1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
<?php
namespace Infrastructure\Auth;
use Illuminate\Foundation\Application;
use Infrastructure\Auth\Exceptions\InvalidCredentialsException;
use Api\Users\Repositories\UserRepository;
class LoginProxy
{
const REFRESH_TOKEN = 'refreshToken';
private $apiConsumer;
private $auth;
private $cookie;
private $db;
private $request;
private $userRepository;
public function __construct(Application $app, UserRepository $userRepository)
{
$this->userRepository = $userRepository;
$this->apiConsumer = $app->make('apiconsumer');
$this->auth = $app->make('auth');
$this->cookie = $app->make('cookie');
$this->db = $app->make('db');
$this->request = $app->make('request');
}
/**
* Attempt to create an access token using user credentials
*
* @param string $email
* @param string $password
*/
public function attemptLogin($email, $password)
{
$user = $this->userRepository->getWhere('email', $email)->first();
if (!is_null($user)) {
$TokenObject = $this->proxy('password', [
'username' => $email,
'password' => $password
]);
return array_merge($TokenObject, ['user_data' => json_decode(json_encode($user), true)]);
}
throw new InvalidCredentialsException();
}
/**
* Attempt to refresh the access token used a refresh token that
* has been saved in a cookie
*/
public function attemptRefresh()
{
$refreshToken = $this->request->cookie(self::REFRESH_TOKEN);
return $this->proxy('refresh_token', [
'refresh_token' => $refreshToken
]);
}
/**
* Proxy a request to the OAuth server.
*
* @param string $grantType what type of grant type should be proxied
* @param array $data the data to send to the server
*/
public function proxy($grantType, array $data = [])
{
$data = array_merge($data, [
'client_id' => env('PASSWORD_CLIENT_ID'),
'client_secret' => env('PASSWORD_CLIENT_SECRET'),
'grant_type' => $grantType
]);
$response = $this->apiConsumer->post('/oauth/token', $data);
if (!$response->isSuccessful()) {
throw new InvalidCredentialsException();
}
$data = json_decode($response->getContent());
// Create a refresh token cookie
$this->cookie->queue(
self::REFRESH_TOKEN,
$data->refresh_token,
864000, // 10 days
null,
null,
false,
true // HttpOnly
);
return [
'access_token' => $data->access_token,
'expires_in' => $data->expires_in
];
}
/**
* Logs out the user. We revoke access token and refresh token.
* Also instruct the client to forget the refresh cookie.
*/
public function logout()
{
$accessToken = $this->auth->user()->token();
$refreshToken = $this->db
->table('oauth_refresh_tokens')
->where('access_token_id', $accessToken->id)
->update([
'revoked' => true
]);
$accessToken->revoke();
$this->cookie->queue($this->cookie->forget(self::REFRESH_TOKEN));
}
}
|
