/**
* Checks an OAuth authorisation request for protocol compliance.
*
* @param Request $request the original request
* @param Response $response the OAuth response
* @see processAuthRequest()
*
*/
protected function checkAuthRequest($request, $response)
{
$store = StoreManager::instance();
// 1. response_type (pass 1 - check that it exists)
if (!isset($request['response_type'])) {
$this->logger->log(LogLevel::ERROR, 'Protocol Error: response_type not set.');
$this->fatalError($this->t('Protocol Error: response_type not set.'));
return;
}
$response_types = preg_split('/\\s+/', $request['response_type']);
if (in_array('token', $response_types)) {
$response->setResponseType(Response::FRAGMENT_RESPONSE_TYPE);
}
// 2. client_id (pass 1 - check that it exists)
if (!isset($request['client_id'])) {
$this->logger->log(LogLevel::ERROR, 'Protocol Error: client_id not set');
if (isset($request['redirect_uri'])) {
$response->setError('invalid_request', 'client_id not set')->renderRedirect();
} else {
$this->fatalError($this->t('Protocol Error: client_id not set'));
}
return;
}
$client = $store->loadClient($request['client_id'], 'SimpleID\\Protocols\\OAuth\\OAuthClient');
if ($client == NULL) {
$this->logger->log(LogLevel::ERROR, 'Client with client_id not found: ' . $request['client_id']);
if (isset($request['redirect_uri'])) {
$response->setError('invalid_request', 'client not found')->renderRedirect();
} else {
$this->fatalError($this->t('Protocol Error: Client not found'));
}
return;
}
// 3. redirect_uri
if (isset($request['redirect_uri'])) {
// Validate against client registration for public clients and implicit grant types
$redirect_uri_found = false;
$request_redirect_uri_has_query = parse_url($request['redirect_uri'], PHP_URL_QUERY) != null;
foreach ($client['oauth']['redirect_uris'] as $test_redirect_uri) {
$test_redirect_uri_has_query = parse_url($test_redirect_uri, PHP_URL_QUERY) != null;
if (!$test_redirect_uri_has_query && $request_redirect_uri_has_query) {
continue;
}
if (strcasecmp(substr($request['redirect_uri'], 0, strlen($test_redirect_uri)), $test_redirect_uri) === 0) {
$redirect_uri_found = true;
break;
}
}
if (!$redirect_uri_found) {
$this->logger->log(LogLevel::ERROR, 'Incorrect redirect URI: ' . $request['redirect_uri']);
$this->fatalError($this->t('Protocol Error: Incorrect redirect URI'));
return;
}
} elseif (isset($client['oauth']['redirect_uris'])) {
if (is_string($client['oauth']['redirect_uris'])) {
$response->setRedirectURI($client['oauth']['redirect_uris']);
} elseif (count($client['oauth']['redirect_uris']) == 1) {
$response->setRedirectURI($client['oauth']['redirect_uris'][0]);
} else {
$this->logger->log(LogLevel::ERROR, 'Protocol Error: redirect_uri not specified in request when multiple redirect_uris are registered');
$this->fatalError($this->t('Protocol Error: redirect_uri not specified in request when multiple redirect_uris are registered'));
return;
}
} else {
$this->logger->log(LogLevel::ERROR, 'Protocol Error: redirect_uri not specified in request or client registration');
$this->fatalError($this->t('Protocol Error: redirect_uri not specified in request or client registration'));
return;
}
// 4. response_type (pass 2 - check that all are supported)
$supported_response_types = $this->mgr->invokeAll('oAuthResponseTypes');
foreach ($response_types as $response_type) {
if (!in_array($response_type, $supported_response_types)) {
$this->logger->log(LogLevel::ERROR, 'Protocol Error: unsupported response_type: ' . $response_type);
$response->setError('unsupported_response_type', 'unsupported response_type: ' . $response_type)->renderRedirect();
return;
}
}
}
