public function Oauth2AuthorizeController::authorize in Simple OAuth (OAuth2) & OpenID Connect 5.x

Same name and namespace in other branches

1. 8.4 src/Controller/Oauth2AuthorizeController.php \Drupal\simple_oauth\Controller\Oauth2AuthorizeController::authorize()

Authorizes the code generation or prints the confirmation form.

Parameters

\Symfony\Component\HttpFoundation\Request $request: The incoming request.

Return value

mixed The response.

Throws

\Drupal\Component\Plugin\Exception\PluginNotFoundException

1 string reference to 'Oauth2AuthorizeController::authorize'

simple_oauth.routing.yml in ./simple_oauth.routing.yml

simple_oauth.routing.yml

File

src/Controller/Oauth2AuthorizeController.php, line 104

Class

Oauth2AuthorizeController

Oauth2AuthorizeController.

Namespace

Drupal\simple_oauth\Controller

Code

public function authorize(Request $request) {
  $client_uuid = $request
    ->get('client_id');
  $server_request = $this->messageFactory
    ->createRequest($request);
  if (empty($client_uuid)) {
    return OAuthServerException::invalidClient($server_request)
      ->generateHttpResponse(new Response());
  }
  $consumer_storage = $this
    ->entityTypeManager()
    ->getStorage('consumer');
  $client_drupal_entities = $consumer_storage
    ->loadByProperties([
    'uuid' => $client_uuid,
  ]);
  if (empty($client_drupal_entities)) {
    return OAuthServerException::invalidClient($server_request)
      ->generateHttpResponse(new Response());
  }
  $client_drupal_entity = reset($client_drupal_entities);
  $is_third_party = $client_drupal_entity
    ->get('third_party')->value;
  $scopes = [];
  if ($request->query
    ->get('scope')) {
    $scopes = explode(' ', $request->query
      ->get('scope'));
  }
  if ($this
    ->currentUser()
    ->isAnonymous()) {
    $message = $this
      ->t('An external client application is requesting access to your data in this site. Please log in first to authorize the operation.');
    $this
      ->messenger()
      ->addStatus($message);

    // If the user is not logged in.
    $destination = Url::fromRoute('oauth2_token.authorize', [], [
      'query' => UrlHelper::parse('/?' . $request
        ->getQueryString())['query'],
    ]);
    $url = Url::fromRoute('user.login', [], [
      'query' => [
        'destination' => $destination
          ->toString(),
      ],
    ]);

    // Client ID and secret may be passed as Basic Auth. Copy the headers.
    return RedirectResponse::create($url
      ->toString(), 302, $request->headers
      ->all());
  }
  elseif (!$is_third_party || $this
    ->isKnownClient($client_uuid, $scopes)) {

    // Login user may skip the grant step if the client is not third party or
    // known.
    if ($request
      ->get('response_type') == 'code') {
      $grant_type = 'code';
    }
    elseif ($request
      ->get('response_type') == 'token') {
      $grant_type = 'implicit';
    }
    else {
      $grant_type = NULL;
    }
    try {
      $server = $this->grantManager
        ->getAuthorizationServer($grant_type, $client_drupal_entity);
      $ps7_request = $server_request;
      $auth_request = $server
        ->validateAuthorizationRequest($ps7_request);
    } catch (OAuthServerException $exception) {
      $this
        ->messenger()
        ->addError($this
        ->t('Fatal error. Unable to get the authorization server.'));
      watchdog_exception('simple_oauth', $exception);
      return RedirectResponse::create(Url::fromRoute('<front>')
        ->toString());
    }
    if ($auth_request) {
      $can_grant_codes = $this
        ->currentUser()
        ->hasPermission('grant simple_oauth codes');
      return static::redirectToCallback($auth_request, $server, $this->currentUser, $can_grant_codes);
    }
  }
  return $this
    ->formBuilder()
    ->getForm(Oauth2AuthorizeForm::class);
}