コード例 #1
0
 /**
  * {@inheritdoc}
  */
 public function apply(base $appbox, Application $app)
 {
     try {
         \API_OAuth2_Application::load_from_client_id($app, \API_OAuth2_Application_OfficePlugin::CLIENT_ID);
     } catch (NotFoundHttpException $e) {
         $client = \API_OAuth2_Application::create($app, null, \API_OAuth2_Application_OfficePlugin::CLIENT_NAME);
         $client->set_activated(true);
         $client->set_grant_password(true);
         $client->set_website("http://www.phraseanet.com");
         $client->set_client_id(\API_OAuth2_Application_OfficePlugin::CLIENT_ID);
         $client->set_client_secret(\API_OAuth2_Application_OfficePlugin::CLIENT_SECRET);
         $client->set_type(\API_OAuth2_Application::DESKTOP_TYPE);
         $client->set_redirect_uri(\API_OAuth2_Application::NATIVE_APP_REDIRECT_URI);
     }
     return true;
 }
コード例 #2
0
 public function testLoad_app_by_user()
 {
     $apps = API_OAuth2_Application::load_app_by_user(self::$DI['app'], self::$DI['user']);
     $this->assertTrue(is_array($apps));
     $this->assertTrue(count($apps) > 0);
     $found = false;
     foreach ($apps as $app) {
         if ($app->get_id() === self::$DI['oauth2-app-user']->get_id()) {
             $found = true;
         }
         $this->assertInstanceOf('API_OAuth2_Application', $app);
     }
     if (!$found) {
         $this->fail();
     }
 }
コード例 #3
0
ファイル: Adapter.php プロジェクト: romainneutron/Phraseanet
 protected function checkUserCredentials($client_id, $username, $password)
 {
     try {
         $this->setClient(API_OAuth2_Application::load_from_client_id($this->app, $client_id));
         $usr_id = $this->app['auth.native']->getUsrId($username, $password, Request::createFromGlobals());
         if (!$usr_id) {
             return false;
         }
         if (null === ($user = $this->app['manipulator.user']->getRepository()->find($usr_id))) {
             return false;
         }
         $account = $this->updateAccount($user);
         return ['redirect_uri' => $this->client->get_redirect_uri(), 'client_id' => $this->client->get_client_id(), 'account_id' => $account->get_id()];
     } catch (AccountLockedException $e) {
         return false;
     } catch (RequireCaptchaException $e) {
         return false;
     } catch (\Exception $e) {
         return false;
     }
 }
コード例 #4
0
 private function insertOauthApps(\Pimple $DI)
 {
     $DI['app-user'] = \API_OAuth2_Application::create($this->container, $DI['user'], 'test application for user');
     $DI['app-user']->set_redirect_uri('http://callback.com/callback/');
     $DI['app-user']->set_website('http://website.com/');
     $DI['app-user']->set_type(\API_OAuth2_Application::WEB_TYPE);
     $DI['app-user_notAdmin'] = \API_OAuth2_Application::create($this->container, $DI['user_notAdmin'], 'test application for user not admin');
     $DI['app-user_notAdmin']->set_redirect_uri('http://callback.com/callback/');
     $DI['app-user_notAdmin']->set_website('http://website.com/');
     $DI['app-user_notAdmin']->set_type(\API_OAuth2_Application::WEB_TYPE);
 }
コード例 #5
0
 public function testAuthorizeRedirect()
 {
     //session off
     $apps = \API_OAuth2_Application::load_authorized_app_by_user(self::$DI['app'], self::$DI['user']);
     foreach ($apps as $app) {
         if ($app->get_client_id() == self::$DI['oauth2-app-user']->get_client_id()) {
             $authorize = true;
             self::$DI['client']->followRedirects();
         }
     }
 }
コード例 #6
0
ファイル: Oauth2.php プロジェクト: romainneutron/Phraseanet
 public function connect(Application $app)
 {
     $app['controller.oauth2'] = $this;
     $controllers = $app['controllers_factory'];
     $app['oauth'] = $app->share(function ($app) {
         return new \API_OAuth2_Adapter($app);
     });
     /**
      * AUTHORIZE ENDPOINT
      *
      * Authorization endpoint - used to obtain authorization from the
      * resource owner via user-agent redirection.
