public function grant(TokenRequestAttempt $tokenRequestAttempt) { GrantTypeUtils::ensureRequestedGrantTypeIsSupported($this, $tokenRequestAttempt); try { GrantTypeUtils::ensureInputDataAreValid($this, $tokenRequestAttempt); } catch (MissingOrInvalidInputData $e) { return GrantDecision::denied(GrantError::invalidRequest($e->getMessage())); } $inputData = $tokenRequestAttempt->getInputData(); $username = $inputData['username']; $plainTextPassword = $inputData['password']; try { $userAccount = $this->userProvider->loadUserByUsername($username); $isPasswordValid = $this->passwordEncoder->isPasswordValid($userAccount->getPassword(), $plainTextPassword, $userAccount->getSalt()); if ($isPasswordValid) { $decision = GrantDecision::allowed(new ResourceOwner($userAccount->getUsername(), get_class($userAccount))); } else { $decision = GrantDecision::denied(GrantError::accessDenied('Invalid credentials')); } } catch (UsernameNotFoundException $e) { $decision = GrantDecision::denied(GrantError::accessDenied('Invalid credentials')); } catch (\Exception $e) { $decision = GrantDecision::denied(GrantError::serverError('Unknown error')); } return $decision; }
public static function allowed(ResourceOwner $resourceOwner = null) { $d = new self(); $d->decision = self::ALLOWED; $d->resourceOwner = $resourceOwner; $d->error = GrantError::none(); return $d; }
public function grant(TokenRequestAttempt $tokenRequestAttempt) { GrantTypeUtils::ensureRequestedGrantTypeIsSupported($this, $tokenRequestAttempt); try { GrantTypeUtils::ensureInputDataAreValid($this, $tokenRequestAttempt); } catch (MissingOrInvalidInputData $e) { return GrantDecision::denied(GrantError::invalidRequest($e->getMessage())); } if (true === $this->clientAuthenticator->isClientValid($tokenRequestAttempt->getInputData()->getClientId(), $tokenRequestAttempt->getInputData()->getClientSecret())) { return GrantDecision::allowed(); } return GrantDecision::denied(GrantError::accessDenied()); }
public function grant(TokenRequestAttempt $tokenRequestAttempt) { GrantTypeUtils::ensureRequestedGrantTypeIsSupported($this, $tokenRequestAttempt); try { GrantTypeUtils::ensureInputDataAreValid($this, $tokenRequestAttempt); } catch (MissingOrInvalidInputData $e) { return GrantDecision::denied(GrantError::invalidRequest($e->getMessage())); } try { $refreshToken = $this->refreshTokenStorage->findByToken($tokenRequestAttempt->getInputData()->getRefreshToken()); if ($refreshToken->isRevoked()) { return GrantDecision::denied(GrantError::accessDenied()); } if ($this->revokeRefreshTokenWhenUsed) { $refreshToken->revoke(); $this->refreshTokenStorage->save($refreshToken); } return GrantDecision::allowed(new ResourceOwner($refreshToken->getAssociatedAccessToken()->getResourceOwner()->getResourceOwnerId(), $refreshToken->getAssociatedAccessToken()->getResourceOwner()->getResourceOwnerType())); } catch (RefreshTokenNotFound $e) { return GrantDecision::denied(GrantError::accessDenied()); } }
/** * @param TokenRequestAttempt $tokenRequestAttempt * @return FailedTokenRequestAttemptResult|SuccessfulTokenRequestAttemptResult */ public function requestAccessToken(TokenRequestAttempt $tokenRequestAttempt) { if (!$this->checkGrantType($tokenRequestAttempt)) { return new FailedTokenRequestAttemptResult(GrantDecision::denied(GrantError::invalidGrant('Unknown grant type'))); } if ($this->checkIfAClientIsAlwaysRequired()) { if (!$this->checkIfAClientIsProvided($tokenRequestAttempt)) { return new FailedTokenRequestAttemptResult(GrantDecision::denied(GrantError::invalidGrant('Missing client_id'))); } if (!$this->checkIfTheProvidedClientIsValid($tokenRequestAttempt)) { return new FailedTokenRequestAttemptResult(GrantDecision::denied(GrantError::accessDenied('Invalid client credentials'))); } if (!$this->checkIfClientSupportsRequestedGrantType($tokenRequestAttempt)) { return new FailedTokenRequestAttemptResult(GrantDecision::denied(GrantError::invalidGrant(sprintf('This client doesn\'t support the following grant type: "%s"', $tokenRequestAttempt->getGrantType())))); } } $grantDecision = $this->getGrantTypeByIdentifier($tokenRequestAttempt->getGrantType())->grant($tokenRequestAttempt); if ($grantDecision->equals(GrantDecision::allowed())) { $accessToken = $this->buildAccessToken($tokenRequestAttempt, $grantDecision); $refreshToken = $this->buildRefreshToken($accessToken); return new SuccessfulTokenRequestAttemptResult($grantDecision, $accessToken, $refreshToken); } return new FailedTokenRequestAttemptResult($grantDecision); }