public function __construct($bypassPaths = array(), $bypassAuth = false) { $this->useOAuth2 = API_USE_OAUTH; if ($this->useOAuth2) { $this->initOAth2(); // Don't check for authorization when requesting a token or docs $temp = explode('/', trim($_SERVER['REQUEST_URI'], '/')); $lastPath = str_replace($_SERVER['QUERY_STRING'], '', $temp[count($temp) - 1]); $lastPath = str_replace('?', '', $lastPath); if ($bypassAuth == false && $lastPath != 'authorize' && $lastPath != 'docs') { $continue = true; foreach ($bypassPaths as $path) { if ($lastPath == $path) { $continue = false; } } if ($continue) { // Check for a valid token if (!$this->oauthServer->verifyResourceRequest(\OAuth2\Request::createFromGlobals())) { // Not authorized! $this->oauthServer->getResponse()->send(); die; } } } } }
/** * Execute this middleware. * * @param ServerRequestInterface $request The PSR7 request. * @param ResponseInterface $response The PSR7 response. * @param callable $next The Next middleware. * * @return ResponseInterface */ public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next) { $oauth2Request = RequestBridge::toOAuth2($request); foreach ($this->scopes as $scope) { if ($this->server->verifyResourceRequest($oauth2Request, null, $scope)) { $this->container['token'] = $this->server->getResourceController()->getToken(); return $next($request, $response); } } return ResponseBridge::fromOAuth2($this->server->getResponse()); }
/** * Stage 1: Client sends the user to this page * * User responds by accepting or denying * * @view oauth2/server/authorize.twig * @format HtmlFormat */ public function authorize() { static::$server->getResponse(static::$request); // validate the authorize request. if it is invalid, // redirect back to the client with the errors in tow if (!static::$server->validateAuthorizeRequest(static::$request)) { static::$server->getResponse()->send(); exit; } return array('queryString' => $_SERVER['QUERY_STRING']); }
/** * Verify request contains valid access token. * * @param array $scopes Scopes required for authorization. $scopes can be given as an array of arrays. OR logic will * use with each grouping. Example: Given ['superUser', ['basicUser', 'aPermission']], the * request will be verified if the request token has 'superUser' scope OR 'basicUser' and * 'aPermission' as its scope * * @return void */ public function call(array $scopes = [null]) { if (!$this->verify($scopes)) { MessageBridge::mapResponse($this->server->getResponse(), $this->app->response()); $this->app->stop(); } //@codeCoverageIgnore since stop() throws $this->app->token = $this->server->getResourceController()->getToken(); if ($this->next !== null) { $this->next->call(); } }
/** * {@inheritDoc} */ public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next) { try { $oauth2request = Util::convertRequestFromPsr7($request); if (!$this->server->verifyResourceRequest($oauth2request)) { return Util::convertResponseToPsr7($this->server->getResponse(), $response); } $request = $request->withAttribute('access_token', $this->server->getAccessTokenData($oauth2request)); } catch (\Exception $ex) { return new JsonResponse(['error' => $ex->getMessage(), 'error_description' => $ex->getMessage()], 500); } return $next($request, $response); }
/** * @param Route $route * @throws \Slim\Exception\Stop */ private function checkAuth(Route $route) { $request = OAuth2\Request::createFromGlobals(); $scopeRequired = []; if ($route->isSecure()) { $scopeRequired = 'admin'; } if (!$this->oauth->verifyResourceRequest($request, NULL, $scopeRequired)) { $response = $this->oauth->getResponse(); $this->app->response()->status($response->getStatusCode()); $response->send(); $this->app->stop(); } }
