airavata-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From scnakand...@apache.org
Subject airavata-php-gateway git commit: adding oauth password grant type to pga
Date Fri, 16 Oct 2015 18:04:35 GMT
Repository: airavata-php-gateway
Updated Branches:
  refs/heads/master c398dd9f6 -> 2ce44acca


adding oauth password grant type to pga


Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/2ce44acc
Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/2ce44acc
Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/2ce44acc

Branch: refs/heads/master
Commit: 2ce44accadb9dd50d0eb57ec8e892d1099b99049
Parents: c398dd9
Author: scnakandala <supun.nakandala@gmail.com>
Authored: Fri Oct 16 14:04:28 2015 -0400
Committer: scnakandala <supun.nakandala@gmail.com>
Committed: Fri Oct 16 14:04:28 2015 -0400

----------------------------------------------------------------------
 app/config/pga_config.php.template        |  15 --
 app/controllers/AccountController.php     | 198 +++++++++++++------------
 app/filters.php                           |   2 +-
 app/libraries/Wsis/Stubs/OAuthManager.php |  33 ++++-
 app/libraries/Wsis/Wsis.php               |   4 +-
 app/routes.php                            |   2 +-
 6 files changed, 137 insertions(+), 117 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/2ce44acc/app/config/pga_config.php.template
----------------------------------------------------------------------
diff --git a/app/config/pga_config.php.template b/app/config/pga_config.php.template
index 878092f..610534e 100644
--- a/app/config/pga_config.php.template
+++ b/app/config/pga_config.php.template
@@ -39,16 +39,6 @@ return array(
         'admin-password' => 'master',
 
         /**
-         * Authentication mode (basic, oauth)
-         */
-        'auth-mode' => 'basic',
-
-        /**
-         * WSO2 OAuth Service Provider Application ID
-         */
-        'oauth-service-provider-id' => 'OpenidConnectWebapp-local',
-
-        /**
          * OAuth client key
          */
         'oauth-client-key' => 'iGEREhSBLuGapdcXwMU0b8jEpA4a',
@@ -59,11 +49,6 @@ return array(
         'oauth-client-secret' => 'g4Lgp05JIJcNQryJkNKjXJYi8A8a',
 
         /**
-         * OAuth callback url
-         */
-        'oauth-callback-url' => 'http://localhost/airavata-php-gateway/public/callback-url',
-
-        /**
          * Identity server domain
          */
         'server' => 'idp.scigap.org',

http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/2ce44acc/app/controllers/AccountController.php
----------------------------------------------------------------------
diff --git a/app/controllers/AccountController.php b/app/controllers/AccountController.php
index c22979b..04fb072 100755
--- a/app/controllers/AccountController.php
+++ b/app/controllers/AccountController.php
@@ -23,8 +23,6 @@ class AccountController extends BaseController
 
         $validator = Validator::make(Input::all(), $rules, $messages);
         if ($validator->fails()) {
-            $messages = $validator->messages();
-
             return Redirect::to("create")
                 ->withInput(Input::except('password', 'password_confirm'))
                 ->withErrors($validator);
@@ -36,7 +34,7 @@ class AccountController extends BaseController
         $password = $_POST['password'];
         $email = $_POST['email'];
 
-        //Fixme - Save these user information
+//        Fixme - Save these user information
 //        $organization = $_POST['organization'];
 //        $address = $_POST['address'];
 //        $country = $_POST['country'];
@@ -44,6 +42,7 @@ class AccountController extends BaseController
 //        $mobile = $_POST['mobile'];
 //        $im = $_POST['im'];
 //        $url = $_POST['url'];
+
         $organization = "";
         $address = "";
         $country = "";
@@ -58,6 +57,7 @@ class AccountController extends BaseController
                 ->withInput(Input::except('password', 'password_confirm'))
                 ->with("username_exists", true);
         } else {
+//            We are using account confirmation now
 //            WSIS::addUser($username, $password);
 //
 //            //update user profile
@@ -81,111 +81,114 @@ class AccountController extends BaseController
 
