Commit 5b9aed6c authored by Jacob Priddy's avatar Jacob Priddy 👌

Fix tons of bugs and actually get auth workin for saml and everything

else
parent 968371e5
...@@ -27,7 +27,7 @@ $config = [ ...@@ -27,7 +27,7 @@ $config = [
* external url, no matter where you come from (direct access or via the * external url, no matter where you come from (direct access or via the
* reverse proxy). * reverse proxy).
*/ */
'baseurlpath' => 'http://localhost:8080/simplesaml-idp/', 'baseurlpath' => 'https://localhost:8080/simplesaml-idp/',
/* /*
* The 'application' configuration array groups a set configuration options * The 'application' configuration array groups a set configuration options
......
...@@ -6,13 +6,13 @@ ...@@ -6,13 +6,13 @@
* See: https://simplesamlphp.org/docs/stable/simplesamlphp-reference-sp-remote * See: https://simplesamlphp.org/docs/stable/simplesamlphp-reference-sp-remote
*/ */
$metadata['http://localhost:8080/simplesaml/module.php/saml/sp/metadata.php/default-sp'] = array ( $metadata['https://localhost:8080/simplesaml/module.php/saml/sp/metadata.php/default-sp'] = array (
'SingleLogoutService' => 'SingleLogoutService' =>
array ( array (
0 => 0 =>
array ( array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'http://localhost:8080/simplesaml/module.php/saml/sp/saml2-logout.php/default-sp', 'Location' => 'https://localhost:8080/simplesaml/module.php/saml/sp/saml2-logout.php/default-sp',
), ),
), ),
'AssertionConsumerService' => 'AssertionConsumerService' =>
...@@ -21,25 +21,25 @@ $metadata['http://localhost:8080/simplesaml/module.php/saml/sp/metadata.php/defa ...@@ -21,25 +21,25 @@ $metadata['http://localhost:8080/simplesaml/module.php/saml/sp/metadata.php/defa
array ( array (
'index' => 0, 'index' => 0,
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'Location' => 'http://localhost:8080/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp', 'Location' => 'https://localhost:8080/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
), ),
1 => 1 =>
array ( array (
'index' => 1, 'index' => 1,
'Binding' => 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post', 'Binding' => 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post',
'Location' => 'http://localhost:8080/simplesaml/module.php/saml/sp/saml1-acs.php/default-sp', 'Location' => 'https://localhost:8080/simplesaml/module.php/saml/sp/saml1-acs.php/default-sp',
), ),
2 => 2 =>
array ( array (
