/** * Retrieves the currently authenticate user's username. * * @return User * * @throws InvalidRequestException * @throws AccessDeniedException */ public function getCurrentUser() { $this->server->isValidRequest(); // Choooo chooo!! $ownerId = $this->server->getAccessToken()->getSession()->getOwnerId(); return $this->speakerRepository->findById($ownerId); }
/** * Register the Resource Server * * @return void */ private function resource() { $this->app->singleton('League\\OAuth2\\Server\\ResourceServer', function ($app) { $server = new ResourceServer(new SessionStorage($app->make('db')), new AccessTokenStorage($app->make('db')), new ClientStorage($app->make('db')), new ScopeStorage($app->make('db'))); $server->setRequest($app['request']); return $server; }); }
/** * Handle an incoming request * * @param Request $request * @param Closure $next * @return Response */ public function handle($request, Closure $next) { try { $this->server->isValidRequest(); return $next($request); } catch (OAuthException $e) { return new JsonResponse(['error' => $e->errorType, 'message' => $e->getMessage()], $e->httpStatusCode, $e->getHttpHeaders()); } }
/** * Handle an incoming request * * @param Request $request * @param Closure $next * * @return Response */ public function handle($request, Closure $next) { try { $this->server->isValidRequest(); return $next($request); } catch (OAuthException $e) { $error = $e->errorType; $message = $e->getMessage(); return response()->json(compact('error', 'message'), $e->httpStatusCode, $e->getHttpHeaders()); } }
public function createToken(Request $request, $providerKey) { $this->resourceServer->setRequest($request); try { $accessToken = $this->resourceServer->determineAccessToken(true); } catch (InvalidRequestException $e) { // skip OAuth authentication return null; } return new PreAuthenticatedToken('anon.', $accessToken, $providerKey); }
/** * @param ServerRequestInterface $request * @param ResponseInterface $response * @param callable $next * * @return \Psr\Http\Message\ResponseInterface */ public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next) { try { $request = $this->server->validateAuthenticatedRequest($request); } catch (OAuthServerException $exception) { return $exception->generateHttpResponse($response); // @codeCoverageIgnoreStart } catch (\Exception $exception) { return (new OAuthServerException($exception->getMessage(), 0, 'unknown_error', 500))->generateHttpResponse($response); // @codeCoverageIgnoreEnd } // Pass the request and response on to the next responder in the chain return $next($request, $response); }
public function getUser(Request $request) { try { $this->Server->isValidRequest(true, $request->query('access_token')); $ownerModel = $this->Server->getAccessToken()->getSession()->getOwnerType(); $ownerId = $this->Server->getAccessToken()->getSession()->getOwnerId(); $event = new Event('OAuthServer.getUser', $request, [$ownerModel, $ownerId]); EventManager::instance()->dispatch($event); if ($event->result) { return $event->result; } else { $model = TableRegistry::get($ownerModel); return $model->get($ownerId)->toArray(); } } catch (OAuthException $e) { $this->_exception = $e; return false; } }
/** * Save the session * * @return void */ public function save() { // Save the session and get an identifier $id = $this->server->getSessionStorage()->create($this->getOwnerType(), $this->getOwnerId(), $this->getClient()->getId(), $this->getClient()->getRedirectUri()); $this->setId($id); // Associate the scope with the session foreach ($this->getScopes() as $scope) { $this->server->getSessionStorage()->associateScope($this, $scope); } }
/** * @param mixed $element * @throws AbortException */ public final function checkRequirements($element) { if (!$element instanceof ComponentReflection) { return; } $request = $this->createServerRequest(); $response = $this->createResponse(); try { $request = $this->resourceServer->validateAuthenticatedRequest($request); } catch (OAuthServerException $e) { $this->sendResponse($e->generateHttpResponse($response)); } catch (\Exception $e) { if ($this->logger) { $this->logger->error($e->getMessage(), ['exception' => $e]); } $body = $this->createStream(); $body->write('Unknown error'); $this->sendResponse($response->withStatus(IResponse::S500_INTERNAL_SERVER_ERROR)->withBody($body)); } $this->onAuthorized($request); }
