From 2aa6ac0e6ca80a20dddb6a207fc68801e3e598b9 Mon Sep 17 00:00:00 2001 From: Olevacho Date: Sat, 26 Oct 2024 17:01:06 +0200 Subject: [PATCH 01/14] feat(jans-cedarling): Add PHP bindings Signed-off-by: Olevacho --- .../bindings/cedarling_ext_php_rs/Cargo.toml | 26 ++++++++ .../bindings/cedarling_ext_php_rs/README.md | 37 +++++++++++ .../bindings/cedarling_ext_php_rs/src/lib.rs | 64 +++++++++++++++++++ .../src/policy-store_ok.json | 15 +++++ .../bindings/cedarling_ext_php_rs/test.php | 34 ++++++++++ 5 files changed, 176 insertions(+) create mode 100644 jans-cedarling/bindings/cedarling_ext_php_rs/Cargo.toml create mode 100644 jans-cedarling/bindings/cedarling_ext_php_rs/README.md create mode 100644 jans-cedarling/bindings/cedarling_ext_php_rs/src/lib.rs create mode 100644 jans-cedarling/bindings/cedarling_ext_php_rs/src/policy-store_ok.json create mode 100755 jans-cedarling/bindings/cedarling_ext_php_rs/test.php diff --git a/jans-cedarling/bindings/cedarling_ext_php_rs/Cargo.toml b/jans-cedarling/bindings/cedarling_ext_php_rs/Cargo.toml new file mode 100644 index 00000000000..d9c26c8fb7f --- /dev/null +++ b/jans-cedarling/bindings/cedarling_ext_php_rs/Cargo.toml @@ -0,0 +1,26 @@ +[package] +name = "ext_php_rs_test" +version = "1.1.6" +edition = "2021" + + +[lib] +crate-type = ["cdylib"] + +[dependencies] +ext-php-rs = "*" +serde = "*" +serde_json = "*" +thiserror = "*" +sparkv = "*" +uuid7 = { version = "1.1.0", features = ["serde", "uuid"] } +cedar-policy = "4.0.0" +base64 = "0.22.1" +url = "2.5.2" +lazy_static = "1.5.0" +cedarling = { path = "../../cedarling" } # from a path in the local filesystem + + +[profile.release] +strip = "debuginfo" + diff --git a/jans-cedarling/bindings/cedarling_ext_php_rs/README.md b/jans-cedarling/bindings/cedarling_ext_php_rs/README.md new file mode 100644 index 00000000000..50d3a6db062 --- /dev/null +++ b/jans-cedarling/bindings/cedarling_ext_php_rs/README.md @@ -0,0 +1,37 @@ +# cedarling_ext_php_rs + +This example uses `ext-php-rs` to create a PHP extension library from Rust code. Follow the steps below to install and build the library. + +## Steps to make it working + +NOTICE!!! Here is assumed that your cedarling repository existed on the path: /var/www/html/cedarling/jans . If it is on the different path then you need to change prefixes on steps 1. and 4 to your correct ones. + +1. + + ```bash + cd /var/www/html/cedarling/jans/jans-cedarling/bindings/cedarling_ext_php_rs + ``` + +2. + Verify Rust installation by running: + + ```bash + cargo --version + ``` + + If Rust is not installed, you can install it from [here](https://www.rust-lang.org/tools/install). + +3. + ```bash + cargo build + ``` + +4. + - Run test : + + ```bash + php -d extension=/var/www/html/cedarling/jans/jans-cedarling/target/debug/libext_php_rs_test.so /var/www/html/cedarling/jans/jans-cedarling/bindings/cedarling_ext_php_rs/test.php + ``` + +5. You can find php extension library here /var/www/html/cedarling/jans/jans-cedarling/target/debug/libext_php_rs_test.so and use it + diff --git a/jans-cedarling/bindings/cedarling_ext_php_rs/src/lib.rs b/jans-cedarling/bindings/cedarling_ext_php_rs/src/lib.rs new file mode 100644 index 00000000000..218b759eb94 --- /dev/null +++ b/jans-cedarling/bindings/cedarling_ext_php_rs/src/lib.rs @@ -0,0 +1,64 @@ +#![cfg_attr(windows, feature(abi_vectorcall))] +use ext_php_rs::prelude::*; +use cedarling::{ + BootstrapConfig, Cedarling, JwtConfig, LogConfig, LogTypeConfig, PolicyStoreConfig, + PolicyStoreSource, Request, ResourceData, +}; +use std::collections::HashMap; + +static POLICY_STORE_RAW: &str = include_str!("policy-store_ok.json"); + +#[php_function] + +//cedarling_authorize_test() function is exported as PHP extension library + +pub fn cedarling_authorize_test(acc_tok_str: &str,payload_str: &str) -> String { + let cedarling = match Cedarling::new(BootstrapConfig { + application_name: "test_app".to_string(), + log_config: LogConfig { + log_type: LogTypeConfig::StdOut, + }, + policy_store_config: PolicyStoreConfig { + source: PolicyStoreSource::Json(POLICY_STORE_RAW.to_string()), + store_id: None, + }, + jwt_config: JwtConfig::Disabled, + }) { + Ok(cedarling_instance) => cedarling_instance, // success case + Err(e) => { + eprintln!("Failed to initialize Cedarling: {:?}", e); + // Return a default error message or a specific String on failure + return format!("Hello, {}! (Failed to initialize Cedarling)", payload_str); + } + }; + + let access_token = acc_tok_str; + + let result = cedarling.authorize(Request { + access_token, + action: "Jans::Action::\"Update\"".to_string(), + context: serde_json::json!