Created
October 25, 2019 11:29
-
-
Save acacha/29c1030c6f9359e8afb005a2af381c95 to your computer and use it in GitHub Desktop.
LoginProxy Laravel Passport from https://esbenp.github.io/2017/03/19/modern-rest-api-laravel-part-4/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
namespace Infrastructure\Auth; | |
use Illuminate\Foundation\Application; | |
use Infrastructure\Auth\Exceptions\InvalidCredentialsException; | |
use Api\Users\Repositories\UserRepository; | |
class LoginProxy | |
{ | |
const REFRESH_TOKEN = 'refreshToken'; | |
private $apiConsumer; | |
private $auth; | |
private $cookie; | |
private $db; | |
private $request; | |
private $userRepository; | |
public function __construct(Application $app, UserRepository $userRepository) { | |
$this->userRepository = $userRepository; | |
$this->apiConsumer = $app->make('apiconsumer'); | |
$this->auth = $app->make('auth'); | |
$this->cookie = $app->make('cookie'); | |
$this->db = $app->make('db'); | |
$this->request = $app->make('request'); | |
} | |
/** | |
* Attempt to create an access token using user credentials | |
* | |
* @param string $email | |
* @param string $password | |
*/ | |
public function attemptLogin($email, $password) | |
{ | |
$user = $this->userRepository->getWhere('email', $email)->first(); | |
if (!is_null($user)) { | |
return $this->proxy('password', [ | |
'username' => $email, | |
'password' => $password | |
]); | |
} | |
throw new InvalidCredentialsException(); | |
} | |
/** | |
* Attempt to refresh the access token used a refresh token that | |
* has been saved in a cookie | |
*/ | |
public function attemptRefresh() | |
{ | |
$refreshToken = $this->request->cookie(self::REFRESH_TOKEN); | |
return $this->proxy('refresh_token', [ | |
'refresh_token' => $refreshToken | |
]); | |
} | |
/** | |
* Proxy a request to the OAuth server. | |
* | |
* @param string $grantType what type of grant type should be proxied | |
* @param array $data the data to send to the server | |
*/ | |
public function proxy($grantType, array $data = []) | |
{ | |
$data = array_merge($data, [ | |
'client_id' => env('PASSWORD_CLIENT_ID'), | |
'client_secret' => env('PASSWORD_CLIENT_SECRET'), | |
'grant_type' => $grantType | |
]); | |
$response = $this->apiConsumer->post('/oauth/token', $data); | |
if (!$response->isSuccessful()) { | |
throw new InvalidCredentialsException(); | |
} | |
$data = json_decode($response->getContent()); | |
// Create a refresh token cookie | |
$this->cookie->queue( | |
self::REFRESH_TOKEN, | |
$data->refresh_token, | |
864000, // 10 days | |
null, | |
null, | |
false, | |
true // HttpOnly | |
); | |
return [ | |
'access_token' => $data->access_token, | |
'expires_in' => $data->expires_in | |
]; | |
} | |
/** | |
* Logs out the user. We revoke access token and refresh token. | |
* Also instruct the client to forget the refresh cookie. | |
*/ | |
public function logout() | |
{ | |
$accessToken = $this->auth->user()->token(); | |
$refreshToken = $this->db | |
->table('oauth_refresh_tokens') | |
->where('access_token_id', $accessToken->id) | |
->update([ | |
'revoked' => true | |
]); | |
$accessToken->revoke(); | |
$this->cookie->queue($this->cookie->forget(self::REFRESH_TOKEN)); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment