Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
0.00% |
0 / 76 |
|
0.00% |
0 / 1 |
CRAP | |
0.00% |
0 / 1 |
| Oidc | |
0.00% |
0 / 76 |
|
0.00% |
0 / 1 |
30 | |
0.00% |
0 / 1 |
| readResponse | |
0.00% |
0 / 76 |
|
0.00% |
0 / 1 |
30 | |||
| 1 | <?php |
| 2 | |
| 3 | /** |
| 4 | * @package Zmsadmin |
| 5 | * @copyright BerlinOnline Stadtportal GmbH & Co. KG |
| 6 | **/ |
| 7 | |
| 8 | namespace BO\Zmsadmin; |
| 9 | |
| 10 | use BO\Zmsclient\Auth; |
| 11 | |
| 12 | class Oidc extends BaseController |
| 13 | { |
| 14 | /** |
| 15 | * @SuppressWarnings(Param) |
| 16 | * @return \Psr\Http\Message\ResponseInterface |
| 17 | */ |
| 18 | public function readResponse( |
| 19 | \Psr\Http\Message\RequestInterface $request, |
| 20 | \Psr\Http\Message\ResponseInterface $response, |
| 21 | array $args |
| 22 | ) { |
| 23 | try { |
| 24 | $state = $request->getParam("state"); |
| 25 | $authKey = Auth::getKey(); |
| 26 | $sessionHash = hash('sha256', $authKey); |
| 27 | |
| 28 | \App::$log->info('OIDC Login state validation', [ |
| 29 | 'event' => 'oauth_login_state_validation', |
| 30 | 'timestamp' => date('c'), |
| 31 | 'provider' => Auth::getOidcProvider(), |
| 32 | 'application' => 'zmsadmin', |
| 33 | 'state_match' => ($state == $authKey), |
| 34 | 'hashed_session_token' => $sessionHash |
| 35 | ]); |
| 36 | |
| 37 | if ($state == $authKey) { |
| 38 | try { |
| 39 | $workstation = \App::$http->readGetResult('/workstation/', ['resolveReferences' => 2])->getEntity(); |
| 40 | $username = $workstation->getUseraccount()->id; |
| 41 | $authkey = $workstation->authkey ?? Auth::getKey() ?? ''; |
| 42 | $sessionHash = hash('sha256', $authkey); |
| 43 | |
| 44 | \App::$log->info('OIDC Login workstation access', [ |
| 45 | 'event' => 'oauth_login_workstation_access', |
| 46 | 'timestamp' => date('c'), |
| 47 | 'provider' => Auth::getOidcProvider(), |
| 48 | 'application' => 'zmsadmin', |
| 49 | 'username' => $username, |
| 50 | 'workstation_id' => $workstation->id ?? 'unknown', |
| 51 | 'hashed_session_token' => $sessionHash |
| 52 | ]); |
| 53 | |
| 54 | $departmentCount = $workstation->getUseraccount()->getDepartmentList()->count(); |
| 55 | |
| 56 | \App::$log->info('OIDC Login department check', [ |
| 57 | 'event' => 'oauth_login_department_check', |
| 58 | 'timestamp' => date('c'), |
| 59 | 'provider' => Auth::getOidcProvider(), |
| 60 | 'application' => 'zmsadmin', |
| 61 | 'username' => $username, |
| 62 | 'department_count' => $departmentCount, |
| 63 | 'has_departments' => ($departmentCount > 0), |
| 64 | 'hashed_session_token' => $sessionHash |
| 65 | ]); |
| 66 | |
| 67 | if (0 == $departmentCount) { |
| 68 | return \BO\Slim\Render::redirect( |
| 69 | 'index', |
| 70 | [], |
| 71 | [ |
| 72 | 'oidclogin' => true |
| 73 | ] |
| 74 | ); |
| 75 | } |
| 76 | return \BO\Slim\Render::redirect( |
| 77 | 'workstationSelect', |
| 78 | [], |
| 79 | [] |
| 80 | ); |
| 81 | } catch (\Exception $e) { |
| 82 | \App::$log->error('OIDC Login workstation error', [ |
| 83 | 'event' => 'oauth_login_workstation_error', |
| 84 | 'timestamp' => date('c'), |
| 85 | 'provider' => Auth::getOidcProvider(), |
| 86 | 'application' => 'zmsadmin', |
| 87 | 'error' => $e->getMessage(), |
| 88 | 'code' => $e->getCode() |
| 89 | ]); |
| 90 | throw $e; |
| 91 | } |
| 92 | } |
| 93 | |
| 94 | \App::$log->error('OIDC Login invalid state', [ |
| 95 | 'event' => 'oauth_login_invalid_state', |
| 96 | 'timestamp' => date('c'), |
| 97 | 'provider' => Auth::getOidcProvider(), |
| 98 | 'application' => 'zmsadmin' |
| 99 | ]); |
| 100 | |
| 101 | throw new \BO\Slim\Exception\OAuthInvalid(); |
| 102 | } catch (\Exception $e) { |
| 103 | \App::$log->error('OIDC Login error', [ |
| 104 | 'event' => 'oauth_login_error', |
| 105 | 'timestamp' => date('c'), |
| 106 | 'provider' => Auth::getOidcProvider(), |
| 107 | 'application' => 'zmsadmin', |
| 108 | 'error' => $e->getMessage(), |
| 109 | 'code' => $e->getCode() |
| 110 | ]); |
| 111 | throw $e; |
| 112 | } |
| 113 | } |
| 114 | } |