|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/** |
|
4
|
|
|
* Copyright (c) 2016, 2017 François Kooman <[email protected]>. |
|
5
|
|
|
* |
|
6
|
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy |
|
7
|
|
|
* of this software and associated documentation files (the "Software"), to deal |
|
8
|
|
|
* in the Software without restriction, including without limitation the rights |
|
9
|
|
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
|
10
|
|
|
* copies of the Software, and to permit persons to whom the Software is |
|
11
|
|
|
* furnished to do so, subject to the following conditions: |
|
12
|
|
|
* |
|
13
|
|
|
* The above copyright notice and this permission notice shall be included in all |
|
14
|
|
|
* copies or substantial portions of the Software. |
|
15
|
|
|
* |
|
16
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
|
17
|
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
|
18
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
|
19
|
|
|
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
|
20
|
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
|
21
|
|
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
|
22
|
|
|
* SOFTWARE. |
|
23
|
|
|
*/ |
|
24
|
|
|
|
|
25
|
|
|
namespace fkooman\OAuth\Client; |
|
26
|
|
|
|
|
27
|
|
|
use DateInterval; |
|
28
|
|
|
use DateTime; |
|
29
|
|
|
use fkooman\OAuth\Client\Exception\OAuthException; |
|
30
|
|
|
use fkooman\OAuth\Client\Exception\OAuthServerException; |
|
31
|
|
|
use fkooman\OAuth\Client\Http\HttpClientInterface; |
|
32
|
|
|
use fkooman\OAuth\Client\Http\Request; |
|
33
|
|
|
use fkooman\OAuth\Client\Http\Response; |
|
34
|
|
|
use InvalidArgumentException; |
|
35
|
|
|
use ParagonIE\ConstantTime\Base64; |
|
36
|
|
|
use Psr\Log\LoggerInterface; |
|
37
|
|
|
use Psr\Log\NullLogger; |
|
38
|
|
|
|
|
39
|
|
|
class OAuthClient |
|
40
|
|
|
{ |
|
41
|
|
|
/** @var TokenStorageInterface */ |
|
42
|
|
|
private $tokenStorage; |
|
43
|
|
|
|
|
44
|
|
|
/** @var \fkooman\OAuth\Client\Http\HttpClientInterface */ |
|
45
|
|
|
private $httpClient; |
|
46
|
|
|
|
|
47
|
|
|
/** @var SessionInterface */ |
|
48
|
|
|
private $session; |
|
49
|
|
|
|
|
50
|
|
|
/** @var RandomInterface */ |
|
51
|
|
|
private $random; |
|
52
|
|
|
|
|
53
|
|
|
/** @var \Psr\Log\LoggerInterface */ |
|
54
|
|
|
private $logger; |
|
55
|
|
|
|
|
56
|
|
|
/** @var \DateTime */ |
|
57
|
|
|
private $dateTime; |
|
58
|
|
|
|
|
59
|
|
|
/** @var array */ |
|
60
|
|
|
private $providerList = []; |
|
61
|
|
|
|
|
62
|
|
|
/** @var string */ |
|
63
|
|
|
private $providerId = null; |
|
64
|
|
|
|
|
65
|
|
|
/** @var string|null */ |
|
66
|
|
|
private $userId = null; |
|
67
|
|
|
|
|
68
|
|
|
/** |
|
69
|
|
|
* @param TokenStorageInterface $tokenStorage |
|
70
|
|
|
* @param Http\HttpClientInterface $httpClient |
|
71
|
|
|
*/ |
|
72
|
|
|
public function __construct(TokenStorageInterface $tokenStorage, HttpClientInterface $httpClient) |
|
73
|
|
|
{ |
|
74
|
|
|
$this->tokenStorage = $tokenStorage; |
|
75
|
|
|
$this->httpClient = $httpClient; |
