141 lines
4.9 KiB
PHP
141 lines
4.9 KiB
PHP
<?php
|
|
|
|
namespace Pickles\OAuth2;
|
|
|
|
use \League\OAuth2\Exception\OAuthException;
|
|
use \League\OAuth2\Server\AuthorizationServer;
|
|
use \League\OAuth2\Server\Grant\PasswordGrant;
|
|
use \League\OAuth2\Server\Grant\RefreshTokenGrant;
|
|
use \Pickles\App\Models\User;
|
|
use \Pickles\Config;
|
|
|
|
class Resource extends \Pickles\Resource
|
|
{
|
|
public function POST()
|
|
{
|
|
if (!isset($this->config['oauth'][$_SERVER['__version']]))
|
|
{
|
|
throw new \Exception('Forbidden.', 403);
|
|
}
|
|
elseif (!isset($_REQUEST['grant_type']))
|
|
{
|
|
throw new \Exception('Bad Request.', 400);
|
|
}
|
|
|
|
$config = $this->config['oauth'][$_SERVER['__version']];
|
|
|
|
switch (substr($_REQUEST['request'], strlen($_SERVER['__version']) + 2))
|
|
{
|
|
case 'oauth/access_token':
|
|
try
|
|
{
|
|
$server = new AuthorizationServer;
|
|
|
|
$server->setSessionStorage(new SessionStorage);
|
|
$server->setAccessTokenStorage(new AccessTokenStorage);
|
|
$server->setClientStorage(new ClientStorage);
|
|
$server->setScopeStorage(new ScopeStorage);
|
|
$server->setRefreshTokenStorage(new RefreshTokenStorage);
|
|
|
|
$grant_type = $_REQUEST['grant_type'];
|
|
$grants = ['password'];
|
|
|
|
if (isset($config['grants']))
|
|
{
|
|
$grants = array_unique(array_merge($grants, $config['grants']));
|
|
}
|
|
|
|
if (!in_array($grant_type, $grants))
|
|
{
|
|
throw new \Exception('Unsupported grant type.', 403);
|
|
}
|
|
|
|
// Defaults TTLs to 1 day and 1 week respectively
|
|
$token_ttl = 3600;
|
|
$refresh_ttl = 604800;
|
|
|
|
if (isset($config['ttl']['access_token']))
|
|
{
|
|
$token_ttl = $config['ttl']['access_token'];
|
|
}
|
|
|
|
switch ($grant_type)
|
|
{
|
|
case 'authorization_code':
|
|
throw new \Exception('Not Implemented', 501);
|
|
break;
|
|
|
|
case 'client_credentials':
|
|
throw new \Exception('Not Implemented', 501);
|
|
break;
|
|
|
|
case 'implicit':
|
|
throw new \Exception('Not Implemented', 501);
|
|
break;
|
|
|
|
case 'password':
|
|
$grant = new PasswordGrant;
|
|
$grant->setAccessTokenTTL($token_ttl);
|
|
|
|
$grant->setVerifyCredentialsCallback(function ($username, $password)
|
|
{
|
|
$user = new User([
|
|
'conditions' => [
|
|
'email' => $username,
|
|
],
|
|
]);
|
|
|
|
return $user->count()
|
|
&& password_verify($password, $user->record['password']);
|
|
});
|
|
|
|
break;
|
|
|
|
case 'refresh_token':
|
|
throw new \Exception('Not Implemented', 501);
|
|
|
|
// @todo Need to work through this, appears lib is busted
|
|
$grant = new RefreshTokenGrant;
|
|
//$grant->setAccessTokenTTL($refresh_ttl);
|
|
$server->addGrantType($grant);
|
|
break;
|
|
}
|
|
|
|
$server->addGrantType($grant);
|
|
|
|
// Adds the refresh token grant if enabled
|
|
if ($grant_type != 'refresh_token'
|
|
&& in_array('refresh_token', $grants))
|
|
{
|
|
if (isset($config['ttl']['refresh_token']))
|
|
{
|
|
$refresh_ttl = $config['ttl']['refresh_token'];
|
|
}
|
|
|
|
$grant = new RefreshTokenGrant;
|
|
$grant->setAccessTokenTTL($refresh_ttl);
|
|
$server->addGrantType($grant);
|
|
}
|
|
|
|
$response = $server->issueAccessToken();
|
|
|
|
return $response;
|
|
}
|
|
catch (OAuthException $e)
|
|
{
|
|
throw new \Exception($e->getMessage(), $e->httpStatusCode);
|
|
}
|
|
catch (\Exception $e)
|
|
{
|
|
throw new \Exception($e->getMessage(), $e->getCode());
|
|
}
|
|
|
|
break;
|
|
|
|
default:
|
|
throw new \Exception('Not Found.', 404);
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|