diff --git a/stubs/ci3/controllers/Webauth.php b/stubs/ci3/controllers/Webauth.php index 33503a8..d39812f 100644 --- a/stubs/ci3/controllers/Webauth.php +++ b/stubs/ci3/controllers/Webauth.php @@ -28,6 +28,9 @@ public function logout() { $sso = new SSOService; $url = $sso->getLogoutUrl(); + // NOTE: forgetToken must be after getLogoutUrl(). + // Otherwise the logout form will show error message: id_token_hint not found! + $sso->forgetToken(); return redirect($url); } @@ -54,42 +57,8 @@ public function callback() try { (new WebGuard())->validate($token); - $client_roles = (new WebGuard)->user()->client_roles; - - // NOTE: You maybe want to get roles from your database by using $client_roles - // and put permissions to each role. - // Here's is example of result. - $roles = json_decode(json_encode([ - [ - 'id' => 1, - 'name' => 'Operator', - 'permissions' => [ - 'user:view', - 'user:edit', - ] - ], - [ - 'id' => 2, - 'name' => 'User', - 'permissions' => [ - 'profile:view', - 'profile:edit', - ] - ], - ])); - - $serialize_session = serialize(array( - 'roles' => $roles, - 'role' => $roles[0], - )); - - // PHP_SESSION_NONE if sessions are enabled, but none exists. - // https://www.php.net/manual/en/function.session-status.php - if (session_status() === PHP_SESSION_NONE) { - session_start(); - } - - $_SESSION['serialize_session'] = $serialize_session; + // You may need to create a custom session for your internal app + $this->createSession(); redirect('/home'); } catch (\Exception $e) { @@ -98,6 +67,68 @@ public function callback() } } + public function impersonate() + { + $username = $this->input->post('username'); + $credentials = (new SSOService())->retrieveToken(); + try { + $token = (new SSOService())->impersonate($credentials, $username); + + if (empty($token)) { + throw new Exception("User with username {$username} not found!", 404); + } + + (new WebGuard())->validate($token); + + $this->createSession(); + + redirect('/home'); + } catch (\Throwable $th) { + echo "Status code: {$th->getCode()} \n"; + echo "Error message: {$th->getMessage()}\n"; + die(); + } + } + + private function createSession() + { + $client_roles = (new WebGuard)->user()->client_roles; + // NOTE: You maybe want to get roles from your database by using $client_roles + // and put permissions to each role. + // Here's is example of result. + $roles = json_decode(json_encode([ + [ + 'id' => 1, + 'name' => 'Operator', + 'permissions' => [ + 'user:view', + 'user:edit', + ] + ], + [ + 'id' => 2, + 'name' => 'User', + 'permissions' => [ + 'profile:view', + 'profile:edit', + ] + ], + ])); + + $serialize_session = serialize(array( + 'roles' => $roles, + 'role' => $roles[0], + )); + + // PHP_SESSION_NONE if sessions are enabled, but none exists. + // https://www.php.net/manual/en/function.session-status.php + if (session_status() === PHP_SESSION_NONE) { + session_start(); + } + + $_SESSION['serialize_session'] = $serialize_session; + } + /** * Change current role */ diff --git a/stubs/php/Webauth.php b/stubs/php/Webauth.php index 462efe4..51b52e6 100644 --- a/stubs/php/Webauth.php +++ b/stubs/php/Webauth.php @@ -20,6 +20,9 @@ public function logout() { $sso = new SSOService; $url = $sso->getLogoutUrl(); + // NOTE: forgetToken must be after getLogoutUrl(). + // Otherwise the logout form will show error message: id_token_hint not found! + $sso->forgetToken(); header('Location: ', $url); exit(); } @@ -46,12 +49,78 @@ public function callback() try { (new WebGuard())->validate($token); - // Ganti arah redirect sesuai kebutuhan + + // You may need to create a custom session for your internal app + $this->createSession(); + + // Change redirect based on your need! header('Location: dashboard.php'); exit(); } catch (\Exception $e) { throw new CallbackException($e->getCode(), $e->getMessage()); } } - } + } + + public function impersonate() + { + $username = $this->input->post('username'); + $credentials = (new SSOService())->retrieveToken(); + try { + $token = (new SSOService())->impersonate($credentials, $username); + + if (empty($token)) { + throw new Exception("User with username {$username} not found!", 404); + } + + (new WebGuard())->validate($token); + + $this->createSession(); + + redirect('/home'); + } catch (\Throwable $th) { + echo "Status code: {$th->getCode()} \n"; + echo "Error message: {$th->getMessage()}\n"; + die(); + } + } + + private function createSession() + { + $client_roles = (new WebGuard)->user()->client_roles; + // NOTE: You maybe want to get roles from your database by using $client_roles + // and put permissions to each role. + // Here's is example of result. + $roles = json_decode(json_encode([ + [ + 'id' => 1, + 'name' => 'Operator', + 'permissions' => [ + 'user:view', + 'user:edit', + ] + ], + [ + 'id' => 2, + 'name' => 'User', + 'permissions' => [ + 'profile:view', + 'profile:edit', + ] + ], + ])); + + $serialize_session = serialize(array( + 'roles' => $roles, + 'role' => $roles[0], + )); + + // PHP_SESSION_NONE if sessions are enabled, but none exists. + // https://www.php.net/manual/en/function.session-status.php + if (session_status() === PHP_SESSION_NONE) { + session_start(); + } + + $_SESSION['serialize_session'] = $serialize_session; + } } \ No newline at end of file