|
1
|
|
|
<?php |
|
2
|
|
|
/** |
|
3
|
|
|
* This file is part of the login-cidadao project or it's bundles. |
|
4
|
|
|
* |
|
5
|
|
|
* (c) Guilherme Donato <guilhermednt on github> |
|
6
|
|
|
* |
|
7
|
|
|
* For the full copyright and license information, please view the LICENSE |
|
8
|
|
|
* file that was distributed with this source code. |
|
9
|
|
|
*/ |
|
10
|
|
|
|
|
11
|
|
|
namespace LoginCidadao\OpenIDBundle\Storage; |
|
12
|
|
|
|
|
13
|
|
|
use Doctrine\ORM\EntityManagerInterface; |
|
14
|
|
|
use LoginCidadao\OAuthBundle\Entity\ClientRepository; |
|
15
|
|
|
use LoginCidadao\OAuthBundle\Model\ClientInterface; |
|
16
|
|
|
use LoginCidadao\RemoteClaimsBundle\Entity\RemoteClaim; |
|
17
|
|
|
use LoginCidadao\RemoteClaimsBundle\Entity\RemoteClaimRepository; |
|
18
|
|
|
use LoginCidadao\RemoteClaimsBundle\Model\RemoteClaimInterface; |
|
19
|
|
|
use OAuth2\ServerBundle\Storage\ClientCredentials as BaseClass; |
|
20
|
|
|
|
|
21
|
9 |
|
class ClientCredentials extends BaseClass |
|
22
|
|
|
{ |
|
23
|
9 |
|
private $em; |
|
24
|
9 |
|
|
|
25
|
|
|
public function __construct(EntityManagerInterface $EntityManager) |
|
|
|
|
|
|
26
|
|
|
{ |
|
27
|
|
|
$this->em = $EntityManager; |
|
|
|
|
|
|
28
|
|
|
} |
|
29
|
|
|
|
|
30
|
|
|
/** |
|
31
|
|
|
* Make sure that the client credentials is valid. |
|
32
|
|
|
* |
|
33
|
|
|
* @param $client_id |
|
34
|
|
|
* Client identifier to be check with. |
|
35
|
|
|
* @param $client_secret |
|
36
|
|
|
* (optional) If a secret is required, check that they've given the right one. |
|
37
|
|
|
* |
|
38
|
|
|
* @return TRUE if the client credentials are valid, and MUST return FALSE if it isn't. |
|
|
|
|
|
|
39
|
|
|
* @endcode |
|
40
|
|
|
* |
|
41
|
3 |
|
* @see http://tools.ietf.org/html/rfc6749#section-3.1 |
|
42
|
|
|
* |
|
43
|
3 |
|
* @ingroup oauth2_section_3 |
|
44
|
|
|
*/ |
|
45
|
|
|
public function checkClientCredentials($client_id, $client_secret = null) |
|
|
|
|
|
|
46
|
3 |
|
{ |
|
47
|
2 |
|
$client = $this->getClient($client_id); |
|
|
|
|
|
|
48
|
|
|
|
|
49
|
|
|
// If client exists check secret |
|
50
|
1 |
|
if ($client) { |
|
51
|
|
|
return $client->getClientSecret() === $client_secret; |
|
|
|
|
|
|
52
|
|
|
} |
|
53
|
|
|
|
|
54
|
|
|
return false; |
|
55
|
|
|
} |
|
56
|
|
|
|
|
57
|
|
|
/** |
|
58
|
|
|
* Get client details corresponding client_id. |
|
59
|
|
|
* |
|
60
|
|
|
* OAuth says we should store request URIs for each registered client. |
|
61
|
|
|
* Implement this function to grab the stored URI for a given client id. |
|
62
|
|
|
* |
|
63
|
|
|
* @param $client_id |
|
64
|
|
|
* Client identifier to be check with. |
|
65
|
|
|
* |
|
66
|
|
|
* @return array |
|
|
|
|
|
|
67
|
|
|
* Client details. The only mandatory key in the array is "redirect_uri". |
|
68
|
|
|
* This function MUST return FALSE if the given client does not exist or is |
|
69
|
|
|
