oauth2-server/src/AuthorizationServer.php

<?php
/**
 * @author      Alex Bilbie <hello@alexbilbie.com>
 * @copyright   Copyright (c) Alex Bilbie
 * @license     http://mit-license.org/
 *
 * @link        https://github.com/thephpleague/oauth2-server
 */

namespace League\OAuth2\Server;

use Defuse\Crypto\Key;
use League\Event\EmitterAwareInterface;
use League\Event\EmitterAwareTrait;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Grant\GrantTypeInterface;
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
use League\OAuth2\Server\ResponseTypes\AbstractResponseType;
use League\OAuth2\Server\ResponseTypes\BearerTokenResponse;
use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;

class AuthorizationServer implements EmitterAwareInterface
{
    use EmitterAwareTrait;

    /**
     * @var GrantTypeInterface[]
     */
    protected $enabledGrantTypes = [];

    /**
     * @var \DateInterval[]
     */
    protected $grantTypeAccessTokenTTL = [];

    /**
     * @var CryptKey
     */
    protected $privateKey;

    /**
     * @var CryptKey
     */
    protected $publicKey;

    /**
     * @var null|ResponseTypeInterface
     */
    protected $responseType;

    /**
     * @var ClientRepositoryInterface
     */
    private $clientRepository;

    /**
     * @var AccessTokenRepositoryInterface
     */
    private $accessTokenRepository;

    /**
     * @var ScopeRepositoryInterface
     */
    private $scopeRepository;

    /**
     * @var string|Key
     */
    private $encryptionKey;

    /**
     * @var string
     */
    private $defaultScope = '';

    /**
     * New server instance.
     *
     * @param ClientRepositoryInterface      $clientRepository
     * @param AccessTokenRepositoryInterface $accessTokenRepository
     * @param ScopeRepositoryInterface       $scopeRepository
     * @param CryptKey|string                $privateKey
     * @param string|Key                     $encryptionKey
     * @param null|ResponseTypeInterface     $responseType
     */
    public function __construct(
        ClientRepositoryInterface $clientRepository,
        AccessTokenRepositoryInterface $accessTokenRepository,
        ScopeRepositoryInterface $scopeRepository,
        $privateKey,
        $encryptionKey,
        ResponseTypeInterface $responseType = null
    ) {
        $this->clientRepository = $clientRepository;
        $this->accessTokenRepository = $accessTokenRepository;
        $this->scopeRepository = $scopeRepository;

        if ($privateKey instanceof CryptKey === false) {
            $privateKey = new CryptKey($privateKey);
        }
        $this->privateKey = $privateKey;
        $this->encryptionKey = $encryptionKey;
        $this->responseType = $responseType;
    }

    /**
     * Enable a grant type on the server.
     *
     * @param GrantTypeInterface $grantType
     * @param null|\DateInterval $accessTokenTTL
     */
    public function enableGrantType(GrantTypeInterface $grantType, \DateInterval $accessTokenTTL = null)
    {
        if ($accessTokenTTL instanceof \DateInterval === false) {
            $accessTokenTTL = new \DateInterval('PT1H');
        }

        $grantType->setAccessTokenRepository($this->accessTokenRepository);
        $grantType->setClientRepository($this->clientRepository);
        $grantType->setScopeRepository($this->scopeRepository);
        $grantType->setDefaultScope($this->defaultScope);
        $grantType->setPrivateKey($this->privateKey);
        $grantType->setEmitter($this->getEmitter());
        $grantType->setEncryptionKey($this->encryptionKey);

        $this->enabledGrantTypes[$grantType->getIdentifier()] = $grantType;
        $this->grantTypeAccessTokenTTL[$grantType->getIdentifier()] = $accessTokenTTL;
    }

    /**
     * Validate an authorization request
     *
     * @param ServerRequestInterface $request
     *
     * @throws OAuthServerException
     *
     * @return AuthorizationRequest
     */
    public function validateAuthorizationRequest(ServerRequestInterface $request)
    {
        foreach ($this->enabledGrantTypes as $grantType) {
            if ($grantType->canRespondToAuthorizationRequest($request)) {
                return $grantType->validateAuthorizationRequest($request);
            }
        }

        throw OAuthServerException::unsupportedGrantType();
    }

    /**
     * Complete an authorization request
     *
     * @param AuthorizationRequest $authRequest
     * @param ResponseInterface    $response
     *
     * @return ResponseInterface
     */
    public function completeAuthorizationRequest(AuthorizationRequest $authRequest, ResponseInterface $response)
    {
        return $this->enabledGrantTypes[$authRequest->getGrantTypeId()]
            ->completeAuthorizationRequest($authRequest)
            ->generateHttpResponse($response);
    }

    /**
     * Return an access token response.
     *
     * @param ServerRequestInterface $request
     * @param ResponseInterface      $response
     *
     * @throws OAuthServerException
     *
     * @return ResponseInterface
     */
    public function respondToAccessTokenRequest(ServerRequestInterface $request, ResponseInterface $response)
    {
        foreach ($this->enabledGrantTypes as $grantType) {
            if (!$grantType->canRespondToAccessTokenRequest($request)) {
                continue;
            }
            $tokenResponse = $grantType->respondToAccessTokenRequest(
                $request,
                $this->getResponseType(),
                $this->grantTypeAccessTokenTTL[$grantType->getIdentifier()]
            );

            if ($tokenResponse instanceof ResponseTypeInterface) {
                return $tokenResponse->generateHttpResponse($response);
            }
        }

        throw OAuthServerException::unsupportedGrantType();
    }

    /**
     * Get the token type that grants will return in the HTTP response.
     *
     * @return ResponseTypeInterface
     */
    protected function getResponseType()
    {
        if ($this->responseType instanceof ResponseTypeInterface === false) {
            $this->responseType = new BearerTokenResponse();
        }

        if ($this->responseType instanceof AbstractResponseType === true) {
            $this->responseType->setPrivateKey($this->privateKey);
        }
        $this->responseType->setEncryptionKey($this->encryptionKey);

        return $this->responseType;
    }

    /**
     * Set the default scope for the authorization server.
     *
     * @param string $defaultScope
     */
    public function setDefaultScope($defaultScope)
    {
        $this->defaultScope = $defaultScope;
    }
}
First commit of new server class 2015-04-05 21:33:06 +05:30			`<?php`
Added copyright docblocks 2016-04-17 17:36:05 +05:30			`/**`
			`* @author Alex Bilbie <hello@alexbilbie.com>`
			`* @copyright Copyright (c) Alex Bilbie`
			`* @license http://mit-license.org/`
Apply fixes from StyleCI 2017-10-23 20:56:10 +05:30			`*`
Added copyright docblocks 2016-04-17 17:36:05 +05:30			`* @link https://github.com/thephpleague/oauth2-server`
			`*/`
Refactored constructor to set defaults, added new setter methods for default token TTL and default token type 2015-04-06 13:02:44 +05:30
First commit of new server class 2015-04-05 21:33:06 +05:30			`namespace League\OAuth2\Server;`

Minor code tidy up 2018-03-01 02:03:19 +05:30			`use Defuse\Crypto\Key;`
Checkin 2015-10-14 14:21:53 +05:30			`use League\Event\EmitterAwareInterface;`
			`use League\Event\EmitterAwareTrait;`
Updates 2015-11-13 23:11:05 +05:30			`use League\OAuth2\Server\Exception\OAuthServerException;`
Checkin 2015-10-14 14:21:53 +05:30			`use League\OAuth2\Server\Grant\GrantTypeInterface;`
New server constructor 2016-01-17 19:33:41 +05:30			`use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;`
			`use League\OAuth2\Server\Repositories\ClientRepositoryInterface;`
			`use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;`
Updated server methods 2016-04-10 16:18:32 +05:30			`use League\OAuth2\Server\RequestTypes\AuthorizationRequest;`
Static analysis with PHPStan 2018-02-12 02:21:47 +05:30			`use League\OAuth2\Server\ResponseTypes\AbstractResponseType;`
Updates 2015-11-13 23:11:05 +05:30			`use League\OAuth2\Server\ResponseTypes\BearerTokenResponse;`
			`use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;`
allow middleware use 2016-01-15 18:32:47 +05:30			`use Psr\Http\Message\ResponseInterface;`
Checkin 2015-10-14 14:21:53 +05:30			`use Psr\Http\Message\ServerRequestInterface;`
First commit of new server class 2015-04-05 21:33:06 +05:30
Renamed Server to AuthorizationServer 2016-04-17 17:24:25 +05:30			`class AuthorizationServer implements EmitterAwareInterface`
First commit of new server class 2015-04-05 21:33:06 +05:30			`{`
Checkin 2015-10-14 14:21:53 +05:30			`use EmitterAwareTrait;`

First commit of new server class 2015-04-05 21:33:06 +05:30			`/**`
Updated PHPDoc 2016-07-09 04:30:44 +05:30			`* @var GrantTypeInterface[]`
First commit of new server class 2015-04-05 21:33:06 +05:30			`*/`
			`protected $enabledGrantTypes = [];`

			`/**`
abstract access token validation 2016-02-12 18:49:47 +05:30			`* @var \DateInterval[]`
First commit of new server class 2015-04-05 21:33:06 +05:30			`*/`
			`protected $grantTypeAccessTokenTTL = [];`

deferred default objects creation 2016-01-15 17:11:48 +05:30			`/**`
Updated PHPDoc 2016-07-09 04:30:44 +05:30			`* @var CryptKey`
deferred default objects creation 2016-01-15 17:11:48 +05:30			`*/`
handle RSA key passphrase 2016-03-28 20:12:34 +05:30			`protected $privateKey;`
deferred default objects creation 2016-01-15 17:11:48 +05:30
First commit of new server class 2015-04-05 21:33:06 +05:30			`/**`
Updated PHPDoc 2016-07-09 04:30:44 +05:30			`* @var CryptKey`
First commit of new server class 2015-04-05 21:33:06 +05:30			`*/`
handle RSA key passphrase 2016-03-28 20:12:34 +05:30			`protected $publicKey;`
First commit of new server class 2015-04-05 21:33:06 +05:30
			`/**`
Updated PHPDoc 2016-07-09 04:30:44 +05:30			`* @var null\|ResponseTypeInterface`
First commit of new server class 2015-04-05 21:33:06 +05:30			`*/`
handle RSA key passphrase 2016-03-28 20:12:34 +05:30			`protected $responseType;`
First commit of new server class 2015-04-05 21:33:06 +05:30
Checkin 2015-10-14 14:21:53 +05:30			`/**`
Updated PHPDoc 2016-07-09 04:30:44 +05:30			`* @var ClientRepositoryInterface`
Checkin 2015-10-14 14:21:53 +05:30			`*/`
New server constructor 2016-01-17 19:33:41 +05:30			`private $clientRepository;`

			`/**`
Updated PHPDoc 2016-07-09 04:30:44 +05:30			`* @var AccessTokenRepositoryInterface`
New server constructor 2016-01-17 19:33:41 +05:30			`*/`
			`private $accessTokenRepository;`

			`/**`
Updated PHPDoc 2016-07-09 04:30:44 +05:30			`* @var ScopeRepositoryInterface`
New server constructor 2016-01-17 19:33:41 +05:30			`*/`
			`private $scopeRepository;`
Refactored constructor to set defaults, added new setter methods for default token TTL and default token type 2015-04-06 13:02:44 +05:30
New property on AuthorizationServer to receive an encryption key which is used for future encryption/decryption instead of keybased encryption/decryption 2017-07-01 20:27:40 +05:30			`/**`
Minor code tidy up 2018-03-01 02:03:19 +05:30			`* @var string\|Key`
New property on AuthorizationServer to receive an encryption key which is used for future encryption/decryption instead of keybased encryption/decryption 2017-07-01 20:27:40 +05:30			`*/`
			`private $encryptionKey;`

Set a default scope for the authorization server 2017-10-19 02:39:53 +05:30			`/**`
			`* @var string`
			`*/`
Fix tests as no longer set the default scope in the constructor Use new setDefaultScope() method instead. Also changed default scope to be a blank string instead of null 2017-10-31 05:18:02 +05:30			`private $defaultScope = '';`
Set a default scope for the authorization server 2017-10-19 02:39:53 +05:30
Refactored constructor to set defaults, added new setter methods for default token TTL and default token type 2015-04-06 13:02:44 +05:30			`/**`
Applied fixes from StyleCI 2016-02-20 04:39:39 +05:30			`* New server instance.`
First commit of new server class 2015-04-05 21:33:06 +05:30			`*`
Updated PHPDoc 2016-07-09 04:30:44 +05:30			`* @param ClientRepositoryInterface $clientRepository`
			`* @param AccessTokenRepositoryInterface $accessTokenRepository`
			`* @param ScopeRepositoryInterface $scopeRepository`
			`* @param CryptKey\|string $privateKey`
Minor code tidy up 2018-03-01 02:03:19 +05:30			`* @param string\|Key $encryptionKey`
Updated PHPDoc 2016-07-09 04:30:44 +05:30			`* @param null\|ResponseTypeInterface $responseType`
First commit of new server class 2015-04-05 21:33:06 +05:30			`*/`
New server constructor 2016-01-17 19:33:41 +05:30			`public function __construct(`
			`ClientRepositoryInterface $clientRepository,`
			`AccessTokenRepositoryInterface $accessTokenRepository,`
			`ScopeRepositoryInterface $scopeRepository,`
handle RSA key passphrase 2016-03-28 20:12:34 +05:30			`$privateKey,`
AuthorizationServer no longer needs to know about the public key 2017-07-01 22:41:10 +05:30			`$encryptionKey,`
Removed unused methods 2016-04-17 17:12:42 +05:30			`ResponseTypeInterface $responseType = null`
New server constructor 2016-01-17 19:33:41 +05:30			`) {`
			`$this->clientRepository = $clientRepository;`
			`$this->accessTokenRepository = $accessTokenRepository;`
			`$this->scopeRepository = $scopeRepository;`
handle RSA key passphrase 2016-03-28 20:12:34 +05:30
Explicitly compare to false when checking not instanceof 2016-07-09 15:39:21 +05:30			`if ($privateKey instanceof CryptKey === false) {`
handle RSA key passphrase 2016-03-28 20:12:34 +05:30			`$privateKey = new CryptKey($privateKey);`
			`}`
			`$this->privateKey = $privateKey;`
AuthorizationServer no longer needs to know about the public key 2017-07-01 22:41:10 +05:30			`$this->encryptionKey = $encryptionKey;`
Removed default wording as there is no override 2016-01-17 19:53:18 +05:30			`$this->responseType = $responseType;`
Refactored constructor to set defaults, added new setter methods for default token TTL and default token type 2015-04-06 13:02:44 +05:30			`}`
First commit of new server class 2015-04-05 21:33:06 +05:30
			`/**`
Applied fixes from StyleCI 2016-02-20 04:39:39 +05:30			`* Enable a grant type on the server.`
First commit of new server class 2015-04-05 21:33:06 +05:30			`*`
Updated PHPDoc 2016-07-09 04:30:44 +05:30			`* @param GrantTypeInterface $grantType`
			`* @param null\|\DateInterval $accessTokenTTL`
First commit of new server class 2015-04-05 21:33:06 +05:30			`*/`
Updated PHPDoc 2016-07-09 04:30:44 +05:30			`public function enableGrantType(GrantTypeInterface $grantType, \DateInterval $accessTokenTTL = null)`
configurable refresh token TTL per grant 2016-01-21 22:41:53 +05:30			`{`
Explicitly compare to false when checking not instanceof 2016-07-09 15:39:21 +05:30			`if ($accessTokenTTL instanceof \DateInterval === false) {`
Lazy set $accessTokenTTL 2016-04-10 19:01:05 +05:30			`$accessTokenTTL = new \DateInterval('PT1H');`
			`}`

