作者:clickaliciou
项目:dooz
public function validateRequest(RequestInterface $request, ResponseInterface $response)
{
if (!$request->request('code')) {
$response->setError(400, 'invalid_request', 'Missing parameter: "code" is required');
return false;
}
$code = $request->request('code');
if (!($authCode = $this->storage->getAuthorizationCode($code))) {
$response->setError(400, 'invalid_grant', 'Authorization code doesn\'t exist or is invalid for the client');
return false;
}
/*
* 4.1.3 - ensure that the "redirect_uri" parameter is present if the "redirect_uri" parameter was included in the initial authorization request
* @uri - http://tools.ietf.org/html/rfc6749#section-4.1.3
*/
if (isset($authCode['redirect_uri']) && $authCode['redirect_uri']) {
if (!$request->request('redirect_uri') || urldecode($request->request('redirect_uri')) != $authCode['redirect_uri']) {
$response->setError(400, 'redirect_uri_mismatch', "The redirect URI is missing or do not match", "#section-4.1.3");
return false;
}
}
if (!isset($authCode['expires'])) {
throw new Exception('Storage must return authcode with a value for "expires"');
}
if ($authCode["expires"] < time()) {
$response->setError(400, 'invalid_grant', "The authorization code has expired");
return false;
}
if (!isset($authCode['code'])) {
$authCode['code'] = $code;
// used to expire the code after the access token is granted
}
$this->authCode = $authCode;
return true;
}
作者:sarfraznawaz200
项目:sso-example
/**
* Grant or deny a requested access token.
* This would be called from the "/token" endpoint as defined in the spec.
* You can call your endpoint whatever you want.
*
* @param $request - RequestInterface
* Request object to grant access token
*
* @throws InvalidArgumentException
* @throws LogicException
*
* @see http://tools.ietf.org/html/rfc6749#section-4
* @see http://tools.ietf.org/html/rfc6749#section-10.6
* @see http://tools.ietf.org/html/rfc6749#section-4.1.3
*
* @ingroup oauth2_section_4
*/
public function grantAccessToken(RequestInterface $request, ResponseInterface $response)
{
if (strtolower($request->server('REQUEST_METHOD')) != 'post') {
$response->setError(405, 'invalid_request', 'The request method must be POST when requesting an access token', '#section-3.2');
$response->addHttpHeaders(array('Allow' => 'POST'));
return null;
}
/* Determine grant type from request
* and validate the request for that grant type
*/
if (!($grantTypeIdentifier = $request->request('grant_type'))) {
$response->setError(400, 'invalid_request', 'The grant type was not specified in the request');
return null;
}
if (!isset($this->grantTypes[$grantTypeIdentifier])) {
/* TODO: If this is an OAuth2 supported grant type that we have chosen not to implement, throw a 501 Not Implemented instead */
$response->setError(400, 'unsupported_grant_type', sprintf('Grant type "%s" not supported', $grantTypeIdentifier));
return null;
}
$grantType = $this->grantTypes[$grantTypeIdentifier];
if (!$grantType->validateRequest($request, $response)) {
return null;
}
/* Retrieve the client information from the request
* ClientAssertionTypes allow for grant types which also assert the client data
* in which case ClientAssertion is handled in the validateRequest method
*
* @see OAuth2\GrantType\JWTBearer
* @see OAuth2\GrantType\ClientCredentials
*/
if ($grantType instanceof ClientAssertionTypeInterface) {
$clientId = $grantType->getClientId();
} else {
if (!$this->clientAssertionType->validateRequest($request, $response)) {
return null;
}
$clientId = $this->clientAssertionType->getClientId();
// validate the Client ID (if applicable)
if (!is_null($storedClientId = $grantType->getClientId()) && $storedClientId != $clientId) {
$response->setError(400, 'invalid_grant', sprintf('%s doesn\'t exist or is invalid for the client', $grantTypeIdentifier));
return null;
}
}
/*
* Validate the scope of the token
* If the grant type returns a value for the scope,
* this value must be verified with the scope being requested
*/
$availableScope = $grantType->getScope();
if (!($requestedScope = $this->scopeUtil->getScopeFromRequest($request))) {
$requestedScope = $availableScope ? $availableScope : $this->scopeUtil->getDefaultScope();
}
if ($requestedScope && !$this->scopeUtil->scopeExists($requestedScope, $clientId) || $availableScope && !$this->scopeUtil->checkScope($requestedScope, $availableScope)) {
$response->setError(400, 'invalid_scope', 'An unsupported scope was requested');
return null;
}
return $grantType->createAccessToken($this->accessToken, $clientId, $grantType->getUserId(), $requestedScope);
}
作者:Insantan
项目:SourceTree-diov
/**
* This is a convenience function that can be used to get the token, which can then
* be passed to getAccessTokenData(). The constraints specified by the draft are
* attempted to be adheared to in this method.
