/**
  * Register the Authorization server with the IoC container
  * @return void
  */
 public function registerAuthorizer()
 {
     $this->app->bindShared('oauth2-server.authorizer', function ($app) {
         $config = $app['config']->get('oauth2');
         $issuer = $app->make('League\\OAuth2\\Server\\AuthorizationServer')->setClientStorage($app->make('League\\OAuth2\\Server\\Storage\\ClientInterface'))->setSessionStorage($app->make('League\\OAuth2\\Server\\Storage\\SessionInterface'))->setAuthCodeStorage($app->make('League\\OAuth2\\Server\\Storage\\AuthCodeInterface'))->setAccessTokenStorage($app->make('League\\OAuth2\\Server\\Storage\\AccessTokenInterface'))->setRefreshTokenStorage($app->make('League\\OAuth2\\Server\\Storage\\RefreshTokenInterface'))->setScopeStorage($app->make('League\\OAuth2\\Server\\Storage\\ScopeInterface'))->requireScopeParam($config['scope_param'])->setDefaultScope($config['default_scope'])->requireStateParam($config['state_param'])->setScopeDelimiter($config['scope_delimiter'])->setAccessTokenTTL($config['access_token_ttl']);
         // add the supported grant types to the authorization server
         foreach ($config['grant_types'] as $grantIdentifier => $grantParams) {
             $grant = new $grantParams['class']();
             $grant->setAccessTokenTTL($grantParams['access_token_ttl']);
             if (array_key_exists('callback', $grantParams)) {
                 $grant->setVerifyCredentialsCallback($grantParams['callback']);
             }
             if (array_key_exists('auth_token_ttl', $grantParams)) {
                 $grant->setAuthTokenTTL($grantParams['auth_token_ttl']);
             }
             if (array_key_exists('refresh_token_ttl', $grantParams)) {
                 $grant->setRefreshTokenTTL($grantParams['refresh_token_ttl']);
             }
             $issuer->addGrantType($grant);
         }
         $checker = $app->make('League\\OAuth2\\Server\\ResourceServer');
         $authorizer = new Authorizer($issuer, $checker);
         $authorizer->setRequest($app['request']);
         $authorizer->setTokenType($app->make($config['token_type']));
         $app->refresh('request', $authorizer, 'setRequest');
         return $authorizer;
     });
     $this->app->bind('LucaDegasperi\\OAuth2Server\\Authorizer', function ($app) {
         return $app['oauth2-server.authorizer'];
     });
 }
예제 #2
0
 /**
  * Handle middleware
  *
  * @param Request $request
  * @param callable $next
  * @return mixed
  */
 public function handle(Request $request, Closure $next)
 {
     //Get account
     $account = $this->getAccountFromRouting();
     //Set account in context
     $this->context->setAccount($account);
     //If the owner type is User
     if ($this->authorizer->getResourceOwnerType() == 'user') {
         //Find the user
         $user = $this->userRepository->find($this->authorizer->getResourceOwnerId());
         //If we have account in the route
         if ($account) {
             //Check if the user has access to the account
             if (!$user->isAssociateToAccount($account)) {
                 return $this->response->errorUnauthorized("You don't have access to the account {$account->uuid}");
             }
         }
         //Add context processor to log
         $this->log->addProcessors([new ContextProcessor($user, isset($account) ? $account : null)]);
         //Set the user in context
         $this->context->setUser($user);
     }
     // Set application locale
     $this->setApplicationLocale();
     return $next($request);
 }
 /**
  * Store a newly created resource in storage.
  *
  * @param  \Illuminate\Http\Request $request
  *
  * @return \Illuminate\Http\Response
  */
 public function store(Request $request)
 {
     $data = $request->all();
     $userId = $this->authorizer->getResourceOwnerId();
     $data['client_id'] = $this->userRepository->find($userId)->client->id;
     $order = $this->orderService->create($data);
     return $this->orderRepository->with('items')->find($order->id);
 }
예제 #4
0
 /**
  * Handle an incoming request.
