You are here

public function Oauth2AuthorizeForm::buildForm in Simple OAuth (OAuth2) & OpenID Connect 5.x

Same name and namespace in other branches
  1. 8.4 src/Controller/Oauth2AuthorizeForm.php \Drupal\simple_oauth\Controller\Oauth2AuthorizeForm::buildForm()

Form constructor.

Parameters

array $form: An associative array containing the structure of the form.

\Drupal\Core\Form\FormStateInterface $form_state: The current state of the form.

Return value

array The form structure.

Throws

\Drupal\Component\Plugin\Exception\InvalidPluginDefinitionException

\Drupal\Component\Plugin\Exception\PluginNotFoundException

\League\OAuth2\Server\Exception\OAuthServerException

Overrides FormInterface::buildForm

File

src/Controller/Oauth2AuthorizeForm.php, line 135

Class

Oauth2AuthorizeForm
Authorize form.

Namespace

Drupal\simple_oauth\Controller

Code

public function buildForm(array $form, FormStateInterface $form_state) {
  $request = $this
    ->getRequest();
  if ($request
    ->get('response_type') == 'code') {
    $grant_type = 'code';
  }
  elseif ($request
    ->get('response_type') == 'token') {
    $grant_type = 'implicit';
  }
  else {
    $grant_type = NULL;
  }
  $client_uuid = $request
    ->get('client_id');
  $consumer_storage = $this->entityTypeManager
    ->getStorage('consumer');
  $client_drupal_entities = $consumer_storage
    ->loadByProperties([
    'uuid' => $client_uuid,
  ]);
  if (empty($client_drupal_entities)) {
    $server_request = $this->messageFactory
      ->createRequest($request);
    throw OAuthServerException::invalidClient($server_request);
  }
  $client_drupal_entity = reset($client_drupal_entities);
  $this->server = $this->grantManager
    ->getAuthorizationServer($grant_type, $client_drupal_entity);

  // Transform the HTTP foundation request object into a PSR-7 object. The
  // OAuth library expects a PSR-7 request.
  $psr7_request = $this->messageFactory
    ->createRequest($request);

  // Validate the HTTP request and return an AuthorizationRequest object.
  // The auth request object can be serialized into a user's session.
  $auth_request = $this->server
    ->validateAuthorizationRequest($psr7_request);

  // Store the auth request temporarily.
  $form_state
    ->set('auth_request', $auth_request);
  $manager = $this->entityTypeManager;
  $form = [
    '#type' => 'container',
  ];
  $cacheablity_metadata = new CacheableMetadata();
  $form['client'] = $manager
    ->getViewBuilder('consumer')
    ->view($client_drupal_entity);
  $form['scopes'] = [
    '#title' => $this
      ->t('Permissions'),
    '#theme' => 'item_list',
    '#items' => [],
  ];
  $client_roles = [];
  foreach ($client_drupal_entity
    ->get('roles') as $role_item) {
    $client_roles[$role_item->target_id] = $role_item->entity;
  }

  /** @var \Drupal\simple_oauth\Entities\ScopeEntityNameInterface $scope */
  foreach ($auth_request
    ->getScopes() as $scope) {
    $cacheablity_metadata
      ->addCacheableDependency($scope);
    $form['scopes']['#items'][] = $scope
      ->getName();
    unset($client_roles[$scope
      ->getIdentifier()]);
  }

  // Add the client roles that were not explicitly requested to the list.
  foreach ($client_roles as $client_role) {
    $cacheablity_metadata
      ->addCacheableDependency($client_role);
    $form['scopes']['#items'][] = $client_role
      ->label();
  }
  $cacheablity_metadata
    ->applyTo($form['scopes']);
  $form['redirect_uri'] = [
    '#type' => 'hidden',
    '#value' => $request
      ->get('redirect_uri') ? $request
      ->get('redirect_uri') : $client_drupal_entity
      ->get('redirect')->value,
  ];
  $form['submit'] = [
    '#type' => 'submit',
    '#value' => $this
      ->t('Grant'),
  ];
  return $form;
}