1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
namespace AdvancedLearning\Oauth2Server\Controllers; |
4
|
|
|
|
5
|
|
|
use AdvancedLearning\Oauth2Server\AuthorizationServer\Generator; |
6
|
|
|
use Exception; |
7
|
|
|
use GuzzleHttp\Psr7\Response; |
8
|
|
|
use League\OAuth2\Server\Exception\OAuthServerException; |
9
|
|
|
use Psr\Http\Message\ResponseInterface; |
10
|
|
|
use Robbie\Psr7\HttpRequestAdapter; |
11
|
|
|
use Robbie\Psr7\HttpResponseAdapter; |
12
|
|
|
use SilverStripe\Control\Controller; |
13
|
|
|
use SilverStripe\Control\HTTP; |
14
|
|
|
use SilverStripe\Control\HTTPResponse; |
15
|
|
|
|
16
|
|
|
class AuthoriseController extends Controller |
17
|
|
|
{ |
18
|
|
|
/** |
19
|
|
|
* @var Generator |
20
|
|
|
*/ |
21
|
|
|
protected $serverGenerator; |
22
|
|
|
|
23
|
|
|
/** |
24
|
|
|
* AuthoriseController constructor. If no Authorization Service is passed a default one is created. |
25
|
|
|
* |
26
|
|
|
* @param Generator $serverGenerator |
27
|
|
|
*/ |
28
|
|
|
public function __construct(Generator $serverGenerator) |
29
|
|
|
{ |
30
|
|
|
$this->serverGenerator = $serverGenerator; |
31
|
|
|
parent::__construct(); |
32
|
|
|
} |
33
|
|
|
|
34
|
|
|
/** |
35
|
|
|
* Handles authorisation. |
36
|
|
|
* |
37
|
|
|
* @return HTTPResponse |
38
|
|
|
*/ |
39
|
|
|
public function index(): HTTPResponse |
40
|
|
|
{ |
41
|
|
|
$body = null; |
|
|
|
|
42
|
|
|
|
43
|
|
|
if ($this->getRequest()->getHeader('Content-Type') === 'application/json') { |
44
|
|
|
$body = json_decode($this->getRequest()->getBody(), true); |
45
|
|
|
} else { |
46
|
|
|
$body = $this->getRequest()->postVars(); |
47
|
|
|
} |
48
|
|
|
|
49
|
|
|
if (empty($body)) { |
50
|
|
|
return $this->jsonResponse(['error' => 'No parameters could be found in request body'], 500); |
|
|
|
|
51
|
|
|
} |
52
|
|
|
|
53
|
|
|
// request needs parsed body |
54
|
|
|
$psrRequest = (new HttpRequestAdapter())->toPsr7($this->getRequest()) |
55
|
|
|
->withParsedBody($body); |
56
|
|
|
$psrResponse = new Response(); |
57
|
|
|
|
58
|
|
|
$authServer = $this->serverGenerator->getServer(); |
59
|
|
|
|
60
|
|
|
try { |
61
|
|
|
return (new HttpResponseAdapter()) |
62
|
|
|
->fromPsr7($authServer->respondToAccessTokenRequest($psrRequest, $psrResponse)); |
63
|
|
|
} catch (OAuthServerException $e) { |
64
|
|
|
return $this->convertResponse($e->generateHttpResponse(new Response())); |
65
|
|
|
} catch (Exception $e) { |
66
|
|
|
return $this->getErrorResponse($e->getMessage()); |
67
|
|
|
} |
68
|
|
|
} |
69
|
|
|
|
70
|
|
|
protected function getErrorResponse($message, $responseCode = 500) |
71
|
|
|
{ |
72
|
|
|
$response = (new OAuthServerException($message, 100, 'server_error', $responseCode)) |
73
|
|
|
->generateHttpResponse(new Response()); |
74
|
|
|
|
75
|
|
|
return $this->convertResponse($response); |
76
|
|
|
} |
77
|
|
|
|
78
|
|
|
protected function convertResponse(ResponseInterface $response) |
79
|
|
|
{ |
80
|
|
|
return (new HttpResponseAdapter())->fromPsr7($response); |
81
|
|
|
} |
82
|
|
|
} |
83
|
|
|
|
This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently.
Both the
$myVar
assignment in line 1 and the$higher
assignment in line 2 are dead. The first because$myVar
is never used and the second because$higher
is always overwritten for every possible time line.