2013-12-02 18:42:54 +00:00
|
|
|
<?php
|
|
|
|
|
/**
|
2014-01-08 16:15:29 +00:00
|
|
|
* OAuth 2.0 Abstract grant
|
2013-12-02 18:42:54 +00:00
|
|
|
*
|
2014-01-08 16:15:29 +00:00
|
|
|
* @package league/oauth2-server
|
2013-12-02 18:42:54 +00:00
|
|
|
* @author Alex Bilbie <hello@alexbilbie.com>
|
2014-03-09 19:34:23 +00:00
|
|
|
* @copyright Copyright (c) Alex Bilbie
|
2013-12-02 18:42:54 +00:00
|
|
|
* @license http://mit-license.org/
|
2014-03-09 20:05:38 +00:00
|
|
|
* @link https://github.com/thephpleague/oauth2-server
|
2013-12-02 18:42:54 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
namespace League\OAuth2\Server\Grant;
|
|
|
|
|
|
2015-11-13 17:41:05 +00:00
|
|
|
use League\Event\EmitterInterface;
|
2016-01-17 00:41:55 +01:00
|
|
|
use League\Event\Event;
|
|
|
|
|
use League\OAuth2\Server\Entities\AccessTokenEntity;
|
2015-04-05 17:01:19 +01:00
|
|
|
use League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface;
|
2016-01-17 00:41:55 +01:00
|
|
|
use League\OAuth2\Server\Entities\RefreshTokenEntity;
|
2015-04-05 17:01:19 +01:00
|
|
|
use League\OAuth2\Server\Entities\ScopeEntity;
|
2015-11-13 17:41:05 +00:00
|
|
|
use League\OAuth2\Server\Exception\OAuthServerException;
|
2015-04-05 17:01:19 +01:00
|
|
|
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
|
|
|
|
|
use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
|
|
|
|
|
use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
|
2016-01-17 00:41:55 +01:00
|
|
|
use League\OAuth2\Server\Utils\SecureKey;
|
2015-10-14 09:51:53 +01:00
|
|
|
use Psr\Http\Message\ServerRequestInterface;
|
2013-12-05 20:25:50 +00:00
|
|
|
|
2014-01-08 16:15:29 +00:00
|
|
|
/**
|
|
|
|
|
* Abstract grant class
|
|
|
|
|
*/
|
|
|
|
|
abstract class AbstractGrant implements GrantTypeInterface
|
|
|
|
|
{
|
2016-01-17 13:49:53 +00:00
|
|
|
const SCOPE_DELIMITER_STRING = ' ';
|
|
|
|
|
|
2013-12-05 20:25:50 +00:00
|
|
|
/**
|
2015-04-05 17:01:19 +01:00
|
|
|
* Grant responds with
|
2014-12-10 13:10:35 +00:00
|
|
|
*
|
2014-01-08 16:15:29 +00:00
|
|
|
* @var string
|
2013-12-05 20:25:50 +00:00
|
|
|
*/
|
2015-04-05 17:01:19 +01:00
|
|
|
protected $respondsWith = 'token';
|
2014-01-08 16:15:29 +00:00
|
|
|
|
|
|
|
|
/**
|
2015-10-14 09:51:53 +01:00
|
|
|
* @var ServerRequestInterface
|
2014-01-08 16:15:29 +00:00
|
|
|
*/
|
2015-04-05 17:01:19 +01:00
|
|
|
protected $request;
|
2014-01-08 16:15:29 +00:00
|
|
|
|
|
|
|
|
/**
|
2015-04-05 17:01:19 +01:00
|
|
|
* @var ClientRepositoryInterface
|
2014-01-08 16:15:29 +00:00
|
|
|
*/
|
2015-04-05 17:01:19 +01:00
|
|
|
protected $clientRepository;
|
2013-12-05 20:25:50 +00:00
|
|
|
|
2013-12-02 18:42:54 +00:00
|
|
|
/**
|
2015-04-05 17:01:19 +01:00
|
|
|
* @var AccessTokenRepositoryInterface
