/**
* @return \Cake\Network\Response|void
* @throws \League\OAuth2\Server\Exception\InvalidGrantException
*/
public function authorize()
{
if (!($authParams = $this->OAuth->checkAuthParams('authorization_code'))) {
return;
}
if (!$this->Auth->user()) {
$query = $this->request->query;
$query['redir'] = 'oauth';
return $this->redirect(['plugin' => false, 'controller' => 'Users', 'action' => 'login', '?' => $query]);
}
$event = new Event('OAuthServer.beforeAuthorize', $this);
EventManager::instance()->dispatch($event);
if (is_array($event->result)) {
$this->set($event->result);
}
if ($this->request->is('post') && $this->request->data['authorization'] === 'Approve') {
$ownerModel = isset($this->request->data['owner_model']) ? $this->request->data['owner_model'] : 'Users';
$ownerId = isset($this->request->data['owner_id']) ? $this->request->data['owner_id'] : $this->Auth->user('id');
$redirectUri = $this->OAuth->Server->getGrantType('authorization_code')->newAuthorizeRequest($ownerModel, $ownerId, $authParams);
$event = new Event('OAuthServer.afterAuthorize', $this);
EventManager::instance()->dispatch($event);
return $this->redirect($redirectUri);
} elseif ($this->request->is('post')) {
$event = new Event('OAuthServer.afterDeny', $this);
EventManager::instance()->dispatch($event);
$error = new AccessDeniedException();
$redirectUri = new RedirectUri($authParams['redirect_uri'], ['error' => $error->errorType, 'message' => $error->getMessage()]);
return $this->redirect($redirectUri);
}
$this->set('authParams', $authParams);
$this->set('user', $this->Auth->user());
}
public function issueAuthCode(Request $request)
{
$authParams = $this->service('session')->get('authParams');
$this->service('session')->remove('authParams');
$this->service('session')->remove('redirectTo');
if ($request->get('authorization') === 'Approve') {
$user = $this->identityProvider->getCurrentUser();
$redirectUri = $this->server->getGrantType('authorization_code')->newAuthorizeRequest('user', $user->id, $authParams);
return $this->setStatusCode(Response::HTTP_FOUND)->respond('', ['Location' => $redirectUri]);
} else {
$error = new AccessDeniedException();
$redirectUri = RedirectUri::make($authParams['redirect_uri'], ['error' => $error->errorType, 'message' => $error->getMessage()]);
return $this->setStatusCode(Response::HTTP_FOUND)->respond('', ['Location' => $redirectUri]);
}
}
/**
* Generate a redirect uri when the auth code request is denied by the user.
*
* @return string a correctly formed url to redirect back to
*/
public function authCodeRequestDeniedRedirectUri()
{
$error = new AccessDeniedException();
return $this->getRedirectUriGenerator()->make($this->getAuthCodeRequestParam('redirect_uri'), ['error' => $error->errorType, 'error_description' => $error->getMessage()]);
}
/**
* @return \Cake\Network\Response|void
* @throws \League\OAuth2\Server\Exception\InvalidGrantException
*/
public function authorize()
{
if (!($authParams = $this->OAuth->checkAuthParams('authorization_code'))) {
return;
}
$ownerModel = $this->request->query('owner_model') ?: 'Users';
$ownerId = $this->request->query('owner_id') ?: $this->Auth->user('id');
$clientId = $this->request->query('client_id');
if (!$this->Auth->user()) {
$query = $this->request->query;
$query['redir'] = 'oauth';
return $this->redirect(['plugin' => false, 'controller' => 'Users', 'action' => 'login', '?' => $query]);
} else {
$currentTokens = $this->loadModel('OAuthServer.AccessTokens')->find()->where(['expires > ' => Time::now()->getTimestamp()])->matching('Sessions', function ($q) use($ownerModel, $ownerId, $clientId) {
return $q->where(['owner_model' => $ownerModel, 'owner_id' => $ownerId, 'client_id' => $clientId]);
})->count();
}
$event = new Event('OAuthServer.beforeAuthorize', $this);
EventManager::instance()->dispatch($event);
$serializeKeys = [];
if (is_array($event->result)) {
$this->set($event->result);
$serializeKeys = array_keys($event->result);
}
if ($currentTokens > 0 || $this->request->is('post') && $this->request->data('authorization') === 'Approve') {
$ownerModel = $this->request->data('owner_model') ?: $ownerModel;
$ownerId = $this->request->data('owner_id') ?: $ownerId;
$redirectUri = $this->OAuth->Server->getGrantType('authorization_code')->newAuthorizeRequest($ownerModel, $ownerId, $authParams);
$event = new Event('OAuthServer.afterAuthorize', $this);
EventManager::instance()->dispatch($event);
return $this->redirect($redirectUri);
} elseif ($this->request->is('post')) {
$event = new Event('OAuthServer.afterDeny', $this);
EventManager::instance()->dispatch($event);
$error = new AccessDeniedException();
$redirectUri = RedirectUri::make($authParams['redirect_uri'], ['error' => $error->errorType, 'message' => $error->getMessage()]);
return $this->redirect($redirectUri);
}
$this->set('authParams', $authParams);
$this->set('user', $this->Auth->user());
$this->set('_serialize', array_merge(['user', 'authParams'], $serializeKeys));
}
public function signinPost(Application $app, Request $request)
{
session_start();
$authParams = $_SESSION['auth_params'];
$authParams['client'] = $this->getAuthorizationServer($app)->getClientStorage()->get($authParams['client']);
$scopeStorage = $this->getAuthorizationServer($app)->getScopeStorage();
$authParams['scopes'] = array_map(function ($item) use($scopeStorage) {
return $scopeStorage->get($item);
}, $authParams['scopes']);
if (!($user = $this->getAuthenticator($app)->findUser($request->request->all()))) {
return false;
}
$data = $request->request->all();
if (array_key_exists('authorization', $data) && $data['authorization'] === 'Approve' && $this->getAuthenticator($app)->authenticate($user, $data)) {
/** @var AuthCodeGrant $grant */
$grant = $this->getAuthorizationServer($app)->getGrantType('authorization_code');
$redirect = $grant->newAuthorizeRequest('user', $user->getId(), $authParams);
return $app->redirect($redirect);
}
$error = new AccessDeniedException();
$redirect = RedirectUri::make($authParams['redirect_uri'], ['error' => $error->errorType, 'message' => $error->getMessage()]);
return $app->redirect($redirect);
}
