Cheetah
ResourceController.php
Go to the documentation of this file.
1 <?php
2 
3 namespace OAuth2\Controller;
4 
5 use OAuth2\TokenType\TokenTypeInterface;
6 use OAuth2\Storage\AccessTokenInterface;
7 use OAuth2\ScopeInterface;
8 use OAuth2\RequestInterface;
9 use OAuth2\ResponseInterface;
10 use OAuth2\Scope;
11 
15 class ResourceController implements ResourceControllerInterface
16 {
17  private $token;
18 
19  protected $tokenType;
20  protected $tokenStorage;
21  protected $config;
22  protected $scopeUtil;
23 
24  public function __construct(TokenTypeInterface $tokenType, AccessTokenInterface $tokenStorage, $config = array(), ScopeInterface $scopeUtil = null)
25  {
26  $this->tokenType = $tokenType;
27  $this->tokenStorage = $tokenStorage;
28 
29  $this->config = array_merge(array(
30  'www_realm' => 'Service',
31  ), $config);
32 
33  if (is_null($scopeUtil)) {
34  $scopeUtil = new Scope();
35  }
36  $this->scopeUtil = $scopeUtil;
37  }
38 
39  public function verifyResourceRequest(RequestInterface $request, ResponseInterface $response, $scope = null)
40  {
41  $token = $this->getAccessTokenData($request, $response);
42 
43  // Check if we have token data
44  if (is_null($token)) {
45  return false;
46  }
47 
53  if ($scope && (!isset($token["scope"]) || !$token["scope"] || !$this->scopeUtil->checkScope($scope, $token["scope"]))) {
54  $response->setError(403, 'insufficient_scope', 'The request requires higher privileges than provided by the access token');
55  $response->addHttpHeaders(array(
56  'WWW-Authenticate' => sprintf('%s realm="%s", scope="%s", error="%s", error_description="%s"',
57  $this->tokenType->getTokenType(),
58  $this->config['www_realm'],
59  $scope,
60  $response->getParameter('error'),
61  $response->getParameter('error_description')
62  )
63  ));
64 
65  return false;
66  }
67 
68  // allow retrieval of the token
69  $this->token = $token;
70 
71  return (bool) $token;
72  }
73 
74  public function getAccessTokenData(RequestInterface $request, ResponseInterface $response)
75  {
76  // Get the token parameter
77  if ($token_param = $this->tokenType->getAccessTokenParameter($request, $response)) {
78  // Get the stored token data (from the implementing subclass)
79  // Check we have a well formed token
80  // Check token expiration (expires is a mandatory paramter)
81  if (!$token = $this->tokenStorage->getAccessToken($token_param)) {
82  $response->setError(401, 'invalid_token', 'The access token provided is invalid');
83  } elseif (!isset($token["expires"]) || !isset($token["client_id"])) {
84  $response->setError(401, 'malformed_token', 'Malformed token (missing "expires")');
85  } elseif (time() > $token["expires"]) {
86  $response->setError(401, 'expired_token', 'The access token provided has expired');
87  } else {
88  return $token;
89  }
90  }
91 
92  $authHeader = sprintf('%s realm="%s"', $this->tokenType->getTokenType(), $this->config['www_realm']);
93 
94  if ($error = $response->getParameter('error')) {
95  $authHeader = sprintf('%s, error="%s"', $authHeader, $error);
96  if ($error_description = $response->getParameter('error_description')) {
97  $authHeader = sprintf('%s, error_description="%s"', $authHeader, $error_description);
98  }
99  }
100 
101  $response->addHttpHeaders(array('WWW-Authenticate' => $authHeader));
102 
103  return null;
104  }
105 
106  // convenience method to allow retrieval of the token
107  public function getToken()
108  {
109  return $this->token;
110  }
111 }
OAuth2\Controller\ResourceController\$scopeUtil
$scopeUtil
Definition: ResourceController.php:22
OAuth2\ResponseInterface\addHttpHeaders
addHttpHeaders(array $httpHeaders)
OAuth2\ScopeInterface
Definition: ScopeInterface.php:13
use
GNU LESSER GENERAL PUBLIC LICENSE February Free Software Inc Franklin Fifth MA USA Everyone is permitted to copy and distribute verbatim copies of this license but changing it is not allowed[This is the first released version of the Lesser GPL. It also counts as the successor of the GNU Library Public License, version 2, hence the version number 2.1.] Preamble The licenses for most software are designed to take away your freedom to share and change it By the GNU General Public Licenses are intended to guarantee your freedom to share and change free software to make sure the software is free for all its users This the Lesser General Public applies to some specially designated software packages typically libraries of the Free Software Foundation and other authors who decide to use it You can use it but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular based on the explanations below When we speak of free we are referring to freedom of use
