oauth2-server/src/ResourceServer.php

<?php
/**
 * OAuth 2.0 Resource Server
 *
 * @package     league/oauth2-server
 * @author      Alex Bilbie <hello@alexbilbie.com>
 * @copyright   Copyright (c) Alex Bilbie
 * @license     http://mit-license.org/
 * @link        https://github.com/thephpleague/oauth2-server
 */

namespace League\OAuth2\Server;

use League\OAuth2\Server\Storage\ClientInterface;
use League\OAuth2\Server\Storage\AccessTokenInterface;
use League\OAuth2\Server\Storage\SessionInterface;
use League\OAuth2\Server\Storage\ScopeInterface;
use League\OAuth2\Server\Entity\AccessTokenEntity;
use League\OAuth2\Server\TokenType\Bearer;
use League\OAuth2\Server\Exception;
use Symfony\Component\HttpFoundation\Request;

/**
 * OAuth 2.0 Resource Server
 */
class ResourceServer extends AbstractServer
{
    /**
     * The access token
     * @var \League\OAuth2\Server\Entity\AccessTokenEntity
     */
    protected $accessToken;

    /**
     * The query string key which is used by clients to present the access token (default: access_token)
     * @var string
     */
    protected $tokenKey = 'access_token';

    /**
     * Initialise the resource server
     * @param  SessionInterface    $sessionStorage
     * @param  AccessTokenInteface $accessTokenStorage
     * @param  ClientInterface     $clientStorage
     * @param  ScopeInterface      $scopeStorage
     * @return self
     */
    public function __construct(
        SessionInterface $sessionStorage,
        AccessTokenInterface $accessTokenStorage,
        ClientInterface $clientStorage,
        ScopeInterface $scopeStorage
    ) {
        $this->setSessionStorage($sessionStorage);
        $this->setAccessTokenStorage($accessTokenStorage);
        $this->setClientStorage($clientStorage);
        $this->setScopeStorage($scopeStorage);

        // Set Bearer as the default token type
        $this->setTokenType(new Bearer);

        parent::__construct();

        return $this;
    }

    /**
     * Sets the query string key for the access token.
     * @param $key The new query string key
     * @return self
     */
    public function setIdKey($key)
    {
        $this->tokenKey = $key;

        return $this;
    }

    /**
     * Gets the access token
     * @return string
     */
    public function getAccessToken()
    {
        return $this->accessToken->getId();
    }

    /**
     * Checks if the access token is valid or not
     * @param $headersOnly Limit Access Token to Authorization header only
     * @return bool
     */
    public function isValidRequest($headersOnly = true, $accessToken = null)
    {
        $accessTokenString = ($accessToken !== null)
                                ? $accessToken
                                : $this->determineAccessToken($headersOnly);

        // Set the access token
        $this->accessToken = $this->getAccessTokenStorage()->get($accessTokenString);

        if (!$this->accessToken instanceof AccessTokenEntity) {
            throw new Exception\AccessDeniedException;
        }

        return true;
    }

    /**
     * Reads in the access token from the headers
     * @param $headersOnly Limit Access Token to Authorization header only
     * @throws Exception\MissingAccessTokenException Thrown if there is no access token presented
     * @return string
     */
    public function determineAccessToken($headersOnly = false)
    {
        if ($this->getRequest()->headers->get('Authorization') !== null) {
            $accessToken = $this->getTokenType()->determineAccessTokenInHeader($this->getRequest());
        } elseif ($headersOnly === false) {
            $accessToken = ($this->getRequest()->server->get('REQUEST_METHOD') === 'GET')
                                ? $this->getRequest()->query->get($this->tokenKey)
                                : $this->getRequest()->request->get($this->tokenKey);
        }

        if (empty($accessToken)) {
            throw new Exception\InvalidRequestException('access token');
        }

