Merge branch 'main' into feature/lv11-version

Author: smarcet

.gitignore

@@ -49,4 +49,5 @@ model.sql
 /public/assets/*.png
 /public/assets/*.txt
 /.env.local
-/.phpunit.cache/
+/.phpunit.cache/
+docker-compose/mysql/model/*.sql

LOCAL_DEVELOPMENT_HOWTO.md

@@ -0,0 +1,46 @@
+Run Local Dev Server
+====================
+
+1. Create [.env](.env) file with following properties
+
+```dotenv
+GITHUB_OAUTH_TOKEN="<GITHUB TOKEN FROM YOUR GITHUB ACCOUNT>"
+
+APP_ENV=local
+APP_DEBUG=true
+APP_KEY=<YOUR LV APP KEY>
+DEV_EMAIL_TO=smarcet@gmail.com
+APP_URL=http://localhost
+DB_CONNECTION=mysql
+DB_HOST=db
+DB_PORT=3306
+DB_DATABASE=idp_local
+DB_USERNAME=idp_user
+DB_PASSWORD=1qaz2wsx!
+REDIS_HOST=redis
+REDIS_PORT=6379
+REDIS_DB=0
+REDIS_PASSWORD=1qaz2wsx!
+REDIS_DATABASES=16
+SSL_ENABLED=false
+```
+2.( optional ) Drop here  [docker-compose/mysql/model](docker-compose/mysql/model) the database dump *.sql file
+3.Install docker and docker compose see
+[https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-compose-on-ubuntu-22-04](https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-compose-on-ubuntu-22-04) and [https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-22-04](https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-22-04)
+4.Run script ./start_local_server.sh (http://localhost:8001/)
+
+Redump the database
+===================
+
+````bash
+    mysql -u root -h 127.0.0.1 -P 30780 --password=<DB_PASSWORD> < mydump.sql
+````
+
+Useful Commands
+===============
+
+check containers health status
+
+````bash
+docker inspect --format "{{json .State.Health }}" www-openstack-model-db-local | jq '.
+````

PHPSTORM_DOCKER_CONFIG.md

@@ -0,0 +1,32 @@
+Debug config at PHPSTORM
+==========================
+
+1. Add a new CLI interpreter using [Docker]
+    1. choose image www-openstack:latest
+    2. click [OK]
+    3. select new CLI interpreter
+    4. click [Apply]
+
+2. Edit network settings at container
+    1. goto Settings->PHP and locate "Docker Container" input.
+    2. Click on Folder icon.
+    3. a new popup titled "Edit Docker Container Settings" will open.
+    4. fill the "Network Mode" input with the bridge name, to find it out run ```$docker network list``` command.
+       and put the name of the bridge there.
+
+3. Create new server
+    1. goto Settings->PHP->Servers
+    2. click on [+]
+    3. fill up Name with "Docker"
+    4. fill up Host with "0.0.0.0"
+    5. fill up Port with "80"
+    6. click use map mappings
+    7. map root to /var/www
+
+4. Create a remote debug configuration profile
+    1. goto Run->Debug->Edit Configurations
+    2. create a new "PHP Remote debug" Profile
+    3. set name as "Docker"
+    4. check "Filter debug connection by IDE key"
+    5. set IDE KEY as "PHPSTORM"
+    6. set Server as "Docker"

app/Console/Commands/CleanOAuth2StaleData.php

@@ -58,9 +58,29 @@ public function handle()
             $res = DB::table('oauth2_access_token')
                 ->whereRaw("DATE_ADD(created_at, INTERVAL lifetime second) <= UTC_TIMESTAMP()")
                 ->delete();
-
             Log::debug(sprintf("CleanOAuth2StaleData::handle %s rows where deleted from oauth2_access_token", $res));
+            $this->info(sprintf("CleanOAuth2StaleData::handle %s rows where deleted from oauth2_access_token", $res));
+        }
+
+        if (Schema::hasTable('oauth2_otp')) {
+            $res = DB::table('oauth2_otp')
+                ->whereRaw("lifetime > 0 and DATE_ADD(created_at, INTERVAL lifetime second) <= UTC_TIMESTAMP()")
+                ->delete();
+
+            Log::debug(sprintf("CleanOAuth2StaleData::handle %s rows where deleted from oauth2_otp", $res));
+            $this->info(sprintf("CleanOAuth2StaleData::handle %s rows where deleted from oauth2_otp", $res));
         }
 
