mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-12-16 18:19:47 +05:30
Updated authorisation server
This commit is contained in:
parent
5cd420bd5d
commit
a3863fec2e
@ -11,12 +11,18 @@
|
|||||||
|
|
||||||
namespace League\OAuth2\Server;
|
namespace League\OAuth2\Server;
|
||||||
|
|
||||||
use League\OAuth2\Server\Util\Request;
|
|
||||||
use League\OAuth2\Server\Util\SecureKey;
|
use League\OAuth2\Server\Util\SecureKey;
|
||||||
use League\OAuth2\Server\Storage\SessionInterface;
|
|
||||||
use League\OAuth2\Server\Storage\ClientInterface;
|
|
||||||
use League\OAuth2\Server\Storage\ScopeInterface;
|
|
||||||
use League\OAuth2\Server\Grant\GrantTypeInterface;
|
use League\OAuth2\Server\Grant\GrantTypeInterface;
|
||||||
|
use League\OAuth2\Server\Exception\ClientException;
|
||||||
|
use League\OAuth2\Server\Exception\ServerException;
|
||||||
|
use League\OAuth2\Server\Exception\InvalidGrantTypeException;
|
||||||
|
use League\OAuth2\Server\Storage\ClientInterface;
|
||||||
|
use League\OAuth2\Server\Storage\AccessTokenInterface;
|
||||||
|
use League\OAuth2\Server\Storage\AuthCodeInterface;
|
||||||
|
use League\OAuth2\Server\Storage\RefreshTokenInterface;
|
||||||
|
use League\OAuth2\Server\Storage\SessionInterface;
|
||||||
|
use League\OAuth2\Server\Storage\ScopeInterface;
|
||||||
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* OAuth 2.0 authorization server class
|
* OAuth 2.0 authorization server class
|
||||||
@ -25,7 +31,6 @@ class Authorization
|
|||||||
{
|
{
|
||||||
/**
|
/**
|
||||||
* The delimeter between scopes specified in the scope query string parameter
|
* The delimeter between scopes specified in the scope query string parameter
|
||||||
*
|
|
||||||
* The OAuth 2 specification states it should be a space but most use a comma
|
* The OAuth 2 specification states it should be a space but most use a comma
|
||||||
* @var string
|
* @var string
|
||||||
*/
|
*/
|
||||||
@ -118,7 +123,6 @@ class Authorization
|
|||||||
/**
|
/**
|
||||||
* Exception error HTTP status codes
|
* Exception error HTTP status codes
|
||||||
* @var array
|
* @var array
|
||||||
*
|
|
||||||
* RFC 6749, section 4.1.2.1.:
|
* RFC 6749, section 4.1.2.1.:
|
||||||
* No 503 status code for 'temporarily_unavailable', because
|
* No 503 status code for 'temporarily_unavailable', because
|
||||||
* "a 503 Service Unavailable HTTP status code cannot be
|
* "a 503 Service Unavailable HTTP status code cannot be
|
||||||
@ -141,7 +145,6 @@ class Authorization
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Get all headers that have to be send with the error response
|
* Get all headers that have to be send with the error response
|
||||||
*
|
|
||||||
* @param string $error The error message key
|
* @param string $error The error message key
|
||||||
* @return array Array with header values
|
* @return array Array with header values
|
||||||
*/
|
*/
|
||||||
@ -198,7 +201,6 @@ class Authorization
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Get an exception message
|
* Get an exception message
|
||||||
*
|
|
||||||
* @param string $error The error message key
|
* @param string $error The error message key
|
||||||
* @return string The error message
|
* @return string The error message
|
||||||
*/
|
*/
|
||||||
@ -209,7 +211,6 @@ class Authorization
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Get an exception code
|
* Get an exception code
|
||||||
*
|
|
||||||
* @param integer $code The exception code
|
* @param integer $code The exception code
|
||||||
* @return string The exception code type
|
* @return string The exception code type
|
||||||
*/
|
*/
|
||||||
@ -220,24 +221,47 @@ class Authorization
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Create a new OAuth2 authorization server
|
* Create a new OAuth2 authorization server
|
||||||
*
|
|
||||||
* @param ClientInterface $client A class which inherits from Storage/ClientInterface
|
|
||||||
* @param SessionInterface $session A class which inherits from Storage/SessionInterface
|
|
||||||
* @param ScopeInterface $scope A class which inherits from Storage/ScopeInterface
|
|
||||||
*/
|
*/
|
||||||
public function __construct(ClientInterface $client, SessionInterface $session, ScopeInterface $scope)
|
public function __construct()
|
||||||
{
|
{
|
||||||
$this->storages = array(
|
$this->storages = [];
|
||||||
'client' => $client,
|
}
|
||||||
'session' => $session,
|
|
||||||
'scope' => $scope
|
public function setClientStorage(ClientInterface $client)
|
||||||
);
|
{
|
||||||
|
$this->storages['client'] = $client;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function setSessionStorage(SessionInterface $session)
|
||||||
|
{
|
||||||
|
