ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2024-12-02 19:51:03 +05:30
Code Issues Packages Projects Releases Wiki Activity

exception based determineAccessTokenInHeader

Browse Source
This commit is contained in:
Julián Gutiérrez 2016-01-20 00:32:59 +01:00
parent 94cc7c2bc7
commit ef5904ab1a
3 changed files with 27 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/Middleware/ResourceServerMiddleware.php
View File

@ -33,18 +33,12 @@ class ResourceServerMiddleware
*/ */
public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next) public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)
{ {
if ($request->hasHeader('authorization') === false) { try {
$exception = OAuthServerException::accessDenied('Missing authorization header'); $request = $this->server->getResponseType()->determineAccessTokenInHeader($request);
} catch (OAuthServerException $exception) {
return $exception->generateHttpResponse($response);
}
$request = $this->server->getResponseType()->determineAccessTokenInHeader($request);
if ($request->getAttribute('oauth_access_token') === null) {
$exception = OAuthServerException::accessDenied($request->getAttribute('oauth_access_token_error'));
return $exception->generateHttpResponse($response); return $exception->generateHttpResponse($response);
} catch (\Exception $exception) {
return $response->withStatus(500)->write($exception->getMessage());
} }
// Pass the request and response on to the next responder in the chain // Pass the request and response on to the next responder in the chain

16
src/ResponseTypes/AbstractResponseType.php
View File

@ -13,7 +13,9 @@ namespace League\OAuth2\Server\ResponseTypes;
use League\OAuth2\Server\Entities\Interfaces\AccessTokenEntityInterface; use League\OAuth2\Server\Entities\Interfaces\AccessTokenEntityInterface;
use League\OAuth2\Server\Entities\Interfaces\RefreshTokenEntityInterface; use League\OAuth2\Server\Entities\Interfaces\RefreshTokenEntityInterface;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface; use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
use Psr\Http\Message\ServerRequestInterface;
abstract class AbstractResponseType implements ResponseTypeInterface abstract class AbstractResponseType implements ResponseTypeInterface
{ {
@ -66,10 +68,22 @@ abstract class AbstractResponseType implements ResponseTypeInterface
} }
/** /**
* @param \League\OAuth2\Server\Entities\Interfaces\RefreshTokenEntityInterface $refreshToken * {@inheritdoc}
*/ */
public function setRefreshToken(RefreshTokenEntityInterface $refreshToken) public function setRefreshToken(RefreshTokenEntityInterface $refreshToken)
{ {
$this->refreshToken = $refreshToken; $this->refreshToken = $refreshToken;
} }
/**
* {@inheritdoc}
*/
public function determineAccessTokenInHeader(ServerRequestInterface $request)
{
if ($request->hasHeader('authorization') === false) {
throw OAuthServerException::accessDenied('Missing "Authorization" header');
}
return $request;
}
} }

12
src/ResponseTypes/BearerTokenResponse.php
View File

@ -16,10 +16,10 @@ use Lcobucci\JWT\Parser;
use Lcobucci\JWT\Signer\Key; use Lcobucci\JWT\Signer\Key;
use Lcobucci\JWT\Signer\Rsa\Sha256; use Lcobucci\JWT\Signer\Rsa\Sha256;
use League\OAuth2\Server\Entities\Interfaces\RefreshTokenEntityInterface; use League\OAuth2\Server\Entities\Interfaces\RefreshTokenEntityInterface;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Utils\KeyCrypt; use League\OAuth2\Server\Utils\KeyCrypt;
use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Message\ServerRequestInterface;
use Zend\Diactoros\Response;
class BearerTokenResponse extends AbstractResponseType class BearerTokenResponse extends AbstractResponseType
{ {
@ -78,6 +78,8 @@ class BearerTokenResponse extends AbstractResponseType
*/ */
public function determineAccessTokenInHeader(ServerRequestInterface $request) public function determineAccessTokenInHeader(ServerRequestInterface $request)
{ {
$request = parent::determineAccessTokenInHeader($request);
$header = $request->getHeader('authorization'); $header = $request->getHeader('authorization');
$jwt = trim(preg_replace('/^(?:\s+)?Bearer\s/', '', $header[0])); $jwt = trim(preg_replace('/^(?:\s+)?Bearer\s/', '', $header[0]));
@ -85,12 +87,12 @@ class BearerTokenResponse extends AbstractResponseType
// Attempt to parse and validate the JWT // Attempt to parse and validate the JWT
$token = (new Parser())->parse($jwt); $token = (new Parser())->parse($jwt);
if ($token->verify(new Sha256(), $this->pathToPublicKey) === false) { if ($token->verify(new Sha256(), $this->pathToPublicKey) === false) {
return $request->withAttribute('oauth_access_token_error', 'Access token could not be verified'); throw OAuthServerException::accessDenied('Access token could not be verified');
} }
// Check if token has been revoked // Check if token has been revoked
if ($this->accessTokenRepository->isAccessTokenRevoked($token->getClaim('jti'))) { if ($this->accessTokenRepository->isAccessTokenRevoked($token->getClaim('jti'))) {
return $request->withAttribute('oauth_access_token_error', 'Access token has been revoked'); throw OAuthServerException::accessDenied('Access token has been revoked');
} }
// Return the request with additional attributes // Return the request with additional attributes
@ -98,9 +100,9 @@ class BearerTokenResponse extends AbstractResponseType
->withAttribute('oauth_client_id', $token->getClaim('aud')) ->withAttribute('oauth_client_id', $token->getClaim('aud'))
->withAttribute('oauth_user_id', $token->getClaim('sub')) ->withAttribute('oauth_user_id', $token->getClaim('sub'))
->withAttribute('oauth_scopes', $token->getClaim('scopes')); ->withAttribute('oauth_scopes', $token->getClaim('scopes'));
} catch (\InvalidArgumentException $e) { } catch (\InvalidArgumentException $exception) {
// JWT couldn't be parsed so return the request as is // JWT couldn't be parsed so return the request as is
return $request->withAttribute('oauth_access_token_error', $e->getMessage()); throw OAuthServerException::accessDenied($exception->getMessage());
} }
} }
} }