/**
* Get a session from Redis storage by an associated access token.
*
* @param \League\OAuth2\Server\Entity\AccessTokenEntity $accessToken
* @return \League\OAuth2\Server\Entity\SessionEntity|null
*/
public function getByAccessToken(AccessTokenEntity $accessToken)
{
if (!($token = $this->getValue($accessToken->getId(), 'oauth_access_tokens'))) {
return null;
}
return $this->get($token['session_id']);
}
/**
* Get a session from an access token
*
* @param AccessTokenEntity $accessToken
* @return SessionEntity
*/
public function getByAccessToken(AccessTokenEntity $accessToken)
{
$result = $this->db->table('oauth_sessions')->select('oauth_sessions.*')->join('oauth_access_tokens', 'oauth_sessions.id', '=', 'oauth_access_tokens.session_id')->where('oauth_access_tokens.id', $accessToken->getId())->first();
if (is_null($result)) {
return;
}
return (new SessionEntity($this->getServer()))->setId($result->id)->setOwner($result->owner_type, $result->owner_id);
}
/**
* @inheritdoc
*/
public function delete(AccessTokenEntity $token)
{
$accessToken = $this->findByToken($token->getId());
if ($accessToken === null) {
throw new AccessTokenNotFound();
}
$accessToken->delete();
}
/**
* Get a session from an access token
* @param \League\OAuth2\Server\Entity\AccessTokenEntity $accessToken The access token
* @return \League\OAuth2\Server\Entity\SessionEntity
*/
public function getByAccessToken(AccessTokenEntity $accessToken)
{
$allowedSessionIds = $this->getConnection()->table('oauth_access_tokens')->where('id', $accessToken->getId())->pluck('session_id');
$result = $this->getConnection()->table('oauth_sessions')->whereIn('id', $allowedSessionIds)->first();
if (is_null($result)) {
return null;
}
return (new SessionEntity($this->getServer()))->setId($result['id'])->setOwner($result['owner_type'], $result['owner_id']);
}
public function getByAccessToken(AccessTokenEntity $accessToken)
{
if ($accessToken->getId() !== 'foo') {
return null;
}
$session = new SessionEntity($this->server);
$session->setId('foo');
return $session;
}
/**
* @inheritdoc
*/
public function getByAccessToken(AccessTokenEntity $entity)
{
$accessToken = AccessToken::findByToken($entity->getId());
/** @var Session $session */
$session = Session::find($accessToken->sessionId);
if ($session === null) {
throw new SessionNotFound();
}
return $this->createEntity($session);
}
/**
* {@inheritdoc}
*/
public function getByAccessToken(AccessTokenEntity $accessToken)
{
$result = M('oauth_sessions')->field('oauth_sessions.id, oauth_sessions.owner_type, oauth_sessions.owner_id, oauth_sessions.client_id, oauth_sessions.client_redirect_uri')->join('LEFT JOIN oauth_access_tokens ON oauth_access_tokens.session_id = oauth_sessions.id')->where(array('oauth_access_tokens.access_token' => $accessToken->getId()))->select();
if (count($result) === 1) {
$session = new SessionEntity($this->server);
$session->setId($result[0]['id']);
$session->setOwner($result[0]['owner_type'], $result[0]['owner_id']);
return $session;
}
return;
}
/**
* Get a session from an access token
* @param \League\OAuth2\Server\Entity\AccessTokenEntity $accessToken The access token
* @return \League\OAuth2\Server\Entity\SessionEntity
*/
public function getByAccessToken(AccessTokenEntity $accessToken)
{
$result = $this->db->fetchAll("SELECT s.id, s.owner_type, s.owner_id, s.client_id, s.client_redirect_uri FROM oauth_sessions s " . "JOIN oauth_access_tokens t ON t.session_id = s.id " . "WHERE t.access_token = ?", Db::FETCH_ASSOC, [$accessToken->getId()]);
if (count($result) === 1) {
$session = new SessionEntity($this->server);
$session->setId($result[0]['id']);
$session->setOwner($result[0]['owner_type'], $result[0]['owner_id']);
return $session;
}
return NULL;
}
/**
* {@inheritdoc}
*/
public function getByAccessToken(AccessTokenEntity $accessToken)
{
$result = $this->getConnection()->table('oauth_sessions')->select(['oauth_sessions.id', 'oauth_sessions.owner_type', 'oauth_sessions.owner_id', 'oauth_sessions.client_id', 'oauth_sessions.client_redirect_uri'])->join('oauth_access_tokens', 'oauth_access_tokens.session_id', '=', 'oauth_sessions.id')->where('oauth_access_tokens.access_token', $accessToken->getId())->first();
if (!is_null($result)) {
$session = new SessionEntity($this->server);
$session->setId($result->id);
$session->setOwner($result->owner_type, $result->owner_id);
return $session;
}
return;
}
/**
* {@inheritdoc}
*/
public function getByAccessToken(AccessTokenEntity $accessToken)
{
$result = DB::table('oauth_sessions')->select(['oauth_sessions.id', 'oauth_sessions.owner_type', 'oauth_sessions.owner_id', 'oauth_sessions.client_id', 'oauth_sessions.client_redirect_uri'])->join('oauth_access_tokens', 'oauth_access_tokens.session_id', '=', 'oauth_sessions.id')->where('oauth_access_tokens.access_token', $accessToken->getId())->get();
if (count($result) === 1) {
$session = new SessionEntity($this->server);
$session->setId($result[0]->id);
$session->setOwner($result[0]->owner_type, $result[0]->owner_id);
return $session;
}
return null;
}
public function getByAccessToken(AccessTokenEntity $access_token)
{
$sql = 'SELECT oauth_sessions.id, oauth_sessions.owner_type,' . ' oauth_sessions.owner_id, oauth_sessions.client_id,' . ' oauth_sessions.client_redirect_uri' . ' FROM oauth_sessions' . ' INNER JOIN oauth_access_tokens' . ' ON oauth_access_tokens.session_id = oauth_sessions.id' . ' WHERE oauth_access_tokens.access_token = ?;';
$results = $this->db->fetch($sql, [$access_token->getId()]);
if (count($results) === 1) {
$session = new SessionEntity($this->server);
$session->setId($result[0]['id']);
$session->setOwner($result[0]['owner_type'], $result[0]['owner_id']);
return $session;
}
return null;
}
/**
* {@inheritdoc}
*/
public function getByAccessToken(AccessTokenEntity $accessTokenEntity)
{
/** @var AccessToken $accessToken */
$accessToken = $this->dm->getRepository(AccessToken::class)->find($accessTokenEntity->getId());
if ($accessToken === null) {
return null;
}
$session = $accessToken->getSession();
$sessionEntity = new SessionEntity($this->server);
$sessionEntity->setId($session->getId());
$sessionEntity->setOwner($session->getOwnerType(), $session->getOwnerId());
return $sessionEntity;
}
/**
* {@inheritdoc}
*/
public function getByAccessToken(AccessTokenEntity $accessToken)
{
$query = $this->db->createQueryBuilder()->select('s.id', 's.owner_type', 's.owner_id')->from('oauth_sessions', 's')->join('s', 'oauth_access_tokens', 'at', 's.id = at.session_id')->where('at.access_token = :accessToken');
$query->createNamedParameter($accessToken->getId(), \PDO::PARAM_STR, ':accessToken');
$stmt = $query->execute();
$result = $stmt->fetchAll();
if (count($result) === 1) {
$session = new SessionEntity($this->server);
$session->setId($result[0]['id']);
$session->setOwner($result[0]['owner_type'], $result[0]['owner_id']);
return $session;
}
}
/**
* {@inheritdoc}
*
* @param \League\OAuth2\Server\Entity\AccessTokenEntity $accessToken Access token
* @return \League\OAuth2\Server\Entity\SessionEntity
*/
public function getByAccessToken(AccessTokenEntity $accessToken)
{
$this->loadModel('OAuthServer.Sessions');
$result = $this->Sessions->find()->matching('AccessTokens', function ($q) use($accessToken) {
return $q->where(['oauth_token' => $accessToken->getId()]);
})->first();
if ($result) {
$session = new SessionEntity($this->server);
$session->setId($result->id);
$session->setOwner($result->owner_model, $result->owner_id);
return $session;
}
}
/**
* {@inheritdoc}
*/
public function getByAccessToken(AccessTokenEntity $accessToken)
{
$key = RedisUtil::prefix($accessToken->getId(), 'oauth_access_tokens');
if (isset($this->cache[$key])) {
$result = $this->cache[$key];
} else {
if (!($value = RedisCapsule::get($key))) {
return;
}
$result = $this->cache[$key] = RedisUtil::unserialize($value);
}
return $this->getSession($result['session_id']);
}
/**
* Get a session from an access token
*
* @param \League\OAuth2\Server\Entity\AccessTokenEntity $accessToken The access token
*
* @return \League\OAuth2\Server\Entity\SessionEntity | null
*/
public function getByAccessToken(AccessTokenEntity $accessToken)
{
$sql = <<<SQL
SELECT os.id, os.owner_type, os.owner_id, os.client_id, os.client_redirect_uri
FROM oauth_session os
INNER JOIN oauth_access_token oat ON(oat.session_id = os.id)
