AhmedGoGo
3/26/2019 - 7:31 AM
AuthorizationController
<?php
namespace Laravel\Passport\Http\Controllers;
use Illuminate\Http\Request;
use Laravel\Passport\Passport;
use Laravel\Passport\Bridge\User;
use Laravel\Passport\TokenRepository;
use Laravel\Passport\ClientRepository;
use Psr\Http\Message\ServerRequestInterface;
use Zend\Diactoros\Response as Psr7Response;
use League\OAuth2\Server\AuthorizationServer;
use Illuminate\Contracts\Routing\ResponseFactory;
class AuthorizationController
{
use HandlesOAuthErrors;
/**
* The authorization server.
*
* @var \League\OAuth2\Server\AuthorizationServer
*/
protected $server;
/**
* The response factory implementation.
*
* @var \Illuminate\Contracts\Routing\ResponseFactory
*/
protected $response;
/**
* The Token Repository
* @param \Laravel\Passport\TokenRepository $tokens
*/
protected $tokens;
/**
* Create a new controller instance.
*
* @param \League\OAuth2\Server\AuthorizationServer $server
* @param \Illuminate\Contracts\Routing\ResponseFactory $response
* @param \Laravel\Passport\TokenRepository $tokens
*
* @return void
*/
public function __construct(AuthorizationServer $server, ResponseFactory $response, TokenRepository $tokens)
{
$this->server = $server;
$this->response = $response;
$this->tokens = $tokens;
}
/**
* Authorize a client to access the user's account.
*
* @param \Psr\Http\Message\ServerRequestInterface $psrRequest
* @param \Illuminate\Http\Request $request
* @param \Laravel\Passport\ClientRepository $clients
* @return \Illuminate\Http\Response
*/
public function authorize(
ServerRequestInterface $psrRequest,
Request $request,
ClientRepository $clients
) {
return $this->withErrorHandling(function () use ($psrRequest, $request, $clients) {
$authRequest = $this->server->validateAuthorizationRequest($psrRequest);
$user = $request->user();
$client = $clients->find($authRequest->getClient()->getIdentifier());
if (
$client->first_party_client || ($this->hasValidToken($user, $client, $scopes = $this->parseScopes($authRequest)))
) {
return $this->approveRequest($authRequest, $user);
}
$request->session()->put('authRequest', $authRequest);
return $this->response->view('passport::authorize', [
'client' => $client,
'user' => $user,
'scopes' => $scopes,
'request' => $request,
]);
});
}
/**
* Transform the authorization requests's scopes into Scope instances.
*
* @param \League\OAuth2\Server\RequestTypes\AuthorizationRequest $authRequest
* @return array
*/
protected function parseScopes($authRequest)
{
return Passport::scopesFor(
collect($authRequest->getScopes())->map(function ($scope) {
return $scope->getIdentifier();
})->unique()->all()
);
}
/**
* Approve the authorization request.
*
* @param \League\OAuth2\Server\RequestTypes\AuthorizationRequest $authRequest
* @param \Illuminate\Database\Eloquent\Model $user
* @return \Illuminate\Http\Response
*/
protected function approveRequest($authRequest, $user)
{
$authRequest->setUser(new User($user->getKey()));
$authRequest->setAuthorizationApproved(true);
return $this->convertResponse(
$this->server->completeAuthorizationRequest($authRequest, new Psr7Response)
);
}
/**
* Check if user has an previous valid token for the same client.
*
* @param \Illuminate\Database\Eloquent\Model $user
* @param \Laravel\Passport\Client $client
* @param array $scopes
* @return boolean
*/
protected function hasValidToken($user, $client, $scopes)
{
$token = $this->tokens->findValidToken($user, $client);
return $token && $token->scopes === collect($scopes)->pluck('id')->all();
}
}