     public function loginView()
     {
-        if(Config::get('pga_config.wsis')['auth-mode'] == "oauth"){
-            $url = WSIS::getOAuthRequestCodeUrl();
-            return Redirect::away($url);
-        }else{
-            return View::make('account/login');
-        }
-    }
-
-    public function oauthCallback()
-    {
-        if (!isset($_GET["code"])) {
-            return Redirect::to('home');
-        }
-
-        $code = $_GET["code"];
-        $response = WSIS::getOAuthToken($code);
-        if(!isset($response->access_token)){
-            return Redirect::to('home');
-        }
-
-        $accessToken = $response->access_token;
-        $refreshToken = $response->refresh_token;
-        $expirationTime = time() + $response->expires_in - 5; //5 seconds safe margin
-
-        $userProfile = WSIS::getUserProfileFromOAuthToken($accessToken);
-        $username = $userProfile['username'];
-
-        //Fixme - OpenID profile takes some time to get synced (WSO2 IS Issue)
-        //$userRoles = $userProfile['roles'];
-        $userRoles = (array)WSIS::getUserRoles($username);
-
-        $username = $userProfile['username'];
-
-        $authzToken = new Airavata\Model\Security\AuthzToken();
-        $authzToken->accessToken = $accessToken;
-        $authzToken->claimsMap = array('userName'=>$username);
-        Session::put('authz-token',$authzToken);
-        Session::put('oauth-refresh-code',$refreshToken);
-        Session::put('oauth-expiration-time',$expirationTime);
-        Session::put("user-profile", $userProfile);
-
-        if (in_array(Config::get('pga_config.wsis')['admin-role-name'], $userRoles)) {
-            Session::put("admin", true);
-        }
-        if (in_array(Config::get('pga_config.wsis')['read-only-admin-role-name'], $userRoles))
{
-            Session::put("admin-read-only", true);
-        }
-        if (in_array(Config::get('pga_config.wsis')['user-role-name'], $userRoles)) {
-            Session::put("authorized-user", true);
-        }
-
-        CommonUtilities::store_id_in_session($username);
-        Session::put("gateway_id", Config::get('pga_config.airavata')['gateway-id']);
-
-        if(Session::get("admin") || Session::get("admin-read-only") || Session::get("authorized-user")){
-            return $this->initializeWithAiravata($username);
-        }
-        return Redirect::to("home");
+//        if(Config::get('pga_config.wsis')['auth-mode'] == "oauth"){
+//            $url = WSIS::getOAuthRequestCodeUrl();
+//            return Redirect::away($url);
+//        }else{
+//            return View::make('account/login');
+//        }
+        return View::make('account/login');
     }
 
     public function loginSubmit()
     {
         if (CommonUtilities::form_submitted()) {
-            $username = $_POST['username'];
+            $username = $_POST['username'] . "@" . Config::get('pga_config.wsis')['tenant-domain'];
             $password = $_POST['password'];
-            try {
-                if (WSIS::authenticate($username, $password)) {
-                    $userRoles = (array)WSIS::getUserRoles($username);
-                    if (in_array(Config::get('pga_config.wsis')['admin-role-name'], $userRoles))
{
-                        Session::put("admin", true);
-                    }
-                    if (in_array(Config::get('pga_config.wsis')['read-only-admin-role-name'],
$userRoles)) {
-                        Session::put("admin-read-only", true);
-                    }
-                    if (in_array(Config::get('pga_config.wsis')['user-role-name'], $userRoles))
{
-                        Session::put("authorized-user", true);
-                    }
+            $response = WSIS::authenticate($username, $password);
+            if(!isset($response->access_token)){
+                return Redirect::to('home');
+            }
 
-                    $userProfile = WSIS::getUserProfile($username);
-                    if($userProfile != null && !empty($userProfile)){
-                        Session::put("user-profile", $userProfile);
-                    }
+            $accessToken = $response->access_token;
+            $refreshToken = $response->refresh_token;
+            $expirationTime = time() + $response->expires_in - 5; //5 seconds safe margin
 
-                    $authzToken = new Airavata\Model\Security\AuthzToken();
-                    $authzToken->accessToken = "emptyToken";
-                    $authzToken->claimsMap = array('userName'=>$username);
-                    Session::put('authz-token',$authzToken);
+            $userProfile = WSIS::getUserProfileFromOAuthToken($accessToken);
+            $username = $userProfile['username'];
+            $userRoles = (array)WSIS::getUserRoles($username);
 
-                    CommonUtilities::store_id_in_session($username);
-                    Session::put("gateway_id", Config::get('pga_config.airavata')['gateway-id']);
+            $authzToken = new Airavata\Model\Security\AuthzToken();
+            $authzToken->accessToken = $accessToken;
+            $authzToken->claimsMap = array('userName'=>$username);
+            Session::put('authz-token',$authzToken);
+            Session::put('oauth-refresh-code',$refreshToken);
+            Session::put('oauth-expiration-time',$expirationTime);
+            Session::put("user-profile", $userProfile);
 
