diff --git a/src/Http/Middleware/CheckClientCredentials.php b/src/Http/Middleware/CheckClientCredentials.php index 6cf006dda..ca1c621b3 100644 --- a/src/Http/Middleware/CheckClientCredentials.php +++ b/src/Http/Middleware/CheckClientCredentials.php @@ -2,92 +2,35 @@ namespace Laravel\Passport\Http\Middleware; -use Closure; use Illuminate\Auth\AuthenticationException; use Laravel\Passport\Exceptions\MissingScopeException; -use Laravel\Passport\TokenRepository; -use League\OAuth2\Server\Exception\OAuthServerException; -use League\OAuth2\Server\ResourceServer; -use Symfony\Bridge\PsrHttpMessage\Factory\PsrHttpFactory; -use Zend\Diactoros\ResponseFactory; -use Zend\Diactoros\ServerRequestFactory; -use Zend\Diactoros\StreamFactory; -use Zend\Diactoros\UploadedFileFactory; -class CheckClientCredentials +class CheckClientCredentials extends CheckCredentials { /** - * The Resource Server instance. + * Validate token credentials. * - * @var \League\OAuth2\Server\ResourceServer - */ - protected $server; - - /** - * Token Repository. - * - * @var \Laravel\Passport\TokenRepository - */ - protected $repository; - - /** - * Create a new middleware instance. - * - * @param \League\OAuth2\Server\ResourceServer $server - * @param \Laravel\Passport\TokenRepository $repository + * @param \Laravel\Passport\Token $token * @return void - */ - public function __construct(ResourceServer $server, TokenRepository $repository) - { - $this->server = $server; - $this->repository = $repository; - } - - /** - * Handle an incoming request. - * - * @param \Illuminate\Http\Request $request - * @param \Closure $next - * @param mixed ...$scopes - * @return mixed * @throws \Illuminate\Auth\AuthenticationException */ - public function handle($request, Closure $next, ...$scopes) + protected function validateCredentials($token) { - $psr = (new PsrHttpFactory( - new ServerRequestFactory, - new StreamFactory, - new UploadedFileFactory, - new ResponseFactory - ))->createRequest($request); - - try { - $psr = $this->server->validateAuthenticatedRequest($psr); - } catch (OAuthServerException $e) { + if (! $token || $token->client->firstParty()) { throw new AuthenticationException; } - - $this->validate($psr, $scopes); - - return $next($request); } /** - * Validate the scopes and token on the incoming request. + * Validate token credentials. * - * @param \Psr\Http\Message\ServerRequestInterface $psr + * @param \Laravel\Passport\Token $token * @param array $scopes * @return void - * @throws \Laravel\Passport\Exceptions\MissingScopeException|\Illuminate\Auth\AuthenticationException + * @throws \Laravel\Passport\Exceptions\MissingScopeException */ - protected function validate($psr, $scopes) + protected function validateScopes($token, $scopes) { - $token = $this->repository->find($psr->getAttribute('oauth_access_token_id')); - - if (! $token || $token->client->firstParty()) { - throw new AuthenticationException; - } - if (in_array('*', $token->scopes)) { return; } diff --git a/src/Http/Middleware/CheckClientCredentialsForAnyScope.php b/src/Http/Middleware/CheckClientCredentialsForAnyScope.php index 6c1337ce9..c047774f2 100644 --- a/src/Http/Middleware/CheckClientCredentialsForAnyScope.php +++ b/src/Http/Middleware/CheckClientCredentialsForAnyScope.php @@ -2,104 +2,45 @@ namespace Laravel\Passport\Http\Middleware; -use Closure; use Illuminate\Auth\AuthenticationException; use Laravel\Passport\Exceptions\MissingScopeException; -use Laravel\Passport\TokenRepository; -use League\OAuth2\Server\Exception\OAuthServerException; -use League\OAuth2\Server\ResourceServer; -use Symfony\Bridge\PsrHttpMessage\Factory\PsrHttpFactory; -use Zend\Diactoros\ResponseFactory; -use Zend\Diactoros\ServerRequestFactory; -use Zend\Diactoros\StreamFactory; -use Zend\Diactoros\UploadedFileFactory; -class CheckClientCredentialsForAnyScope +class CheckClientCredentialsForAnyScope extends CheckCredentials { /** - * The Resource Server instance. + * Validate token credentials. * - * @var \League\OAuth2\Server\ResourceServer - */ - protected $server; - - /** - * Token Repository. - * - * @var \Laravel\Passport\TokenRepository - */ - protected $repository; - - /** - * Create a new middleware instance. - * - * @param \League\OAuth2\Server\ResourceServer $server - * @param \Laravel\Passport\TokenRepository $repository + * @param \Laravel\Passport\Token $token * @return void + * @throws \Illuminate\Auth\AuthenticationException */ - public function __construct(ResourceServer $server, TokenRepository $repository) - { - $this->server = $server; - $this->repository = $repository; - } - - /** - * Handle an incoming request. - * - * @param \Illuminate\Http\Request $request - * @param \Closure $next - * @param mixed ...