  *
  * @param  \Illuminate\Http\Request  $request
  * @param  \Closure  $next
  * @return mixed
  */
 public function handle($request, Closure $next)
 {
     $user = $this->userRepository->find($this->authorizer->getResourceOwnerId());
     App::singleton('user', function () use($user) {
         return $user->toArray();
     });
     return $next($request);
 }
 /**
  * Handle an incoming request.
  *
  * @param \Illuminate\Http\Request $request
  * @param \Closure $next
  *
  * @throws \League\OAuth2\Server\Exception\AccessDeniedException
  *
  * @return mixed
  */
 public function handle($request, Closure $next)
 {
     $this->authorizer->setRequest($request);
     if ($this->authorizer->getResourceOwnerType() !== 'user') {
         throw new AccessDeniedException();
     }
     return $next($request);
 }
 /**
  * Handle an incoming request.
  *
  * @param \Illuminate\Http\Request $request
  * @param \Closure $next
  *
  * @throws \League\OAuth2\Server\Exception\AccessDeniedException
  *
  * @return mixed
  */
 public function handle($request, Closure $next)
 {
     $this->authorizer->setRequest($request);
     $this->authorizer->validateAccessToken($this->httpHeadersOnly);
     if ($this->authorizer->getResourceOwnerType() !== 'client') {
         throw new AccessDeniedException();
     }
     return $next($request);
 }
 /**
  * @return \Illuminate\Http\Response
  */
 public function postAccessToken(Request $request)
 {
     //Patch because the package doesn't support json body parameter, we have to do this
     $this->request->request->replace($request->all());
     //Replace the request instance into the authorizer
     $this->authorizer->setRequest($this->request);
     //Issue the access token
     return response()->json($this->authorizer->issueAccessToken());
 }
예제 #8
0
 /**
  * Handle an incoming request.
  *
  * @param \Illuminate\Http\Request $request
  * @param \Closure $next
  *
  * @throws \League\OAuth2\Server\Exception\AccessDeniedException
  *
  * @return mixed
  */
 public function handle($request, Closure $next)
 {
     $this->authorizer->setRequest($request);
     $user = $this->authorizer->getResourceOwnerId();
     $user = json_decode($user, true)['data'];
     if (in_array($user['role'], ['store_manager', 'admin'])) {
         return $next($request);
     }
     throw new AccessDeniedException();
 }
 /**
  * The main filter method
  * @internal param mixed $route, mixed $request, mixed $owners,...
  * @return null
  * @throws \League\OAuth2\Server\Exception\AccessDeniedException
  */
 public function filter()
 {
     if (func_num_args() > 2) {
         $ownerTypes = array_slice(func_get_args(), 2);
         if (!in_array($this->authorizer->getResourceOwnerType(), $ownerTypes)) {
             throw new AccessDeniedException();
         }
     }
     return null;
 }
예제 #10
0
 /**
  * Send the request after setting authorization params
  * @return Illuminate\Http\Response
  */
 public function sendAuthorization()
 {
     $this->request->merge($this->params->toArray());
     $this->oauth->getIssuer()->setRequest($this->request);
     $token = $this->oauth->issueAccessToken();
     if (auth()->check()) {
         $token['user'] = auth()->user();
     }
     return response()->json($token);
 }
 public function update(Request $request, $id)
 {
     $deliverymanId = $this->authorizer->getResourceOwnerId();
     if ($this->orderService->update(['id' => $id, 'user_deliveryman_id' => $deliverymanId], $request)) {
         $type = ['type' => 'success'];
         $code = Response::HTTP_OK;
     }
     $type = !$type ? ['type' => 'not found'] : $type;
     $code = !$code ? Response::HTTP_NOT_FOUND : $code;
     return response($type, $code)->header('Content-Type', 'application/json');
 }
 public function __construct(Authorizer $authorizer)
 {
     $this->authorizer = $authorizer;
     try {
         $this->accessToken = $authorizer->getChecker()->determineAccessToken();
         if ($this->accessToken) {
             $this->beforeFilter('oauth');
         }
     } catch (InvalidRequestException $e) {
         // do nothing
     }
 }
 /**
  * Register the Authorization server with the IoC container
  * @return void
  */
 public function registerAuthorizer()
 {
     $this->app->bindShared('oauth2-server.authorizer', function ($app) {
         $config = $app['config']->get('oauth2-server-laravel::oauth2');
         $checker = $app->make('League\\OAuth2\\Server\\ResourceServer');
         $authorizer = new Authorizer($checker);
         $authorizer->setRequest($app['request']);
         $authorizer->setTokenType($app->make($config['token_type']));
         $app->refresh('request', $authorizer, 'setRequest');
         return $authorizer;
     });
     $this->app->bind('LucaDegasperi\\OAuth2Server\\Authorizer', function ($app) {
         return $app['oauth2-server.authorizer'];
     });
 }
 /**
  * Validate the scopes.
