public function getApprovals(Request $request, UserInfoInterface $userInfo) { $approvals = $this->db->getApprovals($userInfo->getUserId()); $response = new Response(); $response->setBody($this->templateManager->render('approvals', array('approvals' => $approvals))); return $response; }
public function getClients() { $clients = $this->db->getClients(); $response = new Response(); $response->setBody($this->templateManager->render('clients', array('clients' => $clients))); return $response; }
* Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ require_once dirname(__DIR__) . '/vendor/autoload.php'; use fkooman\Rest\Service; use fkooman\Http\Response; use fkooman\Http\Session; $session = new Session('foo'); $service = new Service(); $service->get('/', function () { $response = new Response(200, 'text/plain'); $response->setBody('Welcome!'); return $response; }); $service->get('/:key', function ($key) use($session) { $newCount = $session->has($key) ? $session->get($key) + 1 : 1; $session->set($key, $newCount); $response = new Response(200, 'text/plain'); $response->setBody(sprintf('count: %d', $newCount)); return $response; }); $service->run()->send();
public function deleteDocument(Request $request, TokenInfo $tokenInfo) { $path = new Path($request->getUrl()->getPathInfo()); if ($path->getUserId() !== $tokenInfo->getUserId()) { throw new ForbiddenException('path does not match authorized subject'); } if (!$this->hasWriteScope($tokenInfo->getScope(), $path->getModuleName())) { throw new ForbiddenException('path does not match authorized scope'); } // need to get the version before the delete $documentVersion = $this->remoteStorage->getVersion($path); $ifMatch = $this->stripQuotes($request->getHeader('If-Match')); // if document does not exist, and we have If-Match header set we should // return a 412 instead of a 404 if (null !== $ifMatch && !in_array($documentVersion, $ifMatch)) { throw new PreconditionFailedException('version mismatch'); } if (null === $documentVersion) { throw new NotFoundException(sprintf('document "%s" not found', $path->getPath())); } $ifMatch = $this->stripQuotes($request->getHeader('If-Match')); if (null !== $ifMatch && !in_array($documentVersion, $ifMatch)) { throw new PreconditionFailedException('version mismatch'); } $x = $this->remoteStorage->deleteDocument($path, $ifMatch); $rsr = new Response(); $rsr->setHeader('ETag', '"' . $documentVersion . '"'); $rsr->setBody($x); return $rsr; }
private function addNoCache(Response &$response) { $response->setHeader('Expires', 0); $response->setHeader('Cache-Control', 'no-cache'); }
public function getAuthorization(Request $request, UserInfoInterface $userInfo) { $authorizeRequest = new AuthorizeRequest($request); $clientId = $authorizeRequest->getClientId(); $responseType = $authorizeRequest->getResponseType(); $redirectUri = $authorizeRequest->getRedirectUri(); $scope = $authorizeRequest->getScope(); $state = $authorizeRequest->getState(); $clientData = $this->storage->getClient($clientId); if (false === $clientData) { throw new BadRequestException('client not registered'); } if (null === $redirectUri) { $redirectUri = $clientData->getRedirectUri(); } else { if (!$clientData->verifyRedirectUri($redirectUri, $this->allowRegExpRedirectUriMatch)) { throw new BadRequestException('specified redirect_uri not the same as registered redirect_uri'); } // we now use the provided redirect_uri... } if ($responseType !== $clientData->getType()) { return new ClientResponse($clientData, $request, $redirectUri, array('error' => 'unsupported_response_type', 'error_description' => 'response_type not supported by client profile')); } $scopeObj = new Scope($scope); $allowedScopeObj = new Scope($clientData->getAllowedScope()); if (!$scopeObj->hasOnlyScope($allowedScopeObj)) { return new ClientResponse($clientData, $request, $redirectUri, array('error' => 'invalid_scope', 'error_description' => 'not authorized to request this scope')); } if ($clientData->getDisableUserConsent()) { // we do not require approval by the user, add implicit approval $this->addApproval($clientData, $userInfo->getUserId(), $scope); } $approval = $this->storage->getApprovalByResourceOwnerId($clientId, $userInfo->getUserId()); $approvedScopeObj = new Scope($approval['scope']); if (false === $approval || false === $scopeObj->hasOnlyScope($approvedScopeObj)) { // we do not yet have an approval at all, or client wants more // permissions, so we ask the user for approval $response = new Response(); $response->setBody($this->templateManager->render('askAuthorization', array('resourceOwnerId' => $userInfo->getUserId(), 'sslEnabled' => 'https' === $request->getUrl()->getScheme(), 'contactEmail' => $clientData->getContactEmail(), 'scopes' => $scopeObj->toArray(), 'clientName' => $clientData->getName(), 'clientId' => $clientData->getId(), 'clientDescription' => $clientData->getDescription()))); return $response; } else { // we already have approval if ('token' === $responseType) { // implicit grant // FIXME: return existing access token if it exists for this exact client, resource owner and scope? $accessToken = $this->io->getRandomHex(); $this->storage->storeAccessToken($accessToken, $this->io->getTime(), $clientId, $userInfo->getUserId(), $scope, $this->accessTokenExpiry); return new ClientResponse($clientData, $request, $redirectUri, array('access_token' => $accessToken, 'expires_in' => $this->accessTokenExpiry, 'token_type' => 'bearer', 'scope' => $scope)); } else { // authorization code grant $authorizationCode = $this->io->getRandomHex(); $this->storage->storeAuthorizationCode($authorizationCode, $userInfo->getUserId(), $this->io->getTime(), $clientId, $authorizeRequest->getRedirectUri(), $scope); return new ClientResponse($clientData, $request, $redirectUri, array('code' => $authorizationCode)); } } }
private function executeCallback(Request $request, Route $route, array $availableRouteCallbackParameters) { if (null !== $this->pluginRegistry) { $pluginResponse = $this->pluginRegistry->run($request, $route); if ($pluginResponse instanceof Response) { // received Response from plugin, return this immediately return $pluginResponse; } $availableRouteCallbackParameters = array_merge($availableRouteCallbackParameters, $pluginResponse); } $availableRouteCallbackParameters[get_class($request)] = $request; $response = $route->executeCallback($availableRouteCallbackParameters); if (!$response instanceof Response) { // if the response is a string, we assume it needs to be sent back // to the client as text/html if (!is_string($response)) { throw new RuntimeException('callback return value must be Response object or string'); } $htmlResponse = new Response(); $htmlResponse->setBody($response); return $htmlResponse; } return $response; }