openinfra/openstackid-resources
Code Issues Proposed changes
openstackid-resources/app/Models/ResourceServer/AccessTokenService.php
smarcet 39e3c8e333 * Summit Registration Model/Endpoints 
Doc

https://docs.google.com/document/d/1gOAceevwutF3QHYWD0_6aESQMZEiIz3YVBVXlyUuRy8

* Summit Registration External Feed

https://docs.google.com/document/d/1_2QZUK--A350jxh2USKBtVtisKrrcUcVjdKnbcZ7-4M/edit#

* Multi Stripe Config

* Added stripe payment configuration per summit
* Added webhook automatic creation
* Added CRUD endpoints for payment profiles per summit

GET api/v1/summits/{id}/payment-gateway-profiles

filters

active ['==']
application_type ['=@', '==']

scopes

summits/read/all
summits/payment-gateway-profiles/read

POST  api/v1/summits/{id}/payment-gateway-profiles

payload

'active'               => 'sometimes|boolean',
'application_type'     => 'sometimes|string|in:Registration,BookableRooms'
'provider'             => 'required|string|in:Stripe',
'test_mode_enabled'    => 'required|boolean',
'live_secret_key'      => 'sometimes|string',
'live_publishable_key' => 'required_with:live_secret_key|string',
'test_secret_key'      => 'sometimes|string',
'test_publishable_key' => 'required_with:test_secret_key|string'

scopes

summits/write
summits/payment-gateway-profiles/write

GET  api/v1/summits/{id}/payment-gateway-profiles/{payment_profile_id}

scopes

summits/read/all
summits/payment-gateway-profiles/read

PUT api/v1/summits/{id}/payment-gateway-profiles/{payment_profile_id}

payload

'active'               => 'sometimes|boolean',
'application_type'     => 'sometimes|string|in:Registration,BookableRooms'
'provider'             => 'required|string|in:Stripe',
'test_mode_enabled'    => 'required|boolean',
'live_secret_key'      => 'sometimes|string',
'live_publishable_key' => 'required_with:live_secret_key|string',
'test_secret_key'      => 'sometimes|string',
'test_publishable_key' => 'required_with:test_secret_key|string'

scopes

summits/payment-gateway-profiles/write
summits/write

DELETE api/v1/summits/{id}/payment-gateway-profiles/{payment_profile_id}

scopes

summits/payment-gateway-profiles/write
summits/write

Stripe Webhooks

default webhook

(SECRET set per application under .env, should be created previously on stripe default account)

POST api/public/v1/summits/all/payments/{application_name}/confirm

where application_name could be Registration or BookableRooms

otherwise if a stripe account is set per summit, when the profile gets activated
a webhook will be automatically be created using following url

POST api/public/v1/summits/{id}/payments/{application_name}/confirm

* Email API Integration

* moved all blade templates to mail api ( DB Seeding)
* defined email events flows per summmit
* created endpoint to set up templates per email events on each flow

PUT /api/v1/summits/{id}/email-flows-events/{event_id}

payload

email_template_identifier: string

* added endpoint to get all email events per summit

GET /api/v1/summits/{id}/email-flows-events

* added endpoint to get email event per summit/id

GET /api/v1/summits/{id}/email-flows-events/{event_id}

Summit Documents endpoints

add summit document

POST /api/v1/summits/{id}/summit-documents

payload

file (mandatory|file stream)
label ( mandatory|string)
name ( mandatory|string)
description (optional|string)

get all summit documents

GET /api/v1/summits/{id}/summit-documents

get by id

GET /api/v1/summits/{id}/summit-documents/{document_id}

update

PUT GET /api/v1/summits/{id}/summit-documents/{document_id}

file (optional|file stream)
label (optional|string)
name (optional|string)
description (optional|string)

delete

DELETE GET /api/v1/summits/{id}/summit-documents/{document_id}

add event type to doc

PUT /api/v1/summits/{id}/summit-documents/{document_id}/event-types/{event_type_id}

delete event type from doc

DELETE /api/v1/summits/{id}/summit-documents/{document_id}/event-types/{event_type_id}

add document to event type

PUT /api/v1/summits/{id}/event-types/{event_type_id}/summit-documents/{document_id}

delete document from event type

DELETE /api/v1/summits/{id}/event-types/{event_type_id}/summit-documents/{document_id}

