Example #1
0
 public function checkClientCredentialsGrant(IOAuth2Client $client, $client_secret)
 {
     if ($result = parent::checkClientCredentialsGrant($client, $client_secret)) {
         if ($client instanceof ExternalApp) {
             return array('data' => $client->getUser());
         }
     }
     return $result;
 }
 /**
  * {@inheritdoc}
  */
 public function authenticate(TokenInterface $token)
 {
     $credentials = $token->getCredentials();
     if (is_null($credentials)) {
         throw new AuthenticationException(OAuth2::HTTP_BAD_REQUEST, null, 'Empty credentials');
     }
     $client = $this->storage->getClient($credentials[0]);
     if (is_null($client)) {
         throw new AuthenticationException(OAuth2::ERROR_INVALID_CLIENT);
     }
     if ($this->storage->checkClientCredentials($client, $credentials[1]) === false) {
         throw new AuthenticationException(OAuth2::ERROR_INVALID_CLIENT);
     }
     $token->eraseCredentials();
     $newToken = new SharedSecretToken(array("ROLE_SHARED_SECRET", "ROLE_OAUTH_CLIENT"));
     $newToken->setClient($client);
     $newToken->setAuthenticated(true);
     return $newToken;
 }
 /**
  * This authentification is role based
  * @see OAuth2\IOAuth2GrantExtension::checkGrantExtension
  */
 public function checkGrantExtension(IOAuth2Client $client, array $inputData, array $authHeaders)
 {
     if (!isset($inputData['username'])) {
         throw new OAuth2ServerException(OAuth2::HTTP_BAD_REQUEST, OAuth2::ERROR_INVALID_REQUEST, 'No "username" parameter found');
     }
     if (!isset($inputData['password'])) {
         throw new OAuth2ServerException(OAuth2::HTTP_BAD_REQUEST, OAuth2::ERROR_INVALID_REQUEST, 'No "password" parameter found');
     }
     if (!isset($inputData['required_role'])) {
         throw new OAuth2ServerException(OAuth2::HTTP_BAD_REQUEST, OAuth2::ERROR_INVALID_REQUEST, 'No "required_role" parameter found');
     }
     $username = $inputData['username'];
     $password = $inputData['password'];
     $role = $inputData['required_role'];
     $stored = $this->storage->checkUserCredentials($client, $username, $password);
     if ($stored === false) {
         throw new OAuth2ServerException(OAuth2::HTTP_BAD_REQUEST, OAuth2::ERROR_INVALID_GRANT, "Invalid username and password combination");
     }
     $user = $stored['data'];
     if (!$this->isGranted($role, $user)) {
         throw new OAuth2ServerException(OAuth2::HTTP_BAD_REQUEST, OAuth2::ERROR_INVALID_GRANT, "User is not granted {$role}");
     }
     return ['data' => $user];
 }