2012-12-29 01:42:16 +05:30
|
|
|
<?php
|
2013-02-13 02:03:23 +05:30
|
|
|
/**
|
|
|
|
* OAuth 2.0 Resource Server
|
|
|
|
*
|
2013-05-08 23:59:24 +05:30
|
|
|
* @package php-loep/oauth2-server
|
2013-02-13 02:03:23 +05:30
|
|
|
* @author Alex Bilbie <hello@alexbilbie.com>
|
2013-05-08 23:59:24 +05:30
|
|
|
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages
|
2013-02-13 02:03:23 +05:30
|
|
|
* @license http://mit-license.org/
|
2013-05-09 00:00:53 +05:30
|
|
|
* @link http://github.com/php-loep/oauth2-server
|
2013-02-13 02:03:23 +05:30
|
|
|
*/
|
2012-12-29 01:42:16 +05:30
|
|
|
|
2013-05-09 00:12:23 +05:30
|
|
|
namespace League\OAuth2\Server;
|
2012-12-29 01:42:16 +05:30
|
|
|
|
|
|
|
use OutOfBoundsException;
|
2013-05-09 00:12:23 +05:30
|
|
|
use League\OAuth2\Server\Storage\SessionInterface;
|
|
|
|
use League\OAuth2\Server\Util\RequestInterface;
|
|
|
|
use League\OAuth2\Server\Util\Request;
|
2012-12-29 01:42:16 +05:30
|
|
|
|
2013-02-13 02:03:23 +05:30
|
|
|
/**
|
|
|
|
* OAuth 2.0 Resource Server
|
|
|
|
*/
|
2013-05-09 00:12:23 +05:30
|
|
|
class Resource
|
2012-12-29 01:42:16 +05:30
|
|
|
{
|
2013-02-13 02:03:23 +05:30
|
|
|
/**
|
|
|
|
* The access token
|
|
|
|
* @var string
|
|
|
|
*/
|
2012-12-29 01:42:16 +05:30
|
|
|
protected $accessToken = null;
|
|
|
|
|
2013-02-13 02:03:23 +05:30
|
|
|
/**
|
|
|
|
* The session ID
|
|
|
|
* @var string
|
|
|
|
*/
|
2012-12-29 01:42:16 +05:30
|
|
|
protected $sessionId = null;
|
|
|
|
|
2013-02-13 02:03:23 +05:30
|
|
|
/**
|
|
|
|
* The type of the owner of the access token
|
|
|
|
* @var string
|
|
|
|
*/
|
2012-12-29 01:42:16 +05:30
|
|
|
protected $ownerType = null;
|
|
|
|
|
2013-02-13 02:03:23 +05:30
|
|
|
/**
|
|
|
|
* The ID of the owner of the access token
|
|
|
|
* @var string
|
|
|
|
*/
|
2012-12-29 01:42:16 +05:30
|
|
|
protected $ownerId = null;
|
|
|
|
|
2013-02-13 02:03:23 +05:30
|
|
|
/**
|
|
|
|
* The scopes associated with the access token
|
|
|
|
* @var array
|
|
|
|
*/
|
2012-12-29 01:42:16 +05:30
|
|
|
protected $sessionScopes = array();
|
|
|
|
|
2013-02-13 02:03:23 +05:30
|
|
|
/**
|
|
|
|
* The client, scope and session storage classes
|
|
|
|
* @var array
|
|
|
|
*/
|
2012-12-29 01:42:16 +05:30
|
|
|
protected $storages = array();
|
|
|
|
|
2013-02-13 02:03:23 +05:30
|
|
|
/**
|
|
|
|
* The request object
|
|
|
|
* @var Util\RequestInterface
|
|
|
|
*/
|
2012-12-29 01:42:16 +05:30
|
|
|
protected $request = null;
|
|
|
|
|
2013-02-13 02:03:23 +05:30
|
|
|
/**
|