$this->storages['session'] = $session;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function setAccessTokenStorage(AccessTokenInterface $accessToken)
|
||||||
|
{
|
||||||
|
$this->storages['access_token'] = $accessToken;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function setRefreshTokenStorage(RefreshTokenInterface $refreshToken)
|
||||||
|
{
|
||||||
|
$this->storages['refresh_token'] = $refreshToken;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function setAuthCodeStorage(AuthCodeInterface $authCode)
|
||||||
|
{
|
||||||
|
$this->storages['auth_code'] = $authCode;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function setScopeStorage(ScopeInterface $scope)
|
||||||
|
{
|
||||||
|
$this->storages['scope'] = $scope;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Enable support for a grant
|
* Enable support for a grant
|
||||||
* @param GrantTypeInterface $grantType A grant class which conforms to Interface/GrantTypeInterface
|
* @param GrantTypeInterface $grantType A grant class which conforms to Interface/GrantTypeInterface
|
||||||
* @param null|string $identifier An identifier for the grant (autodetected if not passed)
|
* @param null|string $identifier An identifier for the grant (autodetected if not passed)
|
||||||
|
* @return self
|
||||||
*/
|
*/
|
||||||
public function addGrantType(GrantTypeInterface $grantType, $identifier = null)
|
public function addGrantType(GrantTypeInterface $grantType, $identifier = null)
|
||||||
{
|
{
|
||||||
@ -253,6 +277,8 @@ class Authorization
|
|||||||
if ( ! is_null($grantType->getResponseType())) {
|
if ( ! is_null($grantType->getResponseType())) {
|
||||||
$this->responseTypes[] = $grantType->getResponseType();
|
$this->responseTypes[] = $grantType->getResponseType();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return $this;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -267,7 +293,6 @@ class Authorization
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns response types
|
* Returns response types
|
||||||
*
|
|
||||||
* @return array
|
* @return array
|
||||||
*/
|
*/
|
||||||
public function getResponseTypes()
|
public function getResponseTypes()
|
||||||
@ -278,11 +303,12 @@ class Authorization
|
|||||||
/**
|
/**
|
||||||
* Require the "scope" paremter in checkAuthoriseParams()
|
* Require the "scope" paremter in checkAuthoriseParams()
|
||||||
* @param boolean $require
|
* @param boolean $require
|
||||||
* @return void
|
* @return self
|
||||||
*/
|
*/
|
||||||
public function requireScopeParam($require = true)
|
public function requireScopeParam($require = true)
|
||||||
{
|
{
|
||||||
$this->requireScopeParam = $require;
|
$this->requireScopeParam = $require;
|
||||||
|
return $this;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -296,7 +322,7 @@ class Authorization
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Default scope to be used if none is provided and requireScopeParam is false
|
* Default scope to be used if none is provided and requireScopeParam is false
|
||||||
* @param string|array $default
|
* @param self
|
||||||
*/
|
*/
|
||||||
public function setDefaultScope($default = null)
|
public function setDefaultScope($default = null)
|
||||||
{
|
{
|
||||||
@ -336,7 +362,6 @@ class Authorization
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the scope delimeter
|
* Get the scope delimeter
|
||||||
*
|
|
||||||
* @return string The scope delimiter (default: ",")
|
* @return string The scope delimiter (default: ",")
|
||||||
*/
|
*/
|
||||||
public function getScopeDelimeter()
|
public function getScopeDelimeter()
|
||||||
@ -346,7 +371,6 @@ class Authorization
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Set the scope delimiter
|
* Set the scope delimiter
|
||||||
*
|
|
||||||
* @param string $scopeDelimeter
|
* @param string $scopeDelimeter
|
||||||
*/
|
*/
|
||||||
public function setScopeDelimeter($scopeDelimeter = ' ')
|
public function setScopeDelimeter($scopeDelimeter = ' ')
|
||||||
@ -376,10 +400,10 @@ class Authorization
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Sets the Request Object
|
* Sets the Request Object
|
||||||
*
|
* @param \Symfony\Component\HttpFoundation\Request The Request Object
|
||||||
* @param Util\RequestInterface The Request Object
|
* @return self
|
||||||
*/
|
*/
|
||||||
public function setRequest(Util\RequestInterface $request)
|
public function setRequest(Request $request)
|
||||||
{
|
{
|
||||||
$this->request = $request;
|
$this->request = $request;
|
||||||
return $this;
|
return $this;
|
||||||
@ -387,16 +411,13 @@ class Authorization
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Gets the Request object. It will create one from the globals if one is not set.
