/**
* Matches token type against request and returns if it matches
*
* @param IRequest $request
*
* @throws \OAuth2\Exception\InvalidContentTypeException
* @throws \OAuth2\Exception\InvalidHttpMethodException
* @throws \OAuth2\Exception\MalformedTokenException
* @return boolean
*/
public function match(IRequest $request)
{
// first check request for authorization header
$header = $request->headers('authorization');
if ($header) {
if (!preg_match('~Bearer\\s(\\S+)~', $header, $matches)) {
throw new MalformedTokenException();
}
$this->identifier = $matches[1];
return true;
}
// if is POST check for request (POST BODY) parameters
if ($accessToken = $request->request('access_token')) {
if (!($request->isMethod('post') || $request->isMethod('put'))) {
throw new InvalidHttpMethodException();
}
$contentType = $request->headers('content_type');
if (!$contentType || strpos($contentType, 'application/x-www-form-urlencoded') !== 0) {
throw new InvalidContentTypeException();
}
$this->identifier = $accessToken;
return true;
}
// check query for access token
if ($accessToken = $request->query('access_token')) {
$this->identifier = $accessToken;
return true;
}
return false;
}
function it_throws_exception_if_client_is_public_and_secret_was_provided(IRequest $request, IClientStorage $clientStorage, IClient $client)
{
$request->headers('PHP_AUTH_USER')->willReturn('public')->shouldBeCalled();
$request->headers('PHP_AUTH_PW')->willReturn('secret')->shouldBeCalled();
$clientStorage->get('public')->willReturn($client)->shouldBeCalled();
$client->getSecret()->willReturn(null)->shouldBeCalled();
$this->shouldThrow(new InvalidClientException('Invalid client credentials.'))->during('authenticate', [$request]);
}
function it_matches_to_requests_without_authorization_header(IRequest $request1, IRequest $request2)
{
$request1->headers('authorization')->willReturn(null)->shouldBeCalled();
$this->match($request1)->shouldReturn(true);
$request2->headers('authorization')->willReturn('b')->shouldBeCalled();
$this->match($request2)->shouldReturn(false);
}
function it_should_return_access_token_from_token_in_uri_query_parameter(IRequest $request)
{
$request->headers('authorization')->willReturn(null);
$request->request('access_token')->willReturn(null);
$request->query('access_token')->willReturn('pom');
$this->match($request)->shouldReturn(true);
$this->getAccessToken()->shouldReturn('pom');
}
/**
* Authenticates client and returns it
*
* @param IRequest $request
*
* @return IClient
* @throws InvalidClientException
*/
public function authenticate(IRequest $request)
{
$id = $request->headers('PHP_AUTH_USER');
$secret = $request->headers('PHP_AUTH_PW');
if (!$id) {
throw new InvalidClientException('Client id is missing.');
}
// find client or throw exception if does not exist
if (!($client = $this->clientStorage->get($id))) {
throw new InvalidClientException('Invalid client credentials.');
}
// if client is confidential and secrets does not match
// or if client is public (does not have secret key) and credentials contains secret
// throw exception
if ((string) $secret !== (string) $client->getSecret()) {
throw new InvalidClientException('Invalid client credentials.');
}
return $client;
}
/**
* Matches if client authentication method can be used for given request
*
* @param IRequest $request
*
* @return bool
*/
public function match(IRequest $request)
{
return $request->headers('authorization') === null;
}
