vendor/friendsofsymfony/oauth-server-bundle/Controller/AuthorizeController.php line 149

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. /*
  6.  * This file is part of the FOSOAuthServerBundle package.
  7.  *
  8.  * (c) FriendsOfSymfony <http://friendsofsymfony.github.com/>
  9.  *
  10.  * For the full copyright and license information, please view the LICENSE
  11.  * file that was distributed with this source code.
  12.  */
  14. namespace FOS\OAuthServerBundle\Controller;
  16. use FOS\OAuthServerBundle\Event\OAuthEvent;
  17. use FOS\OAuthServerBundle\Form\Handler\AuthorizeFormHandler;
  18. use FOS\OAuthServerBundle\Model\ClientInterface;
  19. use FOS\OAuthServerBundle\Model\ClientManagerInterface;
  20. use OAuth2\OAuth2;
  21. use OAuth2\OAuth2ServerException;
  22. use Symfony\Bundle\FrameworkBundle\Templating\EngineInterface;
  23. use Symfony\Component\EventDispatcher\EventDispatcherInterface;
  24. use Symfony\Component\Form\Form;
  25. use Symfony\Component\HttpFoundation\Request;
  26. use Symfony\Component\HttpFoundation\RequestStack;
  27. use Symfony\Component\HttpFoundation\Response;
  28. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  29. use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  30. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  31. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  32. use Symfony\Component\Security\Core\Exception\AccessDeniedException;
  33. use Symfony\Component\Security\Core\User\UserInterface;
  35. /**
  36.  * Controller handling basic authorization.
  37.  *
  38.  * @author Chris Jones <leeked@gmail.com>
  39.  */
  40. class AuthorizeController
  41. {
  42.     /**
  43.      * @var ClientInterface
  44.      */
  45.     private $client;
  47.     /**
  48.      * @var SessionInterface
  49.      */
  50.     private $session;
  52.     /**
  53.      * @var Form
  54.      */
  55.     private $authorizeForm;
  57.     /**
  58.      * @var AuthorizeFormHandler
  59.      */
  60.     private $authorizeFormHandler;
  62.     /**
  63.      * @var OAuth2
  64.      */
  65.     private $oAuth2Server;
  67.     /**
  68.      * @var EngineInterface
  69.      */
  70.     private $templating;
  72.     /**
  73.      * @var RequestStack
  74.      */
  75.     private $requestStack;
  77.     /**
  78.      * @var TokenStorageInterface
  79.      */
  80.     private $tokenStorage;
  82.     /**
  83.      * @var UrlGeneratorInterface
  84.      */
  85.     private $router;
  87.     /**
  88.      * @var ClientManagerInterface
  89.      */
  90.     private $clientManager;
  92.     /**
  93.      * @var string
  94.      */
  95.     private $templateEngineType;
  97.     /**
  98.      * @var EventDispatcherInterface
  99.      */
  100.     private $eventDispatcher;
  102.     /**
  103.      * This controller had been made as a service due to support symfony 4 where all* services are private by default.
  104.      * Thus, this is considered a bad practice to fetch services directly from container.
  105.      *
  106.      * @todo This controller could be refactored to not rely on so many dependencies
  107.      *
  108.      * @param RequestStack             $requestStack
  109.      * @param Form                     $authorizeForm
  110.      * @param AuthorizeFormHandler     $authorizeFormHandler
  111.      * @param OAuth2                   $oAuth2Server
  112.      * @param EngineInterface          $templating
  113.      * @param TokenStorageInterface    $tokenStorage
  114.      * @param UrlGeneratorInterface    $router
  115.      * @param ClientManagerInterface   $clientManager
  116.      * @param EventDispatcherInterface $eventDispatcher
  117.      * @param SessionInterface         $session
  118.      * @param string                   $templateEngineType
  119.      */
  120.     public function __construct(
  121.         RequestStack $requestStack,
  122.         Form $authorizeForm,
  123.         AuthorizeFormHandler $authorizeFormHandler,
  124.         OAuth2 $oAuth2Server,
  125.         EngineInterface $templating,
  126.         TokenStorageInterface $tokenStorage,
  127.         UrlGeneratorInterface $router,
  128.         ClientManagerInterface $clientManager,
  129.         EventDispatcherInterface $eventDispatcher,
  130.         SessionInterface $session null,
  131.         $templateEngineType 'twig'
  132.     ) {
  133.         $this->requestStack $requestStack;
  134.         $this->session $session;
  135.         $this->authorizeForm $authorizeForm;
  136.         $this->authorizeFormHandler $authorizeFormHandler;
  137.         $this->oAuth2Server $oAuth2Server;
  138.         $this->templating $templating;
  139.         $this->tokenStorage $tokenStorage;
  140.         $this->router $router;
  141.         $this->clientManager $clientManager;
  142.         $this->templateEngineType $templateEngineType;
  143.         $this->eventDispatcher $eventDispatcher;
  144.     }
  146.     /**
  147.      * Authorize.
