/** * Matches token type against request and returns if it matches * * @param IRequest $request * * @throws \OAuth2\Exception\InvalidContentTypeException * @throws \OAuth2\Exception\InvalidHttpMethodException * @throws \OAuth2\Exception\MalformedTokenException * @return boolean */ public function match(IRequest $request) { // first check request for authorization header $header = $request->headers('authorization'); if ($header) { if (!preg_match('~Bearer\\s(\\S+)~', $header, $matches)) { throw new MalformedTokenException(); } $this->identifier = $matches[1]; return true; } // if is POST check for request (POST BODY) parameters if ($accessToken = $request->request('access_token')) { if (!($request->isMethod('post') || $request->isMethod('put'))) { throw new InvalidHttpMethodException(); } $contentType = $request->headers('content_type'); if (!$contentType || strpos($contentType, 'application/x-www-form-urlencoded') !== 0) { throw new InvalidContentTypeException(); } $this->identifier = $accessToken; return true; } // check query for access token if ($accessToken = $request->query('access_token')) { $this->identifier = $accessToken; return true; } return false; }
function it_throws_exception_if_client_is_public_and_secret_was_provided(IRequest $request, IClientStorage $clientStorage, IClient $client) { $request->headers('PHP_AUTH_USER')->willReturn('public')->shouldBeCalled(); $request->headers('PHP_AUTH_PW')->willReturn('secret')->shouldBeCalled(); $clientStorage->get('public')->willReturn($client)->shouldBeCalled(); $client->getSecret()->willReturn(null)->shouldBeCalled(); $this->shouldThrow(new InvalidClientException('Invalid client credentials.'))->during('authenticate', [$request]); }
function it_matches_to_requests_without_authorization_header(IRequest $request1, IRequest $request2) { $request1->headers('authorization')->willReturn(null)->shouldBeCalled(); $this->match($request1)->shouldReturn(true); $request2->headers('authorization')->willReturn('b')->shouldBeCalled(); $this->match($request2)->shouldReturn(false); }
function it_should_return_access_token_from_token_in_uri_query_parameter(IRequest $request) { $request->headers('authorization')->willReturn(null); $request->request('access_token')->willReturn(null); $request->query('access_token')->willReturn('pom'); $this->match($request)->shouldReturn(true); $this->getAccessToken()->shouldReturn('pom'); }
/** * Authenticates client and returns it * * @param IRequest $request * * @return IClient * @throws InvalidClientException */ public function authenticate(IRequest $request) { $id = $request->headers('PHP_AUTH_USER'); $secret = $request->headers('PHP_AUTH_PW'); if (!$id) { throw new InvalidClientException('Client id is missing.'); } // find client or throw exception if does not exist if (!($client = $this->clientStorage->get($id))) { throw new InvalidClientException('Invalid client credentials.'); } // if client is confidential and secrets does not match // or if client is public (does not have secret key) and credentials contains secret // throw exception if ((string) $secret !== (string) $client->getSecret()) { throw new InvalidClientException('Invalid client credentials.'); } return $client; }
/** * Matches if client authentication method can be used for given request * * @param IRequest $request * * @return bool */ public function match(IRequest $request) { return $request->headers('authorization') === null; }