|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace Metaclassing\EnterpriseAuth\Controllers; |
|
4
|
|
|
|
|
5
|
|
|
use Illuminate\Routing\Controller; |
|
6
|
|
|
use Laravel\Socialite\Facades\Socialite; |
|
7
|
|
|
|
|
8
|
|
|
class ApiAuthController extends AuthController |
|
9
|
|
|
{ |
|
10
|
|
|
public function authenticateRequest(\Illuminate\Http\Request $request) |
|
11
|
|
|
{ |
|
12
|
|
|
$accessToken = $this->extractOauthAccessTokenFromRequest($request); |
|
13
|
|
|
|
|
14
|
|
|
// IF we got a token, prefer using that over cert auth |
|
15
|
|
|
if ($accessToken) { |
|
16
|
|
|
return $this->attemptTokenAuth($accessToken); |
|
|
|
|
|
|
17
|
|
|
} else { |
|
18
|
|
|
return $this->attemptCertAuth(); |
|
19
|
|
|
} |
|
20
|
|
|
} |
|
21
|
|
|
|
|
22
|
|
|
public function attemptTokenAuth($accessToken) |
|
23
|
|
|
{ |
|
24
|
|
|
// Check the cache to see if this is a previously authenticated oauth access token |
|
25
|
|
|
$key = '/oauth/tokens/'.$accessToken; |
|
26
|
|
|
if ($accessToken && \Cache::has($key)) { |
|
27
|
|
|
$user = \Cache::get($key); |
|
|
|
|
|
|
28
|
|
|
// Check to see if they have newly authenticated with an oauth access token |
|
29
|
|
|
} else { |
|
30
|
|
|
try { |
|
31
|
|
|
$this->user = $this->validateOauthCreateOrUpdateUserAndGroups($accessToken); |
|
|
|
|
|
|
32
|
|
|
} catch (\Exception $e) { |
|
33
|
|
|
//echo 'token auth error: '.$e->getMessage(); |
|
34
|
|
|
} |
|
35
|
|
|
} |
|
36
|
|
|
} |
|
37
|
|
|
|
|
38
|
|
|
public function attemptCertAuth() |
|
39
|
|
|
{ |
|
40
|
|
|
try { |
|
41
|
|
|
return $apiAuthController->certAuth(); |
|
|
|
|
|
|
42
|
|
|
} catch (\Exception $e) { |
|
43
|
|
|
//echo 'cert auth error: '.$e->getMessage(); |
|
44
|
|
|
} |
|
45
|
|
|
} |
|
46
|
|
|
|
|
47
|
|
|
// Helper to find a token wherever it is hidden and attempt to auth it |
|
48
|
|
|
public function extractOauthAccessTokenFromRequest(\Illuminate\Http\Request $request) |
|
49
|
|
|
{ |
|
50
|
|
|
$oauthAccessToken = ''; |
|
51
|
|
|
|
|
52
|
|
|
// IF we get an explicit TOKEN=abc123 in the $request |
|
53
|
|
|
if ($request->query('token')) { |
|
54
|
|
|
$oauthAccessToken = $request->query('token'); |
|
55
|
|
|
} |
|
56
|
|
|
|
|
57
|
|
|
// IF posted as access_token=abc123 in the $request |
|
58
|
|
|
if ($request->input('access_token')) { |
|
59
|
|
|
$oauthAccessToken = $request->input('access_token'); |
|
60
|
|
|
} |
|
61
|
|
|
|
|
62
|
|
|
// IF the request has an Authorization: Bearer abc123 header |
|
63
|
|
|
$header = $request->headers->get('authorization'); |
|
64
|
|
|
$regex = '/bearer\s+(\S+)/i'; |
|
65
|
|
|
if ($header && preg_match($regex, $header, $matches)) { |
|
66
|
|
|
$oauthAccessToken = $matches[1]; |
|
67
|
|
|
} |
|
68
|
|
|
|
|
69
|
|
|
return $oauthAccessToken; |
|
70
|
|
|
} |
|
71
|
|
|
|
|
72
|
|
|
// Route to dump out the authenticated API user |
|
73
|
|
|
public function getAuthorizedUserInfo(\Illuminate\Http\Request $request) |
|
|
|
|
|
|
74
|
|
|
{ |
|
75
|
|
|
$user = auth()->user(); |
|
76
|
|
|
|
|
77
|
|
|
return response()->json($user); |
|
78
|
|
|
} |
|
79
|
|
|
|
|
80
|
|
|
// Route to dump out the authenticated users groups/roles |
|
81
|
|
|
public function getAuthorizedUserRoles(\Illuminate\Http\Request $request) |
|
|
|
|
|
|
82
|
|
|
{ |
|
83
|
|
|
$user = auth()->user(); |
|
84
|
|
|
$roles = $user->roles()->get(); |
|
85
|
|
|
|
|
86
|
|
|
return response()->json($roles); |
|
87
|
|
|
} |
|
88
|
|
|
|
|
89
|
|
|
// Route to dump out the authenticated users group/roles abilities/permissions |
|
90
|
|
|
public function getAuthorizedUserRolesAbilities(\Illuminate\Http\Request $request) |
|
|
|
|
|
|
91
|
|
|
{ |
|
92
|
|
|
$user = auth()->user(); |
|
93
|
|
|
$roles = $user->roles()->get()->all(); |
|
94
|
|
|
foreach ($roles as $key => $role) { |
|
95
|
|
|
$role->permissions = $role->abilities()->get()->all(); |
|
96
|
|
|
if (! count($role->permissions)) { |
|
97
|
|
|
unset($roles[$key]); |
|
98
|
|
|
} |
|
99
|
|
|
} |
|
100
|
|
|
$roles = array_values($roles); |
|
101
|
|
|
|
|
102
|
|
|
return response()->json($roles); |
|
103
|
|
|
} |
|
104
|
|
|
} |
|
105
|
|
|
|
metaclassing /
PHP7-Laravel5-EnterpriseAuth
Loading history...
This check looks for function or method calls that always return null and whose return value is used.
The method
getObject()can return nothing but null, so it makes no sense to use the return value.The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes.