PHP Server::verifyResourceRequest方法代碼示例

 public function __construct($bypassPaths = array(), $bypassAuth = false)
 {
     $this->useOAuth2 = API_USE_OAUTH;
     if ($this->useOAuth2) {
         $this->initOAth2();
         // Don't check for authorization when requesting a token or docs
         $temp = explode('/', trim($_SERVER['REQUEST_URI'], '/'));
         $lastPath = str_replace($_SERVER['QUERY_STRING'], '', $temp[count($temp) - 1]);
         $lastPath = str_replace('?', '', $lastPath);
         if ($bypassAuth == false && $lastPath != 'authorize' && $lastPath != 'docs') {
             $continue = true;
             foreach ($bypassPaths as $path) {
                 if ($lastPath == $path) {
                     $continue = false;
                 }
             }
             if ($continue) {
                 // Check for a valid token
                 if (!$this->oauthServer->verifyResourceRequest(\OAuth2\Request::createFromGlobals())) {
                     // Not authorized!
                     $this->oauthServer->getResponse()->send();
                     die;
                 }
             }
         }
     }
 }

 /**
  * Execute this middleware.
  *
  * @param  ServerRequestInterface $request  The PSR7 request.
  * @param  ResponseInterface      $response The PSR7 response.
  * @param  callable               $next     The Next middleware.
  *
  * @return ResponseInterface
  */
 public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)
 {
     $oauth2Request = RequestBridge::toOAuth2($request);
     foreach ($this->scopes as $scope) {
         if ($this->server->verifyResourceRequest($oauth2Request, null, $scope)) {
             $this->container['token'] = $this->server->getResourceController()->getToken();
             return $next($request, $response);
         }
     }
     return ResponseBridge::fromOAuth2($this->server->getResponse());
 }

 /**
  * Helper method to verify a resource request, allowing return early on success cases
  *
  * @param array $scopes Scopes required for authorization
  *
  * @return boolean True if the request is verified, otherwise false
  */
 private function verify(array $scopes = [null])
 {
     foreach ($scopes as $scope) {
         if (is_array($scope)) {
             $scope = implode(' ', $scope);
         }
         if ($this->server->verifyResourceRequest(MessageBridge::newOauth2Request($this->app->request()), null, $scope)) {
             return true;
         }
     }
     return false;
 }

 /**
  * {@inheritDoc}
  */
 public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)
 {
     try {
         $oauth2request = Util::convertRequestFromPsr7($request);
         if (!$this->server->verifyResourceRequest($oauth2request)) {
             return Util::convertResponseToPsr7($this->server->getResponse(), $response);
         }
         $request = $request->withAttribute('access_token', $this->server->getAccessTokenData($oauth2request));
     } catch (\Exception $ex) {
         return new JsonResponse(['error' => $ex->getMessage(), 'error_description' => $ex->getMessage()], 500);
     }
     return $next($request, $response);
 }

 /**
  * @param Route $route
  * @throws \Slim\Exception\Stop
  */
 private function checkAuth(Route $route)
 {
     $request = OAuth2\Request::createFromGlobals();
     $scopeRequired = [];
     if ($route->isSecure()) {
         $scopeRequired = 'admin';
     }
     if (!$this->oauth->verifyResourceRequest($request, NULL, $scopeRequired)) {
         $response = $this->oauth->getResponse();
         $this->app->response()->status($response->getStatusCode());
         $response->send();
         $this->app->stop();
     }
 }

 /**
  * Test resource (/oauth/resource)
  */
 public function resourceAction()
 {
     // Handle a request for an OAuth2.0 Access Token and send the response to the client
     if (!$this->server->verifyResourceRequest($this->getOAuth2Request())) {
         $response = $this->server->getResponse();
         $parameters = $response->getParameters();
         $errorUri = isset($parameters['error_uri']) ? $parameters['error_uri'] : null;
         return new ApiProblemResponse(new ApiProblem($response->getStatusCode(), $parameters['error_description'], $errorUri, $parameters['error']));
     }
     $httpResponse = $this->getResponse();
     $httpResponse->setStatusCode(200);
     $httpResponse->getHeaders()->addHeaders(array('Content-type' => 'application/json'));
     $httpResponse->setContent(json_encode(array('success' => true, 'message' => 'You accessed my APIs!')));
     return $httpResponse;
 }

 protected function authorize()
 {
     $authorized = false;
     if ($this->server->verifyResourceRequest(OAuth2Request::createFromGlobals())) {
         // authorized
         $authorized = true;
     } else {
         $request = $this->getRequest();
         $token = $request->getPost('token', false);
         if ($token) {
             $authorized = $this->isGoogleAuthorized($token);
         }
     }
     return $authorized ? true : false;
 }

 public function verifyResourceRequest(\OAuth2\RequestInterface $request = null, \OAuth2\ResponseInterface $response = null, $scope = null)
 {
     if ($request === null) {
         $request = $this->module->getRequest();
     }
     return parent::verifyResourceRequest($request, $response, $scope);
 }

