2012-12-28 15:12:16 -05:00
|
|
|
<?php
|
2013-02-12 20:33:23 +00:00
|
|
|
/**
|
|
|
|
* OAuth 2.0 Resource Server
|
|
|
|
*
|
2014-01-08 16:15:29 +00:00
|
|
|
* @package league/oauth2-server
|
2013-02-12 20:33:23 +00:00
|
|
|
* @author Alex Bilbie <hello@alexbilbie.com>
|
2014-03-09 19:34:23 +00:00
|
|
|
* @copyright Copyright (c) Alex Bilbie
|
2013-02-12 20:33:23 +00:00
|
|
|
* @license http://mit-license.org/
|
2014-03-09 20:05:38 +00:00
|
|
|
* @link https://github.com/thephpleague/oauth2-server
|
2013-02-12 20:33:23 +00:00
|
|
|
*/
|
2012-12-28 15:12:16 -05:00
|
|
|
|
2013-05-08 11:42:23 -07:00
|
|
|
namespace League\OAuth2\Server;
|
2012-12-28 15:12:16 -05:00
|
|
|
|
2014-01-10 17:30:12 +00:00
|
|
|
use League\OAuth2\Server\Storage\StorageWrapper;
|
2013-12-16 23:47:03 +00:00
|
|
|
use League\OAuth2\Server\Storage\ClientInterface;
|
2014-01-10 17:30:12 +00:00
|
|
|
use League\OAuth2\Server\Storage\AccessTokenInterface;
|
|
|
|
use League\OAuth2\Server\Storage\AuthCodeInterface;
|
|
|
|
use League\OAuth2\Server\Storage\SessionInterface;
|
|
|
|
use League\OAuth2\Server\Storage\ScopeInterface;
|
2014-05-02 17:21:53 +01:00
|
|
|
use League\OAuth2\Server\Entity\AccessTokenEntity;
|
2013-12-16 23:47:03 +00:00
|
|
|
use Symfony\Component\HttpFoundation\Request;
|
2012-12-28 15:12:16 -05:00
|
|
|
|
2013-02-12 20:33:23 +00:00
|
|
|
/**
|
|
|
|
* OAuth 2.0 Resource Server
|
|
|
|
*/
|
2014-02-24 14:43:26 +00:00
|
|
|
class ResourceServer extends AbstractServer
|
2012-12-28 15:12:16 -05:00
|
|
|
{
|
2013-02-12 20:33:23 +00:00
|
|
|
/**
|
|
|
|
* The access token
|
2013-12-16 23:47:03 +00:00
|
|
|
* @var League\OAuth2\Server\AccessToken
|
2013-02-12 20:33:23 +00:00
|
|
|
*/
|
2014-01-17 17:16:52 +00:00
|
|
|
protected $accessToken;
|
2012-12-28 15:12:16 -05:00
|
|
|
|
2013-02-12 20:33:23 +00:00
|
|
|
/**
|
2013-12-16 23:47:03 +00:00
|
|
|
* The query string key which is used by clients to present the access token (default: access_token)
|
2013-02-12 20:33:23 +00:00
|
|
|
* @var string
|
|
|
|
*/
|
2013-12-16 23:47:03 +00:00
|
|
|
protected $tokenKey = 'access_token';
|
2012-12-28 15:12:16 -05:00
|
|
|
|
|
|
|
/**
|
2013-12-16 23:47:03 +00:00
|
|
|
* Initialise the resource server
|
2014-01-10 17:30:12 +00:00
|
|
|
* @param SessionInterface $sessionStorage
|
|
|
|
* @param AccessTokenInteface $accessTokenStorage
|
|
|
|
* @param ClientInterface $clientStorage
|
|
|
|
* @param ScopeInterface $scopeStorage
|
2013-12-16 23:47:03 +00:00
|
|
|
* @return self
|
2012-12-28 15:12:16 -05:00
|
|
|
*/
|
2013-12-16 23:47:03 +00:00
|
|
|
public function __construct(
|
|
|
|
SessionInterface $sessionStorage,
|
2014-01-10 17:30:12 +00:00
|
|
|
AccessTokenInterface $accessTokenStorage,
|
|
|
|
ClientInterface $clientStorage,
|
|
|
|
ScopeInterface $scopeStorage
|
2013-12-16 23:47:03 +00:00
|
|
|
) {
|
2014-02-24 16:50:19 +00:00
|
|
|
$sessionStorage->setServer($this);
|
2014-01-10 17:30:12 +00:00
|
|
|
$this->setStorage('session', $sessionStorage);
|
2014-02-24 16:50:19 +00:00
|
|
|
|
|
|
|
$accessTokenStorage->setServer($this);
|
2014-01-10 17:30:12 +00:00
|
|
|
$this->setStorage('access_token', $accessTokenStorage);
|
2014-02-24 16:50:19 +00:00
|
|
|
|
|
|
|
$clientStorage->setServer($this);
|
2014-01-10 17:30:12 +00:00
|
|
|
$this->setStorage('client', $clientStorage);
|
2014-02-24 16:50:19 +00:00
|
|
|
|
|
|
|
$scopeStorage->setServer($this);
|
2014-01-10 17:30:12 +00:00
|
|
|
$this->setStorage('scope', $scopeStorage);
|
|
|
|
|
2013-12-16 23:47:03 +00:00
|
|
|
return $this;
|
2013-01-04 17:21:24 -05:00
|
|
|
}
|
2012-12-28 15:12:16 -05:00
|
|
|
|
2013-01-04 17:21:24 -05:00
|
|
|
/**
|
2014-01-10 17:30:12 +00:00
|
|
|
* Set the storage
|
|
|
|
* @param string $type Storage type
|
|
|
|
* @param mixed $storage Storage class
|
2013-12-16 23:47:03 +00:00
|
|
|
* @return self
|
2013-01-04 17:21:24 -05:00
|
|
|
*/
|
2014-01-10 17:30:12 +00:00
|
|
|
protected function setStorage($type, $storage)
|
2013-01-04 17:21:24 -05:00
|
|
|
{
|
2014-01-10 17:30:12 +00:00
|
|
|
$storage->setServer($this);
|
|
|
|
$this->storages[$type] = $storage;
|
2013-11-25 23:58:42 +00:00
|
|
|
return $this;
|
2012-12-28 15:12:16 -05:00
|
|
|
}
|
|
|
|
|
2013-02-12 20:33:23 +00:00
|
|
|
/**
|
|
|
|
* Returns the query string key for the access token.
|
|
|
|
* @return string
|
|
|
|
*/
|
2013-02-05 16:20:45 +00:00
|
|
|
public function getTokenKey()
|
|
|
|
{
|
2014-01-16 16:50:16 +00:00
|
|
|
return $this->tokenKey;
|
2013-02-05 16:20:45 +00:00
|
|
|
}
|
|
|
|
|
2013-02-12 20:33:23 +00:00
|
|
|
/**
|
|
|
|
* Sets the query string key for the access token.
|
|
|
|
* @param $key The new query string key
|
2013-12-16 23:47:03 +00:00
|
|
|
* @return self
|
2013-02-12 20:33:23 +00:00
|
|
|
*/
|
2013-02-05 16:20:45 +00:00
|
|
|
public function setTokenKey($key)
|
|
|
|
{
|
|
|
|
$this->tokenKey = $key;
|
2013-11-25 23:58:42 +00:00
|
|
|
return $this;
|
2013-02-05 16:20:45 +00:00
|
|
|
}
|
|
|
|
|
2013-01-17 15:19:01 -05:00
|
|
|
/**
|
2013-12-16 23:47:03 +00:00
|
|
|
* Gets the access token owner ID
|
2013-02-12 20:33:23 +00:00
|
|
|
* @return string
|
2013-01-17 15:19:01 -05:00
|
|
|
*/
|
|
|
|
public function getOwnerId()
|
|
|
|
{
|
2014-01-10 17:30:12 +00:00
|
|
|
return $this->accessToken->getSession()->getOwnerId();
|
2013-01-17 15:19:01 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2013-12-16 23:47:03 +00:00
|
|
|
* Gets the owner type
|
2013-02-12 20:33:23 +00:00
|
|
|
* @return string
|
2013-01-17 15:19:01 -05:00
|
|
|
*/
|
|
|
|
public function getOwnerType()
|
|
|
|
{
|
2014-01-10 17:30:12 +00:00
|
|
|
return $this->accessToken->getSession()->getOwnerType();
|
2013-01-17 15:19:01 -05:00
|
|
|
}
|
|
|
|
|
2013-01-22 11:25:51 -05:00
|
|
|
/**
|
2013-12-16 23:47:03 +00:00
|
|
|
* Gets the access token
|
2013-02-12 20:33:23 +00:00
|
|
|
* @return string
|
2013-01-22 11:25:51 -05:00
|
|
|
*/
|
|
|
|
public function getAccessToken()
|
|
|
|
{
|
2014-01-10 17:30:12 +00:00
|
|
|
return $this->accessToken->getToken();
|
2013-01-22 11:25:51 -05:00
|
|
|
}
|
|
|
|
|
2013-05-08 18:06:18 -07:00
|
|
|
/**
|
|
|
|
* Gets the client ID that created the session
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
public function getClientId()
|
|
|
|
{
|
2014-01-10 17:30:12 +00:00
|
|
|
return $this->accessToken->getSession()->getClient()->getId();
|
2013-05-08 18:06:18 -07:00
|
|
|
}
|
|
|
|
|
2013-05-05 18:16:28 +01:00
|
|
|
/**
|
|
|
|
* Get the session scopes
