OAuth2DrupalAuthProvider.php in OAuth2 Server 2.0.x
File
src/Authentication/Provider/OAuth2DrupalAuthProvider.php
View source
<?php
namespace Drupal\oauth2_server\Authentication\Provider;
use Drupal\Component\Datetime\TimeInterface;
use Drupal\Core\Authentication\AuthenticationProviderInterface;
use Drupal\Core\Config\ConfigFactoryInterface;
use Drupal\Core\Entity\EntityTypeManagerInterface;
use Drupal\Core\Logger\LoggerChannelFactoryInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Drupal\oauth2_server\OAuth2StorageInterface;
class OAuth2DrupalAuthProvider implements AuthenticationProviderInterface {
protected $entityTypeManager;
protected $storage;
protected $configFactory;
protected $loggerFactory;
protected $time;
public function __construct(EntityTypeManagerInterface $entity_type_manager, OAuth2StorageInterface $oauth2_storage, ConfigFactoryInterface $config_factory, LoggerChannelFactoryInterface $logger_factory, TimeInterface $time) {
$this->configFactory = $config_factory;
$this->storage = $oauth2_storage;
$this->entityTypeManager = $entity_type_manager;
$this->loggerFactory = $logger_factory;
$this->time = $time;
}
public function applies(Request $request) {
$method = [];
if (stripos(trim($request->headers
->get('authorization')), 'Bearer') !== FALSE) {
$method[] = t('Authorization Request Header Field');
}
if (trim($request->headers
->get('content-type')) == 'application/x-www-form-urlencoded' && empty($request->query
->get('access_token')) && trim($request
->getMethod()) !== 'GET' && stripos(trim($request
->getContent()), 'access_token') !== FALSE) {
$method[] = t('Form-Encoded Body Parameter');
}
if (!empty($request
->get('access_token')) && stripos(trim($request
->getContent()), 'access_token') === FALSE) {
$method[] = t('URI Query Parameter');
}
if (!empty($method) && count($method) == 1) {
return TRUE;
}
return FALSE;
}
public function authenticate(Request $request) {
try {
if (!empty($request->headers
->get('authorization'))) {
$token = $this
->getInfoToken($request->headers
->get('authorization'), 'token');
}
if (!empty($request
->get('access_token'))) {
$token = $request
->get('access_token');
}
if (empty($token)) {
throw new \InvalidArgumentException("The client has not transmitted the token in the request.");
}
$info = $this->storage
->getAccessToken($token);
if (empty($info)) {
throw new \InvalidArgumentException("The token: " . $token . " provided is not registered.");
}
if (empty($info['server'])) {
throw new \Exception("OAuth2 server was not set");
}
$oauth2_server_name = 'oauth2_server.server.' . $info['server'];
$config = $this->configFactory
->get($oauth2_server_name);
if (empty($config)) {
throw new \Exception("The config for '.{$oauth2_server_name}.' server could not be loaded.");
}
$oauth2_server_settings = $config
->get('settings');
if (empty($oauth2_server_settings['advanced_settings']) || empty($oauth2_server_settings['advanced_settings']['access_lifetime'])) {
throw new \Exception("The access_lifetime was not set.");
}
if ($this->time
->getRequestTime() > $info['expires'] + $oauth2_server_settings['advanced_settings']['access_lifetime']) {
throw new \Exception("The token is expired.");
}
return $this->entityTypeManager
->getStorage('user')
->load($info['user_id']);
} catch (\Exception $e) {
$this->loggerFactory
->get('access denied')
->warning($e
->getMessage());
throw new AccessDeniedHttpException($e
->getMessage(), $e);
}
}
public function cleanup(Request $request) {
}
public function handleException(GetResponseForExceptionEvent $event) {
$exception = $event
->getException();
if ($exception instanceof AccessDeniedHttpException) {
$event
->setException(new UnauthorizedHttpException('Invalid consumer origin.', $exception));
return TRUE;
}
return FALSE;
}
protected function getInfoToken($authorization = NULL, $key = NULL) {
if (empty($authorization)) {
return FALSE;
}
@(list($authentication_scheme, $token) = explode(' ', $authorization, 2));
if (empty($token)) {
return FALSE;
}
$infoToken = [
'authentication_scheme' => $authentication_scheme,
'token' => $token,
];
if (!empty($key) && array_key_exists($key, $infoToken)) {
return $infoToken[$key];
}
else {
return $infoToken;
}
}
}