|
2013-12-02 18:42:54 +00:00
|
|
|
*/
|
2015-04-05 17:01:19 +01:00
|
|
|
protected $accessTokenRepository;
|
2013-12-02 18:42:54 +00:00
|
|
|
|
2013-12-04 17:23:19 -05:00
|
|
|
/**
|
2015-04-05 17:01:19 +01:00
|
|
|
* @var \League\Event\Emitter
|
2013-12-04 17:23:19 -05:00
|
|
|
*/
|
2015-04-05 17:01:19 +01:00
|
|
|
protected $emitter;
|
2013-12-05 20:28:31 +00:00
|
|
|
|
2013-12-02 18:42:54 +00:00
|
|
|
/**
|
2015-04-05 17:01:19 +01:00
|
|
|
* @var ScopeRepositoryInterface
|
2013-12-02 18:42:54 +00:00
|
|
|
*/
|
2015-04-05 17:01:19 +01:00
|
|
|
protected $scopeRepository;
|
2013-12-02 18:42:54 +00:00
|
|
|
|
2014-09-11 13:39:50 +01:00
|
|
|
/**
|
2016-01-17 14:21:35 +00:00
|
|
|
* @var string
|
2014-09-11 13:39:50 +01:00
|
|
|
*/
|
2016-01-17 14:21:35 +00:00
|
|
|
protected $pathToPrivateKey;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @var string
|
|
|
|
|
*/
|
|
|
|
|
protected $pathToPublicKey;
|
|
|
|
|
|
2016-01-21 18:11:53 +01:00
|
|
|
/**
|
|
|
|
|
* @var \DateInterval
|
|
|
|
|
*/
|
|
|
|
|
protected $refreshTokenTTL;
|
|
|
|
|
|
2014-09-11 13:39:50 +01:00
|
|
|
/**
|
2016-01-17 13:47:44 +00:00
|
|
|
* @param ClientRepositoryInterface $clientRepository
|
2014-09-11 13:39:50 +01:00
|
|
|
*/
|
2016-01-17 13:47:44 +00:00
|
|
|
public function setClientRepository(ClientRepositoryInterface $clientRepository)
|
|
|
|
|
{
|
2015-04-05 17:01:19 +01:00
|
|
|
$this->clientRepository = $clientRepository;
|
2016-01-17 13:47:44 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @param AccessTokenRepositoryInterface $accessTokenRepository
|
|
|
|
|
*/
|
|
|
|
|
public function setAccessTokenRepository(AccessTokenRepositoryInterface $accessTokenRepository)
|
|
|
|
|
{
|
2015-04-05 17:01:19 +01:00
|
|
|
$this->accessTokenRepository = $accessTokenRepository;
|
2014-09-11 13:39:50 +01:00
|
|
|
}
|
|
|
|
|
|
2013-12-02 18:42:54 +00:00
|
|
|
/**
|
2016-01-17 13:47:44 +00:00
|
|
|
* @param ScopeRepositoryInterface $scopeRepository
|
2013-12-02 18:42:54 +00:00
|
|
|
*/
|
2016-01-17 13:47:44 +00:00
|
|
|
public function setScopeRepository(ScopeRepositoryInterface $scopeRepository)
|
2013-12-02 18:42:54 +00:00
|
|
|
{
|
2016-01-17 13:47:44 +00:00
|
|
|
$this->scopeRepository = $scopeRepository;
|
2013-12-02 18:42:54 +00:00
|
|
|
}
|
|
|
|
|
|
2013-12-05 20:25:50 +00:00
|
|
|
/**
|
2016-01-17 14:21:35 +00:00
|
|
|
* @param string $pathToPrivateKey
|
2013-12-05 20:25:50 +00:00
|
|
|
*/
|
2016-01-17 14:21:35 +00:00
|
|
|
public function setPathToPrivateKey($pathToPrivateKey)
|
2013-12-05 20:25:50 +00:00
|
|
|
{
|
2016-01-17 14:21:35 +00:00
|
|
|
$this->pathToPrivateKey = $pathToPrivateKey;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @param string $pathToPublicKey
|
|
|
|
|
*/
|
|
|
|
