/** * @param $route * @param $request * @param null $scope * @return null|BridgeResponse */ public function filter($route, $request, $scope = null) { $beforeAccessResult = $this->dispatcher->until('oauth.access.before', array($scope)); if ($beforeAccessResult) { return null; } /** @var BridgeRequest $bridgeRequest */ $bridgeRequest = BridgeRequest::createFromRequest($request); $bridgeResponse = new BridgeResponse(); $resController = $this->server->getResourceController(); if (!$resController->verifyResourceRequest($bridgeRequest, $bridgeResponse, $scope)) { $this->dispatcher->fire('oauth.access.failed'); return $bridgeResponse; } $token = $resController->getAccessTokenData($bridgeRequest, $bridgeResponse); $client = $this->clientRepo->find($token['client_id']); $tokenScope = $token['scope']; $user = null; if (isset($token['user_id'])) { $user = $this->userProvider->retrieveById($token['user_id']); } if ($tokenScope) { $tokenScope = explode(' ', $tokenScope); } $eventPayload = array($client, $user, $tokenScope); $this->dispatcher->fire('oauth.access.valid', $eventPayload); }
public function __invoke(Request $request) { $request = BridgeRequest::createFromRequest($request); $response = new BridgeResponse(); $this->oauth2TokenController->handleTokenRequest($request, $response); return $response; }
/** * @param \Psr\Http\Message\ServerRequestInterface $request * @param \Psr\Http\Message\ResponseInterface $response * @param array $args * * @return \Psr\Http\Message\ResponseInterface */ public function token(Request $request, Response $response, $args) { $this->logger->info(substr(strrchr(rtrim(__CLASS__, '\\'), '\\'), 1) . ': ' . __FUNCTION__); // convert a request from PSR7 to hhtpFoundation $httpFoundationFactory = new HttpFoundationFactory(); $symfonyRequest = $httpFoundationFactory->createRequest($request); $bridgeRequest = BridgeRequest::createFromRequest($symfonyRequest); $this->oAuth2server->handleTokenRequest($bridgeRequest)->send(); }
public function postAuthorize() { $bridgeRequest = BridgeRequest::createFromRequest($this->request); $bridgeResponse = new BridgeResponse(); $userId = $this->onPostAuthorized(); $isAuthorized = (bool) $userId; $this->server->handleAuthorizeRequest($bridgeRequest, $bridgeResponse, $isAuthorized, $userId); return $bridgeResponse; }
/** * @param Request $request * @return \OAuth2\HttpFoundationBridge\Response */ public function getOAuthToken(Request $request) { // adding the client secret into the request object $requestArray = $request->all(); $requestArray['client_secret'] = env('APP_KEY'); $request->replace($requestArray); $bridgedRequest = \OAuth2\HttpFoundationBridge\Request::createFromRequest($request->instance()); $bridgedResponse = new \OAuth2\HttpFoundationBridge\Response(); $bridgedResponse = \App::make('oauth2')->handleTokenRequest($bridgedRequest, $bridgedResponse); return $bridgedResponse; }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { // return $next($request); $bridgedRequest = Request::createFromRequest($request); $bridgedResponse = new Response(); if (App::make('oauth2')->verifyResourceRequest($bridgedRequest, $bridgedResponse)) { return $next($request); } else { return response()->json(array('error' => 'Unauthorized'), $bridgedResponse->getStatusCode()); } }
public function __invoke(Application $app, Request $request) { $token = $app['security']->getToken(); $user = null; if ($token instanceof TokenInterface) { $user = $token->getUser()->getUsername(); } $request = BridgeRequest::createFromRequest($request); $response = new BridgeResponse(); $this->oauth2AuthorizeController->handleAuthorizeRequest($request, $response, (bool) $request->request->get('authorize'), $user); return $response; }
public function __invoke(Application $app, Request $request) { $request = BridgeRequest::createFromRequest($request); $response = new BridgeResponse(); if (!$this->oauth2AuthorizeController->validateAuthorizeRequest($request, $response)) { return $response; } $token = $app['security.token_storage']->getToken(); $user = null; if ($token instanceof TokenInterface) { $user = $token->getUser(); } return $this->authorizeRenderer->render($this->urlGenerator->generate('oauth2_authorize_handler', $request->query->all()), $request->query->get('client_id'), $request->query->get('response_type'), $user); }
