<?php
|
|
use Symfony\Component\HttpFoundation\Request;
|
|
use Symfony\Component\HttpFoundation\Response;
|
|
|
|
class Token {
|
|
|
|
public $http;
|
|
private $_pretty = false;
|
|
|
|
public function __construct() {
|
|
$this->http = new p3k\HTTP();
|
|
}
|
|
|
|
public function token(Request $request, Response $response) {
|
|
|
|
if($request->get('pretty')) {
|
|
$this->_pretty = true;
|
|
}
|
|
|
|
$source = $request->get('source');
|
|
$code = $request->get('code');
|
|
|
|
if(!$source) {
|
|
return $this->respond($response, 400, [
|
|
'error' => 'invalid_request',
|
|
'error_description' => 'Provide a source URL'
|
|
]);
|
|
}
|
|
|
|
if(!$code) {
|
|
return $this->respond($response, 400, [
|
|
'error' => 'invalid_request',
|
|
'error_description' => 'Provide an authorization code'
|
|
]);
|
|
}
|
|
|
|
$scheme = parse_url($source, PHP_URL_SCHEME);
|
|
if(!in_array($scheme, ['http','https'])) {
|
|
return $this->respond($response, 400, [
|
|
'error' => 'invalid_url',
|
|
'error_description' => 'Only http and https URLs are supported'
|
|
]);
|
|
}
|
|
|
|
// First try to discover the token endpoint
|
|
$head = $this->http->head($source);
|
|
|
|
if(!array_key_exists('Link', $head['headers'])) {
|
|
return $this->respond($response, 200, [
|
|
'error' => 'no_token_endpoint',
|
|
'error_description' => 'No Link headers were returned'
|
|
]);
|
|
}
|
|
|
|
if(is_string($head['headers']['Link']))
|
|
$head['headers']['Link'] = [$head['headers']['Link']];
|
|
|
|
$rels = p3k\HTTP::link_rels($head['headers']);
|
|
|
|
$endpoint = false;
|
|
if(array_key_exists('token_endpoint', $rels)) {
|
|
$endpoint = $rels['token_endpoint'][0];
|
|
} elseif(array_key_exists('oauth2-token', $rels)) {
|
|
$endpoint = $rels['oauth2-token'][0];
|
|
}
|
|
|
|
if(!$endpoint) {
|
|
return $this->respond($response, 200, [
|
|
'error' => 'no_token_endpoint',
|
|
'error_description' => 'No token endpoint was found in the headers'
|
|
]);
|
|
}
|
|
|
|
// Resolve the endpoint URL relative to the source URL
|
|
$endpoint = \mf2\resolveUrl($source, $endpoint);
|
|
|
|
// Now exchange the code for a token
|
|
$token = $this->http->post($endpoint, [
|
|
'grant_type' => 'authorization_code',
|
|
'code' => $code
|
|
]);
|
|
|
|
// Catch HTTP errors here such as timeouts
|
|
if($token['error']) {
|
|
return $this->respond($response, 400, [
|
|
'error' => $token['error'],
|
|
'error_description' => $token['error_description'] ?: 'An unknown error occurred trying to fetch the token'
|
|
]);
|
|
}
|
|
|
|
// Otherwise pass through the response from the token endpoint
|
|
$body = @json_decode($token['body']);
|
|
|
|
// Pass through the content type if we were not able to decode the response as JSON
|
|
$headers = [];
|
|
if(!$body && isset($token['headers']['Content-Type'])) {
|
|
$headers['Content-Type'] = $token['headers']['Content-Type'];
|
|
}
|
|
|
|
return $this->respond($response, $token['code'], $body ?: $token['body'], $headers);
|
|
}
|
|
|
|
private function respond(Response $response, $code, $params, $headers=[]) {
|
|
$response->setStatusCode($code);
|
|
foreach($headers as $k=>$v) {
|
|
$response->headers->set($k, $v);
|
|
}
|
|
if(is_array($params) || is_object($params)) {
|
|
$response->headers->set('Content-Type', 'application/json');
|
|
$opts = JSON_UNESCAPED_SLASHES;
|
|
if($this->_pretty) $opts += JSON_PRETTY_PRINT;
|
|
$response->setContent(json_encode($params, $opts)."\n");
|
|
} else {
|
|
$response->setContent($params);
|
|
}
|
|
return $response;
|
|
}
|
|
|
|
}
|