oauth2-server/src/ResourceServer.php

220 lines
5.9 KiB
PHP
Raw Normal View History

2012-12-29 01:42:16 +05:30
<?php
/**
* OAuth 2.0 Resource Server
*
2014-01-08 21:45:29 +05:30
* @package league/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com>
2014-03-10 01:04:23 +05:30
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
2014-03-10 01:35:38 +05:30
* @link https://github.com/thephpleague/oauth2-server
*/
2012-12-29 01:42:16 +05:30
namespace League\OAuth2\Server;
2012-12-29 01:42:16 +05:30
2013-12-17 05:17:03 +05:30
use League\OAuth2\Server\Storage\ClientInterface;
2014-01-10 23:00:12 +05:30
use League\OAuth2\Server\Storage\AccessTokenInterface;
use League\OAuth2\Server\Storage\SessionInterface;
use League\OAuth2\Server\Storage\ScopeInterface;
2014-05-02 21:51:53 +05:30
use League\OAuth2\Server\Entity\AccessTokenEntity;
use League\OAuth2\Server\TokenType\Bearer;
use League\OAuth2\Server\Exception;
2013-12-17 05:17:03 +05:30
use Symfony\Component\HttpFoundation\Request;
2012-12-29 01:42:16 +05:30
/**
* OAuth 2.0 Resource Server
*/
2014-02-24 20:13:26 +05:30
class ResourceServer extends AbstractServer
2012-12-29 01:42:16 +05:30
{
/**
* The access token
2013-12-17 05:17:03 +05:30
* @var League\OAuth2\Server\AccessToken
*/
protected $accessToken;
2012-12-29 01:42:16 +05:30
/**
2013-12-17 05:17:03 +05:30
* The query string key which is used by clients to present the access token (default: access_token)
* @var string
*/
2013-12-17 05:17:03 +05:30
protected $tokenKey = 'access_token';
2012-12-29 01:42:16 +05:30
/**
2013-12-17 05:17:03 +05:30
* Initialise the resource server
2014-05-03 15:23:57 +05:30
* @param SessionInterface $sessionStorage
* @param AccessTokenInteface $accessTokenStorage
* @param ClientInterface $clientStorage
* @param ScopeInterface $scopeStorage
2013-12-17 05:17:03 +05:30
* @return self
2012-12-29 01:42:16 +05:30
*/
2013-12-17 05:17:03 +05:30
public function __construct(
SessionInterface $sessionStorage,
2014-01-10 23:00:12 +05:30
AccessTokenInterface $accessTokenStorage,
ClientInterface $clientStorage,
ScopeInterface $scopeStorage
2013-12-17 05:17:03 +05:30
) {
2014-02-24 22:20:19 +05:30
$sessionStorage->setServer($this);
2014-01-10 23:00:12 +05:30
$this->setStorage('session', $sessionStorage);
2014-02-24 22:20:19 +05:30
$accessTokenStorage->setServer($this);
2014-01-10 23:00:12 +05:30
$this->setStorage('access_token', $accessTokenStorage);
2014-02-24 22:20:19 +05:30
$clientStorage->setServer($this);
2014-01-10 23:00:12 +05:30
$this->setStorage('client', $clientStorage);
2014-02-24 22:20:19 +05:30
$scopeStorage->setServer($this);
2014-01-10 23:00:12 +05:30
$this->setStorage('scope', $scopeStorage);
// Set Bearer as the default token type
$this->setTokenType(new Bearer);
parent::__construct();
2013-12-17 05:17:03 +05:30
return $this;
}
2012-12-29 01:42:16 +05:30
/**
2014-01-10 23:00:12 +05:30
* Set the storage
2014-05-03 15:23:57 +05:30
* @param string $type Storage type
* @param mixed $storage Storage class
2013-12-17 05:17:03 +05:30
* @return self
*/
2014-01-10 23:00:12 +05:30
protected function setStorage($type, $storage)
{
2014-01-10 23:00:12 +05:30
$storage->setServer($this);
$this->storages[$type] = $storage;
2014-05-03 15:23:57 +05:30
2013-11-26 05:28:42 +05:30
return $this;
2012-12-29 01:42:16 +05:30
}
/**
* Returns the query string key for the access token.
* @return string
*/
2013-02-05 21:50:45 +05:30
public function getTokenKey()
{
2014-01-16 22:20:16 +05:30
return $this->tokenKey;
2013-02-05 21:50:45 +05:30
}
/**
* Sets the query string key for the access token.
