oauth2-server/src/ResourceServer.php

<?php
/**
 * OAuth 2.0 Resource Server
 *
 * @package     league/oauth2-server
 * @author      Alex Bilbie <hello@alexbilbie.com>
 * @copyright   Copyright (c) Alex Bilbie
 * @license     http://mit-license.org/
 * @link        https://github.com/thephpleague/oauth2-server
 */

namespace League\OAuth2\Server;

use League\OAuth2\Server\Storage\ClientInterface;
use League\OAuth2\Server\Storage\AccessTokenInterface;
use League\OAuth2\Server\Storage\SessionInterface;
use League\OAuth2\Server\Storage\ScopeInterface;
use League\OAuth2\Server\Entity\AccessTokenEntity;
use League\OAuth2\Server\TokenType\Bearer;
use League\OAuth2\Server\Exception;
use Symfony\Component\HttpFoundation\Request;

/**
 * OAuth 2.0 Resource Server
 */
class ResourceServer extends AbstractServer
{
    /**
     * The access token
     * @var League\OAuth2\Server\AccessToken
     */
    protected $accessToken;

    /**
     * The query string key which is used by clients to present the access token (default: access_token)
     * @var string
     */
    protected $tokenKey = 'access_token';

    /**
     * Initialise the resource server
     * @param  SessionInterface    $sessionStorage
     * @param  AccessTokenInteface $accessTokenStorage
     * @param  ClientInterface     $clientStorage
     * @param  ScopeInterface      $scopeStorage
     * @return self
     */
    public function __construct(
        SessionInterface $sessionStorage,
        AccessTokenInterface $accessTokenStorage,
        ClientInterface $clientStorage,
        ScopeInterface $scopeStorage
    ) {
        $sessionStorage->setServer($this);
        $this->setStorage('session', $sessionStorage);

        $accessTokenStorage->setServer($this);
        $this->setStorage('access_token', $accessTokenStorage);

        $clientStorage->setServer($this);
        $this->setStorage('client', $clientStorage);

        $scopeStorage->setServer($this);
        $this->setStorage('scope', $scopeStorage);

        // Set Bearer as the default token type
        $this->setTokenType(new Bearer);

        return $this;
    }

    /**
     * Set the storage
     * @param  string $type    Storage type
     * @param  mixed  $storage Storage class
     * @return self
     */
    protected function setStorage($type, $storage)
    {
        $storage->setServer($this);
        $this->storages[$type] = $storage;

        return $this;
    }

    /**
     * Returns the query string key for the access token.
     * @return string
     */
    public function getTokenKey()
    {
        return $this->tokenKey;
    }

    /**
     * Sets the query string key for the access token.
     * @param $key The new query string key
     * @return self
     */
    public function setTokenKey($key)
    {
        $this->tokenKey = $key;

        return $this;
    }

    /**
     * Gets the access token owner ID
     * @return string
     */
    public function getOwnerId()
    {
        return $this->accessToken->getSession()->getOwnerId();
    }

    /**
     * Gets the owner type
     * @return string
     */
    public function getOwnerType()
    {
        return $this->accessToken->getSession()->getOwnerType();
    }

    /**
     * Gets the access token
     * @return string
     */
    public function getAccessToken()
    {
        return $this->accessToken->getToken();
    }

    /**
     * Gets the client ID that created the session
     * @return string
     */
    public function getClientId()
    {
        return $this->accessToken->getSession()->getClient()->getId();
    }

    /**
     * Get the session scopes
     * @return array
     */
    public function getScopes()
    {
        return $this->accessToken->getScopes();
    }

    /**
     * Checks if the presented access token has the given scope(s)
     * @param  array|string $scopes An array of scopes or a single scope as a string
     * @return bool         Returns bool if all scopes are found, false if any fail
     */
    public function hasScope($scopes)
    {
        if (is_string($scopes)) {
            return $this->accessToken->hasScope($scopes);
        }

        if (is_array($scopes)) {
            foreach ($scopes as $scope) {
                if (!$this->accessToken->hasScope($scope)) {
                    return false;
                }
            }
        }

        return true;
    }

    /**
     * Checks if the access token is valid or not
     * @param $headersOnly Limit Access Token to Authorization header only
     * @return bool
     */
    public function isValidRequest($headersOnly = true, $accessToken = null)
    {
        $accessTokenString = ($accessToken !== null)
                                ? $accessToken
                                : $this->determineAccessToken($headersOnly, $accessToken);