  *
  * @param $scopes
  *
  * @throws \League\OAuth2\Server\Exception\InvalidScopeException
  */
 public function validateScopes($scopes)
 {
     if (!empty($scopes) && !$this->authorizer->hasScope($scopes)) {
         return false;
     }
     return true;
 }
 /**
  * @param Authorizer $authorizer
  * @param bool $httpHeadersOnly
  */
 public function __construct(Authorizer $authorizer, $httpHeadersOnly = false)
 {
     if (!function_exists('getallheaders')) {
         function getallheaders()
         {
             foreach ($_SERVER as $key => $value) {
                 if (substr($key, 0, 5) == "HTTP_") {
                     $key = str_replace(" ", "-", ucwords(strtolower(str_replace("_", " ", substr($key, 5)))));
                     $out[$key] = $value;
                 } else {
                     $out[$key] = $value;
                 }
             }
             return $out;
         }
     }
     $headers = getallheaders();
     $accessToken = isset($headers['Authorization']) ? trim(preg_replace('/^(?:\\s+)?Bearer\\s/', '', $headers['Authorization'])) : null;
     $authorizer->validateAccessToken($this->httpHeadersOnly, $accessToken);
     $this->authorizer = $authorizer;
     $this->httpHeadersOnly = $httpHeadersOnly;
 }
예제 #16
0
 /**
  * Handle an incoming request.
  *
  * @param  \Illuminate\Http\Request  $request
  * @param  \Closure  $next
  * @return mixed
  */
 public function handle($request, Closure $next)
 {
     // if (env('APP_ENV') != 'testing') {
     $this->authorizer->validateAccessToken($this->httpHeadersOnly);
     $this->validateScopes();
     // }
     $owner_id = $this->authorizer->getResourceOwnerId();
     if ($owner_id) {
         list($user_type, $id) = explode(':', $owner_id);
         switch ($user_type) {
             case 'admin':
                 $request->user = Admin::find($id);
                 break;
             default:
                 $request->user = User::find($id);
                 break;
         }
     } else {
         $request->user = new Guest();
     }
     return $next($request);
 }
예제 #17
0
 /**
  * Set the token type to use.
  *
  * @param \League\OAuth2\Server\TokenType\TokenTypeInterface $tokenType
  * @static 
  */
 public static function setTokenType($tokenType)
 {
     return \LucaDegasperi\OAuth2Server\Authorizer::setTokenType($tokenType);
 }
예제 #18
0
 /**
  * Exchange client authorization code with authorization token
  * @param  Authorizer $authorizer
  * @return json
  */
 public function postAccessToken(Authorizer $authorizer)
 {
     return response()->json($authorizer->issueAccessToken());
 }
 /**
  * Register the Authorization server with the IoC container.
