/**
* POST /oauth/access_token
*
* @param Request $request
*
* @return JsonResponse
*/
public function issueAccessToken(Request $request)
{
try {
$response = $this->server->issueAccessToken();
return $this->respond($response);
} catch (\Exception $e) {
return $this->setStatusCode($e->httpStatusCode)->respond(['error' => $e->errorType, 'message' => $e->getMessage()], $e->getHttpHeaders());
}
}
/**
* Authenticate via the Access Token Grant
*
* @return JsonResponse
*/
public function accessToken()
{
try {
$response = $this->server->issueAccessToken();
return response()->json($response);
} catch (OAuthException $e) {
$error = $e->errorType;
$message = $e->getMessage();
$code = $e->httpStatusCode;
$headers = $e->getHttpHeaders();
return response()->json(compact('error', 'message'), $code, $headers);
}
}
/**
* @Route("/", methods={"POST"})
*/
public function loginAction(Request $request)
{
$request->request->set('grant_type', 'password');
$request->request->set('client_id', $this->clientId);
$request->request->set('client_secret', $this->clientSecret);
$this->server->setRequest($request);
try {
$response = $this->server->issueAccessToken();
$request->getSession()->set('oauth_data', $response);
return new Response();
} catch (OAuthException $e) {
return new Response('', Response::HTTP_BAD_REQUEST);
}
}
/**
* Do authorization.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function postIndex(Request $request)
{
$server = new AuthorizationServer();
$server->setSessionStorage(new SessionStorage());
$server->setAccessTokenStorage(new AccessTokenStorage());
$server->setClientStorage(new ClientStorage());
$server->setScopeStorage(new ScopeStorage());
$server->setRefreshTokenStorage(new RefreshTokenStorage());
$server->addGrantType(new ClientCredentials());
$server->addGrantType(new RefreshToken());
$server->setTokenType(new Bearer());
try {
$accessToken = $server->issueAccessToken();
$response = new Response($accessToken, 200, ['Cache-Control' => 'no-store', 'Pragma' => 'no-store']);
} catch (OAuthException $e) {
$response = new Response(['error' => $e->errorType, 'message' => $e->getMessage()], $e->httpStatusCode, $e->getHttpHeaders());
} catch (\Exception $e) {
$response = new Response(['error' => $e->getCode(), 'message' => $e->getMessage()], 500);
} finally {
// Return the response
$response->headers->set('Content-type', 'application/json');
return $response;
}
// TO DO: Remove previous active access token for current client
}
/**
* Resource owner password credentials grant.
*
* @param Request $request
*
* @return Response
*/
public function grantPasswordCredentials(Request $request)
{
$this->authorisationServer->setRequest($request);
try {
$response = $this->authorisationServer->issueAccessToken();
return new Response(json_encode($response), 200, ['Content-type' => 'application/json', 'Cache-Control' => 'no-store', 'Pragma' => 'no-store']);
} catch (OAuthException $e) {
return $this->getExceptionResponse($e);
}
}
/**
* Do client authorization based on user login.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
protected function completeAuthorizationFlow(Request $request, User $user)
{
// First create OAuth Auth Code
$server = new AuthorizationServer();
$server->setSessionStorage(new SessionStorage());
$server->setAccessTokenStorage(new AccessTokenStorage());
$server->setClientStorage(new ClientStorage());
$server->setScopeStorage(new ScopeStorage());
$server->setAuthCodeStorage(new AuthCodeStorage());
$server->setRefreshTokenStorage(new RefreshTokenStorage());
$server->addGrantType(new AuthCode());
$server->addGrantType(new RefreshToken());
$server->setTokenType(new Bearer());
$identifiedOAuth = $request->get('identified_oauth');
$authParams = ['client' => $identifiedOAuth['client'], 'redirect_uri' => $identifiedOAuth['client']->getRedirectUri(), 'scopes' => $identifiedOAuth['scopes'], 'state' => time()];
$redirectUri = $server->getGrantType('authorization_code')->newAuthorizeRequest('user', $user->id, $authParams);
parse_str(parse_url($redirectUri, PHP_URL_QUERY), $queryStr);
// Complete the OAuth Auth flow
$server->getRequest()->request->set('grant_type', 'authorization_code');
$server->getRequest()->request->set('client_id', $identifiedOAuth['client']->getId());
$server->getRequest()->request->set('client_secret', $identifiedOAuth['client']->getSecret());
$server->getRequest()->request->set('redirect_uri', $identifiedOAuth['client']->getRedirectUri());
$server->getRequest()->request->set('code', $queryStr['code']);
try {
$accessToken = $server->issueAccessToken();
$response = new Response($accessToken, 200, ['Cache-Control' => 'no-store', 'Pragma' => 'no-store']);
} catch (OAuthException $e) {
$response = new Response(['error' => $e->errorType, 'message' => $e->getMessage()], $e->httpStatusCode, $e->getHttpHeaders());
} catch (\Exception $e) {
$response = new Response(['error' => $e->getCode(), 'message' => $e->getMessage()], 500);
} finally {
// Return the response
$response->headers->set('Content-type', 'application/json');
return $response;
}
// TO DO: Remove previous active access token for current client
}
/**
* Issue an access token if the request parameters are valid.
