ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2024-12-16 10:18:55 +05:30
Code Issues Packages Projects Releases Wiki Activity

Too many changes to describe

Browse Source
This commit is contained in:
Alex Bilbie 2014-01-08 16:15:29 +00:00
parent 2d90a09f65
commit 0250d8d4d1
31 changed files with 742 additions and 489 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
composer.json
View File

@ -6,11 +6,11 @@
"license": "MIT", "license": "MIT",
"require": { "require": {
"php": ">=5.4.0", "php": ">=5.4.0",
"symfony/http-foundation": "v2.4.*" "symfony/http-foundation": "2.4.*"
}, },
"require-dev": { "require-dev": {
"mockery/mockery": ">=0.7.2", "league/phpunit-coverage-listener": "~1.0",
"league/phpunit-coverage-listener": "~1.0" "phpdocumentor/phpdocumentor": "2.*"
}, },
"repositories": [ "repositories": [
{ {

44
src/League/OAuth2/Server/Authorization.php
View File

@ -2,9 +2,9 @@
/** /**
* OAuth 2.0 Authorization Server * OAuth 2.0 Authorization Server
* *
* @package php-loep/oauth2-server * @package league/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com> * @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages * @copyright Copyright (c) PHP League of Extraordinary Packages
* @license http://mit-license.org/ * @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server * @link http://github.com/php-loep/oauth2-server
*/ */
@ -16,6 +16,7 @@ use League\OAuth2\Server\Grant\GrantTypeInterface;
use League\OAuth2\Server\Exception\ClientException; use League\OAuth2\Server\Exception\ClientException;
use League\OAuth2\Server\Exception\ServerException; use League\OAuth2\Server\Exception\ServerException;
use League\OAuth2\Server\Exception\InvalidGrantTypeException; use League\OAuth2\Server\Exception\InvalidGrantTypeException;
use League\OAuth2\Server\Storage\StorageWrapper;
use League\OAuth2\Server\Storage\ClientInterface; use League\OAuth2\Server\Storage\ClientInterface;
use League\OAuth2\Server\Storage\AccessTokenInterface; use League\OAuth2\Server\Storage\AccessTokenInterface;
use League\OAuth2\Server\Storage\AuthCodeInterface; use League\OAuth2\Server\Storage\AuthCodeInterface;
@ -231,45 +232,49 @@ class Authorization
/** /**
* Set the client storage * Set the client storage
* @param ClientInterface $client * @param ClientInterface $storage
* @return self * @return self
*/ */
public function setClientStorage(ClientInterface $client) public function setClientStorage(ClientInterface $storage)
{ {
$this->storages['client'] = $client; $storage->setServer($this);
$this->storages['client'] = $storage;
return $this; return $this;
} }
/** /**
* Set the session storage * Set the session storage
* @param SessionInterface $session * @param SessionInterface $storage
* @return self * @return self
*/ */
public function setSessionStorage(SessionInterface $session) public function setSessionStorage(SessionInterface $storage)
{ {
$this->storages['session'] = $session; $storage->setServer($this);
$this->storages['session'] = $storage;
return $this; return $this;
} }
/** /**
* Set the access token storage * Set the access token storage
* @param AccessTokenInterface $accessToken * @param AccessTokenInterface $storage
* @return self * @return self
*/ */
public function setAccessTokenStorage(AccessTokenInterface $accessToken) public function setAccessTokenStorage(AccessTokenInterface $storage)
{ {
$this->storages['access_token'] = $accessToken; $storage->setServer($this);
$this->storages['access_token'] = $storage;
return $this; return $this;
} }
/** /**
* Set the refresh token storage * Set the refresh token storage
* @param RefreshTokenInteface $refreshToken * @param RefreshTokenInteface $storage
* @return self * @return self
*/ */
public function setRefreshTokenStorage(RefreshTokenInterface $refreshToken) public function setRefreshTokenStorage(RefreshTokenInterface $storage)
{ {
$this->storages['refresh_token'] = $refreshToken; $storage->setServer($this);
$this->storages['refresh_token'] = $storage;
return $this; return $this;
} }
@ -280,18 +285,20 @@ class Authorization
*/ */
public function setAuthCodeStorage(AuthCodeInterface $authCode) public function setAuthCodeStorage(AuthCodeInterface $authCode)
{ {
$storage->setServer($this);
$this->storages['auth_code'] = $authCode; $this->storages['auth_code'] = $authCode;
return $this; return $this;
} }
/** /**
* Set the scope storage * Set the scope storage
* @param ScopeInterface $scope * @param ScopeInterface $storage
* @return self * @return self
*/ */
public function setScopeStorage(ScopeInterface $scope) public function setScopeStorage(ScopeInterface $storage)
{ {
$this->storages['scope'] = $scope; $storage->setServer($this);
$this->storages['scope'] = $storage;
return $this; return $this;
} }
@ -359,7 +366,8 @@ class Authorization
} }
/** /**
* Default scope to be used if none is provided and requireScopeParam is false * Default scope to be used if none is provided and requireScopeParam() is false
* @param string $default Name of the default scope
* @param self * @param self
*/ */
public function setDefaultScope($default = null) public function setDefaultScope($default = null)

128
src/League/OAuth2/Server/Entities/AbstractToken.php
View File

@ -1,64 +1,80 @@
<?php <?php
/**
* OAuth 2.0 Abstract token
*
* @package league/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) PHP League of Extraordinary Packages
* @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server
*/
namespace League\OAuth2\Server\Entities; namespace League\OAuth2\Server\Entities;
use League\OAuth2\Server\Storage\SessionStorageInterface; use League\OAuth2\Server\Storage\SessionStorageInterface;
use Symfony\Component\HttpFoundation\ParameterBag;
use League\OAuth2\Server\Util\SecureKey; use League\OAuth2\Server\Util\SecureKey;
use League\OAuth2\Server\Exception\ServerException;
use \League\OAuth2\Server\Authorization;
use \League\OAuth2\Server\Resource;
use Symfony\Component\HttpFoundation\ParameterBag;
/**
* Abstract token class
*/
abstract class AbstractToken abstract class AbstractToken
{ {
/** /**
* Access token ID * Access token ID
* @var string * @var string
*/ */
protected $token = null; protected $token;
/** /**
* Access token storage * Session ID
* @var \League\OAuth2\Server\Storage\AccessTokenInterface * @var string
*/ */
protected $storage = null; protected $sessionId;
/**
* Session storage
* @var \League\OAuth2\Server\Storage\SessionInterface
*/
protected $sessionStorage = null;
/** /**
* Associated session * Associated session
* @var \League\OAuth2\Server\Session * @var \League\OAuth2\Server\Session
*/ */
protected $session = null; protected $session;
/** /**
* Session scopes * Session scopes
* @var \Symfony\Component\HttpFoundation\ParameterBag * @var \Symfony\Component\HttpFoundation\ParameterBag
*/ */
protected $scopes = null; protected $scopes;
/**
* Token expire time
* @var int
*/
protected $expireTime = 0;
/**
* Authorization or resource server
* @var \League\OAuth2\Server\Authorization|\League\OAuth2\Server\Resource
*/
protected $server;
/** /**
* __construct * __construct
* @param mixed $storage * @param \League\OAuth2\Server\Authorization|\League\OAuth2\Server\Resource $server
* @return self * @return self
*/ */
public function __construct($storage) public function __construct($server)
{ {
$this->storage = $storage; if (! $server instanceof Authorization && ! $server instanceof Resource) {
throw new ServerException('No instance of Authorization or Resource server injected');
}
$this->server = $server;
$this->scopes = new ParameterBag(); $this->scopes = new ParameterBag();
return $this; return $this;
} }
/**
* Get storage
* @return AccessTokenInterface
*/
public function getStorage()
{
return $this->storage;
}
/** /**
* Set session * Set session
* @param \League\OAuth2\Server\Session $session * @param \League\OAuth2\Server\Session $session
@ -76,55 +92,35 @@ abstract class AbstractToken
*/ */
public function getSession() public function getSession()
{ {
return $this->session; if ($this->session instanceof Session) {
return $this->session;
}
if ($this->sessionId !== null) {
$session = $this->server->getStorage('session')->getSession($this->sessionId);
}
throw new ServerException('No session ID set for this token');
} }
/** /**
* Set token TTL * Set the expire time of the token
* @param integer $ttl TTL in seconds * @param integer $expireTime Unix time stamp
* @return self * @return self
*/ */
public function setTTL($ttl = 0) public function setExpireTime($expireTime)
{ {
$this->ttl = $ttl; $this->expireTime = $expireTime;
return $this; return $this;
} }
/** /**
* Get token TTL * Return token expire time
* @return integer
*/
public function getTTL()
{
return $this->ttl;
}
/**
* Set the creation timestamp
* @param integer $timestamp Unix timestamp
* @return self
*/
public function setTimestamp($timestamp = 0)
{
$this->timestamp = $timestamp;
}
/**
* Get access token creation timestamp
* @return integer Unix timestamp
*/
public function getTimestamp()
{
return $this->timestamp;
}
/**
* Return creation timestamp + TTL
* @return int * @return int
*/ */
public function getExpireTime() public function getExpireTime()
{ {
return $this->getTimestamp() + $this->getTTL(); return $this->expireTime;
} }
/** /**
@ -181,8 +177,14 @@ abstract class AbstractToken
} }
/** /**
* Save the token to the database * Expire the token
* @return self * @return void
*/ */
abstract function save(); abstract public function expire();
/**
* Save the token
* @return void
*/
abstract public function save();
} }

