mirror of
https://github.com/elyby/oauth2-server.git
synced 2025-05-31 14:12:07 +05:30
First commit of updated ResourceServer
This commit is contained in:
Alex Bilbie
@@ -13,8 +13,9 @@ namespace League\OAuth2\Server;
|
||||
|
||||
use OutOfBoundsException;
|
||||
use League\OAuth2\Server\Storage\SessionInterface;
|
||||
use League\OAuth2\Server\Util\RequestInterface;
|
||||
use League\OAuth2\Server\Util\Request;
|
||||
use League\OAuth2\Server\Storage\AccessTokenInterface;
|
||||
use League\OAuth2\Server\Storage\ClientInterface;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
/**
|
||||
* OAuth 2.0 Resource Server
|
||||
@@ -23,92 +24,100 @@ class Resource
|
||||
{
|
||||
/**
|
||||
* The access token
|
||||
* @var string
|
||||
*
|
||||
* @var League\OAuth2\Server\AccessToken
|
||||
*/
|
||||
protected $accessToken = null;
|
||||
|
||||
/**
|
||||
* The session ID
|
||||
* @var string
|
||||
* The session
|
||||
*
|
||||
* @var \League\OAuth2\Server\Session
|
||||
*/
|
||||
protected $sessionId = null;
|
||||
|
||||
/**
|
||||
* The type of the owner of the access token
|
||||
* @var string
|
||||
*/
|
||||
protected $ownerType = null;
|
||||
|
||||
/**
|
||||
* The ID of the owner of the access token
|
||||
* @var string
|
||||
*/
|
||||
protected $ownerId = null;
|
||||
|
||||
/**
|
||||
* The scopes associated with the access token
|
||||
* @var array
|
||||
*/
|
||||
protected $sessionScopes = array();
|
||||
|
||||
/**
|
||||
* The client, scope and session storage classes
|
||||
* @var array
|
||||
*/
|
||||
protected $storages = array();
|
||||
protected $session = null;
|
||||
|
||||
/**
|
||||
* The request object
|
||||
*
|
||||
* @var Util\RequestInterface
|
||||
*/
|
||||
protected $request = null;
|
||||
|
||||
/**
|
||||
* The query string key which is used by clients to present the access token (default: access_token)
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
protected $tokenKey = 'access_token';
|
||||
|
||||
/**
|
||||
* The client ID
|
||||
* @var string
|
||||
*
|
||||
* @var League\OAuth2\Server\Client
|
||||
*/
|
||||
protected $clientId = null;
|
||||
protected $client = null;
|
||||
|
||||
/**
|
||||
* Sets up the Resource
|
||||
* Session storage
|
||||
*
|
||||
* @param SessionInterface The Session Storage Object
|
||||
* @var League\OAuth2\Server\Storage\SessionInterface
|
||||
*/
|
||||
public function __construct(SessionInterface $session)
|
||||
{
|
||||
$this->storages['session'] = $session;
|
||||
protected $sessionStorage = null;
|
||||
|
||||
/**
|
||||
* Access token storage
|
||||
*
|
||||
* @var League\OAuth2\Server\Storage\AccessTokenInterface
|
||||
*/
|
||||
protected $accessTokenStorage = null;
|
||||
|
||||
/**
|
||||
* Client storage
|
||||
*
|
||||
* @var League\OAuth2\Server\Storage\ClientInterface
|
||||
*/
|
||||
protected $clientStorage = null;
|
||||
|
||||
/**
|
||||
* Initialise the resource server
|
||||
*
|
||||
* @param SessionInterface $sessionStorage [description]
|
||||
* @param AccessTokenInteface $accessTokenStorage [description]
|
||||
* @param ClientInterface $clientStorage [description]
|
||||
*
|
||||
* @return self
|
||||
*/
|
||||
public function __construct(
|
||||
SessionInterface $sessionStorage,
|
||||
AccessTokenInteface $accessTokenStorage,
|
||||
ClientInterface $clientStorage
|
||||
) {
|
||||
$this->sessionStorage = $sessionStorage;
|
||||
$this->accessTokenStorage = $accessTokenStorage;
|
||||
$this->clientStorage = $clientStorage;
|
||||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the Request Object
|
||||
*
|
||||
* @param RequestInterface The Request Object
|
||||
* @param \Symfony\Component\HttpFoundation\Request The Request Object
|
||||
*
|
||||
* @return self
|
||||
*/
|
||||
public function setRequest(RequestInterface $request)
|
||||
public function setRequest(Request $request)
|
||||
{
|
||||
$this->request = $request;
|
||||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the Request object. It will create one from the globals if one is not set.
|
||||
* Gets the Request object. It will create one from the globals if one is not set.
|
||||
*
|
||||
* @return Util\RequestInterface
|
||||
* @return Symfony\Component\HttpFoundation\Request
|
||||
*/
|
||||
public function getRequest()
|
||||
{
|
||||
if ($this->request === null) {
|
||||
// @codeCoverageIgnoreStart
|
||||
$this->request = Request::buildFromGlobals();
|
||||
}
|
||||
// @codeCoverageIgnoreEnd
|
||||
|
||||
return $this->request;
|
||||
}
|
||||
|
||||
@@ -126,6 +135,8 @@ class Resource
|
||||
* Sets the query string key for the access token.
|
||||
*
|
||||
* @param $key The new query string key
|
||||
*
|
||||
* @return self
|
||||
*/
|
||||
public function setTokenKey($key)
|
||||
{
|
||||
@@ -134,119 +145,147 @@ class Resource
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the access token owner ID.
