public static function getRealUri(ServerRequestInterface $request)
 {
     $uri = $request->getUri();
     if ($request->hasHeader(self::PROTO_HEADER_HEROKU)) {
         $uri = $uri->withScheme($request->getHeader(self::PROTO_HEADER_HEROKU)[0]);
     }
     if ($request->hasHeader(self::PORT_HEADER_HEROKU)) {
         $uri = $uri->withPort(intval($request->getHeader(self::PORT_HEADER_HEROKU)[0]));
     }
     return $uri;
 }
Exemple #2
0
/**
 * @param \Psr\Http\Message\ServerRequestInterface $request
 * @return \Psr\Http\Message\ResponseInterface
 * @throws \Wandu\Http\Exception\BadRequestException
 */
function back(ServerRequestInterface $request)
{
    if ($request->hasHeader('referer')) {
        return redirect($request->getHeader('referer'));
    }
    throw new BadRequestException();
}
 public function __invoke(Request $request)
 {
     /** Check for token on header */
     if (isset($this->options['header'])) {
         if ($request->hasHeader($this->options['header'])) {
             $header = $request->getHeader($this->options['header'])[0];
             if (preg_match($this->options['regex'], $header, $matches)) {
                 return $matches[1];
             }
         }
     }
     /** If nothing on header, try query parameters */
     if (isset($this->options['parameter'])) {
         if (!empty($request->getQueryParams()[$this->options['parameter']])) {
             return $request->getQueryParams()[$this->options['parameter']];
         }
     }
     /** If nothing on parameters, try cookies */
     if (isset($this->options['cookie'])) {
         $cookie_params = $request->getCookieParams();
         if (!empty($cookie_params[$this->options["cookie"]])) {
             return $cookie_params[$this->options["cookie"]];
         }
     }
     /** If nothing until now, check argument as last try */
     if (isset($this->options['argument'])) {
         if ($route = $request->getAttribute('route')) {
             $argument = $route->getArgument($this->options['argument']);
             if (!empty($argument)) {
                 return $argument;
             }
         }
     }
     throw new TokenNotFoundException('Token not found');
 }
 /**
  * {@inheritdoc}
  */
 public function validateAuthorization(ServerRequestInterface $request)
 {
     if ($request->hasHeader('authorization') === false) {
         throw OAuthServerException::accessDenied('Missing "Authorization" header');
     }
     $header = $request->getHeader('authorization');
     $jwt = trim(preg_replace('/^(?:\\s+)?Bearer\\s/', '', $header[0]));
     try {
         // Attempt to parse and validate the JWT
         $token = (new Parser())->parse($jwt);
         if ($token->verify(new Sha256(), $this->publicKey->getKeyPath()) === false) {
             throw OAuthServerException::accessDenied('Access token could not be verified');
         }
         // Ensure access token hasn't expired
         $data = new ValidationData();
         $data->setCurrentTime(time());
         if ($token->validate($data) === false) {
             throw OAuthServerException::accessDenied('Access token is invalid');
         }
         // Check if token has been revoked
         if ($this->accessTokenRepository->isAccessTokenRevoked($token->getClaim('jti'))) {
             throw OAuthServerException::accessDenied('Access token has been revoked');
         }
         // Return the request with additional attributes
         return $request->withAttribute('oauth_access_token_id', $token->getClaim('jti'))->withAttribute('oauth_client_id', $token->getClaim('aud'))->withAttribute('oauth_user_id', $token->getClaim('sub'))->withAttribute('oauth_scopes', $token->getClaim('scopes'));