|
* Gets the Request object. It will create one from the globals if one is not set.
|
||||||
*
|
* @return \Symfony\Component\HttpFoundation\Request
|
||||||
* @return Util\RequestInterface
|
|
||||||
*/
|
*/
|
||||||
public function getRequest()
|
public function getRequest()
|
||||||
{
|
{
|
||||||
if ($this->request === null) {
|
if ($this->request === null) {
|
||||||
// @codeCoverageIgnoreStart
|
$this->request = \Symfony\Component\HttpFoundation\Request::createFromGlobals();
|
||||||
$this->request = Request::buildFromGlobals();
|
|
||||||
}
|
}
|
||||||
// @codeCoverageIgnoreEnd
|
|
||||||
|
|
||||||
return $this->request;
|
return $this->request;
|
||||||
}
|
}
|
||||||
@ -408,26 +429,28 @@ class Authorization
|
|||||||
*/
|
*/
|
||||||
public function getStorage($obj)
|
public function getStorage($obj)
|
||||||
{
|
{
|
||||||
|
if (!isset($this->storages[$obj])) {
|
||||||
|
throw new ServerException('The `'.$obj.'` storage interface has not been registered with the authorization
|
||||||
|
server');
|
||||||
|
}
|
||||||
return $this->storages[$obj];
|
return $this->storages[$obj];
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Issue an access token
|
* Issue an access token
|
||||||
*
|
|
||||||
* @param array $inputParams Optional array of parsed $_POST keys
|
* @param array $inputParams Optional array of parsed $_POST keys
|
||||||
* @return array Authorise request parameters
|
* @return array Authorise request parameters
|
||||||
*/
|
*/
|
||||||
public function issueAccessToken($inputParams = array())
|
public function issueAccessToken($inputParams = array())
|
||||||
{
|
{
|
||||||
$grantType = $this->getParam('grant_type', 'post', $inputParams);
|
$grantType = $this->getRequest()->request->get('grant_type');
|
||||||
|
|
||||||
if (is_null($grantType)) {
|
if (is_null($grantType)) {
|
||||||
throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'grant_type'), 0);
|
throw new ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'grant_type'), 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Ensure grant type is one that is recognised and is enabled
|
// Ensure grant type is one that is recognised and is enabled
|
||||||
if ( ! in_array($grantType, array_keys($this->grantTypes))) {
|
if ( ! in_array($grantType, array_keys($this->grantTypes))) {
|
||||||
throw new Exception\ClientException(sprintf(self::$exceptionMessages['unsupported_grant_type'], $grantType), 7);
|
throw new ClientException(sprintf(self::$exceptionMessages['unsupported_grant_type'], $grantType), 7);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Complete the flow
|
// Complete the flow
|
||||||
@ -445,35 +468,6 @@ class Authorization
|
|||||||
return $this->grantTypes[$grantType];
|
return $this->grantTypes[$grantType];
|
||||||
}
|
}
|
||||||
|
|
||||||
throw new Exception\InvalidGrantTypeException(sprintf(self::$exceptionMessages['unsupported_grant_type'], $grantType), 9);
|
throw new InvalidGrantTypeException(sprintf(self::$exceptionMessages['unsupported_grant_type'], $grantType), 9);
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Get a parameter from passed input parameters or the Request class
|
|
||||||
* @param string|array $param Required parameter
|
|
||||||
* @param string $method Get/put/post/delete
|
|
||||||
* @param array $inputParams Passed input parameters
|
|
||||||
* @return mixed 'Null' if parameter is missing
|
|
||||||
*/
|
|
||||||
public function getParam($param = '', $method = 'get', $inputParams = array(), $default = null)
|
|
||||||
{
|
|
||||||
if (is_string($param)) {
|
|
||||||
if (isset($inputParams[$param])) {
|
|
||||||
return $inputParams[$param];
|
|
||||||
} elseif ($param === 'client_id' && ! is_null($clientId = $this->getRequest()->server('PHP_AUTH_USER'))) {
|
|
||||||
return $clientId;
|
|
||||||
} elseif ($param === 'client_secret' && ! is_null($clientSecret = $this->getRequest()->server('PHP_AUTH_PW'))) {
|
|
||||||
return $clientSecret;
|
|
||||||
} else {
|
|
||||||
return $this->getRequest()->{$method}($param, $default);
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
$response = array();
|
|
||||||
foreach ($param as $p) {
|
|
||||||
$response[$p] = $this->getParam($p, $method, $inputParams);
|
|
||||||
}
|
|
||||||
return $response;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
|
||||||
|
Loading…
Reference in New Issue
Block a user