({}), + resource: ResourceData { + id: "random_id".to_string(), + resource_type: "Jans::Issue".to_string(), + payload: HashMap::from_iter([( + "org_id".to_string(), + serde_json::Value::String((*payload_str).to_string()), + )]), + }, + }); + // + // + match result { + Ok(auth_result) => format!("Hello, {}! Authorization success result: {}!", payload_str, auth_result.is_allowed().to_string() ), + Err(e) => format!("Hello, {}! Authorization failed: {:?}", payload_str, e), + } + + // +} + + +#[php_module] +pub fn get_module(module: ModuleBuilder) -> ModuleBuilder { + module +} diff --git a/jans-cedarling/bindings/cedarling_ext_php_rs/src/policy-store_ok.json b/jans-cedarling/bindings/cedarling_ext_php_rs/src/policy-store_ok.json new file mode 100644 index 00000000000..784f3973083 --- /dev/null +++ b/jans-cedarling/bindings/cedarling_ext_php_rs/src/policy-store_ok.json @@ -0,0 +1,15 @@ +{ + "8b805e22fdd39f3dd33a13d9fb446d8e6314153ca997": { + "name": "gluustore", + "description": "gluu", + "policies": { + "840da5d85403f35ea76519ed1a18a33989f855bf1cf8": { + "description": "simple policy example", + "creation_date": "2024-09-20T17:22:39.996050", + "policy_content": "cGVybWl0KAogICAgcHJpbmNpcGFsIGlzIEphbnM6Oldvcmtsb2FkLAogICAgYWN0aW9uIGluIFtKYW5zOjpBY3Rpb246OiJVcGRhdGUiXSwKICAgIHJlc291cmNlIGlzIEphbnM6Oklzc3VlCil3aGVuewogICAgcHJpbmNpcGFsLm9yZ19pZCA9PSByZXNvdXJjZS5vcmdfaWQKfTs=" + } + }, + "identity_source": {}, + "schema": "ewogICAgIkphbnMiOiB7CiAgICAgICAgImNvbW1vblR5cGVzIjogewogICAgICAgICAgICAiVXJsIjogewogICAgICAgICAgICAgICAgInR5cGUiOiAiUmVjb3JkIiwKICAgICAgICAgICAgICAgICJhdHRyaWJ1dGVzIjogewogICAgICAgICAgICAgICAgICAgICJob3N0IjogewogICAgICAgICAgICAgICAgICAgICAgICAidHlwZSI6ICJFbnRpdHlPckNvbW1vbiIsCiAgICAgICAgICAgICAgICAgICAgICAgICJuYW1lIjogIlN0cmluZyIKICAgICAgICAgICAgICAgICAgICB9LAogICAgICAgICAgICAgICAgICAgICJwYXRoIjogewogICAgICAgICAgICAgICAgICAgICAgICAidHlwZSI6ICJFbnRpdHlPckNvbW1vbiIsCiAgICAgICAgICAgICAgICAgICAgICAgICJuYW1lIjogIlN0cmluZyIKICAgICAgICAgICAgICAgICAgICB9LAogICAgICAgICAgICAgICAgICAgICJwcm90b2NvbCI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAiRW50aXR5T3JDb21tb24iLAogICAgICAgICAgICAgICAgICAgICAgICAibmFtZSI6ICJTdHJpbmciCiAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSwKICAgICAgICAiZW50aXR5VHlwZXMiOiB7CiAgICAgICAgICAgICJBY2Nlc3NfdG9rZW4iOiB7CiAgICAgICAgICAgICAgICAic2hhcGUiOiB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAiUmVjb3JkIiwKICAgICAgICAgICAgICAgICAgICAiYXR0cmlidXRlcyI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgImF1ZCI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ0eXBlIjogIkVudGl0eU9yQ29tbW9uIiwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJuYW1lIjogIlN0cmluZyIKICAgICAgICAgICAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAgICAgICAgICAgImV4cCI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ0eXBlIjogIkVudGl0eU9yQ29tbW9uIiwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJuYW1lIjogIkxvbmciCiAgICAgICAgICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAgICAgICAgICAgICAgICJpYXQiOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAidHlwZSI6ICJFbnRpdHlPckNvbW1vbiIsCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAibmFtZSI6ICJMb25nIgogICAgICAgICAgICAgICAgICAgICAgICB9LAogICAgICAgICAgICAgICAgICAgICAgICAiaXNzIjogewogICAgICAgICAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAiRW50aXR5T3JDb21tb24iLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgIm5hbWUiOiAiVHJ1c3RlZElzc3VlciIKICAgICAgICAgICAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAgICAgICAgICAgImp0aSI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ0eXBlIjogIkVudGl0eU9yQ29tbW9uIiwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJuYW1lIjogIlN0cmluZyIKICAgICAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfSwKICAgICAgICAgICAgIklzc3VlIjogewogICAgICAgICAgICAgICAgInNoYXBlIjogewogICAgICAgICAgICAgICAgICAgICJ0eXBlIjogIlJlY29yZCIsCiAgICAgICAgICAgICAgICAgICAgImF0dHJpYnV0ZXMiOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICJvcmdfaWQiOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAidHlwZSI6ICJFbnRpdHlPckNvbW1vbiIsCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAibmFtZSI6ICJTdHJpbmciCiAgICAgICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0sCiAgICAgICAgICAgICJUcnVzdGVkSXNzdWVyIjogewogICAgICAgICAgICAgICAgInNoYXBlIjogewogICAgICAgICAgICAgICAgICAgICJ0eXBlIjogIlJlY29yZCIsCiAgICAgICAgICAgICAgICAgICAgImF0dHJpYnV0ZXMiOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICJpc3N1ZXJfZW50aXR5X2lkIjogewogICAgICAgICAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAiRW50aXR5T3JDb21tb24iLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgIm5hbWUiOiAiVXJsIgogICAgICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9LAogICAgICAgICAgICAiV29ya2xvYWQiOiB7CiAgICAgICAgICAgICAgICAic2hhcGUiOiB