'index' => 2, 'index' => 2,
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact', 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
'Location' => 'http://localhost:8080/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp', 'Location' => 'https://localhost:8080/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
), ),
3 => 3 =>
array ( array (
'index' => 3, 'index' => 3,
'Binding' => 'urn:oasis:names:tc:SAML:1.0:profiles:artifact-01', 'Binding' => 'urn:oasis:names:tc:SAML:1.0:profiles:artifact-01',
'Location' => 'http://localhost:8080/simplesaml/module.php/saml/sp/saml1-acs.php/default-sp/artifact', 'Location' => 'https://localhost:8080/simplesaml/module.php/saml/sp/saml1-acs.php/default-sp/artifact',
), ),
), ),
'certData' => 'MIIEwTCCAymgAwIBAgIUOBK2NqzhcX63Vj6AIoGNzzRp8WgwDQYJKoZIhvcNAQELBQAwcDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xFjAUBgNVBAcMDUNvbGxlZ2UgUGxhY2UxHzAdBgNVBAoMFldhbGxhIFdhbGxhIFVuaXZlcnNpdHkxEzARBgNVBAsMCktyZXRzY2htYXIwHhcNMjAwMTIxMTAyODE1WhcNMzAwMTIwMTAyODE1WjBwMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEWMBQGA1UEBwwNQ29sbGVnZSBQbGFjZTEfMB0GA1UECgwWV2FsbGEgV2FsbGEgVW5pdmVyc2l0eTETMBEGA1UECwwKS3JldHNjaG1hcjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKSU6Xayh+chaCvKHwMuvKZcxt6QrtSfjxwHOd+xsGIrQXW/8LB9yAIalb/aKavfw6sQ+Ftt1rRXJM5QFFZiADrZuds/IHIaV+YhFH2JsBY6kmiGWzYsI0Cyq+wRW9vcuCSyYZb4r7xQw++kILD1Wg2rW7jNcq4E7Nm16tgVcQwztN4I3G7fTso9AHTv1yZRzpDzGAjiVRXWScoMx7k49QOcXrfJQzoR+jQxa4M+p4ofAIAqECJ1VlYNOIcIyT2TJXMWpwocpKG+ukxHsN/az7DmbRErn8Aw7va9FzMGaiJ2xM52j+1qNzqUOn939W3UM05fnOz/rYyJh0jTiLJv6zLj+Y5L0CCASCMOF90+jrKD0EBP0NzTy85cNHqxtisEyxio54UO3LFjKR7EecrIrmDnn1xnQ8cLIMoeU6jqw8hKtnt0aAd6Xhplnmr59Mkoc/sRRAqgM5OHbE2V5H0KwJq78a2nHTR7TWL9iVDqos07FjOzJv7zc2510DT93fCKrQIDAQABo1MwUTAdBgNVHQ4EFgQUiVs1Pj0+Hf67NHYkh5QAQ8pk7vcwHwYDVR0jBBgwFoAUiVs1Pj0+Hf67NHYkh5QAQ8pk7vcwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAYEASF3ITaDiuuSLmDBzFQpVZcOQfiKu1UC4cLSdz8E5pWHdm+ZPsjQFlrGt4fz+QAG5IcaCmBmpm+uuJkY8kPCrHlX5GYIDCr17RYAfTBiergdTLrH0UN+r7s0S9bvw33a4WAeq8sviE4oE742hCgHfxhDHcux2mAULeYQr7YWubfWLvVrJ7/ibIT/cLscRBmBEDQwxSIFpnQlcmmvEquVfec15twKyk6GB4/gIVylBlWixdYP1qIbMsUClXNNJY9kSERKcUxicX609n0L5eJ5AcScPuuNewKxy5vO0FsK9YrrITwJ1HPyv3JfIm71Dw/zQwl+pk97IF5Yz9oTQpsXD62PtxU+0HUZQhQZRUOyqoGlp9fRe95/mOV+ljdUa+n7PfiVL4eIocmGXAGgxeaeARGCB3lYUO9dfxoK4l2AtWgnPq5jMexm+m5DimLkC+kLViYkrN/dzLMgYREBoyY6cB9HjYI1qd3KKk6wUDwKtQp729pKLY7Mnw26U0AHCPYBn', 