public function getLogin()
{
if (Auth::guest()) {
$msg = $this->memento_service->getCurrentRequest();
$auth_request = new OpenIdAuthenticationRequest($msg);
$params = array('realm' => $auth_request->getRealm());
if (!$auth_request->isIdentitySelectByOP()) {
$params['claimed_id'] = $auth_request->getClaimedId();
$params['identity'] = $auth_request->getIdentity();
$params['identity_select'] = false;
} else {
$params['identity_select'] = true;
}
return View::make("login", $params);
} else {
return Redirect::action("UserController@getProfile");
}
}
public function process(User $user)
{
//check if we have a current openid message
$msg = $this->memento_service->getCurrentRequest();
if (!is_null($msg) && $msg->isValid() && OpenIdAuthenticationRequest::IsOpenIdAuthenticationRequest($msg)) {
//check if current user is has the same identity that the one claimed on openid message
$auth_request = new OpenIdAuthenticationRequest($msg);
if (!$auth_request->isIdentitySelectByOP()) {
$claimed_id = $auth_request->getClaimedId();
$identity = $auth_request->getIdentity();
$current_identity = $this->server_configuration->getUserIdentityEndpointURL($user->getIdentifier());
//if not return fail ( we cant log in with a different user that the one stated on the authentication message!
if ($claimed_id !== $current_identity && $identity !== $current_identity) {
Log::warning(sprintf(OpenIdErrorMessages::AlreadyExistSessionMessage, $current_identity, $identity));
throw new AuthenticationException(sprintf(OpenIdErrorMessages::AlreadyExistSessionMessage, $current_identity, $identity));
}
}
}
}
public function __construct(IMementoOpenIdRequestService $openid_memento_service, IMementoOAuth2AuthenticationRequestService $oauth2_memento_service, IAuthService $auth_service, IServerConfigurationService $server_configuration_service, ITrustedSitesService $trusted_sites_service, DiscoveryController $discovery, IUserService $user_service, IUserActionService $user_action_service, IClientService $client_service, IApiScopeService $scope_service, ITokenService $token_service, IResourceServerService $resource_server_service, IUtilsServerConfigurationService $utils_configuration_service)
{
$this->openid_memento_service = $openid_memento_service;
$this->oauth2_memento_service = $oauth2_memento_service;
$this->auth_service = $auth_service;
$this->server_configuration_service = $server_configuration_service;
$this->trusted_sites_service = $trusted_sites_service;
$this->discovery = $discovery;
$this->user_service = $user_service;
$this->user_action_service = $user_action_service;
$this->client_service = $client_service;
$this->scope_service = $scope_service;
$this->token_service = $token_service;
$this->resource_server_service = $resource_server_service;
$this->utils_configuration_service = $utils_configuration_service;
//filters
$this->beforeFilter('csrf', array('only' => array('postLogin', 'postConsent')));
$openid_msg = $this->openid_memento_service->getCurrentRequest();
$oauth2_msg = $this->oauth2_memento_service->getCurrentAuthorizationRequest();
if (!is_null($openid_msg) && $openid_msg->isValid() && OpenIdAuthenticationRequest::IsOpenIdAuthenticationRequest($openid_msg)) {
//openid stuff
$this->beforeFilter('openid.save.request');
$this->beforeFilter('openid.needs.auth.request', array('only' => array('getConsent')));
$this->login_strategy = new OpenIdLoginStrategy($openid_memento_service, $user_action_service, $auth_service);
$this->consent_strategy = new OpenIdConsentStrategy($openid_memento_service, $auth_service, $server_configuration_service, $user_action_service);
} else {
if (!is_null($oauth2_msg) && $oauth2_msg->isValid()) {
$this->beforeFilter('oauth2.save.request');
$this->beforeFilter('oauth2.needs.auth.request', array('only' => array('getConsent')));
$this->login_strategy = new OAuth2LoginStrategy($auth_service, $oauth2_memento_service, $user_action_service);
$this->consent_strategy = new OAuth2ConsentStrategy($auth_service, $oauth2_memento_service, $scope_service, $client_service);
} else {
//default stuff
$this->login_strategy = new DefaultLoginStrategy($user_action_service, $auth_service);
$this->consent_strategy = null;
}
}
}
/**
* @param OpenIdMessage $message
* @return bool
*/
protected function canHandle(OpenIdMessage $message)
{
$res = OpenIdAuthenticationRequest::IsOpenIdAuthenticationRequest($message);
return $res;
}
throw new Illuminate\Session\TokenMismatchException();
}
});
Route::filter('ajax', function () {
if (!Request::ajax()) {
App::abort(404);
}
});
Route::filter("openid.needs.auth.request", function () {
$memento_service = ServiceLocator::getInstance()->getService(OpenIdServiceCatalog::MementoService);
$openid_message = $memento_service->getCurrentRequest();
if ($openid_message == null || !$openid_message->isValid()) {
throw new InvalidOpenIdMessageException();
}
$configuration_service = ServiceLocator::getInstance()->getService(OpenIdServiceCatalog::ServerConfigurationService);
$auth_request = new OpenIdAuthenticationRequest($openid_message, $configuration_service->getUserIdentityEndpointURL('@identifier'));
if (!$auth_request->isValid()) {
throw new InvalidOpenIdMessageException();
}
});
Route::filter("openid.save.request", function () {
$memento_service = ServiceLocator::getInstance()->getService(OpenIdServiceCatalog::MementoService);
$memento_service->saveCurrentRequest();
});
Route::filter("oauth2.save.request", function () {
$memento_service = ServiceLocator::getInstance()->getService(OAuth2ServiceCatalog::MementoService);
$memento_service->saveCurrentAuthorizationRequest();
});
Route::filter("oauth2.needs.auth.request", function () {
$memento_service = ServiceLocator::getInstance()->getService(OAuth2ServiceCatalog::MementoService);
$oauth2_message = $memento_service->getCurrentAuthorizationRequest();
/**
* @param OpenIdMessage $message
* @param $op_endpoint_url
*/
public function __construct(OpenIdMessage $message, $op_endpoint_url)
{
parent::__construct($message);
$this->op_endpoint_url = $op_endpoint_url;
}
