public function __construct(GrantDecision $grantDecision)
{
if ($grantDecision->isAllowed()) {
throw new \LogicException('Could not construct FailedTokenRequestResult with an allowed GrantDecision');
}
$this->grantDecision = $grantDecision;
}
public function __construct(GrantDecision $grantDecision, AccessToken $accessToken, RefreshToken $refreshToken = null)
{
if ($grantDecision->isDenied()) {
throw new \LogicException('Could not construct SuccessfulTokenRequestResult with a denied GrantDecision');
}
$this->grantDecision = $grantDecision;
$this->accessToken = $accessToken;
$this->refreshToken = $refreshToken;
}
private function buildAccessToken(TokenRequestAttempt $tokenRequestAttempt, GrantDecision $grantDecision)
{
if ($grantDecision->isDenied()) {
throw new \LogicException('Unable to build an access token with a denied decision');
}
$token = $this->configuration->getTokenGenerator()->generate(['length' => $this->configuration->getAccessTokenLength()]);
$expiresAt = new \DateTime('now', new \DateTimeZone('UTC'));
$expiresAt->add(\DateInterval::createFromDateString(sprintf("%d seconds", $this->configuration->getAccessTokenTTL())));
$accessToken = new AccessToken($token, \DateTimeImmutable::createFromMutable($expiresAt), $tokenRequestAttempt->getInputData()->getClientId(), $grantDecision->getResourceOwner(), []);
$this->accessTokenStorage->save($accessToken);
return $accessToken;
}
public function grant(TokenRequestAttempt $tokenRequestAttempt)
{
GrantTypeUtils::ensureRequestedGrantTypeIsSupported($this, $tokenRequestAttempt);
try {
GrantTypeUtils::ensureInputDataAreValid($this, $tokenRequestAttempt);
} catch (MissingOrInvalidInputData $e) {
return GrantDecision::denied(GrantError::invalidRequest($e->getMessage()));
}
$inputData = $tokenRequestAttempt->getInputData();
$username = $inputData['username'];
$plainTextPassword = $inputData['password'];
try {
$userAccount = $this->userProvider->loadUserByUsername($username);
$isPasswordValid = $this->passwordEncoder->isPasswordValid($userAccount->getPassword(), $plainTextPassword, $userAccount->getSalt());
if ($isPasswordValid) {
$decision = GrantDecision::allowed(new ResourceOwner($userAccount->getUsername(), get_class($userAccount)));
} else {
$decision = GrantDecision::denied(GrantError::accessDenied('Invalid credentials'));
}
} catch (UsernameNotFoundException $e) {
$decision = GrantDecision::denied(GrantError::accessDenied('Invalid credentials'));
} catch (\Exception $e) {
$decision = GrantDecision::denied(GrantError::serverError('Unknown error'));
}
return $decision;
}
public function grant(TokenRequestAttempt $tokenRequestAttempt)
{
GrantTypeUtils::ensureRequestedGrantTypeIsSupported($this, $tokenRequestAttempt);
try {
GrantTypeUtils::ensureInputDataAreValid($this, $tokenRequestAttempt);
} catch (MissingOrInvalidInputData $e) {
return GrantDecision::denied(GrantError::invalidRequest($e->getMessage()));
}
if (true === $this->clientAuthenticator->isClientValid($tokenRequestAttempt->getInputData()->getClientId(), $tokenRequestAttempt->getInputData()->getClientSecret())) {
return GrantDecision::allowed();
}
return GrantDecision::denied(GrantError::accessDenied());
}
public function grant(TokenRequestAttempt $tokenRequestAttempt)
{
GrantTypeUtils::ensureRequestedGrantTypeIsSupported($this, $tokenRequestAttempt);
try {
GrantTypeUtils::ensureInputDataAreValid($this, $tokenRequestAttempt);
} catch (MissingOrInvalidInputData $e) {
return GrantDecision::denied(GrantError::invalidRequest($e->getMessage()));
}
try {
$refreshToken = $this->refreshTokenStorage->findByToken($tokenRequestAttempt->getInputData()->getRefreshToken());
if ($refreshToken->isRevoked()) {
return GrantDecision::denied(GrantError::accessDenied());
}
if ($this->revokeRefreshTokenWhenUsed) {
$refreshToken->revoke();
$this->refreshTokenStorage->save($refreshToken);
}
return GrantDecision::allowed(new ResourceOwner($refreshToken->getAssociatedAccessToken()->getResourceOwner()->getResourceOwnerId(), $refreshToken->getAssociatedAccessToken()->getResourceOwner()->getResourceOwnerType()));
} catch (RefreshTokenNotFound $e) {
return GrantDecision::denied(GrantError::accessDenied());
}
}