 /**
  * {@inheritDoc}
  */
 public function authenticate(TokenInterface $token)
 {
     $oauthRequest = OAuthRequest::createFromRequest($token->request);
     // Not authenticated
     if (!$this->server->verifyResourceRequest($oauthRequest)) {
         throw new AuthenticationException('OAuth2 authentication failed');
     }
     $userData = $this->server->getAccessTokenData($oauthRequest);
     $user = $this->userProvider->findById($userData['user_id']);
     $roles = $this->roleFinder->findRoleNamesByUserId($user->getId());
     $user->setRoles($roles);
     $authenticatedToken = new OAuth2UserToken($roles);
     $authenticatedToken->setUser($user);
     $authenticatedToken->setAuthenticated(true);
     $authenticatedToken->setOAuthToken($token->getOAuthToken());
     return $authenticatedToken;
 }

 /**
  * Validates a request and takes a scope value that could result
  * in a user id being put into the request if it's valid.
  *
  * @param HttpFoundation\Request $request
  * @param string $scope
  * @return null|HttpFoundation\Response
  */
 public function validateRequest(HttpFoundation\Request $request, $scope)
 {
     $this->log->addDebug(print_r($request, true), ['namespace' => 'HackTheDinos\\Controllers\\OAuth', 'method' => 'validateRequest', 'type' => 'request', 'scope' => $scope]);
     $bridgeRequest = HttpFoundationBridge\Request::createFromRequest($request);
     if ($this->server->verifyResourceRequest($bridgeRequest, null, $scope)) {
         //Put the userId into the request if we're validating at the user scope
         if ($scope === 'user') {
             $token = $this->server->getAccessTokenData($bridgeRequest);
             $request->request->set('userId', $token['user_id']);
         } else {
             //Set the userId to 0 which should make any
             //searches relying on this being valid to fail.
             $request->request->set('userId', 0);
         }
         return null;
     }
     $this->log->addWarning('Failed to validate request', ['namespace' => 'HackTheDinos\\Controllers\\OAuth', 'method' => 'validateRequest', 'scope' => $scope]);
     return new HttpFoundation\Response('Not Authorized', 401);
 }

 public function testAccessResourceWithJwtAccessTokenUsingSecondaryStorage()
 {
     // add the test parameters in memory
     $server = $this->getTestServer();
     $request = TestRequest::createPost(array('grant_type' => 'client_credentials', 'client_id' => 'Test Client ID', 'client_secret' => 'TestSecret'));
     $server->handleTokenRequest($request, $response = new Response());
     $this->assertNotNull($JwtAccessToken = $response->getParameter('access_token'));
     // make a call to the resource server using the crypto token
     $request = TestRequest::createPost(array('access_token' => $JwtAccessToken));
     // create a resource server with the "memory" storage from the grant server
     $resourceServer = new Server($server->getStorage('client_credentials'));
     $this->assertTrue($resourceServer->verifyResourceRequest($request));
 }

 public function resource($path)
 {
     // Handle a request for an OAuth2.0 Access Token and send the response to the client
     if (!$this->server->verifyResourceRequest(Request::createFromGlobals())) {
         $this->server->getResponse()->send();
         die;
     }
     $token = $this->server->getAccessTokenData(Request::createFromGlobals());
     $return = array();
     if (is_callable($this->resourceHandler)) {
         $return = call_user_func($this->resourceHandler, $path, $token['user_id']);
     }
     echo json_encode($return);
 }

