Commit 80bba130 authored by efalcy's avatar efalcy

dev#106075 fix tests

parents 1ab09920 e9dd05b5
Pipeline #9636 passed with stage
in 43 minutes and 50 seconds
......@@ -56,7 +56,8 @@ class Class_IdentityProvider extends Storm_Model_Abstract{
'nonce',
'logout_url',
'button_login',
'button_logout'],
'button_logout',
'prod_url' ],
$_context;
......@@ -79,8 +80,8 @@ class Class_IdentityProvider extends Storm_Model_Abstract{
public function isAttachable() {
$user = Class_Users::getIdentity();
return !($user && $this->isRemotelyLogged())
&& !$this->isAssociatedTo($user);
return !($user && $this->isRemotelyLogged());
// && !$this->isAssociatedTo($user);
}
......@@ -212,6 +213,7 @@ class Class_IdentityProvider extends Storm_Model_Abstract{
$config = $this->getConfigAsArray();
$config[$key] = $value;
$this->setConfig(json_encode($config));
return $this;
}
......
......@@ -22,10 +22,10 @@
class Class_IdentityProvider_Franceconnect extends Class_IdentityProvider_Default {
protected $_script_logout = '<div id="fconnect-profile" data-fc-logout-url="[URL]"><a href="#">[USERNAME]</a></div>
<script src="https://fcp.integ01.dev-franceconnect.fr/js/franceconnect.js"></script>';
<script src="[URL_FC]/js/franceconnect.js"></script>';
protected $_config = ['url' => 'https://fcp.integ01.dev-franceconnect.fr/api/v1',
'logout_url' => 'https://fcp.integ01.dev-franceconnect.fr/api/v1/logout',
protected $_config = ['url' => '[URL_FC]/api/v1',
'logout_url' => '[URL_FC]/api/v1/logout',
'button_login' => 'franceconnect',
];
......@@ -35,7 +35,16 @@ class Class_IdentityProvider_Franceconnect extends Class_IdentityProvider_Defaul
}
public function getFranceConnectUrl() {
return parent::getParam('prod_url')
? 'https://app.franceconnect.gouv.fr'
:'https://fcp.integ01.dev-franceconnect.fr';
}
public function getParam($key) {
$this->_config['url'] = str_replace('[URL_FC]',$this->getFranceConnectUrl(),$this->_config['url']);
$this->_config['logout_url'] = str_replace('[URL_FC]',$this->getFranceConnectUrl(),$this->_config['logout_url']);
return 'button_logout' == $key
? $this->_buttonLogout()
: parent::getParam($key);
......@@ -50,6 +59,8 @@ class Class_IdentityProvider_Franceconnect extends Class_IdentityProvider_Defaul
'provider' => $this->_provider->getId()]),
$script);
$script = str_replace('[URL_FC]',$this->getFranceConnectUrl(),$script);
if ($user = Class_Users::getIdentity())
return str_replace('[USERNAME]', $user->getNomAff(), $script);
......
......@@ -23,6 +23,7 @@ class Class_Testing_PhpCommand extends Class_Testing_FileSystem {
public function __construct() {
$this->_known_functions = array_merge($this->_known_functions,
['rand',
'sha1',
'hash',
'password_hash',
'extension_loaded',
......
......@@ -29,18 +29,11 @@ class Class_WebService_Acheteza extends Class_WebService_IdentityProvider {
|| (!$pan = $context->getParam('pan')))
return $this;
/*
if (!$this->_checkAccessToken($token, $pan))
if (!$this->_checkAccessToken($token, $pan))
return $this;
*/
$this->loginWith($pan);
return $this;
/*
if ($id = $this->_getRemoteId($token))
$this->loginWith($id);
*/
return $this;
}
......
