Merge branch 'login_procedure' into 'develop'

Updated with several fixes and logout procedure

See merge request !26
parents 68c3ed02 1a68e0e9
......@@ -7,6 +7,7 @@ drupal/modules/*
!drupal/modules/epal/
!drupal/modules/epalreadydata/
!drupal/modules/oauthost/
!drupal/modules/epaldeploysystem/
# Logs
*.log
......
......@@ -10,3 +10,11 @@ oauthost.callback_log_in:
_controller: '\Drupal\oauthost\Controller\CBController::loginCB'
requirements:
_permission: 'access content'
oauthost.log_out_go:
path: /oauth/logout
options:
_auth: [ 'basic_auth' ]
defaults:
_controller: '\Drupal\oauthost\Controller\OAuthLogout::logoutGo'
requirements:
_user_is_logged_in: 'TRUE'
......@@ -23,8 +23,8 @@ class CBController extends ControllerBase
protected $logger;
protected $connection;
protected $consumer_key = 'tc97t89';
protected $consumer_secret = 'xr7tgt9AbK3';
protected $consumer_key = '';
protected $consumer_secret = '';
protected $request_token_url;
protected $user_authorization_url;
protected $access_token_url;
......@@ -32,6 +32,7 @@ class CBController extends ControllerBase
protected $api_url;
protected $callback_url;
protected $logout_url;
protected $redirect_url;
protected $requestToken;
protected $requestTokenSecret;
......@@ -74,6 +75,7 @@ class CBController extends ControllerBase
$this->api_url = $ostauthConfig->api_url->value;
$this->callback_url = $ostauthConfig->callback_url->value;
$this->logout_url = $ostauthConfig->logout_url->value;
$this->redirect_url = $ostauthConfig->redirect_url->value;
} else {
$response = new Response();
$response->setContent('forbidden');
......@@ -99,10 +101,10 @@ class CBController extends ControllerBase
$authVerifier = $request->query->get('oauth_verifier');
// $this->logger->notice('authToken='.$authToken.'***authVerifier='.$authVerifier);
$authenticated = $this->authenticatePhase2($authToken, $authVerifier);
$epalToken = $this->authenticatePhase2($request, $authToken, $authVerifier);
if ($authenticated) {
return new RedirectResponse('/dist/#/?auth_token='.$authToken.'&auth_role=student', 302, []);
if ($epalToken) {
return new RedirectResponse($this->redirect_url . $epalToken.'&auth_role=student', 302, []);
} else {
$response = new Response();
$response->setContent('forbidden');
......@@ -112,7 +114,7 @@ class CBController extends ControllerBase
}
}
public function authenticatePhase2($authToken, $authVerifier)
public function authenticatePhase2($request, $authToken, $authVerifier)
{
$taxis_userid = null;
$trx = $this->connection->startTransaction();
......@@ -127,18 +129,25 @@ class CBController extends ControllerBase
$this->logger->warning($oauth->getLastResponse());
$taxis_userid = $this->xmlParse($oauth->getLastResponse(), 'messageText');
$currentTime = time();
$epalUsers = $this->entityTypeManager->getStorage('epal_users')->loadByProperties(array('taxis_userid' => $taxis_userid));
$epalUser = reset($epalUsers);
$epalToken = md5(uniqid(mt_rand(), true));
if ($epalUser) {
$user = $this->entityTypeManager->getStorage('user')->load($epalUser->user_id->target_id);
if ($user) {
$user->setPassword($this->requestToken);
$user->setUsername($this->requestToken);
$user->setPassword($epalToken);
$user->setUsername($epalToken);
$user->save();
$epalUser->set('authtoken', $epalToken);
$epalUser->set('accesstoken', $accessToken['oauth_token']);
$epalUser->set('accesstoken_secret', $accessToken['oauth_token_secret']);
$epalUser->set('requesttoken',$this->requestToken);
$epalUser->set('requesttoken_secret', $this->requestTokenSecret);
$epalUser->set('timelogin', $currentTime);
$epalUser->set('userip', $request->getClientIp());
$epalUser->save();
}
}
......@@ -149,10 +158,10 @@ class CBController extends ControllerBase
$user = User::create();
//Mandatory settings
$unique_id = uniqid('id');
$user->setPassword($this->requestToken);
$user->setPassword($epalToken);
$user->enforceIsNew();
$user->setEmail($unique_id);
$user->setUsername($this->requestToken); //This username must be unique and accept only a-Z,0-9, - _ @ .