-                    if(Session::get("admin") || Session::get("admin-read-only") || Session::get("authorized-user")){
-                        return $this->initializeWithAiravata($username);
-                    }
-                    return Redirect::to("home");
-                } else {
-                    return Redirect::to("login")->with("invalid-credentials", true);
-                }
-            } catch (Exception $ex) {
-                return Redirect::to("login")->with("invalid-credentials", true);
+            if (in_array(Config::get('pga_config.wsis')['admin-role-name'], $userRoles))
{
+                Session::put("admin", true);
             }
+            if (in_array(Config::get('pga_config.wsis')['read-only-admin-role-name'], $userRoles))
{
+                Session::put("admin-read-only", true);
+            }
+            if (in_array(Config::get('pga_config.wsis')['user-role-name'], $userRoles)) {
+                Session::put("authorized-user", true);
+            }
+
+            CommonUtilities::store_id_in_session($username);
+            Session::put("gateway_id", Config::get('pga_config.airavata')['gateway-id']);
+
+            if(Session::get("admin") || Session::get("admin-read-only") || Session::get("authorized-user")){
+                return $this->initializeWithAiravata($username);
+            }
+            return Redirect::to("home");
         }
 
     }
 
+//    public function oauthCallback()
+//    {
+//        if (!isset($_GET["code"])) {
+//            return Redirect::to('home');
+//        }
+//
+//        $code = $_GET["code"];
+//        $response = WSIS::getOAuthToken($code);
+//        if(!isset($response->access_token)){
+//            return Redirect::to('home');
+//        }
+//
+//        $accessToken = $response->access_token;
+//        $refreshToken = $response->refresh_token;
+//        $expirationTime = time() + $response->expires_in - 5; //5 seconds safe margin
+//
+//        $userProfile = WSIS::getUserProfileFromOAuthToken($accessToken);
+//        $username = $userProfile['username'];
+//
+//        //Fixme - OpenID profile takes some time to get synced (WSO2 IS Issue)
+//        //$userRoles = $userProfile['roles'];
+//        $userRoles = (array)WSIS::getUserRoles($username);
+//
+//        $username = $userProfile['username'];
+//
+//        $authzToken = new Airavata\Model\Security\AuthzToken();
+//        $authzToken->accessToken = $accessToken;
+//        $authzToken->claimsMap = array('userName'=>$username);
+//        Session::put('authz-token',$authzToken);
+//        Session::put('oauth-refresh-code',$refreshToken);
+//        Session::put('oauth-expiration-time',$expirationTime);
+//        Session::put("user-profile", $userProfile);
+//
+//        if (in_array(Config::get('pga_config.wsis')['admin-role-name'], $userRoles)) {
+//            Session::put("admin", true);
+//        }
+//        if (in_array(Config::get('pga_config.wsis')['read-only-admin-role-name'], $userRoles))
{
+//            Session::put("admin-read-only", true);
+//        }
+//        if (in_array(Config::get('pga_config.wsis')['user-role-name'], $userRoles)) {
+//            Session::put("authorized-user", true);
+//        }
+//
+//        CommonUtilities::store_id_in_session($username);
+//        Session::put("gateway_id", Config::get('pga_config.airavata')['gateway-id']);
+//
+//        if(Session::get("admin") || Session::get("admin-read-only") || Session::get("authorized-user")){
+//            return $this->initializeWithAiravata($username);
+//        }
+//        return Redirect::to("home");
+//    }
+
     private function initializeWithAiravata($username){
         //Check Airavata Server is up
         try{
@@ -317,10 +320,13 @@ class AccountController extends BaseController
 
     public function logout()
     {
+//        Session::flush();
+//        if(Config::get('pga_config.wsis')['auth-mode'] == "oauth"){
+//            return Redirect::away(WSIS::getOAuthLogoutUrl());
+//        }
+//        return Redirect::to('home');
+
         Session::flush();
-        if(Config::get('pga_config.wsis')['auth-mode'] == "oauth"){
-            return Redirect::away(WSIS::getOAuthLogoutUrl());
-        }
         return Redirect::to('home');
     }
 

http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/2ce44acc/app/filters.php
----------------------------------------------------------------------
diff --git a/app/filters.php b/app/filters.php
index aa022ac..5926e7d 100755
--- a/app/filters.php
+++ b/app/filters.php
@@ -17,7 +17,7 @@
 
