2013-12-02 18:42:54 +00:00
|
|
|
<?php
|
|
|
|
|
/**
|
2016-02-19 18:09:39 -05:00
|
|
|
* OAuth 2.0 Abstract grant.
|
2013-12-02 18:42:54 +00:00
|
|
|
*
|
|
|
|
|
* @author Alex Bilbie <hello@alexbilbie.com>
|
2014-03-09 19:34:23 +00:00
|
|
|
* @copyright Copyright (c) Alex Bilbie
|
2013-12-02 18:42:54 +00:00
|
|
|
* @license http://mit-license.org/
|
2016-02-19 18:09:39 -05:00
|
|
|
*
|
2014-03-09 20:05:38 +00:00
|
|
|
* @link https://github.com/thephpleague/oauth2-server
|
2013-12-02 18:42:54 +00:00
|
|
|
*/
|
|
|
|
|
namespace League\OAuth2\Server\Grant;
|
|
|
|
|
|
2016-01-20 10:36:16 +01:00
|
|
|
use League\Event\EmitterAwareTrait;
|
2017-07-01 18:08:49 +01:00
|
|
|
use League\OAuth2\Server\CryptKey;
|
2016-03-17 14:37:21 +00:00
|
|
|
use League\OAuth2\Server\CryptTrait;
|
2016-04-09 15:25:45 +01:00
|
|
|
use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
|
2016-07-09 01:00:44 +02:00
|
|
|
use League\OAuth2\Server\Entities\AuthCodeEntityInterface;
|
2016-04-09 15:25:45 +01:00
|
|
|
use League\OAuth2\Server\Entities\ClientEntityInterface;
|
2016-07-09 01:00:44 +02:00
|
|
|
use League\OAuth2\Server\Entities\RefreshTokenEntityInterface;
|
2016-04-09 15:25:45 +01:00
|
|
|
use League\OAuth2\Server\Entities\ScopeEntityInterface;
|
2015-11-13 17:41:05 +00:00
|
|
|
use League\OAuth2\Server\Exception\OAuthServerException;
|
2016-06-20 20:18:53 +12:00
|
|
|
use League\OAuth2\Server\Exception\UniqueTokenIdentifierConstraintViolationException;
|
2015-04-05 17:01:19 +01:00
|
|
|
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
|
2016-02-18 12:07:23 +00:00
|
|
|
use League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface;
|
2015-04-05 17:01:19 +01:00
|
|
|
use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
|
2016-02-18 12:07:23 +00:00
|
|
|
use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
|
2015-04-05 17:01:19 +01:00
|
|
|
use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
|
2016-03-15 20:54:59 +01:00
|
|
|
use League\OAuth2\Server\Repositories\UserRepositoryInterface;
|
2016-03-23 12:54:17 +00:00
|
|
|
use League\OAuth2\Server\RequestEvent;
|
2016-04-10 10:07:08 +01:00
|
|
|
use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
|
2015-10-14 09:51:53 +01:00
|
|
|
use Psr\Http\Message\ServerRequestInterface;
|
2013-12-05 20:25:50 +00:00
|
|
|
|
2014-01-08 16:15:29 +00:00
|
|
|
/**
|
2016-02-19 18:09:39 -05:00
|
|
|
* Abstract grant class.
