diff --git a/composer.json b/composer.json index f7e2407b..69ee3c1a 100644 --- a/composer.json +++ b/composer.json @@ -6,11 +6,11 @@ "license": "MIT", "require": { "php": ">=5.4.0", - "symfony/http-foundation": "v2.4.*" + "symfony/http-foundation": "2.4.*" }, "require-dev": { - "mockery/mockery": ">=0.7.2", - "league/phpunit-coverage-listener": "~1.0" + "league/phpunit-coverage-listener": "~1.0", + "phpdocumentor/phpdocumentor": "2.*" }, "repositories": [ { diff --git a/src/League/OAuth2/Server/Authorization.php b/src/League/OAuth2/Server/Authorization.php index 8c7337cf..a4b91d10 100644 --- a/src/League/OAuth2/Server/Authorization.php +++ b/src/League/OAuth2/Server/Authorization.php @@ -2,9 +2,9 @@ /** * OAuth 2.0 Authorization Server * - * @package php-loep/oauth2-server + * @package league/oauth2-server * @author Alex Bilbie - * @copyright Copyright (c) 2013 PHP League of Extraordinary Packages + * @copyright Copyright (c) PHP League of Extraordinary Packages * @license http://mit-license.org/ * @link http://github.com/php-loep/oauth2-server */ @@ -16,6 +16,7 @@ use League\OAuth2\Server\Grant\GrantTypeInterface; use League\OAuth2\Server\Exception\ClientException; use League\OAuth2\Server\Exception\ServerException; use League\OAuth2\Server\Exception\InvalidGrantTypeException; +use League\OAuth2\Server\Storage\StorageWrapper; use League\OAuth2\Server\Storage\ClientInterface; use League\OAuth2\Server\Storage\AccessTokenInterface; use League\OAuth2\Server\Storage\AuthCodeInterface; @@ -231,45 +232,49 @@ class Authorization /** * Set the client storage - * @param ClientInterface $client + * @param ClientInterface $storage * @return self */ - public function setClientStorage(ClientInterface $client) + public function setClientStorage(ClientInterface $storage) { - $this->storages['client'] = $client; + $storage->setServer($this); + $this->storages['client'] = $storage; return $this; } /** * Set the session storage - * @param SessionInterface $session + * @param SessionInterface $storage * @return self */ - public function setSessionStorage(SessionInterface $session) + public function setSessionStorage(SessionInterface $storage) { - $this->storages['session'] = $session; + $storage->setServer($this); + $this->storages['session'] = $storage; return $this; } /** * Set the access token storage - * @param AccessTokenInterface $accessToken + * @param AccessTokenInterface $storage * @return self */ - public function setAccessTokenStorage(AccessTokenInterface $accessToken) + public function setAccessTokenStorage(AccessTokenInterface $storage) { - $this->storages['access_token'] = $accessToken; + $storage->setServer($this); + $this->storages['access_token'] = $storage; return $this; } /** * Set the refresh token storage - * @param RefreshTokenInteface $refreshToken + * @param RefreshTokenInteface $storage * @return self */ - public function setRefreshTokenStorage(RefreshTokenInterface $refreshToken) + public function setRefreshTokenStorage(RefreshTokenInterface $storage) { - $this->storages['refresh_token'] = $refreshToken; + $storage->setServer($this); + $this->storages['refresh_token'] = $storage; return $this; } @@ -280,18 +285,20 @@ class Authorization */ public function setAuthCodeStorage(AuthCodeInterface $authCode) { + $storage->setServer($this); $this->storages['auth_code'] = $authCode; return $this; } /** * Set the scope storage - * @param ScopeInterface $scope + * @param ScopeInterface $storage * @return self */ - public function setScopeStorage(ScopeInterface $scope) + public function setScopeStorage(ScopeInterface $storage) { - $this->storages['scope'] = $scope; + $storage->setServer($this); + $this->storages['scope'] = $storage; return $this; } @@ -359,7 +366,8 @@ class Authorization } /** - * Default scope to be used if none is provided and requireScopeParam is false + * Default scope to be used if none is provided and requireScopeParam() is false + * @param string $default Name of the default scope * @param self */ public function setDefaultScope($default = null) diff --git a/src/League/OAuth2/Server/Entities/AbstractToken.php b/src/League/OAuth2/Server/Entities/AbstractToken.php index 7a839a9d..c5b5b391 100644 --- a/src/League/OAuth2/Server/Entities/AbstractToken.php +++ b/src/League/OAuth2/Server/Entities/AbstractToken.php @@ -1,64 +1,80 @@ + * @copyright Copyright (c) PHP League of Extraordinary Packages + * @license http://mit-license.org/ + * @link http://github.com/php-loep/oauth2-server + */ namespace League\OAuth2\Server\Entities; use League\OAuth2\Server\Storage\SessionStorageInterface; -use Symfony\Component\HttpFoundation\ParameterBag; use League\OAuth2\Server\Util\SecureKey; +use League\OAuth2\Server\Exception\ServerException; +use \League\OAuth2\Server\Authorization; +use \League\OAuth2\Server\Resource; +use Symfony\Component\HttpFoundation\ParameterBag; +/** + * Abstract token class + */ abstract class AbstractToken { /** * Access token ID * @var string */ - protected $token = null; + protected $token; /** - * Access token storage - * @var \League\OAuth2\Server\Storage\AccessTokenInterface + * Session ID + * @var string */ - protected $storage = null; - - /** - * Session storage - * @var \League\OAuth2\Server\Storage\SessionInterface - */ - protected $sessionStorage = null; + protected $sessionId; /** * Associated session * @var \League\OAuth2\Server\Session */ - protected $session = null; + protected $session; /** * Session scopes * @var \Symfony\Component\HttpFoundation\ParameterBag */ - protected $scopes = null; + protected $scopes; + + /** + * Token expire time + * @var int + */ + protected $expireTime = 0; + + /** + * Authorization or resource server + * @var \League\OAuth2\Server\Authorization|\League\OAuth2\Server\Resource + */ + protected $server; /** * __construct - * @param mixed $storage + * @param \League\OAuth2\Server\Authorization|\League\OAuth2\Server\Resource $server * @return self */ - public function __construct($storage) + public function __construct($server) { - $this->storage = $storage; + if (! $server instanceof Authorization && ! $server instanceof Resource) { + throw new ServerException('No instance of Authorization or Resource server injected'); + } + + $this->server = $server; $this->scopes = new ParameterBag(); return $this; } - /** - * Get storage - * @return AccessTokenInterface - */ - public function getStorage() - { - return $this->storage; - } - /** * Set session * @param \League\OAuth2\Server\Session $session @@ -76,55 +92,35 @@ abstract class AbstractToken */ public function getSession() { - return $this->session; + if ($this->session instanceof Session) { + return $this->session; + } + + if ($this->sessionId !