|
2013-05-08 13:59:17 -07:00
|
|
|
* @return array
|
2013-05-05 18:16:28 +01:00
|
|
|
*/
|
|
|
|
public function getScopes()
|
|
|
|
{
|
2013-12-16 23:47:03 +00:00
|
|
|
return $this->accessToken->getScopes();
|
2013-05-05 18:16:28 +01:00
|
|
|
}
|
|
|
|
|
2012-12-28 15:12:16 -05:00
|
|
|
/**
|
2013-12-16 23:47:03 +00:00
|
|
|
* Checks if the presented access token has the given scope(s)
|
2014-01-08 16:15:29 +00:00
|
|
|
* @param array|string $scopes An array of scopes or a single scope as a string
|
|
|
|
* @return bool Returns bool if all scopes are found, false if any fail
|
2012-12-28 15:12:16 -05:00
|
|
|
*/
|
|
|
|
public function hasScope($scopes)
|
|
|
|
{
|
2014-01-16 16:50:16 +00:00
|
|
|
if (is_string($scopes)) {
|
|
|
|
return $this->accessToken->hasScope($scopes);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (is_array($scopes)) {
|
|
|
|
foreach ($scopes as $scope) {
|
|
|
|
if (!$this->accessToken->hasScope($scope)) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return true;
|
2012-12-28 15:12:16 -05:00
|
|
|
}
|
|
|
|
|
2014-05-02 17:21:53 +01:00
|
|
|
/**
|
|
|
|
* Checks if the access token is valid or not
|
|
|
|
* @param $headersOnly Limit Access Token to Authorization header only
|
|
|
|
* @return bool
|
|
|
|
*/
|
|
|
|
public function isValidRequest($headersOnly = true, $accessToken = null)
|
|
|
|
{
|
|
|
|
$accessTokenString = ($accessToken !== null) ? $accessToken : $this->determineAccessToken($headersOnly, $accessToken);
|
|
|
|
|
|
|
|
// Set the access token
|
|
|
|
$this->accessToken = $this->storages['access_token']->get($accessTokenString);
|
|
|
|
return ($this->accessToken instanceof AccessTokenEntity);
|
|
|
|
}
|
|
|
|
|
2013-01-04 17:21:24 -05:00
|
|
|
/**
|
2013-12-16 23:47:03 +00:00
|
|
|
* Reads in the access token from the headers
|
2013-05-27 21:27:30 -07:00
|
|
|
* @param $headersOnly Limit Access Token to Authorization header only
|
2013-02-12 20:33:23 +00:00
|
|
|
* @throws Exception\MissingAccessTokenException Thrown if there is no access token presented
|
2013-01-04 17:21:24 -05:00
|
|
|
* @return string
|
|
|
|
*/
|
2013-06-05 23:59:29 -04:00
|
|
|
public function determineAccessToken($headersOnly = false)
|
2012-12-28 15:12:16 -05:00
|
|
|
{
|
2013-12-16 23:47:03 +00:00
|
|
|
if ($header = $this->getRequest()->headers->get('Authorization')) {
|
2014-05-01 14:46:35 +01:00
|
|
|
$accessToken = trim(preg_replace('/^(?:\s+)?Bearer\s/', '', $header));
|
2013-05-10 12:57:06 -07:00
|
|
|
$accessToken = ($accessToken === 'Bearer') ? '' : $accessToken;
|
2013-05-27 21:27:30 -07:00
|
|
|
} elseif ($headersOnly === false) {
|
2014-05-02 17:21:53 +01:00
|
|
|
$accessToken = ($this->getRequest()->server->get('REQUEST_METHOD') === 'GET') ?
|
|
|
|
$this->getRequest()->query->get($this->tokenKey) :
|
|
|
|
$this->getRequest()->request->get($this->tokenKey);
|
2012-12-28 15:12:16 -05:00
|
|
|
}
|
|
|
|
|
2013-05-05 18:05:46 +01:00
|
|
|
if (empty($accessToken)) {
|
2014-05-01 14:32:54 +01:00
|
|
|
throw new Exception\InvalidRequestException('access token');
|
2012-12-28 15:12:16 -05:00
|
|
|
}
|
|
|
|
|
2013-05-05 18:05:46 +01:00
|
|
|
return $accessToken;
|
2012-12-28 15:12:16 -05:00
|
|
|
}
|
|
|
|
}
|