function it_validates_an_access_token(ResourceServer $checker) { $checker->isValidRequest(false, null)->shouldBeCalled(); $this->validateAccessToken(false, null); }
/** * Constructor * * The constructor does nothing by default but can be passed a boolean * variable to tell it to automatically run the __default() method. This is * typically used when a module is called outside of the scope of the * controller (the registration page calls the login page in this manner. */ public function __construct($uids = false) { parent::__construct(); $this->uids = $uids; $method = $_SERVER['REQUEST_METHOD']; try { // Checks if auth flag is explicity true or true for the method if ($this->auth === true || isset($this->auth[$method]) && $this->auth[$method]) { if (isset($this->config['oauth'][$_SERVER['__version']])) { $server = new ResourceServer(new SessionStorage(), new AccessTokenStorage(), new ClientStorage(), new ScopeStorage()); $server->isValidRequest(); } else { throw new \Exception('Authentication is not configured properly.', 401); } } // Hacks together some new globals if (in_array($method, ['PUT', 'DELETE'])) { $GLOBALS['_' . $method] = []; // @todo Populate it } $filter = isset($this->filter[$method]); $validate = isset($this->validate[$method]); if ($filter || $validate) { $global =& $GLOBALS['_' . $method]; // Checks that the required parameters are present // @todo Add in support for uid:* variables if ($validate) { $variables = []; foreach ($this->validate[$method] as $variable => $rules) { if (!is_array($rules)) { $variable = $rules; } $variables[] = $variable; } $missing_variables = array_diff($variables, array_keys($global)); if ($missing_variables !== array()) { foreach ($missing_variables as $variable) { $this->errors[$variable][] = 'The ' . $variable . ' parameter is required.'; } } } foreach ($global as $variable => $value) { // Applies any filters if ($filter && isset($this->filter[$method][$variable])) { $function = $this->filter[$method][$variable]; if ($function == 'password_hash') { $global[$variable] = password_hash($value, PASSWORD_DEFAULT); } else { $global[$variable] = $function($value); } } if ($validate && isset($this->validate[$method][$variable])) { $rules = $this->validate[$method][$variable]; if (is_array($rules)) { if (isset($global[$variable]) && !String::isEmpty($global[$variable])) { if (is_array($rules)) { foreach ($rules as $rule => $message) { $rule = explode(':', $rule); for ($i = 1; $i <= 2; $i++) { if (!isset($rule[$i])) { $rule[$i] = false; } } switch ($rule[0]) { // {{{ Checks using filter_var() case 'filter': switch ($rule[1]) { case 'boolean': case 'email': case 'float': case 'int': case 'ip': case 'url': $filter = constant('FILTER_VALIDATE_' . strtoupper($rule[1])); if (!filter_var($value, $filter)) { $this->errors[$variable][] = $message; } break; default: $this->errors[$variable] = 'Invalid filter, expecting boolean, email, float, int, ip or url.'; break; } break; // }}} // {{{ Checks using strlen() // }}} // {{{ Checks using strlen() case 'length': $length = strlen($value); switch ($rule[1]) { case '<': $valid = $length < $rule[2]; break; case '<=': $valid = $length <= $rule[2]; break; case '==': $valid = $length == $rule[2]; break; case '!=': $valid = $length != $rule[2]; break; case '>=': $valid = $length >= $rule[2]; break; case '>': $valid = $length > $rule[2]; break; default: $valid = false; $message = 'Invalid operator, expecting <, <=, ==, !=, >= or >.'; break; } if (!