== null) { + $session = $this->server->getStorage('session')->getSession($this->sessionId); + } + + throw new ServerException('No session ID set for this token'); } /** - * Set token TTL - * @param integer $ttl TTL in seconds + * Set the expire time of the token + * @param integer $expireTime Unix time stamp * @return self */ - public function setTTL($ttl = 0) + public function setExpireTime($expireTime) { - $this->ttl = $ttl; + $this->expireTime = $expireTime; return $this; } /** - * Get token TTL - * @return integer - */ - public function getTTL() - { - return $this->ttl; - } - - /** - * Set the creation timestamp - * @param integer $timestamp Unix timestamp - * @return self - */ - public function setTimestamp($timestamp = 0) - { - $this->timestamp = $timestamp; - } - - /** - * Get access token creation timestamp - * @return integer Unix timestamp - */ - public function getTimestamp() - { - return $this->timestamp; - } - - /** - * Return creation timestamp + TTL + * Return token expire time * @return int */ public function getExpireTime() { - return $this->getTimestamp() + $this->getTTL(); + return $this->expireTime; } /** @@ -181,8 +177,14 @@ abstract class AbstractToken } /** - * Save the token to the database - * @return self + * Expire the token + * @return void */ - abstract function save(); + abstract public function expire(); + + /** + * Save the token + * @return void + */ + abstract public function save(); } diff --git a/src/League/OAuth2/Server/Entities/AccessToken.php b/src/League/OAuth2/Server/Entities/AccessToken.php index 4f52d32f..5c48c2d4 100644 --- a/src/League/OAuth2/Server/Entities/AccessToken.php +++ b/src/League/OAuth2/Server/Entities/AccessToken.php @@ -1,28 +1,33 @@ + * @copyright Copyright (c) PHP League of Extraordinary Packages + * @license http://mit-license.org/ + * @link http://github.com/php-loep/oauth2-server + */ namespace League\OAuth2\Server\Entities; use League\OAuth2\Server\Storage\SessionStorageInterface; use League\OAuth2\Server\Storage\AccessTokenInterface; -use Symfony\Component\HttpFoundation\ParameterBag; use League\OAuth2\Server\Util\SecureKey; use League\OAuth2\Server\Exception\InvalidAccessTokenException; +use Symfony\Component\HttpFoundation\ParameterBag; +/** + * Access token entity class + */ class AccessToken extends AbstractToken { /** - * __construct - * @param AccessTokenInterface $storage - * @return self + * {@inheritdoc} */ - public function __construct(AccessTokenInterface $storage) - { - parent::__construct($storage); - } - public function save() { - $this->getStorage()->createAccessToken( + $this->server->getStorage('access_token')->createAccessToken( $this->getToken(), $this->getExpireTime(), $this->getSession()->getId() @@ -30,7 +35,7 @@ class AccessToken extends AbstractToken // Associate the scope with the token foreach ($this->getScopes() as $scope) { - $this->getStorage()->associateScope($this->getToken(), $scope->getId()); + $this->server->getStorage('access_token')->associateScope($this->getToken(), $scope->getId()); } return $this; diff --git a/src/League/OAuth2/Server/Entities/Client.php b/src/League/OAuth2/Server/Entities/Client.php index 59781892..684a86db 100644 --- a/src/League/OAuth2/Server/Entities/Client.php +++ b/src/League/OAuth2/Server/Entities/Client.php @@ -1,58 +1,144 @@ + * @copyright Copyright (c) PHP League of Extraordinary Packages + * @license http://mit-license.org/ + * @link http://github.com/php-loep/oauth2-server + */ namespace League\OAuth2\Server\Entities; +use League\OAuth2\Server\Exception\ServerException; +use League\OAuth2\Server\Authorization; +use League\OAuth2\Server\Resource; + +/** + * Client entity class + */ class Client { + /** + * Client identifier + * @var string + */ protected $id = null; + /** + * Client secret + * @var string + */ protected $secret = null; + /** + * Client name + * @var string + */ protected $name = null; + /** + * Client redirect URI + * @var string + */ protected $redirectUri = null; + /** + * Authorization or resource server + * @var \League\OAuth2\Server\Authorization|\League\OAuth2\Server\Resource + */ + protected $server; + + /** + * __construct + * @param \League\OAuth2\Server\Authorization|\League\OAuth2\Server\Resource $server + * @return self + */ + public function __construct($server) + { + if (! $server instanceof Authorization && ! $server instanceof Resource) { + throw new ServerException('No instance of Authorization or Resource server injected'); + } + } + + /** + * Set the client identifier + * @param string $id + * @return self + */ public function setId($id) { $this->id = $id; return $this; } + /** + * Return the client identifier + * @return string + */ public function getId() { return $this->id; } + /** + * Set the client secret + * @param string $secret + * @return self + */ public function setSecret($secret) { $this->secret = $secret; return $this; } + /** + * Return the client secret + * @return string + */ public function getSecret() { return $this->secret; } + /** + * Set the client name + * @param string $name + * @return self + */ public function setName($name) { $this->name = $name; return $this; } + /** + * Get the client name + * @return string + */ public function getName() { return $this->name; } + /** + * Set the client redirect URI + * @param string $redirectUri + * @return self + */ public function setRedirectUri($redirectUri) { $this->redirectUri = $redirectUri; return $this; } + /** + * Returnt the client redirect URI + * @return string + */ public function getRedirectUri() { return $this->redirectUri; } -} \ No newline at end of file +} diff --git a/src/League/OAuth2/Server/Entities/RefreshToken.php b/src/League/OAuth2/Server/Entities/RefreshToken.php index e8a89d59..8be3fc43 100644 --- a/src/League/OAuth2/Server/Entities/RefreshToken.php +++ b/src/League/OAuth2/Server/Entities/RefreshToken.php @@ -1,30 +1,36 @@ + * @copyright Copyright (c) PHP League of Extraordinary Packages + * @license http://mit-license.org/ + * @link http://github.com/php-loep/oauth2-server + */ namespace League\OAuth2\Server\Entities; use League\OAuth2\Server\Storage\SessionStorageInterface; use League\OAuth2\Server\Storage\RefreshTokenInterface; -use Symfony\Component\HttpFoundation\ParameterBag; use League\OAuth2\Server\Util\SecureKey; use League\OAuth2\Server\Exception\InvalidAccessTokenException; +use Symfony\Component\HttpFoundation\ParameterBag; +/** + * Refresh token entity class + */ class RefreshToken extends AbstractToken { + /** + * Access token associated to refresh token + * @var \League\OAuth2\Server\Entities\AccessToken + */ protected $accessToken; - /** - * __construct - * @param RefreshTokenInterface $storage - * @return self - */ - public function __construct(RefreshTokenInterface $storage) - { - parent::__construct($storage); - } - /** * Associate an access token - * @param AccessToken $accessToken + * @param \League\OAuth2\Server\Entities\AccessToken $accessToken * @return self */ public function setAccessToken(AccessToken $accessToken) @@ -43,11 +49,11 @@ class RefreshToken extends AbstractToken } /** - * (@inheritdoc) + * {@inheritdoc} */ public function save() { - $this->getStorage()->createAccessToken( + $this->server->getStorage('refresh_token')->createAccessToken( $this->getToken(), $this->getExpireTime(), $this->getAccessToken()->getToken() @@ -55,7 +61,7 @@ class RefreshToken extends AbstractToken // Associate the scope with the token foreach ($this->getScopes() as $scope) { - $this->getStorage()->associateScope($this->getToken(), $scope->getId()); + $this->server->getStorage('refresh_token')->associateScope($this->getToken(), $scope->getId()); } } } diff --git a/src/League/OAuth2/Server/Entities/Scope.php b/src/League/OAuth2/Server/Entities/Scope.php index 0b7be0fd..8d6ec4bd 100644 --- a/src/League/OAuth2/Server/Entities/Scope.php +++ b/src/League/OAuth2/Server/Entities/Scope.php @@ -1,30 +1,87 @@ + * @copyright Copyright (c) PHP League of Extraordinary Packages + * @license http://mit-license.org/ + * @link http://github.com/php-loep/oauth2-server + */ namespace League\OAuth2\Server\Entities; +/** + * Scope entity class + */ class Scope { - protected $id = null; + /** + * Scope identifier + * @var string + */ + protected $id; - protected $description = null; + /** + * Scope description + * @var string + */ + protected $description; + /** + * Authorization