Feature/multi accouunt select

.gitignore

@@ -44,7 +44,8 @@ model.sql
 !/public/web.config
 /public/assets/dist/
 /public/assets/login.js
-/public/assets/css/login.css
+/public/assets/select_account.js
+/public/assets/css/select.css
 /public/assets/home.js
 /public/assets/css/home.css
 /public/assets/signup.js
@@ -56,4 +57,4 @@ model.sql
 /public/assets/resetPassword.js
 /public/assets/css/resetPassword.css
 /public/assets/setPassword.js
-/public/assets/css/setPassword.css
+/public/assets/css/setPassword.css

app/Http/Controllers/UserController.php

@@ -15,10 +15,16 @@
 use App\Http\Controllers\OpenId\DiscoveryController;
 use App\Http\Controllers\OpenId\OpenIdController;
 use App\Http\Controllers\Traits\JsonResponses;
+use App\Http\Utils\CookieConstants;
 use App\Http\Utils\CountryList;
+use App\Http\Utils\SessionConstants;
+use App\libs\Auth\SocialLoginProviders;
 use Auth\Exceptions\AuthenticationException;
 use Auth\Exceptions\UnverifiedEmailMemberException;
 use Exception;
+use Illuminate\Http\Request as LaravelRequest;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Cookie;
 use Illuminate\Support\Facades\Request;
 use Illuminate\Support\Facades\Log;
 use Illuminate\Support\Facades\Redirect;
@@ -141,20 +147,20 @@ final class UserController extends OpenIdController
      */
     public function __construct
     (
-        IMementoOpenIdSerializerService $openid_memento_service,
-        IMementoOAuth2SerializerService $oauth2_memento_service,
-        IAuthService $auth_service,
-        IServerConfigurationService $server_configuration_service,
-        ITrustedSitesService $trusted_sites_service,
-        DiscoveryController $discovery,
-        IUserService $user_service,
-        IUserActionService $user_action_service,
-        IClientRepository $client_repository,
-        IApiScopeRepository $scope_repository,
-        ITokenService $token_service,
-        IResourceServerService $resource_server_service,
+        IMementoOpenIdSerializerService  $openid_memento_service,
+        IMementoOAuth2SerializerService  $oauth2_memento_service,
+        IAuthService                     $auth_service,
+        IServerConfigurationService      $server_configuration_service,
+        ITrustedSitesService             $trusted_sites_service,
+        DiscoveryController              $discovery,
+        IUserService                     $user_service,
+        IUserActionService               $user_action_service,
+        IClientRepository                $client_repository,
+        IApiScopeRepository              $scope_repository,
+        ITokenService                    $token_service,
+        IResourceServerService           $resource_server_service,
         IUtilsServerConfigurationService $utils_configuration_service,
-        ISecurityContextService $security_context_service
+        ISecurityContextService          $security_context_service
     )
     {
 
@@ -223,8 +229,38 @@ public function __construct
         });
     }
 
-    public function getLogin()
+    public function getSelectAccount(LaravelRequest $request)
     {
+        $formerAccounts = $this->auth_service->getFormerAccounts();
+
+        if (count($formerAccounts) > 0) {
+            if (Auth::guest()) {
+                if(count($formerAccounts) > 1) {
+                    return View::make("auth.select_account", [
+                        'accounts' => $formerAccounts
+                    ]);
+                }
+                return redirect()->action("UserController@getLogin",['login_hint' => $formerAccounts[array_key_first($formerAccounts)]['username']]);
+            }
+            return redirect()->action("UserController@getProfile");
+        }
+
+        return redirect()->action("UserController@getLogin");
+    }
+
+    public function getLogin(LaravelRequest $request)
+    {
+        if ($request->has(OAuth2Protocol::OAuth2Protocol_LoginHint)) {
+            $loginHint = trim($request->get(OAuth2Protocol::OAuth2Protocol_LoginHint));
+            if (!empty($loginHint))
+                $this->auth_service->saveSelectedAccount($loginHint);
+            return redirect()->action("UserController@getLogin");
+        }
+
+        if ($this->auth_service->hasRegisteredMoreThanFormerAccounts(0) && !$this->auth_service->hasSelectedAccount()) {
+            return redirect()->action("UserController@getSelectAccount");
+        }
+
         return $this->login_strategy->getLogin();
     }
 
