1<?php
2/*
3 * Copyright 2015 Google Inc.
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
8 *
9 *     http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 */
17
18namespace Google\Auth\Subscriber;
19
20use Google\Auth\FetchAuthTokenInterface;
21use GuzzleHttp\Event\BeforeEvent;
22use GuzzleHttp\Event\RequestEvents;
23use GuzzleHttp\Event\SubscriberInterface;
24
25/**
26 * AuthTokenSubscriber is a Guzzle Subscriber that adds an Authorization header
27 * provided by an object implementing FetchAuthTokenInterface.
28 *
29 * The FetchAuthTokenInterface#fetchAuthToken is used to obtain a hash; one of
30 * the values value in that hash is added as the authorization header.
31 *
32 * Requests will be accessed with the authorization header:
33 *
34 * 'authorization' 'Bearer <value of auth_token>'
35 */
36class AuthTokenSubscriber implements SubscriberInterface
37{
38    /**
39     * @var callable
40     */
41    private $httpHandler;
42
43    /**
44     * @var FetchAuthTokenInterface
45     */
46    private $fetcher;
47
48    /**
49     * @var callable
50     */
51    private $tokenCallback;
52
53    /**
54     * Creates a new AuthTokenSubscriber.
55     *
56     * @param FetchAuthTokenInterface $fetcher is used to fetch the auth token
57     * @param callable $httpHandler (optional) http client to fetch the token.
58     * @param callable $tokenCallback (optional) function to be called when a new token is fetched.
59     */
60    public function __construct(
61        FetchAuthTokenInterface $fetcher,
62        callable $httpHandler = null,
63        callable $tokenCallback = null
64    ) {
65        $this->fetcher = $fetcher;
66        $this->httpHandler = $httpHandler;
67        $this->tokenCallback = $tokenCallback;
68    }
69
70    /**
71     * @return array
72     */
73    public function getEvents()
74    {
75        return ['before' => ['onBefore', RequestEvents::SIGN_REQUEST]];
76    }
77
78    /**
79     * Updates the request with an Authorization header when auth is 'fetched_auth_token'.
80     *
81     *   use GuzzleHttp\Client;
82     *   use Google\Auth\OAuth2;
83     *   use Google\Auth\Subscriber\AuthTokenSubscriber;
84     *
85     *   $config = [..<oauth config param>.];
86     *   $oauth2 = new OAuth2($config)
87     *   $subscriber = new AuthTokenSubscriber($oauth2);
88     *
89     *   $client = new Client([
90     *      'base_url' => 'https://www.googleapis.com/taskqueue/v1beta2/projects/',
91     *      'defaults' => ['auth' => 'google_auth']
92     *   ]);
93     *   $client->getEmitter()->attach($subscriber);
94     *
95     *   $res = $client->get('myproject/taskqueues/myqueue');
96     *
97     * @param BeforeEvent $event
98     */
99    public function onBefore(BeforeEvent $event)
100    {
101        // Requests using "auth"="google_auth" will be authorized.
102        $request = $event->getRequest();
103        if ($request->getConfig()['auth'] != 'google_auth') {
104            return;
105        }
106
107        // Fetch the auth token.
108        $auth_tokens = $this->fetcher->fetchAuthToken($this->httpHandler);
109        if (array_key_exists('access_token', $auth_tokens)) {
110            $request->setHeader('authorization', 'Bearer ' . $auth_tokens['access_token']);
111
112            // notify the callback if applicable
113            if ($this->tokenCallback) {
114                call_user_func($this->tokenCallback, $this->fetcher->getCacheKey(), $auth_tokens['access_token']);
115            }
116        }
117    }
118}
119