modified oauthost, casost modules to allow remote clients, modified front-end to comply

parent 9c43626a
......@@ -14,7 +14,7 @@ use Drupal\Core\Logger\LoggerChannelFactoryInterface;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Cookie;
require ('RedirectResponseWithCookie.php');
require ('RedirectResponseWithCookieExt.php');
class CASLogin extends ControllerBase
{
......@@ -70,8 +70,11 @@ class CASLogin extends ControllerBase
{
try {
$CASOSTConfigs = $this->entityTypeManager->getStorage('casost_config')->loadByProperties(array('name' => 'casost_sch_sso_config'));
$configRowName = 'casost_sch_sso_config';
$configRowId = $request->query->get('config');
if ($configRowId)
$configRowName = $configRowName . '_' . $configRowId;
$CASOSTConfigs = $this->entityTypeManager->getStorage('casost_config')->loadByProperties(array('name' => $configRowName));
$CASOSTConfig = reset($CASOSTConfigs);
if ($CASOSTConfig) {
$this->serverVersion = $CASOSTConfig->serverversion->value;
......@@ -199,10 +202,14 @@ class CASLogin extends ControllerBase
// $this->logger->warning('cn=' . $filterAttribute('cn'));
$epalToken = $this->authenticatePhase2($request, $CASUser, $internalRole, $filterAttribute('cn'));
if ($epalToken) {
$cookie = new Cookie('auth_token', $epalToken, 0, '/', null, false, false);
$cookie2 = new Cookie('auth_role', $exposedRole, 0, '/', null, false, false);
if ('casost_sch_sso_config' === $configRowName) {
$cookie = new Cookie('auth_token', $epalToken, 0, '/', null, false, false);
$cookie2 = new Cookie('auth_role', $exposedRole, 0, '/', null, false, false);
return new RedirectResponseWithCookie($this->redirectUrl, 302, array ($cookie, $cookie2));
return new RedirectResponseWithCookieExt($this->redirectUrl, 302, array ($cookie, $cookie2));
} else {
return new RedirectResponseWithCookieExt($this->redirect_url . $epalToken.'&auth_role=student', 302, []);
}
// $headers = array("auth_token" => $epalToken, "auth_role" => "director");
// return new RedirectResponse($this->redirectUrl, 302, $headers);
} else {
......
......@@ -11,8 +11,6 @@ use Drupal\Core\Database\Connection;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Drupal\Core\Logger\LoggerChannelFactoryInterface;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\RedirectResponse;
use phpCAS;
class CASLogout extends ControllerBase
......@@ -63,34 +61,38 @@ class CASLogout extends ControllerBase
public function logoutGo(Request $request)
{
try {
$CASOSTConfigs = $this->entityTypeManager->getStorage('casost_config')->loadByProperties(array('name' => 'casost_sch_sso_config'));
$CASOSTConfig = reset($CASOSTConfigs);
if ($CASOSTConfig) {
$this->serverVersion = $CASOSTConfig->serverversion->value;
$this->serverHostname = $CASOSTConfig->serverhostname->value;
$this->serverPort = $CASOSTConfig->serverport->value;
$this->serverUri = $CASOSTConfig->serveruri->value === null ? '' : $CASOSTConfig->serveruri->value;
$this->redirectUrl = $CASOSTConfig->redirecturl->value;
$this->changeSessionId = $CASOSTConfig->changesessionid->value;
$this->CASServerCACert = $CASOSTConfig->casservercacert->value;
$this->CASServerCNValidate = $CASOSTConfig->casservercnvalidate->value;
$this->noCASServerValidation = $CASOSTConfig->nocasservervalidation->value;
$this->proxy = $CASOSTConfig->proxy->value;
$this->handleLogoutRequests = $CASOSTConfig->handlelogoutrequests->value;
$this->CASLang = $CASOSTConfig->caslang->value;
$this->allowed1 = $CASOSTConfig->allowed1->value;
$this->allowed1Value = $CASOSTConfig->allowed1value->value;
