oauth2-server/src/AuthorizationServer.php

<?php
/**
 * @author      Alex Bilbie <hello@alexbilbie.com>
 * @copyright   Copyright (c) Alex Bilbie
 * @license     http://mit-license.org/
 *
 * @link        https://github.com/thephpleague/oauth2-server
 */

namespace League\OAuth2\Server;

use League\Event\EmitterAwareInterface;
use League\Event\EmitterAwareTrait;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Grant\GrantTypeInterface;
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
use League\OAuth2\Server\ResponseTypes\BearerTokenResponse;
use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;

class AuthorizationServer implements EmitterAwareInterface
{
    use EmitterAwareTrait;

    /**
     * @var GrantTypeInterface[]
     */
    protected $enabledGrantTypes = [];

    /**
     * @var \DateInterval[]
     */
    protected $grantTypeAccessTokenTTL = [];

    /**
     * @var CryptKey
     */
    protected $privateKey;

    /**
     * @var CryptKey
     */
    protected $publicKey;

    /**
     * @var null|ResponseTypeInterface
     */
    protected $responseType;

    /**
     * @var ClientRepositoryInterface
     */
    private $clientRepository;

    /**
     * @var AccessTokenRepositoryInterface
     */
    private $accessTokenRepository;

    /**
     * @var ScopeRepositoryInterface
     */
    private $scopeRepository;

    /**
     * @var string
     */
    private $encryptionKey;

    /**
     * @var string
     */
    private $defaultScope = '';

    /**
     * New server instance.
     *
     * @param ClientRepositoryInterface      $clientRepository
     * @param AccessTokenRepositoryInterface $accessTokenRepository
     * @param ScopeRepositoryInterface       $scopeRepository
     * @param CryptKey|string                $privateKey
     * @param string                         $encryptionKey
     * @param null|ResponseTypeInterface     $responseType
     */
    public function __construct(
        ClientRepositoryInterface $clientRepository,
        AccessTokenRepositoryInterface $accessTokenRepository,
        ScopeRepositoryInterface $scopeRepository,
        $privateKey,
        $encryptionKey,
        ResponseTypeInterface $responseType = null
    ) {
        $this->clientRepository = $clientRepository;
        $this->accessTokenRepository = $accessTokenRepository;
        $this->scopeRepository = $scopeRepository;

        if ($privateKey instanceof CryptKey === false) {
            $privateKey = new CryptKey($privateKey);
        }
        $this->privateKey = $privateKey;
        $this->encryptionKey = $encryptionKey;
        $this->responseType = $responseType;
    }

    /**
     * Enable a grant type on the server.
     *
     * @param GrantTypeInterface $grantType
     * @param null|\DateInterval $accessTokenTTL
     */
    public function enableGrantType(GrantTypeInterface $grantType, \DateInterval $accessTokenTTL = null)
    {
        if ($accessTokenTTL instanceof \DateInterval === false) {
            $accessTokenTTL = new \DateInterval('PT1H');
        }

        $grantType->setAccessTokenRepository($this->accessTokenRepository);
        $grantType->setClientRepository($this->clientRepository);
        $grantType->setScopeRepository($this->scopeRepository);
        $grantType->setDefaultScope($this->defaultScope);
        $grantType->setPrivateKey($this->privateKey);
        $grantType->setEmitter($this->getEmitter());
        $grantType->setEncryptionKey($this->encryptionKey);

        $this->enabledGrantTypes[$grantType->getIdentifier()] = $grantType;
        $this->grantTypeAccessTokenTTL[$grantType->getIdentifier()] = $accessTokenTTL;
    }

