/**
  * {@inheritDoc}
  */
 public function createTokenResponse(ServerRequestInterface $request, Client $client = null, TokenOwnerInterface $owner = null) : ResponseInterface
 {
     $postParams = $request->getParsedBody();
     // Everything is okey, we can start tokens generation!
     $scope = $postParams['scope'] ?? null;
     /** @var AccessToken $accessToken */
     $accessToken = $this->accessTokenService->createToken($owner, $client, $scope);
     return $this->prepareTokenResponse($accessToken);
 }
Exemplo n.º 2
0
 /**
  * {@inheritDoc}
  */
 public function createTokenResponse(ServerRequestInterface $request, Client $client = null, TokenOwnerInterface $owner = null) : ResponseInterface
 {
     $postParams = $request->getParsedBody();
     $refreshToken = $postParams['refresh_token'] ?? null;
     if (null === $refreshToken) {
         throw OAuth2Exception::invalidRequest('Refresh token is missing');
     }
     // We can fetch the actual token, and validate it
     /** @var RefreshToken $refreshToken */
     $refreshToken = $this->refreshTokenService->getToken((string) $refreshToken);
     if (null === $refreshToken || $refreshToken->isExpired()) {
         throw OAuth2Exception::invalidGrant('Refresh token is expired');
     }
     // We can now create a new access token! First, we need to make some checks on the asked scopes,
     // because according to the spec, a refresh token can create an access token with an equal or lesser
     // scope, but not more
     $scopes = $postParams['scope'] ?? $refreshToken->getScopes();
     if (!$refreshToken->matchScopes($scopes)) {
         throw OAuth2Exception::invalidScope('The scope of the new access token exceeds the scope(s) of the refresh token');
     }
     $owner = $refreshToken->getOwner();
     $accessToken = $this->accessTokenService->createToken($owner, $client, $scopes);
     // We may want to revoke the old refresh token
     if ($this->serverOptions->getRotateRefreshTokens()) {
         if ($this->serverOptions->getRevokeRotatedRefreshTokens()) {
             $this->refreshTokenService->deleteToken($refreshToken);
         }
         $refreshToken = $this->refreshTokenService->createToken($owner, $client, $scopes);
     }
     // We can generate the response!
     return $this->prepareTokenResponse($accessToken, $refreshToken, true);
 }
Exemplo n.º 3
0
 /**
  * {@inheritDoc}
  * @throws OAuth2Exception
  */
 public function createTokenResponse(ServerRequestInterface $request, Client $client = null, TokenOwnerInterface $owner = null) : ResponseInterface
 {
     $postParams = $request->getParsedBody();
     $code = $postParams['code'] ?? null;
     if (null === $code) {
         throw OAuth2Exception::invalidRequest('Could not find the authorization code in the request');
     }
     /* @var \ZfrOAuth2\Server\Model\AuthorizationCode $authorizationCode */
     $authorizationCode = $this->authorizationCodeService->getToken($code);
     if (null === $authorizationCode || $authorizationCode->isExpired()) {
         throw OAuth2Exception::invalidGrant('Authorization code cannot be found or is expired');
     }
     $clientId = $postParams['client_id'] ?? null;
     if ($authorizationCode->getClient()->getId() !== $clientId) {
         throw OAuth2Exception::invalidRequest('Authorization code\'s client does not match with the one that created the authorization code');
     }
     // If owner is null, we reuse the same as the authorization code
     $owner = $owner ?: $authorizationCode->getOwner();
     // Everything is okey, let's start the token generation!
     $scopes = $authorizationCode->getScopes();
     // reuse the scopes from the authorization code
     $accessToken = $this->accessTokenService->createToken($owner, $client, $scopes);
     // Before generating a refresh token, we must make sure the authorization server supports this grant
     $refreshToken = null;
     if ($this->authorizationServer->hasGrant(RefreshTokenGrant::GRANT_TYPE)) {
         $refreshToken = $this->refreshTokenService->createToken($owner, $client, $scopes);
     }
     return $this->prepareTokenResponse($accessToken, $refreshToken);
 }
 public function testCreateNewTokenUntilOneDoesNotExist()
 {
     $this->scopeService->expects($this->once())->method('getDefaultScopes')->will($this->returnValue(['read']));
     $this->tokenRepository->expects($this->at(0))->method('tokenExists')->with($this->isType('string'))->willReturn(true);
     $this->tokenRepository->expects($this->at(1))->method('tokenExists')->with($this->isType('string'))->willReturn(false);
     $this->tokenRepository->expects($this->once())->method('save')->will($this->returnArgument(0));
     $owner = $this->createMock(TokenOwnerInterface::class);
     $client = $this->createMock(Client::class);
     $token = $this->tokenService->createToken($owner, $client, []);
     $this->assertEquals(40, strlen($token->getToken()));
 }
Exemplo n.º 5
0
 /**
  * @throws OAuth2Exception
  */
 public function createTokenResponse(ServerRequestInterface $request, Client $client = null, TokenOwnerInterface $owner = null) : ResponseInterface
 {
     $postParams = $request->getParsedBody();
     // Validate the user using its username and password
     $username = $postParams['username'] ?? null;
     $password = $postParams['password'] ?? null;
     $scope = $postParams['scope'] ?? null;
     if (null === $username || null == $password) {
         throw OAuth2Exception::invalidRequest('Username and/or password is missing');
     }
     $callback = $this->callback;
     $owner = $callback($username, $password);
     if (!$owner instanceof TokenOwnerInterface) {
         throw OAuth2Exception::accessDenied('Either username or password are incorrect');
     }
     // Everything is okay, we can start tokens generation!
     $accessToken = $this->accessTokenService->createToken($owner, $client, $scope);
     // Before generating a refresh token, we must make sure the authorization server supports this grant
     $refreshToken = null;
     if ($this->authorizationServer->hasGrant(RefreshTokenGrant::GRANT_TYPE)) {
         $refreshToken = $this->refreshTokenService->createToken($owner, $client, $scope);
     }
     return $this->prepareTokenResponse($accessToken, $refreshToken);
 }