diff options
| author | David Veenstra <davidjulianveenstra@gmail.com> | 2015-09-12 23:11:15 +0200 |
|---|---|---|
| committer | Arnold Daniels <arnold@jasny.net> | 2015-09-27 16:54:20 +0200 |
| commit | 4b9dfa5e28075545b48c6ef13560876eab53e4ae (patch) | |
| tree | c88d5cb0f40257856e883978438537462ff1d726 | |
| parent | 40de2a2e0b9328c1bba46cfc543243df912d807b (diff) | |
| download | sso-4b9dfa5e28075545b48c6ef13560876eab53e4ae.zip sso-4b9dfa5e28075545b48c6ef13560876eab53e4ae.tar.gz sso-4b9dfa5e28075545b48c6ef13560876eab53e4ae.tar.bz2 | |
fixed ajax broker, might be overkill
| -rw-r--r-- | examples/ajax-broker/ajax.php | 5 | ||||
| -rw-r--r-- | examples/ajax-broker/helpers.js | 114 | ||||
| -rw-r--r-- | examples/ajax-broker/index.html | 4 | ||||
| -rw-r--r-- | src/Broker.php | 32 | ||||
| -rw-r--r-- | src/Server.php | 48 | ||||
| -rw-r--r-- | src/TestServer.php | 6 |
6 files changed, 126 insertions, 83 deletions
diff --git a/examples/ajax-broker/ajax.php b/examples/ajax-broker/ajax.php index efaaafc..7114456 100644 --- a/examples/ajax-broker/ajax.php +++ b/examples/ajax-broker/ajax.php @@ -4,6 +4,8 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/src/Broker.php'; $command = $_REQUEST['command']; $broker = new Jasny\SSO\Broker('http://localhost:9000/examples/server/', 'BrokerApi', 'BrokerApi'); +if (!empty($_REQUEST['token'])) $broker->token = $_REQUEST['token']; + if (empty($_REQUEST['command'])) { header("Content-Type: application/json"); header("HTTP/1.1 406 Not Acceptable"); @@ -11,9 +13,11 @@ if (empty($_REQUEST['command'])) { exit(); } elseif (realpath($_SERVER["SCRIPT_FILENAME"]) == realpath(__FILE__)) { error_log('executing: '. $_REQUEST['command']); + try { $result = $broker->$_REQUEST['command'](); header("Content-Type: application/json"); + error_log('result: ' . json_encode($result)); echo json_encode($result); } catch (Exception $ex) { $errorCode = $ex->getCode(); @@ -24,6 +28,7 @@ if (empty($_REQUEST['command'])) { if ($errorCode == 406) header("HTTP/1.1 406 Not Acceptable"); echo json_encode(['error' => $ex->getMessage()]); + exit(); } } else { error_log('nothing to execute'); diff --git a/examples/ajax-broker/helpers.js b/examples/ajax-broker/helpers.js index 95b5d0e..ffb218d 100644 --- a/examples/ajax-broker/helpers.js +++ b/examples/ajax-broker/helpers.js @@ -1,57 +1,57 @@ -function microAjax(B,A) -{ - this.bindFunction=function (E,D) { - return function () { - return E.apply(D,[D]);};};this.stateChange=function (D) { - if (this.request.readyState==4) { - this.callbackFunction(this.request.responseText);}};this.getRequest=function () { - if (window.ActiveXObject) { - return new ActiveXObject("Microsoft.XMLHTTP");} else { - if (window.XMLHttpRequest) { - return new XMLHttpRequest();}}return false;};this.postBody=(arguments[2]||"");this.callbackFunction=A;this.url=B;this.request=this.getRequest();if (this.request) { - var C=this.request;C.onreadystatechange=this.bindFunction(this.stateChange,this);if (this.postBody!=="") { - C.open("POST",B,true);C.setRequestHeader("X-Requested-With","XMLHttpRequest");C.setRequestHeader("Content-type","application/x-www-form-urlencoded");C.setRequestHeader("Connection","close");} else { - C.open("GET",B,true);}C.send(this.postBody);}}; - -var token; - -function attachSession() -{ - microAjax('/examples/ajax-broker/ajax.php?command=attach&token='+ token, function (data) { - console.log(data); - }); -} - -function getToken(f) -{ - microAjax('/examples/ajax-broker/ajax.php?command=getToken', function (data) { - token = data; - console.log('token is ready'); - }); -} - -function login() -{ - var username = document.querySelector('input[name="username"]').value; - var password = document.querySelector('input[name="password"]').value; - var query = [ - 'command=login', - 'username='+username, - 'password='+password, - 'token='+token - ]; - - microAjax('/examples/ajax-broker/ajax.php?' + query.join('&'), function (data) { - console.log(data); - var outputDiv = document.querySelector('#output'); - var output = ""; - var jsonData = JSON.parse(data); - - for (var key in jsonData) { - output += key + ": " + jsonData[key] + "<br>"; - } - outputDiv.innerHTML = output; - }); -} - -getToken(); +function microAjax(B,A) {this.bindFunction=function (E,D) {return function () {return E.apply(D,[D]);};};this.stateChange=function (D) {if (this.request.readyState==4) {this.callbackFunction(this.request.responseText);}};this.getRequest=function () {if (window.ActiveXObject) {return new ActiveXObject("Microsoft.XMLHTTP");} else {if (window.XMLHttpRequest) {return new XMLHttpRequest();}}return false;};this.postBody=(arguments[2]||"");this.callbackFunction=A;this.url=B;this.request=this.getRequest();if (this.request) {var C=this.request;C.onreadystatechange=this.bindFunction(this.stateChange,this);if (this.postBody!=="") {C.open("POST",B,true);C.setRequestHeader("X-Requested-With","XMLHttpRequest");C.setRequestHeader("Content-type","application/x-www-form-urlencoded");C.setRequestHeader("Connection","close");} else {C.open("GET",B,true);}C.send(this.postBody);}}; + +var token = ''; + +function makeRequest(command, token, callback, postBody) { + var url = '/examples/ajax-broker/ajax.php?command=' + encodeURIComponent(command); + + microAjax(url, callback, postBody); +} + +function getToken() { + makeRequest('getToken', '', function (data) { + token = JSON.parse(data); + console.log('token is ready:', token); + }); + + var buttons = document.querySelectorAll('button'); + console.log(buttons); + for (var i = 0; i < buttons.length; i++) { + buttons[i].disabled = false; + } +} + +function doRequest(command, callback, postbody) { + makeRequest(command, token, function(data) { + var outputDiv = document.querySelector('#output'); + outputDiv.innerHTML = data; + callback(data); + }, postbody || ''); +} + +function print() { + console.log(arguments); +} + +function login() { + var username = document.querySelector('input[name="username"]').value; + var password = document.querySelector('input[name="password"]').value; + var query = [ + 'username='+ username, + 'password='+ password + ]; + + doRequest('login', function(data){console.log(data);}, query.join('&')); +} + +function attach() { + doRequest('ajaxAttach', function(data){console.log(data);}); +} + +function detach() { + doRequest('detach', function(data){console.log(data);}); +} + +function getUserInfo() { + doRequest('getUserInfo', function(data){console.log(data);}); +} diff --git a/examples/ajax-broker/index.html b/examples/ajax-broker/index.html index 9898d06..933f264 100644 --- a/examples/ajax-broker/index.html +++ b/examples/ajax-broker/index.html @@ -10,7 +10,9 @@ password: <input type="text" name="password"><br><br> <input type="button" onclick="login()" value="Login"> </form> - <button type="button" onclick="attachSession()">Attach session</button> + <button type="button" onclick="attach()" >Attach session</button> + <button type="button" onclick="getUserInfo()" >Print User Info</button> + <button type="button" onclick="detach()" >Detach</button> <div id="output"> </div> </body> diff --git a/src/Broker.php b/src/Broker.php index b4c4f0c..b55f91d 100644 --- a/src/Broker.php +++ b/src/Broker.php @@ -121,8 +121,9 @@ class Broker */ public function attach($returnUrl = null) { - error_log('trying to attach'); + error_log('trying to attach: ' . $this->token); if ($this->isAttached()) return; + error_log('trying to attach: ' . $this->token); $url = $this->getAttachUrl(); @@ -137,6 +138,27 @@ class Broker exit(); } + public function ajaxAttach() + { + error_log('trying to attach using ajax: ' . $this->token . ' ' . session_id()); + error_log('with token: ' . $this->token); + error_log('with sid: ' . session_id()); + + $token = $this->getToken(); + $checksum = md5("attach{$token}{$_SERVER['REMOTE_ADDR']}{$this->secret}"); + + $params = [ + 