-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
8 changed files
with
539 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
126 changes: 126 additions & 0 deletions
126
app/plugins/CoreServer/src/Controller/Oauth2ServersController.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,126 @@ | ||
| <?php | ||
| /** | ||
| * COmanage Registry Oauth2 Servers Controller | ||
| * | ||
| * Portions licensed to the University Corporation for Advanced Internet | ||
| * Development, Inc. ("UCAID") under one or more contributor license agreements. | ||
| * See the NOTICE file distributed with this work for additional information | ||
| * regarding copyright ownership. | ||
| * | ||
| * UCAID licenses this file to you under the Apache License, Version 2.0 | ||
| * (the "License"); you may not use this file except in compliance with the | ||
| * License. You may obtain a copy of the License at: | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| * | ||
| * @link https://www.internet2.edu/comanage COmanage Project | ||
| * @package registry-plugins | ||
| * @since COmanage Registry v5.0.0 | ||
| * @license Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0) | ||
| */ | ||
|
|
||
| declare(strict_types=1); | ||
|
|
||
| namespace CoreServer\Controller; | ||
|
|
||
| use App\Controller\StandardPluginController; | ||
| use Cake\Event\EventInterface; | ||
|
|
||
| class Oauth2ServersController extends StandardPluginController | ||
| { | ||
| public $paginate = [ | ||
| 'order' => [ | ||
| 'OauthServers.url' => 'asc' | ||
| ] | ||
| ]; | ||
|
|
||
|
|
||
| /** | ||
| * Callback run prior to the request render. | ||
| * | ||
| * @param EventInterface $event Cake Event | ||
| * | ||
| * @return Response|void | ||
| * @since COmanage Registry v5.2.0 | ||
| */ | ||
|
|
||
| public function beforeRender(EventInterface $event) | ||
| { | ||
| // Generate the callback URL | ||
|
|
||
| if ($this->getRequest()->getParam('action') === 'edit') { | ||
| $id = $this->getRequest()->getParam('pass')[0] ?? null; // Assuming $id comes from passed arguments | ||
| $this->set('vv_callback_endpoint', $this->Oauth2Servers->redirectUri($id)); | ||
| } | ||
|
|
||
| return parent::beforeRender($event); | ||
| } | ||
|
|
||
| /** | ||
| * OAuth callback. | ||
| * | ||
| * @param integer $id Oauth2Server ID | ||
| * @since COmanage Registry v5.2.0 | ||
| */ | ||
|
|
||
| public function callback($id) | ||
| { | ||
| // We have to look in $_GET because what we get back isn't a Cake style named parameter | ||
| // (ie: code=foo, not code:foo) | ||
|
|
||
| try { | ||
| if (empty($_GET['code']) || empty($_GET['state'])) { | ||
| throw new RuntimeException(__d('core_server', 'error.Oauth2Servers.callback')); | ||
| } | ||
|
|
||
| // Verify that state is our hashed session ID, as per RFC6749 §10.12 | ||
| // recommendations to prevent CSRF. | ||
| // https://tools.ietf.org/html/rfc6749#section-10.12 | ||
|
|
||
| if ($_GET['state'] != hash('sha256', session_id())) { | ||
| throw new RuntimeException(__d('core_server', 'error.Oauth2Servers.state')); | ||
| } | ||
|
|
||
| $response = $this->Oauth2Servers->exchangeCode($id, $_GET['code'], $this->Oauth2Server->redirectUri($id)); | ||
|
|
||
| $this->Flash->set(_txt('rs.server.oauth2.token.ok'), array('key' => 'success')); | ||
| } catch (Exception $e) { | ||
| $this->Flash->set($e->getMessage(), array('key' => 'error')); | ||
| } | ||
|
|
||
| $this->performRedirect(); | ||
| } | ||
|
|
||
| /** | ||
| * Perform a redirect back to the controller's default view. | ||
| * | ||
| * @since COmanage Registry v5.2.0 | ||
| */ | ||
|
|
||
| function performRedirect(): void | ||