/** * Handles basic authentication. * * @param GetResponseEvent $event A GetResponseEvent instance */ public function handle(GetResponseEvent $event) { $request = BridgeRequest::createFromRequest($event->getRequest()); $response = new BridgeResponse(); if (!$this->oauth2Server->verifyResourceRequest($request, $response)) { return; } try { $token = $this->oauth2Server->getAccessTokenData($request); $token = $this->authenticationManager->authenticate(new OAuth2Token($token['client_id'], $token['user_id'], $token['access_token'], $this->providerKey, [], explode(" ", $token['scope']))); $this->tokenStorage->setToken($token); } catch (AuthenticationException $failed) { $this->handleAuthenticationError($event, $request, $failed); } }
/** * @param \Psr\Http\Message\ServerRequestInterface $request * @param \Psr\Http\Message\ResponseInterface $response * @param array $next * * @return \Psr\Http\Message\ResponseInterface */ public function validateToken($request) { $this->logger->info(substr(strrchr(rtrim(__CLASS__, '\\'), '\\'), 1) . ': ' . __FUNCTION__); // convert a request from PSR7 to hhtpFoundation $httpFoundationFactory = new HttpFoundationFactory(); $symfonyRequest = $httpFoundationFactory->createRequest($request); $bridgeRequest = BridgeRequest::createFromRequest($symfonyRequest); if (!$this->oAuth2server->verifyResourceRequest($bridgeRequest)) { $this->oAuth2server->getResponse()->send(); die; } // store the user_id $token = $this->oAuth2server->getAccessTokenData($bridgeRequest); $this->user = $token['user_id']; return TRUE; }
/** * {@inheritDoc} */ public function authenticate(TokenInterface $token) { $oauthRequest = OAuthRequest::createFromRequest($token->request); // Not authenticated if (!$this->server->verifyResourceRequest($oauthRequest)) { throw new AuthenticationException('OAuth2 authentication failed'); } $userData = $this->server->getAccessTokenData($oauthRequest); $user = $this->userProvider->findById($userData['user_id']); $roles = $this->roleFinder->findRoleNamesByUserId($user->getId()); $user->setRoles($roles); $authenticatedToken = new OAuth2UserToken($roles); $authenticatedToken->setUser($user); $authenticatedToken->setAuthenticated(true); $authenticatedToken->setOAuthToken($token->getOAuthToken()); return $authenticatedToken; }
/** * Validates a request and takes a scope value that could result * in a user id being put into the request if it's valid. * * @param HttpFoundation\Request $request * @param string $scope * @return null|HttpFoundation\Response */ public function validateRequest(HttpFoundation\Request $request, $scope) { $this->log->addDebug(print_r($request, true), ['namespace' => 'HackTheDinos\\Controllers\\OAuth', 'method' => 'validateRequest', 'type' => 'request', 'scope' => $scope]); $bridgeRequest = HttpFoundationBridge\Request::createFromRequest($request); if ($this->server->verifyResourceRequest($bridgeRequest, null, $scope)) { //Put the userId into the request if we're validating at the user scope if ($scope === 'user') { $token = $this->server->getAccessTokenData($bridgeRequest); $request->request->set('userId', $token['user_id']); } else { //Set the userId to 0 which should make any //searches relying on this being valid to fail. $request->request->set('userId', 0); } return null; } $this->log->addWarning('Failed to validate request', ['namespace' => 'HackTheDinos\\Controllers\\OAuth', 'method' => 'validateRequest', 'scope' => $scope]); return new HttpFoundation\Response('Not Authorized', 401); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { return $next($request); if (!$request->has('access_token')) { return Api::genMessage('access token not found', true, "oauth error"); } $req = Request::createFromGlobals(); $brigedRequest = OauthRequest::createFromRequest($req); $brigedResponse = new \OAuth2\HttpFoundationBridge\Response(); if (!($token = App::make('oauth2')->getAccessTokenData($brigedRequest, $brigedResponse))) { $response = App::make('oauth2')->getResponse(); if ($response->isClientError() && $response->getParameter('error')) { if ($response->getParameter('error') == 'expired_token') { return Api::genMessage('the access token provided has expired', true); } return Api::genMessage('the access token provided is invalid', true, "oauth error"); } } else { $request['user_id'] = $token['user_id']; } return $next($request); }
