public function addToken($name, $description, $expiresAt, User $user, array $scopes = [])
{
$collection = $this->getDocumentManager()->getCollection('basicTokens');
$accessTokenDocument = $collection->createDocument();
$accessTokenDocument->setName($name);
$accessTokenDocument->setDescription($description);
$accessTokenDocument->addRelation('user', $user);
$scopeIds = [];
foreach ($scopes as $scope) {
$scopeIds[] = $scope->getId();
}
$accessTokenDocument->setScopeIds($scopeIds);
if (isset($expiresAt)) {
$expiresDate = new \DateTime();
$expiresDate->setTimestamp($expiresAt);
$accessTokenDocument->setExpiresAt(\API\Util\Date::dateTimeToMongoDate($expiresDate));
}
//Generate token
$accessTokenDocument->setKey(\API\Util\OAuth::generateToken());
$accessTokenDocument->setSecret(\API\Util\OAuth::generateToken());
$currentDate = new \DateTime();
$accessTokenDocument->setCreatedAt(\API\Util\Date::dateTimeToMongoDate($currentDate));
$accessTokenDocument->save();
$this->single = true;
$this->setAccessTokens([$accessTokenDocument]);
return $accessTokenDocument;
}
/**
* Logs the user in.
*
* @return \API\Document\User The user document
*/
public function loginGet($request)
{
// CSRF protection
$_SESSION['csrfToken'] = OAuth::generateCsrfToken();
}
/**
* Get agent profile service.
*/
public function init()
{
$this->setOAuthService(new OAuthService($this->getSlim()));
$this->setUserService(new UserService($this->getSlim()));
OAuth::loadSession();
}
/**
* POST authorize data.
*
* @param $request [description]
*
* @return [type] [description]
*/
public function authorizePost($request)
{
$postParams = new Set($request->post());
$params = new Set($request->get());
// CSRF protection
if (!$postParams->has('csrfToken') || !isset($_SESSION['csrfToken']) || $postParams->get('csrfToken') !== $_SESSION['csrfToken']) {
throw new \Exception('Invalid CSRF token.', Resource::STATUS_BAD_REQUEST);
}
// TODO: Improve this, load stuff from config, add documented error codes, separate stuff into functions, etc.
if ($postParams->get('action') === 'accept') {
$expiresAt = time() + 3600;
$collection = $this->getDocumentManager()->getCollection('oAuthClients');
$cursor = $collection->find();
$cursor->where('clientId', $params->get('client_id'));
$clientDocument = $cursor->current();
$collection = $this->getDocumentManager()->getCollection('users');
$userDocument = $collection->getDocument($_SESSION['userId']);
$collection = $this->getDocumentManager()->getCollection('authScopes');
$scopeDocuments = [];
$scopes = explode(',', $params->get('scope'));
foreach ($scopes as $scope) {
$cursor = $collection->find();
$cursor->where('name', $scope);
$scopeDocument = $cursor->current();
if (null === $scopeDocument) {
throw new \Exception('Invalid scope given!', Resource::STATUS_BAD_REQUEST);
}
$scopeDocuments[] = $scopeDocument;
}
$code = Util\OAuth::generateToken();
$token = $this->addToken($expiresAt, $userDocument, $clientDocument, $scopeDocuments, $code);
$this->token = $token;
$redirectUri = Url::createFromUrl($params->get('redirect_uri'));
$redirectUri->getQuery()->modify(['code' => $token->getCode()]);
//We could also use just $code
$this->redirectUri = $redirectUri;
} elseif ($postParams->get('action') === 'deny') {
$redirectUri = Url::createFromUrl($params->get('redirect_uri'));
$redirectUri->getQuery()->modify(['error' => 'User denied authorization!']);
$this->redirectUri = $redirectUri;
} else {
throw new Exception('Invalid.', Resource::STATUS_BAD_REQUEST);
}
}
