/**
* Determine if there was an Authorization error
*
* @param AccessControlEvent $accessContentEvent
* @return \Parrot\API\Problem\Response\ProblemResponse
*/
public function __invoke(AccessControlEvent $accessContentEvent)
{
// @TODO Check if it is an API request
if (!$accessContentEvent->isAuthorized()) {
return new ProblemResponse(new Problem('403', 'Unable to Authorize requested access to this Resource'));
}
}
/**
* @param AccessControlEvent $accessControlEvent
*/
public function __invoke(AccessControlEvent $accessControlEvent)
{
$routeMatch = $accessControlEvent->getMvcEvent()->getRouteMatch();
$resourceIdentifier = $routeMatch->getParam('resource');
$resource = call_user_func($this->getResourceLocatorService(), $resourceIdentifier);
if ($resource instanceof Resource) {
$accessControlEvent->setResource($resource);
}
}
/**
* Authenticates a provided access token
*
* @param AccessControlEvent $event
* @return \Parrot\API\Problem\Response\ProblemResponse
*/
public function __invoke(AccessControlEvent $event)
{
// Ensure we clear out any previously known Identity
$event->getAuthenticationService()->clearIdentity();
// Attempt to Authenticate
$result = $event->getAuthenticationService()->getAdapter()->authenticate();
if ($result instanceof Result) {
$event->setAuthenticationResult($result);
}
return $result;
}
/**
* Determine if we have an authentication failure, and, if so, return a 401 response
*
* @param AccessControlEvent $accessControlEvent
* @return \Parrot\API\Problem\Response\ProblemResponse|\Zend\Stdlib\ResponseInterface
*/
public function __invoke(AccessControlEvent $accessControlEvent)
{
$result = $accessControlEvent->getAuthenticationResult();
if ($result->isValid()) {
return;
}
$mvcEvent = $accessControlEvent->getMvcEvent();
$response = $mvcEvent->getResponse();
if (!$response instanceof HttpResponse) {
return $response;
}
return new ProblemResponse(new Problem(401, 'Unauthorized'));
}
/**
* Authorization authenticated Identity to access Resource
*
* @param AccessControlEvent $accessControlEvent
* @return bool
*/
public function __invoke(AccessControlEvent $accessControlEvent)
{
// Have we Authenticated against OAuth?
$identity = $accessControlEvent->getIdentity();
if ($identity instanceof OAuth2Authenticated) {
// Did we locate a valid API Resource
$resource = $accessControlEvent->getResource();
if ($resource instanceof Resource) {
$accessToken = $identity->getAccessToken();
// Check if Resource identifier is in available scope
if (isset($accessToken['scope']) && in_array($resource->getIdentifier(), explode(", ", $accessToken['scope']))) {
$method = $accessControlEvent->getMvcEvent()->getRequest()->getMethod();
return $this->isAuthorized($identity, $resource, $method);
}
}
}
}
/**
* Trigger the authorization event
*
* @param MvcEvent $event
* @return null|Response
*/
public function authorization(MvcEvent $event)
{
if (!$event->getRequest() instanceof HttpRequest || $event->getRequest()->isOptions()) {
return;
}
// Check if dealing with an unrestricted route
if (!$this->isRestrictedRoute($event->getRouteMatch()->getMatchedRouteName())) {
return;
}
$responses = $this->events->trigger(AccessControlEvent::EVENT_AUTHORIZATION, $this->accessControlEvent, function ($r) {
return is_bool($r) || $r instanceof Response;
});
$result = $responses->last();
if (is_bool($result) && $result) {
$this->accessControlEvent->setIsAuthorized($result);
return;
}
if ($result instanceof Response) {
return $result;
}
}