$this->allowed2 = $CASOSTConfig->allowed2->value;
$this->allowed2Value = $CASOSTConfig->allowed2value->value;
} else {
$response = new Response();
$response->setContent('forbidden. No config');
$response->setStatusCode(Response::HTTP_FORBIDDEN);
$response->headers->set('Content-Type', 'application/json');
return $response;
}
$configRowName = 'casost_sch_sso_config';
$configRowId = $request->query->get('config');
if ($configRowId) {
$configRowName = $configRowName.'_'.$configRowId;
}
$CASOSTConfigs = $this->entityTypeManager->getStorage('casost_config')->loadByProperties(array('name' => $configRowName));
$CASOSTConfig = reset($CASOSTConfigs);
if ($CASOSTConfig) {
$this->serverVersion = $CASOSTConfig->serverversion->value;
$this->serverHostname = $CASOSTConfig->serverhostname->value;
$this->serverPort = $CASOSTConfig->serverport->value;
$this->serverUri = $CASOSTConfig->serveruri->value === null ? '' : $CASOSTConfig->serveruri->value;
$this->redirectUrl = $CASOSTConfig->redirecturl->value;
$this->changeSessionId = $CASOSTConfig->changesessionid->value;
$this->CASServerCACert = $CASOSTConfig->casservercacert->value;
$this->CASServerCNValidate = $CASOSTConfig->casservercnvalidate->value;
$this->noCASServerValidation = $CASOSTConfig->nocasservervalidation->value;
$this->proxy = $CASOSTConfig->proxy->value;
$this->handleLogoutRequests = $CASOSTConfig->handlelogoutrequests->value;
$this->CASLang = $CASOSTConfig->caslang->value;
$this->allowed1 = $CASOSTConfig->allowed1->value;
$this->allowed1Value = $CASOSTConfig->allowed1value->value;
$this->allowed2 = $CASOSTConfig->allowed2->value;
$this->allowed2Value = $CASOSTConfig->allowed2value->value;
} else {
$response = new Response();
$response->setContent('forbidden. No config');
$response->setStatusCode(Response::HTTP_FORBIDDEN);
$response->headers->set('Content-Type', 'application/json');
return $response;
}
// Enable debugging
// phpCAS::setDebug("/home/haris/devel/eepal/drupal/modules/casost/phpcas.log");
......@@ -109,12 +111,13 @@ class CASLogout extends ControllerBase
$user = reset($users);
if (!$user) {
$this->logger->warning("user not found");
$this->logger->warning('user not found');
$response = new Response();
$response->setContent('forbidden');
$response->setStatusCode(Response::HTTP_FORBIDDEN);
$response->headers->set('Content-Type', 'application/json');
return $response;
}
// phpCAS::handleLogoutRequests();
......@@ -127,6 +130,7 @@ class CASLogout extends ControllerBase
$response->setContent('logout successful');
$response->setStatusCode(Response::HTTP_OK);
$response->headers->set('Content-Type', 'application/json');
return $response;
} catch (\Exception $e) {
$this->logger->warning($e->getMessage());
......@@ -134,8 +138,8 @@ class CASLogout extends ControllerBase
$response->setContent('forbidden');
$response->setStatusCode(Response::HTTP_FORBIDDEN);
$response->headers->set('Content-Type', 'application/json');
return $response;
}
}
}
<?php
/*
* A RedirectResponse object with cookie sending
*/
namespace Drupal\casost\Controller;
use Symfony\Component\HttpFoundation\Cookie;
// use Symfony\Component\HttpFoundation\RedirectResponse;
use \Drupal\Core\Routing\TrustedRedirectResponse;
/**
* RedirectResponseWithCookie represents an HTTP response doing a redirect and sending cookies.
*/
class RedirectResponseWithCookieExt extends TrustedRedirectResponse
{
/**
* Creates a redirect response so that it conforms to the rules defined for a redirect status code.
