oauth2-server/src/ResourceServer.php

<?php
/**
 * OAuth 2.0 Resource Server
 *
 * @package     league/oauth2-server
 * @author      Alex Bilbie <hello@alexbilbie.com>
 * @copyright   Copyright (c) Alex Bilbie
 * @license     http://mit-license.org/
 * @link        https://github.com/thephpleague/oauth2-server
 */

namespace League\OAuth2\Server;

use League\OAuth2\Server\Entity\AccessTokenEntity;
use League\OAuth2\Server\Exception\AccessDeniedException;
use League\OAuth2\Server\Exception\InvalidRequestException;
use League\OAuth2\Server\Storage\AccessTokenInterface;
use League\OAuth2\Server\Storage\ClientInterface;
use League\OAuth2\Server\Storage\ScopeInterface;
use League\OAuth2\Server\Storage\SessionInterface;
use League\OAuth2\Server\TokenType\Bearer;

/**
 * OAuth 2.0 Resource Server
 */
class ResourceServer extends AbstractServer
{
    /**
     * The access token
     *
     * @var \League\OAuth2\Server\Entity\AccessTokenEntity
     */
    protected $accessToken;

    /**
     * The query string key which is used by clients to present the access token (default: access_token)
     *
     * @var string
     */
    protected $tokenKey = 'access_token';

    /**
     * Initialise the resource server
     *
     * @param \League\OAuth2\Server\Storage\SessionInterface     $sessionStorage
     * @param \League\OAuth2\Server\Storage\AccessTokenInterface $accessTokenStorage
     * @param \League\OAuth2\Server\Storage\ClientInterface      $clientStorage
     * @param \League\OAuth2\Server\Storage\ScopeInterface       $scopeStorage
     *
     * @return self
     */
    public function __construct(
        SessionInterface $sessionStorage,
        AccessTokenInterface $accessTokenStorage,
        ClientInterface $clientStorage,
        ScopeInterface $scopeStorage
    ) {
        $this->setSessionStorage($sessionStorage);
        $this->setAccessTokenStorage($accessTokenStorage);
        $this->setClientStorage($clientStorage);
        $this->setScopeStorage($scopeStorage);

        // Set Bearer as the default token type
        $this->setTokenType(new Bearer());

        parent::__construct();

        return $this;
    }

    /**
     * Sets the query string key for the access token.
     *
     * @param string $key The new query string key
     *
     * @return self
     */
    public function setIdKey($key)
    {
        $this->tokenKey = $key;

        return $this;
    }

    /**
     * Gets the access token
     *
     * @return \League\OAuth2\Server\Entity\AccessTokenEntity
     */
    public function getAccessToken()
    {
        return $this->accessToken;
    }

    /**
     * Checks if the access token is valid or not
     *
     * @param bool                                                $headerOnly Limit Access Token to Authorization header
     * @param \League\OAuth2\Server\Entity\AccessTokenEntity|null $accessToken Access Token
     *
     * @return bool
     *
     * @throws \League\OAuth2\Server\Exception\AccessDeniedException
     */
    public function isValidRequest($headerOnly = true, $accessToken = null)
    {
        $accessTokenString = ($accessToken !== null)
                                ? $accessToken
                                : $this->determineAccessToken($headerOnly);

        // Set the access token
        $this->accessToken = $this->getAccessTokenStorage()->get($accessTokenString);

        // Ensure the access token exists
        if (!$this->accessToken instanceof AccessTokenEntity) {
            throw new AccessDeniedException();
        }

        // Check the access token hasn't expired
        // Ensure the auth code hasn't expired
        if ($this->accessToken->isExpired() === true) {
            throw new AccessDeniedException();
        }

        return true;
    }

    /**
     * Reads in the access token from the headers
     *
     * @param bool $headerOnly Limit Access Token to Authorization header
     *
     * @throws \League\OAuth2\Server\Exception\InvalidRequestException Thrown if there is no access token presented
     *
     * @return string
     */
    public function determineAccessToken($headerOnly = false)
    {
        if ($this->getRequest()->headers->get('Authorization') !== null) {
            $accessToken = $this->getTokenType()->determineAccessTokenInHeader($this->getRequest());
        } elseif ($headerOnly === false) {
            $accessToken = ($this->getRequest()->server->get('REQUEST_METHOD') === 'GET')
                                ? $this->getRequest()->query->get($this->tokenKey)
                                : $this->getRequest()->request->get($this->tokenKey);
        }