27
src/League/OAuth2/Server/Entities/AccessToken.php
View File

@ -1,28 +1,33 @@
<?php <?php
/**
* OAuth 2.0 Access token entity
*
* @package league/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) PHP League of Extraordinary Packages
* @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server
*/
namespace League\OAuth2\Server\Entities; namespace League\OAuth2\Server\Entities;
use League\OAuth2\Server\Storage\SessionStorageInterface; use League\OAuth2\Server\Storage\SessionStorageInterface;
use League\OAuth2\Server\Storage\AccessTokenInterface; use League\OAuth2\Server\Storage\AccessTokenInterface;
use Symfony\Component\HttpFoundation\ParameterBag;
use League\OAuth2\Server\Util\SecureKey; use League\OAuth2\Server\Util\SecureKey;
use League\OAuth2\Server\Exception\InvalidAccessTokenException; use League\OAuth2\Server\Exception\InvalidAccessTokenException;
use Symfony\Component\HttpFoundation\ParameterBag;
/**
* Access token entity class
*/
class AccessToken extends AbstractToken class AccessToken extends AbstractToken
{ {
/** /**
* __construct * {@inheritdoc}
* @param AccessTokenInterface $storage
* @return self
*/ */
public function __construct(AccessTokenInterface $storage)
{
parent::__construct($storage);
}
public function save() public function save()
{ {
$this->getStorage()->createAccessToken( $this->server->getStorage('access_token')->createAccessToken(
$this->getToken(), $this->getToken(),
$this->getExpireTime(), $this->getExpireTime(),
$this->getSession()->getId() $this->getSession()->getId()
@ -30,7 +35,7 @@ class AccessToken extends AbstractToken
// Associate the scope with the token // Associate the scope with the token
foreach ($this->getScopes() as $scope) { foreach ($this->getScopes() as $scope) {
$this->getStorage()->associateScope($this->getToken(), $scope->getId()); $this->server->getStorage('access_token')->associateScope($this->getToken(), $scope->getId());
} }
return $this; return $this;

88
src/League/OAuth2/Server/Entities/Client.php
View File

@ -1,58 +1,144 @@
<?php <?php
/**
* OAuth 2.0 Client entity
*
* @package league/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) PHP League of Extraordinary Packages
* @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server
*/
namespace League\OAuth2\Server\Entities; namespace League\OAuth2\Server\Entities;
use League\OAuth2\Server\Exception\ServerException;
use League\OAuth2\Server\Authorization;
use League\OAuth2\Server\Resource;
/**
* Client entity class
*/
class Client class Client
{ {
/**
* Client identifier
* @var string
*/
protected $id = null; protected $id = null;
/**
* Client secret
* @var string
*/
protected $secret = null; protected $secret = null;
/**
* Client name
* @var string
*/
protected $name = null; protected $name = null;
/**
* Client redirect URI
* @var string
*/
protected $redirectUri = null; protected $redirectUri = null;
/**
* Authorization or resource server
* @var \League\OAuth2\Server\Authorization|\League\OAuth2\Server\Resource
*/
protected $server;
/**
* __construct
* @param \League\OAuth2\Server\Authorization|\League\OAuth2\Server\Resource $server
* @return self
*/
public function __construct($server)
{
if (! $server instanceof Authorization && ! $server instanceof Resource) {
throw new ServerException('No instance of Authorization or Resource server injected');
}
}
/**
* Set the client identifier
* @param string $id
* @return self
*/
public function setId($id) public function setId($id)
{ {
$this->id = $id; $this->id = $id;
return $this; return $this;
} }
/**
* Return the client identifier
* @return string
*/
public function getId() public function getId()
{ {
return $this->id; return $this->id;
} }
/**
* Set the client secret
* @param string $secret
* @return self
*/
public function setSecret($secret) public function setSecret($secret)
{ {
$this->secret = $secret; $this->secret = $secret;
return $this; return $this;
} }
/**
* Return the client secret
* @return string
*/
public function getSecret() public function getSecret()
{ {
return $this->secret; return $this->secret;
} }
/**
* Set the client name
* @param string $name
* @return self
*/
public function setName($name) public function setName($name)
{ {
$this->name = $name; $this->name = $name;
return $this; return $this;
} }
/**
* Get the client name
* @return string
*/
public function getName() public function getName()
{ {
return $this->name; return $this->name;
} }
/**
* Set the client redirect URI
* @param string $redirectUri
* @return self
*/
public function setRedirectUri($redirectUri) public function setRedirectUri($redirectUri)
{ {
$this->redirectUri = $redirectUri; $this->redirectUri = $redirectUri;
return $this; return $this;
} }
/**
* Returnt the client redirect URI
* @return string
*/
public function getRedirectUri() public function getRedirectUri()
{ {
return $this->redirectUri; return $this->redirectUri;
} }
} }

36
src/League/OAuth2/Server/Entities/RefreshToken.php
View File

@ -1,30 +1,36 @@
<?php <?php
/**
* OAuth 2.0 Refresh token entity
*
* @package league/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) PHP League of Extraordinary Packages
* @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server
*/
namespace League\OAuth2\Server\Entities; namespace League\OAuth2\Server\Entities;
use League\OAuth2\Server\Storage\SessionStorageInterface; use League\OAuth2\Server\Storage\SessionStorageInterface;
use League\OAuth2\Server\Storage\RefreshTokenInterface; use League\OAuth2\Server\Storage\RefreshTokenInterface;
use Symfony\Component\HttpFoundation\ParameterBag;
use League\OAuth2\Server\Util\SecureKey; use League\OAuth2\Server\Util\SecureKey;
use League\OAuth2\Server\Exception\InvalidAccessTokenException; use League\OAuth2\Server\Exception\InvalidAccessTokenException;
use Symfony\Component\HttpFoundation\ParameterBag;
/**
* Refresh token entity class
*/
class RefreshToken extends AbstractToken class RefreshToken extends AbstractToken
{ {
/**
* Access token associated to refresh token
* @var \League\OAuth2\Server\Entities\AccessToken
*/
protected $accessToken; protected $accessToken;
/**
* __construct
* @param RefreshTokenInterface $storage
* @return self
*/
public function __construct(RefreshTokenInterface $storage)
{
parent::__construct($storage);
}
/** /**
* Associate an access token * Associate an access token
* @param AccessToken $accessToken * @param \League\OAuth2\Server\Entities\AccessToken $accessToken
* @return self * @return self
*/ */
public function setAccessToken(AccessToken $accessToken) public function setAccessToken(AccessToken $accessToken)
@ -43,11 +49,11 @@ class RefreshToken extends AbstractToken
} }
/** /**
* (@inheritdoc) * {@inheritdoc}
*/ */
public function save() public function save()
{ {
$this->getStorage()->createAccessToken( $this->server->getStorage('refresh_token')->createAccessToken(
$this->getToken(), $this->getToken(),
$this->getExpireTime(), $this->getExpireTime(),
$this->getAccessToken()->getToken() $this->getAccessToken()->getToken()
@ -55,7 +61,7 @@ class RefreshToken extends AbstractToken
// Associate the scope with the token // Associate the scope with the token
foreach ($this->getScopes() as $scope) { foreach ($this->getScopes() as $scope) {
$this->getStorage()->associateScope($this->getToken(), $scope->getId()); $this->server->getStorage('refresh_token')->associateScope($this->getToken(), $scope->getId());
} }
} }
} }

