You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
506 lines
13 KiB
506 lines
13 KiB
<?php |
|
/** |
|
* @link http://www.yiiframework.com/ |
|
* @copyright Copyright (c) 2008 Yii Software LLC |
|
* @license http://www.yiiframework.com/license/ |
|
*/ |
|
|
|
namespace yii\authclient; |
|
|
|
use yii\base\Component; |
|
use yii\base\Exception; |
|
use yii\base\InvalidParamException; |
|
use Yii; |
|
use yii\helpers\Json; |
|
|
|
/** |
|
* BaseClient is a base class for the OAuth clients. |
|
* |
|
* @see http://oauth.net/ |
|
* |
|
* @author Paul Klimov <klimov.paul@gmail.com> |
|
* @since 2.0 |
|
*/ |
|
abstract class BaseOAuth extends Component implements ClientInterface |
|
{ |
|
use ClientTrait; |
|
|
|
const CONTENT_TYPE_JSON = 'json'; // JSON format |
|
const CONTENT_TYPE_URLENCODED = 'urlencoded'; // urlencoded query string, like name1=value1&name2=value2 |
|
const CONTENT_TYPE_XML = 'xml'; // XML format |
|
const CONTENT_TYPE_AUTO = 'auto'; // attempts to determine format automatically |
|
|
|
/** |
|
* @var string protocol version. |
|
*/ |
|
public $version = '1.0'; |
|
/** |
|
* @var string URL, which user will be redirected after authentication at the OAuth provider web site. |
|
* Note: this should be absolute URL (with http:// or https:// leading). |
|
* By default current URL will be used. |
|
*/ |
|
private $_returnUrl = ''; |
|
/** |
|
* @var string API base URL. |
|
*/ |
|
public $apiBaseUrl = ''; |
|
/** |
|
* @var string authorize URL. |
|
*/ |
|
public $authUrl = ''; |
|
/** |
|
* @var string auth request scope. |
|
*/ |
|
public $scope = ''; |
|
/** |
|
* @var array cURL request options. Option values from this field will overwrite corresponding |
|
* values from {@link defaultCurlOptions()}. |
|
*/ |
|
private $_curlOptions = []; |
|
/** |
|
* @var OAuthToken|array access token instance or its array configuration. |
|
*/ |
|
private $_accessToken = null; |
|
/** |
|
* @var signature\BaseMethod|array signature method instance or its array configuration. |
|
*/ |
|
private $_signatureMethod = []; |
|
|
|
/** |
|
* @param string $returnUrl return URL |
|
*/ |
|
public function setReturnUrl($returnUrl) |
|
{ |
|
$this->_returnUrl = $returnUrl; |
|
} |
|
|
|
/** |
|
* @return string return URL. |
|
*/ |
|
public function getReturnUrl() |
|
{ |
|
if (empty($this->_returnUrl)) { |
|
$this->_returnUrl = $this->defaultReturnUrl(); |
|
} |
|
return $this->_returnUrl; |
|
} |
|
|
|
/** |
|
* @param array $curlOptions cURL options. |
|
*/ |
|
public function setCurlOptions(array $curlOptions) |
|
{ |
|
$this->_curlOptions = $curlOptions; |
|
} |
|
|
|
/** |
|
* @return array cURL options. |
|
*/ |
|
public function getCurlOptions() |
|
{ |
|
return $this->_curlOptions; |
|
} |
|
|
|
/** |
|
* @param array|OAuthToken $token |
|
*/ |
|
public function setAccessToken($token) |
|
{ |
|
if (!is_object($token)) { |
|
$token = $this->createToken($token); |
|
} |
|
$this->_accessToken = $token; |
|
$this->saveAccessToken($token); |
|
} |
|
|
|
/** |
|
* @return OAuthToken auth token instance. |
|
*/ |
|
public function getAccessToken() |
|
{ |
|
if (!is_object($this->_accessToken)) { |
|
$this->_accessToken = $this->restoreAccessToken(); |
|
} |
|
return $this->_accessToken; |
|
} |
|
|
|
/** |
|
* @param array|signature\BaseMethod $signatureMethod signature method instance or its array configuration. |
|
* @throws InvalidParamException on wrong argument. |
|
*/ |
|
public function setSignatureMethod($signatureMethod) |
|
{ |
|
if (!is_object($signatureMethod) && !is_array($signatureMethod)) { |
|
throw new InvalidParamException('"' . get_class($this) . '::signatureMethod" should be instance of "\yii\autclient\signature\BaseMethod" or its array configuration. "' . gettype($signatureMethod) . '" has been given.'); |
