/**
* This extended constructor is setting up
* the underlying AuthorizationServer with
* the grant types that GLPi Plugins support
* on it's OAuth2 Framework
*/
public function __construct()
{
parent::__construct();
$this->setSessionStorage(OAuthHelper::getSessionStorage());
$this->setAccessTokenStorage(OAuthHelper::getAccessTokenStorage());
$this->setRefreshTokenStorage(OAuthHelper::getRefreshTokenStorage());
$this->setClientStorage(OAuthHelper::getClientStorage());
$this->setScopeStorage(OAuthHelper::getScopeStorage());
$this->setAuthCodeStorage(new AuthCodeStorage());
// Adding the password grant to able users to login by themselves
$passwordGrant = new PasswordGrant();
$passwordGrant->setVerifyCredentialsCallback(function ($login, $password) {
$user = User::where(function ($q) use($login) {
return $q->where('email', '=', $login)->orWhere('username', '=', $login);
});
$count = $user->count();
if ($count < 1) {
return false;
}
if ($count > 1) {
throw new \Exception('Dangerous, query result count > 1 when user tried' . ' to log with login "' . $login . '" ' . 'and password "' . $password . '"');
return false;
} elseif ($count == 0) {
return false;
} else {
$user = $user->first();
if ($user->assertPasswordIs($password)) {
return $user->id;
} else {
return false;
}
}
});
$this->addGrantType($passwordGrant);
$appGrant = new ClientCredentialsGrant();
$this->addGrantType($appGrant);
$refreshTokenGrant = new RefreshTokenGrant();
$this->addGrantType($refreshTokenGrant);
}
/**
* It creates an access token, a session, and links
* scopes mentionned in $scopes to the session and
* access token, it finally returns the new access token
*
* It associates the 'webapp' app
*/
public static function createAccessTokenFromUserId($user_id, $scopes, $ttl = 3600)
{
$user = User::where('id', '=', $user_id)->first();
if (!$user) {
return false;
}
$session = new Session();
$session->owner_type = 'user';
$session->owner_id = $user->id;
$session->app_id = 'webapp';
$session->save();
$accessToken = new AccessToken();
$accessToken->session_id = $session->id;
$accessToken->token = SecureKey::generate();
$accessToken->expire_time = DB::raw('FROM_UNIXTIME(' . ($ttl + time()) . ')');
$accessToken->save();
foreach ($scopes as $_scope) {
$scope = Scope::where('identifier', '=', $_scope)->first();
if ($scope) {
$session->scopes()->attach($scope);
$accessToken->scopes()->attach($scope);
}
}
$refreshToken = new RefreshToken();
$refreshToken->access_token_id = $accessToken->id;
$refreshToken->token = SecureKey::generate();
$refreshToken->expire_time = DB::raw('FROM_UNIXTIME(' . (604800 + time()) . ')');
$refreshToken->save();
return ["token" => $accessToken->token, "refresh_token" => $refreshToken->token, "ttl" => $ttl];
}
}
if (isset($body->description)) {
if (gettype($body->description) != 'string' || !App::isValidDescription($body->description)) {
throw new InvalidField('description');
} else {
$user_app->description = $body->description;
}
}
$user_app->save();
Tool::endWithJson($user_app);
});
$user_delete_app = Tool::makeEndpoint(function ($id) use($app, $resourceServer) {
OAuthHelper::needsScopes(['user', 'user:apps']);
$body = Tool::getBody();
$user_id = $resourceServer->getAccessToken()->getSession()->getOwnerId();
$user = User::where('id', '=', $user_id)->first();
$user_app = $user->apps()->find($id);
if ($user_app) {
$user_app->delete();
$app->halt(200);
} else {
throw new ResourceNotFound('App', $id);
}
});
// HTTP REST Map
$app->get('/user/apps', $user_apps);
$app->get('/user/apps/:id', $user_app);
$app->put('/user/apps/:id', $user_edit_app);
$app->delete('/user/apps/:id', $user_delete_app);
$app->post('/user/apps', $user_declare_app);
$app->options('/user/apps', function () {
use API\Exception\ExternalAccountAlreadyPaired;
use API\Exception\AlreadyWatched;
use API\Exception\NoCredentialsLeft;
use API\Exception\InvalidCredentials;
use API\Exception\InvalidXML;
use API\Exception\WrongPasswordResetToken;
use League\OAuth2\Server\Util\SecureKey;
use API\OAuthServer\AuthorizationServer;
use API\OAuthServer\OAuthHelper;
use ReCaptcha\ReCaptcha;
/**
* Register a new user
*/
$register = Tool::makeEndpoint(function () use($app) {