61
src/League/OAuth2/Server/Entities/Scope.php
View File

@ -1,30 +1,87 @@
<?php <?php
/**
* OAuth 2.0 scope entity
*
* @package league/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) PHP League of Extraordinary Packages
* @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server
*/
namespace League\OAuth2\Server\Entities; namespace League\OAuth2\Server\Entities;
/**
* Scope entity class
*/
class Scope class Scope
{ {
protected $id = null; /**
* Scope identifier
* @var string
*/
protected $id;
protected $description = null; /**
* Scope description
* @var string
*/
protected $description;
/**
* Authorization or resource server
* @var \League\OAuth2\Server\Authorization|\League\OAuth2\Server\Resource
*/
protected $server;
/**
* __construct
* @param \League\OAuth2\Server\Authorization|\League\OAuth2\Server\Resource $server
* @return self
*/
public function __construct($server)
{
if (! $server instanceof Authorization && ! $server instanceof Resource) {
throw new ServerException('No instance of Authorization or Resource server injected');
}
return $this;
}
/**
* Set the scope identifer
* @param string $id The scope identifier
* @return self
*/
public function setId($id) public function setId($id)
{ {
$this->id = $id; $this->id = $id;
return $this; return $this;
} }
/**
* Return the scope identifer
* @return string
*/
public function getId() public function getId()
{ {
return $this->id; return $this->id;
} }
/**
* Set the scope's descripton
* @param string $description
* @return self
*/
public function setDescription($description) public function setDescription($description)
{ {
$this->description = $description; $this->description = $description;
return $this; return $this;
} }
/**
* Return the scope's description
* @return string
*/
public function getDescription() public function getDescription()
{ {
return $this->description; return $this->description;

178
src/League/OAuth2/Server/Entities/Session.php
View File

@ -1,71 +1,112 @@
<?php <?php
/**
* OAuth 2.0 session entity
*
* @package league/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) PHP League of Extraordinary Packages
* @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server
*/
namespace League\OAuth2\Server\Entities; namespace League\OAuth2\Server\Entities;
use OutOfBoundsException;
use League\OAuth2\Server\Exception\OAuth2Exception; use League\OAuth2\Server\Exception\OAuth2Exception;
use League\OAuth2\Server\Storage\SessionInterface; use League\OAuth2\Server\Storage\SessionInterface;
use League\OAuth2\Server\Exception\ServerException;
use League\OAuth2\Server\Authorization;
use League\OAuth2\Server\Resource;
use Symfony\Component\HttpFoundation\ParameterBag; use Symfony\Component\HttpFoundation\ParameterBag;
/**
* Session entity grant
*/
class Session class Session
{ {
/** /**
* Session ID * Session identifier
* @var string * @var string
*/ */
protected $id = null; protected $id;
protected $clientId = null;
protected $ownerId = null;
protected $ownerType = null;
protected $authCode = null;
protected $accessToken = null;
protected $refreshToken = null;
/** /**
* Session storage * Client identifier
* @var \League\OAuth2\Server\Storage\SessionInterface * @var string
*/ */
protected $storage = null; protected $clientId;
/**
* Session owner identifier
* @var string
*/
protected $ownerId;
/**
* Session owner type (e.g. "user")
* @var string
*/
protected $ownerType;
/**
* Auth code
* @var \League\OAuth2\Server\Entities\AuthCode
*/
protected $authCode;
/**
* Access token
* @var \League\OAuth2\Server\Entities\AccessToken
*/
protected $accessToken;
/**
* Refresh token
* @var \League\OAuth2\Server\Entities\RefreshToken
*/
protected $refreshToken;
/** /**
* Session scopes * Session scopes
* @var \Symfony\Component\HttpFoundation\ParameterBag * @var \Symfony\Component\HttpFoundation\ParameterBag
*/ */
protected $scopes = null; protected $scopes;
/** /**
* Constuctor * Authorization or resource server
* @param SessionInterface $storage * @var \League\OAuth2\Server\Authorization|\League\OAuth2\Server\Resource
*/
protected $server;
/**
* __construct
* @param \League\OAuth2\Server\Authorization|\League\OAuth2\Server\Resource $server
* @return self * @return self
*/ */
public function __construct(SessionInterface $storage) public function __construct($server)
{ {
$this->storage = $storage; if (! $server instanceof Authorization && ! $server instanceof Resource) {
throw new ServerException('No instance of Authorization or Resource server injected');
}
$this->scopes = new ParameterBag(); $this->scopes = new ParameterBag();
return $this; return $this;
} }
/** /**
* Get storage * Set the session identifier
* @return SessionInterface * @param string $id
* @return self
*/ */
public function getStorage()
{
return $this->storage;
}
public function setId($id) public function setId($id)
{ {
$this->id = $id; $this->id = $id;
return $this; return $this;
} }
/**
* Return the session identifier
* @return string
*/
public function getId() public function getId()
{ {
return $this->id; return $this->id;
@ -95,41 +136,62 @@ class Session
return $this->scopes->has($scope); return $this->scopes->has($scope);
} }
/**
* Return all scopes associated with the session
* @return array Array of \League\OAuth2\Server\Entities\Scope
*/
public function getScopes() public function getScopes()
{ {
return $this->scopes; return $this->scopes->all();
}
public function associateAccessToken(AccessToken $accessToken)
{
$this->accessToken = $accessToken;
}
public function associateRefreshToken(RefreshToken $refreshToken)
{
$this->refreshToken = $refreshToken;
}
public function associateAuthCode(AuthCode $authCode)
{
$this->authCode = $authCode;
} }
/** /**
* Associate a client * Associate an access token with the session
* @param League\OAuth2\Server\Client $client The client * @param \League\OAuth2\Server\Entities\AccessToken $accessToken
* @return self
*/
public function associateAccessToken(AccessToken $accessToken)
{
$this->accessToken = $accessToken;
return $this;
}
/**
* Associate a refresh token with the session
* @param \League\OAuth2\Server\Entities\RefreshToken $refreshToken
* @return self
*/
public function associateRefreshToken(RefreshToken $refreshToken)
{
$this->refreshToken = $refreshToken;
return $this;
}
/**
* Associate an authorization code with the session
* @param \League\OAuth2\Server\Entities\AuthCode $authCode
* @return self
*/
public function associateAuthCode(AuthCode $authCode)
{
$this->authCode = $authCode;
return $this;
}
/**
* Associate a client with the session
* @param League\OAuth2\Server\Entities\Client $client The client
* @return self * @return self
*/ */
public function associateClient(Client $client) public function associateClient(Client $client)
{ {
$this->client = $client; $this->client = $client;
return $this; return $this;
} }
/** /**
* Return client * Return the session client
* @return League\OAuth2\Server\Client * @return League\OAuth2\Server\Entities\Client
*/ */
public function getClient() public function getClient()
{ {
@ -139,7 +201,7 @@ class Session
/** /**
* Set the session owner * Set the session owner
* @param string $type The type of the owner (e.g. user, app) * @param string $type The type of the owner (e.g. user, app)
* @param string $id The ID of the owner * @param string $id The identifier of the owner
* @return self * @return self
*/ */
public function setOwner($type, $id) public function setOwner($type, $id)
@ -151,7 +213,7 @@ class Session
} }
/** /**
* Return session owner ID * Return session owner identifier
* @return string * @return string
*/ */
public function getOwnerId() public function getOwnerId()
@ -168,10 +230,14 @@ class Session
return $this->ownerType; return $this->ownerType;
} }
/**
* Save the session
* @return void
*/
public function save() public function save()
{ {
// Save the session and get an ID // Save the session and get an identifier
$id = $this->getStorage()->createSession( $id = $this->server->getStorage('session')->createSession(
$this->getOwnerType(), $this->getOwnerType(),
$this->getOwnerId(), $this->getOwnerId(),
$this->getClient()->getId(), $this->getClient()->getId(),
@ -182,7 +248,7 @@ class Session
// Associate the scope with the session // Associate the scope with the session
foreach ($this->getScopes() as $scope) { foreach ($this->getScopes() as $scope) {
$this->getStorage()->associateScope($this->getId(), $scope->getId()); $this->server->getStorage('session')->associateScope($this->getId(), $scope->getId());
} }
} }
} }

