metaclassing /
PHP7-Laravel5-EnterpriseAuth
@@ -39,8 +39,8 @@ discard block |
||
| 39 | 39 | $graph = new \Microsoft\Graph\Graph(); |
| 40 | 40 | $graph->setAccessToken($accessToken); |
| 41 | 41 | $user = $graph->createRequest('GET', '/me') |
| 42 | - ->setReturnType(\Microsoft\Graph\Model\User::class) |
|
| 43 | - ->execute(); |
|
| 42 | + ->setReturnType(\Microsoft\Graph\Model\User::class) |
|
| 43 | + ->execute(); |
|
| 44 | 44 | |
| 45 | 45 | return $user->jsonSerialize(); |
| 46 | 46 | } |
@@ -131,9 +131,9 @@ discard block |
||
| 131 | 131 | if (count($groups)) { |
| 132 | 132 | // remove the users existing database roles before assigning new ones |
| 133 | 133 | \DB::table('assigned_roles') |
| 134 | - ->where('entity_id', $user->id) |
|
| 135 | - ->where('entity_type', get_class($user)) |
|
| 136 | - ->delete(); |
|
| 134 | + ->where('entity_id', $user->id) |
|
| 135 | + ->where('entity_type', get_class($user)) |
|
| 136 | + ->delete(); |
|
| 137 | 137 | // add the user to each group they are assigned |
| 138 | 138 | $user->assign($groups); |
| 139 | 139 | } |
@@ -49,7 +49,7 @@ discard block |
||
| 49 | 49 | public function scrubMicrosoftGraphUserData($userData) |
| 50 | 50 | { |
| 51 | 51 | // Fix any stupid crap with missing or null fields |
| 52 | - if (! isset($userData['mail']) || ! $userData['mail']) { |
|
| 52 | + if (!isset($userData['mail']) || !$userData['mail']) { |
|
| 53 | 53 | $userData['mail'] = $userData['userPrincipalName']; |
| 54 | 54 | } |
| 55 | 55 | |
@@ -64,7 +64,7 @@ discard block |
||
| 64 | 64 | // Try to find an existing user |
| 65 | 65 | $user = $userType::where($userIdField, $userData['id'])->first(); |
| 66 | 66 | // If we dont have an existing user |
| 67 | - if (! $user) { |
|
| 67 | + if (!$user) { |
|
| 68 | 68 | // Go create a new one with this data |
| 69 | 69 | $user = $this->createUserFromAzureData($userData); |
| 70 | 70 | } |
@@ -96,7 +96,7 @@ discard block |
||
| 96 | 96 | public function certAuth() |
| 97 | 97 | { |
| 98 | 98 | // Make sure we got a client certificate from the web server |
| 99 | - if (! $_SERVER['SSL_CLIENT_CERT']) { |
|
| 99 | + if (!$_SERVER['SSL_CLIENT_CERT']) { |
|
| 100 | 100 | throw new \Exception('TLS client certificate missing'); |
| 101 | 101 | } |
| 102 | 102 | // try to parse the certificate we got |
@@ -105,7 +105,7 @@ discard block |
||
| 105 | 105 | $asciicert = str_replace("\t", '', $_SERVER['SSL_CLIENT_CERT']); |
| 106 | 106 | $x509->loadX509($asciicert); |
| 107 | 107 | $names = $x509->getExtension('id-ce-subjectAltName'); |
| 108 | - if (! $names) { |
|
| 108 | + if (!$names) { |
|
| 109 | 109 | throw new \Exception('TLS client cert missing subject alternative names'); |
| 110 | 110 | } |
| 111 | 111 | // Search subject alt names for user principal name |
@@ -119,12 +119,12 @@ discard block |
||
| 119 | 119 | } |
| 120 | 120 | } |
| 121 | 121 | } |
| 122 | - if (! $upn) { |
|
| 122 | + if (!$upn) { |
|
| 123 | 123 | throw new \Exception('Could not find user principal name in TLS client cert'); |
| 124 | 124 | } |
| 125 | 125 | $user_class = config('enterpriseauth.user_class'); |
| 126 | 126 | $user = $user_class::where('userPrincipalName', $upn)->first(); |
| 127 | - if (! $user) { |
|
| 127 | + if (!$user) { |
|
