From b459998364e4856e4ff7749bf341d66842460549 Mon Sep 17 00:00:00 2001 From: Sebastian Marcet Date: Wed, 12 Apr 2017 00:37:06 -0300 Subject: [PATCH] Updated claims on OpenId/OAuth * updated claim nickname to be user identifier * added sub claim to endpoint /api/v1/userinfo/me * fixed broken test Change-Id: I9c34e5c2271ba5bcf7e480ea31530d1717fb0e09 --- .../EloquentResourceServerRepository.php | 1 + .../OAuth2/ResourceServer/UserService.php | 15 ++++++++------- .../OpenIdSREGExtension_1_0.php | 19 +++++++++++-------- tests/OpenIdProtocolTest.php | 2 +- 4 files changed, 21 insertions(+), 16 deletions(-) diff --git a/app/Repositories/EloquentResourceServerRepository.php b/app/Repositories/EloquentResourceServerRepository.php index fdb887bd..2f8ac285 100644 --- a/app/Repositories/EloquentResourceServerRepository.php +++ b/app/Repositories/EloquentResourceServerRepository.php @@ -39,6 +39,7 @@ final class EloquentResourceServerRepository */ public function getByHost($host) { + if(!is_array($host)) $host = [$host]; return $this->entity->whereIn('host', $host)->first(); } diff --git a/app/Services/OAuth2/ResourceServer/UserService.php b/app/Services/OAuth2/ResourceServer/UserService.php index 9b261355..f3f9c2cf 100644 --- a/app/Services/OAuth2/ResourceServer/UserService.php +++ b/app/Services/OAuth2/ResourceServer/UserService.php @@ -127,13 +127,14 @@ class UserService extends OAuth2ProtectedService implements IUserService $pic_url = $current_user->getPic(); $pic_url = str_contains($pic_url, 'http') ? $pic_url : $assets_url . $pic_url; - $data[StandardClaims::Name] = $current_user->getFullName(); - $data[StandardClaims::GivenName] = $current_user->getFirstName(); - $data[StandardClaims::FamilyName] = $current_user->getLastName(); - $data[StandardClaims::NickName] = $current_user->getNickName(); - $data[StandardClaims::Picture] = $pic_url; - $data[StandardClaims::Birthdate] = $current_user->getDateOfBirth(); - $data[StandardClaims::Gender] = $current_user->getGender(); + $data[StandardClaims::Name] = $current_user->getFullName(); + $data[StandardClaims::GivenName] = $current_user->getFirstName(); + $data[StandardClaims::FamilyName] = $current_user->getLastName(); + $data[StandardClaims::NickName] = $current_user->getIdentifier(); + $data[StandardClaims::SubjectIdentifier] = $current_user->getAuthIdentifier(); + $data[StandardClaims::Picture] = $pic_url; + $data[StandardClaims::Birthdate] = $current_user->getDateOfBirth(); + $data[StandardClaims::Gender] = $current_user->getGender(); } if (in_array(self::UserProfileScope_Email, $scopes)) { // Email Claim diff --git a/app/libs/OpenId/Extensions/Implementations/OpenIdSREGExtension_1_0.php b/app/libs/OpenId/Extensions/Implementations/OpenIdSREGExtension_1_0.php index 29d2b5e6..48a6fe98 100644 --- a/app/libs/OpenId/Extensions/Implementations/OpenIdSREGExtension_1_0.php +++ b/app/libs/OpenId/Extensions/Implementations/OpenIdSREGExtension_1_0.php @@ -76,15 +76,15 @@ class OpenIdSREGExtension_1_0 extends OpenIdExtension $this->auth_service = $auth_service; - self::$available_properties[OpenIdSREGExtension::Nickname] = OpenIdSREGExtension::Nickname; - self::$available_properties[OpenIdSREGExtension::Email] = OpenIdSREGExtension::Email; - self::$available_properties[OpenIdSREGExtension::FullName] = OpenIdSREGExtension::FullName; - self::$available_properties[OpenIdSREGExtension::Country] = OpenIdSREGExtension::Country; - self::$available_properties[OpenIdSREGExtension::Language] = OpenIdSREGExtension::Language; - self::$available_properties[OpenIdSREGExtension::Gender] = OpenIdSREGExtension::Gender; + self::$available_properties[OpenIdSREGExtension::Nickname] = OpenIdSREGExtension::Nickname; + self::$available_properties[OpenIdSREGExtension::Email] = OpenIdSREGExtension::Email; + self::$available_properties[OpenIdSREGExtension::FullName] = OpenIdSREGExtension::FullName; + self::$available_properties[OpenIdSREGExtension::Country] = OpenIdSREGExtension::Country; + self::$available_properties[OpenIdSREGExtension::Language] = OpenIdSREGExtension::Language; + self::$available_properties[OpenIdSREGExtension::Gender] = OpenIdSREGExtension::Gender; self::$available_properties[OpenIdSREGExtension::DateOfBirthday] = OpenIdSREGExtension::DateOfBirthday; - self::$available_properties[OpenIdSREGExtension::Postcode] = OpenIdSREGExtension::Postcode; - self::$available_properties[OpenIdSREGExtension::Timezone] = OpenIdSREGExtension::Timezone; + self::$available_properties[OpenIdSREGExtension::Postcode] = OpenIdSREGExtension::Postcode; + self::$available_properties[OpenIdSREGExtension::Timezone] = OpenIdSREGExtension::Timezone; } /** @@ -152,6 +152,9 @@ class OpenIdSREGExtension_1_0 extends OpenIdExtension if ($attr == self::Nickname || $attr == self::FullName) { $response->addParam(self::param($attr), $user->getFullName()); } + if ($attr == self::Nickname) { + $response->addParam(self::param($attr), $user->getIdentifier()); + } if ($attr == self::Language) { $response->addParam(self::param($attr), $user->getLanguage()); } diff --git a/tests/OpenIdProtocolTest.php b/tests/OpenIdProtocolTest.php index 93b8dccc..9cf11011 100644 --- a/tests/OpenIdProtocolTest.php +++ b/tests/OpenIdProtocolTest.php @@ -635,7 +635,7 @@ class OpenIdProtocolTest extends OpenStackIDBaseTest //set login info Session::set("openid.authorization.response", IAuthService::AuthorizationResponse_AllowForever); - $sreg_required_params = array('email', 'fullname'); + $sreg_required_params = array('email', 'fullname', 'nickname'); $params = array( OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_NS) => OpenIdProtocol::OpenID2MessageType,