or resource server + * @var \League\OAuth2\Server\Authorization|\League\OAuth2\Server\Resource + */ + protected $server; + + /** + * __construct + * @param \League\OAuth2\Server\Authorization|\League\OAuth2\Server\Resource $server + * @return self + */ + public function __construct($server) + { + if (! $server instanceof Authorization && ! $server instanceof Resource) { + throw new ServerException('No instance of Authorization or Resource server injected'); + } + return $this; + } + + /** + * Set the scope identifer + * @param string $id The scope identifier + * @return self + */ public function setId($id) { $this->id = $id; return $this; } + /** + * Return the scope identifer + * @return string + */ public function getId() { return $this->id; } + /** + * Set the scope's descripton + * @param string $description + * @return self + */ public function setDescription($description) { $this->description = $description; return $this; } + /** + * Return the scope's description + * @return string + */ public function getDescription() { return $this->description; diff --git a/src/League/OAuth2/Server/Entities/Session.php b/src/League/OAuth2/Server/Entities/Session.php index 38b89877..050f4c5e 100644 --- a/src/League/OAuth2/Server/Entities/Session.php +++ b/src/League/OAuth2/Server/Entities/Session.php @@ -1,71 +1,112 @@ + * @copyright Copyright (c) PHP League of Extraordinary Packages + * @license http://mit-license.org/ + * @link http://github.com/php-loep/oauth2-server + */ namespace League\OAuth2\Server\Entities; -use OutOfBoundsException; use League\OAuth2\Server\Exception\OAuth2Exception; use League\OAuth2\Server\Storage\SessionInterface; +use League\OAuth2\Server\Exception\ServerException; +use League\OAuth2\Server\Authorization; +use League\OAuth2\Server\Resource; use Symfony\Component\HttpFoundation\ParameterBag; +/** + * Session entity grant + */ class Session { /** - * Session ID + * Session identifier * @var string */ - protected $id = null; - - protected $clientId = null; - - protected $ownerId = null; - - protected $ownerType = null; - - protected $authCode = null; - - protected $accessToken = null; - - protected $refreshToken = null; + protected $id; /** - * Session storage - * @var \League\OAuth2\Server\Storage\SessionInterface + * Client identifier + * @var string */ - protected $storage = null; + protected $clientId; + + /** + * Session owner identifier + * @var string + */ + protected $ownerId; + + /** + * Session owner type (e.g. "user") + * @var string + */ + protected $ownerType; + + /** + * Auth code + * @var \League\OAuth2\Server\Entities\AuthCode + */ + protected $authCode; + + /** + * Access token + * @var \League\OAuth2\Server\Entities\AccessToken + */ + protected $accessToken; + + /** + * Refresh token + * @var \League\OAuth2\Server\Entities\RefreshToken + */ + protected $refreshToken; /** * Session scopes * @var \Symfony\Component\HttpFoundation\ParameterBag */ - protected $scopes = null; + protected $scopes; /** - * Constuctor - * @param SessionInterface $storage + * Authorization or resource server + * @var \League\OAuth2\Server\Authorization|\League\OAuth2\Server\Resource + */ + protected $server; + + /** + * __construct + * @param \League\OAuth2\Server\Authorization|\League\OAuth2\Server\Resource $server * @return self */ - public function __construct(SessionInterface $storage) + public function __construct($server) { - $this->storage = $storage; + if (! $server instanceof Authorization && ! $server instanceof Resource) { + throw new ServerException('No instance of Authorization or Resource server injected'); + } + $this->scopes = new ParameterBag(); return $this; } /** - * Get storage - * @return SessionInterface + * Set the session identifier + * @param string $id + * @return self */ - public function getStorage() - { - return $this->storage; - } - public function setId($id) { $this->id = $id; return $this; } + /** + * Return the session identifier + * @return string + */ public function getId() { return $this->id; @@ -95,41 +136,62 @@ class Session return $this->scopes->has($scope); } + /** + * Return all scopes associated with the session + * @return array Array of \League\OAuth2\Server\Entities\Scope + */ public function getScopes() { - return $this->scopes; - } - - public function associateAccessToken(AccessToken $accessToken) - { - $this->accessToken = $accessToken; - } - - public function associateRefreshToken(RefreshToken $refreshToken) - { - $this->refreshToken = $refreshToken; - } - - public function associateAuthCode(AuthCode $authCode) - { - $this->authCode = $authCode; + return $this->scopes->all(); } /** - * Associate a client - * @param League\OAuth2\Server\Client $client The client + * Associate an access token with the session + * @param \League\OAuth2\Server\Entities\AccessToken $accessToken + * @return self + */ + public function associateAccessToken(AccessToken $accessToken) + { + $this->accessToken = $accessToken; + return $this; + } + + /** + * Associate a refresh token with the session + * @param \League\OAuth2\Server\Entities\RefreshToken $refreshToken + * @return self + */ + public function associateRefreshToken(RefreshToken $refreshToken) + { + $this->refreshToken = $refreshToken; + return $this; + } + + /** + * Associate an authorization code with the session + * @param \League\OAuth2\Server\Entities\AuthCode $authCode + * @return self + */ + public function associateAuthCode(AuthCode $authCode) + { + $this->authCode = $authCode; + return $this; + } + + /** + * Associate a client with the session + * @param League\OAuth2\Server\Entities\Client $client The client * @return self */ public function associateClient(Client $client) { $this->client = $client; - return $this; } /** - * Return client - * @return League\OAuth2\Server\Client + * Return the session client + * @return League\OAuth2\Server\Entities\Client */ public function getClient() { @@ -139,7 +201,7 @@ class Session /** * Set the session owner * @param string $type The type of the owner (e.g. user, app) - * @param string $id The ID of the owner + * @param string $id The identifier of the owner * @return self */ public function setOwner($type, $id) @@ -151,7 +213,7 @@ class Session } /** - * Return session owner ID + * Return session owner identifier * @return string */ public function getOwnerId() @@ -168,10 +230,14 @@ class Session return $this->ownerType; } + /** + * Save the session + * @return void + */ public function save() { - // Save the session and get an ID - $id = $this->getStorage()->createSession( + // Save the session and get an identifier + $id = $this->server->getStorage('session')->createSession( $this->getOwnerType(), $this->getOwnerId(), $this->getClient()->getId(), @@ -182,7 +248,7 @@ class Session // Associate the scope with the session foreach ($this->getScopes() as $scope) { - $this->getStorage()->associateScope($this->getId(), $scope->getId()); + $this->server->getStorage('session')->associateScope($this->getId(), $scope->getId()); } } } diff --git a/src/League/OAuth2/Server/Exception/ClientException.php b/src/League/OAuth2/Server/Exception/ClientException.php index e9839a74..e7f60dd9 100644 --- a/src/League/OAuth2/Server/Exception/ClientException.php +++ b/src/League/OAuth2/Server/Exception/ClientException.php @@ -2,9 +2,9 @@ /** * OAuth 2.0 Client Exception * - * @package php-loep/oauth2-server + * @package league/oauth2-server * @author Alex Bilbie - * @copyright Copyright (c) 2013 PHP League of Extraordinary Packages + * @copyright Copyright (c) PHP