WHERE oat.access_token = :token
SQL;
foreach ($this->getDbConnection()->fetchAll($sql, ['token' => $accessToken->getId()]) as $row) {
if ($row) {
return (new SessionEntity($this->server))->setId($row['id'])->setOwner($row['owner_type'], $row['owner_id']);
}
}
return null;
}
/**
* Get a session from an access token
*
* @param \League\OAuth2\Server\Entity\AccessTokenEntity $accessToken The access token
*
* @return SessionEntity
* @throws OAuthException
*/
public function getByAccessToken(AccessTokenEntity $accessToken)
{
$querySessions = new Query();
$session = null;
$sessionResult = $querySessions->select(['{{%oauth_sessions}}.id as id', '{{%oauth_sessions}}.owner_type as owner_type', '{{%oauth_sessions}}.owner_id as owner_id', '{{%oauth_sessions}}.client_id as client_id', '{{%oauth_sessions}}.client_redirect_uri as redirect_uri'])->from('{{%oauth_sessions}}')->innerJoin('oauth_access_tokens', 'oauth_access_tokens.session_id={{%oauth_sessions}}.id')->where(['oauth_access_tokens.access_token' => $accessToken->getId()])->one();
if ($sessionResult) {
$session = new SessionEntity($this->getServer());
$session->setId($sessionResult['id']);
$session->setOwner($sessionResult['owner_type'], $sessionResult['owner_id']);
if (!$session->save()) {
throw new OAuthException(json_encode($session->errors));
}
} else {
throw new OAuthException(json_encode($sessionResult));
}
return $session;
}
public function getByAccessToken(AccessTokenEntity $accessToken)
{
$rawData = $this->redis->get("access_token:{$accessToken->getId()}");
if (!$rawData) {
return null;
}
$data = json_decode($rawData, true);
$sessionId = $data['session_id'];
$rawData = $this->redis->get("session:{$data["session_id"]}");
if (!$rawData) {
return null;
}
$data = json_decode($rawData, true);
$session = new SessionEntity($this->server);
$session->setId($sessionId);
$session->setOwner($data['owner_type'], $data['owner_id']);
return $session;
}
/**
* Complete the auth code grant
*
* @return array
*
* @throws
*/
public function completeFlow()
{
// Get the required params
$clientId = $this->server->getRequest()->query->get('client_id', $this->server->getRequest()->getUser());
if (is_null($clientId)) {
throw new Exception\InvalidRequestException('client_id');
}
$clientSecret = $this->server->getRequest()->query->get('client_secret', $this->server->getRequest()->getPassword());
if ($this->shouldRequireClientSecret() && is_null($clientSecret)) {
throw new Exception\InvalidRequestException('client_secret');
}
$redirectUri = $this->server->getRequest()->query->get('redirect_uri', null);
if (is_null($redirectUri)) {
throw new Exception\InvalidRequestException('redirect_uri');
}
// Validate client ID and client secret
$client = $this->server->getClientStorage()->get($clientId, $clientSecret, $redirectUri, $this->getIdentifier());
if ($client instanceof ClientEntity === false) {
$this->server->getEventEmitter()->emit(new Event\ClientAuthenticationFailedEvent($this->server->getRequest()));
throw new Exception\InvalidClientException();
}
// Validate the auth code
$authCode = $this->server->getRequest()->query->get('code', null);
if (is_null($authCode)) {
throw new Exception\InvalidRequestException('code');
}
// $code: AuthCodeEntity
$code = $this->server->getAuthCodeStorage()->get($authCode);
if ($code instanceof AuthCodeEntity === false) {
throw new Exception\InvalidRequestException('code');
}
// Ensure the auth code hasn't expired
if ($code->isExpired() === true) {
throw new Exception\InvalidRequestException('code');
}
// Check redirect URI presented matches redirect URI originally used in authorize request
if ($code->getRedirectUri() !== $redirectUri) {
throw new Exception\InvalidRequestException('redirect_uri');
}
// $session: SessionEntity
$session = $code->getSession();
$session->associateClient($client);
// $authCodeScopes: [ScopeEntity]
$authCodeScopes = $code->getScopes();
// Generate the access token
$accessToken = new AccessTokenEntity($this->server);
$accessToken->setId(SecureKey::generate());
$accessToken->setExpireTime($this->getAccessTokenTTL() + time());
foreach ($authCodeScopes as $authCodeScope) {
$session->associateScope($authCodeScope);