  148.      */
  149.     public function authorizeAction(Request $request)
  150.     {
  151.         $user $this->tokenStorage->getToken()->getUser();
  153.         if (!$user instanceof UserInterface) {
  154.             throw new AccessDeniedException('This user does not have access to this section.');
  155.         }
  157.         if ($this->session && true === $this->session->get('_fos_oauth_server.ensure_logout')) {
  158.             $this->session->invalidate(600);
  159.             $this->session->set('_fos_oauth_server.ensure_logout'true);
  160.         }
  162.         $form $this->authorizeForm;
  163.         $formHandler $this->authorizeFormHandler;
  165.         /** @var OAuthEvent $event */
  166.         $event $this->eventDispatcher->dispatch(
  167.             OAuthEvent::PRE_AUTHORIZATION_PROCESS,
  168.             new OAuthEvent($user$this->getClient())
  169.         );
  171.         if ($event->isAuthorizedClient()) {
  172.             $scope $request->get('scope'null);
  174.             return $this->oAuth2Server->finishClientAuthorization(true$user$request$scope);
  175.         }
  177.         if (true === $formHandler->process()) {
  178.             return $this->processSuccess($user$formHandler$request);
  179.         }
  181.         $data = [
  182.             'form' => $form->createView(),
  183.             'client' => $this->getClient(),
  184.         ];
  186.         return $this->renderAuthorize($data$this->templating$this->templateEngineType);
  187.     }
  189.     /**
  190.      * @param UserInterface        $user
  191.      * @param AuthorizeFormHandler $formHandler
  192.      * @param Request              $request
  193.      *
  194.      * @return Response
  195.      */
  196.     protected function processSuccess(UserInterface $userAuthorizeFormHandler $formHandlerRequest $request)
  197.     {
  198.         if ($this->session && true === $this->session->get('_fos_oauth_server.ensure_logout')) {
  199.             $this->tokenStorage->setToken(null);
  200.             $this->session->invalidate();
  201.         }
  203.         $this->eventDispatcher->dispatch(
  204.             OAuthEvent::POST_AUTHORIZATION_PROCESS,
  205.             new OAuthEvent($user$this->getClient(), $formHandler->isAccepted())
  206.         );
  208.         $formName $this->authorizeForm->getName();
  209.         if (!$request->query->all() && $request->request->has($formName)) {
  210.             $request->query->add($request->request->get($formName));
  211.         }
  213.         try {
  214.             return $this->oAuth2Server
  215.                 ->finishClientAuthorization($formHandler->isAccepted(), $user$request$formHandler->getScope())
  216.             ;
  217.         } catch (OAuth2ServerException $e) {
  218.             return $e->getHttpResponse();
  219.         }
  220.     }
  222.     /**
  223.      * Generate the redirection url when the authorize is completed.
  224.      *
  225.      * @param UserInterface $user
  226.      *
  227.      * @return string
  228.      */
  229.     protected function getRedirectionUrl(UserInterface $user)
  230.     {
  231.         return $this->router->generate('fos_oauth_server_profile_show');
  232.     }
  234.     /**
  235.      * @return ClientInterface
  236.      */
  237.     protected function getClient()
  238.     {
  239.         if (null !== $this->client) {
  240.             return $this->client;
  241.         }
  243.         if (null === $request $this->getCurrentRequest()) {
  244.             throw new NotFoundHttpException('Client not found.');
  245.         }
  247.         if (null === $clientId $request->get('client_id')) {
  248.             $formData $request->get($this->authorizeForm->getName(), []);
  249.             $clientId = isset($formData['client_id']) ? $formData['client_id'] : null;
  250.         }
  252.         $this->client $this->clientManager->findClientByPublicId($clientId);
  254.         if (null === $this->client) {
  255.             throw new NotFoundHttpException('Client not found.');
  256.         }
  258.         return $this->client;
  259.     }
  261.     /**
  262.      * @throws \RuntimeException
  263.      */
  264.     protected function renderAuthorize(array $dataEngineInterface $enginestring $engineType): Response
  265.     {
  266.         return $engine->renderResponse(
  267.             '@FOSOAuthServer/Authorize/authorize.html.'.$engineType,
  268.             $data
  269.         );
  270.     }
  272.     /**
  273.      * @return null|Request
  274.      */
  275.     private function getCurrentRequest()
  276.     {
  277.         $request $this->requestStack->getCurrentRequest();
  278.         if (null === $request) {
  279.             throw new \RuntimeException('No current request.');
  280.         }
  282.         return $request;
  283.     }
  284. }