vendor/hwi/oauth-bundle/src/OAuth/ResourceOwner/GenericOAuth2ResourceOwner.php line 212

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of the HWIOAuthBundle package.
  5.  *
  6.  * (c) Hardware Info <opensource@hardware.info>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace HWI\Bundle\OAuthBundle\OAuth\ResourceOwner;
  14. use HWI\Bundle\OAuthBundle\OAuth\Exception\HttpTransportException;
  15. use HWI\Bundle\OAuthBundle\Security\Core\Authentication\Token\OAuthToken;
  16. use HWI\Bundle\OAuthBundle\Security\Helper\NonceGenerator;
  17. use HWI\Bundle\OAuthBundle\Security\OAuthErrorHandler;
  18. use Symfony\Component\HttpClient\Exception\JsonException;
  19. use Symfony\Component\HttpFoundation\Request as HttpRequest;
  20. use Symfony\Component\OptionsResolver\Options;
  21. use Symfony\Component\OptionsResolver\OptionsResolver;
  22. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  23. use Symfony\Contracts\HttpClient\Exception\TransportExceptionInterface;
  25. /**
  26.  * @author Geoffrey Bachelet <geoffrey.bachelet@gmail.com>
  27.  * @author Alexander <iam.asm89@gmail.com>
  28.  */
  29. abstract class GenericOAuth2ResourceOwner extends AbstractResourceOwner
  30. {
  31.     /**
  32.      * {@inheritdoc}
  33.      */
  34.     public function getUserInformation(array $accessToken, array $extraParameters = [])
  35.     {
  36.         if ($this->options['use_bearer_authorization']) {
  37.             $content $this->httpRequest(
  38.                 $this->normalizeUrl($this->options['infos_url'], $extraParameters),
  39.                 null,
  40.                 ['Authorization' => 'Bearer '.$accessToken['access_token']]
  41.             );
  42.         } else {
  43.             $content $this->doGetUserInformationRequest(
  44.                 $this->normalizeUrl(
  45.                     $this->options['infos_url'],
  46.                     array_merge([$this->options['attr_name'] => $accessToken['access_token']], $extraParameters)
  47.                 )
  48.             );
  49.         }
  51.         try {
  52.             $response $this->getUserResponse();
  53.             $response->setData($content->toArray(false));
  54.             $response->setResourceOwner($this);
  55.             $response->setOAuthToken(new OAuthToken($accessToken));
  57.             return $response;
  58.         } catch (TransportExceptionInterface|JsonException $e) {
  59.             throw new HttpTransportException('Error while sending HTTP request'$this->getName(), $e->getCode(), $e);
  60.         }
  61.     }
  63.     /**
  64.      * {@inheritdoc}
  65.      */
  66.     public function getAuthorizationUrl($redirectUri, array $extraParameters = [])
  67.     {
  68.         if ($this->options['csrf']) {
  69.             $this->handleCsrfToken();
  70.         }
  72.         $parameters array_merge([
  73.             'response_type' => 'code',
  74.             'client_id' => $this->options['client_id'],
  75.             'scope' => $this->options['scope'],
  76.             'state' => $this->state->encode(),
  77.             'redirect_uri' => $redirectUri,
  78.         ], $extraParameters);
  80.         return $this->normalizeUrl($this->options['authorization_url'], $parameters);
  81.     }
  83.     /**
  84.      * {@inheritdoc}
  85.      */
  86.     public function getAccessToken(HttpRequest $request$redirectUri, array $extraParameters = [])
  87.     {
  88.         OAuthErrorHandler::handleOAuthError($request);
  90.         $parameters array_merge([
  91.             'code' => $request->query->get('code'),
  92.             'grant_type' => 'authorization_code',
  93.             'redirect_uri' => $redirectUri,
  94.         ], $extraParameters);
  96.         $response $this->doGetTokenRequest($this->options['access_token_url'], $parameters);
  97.         $response $this->getResponseContent($response);
  99.         $this->validateResponseContent($response);
  101.         return $response;
  102.     }
  104.     /**
  105.      * {@inheritdoc}
  106.      */
  107.     public function refreshAccessToken($refreshToken, array $extraParameters = [])
  108.     {
  109.         $parameters array_merge([
  110.             'refresh_token' => $refreshToken,
  111.             'grant_type' => 'refresh_token',
  112.         ], $extraParameters);
  114.         $response $this->doGetTokenRequest($this->options['access_token_url'], $parameters);
  115.         $response $this->getResponseContent($response);
  117.         $this->validateResponseContent($response);
  119.         return $response;
  120.     }
  122.     /**
  123.      * {@inheritdoc}
  124.      */
  125.     public function revokeToken($token)
  126.     {
  127.         if (!isset($this->options['revoke_token_url'])) {
  128.             throw new AuthenticationException('OAuth error: "Method unsupported."');
  129.         }
  131.         $parameters = [
  132.             'client_id' => $this->options['client_id'],
  133.             'client_secret' => $this->options['client_secret'],
  134.         ];
