redCOMPONENT-COM · nguyenvuledu · Dec 22, 2022
diff --git a/extensions/libraries/redcore/api/oauth2/GrantType/AuthorizationCode.php b/extensions/libraries/redcore/api/oauth2/GrantType/AuthorizationCode.php
@@ -2,6 +2,7 @@
 
 namespace OAuth2\GrantType;
 
+use Joomla\CMS\Factory;
 use OAuth2\Storage\AuthorizationCodeInterface;
 use OAuth2\ResponseType\AccessTokenInterface;
 use OAuth2\RequestInterface;
@@ -13,88 +14,102 @@
  */
 class AuthorizationCode implements GrantTypeInterface
 {
-    protected $storage;
-    protected $authCode;
-
-    /**
-     * @param OAuth2\Storage\AuthorizationCodeInterface $storage REQUIRED Storage class for retrieving authorization code information
-     */
-    public function __construct(AuthorizationCodeInterface $storage)
-    {
-        $this->storage = $storage;
-    }
-
-    public function getQuerystringIdentifier()
-    {
-        return 'authorization_code';
-    }
-
-    public function validateRequest(RequestInterface $request, ResponseInterface $response)
-    {
-        if (!$request->request('code')) {
-            $response->setError(400, 'invalid_request', 'Missing parameter: "code" is required');
-
-            return false;
-        }
-
-        $code = $request->request('code');
-        if (!$authCode = $this->storage->getAuthorizationCode($code)) {
-            $response->setError(400, 'invalid_grant', 'Authorization code doesn\'t exist or is invalid for the client');
-
-            return false;
-        }
-
-        /*
-         * 4.1.3 - ensure that the "redirect_uri" parameter is present if the "redirect_uri" parameter was included in the initial authorization request
-         * @uri - http://tools.ietf.org/html/rfc6749#section-4.1.3
-         */
-        if (isset($authCode['redirect_uri']) && $authCode['redirect_uri']) {
-            if (!$request->request('redirect_uri') || urldecode($request->request('redirect_uri')) != $authCode['redirect_uri']) {
-                $response->setError(400, 'redirect_uri_mismatch', "The redirect URI is missing or do not match", "#section-4.1.3");
-
-                return false;
-            }
-        }
-
-        if (!isset($authCode['expires'])) {
-            throw new \Exception('Storage must return authcode with a value for "expires"');
-        }
+	protected $storage;
 
-        if ($authCode["expires"] < time()) {
-            $response->setError(400, 'invalid_grant', "The authorization code has expired");
+	protected $authCode;
 
-            return false;
-        }
+	/**
+	 * @param   OAuth2\Storage\AuthorizationCodeInterface $storage REQUIRED Storage class for retrieving authorization code information
+	 */
+	public function __construct(AuthorizationCodeInterface $storage)
+	{
+		$this->storage = $storage;
+	}
 
-        if (!isset($authCode['code'])) {
-            $authCode['code'] = $code; // used to expire the code after the access token is granted
-        }
+	public function getQuerystringIdentifier()
+	{
+		return 'authorization_code';
+	}
 
-        $this->authCode = $authCode;
+	public function validateRequest(RequestInterface $request, ResponseInterface $response)
+	{
+		if (!$request->request('code'))
+		{
+			$response->setError(400, 'invalid_request', 'Missing parameter: "code" is required');
 
-        return true;
-    }
+			return false;
+		}
 
-    public function getClientId()
-    {
-        return $this->authCode['client_id'];
-    }
+		$code = $request->request('code');
 
-    public function getScope()
-    {
-        return isset($this->authCode['scope']) ? $this->authCode['scope'] : null;
-    }
+		if (!$authCode = $this->storage->getAuthorizationCode($code))
+		{
+			$response->setError(400, 'invalid_grant', 'Authorization code doesn\'t exist or is invalid for the client');
 
-    public function getUserId()
-    {
-        return isset($this->authCode['user_id']) ? $this->authCode['user_id'] : null;
-    }
+			return false;
+		}
 
-    public function createAccessToken(AccessTokenInterface $accessToken, $client_id, $user_id, $scope)
-    {
-        $token = $accessToken->createAccessToken($client_id, $user_id, $scope);
-        $this->storage->expireAuthorizationCode($this->authCode['code']);
-
-        return $token;
-    }
+		/*
+         * 4.1.3 - ensure that the "redirect_uri" parameter is present if the "redirect_uri" parameter was included in the initial authorization request
+         * @uri - http://tools.ietf.org/html/rfc6749#section-4.1.3
+         */
+		if (isset($authCode['redirect_uri']) && $authCode['redirect_uri'])
+		{
+			if (!$request->request('redirect_uri') || urldecode($request->request('redirect_uri')) != $authCode['redirect_uri'])
+			{
+				$response->setError(400, 'redirect_uri_mismatch', "The redirect URI is missing or do not match", "#section-4.1.3");
+
+				return false;
+			}
+		}
+
+		if (!isset($authCode['expires']))
+		{
+			throw new \Exception('Storage must return authcode with a value for "expires"');
+		}
+
+		if ($authCode["expires"] < time())
+		{
+			$response->setError(400, 'invalid_grant', "The authorization code has expired");
+
+			return false;
+		}
+
+		if (!isset($authCode['code']))
+		{
+			$authCode['code'] = $code; // Used to expire the code after the access token is granted
+		}
+
+		$this->authCode = $authCode;
+
+		return true;
+	}
+
+	public function getClientId()
+	{
+		return $this->authCode['client_id'];
+	}
+
+	public function getScope()
+	{
+		return isset($this->authCode['scope']) ? $this->authCode['scope'] : null;
+	}
+
+	public function getUserId()
+	{
+		return isset($this->authCode['user_id']) ? $this->authCode['user_id'] : null;
+	}
+
+	public function createAccessToken(AccessTokenInterface $accessToken, $client_id, $user_id, $scope)
+	{
+		$token = $accessToken->createAccessToken($client_id, $user_id, $scope);
+		$this->storage->expireAuthorizationCode($this->authCode['code']);
+
+		Factory::getApplication()->triggerEvent(
+			'onRedcoreAuthorizationAfterGenerateToken',
+			['token' => $token, 'clientId' => $client_id, 'userId' => $user_id]
+		);
+
+		return $token;
+	}
 }