     } catch (\InvalidArgumentException $exception) {
         // JWT couldn't be parsed so return the request as is
         throw OAuthServerException::accessDenied($exception->getMessage());
     } catch (\RuntimeException $exception) {
         //JWR couldn't be parsed so return the request as is
         throw OAuthServerException::accessDenied('Error while decoding to JSON');
     }
 }
Exemple #5
0
 /**
  * Invoking the middleware
  *
  * @param ServerRequestInterface $request
  * @param ResponseInterface $response
  * @param callable $next
  * @return ResponseInterface $response
  * @throws InternalServerError
  * @throws UnsupportedMediaType
  */
 public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next = null)
 {
     // Make sure we have deserializers
     if (!isset($this->container['contentTypes'])) {
         throw new InternalServerError('No serializers seems to be configured');
     }
     // Make sure we have a content type header to work with
     if ($request->hasHeader('Content-Type')) {
         // Get the content of the header
         $header = $request->getHeaderLine('Content-Type');
         // Make sure the header value isn't empty
         if (!empty($header)) {
             // Get priorities
             $supported = $this->container['contentTypes'];
             // Remove included parts that aren't part of the RFC
             $header = preg_replace('/(;[a-z]*=[a-z0-9\\-]*)/i', '', $header);
             // Replace the original header value
             $request = $request->withHeader('Content-Type', $header);
             // Check if the content type is supported
             if (!in_array($header, $supported)) {
                 // The content type isn't supported
                 throw new UnsupportedMediaType('Can not handle the supplied content type. Supported types are ' . implode(', ', $supported));
             }
         }
     }
     // Call next middleware
     return $next($request, $response, $next);
 }
Exemple #6
0
 /**
  * {@inheritdoc}
  */
 public function __invoke(Request $request, Response $response, callable $out = null)
 {
     if ($request->getMethod() === 'POST' && $request->hasHeader(self::HEADER_NAME)) {
         $fakeMethod = $request->getHeaderLine(self::HEADER_NAME);
         $request = $request->withMethod(strtoupper($fakeMethod));
     }
     return $out ? $out($request, $response) : $response;
 }
 /**
  * @param \Psr\Http\Message\ServerRequestInterface $request
  *
  * @return string
  * @throws \livetyping\hermitage\app\exceptions\UnauthorizedException
  */
 protected function getSignatureFromRequest(Request $request) : string
 {
     if (!$request->hasHeader(self::HEADER_AUTHENTICATE_SIGNATURE)) {
         throw new UnauthorizedException('Signature is required.');
     }
     $signature = current($request->getHeader(self::HEADER_AUTHENTICATE_SIGNATURE));
     return $signature;
 }
Exemple #8
0
 /**
  * Process an incoming request and/or response.
  *
  * Accepts a server-side request and a response instance, and does
  * something with them.
  *
  * If the response is not complete and/or further processing would not
  * interfere with the work done in the middleware, or if the middleware
  * wants to delegate to another process, it can use the `$out` callable
  * if present.
  *
  * If the middleware does not return a value, execution of the current
  * request is considered complete, and the response instance provided will
  * be considered the response to return.
  *
  * Alternately, the middleware may return a response instance.
  *
  * Often, middleware will `return $out();`, with the assumption that a
  * later middleware will return a response.
  *
  * @param Request $request
  * @param Response $response
  * @param null|callable $out
  * @return null|Response
  */
 public function __invoke(Request $request, Response $response, callable $out = null)
 {
     if (!$request->hasHeader('Accept-Language')) {
         return $out($request, $response);
     }
     $locale = $request->getHeaderLine('Accept-Language');
     $this->translator->setLocale($this->normalizeLocale($locale));
     return $out($request, $response);
 }
 public function enrichRequestWithParsedBody(ServerRequestInterface $request)
 {
     if ($request->hasHeader(HeaderName::CONTENT_TYPE) && $request->getHeaderLine(HeaderName::CONTENT_TYPE) === 'application/json') {
         $parsedBody = $this->serializer->deserialize($request->getBody()->__toString(), 'array', 'json');
         return $request->withParsedBody($parsedBody);
     } else {
         return $request->withParsedBody([]);
     }
 }
Exemple #10
0
 public function __invoke(Request $request, Response $response, callable $out = null)
 {
     if (!$request->hasHeader('authorization')) {
         return $response->withStatus(401);
     }
     if (!$this->isValid($request)) {
     }
     return $out($request, $response);
 }
Exemple #11
0
 public function __invoke(Request $request, Response $response, callable $next) : Response
 {
     $parent = $request->getOriginalRequest();
     $parentUrl = str_replace('/thank-you', '', (string) $parent->getUri());
     if (!$request->hasHeader('Referer') || !preg_match('#^' . $parentUrl . '#', $request->getHeaderLine('Referer'))) {
         return $response->withStatus(302)->withHeader('Location', $parentUrl);
     }
     return new HtmlResponse($this->template->render('contact::thankyou', []));
 }
 /**
  * @param ServerRequestInterface $request
  *
  * @return array
  */
 private function getHeadersFromRequest(ServerRequestInterface $request)
 {
     $headerNames = [];
     foreach ($this->service->getOverrideHeaders() as $headerName) {
         if ($request->hasHeader($headerName)) {
             $headerNames[$headerName] = $request->getHeaderLine($headerName);
         }
     }
     return $headerNames;
 }
Exemple #13
0
 /**
  * Fetch token from request.
  *
  * @param ServerRequestInterface $request
  * @return string
  */
 protected function fetchToken(ServerRequestInterface $request)
 {
     if ($request->hasHeader(self::HEADER)) {
         return (string) $request->getHeaderLine(self::HEADER);
     }
     $data = $request->getParsedBody();
     if (is_array($data) && isset($data[self::PARAMETER])) {
         if (is_string($data[self::PARAMETER])) {
             return (string) $data[self::PARAMETER];
         }
     }
     return '';
 }
Exemple #14
0
 /**
  * Check if the provided origin is allowed to
  * access the api
  *
  * @return bool
  */
 protected function checkOrigin()
 {
     // Check if we allow all "*"
     if ($this->options['allowedOrigins'] === true) {
         return true;
     }
     // Make sure the origin header is set and that the value (domain) is
     // in the allowed origins list.
     if ($this->request->hasHeader('origin') && in_array($this->request->getHeaderLine('origin'), $this->options['allowedOrigins'])) {
         return true;
     }
     return false;
 }
Exemple #15
0
 private function isAcceptableServerRequest(ServerRequestInterface $request) : bool
 {
     if (!$request->hasHeader("Accept-encoding")) {
         return false;
     }
     $accept = $request->getHeaderLine("Accept-encoding");
     if (strpos($accept, '*') !== false) {
         return true;
     }
     if (strpos($accept, 'gzip') !== false) {
         return true;
     }
     return false;
 }
Exemple #16
0
 /**
  * {@inheritdoc}
  *
  * @throws \RuntimeException
  */
 public function isExcluded(ServerRequestInterface $request)
 {
     if (!count($this->headers)) {
         throw new \RuntimeException('No headers defined in header excluder');
     }
     foreach ($this->headers as $header => $value) {
         if ($value === null && $request->hasHeader($header)) {
             return true;
         } elseif ($value !== null && (trim($value) === $request->getHeaderLine($header) || @preg_match(trim($value), $request->getHeaderLine($header)))) {
             return true;
         }
     }
     return false;
 }
 /**
  * Extract the token either from Authorization header or query params
  *
  * @param  ServerRequestInterface $request
  * @return string|null
  */
 private function extractAccessToken(ServerRequestInterface $request)
 {
     // The preferred way is using Authorization header
     if ($request->hasHeader('Authorization')) {
         // Header value is expected to be "Bearer xxx"
         $parts = explode(' ', $request->getHeaderLine('Authorization'));
         if (count($parts) < 2) {
             return null;
         }
         return end($parts);
     }
     // Default back to authorization in query param
     $queryParams = $request->getQueryParams();
     return $queryParams['access_token'] ?? null;
 }
 public function __invoke(Request $request, Response $response, callable $out = null)
 {
     //Sin header no pasas
     if (!$request->hasHeader('authorization')) {
         $response->getBody()->write('WTF! Unauthorized');
         return $response->withStatus(401);
     }
     //Autenticacion valida?
     if (!$this->isValid($request)) {
         $response->getBody()->write('Invalid token!');
         return $response->withStatus('403');
     }
     //seguimos con la suguiente capa
     return $out($request, $response);
 }
Exemple #19
0
 /**
  * Build CorsRequest from PSR-7 ServerRequest object
  *
  * @param Psr\Http\Message\ServerRequestInterface $request
  * @return PhpNexus\Cors\CorsRequest
  */
 protected function buildCorsRequest(ServerRequestInterface $request)
 {
     // Create CorsRequest and set method
     $corsRequest = (new CorsRequest())->setMethod($request->getMethod());
     // Set Origin if header exists
     if ($request->hasHeader('Origin')) {
         $corsRequest->setOrigin($request->getHeader('Origin')[0]);
     }
     // Set access control request method if header exists
     if ($request->hasHeader('Access-Control-Request-Method')) {
         $corsRequest->setAccessControlRequestMethod($request->getHeader('Access-Control-Request-Method')[0]);
     }
     // Set access control request headers if header exists
     if ($request->hasHeader('Access-Control-Request-Headers')) {
         /** Not sure if this is a bug in the Slim implementation of PSR-7, but it doesn't seem to separate headers properly */
         $accessControlRequestHeaders = $request->getHeader('Access-Control-Request-Headers');
         // If only one array element; explode by comma and space
         if (count($accessControlRequestHeaders) === 1) {
             $accessControlRequestHeaders = explode(', ', $accessControlRequestHeaders[0]);
         }
         $corsRequest->setAccessControlRequestHeaders($accessControlRequestHeaders);
     }
     return $corsRequest;
 }
Exemple #20
0
 private function generateResponseLog(Request $request, Response $response)
 {
     if ($this->options['full']) {
         return ResponseSerializer::toString($response);
     }
     $reasonPhrase = $response->getReasonPhrase();
     $msg = sprintf("%s %s", $response->getStatusCode(), $reasonPhrase ? $reasonPhrase : '');
     if ($response->hasHeader('X-Request-Id')) {
         $msg .= ' RequestId: ' . $response->getHeader('X-Request-Id')[0];
     } elseif ($request->hasHeader('X-Request-Id')) {
         $msg .= ' RequestId: ' . $request->getHeader('X-Request-Id')[0];
     }
     if ($response->hasHeader('X-Response-Time')) {
         $msg .= ' ResponseTime: ' . $response->getHeader('X-Response-Time')[0];
     }
     return $msg;
 }
Exemple #21
0
 /**
  * Process an incoming request and/or response.
  *
  * Accepts a server-side request and a response instance, and does
  * something with them.
  *
  * If the response is not complete and/or further processing would not
  * interfere with the work done in the middleware, or if the middleware
  * wants to delegate to another process, it can use the `$out` callable
  * if present.
  *
  * If the middleware does not return a value, execution of the current
  * request is considered complete, and the response instance provided will
  * be considered the response to return.
  *
  * Alternately, the middleware may return a response instance.
  *
  * Often, middleware will `return $out();`, with the assumption that a
  * later middleware will return a response.
  *
  * @param Request       $request
  * @param Response      $response
  * @param null|callable $out
  *
  * @return null|Response
  */
 public function __invoke(Request $request, Response $response, callable $out = null)
 {
     $authHeader = $request->hasHeader('Authorization') ? $request->getHeaderLine('Authorization') : null;
     if (empty($authHeader)) {
         return $this->unauthorizedResponse($response);
     }
     if (false === strpos($authHeader, 'token')) {
         return $this->unauthorizedResponse($response);
     }
     list(, $token) = explode(' ', $authHeader);
     if (!isset($token)) {
         return $this->unauthorizedResponse($response);
     }
     if (!$this->authService->authorize($token)) {
         return $this->forbiddenResponse($response);
     }
     return $out($request, $response);
 }
 /**
  * Invoking the middleware
  *
  * @param ServerRequestInterface $request
  * @param ResponseInterface $response
  * @param callable $next
  * @return ResponseInterface $response
  * @throws InternalServerError
  * @throws NotAcceptable
  */
 public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next = null)
 {
     // Make sure we have serializers
     if (!isset($this->container['acceptTypes'])) {
         throw new InternalServerError('No serializers seems to be registered');
     }
     // Get priorities
     $supported = $this->container['acceptTypes'];
     // Prepare charset
     $charset = $this->prepareCharsetHeaderString();
     // Make sure we have what we need to do the negotiation
     if ($request->hasHeader('Accept')) {
         // Get header
         $accept = $request->getHeaderLine('Accept');
         // Negotiate
         $best = $this->getBestFormat($accept, $supported);
         // If an Accept header field is present, and if the server cannot send a response
         // which is acceptable according to the combined Accept field value, then the server
         // SHOULD return a 406 (not acceptable) response.
         if ($best === null) {
             // We must set the mime type before throwing the exception so that the correct serializer
             // is triggered to serialize the error message. Both on the request and response.
             $this->container['latestRequest'] = $request->withAttribute('Accept', $supported[0]);
             $this->container['latestResponse'] = $response->withHeader('Content-Type', $supported[0] . $charset);
             throw new NotAcceptable('Can not send a response which is acceptable according to the Accept header. ' . 'Supported mime types are: ' . implode(', ', $supported));
         }
     } else {
         // If no Accept header field is present, then it is assumed that the client accepts all media types.
         $best = $this->acceptsAnything(1, $supported);
     }
     // Save result
     $request = $request->withAttribute('Accept', $best['value']);
     // Set response content type header
     $response = $response->withHeader('Content-Type', $best['value'] . $charset);
     // Set extra params
     if (isset($best['parameters'])) {
         // Set parameters array as attribute
         $request = $request->withAttribute('Accept-Parameters', $best['parameters']);
     }
     // Call next middleware
     return $next($request, $response, $next);
 }
 public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)
 {
     if (false === $request->hasHeader('Authorization')) {
         if (false === $this->allRequests) {
             return $next($request, $response);
         }
         return $this->invalidResponse;
     }
     $token = $request->getHeaderLine('Authorization');
     if (false === strpos($token, 'Bearer ')) {
         return $this->invalidResponse;
     }
     $token = substr($token, 7);
     /** @var SimpleJWS $jws */
     $jws = SimpleJWS::load($token, false);
     if (false === $jws->isValid($this->publicKey, $this->encoder)) {
         return $this->invalidResponse;
     }
     return $next($request->withAttribute('jwt', $jws->getPayload()), $response);
 }
 /**
  * {@inheritdoc}
  */
 public function initialize(ServerRequestInterface $request)
 {
     if (!$request->hasHeader('Authorization')) {
         return null;
     }
     $authorization = $request->getHeaderLine('Authorization');
     if (empty($authorization) || substr($authorization, 0, 6) !== 'Bearer') {
         return null;
     }
     $token_id = trim(substr($authorization, 7));
     if ($token_id === null || $token_id === '') {
         throw new InvalidTokenException();
     }
     if ($token = $this->token_repository->getById($token_id)) {