|
public function setPathToPublicKey($pathToPublicKey)
|
|
|
|
|
{
|
|
|
|
|
$this->pathToPublicKey = $pathToPublicKey;
|
2013-12-05 20:25:50 +00:00
|
|
|
}
|
|
|
|
|
|
2016-01-17 14:35:43 +01:00
|
|
|
/**
|
|
|
|
|
* @inheritdoc
|
|
|
|
|
*/
|
|
|
|
|
public function setEmitter(EmitterInterface $emitter)
|
|
|
|
|
{
|
|
|
|
|
$this->emitter = $emitter;
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-21 18:11:53 +01:00
|
|
|
/**
|
|
|
|
|
* @inheritdoc
|
|
|
|
|
*/
|
|
|
|
|
public function setRefreshTokenTTL(\DateInterval $refreshTokenTTL)
|
|
|
|
|
{
|
|
|
|
|
$this->refreshTokenTTL = $refreshTokenTTL;
|
|
|
|
|
}
|
|
|
|
|
|
2013-12-05 20:25:50 +00:00
|
|
|
/**
|
2014-11-21 00:06:01 +00:00
|
|
|
* {@inheritdoc}
|
2013-12-05 20:25:50 +00:00
|
|
|
*/
|
2015-04-05 17:01:19 +01:00
|
|
|
public function respondsWith()
|
2013-12-05 20:25:50 +00:00
|
|
|
{
|
2015-04-05 17:01:19 +01:00
|
|
|
return $this->respondsWith;
|
2013-12-05 20:25:50 +00:00
|
|
|
}
|
|
|
|
|
|
2016-01-17 00:41:55 +01:00
|
|
|
/**
|
|
|
|
|
* @param \Psr\Http\Message\ServerRequestInterface $request
|
|
|
|
|
*
|
|
|
|
|
* @return \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface
|
|
|
|
|
*
|
|
|
|
|
* @throws \League\OAuth2\Server\Exception\OAuthServerException
|
|
|
|
|
*/
|
|
|
|
|
protected function validateClient(ServerRequestInterface $request)
|
|
|
|
|
{
|
2016-01-17 12:43:20 +00:00
|
|
|
$clientId = $this->getRequestParameter(
|
|
|
|
|
'client_id',
|
|
|
|
|
$request,
|
|
|
|
|
$this->getServerParameter('PHP_AUTH_USER', $request)
|
|
|
|
|
);
|
2016-01-17 00:41:55 +01:00
|
|
|
if (is_null($clientId)) {
|
|
|
|
|
throw OAuthServerException::invalidRequest('client_id', null, '`%s` parameter is missing');
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-17 12:43:20 +00:00
|
|
|
$clientSecret = $this->getRequestParameter(
|
|
|
|
|
'client_secret',
|
|
|
|
|
$request,
|
|
|
|
|
$this->getServerParameter('PHP_AUTH_PW', $request)
|
|
|
|
|
);
|
2016-01-17 00:41:55 +01:00
|
|
|
if (is_null($clientSecret)) {
|
|
|
|
|
throw OAuthServerException::invalidRequest('client_secret', null, '`%s` parameter is missing');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$client = $this->clientRepository->getClientEntity(
|
|
|
|
|
$clientId,
|
|
|
|
|
$clientSecret,
|
|
|
|
|
null,
|
|
|
|
|
$this->getIdentifier()
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if (!$client instanceof ClientEntityInterface) {
|
|
|
|
|
$this->emitter->emit(new Event('client.authentication.failed', $request));
|
|
|
|
|
|
|
|
|
|
throw OAuthServerException::invalidClient();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $client;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2016-01-17 14:35:43 +01:00
|
|
|
