day12

MilesChou · Sep 27, 2022 · c9f939f · c9f939f
1 parent 212e4cb
commit c9f939f
Show file tree

Hide file tree

Showing 6 changed files with 132 additions and 28 deletions.
diff --git a/app/Http/Controllers/Hydra/AcceptConsent.php b/app/Http/Controllers/Hydra/AcceptConsent.php
@@ -0,0 +1,49 @@
+<?php
+
+namespace App\Http\Controllers\Hydra;
+
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Log;
+use Illuminate\Support\Facades\Redirect;
+use Ory\Hydra\Client\Api\AdminApi;
+use Ory\Hydra\Client\Model\AcceptConsentRequest;
+use RuntimeException;
+
+class AcceptConsent
+{
+    public function __invoke(Request $request, AdminApi $adminApi): RedirectResponse
+    {
+        $consentChallenge = $request->input('challenge');
+
+        if (empty($consentChallenge)) {
+            throw new RuntimeException('No consent_challenge');
+        }
+
+        $scopes = $request->input('scopes');
+
+        if (empty($scopes)) {
+            // 沒填 scope 就請回去按 reject 的按鈕
+            return Redirect::back();
+        }
+
+        $acceptConsentRequest = new AcceptConsentRequest([
+            'grantScope' => array_keys($scopes),
+            'remember' => true,
+            'rememberFor' => 120,
+        ]);
+
+        Log::debug('Accept consent Request', json_decode((string)$acceptConsentRequest, true));
+
+        try {
+            $completedRequest = $adminApi->acceptConsentRequest($consentChallenge, $acceptConsentRequest);
+        } catch (\Throwable $e) {
+            dd($e);
+            throw new RuntimeException('Hydra Server error: ' . $e->getMessage());
+        }
+
+        Log::debug('Consent Completed Request', json_decode((string)$completedRequest, true));
+
+        return Redirect::away($completedRequest->getRedirectTo());
+    }
+}
diff --git a/app/Http/Controllers/Hydra/Consent.php b/app/Http/Controllers/Hydra/Consent.php
diff --git a/app/Http/Controllers/Hydra/ConsentProvider.php b/app/Http/Controllers/Hydra/ConsentProvider.php
@@ -2,10 +2,28 @@
 
 namespace App\Http\Controllers\Hydra;
 
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Log;
+use Ory\Hydra\Client\Api\AdminApi;
+use RuntimeException;
+
 class ConsentProvider
 {
-    public function __invoke()
+    public function __invoke(Request $request, AdminApi $adminApi)
     {
-        return view('auth.consent');
+        $consentChallenge = $request->input('consent_challenge');
+
+        if (empty($consentChallenge)) {
+            throw new RuntimeException('No consent_challenge');
+        }
+
+        $consentRequest = $adminApi->getConsentRequest($consentChallenge);
+
+        Log::debug('Get consent Request', json_decode((string)$consentRequest, true));
+
+        return view('auth.consent', [
+            'challenge' => $consentChallenge,
+            'scopes' => $consentRequest->getRequestedScope(),
+        ]);
     }
 }
diff --git a/app/Http/Controllers/Hydra/RejectConsent.php b/app/Http/Controllers/Hydra/RejectConsent.php
@@ -0,0 +1,40 @@
+<?php
+
+namespace App\Http\Controllers\Hydra;
+
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Log;
+use Illuminate\Support\Facades\Redirect;
+use Ory\Hydra\Client\Api\AdminApi;
+use Ory\Hydra\Client\Model\RejectRequest;
+use RuntimeException;
+
+class RejectConsent
+{
+    public function __invoke(Request $request, AdminApi $adminApi): RedirectResponse
+    {
+        $consentChallenge = $request->input('challenge');
+
+        if (empty($consentChallenge)) {
+            throw new RuntimeException('No consent_challenge');
+        }
+
+        $rejectRequest = new RejectRequest([
+            'error' => 'access_denied',
+            'errorDescription' => 'The request was rejected by end-user',
+        ]);
+
+        Log::debug('Reject consent Request', json_decode((string)$rejectRequest, true));
+
+        try {
+            $completedRequest = $adminApi->rejectConsentRequest($consentChallenge, $rejectRequest);
+        } catch (\Throwable $e) {
+            throw new RuntimeException('Hydra Server error: ' . $e->getMessage());
+        }
+
+        Log::debug('Consent Completed Request', json_decode((string)$completedRequest, true));
+
+        return Redirect::away($completedRequest->getRedirectTo());
+    }
+}
diff --git a/resources/views/auth/consent.blade.php b/resources/views/auth/consent.blade.php
@@ -12,22 +12,20 @@
         <!-- Validation Errors -->
         <x-auth-validation-errors class="mb-4" :errors="$errors" />
 