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAiUmVjb3JkIiwKICAgICAgICAgICAgICAgICAgICAiYXR0cmlidXRlcyI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgImNsaWVudF9pZCI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ0eXBlIjogIkVudGl0eU9yQ29tbW9uIiwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJuYW1lIjogIlN0cmluZyIKICAgICAgICAgICAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAgICAgICAgICAgImlzcyI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ0eXBlIjogIkVudGl0eU9yQ29tbW9uIiwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJuYW1lIjogIlRydXN0ZWRJc3N1ZXIiCiAgICAgICAgICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAgICAgICAgICAgICAgICJuYW1lIjogewogICAgICAgICAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAiRW50aXR5T3JDb21tb24iLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgIm5hbWUiOiAiU3RyaW5nIgogICAgICAgICAgICAgICAgICAgICAgICB9LAogICAgICAgICAgICAgICAgICAgICAgICAib3JnX2lkIjogewogICAgICAgICAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAiRW50aXR5T3JDb21tb24iLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgIm5hbWUiOiAiU3RyaW5nIgogICAgICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSwKICAgICAgICAiYWN0aW9ucyI6IHsKICAgICAgICAgICAgIlVwZGF0ZSI6IHsKICAgICAgICAgICAgICAgICJhcHBsaWVzVG8iOiB7CiAgICAgICAgICAgICAgICAgICAgInJlc291cmNlVHlwZXMiOiBbCiAgICAgICAgICAgICAgICAgICAgICAgICJJc3N1ZSIKICAgICAgICAgICAgICAgICAgICBdLAogICAgICAgICAgICAgICAgICAgICJwcmluY2lwYWxUeXBlcyI6IFsKICAgICAgICAgICAgICAgICAgICAgICAgIldvcmtsb2FkIgogICAgICAgICAgICAgICAgICAgIF0KICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KfQ==" + } +} \ No newline at end of file diff --git a/jans-cedarling/bindings/cedarling_ext_php_rs/test.php b/jans-cedarling/bindings/cedarling_ext_php_rs/test.php new file mode 100755 index 00000000000..cf4f8078931 --- /dev/null +++ b/jans-cedarling/bindings/cedarling_ext_php_rs/test.php @@ -0,0 +1,34 @@ + Date: Sat, 26 Oct 2024 17:16:52 +0200 Subject: [PATCH 02/14] feat(jans-cedarling): Add PHP bindings Signed-off-by: Olevacho --- .../bindings/cedarling_ext_php_rs/README.md | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/jans-cedarling/bindings/cedarling_ext_php_rs/README.md b/jans-cedarling/bindings/cedarling_ext_php_rs/README.md index 50d3a6db062..3ff5d16f4ca 100644 --- a/jans-cedarling/bindings/cedarling_ext_php_rs/README.md +++ b/jans-cedarling/bindings/cedarling_ext_php_rs/README.md @@ -1,10 +1,10 @@ # cedarling_ext_php_rs -This example uses `ext-php-rs` to create a PHP extension library from Rust code. Follow the steps below to install and build the library. +This example uses `ext-php-rs` https://crates.io/crates/ext-php-rs to create a PHP extension library from Rust code. Follow the steps below to install and build the library. ## Steps to make it working -NOTICE!!! Here is assumed that your cedarling repository existed on the path: /var/www/html/cedarling/jans . If it is on the different path then you need to change prefixes on steps 1. and 4 to your correct ones. +NOTICE!!! Here is assumed that your cedarling repository existed on the path: /var/www/html/cedarling/jans . If it is under the different path then you need to change prefixes on steps 1. and 4 to your correct ones. 1. @@ -19,9 +19,12 @@ NOTICE!!! Here is assumed that your cedarling repository existed on the path: / cargo --version ``` - If Rust is not installed, you can install it from [here](https://www.rust-lang.org/tools/install). - -3. + If Rust is not installed, you can install it from [here](https://www.rust-lang.org/tools/install) + If Rust is installed but not accessed globally then perform command: + ```bash + export PATH="/home/lomaka1/.cargo/bin:$PATH" + ``` +3. Build project ```bash cargo build ``` @@ -33,5 +36,5 @@ NOTICE!!! Here is assumed that your cedarling repository existed on the path: / php -d extension=/var/www/html/cedarling/jans/jans-cedarling/target/debug/libext_php_rs_test.so /var/www/html/cedarling/jans/jans-cedarling/bindings/cedarling_ext_php_rs/test.php ``` -5. You can find php extension library here /var/www/html/cedarling/jans/jans-cedarling/target/debug/libext_php_rs_test.so and use it +5. You can find php extension library on the path /var/www/html/cedarling/jans/jans-cedarling/target/debug/libext_php_rs_test.so and use it . Function cedarling_authorize_test($token, $payload_str); will be accessible in your php code. From f221923d45ace362e7e70bda38fae35bdd9e71ea Mon Sep 17 00:00:00 2001 From: Olevacho Date: Mon, 28 Oct 2024 20:02:06 +0100 Subject: [PATCH 03/14] docs: Add PHP bindings Signed-off-by: Olevacho --- jans-cedarling/bindings/cedarling_ext_php_rs/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jans-cedarling/bindings/cedarling_ext_php_rs/README.md