oauth2-server/src/ResourceServer.php

<?php
/**
 * OAuth 2.0 Resource Server
 *
 * @package     league/oauth2-server
 * @author      Alex Bilbie <hello@alexbilbie.com>
 * @copyright   Copyright (c) Alex Bilbie
 * @license     http://mit-license.org/
 * @link        https://github.com/thephpleague/oauth2-server
 */

namespace League\OAuth2\Server;

use League\OAuth2\Server\Entity\AccessTokenEntity;
use League\OAuth2\Server\Exception\AccessDeniedException;
use League\OAuth2\Server\Exception\InvalidRequestException;
use League\OAuth2\Server\Storage\AccessTokenInterface;
use League\OAuth2\Server\Storage\ClientInterface;
use League\OAuth2\Server\Storage\ScopeInterface;
use League\OAuth2\Server\Storage\SessionInterface;
use League\OAuth2\Server\TokenType\Bearer;

/**
 * OAuth 2.0 Resource Server
 */
class ResourceServer extends AbstractServer
{
    /**
     * The access token
     *
     * @var \League\OAuth2\Server\Entity\AccessTokenEntity
     */
    protected $accessToken;

    /**
     * The query string key which is used by clients to present the access token (default: access_token)
     *
     * @var string
     */
    protected $tokenKey = 'access_token';

    /**
     * Initialise the resource server
     *
     * @param \League\OAuth2\Server\Storage\SessionInterface     $sessionStorage
     * @param \League\OAuth2\Server\Storage\AccessTokenInterface $accessTokenStorage
     * @param \League\OAuth2\Server\Storage\ClientInterface      $clientStorage
     * @param \League\OAuth2\Server\Storage\ScopeInterface       $scopeStorage
     *
     * @return self
     */
    public function __construct(
        SessionInterface $sessionStorage,
        AccessTokenInterface $accessTokenStorage,
        ClientInterface $clientStorage,
        ScopeInterface $scopeStorage
    ) {
        $this->setSessionStorage($sessionStorage);
        $this->setAccessTokenStorage($accessTokenStorage);
        $this->setClientStorage($clientStorage);
        $this->setScopeStorage($scopeStorage);

        // Set Bearer as the default token type
        $this->setTokenType(new Bearer());

        parent::__construct();

        return $this;
    }

    /**
     * Sets the query string key for the access token.
     *
     * @param string $key The new query string key
     *
     * @return self
     */
    public function setIdKey($key)
    {
        $this->tokenKey = $key;

        return $this;
    }

    /**
     * Gets the access token
     *
     * @return \League\OAuth2\Server\Entity\AccessTokenEntity
     */
    public function getAccessToken()
    {
        return $this->accessToken;
    }

    /**
     * Checks if the access token is valid or not
     *
     * @param bool                                                $headerOnly Limit Access Token to Authorization header
     * @param \League\OAuth2\Server\Entity\AccessTokenEntity|null $accessToken Access Token
     *
     * @return bool
     *
     * @throws \League\OAuth2\Server\Exception\AccessDeniedException
     */
    public function isValidRequest($headerOnly = true, $accessToken = null)
    {
        $accessTokenString = ($accessToken !== null)
                                ? $accessToken
                                : $this->determineAccessToken($headerOnly);

        // Set the access token
        $this->accessToken = $this->getAccessTokenStorage()->get($accessTokenString);

        // Ensure the access token exists
        if (!$this->accessToken instanceof AccessTokenEntity) {
            throw new AccessDeniedException();
        }

        // Check the access token hasn't expired
        // Ensure the auth code hasn't expired
        if ($this->accessToken->isExpired() === true) {
            throw new AccessDeniedException();
        }

        return true;
    }

    /**
     * Reads in the access token from the headers
     *
     * @param bool $headerOnly Limit Access Token to Authorization header
     *
     * @throws \League\OAuth2\Server\Exception\InvalidRequestException Thrown if there is no access token presented
     *
     * @return string
     */
    public function determineAccessToken($headerOnly = false)
    {
        if ($this->getRequest()->headers->get('Authorization') !== null) {
            $accessToken = $this->getTokenType()->determineAccessTokenInHeader($this->getRequest());
        } elseif ($headerOnly === false) {
            $accessToken = ($this->getRequest()->server->get('REQUEST_METHOD') === 'GET')
                                ? $this->getRequest()->query->get($this->tokenKey)
                                : $this->getRequest()->request->get($this->tokenKey);
        }

        if (empty($accessToken)) {
            throw new InvalidRequestException('access token');
        }

