry; +use openid\services\OpenIdServiceCatalog; class ServicesProvider extends ServiceProvider { @@ -15,22 +15,23 @@ class ServicesProvider extends ServiceProvider //register on boot bc we rely on Illuminate\Redis\ServiceProvider\RedisServiceProvider - $this->app->singleton(ServiceCatalog::MementoService, 'services\\MementoRequestService'); - $this->app->singleton(ServiceCatalog::AuthenticationStrategy, 'services\\AuthenticationStrategy'); - $this->app->singleton(ServiceCatalog::ServerExtensionsService, 'services\\ServerExtensionsService'); - $this->app->singleton(ServiceCatalog::AssociationService, 'services\\AssociationService'); - $this->app->singleton(ServiceCatalog::TrustedSitesService, 'services\\TrustedSitesService'); - $this->app->singleton(ServiceCatalog::ServerConfigurationService, 'services\\ServerConfigurationService'); - $this->app->singleton(ServiceCatalog::UserService, 'services\\UserService'); - $this->app->singleton(ServiceCatalog::NonceService, 'services\\NonceService'); - $this->app->singleton(ServiceCatalog::LogService, 'services\\LogService'); + $this->app->singleton(OpenIdServiceCatalog::MementoService, 'services\\MementoRequestService'); + $this->app->singleton(OpenIdServiceCatalog::AuthenticationStrategy, 'services\\AuthenticationStrategy'); + $this->app->singleton(OpenIdServiceCatalog::ServerExtensionsService, 'services\\ServerExtensionsService'); + $this->app->singleton(OpenIdServiceCatalog::AssociationService, 'services\\AssociationService'); + $this->app->singleton(OpenIdServiceCatalog::TrustedSitesService, 'services\\TrustedSitesService'); + $this->app->singleton(OpenIdServiceCatalog::ServerConfigurationService, 'services\\ServerConfigurationService'); + $this->app->singleton(OpenIdServiceCatalog::UserService, 'services\\UserService'); + $this->app->singleton(OpenIdServiceCatalog::NonceService, 'services\\NonceService'); + $this->app->singleton(OpenIdServiceCatalog::LogService, 'services\\LogService'); + $this->app->singleton("services\\DelayCounterMeasure", 'services\\DelayCounterMeasure'); $this->app->singleton("services\\LockUserCounterMeasure", 'services\\LockUserCounterMeasure'); $this->app->singleton("services\\BlacklistSecurityPolicy", 'services\\BlacklistSecurityPolicy'); $this->app->singleton("services\\LockUserSecurityPolicy", 'services\\LockUserSecurityPolicy'); $this->app->singleton('services\\IUserActionService', 'services\\UserActionService'); - $this->app->singleton(ServiceCatalog::CheckPointService, + $this->app->singleton(OpenIdServiceCatalog::CheckPointService, function(){ //set security policies $delay_counter_measure = $this->app->make("services\\DelayCounterMeasure"); @@ -48,16 +49,16 @@ class ServicesProvider extends ServiceProvider return $checkpoint_service; }); - Registry::getInstance()->set(ServiceCatalog::MementoService, $this->app->make(ServiceCatalog::MementoService)); - Registry::getInstance()->set(ServiceCatalog::AuthenticationStrategy, $this->app->make(ServiceCatalog::AuthenticationStrategy)); - Registry::getInstance()->set(ServiceCatalog::ServerExtensionsService, $this->app->make(ServiceCatalog::ServerExtensionsService)); - Registry::getInstance()->set(ServiceCatalog::AssociationService, $this->app->make(ServiceCatalog::AssociationService)); - Registry::getInstance()->set(ServiceCatalog::TrustedSitesService, $this->app->make(ServiceCatalog::TrustedSitesService)); - Registry::getInstance()->set(ServiceCatalog::ServerConfigurationService, $this->app->make(ServiceCatalog::ServerConfigurationService)); - Registry::getInstance()->set(ServiceCatalog::UserService, $this->app->make(ServiceCatalog::UserService)); - Registry::getInstance()->set(ServiceCatalog::NonceService, $this->app->make(ServiceCatalog::NonceService)); - Registry::getInstance()->set(ServiceCatalog::LogService, $this->app->make(ServiceCatalog::LogService)); - Registry::getInstance()->set(ServiceCatalog::CheckPointService, $this->app->make(ServiceCatalog::CheckPointService)); + OpenIdRegistry::getInstance()->set(OpenIdServiceCatalog::MementoService, $this->app->make(OpenIdServiceCatalog::MementoService)); + OpenIdRegistry::getInstance()->set(OpenIdServiceCatalog::AuthenticationStrategy, $this->app->make(OpenIdServiceCatalog::AuthenticationStrategy)); + OpenIdRegistry::getInstance()->set(OpenIdServiceCatalog::ServerExtensionsService, $this->app->make(OpenIdServiceCatalog::ServerExtensionsService)); + OpenIdRegistry::getInstance()->set(OpenIdServiceCatalog::AssociationService, $this->app->make(OpenIdServiceCatalog::AssociationService)); + OpenIdRegistry::getInstance()->set(OpenIdServiceCatalog::TrustedSitesService, $this->app->make(OpenIdServiceCatalog::TrustedSitesService)); + OpenIdRegistry::getInstance()->set(OpenIdServiceCatalog::ServerConfigurationService, $this->app->make(OpenIdServiceCatalog::ServerConfigurationService)); + OpenIdRegistry::getInstance()->set(OpenIdServiceCatalog::UserService, $this->app->make(OpenIdServiceCatalog::UserService)); + OpenIdRegistry::getInstance()->set(OpenIdServiceCatalog::NonceService, $this->app->make(OpenIdServiceCatalog::NonceService)); + OpenIdRegistry::getInstance()->set(OpenIdServiceCatalog::LogService, $this->app->make(OpenIdServiceCatalog::LogService)); + OpenIdRegistry::getInstance()->set(OpenIdServiceCatalog::CheckPointService, $this->app->make(OpenIdServiceCatalog::CheckPointService)); } public function register() diff --git a/app/services/oauth2/MementoOAuth2RequestService.php b/app/services/oauth2/MementoOAuth2RequestService.php new file mode 100644 index 00000000..570c154a --- /dev/null +++ b/app/services/oauth2/MementoOAuth2RequestService.php @@ -0,0 +1,72 @@ + $value) { + if (array_key_exists($key,OAuth2AuthorizationRequest::$params) === true) { + array_push($oauth2_params, $key); + } + } + + if (count($oauth2_params) > 0) { + Input::flashOnly($oauth2_params); + return true; + } else { + $old_data = Input::old(); + $oauth2_params = array(); + foreach ($old_data as $key => $value) { + if (array_key_exists($key,OAuth2AuthorizationRequest::$params) === true) { + array_push($oauth2_params, $key); + } + } + if (count($oauth2_params) > 0) { + Session::reflash(); + return true; + } + } + + return false; + + } + + /** Retrieve last OAuth2AuthorizationRequest + * @return OAuth2AuthorizationRequest; + */ + public function getCurrentRequest() + { + $msg = new OAuth2AuthorizationRequest(Input::all()); + if (!$msg->isValid()) { + $msg = null; + $old_data = Input::old(); + $oauth2_params = array(); + foreach ($old_data as $key => $value) { + if (array_key_exists($key,OAuth2AuthorizationRequest::$params) === true) { + $oauth2_params[$key] = $value; + } + } + if (count($oauth2_params) > 0) { + $msg = new OAuth2AuthorizationRequest($oauth2_params); + } + } + return $msg; + } + + public function clearCurrentRequest() + { + // TODO: Implement clearCurrentRequest() method. + } +} \ No newline at end of file diff --git a/app/start/global.php b/app/start/global.php index f52b11c6..a1b99adc 100644 --- a/app/start/global.php +++ b/app/start/global.php @@ -11,8 +11,8 @@ | */ use openid\exceptions\InvalidOpenIdMessageException; -use \openid\services\Registry; -use \openid\services\ServiceCatalog; +use \openid\services\OpenIdRegistry; +use \openid\services\OpenIdServiceCatalog; ClassLoader::addDirectories(array( @@ -60,7 +60,7 @@ $mono_log->pushHandler($handler); App::error(function (Exception $exception, $code) { - $checkpoint_service = Registry::getInstance()->get(ServiceCatalog::CheckPointService); + $checkpoint_service = OpenIdRegistry::getInstance()->get(OpenIdServiceCatalog::CheckPointService); Log::error($exception); if($checkpoint_service ){ $checkpoint_service->trackException($exception); @@ -70,7 +70,7 @@ App::error(function (Exception $exception, $code) { App::error(function (InvalidOpenIdMessageException $exception, $code) { - $checkpoint_service = Registry::getInstance()->get(ServiceCatalog::CheckPointService); + $checkpoint_service = OpenIdRegistry::getInstance()->get(OpenIdServiceCatalog::CheckPointService); Log::error($exception); if($checkpoint_service ){ $checkpoint_service->trackException($exception); diff --git a/app/strategies/OpenIdLoginStrategy.php b/app/strategies/OpenIdLoginStrategy.php index 40e8077e..743ead53 100644 --- a/app/strategies/OpenIdLoginStrategy.php +++ b/app/strategies/OpenIdLoginStrategy.php @@ -2,16 +2,16 @@ namespace strategies; +use Auth; use openid\OpenIdProtocol; use