Skip to content
This repository has been archived by the owner on Jan 6, 2023. It is now read-only.

Commit

Permalink
Merge branch 'v8.0.0' into webhooks
Browse files Browse the repository at this point in the history
  • Loading branch information
@rijkvanzanten
rijkvanzanten committed Nov 12, 2019
2 parents be83925 + 557a83b commit 667d960
Show file tree
Hide file tree
Showing 9 changed files with 91 additions and 88 deletions.
12 changes: 6 additions & 6 deletions migrations/db/seeds/RelationsSeeder.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,12 @@ public function run()
'field_many' => 'group',
'collection_one' => 'directus_groups'
],
[
'collection_many' => 'directus_fields',
'field_many' => 'collection',
'collection_one' => 'directus_collections',
'field_one' => 'fields'
],
[
'collection_many' => 'directus_files',
'field_many' => 'uploaded_by',
Expand Down Expand Up @@ -83,12 +89,6 @@ public function run()
'collection_many' => 'directus_users',
'field_many' => 'avatar',
'collection_one' => 'directus_files'
],
[
'collection_many' => 'directus_fields',
'field_many' => 'collection',
'collection_one' => 'directus_collections',
'field_one' => 'fields'
]
];

Expand Down
2 changes: 1 addition & 1 deletion migrations/db/seeds/RolesSeeder.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ public function run()
[
'id' => 2,
'name' => 'Public',
'description' => 'This sets the data that is publicly available through the API without a token'
'description' => 'Controls what API data is publicly available without authenticating'
]
];

Expand Down
46 changes: 37 additions & 9 deletions migrations/db/seeds/SettingsSeeder.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,13 +15,25 @@ class SettingsSeeder extends AbstractSeed
public function run()
{
$data = [
[
'key' => 'project_url',
'value' => ''
],
[
'key' => 'project_logo',
'value' => ''
],
[
'key' => 'project_color',
'value' => 'darkest-gray',
'value' => 'blue-grey-900',
],
[
'key' => 'project_foreground',
'value' => '',
],
[
'key' => 'project_background',
'value' => '',
],
[
'key' => 'default_limit',
Expand All @@ -31,18 +43,34 @@ public function run()
'key' => 'sort_null_last',
'value' => '1'
],
[
'key' => 'password_policy',
'value' => ''
],
[
'key' => 'auto_sign_out',
'value' => '60'
'value' => '10080'
],
[
'key' => 'youtube_api_key',
'value' => ''
'key' => 'login_attempts_allowed',
'value' => '10'
],
[
'key' => 'trusted_proxies',
'value' => ''
],
[
'key' => 'file_naming',
'value' => 'uuid'
],
[
'key' => 'file_max_size',
'value' => '100MB'
],
[
'key' => 'file_mimetype_whitelist',
'value' => ''
],
[
'key' => 'thumbnail_dimensions',
'value' => '200x200'
Expand All @@ -55,17 +83,17 @@ public function run()
'key' => 'thumbnail_actions',
'value' => '{"contain":{"options":{"resizeCanvas":false,"position":"center","resizeRelative":false,"canvasBackground":"ccc"}},"crop":{"options":{"position":"center"}}}'
],
[
'key' => 'thumbnail_not_found_location',
'value' => ''
],
[
'key' => 'thumbnail_cache_ttl',
'value' => '86400'
],
[
'key' => 'thumbnail_not_found_location',
'key' => 'youtube_api_key',
'value' => ''
],
[
'key' => 'file_naming',
'value' => 'uuid'
]
];

Expand Down
35 changes: 20 additions & 15 deletions src/core/Directus/Services/AuthService.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@

namespace Directus\Services;

use function Directus\get_directus_path;
use function Directus\get_api_project_from_request;
use function Directus\get_url;
use Directus\Authentication\Exception\ExpiredRequestTokenException;
use Directus\Authentication\Exception\InvalidRequestTokenException;
use Directus\Authentication\Exception\InvalidTokenException;
Expand Down Expand Up @@ -68,22 +71,22 @@ public function loginWithCredentials($email, $password, $otp=null, $mode = null)
$tfa_enforced = $usersService->has2FAEnforced($user->getId());

switch($mode){
case DirectusUserSessionsTableGateway::TOKEN_COOKIE :
case DirectusUserSessionsTableGateway::TOKEN_COOKIE :
$user = $this->findOrCreateStaticToken($user);
$responseData['user'] = $user;
break;
case DirectusUserSessionsTableGateway::TOKEN_JWT :
default :
case DirectusUserSessionsTableGateway::TOKEN_JWT :
default :
$token = $this->generateAuthToken($user);
$user = $user->toArray();
$responseData = [
'token' => $token,
'user' => $user
];