Definition: license.txt:27
OAuth2\Scope
Definition: Scope.php:12
php
OAuth2\Controller\ResourceControllerInterface
Definition: ResourceControllerInterface.php:22
OAuth2\Controller\ResourceController\$tokenStorage
$tokenStorage
Definition: ResourceController.php:20
OAuth2\ResponseType\AccessTokenInterface
Definition: AccessTokenInterface.php:10
OAuth2\Controller\ResourceController\verifyResourceRequest
verifyResourceRequest(RequestInterface $request, ResponseInterface $response, $scope=null)
Definition: ResourceController.php:39
OAuth2\ResponseInterface\setError
setError($statusCode, $name, $description=null, $uri=null)
OAuth2\Controller\ResourceController\$tokenType
$tokenType
Definition: ResourceController.php:19
OAuth2\Controller\ResourceController\getToken
getToken()
Definition: ResourceController.php:107
OAuth2\Controller
Definition: AuthorizeController.php:3
OAuth2\Controller\ResourceController\__construct
__construct(TokenTypeInterface $tokenType, AccessTokenInterface $tokenStorage, $config=array(), ScopeInterface $scopeUtil=null)
Definition: ResourceController.php:24
OAuth2\Controller\ResourceController\getAccessTokenData
getAccessTokenData(RequestInterface $request, ResponseInterface $response)
Definition: ResourceController.php:74
time
that in the case of a Adaptation or at a minimum such credit will if a credit for all contributing authors of the Adaptation or Collection then as part of these credits and in a manner at least as prominent as the credits for the other contributing authors For the avoidance of You may only use the credit required by this Section for the purpose of attribution in the manner set out above by exercising Your rights under this You may not implicitly or explicitly assert or imply any connection sponsorship or endorsement by the Original Licensor and or Attribution as of You or Your use of the without the express prior written permission of the Original Licensor and or Attribution Parties Except as otherwise agreed in writing by the Licensor or as may be otherwise permitted by applicable if You Distribute or Publicly Perform the Work either by itself or as part of any Adaptations or You must not modify or take other derogatory action in relation to the Work which would be prejudicial to the Original Author s honor or reputation Licensor agrees that in those in which any exercise of the right granted in modification or other derogatory action prejudicial to the Original Author s honor and the Licensor will waive or not as this to the fullest extent permitted by the applicable national to enable You to reasonably exercise Your right under Warranties and Disclaimer UNLESS OTHERWISE MUTUALLY AGREED TO BY THE PARTIES IN LICENSOR OFFERS THE WORK AS IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND CONCERNING THE STATUTORY OR WITHOUT WARRANTIES OF FITNESS FOR A PARTICULAR OR THE ABSENCE OF LATENT OR OTHER OR THE PRESENCE OF ABSENCE OF WHETHER OR NOT DISCOVERABLE SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED SO SUCH EXCLUSION MAY NOT APPLY TO YOU Limitation on Liability EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR ANY PUNITIVE OR EXEMPLARY DAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE EVEN IF LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES Termination This License and the rights granted hereunder will terminate automatically upon any breach by You of the terms of this License Individuals or entities who have received Adaptations or Collections from You under this will not have their licenses terminated provided such individuals or entities remain in full compliance with those licenses and will survive any termination of this License Subject to the above terms and the license granted here is Licensor reserves the right to release the Work under different license terms or to stop distributing the Work at any time
Definition: license.txt:56
OAuth2\ResponseInterface
Definition: ResponseInterface.php:12
OAuth2\Controller\ResourceController\$config
$config
Definition: ResourceController.php:21
OAuth2\RequestInterface
Definition: RequestInterface.php:6
OAuth2\ResponseInterface\getParameter
getParameter($name)
OAuth2\Controller\ResourceController
Definition: ResourceController.php:16
OAuth2\Storage\AccessTokenInterface
Definition: AccessTokenInterface.php:12
OAuth2\TokenType\TokenTypeInterface
Definition: TokenTypeInterface.php:9
Generated by doxygen 1.8.20