|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace AdvancedLearning\Oauth2Server\Controllers; |
|
4
|
|
|
|
|
5
|
|
|
use AdvancedLearning\Oauth2Server\AuthorizationServer\Generator; |
|
6
|
|
|
use Exception; |
|
7
|
|
|
use GuzzleHttp\Psr7\Response; |
|
8
|
|
|
use League\OAuth2\Server\Exception\OAuthServerException; |
|
9
|
|
|
use Psr\Http\Message\ResponseInterface; |
|
10
|
|
|
use Robbie\Psr7\HttpRequestAdapter; |
|
11
|
|
|
use Robbie\Psr7\HttpResponseAdapter; |
|
12
|
|
|
use SilverStripe\Control\Controller; |
|
13
|
|
|
use SilverStripe\Control\HTTP; |
|
14
|
|
|
use SilverStripe\Control\HTTPResponse; |
|
15
|
|
|
|
|
16
|
|
|
class AuthoriseController extends Controller |
|
17
|
|
|
{ |
|
18
|
|
|
/** |
|
19
|
|
|
* @var Generator |
|
20
|
|
|
*/ |
|
21
|
|
|
protected $serverGenerator; |
|
22
|
|
|
|
|
23
|
|
|
/** |
|
24
|
|
|
* AuthoriseController constructor. If no Authorization Service is passed a default one is created. |
|
25
|
|
|
* |
|
26
|
|
|
* @param Generator $serverGenerator |
|
27
|
|
|
*/ |
|
28
|
|
|
public function __construct(Generator $serverGenerator) |
|
29
|
|
|
{ |
|
30
|
|
|
$this->serverGenerator = $serverGenerator; |
|
31
|
|
|
parent::__construct(); |
|
32
|
|
|
} |
|
33
|
|
|
|
|
34
|
|
|
/** |
|
35
|
|
|
* Handles authorisation. |
|
36
|
|
|
* |
|
37
|
|
|
* @return HTTPResponse |
|
38
|
|
|
*/ |
|
39
|
|
|
public function index(): HTTPResponse |
|
40
|
|
|
{ |
|
41
|
|
|
$body = null; |
|
|
|
|
|
|
42
|
|
|
$contentType = $this->getRequest()->getHeader('Content-Type'); |
|
43
|
|
|
|
|
44
|
|
|
if ($contentType === 'application/json') { |
|
45
|
|
|
$body = json_decode($this->getRequest()->getBody(), true); |
|
46
|
|
|
} else { |
|
47
|
|
|
$body = $this->getRequest()->postVars(); |
|
48
|
|
|
} |
|
49
|
|
|
|
|
50
|
|
|
if (empty($body)) { |
|
51
|
|
|
return $this->getErrorResponse( |
|
52
|
|
|
'No parameters could be found in request body. Did you correctly set the Content-Type header?', |
|
53
|
|
|
500 |
|
54
|
|
|
); |
|
55
|
|
|
} |
|
56
|
|
|
|
|
57
|
|
|
// request needs parsed body |
|
58
|
|
|
$psrRequest = (new HttpRequestAdapter())->toPsr7($this->getRequest()) |
|
59
|
|
|
->withParsedBody($body); |
|
60
|
|
|
$psrResponse = new Response(); |
|
61
|
|
|
|
|
62
|
|
|
$authServer = $this->serverGenerator->getServer(); |
|
63
|
|
|
|
|
64
|
|
|
try { |
|
65
|
|
|
return (new HttpResponseAdapter()) |
|
66
|
|
|
->fromPsr7($authServer->respondToAccessTokenRequest($psrRequest, $psrResponse)); |
|
67
|
|
|
} catch (OAuthServerException $e) { |
|
68
|
|
|
return $this->convertResponse($e->generateHttpResponse(new Response())); |
|
69
|
|
|
} catch (Exception $e) { |
|
70
|
|
|
return $this->getErrorResponse($e->getMessage()); |
|
71
|
|
|
} |
|
72
|
|
|
} |
|
73
|
|
|
|
|
74
|
|
|
protected function getErrorResponse($message, $responseCode = 500) |
|
75
|
|
|
{ |
|
76
|
|
|
$response = (new OAuthServerException($message, 100, 'server_error', $responseCode)) |
|
77
|
|
|
->generateHttpResponse(new Response()); |
|
78
|
|
|
|
|
79
|
|
|
return $this->convertResponse($response); |
|
80
|
|
|
} |
|
81
|
|
|
|
|
82
|
|
|
protected function convertResponse(ResponseInterface $response) |
|
83
|
|
|
{ |
|
84
|
|
|
return (new HttpResponseAdapter())->fromPsr7($response); |
|
85
|
|
|
} |
|
86
|
|
|
} |
|
87
|
|
|
|
advanced-learning /
silverstripe-oauth2-server
This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently.
Both the
$myVarassignment in line 1 and the$higherassignment in line 2 are dead. The first because$myVaris never used and the second because$higheris always overwritten for every possible time line.