public static function validateDeleteApprovalRequest(Request $request)
 {
     // REQUIRED client_id
     $clientId = $request->getUrl()->getQueryParameter('client_id');
     if (is_null($clientId)) {
         throw new BadRequestException('missing client_id');
     }
     if (false === InputValidation::clientId($clientId)) {
         throw new BadRequestException('invalid client_id');
     }
     // REQUIRED response_type
     $responseType = $request->getUrl()->getQueryParameter('response_type');
     if (is_null($responseType)) {
         throw new BadRequestException('missing response_type');
     }
     if (false === InputValidation::responseType($responseType)) {
         throw new BadRequestException('invalid response_type');
     }
     // REQUIRED scope
     $scope = $request->getUrl()->getQueryParameter('scope');
     if (is_null($scope)) {
         throw new BadRequestException('missing scope');
     }
     if (false === InputValidation::scope($scope)) {
         throw new BadRequestException('invalid scope');
     }
     return array('client_id' => $clientId, 'response_type' => $responseType, 'scope' => $scope);
 }
 public function __construct(ClientData $clientData, Request $request, $redirectUri, array $urlParams)
 {
     $clientType = $clientData->getType();
     $urlParams['state'] = $request->getUrl()->getQueryParameter('state');
     // remove empty parameters
     foreach ($urlParams as $key => $value) {
         if (empty($value)) {
             unset($urlParams[$key]);
         }
     }
     if ('token' === $clientType) {
         $separator = '#';
     } else {
         $separator = false === strpos($redirectUri, '?') ? '?' : '&';
     }
     parent::__construct(sprintf('%s%s%s', $redirectUri, $separator, http_build_query($urlParams)), 302);
 }
예제 #3
0
 public function execute(Request $request, array $routeConfig)
 {
     // only relevant if the request comes from a browser
     if (false === mb_strpos($request->getHeader('Accept'), 'text/html')) {
         return;
     }
     // these methods do not require CSRF protection as they are not
     // supposed to have side effects on the server
     $safeMethods = ['GET', 'HEAD', 'OPTIONS'];
     if (!in_array($request->getMethod(), $safeMethods)) {
         $referrer = $request->getHeader('HTTP_REFERER');
         $rootUrl = $request->getUrl()->getRootUrl();
         if (null === $referrer) {
             throw new BadRequestException('HTTP_REFERER header missing');
         }
         if (0 !== mb_strpos($referrer, $rootUrl)) {
             throw new BadRequestException('HTTP_REFERER has unexpected value');
         }
     }
 }
 public function __construct(Request $request)
 {
     $this->setClientId($request->getUrl()->getQueryParameter('client_id'));
     $this->setResponseType($request->getUrl()->getQueryParameter('response_type'));
     $this->setRedirectUri($request->getUrl()->getQueryParameter('redirect_uri'));
     $this->setScope($request->getUrl()->getQueryParameter('scope'));
     $this->setState($request->getUrl()->getQueryParameter('state'));
 }
 public function getTokenIntrospection(Request $request, $tokenValue)
 {
     if (null === $tokenValue) {
         throw new BadRequestException('invalid_token', 'the token parameter is missing');
     }
     // FIXME: validate token format
     $accessToken = $this->db->getAccessToken($tokenValue);
     if (false === $accessToken) {
         // token does not exist
         $tokenInfo = array('active' => false);
     } elseif ($this->io->getTime() > $accessToken['issue_time'] + $accessToken['expires_in']) {
         // token expired
         $tokenInfo = array('active' => false);
     } else {
         // token exists and did not expire
         $tokenInfo = array('active' => true, 'exp' => intval($accessToken['issue_time'] + $accessToken['expires_in']), 'iat' => intval($accessToken['issue_time']), 'scope' => $accessToken['scope'], 'iss' => $request->getUrl()->getHost(), 'client_id' => $accessToken['client_id'], 'sub' => $accessToken['resource_owner_id'], 'user_id' => $accessToken['resource_owner_id'], 'token_type' => 'bearer');
         // as long as we have no RS registration we cannot set the audience...
