New OAuthServerException class

2024-11-15 17:56:14 +05:30 · 2015-11-13 17:37:37 +00:00 · 2015-11-13 17:37:37 +00:00 · b479cb7912
commit b479cb7912
parent 41c7a6e731
1 changed files with 247 additions and 0 deletions
--- a/src/Exception/OAuthServerException.php
+++ b/src/Exception/OAuthServerException.php
@ -0,0 +1,247 @@
+<?php
+
+namespace League\OAuth2\Server\Exception;
+
+use League\OAuth2\Server\Utils\RedirectUri;
+use Psr\Http\Message\ResponseInterface;
+use Zend\Diactoros\Response;
+use Zend\Diactoros\ServerRequest;
+
+class OAuthServerException extends \Exception
+{
+    /**
+     * @var int
+     */
+    private $httpStatusCode;
+
+    /**
+     * @var string
+     */
+    private $errorType;
+
+    /**
+     * @var null|string
+     */
+    private $hint;
+
+    /**
+     * @var null|string
+     */
+    private $redirectUri;
+
+    /**
+     * Throw a new exception
+     *
+     * @param string      $message        Error message
+     * @param string      $errorType      Error type
+     * @param int         $httpStatusCode HTTP status code to send (default = 400)
+     * @param null|string $hint           A helper hint
+     * @param null|string $redirectUri    A HTTP URI to redirect the user back to
+     */
+    public function __construct($message, $errorType, $httpStatusCode = 400, $hint = null, $redirectUri = null)
+    {
+        parent::__construct($message);
+        $this->httpStatusCode = $httpStatusCode;
+        $this->errorType = $errorType;
+        $this->hint = $hint;
+        $this->redirectUri = $redirectUri;
+    }
+
+    /**
+     * @return int
+     */
+    public function getHttpStatusCode()
+    {
+        return $this->httpStatusCode;
+    }
+
+
+    /**
+     * @return string
+     */
+    public function getErrorType()
+    {
+        return $this->errorType;
+    }
+
+    /**
+     * Get all headers that have to be send with the error response
+     *
+     * @return array Array with header values
+     */
+    public function getHttpHeaders()
+    {
+        $headers = [
+            'Content-type' => 'application/json'
+        ];
+
+        // Add "WWW-Authenticate" header
+        //
+        // RFC 6749, section 5.2.:
+        // "If the client attempted to authenticate via the 'Authorization'
+        // request header field, the authorization server MUST
+        // respond with an HTTP 401 (Unauthorized) status code and
+        // include the "WWW-Authenticate" response header field
+        // matching the authentication scheme used by the client.
+        // @codeCoverageIgnoreStart
+        if ($this->errorType === 'invalid_client') {
+            $authScheme = null;
+            $request = new ServerRequest();
+            if ($request->getServerParams()['PHP_AUTH_USER'] !== null) {
+                $authScheme = 'Basic';
+            } else {
+                $authHeader = $request->getHeader('authorization');
+                if ($authHeader !== null) {
+                    if (strpos($authHeader, 'Bearer') === 0) {
+                        $authScheme = 'Bearer';
+                    } elseif (strpos($authHeader, 'Basic') === 0) {
+                        $authScheme = 'Basic';
+                    }
+                }
+            }
+            if ($authScheme !== null) {
+                $headers[] = 'WWW-Authenticate: ' . $authScheme . ' realm="OAuth"';
+            }
+        }
+
+        // @codeCoverageIgnoreEnd
+        return $headers;
+    }
+
+    /**
+     * Generate a HTTP response
+     * @return ResponseInterface
+     */
+    public function generateHttpResponse()
+    {
+        $headers = $this->getHttpHeaders();
+
+        $payload = [
+            'error'   => $this->errorType,
+            'message' => $this->getMessage()
+        ];
+
+        if ($this->hint !== null) {
+            $payload['hint'] = $this->hint;
+        }
+
+        if ($this->redirectUri !== null) {
+            $headers['Location'] = RedirectUri::make($this->redirectUri, $payload);
+        }
+
+        $response = new Response(
+            'php://memory',
+            $this->getHttpStatusCode(),
+            $headers
+        );
+        $response->getBody()->write(json_encode($payload));
+
+        return $response;
+    }
+
+    /**
+     * Invalid grant type error
+     *
+     * @param null|string $localizedError
+     * @param null|string $localizedHint
+     *
+     * @return static
+     */
+    public static function invalidGrantType(
+        $localizedError = null,
+        $localizedHint = null
+    ) {
+        $errorMessage = (is_null($localizedError))
+            ? 'The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.'
+            : $localizedError;
+        $hint = (is_null($localizedHint))
+            ? 'Check the `grant_type` parameter'
+            : $localizedHint;
+
+        return new static($errorMessage, 'invalid_grant', 400, $hint);
+    }
+
+    /**
+     * Unsupported grant type error
+     *
+     * @param null|string $localizedError
+     * @param null|string $localizedHint
+     *
+     * @return static
+     */
+    public static function unsupportedGrantType(
+        $localizedError = null,
+        $localizedHint = null
+    ) {
+        $errorMessage = (is_null($localizedError))
+            ? 'The authorization grant type is not supported by the authorization server.'
+            : $localizedError;
+        $hint = (is_null($localizedHint))
+            ? 'Check the `grant_type` parameter'
+            : $localizedHint;
+
+        return new static($errorMessage, 'unsupported_grant_type', 400, $hint);
+    }
+
+    /**
+     * Invalid request error
+     *
+     * @param string      $parameter The invalid parameter
+     * @param null|string $localizedError
+     * @param null|string $localizedHint
+     *
+     * @return static
+     */
+    public static function invalidRequest(
+        $parameter,
+        $localizedError = null,
+        $localizedHint = null
+    ) {
+        $errorMessage = (is_null($localizedError))
+            ? 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.'
+            : $localizedError;
+        $hint = (is_null($localizedHint))
+            ? sprintf('Check the `%s` parameter', $parameter)
+            : sprintf($localizedHint, $parameter);
+
+        return new static($errorMessage, 'invalid_request', 400, $hint);
+    }
+
+    /**
+     * Invalid client error
+     *
+     * @param null|string $localizedError
+     *
+     * @return static
+     */
+    public static function invalidClient($localizedError = null)
+    {
+        $errorMessage = (is_null($localizedError))
+            ? 'Client authentication failed'
+            : $localizedError;
+
+        return new static($errorMessage, 'invalid_client', 401);
+    }
+
+    /**
+     * Invalid scope error
+     *
+     * @param string      $scope          The bad scope
+     * @param null|string $localizedError A localized error message
+     * @param null|string $localizedHint  A localized error hint
+     * @param null|string $redirectUri    A HTTP URI to redirect the user back to
+     *
+     * @return static
+     */
+    public static function invalidScope($scope, $localizedError = null, $localizedHint = null, $redirectUri = null)
+    {
+        $errorMessage = (is_null($localizedError))
+            ? 'The requested scope is invalid, unknown, or malformed'
+            : $localizedError;
+        $hint = (is_null($localizedHint))
+            ? sprintf('Check the `%s` scope', $scope)
+            : sprintf($localizedHint, $scope);
+
+        return new static($errorMessage, 'invalid_scope', 400, $hint, $redirectUri);
+    }
+}