*
* As per the Bearer spec (draft 8, section 2) - there are three ways for a client
* to specify the bearer token, in order of preference: Authorization Header,
* POST and GET.
*
* NB: Resource servers MUST accept tokens via the Authorization scheme
* (http://tools.ietf.org/html/rfc6750#section-2).
*
* @todo Should we enforce TLS/SSL in this function?
*
* @see http://tools.ietf.org/html/rfc6750#section-2.1
* @see http://tools.ietf.org/html/rfc6750#section-2.2
* @see http://tools.ietf.org/html/rfc6750#section-2.3
*
* Old Android version bug (at least with version 2.2)
* @see http://code.google.com/p/android/issues/detail?id=6684
*
*/
public function getAccessTokenParameter(RequestInterface $request, ResponseInterface $response)
{
$headers = $request->headers('AUTHORIZATION');
// echo ($headers."bearer");
/**
* Ensure more than one method is not used for including an
* access token
*
* @see http://tools.ietf.org/html/rfc6750#section-3.1
*/
$methodsUsed = !empty($headers) + (bool) $request->query($this->config['token_param_name']) + (bool) $request->request($this->config['token_param_name']);
// echo ($methodsUsed);
// echo ("<br>".$this->config['token_param_name']."<br>");
if ($methodsUsed > 1) {
$response->setError(400, 'invalid_request', 'Only one method may be used to authenticate at a time (Auth header, GET or POST)');
return null;
}
/**
* If no authentication is provided, set the status code
* to 401 and return no other error information
*
* @see http://tools.ietf.org/html/rfc6750#section-3.1
*/
if ($methodsUsed == 0) {
$response->setStatusCode(401);
// echo ("no auth");
return null;
}
// HEADER: Get the access token from the header
if (!empty($headers)) {
if (!preg_match('/' . $this->config['token_bearer_header_name'] . '\\s(\\S+)/i', $headers, $matches)) {
$response->setError(400, 'invalid_request', 'Malformed auth header');
return null;
}
return $matches[1];
}
if ($request->request($this->config['token_param_name'])) {
// // POST: Get the token from POST data
if (!in_array(strtolower($request->server('REQUEST_METHOD')), array('post', 'put'))) {
$response->setError(400, 'invalid_request', 'When putting the token in the body, the method must be POST or PUT', '#section-2.2');
return null;
}
$contentType = $request->server('CONTENT_TYPE');
if (false !== ($pos = strpos($contentType, ';'))) {
$contentType = substr($contentType, 0, $pos);
}
if ($contentType !== null && $contentType != 'application/x-www-form-urlencoded') {
// IETF specifies content-type. NB: Not all webservers populate this _SERVER variable
// @see http://tools.ietf.org/html/rfc6750#section-2.2
$response->setError(400, 'invalid_request', 'The content type for POST requests must be "application/x-www-form-urlencoded"');
return null;
}
return $request->request($this->config['token_param_name']);
}
// GET method
return $request->query($this->config['token_param_name']);
}
作者:shaunpersa
项目:api-foundatio
public function validateRequest(RequestInterface $request, ResponseInterface $response)
{
$identifier = $this->getQuerystringIdentifier();
if (!$request->request($identifier)) {
$response->setError(400, 'invalid_request', 'Missing parameters: "' . $identifier . '" required');
return null;
}
$fb_app_id = Config::get('api-foundation::fb_app_id');
$fb_app_secret = Config::get('api-foundation::fb_app_secret');
if (empty($fb_app_id)) {
throw new \LogicException('Facebook APP ID not set.');
}
if (empty($fb_app_secret)) {
throw new \LogicException('Facebook APP SECRET not set.');
}
FacebookSession::setDefaultApplication($fb_app_id, $fb_app_secret);
try {
$session = new FacebookSession($request->request($identifier));
} catch (FacebookRequestException $e) {
$response->setError(401, 'invalid_grant', $e->getMessage());
return null;
} catch (\Exception $e) {
$response->setError(401, 'invalid_grant', $e->getMessage());
return null;
}
if (!empty($session)) {
try {
$user_profile = (new FacebookRequest($session, 'GET', '/me'))->execute()->getGraphObject(GraphUser::className());
$email = $user_profile->getProperty('email');
if (empty($email)) {