}
$responseObject['data'] = $responseData;

if(!is_null($user)){
$needs2FA = $tfa_enforced && $user['2fa_secret'] == null;
if($needs2FA){
Expand All @@ -100,7 +103,7 @@ public function loginWithCredentials($email, $password, $otp=null, $mode = null)
* @param array $user
*
* @return array
*
*
*/
public function findOrCreateStaticToken(&$user)
{
Expand Down Expand Up @@ -227,12 +230,12 @@ public function handleAuthenticationRequestCallback($name, $generateRequestToken
$user = $this->authenticateWithEmail($serviceUser->getEmail());

switch($mode){
case DirectusUserSessionsTableGateway::TOKEN_COOKIE :
case DirectusUserSessionsTableGateway::TOKEN_COOKIE :
$user = $this->findOrCreateStaticToken($user);
$responseData['user'] = $user;
break;
case DirectusUserSessionsTableGateway::TOKEN_JWT :
default :
case DirectusUserSessionsTableGateway::TOKEN_JWT :
default :
$token = $generateRequestToken ? $this->generateRequestToken($user) : $this->generateAuthToken($user);
$responseData = [
'token' => $token,
Expand All @@ -258,7 +261,7 @@ public function authenticateWithToken($token, $ignoreOrigin = false)
} else {
$authenticated = $this->getAuth()->authenticateWithPrivateToken($token);
}

return $authenticated;
}

Expand Down Expand Up @@ -384,6 +387,7 @@ public function generateRequestToken(UserInterface $user)
* @param $email
*/
public function sendResetPasswordToken($email)

{
$this->validate(['email' => $email], ['email' => 'required|email']);

Expand All @@ -393,10 +397,14 @@ public function sendResetPasswordToken($email)

$resetToken = $auth->generateResetPasswordToken($user);

\Directus\send_forgot_password_email($user->toArray(), $resetToken);
// Sending the project key in the query param makes sure the app will use the correct project
// to send the new password to
$resetUrl = get_url() . 'admin/#/reset-password?token=' . $resetToken . '&project=' . get_api_project_from_request();

\Directus\send_forgot_password_email($user->toArray(), $resetUrl);
}

public function resetPasswordWithToken($token)
public function resetPasswordWithToken($token, $newPassword)
{
if (!JWTUtils::isJWT($token)) {
throw new InvalidResetPasswordTokenException($token);
Expand Down Expand Up @@ -427,12 +435,9 @@ public function resetPasswordWithToken($token)
throw new InvalidResetPasswordTokenException($token);
}

$newPassword = StringUtils::randomString(16);
$userProvider->update($user, [
'password' => $auth->hashPassword($newPassword)
]);

\Directus\send_reset_password_email($user->toArray(), $newPassword);
}

public function refreshToken($token)
Expand Down
33 changes: 20 additions & 13 deletions src/endpoints/Auth.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
use Directus\Application\Route;
use function Directus\array_get;
use function Directus\get_directus_setting;
use function Directus\get_directus_path;
use function Directus\get_project_session_cookie_name;
use function Directus\get_request_authorization_token;
use function Directus\encrypt_static_token;
Expand Down Expand Up @@ -36,7 +37,7 @@ public function __invoke(Application $app)
$app->post('/logout/{user}', [$this, 'logoutFromAll']);
$app->post('/logout/{user}/{id}', [$this, 'logoutFromOne']);
$app->post('/password/request', [$this, 'forgotPassword']);
$app->get('/password/reset/{token}', [$this, 'resetPassword']);
$app->post('/password/reset', [$this, 'resetPassword']);
$app->post('/refresh', [$this, 'refresh']);
$app->get('/sso', [$this, 'listSsoAuthServices']);
$app->post('/sso/access_token', [$this, 'ssoAccessToken']);
Expand Down Expand Up @@ -255,7 +256,8 @@ public function resetPassword(Request $request, Response $response)
$authService = $this->container->get('services')->get('auth');