  136.         $response $this->httpRequest($this->normalizeUrl($this->options['revoke_token_url'], ['token' => $token]), $parameters, [], 'DELETE');
  138.         return 200 === $response->getStatusCode();
  139.     }
  141.     /**
  142.      * {@inheritdoc}
  143.      */
  144.     public function handles(HttpRequest $request)
  145.     {
  146.         return $request->query->has('code');
  147.     }
  149.     /**
  150.      * {@inheritdoc}
  151.      */
  152.     public function isCsrfTokenValid($csrfToken)
  153.     {
  154.         // Mark token valid when validation is disabled
  155.         if (!$this->options['csrf']) {
  156.             return true;
  157.         }
  159.         if (null === $csrfToken) {
  160.             throw new AuthenticationException('Given CSRF token is not valid.');
  161.         }
  163.         try {
  164.             return null !== $this->storage->fetch($thisurldecode($csrfToken), 'csrf_state');
  165.         } catch (\InvalidArgumentException $e) {
  166.             throw new AuthenticationException('Given CSRF token is not valid.');
  167.         }
  168.     }
  170.     /**
  171.      * {@inheritdoc}
  172.      */
  173.     public function shouldRefreshOnExpire()
  174.     {
  175.         return $this->options['refresh_on_expire'] ?? false;
  176.     }
  178.     /**
  179.      * {@inheritdoc}
  180.      */
  181.     protected function doGetTokenRequest($url, array $parameters = [])
  182.     {
  183.         $headers = [];
  184.         if ($this->options['use_authorization_to_get_token']) {
  185.             if ($this->options['client_secret']) {
  186.                 $headers['Authorization'] = 'Basic '.base64_encode($this->options['client_id'].':'.$this->options['client_secret']);
  187.             }
  188.         } else {
  189.             $parameters['client_id'] = $this->options['client_id'];
  190.             $parameters['client_secret'] = $this->options['client_secret'];
  191.         }
  193.         return $this->httpRequest($urlhttp_build_query($parameters'''&'), $headers);
  194.     }
  196.     /**
  197.      * {@inheritdoc}
  198.      */
  199.     protected function doGetUserInformationRequest($url, array $parameters = [])
  200.     {
  201.         return $this->httpRequest($urlhttp_build_query($parameters'''&'));
  202.     }
  204.     /**
  205.      * @param mixed $response the 'parsed' content based on the response headers
  206.      *
  207.      * @throws AuthenticationException If an OAuth error occurred or no access token is found
  208.      */
  209.     protected function validateResponseContent($response)
  210.     {
  211.         if (isset($response['error_description'])) {
  212.             throw new AuthenticationException(sprintf('OAuth error: "%s"'$response['error_description']));
  213.         }
  215.         if (isset($response['error'])) {
  216.             throw new AuthenticationException(sprintf('OAuth error: "%s"'$response['error']['message'] ?? $response['error']));
  217.         }
  219.         if (!isset($response['access_token'])) {
  220.             throw new AuthenticationException('Not a valid access token.');
  221.         }
  222.     }
  224.     /**
  225.      * {@inheritdoc}
  226.      */
  227.     protected function configureOptions(OptionsResolver $resolver)
  228.     {
  229.         parent::configureOptions($resolver);
  231.         $resolver->setDefaults([
  232.             'attr_name' => 'access_token',
  233.             'use_commas_in_scope' => false,
  234.             'use_bearer_authorization' => true,
  235.             'use_authorization_to_get_token' => true,
  236.             'refresh_on_expire' => false,
  237.         ]);
  239.         $resolver->setDefined('revoke_token_url');
  240.         $resolver->setAllowedValues('refresh_on_expire', [truefalse]);
  242.         // Unfortunately some resource owners break the spec by using commas instead
  243.         // of spaces to separate scopes (Disqus, Facebook, Github, Vkontante)
  244.         $scopeNormalizer = function (Options $options$value) {
  245.             if (!$value) {
  246.                 return null;
  247.             }
  249.             if (!$options['use_commas_in_scope']) {
  250.                 return $value;
  251.             }
  253.             return str_replace(','' '$value);
  254.         };
  256.         $resolver->setNormalizer('scope'$scopeNormalizer);
  257.     }
  259.     /**
  260.      * {@inheritdoc}
  261.      */
  262.     protected function httpRequest($url$content null, array $headers = [], $method null)
  263.     {
  264.         $headers += ['Content-Type' => 'application/x-www-form-urlencoded'];
  266.         return parent::httpRequest($url$content$headers$method);
  267.     }
  269.     private function handleCsrfToken(): void
  270.     {
  271.         if (null === $this->state->getCsrfToken()) {
  272.             $this->state->setCsrfToken(NonceGenerator::generate());
  273.         }
  275.         $this->storage->save($this$this->state->getCsrfToken(), 'csrf_state');
  276.     }
  277. }