Returns the password.
| public getPassword ( ) : string | null | ||
| return | string | null | |
/**
* Validate a client. If strictly validating an ID and secret are required.
*
* @param bool $strict
* @return \Dingo\OAuth2\Entity\Client
* @throws \Dingo\OAuth2\Exception\ClientException
*/
protected function validateClient($strict = false)
{
// Grab the redirection URI from the post data if there is one. This is
// sent along when validating a client for some grant types. It doesn't
// matter if we send along a "null" value though.
$redirectUri = $this->request->get('redirect_uri');
$id = $this->request->getUser() ?: $this->request->get('client_id');
$secret = $this->request->getPassword() ?: $this->request->get('client_secret');
// If we have a client ID and secret we'll attempt to verify the client by
// grabbing its details from the storage adapter.
if ((!$strict or $strict and $id and $secret) and $client = $this->storage('client')->get($id, $secret, $redirectUri)) {
return $client;
}
throw new ClientException('client_authentication_failed', 'The client failed to authenticate.', 401);
}
/**
* @param Request $request
*
* @return ApiClientInterface
*
* @throws BadClientCredentialsHttpException
* @throws ClientNonTrustedHttpException
* @throws ClientBlockedHttpException
*/
protected function getClient(Request $request)
{
$client = $this->apiClientRepository->findOneByKeyAndSecret($request->getUser(), $request->getPassword());
if (!$client instanceof ApiClientInterface) {
throw new BadClientCredentialsHttpException();
} elseif ($client->isBlocked()) {
throw new ClientBlockedHttpException();
} elseif (!$client->isTrusted()) {
throw new ClientNonTrustedHttpException();
}
return $client;
}
public function createContexts(Request $request)
{
$map = array('request_method' => $request->getMethod(), 'request_uri' => $request->getRequestUri(), 'request_route' => $request->attributes->get('_route'), 'request_host' => $request->getHost(), 'request_port' => $request->getPort(), 'request_scheme' => $request->getScheme(), 'request_client_ip' => $request->getClientIp(), 'request_content_type' => $request->getContentType(), 'request_acceptable_content_types' => $request->getAcceptableContentTypes(), 'request_etags' => $request->getETags(), 'request_charsets' => $request->getCharsets(), 'request_languages' => $request->getLanguages(), 'request_locale' => $request->getLocale(), 'request_auth_user' => $request->getUser(), 'request_auth_has_password' => !is_null($request->getPassword()));
// Attributes from newer versions.
if (method_exists($request, 'getEncodings')) {
$map['request_encodings'] = $request->getEncodings();
}
if (method_exists($request, 'getClientIps')) {
$map['request_client_ips'] = $request->getClientIps();
}
return $map;
}
protected function logRequest(Request $request)
{
$msg = 'Request "{request_method} {request_uri}"';
$map = array('request_method' => $request->getMethod(), 'request_uri' => $request->getRequestUri(), 'request_host' => $request->getHost(), 'request_port' => $request->getPort(), 'request_scheme' => $request->getScheme(), 'request_client_ip' => $request->getClientIp(), 'request_content_type' => $request->getContentType(), 'request_acceptable_content_types' => $request->getAcceptableContentTypes(), 'request_etags' => $request->getETags(), 'request_charsets' => $request->getCharsets(), 'request_languages' => $request->getLanguages(), 'request_locale' => $request->getLocale(), 'request_auth_user' => $request->getUser(), 'request_auth_has_password' => !is_null($request->getPassword()));
// Attributes from newer versions.
