Cheetah
HttpBasic.php
Go to the documentation of this file.
1 <?php
2 
3 namespace OAuth2\ClientAssertionType;
4 
5 use OAuth2\Storage\ClientCredentialsInterface;
6 use OAuth2\RequestInterface;
7 use OAuth2\ResponseInterface;
8 
14 class HttpBasic implements ClientAssertionTypeInterface
15 {
16  private $clientData;
17 
18  protected $storage;
19  protected $config;
20 
31  public function __construct(ClientCredentialsInterface $storage, array $config = array())
32  {
33  $this->storage = $storage;
34  $this->config = array_merge(array(
35  'allow_credentials_in_request_body' => true,
36  'allow_public_clients' => true,
37  ), $config);
38  }
39 
40  public function validateRequest(RequestInterface $request, ResponseInterface $response)
41  {
42  if (!$clientData = $this->getClientCredentials($request, $response)) {
43  return false;
44  }
45 
46  if (!isset($clientData['client_id'])) {
47  throw new \LogicException('the clientData array must have "client_id" set');
48  }
49 
50  if (!isset($clientData['client_secret']) || $clientData['client_secret'] == '') {
51  if (!$this->config['allow_public_clients']) {
52  $response->setError(400, 'invalid_client', 'client credentials are required');
53 
54  return false;
55  }
56 
57  if (!$this->storage->isPublicClient($clientData['client_id'])) {
58  $response->setError(400, 'invalid_client', 'This client is invalid or must authenticate using a client secret');
59 
60  return false;
61  }
62  } elseif ($this->storage->checkClientCredentials($clientData['client_id'], $clientData['client_secret']) === false) {
63  $response->setError(400, 'invalid_client', 'The client credentials are invalid');
64 
65  return false;
66  }
67 
68  $this->clientData = $clientData;
69 
70  return true;
71  }
72 
73  public function getClientId()
74  {
75  return $this->clientData['client_id'];
76  }
77 
98  public function getClientCredentials(RequestInterface $request, ResponseInterface $response = null)
99  {
100  if (!is_null($request->headers('PHP_AUTH_USER')) && !is_null($request->headers('PHP_AUTH_PW'))) {
101  return array('client_id' => $request->headers('PHP_AUTH_USER'), 'client_secret' => $request->headers('PHP_AUTH_PW'));
102  }
103 
104  if ($this->config['allow_credentials_in_request_body']) {
105  // Using POST for HttpBasic authorization is not recommended, but is supported by specification
106  if (!is_null($request->request('client_id'))) {
112  return array('client_id' => $request->request('client_id'), 'client_secret' => $request->request('client_secret'));
113  }
114  }
115 
116  if ($response) {
117  $message = $this->config['allow_credentials_in_request_body'] ? ' or body' : '';
118  $response->setError(400, 'invalid_client', 'Client credentials were not found in the headers'.$message);
119  }
120 
121  return null;
122  }
123 }
OAuth2\ClientAssertionType\HttpBasic
Definition: HttpBasic.php:15
OAuth2\RequestInterface\request
request($name, $default=null)
OAuth2\ClientAssertionType\HttpBasic\getClientCredentials
getClientCredentials(RequestInterface $request, ResponseInterface $response=null)
Definition: HttpBasic.php:98
use
GNU LESSER GENERAL PUBLIC LICENSE February Free Software Inc Franklin Fifth MA USA Everyone is permitted to copy and distribute verbatim copies of this license but changing it is not allowed[This is the first released version of the Lesser GPL. It also counts as the successor of the GNU Library Public License, version 2, hence the version number 2.1.] Preamble The licenses for most software are designed to take away your freedom to share and change it By the GNU General Public Licenses are intended to guarantee your freedom to share and change free software to make sure the software is free for all its users This the Lesser General Public applies to some specially designated software packages typically libraries of the Free Software Foundation and other authors who decide to use it You can use it but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular based on the explanations below When we speak of free we are referring to freedom of use
Definition: license.txt:27
php
OAuth2\ClientAssertionType\HttpBasic\$config
$config
Definition: HttpBasic.php:19
OAuth2\ClientAssertionType\HttpBasic\__construct
__construct(ClientCredentialsInterface $storage, array $config=array())
Definition: HttpBasic.php:31
OAuth2\ResponseInterface\setError
setError($statusCode, $name, $description=null, $uri=null)
OAuth2\ClientAssertionType\HttpBasic\getClientId
getClientId()
Definition: HttpBasic.php:73
OAuth2\Storage\ClientCredentialsInterface
Definition: ClientCredentialsInterface.php:12
OAuth2\ResponseInterface
Definition: ResponseInterface.php:12
OAuth2\RequestInterface\headers
headers($name, $default=null)
OAuth2\ClientAssertionType\ClientAssertionTypeInterface
Definition: ClientAssertionTypeInterface.php:12
OAuth2\RequestInterface
Definition: RequestInterface.php:6
OAuth2\ClientAssertionType\HttpBasic\$storage
$storage
Definition: HttpBasic.php:18
OAuth2\ClientAssertionType\HttpBasic\validateRequest
validateRequest(RequestInterface $request, ResponseInterface $response)
Definition: HttpBasic.php:40
OAuth2\ClientAssertionType
Definition: ClientAssertionTypeInterface.php:3
Generated by doxygen 1.8.20