b/jans-cedarling/bindings/cedarling_ext_php_rs/README.md index 3ff5d16f4ca..c3700040b99 100644 --- a/jans-cedarling/bindings/cedarling_ext_php_rs/README.md +++ b/jans-cedarling/bindings/cedarling_ext_php_rs/README.md @@ -20,9 +20,9 @@ NOTICE!!! Here is assumed that your cedarling repository existed on the path: / ``` If Rust is not installed, you can install it from [here](https://www.rust-lang.org/tools/install) - If Rust is installed but not accessed globally then perform command: + If Rust is installed but can not be accessed globally then perform command: ```bash - export PATH="/home/lomaka1/.cargo/bin:$PATH" + export PATH="path_to_cargo_bin/.cargo/bin:$PATH" ``` 3. Build project ```bash From fb50bffa403a75257d5948e28006850cced2bb9c Mon Sep 17 00:00:00 2001 From: Olevacho Date: Wed, 30 Oct 2024 20:27:25 +0100 Subject: [PATCH 04/14] fix(jans-cedarling): Changed Request format Signed-off-by: Olevacho --- jans-cedarling/bindings/cedarling_ext_php_rs/src/lib.rs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/jans-cedarling/bindings/cedarling_ext_php_rs/src/lib.rs b/jans-cedarling/bindings/cedarling_ext_php_rs/src/lib.rs index 218b759eb94..646e9eb7d80 100644 --- a/jans-cedarling/bindings/cedarling_ext_php_rs/src/lib.rs +++ b/jans-cedarling/bindings/cedarling_ext_php_rs/src/lib.rs @@ -31,11 +31,13 @@ pub fn cedarling_authorize_test(acc_tok_str: &str,payload_str: &str) -> String { return format!("Hello, {}! (Failed to initialize Cedarling)", payload_str); } }; - - let access_token = acc_tok_str; + let id_token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhY3IiOiJiYXNpYyIsImFtciI6IjEwIiwiYXVkIjoiNWI0NDg3YzQtOGRiMS00MDlkLWE2NTMtZjkwN2I4MDk0MDM5IiwiZXhwIjoxNzI0ODM1ODU5LCJpYXQiOjE3MjQ4MzIyNTksInN1YiI6ImJvRzhkZmM1TUtUbjM3bzdnc2RDZXlxTDhMcFdRdGdvTzQxbTFLWndkcTAiLCJpc3MiOiJodHRwczovL2FkbWluLXVpLXRlc3QuZ2x1dS5vcmciLCJqdGkiOiJzazNUNDBOWVNZdWs1c2FIWk5wa1p3Iiwibm9uY2UiOiJjMzg3MmFmOS1hMGY1LTRjM2YtYTFhZi1mOWQwZTg4NDZlODEiLCJzaWQiOiI2YTdmZTUwYS1kODEwLTQ1NGQtYmU1ZC01NDlkMjk1OTVhMDkiLCJqYW5zT3BlbklEQ29ubmVjdFZlcnNpb24iOiJvcGVuaWRjb25uZWN0LTEuMCIsImNfaGFzaCI6InBHb0s2WV9SS2NXSGtVZWNNOXV3NlEiLCJhdXRoX3RpbWUiOjE3MjQ4MzA3NDYsImdyYW50IjoiYXV0aG9yaXphdGlvbl9jb2RlIiwic3RhdHVzIjp7InN0YXR1c19saXN0Ijp7ImlkeCI6MjAyLCJ1cmkiOiJodHRwczovL2FkbWluLXVpLXRlc3QuZ2x1dS5vcmcvamFucy1hdXRoL3Jlc3R2MS9zdGF0dXNfbGlzdCJ9fX0.8BwLLGkFpWGx8wGpvVmNk_Ao8nZrP_WT-zoo-MY4zqY".to_string(); + + let access_token = (*acc_tok_str).to_string(); let result = cedarling.authorize(Request { access_token, + id_token, action: "Jans::Action::\"Update\"".to_string(), context: serde_json::json!({}), resource: ResourceData { From 55cf0ed37d6e69e29f9dabcd62b2c3b554472801 Mon Sep 17 00:00:00 2001 From: SafinWasi <6601566+SafinWasi@users.noreply.github.com> Date: Wed, 30 Oct 2024 15:51:46 -0500 Subject: [PATCH 05/14] ci: add php dependency Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com> --- .github/workflows/test_cedarling.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/test_cedarling.yml b/.github/workflows/test_cedarling.yml index 6647eba00c0..fcf51f0587a 100644 --- a/.github/workflows/test_cedarling.yml +++ b/.github/workflows/test_cedarling.yml @@ -13,6 +13,8 @@ jobs: rust_tests: runs-on: ubuntu-latest steps: + - name: Install Dependencies + run: sudo apt install php libapache2-mod-php php-cli - name: Harden Runner uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 with: From c7f6fd6a3ee5f001f49549d5141e82ba980f7aac Mon Sep 17 00:00:00 2001 From: moabu <47318409+moabu@users.noreply.github.com> Date: Thu, 31 Oct 2024 08:21:18 +0000 Subject: [PATCH 06/14] ci: test running on 24 --- .github/workflows/test_cedarling.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test_cedarling.yml b/.github/workflows/test_cedarling.yml index fcf51f0587a..777c57b5d41 100644 --- a/.github/workflows/test_cedarling.yml +++ b/.github/workflows/test_cedarling.yml @@ -11,7 +11,7 @@ permissions: jobs: rust_tests: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 [Beta] steps: - name: Install Dependencies run: sudo apt install php libapache2-mod-php php-cli From ce1436beca8064cac810f25e234d1f5d31542024 Mon Sep 17 00:00:00 2001 From: moabu <47318409+moabu@users.noreply.github.com> Date: Thu, 31 Oct 2024 08:47:29 +0000 Subject: [PATCH 07/14] ci: test running on 20 --- .github/workflows/test_cedarling.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test_cedarling.yml b/.github/workflows/test_cedarling.yml index 777c57b5d41..1ed11bdfd62 100644 --- a/.github/workflows/test_cedarling.yml +++ b/.github/workflows/test_cedarling.yml @@ -11,7 +11,7 @@ permissions: jobs: rust_tests: - runs-on: ubuntu-24.04 [Beta] + runs-on: ubuntu-20.04 steps: - name: Install Dependencies run: sudo apt install php libapache2-mod-php php-cli From 26dafbb7a8e79f1ece160fb6b35d0780109cb522 Mon Sep 17 00:00:00 2001 From: moabu <47318409+moabu@users.noreply.github.com> Date: Thu, 31 Oct 2024 08:51:05 +0000 Subject: [PATCH 08/14] ci: fix command line --- .github/workflows/test_cedarling.