Merge pull request #14 from pdsinterop/solid-community-login

achieve login with solid.community

Author: ylebre

composer.json

@@ -29,7 +29,7 @@
         "league/oauth2-server": "^8.0",
         "league/route": "^4.5",
         "pdsinterop/flysystem-rdf": "dev-dev",
-        "pdsinterop/solid-auth": "dev-feature/implicit-grant",
+        "pdsinterop/solid-auth": "dev-master",
         "php-http/httplug": "^2.1",
         "phptal/phptal": "^1.4"
     },

config/placeholder.txt

@@ -0,0 +1,20 @@
+<?php declare(strict_types=1);
+
+namespace Pdsinterop\Solid\Controller;
+
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+
+class ApprovalController extends ServerController
+{    
+    public function __invoke(ServerRequestInterface $request, array $args) : ResponseInterface
+    {
+		$clientId = $args['clientId'];
+		$returnUrl = $_GET['returnUrl'];
+
+        return $this->createTemplateResponse('approval.html', [
+            'clientId' => $clientId,
+            'returnUrl' => $returnUrl,
+        ]);
+    }
+}

src/Controller/ApprovalController.php

@@ -5,50 +5,65 @@
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
 
-class AuthorizeController extends AbstractController
+class AuthorizeController extends ServerController
 {
     final public function __invoke(ServerRequestInterface $request, array $args): ResponseInterface
     {
-				$httpHost = $request->getServerParams()['HTTP_HOST'];
-
-				// // Create a request
-				// if (!$this->userManager->userExists($this->userId)) {
-				// 	$result = new JSONResponse('Authorization required');
-				// 	$result->setStatus(401);
-				// 	return $result;
-				// }
-
-				$parser = new \Lcobucci\JWT\Parser();
-				$token = $parser->parse($_GET['request']);
-				$_SESSION['token'] = $token;
+        if (!isset($_SESSION['userid'])) {
+			$response = $this->getResponse();
+			$response = $response->withStatus(302, "Approval required");
 
-				$user = new \Pdsinterop\Solid\Auth\Entity\User();
-				$user->setIdentifier('https://server/profile/card#me');
-
-				$getVars = $_GET;
-				if (!isset($getVars['grant_type'])) {
-					$getVars['grant_type'] = 'implicit';
-				}
-				$getVars['response_type'] = 'token';
-				$getVars['scope'] = "openid";
-				
-				if (!isset($getVars['redirect_uri'])) {
-					$getVars['redirect_uri'] = 'https://solid.community/.well-known/solid/login';
-				}
-				$request = \Laminas\Diactoros\ServerRequestFactory::fromGlobals($_SERVER, $getVars, $_POST, $_COOKIE, $_FILES);
-				$response = new \Laminas\Diactoros\Response();
-				$server	= new \Pdsinterop\Solid\Auth\Server($this->authServerFactory, $this->authServerConfig, $response);
-
-				// if (!$this->checkApproval()) {
-				// 	$result = new JSONResponse('Approval required');
-				// 	$result->setStatus(302);
-				// 	$result->addHeader("Location", $this->urlGenerator->getAbsoluteURL($this->urlGenerator->linkToRoute("solid.server.sharing")));
-				// 	return $result;
-				// }
-
-				// FIXME: check if the user has approved - if not, show approval screen;
-				$approval = \Pdsinterop\Solid\Auth\Enum\Authorization::APPROVED;
-				//		$approval = false;
-				return $server->respondToAuthorizationRequest($request, $user, $approval);
-    }
-}
+			// FIXME: Generate a proper url for this;
+			$loginUrl = "https://localhost/login/?returnUrl=" . urlencode($_SERVER['REQUEST_URI']);
+			$response = $response->withHeader("Location", $loginUrl);
+			return $response;
+		}
+		$parser = new \Lcobucci\JWT\Parser();
+
+		try {
+			$token = $parser->parse($request->getQueryParams()['request']);
+			$_SESSION["nonce"] = $token->getClaim('nonce');
+		} catch(\Exception $e) {
+			$_SESSION["nonce"] = $request->getQueryParams()['nonce'];
+		}
+
+		$getVars = $request->getQueryParams();
+		if (!isset($getVars['grant_type'])) {
+			$getVars['grant_type'] = 'implicit';
+		}
+		$getVars['response_type'] = $this->getResponseType();
+		$getVars['scope'] = "openid" ;
+
+		if (!isset($getVars['redirect_uri'])) {
+			try {
+				$getVars['redirect_uri'] = $token->getClaim("redirect_uri");
+			} catch(\Exception $e) {
+				$response = $this->getResponse();
+				$response->withStatus(400, "Bad request, missing redirect uri");
+				return $response;
+			}
+		}
+		$clientId = $getVars['client_id'];
+		$approval = $this->checkApproval($clientId);	
+		if (!$approval) {
+			$response = $this->getResponse();
+			$response = $response->withStatus(302, "Approval required");
+			
+			// FIXME: Generate a proper url for this;
+			$approvalUrl = "https://localhost/sharing/$clientId/?returnUrl=" . urlencode($_SERVER['REQUEST_URI']);
+			$response = $response->withHeader("Location", $approvalUrl);
+			return $response;
+		}
+
+		$user = new \Pdsinterop\Solid\Auth\Entity\User();
+		$user->setIdentifier($this->getProfilePage());
+
+		$request = $request->withQueryParams($getVars); // replace the request getVars with the morphed version;
+		$response = new \Laminas\Diactoros\Response();
+		$server	= new \Pdsinterop\Solid\Auth\Server($this->authServerFactory, $this->authServerConfig, $response);
+
+		$response = $server->respondToAuthorizationRequest($request, $user, $approval);
+		$response = $this->tokenGenerator->addIdTokenToResponse($response, $clientId, $this->getProfilePage(), $_SESSION['nonce'], $this->config->getPrivateKey());
+		return $response;
+	}
+}