'certData' => 'MIIEwTCCAymgAwIBAgIUOBK2NqzhcX63Vj6AIoGNzzRp8WgwDQYJKoZIhvcNAQELBQAwcDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xFjAUBgNVBAcMDUNvbGxlZ2UgUGxhY2UxHzAdBgNVBAoMFldhbGxhIFdhbGxhIFVuaXZlcnNpdHkxEzARBgNVBAsMCktyZXRzY2htYXIwHhcNMjAwMTIxMTAyODE1WhcNMzAwMTIwMTAyODE1WjBwMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEWMBQGA1UEBwwNQ29sbGVnZSBQbGFjZTEfMB0GA1UECgwWV2FsbGEgV2FsbGEgVW5pdmVyc2l0eTETMBEGA1UECwwKS3JldHNjaG1hcjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKSU6Xayh+chaCvKHwMuvKZcxt6QrtSfjxwHOd+xsGIrQXW/8LB9yAIalb/aKavfw6sQ+Ftt1rRXJM5QFFZiADrZuds/IHIaV+YhFH2JsBY6kmiGWzYsI0Cyq+wRW9vcuCSyYZb4r7xQw++kILD1Wg2rW7jNcq4E7Nm16tgVcQwztN4I3G7fTso9AHTv1yZRzpDzGAjiVRXWScoMx7k49QOcXrfJQzoR+jQxa4M+p4ofAIAqECJ1VlYNOIcIyT2TJXMWpwocpKG+ukxHsN/az7DmbRErn8Aw7va9FzMGaiJ2xM52j+1qNzqUOn939W3UM05fnOz/rYyJh0jTiLJv6zLj+Y5L0CCASCMOF90+jrKD0EBP0NzTy85cNHqxtisEyxio54UO3LFjKR7EecrIrmDnn1xnQ8cLIMoeU6jqw8hKtnt0aAd6Xhplnmr59Mkoc/sRRAqgM5OHbE2V5H0KwJq78a2nHTR7TWL9iVDqos07FjOzJv7zc2510DT93fCKrQIDAQABo1MwUTAdBgNVHQ4EFgQUiVs1Pj0+Hf67NHYkh5QAQ8pk7vcwHwYDVR0jBBgwFoAUiVs1Pj0+Hf67NHYkh5QAQ8pk7vcwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAYEASF3ITaDiuuSLmDBzFQpVZcOQfiKu1UC4cLSdz8E5pWHdm+ZPsjQFlrGt4fz+QAG5IcaCmBmpm+uuJkY8kPCrHlX5GYIDCr17RYAfTBiergdTLrH0UN+r7s0S9bvw33a4WAeq8sviE4oE742hCgHfxhDHcux2mAULeYQr7YWubfWLvVrJ7/ibIT/cLscRBmBEDQwxSIFpnQlcmmvEquVfec15twKyk6GB4/gIVylBlWixdYP1qIbMsUClXNNJY9kSERKcUxicX609n0L5eJ5AcScPuuNewKxy5vO0FsK9YrrITwJ1HPyv3JfIm71Dw/zQwl+pk97IF5Yz9oTQpsXD62PtxU+0HUZQhQZRUOyqoGlp9fRe95/mOV+ljdUa+n7PfiVL4eIocmGXAGgxeaeARGCB3lYUO9dfxoK4l2AtWgnPq5jMexm+m5DimLkC+kLViYkrN/dzLMgYREBoyY6cB9HjYI1qd3KKk6wUDwKtQp729pKLY7Mnw26U0AHCPYBn',
......
...@@ -25,7 +25,7 @@ $config = [ ...@@ -25,7 +25,7 @@ $config = [
// The entity ID of the IdP this SP should contact. // The entity ID of the IdP this SP should contact.
// Can be NULL/unset, in which case the user will be shown a list of available IdPs. // Can be NULL/unset, in which case the user will be shown a list of available IdPs.
'idp' => 'http://localhost:8080/simplesaml-idp/saml2/idp/metadata.php', 'idp' => 'https://localhost:8080/simplesaml-idp/saml2/idp/metadata.php',
// The URL to the discovery service. // The URL to the discovery service.
// Can be NULL/unset, in which case a builtin discovery service will be used. // Can be NULL/unset, in which case a builtin discovery service will be used.
......