+
+        if (Schema::hasTable('oauth2_refresh_token')) {
+            $res = DB::table('oauth2_refresh_token')
+                ->whereRaw("void = 1")
+                ->delete();
+
+            Log::debug(sprintf("CleanOAuth2StaleData::handle %s rows where deleted from oauth2_refresh_token", $res));
+            $this->info(sprintf("CleanOAuth2StaleData::handle %s rows where deleted from oauth2_refresh_token", $res));
+        }
+
+
     }
 }

app/Console/Commands/CreateSuperAdmin.php

@@ -81,7 +81,12 @@ public function handle()
             EntityManager::flush();
         }
 
-        $user->addToGroup($group);
+        try {
+            $user->addToGroup($group);
+        }
+        catch (\Exception $ex){
+            // already in group
+        }
         EntityManager::persist($user);
         EntityManager::flush();
     }

app/Http/Controllers/Api/ClientApiController.php

@@ -12,13 +12,17 @@
  * limitations under the License.
  **/
 use App\Http\Controllers\APICRUDController;
+use App\Http\Controllers\ParametrizedGetAll;
+use App\Http\Exceptions\HTTP401UnauthorizedException;
 use App\Http\Utils\PagingConstants;
 use App\ModelSerializers\SerializerRegistry;
 use Exception;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Request;
 use Illuminate\Support\Facades\Validator;
 use models\exceptions\EntityNotFoundException;
+use models\utils\IBaseRepository;
+use OAuth2\IResourceServerContext;
 use OAuth2\Repositories\IAccessTokenRepository;
 use OAuth2\Repositories\IClientRepository;
 use OAuth2\Repositories\IRefreshTokenRepository;
@@ -39,6 +43,8 @@
 final class ClientApiController extends APICRUDController
 {
 
+    use ParametrizedGetAll;
+
     /**
      * @var IApiScopeService
      */
@@ -495,61 +501,97 @@ public function getRefreshTokens($id)
 
     /**
      * @return mixed
+     * @throws HTTP401UnauthorizedException
      */
     public function getAccessTokensByCurrentUser()
     {
-        $values = Request::all();
-        $rules  = [
-
-            'page'     => 'integer|min:1',
-            'per_page' => sprintf('required_with:page|integer|min:%s|max:%s', PagingConstants::MinPageSize, PagingConstants::MaxPageSize),
-        ];
-
-        try {
-            $validation = Validator::make($values, $rules);
-
-            if ($validation->fails()) {
-                $ex = new ValidationException();
-                throw $ex->setMessages($validation->messages()->toArray());
+        $user = $this->auth_service->getCurrentUser();
+        if(is_null($user))
+            throw new HTTP401UnauthorizedException();
+
+        return $this->_getAll(
+            function () {
+                return [
+                    'client_name' =>  ['=@', '==','@@'],
+                    'device_info' =>  ['=@', '==','@@'],
+                    'from_ip' =>  ['=@', '==','@@'],
+                    'scope' =>  ['=@', '==','@@'],
+                ];
+            },
+            function () {
+                return [
+                    'client_name' => 'sometimes|string',
+                    'device_info' => 'sometimes|string',
+                    'from_ip' => 'sometimes|string',
+                    'scope' => 'sometimes|string',
+                ];
+            },
+            function () {
+                return [
+                    'client_name',
+                    'created_at',
+                    'device_info',
+                    'from_ip',
+                    'scope'
+                ];
+            },
+            function ($filter) use($user) {
+                if($filter instanceof Filter){
+                    $filter->addFilterCondition(FilterElement::makeEqual('owner_id', $user->getId()));
+                    $filter->addFilterCondition(FilterElement::makeEqual('is_valid', true));
+                }
+                return $filter;
+            },
+            function () {
+                return SerializerRegistry::SerializerType_Public;
             }
+        );
 
-            // default values
-            $page     = 1;
-            $per_page = PagingConstants::DefaultPageSize;;
+    }
 
