Skip to content

Commit

Permalink
Merge pull request #70 from arueckauer/master
Browse files Browse the repository at this point in the history 
Ensure API_VERSION is attached to request url. Fixes #64
  • Loading branch information
@hajekj
hajekj committed Oct 25, 2018
2 parents 7dda4ce + 9f6feb4 commit d3b04a6
Showing 1 changed file with 61 additions and 61 deletions.
122 changes: 61 additions & 61 deletions src/Provider/Azure.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ class Azure extends AbstractProvider
public $urlLogin = "https://login.microsoftonline.com/";
public $pathAuthorize = "/oauth2/authorize";
public $pathToken = "/oauth2/token";

public $scope = [];
public $scopeSeparator = " ";

Expand All @@ -28,7 +28,7 @@ class Azure extends AbstractProvider
public $resource = "";

public $API_VERSION = "1.6";

public $authWithResource = true;

public function __construct(array $options = [], array $collaborators = [])
Expand All @@ -39,17 +39,17 @@ public function __construct(array $options = [], array $collaborators = [])

public function getBaseAuthorizationUrl()
{
return $this->urlLogin.$this->tenant.$this->pathAuthorize;
return $this->urlLogin . $this->tenant . $this->pathAuthorize;
}

public function getBaseAccessTokenUrl(array $params)
{
return $this->urlLogin.$this->tenant.$this->pathToken;
return $this->urlLogin . $this->tenant . $this->pathToken;
}

public function getAccessToken($grant, array $options = [])
{
if($this->authWithResource) {
if ($this->authWithResource) {
$options['resource'] = $this->resource ? $this->resource : $this->urlAPI;
}
return parent::getAccessToken($grant, $options);
Expand All @@ -62,7 +62,7 @@ protected function checkResponse(ResponseInterface $response, $data)
$message = $data['odata.error']['message']['value'];
} elseif (isset($data['error']['message'])) {
$message = $data['error']['message'];
} elseif ( isset($data['error']) && !is_array( $data['error'] )){
} elseif (isset($data['error']) && !is_array($data['error'])) {
$message = $data['error'];
} else {
$message = $response->getReasonPhrase();
Expand All @@ -85,18 +85,18 @@ protected function getScopeSeparator()
{
return $this->scopeSeparator;
}

protected function createAccessToken(array $response, AbstractGrant $grant)
{
return new AccessToken($response, $this);
}

public function getResourceOwner(\League\OAuth2\Client\Token\AccessToken $token)
{
$data = $token->getIdTokenClaims();
return $this->createResourceOwner($data, $token);
}

public function getResourceOwnerDetailsUrl(\League\OAuth2\Client\Token\AccessToken $token)
{
return null;
Expand All @@ -110,29 +110,30 @@ protected function createResourceOwner(array $response, \League\OAuth2\Client\To
public function getObjects($tenant, $ref, &$accessToken, $headers = [])
{
$objects = [];

$response = null;
do {
if (filter_var($ref, FILTER_VALIDATE_URL) === FALSE) {
$ref = $tenant."/".$ref;
do {
if (filter_var($ref, FILTER_VALIDATE_URL) === false) {
$ref = $tenant . "/" . $ref;
}
$response = $this->request('get', $ref, $accessToken, ['headers' => $headers]);

$response = $this->request('get', $ref, $accessToken, ['headers' => $headers]);
$values = $response;
if(isset($response['value'])) $values = $response['value'];
if (isset($response['value'])) {
$values = $response['value'];
}
foreach ($values as $value) {
$objects[] = $value;
}
if (isset($response['odata.nextLink'])) {
if (isset($response['odata.nextLink'])) {
$ref = $response['odata.nextLink'];
} elseif (isset($response['@odata.nextLink'])) {
$ref = $response['@odata.nextLink'];
} else {
$ref = null;
}
else {
$ref = null;
}
} while ($ref != null);

} while ($ref != null);

return $objects;
}

Expand Down Expand Up @@ -180,30 +181,29 @@ public function request($method, $ref, &$accessToken, $options = [])
}

$url = null;
if (filter_var($ref, FILTER_VALIDATE_URL) !== FALSE) {
if (filter_var($ref, FILTER_VALIDATE_URL) !== false) {
$url = $ref;
} else {
if (strpos($this->urlAPI, "graph.windows.net") !== FALSE) {
$tenant = 'common';
if (property_exists($this, 'tenant')) {
$tenant = $this->tenant;
}
$ref = "$tenant/$ref";
} elseif (strpos($this->urlAPI, "graph.windows.net") !== false) {
$tenant = 'common';
if (property_exists($this, 'tenant')) {
$tenant = $this->tenant;
}
$ref = "$tenant/$ref";