| 128 | 128 | throw new \Exception('No user found with user principal name '.$upn); |
| 129 | 129 | } |
| 130 | 130 | //dd($user); |
@@ -47,7 +47,7 @@ discard block |
||
| 47 | 47 | // Go through all the credential config and make sure they are set in the .env or config file |
| 48 | 48 | foreach (config('enterpriseauth.credentials') as $config => $env) { |
| 49 | 49 | // If one isnt set, throw a red flat until the person fixes it |
| 50 | - if (! config('enterpriseauth.credentials.'.$config)) { |
|
| 50 | + if (!config('enterpriseauth.credentials.'.$config)) { |
|
| 51 | 51 | throw new \Exception('enterpriseauth setup error: missing mandatory config value for enterpriseauth.credentials.'.$config.' check your .env file!'); |
| 52 | 52 | } |
| 53 | 53 | } |
@@ -59,7 +59,7 @@ discard block |
||
| 59 | 59 | // Override the application configuration to use our oauth token guard driver at runtime |
| 60 | 60 | config(['auth.guards.api.driver' => 'oauthtoken']); |
| 61 | 61 | // Now I have a machine gun. ho ho ho! |
| 62 | - \Illuminate\Support\Facades\Auth::extend('oauthtoken', function ($app, $name, array $config) { |
|
| 62 | + \Illuminate\Support\Facades\Auth::extend('oauthtoken', function($app, $name, array $config) { |
|
| 63 | 63 | $userProvider = \Illuminate\Support\Facades\Auth::createUserProvider($config['provider']); |
| 64 | 64 | |
| 65 | 65 | return new \Metaclassing\EnterpriseAuth\Middleware\OauthTokenGuard($userProvider, $app->make('request')); |
@@ -69,13 +69,13 @@ discard block |
||
| 69 | 69 | protected function configureSwaggerToScanEnterpriseAuthRouteFiles() |
| 70 | 70 | { |
| 71 | 71 | $swaggerScanPaths = config('l5-swagger.paths.annotations'); |
| 72 | - if (! is_array($swaggerScanPaths)) { |
|
| 72 | + if (!is_array($swaggerScanPaths)) { |
|
| 73 | 73 | $swaggerScanPaths = [$swaggerScanPaths]; |
| 74 | 74 | } |
| 75 | - if (! in_array(base_path('routes'), $swaggerScanPaths)) { |
|
| 75 | + if (!in_array(base_path('routes'), $swaggerScanPaths)) { |
|
| 76 | 76 | $swaggerScanPaths[] = base_path('routes'); |
| 77 | 77 | } |
| 78 | - if (! in_array(__DIR__.'/../routes/', $swaggerScanPaths)) { |
|
| 78 | + if (!in_array(__DIR__.'/../routes/', $swaggerScanPaths)) { |
|
| 79 | 79 | $swaggerScanPaths[] = __DIR__.'/../routes/'; |
| 80 | 80 | } |
| 81 | 81 | config(['l5-swagger.paths.annotations' => $swaggerScanPaths]); |
@@ -85,7 +85,7 @@ discard block |
||
| 85 | 85 | { |
| 86 | 86 | // If the routes files for the swagger oauth config is NOT present, and we have all the right info, then generate it really quick |
| 87 | 87 | $swaggerAzureadFile = __DIR__.'/../routes/swagger.azuread.php'; |
| 88 | - if (! file_exists($swaggerAzureadFile)) { |
|
| 88 | + if (!file_exists($swaggerAzureadFile)) { |
|
| 89 | 89 | $aad = new AzureActiveDirectory(config('enterpriseauth.credentials.tenant')); |
| 90 | 90 | //$authorizationUrl = $aad->authorizationEndpoint . '?resource=https://graph.microsoft.com'; |
| 91 | 91 | $authorizationUrl = $aad->authorizationEndpoint; |
@@ -1,19 +1,19 @@ |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | -Route::middleware([config('enterpriseauth.routes.middleware')])->group(function () { |
|
| 3 | +Route::middleware([config('enterpriseauth.routes.middleware')])->group(function() { |
|