        return $accessToken;
    }
}
Starting the reorganization 2012-12-28 15:12:16 -05:00			`<?php`
Updated docblocks for the two main classes 2013-02-12 20:33:23 +00:00			`/**`
			`* OAuth 2.0 Resource Server`
			`*`
Too many changes to describe 2014-01-08 16:15:29 +00:00			`* @package league/oauth2-server`
Updated docblocks for the two main classes 2013-02-12 20:33:23 +00:00			`* @author Alex Bilbie <hello@alexbilbie.com>`
Updated copyright 2014-03-09 19:34:23 +00:00			`* @copyright Copyright (c) Alex Bilbie`
Updated docblocks for the two main classes 2013-02-12 20:33:23 +00:00			`* @license http://mit-license.org/`
Updated @link 2014-03-09 20:05:38 +00:00			`* @link https://github.com/thephpleague/oauth2-server`
Updated docblocks for the two main classes 2013-02-12 20:33:23 +00:00			`*/`
Starting the reorganization 2012-12-28 15:12:16 -05:00
Renamed AuthServer to Authorization, renamed ResourceServer to Resource. Updated all tests and other files 2013-05-08 11:42:23 -07:00			`namespace League\OAuth2\Server;`
Starting the reorganization 2012-12-28 15:12:16 -05:00
CS fixes 2014-11-08 18:26:12 +00:00			`use League\OAuth2\Server\Entity\AccessTokenEntity;`
Boyscouting the php docs to always use FQCNs 2015-01-23 11:13:41 +01:00			`use League\OAuth2\Server\Exception\AccessDeniedException;`
			`use League\OAuth2\Server\Exception\InvalidRequestException;`
Added abstract server 2014-01-10 17:30:12 +00:00			`use League\OAuth2\Server\Storage\AccessTokenInterface;`
CS fixes 2014-11-08 18:26:12 +00:00			`use League\OAuth2\Server\Storage\ClientInterface;`
Added abstract server 2014-01-10 17:30:12 +00:00			`use League\OAuth2\Server\Storage\ScopeInterface;`
CS fixes 2014-11-08 18:26:12 +00:00			`use League\OAuth2\Server\Storage\SessionInterface;`
Use token type to determine access token in header 2014-05-07 17:21:24 +01:00			`use League\OAuth2\Server\TokenType\Bearer;`
Starting the reorganization 2012-12-28 15:12:16 -05:00
Updated docblocks for the two main classes 2013-02-12 20:33:23 +00:00			`/**`
			`* OAuth 2.0 Resource Server`
			`*/`
Renamed Resource to ResourceServer 2014-02-24 14:43:26 +00:00			`class ResourceServer extends AbstractServer`
Starting the reorganization 2012-12-28 15:12:16 -05:00			`{`
Updated docblocks for the two main classes 2013-02-12 20:33:23 +00:00			`/**`
			`* The access token`
CS fixes 2014-12-10 13:10:35 +00:00			`*`
Removed generic getStorage method and replaced with distinct calls to getters 2014-11-07 02:20:06 +00:00			`* @var \League\OAuth2\Server\Entity\AccessTokenEntity`
Updated docblocks for the two main classes 2013-02-12 20:33:23 +00:00			`*/`
$accessToken should be protected not public 2014-01-17 17:16:52 +00:00			`protected $accessToken;`
Starting the reorganization 2012-12-28 15:12:16 -05:00
Updated docblocks for the two main classes 2013-02-12 20:33:23 +00:00			`/**`
First commit of updated ResourceServer 2013-12-16 23:47:03 +00:00			`* The query string key which is used by clients to present the access token (default: access_token)`
CS fixes 2014-12-10 13:10:35 +00:00			`*`
Updated docblocks for the two main classes 2013-02-12 20:33:23 +00:00			`* @var string`
			`*/`
First commit of updated ResourceServer 2013-12-16 23:47:03 +00:00			`protected $tokenKey = 'access_token';`
Starting the reorganization 2012-12-28 15:12:16 -05:00
			`/**`
First commit of updated ResourceServer 2013-12-16 23:47:03 +00:00			`* Initialise the resource server`
CS fixes 2014-12-10 13:10:35 +00:00			`*`
Boyscouting the php docs to always use FQCNs 2015-01-23 11:13:41 +01:00			`* @param \League\OAuth2\Server\Storage\SessionInterface $sessionStorage`
			`* @param \League\OAuth2\Server\Storage\AccessTokenInterface $accessTokenStorage`
			`* @param \League\OAuth2\Server\Storage\ClientInterface $clientStorage`
			`* @param \League\OAuth2\Server\Storage\ScopeInterface $scopeStorage`
CS fixes 2014-12-10 13:10:35 +00:00			`*`
First commit of updated ResourceServer 2013-12-16 23:47:03 +00:00			`* @return self`
Starting the reorganization 2012-12-28 15:12:16 -05:00			`*/`
First commit of updated ResourceServer 2013-12-16 23:47:03 +00:00			`public function __construct(`
			`SessionInterface $sessionStorage,`
Added abstract server 2014-01-10 17:30:12 +00:00			`AccessTokenInterface $accessTokenStorage,`
			`ClientInterface $clientStorage,`
			`ScopeInterface $scopeStorage`
First commit of updated ResourceServer 2013-12-16 23:47:03 +00:00			`) {`
Removed generic getStorage method and replaced with distinct calls to getters 2014-11-07 02:20:06 +00:00			`$this->setSessionStorage($sessionStorage);`
			`$this->setAccessTokenStorage($accessTokenStorage);`
			`$this->setClientStorage($clientStorage);`
			`$this->setScopeStorage($scopeStorage);`
Added abstract server 2014-01-10 17:30:12 +00:00
Set default token type as bearer for Resource Server 2014-05-07 17:10:52 +01:00			`// Set Bearer as the default token type`
CS fixes 2014-11-08 18:26:12 +00:00			`$this->setTokenType(new Bearer());`
Set default token type as bearer for Resource Server 2014-05-07 17:10:52 +01:00
Added league/event and implemented SessionOwnerEvent 2014-07-11 15:13:28 +01:00			`parent::__construct();`

