/**
  * {@inheritdoc}
  */
 public function validateAuthorization(\Phalcon\Http\RequestInterface $request)
 {
     if (!$request->getHeader('authorization')) {
         throw OAuthServerException::accessDenied('Missing "Authorization" header');
     }
     $header = $request->getHeader('authorization');
     $jwt = trim(preg_replace('/^(?:\\s+)?Bearer\\s/', '', $header));
     try {
         // Attempt to parse and validate the JWT
         $token = (new Parser())->parse($jwt);
         if ($token->verify(new Sha256(), $this->publicKey->getKeyPath()) === false) {
             throw OAuthServerException::accessDenied('Access token could not be verified');
         }
         // Ensure access token hasn't expired
         $data = new ValidationData();
         $data->setCurrentTime(time());
         if ($token->validate($data) === false) {
             throw OAuthServerException::accessDenied('Access token is invalid');
         }
         // Check if token has been revoked
         if ($this->accessTokenRepository->isAccessTokenRevoked($token->getClaim('jti'))) {
             throw OAuthServerException::accessDenied('Access token has been revoked');
         }
         // Return the response with additional attributes
         $response = ['oauth_access_token_id' => $token->getClaim('jti'), 'oauth_client_id' => $token->getClaim('aud'), 'oauth_user_id' => $token->getClaim('sub'), 'oauth_scopes' => $token->getClaim('scopes')];
         return $response;
     } catch (\InvalidArgumentException $exception) {
         // JWT couldn't be parsed so return the request as is
         throw OAuthServerException::accessDenied($exception->getMessage());
     }
 }
Exemple #2
0
 public function init()
 {
     if (!static::HEADER) {
         $msg = get_class() . " constant 'HEADER' is not defined";
         throw new \LogicException($msg);
     }
     $this->_content = $this->_request->getHeader(static::HEADER);
 }
Exemple #3
0
 /**
  * Find token from http request, token may be in http header or url query
  * If find both, use http header priority
  * @param RequestInterface $request
  * @return string
  */
 public static function discoverToken(RequestInterface $request, $useCookie = true)
 {
     if ($token = $request->getQuery(TokenStorage::AUTH_QUERY_KEY, 'string')) {
         return $token;
     }
     //For apache
     if (function_exists('getallheaders')) {
         $headers = getallheaders();
         if (!isset($headers[TokenStorage::AUTH_HEADER_KEY])) {
             return '';
         }
         $token = trim($headers[TokenStorage::AUTH_HEADER_KEY]);
         $token = explode(' ', $token);
         return isset($token[1]) ? $token[1] : '';
     }
     //For nginx
     if ($token = $request->getHeader(strtoupper(TokenStorage::AUTH_HEADER_KEY))) {
         $token = trim($token);
         $token = explode(' ', $token);
         return isset($token[1]) ? $token[1] : '';
     }
     //For cookie
     $cookies = IoC::get('cookies');
     if ($cookies->has('api_key') && $useCookie) {
         $token = $cookies->get('api_key')->getValue();
         return $token;
     }
     return '';
 }
Exemple #4
0
 /**
  * Find token from http request, token may be in http header or url query
  * If find both, use http header priority
  * @param RequestInterface $request
  * @return string
  */
 public static function discoverToken(RequestInterface $request)
 {
     if ($token = $request->getQuery(TokenStorage::AUTH_QUERY_KEY, 'string')) {
         return $token;
     }
     //For apache
     if (function_exists('getallheaders')) {
         $headers = getallheaders();
         if (!isset($headers[TokenStorage::AUTH_HEADER_KEY])) {
             return '';
         }
         $token = trim($headers[TokenStorage::AUTH_HEADER_KEY]);
         $token = explode(' ', $token);
         return isset($token[1]) ? $token[1] : '';
     }
     //For nginx
     if ($token = $request->getHeader(strtoupper(TokenStorage::AUTH_HEADER_KEY))) {
         $token = trim($token);
         $token = explode(' ', $token);
         return isset($token[1]) ? $token[1] : '';
     }
     return '';
 }