public function handleRequest(HttpRequest $request)
 {
     $response = new HttpResponse(200);
     try {
         // hint the authentication layer about the user that wants to authenticate
         // if this information is available as a parameter to the authorize endpoint
         $resourceOwnerHint = $request->getQueryParameter("x_resource_owner_hint");
         if (null !== $resourceOwnerHint) {
             $this->_resourceOwner->setResourceOwnerHint($resourceOwnerHint);
         }
         switch ($request->getRequestMethod()) {
             case "GET":
                 $result = $this->_handleAuthorize($this->_resourceOwner, $request->getQueryParameters());
                 if (AuthorizeResult::ASK_APPROVAL === $result->getAction()) {
                     $loader = new \Twig_Loader_Filesystem(dirname(dirname(__DIR__)) . DIRECTORY_SEPARATOR . "views");
                     $twig = new \Twig_Environment($loader);
                     $redirectUri = new Uri($result->getClient()->getRedirectUri());
                     $output = $twig->render("askAuthorization.twig", array('serviceName' => $this->_config->getValue('serviceName'), 'serviceLogoUri' => $this->_config->getValue('serviceLogoUri', FALSE), 'serviceLogoWidth' => $this->_config->getValue('serviceLogoWidth', FALSE), 'serviceLogoHeight' => $this->_config->getValue('serviceLogoHeight', FALSE), 'resourceOwnerId' => $this->_resourceOwner->getId(), 'sslEnabled' => "https" === $request->getRequestUri()->getScheme(), 'contactEmail' => $result->getClient()->getContactEmail(), 'scopes' => $result->getScope()->getScopeAsArray(), 'clientDomain' => $redirectUri->getHost(), 'clientName' => $result->getClient()->getName(), 'clientId' => $result->getClient()->getId(), 'clientDescription' => $result->getClient()->getDescription(), 'clientIcon' => $result->getClient()->getIcon(), 'redirectUri' => $redirectUri->getUri()));
                     $response->setContent($output);
                 } elseif (AuthorizeResult::REDIRECT === $result->getAction()) {
                     $response->setStatusCode(302);
                     $response->setHeader("Location", $result->getRedirectUri()->getUri());
                 } else {
                     // should never happen...
                     throw new \Exception("invalid authorize result");
                 }
                 break;
             case "POST":
                 // CSRF protection, check the referrer, it should be equal to the
                 // request URI
                 $fullRequestUri = $request->getRequestUri()->getUri();
                 $referrerUri = $request->getHeader("HTTP_REFERER");
                 if ($fullRequestUri !== $referrerUri) {
                     throw new ResourceOwnerException("csrf protection triggered, referrer does not match request uri");
                 }
                 $result = $this->_handleApprove($this->_resourceOwner, $request->getQueryParameters(), $request->getPostParameters());
                 if (AuthorizeResult::REDIRECT !== $result->getAction()) {
                     // FIXME: this is dead code?
                     throw new ResourceOwnerException("approval not found");
                 }
                 $response->setStatusCode(302);
                 $response->setHeader("Location", $result->getRedirectUri()->getUri());
                 break;
             default:
                 // method not allowed
                 $response->setStatusCode(405);
                 $response->setHeader("Allow", "GET, POST");
                 break;
         }
     } catch (ClientException $e) {
         // tell the client about the error
         $client = $e->getClient();
         if ($client['type'] === "user_agent_based_application") {
             $separator = "#";
         } else {
             $separator = FALSE === strpos($client['redirect_uri'], "?") ? "?" : "&";
         }
         $parameters = array("error" => $e->getMessage(), "error_description" => $e->getDescription());
         if (NULL !== $e->getState()) {
             $parameters['state'] = $e->getState();
         }
         $response->setStatusCode(302);
         $response->setHeader("Location", $client['redirect_uri'] . $separator . http_build_query($parameters));
         if (NULL !== $this->_logger) {
             $this->_logger->logFatal($e->getLogMessage(TRUE) . PHP_EOL . $request . PHP_EOL . $response);
         }
     } catch (ResourceOwnerException $e) {
         // tell resource owner about the error (through browser)
         $response->setStatusCode(400);
         $loader = new \Twig_Loader_Filesystem(dirname(dirname(__DIR__)) . DIRECTORY_SEPARATOR . "views");
         $twig = new \Twig_Environment($loader);
         $output = $twig->render("error.twig", array("statusCode" => $response->getStatusCode(), "statusReason" => $response->getStatusReason(), "errorMessage" => $e->getMessage()));
         $response->setContent($output);
         if (NULL !== $this->_logger) {
             $this->_logger->logFatal($e->getMessage() . PHP_EOL . $request . PHP_EOL . $response);
         }
     }
     return $response;
 }
Beispiel #2
0
 public function testHttpsWithOtherPortNoPathAndQuery()
 {
     $h = new Uri("https://www.example.com:8081/?action=foo");
     $this->assertEquals("https", $h->getScheme());
     $this->assertEquals("www.example.com", $h->getHost());
     $this->assertEquals(8081, $h->getPort());
     $this->assertEquals("/", $h->getPath());
     $this->assertEquals("action=foo", $h->getQuery());
 }