1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
namespace AdvancedLearning\Oauth2Server\Middleware; |
4
|
|
|
|
5
|
|
|
use AdvancedLearning\Oauth2Server\Exceptions\AuthenticationException; |
6
|
|
|
use AdvancedLearning\Oauth2Server\Services\Authenticator; |
7
|
|
|
use SilverStripe\Control\Director; |
8
|
|
|
use SilverStripe\Control\HTTPRequest; |
9
|
|
|
use SilverStripe\Control\HTTPResponse; |
10
|
|
|
use SilverStripe\Control\Middleware\HTTPMiddleware; |
11
|
|
|
use SilverStripe\Core\Application; |
12
|
|
|
use SilverStripe\Core\Injector\Injector; |
13
|
|
|
use SilverStripe\ORM\Connect\DatabaseException; |
14
|
|
|
use SilverStripe\ORM\DB; |
15
|
|
|
use SilverStripe\Security\Member; |
16
|
|
|
use SilverStripe\Security\Security; |
17
|
|
|
|
18
|
|
|
/** |
19
|
|
|
* Class ResourceServerMiddleware. |
20
|
|
|
* |
21
|
|
|
* Replacement for @see \League\OAuth2\Server\Middleware\ResourceServerMiddleware |
22
|
|
|
* to make it compatible with SilverStripe. |
23
|
|
|
* |
24
|
|
|
* @package AdvancedLearning\Oauth2Server\Middleware |
25
|
|
|
*/ |
26
|
|
|
class AuthenticationMiddleware implements HTTPMiddleware |
27
|
|
|
{ |
28
|
|
|
/** |
29
|
|
|
* @var Application |
30
|
|
|
*/ |
31
|
|
|
protected $application = null; |
32
|
|
|
|
33
|
|
|
/** |
34
|
|
|
* @var Authenticator |
35
|
|
|
*/ |
36
|
|
|
protected $authenticator; |
37
|
|
|
|
38
|
|
|
/** |
39
|
|
|
* Build error control chain for an application |
40
|
|
|
* |
41
|
|
|
* @param Application $application The SilverStripe Application. |
|
|
|
|
42
|
|
|
*/ |
43
|
|
|
public function __construct() |
44
|
|
|
{ |
45
|
|
|
$this->authenticator = Injector::inst()->get(Authenticator::class); |
46
|
|
|
} |
47
|
|
|
|
48
|
|
|
/** |
49
|
|
|
* Process the middleware. |
50
|
|
|
* |
51
|
|
|
* @param HTTPRequest $request The incoming request. |
52
|
|
|
* @param callable $next The next middleware. |
53
|
|
|
* |
54
|
|
|
* @return HTTPResponse |
55
|
|
|
*/ |
56
|
|
|
public function process(HTTPRequest $request, callable $next) |
57
|
|
|
{ |
58
|
|
|
// don't authenticate if being run from command line |
59
|
|
|
if (Director::is_cli()) { |
60
|
|
|
return $next($request); |
61
|
|
|
} |
62
|
|
|
|
63
|
|
|
try { |
64
|
|
|
$request = $this->authenticator->authenticate($request); |
65
|
|
|
|
66
|
|
|
// set the current user |
67
|
|
|
if ($userID = $request->getHeader('oauth_user_id')) { |
68
|
|
|
Security::setCurrentUser(Member::get()->byID($userID)); |
|
|
|
|
69
|
|
|
} |
70
|
|
|
} catch (AuthenticationException $exception) { |
71
|
|
|
// for middleware do nothing |
72
|
|
|
} catch (DatabaseException $exception) { |
73
|
|
|
// db not ready, ignore |
74
|
|
|
} |
75
|
|
|
|
76
|
|
|
// Pass the request on to the next responder in the chain |
77
|
|
|
return $next($request); |
78
|
|
|
} |
79
|
|
|
} |
80
|
|
|
|
This check looks for PHPDoc comments describing methods or function parameters that do not exist on the corresponding method or function.
Consider the following example. The parameter
$italy
is not defined by the methodfinale(...)
.The most likely cause is that the parameter was removed, but the annotation was not.