Authorization.php
205 lines
| 1 | <?php |
| 2 | /** |
| 3 | * Handles Token Authorization. |
| 4 | * |
| 5 | * @package embed-outlook-teams-calendar-events/API |
| 6 | */ |
| 7 | |
| 8 | namespace MoEmbedPowerBI\API; |
| 9 | |
| 10 | use MoEmbedPowerBI\Wrappers\wpWrapper; |
| 11 | use MoEmbedPowerBI\Observer\adminObserver; |
| 12 | use MoEmbedPowerBI\Wrappers\pluginConstants; |
| 13 | use MoEmbedPowerBI\Wrappers\secureInput; |
| 14 | use MoEmbedPowerBI\API\Azure; |
| 15 | |
| 16 | if ( ! defined( 'ABSPATH' ) ) { |
| 17 | exit; |
| 18 | } |
| 19 | |
| 20 | /** |
| 21 | * Class to handle token authorization and API endpoints' requests. |
| 22 | */ |
| 23 | class Authorization { |
| 24 | /** |
| 25 | * Holds the Authorization class instance. |
| 26 | * |
| 27 | * @var Authorization |
| 28 | */ |
| 29 | private static $instance; |
| 30 | |
| 31 | /** |
| 32 | * Object instance(Authorization) getter method. |
| 33 | * |
| 34 | * @return Authorization |
| 35 | */ |
| 36 | public static function get_controller() { |
| 37 | if ( ! isset( self::$instance ) ) { |
| 38 | $class = __CLASS__; |
| 39 | self::$instance = new $class(); |
| 40 | } |
| 41 | return self::$instance; |
| 42 | } |
| 43 | |
| 44 | /** |
| 45 | * Function to get access token using different grant types. |
| 46 | * |
| 47 | * @param array $endpoints This holds array of all the endpoints of Outlook REST APIs. |
| 48 | * @param array $config This holds array of azure application client credentials. |
| 49 | * @param string $scope This is vaue of scope to be passed in token endpoint. |
| 50 | * @return array |
| 51 | */ |
| 52 | public function mo_epbr_get_access_token( $endpoints, $config, $scope ) { |
| 53 | $args = array(); |
| 54 | if ( pluginConstants::SCOPE_DEFAULT_OFFLINE_ACCESS !== $scope ) { |
| 55 | $args = $this->mo_epbr_get_access_token_using_client_credentials( $config, $scope ); |
| 56 | } else { |
| 57 | $refresh_token = wpWrapper::mo_epbr_get_session_value( 'mo_epbr_refresh_token' ); |
| 58 | if ( empty( $refresh_token ) ) { |
| 59 | $args = $this->mo_epbr_get_token_using_authorization_code( $config, $scope ); |
| 60 | } elseif ( 'SSOUser' === secureInput::mo_epbr_get_secure_cookie( 'Oauth_User_Cookie', 'text' ) ) { |
| 61 | $args = $this->mo_epbr_get_token_using_refresh_token( $config, $scope ); |
| 62 | } |
| 63 | } |
| 64 | $client = Azure::get_client( $config ); |
| 65 | $args_header = isset( $args['headers'] ) ? $args['headers'] : ''; |
| 66 | $args_body = isset( $args['body'] ) ? $args['body'] : ''; |
| 67 | $body = $this->mo_epbr_post_request( esc_url_raw( $client->get_endpoints( 'token' ) ), $args_header, $args_body ); |
| 68 | $request_option = secureInput::mo_epbr_get_secure_data( 'test_user_attributes', array( 'option' => 'text' ), '_wpnonce', 'REQUEST', true ); |
| 69 | if ( isset( $body['error'] ) && isset( $request_option['option'] ) && 'testUser' === $request_option['option'] ) { |
| 70 | // Security checks already handled by secureInput::mo_epbr_get_secure_data() with $require_admin = true |
| 71 | $error_code = array( |
| 72 | 'Error' => $body['error'], |
| 73 | 'Description' => $body['error_description'], |
| 74 | ); |
| 75 | $observer = adminObserver::get_observer(); |
| 76 | $observer->mo_epbr_display_error_message( $error_code ); |
| 77 | } |
| 78 | if ( isset( $body['refresh_token'] ) ) { |
| 79 | wpWrapper::mo_epbr_set_session_value( 'mo_epbr_refresh_token', $body['refresh_token'] ); |
| 80 | } |
| 81 | if ( isset( $body['access_token'] ) ) { |
| 82 | return $body['access_token']; |
| 83 | } |
| 84 | return false; |
| 85 | } |
| 86 | |
| 87 | /** |
| 88 | * Function to get access token using client credentials grant type. |
| 89 | * |
| 90 | * @param array $config This holds array of azure application client credentials. |
| 91 | * @param string $scope This is vaue of scope to be passed in token endpoint. |
| 92 | * @return array |
| 93 | */ |
| 94 | public function mo_epbr_get_access_token_using_client_credentials( $config, $scope ) { |
| 95 | $client_secret = wpWrapper::mo_epbr_decrypt_data( $config['client_secret'], hash( 'sha256', $config['client_id'] ) ); |
| 96 | $args = array( |
| 97 | 'body' => array( |
| 98 | 'grant_type' => pluginConstants::GRANT_TYPE_CLIENTCRED, |
