public function testLoad_from_client_id() { $client_id = self::$DI['oauth2-app-user']->get_client_id(); $loaded = API_OAuth2_Application::load_from_client_id(self::$DI['app'], $client_id); $this->assertInstanceOf('API_OAuth2_Application', $loaded); $this->assertEquals(self::$DI['oauth2-app-user'], $loaded); }
/** * {@inheritdoc} */ public function apply(base $appbox, Application $app) { try { \API_OAuth2_Application::load_from_client_id($app, \API_OAuth2_Application_OfficePlugin::CLIENT_ID); } catch (NotFoundHttpException $e) { $client = \API_OAuth2_Application::create($app, null, \API_OAuth2_Application_OfficePlugin::CLIENT_NAME); $client->set_activated(true); $client->set_grant_password(true); $client->set_website("http://www.phraseanet.com"); $client->set_client_id(\API_OAuth2_Application_OfficePlugin::CLIENT_ID); $client->set_client_secret(\API_OAuth2_Application_OfficePlugin::CLIENT_SECRET); $client->set_type(\API_OAuth2_Application::DESKTOP_TYPE); $client->set_redirect_uri(\API_OAuth2_Application::NATIVE_APP_REDIRECT_URI); } return true; }
public function connect(Application $app) { $app['controller.oauth2'] = $this; $controllers = $app['controllers_factory']; $app['oauth'] = $app->share(function ($app) { return new \API_OAuth2_Adapter($app); }); /** * AUTHORIZE ENDPOINT * * Authorization endpoint - used to obtain authorization from the * resource owner via user-agent redirection. */ $authorize_func = function () use($app) { $request = $app['request']; $oauth2_adapter = $app['oauth']; $context = new Context(Context::CONTEXT_OAUTH2_NATIVE); $app['dispatcher']->dispatch(PhraseaEvents::PRE_AUTHENTICATE, new PreAuthenticate($request, $context)); //Check for auth params, send error or redirect if not valid $params = $oauth2_adapter->getAuthorizationRequestParameters($request); $app_authorized = false; $errorMessage = false; $client = \API_OAuth2_Application::load_from_client_id($app, $params['client_id']); $oauth2_adapter->setClient($client); $action_accept = $request->get("action_accept"); $action_login = $request->get("action_login"); $template = "api/auth/end_user_authorization.html.twig"; $custom_template = sprintf("%s/config/templates/web/api/auth/end_user_authorization/%s.html.twig", $app['root.path'], $client->get_id()); if (file_exists($custom_template)) { $template = sprintf('api/auth/end_user_authorization/%s.html.twig', $client->get_id()); } if (!$app['authentication']->isAuthenticated()) { if ($action_login !== null) { try { $usr_id = $app['auth.native']->getUsrId($request->get("login"), $request->get("password"), $request); if (null === $usr_id) { $app['session']->getFlashBag()->set('error', $app->trans('login::erreur: Erreur d\'authentification')); return $app->redirectPath('oauth2_authorize'); } } catch (RequireCaptchaException $e) { return $app->redirectPath('oauth2_authorize', ['error' => 'captcha']); } catch (AccountLockedException $e) { return $app->redirectPath('oauth2_authorize', ['error' => 'account-locked']); } $app['authentication']->openAccount($app['manipulator.user']->getRepository()->find($usr_id)); } return new Response($app['twig']->render($template, ["auth" => $oauth2_adapter])); } //check if current client is already authorized by current user $user_auth_clients = \API_OAuth2_Application::load_authorized_app_by_user($app, $app['authentication']->getUser()); foreach ($user_auth_clients as $auth_client) { if ($client->get_client_id() == $auth_client->get_client_id()) { $app_authorized = true; } } $account = $oauth2_adapter->updateAccount($app['authentication']->getUser()); $params['account_id'] = $account->get_id(); if (!$app_authorized && $action_accept === null) { $params = ["auth" => $oauth2_adapter, "errorMessage" => $errorMessage]; return new Response($app['twig']->render($template, $params)); } elseif (!$app_authorized && $action_accept !== null) { $app_authorized = (bool) $action_accept; $account->set_revoked(!$app_authorized); } //if native app show template if ($oauth2_adapter->isNativeApp($params['redirect_uri'])) { $params = $oauth2_adapter->finishNativeClientAuthorization($app_authorized, $params); return new Response($app['twig']->render("api/auth/native_app_access_token.html.twig", $params)); } $oauth2_adapter->finishClientAuthorization($app_authorized, $params); // As OAuth2 library already outputs response content, we need to send an empty // response to avoid breaking silex controller return ''; }; $controllers->match('/authorize', $authorize_func)->method('GET|POST')->bind('oauth2_authorize'); /** * TOKEN ENDPOINT * Token endpoint - used to exchange an authorization grant for an access token. */ $controllers->post('/token', function (\Silex\Application $app, Request $request) { if (!$request->isSecure()) { throw new HttpException(400, 'This route requires the use of the https scheme', null, ['content-type' => 'application/json']); } $app['oauth']->grantAccessToken($request); ob_flush(); flush(); // As OAuth2 library already outputs response content, we need to send an empty // response to avoid breaking silex controller return ''; }); return $controllers; }
protected function checkUserCredentials($client_id, $username, $password) { try { $this->setClient(API_OAuth2_Application::load_from_client_id($this->app, $client_id)); $usr_id = $this->app['auth.native']->getUsrId($username, $password, Request::createFromGlobals()); if (!$usr_id) { return false; } if (null === ($user = $this->app['manipulator.user']->getRepository()->find($usr_id))) { return false; } $account = $this->updateAccount($user); return ['redirect_uri' => $this->client->get_redirect_uri(), 'client_id' => $this->client->get_client_id(), 'account_id' => $account->get_id()]; } catch (AccountLockedException $e) { return false; } catch (RequireCaptchaException $e) { return false; } catch (\Exception $e) { return false; } }
public function testCheckNativeApp() { $value = self::$DI['app']['conf']->get(['registry', 'api-clients', 'navigator-enabled']); self::$DI['app']['conf']->set(['registry', 'api-clients', 'navigator-enabled'], false); $fail = null; try { $nativeApp = \API_OAuth2_Application::load_from_client_id(self::$DI['app'], \API_OAuth2_Application_Navigator::CLIENT_ID); $account = \API_OAuth2_Account::create(self::$DI['app'], self::$DI['user'], $nativeApp); $token = $account->get_token()->get_value(); $this->setToken($token); self::$DI['client']->request('GET', '/api/v1/databoxes/list/', $this->getParameters(), [], ['HTTP_Accept' => $this->getAcceptMimeType()]); $content = $this->unserialize(self::$DI['client']->getResponse()->getContent()); if (403 != $content['meta']['http_code']) { $fail = new \Exception('Result does not match expected 403, returns ' . $content['meta']['http_code']); } } catch (\Exception $e) { $fail = $e; } self::$DI['app']['conf']->set(['registry', 'api-clients', 'navigator-enabled'], false); if ($fail) { throw $fail; } }