1
|
|
|
<?php |
2
|
|
|
/** |
3
|
|
|
* @author Alex Bilbie <[email protected]> |
4
|
|
|
* @copyright Copyright (c) Alex Bilbie |
5
|
|
|
* @license http://mit-license.org/ |
6
|
|
|
* |
7
|
|
|
* @link https://github.com/thephpleague/oauth2-server |
8
|
|
|
*/ |
9
|
|
|
|
10
|
|
|
namespace League\OAuth2\Server; |
11
|
|
|
|
12
|
|
|
use DateInterval; |
13
|
|
|
use League\Event\EmitterAwareInterface; |
14
|
|
|
use League\Event\EmitterAwareTrait; |
15
|
|
|
use League\OAuth2\Server\Exception\OAuthServerException; |
16
|
|
|
use League\OAuth2\Server\Grant\GrantTypeInterface; |
17
|
|
|
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface; |
18
|
|
|
use League\OAuth2\Server\Repositories\ClientRepositoryInterface; |
19
|
|
|
use League\OAuth2\Server\Repositories\ScopeRepositoryInterface; |
20
|
|
|
use League\OAuth2\Server\RequestTypes\AuthorizationRequest; |
21
|
|
|
use League\OAuth2\Server\ResponseTypes\BearerTokenResponse; |
22
|
|
|
use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface; |
23
|
|
|
use Psr\Http\Message\ResponseInterface; |
24
|
|
|
use Psr\Http\Message\ServerRequestInterface; |
25
|
|
|
|
26
|
|
|
class AuthorizationServer implements EmitterAwareInterface |
27
|
|
|
{ |
28
|
|
|
use EmitterAwareTrait; |
29
|
|
|
|
30
|
|
|
/** |
31
|
|
|
* @var \League\OAuth2\Server\Grant\GrantTypeInterface[] |
32
|
|
|
*/ |
33
|
|
|
protected $enabledGrantTypes = []; |
34
|
|
|
|
35
|
|
|
/** |
36
|
|
|
* @var \DateInterval[] |
37
|
|
|
*/ |
38
|
|
|
protected $grantTypeAccessTokenTTL = []; |
39
|
|
|
|
40
|
|
|
/** |
41
|
|
|
* @var \League\OAuth2\Server\CryptKey |
42
|
|
|
*/ |
43
|
|
|
protected $privateKey; |
44
|
|
|
|
45
|
|
|
/** |
46
|
|
|
* @var \League\OAuth2\Server\CryptKey |
47
|
|
|
*/ |
48
|
|
|
protected $publicKey; |
49
|
|
|
|
50
|
|
|
/** |
51
|
|
|
* @var ResponseTypeInterface |
52
|
|
|
*/ |
53
|
|
|
protected $responseType; |
54
|
|
|
|
55
|
|
|
/** |
56
|
|
|
* @var \League\OAuth2\Server\Repositories\ClientRepositoryInterface |
57
|
|
|
*/ |
58
|
|
|
private $clientRepository; |
59
|
|
|
|
60
|
|
|
/** |
61
|
|
|
* @var \League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface |
62
|
|
|
*/ |
63
|
|
|
private $accessTokenRepository; |
64
|
|
|
|
65
|
|
|
/** |
66
|
|
|
* @var \League\OAuth2\Server\Repositories\ScopeRepositoryInterface |
67
|
|
|
*/ |
68
|
|
|
private $scopeRepository; |
69
|
|
|
|
70
|
|
|
/** |
71
|
|
|
* New server instance. |
72
|
|
|
* |
73
|
|
|
* @param \League\OAuth2\Server\Repositories\ClientRepositoryInterface $clientRepository |
74
|
|
|
* @param \League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface $accessTokenRepository |
75
|
|
|
* @param \League\OAuth2\Server\Repositories\ScopeRepositoryInterface $scopeRepository |
76
|
|
|
* @param \League\OAuth2\Server\CryptKey|string $privateKey |
77
|
|
|
* @param \League\OAuth2\Server\CryptKey|string $publicKey |
78
|
|
|
* @param null|\League\OAuth2\Server\ResponseTypes\ResponseTypeInterface $responseType |
