/**
* Given a client, grant type and optional user identifier validate the set of scopes requested are valid and optionally
* append additional scopes or remove requested scopes.
*
* @param ScopeEntityInterface[] $scopes
* @param string $grantType
* @param \League\OAuth2\Server\Entities\ClientEntityInterface $clientEntity
* @param null|string $userIdentifier
*
* @return \League\OAuth2\Server\Entities\ScopeEntityInterface[]
*/
public function finalizeScopes(array $scopes, $grantType, ClientEntityInterface $clientEntity, $userIdentifier = null)
{
$scopeModel = $this->modelResolver->getModel('ScopeModel');
$clientModel = $this->modelResolver->getModel('ClientModel');
$clientModel = $clientModel::byIdentifier($clientEntity->getIdentifier())->first();
if (is_null($clientModel)) {
return [];
}
$scopes = array_map(function ($scopes) {
return $scopes->getIdentifier();
}, $scopes);
$validScopes = $scopeModel::byIdentifierIn($scopes)->get()->pluck($scopeModel::$identifierKey);
$validScopes = collect($validScopes);
if (!empty($clientModel->scopes)) {
$clientScopes = $clientModel->scopes;
if (!$clientModel::$canHandleArray) {
$clientScopes = json_decode($clientScopes);
}
$validScopes = $validScopes->intersect($clientScopes);
}
$validScopeEntities = [];
foreach ($validScopes as $validScope) {
$scopeEntity = new ScopeEntity();
$scopeEntity->setIdentifier($validScope);
$validScopeEntities[] = $scopeEntity;
}
return $validScopeEntities;
}
/**
* Given a client, grant type and optional user identifier validate the set of scopes requested are valid and optionally
* append additional scopes or remove requested scopes.
*
* @param array<ScopeEntityInterface> $scopes
* @param string $grantType
* @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $clientEntity
* @param string $userIdentifier
*
* @return array<\League\OAuth2\Server\Entities\Interfaces\ScopeEntityInterface>
**/
public function finalizeScopes(array $scopes, $grantType, ClientEntityInterface $clientEntity, $userIdentifier = null)
{
$builder = (new Builder())->columns(['Scope.id'])->addFrom(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\Scope::class, 'Scope');
$scopesIdentifiers = [];
foreach ($scopes as $scope) {
$scopesIdentifiers[] = $scope->getIdentifier();
}
$builder->inWhere('Scope.id', $scopesIdentifiers);
if ($this->getConfig()->limit_scopes_to_grants === true) {
$builder->innerJoin(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\GrantScope::class, 'GrantScope.scope_id = Scope.id', 'GrantScope')->innerJoin(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\Grant::class, 'Grant.id = GrantScope.grant_id', 'Grant')->andWhere('Grant.id = :grantType:', compact('grantType'));
}
if ($this->getConfig()->limit_clients_to_scopes === true) {
$builder->innerJoin(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\ClientScope::class, 'ClientScope.scope_id = Scope.id', 'ClientScope')->innerJoin(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\Client::class, 'Client.id = ClientScope.client_id', 'Client')->andWhere('Client.id = :client_id:', ['client_id' => $clientEntity->getIdentifier()]);
}
if ($this->getConfig()->limit_users_to_scopes === true) {
$builder->innerJoin(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\UserScope::class, 'UserScope.scope_id = Scope.id', 'UserScope')->innerJoin(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\User::class, 'User.id = UserScope.user_id', 'User')->AndWhere('User.id = :userIdentifier:', compact('userIdentifier'));
}
$query = $builder->getQuery();
$result = $query->execute();
if (!$result || $result->count() <= 0) {
$scope = current($scopes);
throw OAuthServerException::invalidScope($scope->getIdentifier());
}
$entities = [];
foreach ($result as $scope) {
$entity = new ScopeEntity();
$entity->setIdentifier($scope->id);
$entities[] = $entity;
}
return $entities;
}
public function getUserEntityByUserCredentials($username, $password, $grantType, ClientEntityInterface $clientEntity)
{
$builder = (new Builder())->columns(['User.id', 'User.username', 'User.password'])->addFrom(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\User::class, 'User')->where('User.username = :username:'******'username'))->limit(1);
if ($this->getConfig()->limit_users_to_clients === true) {
$builder->innerJoin(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\UserClient::class, 'UserClient.user_id = User.id', 'UserClient')->innerJoin(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\Client::class, 'Client.id = UserClient.client_id', 'Client')->andWhere('Client.id = :client_id:', ['client_id' => $clientEntity->getIdentifier()]);
}
if ($this->getConfig()->limit_users_to_grants === true) {
$builder->innerJoin(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\UserGrant::class, 'UserGrant.user_id = User.id', 'UserGrant')->innerJoin(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\Grant::class, 'Grant.id = UserGrant.grant_id', 'Grant')->andWhere('Grant.id = :grantType:', compact('grantType'));
}
$query = $builder->getQuery();
$result = $query->getSingleResult();
if (!$result) {
throw OAuthServerException::invalidCredentials();
}
$security = new Security();
if ($security->checkHash($password, $result->password) !== true) {
throw OAuthServerException::invalidCredentials();
}
$user = new UserEntity();
$user->setIdentifier($result->id);
return $user;
}
/**
* @param \League\OAuth2\Server\Entities\ScopeEntityInterface[] $scopes
* @param string $grantType
* @param ClientEntityInterface $clientEntity
* @param null $userIdentifier|string
* @return \League\OAuth2\Server\Entities\ScopeEntityInterface[]
*/
public function finalizeScopes(array $scopes, $grantType, ClientEntityInterface $clientEntity, $userIdentifier = null)
{
$scopesId = [];
foreach ($scopes as $item) {
$scopesId[] = $item->getIdentifier();
}
$query = ScopesModel::findByScopeId($scopesId);
ScopesModel::findByGrantId($grantType, $query);
ScopesModel::findByClientId($clientEntity->getIdentifier(), $query);
if ($userIdentifier) {
ScopesModel::findByUserId($userIdentifier, $query);
}
$result = $query->all();
$entitys = [];
foreach ($result as $item) {
foreach ($scopes as $key => $scope) {
if ($item->id == $scope->getIdentifier()) {
$entitys[$key] = $scope;
}
}
}
return $entitys;
}