hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-18 07:23:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

PHRAS-3921 prod - expose-cli - became compatible with Phrasea V3 keycloak and fix (#4384)

Browse Source 
* expose cli phrasea v3

* retrocompatible with v2

* fix connection by idp

* remove placeholder

* some fix

* some fix

* fix

* fix auth from IDP

* list expose

---------

Co-authored-by: Nicolas Maillat <maillat@alchemy.fr>
This commit is contained in:
Aina Sitraka
2023-10-10 23:22:23 +03:00
committed by GitHub
parent be9a6b3ed3
commit 529a95ecfa
27 changed files with 1757 additions and 1595 deletions
Download Patch File Download Diff File Expand all files Collapse all files

189
lib/Alchemy/Phrasea/PhraseanetService/Controller/PSExposeController.php
View File

@@ -41,7 +41,6 @@ class PSExposeController extends Controller
$proxyConfig = new NetworkProxiesConfiguration($this->app['conf']);
$clientOptions = [
'base_uri' => $exposeConfiguration['auth_base_uri'],
'http_errors' => false,
'verify' => $exposeConfiguration['verify_ssl']
];
@@ -49,14 +48,7 @@ class PSExposeController extends Controller
$oauthClient = $proxyConfig->getClientWithOptions($clientOptions);
try {
$response = $oauthClient->post('/oauth/v2/token', [
'json' => [
'client_id' => $exposeConfiguration['auth_client_id'],
'client_secret' => $exposeConfiguration['auth_client_secret'],
'grant_type' => 'password',
'username' => $request->request->get('auth-username'),
'password' => $request->request->get('auth-password') ]
]);
$response = $this->getTokenByPassword($oauthClient, $exposeConfiguration, $request->request->get('auth-username'), $request->request->get('auth-password'));
} catch(\Exception $e) {
return $this->app->json([
'success' => false,
@@ -84,7 +76,21 @@ class PSExposeController extends Controller
$session = $this->getSession();
$passSessionName = $this->getPassSessionName($request->request->get('exposeName'));
$session->set($passSessionName, $tokenBody['access_token']);
if (isset($tokenBody['refresh_expires_in'])) {
$passSessionNameValue = [
'access_token' => $tokenBody['access_token'],
'expires_at' => time() + $tokenBody['expires_in'],
'refresh_token'=> $tokenBody['refresh_token'],
'refresh_expires_at' => time() + $tokenBody['refresh_expires_in']
];
} else {
$passSessionNameValue = [
'access_token' => $tokenBody['access_token'],
'expires_at' => time() + $tokenBody['expires_in'],
];
}
$session->set($passSessionName, $passSessionNameValue);
$loginSessionName = $this->getLoginSessionName($request->request->get('exposeName'));
$session->set($loginSessionName, $request->request->get('auth-username'));
@@ -200,8 +206,9 @@ class PSExposeController extends Controller
if (!$session->has($passSessionName) && $providerId != null) {
try {
$provider = $this->getAuthenticationProviders()->get($providerId);
if ($provider->getType() == 'PsAuth') {
$session->set($passSessionName, $provider->getAccessToken());
if ($provider->getType() == 'PsAuth' && $exposeConfiguration['auth_provider_name'] == $providerId) {
$session->set($passSessionName, ['access_token' => $provider->getAccessToken()]);
$session->set($this->getLoginSessionName($exposeName), $provider->getUserName());
}
} catch(\Exception $e) {
@@ -903,9 +910,26 @@ class PSExposeController extends Controller
]);
}
$config = $this->getExposeConfiguration($exposeName);
// used to set or refresh token session
$accessToken = $this->getAndSaveToken($exposeName);
$this->getEventDispatcher()->dispatch(WorkerEvents::EXPOSE_UPLOAD_ASSETS, new ExposeUploadEvent($lst, $exposeName, $publicationId, $accessToken));
if (empty($accessToken)) {
return $app->json([
'success' => false,
'message' => "Do not have access token!"
]);
}
$accessTokenInfo = [];
if ($config['connection_kind'] == 'password') {
$accessTokenInfo = $this->getSession()->get($this->getPassSessionName($exposeName));
} elseif($config['connection_kind'] == 'client_credentials') {
$accessTokenInfo = $this->getSession()->get($this->getCredentialSessionName($exposeName));
}
$this->getEventDispatcher()->dispatch(WorkerEvents::EXPOSE_UPLOAD_ASSETS, new ExposeUploadEvent($lst, $exposeName, $publicationId, $accessTokenInfo));
return $app->json([
'success' => true,
@@ -1283,7 +1307,13 @@ class PSExposeController extends Controller
{
$expose_name = str_replace(' ', '_', $exposeName);
return 'password_access_token_'.$expose_name;
return 'password_access_token_' . $expose_name;
}
private function getCredentialSessionName($exposeName)
{
$expose_name = str_replace(' ', '_', $exposeName);
return 'credential_access_token_' . $expose_name;
}
/**
@@ -1311,48 +1341,125 @@ class PSExposeController extends Controller
$session = $this->getSession();
$passSessionName = $this->getPassSessionName($exposeName);
$expose_name = str_replace(' ', '_', $exposeName);
$credentialSessionName = 'credential_access_token_'.$expose_name;
$proxyConfig = new NetworkProxiesConfiguration($this->app['conf']);
