forked from mezzio/mezzio-authentication-oauth2
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathAuthorizationMiddleware.php
More file actions
88 lines (76 loc) · 3.24 KB
/
AuthorizationMiddleware.php
File metadata and controls
88 lines (76 loc) · 3.24 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
<?php
declare(strict_types=1);
namespace Mezzio\Authentication\OAuth2;
use Exception as BaseException;
use League\OAuth2\Server\AuthorizationServer;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\RequestTypes\AuthorizationRequestInterface;
use Mezzio\Authentication\OAuth2\Response\CallableResponseFactoryDecorator;
use Psr\Http\Message\ResponseFactoryInterface;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\MiddlewareInterface;
use Psr\Http\Server\RequestHandlerInterface;
use Psr\Log\LoggerInterface;
use function is_callable;
/**
* Implements OAuth2 authorization request validation
*
* Performs checks if the OAuth authorization request is valid and populates it
* to the next handler via the request object as attribute with the key
* `League\OAuth2\Server\AuthorizationServer`
*
* The next handler should take care of checking the resource owner's authentication and
* consent. It may intercept to ensure authentication and consent before populating it to
* the authorization request object
*
* @see https://oauth2.thephpleague.com/authorization-server/auth-code-grant/
* @see https://oauth2.thephpleague.com/authorization-server/implicit-grant/
*
* @final
*/
class AuthorizationMiddleware implements MiddlewareInterface
{
/** @var AuthorizationServer */
protected $server;
/** @var ResponseFactoryInterface */
protected $responseFactory;
protected ?LoggerInterface $logger;
/**
* @param (callable():ResponseInterface)|ResponseFactoryInterface $responseFactory
*/
public function __construct(AuthorizationServer $server, $responseFactory, ?LoggerInterface $logger = null)
{
$this->server = $server;
if (is_callable($responseFactory)) {
$responseFactory = new CallableResponseFactoryDecorator(
static fn(): ResponseInterface => $responseFactory()
);
}
$this->responseFactory = $responseFactory;
$this->logger = $logger;
}
/**
* {@inheritDoc}
*/
public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
{
try {
$authRequest = $this->server->validateAuthorizationRequest($request);
// The next handler must take care of providing the
// authenticated user and the approval
$authRequest->setAuthorizationApproved(false);
return $handler->handle($request->withAttribute(AuthorizationRequestInterface::class, $authRequest));
} catch (OAuthServerException $exception) {
$response = $this->responseFactory->createResponse();
// The validation throws this exception if the request is not valid
// for example when the client id is invalid
return $exception->generateHttpResponse($response);
} catch (BaseException $exception) {
$this->logger?->error('Authorization request error', ['exception' => $exception]);
$response = $this->responseFactory->createResponse();
return (new OAuthServerException('An internal error occurred', 0, 'unknown_error', 500))
->generateHttpResponse($response);
}
}
}