-            if (Request::has('page')) {
-                $page     = intval(Request::input('page'));
-                $per_page = intval(Request::input('per_page'));
+    /**
+     * @return mixed
+     */
+    public function getAllAccessTokens()
+    {
+        return $this->_getAll(
+            function () {
+                return [
+                    'owner_id' => ['=='],
+                    'client_name' =>  ['=@', '==','@@'],
+                    'device_info' =>  ['=@', '==','@@'],
+                    'from_ip' =>  ['=@', '==','@@'],
+                    'scope' =>  ['=@', '==','@@'],
+                ];
+            },
+            function () {
+                return [
+                    'owner_id' => 'required|int',
+                    'client_name' => 'sometimes|string',
+                    'device_info' => 'sometimes|string',
+                    'from_ip' => 'sometimes|string',
+                    'scope' => 'sometimes|string',
+                ];
+            },
+            function () {
+                return [
+                    'client_name',
+                    'created_at',
+                    'device_info',
+                    'from_ip',
+                    'scope'
+                ];
+            },
+            function ($filter) {
+                if($filter instanceof Filter){
+                    $filter->addFilterCondition(FilterElement::makeEqual('is_valid', true));
+                }
+                return $filter;
+            },
+            function () {
+                return SerializerRegistry::SerializerType_Public;
             }
-
-            $user      = $this->auth_service->getCurrentUser();
-
-            $data = $this->access_token_repository->getAllValidByUserId($user->getId(), new PagingInfo($page, $per_page));
-            return $this->ok
-            (
-                $data->toArray
-                (
-                    Request::input('expand', ''),
-                    [],
-                    [],
-                    []
-                )
-            );
-        }
-        catch (ValidationException $ex1)
-        {
-            Log::warning($ex1);
-            return $this->error412(array($ex1->getMessage()));
-        }
-        catch (EntityNotFoundException $ex2)
-        {
-            Log::warning($ex2);
-            return $this->error404(array('message' => $ex2->getMessage()));
-        }
-        catch (Exception $ex) {
-            Log::error($ex);
-            return $this->error500($ex);
-        }
+        );
     }
 
     /**
@@ -679,6 +721,7 @@ protected function getUpdatePayloadValidationRules(): array
             'otp_enabled'                     => 'sometimes|boolean',
             'otp_length'                      => 'sometimes|integer|min:4|max:8',
             'otp_lifetime'                    => 'sometimes|integer|min:60|max:600',
+            'max_allowed_user_sessions'       => 'sometimes|integer|min:0',
         ];
     }
 
@@ -695,4 +738,14 @@ protected function getCreatePayloadValidationRules(): array
             'admin_users'      => 'nullable|int_array',
         ];
     }
+
+    protected function getResourceServerContext(): IResourceServerContext
+    {
+        // TODO: Implement getResourceServerContext() method.
+    }
+
+    protected function getRepository(): IBaseRepository
+    {
+        return $this->access_token_repository;
+    }
 }

app/Http/Controllers/Api/OAuth2/OAuth2UserApiController.php

@@ -160,6 +160,39 @@ protected function curateUpdatePayload(array $payload): array
         ]);
     }
 
+      private function _create(){
+        try {
+
+            if(!Request::isJson()) return $this->error400();
+
+            $payload = Request::json()->all();
+            // Creates a Validator instance and validates the data.
+            $validation = Validator::make($payload, UserValidationRulesFactory::build($payload));
+            if ($validation->fails()) {
+                $ex = new ValidationException();
+                throw $ex->setMessages($validation->messages()->toArray());
+            }
+
+            $user = $this->openid_user_service->create($payload);
+
+            return $this->created(SerializerRegistry::getInstance()->getSerializer($user, SerializerRegistry::SerializerType_Private)->serialize());
+        }
+        catch (ValidationException $ex1)
+        {
+            Log::warning($ex1);
+            return $this->error412($ex1->getMessages());
+        }
+        catch (EntityNotFoundException $ex2)
+        {
+            Log::warning($ex2);
+            return $this->error404(['message' => $ex2->getMessage()]);
+        }
+        catch (Exception $ex) {
+            Log::error($ex);
+            return $this->error500($ex);
+        }
+    }
+
     private function _update($id){
         try {
 
@@ -193,6 +226,10 @@ private function _update($id){
         }
     }
 
+    public function create(){
+       return $this->_create();
+    }
+
     public function updateMe(){
         return $this->_update($this->resource_server_context->getCurrentUserId());
     }