|
2014-01-08 16:15:29 +00:00
|
|
|
*/
|
|
|
|
|
abstract class AbstractGrant implements GrantTypeInterface
|
|
|
|
|
{
|
2016-03-17 14:37:21 +00:00
|
|
|
use EmitterAwareTrait, CryptTrait;
|
2016-01-20 10:36:16 +01:00
|
|
|
|
2016-01-17 13:49:53 +00:00
|
|
|
const SCOPE_DELIMITER_STRING = ' ';
|
|
|
|
|
|
2016-06-20 20:18:53 +12:00
|
|
|
const MAX_RANDOM_TOKEN_GENERATION_ATTEMPTS = 10;
|
|
|
|
|
|
2014-01-08 16:15:29 +00:00
|
|
|
/**
|
2015-04-05 17:01:19 +01:00
|
|
|
* @var ClientRepositoryInterface
|
2014-01-08 16:15:29 +00:00
|
|
|
*/
|
2015-04-05 17:01:19 +01:00
|
|
|
protected $clientRepository;
|
2013-12-05 20:25:50 +00:00
|
|
|
|
2013-12-02 18:42:54 +00:00
|
|
|
/**
|
2015-04-05 17:01:19 +01:00
|
|
|
* @var AccessTokenRepositoryInterface
|
2013-12-02 18:42:54 +00:00
|
|
|
*/
|
2015-04-05 17:01:19 +01:00
|
|
|
protected $accessTokenRepository;
|
2013-12-02 18:42:54 +00:00
|
|
|
|
|
|
|
|
/**
|
2015-04-05 17:01:19 +01:00
|
|
|
* @var ScopeRepositoryInterface
|
2013-12-02 18:42:54 +00:00
|
|
|
*/
|
2015-04-05 17:01:19 +01:00
|
|
|
protected $scopeRepository;
|
2013-12-02 18:42:54 +00:00
|
|
|
|
2016-02-18 12:07:23 +00:00
|
|
|
/**
|
2016-07-09 01:00:44 +02:00
|
|
|
* @var AuthCodeRepositoryInterface
|
2016-02-18 12:07:23 +00:00
|
|
|
*/
|
2016-03-15 20:54:59 +01:00
|
|
|
protected $authCodeRepository;
|
2016-02-18 12:07:23 +00:00
|
|
|
|
|
|
|
|
/**
|
2016-07-09 01:00:44 +02:00
|
|
|
* @var RefreshTokenRepositoryInterface
|
2016-02-18 12:07:23 +00:00
|
|
|
*/
|
2016-03-15 20:54:59 +01:00
|
|
|
protected $refreshTokenRepository;
|
|
|
|
|
|
|
|
|
|
/**
|
2016-07-09 01:00:44 +02:00
|
|
|
* @var UserRepositoryInterface
|
2016-03-15 20:54:59 +01:00
|
|
|
*/
|
|
|
|
|
protected $userRepository;
|
2016-02-18 12:07:23 +00:00
|
|
|
|
2016-01-21 18:11:53 +01:00
|
|
|
/**
|
|
|
|
|
* @var \DateInterval
|
|
|
|
|
*/
|
|
|
|
|
protected $refreshTokenTTL;
|
|
|
|
|
|
2017-07-01 18:08:49 +01:00
|
|
|
/**
|
|
|
|
|
* @var \League\OAuth2\Server\CryptKey
|
|
|
|
|
*/
|
|
|
|
|
protected $privateKey;
|
|
|
|
|
|
2014-09-11 13:39:50 +01:00
|
|
|
/**
|
2016-01-17 13:47:44 +00:00
|
|
|
* @param ClientRepositoryInterface $clientRepository
|
2014-09-11 13:39:50 +01:00
|
|
|
*/
|
2016-01-17 13:47:44 +00:00
|
|
|
public function setClientRepository(ClientRepositoryInterface $clientRepository)
|
|
|
|
|
{
|
2015-04-05 17:01:19 +01:00
|
|
|
$this->clientRepository = $clientRepository;
|
2016-01-17 13:47:44 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @param AccessTokenRepositoryInterface $accessTokenRepository
|
|
|
|
|
*/
|
|
|
|
|
public function setAccessTokenRepository(AccessTokenRepositoryInterface $accessTokenRepository)
|
|
|
|
|
{
|
2015-04-05 17:01:19 +01:00
|
|
|
$this->accessTokenRepository = $accessTokenRepository;
|
2014-09-11 13:39:50 +01:00
|
|
|
}
|
|
|
|
|
|
2013-12-02 18:42:54 +00:00
|
|
|
/**
|
2016-01-17 13:47:44 +00:00
|
|
|
* @param ScopeRepositoryInterface $scopeRepository
|
2013-12-02 18:42:54 +00:00
|
|
|
*/
|
2016-01-17 13:47:44 +00:00
|
|
|
public function setScopeRepository(ScopeRepositoryInterface $scopeRepository)
|
2013-12-02 18:42:54 +00:00
|
|
|
{
|
2016-01-17 13:47:44 +00:00
|
|
|
$this->scopeRepository = $scopeRepository;
|
2013-12-02 18:42:54 +00:00
|
|
|
}
|
|
|
|
|
|
2016-02-18 12:07:23 +00:00
|
|
|
/**
|
2016-07-09 01:00:44 +02:00
|
|
|
* @param RefreshTokenRepositoryInterface $refreshTokenRepository
|
2016-02-18 12:07:23 +00:00
|
|
|
*/
|
|
|
|
|
public function setRefreshTokenRepository(RefreshTokenRepositoryInterface $refreshTokenRepository)
|
|
|
|
|
{
|
|
|
|
|
$this->refreshTokenRepository = $refreshTokenRepository;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2016-07-09 01:00:44 +02:00
|
|
|
* @param AuthCodeRepositoryInterface $authCodeRepository
|
2016-02-18 12:07:23 +00:00
|
|
|
*/
|
|
|
|
|
public function setAuthCodeRepository(AuthCodeRepositoryInterface $authCodeRepository)
|
|
|
|
|
{
|
|
|
|
|
$this->authCodeRepository = $authCodeRepository;
|
|
|
|
|
}
|
|
|
|
|
|
2016-03-15 20:54:59 +01:00
|
|
|
/**
|
2016-07-09 01:00:44 +02:00
|
|
|
* @param UserRepositoryInterface $userRepository
|
2016-03-15 20:54:59 +01:00
|
|
|
*/
|
|
|
|
|
public function setUserRepository(UserRepositoryInterface $userRepository)
|
|
|
|
|
{
|
|
|
|
|
$this->userRepository = $userRepository;
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-21 18:11:53 +01:00
|
|
|
/**
|
2016-02-19 18:09:39 -05:00
|
|
|
* {@inheritdoc}
|
2016-01-21 18:11:53 +01:00
|
|
|
*/
|
|
|
|
|
public function setRefreshTokenTTL(\DateInterval $refreshTokenTTL)
|
|
|
|
|
{
|
|
|
|
|
$this->refreshTokenTTL = $refreshTokenTTL;
|
|
|
|
|
}
|
|
|
|
|
|
2017-07-01 18:08:49 +01:00
|
|
|
/**
|
|
|
|
|
* Set the private key
|
|
|
|
|
*
|
|
|
|
|
* @param \League\OAuth2\Server\CryptKey $key
|
|
|
|
|
*/
|
|
|
|
|
public function setPrivateKey(CryptKey $key)
|
|
|
|
|
{
|
|
|
|
|
$this->privateKey = $key;
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-17 00:41:55 +01:00
|
|
|
/**
|
2016-02-19 18:09:39 -05:00
|
|
|
* Validate the client.
|
2016-02-12 09:03:35 +00:00
|
|
|
*
|
2016-07-09 01:00:44 +02:00
|
|
|
* @param ServerRequestInterface $request
|
2016-01-17 00:41:55 +01:00
|
|
|
*
|
2016-07-09 01:00:44 +02:00
|
|
|
* @throws OAuthServerException
|
2016-02-19 18:09:39 -05:00
|
|
|
*
|
2016-07-09 01:00:44 +02:00
|
|
|
* @return ClientEntityInterface
|
2016-01-17 00:41:55 +01:00
|
|
|
*/
|
2016-02-18 10:49:05 +00:00
|
|
|
protected function validateClient(ServerRequestInterface $request)
|
|
|
|
|
{
|
2016-06-21 21:08:38 -05:00
|
|
|
list($basicAuthUser, $basicAuthPassword) = $this->getBasicAuthCredentials($request);
|
|
|
|
|
|
|
|
|
|
$clientId = $this->getRequestParameter('client_id', $request, $basicAuthUser);
|
2016-01-17 00:41:55 +01:00
|
|
|
if (is_null($clientId)) {
|
2016-04-11 15:59:47 +02:00
|
|
|
throw OAuthServerException::invalidRequest('client_id');
|
2016-01-17 00:41:55 +01:00
|
|
|
}
|
|
|
|
|
|
2016-02-18 10:49:05 +00:00
|
|
|
// If the client is confidential require the client secret
|
2016-06-21 21:08:38 -05:00
|
|
|
$clientSecret = $this->getRequestParameter('client_secret', $request, $basicAuthPassword);
|
2016-01-17 00:41:55 +01:00
|
|
|
|
2016-03-22 16:29:04 +00:00
|
|
|
$client = $this->clientRepository->getClientEntity(
|
|
|
|
|
$clientId,
|
|
|
|
|
$this->getIdentifier(),
|
2016-04-18 08:32:49 +01:00
|
|
|
$clientSecret,
|
|
|
|