2013-02-13 22:40:44 +05:30
|
|
|
* The query string key which is used by clients to present the access token (default: access_token)
|
2013-02-13 02:03:23 +05:30
|
|
|
* @var string
|
|
|
|
*/
|
2013-02-13 22:40:44 +05:30
|
|
|
protected $tokenKey = 'access_token';
|
2012-12-29 01:42:16 +05:30
|
|
|
|
2013-05-09 02:29:17 +05:30
|
|
|
/**
|
|
|
|
* The client ID
|
|
|
|
* @var string
|
|
|
|
*/
|
|
|
|
protected $clientId = null;
|
|
|
|
|
2012-12-29 01:42:16 +05:30
|
|
|
/**
|
|
|
|
* Sets up the Resource
|
|
|
|
*
|
2013-02-13 02:03:23 +05:30
|
|
|
* @param SessionInterface The Session Storage Object
|
2012-12-29 01:42:16 +05:30
|
|
|
*/
|
2013-02-05 21:50:45 +05:30
|
|
|
public function __construct(SessionInterface $session)
|
2012-12-29 01:42:16 +05:30
|
|
|
{
|
|
|
|
$this->storages['session'] = $session;
|
2013-01-05 03:51:24 +05:30
|
|
|
}
|
2012-12-29 01:42:16 +05:30
|
|
|
|
2013-01-05 03:51:24 +05:30
|
|
|
/**
|
|
|
|
* Sets the Request Object
|
|
|
|
*
|
|
|
|
* @param RequestInterface The Request Object
|
|
|
|
*/
|
|
|
|
public function setRequest(RequestInterface $request)
|
|
|
|
{
|
2012-12-29 01:42:16 +05:30
|
|
|
$this->request = $request;
|
|
|
|
}
|
|
|
|
|
2013-01-05 03:51:24 +05:30
|
|
|
/**
|
|
|
|
* Gets the Request object. It will create one from the globals if one is not set.
|
|
|
|
*
|
2013-02-13 02:03:23 +05:30
|
|
|
* @return Util\RequestInterface
|
2013-01-05 03:51:24 +05:30
|
|
|
*/
|
|
|
|
public function getRequest()
|
|
|
|
{
|
|
|
|
if ($this->request === null) {
|
2013-02-05 21:50:45 +05:30
|
|
|
// @codeCoverageIgnoreStart
|
2013-01-05 03:51:24 +05:30
|
|
|
$this->request = Request::buildFromGlobals();
|
|
|
|
}
|
2013-02-05 21:50:45 +05:30
|
|
|
// @codeCoverageIgnoreEnd
|
2013-01-05 03:51:24 +05:30
|
|
|
|
|
|
|
return $this->request;
|
|
|
|
}
|
|
|
|
|
2013-02-13 02:03:23 +05:30
|
|
|
/**
|
|
|
|
* Returns the query string key for the access token.
|
|
|
|
*
|
|
|
|
* @return string
|
|
|
|
*/
|
2013-02-05 21:50:45 +05:30
|
|
|
public function getTokenKey()
|
|
|
|
{
|
|
|
|
return $this->tokenKey;
|
|
|
|
}
|
|
|
|
|
2013-02-13 02:03:23 +05:30
|
|
|
/**
|
|
|
|
* Sets the query string key for the access token.
|
|
|
|
*
|
|
|
|
* @param $key The new query string key
|
|
|
|
*/
|
2013-02-05 21:50:45 +05:30
|
|
|
public function setTokenKey($key)
|
|
|
|
{
|
|
|
|
$this->tokenKey = $key;
|
|
|
|
}
|
|
|
|
|
2013-01-18 01:49:01 +05:30
|
|
|
/**
|
2013-02-13 02:03:23 +05:30
|
|
|
* Gets the access token owner ID.
