예제 #1
0
 /**
  * @return \Cake\Network\Response|void
  * @throws \League\OAuth2\Server\Exception\InvalidGrantException
  */
 public function authorize()
 {
     if (!($authParams = $this->OAuth->checkAuthParams('authorization_code'))) {
         return;
     }
     if (!$this->Auth->user()) {
         $query = $this->request->query;
         $query['redir'] = 'oauth';
         return $this->redirect(['plugin' => false, 'controller' => 'Users', 'action' => 'login', '?' => $query]);
     }
     $event = new Event('OAuthServer.beforeAuthorize', $this);
     EventManager::instance()->dispatch($event);
     if (is_array($event->result)) {
         $this->set($event->result);
     }
     if ($this->request->is('post') && $this->request->data['authorization'] === 'Approve') {
         $ownerModel = isset($this->request->data['owner_model']) ? $this->request->data['owner_model'] : 'Users';
         $ownerId = isset($this->request->data['owner_id']) ? $this->request->data['owner_id'] : $this->Auth->user('id');
         $redirectUri = $this->OAuth->Server->getGrantType('authorization_code')->newAuthorizeRequest($ownerModel, $ownerId, $authParams);
         $event = new Event('OAuthServer.afterAuthorize', $this);
         EventManager::instance()->dispatch($event);
         return $this->redirect($redirectUri);
     } elseif ($this->request->is('post')) {
         $event = new Event('OAuthServer.afterDeny', $this);
         EventManager::instance()->dispatch($event);
         $error = new AccessDeniedException();
         $redirectUri = new RedirectUri($authParams['redirect_uri'], ['error' => $error->errorType, 'message' => $error->getMessage()]);
         return $this->redirect($redirectUri);
     }
     $this->set('authParams', $authParams);
     $this->set('user', $this->Auth->user());
 }
예제 #2
0
 public function issueAuthCode(Request $request)
 {
     $authParams = $this->service('session')->get('authParams');
     $this->service('session')->remove('authParams');
     $this->service('session')->remove('redirectTo');
     if ($request->get('authorization') === 'Approve') {
         $user = $this->identityProvider->getCurrentUser();
         $redirectUri = $this->server->getGrantType('authorization_code')->newAuthorizeRequest('user', $user->id, $authParams);
         return $this->setStatusCode(Response::HTTP_FOUND)->respond('', ['Location' => $redirectUri]);
     } else {
         $error = new AccessDeniedException();
         $redirectUri = RedirectUri::make($authParams['redirect_uri'], ['error' => $error->errorType, 'message' => $error->getMessage()]);
         return $this->setStatusCode(Response::HTTP_FOUND)->respond('', ['Location' => $redirectUri]);
     }
 }
예제 #3
0
 /**
  * Generate a redirect uri when the auth code request is denied by the user.
  *
  * @return string a correctly formed url to redirect back to
  */
 public function authCodeRequestDeniedRedirectUri()
 {
     $error = new AccessDeniedException();
     return $this->getRedirectUriGenerator()->make($this->getAuthCodeRequestParam('redirect_uri'), ['error' => $error->errorType, 'error_description' => $error->getMessage()]);
 }
예제 #4
0
 /**
  * @return \Cake\Network\Response|void
  * @throws \League\OAuth2\Server\Exception\InvalidGrantException
  */
 public function authorize()
 {
     if (!($authParams = $this->OAuth->checkAuthParams('authorization_code'))) {
         return;
     }
     $ownerModel = $this->request->query('owner_model') ?: 'Users';
     $ownerId = $this->request->query('owner_id') ?: $this->Auth->user('id');
     $clientId = $this->request->query('client_id');
     if (!$this->Auth->user()) {
         $query = $this->request->query;
         $query['redir'] = 'oauth';
         return $this->redirect(['plugin' => false, 'controller' => 'Users', 'action' => 'login', '?' => $query]);
     } else {
         $currentTokens = $this->loadModel('OAuthServer.AccessTokens')->find()->where(['expires > ' => Time::now()->getTimestamp()])->matching('Sessions', function ($q) use($ownerModel, $ownerId, $clientId) {
             return $q->where(['owner_model' => $ownerModel, 'owner_id' => $ownerId, 'client_id' => $clientId]);
         })->count();
     }
     $event = new Event('OAuthServer.beforeAuthorize', $this);
     EventManager::instance()->dispatch($event);
     $serializeKeys = [];
     if (is_array($event->result)) {
         $this->set($event->result);
         $serializeKeys = array_keys($event->result);
     }
     if ($currentTokens > 0 || $this->request->is('post') && $this->request->data('authorization') === 'Approve') {
         $ownerModel = $this->request->data('owner_model') ?: $ownerModel;
         $ownerId = $this->request->data('owner_id') ?: $ownerId;
         $redirectUri = $this->OAuth->Server->getGrantType('authorization_code')->newAuthorizeRequest($ownerModel, $ownerId, $authParams);
         $event = new Event('OAuthServer.afterAuthorize', $this);
         EventManager::instance()->dispatch($event);
         return $this->redirect($redirectUri);
     } elseif ($this->request->is('post')) {
         $event = new Event('OAuthServer.afterDeny', $this);
         EventManager::instance()->dispatch($event);
         $error = new AccessDeniedException();
         $redirectUri = RedirectUri::make($authParams['redirect_uri'], ['error' => $error->errorType, 'message' => $error->getMessage()]);
         return $this->redirect($redirectUri);
     }
     $this->set('authParams', $authParams);
     $this->set('user', $this->Auth->user());
     $this->set('_serialize', array_merge(['user', 'authParams'], $serializeKeys));
 }
예제 #5
0
 public function signinPost(Application $app, Request $request)
 {
     session_start();
     $authParams = $_SESSION['auth_params'];
     $authParams['client'] = $this->getAuthorizationServer($app)->getClientStorage()->get($authParams['client']);
     $scopeStorage = $this->getAuthorizationServer($app)->getScopeStorage();
     $authParams['scopes'] = array_map(function ($item) use($scopeStorage) {
         return $scopeStorage->get($item);
     }, $authParams['scopes']);
     if (!($user = $this->getAuthenticator($app)->findUser($request->request->all()))) {
         return false;
     }
     $data = $request->request->all();
     if (array_key_exists('authorization', $data) && $data['authorization'] === 'Approve' && $this->getAuthenticator($app)->authenticate($user, $data)) {
         /** @var AuthCodeGrant $grant */
         $grant = $this->getAuthorizationServer($app)->getGrantType('authorization_code');
         $redirect = $grant->newAuthorizeRequest('user', $user->getId(), $authParams);
         return $app->redirect($redirect);
     }
     $error = new AccessDeniedException();
     $redirect = RedirectUri::make($authParams['redirect_uri'], ['error' => $error->errorType, 'message' => $error->getMessage()]);
     return $app->redirect($redirect);
 }