You are here

class DisallowSimpleOauthRequests in Simple OAuth (OAuth2) & OpenID Connect 8.4

Same name and namespace in other branches
  1. 8 src/PageCache/DisallowSimpleOauthRequests.php \Drupal\simple_oauth\PageCache\DisallowSimpleOauthRequests
  2. 8.2 src/PageCache/DisallowSimpleOauthRequests.php \Drupal\simple_oauth\PageCache\DisallowSimpleOauthRequests
  3. 8.3 src/PageCache/DisallowSimpleOauthRequests.php \Drupal\simple_oauth\PageCache\DisallowSimpleOauthRequests
  4. 5.x src/PageCache/DisallowSimpleOauthRequests.php \Drupal\simple_oauth\PageCache\DisallowSimpleOauthRequests

Do not serve a page from cache if OAuth2 authentication is applicable.

@internal

Hierarchy

Expanded class hierarchy of DisallowSimpleOauthRequests

1 file declares its use of DisallowSimpleOauthRequests
SimpleOauthAuthenticationTest.php in tests/src/Unit/Authentication/Provider/SimpleOauthAuthenticationTest.php
1 string reference to 'DisallowSimpleOauthRequests'
simple_oauth.services.yml in ./simple_oauth.services.yml
simple_oauth.services.yml
1 service uses DisallowSimpleOauthRequests
simple_oauth.page_cache_request_policy.disallow_oauth2_token_requests in ./simple_oauth.services.yml
Drupal\simple_oauth\PageCache\DisallowSimpleOauthRequests

File

src/PageCache/DisallowSimpleOauthRequests.php, line 12

Namespace

Drupal\simple_oauth\PageCache
View source
class DisallowSimpleOauthRequests implements SimpleOauthRequestPolicyInterface {

  /**
   * {@inheritdoc}
   */
  public function isOauth2Request(Request $request) {

    // Check the header. See: http://tools.ietf.org/html/rfc6750#section-2.1
    // We have to perform also an exact match, as if no token is provided then
    // the LWS might be stripped, but we still have to detect this as OAuth2
    // authentication. See: https://www.ietf.org/rfc/rfc2616.txt
    $auth_header = trim($request->headers
      ->get('Authorization', '', TRUE));
    return strpos($auth_header, 'Bearer ') !== FALSE || $auth_header === 'Bearer';
  }

  /**
   * {@inheritdoc}
   */
  public function check(Request $request) {
    return $this
      ->isOauth2Request($request) ? static::DENY : NULL;
  }

}

Members

Namesort descending Modifiers Type Description Overrides
DisallowSimpleOauthRequests::check public function Determines whether delivery of a cached page should be attempted. Overrides RequestPolicyInterface::check
DisallowSimpleOauthRequests::isOauth2Request public function Returns a state whether the request has an OAuth2 access token. Overrides SimpleOauthRequestPolicyInterface::isOauth2Request
RequestPolicyInterface::ALLOW constant Allow delivery of cached pages.
RequestPolicyInterface::DENY constant Deny delivery of cached pages.