OAuth Bits

Author: bajb

src/Connections/AbstractConnection.php

@@ -3,11 +3,16 @@
 
 use Fortifi\Api\Core\IApiConnection;
 use Fortifi\Api\Core\IApiRequestDetail;
+use Fortifi\Api\Core\OAuth\Tokens\IToken;
 
 abstract class AbstractConnection implements IApiConnection
 {
   protected $_orgFid;
-  protected $_accessToken;
+
+  /**
+   * @var IToken
+   */
+  protected $_token;
 
   /**
    * @param string $fid Organisation FID
@@ -21,13 +26,13 @@ public function setOrganisationFid($fid)
   }
 
   /**
-   * @param string $token Access Token
+   * @param IToken $token Access Token
    *
    * @return $this
    */
-  public function setAccessToken($token)
+  public function setToken(IToken $token)
   {
-    $this->_accessToken = $token;
+    $this->_token = $token;
     return $this;
   }
 
@@ -39,9 +44,10 @@ protected function _buildHeaders(IApiRequestDetail $request)
       $headers['X-Fortifi-Org'] = $this->_orgFid;
     }
 
-    if(!empty($this->_accessToken))
+    if($this->_token)
     {
-      $headers['Authorization'] = 'Bearer ' . $this->_accessToken;
+      $headers['Authorization'] = $this->_token->getType()
+        . ' ' . $this->_token->getToken();
     }
 
     if($request->getRequestBody())

src/IApiConnection.php

@@ -1,6 +1,8 @@
 <?php
 namespace Fortifi\Api\Core;
 
+use Fortifi\Api\Core\OAuth\Tokens\IToken;
+
 interface IApiConnection
 {
   /**
@@ -25,9 +27,9 @@ public function batchLoad($requests);
   public function setOrganisationFid($fid);
 
   /**
-   * @param string $token Access Token
+   * @param IToken $token Access Token
    *
    * @return $this
    */
-  public function setAccessToken($token);
+  public function setToken(IToken $token);
 }

src/OAuth/Grants/IGrant.php

@@ -0,0 +1,19 @@
+<?php
+namespace Fortifi\Api\Core\OAuth\Grants;
+
+use Fortifi\Api\Core\ApiDefinition\SecurityDefinition;
+use Fortifi\Api\Core\IApiConnection;
+use Fortifi\Api\Core\OAuth\Tokens\IToken;
+
+interface IGrant
+{
+  /**
+   * @param IApiConnection     $connection
+   * @param SecurityDefinition $definition
+   *
+   * @return IToken
+   */
+  public function getToken(
+    IApiConnection $connection, SecurityDefinition $definition
+  );
+}

src/OAuth/Grants/ServiceAccountGrant.php

@@ -0,0 +1,103 @@
+<?php
+namespace Fortifi\Api\Core\OAuth\Grants;
+
+use Fortifi\Api\Core\ApiDefinition\SecurityDefinition;
+use Fortifi\Api\Core\ApiRequest;
+use Fortifi\Api\Core\ApiRequestDetail;
+use Fortifi\Api\Core\IApiConnection;
+use Fortifi\Api\Core\OAuth\Tokens\AccessToken;
+use Fortifi\Api\Core\OAuth\Tokens\IToken;
+use Packaged\Helpers\Objects;
+
+class ServiceAccountGrant implements IGrant
+{
+  protected $_apiSecret;
+  protected $_apiUser;
+
+  /**
+   * @param mixed $apiSecret
+   *
+   * @return ServiceAccountGrant
+   */
+  public function setApiSecret($apiSecret)
+  {
+    $this->_apiSecret = $apiSecret;
+    return $this;
+  }
+
+  /**
+   * @param mixed $apiUser
+   *
+   * @return ServiceAccountGrant
+   */
+  public function setApiUser($apiUser)
+  {
+    $this->_apiUser = $apiUser;
+    return $this;
+  }
+
+  /**
+   * @return mixed
+   */
+  public function getApiSecret()
+  {
+    return $this->_apiSecret;
+  }
+
+  /**
+   * @return mixed
+   */
+  public function getApiUser()
+  {
+    return $this->_apiUser;
+  }
+
+  /**
+   * @param IApiConnection     $connection
+   * @param SecurityDefinition $definition
+   *
+   * @return IToken
+   */
+  public function getToken(
+    IApiConnection $connection, SecurityDefinition $definition
+  )
+  {
+    if($definition->getType() !== 'oauth2')
+    {
+      throw new \InvalidArgumentException(
+        'The security definition provided is not a valid oAuth2 definition'
+      );
+    }
+
+    $params = [];
+    $params['grant_type'] = $this->getGrantType();
+    $params['api_user'] = $this->getApiUser();
+    $params['api_key'] = $this->getApiSecret();
+
+    $request = new ApiRequest();
+    $request->setConnection($connection);
+    $detail = new ApiRequestDetail();
+    $detail->setUrl($definition->getTokenUrl());
+    $detail->setPostFields($params);
+    $request->setRequestDetail($detail);
+    $connection->load($request);
+    $tokenResponse = $request->getDecodedResponse();
+
+    $token = new AccessToken();
+    $token->setToken(Objects::property($tokenResponse, 'access_token'));
+    $token->setType(Objects::property($tokenResponse, 'token_type', 'Bearer'));
+    $token->setExpirySeconds(Objects::property($tokenResponse, 'expires_in'));
+    $token->setExpiryTime(Objects::property($tokenResponse, 'expiry_time'));
+    $token->setUserId(Objects::property($tokenResponse, 'uid'));
+    $token->setSessionSecret(
+      Objects::property($tokenResponse, 'session_secret')
+    );
+
+    return $token;
+  }
+
+  public function getGrantType()
+  {
+    return 'service_account';
+  }
+}

src/OAuth/TokenStorage/TmpFileTokenStorage.php

@@ -0,0 +1,50 @@
+<?php
+namespace Fortifi\Api\Core\OAuth\TokenStorage;
+
+use Packaged\Helpers\Path;
+
+class TmpFileTokenStorage implements TokenStorageInterface
+{
+  /**
+   * Store a token in storage
+   *
+   * @param string $key location key to store the token in
+   *
+   * @param string $token
+   *
+   * @return bool
+   */
+  public function storeToken($key, $token)
+  {
+    return file_put_contents($this->_createFileName($key), $token) !== false;
+  }
+
+  /**
+   * Retrieve a token from storage
+   *
+   * @param string $key location key for token
+   *
+   * @return string|null
+   */
+  public function retrieveToken($key)
+  {
+    $location = $this->_createFileName($key);
+    if(file_exists($location))
+    {
+      return file_get_contents($location);
+    }
+    return null;
+  }
+
+  /**
+   * Create a temporary filename
+   *
+   * @param $key
+   *
+   * @return string
+   */
+  private function _createFileName($key)
+  {
+    return Path::build(sys_get_temp_dir(), 'Fortifi-Token-' . $key);
+  }
+}

src/OAuth/TokenStorage/TokenStorageInterface.php

@@ -0,0 +1,25 @@
+<?php
+namespace Fortifi\Api\Core\OAuth\TokenStorage;
+
+interface TokenStorageInterface
+{
+  /**
+   * Store a token in storage
+   *
+   * @param string $key location key to store the token in
+   *
+   * @param string $token
+   *
+   * @return bool
+   */
+  public function storeToken($key, $token);
+
+  /**
+   * Retrieve a token from storage
+   *
+   * @param string $key location key for token
+   *
+   * @return string|null
+   */
+  public function retrieveToken($key);
+}