         if ($user = $token->getAuthenticatedUser($this->user_repository)) {
             $this->token_repository->recordUsageByToken($token);
             return new AuthenticationTransport($this, $user, $token);
         }
     }
     throw new InvalidTokenException();
 }
 /**
  * Handle the middleware pipeline call
  *
  * @param ServerRequestInterface $request
  * @param ResponseInterface $response
  * @param callable $next
  * @return mixed
  * @throws MethodNotAllowed
  */
 public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next = null)
 {
     // Check if the override header is set
     if ($request->hasHeader('X-Http-Method-Override')) {
         // Get the original request method
         $method = $request->getMethod();
         // Get the override method
         $override = strtoupper($request->getHeaderLine('X-Http-Method-Override'));
         // Check so the override method are allowed based on the original request method
         if ($method === 'GET' && in_array($override, $this->getOverride) || $method === 'POST' && in_array($override, $this->postOverride)) {
             // Save current method as attribute
             $request = $request->withAttribute('originalRequestMethod', $method);
             // Set the override method as request method
             $request = $request->withMethod($override);
         } else {
             throw new MethodNotAllowed('The override method ' . $override . ' are not allowed to override the original ' . $method . ' request method.');
         }
     }
     // Call next middleware
     return $next($request, $response, $next);
 }
 /**
  * {@inheritdoc}
  */
 public function validateAuthorization(ServerRequestInterface $request)
 {
     if ($request->hasHeader('authorization') === false) {
         throw OAuthServerException::accessDenied('Missing "Authorization" header');
     }
     $header = $request->getHeader('authorization');
     $accessTokenId = trim($header[0]);
     try {
         $accessTokenEntity = $this->accessTokenRepository->findAccessToken($accessTokenId);
         // Check if token has been revoked
         if (is_null($accessTokenEntity)) {
             throw OAuthServerException::accessDenied('Access token has been revoked');
         }
         // Ensure access token hasn't expired
         if ($accessTokenEntity->getExpiryDateTime()->lt(Carbon::now())) {
             throw OAuthServerException::accessDenied('Access token is invalid');
         }
         // Return the request with additional attributes
         return $request->withAttribute('oauth_access_token_id', $accessTokenEntity->getIdentifier())->withAttribute('oauth_client_id', $accessTokenEntity->getClient()->getIdentifier())->withAttribute('oauth_user_id', $accessTokenEntity->getUserIdentifier())->withAttribute('oauth_scopes', $accessTokenEntity->getScopes());
     } catch (\InvalidArgumentException $exception) {
         // JWT couldn't be parsed so return the request as is
         throw OAuthServerException::accessDenied($exception->getMessage());
     }
 }
Exemple #27
0
 /**
  * {@inheritdoc}
  */
 public function hasHeader($name)
 {
     return $this->wrapped->hasHeader($name);
 }
Exemple #28
0
 /**
  * {@inheritDoc}
  */
 public function hasHeader($name)
 {
     return $this->psrRequest->hasHeader($name);
 }
 /**
  * Find out the client's IP address from the headers available to us
  *
  * @param  ServerRequestInterface $request PSR-7 Request
  * @return string
  */
 protected function determineClientIpAddress($request)
 {
     $ipAddress = null;
     $serverParams = $request->getServerParams();
     if (isset($serverParams['REMOTE_ADDR']) && $this->isValidIpAddress($serverParams['REMOTE_ADDR'])) {
         $ipAddress = $serverParams['REMOTE_ADDR'];
     }
     $checkProxyHeaders = $this->checkProxyHeaders;
     if ($checkProxyHeaders && !empty($this->trustedProxies)) {
         if (!in_array($ipAddress, $this->trustedProxies)) {
             $checkProxyHeaders = false;
         }
     }
     if ($checkProxyHeaders) {
         foreach ($this->headersToInspect as $header) {
             if ($request->hasHeader($header)) {
                 $ip = trim(current(explode(',', $request->getHeaderLine($header))));
                 if ($this->isValidIpAddress($ip)) {
                     $ipAddress = $ip;
                     break;
                 }
             }
         }
     }
     return $ipAddress;
 }
 /**
  * Proxy to ServerRequestInterface::hasHeader()
  *
  * {@inheritdoc}
  */
 public function hasHeader($header)
 {
     return $this->psrRequest->hasHeader($header);
 }