Repository: airavata-php-gateway Updated Branches: refs/heads/master 368d722fe -> ac5759ec7
Adding OAuth logout functionality Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/ac5759ec Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/ac5759ec Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/ac5759ec Branch: refs/heads/master Commit: ac5759ec7d2575fa823bd6750d7265eb429c9b7f Parents: 368d722 Author: Supun Nakandala <[email protected]> Authored: Fri Sep 4 11:36:02 2015 +0530 Committer: Supun Nakandala <[email protected]> Committed: Fri Sep 4 11:36:02 2015 +0530 ---------------------------------------------------------------------- app/controllers/AccountController.php | 13 +++++++++++-- app/filters.php | 8 ++++---- app/libraries/Wsis/Stubs/OAuthManager.php | 8 ++++++++ app/libraries/Wsis/Stubs/UserProfileManager.php | 2 +- app/libraries/Wsis/Wsis.php | 11 ++++++++++- 5 files changed, 34 insertions(+), 8 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/ac5759ec/app/controllers/AccountController.php ---------------------------------------------------------------------- diff --git a/app/controllers/AccountController.php b/app/controllers/AccountController.php index 8dcbd0f..9793c5e 100755 --- a/app/controllers/AccountController.php +++ b/app/controllers/AccountController.php @@ -61,7 +61,13 @@ class AccountController extends BaseController WSIS::updateUserProfile($username, $email, $first_name, $last_name); CommonUtilities::print_success_message('New user created!'); - return View::make('account/login'); + + if(Config::get('pga_config.wsis')['auth-mode']=="oauth"){ + return View::make('home'); + }else{ + return View::make('account/login'); + } + } } @@ -78,7 +84,7 @@ class AccountController extends BaseController public function oauthCallback() { if (!isset($_GET["code"])) { - CommonUtilities::print_error_message("Require the code parameter to validate!"); + return View::make('home'); } $code = $_GET["code"]; @@ -256,6 +262,9 @@ class AccountController extends BaseController public function logout() { Session::flush(); + if(Config::get('pga_config.wsis')['auth-mode'] == "oauth"){ + return Redirect::away(WSIS::getOAuthLogoutUrl()); + } return Redirect::to('home'); } http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/ac5759ec/app/filters.php ---------------------------------------------------------------------- diff --git a/app/filters.php b/app/filters.php index a2e92f7..ce391a0 100755 --- a/app/filters.php +++ b/app/filters.php @@ -13,9 +13,9 @@ App::before(function ($request) { //Check Airavata Server is up - $apiVersion = Airavata::getAPIVersion(); - if (empty($apiVersion)) - return View::make("server-down"); +// $apiVersion = Airavata::getAPIVersion(); +// if (empty($apiVersion)) +// return View::make("server-down"); //Check OAuth token has expired if(Config::get('pga_config.wsis')['auth-mode']=="oauth" && Session::has('authz-token')){ @@ -25,7 +25,7 @@ App::before(function ($request) { if(isset($response->access_token)){ $accessToken = $response->access_token; $refreshToken = $response->refresh_token; - $expirationTime = time()/1000 + $response->expires_in - 300; + $expirationTime = time() + $response->expires_in - 300; $authzToken = new Airavata\Model\Security\AuthzToken(); $authzToken->accessToken = $accessToken; Session::put('authz-token',$authzToken); http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/ac5759ec/app/libraries/Wsis/Stubs/OAuthManager.php ---------------------------------------------------------------------- diff --git a/app/libraries/Wsis/Stubs/OAuthManager.php b/app/libraries/Wsis/Stubs/OAuthManager.php index 5188fd6..f623499 100644 --- a/app/libraries/Wsis/Stubs/OAuthManager.php +++ b/app/libraries/Wsis/Stubs/OAuthManager.php @@ -17,6 +17,7 @@ class OAuthManager public function __construct($serverUrl, $verifyPeer, $cafilePath) { $this->_AuthorizeUrl = $serverUrl . "oauth2/authorize"; + $this->_LogoutUrl = $serverUrl . "commonauth?commonAuthLogout=true&type=oidc2&sessionDataKey=7fa50562-2d0f-4234-8e39-8a7271b9b273"; $this->_AccessTokenUrl = $serverUrl . "oauth2/token"; $this->_UserInfoUrl = $serverUrl . "oauth2/userinfo?schema=openid"; $this->_verifyPeer = $verifyPeer; @@ -84,6 +85,13 @@ class OAuthManager return json_decode($response); } + // Function to get OAuth logout url + // refer http://xacmlinfo.org/2015/01/08/openid-connect-identity-server/ for OpenID Connect logout information + public function getOAuthLogoutUrl($redirect_url, $applicationName) + { + return ($this->_LogoutUrl . "&commonAuthCallerPath=" . $redirect_url . "&relyingParty=" . $applicationName); + } + private function initCurl($url) { $r = null; http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/ac5759ec/app/libraries/Wsis/Stubs/UserProfileManager.php ---------------------------------------------------------------------- diff --git a/app/libraries/Wsis/Stubs/UserProfileManager.php b/app/libraries/Wsis/Stubs/UserProfileManager.php index 6d5bcc8..211d099 100644 --- a/app/libraries/Wsis/Stubs/UserProfileManager.php +++ b/app/libraries/Wsis/Stubs/UserProfileManager.php @@ -39,7 +39,7 @@ class UserProfileManager { $fieldValues = array(); $usernameDTO = new UserFieldDTO(); - $usernameDTO->claimUri = "http://wso2.org/claims/sub";; + $usernameDTO->claimUri = "http://wso2.org/claims/username";; $usernameDTO->fieldValue = $username; array_push($fieldValues, $usernameDTO); http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/ac5759ec/app/libraries/Wsis/Wsis.php ---------------------------------------------------------------------- diff --git a/app/libraries/Wsis/Wsis.php b/app/libraries/Wsis/Wsis.php index e3f8e26..221d943 100755 --- a/app/libraries/Wsis/Wsis.php +++ b/app/libraries/Wsis/Wsis.php @@ -189,11 +189,20 @@ class Wsis { */ public function getUserProfileFromOAuthToken($token){ $userProfile = $this->oauthManger->getUserProfile($token); - return array('username'=>$userProfile->sub, 'email'=>$userProfile->email, 'firstname'=>$userProfile->given_name, + return array('username'=>$userProfile->username, 'email'=>$userProfile->email, 'firstname'=>$userProfile->given_name, 'lastname'=>$userProfile->family_name, 'roles'=>explode(",",$userProfile->roles)); } /** + * Function to get the OAuth logout url + */ + public function getOAuthLogoutUrl(){ + return $this->oauthManger->getOAuthLogoutUrl(Config::get('pga_config.wsis')['oauth-callback-url'], + Config::get('pga_config.wsis')['oauth-service-provider-id']); + } + + + /** * Function to check whether username exists * * @param string $username