$user->setUsername($epalToken); //This username must be unique and accept only a-Z,0-9, - _ @ .
$user->activate();
$user->set('init', $unique_id);
......@@ -171,7 +180,6 @@ class CBController extends ControllerBase
$user = reset($users);
if ($user) {
$this->logger->warning('userid 190='.$user->id().'*** name='.$user->name->value);
$currentTime = time();
$epalUser = $this->entityTypeManager()->getStorage('epal_users')->create(array(
// 'langcode' => $language_interface->getId(),
......@@ -186,15 +194,14 @@ class CBController extends ControllerBase
'mothername' => $unique_id,
'accesstoken' => $accessToken['oauth_token'],
'accesstoken_secret' => $accessToken['oauth_token_secret'],
'authtoken' => $accessToken['oauth_token'],
'authtoken' => $epalToken,
'requesttoken' => $this->requestToken,
'requesttoken_secret' => $this->requestTokenSecret,
'timelogin' => $currentTime,
'timeregistration' => $currentTime,
'timetokeninvalid' => 9999999,
'userip' => '',
'status' => 1,
'default_langcode' => 1,
'timetokeninvalid' => 0,
'userip' => $request->getClientIp(),
'status' => 1
));
$epalUser->save();
} else {
......@@ -204,7 +211,7 @@ class CBController extends ControllerBase
}
$this->oauthostSession->delete();
return true;
return $epalToken;
} catch (OAuthException $e) {
$this->logger->warning($e->getMessage());
$trx->rollback();
......
......@@ -21,8 +21,8 @@ class OAuthLogin extends ControllerBase
protected $logger;
protected $connection;
protected $consumer_key = 'tc97t89';
protected $consumer_secret = 'xr7tgt9AbK3';
protected $consumer_key = '';
protected $consumer_secret = '';
protected $request_token_url;
protected $user_authorization_url;
protected $access_token_url;
......@@ -75,10 +75,6 @@ class OAuthLogin extends ControllerBase
return $response;
}
$customUser = null;
$customUsers = null;
$userId = null;
$user = null;
try {
$oauth = new OAuth($this->consumer_key, $this->consumer_secret, OAUTH_SIG_METHOD_PLAINTEXT, OAUTH_AUTH_TYPE_URI);
$oauth->enableDebug();
......
<?php
namespace Drupal\oauthost\Controller;
use Drupal\Core\Entity\Query\QueryFactory;
use Drupal\Core\Entity\EntityTypeManagerInterface;
use Symfony\Component\DependencyInjection\ContainerInterface;
use Drupal\Core\Controller\ControllerBase;
use Drupal\user\Entity\User;
use Drupal\Core\Database\Connection;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Drupal\Core\Logger\LoggerChannelFactoryInterface;
class OAuthLogout extends ControllerBase
{
protected $entity_query;
protected $entityTypeManager;
protected $logger;
protected $connection;
protected $consumer_key = '';
protected $consumer_secret = '';
protected $request_token_url;
protected $user_authorization_url;
protected $access_token_url;
protected $signature_method;
protected $api_url;
protected $callback_url;
protected $logout_url;
public function __construct(
EntityTypeManagerInterface $entityTypeManager,
QueryFactory $entity_query,
Connection $connection,
LoggerChannelFactoryInterface $loggerChannel)
{
$this->entityTypeManager = $entityTypeManager;
$this->entity_query = $entity_query;
$this->connection = $connection;
$this->logger = $loggerChannel->get('oauthost');
}
public static function create(ContainerInterface $container)
{
return new static(
$container->get('entity.manager'),
$container->get('entity.query'),
$container->get('database'),
$container->get('logger.factory')
);
}
public function logoutGo(Request $request)
{
$trx = $this->connection->startTransaction();
try {
$ostauthConfigs = $this->entityTypeManager->getStorage('oauthost_config')->loadByProperties(array('name' => 'oauthost_taxisnet_config'));
$ostauthConfig = reset($ostauthConfigs);
if ($ostauthConfig) {
$this->consumer_key = $ostauthConfig->consumer_key->value;
