Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame^] | 1 | <?php |
| 2 | |
| 3 | namespace OAuth2\ResponseType; |
| 4 | |
| 5 | use OAuth2\Storage\AuthorizationCodeInterface as AuthorizationCodeStorageInterface; |
| 6 | |
| 7 | /** |
| 8 | * @author Brent Shaffer <bshafs at gmail dot com> |
| 9 | */ |
| 10 | class AuthorizationCode implements AuthorizationCodeInterface |
| 11 | { |
| 12 | protected $storage; |
| 13 | protected $config; |
| 14 | |
| 15 | public function __construct(AuthorizationCodeStorageInterface $storage, array $config = array()) |
| 16 | { |
| 17 | $this->storage = $storage; |
| 18 | $this->config = array_merge(array( |
| 19 | 'enforce_redirect' => false, |
| 20 | 'auth_code_lifetime' => 30, |
| 21 | ), $config); |
| 22 | } |
| 23 | |
| 24 | public function getAuthorizeResponse($params, $user_id = null) |
| 25 | { |
| 26 | // build the URL to redirect to |
| 27 | $result = array('query' => array()); |
| 28 | |
| 29 | $params += array('scope' => null, 'state' => null); |
| 30 | |
| 31 | $result['query']['code'] = $this->createAuthorizationCode($params['client_id'], $user_id, $params['redirect_uri'], $params['scope']); |
| 32 | |
| 33 | if (isset($params['state'])) { |
| 34 | $result['query']['state'] = $params['state']; |
| 35 | } |
| 36 | |
| 37 | return array($params['redirect_uri'], $result); |
| 38 | } |
| 39 | |
| 40 | /** |
| 41 | * Handle the creation of the authorization code. |
| 42 | * |
| 43 | * @param $client_id |
| 44 | * Client identifier related to the authorization code |
| 45 | * @param $user_id |
| 46 | * User ID associated with the authorization code |
| 47 | * @param $redirect_uri |
| 48 | * An absolute URI to which the authorization server will redirect the |
| 49 | * user-agent to when the end-user authorization step is completed. |
| 50 | * @param $scope |
| 51 | * (optional) Scopes to be stored in space-separated string. |
| 52 | * |
| 53 | * @see http://tools.ietf.org/html/rfc6749#section-4 |
| 54 | * @ingroup oauth2_section_4 |
| 55 | */ |
| 56 | public function createAuthorizationCode($client_id, $user_id, $redirect_uri, $scope = null) |
| 57 | { |
| 58 | $code = $this->generateAuthorizationCode(); |
| 59 | $this->storage->setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, time() + $this->config['auth_code_lifetime'], $scope); |
| 60 | |
| 61 | return $code; |
| 62 | } |
| 63 | |
| 64 | /** |
| 65 | * @return |
| 66 | * TRUE if the grant type requires a redirect_uri, FALSE if not |
| 67 | */ |
| 68 | public function enforceRedirect() |
| 69 | { |
| 70 | return $this->config['enforce_redirect']; |
| 71 | } |
| 72 | |
| 73 | /** |
| 74 | * Generates an unique auth code. |
| 75 | * |
| 76 | * Implementing classes may want to override this function to implement |
| 77 | * other auth code generation schemes. |
| 78 | * |
| 79 | * @return |
| 80 | * An unique auth code. |
| 81 | * |
| 82 | * @ingroup oauth2_section_4 |
| 83 | */ |
| 84 | protected function generateAuthorizationCode() |
| 85 | { |
| 86 | $tokenLen = 40; |
| 87 | if (function_exists('random_bytes')) { |
| 88 | $randomData = random_bytes(100); |
| 89 | } elseif (function_exists('openssl_random_pseudo_bytes')) { |
| 90 | $randomData = openssl_random_pseudo_bytes(100); |
| 91 | } elseif (function_exists('mcrypt_create_iv')) { |
| 92 | $randomData = mcrypt_create_iv(100, MCRYPT_DEV_URANDOM); |
| 93 | } elseif (@file_exists('/dev/urandom')) { // Get 100 bytes of random data |
| 94 | $randomData = file_get_contents('/dev/urandom', false, null, 0, 100) . uniqid(mt_rand(), true); |
| 95 | } else { |
| 96 | $randomData = mt_rand() . mt_rand() . mt_rand() . mt_rand() . microtime(true) . uniqid(mt_rand(), true); |
| 97 | } |
| 98 | |
| 99 | return substr(hash('sha512', $randomData), 0, $tokenLen); |
| 100 | } |
| 101 | } |