        return $accessToken;
    }
}
Starting the reorganization 2012-12-29 01:42:16 +05:30			`<?php`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`/**`
			`* OAuth 2.0 Resource Server`
			`*`
Too many changes to describe 2014-01-08 21:45:29 +05:30			`* @package league/oauth2-server`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`* @author Alex Bilbie <hello@alexbilbie.com>`
Updated copyright 2014-03-10 01:04:23 +05:30			`* @copyright Copyright (c) Alex Bilbie`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`* @license http://mit-license.org/`
Updated @link 2014-03-10 01:35:38 +05:30			`* @link https://github.com/thephpleague/oauth2-server`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`*/`
Starting the reorganization 2012-12-29 01:42:16 +05:30
Renamed AuthServer to Authorization, renamed ResourceServer to Resource. Updated all tests and other files 2013-05-09 00:12:23 +05:30			`namespace League\OAuth2\Server;`
Starting the reorganization 2012-12-29 01:42:16 +05:30
First commit of updated ResourceServer 2013-12-17 05:17:03 +05:30			`use League\OAuth2\Server\Storage\ClientInterface;`
Added abstract server 2014-01-10 23:00:12 +05:30			`use League\OAuth2\Server\Storage\AccessTokenInterface;`
			`use League\OAuth2\Server\Storage\SessionInterface;`
			`use League\OAuth2\Server\Storage\ScopeInterface;`
Updated with new entity names 2014-05-02 21:51:53 +05:30			`use League\OAuth2\Server\Entity\AccessTokenEntity;`
Use token type to determine access token in header 2014-05-07 21:51:24 +05:30			`use League\OAuth2\Server\TokenType\Bearer;`
Throw correct exception when access token is invalid 2014-05-08 14:59:40 +05:30			`use League\OAuth2\Server\Exception;`
First commit of updated ResourceServer 2013-12-17 05:17:03 +05:30			`use Symfony\Component\HttpFoundation\Request;`
Starting the reorganization 2012-12-29 01:42:16 +05:30
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`/**`
			`* OAuth 2.0 Resource Server`
			`*/`
Renamed Resource to ResourceServer 2014-02-24 20:13:26 +05:30			`class ResourceServer extends AbstractServer`
Starting the reorganization 2012-12-29 01:42:16 +05:30			`{`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`/**`
			`* The access token`
Removed generic getStorage method and replaced with distinct calls to getters 2014-11-07 07:50:06 +05:30			`* @var \League\OAuth2\Server\Entity\AccessTokenEntity`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`*/`
$accessToken should be protected not public 2014-01-17 22:46:52 +05:30			`protected $accessToken;`
Starting the reorganization 2012-12-29 01:42:16 +05:30
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`/**`
First commit of updated ResourceServer 2013-12-17 05:17:03 +05:30			`* The query string key which is used by clients to present the access token (default: access_token)`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`* @var string`
			`*/`
First commit of updated ResourceServer 2013-12-17 05:17:03 +05:30			`protected $tokenKey = 'access_token';`
Starting the reorganization 2012-12-29 01:42:16 +05:30
			`/**`
First commit of updated ResourceServer 2013-12-17 05:17:03 +05:30			`* Initialise the resource server`
More CS fixer changes 2014-05-03 15:23:57 +05:30			`* @param SessionInterface $sessionStorage`
			`* @param AccessTokenInteface $accessTokenStorage`
			`* @param ClientInterface $clientStorage`
			`* @param ScopeInterface $scopeStorage`
First commit of updated ResourceServer 2013-12-17 05:17:03 +05:30			`* @return self`
Starting the reorganization 2012-12-29 01:42:16 +05:30			`*/`
First commit of updated ResourceServer 2013-12-17 05:17:03 +05:30			`public function __construct(`
			`SessionInterface $sessionStorage,`
Added abstract server 2014-01-10 23:00:12 +05:30			`AccessTokenInterface $accessTokenStorage,`
			`ClientInterface $clientStorage,`
			`ScopeInterface $scopeStorage`
First commit of updated ResourceServer 2013-12-17 05:17:03 +05:30			`) {`
Removed generic getStorage method and replaced with distinct calls to getters 2014-11-07 07:50:06 +05:30			`$this->setSessionStorage($sessionStorage);`
			`$this->setAccessTokenStorage($accessTokenStorage);`
			`$this->setClientStorage($clientStorage);`
			`$this->setScopeStorage($scopeStorage);`
Added abstract server 2014-01-10 23:00:12 +05:30
Set default token type as bearer for Resource Server 2014-05-07 21:40:52 +05:30			`// Set Bearer as the default token type`
Fixed spelling mistake 2014-09-09 18:06:20 +05:30			`$this->setTokenType(new Bearer);`
Set default token type as bearer for Resource Server 2014-05-07 21:40:52 +05:30
Added league/event and implemented SessionOwnerEvent 2014-07-11 19:43:28 +05:30			`parent::__construct();`

First commit of updated ResourceServer 2013-12-17 05:17:03 +05:30			`return $this;`
Fixing Resource bugs and moving the Request dep to a setter. 2013-01-05 03:51:24 +05:30			`}`
Starting the reorganization 2012-12-29 01:42:16 +05:30
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`/**`
			`* Sets the query string key for the access token.`
			`* @param $key The new query string key`
First commit of updated ResourceServer 2013-12-17 05:17:03 +05:30			`* @return self`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`*/`
Lotsa bug fixes and updates 2014-07-11 22:57:03 +05:30			`public function setIdKey($key)`
Various bug fixes 2013-02-05 21:50:45 +05:30			`{`
			`$this->tokenKey = $key;`
More CS fixer changes 2014-05-03 15:23:57 +05:30
Make sure $this is returned 2013-11-26 05:28:42 +05:30			`return $this;`
Various bug fixes 2013-02-05 21:50:45 +05:30			`}`

