Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[8.x] Add abstract CheckCredentials middleware and allows to create #1127

Merged
merged 2 commits into from
Nov 25, 2019
Merged

[8.x] Add abstract CheckCredentials middleware and allows to create #1127

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5ddd626
[8.x] Add abstract CheckCredentials middleware and allows to create
crynobone Nov 24, 2019
983f873
Fixes CS.
crynobone Nov 24, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
75 changes: 9 additions & 66 deletions src/Http/Middleware/CheckClientCredentials.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,92 +2,35 @@

namespace Laravel\Passport\Http\Middleware;

use Closure;
use Illuminate\Auth\AuthenticationException;
use Laravel\Passport\Exceptions\MissingScopeException;
use Laravel\Passport\TokenRepository;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\ResourceServer;
use Symfony\Bridge\PsrHttpMessage\Factory\PsrHttpFactory;
use Zend\Diactoros\ResponseFactory;
use Zend\Diactoros\ServerRequestFactory;
use Zend\Diactoros\StreamFactory;
use Zend\Diactoros\UploadedFileFactory;

class CheckClientCredentials
class CheckClientCredentials extends CheckCredentials
{
/**
* The Resource Server instance.
* Validate token credentials.
*
* @var \League\OAuth2\Server\ResourceServer
*/
protected $server;

/**
* Token Repository.
*
* @var \Laravel\Passport\TokenRepository
*/
protected $repository;

/**
* Create a new middleware instance.
*
* @param \League\OAuth2\Server\ResourceServer $server
* @param \Laravel\Passport\TokenRepository $repository
* @param \Laravel\Passport\Token $token
* @return void
*/
public function __construct(ResourceServer $server, TokenRepository $repository)
{
$this->server = $server;
$this->repository = $repository;
}

/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param mixed ...$scopes
* @return mixed
* @throws \Illuminate\Auth\AuthenticationException
*/
public function handle($request, Closure $next, ...$scopes)
protected function validateCredentials($token)
{
$psr = (new PsrHttpFactory(
new ServerRequestFactory,
new StreamFactory,
new UploadedFileFactory,
new ResponseFactory
))->createRequest($request);

try {
$psr = $this->server->validateAuthenticatedRequest($psr);
} catch (OAuthServerException $e) {
if (! $token || $token->client->firstParty()) {
throw new AuthenticationException;
}

$this->validate($psr, $scopes);

return $next($request);
}

/**
* Validate the scopes and token on the incoming request.
* Validate token credentials.
*
* @param \Psr\Http\Message\ServerRequestInterface $psr
* @param \Laravel\Passport\Token $token
* @param array $scopes
* @return void
* @throws \Laravel\Passport\Exceptions\MissingScopeException|\Illuminate\Auth\AuthenticationException
* @throws \Laravel\Passport\Exceptions\MissingScopeException
*/
protected function validate($psr, $scopes)
protected function validateScopes($token, $scopes)
{
$token = $this->repository->find($psr->getAttribute('oauth_access_token_id'));

if (! $token || $token->client->firstParty()) {
throw new AuthenticationException;
}

if (in_array('*', $token->scopes)) {
return;
}
Expand Down
87 changes: 14 additions & 73 deletions src/Http/Middleware/CheckClientCredentialsForAnyScope.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,104 +2,45 @@

namespace Laravel\Passport\Http\Middleware;

use Closure;
use Illuminate\Auth\AuthenticationException;
use Laravel\Passport\Exceptions\MissingScopeException;
use Laravel\Passport\TokenRepository;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\ResourceServer;
use Symfony\Bridge\PsrHttpMessage\Factory\PsrHttpFactory;
use Zend\Diactoros\ResponseFactory;
use Zend\Diactoros\ServerRequestFactory;
use Zend\Diactoros\StreamFactory;
use Zend\Diactoros\UploadedFileFactory;

class CheckClientCredentialsForAnyScope
class CheckClientCredentialsForAnyScope extends CheckCredentials
{
/**
* The Resource Server instance.
* Validate token credentials.
*
* @var \League\OAuth2\Server\ResourceServer
*/
protected $server;

/**
* Token Repository.
*
* @var \Laravel\Passport\TokenRepository
*/
protected $repository;

/**
* Create a new middleware instance.
*
* @param \League\OAuth2\Server\ResourceServer $server
* @param \Laravel\Passport\TokenRepository $repository
* @param \Laravel\Passport\Token $token
* @return void
* @throws \Illuminate\Auth\AuthenticationException
*/
public function __construct(ResourceServer $server, TokenRepository $repository)
{
$this->server = $server;
$this->repository = $repository;
}

