/** * Action for URL that the client redirects to when coming back from providers. */ public function actionRemoteLogin() { if (null !== $this->_remoteError) { $this->_redirectError($this->_remoteError); } if (null === ($_providerId = Option::request('pid'))) { throw new BadRequestException('No remote login provider specified.'); } $this->layout = false; $_flow = FilterInput::request('flow', Flows::CLIENT_SIDE, FILTER_SANITIZE_NUMBER_INT); // Check local then global... if (null === ($_providerModel = Provider::model()->byPortal($_providerId)->find())) { /** @var \stdClass $_providerModel */ $_providerModel = Fabric::getProviderCredentials($_providerId); if (empty($_providerModel)) { throw new BadRequestException('The provider "' . $_providerId . '" is not available.'); } // Translate from back-end to front-end $_model = new stdClass(); $_model->id = $_providerModel->id; $_model->provider_name = $_providerModel->provider_name_text; $_model->config_text = $_providerModel->config_text; $_model->api_name = $_providerModel->endpoint_text; $_model->is_active = $_providerModel->enable_ind; $_model->is_login_provider = $_providerModel->login_provider_ind; $_providerModel = $_model; } // Set our store... Oasys::setStore($_store = new ProviderUserStore(Session::getCurrentUserId(), $_providerModel->id)); $_config = Provider::buildConfig($_providerModel, Pii::getState($_providerId . '.user_config', array()), array('flow_type' => $_flow, 'redirect_uri' => Curl::currentUrl(false) . '?pid=' . $_providerModel->provider_name)); $_provider = Oasys::getProvider($_providerId, $_config); if ($_provider->handleRequest()) { // Now let the user model figure out what to do... try { $_user = User::remoteLoginRequest($_providerId, $_provider, $_providerModel); Log::debug('Remote login success: ' . $_user->email . ' (id#' . $_user->id . ')'); } catch (\Exception $_ex) { Log::error($_ex->getMessage()); // No soup for you! $this->_redirectError($_ex->getMessage()); } // Go home baby! $this->redirect('/'); } Log::error('Seems that the provider rejected the login...'); $this->_redirectError('Error during remote login sequence. Please try again.'); }
/** * Construct a link to authorize the application * * @param array $payload * * @return string */ public function getAuthorizationUrl($payload = array()) { $_map = $this->_config->getEndpoint(EndpointTypes::AUTHORIZE); $_scope = $this->getConfig('scope'); $_referrer = Option::get($this->_requestPayload, 'referrer', Option::server('HTTP_REFERER', Curl::currentUrl()), true); $_redirectUri = $this->getConfig('redirect_uri', $_referrer); $_origin = $this->getConfig('origin_uri', $_redirectUri); $_proxyUrl = $this->getConfig('redirect_proxy_url'); $_state = array('request' => array('method' => Option::server('REQUEST_METHOD'), 'referrer' => $_referrer, 'query_string' => Option::server('QUERY_STRING'), 'remote_addr' => Option::server('REMOTE_ADDR'), 'time' => microtime(true), 'uri' => Option::server('REQUEST_URI'), 'payload' => $this->_requestPayload), 'origin' => $_origin, 'api_key' => sha1($_origin), 'redirect_uri' => $_redirectUri); Log::debug('Request state built: ' . print_r($_state, true)); $_payload = array_merge(array('client_id' => $this->getConfig('client_id'), 'redirect_uri' => $_redirectUri, 'response_type' => 'code', 'scope' => is_array($_scope) ? implode(' ', $_scope) : $_scope, 'state' => Storage::freeze($_state)), Option::clean(Option::get($_map, 'parameters', array()))); if (!empty($_proxyUrl)) { Log::info('Proxying request through: ' . $_proxyUrl); $_payload['redirect_uri'] = $_proxyUrl; } $_qs = http_build_query($_payload); $this->setConfig('authorize_url', $_authorizeUrl = $_map['endpoint'] . Curl::urlSeparator($_map['endpoint']) . $_qs); Log::debug('Authorization URL created: ' . $_authorizeUrl); return $_authorizeUrl; }
