PHP Server::handleAuthorizeRequest方法代码示例

 /**
  * Authorize action (/oauth/authorize)
  */
 public function authorizeAction()
 {
     $server = $this->getOAuth2Server($this->params('oauth'));
     $request = $this->getOAuth2Request();
     $response = new OAuth2Response();
     // validate the authorize request
     $isValid = $this->server->validateAuthorizeRequest($request, $response);
     if (!$isValid) {
         return $this->getErrorResponse($response);
     }
     $authorized = $request->request('authorized', false);
     if (empty($authorized)) {
         $clientId = $request->query('client_id', false);
         $view = new ViewModel(['clientId' => $clientId]);
         $view->setTemplate('oauth/authorize');
         return $view;
     }
     $isAuthorized = $authorized === 'yes';
     $userIdProvider = $this->userIdProvider;
     $this->server->handleAuthorizeRequest($request, $response, $isAuthorized, $userIdProvider($this->getRequest()));
     $redirect = $response->getHttpHeader('Location');
     if (!empty($redirect)) {
         return $this->redirect()->toUrl($redirect);
     }
     return $this->getErrorResponse($response);
 }

 protected function authorize(OAuth2Request $request)
 {
     $response = new OAuth2Response();
     $authService = $this->getAuthenticationService();
     // validate the authorize request
     if (!$this->server->validateAuthorizeRequest($request, $response)) {
         return $this->handleResponse($response);
     }
     if (!$authService->hasIdentity()) {
         return $this->handleNoIdentity();
     }
     $identityId = $authService->getIdentity();
     //TODO request authorization from an user
     /**
             $authorized = $request->request('authorized', false);
             if (empty($authorized)) {
             $clientId = $request->query('client_id', false);
             $view = new ViewModel(array('clientId' => $clientId));
             $view->setTemplate('oauth/authorize');
             return $view;
             }
             $is_authorized = ($authorized === 'yes');
     */
     $is_authorized = true;
     $this->server->handleAuthorizeRequest($request, $response, $is_authorized, $identityId);
     return $this->handleResponse($response);
 }

 public function authorize()
 {
     $this->getUserProvider()->verifyUser();
     $request = Request::createFromGlobals();
     $response = new Response();
     // validate the authorize request
     if (!$this->server->validateAuthorizeRequest($request, $response)) {
         $response->send();
         die;
     }
     $client_id = $request->query("client_id");
     $client = $this->storage->getClientDetails($client_id);
     $user_id = $this->getUserProvider()->getUserId();
     $is_authorized = $this->authorized($client_id, $user_id);
     // display an authorization form
     if (empty($_POST) && !$is_authorized) {
         $html = Tpl::authorize($client);
         exit($html);
     }
     // print the authorization code if the user has authorized your client
     $this->server->handleAuthorizeRequest($request, $response, $is_authorized, $user_id);
     if ($is_authorized) {
         // this is only here so that you get to see your code in the cURL request. Otherwise, we'd redirect back to the client
         $code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=') + 5, 40);
         $response->send();
         //exit("SUCCESS! Authorization Code: $code");
     }
     $response->send();
 }

 /**
  * Authorize action (/oauth/authorize)
  */
 public function authorizeAction()
 {
     $request = $this->getOAuth2Request();
     $response = new OAuth2Response();
     // validate the authorize request
     if (!$this->server->validateAuthorizeRequest($request, $response)) {
         $parameters = $response->getParameters();
         $errorUri = isset($parameters['error_uri']) ? $parameters['error_uri'] : null;
         return new ApiProblemResponse(new ApiProblem($response->getStatusCode(), $parameters['error_description'], $errorUri, $parameters['error']));
     }
     $authorized = $request->request('authorized', false);
     if (empty($authorized)) {
         $clientId = $request->query('client_id', false);
         $view = new ViewModel(array('clientId' => $clientId));
         $view->setTemplate('oauth/authorize');
         return $view;
     }
     $is_authorized = $authorized === 'yes';
     $this->server->handleAuthorizeRequest($request, $response, $is_authorized, $this->getRequest()->getQuery('user_id', null));
     if ($is_authorized) {
         $redirect = $response->getHttpHeader('Location');
         if (!empty($redirect)) {
             return $this->redirect()->toUrl($redirect);
         }
     }
     $parameters = $response->getParameters();
     $errorUri = isset($parameters['error_uri']) ? $parameters['error_uri'] : null;
     return new ApiProblemResponse(new ApiProblem($response->getStatusCode(), $parameters['error_description'], $errorUri, $parameters['error']));
 }

 /**
  * Invoke this route callback.
  *
  * @param ServerRequestInterface $request   Represents the current HTTP request.
  * @param ResponseInterface      $response  Represents the current HTTP response.
  * @param array                  $arguments Values for the current route’s named placeholders.
  *
  * @return ResponseInterface
  */
 public function __invoke(ServerRequestInterface $request, ResponseInterface $response, array $arguments = [])
 {
     $oauth2Request = Http\RequestBridge::toOAuth2($request);
     $oauth2Response = new OAuth2\Response();
     if (!$this->server->validateAuthorizeRequest($oauth2Request, $oauth2Response)) {
         return Http\ResponseBridge::fromOAuth2($oauth2Response);
     }
     $authorized = $oauth2Request->request('authorized');
     if (empty($authorized)) {
         $response = Http\ResponseBridge::fromOAuth2($oauth2Response);
         $this->view->render($response, $this->template, ['client_id' => $oauth2Request->query('client_id')]);
         return $response->withHeader('Content-Type', 'text/html');
     }
     $this->server->handleAuthorizeRequest($oauth2Request, $oauth2Response, $authorized === 'yes');
     return Http\ResponseBridge::fromOAuth2($oauth2Response);
 }

