Hugging Face's logo

Spaces:
kenken999
/
processmaker-community
Sleeping

App Files Community
processmaker-community / processmaker-files /workflow /engine /src /ProcessMaker /Services /OAuth2 /PmClientCredentials.php
kenken999's picture
kenken999
Upload folder using huggingface_hub
07c3cdd verified
Raw
History Blame Contribute Delete
4.33 kB
<?php
namespace ProcessMaker\Services\OAuth2;
use OAuth2\ClientAssertionType\HttpBasic;
use OAuth2\ResponseType\AccessTokenInterface;
use OAuth2\Storage\ClientCredentialsInterface;
use OAuth2\RequestInterface;
use OAuth2\ResponseInterface;
/**
 * @author Brent Shaffer <bshafs at gmail dot com>
 *
 * @see OAuth2_ClientAssertionType_HttpBasic
 */
class PmClientCredentials implements \OAuth2\GrantType\GrantTypeInterface
{
 private $clientData;
protected $storage;
 protected $config;
public function __construct(ClientCredentialsInterface $storage, array $config = array())
 {
 $this->storage = $storage;
 $this->config = array_merge(array(
 'allow_credentials_in_request_body' => true
 ), $config);
 }
public function validateRequest(RequestInterface $request, ResponseInterface $response)
 {
 if (!$clientData = $this->getClientCredentials($request, $response)) {
 return false;
 }
if (!isset($clientData['client_id']) || !isset($clientData['client_secret'])) {
 throw new \LogicException('the clientData array must have "client_id" and "client_secret" values set.');
 }
if ($this->storage->checkClientCredentials($clientData['client_id'], $clientData['client_secret']) === false) {
 $response->setError(400, 'invalid_client', 'The client credentials are invalid');
 return false;
 }
if (!$this->storage->checkRestrictedGrantType($clientData['client_id'], $request->request('grant_type'))) {
 $response->setError(400, 'unauthorized_client', 'The grant type is unauthorized for this client_id');
 return false;
 }
$this->clientData = $clientData;
return true;
 }
public function getClientId()
 {
 return $this->clientData['client_id'];
 }
/**
 * Internal function used to get the client credentials from HTTP basic
 * auth or POST data.
 *
 * According to the spec (draft 20), the client_id can be provided in
 * the Basic Authorization header (recommended) or via GET/POST.
 *
 * @return
 * A list containing the client identifier and password, for example
 * @code
 * return array(
 * "client_id" => CLIENT_ID, // REQUIRED the client id
 * "client_secret" => CLIENT_SECRET, // REQUIRED the client secret
 * );
 * @endcode
 *
 * @see http://tools.ietf.org/html/rfc6749#section-2.3.1
 *
 * @ingroup oauth2_section_2
 */
 public function getClientCredentials(RequestInterface $request, ResponseInterface $response = null)
 {
 if (!is_null($request->headers('PHP_AUTH_USER')) && !is_null($request->headers('PHP_AUTH_PW'))) {
 return array('client_id' => $request->headers('PHP_AUTH_USER'), 'client_secret' => $request->headers('PHP_AUTH_PW'));
 }
if ($this->config['allow_credentials_in_request_body']) {
 // Using POST for HttpBasic authorization is not recommended, but is supported by specification
 if (!is_null($request->request('client_id'))) {
 /**
 * client_secret can be null if the client's password is an empty string
 * @see http://tools.ietf.org/html/rfc6749#section-2.3.1
 */
 return array('client_id' => $request->request('client_id'), 'client_secret' => $request->request('client_secret', ''));
 }
 }
if ($response) {
 $response->setError(400, 'invalid_client', 'Client credentials were not found in the headers or body');
 }
return null;
 }
public function getQuerystringIdentifier()
 {
 return 'client_credentials';
 }
public function getScope()
 {
 return null;
 }
public function getUserId()
 {
 return null;
 }
public function createAccessToken(AccessTokenInterface $accessToken, $client_id, $user_id, $scope)
 {
 /*
 * Client Credentials Grant does NOT include a refresh token
 * @see http://tools.ietf.org/html/rfc6749#section-4.4.3
 */
 $includeRefreshToken = false;
 return $accessToken->createAccessToken($client_id, $user_id, $scope, $includeRefreshToken);
 }
}