......@@ -23,26 +23,45 @@
abstract class Class_WebService_IdentityProvider {
use Trait_SimpleWebClient, Trait_TimeSource;
/** @var ZendAfi_Session_Namespace */
protected static $_session_namespace;
/** @var array of ZendAfi_Session_Namespace */
protected static $_session_namespace = [],
$_expiration_delay = 300;
/** @var Class_IdentityProvider */
protected $_provider;
/** @return ZendAfi_Session_Namespace */
public static function getSession() {
if (static::$_session_namespace)
return static::$_session_namespace;
static::$_session_namespace = (new ZendAfi_Session_Namespace(md5(BASE_URL . get_called_class())))
->setExpirationDelay(300);
$called_class = get_called_class();
if (isset(static::$_session_namespace[$called_class]))
return static::$_session_namespace[$called_class];
static::$_session_namespace[$called_class] = (new ZendAfi_Session_Namespace(md5(BASE_URL . get_called_class())))
->setExpirationDelay(static::$_expiration_delay);
return static::$_session_namespace[$called_class];
}
return static::$_session_namespace;
public static function setExpirationDelay($expires_at) {
static::$_session_namespace[get_called_class()]->setExpirationDelay($expires_at);
static::$_expiration_delay = $expires_at;
}
public static function clearSession() {
static::getSession()->unsetAll();
static::$_session_namespace[get_called_class()] = null;
}
public static function clearAllSession() {
foreach (static::$_session_namespace as $namespace) {
static::$_session_namespace[$namespace]->unsetAll();
static::$_session_namespace[$namespace] = null;
}
}
......
......@@ -23,12 +23,13 @@ require_once 'library/php-jwt/autoload.php';
require_once 'library/phpseclib/autoload.php';
class Class_WebService_OpenId extends Class_WebService_IdentityProvider {
use Trait_StaticPhpCommand;
protected
$_client_id,
$_client_secret = '' ,
$_url='',
$_nonce = true,
$_nonce,
$_authorization_url = '',
$_token_url = '',
$_userinfo_url = '',
......@@ -43,6 +44,7 @@ class Class_WebService_OpenId extends Class_WebService_IdentityProvider {
public static function getUserId() {
if (!static::isLogged())
return null;
......@@ -133,12 +135,14 @@ class Class_WebService_OpenId extends Class_WebService_IdentityProvider {
public function getUserInfos($code, $state) {
if (isset($this->getSession()->userinfo))
return $this->getSession()->userinfo;
if ($state != $this->getState())
return false;
if (!$access_token = $this->_getAndCheckAccessToken($code))
return [];
......@@ -166,13 +170,15 @@ class Class_WebService_OpenId extends Class_WebService_IdentityProvider {
protected function _checkNonce($nonce) {
return $this->getNonce() == $nonce;
return ($this->getNonce() == $nonce);
}
protected function _getAndCheckAccessToken($code) {
if (isset($this->getSession()->access_token))
if (isset($this->getSession()->access_token)) {
$this->setExpirationDelay($this->getSession()->expires_in);
return $this->getSession()->access_token;
}
$http_client = $this->getWebClient();
$post_data = [
......@@ -187,17 +193,29 @@ class Class_WebService_OpenId extends Class_WebService_IdentityProvider {
'application/json');
$json = json_decode($response);
if (!isset($json->access_token)|| !isset($json->id_token))
return ;
$this->getSession()->access_token = $json->access_token;
if (isset($json->expires_in)) {
$this->setExpirationDelay($json->expires_in);
$this->getSession()->expires_in = $json->expires_in;
}
$this->getSession()->token = $json->id_token;
if (!$this->_nonce)
if (!$this->_nonce) {
return $json->access_token;
}
if (! $certifs = $this->_getCertificates())
$certifs = $this->_client_secret;
\Firebase\JWT\JWT::$leeway = 2;
$response =\Firebase\JWT\JWT::decode($json->id_token,
$certifs,
['HS256','RS256']);
......@@ -208,7 +226,6 @@ class Class_WebService_OpenId extends Class_WebService_IdentityProvider {
if (!$this->_checkNonce($response->nonce))
return ;
$this->getSession()->token = $json->id_token;
return $json->access_token;
}
......@@ -238,7 +255,7 @@ class Class_WebService_OpenId extends Class_WebService_IdentityProvider {
&& ($state = $this->getSession()->state))
return $state;
return $this->_getRandomToken();
return $this->getSession()->state = $this->_getRandomToken();
}
......@@ -252,7 +269,7 @@ class Class_WebService_OpenId extends Class_WebService_IdentityProvider {
protected function _getRandomToken(){
return sha1(mt_rand(0, mt_getrandmax()));
return $this->getPhpCommand()->sha1(mt_rand(0, mt_getrandmax()));
}
......@@ -278,8 +295,8 @@ class Class_WebService_OpenId extends Class_WebService_IdentityProvider {
'scope' => 'openid',
'state' => $this->getState()];
if ($this->_nonce)
$params['nonce'] = $this->getNonce();
// if ($this->_nonce)
$params['nonce'] = $this->getNonce();
return $this->_authorization_url . '?' . http_build_query($params);
}
......
