/**
* Retrieves the currently authenticate user's username.
*
* @return User
*
* @throws InvalidRequestException
* @throws AccessDeniedException
*/
public function getCurrentUser()
{
$this->server->isValidRequest();
// Choooo chooo!!
$ownerId = $this->server->getAccessToken()->getSession()->getOwnerId();
return $this->speakerRepository->findById($ownerId);
}
/**
* Handle an incoming request
*
* @param Request $request
* @param Closure $next
* @return Response
*/
public function handle($request, Closure $next)
{
try {
$this->server->isValidRequest();
return $next($request);
} catch (OAuthException $e) {
return new JsonResponse(['error' => $e->errorType, 'message' => $e->getMessage()], $e->httpStatusCode, $e->getHttpHeaders());
}
}
/**
* Handle an incoming request
*
* @param Request $request
* @param Closure $next
*
* @return Response
*/
public function handle($request, Closure $next)
{
try {
$this->server->isValidRequest();
return $next($request);
} catch (OAuthException $e) {
$error = $e->errorType;
$message = $e->getMessage();
return response()->json(compact('error', 'message'), $e->httpStatusCode, $e->getHttpHeaders());
}
}
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
{
try {
$this->resourceServer->isValidRequest(true);
} catch (AccessDeniedException $e) {
throw new AuthenticationException(sprintf('OAuth token "%s" does not exist or is expired.', $token->getCredentials()));
}
$userIdentifier = $this->resourceServer->getAccessToken()->getSession()->getOwnerId();
try {
$user = $userProvider->loadUserByUsername($userIdentifier);
} catch (UsernameNotFoundException $e) {
$e->setUsername($userIdentifier);
throw $e;
}
return new PreAuthenticatedToken($user, $token->getCredentials(), $providerKey, $user->getRoles());
}
function it_throws_authentication_exception_when_user_could_not_be_loaded(ResourceServer $resourceServer, UserProviderInterface $userProvider, EmitterInterface $emitter)
{
$providerKey = 'default';
$userIdentifier = '*****@*****.**';
$token = new PreAuthenticatedToken('anon.', 'DDSHs55zpG51Mtxnt6H8vwn5fVJ230dF', $providerKey);
$resourceServer->isValidRequest(true)->shouldBeCalled();
$this->resourceServerWillReturnOwnerId($resourceServer, $emitter, $userIdentifier);
$userProvider->loadUserByUsername($userIdentifier)->willThrow(UsernameNotFoundException::class);
$this->shouldThrow(AuthenticationException::class)->during('authenticateToken', [$token, $userProvider, $providerKey]);
}
public function getUser(Request $request)
{
try {
$this->Server->isValidRequest(true, $request->query('access_token'));
$ownerModel = $this->Server->getAccessToken()->getSession()->getOwnerType();
$ownerId = $this->Server->getAccessToken()->getSession()->getOwnerId();
$event = new Event('OAuthServer.getUser', $request, [$ownerModel, $ownerId]);
EventManager::instance()->dispatch($event);
if ($event->result) {
return $event->result;
} else {
$model = TableRegistry::get($ownerModel);
return $model->get($ownerId)->toArray();
}
} catch (OAuthException $e) {
$this->_exception = $e;
return false;
}
}
/**
* Constructor
*
* The constructor does nothing by default but can be passed a boolean
* variable to tell it to automatically run the __default() method. This is
* typically used when a module is called outside of the scope of the
* controller (the registration page calls the login page in this manner.
*/
public function __construct($uids = false)
{
parent::__construct();
$this->uids = $uids;
$method = $_SERVER['REQUEST_METHOD'];
try {
// Checks if auth flag is explicity true or true for the method
if ($this->auth === true || isset($this->auth[$method]) && $this->auth[$method]) {
if (isset($this->config['oauth'][$_SERVER['__version']])) {
$server = new ResourceServer(new SessionStorage(), new AccessTokenStorage(), new ClientStorage(), new ScopeStorage());
$server->isValidRequest();
} else {
throw new \Exception('Authentication is not configured properly.', 401);
}
}
// Hacks together some new globals
if (in_array($method, ['PUT', 'DELETE'])) {
$GLOBALS['_' . $method] = [];
// @todo Populate it
}
$filter = isset($this->filter[$method]);
$validate = isset($this->validate[$method]);
if ($filter || $validate) {
$global =& $GLOBALS['_' . $method];
// Checks that the required parameters are present
// @todo Add in support for uid:* variables
if ($validate) {
$variables = [];
foreach ($this->validate[$method] as $variable => $rules) {
if (!is_array($rules)) {
$variable = $rules;
}
$variables[] = $variable;
}
$missing_variables = array_diff($variables, array_keys($global));
if ($missing_variables !== array()) {
foreach ($missing_variables as $variable) {
$this->errors[$variable][] = 'The ' . $variable . ' parameter is required.';
}
}
}
foreach ($global as $variable => $value) {
// Applies any filters
if ($filter && isset($this->filter[$method][$variable])) {
$function = $this->filter[$method][$variable];
if ($function == 'password_hash') {
$global[$variable] = password_hash($value, PASSWORD_DEFAULT);
} else {
$global[$variable] = $function($value);
}
}
if ($validate && isset($this->validate[$method][$variable])) {
$rules = $this->validate[$method][$variable];
if (is_array($rules)) {
if (isset($global[$variable]) && !String::isEmpty($global[$variable])) {
if (is_array($rules)) {
foreach ($rules as $rule => $message) {
$rule = explode(':', $rule);
for ($i = 1; $i <= 2; $i++) {
if (!isset($rule[$i])) {
$rule[$i] = false;
}
}
switch ($rule[0]) {
// {{{ Checks using filter_var()
case 'filter':
switch ($rule[1]) {
case 'boolean':
case 'email':
case 'float':
case 'int':
case 'ip':
case 'url':
$filter = constant('FILTER_VALIDATE_' . strtoupper($rule[1]));
if (!filter_var($value, $filter)) {
$this->errors[$variable][] = $message;
}
break;
default:
$this->errors[$variable] = 'Invalid filter, expecting boolean, email, float, int, ip or url.';
break;
}
break;
// }}}
// {{{ Checks using strlen()
// }}}
// {{{ Checks using strlen()
case 'length':
$length = strlen($value);
switch ($rule[1]) {
case '<':
$valid = $length < $rule[2];
break;
case '<=':
$valid = $length <= $rule[2];
break;
case '==':
$valid = $length == $rule[2];
break;
case '!=':
$valid = $length != $rule[2];
break;
case '>=':
$valid = $length >= $rule[2];
break;
case '>':
$valid = $length > $rule[2];
break;
default:
$valid = false;
$message = 'Invalid operator, expecting <, <=, ==, !=, >= or >.';
break;
}
if (!$valid) {
$this->errors[$variable][] = $message;
}
break;
// }}}
// {{{ Checks using preg_match()
// }}}
// {{{ Checks using preg_match()
case 'regex':
if (preg_match($rule[1], $value)) {
$this->errors[$variable][] = $message;
}
break;
// }}}
// @todo case 'alpha':
// @todo case 'alphanumeric':
// @todo case 'date':
// @todo case 'range':
}
}
}
}
}
}
}
// if PUT or DELETE, need to update the super globals directly as
// they do not stay in sync. Probably need to make them global in
// this class method
//
// $_PUT = $GLOBALS['_PUT'];
}
if ($this->errors) {
throw new \Exception('Missing or invalid parameters.', 400);
}
parent::__construct();
// Checks if the request method has been implemented
if (get_class($this) != 'Pickles\\Resource') {
if (!method_exists($this, $method)) {
throw new \Exception('Method not allowed.', 405);
} else {
// Starts a timer before the resource is executed
if ($this->config['profiler']) {
$timer = get_class($this) . '->' . $method . '()';
Profiler::timer($timer);
}
$this->response = $this->{$method}();
// Stops the resource timer
if ($this->config['profiler']) {
Profiler::timer($timer);
}
}
}
} catch (\Exception $e) {
$code = $e->getCode();
// Anything below 200 is probably a PHP error
if ($code < 200) {
$code = 500;
}
$this->status = $code;
$this->message = $e->getMessage();
}
}
/**
* Validate a request with an access token in it.
*
* @param bool $httpHeadersOnly whether or not to check only the http headers of the request
* @param string|null $accessToken an access token to validate
*
* @return mixed
*/
public function validateAccessToken($httpHeadersOnly = false, $accessToken = null)
{
return $this->checker->isValidRequest($httpHeadersOnly, $accessToken);
}
// implement logic here to validate a username and password, return an ID if valid, otherwise return false
$host = new Host();
$valid = $host->oauth2Login($username, $password);
if ($valid !== false) {
return $valid;
} else {
$app->halt(401, 'Unauthorized. The user credentials were incorrect.');
}
});
$authorize = function () use($resourceServer) {
return function () use($resourceServer) {
//401 = Unauthorized
//403 = Forbidden
$app = \Slim\Slim::getInstance();
try {
$authenticated = $resourceServer->isValidRequest(false);
if ($authenticated === false) {
$app->halt(401, 'Unauthorized');
}
//else {
//if (!$resourceServer->getAccessToken()->hasScope($scope))
//$app->halt(403, 'Forbidden');
//}
} catch (\League\OAuth2\Server\Exception\OAuthException $e) {
$error = json_encode(['error' => $e->errorType, 'message' => $e->getMessage()]);
$app->halt($e->httpStatusCode, $error);
} catch (\League\OAuth2\Server\Exception\AccessDeniedException $e) {
$error = json_encode(['error' => $e->errorType, 'message' => $e->getMessage()]);
$app->halt($e->httpStatusCode, $error);
} catch (\League\OAuth2\Server\Exception\InvalidRequestException $e) {
$error = json_encode(['error' => $e->errorType, 'message' => $e->getMessage()]);
/**
* @param bool $headersOnly
* @param null|string $accessToken
*
* @return bool
* @throws \League\OAuth2\Server\Exception\AccessDeniedException
*/
