/**
  * @param \Symfony\Component\HttpFoundation\Request $request
  * @param bool $headerOnly
  * @throws \Atrauzzi\Oauth2Server\Exception\AccessDenied
  * @throws \Atrauzzi\Oauth2Server\Exception\InvalidRequest
  */
 public function authorize(Request $request, $headerOnly = true)
 {
     if ($authorizationHeader = $request->headers->get('Authorization')) {
         $accessTokenId = $this->config->getTokenStrategy()->determineAccessTokenInHeader($request);
     } elseif (!$headerOnly) {
         $accessTokenId = $request->get($this->config->getTokenKey());
     } else {
         throw new InvalidRequest('access_token');
     }
     $accessToken = $this->accessTokenRepository->find($accessTokenId);
     if (empty($accessToken)) {
         throw new AccessDenied();
     }
     if ($accessToken->isExpired()) {
         throw new AccessDenied();
     }
 }
 /**
  * Conducts the checks and operations necessary for the flow indicated in the request.
  *
  * @param \Symfony\Component\HttpFoundation\Request $request
  * @param int $grantTypeFlow
  * @param \Atrauzzi\Oauth2Server\Domain\Entity\Oauthable $oauthable
  * @return array
  * @throws \Atrauzzi\Oauth2Server\Exception\InvalidClient
  * @throws \Atrauzzi\Oauth2Server\Exception\InvalidRequest
  */
 public function doFlow(Request $request, $grantTypeFlow, Oauthable $oauthable = null)
 {
     if (!($clientId = $request->get('client_id', $request->getUser()))) {
         throw new InvalidRequest('client_id');
     }
     if (!($clientSecret = $request->get('client_secret', $request->getPassword()))) {
         throw new InvalidRequest('client_secret');
     }
     if (!($client = $this->clientRepository->find($clientId, $clientSecret, $this->getIdentifier()))) {
         throw new InvalidClient();
     }
     $scopes = $this->scopeService->findValid($request->get('scope'));
     //
     //
     $accessToken = $this->accessTokenRepository->create(SecureKey::generate(), $this->config->getAccessTokenTtl() + time(), $oauthable->getId(), $oauthable->getType(), $client->getId(), array_keys($scopes));
     // ToDo: Do we do refresh tokens for this grant type?
     $this->accessTokenRepository->persist($accessToken);
     $tokenStrategy = $this->config->getTokenStrategy();
     $tokenStrategy->setParam('access_token', $accessToken->getId());
     $tokenStrategy->setParam('expires_in', $this->config->getAccessTokenTtl());
     return $tokenStrategy->generateResponse();
 }
Exemple #3
0
 /**
  * @param \Symfony\Component\HttpFoundation\Request $request
  * @param int $grantTypeFlow
  * @param \Atrauzzi\Oauth2Server\Domain\Entity\Oauthable $oauthable
  * @return mixed
  * @throws \Atrauzzi\Oauth2Server\Exception\InvalidClient
  * @throws \Atrauzzi\Oauth2Server\Exception\InvalidCredentials
  * @throws \Atrauzzi\Oauth2Server\Exception\InvalidRequest
  * @throws \Atrauzzi\Oauth2Server\Exception\InvalidScope
  * @throws \Atrauzzi\Oauth2Server\Exception\ServerError
  */
 public function doFlow(Request $request, $grantTypeFlow, Oauthable $oauthable = null)
 {
     if (!$oauthable instanceof Oauthable) {
         throw new InvalidCredentials();
     }
     if ($clientId = $request->get('client_id', $request->getUser())) {
         throw new InvalidRequest('client_id');
     }
     if ($clientSecret = $request->get('client_secret', $request->getPassword())) {
         throw new InvalidRequest('client_secret');
     }
     if (!($client = $this->clientRepository->find($clientId, $clientSecret, $this->getIdentifier()))) {
         throw new InvalidClient();
     }
     if (!($username = $request->get('username'))) {
         throw new InvalidRequest('username');
     }
     if ($password = $request->get('password')) {
         throw new InvalidRequest('password');
     }
     //
     //
     $scopes = $this->scopeService->findValid($request->get('scopes'), $this->getIdentifier(), $client->getId());
     $accessToken = $this->accessTokenRepository->create(SecureKey::generate(), $this->config->getAccessTokenTtl() + time(), $oauthable->getId(), $oauthable->getType(), $client->getId(), array_keys($scopes));
     $tokenStrategy = $this->config->getTokenStrategy();
     if ($this->config->hasGrantType('refresh_token')) {
         $refreshToken = $this->refreshTokenRepository->create(SecureKey::generate(), $this->config->getRefreshTokenTtl() + time(), $oauthable->getId(), $oauthable->getType(), $client->getId(), array_keys($scopes));
         $this->refreshTokenRepository->persist($refreshToken);
         $accessToken->setRefreshTokenId($refreshToken->getId());
         $tokenStrategy->setParam('refresh_token', $refreshToken->getId());
     }
     $this->accessTokenRepository->persist($accessToken);
     $tokenStrategy->setParam('access_token', $accessToken->getId());
     $tokenStrategy->setParam('expires_in', $this->config->getAccessTokenTtl());
     return $tokenStrategy->generateResponse();
 }
 /**
  * @param \Symfony\Component\HttpFoundation\Request $request
  * @param int $grantTypeFlow
  * @param \Atrauzzi\Oauth2Server\Domain\Entity\Oauthable $oauthable
  * @return array
  * @throws \Atrauzzi\Oauth2Server\Exception\InvalidClient
  * @throws \Atrauzzi\Oauth2Server\Exception\InvalidCredentials
  * @throws \Atrauzzi\Oauth2Server\Exception\InvalidRefresh
  * @throws \Atrauzzi\Oauth2Server\Exception\InvalidRequest
  * @throws \Atrauzzi\Oauth2Server\Exception\InvalidScope
  * @throws \Atrauzzi\Oauth2Server\Exception\UnsupportedFlow
  */
 public function doFlow(Request $request, $grantTypeFlow, Oauthable $oauthable = null)
 {
     if ($grantTypeFlow != self::FLOW_DEFAULT) {
         throw new UnsupportedFlow(get_class(), $grantTypeFlow);
     }
     if (!($clientId = $request->get('client_id', $request->getUser()))) {
         throw new InvalidRequest('client_id');
     }
     if (!($clientSecret = $request->get('client_secret', $request->getPassword()))) {
         throw new InvalidRequest('client_secret');
     }
     if (!($oldRefreshTokenParam = $request->get('refresh_token', null))) {
         throw new InvalidRequest('refresh_token');
     }
     if (!($client = $this->clientRepository->find($clientId, $clientSecret, $this->getIdentifier()))) {
         throw new InvalidClient();
     }
     if (!($originalRefreshToken = $this->refreshTokenRepository->find($oldRefreshTokenParam))) {
         throw new InvalidRefresh();
     }
     if ($originalRefreshToken->isExpired()) {
         throw new InvalidRefresh();
     }
     //
     //
     $originalScopes = $originalRefreshToken->getScopeNames();
     $requestedScopes = array_keys($this->scopeService->findValid($request->get('scope'), null, $client->getId(), $this->getIdentifier()));
     $disallowedScopes = array_diff($requestedScopes, $originalScopes);
     if (count($disallowedScopes)) {
         throw new InvalidScope($disallowedScopes);
     }
     $scopes = count($requestedScopes) ? $requestedScopes : $originalScopes;
     $accessToken = $this->accessTokenRepository->create(SecureKey::generate(), $this->config->getAccessTokenTtl() + time(), $originalRefreshToken->getOauthableId(), $originalRefreshToken->getOauthableType(), $client->getId(), $scopes);
     $tokenStrategy = $this->config->getTokenStrategy();
     if ($this->config->shouldRotateRefreshTokens()) {
         $newRefreshToken = $this->refreshTokenRepository->create(SecureKey::generate(), $this->config->getRefreshTokenTtl() + time(), $originalRefreshToken->getOauthableId(), $originalRefreshToken->getOauthableType(), $client->getId(), $scopes);
         $this->refreshTokenRepository->delete($originalRefreshToken);
         unset($originalRefreshToken);
         $this->refreshTokenRepository->persist($newRefreshToken);
         $accessToken->setRefreshTokenId($newRefreshToken->getId());
         // ToDo: Should we try to convey refresh token expiry?
         $tokenStrategy->setParam('refresh_token', $newRefreshToken->getId());
     }
     $this->accessTokenRepository->persist($accessToken);
     $tokenStrategy->setParam('access_token', $accessToken->getId());
     $tokenStrategy->setParam('expires_in', $this->config->getAccessTokenTtl());
     return $tokenStrategy->generateResponse();
 }
 /**
  * Exchange an oauth code for an access and optionally a refresh token.
  *
  * @param \Symfony\Component\HttpFoundation\Request $request
  * @return array
  * @throws \Atrauzzi\Oauth2Server\Exception\InvalidClient
  * @throws \Atrauzzi\Oauth2Server\Exception\InvalidRequest
  */
 protected function doExchangeFlow(Request $request)
 {
     if (!($clientId = $request->get('client_id', $request->getUser()))) {
         throw new InvalidRequest('client_id');
     }
     if (!($clientSecret = $request->get('client_secret', $request->getPassword()))) {
         throw new InvalidRequest('client_secret');
     }
     if (!($redirectUri = $request->request->get('redirect_uri', null))) {
         throw new InvalidRequest('redirect_uri');
     }
     $client = $this->clientRepository->find($clientId, $clientSecret, $this->getIdentifier(), $redirectUri);
     if (!$client instanceof Client) {
         throw new InvalidClient();
     }
     $authCode = $this->authorizationCodeRepository->find($request->get('code'));
     if (!$authCode instanceof AuthorizationCodeEntity) {
         throw new InvalidRequest('code');
     }
     if ($authCode->isExpired()) {
         throw new InvalidRequest('code');
     }
     if ($authCode->getRedirectUri() != $redirectUri) {
         throw new InvalidRequest('redirect_uri');
     }
     //
     //
     $ttl = $this->config->getAccessTokenTtl();
     $accessToken = $this->accessTokenRepository->create(SecureKey::generate(), $ttl + time(), $authCode->getOauthableId(), $authCode->getOauthableType(), $authCode->getClientId(), $authCode->getScopeNames());
     $this->authorizationCodeRepository->delete($authCode);
     unset($authCode);
     $tokenStrategy = $this->config->getTokenStrategy();
     if ($this->config->hasGrantType('refresh_token')) {
         $refreshToken = $this->refreshTokenRepository->create(SecureKey::generate(), $this->config->getRefreshTokenTtl() + time(), $accessToken->getOauthableId(), $accessToken->getOauthableType(), $accessToken->getClientId(), $accessToken->getScopeNames());
         $this->refreshTokenRepository->persist($refreshToken);
         $accessToken->setRefreshTokenId($refreshToken->getId());
         $tokenStrategy->setParam('refresh_token', $refreshToken->getId());
     }
     $this->accessTokenRepository->persist($accessToken);
     $tokenStrategy->setParam('access_token', $accessToken->getId());
     $tokenStrategy->setParam('expires_in', $ttl);
     return $tokenStrategy->generateResponse();
 }