$response->setError(400, 'invalid_request', "User's email address not available.");
return null;
} else {
$userInfo = $this->storage->getUserInfoByFacebookId($user_profile->getId());
if (empty($userInfo)) {
$this->storage->createFacebookUser($user_profile);
$userInfo = $this->storage->getUserInfoByFacebookId($user_profile->getId());
}
}
} catch (FacebookRequestException $e) {
$response->setError(401, 'invalid_grant', $e->getMessage());
return null;
}
} else {
$response->setError(401, 'invalid_grant', 'Facebook session could not be set with supplied access token.');
return null;
}
if (empty($userInfo)) {
$response->setError(400, 'invalid_grant', 'Unable to retrieve user information.');
return null;
}
if (!isset($userInfo['user_id'])) {
throw new \LogicException("You must set the user_id on the array.");
}
$this->userInfo = $userInfo;
return true;
}
作者:snehachavan2
项目:timeshee
public function validateRequest(RequestInterface $request, ResponseInterface $response)
{
$query = DB::table('users')->select('id', 'email', 'employee_id', 'joining_date', 'name')->where('email', $request->request("email"));
$data = $query->first();
if ($data) {
$this->userInfo = $data;
$this->userInfo->user_id = $data->id;
return true;
}
return false;
}
作者:shaunpersa
项目:api-foundatio
public function validateRequest(RequestInterface $request, ResponseInterface $response)
{
$identifier = $this->getQuerystringIdentifier();
if (!$request->request($identifier)) {
$response->setError(400, 'invalid_request', 'Missing parameters: "' . $identifier . '" required');
return null;
}
$gplus_server_code = $request->request($identifier);
try {
$this->google_client->authenticate($gplus_server_code);
$token_data = json_decode($this->google_client->getAccessToken());
$gplus_access_token = $token_data->access_token;
$token_service = new Google_Service_Oauth2($this->google_client);
$token_info = $token_service->tokeninfo(array('access_token' => $gplus_access_token));
if ($token_info->getAudience() != \Config::get('api-foundation::gplus_client_id')) {
$response->setError(400, 'invalid_request', "Google+ access token audience does not match.");
return null;
}
$gplus_id = $token_info->getUserId();
$email = $token_info->getEmail();
if (empty($email)) {
$response->setError(400, 'invalid_request', "User's Google+ email addresses are not available.");
return null;
}
if (empty($gplus_id)) {
$response->setError(400, 'invalid_request', "User's Google+ id not available.");
return null;
}
$userInfo = $this->storage->getUserInfoByGPlusId($gplus_id);
if (empty($userInfo)) {
$gplus_user = GPlusUserFromGPlusAccessToken::make($this->google_client, $gplus_access_token);
$this->storage->createGPlusUser($gplus_user, $token_info);
$userInfo = $this->storage->getUserInfoByGPlusId($gplus_id);
}
} catch (\Google_Service_Exception $e) {
$response->setError($e->getCode(), 'invalid_request', "Google Plus server code is invalid.");
return null;
} catch (\Google_Auth_Exception $e) {
$response->setError($e->getCode(), 'invalid_request', "Google Plus server code is invalid.");
return null;
}
if (empty($userInfo)) {
$response->setError(400, 'invalid_grant', 'Unable to retrieve user information.');
return null;
}
if (!isset($userInfo['user_id'])) {
throw new \LogicException("You must set the user_id on the array.");
}
$this->userInfo = $userInfo;
return true;
}
作者:mined-gatec
项目:framewor
/**
* Validate request via session data
*
* This is used for internal requests via ajax
*
* @param object $request Request object
* @param object $response Response object
* @return bool Result of auth
*/
public function validateRequest(RequestInterface $request, ResponseInterface $response)
{
// ensure we have needed params
if (!$request->request("password") || !$request->request("username")) {
$response->setError(400, 'invalid_request', 'Missing parameters: "username" and "password" required');
return null;
}
// check username/password
if (!$this->storage->checkUserCredentials($request->request("username"), $request->request("password"))) {
$response->setError(401, 'invalid_grant', 'Invalid username and password combination');