|
true
|
2016-03-22 16:29:04 +00:00
|
|
|
);
|
2016-02-12 09:03:35 +00:00
|
|
|
|
2016-07-09 12:09:21 +02:00
|
|
|
if ($client instanceof ClientEntityInterface === false) {
|
2016-05-04 08:55:57 +01:00
|
|
|
$this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
|
2016-02-18 10:49:05 +00:00
|
|
|
throw OAuthServerException::invalidClient();
|
|
|
|
|
}
|
2016-01-17 00:41:55 +01:00
|
|
|
|
2016-02-18 10:49:05 +00:00
|
|
|
// If a redirect URI is provided ensure it matches what is pre-registered
|
|
|
|
|
$redirectUri = $this->getRequestParameter('redirect_uri', $request, null);
|
2016-04-09 13:36:08 +01:00
|
|
|
if ($redirectUri !== null) {
|
|
|
|
|
if (
|
|
|
|
|
is_string($client->getRedirectUri())
|
|
|
|
|
&& (strcmp($client->getRedirectUri(), $redirectUri) !== 0)
|
|
|
|
|
) {
|
2016-05-04 08:55:57 +01:00
|
|
|
$this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
|
2016-04-09 13:36:08 +01:00
|
|
|
throw OAuthServerException::invalidClient();
|
|
|
|
|
} elseif (
|
|
|
|
|
is_array($client->getRedirectUri())
|
|
|
|
|
&& in_array($redirectUri, $client->getRedirectUri()) === false
|
|
|
|
|
) {
|
2016-05-04 08:55:57 +01:00
|
|
|
$this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
|
2016-04-09 13:36:08 +01:00
|
|
|
throw OAuthServerException::invalidClient();
|
|
|
|
|
}
|
2016-01-17 00:41:55 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $client;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2016-02-19 18:09:39 -05:00
|
|
|
* Validate scopes in the request.
|
2016-02-12 09:02:33 +00:00
|
|
|
*
|
2016-04-10 08:53:54 -04:00
|
|
|
* @param string $scopes
|
|
|
|
|
* @param string $redirectUri
|
2014-12-10 13:10:35 +00:00
|
|
|
*
|
2016-07-09 01:00:44 +02:00
|
|
|
* @throws OAuthServerException
|
2016-02-19 18:09:39 -05:00
|
|
|
*
|
2016-07-09 01:00:44 +02:00
|
|
|
* @return ScopeEntityInterface[]
|
2014-01-08 16:15:29 +00:00
|
|
|
*/
|
2015-04-05 17:01:19 +01:00
|
|
|
public function validateScopes(
|
2016-03-14 00:12:14 +01:00
|
|
|
$scopes,
|
2015-04-05 17:01:19 +01:00
|
|
|
$redirectUri = null
|
|
|
|
|
) {
|
2015-10-14 09:51:53 +01:00
|
|
|
$scopesList = array_filter(
|
2016-03-14 00:12:14 +01:00
|
|
|
explode(self::SCOPE_DELIMITER_STRING, trim($scopes)),
|
2015-10-14 09:51:53 +01:00
|
|
|
function ($scope) {
|
|
|
|
|
return !empty($scope);
|
2014-05-03 11:08:33 +01:00
|
|
|
}
|
2015-10-14 09:51:53 +01:00
|
|
|
);
|
2013-12-24 17:01:56 +00:00
|
|
|
|
|
|
|
|
$scopes = [];
|
|
|
|
|
foreach ($scopesList as $scopeItem) {
|
2016-03-24 10:04:15 +00:00
|
|
|
$scope = $this->scopeRepository->getScopeEntityByIdentifier($scopeItem);
|
2013-12-24 17:01:56 +00:00
|
|
|
|
2016-07-09 12:09:21 +02:00
|
|
|
if ($scope instanceof ScopeEntityInterface === false) {
|
2016-02-21 16:40:01 +00:00
|
|
|
throw OAuthServerException::invalidScope($scopeItem, $redirectUri);
|
2013-12-24 17:01:56 +00:00
|
|
|
}
|
|
|
|
|
|
2015-04-05 17:01:19 +01:00
|
|
|
$scopes[] = $scope;
|
2014-01-10 12:30:13 +00:00
|
|
|
}
|
2014-05-03 10:53:43 +01:00
|
|
|
|
2014-01-10 12:30:13 +00:00
|
|
|
return $scopes;
|
|
|
|
|
}
|
2015-10-14 09:51:53 +01:00
|
|
|
|
|
|
|
|
/**
|
2016-01-17 14:35:43 +01:00
|
|
|
* Retrieve request parameter.
