/**
* @param \Flywheel\Http\WebRequest $request
* @param \Flywheel\Http\WebResponse $response
* @return \Flywheel\OAuth2\DataStore\IUserCredentials
*/
private function getClientCredentials($request, $response)
{
if (!is_null($request->getHttpHeader('PHP_AUTH_USER')) && !is_null($request->getHttpHeader('PHP_AUTH_PW'))) {
return array('client_id' => $request->getHttpHeader('PHP_AUTH_USER'), 'client_secret' => $request->getHttpHeader('PHP_AUTH_PW'));
}
// if ($this->config['allow_credentials_in_request_body']) {
// // Using POST for HttpBasic authorization is not recommended, but is supported by specification
// if (!is_null($request->request('client_id'))) {
// /**
// * client_secret can be null if the client's password is an empty string
// * @see http://tools.ietf.org/html/rfc6749#section-2.3.1
// */
// return array('client_id' => $request->request('client_id'), 'client_secret' => $request->request('client_secret'));
// }
// }
// if ($response) {
// $message = $this->config['allow_credentials_in_request_body'] ? ' or body' : '';
// $response->setError(400, 'invalid_client', 'Client credentials were not found in the headers'.$message);
// }
return null;
$username = $request->post('username');
$password = $request->post('password');
return $this->_dataStore->getUser($username, $password);
}
/**
* Validate if request for grant type is valid or not
* @param \Flywheel\Http\WebRequest $request
* @param \Flywheel\Http\WebResponse $response
* @throws \Exception
* @return boolean
*/
public function validateRequest(WebRequest $request, WebResponse $response)
{
if (!$request->post('code')) {
throw new OAuth2Exception(OAuth2Exception::INVALID_REQUEST);
}
$code = $request->request('code');
if (!($authCode = $this->_dataStore->getAuthorizationCode($code))) {
throw new OAuth2Exception(OAuth2Exception::INVALID_REQUEST);
}
$redirect_uri = $authCode->getRedirectUri();
/*
* 4.1.3 - ensure that the "redirect_uri" parameter is present if the "redirect_uri" parameter was included in the initial authorization request
* @uri - http://tools.ietf.org/html/rfc6749#section-4.1.3
*/
if (!empty($redirect_uri)) {
$requested_uri = $request->post($this->_config->get(BaseServerConfig::REDIRECT_URI_PARAM, 'redirect_uri'));
if (empty($redirect_uri)) {
$request->get($this->_config->get(BaseServerConfig::REDIRECT_URI_PARAM, 'redirect_uri'));
}
$requested_uri = urldecode($requested_uri);
if ($requested_uri != $redirect_uri) {
throw new OAuth2Exception(OAuth2Exception::REDIRECT_URI_MISMATCH);
}
}
$expired = $authCode->getExpiredDate();
if (!$expired instanceof \DateTime) {
throw new OAuth2Exception(OAuth2Exception::MISSING_EXPIRED_TIME);
}
if ($expired->getTimestamp() < time()) {
throw new OAuth2Exception(OAuth2Exception::EXPIRED_AUTHORIZE_CODE);
}
/*if (!isset($authCode['code'])) {
$authCode['code'] = $code; // used to expire the code after the access token is granted
}*/
$this->_authCode = $authCode;
return true;
}
