/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @throws \League\OAuth2\Server\Exception\AccessDeniedException
*
* @return mixed
*/
public function handle($request, Closure $next)
{
$this->authorizer->setRequest($request);
$this->authorizer->validateAccessToken($this->httpHeadersOnly);
if ($this->authorizer->getResourceOwnerType() !== 'user') {
throw new AccessDeniedException();
}
return $next($request);
}
/**
* Run the oauth filter
*
* @internal param mixed $route, mixed $request, mixed $scope,...
* @return void a bad response in case the request is invalid
*/
public function filter()
{
if (func_num_args() > 2) {
$args = func_get_args();
$this->scopes = array_slice($args, 2);
}
$this->authorizer->validateAccessToken($this->httpHeadersOnly);
$this->validateScopes();
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param string|null $scopesString
*
* @throws \League\OAuth2\Server\Exception\InvalidScopeException
*
* @return mixed
*/
public function handle($request, Closure $next, $scopesString = null)
{
//$scopes = [];
//if (!is_null($scopesString)) {
// $scopes = explode('+', $scopesString);
//}
$this->authorizer->setRequest($request);
$this->authorizer->validateAccessToken($this->httpHeadersOnly);
//$this->validateScopes($scopes);
return $next($request);
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param string|null $scopesString
*
* @throws \League\OAuth2\Server\Exception\InvalidScopeException
*
* @return mixed
*/
public function handle($request, Closure $next, $scopesString = null)
{
$this->authorizer->setRequest($request);
$this->authorizer->validateAccessToken($this->httpHeadersOnly);
$scopes_sets = [];
if (!is_null($scopesString)) {
$scopes_sets = explode('|', $scopesString);
}
if (count($scopes_sets) === 0) {
return $next($request);
}
$valid = false;
foreach ($scopes_sets as $scopes) {
$scopes = explode(',', $scopes);
if ($this->validateScopes($scopes)) {
$valid = true;
break;
}
}
if ($valid === false) {
throw new InvalidScopeException($scopesString);
}
return $next($request);
}
/**
* @param Authorizer $authorizer
* @param bool $httpHeadersOnly
*/
public function __construct(Authorizer $authorizer, $httpHeadersOnly = false)
{
if (!function_exists('getallheaders')) {
function getallheaders()
{
foreach ($_SERVER as $key => $value) {
if (substr($key, 0, 5) == "HTTP_") {
$key = str_replace(" ", "-", ucwords(strtolower(str_replace("_", " ", substr($key, 5)))));
$out[$key] = $value;
} else {
$out[$key] = $value;
}
}
return $out;
}
}
$headers = getallheaders();
$accessToken = isset($headers['Authorization']) ? trim(preg_replace('/^(?:\\s+)?Bearer\\s/', '', $headers['Authorization'])) : null;
$authorizer->validateAccessToken($this->httpHeadersOnly, $accessToken);
$this->authorizer = $authorizer;
$this->httpHeadersOnly = $httpHeadersOnly;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
// if (env('APP_ENV') != 'testing') {
$this->authorizer->validateAccessToken($this->httpHeadersOnly);
$this->validateScopes();
// }
$owner_id = $this->authorizer->getResourceOwnerId();
if ($owner_id) {
list($user_type, $id) = explode(':', $owner_id);
switch ($user_type) {
case 'admin':
$request->user = Admin::find($id);
break;
default:
$request->user = User::find($id);
break;
}
} else {
$request->user = new Guest();
}
return $next($request);
}
/**
* Validate a request with an access token in it.
*
* @param bool $httpHeadersOnly whether or not to check only the http headers of the request
* @param string|null $accessToken an access token to validate
* @return mixed
* @static
*/
public static function validateAccessToken($httpHeadersOnly = false, $accessToken = null)
{
return \LucaDegasperi\OAuth2Server\Authorizer::validateAccessToken($httpHeadersOnly, $accessToken);
}
function it_passes_with_valud_scopes(Authorizer $authorizer)
{
$authorizer->validateAccessToken(false)->willReturn('foo')->shouldBeCalled();
$authorizer->hasScope(['baz'])->willReturn(true)->shouldBeCalled();
$this->filter('foo', 'bar', 'baz')->shouldReturn(null);
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$this->authorizer->validateAccessToken($this->httpHeadersOnly);
//$this->validateScopes();
return $next($request);
}
