_JEXEC & copyright

This commit is contained in:
Artem Vasilev 2024-03-09 19:00:55 +03:00
parent 8f31d7e825
commit e8db3b1dae
2 changed files with 67 additions and 37 deletions

View File

@ -1,28 +1,37 @@
<?php <?php
/**
* @package Joomla.Site
* @subpackage com_oauthserver
*
* @copyright (c) 2024. Webmasterskaya. <https://webmasterskaya.xyz>
* @license MIT; see LICENSE.txt
**/
namespace Webmasterskaya\Component\OauthServer\Site\Controller; namespace Webmasterskaya\Component\OauthServer\Site\Controller;
use Joomla\CMS\Application\CMSApplication; use Joomla\CMS\Application\CMSApplication;
use Joomla\CMS\Component\ComponentHelper; use Joomla\CMS\Component\ComponentHelper;
use Joomla\CMS\MVC\Controller\BaseController;
use Joomla\CMS\MVC\Factory\MVCFactoryInterface;
use Joomla\CMS\Router\Route;
use Joomla\CMS\Uri\Uri;
use Joomla\Input\Input;
use Laminas\Diactoros\ServerRequestFactory;
use League\OAuth2\Server\AuthorizationServer;
use League\OAuth2\Server\CryptKey; use League\OAuth2\Server\CryptKey;
use League\OAuth2\Server\Grant\AuthCodeGrant;
use League\OAuth2\Server\Grant\ClientCredentialsGrant; use League\OAuth2\Server\Grant\ClientCredentialsGrant;
use League\OAuth2\Server\Grant\ImplicitGrant; use League\OAuth2\Server\Grant\ImplicitGrant;
use League\OAuth2\Server\Grant\RefreshTokenGrant; use League\OAuth2\Server\Grant\RefreshTokenGrant;
use Webmasterskaya\Component\OauthServer\Site\Entity\User as UserEntity; use Webmasterskaya\Component\OauthServer\Site\Entity\User as UserEntity;
use Joomla\CMS\MVC\Controller\BaseController;
use Joomla\CMS\MVC\Factory\MVCFactoryInterface;
use Joomla\CMS\Router\Route;
use Joomla\Input\Input;
use Joomla\CMS\Uri\Uri;
use Laminas\Diactoros\ServerRequestFactory;
use League\OAuth2\Server\AuthorizationServer;
use League\OAuth2\Server\Grant\AuthCodeGrant;
use Webmasterskaya\Component\OauthServer\Site\Repository\AccessTokenRepository; use Webmasterskaya\Component\OauthServer\Site\Repository\AccessTokenRepository;
use Webmasterskaya\Component\OauthServer\Site\Repository\AuthCodeRepository; use Webmasterskaya\Component\OauthServer\Site\Repository\AuthCodeRepository;
use Webmasterskaya\Component\OauthServer\Site\Repository\ClientRepository; use Webmasterskaya\Component\OauthServer\Site\Repository\ClientRepository;
use Webmasterskaya\Component\OauthServer\Site\Repository\RefreshTokenRepository; use Webmasterskaya\Component\OauthServer\Site\Repository\RefreshTokenRepository;
use Webmasterskaya\Component\OauthServer\Site\Repository\ScopeRepository; use Webmasterskaya\Component\OauthServer\Site\Repository\ScopeRepository;
\defined('_JEXEC') or die;
class LoginController extends BaseController class LoginController extends BaseController
{ {
private AuthorizationServer $authorizationServer; private AuthorizationServer $authorizationServer;
@ -41,39 +50,41 @@ class LoginController extends BaseController
*/ */
private function setupAuthorizationServer() private function setupAuthorizationServer()
{ {
if (isset($authorizationServer)) { if (isset($authorizationServer))
{
return; return;
} }
// Init our repositories // Init our repositories
/** /**
* @var \Webmasterskaya\Component\OauthServer\Administrator\Model\ClientModel $clientModel * @var \Webmasterskaya\Component\OauthServer\Administrator\Model\ClientModel $clientModel
* @var \Webmasterskaya\Component\OauthServer\Administrator\Model\AccessTokenModel $accessTokenModel * @var \Webmasterskaya\Component\OauthServer\Administrator\Model\AccessTokenModel $accessTokenModel
* @var \Webmasterskaya\Component\OauthServer\Administrator\Model\AuthCodeModel $authCodeModel * @var \Webmasterskaya\Component\OauthServer\Administrator\Model\AuthCodeModel $authCodeModel
* @var \Webmasterskaya\Component\OauthServer\Administrator\Model\RefreshTokenModel $refreshTokenModel * @var \Webmasterskaya\Component\OauthServer\Administrator\Model\RefreshTokenModel $refreshTokenModel
*/ */