|
76
|
|
|
|
|
77
|
|
|
$this->session = new Session(); |
|
78
|
|
|
$this->random = new Random(); |
|
79
|
|
|
$this->logger = new NullLogger(); |
|
80
|
|
|
$this->dateTime = new DateTime(); |
|
81
|
|
|
} |
|
82
|
|
|
|
|
83
|
|
|
/** |
|
84
|
|
|
* @param string $providerId |
|
85
|
|
|
* @param Provider $provider |
|
86
|
|
|
*/ |
|
87
|
|
|
public function addProvider($providerId, Provider $provider) |
|
88
|
|
|
{ |
|
89
|
|
|
$this->providerList[$providerId] = $provider; |
|
90
|
|
|
// the first provider we add becomes the active provider, can be |
|
91
|
|
|
// overridden by the "setProviderId" method |
|
92
|
|
|
if (1 === count($this->providerList)) { |
|
93
|
|
|
$this->providerId = $providerId; |
|
94
|
|
|
} |
|
95
|
|
|
} |
|
96
|
|
|
|
|
97
|
|
|
/** |
|
98
|
|
|
* @param string $providerId |
|
99
|
|
|
*/ |
|
100
|
|
|
public function setProviderId($providerId) |
|
101
|
|
|
{ |
|
102
|
|
|
if (!array_key_exists($providerId, $this->providerList)) { |
|
103
|
|
|
throw new OAuthException(sprintf('provider with providerId "%s" does not exist', $this->providerId)); |
|
104
|
|
|
} |
|
105
|
|
|
} |
|
106
|
|
|
|
|
107
|
|
|
/** |
|
108
|
|
|
* @param SessionInterface $session |
|
109
|
|
|
*/ |
|
110
|
|
|
public function setSession(SessionInterface $session) |
|
111
|
|
|
{ |
|
112
|
|
|
$this->session = $session; |
|
113
|
|
|
} |
|
114
|
|
|
|
|
115
|
|
|
/** |
|
116
|
|
|
* @param RandomInterface $random |
|
117
|
|
|
*/ |
|
118
|
|
|
public function setRandom(RandomInterface $random) |
|
119
|
|
|
{ |
|
120
|
|
|
$this->random = $random; |
|
121
|
|
|
} |
|
122
|
|
|
|
|
123
|
|
|
/** |
|
124
|
|
|
* @param LoggerInterface $logger |
|
125
|
|
|
*/ |
|
126
|
|
|
public function setLogger(LoggerInterface $logger) |
|
127
|
|
|
{ |
|
128
|
|
|
$this->logger = $logger; |
|
129
|
|
|
} |
|
130
|
|
|
|
|
131
|
|
|
/** |
|
132
|
|
|
* @param DateTime $dateTime |
|
133
|
|
|
*/ |
|
134
|
|
|
public function setDateTime(DateTime $dateTime) |
|
135
|
|
|
{ |
|
136
|
|
|
$this->dateTime = $dateTime; |
|
137
|
|
|
} |
|
138
|
|
|
|
|
139
|
|
|
/** |
|
140
|
|
|
* @param string $userId |
|
141
|
|
|
*/ |
|
142
|
|
|
public function setUserId($userId) |
|
143
|
|
|
{ |
|
144
|
|
|
$this->userId = $userId; |
|
145
|
|
|
} |
|
146
|
|
|
|
|
147
|
|
|
/** |
|
148
|
|
|
* Perform a GET request. |
|
149
|
|
|
* |
|
150
|
|
|
* @param string|null $requestScope the required scope to perform the |
|
151
|
|
|
* request, use `null` if you want to |
|
152
|
|
|
* request a resource without token |
|
153
|
|
|
* @param string $requestUri |
|
154
|
|
|
* @param array $requestHeaders |
|
155
|
|
|
* |
|
156
|
|
|
* @return Http\Response|false |
|
157
|
|
|
*/ |
|
158
|
|
|
public function get($requestScope, $requestUri, array $requestHeaders = []) |
|
159
|
|
|
{ |
|
160
|
|
|
return $this->send($requestScope, Request::get($requestUri, $requestHeaders)); |
|
161
|
|
|
} |
|
162
|
|
|
|
|
163
|
|
|
/** |
|
164
|
|
|
* Perform a POST request. |
|
165
|
|
|
* |
|
166
|
|
|
* @param string|null $requestScope |
|
167