 App::before(function ($request) {
     //Check OAuth token has expired
-    if(Config::get('pga_config.wsis')['auth-mode']=="oauth" && Session::has('authz-token')){
+    if(Session::has('authz-token')){
         $currentTime = time();
         if($currentTime > Session::get('oauth-expiration-time')){
             $response = WSIS::getRefreshedOAutheToken(Session::get('oauth-refresh-code'));

http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/2ce44acc/app/libraries/Wsis/Stubs/OAuthManager.php
----------------------------------------------------------------------
diff --git a/app/libraries/Wsis/Stubs/OAuthManager.php b/app/libraries/Wsis/Stubs/OAuthManager.php
index f623499..f460a93 100644
--- a/app/libraries/Wsis/Stubs/OAuthManager.php
+++ b/app/libraries/Wsis/Stubs/OAuthManager.php
@@ -58,15 +58,42 @@ class OAuthManager
         return json_decode($response);
     }
 
+
+    public function getAccessTokenFromPasswordGrantType($client_key, $client_secret, $username,
$password)
+    {
+        // Init cUrl.
+        $r = $this->initCurl($this->_AccessTokenUrl);
+
+        // Add client ID and client secret to the headers.
+        curl_setopt($r, CURLOPT_HTTPHEADER, array(
+            "Authorization: Basic " . base64_encode($client_key. ":" . $client_secret)
+        ));
+
+        // Assemble POST parameters for the request.
+        $post_fields = "grant_type=password&username=" . $username . "&password="
. $password . "&scope=openid";
+
+        // Obtain and return the access token from the response.
+        curl_setopt($r, CURLOPT_POST, true);
+        curl_setopt($r, CURLOPT_POSTFIELDS, $post_fields);
+
+        $response = curl_exec($r);
+        if ($response == false) {
+            die("curl_exec() failed. Error: " . curl_error($r));
+        }
+
+        //Parse JSON return object.
+        return json_decode($response);
+    }
+
     // To get a refreshed access token
-    public function getRefreshedAccessToken($client_id, $client_secret, $refresh_token)
+    public function getRefreshedAccessToken($client_key, $client_secret, $refresh_token)
     {
         // Init cUrl.
         $r = $this->initCurl($this->_AccessTokenUrl);
 
         // Add client ID and client secret to the headers.
         curl_setopt($r, CURLOPT_HTTPHEADER, array(
-            "Authorization: Basic " . base64_encode($client_id . ":" . $client_secret),
+            "Authorization: Basic " . base64_encode($client_key . ":" . $client_secret),
         ));
 
         // Assemble POST parameters for the request.
@@ -107,7 +134,7 @@ class OAuthManager
         curl_setopt($r, CURLOPT_ENCODING, 1);
 
         curl_setopt($r, CURLOPT_SSL_VERIFYPEER, $this->_verifyPeer);
-        curl_setopt($r, CURLOPT_CAINFO, $this->_cafilePath);
+//        curl_setopt($r, CURLOPT_CAINFO, $this->_cafilePath);
 
         return ($r);
     }

http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/2ce44acc/app/libraries/Wsis/Wsis.php
----------------------------------------------------------------------
diff --git a/app/libraries/Wsis/Wsis.php b/app/libraries/Wsis/Wsis.php
index b684887..69c0e2f 100755
--- a/app/libraries/Wsis/Wsis.php
+++ b/app/libraries/Wsis/Wsis.php
@@ -166,7 +166,9 @@ class Wsis {
      */
     public function authenticate($username, $password){
         try {
-            return $this->userStoreManager->authenticate($username, $password);
+//            return $this->userStoreManager->authenticate($username, $password);
+            return $this->oauthManger->getAccessTokenFromPasswordGrantType(Config::get('pga_config.wsis')['oauth-client-key'],
+                Config::get('pga_config.wsis')['oauth-client-secret'], $username, $password);
         } catch (Exception $ex) {
             throw new Exception("Unable to authenticate user", 0, $ex);
         }

http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/2ce44acc/app/routes.php
----------------------------------------------------------------------
diff --git a/app/routes.php b/app/routes.php
index 951f7f6..0d01e08 100755
--- a/app/routes.php
+++ b/app/routes.php
@@ -22,7 +22,7 @@ Route::get("login", "AccountController@loginView");
 
 Route::post("login", "AccountController@loginSubmit");
 
-Route::get("callback-url", "AccountController@oauthCallback");
+//Route::get("callback-url", "AccountController@oauthCallback");
 
 Route::get("logout", "AccountController@logout");
 


Mime
View raw message