4
src/League/OAuth2/Server/Exception/ClientException.php
View File

@ -2,9 +2,9 @@
/** /**
* OAuth 2.0 Client Exception * OAuth 2.0 Client Exception
* *
* @package php-loep/oauth2-server * @package league/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com> * @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages * @copyright Copyright (c) PHP League of Extraordinary Packages
* @license http://mit-license.org/ * @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server * @link http://github.com/php-loep/oauth2-server
*/ */

4
src/League/OAuth2/Server/Exception/InvalidAccessTokenException.php
View File

@ -2,9 +2,9 @@
/** /**
* OAuth 2.0 Invalid Access Token Exception * OAuth 2.0 Invalid Access Token Exception
* *
* @package php-loep/oauth2-server * @package league/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com> * @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages * @copyright Copyright (c) PHP League of Extraordinary Packages
* @license http://mit-license.org/ * @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server * @link http://github.com/php-loep/oauth2-server
*/ */

4
src/League/OAuth2/Server/Exception/InvalidGrantTypeException.php
View File

@ -2,9 +2,9 @@
/** /**
* OAuth 2.0 Invalid Grant Type Exception * OAuth 2.0 Invalid Grant Type Exception
* *
* @package php-loep/oauth2-server * @package league/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com> * @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages * @copyright Copyright (c) PHP League of Extraordinary Packages
* @license http://mit-license.org/ * @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server * @link http://github.com/php-loep/oauth2-server
*/ */

4
src/League/OAuth2/Server/Exception/OAuth2Exception.php
View File

@ -2,9 +2,9 @@
/** /**
* OAuth 2.0 Base Exception * OAuth 2.0 Base Exception
* *
* @package php-loep/oauth2-server * @package league/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com> * @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages * @copyright Copyright (c) PHP League of Extraordinary Packages
* @license http://mit-license.org/ * @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server * @link http://github.com/php-loep/oauth2-server
*/ */

4
src/League/OAuth2/Server/Exception/ServerException.php
View File

@ -2,9 +2,9 @@
/** /**
* OAuth 2.0 Server Exception * OAuth 2.0 Server Exception
* *
* @package php-loep/oauth2-server * @package league/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com> * @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages * @copyright Copyright (c) PHP League of Extraordinary Packages
* @license http://mit-license.org/ * @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server * @link http://github.com/php-loep/oauth2-server
*/ */

77
src/League/OAuth2/Server/Grant/GrantTrait.php → src/League/OAuth2/Server/Grant/AbstractGrant.php
View File

@ -1,10 +1,10 @@
<?php <?php
/** /**
* OAuth 2.0 Client credentials grant * OAuth 2.0 Abstract grant
* *
* @package php-loep/oauth2-server * @package league/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com> * @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages * @copyright Copyright (c) PHP League of Extraordinary Packages
* @license http://mit-license.org/ * @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server * @link http://github.com/php-loep/oauth2-server
*/ */
@ -12,16 +12,42 @@
namespace League\OAuth2\Server\Grant; namespace League\OAuth2\Server\Grant;
use League\OAuth2\Server\Authorization; use League\OAuth2\Server\Authorization;
use League\OAuth2\Server\Entities\Scope;
trait GrantTrait { /**
* Abstract grant class
*/
abstract class AbstractGrant implements GrantTypeInterface
{
/**
* Grant identifier
* @var string
*/
protected $identifier = '';
/** /**
* Constructor * Response type
* @return void * @var string
*/ */
public function __construct() protected $responseType = null;
{
} /**
* Callback to authenticate a user's name and password
* @var function
*/
protected $callback = null;
/**
* AuthServer instance
* @var AuthServer
*/
protected $server = null;
/**
* Access token expires in override
* @var int
*/
protected $accessTokenTTL = null;
/** /**
* Return the identifier * Return the identifier
@ -74,6 +100,12 @@ trait GrantTrait {
return $this; return $this;
} }
/**
* Given a list of scopes, validate them and return an arrary of Scope entities
* @param string $scopeParam A string of scopes (e.g. "profile email birthday")
* @return array
* @throws ClientException If scope is invalid, or no scopes passed when required
*/
public function validateScopes($scopeParam = '') public function validateScopes($scopeParam = '')
{ {
$scopesList = explode($this->server->getScopeDelimeter(), $scopeParam); $scopesList = explode($this->server->getScopeDelimeter(), $scopeParam);
@ -100,24 +132,37 @@ trait GrantTrait {
$scopes = []; $scopes = [];
foreach ($scopesList as $scopeItem) { foreach ($scopesList as $scopeItem) {
$scopeDetails = $this->server->getStorage('scope')->getScope( $scope = $this->server->getStorage('scope')->getScope(
$scopeItem, $scopeItem,
$client->getId(),
$this->getIdentifier() $this->getIdentifier()
); );
if ($scopeDetails === false) { if (($scope instanceof Scope) === false) {
throw new ClientException(sprintf($this->server->getExceptionMessage('invalid_scope'), $scopeItem), 4); throw new ClientException(sprintf($this->server->getExceptionMessage('invalid_scope'), $scopeItem), 4);
} }
$scope = new Scope($this->server->getStorage('scope'));
$scope->setId($scopeDetails['id']);
$scope->setName($scopeDetails['name']);
$scopes[] = $scope; $scopes[] = $scope;
} }
return $scopes; return $scopes;
} }
/**
* Complete the grant flow
*
* Example response:
* <pre>
* array(
* 'access_token' => (string), // The access token
* 'refresh_token' => (string), // The refresh token (only set if the refresh token grant is enabled)
* 'token_type' => 'bearer', // Almost always "bearer" (exceptions: JWT, SAML)
* 'expires' => (int), // The timestamp of when the access token will expire
* 'expires_in' => (int) // The number of seconds before the access token will expire
* )
* </pre>
*
* @return array An array of parameters to be passed back to the client
*/
abstract public function completeFlow();
} }

4
src/League/OAuth2/Server/Grant/AuthCode.php
View File

@ -2,9 +2,9 @@
/** /**
* OAuth 2.0 Auth code grant * OAuth 2.0 Auth code grant
* *
* @package php-loep/oauth2-server * @package league/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com> * @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages * @copyright Copyright (c) PHP League of Extraordinary Packages
* @license http://mit-license.org/ * @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server * @link http://github.com/php-loep/oauth2-server
*/ */

