oauth2-server/src/oauth2server/Server.php

159 lines
4.8 KiB
PHP
Raw Normal View History

2012-07-05 22:08:58 +05:30
<?php
namespace LNCD\OAuth2server;
2012-07-06 22:12:50 +05:30
class OAuthServerClientException extends Exception {}
2012-07-06 21:14:07 +05:30
class OAuthServerUserException extends Exception {}
class OAuthServerException extends Exception {}
2012-07-05 22:08:58 +05:30
class Server
{
2012-07-06 22:18:20 +05:30
private $db = null;
2012-07-06 22:13:55 +05:30
private $config = array(
'response_types' => array(
'code'
),
'scope_delimeter' => ','
);
2012-07-06 21:14:24 +05:30
protected $errors = array(
2012-07-06 22:22:47 +05:30
'invalid_request' => 'The request is missing a required parameter,
includes an invalid parameter value, includes a parameter more than
once, or is otherwise malformed.',
'unauthorized_client' => 'The client is not authorized to request an
access token using this method.',
'access_denied' => 'The resource owner or authorization server denied
the request.',
'unsupported_response_type' => 'The authorization server does not
support obtaining an access token using this method.',
'invalid_scope' => 'The requested scope is invalid, unknown, or
malformed.',
'server_error' => 'The authorization server encountered an unexpected
condition which prevented it from fulfilling the request.',
'temporarily_unavailable' => 'The authorization server is currently
unable to handle the request due to a temporary overloading or
maintenance of the server.'
2012-07-06 21:14:24 +05:30
);
2012-07-05 22:08:58 +05:30
2012-07-06 22:13:55 +05:30
public function __construct(array $options)
{
$this->options = array_merge($this->config, $options);
}
2012-07-06 22:13:33 +05:30
public function registerDbAbstractor(object $db)
2012-07-05 22:08:58 +05:30
{
2012-07-06 22:13:33 +05:30
$this->db = $db;
2012-07-05 22:08:58 +05:30
}
2012-07-06 22:18:20 +05:30
public function checkAuthoriseParams(array $authParams = null)
2012-07-05 22:08:58 +05:30
{
2012-07-06 22:14:12 +05:30
$params = array();
2012-07-05 22:08:58 +05:30
2012-07-06 22:14:12 +05:30
// Client ID
if ( ! isset($authParams['client_id']) && ! isset($_GET['client_id'])) {
2012-07-06 22:22:47 +05:30
throw new OAuthServerClientException('invalid_request: ' .
$this->errors['invalid_request']);
2012-07-06 22:14:12 +05:30
} else {
$params['client_id'] = (isset($authParams['client_id'])) ?
$authParams['client_id'] : $_GET['client_id'];
}
// Redirect URI
2012-07-06 22:22:47 +05:30
if ( ! isset($authParams['redirect_uri']) &&
! isset($_GET['redirect_uri'])) {
2012-07-06 22:14:12 +05:30
2012-07-06 22:22:47 +05:30
throw new OAuthServerClientException('invalid_request: ' .
$this->errors['invalid_request']);
2012-07-06 22:14:12 +05:30
} else {
$params['redirect_uri'] = (isset($authParams['redirect_uri'])) ?
$authParams['redirect_uri'] : $_GET['redirect_uri'];
}
// Validate client ID and redirect URI
2012-07-06 22:22:47 +05:30
$clientDetails = $this->db->validateClient($params['client_id'], null,
$params['redirect_uri']);
2012-07-06 22:14:12 +05:30
if ($clientDetails === false) {
2012-07-06 22:22:47 +05:30
throw new OAuthServerClientException('unauthorized_client: ' .
$this->errors['unauthorized_client']);
2012-07-06 22:14:12 +05:30
}
// Response type
2012-07-06 22:22:47 +05:30
if ( ! isset($authParams['response_type']) &&
! isset($_GET['response_type'])) {
2012-07-06 22:14:12 +05:30
2012-07-06 22:22:47 +05:30
throw new OAuthServerClientException('invalid_request: ' .
$this->errors['invalid_request']);
2012-07-06 22:14:12 +05:30
} else {
$params['response_type'] = (isset($authParams['response_type'])) ?
$authParams['response_type'] : $_GET['response_type'];
// Ensure response type is one that is recognised
2012-07-06 22:22:47 +05:30
if ( ! in_array($params['response_type'],
$this->config['response_types'])) {
2012-07-06 22:14:12 +05:30
2012-07-06 22:22:47 +05:30
throw new OAuthServerClientException('unsupported_response_type:
' . $this->errors['unsupported_response_type']);
2012-07-06 22:14:12 +05:30
}
}
// Get and validate scopes
if (isset($authParams['scope']) || isset($_GET['scope'])) {
2012-07-06 22:22:47 +05:30
$scopes = $_GET['scope'];
if (isset($authParams['client_id'])) {
$authParams['scope'];
}
2012-07-06 22:14:12 +05:30
$scopes = explode($this->config['scope_delimeter'], $scopes);
for ($i = 0; $i++; $i < count($scopes)) {
2012-07-06 22:14:12 +05:30
$scopes[$i] = trim($scopes[$i]);
if ($scopes[$i] === '') {
unset($scopes[$i]);
}
}
if (count($scopes) === 0) {
2012-07-06 22:22:47 +05:30
throw new OAuthServerClientException('invalid_request: ' .
$this->errors['invalid_request']);
2012-07-06 22:14:12 +05:30
}
$params['scopes'] = array();
foreach ($scopes as $scope) {
2012-07-06 22:14:12 +05:30
$scopeDetails = $this->db->getScope($scope);
if ($scopeDetails === false) {
2012-07-06 22:22:47 +05:30
throw new OAuthServerClientException('invalid_scope: ' .
$this->errors['invalid_scope']);
2012-07-06 22:14:12 +05:30
}
$params['scopes'][] = $scopeDetails;
}
}
return $params;
2012-07-05 22:08:58 +05:30
}
}