public function addToken($name, $description, $expiresAt, User $user, array $scopes = []) { $collection = $this->getDocumentManager()->getCollection('basicTokens'); $accessTokenDocument = $collection->createDocument(); $accessTokenDocument->setName($name); $accessTokenDocument->setDescription($description); $accessTokenDocument->addRelation('user', $user); $scopeIds = []; foreach ($scopes as $scope) { $scopeIds[] = $scope->getId(); } $accessTokenDocument->setScopeIds($scopeIds); if (isset($expiresAt)) { $expiresDate = new \DateTime(); $expiresDate->setTimestamp($expiresAt); $accessTokenDocument->setExpiresAt(\API\Util\Date::dateTimeToMongoDate($expiresDate)); } //Generate token $accessTokenDocument->setKey(\API\Util\OAuth::generateToken()); $accessTokenDocument->setSecret(\API\Util\OAuth::generateToken()); $currentDate = new \DateTime(); $accessTokenDocument->setCreatedAt(\API\Util\Date::dateTimeToMongoDate($currentDate)); $accessTokenDocument->save(); $this->single = true; $this->setAccessTokens([$accessTokenDocument]); return $accessTokenDocument; }
/** * Logs the user in. * * @return \API\Document\User The user document */ public function loginGet($request) { // CSRF protection $_SESSION['csrfToken'] = OAuth::generateCsrfToken(); }
/** * Get agent profile service. */ public function init() { $this->setOAuthService(new OAuthService($this->getSlim())); $this->setUserService(new UserService($this->getSlim())); OAuth::loadSession(); }
/** * POST authorize data. * * @param $request [description] * * @return [type] [description] */ public function authorizePost($request) { $postParams = new Set($request->post()); $params = new Set($request->get()); // CSRF protection if (!$postParams->has('csrfToken') || !isset($_SESSION['csrfToken']) || $postParams->get('csrfToken') !== $_SESSION['csrfToken']) { throw new \Exception('Invalid CSRF token.', Resource::STATUS_BAD_REQUEST); } // TODO: Improve this, load stuff from config, add documented error codes, separate stuff into functions, etc. if ($postParams->get('action') === 'accept') { $expiresAt = time() + 3600; $collection = $this->getDocumentManager()->getCollection('oAuthClients'); $cursor = $collection->find(); $cursor->where('clientId', $params->get('client_id')); $clientDocument = $cursor->current(); $collection = $this->getDocumentManager()->getCollection('users'); $userDocument = $collection->getDocument($_SESSION['userId']); $collection = $this->getDocumentManager()->getCollection('authScopes'); $scopeDocuments = []; $scopes = explode(',', $params->get('scope')); foreach ($scopes as $scope) { $cursor = $collection->find(); $cursor->where('name', $scope); $scopeDocument = $cursor->current(); if (null === $scopeDocument) { throw new \Exception('Invalid scope given!', Resource::STATUS_BAD_REQUEST); } $scopeDocuments[] = $scopeDocument; } $code = Util\OAuth::generateToken(); $token = $this->addToken($expiresAt, $userDocument, $clientDocument, $scopeDocuments, $code); $this->token = $token; $redirectUri = Url::createFromUrl($params->get('redirect_uri')); $redirectUri->getQuery()->modify(['code' => $token->getCode()]); //We could also use just $code $this->redirectUri = $redirectUri; } elseif ($postParams->get('action') === 'deny') { $redirectUri = Url::createFromUrl($params->get('redirect_uri')); $redirectUri->getQuery()->modify(['error' => 'User denied authorization!']); $this->redirectUri = $redirectUri; } else { throw new Exception('Invalid.', Resource::STATUS_BAD_REQUEST); } }