/** * Test resource (/oauth/resource) */ public function resourceAction() { // Handle a request for an OAuth2.0 Access Token and send the response to the client if (!$this->server->verifyResourceRequest($this->getOAuth2Request())) { $response = $this->server->getResponse(); $parameters = $response->getParameters(); $errorUri = isset($parameters['error_uri']) ? $parameters['error_uri'] : null; return new ApiProblemResponse(new ApiProblem($response->getStatusCode(), $parameters['error_description'], $errorUri, $parameters['error'])); } $httpResponse = $this->getResponse(); $httpResponse->setStatusCode(200); $httpResponse->getHeaders()->addHeaders(array('Content-type' => 'application/json')); $httpResponse->setContent(json_encode(array('success' => true, 'message' => 'You accessed my APIs!'))); return $httpResponse; }
/** * Method executed when the dispatch event is triggered * * @param MvcEvent $e * @return void */ public static function onDispatch(MvcEvent $e) { if ($e->getRequest() instanceof \Zend\Console\Request) { return; } if ($e->getRouteMatch()->getMatchedRouteName() == 'login' || $e->getRouteMatch()->getMatchedRouteName() == 'users') { return; } $sm = $e->getApplication()->getServiceManager(); $usersTable = $sm->get('Users\\Model\\UsersTable'); $storage = new Pdo($usersTable->adapter->getDriver()->getConnection()->getConnectionParameters()); $server = new Server($storage); if (!$server->verifyResourceRequest(Request::createFromGlobals())) { $model = new JsonModel(array('errorCode' => $server->getResponse()->getStatusCode(), 'errorMsg' => $server->getResponse()->getStatusText())); $response = $e->getResponse(); $response->setContent($model->serialize()); $response->getHeaders()->addHeaderLine('Content-Type', 'application/json'); $response->setStatusCode($server->getResponse()->getStatusCode()); return $response; } }
public function resource($path) { // Handle a request for an OAuth2.0 Access Token and send the response to the client if (!$this->server->verifyResourceRequest(Request::createFromGlobals())) { $this->server->getResponse()->send(); die; } $token = $this->server->getAccessTokenData(Request::createFromGlobals()); $return = array(); if (is_callable($this->resourceHandler)) { $return = call_user_func($this->resourceHandler, $path, $token['user_id']); } echo json_encode($return); }
/** * Attempt to authenticate the current request. * * @param Request $request * @param Response $response * @param MvcAuthEvent $mvcAuthEvent * @return false|Identity\IdentityInterface False on failure, IdentityInterface * otherwise */ public function authenticate(Request $request, Response $response, MvcAuthEvent $mvcAuthEvent) { $oauth2request = new OAuth2Request($request->getQuery()->toArray(), $request->getPost()->toArray(), [], $request->getCookie() ? $request->getCookie()->getArrayCopy() : [], $request->getFiles() ? $request->getFiles()->toArray() : [], method_exists($request, 'getServer') ? $request->getServer()->toArray() : $_SERVER, $request->getContent(), $request->getHeaders()->toArray()); // Failure to validate if (!$this->oauth2Server->verifyResourceRequest($oauth2request)) { $oauth2Response = $this->oauth2Server->getResponse(); $status = $oauth2Response->getStatusCode(); // 401 or 403 mean invalid credentials or unauthorized scopes; report those. if (in_array($status, [401, 403], true) && null !== $oauth2Response->getParameter('error')) { return $this->mergeOAuth2Response($status, $response, $oauth2Response); } // Merge in any headers; typically sets a WWW-Authenticate header. $this->mergeOAuth2ResponseHeaders($response, $oauth2Response->getHttpHeaders()); // Otherwise, no credentials were present at all, so we just return a guest identity. return new Identity\GuestIdentity(); } $token = $this->oauth2Server->getAccessTokenData($oauth2request); $identity = new Identity\AuthenticatedIdentity($token); $identity->setName($token['user_id']); return $identity; }
public function verifyResourceRequest(HttpRequest $httpRequest) { $oauthRequest = $this->buildRequest($httpRequest); $this->server->verifyResourceRequest($oauthRequest, null); return $this->buildResponse($this->determineFormat($httpRequest), new HttpResponse(), $this->server->getResponse()); }