    /**
     * Validate an authorization request
     *
     * @param ServerRequestInterface $request
     *
     * @throws OAuthServerException
     *
     * @return AuthorizationRequest
     */
    public function validateAuthorizationRequest(ServerRequestInterface $request)
    {
        foreach ($this->enabledGrantTypes as $grantType) {
            if ($grantType->canRespondToAuthorizationRequest($request)) {
                return $grantType->validateAuthorizationRequest($request);
            }
        }

        throw OAuthServerException::unsupportedGrantType();
    }

    /**
     * Complete an authorization request
     *
     * @param AuthorizationRequest $authRequest
     * @param ResponseInterface    $response
     *
     * @return ResponseInterface
     */
    public function completeAuthorizationRequest(AuthorizationRequest $authRequest, ResponseInterface $response)
    {
        return $this->enabledGrantTypes[$authRequest->getGrantTypeId()]
            ->completeAuthorizationRequest($authRequest)
            ->generateHttpResponse($response);
    }

    /**
     * Return an access token response.
     *
     * @param ServerRequestInterface $request
     * @param ResponseInterface      $response
     *
     * @throws OAuthServerException
     *
     * @return ResponseInterface
     */
    public function respondToAccessTokenRequest(ServerRequestInterface $request, ResponseInterface $response)
    {
        foreach ($this->enabledGrantTypes as $grantType) {
            if (!$grantType->canRespondToAccessTokenRequest($request)) {
                continue;
            }
            $tokenResponse = $grantType->respondToAccessTokenRequest(
                $request,
                $this->getResponseType(),
                $this->grantTypeAccessTokenTTL[$grantType->getIdentifier()]
            );

            if ($tokenResponse instanceof ResponseTypeInterface) {
                return $tokenResponse->generateHttpResponse($response);
            }
            
        }

        throw OAuthServerException::unsupportedGrantType();
    }

    /**
     * Get the token type that grants will return in the HTTP response.
     *
     * @return ResponseTypeInterface
     */
    protected function getResponseType()
    {
        if ($this->responseType instanceof ResponseTypeInterface === false) {
            $this->responseType = new BearerTokenResponse();
        }

        $this->responseType->setPrivateKey($this->privateKey);
        $this->responseType->setEncryptionKey($this->encryptionKey);

        return $this->responseType;
    }

    /**
     * Set the default scope for the authorization server.
     *
     * @param string $defaultScope
     */
    public function setDefaultScope($defaultScope)
    {
        $this->defaultScope = $defaultScope;
    }
}
First commit of new server class 2015-04-05 17:03:06 +01:00			`<?php`
Added copyright docblocks 2016-04-17 13:06:05 +01:00			`/**`
			`* @author Alex Bilbie <hello@alexbilbie.com>`
			`* @copyright Copyright (c) Alex Bilbie`
			`* @license http://mit-license.org/`
Apply fixes from StyleCI 2017-10-23 15:26:10 +00:00			`*`
Added copyright docblocks 2016-04-17 13:06:05 +01:00			`* @link https://github.com/thephpleague/oauth2-server`
			`*/`
Refactored constructor to set defaults, added new setter methods for default token TTL and default token type 2015-04-06 08:32:44 +01:00
First commit of new server class 2015-04-05 17:03:06 +01:00			`namespace League\OAuth2\Server;`

Checkin 2015-10-14 09:51:53 +01:00			`use League\Event\EmitterAwareInterface;`
			`use League\Event\EmitterAwareTrait;`
Updates 2015-11-13 17:41:05 +00:00			`use League\OAuth2\Server\Exception\OAuthServerException;`
Checkin 2015-10-14 09:51:53 +01:00			`use League\OAuth2\Server\Grant\GrantTypeInterface;`
New server constructor 2016-01-17 14:03:41 +00:00			`use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;`
			`use League\OAuth2\Server\Repositories\ClientRepositoryInterface;`
			`use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;`
Updated server methods 2016-04-10 11:48:32 +01:00			`use League\OAuth2\Server\RequestTypes\AuthorizationRequest;`
Updates 2015-11-13 17:41:05 +00:00			`use League\OAuth2\Server\ResponseTypes\BearerTokenResponse;`
			`use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;`
allow middleware use 2016-01-15 14:02:47 +01:00			`use Psr\Http\Message\ResponseInterface;`
Checkin 2015-10-14 09:51:53 +01:00			`use Psr\Http\Message\ServerRequestInterface;`
First commit of new server class 2015-04-05 17:03:06 +01:00
Renamed Server to AuthorizationServer 2016-04-17 12:54:25 +01:00			`class AuthorizationServer implements EmitterAwareInterface`
First commit of new server class 2015-04-05 17:03:06 +01:00			`{`
Checkin 2015-10-14 09:51:53 +01:00			`use EmitterAwareTrait;`

