/**
* Authorize action (/oauth/authorize)
*/
public function authorizeAction()
{
$server = $this->getOAuth2Server($this->params('oauth'));
$request = $this->getOAuth2Request();
$response = new OAuth2Response();
// validate the authorize request
$isValid = $this->server->validateAuthorizeRequest($request, $response);
if (!$isValid) {
return $this->getErrorResponse($response);
}
$authorized = $request->request('authorized', false);
if (empty($authorized)) {
$clientId = $request->query('client_id', false);
$view = new ViewModel(['clientId' => $clientId]);
$view->setTemplate('oauth/authorize');
return $view;
}
$isAuthorized = $authorized === 'yes';
$userIdProvider = $this->userIdProvider;
$this->server->handleAuthorizeRequest($request, $response, $isAuthorized, $userIdProvider($this->getRequest()));
$redirect = $response->getHttpHeader('Location');
if (!empty($redirect)) {
return $this->redirect()->toUrl($redirect);
}
return $this->getErrorResponse($response);
}
protected function authorize(OAuth2Request $request)
{
$response = new OAuth2Response();
$authService = $this->getAuthenticationService();
// validate the authorize request
if (!$this->server->validateAuthorizeRequest($request, $response)) {
return $this->handleResponse($response);
}
if (!$authService->hasIdentity()) {
return $this->handleNoIdentity();
}
$identityId = $authService->getIdentity();
//TODO request authorization from an user
/**
$authorized = $request->request('authorized', false);
if (empty($authorized)) {
$clientId = $request->query('client_id', false);
$view = new ViewModel(array('clientId' => $clientId));
$view->setTemplate('oauth/authorize');
return $view;
}
$is_authorized = ($authorized === 'yes');
*/
$is_authorized = true;
$this->server->handleAuthorizeRequest($request, $response, $is_authorized, $identityId);
return $this->handleResponse($response);
}
public function authorize()
{
$this->getUserProvider()->verifyUser();
$request = Request::createFromGlobals();
$response = new Response();
// validate the authorize request
if (!$this->server->validateAuthorizeRequest($request, $response)) {
$response->send();
die;
}
$client_id = $request->query("client_id");
$client = $this->storage->getClientDetails($client_id);
$user_id = $this->getUserProvider()->getUserId();
$is_authorized = $this->authorized($client_id, $user_id);
// display an authorization form
if (empty($_POST) && !$is_authorized) {
$html = Tpl::authorize($client);
exit($html);
}
// print the authorization code if the user has authorized your client
$this->server->handleAuthorizeRequest($request, $response, $is_authorized, $user_id);
if ($is_authorized) {
// this is only here so that you get to see your code in the cURL request. Otherwise, we'd redirect back to the client
$code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=') + 5, 40);
$response->send();
//exit("SUCCESS! Authorization Code: $code");
}
$response->send();
}
/**
* Authorize action (/oauth/authorize)
*/
public function authorizeAction()
{
$request = $this->getOAuth2Request();
$response = new OAuth2Response();
// validate the authorize request
if (!$this->server->validateAuthorizeRequest($request, $response)) {
$parameters = $response->getParameters();
$errorUri = isset($parameters['error_uri']) ? $parameters['error_uri'] : null;
return new ApiProblemResponse(new ApiProblem($response->getStatusCode(), $parameters['error_description'], $errorUri, $parameters['error']));
}
$authorized = $request->request('authorized', false);
if (empty($authorized)) {
$clientId = $request->query('client_id', false);
$view = new ViewModel(array('clientId' => $clientId));
$view->setTemplate('oauth/authorize');
return $view;
}
$is_authorized = $authorized === 'yes';
$this->server->handleAuthorizeRequest($request, $response, $is_authorized, $this->getRequest()->getQuery('user_id', null));
if ($is_authorized) {
$redirect = $response->getHttpHeader('Location');
if (!empty($redirect)) {
return $this->redirect()->toUrl($redirect);
}
}
$parameters = $response->getParameters();
$errorUri = isset($parameters['error_uri']) ? $parameters['error_uri'] : null;
return new ApiProblemResponse(new ApiProblem($response->getStatusCode(), $parameters['error_description'], $errorUri, $parameters['error']));
}
/**
* Invoke this route callback.
*
* @param ServerRequestInterface $request Represents the current HTTP request.
* @param ResponseInterface $response Represents the current HTTP response.
* @param array $arguments Values for the current route’s named placeholders.
*
* @return ResponseInterface
*/
public function __invoke(ServerRequestInterface $request, ResponseInterface $response, array $arguments = [])
{
$oauth2Request = Http\RequestBridge::toOAuth2($request);
$oauth2Response = new OAuth2\Response();
if (!$this->server->validateAuthorizeRequest($oauth2Request, $oauth2Response)) {
return Http\ResponseBridge::fromOAuth2($oauth2Response);
}
$authorized = $oauth2Request->request('authorized');
if (empty($authorized)) {
$response = Http\ResponseBridge::fromOAuth2($oauth2Response);
$this->view->render($response, $this->template, ['client_id' => $oauth2Request->query('client_id')]);
return $response->withHeader('Content-Type', 'text/html');
}
$this->server->handleAuthorizeRequest($oauth2Request, $oauth2Response, $authorized === 'yes');
return Http\ResponseBridge::fromOAuth2($oauth2Response);
}
/**
* Call this class as a function.