First commit of updated ResourceServer 2013-12-16 23:47:03 +00:00			`return $this;`
Fixing Resource bugs and moving the Request dep to a setter. 2013-01-04 17:21:24 -05:00			`}`
Starting the reorganization 2012-12-28 15:12:16 -05:00
Updated docblocks for the two main classes 2013-02-12 20:33:23 +00:00			`/**`
			`* Sets the query string key for the access token.`
CS fixes 2014-12-10 13:10:35 +00:00			`*`
Docbloc improvements 2014-11-12 18:10:29 +00:00			`* @param string $key The new query string key`
CS fixes 2014-12-10 13:10:35 +00:00			`*`
First commit of updated ResourceServer 2013-12-16 23:47:03 +00:00			`* @return self`
Updated docblocks for the two main classes 2013-02-12 20:33:23 +00:00			`*/`
Lotsa bug fixes and updates 2014-07-11 18:27:03 +01:00			`public function setIdKey($key)`
Various bug fixes 2013-02-05 16:20:45 +00:00			`{`
			`$this->tokenKey = $key;`
More CS fixer changes 2014-05-03 10:53:57 +01:00
Make sure $this is returned 2013-11-25 23:58:42 +00:00			`return $this;`
Various bug fixes 2013-02-05 16:20:45 +00:00			`}`

Started adding some Server methods, adding some Util classes and adding a way to get the token from the Resource 2013-01-22 11:25:51 -05:00			`/**`
First commit of updated ResourceServer 2013-12-16 23:47:03 +00:00			`* Gets the access token`
CS fixes 2014-12-10 13:10:35 +00:00			`*`
Update ResourceServer.php 2014-11-09 09:45:20 +01:00			`* @return \League\OAuth2\Server\Entity\AccessTokenEntity`
Started adding some Server methods, adding some Util classes and adding a way to get the token from the Resource 2013-01-22 11:25:51 -05:00			`*/`
			`public function getAccessToken()`
			`{`
Update ResourceServer.php 2014-11-09 09:45:20 +01:00			`return $this->accessToken;`
Started adding some Server methods, adding some Util classes and adding a way to get the token from the Resource 2013-01-22 11:25:51 -05:00			`}`

