public function execute($body, array $params) { // Decode the request body $this->data = $body == "" ? [] : json_decode($body); // Check a client id was provided if (!array_key_exists(Headers::CLIENT_ID, $_SERVER)) { throw new InvalidClientException(); } // Check the auth details were provided if (!isset($_SERVER[Headers::AUTH_USER]) || !isset($_SERVER[Headers::AUTH_TOKEN])) { throw new AuthorizationException("Must provide authentication"); } // Collect the request details $this->user = UserBackend::fetch_user_profile($_SERVER[Headers::AUTH_USER]); $this->params = $params; $this->method = $_SERVER["REQUEST_METHOD"]; $token = Token::decode($_SERVER[Headers::AUTH_TOKEN]); $this->clientid = Token::decode($_SERVER[Headers::CLIENT_ID]); // If debugging we ignore auth checks if (DEBUG) { return parent::execute($body, $params); } // Validate the access token if ($token->getType() != TOKEN_ACCESS) { throw new AuthorizationException("Token provided is not a access token"); } if (!TokenBackend::validate_token($this->clientid, $this->user->getUserId(), $token)) { throw new InvalidTokenException("Token provided is not a valid access token"); } // Handle the request $payload = $this->handle($this->data); $payload["client-id"] = $this->clientid->toString(); return $payload; }
public function handle($data) { $this->validate_request(["user", "request-token", "password"]); // Check to see if request token is valid $request = Token::decode($data->{"request-token"}); $profile = UserBackend::fetch_user_profile($data->{"user"}); if ($request->getType() != TOKEN_REQUEST) { throw new InvalidTokenException("Request token provided is not a valid request token"); } if (!TokenBackend::validate_token($this->clientid, $profile->getUserId(), $request)) { throw new InvalidTokenException("Request token is invalid"); } // Remove used request token TokenBackend::invalidate_token($this->clientid, $request); // Check to see if username matches password $password = $data->{"password"}; if (!UserBackend::validate_user($profile, $password)) { throw new AuthenticationException("Invalid password for user", ["user" => $profile->toExternalForm()]); } // Remove any current login sessions for this user and this client TokenBackend::clear_tokens($this->clientid, $profile->getUserId(), TOKEN_ACCESS); TokenBackend::clear_tokens($this->clientid, $profile->getUserId(), TOKEN_REFRESH); // create the new login session $accessToken = TokenBackend::create_token($this->clientid, $profile->getUserId(), TOKEN_ACCESS, "1 HOUR"); $refreshToken = TokenBackend::create_token($this->clientid, $profile->getUserId(), TOKEN_REFRESH, "1 YEAR"); return ["access-token" => $accessToken->toExternalForm(3600), "refresh-token" => $refreshToken->toExternalForm(false), "profile" => $profile->toExternalForm()]; }
public function handle($data) { $this->validate_request(["user"]); $profile = UserBackend::fetch_user_profile($data->{"user"}); $token = TokenBackend::create_token($this->clientid, $profile->getUserId(), TOKEN_REQUEST, "1 HOUR"); return ["user" => $profile->toExternalForm(), "request-token" => $token->toExternalForm(3600)]; }
public function handle($data) { $this->validate_request(["user", "token"]); $token = Token::decode($data->{"token"}); TokenBackend::invalidate_token($this->clientid, $token); return []; }
public function handle($data) { $this->validate_request(["user", "token"]); $userid = Token::decode($data->{"user"}); $token = Token::decode($data->{"token"}); if (!TokenBackend::validate_token($this->clientid, $userid, $token)) { throw new ValidationFailedException("Specified token is not valid"); } return []; }
public function handle($data) { $this->validate_request(["user", "refresh-token"]); $profile = UserBackend::fetch_user_profile($data->{"user"}); $refresh = Token::decode($data->{"refresh-token"}); if (!$refresh->getUserSecret() == $profile->getUserId()->getUserSecret()) { throw new InvalidUserException("User provided and token do not match"); } if (!TokenBackend::validate_token($this->clientid, $profile->getUserId(), $refresh)) { throw new InvalidTokenException("Invalid refresh token or userid provided"); } TokenBackend::clear_tokens($this->clientid, $profile->getUserId(), TOKEN_ACCESS); $access = TokenBackend::create_token($this->clientid, $profile->getUserId(), TOKEN_ACCESS, "1 HOUR"); return ["user-profile" => $profile->toExternalForm(), "access-token" => ["token" => $access->toString(), "expires" => 3600]]; }