update stubs for Webauth

ristekusdi · Mar 14, 2024 · 60e82bc · 60e82bc
1 parent 0b85729
commit 60e82bc
Show file tree

Hide file tree

Showing 2 changed files with 138 additions and 38 deletions.
diff --git a/stubs/ci3/controllers/Webauth.php b/stubs/ci3/controllers/Webauth.php
@@ -28,6 +28,9 @@ public function logout()
     {
         $sso = new SSOService;
         $url = $sso->getLogoutUrl();
+        // NOTE: forgetToken must be after getLogoutUrl().
+        // Otherwise the logout form will show error message: id_token_hint not found!
+        $sso->forgetToken();
         return redirect($url);
     }
 
@@ -54,42 +57,8 @@ public function callback()
             try {
                 (new WebGuard())->validate($token);
 
-                $client_roles = (new WebGuard)->user()->client_roles;
-
-                // NOTE: You maybe want to get roles from your database by using $client_roles
-                // and put permissions to each role.
-                // Here's is example of result.
-                $roles = json_decode(json_encode([
-                    [
-                        'id' => 1,
-                        'name' => 'Operator',
-                        'permissions' => [
-                            'user:view',
-                            'user:edit',
-                        ]
-                    ],
-                    [
-                        'id' => 2,
-                        'name' => 'User',
-                        'permissions' => [
-                            'profile:view',
-                            'profile:edit',
-                        ]
-                    ],
-                ]));
-
-                $serialize_session = serialize(array(
-                    'roles' => $roles,
-                    'role' => $roles[0],
-                ));
-
-                // PHP_SESSION_NONE if sessions are enabled, but none exists.
-                // https://www.php.net/manual/en/function.session-status.php
-                if (session_status() === PHP_SESSION_NONE) {
-                    session_start();
-                }
-
-                $_SESSION['serialize_session'] = $serialize_session;
+                // You may need to create a custom session for your internal app
+                $this->createSession();
 
                 redirect('/home');
             } catch (\Exception $e) {
@@ -98,6 +67,68 @@ public function callback()
         }
     }
 
+    public function impersonate()
+    {
+        $username = $this->input->post('username');
+        $credentials = (new SSOService())->retrieveToken();
+        try {
+            $token = (new SSOService())->impersonate($credentials, $username);
+
+            if (empty($token)) {
+                throw new Exception("User with username {$username} not found!", 404);
+            }
+
+            (new WebGuard())->validate($token);
+
+            $this->createSession();
+
+            redirect('/home');
+        } catch (\Throwable $th) {
+            echo "Status code: {$th->getCode()} \n";
+            echo "Error message: {$th->getMessage()}\n";
+            die();
+        }
+    }
+
+    private function createSession()
+    {
+        $client_roles = (new WebGuard)->user()->client_roles;
+        // NOTE: You maybe want to get roles from your database by using $client_roles
+        // and put permissions to each role.
+        // Here's is example of result.
+        $roles = json_decode(json_encode([
+            [
+                'id' => 1,
+                'name' => 'Operator',
+                'permissions' => [
+                    'user:view',
+                    'user:edit',
+                ]
+            ],
+            [
+                'id' => 2,
+                'name' => 'User',
+                'permissions' => [
+                    'profile:view',
+                    'profile:edit',
+                ]
+            ],
+        ]));
+
+        $serialize_session = serialize(array(
+            'roles' => $roles,
+            'role' => $roles[0],
+        ));
+
+        // PHP_SESSION_NONE if sessions are enabled, but none exists.
+        // https://www.php.net/manual/en/function.session-status.php
+        if (session_status() === PHP_SESSION_NONE) {
+            session_start();
+        }
+
+        $_SESSION['serialize_session'] = $serialize_session;       
+    }
+
     /**
      * Change current role
      */

diff --git a/stubs/php/Webauth.php b/stubs/php/Webauth.php
@@ -20,6 +20,9 @@ public function logout()
     {
         $sso = new SSOService;
         $url = $sso->getLogoutUrl();
+        // NOTE: forgetToken must be after getLogoutUrl().
+        // Otherwise the logout form will show error message: id_token_hint not found!
+        $sso->forgetToken();
         header('Location: ', $url);
         exit();
     }
@@ -46,12 +49,78 @@ public function callback()
 
             try {
                 (new WebGuard())->validate($token);
-                // Ganti arah redirect sesuai kebutuhan
+
+                // You may need to create a custom session for your internal app
+                $this->createSession();
+
+                // Change redirect based on your need!
                 header('Location: dashboard.php');
                 exit();
             } catch (\Exception $e) {
                 throw new CallbackException($e->getCode(), $e->getMessage());
             }
         }
-    }   
+    }
+
+    public function impersonate()
+    {
+        $username = $this->input->post('username');
+        $credentials = (new SSOService())->retrieveToken();
+        try {
+            $token = (new SSOService())->impersonate($credentials, $username);
+
+            if (empty($token)) {
+                throw new Exception("User with username {$username} not found!", 404);
+            }
+
+            (new WebGuard())->validate($token);
+
+            $this->createSession();
+
+            redirect('/home');
+        } catch (\Throwable $th) {
+            echo "Status code: {$th->getCode()} \n";
+            echo "Error message: {$th->getMessage()}\n";
+            die();
+        }
+    }
+
+    private function createSession()
+    {
+        $client_roles = (new WebGuard)->user()->client_roles;
+        // NOTE: You maybe want to get roles from your database by using $client_roles
+        // and put permissions to each role.
+        // Here's is example of result.
+        $roles = json_decode(json_encode([
+            [
+                'id' => 1,
+                'name' => 'Operator',
+                'permissions' => [
+                    'user:view',
+                    'user:edit',
+                ]
+            ],
+            [
+                'id' => 2,
+                'name' => 'User',
+                'permissions' => [
+                    'profile:view',
+                    'profile:edit',
+                ]
+            ],
+        ]));
+
+        $serialize_session = serialize(array(
+            'roles' => $roles,
+            'role' => $roles[0],
+        ));
+
+        // PHP_SESSION_NONE if sessions are enabled, but none exists.
+        // https://www.php.net/manual/en/function.session-status.php
+        if (session_status() === PHP_SESSION_NONE) {
+            session_start();
+        }
+
+        $_SESSION['serialize_session'] = $serialize_session;
+    }
 }