/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param mixed ...$scopes
* @return mixed
* @throws \Illuminate\Auth\AuthenticationException|\Laravel\Passport\Exceptions\MissingScopeException
*/
public function handle($request, Closure $next, ...$scopes)
protected function validateCredentials($token)
{
$psr = (new PsrHttpFactory(
new ServerRequestFactory,
new StreamFactory,
new UploadedFileFactory,
new ResponseFactory
))->createRequest($request);

try {
$psr = $this->server->validateAuthenticatedRequest($psr);
} catch (OAuthServerException $e) {
if (! $token || $token->client->firstParty()) {
throw new AuthenticationException;
}

if ($this->validate($psr, $scopes)) {
return $next($request);
}

throw new MissingScopeException($scopes);
}

/**
* Validate the scopes and token on the incoming request.
* Validate token credentials.
*
* @param \Psr\Http\Message\ServerRequestInterface $psr
* @param \Laravel\Passport\Token $token
* @param array $scopes
* @return bool
* @throws \Illuminate\Auth\AuthenticationException
* @return void
* @throws \Laravel\Passport\Exceptions\MissingScopeException
*/
protected function validate($psr, $scopes)
protected function validateScopes($token, $scopes)
{
$token = $this->repository->find($psr->getAttribute('oauth_access_token_id'));

if (! $token || $token->client->firstParty()) {
throw new AuthenticationException;
}

if (in_array('*', $token->scopes)) {
return true;
return;
}

foreach ($scopes as $scope) {
if ($token->can($scope)) {
return true;
return;
}
}

return false;
throw new MissingScopeException($scopes);
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Both CheckClientCredentials and CheckClientCredentialsForAnyScope are the same except

  • CheckClientCredentials throws an exception of failure and return void.
  • CheckClientCredentialsForAnyScope return bool and handle method convert false to an exception.

This changes remove the different (making both identical).

}
}
109 changes: 109 additions & 0 deletions src/Http/Middleware/CheckCredentials.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,109 @@
<?php

namespace Laravel\Passport\Http\Middleware;

use Closure;
use Illuminate\Auth\AuthenticationException;
use Laravel\Passport\TokenRepository;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\ResourceServer;
use Symfony\Bridge\PsrHttpMessage\Factory\PsrHttpFactory;
use Zend\Diactoros\ResponseFactory;
use Zend\Diactoros\ServerRequestFactory;
use Zend\Diactoros\StreamFactory;
use Zend\Diactoros\UploadedFileFactory;

abstract class CheckCredentials
{
/**
* The Resource Server instance.
*
* @var \League\OAuth2\Server\ResourceServer
*/
protected $server;

/**
* Token Repository.
*
* @var \Laravel\Passport\TokenRepository
*/
protected $repository;

/**
* Create a new middleware instance.
*
* @param \League\OAuth2\Server\ResourceServer $server
* @param \Laravel\Passport\TokenRepository $repository
* @return void
*/
public function __construct(ResourceServer $server, TokenRepository $repository)
{
$this->server = $server;
$this->repository = $repository;
}

/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param mixed ...$scopes
* @return mixed
* @throws \Illuminate\Auth\AuthenticationException
*/
public function handle($request, Closure $next, ...$scopes)
{
$psr = (new PsrHttpFactory(
new ServerRequestFactory,
new StreamFactory,
new UploadedFileFactory,
new ResponseFactory
))->createRequest($request);

try {
$psr = $this->server->validateAuthenticatedRequest($psr);
} catch (OAuthServerException $e) {
throw new AuthenticationException;
}

$this->validate($psr, $scopes);

return $next($request);
}

/**
* Validate the scopes and token on the incoming request.
*
* @param \Psr\Http\Message\ServerRequestInterface $psr
* @param array $scopes
* @return void
* @throws \Laravel\Passport\Exceptions\MissingScopeException|\Illuminate\Auth\AuthenticationException
*/
protected function validate($psr, $scopes)
{
$token = $this->repository->find($psr->getAttribute('oauth_access_token_id'));

$this->validateCredentials($token);

$this->validateScopes($token, $scopes);
}

/**
* Validate token credentials.
*
* @param \Laravel\Passport\Token $token
* @return void
* @throws \Illuminate\Auth\AuthenticationException
*/
abstract protected function validateCredentials($token);

/**
* Validate token credentials.
*
* @param \Laravel\Passport\Token $token
* @param array $scopes
* @return void
* @throws \Laravel\Passport\Exceptions\MissingScopeException
*/
abstract protected function validateScopes($token, $scopes);
}