        // Set the access token
        $this->accessToken = $this->storages['access_token']->get($accessTokenString);

        if (!$this->accessToken instanceof AccessTokenEntity) {
            throw new Exception\AccessDeniedException;
        }

        return true;
    }

    /**
     * Reads in the access token from the headers
     * @param $headersOnly Limit Access Token to Authorization header only
     * @throws Exception\MissingAccessTokenException Thrown if there is no access token presented
     * @return string
     */
    public function determineAccessToken($headersOnly = false)
    {
        if ($this->getRequest()->headers->get('Authorization') !== null) {
            $accessToken = $this->getTokenType()->determineAccessTokenInHeader($this->getRequest());
        } elseif ($headersOnly === false) {
            $accessToken = ($this->getRequest()->server->get('REQUEST_METHOD') === 'GET')
                                ? $this->getRequest()->query->get($this->tokenKey)
                                : $this->getRequest()->request->get($this->tokenKey);
        }

        if (empty($accessToken)) {
            throw new Exception\InvalidRequestException('access token');
        }

        return $accessToken;
    }
}
Starting the reorganization 2012-12-28 15:12:16 -05:00			`<?php`
Updated docblocks for the two main classes 2013-02-12 20:33:23 +00:00			`/**`
			`* OAuth 2.0 Resource Server`
			`*`
Too many changes to describe 2014-01-08 16:15:29 +00:00			`* @package league/oauth2-server`
Updated docblocks for the two main classes 2013-02-12 20:33:23 +00:00			`* @author Alex Bilbie <hello@alexbilbie.com>`
Updated copyright 2014-03-09 19:34:23 +00:00			`* @copyright Copyright (c) Alex Bilbie`
Updated docblocks for the two main classes 2013-02-12 20:33:23 +00:00			`* @license http://mit-license.org/`
Updated @link 2014-03-09 20:05:38 +00:00			`* @link https://github.com/thephpleague/oauth2-server`
Updated docblocks for the two main classes 2013-02-12 20:33:23 +00:00			`*/`
Starting the reorganization 2012-12-28 15:12:16 -05:00
Renamed AuthServer to Authorization, renamed ResourceServer to Resource. Updated all tests and other files 2013-05-08 11:42:23 -07:00			`namespace League\OAuth2\Server;`
Starting the reorganization 2012-12-28 15:12:16 -05:00
First commit of updated ResourceServer 2013-12-16 23:47:03 +00:00			`use League\OAuth2\Server\Storage\ClientInterface;`
Added abstract server 2014-01-10 17:30:12 +00:00			`use League\OAuth2\Server\Storage\AccessTokenInterface;`
			`use League\OAuth2\Server\Storage\SessionInterface;`
			`use League\OAuth2\Server\Storage\ScopeInterface;`
Updated with new entity names 2014-05-02 17:21:53 +01:00			`use League\OAuth2\Server\Entity\AccessTokenEntity;`
Use token type to determine access token in header 2014-05-07 17:21:24 +01:00			`use League\OAuth2\Server\TokenType\Bearer;`
Throw correct exception when access token is invalid 2014-05-08 10:29:40 +01:00			`use League\OAuth2\Server\Exception;`
First commit of updated ResourceServer 2013-12-16 23:47:03 +00:00			`use Symfony\Component\HttpFoundation\Request;`
Starting the reorganization 2012-12-28 15:12:16 -05:00
Updated docblocks for the two main classes 2013-02-12 20:33:23 +00:00			`/**`
			`* OAuth 2.0 Resource Server`
			`*/`
Renamed Resource to ResourceServer 2014-02-24 14:43:26 +00:00			`class ResourceServer extends AbstractServer`
Starting the reorganization 2012-12-28 15:12:16 -05:00			`{`
Updated docblocks for the two main classes 2013-02-12 20:33:23 +00:00			`/**`
			`* The access token`
First commit of updated ResourceServer 2013-12-16 23:47:03 +00:00			`* @var League\OAuth2\Server\AccessToken`
Updated docblocks for the two main classes 2013-02-12 20:33:23 +00:00			`*/`
$accessToken should be protected not public 2014-01-17 17:16:52 +00:00			`protected $accessToken;`
Starting the reorganization 2012-12-28 15:12:16 -05:00
Updated docblocks for the two main classes 2013-02-12 20:33:23 +00:00			`/**`
First commit of updated ResourceServer 2013-12-16 23:47:03 +00:00			`* The query string key which is used by clients to present the access token (default: access_token)`
Updated docblocks for the two main classes 2013-02-12 20:33:23 +00:00			`* @var string`
			`*/`
First commit of updated ResourceServer 2013-12-16 23:47:03 +00:00			`protected $tokenKey = 'access_token';`
Starting the reorganization 2012-12-28 15:12:16 -05:00
			`/**`
First commit of updated ResourceServer 2013-12-16 23:47:03 +00:00			`* Initialise the resource server`
More CS fixer changes 2014-05-03 10:53:57 +01:00			`* @param SessionInterface $sessionStorage`
			`* @param AccessTokenInteface $accessTokenStorage`
			`* @param ClientInterface $clientStorage`
			`* @param ScopeInterface $scopeStorage`
First commit of updated ResourceServer 2013-12-16 23:47:03 +00:00			`* @return self`
Starting the reorganization 2012-12-28 15:12:16 -05:00			`*/`
First commit of updated ResourceServer 2013-12-16 23:47:03 +00:00			`public function __construct(`
			`SessionInterface $sessionStorage,`
Added abstract server 2014-01-10 17:30:12 +00:00			`AccessTokenInterface $accessTokenStorage,`
			`ClientInterface $clientStorage,`
			`ScopeInterface $scopeStorage`
First commit of updated ResourceServer 2013-12-16 23:47:03 +00:00			`) {`
Inject server into storage 2014-02-24 16:50:19 +00:00			`$sessionStorage->setServer($this);`
Added abstract server 2014-01-10 17:30:12 +00:00			`$this->setStorage('session', $sessionStorage);`
Inject server into storage 2014-02-24 16:50:19 +00:00
			`$accessTokenStorage->setServer($this);`
Added abstract server 2014-01-10 17:30:12 +00:00			`$this->setStorage('access_token', $accessTokenStorage);`
Inject server into storage 2014-02-24 16:50:19 +00:00
			`$clientStorage->setServer($this);`
Added abstract server 2014-01-10 17:30:12 +00:00			`$this->setStorage('client', $clientStorage);`
Inject server into storage 2014-02-24 16:50:19 +00:00
			`$scopeStorage->setServer($this);`
Added abstract server 2014-01-10 17:30:12 +00:00			`$this->setStorage('scope', $scopeStorage);`

