/**
  * Authenticate an incoming request.
  *
  * @param \Illuminate\Http\Request $request
  * @param \Closure                 $next
  *
  * @return mixed
  */
 public function handle(Request $request, Closure $next)
 {
     $_token = $request->input('access-token');
     $_clientId = $request->input('client-id');
     //  Remove these arguments
     $request->offsetUnset('client-id');
     $request->offsetUnset('access-token');
     //  Just plain ol' bad...
     if (empty($_token) || empty($_clientId)) {
         $this->error('bad request: no token or client-id present');
         return ErrorPacket::create(Response::HTTP_BAD_REQUEST);
     }
     try {
         $_key = AppKey::byClientId($_clientId)->firstOrFail();
         $this->setSigningCredentials($_clientId, $_key->client_secret);
     } catch (\Exception $_ex) {
         $this->error('forbidden: invalid "client-id" [' . $_clientId . ']');
         return ErrorPacket::create(Response::HTTP_FORBIDDEN, 'Invalid "client-id"');
     }
     if (!$this->verifySignature($_token, $_clientId, $_key->client_secret)) {
         $this->error('bad request: signature verification fail');
         return ErrorPacket::create(Response::HTTP_BAD_REQUEST);
     }
     try {
         $_owner = $this->_locateOwner($_key->owner_id, $_key->owner_type_nbr);
     } catch (ModelNotFoundException $_ex) {
         $this->error('unauthorized: invalid "user" assigned to akt#' . $_key->id);
         return ErrorPacket::create(Response::HTTP_UNAUTHORIZED);
     }
     $request->setUserResolver(function () use($_owner) {
         return $_owner;
     });
     //$this->debug('token validated for client "' . $_clientId . '"');
     return parent::handle($request, $next);
 }
 /**
  * Overrides the request's resolver for user()
  *
  * @param Illuminate\Http\Request $request
  */
 protected function setUser($request)
 {
     $userId = $this->server->getAccessToken()->getSession()->getOwnerId();
     $user = $this->user->findOrFail($userId);
     // Closure will encapsulate preceeding $user object for the
     // remainder of the request.
     $request->setUserResolver(function () use($user) {
         return $user;
     });
 }
 /**
  * auth user.
  *
  * @param Request                $request
  * @param ServerRequestInterface $serverRequest
  */
 protected function authUser(Request $request, ServerRequestInterface $serverRequest)
 {
     $userVerifier = app()->make(Oauth2Server::class)->getOptions()['user_verifier'];
     /** @var \RTLer\Oauth2\Authorize\UserVerifierInterface $userVerifierObj */
     $userVerifierObj = new $userVerifier();
     $user = $userVerifierObj->getUserByIdentifier($serverRequest->getAttribute('oauth_user_id'));
     Auth::setUser($user);
     $request->setUserResolver(function () use($user) {
         return $user;
     });
 }
 /**
  * Handle an incoming request.
  *
  * @param  \Illuminate\Http\Request  $request
  * @param  \Closure  $next
  * @param  string|null  $guard
  * @return mixed
  */
 public function handle($request, Closure $next, $guard = null)
 {
     $service = new Service();
     if ($service->authByToken($request->session()->get('token'))) {
         $request->setUserResolver(function () use($service) {
             return $service->getModel();
         });
         return $next($request);
     }
     if ($request->ajax()) {
         return response('Unauthorized.', 401);
     }
     return redirect(route('admin:login'));
 }
Пример #5
0
 /**
  * Bind the given security context to the Request and Container.
  *
  * @param string  $context
  * @param Request $request
  */
 public function bindContext($context, Request $request)
 {
     $security = $this->getSecurity($context);
     $this->container->instance(SecurityApi::class, $security);
     $this->container->bind(UrlGeneratorContract::class, function () use($security) {
         return $security->url();
     });
     $this->container->bind([UrlGenerator::class => 'url'], function (Container $container) use($security) {
         /** @var PermissionAwareUrlGeneratorExtension $url */
         $url = $container->make(PermissionAwareUrlGeneratorExtension::class);
         $url->setUrlGenerator($security->url());
         return $url;
     });
     $request->setUserResolver(function () use($security) {
         return $security->getUser();
     });
 }
Пример #6
0
 /**
  * Set the user resolver callback.
  *
  * @param \Closure $callback
  * @return $this 
  * @static 
  */
 public static function setUserResolver($callback)
 {
     return \Illuminate\Http\Request::setUserResolver($callback);
 }
Пример #7
0
 /**
  * Prepare the given request instance for use with the application.
  *
  * @param   \Illuminate\Http\Request  $request
  * @return \Illuminate\Http\Request
  */
 protected function prepareRequest(Request $request)
 {
     $request->setUserResolver(function () {
         return $this->make('auth')->user();
     })->setRouteResolver(function () {
         return $this->currentRoute;
     });
     return $request;
 }