From c976cf6e53dd407c50596df62f15241cb22102f4 Mon Sep 17 00:00:00 2001 From: Javier Feliz Date: Sat, 2 Aug 2025 01:43:45 -0400 Subject: [PATCH] Auto approve functionality --- app/Http/Controllers/OIDCController.php | 30 ++++++++++++++----- app/Livewire/Forms/UserProfile.php | 8 ++++- app/Models/User.php | 4 ++- ...0_add_auto_approve_apps_to_users_table.php | 28 +++++++++++++++++ .../livewire/forms/user-profile.blade.php | 3 ++ 5 files changed, 64 insertions(+), 9 deletions(-) create mode 100644 database/migrations/2025_08_02_053540_add_auto_approve_apps_to_users_table.php diff --git a/app/Http/Controllers/OIDCController.php b/app/Http/Controllers/OIDCController.php index 9b7df60..5e72f07 100644 --- a/app/Http/Controllers/OIDCController.php +++ b/app/Http/Controllers/OIDCController.php @@ -20,22 +20,38 @@ class OIDCController extends Controller { public function authorize(Request $request) { - - // $valid = $request->validate([ - // 'client_id' => 'required', - // 'redirect_uri' => 'required|url', - // 'response_type' => 'required|in:code', - // ]); $client = Application::where('client_id', $request->client_id)->firstOrFail(); if ($client->redirect_uri !== $request->redirect_uri) { abort(403, 'Redirect URI mismatch'); } + $user = auth()->user(); + + // Check if user has auto-approval enabled and has previously authorized this app + $hasAuthorizedBefore = $user->tokens()->where('application_id', $client->id)->exists(); + + if ($user->auto_approve_apps && $hasAuthorizedBefore) { + // Auto-approve: generate code and redirect directly + $code = Str::random(40); + Log::info("Auto-approving and caching code: $code"); + Cache::put("auth_code:$code", [ + 'user_id' => $user->id, + 'client_id' => $client->id, + 'scope' => $request->scope, + 'code_challenge' => $request->code_challenge ?? null, + 'code_challenge_method' => $request->code_challenge_method ?? null, + 'nonce' => $request->input('nonce') ?? null, + ], now()->addMinutes(5)); + + return redirect($request->redirect_uri . '?code=' . $code . '&state=' . $request->state); + } + + // Standard flow: show confirmation screen $code = Str::random(40); Log::info("Caching code: $code"); Cache::put("auth_code:$code", [ - 'user_id' => auth()->id(), + 'user_id' => $user->id, 'client_id' => $client->id, 'scope' => $request->scope, 'code_challenge' => $request->code_challenge ?? null, diff --git a/app/Livewire/Forms/UserProfile.php b/app/Livewire/Forms/UserProfile.php index 1c1b9f6..a0f7c58 100644 --- a/app/Livewire/Forms/UserProfile.php +++ b/app/Livewire/Forms/UserProfile.php @@ -4,9 +4,12 @@ namespace App\Livewire\Forms; use Illuminate\Support\Facades\Auth; use App\Models\User; +use Illuminate\Support\Facades\Hash; use Illuminate\Support\Facades\Session; use Illuminate\Support\Facades\Storage; use Illuminate\Validation\Rule; +use Illuminate\Validation\Rules\Password as PasswordRule; +use Illuminate\Validation\ValidationException; use Livewire\Attributes\Validate; use Livewire\Component; use Livewire\WithFileUploads; @@ -19,6 +22,7 @@ class UserProfile extends Component public string $email = ''; public ?string $preferred_username = null; public ?string $avatar = null; + public bool $auto_approve_apps = false; #[Validate('image|max:10000')] public $avatarUpload; // Password @@ -32,6 +36,7 @@ class UserProfile extends Component $this->email = Auth::user()->email; $this->preferred_username = Auth::user()->preferred_username; $this->avatar = Auth::user()->avatar; + $this->auto_approve_apps = Auth::user()->auto_approve_apps; } /** @@ -51,7 +56,8 @@ class UserProfile extends Component 'max:255', Rule::unique(User::class)->ignore($user->id), ], - 'preferred_username' => 'string|max:255' + 'preferred_username' => 'string|max:255', + 'auto_approve_apps' => 'boolean' ]); $user->fill($validated); diff --git a/app/Models/User.php b/app/Models/User.php index 6885e48..a5d5b07 100644 --- a/app/Models/User.php +++ b/app/Models/User.php @@ -25,7 +25,8 @@ class User extends Authenticatable 'password', 'avatar', 'preferred_username', - 'is_admin' + 'is_admin', + 'auto_approve_apps' ]; /** @@ -49,6 +50,7 @@ class User extends Authenticatable 'email_verified_at' => 'datetime', 'password' => 'hashed', 'is_admin' => 'boolean', + 'auto_approve_apps' => 'boolean', ]; } diff --git a/database/migrations/2025_08_02_053540_add_auto_approve_apps_to_users_table.php b/database/migrations/2025_08_02_053540_add_auto_approve_apps_to_users_table.php new file mode 100644 index 0000000..aad7550 --- /dev/null +++ b/database/migrations/2025_08_02_053540_add_auto_approve_apps_to_users_table.php @@ -0,0 +1,28 @@ +boolean('auto_approve_apps')->default(false); + }); + } + + /** + * Reverse the migrations. + */ + public function down(): void + { + Schema::table('users', function (Blueprint $table) { + $table->dropColumn('auto_approve_apps'); + }); + } +}; diff --git a/resources/views/livewire/forms/user-profile.blade.php b/resources/views/livewire/forms/user-profile.blade.php index 19b6e99..49eab13 100644 --- a/resources/views/livewire/forms/user-profile.blade.php +++ b/resources/views/livewire/forms/user-profile.blade.php @@ -50,6 +50,9 @@ +