mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-12-26 06:59:49 +05:30
Updated AuthCodeGrant with new methods to validate and complete an authorization request
This commit is contained in:
Alex Bilbie
parent
fdb1d70874
commit
4bc835c007
@ -11,7 +11,6 @@ use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
|
|||||||
use League\OAuth2\Server\Repositories\UserRepositoryInterface;
|
use League\OAuth2\Server\Repositories\UserRepositoryInterface;
|
||||||
use League\OAuth2\Server\RequestEvent;
|
use League\OAuth2\Server\RequestEvent;
|
||||||
use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
|
use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
|
||||||
use League\OAuth2\Server\ResponseTypes\HtmlResponse;
|
|
||||||
use League\OAuth2\Server\ResponseTypes\RedirectResponse;
|
use League\OAuth2\Server\ResponseTypes\RedirectResponse;
|
||||||
use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
|
use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
|
||||||
use League\OAuth2\Server\TemplateRenderer\RendererInterface;
|
use League\OAuth2\Server\TemplateRenderer\RendererInterface;
|
||||||
@ -57,17 +56,11 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
|
|||||||
*
|
*
|
||||||
* @return \League\OAuth2\Server\ResponseTypes\ResponseTypeInterface
|
* @return \League\OAuth2\Server\ResponseTypes\ResponseTypeInterface
|
||||||
*/
|
*/
|
||||||
protected function respondToAccessTokenRequest(
|
public function respondToAccessTokenRequest(
|
||||||
ServerRequestInterface $request,
|
ServerRequestInterface $request,
|
||||||
ResponseTypeInterface $responseType,
|
ResponseTypeInterface $responseType,
|
||||||
DateInterval $accessTokenTTL
|
DateInterval $accessTokenTTL
|
||||||
) {
|
) {
|
||||||
// The redirect URI is required in this request
|
|
||||||
$redirectUri = $this->getRequestParameter('redirect_uri', $request, null);
|
|
||||||
if (is_null($redirectUri)) {
|
|
||||||
throw OAuthServerException::invalidRequest('redirect_uri');
|
|
||||||
}
|
|
||||||
|
|
||||||
// Validate request
|
// Validate request
|
||||||
$client = $this->validateClient($request);
|
$client = $this->validateClient($request);
|
||||||
$encryptedAuthCode = $this->getRequestParameter('code', $request, null);
|
$encryptedAuthCode = $this->getRequestParameter('code', $request, null);
|
||||||
@ -91,6 +84,12 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
|
|||||||
throw OAuthServerException::invalidRequest('code', 'Authorization code was not issued to this client');
|
throw OAuthServerException::invalidRequest('code', 'Authorization code was not issued to this client');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// The redirect URI is required in this request
|
||||||
|
$redirectUri = $this->getRequestParameter('redirect_uri', $request, null);
|
||||||
|
if (empty($authCodePayload->redirect_uri) === false && $redirectUri === null) {
|
||||||
|
throw OAuthServerException::invalidRequest('redirect_uri');
|
||||||
|
}
|
||||||
|
|
||||||
if ($authCodePayload->redirect_uri !== $redirectUri) {
|
if ($authCodePayload->redirect_uri !== $redirectUri) {
|
||||||
throw OAuthServerException::invalidRequest('redirect_uri', 'Invalid redirect URI');
|
throw OAuthServerException::invalidRequest('redirect_uri', 'Invalid redirect URI');
|
||||||
}
|
}
|
||||||
@ -99,7 +98,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
|
|||||||
foreach ($authCodePayload->scopes as $scopeId) {
|
foreach ($authCodePayload->scopes as $scopeId) {
|
||||||
$scope = $this->scopeRepository->getScopeEntityByIdentifier($scopeId);
|
$scope = $this->scopeRepository->getScopeEntityByIdentifier($scopeId);
|
||||||
|
|
||||||
if (!$scope) {
|
if ($scope === false) {
|
||||||
// @codeCoverageIgnoreStart
|
// @codeCoverageIgnoreStart
|
||||||
throw OAuthServerException::invalidScope($scopeId);
|
throw OAuthServerException::invalidScope($scopeId);
|
||||||
// @codeCoverageIgnoreEnd
|
// @codeCoverageIgnoreEnd
|
||||||
@ -122,24 +121,6 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
|
|||||||
return $responseType;
|
return $responseType;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* {@inheritdoc}
|
|
||||||
*/
|
|
||||||
public function respondToRequest(
|
|
||||||
ServerRequestInterface $request,
|
|
||||||
ResponseTypeInterface $responseType,
|
|
||||||
\DateInterval $accessTokenTTL
|
|
||||||
) {
|
|
||||||
if (
|
|
||||||
array_key_exists('response_type', $request->getQueryParams())
|
|
||||||
&& $request->getQueryParams()['response_type'] === 'code'
|
|
||||||
) {
|
|
||||||
return $this->respondToAuthorizationRequest($request);
|
|
||||||
}
|
|
||||||
|
|
||||||
return $this->respondToAccessTokenRequest($request, $responseType, $accessTokenTTL);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return the grant identifier that can be used in matching up requests.
|
* Return the grant identifier that can be used in matching up requests.
|
||||||
*
|
*
|
||||||
@ -230,6 +211,12 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
|
|||||||
throw new \LogicException('An instance of UserEntityInterface should be set on the AuthorizationRequest');
|
throw new \LogicException('An instance of UserEntityInterface should be set on the AuthorizationRequest');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$finalRedirectUri = ($authorizationRequest->getRedirectUri() === null)
|
||||||
|
? is_array($authorizationRequest->getClient()->getRedirectUri())
|
||||||
|
? $authorizationRequest->getClient()->getRedirectUri()[0]
|
||||||
|
: $authorizationRequest->getClient()->getRedirectUri()
|
||||||
|
: $authorizationRequest->getRedirectUri();
|
||||||
|
|
||||||
// The user approved the client, redirect them back with an auth code
|
// The user approved the client, redirect them back with an auth code
|
||||||
if ($authorizationRequest->isAuthorizationApproved() === true) {
|
if ($authorizationRequest->isAuthorizationApproved() === true) {
|
||||||
|
|
||||||
@ -254,12 +241,6 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
|
|||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
$finalRedirectUri = ($authorizationRequest->getRedirectUri() === null)
|
|
||||||
? is_array($authorizationRequest->getClient()->getRedirectUri())
|
|
||||||
? $authorizationRequest->getClient()->getRedirectUri()[0]
|
|
||||||
: $authorizationRequest->getClient()->getRedirectUri()
|
|
||||||
: $authorizationRequest->getRedirectUri();
|
|
||||||
|
|
||||||
$response = new RedirectResponse();
|
$response = new RedirectResponse();
|
||||||
$response->setRedirectUri(
|
$response->setRedirectUri(
|
||||||
$this->makeRedirectUri(
|
$this->makeRedirectUri(
|
||||||
@ -274,7 +255,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
|
|||||||
// The user denied the client, redirect them back with an error
|
// The user denied the client, redirect them back with an error
|
||||||
throw OAuthServerException::accessDenied(
|
throw OAuthServerException::accessDenied(
|
||||||
'The user denied the request',
|
'The user denied the request',
|
||||||
(string) $authorizationRequest->getRedirectUri()
|
$finalRedirectUri
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user