You are here

Home » API reference » Simple OAuth (OAuth2) & OpenID Connect 8.2 » Oauth2AuthorizeForm.php » Oauth2AuthorizeForm

public function Oauth2AuthorizeForm::buildForm in Simple OAuth (OAuth2) & OpenID Connect 8.2

Same name and namespace in other branches
  1. 8.3 simple_oauth_extras/src/Controller/Oauth2AuthorizeForm.php \Drupal\simple_oauth_extras\Controller\Oauth2AuthorizeForm::buildForm()

Form constructor.

Parameters

array $form: An associative array containing the structure of the form.

\Drupal\Core\Form\FormStateInterface $form_state: The current state of the form.

Return value

array The form structure.

Overrides FormInterface::buildForm

File

simple_oauth_extras/src/Controller/Oauth2AuthorizeForm.php, line 95

Class

Oauth2AuthorizeForm

Namespace

Drupal\simple_oauth_extras\Controller

Code

public function buildForm(array $form, FormStateInterface $form_state) {
  if (!$this
    ->currentUser()
    ->isAuthenticated()) {
    $form['redirect_params'] = [
      '#type' => 'hidden',
      '#value' => $this
        ->getRequest()
        ->getQueryString(),
    ];
    $form['description'] = [
      '#type' => 'html_tag',
      '#tag' => 'p',
      '#value' => $this
        ->t('An external client application is requesting access to your data in this site. Please log in first to authorize the operation.'),
    ];
    $form['submit'] = [
      '#type' => 'submit',
      '#value' => $this
        ->t('Login'),
    ];
    return $form;
  }
  $request = $this
    ->getRequest();
  if ($request
    ->get('response_type') == 'code') {
    $grant_type = 'code';
  }
  elseif ($request
    ->get('response_type') == 'token') {
    $grant_type = 'implicit';
  }
  else {
    $grant_type = NULL;
  }
  $this->server = $this->grantManager
    ->getAuthorizationServer($grant_type);

  // Transform the HTTP foundation request object into a PSR-7 object. The
  // OAuth library expects a PSR-7 request.
  $psr7_request = $this->messageFactory
    ->createRequest($request);

  // Validate the HTTP request and return an AuthorizationRequest object.
  // The auth request object can be serialized into a user's session.
  $auth_request = $this->server
    ->validateAuthorizationRequest($psr7_request);

  // Store the auth request temporarily.
  $form_state
    ->set('auth_request', $auth_request);
  $manager = $this->entityTypeManager;
  $form = [
    '#type' => 'container',
  ];
  $client_uuid = $request
    ->get('client_id');
  $client_drupal_entities = $manager
    ->getStorage('oauth2_client')
    ->loadByProperties([
    'uuid' => $client_uuid,
  ]);
  if (empty($client_drupal_entities)) {
    throw OAuthServerException::invalidClient();
  }
  $client_drupal_entity = reset($client_drupal_entities);

  // Gather all the role ids.
  $scope_ids = array_merge(explode(' ', $request
    ->get('scope')), array_map(function ($item) {
    return $item['target_id'];
  }, $client_drupal_entity
    ->get('roles')
    ->getValue()));
  $user_roles = $manager
    ->getStorage('user_role')
    ->loadMultiple($scope_ids);
  $form['client'] = $manager
    ->getViewBuilder('oauth2_client')
    ->view($client_drupal_entity);
  $client_drupal_entity
    ->addCacheableDependency($form['client']);
  $form['scopes'] = [
    '#title' => $this
      ->t('Permissions'),
    '#theme' => 'item_list',
    '#items' => [],
  ];
  foreach ($user_roles as $user_role) {
    $user_role
      ->addCacheableDependency($form['scopes']);
    $form['scopes']['#items'][] = $user_role
      ->label();
  }
  $form['redirect_uri'] = [
    '#type' => 'hidden',
    '#value' => $request
      ->get('redirect_uri') ? $request
      ->get('redirect_uri') : $client_drupal_entity
      ->get('redirect')->value,
  ];
  $form['submit'] = [
    '#type' => 'submit',
    '#value' => $this
      ->t('Grant'),
  ];
  return $form;
}