|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace SMartins\PassportMultiauth\Http\Middleware; |
|
4
|
|
|
|
|
5
|
|
|
use Closure; |
|
6
|
|
|
use Illuminate\Support\Facades\App; |
|
7
|
|
|
use League\OAuth2\Server\ResourceServer; |
|
8
|
|
|
use Illuminate\Auth\AuthenticationException; |
|
9
|
|
|
use Illuminate\Auth\Middleware\Authenticate; |
|
10
|
|
|
use Illuminate\Contracts\Auth\Factory as Auth; |
|
11
|
|
|
use SMartins\PassportMultiauth\PassportMultiauth; |
|
12
|
|
|
use SMartins\PassportMultiauth\ProviderRepository; |
|
13
|
|
|
use SMartins\PassportMultiauth\Guards\GuardChecker; |
|
14
|
|
|
use League\OAuth2\Server\Exception\OAuthServerException; |
|
15
|
|
|
use Symfony\Bridge\PsrHttpMessage\Factory\DiactorosFactory; |
|
16
|
|
|
|
|
17
|
|
|
class MultiAuthenticate extends Authenticate |
|
18
|
|
|
{ |
|
19
|
|
|
/** |
|
20
|
|
|
* @var \League\OAuth2\Server\ResourceServer |
|
21
|
|
|
*/ |
|
22
|
|
|
protected $server; |
|
23
|
|
|
|
|
24
|
|
|
/** |
|
25
|
|
|
* @var \SMartins\PassportMultiauth\ProviderRepository |
|
26
|
|
|
*/ |
|
27
|
|
|
protected $providers; |
|
28
|
|
|
|
|
29
|
|
|
/** |
|
30
|
|
|
* The authentication factory instance. |
|
31
|
|
|
* |
|
32
|
|
|
* @var \Illuminate\Contracts\Auth\Factory |
|
33
|
|
|
*/ |
|
34
|
|
|
protected $auth; |
|
35
|
|
|
|
|
36
|
12 |
|
public function __construct(ResourceServer $server, ProviderRepository $providers, Auth $auth) |
|
37
|
|
|
{ |
|
38
|
12 |
|
$this->server = $server; |
|
39
|
12 |
|
$this->providers = $providers; |
|
40
|
12 |
|
$this->auth = $auth; |
|
41
|
12 |
|
} |
|
42
|
|
|
|
|
43
|
|
|
/** |
|
44
|
|
|
* Handle an incoming request. Authenticates the guard from access token |
|
45
|
|
|
* used on request. |
|
46
|
|
|
* |
|
47
|
|
|
* @param \Illuminate\Http\Request $request |
|
48
|
|
|
* @param \Closure $next |
|
49
|
|
|
* @param string[] ...$guards |
|
50
|
|
|
* |
|
51
|
|
|
* @return mixed |
|
52
|
|
|
*/ |
|
53
|
12 |
|
public function handle($request, Closure $next, ...$guards) |
|
54
|
|
|
{ |
|
55
|
|
|
// If don't has any guard follow the flow |
|
56
|
12 |
|
if (count($guards) === 0) { |
|
57
|
1 |
|
return $next($request); |
|
58
|
|
|
} |
|
59
|
|
|
|
|
60
|
11 |
|
$psrRequest = (new DiactorosFactory())->createRequest($request); |
|
61
|
|
|
|
|
62
|
|
|
try { |
|
63
|
11 |
|
$psrRequest = $this->server->validateAuthenticatedRequest($psrRequest); |
|
64
|
|
|
|
|
65
|
4 |
|
$tokenId = $psrRequest->getAttribute('oauth_access_token_id'); |
|
66
|
|
|
|
|
67
|
4 |
|
if (! $tokenId) { |
|
68
|
1 |
|
throw new AuthenticationException('Unauthenticated', $guards); |
|
69
|
|
|
} |
|
70
|
|
|
|
|
71
|
3 |
|
$accessToken = $this->providers->findForToken($tokenId); |
|
72
|
|
|
|
|
73
|
3 |
|
if (! $accessToken) { |
|
74
|
1 |
|
throw new AuthenticationException('Unauthenticated', $guards); |
|
75
|
|
|
} |
|
76
|
|
|
|
|
77
|
2 |
|
$providers = collect($guards)->mapWithKeys(function ($guard) { |
|
78
|
2 |
|
return [GuardChecker::defaultGuardProvider($guard) => $guard]; |
|
79
|
2 |
|
}); |
|
80
|
|
|
|
|
81
|
|
|
// use only guard associated to access token provider |
|
82
|
2 |
|
if ($providers->has($accessToken->provider)) { |
|
83
|
1 |
|
$this->authenticate([$providers->get($accessToken->provider)]); |
|
84
|
|
|
} else { |
|
85
|
1 |
|
$this->authenticate([]); |
|
86
|
|
|
} |
|
87
|
|
|
|
|
88
|
1 |
|
return $next($request); |
|
89
|
10 |
|
} catch (OAuthServerException $e) { |
|
90
|
|
|
// @todo It's the best place to this code??? |
|
91
|
|
|
// |
|
92
|
|
|
// If running unit test and try authenticate an user with |
|
93
|
|
|
// `PassportMultiauth::actingAs($user) check the guards on request |
|
94
|
|
|
// to authenticate or not the user. |
|
95
|
7 |
|
$user = app('auth')->user(); |
|
96
|
|
|
|
|
97
|
7 |
|
if (App::runningUnitTests() && $user) { |
|
98
|
|
|
// @todo Move to method |
|
99
|
6 |
|
$guards = GuardChecker::getAuthGuards($request); |
|
|
|
|
|
|
100
|
|
|
|
|
101
|
6 |
|
$userGuard = PassportMultiauth::getUserGuard($user); |
|
102
|
|
|
|
|
103
|
6 |
|
if (! in_array($userGuard, $guards)) { |
|
104
|
2 |
|
throw new AuthenticationException('Unauthenticated', $guards); |
|
105
|
|
|
} |
|
106
|
|
|
|
|
107
|
4 |
|
return $next($request); |
|
108
|
|
|
} |
|
109
|
|
|
|
|
110
|
|
|
// @todo Check if it's the best way to handle with OAuthServerException |
|
111
|
1 |
|
throw new AuthenticationException('Unauthenticated', $guards); |
|
112
|
|
|
} |
|
113
|
|
|
} |
|
114
|
|
|
} |
|
115
|
|
|
|
sfelix-martins /
passport-multiauth
This method has been deprecated. The supplier of the class has supplied an explanatory message.
The explanatory message should give you some clue as to whether and when the method will be removed from the class and what other method or class to use instead.