$clientModel = $this->factory->createModel('Client', 'Administrator', ['request_ignore' => true]); $clientModel = $this->factory->createModel('Client', 'Administrator', ['request_ignore' => true]);
$clientRepository = new ClientRepository($clientModel); $clientRepository = new ClientRepository($clientModel);
$accessTokenModel = $this->factory->createModel('AccessToken', 'Administrator', ['request_ignore' => true]); $accessTokenModel = $this->factory->createModel('AccessToken', 'Administrator', ['request_ignore' => true]);
$accessTokenRepository = new AccessTokenRepository($accessTokenModel, $clientModel); $accessTokenRepository = new AccessTokenRepository($accessTokenModel, $clientModel);
$scopeRepository = new ScopeRepository($clientModel); $scopeRepository = new ScopeRepository($clientModel);
$scopeRepository->setDispatcher($this->getDispatcher()); $scopeRepository->setDispatcher($this->getDispatcher());
$authCodeModel = $this->factory->createModel('AuthCode', 'Administrator', ['request_ignore' => true]); $authCodeModel = $this->factory->createModel('AuthCode', 'Administrator', ['request_ignore' => true]);
$authCodeRepository = new AuthCodeRepository($authCodeModel, $clientModel); $authCodeRepository = new AuthCodeRepository($authCodeModel, $clientModel);
$refreshTokenModel = $this->factory->createModel('RefreshToken', 'Administrator', ['request_ignore' => true]); $refreshTokenModel = $this->factory->createModel('RefreshToken', 'Administrator', ['request_ignore' => true]);
$refreshTokenRepository = new RefreshTokenRepository($refreshTokenModel, $accessTokenModel); $refreshTokenRepository = new RefreshTokenRepository($refreshTokenModel, $accessTokenModel);
$params = ComponentHelper::getParams('com_oauthserver'); $params = ComponentHelper::getParams('com_oauthserver');
//TODO: Этот код нужно вынести в отдельный хелпер, для генерации закрытого и открытого ключей //TODO: Этот код нужно вынести в отдельный хелпер, для генерации закрытого и открытого ключей
if (false) { if (false)
{
/** @noinspection PhpUnreachableStatementInspection */ /** @noinspection PhpUnreachableStatementInspection */
$key = openssl_pkey_new([ $key = openssl_pkey_new([
"digest_alg" => "sha512", "digest_alg" => "sha512",
"private_key_bits" => 4096, "private_key_bits" => 4096,
"private_key_type" => OPENSSL_KEYTYPE_RSA, "private_key_type" => OPENSSL_KEYTYPE_RSA,
]); ]);
@ -83,13 +94,17 @@ class LoginController extends BaseController
$pub = $pub["key"]; $pub = $pub["key"];
} }
if ($params->get('key_method_paste')) { if ($params->get('key_method_paste'))
{
$private_key = $params->get('private_key_raw'); $private_key = $params->get('private_key_raw');
} else { }
else
{
$private_key = $params->get('private_key_path'); $private_key = $params->get('private_key_path');
} }
if (!!($private_key_passphrase = $params->get('private_key_passphrase'))) { if (!!($private_key_passphrase = $params->get('private_key_passphrase')))
{
$private_key = new CryptKey($private_key, $private_key_passphrase); $private_key = new CryptKey($private_key, $private_key_passphrase);
} }
@ -105,7 +120,8 @@ class LoginController extends BaseController
$access_token_ttl = $params->get('access_token_ttl', 'PT1H'); $access_token_ttl = $params->get('access_token_ttl', 'PT1H');
if (!!$params->get('enable_auth_code_grant', true)) { if (!!$params->get('enable_auth_code_grant', true))
{
$grant = new AuthCodeGrant( $grant = new AuthCodeGrant(
$authCodeRepository, $authCodeRepository,
$refreshTokenRepository, $refreshTokenRepository,
@ -120,7 +136,8 @@ class LoginController extends BaseController
); );
} }
if (!!$params->get('enable_refresh_token_grant', false)) { if (!!$params->get('enable_refresh_token_grant', false))
{
$grant = new RefreshTokenGrant($refreshTokenRepository); $grant = new RefreshTokenGrant($refreshTokenRepository);
$grant->setRefreshTokenTTL(new \DateInterval($params->get('refresh_token_ttl', 'P1M'))); $grant->setRefreshTokenTTL(new \DateInterval($params->get('refresh_token_ttl', 'P1M')));
@ -131,14 +148,16 @@ class LoginController extends BaseController
); );
} }
if (!!$params->get('enable_client_credentials_grant', false)) { if (!!$params->get('enable_client_credentials_grant', false))
{
$server->enableGrantType( $server->enableGrantType(
new ClientCredentialsGrant(), new ClientCredentialsGrant(),
new \DateInterval($access_token_ttl) new \DateInterval($access_token_ttl)
); );
} }
if (!!$params->get('enable_implicit_grant', false)) { if (!!$params->get('enable_implicit_grant', false))
{
$server->enableGrantType( $server->enableGrantType(
new ImplicitGrant(new \DateInterval($access_token_ttl)), new ImplicitGrant(new \DateInterval($access_token_ttl)),
new \DateInterval($access_token_ttl) new \DateInterval($access_token_ttl)
@ -155,11 +174,12 @@ class LoginController extends BaseController
*/ */
public function authorize(): void public function authorize(): void
{ {
$app = $this->app; $app = $this->app;
$user = $app->getIdentity(); $user = $app->getIdentity();
$uri = Uri::getInstance(); $uri = Uri::getInstance();
if (!$user->id) { if (!$user->id)
{
$return = http_build_query(['return' => base64_encode($uri->toString(['scheme', 'user', 'pass', 'host', 'port', 'path']))]); $return = http_build_query(['return' => base64_encode($uri->toString(['scheme', 'user', 'pass', 'host', 'port', 'path']))]);
$this->app->setUserState('oauthserver.login.authorize.request', $uri->getQuery(true)); $this->app->setUserState('oauthserver.login.authorize.request', $uri->getQuery(true));
$this->app->enqueueMessage('Необходимо авторизоваться!'); $this->app->enqueueMessage('Необходимо авторизоваться!');
@ -167,15 +187,17 @@ class LoginController extends BaseController
} }
$state_request = $this->app->getUserState('oauthserver.login.authorize.request'); $state_request = $this->app->getUserState('oauthserver.login.authorize.request');
if (!empty($state_request) && empty($uri->getQuery(true))) { if (!empty($state_request) && empty($uri->getQuery(true)))
foreach ($state_request as $k => $v) { {
foreach ($state_request as $k => $v)
{
$uri->setVar($k, $v); $uri->setVar($k, $v);
} }
} }
$this->app->setUserState('oauthserver.login.authorize.request', []); $this->app->setUserState('oauthserver.login.authorize.request', []);
$server = $this->authorizationServer; $server = $this->authorizationServer;
$serverRequest = ServerRequestFactory::fromGlobals(); $serverRequest = ServerRequestFactory::fromGlobals();
$serverResponse = $app->getResponse(); $serverResponse = $app->getResponse();
// Validate the HTTP request and return an AuthorizationRequest object. // Validate the HTTP request and return an AuthorizationRequest object.
@ -204,8 +226,8 @@ class LoginController extends BaseController
*/ */
public function token(): void public function token(): void
{ {
$server = $this->authorizationServer; $server = $this->authorizationServer;
$serverRequest = ServerRequestFactory::fromGlobals(); $serverRequest = ServerRequestFactory::fromGlobals();
$serverResponse = $this->app->getResponse(); $serverResponse = $this->app->getResponse();
$this->app->setResponse($server->respondToAccessTokenRequest($serverRequest, $serverResponse)); $this->app->setResponse($server->respondToAccessTokenRequest($serverRequest, $serverResponse));
$this->app->getInput()->set('format', 'json'); $this->app->getInput()->set('format', 'json');

View File

@ -1,9 +1,17 @@
<?php <?php
/**
* @package Joomla.Site
* @subpackage com_oauthserver
*
* @copyright (c) 2024. Webmasterskaya. <https://webmasterskaya.xyz>
* @license MIT; see LICENSE.txt
**/
namespace Webmasterskaya\Component\OauthServer\Site\Dispatcher; namespace Webmasterskaya\Component\OauthServer\Site\Dispatcher;
use Joomla\CMS\Dispatcher\ComponentDispatcher; use Joomla\CMS\Dispatcher\ComponentDispatcher;
use Joomla\CMS\MVC\Controller\BaseController;
\defined('_JEXEC') or die;
class Dispatcher extends ComponentDispatcher class Dispatcher extends ComponentDispatcher
{ {