*
* @return array a response object for the protocol in use
*/
public function issueAccessToken()
{
return $this->issuer->issueAccessToken();
}
username = {username}
password = {password}
scope = {scope} optional
------------------------
grant_type = refresh_token
client_id = testclient
client_secret =
refresh_token = {refresh token}
This route will be used for logging in by using the password grant_type
*/
$app->post('/access_token/', function () use($app, $authorizationServer) {
try {
echo json_encode($authorizationServer->issueAccessToken());
} catch (\League\OAuth2\Server\Exception\InvalidRefreshException $e) {
$error = json_encode(['error' => $e->errorType, 'message' => $e->getMessage()]);
$app->halt($e->httpStatusCode, $error);
} catch (\League\OAuth2\Server\Exception\InvalidRequestException $e) {
$error = json_encode(['error' => $e->errorType, 'message' => $e->getMessage()]);
$app->halt($e->httpStatusCode, $error);
}
});
$app->get('/', function () use($app) {
echo 'Nothing to see here';
});
$routeFiles = (array) glob('routes/*.php');
foreach ($routeFiles as $routeFile) {
require $routeFile;
}
/**
* @return array
* @throws \League\OAuth2\Server\Exception\InvalidRequestException
* @throws \League\OAuth2\Server\Exception\UnsupportedGrantTypeException
*/
public function issueAccessToken()
{
return $this->authorizationServer->issueAccessToken();
}
function it_issues_an_access_token(AuthorizationServer $issuer)
{
$issuer->issueAccessToken()->willReturn('foo')->shouldBeCalled();
$this->issueAccessToken()->shouldReturn('foo');
}
/**
* The route responsible for issuing access token
*
* @param Router $router
* @param AuthorizationServer $authorizationServer
* @return \Response
*/
private function accessTokenRoute(Router $router, AuthorizationServer $authorizationServer)
{
$router->post(Config::get('laravel-oauth2-server.access_token_path'), function () use($authorizationServer) {
try {
$response = $authorizationServer->issueAccessToken();
return response()->json($response);
} catch (Exception $e) {
return response()->json(['error' => $e->getCode(), 'message' => $e->getMessage()], 500);
}
});
}
public function POST()
{
if (!isset($this->config['oauth'][$_SERVER['__version']])) {
throw new \Exception('Forbidden.', 403);
} elseif (!isset($_REQUEST['grant_type'])) {
throw new \Exception('Bad Request.', 400);
}
$config = $this->config['oauth'][$_SERVER['__version']];
switch (substr($_REQUEST['request'], strlen($_SERVER['__version']) + 2)) {
case 'oauth/access_token':
try {
$server = new AuthorizationServer();
$server->setSessionStorage(new SessionStorage());
$server->setAccessTokenStorage(new AccessTokenStorage());
$server->setClientStorage(new ClientStorage());
$server->setScopeStorage(new ScopeStorage());
$server->setRefreshTokenStorage(new RefreshTokenStorage());
$grant_type = $_REQUEST['grant_type'];
$grants = ['password'];
if (isset($config['grants'])) {
$grants = array_unique(array_merge($grants, $config['grants']));
}
if (!in_array($grant_type, $grants)) {
throw new \Exception('Unsupported grant type.', 403);
}
// Defaults TTLs to 1 day and 1 week respectively
$token_ttl = 3600;
$refresh_ttl = 604800;
if (isset($config['ttl']['access_token'])) {
$token_ttl = $config['ttl']['access_token'];
}
switch ($grant_type) {
case 'authorization_code':
throw new \Exception('Not Implemented', 501);
break;
case 'client_credentials':
throw new \Exception('Not Implemented', 501);
break;
case 'implicit':
throw new \Exception('Not Implemented', 501);
break;
case 'password':
$grant = new PasswordGrant();
$grant->setAccessTokenTTL($token_ttl);
$grant->setVerifyCredentialsCallback(function ($username, $password) {
$user = new User(['conditions' => ['email' => $username]]);
return $user->count() && password_verify($password, $user->record['password']);
});
break;
case 'refresh_token':
throw new \Exception('Not Implemented', 501);
// @todo Need to work through this, appears lib is busted
$grant = new RefreshTokenGrant();
//$grant->setAccessTokenTTL($refresh_ttl);
$server->addGrantType($grant);
break;
}
$server->addGrantType($grant);
// Adds the refresh token grant if enabled
if ($grant_type != 'refresh_token' && in_array('refresh_token', $grants)) {
if (isset($config['ttl']['refresh_token'])) {
$refresh_ttl = $config['ttl']['refresh_token'];
}
$grant = new RefreshTokenGrant();
$grant->setAccessTokenTTL($refresh_ttl);
$server->addGrantType($grant);
}
$response = $server->issueAccessToken();
return $response;
} catch (OAuthException $e) {
throw new \Exception($e->getMessage(), $e->httpStatusCode);
} catch (\Exception $e) {
throw new \Exception($e->getMessage(), $e->getCode());
}
break;
default:
throw new \Exception('Not Found.', 404);
break;
}
}
/**
* This inherited method, from oauth2-server
* aims to provide an access_token for users
* when they request it. OAuth2-Server verifies
* accuracy of credentials, and uses it's
* storage-class based system which we implement
* using eloquent models.
*
* This method also calls firewallOnScopes()
* to ensure that an anonymous token is never
* requested with scopes like "user" or so
*/
public function issueAccessToken()
{
$request = Request::createFromGlobals();
$grantType = $request->get('grant_type');
$clientId = $request->get('client_id');
$scopes = explode(' ', $request->get('scope'));
switch ($clientId) {
// We set client_secret = '' for webapp
// and glpidefault. But the firewall will
// only allow them to do certain things
case 'webapp':
case 'glpidefault':
if (!$request->get('client_secret')) {
$_POST['client_secret'] = '';
}
break;
}
if (!$grantType == 'client_credentials') {
if ($clientId != 'webapp') {
throw new AccessDenied();
}
}
$this->firewallOnScopes($grantType, $scopes);
return parent::issueAccessToken();
}