34
src/League/OAuth2/Server/Grant/ClientCredentials.php
View File

@ -2,9 +2,9 @@
/** /**
* OAuth 2.0 Client credentials grant * OAuth 2.0 Client credentials grant
* *
* @package php-loep/oauth2-server * @package league/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com> * @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages * @copyright Copyright (c) PHP League of Extraordinary Packages
* @license http://mit-license.org/ * @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server * @link http://github.com/php-loep/oauth2-server
*/ */
@ -25,10 +25,8 @@ use League\OAuth2\Server\Storage\ScopeInterface;
/** /**
* Client credentials grant class * Client credentials grant class
*/ */
class ClientCredentials implements GrantTypeInterface class ClientCredentials extends AbstractGrant
{ {
use GrantTrait;
/** /**
* Grant identifier * Grant identifier
* @var string * @var string
@ -78,35 +76,30 @@ class ClientCredentials implements GrantTypeInterface
} }
// Validate client ID and client secret // Validate client ID and client secret
$clientDetails = $this->server->getStorage('client')->getClient( $client = $this->server->getStorage('client')->getClient(
$clientId, $clientId,
$clientSecret, $clientSecret,
null, null,
$this->getIdentifier() $this->getIdentifier()
); );
if ($clientDetails === false) { if (($client instanceof Client) === false) {
throw new ClientException(Authorization::getExceptionMessage('invalid_client'), 8); throw new ClientException(Authorization::getExceptionMessage('invalid_client'), 8);
} }
$client = new Client;
$client->setId($clientDetails['id']);
$client->setSecret($clientDetails['secret']);
// Validate any scopes that are in the request // Validate any scopes that are in the request
$scopeParam = $this->server->getRequest()->request->get('scope', ''); $scopeParam = $this->server->getRequest()->request->get('scope', '');
$scopes = $this->validateScopes($scopeParam); $scopes = $this->validateScopes($scopeParam);
// Create a new session // Create a new session
$session = new Session($this->server->getStorage('session')); $session = new Session();
$session->setOwner('client', $client->getId()); $session->setOwner('client', $client->getId());
$session->associateClient($client); $session->associateClient($client);
// Generate an access token // Generate an access token
$accessToken = new AccessToken($this->server->getStorage('access_token')); $accessToken = new AccessToken();
$accessToken->setId(SecureKey::make()); $accessToken->setToken(SecureKey::make());
$accessToken->setTimestamp(time()); $accessToken->setExpireTime($this->server->getAccessTokenTTL() + time());
$accessToken->setTTL($this->server->getAccessTokenTTL());
// Associate scopes with the session and access token // Associate scopes with the session and access token
foreach ($scopes as $scope) { foreach ($scopes as $scope) {
@ -115,18 +108,17 @@ class ClientCredentials implements GrantTypeInterface
} }
// Save everything // Save everything
$session->save(); $session->save($this->server->getStorage('session'));
$accessToken->setSession($session); $accessToken->setSession($session);
$accessToken->save(); $accessToken->save($this->server->getStorage('access_token'));
$response = [ $response = [
'access_token' => $accessToken->getId(), 'access_token' => $accessToken->getToken(),
'token_type' => 'Bearer', 'token_type' => 'Bearer',
'expires' => $accessToken->getExpireTime(), 'expires' => $accessToken->getExpireTime(),
'expires_in' => $accessToken->getTTL() 'expires_in' => $this->server->getAccessTokenTTL()
]; ];
return $response; return $response;
} }
} }

28
src/League/OAuth2/Server/Grant/GrantTypeInterface.php
View File

@ -2,9 +2,9 @@
/** /**
* OAuth 2.0 Grant type interface * OAuth 2.0 Grant type interface
* *
* @package php-loep/oauth2-server * @package league/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com> * @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages * @copyright Copyright (c) PHP League of Extraordinary Packages
* @license http://mit-license.org/ * @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server * @link http://github.com/php-loep/oauth2-server
*/ */
@ -19,30 +19,14 @@ use League\OAuth2\Server\Storage\SessionInterface;
use League\OAuth2\Server\Storage\ClientInterface; use League\OAuth2\Server\Storage\ClientInterface;
use League\OAuth2\Server\Storage\ScopeInterface; use League\OAuth2\Server\Storage\ScopeInterface;
/**
* Grant type interface
*/
interface GrantTypeInterface interface GrantTypeInterface
{ {
/**
* Constructor
*
* @return void
*/
public function __construct();
/** /**
* Complete the grant flow * Complete the grant flow
* * @return array
* Example response:
* <code>
* array(
* 'access_token' => (string), // The access token
* 'refresh_token' => (string), // The refresh token (only set if the refresh token grant is enabled)
* 'token_type' => 'bearer', // Almost always "bearer" (exceptions: JWT, SAML)
* 'expires' => (int), // The timestamp of when the access token will expire
* 'expires_in' => (int) // The number of seconds before the access token will expire
* )
* </code>
*
* @return array An array of parameters to be passed back to the client
*/ */
public function completeFlow(); public function completeFlow();
} }

7
src/League/OAuth2/Server/Grant/Implicit.php
View File

@ -2,9 +2,9 @@
/** /**
* OAuth 2.0 implicit grant * OAuth 2.0 implicit grant
* *
* @package php-loep/oauth2-server * @package league/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com> * @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages * @copyright Copyright (c) PHP League of Extraordinary Packages
* @license http://mit-license.org/ * @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server * @link http://github.com/php-loep/oauth2-server
*/ */
@ -52,10 +52,9 @@ class Implicit implements GrantTypeInterface {
/** /**
* Complete the client credentials grant * Complete the client credentials grant
* @param null|array $inputParams
* @return array * @return array
*/ */
public function completeFlow($authParams = null) public function completeFlow()
{ {
// Remove any old sessions the user might have // Remove any old sessions the user might have
$this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'user', $authParams['user_id']); $this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'user', $authParams['user_id']);

