<?php
session_name('AkitaOAuth2ServerSample');
session_start();
require_once './lib/DataHandler.php';
// process request
$headers = apache_request_headers();
$request = new Akita_OAuth2_Server_Request('authorization', $_SERVER, $_GET, $headers);
$dataHandler = new Akita_OAuth2_Server_Sample_DataHandler($request);
$authHandler = new Akita_OAuth2_Server_AuthorizationHandler();
try {
$authHandler->processAuthorizationRequest($dataHandler);
} catch (Akita_OAuth2_Server_Error $error) {
// error handling
include './tmpl/error.html';
exit;
}
// login
$email = $_SESSION['email'];
$redirectUri = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
$_SESSION['redirect_uri'] = $redirectUri;
if (empty($email)) {
header('location: ./Login.php');
exit;
}
// store request
$_SESSION['server_request'] = serialize($request);
$_SESSION['server_ts'] = time();
$_SESSION['server_key'] = mt_rand();
$request_hash = hash_hmac('sha256', $_SESSION['server_request'] . $_SESSION['server_ts'], $_SESSION['server_key']);
$denied_url = str_replace('Authorization.php', 'Finish.php', 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['SCRIPT_NAME']) . '?request_hash=' . urlencode($request_hash) . '&deny=1';
public function test_allowAuthorizationRequest_success_code_token_state()
{
$server = array();
$params = array('response_type' => 'code token', 'client_id' => 'valid_client_id', 'redirect_uri' => 'http://valid_redirect_uri/', 'scope' => 'valid_scope', 'state' => 'test_state');
$request = new Akita_OAuth2_Server_Request('authorization', $server, $params);
$authInfo = new Akita_OAuth2_Model_AuthInfo();
$authInfo->code = 'test_code';
$accessToken = new Akita_OAuth2_Model_AccessToken();
$accessToken->token = 'test_access_token';
$accessToken->expiresIn = 3600;
$accessToken->scope = 'test_scope';
$dataHandler = new DataHandler_AuthorizationHandler_Test($request, $authInfo, $accessToken);
$authHandler = new Akita_OAuth2_Server_AuthorizationHandler();
try {
$res = $authHandler->allowAuthorizationRequest($dataHandler);
$this->assertEquals('http://valid_redirect_uri/', $res['redirect_uri']);
$this->assertEquals('test_code', $res['fragment']['code']);
$this->assertEquals('test_access_token', $res['fragment']['access_token']);
$this->assertEquals(3600, $res['fragment']['expires_in']);
$this->assertEquals('test_scope', $res['fragment']['scope']);
$this->assertEquals('test_state', $res['fragment']['state']);
} catch (Akita_OAuth2_Server_Error $error) {
$this->assertTrue(false, $error->getMessage());
}
}
$request = null;
$request_hash = $_GET['request_hash'];
if (isset($_SESSION['server_request']) && !empty($_SESSION['server_request']) && isset($_SESSION['server_ts']) && !empty($_SESSION['server_ts']) && isset($_SESSION['server_key']) && !empty($_SESSION['server_key']) && time() - 300 < $_SESSION['server_ts'] && $_SESSION['server_ts'] <= time() && $request_hash == hash_hmac('sha256', $_SESSION['server_request'] . $_SESSION['server_ts'], $_SESSION['server_key'])) {
$request = unserialize($_SESSION['server_request']);
unset($_SESSION['server_request']);
unset($_SESSION['server_ts']);
unset($_SESSION['server_key']);
} else {
// error handling
$error = new Akita_OAuth2_Server_Error('400', 'invalid_request');
include './tmpl/error.html';
exit;
}
$dataHandler = new Akita_OAuth2_Server_Sample_DataHandler($request);
$dataHandler->setUserId($email);
$authHandler = new Akita_OAuth2_Server_AuthorizationHandler();
try {
if (isset($_GET['deny']) && $_GET['deny'] == '1') {
$res = $authHandler->denyAuthorizationRequest($dataHandler);
} else {
$res = $authHandler->allowAuthorizationRequest($dataHandler);
}
} catch (Akita_OAuth2_Server_Error $error) {
// error handling
include './tmpl/error.html';
exit;
}
// build response
$redirect_uri = $res['redirect_uri'];
if (!empty($res['query'])) {
$redirect_uri .= strpos($redirect_uri, '?') === false ? '?' : '&';
