|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/** |
|
4
|
|
|
* apparat-server |
|
5
|
|
|
* |
|
6
|
|
|
* @category Apparat |
|
7
|
|
|
* @package Apparat\Server |
|
8
|
|
|
* @subpackage Apparat\Server\Ports |
|
9
|
|
|
* @author Joschi Kuphal <[email protected]> / @jkphl |
|
10
|
|
|
* @copyright Copyright © 2016 Joschi Kuphal <[email protected]> / @jkphl |
|
11
|
|
|
* @license http://opensource.org/licenses/MIT The MIT License (MIT) |
|
12
|
|
|
*/ |
|
13
|
|
|
|
|
14
|
|
|
/*********************************************************************************** |
|
15
|
|
|
* The MIT License (MIT) |
|
16
|
|
|
* |
|
17
|
|
|
* Copyright © 2016 Joschi Kuphal <[email protected]> / @jkphl |
|
18
|
|
|
* |
|
19
|
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy of |
|
20
|
|
|
* this software and associated documentation files (the "Software"), to deal in |
|
21
|
|
|
* the Software without restriction, including without limitation the rights to |
|
22
|
|
|
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of |
|
23
|
|
|
* the Software, and to permit persons to whom the Software is furnished to do so, |
|
24
|
|
|
* subject to the following conditions: |
|
25
|
|
|
* |
|
26
|
|
|
* The above copyright notice and this permission notice shall be included in all |
|
27
|
|
|
* copies or substantial portions of the Software. |
|
28
|
|
|
* |
|
29
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
|
30
|
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS |
|
31
|
|
|
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR |
|
32
|
|
|
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER |
|
33
|
|
|
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN |
|
34
|
|
|
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
|
35
|
|
|
***********************************************************************************/ |
|
36
|
|
|
|
|
37
|
|
|
namespace Apparat\Server\Ports\Authenticator; |
|
38
|
|
|
|
|
39
|
|
|
use Psr\Http\Message\ServerRequestInterface; |
|
40
|
|
|
|
|
41
|
|
|
/** |
|
42
|
|
|
* Abstract bearer authenticator |
|
43
|
|
|
* |
|
44
|
|
|
* @package Apparat\Server |
|
45
|
|
|
* @subpackage Apparat\Server\Ports |
|
46
|
|
|
*/ |
|
47
|
|
|
abstract class Bearer implements AuthenticatorInterface |
|
48
|
|
|
{ |
|
49
|
|
|
/** |
|
50
|
|
|
* Authenticate a request |
|
51
|
|
|
* |
|
52
|
|
|
* @param ServerRequestInterface $request Request |
|
53
|
|
|
* @return boolean Request is authenticated |
|
54
|
|
|
* @see https://quill.p3k.io/creating-a-micropub-endpoint#verifying-access-tokens |
|
55
|
|
|
*/ |
|
56
|
|
|
public function authenticate(ServerRequestInterface $request) |
|
57
|
|
|
{ |
|
58
|
|
|
return $this->authenticateHeader($request) |
|
59
|
|
|
|| $this->authenticateBody($request) |
|
60
|
|
|
|| $this->authenticateQuery($request); |
|
61
|
|
|
} |
|
62
|
|
|
|
|
63
|
|
|
/** |
|
64
|
|
|
* Authenticate with an "Authorization" header |
|
65
|
|
|
* |
|
66
|
|
|
* @param ServerRequestInterface $request Request |
|
67
|
|
|
* @return bool Request is valid |
|
68
|
|
|
*/ |
|
69
|
|
|
protected function authenticateHeader(ServerRequestInterface $request) |
|
70
|
|
|
{ |
|
71
|
|
|
// Run through all "Authorization" headers |
|
72
|
|
|
foreach ($request->getHeader('Authorization') as $authHeader) { |
|
73
|
|
|
// If this is supposed to be a bearer token |
|
74
|
|
|
if (!strncmp(strtolower($authHeader), 'bearer', 6)) { |
|
75
|
|
|
$bearerToken = preg_split('%\s+%', $authHeader); |
|
76
|
|
|
|
|
77
|
|
|
// If there is really a bearer token |
|
78
|
|
|
if (count($bearerToken) > 1) { |
|
79
|
|
|
return $this->verifyToken($bearerToken[1]); |
|
80
|
|
|
} |
|
81
|
|
|
} |
|
82
|
|
|
} |
|
83
|
|
|
|
|
84
|
|
|
return false; |
|
85
|
|
|
} |
|
86
|
|
|
|
|
87
|
|
|
/** |
|
88
|
|
|
* Verify the validity of the bearer token |
|
89
|
|
|
* |
|
90
|
|
|
* @param string $token Bearer token |
|
91
|
|
|
* @return boolean The bearer token is valid |
|
92
|
|
|
*/ |
|
93
|
|
|
abstract protected function verifyToken($token); |
|
94
|
|
|
|
|
95
|
|
|
/** |
|
96
|
|
|
* Authenticate with an "access_token" body parameter |
|
97
|
|
|
* |
|
98
|
|
|
* @param ServerRequestInterface $request Request |
|
99
|
|
|
* @return bool Request is valid |
|
100
|
|
|
*/ |
|
101
|
|
|
protected function authenticateBody(ServerRequestInterface $request) |
|
102
|
|
|
{ |
|
103
|
|
|
$bodyParameters = (array)$request->getParsedBody(); |
|
104
|
|
|
return array_key_exists('access_token', $bodyParameters) ? |
|
105
|
|
|
$this->verifyToken($bodyParameters['access_token']) : false; |
|
106
|
|
|
} |
|
107
|
|
|
|
|
108
|
|
|
/** |
|
109
|
|
|
* Authenticate with an "access_token" query parameter |
|
110
|
|
|
* |
|
111
|
|
|
* @param ServerRequestInterface $request Request |
|
112
|
|
|
* @return bool Request is valid |
|
113
|
|
|
*/ |
|
114
|
|
|
protected function authenticateQuery(ServerRequestInterface $request) |
|
115
|
|
|
{ |
|
116
|
|
|
$queryParameters = (array)$request->getQueryParams(); |
|
117
|
|
|
return array_key_exists('access_token', $queryParameters) ? |
|
118
|
|
|
$this->verifyToken($queryParameters['access_token']) : false; |
|
119
|
|
|
} |
|
120
|
|
|
} |
|
121
|
|
|
|
apparat /
server
