/**
* @param array $schema
*/
protected static function prepareConfigSchemaField(array &$schema)
{
$roles = Role::whereIsActive(1)->get();
$roleList = [];
foreach ($roles as $role) {
$roleList[] = ['label' => $role->name, 'name' => $role->id];
}
parent::prepareConfigSchemaField($schema);
switch ($schema['name']) {
case 'default_role':
$schema['type'] = 'picklist';
$schema['values'] = $roleList;
$schema['description'] = 'Select a default role for users logging in with this AD/LDAP service type.';
break;
case 'host':
$schema['description'] = 'The host name for your AD/LDAP server.';
break;
case 'base_dn':
$schema['label'] = 'Base DN';
$schema['description'] = 'The base DN for your domain.';
break;
case 'account_suffix':
$schema['description'] = 'The full account suffix for your domain.';
break;
}
}
/**
* Returns role info cached, or reads from db if not present.
* Pass in a key to return a portion/index of the cached data.
*
* @param int $id
* @param null|string $key
* @param null $default
*
* @return mixed|null
*/
public static function getCachedInfo($id, $key = null, $default = null)
{
$cacheKey = 'role:' . $id;
try {
$result = \Cache::remember($cacheKey, \Config::get('df.default_cache_ttl'), function () use($id) {
$role = Role::with(['role_lookup_by_role_id', 'role_service_access_by_role_id', 'service_by_role_service_access'])->whereId($id)->first();
if (empty($role)) {
throw new NotFoundException("Role not found.");
}
if (!$role->is_active) {
throw new ForbiddenException("Role is not active.");
}
$roleInfo = $role->toArray();
$services = ArrayUtils::get($roleInfo, 'service_by_role_service_access');
unset($roleInfo['service_by_role_service_access']);
foreach ($roleInfo['role_service_access_by_role_id'] as $key => $value) {
$serviceName = ArrayUtils::findByKeyValue($services, 'id', ArrayUtils::get($value, 'service_id'), 'name');
$component = ArrayUtils::get($value, 'component');
$roleInfo['role_service_access_by_role_id'][$key]['service'] = $serviceName;
$roleInfo['role_service_access_by_role_id'][$key]['component'] = trim($component, '/');
}
return $roleInfo;
});
if (is_null($result)) {
return $default;
}
} catch (ModelNotFoundException $ex) {
return $default;
}
if (is_null($key)) {
return $result;
}
return isset($result[$key]) ? $result[$key] : $default;
}
/**
* @param array $schema
*/
protected static function prepareConfigSchemaField(array &$schema)
{
$roles = Role::whereIsActive(1)->get();
$roleList = [];
foreach ($roles as $role) {
$roleList[] = ['label' => $role->name, 'name' => $role->id];
}
parent::prepareConfigSchemaField($schema);
switch ($schema['name']) {
case 'default_role':
$schema['type'] = 'picklist';
$schema['values'] = $roleList;
$schema['description'] = 'Select a default role for users logging in with this OAuth service type.';
break;
case 'client_id':
$schema['label'] = 'Client ID';
$schema['description'] = 'A public string used by the service to identify your app and to build authorization URLs.';
break;
case 'client_secret':
$schema['description'] = 'A private string used by the service to authenticate the identity of the application.';
break;
case 'redirect_url':
$schema['label'] = 'Redirect URL';
$schema['description'] = 'The location the user will be redirected to after a successful login.';
break;
case 'icon_class':
$schema['description'] = 'The icon to display for this OAuth service.';
break;
}
}
/** @inheritdoc */
protected static function prepareConfigSchemaField(array &$schema)
{
$roles = Role::whereIsActive(1)->get();
$roleList = [];
foreach ($roles as $role) {
$roleList[] = ['label' => $role->name, 'name' => $role->id];
}
parent::prepareConfigSchemaField($schema);
switch ($schema['name']) {
case 'default_role':
$schema['type'] = 'picklist';
$schema['values'] = $roleList;
$schema['description'] = 'Select a default role for users logging in with this AD/LDAP service type.';
break;
case 'host':
$schema['description'] = 'The host name for your AD/LDAP server.';
break;
case 'base_dn':
$schema['label'] = 'Base DN';
$schema['description'] = 'The base DN for your domain.';
break;
case 'account_suffix':
$schema['description'] = 'The full account suffix for your domain.';
break;
case 'map_group_to_role':
$schema['description'] = 'Checking this will map your Roles to AD Groups.';
break;
case 'username':
$schema['description'] = '(Optional) Enter AD administrator username to enable additional features.';
break;
case 'password':
$schema['description'] = '(Optional) Enter AD administrator password to enable additional features.';
break;
}
}
public function index()
{
$uri = static::getURI($_SERVER);
$dist = env('DF_INSTALL', '');
if (empty($dist) && false !== stripos(env('DB_DATABASE', ''), 'bitnami')) {
$dist = 'Bitnami';
}
$appCount = App::all()->count();
$adminCount = User::whereIsSysAdmin(1)->count();
$userCount = User::whereIsSysAdmin(0)->count();
$serviceCount = Service::all()->count();
$roleCount = Role::all()->count();
$status = ["uri" => $uri, "managed" => env('DF_MANAGED', false), "dist" => $dist, "demo" => Environment::isDemoApplication(), "version" => \Config::get('df.version'), "host_os" => PHP_OS, "resources" => ["app" => $appCount, "admin" => $adminCount, "user" => $userCount, "service" => $serviceCount, "role" => $roleCount]];