50
src/League/OAuth2/Server/Grant/Password.php
View File

@ -2,9 +2,9 @@
/** /**
* OAuth 2.0 Password grant * OAuth 2.0 Password grant
* *
* @package php-loep/oauth2-server * @package league/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com> * @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages * @copyright Copyright (c) PHP League of Extraordinary Packages
* @license http://mit-license.org/ * @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server * @link http://github.com/php-loep/oauth2-server
*/ */
@ -27,10 +27,8 @@ use League\OAuth2\Server\Storage\ScopeInterface;
/** /**
* Password grant class * Password grant class
*/ */
class Password implements GrantTypeInterface { class Password extends AbstractGrant
{
use GrantTrait;
/** /**
* Grant identifier * Grant identifier
* @var string * @var string
@ -109,23 +107,17 @@ class Password implements GrantTypeInterface {
} }
// Validate client ID and client secret // Validate client ID and client secret
$clientDetails = $this->server->getStorage('client')->getClient( $client = $this->server->getStorage('client')->getClient(
$clientId, $clientId,
$clientSecret, $clientSecret,
null, null,
$this->getIdentifier() $this->getIdentifier()
); );
if ($clientDetails === false) { if (($client instanceof Client) === false) {
throw new ClientException(Authorization::getExceptionMessage('invalid_client'), 8); throw new ClientException(Authorization::getExceptionMessage('invalid_client'), 8);
} }
$client = new Client;
$client->setId($clientDetails['id']);
$client->setSecret($clientDetails['secret']);
$username = $this->server->getRequest()->request->get('username', null); $username = $this->server->getRequest()->request->get('username', null);
if (is_null($username)) { if (is_null($username)) {
throw new ClientException( throw new ClientException(
@ -146,7 +138,7 @@ class Password implements GrantTypeInterface {
$userId = call_user_func($this->getVerifyCredentialsCallback(), $username, $password); $userId = call_user_func($this->getVerifyCredentialsCallback(), $username, $password);
if ($userId === false) { if ($userId === false) {
throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_credentials'), 0); throw new ClientException($this->server->getExceptionMessage('invalid_credentials'), 0);
} }
// Validate any scopes that are in the request // Validate any scopes that are in the request
@ -154,15 +146,14 @@ class Password implements GrantTypeInterface {
$scopes = $this->validateScopes($scopeParam); $scopes = $this->validateScopes($scopeParam);
// Create a new session // Create a new session
$session = new Session($this->server->getStorage('session')); $session = new Session($this->server);
$session->setOwner('user', $userId); $session->setOwner('user', $userId);
$session->associateClient($client); $session->associateClient($client);
// Generate an access token // Generate an access token
$accessToken = new AccessToken($this->server->getStorage('access_token')); $accessToken = new AccessToken($this->server);
$accessToken->setId(SecureKey::make()); $accessToken->setToken(SecureKey::make());
$accessToken->setTimestamp(time()); $accessToken->setExpireTime($this->server->getAccessTokenTTL() + time());
$accessToken->setTTL($this->server->getAccessTokenTTL());
// Associate scopes with the session and access token // Associate scopes with the session and access token
foreach ($scopes as $scope) { foreach ($scopes as $scope) {
@ -171,29 +162,28 @@ class Password implements GrantTypeInterface {
} }
$response = [ $response = [
'access_token' => $accessToken->getId(), 'access_token' => $accessToken->getToken(),
'token_type' => 'Bearer', 'token_type' => 'Bearer',
'expires' => $accessToken->getExpireTime(), 'expires' => $accessToken->getExpireTime(),
'expires_in' => $accessToken->getTTL() 'expires_in' => $this->server->getAccessTokenTTL()
]; ];
// Associate a refresh token if set // Associate a refresh token if set
if ($this->server->hasGrantType('refresh_token')) { if ($this->server->hasGrantType('refresh_token')) {
$refreshToken = new RefreshToken($this->server->getStorage('refresh_token')); $refreshToken = new RefreshToken($this->server);
$refreshToken->setId(SecureKey::make()); $refreshToken->setToken(SecureKey::make());
$refreshToken->setTimestamp(time()); $refreshToken->setExpireTime($this->server->getGrantType('refresh_token')->getRefreshTokenTTL() + time());
$refreshToken->setTTL($this->server->getGrantType('refresh_token')->getRefreshTokenTTL()); $response['refresh_token'] = $refreshToken->getToken();
$response['refresh_token'] = $refreshToken->getId();
} }
// Save everything // Save everything
$session->save(); $session->save($this->server->getStorage('session'));
$accessToken->setSession($session); $accessToken->setSession($session);
$accessToken->save(); $accessToken->save($this->server->getStorage('access_token'));
if ($this->server->hasGrantType('refresh_token')) { if ($this->server->hasGrantType('refresh_token')) {
$refreshToken->setAccessToken($accessToken); $refreshToken->setAccessToken($accessToken);
$refreshToken->save(); $refreshToken->save($this->server->getStorage('refresh_token'));
} }
return $response; return $response;

211
src/League/OAuth2/Server/Grant/RefreshToken.php
View File

@ -2,9 +2,9 @@
/** /**
* OAuth 2.0 Refresh token grant * OAuth 2.0 Refresh token grant
* *
* @package php-loep/oauth2-server * @package league/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com> * @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages * @copyright Copyright (c) PHP League of Extraordinary Packages
* @license http://mit-license.org/ * @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server * @link http://github.com/php-loep/oauth2-server
*/ */
@ -18,50 +18,27 @@ use League\OAuth2\Server\Util\SecureKey;
use League\OAuth2\Server\Storage\SessionInterface; use League\OAuth2\Server\Storage\SessionInterface;
use League\OAuth2\Server\Storage\ClientInterface; use League\OAuth2\Server\Storage\ClientInterface;
use League\OAuth2\Server\Storage\ScopeInterface; use League\OAuth2\Server\Storage\ScopeInterface;
use League\OAuth2\Server\Entities\RefreshToken as RT;
use League\OAuth2\Server\Entities\AccessToken;
use League\OAuth2\Server\Entities\Session;
use League\OAuth2\Server\Exception\ClientException;
/** /**
* Referesh token grant * Referesh token grant
*/ */
class RefreshToken implements GrantTypeInterface { class RefreshToken extends AbstractGrant
{
use GrantTrait;
/** /**
* Grant identifier * {@inheritdoc}
* @var string
*/ */
protected $identifier = 'refresh_token'; protected $identifier = 'refresh_token';
/** /**
* Response type * Refresh token TTL (default = 604800 | 1 week)
* @var string
*/
protected $responseType = null;
/**
* AuthServer instance
* @var AuthServer
*/
protected $authServer = null;
/**
* Access token expires in override
* @var int
*/
protected $accessTokenTTL = null;
/**
* Refresh token TTL
* @var integer * @var integer
*/ */
protected $refreshTokenTTL = 604800; protected $refreshTokenTTL = 604800;
/**
* Rotate refresh tokens
* @var boolean
*/
protected $rotateRefreshTokens = false;
/** /**
* Set the TTL of the refresh token * Set the TTL of the refresh token
* @param int $refreshTokenTTL * @param int $refreshTokenTTL
@ -82,126 +59,110 @@ class RefreshToken implements GrantTypeInterface {
} }
/** /**
* When a new access is token, expire the refresh token used and issue a new one. * {@inheritdoc}
* @param boolean $rotateRefreshTokens Set to true to enable (default = false)
* @return void
*/ */
public function rotateRefreshTokens($rotateRefreshTokens = false) public function completeFlow()
{ {
$this->rotateRefreshTokens = $rotateRefreshTokens; $clientId = $this->server->getRequest()->request->get('client_id', null);
} if (is_null($clientId)) {
throw new Exception\ClientException(
/** sprintf($this->server->getExceptionMessage('invalid_request'), 'client_id'),
* Complete the refresh token grant 0
* @param null|array $inputParams );
* @return array
*/
public function completeFlow($inputParams = null)
{
// Get the required params
$authParams = $this->authServer->getParam(array('client_id', 'client_secret', 'refresh_token', 'scope'), 'post', $inputParams);
if (is_null($authParams['client_id'])) {
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_id'), 0);
} }
if (is_null($authParams['client_secret'])) { $clientSecret = $this->server->getRequest()->request->get('client_secret', null);
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_secret'), 0); if (is_null($clientSecret)) {
throw new Exception\ClientException(
sprintf($this->server->getExceptionMessage('invalid_request'), 'client_secret'),
0
);
} }
// Validate client ID and client secret // Validate client ID and client secret
$clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret'], null, $this->identifier); $client = $this->server->getStorage('client')->getClient(
$clientId,
$clientSecret,
null,
$this->getIdentifier()
);
if ($clientDetails === false) { if ($client === null) {
throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_client'), 8); throw new ClientException(Authorization::getExceptionMessage('invalid_client'), 8);
} }
$authParams['client_details'] = $clientDetails; $oldRefreshTokenParam = $this->server->getRequest()->request->get('refresh_token', null);
if ($oldRefreshTokenParam === null) {
if (is_null($authParams['refresh_token'])) { throw new Exception\ClientException(
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'refresh_token'), 0); sprintf($this->server->getExceptionMessage('invalid_request'), 'refresh_token'),
0
);
} }
// Validate refresh token // Validate refresh token
$accessTokenId = $this->authServer->getStorage('session')->validateRefreshToken($authParams['refresh_token'], $authParams['client_id']); $oldRefreshToken = $this->server->getStorage('refresh_token')->getToken($oldRefreshTokenParam);
if ($accessTokenId === false) { if (($oldRefreshToken instanceof RT) === false) {
throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_refresh'), 0); throw new Exception\ClientException($this->server->getExceptionMessage('invalid_refresh'), 0);
} }
// Get the existing access token $oldAccessToken = $oldRefreshToken->getAccessToken();
$accessTokenDetails = $this->authServer->getStorage('session')->getAccessToken($accessTokenId);
// Get the scopes for the existing access token // Get the scopes for the original session
$scopes = $this->authServer->getStorage('session')->getScopes($accessTokenDetails['access_token']); $session = $oldAccessToken->getSession();
$scopes = $session->getScopes();
// Generate new tokens and associate them to the session // Get and validate any requested scopes
$accessToken = SecureKey::make(); $requestedScopesString = $this->server->getRequest()->request->get('scope', '');
$accessTokenExpiresIn = ($this->accessTokenTTL !== null) ? $this->accessTokenTTL : $this->authServer->getAccessTokenTTL(); $requestedScopes = $this->validateScopes($requestedScopesString);
$accessTokenExpires = time() + $accessTokenExpiresIn;
// Associate the new access token with the session // If no new scopes are requested then give the access token the original session scopes
$newAccessTokenId = $this->authServer->getStorage('session')->associateAccessToken($accessTokenDetails['session_id'], $accessToken, $accessTokenExpires); if (count($requestedScopes) === 0) {
$newScopes = $scopes;
} else {
// The OAuth spec says that a refreshed access token can have the original scopes or fewer so ensure
// the request doesn't include any new scopes
if ($this->rotateRefreshTokens === true) { foreach ($requestedScopes as $requestedScope) {
// if ()
}
// Generate a new refresh token $newScopes = $requestedScopes;
$refreshToken = SecureKey::make();
$refreshTokenExpires = time() + $this->getRefreshTokenTTL();
// Revoke the old refresh token
$this->authServer->getStorage('session')->removeRefreshToken($authParams['refresh_token']);
// Associate the new refresh token with the new access token
$this->authServer->getStorage('session')->associateRefreshToken($newAccessTokenId, $refreshToken, $refreshTokenExpires, $authParams['client_id']);
} }
// There isn't a request for reduced scopes so assign the original ones (or we're not rotating scopes) // Generate a new access token and assign it the correct sessions
if ( ! isset($authParams['scope'])) { $newAccessToken = new AccessToken();
$newAccessToken->setToken(SecureKey::make());
$newAccessToken->setExpireTime($this->server->getAccessTokenTTL() + time());
$newAccessToken->setSession($session);
foreach ($scopes as $scope) { foreach ($newScopes as $newScope) {
$this->authServer->getStorage('session')->associateScope($newAccessTokenId, $scope['id']); $newAccessToken->associateScope($newScope);
}
} elseif ( isset($authParams['scope']) && $this->rotateRefreshTokens === true) {
// The request is asking for reduced scopes and rotate tokens is enabled
$reqestedScopes = explode($this->authServer->getScopeDelimeter(), $authParams['scope']);
for ($i = 0; $i < count($reqestedScopes); $i++) {
$reqestedScopes[$i] = trim($reqestedScopes[$i]);
if ($reqestedScopes[$i] === '') unset($reqestedScopes[$i]); // Remove any junk scopes
}
// Check that there aren't any new scopes being included
$existingScopes = array();
foreach ($scopes as $s) {
$existingScopes[] = $s['scope'];
}
foreach ($reqestedScopes as $reqScope) {
if ( ! in_array($reqScope, $existingScopes)) {
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'scope'), 0);
}
// Associate with the new access token
$scopeDetails = $this->authServer->getStorage('scope')->getScope($reqScope, $authParams['client_id'], $this->identifier);
$this->authServer->getStorage('session')->associateScope($newAccessTokenId, $scopeDetails['id']);
}
} }
$response = array( // Expire the old token and save the new one
'access_token' => $accessToken, $oldAccessToken->expire($this->server->getStorage('access_token'));
'token_type' => 'bearer', $newAccessToken->save($this->server->getStorage('access_token'));
'expires' => $accessTokenExpires,
'expires_in' => $accessTokenExpiresIn
);
if ($this->rotateRefreshTokens === true) { $response = [
$response['refresh_token'] = $refreshToken; 'access_token' => $newAccessToken->getToken(),
} 'token_type' => 'Bearer',
'expires' => $newAccessToken->getExpireTime(),
'expires_in' => $this->server->getAccessTokenTTL()
];
// Expire the old refresh token
$oldRefreshToken->expire($this->server->getStorage('refresh_token'));
// Generate a new refresh token
$newRefreshToken = new RT();
$newRefreshToken->setToken(SecureKey::make());
$newRefreshToken->setExpireTime($this->getRefreshTokenTTL() + time());
$newRefreshToken->setAccessToken($newAccessToken);
$newRefreshToken->save($this->server->getStorage('refresh_token'));
$response['refresh_token'] = $newRefreshToken->getToken();
return $response; return $response;
} }
} }