* @param $key The new query string key
2013-12-17 05:17:03 +05:30
* @return self
*/
2013-02-05 21:50:45 +05:30
public function setTokenKey($key)
{
$this->tokenKey = $key;
2014-05-03 15:23:57 +05:30
2013-11-26 05:28:42 +05:30
return $this;
2013-02-05 21:50:45 +05:30
}
/**
2013-12-17 05:17:03 +05:30
* Gets the access token owner ID
* @return string
*/
public function getOwnerId()
{
2014-01-10 23:00:12 +05:30
return $this->accessToken->getSession()->getOwnerId();
}
/**
2013-12-17 05:17:03 +05:30
* Gets the owner type
* @return string
*/
public function getOwnerType()
{
2014-01-10 23:00:12 +05:30
return $this->accessToken->getSession()->getOwnerType();
}
/**
2013-12-17 05:17:03 +05:30
* Gets the access token
* @return string
*/
public function getAccessToken()
{
2014-01-10 23:00:12 +05:30
return $this->accessToken->getToken();
}
2013-05-09 06:36:18 +05:30
/**
* Gets the client ID that created the session
* @return string
*/
public function getClientId()
{
2014-01-10 23:00:12 +05:30
return $this->accessToken->getSession()->getClient()->getId();
2013-05-09 06:36:18 +05:30
}
2013-05-05 22:46:28 +05:30
/**
* Get the session scopes
* @return array
2013-05-05 22:46:28 +05:30
*/
public function getScopes()
{
2013-12-17 05:17:03 +05:30
return $this->accessToken->getScopes();
2013-05-05 22:46:28 +05:30
}
2012-12-29 01:42:16 +05:30
/**
2013-12-17 05:17:03 +05:30
* Checks if the presented access token has the given scope(s)
2014-05-03 15:23:57 +05:30
* @param array|string $scopes An array of scopes or a single scope as a string
* @return bool Returns bool if all scopes are found, false if any fail
2012-12-29 01:42:16 +05:30
*/
public function hasScope($scopes)
{
2014-01-16 22:20:16 +05:30
if (is_string($scopes)) {
return $this->accessToken->hasScope($scopes);
}
if (is_array($scopes)) {
foreach ($scopes as $scope) {
if (!$this->accessToken->hasScope($scope)) {
return false;
}
}
}
2014-05-03 15:23:57 +05:30
2014-01-16 22:20:16 +05:30
return true;
2012-12-29 01:42:16 +05:30
}
2014-05-02 21:51:53 +05:30
/**
* Checks if the access token is valid or not
* @param $headersOnly Limit Access Token to Authorization header only
* @return bool
*/
public function isValidRequest($headersOnly = true, $accessToken = null)
{
2014-05-03 15:38:33 +05:30
$accessTokenString = ($accessToken !== null)
? $accessToken
: $this->determineAccessToken($headersOnly, $accessToken);
2014-05-02 21:51:53 +05:30
// Set the access token
$this->accessToken = $this->storages['access_token']->get($accessTokenString);
2014-05-03 15:23:57 +05:30
if (!$this->accessToken instanceof AccessTokenEntity) {
throw new Exception\AccessDeniedException;
}
return true;
2014-05-02 21:51:53 +05:30
}
/**
2013-12-17 05:17:03 +05:30
* Reads in the access token from the headers
* @param $headersOnly Limit Access Token to Authorization header only
2014-05-03 15:23:57 +05:30
* @throws Exception\MissingAccessTokenException Thrown if there is no access token presented
* @return string
*/
public function determineAccessToken($headersOnly = false)
2012-12-29 01:42:16 +05:30
{
if ($this->getRequest()->headers->get('Authorization') !== null) {
$accessToken = $this->getTokenType()->determineAccessTokenInHeader($this->getRequest());
} elseif ($headersOnly === false) {
$accessToken = ($this->getRequest()->server->get('REQUEST_METHOD') === 'GET')
? $this->getRequest()->query->get($this->tokenKey)
: $this->getRequest()->request->get($this->tokenKey);
2012-12-29 01:42:16 +05:30
}
if (empty($accessToken)) {
2014-05-01 19:02:54 +05:30
throw new Exception\InvalidRequestException('access token');
2012-12-29 01:42:16 +05:30
}
return $accessToken;
2012-12-29 01:42:16 +05:30
}
}