if (method_exists($request, 'getEncodings')) {
$map['request_encodings'] = $request->getEncodings();
}
if (method_exists($request, 'getClientIps')) {
$map['request_client_ips'] = $request->getClientIps();
}
$this->logger->log($this->logLevel, $msg, $map);
}
/**
* @Route("/api/tokens", name="post_token")
* @Method("POST")
*/
public function createAction(Request $request)
{
$user = $this->getDoctrine()->getRepository('AppBundle:User')->findOneBy(['username' => $request->getUser()]);
if (!$user) {
throw $this->createNotFoundException();
}
$isValid = $this->get('security.password_encoder')->isPasswordValid($user, $request->getPassword());
if (!$isValid) {
throw new BadCredentialsException();
}
$token = $this->get('lexik_jwt_authentication.encoder')->encode(['username' => $user->getUsername()]);
return new JsonResponse(['token' => $token]);
}
/**
* @param \Symfony\Component\HttpFoundation\Request $request
* @param int $grantTypeFlow
* @param \Atrauzzi\Oauth2Server\Domain\Entity\Oauthable $oauthable
* @return array
* @throws \Atrauzzi\Oauth2Server\Exception\InvalidClient
* @throws \Atrauzzi\Oauth2Server\Exception\InvalidCredentials
* @throws \Atrauzzi\Oauth2Server\Exception\InvalidRefresh
* @throws \Atrauzzi\Oauth2Server\Exception\InvalidRequest
* @throws \Atrauzzi\Oauth2Server\Exception\InvalidScope
* @throws \Atrauzzi\Oauth2Server\Exception\UnsupportedFlow
*/
public function doFlow(Request $request, $grantTypeFlow, Oauthable $oauthable = null)
{
if ($grantTypeFlow != self::FLOW_DEFAULT) {
throw new UnsupportedFlow(get_class(), $grantTypeFlow);
}
if (!($clientId = $request->get('client_id', $request->getUser()))) {
throw new InvalidRequest('client_id');
}
if (!($clientSecret = $request->get('client_secret', $request->getPassword()))) {
throw new InvalidRequest('client_secret');
}
if (!($oldRefreshTokenParam = $request->get('refresh_token', null))) {
throw new InvalidRequest('refresh_token');
}
if (!($client = $this->clientRepository->find($clientId, $clientSecret, $this->getIdentifier()))) {
throw new InvalidClient();
}
if (!($originalRefreshToken = $this->refreshTokenRepository->find($oldRefreshTokenParam))) {
throw new InvalidRefresh();
}
if ($originalRefreshToken->isExpired()) {
throw new InvalidRefresh();
}
//
//
$originalScopes = $originalRefreshToken->getScopeNames();
$requestedScopes = array_keys($this->scopeService->findValid($request->get('scope'), null, $client->getId(), $this->getIdentifier()));
$disallowedScopes = array_diff($requestedScopes, $originalScopes);
if (count($disallowedScopes)) {
throw new InvalidScope($disallowedScopes);
}
$scopes = count($requestedScopes) ? $requestedScopes : $originalScopes;
$accessToken = $this->accessTokenRepository->create(SecureKey::generate(), $this->config->getAccessTokenTtl() + time(), $originalRefreshToken->getOauthableId(), $originalRefreshToken->getOauthableType(), $client->getId(), $scopes);
$tokenStrategy = $this->config->getTokenStrategy();
if ($this->config->shouldRotateRefreshTokens()) {
$newRefreshToken = $this->refreshTokenRepository->create(SecureKey::generate(), $this->config->getRefreshTokenTtl() + time(), $originalRefreshToken->getOauthableId(), $originalRefreshToken->getOauthableType(), $client->getId(), $scopes);
$this->refreshTokenRepository->delete($originalRefreshToken);
unset($originalRefreshToken);
$this->refreshTokenRepository->persist($newRefreshToken);
$accessToken->setRefreshTokenId($newRefreshToken->getId());
// ToDo: Should we try to convey refresh token expiry?
$tokenStrategy->setParam('refresh_token', $newRefreshToken->getId());
}
$this->accessTokenRepository->persist($accessToken);
$tokenStrategy->setParam('access_token', $accessToken->getId());
$tokenStrategy->setParam('expires_in', $this->config->getAccessTokenTtl());
return $tokenStrategy->generateResponse();
}
/**
* Generates new token action.
*
* @param Request $request The request
* @param string $userClass Extra parameter that contains the user type
*
* @return \Symfony\Component\HttpFoundation\JsonResponse
*/
public function newTokenAction(Request $request, $userClass)
{
try {
$this->get('bengor_user.' . $userClass . '.command_bus')->handle(new LogInUserCommand($request->getUser(), $request->getPassword()));
} catch (UserDoesNotExistException $exception) {
return new JsonResponse('', 400);
} catch (UserEmailInvalidException $exception) {
return new JsonResponse('', 400);
} catch (UserInactiveException $exception) {
return new JsonResponse('Inactive user', 400);
} catch (UserPasswordInvalidException $exception) {
return new JsonResponse('', 400);
}
$token = $this->get('lexik_jwt_authentication.encoder')->encode(['email' => $request->getUser()]);
return new JsonResponse(['token' => $token]);
}
/**
* Conducts the checks and operations necessary for the flow indicated in the request.
