src/Core/Framework/Api/OAuth/ClientRepository.php line 68

  1. <?php declare(strict_types=1);
  3. namespace Shopware\Core\Framework\Api\OAuth;
  5. use Doctrine\DBAL\Connection;
  6. use League\OAuth2\Server\Entities\ClientEntityInterface;
  7. use League\OAuth2\Server\Exception\OAuthServerException;
  8. use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
  9. use Shopware\Core\Framework\Api\OAuth\Client\ApiClient;
  10. use Shopware\Core\Framework\Api\Util\AccessKeyHelper;
  11. use Shopware\Core\Framework\Log\Package;
  12. use Shopware\Core\Framework\Uuid\Uuid;
  14. #[Package('core')]
  15. class ClientRepository implements ClientRepositoryInterface
  16. {
  17.     /**
  18.      * @internal
  19.      */
  20.     public function __construct(private readonly Connection $connection)
  21.     {
  22.     }
  24.     public function validateClient($clientIdentifier$clientSecret$grantType): bool
  25.     {
  26.         if (($grantType === 'password' || $grantType === 'refresh_token') && $clientIdentifier === 'administration') {
  27.             return true;
  28.         }
  30.         if ($grantType === 'client_credentials' && $clientSecret !== null) {
  31.             $values $this->getByAccessKey($clientIdentifier);
  32.             if (!$values) {
  33.                 return false;
  34.             }
  36.             return password_verify($clientSecret, (string) $values['secret_access_key']);
  37.         }
  39.         // @codeCoverageIgnoreStart
  40.         throw OAuthServerException::unsupportedGrantType();
  41.         // @codeCoverageIgnoreEnd
  42.     }
  44.     public function getClientEntity($clientIdentifier): ?ClientEntityInterface
  45.     {
  46.         if ($clientIdentifier === 'administration') {
  47.             return new ApiClient('administration'true);
  48.         }
  50.         $values $this->getByAccessKey($clientIdentifier);
  52.         if (!$values) {
  53.             return null;
  54.         }
  56.         return new ApiClient($clientIdentifiertrue$values['label'] ?? Uuid::fromBytesToHex($values['user_id']));
  57.     }
  59.     private function getByAccessKey(string $clientIdentifier): ?array
  60.     {
  61.         $origin AccessKeyHelper::getOrigin($clientIdentifier);
  63.         if ($origin === 'user') {
  64.             return $this->getUserByAccessKey($clientIdentifier);
  65.         }
  67.         if ($origin === 'integration') {
  68.             return $this->getIntegrationByAccessKey($clientIdentifier);
  69.         }
  71.         return null;
  72.     }
  74.     private function getUserByAccessKey(string $clientIdentifier): ?array
  75.     {
  76.         $key $this->connection->createQueryBuilder()
  77.             ->select(['user_id''secret_access_key'])
  78.             ->from('user_access_key')
  79.             ->where('access_key = :accessKey')
  80.             ->setParameter('accessKey'$clientIdentifier)
  81.             ->execute()
  82.             ->fetch();
  84.         if (!$key) {
  85.             return null;
  86.         }
  88.         return $key;
  89.     }
  91.     private function getIntegrationByAccessKey(string $clientIdentifier): ?array
  92.     {
  93.         $key $this->connection->createQueryBuilder()
  94.             ->select(['integration.id AS id''label''secret_access_key''app.active as active'])
  95.             ->from('integration')
  96.             ->leftJoin('integration''app''app''app.integration_id = integration.id')
  97.             ->where('access_key = :accessKey')
  98.             ->setParameter('accessKey'$clientIdentifier)
  99.             ->execute()
  100.             ->fetch();
  102.         if (!$key) {
  103.             return null;
  104.         }
  106.         // inactive apps cannot access the api
  107.         // if the integration is not associated to an app `active` will be null
  108.         if ($key['active'] === '0') {
  109.             return null;
  110.         }
  112.         return $key;
  113.     }
  114. }