* @param \Psr\Http\Message\ServerRequestInterface $request
|
|
|
|
|
* @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $client
|
|
|
|
|
* @param string $redirectUri
|
2014-12-10 13:10:35 +00:00
|
|
|
*
|
2015-04-05 17:01:19 +01:00
|
|
|
* @return \League\OAuth2\Server\Entities\ScopeEntity[]
|
2016-01-17 14:35:43 +01:00
|
|
|
*
|
2015-11-13 17:41:05 +00:00
|
|
|
* @throws \League\OAuth2\Server\Exception\OAuthServerException
|
2014-01-08 16:15:29 +00:00
|
|
|
*/
|
2015-04-05 17:01:19 +01:00
|
|
|
public function validateScopes(
|
2016-01-17 14:35:43 +01:00
|
|
|
ServerRequestInterface $request,
|
2015-04-05 17:01:19 +01:00
|
|
|
ClientEntityInterface $client,
|
|
|
|
|
$redirectUri = null
|
|
|
|
|
) {
|
2016-01-17 14:35:43 +01:00
|
|
|
$requestedScopes = $this->getRequestParameter('scope', $request);
|
2015-10-14 09:51:53 +01:00
|
|
|
$scopesList = array_filter(
|
2016-01-17 15:49:55 +01:00
|
|
|
explode(self::SCOPE_DELIMITER_STRING, trim($requestedScopes)),
|
2015-10-14 09:51:53 +01:00
|
|
|
function ($scope) {
|
|
|
|
|
return !empty($scope);
|
2014-05-03 11:08:33 +01:00
|
|
|
}
|
2015-10-14 09:51:53 +01:00
|
|
|
);
|
2013-12-24 17:01:56 +00:00
|
|
|
|
|
|
|
|
$scopes = [];
|
|
|
|
|
foreach ($scopesList as $scopeItem) {
|
2015-11-13 17:41:05 +00:00
|
|
|
$scope = $this->scopeRepository->getScopeEntityByIdentifier(
|
2013-12-24 17:01:56 +00:00
|
|
|
$scopeItem,
|
2014-09-30 23:55:21 +01:00
|
|
|
$this->getIdentifier(),
|
2015-04-05 17:01:19 +01:00
|
|
|
$client->getIdentifier()
|
2013-12-24 17:01:56 +00:00
|
|
|
);
|
|
|
|
|
|
2014-05-02 17:21:53 +01:00
|
|
|
if (($scope instanceof ScopeEntity) === false) {
|
2015-11-13 17:41:05 +00:00
|
|
|
throw OAuthServerException::invalidScope($scopeItem, null, null, $redirectUri);
|
2013-12-24 17:01:56 +00:00
|
|
|
}
|
|
|
|
|
|
2015-04-05 17:01:19 +01:00
|
|
|
$scopes[] = $scope;
|
2014-01-10 12:30:13 +00:00
|
|
|
}
|
2014-05-03 10:53:43 +01:00
|
|
|
|
2014-01-10 12:30:13 +00:00
|
|
|
return $scopes;
|
|
|
|
|
}
|
2015-10-14 09:51:53 +01:00
|
|
|
|
|
|
|
|
/**
|
2016-01-17 14:35:43 +01:00
|
|
|
* Retrieve request parameter.
|
|
|
|
|
*
|
|
|
|
|
* @param string $parameter
|
|
|
|
|
* @param \Psr\Http\Message\ServerRequestInterface $request
|
|
|
|
|
* @param mixed $default
|
|
|
|
|
*
|
|
|
|
|
* @return null|string
|
2015-10-14 09:51:53 +01:00
|
|
|
*/
|
2016-01-17 14:35:43 +01:00
|
|
|
protected function getRequestParameter($parameter, ServerRequestInterface $request, $default = null)
|
2015-10-14 09:51:53 +01:00
|
|
|
{
|
2016-01-17 14:35:43 +01:00
|
|
|
return (isset($request->getParsedBody()[$parameter])) ? $request->getParsedBody()[$parameter] : $default;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Retrieve server parameter.
