Authorize with user login

This commit is contained in:
Artem Vasilev 2024-03-13 02:33:10 +03:00
parent 0caade0e28
commit c8a9d92a7b

View File

@ -11,13 +11,12 @@ namespace Webmasterskaya\Component\OauthServer\Site\Controller;
use Joomla\CMS\Application\CMSApplication; use Joomla\CMS\Application\CMSApplication;
use Joomla\CMS\Component\ComponentHelper; use Joomla\CMS\Component\ComponentHelper;
use Joomla\CMS\Document\FactoryInterface;
use Joomla\CMS\Factory;
use Joomla\CMS\MVC\Controller\BaseController; use Joomla\CMS\MVC\Controller\BaseController;
use Joomla\CMS\MVC\Factory\MVCFactoryInterface; use Joomla\CMS\MVC\Factory\MVCFactoryInterface;
use Joomla\CMS\Router\Route; use Joomla\CMS\Router\Route;
use Joomla\CMS\Uri\Uri; use Joomla\CMS\Uri\Uri;
use Joomla\Input\Input; use Joomla\Input\Input;
use Laminas\Diactoros\ServerRequest;
use Laminas\Diactoros\ServerRequestFactory; use Laminas\Diactoros\ServerRequestFactory;
use League\OAuth2\Server\AuthorizationServer; use League\OAuth2\Server\AuthorizationServer;
use League\OAuth2\Server\CryptKey; use League\OAuth2\Server\CryptKey;
@ -186,30 +185,46 @@ class LoginController extends BaseController
public function authorize(): static public function authorize(): static
{ {
$app = $this->app; $app = $this->app;
$input = $app->getInput();
$user = $app->getIdentity(); $user = $app->getIdentity();
$uri = Uri::getInstance(); $uri = Uri::getInstance();
$state_prefix = 'oauthserver.login.authorize.request';
// Create PSR-7 Request object and store all query params in user state, to use it after user login is it required.
$serverRequest = (new ServerRequest([], [], $app->getUserState("$state_prefix.uri", (string) $uri)))
->withQueryParams([
'response_type' => $app->getUserStateFromRequest("$state_prefix.response_type", 'response_type'),
'client_id' => $app->getUserStateFromRequest("$state_prefix.client_id", 'client_id', $input->server->get('PHP_AUTH_USER')),
'redirect_uri' => $app->getUserStateFromRequest("$state_prefix.redirect_uri", 'redirect_uri'),
'scope' => $app->getUserStateFromRequest("$state_prefix.scope", 'scope'),
'code_challenge' => $app->getUserStateFromRequest("$state_prefix.code_challenge", 'code_challenge'),
'code_challenge_method' => $app->getUserStateFromRequest("$state_prefix.code_challenge_method", 'code_challenge_method', 'plain'),
]);
if (!$user->id) if (!$user->id)
{ {
$return = http_build_query(['return' => base64_encode($uri->toString(['scheme', 'user', 'pass', 'host', 'port', 'path']))]); if ($app->getUserState("$state_prefix.uri") === null)
$this->app->setUserState('oauthserver.login.authorize.request', $uri->getQuery(true)); {
$this->app->enqueueMessage('Необходимо авторизоваться!'); $app->setUserState("$state_prefix.uri", (string) $uri);
$this->app->redirect(Route::_('index.php?option=com_users&view=login&' . $return));
} }
$state_request = $this->app->getUserState('oauthserver.login.authorize.request'); // Build the cleared current uri and encode to pass it to the login form as a callback uri.
if (!empty($state_request) && empty($uri->getQuery(true))) $return = http_build_query(['return' => base64_encode($uri->toString(['scheme', 'user', 'pass', 'host', 'port', 'path']))]);
{ $redirect = Route::_('index.php?option=com_users&view=login&' . $return);
foreach ($state_request as $k => $v)
{ // The current page is not tied to any menu item, so the main page item id will be added to the route. It needs to be removed.
$uri->setVar($k, $v); $redirect = preg_replace('/((&|&)itemid=\d+)/i', '', $redirect);
$app->enqueueMessage('Необходимо авторизоваться!');
$app->redirect($redirect);
return $this;
} }
}
$this->app->setUserState('oauthserver.login.authorize.request', []); // Clean user state after login checks
$app->setUserState($state_prefix, null);
$server = $this->authorizationServer; $server = $this->authorizationServer;
$serverRequest = ServerRequestFactory::fromGlobals();
$serverResponse = $app->getResponse();
// Validate the HTTP request and return an AuthorizationRequest object. // Validate the HTTP request and return an AuthorizationRequest object.
$authRequest = $server->validateAuthorizationRequest($serverRequest); $authRequest = $server->validateAuthorizationRequest($serverRequest);
@ -227,9 +242,7 @@ class LoginController extends BaseController
// (true = approved, false = denied) // (true = approved, false = denied)
$authRequest->setAuthorizationApproved(true); $authRequest->setAuthorizationApproved(true);
$app->setResponse($server->completeAuthorizationRequest($authRequest, $serverResponse)); $app->setResponse($server->completeAuthorizationRequest($authRequest, $app->getResponse()));
echo $this->app->getResponse()->getBody();
return $this; return $this;
} }