return null;
}
// get user details by username
$userInfo = $this->storage->getUserDetails($request->request("username"));
// make sure we got an array of user details
if (empty($userInfo)) {
$response->setError(400, 'invalid_grant', 'Unable to retrieve user information');
return null;
}
// if not set, something went wrong
if (!isset($userInfo['user_id'])) {
throw new \LogicException("you must set the user_id on the array returned by getUserDetails");
}
// set our userinfo for later use
$this->userInfo = $userInfo;
// return sucess
return true;
}
作者:bvorono
项目:example
public function validateRequest(RequestInterface $request, ResponseInterface $response)
{
if (!$this->_adapter->checkUserCredentials($request->request('identity'), $request->request('token'))) {
$response->setError(401, 'invalid_grant', 'Invalid identity and token combination');
return null;
}
$userInfo = $this->_adapter->getUserDetails($request->request('identity'));
if (empty($userInfo)) {
$response->setError(400, 'invalid_grant', 'Unable to retrieve user information');
return null;
}
if (!isset($userInfo['user_id'])) {
throw new \LogicException("You must set the user_id on the array returned by getUserDetails");
}
$this->_userInfo = $userInfo;
return true;
}
作者:hoaquynhtim9
项目:nukeviet-oauth
protected function setNotAuthorizedResponse(RequestInterface $request, ResponseInterface $response, $redirect_uri, $user_id = null)
{
$prompt = $request->query('prompt', 'consent');
if ($prompt == 'none') {
if (is_null($user_id)) {
$error = 'login_required';
$error_message = 'The user must log in';
} else {
$error = 'interaction_required';
$error_message = 'The user must grant access to your application';
}
} else {
$error = 'consent_required';
$error_message = 'The user denied access to your application';
}
$response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $this->getState(), $error, $error_message);
}
作者:TroR
项目:oauth2-server-ph
public function validateRequest(RequestInterface $request, ResponseInterface $response)
{
if (!$request->request('client_id')) {
$response->setError(400, 'invalid_request', 'Missing parameter: "client_id" is required');
return false;
}
/*
* Ensure that the client_id existed
*/
$client_id = $request->request('client_id');
if (!($client = $this->storage->getClientDetails($client_id))) {
$response->setError(400, 'invalid_client', 'The client id supplied is invalid');
return false;
}
$this->client = $client;
return true;
}
作者:ants
项目:joran
public function validateRequest(RequestInterface $request, ResponseInterface $response)
{
if (!$request->request("refresh_token")) {
$response->setError(400, 'invalid_request', 'Missing parameter: "refresh_token" is required');
return null;
}
if (!($refreshToken = $this->storage->getRefreshToken($request->request("refresh_token")))) {
$response->setError(400, 'invalid_grant', 'Invalid refresh token');
return null;
}
if ($refreshToken['expires'] > 0 && $refreshToken["expires"] < time()) {
$response->setError(400, 'invalid_grant', 'Refresh token has expired');
return null;
}
// store the refresh token locally so we can delete it when a new refresh token is generated
$this->refreshToken = $refreshToken;
return true;
}
作者:svyck
项目:social-use
public function validateRequest(RequestInterface $request, ResponseInterface $response)
{
$token = $request->request("token");
if (!$token) {
$response->setError(400, 'invalid_request', 'Missing parameter: "token" is required');
return null;
}
$socialUser = $this->getTokenInfo($token);
if (!$socialUser) {
$response->setError(401, 'invalid_grant', 'Invalid or expired token');
return null;
}
$user_id = $this->getLocalUser($socialUser);
if (!$user_id) {
$response->setError(401, 'invalid_grant', 'Unable to identify or create user');
return null;
}
$this->userInfo = ['user_id' => $user_id];
return true;
}
作者:noiki
项目:LINJ
/**
* This is a convenience function that can be used to get the token, which can then
* be passed to getAccessTokenData(). The constraints specified by the draft are
* attempted to be adheared to in this method.
