$oauth2_message = $memento_service->getCurrentAuthorizationRequest();
if ($oauth2_message == null || !$oauth2_message->isValid()) {
throw new InvalidAuthorizationRequestException();
}
});
Route::filter("ssl", function () {
if (!Request::secure() && ServerConfigurationService::getConfigValue("SSL.Enable")) {
$openid_memento_service = ServiceLocator::getInstance()->getService(OpenIdServiceCatalog::MementoService);
$openid_memento_service->saveCurrentRequest();
$oauth2_memento_service = ServiceLocator::getInstance()->getService(OAuth2ServiceCatalog::MementoService);
$oauth2_memento_service->saveCurrentAuthorizationRequest();
return Redirect::secure(Request::getRequestUri());
}
});
Route::filter("oauth2.enabled", function () {
if (!ServerConfigurationService::getConfigValue("OAuth2.Enable")) {
return View::make('404');
}
});
Route::filter('user.owns.client.policy', function ($route, $request) {
try {
$authentication_service = ServiceLocator::getInstance()->getService(UtilsServiceCatalog::AuthenticationService);
$client_service = ServiceLocator::getInstance()->getService(OAuth2ServiceCatalog::ClientService);
$client_id = $route->getParameter('id');
$client = $client_service->getClientByIdentifier($client_id);
$user = $authentication_service->getCurrentUser();
if (is_null($client) || intval($client->getUserId()) !== intval($user->getId())) {
throw new Exception('invalid client id for current user');
}
} catch (Exception $ex) {
Log::error($ex);
public function isUriAllowed($uri)
{
if (!filter_var($uri, FILTER_VALIDATE_URL)) {
return false;
}
$parts = @parse_url($uri);
if ($parts == false) {
return false;
}
if ($parts['scheme'] !== 'https' && ServerConfigurationService::getConfigValue("SSL.Enable")) {
return false;
}
//normalize uri
$normalized_uri = $parts['scheme'] . '://' . strtolower($parts['host']);
if (isset($parts['path'])) {
$normalized_uri .= strtolower($parts['path']);
}
// normalize url and remove trailing /
$normalized_uri = rtrim($normalized_uri, '/');
$client_authorized_uri = ClientAuthorizedUri::where('client_id', '=', $this->id)->where('uri', '=', $normalized_uri)->first();
return !is_null($client_authorized_uri);
}
public function addClientAllowedUri($id, $uri)
{
$res = false;
$this->tx_service->transaction(function () use($id, $uri, &$res) {
$client = Client::find($id);
if (is_null($client)) {
throw new AbsentClientException(sprintf("client id %s does not exists!", $id));
}
if (!filter_var($uri, FILTER_VALIDATE_URL)) {
return false;
}
$parts = @parse_url($uri);
if (!$parts) {
throw new InvalidAllowedClientUriException(sprintf('uri : %s', $uri));
}
if ($parts['scheme'] !== 'https' && ServerConfigurationService::getConfigValue("SSL.Enable")) {
throw new InvalidAllowedClientUriException(sprintf('uri : %s', $uri));
}
//normalize uri
$normalized_uri = $parts['scheme'] . '://' . strtolower($parts['host']);
if (isset($parts['path'])) {
$normalized_uri .= strtolower($parts['path']);
}
// normalize url and remove trailing /
$normalized_uri = rtrim($normalized_uri, '/');
$client_uri = ClientAuthorizedUri::where('uri', '=', $normalized_uri)->where('client_id', '=', $id)->first();
if (!is_null($client_uri)) {
throw new AllowedClientUriAlreadyExistsException(sprintf('uri : %s', $normalized_uri));
}
$client_authorized_uri = new ClientAuthorizedUri();
$client_authorized_uri->client_id = $id;
$client_authorized_uri->uri = $uri;
$res = $client_authorized_uri->Save();
});
return $res;
}
