/**
  * The currently authenticated type must implement oauthable and we need any scopes requested.
  *
  * @param \Atrauzzi\Oauth2Server\Domain\Service\Scope $scopeService
  * @param \Atrauzzi\Oauth2Server\Domain\Repository\Client $clientRepository
  * @return bool
  * @throws \Atrauzzi\Oauth2Server\Exception\InvalidRequest
  */
 public function authorize(ScopeService $scopeService, ClientRepository $clientRepository)
 {
     try {
         $this->requestedScopes = $scopeService->findValid($this->get('scope'), 'authorization', $this->get('client_id'), $this->get('redirect_uri'));
     } catch (InvalidScope $ex) {
         return false;
     }
     $this->client = $clientRepository->find($this->get('client_id'), null, 'authorization', $this->get('redirect_uri'));
     return $this->user() instanceof Oauthable;
 }
Exemplo n.º 2
0
 /**
  * @param \Symfony\Component\HttpFoundation\Request $request
  * @param int $grantTypeFlow
  * @param \Atrauzzi\Oauth2Server\Domain\Entity\Oauthable $oauthable
  * @return array
  * @throws \Atrauzzi\Oauth2Server\Exception\InvalidClient
  * @throws \Atrauzzi\Oauth2Server\Exception\InvalidCredentials
  * @throws \Atrauzzi\Oauth2Server\Exception\InvalidRefresh
  * @throws \Atrauzzi\Oauth2Server\Exception\InvalidRequest
  * @throws \Atrauzzi\Oauth2Server\Exception\InvalidScope
  * @throws \Atrauzzi\Oauth2Server\Exception\UnsupportedFlow
  */
 public function doFlow(Request $request, $grantTypeFlow, Oauthable $oauthable = null)
 {
     if ($grantTypeFlow != self::FLOW_DEFAULT) {
         throw new UnsupportedFlow(get_class(), $grantTypeFlow);
     }
     if (!($clientId = $request->get('client_id', $request->getUser()))) {
         throw new InvalidRequest('client_id');
     }
     if (!($clientSecret = $request->get('client_secret', $request->getPassword()))) {
         throw new InvalidRequest('client_secret');
     }
     if (!($oldRefreshTokenParam = $request->get('refresh_token', null))) {
         throw new InvalidRequest('refresh_token');
     }
     if (!($client = $this->clientRepository->find($clientId, $clientSecret, $this->getIdentifier()))) {
         throw new InvalidClient();
     }
     if (!($originalRefreshToken = $this->refreshTokenRepository->find($oldRefreshTokenParam))) {
         throw new InvalidRefresh();
     }
     if ($originalRefreshToken->isExpired()) {
         throw new InvalidRefresh();
     }
     //
     //
     $originalScopes = $originalRefreshToken->getScopeNames();
     $requestedScopes = array_keys($this->scopeService->findValid($request->get('scope'), null, $client->getId(), $this->getIdentifier()));
     $disallowedScopes = array_diff($requestedScopes, $originalScopes);
     if (count($disallowedScopes)) {
         throw new InvalidScope($disallowedScopes);
     }
     $scopes = count($requestedScopes) ? $requestedScopes : $originalScopes;
     $accessToken = $this->accessTokenRepository->create(SecureKey::generate(), $this->config->getAccessTokenTtl() + time(), $originalRefreshToken->getOauthableId(), $originalRefreshToken->getOauthableType(), $client->getId(), $scopes);
     $tokenStrategy = $this->config->getTokenStrategy();
     if ($this->config->shouldRotateRefreshTokens()) {
         $newRefreshToken = $this->refreshTokenRepository->create(SecureKey::generate(), $this->config->getRefreshTokenTtl() + time(), $originalRefreshToken->getOauthableId(), $originalRefreshToken->getOauthableType(), $client->getId(), $scopes);
         $this->refreshTokenRepository->delete($originalRefreshToken);
         unset($originalRefreshToken);
         $this->refreshTokenRepository->persist($newRefreshToken);
         $accessToken->setRefreshTokenId($newRefreshToken->getId());
         // ToDo: Should we try to convey refresh token expiry?
         $tokenStrategy->setParam('refresh_token', $newRefreshToken->getId());
     }
     $this->accessTokenRepository->persist($accessToken);
     $tokenStrategy->setParam('access_token', $accessToken->getId());
     $tokenStrategy->setParam('expires_in', $this->config->getAccessTokenTtl());
     return $tokenStrategy->generateResponse();
 }
Exemplo n.º 3
0
 /**
  * @param \Symfony\Component\HttpFoundation\Request $request
  * @param \Atrauzzi\Oauth2Server\Domain\Entity\Oauthable $oauthable
  * @return string
  * @throws \Atrauzzi\Oauth2Server\Exception\InvalidClient
  * @throws \Atrauzzi\Oauth2Server\Exception\InvalidCredentials
  * @throws \Atrauzzi\Oauth2Server\Exception\InvalidRequest
  * @throws \Atrauzzi\Oauth2Server\Exception\InvalidScope
  * @throws \Atrauzzi\Oauth2Server\Exception\UnsupportedResponseType
  */
 protected function doAuthorizeFlow(Request $request, Oauthable $oauthable)
 {
     if (!$oauthable) {
         throw new InvalidCredentials();
     }
     if (!($clientId = $request->query->get('client_id'))) {
         throw new InvalidRequest('client_id');
     }
     if (!($redirectUri = $request->query->get('redirect_uri'))) {
         throw new InvalidRequest('redirect_uri');
     }
     $state = $request->query->get('state');
     if ($this->config->stateParamRequired() && !$state) {
         throw new InvalidRequest('state', $redirectUri);
     }
     if (!($responseType = $request->query->get('response_type'))) {
         throw new InvalidRequest('response_type', $redirectUri);
     }
     if ($responseType != $this->getResponseType()) {
         throw new UnsupportedResponseType($responseType, $redirectUri);
     }
     $client = $this->clientRepository->find($clientId, null, $this->getIdentifier(), $redirectUri);
     if (!$client instanceof Client) {
         throw new InvalidClient();
     }
     if ($this->config->requireRedirectDomainMatch() && !$this->validateRedirectUri($client->getRedirectUri(), $redirectUri)) {
         throw new InvalidRequest('redirect_uri', $redirectUri);
     }
     //
     //
     $scopes = $this->scopeService->findValid($request->query->get('scope'), $this->getIdentifier(), $client->getId(), $redirectUri);
     $authCode = $this->authorizationCodeRepository->create(SecureKey::generate(), time() + $this->config->getAuthorizationCodeTtl(), $oauthable->getId(), $oauthable->getType(), $client->getId(), $scopes ? array_keys($scopes) : null, $request->get('redirect_uri'));
     $this->authorizationCodeRepository->persist($authCode);
     return ['authorization_code' => $authCode, 'redirect_uri' => $authCode->generateRedirectUri($state)];
 }
Exemplo n.º 4
0
 /**
  * Conducts the checks and operations necessary for the flow indicated in the request.
