[03/50] [abbrv] airavata-php-gateway git commit: AIRAVATA-2342 Callback to handle Keycloak response

[ma...@apache.org]

AIRAVATA-2342 Callback to handle Keycloak response


Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/8b483beb
Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/8b483beb
Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/8b483beb

Branch: refs/heads/develop
Commit: 8b483bebadb3df6e34e520dc4b7da40b73a61a99
Parents: 5b0b285
Author: Marcus Christie <ma...@iu.edu>
Authored: Wed Mar 22 14:13:59 2017 -0400
Committer: Marcus Christie <ma...@iu.edu>
Committed: Wed Mar 22 14:13:59 2017 -0400

----------------------------------------------------------------------
 app/controllers/AccountController.php |  4 +-
 app/libraries/Keycloak/Keycloak.php   | 69 +++++++++++++++++++++++++++++-
 2 files changed, 70 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/8b483beb/app/controllers/AccountController.php
----------------------------------------------------------------------
diff --git a/app/controllers/AccountController.php b/app/controllers/AccountController.php
index 5c0de05..e98db86 100644
--- a/app/controllers/AccountController.php
+++ b/app/controllers/AccountController.php
@@ -177,7 +177,7 @@ class AccountController extends BaseController
         }
 
         $code = $_GET["code"];
-        $response = WSIS::getOAuthToken($code);
+        $response = Keycloak::getOAuthToken($code);
         if(!isset($response->access_token)){
             return Redirect::to('home');
         }
@@ -186,7 +186,7 @@ class AccountController extends BaseController
         $refreshToken = $response->refresh_token;
         $expirationTime = time() + $response->expires_in - 5; //5 seconds safe margin
 
-        $userProfile = WSIS::getUserProfileFromOAuthToken($accessToken);
+        $userProfile = Keycloak::getUserProfileFromOAuthToken($accessToken);
         $username = $userProfile['username'];
 
         $userRoles = $userProfile['roles'];

http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/8b483beb/app/libraries/Keycloak/Keycloak.php
----------------------------------------------------------------------
diff --git a/app/libraries/Keycloak/Keycloak.php b/app/libraries/Keycloak/Keycloak.php
index f28600c..c1c6f33 100644
--- a/app/libraries/Keycloak/Keycloak.php
+++ b/app/libraries/Keycloak/Keycloak.php
@@ -38,13 +38,80 @@ class Keycloak {
         return $url;
     }
 
+    public function getOAuthToken($code){
+
+        $config = $this->getOpenIDConnectDiscoveryConfiguration();
+        $token_endpoint = $config->token_endpoint;
+
+        // Init cUrl.
+        $r = curl_init($token_endpoint);
+        curl_setopt($r, CURLOPT_RETURNTRANSFER, 1);
+        // Decode compressed responses.
+        curl_setopt($r, CURLOPT_ENCODING, 1);
+        curl_setopt($r, CURLOPT_SSL_VERIFYPEER, $this->verify_peer);
+
+        // Add client ID and client secret to the headers.
+        curl_setopt($r, CURLOPT_HTTPHEADER, array(
+            "Authorization: Basic " . base64_encode($this->client_id . ":" . $this->client_secret),
+        ));
+
+        // Assemble POST parameters for the request.
+        $post_fields = "code=" . urlencode($code) . "&grant_type=authorization_code&redirect_uri=" . urlencode($this->callback_url);
+
+        // Obtain and return the access token from the response.
+        curl_setopt($r, CURLOPT_POST, true);
+        curl_setopt($r, CURLOPT_POSTFIELDS, $post_fields);
+
+        $response = curl_exec($r);
+        if ($response == false) {
+            die("curl_exec() failed. Error: " . curl_error($r));
+        }
+
+        //Parse JSON return object.
+        $result = json_decode($response);
+        Log::debug("getOAuthToken response", array($result));
+
+        return $result;
+    }
+
+    public function getUserProfileFromOAuthToken($token){
+
+        $config = $this->getOpenIDConnectDiscoveryConfiguration();
+        $userinfo_endpoint = $config->userinfo_endpoint;
+
+        $r = curl_init($userinfo_endpoint);
+        curl_setopt($r, CURLOPT_RETURNTRANSFER, 1);
+        // Decode compressed responses.
+        curl_setopt($r, CURLOPT_ENCODING, 1);
+        curl_setopt($r, CURLOPT_SSL_VERIFYPEER, $this->verify_peer);
+        curl_setopt($r, CURLOPT_HTTPHEADER, array(
+            "Authorization: Bearer " . $token
+        ));
+
+        $response = curl_exec($r);
+        if ($response == false) {
+            die("curl_exec() failed. Error: " . curl_error($r));
+        }
+
+        //Parse JSON return object.
+        $userinfo = json_decode($response);
+        Log::debug("Keycloak userinfo", array($userinfo));
+        $username = $userinfo->preferred_username;
+        $firstname = $userinfo->given_name;
+        $lastname = $userinfo->family_name;
+        $email = $userinfo->email;
+        // TODO: get roles from Keycloak API
+        return array('username'=>$username, 'firstname'=>$firstname, 'lastname'=>$lastname, 'email'=>$email, 'roles'=>array());
+    }
+
     private function getOpenIDConnectDiscoveryConfiguration() {
 
+        // TODO: cache the result of the request
         $r = curl_init($this->openid_connect_discovery_url);
         curl_setopt($r, CURLOPT_RETURNTRANSFER, 1);
         // Decode compressed responses.
         curl_setopt($r, CURLOPT_ENCODING, 1);
-        curl_setopt($r, CURLOPT_SSL_VERIFYPEER, false);
+        curl_setopt($r, CURLOPT_SSL_VERIFYPEER, $this->verify_peer);
 
         $result = curl_exec($r);