mirror of
https://github.com/elyby/oauth2-server.git
synced 2025-05-31 14:12:07 +05:30
Checkin
This commit is contained in:
Alex Bilbie
@@ -18,6 +18,7 @@ use League\OAuth2\Server\Exception;
|
||||
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
|
||||
use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
|
||||
use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
|
||||
/**
|
||||
* Abstract grant class
|
||||
@@ -39,7 +40,7 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
protected $respondsWith = 'token';
|
||||
|
||||
/**
|
||||
* @var \Symfony\Component\HttpFoundation\Request
|
||||
* @var ServerRequestInterface
|
||||
*/
|
||||
protected $request;
|
||||
|
||||
@@ -64,18 +65,15 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
protected $scopeRepository;
|
||||
|
||||
/**
|
||||
* @param \League\Event\Emitter $emitter
|
||||
* @param \League\OAuth2\Server\Repositories\ClientRepositoryInterface $clientRepository
|
||||
* @param \League\OAuth2\Server\Repositories\ScopeRepositoryInterface $scopeRepository
|
||||
* @param \League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface $accessTokenRepository
|
||||
*/
|
||||
public function __construct(
|
||||
Emitter $emitter,
|
||||
ClientRepositoryInterface $clientRepository,
|
||||
ScopeRepositoryInterface $scopeRepository,
|
||||
AccessTokenRepositoryInterface $accessTokenRepository
|
||||
) {
|
||||
$this->emitter = $emitter;
|
||||
$this->clientRepository = $clientRepository;
|
||||
$this->scopeRepository = $scopeRepository;
|
||||
$this->accessTokenRepository = $accessTokenRepository;
|
||||
@@ -98,8 +96,8 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $scopeParamValue A string containing a delimited set of scope identifiers
|
||||
* @param string $scopeDelimiter The delimiter between the scopes in the value string
|
||||
* @param string $scopeParamValue A string containing a delimited set of scope identifiers
|
||||
* @param string $scopeDelimiterString The delimiter between the scopes in the value string
|
||||
* @param ClientEntityInterface $client
|
||||
* @param string $redirectUri
|
||||
*
|
||||
@@ -108,18 +106,16 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
*/
|
||||
public function validateScopes(
|
||||
$scopeParamValue,
|
||||
$scopeDelimiter,
|
||||
$scopeDelimiterString,
|
||||
ClientEntityInterface $client,
|
||||
$redirectUri = null
|
||||
) {
|
||||
$scopesList = explode($scopeDelimiter, trim($scopeParamValue));
|
||||
|
||||
for ($i = 0; $i < count($scopesList); $i++) {
|
||||
$scopesList[$i] = trim($scopesList[$i]);
|
||||
if ($scopesList[$i] === '') {
|
||||
unset($scopesList[$i]); // Remove any junk scopes
|
||||
$scopesList = array_filter(
|
||||
explode($scopeDelimiterString, trim($scopeParamValue)),
|
||||
function ($scope) {
|
||||
return !empty($scope);
|
||||
}
|
||||
}
|
||||
);
|
||||
|
||||
$scopes = [];
|
||||
foreach ($scopesList as $scopeItem) {
|
||||
@@ -138,4 +134,12 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
|
||||
return $scopes;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param Emitter $emitter
|
||||
*/
|
||||
public function setEmitter(Emitter $emitter)
|
||||
{
|
||||
$this->emitter = $emitter;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -222,7 +222,7 @@ class AuthCodeGrant extends AbstractGrant
|
||||
// Get the required params
|
||||
$clientId = $request->request->get('client_id', $request->getUser());
|
||||
if (is_null($clientId)) {
|
||||
throw new InvalidRequestException('client_id');
|
||||
throw new InvalidRequestException('client_id', '');
|
||||
}
|
||||
|
||||
$clientSecret = $request->request->get('client_secret',
|
||||
|
||||
@@ -18,7 +18,7 @@ use League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface;
|
||||
use League\OAuth2\Server\Exception;
|
||||
use League\OAuth2\Server\TokenTypes\TokenTypeInterface;
|
||||
use League\OAuth2\Server\Utils\SecureKey;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
|
||||
/**
|
||||
* Client credentials grant class
|
||||
@@ -35,7 +35,7 @@ class ClientCredentialsGrant extends AbstractGrant
|
||||
/**
|
||||
* Return an access token
|
||||
*
|
||||
* @param \Symfony\Component\HttpFoundation\Request $request
|
||||
* @param \Psr\Http\Message\ServerRequestInterface $request
|
||||
* @param \League\OAuth2\Server\TokenTypes\TokenTypeInterface $tokenType
|
||||
* @param \DateInterval $accessTokenTTL
|
||||
* @param string $scopeDelimiter
|
||||
@@ -45,19 +45,29 @@ class ClientCredentialsGrant extends AbstractGrant
|
||||
* @throws \League\OAuth2\Server\Exception\InvalidRequestException
|
||||
* @throws \League\OAuth2\Server\Exception\InvalidScopeException
|
||||
*/
|
||||
public function getAccessTokenAsType(
|
||||
Request $request,
|
||||
public function respondToRequest(
|
||||
ServerRequestInterface $request,
|
||||
TokenTypeInterface $tokenType,
|
||||
DateInterval $accessTokenTTL,
|
||||
$scopeDelimiter = ' '
|
||||
) {
|
||||
// Get the required params
|
||||
