Exemple #1
0
 /**
  * @param OAuth2 $client
  */
 protected function onAuthSuccess($client)
 {
     $attributes = $client->getUserAttributes();
     $identity = new UserIdentity($attributes);
     if (Yii::$app->user->login($identity, $client->getAccessToken()->getExpireDuration())) {
         $identity->sid = $client->sessionId;
         $identity->saveToSession();
     }
 }
Exemple #2
0
 /**
  * @inheritdoc
  */
 public function run()
 {
     $token = Yii::$app->request->get('token');
     $authClient = OAuth2::getInstance();
     if ($authClient) {
         $payload = $authClient->verifyAndDecodeToken($token, false);
         $authClient->saveRevokedToken($token, $payload);
     }
 }
Exemple #3
0
 /**
  * @param $user User
  * @param $request Request
  * @param $response Response
  * @return bool|null
  * @throws \yii\web\UnauthorizedHttpException
  */
 public function authenticate($user, $request, $response)
 {
     $authHeader = $request->getHeaders()->get('Authorization');
     if ($authHeader !== null && preg_match("/^Basic\\s+(.*?)\$/", $authHeader, $matches)) {
         /** @var OAuth2|null $authClient */
         $authClient = OAuth2::getInstance();
         if ($authClient) {
             /** @var String $authString */
             $authString = base64_encode($authClient->clientRSId . ":" . $authClient->clientRSSecret);
             if (strcmp($matches[1], $authString) == 0) {
                 return true;
             } else {
                 $this->handleFailure($response);
             }
         }
     }
     return null;
 }
Exemple #4
0
 /**
  * Finds an identity by the given token.
  * @param mixed $token the token to be looked for
  * @param mixed $type the type of the token. The value of this parameter depends on the implementation.
  * For example, [[\yii\filters\auth\HttpBearerAuth]] will set this parameter to be `yii\filters\auth\HttpBearerAuth`.
  * @return IdentityInterface the identity object that matches the given token.
  * Null should be returned if such an identity cannot be found
  * or the identity is not in an active state (disabled, deleted, etc.)
  */
 public static function findIdentityByAccessToken($token, $type = null)
 {
     if (OAuth2::getInstance()) {
         $rawPayload = OAuth2::getInstance()->verifyAndDecodeToken($token);
         if (!empty($rawPayload) && property_exists($rawPayload, 'sub')) {
             $payload = new OAuthTokenPayload($rawPayload);
             return new UserIdentity((array) $payload);
         }
     }
     return null;
 }