mirror of
https://github.com/elyby/oauth2-server.git
synced 2025-02-27 05:05:17 +05:30
AbstractGrant now handles persisting tokens
This commit is contained in:
Alex Bilbie
parent
ad5b242d10
commit
064eb85f4e
@ -21,9 +21,12 @@ use League\OAuth2\Server\Entities\RefreshTokenEntity;
|
|||||||
use League\OAuth2\Server\Entities\ScopeEntity;
|
use League\OAuth2\Server\Entities\ScopeEntity;
|
||||||
use League\OAuth2\Server\Exception\OAuthServerException;
|
use League\OAuth2\Server\Exception\OAuthServerException;
|
||||||
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
|
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
|
||||||
|
use League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface;
|
||||||
use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
|
use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
|
||||||
|
use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
|
||||||
use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
|
use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
|
||||||
use League\OAuth2\Server\Utils\SecureKey;
|
use League\OAuth2\Server\Utils\SecureKey;
|
||||||
|
use OAuth2ServerExamples\Repositories\AuthCodeRepository;
|
||||||
use Psr\Http\Message\ServerRequestInterface;
|
use Psr\Http\Message\ServerRequestInterface;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -55,6 +58,16 @@ abstract class AbstractGrant implements GrantTypeInterface
|
|||||||
*/
|
*/
|
||||||
protected $scopeRepository;
|
protected $scopeRepository;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @var \League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface
|
||||||
|
*/
|
||||||
|
private $authCodeRepository;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @var \League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface
|
||||||
|
*/
|
||||||
|
private $refreshTokenRepository;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @var string
|
* @var string
|
||||||
*/
|
*/
|
||||||
@ -94,6 +107,22 @@ abstract class AbstractGrant implements GrantTypeInterface
|
|||||||
$this->scopeRepository = $scopeRepository;
|
$this->scopeRepository = $scopeRepository;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param \League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface $refreshTokenRepository
|
||||||
|
*/
|
||||||
|
public function setRefreshTokenRepository(RefreshTokenRepositoryInterface $refreshTokenRepository)
|
||||||
|
{
|
||||||
|
$this->refreshTokenRepository = $refreshTokenRepository;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param \League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface $authCodeRepository
|
||||||
|
*/
|
||||||
|
public function setAuthCodeRepository(AuthCodeRepositoryInterface $authCodeRepository)
|
||||||
|
{
|
||||||
|
$this->authCodeRepository = $authCodeRepository;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param string $pathToPrivateKey
|
* @param string $pathToPrivateKey
|
||||||
*/
|
*/
|
||||||
@ -126,6 +155,22 @@ abstract class AbstractGrant implements GrantTypeInterface
|
|||||||
$this->refreshTokenTTL = $refreshTokenTTL;
|
$this->refreshTokenTTL = $refreshTokenTTL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return AuthCodeRepositoryInterface
|
||||||
|
*/
|
||||||
|
protected function getAuthCodeRepository()
|
||||||
|
{
|
||||||
|
return $this->authCodeRepository;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return RefreshTokenRepositoryInterface
|
||||||
|
*/
|
||||||
|
protected function getRefreshTokenRepository()
|
||||||
|
{
|
||||||
|
return $this->refreshTokenRepository;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Validate the client
|
* Validate the client
|
||||||
*
|
*
|
||||||
@ -303,6 +348,8 @@ abstract class AbstractGrant implements GrantTypeInterface
|
|||||||
$accessToken->addScope($scope);
|
$accessToken->addScope($scope);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$this->accessTokenRepository->persistNewAccessToken($accessToken);
|
||||||
|
|
||||||
return $accessToken;
|
return $accessToken;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -336,6 +383,8 @@ abstract class AbstractGrant implements GrantTypeInterface
|
|||||||
$authCode->addScope($scope);
|
$authCode->addScope($scope);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$this->authCodeRepository->persistNewAuthCode($authCode);
|
||||||
|
|
||||||
return $authCode;
|
