/**
* Given a client, grant type and optional user identifier validate the set of scopes requested are valid and optionally
* append additional scopes or remove requested scopes.
*
* @param ScopeEntityInterface[] $scopes
* @param string $grantType
* @param \League\OAuth2\Server\Entities\ClientEntityInterface $clientEntity
* @param null|string $userIdentifier
*
* @return \League\OAuth2\Server\Entities\ScopeEntityInterface[]
*/
public function finalizeScopes(array $scopes, $grantType, ClientEntityInterface $clientEntity, $userIdentifier = null)
{
$scopeModel = $this->modelResolver->getModel('ScopeModel');
$clientModel = $this->modelResolver->getModel('ClientModel');
$clientModel = $clientModel::byIdentifier($clientEntity->getIdentifier())->first();
if (is_null($clientModel)) {
return [];
}
$scopes = array_map(function ($scopes) {
return $scopes->getIdentifier();
}, $scopes);
$validScopes = $scopeModel::byIdentifierIn($scopes)->get()->pluck($scopeModel::$identifierKey);
$validScopes = collect($validScopes);
if (!empty($clientModel->scopes)) {
$clientScopes = $clientModel->scopes;
if (!$clientModel::$canHandleArray) {
$clientScopes = json_decode($clientScopes);
}
$validScopes = $validScopes->intersect($clientScopes);
}
$validScopeEntities = [];
foreach ($validScopes as $validScope) {
$scopeEntity = new ScopeEntity();
$scopeEntity->setIdentifier($validScope);
$validScopeEntities[] = $scopeEntity;
}
return $validScopeEntities;
}
/**
* Execute the console command.
*
* @return void
*/
public function handle()
{
$type = app()->make(Oauth2Server::class)->getOptions()['database_type'];
$modelResolver = new ModelResolver($type);
$clientModel = $modelResolver->getModel('ClientModel');
$clientModel::create([$clientModel::$identifierKey => 'personal_access', 'name' => 'personal_access_client', 'secret' => 'secret', 'grant_type' => 'personal_access']);
$this->info('Personal access client created successfully.');
}
public function findClientEntity($clientIdentifier, $grantType = null, $clientSecret = null, $mustValidateSecret = true)
{
$clientModel = $this->modelResolver->getModel('ClientModel');
$clintModelQuery = $clientModel::byIdentifier($clientIdentifier);
if ($mustValidateSecret) {
$clintModelQuery->where('secret', $clientSecret);
}
$clientModel = $clintModelQuery->first();
if (is_null($clientModel)) {
return;
}
if (!is_null($grantType) && !empty($clientModel->grant_type) && $clientModel->grant_type != $grantType) {
return;
}
$clientEntity = new ClientEntity();
$clientEntity->setIdentifier($clientIdentifier);
$clientEntity->setName($clientModel->name);
if (!is_null($clientModel->redirect_uri)) {
$clientEntity->setRedirectUri($clientModel->redirect_uri);
}
return $clientEntity;
}
/**
* @param $accessToken
*
* @return AccessTokenEntity
*/
protected function getAccessTokenEntity($accessToken)
{
$accessTokenModel = $this->modelResolver->getModel('AccessTokenModel');
$accessTokenEntity = new AccessTokenEntity();
$clientRepository = new ClientRepository();
$client = $clientRepository->findClientEntity($accessToken->client_id, null, null, false);
$accessTokenEntity->setName($accessToken->name);
$accessTokenEntity->setPublicIdentifier($accessToken->{$accessTokenModel::$identifierKey});
$accessTokenEntity->setClient($client);
$accessTokenEntity->setUserIdentifier($accessToken->user_id);
$accessTokenEntity->setIdentifier($accessToken->token);
$accessTokenEntity->setExpiryDateTime($accessToken->expire_time);
$scopes = $accessToken->scopes;
if (!$accessTokenModel::$canHandleArray) {
$scopes = json_decode($scopes);
}
if (!empty($scopes)) {
$clientRepository = new ScopeRepository();
foreach ($scopes as $scope) {
$accessTokenEntity->addScope($clientRepository->getScopeEntityByIdentifier($scope));
}
}
return $accessTokenEntity;
}
/**
* Check if the auth code has been revoked.
*
* @param string $codeId
*
* @return bool Return true if this code has been revoked
*/
public function isAuthCodeRevoked($codeId)
{
$authCodeModel = $this->modelResolver->getModel('AuthCodeModel');
return !(bool) $authCodeModel::where('token', $codeId)->exists();
}