|
|
|
|
|
*
|
2016-07-09 01:00:44 +02:00
|
|
|
* @param string $parameter
|
|
|
|
|
* @param ServerRequestInterface $request
|
|
|
|
|
* @param mixed $default
|
2016-01-17 14:35:43 +01:00
|
|
|
*
|
|
|
|
|
* @return null|string
|
2015-10-14 09:51:53 +01:00
|
|
|
*/
|
2016-01-17 14:35:43 +01:00
|
|
|
protected function getRequestParameter($parameter, ServerRequestInterface $request, $default = null)
|
2015-10-14 09:51:53 +01:00
|
|
|
{
|
2016-02-12 17:10:52 +01:00
|
|
|
$requestParameters = (array) $request->getParsedBody();
|
2016-03-08 21:59:10 +01:00
|
|
|
|
2016-02-12 17:10:52 +01:00
|
|
|
return isset($requestParameters[$parameter]) ? $requestParameters[$parameter] : $default;
|
2016-01-17 14:35:43 +01:00
|
|
|
}
|
|
|
|
|
|
2016-06-21 21:08:38 -05:00
|
|
|
/**
|
|
|
|
|
* Retrieve HTTP Basic Auth credentials with the Authorization header
|
|
|
|
|
* of a request. First index of the returned array is the username,
|
|
|
|
|
* second is the password (so list() will work). If the header does
|
|
|
|
|
* not exist, or is otherwise an invalid HTTP Basic header, return
|
|
|
|
|
* [null, null].
|
|
|
|
|
*
|
2016-07-09 01:00:44 +02:00
|
|
|
* @param ServerRequestInterface $request
|
|
|
|
|
*
|
2016-06-21 21:08:38 -05:00
|
|
|
* @return string[]|null[]
|
|
|
|
|
*/
|
|
|
|
|
protected function getBasicAuthCredentials(ServerRequestInterface $request)
|
|
|
|
|
{
|
|
|
|
|
if (!$request->hasHeader('Authorization')) {
|
|
|
|
|
return [null, null];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$header = $request->getHeader('Authorization')[0];
|
|
|
|
|
if (strpos($header, 'Basic ') !== 0) {
|
|
|
|
|
return [null, null];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!($decoded = base64_decode(substr($header, 6)))) {
|
|
|
|
|
return [null, null];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (strpos($decoded, ':') === false) {
|
|
|
|
|
return [null, null]; // HTTP Basic header without colon isn't valid
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return explode(':', $decoded, 2);
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-12 09:02:17 +00:00
|
|
|
/**
|
|
|
|
|
* Retrieve query string parameter.
|
|
|
|
|
*
|
2016-07-09 01:00:44 +02:00
|
|
|
* @param string $parameter
|
|
|
|
|
* @param ServerRequestInterface $request
|
|
|
|
|
* @param mixed $default
|
2016-02-12 09:02:17 +00:00
|
|
|
*
|
|
|
|
|
* @return null|string
|
|
|
|
|
*/
|
|
|
|
|
protected function getQueryStringParameter($parameter, ServerRequestInterface $request, $default = null)
|
|
|
|
|
{
|
2016-02-12 17:10:52 +01:00
|
|
|
return isset($request->getQueryParams()[$parameter]) ? $request->getQueryParams()[$parameter] : $default;
|
2016-02-12 09:02:17 +00:00
|
|
|
}
|
|
|
|
|
|
2016-02-12 09:59:59 +00:00
|
|
|
/**
|
|
|
|
|
* Retrieve cookie parameter.
|
|
|
|
|
*
|
2016-07-09 01:00:44 +02:00
|
|
|
* @param string $parameter
|
|
|
|
|
* @param ServerRequestInterface $request
|
|
|
|
|
* @param mixed $default
|
2016-02-12 09:59:59 +00:00
|
|
|
*
|
|
|
|
|
* @return null|string
|
|
|
|
|
*/
|
|
|
|
|
protected function getCookieParameter($parameter, ServerRequestInterface $request, $default = null)
|
|
|
|
|
{
|
2016-02-12 17:10:52 +01:00
|
|
|
return isset($request->getCookieParams()[$parameter]) ? $request->getCookieParams()[$parameter] : $default;
|
2016-01-17 14:35:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Retrieve server parameter.