|
} |
|
$this->_signatureMethod = $signatureMethod; |
|
} |
|
|
|
/** |
|
* @return signature\BaseMethod signature method instance. |
|
*/ |
|
public function getSignatureMethod() |
|
{ |
|
if (!is_object($this->_signatureMethod)) { |
|
$this->_signatureMethod = $this->createSignatureMethod($this->_signatureMethod); |
|
} |
|
return $this->_signatureMethod; |
|
} |
|
|
|
/** |
|
* Composes default {@link returnUrl} value. |
|
* @return string return URL. |
|
*/ |
|
protected function defaultReturnUrl() |
|
{ |
|
return Yii::$app->getRequest()->getAbsoluteUrl(); |
|
} |
|
|
|
/** |
|
* Sends HTTP request. |
|
* @param string $method request type. |
|
* @param string $url request URL. |
|
* @param array $params request params. |
|
* @return array response. |
|
* @throws Exception on failure. |
|
*/ |
|
protected function sendRequest($method, $url, array $params = []) |
|
{ |
|
$curlOptions = $this->mergeCurlOptions( |
|
$this->defaultCurlOptions(), |
|
$this->getCurlOptions(), |
|
array( |
|
CURLOPT_RETURNTRANSFER => true, |
|
CURLOPT_URL => $url, |
|
), |
|
$this->composeRequestCurlOptions(strtoupper($method), $url, $params) |
|
); |
|
$curlResource = curl_init(); |
|
foreach ($curlOptions as $option => $value) { |
|
curl_setopt($curlResource, $option, $value); |
|
} |
|
$response = curl_exec($curlResource); |
|
$responseHeaders = curl_getinfo($curlResource); |
|
|
|
// check cURL error |
|
$errorNumber = curl_errno($curlResource); |
|
$errorMessage = curl_error($curlResource); |
|
|
|
curl_close($curlResource); |
|
|
|
if ($errorNumber > 0) { |
|
throw new Exception('Curl error requesting "' . $url . '": #' . $errorNumber . ' - ' . $errorMessage); |
|
} |
|
if ($responseHeaders['http_code'] != 200) { |
|
throw new Exception('Request failed with code: ' . $responseHeaders['http_code'] . ', message: ' . $response); |
|
} |
|
return $this->processResponse($response, $this->determineContentTypeByHeaders($responseHeaders)); |
|
} |
|
|
|
/** |
|
* Merge CUrl options. |
|
* If each options array has an element with the same key value, the latter |
|
* will overwrite the former. |
|
* @param array $options1 options to be merged to. |
|
* @param array $options2 options to be merged from. You can specify additional |
|
* arrays via third argument, fourth argument etc. |
|
* @return array merged options (the original options are not changed.) |
|
*/ |
|
protected function mergeCurlOptions($options1, $options2) |
|
{ |
|
$args = func_get_args(); |
|
$res = array_shift($args); |
|
while (!empty($args)) { |
|
$next = array_shift($args); |
|
foreach ($next as $k => $v) { |
|
$res[$k]=$v; |
|
} |
|
} |
|
return $res; |
|
} |
|
|
|
/** |
|
* Returns default cURL options. |
|
* @return array cURL options. |
|
*/ |
|
protected function defaultCurlOptions() |
|
{ |
|
return [ |
|
CURLOPT_USERAGENT => Yii::$app->name . ' OAuth ' . $this->version . ' Client', |
|
CURLOPT_CONNECTTIMEOUT => 30, |
|
CURLOPT_TIMEOUT => 30, |
|
CURLOPT_SSL_VERIFYPEER => false, |
|
]; |
|
} |
|
|
|
/** |
|
* Processes raw response converting it to actual data. |
|
* @param string $rawResponse raw response. |
|
* @param string $contentType response content type. |
|
* @throws Exception on failure. |
|
* @return array actual response. |
|
*/ |
|
protected function processResponse($rawResponse, $contentType = self::CONTENT_TYPE_AUTO) |
|
{ |
|
if (empty($rawResponse)) { |
|
return []; |
|
} |
|
switch ($contentType) { |
|
case self::CONTENT_TYPE_AUTO: { |
|
$contentType = $this->determineContentTypeByRaw($rawResponse); |
|
if ($contentType == self::CONTENT_TYPE_AUTO) { |
|
