public function getApprovals(Request $request, UserInfoInterface $userInfo)
{
$approvals = $this->db->getApprovals($userInfo->getUserId());
$response = new Response();
$response->setBody($this->templateManager->render('approvals', array('approvals' => $approvals)));
return $response;
}
public function getClients()
{
$clients = $this->db->getClients();
$response = new Response();
$response->setBody($this->templateManager->render('clients', array('clients' => $clients)));
return $response;
}
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
require_once dirname(__DIR__) . '/vendor/autoload.php';
use fkooman\Rest\Service;
use fkooman\Http\Response;
use fkooman\Http\Session;
$session = new Session('foo');
$service = new Service();
$service->get('/', function () {
$response = new Response(200, 'text/plain');
$response->setBody('Welcome!');
return $response;
});
$service->get('/:key', function ($key) use($session) {
$newCount = $session->has($key) ? $session->get($key) + 1 : 1;
$session->set($key, $newCount);
$response = new Response(200, 'text/plain');
$response->setBody(sprintf('count: %d', $newCount));
return $response;
});
$service->run()->send();
public function deleteDocument(Request $request, TokenInfo $tokenInfo)
{
$path = new Path($request->getUrl()->getPathInfo());
if ($path->getUserId() !== $tokenInfo->getUserId()) {
throw new ForbiddenException('path does not match authorized subject');
}
if (!$this->hasWriteScope($tokenInfo->getScope(), $path->getModuleName())) {
throw new ForbiddenException('path does not match authorized scope');
}
// need to get the version before the delete
$documentVersion = $this->remoteStorage->getVersion($path);
$ifMatch = $this->stripQuotes($request->getHeader('If-Match'));
// if document does not exist, and we have If-Match header set we should
// return a 412 instead of a 404
if (null !== $ifMatch && !in_array($documentVersion, $ifMatch)) {
throw new PreconditionFailedException('version mismatch');
}
if (null === $documentVersion) {
throw new NotFoundException(sprintf('document "%s" not found', $path->getPath()));
}
$ifMatch = $this->stripQuotes($request->getHeader('If-Match'));
if (null !== $ifMatch && !in_array($documentVersion, $ifMatch)) {
throw new PreconditionFailedException('version mismatch');
}
$x = $this->remoteStorage->deleteDocument($path, $ifMatch);
$rsr = new Response();
$rsr->setHeader('ETag', '"' . $documentVersion . '"');
$rsr->setBody($x);
return $rsr;
}
private function addNoCache(Response &$response)
{
$response->setHeader('Expires', 0);
$response->setHeader('Cache-Control', 'no-cache');
}
public function getAuthorization(Request $request, UserInfoInterface $userInfo)
{
$authorizeRequest = new AuthorizeRequest($request);
$clientId = $authorizeRequest->getClientId();
$responseType = $authorizeRequest->getResponseType();
$redirectUri = $authorizeRequest->getRedirectUri();
$scope = $authorizeRequest->getScope();
$state = $authorizeRequest->getState();
$clientData = $this->storage->getClient($clientId);
if (false === $clientData) {
throw new BadRequestException('client not registered');
}
if (null === $redirectUri) {
$redirectUri = $clientData->getRedirectUri();
} else {
if (!$clientData->verifyRedirectUri($redirectUri, $this->allowRegExpRedirectUriMatch)) {
throw new BadRequestException('specified redirect_uri not the same as registered redirect_uri');
}
// we now use the provided redirect_uri...
}
if ($responseType !== $clientData->getType()) {
return new ClientResponse($clientData, $request, $redirectUri, array('error' => 'unsupported_response_type', 'error_description' => 'response_type not supported by client profile'));
}
$scopeObj = new Scope($scope);
$allowedScopeObj = new Scope($clientData->getAllowedScope());
if (!$scopeObj->hasOnlyScope($allowedScopeObj)) {
return new ClientResponse($clientData, $request, $redirectUri, array('error' => 'invalid_scope', 'error_description' => 'not authorized to request this scope'));
}
if ($clientData->getDisableUserConsent()) {
// we do not require approval by the user, add implicit approval
$this->addApproval($clientData, $userInfo->getUserId(), $scope);
}
$approval = $this->storage->getApprovalByResourceOwnerId($clientId, $userInfo->getUserId());
$approvedScopeObj = new Scope($approval['scope']);
if (false === $approval || false === $scopeObj->hasOnlyScope($approvedScopeObj)) {
// we do not yet have an approval at all, or client wants more
// permissions, so we ask the user for approval
$response = new Response();
$response->setBody($this->templateManager->render('askAuthorization', array('resourceOwnerId' => $userInfo->getUserId(), 'sslEnabled' => 'https' === $request->getUrl()->getScheme(), 'contactEmail' => $clientData->getContactEmail(), 'scopes' => $scopeObj->toArray(), 'clientName' => $clientData->getName(), 'clientId' => $clientData->getId(), 'clientDescription' => $clientData->getDescription())));
return $response;
} else {
// we already have approval
if ('token' === $responseType) {
// implicit grant
// FIXME: return existing access token if it exists for this exact client, resource owner and scope?
$accessToken = $this->io->getRandomHex();
$this->storage->storeAccessToken($accessToken, $this->io->getTime(), $clientId, $userInfo->getUserId(), $scope, $this->accessTokenExpiry);
return new ClientResponse($clientData, $request, $redirectUri, array('access_token' => $accessToken, 'expires_in' => $this->accessTokenExpiry, 'token_type' => 'bearer', 'scope' => $scope));
} else {
// authorization code grant
$authorizationCode = $this->io->getRandomHex();
$this->storage->storeAuthorizationCode($authorizationCode, $userInfo->getUserId(), $this->io->getTime(), $clientId, $authorizeRequest->getRedirectUri(), $scope);
return new ClientResponse($clientData, $request, $redirectUri, array('code' => $authorizationCode));
}
}
}
private function executeCallback(Request $request, Route $route, array $availableRouteCallbackParameters)
{
if (null !== $this->pluginRegistry) {
$pluginResponse = $this->pluginRegistry->run($request, $route);
if ($pluginResponse instanceof Response) {
// received Response from plugin, return this immediately
return $pluginResponse;
}
$availableRouteCallbackParameters = array_merge($availableRouteCallbackParameters, $pluginResponse);
}
$availableRouteCallbackParameters[get_class($request)] = $request;
$response = $route->executeCallback($availableRouteCallbackParameters);
if (!$response instanceof Response) {
// if the response is a string, we assume it needs to be sent back
// to the client as text/html
if (!is_string($response)) {
throw new RuntimeException('callback return value must be Response object or string');
}
$htmlResponse = new Response();
$htmlResponse->setBody($response);
return $htmlResponse;
}
return $response;
}