$body = Tool::getBody();
$new_user = new User();
if (!isset($body->username) || strlen($body->username) < 4 || strlen($body->username) > 28 || !preg_match('/^[a-zA-Z0-9]+$/', $body->username)) {
throw new InvalidField('username');
} else {
if (User::where('username', '=', $body->username)->first() != null) {
throw new UnavailableName('User', $body->username);
}
$new_user->username = $body->username;
}
if (!isset($body->email) || !filter_var($body->email, FILTER_VALIDATE_EMAIL)) {
throw new InvalidField('email');
} else {
if (User::where('email', '=', $body->email)->first() != null) {
throw new UnavailableName('Email', $body->email);
}
$new_user->email = $body->email;
OAuthHelper::needsScopes(['user', 'plugin:card']);
$user = OAuthHelper::currentlyAuthed();
$body = Tool::getBody();
$plugin = Plugin::where('key', '=', $key)->first();
if (!$plugin) {
throw new ResourceNotFound('Plugin', $key);
}
if (!$plugin->permissions()->where('admin', '=', true)->where('user_id', '=', $user->id)->first()) {
throw new LackPermission('manage_permissions', 'Plugin', $key);
}
if (!isset($body->username) || gettype($body->username) != 'string') {
throw new InvalidField('username');
}
// verify user has the admin flag on the plugin
// otherwise reject
$target_user = User::where('username', '=', $body->username)->first();
if (!$target_user) {
throw new ResourceNotFound('User', $body->username);
}
if ($plugin->permissions->find($target_user)) {
throw new RightAlreadyExist($body->username, $plugin->key);
}
$plugin->permissions()->attach($target_user);
$app->halt(200);
});
$plugin_delete_permission = Tool::makeEndpoint(function ($key, $username) use($app) {
OAuthHelper::needsScopes(['user', 'plugin:card']);
$user = OAuthHelper::currentlyAuthed();
// reject if plugin not found
$plugin = Plugin::where('key', '=', $key)->first();
if (!$plugin) {
$data['external_account_linked'] = true;
}
} else {
$data['error'] = 'You are already authed, and that ' . $service . ' account is already linked';
}
} else {
$externalAccount = UserExternalAccount::where('external_user_id', '=', $external_account_infos['id'])->first();
// If we know that external account
if ($externalAccount) {
$user = $externalAccount->user;
$accessToken = OAuthHelper::createAccessTokenFromUserId($user->id, ['plugins', 'plugins:search', 'plugin:card', 'plugin:star', 'plugin:submit', 'plugin:download', 'tags', 'tag', 'authors', 'author', 'version', 'message', 'user', 'user:externalaccounts', 'user:apps', 'users:search']);
} else {
// Else we're creating a new
// local account, and are associating the external one
// to that new local one
$user = new User();
$user->active = 0;
// Notice it is created as non active
$user->username = $external_account_infos['username'];
if (isset($external_account_infos['realname'])) {
$user->realname = $external_account_infos['realname'];
}
if (isset($external_account_infos['location'])) {
$user->location = $external_account_infos['location'];
}
if (isset($external_account_infos['website'])) {
$user->website = $external_account_infos['website'];
}
$user->save();
$data['account_created'] = true;
// Associating external user account
/**
* @SWG\Definition(
* definition = "UserFriendsResponse",
* required={"data"},
* @SWG\Property(
* property="data",
* type="array",
* @SWG\Items(ref="#/definitions/UserResponse"),
* maxItems=100,
* minItems=1
* )
* )
*
* @SWG\Get(
* tags={"User"},
* path="/user/{id}/friends",
* operationId="getUserFriendsById",
* summary="Get user friends by $id",
* @SWG\Parameter(
* name="id",
* description="$id of the specified",
* in="path",
* required=true,
* type="string"
* ),
* @SWG\Parameter(
* name="limit",
* description="Limit",
* in="query",
* required=false,
* type="integer"
* ),
* @SWG\Parameter(
* name="offset",
* description="Offset",
* in="query",
* required=false,
* type="integer"
* ),
* @SWG\Response(
* response=200,
* description="success",
* @SWG\Schema(ref="#/definitions/UserFriendsResponse")
* ),
* @SWG\Response(
* response=404,
* description="Not found"
* )
* )
*/
public function getFriendsAction()
{
$friends = [];
for ($i = 0; $i < 25; $i++) {
$friends[] = User::generateFake()->toApi();
}
return ['data' => $friends];
}