throw new Exception('Unable to determine response content type automatically.'); |
|
} |
|
$response = $this->processResponse($rawResponse, $contentType); |
|
break; |
|
} |
|
case self::CONTENT_TYPE_JSON: { |
|
$response = Json::decode($rawResponse, true); |
|
if (isset($response['error'])) { |
|
throw new Exception('Response error: ' . $response['error']); |
|
} |
|
break; |
|
} |
|
case self::CONTENT_TYPE_URLENCODED: { |
|
$response = []; |
|
parse_str($rawResponse, $response); |
|
break; |
|
} |
|
case self::CONTENT_TYPE_XML: { |
|
$response = $this->convertXmlToArray($rawResponse); |
|
break; |
|
} |
|
default: { |
|
throw new Exception('Unknown response type "' . $contentType . '".'); |
|
} |
|
} |
|
return $response; |
|
} |
|
|
|
/** |
|
* Converts XML document to array. |
|
* @param string|\SimpleXMLElement $xml xml to process. |
|
* @return array XML array representation. |
|
*/ |
|
protected function convertXmlToArray($xml) |
|
{ |
|
if (!is_object($xml)) { |
|
$xml = simplexml_load_string($xml); |
|
} |
|
$result = (array)$xml; |
|
foreach ($result as $key => $value) { |
|
if (is_object($value)) { |
|
$result[$key] = $this->convertXmlToArray($value); |
|
} |
|
} |
|
return $result; |
|
} |
|
|
|
/** |
|
* Attempts to determine HTTP request content type by headers. |
|
* @param array $headers request headers. |
|
* @return string content type. |
|
*/ |
|
protected function determineContentTypeByHeaders(array $headers) |
|
{ |
|
if (isset($headers['content_type'])) { |
|
if (stripos($headers['content_type'], 'json') !== false) { |
|
return self::CONTENT_TYPE_JSON; |
|
} |
|
if (stripos($headers['content_type'], 'urlencoded') !== false) { |
|
return self::CONTENT_TYPE_URLENCODED; |
|
} |
|
if (stripos($headers['content_type'], 'xml') !== false) { |
|
return self::CONTENT_TYPE_XML; |
|
} |
|
} |
|
return self::CONTENT_TYPE_AUTO; |
|
} |
|
|
|
/** |
|
* Attempts to determine the content type from raw content. |
|
* @param string $rawContent raw response content. |
|
* @return string response type. |
|
*/ |
|
protected function determineContentTypeByRaw($rawContent) |
|
{ |
|
if (preg_match('/^\\{.*\\}$/is', $rawContent)) { |
|
return self::CONTENT_TYPE_JSON; |
|
} |
|
if (preg_match('/^[^=|^&]+=[^=|^&]+(&[^=|^&]+=[^=|^&]+)*$/is', $rawContent)) { |
|
return self::CONTENT_TYPE_URLENCODED; |
|
} |
|
if (preg_match('/^<.*>$/is', $rawContent)) { |
|
return self::CONTENT_TYPE_XML; |
|
} |
|
return self::CONTENT_TYPE_AUTO; |
|
} |
|
|
|
/** |
|
* Creates signature method instance from its configuration. |
|
* @param array $signatureMethodConfig signature method configuration. |
|
* @return signature\BaseMethod signature method instance. |
|
*/ |
|
protected function createSignatureMethod(array $signatureMethodConfig) |
|
{ |
|
if (!array_key_exists('class', $signatureMethodConfig)) { |
|
$signatureMethodConfig['class'] = signature\HmacSha1::className(); |
|
} |
|
return Yii::createObject($signatureMethodConfig); |
|
} |
|
|
|
/** |
|
* Creates token from its configuration. |
|
* @param array $tokenConfig token configuration. |
|
* @return OAuthToken token instance. |
|
*/ |
|
protected function createToken(array $tokenConfig = []) |
|
{ |
|
if (!array_key_exists('class', $tokenConfig)) { |
|
$tokenConfig['class'] = OAuthToken::className(); |
|
} |
|
return Yii::createObject($tokenConfig); |
|
} |
|
|
|
/** |
|
* Composes URL from base URL and GET params. |
|
* @param string $url base URL. |
|
* @param array $params GET params. |
|
* @return string composed URL. |
|
*/ |
|
protected function composeUrl($url, array $params = []) |
|
{ |
|
if (strpos($url, '?') === false) { |
|
$url .= '?'; |
|
} else { |
|
$url .= '&'; |
|
} |
|
$url .= http_build_query($params, '', '&', PHP_QUERY_RFC3986); |