| 4 | 4 | Route::get(config('enterpriseauth.routes.login'), 'Metaclassing\EnterpriseAuth\Controllers\WebAuthController@redirectToOauthProvider'); |
| 5 | 5 | Route::get(config('enterpriseauth.routes.logout'), 'Metaclassing\EnterpriseAuth\Controllers\WebAuthController@logoutFromOauthProvider'); |
| 6 | 6 | Route::get(config('enterpriseauth.routes.callback'), 'Metaclassing\EnterpriseAuth\Controllers\WebAuthController@handleOauthResponse'); |
| 7 | 7 | Route::get(config('enterpriseauth.routes.adminconsent'), 'Metaclassing\EnterpriseAuth\Controllers\WebAuthController@redirectToOauthAdminConsent'); |
| 8 | 8 | |
| 9 | 9 | // This handles a situation where a route with the NAME of login does not exist, we define it to keep from breaking framework redirects hard coded |
| 10 | - if (! \Route::has('login')) { |
|
| 10 | + if (!\Route::has('login')) { |
|
| 11 | 11 | Route::get('login', 'Metaclassing\EnterpriseAuth\Controllers\WebAuthController@loginOrRegister')->name('login'); |
| 12 | 12 | } |
| 13 | - if (! \Route::has('register')) { |
|
| 13 | + if (!\Route::has('register')) { |
|
| 14 | 14 | Route::get('register', 'Metaclassing\EnterpriseAuth\Controllers\WebAuthController@loginOrRegister')->name('register'); |
| 15 | 15 | } |
| 16 | - if (! \Route::has('logout')) { |
|
| 16 | + if (!\Route::has('logout')) { |
|
| 17 | 17 | Route::get('logout', 'Metaclassing\EnterpriseAuth\Controllers\WebAuthController@logout')->name('logout'); |
| 18 | 18 | } |
| 19 | 19 | }); |
@@ -46,18 +46,18 @@ |
||
| 46 | 46 | public function buildOpenIdConfigUrl() |
| 47 | 47 | { |
| 48 | 48 | $this->openIdConfigUrl = $this->baseUrl.'/' |
| 49 | - .$this->tenantName.'/' |
|
| 50 | - .$this->version.'/' |
|
| 51 | - .$this->wellKnownOpenIdConfig; |
|
| 49 | + .$this->tenantName.'/' |
|
| 50 | + .$this->version.'/' |
|
| 51 | + .$this->wellKnownOpenIdConfig; |
|
| 52 | 52 | } |
| 53 | 53 | |
| 54 | 54 | public function buildAdminConsentUrl($clientId, $redirectUri) |
| 55 | 55 | { |
| 56 | 56 | $url = $this->baseUrl.'/' |
| 57 | - .$this->tenantName.'/' |
|
| 58 | - .'adminconsent' |
|
| 59 | - .'?client_id='.$clientId |
|
| 60 | - .'&redirect_uri='.$redirectUri; |
|
| 57 | + .$this->tenantName.'/' |
|
| 58 | + .'adminconsent' |
|
| 59 | + .'?client_id='.$clientId |
|
| 60 | + .'&redirect_uri='.$redirectUri; |
|
| 61 | 61 | |
| 62 | 62 | return $url; |
| 63 | 63 | } |
@@ -35,7 +35,7 @@ discard block |
||
| 35 | 35 | if ($tenantName != 'common') { |
| 36 | 36 | // Make sure the tenant is formatted like xyzcorp.onmicrosoft.com |
| 37 | 37 | $regex = '/\.onmicrosoft\.com/'; |
| 38 | - if (! preg_match($regex, $tenantName, $hits)) { |
|
| 38 | + if (!preg_match($regex, $tenantName, $hits)) { |
|
| 39 | 39 | // Append the suffix if it is missing |
| 40 | 40 | $tenantName .= '.onmicrosoft.com'; |
| 41 | 41 | } |
@@ -80,7 +80,7 @@ discard block |
||
| 80 | 80 | $keyData = json_decode($json, true); |
| 81 | 81 | $keyRing = $keyData['keys']; |
| 82 | 82 | // Loop through the keys and build us an index by kid |
| 83 | - foreach($keyRing as $key) { |
|
| 83 | + foreach ($keyRing as $key) { |
|
| 84 | 84 | $this->signingKeys[$key['kid']] = $key; |
| 85 | 85 | } |
| 86 | 86 | } |
@@ -13,7 +13,7 @@ |
||
| 13 | 13 | */ |
| 14 | 14 | public function up() |
| 15 | 15 | { |
| 16 | - Schema::create('azure_apps', function (Blueprint $table) { |
|
