metaclassing /
PHP7-Laravel5-EnterpriseAuth
@@ -13,7 +13,7 @@ |
||
| 13 | 13 | */ |
| 14 | 14 | public function up() |
| 15 | 15 | { |
| 16 | - Schema::table('users', function (Blueprint $table) { |
|
| 16 | + Schema::table('users', function(Blueprint $table) { |
|
| 17 | 17 | // Users must be able to support blank passwords for external identity |
| 18 | 18 | $table->string('password')->nullable()->change(); |
| 19 | 19 | // We need a new string field to store the oauth provider unique id in |
@@ -18,12 +18,12 @@ |
||
| 18 | 18 | $table->string('password')->nullable()->change(); |
| 19 | 19 | // We need a new string field to store the oauth provider unique id in |
| 20 | 20 | $table->string('azure_id', 36) |
| 21 | - ->nullable() |
|
| 22 | - ->after('email'); |
|
| 21 | + ->nullable() |
|
| 22 | + ->after('email'); |
|
| 23 | 23 | // We need a new string field to store the user principal name in |
| 24 | 24 | $table->string('userPrincipalName') |
| 25 | - ->nullable() |
|
| 26 | - ->after('azure_id'); |
|
| 25 | + ->nullable() |
|
| 26 | + ->after('azure_id'); |
|
| 27 | 27 | }); |
| 28 | 28 | // We dont support password resets because social identity is external |
| 29 | 29 | Schema::dropIfExists('password_resets'); |
@@ -6,7 +6,7 @@ discard block |
||
| 6 | 6 | |
| 7 | 7 | // Redirect requests to /api to the swagger documentation |
| 8 | 8 | //$api->any('', function (Illuminate\Http\Request $request) { |
| 9 | - $api->any('', function () { |
|
| 9 | + $api->any('', function() { |
|
| 10 | 10 | return redirect('api/documentation/'); |
| 11 | 11 | }); |
| 12 | 12 | |
@@ -17,6 +17,6 @@ discard block |
||
| 17 | 17 | * @SWG\Response(response="200", description="Hello world example") |
| 18 | 18 | * ) |
| 19 | 19 | **/ |
| 20 | - $api->any('/api/hello', function () { |
|
| 20 | + $api->any('/api/hello', function() { |
|
| 21 | 21 | return 'hello world'; |
| 22 | 22 | }); |
@@ -24,7 +24,7 @@ |
||
| 24 | 24 | * @SWG\Response(response="200", description="Hello world example") |
| 25 | 25 | * ) |
| 26 | 26 | **/ |
| 27 | -Route::middleware('api')->get('/hello', function (Request $request) { |
|
| 27 | +Route::middleware('api')->get('/hello', function(Request $request) { |
|
| 28 | 28 | return 'hello world'; |
| 29 | 29 | }); |
| 30 | 30 | |
@@ -35,7 +35,7 @@ |
||
| 35 | 35 | if ($tenantName != 'common') { |
| 36 | 36 | // Make sure the tenant is formatted like xyzcorp.onmicrosoft.com |
| 37 | 37 | $regex = '/\.onmicrosoft\.com/'; |
| 38 | - if (! preg_match($regex, $tenantName, $hits)) { |
|
| 38 | + if (!preg_match($regex, $tenantName, $hits)) { |
|
| 39 | 39 | // Append the suffix if it is missing |
| 40 | 40 | $tenantName .= '.onmicrosoft.com'; |
| 41 | 41 | } |
@@ -46,18 +46,18 @@ |
||
| 46 | 46 | public function buildOpenIdConfigUrl() |
| 47 | 47 | { |
| 48 | 48 | $this->openIdConfigUrl = $this->baseUrl.'/' |
| 49 | - .$this->tenantName.'/' |
|
| 50 | - .$this->version.'/' |
|
| 51 | - .$this->wellKnownOpenIdConfig; |
|
| 49 | + .$this->tenantName.'/' |
|
| 50 | + .$this->version.'/' |
|
| 51 | + .$this->wellKnownOpenIdConfig; |
|
| 52 | 52 | } |
| 53 | 53 | |
| 54 | 54 | public function buildAdminConsentUrl($clientId, $redirectUri) |
| 55 | 55 | { |
| 56 | 56 | $url = $this->baseUrl.'/' |
| 57 | - .$this->tenantName.'/' |
|
| 58 | - .'adminconsent' |
|
| 59 | - .'?client_id='.$clientId |
|
| 60 | - .'&redirect_uri='.$redirectUri; |
|
