mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/bshaffer/oauth2-server-php/src/OAuth2/ClientAssertionType/HttpBasic.php - kubeia - Gitiles

 <?php

 namespace OAuth2\ClientAssertionType;

 use OAuth2\Storage\ClientCredentialsInterface;
 use OAuth2\RequestInterface;
 use OAuth2\ResponseInterface;
 use LogicException;

 /**
  * Validate a client via Http Basic authentication
  *
  * @author    Brent Shaffer <bshafs at gmail dot com>
  */
 class HttpBasic implements ClientAssertionTypeInterface
 {
     private $clientData;

     protected $storage;
     protected $config;

     /**
      * Config array $config should look as follows:
      * @code
      *     $config = array(
      *         'allow_credentials_in_request_body' => true, // whether to look for credentials in the POST body in addition to the Authorize HTTP Header
      *         'allow_public_clients'  => true              // if true, "public clients" (clients without a secret) may be authenticated
      *     );
      * @endcode
      *
      * @param ClientCredentialsInterface $storage Storage
      * @param array                      $config  Configuration options for the server
      */
     public function __construct(ClientCredentialsInterface $storage, array $config = array())
     {
         $this->storage = $storage;
         $this->config = array_merge(array(
             'allow_credentials_in_request_body' => true,
             'allow_public_clients' => true,
         ), $config);
     }

     /**
      * Validate the OAuth request
      *
      * @param RequestInterface $request
      * @param ResponseInterface $response
      * @return bool|mixed
      * @throws LogicException
      */
     public function validateRequest(RequestInterface $request, ResponseInterface $response)
     {
         if (!$clientData = $this->getClientCredentials($request, $response)) {
             return false;
         }

         if (!isset($clientData['client_id'])) {
             throw new LogicException('the clientData array must have "client_id" set');
         }

         if (!isset($clientData['client_secret']) || $clientData['client_secret'] == '') {
             if (!$this->config['allow_public_clients']) {
                 $response->setError(400, 'invalid_client', 'client credentials are required');

                 return false;
             }

             if (!$this->storage->isPublicClient($clientData['client_id'])) {
                 $response->setError(400, 'invalid_client', 'This client is invalid or must authenticate using a client secret');

                 return false;
             }
         } elseif ($this->storage->checkClientCredentials($clientData['client_id'], $clientData['client_secret']) === false) {
             $response->setError(400, 'invalid_client', 'The client credentials are invalid');

             return false;
         }

         $this->clientData = $clientData;

         return true;
     }

     /**
      * Get the client id
      *
      * @return mixed
      */
     public function getClientId()
     {
         return $this->clientData['client_id'];
     }

     /**
      * Internal function used to get the client credentials from HTTP basic
      * auth or POST data.
      *
      * According to the spec (draft 20), the client_id can be provided in
      * the Basic Authorization header (recommended) or via GET/POST.
      *
      * @param RequestInterface  $request
      * @param ResponseInterface $response
      * @return array|null A list containing the client identifier and password, for example:
      * @code
      *     return array(
      *         "client_id"     => CLIENT_ID,        // REQUIRED the client id
      *         "client_secret" => CLIENT_SECRET,    // OPTIONAL the client secret (may be omitted for public clients)
      *     );
      * @endcode
      *
      * @see http://tools.ietf.org/html/rfc6749#section-2.3.1
      *
      * @ingroup oauth2_section_2
      */
     public function getClientCredentials(RequestInterface $request, ResponseInterface $response = null)
     {
         if (!is_null($request->headers('PHP_AUTH_USER')) && !is_null($request->headers('PHP_AUTH_PW'))) {
             return array('client_id' => $request->headers('PHP_AUTH_USER'), 'client_secret' => $request->headers('PHP_AUTH_PW'));
         }

         if ($this->config['allow_credentials_in_request_body']) {
             // Using POST for HttpBasic authorization is not recommended, but is supported by specification
             if (!is_null($request->request('client_id'))) {
                 /**
                  * client_secret can be null if the client's password is an empty string
                  * @see http://tools.ietf.org/html/rfc6749#section-2.3.1
                  */
                 return array('client_id' => $request->request('client_id'), 'client_secret' => $request->request('client_secret'));
             }
         }

         if ($response) {
             $message = $this->config['allow_credentials_in_request_body'] ? ' or body' : '';
             $response->setError(400, 'invalid_client', 'Client credentials were not found in the headers'.$message);
         }

         return null;
     }
 }
	<?php

	namespace OAuth2\ClientAssertionType;

	use OAuth2\Storage\ClientCredentialsInterface;
	use OAuth2\RequestInterface;
	use OAuth2\ResponseInterface;
	use LogicException;