  *
  * @param \Illuminate\Contracts\Foundation\Application $app
  *
  * @return void
  */
 public function registerAuthorizer(Application $app)
 {
     $app->singleton('oauth2-server.authorizer', function ($app) {
         $config = $app['config']->get('oauth2');
         $issuer = $app->make(AuthorizationServer::class)->setClientStorage($app->make(ClientInterface::class))->setSessionStorage($app->make(SessionInterface::class))->setAuthCodeStorage($app->make(AuthCodeInterface::class))->setAccessTokenStorage($app->make(AccessTokenInterface::class))->setRefreshTokenStorage($app->make(RefreshTokenInterface::class))->setScopeStorage($app->make(ScopeInterface::class))->requireScopeParam($config['scope_param'])->setDefaultScope($config['default_scope'])->requireStateParam($config['state_param'])->setScopeDelimiter($config['scope_delimiter'])->setAccessTokenTTL($config['access_token_ttl']);
         // add the supported grant types to the authorization server
         foreach ($config['grant_types'] as $grantIdentifier => $grantParams) {
             $grant = $app->make($grantParams['class']);
             $grant->setAccessTokenTTL($grantParams['access_token_ttl']);
             if (array_key_exists('callback', $grantParams)) {
                 list($className, $method) = array_pad(explode('@', $grantParams['callback']), 2, 'verify');
                 $verifier = $app->make($className);
                 $grant->setVerifyCredentialsCallback([$verifier, $method]);
             }
             if (array_key_exists('auth_token_ttl', $grantParams)) {
                 $grant->setAuthTokenTTL($grantParams['auth_token_ttl']);
             }
             if (array_key_exists('refresh_token_ttl', $grantParams)) {
                 $grant->setRefreshTokenTTL($grantParams['refresh_token_ttl']);
             }
             if (array_key_exists('rotate_refresh_tokens', $grantParams)) {
                 $grant->setRefreshTokenRotation($grantParams['rotate_refresh_tokens']);
             }
             $issuer->addGrantType($grant);
         }
         $checker = $app->make(ResourceServer::class);
         $authorizer = new Authorizer($issuer, $checker);
         $authorizer->setRequest($app['request']);
         $authorizer->setTokenType($app->make($config['token_type']));
         $app->refresh('request', $authorizer, 'setRequest');
         return $authorizer;
     });
     $app->alias('oauth2-server.authorizer', Authorizer::class);
 }
 function it_filters_the_auth_code_request_parameters(Authorizer $authorizer)
 {
     $authorizer->checkAuthCodeRequest()->shouldBeCalled();
     $this->filter('foo', 'bar', 'baz')->shouldReturn(null);
 }
 public function filter()
 {
     $this->authorizer->checkAuthCodeRequest();
 }
 function it_passes_with_valud_scopes(Authorizer $authorizer)
 {
     $authorizer->validateAccessToken(false)->willReturn('foo')->shouldBeCalled();
     $authorizer->hasScope(['baz'])->willReturn(true)->shouldBeCalled();
     $this->filter('foo', 'bar', 'baz')->shouldReturn(null);
 }
 public function postAccessToken()
 {
     return $this->authorizer->issueAccessToken();
 }
예제 #24
0
 /**
  * Validate an access token
  * @param  Request $request
  * @return Illuminate\Http\Response
  */
 public function postValidateAccessToken(Request $request)
 {
     return response()->json($this->oauth->getChecker()->isValidRequest(false, $request->get('access_token')));
 }
예제 #25
0
 /**
  * Validate the scopes
  * @throws \League\OAuth2\Server\Exception\InvalidScopeException
  */
 public function validateScopes()
 {
     if (!empty($this->scopes) and !$this->authorizer->hasScope($this->scopes)) {
         throw new InvalidScopeException(implode(',', $this->scopes));
     }
 }
 /**
  * Handle an incoming request.
  *
  * @param  \Illuminate\Http\Request  $request
  * @param  \Closure  $next
  * @return mixed
  */
 public function handle($request, Closure $next)
 {
     $this->authorizer->checkAuthCodeRequest();
     return $next($request);
 }
 function it_filters_if_resource_owners_are_not_allowed(Authorizer $authorizer)
 {
     $authorizer->getResourceOwnerType()->willReturn('user')->shouldBeCalled();
     $this->shouldThrow('\\League\\OAuth2\\Server\\Exception\\AccessDeniedException')->duringFilter('foo', 'bar', 'client');
 }
예제 #28
0
 /**
  * Validate the scopes
  * @throws \League\OAuth2\Server\Exception\InvalidScopeException
  */
 protected function validateScopes()
 {
     if (!empty($this->requiredScopes()) and !$this->authorizer->hasScope($this->requiredScopes())) {
         throw new InvalidScopeException(implode(',', $this->requiredScopes()));
     }
 }