|
|
|
|
|
*
|
2016-07-09 01:00:44 +02:00
|
|
|
* @param string $parameter
|
|
|
|
|
* @param ServerRequestInterface $request
|
|
|
|
|
* @param mixed $default
|
2016-01-17 14:35:43 +01:00
|
|
|
*
|
|
|
|
|
* @return null|string
|
|
|
|
|
*/
|
|
|
|
|
protected function getServerParameter($parameter, ServerRequestInterface $request, $default = null)
|
|
|
|
|
{
|
2016-02-12 17:10:52 +01:00
|
|
|
return isset($request->getServerParams()[$parameter]) ? $request->getServerParams()[$parameter] : $default;
|
2015-10-14 09:51:53 +01:00
|
|
|
}
|
2016-01-17 00:41:55 +01:00
|
|
|
|
|
|
|
|
/**
|
2016-02-19 18:09:39 -05:00
|
|
|
* Issue an access token.
|
2016-02-12 09:02:33 +00:00
|
|
|
*
|
2016-07-09 01:00:44 +02:00
|
|
|
* @param \DateInterval $accessTokenTTL
|
|
|
|
|
* @param ClientEntityInterface $client
|
|
|
|
|
* @param string $userIdentifier
|
|
|
|
|
* @param ScopeEntityInterface[] $scopes
|
|
|
|
|
*
|
|
|
|
|
* @throws OAuthServerException
|
|
|
|
|
* @throws UniqueTokenIdentifierConstraintViolationException
|
2016-01-17 00:41:55 +01:00
|
|
|
*
|
2016-07-09 01:00:44 +02:00
|
|
|
* @return AccessTokenEntityInterface
|
2016-01-17 00:41:55 +01:00
|
|
|
*/
|
|
|
|
|
protected function issueAccessToken(
|
2016-03-15 22:25:28 +01:00
|
|
|
\DateInterval $accessTokenTTL,
|
2016-01-17 00:41:55 +01:00
|
|
|
ClientEntityInterface $client,
|
|
|
|
|
$userIdentifier,
|
|
|
|
|
array $scopes = []
|
|
|
|
|
) {
|
2016-06-20 20:18:53 +12:00
|
|
|
$maxGenerationAttempts = self::MAX_RANDOM_TOKEN_GENERATION_ATTEMPTS;
|
|
|
|
|
|
2016-05-04 09:07:50 +01:00
|
|
|
$accessToken = $this->accessTokenRepository->getNewToken($client, $scopes, $userIdentifier);
|
2016-01-17 00:41:55 +01:00
|
|
|
$accessToken->setClient($client);
|
|
|
|
|
$accessToken->setUserIdentifier($userIdentifier);
|
2016-03-25 14:09:26 +01:00
|
|
|
$accessToken->setExpiryDateTime((new \DateTime())->add($accessTokenTTL));
|
2016-01-17 00:41:55 +01:00
|
|
|
|
|
|
|
|
foreach ($scopes as $scope) {
|
|
|
|
|
$accessToken->addScope($scope);
|
|
|
|
|
}
|
|
|
|
|
|
2016-06-20 20:18:53 +12:00
|
|
|
while ($maxGenerationAttempts-- > 0) {
|
|
|
|
|
$accessToken->setIdentifier($this->generateUniqueIdentifier());
|
|
|
|
|
try {
|
|
|
|
|
$this->accessTokenRepository->persistNewAccessToken($accessToken);
|
2016-09-13 14:17:09 +00:00
|
|
|
|
2016-06-20 20:18:53 +12:00
|
|
|
return $accessToken;
|
|
|
|
|
} catch (UniqueTokenIdentifierConstraintViolationException $e) {
|
|
|
|
|
if ($maxGenerationAttempts === 0) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2016-01-17 00:41:55 +01:00
|
|
|
}
|
|
|
|
|
|
2016-02-12 10:00:10 +00:00
|
|
|
/**
|
2016-02-19 18:09:39 -05:00
|
|
|
* Issue an auth code.