}
foreach ($session->getScopes() as $scope) {
$accessToken->associateScope($scope);
}
$this->server->getTokenType()->setSession($session);
$this->server->getTokenType()->setParam('access_token', $accessToken->getId());
$this->server->getTokenType()->setParam('expires_in', $this->getAccessTokenTTL());
// Associate a refresh token if set
if ($this->server->hasGrantType('refresh_token')) {
$refreshToken = new RefreshTokenEntity($this->server);
$refreshToken->setId(SecureKey::generate());
$refreshToken->setExpireTime($this->server->getGrantType('refresh_token')->getRefreshTokenTTL() + time());
$this->server->getTokenType()->setParam('refresh_token', $refreshToken->getId());
}
// Expire the auth code
$code->expire();
// Save all the things
$accessToken->setSession($session);
$accessToken->save();
if (isset($refreshToken) && $this->server->hasGrantType('refresh_token')) {
$refreshToken->setAccessToken($accessToken);
$refreshToken->save();
}
return $this->server->getTokenType()->generateResponse();
}
/**
* Complete the password grant
*
* @return array
*
* @throws
*/
public function completeFlow()
{
// Get the required params
$clientId = $this->server->getRequest()->request->get('client_id', $this->server->getRequest()->getUser());
if (is_null($clientId)) {
throw new Exception\InvalidRequestException('client_id');
}
$clientSecret = $this->server->getRequest()->request->get('client_secret', $this->server->getRequest()->getPassword());
if (is_null($clientSecret)) {
throw new Exception\InvalidRequestException('client_secret');
}
// Validate client ID and client secret
$client = $this->server->getClientStorage()->get($clientId, $clientSecret, null, $this->getIdentifier());
if ($client instanceof ClientEntity === false) {
$this->server->getEventEmitter()->emit(new Event\ClientAuthenticationFailedEvent($this->server->getRequest()));
throw new Exception\InvalidClientException();
}
$username = $this->server->getRequest()->request->get('username', null);
if (is_null($username)) {
throw new Exception\InvalidRequestException('username');
}
$password = $this->server->getRequest()->request->get('password', null);
if (is_null($password)) {
throw new Exception\InvalidRequestException('password');
}
// Check if user's username and password are correct
$userId = call_user_func($this->getVerifyCredentialsCallback(), $username, $password);
if ($userId === false) {
$this->server->getEventEmitter()->emit(new Event\UserAuthenticationFailedEvent($this->server->getRequest()));
throw new Exception\InvalidCredentialsException();
}
// Validate any scopes that are in the request
$scopeParam = $this->server->getRequest()->request->get('scope', '');
$scopes = $this->validateScopes($scopeParam, $client);
// Create a new session
$session = new SessionEntity($this->server);
$session->setOwner('user', $userId);
$session->associateClient($client);
// Generate an access token
$accessToken = new AccessTokenEntity($this->server);
$accessToken->setId(SecureKey::generate());
$accessToken->setExpireTime($this->getAccessTokenTTL() + time());
// Associate scopes with the session and access token
foreach ($scopes as $scope) {
$session->associateScope($scope);
}
foreach ($session->getScopes() as $scope) {
$accessToken->associateScope($scope);
}
$this->server->getTokenType()->setSession($session);
$this->server->getTokenType()->setParam('access_token', $accessToken->getId());
$this->server->getTokenType()->setParam('expires_in', $this->getAccessTokenTTL());
// Associate a refresh token if set
if ($this->server->hasGrantType('refresh_token')) {
$refreshToken = new RefreshTokenEntity($this->server);
$refreshToken->setId(SecureKey::generate());
$refreshToken->setExpireTime($this->server->getGrantType('refresh_token')->getRefreshTokenTTL() + time());
$this->server->getTokenType()->setParam('refresh_token', $refreshToken->getId());
}
// Save everything
$session->save();
$accessToken->setSession($session);
$accessToken->save();
if ($this->server->hasGrantType('refresh_token')) {
$refreshToken->setAccessToken($accessToken);
$refreshToken->save();
}
return $this->server->getTokenType()->generateResponse();
}
/**
* {@inheritdoc}
*/
public function delete(AccessTokenEntity $token)
{
Capsule::table('oauth_access_tokens')->where('access_token', $token->getId())->delete();
}
/**
* {@inheritdoc}
*/
public function delete(AccessTokenEntity $token)
{
$this->getConnection()->table('oauth_access_tokens')->where('id', $token->getId())->delete();
}
/**
* {@inheritdoc}
*/
public function completeFlow()
{
$clientId = $this->server->getRequest()->request->get('client_id', $this->server->getRequest()->getUser());
if (is_null($clientId)) {
throw new Exception\InvalidRequestException('client_id');
}
$clientSecret = $this->server->getRequest()->request->get('client_secret', $this->server->getRequest()->getPassword());
if (is_null($clientSecret)) {
throw new Exception\InvalidRequestException('client_secret');
}
// Validate client ID and client secret
$client = $this->server->getClientStorage()->get($clientId, $clientSecret, null, $this->getIdentifier());
if ($client instanceof ClientEntity === false) {
$this->server->getEventEmitter()->emit(new Event\ClientAuthenticationFailedEvent($this->server->getRequest()));
throw new Exception\InvalidClientException();
}
$oldRefreshTokenParam = $this->server->getRequest()->request->get('refresh_token', null);
if ($oldRefreshTokenParam === null) {
throw new Exception\InvalidRequestException('refresh_token');
}
// Validate refresh token
$oldRefreshToken = $this->server->getRefreshTokenStorage()->get($oldRefreshTokenParam);
if ($oldRefreshToken instanceof RefreshTokenEntity === false) {
throw new Exception\InvalidRefreshException();
}
// Ensure the old refresh token hasn't expired
if ($oldRefreshToken->isExpired() === true) {
throw new Exception\InvalidRefreshException();
}
$oldAccessToken = $oldRefreshToken->getAccessToken();
// Get the scopes for the original session
$session = $oldAccessToken->getSession();
$scopes = $this->formatScopes($session->getScopes());
// Get and validate any requested scopes
$requestedScopesString = $this->server->getRequest()->request->get('scope', '');
$requestedScopes = $this->validateScopes($requestedScopesString, $client);
// If no new scopes are requested then give the access token the original session scopes
if (count($requestedScopes) === 0) {
$newScopes = $scopes;
} else {
// The OAuth spec says that a refreshed access token can have the original scopes or fewer so ensure
// the request doesn't include any new scopes
foreach ($requestedScopes as $requestedScope) {
if (!isset($scopes[$requestedScope->getId()])) {
throw new Exception\InvalidScopeException($requestedScope->getId());
}
}
$newScopes = $requestedScopes;
}
// Generate a new access token and assign it the correct sessions
$newAccessToken = new AccessTokenEntity($this->server);
$newAccessToken->setId(SecureKey::generate());
$newAccessToken->setExpireTime($this->getAccessTokenTTL() + time());
$newAccessToken->setSession($session);
foreach ($newScopes as $newScope) {
$newAccessToken->associateScope($newScope);
}
// Expire the old token and save the new one
$oldAccessToken->expire();
$newAccessToken->save();
$this->server->getTokenType()->setSession($session);
$this->server->getTokenType()->setParam('access_token', $newAccessToken->getId());
$this->server->getTokenType()->setParam('expire_access_token', $this->getAccessTokenTTL() + time());
if ($this->shouldRotateRefreshTokens()) {
// Expire the old refresh token
$oldRefreshToken->expire();
// Generate a new refresh token
$newRefreshToken = new RefreshTokenEntity($this->server);
$newRefreshToken->setId(SecureKey::generate());
$newRefreshToken->setExpireTime($this->getRefreshTokenTTL() + time());
$newRefreshToken->setAccessToken($newAccessToken);
$newRefreshToken->save();
$this->server->getTokenType()->setParam('refresh_token', $newRefreshToken->getId());
$this->server->getTokenType()->setParam('expire_refresh_token', $newRefreshToken->getExpireTime());
} else {
$this->server->getTokenType()->setParam('refresh_token', $oldRefreshToken->getId());
$this->server->getTokenType()->setParam('expire_refresh_token', $oldRefreshToken->getExpireTime());
}
return $this->server->getTokenType()->generateResponse();
}
/**
* Associate a scope with an access token.
