PHP Classes

File: mod/_functions.php

Recommend this page to a friend!
  Classes of Payam Naderi   PHP OAuth2 Client   mod/_functions.php   Download  
File: mod/_functions.php
Role: Example script
Content type: text/plain
Description: Example script
Class: PHP OAuth2 Client
Authorize and access servers using OAuth2
Author: By
Last change:
Date: 5 years ago
Size: 3,387 bytes
 

Contents

Class file image Download
<?php
namespace Module\OAuth2Client\Assertion
{
    use Poirot\ApiClient\Interfaces\Token\iAccessTokenObject;
    use Poirot\OAuth2Client\Exception\exOAuthAccessDenied;
    use Poirot\OAuth2Client\Exception\exOAuthScopeRequired;
    use Poirot\OAuth2Client\Interfaces\iAccessTokenEntity;


    /**
     * Validate Asserted Token Entity (Retrieved From Server),
     * against given condition
     *
     * @param iAccessTokenEntity|null $token
     * @param object $tokenCondition
     *
     * @throws exOAuthAccessDenied|\Exception
     */
    function validateAccessToken($token = null, $tokenCondition)
    {
        if ( !$token instanceof iAccessTokenEntity && !$token instanceof iAccessTokenObject) {
            if ($token === null)
                throw new exOAuthAccessDenied('Token has to be send.');

            throw new exOAuthAccessDenied('Token is revoked or mismatch.');
        }


        if ($tokenCondition)
        {
            ## Check Have Resource Owner
            #
            if ($token instanceof iAccessTokenEntity)
                $owner = $token->getOwnerIdentifier();
            else
                throw new \Exception('Access Token Missing.');

            if (
                isset($tokenCondition->mustHaveOwner)
                && $tokenCondition->mustHaveOwner
                && empty($owner)
            )
                throw new exOAuthAccessDenied('Token Not Granted To Resource Owner; But Have To.');


            ## Check Scopes Validity
            #
            if (
                isset($tokenCondition->scopes)
                && ! empty($tokenCondition->scopes)
            ) {
                $tokenScopes = $token->getScopes();
                $reqScopes = $tokenCondition->scopes;
                if (! is_array($reqScopes) )
                    throw new \InvalidArgumentException(sprintf(
                        'Scopes must be array; given: (%s).'
                        , \Poirot\Std\flatten($reqScopes)
                    ));


                // Sort token scopes to achieve better finding performance
                //
                ksort($tokenScopes);
                $tScopeSorted = [];
                foreach ($tokenScopes as $scope) {
                    $tChr = strtolower($scope[0]);
                    if (! isset($tScopeSorted[$tChr]) )
                        $tScopeSorted[$tChr] = [];

                    $tScopeSorted[$tChr][] = $scope;
                }

                // Check for require scope
                //
                foreach ($reqScopes as $rScope)
                {
                    $tChr = strtolower($rScope[0]);
                    if (! isset($tScopeSorted[$tChr]) )
                        break;

                    foreach ($tScopeSorted[$tChr] as $ts) {
                        if ( false !== strstr($ts, $rScope) )
                            return;
                    }
                }


                throw new exOAuthScopeRequired(sprintf(
                    'Scopes: (%s) Needed But Not Fulfilled By Token.'
                    , implode(' ', $tokenCondition->scopes)
                ));
            }
        }
    };

    function funValidateAccessToken($tokenCondition)
    {
        return function (iAccessTokenEntity $token = null) use ($tokenCondition) {
            validateAccessToken($token, $tokenCondition);
        };
    }
}