Started OIDC implementation

9eea552f · Sonia Zorba · 2ea99e04 · 9eea552f · 9eea552f · 9eea552f
Commit 9eea552f authored 6 years ago by Sonia Zorba
--- a/auth/oauth2/index.php
+++ b/auth/oauth2/index.php
+<?php
+
+include '../../include/init.php';
+startSession();
+global $dao;
+
+if (!isset($_REQUEST['client_id'])) {
+    http_response_code(400);
+    die("Client id is required");
+}
+
+if (!isset($_REQUEST['redirect_uri'])) {
+    http_response_code(400);
+    die("Redirect URI is required");
+}
+
+$clientId = $_REQUEST['client_id'];
+$redirectUrl = $_REQUEST['redirect_uri'];
+
+$client = $dao->getOAuth2ClientByClientId($clientId);
+if ($client === null) {
+    http_response_code(400);
+    die("Invalid client id: " . $clientId);
+}
+if ($client->redirectUrl !== $redirectUrl) {
+    http_response_code(400);
+    die("Invalid client redirect URI: " . $redirectUrl);
+}
+
+$alg;
+if (isset($_REQUEST['alg'])) {
+    $alg = $_REQUEST['alg'];
+} else {
+    $alg = "RS256";
+}
+
+if (isset($_GET['code'])) {
+    
+} else {
+    if (!isset($_REQUEST['state'])) {
+        http_response_code(400);
+        die("State is required");
+    }
+}
+
+$oauth2Data = new \RAP\OAuth2Data();
+$oauth2Data->clientName = $client->name;
+$oauth2Data->clientIcon = $client->icon;
+$oauth2Data->clientId = $client->id;
+$oauth2Data->redirectUrl = $client->redirectUrl;
+
+global $session;
+$session->setOAuth2Data($oauth2Data);
\ No newline at end of file
--- a/classes/DAO.php
+++ b/classes/DAO.php
@@ -129,7 +129,16 @@ interface DAO {
     * CRUD methods for OAuth2Clients (used by admin interface).
     */
    function getOAuth2Clients();
+
    function createOAuth2Client($client);
+
    function updateOAuth2Client($client);
+
    function deleteOAuth2Client($clientId);
+
+    /**
+     * Retrieve the client from the configured client id (the one associated to
+     * the secret, not the database id).
+     */
+    function getOAuth2ClientByClientId($clientId);
 }
--- a/classes/MySQLDAO.php
+++ b/classes/MySQLDAO.php
@@ -478,4 +478,47 @@ class MySQLDAO implements DAO {
        }
    }

+    function getOAuth2ClientByClientId($clientId) {
+        $dbh = $this->getDBHandler();
+
+        // Load clients info
+        $queryClient = "SELECT id, name, icon, client, secret, redirect_url, scope FROM oauth2_client WHERE client = :client";
+        $stmtClient = $dbh->prepare($queryClient);
+        $stmtClient->bindParam(':client', $clientId);
+        $stmtClient->execute();
+
+        $result = $stmtClient->fetchAll();
+
+        if (count($result) === 0) {
+            return null;
+        }
+        if (count($result) > 1) {
+            throw new Exception("Found multiple clients associated to the same client id!");
+        }
+
+        $row = $result[0];
+
+        $client = new OAuth2Client();
+        $client->id = $row['id'];
+        $client->name = $row['name'];
+        $client->icon = $row['icon'];
+        $client->client = $row['client'];
+        $client->secret = $row['secret'];
+        $client->redirectUrl = $row['redirect_url'];
+        $client->scope = $row['scope'];
+
+        // Load authentication methods info
+        $queryAuthNMethods = "SELECT auth_method FROM oauth2_client_auth_methods WHERE client_id = :id";
+
+        $stmtAuthNMethods = $dbh->prepare($queryAuthNMethods);
+        $stmtAuthNMethods->bindParam(':id', $client->id);
+        $stmtAuthNMethods->execute();
+
+        foreach ($stmtAuthNMethods->fetchAll() as $row) {
+            array_push($client->authMethods, $row['auth_method']);
+        }
+
+        return $client;
+    }
+
 }
--- a/classes/OAuth2Data.php
+++ b/classes/OAuth2Data.php
+<?php
+
+namespace RAP;
+
+class OAuth2Data {
+
+    public $clientName;
+    public $clientIcon;
+    public $clientId;
+    public $redirectUrl;
+
+}
--- a/classes/SessionData.php
+++ b/classes/SessionData.php
@@ -41,6 +41,7 @@ class SessionData {
    // session because we need to check the Terms of Use user consensus, so we
    // redirect to another page after retrieving user data.
    public $userToLogin;
+    public $oauth2Data;

    /**
     * @todo: move DAO away from here
@@ -123,4 +124,9 @@ class SessionData {
        }
    }

+    public function setOAuth2Data($oauth2Data) {
+        $this->oauth2Data = $oauth2Data;
+        $this->save();
+    }
+
 }
--- a/sql/setup-database.sql
+++ b/sql/setup-database.sql
@@ -6,7 +6,8 @@ CREATE TABLE `oauth2_client` (
  `secret` varchar(255) NOT NULL,
  `redirect_url` text NOT NULL,
  `scope` varchar(255) NOT NULL,
-  PRIMARY KEY (`id`)
+  PRIMARY KEY (`id`),
+  UNIQUE(client)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;

 CREATE TABLE `oauth2_client_auth_methods` (