public static function validateDeleteApprovalRequest(Request $request)
{
// REQUIRED client_id
$clientId = $request->getUrl()->getQueryParameter('client_id');
if (is_null($clientId)) {
throw new BadRequestException('missing client_id');
}
if (false === InputValidation::clientId($clientId)) {
throw new BadRequestException('invalid client_id');
}
// REQUIRED response_type
$responseType = $request->getUrl()->getQueryParameter('response_type');
if (is_null($responseType)) {
throw new BadRequestException('missing response_type');
}
if (false === InputValidation::responseType($responseType)) {
throw new BadRequestException('invalid response_type');
}
// REQUIRED scope
$scope = $request->getUrl()->getQueryParameter('scope');
if (is_null($scope)) {
throw new BadRequestException('missing scope');
}
if (false === InputValidation::scope($scope)) {
throw new BadRequestException('invalid scope');
}
return array('client_id' => $clientId, 'response_type' => $responseType, 'scope' => $scope);
}
public function __construct(Request $request)
{
$this->setClientId($request->getUrl()->getQueryParameter('client_id'));
$this->setResponseType($request->getUrl()->getQueryParameter('response_type'));
$this->setRedirectUri($request->getUrl()->getQueryParameter('redirect_uri'));
$this->setScope($request->getUrl()->getQueryParameter('scope'));
$this->setState($request->getUrl()->getQueryParameter('state'));
}
public function __construct(ClientData $clientData, Request $request, $redirectUri, array $urlParams)
{
$clientType = $clientData->getType();
$urlParams['state'] = $request->getUrl()->getQueryParameter('state');
// remove empty parameters
foreach ($urlParams as $key => $value) {
if (empty($value)) {
unset($urlParams[$key]);
}
}
if ('token' === $clientType) {
$separator = '#';
} else {
$separator = false === strpos($redirectUri, '?') ? '?' : '&';
}
parent::__construct(sprintf('%s%s%s', $redirectUri, $separator, http_build_query($urlParams)), 302);
}
public function execute(Request $request, array $routeConfig)
{
// only relevant if the request comes from a browser
if (false === mb_strpos($request->getHeader('Accept'), 'text/html')) {
return;
}
// these methods do not require CSRF protection as they are not
// supposed to have side effects on the server
$safeMethods = ['GET', 'HEAD', 'OPTIONS'];
if (!in_array($request->getMethod(), $safeMethods)) {
$referrer = $request->getHeader('HTTP_REFERER');
$rootUrl = $request->getUrl()->getRootUrl();
if (null === $referrer) {
throw new BadRequestException('HTTP_REFERER header missing');
}
if (0 !== mb_strpos($referrer, $rootUrl)) {
throw new BadRequestException('HTTP_REFERER has unexpected value');
}
}
}
public function getTokenIntrospection(Request $request, $tokenValue)
{
if (null === $tokenValue) {
throw new BadRequestException('invalid_token', 'the token parameter is missing');
}
// FIXME: validate token format
$accessToken = $this->db->getAccessToken($tokenValue);
if (false === $accessToken) {
// token does not exist
$tokenInfo = array('active' => false);
} elseif ($this->io->getTime() > $accessToken['issue_time'] + $accessToken['expires_in']) {
// token expired
$tokenInfo = array('active' => false);
} else {
// token exists and did not expire
$tokenInfo = array('active' => true, 'exp' => intval($accessToken['issue_time'] + $accessToken['expires_in']), 'iat' => intval($accessToken['issue_time']), 'scope' => $accessToken['scope'], 'iss' => $request->getUrl()->getHost(), 'client_id' => $accessToken['client_id'], 'sub' => $accessToken['resource_owner_id'], 'user_id' => $accessToken['resource_owner_id'], 'token_type' => 'bearer');
// as long as we have no RS registration we cannot set the audience...
