/**
* Tries to refresh an access token if an refresh token is available.
* Returns the new received access token or throws an excepion
*
* @param \PSX\Oauth2\AccessToken $accessToken
* @return \PSX\Oauth2\AccessToken
*/
public function refreshToken(AccessToken $accessToken)
{
// request data
$refreshToken = $accessToken->getRefreshToken();
$scope = $accessToken->getScope();
if (empty($refreshToken)) {
throw new Exception('No refresh token was set');
}
$data = array('grant_type' => 'refresh_token', 'refresh_token' => $refreshToken);
if (!empty($scope)) {
$data['scope'] = $scope;
}
// authentication
$header = array();
if ($this->type == self::AUTH_BASIC) {
$header['Authorization'] = 'Basic ' . base64_encode($this->clientId . ':' . $this->clientSecret);
}
if ($this->type == self::AUTH_POST) {
$data['client_id'] = $this->clientId;
$data['client_secret'] = $this->clientSecret;
}
$request = new PostRequest($this->url, $header, $data);
$response = $this->http->request($request);
if ($response->getStatusCode() == 200) {
return $this->importer->import($this->createAccessToken(), $response);
} else {
throw new Exception('Could not refresh access token');
}
}
protected function onAccessToken(AccessToken $accessToken)
{
$this->testCase->assertEquals('2YotnFZFEjr1zCsicMWpAA', $accessToken->getAccessToken());
$this->testCase->assertEquals('example', $accessToken->getTokenType());
$this->testCase->assertEquals(3600, $accessToken->getExpiresIn());
$this->testCase->assertEquals('tGzv3JOkF0XG5Qx2TlKWIA', $accessToken->getRefreshToken());
$this->response->setStatus(200);
$this->response->getBody()->write('SUCCESS');
}
protected function generate(Credentials $credentials, $scope)
{
$sql = 'SELECT id,
name,
password
FROM fusio_user
WHERE name = :name
AND status = :status';
$user = $this->connection->fetchAssoc($sql, array('name' => $credentials->getClientId(), 'status' => User::STATUS_ADMINISTRATOR));
if (!empty($user)) {
if (password_verify($credentials->getClientSecret(), $user['password'])) {
$scopes = ['backend'];
// generate access token
$expires = new \DateTime();
$expires->add(new \DateInterval('PT1H'));
$now = new \DateTime();
$accessToken = hash('sha256', uniqid());
$this->connection->insert('fusio_app_token', ['appId' => App::BACKEND, 'userId' => $user['id'], 'status' => AppToken::STATUS_ACTIVE, 'token' => $accessToken, 'scope' => implode(',', $scopes), 'ip' => isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '127.0.0.1', 'expire' => $expires->format($this->connection->getDatabasePlatform()->getDateTimeFormatString()), 'date' => $now->format($this->connection->getDatabasePlatform()->getDateTimeFormatString())]);
$token = new AccessToken();
$token->setAccessToken($accessToken);
$token->setTokenType('bearer');
$token->setExpiresIn($expires->getTimestamp());
$token->setScope(implode(',', $scopes));
return $token;
} else {
throw new ServerErrorException('Invalid password');
}
} else {
throw new ServerErrorException('Unknown user');
}
}
protected function generate(Credentials $credentials, $scope)
{
$sql = 'SELECT id,
userId
FROM fusio_app
WHERE appKey = :app_key
AND appSecret = :app_secret
AND status = :status';
$app = $this->connection->fetchAssoc($sql, array('app_key' => $credentials->getClientId(), 'app_secret' => $credentials->getClientSecret(), 'status' => App::STATUS_ACTIVE));
if (!empty($app)) {
// validate scopes
$scopes = $this->getValidScopes($app['id'], $scope);
if (empty($scopes)) {
throw new ServerErrorException('No valid scope given');
}
// generate access token
$expires = new \DateTime();
$expires->add(new \DateInterval('PT6H'));
$now = new \DateTime();
$accessToken = TokenGenerator::generateToken();
$this->connection->insert('fusio_app_token', ['appId' => $app['id'], 'userId' => $app['userId'], 'status' => AppToken::STATUS_ACTIVE, 'token' => $accessToken, 'scope' => implode(',', $scopes), 'ip' => isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '127.0.0.1', 'expire' => $expires->format($this->connection->getDatabasePlatform()->getDateTimeFormatString()), 'date' => $now->format($this->connection->getDatabasePlatform()->getDateTimeFormatString())]);
$token = new AccessToken();
$token->setAccessToken($accessToken);
$token->setTokenType('bearer');
$token->setExpiresIn($expires->getTimestamp());
$token->setScope(implode(',', $scopes));
return $token;
} else {
throw new ServerErrorException('Unknown user');
}
}
protected function generate(Credentials $credentials, $scope)
{
$accessToken = new AccessToken();
$accessToken->setAccessToken('2YotnFZFEjr1zCsicMWpAA');
$accessToken->setTokenType('example');
$accessToken->setExpires(3600);
$accessToken->setRefreshToken('tGzv3JOkF0XG5Qx2TlKWIA');
return $accessToken;
}
protected function getAccessToken()
{
$accessToken = new AccessToken();
$accessToken->setAccessToken('2YotnFZFEjr1zCsicMWpAA');
$accessToken->setTokenType('bearer');
$accessToken->setExpiresIn(3600);
$accessToken->setRefreshToken('tGzv3JOkF0XG5Qx2TlKWIA');
return $accessToken;
}
public function getRecordInfo()
{
return new RecordInfo('token', array('id_token' => $this->idToken), parent::getRecordInfo());
}
public function generateAccessToken($appId, $userId, array $scopes, $ip, DateInterval $expire)
{
if (empty($scopes)) {
throw new StatusCode\BadRequestException('No scopes provided');
}
$expires = new \DateTime();
$expires->add($expire);
$now = new \DateTime();
// generate access token
$accessToken = TokenGenerator::generateToken();
$this->appTokenTable->create(['appId' => $appId, 'userId' => $userId, 'status' => Table\App\Token::STATUS_ACTIVE, 'token' => $accessToken, 'scope' => implode(',', $scopes), 'ip' => $ip, 'expire' => $expires, 'date' => $now]);
$token = new AccessToken();
$token->setAccessToken($accessToken);
$token->setTokenType('bearer');
$token->setExpiresIn($expires->getTimestamp());
$token->setScope(implode(',', $scopes));
return $token;
}
