public function handleRequest(HttpRequest $request)
{
$response = new HttpResponse(200);
try {
// hint the authentication layer about the user that wants to authenticate
// if this information is available as a parameter to the authorize endpoint
$resourceOwnerHint = $request->getQueryParameter("x_resource_owner_hint");
if (null !== $resourceOwnerHint) {
$this->_resourceOwner->setResourceOwnerHint($resourceOwnerHint);
}
switch ($request->getRequestMethod()) {
case "GET":
$result = $this->_handleAuthorize($this->_resourceOwner, $request->getQueryParameters());
if (AuthorizeResult::ASK_APPROVAL === $result->getAction()) {
$loader = new \Twig_Loader_Filesystem(dirname(dirname(__DIR__)) . DIRECTORY_SEPARATOR . "views");
$twig = new \Twig_Environment($loader);
$redirectUri = new Uri($result->getClient()->getRedirectUri());
$output = $twig->render("askAuthorization.twig", array('serviceName' => $this->_config->getValue('serviceName'), 'serviceLogoUri' => $this->_config->getValue('serviceLogoUri', FALSE), 'serviceLogoWidth' => $this->_config->getValue('serviceLogoWidth', FALSE), 'serviceLogoHeight' => $this->_config->getValue('serviceLogoHeight', FALSE), 'resourceOwnerId' => $this->_resourceOwner->getId(), 'sslEnabled' => "https" === $request->getRequestUri()->getScheme(), 'contactEmail' => $result->getClient()->getContactEmail(), 'scopes' => $result->getScope()->getScopeAsArray(), 'clientDomain' => $redirectUri->getHost(), 'clientName' => $result->getClient()->getName(), 'clientId' => $result->getClient()->getId(), 'clientDescription' => $result->getClient()->getDescription(), 'clientIcon' => $result->getClient()->getIcon(), 'redirectUri' => $redirectUri->getUri()));
$response->setContent($output);
} elseif (AuthorizeResult::REDIRECT === $result->getAction()) {
$response->setStatusCode(302);
$response->setHeader("Location", $result->getRedirectUri()->getUri());
} else {
// should never happen...
throw new \Exception("invalid authorize result");
}
break;
case "POST":
// CSRF protection, check the referrer, it should be equal to the
// request URI
$fullRequestUri = $request->getRequestUri()->getUri();
$referrerUri = $request->getHeader("HTTP_REFERER");
if ($fullRequestUri !== $referrerUri) {
throw new ResourceOwnerException("csrf protection triggered, referrer does not match request uri");
}
$result = $this->_handleApprove($this->_resourceOwner, $request->getQueryParameters(), $request->getPostParameters());
if (AuthorizeResult::REDIRECT !== $result->getAction()) {
// FIXME: this is dead code?
throw new ResourceOwnerException("approval not found");
}
$response->setStatusCode(302);
$response->setHeader("Location", $result->getRedirectUri()->getUri());
break;
default:
// method not allowed
$response->setStatusCode(405);
$response->setHeader("Allow", "GET, POST");
break;
}
} catch (ClientException $e) {
// tell the client about the error
$client = $e->getClient();
if ($client['type'] === "user_agent_based_application") {
$separator = "#";
} else {
$separator = FALSE === strpos($client['redirect_uri'], "?") ? "?" : "&";
}
$parameters = array("error" => $e->getMessage(), "error_description" => $e->getDescription());
if (NULL !== $e->getState()) {
$parameters['state'] = $e->getState();
}
$response->setStatusCode(302);
$response->setHeader("Location", $client['redirect_uri'] . $separator . http_build_query($parameters));
if (NULL !== $this->_logger) {
$this->_logger->logFatal($e->getLogMessage(TRUE) . PHP_EOL . $request . PHP_EOL . $response);
}
} catch (ResourceOwnerException $e) {
// tell resource owner about the error (through browser)
$response->setStatusCode(400);
$loader = new \Twig_Loader_Filesystem(dirname(dirname(__DIR__)) . DIRECTORY_SEPARATOR . "views");
$twig = new \Twig_Environment($loader);
$output = $twig->render("error.twig", array("statusCode" => $response->getStatusCode(), "statusReason" => $response->getStatusReason(), "errorMessage" => $e->getMessage()));
$response->setContent($output);
if (NULL !== $this->_logger) {
$this->_logger->logFatal($e->getMessage() . PHP_EOL . $request . PHP_EOL . $response);
}
}
return $response;
}
public function testHttpsWithOtherPortNoPathAndQuery()
{
$h = new Uri("https://www.example.com:8081/?action=foo");
$this->assertEquals("https", $h->getScheme());
$this->assertEquals("www.example.com", $h->getHost());
$this->assertEquals(8081, $h->getPort());
$this->assertEquals("/", $h->getPath());
$this->assertEquals("action=foo", $h->getQuery());
}