public function execute($body, array $params)
{
// Decode the request body
$this->data = $body == "" ? [] : json_decode($body);
// Check a client id was provided
if (!array_key_exists(Headers::CLIENT_ID, $_SERVER)) {
throw new InvalidClientException();
}
// Check the auth details were provided
if (!isset($_SERVER[Headers::AUTH_USER]) || !isset($_SERVER[Headers::AUTH_TOKEN])) {
throw new AuthorizationException("Must provide authentication");
}
// Collect the request details
$this->user = UserBackend::fetch_user_profile($_SERVER[Headers::AUTH_USER]);
$this->params = $params;
$this->method = $_SERVER["REQUEST_METHOD"];
$token = Token::decode($_SERVER[Headers::AUTH_TOKEN]);
$this->clientid = Token::decode($_SERVER[Headers::CLIENT_ID]);
// If debugging we ignore auth checks
if (DEBUG) {
return parent::execute($body, $params);
}
// Validate the access token
if ($token->getType() != TOKEN_ACCESS) {
throw new AuthorizationException("Token provided is not a access token");
}
if (!TokenBackend::validate_token($this->clientid, $this->user->getUserId(), $token)) {
throw new InvalidTokenException("Token provided is not a valid access token");
}
// Handle the request
$payload = $this->handle($this->data);
$payload["client-id"] = $this->clientid->toString();
return $payload;
}
public function handle($data)
{
$this->validate_request(["user", "request-token", "password"]);
// Check to see if request token is valid
$request = Token::decode($data->{"request-token"});
$profile = UserBackend::fetch_user_profile($data->{"user"});
if ($request->getType() != TOKEN_REQUEST) {
throw new InvalidTokenException("Request token provided is not a valid request token");
}
if (!TokenBackend::validate_token($this->clientid, $profile->getUserId(), $request)) {
throw new InvalidTokenException("Request token is invalid");
}
// Remove used request token
TokenBackend::invalidate_token($this->clientid, $request);
// Check to see if username matches password
$password = $data->{"password"};
if (!UserBackend::validate_user($profile, $password)) {
throw new AuthenticationException("Invalid password for user", ["user" => $profile->toExternalForm()]);
}
// Remove any current login sessions for this user and this client
TokenBackend::clear_tokens($this->clientid, $profile->getUserId(), TOKEN_ACCESS);
TokenBackend::clear_tokens($this->clientid, $profile->getUserId(), TOKEN_REFRESH);
// create the new login session
$accessToken = TokenBackend::create_token($this->clientid, $profile->getUserId(), TOKEN_ACCESS, "1 HOUR");
$refreshToken = TokenBackend::create_token($this->clientid, $profile->getUserId(), TOKEN_REFRESH, "1 YEAR");
return ["access-token" => $accessToken->toExternalForm(3600), "refresh-token" => $refreshToken->toExternalForm(false), "profile" => $profile->toExternalForm()];
}
public function handle($data)
{
$this->validate_request(["user"]);
$profile = UserBackend::fetch_user_profile($data->{"user"});
$token = TokenBackend::create_token($this->clientid, $profile->getUserId(), TOKEN_REQUEST, "1 HOUR");
return ["user" => $profile->toExternalForm(), "request-token" => $token->toExternalForm(3600)];
}
public function handle($data)
{
$this->validate_request(["user", "token"]);
$token = Token::decode($data->{"token"});
TokenBackend::invalidate_token($this->clientid, $token);
return [];
}
public function handle($data)
{
$this->validate_request(["user", "token"]);
$userid = Token::decode($data->{"user"});
$token = Token::decode($data->{"token"});
if (!TokenBackend::validate_token($this->clientid, $userid, $token)) {
throw new ValidationFailedException("Specified token is not valid");
}
return [];
}
public function handle($data)
{
$this->validate_request(["user", "refresh-token"]);
$profile = UserBackend::fetch_user_profile($data->{"user"});
$refresh = Token::decode($data->{"refresh-token"});
if (!$refresh->getUserSecret() == $profile->getUserId()->getUserSecret()) {
throw new InvalidUserException("User provided and token do not match");
}
if (!TokenBackend::validate_token($this->clientid, $profile->getUserId(), $refresh)) {
throw new InvalidTokenException("Invalid refresh token or userid provided");
}
TokenBackend::clear_tokens($this->clientid, $profile->getUserId(), TOKEN_ACCESS);
$access = TokenBackend::create_token($this->clientid, $profile->getUserId(), TOKEN_ACCESS, "1 HOUR");
return ["user-profile" => $profile->toExternalForm(), "access-token" => ["token" => $access->toString(), "expires" => 3600]];
}