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test_cedarling.yml b/.github/workflows/test_cedarling.yml index 1ed11bdfd62..688e13e95a0 100644 --- a/.github/workflows/test_cedarling.yml +++ b/.github/workflows/test_cedarling.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Install Dependencies - run: sudo apt install php libapache2-mod-php php-cli + run: sudo apt update && sudo apt install -y php libapache2-mod-php php-cli - name: Harden Runner uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 with: From 80aa223cba163b137e47d4f72934e17830e15a03 Mon Sep 17 00:00:00 2001 From: moabu <47318409+moabu@users.noreply.github.com> Date: Thu, 31 Oct 2024 08:54:49 +0000 Subject: [PATCH 09/14] ci: install missing package --- .github/workflows/test_cedarling.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test_cedarling.yml b/.github/workflows/test_cedarling.yml index 688e13e95a0..dcc46ebcae8 100644 --- a/.github/workflows/test_cedarling.yml +++ b/.github/workflows/test_cedarling.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Install Dependencies - run: sudo apt update && sudo apt install -y php libapache2-mod-php php-cli + run: sudo apt update && sudo apt install -y php libapache2-mod-php7.4 libapache2-mod-php php-cli - name: Harden Runner uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 with: From a0b6823d43e46e2e7bd0b26d919e801c41230db8 Mon Sep 17 00:00:00 2001 From: moabu <47318409+moabu@users.noreply.github.com> Date: Thu, 31 Oct 2024 08:57:48 +0000 Subject: [PATCH 10/14] ci: comment out deps --- .github/workflows/test_cedarling.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test_cedarling.yml b/.github/workflows/test_cedarling.yml index dcc46ebcae8..8050c286416 100644 --- a/.github/workflows/test_cedarling.yml +++ b/.github/workflows/test_cedarling.yml @@ -13,8 +13,8 @@ jobs: rust_tests: runs-on: ubuntu-20.04 steps: - - name: Install Dependencies - run: sudo apt update && sudo apt install -y php libapache2-mod-php7.4 libapache2-mod-php php-cli + #- name: Install Dependencies + # run: sudo apt update && sudo apt install -y php libapache2-mod-php7.4 libapache2-mod-php php-cli - name: Harden Runner uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 with: From 0b8b3370eac3b0868527154920d00af6a418f116 Mon Sep 17 00:00:00 2001 From: moabu <47318409+moabu@users.noreply.github.com> Date: Thu, 31 Oct 2024 09:05:08 +0000 Subject: [PATCH 11/14] ci: test with 22 and no override dep installations --- .github/workflows/test_cedarling.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/test_cedarling.yml b/.github/workflows/test_cedarling.yml index 8050c286416..6647eba00c0 100644 --- a/.github/workflows/test_cedarling.yml +++ b/.github/workflows/test_cedarling.yml @@ -11,10 +11,8 @@ permissions: jobs: rust_tests: - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - #- name: Install Dependencies - # run: sudo apt update && sudo apt install -y php libapache2-mod-php7.4 libapache2-mod-php php-cli - name: Harden Runner uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 with: From 1aeb7c68e173116a46b5219dd3b344320bf1b510 Mon Sep 17 00:00:00 2001 From: moabu <47318409+moabu@users.noreply.github.com> Date: Thu, 31 Oct 2024 09:08:16 +0000 Subject: [PATCH 12/14] ci: revert test with 22 and no override dep installations --- .github/workflows/test_cedarling.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test_cedarling.yml b/.github/workflows/test_cedarling.yml index 6647eba00c0..0a6f3724628 100644 --- a/.github/workflows/test_cedarling.yml +++ b/.github/workflows/test_cedarling.yml @@ -11,7 +11,7 @@ permissions: jobs: rust_tests: - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 steps: - name: Harden Runner uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 From 862dc6b90418f9c6d22e71f381568ff1c9f35242 Mon Sep 17 00:00:00 2001 From: Olevacho Date: Fri, 1 Nov 2024 14:58:42 +0100 Subject: [PATCH 13/14] feat(jans-cedarling): Add new binding that allows to instantiate Cedarling from php code Signed-off-by: Olevacho --- .../bindings/cedarling_php_rs/Cargo.toml | 25 +++++++ .../bindings/cedarling_php_rs/README.md | 40 ++++++++++ .../bindings/cedarling_php_rs/src/lib.rs | 73 +++++++++++++++++++ .../cedarling_php_rs/src/policy-store_ok.json | 15 ++++ .../bindings/cedarling_php_rs/test.php | 42 +++++++++++ 5 files changed, 195 insertions(+) create mode 100644 