openinfra
/
openstackid
Code Issues Proposed changes

Fix to prevent mantain unexistent users sessions: 

If member is deleted from SS DB and session is still
living on OpenstackID side, when user tries to log in
its redirects always to login page with a successfull
assertion no matter if user exists or not.
this patch prevents that behavior, so if user does not
exists on Member DB, then its logged out automatically
from OpenstackID.

Change-Id: I61ec907416561f3b76668e8ba9436cef95ecffd1
This commit is contained in:
Sebastian Marcet 2015-11-18 13:16:36 -03:00
parent d848e9a8e5
commit 1ee300d9bb
2 changed files with 282 additions and 226 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
app/libs/auth/AuthService.php
View File

@ -3,9 +3,9 @@
namespace auth;
use Auth;
use Member;
use Session;
use utils\services\IAuthService;
use \Member;
class AuthService implements IAuthService
{
@ -15,7 +15,16 @@ class AuthService implements IAuthService
*/
public function isUserLogged()
{
return Auth::check();
$res = Auth::check();
if ($res) {
$user = $this->getCurrentUser();
if (!$user->hasAssociatedMember()) {
$this->logout();
$res = false;
}
}
return $res;
}
/**
@ -23,7 +32,13 @@ class AuthService implements IAuthService
*/
public function getCurrentUser()
{
return Auth::user();
$user = Auth::user();
if (!is_null($user) && !$user->hasAssociatedMember()) {
$this->logout();
$user = null;
}
return $user;
}
/**
@ -49,12 +64,15 @@ class AuthService implements IAuthService
{
if (Session::has("openid.authorization.response")) {
$value = Session::get("openid.authorization.response");
return $value;
}
return IAuthService::AuthorizationResponse_None;
}
public function clearUserAuthorizationResponse(){
public function clearUserAuthorizationResponse()
{
if (Session::has("openid.authorization.response")) {
Session::remove("openid.authorization.response");
}
@ -68,14 +86,17 @@ class AuthService implements IAuthService
public function getUserByOpenId($openid)
{
$user = User::where('identifier', '=', $openid)->first();
return $user;
}
public function getUserByUsername($username)
{
$member = Member::where('Email', '=', $username)->first();
if(!is_null($member))
return User::where('external_identifier', '=', $member->ID)->first();
if (!is_null($member)) {
return User::where('external_identifier', '=', $member->ID)->first();
}
return false;
}
@ -84,26 +105,28 @@ class AuthService implements IAuthService
return User::find($id);
}
// Authentication
// Authentication
public function getUserAuthenticationResponse()
{
if (Session::has("openstackid.authentication.response")) {
$value = Session::get("openstackid.authentication.response");
return $value;
}
return IAuthService::AuthenticationResponse_None;
}
public function getUserAuthenticationResponse()
{
if (Session::has("openstackid.authentication.response")) {
$value = Session::get("openstackid.authentication.response");
public function setUserAuthenticationResponse($auth_response)
{
Session::set("openstackid.authentication.response", $auth_response);
}
return $value;
}
public function clearUserAuthenticationResponse()
{
if (Session::has("openstackid.authentication.response")) {
Session::remove("openstackid.authentication.response");
}
}
return IAuthService::AuthenticationResponse_None;
}
public function setUserAuthenticationResponse($auth_response)
{
Session::set("openstackid.authentication.response", $auth_response);
}
public function clearUserAuthenticationResponse()
{
if (Session::has("openstackid.authentication.response")) {
Session::remove("openstackid.authentication.response");
}
}
}