10
src/League/OAuth2/Server/Resource.php
View File

@ -2,9 +2,9 @@
/** /**
* OAuth 2.0 Resource Server * OAuth 2.0 Resource Server
* *
* @package php-loep/oauth2-server * @package league/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com> * @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages * @copyright Copyright (c) PHP League of Extraordinary Packages
* @license http://mit-license.org/ * @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server * @link http://github.com/php-loep/oauth2-server
*/ */
@ -257,10 +257,8 @@ class Resource
/** /**
* Checks if the presented access token has the given scope(s) * Checks if the presented access token has the given scope(s)
* * @param array|string $scopes An array of scopes or a single scope as a string
* @param array|string An array of scopes or a single scope as a string * @return bool Returns bool if all scopes are found, false if any fail
*
* @return bool Returns bool if all scopes are found, false if any fail
*/ */
public function hasScope($scopes) public function hasScope($scopes)
{ {

40
src/League/OAuth2/Server/Storage/AccessTokenInterface.php
View File

@ -1,24 +1,56 @@
<?php <?php
/** /**
* OAuth 2.0 Access token storage interface * OAuth 2.0 Access token storage interface
* *
* @package php-loep/oauth2-server * @package league/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com> * @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages * @copyright Copyright (c) PHP League of Extraordinary Packages
* @license http://mit-license.org/ * @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server * @link http://github.com/php-loep/oauth2-server
*/ */
namespace League\OAuth2\Server\Storage; namespace League\OAuth2\Server\Storage;
/**
* Access token interface
*/
interface AccessTokenInterface interface AccessTokenInterface
{ {
/**
* Get an instance of Entites\AccessToken
* @param string $token The access token
* @return \League\OAuth2\Server\Entities\AccessToken
*/
public function getToken($token); public function getToken($token);
/**
* Get the scopes for an access token
* @param string $token The access token
* @return array Array of \League\OAuth2\Server\Entities\Scope
*/
public function getTokenScopes($token); public function getTokenScopes($token);
/**
* Creates a new access token
* @param string $token The access token
* @param integer $expireTime The expire time expressed as a unix timestamp
* @param string|integer $sessionId The session ID
* @return \League\OAuth2\Server\Entities\AccessToken
*/
public function createAccessToken($token, $expireTime, $sessionId); public function createAccessToken($token, $expireTime, $sessionId);
public function associateScope($token, $scopeId); /**
* Associate a scope with an acess token
* @param string $token The access token
* @param string $scope The scope
* @return void
*/
public function associateScope($token, $scope);
/**
* Delete an access token
* @param string $token The access token to delete
* @return void
*/
public function delete($token);
} }

43
src/League/OAuth2/Server/Storage/Adapter.php Normal file
View File

@ -0,0 +1,43 @@
<?php
/**
* OAuth 2.0 storage adapter
*
* @package league/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) PHP League of Extraordinary Packages
* @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server
*/
namespace League\OAuth2\Server\Storage;
/**
* Storage adapter class
*/
class Adapter
{
/**
* Server
* @var \League\OAuth2\Server\Authorization|\League\OAuth2\Server\Resource $server
*/
protected $server;
/**
* Set the server
* @param \League\OAuth2\Server\Authorization|\League\OAuth2\Server\Resource $server
*/
public function setServer($server)
{
$this->server = $server;
return $this;
}
/**
* Return the server
* @return \League\OAuth2\Server\Authorization|\League\OAuth2\Server\Resource
*/
protected function getServer()
{
return $this->server;
}
}