Set default token type as bearer for Resource Server 2014-05-07 17:10:52 +01:00			`// Set Bearer as the default token type`
			`$this->setTokenType(new Bearer);`

First commit of updated ResourceServer 2013-12-16 23:47:03 +00:00			`return $this;`
Fixing Resource bugs and moving the Request dep to a setter. 2013-01-04 17:21:24 -05:00			`}`
Starting the reorganization 2012-12-28 15:12:16 -05:00
Fixing Resource bugs and moving the Request dep to a setter. 2013-01-04 17:21:24 -05:00			`/**`
Added abstract server 2014-01-10 17:30:12 +00:00			`* Set the storage`
More CS fixer changes 2014-05-03 10:53:57 +01:00			`* @param string $type Storage type`
			`* @param mixed $storage Storage class`
First commit of updated ResourceServer 2013-12-16 23:47:03 +00:00			`* @return self`
Fixing Resource bugs and moving the Request dep to a setter. 2013-01-04 17:21:24 -05:00			`*/`
Added abstract server 2014-01-10 17:30:12 +00:00			`protected function setStorage($type, $storage)`
Fixing Resource bugs and moving the Request dep to a setter. 2013-01-04 17:21:24 -05:00			`{`
Added abstract server 2014-01-10 17:30:12 +00:00			`$storage->setServer($this);`
			`$this->storages[$type] = $storage;`
More CS fixer changes 2014-05-03 10:53:57 +01:00
Make sure $this is returned 2013-11-25 23:58:42 +00:00			`return $this;`
Starting the reorganization 2012-12-28 15:12:16 -05:00			`}`

Updated docblocks for the two main classes 2013-02-12 20:33:23 +00:00			`/**`
			`* Returns the query string key for the access token.`
			`* @return string`
			`*/`
Various bug fixes 2013-02-05 16:20:45 +00:00			`public function getTokenKey()`
			`{`
Numerous updates 2014-01-16 16:50:16 +00:00			`return $this->tokenKey;`
Various bug fixes 2013-02-05 16:20:45 +00:00			`}`