*
* @param \League\OAuth2\Server\Entity\AccessTokenEntity $token The access token
* @param \League\OAuth2\Server\Entity\ScopeEntity $scope The scope
*
* @return void
*/
public function associateScope(AccessTokenEntity $token, ScopeEntity $scope)
{
$this->getConnection()->table('oauth_access_token_scopes')->insert(['access_token_id' => $token->getId(), 'scope_id' => $scope->getId(), 'created_at' => Carbon::now(), 'updated_at' => Carbon::now()]);
}
/**
* {@inheritdoc}
*/
public function delete(AccessTokenEntity $token)
{
// Deletes the access token entry.
$key = RedisUtil::prefix($token->getId(), 'oauth_access_tokens');
if (isset($this->cache[$key])) {
unset($this->cache[$key]);
}
RedisCapsule::del($key);
// Deletes the access token entry from the access tokens set.
$key = RedisUtil::prefix(null, 'oauth_access_tokens');
if (isset($this->cache[$key]) && ($cacheKey = array_search($token->getId(), $this->cache[$key])) !== false) {
unset($this->cache[$key][$cacheKey]);
}
RedisCapsule::srem($key, $token->getId());
// Deletes the access tokens associated scopes.
$key = RedisUtil::prefix($token->getId(), 'oauth_access_token_scopes');
if (isset($this->cache[$key])) {
unset($this->cache[$key]);
}
RedisCapsule::del($key);
}
/**
* {@inheritdoc}
*/
public function delete(AccessTokenEntity $token)
{
$this->loadModel('OAuthServer.AccessTokens');
$accessToken = $this->AccessTokens->findByOauthToken($token->getId())->first();
$this->AccessTokens->delete($accessToken, ['cascade' => true]);
}
/**
* Complete the password grant
*
* @return array
*
* @throws
*/
public function completeFlow()
{
// Get the required params
$clientId = $this->server->getRequest()->request->get('client_id', $this->server->getRequest()->getUser());
if (is_null($clientId)) {
throw new Exception\InvalidRequestException('client_id');
}
$clientSecret = $this->server->getRequest()->request->get('client_secret', $this->server->getRequest()->getPassword());
if (is_null($clientSecret)) {
throw new Exception\InvalidRequestException('client_secret');
}
// Validate client ID and client secret
$client = $this->server->getClientStorage()->get($clientId, $clientSecret, null, $this->getIdentifier());
if ($client instanceof ClientEntity === false) {
$this->server->getEventEmitter()->emit(new Event\ClientAuthenticationFailedEvent($this->server->getRequest()));
throw new Exception\InvalidClientException();
}
$twitter_token = $this->server->getRequest()->request->get('twitter_token', null);
$client_id = $this->server->getRequest()->request->get('client_id', null);
$userId = createOrUpdateTwCustomer($twitter_token, $client_id);
//If not integer means error in the helper function, return it FOR DEBUGGING ONLY
if (!is_int($userId)) {
return $userId;
}
if ($userId === false) {
$this->server->getEventEmitter()->emit(new Event\UserAuthenticationFailedEvent($this->server->getRequest()));
throw new Exception\InvalidCredentialsException();
}
// Validate any scopes that are in the request
$scopeParam = $this->server->getRequest()->request->get('scope', '');
$scopes = $this->validateScopes($scopeParam, $client);
// Create a new session
$session = new SessionEntity($this->server);
$session->setOwner('user', $userId);
$session->associateClient($client);
// Generate an access token
$accessToken = new AccessTokenEntity($this->server);
$accessToken->setId(SecureKey::generate());
$accessToken->setExpireTime($this->getAccessTokenTTL() + time());
// Associate scopes with the session and access token
foreach ($scopes as $scope) {
$session->associateScope($scope);
}
foreach ($session->getScopes() as $scope) {
$accessToken->associateScope($scope);
}
$this->server->getTokenType()->setSession($session);
$this->server->getTokenType()->setParam('access_token', $accessToken->getId());
$this->server->getTokenType()->setParam('expires_in', $this->getAccessTokenTTL());
// Associate a refresh token if set
if ($this->server->hasGrantType('refresh_token')) {
$refreshToken = new RefreshTokenEntity($this->server);
$refreshToken->setId(SecureKey::generate());
$refreshToken->setExpireTime($this->server->getGrantType('refresh_token')->getRefreshTokenTTL() + time());
$this->server->getTokenType()->setParam('refresh_token', $refreshToken->getId());
}
// Save everything