|
|
|
* @param string $requestUri |
|
168
|
|
|
* @param array $postBody |
|
169
|
|
|
* @param array $requestHeaders |
|
170
|
|
|
* |
|
171
|
|
|
* @return Http\Response|false |
|
172
|
|
|
*/ |
|
173
|
|
|
public function post($requestScope, $requestUri, array $postBody, array $requestHeaders = []) |
|
174
|
|
|
{ |
|
175
|
|
|
return $this->send($requestScope, Request::post($requestUri, $postBody, $requestHeaders)); |
|
176
|
|
|
} |
|
177
|
|
|
|
|
178
|
|
|
/** |
|
179
|
|
|
* Perform a HTTP request. |
|
180
|
|
|
* |
|
181
|
|
|
* @param string|null $requestScope |
|
182
|
|
|
* @param Http\Request $request |
|
183
|
|
|
* |
|
184
|
|
|
* @return Response|false |
|
185
|
|
|
*/ |
|
186
|
|
|
public function send($requestScope, Request $request) |
|
187
|
|
|
{ |
|
188
|
|
|
// if the requestScope is null, the request is sent without an OAuth |
|
189
|
|
|
// token, useful to use the same API to request resources that are not |
|
190
|
|
|
// protected |
|
191
|
|
|
if (is_null($requestScope)) { |
|
192
|
|
|
return $this->httpClient->send($request); |
|
193
|
|
|
} |
|
194
|
|
|
|
|
195
|
|
|
if (is_null($this->userId)) { |
|
196
|
|
|
throw new OAuthException('userId not set'); |
|
197
|
|
|
} |
|
198
|
|
|
|
|
199
|
|
|
// make sure we have an access token |
|
200
|
|
View Code Duplication |
if (false === $accessToken = $this->tokenStorage->getAccessToken($this->userId, $this->providerId, $requestScope)) { |
|
|
|
|
|
|
201
|
|
|
$this->logger->info(sprintf('no access_token available for user "%s" with scope "%s"', $this->userId, $requestScope)); |
|
202
|
|
|
|
|
203
|
|
|
return false; |
|
204
|
|
|
} |
|
205
|
|
|
|
|
206
|
|
|
if ($requestScope !== $accessToken->getScope()) { |
|
207
|
|
|
throw new OAuthException('access_token does not have the required scope'); |
|
208
|
|
|
} |
|
209
|
|
|
|
|
210
|
|
|
$refreshedToken = false; |
|
211
|
|
|
if ($accessToken->isExpired($this->dateTime)) { |
|
212
|
|
|
$this->logger->info(sprintf('access_token for user "%s" with scope "%s" expired', $this->userId, $requestScope)); |
|
213
|
|
|
// access_token is expired, try to refresh it |
|
214
|
|
View Code Duplication |
if (is_null($accessToken->getRefreshToken())) { |
|
|
|
|
|
|
215
|
|
|
$this->logger->info(sprintf('no refresh_token available in this access_token for user "%s" with scope "%s", deleting it', $this->userId, $requestScope)); |
|
216
|
|
|
// we do not have a refresh_token, delete this access token, it |
|
217
|
|
|
// is useless now... |
|
218
|
|
|
$this->tokenStorage->deleteAccessToken($this->userId, $this->providerId, $accessToken); |
|
219
|
|
|
|
|
220
|
|
|
return false; |
|
221
|
|
|
} |
|
222
|
|
|
|
|
223
|
|
|
$this->logger->info(sprintf('using refresh_token to obtain new access_token for user "%s" with scope "%s"', $this->userId, $requestScope)); |
|
224
|
|
|
|
|
225
|
|
|
try { |
|
226
|
|
|
// delete the old one, and use it to try to get a new one |
|
227
|
|
|
$this->tokenStorage->deleteAccessToken($this->userId, $this->providerId, $accessToken); |
|
228
|
|
|
