/** * Execute the Api Resource operation. * * @return mixed RApi object with information on success, boolean false on failure. * * @since 1.2 */ public function apiResource() { $scopeToCheck = $this->options->get('scope', ''); $scopes = array(); if (is_array($scopeToCheck) && count($scopeToCheck) > 0) { $scopes = $scopeToCheck; $scopeToCheck = null; } // Handle a request for an OAuth2.0 Access Token and send the response to the client if (!$this->server->verifyResourceRequest(OAuth2\Request::createFromGlobals(), null, $scopeToCheck)) { $this->response = $this->server->getResponse(); return $this; } $token = $this->server->getResourceController()->getToken(); if (!empty($scopes)) { $requestValid = false; // Check all scopes foreach ($scopes as $scope) { if (!empty($scope) && !empty($token["scope"]) && $this->server->getScopeUtil()->checkScope($scope, $token['scope'])) { $requestValid = true; break; } } if (!$requestValid) { $this->response = $this->server->getResponse(); $this->response->setError(403, 'insufficient_scope', JText::_('LIB_REDCORE_API_OAUTH2_SERVER_INSUFFICIENT_SCOPE')); $this->response->addHttpHeaders(array('WWW-Authenticate' => sprintf('%s realm="%s", scope="%s", error="%s", error_description="%s"', $this->server->getTokenType()->getTokenType(), $this->serverConfig['www_realm'], implode(', ', $scopes), $this->response->getParameter('error'), $this->response->getParameter('error_description')))); return $this; } } $this->response = json_encode(array('success' => true, 'user_id' => $token['user_id'], 'message' => JText::_('LIB_REDCORE_API_OAUTH2_SERVER_ACCESS_SUCCESS'))); return $this; }
$ext_methods = apply_filters("wo_endpoints", null); // Check to see if the method exists in the filter if (array_key_exists($method, $ext_methods)) { // If the method is is set to public, lets just run the method without if (isset($ext_methods[$method]['public']) && $ext_methods[$method]['public']) { call_user_func_array($ext_methods[$method]['func'], $_REQUEST); exit; } $response = new OAuth2\Response(); if (!$server->verifyResourceRequest(OAuth2\Request::createFromGlobals())) { $response->setError(400, 'invalid_request', 'Missing or invalid parameter(s)'); $response->send(); exit; } $token = $server->getAccessTokenData(OAuth2\Request::createFromGlobals()); if (is_null($token)) { $server->getResponse()->send(); exit; } do_action('wo_endpoint_user_authenticated', array($token)); call_user_func_array($ext_methods[$method]['func'], array($token)); exit; } /** * Server error response. End of line * @since 3.1.0 */ $response = new OAuth2\Response(); $response->setError(400, 'invalid_request', 'Unknown request'); $response->send(); exit;