Started adding some Server methods, adding some Util classes and adding a way to get the token from the Resource 2013-01-22 21:55:51 +05:30			`/**`
First commit of updated ResourceServer 2013-12-17 05:17:03 +05:30			`* Gets the access token`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`* @return string`
Started adding some Server methods, adding some Util classes and adding a way to get the token from the Resource 2013-01-22 21:55:51 +05:30			`*/`
			`public function getAccessToken()`
			`{`
Lotsa bug fixes and updates 2014-07-11 22:57:03 +05:30			`return $this->accessToken->getId();`
Started adding some Server methods, adding some Util classes and adding a way to get the token from the Resource 2013-01-22 21:55:51 +05:30			`}`

Updated with new entity names 2014-05-02 21:51:53 +05:30			`/**`
			`* Checks if the access token is valid or not`
			`* @param $headersOnly Limit Access Token to Authorization header only`
			`* @return bool`
			`*/`
			`public function isValidRequest($headersOnly = true, $accessToken = null)`
			`{`
PHPCS fixes 2014-05-03 15:38:33 +05:30			`$accessTokenString = ($accessToken !== null)`
			`? $accessToken`
Removed dead code 2014-11-07 07:06:12 +05:30			`: $this->determineAccessToken($headersOnly);`
Updated with new entity names 2014-05-02 21:51:53 +05:30
			`// Set the access token`
Removed generic getStorage method and replaced with distinct calls to getters 2014-11-07 07:50:06 +05:30			`$this->accessToken = $this->getAccessTokenStorage()->get($accessTokenString);`
More CS fixer changes 2014-05-03 15:23:57 +05:30
Throw correct exception when access token is invalid 2014-05-08 14:59:40 +05:30			`if (!$this->accessToken instanceof AccessTokenEntity) {`
			`throw new Exception\AccessDeniedException;`
			`}`

			`return true;`
Updated with new entity names 2014-05-02 21:51:53 +05:30			`}`

Fixing Resource bugs and moving the Request dep to a setter. 2013-01-05 03:51:24 +05:30			`/**`
First commit of updated ResourceServer 2013-12-17 05:17:03 +05:30			`* Reads in the access token from the headers`
This fixes #57. By passing in a conditional flag refering to headersOnly, the library would stil respect RFC6749 Section 7 and RFC6750 Section 2. 2013-05-28 09:57:30 +05:30			`* @param $headersOnly Limit Access Token to Authorization header only`
More CS fixer changes 2014-05-03 15:23:57 +05:30			`* @throws Exception\MissingAccessTokenException Thrown if there is no access token presented`
Fixing Resource bugs and moving the Request dep to a setter. 2013-01-05 03:51:24 +05:30			`* @return string`
			`*/`
Make determineAccessToken() public in order to check if an access token was sent before checking its validity. 2013-06-06 09:29:29 +05:30			`public function determineAccessToken($headersOnly = false)`
Starting the reorganization 2012-12-29 01:42:16 +05:30			`{`
Use token type to determine access token in header 2014-05-07 21:51:24 +05:30			`if ($this->getRequest()->headers->get('Authorization') !== null) {`
			`$accessToken = $this->getTokenType()->determineAccessTokenInHeader($this->getRequest());`
This fixes #57. By passing in a conditional flag refering to headersOnly, the library would stil respect RFC6749 Section 7 and RFC6750 Section 2. 2013-05-28 09:57:30 +05:30			`} elseif ($headersOnly === false) {`
Throw correct exception when access token is invalid 2014-05-08 14:59:40 +05:30			`$accessToken = ($this->getRequest()->server->get('REQUEST_METHOD') === 'GET')`
			`? $this->getRequest()->query->get($this->tokenKey)`
			`: $this->getRequest()->request->get($this->tokenKey);`
Starting the reorganization 2012-12-29 01:42:16 +05:30			`}`

Changed variable syntax style to be PSR2 2013-05-05 22:35:46 +05:30			`if (empty($accessToken)) {`
Updates to exceptions 2014-05-01 19:02:54 +05:30			`throw new Exception\InvalidRequestException('access token');`
Starting the reorganization 2012-12-29 01:42:16 +05:30			`}`

Changed variable syntax style to be PSR2 2013-05-05 22:35:46 +05:30			`return $accessToken;`
Starting the reorganization 2012-12-29 01:42:16 +05:30			`}`
			`}`