Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enh/allow impersonate #117

Merged
merged 8 commits into from
Apr 19, 2023
Merged

Enh/allow impersonate #117

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
b13b43b
Allow Impersonate
gevorgmansuryan Apr 16, 2023
c079c42
Allow Impersonate
gevorgmansuryan Apr 16, 2023
546607a
Allow Impersonate
gevorgmansuryan Apr 16, 2023
daa170f
Merge branch 'master' of https://github.com/humhub/rest into Impersonate
gevorgmansuryan Apr 17, 2023
c641c0c
Allow Impersonate
gevorgmansuryan Apr 17, 2023
c24b6f5
Allow Impersonate
gevorgmansuryan Apr 18, 2023
bb00592
Allow Impersonate
gevorgmansuryan Apr 18, 2023
099e3f2
Allow Impersonate
gevorgmansuryan Apr 18, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions Events.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ public static function onBeforeRequest($event)

// Auth
['pattern' => 'auth/login', 'route' => 'rest/auth/auth/index', 'verb' => ['POST']],
['pattern' => 'auth/impersonate', 'route' => 'rest/auth/auth/impersonate', 'verb' => ['POST']],
['pattern' => 'auth/current', 'route' => 'rest/auth/auth/current', 'verb' => ['GET', 'HEAD']],

// User: Default Controller
Expand Down
4 changes: 4 additions & 0 deletions components/BaseController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@

namespace humhub\modules\rest\components;

use humhub\modules\rest\components\auth\ImpersonateAuth;
use Yii;
use yii\data\Pagination;
use yii\db\ActiveQuery;
Expand Down Expand Up @@ -75,6 +76,9 @@ public function behaviors()
return null;
},
]] : [],
[[
'class' => ImpersonateAuth::class,
]]
),
],
], parent::behaviors());
Expand Down
59 changes: 59 additions & 0 deletions components/auth/ImpersonateAuth.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
<?php
/**
* @link https://www.humhub.org/
* @copyright Copyright (c) 2023 HumHub GmbH & Co. KG
* @license https://www.humhub.com/licences
*/

namespace humhub\modules\rest\components\auth;

use yii\db\Expression;
use yii\filters\auth\HttpBearerAuth;
use yii\helpers\StringHelper;
use humhub\modules\rest\models\ImpersonateAuthToken;
use humhub\modules\user\models\User;
use Firebase\JWT\JWT;

class ImpersonateAuth extends HttpBearerAuth
{
public $pattern = '/^Impersonate\s+(.*?)$/';

public function authenticate($user, $request, $response)
{
$authHeader = $request->getHeaders()->get($this->header);

if ($authHeader !== null) {
if ($this->pattern !== null) {
if (preg_match($this->pattern, $authHeader, $matches)) {
$authHeader = $matches[1];
} else {
return null;
}

if (!StringHelper::startsWith($authHeader, 'impersonate-')) {
return null;
}
}

$accessToken = ImpersonateAuthToken::find()
->where(['token' => $authHeader])
->andWhere(['>', 'expiration', new Expression('NOW()')])
->one();

if ($accessToken && ($identity = $accessToken->user)) {
$user->login($identity);
} else {
$identity = null;
}

if ($identity === null) {
$this->challenge($response);
$this->handleFailure($response);
}

return $identity;
}

return null;
}
}
31 changes: 30 additions & 1 deletion controllers/auth/AuthController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,18 +10,21 @@
use Firebase\JWT\JWT;
use humhub\modules\rest\components\BaseController;
use humhub\modules\rest\definitions\UserDefinitions;
use humhub\modules\rest\models\ImpersonateAuthToken;
use humhub\modules\rest\models\JwtAuthForm;
use humhub\modules\user\models\forms\Login;
use humhub\modules\user\models\User;
use humhub\modules\user\services\AuthClientService;
use Yii;
use yii\web\ForbiddenHttpException;
use yii\web\JsonParser;
use yii\web\NotFoundHttpException;

class AuthController extends BaseController
{
public function beforeAction($action)
{
if ($action->id == 'current') {
if (in_array($action->id, ['current', 'impersonate'])) {
return parent::beforeAction($action);
}

Expand Down Expand Up @@ -92,4 +95,30 @@ public function actionCurrent()

return UserDefinitions::getUser($user);
}

public function actionImpersonate()
{
if (!Yii::$app->user->isAdmin()) {
throw new ForbiddenHttpException();
}

$user = User::findOne(['id' => Yii::$app->request->getBodyParam('userId')]);

if ($user === null) {
throw new NotFoundHttpException();
}

if ($token = ImpersonateAuthToken::findOne(['user_id' => $user->id])) {
$token->delete();
}

$token = new ImpersonateAuthToken();
$token->user_id = $user->id;
$token->save();

return [
'token' => $token->token,
'expires' => $token->expiration,
];
}
}
1 change: 1 addition & 0 deletions docs/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ Changelog
- Fix #110: Fix PHP Error in UserDefinition
- Enh #106: Allow to set `authclient` and `authclient_id` on user creating and updating
- Enh #112: Added support of HttpBearer and QueryParam auth methods
- Enh #117: Added support of user Impersonate

0.8.0 (March 10, 2023)
----------------------
Expand Down
Loading