Integration Testing
fixed bug on consent logic Change-Id: I98cb06b045361d8da350cfd4190446ed320858ad Implements: blueprint openid-oauth2-integration-testing
This commit is contained in:
Sebastian Marcet
parent
26fd5fa71e
commit
62cd3341b1
@ -72,6 +72,7 @@ class UserController extends BaseController
|
||||
|
||||
$openid_msg = $this->openid_memento_service->getCurrentRequest();
|
||||
$oauth2_msg = $this->oauth2_memento_service->getCurrentAuthorizationRequest();
|
||||
|
||||
if (!is_null($openid_msg) && $openid_msg->isValid() && OpenIdAuthenticationRequest::IsOpenIdAuthenticationRequest($openid_msg)) {
|
||||
//openid stuff
|
||||
$this->beforeFilter('openid.save.request');
|
||||
@ -81,7 +82,7 @@ class UserController extends BaseController
|
||||
} else if (!is_null($oauth2_msg) && $oauth2_msg->isValid()) {
|
||||
$this->beforeFilter('oauth2.save.request');
|
||||
$this->beforeFilter('oauth2.needs.auth.request', array('only' => array('getConsent')));
|
||||
$this->login_strategy = new OAuth2LoginStrategy();
|
||||
$this->login_strategy = new OAuth2LoginStrategy($auth_service, $oauth2_memento_service ,$user_action_service);
|
||||
$this->consent_strategy = new OAuth2ConsentStrategy($auth_service, $oauth2_memento_service, $scope_service, $client_service);
|
||||
} else {
|
||||
//default stuff
|
||||
|
||||
@ -61,7 +61,6 @@ class AuthService implements IAuthService
|
||||
|
||||
public function setUserAuthorizationResponse($auth_response)
|
||||
{
|
||||
//todo : check valid response
|
||||
Session::set("openid.authorization.response", $auth_response);
|
||||
}
|
||||
|
||||
@ -81,4 +80,27 @@ class AuthService implements IAuthService
|
||||
{
|
||||
return User::find($id);
|
||||
}
|
||||
|
||||
// Authentication
|
||||
|
||||
public function getUserAuthenticationResponse()
|
||||
{
|
||||
if (Session::has("openstackid.authentication.response")) {
|
||||
$value = Session::get("openstackid.authentication.response");
|
||||
return $value;
|
||||
}
|
||||
return IAuthService::AuthenticationResponse_None;
|
||||
}
|
||||
|
||||
public function setUserAuthenticationResponse($auth_response)
|
||||
{
|
||||
Session::set("openstackid.authentication.response", $auth_response);
|
||||
}
|
||||
|
||||
public function clearUserAuthenticationResponse()
|
||||
{
|
||||
if (Session::has("openstackid.authentication.response")) {
|
||||
Session::remove("openstackid.authentication.response");
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -145,6 +145,17 @@ class AuthorizationCodeGrantType extends AbstractGrantType
|
||||
throw new ScopeNotAllowedException(sprintf("scope %s", $scope));
|
||||
|
||||
$state = $request->getState();
|
||||
|
||||
$authentication_response = $this->auth_service->getUserAuthenticationResponse();
|
||||
|
||||
if($authentication_response == IAuthService::AuthenticationResponse_Cancel){
|
||||
//clear saved data ...
|
||||
$this->memento_service->clearCurrentRequest();
|
||||
$this->auth_service->clearUserAuthenticationResponse();
|
||||
$this->auth_service->clearUserAuthorizationResponse();
|
||||
throw new AccessDeniedException;
|
||||
}
|
||||
|
||||
//check user logged
|
||||
if (!$this->auth_service->isUserLogged()) {
|
||||
$this->memento_service->saveCurrentAuthorizationRequest();
|
||||
|
||||
@ -140,6 +140,17 @@ class ImplicitGrantType extends AbstractGrantType
|
||||
|
||||
$state = $request->getState();
|
||||
//check user logged
|
||||
|
||||
$authentication_response = $this->auth_service->getUserAuthenticationResponse();
|
||||
|
||||
if($authentication_response == IAuthService::AuthenticationResponse_Cancel){
|
||||
//clear saved data ...
|
||||
$this->memento_service->clearCurrentRequest();
|
||||
$this->auth_service->clearUserAuthenticationResponse();
|
||||
$this->auth_service->clearUserAuthorizationResponse();
|
||||
throw new AccessDeniedException;
|
||||
}
|
||||
|
||||
if (!$this->auth_service->isUserLogged()) {
|
||||
$this->memento_service->saveCurrentAuthorizationRequest();
|
||||
return $this->auth_strategy->doLogin($this->memento_service->getCurrentAuthorizationRequest());
|
||||
@ -161,6 +172,9 @@ class ImplicitGrantType extends AbstractGrantType
|
||||
return $this->auth_strategy->doConsent($this->memento_service->getCurrentAuthorizationRequest());
|
||||
}
|
||||
else if ($authorization_response == IAuthService::AuthorizationResponse_DenyOnce) {
|
||||
//clear saved data ...