|
2013-01-18 01:49:01 +05:30
|
|
|
*
|
2013-02-13 02:03:23 +05:30
|
|
|
* @return string
|
2013-01-18 01:49:01 +05:30
|
|
|
*/
|
|
|
|
public function getOwnerId()
|
|
|
|
{
|
|
|
|
return $this->ownerId;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2013-02-13 02:03:23 +05:30
|
|
|
* Gets the owner type.
|
2013-01-18 01:49:01 +05:30
|
|
|
*
|
2013-02-13 02:03:23 +05:30
|
|
|
* @return string
|
2013-01-18 01:49:01 +05:30
|
|
|
*/
|
|
|
|
public function getOwnerType()
|
|
|
|
{
|
2013-02-05 21:50:45 +05:30
|
|
|
return $this->ownerType;
|
2013-01-18 01:49:01 +05:30
|
|
|
}
|
|
|
|
|
2013-01-22 21:55:51 +05:30
|
|
|
/**
|
2013-02-13 02:03:23 +05:30
|
|
|
* Gets the access token.
|
2013-01-22 21:55:51 +05:30
|
|
|
*
|
2013-02-13 02:03:23 +05:30
|
|
|
* @return string
|
2013-01-22 21:55:51 +05:30
|
|
|
*/
|
|
|
|
public function getAccessToken()
|
|
|
|
{
|
|
|
|
return $this->accessToken;
|
|
|
|
}
|
|
|
|
|
2013-05-09 06:36:18 +05:30
|
|
|
/**
|
|
|
|
* Gets the client ID that created the session
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
public function getClientId()
|
|
|
|
{
|
|
|
|
return $this->clientId;
|
|
|
|
}
|
|
|
|
|
2012-12-29 01:42:16 +05:30
|
|
|
/**
|
2013-02-13 02:03:23 +05:30
|
|
|
* Checks if the access token is valid or not.
|
2012-12-29 01:42:16 +05:30
|
|
|
*
|
2013-02-13 02:03:23 +05:30
|
|
|
* @throws Exception\InvalidAccessTokenException Thrown if the presented access token is not valid
|
2012-12-29 01:42:16 +05:30
|
|
|
* @return bool
|
|
|
|
*/
|
|
|
|
public function isValid()
|
|
|
|
{
|
2013-05-05 22:35:46 +05:30
|
|
|
$accessToken = $this->determineAccessToken();
|
2012-12-29 01:42:16 +05:30
|
|
|
|
2013-05-05 22:35:46 +05:30
|
|
|
$result = $this->storages['session']->validateAccessToken($accessToken);
|
2012-12-29 01:42:16 +05:30
|
|
|
|
|
|
|
if ( ! $result) {
|
2013-02-08 17:15:51 +05:30
|
|
|
throw new Exception\InvalidAccessTokenException('Access token is not valid');
|
2012-12-29 01:42:16 +05:30
|
|
|
}
|
|
|
|
|
2013-05-05 22:35:46 +05:30
|
|
|
$this->accessToken = $accessToken;
|
2013-05-05 22:41:01 +05:30
|
|
|
$this->sessionId = $result['session_id'];
|
|
|
|
$this->clientId = $result['client_id'];
|
2012-12-29 01:42:16 +05:30
|
|
|
$this->ownerType = $result['owner_type'];
|
|
|
|
$this->ownerId = $result['owner_id'];
|
|
|
|
|
2013-05-05 22:48:37 +05:30
|
|
|
$sessionScopes = $this->storages['session']->getScopes($this->accessToken);
|
|
|
|
foreach ($sessionScopes as $scope) {
|
2013-05-28 00:03:07 +05:30
|
|
|
$this->sessionScopes[] = $scope['scope'];
|
2013-05-05 22:48:37 +05:30
|
|
|
}
|
2012-12-29 01:42:16 +05:30
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2013-05-05 22:46:28 +05:30
|
|
|
/**
|
|
|
|
* Get the session scopes
|
2013-05-09 02:29:17 +05:30
|
|
|
* @return array
|
2013-05-05 22:46:28 +05:30
|
|
|
*/
|
|
|
|
public function getScopes()
|
|
|
|
{
|
|
|
|
return $this->sessionScopes;
|
|
|
|
}
|
|
|
|
|
2012-12-29 01:42:16 +05:30
|
|
|
/**
|
2013-02-13 02:03:23 +05:30
|
|
|
* Checks if the presented access token has the given scope(s).
