openinfra
/
openstackid
Code Issues Proposed changes
426 Commits 1 Branch 48 Tags 9.8 MiB
Commit Graph

26 Commits

Author SHA1 Message Date
Clark Boylan f878d60979 Retire this repository as it has moved 
This project is no longer developed on opendev and has moved to github.
Perform project retirement to clean up the opendev content. In
particular we want to remove zuul configs that have errors, but also
give people hints to the current code repository.

Depends-On: https://review.opendev.org/c/openstack/project-config/+/818170
Change-Id: Icd4d25d60d96d57eb99f1bcb4055a7bb4ae10b30
 2021-11-16 14:36:31 -08:00
smarcet 6dc411fad9 Auth Code Flow PKCE support 
implementation of https://tools.ietf.org/html/rfc7636

Change-Id: Ib88a3b6c9652e6eea9648177ffd0d143ab995ac6
Signed-off-by: smarcet <smarcet@gmail.com>
 2021-02-05 12:19:19 -03:00
smarcet c47515a07b Fix on info text css color 
Change-Id: I72bb490a450af653cf49e81faea326e2cd76c8b4
Signed-off-by: smarcet <smarcet@gmail.com>
 2020-12-02 15:30:50 -03:00
smarcet 8ff349761d New OAUTH2 endpoints to update user info (ME) 
PUT /api/v1/users/me

payload

'first_name' => 'sometimes|string',
'last_name' => 'sometimes|string',
'email' => 'sometimes|email',
'identifier' => 'sometimes|string',
'bio' => 'nullable|string',
'address1' => 'nullable|string',
'address2' => 'nullable|string',
'city' => 'nullable|string',
'state' => 'nullable|string',
'post_code' => 'nullable|string',
'country_iso_code' => 'nullable|country_iso_alpha2_code',
'second_email' => 'nullable|email',
'third_email' => 'nullable|email',
'gender' => 'nullable|string',
'gender_specify' => 'nullable|string',
'statement_of_interest' => 'nullable|string',
'irc' => 'nullable|string',
'linked_in_profile' => 'nullable|string',
'github_user' => 'nullable|string',
'wechat_user' => 'nullable|string',
'twitter_name' => 'nullable|string',
'language' => 'nullable|string',
'birthday' => 'nullable|date_format:U',
'password' => 'sometimes|string|min:8|confirmed',
'phone_number' => 'nullable|string',
'company' => 'nullable|string',

required scopes

me/write

PUT /api/v1/users/me/pic

multiform encoding

pic: file (png, jpg, jpeg)

required scopes

me/write

Change-Id: I31a1edd9eb1fcdee228a8f5ba1b44d324116edd9
Signed-off-by: smarcet <smarcet@gmail.com>
 2020-08-12 10:01:18 -03:00
smarcet 233e30aaab Stream Chat SSO 
https://getstream.io/chat/docs/tokens_and_authentication

GET /api/v1/sso/stream-chat/{forum_slug}/profile

required scope

sso

Change-Id: I81b9b5987d4d9d95d4551ea2925471aeab19743c
Signed-off-by: smarcet <smarcet@gmail.com>
 2020-07-16 08:39:12 -03:00
smarcet 68c10a2765 Added Rabbit MQ config 
added endpoint /api/v1/users/{id}

scope users-read-all

Change-Id: Ibe066b728b460052c619a2fcb0e83b8225543a1f
Signed-off-by: smarcet <smarcet@gmail.com>
 2020-06-23 08:14:05 -03:00
smarcet cff54c01e6 SSO 3rd Party integration 
Disqus

GET /api/v1/sso/disqus/{forum_slug}/profile

required scope

sso

Rocket Chat

GET /api/v1/sso/rocket-chat/{forum_slug}/profile

required scope

sso

Change-Id: Ie72bc4846356cbef00c04a52d1329af53469e9a6
Signed-off-by: smarcet <smarcet@gmail.com>
 2020-05-30 13:13:20 -03:00
smarcet a1fe454234 Client credentials encoding issue 
* Added urldecode to client credentials parsing alg
* Refactoring

Change-Id: I057f0ee04939f4292ab8822733471e88bd2a6cfc
Signed-off-by: smarcet <smarcet@gmail.com>
 2020-04-01 12:04:04 -03:00
smarcet f801d75082 Fixed Client::isAllowedUri Method 
* added canonical url logic
* refactoring

Change-Id: Ia4eb1a8330cae17f04b3cdeb49166d685e0c525d
Signed-off-by: smarcet <smarcet@gmail.com>
 2020-02-22 10:56:32 -03:00
smarcet a4c4efec6b Updated Cookies Policies 
Added new middleware to bypass SameSite=none
for incompatibles clients

Change-Id: I895adf030e174b31e919fa096b2e691c1dcb1472
Signed-off-by: smarcet <smarcet@gmail.com>
 2020-02-15 17:36:26 -03:00
smarcet 3fc5056149 Zuul jobs refactoring 
* Added new Role to set up the Laravel Test Env
* Fixed broken unit tests
* added php unit run to job openstackid-unittests

Change-Id: Ibfaf44b32bb6a1cdbe0c693af44b024a01dc6adf
 2020-01-28 13:34:38 -03:00
smarcet b52c932636 IDP - User Management 
* Added user registration process
* Added user password reset process
* Added user email verification proccess
* update token id to return custom claims
* update access token instrospection to return user custom claims
* Migrated to Doctrine ORM ( from eloquent)
* Added User CRUD
* Added User Groups CRUD
* Refactoring
* Bug Fixing
* added user registration oauth2 endpoint
  POST /api/v1/user-registration-requests

payload

* first_name ( required )
* last_name ( required)
* email ( required )
* country ( optional )

scope

user-registration ( private scope)