src/Controller/AuthorizeController.php

@@ -0,0 +1,14 @@
+<?php declare(strict_types=1);
+
+namespace Pdsinterop\Solid\Controller;
+
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+
+class CorsController extends ServerController
+{    
+    final public function __invoke(ServerRequestInterface $request, array $args): ResponseInterface
+    {	
+        return $this->getResponse()->withHeader("Access-Control-Allow-Headers", "*");
+    }
+}

src/Controller/CorsController.php

@@ -0,0 +1,27 @@
+<?php declare(strict_types=1);
+
+namespace Pdsinterop\Solid\Controller;
+
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+
+class HandleApprovalController extends ServerController
+{    
+    public function __invoke(ServerRequestInterface $request, array $args) : ResponseInterface
+    {
+		$clientId = $args['clientId'];
+		$returnUrl = $request->getParsedBody()['returnUrl'];
+		$approval = $request->getParsedBody()['approval'];
+
+		if ($approval == "allow") {		
+			$this->config->addAllowedClient($this->userId, $clientId);
+		} else {
+			$this->config->removeAllowedClient($this->userId, $clientId);
+		}
+
+		$response = $this->getResponse();
+		$response = $response->withHeader("Location", $returnUrl);
+		$response = $response->withStatus("302", "ok");
+		return $response;
+    }
+}

src/Controller/HandleApprovalController.php

@@ -0,0 +1,16 @@
+<?php declare(strict_types=1);
+
+namespace Pdsinterop\Solid\Controller;
+
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+
+class JwksController extends ServerController
+{    
+    final public function __invoke(ServerRequestInterface $request, array $args): ResponseInterface
+    {	
+        $response = $this->getResponse();
+		$server	= new \Pdsinterop\Solid\Auth\Server($this->authServerFactory, $this->authServerConfig, $response);
+		return $server->respondToJwksMetadataRequest();
+    }
+}

src/Controller/JwksController.php

@@ -11,23 +11,37 @@ final public function __invoke(ServerRequestInterface $request, array $args): Re
     {
         $postBody = $request->getParsedBody();
         $response = $this->getResponse();
+
         // var_dump($_SESSION);
         if (isset($_SESSION['userid'])) {
           $user = $_SESSION['userid'];
+		  if ($request->getQueryParams()['returnUrl']) {
+			$response = $response->withStatus(302, "Redirecting");
+			$response = $response->withHeader("Location", $request->getQueryParams()['returnUrl']);
+			return $response;
+		  }
           $response->getBody()->write("<h1>Already logged in as $user</h1>");
-        } else if ($postBody['user'] == $_ENV['USER'] && $postBody['password'] == $_ENV['PASSWORD']) {
-          $user = $postBody['user'];
-          $response->getBody()->write("<h1>Welcome $user</h1>\n");
+        } else if (
+			($postBody['username'] == $_ENV['USER'] && $postBody['password'] == $_ENV['PASSWORD']) ||
+			($postBody['username'] == $_SERVER['USER'] && $postBody['password'] == $_SERVER['PASSWORD'])
+		) {
+          $user = $postBody['username'];
           $_SESSION['userid'] =  $user;
-          echo("session started\n");
-          var_dump($_SESSION);
+		  if ($request->getQueryParams()['returnUrl']) {
+			$response = $response->withStatus(302, "Redirecting");
+			$response = $response->withHeader("Location", $request->getQueryParams()['returnUrl']);
+			return $response;
+		  }
+          $response->getBody()->write("<h1>Welcome $user</h1>\n");
+          // echo("session started\n");
+          //var_dump($_SESSION);
         } else {
           // var_dump($postBody);
-          echo("cookie:\n");
-          var_dump($_COOKIE);
-          echo("session:\n");
-          var_dump($_SESSION);
-          $response->getBody()->write("<h1>No (try posting user=alice&password=alice123)</h1>\n");
+          //echo("cookie:\n");
+          //var_dump($_COOKIE);
+          //echo("session:\n");
+          //var_dump($_SESSION);
+          $response->getBody()->write("<h1>No (try posting username=alice&password=alice123)</h1>\n");
         }
         return $response;
     }

src/Controller/LoginController.php

@@ -0,0 +1,14 @@
+<?php declare(strict_types=1);
+
+namespace Pdsinterop\Solid\Controller;
+
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+
+class LoginPageController extends ServerController
+{    
+    public function __invoke(ServerRequestInterface $request, array $args) : ResponseInterface
+    {
+        return $this->createTemplateResponse('login.html');
+    }
+}