First commit of new server class 2015-04-05 17:03:06 +01:00			`/**`
Updated PHPDoc 2016-07-09 01:00:44 +02:00			`* @var GrantTypeInterface[]`
First commit of new server class 2015-04-05 17:03:06 +01:00			`*/`
			`protected $enabledGrantTypes = [];`

			`/**`
abstract access token validation 2016-02-12 14:19:47 +01:00			`* @var \DateInterval[]`
First commit of new server class 2015-04-05 17:03:06 +01:00			`*/`
			`protected $grantTypeAccessTokenTTL = [];`

deferred default objects creation 2016-01-15 12:41:48 +01:00			`/**`
Updated PHPDoc 2016-07-09 01:00:44 +02:00			`* @var CryptKey`
deferred default objects creation 2016-01-15 12:41:48 +01:00			`*/`
handle RSA key passphrase 2016-03-28 16:42:34 +02:00			`protected $privateKey;`
deferred default objects creation 2016-01-15 12:41:48 +01:00
First commit of new server class 2015-04-05 17:03:06 +01:00			`/**`
Updated PHPDoc 2016-07-09 01:00:44 +02:00			`* @var CryptKey`
First commit of new server class 2015-04-05 17:03:06 +01:00			`*/`
handle RSA key passphrase 2016-03-28 16:42:34 +02:00			`protected $publicKey;`
First commit of new server class 2015-04-05 17:03:06 +01:00
			`/**`
Updated PHPDoc 2016-07-09 01:00:44 +02:00			`* @var null\|ResponseTypeInterface`
First commit of new server class 2015-04-05 17:03:06 +01:00			`*/`
handle RSA key passphrase 2016-03-28 16:42:34 +02:00			`protected $responseType;`
First commit of new server class 2015-04-05 17:03:06 +01:00
Checkin 2015-10-14 09:51:53 +01:00			`/**`
Updated PHPDoc 2016-07-09 01:00:44 +02:00			`* @var ClientRepositoryInterface`
Checkin 2015-10-14 09:51:53 +01:00			`*/`
New server constructor 2016-01-17 14:03:41 +00:00			`private $clientRepository;`

			`/**`
Updated PHPDoc 2016-07-09 01:00:44 +02:00			`* @var AccessTokenRepositoryInterface`
New server constructor 2016-01-17 14:03:41 +00:00			`*/`
			`private $accessTokenRepository;`

			`/**`
Updated PHPDoc 2016-07-09 01:00:44 +02:00			`* @var ScopeRepositoryInterface`
New server constructor 2016-01-17 14:03:41 +00:00			`*/`
			`private $scopeRepository;`
Refactored constructor to set defaults, added new setter methods for default token TTL and default token type 2015-04-06 08:32:44 +01:00
New property on AuthorizationServer to receive an encryption key which is used for future encryption/decryption instead of keybased encryption/decryption 2017-07-01 15:57:40 +01:00			`/**`
			`* @var string`
			`*/`
			`private $encryptionKey;`

