DP-499 Integrate SSO

src/Resources/Environment.php

@@ -96,6 +96,9 @@ protected function handleGET()
                 $result['platform']['packages'] = $packages;
 
                 $result['php'] = EnvUtilities::getPhpInfo();
+                // Remove environment variables being kicked back to the client
+                unset($result['php']['environment']);
+                unset($result['php']['php_variables']);
             }
         }
 

src/Resources/Session.php

@@ -29,6 +29,18 @@ protected function handleGET()
      */
     protected function handlePOST()
     {
+         // IntegrateIo Hosted Trial Login
+         if (!empty($this->getPayloadData('integrateio_id'))) {
+            $credentials = [
+                'integrateio_id' => $this->getPayloadData('integrateio_id'),
+                'email'          => $this->getPayloadData('email'),
+                'sso_token'      => $this->getPayloadData('sso_token'),
+                'timestamp'      => $this->getPayloadData('timestamp')
+            ];
+
+            return $this->handleIntegrateLogin($credentials, boolval($this->getPayloadData('remember_me')));
+        }
+
         $credentials = [
             'email'        => $this->getPayloadData('email'),
             'username'     => $this->getPayloadData('username'),

src/Resources/UserProfileResource.php

@@ -52,7 +52,8 @@ protected function handleGET()
             'security_question' => $user->security_question,
             'default_app_id'    => $user->default_app_id,
             'oauth_provider'    => (!empty($user->oauth_provider)) ? $user->oauth_provider : '',
-            'adldap'            => (!empty($user->adldap)) ? $user->adldap : ''
+            'adldap'            => (!empty($user->adldap)) ? $user->adldap : '',
+            'integrateio_id'    => (!empty($user->integrateio_id)) ? $user->integrateio_id : ''
         ];
 
         return $data;
@@ -80,7 +81,8 @@ protected function handlePOST()
             'phone'             => array_get($payload, 'phone'),
             'security_question' => array_get($payload, 'security_question'),
             'security_answer'   => array_get($payload, 'security_answer'),
-            'default_app_id'    => array_get($payload, 'default_app_id')
+            'default_app_id'    => array_get($payload, 'default_app_id'),
+            'current_password'  => array_get($payload, 'current_password')
         ];
 
         $data = array_filter($data, function ($value) {
@@ -95,6 +97,27 @@ protected function handlePOST()
 
         $oldToken = Session::getSessionToken();
         $email = $user->email;
+
+        // require password on email change
+        if (!empty(array_get($data, 'email')) && $email !== array_get($data, 'email')) {
+            $provided = array_get($data, 'current_password');
+
+            if (empty($provided)) {
+                throw new BadRequestException('Current Password required to change email');
+            }
+
+            try {
+                //validate password
+                $isValid = \Hash::check($provided, $user->password);
+            } catch (\Exception $ex) {
+                throw new InternalServerErrorException("Error validating current password.\n{$ex->getMessage()}");
+            }
+
+            if (!$isValid) {
+                throw new BadRequestException("The password supplied does not match.");
+            }
+        }
+
         $user->update($data);
 
         if (!empty($oldToken) && $email !== array_get($data, 'email', $email)) {

src/Resources/UserSessionResource.php

@@ -201,6 +201,60 @@ protected function handleLogin(array $credentials = [], $remember = false)
         }
     }
 
+    /**
+     * @param array $credentials
+     * @return string
+    */
+    private function generateToken($credentials) {
+        $integrateio_id = $credentials['integrateio_id'];
+        $email = $credentials['email'];
+        $timestamp = $credentials['timestamp'];
+        $secret = getenv('INTEGRATEIO_SSO_SECRET');
+
+        $hashedToken = sha1($integrateio_id . ':' . $email . ':' . $secret . ':' . $timestamp);
+        return $hashedToken;
+    }
+     /**
+     * Performs login for Integrate Io Hosted trial Users.
+     *
+     * @param array $credentials
+     * @param bool  $remember
+     *
+     * @return array
+     * @throws BadRequestException
+     * @throws UnauthorizedException
+     * @throws \Exception
+     */
+    protected function handleIntegrateLogin(array $credentials = [], $remember = false)
+    {
+        // Check all params are there:
+        $requiredParams = array('integrateio_id', 'email', 'sso_token', 'timestamp');
+
+        // Make sure that all params are in the request.
+        foreach ($requiredParams as $requiredParam) {
+            if (!isset($credentials[$requiredParam])) {
+                throw new BadRequestException('Missing Parameters');
+            }
+        }
+
+        if (($this->generateToken($credentials) === $credentials['sso_token']) && ($credentials['timestamp'] > (time() - 120))) {
+            $credentials['is_active'] = 1;
+
+            // if user management not available then only system admins can login.
+            if (!class_exists('\DreamFactory\Core\User\Resources\System\User')) {
+                $credentials['is_sys_admin'] = 1;
+            }
+
+            if (Session::authenticate($credentials, $remember, true, $this->getAppId())) {
+                return Session::getPublicInfo();
+            } else {
+                throw new UnauthorizedException('Invalid credentials supplied.');
+            }
+        } else {
+            throw new UnauthorizedException('Invalid token supplied');
+        }
+    }
+
     /**
      * @return int|null
      */