Returns the password.
public getPassword ( ) : string | null | ||
return | string | null |
/** * Validate a client. If strictly validating an ID and secret are required. * * @param bool $strict * @return \Dingo\OAuth2\Entity\Client * @throws \Dingo\OAuth2\Exception\ClientException */ protected function validateClient($strict = false) { // Grab the redirection URI from the post data if there is one. This is // sent along when validating a client for some grant types. It doesn't // matter if we send along a "null" value though. $redirectUri = $this->request->get('redirect_uri'); $id = $this->request->getUser() ?: $this->request->get('client_id'); $secret = $this->request->getPassword() ?: $this->request->get('client_secret'); // If we have a client ID and secret we'll attempt to verify the client by // grabbing its details from the storage adapter. if ((!$strict or $strict and $id and $secret) and $client = $this->storage('client')->get($id, $secret, $redirectUri)) { return $client; } throw new ClientException('client_authentication_failed', 'The client failed to authenticate.', 401); }
/** * @param Request $request * * @return ApiClientInterface * * @throws BadClientCredentialsHttpException * @throws ClientNonTrustedHttpException * @throws ClientBlockedHttpException */ protected function getClient(Request $request) { $client = $this->apiClientRepository->findOneByKeyAndSecret($request->getUser(), $request->getPassword()); if (!$client instanceof ApiClientInterface) { throw new BadClientCredentialsHttpException(); } elseif ($client->isBlocked()) { throw new ClientBlockedHttpException(); } elseif (!$client->isTrusted()) { throw new ClientNonTrustedHttpException(); } return $client; }
public function createContexts(Request $request) { $map = array('request_method' => $request->getMethod(), 'request_uri' => $request->getRequestUri(), 'request_route' => $request->attributes->get('_route'), 'request_host' => $request->getHost(), 'request_port' => $request->getPort(), 'request_scheme' => $request->getScheme(), 'request_client_ip' => $request->getClientIp(), 'request_content_type' => $request->getContentType(), 'request_acceptable_content_types' => $request->getAcceptableContentTypes(), 'request_etags' => $request->getETags(), 'request_charsets' => $request->getCharsets(), 'request_languages' => $request->getLanguages(), 'request_locale' => $request->getLocale(), 'request_auth_user' => $request->getUser(), 'request_auth_has_password' => !is_null($request->getPassword())); // Attributes from newer versions. if (method_exists($request, 'getEncodings')) { $map['request_encodings'] = $request->getEncodings(); } if (method_exists($request, 'getClientIps')) { $map['request_client_ips'] = $request->getClientIps(); } return $map; }
protected function logRequest(Request $request) { $msg = 'Request "{request_method} {request_uri}"'; $map = array('request_method' => $request->getMethod(), 'request_uri' => $request->getRequestUri(), 'request_host' => $request->getHost(), 'request_port' => $request->getPort(), 'request_scheme' => $request->getScheme(), 'request_client_ip' => $request->getClientIp(), 'request_content_type' => $request->getContentType(), 'request_acceptable_content_types' => $request->getAcceptableContentTypes(), 'request_etags' => $request->getETags(), 'request_charsets' => $request->getCharsets(), 'request_languages' => $request->getLanguages(), 'request_locale' => $request->getLocale(), 'request_auth_user' => $request->getUser(), 'request_auth_has_password' => !is_null($request->getPassword())); // Attributes from newer versions. if (method_exists($request, 'getEncodings')) { $map['request_encodings'] = $request->getEncodings(); } if (method_exists($request, 'getClientIps')) { $map['request_client_ips'] = $request->getClientIps(); } $this->logger->log($this->logLevel, $msg, $map); }
