diff --git a/src/Exception/InvalidCredentialsException.php b/src/Exception/InvalidCredentialsException.php deleted file mode 100644 index 40c4ce7e..00000000 --- a/src/Exception/InvalidCredentialsException.php +++ /dev/null @@ -1,36 +0,0 @@ - - * @copyright Copyright (c) Alex Bilbie - * @license http://mit-license.org/ - * @link https://github.com/thephpleague/oauth2-server - */ - -namespace League\OAuth2\Server\Exception; - -/** - * Exception class - */ -class InvalidCredentialsException extends OAuthException -{ - /** - * {@inheritdoc} - */ - public $httpStatusCode = 401; - - /** - * {@inheritdoc} - */ - public $errorType = 'invalid_credentials'; - - /** - * {@inheritdoc} - */ - public function __construct() - { - parent::__construct('The user credentials were incorrect.'); - } -} diff --git a/src/Exception/OAuthServerException.php b/src/Exception/OAuthServerException.php index c0ea5ec1..953f8499 100644 --- a/src/Exception/OAuthServerException.php +++ b/src/Exception/OAuthServerException.php @@ -47,98 +47,6 @@ class OAuthServerException extends \Exception $this->redirectUri = $redirectUri; } - /** - * @return int - */ - public function getHttpStatusCode() - { - return $this->httpStatusCode; - } - - - /** - * @return string - */ - public function getErrorType() - { - return $this->errorType; - } - - /** - * Get all headers that have to be send with the error response - * - * @return array Array with header values - */ - public function getHttpHeaders() - { - $headers = [ - 'Content-type' => 'application/json' - ]; - - // Add "WWW-Authenticate" header - // - // RFC 6749, section 5.2.: - // "If the client attempted to authenticate via the 'Authorization' - // request header field, the authorization server MUST - // respond with an HTTP 401 (Unauthorized) status code and - // include the "WWW-Authenticate" response header field - // matching the authentication scheme used by the client. - // @codeCoverageIgnoreStart - if ($this->errorType === 'invalid_client') { - $authScheme = null; - $request = new ServerRequest(); - if ($request->getServerParams()['PHP_AUTH_USER'] !== null) { - $authScheme = 'Basic'; - } else { - $authHeader = $request->getHeader('authorization'); - if ($authHeader !== null) { - if (strpos($authHeader, 'Bearer') === 0) { - $authScheme = 'Bearer'; - } elseif (strpos($authHeader, 'Basic') === 0) { - $authScheme = 'Basic'; - } - } - } - if ($authScheme !== null) { - $headers[] = 'WWW-Authenticate: ' . $authScheme . ' realm="OAuth"'; - } - } - - // @codeCoverageIgnoreEnd - return $headers; - } - - /** - * Generate a HTTP response - * @return ResponseInterface - */ - public function generateHttpResponse() - { - $headers = $this->getHttpHeaders(); - - $payload = [ - 'error' => $this->errorType, - 'message' => $this->getMessage() - ]; - - if ($this->hint !== null) { - $payload['hint'] = $this->hint; - } - - if ($this->redirectUri !== null) { - $headers['Location'] = RedirectUri::make($this->redirectUri, $payload); - } - - $response = new Response( - 'php://memory', - $this->getHttpStatusCode(), - $headers - ); - $response->getBody()->write(json_encode($payload)); - - return $response; - } - /** * Invalid grant type error * @@ -244,4 +152,111 @@ class OAuthServerException extends \Exception return new static($errorMessage, 'invalid_scope', 400, $hint, $redirectUri); } + + /** + * Invalid credentials error + * + * @return static + */ + public static function invalidCredentials() + { + return new static('The user credentials were incorrect.', 'invalid_credentials', 401); + } + + /** + * @return string + */ + public function getErrorType() + { + return $this->errorType; + } + + /** + * Generate a HTTP response + * + * @return ResponseInterface + */ + public function generateHttpResponse() + { + $headers = $this->getHttpHeaders(); + + $payload = [ + 'error' => $this->errorType, + 'message' => $this->getMessage() + ]; + + if ($this->hint !== null) { + $payload['hint'] = $this->hint; + } + + if ($this->redirectUri !== null) { + $headers['Location'] = RedirectUri::make($this->redirectUri, $payload); + } + + $response = new Response( + 'php://memory', + $this->getHttpStatusCode(), + $headers + ); + $response->getBody()->write(json_encode($payload)); + + return $response; + } + + /** + * Get all headers that have to be send with the error response + * + * @return array Array with header values + */ + public function getHttpHeaders() + { + $headers = [ + 'Content-type' => 'application/json' + ]; + + // Add "WWW-Authenticate" header + // + // RFC 6749, section 5.2.: + // "If the client attempted to authenticate via the 'Authorization' + // request header field, the authorization server MUST + // respond with an HTTP 401 (Unauthorized) status code and + // include the "WWW-Authenticate" response header field + // matching the authentication scheme used by the client. + // @codeCoverageIgnoreStart + if ($this->errorType === 'invalid_client') { + $authScheme = null; + $request = new ServerRequest(); + if ( + isset($request->getServerParams()['PHP_AUTH_USER']) && + $request->getServerParams()['PHP_AUTH_USER'] !== null + ) { + $authScheme = 'Basic'; + } else { + $authHeader = $request->getHeader('authorization'); + if ($authHeader !== []) { + if (strpos($authHeader[0], 'Bearer') === 0) { + $authScheme = 'Bearer'; + } elseif (strpos($authHeader[0], 'Basic') === 0) { + $authScheme = 'Basic'; + } + } + } + if ($authScheme !== null) { + $headers[] = 'WWW-Authenticate: ' . $authScheme . ' realm="OAuth"'; + } + } + + // @codeCoverageIgnoreEnd + return $headers; + } + + /** + * Returns the HTTP status code to send when the exceptions is output + * + * @return int + */ + public function getHttpStatusCode() + { + return $this->httpStatusCode; + } }