<?php
namespace Laravel\Passport\Http\Controllers;
use Illuminate\Contracts\Auth\StatefulGuard;
use Illuminate\Http\Request;
use Illuminate\Support\Str;
use Laravel\Passport\Bridge\User;
use Laravel\Passport\ClientRepository;
use Laravel\Passport\Contracts\AuthorizationViewResponse;
use Laravel\Passport\Exceptions\AuthenticationException;
use Laravel\Passport\Passport;
use Laravel\Passport\TokenRepository;
use League\OAuth2\Server\AuthorizationServer;
use League\OAuth2\Server\Exception\OAuthServerException;
use Nyholm\Psr7\Response as Psr7Response;
use Psr\Http\Message\ServerRequestInterface;
class AuthorizationController
{
use HandlesOAuthErrors;
/**
* The authorization server.
*
* @var \League\OAuth2\Server\AuthorizationServer
*/
protected $server;
/**
* The guard implementation.
*
* @var \Illuminate\Contracts\Auth\StatefulGuard
*/
protected $guard;
/**
* The authorization view response implementation.
*
* @var \Laravel\Passport\Contracts\AuthorizationViewResponse
*/
protected $response;
/**
* Create a new controller instance.
*
* @param \League\OAuth2\Server\AuthorizationServer $server
* @param \Illuminate\Contracts\Auth\StatefulGuard $guard
* @param \Laravel\Passport\Contracts\AuthorizationViewResponse $response
* @return void
*/
public function __construct(AuthorizationServer $server,
StatefulGuard $guard,
AuthorizationViewResponse $response)
{
$this->server = $server;
$this->guard = $guard;
$this->response = $response;
}
/**
* Authorize a client to access the user's account.
*
* @param \Psr\Http\Message\ServerRequestInterface $psrRequest
* @param \Illuminate\Http\Request $request
* @param \Laravel\Passport\ClientRepository $clients
* @param \Laravel\Passport\TokenRepository $tokens
* @return \Illuminate\Http\Response|\Laravel\Passport\Contracts\AuthorizationViewResponse
*/
public function authorize(ServerRequestInterface $psrRequest,
Request $request,
ClientRepository $clients,
TokenRepository $tokens)
{
$authRequest = $this->withErrorHandling(function () use ($psrRequest) {
return $this->server->validateAuthorizationRequest($psrRequest);
});
if ($this->guard->guest()) {
return $request->get('prompt') === 'none'
? $this->denyRequest($authRequest)
: $this->promptForLogin($request);
}
if ($request->get('prompt') === 'login' &&
! $request->session()->get('promptedForLogin', false)) {
$this->guard->logout();
$request->session()->invalidate();
$request->session()->regenerateToken();
return $this->promptForLogin($request);
}
$request->session()->forget('promptedForLogin');
$scopes = $this->parseScopes($authRequest);
$user = $this->guard->user();
$client = $clients->find($authRequest->getClient()->getIdentifier());
if ($request->get('prompt') !== 'consent' &&
($client->skipsAuthorization() || $this->hasValidToken($tokens, $user, $client, $scopes))) {
return $this->approveRequest($authRequest, $user);
}
if ($request->get('prompt') === 'none') {
return $this->denyRequest($authRequest, $user);
}
$request->session()->put('authToken', $authToken = Str::random());
$request->session()->put('authRequest', $authRequest);
return $this->response->withParameters([
'client' => $client,
'user' => $user,
'scopes' => $scopes,
'request' => $request,
'authToken' => $authToken,
]);
}
/**
* Transform the authorization requests's scopes into Scope instances.
*
* @param \League\OAuth2\Server\RequestTypes\AuthorizationRequest $authRequest
* @return array
*/
protected function parseScopes($authRequest)
{
return Passport::scopesFor(
collect($authRequest->getScopes())->map(function ($scope) {
return $scope->getIdentifier();
})->unique()->all()
);
}
/**
* Determine if a valid token exists for the given user, client, and scopes.
*
* @param \Laravel\Passport\TokenRepository $tokens
* @param \Illuminate\Contracts\Auth\Authenticatable $user
* @param \Laravel\Passport\Client $client
* @param array $scopes
* @return bool
*/
protected function hasValidToken($tokens, $user, $client, $scopes)
{
$token = $tokens->findValidToken($user, $client);
return $token && $token->scopes === collect($scopes)->pluck('id')->all();
}
/**
* Approve the authorization request.
*
* @param \League\OAuth2\Server\RequestTypes\AuthorizationRequest $authRequest
* @param \Illuminate\Contracts\Auth\Authenticatable $user
* @return \Illuminate\Http\Response
*/
protected function approveRequest($authRequest, $user)
{
$authRequest->setUser(new User($user->getAuthIdentifier()));
$authRequest->setAuthorizationApproved(true);
return $this->withErrorHandling(function () use ($authRequest) {
return $this->convertResponse(
$this->server->completeAuthorizationRequest($authRequest, new Psr7Response)
);
});
}
/**
* Deny the authorization request.
*
* @param \League\OAuth2\Server\RequestTypes\AuthorizationRequest $authRequest
* @param \Illuminate\Contracts\Auth\Authenticatable|null $user
* @return \Illuminate\Http\Response
*/
protected function denyRequest($authRequest, $user = null)
{
if (is_null($user)) {
$uri = $authRequest->getRedirectUri()
?? (is_array($authRequest->getClient()->getRedirectUri())
? $authRequest->getClient()->getRedirectUri()[0]
: $authRequest->getClient()->getRedirectUri());
$separator = $authRequest->getGrantTypeId() === 'implicit' ? '#' : '?';
$uri = $uri.(str_contains($uri, $separator) ? '&' : $separator).'state='.$authRequest->getState();
return $this->withErrorHandling(function () use ($uri) {
throw OAuthServerException::accessDenied('Unauthenticated', $uri);
});
}
$authRequest->setUser(new User($user->getAuthIdentifier()));
$authRequest->setAuthorizationApproved(false);
return $this->withErrorHandling(function () use ($authRequest) {
return $this->convertResponse(
$this->server->completeAuthorizationRequest($authRequest, new Psr7Response)
);
});
}
/**
* Prompt the user to login by throwing an AuthenticationException.
*
* @param \Illuminate\Http\Request $request
*
* @throws \Laravel\Passport\Exceptions\AuthenticationException
*/
protected function promptForLogin($request)
{
$request->session()->put('promptedForLogin', true);
throw new AuthenticationException;
}
}
At NFC Pay, your privacy is of utmost importance to us. This Privacy Policy outlines how we collect, use, share, and protect your personal information when you use our services, including our website and mobile applications.
1. Information We Collect
2. How We Use Your Information
We use the information we collect for the following purposes:
3. Sharing Your Information
We may share your personal information in the following circumstances:
4. Security of Your Information
We take the security of your personal information seriously and implement a variety of security measures, including encryption, secure servers, and access controls, to protect your data from unauthorized access, disclosure, alteration, or destruction. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee its absolute security.
5. Your Privacy Rights
Depending on your location, you may have certain rights regarding your personal information, such as:
6. Third-Party Links
Our services may contain links to third-party websites or services. We are not responsible for the privacy practices or the content of these third-party sites. We encourage you to review the privacy policies of those third parties.
7. Children’s Privacy
Our services are not intended for individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information.
8. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes by posting the new Privacy Policy on our website and updating the effective date.
9. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:
Email: support@nfcpay.com