diff --git a/extensions/libraries/redcore/api/oauth2/GrantType/AuthorizationCode.php b/extensions/libraries/redcore/api/oauth2/GrantType/AuthorizationCode.php index e8995204c..a0d87b43c 100644 --- a/extensions/libraries/redcore/api/oauth2/GrantType/AuthorizationCode.php +++ b/extensions/libraries/redcore/api/oauth2/GrantType/AuthorizationCode.php @@ -2,6 +2,7 @@ namespace OAuth2\GrantType; +use Joomla\CMS\Factory; use OAuth2\Storage\AuthorizationCodeInterface; use OAuth2\ResponseType\AccessTokenInterface; use OAuth2\RequestInterface; @@ -13,88 +14,102 @@ */ class AuthorizationCode implements GrantTypeInterface { - protected $storage; - protected $authCode; - - /** - * @param OAuth2\Storage\AuthorizationCodeInterface $storage REQUIRED Storage class for retrieving authorization code information - */ - public function __construct(AuthorizationCodeInterface $storage) - { - $this->storage = $storage; - } - - public function getQuerystringIdentifier() - { - return 'authorization_code'; - } - - public function validateRequest(RequestInterface $request, ResponseInterface $response) - { - if (!$request->request('code')) { - $response->setError(400, 'invalid_request', 'Missing parameter: "code" is required'); - - return false; - } - - $code = $request->request('code'); - if (!$authCode = $this->storage->getAuthorizationCode($code)) { - $response->setError(400, 'invalid_grant', 'Authorization code doesn\'t exist or is invalid for the client'); - - return false; - } - - /* - * 4.1.3 - ensure that the "redirect_uri" parameter is present if the "redirect_uri" parameter was included in the initial authorization request - * @uri - http://tools.ietf.org/html/rfc6749#section-4.1.3 - */ - if (isset($authCode['redirect_uri']) && $authCode['redirect_uri']) { - if (!$request->request('redirect_uri') || urldecode($request->request('redirect_uri')) != $authCode['redirect_uri']) { - $response->setError(400, 'redirect_uri_mismatch', "The redirect URI is missing or do not match", "#section-4.1.3"); - - return false; - } - } - - if (!isset($authCode['expires'])) { - throw new \Exception('Storage must return authcode with a value for "expires"'); - } + protected $storage; - if ($authCode["expires"] < time()) { - $response->setError(400, 'invalid_grant', "The authorization code has expired"); + protected $authCode; - return false; - } + /** + * @param OAuth2\Storage\AuthorizationCodeInterface $storage REQUIRED Storage class for retrieving authorization code information + */ + public function __construct(AuthorizationCodeInterface $storage) + { + $this->storage = $storage; + } - if (!isset($authCode['code'])) { - $authCode['code'] = $code; // used to expire the code after the access token is granted - } + public function getQuerystringIdentifier() + { + return 'authorization_code'; + } - $this->authCode = $authCode; + public function validateRequest(RequestInterface $request, ResponseInterface $response) + { + if (!$request->request('code')) + { + $response->setError(400, 'invalid_request', 'Missing parameter: "code" is required'); - return true; - } + return false; + } - public function getClientId() - { - return $this->authCode['client_id']; - } + $code = $request->request('code'); - public function getScope() - { - return isset($this->authCode['scope']) ? $this->authCode['scope'] : null; - } + if (!$authCode = $this->storage->getAuthorizationCode($code)) + { + $response->setError(400, 'invalid_grant', 'Authorization code doesn\'t exist or is invalid for the client'); - public function getUserId() - { - return isset($this->authCode['user_id']) ? $this->authCode['user_id'] : null; - } + return false; + } - public function createAccessToken(AccessTokenInterface $accessToken, $client_id, $user_id, $scope) - { - $token = $accessToken->createAccessToken($client_id, $user_id, $scope); - $this->storage->expireAuthorizationCode($this->authCode['code']); - - return $token; - } + /* + * 4.1.3 - ensure that the "redirect_uri" parameter is present if the "redirect_uri" parameter was included in the initial authorization request + * @uri - http://tools.ietf.org/html/rfc6749#section-4.1.3 + */ + if (isset($authCode['redirect_uri']) && $authCode['redirect_uri']) + { + if (!$request->request('redirect_uri') || urldecode($request->request('redirect_uri')) != $authCode['redirect_uri']) + { + $response->setError(400, 'redirect_uri_mismatch', "The redirect URI is missing or do not match", "#section-4.1.3"); + + return false; + } + } + + if (!isset($authCode['expires'])) + { + throw new \Exception('Storage must return authcode with a value for "expires"'); + } + + if ($authCode["expires"] < time()) + { + $response->setError(400, 'invalid_grant', "The authorization code has expired"); + + return false; + } + + if (!isset($authCode['code'])) + { + $authCode['code'] = $code; // Used to expire the code after the access token is granted + } + + $this->authCode = $authCode; + + return true; + } + + public function getClientId() + { + return $this->authCode['client_id']; + } + + public function getScope() + { + return isset($this->authCode['scope']) ? $this->authCode['scope'] : null; + } + + public function getUserId() + { + return isset($this->authCode['user_id']) ? $this->authCode['user_id'] : null; + } + + public function createAccessToken(AccessTokenInterface $accessToken, $client_id, $user_id, $scope) + { + $token = $accessToken->createAccessToken($client_id, $user_id, $scope); + $this->storage->expireAuthorizationCode($this->authCode['code']); + + Factory::getApplication()->triggerEvent( + 'onRedcoreAuthorizationAfterGenerateToken', + ['token' => $token, 'clientId' => $client_id, 'userId' => $user_id] + ); + + return $token; + } }