 /**
  * Validates a request and takes a scope value that could result
  * in a user id being put into the request if it's valid. The
  * passThrough flag will allow the request to continue when it
  * would otherwise fail with a 401 response.
  *
  * @param HttpFoundation\Request $request
  * @param string $scope
  * @param bool $passThrough
  * @return null|HttpFoundation\Response
  */
 public function validateRequest(HttpFoundation\Request $request, $scope, $passThrough = false)
 {
     $this->log->addDebug(print_r($request, true), ['namespace' => 'Alerts\\Controllers\\OAuth2', 'method' => 'validateRequest', 'type' => 'request', 'scope' => $scope]);
     $bridgeRequest = HttpFoundationBridge\Request::createFromRequest($request);
     if ($this->server->verifyResourceRequest($bridgeRequest, null, $scope)) {
         //Put the user into the request if we're validating at the user scope
         if ($scope === 'user') {
             $token = $this->server->getAccessTokenData($bridgeRequest);
             $request->request->set('user', $this->usersRepo->getById($token['user_id']));
         } else {
             //Set the user to null which should make any
             //searches relying on this being valid to fail.
             $request->request->set('user', null);
         }
         return null;
         //If the request shouldn't hard fail. This should only have a few specific use cases.
     } elseif ($passThrough) {
         $this->log->addInfo('OAuth Pass Through', ['namespace' => 'Alerts\\Controllers\\OAuth2', 'method' => 'validateRequest', 'type' => 'request', 'scope' => $scope, 'passThrough' => true]);
         return null;
     }
     $this->log->addInfo('Failed to validate request', ['namespace' => 'Alerts\\Controllers\\OAuth2', 'method' => 'validateRequest', 'scope' => $scope]);
     return new HttpFoundation\Response('Not Authorized', 401);
 }

 /**
  * Method executed when the dispatch event is triggered
  *
  * @param MvcEvent $e 
  * @return void
  */
 public static function onDispatch(MvcEvent $e)
 {
     if ($e->getRequest() instanceof \Zend\Console\Request) {
         return;
     }
     if ($e->getRouteMatch()->getMatchedRouteName() == 'login' || $e->getRouteMatch()->getMatchedRouteName() == 'users') {
         return;
     }
     $sm = $e->getApplication()->getServiceManager();
     $usersTable = $sm->get('Users\\Model\\UsersTable');
     $storage = new Pdo($usersTable->adapter->getDriver()->getConnection()->getConnectionParameters());
     $server = new Server($storage);
     if (!$server->verifyResourceRequest(Request::createFromGlobals())) {
         $model = new JsonModel(array('errorCode' => $server->getResponse()->getStatusCode(), 'errorMsg' => $server->getResponse()->getStatusText()));
         $response = $e->getResponse();
         $response->setContent($model->serialize());
         $response->getHeaders()->addHeaderLine('Content-Type', 'application/json');
         $response->setStatusCode($server->getResponse()->getStatusCode());
         return $response;
     }
 }

 /**
  * Attempt to authenticate the current request.
  *
  * @param Request $request
  * @param Response $response
  * @param MvcAuthEvent $mvcAuthEvent
  * @return false|Identity\IdentityInterface False on failure, IdentityInterface
  *     otherwise
  */
 public function authenticate(Request $request, Response $response, MvcAuthEvent $mvcAuthEvent)
 {
     $oauth2request = new OAuth2Request($request->getQuery()->toArray(), $request->getPost()->toArray(), [], $request->getCookie() ? $request->getCookie()->getArrayCopy() : [], $request->getFiles() ? $request->getFiles()->toArray() : [], method_exists($request, 'getServer') ? $request->getServer()->toArray() : $_SERVER, $request->getContent(), $request->getHeaders()->toArray());
     // Failure to validate
     if (!$this->oauth2Server->verifyResourceRequest($oauth2request)) {
         $oauth2Response = $this->oauth2Server->getResponse();
         $status = $oauth2Response->getStatusCode();
         // 401 or 403 mean invalid credentials or unauthorized scopes; report those.
         if (in_array($status, [401, 403], true) && null !== $oauth2Response->getParameter('error')) {
             return $this->mergeOAuth2Response($status, $response, $oauth2Response);
         }
         // Merge in any headers; typically sets a WWW-Authenticate header.
         $this->mergeOAuth2ResponseHeaders($response, $oauth2Response->getHttpHeaders());
         // Otherwise, no credentials were present at all, so we just return a guest identity.
         return new Identity\GuestIdentity();
     }
     $token = $this->oauth2Server->getAccessTokenData($oauth2request);
     $identity = new Identity\AuthenticatedIdentity($token);
     $identity->setName($token['user_id']);
     return $identity;
 }