public function testAuthorizeRedirect() { //session off $apps = \API_OAuth2_Application::load_authorized_app_by_user(self::$DI['app'], self::$DI['user']); foreach ($apps as $app) { if ($app->get_client_id() == self::$DI['oauth2-app-user']->get_client_id()) { $authorize = true; self::$DI['client']->followRedirects(); } } }
public function connect(Application $app) { $app['controller.oauth2'] = $this; $controllers = $app['controllers_factory']; $app['oauth'] = $app->share(function ($app) { return new \API_OAuth2_Adapter($app); }); /** * AUTHORIZE ENDPOINT * * Authorization endpoint - used to obtain authorization from the * resource owner via user-agent redirection. */ $authorize_func = function () use($app) { $request = $app['request']; $oauth2_adapter = $app['oauth']; $context = new Context(Context::CONTEXT_OAUTH2_NATIVE); $app['dispatcher']->dispatch(PhraseaEvents::PRE_AUTHENTICATE, new PreAuthenticate($request, $context)); //Check for auth params, send error or redirect if not valid $params = $oauth2_adapter->getAuthorizationRequestParameters($request); $app_authorized = false; $errorMessage = false; $client = \API_OAuth2_Application::load_from_client_id($app, $params['client_id']); $oauth2_adapter->setClient($client); $action_accept = $request->get("action_accept"); $action_login = $request->get("action_login"); $template = "api/auth/end_user_authorization.html.twig"; $custom_template = sprintf("%s/config/templates/web/api/auth/end_user_authorization/%s.html.twig", $app['root.path'], $client->get_id()); if (file_exists($custom_template)) { $template = sprintf('api/auth/end_user_authorization/%s.html.twig', $client->get_id()); } if (!$app['authentication']->isAuthenticated()) { if ($action_login !== null) { try { $usr_id = $app['auth.native']->getUsrId($request->get("login"), $request->get("password"), $request); if (null === $usr_id) { $app['session']->getFlashBag()->set('error', $app->trans('login::erreur: Erreur d\'authentification')); return $app->redirectPath('oauth2_authorize'); } } catch (RequireCaptchaException $e) { return $app->redirectPath('oauth2_authorize', ['error' => 'captcha']); } catch (AccountLockedException $e) { return $app->redirectPath('oauth2_authorize', ['error' => 'account-locked']); } $app['authentication']->openAccount($app['manipulator.user']->getRepository()->find($usr_id)); } return new Response($app['twig']->render($template, ["auth" => $oauth2_adapter])); } //check if current client is already authorized by current user $user_auth_clients = \API_OAuth2_Application::load_authorized_app_by_user($app, $app['authentication']->getUser()); foreach ($user_auth_clients as $auth_client) { if ($client->get_client_id() == $auth_client->get_client_id()) { $app_authorized = true; } } $account = $oauth2_adapter->updateAccount($app['authentication']->getUser()); $params['account_id'] = $account->get_id(); if (!$app_authorized && $action_accept === null) { $params = ["auth" => $oauth2_adapter, "errorMessage" => $errorMessage]; return new Response($app['twig']->render($template, $params)); } elseif (!$app_authorized && $action_accept !== null) { $app_authorized = (bool) $action_accept; $account->set_revoked(!$app_authorized); } //if native app show template if ($oauth2_adapter->isNativeApp($params['redirect_uri'])) { $params = $oauth2_adapter->finishNativeClientAuthorization($app_authorized, $params); return new Response($app['twig']->render("api/auth/native_app_access_token.html.twig", $params)); } $oauth2_adapter->finishClientAuthorization($app_authorized, $params); // As OAuth2 library already outputs response content, we need to send an empty // response to avoid breaking silex controller return ''; }; $controllers->match('/authorize', $authorize_func)->method('GET|POST')->bind('oauth2_authorize'); /** * TOKEN ENDPOINT * Token endpoint - used to exchange an authorization grant for an access token. */ $controllers->post('/token', function (\Silex\Application $app, Request $request) { if (!$request->isSecure()) { throw new HttpException(400, 'This route requires the use of the https scheme', null, ['content-type' => 'application/json']); } $app['oauth']->grantAccessToken($request); ob_flush(); flush(); // As OAuth2 library already outputs response content, we need to send an empty // response to avoid breaking silex controller return ''; }); return $controllers; }