|
||||
$this->memento_service->clearCurrentRequest();
|
||||
$this->auth_service->clearUserAuthorizationResponse();
|
||||
throw new AccessDeniedException;
|
||||
}
|
||||
//save possitive consent
|
||||
|
||||
@ -18,11 +18,13 @@ class OAuth2AuthorizationRequest extends OAuth2Request {
|
||||
}
|
||||
|
||||
public static $params = array(
|
||||
OAuth2Protocol::OAuth2Protocol_ResponseType => OAuth2Protocol::OAuth2Protocol_ResponseType,
|
||||
OAuth2Protocol::OAuth2Protocol_ClientId => OAuth2Protocol::OAuth2Protocol_ClientId,
|
||||
OAuth2Protocol::OAuth2Protocol_RedirectUri => OAuth2Protocol::OAuth2Protocol_RedirectUri,
|
||||
OAuth2Protocol::OAuth2Protocol_Scope => OAuth2Protocol::OAuth2Protocol_Scope,
|
||||
OAuth2Protocol::OAuth2Protocol_State => OAuth2Protocol::OAuth2Protocol_State
|
||||
OAuth2Protocol::OAuth2Protocol_ResponseType => OAuth2Protocol::OAuth2Protocol_ResponseType,
|
||||
OAuth2Protocol::OAuth2Protocol_ClientId => OAuth2Protocol::OAuth2Protocol_ClientId,
|
||||
OAuth2Protocol::OAuth2Protocol_RedirectUri => OAuth2Protocol::OAuth2Protocol_RedirectUri,
|
||||
OAuth2Protocol::OAuth2Protocol_Scope => OAuth2Protocol::OAuth2Protocol_Scope,
|
||||
OAuth2Protocol::OAuth2Protocol_State => OAuth2Protocol::OAuth2Protocol_State,
|
||||
OAuth2Protocol::OAuth2Protocol_Approval_Prompt => OAuth2Protocol::OAuth2Protocol_Approval_Prompt,
|
||||
OAuth2Protocol::OAuth2Protocol_AccessType => OAuth2Protocol::OAuth2Protocol_AccessType,
|
||||
);
|
||||
|
||||
/**
|
||||
|
||||
@ -151,7 +151,16 @@ class OpenIdAuthenticationRequestHandler extends OpenIdMessageHandler
|
||||
private function doSetupMode()
|
||||
{
|
||||
|
||||
if (!$this->auth_service->isUserLogged())
|
||||
$authentication_response = $this->auth_service->getUserAuthenticationResponse();
|
||||
if($authentication_response == IAuthService::AuthenticationResponse_Cancel){
|
||||
//clear saved data ...
|
||||
$this->memento_service->clearCurrentRequest();
|
||||
$this->auth_service->clearUserAuthenticationResponse();
|
||||
$this->auth_service->clearUserAuthorizationResponse();
|
||||
return new OpenIdNonImmediateNegativeAssertion($this->current_request->getReturnTo());
|
||||
}
|
||||
|
||||
if (!$this->auth_service->isUserLogged())
|
||||
return $this->doLogin();
|
||||
|
||||
//user already logged
|
||||
@ -163,7 +172,7 @@ class OpenIdAuthenticationRequestHandler extends OpenIdMessageHandler
|
||||
$current_identity = $this->current_request->getIdentity();
|
||||
// check is claimed identity match with current one
|
||||
// if not logs out and do re login
|
||||
$current_user = $this->auth_service->getCurrentUser();
|
||||
$current_user = $this->auth_service->getCurrentUser();
|
||||
if (is_null($current_user))
|
||||
throw new Exception("User not set!");
|
||||
|
||||
@ -372,6 +381,7 @@ class OpenIdAuthenticationRequestHandler extends OpenIdMessageHandler
|
||||
if (!$this->auth_service->isUserLogged()) {
|
||||
return new OpenIdImmediateNegativeAssertion($this->current_request->getReturnTo());
|
||||
}
|
||||
|
||||
$currentUser = $this->auth_service->getCurrentUser();
|
||||
|
||||
$this->current_request_context->cleanTrustedData();
|
||||
|
||||
@ -11,6 +11,9 @@ interface IAuthService
|
||||
const AuthorizationResponse_DenyForever = "DenyForever";
|
||||
const AuthorizationResponse_DenyOnce = "DenyOnce";
|
||||
|
||||
const AuthenticationResponse_None = "None";
|
||||
const AuthenticationResponse_Cancel = "Cancel";
|
||||
|
||||
/**
|
||||
* @return bool
|
||||
*/
|
||||
@ -33,7 +36,13 @@ interface IAuthService
|
||||
|
||||
public function setUserAuthorizationResponse($auth_response);
|
||||
|
||||
public function clearUserAuthorizationResponse();
|
||||
public function clearUserAuthorizationResponse();
|
||||
|
||||
public function getUserAuthenticationResponse();
|
||||
|
||||
public function setUserAuthenticationResponse($auth_response);
|
||||
|
||||
public function clearUserAuthenticationResponse();
|
||||
