diff options
Diffstat (limited to 'library/oauth2/src/OAuth2/ClientAssertionType/HttpBasic.php')
-rw-r--r-- | library/oauth2/src/OAuth2/ClientAssertionType/HttpBasic.php | 123 |
1 files changed, 0 insertions, 123 deletions
diff --git a/library/oauth2/src/OAuth2/ClientAssertionType/HttpBasic.php b/library/oauth2/src/OAuth2/ClientAssertionType/HttpBasic.php deleted file mode 100644 index 0ecb7e18d..000000000 --- a/library/oauth2/src/OAuth2/ClientAssertionType/HttpBasic.php +++ /dev/null @@ -1,123 +0,0 @@ -<?php - -namespace OAuth2\ClientAssertionType; - -use OAuth2\Storage\ClientCredentialsInterface; -use OAuth2\RequestInterface; -use OAuth2\ResponseInterface; - -/** - * Validate a client via Http Basic authentication - * - * @author Brent Shaffer <bshafs at gmail dot com> - */ -class HttpBasic implements ClientAssertionTypeInterface -{ - private $clientData; - - protected $storage; - protected $config; - - /** - * @param OAuth2\Storage\ClientCredentialsInterface $clientStorage REQUIRED Storage class for retrieving client credentials information - * @param array $config OPTIONAL Configuration options for the server - * <code> - * $config = array( - * 'allow_credentials_in_request_body' => true, // whether to look for credentials in the POST body in addition to the Authorize HTTP Header - * 'allow_public_clients' => true // if true, "public clients" (clients without a secret) may be authenticated - * ); - * </code> - */ - public function __construct(ClientCredentialsInterface $storage, array $config = array()) - { - $this->storage = $storage; - $this->config = array_merge(array( - 'allow_credentials_in_request_body' => true, - 'allow_public_clients' => true, - ), $config); - } - - public function validateRequest(RequestInterface $request, ResponseInterface $response) - { - if (!$clientData = $this->getClientCredentials($request, $response)) { - return false; - } - - if (!isset($clientData['client_id'])) { - throw new \LogicException('the clientData array must have "client_id" set'); - } - - if (!isset($clientData['client_secret']) || $clientData['client_secret'] == '') { - if (!$this->config['allow_public_clients']) { - $response->setError(400, 'invalid_client', 'client credentials are required'); - - return false; - } - - if (!$this->storage->isPublicClient($clientData['client_id'])) { - $response->setError(400, 'invalid_client', 'This client is invalid or must authenticate using a client secret'); - - return false; - } - } elseif ($this->storage->checkClientCredentials($clientData['client_id'], $clientData['client_secret']) === false) { - $response->setError(400, 'invalid_client', 'The client credentials are invalid'); - - return false; - } - - $this->clientData = $clientData; - - return true; - } - - public function getClientId() - { - return $this->clientData['client_id']; - } - - /** - * Internal function used to get the client credentials from HTTP basic - * auth or POST data. - * - * According to the spec (draft 20), the client_id can be provided in - * the Basic Authorization header (recommended) or via GET/POST. - * - * @return - * A list containing the client identifier and password, for example - * @code - * return array( - * "client_id" => CLIENT_ID, // REQUIRED the client id - * "client_secret" => CLIENT_SECRET, // OPTIONAL the client secret (may be omitted for public clients) - * ); - * @endcode - * - * @see http://tools.ietf.org/html/rfc6749#section-2.3.1 - * - * @ingroup oauth2_section_2 - */ - public function getClientCredentials(RequestInterface $request, ResponseInterface $response = null) - { - if (!is_null($request->headers('PHP_AUTH_USER')) && !is_null($request->headers('PHP_AUTH_PW'))) { - return array('client_id' => $request->headers('PHP_AUTH_USER'), 'client_secret' => $request->headers('PHP_AUTH_PW')); - } - - if ($this->config['allow_credentials_in_request_body']) { - // Using POST for HttpBasic authorization is not recommended, but is supported by specification - if (!is_null($request->request('client_id'))) { - /** - * client_secret can be null if the client's password is an empty string - * @see http://tools.ietf.org/html/rfc6749#section-2.3.1 - */ - - return array('client_id' => $request->request('client_id'), 'client_secret' => $request->request('client_secret')); - } - } - - if ($response) { - $message = $this->config['allow_credentials_in_request_body'] ? ' or body' : ''; - $response->setError(400, 'invalid_client', 'Client credentials were not found in the headers'.$message); - } - - return null; - } -} |