...@@ -8,15 +8,15 @@ ...@@ -8,15 +8,15 @@
* See: https://simplesamlphp.org/docs/stable/simplesamlphp-reference-idp-remote * See: https://simplesamlphp.org/docs/stable/simplesamlphp-reference-idp-remote
*/ */
$metadata['http://localhost:8080/simplesaml-idp/saml2/idp/metadata.php'] = array ( $metadata['https://localhost:8080/simplesaml-idp/saml2/idp/metadata.php'] = array (
'metadata-set' => 'saml20-idp-remote', 'metadata-set' => 'saml20-idp-remote',
'entityid' => 'http://localhost:8080/simplesaml-idp/saml2/idp/metadata.php', 'entityid' => 'https://localhost:8080/simplesaml-idp/saml2/idp/metadata.php',
'SingleSignOnService' => 'SingleSignOnService' =>
array ( array (
0 => 0 =>
array ( array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'http://localhost:8080/simplesaml-idp/saml2/idp/SSOService.php', 'Location' => 'https://localhost:8080/simplesaml-idp/saml2/idp/SSOService.php',
), ),
), ),
'SingleLogoutService' => 'SingleLogoutService' =>
...@@ -24,7 +24,7 @@ $metadata['http://localhost:8080/simplesaml-idp/saml2/idp/metadata.php'] = array ...@@ -24,7 +24,7 @@ $metadata['http://localhost:8080/simplesaml-idp/saml2/idp/metadata.php'] = array
0 => 0 =>
array ( array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'http://localhost:8080/simplesaml-idp/saml2/idp/SingleLogoutService.php', 'Location' => 'https://localhost:8080/simplesaml-idp/saml2/idp/SingleLogoutService.php',
), ),
), ),
'certData' => 'MIIEwTCCAymgAwIBAgIUWlixu/uHDLux2Txl3HGBngrYZxQwDQYJKoZIhvcNAQELBQAwcDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xFjAUBgNVBAcMDUNvbGxlZ2UgUGxhY2UxHzAdBgNVBAoMFldhbGxhIFdhbGxhIFVuaXZlcnNpdHkxEzARBgNVBAsMCktyZXRzY2htYXIwHhcNMjAwMTIxMTAyNjQxWhcNMzAwMTIwMTAyNjQxWjBwMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEWMBQGA1UEBwwNQ29sbGVnZSBQbGFjZTEfMB0GA1UECgwWV2FsbGEgV2FsbGEgVW5pdmVyc2l0eTETMBEGA1UECwwKS3JldHNjaG1hcjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALhJUyYFwJRwiYzXnuR4dGkEUF6hjnbXxKnkwfuRO0Apy7G3RGtkqq+vGOTn2MymUpYOxXNCsz6cAwrrADjnW9cRUERkqR0KSnrTsATzF6rvnodM27hREysQEKVW+dcKIklrXxOaSRJuCoYXV+QuSK/Qph6qDYimxdLl4CWTuWtu2Pytr5ABcewYoawf816ErcNVw2pP2gxAB+OxyoERlo2E+6b4yk6e1V/StFdRgeABuMAPAgip49PPd7u0hUkay0fplB5fqg7xnuwMsJRffBJRRd5bZjMRz7M3OHL8kvhjCAWn54ERf8zYJJLaG+D96TPT7fNbyfylDzWS64wwwdo/iX3R9cwpPatAmh6ke2MGgypE1Xv2EUmqTPnlTIgxRxX4Y+N3sQibDtat1KhDIWZFk1YAkJpOarWaXolzUt/7wsYnocA51/REEDoIlVwa0xLDpGAMVHpzCmOMk62C047ptUVAKwPRKwVTRo44wyK2OOOvTWef3oeGLjQU0ICX2wIDAQABo1MwUTAdBgNVHQ4EFgQUGwOm6LVLEeLxGMOiqVHjcehg1YQwHwYDVR0jBBgwFoAUGwOm6LVLEeLxGMOiqVHjcehg1YQwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAYEAfrz2N8cMRnDpD8H6o63Sa6aVJc0soSy5dzlSc/MLh9TvOuztWSovaDmfsshMTBH6ChZQ+XifZWwKJaf+fFaYGgcFDFwQVslzGjoSY2VXYSKmcfSIOpb4jkKvc4mjuxLxhi/WcKga7IVb7/xNw5uqWfJI+ndtz45AwJ/zpzQjvAMipZwjtwAgryXhcAdBlzhSRNdysPPCDCxjQWqaI+SSWMa0Ud/frXgYeOP9ID73qOf9rKrSjftJKXCYpXsjGykkv9GrCjJxe+usRSHXw6ddrO7aYfl7mXjsXQh+OlhuKog8MGUOQMa2I14qn8qTPKNmMl62Qu06pYFgDez9oLPM40mEilRpNQHO/lDqwS8J6x8Ir/Ub8a38s+VkIWGHsnvLDR/tHW0VI+RGsL10hsUbV2geIQ0CkDOJMo9kohlLqBf0WKr+sSRH7n/M/Kd0bccERTnr9NYl76Wuddo3v4JcIf48vYE8pUFDmCTGRwnTN6vCnNZLvWa/+WwYLpN8KhYW', 'certData' => 'MIIEwTCCAymgAwIBAgIUWlixu/uHDLux2Txl3HGBngrYZxQwDQYJKoZIhvcNAQELBQAwcDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xFjAUBgNVBAcMDUNvbGxlZ2UgUGxhY2UxHzAdBgNVBAoMFldhbGxhIFdhbGxhIFVuaXZlcnNpdHkxEzARBgNVBAsMCktyZXRzY2htYXIwHhcNMjAwMTIxMTAyNjQxWhcNMzAwMTIwMTAyNjQxWjBwMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEWMBQGA1UEBwwNQ29sbGVnZSBQbGFjZTEfMB0GA1UECgwWV2FsbGEgV2FsbGEgVW5pdmVyc2l0eTETMBEGA1UECwwKS3JldHNjaG1hcjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALhJUyYFwJRwiYzXnuR4dGkEUF6hjnbXxKnkwfuRO0Apy7G3RGtkqq+vGOTn2MymUpYOxXNCsz6cAwrrADjnW9cRUERkqR0KSnrTsATzF6rvnodM27hREysQEKVW+dcKIklrXxOaSRJuCoYXV+QuSK/Qph6qDYimxdLl4CWTuWtu2Pytr5ABcewYoawf816ErcNVw2pP2gxAB+OxyoERlo2E+6b4yk6e1V/StFdRgeABuMAPAgip49PPd7u0hUkay0fplB5fqg7xnuwMsJRffBJRRd5bZjMRz7M3OHL8kvhjCAWn54ERf8zYJJLaG+D96TPT7fNbyfylDzWS64wwwdo/iX3R9cwpPatAmh6ke2MGgypE1Xv2EUmqTPnlTIgxRxX4Y+N3sQibDtat1KhDIWZFk1YAkJpOarWaXolzUt/7wsYnocA51/REEDoIlVwa0xLDpGAMVHpzCmOMk62C047ptUVAKwPRKwVTRo44wyK2OOOvTWef3oeGLjQU0ICX2wIDAQABo1MwUTAdBgNVHQ4EFgQUGwOm6LVLEeLxGMOiqVHjcehg1YQwHwYDVR0jBBgwFoAUGwOm6LVLEeLxGMOiqVHjcehg1YQwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAYEAfrz2N8cMRnDpD8H6o63Sa6aVJc0soSy5dzlSc/MLh9TvOuztWSovaDmfsshMTBH6ChZQ+XifZWwKJaf+fFaYGgcFDFwQVslzGjoSY2VXYSKmcfSIOpb4jkKvc4mjuxLxhi/WcKga7IVb7/xNw5uqWfJI+ndtz45AwJ/zpzQjvAMipZwjtwAgryXhcAdBlzhSRNdysPPCDCxjQWqaI+SSWMa0Ud/frXgYeOP9ID73qOf9rKrSjftJKXCYpXsjGykkv9GrCjJxe+usRSHXw6ddrO7aYfl7mXjsXQh+OlhuKog8MGUOQMa2I14qn8qTPKNmMl62Qu06pYFgDez9oLPM40mEilRpNQHO/lDqwS8J6x8Ir/Ub8a38s+VkIWGHsnvLDR/tHW0VI+RGsL10hsUbV2geIQ0CkDOJMo9kohlLqBf0WKr+sSRH7n/M/Kd0bccERTnr9NYl76Wuddo3v4JcIf48vYE8pUFDmCTGRwnTN6vCnNZLvWa/+WwYLpN8KhYW',
......