$accessToken = $this->refreshAccessToken($accessToken); |
|
229
|
|
|
} catch (OAuthServerException $e) { |
|
230
|
|
|
$this->logger->info(sprintf('deleting access_token as refresh_token for user "%s" with scope "%s" was not accepted by the authorization server: "%s"', $this->userId, $requestScope, $e->getMessage())); |
|
231
|
|
|
|
|
232
|
|
|
return false; |
|
233
|
|
|
} |
|
234
|
|
|
$this->logger->info(sprintf('got a new access_token using the refresh_token for user "%s" with scope "%s"', $this->userId, $requestScope)); |
|
235
|
|
|
$refreshedToken = true; |
|
236
|
|
|
} |
|
237
|
|
|
|
|
238
|
|
|
// add Authorization header to the request headers |
|
239
|
|
|
$request->setHeader('Authorization', sprintf('Bearer %s', $accessToken->getToken())); |
|
240
|
|
|
|
|
241
|
|
|
$response = $this->httpClient->send($request); |
|
242
|
|
View Code Duplication |
if (401 === $response->getStatusCode()) { |
|
|
|
|
|
|
243
|
|
|
$this->logger->info(sprintf('deleting access_token for user "%s" with scope "%s" that was supposed to work, but did not, possibly revoked by user', $this->userId, $requestScope)); |
|
244
|
|
|
// this indicates an invalid access_token |
|
245
|
|
|
$this->tokenStorage->deleteAccessToken($this->userId, $this->providerId, $accessToken); |
|
246
|
|
|
|
|
247
|
|
|
return false; |
|
248
|
|
|
} |
|
249
|
|
|
|
|
250
|
|
|
$this->logger->info(sprintf('access_token for use "%s" with scope "%s" successfully used', $this->userId, $requestScope)); |
|
251
|
|
|
|
|
252
|
|
|
if ($refreshedToken) { |
|
253
|
|
|
$this->logger->info(sprintf('storing refreshed access_token for user "%s" with scope "%s" as it was successfully used', $this->userId, $requestScope)); |
|
254
|
|
|
// if we refreshed the token, and it was successful, i.e. not a 401, |
|
255
|
|
|
// update the stored AccessToken |
|
256
|
|
|
$this->tokenStorage->setAccessToken($this->userId, $this->providerId, $accessToken); |
|
257
|
|
|
} |
|
258
|
|
|
|
|
259
|
|
|
return $response; |
|
260
|
|
|
} |
|
261
|
|
|
|
|
262
|
|
|
/** |
|
263
|
|
|
* Obtain an authorization request URL to start the authorization process |
|
264
|
|
|
* at the OAuth provider. |
|
265
|
|
|
* |
|
266
|
|
|
* @param string $scope the space separated scope tokens |
|
267
|
|
|
* @param string $redirectUri the URL to redirect back to after coming back |
|
268
|
|
|
* from the OAuth provider (callback URL) |
|
269
|
|
|
* |
|
270
|
|
|
* @return string the authorization request URL |
|
271
|
|
|
* |
|
272
|
|
|
* @see https://tools.ietf.org/html/rfc6749#section-3.3 |
|
273
|
|
|
* @see https://tools.ietf.org/html/rfc6749#section-3.1.2 |
|
274
|
|
|
*/ |
|
275
|
|
|
public function getAuthorizeUri($scope, $redirectUri) |
|
276
|
|
|
{ |
|
277
|
|
|
$queryParams = http_build_query( |
|
278
|
|
|
[ |
|
279
|
|
|
'client_id' => $this->getActiveProvider()->getId(), |
|
280
|
|
|
'redirect_uri' => $redirectUri, |
|
281
|
|
|
'scope' => $scope, |
|
282
|
|
|
'state' => $this->random->get(16), |
|
283
|
|
|
'response_type' => 'code', |
|
284
|
|
|
], |
|
285
|
|
|