League of Extraordinary Packages * @license http://mit-license.org/ * @link http://github.com/php-loep/oauth2-server */ diff --git a/src/League/OAuth2/Server/Exception/InvalidAccessTokenException.php b/src/League/OAuth2/Server/Exception/InvalidAccessTokenException.php index b9bb5462..2f285094 100644 --- a/src/League/OAuth2/Server/Exception/InvalidAccessTokenException.php +++ b/src/League/OAuth2/Server/Exception/InvalidAccessTokenException.php @@ -2,9 +2,9 @@ /** * OAuth 2.0 Invalid Access Token Exception * - * @package php-loep/oauth2-server + * @package league/oauth2-server * @author Alex Bilbie - * @copyright Copyright (c) 2013 PHP League of Extraordinary Packages + * @copyright Copyright (c) PHP League of Extraordinary Packages * @license http://mit-license.org/ * @link http://github.com/php-loep/oauth2-server */ diff --git a/src/League/OAuth2/Server/Exception/InvalidGrantTypeException.php b/src/League/OAuth2/Server/Exception/InvalidGrantTypeException.php index c6318f8f..7d797c7f 100644 --- a/src/League/OAuth2/Server/Exception/InvalidGrantTypeException.php +++ b/src/League/OAuth2/Server/Exception/InvalidGrantTypeException.php @@ -2,9 +2,9 @@ /** * OAuth 2.0 Invalid Grant Type Exception * - * @package php-loep/oauth2-server + * @package league/oauth2-server * @author Alex Bilbie - * @copyright Copyright (c) 2013 PHP League of Extraordinary Packages + * @copyright Copyright (c) PHP League of Extraordinary Packages * @license http://mit-license.org/ * @link http://github.com/php-loep/oauth2-server */ diff --git a/src/League/OAuth2/Server/Exception/OAuth2Exception.php b/src/League/OAuth2/Server/Exception/OAuth2Exception.php index 0b8f68a8..d618a47d 100644 --- a/src/League/OAuth2/Server/Exception/OAuth2Exception.php +++ b/src/League/OAuth2/Server/Exception/OAuth2Exception.php @@ -2,9 +2,9 @@ /** * OAuth 2.0 Base Exception * - * @package php-loep/oauth2-server + * @package league/oauth2-server * @author Alex Bilbie - * @copyright Copyright (c) 2013 PHP League of Extraordinary Packages + * @copyright Copyright (c) PHP League of Extraordinary Packages * @license http://mit-license.org/ * @link http://github.com/php-loep/oauth2-server */ diff --git a/src/League/OAuth2/Server/Exception/ServerException.php b/src/League/OAuth2/Server/Exception/ServerException.php index 4827f47f..8f7adcfa 100644 --- a/src/League/OAuth2/Server/Exception/ServerException.php +++ b/src/League/OAuth2/Server/Exception/ServerException.php @@ -2,9 +2,9 @@ /** * OAuth 2.0 Server Exception * - * @package php-loep/oauth2-server + * @package league/oauth2-server * @author Alex Bilbie - * @copyright Copyright (c) 2013 PHP League of Extraordinary Packages + * @copyright Copyright (c) PHP League of Extraordinary Packages * @license http://mit-license.org/ * @link http://github.com/php-loep/oauth2-server */ diff --git a/src/League/OAuth2/Server/Grant/GrantTrait.php b/src/League/OAuth2/Server/Grant/AbstractGrant.php similarity index 58% rename from src/League/OAuth2/Server/Grant/GrantTrait.php rename to src/League/OAuth2/Server/Grant/AbstractGrant.php index 438e34f2..cb27b2ca 100644 --- a/src/League/OAuth2/Server/Grant/GrantTrait.php +++ b/src/League/OAuth2/Server/Grant/AbstractGrant.php @@ -1,10 +1,10 @@ - * @copyright Copyright (c) 2013 PHP League of Extraordinary Packages + * @copyright Copyright (c) PHP League of Extraordinary Packages * @license http://mit-license.org/ * @link http://github.com/php-loep/oauth2-server */ @@ -12,16 +12,42 @@ namespace League\OAuth2\Server\Grant; use League\OAuth2\Server\Authorization; +use League\OAuth2\Server\Entities\Scope; -trait GrantTrait { +/** + * Abstract grant class + */ +abstract class AbstractGrant implements GrantTypeInterface +{ + /** + * Grant identifier + * @var string + */ + protected $identifier = ''; /** - * Constructor - * @return void + * Response type + * @var string */ - public function __construct() - { - } + protected $responseType = null; + + /** + * Callback to authenticate a user's name and password + * @var function + */ + protected $callback = null; + + /** + * AuthServer instance + * @var AuthServer + */ + protected $server = null; + + /** + * Access token expires in override + * @var int + */ + protected $accessTokenTTL = null; /** * Return the identifier @@ -74,6 +100,12 @@ trait GrantTrait { return $this; } + /** + * Given a list of scopes, validate them and return an arrary of Scope entities + * @param string $scopeParam A string of scopes (e.g. "profile email birthday") + * @return array + * @throws ClientException If scope is invalid, or no scopes passed when required + */ public function validateScopes($scopeParam = '') { $scopesList = explode($this->server->getScopeDelimeter(), $scopeParam); @@ -100,24 +132,37 @@ trait GrantTrait { $scopes = []; foreach ($scopesList as $scopeItem) { - $scopeDetails = $this->server->getStorage('scope')->getScope( + $scope = $this->server->getStorage('scope')->getScope( $scopeItem, - $client->getId(), $this->getIdentifier() ); - if ($scopeDetails === false) { + if (($scope instanceof Scope) === false) { throw new ClientException(sprintf($this->server->getExceptionMessage('invalid_scope'), $scopeItem), 4); } - $scope = new Scope($this->server->getStorage('scope')); - $scope->setId($scopeDetails['id']); - $scope->setName($scopeDetails['name']); - $scopes[] = $scope; } return $scopes; } + /** + * Complete the grant flow + * + * Example response: + * 
+     *  array(
+     *      'access_token'  =>  (string),   // The access token
+     *      'refresh_token' =>  (string),   // The refresh token (only set if the refresh token grant is enabled)
+     *      'token_type'    =>  'bearer',   // Almost always "bearer" (exceptions: JWT, SAML)
+     *      'expires'       =>  (int),      // The timestamp of when the access token will expire
+     *      'expires_in'    =>  (int)       // The number of seconds before the access token will expire
+     *  )
+     *
+ * + * @return array An array of parameters to be passed back to the client + */ + abstract public function completeFlow(); + } diff --git a/src/League/OAuth2/Server/Grant/AuthCode.php b/src/League/OAuth2/Server/Grant/AuthCode.php index bf968980..41f0de13 100644 --- a/src/League/OAuth2/Server/Grant/AuthCode.php +++ b/src/League/OAuth2/Server/Grant/AuthCode.php @@ -2,9 +2,9 @@ /** * OAuth 2.0 Auth code grant * - * @package php-loep/oauth2-server + * @package league/oauth2-server * @author Alex Bilbie - * @copyright Copyright (c) 2013 PHP League of Extraordinary Packages + * @copyright Copyright (c) PHP League of Extraordinary Packages * @license http://mit-license.org/ * @link http://github.com/php-loep/oauth2-server */ diff --git a/src/League/OAuth2/Server/Grant/ClientCredentials.php b/src/League/OAuth2/Server/Grant/ClientCredentials.php index 7d9bff3b..5e718e1d 100644 --- a/src/League/OAuth2/Server/Grant/ClientCredentials.php +++ b/src/League/OAuth2/Server/Grant/ClientCredentials.php @@ -2,9 +2,9 @@ /** * OAuth 2.0 Client credentials grant * - * @package php-loep/oauth2-server + * @package league/oauth2-server * @author Alex Bilbie - * @copyright Copyright (c) 2013 PHP League of Extraordinary Packages + * @copyright Copyright (c) PHP League of Extraordinary Packages * @license http://mit-license.org/ * @link http://github.com/php-loep/oauth2-server */ @@ -25,10 +25,8 @@ use League\OAuth2\Server\Storage\ScopeInterface; /** * Client credentials grant class */ -class ClientCredentials implements GrantTypeInterface +class ClientCredentials extends AbstractGrant { - use GrantTrait; - /** * Grant identifier * @var string @@ -78,35 +76,30 @@ class ClientCredentials implements GrantTypeInterface } // Validate client ID and client secret - $clientDetails = $this->server->getStorage('client')->getClient( + $client = $this->server->getStorage('client')->getClient( $clientId, $clientSecret, null, $this->getIdentifier() ); - if ($clientDetails === false) { + if (($client instanceof Client) === false) { throw new ClientException(Authorization::getExceptionMessage('invalid_client'), 8); } - $client = new Client; - $client->setId($clientDetails['id']); - $client->setSecret($clientDetails['secret']); - // Validate any scopes that are in the request $scopeParam = $this->server->getRequest()->request->get('scope', ''); $scopes = $this->validateScopes($scopeParam); // Create a new session - $session = new Session($this->server->getStorage('session')); + $session = new Session(); $session->setOwner('client', $client->getId()); $session->associateClient($client); // Generate an access token - $accessToken = new AccessToken($this->server->getStorage('access_token')); - $accessToken->setId(SecureKey::make()); - $accessToken->setTimestamp(time()); - $accessToken->setTTL($this->server->getAccessTokenTTL()); + $accessToken = new AccessToken(); + $accessToken->setToken(SecureKey::make()); + $accessToken->setExpireTime($this->server->getAccessTokenTTL() + time()); // Associate scopes with the session and access token foreach ($scopes as $scope) { @@ -115,18 +108,17 @@ class ClientCredentials implements GrantTypeInterface } // Save everything - $session->save(); + $session->save($this->server->getStorage('session')); $accessToken->setSession($session); - $accessToken->save(); + $accessToken->save($this->server->getStorage('access_token')); $response = [ - 'access_token' => $accessToken->getId(), + 'access_token' => $accessToken->getToken(), 'token_type' => 'Bearer', 'expires' => $accessToken->getExpireTime(), - 'expires_in' => $accessToken->getTTL() + 'expires_in' => $this->server->getAccessTokenTTL() ]; return $response; } - } diff --git a/src/League/OAuth2/Server/Grant/GrantTypeInterface.php b/src/League/OAuth2/Server/Grant/GrantTypeInterface.php index 18ef774b..f71d6186 100644 --- a/src/League/OAuth2/Server/Grant/GrantTypeInterface.php +++ b/src/League/OAuth2/Server/Grant/GrantTypeInterface.php @@ -2,9 +2,9 @@ /** * OAuth 2.0 Grant type interface * - * @package php-loep/oauth2-server + * @package league/oauth2-server * @author Alex Bilbie - * @copyright Copyright (c) 2013 PHP League of Extraordinary Packages + * @copyright Copyright (c) PHP League of Extraordinary Packages * @license http://mit-license.org/ * @link http://github.com/php-loep/oauth2-server */ @@ -19,30 +19,14 @@ use League\OAuth2\Server\Storage\SessionInterface; use League\OAuth2\Server\Storage\ClientInterface; use League\OAuth2\Server\Storage\ScopeInterface; +/** + * Grant type interface + */ interface GrantTypeInterface { - /** - * Constructor - * - * @return void - */ - public function __construct(); - /** * Complete the grant flow - * - * Example response: - * - * array( - * 'access_token' => (string), // The access token - * 'refresh_token' => (string), // The refresh token (only set if the refresh token grant is enabled) - * 'token_type' => 'bearer', // Almost always "bearer" (exceptions: JWT, SAML) - * 'expires' => (int), // The timestamp of when the access token will expire - * 'expires_in' => (int) // The number of seconds before the access token will expire - * ) - * - * - * @return array An array of parameters to be passed back to the client + * @return array */ public function completeFlow(); } diff --git a/src/League/OAuth2/Server/Grant/Implicit.php b/src/League/OAuth2/Server/Grant/Implicit.php index a41c05a6..33eb3491 100644 --- a/src/League/OAuth2/Server/Grant/Implicit.php +++ b/src/League/OAuth2/Server/Grant/Implicit.php @@ -2,9 +2,9 @@ /** * OAuth 2.0 implicit grant * - * @package php-loep/oauth2-server + * @package league/oauth2-server * @author Alex Bilbie - * @copyright Copyright (c) 2013 PHP League of Extraordinary Packages + * @copyright Copyright (c) PHP League of Extraordinary Packages * @license http://mit-license.org/ * @link http://github.com/php-loep/oauth2-server */ @@ -52,10 +52,9 @@ class Implicit implements GrantTypeInterface { /** * Complete the client credentials grant - * @param null|array $inputParams * @return array */ - public function completeFlow($authParams = null) + public function completeFlow() { // Remove any old sessions the user might have $this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'user', $authParams['user_id']); diff --git a/src/League/OAuth2/Server/Grant/Password.php b/src/League/OAuth2/Server/Grant/Password.php index 91e6e5c3..85231dff 100644 --- a/src/League/OAuth2/Server/Grant/Password.php +++ b/src/League/OAuth2/Server/Grant/Password.php @@ -2,9 +2,9 @@ /** * OAuth 2.0 Password grant * - * @package php-loep/oauth2-server + * @package league/oauth2-server * @author Alex Bilbie - * @copyright Copyright (c) 2013 PHP League of Extraordinary Packages + * @copyright Copyright (c) PHP League of Extraordinary Packages * @license http://mit-license.org/ * @link http://github.com/php-loep/oauth2-server */ @@ -27,10 +27,8 @@ use League\OAuth2\Server\Storage\ScopeInterface; /** * Password grant class */ -class Password implements GrantTypeInterface { - - use GrantTrait; - +class Password extends AbstractGrant +{ /** * Grant identifier * @var string @@ -109,23 +107,17 @@ class Password implements GrantTypeInterface { } // Validate client ID and client secret - $clientDetails = $this->server->getStorage('client')->getClient( + $client = $this->server->getStorage('client')->getClient( $clientId, $clientSecret, null, $this->getIdentifier() ); - if ($clientDetails === false) { + if (($client instanceof Client) === false) { throw new ClientException(Authorization::getExceptionMessage('invalid_client'), 8); } - $client = new Client; - $client->setId($clientDetails['id']); - $client->setSecret($clientDetails['secret']); - - - $username = $this->server->getRequest()->request->get('username', null); if (is_null($username)) { throw new ClientException( @@ -146,7 +138,7 @@ class Password implements GrantTypeInterface { $userId = call_user_func($this->getVerifyCredentialsCallback(), $username, $password); if ($userId === false) { - throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_credentials'), 0); + throw new ClientException($this->server->getExceptionMessage('invalid_credentials'), 0); } // Validate any scopes that are in the request @@ -154,15 +146,14 @@ class Password implements GrantTypeInterface { $scopes = $this->validateScopes($scopeParam); // Create a new session - $session = new Session($this->server->getStorage('session')); + $session = new Session($this->server); $session->setOwner('user', $userId); $session->associateClient($client); // Generate an access token - $accessToken = new AccessToken($this->server->getStorage('access_token')); - $accessToken->setId(SecureKey::make()); - $accessToken->setTimestamp(time()); - $accessToken->setTTL($this->server->getAccessTokenTTL()); + $accessToken = new AccessToken($this->server); + $accessToken->setToken(SecureKey::make()); + $accessToken->setExpireTime($this->server->getAccessTokenTTL() + time()); // Associate scopes with the session and access token foreach ($scopes as $scope) { @@ -171,29 +162,28 @@ class Password implements GrantTypeInterface { } $response = [ - 'access_token' => $accessToken->getId(), + 'access_token' => $accessToken->getToken(), 'token_type' => 'Bearer', 'expires' => $accessToken->getExpireTime(), - 'expires_in' => $accessToken->getTTL() + 'expires_in' => $this->server->getAccessTokenTTL() ]; // Associate a refresh token if set if ($this->server->hasGrantType('refresh_token')) { - $refreshToken = new RefreshToken($this->server->getStorage('refresh_token')); - $refreshToken->setId(SecureKey::make()); - $refreshToken->setTimestamp(time()); - $refreshToken->setTTL($this->server->getGrantType('refresh_token')->getRefreshTokenTTL()); - $response['refresh_token'] = $refreshToken->getId(); + $refreshToken = new RefreshToken($this->server); + $refreshToken->setToken(SecureKey::make()); + $refreshToken->setExpireTime($this->server->getGrantType('refresh_token')->getRefreshTokenTTL() + time()); + $response['refresh_token'] = $refreshToken->getToken(); } // Save everything - $session->save(); + $session->save($this->server->getStorage('session')); $accessToken->setSession($session); - $accessToken->save(); + $accessToken->save($this->server->getStorage('access_token')); if ($this->server->hasGrantType('refresh_token')) { $refreshToken->setAccessToken($accessToken); - $refreshToken->save(); + $refreshToken->save($this->server->getStorage('refresh_token')); } return $response; diff --git a/src/League/OAuth2/Server/Grant/RefreshToken.php b/src/League/OAuth2/Server/Grant/RefreshToken.php index baea674a..067aaa8a 100644 --- a/src/League/OAuth2/Server/Grant/RefreshToken.php +++ b/src/League/OAuth2/Server/Grant/RefreshToken.php @@ -2,9 +2,9 @@ /** * OAuth 2.0 Refresh token grant * - * @package php-loep/oauth2-server + * @package league/oauth2-server * @author Alex Bilbie - * @copyright Copyright (c) 2013 PHP League of Extraordinary Packages + * @copyright Copyright (c) PHP League of Extraordinary Packages * @license http://mit-license.org/ * @link http://github.com/php-loep/oauth2-server */ @@ -18,50 +18,27 @@ use League\OAuth2\Server\Util\SecureKey; use League\OAuth2\Server\Storage\SessionInterface; use League\OAuth2\Server\Storage\ClientInterface; use League\OAuth2\Server\Storage\ScopeInterface; +use League\OAuth2\Server\Entities\RefreshToken as RT; +use League\OAuth2\Server\Entities\AccessToken; +use League\OAuth2\Server\Entities\Session; +use League\OAuth2\Server\Exception\ClientException; /** * Referesh token grant */ -class RefreshToken implements GrantTypeInterface { - - use GrantTrait; - +class RefreshToken extends AbstractGrant +{ /** - * Grant identifier - * @var string + * {@inheritdoc} */ protected $identifier = 'refresh_token'; /** - * Response type - * @var string - */ - protected $responseType = null; - - /** - * AuthServer instance - * @var AuthServer - */ - protected $authServer = null; - - /** - * Access token expires in override - * @var int - */ - protected $accessTokenTTL = null; - - /** - * Refresh token TTL + * Refresh token TTL (default = 604800 | 1 week) * @var integer */ protected $refreshTokenTTL = 604800; - /** - * Rotate refresh tokens - * @var boolean - */ - protected $rotateRefreshTokens = false; - /** * Set the TTL of the refresh token * @param int $refreshTokenTTL @@ -82,126 +59,110 @@ class RefreshToken implements GrantTypeInterface { } /** - * When a new access is token, expire the refresh token used and issue a new one. - * @param boolean $rotateRefreshTokens Set to true to enable (default = false) - * @return void + * {@inheritdoc} */ - public function rotateRefreshTokens($rotateRefreshTokens = false) + public function completeFlow() { - $this->rotateRefreshTokens = $rotateRefreshTokens; - } - - /** - * Complete the refresh token grant - * @param null|array $inputParams - * @return array - */ - public function completeFlow($inputParams = null) - { - // Get the required params - $authParams = $this->authServer->getParam(array('client_id', 'client_secret', 'refresh_token', 'scope'), 'post', $inputParams); - - if (is_null($authParams['client_id'])) { - throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_id'), 0); + $clientId = $this->server->getRequest()->request->get('client_id', null); + if (is_null($clientId)) { + throw new Exception\ClientException( + sprintf($this->server->getExceptionMessage('invalid_request'), 'client_id'), + 0 + ); } - if (is_null($authParams['client_secret'])) { - throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_secret'), 0); + $clientSecret = $this->server->getRequest()->request->get('client_secret', null); + if (is_null($clientSecret)) { + throw new Exception\ClientException( + sprintf($this->server->getExceptionMessage('invalid_request'), 'client_secret'), + 0 + ); } // Validate client ID and client secret - $clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret'], null, $this->identifier); + $client = $this->server->getStorage('client')->getClient( + $clientId, + $clientSecret, + null, + $this->getIdentifier() + ); - if ($clientDetails === false) { - throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_client'), 8); + if ($client === null) { + throw new ClientException(Authorization::getExceptionMessage('invalid_client'), 8); } - $authParams['client_details'] = $clientDetails; - - if (is_null($authParams['refresh_token'])) { - throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'refresh_token'), 0); + $oldRefreshTokenParam = $this->server->getRequest()->request->get('refresh_token', null); + if ($oldRefreshTokenParam === null) { + throw new Exception\ClientException( + sprintf($this->server->getExceptionMessage('invalid_request'), 'refresh_token'), + 0 + ); } // Validate refresh token - $accessTokenId = $this->authServer->getStorage('session')->validateRefreshToken($authParams['refresh_token'], $authParams['client_id']); + $oldRefreshToken = $this->server->getStorage('refresh_token')->getToken($oldRefreshTokenParam); - if ($accessTokenId === false) { - throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_refresh'), 0); + if (($oldRefreshToken instanceof RT) === false) { + throw new Exception\ClientException($this->server->getExceptionMessage('invalid_refresh'), 0); } - // Get the existing access token - $accessTokenDetails = $this->authServer->getStorage('session')->getAccessToken($accessTokenId); + $oldAccessToken = $oldRefreshToken->getAccessToken(); - // Get the scopes for the existing access token - $scopes = $this->authServer->getStorage('session')->getScopes($accessTokenDetails['access_token']); + // Get the scopes for the original session + $session = $oldAccessToken->getSession(); + $scopes = $session->getScopes(); - // Generate new tokens and associate them to the session - $accessToken = SecureKey::make(); - $accessTokenExpiresIn = ($this->accessTokenTTL !