      */
     $authorize_func = function () use($app) {
         $request = $app['request'];
         $oauth2_adapter = $app['oauth'];
         $context = new Context(Context::CONTEXT_OAUTH2_NATIVE);
         $app['dispatcher']->dispatch(PhraseaEvents::PRE_AUTHENTICATE, new PreAuthenticate($request, $context));
         //Check for auth params, send error or redirect if not valid
         $params = $oauth2_adapter->getAuthorizationRequestParameters($request);
         $app_authorized = false;
         $errorMessage = false;
         $client = \API_OAuth2_Application::load_from_client_id($app, $params['client_id']);
         $oauth2_adapter->setClient($client);
         $action_accept = $request->get("action_accept");
         $action_login = $request->get("action_login");
         $template = "api/auth/end_user_authorization.html.twig";
         $custom_template = sprintf("%s/config/templates/web/api/auth/end_user_authorization/%s.html.twig", $app['root.path'], $client->get_id());
         if (file_exists($custom_template)) {
             $template = sprintf('api/auth/end_user_authorization/%s.html.twig', $client->get_id());
         }
         if (!$app['authentication']->isAuthenticated()) {
             if ($action_login !== null) {
                 try {
                     $usr_id = $app['auth.native']->getUsrId($request->get("login"), $request->get("password"), $request);
                     if (null === $usr_id) {
                         $app['session']->getFlashBag()->set('error', $app->trans('login::erreur: Erreur d\'authentification'));
                         return $app->redirectPath('oauth2_authorize');
                     }
                 } catch (RequireCaptchaException $e) {
                     return $app->redirectPath('oauth2_authorize', ['error' => 'captcha']);
                 } catch (AccountLockedException $e) {
                     return $app->redirectPath('oauth2_authorize', ['error' => 'account-locked']);
                 }
                 $app['authentication']->openAccount($app['manipulator.user']->getRepository()->find($usr_id));
             }
             return new Response($app['twig']->render($template, ["auth" => $oauth2_adapter]));
         }
         //check if current client is already authorized by current user
         $user_auth_clients = \API_OAuth2_Application::load_authorized_app_by_user($app, $app['authentication']->getUser());
         foreach ($user_auth_clients as $auth_client) {
             if ($client->get_client_id() == $auth_client->get_client_id()) {
                 $app_authorized = true;
             }
         }
         $account = $oauth2_adapter->updateAccount($app['authentication']->getUser());
         $params['account_id'] = $account->get_id();
         if (!$app_authorized && $action_accept === null) {
             $params = ["auth" => $oauth2_adapter, "errorMessage" => $errorMessage];
             return new Response($app['twig']->render($template, $params));
         } elseif (!$app_authorized && $action_accept !== null) {
             $app_authorized = (bool) $action_accept;
             $account->set_revoked(!$app_authorized);
         }
         //if native app show template
         if ($oauth2_adapter->isNativeApp($params['redirect_uri'])) {
             $params = $oauth2_adapter->finishNativeClientAuthorization($app_authorized, $params);
             return new Response($app['twig']->render("api/auth/native_app_access_token.html.twig", $params));
         }
         $oauth2_adapter->finishClientAuthorization($app_authorized, $params);
         // As OAuth2 library already outputs response content, we need to send an empty
         // response to avoid breaking silex controller
         return '';
     };
     $controllers->match('/authorize', $authorize_func)->method('GET|POST')->bind('oauth2_authorize');
     /**
      *  TOKEN ENDPOINT
      *  Token endpoint - used to exchange an authorization grant for an access token.
