/**
* Create a new OAuth2 authorization server
* @return self
*/
public function __construct()
{
// Set Bearer as the default token type
$this->setTokenType(new Bearer());
parent::__construct();
return $this;
}
/**
* This extended constructor is setting up
* the underlying AuthorizationServer with
* the grant types that GLPi Plugins support
* on it's OAuth2 Framework
*/
public function __construct()
{
parent::__construct();
$this->setSessionStorage(OAuthHelper::getSessionStorage());
$this->setAccessTokenStorage(OAuthHelper::getAccessTokenStorage());
$this->setRefreshTokenStorage(OAuthHelper::getRefreshTokenStorage());
$this->setClientStorage(OAuthHelper::getClientStorage());
$this->setScopeStorage(OAuthHelper::getScopeStorage());
$this->setAuthCodeStorage(new AuthCodeStorage());
// Adding the password grant to able users to login by themselves
$passwordGrant = new PasswordGrant();
$passwordGrant->setVerifyCredentialsCallback(function ($login, $password) {
$user = User::where(function ($q) use($login) {
return $q->where('email', '=', $login)->orWhere('username', '=', $login);
});
$count = $user->count();
if ($count < 1) {
return false;
}
if ($count > 1) {
throw new \Exception('Dangerous, query result count > 1 when user tried' . ' to log with login "' . $login . '" ' . 'and password "' . $password . '"');
return false;
} elseif ($count == 0) {
return false;
} else {
$user = $user->first();
if ($user->assertPasswordIs($password)) {
return $user->id;
} else {
return false;
}
}
});
$this->addGrantType($passwordGrant);
$appGrant = new ClientCredentialsGrant();
$this->addGrantType($appGrant);
$refreshTokenGrant = new RefreshTokenGrant();
$this->addGrantType($refreshTokenGrant);
}