$clientId = $request->request->get('client_id', $request->getUser());
|
||||
$clientId = isset($request->getParsedBody()['client_id'])
|
||||
? $request->getParsedBody()['client_id'] // $_POST['client_id']
|
||||
: isset($request->getServerParams()['PHP_AUTH_USER'])
|
||||
? $request->getServerParams()['PHP_AUTH_USER'] // $_SERVER['PHP_AUTH_USER']
|
||||
: null;
|
||||
|
||||
if (is_null($clientId)) {
|
||||
throw new Exception\InvalidRequestException('client_id');
|
||||
}
|
||||
|
||||
$clientSecret = $request->request->get('client_secret', $request->getPassword());
|
||||
$clientSecret = isset($request->getParsedBody()['client_secret'])
|
||||
? $request->getParsedBody()['client_secret'] // $_POST['client_id']
|
||||
: isset($request->getServerParams()['PHP_AUTH_PW'])
|
||||
? $request->getServerParams()['PHP_AUTH_PW'] // $_SERVER['PHP_AUTH_USER']
|
||||
: null;
|
||||
|
||||
if (is_null($clientSecret)) {
|
||||
throw new Exception\InvalidRequestException('client_secret');
|
||||
}
|
||||
@@ -76,14 +86,15 @@ class ClientCredentialsGrant extends AbstractGrant
|
||||
}
|
||||
|
||||
// Validate any scopes that are in the request
|
||||
$scopeParam = $request->request->get('scope', '');
|
||||
$scopeParam = isset($request->getParsedBody()['scope'])
|
||||
? $request->getParsedBody()['scope'] // $_POST['scope']
|
||||
: '';
|
||||
$scopes = $this->validateScopes($scopeParam, $scopeDelimiter, $client);
|
||||
|
||||
// Generate an access token
|
||||
$accessToken = new AccessTokenEntity();
|
||||
$accessToken->setIdentifier(SecureKey::generate());
|
||||
$expirationDateTime = (new \DateTime())->add($accessTokenTTL);
|
||||
$accessToken->setExpiryDateTime($expirationDateTime);
|
||||
$accessToken->setExpiryDateTime((new \DateTime())->add($accessTokenTTL));
|
||||
$accessToken->setClient($client);
|
||||
$accessToken->setOwner('client', $client->getIdentifier());
|
||||
|
||||
@@ -100,4 +111,28 @@ class ClientCredentialsGrant extends AbstractGrant
|
||||
|
||||
return $tokenType;
|
||||
}
|
||||
|
||||
/**
|
||||
* The grant type should return true if it is able to respond to this request.
|
||||
*
|
||||
* For example most grant types will check that the $_POST['grant_type'] property matches it's identifier property.
|
||||
*
|
||||
* Some grants, such as the authorization code grant can respond to multiple requests
|
||||
* - i.e. a client requesting an authorization code and requesting an access token
|
||||
*
|
||||
* @param \Psr\Http\Message\ServerRequestInterface $request
|
||||
*
|
||||
* @return boolean
|
||||
*/
|
||||
public function canRespondToRequest(ServerRequestInterface $request)
|
||||
{
|
||||
if (
|
||||
isset($request->getParsedBody()['grant_type'])
|
||||
&& $request->getParsedBody()['grant_type'] === 'client_credentials'
|
||||
) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -12,8 +12,9 @@
|
||||
namespace League\OAuth2\Server\Grant;
|
||||
|
||||
use DateInterval;
|
||||
use League\Event\Emitter;
|
||||
use League\OAuth2\Server\TokenTypes\TokenTypeInterface;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
|
||||
/**
|
||||
* Grant type interface
|
||||
@@ -37,17 +38,38 @@ interface GrantTypeInterface
|
||||
/**
|
||||
* Return an access token
|
||||
*
|
||||
* @param \Symfony\Component\HttpFoundation\Request $request
|
||||
* @param \Psr\Http\Message\ServerRequestInterface $request
|
||||
* @param \League\OAuth2\Server\TokenTypes\TokenTypeInterface $tokenType
|
||||
* @param \DateInterval $accessTokenTTL
|
||||
* @param string $scopeDelimiter
|
||||
*
|
||||
* @return \League\OAuth2\Server\TokenTypes\TokenTypeInterface
|
||||
*/
|
||||
public function getAccessTokenAsType(
|
||||
Request $request,
|
||||
public function respondToRequest(
|
||||
ServerRequestInterface $request,
|
||||
TokenTypeInterface $tokenType,
|
||||
DateInterval $accessTokenTTL,
|
||||
$scopeDelimiter = ' '
|
||||
);
|
||||
|
||||
/**
|
||||
* The grant type should return true if it is able to respond to this request.
|
||||
*
|
||||
* For example most grant types will check that the $_POST['grant_type'] property matches it's identifier property.
|
||||
*
|
||||
* Some grants, such as the authorization code grant can respond to multiple requests
|
||||
* - i.e. a client requesting an authorization code and requesting an access token
|
||||
*
|
||||
* @param \Psr\Http\Message\ServerRequestInterface $request
|
||||
*
|
||||
* @return boolean
|
||||
*/
|
||||
public function canRespondToRequest(ServerRequestInterface $request);
|
||||
|
||||
/**
|
||||
* Set the event emitter
|
||||
*
|
||||
* @param \League\Event\Emitter $emitter
|
||||
*/
|
||||
public function setEmitter(Emitter $emitter);
|
||||
}
|
||||
|
||||
@@ -19,7 +19,7 @@ use League\OAuth2\Server\Exception;
|
||||
use League\OAuth2\Server\Util\SecureKey;
|
||||
|
||||
/**
|
||||
* Referesh token grant
|
||||
* Refresh token grant
|
||||
*/
|
||||
class RefreshTokenGrant extends AbstractGrant
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user