@@ -269,6 +305,28 @@ public function getAccount()
         }
     }
 
+    public function removeFormerAccount(){
+        try {
+
+            $username = Request::input("username", "");
+            if (empty($username)) {
+                throw new ValidationException("empty username.");
+            }
+
+          $this->auth_service->removeFormerAccount(trim($username));
+          return $this->deleted();
+
+        } catch (ValidationException $ex) {
+            Log::warning($ex);
+            return $this->error412($ex->getMessages());
+        } catch (EntityNotFoundException $ex) {
+            Log::warning($ex);
+            return $this->error404();
+        } catch (Exception $ex) {
+            Log::error($ex);
+            return $this->error500($ex);
+        }
+    }
     /**
      * @return \Illuminate\Http\JsonResponse|mixed
      */
@@ -342,12 +400,11 @@ public function emitOTP()
     public function postLogin()
     {
         $max_login_attempts_2_show_captcha = $this->server_configuration_service->getConfigValue("MaxFailed.LoginAttempts.2ShowCaptcha");
-        $login_attempts                    = 0;
-        $username                          = '';
+        $login_attempts = 0;
+        $username = '';
         $user = null;
 
-        try
-        {
+        try {
 
             $data = Request::all();
 
@@ -376,13 +433,14 @@ public function postLogin()
 
                 $username = $data['username'];
                 $password = $data['password'];
-                $flow     = $data['flow'];
+                $flow = $data['flow'];
                 $remember = Request::input("remember");
                 $remember = !is_null($remember);
                 $connection = $data['connection'] ?? null;
 
                 try {
                     if ($flow == "password" && $this->auth_service->login($username, $password, $remember)) {
+                        $this->auth_service->clearSelectedAccount();
                         return $this->login_strategy->postLogin();
                     }
 
@@ -414,6 +472,7 @@ public function postLogin()
 
                         $otpClaim = OAuth2OTP::fromParams($username, $connection, $password);
                         $this->auth_service->loginWithOTP($otpClaim, $client);
+                        $this->auth_service->clearSelectedAccount();
                         return $this->login_strategy->postLogin();
                     }
                 } catch (AuthenticationException $ex) {
@@ -431,7 +490,7 @@ public function postLogin()
                             'login_attempts' => $login_attempts,
                             'error_message' => $ex->getMessage(),
                             'user_fullname' => !is_null($user) ? $user->getFullName() : "",
-                            'user_pic' => !is_null($user) ? $user->getPic(): "",
+                            'user_pic' => !is_null($user) ? $user->getPic() : "",
                             'user_verified' => true,
                             'username' => $username,
                             'flow' => $flow
@@ -442,13 +501,13 @@ public function postLogin()
             }
 
             // validator errors
-            $response_data =    [
+            $response_data = [
                 'max_login_attempts_2_show_captcha' => $max_login_attempts_2_show_captcha,
-                'login_attempts'                    => $login_attempts,
-                'validator'                         => $validator,
+                'login_attempts' => $login_attempts,
+                'validator' => $validator,
             ];
 
-            if(!is_null($user)){
+            if (!is_null($user)) {
                 $response_data['user_fullname'] = $user->getFullName();
                 $response_data['user_pic'] = $user->getPic();
                 $response_data['user_verified'] = true;
@@ -463,14 +522,14 @@ public function postLogin()
 
             $user = $this->auth_service->getUserByUsername($username);
 
-            $response_data =    [
+            $response_data = [
                 'max_login_attempts_2_show_captcha' => $max_login_attempts_2_show_captcha,
-                'login_attempts'                    => $login_attempts,
-                'username'                          => $username,
-                'error_message'                     => $ex1->getMessage()
+                'login_attempts' => $login_attempts,
+                'username' => $username,
+                'error_message' => $ex1->getMessage()
             ];
 
-            if(!is_null($user)){
+            if (!is_null($user)) {
                 $response_data['user_fullname'] = $user->getFullName();
                 $response_data['user_pic'] = $user->getPic();
                 $response_data['user_verified'] = true;
@@ -567,9 +626,9 @@ public function getIdentity($identifier)
                 return $this->discovery->user($identifier);
             }
 
-            $redirect = Session::get('backurl');
+            $redirect = Session::get(SessionConstants::BackUrl);
             if (!empty($redirect)) {
-                Session::forget('backurl');
+                Session::forget(SessionConstants::BackUrl);
                 Session::save();
                 return Redirect::to($redirect);
             }

app/Http/Middleware/Authenticate.php

@@ -11,6 +11,8 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  **/
+
+use App\Http\Utils\SessionConstants;
 use Closure;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Session;
@@ -33,13 +35,13 @@ class Authenticate
     public function handle($request, Closure $next, $guard = null)
     {
        if (Auth::guard($guard)->guest()) {
-            Session::put('backurl', URL::full());
+            Session::put(SessionConstants::BackUrl, URL::full());
             Session::save();
             return Redirect::action('UserController@getLogin');
         }
-        $redirect = Session::get('backurl');
+        $redirect = Session::get(SessionConstants::BackUrl);
         if (!empty($redirect)) {
-            Session::forget('backurl');
+            Session::forget(SessionConstants::BackUrl);
             Session::save();
             return Redirect::to($redirect);
         }