......@@ -25,7 +25,9 @@ class ZendAfi_Form_Admin_IdentityProvider extends ZendAfi_Form {
parent::init();
Class_ScriptLoader::getInstance()
->addJQueryBackEnd('formSelectToggleVisibilityForElement("#type", $("#url, #url_api, #button_logout, #logout_url").closest("tr"), ["default", "acheteza"]);');
->addJQueryBackEnd('formSelectToggleVisibilityForElement("#type", $("#url, #url_api, #button_logout, #logout_url").closest("tr"), ["default", "acheteza"]);')
->addJQueryBackEnd('formSelectToggleVisibilityForElement("#type", $("#prod_url").closest("tr"), ["franceconnect"]);');
$this
->addElement('text',
......@@ -46,14 +48,14 @@ class ZendAfi_Form_Admin_IdentityProvider extends ZendAfi_Form {
->addElement('text',
'client_id',
['label' => $this->_('client_id'),
['label' => $this->_('Identifiant client'),
'size' => 50,
'required' => true,
'allowEmpty' => false])
->addElement('text',
'client_secret',
['label' => $this->_('client_secret'),
['label' => $this->_('Clé secrète'),
'size' => 50,
'required' => true,
'allowEmpty' => false])
......@@ -82,6 +84,11 @@ class ZendAfi_Form_Admin_IdentityProvider extends ZendAfi_Form {
['label' => $this->_('Url de logout'),
'title' => $this->_('Url de logout')])
->addElement('checkbox',
'prod_url',
['label' => $this->_('En production'),
'title' => $this->_('En production')])
->addUniqDisplayGroup('provider');
}
}
......@@ -30,7 +30,7 @@ class ZendAfi_Session_Namespace extends Zend_Session_Namespace {
public function __construct($namespace = 'Default', $singleInstance = false) {
parent::__construct($namespace, $singleInstance);
if ($this->_isExpired())
$this->unsetAll();
$this->unsetAll();
}
......@@ -45,10 +45,19 @@ class ZendAfi_Session_Namespace extends Zend_Session_Namespace {
public function setExpirationDelay($seconds) {
$this->_expiration_delay = (int)$seconds;
parent::__set(static::EXPIRATION_VAR_NAME,
$this->getTimeSource()->time() + $this->_expiration_delay);
return $this;
}
public function getExpirationDelay() {
return $this->_expiration_delay;
}
protected function _isExpired() {
$expires_at = $this->__get(static::EXPIRATION_VAR_NAME);
return isset($expires_at) && $this->getTimeSource()->time() > $expires_at;
......
......@@ -3817,3 +3817,4 @@ a[href*="bookmarked-searches/notify"] img {
/* identity provider widget */
.boite.identity_provider .contenu {overflow:visible}
.boite.identity_provider #fconnect-profile {margin: 20px 10px}
.boite.identity_provider #fconnect-access {position: relative!important}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment