~fkooman/vpn-user-portal

ref: 2.3.10 vpn-user-portal/src/BearerAuthenticationHook.php -rw-r--r-- 1.6 KiB
e0bd9cc0François Kooman prepare for release 1 year, 19 days ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
<?php

/*
 * eduVPN - End-user friendly VPN.
 *
 * Copyright: 2016-2019, The Commons Conservancy eduVPN Programme
 * SPDX-License-Identifier: AGPL-3.0+
 */

namespace LC\Portal;

use fkooman\OAuth\Server\Exception\OAuthException;
use LC\Common\Http\BeforeHookInterface;
use LC\Common\Http\Request;
use LC\Common\Http\Response;
use LC\Portal\OAuth\BearerValidator;

class BearerAuthenticationHook implements BeforeHookInterface
{
    /** @var \LC\Portal\OAuth\BearerValidator */
    private $bearerValidator;

    public function __construct(BearerValidator $bearerValidator)
    {
        $this->bearerValidator = $bearerValidator;
    }

    /**
     * @return \LC\Portal\OAuth\VpnAccessTokenInfo|\LC\Common\Http\Response
     */
    public function executeBefore(Request $request, array $hookData)
    {
        if (null === $authorizationHeader = $request->optionalHeader('HTTP_AUTHORIZATION')) {
            $authorizationHeader = '';
        }

        try {
            $accessTokenInfo = $this->bearerValidator->validate($authorizationHeader);
            // require "config" scope
            $accessTokenInfo->getScope()->requireAll(['config']);

            return $accessTokenInfo;
        } catch (OAuthException $e) {
            $jsonResponse = $e->getJsonResponse();

            return Response::import(
                [
                    'statusCode' => $jsonResponse->getStatusCode(),
                    'responseHeaders' => $jsonResponse->getHeaders(),
                    'responseBody' => $jsonResponse->getBody(),
                ]
            );
        }
    }
}