Example #1
0
 /**
  * Given a client, grant type and optional user identifier validate the set of scopes requested are valid and optionally
  * append additional scopes or remove requested scopes.
  *
  * @param array<ScopeEntityInterface> $scopes
  * @param string $grantType
  * @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $clientEntity
  * @param string $userIdentifier
  *
  * @return array<\League\OAuth2\Server\Entities\Interfaces\ScopeEntityInterface>
  **/
 public function finalizeScopes(array $scopes, $grantType, ClientEntityInterface $clientEntity, $userIdentifier = null)
 {
     $builder = (new Builder())->columns(['Scope.id'])->addFrom(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\Scope::class, 'Scope');
     $scopesIdentifiers = [];
     foreach ($scopes as $scope) {
         $scopesIdentifiers[] = $scope->getIdentifier();
     }
     $builder->inWhere('Scope.id', $scopesIdentifiers);
     if ($this->getConfig()->limit_scopes_to_grants === true) {
         $builder->innerJoin(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\GrantScope::class, 'GrantScope.scope_id = Scope.id', 'GrantScope')->innerJoin(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\Grant::class, 'Grant.id = GrantScope.grant_id', 'Grant')->andWhere('Grant.id = :grantType:', compact('grantType'));
     }
     if ($this->getConfig()->limit_clients_to_scopes === true) {
         $builder->innerJoin(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\ClientScope::class, 'ClientScope.scope_id = Scope.id', 'ClientScope')->innerJoin(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\Client::class, 'Client.id = ClientScope.client_id', 'Client')->andWhere('Client.id = :client_id:', ['client_id' => $clientEntity->getIdentifier()]);
     }
     if ($this->getConfig()->limit_users_to_scopes === true) {
         $builder->innerJoin(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\UserScope::class, 'UserScope.scope_id = Scope.id', 'UserScope')->innerJoin(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\User::class, 'User.id = UserScope.user_id', 'User')->AndWhere('User.id = :userIdentifier:', compact('userIdentifier'));
     }
     $query = $builder->getQuery();
     $result = $query->execute();
     if (!$result || $result->count() <= 0) {
         $scope = current($scopes);
         throw OAuthServerException::invalidScope($scope->getIdentifier());
     }
     $entities = [];
     foreach ($result as $scope) {
         $entity = new ScopeEntity();
         $entity->setIdentifier($scope->id);
         $entities[] = $entity;
     }
     return $entities;
 }
Example #2
0
 protected function provideExtras(&$extras)
 {
     parent::provideExtras($extras);
     $extras['status'] = 401;
 }