$scopes - * @return mixed - * @throws \Illuminate\Auth\AuthenticationException|\Laravel\Passport\Exceptions\MissingScopeException - */ - public function handle($request, Closure $next, ...$scopes) + protected function validateCredentials($token) { - $psr = (new PsrHttpFactory( - new ServerRequestFactory, - new StreamFactory, - new UploadedFileFactory, - new ResponseFactory - ))->createRequest($request); - - try { - $psr = $this->server->validateAuthenticatedRequest($psr); - } catch (OAuthServerException $e) { + if (! $token || $token->client->firstParty()) { throw new AuthenticationException; } - - if ($this->validate($psr, $scopes)) { - return $next($request); - } - - throw new MissingScopeException($scopes); } /** - * Validate the scopes and token on the incoming request. + * Validate token credentials. * - * @param \Psr\Http\Message\ServerRequestInterface $psr + * @param \Laravel\Passport\Token $token * @param array $scopes - * @return bool - * @throws \Illuminate\Auth\AuthenticationException + * @return void + * @throws \Laravel\Passport\Exceptions\MissingScopeException */ - protected function validate($psr, $scopes) + protected function validateScopes($token, $scopes) { - $token = $this->repository->find($psr->getAttribute('oauth_access_token_id')); - - if (! $token || $token->client->firstParty()) { - throw new AuthenticationException; - } - if (in_array('*', $token->scopes)) { - return true; + return; } foreach ($scopes as $scope) { if ($token->can($scope)) { - return true; + return; } } - return false; + throw new MissingScopeException($scopes); } } diff --git a/src/Http/Middleware/CheckCredentials.php b/src/Http/Middleware/CheckCredentials.php new file mode 100644 index 000000000..6c28b6563 --- /dev/null +++ b/src/Http/Middleware/CheckCredentials.php @@ -0,0 +1,109 @@ +server = $server; + $this->repository = $repository; + } + + /** + * Handle an incoming request. + * + * @param \Illuminate\Http\Request $request + * @param \Closure $next + * @param mixed ...$scopes + * @return mixed + * @throws \Illuminate\Auth\AuthenticationException + */ + public function handle($request, Closure $next, ...$scopes) + { + $psr = (new PsrHttpFactory( + new ServerRequestFactory, + new StreamFactory, + new UploadedFileFactory, + new ResponseFactory + ))->createRequest($request); + + try { + $psr = $this->server->validateAuthenticatedRequest($psr); + } catch (OAuthServerException $e) { + throw new AuthenticationException; + } + + $this->validate($psr, $scopes); + + return $next($request); + } + + /** + * Validate the scopes and token on the incoming request. + * + * @param \Psr\Http\Message\ServerRequestInterface $psr + * @param array $scopes + * @return void + * @throws \Laravel\Passport\Exceptions\MissingScopeException|\Illuminate\Auth\AuthenticationException + */ + protected function validate($psr, $scopes) + { + $token = $this->repository->find($psr->getAttribute('oauth_access_token_id')); + + $this->validateCredentials($token); + + $this->validateScopes($token, $scopes); + } + + /** + * Validate token credentials. + * + * @param \Laravel\Passport\Token $token + * @return void + * @throws \Illuminate\Auth\AuthenticationException + */ + abstract protected function validateCredentials($token); + + /** + * Validate token credentials. + * + * @param \Laravel\Passport\Token $token + * @param array $scopes + * @return void + * @throws \Laravel\Passport\Exceptions\MissingScopeException + */ + abstract protected function validateScopes($token, $scopes); +}