jans-cedarling/bindings/cedarling_php_rs/Cargo.toml create mode 100644 jans-cedarling/bindings/cedarling_php_rs/README.md create mode 100644 jans-cedarling/bindings/cedarling_php_rs/src/lib.rs create mode 100644 jans-cedarling/bindings/cedarling_php_rs/src/policy-store_ok.json create mode 100755 jans-cedarling/bindings/cedarling_php_rs/test.php diff --git a/jans-cedarling/bindings/cedarling_php_rs/Cargo.toml b/jans-cedarling/bindings/cedarling_php_rs/Cargo.toml new file mode 100644 index 00000000000..845543616d0 --- /dev/null +++ b/jans-cedarling/bindings/cedarling_php_rs/Cargo.toml @@ -0,0 +1,25 @@ +[package] +name = "cedarling_php_rs" +version = "1.1.6" +edition = "2021" + + +[lib] +crate-type = ["cdylib"] + +[dependencies] +ext-php-rs = "*" +serde = "*" +serde_json = "*" +thiserror = "*" +sparkv = "*" +uuid7 = { version = "1.1.0", features = ["serde", "uuid"] } +cedar-policy = "4.0.0" +base64 = "0.22.1" +url = "2.5.2" +lazy_static = "1.5.0" +cedarling = { path = "../../cedarling" } # local path to cedarling + +[profile.release] +strip = "debuginfo" + diff --git a/jans-cedarling/bindings/cedarling_php_rs/README.md b/jans-cedarling/bindings/cedarling_php_rs/README.md new file mode 100644 index 00000000000..c3700040b99 --- /dev/null +++ b/jans-cedarling/bindings/cedarling_php_rs/README.md @@ -0,0 +1,40 @@ +# cedarling_ext_php_rs + +This example uses `ext-php-rs` https://crates.io/crates/ext-php-rs to create a PHP extension library from Rust code. Follow the steps below to install and build the library. + +## Steps to make it working + +NOTICE!!! Here is assumed that your cedarling repository existed on the path: /var/www/html/cedarling/jans . If it is under the different path then you need to change prefixes on steps 1. and 4 to your correct ones. + +1. + + ```bash + cd /var/www/html/cedarling/jans/jans-cedarling/bindings/cedarling_ext_php_rs + ``` + +2. + Verify Rust installation by running: + + ```bash + cargo --version + ``` + + If Rust is not installed, you can install it from [here](https://www.rust-lang.org/tools/install) + If Rust is installed but can not be accessed globally then perform command: + ```bash + export PATH="path_to_cargo_bin/.cargo/bin:$PATH" + ``` +3. Build project + ```bash + cargo build + ``` + +4. + - Run test : + + ```bash + php -d extension=/var/www/html/cedarling/jans/jans-cedarling/target/debug/libext_php_rs_test.so /var/www/html/cedarling/jans/jans-cedarling/bindings/cedarling_ext_php_rs/test.php + ``` + +5. You can find php extension library on the path /var/www/html/cedarling/jans/jans-cedarling/target/debug/libext_php_rs_test.so and use it . Function cedarling_authorize_test($token, $payload_str); will be accessible in your php code. + diff --git a/jans-cedarling/bindings/cedarling_php_rs/src/lib.rs b/jans-cedarling/bindings/cedarling_php_rs/src/lib.rs new file mode 100644 index 00000000000..6fca18a091c --- /dev/null +++ b/jans-cedarling/bindings/cedarling_php_rs/src/lib.rs @@ -0,0 +1,73 @@ +#![cfg_attr(windows, feature(abi_vectorcall))] + +use ext_php_rs::prelude::*; +use cedarling::{ + BootstrapConfig, Cedarling as RustCedarling, JwtConfig, LogConfig, LogTypeConfig, PolicyStoreConfig, + PolicyStoreSource, Request, ResourceData, +}; +use std::collections::HashMap; + +static POLICY_STORE_RAW: &str = include_str!("policy-store_ok.json"); + +#[php_class] +pub struct Cedarling { + cedarling: RustCedarling, // Wrap the Rust Cedarling instance +} + +#[php_impl] +impl Cedarling { + // Define the __construct method that PHP can use to instantiate the object + #[php_method] + pub fn __construct() -> PhpResult { + // Initialize the Cedarling instance with the BootstrapConfig + let cedarling = RustCedarling::new(BootstrapConfig { + application_name: "test_app".to_string(), + log_config: LogConfig { + log_type: LogTypeConfig::StdOut, + }, + policy_store_config: PolicyStoreConfig { + source: PolicyStoreSource::Json(POLICY_STORE_RAW.to_string()), + store_id: None, + }, + jwt_config: JwtConfig::Disabled, + }).map_err(|e| format!("Failed to initialize Cedarling: {:?}", e))?; + + Ok(Cedarling { cedarling }) + } + + // PHP-exposed authorization method + pub fn authz( + &mut self, + access_token: &str, + id_token: &str, + org_id: &str, + ) -> PhpResult { + // Perform the authorization logic + let result = self.cedarling.authorize(Request { + access_token: access_token.to_string(), + id_token: id_token.to_string(), + action: "Jans::Action::\"Update\"".to_string(), + context: serde_json::json!({}), + resource: ResourceData { + id: "random_id".to_string(), + resource_type: "Jans::Issue".to_string(), + payload: HashMap::from_iter([( + "org_id".to_string(), + serde_json::Value::String(org_id.to_string()), + )]), + }, + }); + + // Return the result of authorization to PHP + match result { + Ok(auth_result) => Ok(format!