| 57 | + .$this->tenantName.'/' |
|
| 58 | + .'adminconsent' |
|
| 59 | + .'?client_id='.$clientId |
|
| 60 | + .'&redirect_uri='.$redirectUri; |
|
| 61 | 61 | |
| 62 | 62 | return $url; |
| 63 | 63 | } |
@@ -57,7 +57,7 @@ discard block |
||
| 57 | 57 | */ |
| 58 | 58 | public function check() |
| 59 | 59 | { |
| 60 | - return ! is_null($this->user()); |
|
| 60 | + return !is_null($this->user()); |
|
| 61 | 61 | } |
| 62 | 62 | |
| 63 | 63 | /** |
@@ -67,7 +67,7 @@ discard block |
||
| 67 | 67 | */ |
| 68 | 68 | public function guest() |
| 69 | 69 | { |
| 70 | - return ! $this->check(); |
|
| 70 | + return !$this->check(); |
|
| 71 | 71 | } |
| 72 | 72 | |
| 73 | 73 | /** |
@@ -77,7 +77,7 @@ discard block |
||
| 77 | 77 | */ |
| 78 | 78 | public function user() |
| 79 | 79 | { |
| 80 | - if (! is_null($this->user)) { |
|
| 80 | + if (!is_null($this->user)) { |
|
| 81 | 81 | return $this->user; |
| 82 | 82 | } |
| 83 | 83 | } |
@@ -1,7 +1,7 @@ |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | 3 | // Authenticated user information routes |
| 4 | -Route::middleware([config('enterpriseauth.apiroutes.middleware'), config('enterpriseauth.apiroutes.authmiddleware')])->group(function () { |
|
| 4 | +Route::middleware([config('enterpriseauth.apiroutes.middleware'), config('enterpriseauth.apiroutes.authmiddleware')])->group(function() { |
|
| 5 | 5 | |
| 6 | 6 | /** |
| 7 | 7 | * @SWG\Get( |
@@ -72,7 +72,7 @@ |
||
| 72 | 72 | $destination = $request->session() |
| 73 | 73 | ->get('oauthIntendedUrl'); |
| 74 | 74 | // If there is no intended destination url, use the default |
| 75 | - if (! $destination) { |
|
| 75 | + if (!$destination) { |
|
| 76 | 76 | $destination = config('enterpriseauth.redirect_on_login'); |
| 77 | 77 | } |
| 78 | 78 | \Illuminate\Support\Facades\Log::info('AUTH success USER ID '.$user->id.' with redirect url '.$destination); |
@@ -40,7 +40,7 @@ discard block |
||
| 40 | 40 | public function redirectToOauthAdminConsent(\Illuminate\Http\Request $request) |
| 41 | 41 | { |
| 42 | 42 | $url = $this->azureActiveDirectory->buildAdminConsentUrl(config('enterpriseauth.credentials.client_id'), |
| 43 | - config('enterpriseauth.credentials.callback_url')); |
|
| 43 | + config('enterpriseauth.credentials.callback_url')); |
|
| 44 | 44 | //return new \Illuminate\Http\RedirectResponse($url); |
| 45 | 45 | return redirect($url); |
| 46 | 46 | } |
@@ -57,8 +57,8 @@ discard block |
||
| 57 | 57 | public function buildAuthUrl() |
| 58 | 58 | { |
| 59 | 59 | $url = $this->azureActiveDirectory->authorizationEndpoint |
| 60 | - .'?' |
|
| 61 | - .$this->buildAuthUrlQueryString(); |
|
| 60 | + .'?' |
|
| 61 | + .$this->buildAuthUrlQueryString(); |
|
| 62 | 62 | |
| 63 | 63 | return $url; |
| 64 | 64 | } |
@@ -100,7 +100,7 @@ discard block |
||
| 100 | 100 | |
| 101 | 101 | // Check to see if there is an intended destination url saved |
| 102 | 102 | $destination = $request->session() |
| 103 | - ->get('oauthIntendedUrl'); |
|
| 103 | + ->get('oauthIntendedUrl'); |
|
| 104 | 104 | // If there is no intended destination url, use the default |
| 105 | 105 | if (! $destination) { |
| 106 | 106 | $destination = config('enterpriseauth.redirect_on_login'); |
@@ -126,7 +126,7 @@ discard block |
||
| 126 | 126 | 'client_secret' => config('enterpriseauth.credentials.client_secret'), |
| 127 | 127 | 'redirect_uri' => config('enterpriseauth.credentials.callback_url'), |
