示例#1
0
 /**
  * Register a new OAuth Client
  */
 public function action_client()
 {
     $client = Model_OAuth2_Client::create_client($this->request->post('redirect_uri'));
     $this->template->title = "Client";
     $this->template->content = View::factory('welcome/client');
     $this->template->content->client = $client;
 }
示例#2
0
 public function token()
 {
     // Validate the request
     $request_params = $this->validate_token_params();
     // Response Params
     $response_params = array('token_type' => OAuth2::TOKEN_TYPE_BEARER, 'expires_in' => Model_OAuth2_Access_Token::$lifetime);
     $client = Model_OAuth2_Client::find_client($request_params['client_id'], $request_params['client_secret']);
     $user_id = NULL;
     if ($request_params['grant_type'] == OAuth2::GRANT_TYPE_AUTH_CODE) {
         $auth_code = Model_OAuth2_Auth_Code::find_code($request_params['code']);
         $user_id = $auth_code->user_id;
         $auth_code->delete();
     } elseif ($request_params['grant_type'] == OAuth2::GRANT_TYPE_REFRESH_TOKEN) {
         $refresh_token = Model_OAuth2_Refresh_Token::find_token($request_params['refresh_token']);
         $user_id = $refresh_token->user_id;
         $refresh_token->delete();
     } elseif ($request_params['grant_type'] == OAuth2::GRANT_TYPE_CLIENT_CREDENTIALS) {
         $user_id = NULL;
     } elseif ($request_params['grant_type'] == OAuth2::GRANT_TYPE_PASSWORD) {
         $user_id = $this->_validate_user($request_params['username'], $request_params['password']);
     }
     // Generate an access token
     $access_token = Model_OAuth2_Access_Token::create_token($request_params['client_id'], $user_id, $request_params['scope']);
     $response_params['access_token'] = $access_token->access_token;
     // If refreh tokens are supported, add one.
     if (in_array(OAuth2::GRANT_TYPE_REFRESH_TOKEN, OAuth2::$supported_grant_types)) {
         // Generate a refresh token
         $refresh_token = Model_OAuth2_Refresh_Token::create_token($request_params['client_id'], $user_id, $request_params['scope']);
         $response_params['refresh_token'] = $refresh_token->refresh_token;
     }
     // Add scope if needed
     if (Valid::not_empty($request_params['scope'])) {
         $response_params['scope'] = $request_params['scope'];
     }
     return json_encode($response_params);
 }
示例#3
0
 /**
  * Deletes a token
  * 
  * @param int $client_id client to delete
  * 
  * @return null
  */
 public static function delete_client($client_id)
 {
     Model_OAuth2_Client::find_client($client_id)->delete();
 }
示例#4
0
 /**
  * This action authenticates the resource owner and establishes whether
  * the resource owner grants or denies the client's access request.
  *
  * You WILL need to extend/replace this action.
  */
 public function action_authorize()
 {
     try {
         // Check if the user is logged in
         if (Auth::instance()->logged_in()) {
             // Find the current user
             $user = Auth::instance()->get_user();
             /**
              * Gather and validate the parameters from the query string
              * so they can be included in the POST with the
              * authorization results
              */
             $auth_params = $this->_oauth->validate_authorize_params();
             /**
              * If you want to show the name of the client requesting access,
              * you can use this to look it up ..
              */
             $client = Model_OAuth2_Client::find_client($auth_params['client_id']);
             /**
              * Authorization results have been submitted. Check if
              * the resource owner agreed, and pass this + the user's
              * primary key into the OAuth2_Provider::authorize() method.
              */
             if ($this->request->method() == Request::POST) {
                 $authorized = $this->request->post('authorized') == 'Yes';
                 $redirect_url = $this->_oauth->authorize($authorized, $user->pk());
                 /**
                  * Finally, Redirect the resource owner back to the
                  * client. This should be done regardless of if they
                  * granted permission or not.
                  */
                 $this->request->redirect($redirect_url);
             }
             /**
              * Show the authorization form. Ensure all the $auth_params
              * are included as hidden fields.
              */
             $this->response->body(View::factory('oauth2/authorize', array('auth_params' => $auth_params, 'client' => $client, 'user' => $user)));
         } else {
             /**
              * Redirect the user to the login page.
              *
              * You should ensure that once the user has successfully
              * logged in, redirect back to this URL ensuring ALL query
              * string parameters are included!
              */
             $post_login_redirect_url = $this->request->uri() . '?' . http_build_query($this->request->query());
             Session::instance()->set('post_login_redirect_url', $post_login_redirect_url);
             $this->request->redirect(Route::url('default', array('controller' => 'welcome', 'action' => 'login'), TRUE));
         }
     } catch (OAuth2_Exception $e) {
         /**
          * Something went wrong!
          *
          * You should probably show a nice error page :)
          *
          * Do NOT redirect the user back to the client.
          */
         throw new HTTP_Exception_400($e->getMessage());
     }
 }