/
AuthController.php
165 lines (155 loc) · 6.31 KB
/
AuthController.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
<?php
/***************************************************************
Copyright (C) 2018 Siemens AG
Author: Gaurav Mishra <mishra.gaurav@siemens.com>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
version 2 as published by the Free Software Foundation.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
***************************************************************/
/**
* @file
* @brief Controller for auth queries
*/
namespace Fossology\UI\Api\Controllers;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Message\ResponseInterface;
use Fossology\UI\Api\Helper\RestHelper;
use Fossology\UI\Api\Models\Info;
use Fossology\UI\Api\Models\InfoType;
use Fossology\Lib\Exceptions\DuplicateTokenKeyException;
use Fossology\Lib\Exceptions\DuplicateTokenNameException;
/**
* @class AuthController
* @brief Controller for Auth requests
*/
class AuthController extends RestController
{
/**
* Get the authentication headers for the user.
*
* @param ServerRequestInterface $request
* @param ResponseInterface $response
* @param array $args
* @return ResponseInterface
* @deprecated Use createNewJwtToken()
*/
public function getAuthHeaders($request, $response, $args)
{
$warningMessage = "The resource is deprecated. Use /tokens";
$returnVal = new Info(406, $warningMessage, InfoType::ERROR);
return $response->withHeader('Warning', $warningMessage)->withJson(
$returnVal->getArray(), $returnVal->getCode());
}
public function optionsVerification($request, $response, $args)
{
global $SysConf;
return $response->withStatus(204)
->withHeader('Access-Control-Allow-Origin', $SysConf['SYSCONFIG']['CorsOrigins'])
->withHeader('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, Accept, Origin, Authorization')
->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, PATCH, OPTIONS')
->withHeader('Access-Control-Allow-Credentials', 'true');
}
/**
* Get the JWT authentication headers for the user
*
* @param ServerRequestInterface $request
* @param ResponseInterface $response
* @param array $args
* @return ResponseInterface
*/
public function createNewJwtToken($request, $response, $args)
{
$tokenRequestBody = $request->getParsedBody();
$paramsRequired = [
"username",
"password",
"token_name",
"token_scope",
"token_expire"
];
$returnVal = null;
if (! $this->arrayKeysExists($tokenRequestBody, $paramsRequired)) {
$error = new Info(400,
"Following parameters are required in the request body: " .
join(",", $paramsRequired), InfoType::ERROR);
$returnVal = $response->withJson($error->getArray(), $error->getCode());
} else {
$tokenValid = $this->restHelper->validateTokenRequest(
$tokenRequestBody["token_expire"], $tokenRequestBody["token_name"],
$tokenRequestBody["token_scope"]);
if ($tokenValid !== true) {
$returnVal = $response->withJson($tokenValid->getArray(),
$tokenValid->getCode());
} else {
// Request is in correct format.
$authHelper = $this->restHelper->getAuthHelper();
if ($authHelper->checkUsernameAndPassword($tokenRequestBody["username"],
$tokenRequestBody["password"])) {
$userId = $this->restHelper->getUserId();
$expire = $tokenRequestBody["token_expire"];
$scope = $tokenRequestBody["token_scope"];
$name = $tokenRequestBody["token_name"];
$key = bin2hex(
openssl_random_pseudo_bytes(RestHelper::TOKEN_KEY_LENGTH / 2));
try {
$jti = $this->dbHelper->insertNewTokenKey($userId, $expire,
RestHelper::SCOPE_DB_MAP[$scope], $name, $key);
} catch (DuplicateTokenKeyException $e) {
// Key already exists, try again.
$key = bin2hex(
openssl_random_pseudo_bytes(RestHelper::TOKEN_KEY_LENGTH / 2));
try {
$jti = $this->dbHelper->insertNewTokenKey($userId, $expire,
RestHelper::SCOPE_DB_MAP[$scope], $name, $key);
} catch (DuplicateTokenKeyException $e) {
// New key also failed, give up!
$error = new Info(429, "Please try again later.", InfoType::ERROR);
$returnVal = $response->withHeader('Retry-After', 2)->withJson(
$error->getArray(), $error->getCode());
}
} catch (DuplicateTokenNameException $e) {
$error = new Info($e->getCode(), $e->getMessage(), InfoType::ERROR);
$returnVal = $response->withJson($error->getArray(),
$error->getCode());
}
if (isset($jti['jti']) && ! empty($jti['jti'])) {
$theJwtToken = $this->restHelper->getAuthHelper()->generateJwtToken(
$expire, $jti['created_on'], $jti['jti'], $scope, $key);
$returnVal = $response->withJson([
"Authorization" => "Bearer " . $theJwtToken
], 201);
}
} else {
$error = new Info(404, "Username or password incorrect.",
InfoType::ERROR);
$returnVal = $response->withJson($error->getArray(), $error->getCode());
}
}
}
return $returnVal;
}
/**
* @brief Check if a list of keys exists in associative array.
*
* This function takes a list of keys which should appear in an associative
* array. The function flips the key array to make it as an associative array.
* It then uses the array_diff_key() to compare the two arrays.
*
* @param array $array Associative array to check keys against
* @param array $keys Array of keys to check
* @return boolean True if all keys exists, false otherwise.
* @uses array_flip()
* @uses array_diff_key()
*/
private function arrayKeysExists($array, $keys)
{
return !array_diff_key(array_flip($keys), $array);
}
}