예제 #1
0
 /**
  * {@inheritdoc}
  */
 public function determineAccessTokenInHeader(RequestHandler $requestHandler, $authHeader = 'Authorization')
 {
     $header = $requestHandler->getHeader($authHeader);
     if ($header === null) {
         return;
     }
     if (substr($header, 0, 4) !== 'MAC ') {
         return;
     }
     // Find all the parameters expressed in the header
     $paramsRaw = explode(',', substr($header, 4));
     $params = array();
     array_map(function ($param) use(&$params) {
         $param = trim($param);
         preg_match_all('/([a-zA-Z]*)="([\\w=]*)"/', $param, $matches);
         // @codeCoverageIgnoreStart
         if (count($matches) !== 3) {
             return;
         }
         // @codeCoverageIgnoreEnd
         $key = reset($matches[1]);
         $value = trim(reset($matches[2]));
         if (empty($value)) {
             return;
         }
         $params[$key] = $value;
     }, $paramsRaw);
     // Validate parameters
     if (array_key_exists('id', $params) === false || array_key_exists('ts', $params) === false || array_key_exists('nonce', $params) === false || array_key_exists('mac', $params) === false) {
         return;
     }
     if ((int) $params['ts'] !== time()) {
         return;
     }
     $accessToken = $params['id'];
     $timestamp = (int) $params['ts'];
     $nonce = $params['nonce'];
     $signature = $params['mac'];
     // Try to find the MAC key for the access token
     $macKey = $this->server->getMacStorage()->getByAccessToken($accessToken);
     if ($macKey === null) {
         return;
     }
     // Calculate and compare the signature
     $calculatedSignatureParts = [$timestamp, $nonce, strtoupper($requestHandler->getMethod()), $requestHandler->getUri(), $requestHandler->getHost(), $requestHandler->getPort()];
     if (array_key_exists('ext', $params)) {
         $calculatedSignatureParts[] = $params['ext'];
     }
     $calculatedSignature = base64_encode(hash_hmac('sha256', implode("\n", $calculatedSignatureParts), $macKey));
     // Return the access token if the signature matches
     return $this->hash_equals($calculatedSignature, $signature) ? $accessToken : null;
 }
예제 #2
0
 /**
  * {@inheritdoc}
  */
 public function determineAccessTokenInHeader(RequestHandler $requestHandler, $authHeader = 'Authorization')
 {
     $header = $requestHandler->getHeader($authHeader);
     $accessToken = trim(preg_replace('/^(?:\\s+)?Bearer\\s/', '', $header));
     return $accessToken === 'Bearer' ? '' : $accessToken;
 }