2012-12-29 01:42:16 +05:30
|
|
|
<?php
|
2013-02-13 02:03:23 +05:30
|
|
|
/**
|
|
|
|
* OAuth 2.0 Resource Server
|
|
|
|
*
|
2014-01-08 21:45:29 +05:30
|
|
|
* @package league/oauth2-server
|
2013-02-13 02:03:23 +05:30
|
|
|
* @author Alex Bilbie <hello@alexbilbie.com>
|
2014-03-10 01:04:23 +05:30
|
|
|
* @copyright Copyright (c) Alex Bilbie
|
2013-02-13 02:03:23 +05:30
|
|
|
* @license http://mit-license.org/
|
2014-03-10 01:35:38 +05:30
|
|
|
* @link https://github.com/thephpleague/oauth2-server
|
2013-02-13 02:03:23 +05:30
|
|
|
*/
|
2012-12-29 01:42:16 +05:30
|
|
|
|
2013-05-09 00:12:23 +05:30
|
|
|
namespace League\OAuth2\Server;
|
2012-12-29 01:42:16 +05:30
|
|
|
|
2014-11-08 23:56:12 +05:30
|
|
|
use League\OAuth2\Server\Entity\AccessTokenEntity;
|
2015-01-23 15:43:41 +05:30
|
|
|
use League\OAuth2\Server\Exception\AccessDeniedException;
|
|
|
|
use League\OAuth2\Server\Exception\InvalidRequestException;
|
2014-01-10 23:00:12 +05:30
|
|
|
use League\OAuth2\Server\Storage\AccessTokenInterface;
|
2014-11-08 23:56:12 +05:30
|
|
|
use League\OAuth2\Server\Storage\ClientInterface;
|
2014-01-10 23:00:12 +05:30
|
|
|
use League\OAuth2\Server\Storage\ScopeInterface;
|
2014-11-08 23:56:12 +05:30
|
|
|
use League\OAuth2\Server\Storage\SessionInterface;
|
2014-05-07 21:51:24 +05:30
|
|
|
use League\OAuth2\Server\TokenType\Bearer;
|
2012-12-29 01:42:16 +05:30
|
|
|
|
2013-02-13 02:03:23 +05:30
|
|
|
/**
|
|
|
|
* OAuth 2.0 Resource Server
|
|
|
|
*/
|
2014-02-24 20:13:26 +05:30
|
|
|
class ResourceServer extends AbstractServer
|
2012-12-29 01:42:16 +05:30
|
|
|
{
|
2013-02-13 02:03:23 +05:30
|
|
|
/**
|
|
|
|
* The access token
|
2014-12-10 18:40:35 +05:30
|
|
|
*
|
2014-11-07 07:50:06 +05:30
|
|
|
* @var \League\OAuth2\Server\Entity\AccessTokenEntity
|
2013-02-13 02:03:23 +05:30
|
|
|
*/
|
2014-01-17 22:46:52 +05:30
|
|
|
protected $accessToken;
|
2012-12-29 01:42:16 +05:30
|
|
|
|
2013-02-13 02:03:23 +05:30
|
|
|
/**
|
2013-12-17 05:17:03 +05:30
|
|
|
* The query string key which is used by clients to present the access token (default: access_token)
|
2014-12-10 18:40:35 +05:30
|
|
|
*
|
2013-02-13 02:03:23 +05:30
|
|
|
* @var string
|
|
|
|
*/
|
2013-12-17 05:17:03 +05:30
|
|
|
protected $tokenKey = 'access_token';
|
2012-12-29 01:42:16 +05:30
|
|
|
|
|
|
|
/**
|
2013-12-17 05:17:03 +05:30
|
|
|
* Initialise the resource server
|
2014-12-10 18:40:35 +05:30
|
|
|
*
|
2015-01-23 15:43:41 +05:30
|
|
|
* @param \League\OAuth2\Server\Storage\SessionInterface $sessionStorage
|
|
|
|
* @param \League\OAuth2\Server\Storage\AccessTokenInterface $accessTokenStorage
|
|
|
|
* @param \League\OAuth2\Server\Storage\ClientInterface $clientStorage
|
|
|
|
* @param \League\OAuth2\Server\Storage\ScopeInterface $scopeStorage
|
2014-12-10 18:40:35 +05:30
|
|
|
*
|
2013-12-17 05:17:03 +05:30
|
|
|
* @return self
|
2012-12-29 01:42:16 +05:30
|
|
|
*/
|
2013-12-17 05:17:03 +05:30
|
|
|
public function __construct(
|
|
|
|
SessionInterface $sessionStorage,
|
2014-01-10 23:00:12 +05:30
|
|
|
AccessTokenInterface $accessTokenStorage,
|
|
|
|
ClientInterface $clientStorage,
|
|
|
|
ScopeInterface $scopeStorage
|
2013-12-17 05:17:03 +05:30
|
|
|
) {
|
2014-11-07 07:50:06 +05:30
|
|
|
$this->setSessionStorage($sessionStorage);
|
|
|
|
$this->setAccessTokenStorage($accessTokenStorage);
|
|
|
|
$this->setClientStorage($clientStorage);
|
|
|
|
$this->setScopeStorage($scopeStorage);
|
2014-01-10 23:00:12 +05:30
|
|
|
|
2014-05-07 21:40:52 +05:30
|
|
|
// Set Bearer as the default token type
|
2014-11-08 23:56:12 +05:30
|
|
|
$this->setTokenType(new Bearer());
|
2014-05-07 21:40:52 +05:30
|
|
|
|
2014-07-11 19:43:28 +05:30
|
|
|
parent::__construct();
|
|
|
|
|
2013-12-17 05:17:03 +05:30
|
|
|
return $this;
|
2013-01-05 03:51:24 +05:30
|
|
|
}
|
2012-12-29 01:42:16 +05:30
|
|
|
|
2013-02-13 02:03:23 +05:30
|
|
|
/**
|
|
|
|
* Sets the query string key for the access token.
|
2014-12-10 18:40:35 +05:30
|
|
|
*
|
2014-11-12 23:40:29 +05:30
|
|
|
* @param string $key The new query string key
|
2014-12-10 18:40:35 +05:30
|
|
|
*
|
2013-12-17 05:17:03 +05:30
|
|
|
* @return self
|
2013-02-13 02:03:23 +05:30
|
|
|
*/
|
2014-07-11 22:57:03 +05:30
|
|
|
public function setIdKey($key)
|
2013-02-05 21:50:45 +05:30
|
|
|
{
|
|
|
|
$this->tokenKey = $key;
|
2014-05-03 15:23:57 +05:30
|
|
|
|
2013-11-26 05:28:42 +05:30
|
|
|
return $this;
|
2013-02-05 21:50:45 +05:30
|
|
|
}
|
|
|
|
|
2013-01-22 21:55:51 +05:30
|
|
|
/**
|
2013-12-17 05:17:03 +05:30
|
|
|
* Gets the access token
|
2014-12-10 18:40:35 +05:30
|
|
|
*
|
2014-11-09 14:15:20 +05:30
|
|
|
* @return \League\OAuth2\Server\Entity\AccessTokenEntity
|
2013-01-22 21:55:51 +05:30
|
|
|
*/
|
|
|
|
public function getAccessToken()
|
|
|
|
{
|
2014-11-09 14:15:20 +05:30
|
|
|
return $this->accessToken;
|
2013-01-22 21:55:51 +05:30
|
|
|
}
|
|
|
|
|
2014-05-02 21:51:53 +05:30
|
|
|
/**
|
|
|
|
* Checks if the access token is valid or not
|
2014-12-10 18:40:35 +05:30
|
|
|
*
|
2015-01-23 15:43:41 +05:30
|
|
|
* @param bool $headerOnly Limit Access Token to Authorization header
|
|
|
|
* @param \League\OAuth2\Server\Entity\AccessTokenEntity|null $accessToken Access Token
|
2014-11-12 23:40:29 +05:30
|
|
|
*
|
2015-01-23 15:43:41 +05:30
|
|
|
* @throws \League\OAuth2\Server\Exception\AccessDeniedException
|
2015-01-23 15:51:12 +05:30
|
|
|
* @throws \League\OAuth2\Server\Exception\InvalidRequestException
|
|
|
|
*
|
|
|
|
* @return bool
|
2014-05-02 21:51:53 +05:30
|
|
|
*/
|
2015-01-23 15:43:41 +05:30
|
|
|
public function isValidRequest($headerOnly = true, $accessToken = null)
|
2014-05-02 21:51:53 +05:30
|
|
|
{
|
2014-05-03 15:38:33 +05:30
|
|
|
$accessTokenString = ($accessToken !== null)
|
|
|
|
? $accessToken
|
2015-01-23 15:43:41 +05:30
|
|
|
: $this->determineAccessToken($headerOnly);
|
2014-05-02 21:51:53 +05:30
|
|
|
|
|
|
|
// Set the access token
|
2014-11-07 07:50:06 +05:30
|
|
|
$this->accessToken = $this->getAccessTokenStorage()->get($accessTokenString);
|
2014-05-03 15:23:57 +05:30
|
|
|
|
2014-11-08 22:14:39 +05:30
|
|
|
// Ensure the access token exists
|
2014-05-08 14:59:40 +05:30
|
|
|
if (!$this->accessToken instanceof AccessTokenEntity) {
|
2015-01-23 15:43:41 +05:30
|
|
|
throw new AccessDeniedException();
|
2014-11-08 22:14:39 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
// Check the access token hasn't expired
|
|
|
|
// Ensure the auth code hasn't expired
|
|
|
|
if ($this->accessToken->isExpired() === true) {
|
2015-01-23 15:43:41 +05:30
|
|
|
throw new AccessDeniedException();
|
2014-05-08 14:59:40 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
return true;
|
2014-05-02 21:51:53 +05:30
|
|
|
}
|
|
|
|
|
2013-01-05 03:51:24 +05:30
|
|
|
/**
|
2013-12-17 05:17:03 +05:30
|
|
|
* Reads in the access token from the headers
|
2014-12-10 18:40:35 +05:30
|
|
|
*
|
2015-01-23 15:43:41 +05:30
|
|
|
* @param bool $headerOnly Limit Access Token to Authorization header
|
2014-12-10 18:40:35 +05:30
|
|
|
*
|
2015-01-23 15:43:41 +05:30
|
|
|
* @throws \League\OAuth2\Server\Exception\InvalidRequestException Thrown if there is no access token presented
|
2014-12-10 18:40:35 +05:30
|
|
|
*
|
2013-01-05 03:51:24 +05:30
|
|
|
* @return string
|
|
|
|
*/
|
2015-01-23 15:43:41 +05:30
|
|
|
public function determineAccessToken($headerOnly = false)
|
2012-12-29 01:42:16 +05:30
|
|
|
{
|
2014-05-07 21:51:24 +05:30
|
|
|
if ($this->getRequest()->headers->get('Authorization') !== null) {
|
|
|
|
$accessToken = $this->getTokenType()->determineAccessTokenInHeader($this->getRequest());
|
2015-01-23 15:43:41 +05:30
|
|
|
} elseif ($headerOnly === false) {
|
2014-05-08 14:59:40 +05:30
|
|
|
$accessToken = ($this->getRequest()->server->get('REQUEST_METHOD') === 'GET')
|
|
|
|
? $this->getRequest()->query->get($this->tokenKey)
|
|
|
|
: $this->getRequest()->request->get($this->tokenKey);
|
2012-12-29 01:42:16 +05:30
|
|
|
}
|
|
|
|
|
2013-05-05 22:35:46 +05:30
|
|
|
if (empty($accessToken)) {
|
2015-01-23 15:43:41 +05:30
|
|
|
throw new InvalidRequestException('access token');
|
2012-12-29 01:42:16 +05:30
|
|
|
}
|
|
|
|
|
2013-05-05 22:35:46 +05:30
|
|
|
return $accessToken;
|
2012-12-29 01:42:16 +05:30
|
|
|
}
|
|
|
|
}
|