*
* @param string $url The URL to redirect to
* @param integer $status The status code (302 by default)
* @param Symfony\Component\HttpFoundation\Cookie[] $cookies An array of Cookie objects
*/
public function __construct($url, $status = 302, $cookies = array ())
{
parent::__construct($url, $status);
foreach ($cookies as $cookie)
{
if (!$cookie instanceof Cookie)
{
throw new \InvalidArgumentException(sprintf('Third parameter is not a valid Cookie object.'));
}
$this->headers->setCookie($cookie);
}
}
}
......@@ -16,7 +16,7 @@ use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Drupal\Core\Logger\LoggerChannelFactoryInterface;
use Symfony\Component\HttpFoundation\Cookie;
require ('RedirectResponseWithCookie.php');
require ('RedirectResponseWithCookieExt.php');
class CBController extends ControllerBase
{
......@@ -65,7 +65,21 @@ class CBController extends ControllerBase
public function loginCB(Request $request)
{
$ostauthConfigs = $this->entityTypeManager->getStorage('oauthost_config')->loadByProperties(array('name' => 'oauthost_taxisnet_config'));
$oauthostSessions = $this->entityTypeManager->getStorage('oauthost_session')->loadByProperties(array('name' => $request->query->get('sid_ost')));
$this->oauthostSession = reset($oauthostSessions);
if ($this->oauthostSession) {
$this->requestToken = $this->oauthostSession->request_token->value;
$this->requestTokenSecret = $this->oauthostSession->request_token_secret->value;
$configRowName = $this->oauthostSession->configrowname->value;
} else {
$response = new Response();
$response->setContent('forbidden');
$response->setStatusCode(Response::HTTP_FORBIDDEN);
$response->headers->set('Content-Type', 'application/json');
return $response;
}
$ostauthConfigs = $this->entityTypeManager->getStorage('oauthost_config')->loadByProperties(array('name' => $configRowName));
$ostauthConfig = reset($ostauthConfigs);
if ($ostauthConfig) {
$this->consumer_key = $ostauthConfig->consumer_key->value;
......@@ -86,18 +100,7 @@ class CBController extends ControllerBase
return $response;
}
$oauthostSessions = $this->entityTypeManager->getStorage('oauthost_session')->loadByProperties(array('name' => $request->query->get('sid_ost')));
$this->oauthostSession = reset($oauthostSessions);
if ($this->oauthostSession) {
$this->requestToken = $this->oauthostSession->request_token->value;
$this->requestTokenSecret = $this->oauthostSession->request_token_secret->value;
} else {
$response = new Response();
$response->setContent('forbidden');
$response->setStatusCode(Response::HTTP_FORBIDDEN);
$response->headers->set('Content-Type', 'application/json');
return $response;
}
$authToken = $request->query->get('oauth_token');
$authVerifier = $request->query->get('oauth_verifier');
......@@ -106,10 +109,15 @@ class CBController extends ControllerBase
$epalToken = $this->authenticatePhase2($request, $authToken, $authVerifier);
if ($epalToken) {
$cookie = new Cookie('auth_token', $epalToken, 0, '/', null, false, false);
$cookie2 = new Cookie('auth_role', 'student', 0, '/', null, false, false);
if ('oauthost_taxisnet_config' === $configRowName) {
$cookie = new Cookie('auth_token', $epalToken, 0, '/', null, false, false);
$cookie2 = new Cookie('auth_role', 'student', 0, '/', null, false, false);
return new RedirectResponseWithCookieExt($this->redirect_url, 302, array ($cookie, $cookie2));
} else {
return new RedirectResponseWithCookieExt($this->redirect_url . $epalToken.'&auth_role=student', 302, []);
}
return new RedirectResponseWithCookie($this->redirect_url, 302, array ($cookie, $cookie2));
// return new RedirectResponse($this->redirect_url . $epalToken.'&auth_role=student', 302, []);
} else {
......@@ -216,7 +224,9 @@ class CBController extends ControllerBase
}
}
$this->oauthostSession->delete();
$this->oauthostSession->set('authtoken', $epalToken);
$this->oauthostSession->save();
// $this->oauthostSession->delete();
return $epalToken;
} catch (OAuthException $e) {
......
