Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
0.00% |
0 / 34 |
|
0.00% |
0 / 10 |
CRAP | |
0.00% |
0 / 1 |
| Security | |
0.00% |
0 / 34 |
|
0.00% |
0 / 10 |
182 | |
0.00% |
0 / 1 |
| oauth | |
0.00% |
0 / 9 |
|
0.00% |
0 / 1 |
6 | |||
| jwks | |
0.00% |
0 / 4 |
|
0.00% |
0 / 1 |
2 | |||
| oidc | |
0.00% |
0 / 5 |
|
0.00% |
0 / 1 |
6 | |||
| oidcInitiation | |
0.00% |
0 / 7 |
|
0.00% |
0 / 1 |
6 | |||
| getKeyChainRepository | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
| getPlatformKeyChainRepository | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
| getAuthorizationServerFactory | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
| getJwksRepository | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
| getOidcLoginAuthenticator | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
| getAccessTokenGenerator | |
0.00% |
0 / 4 |
|
0.00% |
0 / 1 |
2 | |||
| 1 | <?php |
| 2 | |
| 3 | /** |
| 4 | * This program is free software; you can redistribute it and/or |
| 5 | * modify it under the terms of the GNU General Public License |
| 6 | * as published by the Free Software Foundation; under version 2 |
| 7 | * of the License (non-upgradable). |
| 8 | * |
| 9 | * This program is distributed in the hope that it will be useful, |
| 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 12 | * GNU General Public License for more details. |
| 13 | * |
| 14 | * You should have received a copy of the GNU General Public License |
| 15 | * along with this program; if not, write to the Free Software |
| 16 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
| 17 | * |
| 18 | * Copyright (c) 2020 (original work) Open Assessment Technologies SA; |
| 19 | */ |
| 20 | |
| 21 | namespace oat\taoLti\controller; |
| 22 | |
| 23 | use League\OAuth2\Server\Exception\OAuthServerException; |
| 24 | use OAT\Library\Lti1p3Core\Exception\LtiBadRequestException; |
| 25 | use OAT\Library\Lti1p3Core\Registration\RegistrationRepositoryInterface; |
| 26 | use OAT\Library\Lti1p3Core\Security\Key\KeyChainRepositoryInterface; |
| 27 | use OAT\Library\Lti1p3Core\Security\OAuth2\Factory\AuthorizationServerFactory; |
| 28 | use OAT\Library\Lti1p3Core\Security\OAuth2\Generator\AccessTokenResponseGenerator; |
| 29 | use OAT\Library\Lti1p3Core\Security\OAuth2\Generator\AccessTokenResponseGeneratorInterface; |
| 30 | use OAT\Library\Lti1p3Core\Security\Oidc\OidcInitiator; |
| 31 | use oat\tao\model\http\Controller; |
| 32 | use oat\tao\model\security\Business\Contract\JwksRepositoryInterface; |
| 33 | use oat\taoLti\models\classes\Platform\Service\Oidc\OidcLoginAuthenticatorInterface; |
| 34 | use oat\taoLti\models\classes\Platform\Service\Oidc\OidcLoginAuthenticatorProxy; |
| 35 | use oat\taoLti\models\classes\Security\DataAccess\Repository\CachedPlatformJwksRepository; |
| 36 | use oat\taoLti\models\classes\Security\DataAccess\Repository\CachedPlatformKeyChainRepository; |
| 37 | use oat\taoLti\models\classes\Security\DataAccess\Repository\PlatformKeyChainRepository; |
| 38 | use Zend\ServiceManager\ServiceLocatorAwareInterface; |
| 39 | use Zend\ServiceManager\ServiceLocatorAwareTrait; |
| 40 | use common_exception_BadRequest; |
| 41 | |
| 42 | use function GuzzleHttp\Psr7\stream_for; |
| 43 | |
| 44 | class Security extends Controller implements ServiceLocatorAwareInterface |
| 45 | { |
| 46 | use ServiceLocatorAwareTrait; |
| 47 | |
| 48 | public function oauth(): void |
| 49 | { |
| 50 | try { |
| 51 | $this->setResponse( |
| 52 | $this->getAccessTokenGenerator()->generate( |
| 53 | $this->getPsrRequest(), |
| 54 | $this->getPsrResponse(), |
| 55 | $this->getPlatformKeyChainRepository()->getDefaultKeyId() |
| 56 | ) |
| 57 | ); |
| 58 | } catch (OAuthServerException $exception) { |
| 59 | $this->setResponse($exception->generateHttpResponse($this->getPsrResponse())); |
| 60 | } |
| 61 | } |
| 62 | |
| 63 | public function jwks(): void |
| 64 | { |
| 65 | $response = $this->getPsrResponse() |
| 66 | ->withHeader('ContentType', 'application/json') |
| 67 | ->withBody(stream_for(json_encode($this->getJwksRepository()->find()))); |
| 68 | |
| 69 | $this->setResponse($response); |
| 70 | } |
| 71 | |
| 72 | public function oidc(): void |
| 73 | { |
| 74 | try { |
| 75 | $response = $this->getOidcLoginAuthenticator() |
| 76 | ->authenticate($this->getPsrRequest(), $this->getPsrResponse()); |
| 77 | |
| 78 | $this->setResponse($response); |
| 79 | } catch (LtiBadRequestException $exception) { |
| 80 | throw new common_exception_BadRequest($exception->getMessage()); |
| 81 | } |
| 82 | } |
| 83 | |
| 84 | public function oidcInitiation(): void |
| 85 | { |
| 86 | try { |
| 87 | // Create the OIDC initiator |
| 88 | $initiator = new OidcInitiator( |
| 89 | $this->getPsrContainer()->get(RegistrationRepositoryInterface::class) |
| 90 | ); |
| 91 | |
| 92 | // Perform the OIDC initiation (including state generation) |
| 93 | $message = $initiator->initiate($this->getPsrRequest()); |
| 94 | |
| 95 | $this->redirect($message->toUrl()); |
| 96 | } catch (LtiBadRequestException $exception) { |
| 97 | throw new common_exception_BadRequest($exception->getMessage()); |
| 98 | } |
| 99 | } |
| 100 | |
| 101 | private function getKeyChainRepository(): KeyChainRepositoryInterface |
| 102 | { |
| 103 | return $this->getServiceLocator()->get(CachedPlatformKeyChainRepository::class); |
| 104 | } |
| 105 | |
| 106 | private function getPlatformKeyChainRepository(): PlatformKeyChainRepository |
| 107 | { |
| 108 | return $this->getServiceLocator()->get(PlatformKeyChainRepository::SERVICE_ID); |
| 109 | } |
| 110 | |
| 111 | private function getAuthorizationServerFactory(): AuthorizationServerFactory |
| 112 | { |
| 113 | return $this->getServiceLocator()->getContainer()->get(AuthorizationServerFactory::class); |
| 114 | } |
| 115 | |
| 116 | private function getJwksRepository(): JwksRepositoryInterface |
| 117 | { |
| 118 | return $this->getServiceLocator()->get(CachedPlatformJwksRepository::class); |
| 119 | } |
| 120 | |
| 121 | private function getOidcLoginAuthenticator(): OidcLoginAuthenticatorInterface |
| 122 | { |
| 123 | return $this->getServiceLocator()->get(OidcLoginAuthenticatorProxy::class); |
| 124 | } |
| 125 | |
| 126 | private function getAccessTokenGenerator(): AccessTokenResponseGeneratorInterface |
| 127 | { |
| 128 | return new AccessTokenResponseGenerator( |
| 129 | $this->getKeyChainRepository(), |
| 130 | $this->getAuthorizationServerFactory() |
| 131 | ); |
| 132 | } |
| 133 | } |