Set a default scope for the authorization server 2017-10-18 22:09:53 +01:00			`/**`
			`* @var string`
			`*/`
Fix tests as no longer set the default scope in the constructor Use new setDefaultScope() method instead. Also changed default scope to be a blank string instead of null 2017-10-30 23:48:02 +00:00			`private $defaultScope = '';`
Set a default scope for the authorization server 2017-10-18 22:09:53 +01:00
Refactored constructor to set defaults, added new setter methods for default token TTL and default token type 2015-04-06 08:32:44 +01:00			`/**`
Applied fixes from StyleCI 2016-02-19 18:09:39 -05:00			`* New server instance.`
First commit of new server class 2015-04-05 17:03:06 +01:00			`*`
Updated PHPDoc 2016-07-09 01:00:44 +02:00			`* @param ClientRepositoryInterface $clientRepository`
			`* @param AccessTokenRepositoryInterface $accessTokenRepository`
			`* @param ScopeRepositoryInterface $scopeRepository`
			`* @param CryptKey\|string $privateKey`
AuthorizationServer no longer needs to know about the public key 2017-07-01 18:11:10 +01:00			`* @param string $encryptionKey`
Updated PHPDoc 2016-07-09 01:00:44 +02:00			`* @param null\|ResponseTypeInterface $responseType`
First commit of new server class 2015-04-05 17:03:06 +01:00			`*/`
New server constructor 2016-01-17 14:03:41 +00:00			`public function __construct(`
			`ClientRepositoryInterface $clientRepository,`
			`AccessTokenRepositoryInterface $accessTokenRepository,`
			`ScopeRepositoryInterface $scopeRepository,`
handle RSA key passphrase 2016-03-28 16:42:34 +02:00			`$privateKey,`
AuthorizationServer no longer needs to know about the public key 2017-07-01 18:11:10 +01:00			`$encryptionKey,`
Removed unused methods 2016-04-17 12:42:42 +01:00			`ResponseTypeInterface $responseType = null`
New server constructor 2016-01-17 14:03:41 +00:00			`) {`
			`$this->clientRepository = $clientRepository;`
			`$this->accessTokenRepository = $accessTokenRepository;`
			`$this->scopeRepository = $scopeRepository;`
handle RSA key passphrase 2016-03-28 16:42:34 +02:00
Explicitly compare to false when checking not instanceof 2016-07-09 12:09:21 +02:00			`if ($privateKey instanceof CryptKey === false) {`
handle RSA key passphrase 2016-03-28 16:42:34 +02:00			`$privateKey = new CryptKey($privateKey);`
			`}`
			`$this->privateKey = $privateKey;`
AuthorizationServer no longer needs to know about the public key 2017-07-01 18:11:10 +01:00			`$this->encryptionKey = $encryptionKey;`
Removed default wording as there is no override 2016-01-17 14:23:18 +00:00			`$this->responseType = $responseType;`
Refactored constructor to set defaults, added new setter methods for default token TTL and default token type 2015-04-06 08:32:44 +01:00			`}`
First commit of new server class 2015-04-05 17:03:06 +01:00
			`/**`
Applied fixes from StyleCI 2016-02-19 18:09:39 -05:00			`* Enable a grant type on the server.`
First commit of new server class 2015-04-05 17:03:06 +01:00			`*`
Updated PHPDoc 2016-07-09 01:00:44 +02:00			`* @param GrantTypeInterface $grantType`
			`* @param null\|\DateInterval $accessTokenTTL`
First commit of new server class 2015-04-05 17:03:06 +01:00			`*/`
Updated PHPDoc 2016-07-09 01:00:44 +02:00			`public function enableGrantType(GrantTypeInterface $grantType, \DateInterval $accessTokenTTL = null)`
configurable refresh token TTL per grant 2016-01-21 18:11:53 +01:00			`{`
Explicitly compare to false when checking not instanceof 2016-07-09 12:09:21 +02:00			`if ($accessTokenTTL instanceof \DateInterval === false) {`
Lazy set $accessTokenTTL 2016-04-10 14:31:05 +01:00			`$accessTokenTTL = new \DateInterval('PT1H');`
			`}`