$this->consumer_secret = $ostauthConfig->consumer_secret->value;
$this->request_token_url = $ostauthConfig->request_token_url->value;
$this->user_authorization_url = $ostauthConfig->user_authorization_url->value;
$this->access_token_url = $ostauthConfig->access_token_url->value;
$this->signature_method = $ostauthConfig->signature_method->value;
$this->api_url = $ostauthConfig->api_url->value;
$this->callback_url = $ostauthConfig->callback_url->value;
$this->logout_url = $ostauthConfig->logout_url->value;
} else {
$response = new Response();
$response->setContent('forbidden');
$response->setStatusCode(Response::HTTP_FORBIDDEN);
$response->headers->set('Content-Type', 'application/json');
return $response;
}
$user = null;
$username = $request->headers->get('PHP_AUTH_USER');
$epalUsers = $this->entityTypeManager->getStorage('epal_users')->loadByProperties(array('authtoken' => $username));
$epalUser = reset($epalUsers);
$foundUser = true;
if ($epalUser) {
$user = $this->entityTypeManager->getStorage('user')->load($epalUser->user_id->target_id);
if ($user) {
$res = \Drupal::httpClient()->get($this->logout_url . $username, array('headers' => array('Accept' => 'text/plain')));
/* $resData = (string) $res->getBody();
if (empty($resData)) {
return FALSE;
} */
// if ($res->getStatusCode() === "200")
$user->setPassword(uniqid('pw'));
$user->save();
$epalUser->set('accesstoken', '-');
$epalUser->set('accesstoken_secret', '-');
$epalUser->set('authtoken','-');
$epalUser->set('requesttoken','-');
$epalUser->set('requesttoken_secret', '-');
$epalUser->save();
} else {
$foundUser = false;
}
} else {
$foundUser = false;
}
if (!$foundUser) {
$this->logger->warning("user not found");
$response = new Response();
$response->setContent('forbidden');
$response->setStatusCode(Response::HTTP_FORBIDDEN);
$response->headers->set('Content-Type', 'application/json');
return $response;
}
$response = new Response();
$response->setContent('logout successful');
$response->setStatusCode(Response::HTTP_OK);
$response->headers->set('Content-Type', 'application/json');
return $response;
} catch (Exception $e) {
$this->logger->warning($e->getMessage());
$response = new Response();
$response->setContent('forbidden');
$response->setStatusCode(Response::HTTP_FORBIDDEN);
$response->headers->set('Content-Type', 'application/json');
$trx->rollback();
return $response;
}
}
}
......@@ -377,7 +377,7 @@ class OAuthOSTConfig extends ContentEntityBase implements OAuthOSTConfigInterfac
'max_length' => 500,
'text_processing' => 0,
))
->setDefaultValue('https://www1.gsis.gr/testgsisapps/gsisdemo/logout.htm?logout_token=')
->setDefaultValue('https://www1.gsis.gr/gsisapps/gsisdemo/logout.htm?logout_token=')
->setDisplayOptions('view', array(
'label' => 'above',
'type' => 'string',
......@@ -390,6 +390,26 @@ class OAuthOSTConfig extends ContentEntityBase implements OAuthOSTConfigInterfac
->setDisplayConfigurable('form', true)
->setDisplayConfigurable('view', true);
$fields['redirect_url'] = BaseFieldDefinition::create('string')
->setLabel(t('Redirect_Url'))
->setDescription(t('The Redirect_Url'))
->setSettings(array(
'max_length' => 500,
'text_processing' => 0,
))
->setDefaultValue('/dist/#/?auth_token=')
->setDisplayOptions('view', array(
'label' => 'above',
'type' => 'string',
'weight' => -4,
))
->setDisplayOptions('form', array(
'type' => 'string_textfield',
'weight' => -4,
))
->setDisplayConfigurable('form', true)
->setDisplayConfigurable('view', true);
$fields['status'] = BaseFieldDefinition::create('boolean')
->setLabel(t('Publishing status'))
->setDescription(t('A boolean indicating whether the OAuthOST Config is published.'))
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment