FOSSology  4.4.0
Open Source License Compliance by Open Source Software
AuthController.php
Go to the documentation of this file.
1 <?php
2 /*
3  SPDX-FileCopyrightText: © 2018 Siemens AG
4  Author: Gaurav Mishra <mishra.gaurav@siemens.com>
5 
6  SPDX-License-Identifier: GPL-2.0-only
7 */
13 namespace Fossology\UI\Api\Controllers;
14 
15 use Fossology\Lib\Auth\Auth;
16 use Fossology\Lib\Exceptions\DuplicateTokenKeyException;
17 use Fossology\Lib\Exceptions\DuplicateTokenNameException;
18 use Fossology\UI\Api\Exceptions\HttpBadRequestException;
19 use Fossology\UI\Api\Exceptions\HttpConflictException;
20 use Fossology\UI\Api\Exceptions\HttpErrorException;
21 use Fossology\UI\Api\Exceptions\HttpInternalServerErrorException;
22 use Fossology\UI\Api\Exceptions\HttpNotFoundException;
23 use Fossology\UI\Api\Exceptions\HttpTooManyRequestException;
24 use Fossology\UI\Api\Helper\ResponseHelper;
25 use Fossology\UI\Api\Helper\RestHelper;
26 use Fossology\UI\Api\Models\ApiVersion;
27 use Fossology\UI\Api\Models\TokenRequest;
28 use Psr\Http\Message\ServerRequestInterface;
29 
34 class AuthController extends RestController
35 {
36 
45  public function optionsVerification($request, $response, $args)
46  {
47  return $response->withStatus(204);
48  }
49 
59  public function createNewJwtToken($request, $response, $args)
60  {
61  if (Auth::getRestTokenType() == Auth::TOKEN_OAUTH) {
62  throw new HttpBadRequestException("Request to create tokens blocked. " .
63  "Use OAuth clients.");
64  }
65  $tokenRequestBody = $this->getParsedBody($request);
66  $tokenRequest = TokenRequest::fromArray($tokenRequestBody,
67  ApiVersion::getVersion($request));
68 
69  $this->restHelper->validateTokenRequest($tokenRequest->getTokenExpire(),
70  $tokenRequest->getTokenName(), $tokenRequest->getTokenScope());
71  // Request is in correct format.
72  $authHelper = $this->restHelper->getAuthHelper();
73  if (!$authHelper->checkUsernameAndPassword($tokenRequest->getUsername(),
74  $tokenRequest->getPassword())) {
75  throw new HttpNotFoundException("Username or password incorrect.");
76  }
77 
78  $userId = $this->restHelper->getUserId();
79  $key = bin2hex(
80  openssl_random_pseudo_bytes(RestHelper::TOKEN_KEY_LENGTH / 2));
81  try {
82  $jti = $this->dbHelper->insertNewTokenKey($userId,
83  $tokenRequest->getTokenExpire(), $tokenRequest->getTokenScope(),
84  $tokenRequest->getTokenName(), $key);
85  } catch (DuplicateTokenKeyException $e) {
86  // Key already exists, try again.
87  $key = bin2hex(
88  openssl_random_pseudo_bytes(RestHelper::TOKEN_KEY_LENGTH / 2));
89  try {
90  $jti = $this->dbHelper->insertNewTokenKey($userId,
91  $tokenRequest->getTokenExpire(), $tokenRequest->getTokenScope(),
92  $tokenRequest->getTokenName(), $key);
93  } catch (DuplicateTokenKeyException $e) {
94  // New key also failed, give up!
95  throw new HttpTooManyRequestException("Please try again later.");
96  } catch (DuplicateTokenNameException $e) {
97  throw new HttpConflictException($e->getMessage(), $e);
98  }
99  } catch (DuplicateTokenNameException $e) {
100  throw new HttpConflictException($e->getMessage(), $e);
101  }
102  if (! empty($jti['jti'])) {
103  $theJwtToken = $this->restHelper->getAuthHelper()->generateJwtToken(
104  $tokenRequest->getTokenExpire(), $jti['created_on'], $jti['jti'],
105  $tokenRequest->getTokenScope(), $key);
106  return $response->withJson([
107  "Authorization" => "Bearer " . $theJwtToken
108  ], 201);
109  }
110  throw new HttpInternalServerErrorException("Please try again later.");
111  }
112 }
Fossology\Lib\Auth\Auth
Contains the constants and helpers for authentication of user.
Definition: Auth.php:24
Fossology\Lib\Auth\Auth\getRestTokenType
static getRestTokenType()
Definition: Auth.php:110
Fossology\Lib\Exceptions\DuplicateTokenKeyException
Exception when a token has duplicate key for same user.
Definition: DuplicateTokenKeyException.php:15
Fossology\Lib\Exceptions\DuplicateTokenNameException
Exception when a token has duplicate name for same user.
Definition: DuplicateTokenNameException.php:15
Fossology\UI\Api\Controllers\AuthController\createNewJwtToken
createNewJwtToken($request, $response, $args)
Definition: AuthController.php:59
Fossology\UI\Api\Controllers\AuthController\optionsVerification
optionsVerification($request, $response, $args)
Definition: AuthController.php:45
Fossology\UI\Api\Controllers\RestController
Base controller for REST calls.
Definition: RestController.php:30
Fossology\UI\Api\Controllers\RestController\getParsedBody
getParsedBody(ServerRequestInterface $request)
Parse request body as JSON and return associative PHP array.
Definition: RestController.php:69
Fossology\UI\Api\Helper\ResponseHelper
Override Slim response for withJson function.
Definition: ResponseHelper.php:22
Fossology\UI\Api\Helper\RestHelper
Provides various DAO helper functions for REST api.
Definition: RestHelper.php:32
Fossology\UI\Api\Models\ApiVersion\getVersion
static getVersion(ServerRequestInterface $request)
Definition: ApiVersion.php:29
Fossology\UI\Api\Models\TokenRequest\fromArray
static fromArray(array $input, int $version)
Definition: TokenRequest.php:184