$valid) { $this->errors[$variable][] = $message; } break; // }}} // {{{ Checks using preg_match() // }}} // {{{ Checks using preg_match() case 'regex': if (preg_match($rule[1], $value)) { $this->errors[$variable][] = $message; } break; // }}} // @todo case 'alpha': // @todo case 'alphanumeric': // @todo case 'date': // @todo case 'range': } } } } } } } // if PUT or DELETE, need to update the super globals directly as // they do not stay in sync. Probably need to make them global in // this class method // // $_PUT = $GLOBALS['_PUT']; } if ($this->errors) { throw new \Exception('Missing or invalid parameters.', 400); } parent::__construct(); // Checks if the request method has been implemented if (get_class($this) != 'Pickles\\Resource') { if (!method_exists($this, $method)) { throw new \Exception('Method not allowed.', 405); } else { // Starts a timer before the resource is executed if ($this->config['profiler']) { $timer = get_class($this) . '->' . $method . '()'; Profiler::timer($timer); } $this->response = $this->{$method}(); // Stops the resource timer if ($this->config['profiler']) { Profiler::timer($timer); } } } } catch (\Exception $e) { $code = $e->getCode(); // Anything below 200 is probably a PHP error if ($code < 200) { $code = 500; } $this->status = $code; $this->message = $e->getMessage(); } }
/** * Set the token type to use. * * @param \League\OAuth2\Server\TokenType\TokenTypeInterface $tokenType */ public function setTokenType(TokenTypeInterface $tokenType) { $this->issuer->setTokenType($tokenType); $this->checker->setTokenType($tokenType); }
<?php use League\OAuth2\Server\ResourceServer; use Orno\Http\Exception\NotFoundException; use Orno\Http\Request; use Orno\Http\Response; use RelationalExample\Model; use RelationalExample\Storage; include __DIR__ . '/vendor/autoload.php'; // Set up the OAuth 2.0 resource server $sessionStorage = new Storage\SessionStorage(); $accessTokenStorage = new Storage\AccessTokenStorage(); $clientStorage = new Storage\ClientStorage(); $scopeStorage = new Storage\ScopeStorage(); $server = new ResourceServer($sessionStorage, $accessTokenStorage, $clientStorage, $scopeStorage); // Routing setup $request = (new Request())->createFromGlobals(); $router = new \Orno\Route\RouteCollection(); // GET /tokeninfo $router->get('/tokeninfo', function (Request $request) use($server) { $accessToken = $server->getAccessToken(); $session = $server->getSessionStorage()->getByAccessToken($accessToken); $token = ['owner_id' => $session->getOwnerId(), 'owner_type' => $session->getOwnerType(), 'access_token' => $accessToken, 'client_id' => $session->getClient()->getId(), 'scopes' => $accessToken->getScopes()]; return new Response(json_encode($token)); }); // GET /users $router->get('/users', function (Request $request) use($server) { $results = (new Model\Users())->get(); $users = []; foreach ($results as $result) { $user = ['username' => $result['username'], 'name' => $result['name']];
$sessionStorage = new Storage\SessionStorage(); $accessTokenStorage = new Storage\AccessTokenStorage(); $clientStorage = new Storage\ClientStorage(); $scopeStorage = new Storage\ScopeStorage(); $refreshTokenStorage = new Storage\RefreshTokenStorage(); $authorizationServer = new \League\OAuth2\Server\AuthorizationServer(); $authorizationServer->setSessionStorage($sessionStorage); $authorizationServer->setAccessTokenStorage($accessTokenStorage); $authorizationServer->setClientStorage($clientStorage); $authorizationServer->setScopeStorage($scopeStorage); $authorizationServer->setRefreshTokenStorage($refreshTokenStorage); //$clientCredentials = new \League\OAuth2\Server\Grant\ClientCredentialsGrant(); //$server->addGrantType($clientCredentials); $refreshTokenGrant = new \League\OAuth2\Server\Grant\RefreshTokenGrant(); $authorizationServer->addGrantType($refreshTokenGrant); $resourceServer = new ResourceServer($sessionStorage, $accessTokenStorage, $clientStorage, $scopeStorage, $refreshTokenStorage); $passwordGrant = new \League\OAuth2\Server\Grant\PasswordGrant(); $authorizationServer->addGrantType($passwordGrant); $passwordGrant->setVerifyCredentialsCallback(function ($username, $password) use($app) { // implement logic here to validate a username and password, return an ID if valid, otherwise return false $host = new Host(); $valid = $host->oauth2Login($username, $password); if ($valid !== false) { return $valid; } else { $app->halt(401, 'Unauthorized. The user credentials were incorrect.'); } }); $authorize = function () use($resourceServer) { return function () use($resourceServer) { //401 = Unauthorized
