Merge pull request #432 from juliangut/middleware

V5 - authentication middleware
2025-05-31 14:12:07 +05:30 · 2016-01-17 19:33:38 +00:00
parent 86b75edca0 8591fc7686
commit 1e1043c04f
5 changed files with 113 additions and 22 deletions
--- a/examples/public/middleware_authentication.php
+++ b/examples/public/middleware_authentication.php
@@ -0,0 +1,61 @@
+<?php
+
+use League\OAuth2\Server\Middleware\AuthenticationServerMiddleware;
+use League\OAuth2\Server\Server;
+
+use OAuth2ServerExamples\Repositories\AccessTokenRepository;
+use OAuth2ServerExamples\Repositories\ClientRepository;
+use OAuth2ServerExamples\Repositories\RefreshTokenRepository;
+use OAuth2ServerExamples\Repositories\ScopeRepository;
+use OAuth2ServerExamples\Repositories\UserRepository;
+
+use Slim\App;
+use Slim\Http\Request;
+use Slim\Http\Response;
+
+include(__DIR__ . '/../vendor/autoload.php');
+
+// App
+$app = new App([
+    'settings'    => [
+        'displayErrorDetails' => true,
+    ],
+    Server::class => function () {
+
+        // Init our repositories
+        $clientRepository = new ClientRepository();
+        $accessTokenRepository = new AccessTokenRepository();
+        $scopeRepository = new ScopeRepository();
+        $userRepository = new UserRepository();
+        $refreshTokenRepository = new RefreshTokenRepository();
+
+        $privateKeyPath = 'file://' . __DIR__ . '/../private.key';
+        $publicKeyPath = 'file://' . __DIR__ . '/../public.key';
+
+        // Setup the authorization server
+        $server = new Server(
+            $clientRepository,
+            $accessTokenRepository,
+            $scopeRepository,
+            $privateKeyPath,
+            $publicKeyPath
+        );
+
+        // Enable the grants
+        $server->enableGrantType(
+            new PasswordGrant($userRepository, $refreshTokenRepository),
+            new \DateInterval('PT1H')
+        );
+        $server->enableGrantType(
+            new RefreshTokenGrant($refreshTokenRepository),
+            new \DateInterval('PT1H')
+        );
+
+        return $server;
+    }
+]);
+
+$app->post('/access_token', function () {
+})->add(new AuthenticationServerMiddleware($app->getContainer()->get(Server::class)));
+
+$app->run();
--- a/examples/public/password.php
+++ b/examples/public/password.php
@@ -39,7 +39,7 @@ $app = new App([
            $publicKeyPath
        );

-        // Enable the client credentials grant on the server with a token TTL of 1 hour
+        // Enable the password grant on the server with a token TTL of 1 hour
        $server->enableGrantType(
            new PasswordGrant($userRepository, $refreshTokenRepository),
            new \DateInterval('PT1H')
--- a/src/Middleware/AuthenticationServerMiddleware.php
+++ b/src/Middleware/AuthenticationServerMiddleware.php
@@ -0,0 +1,51 @@
+<?php
+
+namespace League\OAuth2\Server\Middleware;
+
+use League\OAuth2\Server\Exception\OAuthServerException;
+use League\OAuth2\Server\Server;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+
+class AuthenticationServerMiddleware
+{
+    /**
+     * @var \League\OAuth2\Server\Server
+     */
+    private $server;
+
+    /**
+     * AuthenticationServerMiddleware constructor.
+     *
+     * @param \League\OAuth2\Server\Server $server
+     */
+    public function __construct(Server $server)
+    {
+        $this->server = $server;
+    }
+
+    /**
+     * @param \Psr\Http\Message\ServerRequestInterface $request
+     * @param \Psr\Http\Message\ResponseInterface      $response
+     * @param callable                                 $next
+     *
+     * @return \Psr\Http\Message\ResponseInterface
+     */
+    public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)
+    {
+        try {
+            $response = $server->respondToRequest($request, $response);
+        } catch (OAuthServerException $exception) {
+            return $exception->generateHttpResponse($response);
+        } catch (\Exception $exception) {
+            return $response->withStatus(500)->write($exception->getMessage());
+        }
+
+        if (in_array($response->getStatusCode(), [400, 401, 500])) {
+            return $response;
+        }
+
+        // Pass the request and response on to the next responder in the chain
+        return $next($request, $response);
+    }
+}
--- a/src/Middleware/ResourceServerMiddleware.php
+++ b/src/Middleware/ResourceServerMiddleware.php
@@ -14,7 +14,6 @@ class ResourceServerMiddleware
     */
    private $server;

-
    /**
     * ResourceServerMiddleware constructor.
     *
--- a/src/Server.php
+++ b/src/Server.php
@@ -172,24 +172,4 @@ class Server implements EmitterAwareInterface

        return $tokenResponse->generateHttpResponse($response);
    }
-
-    /**
-     * PSR7 middleware callable
-     *
-     * @param \Psr\Http\Message\ServerRequestInterface $request
-     * @param \Psr\Http\Message\ResponseInterface      $response
-     * @param callable                                 $next
-     *
-     * @return \Psr\Http\Message\ResponseInterface
-     */
-    public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)
-    {
-        $response = $this->respondToRequest($request, $response);
-
-        if (in_array($response->getStatusCode(), [400, 401, 500])) {
-            return $response;
-        }
-
-        return $next($request, $response);
-    }
 }