104 lines
2.8 KiB
PHP
104 lines
2.8 KiB
PHP
|
<?php
|
||
|
|
||
|
namespace OAuth2;
|
||
|
|
||
|
use OAuth2\Storage\Memory;
|
||
|
use OAuth2\Storage\ScopeInterface as ScopeStorageInterface;
|
||
|
|
||
|
/**
|
||
|
* @see OAuth2\ScopeInterface
|
||
|
*/
|
||
|
class Scope implements ScopeInterface
|
||
|
{
|
||
|
protected $storage;
|
||
|
|
||
|
/**
|
||
|
* @param mixed @storage
|
||
|
* Either an array of supported scopes, or an instance of OAuth2\Storage\ScopeInterface
|
||
|
*/
|
||
|
public function __construct($storage = null)
|
||
|
{
|
||
|
if (is_null($storage) || is_array($storage)) {
|
||
|
$storage = new Memory((array) $storage);
|
||
|
}
|
||
|
|
||
|
if (!$storage instanceof ScopeStorageInterface) {
|
||
|
throw new \InvalidArgumentException("Argument 1 to OAuth2\Scope must be null, an array, or instance of OAuth2\Storage\ScopeInterface");
|
||
|
}
|
||
|
|
||
|
$this->storage = $storage;
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Check if everything in required scope is contained in available scope.
|
||
|
*
|
||
|
* @param $required_scope
|
||
|
* A space-separated string of scopes.
|
||
|
*
|
||
|
* @return
|
||
|
* TRUE if everything in required scope is contained in available scope,
|
||
|
* and FALSE if it isn't.
|
||
|
*
|
||
|
* @see http://tools.ietf.org/html/rfc6749#section-7
|
||
|
*
|
||
|
* @ingroup oauth2_section_7
|
||
|
*/
|
||
|
public function checkScope($required_scope, $available_scope)
|
||
|
{
|
||
|
$required_scope = explode(' ', trim($required_scope));
|
||
|
$available_scope = explode(' ', trim($available_scope));
|
||
|
|
||
|
return (count(array_diff($required_scope, $available_scope)) == 0);
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Check if the provided scope exists in storage.
|
||
|
*
|
||
|
* @param $scope
|
||
|
* A space-separated string of scopes.
|
||
|
*
|
||
|
* @return
|
||
|
* TRUE if it exists, FALSE otherwise.
|
||
|
*/
|
||
|
public function scopeExists($scope)
|
||
|
{
|
||
|
// Check reserved scopes first.
|
||
|
$scope = explode(' ', trim($scope));
|
||
|
$reservedScope = $this->getReservedScopes();
|
||
|
$nonReservedScopes = array_diff($scope, $reservedScope);
|
||
|
if (count($nonReservedScopes) == 0) {
|
||
|
return true;
|
||
|
} else {
|
||
|
// Check the storage for non-reserved scopes.
|
||
|
$nonReservedScopes = implode(' ', $nonReservedScopes);
|
||
|
|
||
|
return $this->storage->scopeExists($nonReservedScopes);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
public function getScopeFromRequest(RequestInterface $request)
|
||
|
{
|
||
|
// "scope" is valid if passed in either POST or QUERY
|
||
|
return $request->request('scope', $request->query('scope'));
|
||
|
}
|
||
|
|
||
|
public function getDefaultScope($client_id = null)
|
||
|
{
|
||
|
return $this->storage->getDefaultScope($client_id);
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Get reserved scopes needed by the server.
|
||
|
*
|
||
|
* In case OpenID Connect is used, these scopes must include:
|
||
|
* 'openid', offline_access'.
|
||
|
*
|
||
|
* @return
|
||
|
* An array of reserved scopes.
|
||
|
*/
|
||
|
public function getReservedScopes()
|
||
|
{
|
||
|
return array('openid', 'offline_access');
|
||
|
}
|
||
|
}
|