        if (empty($accessToken)) {
            throw new InvalidRequestException('access token');
        }

        return $accessToken;
    }
}
Starting the reorganization 2012-12-29 01:42:16 +05:30			`<?php`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`/**`
			`* OAuth 2.0 Resource Server`
			`*`
Too many changes to describe 2014-01-08 21:45:29 +05:30			`* @package league/oauth2-server`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`* @author Alex Bilbie <hello@alexbilbie.com>`
Updated copyright 2014-03-10 01:04:23 +05:30			`* @copyright Copyright (c) Alex Bilbie`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`* @license http://mit-license.org/`
Updated @link 2014-03-10 01:35:38 +05:30			`* @link https://github.com/thephpleague/oauth2-server`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`*/`
Starting the reorganization 2012-12-29 01:42:16 +05:30
Renamed AuthServer to Authorization, renamed ResourceServer to Resource. Updated all tests and other files 2013-05-09 00:12:23 +05:30			`namespace League\OAuth2\Server;`
Starting the reorganization 2012-12-29 01:42:16 +05:30
CS fixes 2014-11-08 23:56:12 +05:30			`use League\OAuth2\Server\Entity\AccessTokenEntity;`
Boyscouting the php docs to always use FQCNs 2015-01-23 15:43:41 +05:30			`use League\OAuth2\Server\Exception\AccessDeniedException;`
			`use League\OAuth2\Server\Exception\InvalidRequestException;`
Added abstract server 2014-01-10 23:00:12 +05:30			`use League\OAuth2\Server\Storage\AccessTokenInterface;`
CS fixes 2014-11-08 23:56:12 +05:30			`use League\OAuth2\Server\Storage\ClientInterface;`
Added abstract server 2014-01-10 23:00:12 +05:30			`use League\OAuth2\Server\Storage\ScopeInterface;`
CS fixes 2014-11-08 23:56:12 +05:30			`use League\OAuth2\Server\Storage\SessionInterface;`
Use token type to determine access token in header 2014-05-07 21:51:24 +05:30			`use League\OAuth2\Server\TokenType\Bearer;`
Starting the reorganization 2012-12-29 01:42:16 +05:30
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`/**`
			`* OAuth 2.0 Resource Server`
			`*/`
Renamed Resource to ResourceServer 2014-02-24 20:13:26 +05:30			`class ResourceServer extends AbstractServer`
Starting the reorganization 2012-12-29 01:42:16 +05:30			`{`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`/**`
			`* The access token`
CS fixes 2014-12-10 18:40:35 +05:30			`*`
Removed generic getStorage method and replaced with distinct calls to getters 2014-11-07 07:50:06 +05:30			`* @var \League\OAuth2\Server\Entity\AccessTokenEntity`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`*/`
$accessToken should be protected not public 2014-01-17 22:46:52 +05:30			`protected $accessToken;`
Starting the reorganization 2012-12-29 01:42:16 +05:30
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`/**`
First commit of updated ResourceServer 2013-12-17 05:17:03 +05:30			`* The query string key which is used by clients to present the access token (default: access_token)`
CS fixes 2014-12-10 18:40:35 +05:30			`*`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`* @var string`
			`*/`
First commit of updated ResourceServer 2013-12-17 05:17:03 +05:30			`protected $tokenKey = 'access_token';`
Starting the reorganization 2012-12-29 01:42:16 +05:30
			`/**`
First commit of updated ResourceServer 2013-12-17 05:17:03 +05:30			`* Initialise the resource server`
CS fixes 2014-12-10 18:40:35 +05:30			`*`
Boyscouting the php docs to always use FQCNs 2015-01-23 15:43:41 +05:30			`* @param \League\OAuth2\Server\Storage\SessionInterface $sessionStorage`
			`* @param \League\OAuth2\Server\Storage\AccessTokenInterface $accessTokenStorage`
			`* @param \League\OAuth2\Server\Storage\ClientInterface $clientStorage`
			`* @param \League\OAuth2\Server\Storage\ScopeInterface $scopeStorage`
CS fixes 2014-12-10 18:40:35 +05:30			`*`
First commit of updated ResourceServer 2013-12-17 05:17:03 +05:30			`* @return self`
Starting the reorganization 2012-12-29 01:42:16 +05:30			`*/`
First commit of updated ResourceServer 2013-12-17 05:17:03 +05:30			`public function __construct(`
			`SessionInterface $sessionStorage,`
Added abstract server 2014-01-10 23:00:12 +05:30			`AccessTokenInterface $accessTokenStorage,`
			`ClientInterface $clientStorage,`
			`ScopeInterface $scopeStorage`
First commit of updated ResourceServer 2013-12-17 05:17:03 +05:30			`) {`
Removed generic getStorage method and replaced with distinct calls to getters 2014-11-07 07:50:06 +05:30			`$this->setSessionStorage($sessionStorage);`
			`$this->setAccessTokenStorage($accessTokenStorage);`
			`$this->setClientStorage($clientStorage);`
			`$this->setScopeStorage($scopeStorage);`
Added abstract server 2014-01-10 23:00:12 +05:30
Set default token type as bearer for Resource Server 2014-05-07 21:40:52 +05:30			`// Set Bearer as the default token type`
CS fixes 2014-11-08 23:56:12 +05:30			`$this->setTokenType(new Bearer());`
Set default token type as bearer for Resource Server 2014-05-07 21:40:52 +05:30
Added league/event and implemented SessionOwnerEvent 2014-07-11 19:43:28 +05:30			`parent::__construct();`