         // $tokenInfo['aud'] => 'foo';
     }
     $response = new JsonResponse();
     $response->setHeaders(array('Cache-Control' => 'no-store', 'Pragma' => 'no-cache'));
     $response->setBody($tokenInfo);
     return $response;
 }
예제 #6
0
 public function __construct(Request $request)
 {
     $this->setGrantType($request->getPostParameter('grant_type'));
     $this->setCode($request->getPostParameter('code'));
     $this->setRedirectUri($request->getPostParameter('redirect_uri'));
     $this->setClientId($request->getPostParameter('client_id'));
     $this->setRefreshToken($request->getPostParameter('refresh_token'));
     $this->setScope($request->getPostParameter('scope'));
     // some additional validation
     if ('authorization_code' === $this->getGrantType() && null === $this->getCode()) {
         throw new BadRequestException('invalid_requst', 'for authorization_code grant type a code must be provided');
     }
     if ('refresh_token' === $this->getGrantType() && null === $this->getRefreshToken()) {
         throw new BadRequestException('invalid_request', 'for refresh_token grant type a refresh_token must be provided');
     }
 }
예제 #7
0
use fkooman\OAuth\Storage\PdoAuthorizationCodeStorage;
use fkooman\OAuth\Storage\PdoApprovalStorage;
use fkooman\RemoteStorage\RemoteStorageClientStorage;
use fkooman\RemoteStorage\DbTokenValidator;
use fkooman\RemoteStorage\DocumentStorage;
use fkooman\RemoteStorage\MetadataStorage;
use fkooman\RemoteStorage\RemoteStorage;
use fkooman\RemoteStorage\RemoteStorageResourceServer;
use fkooman\RemoteStorage\RemoteStorageService;
use fkooman\RemoteStorage\ApprovalManagementStorage;
use fkooman\Rest\Plugin\Authentication\AuthenticationPlugin;
use fkooman\Rest\Plugin\Authentication\Bearer\BearerAuthentication;
use fkooman\Rest\Plugin\Authentication\Form\FormAuthentication;
use fkooman\Tpl\Twig\TwigTemplateManager;
try {
    $request = new Request($_SERVER);
    $configReader = new Reader(new YamlFile(dirname(__DIR__) . '/config/server.yaml'));
    $serverMode = $configReader->v('serverMode', false, 'production');
    $document = new DocumentStorage($configReader->v('storageDir', false, sprintf('%s/data/storage', dirname(__DIR__))));
    $dbDsn = $configReader->v('Db', 'dsn', false, sprintf('sqlite:%s/data/rs.sqlite', dirname(__DIR__)));
    // if we use sqlite, and database is not initialized we will initialize
    // all tables here. No need to manually initialize the database then!
    $initDb = false;
    if (0 === strpos($dbDsn, 'sqlite:')) {
        // sqlite
        if (!file_exists(substr($dbDsn, 7))) {
            // sqlite file does not exist
            $initDb = true;
        }
    }
    $db = new PDO($dbDsn, $configReader->v('Db', 'username', false), $configReader->v('Db', 'password', false));
 public function deleteDocument(Request $request, TokenInfo $tokenInfo)
 {
     $path = new Path($request->getUrl()->getPathInfo());
     if ($path->getUserId() !== $tokenInfo->getUserId()) {
         throw new ForbiddenException('path does not match authorized subject');
     }
     if (!$this->hasWriteScope($tokenInfo->getScope(), $path->getModuleName())) {
         throw new ForbiddenException('path does not match authorized scope');
     }
     // need to get the version before the delete
     $documentVersion = $this->remoteStorage->getVersion($path);
     $ifMatch = $this->stripQuotes($request->getHeader('If-Match'));
     // if document does not exist, and we have If-Match header set we should
     // return a 412 instead of a 404
     if (null !== $ifMatch && !in_array($documentVersion, $ifMatch)) {
         throw new PreconditionFailedException('version mismatch');
     }
     if (null === $documentVersion) {
         throw new NotFoundException(sprintf('document "%s" not found', $path->getPath()));
     }
     $ifMatch = $this->stripQuotes($request->getHeader('If-Match'));
     if (null !== $ifMatch && !in_array($documentVersion, $ifMatch)) {
         throw new PreconditionFailedException('version mismatch');
     }
     $x = $this->remoteStorage->deleteDocument($path, $ifMatch);
     $rsr = new Response();
     $rsr->setHeader('ETag', '"' . $documentVersion . '"');
     $rsr->setBody($x);
     return $rsr;
 }
예제 #9
0
* See the License for the specific language governing permissions and
* limitations under the License.
