|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
declare(strict_types=1); |
|
4
|
|
|
|
|
5
|
|
|
namespace Rinvex\OAuth\Grants; |
|
6
|
|
|
|
|
7
|
|
|
use DateInterval; |
|
8
|
|
|
use League\OAuth2\Server\RequestEvent; |
|
9
|
|
|
use Psr\Http\Message\ServerRequestInterface; |
|
10
|
|
|
use League\OAuth2\Server\Entities\UserEntityInterface; |
|
11
|
|
|
use League\OAuth2\Server\Entities\ClientEntityInterface; |
|
12
|
|
|
use League\OAuth2\Server\Exception\OAuthServerException; |
|
13
|
|
|
use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface; |
|
14
|
|
|
use League\OAuth2\Server\Grant\PasswordGrant as BasePasswordGrant; |
|
15
|
|
|
|
|
16
|
|
|
class PasswordGrant extends BasePasswordGrant |
|
17
|
|
|
{ |
|
18
|
|
|
/** |
|
19
|
|
|
* Respond to an access token request. |
|
20
|
|
|
* |
|
21
|
|
|
* @param ServerRequestInterface $request |
|
22
|
|
|
* @param ResponseTypeInterface $responseType |
|
23
|
|
|
* @param DateInterval $accessTokenTTL |
|
24
|
|
|
* |
|
25
|
|
|
* @throws OAuthServerException |
|
26
|
|
|
* |
|
27
|
|
|
* @return ResponseTypeInterface |
|
28
|
|
|
*/ |
|
29
|
|
|
public function respondToAccessTokenRequest(ServerRequestInterface $request, ResponseTypeInterface $responseType, DateInterval $accessTokenTTL) |
|
30
|
|
|
{ |
|
31
|
|
|
// Validate request |
|
32
|
|
|
$client = $this->validateClient($request); |
|
33
|
|
|
$scopes = $this->validateScopes($this->getRequestParameter('scope', $request, $this->defaultScope)); |
|
34
|
|
|
$user = $this->validateUser($request, $client); |
|
35
|
|
|
|
|
36
|
|
|
// Finalize the requested scopes |
|
37
|
|
|
$finalizedScopes = $this->scopeRepository->finalizeScopes($scopes, $this->getIdentifier(), $client, $user->getIdentifier()); |
|
38
|
|
|
|
|
39
|
|
|
// Issue and persist new access token |
|
40
|
|
|
$accessToken = $this->issueAccessToken($accessTokenTTL, $client, $user->getIdentifier(), $finalizedScopes); |
|
41
|
|
|
$this->getEmitter()->emit(new RequestEvent(RequestEvent::ACCESS_TOKEN_ISSUED, $request)); |
|
42
|
|
|
$responseType->setAccessToken($accessToken); |
|
|
|
|
|
|
43
|
|
|
|
|
44
|
|
|
// Issue and persist new refresh token if given |
|
45
|
|
|
$refreshToken = $this->issueRefreshToken($accessToken); |
|
|
|
|
|
|
46
|
|
|
|
|
47
|
|
|
if ($refreshToken !== null) { |
|
48
|
|
|
$this->getEmitter()->emit(new RequestEvent(RequestEvent::REFRESH_TOKEN_ISSUED, $request)); |
|
49
|
|
|
$responseType->setRefreshToken($refreshToken); |
|
50
|
|
|
} |
|
51
|
|
|
|
|
52
|
|
|
return $responseType; |
|
53
|
|
|
} |
|
54
|
|
|
|
|
55
|
|
|
/** |
|
56
|
|
|
* @param ServerRequestInterface $request |
|
57
|
|
|
* @param ClientEntityInterface $client |
|
58
|
|
|
* |
|
59
|
|
|
* @throws OAuthServerException |
|
60
|
|
|
* |
|
61
|
|
|
* @return UserEntityInterface |
|
62
|
|
|
*/ |
|
63
|
|
|
protected function validateUser(ServerRequestInterface $request, ClientEntityInterface $client) |
|
64
|
|
|
{ |
|
65
|
|
|
$username = $this->getRequestParameter('username', $request); |
|
66
|
|
|
|
|
67
|
|
|
if (is_null($username)) { |
|
68
|
|
|
throw OAuthServerException::invalidRequest('username'); |
|
69
|
|
|
} |
|
70
|
|
|
|
|
71
|
|
|
$password = $this->getRequestParameter('password', $request); |
|
72
|
|
|
|
|
73
|
|
|
if (is_null($password)) { |
|
74
|
|
|
throw OAuthServerException::invalidRequest('password'); |
|
75
|
|
|
} |
|
76
|
|
|
|
|
77
|
|
|
$user = $this->userRepository->getUserEntityByUserCredentials( |
|
78
|
|
|
$username, |
|
79
|
|
|
$password, |
|
80
|
|
|
$this->getIdentifier(), |
|
81
|
|
|
$client |
|
82
|
|
|
); |
|
83
|
|
|
|
|
84
|
|
|
if ($user instanceof UserEntityInterface === false) { |
|
85
|
|
|
$this->getEmitter()->emit(new RequestEvent(RequestEvent::USER_AUTHENTICATION_FAILED, $request)); |
|
86
|
|
|
|
|
87
|
|
|
throw OAuthServerException::invalidGrant(); |
|
88
|
|
|
} |
|
89
|
|
|
|
|
90
|
|
|
return $user; |
|
91
|
|
|
} |
|
92
|
|
|
} |
|
93
|
|
|
|
rinvex /
laravel-oauth
Loading history...
Unless you are absolutely sure that the expression can never be null because of other conditions, we strongly recommend to add an additional type check to your code: