/**
* Register the Authorization server with the IoC container
* @return void
*/
public function registerAuthorizer()
{
$this->app->bindShared('oauth2-server.authorizer', function ($app) {
$config = $app['config']->get('oauth2');
$issuer = $app->make('League\\OAuth2\\Server\\AuthorizationServer')->setClientStorage($app->make('League\\OAuth2\\Server\\Storage\\ClientInterface'))->setSessionStorage($app->make('League\\OAuth2\\Server\\Storage\\SessionInterface'))->setAuthCodeStorage($app->make('League\\OAuth2\\Server\\Storage\\AuthCodeInterface'))->setAccessTokenStorage($app->make('League\\OAuth2\\Server\\Storage\\AccessTokenInterface'))->setRefreshTokenStorage($app->make('League\\OAuth2\\Server\\Storage\\RefreshTokenInterface'))->setScopeStorage($app->make('League\\OAuth2\\Server\\Storage\\ScopeInterface'))->requireScopeParam($config['scope_param'])->setDefaultScope($config['default_scope'])->requireStateParam($config['state_param'])->setScopeDelimiter($config['scope_delimiter'])->setAccessTokenTTL($config['access_token_ttl']);
// add the supported grant types to the authorization server
foreach ($config['grant_types'] as $grantIdentifier => $grantParams) {
$grant = new $grantParams['class']();
$grant->setAccessTokenTTL($grantParams['access_token_ttl']);
if (array_key_exists('callback', $grantParams)) {
$grant->setVerifyCredentialsCallback($grantParams['callback']);
}
if (array_key_exists('auth_token_ttl', $grantParams)) {
$grant->setAuthTokenTTL($grantParams['auth_token_ttl']);
}
if (array_key_exists('refresh_token_ttl', $grantParams)) {
$grant->setRefreshTokenTTL($grantParams['refresh_token_ttl']);
}
$issuer->addGrantType($grant);
}
$checker = $app->make('League\\OAuth2\\Server\\ResourceServer');
$authorizer = new Authorizer($issuer, $checker);
$authorizer->setRequest($app['request']);
$authorizer->setTokenType($app->make($config['token_type']));
$app->refresh('request', $authorizer, 'setRequest');
return $authorizer;
});
$this->app->bind('LucaDegasperi\\OAuth2Server\\Authorizer', function ($app) {
return $app['oauth2-server.authorizer'];
});
}
/**
* Handle middleware
*
* @param Request $request
* @param callable $next
* @return mixed
*/
public function handle(Request $request, Closure $next)
{
//Get account
$account = $this->getAccountFromRouting();
//Set account in context
$this->context->setAccount($account);
//If the owner type is User
if ($this->authorizer->getResourceOwnerType() == 'user') {
//Find the user
$user = $this->userRepository->find($this->authorizer->getResourceOwnerId());
//If we have account in the route
if ($account) {
//Check if the user has access to the account
if (!$user->isAssociateToAccount($account)) {
return $this->response->errorUnauthorized("You don't have access to the account {$account->uuid}");
}
}
//Add context processor to log
$this->log->addProcessors([new ContextProcessor($user, isset($account) ? $account : null)]);
//Set the user in context
$this->context->setUser($user);
}
// Set application locale
$this->setApplicationLocale();
return $next($request);
}
/**
* Store a newly created resource in storage.
*
* @param \Illuminate\Http\Request $request
*
* @return \Illuminate\Http\Response
*/
public function store(Request $request)
{
$data = $request->all();
$userId = $this->authorizer->getResourceOwnerId();
$data['client_id'] = $this->userRepository->find($userId)->client->id;
$order = $this->orderService->create($data);
return $this->orderRepository->with('items')->find($order->id);
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$user = $this->userRepository->find($this->authorizer->getResourceOwnerId());
App::singleton('user', function () use($user) {
return $user->toArray();
});
return $next($request);
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @throws \League\OAuth2\Server\Exception\AccessDeniedException
*
* @return mixed
*/
public function handle($request, Closure $next)
{
$this->authorizer->setRequest($request);
if ($this->authorizer->getResourceOwnerType() !== 'user') {
throw new AccessDeniedException();
}
return $next($request);
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @throws \League\OAuth2\Server\Exception\AccessDeniedException
*
* @return mixed
*/
public function handle($request, Closure $next)
{
$this->authorizer->setRequest($request);
$this->authorizer->validateAccessToken($this->httpHeadersOnly);
if ($this->authorizer->getResourceOwnerType() !== 'client') {
throw new AccessDeniedException();
}
return $next($request);
}
/**
* @return \Illuminate\Http\Response
*/
public function postAccessToken(Request $request)
{
//Patch because the package doesn't support json body parameter, we have to do this
$this->request->request->replace($request->all());
//Replace the request instance into the authorizer
$this->authorizer->setRequest($this->request);
//Issue the access token
return response()->json($this->authorizer->issueAccessToken());
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @throws \League\OAuth2\Server\Exception\AccessDeniedException
*
* @return mixed
*/
public function handle($request, Closure $next)
{
$this->authorizer->setRequest($request);
$user = $this->authorizer->getResourceOwnerId();
$user = json_decode($user, true)['data'];
if (in_array($user['role'], ['store_manager', 'admin'])) {
return $next($request);
}
throw new AccessDeniedException();
}
/**
* The main filter method
* @internal param mixed $route, mixed $request, mixed $owners,...
