openinfra
/
openstackid
Code Issues Proposed changes
openstackid/app/Models/OAuth2/Factories/ClientFactory.php

236 lines
8.6 KiB
PHP
Raw Blame History

<?php namespace App\Models\OAuth2\Factories;
/**
* Copyright 2019 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use App\libs\Utils\URLUtils;
use Illuminate\Support\Facades\App;
use Illuminate\Support\Facades\Log;
use Models\OAuth2\Client;
use Models\OAuth2\ResourceServer;
use OAuth2\Models\IClient;
use OAuth2\OAuth2Protocol;
use OAuth2\Repositories\IApiScopeRepository;
/**
* Class ClientFactory
* @package App\Models\OAuth2\Factories
*/
final class ClientFactory
{
/**
* @param array $payload
* @return Client
* @throws \Exception
*/
public static function build(array $payload):Client
{
$client = self::populate(new Client, $payload);
$client->setActive(true);
if ($client->getClientType() !== IClient::ClientType_Confidential) {
$client->setTokenEndpointAuthMethod(OAuth2Protocol::TokenEndpoint_AuthMethod_None);
}
return $client;
}
/**
* @param Client $client
* @param array $payload
* @return Client
* @throws \Exception
*/
public static function populate(Client $client, array $payload):Client
{
$fields_to_uri_normalize = [
'post_logout_redirect_uris',
'logout_uri',
'policy_uri',
'jwks_uri',
'tos_uri',
'logo_uri',
'redirect_uris',
'allowed_origins'
];
foreach($fields_to_uri_normalize as $field){
if(!isset($payload[$field])) continue;
$value = $payload[$field];
if (empty($value)) continue;
$urls = explode(',', $value);
$normalized_uris = '';
foreach ($urls as $url) {
$url = URLUtils::normalizeUrl($url);
if (!empty($normalized_uris)) {
$normalized_uris .= ',';
}
$normalized_uris .= $url;
}
$payload[$field] = $normalized_uris;
}
if(isset($payload['owner']))
$client->setOwner($payload['owner']);
if(isset($payload['app_name']))
$client->setAppName(trim($payload['app_name']));
if(isset($payload['application_type']))
$client->setApplicationType(trim($payload['application_type']));
if(isset($payload['app_description']))
$client->setAppDescription(trim($payload['app_description']));
if(isset($payload['website']))
$client->setWebsite(trim($payload['website']));
if(isset($payload['active']))
$client->setActive(boolval($payload['active']));
if(isset($payload['locked']))
$client->setLocked(boolval($payload['locked']));
if(isset($payload['use_refresh_token']))
$client->setUseRefreshToken(boolval($payload['use_refresh_token']));
if(isset($payload['rotate_refresh_token']))
$client->setRotateRefreshToken(boolval($payload['rotate_refresh_token']));
if(isset($payload['contacts']))
$client->setContacts(trim($payload['contacts']));
if(isset($payload['logo_uri']))
$client->setLogoUri(trim($payload['logo_uri']));
if(isset($payload['tos_uri']))
$client->setTosUri(trim($payload['tos_uri']));
if(isset($payload['post_logout_redirect_uris']))
$client->setPostLogoutRedirectUris(trim($payload['post_logout_redirect_uris']));
if(isset($payload['logout_uri']))
$client->setLogoutUri(trim($payload['logout_uri']));
if(isset($payload['policy_uri']))
$client->setPolicyUri(trim($payload['policy_uri']));
if(isset($payload['jwks_uri']))
$client->setJwksUri(trim($payload['jwks_uri']));
if(isset($payload['default_max_age']))
$client->setDefaultMaxAge(intval($payload['default_max_age']));
if(isset($payload['logout_session_required']))
$client->setLogoutSessionRequired(boolval($payload['logout_session_required']));
if(isset($payload['logout_use_iframe']))
$client->setLogoutUseIframe(boolval($payload['logout_use_iframe']));
if(isset($payload['require_auth_time']))
$client->setRequireAuthTime(boolval($payload['require_auth_time']));
if(isset($payload['token_endpoint_auth_method']))
$client->setTokenEndpointAuthMethod(trim($payload['token_endpoint_auth_method']));
if(isset($payload['token_endpoint_auth_signing_alg']))
$client->setTokenEndpointAuthSigningAlg(trim($payload['token_endpoint_auth_signing_alg']));
if(isset($payload['subject_type']))
$client->setSubjectType(trim($payload['subject_type']));
if(isset($payload['userinfo_signed_response_alg']))
$client->setUserinfoSignedResponseAlg(trim($payload['userinfo_signed_response_alg']));
if(isset($payload['userinfo_encrypted_response_alg']))
$client->setUserinfoEncryptedResponseAlg(trim($payload['userinfo_encrypted_response_alg']));
if(isset($payload['userinfo_encrypted_response_enc']))
$client->setUserinfoEncryptedResponseEnc(trim($payload['userinfo_encrypted_response_enc']));
if(isset($payload['id_token_signed_response_alg']))
$client->setIdTokenSignedResponseAlg(trim($payload['id_token_signed_response_alg']));
if(isset($payload['id_token_encrypted_response_alg']))
$client->setIdTokenEncryptedResponseAlg(trim($payload['id_token_encrypted_response_alg']));
if(isset($payload['id_token_encrypted_response_enc']))
$client->setIdTokenEncryptedResponseEnc(trim($payload['id_token_encrypted_response_enc']));
if(isset($payload['redirect_uris']))
$client->setRedirectUris(trim($payload['redirect_uris']));
if(isset($payload['allowed_origins']))
$client->setAllowedOrigins(trim($payload['allowed_origins']));
if(isset($payload['client_id'])){
$client->setClientId(trim($payload['client_id']));
}
if(isset($payload['client_secret'])){
$client->setClientSecret(trim($payload['client_secret']));
}
if(isset($payload['client_secret_expires_at'])){
$client_secret_expires_at = $payload['client_secret_expires_at'];
if(is_int($client_secret_expires_at))
$client_secret_expires_at = new \DateTime("@$client_secret_expires_at");
$client->setClientSecretExpiresAt($client_secret_expires_at);
}
if(isset($payload['resource_server']) && $payload['resource_server'] instanceof ResourceServer){
$resource_server = $payload['resource_server'];
$client->setResourceServer($resource_server);
}
if(isset($payload['pkce_enabled'])) {
$pkce_enabled = boolval($payload['pkce_enabled']);
if($pkce_enabled)
$client->enablePCKE();
else
$client->disablePCKE();
}
if(isset($payload['otp_enabled'])) {
$otp_enabled = boolval($payload['otp_enabled']);
if($otp_enabled)
$client->enablePasswordless();
else
$client->disablePasswordless();
}
if(isset($payload['otp_length'])){
$client->setOtpLength(intval($payload['otp_length']));
}
if(isset($payload['otp_lifetime'])){
$client->setOtpLifetime(intval($payload['otp_lifetime']));
}
$scope_repository = App::make(IApiScopeRepository::class);
//add default scopes
foreach ($scope_repository->getDefaults() as $default_scope) {
Log::debug(sprintf("ClientFactory::populate processing scope %s", $default_scope->getName()));
if
(
$default_scope->getName() === OAuth2Protocol::OfflineAccess_Scope
&& !$client->canRequestRefreshTokens()
) {
Log::debug(sprintf("ClientFactory::populate skipping scope %s", $default_scope->getName()));
continue;
}
$client->addScope($default_scope);
}
return $client;
}
}
View Git Blame Copy Permalink