diff --git a/src/OAuth2/Grant/AuthCode.php b/src/OAuth2/Grant/AuthCode.php index 05701013..f26e77f7 100644 --- a/src/OAuth2/Grant/AuthCode.php +++ b/src/OAuth2/Grant/AuthCode.php @@ -1,12 +1,18 @@ responseType; } - public function completeFlow() + public function completeFlow($inputParams = null, $authParams = array(), Request $request) { - /* // Client ID - if ( ! isset($authParams['client_id']) && ! isset($_POST['client_id'])) { - throw new ClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0); - } + $authParams['client_id'] = (isset($inputParams['client_id'])) ? + $inputParams['client_id'] : + $request->post('client_id'); - $params['client_id'] = (isset($authParams['client_id'])) ? - $authParams['client_id'] : - $_POST['client_id']; + if (is_null($authParams['client_id'])) { + throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_id'), 0); + } // Client secret - if ( ! isset($authParams['client_secret']) && ! isset($_POST['client_secret'])) { - throw new ClientException(sprintf($this->errors['invalid_request'], 'client_secret'), 0); - } + $authParams['client_secret'] = (isset($inputParams['client_secret'])) ? + $inputParams['client_secret'] : + $request->post('client_secret'); - $params['client_secret'] = (isset($authParams['client_secret'])) ? - $authParams['client_secret'] : - $_POST['client_secret']; + if (is_null($authParams['client_secret'])) { + throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_secret'), 0); + } // Redirect URI - if ( ! isset($authParams['redirect_uri']) && ! isset($_POST['redirect_uri'])) { - throw new ClientException(sprintf($this->errors['invalid_request'], 'redirect_uri'), 0); - } + $authParams['redirect_uri'] = (isset($inputParams['redirect_uri'])) ? + $inputParams['redirect_uri'] : + $request->post('redirect_uri'); - $params['redirect_uri'] = (isset($authParams['redirect_uri'])) ? - $authParams['redirect_uri'] : - $_POST['redirect_uri']; + if (is_null($authParams['redirect_uri'])) { + throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'redirect_uri'), 0); + } // Validate client ID and redirect URI - $clientDetails = $this->_dbCall( - 'validateClient', - $params['client_id'], - $params['client_secret'], - $params['redirect_uri'] - ); + $clientDetails = AuthServer::getStorage('client')->get($authParams['client_id'], null, $authParams['redirect_uri']); if ($clientDetails === false) { - throw new ClientException($this->errors['invalid_client'], 8); + throw new Exception\ClientException(AuthServer::getExceptionMessage('invalid_client'), 8); } + $authParams['client_details'] = $clientDetails; + // The authorization code - if ( ! isset($authParams['code']) && ! isset($_POST['code'])) { - throw new ClientException(sprintf($this->errors['invalid_request'], 'code'), 0); + $authParams['code'] = (isset($inputParams['code'])) ? + $inputParams['code'] : + $request->post('code'); + + if (is_null($authParams['code'])) { + throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'code'), 0); } - $params['code'] = (isset($authParams['code'])) ? - $authParams['code'] : - $_POST['code']; - // Verify the authorization code matches the client_id and the request_uri - $session = $this->_dbCall( - 'validateAuthCode', - $params['client_id'], - $params['redirect_uri'], - $params['code'] - ); + $session = AuthServer::getStorage('session')->validateAuthCode($authParams['client_id'], $authParams['redirect_uri'], $authParams['code']); if ( ! $session) { - throw new ClientException(sprintf($this->errors['invalid_grant'], 'code'), 9); + throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_grant'), 'code'), 9); } // A session ID was returned so update it with an access token, // remove the authorisation code, change the stage to 'granted' - $accessToken = $this->_generateCode(); - $refreshToken = ($this->_grantTypes['refresh_token']) ? - $this->_generateCode() : + $accessToken = SecureKey::make(); + $refreshToken = (AuthServer::hasGrantType('refresh_token')) ? + SecureKey::make() : null; - $accessTokenExpires = time() + $this->_config['access_token_ttl']; - $accessTokenExpiresIn = $this->_config['access_token_ttl']; + $accessTokenExpires = time() + AuthServer::getExpiresIn(); + $accessTokenExpiresIn = AuthServer::getExpiresIn(); - $this->_dbCall( - 'updateSession', + AuthServer::getStorage('session')->update( $session['id'], null, $accessToken, @@ -103,14 +99,6 @@ class AuthCode implements GrantTypeInterface { 'granted' ); - // Update the session's scopes to reference the access token - $this->_dbCall( - 'updateSessionScopeAccessToken', - $session['id'], - $accessToken, - $refreshToken - ); - $response = array( 'access_token' => $accessToken, 'token_type' => 'bearer', @@ -118,13 +106,11 @@ class AuthCode implements GrantTypeInterface { 'expires_in' => $accessTokenExpiresIn ); - if ($this->_grantTypes['refresh_token']) { + if (AuthServer::hasGrantType('refresh_token')) { $response['refresh_token'] = $refreshToken; } return $response; - - */ } } \ No newline at end of file