/**
* Tries to detect the base URI of request.
*
* @return void
*/
protected function detectBaseUri()
{
if ($this->baseUri === null) {
$this->baseUri = clone $this->uri;
$this->baseUri->setQuery(null);
$this->baseUri->setFragment(null);
$this->baseUri->setPath($this->getScriptRequestPath());
}
}
/**
* @param string $providerName The name of the authentication provider as used in the Settings
* @throws \InvalidArgumentException
* @return Uri
*/
public function getAuthorizationUri($providerName)
{
$providersOptions = $this->getConfiguredOptionsByProviderName($providerName);
$uri = new Uri($providersOptions['authorizationEndpointUri']);
$presentQuery = (string) $uri->getQuery();
$presentQuery = ($presentQuery ? $presentQuery . '&' : '') . http_build_query(array('client_id' => $providersOptions['clientIdentifier'], 'response_type' => $providersOptions['responseType'], 'scope' => implode(' ', $providersOptions['scopes']), 'display' => $providersOptions['display'], 'redirect_uri' => $this->getRedirectionEndpointUri($providerName)));
$uri->setQuery($presentQuery);
return $uri;
}
/**
* @param string $resource
* @param string $method
* @return \TYPO3\Flow\Http\Response
*/
public function query($resource, $method = 'GET')
{
$uri = new Uri($this->endpoint . $resource);
parse_str((string) $uri->getQuery(), $query);
$query['access_token'] = $this->currentAccessToken;
$query['appsecret_proof'] = hash_hmac('sha256', $this->currentAccessToken, $this->appSecret);
$uri->setQuery(http_build_query($query));
$request = Request::create($uri, $method);
$response = $this->requestEngine->sendRequest($request);
return $response;
}
/**
* Updates the authentication credentials, the authentication manager needs to authenticate this token.
* This could be a username/password from a login controller.
* This method is called while initializing the security context. By returning TRUE you
* make sure that the authentication manager will (re-)authenticate the tokens with the current credentials.
* Note: You should not persist the credentials!
*
* @param \TYPO3\Flow\Mvc\ActionRequest $request The current request instance
* @return boolean TRUE if this token needs to be (re-)authenticated
*/
public function updateCredentials(\TYPO3\Flow\Mvc\ActionRequest $actionRequest)
{
$httpRequest = $actionRequest->getHttpRequest();
if ($httpRequest->getMethod() !== 'GET') {
return;
}
// Check if we have a callback request
$arguments = $httpRequest->getArguments();
$accessTokenCipher = \TYPO3\Flow\Reflection\ObjectAccess::getPropertyPath($arguments, '__flowpack.singlesignon.accessToken');
$signature = \TYPO3\Flow\Reflection\ObjectAccess::getPropertyPath($arguments, '__flowpack.singlesignon.signature');
if (!empty($accessTokenCipher) && !empty($signature)) {
// Get callback parameters from request
$this->credentials['accessToken'] = base64_decode($accessTokenCipher);
$this->credentials['signature'] = base64_decode($signature);
$this->callbackUri = $actionRequest->getHttpRequest()->getUri();
$arguments = $this->callbackUri->getArguments();
unset($arguments['__flowpack']);
$this->callbackUri->setQuery(http_build_query($arguments));
$this->setAuthenticationStatus(self::AUTHENTICATION_NEEDED);
}
}
/**
* @param string $actionName
* @param array $additionalParameters
*
* @return Uri
*/
protected function buildRequestUri($actionName, array $additionalParameters = [])
{
$requestUri = new Uri($this->apiSettings['apiUrl']);
$requestUri->setPath($requestUri->getPath() . $this->apiSettings['actions'][$actionName]);
$requestUri->setQuery(http_build_query(array_merge($this->apiSettings['parameters'], $additionalParameters)));
return $requestUri;
}
/**
* Destroy the given global session
*
* @param \Flowpack\SingleSignOn\Client\Domain\Model\SsoClient $ssoClient
* @param $sessionId
* @return void
*/
public function destroySession(SsoClient $ssoClient, $sessionId)
{
$serviceUri = new Uri($this->serviceBaseUri . '/session/' . urlencode($sessionId) . '/destroy');
$serviceUri->setQuery(http_build_query(array('clientIdentifier' => $ssoClient->getServiceBaseUri())));
$request = \TYPO3\Flow\Http\Request::create($serviceUri, 'DELETE');
$request->setContent('');
$signedRequest = $this->requestSigner->signRequest($request, $ssoClient->getPublicKeyFingerprint(), $ssoClient->getPublicKeyFingerprint());
// TODO Send request asynchronously
$response = $this->requestEngine->sendRequest($signedRequest);
if ($response->getStatusCode() !== 200 && $response->getStatusCode() !== 404) {
throw new Exception('Unexpected status code for destroy session when calling "' . (string) $serviceUri . '": "' . $response->getStatus() . '"', 1354132939);
}
}