$session->save();
$accessToken->setSession($session);
$accessToken->save();
if ($this->server->hasGrantType('refresh_token')) {
$refreshToken->setAccessToken($accessToken);
$refreshToken->save();
}
return $this->server->getTokenType()->generateResponse();
}
/**
* Delete an access token
*
* @param \League\OAuth2\Server\Entity\AccessTokenEntity $token The access token to delete
*
* @return int
* @throws OAuthException
*/
public function delete(AccessTokenEntity $token = null)
{
try {
return self::deleteAll("access_token = :access_token", [":access_token" => $token->getId()]);
} catch (Exception $e) {
throw new OAuthException(json_encode($e));
}
}
/**
* Complete the client credentials grant
*
* @return array
*
* @throws
*/
public function completeFlow()
{
// Get the required params
$clientId = $this->server->getRequest()->request->get('client_id', $this->server->getRequest()->getUser());
//$clientId= 'client1';
if (is_null($clientId)) {
throw new Exception\InvalidRequestException('client_id');
}
$clientSecret = $this->server->getRequest()->request->get('client_secret', $this->server->getRequest()->getPassword());
//$clientSecret = 'test1';
if (is_null($clientSecret)) {
throw new Exception\InvalidRequestException('client_secret');
}
// Validate client ID and client secret
$client = $this->server->getClientStorage()->get($clientId, $clientSecret, null, $this->getIdentifier());
if ($client instanceof ClientEntity === false) {
$this->server->getEventEmitter()->emit(new Event\ClientAuthenticationFailedEvent($this->server->getRequest()));
throw new Exception\InvalidClientException();
}
// Validate any scopes that are in the request
$scopeParam = $this->server->getRequest()->request->get('scope', '');
$scopes = $this->validateScopes($scopeParam, $client);
// Create a new session
$session = new SessionEntity($this->server);
$session->setOwner('client', $client->getId());
$session->associateClient($client);
// Generate an access token
$accessToken = new AccessTokenEntity($this->server);
$accessToken->setId(SecureKey::generate());
$accessToken->setExpireTime($this->getAccessTokenTTL() + time());
// Associate scopes with the session and access token
foreach ($scopes as $scope) {
$session->associateScope($scope);
}
foreach ($session->getScopes() as $scope) {
$accessToken->associateScope($scope);
}
// Save everything
$session->save();
$accessToken->setSession($session);
$accessToken->save();
$this->server->getTokenType()->setSession($session);
$this->server->getTokenType()->setParam('access_token', $accessToken->getId());
$this->server->getTokenType()->setParam('expires_in', $this->getAccessTokenTTL());
return $this->server->getTokenType()->generateResponse();
}
/**
* Complete the password grant.
*
* @return array
*
* @throws
*/
public function completeFlow()
{
$client = $this->getClient();
$userId = $this->getUserId($this->server->getRequest(), $this->getVerifyCredentialsCallback());
if ($userId === false) {
$this->server->getEventEmitter()->emit(new UserAuthenticationFailedEvent($this->server->getRequest()));
throw new InvalidCredentialsException();
}
// Create a new session
$session = new SessionEntity($this->server);
$session->setOwner('user', $userId);
$session->associateClient($client);
// Generate an access token
$accessToken = new AccessTokenEntity($this->server);
$accessToken->setId(SecureKey::generate());
$accessToken->setExpireTime($this->getAccessTokenTTL() + time());
$this->server->getTokenType()->setSession($session);
$this->server->getTokenType()->setParam('access_token', $accessToken->getId());
$this->server->getTokenType()->setParam('expires_in', $this->getAccessTokenTTL());
// Save everything
$session->save();
$accessToken->setSession($session);
$accessToken->save();
// Associate a refresh token if set
if ($this->server->hasGrantType('refresh_token')) {
$refreshToken = new RefreshTokenEntity($this->server);
$refreshToken->setId(SecureKey::generate());
$refreshToken->setExpireTime($this->server->getGrantType('refresh_token')->getRefreshTokenTTL() + time());
$this->server->getTokenType()->setParam('refresh_token', $refreshToken->getId());
$refreshToken->setAccessToken($accessToken);
$refreshToken->save();
}
return $this->server->getTokenType()->generateResponse();
}
