/** * Given a client, grant type and optional user identifier validate the set of scopes requested are valid and optionally * append additional scopes or remove requested scopes. * * @param ScopeEntityInterface[] $scopes * @param string $grantType * @param \League\OAuth2\Server\Entities\ClientEntityInterface $clientEntity * @param null|string $userIdentifier * * @return \League\OAuth2\Server\Entities\ScopeEntityInterface[] */ public function finalizeScopes(array $scopes, $grantType, ClientEntityInterface $clientEntity, $userIdentifier = null) { $scopeModel = $this->modelResolver->getModel('ScopeModel'); $clientModel = $this->modelResolver->getModel('ClientModel'); $clientModel = $clientModel::byIdentifier($clientEntity->getIdentifier())->first(); if (is_null($clientModel)) { return []; } $scopes = array_map(function ($scopes) { return $scopes->getIdentifier(); }, $scopes); $validScopes = $scopeModel::byIdentifierIn($scopes)->get()->pluck($scopeModel::$identifierKey); $validScopes = collect($validScopes); if (!empty($clientModel->scopes)) { $clientScopes = $clientModel->scopes; if (!$clientModel::$canHandleArray) { $clientScopes = json_decode($clientScopes); } $validScopes = $validScopes->intersect($clientScopes); } $validScopeEntities = []; foreach ($validScopes as $validScope) { $scopeEntity = new ScopeEntity(); $scopeEntity->setIdentifier($validScope); $validScopeEntities[] = $scopeEntity; } return $validScopeEntities; }
/** * Given a client, grant type and optional user identifier validate the set of scopes requested are valid and optionally * append additional scopes or remove requested scopes. * * @param array<ScopeEntityInterface> $scopes * @param string $grantType * @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $clientEntity * @param string $userIdentifier * * @return array<\League\OAuth2\Server\Entities\Interfaces\ScopeEntityInterface> **/ public function finalizeScopes(array $scopes, $grantType, ClientEntityInterface $clientEntity, $userIdentifier = null) { $builder = (new Builder())->columns(['Scope.id'])->addFrom(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\Scope::class, 'Scope'); $scopesIdentifiers = []; foreach ($scopes as $scope) { $scopesIdentifiers[] = $scope->getIdentifier(); } $builder->inWhere('Scope.id', $scopesIdentifiers); if ($this->getConfig()->limit_scopes_to_grants === true) { $builder->innerJoin(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\GrantScope::class, 'GrantScope.scope_id = Scope.id', 'GrantScope')->innerJoin(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\Grant::class, 'Grant.id = GrantScope.grant_id', 'Grant')->andWhere('Grant.id = :grantType:', compact('grantType')); } if ($this->getConfig()->limit_clients_to_scopes === true) { $builder->innerJoin(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\ClientScope::class, 'ClientScope.scope_id = Scope.id', 'ClientScope')->innerJoin(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\Client::class, 'Client.id = ClientScope.client_id', 'Client')->andWhere('Client.id = :client_id:', ['client_id' => $clientEntity->getIdentifier()]); } if ($this->getConfig()->limit_users_to_scopes === true) { $builder->innerJoin(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\UserScope::class, 'UserScope.scope_id = Scope.id', 'UserScope')->innerJoin(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\User::class, 'User.id = UserScope.user_id', 'User')->AndWhere('User.id = :userIdentifier:', compact('userIdentifier')); } $query = $builder->getQuery(); $result = $query->execute(); if (!$result || $result->count() <= 0) { $scope = current($scopes); throw OAuthServerException::invalidScope($scope->getIdentifier()); } $entities = []; foreach ($result as $scope) { $entity = new ScopeEntity(); $entity->setIdentifier($scope->id); $entities[] = $entity; } return $entities; }
public function getUserEntityByUserCredentials($username, $password, $grantType, ClientEntityInterface $clientEntity) { $builder = (new Builder())->columns(['User.id', 'User.username', 'User.password'])->addFrom(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\User::class, 'User')->where('User.username = :username:'******'username'))->limit(1); if ($this->getConfig()->limit_users_to_clients === true) { $builder->innerJoin(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\UserClient::class, 'UserClient.user_id = User.id', 'UserClient')->innerJoin(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\Client::class, 'Client.id = UserClient.client_id', 'Client')->andWhere('Client.id = :client_id:', ['client_id' => $clientEntity->getIdentifier()]); } if ($this->getConfig()->limit_users_to_grants === true) { $builder->innerJoin(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\UserGrant::class, 'UserGrant.user_id = User.id', 'UserGrant')->innerJoin(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\Grant::class, 'Grant.id = UserGrant.grant_id', 'Grant')->andWhere('Grant.id = :grantType:', compact('grantType')); } $query = $builder->getQuery(); $result = $query->getSingleResult(); if (!$result) { throw OAuthServerException::invalidCredentials(); } $security = new Security(); if ($security->checkHash($password, $result->password) !== true) { throw OAuthServerException::invalidCredentials(); } $user = new UserEntity(); $user->setIdentifier($result->id); return $user; }
/** * @param \League\OAuth2\Server\Entities\ScopeEntityInterface[] $scopes * @param string $grantType * @param ClientEntityInterface $clientEntity * @param null $userIdentifier|string * @return \League\OAuth2\Server\Entities\ScopeEntityInterface[] */ public function finalizeScopes(array $scopes, $grantType, ClientEntityInterface $clientEntity, $userIdentifier = null) { $scopesId = []; foreach ($scopes as $item) { $scopesId[] = $item->getIdentifier(); } $query = ScopesModel::findByScopeId($scopesId); ScopesModel::findByGrantId($grantType, $query); ScopesModel::findByClientId($clientEntity->getIdentifier(), $query); if ($userIdentifier) { ScopesModel::findByUserId($userIdentifier, $query); } $result = $query->all(); $entitys = []; foreach ($result as $item) { foreach ($scopes as $key => $scope) { if ($item->id == $scope->getIdentifier()) { $entitys[$key] = $scope; } } } return $entitys; }