435
app/libs/auth/User.php
View File

@ -2,276 +2,309 @@
namespace auth;
use Eloquent;
use Illuminate\Auth\UserInterface;
use Member;
use MemberPhoto;
use openid\model\IOpenIdUser;
use oauth2\models\IOAuth2User;
use Eloquent;
use openid\model\IOpenIdUser;
use utils\model\BaseModelEloquent;
/**
* Class User
* @package auth
*/
class User extends BaseModelEloquent implements UserInterface, IOpenIdUser, IOAuth2User
{
protected $table = 'openid_users';
protected $table = 'openid_users';
private $member;
private $member;
public function trusted_sites()
{
return $this->hasMany("OpenIdTrustedSite", 'user_id');
}
public function trusted_sites()
{
return $this->hasMany("OpenIdTrustedSite", 'user_id');
}
public function access_tokens()
{
return $this->hasMany('AccessToken','user_id');
}
public function access_tokens()
{
return $this->hasMany('AccessToken', 'user_id');
}
public function refresh_tokens()
{
return $this->hasMany('RefreshToken','user_id');
}
public function refresh_tokens()
{
return $this->hasMany('RefreshToken', 'user_id');
}
public function consents()
{
return $this->hasMany('UserConsent','user_id');
}
public function consents()
{
return $this->hasMany('UserConsent', 'user_id');
}
public function clients()
{
return $this->hasMany("Client", 'user_id');
}
public function clients()
{
return $this->hasMany("Client", 'user_id');
}
public function getActions()
{
return $this->actions()->orderBy('created_at', 'desc')->take(10)->get();
}
public function getActions()
{
return $this->actions()->orderBy('created_at', 'desc')->take(10)->get();
}
public function actions()
{
return $this->hasMany("UserAction", 'user_id');
}
public function actions()
{
return $this->hasMany("UserAction", 'user_id');
}
public function setMember($member)
{
$this->member = $member;
}
public function setMember($member)
{
$this->member = $member;
}
private function getAssociatedMember(){
private function getAssociatedMember()
{
if (is_null($this->member)) {
$this->member = Member::where('ID', '=', $this->external_identifier)->first();
$this->member = Member::where('ID', '=', $this->external_identifier)->first();
}
return $this->member;
}
/**
* Get the unique identifier for the user.
* the one that is saved as session id on vendor/laravel/framework/src/Illuminate/Auth/Guard.php
* @return mixed
*/
public function getAuthIdentifier() {
return $this->external_identifier;
}
/**
* Get the password for the user.
*
* @return string
*/
public function getAuthPassword()
{
/**
* @return bool
*/
public function hasAssociatedMember()
{
$this->getAssociatedMember();
return $this->member->Password;
}
return !is_null($this->member);
}
public function getIdentifier()
{
/**
* Get the unique identifier for the user.
* the one that is saved as session id on vendor/laravel/framework/src/Illuminate/Auth/Guard.php
* @return mixed
*/
public function getAuthIdentifier()
{
return $this->external_identifier;
}
/**
* Get the password for the user.
* @return string
*/
public function getAuthPassword()
{
$this->getAssociatedMember();
return $this->identifier;
}
public function getEmail()
{
return $this->member->Password;
}
public function getIdentifier()
{
$this->getAssociatedMember();
return $this->member->Email;
}
public function getFullName()
{
return $this->getFirstName() . " " . $this->getLastName();
}
return $this->identifier;
}
public function getFirstName()
{
public function getEmail()
{
$this->getAssociatedMember();
return $this->member->FirstName;
}
public function getLastName()
{
return $this->member->Email;
}
public function getFullName()
{
return $this->getFirstName() . " " . $this->getLastName();
}
public function getFirstName()
{
$this->getAssociatedMember();
return $this->member->Surname;
}
public function getNickName()
{
return $this->getFullName();
}
return $this->member->FirstName;
}
public function getGender()
{
public function getLastName()
{
$this->getAssociatedMember();
return $this->member->Gender;
}
public function getCountry()
{
return $this->member->Surname;
}
public function getNickName()
{
return $this->getFullName();
}
public function getGender()
{
$this->getAssociatedMember();
return $this->member->Country;
}
public function getLanguage()
{
return $this->member->Gender;
}
public function getCountry()
{
$this->getAssociatedMember();
return $this->member->Locale;
}
public function getTimeZone()
{
return $this->member->Country;
}
public function getLanguage()
{
$this->getAssociatedMember();
return "";
}
public function getDateOfBirth()
{