|
|
|
|
|
*
|
|
|
|
|
* @param string|array $parameter
|
|
|
|
|
* @param \Psr\Http\Message\ServerRequestInterface $request
|
|
|
|
|
* @param mixed $default
|
|
|
|
|
*
|
|
|
|
|
* @return null|string
|
|
|
|
|
*/
|
|
|
|
|
protected function getServerParameter($parameter, ServerRequestInterface $request, $default = null)
|
|
|
|
|
{
|
|
|
|
|
return (isset($request->getServerParams()[$parameter])) ? $request->getServerParams()[$parameter] : $default;
|
2015-10-14 09:51:53 +01:00
|
|
|
}
|
2016-01-17 00:41:55 +01:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @param \DateInterval $tokenTTL
|
|
|
|
|
* @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $client
|
|
|
|
|
* @param string $userIdentifier
|
|
|
|
|
* @param array $scopes
|
|
|
|
|
*
|
|
|
|
|
* @return \League\OAuth2\Server\Entities\AccessTokenEntity
|
|
|
|
|
*/
|
|
|
|
|
protected function issueAccessToken(
|
|
|
|
|
\DateInterval $tokenTTL,
|
|
|
|
|
ClientEntityInterface $client,
|
|
|
|
|
$userIdentifier,
|
|
|
|
|
array $scopes = []
|
|
|
|
|
) {
|
|
|
|
|
$accessToken = new AccessTokenEntity();
|
|
|
|
|
$accessToken->setIdentifier(SecureKey::generate());
|
|
|
|
|
$accessToken->setExpiryDateTime((new \DateTime())->add($tokenTTL));
|
|
|
|
|
$accessToken->setClient($client);
|
|
|
|
|
$accessToken->setUserIdentifier($userIdentifier);
|
|
|
|
|
|
|
|
|
|
foreach ($scopes as $scope) {
|
|
|
|
|
$accessToken->addScope($scope);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $accessToken;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @param \League\OAuth2\Server\Entities\AccessTokenEntity $accessToken
|
|
|
|
|
*
|
|
|
|
|
* @return \League\OAuth2\Server\Entities\RefreshTokenEntity
|
|
|
|
|
*/
|
2016-01-21 18:11:53 +01:00
|
|
|
protected function issueRefreshToken(AccessTokenEntity $accessToken)
|
2016-01-17 00:41:55 +01:00
|
|
|
{
|
|
|
|
|
$refreshToken = new RefreshTokenEntity();
|
|
|
|
|
$refreshToken->setIdentifier(SecureKey::generate());
|
2016-01-21 18:11:53 +01:00
|
|
|
$refreshToken->setExpiryDateTime((new \DateTime())->add($this->refreshTokenTTL));
|
2016-01-17 00:41:55 +01:00
|
|
|
$refreshToken->setAccessToken($accessToken);
|
|
|
|
|
|
|
|
|
|
return $refreshToken;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @inheritdoc
|
|
|
|
|
*/
|
|
|
|
|
public function canRespondToRequest(ServerRequestInterface $request)
|
|
|
|
|
{
|
|
|
|
|
return (
|
|
|
|
|
isset($request->getParsedBody()['grant_type'])
|
2016-02-12 08:33:59 +00:00
|
|
|
&& $request->getParsedBody()['grant_type'] === $this->getIdentifier()
|
2016-01-17 00:41:55 +01:00
|
|
|
);
|
|
|
|
|
}
|
2013-12-04 17:23:19 -05:00
|
|
|
}
|
