public function fetchWithClientCredentials(tubepress_spi_http_oauth2_Oauth2ProviderInterface $provider)
{
$tokenUrl = $provider->getTokenEndpoint();
$clientId = $this->_persistenceHelper->getClientId($provider);
$clientSecret = $this->_persistenceHelper->getClientSecret($provider);
$request = $this->_httpClient->createRequest('POST', $tokenUrl, array('body' => array('grant_type' => 'client_credentials')));
$provider->onAccessTokenRequest($request, $clientId, $clientSecret);
return $this->_fetchAndBuildToken($request, $provider);
}
public function testGetTokenUseFirst()
{
$mockProvider = $this->mock(tubepress_spi_http_oauth2_Oauth2ProviderInterface::_);
$mockProvider->shouldReceive('getName')->once()->andReturn('name');
$this->_mockContext->shouldReceive('get')->once()->with(tubepress_api_options_Names::OAUTH2_TOKEN)->andReturn(null);
$this->_mockContext->shouldReceive('get')->once()->with(tubepress_api_options_Names::OAUTH2_TOKENS)->andReturn(json_encode(array('name' => array('slug1' => array('access_token' => 'slug1token', 'refresh_token' => 'slug1refresh', 'expiry_unix' => '3333', 'extra' => array('foo' => 'bar')), 'slug2' => array('access_token' => 'slug2token', 'refresh_token' => 'slug2refresh', 'expiry_unix' => '777', 'extra' => array('fooz' => 'baz'))))));
$actual = $this->_sut->getStoredToken($mockProvider);
$this->assertInstanceOf('tubepress_api_http_oauth_v2_TokenInterface', $actual);
}
/**
* {@inheritdoc}
*/
protected function getTemplateVariables()
{
$clientId = $this->_persistenceHelper->getClientId($this->_provider);
$clientSecret = $this->_persistenceHelper->getClientSecret($this->_provider);
$tokens = $this->getOptionPersistence()->fetch(tubepress_api_options_Names::OAUTH2_TOKENS);
$decodedTokens = json_decode($tokens, true);
$providerName = $this->_provider->getName();
if (!isset($decodedTokens[$providerName]) || !is_array($decodedTokens[$providerName])) {
$slugs = array();
} else {
$slugs = array_keys($decodedTokens[$providerName]);
}
return array('clientId' => $clientId, 'clientSecret' => $clientSecret, 'provider' => $this->_provider, 'oauth2StartUrl' => $this->_oauth2Environment->getAuthorizationInitiationUrl($this->_provider), 'slugs' => $slugs);
}
/**
* {@inheritdoc}
*/
protected function getProviderByName($providerName)
{
$provider = parent::getProviderByName($providerName);
$clientId = $this->_persistenceHelper->getClientId($provider);
if (!$clientId) {
throw new RuntimeException(sprintf('No saved client ID for %s', $provider->getDisplayName()));
}
$clientSecret = $this->_persistenceHelper->getClientSecret($provider);
if ($provider->isClientSecretUsed() && !$clientSecret) {
throw new RuntimeException(sprintf('%s does not have a client secret', $provider->getDisplayName()));
}
return $provider;
}
public function onHttpRequest(tubepress_api_event_EventInterface $event)
{
/**
* @var tubepress_api_http_message_RequestInterface
*/
$request = $event->getSubject();
$providers = $this->getAllProviders();
$requestConfig = $request->getConfig();
if (!array_key_exists('tubepress-remote-api-call', $requestConfig)) {
return;
}
if ($requestConfig['tubepress-remote-api-call'] !== true) {
return;
}
if ($this->_shouldLog) {
$this->_logDebug(sprintf('OAuth2 signing listener invoked for <code>%s</code> to <code>%s</code> with <code>%d</code> registered OAuth2 provider(s)', $request->getMethod(), $request->getUrl(), count($providers)));
}
foreach ($providers as $provider) {
if ($this->_shouldLog) {
$this->_logDebug(sprintf('Seeing if %s wants to authorize <code>%s</code> to <code>%s</code>', $provider->getDisplayName(), $request->getMethod(), $request->getUrl()));
}
if (!$provider->wantsToAuthorizeRequest($request)) {
if ($this->_shouldLog) {
$this->_logDebug(sprintf('%s declined to authorize <code>%s</code> to <code>%s</code>', $provider->getDisplayName(), $request->getMethod(), $request->getUrl()));
}
continue;
}
if ($this->_shouldLog) {
$this->_logDebug(sprintf('%s wants to authorize <code>%s</code> to <code>%s</code>', $provider->getDisplayName(), $request->getMethod(), $request->getUrl()));
}
$token = $this->_persistenceHelper->getStoredToken($provider);
if (!$token) {
if ($this->_shouldLog) {
$this->_logDebug(sprintf('No saved token for %s to use, or user requested no signing.', $provider->getDisplayName()));
}
break;
}
if ($token->isExpired()) {
if ($this->_shouldLog) {
$this->_logDebug('Existing token has expired.');
}
if (!$token->getRefreshToken()) {
if ($this->_shouldLog) {
$this->_logDebug(sprintf('Token for %s has expired and no refresh token available.', $provider->getDisplayName()));
}
break;
}
if ($this->_shouldLog) {
$this->_logDebug(sprintf('Token for %s has expired. We will try to refresh it.', $provider->getDisplayName()));
}
$oldToken = $token;
$newToken = $this->_accessTokenFetcher->fetchWithRefreshToken($provider, $token);
if (!$newToken) {
if ($this->_shouldLog) {
$this->_logDebug(sprintf('Unable to refresh token for %s. Boo.', $provider->getDisplayName()));
}
break;
}
if ($this->_shouldLog) {
$this->_logDebug(sprintf('Successfully refreshed token for %s. Yay.', $provider->getDisplayName()));
}
$token = $newToken;
$this->_persistenceHelper->updateToken($oldToken, $newToken);
}
$clientId = $this->_persistenceHelper->getClientId($provider);
$clientSecret = $this->_persistenceHelper->getClientSecret($provider);
if ($token && $clientId) {
$provider->authorizeRequest($request, $token, $clientId, $clientSecret);
break;
}
}
}
/**
* {@inheritdoc}
*/
protected function getTemplateVariables()
{
$clientId = $this->_persistenceHelper->getClientId($this->_provider);
return array('id' => $this->getId(), 'value' => $clientId);
}