openid\requests\OpenIdAuthenticationRequest; use openid\responses\OpenIdNonImmediateNegativeAssertion; use openid\services\IMementoOpenIdRequestService; use openid\strategies\OpenIdResponseStrategyFactoryMethod; +use Redirect; use services\IPHelper; use services\IUserActionService; -use \Auth; -use \Redirect; -use \View; +use View; class OpenIdLoginStrategy implements ILoginStrategy { @@ -24,30 +24,25 @@ class OpenIdLoginStrategy implements ILoginStrategy IUserActionService $user_action_service, IAuthService $auth_service) { - $this->memento_service = $memento_service; + $this->memento_service = $memento_service; $this->user_action_service = $user_action_service; - $this->auth_service = $auth_service; + $this->auth_service = $auth_service; } public function getLogin() { if (Auth::guest()) { - $msg = $this->memento_service->getCurrentRequest(); - if (is_null($msg) || !$msg->isValid() || !OpenIdAuthenticationRequest::IsOpenIdAuthenticationRequest($msg)) - return View::make("login"); - else { - $auth_request = new OpenIdAuthenticationRequest($msg); - $params = array('realm' => $auth_request->getRealm()); - - if (!$auth_request->isIdentitySelectByOP()) { - $params['claimed_id'] = $auth_request->getClaimedId(); - $params['identity'] = $auth_request->getIdentity(); - $params['identity_select'] = false; - } else { - $params['identity_select'] = true; - } - return View::make("login", $params); + $msg = $this->memento_service->getCurrentRequest(); + $auth_request = new OpenIdAuthenticationRequest($msg); + $params = array('realm' => $auth_request->getRealm()); + if (!$auth_request->isIdentitySelectByOP()) { + $params['claimed_id'] = $auth_request->getClaimedId(); + $params['identity'] = $auth_request->getIdentity(); + $params['identity_select'] = false; + } else { + $params['identity_select'] = true; } + return View::make("login", $params); } else { return Redirect::action("UserController@getProfile"); } @@ -63,10 +58,10 @@ class OpenIdLoginStrategy implements ILoginStrategy public function cancelLogin() { - $msg = $this->memento_service->getCurrentRequest(); - $cancel_response = new OpenIdNonImmediateNegativeAssertion(); - $cancel_response->setReturnTo($msg->getParam(OpenIdProtocol::OpenIDProtocol_ReturnTo)); - $strategy = OpenIdResponseStrategyFactoryMethod::buildStrategy($cancel_response); - return $strategy->handle($cancel_response); + $msg = $this->memento_service->getCurrentRequest(); + $cancel_response = new OpenIdNonImmediateNegativeAssertion(); + $cancel_response->setReturnTo($msg->getParam(OpenIdProtocol::OpenIDProtocol_ReturnTo)); + $strategy = OpenIdResponseStrategyFactoryMethod::buildStrategy($cancel_response); + return $strategy->handle($cancel_response); } } \ No newline at end of file diff --git a/app/strategies/OpenIdResponseStrategyProvider.php b/app/strategies/OpenIdResponseStrategyProvider.php index 702b1711..2271de29 100644 --- a/app/strategies/OpenIdResponseStrategyProvider.php +++ b/app/strategies/OpenIdResponseStrategyProvider.php @@ -5,7 +5,7 @@ namespace strategies; use Illuminate\Support\ServiceProvider; use openid\responses\OpenIdDirectResponse; use openid\responses\OpenIdIndirectResponse; -use openid\services\Registry; +use openid\services\OpenIdRegistry; class OpenIdResponseStrategyProvider extends ServiceProvider { @@ -16,8 +16,8 @@ class OpenIdResponseStrategyProvider extends ServiceProvider $this->app->singleton(OpenIdDirectResponse::OpenIdDirectResponse, 'strategies\\OpenIdDirectResponseStrategy'); $this->app->singleton(OpenIdIndirectResponse::OpenIdIndirectResponse, 'strategies\\OpenIdIndirectResponseStrategy'); - Registry::getInstance()->set(OpenIdDirectResponse::OpenIdDirectResponse, $this->app->make(OpenIdDirectResponse::OpenIdDirectResponse)); - Registry::getInstance()->set(OpenIdIndirectResponse::OpenIdIndirectResponse, $this->app->make(OpenIdIndirectResponse::OpenIdIndirectResponse)); + OpenIdRegistry::getInstance()->set(OpenIdDirectResponse::OpenIdDirectResponse, $this->app->make(OpenIdDirectResponse::OpenIdDirectResponse)); + OpenIdRegistry::getInstance()->set(OpenIdIndirectResponse::OpenIdIndirectResponse, $this->app->make(OpenIdIndirectResponse::OpenIdIndirectResponse)); } public function register()