public function __construct($bypassPaths = array(), $bypassAuth = false)
{
$this->useOAuth2 = API_USE_OAUTH;
if ($this->useOAuth2) {
$this->initOAth2();
// Don't check for authorization when requesting a token or docs
$temp = explode('/', trim($_SERVER['REQUEST_URI'], '/'));
$lastPath = str_replace($_SERVER['QUERY_STRING'], '', $temp[count($temp) - 1]);
$lastPath = str_replace('?', '', $lastPath);
if ($bypassAuth == false && $lastPath != 'authorize' && $lastPath != 'docs') {
$continue = true;
foreach ($bypassPaths as $path) {
if ($lastPath == $path) {
$continue = false;
}
}
if ($continue) {
// Check for a valid token
if (!$this->oauthServer->verifyResourceRequest(\OAuth2\Request::createFromGlobals())) {
// Not authorized!
$this->oauthServer->getResponse()->send();
die;
}
}
}
}
}
/**
* Execute this middleware.
*
* @param ServerRequestInterface $request The PSR7 request.
* @param ResponseInterface $response The PSR7 response.
* @param callable $next The Next middleware.
*
* @return ResponseInterface
*/
public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)
{
$oauth2Request = RequestBridge::toOAuth2($request);
foreach ($this->scopes as $scope) {
if ($this->server->verifyResourceRequest($oauth2Request, null, $scope)) {
$this->container['token'] = $this->server->getResourceController()->getToken();
return $next($request, $response);
}
}
return ResponseBridge::fromOAuth2($this->server->getResponse());
}
/**
* Stage 1: Client sends the user to this page
*
* User responds by accepting or denying
*
* @view oauth2/server/authorize.twig
* @format HtmlFormat
*/
public function authorize()
{
static::$server->getResponse(static::$request);
// validate the authorize request. if it is invalid,
// redirect back to the client with the errors in tow
if (!static::$server->validateAuthorizeRequest(static::$request)) {
static::$server->getResponse()->send();
exit;
}
return array('queryString' => $_SERVER['QUERY_STRING']);
}
/**
* Verify request contains valid access token.
*
* @param array $scopes Scopes required for authorization. $scopes can be given as an array of arrays. OR logic will
* use with each grouping. Example: Given ['superUser', ['basicUser', 'aPermission']], the
* request will be verified if the request token has 'superUser' scope OR 'basicUser' and
* 'aPermission' as its scope
*
* @return void
*/
public function call(array $scopes = [null])
{
if (!$this->verify($scopes)) {
MessageBridge::mapResponse($this->server->getResponse(), $this->app->response());
$this->app->stop();
}
//@codeCoverageIgnore since stop() throws
$this->app->token = $this->server->getResourceController()->getToken();
if ($this->next !== null) {
$this->next->call();
}
}
/**
* {@inheritDoc}
*/
public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)
{
try {
$oauth2request = Util::convertRequestFromPsr7($request);
if (!$this->server->verifyResourceRequest($oauth2request)) {
return Util::convertResponseToPsr7($this->server->getResponse(), $response);
}
$request = $request->withAttribute('access_token', $this->server->getAccessTokenData($oauth2request));
} catch (\Exception $ex) {
return new JsonResponse(['error' => $ex->getMessage(), 'error_description' => $ex->getMessage()], 500);
}
return $next($request, $response);
}
/**
* @param Route $route
* @throws \Slim\Exception\Stop
*/
private function checkAuth(Route $route)
{
$request = OAuth2\Request::createFromGlobals();
$scopeRequired = [];
if ($route->isSecure()) {
$scopeRequired = 'admin';
}
if (!$this->oauth->verifyResourceRequest($request, NULL, $scopeRequired)) {
$response = $this->oauth->getResponse();
$this->app->response()->status($response->getStatusCode());
$response->send();
$this->app->stop();
}
}
/**
* Test resource (/oauth/resource)
*/
public function resourceAction()
{
// Handle a request for an OAuth2.0 Access Token and send the response to the client
if (!$this->server->verifyResourceRequest($this->getOAuth2Request())) {
$response = $this->server->getResponse();