  *
  * @param \Symfony\Component\HttpFoundation\Request $request
  * @param int $grantTypeFlow
  * @param \Atrauzzi\Oauth2Server\Domain\Entity\Oauthable $oauthable
  * @return array
  * @throws \Atrauzzi\Oauth2Server\Exception\InvalidClient
  * @throws \Atrauzzi\Oauth2Server\Exception\InvalidRequest
  */
 public function doFlow(Request $request, $grantTypeFlow, Oauthable $oauthable = null)
 {
     if (!($clientId = $request->get('client_id', $request->getUser()))) {
         throw new InvalidRequest('client_id');
     }
     if (!($clientSecret = $request->get('client_secret', $request->getPassword()))) {
         throw new InvalidRequest('client_secret');
     }
     if (!($client = $this->clientRepository->find($clientId, $clientSecret, $this->getIdentifier()))) {
         throw new InvalidClient();
     }
     $scopes = $this->scopeService->findValid($request->get('scope'));
     //
     //
     $accessToken = $this->accessTokenRepository->create(SecureKey::generate(), $this->config->getAccessTokenTtl() + time(), $oauthable->getId(), $oauthable->getType(), $client->getId(), array_keys($scopes));
     // ToDo: Do we do refresh tokens for this grant type?
     $this->accessTokenRepository->persist($accessToken);
     $tokenStrategy = $this->config->getTokenStrategy();
     $tokenStrategy->setParam('access_token', $accessToken->getId());
     $tokenStrategy->setParam('expires_in', $this->config->getAccessTokenTtl());
     return $tokenStrategy->generateResponse();
 }
Exemplo n.º 5
0
 /**
  * @param \Symfony\Component\HttpFoundation\Request $request
  * @param int $grantTypeFlow
  * @param \Atrauzzi\Oauth2Server\Domain\Entity\Oauthable $oauthable
  * @return mixed
  * @throws \Atrauzzi\Oauth2Server\Exception\InvalidClient
  * @throws \Atrauzzi\Oauth2Server\Exception\InvalidCredentials
  * @throws \Atrauzzi\Oauth2Server\Exception\InvalidRequest
  * @throws \Atrauzzi\Oauth2Server\Exception\InvalidScope
  * @throws \Atrauzzi\Oauth2Server\Exception\ServerError
  */
 public function doFlow(Request $request, $grantTypeFlow, Oauthable $oauthable = null)
 {
     if (!$oauthable instanceof Oauthable) {
         throw new InvalidCredentials();
     }
     if ($clientId = $request->get('client_id', $request->getUser())) {
         throw new InvalidRequest('client_id');
     }
     if ($clientSecret = $request->get('client_secret', $request->getPassword())) {
         throw new InvalidRequest('client_secret');
     }
     if (!($client = $this->clientRepository->find($clientId, $clientSecret, $this->getIdentifier()))) {
         throw new InvalidClient();
     }
     if (!($username = $request->get('username'))) {
         throw new InvalidRequest('username');
     }
     if ($password = $request->get('password')) {
         throw new InvalidRequest('password');
     }
     //
     //
     $scopes = $this->scopeService->findValid($request->get('scopes'), $this->getIdentifier(), $client->getId());
     $accessToken = $this->accessTokenRepository->create(SecureKey::generate(), $this->config->getAccessTokenTtl() + time(), $oauthable->getId(), $oauthable->getType(), $client->getId(), array_keys($scopes));
     $tokenStrategy = $this->config->getTokenStrategy();
     if ($this->config->hasGrantType('refresh_token')) {
         $refreshToken = $this->refreshTokenRepository->create(SecureKey::generate(), $this->config->getRefreshTokenTtl() + time(), $oauthable->getId(), $oauthable->getType(), $client->getId(), array_keys($scopes));
         $this->refreshTokenRepository->persist($refreshToken);
         $accessToken->setRefreshTokenId($refreshToken->getId());
         $tokenStrategy->setParam('refresh_token', $refreshToken->getId());
     }
     $this->accessTokenRepository->persist($accessToken);
     $tokenStrategy->setParam('access_token', $accessToken->getId());
     $tokenStrategy->setParam('expires_in', $this->config->getAccessTokenTtl());
     return $tokenStrategy->generateResponse();
 }