|
2016-02-12 10:00:10 +00:00
|
|
|
*
|
2016-07-09 01:00:44 +02:00
|
|
|
* @param \DateInterval $authCodeTTL
|
|
|
|
|
* @param ClientEntityInterface $client
|
|
|
|
|
* @param string $userIdentifier
|
|
|
|
|
* @param string $redirectUri
|
|
|
|
|
* @param ScopeEntityInterface[] $scopes
|
2016-02-12 10:00:10 +00:00
|
|
|
*
|
2016-07-09 01:00:44 +02:00
|
|
|
* @throws OAuthServerException
|
|
|
|
|
* @throws UniqueTokenIdentifierConstraintViolationException
|
|
|
|
|
*
|
|
|
|
|
* @return AuthCodeEntityInterface
|
2016-02-12 10:00:10 +00:00
|
|
|
*/
|
|
|
|
|
protected function issueAuthCode(
|
2016-03-15 22:25:28 +01:00
|
|
|
\DateInterval $authCodeTTL,
|
2016-02-12 10:00:10 +00:00
|
|
|
ClientEntityInterface $client,
|
|
|
|
|
$userIdentifier,
|
|
|
|
|
$redirectUri,
|
|
|
|
|
array $scopes = []
|
|
|
|
|
) {
|
2016-06-20 20:18:53 +12:00
|
|
|
$maxGenerationAttempts = self::MAX_RANDOM_TOKEN_GENERATION_ATTEMPTS;
|
|
|
|
|
|
2016-03-25 14:09:26 +01:00
|
|
|
$authCode = $this->authCodeRepository->getNewAuthCode();
|
2016-03-15 22:25:28 +01:00
|
|
|
$authCode->setExpiryDateTime((new \DateTime())->add($authCodeTTL));
|
2016-02-12 10:00:10 +00:00
|
|
|
$authCode->setClient($client);
|
|
|
|
|
$authCode->setUserIdentifier($userIdentifier);
|
|
|
|
|
$authCode->setRedirectUri($redirectUri);
|
|
|
|
|
|
|
|
|
|
foreach ($scopes as $scope) {
|
|
|
|
|
$authCode->addScope($scope);
|
|
|
|
|
}
|
|
|
|
|
|
2016-06-20 20:18:53 +12:00
|
|
|
while ($maxGenerationAttempts-- > 0) {
|
|
|
|
|
$authCode->setIdentifier($this->generateUniqueIdentifier());
|
|
|
|
|
try {
|
|
|
|
|
$this->authCodeRepository->persistNewAuthCode($authCode);
|
2016-09-13 14:17:09 +00:00
|
|
|
|
2016-06-20 20:18:53 +12:00
|
|
|
return $authCode;
|
|
|
|
|
} catch (UniqueTokenIdentifierConstraintViolationException $e) {
|
|
|
|
|
if ($maxGenerationAttempts === 0) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2016-02-12 10:00:10 +00:00
|
|
|
}
|
|
|
|
|
|
2016-01-17 00:41:55 +01:00
|
|
|
/**
|
2016-07-09 01:00:44 +02:00
|
|
|
* @param AccessTokenEntityInterface $accessToken
|
|
|
|
|
*
|
|
|
|
|
* @throws OAuthServerException
|
|
|
|
|
* @throws UniqueTokenIdentifierConstraintViolationException
|
2016-01-17 00:41:55 +01:00
|
|
|
*
|
2016-07-09 01:00:44 +02:00
|
|
|
* @return RefreshTokenEntityInterface
|
2016-01-17 00:41:55 +01:00
|
|
|
*/
|
2016-03-15 22:25:28 +01:00
|
|
|
protected function issueRefreshToken(AccessTokenEntityInterface $accessToken)
|
2016-01-17 00:41:55 +01:00
|
|
|
{
|
2016-06-20 20:18:53 +12:00
|
|
|
$maxGenerationAttempts = self::MAX_RANDOM_TOKEN_GENERATION_ATTEMPTS;
|
|
|
|
|
|
2016-03-25 14:09:26 +01:00
|
|
|
$refreshToken = $this->refreshTokenRepository->getNewRefreshToken();
|
2016-01-21 18:11:53 +01:00
|
|
|
$refreshToken->setExpiryDateTime((new \DateTime())->add($this->refreshTokenTTL));
|
2016-01-17 00:41:55 +01:00
|
|
|
$refreshToken->setAccessToken($accessToken);
|
|
|
|
|
|
2016-06-20 20:18:53 +12:00
|
|
|
while ($maxGenerationAttempts-- > 0) {
|
|
|
|
|
$refreshToken->setIdentifier($this->generateUniqueIdentifier());
|
|
|
|
|
try {
|
|
|
|
|
$this->refreshTokenRepository->persistNewRefreshToken($refreshToken);
|
2016-09-13 14:17:09 +00:00
|
|
|
|
2016-06-20 20:18:53 +12:00
|
|
|
return $refreshToken;
|
|
|
|
|
} catch (UniqueTokenIdentifierConstraintViolationException $e) {
|
|
|
|
|
if ($maxGenerationAttempts === 0) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2016-01-17 00:41:55 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2016-02-19 18:09:39 -05:00
|
|
|
* Generate a new unique identifier.