*/
require_once dirname(__DIR__) . "/vendor/autoload.php";
use fkooman\Config\Config;
use fkooman\Http\JsonResponse;
use fkooman\Http\Request;
use fkooman\Http\IncomingRequest;
use fkooman\Rest\Service;
use fkooman\Rest\Plugin\BasicAuthentication;
use fkooman\VootProvider\VootStorageException;
try {
    $config = Config::fromIniFile(dirname(__DIR__) . DIRECTORY_SEPARATOR . "config" . DIRECTORY_SEPARATOR . "voot.ini");
    $vootStorageBackend = sprintf('fkooman\\VootProvider\\%s', $config->getValue('storageBackend'));
    $vootStorage = new $vootStorageBackend($config);
    $request = Request::fromIncomingRequest(new IncomingRequest());
    $service = new Service($request);
    // require authentication?
    if (null !== $config->getValue('basicUser')) {
        $basicAuthPlugin = new BasicAuthentication($config->getValue('basicUser'), $config->getValue('basicPass'), $config->getValue('serviceName'));
        $service->registerBeforeMatchingPlugin($basicAuthPlugin);
    }
    // GROUPS
    $service->match("GET", "/groups/:uid", function ($uid) use($request, $vootStorage) {
        $groups = $vootStorage->isMemberOf($uid, $request->getQueryParameter("startIndex"), $request->getQueryParameter("count"));
        $response = new JsonResponse(200);
        $response->setContent($groups);
        return $response;
    });
    // PEOPLE IN GROUP
    $service->match("GET", "/people/:uid/:gid", function ($uid, $gid) use($request, $vootStorage) {
 public function postAuthorization(Request $request, UserInfoInterface $userInfo)
 {
     $authorizeRequest = new AuthorizeRequest($request);
     $clientId = $authorizeRequest->getClientId();
     $responseType = $authorizeRequest->getResponseType();
     $redirectUri = $authorizeRequest->getRedirectUri();
     $scope = $authorizeRequest->getScope();
     $state = $authorizeRequest->getState();
     $clientData = $this->storage->getClient($clientId);
     if (false === $clientData) {
         throw new BadRequestException('client not registered');
     }
     // if no redirect_uri is part of the query parameter, use the one from
     // the client registration
     if (null === $redirectUri) {
         $redirectUri = $clientData->getRedirectUri();
     }
     if ('approve' !== $request->getPostParameter('approval')) {
         return new ClientResponse($clientData, $request, $redirectUri, array('error' => 'access_denied', 'error_description' => 'not authorized by resource owner'));
     }
     $this->addApproval($clientData, $userInfo->getUserId(), $scope);
     // redirect to self
     return new RedirectResponse($request->getUrl()->toString(), 302);
 }
 public function deleteApproval(Request $request, UserInfoInterface $userInfo)
 {
     $id = $request->getUrl()->getQueryParameter('id');
     $this->db->deleteApproval($id, $userInfo->getUserId());
     return new RedirectResponse($request->getUrl()->getRootUrl() . 'approvals.php', 302);
 }
예제 #12
0
 private function runService(Request $request)
 {
     // support method override when _METHOD is set in a form POST
     if ('POST' === $request->getMethod()) {
         $methodOverride = $request->getPostParameter('_METHOD');
         if (null !== $methodOverride) {
             $request->setMethod($methodOverride);
         }
     }
     foreach ($this->routes as $route) {
         if (false !== ($availableRouteCallbackParameters = $route->isMatch($request->getMethod(), $request->getUrl()->getPathInfo()))) {
             return $this->executeCallback($request, $route, $availableRouteCallbackParameters);
         }
     }
     // figure out all supported methods by all routes
     $supportedMethods = [];
     foreach ($this->routes as $route) {
         $routeMethods = $route->getMethods();
         foreach ($routeMethods as $method) {
             if (!in_array($method, $supportedMethods)) {
                 $supportedMethods[] = $method;
             }
         }
     }
     // requested method supported, document is just not available
     if (in_array($request->getMethod(), $supportedMethods)) {
         throw new NotFoundException('url not found', $request->getUrl()->getRoot() . mb_substr($request->getUrl()->getPathInfo(), 1));
     }
     // requested method net supported...
     throw new MethodNotAllowedException($request->getMethod(), $supportedMethods);
 }