You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2017/06/16 20:36:37 UTC
[34/50] [abbrv] airavata-php-gateway git commit: Re-enabled create
user and WIP integration with IamAdminServices
Re-enabled create user and WIP integration with IamAdminServices
Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/8154eac1
Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/8154eac1
Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/8154eac1
Branch: refs/heads/develop
Commit: 8154eac10cd5eef813ae7c6e1ba354dc5e817c79
Parents: 45bf626
Author: Marcus Christie <ma...@iu.edu>
Authored: Thu May 4 16:57:24 2017 -0400
Committer: Marcus Christie <ma...@iu.edu>
Committed: Thu May 4 16:57:24 2017 -0400
----------------------------------------------------------------------
app/controllers/AccountController.php | 64 +++++++++++---------
app/libraries/CommonUtilities.php | 2 +-
.../Keycloak/API/BaseKeycloakAPIEndpoint.php | 28 +--------
app/libraries/Keycloak/Keycloak.php | 17 ++++++
app/libraries/Keycloak/KeycloakUtil.php | 37 +++++++++++
app/views/account/create.blade.php | 42 -------------
app/views/account/login.blade.php | 4 +-
7 files changed, 96 insertions(+), 98 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/8154eac1/app/controllers/AccountController.php
----------------------------------------------------------------------
diff --git a/app/controllers/AccountController.php b/app/controllers/AccountController.php
index 303c3b4..4b7f7da 100644
--- a/app/controllers/AccountController.php
+++ b/app/controllers/AccountController.php
@@ -39,43 +39,51 @@ class AccountController extends BaseController
$password = $_POST['password'];
$email = $_POST['email'];
- $organization = isset($_POST['organization']) ? $_POST['organization'] : null;
- $address = isset($_POST['address']) ? $_POST['address'] : null;
- $country = isset($_POST['country']) ? $_POST['country'] : null;
- $telephone = isset($_POST['telephone']) ? $_POST['telephone'] : null;
- $mobile = isset($_POST['mobile']) ? $_POST['mobile'] : null;
- $im = isset($_POST['im']) ? $_POST['im'] : null;
- $url = isset($_POST['url']) ? $_POST['url'] : null;
-
if (Keycloak::usernameExists($username)) {
return Redirect::to("create")
->withInput(Input::except('password', 'password_confirm'))
->with("username_exists", true);
} else {
- WSIS::registerUserAccount($username, $password, $email, $first_name, $last_name, $organization, $address, $country, $telephone, $mobile, $im, $url,
- Config::get('pga_config.wsis')['tenant-domain']);
+ $admin_authz_token = Keycloak::getAdminAuthzToken();
+
+ $gatewayId = Config::get('pga_config.airavata')['gateway-id'];
+ $user_details = new Airavata\Model\User\UserProfile();
+ $user_details->userId = $username;
+ $user_details->emails = array($email);
+ $user_details->firstName = $first_name;
+ $user_details->lastName = $last_name;
+ $user_details->gatewayId = $gatewayId;
+ $user_details->creationTime = 0;
+ $user_details->lastAccessTime = 0;
+ $user_details->validUntil = 0;
+ $user_details->State = Airavata\Model\User\Status::PENDING;
+
+ // TODO: do we need to pass this if we are passing an access token?
+ // Couldn't the backend just use the access token?
+ $realm_admin_credentials = new Airavata\Model\Credential\Store\PasswordCredential();
+ $realm_admin_credentials->gatewayId = $gatewayId;
+ $realm_admin_credentials->portalUserName = Config::get('pga_config.wsis')['admin-username'];
+ $realm_admin_credentials->loginUserName = Config::get('pga_config.wsis')['admin-username'];
+ $realm_admin_credentials->password = Config::get('pga_config.wsis')['admin-password'];
+
+ IamAdminServices::registerUser($admin_authz_token, $user_details, $realm_admin_credentials, $password);
/*add user to the initial role */
- $initialRoleName = CommonUtilities::getInitialRoleName();
- $allRoles = Keycloak::getAllRoles();
- if(! in_array( $initialRoleName, $allRoles)){
- WSIS::addRole( $initialRoleName);
- }
-
- $userRoles["new"] = $initialRoleName;
-
- if( Config::get('pga_config.portal')['super-admin-portal'] == true ){
-
- if(! in_array( "gateway-provider", $allRoles)){
- WSIS::addRole( "gateway-provider");
- }
- $userRoles["new"] = array("gateway-provider", "admin");
- }
- $userRoles["deleted"] = array();
- // FIXME: this requires the $user_id, not the $username
- Keycloak::updateUserRoles( $username, $userRoles);
+ // TODO: add user to initial role, etc.
