/** * {@inheritdoc} */ public function getUserEntityByUserCredentials($username, $password, $grantType, ClientEntityInterface $clientEntity) { $di = new Di(); /** @var Security $security */ $security = $di->getShared('security'); $user = Users::query()->where("username = :username:")->bind(['username' => $username])->limit(1)->execute()->toArray(); $correctDetails = false; if (count($user) === 1) { $user = current($user); if ($security->checkHash($password, $user['password'])) { $correctDetails = true; } else { $security->hash(rand()); } } else { // prevent timing attacks $security->hash(rand()); } if ($correctDetails) { //$scope = new ScopeEntity(); //$scope->setIdentifier('email'); //$scopes[] = $scope; return new UserEntity($user); } return null; }
public function post() { /** @var AuthorizationServer $server */ $server = $this->di->get('authorizationServer'); $allowedResponseTypes = ['code', 'token']; $error = null; $result = []; $response_type = $this->request->getPost('response_type'); $request = new Request($this->request); $response = new Response($this->response); switch ($response_type) { case 'code': try { $authRequest = $server->validateAuthorizationRequest($request); // The auth request object can be serialized and saved into a user's session. // You will probably want to redirect the user at this point to a login endpoint. // Assuming user ID 1 has been logged-in... $user = Users::findFirst(['id' => 1])->toArray(); // Once the user has logged in set the user on the AuthorizationRequest $authRequest->setUser(new UserEntity($user)); // an instance of UserEntityInterface // At this point you should redirect the user to an authorization page. // This form will ask the user to approve the client and the scopes requested. // Once the user has approved or denied the client update the status // (true = approved, false = denied) $authRequest->setAuthorizationApproved(true); // Return the HTTP redirect response $url = $server->completeAuthorizationRequest($authRequest, $response)->getHeader('Location'); $this->response->redirect($url); } catch (OAuthServerException $exception) { $error = [$exception->getMessage(), $exception->getHttpStatusCode(), null, ['dev' => $exception->getHint()]]; } catch (\Exception $exception) { $error = ['Unknown error', 500, ['dev' => $exception->getMessage(), 'internalCode' => 'P1005', 'more' => '']]; } break; case 'token': try { // Validate the HTTP request and return an AuthorizationRequest object. $authRequest = $server->validateAuthorizationRequest($request); // The auth request object can be serialized and saved into a user's session. // You will probably want to redirect the user at this point to a login endpoint. // for simplicity we assume that user with id 1 has been logged-in $user = Users::findFirst(['id' => 1])->toArray(); // Once the user has logged in set the user on the AuthorizationRequest $authRequest->setUser(new UserEntity($user)); // an instance of UserEntityInterface // At this point you should redirect the user to an authorization page. // This form will ask the user to approve the client and the scopes requested. // Once the user has approved or denied the client update the status // (true = approved, false = denied) $authRequest->setAuthorizationApproved(true); // Return the HTTP redirect response $redirectUrl = $server->completeAuthorizationRequest($authRequest, $response)->getHeader('Location'); $this->response->redirect($redirectUrl); } catch (OAuthServerException $exception) { switch ($exception->getCode()) { case 9: $url = $exception->generateHttpResponse($response)->getHeader('Location'); $this->response->redirect($url); break; default: $error = [$exception->getMessage(), $exception->getHttpStatusCode(), null, ['dev' => $exception->getHint()]]; } } catch (\Exception $exception) { $error = ['Unknown error', 500, ['dev' => $exception->getMessage(), 'internalCode' => 'P1003', 'more' => '']]; } break; default: $error = ["The response type is not allowed {$response_type}", 400, ['dev' => "Allowed response types are: " . implode(', ', $allowedResponseTypes), 'internalCode' => 'P1001', 'more' => '']]; } if ($error !== null && is_array($error) && count($error) === 3) { throw new HttpException($error[0], $error[1], null, $error[2]); } return json_decode($result, true); }