$oauthClient = $proxyConfig->getClientWithOptions([
'verify' => $config['verify_ssl'],
]);
$credentialSessionName = $this->getCredentialSessionName($exposeName);
$accessToken = '';
if ($config['connection_kind'] == 'password') {
$accessToken = $session->get($passSessionName);
} elseif ($config['connection_kind'] == 'client_credentials') {
if ($session->has($credentialSessionName)) {
$accessToken = $session->get($credentialSessionName);
} else {
$proxyConfig = new NetworkProxiesConfiguration($this->app['conf']);
$tokenInfo = $session->get($passSessionName);
if (!isset($tokenInfo['expires_at'])) {
$accessToken = $tokenInfo['access_token'];
} elseif (is_array($tokenInfo) && $tokenInfo['expires_at'] > time()) {
$accessToken = $tokenInfo['access_token'];
} elseif (is_array($tokenInfo) && $tokenInfo['expires_at'] <= time() && $tokenInfo['refresh_expires_at'] > time()) {
$resToken = $this->refreshToken($oauthClient, $config, $tokenInfo['refresh_token']);
$oauthClient = $proxyConfig->getClientWithOptions([
'verify' => $config['verify_ssl'],
]);
$response = $oauthClient->post($config['expose_base_uri'] . '/oauth/v2/token', [
'json' => [
'client_id' => $config['expose_client_id'],
'client_secret' => $config['expose_client_secret'],
'grant_type' => 'client_credentials',
'scope' => 'publish'
]
]);
if ($response->getStatusCode() !== 200) {
return null;
if ($resToken->getStatusCode() !== 200) {
throw new \Exception("Error when get refresh token with status code: " . $resToken->getStatusCode());
}
$tokenBody = $response->getBody()->getContents();
$refreshtokenBody = $resToken->getBody()->getContents();
$tokenBody = json_decode($tokenBody,true);
$refreshtokenBody = json_decode($refreshtokenBody,true);
$session->set($credentialSessionName, $tokenBody['access_token']);
if (isset($refreshtokenBody['refresh_expires_in'])) {
$passSessionNameValue = [
'access_token' => $refreshtokenBody['access_token'],
'expires_at' => time() + $refreshtokenBody['expires_in'],
'refresh_token'=> $refreshtokenBody['refresh_token'],
'refresh_expires_at' => time() + $refreshtokenBody['refresh_expires_in']
];
} else {
$passSessionNameValue = [
'access_token' => $refreshtokenBody['access_token'],
'expires_at' => time() + $refreshtokenBody['expires_in'],
];
}
$accessToken = $tokenBody['access_token'];
$session->set($passSessionName, $passSessionNameValue);
$accessToken = $refreshtokenBody['access_token'];
} else {
$session->remove($passSessionName);
}
} elseif ($config['connection_kind'] == 'client_credentials') {
if ($session->has($credentialSessionName)) {
$tokenInfoCredential = $session->get($credentialSessionName);
if (!isset($tokenInfoCredential['expires_at'])) {
$accessToken = $tokenInfoCredential['access_token'];
} elseif (is_array($tokenInfoCredential) && $tokenInfoCredential['expires_at'] > time()) {
$accessToken = $tokenInfoCredential['access_token'];
} else {
$accessToken = $this->getTokenByCredential($oauthClient, $config, $credentialSessionName);
}
} else {
$accessToken = $this->getTokenByCredential($oauthClient, $config, $credentialSessionName);
}
}
return $accessToken;
}
private function getTokenByCredential(Client $oauthClient, array $exposeConfiguration, $credentialSessionName)
{
$session = $this->getSession();
$response = $oauthClient->post($exposeConfiguration['oauth_token_uri'] , [
'form_params' => [
'client_id' => $exposeConfiguration['expose_client_id'],
'client_secret' => $exposeConfiguration['expose_client_secret'],
'grant_type' => 'client_credentials',
]
]);
if ($response->getStatusCode() !== 200) {
throw new \Exception("Error when get credential token with status code: " . $response->getStatusCode());
}
$tokenBody = $response->getBody()->getContents();
$tokenBody = json_decode($tokenBody,true);
$credentialSessionNameValue = [
'access_token' => $tokenBody['access_token'],
'expires_at' => time() + $tokenBody['expires_in'],
];
$session->set($credentialSessionName, $credentialSessionNameValue);
return $tokenBody['access_token'];
}
private function getTokenByPassword(Client $oauthClient, array $exposeConfiguration, $username, $password)
{
return $oauthClient->post($exposeConfiguration['oauth_token_uri'], [
'form_params' => [
'client_id' => $exposeConfiguration['auth_client_id'],
'client_secret' => $exposeConfiguration['auth_client_secret'],
'grant_type' => 'password',
'username' => $username,
'password' => $password
]
]);
}
private function refreshToken(Client $oauthClient, array $exposeConfiguration, $refreshToken)
{
return $oauthClient->post($exposeConfiguration['oauth_token_uri'], [
'form_params' => [
'client_id' => $exposeConfiguration['auth_client_id'],
'client_secret' => $exposeConfiguration['auth_client_secret'],
'grant_type' => 'refresh_token',
'refresh_token' => $refreshToken
]
]);
}
private function postPublication(Client $exposeClient, $token, $publicationData)
{
return $exposeClient->post('/publications', [