Inject required params into grant type 2016-01-17 14:03:07 +00:00			`$grantType->setAccessTokenRepository($this->accessTokenRepository);`
			`$grantType->setClientRepository($this->clientRepository);`
			`$grantType->setScopeRepository($this->scopeRepository);`
Revert previous change 2017-11-13 22:20:16 +00:00			`$grantType->setDefaultScope($this->defaultScope);`
handle RSA key passphrase 2016-03-28 16:42:34 +02:00			`$grantType->setPrivateKey($this->privateKey);`
Checkin 2015-10-14 09:51:53 +01:00			`$grantType->setEmitter($this->getEmitter());`
New property on AuthorizationServer to receive an encryption key which is used for future encryption/decryption instead of keybased encryption/decryption 2017-07-01 15:57:40 +01:00			`$grantType->setEncryptionKey($this->encryptionKey);`

allow refresh token ttl assign 2016-01-20 12:21:44 +01:00			`$this->enabledGrantTypes[$grantType->getIdentifier()] = $grantType;`
Removed default overrides 2016-01-17 14:03:33 +00:00			`$this->grantTypeAccessTokenTTL[$grantType->getIdentifier()] = $accessTokenTTL;`
First commit of new server class 2015-04-05 17:03:06 +01:00			`}`

Checkin 2016-04-10 10:07:08 +01:00			`/**`
Updated server methods 2016-04-10 11:48:32 +01:00			`* Validate an authorization request`
			`*`
Updated PHPDoc 2016-07-09 01:00:44 +02:00			`* @param ServerRequestInterface $request`
Checkin 2016-04-10 10:07:08 +01:00			`*`
Updated PHPDoc 2016-07-09 01:00:44 +02:00			`* @throws OAuthServerException`
Applied fixes from StyleCI 2016-04-10 06:48:46 -04:00			`*`
Updated PHPDoc 2016-07-09 01:00:44 +02:00			`* @return AuthorizationRequest`
Checkin 2016-04-10 10:07:08 +01:00			`*/`
Updated server methods 2016-04-10 11:48:32 +01:00			`public function validateAuthorizationRequest(ServerRequestInterface $request)`
Checkin 2016-04-10 10:07:08 +01:00			`{`
while(array_shift()) makes the AuthorizationServer class configuration mutable 2016-07-13 12:03:05 +02:00			`foreach ($this->enabledGrantTypes as $grantType) {`
Updated server methods 2016-04-10 11:48:32 +01:00			`if ($grantType->canRespondToAuthorizationRequest($request)) {`
while(array_shift()) makes the AuthorizationServer class configuration mutable 2016-07-13 12:03:05 +02:00			`return $grantType->validateAuthorizationRequest($request);`
Checkin 2016-04-10 10:07:08 +01:00			`}`
			`}`
Updated server methods 2016-04-10 11:48:32 +01:00
Checkin 2016-04-10 10:07:08 +01:00			`throw OAuthServerException::unsupportedGrantType();`
			`}`

Updated server methods 2016-04-10 11:48:32 +01:00			`/**`
			`* Complete an authorization request`
			`*`
Updated PHPDoc 2016-07-09 01:00:44 +02:00			`* @param AuthorizationRequest $authRequest`
			`* @param ResponseInterface $response`
Updated server methods 2016-04-10 11:48:32 +01:00			`*`
Updated PHPDoc 2016-07-09 01:00:44 +02:00			`* @return ResponseInterface`
Updated server methods 2016-04-10 11:48:32 +01:00			`*/`
			`public function completeAuthorizationRequest(AuthorizationRequest $authRequest, ResponseInterface $response)`
			`{`
			`return $this->enabledGrantTypes[$authRequest->getGrantTypeId()]`
			`->completeAuthorizationRequest($authRequest)`
			`->generateHttpResponse($response);`
			`}`