/** * @return string */ public function getClientId() { return $this->resourceServer->getAccessToken()->getSession()->getClient()->getId(); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @param string $scope * @return mixed */ public function handle(Request $request, Closure $next, $scope = '') { // Set up the OAuth 2.0 resource server $server = new ResourceServer(new SessionStorage(), new AccessTokenStorage(), new ClientStorage(), new ScopeStorage()); $isError = false; try { // Check that access token is present $server->isValidRequest(); } catch (OAuthException $e) { // Catch an OAuth exception $response = new Response(['error' => $e->errorType, 'message' => $e->getMessage()], $e->httpStatusCode, $e->getHttpHeaders()); $isError = true; } catch (\Exception $e) { $response = new Response(['error' => $e->getCode(), 'message' => $e->getMessage()], 500, []); $isError = true; } if (!$isError) { // Get session info $session = $server->getSessionStorage()->getByAccessToken($server->getAccessToken()); if (!$session instanceof SessionEntity) { $isError = true; } } if (!$isError) { // Get user info $user = null; if ($session->getOwnerType() === 'user') { $user = User::find($session->getOwnerId()); if (!$user instanceof User) { $isError = true; } } } if (!$isError) { // Get client info $client = $server->getClientStorage()->getCompleteBySession($session); if (!$client instanceof ClientEntity) { $isError = true; } } if (!$isError) { // Get scopes info $scopes = $session->getScopes(); if (!empty($scope)) { $isScopeFound = false; if (!is_null($scopes) && is_array($scopes)) { foreach ($scopes as $scopeEntity) { if ($scopeEntity->getId() === $scope) { $isScopeFound = true; break; } } } if (!$isScopeFound) { $response = new Response(['error' => 'invalid_client', 'message' => 'Client authentication failed.'], 401); $isError = true; } } } if ($isError) { $response->headers->set('Content-type', 'application/json'); return $response; } else { // Put the identified client & scopes into request // for further app process $request->merge(['identified_oauth' => ['client' => $client, 'user' => $user, 'scopes' => $scopes]]); } return $next($request); }
/** * The route responsible for giving user information * * @param Router $router * @param ResourceServer $resourceServer * @return \Response */ private function userDetailsRoute(Router $router, ResourceServer $resourceServer) { $router->get(Config::get('laravel-oauth2-server.user_details_path'), function () use($resourceServer) { try { $accessToken = new AccessTokenEntity($resourceServer); $accessToken->setId(Request::input('access_token')); $resourceServer->isValidRequest(false, $accessToken); $session = $resourceServer->getSessionStorage()->getByAccessToken($accessToken); if (!($session->getOwnerType() === 'user' && $resourceServer->getAccessToken()->hasScope('uid'))) { throw new AccessDeniedException(); } return response()->json(['id' => $session->getOwnerId()]); } catch (InvalidRequestException $ire) { return response()->json(['error' => $ire->getCode(), 'message' => $ire->getMessage()], $ire->httpStatusCode); } catch (AccessDeniedException $acd) { return response()->json(['error' => $acd->getCode(), 'message' => $acd->getMessage()], $acd->httpStatusCode); } catch (Exception $e) { return response()->json(['error' => $e->getCode(), 'message' => $e->getMessage()], 500); } }); }
/** * @param ResourceServer $resourceServer * @param EmitterInterface $emitter * @param string $ownerId */ private function resourceServerWillReturnOwnerId(ResourceServer $resourceServer, EmitterInterface $emitter, $ownerId) { $resourceServer->getEventEmitter()->willReturn($emitter); $sessionEntity = new SessionEntity($resourceServer->getWrappedObject()); $sessionEntity->setOwner('user', $ownerId); $accessTokenEntity = new AccessTokenEntity($resourceServer->getWrappedObject()); $accessTokenEntity->setSession($sessionEntity); $resourceServer->getAccessToken()->willReturn($accessTokenEntity); }