Updated Summit events to support streaming url, meeting_url and etherpad link

* Summit Registration - Invite only

Summit Administrator Permission Groups

GET /api/v1/summit-administrator-groups

filter

* title
* member_first_name
* member_last_name
* member_full_name
* member_email
* summit_id
* member_id

ordering

id
title

scopes

%s/summit-administrator-groups/read

/api/v1/summit-administrator-groups/{group_id}

scopes

%s/summit-administrator-groups/read

POST /api/v1/summit-administrator-groups

title
summits
members

scopes

%s/summit-administrator-groups/write

PUT /api/v1/summit-administrator-groups/{group_id}

title
summits
members

scopes

%s/summit-administrator-groups/write

DELETE /api/v1/summit-administrator-groups/{group_id}

scopes

%s/summit-administrator-groups/write

PUT /api/v1/summit-administrator-groups/{group_id}/members/{member_id}

DELETE /api/v1/summit-administrator-groups/{group_id}/members/{member_id}

PUT /api/v1/summit-administrator-groups/{group_id}/summits/{summit_id}

DELETE /api/v1/summit-administrator-groups/{group_id}/summits/{summit_id}

Room Metrics

PUT /api/v1/summits/{id}/members/{member_id}/schedule/{event_id}/enter

Scopes

%s/me/summits/events/enter

PUT /api/v1/summits/{id}/members/{member_id}/schedule/{event_id}/leave

%s/me/summits/events/leave

update summit_event serializer

new fields

total_attendance_count
current_attendance_count
attendance
current_attendance

Added new Speakers Endpoints

GET /api/v1/summits/{id}/speakers/on-schedule

retrieves all speakers on summit schedule

filters

'first_name' => ['=@', '=='],
'last_name'  => ['=@', '=='],
'email'      => ['=@', '=='],
'id'         => ['=='],
'full_name'  => ['=@', '=='],
'start_date' => ['>', '<', '<=', '>=', '=='],
'end_date'   => ['>', '<', '<=', '>=', '=='],

Summit Events Image

POST /api/v1/summits/{id}/events/{event_id}/image
DELETE /api/v1/summits/{id}/events/{event_id}/image

Speakers Image Big Pic

POST /api/v1/speakers/{speaker_id}/big-photo
DELETE /api/v1/speakers/{speaker_id}/big-photo

CFP - multiple summits

Presentation Materials - Media Uploads

New Endpoints

GET api/v1/summit-media-file-types

filter
'name' => ['=@', '==']

order

id, name

POST api/v1/summit-media-file-types

payload

'name'  => 'required|string|max:255',
'description'  => 'sometimes|string|max:255',
'allowed_extensions' => 'required|string_array',

GET api/v1/summit-media-file-types/{id}

PUT api/v1/summit-media-file-types/{id}

payload

'name'  => 'sometimes|string|max:255',
'description'  => 'sometimes|string|max:255',
'allowed_extensions' => 'required|string_array',

DELETE api/v1/summit-media-file-types/{id}

GET api/v1/summits/{id}/media-upload-types

POST

payload

'name' => 'required|string|max:255',
'description' => 'sometimes|string|max:255',
'is_mandatory' => 'required|boolean',
'max_size' => 'required|int|megabyte_aligned',
'private_storage_type' => 'required|string|in:None,DropBox,Swift,Local',
'public_storage_type' => 'required|string|in:None,DropBox,Swift,Local'
'type_id' => 'required|int',
'presentation_types' => 'sometimes|int_array',

GET api/v1/summits/{id}/media-upload-types/{media_upload_type_id}

PUT api/v1/summits/{id}/media-upload-types/{media_upload_type_id}

payload

'name' => 'sometimes|string|max:255',
'description' => 'sometimes|string|max:255',
'is_mandatory' => 'sometimes|boolean',
'max_size' => 'sometimes|int|megabyte_aligned',
'private_storage_type' => 'sometimes|string|in:None,DropBox,Swift,Local',
'public_storage_type' => 'sometimes|string|in:None,DropBox,Swift,Local'
'type_id' => 'sometimes|int',
'presentation_types' => 'sometimes|int_array',

