diff --git a/examples/public/middleware_authentication.php b/examples/public/middleware_authentication.php index f9b525dc..d928e19d 100644 --- a/examples/public/middleware_authentication.php +++ b/examples/public/middleware_authentication.php @@ -1,5 +1,7 @@ generateHttpResponse($response); } catch (\Exception $exception) { - $response->getBody()->write($exception->getMessage()); + $body = new Stream('php://temp', 'r+'); + $body->write($exception->getMessage()); - return $response->withStatus(500); + return $response->withStatus(500)->withBody($body); } if (in_array($response->getStatusCode(), [400, 401, 500])) { diff --git a/src/Middleware/ResourceServerMiddleware.php b/src/Middleware/ResourceServerMiddleware.php index 1794cdce..0f0b20ae 100644 --- a/src/Middleware/ResourceServerMiddleware.php +++ b/src/Middleware/ResourceServerMiddleware.php @@ -6,6 +6,7 @@ use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Server; use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ServerRequestInterface; +use Zend\Diactoros\Stream; class ResourceServerMiddleware { @@ -34,13 +35,14 @@ class ResourceServerMiddleware public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next) { try { - $request = $this->server->getResponseType()->determineAccessTokenInHeader($request); + $request = $this->server->validateRequest($request); } catch (OAuthServerException $exception) { return $exception->generateHttpResponse($response); } catch (\Exception $exception) { - $response->getBody()->write($exception->getMessage()); + $body = new Stream('php://temp', 'r+'); + $body->write($exception->getMessage()); - return $response->withStatus(500); + return $response->withStatus(500)->withBody($body); } // Pass the request and response on to the next responder in the chain diff --git a/src/Server.php b/src/Server.php index c7639db3..4e7799d3 100644 --- a/src/Server.php +++ b/src/Server.php @@ -27,7 +27,7 @@ class Server implements EmitterAwareInterface protected $enabledGrantTypes = []; /** - * @var DateInterval[] + * @var \DateInterval[] */ protected $grantTypeAccessTokenTTL = []; @@ -91,7 +91,7 @@ class Server implements EmitterAwareInterface * Enable a grant type on the server * * @param \League\OAuth2\Server\Grant\GrantTypeInterface $grantType - * @param DateInterval $accessTokenTTL + * @param \DateInterval $accessTokenTTL */ public function enableGrantType(GrantTypeInterface $grantType, DateInterval $accessTokenTTL) { @@ -148,12 +148,26 @@ class Server implements EmitterAwareInterface return $tokenResponse->generateHttpResponse($response); } + /** + * Determine the access token validity + * + * @param \Psr\Http\Message\ServerRequestInterface $request + * + * @return \Psr\Http\Message\ServerRequestInterface + * + * @throws \League\OAuth2\Server\Exception\OAuthServerException + */ + public function validateRequest(ServerRequestInterface $request) + { + return $this->getResponseType()->determineAccessTokenInHeader($request); + } + /** * Get the token type that grants will return in the HTTP response * * @return ResponseTypeInterface */ - public function getResponseType() + protected function getResponseType() { if (!$this->responseType instanceof ResponseTypeInterface) { $this->responseType = new BearerTokenResponse(