...@@ -3,37 +3,34 @@ ...@@ -3,37 +3,34 @@
namespace App\Http\Controllers; namespace App\Http\Controllers;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Illuminate\Cookie\CookieJar;
use Illuminate\Http\JsonResponse; use Illuminate\Http\JsonResponse;
use Illuminate\Http\RedirectResponse;
use Illuminate\Support\Facades\Cookie;
use Illuminate\Auth\AuthenticationException; use Illuminate\Auth\AuthenticationException;
use Source\Exceptions\AuthorizationException; use Source\Exceptions\AuthorizationException;
use Illuminate\Validation\ValidationException;
use Source\Exceptions\EntityNotFoundException; use Source\Exceptions\EntityNotFoundException;
use Source\UseCases\Users\Authenticate\APIPresenter; use Source\UseCases\Users\Authenticate\APIPresenter;
use Source\UseCases\Users\Authenticate\AuthenticateUseCase; use Source\UseCases\Users\Authenticate\AuthenticateUseCase;
use Source\UseCases\Users\Authenticate\UserCreationException;
class AuthController extends ApiController { class AuthController extends ApiController {
protected Request $request; protected Request $request;
public function __construct(Request $request) { protected CookieJar $cookieJar;
public function __construct(Request $request, CookieJar $cookieJar) {
$this->request = $request; $this->request = $request;
$this->cookieJar = $cookieJar;
} }
/** /**
* @param AuthenticateUseCase $authenticateUseCase * @param AuthenticateUseCase $authenticateUseCase
* @return JsonResponse * @return JsonResponse
* @throws ValidationException
* @throws AuthenticationException * @throws AuthenticationException
* @throws EntityNotFoundException * @throws EntityNotFoundException
*/ */
public function login(AuthenticateUseCase $authenticateUseCase): JsonResponse { public function login(AuthenticateUseCase $authenticateUseCase): JsonResponse {
$this->validate(
$this->request,
[
'email' => 'required',
'password' => 'required',
]
);
$presenter = new APIPresenter(); $presenter = new APIPresenter();
try { try {
...@@ -42,10 +39,53 @@ class AuthController extends ApiController { ...@@ -42,10 +39,53 @@ class AuthController extends ApiController {
throw new AuthenticationException(); throw new AuthenticationException();
} }
return $this->respondWithData($presenter->getViewModel())->cookie( return $this->respondWithData($presenter->getViewModel())->withCookie(
cookie(
'api_token',
$presenter->getViewModel()['token']['value'],
$presenter->getViewModel()['token']['minutes']
)
);
}
public function samlLogin(AuthenticateUseCase $authenticateUseCase): RedirectResponse {
return redirect()->to($authenticateUseCase->handToSaml());
}
/**
* @param AuthenticateUseCase $authenticateUseCase
* @return mixed
* @throws EntityNotFoundException
*/
public function handle(AuthenticateUseCase $authenticateUseCase) {
$presenter = new APIPresenter();
try {
$authenticateUseCase->handleSamlLogin($presenter);
} catch (UserCreationException $e) {
return $this->respondWithError(
'There was an error authenticating the user. Please contact an administrator.'
);
}
return redirect()->intended(url(config('saml.home_page')))->cookie(
'api_token', 'api_token',
$presenter->getViewModel()['token']['value'], $presenter->getViewModel()['token']['value'],
$presenter->getViewModel()['token']['minutes'] $presenter->getViewModel()['token']['minutes']
); );
} }
/**
* @param AuthenticateUseCase $authenticateUseCase
* @return RedirectResponse
*/
public function samlLogout(AuthenticateUseCase $authenticateUseCase): RedirectResponse {
Cookie::queue($this->cookieJar->forget('api_token'));
return redirect()->to(
$authenticateUseCase->samlLogout(
$this->request->cookie('api_token')
)
);
}
} }
...@@ -59,6 +59,7 @@ class Kernel extends HttpKernel ...@@ -59,6 +59,7 @@ class Kernel extends HttpKernel
], ],
'api' => [ 'api' => [
EncryptCookies::class,
'throttle:60,1', 'throttle:60,1',
'bindings', 'bindings',
], ],
......
