1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
declare(strict_types=1); |
4
|
|
|
|
5
|
|
|
/* |
6
|
|
|
* The MIT License (MIT) |
7
|
|
|
* |
8
|
|
|
* Copyright (c) 2014-2018 Spomky-Labs |
9
|
|
|
* |
10
|
|
|
* This software may be modified and distributed under the terms |
11
|
|
|
* of the MIT license. See the LICENSE file for details. |
12
|
|
|
*/ |
13
|
|
|
|
14
|
|
|
namespace OAuth2Framework\Component\AuthorizationEndpoint; |
15
|
|
|
|
16
|
|
|
use Http\Message\MessageFactory; |
17
|
|
|
use OAuth2Framework\Component\AuthorizationEndpoint\AuthorizationRequest\AuthorizationRequest; |
18
|
|
|
use OAuth2Framework\Component\Core\Message\OAuth2Error; |
19
|
|
|
use Psr\Http\Message\ResponseInterface; |
20
|
|
|
use Psr\Http\Message\ServerRequestInterface; |
21
|
|
|
use Psr\Http\Server\RequestHandlerInterface; |
22
|
|
|
use Symfony\Component\HttpFoundation\Session\SessionInterface; |
23
|
|
|
use Symfony\Component\Routing\RouterInterface; |
24
|
|
|
|
25
|
|
|
abstract class LoginEndpoint extends AbstractEndpoint |
26
|
|
|
{ |
27
|
|
|
private $router; |
28
|
|
|
|
29
|
|
|
public function __construct(MessageFactory $messageFactory, SessionInterface $session, RouterInterface $router) |
30
|
|
|
{ |
31
|
|
|
parent::__construct($messageFactory, $session); |
32
|
|
|
$this->router = $router; |
33
|
|
|
} |
34
|
|
|
|
35
|
|
|
public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface |
36
|
|
|
{ |
37
|
|
|
try { |
38
|
|
|
$authorizationId = $this->getAuthorizationId($request); |
39
|
|
|
$authorization = $this->getAuthorization($authorizationId); |
40
|
|
|
if ($this->processLogin($authorization)) { |
41
|
|
|
switch (true) { |
42
|
|
|
case $authorization->hasPrompt('select_account'): |
43
|
|
|
$routeName = 'authorization_select_account_endpoint'; |
44
|
|
|
break; |
45
|
|
|
case $authorization->hasPrompt('consent'): |
46
|
|
|
default: |
47
|
|
|
$routeName = 'authorization_consent_endpoint'; |
48
|
|
|
break; |
49
|
|
|
} |
50
|
|
|
$redirectTo = $this->router->generate($routeName, ['authorization_id' => $authorizationId]); |
51
|
|
|
|
52
|
|
|
return $this->createRedirectResponse($redirectTo); |
53
|
|
|
} |
54
|
|
|
|
55
|
|
|
throw $this->buildOAuth2Error($authorization, OAuth2Error::ERROR_LOGIN_REQUIRED, 'The resource owner is not logged in.'); |
56
|
|
|
} catch (OAuth2Error $e) { |
57
|
|
|
throw $e; |
58
|
|
|
} catch (\Exception $e) { |
59
|
|
|
throw new OAuth2Error(400, OAuth2Error::ERROR_INVALID_REQUEST, null); |
60
|
|
|
} |
61
|
|
|
} |
62
|
|
|
|
63
|
|
|
private function getAuthorizationId(ServerRequestInterface $request): string |
64
|
|
|
{ |
65
|
|
|
$authorizationId = $request->getAttribute('authorization_id'); |
66
|
|
|
if (null === $authorizationId) { |
67
|
|
|
throw new \InvalidArgumentException('Invalid authorization ID.'); |
68
|
|
|
} |
69
|
|
|
|
70
|
|
|
return $authorizationId; |
71
|
|
|
} |
72
|
|
|
|
73
|
|
|
abstract protected function processLogin(AuthorizationRequest $authorizationRequest): bool; |
74
|
|
|
} |
75
|
|
|
|