Cheetah
Bearer.php
Go to the documentation of this file.
1 <?php
2 
3 namespace OAuth2\TokenType;
4 
5 use OAuth2\RequestInterface;
6 use OAuth2\ResponseInterface;
7 
11 class Bearer implements TokenTypeInterface
12 {
13  private $config;
14 
15  public function __construct(array $config = array())
16  {
17  $this->config = array_merge(array(
18  'token_param_name' => 'access_token',
19  'token_bearer_header_name' => 'Bearer',
20  ), $config);
21  }
22 
23  public function getTokenType()
24  {
25  return 'Bearer';
26  }
27 
33  public function requestHasToken(RequestInterface $request)
34  {
35  $headers = $request->headers('AUTHORIZATION');
36 
37  // check the header, then the querystring, then the request body
38  return !empty($headers) || (bool) ($request->request($this->config['token_param_name'])) || (bool) ($request->query($this->config['token_param_name']));
39  }
40 
63  public function getAccessTokenParameter(RequestInterface $request, ResponseInterface $response)
64  {
65  $headers = $request->headers('AUTHORIZATION');
66 
73  $methodsUsed = !empty($headers) + (bool) ($request->query($this->config['token_param_name'])) + (bool) ($request->request($this->config['token_param_name']));
74  if ($methodsUsed > 1) {
75  $response->setError(400, 'invalid_request', 'Only one method may be used to authenticate at a time (Auth header, GET or POST)');
76 
77  return null;
78  }
79 
86  if ($methodsUsed == 0) {
87  $response->setStatusCode(401);
88 
89  return null;
90  }
91 
92  // HEADER: Get the access token from the header
93  if (!empty($headers)) {
94  if (!preg_match('/' . $this->config['token_bearer_header_name'] . '\s(\S+)/i', $headers, $matches)) {
95  $response->setError(400, 'invalid_request', 'Malformed auth header');
96 
97  return null;
98  }
99 
100  return $matches[1];
101  }
102 
103  if ($request->request($this->config['token_param_name'])) {
104  // // POST: Get the token from POST data
105  if (!in_array(strtolower($request->server('REQUEST_METHOD')), array('post', 'put'))) {
106  $response->setError(400, 'invalid_request', 'When putting the token in the body, the method must be POST or PUT', '#section-2.2');
107 
108  return null;
109  }
110 
111  $contentType = $request->server('CONTENT_TYPE');
112  if (false !== $pos = strpos($contentType, ';')) {
113  $contentType = substr($contentType, 0, $pos);
114  }
115 
116  if ($contentType !== null && $contentType != 'application/x-www-form-urlencoded') {
117  // IETF specifies content-type. NB: Not all webservers populate this _SERVER variable
118  // @see http://tools.ietf.org/html/rfc6750#section-2.2
119  $response->setError(400, 'invalid_request', 'The content type for POST requests must be "application/x-www-form-urlencoded"');
120 
121  return null;
122  }
123 
124  return $request->request($this->config['token_param_name']);
125  }
126 
127  // GET method
128  return $request->query($this->config['token_param_name']);
129  }
130 }
OAuth2\RequestInterface\request
request($name, $default=null)
OAuth2\ResponseInterface\setStatusCode
setStatusCode($statusCode)
OAuth2\RequestInterface\server
server($name, $default=null)
OAuth2\TokenType\Bearer\__construct
__construct(array $config=array())
Definition: Bearer.php:15
use
GNU LESSER GENERAL PUBLIC LICENSE February Free Software Inc Franklin Fifth MA USA Everyone is permitted to copy and distribute verbatim copies of this license but changing it is not allowed[This is the first released version of the Lesser GPL. It also counts as the successor of the GNU Library Public License, version 2, hence the version number 2.1.] Preamble The licenses for most software are designed to take away your freedom to share and change it By the GNU General Public Licenses are intended to guarantee your freedom to share and change free software to make sure the software is free for all its users This the Lesser General Public applies to some specially designated software packages typically libraries of the Free Software Foundation and other authors who decide to use it You can use it but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular based on the explanations below When we speak of free we are referring to freedom of use
Definition: license.txt:27
php
OAuth2\TokenType\Bearer\requestHasToken
requestHasToken(RequestInterface $request)
Definition: Bearer.php:33
OAuth2\TokenType
Definition: Bearer.php:3
OAuth2\ResponseInterface\setError
setError($statusCode, $name, $description=null, $uri=null)
OAuth2\ResponseInterface
Definition: ResponseInterface.php:12
OAuth2\RequestInterface\headers
headers($name, $default=null)
OAuth2\TokenType\Bearer\getAccessTokenParameter
getAccessTokenParameter(RequestInterface $request, ResponseInterface $response)
Definition: Bearer.php:63
OAuth2\RequestInterface
Definition: RequestInterface.php:6
OAuth2\RequestInterface\query
query($name, $default=null)
OAuth2\TokenType\Bearer
Definition: Bearer.php:12
empty
Attr AllowedRel this is empty
Definition: Attr.AllowedRel.txt:7
OAuth2\TokenType\Bearer\getTokenType
getTokenType()
Definition: Bearer.php:23
OAuth2\TokenType\TokenTypeInterface
Definition: TokenTypeInterface.php:9
Generated by doxygen 1.8.20