DELETE api/v1/summits/{id}/media-upload-types/{media_upload_type_id}

PUT api/v1/summits/{id}/media-upload-types/{media_upload_type_id}/presentation-types/{event_type_id}

DELETE api/v1/summits/{id}/media-upload-types/{media_upload_type_id}/presentation-types/{event_type_id}

GET api/v1/summits/{id}/presentations/{presentation_id}/media-uploads

POST api/v1/summits/{id}/presentations/{presentation_id}/media-uploads

payload multiform

file

media_upload_type_id

GET api/v1/summits/{id}/presentations/{presentation_id}/media-uploads/{media_upload_id}

PUT api/v1/summits/{id}/presentations/{presentation_id}/media-uploads/{media_upload_id}

payload multiform

file

DELETE api/v1/summits/{id}/presentations/{presentation_id}/media-uploads/{media_upload_id}

POST /api/v1/summits/{id}/media-upload-types/all/clone/{to_summit_id}

Summit Invitation Only endpoints V2

CRUD invitations

Change-Id: Ia23c247a59c3810f2a738265efdd890fe6f59dfb
Signed-off-by: smarcet <smarcet@gmail.com>
2020-09-21 09:52:07 -03:00

251 lines
8.7 KiB
PHP
Raw Blame History

<?php namespace App\Models\ResourceServer;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use GuzzleHttp\Client;
use GuzzleHttp\Exception\RequestException;
use Illuminate\Support\Facades\Config;
use libs\oauth2\InvalidGrantTypeException;
use libs\oauth2\OAuth2InvalidIntrospectionResponse;
use libs\oauth2\OAuth2Protocol;
use libs\utils\ConfigurationException;
use libs\utils\ICacheService;
use models\oauth2\AccessToken;
use Illuminate\Support\Facades\Log;
/**
* Class AccessTokenService
* @package App\Models\ResourceServer
*/
final class AccessTokenService implements IAccessTokenService
{
static $access_token_keys = [
'access_token',
'scope',
'client_id',
'audience',
'expires_in',
'application_type',
'allowed_return_uris',
'allowed_origins',
'user_external_id',
'user_identifier',
'user_id',
'user_email',
'user_first_name',
'user_last_name',
'user_groups',
];
/**
* @var ICacheService
*/
private $cache_service;
/**
* @param ICacheService $cache_service
*/
public function __construct(ICacheService $cache_service)
{
$this->cache_service = $cache_service;
}
/**
* @param string $token_value
* @return AccessToken
* @throws \Exception
*/
public function get($token_value)
{
$token = null;
$cache_lifetime = intval(Config::get('server.access_token_cache_lifetime', 300));
if($this->cache_service->exists(md5($token_value).'.revoked'))
{
Log::debug(sprintf('token marked as revoked on cache (%s)',md5($token_value) ));
throw new InvalidGrantTypeException(OAuth2Protocol::OAuth2Protocol_Error_InvalidToken);
}
$token_info = $this->cache_service->getHash(md5($token_value), self::$access_token_keys);
if (count($token_info) === 0)
{
$token_info = $this->doIntrospection($token_value);
}
else
{
$cache_remaining_lifetime = intval($this->cache_service->ttl(md5($token_value)));
$expires_in = intval($token_info['expires_in']);
$token_info['expires_in'] = $expires_in - ( $cache_lifetime - $cache_remaining_lifetime);
Log::debug
(
sprintf
(
"original token life time %s - current token life time %s - token cache remaining lifetime %s",
$expires_in,
$token_info['expires_in'],
$cache_remaining_lifetime
)
);
}
$token = $this->unSerializeToken($token_info);
if($token->getLifetime() <= 0)
{
Log::debug("token lifetime is <= 0 ... retrieving from IDP");
$this->cache_service->delete(md5($token_value));
$token_info = $this->doIntrospection($token_value);
$token = $this->unSerializeToken($token_info);
}
return $token;
}
/**
* @param array $token_info
* @return AccessToken
*/
private function unSerializeToken(array $token_info){
$token = AccessToken::createFromParams($token_info);
$str_token_info = "";
foreach($token_info as $k => $v){
$str_token_info .= sprintf("-%s=%s-", $k, $v);
}