|
||||
public function logout();
|
||||
|
||||
|
||||
@ -3,12 +3,30 @@
|
||||
namespace strategies;
|
||||
|
||||
use Auth;
|
||||
use oauth2\services\IMementoOAuth2AuthenticationRequestService;
|
||||
use Redirect;
|
||||
use View;
|
||||
use services\IUserActionService;
|
||||
use utils\services\IAuthService;
|
||||
use utils\IPHelper;
|
||||
|
||||
class OAuth2LoginStrategy implements ILoginStrategy{
|
||||
|
||||
public function getLogin()
|
||||
private $memento_service;
|
||||
private $user_action_service;
|
||||
private $auth_service;
|
||||
|
||||
public function __construct(IAuthService $auth_service,
|
||||
IMementoOAuth2AuthenticationRequestService $memento_service,
|
||||
IUserActionService $user_action_service
|
||||
)
|
||||
{
|
||||
$this->memento_service = $memento_service;
|
||||
$this->user_action_service = $user_action_service;
|
||||
$this->auth_service = $auth_service;
|
||||
}
|
||||
|
||||
public function getLogin()
|
||||
{
|
||||
if (Auth::guest()) {
|
||||
return View::make("login");
|
||||
@ -17,13 +35,16 @@ class OAuth2LoginStrategy implements ILoginStrategy{
|
||||
}
|
||||
}
|
||||
|
||||
public function postLogin()
|
||||
public function postLogin()
|
||||
{
|
||||
$auth_request = $this->memento_service->getCurrentAuthorizationRequest();
|
||||
$this->user_action_service->addUserAction($this->auth_service->getCurrentUser(), IPHelper::getUserIp(), IUserActionService::LoginAction, $auth_request->getRedirectUri() );
|
||||
return Redirect::action("OAuth2ProviderController@authorize");
|
||||
}
|
||||
|
||||
public function cancelLogin()
|
||||
public function cancelLogin()
|
||||
{
|
||||
$this->auth_service->setUserAuthenticationResponse(IAuthService::AuthenticationResponse_Cancel);
|
||||
return Redirect::action("OAuth2ProviderController@authorize");
|
||||
}
|
||||
}
|
||||
@ -60,10 +60,7 @@ class OpenIdLoginStrategy implements ILoginStrategy
|
||||
|
||||
public function cancelLogin()
|
||||
{
|
||||
$msg = $this->memento_service->getCurrentRequest();
|
||||
$cancel_response = new OpenIdNonImmediateNegativeAssertion();
|
||||
$cancel_response->setReturnTo($msg->getParam(OpenIdProtocol::OpenIDProtocol_ReturnTo));
|
||||
$strategy = OpenIdResponseStrategyFactoryMethod::buildStrategy($cancel_response);
|
||||
return $strategy->handle($cancel_response);
|
||||
$this->auth_service->setUserAuthenticationResponse(IAuthService::AuthenticationResponse_Cancel);
|
||||
return Redirect::action("OpenIdProviderController@endpoint");
|
||||
}
|
||||
}
|
||||
@ -37,7 +37,7 @@
|
||||
<p class="privacy-policy">
|
||||
** <b>{{$app_name}}</b> Application and <b>Openstack</b> will use this information in accordance with their respective terms of service and privacy policies.
|
||||
</p>
|
||||
{{ Form::open(array('url' => '/accounts/user/consent','id'=>'authorization_form', 'method' => 'post', "autocomplete" => "off")) }}
|
||||
{{ Form::open(array('url' => URL::action("UserController@postConsent") ,'id'=>'authorization_form', 'method' => 'post', "autocomplete" => "off")) }}
|
||||
<input type="hidden" name='trust' id='trust' value=""/>
|
||||
<button class="btn" id="cancel-authorization" type="button">Cancel</button>
|
||||
<button class="btn btn-primary" id="approve-authorization" type="button">Accept</button>
|
||||
|
||||
@ -12,7 +12,7 @@ Welcome, <a href="{{ URL::action("UserController@getProfile") }}">{{Auth::user()
|
||||
@section('content')
|
||||
<div class="container">
|
||||
<h4>OpenstackId - Openid verification</h4>
|
||||
{{ Form::open(array('url' => '/accounts/user/consent','id'=>'authorization_form', 'method' => 'post', "autocomplete" => "off")) }}
|
||||
{{ Form::open(array('url' => URL::action("UserController@postConsent"),'id'=>'authorization_form', 'method' => 'post', "autocomplete" => "off")) }}
|
||||
<fieldset>
|
||||
<legend>
|
||||
Sign in to <b>{{ $realm }}</b> using your openstackid
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user