/** * @Route("/api/tokens", name="post_token") * @Method("POST") */ public function createAction(Request $request) { $user = $this->getDoctrine()->getRepository('AppBundle:User')->findOneBy(['username' => $request->getUser()]); if (!$user) { throw $this->createNotFoundException(); } $isValid = $this->get('security.password_encoder')->isPasswordValid($user, $request->getPassword()); if (!$isValid) { throw new BadCredentialsException(); } $token = $this->get('lexik_jwt_authentication.encoder')->encode(['username' => $user->getUsername()]); return new JsonResponse(['token' => $token]); }
/** * @param \Symfony\Component\HttpFoundation\Request $request * @param int $grantTypeFlow * @param \Atrauzzi\Oauth2Server\Domain\Entity\Oauthable $oauthable * @return array * @throws \Atrauzzi\Oauth2Server\Exception\InvalidClient * @throws \Atrauzzi\Oauth2Server\Exception\InvalidCredentials * @throws \Atrauzzi\Oauth2Server\Exception\InvalidRefresh * @throws \Atrauzzi\Oauth2Server\Exception\InvalidRequest * @throws \Atrauzzi\Oauth2Server\Exception\InvalidScope * @throws \Atrauzzi\Oauth2Server\Exception\UnsupportedFlow */ public function doFlow(Request $request, $grantTypeFlow, Oauthable $oauthable = null) { if ($grantTypeFlow != self::FLOW_DEFAULT) { throw new UnsupportedFlow(get_class(), $grantTypeFlow); } if (!($clientId = $request->get('client_id', $request->getUser()))) { throw new InvalidRequest('client_id'); } if (!($clientSecret = $request->get('client_secret', $request->getPassword()))) { throw new InvalidRequest('client_secret'); } if (!($oldRefreshTokenParam = $request->get('refresh_token', null))) { throw new InvalidRequest('refresh_token'); } if (!($client = $this->clientRepository->find($clientId, $clientSecret, $this->getIdentifier()))) { throw new InvalidClient(); } if (!($originalRefreshToken = $this->refreshTokenRepository->find($oldRefreshTokenParam))) { throw new InvalidRefresh(); } if ($originalRefreshToken->isExpired()) { throw new InvalidRefresh(); } // // $originalScopes = $originalRefreshToken->getScopeNames(); $requestedScopes = array_keys($this->scopeService->findValid($request->get('scope'), null, $client->getId(), $this->getIdentifier())); $disallowedScopes = array_diff($requestedScopes, $originalScopes); if (count($disallowedScopes)) { throw new InvalidScope($disallowedScopes); } $scopes = count($requestedScopes) ? $requestedScopes : $originalScopes; $accessToken = $this->accessTokenRepository->create(SecureKey::generate(), $this->config->getAccessTokenTtl() + time(), $originalRefreshToken->getOauthableId(), $originalRefreshToken->getOauthableType(), $client->getId(), $scopes); $tokenStrategy = $this->config->getTokenStrategy(); if ($this->config->shouldRotateRefreshTokens()) { $newRefreshToken = $this->refreshTokenRepository->create(SecureKey::generate(), $this->config->getRefreshTokenTtl() + time(), $originalRefreshToken->getOauthableId(), $originalRefreshToken->getOauthableType(), $client->getId(), $scopes); $this->refreshTokenRepository->delete($originalRefreshToken); unset($originalRefreshToken); $this->refreshTokenRepository->persist($newRefreshToken); $accessToken->setRefreshTokenId($newRefreshToken->getId()); // ToDo: Should we try to convey refresh token expiry? $tokenStrategy->setParam('refresh_token', $newRefreshToken->getId()); } $this->accessTokenRepository->persist($accessToken); $tokenStrategy->setParam('access_token', $accessToken->getId()); $tokenStrategy->setParam('expires_in', $this->config->getAccessTokenTtl()); return $tokenStrategy->generateResponse(); }
/** * Generates new token action. * * @param Request $request The request * @param string $userClass Extra parameter that contains the user type * * @return \Symfony\Component\HttpFoundation\JsonResponse */ public function newTokenAction(Request $request, $userClass) { try { $this->get('bengor_user.' . $userClass . '.command_bus')->handle(new LogInUserCommand($request->getUser(), $request->getPassword())); } catch (UserDoesNotExistException $exception) { return new JsonResponse('', 400); } catch (UserEmailInvalidException $exception) { return new JsonResponse('', 400); } catch (UserInactiveException $exception) { return new JsonResponse('Inactive user', 400); } catch (UserPasswordInvalidException $exception) { return new JsonResponse('', 400); } $token = $this->get('lexik_jwt_authentication.encoder')->encode(['email' => $request->getUser()]); return new JsonResponse(['token' => $token]); }