return ResponseFactory::sendResponse(ResponseFactory::create($status));
}
/**
* @param array $schema
*/
protected static function prepareConfigSchemaField(array &$schema)
{
parent::prepareConfigSchemaField($schema);
$roleList = [['label' => '', 'name' => null]];
$emailSvcList = [['label' => '', 'name' => null]];
$templateList = [['label' => '', 'name' => null]];
switch ($schema['name']) {
case 'open_reg_role_id':
$roles = Role::whereIsActive(1)->get();
foreach ($roles as $role) {
$roleList[] = ['label' => $role->name, 'name' => $role->id];
}
$schema['type'] = 'picklist';
$schema['values'] = $roleList;
$schema['label'] = 'Open Reg Role';
$schema['description'] = 'Select a role for self registered users.';
break;
case 'open_reg_email_service_id':
case 'invite_email_service_id':
case 'password_email_service_id':
$label = substr($schema['label'], 0, strlen($schema['label']) - 11);
$services = Service::whereIsActive(1)->whereIn('type', ['aws_ses', 'smtp_email', 'mailgun_email', 'mandrill_email', 'local_email'])->get();
foreach ($services as $service) {
$emailSvcList[] = ['label' => $service->label, 'name' => $service->id];
}
$schema['type'] = 'picklist';
$schema['values'] = $emailSvcList;
$schema['label'] = $label . ' Service';
$schema['description'] = 'Select an Email service for sending out ' . $label . '.';
break;
case 'open_reg_email_template_id':
case 'invite_email_template_id':
case 'password_email_template_id':
$label = substr($schema['label'], 0, strlen($schema['label']) - 11);
$templates = EmailTemplate::get();
foreach ($templates as $template) {
$templateList[] = ['label' => $template->name, 'name' => $template->id];
}
$schema['type'] = 'picklist';
$schema['values'] = $templateList;
$schema['label'] = $label . ' Template';
$schema['description'] = 'Select an Email template to use for ' . $label . '.';
break;
}
}
/**
* @param Request $request
* @param Closure $next
*
* @return array|mixed|string
*/
public function handle($request, Closure $next)
{
// Allow console requests through
if (env('DF_IS_VALID_CONSOLE_REQUEST', false)) {
return $next($request);
}
try {
static::setExceptions();
if (static::isAccessAllowed()) {
return $next($request);
} elseif (static::isException($request)) {
//API key and/or (non-admin) user logged in, but if access is still not allowed then check for exception case.
return $next($request);
} else {
$apiKey = Session::getApiKey();
$token = Session::getSessionToken();
if (empty($apiKey) && empty($token)) {
throw new BadRequestException('Bad request. No token or api key provided.');
} elseif (true === Session::get('token_expired')) {
throw new UnauthorizedException(Session::get('token_expired_msg'));
} elseif (true === Session::get('token_blacklisted')) {
throw new ForbiddenException(Session::get('token_blacklisted_msg'));
} elseif (true === Session::get('token_invalid')) {
throw new BadRequestException('Invalid token: ' . Session::get('token_invalid_msg'), 401);
} else {
if (!Role::getCachedInfo(Session::getRoleId(), 'is_active')) {
throw new ForbiddenException("Role is not active.");
} elseif (!Session::isAuthenticated()) {
throw new UnauthorizedException('Unauthorized.');
} else {
throw new ForbiddenException('Access Forbidden.');
}
}
}
} catch (\Exception $e) {
return ResponseFactory::getException($e, $request);
}
}
public static function setSessionData($appId = null, $userId = null)
{
$appInfo = $appId ? App::getCachedInfo($appId) : null;
$userInfo = $userId ? User::getCachedInfo($userId) : null;
$roleId = null;
if (!empty($userId) && !empty($appId)) {
$roleId = static::getRoleIdByAppIdAndUserId($appId, $userId);
}
if (empty($roleId) && !empty($appInfo)) {
$roleId = ArrayUtils::get($appInfo, 'role_id');
}
Session::setUserInfo($userInfo);
Session::put('app.id', $appId);
$roleInfo = $roleId ? Role::getCachedInfo($roleId) : null;
if (!empty($roleInfo)) {
Session::put('role.id', $roleId);
Session::put('role.name', $roleInfo['name']);
Session::put('role.services', $roleInfo['role_service_access_by_role_id']);
}
$systemLookup = Lookup::getCachedLookups();
$systemLookup = !empty($systemLookup) ? $systemLookup : [];
$appLookup = !empty($appInfo['app_lookup_by_app_id']) ? $appInfo['app_lookup_by_app_id'] : [];
$roleLookup = !empty($roleInfo['role_lookup_by_role_id']) ? $roleInfo['role_lookup_by_role_id'] : [];
$userLookup = !empty($userInfo['user_lookup_by_user_id']) ? $userInfo['user_lookup_by_user_id'] : [];
$combinedLookup = LookupKey::combineLookups($systemLookup, $appLookup, $roleLookup, $userLookup);
Session::put('lookup', ArrayUtils::get($combinedLookup, 'lookup'));
Session::put('lookup_secret', ArrayUtils::get($combinedLookup, 'lookup_secret'));
}
public function tearDown()
{
User::whereEmail('*****@*****.**')->delete();
Role::whereName('test_role')->delete();
App::whereId(1)->update(['role_id' => null]);
}
/**
* Generates the role data array using the role model.
*
* @param Role $role
*
* @return array
*/
protected static function getRoleData(Role $role)
{
$rsa = $role->getRoleServiceAccess();
$roleData = ['name' => $role->name, 'id' => $role->id, 'services' => $rsa];
return $roleData;
}
