/**
* Log-in client if successful or terminate api if not authorized
*
* @param string $scope Name of the scope to test against
* @param bool $terminateIfNotAuthorized Terminate api if client is not authorized
*
* @throws Exception
* @return bool
*
* @since 1.2
*/
public function isAuthorized($scope, $terminateIfNotAuthorized)
{
$authorized = false;
JFactory::getApplication()->triggerEvent('RApiHalBeforeIsAuthorizedCheck', array($scope, $terminateIfNotAuthorized, $this->options, $this->authorizationCheck, &$authorized));
if ($authorized) {
return $authorized;
}
// OAuth2 check
if ($this->authorizationCheck == 'oauth2') {
/** @var $response OAuth2\Response */
$response = RApiOauth2Helper::verifyResourceRequest($scope);
if ($response instanceof OAuth2\Response) {
if (!$response->isSuccessful() && $terminateIfNotAuthorized) {
// OAuth2 Server response is in fact correct output for errors
$response->send($this->options->get('format', 'json'));
JFactory::getApplication()->close();
}
} elseif ($response === false && $terminateIfNotAuthorized) {
throw new Exception(JText::_('LIB_REDCORE_API_OAUTH2_SERVER_IS_NOT_ACTIVE'));
} else {
$response = json_decode($response);
if (!empty($response->user_id)) {
$user = JFactory::getUser($response->user_id);
// Load the JUser class on application for this client
JFactory::getApplication()->loadIdentity($user);
JFactory::getSession()->set('user', $user);
return true;
}
$authorized = false || !$terminateIfNotAuthorized;
}
} elseif ($this->authorizationCheck == 'joomla') {
// Get username and password from globals
$credentials = RApiHalHelper::getCredentialsFromGlobals();
$authorized = RUser::userLogin($credentials) || !$terminateIfNotAuthorized;
}
if (!$authorized && $terminateIfNotAuthorized) {
$customError = $this->triggerFunction('createCustomHttpError', 401, $this->apiErrors);
$this->setStatusCode(401, $customError);
}
return $authorized || !$terminateIfNotAuthorized;
}
/**
* Creates instance of OAuth2 server object
*
* @return RApiOauth2Oauth2
*/
public static function getOAuth2Server()
{
if (RBootstrap::getConfig('enable_oauth2_server', 0) == 0) {
return null;
}
if (!isset(self::$serverApi)) {
$options = array('api' => 'oauth2');
self::$serverApi = RApi::getInstance($options);
}
return self::$serverApi;
}
/**
* Execute the Api Authorize operation.
*
* @return mixed RApi object with information on success, boolean false on failure.
*
* @since 1.2
*/
public function apiAuthorize()
{
$user = $this->getLoggedUser();
$request = OAuth2\Request::createFromGlobals();
$response = new OAuth2\Response();
// Validate the authorize request
if (!$this->server->validateAuthorizeRequest($request, $response)) {
$this->response = $response;
return $this;
}
$clientId = $request->query('client_id');
$scopes = RApiOauth2Helper::getClientScopes($clientId);
if ($request->request('authorized', '') == '') {
$clientScopes = !empty($scopes) ? explode(' ', $scopes) : array();
if (!empty($clientScopes)) {
$clientScopes = RApiHalHelper::getWebserviceScopes($clientScopes);
}
$currentUri = JUri::getInstance();
$formAction = JUri::root() . 'index.php?' . $currentUri->getQuery();
// Display an authorization form
$this->response = RLayoutHelper::render('oauth2.authorize', array('view' => $this, 'options' => array('clientId' => $clientId, 'formAction' => $formAction, 'scopes' => $clientScopes)));
return $this;
}
// Print the authorization code if the user has authorized your client
$is_authorized = $request->request('authorized', '') === JText::_('LIB_REDCORE_API_OAUTH2_SERVER_AUTHORIZE_CLIENT_YES');
// We are setting client scope instead of requesting scope from user request
$request->request['scope'] = $scopes;
$this->server->handleAuthorizeRequest($request, $response, $is_authorized, $user->id);
$this->response = $response;
return $this;
}