|
return $url; |
|
} |
|
|
|
/** |
|
* Saves token as persistent state. |
|
* @param OAuthToken $token auth token |
|
* @return static self reference. |
|
*/ |
|
protected function saveAccessToken(OAuthToken $token) |
|
{ |
|
return $this->setState('token', $token); |
|
} |
|
|
|
/** |
|
* Restores access token. |
|
* @return OAuthToken auth token. |
|
*/ |
|
protected function restoreAccessToken() |
|
{ |
|
$token = $this->getState('token'); |
|
if (is_object($token)) { |
|
/* @var $token OAuthToken */ |
|
if ($token->getIsExpired()) { |
|
$token = $this->refreshAccessToken($token); |
|
} |
|
} |
|
return $token; |
|
} |
|
|
|
/** |
|
* Sets persistent state. |
|
* @param string $key state key. |
|
* @param mixed $value state value |
|
* @return static self reference. |
|
*/ |
|
protected function setState($key, $value) |
|
{ |
|
$session = Yii::$app->getSession(); |
|
$key = $this->getStateKeyPrefix() . $key; |
|
$session->set($key, $value); |
|
return $this; |
|
} |
|
|
|
/** |
|
* Returns persistent state value. |
|
* @param string $key state key. |
|
* @return mixed state value. |
|
*/ |
|
protected function getState($key) |
|
{ |
|
$session = Yii::$app->getSession(); |
|
$key = $this->getStateKeyPrefix() . $key; |
|
$value = $session->get($key); |
|
return $value; |
|
} |
|
|
|
/** |
|
* Removes persistent state value. |
|
* @param string $key state key. |
|
* @return boolean success. |
|
*/ |
|
protected function removeState($key) |
|
{ |
|
$session = Yii::$app->getSession(); |
|
$key = $this->getStateKeyPrefix() . $key; |
|
$session->remove($key); |
|
return true; |
|
} |
|
|
|
/** |
|
* Returns session key prefix, which is used to store internal states. |
|
* @return string session key prefix. |
|
*/ |
|
protected function getStateKeyPrefix() |
|
{ |
|
return get_class($this) . '_' . sha1($this->authUrl) . '_'; |
|
} |
|
|
|
/** |
|
* Performs request to the OAuth API. |
|
* @param string $apiSubUrl API sub URL, which will be append to [[apiBaseUrl]], or absolute API URL. |
|
* @param string $method request method. |
|
* @param array $params request parameters. |
|
* @return array API response |
|
* @throws Exception on failure. |
|
*/ |
|
public function api($apiSubUrl, $method = 'GET', array $params = []) |
|
{ |
|
if (preg_match('/^https?:\\/\\//is', $apiSubUrl)) { |
|
$url = $apiSubUrl; |
|
} else { |
|
$url = $this->apiBaseUrl . '/' . $apiSubUrl; |
|
} |
|
$accessToken = $this->getAccessToken(); |
|
if (!is_object($accessToken) || !$accessToken->getIsValid()) { |
|
throw new Exception('Invalid access token.'); |
|
} |
|
return $this->apiInternal($accessToken, $url, $method, $params); |
|
} |
|
|
|
/** |
|
* Composes HTTP request CUrl options, which will be merged with the default ones. |
|
* @param string $method request type. |
|
* @param string $url request URL. |
|
* @param array $params request params. |
|
* @return array CUrl options. |
|
* @throws Exception on failure. |
|
*/ |
|
abstract protected function composeRequestCurlOptions($method, $url, array $params); |
|
|
|
/** |
|
* Gets new auth token to replace expired one. |
|
* @param OAuthToken $token expired auth token. |
|
* @return OAuthToken new auth token. |
|
*/ |
|
abstract public function refreshAccessToken(OAuthToken $token); |
|
|
|
/** |
|
* Performs request to the OAuth API. |
|
* @param OAuthToken $accessToken actual access token. |
|
* @param string $url absolute API URL. |
|
* @param string $method request method. |
|
* @param array $params request parameters. |
|
* @return array API response. |
|
* @throws Exception on failure. |
|
*/ |
|
abstract protected function apiInternal($accessToken, $url, $method, array $params); |
|
} |