......@@ -56,7 +56,11 @@ class OAuthLogin extends ControllerBase
public function loginGo(Request $request)
{
$ostauthConfigs = $this->entityTypeManager->getStorage('oauthost_config')->loadByProperties(array('name' => 'oauthost_taxisnet_config'));
$configRowName = 'oauthost_taxisnet_config';
$configRowId = $request->query->get('config');
if ($configRowId)
$configRowName = $configRowName . '_' . $configRowId;
$ostauthConfigs = $this->entityTypeManager->getStorage('oauthost_config')->loadByProperties(array('name' => $configRowName));
$ostauthConfig = reset($ostauthConfigs);
if ($ostauthConfig) {
$this->consumer_key = $ostauthConfig->consumer_key->value;
......@@ -85,11 +89,15 @@ class OAuthLogin extends ControllerBase
$requestToken = $oauth->getRequestToken($this->request_token_url, $this->callback_url . '?sid_ost=' . $uniqid);
// store auth token
// $this->logger->warning($request->headers->get('referer'));
$oauthostSession = $this->entityTypeManager()->getStorage('oauthost_session')->create(array(
// 'langcode' => $language_interface->getId(),
'langcode' => 'el',
'user_id' => \Drupal::currentUser()->id(),
'name' => $uniqid,
'referer' => $request->headers->get('referer'),
'configrowname' => $configRowName,
'authtoken' => '---',
'request_token' => $requestToken['oauth_token'],
'request_token_secret' => $requestToken['oauth_token_secret'],
'status' => 1
......
......@@ -56,9 +56,24 @@ class OAuthLogout extends ControllerBase
public function logoutGo(Request $request)
{
$trx = $this->connection->startTransaction();
try {
$ostauthConfigs = $this->entityTypeManager->getStorage('oauthost_config')->loadByProperties(array('name' => 'oauthost_taxisnet_config'));
$user = null;
$username = $request->headers->get('PHP_AUTH_USER');
$oauthostSessions = $this->entityTypeManager->getStorage('oauthost_session')->loadByProperties(array('authtoken' => $username));
$this->oauthostSession = reset($oauthostSessions);
if ($this->oauthostSession) {
$configRowName = $this->oauthostSession->configrowname->value;
} else {
$response = new Response();
$response->setContent('forbidden');
$response->setStatusCode(Response::HTTP_FORBIDDEN);
$response->headers->set('Content-Type', 'application/json');
return $response;
}
$ostauthConfigs = $this->entityTypeManager->getStorage('oauthost_config')->loadByProperties(array('name' => $configRowName));
$ostauthConfig = reset($ostauthConfigs);
if ($ostauthConfig) {
$this->consumer_key = $ostauthConfig->consumer_key->value;
......@@ -79,8 +94,7 @@ class OAuthLogout extends ControllerBase
return $response;
}
$user = null;
$username = $request->headers->get('PHP_AUTH_USER');
$epalUsers = $this->entityTypeManager->getStorage('epal_users')->loadByProperties(array('authtoken' => $username));
$epalUser = reset($epalUsers);
$foundUser = true;
......@@ -124,6 +138,7 @@ class OAuthLogout extends ControllerBase
$response->setContent('logout successful');
$response->setStatusCode(Response::HTTP_OK);
$response->headers->set('Content-Type', 'application/json');
$this->oauthostSession->delete();
return $response;
// return new RedirectResponse($this->redirect_url . '&auth_role=', 302, []);
......
<?php
/*
* A RedirectResponse object with cookie sending
*/
namespace Drupal\oauthost\Controller;
use Symfony\Component\HttpFoundation\Cookie;
// use Symfony\Component\HttpFoundation\RedirectResponse;
use \Drupal\Core\Routing\TrustedRedirectResponse;
/**
* RedirectResponseWithCookie represents an HTTP response doing a redirect and sending cookies.
*/
class RedirectResponseWithCookieExt extends TrustedRedirectResponse
{
/**
* Creates a redirect response so that it conforms to the rules defined for a redirect status code.
