/**
* Handle middleware
*
* @param Request $request
* @param callable $next
* @return mixed
*/
public function handle(Request $request, Closure $next)
{
//Get account
$account = $this->getAccountFromRouting();
//Set account in context
$this->context->setAccount($account);
//If the owner type is User
if ($this->authorizer->getResourceOwnerType() == 'user') {
//Find the user
$user = $this->userRepository->find($this->authorizer->getResourceOwnerId());
//If we have account in the route
if ($account) {
//Check if the user has access to the account
if (!$user->isAssociateToAccount($account)) {
return $this->response->errorUnauthorized("You don't have access to the account {$account->uuid}");
}
}
//Add context processor to log
$this->log->addProcessors([new ContextProcessor($user, isset($account) ? $account : null)]);
//Set the user in context
$this->context->setUser($user);
}
// Set application locale
$this->setApplicationLocale();
return $next($request);
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @throws \League\OAuth2\Server\Exception\AccessDeniedException
*
* @return mixed
*/
public function handle($request, Closure $next)
{
$this->authorizer->setRequest($request);
if ($this->authorizer->getResourceOwnerType() !== 'user') {
throw new AccessDeniedException();
}
return $next($request);
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @throws \League\OAuth2\Server\Exception\AccessDeniedException
*
* @return mixed
*/
public function handle($request, Closure $next)
{
$this->authorizer->setRequest($request);
$this->authorizer->validateAccessToken($this->httpHeadersOnly);
if ($this->authorizer->getResourceOwnerType() !== 'client') {
throw new AccessDeniedException();
}
return $next($request);
}
/**
* The main filter method
* @internal param mixed $route, mixed $request, mixed $owners,...
* @return null
* @throws \League\OAuth2\Server\Exception\AccessDeniedException
*/
public function filter()
{
if (func_num_args() > 2) {
$ownerTypes = array_slice(func_get_args(), 2);
if (!in_array($this->authorizer->getResourceOwnerType(), $ownerTypes)) {
throw new AccessDeniedException();
}
}
return null;
}
/**
* Get the resource owner type of the current request (client or user).
*
* @return string
* @static
*/
public static function getResourceOwnerType()
{
return \LucaDegasperi\OAuth2Server\Authorizer::getResourceOwnerType();
}
function it_filters_if_resource_owners_are_not_allowed(Authorizer $authorizer)
{
$authorizer->getResourceOwnerType()->willReturn('user')->shouldBeCalled();
$this->shouldThrow('\\League\\OAuth2\\Server\\Exception\\AccessDeniedException')->duringFilter('foo', 'bar', 'client');
}