First commit of new server class 2015-04-05 17:03:06 +01:00			`/**`
Applied fixes from StyleCI 2016-02-19 18:09:39 -05:00			`* Return an access token response.`
First commit of new server class 2015-04-05 17:03:06 +01:00			`*`
Updated PHPDoc 2016-07-09 01:00:44 +02:00			`* @param ServerRequestInterface $request`
			`* @param ResponseInterface $response`
First commit of new server class 2015-04-05 17:03:06 +01:00			`*`
Updated PHPDoc 2016-07-09 01:00:44 +02:00			`* @throws OAuthServerException`
Applied fixes from StyleCI 2016-02-19 18:09:39 -05:00			`*`
Updated PHPDoc 2016-07-09 01:00:44 +02:00			`* @return ResponseInterface`
First commit of new server class 2015-04-05 17:03:06 +01:00			`*/`
Renamed server `respondToRequest` to `respondToAccessTokenRequest` 2016-04-09 16:20:30 +01:00			`public function respondToAccessTokenRequest(ServerRequestInterface $request, ResponseInterface $response)`
First commit of new server class 2015-04-05 17:03:06 +01:00			`{`
while(array_shift()) makes the AuthorizationServer class configuration mutable 2016-07-13 12:03:05 +02:00			`foreach ($this->enabledGrantTypes as $grantType) {`
flatten code 2017-11-23 21:26:39 +03:30			`if (!$grantType->canRespondToAccessTokenRequest($request)) {`
			`continue;`
while(array_shift()) makes the AuthorizationServer class configuration mutable 2016-07-13 12:03:05 +02:00			`}`
flatten code 2017-11-23 21:26:39 +03:30			`$tokenResponse = $grantType->respondToAccessTokenRequest(`
			`$request,`
			`$this->getResponseType(),`
			`$this->grantTypeAccessTokenTTL[$grantType->getIdentifier()]`
			`);`

			`if ($tokenResponse instanceof ResponseTypeInterface) {`
			`return $tokenResponse->generateHttpResponse($response);`
			`}`

allow middleware use 2016-01-15 14:02:47 +01:00			`}`
include CryptTrait tests, allow Server::respondToRequest trhow exceptions and fix ResposeType tests 2016-03-18 00:25:32 +01:00
			`throw OAuthServerException::unsupportedGrantType();`
allow middleware use 2016-01-15 14:02:47 +01:00			`}`
allow refresh token ttl assign 2016-01-20 12:21:44 +01:00
			`/**`
Applied fixes from StyleCI 2016-02-19 18:09:39 -05:00			`* Get the token type that grants will return in the HTTP response.`
allow refresh token ttl assign 2016-01-20 12:21:44 +01:00			`*`
			`* @return ResponseTypeInterface`
			`*/`
abstract access token validation 2016-02-12 14:19:47 +01:00			`protected function getResponseType()`
allow refresh token ttl assign 2016-01-20 12:21:44 +01:00			`{`
Explicitly compare to false when checking not instanceof 2016-07-09 12:09:21 +02:00			`if ($this->responseType instanceof ResponseTypeInterface === false) {`
Removed unnecessary parameter usage 2016-04-18 12:10:57 +01:00			`$this->responseType = new BearerTokenResponse();`
allow refresh token ttl assign 2016-01-20 12:21:44 +01:00			`}`

handle RSA key passphrase 2016-03-28 16:42:34 +02:00			`$this->responseType->setPrivateKey($this->privateKey);`
Ensure response type also has access to the encryption key 2017-07-01 16:29:50 +01:00			`$this->responseType->setEncryptionKey($this->encryptionKey);`
Fix #468 and #473 2016-03-17 14:37:21 +00:00
allow refresh token ttl assign 2016-01-20 12:21:44 +01:00			`return $this->responseType;`
			`}`
Fix tests as no longer set the default scope in the constructor Use new setDefaultScope() method instead. Also changed default scope to be a blank string instead of null 2017-10-30 23:48:02 +00:00
			`/**`
			`* Set the default scope for the authorization server.`
			`*`
			`* @param string $defaultScope`
			`*/`
			`public function setDefaultScope($defaultScope)`
			`{`
			`$this->defaultScope = $defaultScope;`
			`}`
First commit of new server class 2015-04-05 17:03:06 +01:00			`}`