|
2012-12-29 01:42:16 +05:30
|
|
|
*
|
2013-02-13 02:03:23 +05:30
|
|
|
* @param array|string An array of scopes or a single scope as a string
|
|
|
|
* @return bool Returns bool if all scopes are found, false if any fail
|
2012-12-29 01:42:16 +05:30
|
|
|
*/
|
|
|
|
public function hasScope($scopes)
|
|
|
|
{
|
|
|
|
if (is_string($scopes)) {
|
|
|
|
if (in_array($scopes, $this->sessionScopes)) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
} elseif (is_array($scopes)) {
|
|
|
|
foreach ($scopes as $scope) {
|
|
|
|
if ( ! in_array($scope, $this->sessionScopes)) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2013-01-05 03:51:24 +05:30
|
|
|
/**
|
2013-02-13 02:03:23 +05:30
|
|
|
* Reads in the access token from the headers.
|
2013-01-05 03:51:24 +05:30
|
|
|
*
|
2013-02-13 02:03:23 +05:30
|
|
|
* @throws Exception\MissingAccessTokenException Thrown if there is no access token presented
|
2013-01-05 03:51:24 +05:30
|
|
|
* @return string
|
|
|
|
*/
|
2012-12-29 01:42:16 +05:30
|
|
|
protected function determineAccessToken()
|
|
|
|
{
|
2013-01-05 03:51:24 +05:30
|
|
|
if ($header = $this->getRequest()->header('Authorization')) {
|
2013-05-10 23:30:01 +05:30
|
|
|
// Check for special case, because cURL sometimes does an
|
|
|
|
// internal second request and doubles the authorization header,
|
|
|
|
// which always resulted in an error.
|
|
|
|
//
|
|
|
|
// 1st request: Authorization: Bearer XXX
|
|
|
|
// 2nd request: Authorization: Bearer XXX, Bearer XXX
|
|
|
|
if (strpos($header, ',') !== false) {
|
2013-05-11 01:27:06 +05:30
|
|
|
$headerPart = explode(',', $header);
|
2013-05-11 11:30:47 +05:30
|
|
|
$accessToken = trim(preg_replace('/^(?:\s+)?Bearer\s/', '', $headerPart[0]));
|
2013-05-10 23:30:01 +05:30
|
|
|
} else {
|
2013-05-11 11:30:47 +05:30
|
|
|
$accessToken = trim(preg_replace('/^(?:\s+)?Bearer\s/', '', $header));
|
2013-05-10 23:30:01 +05:30
|
|
|
}
|
2013-05-11 01:27:06 +05:30
|
|
|
$accessToken = ($accessToken === 'Bearer') ? '' : $accessToken;
|
2012-12-29 01:42:16 +05:30
|
|
|
} else {
|
2013-01-05 03:51:24 +05:30
|
|
|
$method = $this->getRequest()->server('REQUEST_METHOD');
|
2013-05-05 22:35:46 +05:30
|
|
|
$accessToken = $this->getRequest()->{$method}($this->tokenKey);
|
2012-12-29 01:42:16 +05:30
|
|
|
}
|
|
|
|
|
2013-05-05 22:35:46 +05:30
|
|
|
if (empty($accessToken)) {
|
2013-02-08 17:10:33 +05:30
|
|
|
throw new Exception\InvalidAccessTokenException('Access token is missing');
|
2012-12-29 01:42:16 +05:30
|
|
|
}
|
|
|
|
|
2013-05-05 22:35:46 +05:30
|
|
|
return $accessToken;
|
2012-12-29 01:42:16 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
}
|