Log::debug("token info : ". $str_token_info);
return $token;
}
/**
* @param string $token_value
* @return array
*/
private function doIntrospection($token_value){
Log::debug("getting token from remote call ...");
$cache_lifetime = intval(Config::get('server.access_token_cache_lifetime', 300));
$token_info = $this->doIntrospectionRequest($token_value);
// legacy fix
if(!array_key_exists("user_external_id" , $token_info)){
$token_info['user_external_id'] = null;
}
if(!array_key_exists("user_identifier" , $token_info)){
$token_info['user_identifier'] = null;
}
if(!array_key_exists("user_email" , $token_info)){
$token_info['user_email'] = null;
}
if(!array_key_exists("user_first_name" , $token_info)){
$token_info['user_first_name'] = null;
}
if(!array_key_exists("user_last_name" , $token_info)){
$token_info['user_last_name'] = null;
}
if(array_key_exists("user_groups" , $token_info)){
$token_info['user_groups'] = json_encode($token_info['user_groups']);
}
$this->cache_service->storeHash(md5($token_value), $token_info, $cache_lifetime);
return $token_info;
}
/**
* @param $token_value
* @return mixed
* @throws ConfigurationException
* @throws InvalidGrantTypeException
* @throws OAuth2InvalidIntrospectionResponse
* @throws \Exception
*/
private function doIntrospectionRequest($token_value)
{
try {
$client = new Client([
'timeout' => Config::get('curl.timeout', 60),
'allow_redirects' => Config::get('curl.allow_redirects', false),
'verify' => Config::get('curl.verify_ssl_cert', true)
]);
$client_id = Config::get('app.openstackid_client_id', '');
$client_secret = Config::get('app.openstackid_client_secret', '');
$auth_server_url = Config::get('app.openstackid_base_url', '');
if (empty($client_id)) {
throw new ConfigurationException('app.openstackid_client_id param is missing!');
}
if (empty($client_secret)) {
throw new ConfigurationException('app.openstackid_client_secret param is missing!');
}
if (empty($auth_server_url)) {
throw new ConfigurationException('app.openstackid_base_url param is missing!');
}
// http://docs.guzzlephp.org/en/stable/request-options.html
$response = $client->request('POST',
"{$auth_server_url}/oauth2/token/introspection",
[
'form_params' => ['token' => $token_value],
'auth' => [$client_id, $client_secret],
'timeout' => 120,
'http_errors' => true
]
);
$content_type = $response->getHeaderLine('content-type');
if(!str_contains($content_type, 'application/json'))
{
// invalid content type
throw new \Exception($response->getBody());
}
return json_decode($response->getBody()->getContents(), true);
}
catch (RequestException $ex) {
Log::warning($ex->getMessage());
$response = $ex->getResponse();
if(is_null($response))
throw new OAuth2InvalidIntrospectionResponse(sprintf('http code %s', $ex->getCode()));
$content_type = $response->getHeaderLine('content-type');
$is_json = str_contains($content_type, 'application/json');
$body = $response->getBody()->getContents();
$body = $is_json ? json_decode($body, true): $body;
$code = $response->getStatusCode();
if ($code === 400 && $is_json && isset($body['error'])
&& (
$body['error'] === OAuth2Protocol::OAuth2Protocol_Error_InvalidToken ||
$body['error'] === OAuth2Protocol::OAuth2Protocol_Error_InvalidGrant
))
{
$this->cache_service->setSingleValue(md5($token_value).'.revoked', md5($token_value));
throw new InvalidGrantTypeException($body['error']);
}
if($code == 503 ){
// service went online temporally ... revoke token
$this->cache_service->setSingleValue(md5($token_value).'.revoked', md5($token_value));
throw new InvalidGrantTypeException(OAuth2Protocol::OAuth2Protocol_Error_InvalidToken);
}
throw new OAuth2InvalidIntrospectionResponse(sprintf('http code %s - body %s', $ex->getCode(), $body));
}
}
}
View Git Blame Copy Permalink