79
|
|
|
*/ |
80
|
|
|
public function __construct( |
81
|
|
|
ClientRepositoryInterface $clientRepository, |
82
|
|
|
AccessTokenRepositoryInterface $accessTokenRepository, |
83
|
|
|
ScopeRepositoryInterface $scopeRepository, |
84
|
|
|
$privateKey, |
85
|
|
|
$publicKey, |
86
|
|
|
ResponseTypeInterface $responseType = null |
87
|
|
|
) { |
88
|
|
|
$this->clientRepository = $clientRepository; |
89
|
|
|
$this->accessTokenRepository = $accessTokenRepository; |
90
|
|
|
$this->scopeRepository = $scopeRepository; |
91
|
|
|
|
92
|
|
|
if (!$privateKey instanceof CryptKey) { |
93
|
|
|
$privateKey = new CryptKey($privateKey); |
94
|
|
|
} |
95
|
|
|
$this->privateKey = $privateKey; |
96
|
|
|
|
97
|
|
|
if (!$publicKey instanceof CryptKey) { |
98
|
|
|
$publicKey = new CryptKey($publicKey); |
99
|
|
|
} |
100
|
|
|
$this->publicKey = $publicKey; |
101
|
|
|
|
102
|
|
|
$this->responseType = $responseType; |
103
|
|
|
} |
104
|
|
|
|
105
|
|
|
/** |
106
|
|
|
* Enable a grant type on the server. |
107
|
|
|
* |
108
|
|
|
* @param \League\OAuth2\Server\Grant\GrantTypeInterface $grantType |
109
|
|
|
* @param \DateInterval $accessTokenTTL |
110
|
|
|
*/ |
111
|
|
|
public function enableGrantType(GrantTypeInterface $grantType, DateInterval $accessTokenTTL = null) |
112
|
|
|
{ |
113
|
|
|
if ($accessTokenTTL instanceof DateInterval === false) { |
114
|
|
|
$accessTokenTTL = new \DateInterval('PT1H'); |
115
|
|
|
} |
116
|
|
|
|
117
|
|
|
$grantType->setAccessTokenRepository($this->accessTokenRepository); |
118
|
|
|
$grantType->setClientRepository($this->clientRepository); |
119
|
|
|
$grantType->setScopeRepository($this->scopeRepository); |
120
|
|
|
$grantType->setPrivateKey($this->privateKey); |
121
|
|
|
$grantType->setPublicKey($this->publicKey); |
122
|
|
|
$grantType->setEmitter($this->getEmitter()); |
123
|
|
|
|
124
|
|
|
$this->enabledGrantTypes[$grantType->getIdentifier()] = $grantType; |
125
|
|
|
$this->grantTypeAccessTokenTTL[$grantType->getIdentifier()] = $accessTokenTTL; |
126
|
|
|
} |
127
|
|
|
|
128
|
|
|
/** |
129
|
|
|
* Validate an authorization request |
130
|
|
|
* |
131
|
|
|
* @param \Psr\Http\Message\ServerRequestInterface $request |
132
|
|
|
* |
133
|
|
|
* @throws \League\OAuth2\Server\Exception\OAuthServerException |
134
|
|
|
* |
135
|
|
|
* @return \League\OAuth2\Server\RequestTypes\AuthorizationRequest|null |
136
|
|
|
*/ |
137
|
|
|
public function validateAuthorizationRequest(ServerRequestInterface $request) |
138
|
|
|
{ |
139
|
|
|
$authRequest = null; |
140
|
|
|
$enabledGrantTypes = $this->enabledGrantTypes; |
141
|
|
|
while ($authRequest === null && $grantType = array_shift($enabledGrantTypes)) { |
142
|
|
|
/** @var \League\OAuth2\Server\Grant\GrantTypeInterface $grantType */ |
143
|
|
|
if ($grantType->canRespondToAuthorizationRequest($request)) { |
144
|
|
|
$authRequest = $grantType->validateAuthorizationRequest($request); |
145
|
|
|
|
146
|
|
|
