Feature | Integrate auto-login at legacy.openstack.org by checking www.openstack.org localStorage

README.md

@@ -25,7 +25,7 @@ Unless otherwise noted, all code is released under the APACHE 2.0 License http:/
 ## Installation and further documentation
 
 Detailed installation instructions for a virtual machine environment using Vagrant are located at:
-[Vagrant virtual machine installation](./installation.md) 
+[Vagrant virtual machine installation](./installation.md)
 
 Information for installation to a local machine environment can be found at:
 <http://openstackweb.github.io/openstack-org/>
@@ -41,7 +41,7 @@ configuration file for this should be located here
 
 openstack/_config/cloudassets.yml
 
-and with following content 
+and with following content
 
 
 * https://docs.openstack.org/keystone/rocky/user/application_credentials.html
@@ -62,8 +62,8 @@ CloudAssets:
       ApplicationCredentialId: application credential id
       ApplicationCredentialSecret: application credential secret
       ProjectName: your project name
-      AuthURL: keystone base url 
-      LocalCopy: false     
+      AuthURL: keystone base url
+      LocalCopy: false
 ````
 
 ## OIDC
@@ -73,19 +73,23 @@ settings for oidc configuration on _ss_environment.php file
 ````PHP
 // OIDC
 define('OIDC_CLIENT', '');
-
 define('OIDC_CLIENT_SECRET', '');
+//set true on production mode, otherwise false
+define('OIDC_VERIFY_HOST',false);
 
 
+define('SESSION_CHECKER_OAUTH2_APP_CLIENT_ID', '');
+define('SESSION_CHECKER_OAUTH2_APP_CLIENT_SECRET', '');
 //set true on production mode, otherwise false
-define('OIDC_VERIFY_HOST',false);
+define('SESSION_CHECKER_OAUTH2_APP_VERIFY_HOST', false);
+
 ````
 
 on idp under allowed URIs you need to register following one
 
 * https://hostname/openstackidauthenticator
 
-under security settings you need to set Id Token Signed Response Algorithm 
+under security settings you need to set Id Token Signed Response Algorithm
 
 
 

composer.json

@@ -92,7 +92,8 @@
     "php-opencloud/openstack": "dev-master",
     "jumbojett/openid-connect-php": "dev-master",
     "mikehaertl/phpwkhtmltopdf": "dev-master",
-    "spatie/dropbox-api": "dev-master"
+    "spatie/dropbox-api": "dev-master",
+    "caseyamcl/guzzle_retry_middleware": "2.13.0"
   },
   "require-dev": {
     "phpunit/phpunit": "^7.0",

openstack/code/Page.php

@@ -137,7 +137,7 @@ public static function IconShortCodeHandler($arguments, $caption = null, $parser
         //return the customized template
         return $template->process(new ArrayData($customise));
 
-    }    
+    }
 
 
     function requireDefaultRecords()
@@ -274,6 +274,22 @@ public function getTime()
         return time();
     }
 
+    public function getSecurityToken()
+    {
+        return SecurityToken::inst() ? str_replace('"', '\\"', SecurityToken::inst()->getValue()) : null;
+    }
+
+    public function getIsSSOBootstrapEnabled()
+    {
+        $enabled = (bool) (defined('SHELL_SSO_BOOTSTRAP_ENABLED') and SHELL_SSO_BOOTSTRAP_ENABLED);
+        return $enabled and Member::currentUserID() !== null;
+    }
+
+    public function getMemberIsLoggedIn()
+    {
+        return Member::currentUserID() !== null;
+    }
+
     protected function CustomScripts()
     {
         $js_files = [

openstack/code/utils/apis/AbstractRestfulJsonApi.php

@@ -11,8 +11,8 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  **/
-use Doctrine\Common\Annotations\AnnotationReader;
 use Openstack\Annotations\CachedMethod;
+use Doctrine\Common\Annotations\AnnotationReader;
 /**
  * Class AbstractRestfulJsonApi
  */
@@ -521,6 +521,19 @@ protected function published()
         return $response;
     }
 
+    /**
+     * @return SS_HTTPResponse
+     */
+    protected function noContent(): SS_HTTPResponse
+    {
+        $response = new SS_HTTPResponse();
+        $response->setStatusCode(204);
+        $response->addHeader('Content-Type', 'application/json');
+        $response->setBody('');
+
+        return $response;
+    }
+
     /**
      * @return SS_HTTPResponse
      */
@@ -550,10 +563,10 @@ public function forbiddenError()
      * @param $messages
      * @return SS_HTTPResponse
      */
-    public function validationError($messages)
+    public function validationError($messages, $code = 412)
     {
         $response = new SS_HTTPResponse();
-        $response->setStatusCode(412);
+        $response->setStatusCode($code);
         $response->addHeader('Content-Type', 'application/json');
         if (!is_array($messages)) {
             $messages = [['message' => $messages]];
@@ -579,6 +592,21 @@ protected function created($id)
         return $response;
     }
 
+    /**
+     * @return SS_HTTPResponse
+     */
+    public function badRequest($message = "Bad Request")
+    {
+        $response = new SS_HTTPResponse();
+        $response->setStatusCode(400);
+        $response->addHeader('Content-Type', 'application/json');
+        $response->setBody(json_encode(
+            ['error' => 'validation', 'messages' => [['message' => $message]]]
+        ));
+
+        return $response;
+    }
+
 
     /**
      * @return SS_HTTPResponse

openstackid/_config/routes.yml

@@ -4,4 +4,5 @@ Name: openstackidroutes
 Director:
   rules:
     'OpenStackIdAuthenticator': 'OpenStackIdAuthenticator'
+    'oidc/session/bootstrap': 'OIDCSessionBootstrapApi'
 

openstackid/code/interfaces/restfull_api/Libs/OAuth2/InvalidGrantTypeException.php

@@ -0,0 +1,31 @@
+<?php
+
+namespace Libs\OAuth2;
+
+/**
+* Copyright 2015 OpenStack Foundation
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+* http://www.apache.org/licenses/LICENSE-2.0
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+**/
+
+use Exception;
+
+/**
+* Class InvalidGrantTypeException
+* @package libs\oauth2
+*/
+class InvalidGrantTypeException extends Exception
+{
+	public function __construct($message = "")
+	{
+		$message = "Invalid Grant Type : " . $message;
+		parent::__construct($message, 0, null);
+	}
+}

openstackid/code/interfaces/restfull_api/Libs/OAuth2/OAuth2InvalidIntrospectionResponse.php

@@ -0,0 +1,27 @@
+<?php
+
+namespace Libs\OAuth2;
+
+/**
+* Copyright 2015 OpenStack Foundation
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+* http://www.apache.org/licenses/LICENSE-2.0
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+**/
+
+use \Exception;
+
+class OAuth2InvalidIntrospectionResponse extends Exception
+{
+	public function __construct($message = "")
+	{
+		$message = "Invalid Introspection Response : " . $message;
+		parent::__construct($message, 0, null);
+	}
+}