...@@ -12,6 +12,5 @@ class EncryptCookies extends Middleware ...@@ -12,6 +12,5 @@ class EncryptCookies extends Middleware
* @var array * @var array
*/ */
protected $except = [ protected $except = [
'api_token',
]; ];
} }
...@@ -3,6 +3,7 @@ ...@@ -3,6 +3,7 @@
namespace App\Providers; namespace App\Providers;
use Illuminate\Support\ServiceProvider; use Illuminate\Support\ServiceProvider;
use Source\Gateways\Saml\SamlRepositoryServiceProvider;
use Source\Gateways\Users\UsersRepositoryServiceProvider; use Source\Gateways\Users\UsersRepositoryServiceProvider;
use Source\Gateways\Doors\DoorsRepositoryServiceProvider; use Source\Gateways\Doors\DoorsRepositoryServiceProvider;
use Source\Gateways\Tokens\TokensRepositoryServiceProvider; use Source\Gateways\Tokens\TokensRepositoryServiceProvider;
...@@ -22,6 +23,7 @@ class AppServiceProvider extends ServiceProvider ...@@ -22,6 +23,7 @@ class AppServiceProvider extends ServiceProvider
* @var string[] * @var string[]
*/ */
protected array $gatewayProviders = [ protected array $gatewayProviders = [
SamlRepositoryServiceProvider::class,
UsersRepositoryServiceProvider::class, UsersRepositoryServiceProvider::class,
DoorsRepositoryServiceProvider::class, DoorsRepositoryServiceProvider::class,
TokensRepositoryServiceProvider::class, TokensRepositoryServiceProvider::class,
......
<?php
return [
/*
|--------------------------------------------------------------------------
| Home Page
|--------------------------------------------------------------------------
|
| Here you may set the route name the will be used to redirect the user
| after login.
|
*/
'home_page' => env('FRONTEND_URL', '/'),
/*
|--------------------------------------------------------------------------
| Login Route
|--------------------------------------------------------------------------
|
| Here you may set the route callback to go to
| after login.
|
*/
'login_route' => '/api/handle-login',
/*
|--------------------------------------------------------------------------
| Logout Route
|--------------------------------------------------------------------------
|
| Here you may set the route name the will be used to redirect the user
| after logout.
|
*/
'logout_route' => '/',
/*
|--------------------------------------------------------------------------
| SimpleSAMLphp
|--------------------------------------------------------------------------
|
| Here you may set the SimpleSAMLphp configuration.
|
| Note that the autoload file is relative to the
| base directory of this project.
|
*/
'simplesamlphp' => [
'autoload' => env('SAML_SIMPLESAMLPHP_AUTOLOAD'),
'auth_source' => env('SAML_SIMPLESAMLPHP_AUTH_SOURCE', 'default-sp'),
]
];
...@@ -24,7 +24,7 @@ class CreateUsersTable extends Migration ...@@ -24,7 +24,7 @@ class CreateUsersTable extends Migration
// hashed // hashed
$table->string('password')->nullable()->default(null); $table->string('password')->nullable()->default(null);
// hashed // hashed
$table->string('doorcode'); $table->string('doorcode')->nullable()->default(null);
$table->timestamp('expires_at')->nullable(); $table->timestamp('expires_at')->nullable();
$table->timestamps(); $table->timestamps();
$table->softDeletes(); $table->softDeletes();
......
...@@ -17,6 +17,8 @@ use App\Http\Controllers\UsersController; ...@@ -17,6 +17,8 @@ use App\Http\Controllers\UsersController;
*/ */
Route::post('login', [AuthController::class, 'login']); Route::post('login', [AuthController::class, 'login']);
Route::post('logout', [AuthController::class, 'logout']);
Route::group(['middleware' => 'auth:api'], static function () { Route::group(['middleware' => 'auth:api'], static function () {
Route::group( Route::group(
[ [
......