*
* @param \Symfony\Component\HttpFoundation\Request $request
* @param int $grantTypeFlow
* @param \Atrauzzi\Oauth2Server\Domain\Entity\Oauthable $oauthable
* @return array
* @throws \Atrauzzi\Oauth2Server\Exception\InvalidClient
* @throws \Atrauzzi\Oauth2Server\Exception\InvalidRequest
*/
public function doFlow(Request $request, $grantTypeFlow, Oauthable $oauthable = null)
{
if (!($clientId = $request->get('client_id', $request->getUser()))) {
throw new InvalidRequest('client_id');
}
if (!($clientSecret = $request->get('client_secret', $request->getPassword()))) {
throw new InvalidRequest('client_secret');
}
if (!($client = $this->clientRepository->find($clientId, $clientSecret, $this->getIdentifier()))) {
throw new InvalidClient();
}
$scopes = $this->scopeService->findValid($request->get('scope'));
//
//
$accessToken = $this->accessTokenRepository->create(SecureKey::generate(), $this->config->getAccessTokenTtl() + time(), $oauthable->getId(), $oauthable->getType(), $client->getId(), array_keys($scopes));
// ToDo: Do we do refresh tokens for this grant type?
$this->accessTokenRepository->persist($accessToken);
$tokenStrategy = $this->config->getTokenStrategy();
$tokenStrategy->setParam('access_token', $accessToken->getId());
$tokenStrategy->setParam('expires_in', $this->config->getAccessTokenTtl());
return $tokenStrategy->generateResponse();
}
/**
* @param \Symfony\Component\HttpFoundation\Request $request
* @param int $grantTypeFlow
* @param \Atrauzzi\Oauth2Server\Domain\Entity\Oauthable $oauthable
* @return mixed
* @throws \Atrauzzi\Oauth2Server\Exception\InvalidClient
* @throws \Atrauzzi\Oauth2Server\Exception\InvalidCredentials
* @throws \Atrauzzi\Oauth2Server\Exception\InvalidRequest
* @throws \Atrauzzi\Oauth2Server\Exception\InvalidScope
* @throws \Atrauzzi\Oauth2Server\Exception\ServerError
*/
public function doFlow(Request $request, $grantTypeFlow, Oauthable $oauthable = null)
{
if (!$oauthable instanceof Oauthable) {
throw new InvalidCredentials();
}
if ($clientId = $request->get('client_id', $request->getUser())) {
throw new InvalidRequest('client_id');
}
if ($clientSecret = $request->get('client_secret', $request->getPassword())) {
throw new InvalidRequest('client_secret');
}
if (!($client = $this->clientRepository->find($clientId, $clientSecret, $this->getIdentifier()))) {
throw new InvalidClient();
}
if (!($username = $request->get('username'))) {
throw new InvalidRequest('username');
}
if ($password = $request->get('password')) {
throw new InvalidRequest('password');
}
//
//
$scopes = $this->scopeService->findValid($request->get('scopes'), $this->getIdentifier(), $client->getId());
$accessToken = $this->accessTokenRepository->create(SecureKey::generate(), $this->config->getAccessTokenTtl() + time(), $oauthable->getId(), $oauthable->getType(), $client->getId(), array_keys($scopes));
$tokenStrategy = $this->config->getTokenStrategy();
if ($this->config->hasGrantType('refresh_token')) {
$refreshToken = $this->refreshTokenRepository->create(SecureKey::generate(), $this->config->getRefreshTokenTtl() + time(), $oauthable->getId(), $oauthable->getType(), $client->getId(), array_keys($scopes));
$this->refreshTokenRepository->persist($refreshToken);
$accessToken->setRefreshTokenId($refreshToken->getId());
$tokenStrategy->setParam('refresh_token', $refreshToken->getId());
}
$this->accessTokenRepository->persist($accessToken);
$tokenStrategy->setParam('access_token', $accessToken->getId());
$tokenStrategy->setParam('expires_in', $this->config->getAccessTokenTtl());
return $tokenStrategy->generateResponse();
}
/**
* Get the credential array for a HTTP Basic request.
