コード例 #1
0
ファイル: token.php プロジェクト: jupix/laravel-oauth2-server
 public static function generateAccessToken($clientID)
 {
     $refresh = new Token();
     $refresh->code = static::generateEntropy();
     $refresh->type = 2;
     $refresh->client_id = $clientID;
     $refresh->expiry = time() + Config::get("oauth2-sp::oauth2.access_lifetime");
     $refresh->save();
     $r = new Token();
     $r->code = static::generateEntropy();
     $r->type = 1;
     $r->client_id = $clientID;
     $r->refresh = $refresh->code;
     $r->expiry = time() + Config::get("oauth2-sp::oauth2.access_lifetime");
     $r->save();
     return $r;
 }
コード例 #2
0
 public function grantAccessToken($params = array())
 {
     if (empty($params['grant_type'])) {
         return Event::until("oauth2.error.json", array("", "400:invalid_request"));
     }
     if (!isset($params['scope'])) {
         $params['scope'] = "";
     }
     /* if (!in_array($params['scope'], OAuth2\Models\Scope::listScopes())) {
     			return Event::until("oauth2.error.json",array("","400:invalid_request"));
     		} */
     // Find the user
     $userData = $this->getClientCredentials();
     if (!$userData) {
         return Event::until("oauth2.error.json", array("", "400:invalid_client"));
     }
     // Poll the user auth system to see if the client is there
     $client = Event::until("oauth2.login." . $userData[0], array($userData[1], $userData[2]));
     if (empty($client) || !$client instanceof OAuth2\Models\Client) {
         if (!empty($client) && $client instanceof Response) {
             return $client;
         } else {
             return Event::until("oauth2.error.json", array("", "400:invalid_client"));
         }
     }
     $requestedScopes = array();
     $scopes = explode(" ", $params['scope']);
     foreach ($scopes as $v) {
         $scopeName = urldecode($v);
         if (!empty($scopeName)) {
             $s = OAuth2\Models\Scope::where("name", "=", $scopeName)->first();
             if (!$s) {
                 return Event::until("oauth2.error.json", array("", "400:invalid_scope"));
             }
             $requestedScopes[] = $s;
         }
     }
     $clientScopes = $client->scopes()->get();
     foreach ($requestedScopes as $v) {
         if (!empty($v)) {
             foreach ($clientScopes as $clientScope) {
                 if ($v->id == $clientScope->id) {
                     continue 2;
                 }
             }
             return Event::until("oauth2.error.json", array("", "400:invalid_scope"));
         }
     }
     // We have a valid client and request. Do the granting
     switch ($params['grant_type']) {
         case "authorization_code":
             if (empty($params['code']) || empty($params['redirect_uri'])) {
                 return Event::until("oauth2.error.json", array("", "400:invalid_request"));
             }
             $token = OAuth2\Models\Token::where("code", "=", $params['code'])->where("type", "=", 3)->where("client_id", "=", $client->id)->first();
             if (!$token) {
                 return Event::until("oauth2.error.json", array("", "400:invalid_grant"));
             }
             if (empty($params['redirect_uri'])) {
                 $params['redirect_uri'] = $client->redirect;
             }
             if (substr($params['redirect_uri'], 0, strlen($client->redirect)) !== $client->redirect) {
                 return Event::until("oauth2.error.json", array("", "400:invalid_request"));
             }
             if ($token->hasExpired()) {
                 return Event::until("oauth2.error.json", array("", "400:expired_token"));
             }
             switch (Config::get("oauth2-sp::oauth2.mode", "flexible")) {
                 case "strict":
                     $tokenScopes = 0;
                     $totalScopes = 0;
                     foreach ($token->scopes()->get() as $v) {
                         $totalScopes++;
                         foreach ($requestedScopes as $vR) {
                             if ($v->id == $vR->id) {
                                 $tokenScopes++;
                                 continue 2;
                             }
                         }
                         // DAFUQ! Someone tried to cheat with the tokens!
                         return Event::until("oauth2.error.json", array("", "400:invalid_request"));
                     }
                     if ($tokenScopes != $totalScopes) {
                         return Event::until("oauth2.error.json", array("", "400:invalid_request"));
                     }
                     break;
                 case "dynamic":
                     $tokenScopes = 0;
                     $totalScopes = 0;
                     foreach ($token->scopes()->get() as $v) {
                         $totalScopes++;
                         foreach ($requestedScopes as $vR) {
                             if ($v->id == $vR->id) {
                                 $tokenScopes++;
                                 continue 2;
                             }
                         }
                         // DAFUQ! Someone tried to cheat with the tokens!