| 128 | 128 | 'grant_type' => 'authorization_code', |
| 129 | - ], |
|
| 129 | + ], |
|
| 130 | 130 | ]; |
| 131 | 131 | $response = $guzzle->post($url, $parameters); |
| 132 | 132 | $responseObject = json_decode($response->getBody()); |
@@ -39,8 +39,8 @@ discard block |
||
| 39 | 39 | $graph = new \Microsoft\Graph\Graph(); |
| 40 | 40 | $graph->setAccessToken($accessToken); |
| 41 | 41 | $user = $graph->createRequest('GET', '/me') |
| 42 | - ->setReturnType(\Microsoft\Graph\Model\User::class) |
|
| 43 | - ->execute(); |
|
| 42 | + ->setReturnType(\Microsoft\Graph\Model\User::class) |
|
| 43 | + ->execute(); |
|
| 44 | 44 | |
| 45 | 45 | return $user->jsonSerialize(); |
| 46 | 46 | } |
@@ -131,9 +131,9 @@ discard block |
||
| 131 | 131 | if (count($groups)) { |
| 132 | 132 | // remove the users existing database roles before assigning new ones |
| 133 | 133 | \DB::table('assigned_roles') |
| 134 | - ->where('entity_id', $user->id) |
|
| 135 | - ->where('entity_type', get_class($user)) |
|
| 136 | - ->delete(); |
|
| 134 | + ->where('entity_id', $user->id) |
|
| 135 | + ->where('entity_type', get_class($user)) |
|
| 136 | + ->delete(); |
|
| 137 | 137 | // add the user to each group they are assigned |
| 138 | 138 | $user->assign($groups); |
| 139 | 139 | } |
@@ -49,7 +49,7 @@ discard block |
||
| 49 | 49 | public function scrubMicrosoftGraphUserData($userData) |
| 50 | 50 | { |
| 51 | 51 | // Fix any stupid crap with missing or null fields |
| 52 | - if (! isset($userData['mail']) || ! $userData['mail']) { |
|
| 52 | + if (!isset($userData['mail']) || !$userData['mail']) { |
|
| 53 | 53 | \Illuminate\Support\Facades\Log::debug('graph api did not contain mail field, using userPrincipalName instead '.json_encode($userData)); |
| 54 | 54 | $userData['mail'] = $userData['userPrincipalName']; |
| 55 | 55 | } |
@@ -65,7 +65,7 @@ discard block |
||
| 65 | 65 | // Try to find an existing user |
| 66 | 66 | $user = $userType::where($userIdField, $userData['id'])->first(); |
| 67 | 67 | // If we dont have an existing user |
| 68 | - if (! $user) { |
|
| 68 | + if (!$user) { |
|
| 69 | 69 | // Go create a new one with this data |
| 70 | 70 | $user = $this->createUserFromAzureData($userData); |
| 71 | 71 | } |
@@ -109,7 +109,7 @@ discard block |
||
| 109 | 109 | |
| 110 | 110 | // TODO: rewrite this so that if the user doesnt exist we create them and get their groups from AAD |
| 111 | 111 | $user = $user_class::where('userPrincipalName', $upn)->first(); |
| 112 | - if (! $user) { |
|
| 112 | + if (!$user) { |
|
| 113 | 113 | throw new \Exception('No user found with user principal name '.$upn); |
| 114 | 114 | } |
| 115 | 115 | |
@@ -119,7 +119,7 @@ discard block |
||
| 119 | 119 | public function loadClientCertFromWebserver() |
| 120 | 120 | { |
| 121 | 121 | // Make sure we got a client certificate from the web server |
| 122 | - if (! isset($_SERVER['SSL_CLIENT_CERT']) || ! $_SERVER['SSL_CLIENT_CERT']) { |
|
| 122 | + if (!isset($_SERVER['SSL_CLIENT_CERT']) || !$_SERVER['SSL_CLIENT_CERT']) { |
|
| 123 | 123 | throw new \Exception('TLS client certificate missing'); |
| 124 | 124 | } |
| 125 | 125 | // try to parse the certificate we got |
@@ -134,7 +134,7 @@ discard block |
||
| 134 | 134 | public function getUserPrincipalNameFromClientCert($x509) |
| 135 | 135 | { |
| 136 | 136 | $names = $x509->getExtension('id-ce-subjectAltName'); |