<?php <?php
use Illuminate\Support\Facades\Route; use Illuminate\Support\Facades\Route;
use App\Http\Controllers\AuthController;
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
...@@ -19,3 +20,9 @@ Route::get( ...@@ -19,3 +20,9 @@ Route::get(
return ['api endpoint']; return ['api endpoint'];
} }
); );
Route::get('login', [AuthController::class, 'samlLogin']);
Route::get('handle-login', [AuthController::class, 'handle']);
Route::get('logout', [AuthController::class, 'samlLogout']);
<?php
namespace Source\Entities;
class SamlUser {
/** @var string */
protected $firstName;
/** @var string */
protected $lastName;
/** @var string */
protected $emplid;
/** @var string */
protected $email;
/**
* @param string $firstName
* @param string $lastName
* @param string $emplid
* @param string $email
*/
public function __construct(string $firstName,
string $lastName,
string $emplid,
string $email) {
$this->firstName = ucfirst($firstName);
$this->lastName = ucfirst($lastName);
$this->email = strtolower($email);
$this->emplid = $emplid;
}
/**
* @return string
*/
public function getFirstName(): string {
return $this->firstName;
}
/**
* @return string
*/
public function getLastName(): string {
return $this->lastName;
}
/**
* @return string
*/
public function getEmplid(): string {
return $this->emplid;
}
/**
* @return string
*/
public function getEmail(): string {
return $this->email;
}
/**
* @return string
*/
public function getDisplayName(): string {
return $this->getFirstName() . ' ' . $this->getLastName();
}
}
...@@ -43,9 +43,9 @@ class User { ...@@ -43,9 +43,9 @@ class User {
protected ?string $password; protected ?string $password;
/** /**
* @var string * @var string|null
*/ */
protected string $doorcode; protected ?string $doorcode;
/** /**
* @var Carbon|null * @var Carbon|null
...@@ -69,8 +69,8 @@ class User { ...@@ -69,8 +69,8 @@ class User {
* @param string $displayName * @param string $displayName
* @param string|null $emplid * @param string|null $emplid
* @param string $email * @param string $email
* @param string $password * @param string|null $password
* @param string $doorcode * @param string|null $doorcode
* @param Carbon|null $expiresAt * @param Carbon|null $expiresAt
* @param Carbon|null $createdAt * @param Carbon|null $createdAt
* @param Carbon|null $updatedAt * @param Carbon|null $updatedAt
...@@ -82,10 +82,10 @@ class User { ...@@ -82,10 +82,10 @@ class User {
?string $emplid, ?string $emplid,
string $email, string $email,
?string $password, ?string $password,
string $doorcode, ?string $doorcode,
?Carbon $expiresAt, ?Carbon $expiresAt = null,
?Carbon $createdAt, ?Carbon $createdAt = null,
?Carbon $updatedAt) { ?Carbon $updatedAt = null) {
$this->id = $id; $this->id = $id;
$this->firstName = $firstName; $this->firstName = $firstName;
$this->lastName = $lastName; $this->lastName = $lastName;
...@@ -149,9 +149,9 @@ class User { ...@@ -149,9 +149,9 @@ class User {
} }
/** /**
* @return string * @return string|null
*/ */
public function getDoorcode(): string { public function getDoorcode(): ?string {
return $this->doorcode; return $this->doorcode;
} }
...@@ -208,6 +208,14 @@ class User { ...@@ -208,6 +208,14 @@ class User {
* @return bool * @return bool
*/ */
public function hasDoorcodeOf(?string $doorcode): bool { public function hasDoorcodeOf(?string $doorcode): bool {
if (!$doorcode) {
return false;
}
return $this->getDoorcode() === $doorcode; return $this->getDoorcode() === $doorcode;
} }
public function hasEmailOf(?string $email): bool {
return $this->getEmail() === strtolower($email);
}
} }
<?php
namespace Source\Gateways\Saml;
use Source\Entities\SamlUser;
class InMemorySamlRepository implements SamlRepository {