return $authRequest; |
147
|
|
|
} |
148
|
|
|
} |
149
|
|
|
|
150
|
|
|
throw OAuthServerException::unsupportedGrantType(); |
151
|
|
|
} |
152
|
|
|
|
153
|
|
|
/** |
154
|
|
|
* Complete an authorization request |
155
|
|
|
* |
156
|
|
|
* @param \League\OAuth2\Server\RequestTypes\AuthorizationRequest $authRequest |
157
|
|
|
* @param \Psr\Http\Message\ResponseInterface $response |
158
|
|
|
* |
159
|
|
|
* @return \League\OAuth2\Server\ResponseTypes\ResponseTypeInterface |
160
|
|
|
*/ |
161
|
|
|
public function completeAuthorizationRequest(AuthorizationRequest $authRequest, ResponseInterface $response) |
162
|
|
|
{ |
163
|
|
|
return $this->enabledGrantTypes[$authRequest->getGrantTypeId()] |
164
|
|
|
->completeAuthorizationRequest($authRequest) |
165
|
|
|
->generateHttpResponse($response); |
166
|
|
|
} |
167
|
|
|
|
168
|
|
|
/** |
169
|
|
|
* Return an access token response. |
170
|
|
|
* |
171
|
|
|
* @param \Psr\Http\Message\ServerRequestInterface $request |
172
|
|
|
* @param \Psr\Http\Message\ResponseInterface $response |
173
|
|
|
* |
174
|
|
|
* @throws \League\OAuth2\Server\Exception\OAuthServerException |
175
|
|
|
* |
176
|
|
|
* @return \Psr\Http\Message\ResponseInterface |
177
|
|
|
*/ |
178
|
|
|
public function respondToAccessTokenRequest(ServerRequestInterface $request, ResponseInterface $response) |
179
|
|
|
{ |
180
|
|
|
$tokenResponse = null; |
181
|
|
|
while ($tokenResponse === null && $grantType = array_shift($this->enabledGrantTypes)) { |
182
|
|
|
/** @var \League\OAuth2\Server\Grant\GrantTypeInterface $grantType */ |
183
|
|
|
if ($grantType->canRespondToAccessTokenRequest($request)) { |
184
|
|
|
$tokenResponse = $grantType->respondToAccessTokenRequest( |
185
|
|
|
$request, |
186
|
|
|
$this->getResponseType(), |
187
|
|
|
$this->grantTypeAccessTokenTTL[$grantType->getIdentifier()] |
188
|
|
|
); |
189
|
|
|
} |
190
|
|
|
} |
191
|
|
|
|
192
|
|
|
if ($tokenResponse instanceof ResponseTypeInterface) { |
193
|
|
|
return $tokenResponse->generateHttpResponse($response); |
194
|
|
|
} |
195
|
|
|
|
196
|
|
|
throw OAuthServerException::unsupportedGrantType(); |
197
|
|
|
} |
198
|
|
|
|
199
|
|
|
/** |
200
|
|
|
* Get the token type that grants will return in the HTTP response. |
201
|
|
|
* |
202
|
|
|
* @return ResponseTypeInterface |
203
|
|
|
*/ |
204
|
|
|
protected function getResponseType() |
205
|
|
|
{ |
206
|
|
|
if (!$this->responseType instanceof ResponseTypeInterface) { |
207
|
|
|
$this->responseType = new BearerTokenResponse($this->accessTokenRepository); |
|
|
|
|
208
|
|
|
} |
209
|
|
|
|
210
|
|
|
$this->responseType->setPrivateKey($this->privateKey); |
211
|
|
|
|
212
|
|
|
return $this->responseType; |
213
|
|
|
} |
214
|
|
|
} |
215
|
|
|
|
This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue.
If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress.
In this case you can add the
@ignore
PhpDoc annotation to the duplicate definition and it will be ignored.