'&' |
|
286
|
|
|
); |
|
287
|
|
|
|
|
288
|
|
|
$authorizeUri = sprintf( |
|
289
|
|
|
'%s%s%s', |
|
290
|
|
|
$this->getActiveProvider()->getAuthorizationEndpoint(), |
|
291
|
|
|
false === strpos($this->getActiveProvider()->getAuthorizationEndpoint(), '?') ? '?' : '&', |
|
292
|
|
|
$queryParams |
|
293
|
|
|
); |
|
294
|
|
|
$this->session->set('_oauth2_session', $authorizeUri); |
|
295
|
|
|
|
|
296
|
|
|
return $authorizeUri; |
|
297
|
|
|
} |
|
298
|
|
|
|
|
299
|
|
|
/** |
|
300
|
|
|
* @param string $responseCode the code passed to the "code" |
|
301
|
|
|
* query parameter on the callback URL |
|
302
|
|
|
* @param string $responseState the state passed to the "state" |
|
303
|
|
|
* query parameter on the callback URL |
|
304
|
|
|
*/ |
|
305
|
|
|
public function handleCallback($responseCode, $responseState) |
|
306
|
|
|
{ |
|
307
|
|
|
if (is_null($this->userId)) { |
|
308
|
|
|
throw new OAuthException('userId not set'); |
|
309
|
|
|
} |
|
310
|
|
|
|
|
311
|
|
|
$requestParameters = self::parseRequestUri( |
|
312
|
|
|
$this->session->get('_oauth2_session') |
|
313
|
|
|
); |
|
314
|
|
|
if ($responseState !== $requestParameters['state']) { |
|
315
|
|
|
// the OAuth state from the initial request MUST be the same as the |
|
316
|
|
|
// state used by the response |
|
317
|
|
|
throw new OAuthException('invalid OAuth state'); |
|
318
|
|
|
} |
|
319
|
|
|
|
|
320
|
|
|
if ($requestParameters['client_id'] !== $this->getActiveProvider()->getId()) { |
|
321
|
|
|
// the client_id used for the initial request differs from the |
|
322
|
|
|
// currently configured Provider, the client_id MUST be identical |
|
323
|
|
|
throw new OAuthException('unexpected client identifier'); |
|
324
|
|
|
} |
|
325
|
|
|
|
|
326
|
|
|
// prepare access_token request |
|
327
|
|
|
$tokenRequestData = [ |
|
328
|
|
|
'client_id' => $this->getActiveProvider()->getId(), |
|
329
|
|
|
'grant_type' => 'authorization_code', |
|
330
|
|
|
'code' => $responseCode, |
|
331
|
|
|
'redirect_uri' => $requestParameters['redirect_uri'], |
|
332
|
|
|
]; |
|
333
|
|
|
|
|
334
|
|
|
$responseData = $this->validateTokenResponse( |
|
335
|
|
|
$this->httpClient->send( |
|
336
|
|
|
Request::post( |
|
337
|
|
|
$this->getActiveProvider()->getTokenEndpoint(), |
|
338
|
|
|
$tokenRequestData, |
|
339
|
|
|
[ |
|
340
|
|
|
'Authorization' => sprintf( |
|
341
|
|
|
'Basic %s', |
|
342
|
|
|
Base64::encode( |
|
343
|
|
|
sprintf('%s:%s', $this->getActiveProvider()->getId(), $this->getActiveProvider()->getSecret()) |
|
344
|
|
|
) |
|
345
|
|
|
), |
|
346
|
|
|
] |
|
347
|
|
|
) |
|
348
|
|
|
), |
|
349
|
|
|
$requestParameters['scope'] |
|
350
|
|
|
); |
|
351
|
|
|
|
|
352
|
|
|
// delete the session |
|
353
|
|
|
$this->session->del('_oauth2_session'); |
|
354
|
|
|
|
|
355
|
|
|
$this->tokenStorage->setAccessToken( |
|
356
|
|
|
$this->userId, |
|
357
|
|
|
$this->providerId, |
|
358
|
|
|
new AccessToken( |
|
359
|
|
|
$responseData['access_token'], |
|
360
|
|
|
$responseData['token_type'], |
|
361
|
|
|
$responseData['scope'], |