/** * Conducts the checks and operations necessary for the flow indicated in the request. * * @param \Symfony\Component\HttpFoundation\Request $request * @param int $grantTypeFlow * @param \Atrauzzi\Oauth2Server\Domain\Entity\Oauthable $oauthable * @return array * @throws \Atrauzzi\Oauth2Server\Exception\InvalidClient * @throws \Atrauzzi\Oauth2Server\Exception\InvalidRequest */ public function doFlow(Request $request, $grantTypeFlow, Oauthable $oauthable = null) { if (!($clientId = $request->get('client_id', $request->getUser()))) { throw new InvalidRequest('client_id'); } if (!($clientSecret = $request->get('client_secret', $request->getPassword()))) { throw new InvalidRequest('client_secret'); } if (!($client = $this->clientRepository->find($clientId, $clientSecret, $this->getIdentifier()))) { throw new InvalidClient(); } $scopes = $this->scopeService->findValid($request->get('scope')); // // $accessToken = $this->accessTokenRepository->create(SecureKey::generate(), $this->config->getAccessTokenTtl() + time(), $oauthable->getId(), $oauthable->getType(), $client->getId(), array_keys($scopes)); // ToDo: Do we do refresh tokens for this grant type? $this->accessTokenRepository->persist($accessToken); $tokenStrategy = $this->config->getTokenStrategy(); $tokenStrategy->setParam('access_token', $accessToken->getId()); $tokenStrategy->setParam('expires_in', $this->config->getAccessTokenTtl()); return $tokenStrategy->generateResponse(); }
/** * @param \Symfony\Component\HttpFoundation\Request $request * @param int $grantTypeFlow * @param \Atrauzzi\Oauth2Server\Domain\Entity\Oauthable $oauthable * @return mixed * @throws \Atrauzzi\Oauth2Server\Exception\InvalidClient * @throws \Atrauzzi\Oauth2Server\Exception\InvalidCredentials * @throws \Atrauzzi\Oauth2Server\Exception\InvalidRequest * @throws \Atrauzzi\Oauth2Server\Exception\InvalidScope * @throws \Atrauzzi\Oauth2Server\Exception\ServerError */ public function doFlow(Request $request, $grantTypeFlow, Oauthable $oauthable = null) { if (!$oauthable instanceof Oauthable) { throw new InvalidCredentials(); } if ($clientId = $request->get('client_id', $request->getUser())) { throw new InvalidRequest('client_id'); } if ($clientSecret = $request->get('client_secret', $request->getPassword())) { throw new InvalidRequest('client_secret'); } if (!($client = $this->clientRepository->find($clientId, $clientSecret, $this->getIdentifier()))) { throw new InvalidClient(); } if (!($username = $request->get('username'))) { throw new InvalidRequest('username'); } if ($password = $request->get('password')) { throw new InvalidRequest('password'); } // // $scopes = $this->scopeService->findValid($request->get('scopes'), $this->getIdentifier(), $client->getId()); $accessToken = $this->accessTokenRepository->create(SecureKey::generate(), $this->config->getAccessTokenTtl() + time(), $oauthable->getId(), $oauthable->getType(), $client->getId(), array_keys($scopes)); $tokenStrategy = $this->config->getTokenStrategy(); if ($this->config->hasGrantType('refresh_token')) { $refreshToken = $this->refreshTokenRepository->create(SecureKey::generate(), $this->config->getRefreshTokenTtl() + time(), $oauthable->getId(), $oauthable->getType(), $client->getId(), array_keys($scopes)); $this->refreshTokenRepository->persist($refreshToken); $accessToken->setRefreshTokenId($refreshToken->getId()); $tokenStrategy->setParam('refresh_token', $refreshToken->getId()); } $this->accessTokenRepository->persist($accessToken); $tokenStrategy->setParam('access_token', $accessToken->getId()); $tokenStrategy->setParam('expires_in', $this->config->getAccessTokenTtl()); return $tokenStrategy->generateResponse(); }
/** * Get the credential array for a HTTP Basic request. * * @param \Symfony\Component\HttpFoundation\Request $request * @param string $field * @return array */ protected function getBasicCredentials(Request $request, $field) { return array($field => $request->getUser(), 'password' => $request->getPassword()); }
/** * @param Request $request * * @return boolean */ public function supportRequestToken(Request $request) { $clientExist = $request->getUser() && $request->getPassword(); $oauthParams = $request->get('grant_type') === 'client_credentials'; return $oauthParams && $clientExist; }
/** * Exchange an oauth code for an access and optionally a refresh token. * * @param \Symfony\Component\HttpFoundation\Request $request * @return array * @throws \Atrauzzi\Oauth2Server\Exception\InvalidClient * @throws \Atrauzzi\Oauth2Server\Exception\InvalidRequest */ protected function doExchangeFlow(Request $request) { if (!($clientId = $request->get('client_id', $request->getUser()))) { throw new InvalidRequest('client_id'); } if (!($clientSecret = $request->get('client_secret', $request->getPassword()))) { throw new InvalidRequest('client_secret'); } if (!($redirectUri = $request->request->get('redirect_uri', null))) { throw new InvalidRequest('redirect_uri'); } $client = $this->clientRepository->find($clientId, $clientSecret, $this->getIdentifier(), $redirectUri); if (!$client instanceof Client) { throw new InvalidClient(); } $authCode = $this->authorizationCodeRepository->find($request->get('code')); if (!$authCode instanceof AuthorizationCodeEntity) { throw new InvalidRequest('code'); } if ($authCode->isExpired()) { throw new InvalidRequest('code'); } if ($authCode->getRedirectUri() != $redirectUri) { throw new InvalidRequest('redirect_uri'); } // // $ttl = $this->config->getAccessTokenTtl(); $accessToken = $this->accessTokenRepository->create(SecureKey::generate(), $ttl + time(), $authCode->getOauthableId(), $authCode->getOauthableType(), $authCode->getClientId(), $authCode->getScopeNames()); $this->authorizationCodeRepository->delete($authCode); unset($authCode); $tokenStrategy = $this->config->getTokenStrategy(); if ($this->config->hasGrantType('refresh_token')) { $refreshToken = $this->refreshTokenRepository->create(SecureKey::generate(), $this->config->getRefreshTokenTtl() + time(), $accessToken->getOauthableId(), $accessToken->getOauthableType(), $accessToken->getClientId(), $accessToken->getScopeNames()); $this->refreshTokenRepository->persist($refreshToken); $accessToken->setRefreshTokenId($refreshToken->getId()); $tokenStrategy->setParam('refresh_token', $refreshToken->getId()); } $this->accessTokenRepository->persist($accessToken); $tokenStrategy->setParam('access_token', $accessToken->getId()); $tokenStrategy->setParam('expires_in', $ttl); return $tokenStrategy->generateResponse(); }
/** * @param Request $request * * @return boolean */ public function supportRequestToken(Request $request) { $clientExist = $request->getUser() && $request->getPassword(); $oauthParams = $request->get('grant_type') === 'password' && $request->headers->get('username') && $request->headers->get('password'); return $oauthParams && $clientExist; }
/** * Authenticates a user by basic authentication * * @param Request $request * @return Session|null */ private function authBasic(Request $request) { $user = $this->findUser($request->getUser()); if ($user !== null && $this->verifyUser($user, $request->getPassword())) { $session = $this->findSession($user); if ($session === null) { $session = $this->createSession($user); } $this->authenticated = true; return $session; } return null; }
/** * @param Request $request * * @return boolean */ public function supportRequestToken(Request $request) { $client = $request->getUser() && $request->getPassword(); $token = 'refresh_token' == $request->get('grant_type') && $request->get('refresh_token'); return $client && $token; }