* invalid. "redirect_uri" can be space-delimited to allow for multiple valid uris. |
|
70
|
|
|
* @code |
|
71
|
|
|
* return array( |
|
72
|
|
|
* "redirect_uri" => REDIRECT_URI, // REQUIRED redirect_uri registered for the client |
|
73
|
|
|
* "client_id" => CLIENT_ID, // OPTIONAL the client id |
|
74
|
|
|
* "grant_types" => GRANT_TYPES, // OPTIONAL an array of restricted grant types |
|
75
|
|
|
* ); |
|
76
|
2 |
|
* @endcode |
|
77
|
|
|
* |
|
78
|
2 |
|
* @ingroup oauth2_section_4 |
|
79
|
|
|
*/ |
|
80
|
2 |
|
public function getClientDetails($client_id) |
|
|
|
|
|
|
81
|
1 |
|
{ |
|
82
|
|
|
$client = $this->getClient($client_id); |
|
|
|
|
|
|
83
|
|
|
|
|
84
|
|
|
if (!$client) { |
|
85
|
1 |
|
return false; |
|
86
|
1 |
|
} |
|
87
|
1 |
|
|
|
88
|
|
|
return [ |
|
89
|
|
|
'redirect_uri' => implode(' ', $client->getRedirectUris()), |
|
90
|
|
|
'client_id' => $client->getPublicId(), |
|
91
|
|
|
'grant_types' => $client->getAllowedGrantTypes(), |
|
92
|
|
|
]; |
|
93
|
|
|
} |
|
94
|
|
|
|
|
95
|
|
|
/** |
|
96
|
|
|
* Determine if the client is a "public" client, and therefore |
|
97
|
|
|
* does not require passing credentials for certain grant types |
|
98
|
|
|
* |
|
99
|
|
|
* @param $client_id |
|
100
|
|
|
* Client identifier to be check with. |
|
101
|
|
|
* |
|
102
|
|
|
* @return TRUE if the client is public, and FALSE if it isn't. |
|
|
|
|
|
|
103
|
|
|
* @endcode |
|
104
|
|
|
* |
|
105
|
|
|
* @see http://tools.ietf.org/html/rfc6749#section-2.3 |
|
106
|
2 |
|
* @see https://github.com/bshaffer/oauth2-server-php/issues/257 |
|
107
|
|
|
* |
|
108
|
2 |
|
* @ingroup oauth2_section_2 |
|
109
|
|
|
*/ |
|
110
|
2 |
|
public function isPublicClient($client_id) |
|
|
|
|
|
|
111
|
1 |
|
{ |
|
112
|
|
|
$client = $this->getClient($client_id); |
|
|
|
|
|
|
113
|
|
|
|
|
114
|
1 |
|
if (!$client) { |
|
115
|
|
|
return false; |
|
116
|
1 |
|
} |
|
117
|
|
|
|
|
118
|
|
|
$secret = $client->getClientSecret(); |
|
119
|
|
|
|
|
120
|
|
|
return empty($secret); |
|
121
|
|
|
} |
|
122
|
|
|
|
|
123
|
|
|
/** |
|
124
|
2 |
|
* Get the scope associated with this client |
|
125
|
|
|
* |
|
126
|
2 |
|
* @return string the space-delineated scope list for the specified client_id |
|
|
|
|
|
|
127
|
|
|
*/ |
|
128
|
2 |
|
public function getClientScope($client_id) |
|
|
|
|
|
|
129
|
1 |
|
{ |
|
130
|
|
|
$client = $this->getClient($client_id); |
|
|
|
|
|
|
131
|
|
|
|
|
132
|
1 |
|
if (!$client instanceof ClientInterface) { |
|
133
|
|
|
return false; |
|
134
|
|
|
} |
|
135
|
|
|
|
|
136
|
|
|
/* |
|
137
|
|
|
* TODO: performance issue: if there are too many Remote Claims listing all of them might be an issue |
|
138
|
|
|
* To solve that we could add a listener to an Authorization event that would add the current Client into a list |
|
139
|
9 |
|
* users, then the |
|
140
|
|
|
*/ |
|
141
|
9 |
|
$remoteClaims = $this->getRemoteClaimsTags($this->getAllRemoteClaims()); |
|
142
|
9 |
|