Inject required params into grant type 2016-01-17 19:33:07 +05:30			`$grantType->setAccessTokenRepository($this->accessTokenRepository);`
			`$grantType->setClientRepository($this->clientRepository);`
			`$grantType->setScopeRepository($this->scopeRepository);`
Revert previous change 2017-11-14 03:50:16 +05:30			`$grantType->setDefaultScope($this->defaultScope);`
handle RSA key passphrase 2016-03-28 20:12:34 +05:30			`$grantType->setPrivateKey($this->privateKey);`
Checkin 2015-10-14 14:21:53 +05:30			`$grantType->setEmitter($this->getEmitter());`
New property on AuthorizationServer to receive an encryption key which is used for future encryption/decryption instead of keybased encryption/decryption 2017-07-01 20:27:40 +05:30			`$grantType->setEncryptionKey($this->encryptionKey);`

allow refresh token ttl assign 2016-01-20 16:51:44 +05:30			`$this->enabledGrantTypes[$grantType->getIdentifier()] = $grantType;`
Removed default overrides 2016-01-17 19:33:33 +05:30			`$this->grantTypeAccessTokenTTL[$grantType->getIdentifier()] = $accessTokenTTL;`
First commit of new server class 2015-04-05 21:33:06 +05:30			`}`

Checkin 2016-04-10 14:37:08 +05:30			`/**`
Updated server methods 2016-04-10 16:18:32 +05:30			`* Validate an authorization request`
			`*`
Updated PHPDoc 2016-07-09 04:30:44 +05:30			`* @param ServerRequestInterface $request`
Checkin 2016-04-10 14:37:08 +05:30			`*`
Updated PHPDoc 2016-07-09 04:30:44 +05:30			`* @throws OAuthServerException`
Applied fixes from StyleCI 2016-04-10 16:18:46 +05:30			`*`
Updated PHPDoc 2016-07-09 04:30:44 +05:30			`* @return AuthorizationRequest`
Checkin 2016-04-10 14:37:08 +05:30			`*/`
Updated server methods 2016-04-10 16:18:32 +05:30			`public function validateAuthorizationRequest(ServerRequestInterface $request)`
Checkin 2016-04-10 14:37:08 +05:30			`{`
while(array_shift()) makes the AuthorizationServer class configuration mutable 2016-07-13 15:33:05 +05:30			`foreach ($this->enabledGrantTypes as $grantType) {`
Updated server methods 2016-04-10 16:18:32 +05:30			`if ($grantType->canRespondToAuthorizationRequest($request)) {`
while(array_shift()) makes the AuthorizationServer class configuration mutable 2016-07-13 15:33:05 +05:30			`return $grantType->validateAuthorizationRequest($request);`
Checkin 2016-04-10 14:37:08 +05:30			`}`
			`}`
Updated server methods 2016-04-10 16:18:32 +05:30
Checkin 2016-04-10 14:37:08 +05:30			`throw OAuthServerException::unsupportedGrantType();`
			`}`

Updated server methods 2016-04-10 16:18:32 +05:30			`/**`
			`* Complete an authorization request`
			`*`
Updated PHPDoc 2016-07-09 04:30:44 +05:30			`* @param AuthorizationRequest $authRequest`
			`* @param ResponseInterface $response`
Updated server methods 2016-04-10 16:18:32 +05:30			`*`
Updated PHPDoc 2016-07-09 04:30:44 +05:30			`* @return ResponseInterface`
Updated server methods 2016-04-10 16:18:32 +05:30			`*/`
			`public function completeAuthorizationRequest(AuthorizationRequest $authRequest, ResponseInterface $response)`
			`{`
			`return $this->enabledGrantTypes[$authRequest->getGrantTypeId()]`
			`->completeAuthorizationRequest($authRequest)`
			`->generateHttpResponse($response);`
			`}`