*
* @param string $url The URL to redirect to
* @param integer $status The status code (302 by default)
* @param Symfony\Component\HttpFoundation\Cookie[] $cookies An array of Cookie objects
*/
public function __construct($url, $status = 302, $cookies = array ())
{
parent::__construct($url, $status);
foreach ($cookies as $cookie)
{
if (!$cookie instanceof Cookie)
{
throw new \InvalidArgumentException(sprintf('Third parameter is not a valid Cookie object.'));
}
$this->headers->setCookie($cookie);
}
}
}
......@@ -42,6 +42,7 @@ use Drupal\user\UserInterface;
* "uid" = "user_id",
* "langcode" = "langcode",
* "status" = "status",
* "authtoken" = "authtoken",
* },
* links = {
* "canonical" = "/admin/structure/oauthost_session/{oauthost_session}",
......@@ -142,6 +143,21 @@ class OAuthOSTSession extends ContentEntityBase implements OAuthOSTSessionInterf
return $this;
}
/**
* {@inheritdoc}
*/
public function getAuthtoken() {
return $this->get('authtoken')->value;
}
/**
* {@inheritdoc}
*/
public function setAuthtoken($authToken) {
$this->set('authtoken', $authToken);
return $this;
}
/**
* {@inheritdoc}
*/
......@@ -193,6 +209,66 @@ class OAuthOSTSession extends ContentEntityBase implements OAuthOSTSessionInterf
->setDisplayConfigurable('form', TRUE)
->setDisplayConfigurable('view', TRUE);
$fields['referer'] = BaseFieldDefinition::create('string')
->setLabel(t('OAuthOST referer to redirect to'))
->setDescription(t('The OAuthOST referer to redirect to'))
->setSettings(array(
'max_length' => 300,
'text_processing' => 0,
))
->setDefaultValue('')
->setDisplayOptions('view', array(
'label' => 'above',
'type' => 'string',
'weight' => -4,
))
->setDisplayOptions('form', array(
'type' => 'string_textfield',
'weight' => -4,
))
->setDisplayConfigurable('form', TRUE)
->setDisplayConfigurable('view', TRUE);
$fields['configrowname'] = BaseFieldDefinition::create('string')
->setLabel(t('OAuthOST config row name'))
->setDescription(t('The OAuthOST config row name'))
->setSettings(array(
'max_length' => 100,
'text_processing' => 0,
))
->setDefaultValue('')
->setDisplayOptions('view', array(
'label' => 'above',
'type' => 'string',
'weight' => -4,
))
->setDisplayOptions('form', array(
'type' => 'string_textfield',
'weight' => -4,
))
->setDisplayConfigurable('form', TRUE)
->setDisplayConfigurable('view', TRUE);
$fields['authtoken'] = BaseFieldDefinition::create('string')
->setLabel(t('OAuthOST authtoken'))
->setDescription(t('The OAuthOST authtoken'))
->setSettings(array(
'max_length' => 300,
'text_processing' => 0,
))
->setDefaultValue('')
->setDisplayOptions('view', array(
'label' => 'above',
'type' => 'string',
'weight' => -4,
))
->setDisplayOptions('form', array(
'type' => 'string_textfield',
'weight' => -4,
))
->setDisplayConfigurable('form', TRUE)
->setDisplayConfigurable('view', TRUE);
$fields['request_token'] = BaseFieldDefinition::create('string')
->setLabel(t('Request Token'))
->setDescription(t('The Request Token.'))
......