app/Http/Utils/CookieConstants.php

@@ -0,0 +1,23 @@
+<?php namespace App\Http\Utils;
+/*
+ * Copyright 2022 OpenStack Foundation
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ **/
+
+
+/**
+ * Class CookieConstants
+ * @package App\Http\Utils
+ */
+final class CookieConstants
+{
+    const CookieAccounts = 'idp_acc';
+}

app/Http/Utils/SessionConstants.php

@@ -0,0 +1,37 @@
+<?php namespace App\Http\Utils;
+/*
+ * Copyright 2022 OpenStack Foundation
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ **/
+
+/**
+ * Class SessionConstants
+ * @package App\Http\Utils
+ */
+final class SessionConstants
+{
+    const BackUrl = 'backurl';
+    const OpenIdAuthzResponse = 'openid.authorization.response';
+    const OpenIdAuthResponse = 'openstackid.authentication.response';
+    const OAuth2RequestState = 'oauth2.request.state';
+    const UserIdParam = 'openstackid.oauth2.principal.user_id';
+    const AuthTimeParam = 'openstackid.oauth2.principal.auth_time';
+    const OPBrowserState = 'openstackid.oauth2.principal.opbs';
+    const RequestedUserIdParam = 'openstackid.oauth2.security_context.requested_user_id';
+    const RequestedAuthTime    = 'openstackid.oauth2.security_context.requested_auth_time';
+    const OpenIdRequestState = 'openid.request.state';
+    const OpenIdAuthContext = 'openid.auth.context';
+
+    const UserName = 'username';
+    const UserFullName = 'user_fullname';
+    const UserPic = 'user_pic';
+    const UserVerified = 'user_verified';
+}

app/Mail/UserEmailVerificationRequest.php

@@ -66,7 +66,7 @@ public function __construct(User $user, string $verification_link)
         $this->verification_link = $verification_link;
         $this->user_email = $user->getEmail();
         $this->user_fullname = $user->getFullName();
-        $this->bio_link = URL::action("UserController@getLogin");
+        $this->bio_link = URL::action("UserController@getLogin", ['login_hint' => $this->user_email ]);
     }
 
     /**

app/Providers/EventServiceProvider.php

@@ -17,24 +17,32 @@
 use App\Events\UserPasswordResetRequestCreated;
 use App\Events\UserPasswordResetSuccessful;
 use App\Events\UserSpamStateUpdated;
+use App\Http\Utils\CookieConstants;
+use App\Http\Utils\SessionConstants;
 use App\Jobs\PublishUserCreated;
 use App\libs\Auth\Repositories\IUserPasswordResetRequestRepository;
 use App\Mail\UserLockedEmail;
 use App\Mail\UserPasswordResetMail;
 use Auth\User;
+use Illuminate\Auth\Events\Login;
+use Illuminate\Auth\Events\Logout;
 use Illuminate\Foundation\Support\Providers\EventServiceProvider as ServiceProvider;
 use App\Mail\UserEmailVerificationSuccess;
 use App\Services\Auth\IUserService;
 use Auth\Repositories\IUserRepository;
 use Illuminate\Support\Facades\App;
 use App\Events\UserCreated;
 use App\Events\UserEmailVerified;
+use Illuminate\Support\Facades\Cookie;
 use Illuminate\Support\Facades\Event;
 use Illuminate\Support\Facades\Log;
 use Illuminate\Support\Facades\Mail;
 use Illuminate\Support\Facades\Config;
 use Models\OAuth2\Client;
+use MongoDB\Driver\Session;
 use OAuth2\Repositories\IClientRepository;
+use Utils\Services\IAuthService;
+
 /**
  * Class EventServiceProvider
  * @package App\Providers
@@ -147,5 +155,23 @@ public function boot()
             return true;
         });
 
+        Event::listen(
+            Login::class,
+            function(Login $event){
+                $user = $event->user;
+                $authService = App::make(IAuthService::class);
+                if($event->remember)
+                    $authService->addFormerAccount($user);
+                Log::debug(sprintf("Login from user %s (%s).", $user->getAuthIdentifierName(), $user->getAuthIdentifier()));
+            }
+        );
+
+        Event::listen(
+            Logout::class,
+            function(Logout $event){
+                $user = $event->user;
+                Log::debug(sprintf("Logout from user %s (%s).", $user->getAuthIdentifierName(), $user->getAuthIdentifier()));
+            }
+        );
     }
 }