| 16 | + Schema::create('azure_apps', function(Blueprint $table) { |
|
| 17 | 17 | // Auto increment for unique id |
| 18 | 18 | $table->increments('id'); |
| 19 | 19 | // Some human readable name |
@@ -133,8 +133,8 @@ |
||
| 133 | 133 | } |
| 134 | 134 | // Get the X509 certificate for the selected key id |
| 135 | 135 | $certificate = '-----BEGIN CERTIFICATE-----'.PHP_EOL |
| 136 | - . $x5c . PHP_EOL |
|
| 137 | - . '-----END CERTIFICATE-----'; |
|
| 136 | + . $x5c . PHP_EOL |
|
| 137 | + . '-----END CERTIFICATE-----'; |
|
| 138 | 138 | // Perform the verification and get the verified payload results |
| 139 | 139 | $payload = \Firebase\JWT\JWT::decode($accessToken, $certificate, array('RS256')); |
| 140 | 140 | |
@@ -97,7 +97,7 @@ discard block |
||
| 97 | 97 | $app_id = $appData->azp; |
| 98 | 98 | $app = \Metaclassing\EnterpriseAuth\Models\AzureApp::where('app_id', $app_id)->first(); |
| 99 | 99 | // If we dont have an existing app go create one |
| 100 | - if (! $app) { |
|
| 100 | + if (!$app) { |
|
| 101 | 101 | $app = \Metaclassing\EnterpriseAuth\Models\AzureApp::create(); |
| 102 | 102 | $app->name = $app_id; |
| 103 | 103 | $app->app_id = $app_id; |
@@ -113,16 +113,16 @@ discard block |
||
| 113 | 113 | // Unpack our jwt to verify it is correctly formed |
| 114 | 114 | $token = $this->unpackJwt($accessToken); |
| 115 | 115 | // app tokens must be signed in RSA |
| 116 | - if (! isset($token['header']['alg']) || $token['header']['alg'] != 'RS256') { |
|
| 116 | + if (!isset($token['header']['alg']) || $token['header']['alg'] != 'RS256') { |
|
| 117 | 117 | throw new \Exception('Token is not using the correct signing algorithm RS256 '.$accessToken); |
| 118 | 118 | } |
| 119 | 119 | // app tokens are RSA signed with a key ID in the header of the token |
| 120 | - if (! isset($token['header']['kid'])) { |
|
| 120 | + if (!isset($token['header']['kid'])) { |
|
| 121 | 121 | throw new \Exception('Token with unknown RSA key id can not be validated '.$accessToken); |
| 122 | 122 | } |
| 123 | 123 | // Make sure the key id is known to our azure ad information |
| 124 | 124 | $kid = $token['header']['kid']; |
| 125 | - if (! isset($this->azureActiveDirectory->signingKeys[$kid])) { |
|
| 125 | + if (!isset($this->azureActiveDirectory->signingKeys[$kid])) { |
|
| 126 | 126 | throw new \Exception('Token signed with unknown KID '.$kid); |
| 127 | 127 | } |
| 128 | 128 | // get the x509 encoded cert body |
@@ -133,7 +133,7 @@ discard block |
||
| 133 | 133 | } |
| 134 | 134 | // Get the X509 certificate for the selected key id |
| 135 | 135 | $certificate = '-----BEGIN CERTIFICATE-----'.PHP_EOL |
| 136 | - . $x5c . PHP_EOL |
|
| 136 | + . $x5c.PHP_EOL |
|
| 137 | 137 | . '-----END CERTIFICATE-----'; |
| 138 | 138 | // Perform the verification and get the verified payload results |
| 139 | 139 | $payload = \Firebase\JWT\JWT::decode($accessToken, $certificate, array('RS256')); |
@@ -199,7 +199,7 @@ discard block |
||
| 199 | 199 | $roles = $user->roles()->get()->all(); |
| 200 | 200 | foreach ($roles as $key => $role) { |
| 201 | 201 | $role->permissions = $role->abilities()->get()->all(); |
| 202 | - if (! count($role->permissions)) { |
|
| 202 | + if (!count($role->permissions)) { |
|
| 203 | 203 | unset($roles[$key]); |
| 204 | 204 | } |
| 205 | 205 | } |