export const API_ENDPOINT = 'http://localhost/drupal-8.2.6';
export const API_ENDPOINT = '';
export const API_ENDPOINT_PARAMS = '';
export class AppSettings {
public static get API_ENDPOINT(): string {
return 'http://localhost/drupal-8.2.6';
return '';
}
public static get API_ENDPOINT_PARAMS(): string {
return '';
}
}
export const API_ENDPOINT = 'http://eduslim2.minedu.gov.gr/drupal';
export const API_ENDPOINT = 'https://eduslim2.minedu.gov.gr/drupal';
// export const API_ENDPOINT = 'http://eepal.dev/drupal';
// export const API_ENDPOINT = 'http://eduslim2.minedu.gov.gr/angular/eepal-front/drupal';
export const API_ENDPOINT_PARAMS = '?config=2';
// export const API_ENDPOINT_PARAMS = '';
export class AppSettings {
public static get API_ENDPOINT(): string {
return 'http://eduslim2.minedu.gov.gr/drupal';
return 'https://eduslim2.minedu.gov.gr/drupal';
// return 'http://eepal.dev/drupal';
// return 'http://eduslim2.minedu.gov.gr/angular/eepal-front/drupal';
}
public static get API_ENDPOINT_PARAMS(): string {
return '?config=2';
// return '';
}
}
......@@ -88,5 +88,5 @@ class MyLocalization extends NgLocalization {
})
class AppModule {}
// enableProdMode();
enableProdMode();
platformBrowserDynamic().bootstrapModule(AppModule);
......@@ -15,12 +15,12 @@ import {
FormArray
} from '@angular/forms';
import { API_ENDPOINT } from '../app.settings';
import { API_ENDPOINT, API_ENDPOINT_PARAMS } from '../app.settings';
@Component({
selector: 'home',
template: `
<div>
<form [formGroup]="formGroup" method = "POST" action="{{apiEndPoint}}/oauth/login" #form>
<form [formGroup]="formGroup" method = "POST" action="{{apiEndPoint}}/oauth/login{{apiEndPointParams}}" #form>
<!-- <input type="hidden" name="X-oauth-enabled" value="true"> -->
<div *ngFor="let loginInfoToken$ of loginInfo$ | async; let i=index"></div>
......@@ -45,6 +45,7 @@ export default class Home implements OnInit {
private xcsrftoken: any;
private loginInfo$: Observable<ILoginInfo>;
private apiEndPoint = API_ENDPOINT;
private apiEndPointParams = API_ENDPOINT_PARAMS;
constructor(private fb: FormBuilder,
private _ata: LoginInfoActions,
......@@ -64,6 +65,8 @@ export default class Home implements OnInit {
ngOnInit() {
this.authToken = this.getCookie('auth_token');
this.authRole = this.getCookie('auth_role');
// console.log(this.authToken);
// console.log(this.authRole);
if (this.authToken && this.authRole) {
this._ata.getloginInfo({ auth_token: this.authToken, auth_role: this.authRole });
this.removeCookie('auth_token');
......@@ -85,7 +88,7 @@ export default class Home implements OnInit {
});
// subscribe to router event
/* this.activatedRoute.queryParams.subscribe((params: Params) => {
this.activatedRoute.queryParams.subscribe((params: Params) => {
if (params) {
this.authToken = params['auth_token'];
this.authRole = params['auth_role'];
......@@ -94,7 +97,7 @@ export default class Home implements OnInit {
if (this.authToken && this.authRole)
this._ata.getloginInfo({ auth_token: this.authToken, auth_role: this.authRole });
}); */
});
}
getCookie(key: string){
......
......@@ -14,12 +14,12 @@ import {
FormArray
} from '@angular/forms';
import { API_ENDPOINT } from '../app.settings';
import { API_ENDPOINT, API_ENDPOINT_PARAMS } from '../app.settings';
@Component({
selector: 'school-home',
template: `
<div>
<form [formGroup]="formGroup" method = "POST" action="{{apiEndPoint}}/cas/login" #form>
<form [formGroup]="formGroup" method = "POST" action="{{apiEndPoint}}/cas/login{{apiEndPointParams}}" #form>
<!-- <input type="hidden" name="X-oauth-enabled" value="true"> -->
<div *ngFor="let loginInfoToken$ of loginInfo$ | async; let i=index"></div>
......@@ -44,6 +44,7 @@ export default class SchoolHome implements OnInit {
private xcsrftoken: any;
private loginInfo$: Observable<ILoginInfo>;
private apiEndPoint = API_ENDPOINT;
private apiEndPointParams = API_ENDPOINT_PARAMS;
constructor(private fb: FormBuilder,
private _ata: LoginInfoActions,
......
......@@ -83,7 +83,7 @@ export default class Main {
{},
middleware,
// tools ? [ ...enhancers, tools ] : enhancers);
tools);
// );
// tools);
);
}
}
......@@ -440,7 +440,7 @@ export class HelperDataService implements OnInit, OnDestroy {
logoutRoute = '/ministry/logout';
return new Promise((resolve, reject) => {
this.http.post(`${AppSettings.API_ENDPOINT}${logoutRoute}`, {}, options)
this.http.post(`${AppSettings.API_ENDPOINT}${logoutRoute}${AppSettings.API_ENDPOINT_PARAMS}`, {}, options)
.map(response => response)
.subscribe(data => {
resolve(data);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment