/**
  * @param OAuth2Request $request
  * @param $error
  * @param $return_url
  * @return null|OAuth2IndirectErrorResponse|OAuth2IndirectFragmentErrorResponse
  * @throws Exception
  */
 public static function buildResponse(OAuth2Request $request = null, $error, $return_url)
 {
     $response = null;
     $reflector = new ReflectionClass($request);
     $class_name = $reflector->getName();
     if ($class_name == 'oauth2\\requests\\OAuth2AuthorizationRequest') {
         $response_type = $request->getResponseType();
         switch ($response_type) {
             case OAuth2Protocol::OAuth2Protocol_ResponseType_Token:
                 return new OAuth2IndirectFragmentErrorResponse($error, $return_url);
                 break;
             case OAuth2Protocol::OAuth2Protocol_ResponseType_Code:
                 return new OAuth2IndirectErrorResponse($error, $return_url);
                 break;
             default:
                 throw new Exception(sprintf("invalid response type %s", $response_type));
                 break;
         }
     }
     return $response;
 }
 public function __construct(OAuth2Message $msg)
 {
     parent::__construct($msg);
 }
 public function canHandle(OAuth2Request $request)
 {
     $reflector = new ReflectionClass($request);
     $class_name = $reflector->getName();
     return $class_name == 'oauth2\\requests\\OAuth2AccessTokenValidationRequest' && $request->isValid();
 }
 public function buildTokenRequest(OAuth2Request $request)
 {
     $reflector = new ReflectionClass($request);
     $class_name = $reflector->getName();
     if ($class_name == 'oauth2\\requests\\OAuth2TokenRequest') {
         if ($request->getGrantType() !== $this->getType()) {
             return null;
         }
         return new OAuth2RefreshAccessTokenRequest($request->getMessage());
     }
     return null;
 }
Esempio n. 5
0
 /**
  * @param OAuth2Request $request
  * @return mixed|OAuth2AccessTokenFragmentResponse
  * @throws \oauth2\exceptions\UnsupportedResponseTypeException
  * @throws \oauth2\exceptions\LockedClientException
  * @throws \oauth2\exceptions\InvalidClientException
  * @throws \oauth2\exceptions\ScopeNotAllowedException
  * @throws \oauth2\exceptions\OAuth2GenericException
  * @throws \oauth2\exceptions\InvalidApplicationType
  * @throws \oauth2\exceptions\AccessDeniedException
  * @throws \oauth2\exceptions\UriNotAllowedException
  * @throws \oauth2\exceptions\InvalidOAuth2Request
  */
 public function handle(OAuth2Request $request)
 {
     $reflector = new ReflectionClass($request);
     $class_name = $reflector->getName();
     if ($class_name == 'oauth2\\requests\\OAuth2AuthorizationRequest') {
         $client_id = $request->getClientId();
         $response_type = $request->getResponseType();
         if ($response_type !== $this->getResponseType()) {
             throw new UnsupportedResponseTypeException(sprintf("response_type %s", $response_type));
         }
         $client = $this->client_service->getClientById($client_id);
         if (is_null($client)) {
             throw new InvalidClientException($client_id, sprintf("client_id %s", $client_id));
         }
         if (!$client->isActive() || $client->isLocked()) {
             throw new LockedClientException($client, sprintf('client id %s', $client));
         }
         //check client type
         // only public clients could use this grant type
         if ($client->getApplicationType() != IClient::ApplicationType_JS_Client) {
             throw new InvalidApplicationType($client_id, sprintf('client id %s client type must be JS CLIENT', $client_id));
         }
         //check redirect uri
         $redirect_uri = $request->getRedirectUri();
         if (!$client->isUriAllowed($redirect_uri)) {
             throw new UriNotAllowedException(sprintf("redirect_to %s", $redirect_uri));
         }
         //check requested scope
         $scope = $request->getScope();
         if (is_null($scope) || empty($scope) || !$client->isScopeAllowed($scope)) {
             throw new ScopeNotAllowedException(sprintf("scope %s", $scope));
         }
         $state = $request->getState();
         //check user logged
         $authentication_response = $this->auth_service->getUserAuthenticationResponse();
         if ($authentication_response == IAuthService::AuthenticationResponse_Cancel) {
             //clear saved data ...
             $this->memento_service->clearCurrentRequest();
             $this->auth_service->clearUserAuthenticationResponse();
             $this->auth_service->clearUserAuthorizationResponse();
             throw new AccessDeniedException();
         }
         if (!$this->auth_service->isUserLogged()) {
             $this->memento_service->saveCurrentAuthorizationRequest();
             return $this->auth_strategy->doLogin($this->memento_service->getCurrentAuthorizationRequest());
         }
         $approval_prompt = $request->getApprovalPrompt();
         $user = $this->auth_service->getCurrentUser();
         if (is_null($user)) {
             throw new OAuth2GenericException("Invalid Current User");
         }
         //validate authorization
         //check for former user consents
         $authorization_response = $this->auth_service->getUserAuthorizationResponse();
         $former_user_consent = $this->user_consent_service->get($user->getId(), $client->getId(), $scope);
         if (!(!is_null($former_user_consent) && $approval_prompt == OAuth2Protocol::OAuth2Protocol_Approval_Prompt_Auto)) {
             if ($authorization_response == IAuthService::AuthorizationResponse_None) {
                 $this->memento_service->saveCurrentAuthorizationRequest();
                 return $this->auth_strategy->doConsent($this->memento_service->getCurrentAuthorizationRequest());
             } else {
                 if ($authorization_response == IAuthService::AuthorizationResponse_DenyOnce) {
                     //clear saved data ...
                     $this->memento_service->clearCurrentRequest();
                     $this->auth_service->clearUserAuthorizationResponse();
                     throw new AccessDeniedException();
                 }
             }
             //save possitive consent
             if (is_null($former_user_consent)) {
                 $this->user_consent_service->add($user->getId(), $client->getId(), $scope);
             }
         }
         // build current audience ...
         $audience = $this->scope_service->getStrAudienceByScopeNames(explode(' ', $scope));
         //build access token
         $access_token = $this->token_service->createAccessTokenFromParams($client_id, $scope, $audience, $user->getId());
         //clear saved data ...
         $this->memento_service->clearCurrentRequest();
         $this->auth_service->clearUserAuthorizationResponse();
         return new OAuth2AccessTokenFragmentResponse($redirect_uri, $access_token->getValue(), $access_token->getLifetime(), $scope, $state);
     }
     throw new InvalidOAuth2Request();
 }