 /**
  * Call this class as a function.
  *
  * @return void
  */
 public function __invoke()
 {
     $request = MessageBridge::newOAuth2Request($this->slim->request());
     $response = new OAuth2\Response();
     $isValid = $this->server->validateAuthorizeRequest($request, $response);
     if (!$isValid) {
         MessageBridge::mapResponse($response, $this->slim->response());
         return;
     }
     $authorized = $this->slim->request()->params('authorized');
     if (empty($authorized)) {
         $this->slim->render($this->template, ['client_id' => $request->query('client_id', false)]);
         return;
     }
     //@TODO implement user_id
     $this->server->handleAuthorizeRequest($request, $response, $authorized === 'yes');
     MessageBridge::mapResponse($response, $this->slim->response());
 }

 public function handleAuthorizeRequest(\OAuth2\RequestInterface $request = null, \OAuth2\ResponseInterface $response = null, $isAuthorized = false, $userId = null)
 {
     if ($request === null) {
         $request = $this->module->getRequest();
     }
     if ($response === null) {
         $response = $this->module->getResponse();
     }
     return parent::handleAuthorizeRequest($request, $response, $isAuthorized, $userId);
 }

 public function handleAuthorizeRequest(HttpRequest $httpRequest, HttpResponse $httpResponse, $isAuthorized, $userId)
 {
     $format = $this->determineFormat($httpRequest);
     $oauthRequest = $this->buildRequest($httpRequest);
     $oauthResponse = new OAuthResponse();
     $isValid = $this->server->validateAuthorizeRequest($oauthRequest, $oauthResponse);
     if (!$isValid) {
         return $this->buildResponse($format, $httpResponse, $oauthResponse);
     }
     $oauthResponse = $this->server->handleAuthorizeRequest($oauthRequest, $oauthResponse, $isAuthorized, $userId);
     return $this->buildResponse($format, $httpResponse, $oauthResponse);
 }

 /**
  * Handle submission from login form (Part 2 of the "Authorization Code" grant type)
  *
  * @link http://tools.ietf.org/html/rfc6749#section-4.1.1 Authorization Request
  * @param  Request $request
  * @return Response
  */
 public function authorizeFormSubmit(Request $request)
 {
     $user = $this->getUserFromRequest($request);
     if (!$user) {
         return $this->createInvalidCredentialResponse();
     }
     $attemptedPassword = $request->get('password');
     $hashedPassword = $user->getPassword();
     $correctPassword = $this->verifyPassword($attemptedPassword, $hashedPassword);
     if (!$correctPassword) {
         return $this->createInvalidCredentialResponse();
     }
     // Automatically authorize the user
     $authorized = true;
     // The OAuth2 library assumes variables as GET params, but for security purposes they are POST. Convert here.
     $requestData = $request->getMethod() === 'GET' ? $request->query : $request->request;
     $oauthRequest = new OAuthRequest($requestData->all());
     $oauthResponse = new BridgeResponse();
     $response = $this->server->handleAuthorizeRequest($oauthRequest, $oauthResponse, $authorized, $user->getId());
     return $response;
 }

 public function testAddingResponseType()
 {
     $storage = $this->getMock('OAuth2\\Storage\\Memory');
     $storage->expects($this->any())->method('getClientDetails')->will($this->returnValue(array('client_id' => 'some_client')));
     $storage->expects($this->any())->method('checkRestrictedGrantType')->will($this->returnValue(true));
     // add with the "code" key explicitly set
     $codeType = new AuthorizationCode($storage);
     $server = new Server();
     $server->addStorage($storage);
     $server->addResponseType($codeType);
     $request = new Request(array('response_type' => 'code', 'client_id' => 'some_client', 'redirect_uri' => 'http://example.com', 'state' => 'xyx'));
     $server->handleAuthorizeRequest($request, $response = new Response(), true);
     // the response is successful
     $this->assertEquals($response->getStatusCode(), 302);
     $parts = parse_url($response->getHttpHeader('Location'));
     parse_str($parts['query'], $query);
     $this->assertTrue(isset($query['code']));
     $this->assertFalse(isset($query['error']));
     // add with the "code" key not set
     $codeType = new AuthorizationCode($storage);
     $server = new Server(array($storage), array(), array(), array($codeType));
     $request = new Request(array('response_type' => 'code', 'client_id' => 'some_client', 'redirect_uri' => 'http://example.com', 'state' => 'xyx'));
     $server->handleAuthorizeRequest($request, $response = new Response(), true);
     // the response is successful
     $this->assertEquals($response->getStatusCode(), 302);
     $parts = parse_url($response->getHttpHeader('Location'));
     parse_str($parts['query'], $query);
     $this->assertTrue(isset($query['code']));
     $this->assertFalse(isset($query['error']));
 }

 /**
  * Stage 2: User response is captured here
  *
  * Success or failure is communicated back to the Client using the redirect
  * url provided by the client
  *
  * On success authorization code is sent along
  *
  *
  * @param bool $authorize
  *
  * @return \OAuth2\Response
  *
  * @format JsonFormat,UploadFormat
  */
 public function postAuthorize($authorize = false)
 {
     static::$server->handleAuthorizeRequest(static::$request, new Response(), (bool) $authorize)->send();
     exit;
 }