      */
     $controllers->post('/token', function (\Silex\Application $app, Request $request) {
         if (!$request->isSecure()) {
             throw new HttpException(400, 'This route requires the use of the https scheme', null, ['content-type' => 'application/json']);
         }
         $app['oauth']->grantAccessToken($request);
         ob_flush();
         flush();
         // As OAuth2 library already outputs response content, we need to send an empty
         // response to avoid breaking silex controller
         return '';
     });
     return $controllers;
 }
コード例 #7
0
 /**
  * @cover \Alchemy\Phrasea\Controller\Root\Developers::authorizeGrantpassword
  */
 public function testAuthorizeGrantpasswordToken()
 {
     $oauthApp = self::$DI['oauth2-app-user'];
     $this->XMLHTTPRequest('POST', '/developers/application/' . $oauthApp->get_id() . '/authorize_grant_password/', ['grant' => '1']);
     $this->assertTrue(self::$DI['client']->getResponse()->isOk());
     $content = json_decode(self::$DI['client']->getResponse()->getContent());
     $this->assertTrue($content->success);
     $oauthApp = new \API_OAuth2_Application(self::$DI['app'], $oauthApp->get_id());
     $this->assertTrue($oauthApp->is_password_granted());
 }
コード例 #8
0
ファイル: Account.php プロジェクト: romainneutron/Phraseanet
 /**
  * Display authorized applications that can access user informations
  *
  * @param  Application $app     A Silex application where the controller is mounted on
  * @param  Request     $request The current request
  * @return Response
  */
 public function accountAuthorizedApps(Application $app, Request $request)
 {
     return $app['twig']->render('account/authorized_apps.html.twig', ["applications" => \API_OAuth2_Application::load_app_by_user($app, $app['authentication']->getUser())]);
 }
コード例 #9
0
ファイル: Account.php プロジェクト: romainneutron/Phraseanet
 public static function load_with_user(Application $app, API_OAuth2_Application $application, User $user)
 {
     $sql = 'SELECT api_account_id FROM api_accounts
         WHERE usr_id = :usr_id AND application_id = :application_id';
     $params = [":usr_id" => $user->getId(), ":application_id" => $application->get_id()];
     $stmt = $app['phraseanet.appbox']->get_connection()->prepare($sql);
     $stmt->execute($params);
     $row = $stmt->fetch(PDO::FETCH_ASSOC);
     $stmt->closeCursor();
     if (!$row) {
         throw new NotFoundHttpException('Account nof found.');
     }
     return new self($app, $row['api_account_id']);
 }
コード例 #10
0
 /**
  * Get application information
  *
  * @param  Application $app     A Silex application where the controller is mounted on
  * @param  Request     $request The current request
  * @param  integer     $id      The application id
  * @return Response
  */
 public function getApp(Application $app, Request $request, $id)
 {
     try {
         $client = new \API_OAuth2_Application($app, $id);
     } catch (NotFoundHttpException $e) {
         $app->abort(404);
     }
     $token = $client->get_user_account($app['authentication']->getUser())->get_token()->get_value();
     return $app['twig']->render('developers/application.html.twig', ["application" => $client, "user" => $app['authentication']->getUser(), "token" => $token]);
 }
コード例 #11
0
 public function testCheckNativeApp()
 {
     $value = self::$DI['app']['conf']->get(['registry', 'api-clients', 'navigator-enabled']);
     self::$DI['app']['conf']->set(['registry', 'api-clients', 'navigator-enabled'], false);
     $fail = null;
     try {
         $nativeApp = \API_OAuth2_Application::load_from_client_id(self::$DI['app'], \API_OAuth2_Application_Navigator::CLIENT_ID);
         $account = \API_OAuth2_Account::create(self::$DI['app'], self::$DI['user'], $nativeApp);
         $token = $account->get_token()->get_value();
         $this->setToken($token);
         self::$DI['client']->request('GET', '/api/v1/databoxes/list/', $this->getParameters(), [], ['HTTP_Accept' => $this->getAcceptMimeType()]);
         $content = $this->unserialize(self::$DI['client']->getResponse()->getContent());
         if (403 != $content['meta']['http_code']) {
             $fail = new \Exception('Result does not match expected 403, returns ' . $content['meta']['http_code']);
         }
     } catch (\Exception $e) {
         $fail = $e;
     }
     self::$DI['app']['conf']->set(['registry', 'api-clients', 'navigator-enabled'], false);
     if ($fail) {
         throw $fail;
     }
 }