Updated docblocks for the two main classes 2013-02-12 20:33:23 +00:00			`/**`
			`* Sets the query string key for the access token.`
			`* @param $key The new query string key`
First commit of updated ResourceServer 2013-12-16 23:47:03 +00:00			`* @return self`
Updated docblocks for the two main classes 2013-02-12 20:33:23 +00:00			`*/`
Various bug fixes 2013-02-05 16:20:45 +00:00			`public function setTokenKey($key)`
			`{`
			`$this->tokenKey = $key;`
More CS fixer changes 2014-05-03 10:53:57 +01:00
Make sure $this is returned 2013-11-25 23:58:42 +00:00			`return $this;`
Various bug fixes 2013-02-05 16:20:45 +00:00			`}`

Adding a few Getters to the Resource, moving Exceptions and adding some new ones. 2013-01-17 15:19:01 -05:00			`/**`
First commit of updated ResourceServer 2013-12-16 23:47:03 +00:00			`* Gets the access token owner ID`
Updated docblocks for the two main classes 2013-02-12 20:33:23 +00:00			`* @return string`
Adding a few Getters to the Resource, moving Exceptions and adding some new ones. 2013-01-17 15:19:01 -05:00			`*/`
			`public function getOwnerId()`
			`{`
Added abstract server 2014-01-10 17:30:12 +00:00			`return $this->accessToken->getSession()->getOwnerId();`
Adding a few Getters to the Resource, moving Exceptions and adding some new ones. 2013-01-17 15:19:01 -05:00			`}`

			`/**`
First commit of updated ResourceServer 2013-12-16 23:47:03 +00:00			`* Gets the owner type`
Updated docblocks for the two main classes 2013-02-12 20:33:23 +00:00			`* @return string`
Adding a few Getters to the Resource, moving Exceptions and adding some new ones. 2013-01-17 15:19:01 -05:00			`*/`
			`public function getOwnerType()`
			`{`
Added abstract server 2014-01-10 17:30:12 +00:00			`return $this->accessToken->getSession()->getOwnerType();`
Adding a few Getters to the Resource, moving Exceptions and adding some new ones. 2013-01-17 15:19:01 -05:00			`}`

Started adding some Server methods, adding some Util classes and adding a way to get the token from the Resource 2013-01-22 11:25:51 -05:00			`/**`
First commit of updated ResourceServer 2013-12-16 23:47:03 +00:00			`* Gets the access token`
Updated docblocks for the two main classes 2013-02-12 20:33:23 +00:00			`* @return string`
Started adding some Server methods, adding some Util classes and adding a way to get the token from the Resource 2013-01-22 11:25:51 -05:00			`*/`
			`public function getAccessToken()`
			`{`
Added abstract server 2014-01-10 17:30:12 +00:00			`return $this->accessToken->getToken();`
Started adding some Server methods, adding some Util classes and adding a way to get the token from the Resource 2013-01-22 11:25:51 -05:00			`}`

Added getClientId method 2013-05-08 18:06:18 -07:00			`/**`
			`* Gets the client ID that created the session`
			`* @return string`
			`*/`
			`public function getClientId()`
			`{`
Added abstract server 2014-01-10 17:30:12 +00:00			`return $this->accessToken->getSession()->getClient()->getId();`
Added getClientId method 2013-05-08 18:06:18 -07:00			`}`

Added session scopes 2013-05-05 18:16:28 +01:00			`/**`
			`* Get the session scopes`
Added missing clientId variable, fixed docblock 2013-05-08 13:59:17 -07:00			`* @return array`
Added session scopes 2013-05-05 18:16:28 +01:00			`*/`
			`public function getScopes()`
			`{`
First commit of updated ResourceServer 2013-12-16 23:47:03 +00:00			`return $this->accessToken->getScopes();`
Added session scopes 2013-05-05 18:16:28 +01:00			`}`

Starting the reorganization 2012-12-28 15:12:16 -05:00			`/**`
First commit of updated ResourceServer 2013-12-16 23:47:03 +00:00			`* Checks if the presented access token has the given scope(s)`
More CS fixer changes 2014-05-03 10:53:57 +01:00			`* @param array\|string $scopes An array of scopes or a single scope as a string`
			`* @return bool Returns bool if all scopes are found, false if any fail`
Starting the reorganization 2012-12-28 15:12:16 -05:00			`*/`
			`public function hasScope($scopes)`
			`{`
Numerous updates 2014-01-16 16:50:16 +00:00			`if (is_string($scopes)) {`
			`return $this->accessToken->hasScope($scopes);`
			`}`

			`if (is_array($scopes)) {`
			`foreach ($scopes as $scope) {`
			`if (!$this->accessToken->hasScope($scope)) {`
			`return false;`
			`}`
			`}`
			`}`
More CS fixer changes 2014-05-03 10:53:57 +01:00
Numerous updates 2014-01-16 16:50:16 +00:00			`return true;`
Starting the reorganization 2012-12-28 15:12:16 -05:00			`}`

Updated with new entity names 2014-05-02 17:21:53 +01:00			`/**`
			`* Checks if the access token is valid or not`
			`* @param $headersOnly Limit Access Token to Authorization header only`
			`* @return bool`
			`*/`
			`public function isValidRequest($headersOnly = true, $accessToken = null)`
			`{`
PHPCS fixes 2014-05-03 11:08:33 +01:00			`$accessTokenString = ($accessToken !== null)`
			`? $accessToken`
			`: $this->determineAccessToken($headersOnly, $accessToken);`
Updated with new entity names 2014-05-02 17:21:53 +01:00
			`// Set the access token`
			`$this->accessToken = $this->storages['access_token']->get($accessTokenString);`
More CS fixer changes 2014-05-03 10:53:57 +01:00
Throw correct exception when access token is invalid 2014-05-08 10:29:40 +01:00			`if (!$this->accessToken instanceof AccessTokenEntity) {`
			`throw new Exception\AccessDeniedException;`
			`}`

			`return true;`
Updated with new entity names 2014-05-02 17:21:53 +01:00			`}`

Fixing Resource bugs and moving the Request dep to a setter. 2013-01-04 17:21:24 -05:00			`/**`
First commit of updated ResourceServer 2013-12-16 23:47:03 +00:00			`* Reads in the access token from the headers`
This fixes #57. By passing in a conditional flag refering to headersOnly, the library would stil respect RFC6749 Section 7 and RFC6750 Section 2. 2013-05-27 21:27:30 -07:00			`* @param $headersOnly Limit Access Token to Authorization header only`
More CS fixer changes 2014-05-03 10:53:57 +01:00			`* @throws Exception\MissingAccessTokenException Thrown if there is no access token presented`
Fixing Resource bugs and moving the Request dep to a setter. 2013-01-04 17:21:24 -05:00			`* @return string`
			`*/`
Make determineAccessToken() public in order to check if an access token was sent before checking its validity. 2013-06-05 23:59:29 -04:00			`public function determineAccessToken($headersOnly = false)`
Starting the reorganization 2012-12-28 15:12:16 -05:00			`{`
Use token type to determine access token in header 2014-05-07 17:21:24 +01:00			`if ($this->getRequest()->headers->get('Authorization') !== null) {`
			`$accessToken = $this->getTokenType()->determineAccessTokenInHeader($this->getRequest());`
This fixes #57. By passing in a conditional flag refering to headersOnly, the library would stil respect RFC6749 Section 7 and RFC6750 Section 2. 2013-05-27 21:27:30 -07:00			`} elseif ($headersOnly === false) {`
Throw correct exception when access token is invalid 2014-05-08 10:29:40 +01:00			`$accessToken = ($this->getRequest()->server->get('REQUEST_METHOD') === 'GET')`
			`? $this->getRequest()->query->get($this->tokenKey)`
			`: $this->getRequest()->request->get($this->tokenKey);`
Starting the reorganization 2012-12-28 15:12:16 -05:00			`}`

Changed variable syntax style to be PSR2 2013-05-05 18:05:46 +01:00			`if (empty($accessToken)) {`
Updates to exceptions 2014-05-01 14:32:54 +01:00			`throw new Exception\InvalidRequestException('access token');`
Starting the reorganization 2012-12-28 15:12:16 -05:00			`}`

Changed variable syntax style to be PSR2 2013-05-05 18:05:46 +01:00			`return $accessToken;`
Starting the reorganization 2012-12-28 15:12:16 -05:00			`}`
			`}`