$authService->resetPasswordWithToken(
$request->getAttribute('token')
$request->getParsedBodyParam('token'),
$request->getParsedBodyParam('password')
);

return $this->responseWithData($request, $response, []);
Expand Down Expand Up @@ -291,10 +293,10 @@ public function listSsoAuthServices(Request $request, Response $response)
{
/** @var AuthService $authService */
$authService = $this->container->get('services')->get('auth');

/** @var Social $externalAuth */
$externalAuth = $this->container->get('external_auth');

$services = [];
foreach ($externalAuth->getAll() as $name => $provider) {
$services[] = $authService->getSsoBasicInfo($name);
Expand Down Expand Up @@ -324,12 +326,14 @@ public function ssoService(Request $request, Response $response)
$responseData = $authService->getAuthenticationRequestInfo(
$request->getAttribute('service')
);
$session->set('mode', $request->getParam('mode'));
$session->set('redirect_url', $request->getParam('redirect_url'));
if (\Directus\cors_is_origin_allowed($allowedOrigins, $origin)) {
if (is_array($origin)) {
$origin = array_shift($origin);
}
$session->set('sso_origin_url', $origin);
$session->set('mode', $request->getParam('mode'));

$response = $response->withRedirect(array_get($responseData, 'data.authorization_url'));
}

Expand Down Expand Up @@ -367,27 +371,27 @@ public function ssoServiceCallback(Request $request, Response $response)
{
/** @var AuthService $authService */
$authService = $this->container->get('services')->get('auth');

$session = $this->container->get('session');
// TODO: Implement a pull method
$redirectUrl = $session->get('sso_origin_url');
$session->remove('sso_origin_url');
$mode = $session->get('mode');
$needs2FA = false;
$redirectUrl = $session->get('redirect_url') ? $session->get('redirect_url') : $session->get('sso_origin_url');
$responseData = [];
$urlParams = [];

try {
$responseData = $authService->handleAuthenticationRequestCallback(
$request->getAttribute('service'),
!!$redirectUrl,
true,
$mode
);

if(isset($responseData['data']) && isset($responseData['data']['user'])){
$usersService = new UsersService($this->container);
$tfa_enforced = $usersService->has2FAEnforced($responseData['data']['user']['id']);
if($tfa_enforced || !is_null($responseData['data']['user']['2fa_secret'])){
if($tfa_enforced || !empty($responseData['data']['user']['2fa_secret'])){
throw new SsoNotAllowedException();
}

switch($mode){
case DirectusUserSessionsTableGateway::TOKEN_COOKIE :
$response = $this->storeCookieSession($request,$response,$responseData['data']);
Expand All @@ -410,7 +414,7 @@ public function ssoServiceCallback(Request $request, Response $response)
$urlParams['error'] = true;
}


if ($redirectUrl) {
$redirectQueryString = parse_url($redirectUrl, PHP_URL_QUERY);
$redirectUrlParts = explode('?', $redirectUrl);
Expand All @@ -419,13 +423,16 @@ public function ssoServiceCallback(Request $request, Response $response)
if (is_array($redirectQueryParams)) {
$urlParams = array_merge($redirectQueryParams, $urlParams);
}

$urlToRedirect = !empty($urlParams) ? $redirectUrl . '?' . http_build_query($urlParams) : $redirectUrl;
$response = $response->withRedirect($urlToRedirect);

}else{
$response = $response->withRedirect('/admin');
$response = $response->withRedirect($redirectUrl);
}

$session->remove('mode');
$session->remove('redirect_url');
return $this->responseWithData($request, $response, $responseData);
}

Expand Down
2 changes: 1 addition & 1 deletion src/endpoints/Home.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ class Home extends Route
{
public function __invoke(Request $request, Response $response)
{
$response = $response->withRedirect('/admin');
$response = $response->withRedirect('./admin/');
return $this->responseWithData($request, $response, []);
}
}
Loading

0 comments on commit 667d960

Please sign in to comment.