public function validateAccessToken($headersOnly = true, $accessToken = null)
{
return $this->resourceServer->isValidRequest($headersOnly, $accessToken);
}
function it_validates_an_access_token(ResourceServer $checker)
{
$checker->isValidRequest(false, null)->shouldBeCalled();
$this->validateAccessToken(false, null);
}
/**
* The route responsible for giving user information
*
* @param Router $router
* @param ResourceServer $resourceServer
* @return \Response
*/
private function userDetailsRoute(Router $router, ResourceServer $resourceServer)
{
$router->get(Config::get('laravel-oauth2-server.user_details_path'), function () use($resourceServer) {
try {
$accessToken = new AccessTokenEntity($resourceServer);
$accessToken->setId(Request::input('access_token'));
$resourceServer->isValidRequest(false, $accessToken);
$session = $resourceServer->getSessionStorage()->getByAccessToken($accessToken);
if (!($session->getOwnerType() === 'user' && $resourceServer->getAccessToken()->hasScope('uid'))) {
throw new AccessDeniedException();
}
return response()->json(['id' => $session->getOwnerId()]);
} catch (InvalidRequestException $ire) {
return response()->json(['error' => $ire->getCode(), 'message' => $ire->getMessage()], $ire->httpStatusCode);
} catch (AccessDeniedException $acd) {
return response()->json(['error' => $acd->getCode(), 'message' => $acd->getMessage()], $acd->httpStatusCode);
} catch (Exception $e) {
return response()->json(['error' => $e->getCode(), 'message' => $e->getMessage()], 500);
}
});
}
if (count($result) === 0) {
throw new NotFoundException();
}
$user = ['username' => $result[0]['username'], 'name' => $result[0]['name']];
if ($server->getAccessToken()->hasScope('email')) {
$user['email'] = $result[0]['email'];
}
if ($server->getAccessToken()->hasScope('photo')) {
$user['photo'] = $result[0]['photo'];
}
return new Response(json_encode($user));
});
$dispatcher = $router->getDispatcher();
try {
// Check that access token is present
$server->isValidRequest(false);
// A successful response
$response = $dispatcher->dispatch($request->getMethod(), $request->getPathInfo());
} catch (\Orno\Http\Exception $e) {
// A failed response
$response = $e->getJsonResponse();
$response->setContent(json_encode(['status_code' => $e->getStatusCode(), 'message' => $e->getMessage()]));
} catch (\League\OAuth2\Server\Exception\OAuthException $e) {
$response = new Response(json_encode(['error' => $e->errorType, 'message' => $e->getMessage()]), $e->httpStatusCode);
foreach ($e->getHttpHeaders() as $header) {
$response->headers($header);
}
} catch (\Exception $e) {
$response = new Orno\Http\Response();
$response->setStatusCode(500);
$response->setContent(json_encode(['status_code' => 500, 'message' => $e->getMessage()]));
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param string $scope
* @return mixed
*/
public function handle(Request $request, Closure $next, $scope = '')
{
// Set up the OAuth 2.0 resource server
$server = new ResourceServer(new SessionStorage(), new AccessTokenStorage(), new ClientStorage(), new ScopeStorage());
$isError = false;
try {
// Check that access token is present
$server->isValidRequest();
} catch (OAuthException $e) {
// Catch an OAuth exception
$response = new Response(['error' => $e->errorType, 'message' => $e->getMessage()], $e->httpStatusCode, $e->getHttpHeaders());
$isError = true;
} catch (\Exception $e) {
$response = new Response(['error' => $e->getCode(), 'message' => $e->getMessage()], 500, []);
$isError = true;
}
if (!$isError) {
// Get session info
$session = $server->getSessionStorage()->getByAccessToken($server->getAccessToken());
if (!$session instanceof SessionEntity) {
$isError = true;
}
}
if (!$isError) {
// Get user info
$user = null;
if ($session->getOwnerType() === 'user') {
$user = User::find($session->getOwnerId());
if (!$user instanceof User) {
$isError = true;
}
}
}
if (!$isError) {
// Get client info
$client = $server->getClientStorage()->getCompleteBySession($session);
if (!$client instanceof ClientEntity) {
$isError = true;
}
}
if (!$isError) {
// Get scopes info
$scopes = $session->getScopes();
if (!empty($scope)) {
$isScopeFound = false;
if (!is_null($scopes) && is_array($scopes)) {
foreach ($scopes as $scopeEntity) {
if ($scopeEntity->getId() === $scope) {
$isScopeFound = true;
break;
}
}
}
if (!$isScopeFound) {
$response = new Response(['error' => 'invalid_client', 'message' => 'Client authentication failed.'], 401);
$isError = true;
}
}
}
if ($isError) {
$response->headers->set('Content-type', 'application/json');
return $response;
} else {
// Put the identified client & scopes into request
// for further app process
$request->merge(['identified_oauth' => ['client' => $client, 'user' => $user, 'scopes' => $scopes]]);
}
return $next($request);
}
