Fire events on issue tokens

phalcon-orphanage · Apr 2, 2018 · 9c389ba · 9c389ba
1 parent 3a80ea4
commit 9c389ba
Show file tree

Hide file tree

Showing 5 changed files with 51 additions and 0 deletions.
diff --git a/src/Server/Grant/AuthCodeGrant.php b/src/Server/Grant/AuthCodeGrant.php
@@ -5,6 +5,7 @@
 use DateTime;
 use DateInterval;
 use LogicException;
+use InvalidArgumentException;
 use Phalcon\Http\RequestInterface;
 use Preferans\Oauth\Server\RequestEvent;
 use Preferans\Oauth\Entities\UserEntityInterface;
@@ -67,6 +68,30 @@ public function enableCodeChallengeVerifier(CodeChallengeVerifierInterface $code
         $this->codeChallengeVerifiers[$codeChallengeVerifier->getMethod()] = $codeChallengeVerifier;
     }
 
+    /**
+     * Disable a code challenge verifier on the grant.
+     *
+     * @param string|CodeChallengeVerifierInterface $codeChallengeVerifier
+     *
+     * @throws InvalidArgumentException
+     *
+     * @return void
+     */
+    public function disableCodeChallengeVerifier(CodeChallengeVerifierInterface $codeChallengeVerifier)
+    {
+        if ($codeChallengeVerifier instanceof CodeChallengeVerifierInterface) {
+            $method = $codeChallengeVerifier->getMethod();
+        } elseif (is_string($codeChallengeVerifier)) {
+            $method = $codeChallengeVerifier;
+        } else {
+            throw new InvalidArgumentException(
+                'Code Verifier must be either a string or implements CodeChallengeVerifierInterface'
+            );
+        }
+
+        unset($this->codeChallengeVerifiers[$method]);
+    }
+
     /**
      * Respond to an access token request.
      *
@@ -152,6 +177,17 @@ public function respondToAccessTokenRequest(
                 throw OAuthServerException::invalidRequest('code_verifier');
             }
 
+            /**
+             * Validate code_verifier according to RFC-7636
+             * @link https://tools.ietf.org/html/rfc7636#section-4.1
+             */
+            if (preg_match('/^[A-Za-z0-9-._~]{43,128}$/', $codeVerifier) !== 1) {
+                throw OAuthServerException::invalidRequest(
+                    'code_verifier',
+                    'Code Verifier must follow the specifications of RFC-7636.'
+                );
+            }
+
             if (isset($this->codeChallengeVerifiers[$authCodePayload->code_challenge_method])) {
                 $verifier = $this->codeChallengeVerifiers[$authCodePayload->code_challenge_method];
 
@@ -169,6 +205,9 @@ public function respondToAccessTokenRequest(
         $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $authCodePayload->user_id, $scopes);
         $refreshToken = $this->issueRefreshToken($accessToken);
 
+        $this->getEventsManager()->fire(RequestEvent::ACCESS_TOKEN_ISSUED, $request);
+        $this->getEventsManager()->fire(RequestEvent::REFRESH_TOKEN_ISSUED, $request);
+
         // Inject tokens into response type
         $responseType->setAccessToken($accessToken);
         $responseType->setRefreshToken($refreshToken);

diff --git a/src/Server/Grant/ClientCredentialsGrant.php b/src/Server/Grant/ClientCredentialsGrant.php
@@ -4,6 +4,7 @@
 
 use DateInterval;
 use Phalcon\Http\RequestInterface;
+use Preferans\Oauth\Server\RequestEvent;
 use Preferans\Oauth\Exceptions\OAuthServerException;
 use Preferans\Oauth\Traits\RequestScopesAwareTrait;
 use Preferans\Oauth\Server\ResponseType\ResponseTypeInterface;
@@ -42,6 +43,8 @@ public function respondToAccessTokenRequest(
         // Issue and persist access token
         $accessToken = $this->issueAccessToken($accessTokenTTL, $client, null, $finalizedScopes);
 
+        $this->getEventsManager()->fire(RequestEvent::ACCESS_TOKEN_ISSUED, $request);
+
         // Inject access token into response type
         $responseType->setAccessToken($accessToken);
 

diff --git a/src/Server/Grant/PasswordGrant.php b/src/Server/Grant/PasswordGrant.php
@@ -70,6 +70,9 @@ public function respondToAccessTokenRequest(
         $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $user->getIdentifier(), $finalizedScopes);
         $refreshToken = $this->issueRefreshToken($accessToken);
 
+        $this->getEventsManager()->fire(RequestEvent::ACCESS_TOKEN_ISSUED, $request);
+        $this->getEventsManager()->fire(RequestEvent::REFRESH_TOKEN_ISSUED, $request);
+
         // Inject tokens into response
         $responseType->setAccessToken($accessToken);
         $responseType->setRefreshToken($refreshToken);

diff --git a/src/Server/Grant/RefreshTokenGrant.php b/src/Server/Grant/RefreshTokenGrant.php
@@ -83,6 +83,9 @@ public function respondToAccessTokenRequest(
         $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $oldRefreshToken['user_id'], $scopes);
         $refreshToken = $this->issueRefreshToken($accessToken);
 
+        $this->getEventsManager()->fire(RequestEvent::ACCESS_TOKEN_ISSUED, $request);
+        $this->getEventsManager()->fire(RequestEvent::REFRESH_TOKEN_ISSUED, $request);
+
         // Inject tokens into response
         $responseType->setAccessToken($accessToken);
         $responseType->setRefreshToken($refreshToken);

diff --git a/src/Server/RequestEvent.php b/src/Server/RequestEvent.php
@@ -12,4 +12,7 @@ final class RequestEvent
     const CLIENT_AUTHENTICATION_FAILED = 'auth:client.authentication.failed';
     const USER_AUTHENTICATION_FAILED = 'auth:user.authentication.failed';
     const REFRESH_TOKEN_CLIENT_FAILED = 'auth:refresh_token.client.failed';
+
+    const ACCESS_TOKEN_ISSUED = 'auth:access_token.issued';
+    const REFRESH_TOKEN_ISSUED = 'auth:refresh_token.issued';
 }