First commit of updated ResourceServer 2013-12-17 05:17:03 +05:30			`return $this;`
Fixing Resource bugs and moving the Request dep to a setter. 2013-01-05 03:51:24 +05:30			`}`
Starting the reorganization 2012-12-29 01:42:16 +05:30
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`/**`
			`* Sets the query string key for the access token.`
CS fixes 2014-12-10 18:40:35 +05:30			`*`
Docbloc improvements 2014-11-12 23:40:29 +05:30			`* @param string $key The new query string key`
CS fixes 2014-12-10 18:40:35 +05:30			`*`
First commit of updated ResourceServer 2013-12-17 05:17:03 +05:30			`* @return self`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`*/`
Lotsa bug fixes and updates 2014-07-11 22:57:03 +05:30			`public function setIdKey($key)`
Various bug fixes 2013-02-05 21:50:45 +05:30			`{`
			`$this->tokenKey = $key;`
More CS fixer changes 2014-05-03 15:23:57 +05:30
Make sure $this is returned 2013-11-26 05:28:42 +05:30			`return $this;`
Various bug fixes 2013-02-05 21:50:45 +05:30			`}`

Started adding some Server methods, adding some Util classes and adding a way to get the token from the Resource 2013-01-22 21:55:51 +05:30			`/**`
First commit of updated ResourceServer 2013-12-17 05:17:03 +05:30			`* Gets the access token`
CS fixes 2014-12-10 18:40:35 +05:30			`*`
Update ResourceServer.php 2014-11-09 14:15:20 +05:30			`* @return \League\OAuth2\Server\Entity\AccessTokenEntity`
Started adding some Server methods, adding some Util classes and adding a way to get the token from the Resource 2013-01-22 21:55:51 +05:30			`*/`
			`public function getAccessToken()`
			`{`
Update ResourceServer.php 2014-11-09 14:15:20 +05:30			`return $this->accessToken;`
Started adding some Server methods, adding some Util classes and adding a way to get the token from the Resource 2013-01-22 21:55:51 +05:30			`}`