*
* As per the Bearer spec (draft 8, section 2) - there are three ways for a client
* to specify the bearer token, in order of preference: Authorization Header,
* POST and GET.
*
* NB: Resource servers MUST accept tokens via the Authorization scheme
* (http://tools.ietf.org/html/rfc6750#section-2).
*
* @todo Should we enforce TLS/SSL in this function?
*
* @see http://tools.ietf.org/html/rfc6750#section-2.1
* @see http://tools.ietf.org/html/rfc6750#section-2.2
* @see http://tools.ietf.org/html/rfc6750#section-2.3
*
* Old Android version bug (at least with version 2.2)
* @see http://code.google.com/p/android/issues/detail?id=6684
*
*/
public function getAccessTokenParameter(RequestInterface $request, ResponseInterface $response)
{
$headers = $request->headers('AUTHORIZATION');
// Check that exactly one method was used
$methodsUsed = !empty($headers) + !is_null($request->query($this->config['token_param_name'])) + !is_null($request->request($this->config['token_param_name']));
if ($methodsUsed > 1) {
$response->setError(400, 'invalid_request', 'Only one method may be used to authenticate at a time (Auth header, GET or POST)');
return null;
}
if ($methodsUsed == 0) {
$response->setStatusCode(401);
return null;
}
// HEADER: Get the access token from the header
if (!empty($headers)) {
if (!preg_match('/' . $this->config['token_bearer_header_name'] . '\\s(\\S+)/', $headers, $matches)) {
$response->setError(400, 'invalid_request', 'Malformed auth header');
return null;
}
return $matches[1];
}
if ($request->request($this->config['token_param_name'])) {
// POST: Get the token from POST data
if (strtolower($request->server('REQUEST_METHOD')) != 'post') {
$response->setError(400, 'invalid_request', 'When putting the token in the body, the method must be POST');
return null;
}
$contentType = $request->server('CONTENT_TYPE');
if (false !== ($pos = strpos($contentType, ';'))) {
$contentType = substr($contentType, 0, $pos);
}
LogMessage($request->request('upload_image'));
LogMessage($contentType);
if (!$request->files['Filedata']) {
if ($contentType !== null && $contentType != 'application/x-www-form-urlencoded') {
// IETF specifies content-type. NB: Not all webservers populate this _SERVER variable
// @see http://tools.ietf.org/html/rfc6750#section-2.2
$response->setError(400, 'invalid_request', 'The content type for POST requests must be "application/x-www-form-urlencoded"');
return null;
}
}
return $request->request($this->config['token_param_name']);
}
// GET method
return $request->query($this->config['token_param_name']);
}
作者:orhongoo
项目:boar
/**
* Internal function used to get the client credentials from HTTP basic
* auth or POST data.