+ // $initialRoleName = CommonUtilities::getInitialRoleName();
+ // $allRoles = Keycloak::getAllRoles();
+ //
+ // $userRoles["new"] = $initialRoleName;
+ //
+ // if( Config::get('pga_config.portal')['super-admin-portal'] == true ){
+ //
+ // $userRoles["new"] = array("gateway-provider", "admin");
+ // }
+ // $userRoles["deleted"] = array();
+ // // FIXME: this requires the $user_id, not the $username
+ // Keycloak::updateUserRoles( $username, $userRoles);
CommonUtilities::print_success_message('Account confirmation request was sent to your email account');
return View::make('home');
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/8154eac1/app/libraries/CommonUtilities.php
----------------------------------------------------------------------
diff --git a/app/libraries/CommonUtilities.php b/app/libraries/CommonUtilities.php
index a3259a8..53f790e 100644
--- a/app/libraries/CommonUtilities.php
+++ b/app/libraries/CommonUtilities.php
@@ -249,7 +249,7 @@ class CommonUtilities
$navbar .= '</ul></li>';
} else {
- // $navbar .= '<li><a href="' . URL::to('/') . '/create"><span class="glyphicon glyphicon-user"></span> Create account</a></li>';
+ $navbar .= '<li><a href="' . URL::to('/') . '/create"><span class="glyphicon glyphicon-user"></span> Create account</a></li>';
$navbar .= '<li><a href="' . URL::to('/') . '/login"><span class="glyphicon glyphicon-log-in"></span> Log in</a></li>';
}
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/8154eac1/app/libraries/Keycloak/API/BaseKeycloakAPIEndpoint.php
----------------------------------------------------------------------
diff --git a/app/libraries/Keycloak/API/BaseKeycloakAPIEndpoint.php b/app/libraries/Keycloak/API/BaseKeycloakAPIEndpoint.php
index c440179..9f9740f 100644
--- a/app/libraries/Keycloak/API/BaseKeycloakAPIEndpoint.php
+++ b/app/libraries/Keycloak/API/BaseKeycloakAPIEndpoint.php
@@ -1,6 +1,8 @@
<?php
namespace Keycloak\API;
+use Keycloak\KeycloakUtil;
+
use Exception;
use Log;
@@ -20,30 +22,6 @@ class BaseKeycloakAPIEndpoint {
protected function getAPIAccessToken($realm) {
- // http://www.keycloak.org/docs/2.5/server_development/topics/admin-rest-api.html
- // curl -d client_id=admin-cli -d username=username \
- // -d "password=password" -d grant_type=password https://149.165.156.62:8443/auth/realms/master/protocol/openid-connect/token
-
- $r = curl_init($this->base_endpoint_url . '/realms/' . rawurlencode($realm) . '/protocol/openid-connect/token');
- curl_setopt($r, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($r, CURLOPT_ENCODING, 1);
- curl_setopt($r, CURLOPT_SSL_VERIFYPEER, $this->verify_peer);
-
- // Assemble POST parameters for the request.
- $post_fields = "client_id=admin-cli&username=" . urlencode($this->admin_username) . "&password=" . urlencode($this->admin_password) . "&grant_type=password";
-
- // Obtain and return the access token from the response.
- curl_setopt($r, CURLOPT_POST, true);
- curl_setopt($r, CURLOPT_POSTFIELDS, $post_fields);
-
- $response = curl_exec($r);
- if ($response == false) {
- Log::error("Failed to retrieve API Access Token");
- die("curl_exec() failed. Error: " . curl_error($r));
- }
-
- $result = json_decode($response);
- // Log::debug("API Access Token result", array($result));
- return $result->access_token;
+ return KeycloakUtil::getAPIAccessToken($this->base_endpoint_url, $realm, $this->admin_username, $this->admin_password, $this->verify_peer);
}
}
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/8154eac1/app/libraries/Keycloak/Keycloak.php
----------------------------------------------------------------------
diff --git a/app/libraries/Keycloak/Keycloak.php b/app/libraries/Keycloak/Keycloak.php
index a33b245..d6846a7 100644
--- a/app/libraries/Keycloak/Keycloak.php
+++ b/app/libraries/Keycloak/Keycloak.php
@@ -5,6 +5,7 @@ namespace Keycloak;
use Keycloak\API\RoleMapper;
use Keycloak\API\Roles;
use Keycloak\API\Users;
+use Keycloak\KeycloakUtil;
use Exception;
use Log;
@@ -20,6 +21,9 @@ class Keycloak {
private $callback_url;
private $cafile_path;
private $verify_peer;
+ private $base_endpoint_url;
+ private $admin_username;
+ private $admin_password;
// API clients
private $role_mapper;
@@ -39,6 +43,9 @@ class Keycloak {
$this->callback_url = $callback_url;
$this->cafile_path = $cafile_path;
$this->verify_peer = $verify_peer;
+ $this->base_endpoint_url = $base_endpoint_url;
+ $this->admin_username = $admin_username;
+ $this->admin_password = $admin_password;
$this->role_mapper = new RoleMapper($base_endpoint_url, $admin_username, $admin_password, $verify_peer);
$this->roles = new Roles($base_endpoint_url, $admin_username, $admin_password, $verify_peer);
@@ -374,6 +381,16 @@ class Keycloak {
}
}
+ public function getAdminAuthzToken() {
+
+ $access_token = KeycloakUtil::getAPIAccessToken($this->base_endpoint_url, $this->realm, $this->admin_username, $this->admin_password, $this->verify_peer);
