Updated claims on OpenId/OAuth

* updated claim nickname to be user identifier * added sub claim to endpoint /api/v1/userinfo/me * fixed broken test Change-Id: I9c34e5c2271ba5bcf7e480ea31530d1717fb0e09
2017-04-12 00:37:06 -03:00 · 2017-04-12 00:37:06 -03:00 · b459998364
commit b459998364
parent 8bfc282634
4 changed files with 21 additions and 16 deletions
--- a/app/Repositories/EloquentResourceServerRepository.php
+++ b/app/Repositories/EloquentResourceServerRepository.php
@ -39,6 +39,7 @@ final class EloquentResourceServerRepository
     */
    public function getByHost($host)
    {
+        if(!is_array($host)) $host = [$host];
        return $this->entity->whereIn('host', $host)->first();
    }

--- a/app/Services/OAuth2/ResourceServer/UserService.php
+++ b/app/Services/OAuth2/ResourceServer/UserService.php
@ -127,13 +127,14 @@ class UserService extends OAuth2ProtectedService implements IUserService
                $pic_url    = $current_user->getPic();
                $pic_url    = str_contains($pic_url, 'http') ? $pic_url : $assets_url . $pic_url;

-                $data[StandardClaims::Name]       = $current_user->getFullName();
-                $data[StandardClaims::GivenName]  = $current_user->getFirstName();
-                $data[StandardClaims::FamilyName] = $current_user->getLastName();
-                $data[StandardClaims::NickName]   = $current_user->getNickName();
-                $data[StandardClaims::Picture]    = $pic_url;
-                $data[StandardClaims::Birthdate]  = $current_user->getDateOfBirth();
-                $data[StandardClaims::Gender]     = $current_user->getGender();
+                $data[StandardClaims::Name]                = $current_user->getFullName();
+                $data[StandardClaims::GivenName]           = $current_user->getFirstName();
+                $data[StandardClaims::FamilyName]          = $current_user->getLastName();
+                $data[StandardClaims::NickName]            = $current_user->getIdentifier();
+                $data[StandardClaims::SubjectIdentifier]   = $current_user->getAuthIdentifier();
+                $data[StandardClaims::Picture]             = $pic_url;
+                $data[StandardClaims::Birthdate]           = $current_user->getDateOfBirth();
+                $data[StandardClaims::Gender]              = $current_user->getGender();
            }
            if (in_array(self::UserProfileScope_Email, $scopes)) {
                // Email Claim
--- a/app/libs/OpenId/Extensions/Implementations/OpenIdSREGExtension_1_0.php
+++ b/app/libs/OpenId/Extensions/Implementations/OpenIdSREGExtension_1_0.php
@ -76,15 +76,15 @@ class OpenIdSREGExtension_1_0 extends OpenIdExtension

        $this->auth_service = $auth_service;

-        self::$available_properties[OpenIdSREGExtension::Nickname] = OpenIdSREGExtension::Nickname;
-        self::$available_properties[OpenIdSREGExtension::Email] = OpenIdSREGExtension::Email;
-        self::$available_properties[OpenIdSREGExtension::FullName] = OpenIdSREGExtension::FullName;
-        self::$available_properties[OpenIdSREGExtension::Country] = OpenIdSREGExtension::Country;
-        self::$available_properties[OpenIdSREGExtension::Language] = OpenIdSREGExtension::Language;
-        self::$available_properties[OpenIdSREGExtension::Gender] = OpenIdSREGExtension::Gender;
+        self::$available_properties[OpenIdSREGExtension::Nickname]       = OpenIdSREGExtension::Nickname;
+        self::$available_properties[OpenIdSREGExtension::Email]          = OpenIdSREGExtension::Email;
+        self::$available_properties[OpenIdSREGExtension::FullName]       = OpenIdSREGExtension::FullName;
+        self::$available_properties[OpenIdSREGExtension::Country]        = OpenIdSREGExtension::Country;
+        self::$available_properties[OpenIdSREGExtension::Language]       = OpenIdSREGExtension::Language;
+        self::$available_properties[OpenIdSREGExtension::Gender]         = OpenIdSREGExtension::Gender;
        self::$available_properties[OpenIdSREGExtension::DateOfBirthday] = OpenIdSREGExtension::DateOfBirthday;
-        self::$available_properties[OpenIdSREGExtension::Postcode] = OpenIdSREGExtension::Postcode;
-        self::$available_properties[OpenIdSREGExtension::Timezone] = OpenIdSREGExtension::Timezone;
+        self::$available_properties[OpenIdSREGExtension::Postcode]       = OpenIdSREGExtension::Postcode;
+        self::$available_properties[OpenIdSREGExtension::Timezone]       = OpenIdSREGExtension::Timezone;
    }

    /**
@ -152,6 +152,9 @@ class OpenIdSREGExtension_1_0 extends OpenIdExtension
                if ($attr == self::Nickname || $attr == self::FullName) {
                    $response->addParam(self::param($attr), $user->getFullName());
                }
+                if ($attr == self::Nickname) {
+                    $response->addParam(self::param($attr), $user->getIdentifier());
+                }
                if ($attr == self::Language) {
                    $response->addParam(self::param($attr), $user->getLanguage());
                }
--- a/tests/OpenIdProtocolTest.php
+++ b/tests/OpenIdProtocolTest.php
@ -635,7 +635,7 @@ class OpenIdProtocolTest extends OpenStackIDBaseTest

        //set login info
        Session::set("openid.authorization.response", IAuthService::AuthorizationResponse_AllowForever);
-        $sreg_required_params = array('email', 'fullname');
+        $sreg_required_params = array('email', 'fullname', 'nickname');

        $params = array(
            OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_NS) => OpenIdProtocol::OpenID2MessageType,