Re-enabled create user and WIP integration with IamAdminServices
Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/8154eac1 Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/8154eac1 Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/8154eac1 Branch: refs/heads/develop Commit: 8154eac10cd5eef813ae7c6e1ba354dc5e817c79 Parents: 45bf626 Author: Marcus Christie <[email protected]> Authored: Thu May 4 16:57:24 2017 -0400 Committer: Marcus Christie <[email protected]> Committed: Thu May 4 16:57:24 2017 -0400 ---------------------------------------------------------------------- app/controllers/AccountController.php | 64 +++++++++++--------- app/libraries/CommonUtilities.php | 2 +- .../Keycloak/API/BaseKeycloakAPIEndpoint.php | 28 +-------- app/libraries/Keycloak/Keycloak.php | 17 ++++++ app/libraries/Keycloak/KeycloakUtil.php | 37 +++++++++++ app/views/account/create.blade.php | 42 ------------- app/views/account/login.blade.php | 4 +- 7 files changed, 96 insertions(+), 98 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/8154eac1/app/controllers/AccountController.php ---------------------------------------------------------------------- diff --git a/app/controllers/AccountController.php b/app/controllers/AccountController.php index 303c3b4..4b7f7da 100644 --- a/app/controllers/AccountController.php +++ b/app/controllers/AccountController.php @@ -39,43 +39,51 @@ class AccountController extends BaseController $password = $_POST['password']; $email = $_POST['email']; - $organization = isset($_POST['organization']) ? $_POST['organization'] : null; - $address = isset($_POST['address']) ? $_POST['address'] : null; - $country = isset($_POST['country']) ? $_POST['country'] : null; - $telephone = isset($_POST['telephone']) ? $_POST['telephone'] : null; - $mobile = isset($_POST['mobile']) ? $_POST['mobile'] : null; - $im = isset($_POST['im']) ? $_POST['im'] : null; - $url = isset($_POST['url']) ? $_POST['url'] : null; - if (Keycloak::usernameExists($username)) { return Redirect::to("create") ->withInput(Input::except('password', 'password_confirm')) ->with("username_exists", true); } else { - WSIS::registerUserAccount($username, $password, $email, $first_name, $last_name, $organization, $address, $country, $telephone, $mobile, $im, $url, - Config::get('pga_config.wsis')['tenant-domain']); + $admin_authz_token = Keycloak::getAdminAuthzToken(); + + $gatewayId = Config::get('pga_config.airavata')['gateway-id']; + $user_details = new Airavata\Model\User\UserProfile(); + $user_details->userId = $username; + $user_details->emails = array($email); + $user_details->firstName = $first_name; + $user_details->lastName = $last_name; + $user_details->gatewayId = $gatewayId; + $user_details->creationTime = 0; + $user_details->lastAccessTime = 0; + $user_details->validUntil = 0; + $user_details->State = Airavata\Model\User\Status::PENDING; + + // TODO: do we need to pass this if we are passing an access token? + // Couldn't the backend just use the access token? + $realm_admin_credentials = new Airavata\Model\Credential\Store\PasswordCredential(); + $realm_admin_credentials->gatewayId = $gatewayId; + $realm_admin_credentials->portalUserName = Config::get('pga_config.wsis')['admin-username']; + $realm_admin_credentials->loginUserName = Config::get('pga_config.wsis')['admin-username']; + $realm_admin_credentials->password = Config::get('pga_config.wsis')['admin-password']; + + IamAdminServices::registerUser($admin_authz_token, $user_details, $realm_admin_credentials, $password); /*add user to the initial role */ - $initialRoleName = CommonUtilities::getInitialRoleName(); - $allRoles = Keycloak::getAllRoles(); - if(! in_array( $initialRoleName, $allRoles)){ - WSIS::addRole( $initialRoleName); - } - - $userRoles["new"] = $initialRoleName; - - if( Config::get('pga_config.portal')['super-admin-portal'] == true ){ - - if(! in_array( "gateway-provider", $allRoles)){ - WSIS::addRole( "gateway-provider"); - } - $userRoles["new"] = array("gateway-provider", "admin"); - } - $userRoles["deleted"] = array(); - // FIXME: this requires the $user_id, not the $username - Keycloak::updateUserRoles( $username, $userRoles); + // TODO: add user to initial role, etc. + // $initialRoleName = CommonUtilities::getInitialRoleName(); + // $allRoles = Keycloak::getAllRoles(); + // + // $userRoles["new"] = $initialRoleName; + // + // if( Config::get('pga_config.portal')['super-admin-portal'] == true ){ + // + // $userRoles["new"] = array("gateway-provider", "admin"); + // } + // $userRoles["deleted"] = array(); + // // FIXME: this requires the $user_id, not the $username + // Keycloak::updateUserRoles( $username, $userRoles); CommonUtilities::print_success_message('Account confirmation request was sent to your email account'); return View::make('home'); http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/8154eac1/app/libraries/CommonUtilities.php ---------------------------------------------------------------------- diff --git a/app/libraries/CommonUtilities.php b/app/libraries/CommonUtilities.php index a3259a8..53f790e 100644 --- a/app/libraries/CommonUtilities.php +++ b/app/libraries/CommonUtilities.php @@ -249,7 +249,7 @@ class CommonUtilities $navbar .= '</ul></li>'; } else { - // $navbar .= '<li><a href="' . URL::to('/') . '/create"><span class="glyphicon glyphicon-user"></span> Create account</a></li>'; + $navbar .= '<li><a href="' . URL::to('/') . '/create"><span class="glyphicon glyphicon-user"></span> Create account</a></li>'; $navbar .= '<li><a href="' . URL::to('/') . '/login"><span class="glyphicon glyphicon-log-in"></span> Log in</a></li>'; } http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/8154eac1/app/libraries/Keycloak/API/BaseKeycloakAPIEndpoint.php ---------------------------------------------------------------------- diff --git a/app/libraries/Keycloak/API/BaseKeycloakAPIEndpoint.php b/app/libraries/Keycloak/API/BaseKeycloakAPIEndpoint.php index c440179..9f9740f 100644 --- a/app/libraries/Keycloak/API/BaseKeycloakAPIEndpoint.php +++ b/app/libraries/Keycloak/API/BaseKeycloakAPIEndpoint.php @@ -1,6 +1,8 @@ <?php namespace Keycloak\API; +use Keycloak\KeycloakUtil; + use Exception; use Log; @@ -20,30 +22,6 @@ class BaseKeycloakAPIEndpoint { protected function getAPIAccessToken($realm) { - // http://www.keycloak.org/docs/2.5/server_development/topics/admin-rest-api.html - // curl -d client_id=admin-cli -d username=username \ - // -d "password=password" -d grant_type=password https://149.165.156.62:8443/auth/realms/master/protocol/openid-connect/token - - $r = curl_init($this->base_endpoint_url . '/realms/' . rawurlencode($realm) . '/protocol/openid-connect/token'); - curl_setopt($r, CURLOPT_RETURNTRANSFER, 1); - curl_setopt($r, CURLOPT_ENCODING, 1); - curl_setopt($r, CURLOPT_SSL_VERIFYPEER, $this->verify_peer); - - // Assemble POST parameters for the request. - $post_fields = "client_id=admin-cli&username=" . urlencode($this->admin_username) . "&password=" . urlencode($this->admin_password) . "&grant_type=password"; - - // Obtain and return the access token from the response. - curl_setopt($r, CURLOPT_POST, true); - curl_setopt($r, CURLOPT_POSTFIELDS, $post_fields); - - $response = curl_exec($r); - if ($response == false) { - Log::error("Failed to retrieve API Access Token"); - die("curl_exec() failed. Error: " . curl_error($r)); - } - - $result = json_decode($response); - // Log::debug("API Access Token result", array($result)); - return $result->access_token; + return KeycloakUtil::getAPIAccessToken($this->base_endpoint_url, $realm, $this->admin_username, $this->admin_password, $this->verify_peer); } } http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/8154eac1/app/libraries/Keycloak/Keycloak.php ---------------------------------------------------------------------- diff --git a/app/libraries/Keycloak/Keycloak.php b/app/libraries/Keycloak/Keycloak.php index a33b245..d6846a7 100644 --- a/app/libraries/Keycloak/Keycloak.php +++ b/app/libraries/Keycloak/Keycloak.php @@ -5,6 +5,7 @@ namespace Keycloak; use Keycloak\API\RoleMapper; use Keycloak\API\Roles; use Keycloak\API\Users; +use Keycloak\KeycloakUtil; use Exception; use Log; @@ -20,6 +21,9 @@ class Keycloak { private $callback_url; private $cafile_path; private $verify_peer; + private $base_endpoint_url; + private $admin_username; + private $admin_password; // API clients private $role_mapper; @@ -39,6 +43,9 @@ class Keycloak { $this->callback_url = $callback_url; $this->cafile_path = $cafile_path; $this->verify_peer = $verify_peer; + $this->base_endpoint_url = $base_endpoint_url; + $this->admin_username = $admin_username; + $this->admin_password = $admin_password; $this->role_mapper = new RoleMapper($base_endpoint_url, $admin_username, $admin_password, $verify_peer); $this->roles = new Roles($base_endpoint_url, $admin_username, $admin_password, $verify_peer); @@ -374,6 +381,16 @@ class Keycloak { } } + public function getAdminAuthzToken() { + + $access_token = KeycloakUtil::getAPIAccessToken($this->base_endpoint_url, $this->realm, $this->admin_username, $this->admin_password, $this->verify_peer); + $authzToken = new \Airavata\Model\Security\AuthzToken(); + $authzToken->accessToken = $access_token; + $authzToken->claimsMap['gatewayID'] = $this->realm; + $authzToken->claimsMap['userName'] = $this->admin_username; + return $authzToken; + } + /** * Get the user's Keycloak user_id from their username */ http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/8154eac1/app/libraries/Keycloak/KeycloakUtil.php ---------------------------------------------------------------------- diff --git a/app/libraries/Keycloak/KeycloakUtil.php b/app/libraries/Keycloak/KeycloakUtil.php new file mode 100644 index 0000000..ce5e779 --- /dev/null +++ b/app/libraries/Keycloak/KeycloakUtil.php @@ -0,0 +1,37 @@ +<?php +namespace Keycloak; + +use Exception; +use Log; + +class KeycloakUtil { + + public static function getAPIAccessToken($base_endpoint_url, $realm, $admin_username, $admin_password, $verify_peer) { + + // http://www.keycloak.org/docs/2.5/server_development/topics/admin-rest-api.html + // curl -d client_id=admin-cli -d username=username \ + // -d "password=password" -d grant_type=password https://149.165.156.62:8443/auth/realms/master/protocol/openid-connect/token + + $r = curl_init($base_endpoint_url . '/realms/' . rawurlencode($realm) . '/protocol/openid-connect/token'); + curl_setopt($r, CURLOPT_RETURNTRANSFER, 1); + curl_setopt($r, CURLOPT_ENCODING, 1); + curl_setopt($r, CURLOPT_SSL_VERIFYPEER, $verify_peer); + + // Assemble POST parameters for the request. + $post_fields = "client_id=admin-cli&username=" . urlencode($admin_username) . "&password=" . urlencode($admin_password) . "&grant_type=password"; + + // Obtain and return the access token from the response. + curl_setopt($r, CURLOPT_POST, true); + curl_setopt($r, CURLOPT_POSTFIELDS, $post_fields); + + $response = curl_exec($r); + if ($response == false) { + Log::error("Failed to retrieve API Access Token"); + die("curl_exec() failed. Error: " . curl_error($r)); + } + + $result = json_decode($response); + // Log::debug("API Access Token result", array($result)); + return $result->access_token; + } +} http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/8154eac1/app/views/account/create.blade.php ---------------------------------------------------------------------- diff --git a/app/views/account/create.blade.php b/app/views/account/create.blade.php index 1eafc70..d6d0748 100644 --- a/app/views/account/create.blade.php +++ b/app/views/account/create.blade.php @@ -66,48 +66,6 @@ placeholder="Last Name" required="required" title="" type="text" value="{{Input::old('last_name') }}"/></div> </div> - <div class="form-group"><label class="control-label">Organization</label> - - <div><input class="form-control" id="organization" name="organization" - placeholder="Organization" title="" type="text" value="{{Input::old('organization') }}"/> - </div> - </div> - <div class="form-group"><label class="control-label">Address</label> - - <div><input class="form-control" id="address" name="address" - placeholder="Address" title="" type="text" value="{{Input::old('address') }}"/> - </div> - </div> - <div class="form-group"><label class="control-label">Country</label> - - <div><input class="form-control" id="country" name="country" - placeholder="Country" title="" type="text" value="{{Input::old('country') }}"/> - </div> - </div> - <div class="form-group"><label class="control-label">Telephone</label> - - <div><input class="form-control" id="telephone" name="telephone" - placeholder="Telephone" title="" type="tel" value="{{Input::old('telephone') }}"/> - </div> - </div> - <div class="form-group"><label class="control-label">Mobile</label> - - <div><input class="form-control" id="mobile" name="mobile" - placeholder="Mobile" title="" type="tel" value="{{Input::old('mobile') }}"/> - </div> - </div> - <div class="form-group"><label class="control-label">IM</label> - - <div><input class="form-control" id="im" name="im" - placeholder="IM" title="" type="text" value="{{Input::old('im') }}"/> - </div> - </div> - <div class="form-group"><label class="control-label">URL</label> - - <div><input class="form-control" id="url" name="url" - placeholder="URL" title="" type="text" value="{{Input::old('url') }}"/> - </div> - </div> <br/> <input name="Submit" type="submit" class="btn btn-primary btn-block" value="Create"> </form> http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/8154eac1/app/views/account/login.blade.php ---------------------------------------------------------------------- diff --git a/app/views/account/login.blade.php b/app/views/account/login.blade.php index 9d36753..7ef30cc 100755 --- a/app/views/account/login.blade.php +++ b/app/views/account/login.blade.php @@ -10,9 +10,9 @@ <h3> Login - {{-- <small> + <small> <small> (Not registered? <a href="create">Create account</a>)</small> - </small> --}} + </small> </h3>