|
||||
* Gets the access token owner ID
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function getOwnerId()
|
||||
{
|
||||
return $this->ownerId;
|
||||
return $this->session->getOwnerId();
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the owner type.
|
||||
* Gets the owner type
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function getOwnerType()
|
||||
{
|
||||
return $this->ownerType;
|
||||
return $this->session->getOwnerType();
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the access token.
|
||||
* Gets the access token
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function getAccessToken()
|
||||
{
|
||||
return $this->accessToken;
|
||||
return $this->accessToken->getId();
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the client ID that created the session
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function getClientId()
|
||||
{
|
||||
return $this->clientId;
|
||||
return $this->client->getId();
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if the access token is valid or not.
|
||||
* Checks if the access token is valid or not
|
||||
*
|
||||
* @param $headersOnly Limit Access Token to Authorization header only
|
||||
* @throws Exception\InvalidAccessTokenException Thrown if the presented access token is not valid
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
public function isValid($headersOnly = false)
|
||||
{
|
||||
$accessToken = $this->determineAccessToken($headersOnly);
|
||||
try {
|
||||
$accessToken = $this->determineAccessToken($headersOnly);
|
||||
} catch (Exception $e) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$result = $this->storages['session']->validateAccessToken($accessToken);
|
||||
// Set the access token
|
||||
$tokenResult = $this->accessTokenStorage->getToken($accessToken);
|
||||
if ($tokenResult === null) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if ( ! $result) {
|
||||
throw new Exception\InvalidAccessTokenException('Access token is not valid');
|
||||
$accessToken = new AccessToken;
|
||||
$accessToken->setId($token);
|
||||
$accessToken->setTTL($tokenResult['ttl']);
|
||||
$accessToken->setTimestamp($tokenResult['created']);
|
||||
|
||||
$scopes = $this->accessTokenStorage->getTokenScopes($token);
|
||||
foreach ($scopes as $scope => $details) {
|
||||
$accessToken->associateScope($scope, $details);
|
||||
}
|
||||
|
||||
$this->accessToken = $accessToken;
|
||||
$this->sessionId = $result['session_id'];
|
||||
$this->clientId = $result['client_id'];
|
||||
$this->ownerType = $result['owner_type'];
|
||||
$this->ownerId = $result['owner_id'];
|
||||
|
||||
$sessionScopes = $this->storages['session']->getScopes($this->accessToken);
|
||||
foreach ($sessionScopes as $scope) {
|
||||
$this->sessionScopes[] = $scope['scope'];
|
||||
|
||||
// Set the session
|
||||
$sessionResult = $this->sessionStorage->getSession($tokenResult['session_id']);
|
||||
if ($sessionResult === null) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$session = new Session();
|
||||
$session->setOwner($sessionResult['owner_type'], $sessionResult['owner_id']);
|
||||
|
||||
$this->session = $session;
|
||||
|
||||
// Set the client
|
||||
$clientResult = $this->clientStorage->getClient($sessionResult['client_id']);
|
||||
if ($clientResult === null) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$client = new Client();
|
||||
$client->setCredentials($clientResult['client_id'], $clientResult['client_secret']);
|
||||
|
||||
$this->client = $client;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the session scopes
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public function getScopes()
|
||||
{
|
||||
return $this->sessionScopes;
|
||||
return $this->accessToken->getScopes();
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if the presented access token has the given scope(s).
|
||||
* Checks if the presented access token has the given scope(s)
|
||||
*
|
||||
* @param array|string An array of scopes or a single scope as a string
|
||||
*
|
||||
* @return bool Returns bool if all scopes are found, false if any fail
|
||||
*/
|
||||
public function hasScope($scopes)
|
||||
{
|
||||
if (is_string($scopes)) {
|
||||
if (in_array($scopes, $this->sessionScopes)) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
return $this->accessToken->hasScope($scopes);
|
||||
} elseif (is_array($scopes)) {
|
||||
foreach ($scopes as $scope) {
|
||||
if ( ! in_array($scope, $this->sessionScopes)) {
|
||||
if (!$this->accessToken->hasScope($scope)) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Reads in the access token from the headers.
|
||||
* Reads in the access token from the headers
|
||||
*
|
||||
* @param $headersOnly Limit Access Token to Authorization header only
|
||||
*
|
||||
* @throws Exception\MissingAccessTokenException Thrown if there is no access token presented
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function determineAccessToken($headersOnly = false)
|
||||
{
|
||||
if ($header = $this->getRequest()->header('Authorization')) {
|
||||
if ($header = $this->getRequest()->headers->get('Authorization')) {
|
||||
// Check for special case, because cURL sometimes does an
|
||||
// internal second request and doubles the authorization header,
|
||||
// which always resulted in an error.
|
||||
@@ -261,8 +300,8 @@ class Resource
|
||||
}
|
||||
$accessToken = ($accessToken === 'Bearer') ? '' : $accessToken;
|
||||
} elseif ($headersOnly === false) {
|
||||
$method = $this->getRequest()->server('REQUEST_METHOD');
|
||||
$accessToken = $this->getRequest()->{$method}($this->tokenKey);
|
||||
$method = $this->getRequest()->server->get('REQUEST_METHOD');
|
||||
$accessToken = $this->getRequest()->request->get($this->tokenKey);
|
||||
}
|
||||
|
||||
if (empty($accessToken)) {
|
||||
@@ -271,5 +310,4 @@ class Resource
|
||||
|
||||
return $accessToken;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user