-        <form method="POST" action="{{ route('oauth2.consent') }}">
+        <form method="POST" action="{{ route('oauth2.consent.accept') }}">
             @csrf
+            <input type="hidden" name="challenge" value="{{ $challenge }}" />
 
             <!-- Scopes -->
             <div>
                 <x-input-label for="scope" :value="__('Scopes')" />
 
-                <label for="scopes" class="inline-flex items-center">
-                    <input type="checkbox" class="rounded border-gray-300 text-indigo-600 shadow-sm focus:border-indigo-300 focus:ring focus:ring-indigo-200 focus:ring-opacity-50" name="scope[openid]">
-                    <span class="ml-2 text-sm text-gray-600">{{ __('openid') }}</span>
-                </label>
-
-                <label for="email" class="inline-flex items-center">
-                    <input type="checkbox" class="rounded border-gray-300 text-indigo-600 shadow-sm focus:border-indigo-300 focus:ring focus:ring-indigo-200 focus:ring-opacity-50" name="scope[email]">
-                    <span class="ml-2 text-sm text-gray-600">{{ __('email') }}</span>
-                </label>
+                @foreach($scopes as $scope)
+                    <label for="scopes-{{ $scope }}" class="inline-flex items-center">
+                        <input type="checkbox" class="rounded border-gray-300 text-indigo-600 shadow-sm focus:border-indigo-300 focus:ring focus:ring-indigo-200 focus:ring-opacity-50" checked name="scopes[{{ $scope }}]">
+                        <span class="ml-2 text-sm text-gray-600">{{ __($scope) }}</span>
+                    </label>
+                @endforeach
             </div>
 
             <!-- Remember Me -->
@@ -44,5 +42,16 @@
                 </x-primary-button>
             </div>
         </form>
+
+        <form method="POST" action="{{ route('oauth2.consent.reject') }}">
+            @csrf
+            <input type="hidden" name="challenge" value="{{ $challenge }}" />
+
+            <div class="flex items-center justify-end mt-4">
+                <x-primary-button class="ml-3">
+                    {{ __('Reject Permission') }}
+                </x-primary-button>
+            </div>
+        </form>
     </x-auth-card>
 </x-guest-layout>
diff --git a/routes/web.php b/routes/web.php
@@ -1,9 +1,10 @@
 <?php
 
-use App\Http\Controllers\Hydra\Consent;
+use App\Http\Controllers\Hydra\AcceptConsent;
 use App\Http\Controllers\Hydra\ConsentProvider;
 use App\Http\Controllers\Hydra\Login;
 use App\Http\Controllers\Hydra\LoginProvider;
+use App\Http\Controllers\Hydra\RejectConsent;
 use Illuminate\Support\Facades\Route;
 
 /*
@@ -29,6 +30,7 @@
 Route::post('/oauth2/login', Login::class);
 
 Route::get('/oauth2/consent', ConsentProvider::class)->name('oauth2.consent');
-Route::post('/oauth2/consent', Consent::class);
+Route::post('/oauth2/consent/accept', AcceptConsent::class)->name('oauth2.consent.accept');
+Route::post('/oauth2/consent/reject', RejectConsent::class)->name('oauth2.consent.reject');
 
 require __DIR__.'/auth.php';