/** * Validates a request and takes a scope value that could result * in a user id being put into the request if it's valid. The * passThrough flag will allow the request to continue when it * would otherwise fail with a 401 response. * * @param HttpFoundation\Request $request * @param string $scope * @param bool $passThrough * @return null|HttpFoundation\Response */ public function validateRequest(HttpFoundation\Request $request, $scope, $passThrough = false) { $this->log->addDebug(print_r($request, true), ['namespace' => 'Alerts\\Controllers\\OAuth2', 'method' => 'validateRequest', 'type' => 'request', 'scope' => $scope]); $bridgeRequest = HttpFoundationBridge\Request::createFromRequest($request); if ($this->server->verifyResourceRequest($bridgeRequest, null, $scope)) { //Put the user into the request if we're validating at the user scope if ($scope === 'user') { $token = $this->server->getAccessTokenData($bridgeRequest); $request->request->set('user', $this->usersRepo->getById($token['user_id'])); } else { //Set the user to null which should make any //searches relying on this being valid to fail. $request->request->set('user', null); } return null; //If the request shouldn't hard fail. This should only have a few specific use cases. } elseif ($passThrough) { $this->log->addInfo('OAuth Pass Through', ['namespace' => 'Alerts\\Controllers\\OAuth2', 'method' => 'validateRequest', 'type' => 'request', 'scope' => $scope, 'passThrough' => true]); return null; } $this->log->addInfo('Failed to validate request', ['namespace' => 'Alerts\\Controllers\\OAuth2', 'method' => 'validateRequest', 'scope' => $scope]); return new HttpFoundation\Response('Not Authorized', 401); }
/** * Handles basic authentication. * * @param GetResponseEvent $event A GetResponseEvent instance */ public function handle(GetResponseEvent $event) { $request = BridgeRequest::createFromRequest($event->getRequest()); $response = new BridgeResponse(); if (!$this->oauth2Server->verifyResourceRequest($request, $response)) { return; } try { $token = $this->authenticationManager->authenticate(new OAuth2Token([])); $this->securityContext->setToken($token); } catch (AuthenticationException $failed) { $token = $this->securityContext->getToken(); if ($token instanceof OAuth2Token) { $this->securityContext->setToken(null); } if (null !== $this->logger) { $this->logger->info(sprintf('Authentication request failed for user "%s": %s', $username, $failed->getMessage())); } if ($this->ignoreFailure) { return; } $event->setResponse($this->authenticationEntryPoint->start($request, $failed)); } }
public function isAuthenticated(Request $request) { $oauthRequest = OAuthRequest::createFromRequest($request); return $this->server->verifyResourceRequest($oauthRequest); }
/** * Handle an OAuth token request * * (Implements the "Resource Owner Password Credentials" grant type * or Part 3 of the "Authorization Code" grant type) * * Note: Expects input as POST variables, not JSON request body * * @link http://tools.ietf.org/html/rfc6749#section-4.3.2 Access Token Request * @param Request $request * @return Response */ public function token(Request $request) { $bridgeResponse = new BridgeResponse(); $oauthRequest = OAuthRequest::createFromRequest($request); $response = $this->server->handleTokenRequest($oauthRequest, $bridgeResponse); if ($response->isOk()) { $user = $this->userService->findById($response->getParameter('user_id')); if (!$user) { return $this->createInvalidCredentialResponse(); } if (!$user->getEnabled()) { return $this->createInvalidCredentialResponse(); } // If enabled in config, check that user is verified if ($this->requireVerification && !$user->getVerified()) { return $this->createSimpleResponse(422, 'Unverified user'); } $userId = $response->getParameter('user_id'); $this->setLastLogin($userId); $this->session->set('user', $userId); } return $response; }