* This file is part of the DreamFactory Oasys (Open Authentication SYStem) * * DreamFactory Oasys (Open Authentication SYStem) <http://dreamfactorysoftware.github.io> * Copyright 2014 DreamFactory Software, Inc. <*****@*****.**> * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ namespace DreamFactory\Oasys\Configs\Schemas; /** * oauth.schema.php * The config schema for an OAuth service */ use DreamFactory\Oasys\Enums\AccessTypes; use DreamFactory\Oasys\Enums\Flows; use DreamFactory\Oasys\Enums\GrantTypes; use DreamFactory\Oasys\Enums\OAuthTypes; use DreamFactory\Oasys\Enums\TokenTypes; use Kisma\Core\Utility\Curl; return array('client_id' => array('type' => 'text', 'maxlength' => 64, 'class' => 'required'), 'client_secret' => array('type' => 'text', 'maxlength' => 128, 'class' => 'required'), 'redirect_uri' => array('type' => 'text', 'maxlength' => 1024, 'class' => 'required', 'placeholder' => Curl::currentUrl(false, false)), 'scope' => array('type' => 'textarea', 'hint' => 'Comma-separated list of desired scopes.'), 'certificate_file' => array('type' => 'textarea', 'maxlength' => 1024, 'placeholder' => 'Provider Default'), 'authorize_url' => array('type' => 'text', 'maxlength' => 1024, 'placeholder' => 'Provider Default'), 'grant_type' => array('type' => 'select', 'value' => GrantTypes::AUTHORIZATION_CODE, 'data' => GrantTypes::getDefinedConstants(true, null, true)), 'auth_type' => array('type' => 'select', 'value' => OAuthTypes::URI, 'data' => OAuthTypes::getDefinedConstants(true, null, true)), 'access_type' => array('type' => 'select', 'value' => AccessTypes::OFFLINE, 'data' => AccessTypes::getDefinedConstants(true, null, true)), 'flow_type' => array('type' => 'select', 'value' => Flows::SERVER_SIDE, 'data' => Flows::getDefinedConstants(true, null, true)), 'access_token_param_name' => array('type' => 'text', 'maxlength' => 64, 'hint' => 'The name of the parameter to use when sending the access token via URL.'), 'auth_header_name' => array('type' => 'text', 'maxlength' => 64, 'hint' => 'The name of the parameter to use when sending the access token via HTTP header.'), 'access_token_type' => array('type' => 'select', 'default' => TokenTypes::URI, 'data' => TokenTypes::getDefinedConstants(true, null, true), 'hint' => 'The type of, and way the provider expects to receive, the token.'), 'access_token' => array('type' => 'text', 'maxlength' => 128, 'placeholder' => 'Not Stored', 'private' => true), 'access_token_secret' => array('type' => 'text', 'maxlength' => 128, 'placeholder' => 'Not Stored', 'private' => true), 'access_token_expires' => array('type' => 'text', 'class' => 'number', 'private' => true), 'refresh_token' => array('type' => 'text', 'maxlength' => 128, 'private' => true), 'refresh_token_expires' => array('type' => 'text', 'class' => 'number', 'private' => true), 'redirect_proxy_url' => array('type' => 'text', 'maxlength' => 1024));
</div> </div> </div> </div> </div> </div> </div> <!-- Footer --> <?php include __DIR__ . '/views/_footer.php'; ?> <script src="//ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script> <script src="//maxcdn.bootstrapcdn.com/bootstrap/3.2.0/js/bootstrap.min.js"></script> <script src="//google-code-prettify.googlecode.com/svn/loader/run_prettify.js"></script> <script src="js/app.jquery.js"></script> <script> // This needs to be last because _options is defined in app.jquery.js... lame, I know... _options.baseUrl = <?php echo "'" . Curl::currentUrl(false, false) . "'"; ?> ; _options.providers = <?php echo json_encode($_providerCache); ?> ; </script> </body> </html>
$_step = 'light'; $_headline = 'DSP Settings'; $_themeList = null; // Change these to update the CDN versions used. Set to false to disable $_bootstrapVersion = '3.1.1'; // Set to false to disable $_bootswatchVersion = '3.1.1'; $_dataTablesVersion = '1.9.4'; $_bootswatchTheme = FilterInput::request('theme', Pii::getState('admin.default_theme', 'default'), FILTER_SANITIZE_STRING); Pii::setState('dsp.admin_theme', $_bootswatchTheme); $_useBootswatchThemes = 'default' != $_bootswatchTheme; $_fontAwesomeVersion = '4.0.3'; // Set to false to disable $_jqueryVersion = '1.11.0'; $_themes = array('Default', 'Amelia', 'Cerulean', 'Cosmo', 'Cyborg', 'Flatly', 'Journal', 'Readable', 'Simplex', 'Slate', 'Spacelab', 'United'); $_url = Curl::currentUrl(false); foreach ($_themes as $_item) { $_name = strtolower($_item); $_class = $_bootswatchTheme == $_name ? 'class="active"' : null; $_themeList .= <<<HTML \t<li {$_class}><a href="{$_url}?theme={$_name}">{$_item}</a></li> HTML; } // Our css building begins... $_css = '<link href="https://fonts.googleapis.com/css?family=Open+Sans:400,700,800" rel="stylesheet" type="text/css">'; $_scripts = null; if ($_useBootswatchThemes) { $_css .= '<link href="//netdna.bootstrapcdn.com/bootswatch/' . $_bootswatchVersion . '/' . $_bootswatchTheme . '/bootstrap.min.css" rel="stylesheet" media="screen">'; } else { if (false !== $_bootstrapVersion) { $_css .= '<link href="//netdna.bootstrapcdn.com/bootstrap/' . $_bootstrapVersion . '/css/bootstrap.min.css" rel="stylesheet" media="screen">';