$allowedScopes = array_merge($client->getAllowedScopes(), $remoteClaims); |
|
143
|
7 |
|
|
|
144
|
7 |
|
return implode(' ', $allowedScopes); |
|
145
|
7 |
|
} |
|
146
|
|
|
|
|
147
|
|
|
/** |
|
148
|
9 |
|
* @param $client_id mixed |
|
149
|
|
|
* @return null|ClientInterface |
|
150
|
9 |
|
*/ |
|
151
|
7 |
|
private function getClient($client_id) |
|
|
|
|
|
|
152
|
7 |
|
{ |
|
153
|
7 |
|
$randomId = null; |
|
154
|
|
|
if (strstr($client_id, '_') !== false) { |
|
|
|
|
|
|
155
|
|
|
$parts = explode('_', $client_id); |
|
|
|
|
|
|
156
|
2 |
|
$client_id = $parts[0]; |
|
|
|
|
|
|
157
|
|
|
$randomId = $parts[1]; |
|
158
|
|
|
} |
|
159
|
9 |
|
|
|
160
|
|
|
/** @var ClientRepository $repo */ |
|
161
|
|
|
$repo = $this->em->getRepository('LoginCidadaoOAuthBundle:Client'); |
|
162
|
|
|
|
|
163
|
|
|
if ($randomId) { |
|
164
|
|
|
/** @var ClientInterface $client */ |
|
165
|
|
|
$client = $repo->findOneBy([ |
|
166
|
|
|
'id' => $client_id, |
|
|
|
|
|
|
167
|
|
|
'randomId' => $randomId, |
|
168
|
|
|
]); |
|
169
|
|
|
} else { |
|
170
|
|
|
/** @var ClientInterface $client */ |
|
171
|
|
|
$client = $repo->find($client_id); |
|
|
|
|
|
|
172
|
|
|
} |
|
173
|
|
|
|
|
174
|
|
|
return $client; |
|
175
|
|
|
} |
|
176
|
|
|
|
|
177
|
|
|
/** |
|
178
|
|
|
* @param ClientInterface $client |
|
179
|
|
|
* @return array|RemoteClaimInterface[] |
|
180
|
|
|
*/ |
|
181
|
|
|
private function getRemoteClaims(ClientInterface $client) |
|
|
|
|
|
|
182
|
|
|
{ |
|
183
|
|
|
/** @var RemoteClaimRepository $repo */ |
|
184
|
|
|
$repo = $this->em->getRepository('LoginCidadaoRemoteClaimsBundle:RemoteClaim'); |
|
185
|
|
|
|
|
186
|
|
|
$remoteClaims = $repo->findByClient($client); |
|
187
|
|
|
|
|
188
|
|
|
return $remoteClaims; |
|
189
|
|
|
} |
|
190
|
|
|
|
|
191
|
|
|
/** |
|
192
|
|
|
* @return array|RemoteClaimInterface[] |
|
193
|
|
|
*/ |
|
194
|
|
|
private function getAllRemoteClaims() |
|
195
|
|
|
{ |
|
196
|
|
|
/** @var RemoteClaimRepository $repo */ |
|
197
|
|
|
$repo = $this->em->getRepository('LoginCidadaoRemoteClaimsBundle:RemoteClaim'); |
|
198
|
|
|
|
|
199
|
|
|
$remoteClaims = $repo->findAll(); |
|
200
|
|
|
|
|
201
|
|
|
return $remoteClaims; |
|
202
|
|
|
} |
|
203
|
|
|
|
|
204
|
|
|
private function getRemoteClaimsTags(array $remoteClaims) |
|
205
|
|
|
{ |
|
206
|
|
|
if (count($remoteClaims) > 0) { |
|
207
|
|
|
return array_map(function (RemoteClaimInterface $claim) { |
|
208
|
|
|
return $claim->getName(); |
|
209
|
|
|
}, $remoteClaims); |
|
210
|
|
|
} |
|
211
|
|
|
|
|
212
|
|
|
return []; |
|
213
|
|
|
} |
|
214
|
|
|
} |
|
215
|
|
|
|
PROCERGS /
login-cidadao
Loading history...
This check examines a number of code elements and verifies that they conform to the given naming conventions.
You can set conventions for local variables, abstract classes, utility classes, constant, properties, methods, parameters, interfaces, classes, exceptions and special methods.