-
Notifications
You must be signed in to change notification settings - Fork 0
/
ClientConfigurationEndpoint.php
88 lines (74 loc) · 3.32 KB
/
ClientConfigurationEndpoint.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2019 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace OAuth2Framework\Component\ClientConfigurationEndpoint;
use OAuth2Framework\Component\BearerTokenType\BearerToken;
use OAuth2Framework\Component\ClientRule\RuleManager;
use OAuth2Framework\Component\Core\Client\Client;
use OAuth2Framework\Component\Core\Client\ClientRepository;
use OAuth2Framework\Component\Core\Message\OAuth2Error;
use Psr\Http\Message\ResponseFactoryInterface;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\MiddlewareInterface;
use Psr\Http\Server\RequestHandlerInterface;
final class ClientConfigurationEndpoint implements MiddlewareInterface
{
private ClientRepository $clientRepository;
private BearerToken $bearerToken;
private ResponseFactoryInterface $responseFactory;
private RuleManager $ruleManager;
public function __construct(ClientRepository $clientRepository, BearerToken $bearerToken, ResponseFactoryInterface $responseFactory, RuleManager $ruleManager)
{
$this->clientRepository = $clientRepository;
$this->bearerToken = $bearerToken;
$this->responseFactory = $responseFactory;
$this->ruleManager = $ruleManager;
}
public function process(ServerRequestInterface $request, RequestHandlerInterface $next): ResponseInterface
{
$this->checkClient($request);
switch ($request->getMethod()) {
case 'GET':
$get = new ClientConfigurationGetEndpoint($this->responseFactory);
return $get->process($request, $next);
case 'PUT':
$put = new ClientConfigurationPutEndpoint($this->clientRepository, $this->responseFactory, $this->ruleManager);
return $put->process($request, $next);
case 'DELETE':
$delete = new ClientConfigurationDeleteEndpoint($this->clientRepository, $this->responseFactory);
return $delete->process($request, $next);
default:
throw new OAuth2Error(405, OAuth2Error::ERROR_INVALID_REQUEST, 'Unsupported method.');
}
}
private function checkClient(ServerRequestInterface $request): void
{
try {
$client = $request->getAttribute('client');
if (!$client instanceof Client) {
throw new \RuntimeException('Invalid client or invalid registration access token.');
}
if (!$client->has('registration_access_token')) {
throw new \RuntimeException('Invalid client or invalid registration access token.');
}
$values = [];
$token = $this->bearerToken->find($request, $values);
if (null === $token) {
throw new \RuntimeException('Invalid client or invalid registration access token.');
}
if (!hash_equals($client->get('registration_access_token'), $token)) {
throw new \InvalidArgumentException('Invalid client or invalid registration access token.');
}
} catch (\InvalidArgumentException $e) {
throw OAuth2Error::invalidRequest($e->getMessage(), [], $e);
}
}
}