|
362
|
|
|
array_key_exists('refresh_token', $responseData) ? $responseData['refresh_token'] : null, |
|
363
|
|
|
$responseData['expires_at'] |
|
364
|
|
|
) |
|
365
|
|
|
); |
|
366
|
|
|
} |
|
367
|
|
|
|
|
368
|
|
|
/** |
|
369
|
|
|
* @param AccessToken $accessToken |
|
370
|
|
|
* |
|
371
|
|
|
* @return AccessToken |
|
372
|
|
|
*/ |
|
373
|
|
|
private function refreshAccessToken(AccessToken $accessToken) |
|
374
|
|
|
{ |
|
375
|
|
|
// prepare access_token request |
|
376
|
|
|
$tokenRequestData = [ |
|
377
|
|
|
'grant_type' => 'refresh_token', |
|
378
|
|
|
'refresh_token' => $accessToken->getRefreshToken(), |
|
379
|
|
|
'scope' => $accessToken->getScope(), |
|
380
|
|
|
]; |
|
381
|
|
|
|
|
382
|
|
|
$responseData = $this->validateTokenResponse( |
|
383
|
|
|
$this->httpClient->send( |
|
384
|
|
|
Request::post( |
|
385
|
|
|
$this->getActiveProvider()->getTokenEndpoint(), |
|
386
|
|
|
$tokenRequestData, |
|
387
|
|
|
[ |
|
388
|
|
|
'Authorization' => sprintf( |
|
389
|
|
|
'Basic %s', |
|
390
|
|
|
Base64::encode( |
|
391
|
|
|
sprintf('%s:%s', $this->getActiveProvider()->getId(), $this->getActiveProvider()->getSecret()) |
|
392
|
|
|
) |
|
393
|
|
|
), |
|
394
|
|
|
] |
|
395
|
|
|
) |
|
396
|
|
|
), |
|
397
|
|
|
$accessToken->getScope() |
|
398
|
|
|
); |
|
399
|
|
|
|
|
400
|
|
|
return new AccessToken( |
|
401
|
|
|
$responseData['access_token'], |
|
402
|
|
|
$responseData['token_type'], |
|
403
|
|
|
$responseData['scope'], |
|
404
|
|
|
// if a new refresh_token was provided use that, if not reuse the old one |
|
405
|
|
|
array_key_exists('refresh_token', $responseData) ? $responseData['refresh_token'] : $accessToken->getRefreshToken(), |
|
406
|
|
|
$responseData['expires_at'] |
|
407
|
|
|
); |
|
408
|
|
|
} |
|
409
|
|
|
|
|
410
|
|
|
/** |
|
411
|
|
|
* @param string $requestUri |
|
412
|
|
|
* |
|
413
|
|
|
* @return array |
|
414
|
|
|
*/ |
|
415
|
|
|
private static function parseRequestUri($requestUri) |
|
416
|
|
|
{ |
|
417
|
|
|
if (!is_string($requestUri)) { |
|
418
|
|
|
throw new InvalidArgumentException('"requestUri" MUST be string'); |
|
419
|
|
|
} |
|
420
|
|
|
|
|
421
|
|
|
if (false === $qPos = strpos($requestUri, '?')) { |
|
422
|
|
|
throw new OAuthException('"requestUri" not valid, no query string'); |
|
423
|
|
|
} |
|
424
|
|
|
parse_str(substr($requestUri, $qPos + 1), $requestParameters); |
|
425
|
|
|
|
|
426
|
|
|
$requiredParameters = [ |
|
427
|
|
|
'client_id', |
|
428
|
|
|
'redirect_uri', |
|
429
|
|
|
'scope', |
|
430
|
|
|
'state', |
|
431
|
|
|
'response_type', |
|
432
|
|
|
]; |
|
433
|
|
|
|
|
434
|
|
|
// all of the above parameters were part of the requestUri, make sure |
|
435
|
|
|
// they are still there... |
|
436
|
|
View Code Duplication |
foreach ($requiredParameters as $requiredParameter) { |
|
|
|
|
|
|
437
|
|
|
if (!array_key_exists($requiredParameter, $requestParameters)) { |
|
438
|
|
|
throw new OAuthException( |
|
439
|
|
|
sprintf( |
|
440
|
|
|
'request URI not valid, missing required query parameter "%s"', |
|
441
|
|
|