*
* @return void
*/
public function __invoke()
{
$request = MessageBridge::newOAuth2Request($this->slim->request());
$response = new OAuth2\Response();
$isValid = $this->server->validateAuthorizeRequest($request, $response);
if (!$isValid) {
MessageBridge::mapResponse($response, $this->slim->response());
return;
}
$authorized = $this->slim->request()->params('authorized');
if (empty($authorized)) {
$this->slim->render($this->template, ['client_id' => $request->query('client_id', false)]);
return;
}
//@TODO implement user_id
$this->server->handleAuthorizeRequest($request, $response, $authorized === 'yes');
MessageBridge::mapResponse($response, $this->slim->response());
}
public function handleAuthorizeRequest(\OAuth2\RequestInterface $request = null, \OAuth2\ResponseInterface $response = null, $isAuthorized = false, $userId = null)
{
if ($request === null) {
$request = $this->module->getRequest();
}
if ($response === null) {
$response = $this->module->getResponse();
}
return parent::handleAuthorizeRequest($request, $response, $isAuthorized, $userId);
}
public function handleAuthorizeRequest(HttpRequest $httpRequest, HttpResponse $httpResponse, $isAuthorized, $userId)
{
$format = $this->determineFormat($httpRequest);
$oauthRequest = $this->buildRequest($httpRequest);
$oauthResponse = new OAuthResponse();
$isValid = $this->server->validateAuthorizeRequest($oauthRequest, $oauthResponse);
if (!$isValid) {
return $this->buildResponse($format, $httpResponse, $oauthResponse);
}
$oauthResponse = $this->server->handleAuthorizeRequest($oauthRequest, $oauthResponse, $isAuthorized, $userId);
return $this->buildResponse($format, $httpResponse, $oauthResponse);
}
/**
* Handle submission from login form (Part 2 of the "Authorization Code" grant type)
*
* @link http://tools.ietf.org/html/rfc6749#section-4.1.1 Authorization Request
* @param Request $request
* @return Response
*/
public function authorizeFormSubmit(Request $request)
{
$user = $this->getUserFromRequest($request);
if (!$user) {
return $this->createInvalidCredentialResponse();
}
$attemptedPassword = $request->get('password');
$hashedPassword = $user->getPassword();
$correctPassword = $this->verifyPassword($attemptedPassword, $hashedPassword);
if (!$correctPassword) {
return $this->createInvalidCredentialResponse();
}
// Automatically authorize the user
$authorized = true;
// The OAuth2 library assumes variables as GET params, but for security purposes they are POST. Convert here.
$requestData = $request->getMethod() === 'GET' ? $request->query : $request->request;
$oauthRequest = new OAuthRequest($requestData->all());
$oauthResponse = new BridgeResponse();
$response = $this->server->handleAuthorizeRequest($oauthRequest, $oauthResponse, $authorized, $user->getId());
return $response;
}
public function testAddingResponseType()
{
$storage = $this->getMock('OAuth2\\Storage\\Memory');
$storage->expects($this->any())->method('getClientDetails')->will($this->returnValue(array('client_id' => 'some_client')));
$storage->expects($this->any())->method('checkRestrictedGrantType')->will($this->returnValue(true));
// add with the "code" key explicitly set
$codeType = new AuthorizationCode($storage);
$server = new Server();
$server->addStorage($storage);
$server->addResponseType($codeType);
$request = new Request(array('response_type' => 'code', 'client_id' => 'some_client', 'redirect_uri' => 'http://example.com', 'state' => 'xyx'));
$server->handleAuthorizeRequest($request, $response = new Response(), true);
// the response is successful
$this->assertEquals($response->getStatusCode(), 302);
$parts = parse_url($response->getHttpHeader('Location'));
parse_str($parts['query'], $query);
$this->assertTrue(isset($query['code']));
$this->assertFalse(isset($query['error']));
// add with the "code" key not set
$codeType = new AuthorizationCode($storage);
$server = new Server(array($storage), array(), array(), array($codeType));
$request = new Request(array('response_type' => 'code', 'client_id' => 'some_client', 'redirect_uri' => 'http://example.com', 'state' => 'xyx'));
$server->handleAuthorizeRequest($request, $response = new Response(), true);
// the response is successful
$this->assertEquals($response->getStatusCode(), 302);
$parts = parse_url($response->getHttpHeader('Location'));
parse_str($parts['query'], $query);
$this->assertTrue(isset($query['code']));
$this->assertFalse(isset($query['error']));
}
/**
* Stage 2: User response is captured here
*
* Success or failure is communicated back to the Client using the redirect
* url provided by the client
*
* On success authorization code is sent along
*
*
* @param bool $authorize
*
* @return \OAuth2\Response
*
* @format JsonFormat,UploadFormat
*/
public function postAuthorize($authorize = false)
{
static::$server->handleAuthorizeRequest(static::$request, new Response(), (bool) $authorize)->send();
exit;
}