* @return null
* @throws \League\OAuth2\Server\Exception\AccessDeniedException
*/
public function filter()
{
if (func_num_args() > 2) {
$ownerTypes = array_slice(func_get_args(), 2);
if (!in_array($this->authorizer->getResourceOwnerType(), $ownerTypes)) {
throw new AccessDeniedException();
}
}
return null;
}
/**
* Send the request after setting authorization params
* @return Illuminate\Http\Response
*/
public function sendAuthorization()
{
$this->request->merge($this->params->toArray());
$this->oauth->getIssuer()->setRequest($this->request);
$token = $this->oauth->issueAccessToken();
if (auth()->check()) {
$token['user'] = auth()->user();
}
return response()->json($token);
}
public function update(Request $request, $id)
{
$deliverymanId = $this->authorizer->getResourceOwnerId();
if ($this->orderService->update(['id' => $id, 'user_deliveryman_id' => $deliverymanId], $request)) {
$type = ['type' => 'success'];
$code = Response::HTTP_OK;
}
$type = !$type ? ['type' => 'not found'] : $type;
$code = !$code ? Response::HTTP_NOT_FOUND : $code;
return response($type, $code)->header('Content-Type', 'application/json');
}
public function __construct(Authorizer $authorizer)
{
$this->authorizer = $authorizer;
try {
$this->accessToken = $authorizer->getChecker()->determineAccessToken();
if ($this->accessToken) {
$this->beforeFilter('oauth');
}
} catch (InvalidRequestException $e) {
// do nothing
}
}
/**
* Register the Authorization server with the IoC container
* @return void
*/
public function registerAuthorizer()
{
$this->app->bindShared('oauth2-server.authorizer', function ($app) {
$config = $app['config']->get('oauth2-server-laravel::oauth2');
$checker = $app->make('League\\OAuth2\\Server\\ResourceServer');
$authorizer = new Authorizer($checker);
$authorizer->setRequest($app['request']);
$authorizer->setTokenType($app->make($config['token_type']));
$app->refresh('request', $authorizer, 'setRequest');
return $authorizer;
});
$this->app->bind('LucaDegasperi\\OAuth2Server\\Authorizer', function ($app) {
return $app['oauth2-server.authorizer'];
});
}
/**
* Validate the scopes.
*
* @param $scopes
*
* @throws \League\OAuth2\Server\Exception\InvalidScopeException
*/
public function validateScopes($scopes)
{
if (!empty($scopes) && !$this->authorizer->hasScope($scopes)) {
return false;
}
return true;
}
/**
* @param Authorizer $authorizer
* @param bool $httpHeadersOnly
*/
public function __construct(Authorizer $authorizer, $httpHeadersOnly = false)
{
if (!function_exists('getallheaders')) {
function getallheaders()
{
foreach ($_SERVER as $key => $value) {
if (substr($key, 0, 5) == "HTTP_") {
$key = str_replace(" ", "-", ucwords(strtolower(str_replace("_", " ", substr($key, 5)))));
$out[$key] = $value;
} else {
$out[$key] = $value;
}
}
return $out;
}
}
$headers = getallheaders();
$accessToken = isset($headers['Authorization']) ? trim(preg_replace('/^(?:\\s+)?Bearer\\s/', '', $headers['Authorization'])) : null;
$authorizer->validateAccessToken($this->httpHeadersOnly, $accessToken);
$this->authorizer = $authorizer;
$this->httpHeadersOnly = $httpHeadersOnly;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
// if (env('APP_ENV') != 'testing') {
$this->authorizer->validateAccessToken($this->httpHeadersOnly);
$this->validateScopes();
// }
$owner_id = $this->authorizer->getResourceOwnerId();
if ($owner_id) {
list($user_type, $id) = explode(':', $owner_id);
switch ($user_type) {
case 'admin':
$request->user = Admin::find($id);
break;
default:
$request->user = User::find($id);
break;
}
} else {
$request->user = new Guest();
}
return $next($request);
}
/**
* Set the token type to use.
