search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Server Scopes (#4124)
[openemr.git] / src / Common / Auth / OpenIDConnect / Repositories / ClientRepository.php
blobf5b3429618d5b20ffc8e97b9e41fbd4b8b3f9f10
1 <?php
2
3 /**
4 * Authorization Server Member
5 *
6 * @package OpenEMR
7 * @link http://www.open-emr.org
8 * @author Jerry Padgett <sjpadgett@gmail.com>
9 * @copyright Copyright (c) 2020 Jerry Padgett <sjpadgett@gmail.com>
10 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
11 */
12
13 namespace OpenEMR\Common\Auth\OpenIDConnect\Repositories;
14
15 use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
16 use OpenEMR\Common\Auth\OpenIDConnect\Entities\ClientEntity;
17 use OpenEMR\Common\Crypto\CryptoGen;
18 use OpenEMR\Common\Logging\SystemLogger;
19 use Psr\Log\LoggerInterface;
20
21 class ClientRepository implements ClientRepositoryInterface
22 {
23 /**
24 * @var LoggerInterface
25 */
26 private $logger;
27
28 public function __construct()
29 {
30 $this->logger = SystemLogger::instance();
31 }
32
33 /**
34 * @return ClientEntity[]
35 */
36 public function listClientEntities(): array
37 {
38 $clients = sqlStatementNoLog("Select * From oauth_clients");
39 $list = [];
40 if (!empty($clients)) {
41 while ($client = $clients->FetchRow()) {
42 $list[] = $this->hydrateClientEntityFromArray($client);
43 }
44 }
45 return $list;
46 }
47
48 public function getClientEntity($clientIdentifier)
49 {
50 $clients = sqlQueryNoLog("Select * From oauth_clients Where client_id=?", array($clientIdentifier));
51
52 // Check if client is registered
53 if ($clients === false) {
54 $this->logger->error(
55 "ClientRepository->getClientEntity() no client found for identifier ",
56 ["client" => $clientIdentifier]
57 );
58 return false;
59 }
60
61 $this->logger->debug(
62 "ClientRepository->getClientEntity() client found",
63 [
64 "client" => [
65 "client_name" => $clients['client_name'],
66 "redirect_uri" => $clients['redirect_uri'],
67 "is_confidential" => $clients['is_confidential']
68 ]
69 ]
70 );
71 return $this->hydrateClientEntityFromArray($clients);
72 }
73
74 public function validateClient($clientIdentifier, $clientSecret, $grantType): bool
75 {
76 if ($grantType == 'authorization_code') {
77 $client = sqlQueryNoLog("SELECT `client_secret`, `is_confidential` FROM `oauth_clients` WHERE `client_id` = ?", [$clientIdentifier]);
78
79 // Check if client is registered
80 if ($client === false) {
81 $this->logger->error(
82 "ClientRepository->validateClient() no client found for identifier ",
83 ["client" => $clientIdentifier]
84 );
85 return false;
86 }
87
88 // Validate client if is_confidential
89 if (!empty($clientSecret) && !empty($client['is_confidential'])) {
90 $secret = (new CryptoGen())->decryptStandard($client['client_secret']);
91 if (empty($secret)) {
92 return false;
93 }
94 return hash_equals($clientSecret, $secret);
95 }
96
97 return true;
98 } else {
99 // password and refresh grant
100 return true;
101 }
102 }
103
104 /**
105 * @param $client_record
106 * @return ClientEntity
107 */
108 private function hydrateClientEntityFromArray($client_record): ClientEntity
109 {
110 $client = new ClientEntity();
111 $client->setIdentifier($client_record['client_id']);
112 $client->setName($client_record['client_name']);
113 $client->setRedirectUri($client_record['redirect_uri']);
114 $client->setIsConfidential($client_record['is_confidential']);
115 $client->setScopes($client_record['scope']);
116 $client->setClientRole($client_record['client_role']);
117 return $client;
118 }
119 }
Mirror of official OpenEMR Sourceforge repository