openinfra/openstackid-resources
Code Issues Proposed changes
openstackid-resources/app/Models/ResourceServer/AccessTokenService.php
Sebastian Marcet 4d7159e93f OpenstackId resource server 
* migration of resource server from openstackid to its
  own project
* migration of marketplace api
* added api tests
* added CORS middleware
* added SecurityHTTPHeadersWriterMiddleware

Change-Id: Ib3d02feeb1e756de73d380238a043a7ac1ec7ecc
2015-08-18 13:48:13 -03:00

154 lines
4.1 KiB
PHP
Raw Blame History

<?php namespace models\resource_server;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use GuzzleHttp\Client;
use GuzzleHttp\Exception\RequestException;
use Illuminate\Support\Facades\Config;
use libs\oauth2\OAuth2InvalidIntrospectionResponse;
use libs\utils\ICacheService;
use models\oauth2\AccessToken;
use libs\utils\ConfigurationException;
use libs\oauth2\InvalidGrantTypeException;
/**
* Class AccessTokenService
* @package models\resource_server
*/
final class AccessTokenService implements IAccessTokenService
{
/**
* @var ICacheService
*/
private $cache_service;
/**
* @param ICacheService $cache_service
*/
public function __construct(ICacheService $cache_service)
{
$this->cache_service = $cache_service;
}
/**
* @param string $token_value
* @return AccessToken
* @throws \Exception
*/
public function get($token_value)
{
$token = null;
$token_info = $this->cache_service->getHash(md5($token_value), array(
'access_token',
'scope',
'client_id',
'audience',
'user_id',
'expires_in',
'application_type',
'allowed_return_uris',
'allowed_origins'));
if (count($token_info) === 0)
{
$token_info = $this->makeRemoteCall($token_value);
$this->cache_service->storeHash(md5($token_value), $token_info, (int)$token_info['expires_in']);
}
else
{
$token_info['expires_in'] = $this->cache_service->ttl(md5($token_value));
}
$token = AccessToken::createFromParams(
$token_info['access_token'],
$token_info['scope'],
$token_info['client_id'],
$token_info['audience'],
$token_info['user_id'],
(int)$token_info['expires_in'],
$token_info['application_type'],
isset($token_info['allowed_return_uris']) ? $token_info['allowed_return_uris'] : null,
isset($token_info['allowed_origins']) ? $token_info['allowed_origins'] : null
);
return $token;
}
/**
* @param $token_value
* @return mixed
* @throws ConfigurationException
* @throws InvalidGrantTypeException
* @throws OAuth2InvalidIntrospectionResponse
*/
private function makeRemoteCall($token_value)
{
try
{
$client = new Client([
'defaults' => [
'timeout' => Config::get('curl.timeout', 60),
'allow_redirects' => Config::get('curl.allow_redirects', false),
'verify' => Config::get('curl.verify_ssl_cert', true)
]
]);
$client_id = Config::get('app.openstackid_client_id', '');
$client_secret = Config::get('app.openstackid_client_secret', '');
$auth_server_url = Config::get('app.openstackid_base_url', '');
if (empty($client_id))
{
throw new ConfigurationException('app.openstackid_client_id param is missing!');
}
if (empty($client_secret))
{
throw new ConfigurationException('app.openstackid_client_secret param is missing!');
}
if (empty($auth_server_url))
{
throw new ConfigurationException('app.openstackid_base_url param is missing!');
}
$response = $client->post(
$auth_server_url . '/oauth2/token/introspection',
[
'query' => ['token' => $token_value],
'headers' => ['Authorization' => " Basic " . base64_encode($client_id . ':' . $client_secret)]
]
);
$token_info = $response->json();
return $token_info;
}
catch (RequestException $ex)
{
$response = $ex->getResponse();
$body = $response->json();
$code = $response->getStatusCode();
if ($code === 400)
{
throw new InvalidGrantTypeException($body['error']);
}
throw new OAuth2InvalidIntrospectionResponse(sprintf('http code %s', $ex->getCode()));
}
}
}
View Git Blame Copy Permalink