/** * @return \Cake\Network\Response|void * @throws \League\OAuth2\Server\Exception\InvalidGrantException */ public function authorize() { if (!($authParams = $this->OAuth->checkAuthParams('authorization_code'))) { return; } if (!$this->Auth->user()) { $query = $this->request->query; $query['redir'] = 'oauth'; return $this->redirect(['plugin' => false, 'controller' => 'Users', 'action' => 'login', '?' => $query]); } $event = new Event('OAuthServer.beforeAuthorize', $this); EventManager::instance()->dispatch($event); if (is_array($event->result)) { $this->set($event->result); } if ($this->request->is('post') && $this->request->data['authorization'] === 'Approve') { $ownerModel = isset($this->request->data['owner_model']) ? $this->request->data['owner_model'] : 'Users'; $ownerId = isset($this->request->data['owner_id']) ? $this->request->data['owner_id'] : $this->Auth->user('id'); $redirectUri = $this->OAuth->Server->getGrantType('authorization_code')->newAuthorizeRequest($ownerModel, $ownerId, $authParams); $event = new Event('OAuthServer.afterAuthorize', $this); EventManager::instance()->dispatch($event); return $this->redirect($redirectUri); } elseif ($this->request->is('post')) { $event = new Event('OAuthServer.afterDeny', $this); EventManager::instance()->dispatch($event); $error = new AccessDeniedException(); $redirectUri = new RedirectUri($authParams['redirect_uri'], ['error' => $error->errorType, 'message' => $error->getMessage()]); return $this->redirect($redirectUri); } $this->set('authParams', $authParams); $this->set('user', $this->Auth->user()); }
public function issueAuthCode(Request $request) { $authParams = $this->service('session')->get('authParams'); $this->service('session')->remove('authParams'); $this->service('session')->remove('redirectTo'); if ($request->get('authorization') === 'Approve') { $user = $this->identityProvider->getCurrentUser(); $redirectUri = $this->server->getGrantType('authorization_code')->newAuthorizeRequest('user', $user->id, $authParams); return $this->setStatusCode(Response::HTTP_FOUND)->respond('', ['Location' => $redirectUri]); } else { $error = new AccessDeniedException(); $redirectUri = RedirectUri::make($authParams['redirect_uri'], ['error' => $error->errorType, 'message' => $error->getMessage()]); return $this->setStatusCode(Response::HTTP_FOUND)->respond('', ['Location' => $redirectUri]); } }
/** * Generate a redirect uri when the auth code request is denied by the user. * * @return string a correctly formed url to redirect back to */ public function authCodeRequestDeniedRedirectUri() { $error = new AccessDeniedException(); return $this->getRedirectUriGenerator()->make($this->getAuthCodeRequestParam('redirect_uri'), ['error' => $error->errorType, 'error_description' => $error->getMessage()]); }
/** * @return \Cake\Network\Response|void * @throws \League\OAuth2\Server\Exception\InvalidGrantException */ public function authorize() { if (!($authParams = $this->OAuth->checkAuthParams('authorization_code'))) { return; } $ownerModel = $this->request->query('owner_model') ?: 'Users'; $ownerId = $this->request->query('owner_id') ?: $this->Auth->user('id'); $clientId = $this->request->query('client_id'); if (!$this->Auth->user()) { $query = $this->request->query; $query['redir'] = 'oauth'; return $this->redirect(['plugin' => false, 'controller' => 'Users', 'action' => 'login', '?' => $query]); } else { $currentTokens = $this->loadModel('OAuthServer.AccessTokens')->find()->where(['expires > ' => Time::now()->getTimestamp()])->matching('Sessions', function ($q) use($ownerModel, $ownerId, $clientId) { return $q->where(['owner_model' => $ownerModel, 'owner_id' => $ownerId, 'client_id' => $clientId]); })->count(); } $event = new Event('OAuthServer.beforeAuthorize', $this); EventManager::instance()->dispatch($event); $serializeKeys = []; if (is_array($event->result)) { $this->set($event->result); $serializeKeys = array_keys($event->result); } if ($currentTokens > 0 || $this->request->is('post') && $this->request->data('authorization') === 'Approve') { $ownerModel = $this->request->data('owner_model') ?: $ownerModel; $ownerId = $this->request->data('owner_id') ?: $ownerId; $redirectUri = $this->OAuth->Server->getGrantType('authorization_code')->newAuthorizeRequest($ownerModel, $ownerId, $authParams); $event = new Event('OAuthServer.afterAuthorize', $this); EventManager::instance()->dispatch($event); return $this->redirect($redirectUri); } elseif ($this->request->is('post')) { $event = new Event('OAuthServer.afterDeny', $this); EventManager::instance()->dispatch($event); $error = new AccessDeniedException(); $redirectUri = RedirectUri::make($authParams['redirect_uri'], ['error' => $error->errorType, 'message' => $error->getMessage()]); return $this->redirect($redirectUri); } $this->set('authParams', $authParams); $this->set('user', $this->Auth->user()); $this->set('_serialize', array_merge(['user', 'authParams'], $serializeKeys)); }
public function signinPost(Application $app, Request $request) { session_start(); $authParams = $_SESSION['auth_params']; $authParams['client'] = $this->getAuthorizationServer($app)->getClientStorage()->get($authParams['client']); $scopeStorage = $this->getAuthorizationServer($app)->getScopeStorage(); $authParams['scopes'] = array_map(function ($item) use($scopeStorage) { return $scopeStorage->get($item); }, $authParams['scopes']); if (!($user = $this->getAuthenticator($app)->findUser($request->request->all()))) { return false; } $data = $request->request->all(); if (array_key_exists('authorization', $data) && $data['authorization'] === 'Approve' && $this->getAuthenticator($app)->authenticate($user, $data)) { /** @var AuthCodeGrant $grant */ $grant = $this->getAuthorizationServer($app)->getGrantType('authorization_code'); $redirect = $grant->newAuthorizeRequest('user', $user->getId(), $authParams); return $app->redirect($redirect); } $error = new AccessDeniedException(); $redirect = RedirectUri::make($authParams['redirect_uri'], ['error' => $error->errorType, 'message' => $error->getMessage()]); return $app->redirect($redirect); }