vendor/friendsofsymfony/oauth-server-bundle/Controller/AuthorizeController.php line 133

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. /*
  6.  * This file is part of the FOSOAuthServerBundle package.
  7.  *
  8.  * (c) FriendsOfSymfony <http://friendsofsymfony.github.com/>
  9.  *
  10.  * For the full copyright and license information, please view the LICENSE
  11.  * file that was distributed with this source code.
  12.  */
  14. namespace FOS\OAuthServerBundle\Controller;
  16. use FOS\OAuthServerBundle\Event\PostAuthorizationEvent;
  17. use FOS\OAuthServerBundle\Event\PreAuthorizationEvent;
  18. use FOS\OAuthServerBundle\Form\Handler\AuthorizeFormHandler;
  19. use FOS\OAuthServerBundle\Model\ClientInterface;
  20. use FOS\OAuthServerBundle\Model\ClientManagerInterface;
  21. use OAuth2\OAuth2;
  22. use OAuth2\OAuth2ServerException;
  23. use Symfony\Component\EventDispatcher\EventDispatcherInterface;
  24. use Symfony\Component\Form\Form;
  25. use Symfony\Component\HttpFoundation\Request;
  26. use Symfony\Component\HttpFoundation\RequestStack;
  27. use Symfony\Component\HttpFoundation\Response;
  28. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  29. use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  30. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  31. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  32. use Symfony\Component\Security\Core\Exception\AccessDeniedException;
  33. use Symfony\Component\Security\Core\User\UserInterface;
  34. use Twig\Environment as TwigEnvironment;
  36. /**
  37.  * Controller handling basic authorization.
  38.  *
  39.  * @author Chris Jones <leeked@gmail.com>
  40.  */
  41. class AuthorizeController
  42. {
  43.     /**
  44.      * @var ClientInterface
  45.      */
  46.     private $client;
  48.     /**
  49.      * @var SessionInterface
  50.      */
  51.     private $session;
  53.     /**
  54.      * @var Form
  55.      */
  56.     private $authorizeForm;
  58.     /**
  59.      * @var AuthorizeFormHandler
  60.      */
  61.     private $authorizeFormHandler;
  63.     /**
  64.      * @var OAuth2
  65.      */
  66.     private $oAuth2Server;
  68.     /**
  69.      * @var RequestStack
  70.      */
  71.     private $requestStack;
  73.     /**
  74.      * @var TokenStorageInterface
  75.      */
  76.     private $tokenStorage;
  78.     /**
  79.      * @var TwigEnvironment
  80.      */
  81.     private $twig;
  83.     /**
  84.      * @var UrlGeneratorInterface
  85.      */
  86.     private $router;
  88.     /**
  89.      * @var ClientManagerInterface
  90.      */
  91.     private $clientManager;
  93.     /**
  94.      * @var EventDispatcherInterface
  95.      */
  96.     private $eventDispatcher;
  98.     /**
  99.      * This controller had been made as a service due to support symfony 4 where all* services are private by default.
  100.      * Thus, this is considered a bad practice to fetch services directly from container.
  101.      *
  102.      * @todo This controller could be refactored to not rely on so many dependencies
  103.      *
  104.      * @param SessionInterface $session
  105.      */
  106.     public function __construct(
  107.         RequestStack $requestStack,
  108.         Form $authorizeForm,
  109.         AuthorizeFormHandler $authorizeFormHandler,
  110.         OAuth2 $oAuth2Server,
  111.         TokenStorageInterface $tokenStorage,
  112.         UrlGeneratorInterface $router,
  113.         ClientManagerInterface $clientManager,
  114.         EventDispatcherInterface $eventDispatcher,
  115.         TwigEnvironment $twig,
  116.         SessionInterface $session null
  117.     ) {
  118.         $this->requestStack $requestStack;
  119.         $this->session $session;
  120.         $this->authorizeForm $authorizeForm;
  121.         $this->authorizeFormHandler $authorizeFormHandler;
  122.         $this->oAuth2Server $oAuth2Server;
  123.         $this->tokenStorage $tokenStorage;
  124.         $this->router $router;
  125.         $this->clientManager $clientManager;
  126.         $this->eventDispatcher $eventDispatcher;
  127.         $this->twig $twig;
  128.     }
  130.     /**
  131.      * Authorize.