("Authorization success: {}", auth_result.is_allowed())), + Err(e) => Err(format!("Authorization failed: {:?}", e).into()), + } + } +} + +#[php_module] +pub fn get_module(module: ModuleBuilder) -> ModuleBuilder { + module +} + diff --git a/jans-cedarling/bindings/cedarling_php_rs/src/policy-store_ok.json b/jans-cedarling/bindings/cedarling_php_rs/src/policy-store_ok.json new file mode 100644 index 00000000000..784f3973083 --- /dev/null +++ b/jans-cedarling/bindings/cedarling_php_rs/src/policy-store_ok.json @@ -0,0 +1,15 @@ +{ + "8b805e22fdd39f3dd33a13d9fb446d8e6314153ca997": { + "name": "gluustore", + "description": "gluu", + "policies": { + "840da5d85403f35ea76519ed1a18a33989f855bf1cf8": { + "description": "simple policy example", + "creation_date": "2024-09-20T17:22:39.996050", + "policy_content": "cGVybWl0KAogICAgcHJpbmNpcGFsIGlzIEphbnM6Oldvcmtsb2FkLAogICAgYWN0aW9uIGluIFtKYW5zOjpBY3Rpb246OiJVcGRhdGUiXSwKICAgIHJlc291cmNlIGlzIEphbnM6Oklzc3VlCil3aGVuewogICAgcHJpbmNpcGFsLm9yZ19pZCA9PSByZXNvdXJjZS5vcmdfaWQKfTs=" + } + }, + "identity_source": {}, + "schema": "ewogICAgIkphbnMiOiB7CiAgICAgICAgImNvbW1vblR5cGVzIjogewogICAgICAgICAgICAiVXJsIjogewogICAgICAgICAgICAgICAgInR5cGUiOiAiUmVjb3JkIiwKICAgICAgICAgICAgICAgICJhdHRyaWJ1dGVzIjogewogICAgICAgICAgICAgICAgICAgICJob3N0IjogewogICAgICAgICAgICAgICAgICAgICAgICAidHlwZSI6ICJFbnRpdHlPckNvbW1vbiIsCiAgICAgICAgICAgICAgICAgICAgICAgICJuYW1lIjogIlN0cmluZyIKICAgICAgICAgICAgICAgICAgICB9LAogICAgICAgICAgICAgICAgICAgICJwYXRoIjogewogICAgICAgICAgICAgICAgICAgICAgICAidHlwZSI6ICJFbnRpdHlPckNvbW1vbiIsCiAgICAgICAgICAgICAgICAgICAgICAgICJuYW1lIjogIlN0cmluZyIKICAgICAgICAgICAgICAgICAgICB9LAogICAgICAgICAgICAgICAgICAgICJwcm90b2NvbCI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAiRW50aXR5T3JDb21tb24iLAogICAgICAgICAgICAgICAgICAgICAgICAibmFtZSI6ICJTdHJpbmciCiAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSwKICAgICAgICAiZW50aXR5VHlwZXMiOiB7CiAgICAgICAgICAgICJBY2Nlc3NfdG9rZW4iOiB7CiAgICAgICAgICAgICAgICAic2hhcGUiOiB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAiUmVjb3JkIiwKICAgICAgICAgICAgICAgICAgICAiYXR0cmlidXRlcyI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgImF1ZCI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ0eXBlIjogIkVudGl0eU9yQ29tbW9uIiwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJuYW1lIjogIlN0cmluZyIKICAgICAgICAgICAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAgICAgICAgICAgImV4cCI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ0eXBlIjogIkVudGl0eU9yQ29tbW9uIiwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJuYW1lIjogIkxvbmciCiAgICAgICAgICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAgICAgICAgICAgICAgICJpYXQiOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAidHlwZSI6ICJFbnRpdHlPckNvbW1vbiIsCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAibmFtZSI6ICJMb25nIgogICAgICAgICAgICAgICAgICAgICAgICB9LAogICAgICAgICAgICAgICAgICAgICAgICAiaXNzIjogewogICAgICAgICAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAiRW50aXR5T3JDb21tb24iLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgIm5hbWUiOiAiVHJ1c3RlZElzc3VlciIKICAgICAgICAgICAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAgICAgICAgICAgImp0aSI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ0eXBlIjogIkVudGl0eU9yQ29tbW9uIiwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJuYW1lIjogIlN0cmluZyIKICAgICAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfSwKICAgICAgICAgICAgIklzc3VlIjogewogICAgICAgICAgICAgICAgInNoYXBlIjogewogICAgICAgICAgICAgICAgICAgICJ0eXBlIjogIlJlY29yZCIsCiAgICAgICAgICAgICAgICAgICAgImF0dHJpYnV0ZXMiOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICJvcmdfaWQiOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAidHlwZSI6ICJFbnRpdHlPckNvbW1vbiIsCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAibmFtZSI6ICJTdHJpbmciCiAgICAgICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0sCiAgICAgICAgICAgICJUcnVzdGVkSXNzdWVyIjogewogICAgICAgICAgICAgICAgInNoYXBlIjogewogICAgICAgICAgICAgICAgICAgICJ0eXBlIjogIlJlY29yZCIsCiAgICAgICAgICAgICAgICAgICAgImF0dHJpYnV0ZXMiOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICJpc3N1ZXJfZW50aXR5X2lkIjogewogICAgICAgICAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAiRW50aXR5T3JDb21tb24iLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgIm5hbWUiOiAiVXJsIgogICAgICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9LAogICAgICAgICAgICAiV29ya2xvYWQiOiB7CiAgICAgICAgICAgICAgICAic2hhcGUiOiB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAiUmVjb3JkIiwKICAgICAgICAgICAgICAgICAgICAiYXR0cmlidXRlcyI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgImNsaWVudF9pZCI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ0eXBlIjogIkVudGl0eU9yQ29tbW9uIiwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJuYW1lIjogIlN0cmluZyIKICAgICAgICAgICAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAgICAgICAgICAgImlzcyI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ0eXBlIjogIkVudGl0eU9yQ29tbW9uIiwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJuYW1lIjogIlRydXN0ZWRJc3N1ZXIiCiAgICAgICAgICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAgICAgICAgICAgICAgICJuYW1lIjogewogICAgICAgICAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAiRW50aXR5T3JDb21tb24iLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgIm5hbWUiOiAiU3RyaW5nIgogICAgICAgICAgICAgICAgICAgICAgICB9LAogICAgICAgICAgICAgICAgICAgICAgICAib3JnX2lkIjogewogICAgICAgICAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAiRW50aXR5T3JDb21tb24iLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgIm5hbWUiOiAiU3RyaW5nIgogICAgICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSwKICAgICAgICAiYWN0aW9ucyI6IHsKICAgICAgICAgICAgIlVwZGF0ZSI6IHsKICAgICAgICAgICAgICAgICJhcHBsaWVzVG8iOiB7CiAgICAgICAgICAgICAgICAgICAgInJlc291cmNlVHlwZXMiOiBbCiAgICAgICAgICAgICAgICAgICAgICAgICJJc3N1ZSIKICAgICAgICAgICAgICAgICAgICBdLAogICAgICAgICAgICAgICAgICAgICJwcmluY2lwYWxUeXBlcyI6IFsKICAgICAgICAgICAgICAgICAgICAgICAgIldvcmtsb2FkIgogICAgICAgICAgICAgICAgICAgIF0KICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KfQ==" + } +} \ No newline at end of file diff --git a/jans-cedarling/bindings/cedarling_php_rs/test.php b/jans-cedarling/bindings/cedarling_php_rs/test.php new file mode 100755 index 00000000000..92012e7847c --- /dev/null +++ b/jans-cedarling/bindings/cedarling_php_rs/test.php @@ -0,0 +1,42 @@ +authz($access_token, $id_token, $org_id); +var_dump($result); + + +/* +Later, within rust code we check : principal.org_id == resource.org_id from cedar policy: + +permit( + principal is Jans::Workload, + action in [Jans::Action::"Update"], + resource is Jans::Issue +)when{ + principal.org_id == resource.org_id +}; + +Value ,"org_id":"some_long_id" is passwed in access token which is base64 encoded + +Decoded value of $token: + + +decoded access_token = +{"alg":"HS256","typ":"JWT"}{"sub":"boG8dfc5MKTn37o7gsdCeyqL8LpWQtgoO41m1KZwdq0","code":"bf1934f6-3905-420a-8299-6b2e3ffddd6e","iss":"https://admin-ui-test.gluu.org","token_type":"Bearer","client_id":"5b4487c4-8db1-409d-a653-f907b8094039","aud":"5b4487c4-8db1-409d-a653-f907b8094039","acr":"basic","x5t#S256":"","scope":["openid","profile"],"org_id":"some_long_id","auth_time":1724830746,"exp":1724945978,"iat":1724832259,"jti":"lxTmCVRFTxOjJgvEEpozMQ","name":"Default Admin User","status":{"status_list":{"idx":201,"uri":"https://admin-ui-test.gluu.org/jans-auth/restv1/status_list"}}} + + + +*/ + + + From 815d58a7fe54559a2ccb9200d002f3af49128bc6 Mon Sep 17 00:00:00 2001 From: Olevacho Date: Fri, 1 Nov 2024 16:02:53 +0100 Subject: [PATCH 14/14] docs(jans-cedarling): Make new documentation Signed-off-by: Olevacho --- .../bindings/cedarling_php_rs/README.md | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/jans-cedarling/bindings/cedarling_php_rs/README.md b/jans-cedarling/bindings/cedarling_php_rs/README.md index c3700040b99..ebd7966333f 100644 --- a/jans-cedarling/bindings/cedarling_php_rs/README.md +++ b/jans-cedarling/bindings/cedarling_php_rs/README.md @@ -9,7 +9,7 @@ NOTICE!!! Here is assumed that your cedarling repository existed on the path: / 1. ```bash - cd /var/www/html/cedarling/jans/jans-cedarling/bindings/cedarling_ext_php_rs + cd /var/www/html/cedarling/jans/jans-cedarling/bindings/cedarling_php_rs ``` 2. @@ -33,8 +33,17 @@ NOTICE!!! Here is assumed that your cedarling repository existed on the path: / - Run test : ```bash - php -d extension=/var/www/html/cedarling/jans/jans-cedarling/target/debug/libext_php_rs_test.so /var/www/html/cedarling/jans/jans-cedarling/bindings/cedarling_ext_php_rs/test.php + php -d extension=/var/www/html/cedarling/jans/jans-cedarling/target/debug/libcedarling_php_rs.so /var/www/html/cedarling/jans/jans-cedarling/bindings/cedarling_php_rs/test.php ``` -5. You can find php extension library on the path /var/www/html/cedarling/jans/jans-cedarling/target/debug/libext_php_rs_test.so and use it . Function cedarling_authorize_test($token, $payload_str); will be accessible in your php code. +5. You can find php extension library on the path /var/www/html/cedarling/jans/jans-cedarling/target/debug/libcedarling_php_rs.so and use it by adding to php.ini. Typical example of using: + +$cedarling = new Cedarling(); +$access_token = "you_access_token"; +$id_token = "your_id_token"; +$org_id = "some_long_id"; + +$result = $cedarling->authz($access_token, $id_token, $org_id); +var_dump($result); +