                         return Event::until("oauth2.error.json", array("", "400:invalid_request"));
                     }
                     break;
                 default:
                     // The scope the person gave is basically irrelevant
                     $requestedScopes = array();
                     foreach ($token->scopes()->get() as $v) {
                         $requestedScopes[] = $v;
                     }
             }
             $token->delete();
             break;
         case "password":
             // Implicitely done already through oauth2.login event call.
             if (empty($userData[2])) {
                 return Event::until("oauth2.error.json", array("", "400:invalid_request"));
             }
             break;
         case "assertion":
             // Not implemented yet
             return Event::until("oauth2.error.json", array("", "400:invalid_request"));
             break;
         case "refresh_token":
             if (empty($params['refresh_token'])) {
                 return Event::until("oauth2.error.json", array("", "400:invalid_request"));
             }
             $token = OAuth2\Models\Token::where("code", "=", $params['refresh_token'])->where("type", "=", 2)->where("client_id", "=", $client->id)->first();
             if (!$token) {
                 return Event::until("oauth2.error.json", array("", "400:invalid_request"));
             }
             $oldToken = OAuth2\Models\Token::where("refresh", "=", $token->code)->first();
             // Increase the expiry of the old token
             switch (Config::get("oauth2-sp::oauth2.mode", "flexible")) {
                 case "strict":
                     $tokenScopes = 0;
                     $totalScopes = 0;
                     foreach ($oldToken->scopes()->get() as $v) {
                         $totalScopes++;
                         foreach ($requestedScopes as $vR) {
                             if ($v->id == $vR->id) {
                                 $tokenScopes++;
                                 continue 2;
                             }
                         }
                         // DAFUQ! Someone tried to cheat with the tokens!
                         return Event::until("oauth2.error.json", array("", "400:invalid_request"));
                     }
                     if ($tokenScopes != $totalScopes) {
                         return Event::until("oauth2.error.json", array("", "400:invalid_request"));
                     }
                     $oldToken->scopes()->delete();
                     foreach ($requestedScopes as $rS) {
                         $oldToken->scopes()->attach($rS->id);
                     }
                     $oldToken->expiry = time() + 86400;
                     $oldToken->save();
                     return $oldToken->printToken();
                     break;
                 case "dynamic":
                     $tokenScopes = 0;
                     $totalScopes = 0;
                     foreach ($oldToken->scopes()->get() as $v) {
                         $totalScopes++;
                         foreach ($requestedScopes as $vR) {
                             if ($v->id == $vR->id) {
                                 $tokenScopes++;
                                 continue 2;
                             }
                         }
                         // DAFUQ! Someone tried to cheat with the tokens!
                         return Event::until("oauth2.error.json", array("", "400:invalid_request"));
                     }
                     $oldToken->scopes()->delete();
                     foreach ($requestedScopes as $rS) {
                         $oldToken->scopes()->attach($rS->id);
                     }
                     $oldToken->expiry = time() + 86400;
                     $oldToken->save();
                     return $oldToken->printToken();
                     break;
                 default:
                     $oldToken->expiry = time() + 86400;
                     $oldToken->save();
                     return $oldToken->printToken();
             }
             break;
         case "none":
             return Event::until("oauth2.error.json", array("", "400:invalid_request"));
             break;
         default:
             return Event::until("oauth2.error.json", array("", "400:invalid_request"));
     }
     // We have dealt with all the errors. Generate & return token...
     $t = OAuth2\Models\Token::generateAccessToken($client->id, $params['scope']);
     foreach ($requestedScopes as $rS) {
         $t->scopes()->attach($rS->id);
     }
     if (Config::get("oauth2-sp::oauth2.always_redirect")) {
         // @pratikshya's feature request from forums.laravel.io
         // Set the config string to true to always redirect rather than to print
         // This is contrary to RFC, so disabled by default!
         return Event::until("oauth2.redirect: token", array($params['redirect_uri'], $params, $t));
     }
     return $t->printToken();
 }