-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathAbstractAuthenticator.php
132 lines (116 loc) · 4.48 KB
/
AbstractAuthenticator.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
<?php
declare(strict_types=1);
/**
* This file is part of the MultiFlexi package
*
* https://multiflexi.eu/
*
* (c) Vítězslav Dvořák <http://vitexsoftware.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
/**
* This is an example of using OAuth2 Application Flow in a specification to describe security to your API.
* The version of the OpenAPI document: 1.1.0
* Contact: vitezslav.dvorak@spojenet.cz
* Generated by: https://github.com/openapitools/openapi-generator.git.
*/
/**
* NOTE: This class is auto generated by the openapi generator program.
* https://github.com/openapitools/openapi-generator
* Do not edit the class manually.
*/
namespace MultiFlexi\Api\Auth;
use Dyorg\TokenAuthentication\Exceptions\UnauthorizedExceptionInterface;
use Dyorg\TokenAuthentication\TokenSearch;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
/**
* AbstractAuthenticator Class Doc Comment.
*
* @author OpenAPI Generator team
*
* @see https://github.com/openapitools/openapi-generator
*/
abstract class AbstractAuthenticator
{
/**
* @var null|string[] List of required scopes
*/
protected ?array $requiredScope = null;
/**
* Authenticator constructor.
*
* @param null|string[] $requiredScope List of required scopes
*/
public function __construct($requiredScope = null)
{
$this->requiredScope = $requiredScope;
}
/**
* Makes the api key validation of your application.
*
* Just an example of implementation. Override this method to fit your needs
*
* @param ServerRequestInterface $request HTTP request
* @param TokenSearch $tokenSearch Middleware instance which contains api key in token
*
* @throws UnauthorizedExceptionInterface when cannot parse token
*
* @return bool Must return either true or false
*/
public function __invoke(ServerRequestInterface &$request, TokenSearch $tokenSearch)
{
/**
* Try find authorization token via header, parameters, cookie or attribute
* If token not found, return response with status 401 (unauthorized).
*/
$token = $tokenSearch->getToken($request);
/**
* Verify if token is valid on database
* If token isn't valid, expired or has insufficient scope must throw an UnauthorizedExceptionInterface.
*/
$user = $this->getUserByToken($token);
/**
* Set authenticated user at attributes.
*/
$request = $request->withAttribute('authenticated_user', $user);
return true;
}
/**
* Handles the response for unauthorized access attempts.
*
* This method is called when an access token is either not provided, invalid, or expired.
* It constructs a response that includes an error message, the status code, and any other relevant information.
*
* @param ServerRequestInterface $request the HTTP request that led to the unauthorized access attempt
* @param ResponseInterface $response the response object that will be modified to reflect the unauthorized status
* @param UnauthorizedExceptionInterface $exception the exception triggered due to unauthorized access, containing details such as the error message
*
* @return ResponseInterface the modified response object with the unauthorized access error information, including a 401 status code and a JSON body with the error message and token information
*/
public static function handleUnauthorized(ServerRequestInterface $request, ResponseInterface $response, UnauthorizedExceptionInterface $exception)
{
$output = [
'message' => $exception->getMessage(),
'token' => $request->getAttribute('authorization_token'),
'success' => false,
];
$response->getBody()->write(json_encode($output));
return $response
->withHeader('Content-Type', 'application/json')
->withStatus(401);
}
/**
* Verify if token is valid on database
* If token isn't valid, expired or has insufficient scope must throw an UnauthorizedExceptionInterface.
*
* @param string $token Api Key
*
* @throws UnauthorizedExceptionInterface on invalid token
*
* @return array User object or associative array
*/
abstract protected function getUserByToken(string $token);
}