$requiredParameter |
|
442
|
|
|
) |
|
443
|
|
|
); |
|
444
|
|
|
} |
|
445
|
|
|
} |
|
446
|
|
|
|
|
447
|
|
|
return $requestParameters; |
|
448
|
|
|
} |
|
449
|
|
|
|
|
450
|
|
|
/** |
|
451
|
|
|
* @param Http\Response $response |
|
452
|
|
|
* @param string $requestScope |
|
453
|
|
|
* |
|
454
|
|
|
* @return array |
|
455
|
|
|
*/ |
|
456
|
|
|
private function validateTokenResponse(Response $response, $requestScope) |
|
457
|
|
|
{ |
|
458
|
|
|
$tokenResponse = $response->json(); |
|
459
|
|
|
// XXX what if not array? |
|
460
|
|
|
|
|
461
|
|
|
// check if an error occurred |
|
462
|
|
|
if (array_key_exists('error', $tokenResponse)) { |
|
463
|
|
|
if (array_key_exists('error_description', $tokenResponse)) { |
|
464
|
|
|
throw new OAuthServerException(sprintf('%s: %s', $tokenResponse['error'], $tokenResponse['error_description'])); |
|
465
|
|
|
} |
|
466
|
|
|
|
|
467
|
|
|
throw new OAuthServerException($tokenResponse['error']); |
|
468
|
|
|
} |
|
469
|
|
|
|
|
470
|
|
|
$requiredParameters = [ |
|
471
|
|
|
'access_token', |
|
472
|
|
|
'token_type', |
|
473
|
|
|
]; |
|
474
|
|
|
|
|
475
|
|
View Code Duplication |
foreach ($requiredParameters as $requiredParameter) { |
|
|
|
|
|
|
476
|
|
|
if (!array_key_exists($requiredParameter, $tokenResponse)) { |
|
477
|
|
|
throw new OAuthException( |
|
478
|
|
|
sprintf( |
|
479
|
|
|
'token response not valid, missing required parameter "%s"', |
|
480
|
|
|
$requiredParameter |
|
481
|
|
|
) |
|
482
|
|
|
); |
|
483
|
|
|
} |
|
484
|
|
|
} |
|
485
|
|
|
|
|
486
|
|
|
if (!array_key_exists('scope', $tokenResponse)) { |
|
487
|
|
|
// if the token endpoint does not return a 'scope' value, the |
|
488
|
|
|
// specification says the requested scope was granted |
|
489
|
|
|
$tokenResponse['scope'] = $requestScope; |
|
490
|
|
|
} |
|
491
|
|
|
|
|
492
|
|
|
$tokenResponse['expires_at'] = $this->calculateExpiresAt($tokenResponse); |
|
493
|
|
|
|
|
494
|
|
|
return $tokenResponse; |
|
495
|
|
|
} |
|
496
|
|
|
|
|
497
|
|
|
/** |
|
498
|
|
|
* @param array $tokenResponse |
|
499
|
|
|
* |
|
500
|
|
|
* @return \DateTime |
|
501
|
|
|
*/ |
|
502
|
|
|
private function calculateExpiresAt(array $tokenResponse) |
|
503
|
|
|
{ |
|
504
|
|
|
$dateTime = clone $this->dateTime; |
|
505
|
|
|
if (array_key_exists('expires_in', $tokenResponse)) { |
|
506
|
|
|
return date_add($dateTime, new DateInterval(sprintf('PT%dS', $tokenResponse['expires_in']))); |
|
507
|
|
|
} |
|
508
|
|
|
|
|
509
|
|
|
// if the 'expires_in' field is not available, we default to 1 year |
|
510
|
|
|
return date_add($dateTime, new DateInterval('P1Y')); |
|
511
|
|
|
} |
|
512
|
|
|
|
|
513
|
|
|
/** |
|
514
|
|
|
* Get the active OAuth provider. |
|
515
|
|
|
* |
|
516
|
|
|
* @return Provider |
|
517
|
|
|
*/ |
|
518
|
|
|
private function getActiveProvider() |
|
519
|
|
|
{ |
|
520
|
|
|
return $this->providerList[$this->providerId]; |
|
521
|
|
|
} |
|
522
|
|
|
} |
|
523
|
|
|
|
fkooman /
php-oauth2-client
Loading history...
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.