public function getLogin() { if (Auth::guest()) { $msg = $this->memento_service->getCurrentRequest(); $auth_request = new OpenIdAuthenticationRequest($msg); $params = array('realm' => $auth_request->getRealm()); if (!$auth_request->isIdentitySelectByOP()) { $params['claimed_id'] = $auth_request->getClaimedId(); $params['identity'] = $auth_request->getIdentity(); $params['identity_select'] = false; } else { $params['identity_select'] = true; } return View::make("login", $params); } else { return Redirect::action("UserController@getProfile"); } }
public function process(User $user) { //check if we have a current openid message $msg = $this->memento_service->getCurrentRequest(); if (!is_null($msg) && $msg->isValid() && OpenIdAuthenticationRequest::IsOpenIdAuthenticationRequest($msg)) { //check if current user is has the same identity that the one claimed on openid message $auth_request = new OpenIdAuthenticationRequest($msg); if (!$auth_request->isIdentitySelectByOP()) { $claimed_id = $auth_request->getClaimedId(); $identity = $auth_request->getIdentity(); $current_identity = $this->server_configuration->getUserIdentityEndpointURL($user->getIdentifier()); //if not return fail ( we cant log in with a different user that the one stated on the authentication message! if ($claimed_id !== $current_identity && $identity !== $current_identity) { Log::warning(sprintf(OpenIdErrorMessages::AlreadyExistSessionMessage, $current_identity, $identity)); throw new AuthenticationException(sprintf(OpenIdErrorMessages::AlreadyExistSessionMessage, $current_identity, $identity)); } } } }
public function __construct(IMementoOpenIdRequestService $openid_memento_service, IMementoOAuth2AuthenticationRequestService $oauth2_memento_service, IAuthService $auth_service, IServerConfigurationService $server_configuration_service, ITrustedSitesService $trusted_sites_service, DiscoveryController $discovery, IUserService $user_service, IUserActionService $user_action_service, IClientService $client_service, IApiScopeService $scope_service, ITokenService $token_service, IResourceServerService $resource_server_service, IUtilsServerConfigurationService $utils_configuration_service) { $this->openid_memento_service = $openid_memento_service; $this->oauth2_memento_service = $oauth2_memento_service; $this->auth_service = $auth_service; $this->server_configuration_service = $server_configuration_service; $this->trusted_sites_service = $trusted_sites_service; $this->discovery = $discovery; $this->user_service = $user_service; $this->user_action_service = $user_action_service; $this->client_service = $client_service; $this->scope_service = $scope_service; $this->token_service = $token_service; $this->resource_server_service = $resource_server_service; $this->utils_configuration_service = $utils_configuration_service; //filters $this->beforeFilter('csrf', array('only' => array('postLogin', 'postConsent'))); $openid_msg = $this->openid_memento_service->getCurrentRequest(); $oauth2_msg = $this->oauth2_memento_service->getCurrentAuthorizationRequest(); if (!is_null($openid_msg) && $openid_msg->isValid() && OpenIdAuthenticationRequest::IsOpenIdAuthenticationRequest($openid_msg)) { //openid stuff $this->beforeFilter('openid.save.request'); $this->beforeFilter('openid.needs.auth.request', array('only' => array('getConsent'))); $this->login_strategy = new OpenIdLoginStrategy($openid_memento_service, $user_action_service, $auth_service); $this->consent_strategy = new OpenIdConsentStrategy($openid_memento_service, $auth_service, $server_configuration_service, $user_action_service); } else { if (!is_null($oauth2_msg) && $oauth2_msg->isValid()) { $this->beforeFilter('oauth2.save.request'); $this->beforeFilter('oauth2.needs.auth.request', array('only' => array('getConsent'))); $this->login_strategy = new OAuth2LoginStrategy($auth_service, $oauth2_memento_service, $user_action_service); $this->consent_strategy = new OAuth2ConsentStrategy($auth_service, $oauth2_memento_service, $scope_service, $client_service); } else { //default stuff $this->login_strategy = new DefaultLoginStrategy($user_action_service, $auth_service); $this->consent_strategy = null; } } }
/** * @param OpenIdMessage $message * @return bool */ protected function canHandle(OpenIdMessage $message) { $res = OpenIdAuthenticationRequest::IsOpenIdAuthenticationRequest($message); return $res; }
throw new Illuminate\Session\TokenMismatchException(); } }); Route::filter('ajax', function () { if (!Request::ajax()) { App::abort(404); } }); Route::filter("openid.needs.auth.request", function () { $memento_service = ServiceLocator::getInstance()->getService(OpenIdServiceCatalog::MementoService); $openid_message = $memento_service->getCurrentRequest(); if ($openid_message == null || !$openid_message->isValid()) { throw new InvalidOpenIdMessageException(); } $configuration_service = ServiceLocator::getInstance()->getService(OpenIdServiceCatalog::ServerConfigurationService); $auth_request = new OpenIdAuthenticationRequest($openid_message, $configuration_service->getUserIdentityEndpointURL('@identifier')); if (!$auth_request->isValid()) { throw new InvalidOpenIdMessageException(); } }); Route::filter("openid.save.request", function () { $memento_service = ServiceLocator::getInstance()->getService(OpenIdServiceCatalog::MementoService); $memento_service->saveCurrentRequest(); }); Route::filter("oauth2.save.request", function () { $memento_service = ServiceLocator::getInstance()->getService(OAuth2ServiceCatalog::MementoService); $memento_service->saveCurrentAuthorizationRequest(); }); Route::filter("oauth2.needs.auth.request", function () { $memento_service = ServiceLocator::getInstance()->getService(OAuth2ServiceCatalog::MementoService); $oauth2_message = $memento_service->getCurrentAuthorizationRequest();
/** * @param OpenIdMessage $message * @param $op_endpoint_url */ public function __construct(OpenIdMessage $message, $op_endpoint_url) { parent::__construct($message); $this->op_endpoint_url = $op_endpoint_url; }