	/**
	* Validate a client via Http Basic authentication
	*
	* @author Brent Shaffer <bshafs at gmail dot com>
	*/
	class HttpBasic implements ClientAssertionTypeInterface
	{
	private $clientData;

	protected $storage;
	protected $config;

	/**
	* Config array $config should look as follows:
	* @code
	* $config = array(
	* 'allow_credentials_in_request_body' => true, // whether to look for credentials in the POST body in addition to the Authorize HTTP Header
	* 'allow_public_clients' => true // if true, "public clients" (clients without a secret) may be authenticated
	* );
	* @endcode
	*
	* @param ClientCredentialsInterface $storage Storage
	* @param array $config Configuration options for the server
	*/
	public function __construct(ClientCredentialsInterface $storage, array $config = array())
	{
	$this->storage = $storage;
	$this->config = array_merge(array(
	'allow_credentials_in_request_body' => true,
	'allow_public_clients' => true,
	), $config);
	}

	/**
	* Validate the OAuth request
	*
	* @param RequestInterface $request
	* @param ResponseInterface $response
	* @return bool\|mixed
	* @throws LogicException
	*/
	public function validateRequest(RequestInterface $request, ResponseInterface $response)
	{
	if (!$clientData = $this->getClientCredentials($request, $response)) {
	return false;
	}

	if (!isset($clientData['client_id'])) {
	throw new LogicException('the clientData array must have "client_id" set');
	}

	if (!isset($clientData['client_secret']) \|\| $clientData['client_secret'] == '') {
	if (!$this->config['allow_public_clients']) {
	$response->setError(400, 'invalid_client', 'client credentials are required');

	return false;
	}

	if (!$this->storage->isPublicClient($clientData['client_id'])) {
	$response->setError(400, 'invalid_client', 'This client is invalid or must authenticate using a client secret');

	return false;
	}
	} elseif ($this->storage->checkClientCredentials($clientData['client_id'], $clientData['client_secret']) === false) {
	$response->setError(400, 'invalid_client', 'The client credentials are invalid');

	return false;
	}

	$this->clientData = $clientData;

	return true;
	}

	/**
	* Get the client id
	*
	* @return mixed
	*/
	public function getClientId()
	{
	return $this->clientData['client_id'];
	}

	/**
	* Internal function used to get the client credentials from HTTP basic
	* auth or POST data.
	*
	* According to the spec (draft 20), the client_id can be provided in
	* the Basic Authorization header (recommended) or via GET/POST.
	*
	* @param RequestInterface $request
	* @param ResponseInterface $response
	* @return array\|null A list containing the client identifier and password, for example:
	* @code
	* return array(
	* "client_id" => CLIENT_ID, // REQUIRED the client id
	* "client_secret" => CLIENT_SECRET, // OPTIONAL the client secret (may be omitted for public clients)
	* );
	* @endcode
	*
	* @see http://tools.ietf.org/html/rfc6749#section-2.3.1
	*
	* @ingroup oauth2_section_2
	*/
	public function getClientCredentials(RequestInterface $request, ResponseInterface $response = null)
	{
	if (!is_null($request->headers('PHP_AUTH_USER')) && !is_null($request->headers('PHP_AUTH_PW'))) {
	return array('client_id' => $request->headers('PHP_AUTH_USER'), 'client_secret' => $request->headers('PHP_AUTH_PW'));
	}

	if ($this->config['allow_credentials_in_request_body']) {
	// Using POST for HttpBasic authorization is not recommended, but is supported by specification
	if (!is_null($request->request('client_id'))) {
	/**
	* client_secret can be null if the client's password is an empty string
	* @see http://tools.ietf.org/html/rfc6749#section-2.3.1
	*/
	return array('client_id' => $request->request('client_id'), 'client_secret' => $request->request('client_secret'));
	}
	}

	if ($response) {
	$message = $this->config['allow_credentials_in_request_body'] ? ' or body' : '';
	$response->setError(400, 'invalid_client', 'Client credentials were not found in the headers'.$message);
	}

	return null;
	}
	}