/** * Handle middleware * * @param Request $request * @param callable $next * @return mixed */ public function handle(Request $request, Closure $next) { //Get account $account = $this->getAccountFromRouting(); //Set account in context $this->context->setAccount($account); //If the owner type is User if ($this->authorizer->getResourceOwnerType() == 'user') { //Find the user $user = $this->userRepository->find($this->authorizer->getResourceOwnerId()); //If we have account in the route if ($account) { //Check if the user has access to the account if (!$user->isAssociateToAccount($account)) { return $this->response->errorUnauthorized("You don't have access to the account {$account->uuid}"); } } //Add context processor to log $this->log->addProcessors([new ContextProcessor($user, isset($account) ? $account : null)]); //Set the user in context $this->context->setUser($user); } // Set application locale $this->setApplicationLocale(); return $next($request); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * * @throws \League\OAuth2\Server\Exception\AccessDeniedException * * @return mixed */ public function handle($request, Closure $next) { $this->authorizer->setRequest($request); if ($this->authorizer->getResourceOwnerType() !== 'user') { throw new AccessDeniedException(); } return $next($request); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * * @throws \League\OAuth2\Server\Exception\AccessDeniedException * * @return mixed */ public function handle($request, Closure $next) { $this->authorizer->setRequest($request); $this->authorizer->validateAccessToken($this->httpHeadersOnly); if ($this->authorizer->getResourceOwnerType() !== 'client') { throw new AccessDeniedException(); } return $next($request); }
/** * The main filter method * @internal param mixed $route, mixed $request, mixed $owners,... * @return null * @throws \League\OAuth2\Server\Exception\AccessDeniedException */ public function filter() { if (func_num_args() > 2) { $ownerTypes = array_slice(func_get_args(), 2); if (!in_array($this->authorizer->getResourceOwnerType(), $ownerTypes)) { throw new AccessDeniedException(); } } return null; }
/** * Get the resource owner type of the current request (client or user). * * @return string * @static */ public static function getResourceOwnerType() { return \LucaDegasperi\OAuth2Server\Authorizer::getResourceOwnerType(); }
function it_filters_if_resource_owners_are_not_allowed(Authorizer $authorizer) { $authorizer->getResourceOwnerType()->willReturn('user')->shouldBeCalled(); $this->shouldThrow('\\League\\OAuth2\\Server\\Exception\\AccessDeniedException')->duringFilter('foo', 'bar', 'client'); }