public function authorizeAction(Request $request, Application $app)
{
// We only handle non-authorized scope here.
try {
return $app['authbucket_oauth2.oauth2_controller']->authorizeAction($request);
} catch (InvalidScopeException $exception) {
$message = unserialize($exception->getMessage());
if ($message['error_description'] !== 'The requested scope is invalid.') {
throw $exception;
}
}
// Fetch parameters, which already checked.
$clientId = $request->query->get('client_id');
$username = $app['security.token_storage']->getToken()->getUser()->getUsername();
$scope = preg_split('/\\s+/', $request->query->get('scope', ''));
// Create form.
$form = $app['form.factory']->createBuilder()->getForm();
$form->handleRequest($request);
// Save authorized scope if submitted by POST.
if ($request->isMethod('POST')) {
$modelManagerFactory = $app['authbucket_oauth2.model_manager.factory'];
$authorizeManager = $modelManagerFactory->getModelManager('authorize');
// Update existing authorization if possible, else create new.
$authorize = $authorizeManager->readModelOneBy(['clientId' => $clientId, 'username' => $username]);
if ($authorize === null) {
$class = $authorizeManager->getClassName();
$authorize = new $class();
$authorize->setClientId($clientId)->setUsername($username)->setScope((array) $scope);
$authorize = $authorizeManager->createModel($authorize);
} else {
$authorize->setClientId($clientId)->setUsername($username)->setScope(array_merge((array) $authorize->getScope(), $scope));
$authorizeManager->updateModel($authorize);
}
// Back to this path, with original GET parameters.
return $app->redirect($request->getRequestUri());
}
// Display the form.
$authorizationRequest = $request->query->all();
return $app['twig']->render('demo/authorize.html.twig', ['client_id' => $clientId, 'username' => $username, 'scopes' => $scope, 'form' => $form->createView(), 'authorization_request' => $authorizationRequest]);
}