15
src/League/OAuth2/Server/Storage/AuthCodeInterface.php
View File

@ -1,18 +1,25 @@
<?php <?php
/** /**
* OAuth 2.0 Refresh token storage interface * OAuth 2.0 Auth code storage interface
* *
* @package php-loep/oauth2-server * @package league/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com> * @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages * @copyright Copyright (c) PHP League of Extraordinary Packages
* @license http://mit-license.org/ * @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server * @link http://github.com/php-loep/oauth2-server
*/ */
namespace League\OAuth2\Server\Storage; namespace League\OAuth2\Server\Storage;
/**
* Auth code storage interface
*/
interface AuthCodeInterface interface AuthCodeInterface
{ {
/**
* Get the auth code
* @param string $code
* @return \League\OAuth2\Server\Entities\AuthCode
*/
public function getCode($code); public function getCode($code);
} }

21
src/League/OAuth2/Server/Storage/ClientInterface.php
View File

@ -2,15 +2,18 @@
/** /**
* OAuth 2.0 Client storage interface * OAuth 2.0 Client storage interface
* *
* @package php-loep/oauth2-server * @package league/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com> * @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages * @copyright Copyright (c) PHP League of Extraordinary Packages
* @license http://mit-license.org/ * @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server * @link http://github.com/php-loep/oauth2-server
*/ */
namespace League\OAuth2\Server\Storage; namespace League\OAuth2\Server\Storage;
/**
* Client storage interface
*/
interface ClientInterface interface ClientInterface
{ {
/** /**
@ -38,23 +41,11 @@ interface ClientInterface
* oauth_client_endpoints.redirect_uri = :redirectUri * oauth_client_endpoints.redirect_uri = :redirectUri
* </code> * </code>
* *
* Response:
*
* <code>
* Array
* (
* [id] => (string) The client ID
* [secret] => (string) The client secret
* [redirect_uri] => (string) The redirect URI used in this request
* [name] => (string) The name of the client
* )
* </code>
*
* @param string $clientId The client's ID * @param string $clientId The client's ID
* @param string $clientSecret The client's secret (default = "null") * @param string $clientSecret The client's secret (default = "null")
* @param string $redirectUri The client's redirect URI (default = "null") * @param string $redirectUri The client's redirect URI (default = "null")
* @param string $grantType The grant type used in the request (default = "null") * @param string $grantType The grant type used in the request (default = "null")
* @return bool|array Returns false if the validation fails, array on success * @return League\OAuth2\Server\Entities\Client|null
*/ */
public function getClient($clientId, $clientSecret = null, $redirectUri = null, $grantType = null); public function getClient($clientId, $clientSecret = null, $redirectUri = null, $grantType = null);
} }

31
src/League/OAuth2/Server/Storage/RefreshTokenInterface.php
View File

@ -1,18 +1,41 @@
<?php <?php
/** /**
* OAuth 2.0 Refresh token storage interface * OAuth 2.0 Refresh token storage interface
* *
* @package php-loep/oauth2-server * @package league/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com> * @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages * @copyright Copyright (c) PHP League of Extraordinary Packages
* @license http://mit-license.org/ * @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server * @link http://github.com/php-loep/oauth2-server
*/ */
namespace League\OAuth2\Server\Storage; namespace League\OAuth2\Server\Storage;
/**
* Refresh token interface
*/
interface RefreshTokenInterface interface RefreshTokenInterface
{ {
public function getToken($token, $clientId); /**
* Return a new instance of \League\OAuth2\Server\Entities\RefreshToken
* @param string $token
* @return \League\OAuth2\Server\Entities\RefreshToken
*/
public function getToken($token);
/**
* Create a new refresh token_name
* @param string $token
* @param integer $expireTime
* @param string $accessToken
* @return \League\OAuth2\Server\Entities\RefreshToken
*/
public function createRefreshToken($token, $expireTime, $accessToken);
/**
* Delete the refresh token
* @param string $token
* @return void
*/
public function delete($token);
} }

22
src/League/OAuth2/Server/Storage/ScopeInterface.php
View File

@ -2,15 +2,18 @@
/** /**
* OAuth 2.0 Scope storage interface * OAuth 2.0 Scope storage interface
* *
* @package php-loep/oauth2-server * @package league/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com> * @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages * @copyright Copyright (c) PHP League of Extraordinary Packages
* @license http://mit-license.org/ * @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server * @link http://github.com/php-loep/oauth2-server
*/ */
namespace League\OAuth2\Server\Storage; namespace League\OAuth2\Server\Storage;
/**
* Scope interface
*/
interface ScopeInterface interface ScopeInterface
{ {
/** /**
@ -22,22 +25,9 @@ interface ScopeInterface
* SELECT * FROM oauth_scopes WHERE scope = :scope * SELECT * FROM oauth_scopes WHERE scope = :scope
* </code> * </code>
* *
* Response:
*
* <code>
* Array
* (
* [id] => (int) The scope's ID
* [scope] => (string) The scope itself
* [name] => (string) The scope's name
* [description] => (string) The scope's description
* )
* </code>
*
* @param string $scope The scope * @param string $scope The scope
* @param string $clientId The client ID (default = "null")
* @param string $grantType The grant type used in the request (default = "null") * @param string $grantType The grant type used in the request (default = "null")
* @return bool|array If the scope doesn't exist return false * @return bool|array If the scope doesn't exist return false
*/ */
public function getScope($scope, $clientId = null, $grantType = null); public function getScope($scope, $grantType = null);
} }

13
src/League/OAuth2/Server/Storage/SessionInterface.php
View File

@ -1,27 +1,24 @@
<?php <?php
/** /**
* OAuth 2.0 Session storage interface * OAuth 2.0 Session storage interface
* *
* @package php-loep/oauth2-server * @package league/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com> * @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages * @copyright Copyright (c) PHP League of Extraordinary Packages
* @license http://mit-license.org/ * @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server * @link http://github.com/php-loep/oauth2-server
*/ */
namespace League\OAuth2\Server\Storage; namespace League\OAuth2\Server\Storage;
/**
* Session storage interface
*/
interface SessionInterface interface SessionInterface
{ {
/** /**
* Get a session * Get a session
* *
* Response:
* <code>
*
* </code>
*
* @param int $sessionId * @param int $sessionId
* @return array (As described above) * @return array (As described above)
*/ */

4
src/League/OAuth2/Server/Util/RedirectUri.php
View File

@ -2,9 +2,9 @@
/** /**
* OAuth 2.0 Redirect URI generator * OAuth 2.0 Redirect URI generator
* *
* @package php-loep/oauth2-server * @package league/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com> * @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages * @copyright Copyright (c) PHP League of Extraordinary Packages
* @license http://mit-license.org/ * @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server * @link http://github.com/php-loep/oauth2-server
*/ */

29
src/League/OAuth2/Server/Util/RequestInterface.php
View File

@ -1,29 +0,0 @@
<?php
/**
* OAuth 2.0 Request class interface
*
* @package php-loep/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages
* @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server
*/
namespace League\OAuth2\Server\Util;
interface RequestInterface
{
public function get($index = null);
public function post($index = null);
public function cookie($index = null);
public function file($index = null);
public function server($index = null);
public function header($index = null);
}

4
src/League/OAuth2/Server/Util/SecureKey.php
View File

@ -2,9 +2,9 @@
/** /**
* OAuth 2.0 Secure key generator * OAuth 2.0 Secure key generator
* *
* @package php-loep/oauth2-server * @package league/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com> * @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages * @copyright Copyright (c) PHP League of Extraordinary Packages
* @license http://mit-license.org/ * @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server * @link http://github.com/php-loep/oauth2-server
*/ */