/** * Provides a form for user authorisation of an OAuth client. * * @param Request $request the OAuth request * @param Response $response the OAuth response * @since 2.0 */ protected function consentForm($request, $response) { $store = StoreManager::instance(); $tpl = new \Template(); $client = $store->loadClient($request['client_id'], 'SimpleID\\Protocols\\OAuth\\OAuthClient'); $form_state = array('rq' => $request, 'rs' => $response); $application_name = $client->getDisplayName(); $application_type = isset($client['oauth']['application_type']) ? $client['oauth']['application_type'] : ''; $this->f3->set('application_name', $application_name); if (isset($client['logo_url'])) { $this->f3->set('logo_url', $client['logo_url']); } if (isset($request['scope'])) { $scopes = $request->paramToArray('scope'); } else { $scopes = array(self::DEFAULT_SCOPE); } usort($scopes, array($this, 'sortScopes')); $scope_list = array(); foreach ($scopes as $scope) { $scope_list[$scope] = isset(self::$oauth_scope_settings[$scope]['description']) ? self::$oauth_scope_settings[$scope]['description'] : 'scope ' . $scope; } $this->f3->set('scope_list', $scope_list); if ($client->isDynamic()) { $this->f3->set('dynamic_label', $this->t('Warning: %application_name did not pre-register with SimpleID. Its identity has not been confirmed.', array('%application_name' => $application_name))); $this->f3->set('client_dynamic', 'client-dynamic'); } $client_info = array(); if (isset($client['oauth']['website'])) { $client_info[] = $this->t('You can visit this application\'s web site at <a href="%url">%url</a>.', array('%url' => $client['oauth']['website'])); } if (isset($client['oauth']['policy_url'])) { $client_info[] = $this->t('You can view this application\'s policy on the use of your data at <a href="%url">%url</a>.', array('%url' => $client['oauth']['policy_url'])); } if (isset($client['oauth']['tos_url'])) { $client_info[] = $this->t('You can view this application\'s terms of service at <a href="%url">%url</a>.', array('%url' => $client['oauth']['tos_url'])); } if (isset($client['oauth']['contacts'])) { $contacts = array(); if (is_array($client['oauth']['contacts'])) { foreach ($client['oauth']['contacts'] as $contact) { $contacts[] = '<a href="mailto:' . $this->rfc3986_urlencode($contact) . '">' . $this->f3->clean($contact) . '</a>'; } } else { $contacts[] = '<a href="mailto:' . $this->rfc3986_urlencode($client['oauth']['contacts']) . '">' . $this->f3->clean($client['oauth']['contacts']) . '</a>'; } $client_info[] = $this->t('You can email the developer of this application at: !contacts.', array('!contacts' => implode(', ', $contacts))); } $this->f3->set('client_info', $client_info); $this->f3->set('client_info_label', $this->t('More information')); $this->f3->set('request_label', $this->t('<strong class="@application_type">%application_name</strong> is requesting access to:', array('@application_type' => $application_type, '%application_name' => $application_name))); $this->f3->set('dashboard_label', $this->t('You can revoke access at any time under <strong>Dashboard</strong>.')); $this->f3->set('oauth_consent_label', $this->t('Don\'t ask me again for %application_name.', array('%application_name' => $application_name))); $this->f3->set('allow_button', $this->t('Allow')); $this->f3->set('deny_button', $this->t('Deny')); $token = new SecurityToken(); $this->f3->set('tk', $token->generate('oauth_consent', SecurityToken::OPTION_BIND_SESSION)); $this->f3->set('fs', $token->generate($form_state)); $this->f3->set('logout_destination', '/continue/' . rawurlencode($token->generate($request->toArray()))); $this->f3->set('user_header', true); $this->f3->set('framekiller', true); $this->f3->set('title', $this->t('OAuth Login')); $this->f3->set('page_class', 'dialog-page'); $this->f3->set('layout', 'oauth_consent.html'); $forms = $this->mgr->invokeAll('oAuthConsentForm', $form_state); uasort($forms, function ($a, $b) { if ($a['weight'] == $b['weight']) { return 0; } return $a['weight'] < $b['weight'] ? -1 : 1; }); $this->f3->set('forms', $forms); header('X-Frame-Options: DENY'); print $tpl->render('page.html'); }
/** * Authenticates the OAuth bearer access token. * * @param bool $include_request_body if true, also detects access tokens * from the request body */ protected function initBearerAccessToken($include_request_body = false) { $encoded_token = null; $request = new Request(); $header = $request->getAuthorizationHeader(); if ($header) { if ($header['#scheme'] == 'Bearer') { $encoded_token = $header['#credentials']; } } if (!$encoded_token && $include_request_body && $this->f3->exists('REQUEST.access_token')) { $encoded_token = $this->f3->get('REQUEST.access_token'); } return $encoded_token; }