*
* @param \Symfony\Component\HttpFoundation\Request $request
* @param string $field
* @return array
*/
protected function getBasicCredentials(Request $request, $field)
{
return array($field => $request->getUser(), 'password' => $request->getPassword());
}
/**
* @param Request $request
*
* @return boolean
*/
public function supportRequestToken(Request $request)
{
$clientExist = $request->getUser() && $request->getPassword();
$oauthParams = $request->get('grant_type') === 'client_credentials';
return $oauthParams && $clientExist;
}
/**
* Exchange an oauth code for an access and optionally a refresh token.
*
* @param \Symfony\Component\HttpFoundation\Request $request
* @return array
* @throws \Atrauzzi\Oauth2Server\Exception\InvalidClient
* @throws \Atrauzzi\Oauth2Server\Exception\InvalidRequest
*/
protected function doExchangeFlow(Request $request)
{
if (!($clientId = $request->get('client_id', $request->getUser()))) {
throw new InvalidRequest('client_id');
}
if (!($clientSecret = $request->get('client_secret', $request->getPassword()))) {
throw new InvalidRequest('client_secret');
}
if (!($redirectUri = $request->request->get('redirect_uri', null))) {
throw new InvalidRequest('redirect_uri');
}
$client = $this->clientRepository->find($clientId, $clientSecret, $this->getIdentifier(), $redirectUri);
if (!$client instanceof Client) {
throw new InvalidClient();
}
$authCode = $this->authorizationCodeRepository->find($request->get('code'));
if (!$authCode instanceof AuthorizationCodeEntity) {
throw new InvalidRequest('code');
}
if ($authCode->isExpired()) {
throw new InvalidRequest('code');
}
if ($authCode->getRedirectUri() != $redirectUri) {
throw new InvalidRequest('redirect_uri');
}
//
//
$ttl = $this->config->getAccessTokenTtl();
$accessToken = $this->accessTokenRepository->create(SecureKey::generate(), $ttl + time(), $authCode->getOauthableId(), $authCode->getOauthableType(), $authCode->getClientId(), $authCode->getScopeNames());
$this->authorizationCodeRepository->delete($authCode);
unset($authCode);
$tokenStrategy = $this->config->getTokenStrategy();
if ($this->config->hasGrantType('refresh_token')) {
$refreshToken = $this->refreshTokenRepository->create(SecureKey::generate(), $this->config->getRefreshTokenTtl() + time(), $accessToken->getOauthableId(), $accessToken->getOauthableType(), $accessToken->getClientId(), $accessToken->getScopeNames());
$this->refreshTokenRepository->persist($refreshToken);
$accessToken->setRefreshTokenId($refreshToken->getId());
$tokenStrategy->setParam('refresh_token', $refreshToken->getId());
}
$this->accessTokenRepository->persist($accessToken);
$tokenStrategy->setParam('access_token', $accessToken->getId());
$tokenStrategy->setParam('expires_in', $ttl);
return $tokenStrategy->generateResponse();
}
/**
* @param Request $request
*
* @return boolean
*/
public function supportRequestToken(Request $request)
{
$clientExist = $request->getUser() && $request->getPassword();
$oauthParams = $request->get('grant_type') === 'password' && $request->headers->get('username') && $request->headers->get('password');
return $oauthParams && $clientExist;
}
/**
* Authenticates a user by basic authentication
*
* @param Request $request
* @return Session|null
*/
private function authBasic(Request $request)
{
$user = $this->findUser($request->getUser());
if ($user !== null && $this->verifyUser($user, $request->getPassword())) {
$session = $this->findSession($user);
if ($session === null) {
$session = $this->createSession($user);
}
$this->authenticated = true;
return $session;
}
return null;
}
/**
* @param Request $request
*
* @return boolean
*/
public function supportRequestToken(Request $request)
{
$client = $request->getUser() && $request->getPassword();
$token = 'refresh_token' == $request->get('grant_type') && $request->get('refresh_token');
return $client && $token;
}