| 99 | 'client_secret' => $client_secret, |
| 100 | 'client_id' => $config['client_id'], |
| 101 | 'scope' => $scope, |
| 102 | ), |
| 103 | 'headers' => array( |
| 104 | 'Content-type' => pluginConstants::CONTENT_TYPE_VAL, |
| 105 | ), |
| 106 | ); |
| 107 | return $args; |
| 108 | } |
| 109 | |
| 110 | /** |
| 111 | * Function to get access token using authorization code grant type. |
| 112 | * |
| 113 | * @param array $config This holds array of azure application client credentials. |
| 114 | * @param string $scope This is vaue of scope to be passed in token endpoint. |
| 115 | * @return array |
| 116 | */ |
| 117 | public function mo_epbr_get_token_using_authorization_code( $config, $scope ) { |
| 118 | $client_secret = wpWrapper::mo_epbr_decrypt_data( $config['client_secret'], hash( 'sha256', $config['client_id'] ) ); |
| 119 | $code = wpWrapper::mo_epbr_get_option( 'mo_epbr_code' ); |
| 120 | $args = array( |
| 121 | 'body' => array( |
| 122 | 'grant_type' => pluginConstants::GRANT_TYPE_AUTHCODE, |
| 123 | 'client_secret' => $client_secret, |
| 124 | 'client_id' => $config['client_id'], |
| 125 | 'scope' => $scope, |
| 126 | 'code' => $code, |
| 127 | 'redirect_uri' => $config['redirect_uri'], |
| 128 | ), |
| 129 | 'headers' => array( |
| 130 | 'Content-type' => pluginConstants::CONTENT_TYPE_VAL, |
| 131 | ), |
| 132 | ); |
| 133 | return $args; |
| 134 | } |
| 135 | |
| 136 | /** |
| 137 | * Function to get access token using refresh token grant type. |
| 138 | * |
| 139 | * @param array $config This holds array of azure application client credentials. |
| 140 | * @param string $scope This is vaue of scope to be passed in token endpoint. |
| 141 | * @return array |
| 142 | */ |
| 143 | public function mo_epbr_get_token_using_refresh_token( $config, $scope ) { |
| 144 | $client_secret = wpWrapper::mo_epbr_decrypt_data( $config['client_secret'], hash( 'sha256', $config['client_id'] ) ); |
| 145 | $refresh_token = wpWrapper::mo_epbr_get_session_value( 'mo_epbr_refresh_token' ); |
| 146 | $args = array( |
| 147 | 'body' => array( |
| 148 | 'grant_type' => pluginConstants::GRANT_TYPE_REFTOKEN, |
| 149 | 'client_secret' => $client_secret, |
| 150 | 'client_id' => $config['client_id'], |
| 151 | 'scope' => $scope, |
| 152 | 'refresh_token' => $refresh_token, |
| 153 | 'redirect_uri' => $config['redirect_uri'], |
| 154 | ), |
| 155 | 'headers' => array( |
| 156 | 'Content-type' => pluginConstants::CONTENT_TYPE_VAL, |
| 157 | ), |
| 158 | ); |
| 159 | return $args; |
| 160 | } |
| 161 | |
| 162 | /** |
| 163 | * Function to execute API calls using GET method. |
| 164 | * |
| 165 | * @param string $url This contains api endpoint where GET method should be carried out. |
| 166 | * @param array $headers This contains array of headers that to be passed in API call. |
| 167 | * @return array |
| 168 | */ |
| 169 | public function mo_epbr_get_request( $url, $headers ) { |
| 170 | $args = array( |
| 171 | 'headers' => $headers, |
| 172 | ); |
| 173 | $response = wp_remote_get( esc_url_raw( $url ), $args ); |
| 174 | if ( is_array( $response ) && ! is_wp_error( $response ) ) { |
| 175 | return json_decode( $response['body'], true ); |
| 176 | } else { |
| 177 | return pluginConstants::PROCESS_FAILED; |
| 178 | } |
| 179 | } |
| 180 | |
| 181 | /** |
| 182 | * Function to execute API calls using POST method. |
| 183 | * |
| 184 | * @param string $url This contains api endpoint where GET method should be carried out. |
| 185 | * @param array $headers This contains array of headers that to be passed in API call. |
| 186 | * @param array $body This contains array of body that to be passed in API call. |
| 187 | * @return array |
| 188 | */ |
| 189 | public function mo_epbr_post_request( $url, $headers, $body ) { |
| 190 | $args = array( |
| 191 | 'body' => $body, |
| 192 | 'headers' => $headers, |
| 193 | ); |
| 194 | $response = wp_remote_post( esc_url_raw( $url ), $args ); |
| 195 | if ( is_wp_error( $response ) ) { |
| 196 | $error_message = $response->get_error_message(); |
| 197 | return pluginConstants::PROCESS_FAILED; |
| 198 | } else { |
| 199 | $body = json_decode( $response['body'], true ); |
| 200 | return $body; |
| 201 | } |
| 202 | return false; |
| 203 | } |
| 204 | } |
| 205 |