| 137 | - if (! $names) { |
|
| 137 | + if (!$names) { |
|
| 138 | 138 | throw new \Exception('TLS client cert missing subject alternative names'); |
| 139 | 139 | } |
| 140 | 140 | // Search subject alt names for user principal name |
@@ -148,7 +148,7 @@ discard block |
||
| 148 | 148 | } |
| 149 | 149 | } |
| 150 | 150 | } |
| 151 | - if (! $upn) { |
|
| 151 | + if (!$upn) { |
|
| 152 | 152 | throw new \Exception('Could not find user principal name in TLS client cert'); |
| 153 | 153 | } |
| 154 | 154 | |
@@ -47,7 +47,7 @@ discard block |
||
| 47 | 47 | // Go through all the credential config and make sure they are set in the .env or config file |
| 48 | 48 | foreach (config('enterpriseauth.credentials') as $config => $env) { |
| 49 | 49 | // If one isnt set, throw a red flat until the person fixes it |
| 50 | - if (! config('enterpriseauth.credentials.'.$config)) { |
|
| 50 | + if (!config('enterpriseauth.credentials.'.$config)) { |
|
| 51 | 51 | throw new \Exception('enterpriseauth setup error: missing mandatory config value for enterpriseauth.credentials.'.$config.' check your .env file!'); |
| 52 | 52 | } |
| 53 | 53 | } |
@@ -59,7 +59,7 @@ discard block |
||
| 59 | 59 | // Override the application configuration to use our oauth token guard driver at runtime |
| 60 | 60 | config(['auth.guards.api.driver' => 'oauthtoken']); |
| 61 | 61 | // Now I have a machine gun. ho ho ho! |
| 62 | - \Illuminate\Support\Facades\Auth::extend('oauthtoken', function ($app, $name, array $config) { |
|
| 62 | + \Illuminate\Support\Facades\Auth::extend('oauthtoken', function($app, $name, array $config) { |
|
| 63 | 63 | $userProvider = \Illuminate\Support\Facades\Auth::createUserProvider($config['provider']); |
| 64 | 64 | |
| 65 | 65 | return new \Metaclassing\EnterpriseAuth\Middleware\OauthTokenGuard($userProvider, $app->make('request')); |
@@ -69,13 +69,13 @@ discard block |
||
| 69 | 69 | protected function configureSwaggerToScanEnterpriseAuthRouteFiles() |
| 70 | 70 | { |
| 71 | 71 | $swaggerScanPaths = config('l5-swagger.paths.annotations'); |
| 72 | - if (! is_array($swaggerScanPaths)) { |
|
| 72 | + if (!is_array($swaggerScanPaths)) { |
|
| 73 | 73 | $swaggerScanPaths = [$swaggerScanPaths]; |
| 74 | 74 | } |
| 75 | - if (! in_array(base_path('routes'), $swaggerScanPaths)) { |
|
| 75 | + if (!in_array(base_path('routes'), $swaggerScanPaths)) { |
|
| 76 | 76 | $swaggerScanPaths[] = base_path('routes'); |
| 77 | 77 | } |
| 78 | - if (! in_array(__DIR__.'/../routes/', $swaggerScanPaths)) { |
|
| 78 | + if (!in_array(__DIR__.'/../routes/', $swaggerScanPaths)) { |
|
| 79 | 79 | $swaggerScanPaths[] = __DIR__.'/../routes/'; |
| 80 | 80 | } |
| 81 | 81 | config(['l5-swagger.paths.annotations' => $swaggerScanPaths]); |
@@ -85,7 +85,7 @@ discard block |
||
| 85 | 85 | { |
| 86 | 86 | // If the routes files for the swagger oauth config is NOT present, and we have all the right info, then generate it really quick |
| 87 | 87 | $swaggerAzureadFile = __DIR__.'/../routes/swagger.azuread.php'; |
| 88 | - if (! file_exists($swaggerAzureadFile)) { |
|
| 88 | + if (!file_exists($swaggerAzureadFile)) { |
|
| 89 | 89 | $aad = new AzureActiveDirectory(config('enterpriseauth.credentials.tenant')); |
| 90 | 90 | //$authorizationUrl = $aad->authorizationEndpoint . '?resource=https://graph.microsoft.com'; |
| 91 | 91 | $authorizationUrl = $aad->authorizationEndpoint; |