*
* According to the spec (draft 20), the client_id can be provided in
* the Basic Authorization header (recommended) or via GET/POST.
*
* @return
* A list containing the client identifier and password, for example
* @code
* return array(
* "client_id" => CLIENT_ID, // REQUIRED the client id
* "client_secret" => CLIENT_SECRET, // OPTIONAL the client secret (may be omitted for public clients)
* );
* @endcode
*
* @see http://tools.ietf.org/html/rfc6749#section-2.3.1
*
* @ingroup oauth2_section_2
*/
public function getClientCredentials(RequestInterface $request, ResponseInterface $response = null)
{
if (!is_null($request->headers('PHP_AUTH_USER')) && !is_null($request->headers('PHP_AUTH_PW'))) {
return array('client_id' => $request->headers('PHP_AUTH_USER'), 'client_secret' => $request->headers('PHP_AUTH_PW'));
}
if ($this->config['allow_credentials_in_request_body']) {
// Using POST for HttpBasic authorization is not recommended, but is supported by specification
if (!is_null($request->request('client_id'))) {
/**
* client_secret can be null if the client's password is an empty string
* @see http://tools.ietf.org/html/rfc6749#section-2.3.1
*/
return array('client_id' => $request->request('client_id'), 'client_secret' => $request->request('client_secret'));
}
}
if ($response) {
$message = $this->config['allow_credentials_in_request_body'] ? ' or body' : '';
$response->setError(400, 'invalid_client', 'Client credentials were not found in the headers' . $message);
}
return null;
}
作者:sloub
项目:YellowNote-Serve
public function validateRequest(RequestInterface $request, ResponseInterface $response)
{
if (!$request->request("password") || !$request->request("username") || !$request->request("device_name") || !$request->request("device_uid")) {
$response->setError(400, 'invalid_request', 'Missing parameters: "username" and "password" and "device" required');
return null;
}
if (!$this->storage->checkUserCredentials($request->request("username"), $request->request("password"))) {
$response->setError(401, 'invalid_grant', 'Invalid username and password combination');
return null;
}
$userInfo = $this->storage->getUserDetails($request->request("username"));
if (empty($userInfo)) {
$response->setError(400, 'invalid_grant', 'Unable to retrieve user information');
return null;
}
if (!isset($userInfo['user_id'])) {
throw new \LogicException("you must set the user_id on the array returned by getUserDetails");
}
$this->device_uid = $request->request('device_uid');
$this->device_name = $request->request('device_name');
$this->userInfo = $userInfo;
return true;
}
作者:hounddo
项目:hd-social-oauth
public function validateRequest(RequestInterface $request, ResponseInterface $response)
{
if (!$request->request("user_id") || !$request->request("provider") || !$request->request("provider_id") || !$request->request("provider_access_token")) {
$response->setError(400, 'invalid_request', 'Missing parameters: "username" and "provider" and "provider_id" and "access_token" required');
return null;
}
if (!$this->storage->getUserProviderAccessToken($request->request("provider"), $request->request("provider_id"), $request->request("user_id"))) {
return null;
}
$userInfo = $this->storage->getUser($request->request("user_id"));
if (empty($userInfo)) {
$response->setError(400, 'invalid_grant', 'Unable to retrieve user information');
return null;
}
if (!isset($userInfo['user_id'])) {
throw new \LogicException("you must set the user_id on the array returned by getUserDetails");
}
$this->userInfo = $userInfo;
return true;
}
作者:HarkiratGhotr
项目:applicatio
public function getClientCredentials(RequestInterface $request, ResponseInterface $response = null)
{
if (!is_null($request->headers('PHP_AUTH_USER')) && !is_null($request->headers('PHP_AUTH_PW'))) {
return array('client_id' => $request->headers('PHP_AUTH_USER'), 'client_secret' => $request->headers('PHP_AUTH_PW'));
}
if ($this->config['allow_credentials_in_request_body']) {
// Using POST for HttpBasic authorization is not recommended, but is supported by specification