First commit of new server class 2015-04-05 21:33:06 +05:30			`/**`
Applied fixes from StyleCI 2016-02-20 04:39:39 +05:30			`* Return an access token response.`
First commit of new server class 2015-04-05 21:33:06 +05:30			`*`
Updated PHPDoc 2016-07-09 04:30:44 +05:30			`* @param ServerRequestInterface $request`
			`* @param ResponseInterface $response`
First commit of new server class 2015-04-05 21:33:06 +05:30			`*`
Updated PHPDoc 2016-07-09 04:30:44 +05:30			`* @throws OAuthServerException`
Applied fixes from StyleCI 2016-02-20 04:39:39 +05:30			`*`
Updated PHPDoc 2016-07-09 04:30:44 +05:30			`* @return ResponseInterface`
First commit of new server class 2015-04-05 21:33:06 +05:30			`*/`
Renamed server `respondToRequest` to `respondToAccessTokenRequest` 2016-04-09 20:50:30 +05:30			`public function respondToAccessTokenRequest(ServerRequestInterface $request, ResponseInterface $response)`
First commit of new server class 2015-04-05 21:33:06 +05:30			`{`
while(array_shift()) makes the AuthorizationServer class configuration mutable 2016-07-13 15:33:05 +05:30			`foreach ($this->enabledGrantTypes as $grantType) {`
flatten code 2017-11-23 23:26:39 +05:30			`if (!$grantType->canRespondToAccessTokenRequest($request)) {`
			`continue;`
while(array_shift()) makes the AuthorizationServer class configuration mutable 2016-07-13 15:33:05 +05:30			`}`
flatten code 2017-11-23 23:26:39 +05:30			`$tokenResponse = $grantType->respondToAccessTokenRequest(`
			`$request,`
			`$this->getResponseType(),`
			`$this->grantTypeAccessTokenTTL[$grantType->getIdentifier()]`
			`);`

			`if ($tokenResponse instanceof ResponseTypeInterface) {`
			`return $tokenResponse->generateHttpResponse($response);`
			`}`
allow middleware use 2016-01-15 18:32:47 +05:30			`}`
include CryptTrait tests, allow Server::respondToRequest trhow exceptions and fix ResposeType tests 2016-03-18 04:55:32 +05:30
			`throw OAuthServerException::unsupportedGrantType();`
allow middleware use 2016-01-15 18:32:47 +05:30			`}`
allow refresh token ttl assign 2016-01-20 16:51:44 +05:30
			`/**`
Applied fixes from StyleCI 2016-02-20 04:39:39 +05:30			`* Get the token type that grants will return in the HTTP response.`
allow refresh token ttl assign 2016-01-20 16:51:44 +05:30			`*`
			`* @return ResponseTypeInterface`
			`*/`
abstract access token validation 2016-02-12 18:49:47 +05:30			`protected function getResponseType()`
allow refresh token ttl assign 2016-01-20 16:51:44 +05:30			`{`
Explicitly compare to false when checking not instanceof 2016-07-09 15:39:21 +05:30			`if ($this->responseType instanceof ResponseTypeInterface === false) {`
Removed unnecessary parameter usage 2016-04-18 16:40:57 +05:30			`$this->responseType = new BearerTokenResponse();`
allow refresh token ttl assign 2016-01-20 16:51:44 +05:30			`}`

Static analysis with PHPStan 2018-02-12 02:21:47 +05:30			`if ($this->responseType instanceof AbstractResponseType === true) {`
			`$this->responseType->setPrivateKey($this->privateKey);`
			`}`
Ensure response type also has access to the encryption key 2017-07-01 20:59:50 +05:30			`$this->responseType->setEncryptionKey($this->encryptionKey);`
Fix #468 and #473 2016-03-17 20:07:21 +05:30
allow refresh token ttl assign 2016-01-20 16:51:44 +05:30			`return $this->responseType;`
			`}`
Fix tests as no longer set the default scope in the constructor Use new setDefaultScope() method instead. Also changed default scope to be a blank string instead of null 2017-10-31 05:18:02 +05:30
			`/**`
			`* Set the default scope for the authorization server.`
			`*`
			`* @param string $defaultScope`
			`*/`
			`public function setDefaultScope($defaultScope)`
			`{`
			`$this->defaultScope = $defaultScope;`
			`}`
First commit of new server class 2015-04-05 21:33:06 +05:30			`}`