== null) ? $this->accessTokenTTL : $this->authServer->getAccessTokenTTL(); - $accessTokenExpires = time() + $accessTokenExpiresIn; + // Get and validate any requested scopes + $requestedScopesString = $this->server->getRequest()->request->get('scope', ''); + $requestedScopes = $this->validateScopes($requestedScopesString); - // Associate the new access token with the session - $newAccessTokenId = $this->authServer->getStorage('session')->associateAccessToken($accessTokenDetails['session_id'], $accessToken, $accessTokenExpires); + // If no new scopes are requested then give the access token the original session scopes + if (count($requestedScopes) === 0) { + $newScopes = $scopes; + } else { + // The OAuth spec says that a refreshed access token can have the original scopes or fewer so ensure + // the request doesn't include any new scopes - if ($this->rotateRefreshTokens === true) { + foreach ($requestedScopes as $requestedScope) { + // if () + } - // Generate a new refresh token - $refreshToken = SecureKey::make(); - $refreshTokenExpires = time() + $this->getRefreshTokenTTL(); - - // Revoke the old refresh token - $this->authServer->getStorage('session')->removeRefreshToken($authParams['refresh_token']); - - // Associate the new refresh token with the new access token - $this->authServer->getStorage('session')->associateRefreshToken($newAccessTokenId, $refreshToken, $refreshTokenExpires, $authParams['client_id']); + $newScopes = $requestedScopes; } - // There isn't a request for reduced scopes so assign the original ones (or we're not rotating scopes) - if ( ! isset($authParams['scope'])) { + // Generate a new access token and assign it the correct sessions + $newAccessToken = new AccessToken(); + $newAccessToken->setToken(SecureKey::make()); + $newAccessToken->setExpireTime($this->server->getAccessTokenTTL() + time()); + $newAccessToken->setSession($session); - foreach ($scopes as $scope) { - $this->authServer->getStorage('session')->associateScope($newAccessTokenId, $scope['id']); - } - - } elseif ( isset($authParams['scope']) && $this->rotateRefreshTokens === true) { - - // The request is asking for reduced scopes and rotate tokens is enabled - $reqestedScopes = explode($this->authServer->getScopeDelimeter(), $authParams['scope']); - - for ($i = 0; $i < count($reqestedScopes); $i++) { - $reqestedScopes[$i] = trim($reqestedScopes[$i]); - if ($reqestedScopes[$i] === '') unset($reqestedScopes[$i]); // Remove any junk scopes - } - - // Check that there aren't any new scopes being included - $existingScopes = array(); - foreach ($scopes as $s) { - $existingScopes[] = $s['scope']; - } - - foreach ($reqestedScopes as $reqScope) { - if ( ! in_array($reqScope, $existingScopes)) { - throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'scope'), 0); - } - - // Associate with the new access token - $scopeDetails = $this->authServer->getStorage('scope')->getScope($reqScope, $authParams['client_id'], $this->identifier); - $this->authServer->getStorage('session')->associateScope($newAccessTokenId, $scopeDetails['id']); - } + foreach ($newScopes as $newScope) { + $newAccessToken->associateScope($newScope); } - $response = array( - 'access_token' => $accessToken, - 'token_type' => 'bearer', - 'expires' => $accessTokenExpires, - 'expires_in' => $accessTokenExpiresIn - ); + // Expire the old token and save the new one + $oldAccessToken->expire($this->server->getStorage('access_token')); + $newAccessToken->save($this->server->getStorage('access_token')); - if ($this->rotateRefreshTokens === true) { - $response['refresh_token'] = $refreshToken; - } + $response = [ + 'access_token' => $newAccessToken->getToken(), + 'token_type' => 'Bearer', + 'expires' => $newAccessToken->getExpireTime(), + 'expires_in' => $this->server->getAccessTokenTTL() + ]; + + // Expire the old refresh token + $oldRefreshToken->expire($this->server->getStorage('refresh_token')); + + // Generate a new refresh token + $newRefreshToken = new RT(); + $newRefreshToken->setToken(SecureKey::make()); + $newRefreshToken->setExpireTime($this->getRefreshTokenTTL() + time()); + $newRefreshToken->setAccessToken($newAccessToken); + $newRefreshToken->save($this->server->getStorage('refresh_token')); + + $response['refresh_token'] = $newRefreshToken->getToken(); return $response; } - } diff --git a/src/League/OAuth2/Server/Resource.php b/src/League/OAuth2/Server/Resource.php index ab9b91e6..1e2ea1f4 100644 --- a/src/League/OAuth2/Server/Resource.php +++ b/src/League/OAuth2/Server/Resource.php @@ -2,9 +2,9 @@ /** * OAuth 2.0 Resource Server * - * @package php-loep/oauth2-server + * @package league/oauth2-server * @author Alex Bilbie - * @copyright Copyright (c) 2013 PHP League of Extraordinary Packages + * @copyright Copyright (c) PHP League of Extraordinary Packages * @license http://mit-license.org/ * @link http://github.com/php-loep/oauth2-server */ @@ -257,10 +257,8 @@ class Resource /** * Checks if the presented access token has the given scope(s) - * - * @param array|string An array of scopes or a single scope as a string - * - * @return bool Returns bool if all scopes are found, false if any fail + * @param array|string $scopes An array of scopes or a single scope as a string + * @return bool Returns bool if all scopes are found, false if any fail */ public function hasScope($scopes) { diff --git a/src/League/OAuth2/Server/Storage/AccessTokenInterface.php b/src/League/OAuth2/Server/Storage/AccessTokenInterface.php index e2e5086d..79d2edb9 100644 --- a/src/League/OAuth2/Server/Storage/AccessTokenInterface.php +++ b/src/League/OAuth2/Server/Storage/AccessTokenInterface.php @@ -1,24 +1,56 @@ - * @copyright Copyright (c) 2013 PHP League of Extraordinary Packages + * @copyright Copyright (c) PHP League of Extraordinary Packages * @license http://mit-license.org/ * @link http://github.com/php-loep/oauth2-server */ namespace League\OAuth2\Server\Storage; +/** + * Access token interface + */ interface AccessTokenInterface { + /** + * Get an instance of Entites\AccessToken + * @param string $token The access token + * @return \League\OAuth2\Server\Entities\AccessToken + */ public function getToken($token); + /** + * Get the scopes for an access token + * @param string $token The access token + * @return array Array of \League\OAuth2\Server\Entities\Scope + */ public function getTokenScopes($token); + /** + * Creates a new access token + * @param string $token The access token + * @param integer $expireTime The expire time expressed as a unix timestamp + * @param string|integer $sessionId The session ID + * @return \League\OAuth2\Server\Entities\AccessToken + */ public function createAccessToken($token, $expireTime, $sessionId); - public function associateScope($token, $scopeId); + /** + * Associate a scope with an acess token + * @param string $token The access token + * @param string $scope The scope + * @return void + */ + public function associateScope($token, $scope); + + /** + * Delete an access token + * @param string $token The access token to delete + * @return void + */ + public function delete($token); } diff --git a/src/League/OAuth2/Server/Storage/Adapter.php b/src/League/OAuth2/Server/Storage/Adapter.php new file mode 100644 index 00000000..07414491 --- /dev/null +++ b/src/League/OAuth2/Server/Storage/Adapter.php @@ -0,0 +1,43 @@ + + * @copyright Copyright (c) PHP League of Extraordinary Packages + * @license http://mit-license.org/ + * @link http://github.com/php-loep/oauth2-server + */ + +namespace League\OAuth2\Server\Storage; + +/** + * Storage adapter class + */ +class Adapter +{ + /** + * Server + * @var \League\OAuth2\Server\Authorization|\League\OAuth2\Server\Resource $server + */ + protected $server; + + /** + * Set the server + * @param \League\OAuth2\Server\Authorization|\League\OAuth2\Server\Resource $server + */ + public function setServer($server) + { + $this->server = $server; + return $this; + } + + /** + * Return the server + * @return \League\OAuth2\Server\Authorization|\League\OAuth2\Server\Resource + */ + protected function getServer() + { + return $this->server; + } +} diff --git a/src/League/OAuth2/Server/Storage/AuthCodeInterface.php b/src/League/OAuth2/Server/Storage/AuthCodeInterface.php index c8e4831f..58add25d 100644 --- a/src/League/OAuth2/Server/Storage/AuthCodeInterface.php +++ b/src/League/OAuth2/Server/Storage/AuthCodeInterface.php @@ -1,18 +1,25 @@ - * @copyright Copyright (c) 2013 PHP League of Extraordinary Packages + * @copyright Copyright (c) PHP League of Extraordinary Packages * @license http://mit-license.org/ * @link http://github.com/php-loep/oauth2-server */ namespace League\OAuth2\Server\Storage; +/** + * Auth code storage interface + */ interface AuthCodeInterface { + /** + * Get the auth code + * @param string $code + * @return \League\OAuth2\Server\Entities\AuthCode + */ public function getCode($code); } diff --git a/src/League/OAuth2/Server/Storage/ClientInterface.php b/src/League/OAuth2/Server/Storage/ClientInterface.php index 2732976b..b21e4194 100644 --- a/src/League/OAuth2/Server/Storage/ClientInterface.php +++ b/src/League/OAuth2/Server/Storage/ClientInterface.php @@ -2,15 +2,18 @@ /** * OAuth 2.0 Client storage interface * - * @package php-loep/oauth2-server + * @package league/oauth2-server * @author Alex Bilbie - * @copyright Copyright (c) 2013 PHP League of Extraordinary Packages + * @copyright Copyright (c) PHP League of Extraordinary Packages * @license http://mit-license.org/ * @link http://github.com/php-loep/oauth2-server */ namespace League\OAuth2\Server\Storage; +/** + * Client storage interface + */ interface ClientInterface { /** @@ -38,23 +41,11 @@ interface ClientInterface * oauth_client_endpoints.redirect_uri = :redirectUri * * - * Response: - * - * - * Array - * ( - * [id] => (string) The client ID - * [secret] => (string) The client secret - * [redirect_uri] => (string) The redirect URI used in this request - * [name] => (string) The name of the client - * ) - * - * * @param string $clientId The client's ID * @param string $clientSecret The client's secret (default = "null") * @param string $redirectUri The client's redirect URI (default = "null") * @param string $grantType The grant type used in the request (default = "null") - * @return bool|array Returns false if the validation fails, array on success + * @return League\OAuth2\Server\Entities\Client|null */ public function getClient($clientId, $clientSecret = null, $redirectUri = null, $grantType = null); } diff --git a/src/League/OAuth2/Server/Storage/RefreshTokenInterface.php b/src/League/OAuth2/Server/Storage/RefreshTokenInterface.php index 68026121..e77fe37d 100644 --- a/src/League/OAuth2/Server/Storage/RefreshTokenInterface.php +++ b/src/League/OAuth2/Server/Storage/RefreshTokenInterface.php @@ -1,18 +1,41 @@ - * @copyright Copyright (c) 2013 PHP League of Extraordinary Packages + * @copyright Copyright (c) PHP League of Extraordinary Packages * @license http://mit-license.org/ * @link http://github.com/php-loep/oauth2-server */ namespace League\OAuth2\Server\Storage; +/** + * Refresh token interface + */ interface RefreshTokenInterface { - public function getToken($token, $clientId); + /** + * Return a new instance of \League\OAuth2\Server\Entities\RefreshToken + * @param string $token + * @return \League\OAuth2\Server\Entities\RefreshToken + */ + public function getToken($token); + + /** + * Create a new refresh token_name + * @param string $token + * @param integer $expireTime + * @param string $accessToken + * @return \League\OAuth2\Server\Entities\RefreshToken + */ + public function createRefreshToken($token, $expireTime, $accessToken); + + /** + * Delete the refresh token + * @param string $token + * @return void + */ + public function delete($token); } diff --git a/src/League/OAuth2/Server/Storage/ScopeInterface.php b/src/League/OAuth2/Server/Storage/ScopeInterface.php index 60efd9ca..a6d8b6ac 100644 --- a/src/League/OAuth2/Server/Storage/ScopeInterface.php +++ b/src/League/OAuth2/Server/Storage/ScopeInterface.php @@ -2,15 +2,18 @@ /** * OAuth 2.0 Scope storage interface * - * @package php-loep/oauth2-server + * @package league/oauth2-server * @author Alex Bilbie - * @copyright Copyright (c) 2013 PHP League of Extraordinary Packages + * @copyright Copyright (c) PHP League of Extraordinary Packages * @license http://mit-license.org/ * @link http://github.com/php-loep/oauth2-server */ namespace League\OAuth2\Server\Storage; +/** + * Scope interface + */ interface ScopeInterface { /** @@ -22,22 +25,9 @@ interface ScopeInterface * SELECT * FROM oauth_scopes WHERE scope = :scope * * - * Response: - * - * - * Array - * ( - * [id] => (int) The scope's ID - * [scope] => (string) The scope itself - * [name] => (string) The scope's name - * [description] => (string) The scope's description - * ) - * - * * @param string $scope The scope - * @param string $clientId The client ID (default = "null") * @param string $grantType The grant type used in the request (default = "null") * @return bool|array If the scope doesn't exist return false */ - public function getScope($scope, $clientId = null, $grantType = null); + public function getScope($scope, $grantType = null); } diff --git a/src/League/OAuth2/Server/Storage/SessionInterface.php b/src/League/OAuth2/Server/Storage/SessionInterface.php index a5cd62f7..c5bc767e 100644 --- a/src/League/OAuth2/Server/Storage/SessionInterface.php +++ b/src/League/OAuth2/Server/Storage/SessionInterface.php @@ -1,27 +1,24 @@ - * @copyright Copyright (c) 2013 PHP League of Extraordinary Packages + * @copyright Copyright (c) PHP League of Extraordinary Packages * @license http://mit-license.org/ * @link http://github.com/php-loep/oauth2-server */ namespace League\OAuth2\Server\Storage; +/** + * Session storage interface + */ interface SessionInterface { /** * Get a session * - * Response: - * - * - * - * * @param int $sessionId * @return array (As described above) */ diff --git a/src/League/OAuth2/Server/Util/RedirectUri.php b/src/League/OAuth2/Server/Util/RedirectUri.php index ced04113..517fca1a 100644 --- a/src/League/OAuth2/Server/Util/RedirectUri.php +++ b/src/League/OAuth2/Server/Util/RedirectUri.php @@ -2,9 +2,9 @@ /** * OAuth 2.0 Redirect URI generator * - * @package php-loep/oauth2-server + * @package league/oauth2-server * @author Alex Bilbie - * @copyright Copyright (c) 2013 PHP League of Extraordinary Packages + * @copyright Copyright (c) PHP League of Extraordinary Packages * @license http://mit-license.org/ * @link http://github.com/php-loep/oauth2-server */ diff --git a/src/League/OAuth2/Server/Util/RequestInterface.php b/src/League/OAuth2/Server/Util/RequestInterface.php deleted file mode 100644 index 00b8dc8e..00000000 --- a/src/League/OAuth2/Server/Util/RequestInterface.php +++ /dev/null @@ -1,29 +0,0 @@ - - * @copyright Copyright (c) 2013 PHP League of Extraordinary Packages - * @license http://mit-license.org/ - * @link http://github.com/php-loep/oauth2-server - */ - -namespace League\OAuth2\Server\Util; - -interface RequestInterface -{ - - public function get($index = null); - - public function post($index = null); - - public function cookie($index = null); - - public function file($index = null); - - public function server($index = null); - - public function header($index = null); - -} diff --git a/src/League/OAuth2/Server/Util/SecureKey.php b/src/League/OAuth2/Server/Util/SecureKey.php index 8ff762c3..6aee6dc1 100644 --- a/src/League/OAuth2/Server/Util/SecureKey.php +++ b/src/League/OAuth2/Server/Util/SecureKey.php @@ -2,9 +2,9 @@ /** * OAuth 2.0 Secure key generator * - * @package php-loep/oauth2-server + * @package league/oauth2-server * @author Alex Bilbie - * @copyright Copyright (c) 2013 PHP League of Extraordinary Packages + * @copyright Copyright (c) PHP League of Extraordinary Packages * @license http://mit-license.org/ * @link http://github.com/php-loep/oauth2-server */