D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
opt
/
psa
/
admin
/
plib
/
modules
/
grafana
/
vendor
/
league
/
oauth2-server
/
src
/
Grant
/
Filename :
RefreshTokenGrant.php
back
Copy
<?php /** * OAuth 2.0 Refresh token grant. * * @author Alex Bilbie <hello@alexbilbie.com> * @copyright Copyright (c) Alex Bilbie * @license http://mit-license.org/ * * @link https://github.com/thephpleague/oauth2-server */ declare (strict_types=1); namespace PleskGrafana\League\OAuth2\Server\Grant; use DateInterval; use Exception; use PleskGrafana\League\OAuth2\Server\Exception\OAuthServerException; use PleskGrafana\League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface; use PleskGrafana\League\OAuth2\Server\RequestAccessTokenEvent; use PleskGrafana\League\OAuth2\Server\RequestEvent; use PleskGrafana\League\OAuth2\Server\RequestRefreshTokenEvent; use PleskGrafana\League\OAuth2\Server\ResponseTypes\ResponseTypeInterface; use Psr\Http\Message\ServerRequestInterface; use function implode; use function in_array; use function json_decode; use function time; /** * Refresh token grant. */ class RefreshTokenGrant extends AbstractGrant { public function __construct(RefreshTokenRepositoryInterface $refreshTokenRepository) { $this->setRefreshTokenRepository($refreshTokenRepository); $this->refreshTokenTTL = new DateInterval('P1M'); } /** * {@inheritdoc} */ public function respondToAccessTokenRequest(ServerRequestInterface $request, ResponseTypeInterface $responseType, DateInterval $accessTokenTTL) : ResponseTypeInterface { // Validate request $client = $this->validateClient($request); $oldRefreshToken = $this->validateOldRefreshToken($request, $client->getIdentifier()); $scopes = $this->validateScopes($this->getRequestParameter('scope', $request, implode(self::SCOPE_DELIMITER_STRING, $oldRefreshToken['scopes']))); // The OAuth spec says that a refreshed access token can have the original scopes or fewer so ensure // the request doesn't include any new scopes foreach ($scopes as $scope) { if (in_array($scope->getIdentifier(), $oldRefreshToken['scopes'], \true) === \false) { throw OAuthServerException::invalidScope($scope->getIdentifier()); } } $scopes = $this->scopeRepository->finalizeScopes($scopes, $this->getIdentifier(), $client); // Expire old tokens $this->accessTokenRepository->revokeAccessToken($oldRefreshToken['access_token_id']); if ($this->revokeRefreshTokens) { $this->refreshTokenRepository->revokeRefreshToken($oldRefreshToken['refresh_token_id']); } // Issue and persist new access token $userId = $oldRefreshToken['user_id']; if (\is_int($userId)) { $userId = (string) $userId; } $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $userId, $scopes); $this->getEmitter()->emit(new RequestAccessTokenEvent(RequestEvent::ACCESS_TOKEN_ISSUED, $request, $accessToken)); $responseType->setAccessToken($accessToken); // Issue and persist new refresh token if given $refreshToken = $this->issueRefreshToken($accessToken); if ($refreshToken !== null) { $this->getEmitter()->emit(new RequestRefreshTokenEvent(RequestEvent::REFRESH_TOKEN_ISSUED, $request, $refreshToken)); $responseType->setRefreshToken($refreshToken); } return $responseType; } /** * @throws OAuthServerException * * @return array<string, mixed> */ protected function validateOldRefreshToken(ServerRequestInterface $request, string $clientId) : array { $encryptedRefreshToken = $this->getRequestParameter('refresh_token', $request) ?? throw OAuthServerException::invalidRequest('refresh_token'); // Validate refresh token try { $refreshToken = $this->decrypt($encryptedRefreshToken); } catch (Exception $e) { throw OAuthServerException::invalidRefreshToken('Cannot decrypt the refresh token', $e); } $refreshTokenData = json_decode($refreshToken, \true); if ($refreshTokenData['client_id'] !== $clientId) { $this->getEmitter()->emit(new RequestEvent(RequestEvent::REFRESH_TOKEN_CLIENT_FAILED, $request)); throw OAuthServerException::invalidRefreshToken('Token is not linked to client'); } if ($refreshTokenData['expire_time'] < time()) { throw OAuthServerException::invalidRefreshToken('Token has expired'); } if ($this->refreshTokenRepository->isRefreshTokenRevoked($refreshTokenData['refresh_token_id']) === \true) { throw OAuthServerException::invalidRefreshToken('Token has been revoked'); } return $refreshTokenData; } /** * {@inheritdoc} */ public function getIdentifier() : string { return 'refresh_token'; } }