/**
* {@inheritdoc}
*/
public function validateAuthorization(\Phalcon\Http\RequestInterface $request)
{
if (!$request->getHeader('authorization')) {
throw OAuthServerException::accessDenied('Missing "Authorization" header');
}
$header = $request->getHeader('authorization');
$jwt = trim(preg_replace('/^(?:\\s+)?Bearer\\s/', '', $header));
try {
// Attempt to parse and validate the JWT
$token = (new Parser())->parse($jwt);
if ($token->verify(new Sha256(), $this->publicKey->getKeyPath()) === false) {
throw OAuthServerException::accessDenied('Access token could not be verified');
}
// Ensure access token hasn't expired
$data = new ValidationData();
$data->setCurrentTime(time());
if ($token->validate($data) === false) {
throw OAuthServerException::accessDenied('Access token is invalid');
}
// Check if token has been revoked
if ($this->accessTokenRepository->isAccessTokenRevoked($token->getClaim('jti'))) {
throw OAuthServerException::accessDenied('Access token has been revoked');
}
// Return the response with additional attributes
$response = ['oauth_access_token_id' => $token->getClaim('jti'), 'oauth_client_id' => $token->getClaim('aud'), 'oauth_user_id' => $token->getClaim('sub'), 'oauth_scopes' => $token->getClaim('scopes')];
return $response;
} catch (\InvalidArgumentException $exception) {
// JWT couldn't be parsed so return the request as is
throw OAuthServerException::accessDenied($exception->getMessage());
}
}
public function init()
{
if (!static::HEADER) {
$msg = get_class() . " constant 'HEADER' is not defined";
throw new \LogicException($msg);
}
$this->_content = $this->_request->getHeader(static::HEADER);
}
/**
* Find token from http request, token may be in http header or url query
* If find both, use http header priority
* @param RequestInterface $request
* @return string
*/
public static function discoverToken(RequestInterface $request, $useCookie = true)
{
if ($token = $request->getQuery(TokenStorage::AUTH_QUERY_KEY, 'string')) {
return $token;
}
//For apache
if (function_exists('getallheaders')) {
$headers = getallheaders();
if (!isset($headers[TokenStorage::AUTH_HEADER_KEY])) {
return '';
}
$token = trim($headers[TokenStorage::AUTH_HEADER_KEY]);
$token = explode(' ', $token);
return isset($token[1]) ? $token[1] : '';
}
//For nginx
if ($token = $request->getHeader(strtoupper(TokenStorage::AUTH_HEADER_KEY))) {
$token = trim($token);
$token = explode(' ', $token);
return isset($token[1]) ? $token[1] : '';
}
//For cookie
$cookies = IoC::get('cookies');
if ($cookies->has('api_key') && $useCookie) {
$token = $cookies->get('api_key')->getValue();
return $token;
}
return '';
}
/**
* Find token from http request, token may be in http header or url query
* If find both, use http header priority
* @param RequestInterface $request
* @return string
*/
public static function discoverToken(RequestInterface $request)
{
if ($token = $request->getQuery(TokenStorage::AUTH_QUERY_KEY, 'string')) {
return $token;
}
//For apache
if (function_exists('getallheaders')) {
$headers = getallheaders();
if (!isset($headers[TokenStorage::AUTH_HEADER_KEY])) {
return '';
}
$token = trim($headers[TokenStorage::AUTH_HEADER_KEY]);
$token = explode(' ', $token);
return isset($token[1]) ? $token[1] : '';
}
//For nginx
if ($token = $request->getHeader(strtoupper(TokenStorage::AUTH_HEADER_KEY))) {
$token = trim($token);
$token = explode(' ', $token);
return isset($token[1]) ? $token[1] : '';
}
return '';
}
