mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-11-30 02:33:14 +05:30
Merge pull request #445 from juliangut/abstract_token_validation
V5 - Abstract access token validation
This commit is contained in:
commit
655f6b9771
@ -1,5 +1,7 @@
|
||||
<?php
|
||||
|
||||
use League\OAuth2\Server\Grant\PasswordGrant;
|
||||
use League\OAuth2\Server\Grant\RefreshTokenGrant;
|
||||
use League\OAuth2\Server\Middleware\AuthenticationServerMiddleware;
|
||||
use League\OAuth2\Server\Server;
|
||||
|
||||
@ -10,8 +12,6 @@ use OAuth2ServerExamples\Repositories\ScopeRepository;
|
||||
use OAuth2ServerExamples\Repositories\UserRepository;
|
||||
|
||||
use Slim\App;
|
||||
use Slim\Http\Request;
|
||||
use Slim\Http\Response;
|
||||
|
||||
include(__DIR__ . '/../vendor/autoload.php');
|
||||
|
||||
|
@ -6,6 +6,7 @@ use League\OAuth2\Server\Exception\OAuthServerException;
|
||||
use League\OAuth2\Server\Server;
|
||||
use Psr\Http\Message\ResponseInterface;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
use Zend\Diactoros\Stream;
|
||||
|
||||
class AuthenticationServerMiddleware
|
||||
{
|
||||
@ -38,9 +39,10 @@ class AuthenticationServerMiddleware
|
||||
} catch (OAuthServerException $exception) {
|
||||
return $exception->generateHttpResponse($response);
|
||||
} catch (\Exception $exception) {
|
||||
$response->getBody()->write($exception->getMessage());
|
||||
$body = new Stream('php://temp', 'r+');
|
||||
$body->write($exception->getMessage());
|
||||
|
||||
return $response->withStatus(500);
|
||||
return $response->withStatus(500)->withBody($body);
|
||||
}
|
||||
|
||||
if (in_array($response->getStatusCode(), [400, 401, 500])) {
|
||||
|
@ -6,6 +6,7 @@ use League\OAuth2\Server\Exception\OAuthServerException;
|
||||
use League\OAuth2\Server\Server;
|
||||
use Psr\Http\Message\ResponseInterface;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
use Zend\Diactoros\Stream;
|
||||
|
||||
class ResourceServerMiddleware
|
||||
{
|
||||
@ -34,13 +35,14 @@ class ResourceServerMiddleware
|
||||
public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)
|
||||
{
|
||||
try {
|
||||
$request = $this->server->getResponseType()->determineAccessTokenInHeader($request);
|
||||
$request = $this->server->validateRequest($request);
|
||||
} catch (OAuthServerException $exception) {
|
||||
return $exception->generateHttpResponse($response);
|
||||
} catch (\Exception $exception) {
|
||||
$response->getBody()->write($exception->getMessage());
|
||||
$body = new Stream('php://temp', 'r+');
|
||||
$body->write($exception->getMessage());
|
||||
|
||||
return $response->withStatus(500);
|
||||
return $response->withStatus(500)->withBody($body);
|
||||
}
|
||||
|
||||
// Pass the request and response on to the next responder in the chain
|
||||
|
@ -27,7 +27,7 @@ class Server implements EmitterAwareInterface
|
||||
protected $enabledGrantTypes = [];
|
||||
|
||||
/**
|
||||
* @var DateInterval[]
|
||||
* @var \DateInterval[]
|
||||
*/
|
||||
protected $grantTypeAccessTokenTTL = [];
|
||||
|
||||
@ -91,7 +91,7 @@ class Server implements EmitterAwareInterface
|
||||
* Enable a grant type on the server
|
||||
*
|
||||
* @param \League\OAuth2\Server\Grant\GrantTypeInterface $grantType
|
||||
* @param DateInterval $accessTokenTTL
|
||||
* @param \DateInterval $accessTokenTTL
|
||||
*/
|
||||
public function enableGrantType(GrantTypeInterface $grantType, DateInterval $accessTokenTTL)
|
||||
{
|
||||
@ -148,12 +148,26 @@ class Server implements EmitterAwareInterface
|
||||
return $tokenResponse->generateHttpResponse($response);
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine the access token validity
|
||||
*
|
||||
* @param \Psr\Http\Message\ServerRequestInterface $request
|
||||
*
|
||||
* @return \Psr\Http\Message\ServerRequestInterface
|
||||
*
|
||||
* @throws \League\OAuth2\Server\Exception\OAuthServerException
|
||||
*/
|
||||
public function validateRequest(ServerRequestInterface $request)
|
||||
{
|
||||
return $this->getResponseType()->determineAccessTokenInHeader($request);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the token type that grants will return in the HTTP response
|
||||
*
|
||||
* @return ResponseTypeInterface
|
||||
*/
|
||||
public function getResponseType()
|
||||
protected function getResponseType()
|
||||
{
|
||||
if (!$this->responseType instanceof ResponseTypeInterface) {
|
||||
$this->responseType = new BearerTokenResponse(
|
||||
|
Loading…
Reference in New Issue
Block a user