Change-Id: I36e8cd4473ccad734565051442e2c6033b204f27
 2020-01-23 03:06:05 -03:00
smarcet 8d6fcb85cc Fixed Scope Groups Update 
* fixed server error due a deprecated method
* refactoring

Change-Id: I25f193d54f0953d1e6dca19553874b0bfe69e947
 2019-04-02 16:25:39 -03:00
smarcet cb3fee441f Migration to PHP 7.x 
* updated dependencies
* updated LV version to 5.6

Depends-On: https://review.openstack.org/629495

Depends-On: https://review.openstack.org/629896

Change-Id: Iacf81dd65d71102ad0660c5c2bdd6633bf727ec0
 2019-01-10 13:51:06 -03:00
Sebastian Marcet 574a41c03b Fixed ODIC ImplicitGrant lost session issue 
When user already had a valid session on IDP
and tried to get a new idtoken, got
an absentuserexception, although it was already
logged in. That was due to a overlook to register
again on IPricipal the already existing session.

Change-Id: I642655f188619b28712f3268e5db6178d89a4c33
 2018-08-02 11:20:01 -03:00
Sebastian Marcet 07294e97ac Fix Access Token reissue with 
Rotate Refresh Token policy active

If user configured his/her oauth2 client
with "Rotate Refresh Token Policy" active
once emmited access token re issuing
that newly access token create was invalid.

Change-Id: I037c8b561dc5b720c71ccba7d8e2a081fb9783e5
 2017-10-17 14:31:48 -03:00
Sebastian Marcet d83b763c2c Improved Missing Scope error 
if scope was missing on oauth2
request, not a very descriptive error
was given.

Change-Id: I2573c77bcfec8dd340ae60e15db8c2558c3af851
 2017-09-27 12:36:29 -03:00
Sebastian Marcet 76c37b61e6 Reduced OpenID log noise 
* added a base class for all openid exceptions
* moved invalid assoc exception from 500 to 400
* fixed bug on openid mememto request

Change-Id: I82d7c2077f1bd507b37ad3561fea924fb87d5353
 2017-08-11 12:43:43 -03:00
Sebastian Marcet d343be293a Removed noise from log (OAUTH2.0) 
missing response_type on auth request
was handled like 500 now its downgraded
to 400

Change-Id: I2ddb9b2649bdfc8ac5049500371360daaf610553
 2017-08-11 10:10:03 -03:00
Sebastian Marcet b459998364 Updated claims on OpenId/OAuth 
* updated claim nickname to be user identifier
* added sub claim to endpoint /api/v1/userinfo/me
* fixed broken test

Change-Id: I9c34e5c2271ba5bcf7e480ea31530d1717fb0e09
 2017-04-12 00:37:06 -03:00
Sebastian Marcet 8bfc282634 Added OpenId 2.0 SREG 1.0 ext support 
implemented http://openid.net/specs/openid-simple-registration-extension-1_0.html

Change-Id: I0b3b3c70b4eacc6ea95932f7a3ed1c522a26b1e4
 2017-04-10 18:38:55 -03:00
Sebastian Marcet a018b8aa6f Fix on user identifer generator (openid) 
there was an issue with trailing dots and
user name connectors

Change-Id: I104230ee14c05c194ba4b431c1b1bf0ae487314d
 2017-03-15 16:27:53 -03:00
Sebastian Marcet dff98a009a Fixed user name generation 
in the past user name generation was no trimming
white spaces, so was adding %20 on openid url.
Also added migration to fix the former user names.

Change-Id: Ic784102433def9b47b9151800623eea2f32920b2
 2017-02-01 17:12:11 -03:00
Sebastian Marcet 83b4c3236b Fix on User Consent Service 
when end user on any OAuth2.0 flow
especified severals scopes on the auth
request, the permutation alg carried on user
consent service grow until occasionate a
stack overflow, now its fixed with a simplier
approach.

Change-Id: I2206ee2c7bcd04c21f3119da27ed27bd917edbd1
 2017-01-05 19:12:04 -03:00
Sebastian Marcet 46ba59a1d2 Removed TLD validation 
in the past we received several complains about
restrictive openstackid validation related to TLD
now that validation was removed, bc not added
to much value on security.

Change-Id: I47a842416ad898b9508831ee5f6e0d59e4bf3e5e
 2016-12-29 00:16:59 -03:00
Sebastian Marcet 6b0d6c36af IDP Upgrade from Laravel 4.X to 5.X 
In order to migrate IDP from LV 4.x to
latest LV version, following task were performed:

* Updated namespace to be complain with PSR-4
* General Refactoring: moved all DB access code
  from services to repositories.
* Migration to LV 5.X: these migration guides
  were applied
  - https://laravel.com/docs/5.3/upgrade#upgrade-5.0
  - https://laravel.com/docs/5.3/upgrade#upgrade-5.1.0
  - https://laravel.com/docs/5.3/upgrade#upgrade-5.2.0
* Improved caching: added repositories decorators
  in order to add REDIS cache to queries, entities

Change-Id: I8edf9f5fce6585129701c88bb88332f242307534
 2016-11-17 18:37:40 -03:00