// $tokenInfo['aud'] => 'foo';
}
$response = new JsonResponse();
$response->setHeaders(array('Cache-Control' => 'no-store', 'Pragma' => 'no-cache'));
$response->setBody($tokenInfo);
return $response;
}
if (0 === strpos($dbDsn, 'sqlite:')) {
// sqlite
if (!file_exists(substr($dbDsn, 7))) {
// sqlite file does not exist
$initDb = true;
}
}
$db = new PDO($dbDsn, $configReader->v('Db', 'username', false), $configReader->v('Db', 'password', false));
// only enable templateCache when in production mode
if ('development' !== $serverMode) {
$templateCache = $configReader->v('templateCache', false, sprintf('%s/data/tpl', dirname(__DIR__)));
} else {
$templateCache = null;
}
$templateManager = new TwigTemplateManager(array(dirname(__DIR__) . '/views', dirname(__DIR__) . '/config/views'), $templateCache);
$templateManager->setDefault(array('rootFolder' => $request->getUrl()->getRoot(), 'serverMode' => $serverMode));
$md = new MetadataStorage($db);
$approvalStorage = new PdoApprovalStorage($db);
$authorizationCodeStorage = new PdoAuthorizationCodeStorage($db);
$accessTokenStorage = new PdoAccessTokenStorage($db);
if ($initDb) {
$md->initDatabase();
$approvalStorage->initDatabase();
$authorizationCodeStorage->initDatabase();
$accessTokenStorage->initDatabase();
}
$remoteStorage = new RemoteStorage($md, $document);
$session = new Session('php-remote-storage', array('secure' => 'development' !== $serverMode));
$userAuth = new FormAuthentication(function ($userId) use($configReader) {
$userList = $configReader->v('Users');
if (null === $userList || !array_key_exists($userId, $userList)) {
public function deleteDocument(Request $request, TokenInfo $tokenInfo)
{
$path = new Path($request->getUrl()->getPathInfo());
if ($path->getUserId() !== $tokenInfo->getUserId()) {
throw new ForbiddenException('path does not match authorized subject');
}
if (!$this->hasWriteScope($tokenInfo->getScope(), $path->getModuleName())) {
throw new ForbiddenException('path does not match authorized scope');
}
// need to get the version before the delete
$documentVersion = $this->remoteStorage->getVersion($path);
$ifMatch = $this->stripQuotes($request->getHeader('If-Match'));
// if document does not exist, and we have If-Match header set we should
// return a 412 instead of a 404
if (null !== $ifMatch && !in_array($documentVersion, $ifMatch)) {
throw new PreconditionFailedException('version mismatch');
}
if (null === $documentVersion) {
throw new NotFoundException(sprintf('document "%s" not found', $path->getPath()));
}
$ifMatch = $this->stripQuotes($request->getHeader('If-Match'));
if (null !== $ifMatch && !in_array($documentVersion, $ifMatch)) {
throw new PreconditionFailedException('version mismatch');
}
$x = $this->remoteStorage->deleteDocument($path, $ifMatch);
$rsr = new Response();
$rsr->setHeader('ETag', '"' . $documentVersion . '"');
$rsr->setBody($x);
return $rsr;
}
public function postAuthorization(Request $request, UserInfoInterface $userInfo)
{
$authorizeRequest = new AuthorizeRequest($request);
$clientId = $authorizeRequest->getClientId();
$responseType = $authorizeRequest->getResponseType();
$redirectUri = $authorizeRequest->getRedirectUri();
$scope = $authorizeRequest->getScope();
$state = $authorizeRequest->getState();
$clientData = $this->storage->getClient($clientId);
if (false === $clientData) {
throw new BadRequestException('client not registered');
}
// if no redirect_uri is part of the query parameter, use the one from
// the client registration
if (null === $redirectUri) {
$redirectUri = $clientData->getRedirectUri();
}
if ('approve' !== $request->getPostParameter('approval')) {
return new ClientResponse($clientData, $request, $redirectUri, array('error' => 'access_denied', 'error_description' => 'not authorized by resource owner'));
}
$this->addApproval($clientData, $userInfo->getUserId(), $scope);
// redirect to self
return new RedirectResponse($request->getUrl()->toString(), 302);
}
public function deleteApproval(Request $request, UserInfoInterface $userInfo)
{
$id = $request->getUrl()->getQueryParameter('id');
$this->db->deleteApproval($id, $userInfo->getUserId());
return new RedirectResponse($request->getUrl()->getRootUrl() . 'approvals.php', 302);
}
private function runService(Request $request)
{
// support method override when _METHOD is set in a form POST
if ('POST' === $request->getMethod()) {
$methodOverride = $request->getPostParameter('_METHOD');
if (null !== $methodOverride) {
$request->setMethod($methodOverride);
}
}
foreach ($this->routes as $route) {
if (false !== ($availableRouteCallbackParameters = $route->isMatch($request->getMethod(), $request->getUrl()->getPathInfo()))) {
return $this->executeCallback($request, $route, $availableRouteCallbackParameters);
}
}
// figure out all supported methods by all routes
$supportedMethods = [];
foreach ($this->routes as $route) {
$routeMethods = $route->getMethods();
foreach ($routeMethods as $method) {
if (!in_array($method, $supportedMethods)) {
$supportedMethods[] = $method;
}
}
}
// requested method supported, document is just not available
if (in_array($request->getMethod(), $supportedMethods)) {
throw new NotFoundException('url not found', $request->getUrl()->getRoot() . mb_substr($request->getUrl()->getPathInfo(), 1));
}
// requested method net supported...
throw new MethodNotAllowedException($request->getMethod(), $supportedMethods);
}
