/**
* Grants access token for request
*
* @param IRequest $request
*
* @throws \OAuth2\Exception\InvalidGrantException
* @throws \OAuth2\Exception\MissingParameterException
* @throws \OAuth2\Exception\UnauthorizedClientException
* @return IAccessToken
*/
public function grant(IRequest $request)
{
if (!($refreshTokenIdentifier = $request->request('refresh_token'))) {
throw new MissingParameterException("Parameter 'refresh_token' is missing.");
}
if (!($refreshToken = $this->refreshTokenStorage->get($refreshTokenIdentifier))) {
throw new InvalidGrantException('Invalid refresh token.');
}
$client = $this->clientAuthenticator->authenticate($request);
// are clients same?
if ($client->getId() !== $refreshToken->getClient()->getId()) {
throw new InvalidGrantException('Invalid refresh token.');
}
// is client allowed to use this grant type?
if (!$client->isAllowedToUse($this)) {
throw new UnauthorizedClientException('Client can not use this grant type.');
}
$expiresAt = $refreshToken->getExpiresAt();
if ($expiresAt instanceof \DateTime) {
$expiresAt = $expiresAt->getTimestamp();
}
// is refresh token expired?
if ($expiresAt < time()) {
throw new InvalidGrantException('Refresh token has expired.');
}
// intersection of refresh token and requested scopes
$scopes = $this->scopeResolver->intersect($request->request('scope'), $refreshToken->getScopes());
return $this->accessTokenStorage->generate($refreshToken->getUser(), $refreshToken->getClient(), $scopes);
}
function it_issues_refresh_token_for_given_access_token(IRefreshTokenStorage $refreshTokenStorage, IAccessToken $accessToken, IRefreshToken $refreshToken, IUser $user, IClient $client, IScope $scope)
{
$accessToken->getUser()->willReturn($user)->shouldBeCalled();
$accessToken->getClient()->willReturn($client)->shouldBeCalled();
$accessToken->getScopes()->willReturn([$scope])->shouldBeCalled();
$refreshTokenStorage->generate($user, $client, [$scope])->willReturn($refreshToken)->shouldBeCalled();
$this->issueToken($accessToken)->shouldReturnAnInstanceOf('OAuth2\\Storage\\IRefreshToken');
}
/**
* Issues refresh token for given access token
*
* @param IAccessToken $accessToken
*
* @return \OAuth2\Storage\IRefreshToken
*/
public function issueToken(IAccessToken $accessToken)
{
$scopes = $accessToken->getScopes();
// in case of doctrine collections, etc
if ($scopes instanceof \Traversable) {
$scopes = iterator_to_array($scopes);
}
return $this->refreshTokenStorage->generate($accessToken->getUser(), $accessToken->getClient(), $scopes);
}
function it_issues_an_access_token(IRequest $request, IRefreshToken $refreshToken, IRefreshTokenStorage $refreshTokenStorage, IAccessTokenStorage $accessTokenStorage, IAccessToken $accessToken, IUser $user, IClient $client, IScope $scope1, IScope $scope2, IScopeResolver $scopeResolver, IClientAuthenticator $clientAuthenticator)
{
$scopes = [$scope1, $scope2];
$request->request('refresh_token')->willReturn('pom')->shouldBeCalled();
$refreshTokenStorage->get('pom')->willReturn($refreshToken)->shouldBeCalled();
$refreshToken->getClient()->willReturn($client)->shouldBeCalled();
$clientAuthenticator->authenticate($request)->willReturn($client)->shouldBeCalled();
$client->getId()->willReturn('test')->shouldBeCalled();
$client->isAllowedToUse($this)->willReturn(true)->shouldBeCalled();
$refreshToken->getExpiresAt()->willReturn(time() + 100)->shouldBeCalled();
$refreshToken->getScopes()->willReturn($scopes)->shouldBeCalled();
$request->request('scope')->willReturn(null)->shouldBeCalled();
$scopeResolver->intersect(null, $scopes)->willReturn($scopes)->shouldBeCalled();
$refreshToken->getUser()->willReturn($user)->shouldBeCalled();
$accessTokenStorage->generate($user, $client, $scopes)->willReturn($accessToken)->shouldBeCalled();
$this->grant($request)->shouldReturnAnInstanceOf('OAuth2\\Storage\\IAccessToken');
}
