Multiple fixes

This commit is contained in:
Alex Bilbie 2016-02-12 14:18:52 +00:00
parent 1a5030200a
commit 85b9412813

View File

@ -3,6 +3,7 @@
namespace League\OAuth2\Server\Grant; namespace League\OAuth2\Server\Grant;
use DateInterval; use DateInterval;
use League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface;
use League\OAuth2\Server\Entities\Interfaces\UserEntityInterface; use League\OAuth2\Server\Entities\Interfaces\UserEntityInterface;
use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface; use League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface;
@ -11,6 +12,7 @@ use League\OAuth2\Server\Repositories\UserRepositoryInterface;
use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface; use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
use League\OAuth2\Server\Utils\KeyCrypt; use League\OAuth2\Server\Utils\KeyCrypt;
use League\Plates\Engine; use League\Plates\Engine;
use League\Event\Event;
use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Message\ServerRequestInterface;
use Zend\Diactoros\Response; use Zend\Diactoros\Response;
use Zend\Diactoros\Uri; use Zend\Diactoros\Uri;
@ -66,8 +68,12 @@ class AuthCodeGrant extends AbstractGrant
$this->refreshTokenRepository = $refreshTokenRepository; $this->refreshTokenRepository = $refreshTokenRepository;
$this->userRepository = $userRepository; $this->userRepository = $userRepository;
$this->authCodeTTL = $authCodeTTL; $this->authCodeTTL = $authCodeTTL;
$this->pathToLoginTemplate = $pathToLoginTemplate; $this->pathToLoginTemplate = ($pathToLoginTemplate === null)
$this->pathToAuthorizeTemplate = $pathToAuthorizeTemplate; ? __DIR__ . '/../ResponseTypes/DefaultTemplates/login_user.php'
: $this->pathToLoginTemplate;
$this->pathToAuthorizeTemplate = ($pathToLoginTemplate === null)
? __DIR__ . '/../ResponseTypes/DefaultTemplates/authorize_client.php'
: $this->pathToAuthorizeTemplate;
} }
@ -103,7 +109,7 @@ class AuthCodeGrant extends AbstractGrant
$this->getIdentifier() $this->getIdentifier()
); );
if (!$client instanceof ClientEntityInterface) { if ($client instanceof ClientEntityInterface === false) {
$this->emitter->emit(new Event('client.authentication.failed', $request)); $this->emitter->emit(new Event('client.authentication.failed', $request));
throw OAuthServerException::invalidClient(); throw OAuthServerException::invalidClient();
@ -120,23 +126,27 @@ class AuthCodeGrant extends AbstractGrant
); );
$userId = null; $userId = null;
$userHasApprovedClient = $userHasApprovedClient = $this->getRequestParameter('action', null); $userHasApprovedClient = null;
if ($this->getRequestParameter('action', $request, null) !== null) {
$userHasApprovedClient = ($this->getRequestParameter('action', $request) === 'approve');
}
// Check if the user has been validated // Check if the user has been authenticated
$oauthCookie = $this->getCookieParameter('oauth_authorize_request', $request, null); $oauthCookie = $this->getCookieParameter('oauth_authorize_request', $request, null);
if ($oauthCookie !== null) { if ($oauthCookie !== null) {
try { try {
$oauthCookiePayload = json_decode(KeyCrypt::decrypt($oauthCookie, $this->pathToPublicKey)); $oauthCookiePayload = json_decode(KeyCrypt::decrypt($oauthCookie, $this->pathToPublicKey));
$userId = $oauthCookiePayload->user_id; if (is_object($oauthCookiePayload)) {
$userHasApprovedClient = $oauthCookiePayload->client_is_authorized; $userId = $oauthCookiePayload->user_id;
}
} catch (\LogicException $e) { } catch (\LogicException $e) {
throw OAuthServerException::serverError($e->getMessage()); throw OAuthServerException::serverError($e->getMessage());
} }
} }
// The username + password might be available in $_POST // The username + password might be available in $_POST
$usernameParameter = $this->getRequestParameter('username', null); $usernameParameter = $this->getRequestParameter('username', $request, null);
$passwordParameter = $this->getRequestParameter('password', null); $passwordParameter = $this->getRequestParameter('password', $request, null);
$loginError = null; $loginError = null;
@ -156,11 +166,9 @@ class AuthCodeGrant extends AbstractGrant
// The user hasn't logged in yet so show a login form // The user hasn't logged in yet so show a login form
if ($userId === null) { if ($userId === null) {
$engine = new Engine(); $engine = new Engine(dirname($this->pathToLoginTemplate));
$html = $engine->render( $html = $engine->render(
($this->pathToLoginTemplate === null) 'login_user',
? __DIR__ . '/../ResponseTypes/DefaultTemplates/login_user.php'
: $this->pathToLoginTemplate,
[ [
'error' => $loginError, 'error' => $loginError,
'postback_uri' => (string) $postbackUri->withQuery($queryString), 'postback_uri' => (string) $postbackUri->withQuery($queryString),
@ -173,11 +181,9 @@ class AuthCodeGrant extends AbstractGrant
// The user hasn't approved the client yet so show an authorize form // The user hasn't approved the client yet so show an authorize form
if ($userId !== null && $userHasApprovedClient === null) { if ($userId !== null && $userHasApprovedClient === null) {
$engine = new Engine(); $engine = new Engine(dirname($this->pathToAuthorizeTemplate));
$html = $engine->render( $html = $engine->render(
($this->pathToLoginTemplate === null) 'authorize_client',
? __DIR__ . '/../ResponseTypes/DefaultTemplates/authorize_client.php'
: $this->pathToAuthorizeTemplate,
[ [
'client' => $client, 'client' => $client,
'scopes' => $scopes, 'scopes' => $scopes,
@ -191,13 +197,12 @@ class AuthCodeGrant extends AbstractGrant
[ [
'Set-Cookie' => sprintf( 'Set-Cookie' => sprintf(
'oauth_authorize_request=%s; Expires=%s', 'oauth_authorize_request=%s; Expires=%s',
KeyCrypt::encrypt( urlencode(KeyCrypt::encrypt(
json_encode([ json_encode([
'user_id' => $userId, 'user_id' => $userId,
'client_is_authorized' => null,
]), ]),
$this->pathToPrivateKey $this->pathToPrivateKey
), )),
(new \DateTime())->add(new \DateInterval('PT5M'))->format('D, d M Y H:i:s e') (new \DateTime())->add(new \DateInterval('PT5M'))->format('D, d M Y H:i:s e')
), ),
] ]
@ -308,8 +313,7 @@ class AuthCodeGrant extends AbstractGrant
{ {
return ( return (
( (
strtoupper($request->getMethod()) === 'GET' isset($request->getQueryParams()['response_type'])
&& isset($request->getQueryParams()['response_type'])
&& $request->getQueryParams()['response_type'] === 'code' && $request->getQueryParams()['response_type'] === 'code'
&& isset($request->getQueryParams()['client_id']) && isset($request->getQueryParams()['client_id'])
) || (parent::canRespondToRequest($request)) ) || (parent::canRespondToRequest($request))