-
-
Notifications
You must be signed in to change notification settings - Fork 18
/
Copy pathClientRepository.php
94 lines (76 loc) · 2.43 KB
/
ClientRepository.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
<?php
declare(strict_types=1);
namespace Mezzio\Authentication\OAuth2\Repository\Pdo;
use League\OAuth2\Server\Entities\ClientEntityInterface;
use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
use Mezzio\Authentication\OAuth2\Entity\ClientEntity;
use function password_verify;
class ClientRepository extends AbstractRepository implements ClientRepositoryInterface
{
/**
* {@inheritDoc}
*/
public function getClientEntity($clientIdentifier): ?ClientEntityInterface
{
$clientData = $this->getClientData($clientIdentifier);
if (empty($clientData)) {
return null;
}
return new ClientEntity(
$clientIdentifier,
$clientData['name'] ?? '',
$clientData['redirect'] ?? '',
(bool) ($clientData['is_confidential'] ?? null)
);
}
/**
* {@inheritDoc}
*/
public function validateClient($clientIdentifier, $clientSecret, $grantType): bool
{
$clientData = $this->getClientData($clientIdentifier);
if (empty($clientData)) {
return false;
}
if (! $this->isGranted($clientData, $grantType)) {
return false;
}
if (empty($clientData['secret']) || ! password_verify((string) $clientSecret, $clientData['secret'])) {
return false;
}
return true;
}
/**
* Check the grantType for the client value, stored in $row
*
* @param array $row
*/
protected function isGranted(array $row, ?string $grantType = null): bool
{
switch ($grantType) {
case 'authorization_code':
return ! ($row['personal_access_client'] || $row['password_client']);
case 'personal_access':
return (bool) $row['personal_access_client'];
case 'password':
return (bool) $row['password_client'];
default:
return true;
}
}
private function getClientData(string $clientIdentifier): ?array
{
$statement = $this->pdo->prepare(
'SELECT * FROM oauth_clients WHERE name = :clientIdentifier'
);
$statement->bindParam(':clientIdentifier', $clientIdentifier);
if ($statement->execute() === false) {
return null;
}
$row = $statement->fetch();
if (empty($row)) {
return null;
}
return $row;
}
}