'token' => $this->token, + 'broker' => $this->broker, + 'token' => $token, + 'checksum' => $checksum, + 'clientSid' => session_id(), + 'clientAddr' => $_SERVER['REMOTE_ADDR'] + ]; + + return $this->request('attach', $params); + } + /** * Detach our session from the user's session on the SSO server. */ @@ -146,6 +168,8 @@ class Broker $this->userinfo = null; unset($_SESSION['SSO']); + echo '{}'; + exit(); } @@ -174,13 +198,15 @@ class Broker * @param array $params Post parameters * @return array */ - protected function request($command, $params = array()) + protected function request($command, $params = array(), $sid = null) { $ch = curl_init($this->getRequestUrl($command)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_POST, true); - $params[session_name()] = $this->getSessionId(); + if (!isset($sid)) $params[session_name()] = $this->getSessionId(); + else $params[session_name()] = $sid; + curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params)); $response = curl_exec($ch); diff --git a/src/Server.php b/src/Server.php index 1db55b6..3315a53 100644 --- a/src/Server.php +++ b/src/Server.php @@ -14,17 +14,6 @@ use Jasny\ValidationResult; */ abstract class Server { - /** - * Probability that the garbage collector is activated to remove of link files. - * - * Similar to gc_probability/gc_divisor - * - * @link http://www.php.net/manual/en/session.configuration.php#ini.session.gc-probability - * - * @var float - */ - public static $gcProbability = 0.01; - private $started = false; /** @@ -39,7 +28,18 @@ abstract class Server $this->cache = $this->createCacheAdapter(); $this->cache->set('hello world', 'bonjour'); error_log('cache: ' . $this->cache->get('hello world')); - error_log('request:'. json_encode($_REQUEST)); + error_log('request: ' . json_encode($_REQUEST)); + } + + protected function getClientAddress() { + if (!empty($_SERVER['REMOTE_ADDR'])) { + return $_SERVER['REMOTE_ADDR']; + } + elseif (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)) { + return array_pop(explode(',', $_SERVER['HTTP_X_FORWARDED_FOR'])); + } + + return $clientAddr; } /** @@ -54,12 +54,25 @@ abstract class Server // Broker session $matches = null; - error_log('request: ' . json_encode($_REQUEST)); if (isset($_REQUEST[session_name()]) && preg_match('/^SSO-(\w*+)-(\w*+)-([a-z0-9]*+)$/', $_REQUEST[session_name()], $matches)) { - error_log('starting broker session'); $sid = $_REQUEST[session_name()]; - error_log('retrieved sid: '. $sid); + + /* for (cross domain) ajax attach calls */ + if (isset($_POST['clientSid']) + && $this->generateSessionId($matches[1], $matches[2], $_POST['clientAddr']) == $sid) { + + error_log('setting sid'); + session_id($_POST['clientSid']); + session_start(); + + if (isset($_SESSION['client_addr']) && $_SESSION['client_addr'] != $_POST['clientAddr']) { + unset($_SESSION['username']); + } + + $_SESSION['client_addr'] = $_POST['clientAddr']; + return; + } $linkedId = $this->cache->get($sid); if ($linkedId) { @@ -91,7 +104,11 @@ abstract class Server error_log('starting user session'); session_start(); + + error_log('session ' . json_encode($_SESSION)); + error_log('session dd' . session_id()); if (isset($_SESSION['client_addr']) && $_SESSION['client_addr'] != $_SERVER['REMOTE_ADDR']) { + error_log('regenerate id'); session_regenerate_id(true); } if (!isset($_SESSION['client_addr'])) { @@ -187,7 +204,6 @@ abstract class Server } // Output an image specially for AJAX apps - header('Content-type: application/json; charset=UTF-8'); echo json_encode(['token' => $_REQUEST['token']]); } diff --git a/src/TestServer.php b/src/TestServer.php index db0a53e..e4d9133 100644 --- a/src/TestServer.php +++ b/src/TestServer.php @@ -52,10 +52,4 @@ class TestServer extends Server { return self::$users[$user]; } - - // protected function createCacheAdapter() { - // $adapter = new Memory(); - // $adapter->setOption('ttl', 10 * 3600); - // return new Cache($adapter); - // } } |