if (!is_null($request->request('client_id'))) {
return array('client_id' => $request->request('client_id'), 'client_secret' => $request->request('client_secret'));
}
}
if ($response) {
$message = $this->config['allow_credentials_in_request_body'] ? ' or body' : '';
$response->setError(400, 'invalid_client', 'Client credentials were not found in the headers' . $message);
}
return null;
}
作者:TroR
项目:oauth2-server-ph
public function validateRequest(RequestInterface $request, ResponseInterface $response)
{
if (!$request->request('client_id')) {
$response->setError(400, 'invalid_request', 'Missing parameter: "client_id" is required');
return false;
}
if (!$request->request('code')) {
$response->setError(400, 'invalid_request', 'Missing parameter: "code" is required');
return false;
}
/*
* Ensure that the device code exists
*/
$client_id = $request->request('client_id');
$code = $request->request('code');
if (!($deviceCode = $this->storage->getDeviceCode($code, $client_id))) {
$response->setError(400, 'bad_verification_code', 'Bad verification code');
return false;
}
/*
* Verify expiration
*/
if ($deviceCode["expires"] < time()) {
$response->setError(400, 'code_expired', "The authorization code has expired");
return false;
}
/*
* Ensure that the user confirmed this code
*/
if (!$deviceCode['user_id']) {
$response->setError(400, 'authorization_pending', '');
return false;
}
$this->deviceCode = $deviceCode;
return true;
}
作者:HarkiratGhotr
项目:applicatio
public function getAccessTokenParameter(RequestInterface $request, ResponseInterface $response)
{
$headers = $request->headers('AUTHORIZATION');
$methodsUsed = !empty($headers) + (bool) $request->query($this->config['token_param_name']) + (bool) $request->request($this->config['token_param_name']);
if ($methodsUsed > 1) {
$response->setError(400, 'invalid_request', 'Only one method may be used to authenticate at a time (Auth header, GET or POST)');
return null;
}
if ($methodsUsed == 0) {
$response->setStatusCode(401);
return null;
}
// HEADER: Get the access token from the header
if (!empty($headers)) {
if (!preg_match('/' . $this->config['token_bearer_header_name'] . '\\s(\\S+)/i', $headers, $matches)) {
$response->setError(400, 'invalid_request', 'Malformed auth header');
return null;
}
return $matches[1];
}
if ($request->request($this->config['token_param_name'])) {
// // POST: Get the token from POST data
if (!in_array(strtolower($request->server('REQUEST_METHOD')), array('post', 'put'))) {
$response->setError(400, 'invalid_request', 'When putting the token in the body, the method must be POST or PUT', '#section-2.2');
return null;
}
$contentType = $request->server('CONTENT_TYPE');
if (false !== ($pos = strpos($contentType, ';'))) {
$contentType = substr($contentType, 0, $pos);
}
if ($contentType !== null && $contentType != 'application/x-www-form-urlencoded') {
$response->setError(400, 'invalid_request', 'The content type for POST requests must be "application/x-www-form-urlencoded"');
return null;
}
return $request->request($this->config['token_param_name']);
}
return $request->query($this->config['token_param_name']);
}
作者:nkostadino
项目:yii2-oauth2-serve
public function validateRequest(\OAuth2\RequestInterface $request, \OAuth2\ResponseInterface $response)
{
if (!$request->request('authkey') || !$request->request('username')) {
$response->setError(400, 'invalid_request', 'Missing parameters: "authkey" and "username" required');
return null;
}
if (!$this->userStorage->findIdentityByAccessToken($request->request('authkey'))) {
$response->setError(401, 'invalid_grant', 'Invalid user authkey');
return null;
}
$userInfo = $this->userStorage->getUserDetails($request->request('username'));
if (empty($userInfo)) {
$response->setError(400, 'invalid_grant', 'Unable to retrieve user information');
return null;
}
if (!isset($userInfo['user_id'])) {
throw new \LogicException('you must set the user_id on the array returned by getUserDetails');
}
$this->userInfo = $userInfo;
return parent::validateRequest($request, $response);
}