$url = $this->urlAPI.$ref;
$url = $this->urlAPI . $ref;

$url .= (strrpos($url, "?") === false) ? "?" : "&";
$url .= "api-version=".$this->API_VERSION;
}
else {
$url = $this->urlAPI.$ref;
if (strpos($url, 'api-version') === false) {
$url .= (strpos($url, '?') === false) ? '?' : '&';
$url .= 'api-version=' . $this->API_VERSION;
}
} else {
$url = $this->urlAPI . $ref;
}

if(isset($options['body']) && (gettype($options['body']) == 'array' || gettype($options['body']) == 'object')) {
if (isset($options['body']) && (gettype($options['body']) == 'array' || gettype($options['body']) == 'object')) {
$options['body'] = json_encode($options['body']);
}
if(!isset($options['headers']['Content-Type']) && isset($options['body'])) {
if (!isset($options['headers']['Content-Type']) && isset($options['body'])) {
$options['headers']['Content-Type'] = 'application/json';
}

Expand All @@ -223,12 +223,12 @@ private function wrapResponse($response)

return $response;
}

public function getClientId()
{
return $this->clientId;
}

/**
* Obtain URL for logging out the user.
*
Expand All @@ -238,9 +238,9 @@ public function getClientId()
*/
public function getLogoutUrl($post_logout_redirect_uri)
{
return 'https://login.microsoftonline.com/'.$this->tenant.'/oauth2/logout?post_logout_redirect_uri='.rawurlencode($post_logout_redirect_uri);
return 'https://login.microsoftonline.com/' . $this->tenant . '/oauth2/logout?post_logout_redirect_uri=' . rawurlencode($post_logout_redirect_uri);
}

/**
* Validate the access token you received in your application.
*
Expand All @@ -252,33 +252,32 @@ public function validateAccessToken($accessToken)
{
$keys = $this->getJwtVerificationKeys();
$tokenClaims = (array)JWT::decode($accessToken, $keys, ['RS256']);

if ($this->getClientId() != $tokenClaims['aud'] && $this->getClientId() != $tokenClaims['appid']) {
throw new \RuntimeException("The client_id / audience is invalid!");
}
if($tokenClaims['nbf'] > time() || $tokenClaims['exp'] < time()) {
if ($tokenClaims['nbf'] > time() || $tokenClaims['exp'] < time()) {
// Additional validation is being performed in firebase/JWT itself
throw new \RuntimeException("The id_token is invalid!");
}
if($this->tenant == "common") {

if ($this->tenant == "common") {
$this->tenant = $tokenClaims['tid'];

$tenant = $this->getTenantDetails($this->tenant);
if($tokenClaims['iss'] != $tenant['issuer']) {
if ($tokenClaims['iss'] != $tenant['issuer']) {
throw new \RuntimeException("Invalid token issuer!");
}
}
else {
} else {
$tenant = $this->getTenantDetails($this->tenant);
if($tokenClaims['iss'] != $tenant['issuer']) {
if ($tokenClaims['iss'] != $tenant['issuer']) {
throw new \RuntimeException("Invalid token issuer!");
}
}

return $tokenClaims;
}

/**
* Get JWT verification keys from Azure Active Directory.
*
Expand All @@ -288,9 +287,9 @@ public function getJwtVerificationKeys()
{
$factory = $this->getRequestFactory();
$request = $factory->getRequestWithOptions('get', 'https://login.windows.net/common/discovery/keys', []);

$response = $this->getParsedResponse($request);

$keys = [];
foreach ($response['keys'] as $i => $keyinfo) {
if (isset($keyinfo['x5c']) && is_array($keyinfo['x5c'])) {
Expand All @@ -302,10 +301,10 @@ public function getJwtVerificationKeys()
}
}
}

return $keys;
}

/**
* Get the specified tenant's details.
*
Expand All @@ -316,10 +315,11 @@ public function getJwtVerificationKeys()
public function getTenantDetails($tenant)
{
$factory = $this->getRequestFactory();
$request = $factory->getRequestWithOptions('get', 'https://login.windows.net/'.$tenant.'/.well-known/openid-configuration', []);

$request = $factory->getRequestWithOptions('get',
'https://login.windows.net/' . $tenant . '/.well-known/openid-configuration', []);

$response = $this->getParsedResponse($request);

return $response;
}
}

0 comments on commit d3b04a6

Please sign in to comment.