Updated with new entity names 2014-05-02 17:21:53 +01:00			`/**`
			`* Checks if the access token is valid or not`
CS fixes 2014-12-10 13:10:35 +00:00			`*`
Boyscouting the php docs to always use FQCNs 2015-01-23 11:13:41 +01:00			`* @param bool $headerOnly Limit Access Token to Authorization header`
			`* @param \League\OAuth2\Server\Entity\AccessTokenEntity\|null $accessToken Access Token`
Docbloc improvements 2014-11-12 18:10:29 +00:00			`*`
Updated with new entity names 2014-05-02 17:21:53 +01:00			`* @return bool`
Docbloc improvements 2014-11-12 18:10:29 +00:00			`*`
Boyscouting the php docs to always use FQCNs 2015-01-23 11:13:41 +01:00			`* @throws \League\OAuth2\Server\Exception\AccessDeniedException`
Updated with new entity names 2014-05-02 17:21:53 +01:00			`*/`
Boyscouting the php docs to always use FQCNs 2015-01-23 11:13:41 +01:00			`public function isValidRequest($headerOnly = true, $accessToken = null)`
Updated with new entity names 2014-05-02 17:21:53 +01:00			`{`
PHPCS fixes 2014-05-03 11:08:33 +01:00			`$accessTokenString = ($accessToken !== null)`
			`? $accessToken`
Boyscouting the php docs to always use FQCNs 2015-01-23 11:13:41 +01:00			`: $this->determineAccessToken($headerOnly);`
Updated with new entity names 2014-05-02 17:21:53 +01:00
			`// Set the access token`
Removed generic getStorage method and replaced with distinct calls to getters 2014-11-07 02:20:06 +00:00			`$this->accessToken = $this->getAccessTokenStorage()->get($accessTokenString);`
More CS fixer changes 2014-05-03 10:53:57 +01:00
Fix #231 2014-11-08 16:44:39 +00:00			`// Ensure the access token exists`
Throw correct exception when access token is invalid 2014-05-08 10:29:40 +01:00			`if (!$this->accessToken instanceof AccessTokenEntity) {`
Boyscouting the php docs to always use FQCNs 2015-01-23 11:13:41 +01:00			`throw new AccessDeniedException();`
Fix #231 2014-11-08 16:44:39 +00:00			`}`

			`// Check the access token hasn't expired`
			`// Ensure the auth code hasn't expired`
			`if ($this->accessToken->isExpired() === true) {`
Boyscouting the php docs to always use FQCNs 2015-01-23 11:13:41 +01:00			`throw new AccessDeniedException();`
Throw correct exception when access token is invalid 2014-05-08 10:29:40 +01:00			`}`

			`return true;`
Updated with new entity names 2014-05-02 17:21:53 +01:00			`}`

Fixing Resource bugs and moving the Request dep to a setter. 2013-01-04 17:21:24 -05:00			`/**`
First commit of updated ResourceServer 2013-12-16 23:47:03 +00:00			`* Reads in the access token from the headers`
CS fixes 2014-12-10 13:10:35 +00:00			`*`
Boyscouting the php docs to always use FQCNs 2015-01-23 11:13:41 +01:00			`* @param bool $headerOnly Limit Access Token to Authorization header`
CS fixes 2014-12-10 13:10:35 +00:00			`*`
Boyscouting the php docs to always use FQCNs 2015-01-23 11:13:41 +01:00			`* @throws \League\OAuth2\Server\Exception\InvalidRequestException Thrown if there is no access token presented`
CS fixes 2014-12-10 13:10:35 +00:00			`*`
Fixing Resource bugs and moving the Request dep to a setter. 2013-01-04 17:21:24 -05:00			`* @return string`
			`*/`
Boyscouting the php docs to always use FQCNs 2015-01-23 11:13:41 +01:00			`public function determineAccessToken($headerOnly = false)`
Starting the reorganization 2012-12-28 15:12:16 -05:00			`{`
Use token type to determine access token in header 2014-05-07 17:21:24 +01:00			`if ($this->getRequest()->headers->get('Authorization') !== null) {`
			`$accessToken = $this->getTokenType()->determineAccessTokenInHeader($this->getRequest());`
Boyscouting the php docs to always use FQCNs 2015-01-23 11:13:41 +01:00			`} elseif ($headerOnly === false) {`
Throw correct exception when access token is invalid 2014-05-08 10:29:40 +01:00			`$accessToken = ($this->getRequest()->server->get('REQUEST_METHOD') === 'GET')`
			`? $this->getRequest()->query->get($this->tokenKey)`
			`: $this->getRequest()->request->get($this->tokenKey);`
Starting the reorganization 2012-12-28 15:12:16 -05:00			`}`

Changed variable syntax style to be PSR2 2013-05-05 18:05:46 +01:00			`if (empty($accessToken)) {`
Boyscouting the php docs to always use FQCNs 2015-01-23 11:13:41 +01:00			`throw new InvalidRequestException('access token');`
Starting the reorganization 2012-12-28 15:12:16 -05:00			`}`

Changed variable syntax style to be PSR2 2013-05-05 18:05:46 +01:00			`return $accessToken;`
Starting the reorganization 2012-12-28 15:12:16 -05:00			`}`
			`}`