$parameters = $response->getParameters();
$errorUri = isset($parameters['error_uri']) ? $parameters['error_uri'] : null;
return new ApiProblemResponse(new ApiProblem($response->getStatusCode(), $parameters['error_description'], $errorUri, $parameters['error']));
}
$httpResponse = $this->getResponse();
$httpResponse->setStatusCode(200);
$httpResponse->getHeaders()->addHeaders(array('Content-type' => 'application/json'));
$httpResponse->setContent(json_encode(array('success' => true, 'message' => 'You accessed my APIs!')));
return $httpResponse;
}
/**
* Method executed when the dispatch event is triggered
*
* @param MvcEvent $e
* @return void
*/
public static function onDispatch(MvcEvent $e)
{
if ($e->getRequest() instanceof \Zend\Console\Request) {
return;
}
if ($e->getRouteMatch()->getMatchedRouteName() == 'login' || $e->getRouteMatch()->getMatchedRouteName() == 'users') {
return;
}
$sm = $e->getApplication()->getServiceManager();
$usersTable = $sm->get('Users\\Model\\UsersTable');
$storage = new Pdo($usersTable->adapter->getDriver()->getConnection()->getConnectionParameters());
$server = new Server($storage);
if (!$server->verifyResourceRequest(Request::createFromGlobals())) {
$model = new JsonModel(array('errorCode' => $server->getResponse()->getStatusCode(), 'errorMsg' => $server->getResponse()->getStatusText()));
$response = $e->getResponse();
$response->setContent($model->serialize());
$response->getHeaders()->addHeaderLine('Content-Type', 'application/json');
$response->setStatusCode($server->getResponse()->getStatusCode());
return $response;
}
}
public function resource($path)
{
// Handle a request for an OAuth2.0 Access Token and send the response to the client
if (!$this->server->verifyResourceRequest(Request::createFromGlobals())) {
$this->server->getResponse()->send();
die;
}
$token = $this->server->getAccessTokenData(Request::createFromGlobals());
$return = array();
if (is_callable($this->resourceHandler)) {
$return = call_user_func($this->resourceHandler, $path, $token['user_id']);
}
echo json_encode($return);
}
/**
* Attempt to authenticate the current request.
*
* @param Request $request
* @param Response $response
* @param MvcAuthEvent $mvcAuthEvent
* @return false|Identity\IdentityInterface False on failure, IdentityInterface
* otherwise
*/
public function authenticate(Request $request, Response $response, MvcAuthEvent $mvcAuthEvent)
{
$oauth2request = new OAuth2Request($request->getQuery()->toArray(), $request->getPost()->toArray(), [], $request->getCookie() ? $request->getCookie()->getArrayCopy() : [], $request->getFiles() ? $request->getFiles()->toArray() : [], method_exists($request, 'getServer') ? $request->getServer()->toArray() : $_SERVER, $request->getContent(), $request->getHeaders()->toArray());
// Failure to validate
if (!$this->oauth2Server->verifyResourceRequest($oauth2request)) {
$oauth2Response = $this->oauth2Server->getResponse();
$status = $oauth2Response->getStatusCode();
// 401 or 403 mean invalid credentials or unauthorized scopes; report those.
if (in_array($status, [401, 403], true) && null !== $oauth2Response->getParameter('error')) {
return $this->mergeOAuth2Response($status, $response, $oauth2Response);
}
// Merge in any headers; typically sets a WWW-Authenticate header.
$this->mergeOAuth2ResponseHeaders($response, $oauth2Response->getHttpHeaders());
// Otherwise, no credentials were present at all, so we just return a guest identity.
return new Identity\GuestIdentity();
}
$token = $this->oauth2Server->getAccessTokenData($oauth2request);
$identity = new Identity\AuthenticatedIdentity($token);
$identity->setName($token['user_id']);
return $identity;
}
public function verifyResourceRequest(HttpRequest $httpRequest)
{
$oauthRequest = $this->buildRequest($httpRequest);
$this->server->verifyResourceRequest($oauthRequest, null);
return $this->buildResponse($this->determineFormat($httpRequest), new HttpResponse(), $this->server->getResponse());
}
