public function testCanHandleRevocationRequest()
{
$request = $this->getMock(RequestInterface::class);
$response = $this->getMock(ResponseInterface::class);
$this->authorizationServer->expects($this->once())->method('handleRevocationRequest')->with($request)->willReturn($this->getMock(ResponseInterface::class));
$this->authorizationMiddleware->handleRevocationRequest($request, $response);
}
public function testCanHandleRevocationRequest()
{
$request = $this->createMock(RequestInterface::class);
$response = $this->createMock(ResponseInterface::class);
$next = function () {
};
$this->authorizationServer->expects($this->once())->method('handleRevocationRequest')->with($request)->willReturn($this->createMock(ResponseInterface::class));
$middleware = $this->middleware;
$middleware($request, $response, $next);
}
/**
* {@inheritDoc}
* @throws OAuth2Exception
*/
public function createTokenResponse(ServerRequestInterface $request, Client $client = null, TokenOwnerInterface $owner = null) : ResponseInterface
{
$postParams = $request->getParsedBody();
$code = $postParams['code'] ?? null;
if (null === $code) {
throw OAuth2Exception::invalidRequest('Could not find the authorization code in the request');
}
/* @var \ZfrOAuth2\Server\Model\AuthorizationCode $authorizationCode */
$authorizationCode = $this->authorizationCodeService->getToken($code);
if (null === $authorizationCode || $authorizationCode->isExpired()) {
throw OAuth2Exception::invalidGrant('Authorization code cannot be found or is expired');
}
$clientId = $postParams['client_id'] ?? null;
if ($authorizationCode->getClient()->getId() !== $clientId) {
throw OAuth2Exception::invalidRequest('Authorization code\'s client does not match with the one that created the authorization code');
}
// If owner is null, we reuse the same as the authorization code
$owner = $owner ?: $authorizationCode->getOwner();
// Everything is okey, let's start the token generation!
$scopes = $authorizationCode->getScopes();
// reuse the scopes from the authorization code
$accessToken = $this->accessTokenService->createToken($owner, $client, $scopes);
// Before generating a refresh token, we must make sure the authorization server supports this grant
$refreshToken = null;
if ($this->authorizationServer->hasGrant(RefreshTokenGrant::GRANT_TYPE)) {
$refreshToken = $this->refreshTokenService->createToken($owner, $client, $scopes);
}
return $this->prepareTokenResponse($accessToken, $refreshToken);
}
/**
* @throws OAuth2Exception
*/
public function createTokenResponse(ServerRequestInterface $request, Client $client = null, TokenOwnerInterface $owner = null) : ResponseInterface
{
$postParams = $request->getParsedBody();
// Validate the user using its username and password
$username = $postParams['username'] ?? null;
$password = $postParams['password'] ?? null;
$scope = $postParams['scope'] ?? null;
if (null === $username || null == $password) {
throw OAuth2Exception::invalidRequest('Username and/or password is missing');
}
$callback = $this->callback;
$owner = $callback($username, $password);
if (!$owner instanceof TokenOwnerInterface) {
throw OAuth2Exception::accessDenied('Either username or password are incorrect');
}
// Everything is okay, we can start tokens generation!
$accessToken = $this->accessTokenService->createToken($owner, $client, $scope);
// Before generating a refresh token, we must make sure the authorization server supports this grant
$refreshToken = null;
if ($this->authorizationServer->hasGrant(RefreshTokenGrant::GRANT_TYPE)) {
$refreshToken = $this->refreshTokenService->createToken($owner, $client, $scope);
}
return $this->prepareTokenResponse($accessToken, $refreshToken);
}
/**
* Revoke a given token
*
* @param Request $request
* @param Response $response
* @param callable|null $next
* @return Response
*/
public function handleRevocationRequest(Request $request, Response $response, callable $next = null) : ResponseInterface
{
return $this->authorizationServer->handleRevocationRequest($request);
}
public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next) : ResponseInterface
{
return $this->authorizationServer->handleAuthorizationRequest($request);
}