| { | ||
| $target = []; | ||
| $target['plugin'] = null; | ||
|
|
||
| if (!empty($this->getRequest()->getParam('pass')[0])) { | ||
| $target['plugin'] = 'CoreServer'; | ||
| $target['controller'] = 'Oauth2Servers'; | ||
| $target['action'] = 'edit'; | ||
| $target[] = filter_var($this->getRequest()->getParam('pass')[0], FILTER_SANITIZE_SPECIAL_CHARS); | ||
| } else { | ||
| $target['controller'] = 'Servers'; | ||
| $target['action'] = 'index'; | ||
| $target['?'] = [ | ||
| 'co_id' => $this->getCOID() | ||
| ]; | ||
|
|
||
| $this->redirect($target); | ||
| } | ||
| } | ||
| } |
39 changes: 39 additions & 0 deletions
39
app/plugins/CoreServer/src/Lib/Enum/Oauth2GrandTypesEnum.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| <?php | ||
| /** | ||
| * COmanage Registry Grand Types Enum | ||
| * | ||
| * Portions licensed to the University Corporation for Advanced Internet | ||
| * Development, Inc. ("UCAID") under one or more contributor license agreements. | ||
| * See the NOTICE file distributed with this work for additional information | ||
| * regarding copyright ownership. | ||
| * | ||
| * UCAID licenses this file to you under the Apache License, Version 2.0 | ||
| * (the "License"); you may not use this file except in compliance with the | ||
| * License. You may obtain a copy of the License at: | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| * | ||
| * @link https://www.internet2.edu/comanage COmanage Project | ||
| * @package registry-plugins | ||
| * @since COmanage Registry v5.0.0 | ||
| * @license Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0) | ||
| */ | ||
|
|
||
| declare(strict_types = 1); | ||
|
|
||
| namespace CoreServer\Lib\Enum; | ||
|
|
||
| use App\Lib\Enum\StandardEnum; | ||
|
|
||
| class Oauth2GrandTypesEnum extends StandardEnum | ||
| { | ||
| const AuthorizationCode = 'AC'; | ||
| const ClientCredentials = 'CC'; | ||
| // We don't currently support Implicit or Password Credentials | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,49 @@ | ||
| <?php | ||
| /** | ||
| * COmanage Registry Oauth2 Server Entity | ||
| * | ||
| * Portions licensed to the University Corporation for Advanced Internet | ||
| * Development, Inc. ("UCAID") under one or more contributor license agreements. | ||
| * See the NOTICE file distributed with this work for additional information | ||
| * regarding copyright ownership. | ||
| * | ||
| * UCAID licenses this file to you under the Apache License, Version 2.0 | ||
| * (the "License"); you may not use this file except in compliance with the | ||
| * License. You may obtain a copy of the License at: | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| * | ||
| * @link https://www.internet2.edu/comanage COmanage Project | ||
| * @package registry-plugins | ||
| * @since COmanage Registry v5.2.0 | ||
| * @license Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0) | ||
| */ | ||
|
|
||
| declare(strict_types=1); | ||
|
|
||
| namespace CoreServer\Model\Entity; | ||
|
|
||
| use Cake\ORM\Entity; | ||
|
|
||
| class Oauth2Server extends Entity { | ||
| /** | ||
| * Fields that can be mass assigned using newEntity() or patchEntity(). | ||
| * | ||
| * Note that when '*' is set to true, this allows all unspecified fields to | ||
| * be mass assigned. For security purposes, it is advised to set '*' to false | ||
| * (or remove it), and explicitly make individual fields accessible as needed. | ||
| * | ||
| * @var array<string, bool> | ||
| */ | ||
| protected $_accessible = [ | ||
| '*' => true, | ||
| 'id' => false, | ||
| 'slug' => false, | ||
| ]; | ||
| } |
Oops, something went wrong.