*
* @param \League\OAuth2\Server\TokenType\TokenTypeInterface $tokenType
* @static
*/
public static function setTokenType($tokenType)
{
return \LucaDegasperi\OAuth2Server\Authorizer::setTokenType($tokenType);
}
/**
* Exchange client authorization code with authorization token
* @param Authorizer $authorizer
* @return json
*/
public function postAccessToken(Authorizer $authorizer)
{
return response()->json($authorizer->issueAccessToken());
}
/**
* Register the Authorization server with the IoC container.
*
* @param \Illuminate\Contracts\Foundation\Application $app
*
* @return void
*/
public function registerAuthorizer(Application $app)
{
$app->singleton('oauth2-server.authorizer', function ($app) {
$config = $app['config']->get('oauth2');
$issuer = $app->make(AuthorizationServer::class)->setClientStorage($app->make(ClientInterface::class))->setSessionStorage($app->make(SessionInterface::class))->setAuthCodeStorage($app->make(AuthCodeInterface::class))->setAccessTokenStorage($app->make(AccessTokenInterface::class))->setRefreshTokenStorage($app->make(RefreshTokenInterface::class))->setScopeStorage($app->make(ScopeInterface::class))->requireScopeParam($config['scope_param'])->setDefaultScope($config['default_scope'])->requireStateParam($config['state_param'])->setScopeDelimiter($config['scope_delimiter'])->setAccessTokenTTL($config['access_token_ttl']);
// add the supported grant types to the authorization server
foreach ($config['grant_types'] as $grantIdentifier => $grantParams) {
$grant = $app->make($grantParams['class']);
$grant->setAccessTokenTTL($grantParams['access_token_ttl']);
if (array_key_exists('callback', $grantParams)) {
list($className, $method) = array_pad(explode('@', $grantParams['callback']), 2, 'verify');
$verifier = $app->make($className);
$grant->setVerifyCredentialsCallback([$verifier, $method]);
}
if (array_key_exists('auth_token_ttl', $grantParams)) {
$grant->setAuthTokenTTL($grantParams['auth_token_ttl']);
}
if (array_key_exists('refresh_token_ttl', $grantParams)) {
$grant->setRefreshTokenTTL($grantParams['refresh_token_ttl']);
}
if (array_key_exists('rotate_refresh_tokens', $grantParams)) {
$grant->setRefreshTokenRotation($grantParams['rotate_refresh_tokens']);
}
$issuer->addGrantType($grant);
}
$checker = $app->make(ResourceServer::class);
$authorizer = new Authorizer($issuer, $checker);
$authorizer->setRequest($app['request']);
$authorizer->setTokenType($app->make($config['token_type']));
$app->refresh('request', $authorizer, 'setRequest');
return $authorizer;
});
$app->alias('oauth2-server.authorizer', Authorizer::class);
}
function it_filters_the_auth_code_request_parameters(Authorizer $authorizer)
{
$authorizer->checkAuthCodeRequest()->shouldBeCalled();
$this->filter('foo', 'bar', 'baz')->shouldReturn(null);
}
public function filter()
{
$this->authorizer->checkAuthCodeRequest();
}
function it_passes_with_valud_scopes(Authorizer $authorizer)
{
$authorizer->validateAccessToken(false)->willReturn('foo')->shouldBeCalled();
$authorizer->hasScope(['baz'])->willReturn(true)->shouldBeCalled();
$this->filter('foo', 'bar', 'baz')->shouldReturn(null);
}
public function postAccessToken()
{
return $this->authorizer->issueAccessToken();
}
/**
* Validate an access token
* @param Request $request
* @return Illuminate\Http\Response
*/
public function postValidateAccessToken(Request $request)
{
return response()->json($this->oauth->getChecker()->isValidRequest(false, $request->get('access_token')));
}
/**
* Validate the scopes
* @throws \League\OAuth2\Server\Exception\InvalidScopeException
*/
public function validateScopes()
{
if (!empty($this->scopes) and !$this->authorizer->hasScope($this->scopes)) {
throw new InvalidScopeException(implode(',', $this->scopes));
}
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$this->authorizer->checkAuthCodeRequest();
return $next($request);
}
function it_filters_if_resource_owners_are_not_allowed(Authorizer $authorizer)
{
$authorizer->getResourceOwnerType()->willReturn('user')->shouldBeCalled();
$this->shouldThrow('\\League\\OAuth2\\Server\\Exception\\AccessDeniedException')->duringFilter('foo', 'bar', 'client');
}
/**
* Validate the scopes
* @throws \League\OAuth2\Server\Exception\InvalidScopeException
*/
protected function validateScopes()
{
if (!empty($this->requiredScopes()) and !$this->authorizer->hasScope($this->requiredScopes())) {
throw new InvalidScopeException(implode(',', $this->requiredScopes()));
}
}
