/** * This extended constructor is setting up * the underlying AuthorizationServer with * the grant types that GLPi Plugins support * on it's OAuth2 Framework */ public function __construct() { parent::__construct(); $this->setSessionStorage(OAuthHelper::getSessionStorage()); $this->setAccessTokenStorage(OAuthHelper::getAccessTokenStorage()); $this->setRefreshTokenStorage(OAuthHelper::getRefreshTokenStorage()); $this->setClientStorage(OAuthHelper::getClientStorage()); $this->setScopeStorage(OAuthHelper::getScopeStorage()); $this->setAuthCodeStorage(new AuthCodeStorage()); // Adding the password grant to able users to login by themselves $passwordGrant = new PasswordGrant(); $passwordGrant->setVerifyCredentialsCallback(function ($login, $password) { $user = User::where(function ($q) use($login) { return $q->where('email', '=', $login)->orWhere('username', '=', $login); }); $count = $user->count(); if ($count < 1) { return false; } if ($count > 1) { throw new \Exception('Dangerous, query result count > 1 when user tried' . ' to log with login "' . $login . '" ' . 'and password "' . $password . '"'); return false; } elseif ($count == 0) { return false; } else { $user = $user->first(); if ($user->assertPasswordIs($password)) { return $user->id; } else { return false; } } }); $this->addGrantType($passwordGrant); $appGrant = new ClientCredentialsGrant(); $this->addGrantType($appGrant); $refreshTokenGrant = new RefreshTokenGrant(); $this->addGrantType($refreshTokenGrant); }
<?php require 'vendor/autoload.php'; use API\Core\Tool; use API\OAuthServer\OAuthHelper; // Initialisation of Database (Illuminate) // and webapp global object \API\Core\DB::initCapsule(); $app = new \Slim\Slim(); // Instantiating the Resource Server $resourceServer = new \League\OAuth2\Server\ResourceServer(OAuthHelper::getSessionStorage(), OAuthHelper::getAccessTokenStorage(), OAuthHelper::getClientStorage(), OAuthHelper::getScopeStorage()); // Loading all REST modules // with their endpoints like that: // inside 'src/endpoints' $dir_endpoints = opendir('src/endpoints'); while ($ent = readdir($dir_endpoints)) { // For each .php file if (preg_match('/^(.*)\\.php$/', $ent, $m)) { $endpoint = $m[0]; // Read the file with PHP require 'src/endpoints/' . $endpoint; } } closedir($dir_endpoints); // JSON 404 response $app->notFound(Tool::makeEndpoint(function () { throw new \API\Exception\InvalidEndpoint(); })); // Welcoming browsers when they reach /api $app->get('/', function () use($app) { $app->halt(200);