  132.      */
  133.     public function authorizeAction(Request $request)
  134.     {
  135.         $user $this->tokenStorage->getToken()->getUser();
  137.         if (!$user instanceof UserInterface) {
  138.             throw new AccessDeniedException('This user does not have access to this section.');
  139.         }
  141.         if ($this->session && true === $this->session->get('_fos_oauth_server.ensure_logout')) {
  142.             $this->session->invalidate(600);
  143.             $this->session->set('_fos_oauth_server.ensure_logout'true);
  144.         }
  146.         $form $this->authorizeForm;
  147.         $formHandler $this->authorizeFormHandler;
  149.         /** @var PreAuthorizationEvent $event */
  150.         $event $this->eventDispatcher->dispatch(new PreAuthorizationEvent($user$this->getClient()));
  152.         if ($event->isAuthorizedClient()) {
  153.             $scope $request->get('scope'null);
  155.             return $this->oAuth2Server->finishClientAuthorization(true$user$request$scope);
  156.         }
  158.         if (true === $formHandler->process()) {
  159.             return $this->processSuccess($user$formHandler$request);
  160.         }
  162.         return $this->renderAuthorize([
  163.             'form' => $form->createView(),
  164.             'client' => $this->getClient(),
  165.         ]);
  166.     }
  168.     /**
  169.      * @return Response
  170.      */
  171.     protected function processSuccess(UserInterface $userAuthorizeFormHandler $formHandlerRequest $request)
  172.     {
  173.         if ($this->session && true === $this->session->get('_fos_oauth_server.ensure_logout')) {
  174.             $this->tokenStorage->setToken(null);
  175.             $this->session->invalidate();
  176.         }
  178.         $this->eventDispatcher->dispatch(new PostAuthorizationEvent($user$this->getClient(), $formHandler->isAccepted()));
  180.         $formName $this->authorizeForm->getName();
  181.         if (!$request->query->all() && $request->request->has($formName)) {
  182.             $request->query->add($request->request->get($formName));
  183.         }
  185.         try {
  186.             return $this->oAuth2Server
  187.                 ->finishClientAuthorization($formHandler->isAccepted(), $user$request$formHandler->getScope())
  188.             ;
  189.         } catch (OAuth2ServerException $e) {
  190.             return $e->getHttpResponse();
  191.         }
  192.     }
  194.     /**
  195.      * Generate the redirection url when the authorize is completed.
  196.      *
  197.      * @return string
  198.      */
  199.     protected function getRedirectionUrl(UserInterface $user)
  200.     {
  201.         return $this->router->generate('fos_oauth_server_profile_show');
  202.     }
  204.     /**
  205.      * @return ClientInterface
  206.      */
  207.     protected function getClient()
  208.     {
  209.         if (null !== $this->client) {
  210.             return $this->client;
  211.         }
  213.         if (null === $request $this->getCurrentRequest()) {
  214.             throw new NotFoundHttpException('Client not found.');
  215.         }
  217.         if (null === $clientId $request->get('client_id')) {
  218.             $formData $request->get($this->authorizeForm->getName(), []);
  219.             $clientId = isset($formData['client_id']) ? $formData['client_id'] : null;
  220.         }
  222.         $this->client $this->clientManager->findClientByPublicId($clientId);
  224.         if (null === $this->client) {
  225.             throw new NotFoundHttpException('Client not found.');
  226.         }
  228.         return $this->client;
  229.     }
  231.     protected function renderAuthorize(array $context): Response
  232.     {
  233.         return new Response(
  234.             $this->twig->render('@FOSOAuthServer/Authorize/authorize.html.twig'$context)
  235.         );
  236.     }
  238.     /**
  239.      * @return Request|null
  240.      */
  241.     private function getCurrentRequest()
  242.     {
  243.         $request $this->requestStack->getCurrentRequest();
  244.         if (null === $request) {
  245.             throw new \RuntimeException('No current request.');
  246.         }
  248.         return $request;
  249.     }
  250. }