Updated with new entity names 2014-05-02 21:51:53 +05:30			`/**`
			`* Checks if the access token is valid or not`
CS fixes 2014-12-10 18:40:35 +05:30			`*`
Boyscouting the php docs to always use FQCNs 2015-01-23 15:43:41 +05:30			`* @param bool $headerOnly Limit Access Token to Authorization header`
			`* @param \League\OAuth2\Server\Entity\AccessTokenEntity\|null $accessToken Access Token`
Docbloc improvements 2014-11-12 23:40:29 +05:30			`*`
Updated with new entity names 2014-05-02 21:51:53 +05:30			`* @return bool`
Docbloc improvements 2014-11-12 23:40:29 +05:30			`*`
Boyscouting the php docs to always use FQCNs 2015-01-23 15:43:41 +05:30			`* @throws \League\OAuth2\Server\Exception\AccessDeniedException`
Updated with new entity names 2014-05-02 21:51:53 +05:30			`*/`
Boyscouting the php docs to always use FQCNs 2015-01-23 15:43:41 +05:30			`public function isValidRequest($headerOnly = true, $accessToken = null)`
Updated with new entity names 2014-05-02 21:51:53 +05:30			`{`
PHPCS fixes 2014-05-03 15:38:33 +05:30			`$accessTokenString = ($accessToken !== null)`
			`? $accessToken`
Boyscouting the php docs to always use FQCNs 2015-01-23 15:43:41 +05:30			`: $this->determineAccessToken($headerOnly);`
Updated with new entity names 2014-05-02 21:51:53 +05:30
			`// Set the access token`
Removed generic getStorage method and replaced with distinct calls to getters 2014-11-07 07:50:06 +05:30			`$this->accessToken = $this->getAccessTokenStorage()->get($accessTokenString);`
More CS fixer changes 2014-05-03 15:23:57 +05:30
Fix #231 2014-11-08 22:14:39 +05:30			`// Ensure the access token exists`
Throw correct exception when access token is invalid 2014-05-08 14:59:40 +05:30			`if (!$this->accessToken instanceof AccessTokenEntity) {`
Boyscouting the php docs to always use FQCNs 2015-01-23 15:43:41 +05:30			`throw new AccessDeniedException();`
Fix #231 2014-11-08 22:14:39 +05:30			`}`

			`// Check the access token hasn't expired`
			`// Ensure the auth code hasn't expired`
			`if ($this->accessToken->isExpired() === true) {`
Boyscouting the php docs to always use FQCNs 2015-01-23 15:43:41 +05:30			`throw new AccessDeniedException();`
Throw correct exception when access token is invalid 2014-05-08 14:59:40 +05:30			`}`

			`return true;`
Updated with new entity names 2014-05-02 21:51:53 +05:30			`}`

Fixing Resource bugs and moving the Request dep to a setter. 2013-01-05 03:51:24 +05:30			`/**`
First commit of updated ResourceServer 2013-12-17 05:17:03 +05:30			`* Reads in the access token from the headers`
CS fixes 2014-12-10 18:40:35 +05:30			`*`
Boyscouting the php docs to always use FQCNs 2015-01-23 15:43:41 +05:30			`* @param bool $headerOnly Limit Access Token to Authorization header`
CS fixes 2014-12-10 18:40:35 +05:30			`*`
Boyscouting the php docs to always use FQCNs 2015-01-23 15:43:41 +05:30			`* @throws \League\OAuth2\Server\Exception\InvalidRequestException Thrown if there is no access token presented`
CS fixes 2014-12-10 18:40:35 +05:30			`*`
Fixing Resource bugs and moving the Request dep to a setter. 2013-01-05 03:51:24 +05:30			`* @return string`
			`*/`
Boyscouting the php docs to always use FQCNs 2015-01-23 15:43:41 +05:30			`public function determineAccessToken($headerOnly = false)`
Starting the reorganization 2012-12-29 01:42:16 +05:30			`{`
Use token type to determine access token in header 2014-05-07 21:51:24 +05:30			`if ($this->getRequest()->headers->get('Authorization') !== null) {`
			`$accessToken = $this->getTokenType()->determineAccessTokenInHeader($this->getRequest());`
Boyscouting the php docs to always use FQCNs 2015-01-23 15:43:41 +05:30			`} elseif ($headerOnly === false) {`
Throw correct exception when access token is invalid 2014-05-08 14:59:40 +05:30			`$accessToken = ($this->getRequest()->server->get('REQUEST_METHOD') === 'GET')`
			`? $this->getRequest()->query->get($this->tokenKey)`
			`: $this->getRequest()->request->get($this->tokenKey);`
Starting the reorganization 2012-12-29 01:42:16 +05:30			`}`

Changed variable syntax style to be PSR2 2013-05-05 22:35:46 +05:30			`if (empty($accessToken)) {`
Boyscouting the php docs to always use FQCNs 2015-01-23 15:43:41 +05:30			`throw new InvalidRequestException('access token');`
Starting the reorganization 2012-12-29 01:42:16 +05:30			`}`

Changed variable syntax style to be PSR2 2013-05-05 22:35:46 +05:30			`return $accessToken;`
Starting the reorganization 2012-12-29 01:42:16 +05:30			`}`
			`}`