|
2016-02-13 14:07:09 +01:00
|
|
|
*
|
|
|
|
|
* @param int $length
|
|
|
|
|
*
|
2016-07-09 01:00:44 +02:00
|
|
|
* @throws OAuthServerException
|
2016-02-19 18:09:39 -05:00
|
|
|
*
|
|
|
|
|
* @return string
|
2016-02-13 14:07:09 +01:00
|
|
|
*/
|
|
|
|
|
protected function generateUniqueIdentifier($length = 40)
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
return bin2hex(random_bytes($length));
|
2016-02-13 14:11:38 +01:00
|
|
|
// @codeCoverageIgnoreStart
|
2016-02-13 14:07:09 +01:00
|
|
|
} catch (\TypeError $e) {
|
|
|
|
|
throw OAuthServerException::serverError('An unexpected error has occurred');
|
|
|
|
|
} catch (\Error $e) {
|
|
|
|
|
throw OAuthServerException::serverError('An unexpected error has occurred');
|
|
|
|
|
} catch (\Exception $e) {
|
2016-02-13 14:11:38 +01:00
|
|
|
// If you get this message, the CSPRNG failed hard.
|
2016-02-13 14:07:09 +01:00
|
|
|
throw OAuthServerException::serverError('Could not generate a random string');
|
|
|
|
|
}
|
2016-02-13 14:11:38 +01:00
|
|
|
// @codeCoverageIgnoreEnd
|
2016-02-13 14:07:09 +01:00
|
|
|
}
|
|
|
|
|
|
2016-01-17 00:41:55 +01:00
|
|
|
/**
|
2016-02-19 18:09:39 -05:00
|
|
|
* {@inheritdoc}
|
2016-01-17 00:41:55 +01:00
|
|
|
*/
|
2016-04-09 16:22:00 +01:00
|
|
|
public function canRespondToAccessTokenRequest(ServerRequestInterface $request)
|
2016-01-17 00:41:55 +01:00
|
|
|
{
|
2016-02-12 17:10:52 +01:00
|
|
|
$requestParameters = (array) $request->getParsedBody();
|
|
|
|
|
|
2016-01-17 00:41:55 +01:00
|
|
|
return (
|
2016-02-12 17:10:52 +01:00
|
|
|
array_key_exists('grant_type', $requestParameters)
|
|
|
|
|
&& $requestParameters['grant_type'] === $this->getIdentifier()
|
2016-01-17 00:41:55 +01:00
|
|
|
);
|
|
|
|
|
}
|
2016-04-10 10:07:08 +01:00
|
|
|
|
|
|
|
|
/**
|
2016-04-10 06:48:46 -04:00
|
|
|
* {@inheritdoc}
|
2016-04-10 10:07:08 +01:00
|
|
|
*/
|
|
|
|
|
public function canRespondToAuthorizationRequest(ServerRequestInterface $request)
|
|
|
|
|
{
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2016-04-10 06:48:46 -04:00
|
|
|
* {@inheritdoc}
|
2016-04-10 10:07:08 +01:00
|
|
|
*/
|
|
|
|
|
public function validateAuthorizationRequest(ServerRequestInterface $request)
|
|
|
|
|
{
|
|
|
|
|
throw new \LogicException('This grant cannot validate an authorization request');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2016-04-10 06:48:46 -04:00
|
|
|
* {@inheritdoc}
|
2016-04-10 10:07:08 +01:00
|
|
|
*/
|
|
|
|
|
public function completeAuthorizationRequest(AuthorizationRequest $authorizationRequest)
|
|
|
|
|
{
|
|
|
|
|
throw new \LogicException('This grant cannot complete an authorization request');
|
|
|
|
|
}
|
2013-12-04 17:23:19 -05:00
|
|
|
}
|
