|
<?php |
|
/** |
|
* OAuth 2.0 Password grant. |
|
* |
|
* @author Alex Bilbie <hello@alexbilbie.com> |
|
* @copyright Copyright (c) Alex Bilbie |
|
* @license http://mit-license.org/ |
|
* |
|
* @link https://github.com/thephpleague/oauth2-server |
|
*/ |
|
|
|
namespace League\OAuth2\Server\Grant; |
|
|
|
use League\OAuth2\Server\Entities\ClientEntityInterface; |
|
use League\OAuth2\Server\Entities\UserEntityInterface; |
|
use League\OAuth2\Server\Exception\OAuthServerException; |
|
use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface; |
|
use League\OAuth2\Server\Repositories\UserRepositoryInterface; |
|
use League\OAuth2\Server\RequestEvent; |
|
use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface; |
|
use Psr\Http\Message\ServerRequestInterface; |
|
|
|
/** |
|
* Password grant class. |
|
*/ |
|
class PasswordGrant extends AbstractGrant { |
|
/** |
|
* @param UserRepositoryInterface $userRepository |
|
* @param RefreshTokenRepositoryInterface $refreshTokenRepository |
|
*/ |
|
public function __construct( |
|
UserRepositoryInterface $userRepository, |
|
RefreshTokenRepositoryInterface $refreshTokenRepository |
|
) { |
|
$this->setUserRepository($userRepository); |
|
$this->setRefreshTokenRepository($refreshTokenRepository); |
|
|
|
$this->refreshTokenTTL = new \DateInterval('P1M'); |
|
} |
|
|
|
/** |
|
* {@inheritdoc} |
|
*/ |
|
public function respondToAccessTokenRequest( |
|
ServerRequestInterface $request, |
|
ResponseTypeInterface $responseType, |
|
\DateInterval $accessTokenTTL |
|
) { |
|
// Validate request |
|
$client = $this->validateClient($request); |
|
$scopes = $this->validateScopes($this->getRequestParameter('scope', $request)); |
|
$user = $this->validateUser($request, $client); |
|
|
|
// Finalize the requested scopes |
|
$scopes = $this->scopeRepository->finalizeScopes($scopes, $this->getIdentifier(), $client, $user->getIdentifier()); |
|
|
|
// Issue and persist new tokens |
|
$accessToken = $this->issueAccessToken($accessTokenTTL, $client, $user->getIdentifier(), $scopes); |
|
$refreshToken = $this->issueRefreshToken($accessToken); |
|
|
|
// Inject tokens into response |
|
$responseType->setAccessToken($accessToken); |
|
$responseType->setRefreshToken($refreshToken); |
|
|
|
return $responseType; |
|
} |
|
|
|
/** |
|
* @param ServerRequestInterface $request |
|
* @param ClientEntityInterface $client |
|
* |
|
* @throws OAuthServerException |
|
* |
|
* @return UserEntityInterface |
|
*/ |
|
protected function validateUser(ServerRequestInterface $request, ClientEntityInterface $client) { |
|
$username = $this->getRequestParameter('username', $request); |
|
$provider = $this->getRequestParameter('provider', $request); |
|
if (is_null($username)) { |
|
throw OAuthServerException::invalidRequest('username'); |
|
} |
|
|
|
$password = $this->getRequestParameter('password', $request); |
|
if (is_null($password)) { |
|
throw OAuthServerException::invalidRequest('password'); |
|
} |
|
|
|
// $user = $this->userRepository->getUserEntityByUserCredentials( |
|
$user = $this->userRepository->getEntityByUserCredentials( |
|
$username, |
|
$password, |
|
$this->getIdentifier(), |
|
$client, |
|
$provider |
|
); |
|
if ($user instanceof UserEntityInterface === false) { |
|
$this->getEmitter()->emit(new RequestEvent(RequestEvent::USER_AUTHENTICATION_FAILED, $request)); |
|
|
|
throw OAuthServerException::invalidCredentials(); |
|
} |
|
|
|
return $user; |
|
} |
|
|
|
/** |
|
* {@inheritdoc} |
|
*/ |
|
public function getIdentifier() { |
|
return 'password'; |
|
} |
|
} |