oauth2-server/src/OAuth2/ResourceServer.php

245 lines
5.6 KiB
PHP
Raw Normal View History

2012-12-29 01:42:16 +05:30
<?php
/**
* OAuth 2.0 Resource Server
*
* @package lncd/oauth2
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) 2013 University of Lincoln
* @license http://mit-license.org/
* @link http://github.com/lncd/oauth2
*/
2012-12-29 01:42:16 +05:30
namespace OAuth2;
use OutOfBoundsException;
use OAuth2\Storage\SessionInterface;
2013-02-05 21:50:45 +05:30
use OAuth2\Util\RequestInterface;
2013-02-07 20:24:56 +05:30
use OAuth2\Util\Request;
2012-12-29 01:42:16 +05:30
/**
* OAuth 2.0 Resource Server
*/
class ResourceServer
2012-12-29 01:42:16 +05:30
{
/**
* The access token
* @var string
*/
2012-12-29 01:42:16 +05:30
protected $accessToken = null;
/**
* The session ID
* @var string
*/
2012-12-29 01:42:16 +05:30
protected $sessionId = null;
/**
* The type of the owner of the access token
* @var string
*/
2012-12-29 01:42:16 +05:30
protected $ownerType = null;
/**
* The ID of the owner of the access token
* @var string
*/
2012-12-29 01:42:16 +05:30
protected $ownerId = null;
/**
* The scopes associated with the access token
* @var array
*/
2012-12-29 01:42:16 +05:30
protected $sessionScopes = array();
/**
* The client, scope and session storage classes
* @var array
*/
2012-12-29 01:42:16 +05:30
protected $storages = array();
/**
* The request object
* @var Util\RequestInterface
*/
2012-12-29 01:42:16 +05:30
protected $request = null;
/**
* The query string key which is used by clients to present the access token (default: access_token)
* @var string
*/
protected $tokenKey = 'access_token';
2012-12-29 01:42:16 +05:30
/**
* Sets up the Resource
*
* @param SessionInterface The Session Storage Object
2012-12-29 01:42:16 +05:30
*/
2013-02-05 21:50:45 +05:30
public function __construct(SessionInterface $session)
2012-12-29 01:42:16 +05:30
{
$this->storages['session'] = $session;
}
2012-12-29 01:42:16 +05:30
/**
* Sets the Request Object
*
* @param RequestInterface The Request Object
*/
public function setRequest(RequestInterface $request)
{
2012-12-29 01:42:16 +05:30
$this->request = $request;
}
/**
* Gets the Request object. It will create one from the globals if one is not set.
*
* @return Util\RequestInterface
*/
public function getRequest()
{
if ($this->request === null) {
2013-02-05 21:50:45 +05:30
// @codeCoverageIgnoreStart
$this->request = Request::buildFromGlobals();
}
2013-02-05 21:50:45 +05:30
// @codeCoverageIgnoreEnd
return $this->request;
}
/**
* Returns the query string key for the access token.
*
* @return string
*/
2013-02-05 21:50:45 +05:30
public function getTokenKey()
{
return $this->tokenKey;
}
/**
* Sets the query string key for the access token.
*
* @param $key The new query string key
*/
2013-02-05 21:50:45 +05:30
public function setTokenKey($key)
{
$this->tokenKey = $key;
}
/**
* Gets the access token owner ID.
*
* @return string
*/
public function getOwnerId()
{
return $this->ownerId;
}
/**
* Gets the owner type.
*
* @return string
*/
public function getOwnerType()
{
2013-02-05 21:50:45 +05:30
return $this->ownerType;
}
/**
* Gets the access token.
*
* @return string
*/
public function getAccessToken()
{
return $this->accessToken;
}
2012-12-29 01:42:16 +05:30
/**
* Checks if the access token is valid or not.
2012-12-29 01:42:16 +05:30
*
* @throws Exception\InvalidAccessTokenException Thrown if the presented access token is not valid
2012-12-29 01:42:16 +05:30
* @return bool
*/
public function isValid()
{
$accessToken = $this->determineAccessToken();
2012-12-29 01:42:16 +05:30
$result = $this->storages['session']->validateAccessToken($accessToken);
2012-12-29 01:42:16 +05:30
if ( ! $result) {
throw new Exception\InvalidAccessTokenException('Access token is not valid');
2012-12-29 01:42:16 +05:30
}
$this->accessToken = $accessToken;
2013-05-05 22:41:01 +05:30
$this->sessionId = $result['session_id'];
$this->clientId = $result['client_id'];
2012-12-29 01:42:16 +05:30
$this->ownerType = $result['owner_type'];
$this->ownerId = $result['owner_id'];
2013-05-05 22:48:37 +05:30
$sessionScopes = $this->storages['session']->getScopes($this->accessToken);
foreach ($sessionScopes as $scope) {
$this->sessionScopes[] = $scope['key'];
}
2012-12-29 01:42:16 +05:30
return true;
}
2013-05-05 22:46:28 +05:30
/**
* Get the session scopes
* @return [type] [description]
*/
public function getScopes()
{
return $this->sessionScopes;
}
2012-12-29 01:42:16 +05:30
/**
* Checks if the presented access token has the given scope(s).
2012-12-29 01:42:16 +05:30
*
* @param array|string An array of scopes or a single scope as a string
* @return bool Returns bool if all scopes are found, false if any fail
2012-12-29 01:42:16 +05:30
*/
public function hasScope($scopes)
{
if (is_string($scopes)) {
if (in_array($scopes, $this->sessionScopes)) {
return true;
}
return false;
} elseif (is_array($scopes)) {
foreach ($scopes as $scope) {
if ( ! in_array($scope, $this->sessionScopes)) {
return false;
}
}
return true;
}
return false;
}
/**
* Reads in the access token from the headers.
*
* @throws Exception\MissingAccessTokenException Thrown if there is no access token presented
* @return string
*/
2012-12-29 01:42:16 +05:30
protected function determineAccessToken()
{
if ($header = $this->getRequest()->header('Authorization')) {
$accessToken = trim(str_replace('Bearer', '', $header));
2012-12-29 01:42:16 +05:30
} else {
$method = $this->getRequest()->server('REQUEST_METHOD');
$accessToken = $this->getRequest()->{$method}($this->tokenKey);
2012-12-29 01:42:16 +05:30
}
if (empty($accessToken)) {
2013-02-08 17:10:33 +05:30
throw new Exception\InvalidAccessTokenException('Access token is missing');
2012-12-29 01:42:16 +05:30
}
return $accessToken;
2012-12-29 01:42:16 +05:30
}
}