return $this->member->Locale;
}
public function getTimeZone()
{
$this->getAssociatedMember();
return "";
}
public function getId()
{
return $this->id;
}
return "";
}
public function getShowProfileFullName()
{
return $this->public_profile_show_fullname;
}
public function getShowProfilePic()
{
return $this->public_profile_show_photo;
}
public function getShowProfileBio()
{
return false;
}
public function getShowProfileEmail()
{
return $this->public_profile_show_email;
}
public function getBio()
{
public function getDateOfBirth()
{
$this->getAssociatedMember();
return $this->member->Bio;
}
public function getPic()
{
return "";
}
public function getId()
{
return $this->id;
}
public function getShowProfileFullName()
{
return $this->public_profile_show_fullname;
}
public function getShowProfilePic()
{
return $this->public_profile_show_photo;
}
public function getShowProfileBio()
{
return false;
}
public function getShowProfileEmail()
{
return $this->public_profile_show_email;
}
public function getBio()
{
$this->getAssociatedMember();
$url = asset('img/generic-profile-photo.png');
$photoId = $this->member->PhotoID;
if (!is_null($photoId) && is_numeric($photoId) && $photoId > 0) {
$photo = MemberPhoto::where('ID', '=', $photoId)->first();
if(!is_null($photo)){
$url = $photo->Filename;
}
}
return $url;
}
public function getClients()
{
return $this->clients()->get();
}
/**
* Could use system scopes on registered clients
* @return bool
*/
public function canUseSystemScopes()
{
return $this->member->Bio;
}
public function getPic()
{
$this->getAssociatedMember();
$group = $this->member->groups()->where('code','=',IOAuth2User::OAuth2SystemScopeAdminGroup)->first();
return !is_null($group);
}
$url = asset('img/generic-profile-photo.png');
$photoId = $this->member->PhotoID;
if (!is_null($photoId) && is_numeric($photoId) && $photoId > 0) {
$photo = MemberPhoto::where('ID', '=', $photoId)->first();
if (!is_null($photo)) {
$url = $photo->Filename;
}
}
/**
* Is Server Administrator
* @return bool
*/
public function isOAuth2ServerAdmin()
{
return $url;
}
public function getClients()
{
return $this->clients()->get();
}
/**
* Could use system scopes on registered clients
* @return bool
*/
public function canUseSystemScopes()
{
$this->getAssociatedMember();
$group = $this->member->groups()->where('code','=',IOAuth2User::OAuth2ServerAdminGroup)->first();
return !is_null($group);
}
$group = $this->member->groups()->where('code', '=', IOAuth2User::OAuth2SystemScopeAdminGroup)->first();
/**
* @return bool
*/
public function isOpenstackIdAdmin()
{
return !is_null($group);
}
/**
* Is Server Administrator
* @return bool
*/
public function isOAuth2ServerAdmin()
{
$this->getAssociatedMember();
$group = $this->member->groups()->where('code','=',IOpenIdUser::OpenstackIdServerAdminGroup)->first();
return !is_null($group);
}
$group = $this->member->groups()->where('code', '=', IOAuth2User::OAuth2ServerAdminGroup)->first();
public function getStreetAddress()
{
return !is_null($group);
}
/**
* @return bool
*/
public function isOpenstackIdAdmin()
{
$this->getAssociatedMember();
return sprintf("%s, %s ",$this->member->Address,$this->member->Suburb);
}
$group = $this->member->groups()->where('code', '=', IOpenIdUser::OpenstackIdServerAdminGroup)->first();
public function getRegion()
{
return !is_null($group);
}
public function getStreetAddress()
{
$this->getAssociatedMember();
return $this->member->State;
}
public function getLocality()
{
return sprintf("%s, %s ", $this->member->Address, $this->member->Suburb);
}
public function getRegion()
{
$this->getAssociatedMember();
return $this->member->City;
}
public function getPostalCode()
{
return $this->member->State;
}
public function getLocality()
{
$this->getAssociatedMember();
return $this->member->Postcode;
}
public function getTrustedSites()
{
return $this->trusted_sites()->get();
}
return $this->member->City;
}
public function getRememberToken()
{
return $this->remember_token;
}
public function getPostalCode()
{
$this->getAssociatedMember();
public function setRememberToken($value)
{
$this->remember_token = $value;
}
return $this->member->Postcode;
}
public function getRememberTokenName()
{
return 'remember_token';
}
public function getTrustedSites()
{
return $this->trusted_sites()->get();
}
public function getRememberToken()
{
return $this->remember_token;
}
public function setRememberToken($value)
{
$this->remember_token = $value;
}
public function getRememberTokenName()
{
return 'remember_token';
}
}