+ $authzToken = new \Airavata\Model\Security\AuthzToken();
+ $authzToken->accessToken = $access_token;
+ $authzToken->claimsMap['gatewayID'] = $this->realm;
+ $authzToken->claimsMap['userName'] = $this->admin_username;
+ return $authzToken;
+ }
+
/**
* Get the user's Keycloak user_id from their username
*/
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/8154eac1/app/libraries/Keycloak/KeycloakUtil.php
----------------------------------------------------------------------
diff --git a/app/libraries/Keycloak/KeycloakUtil.php b/app/libraries/Keycloak/KeycloakUtil.php
new file mode 100644
index 0000000..ce5e779
--- /dev/null
+++ b/app/libraries/Keycloak/KeycloakUtil.php
@@ -0,0 +1,37 @@
+<?php
+namespace Keycloak;
+
+use Exception;
+use Log;
+
+class KeycloakUtil {
+
+ public static function getAPIAccessToken($base_endpoint_url, $realm, $admin_username, $admin_password, $verify_peer) {
+
+ // http://www.keycloak.org/docs/2.5/server_development/topics/admin-rest-api.html
+ // curl -d client_id=admin-cli -d username=username \
+ // -d "password=password" -d grant_type=password https://149.165.156.62:8443/auth/realms/master/protocol/openid-connect/token
+
+ $r = curl_init($base_endpoint_url . '/realms/' . rawurlencode($realm) . '/protocol/openid-connect/token');
+ curl_setopt($r, CURLOPT_RETURNTRANSFER, 1);
+ curl_setopt($r, CURLOPT_ENCODING, 1);
+ curl_setopt($r, CURLOPT_SSL_VERIFYPEER, $verify_peer);
+
+ // Assemble POST parameters for the request.
+ $post_fields = "client_id=admin-cli&username=" . urlencode($admin_username) . "&password=" . urlencode($admin_password) . "&grant_type=password";
+
+ // Obtain and return the access token from the response.
+ curl_setopt($r, CURLOPT_POST, true);
+ curl_setopt($r, CURLOPT_POSTFIELDS, $post_fields);
+
+ $response = curl_exec($r);
+ if ($response == false) {
+ Log::error("Failed to retrieve API Access Token");
+ die("curl_exec() failed. Error: " . curl_error($r));
+ }
+
+ $result = json_decode($response);
+ // Log::debug("API Access Token result", array($result));
+ return $result->access_token;
+ }
+}
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/8154eac1/app/views/account/create.blade.php
----------------------------------------------------------------------
diff --git a/app/views/account/create.blade.php b/app/views/account/create.blade.php
index 1eafc70..d6d0748 100644
--- a/app/views/account/create.blade.php
+++ b/app/views/account/create.blade.php
@@ -66,48 +66,6 @@
placeholder="Last Name" required="required" title="" type="text"
value="{{Input::old('last_name') }}"/></div>
</div>
- <div class="form-group"><label class="control-label">Organization</label>
-
- <div><input class="form-control" id="organization" name="organization"
- placeholder="Organization" title="" type="text" value="{{Input::old('organization') }}"/>
- </div>
- </div>
- <div class="form-group"><label class="control-label">Address</label>
-
- <div><input class="form-control" id="address" name="address"
- placeholder="Address" title="" type="text" value="{{Input::old('address') }}"/>
- </div>
- </div>
- <div class="form-group"><label class="control-label">Country</label>
-
- <div><input class="form-control" id="country" name="country"
- placeholder="Country" title="" type="text" value="{{Input::old('country') }}"/>
- </div>
- </div>
- <div class="form-group"><label class="control-label">Telephone</label>
-
- <div><input class="form-control" id="telephone" name="telephone"
- placeholder="Telephone" title="" type="tel" value="{{Input::old('telephone') }}"/>
- </div>
- </div>
- <div class="form-group"><label class="control-label">Mobile</label>
-
- <div><input class="form-control" id="mobile" name="mobile"
- placeholder="Mobile" title="" type="tel" value="{{Input::old('mobile') }}"/>
- </div>
- </div>
- <div class="form-group"><label class="control-label">IM</label>
-
- <div><input class="form-control" id="im" name="im"
- placeholder="IM" title="" type="text" value="{{Input::old('im') }}"/>
- </div>
- </div>
- <div class="form-group"><label class="control-label">URL</label>
-
- <div><input class="form-control" id="url" name="url"
- placeholder="URL" title="" type="text" value="{{Input::old('url') }}"/>
- </div>
- </div>
<br/>
<input name="Submit" type="submit" class="btn btn-primary btn-block" value="Create">
</form>
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/8154eac1/app/views/account/login.blade.php
----------------------------------------------------------------------
diff --git a/app/views/account/login.blade.php b/app/views/account/login.blade.php
index 9d36753..7ef30cc 100755
--- a/app/views/account/login.blade.php
+++ b/app/views/account/login.blade.php
@@ -10,9 +10,9 @@
<h3>
Login
- {{-- <small>
+ <small>
<small> (Not registered? <a href="create">Create account</a>)</small>
- </small> --}}
+ </small>
</h3>