public function grant(TokenRequestAttempt $tokenRequestAttempt) { GrantTypeUtils::ensureRequestedGrantTypeIsSupported($this, $tokenRequestAttempt); try { GrantTypeUtils::ensureInputDataAreValid($this, $tokenRequestAttempt); } catch (MissingOrInvalidInputData $e) { return GrantDecision::denied(GrantError::invalidRequest($e->getMessage())); } $inputData = $tokenRequestAttempt->getInputData(); $username = $inputData['username']; $plainTextPassword = $inputData['password']; try { $userAccount = $this->userProvider->loadUserByUsername($username); $isPasswordValid = $this->passwordEncoder->isPasswordValid($userAccount->getPassword(), $plainTextPassword, $userAccount->getSalt()); if ($isPasswordValid) { $decision = GrantDecision::allowed(new ResourceOwner($userAccount->getUsername(), get_class($userAccount))); } else { $decision = GrantDecision::denied(GrantError::accessDenied('Invalid credentials')); } } catch (UsernameNotFoundException $e) { $decision = GrantDecision::denied(GrantError::accessDenied('Invalid credentials')); } catch (\Exception $e) { $decision = GrantDecision::denied(GrantError::serverError('Unknown error')); } return $decision; }
public function grant(TokenRequestAttempt $tokenRequestAttempt) { GrantTypeUtils::ensureRequestedGrantTypeIsSupported($this, $tokenRequestAttempt); try { GrantTypeUtils::ensureInputDataAreValid($this, $tokenRequestAttempt); } catch (MissingOrInvalidInputData $e) { return GrantDecision::denied(GrantError::invalidRequest($e->getMessage())); } if (true === $this->clientAuthenticator->isClientValid($tokenRequestAttempt->getInputData()->getClientId(), $tokenRequestAttempt->getInputData()->getClientSecret())) { return GrantDecision::allowed(); } return GrantDecision::denied(GrantError::accessDenied()); }
public function grant(TokenRequestAttempt $tokenRequestAttempt) { GrantTypeUtils::ensureRequestedGrantTypeIsSupported($this, $tokenRequestAttempt); try { GrantTypeUtils::ensureInputDataAreValid($this, $tokenRequestAttempt); } catch (MissingOrInvalidInputData $e) { return GrantDecision::denied(GrantError::invalidRequest($e->getMessage())); } try { $refreshToken = $this->refreshTokenStorage->findByToken($tokenRequestAttempt->getInputData()->getRefreshToken()); if ($refreshToken->isRevoked()) { return GrantDecision::denied(GrantError::accessDenied()); } if ($this->revokeRefreshTokenWhenUsed) { $refreshToken->revoke(); $this->refreshTokenStorage->save($refreshToken); } return GrantDecision::allowed(new ResourceOwner($refreshToken->getAssociatedAccessToken()->getResourceOwner()->getResourceOwnerId(), $refreshToken->getAssociatedAccessToken()->getResourceOwner()->getResourceOwnerType())); } catch (RefreshTokenNotFound $e) { return GrantDecision::denied(GrantError::accessDenied()); } }