return $authCode;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -351,6 +400,8 @@ abstract class AbstractGrant implements GrantTypeInterface
|
|||||||
$refreshToken->setExpiryDateTime((new \DateTime())->add($this->refreshTokenTTL));
|
$refreshToken->setExpiryDateTime((new \DateTime())->add($this->refreshTokenTTL));
|
||||||
$refreshToken->setAccessToken($accessToken);
|
$refreshToken->setAccessToken($accessToken);
|
||||||
|
|
||||||
|
$this->refreshTokenRepository->persistNewRefreshToken($refreshToken);
|
||||||
|
|
||||||
return $refreshToken;
|
return $refreshToken;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -23,10 +23,6 @@ class AuthCodeGrant extends AbstractGrant
|
|||||||
* @var \DateInterval
|
* @var \DateInterval
|
||||||
*/
|
*/
|
||||||
private $authCodeTTL;
|
private $authCodeTTL;
|
||||||
/**
|
|
||||||
* @var \League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface
|
|
||||||
*/
|
|
||||||
private $authCodeRepository;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @var \League\OAuth2\Server\Repositories\UserRepositoryInterface
|
* @var \League\OAuth2\Server\Repositories\UserRepositoryInterface
|
||||||
@ -43,10 +39,6 @@ class AuthCodeGrant extends AbstractGrant
|
|||||||
*/
|
*/
|
||||||
private $pathToAuthorizeTemplate;
|
private $pathToAuthorizeTemplate;
|
||||||
|
|
||||||
/**
|
|
||||||
* @var \League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface
|
|
||||||
*/
|
|
||||||
private $refreshTokenRepository;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param \League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface $authCodeRepository
|
* @param \League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface $authCodeRepository
|
||||||
@ -64,8 +56,8 @@ class AuthCodeGrant extends AbstractGrant
|
|||||||
$pathToLoginTemplate = null,
|
$pathToLoginTemplate = null,
|
||||||
$pathToAuthorizeTemplate = null
|
$pathToAuthorizeTemplate = null
|
||||||
) {
|
) {
|
||||||
$this->authCodeRepository = $authCodeRepository;
|
$this->setAuthCodeRepository($authCodeRepository);
|
||||||
$this->refreshTokenRepository = $refreshTokenRepository;
|
$this->setRefreshTokenRepository($refreshTokenRepository);
|
||||||
$this->userRepository = $userRepository;
|
$this->userRepository = $userRepository;
|
||||||
$this->authCodeTTL = $authCodeTTL;
|
$this->authCodeTTL = $authCodeTTL;
|
||||||
$this->pathToLoginTemplate = ($pathToLoginTemplate === null)
|
$this->pathToLoginTemplate = ($pathToLoginTemplate === null)
|
||||||
@ -209,7 +201,6 @@ class AuthCodeGrant extends AbstractGrant
|
|||||||
$redirectUri,
|
$redirectUri,
|
||||||
$scopes
|
$scopes
|
||||||
);
|
);
|
||||||
$this->authCodeRepository->persistNewAuthCode($authCode);
|
|
||||||
|
|
||||||
$redirectPayload['code'] = KeyCrypt::encrypt(
|
$redirectPayload['code'] = KeyCrypt::encrypt(
|
||||||
json_encode(
|
json_encode(
|
||||||
@ -267,7 +258,7 @@ class AuthCodeGrant extends AbstractGrant
|
|||||||
throw OAuthServerException::invalidRequest('code', 'Authorization code has expired');
|
throw OAuthServerException::invalidRequest('code', 'Authorization code has expired');
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($this->authCodeRepository->isAuthCodeRevoked($authCodePayload->auth_code_id) === true) {
|
if ($this->getAuthCodeRepository()->isAuthCodeRevoked($authCodePayload->auth_code_id) === true) {
|
||||||
throw OAuthServerException::invalidRequest('code', 'Authorization code has been revoked');
|
throw OAuthServerException::invalidRequest('code', 'Authorization code has been revoked');
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -286,8 +277,6 @@ class AuthCodeGrant extends AbstractGrant
|
|||||||
$authCodePayload->scopes
|
$authCodePayload->scopes
|
||||||
);
|
);
|
||||||
$refreshToken = $this->issueRefreshToken($accessToken);
|
$refreshToken = $this->issueRefreshToken($accessToken);
|
||||||
$this->accessTokenRepository->persistNewAccessToken($accessToken);
|
|
||||||
$this->refreshTokenRepository->persistNewRefreshToken($refreshToken);
|
|
||||||
|
|
||||||
// Inject tokens into response type
|
// Inject tokens into response type
|
||||||
$responseType->setAccessToken($accessToken);
|
$responseType->setAccessToken($accessToken);
|
||||||
|
|||||||
@ -33,7 +33,6 @@ class ClientCredentialsGrant extends AbstractGrant
|
|||||||
|
|
||||||
// Issue and persist access token
|
// Issue and persist access token
|
||||||
$accessToken = $this->issueAccessToken($accessTokenTTL, $client, $client->getIdentifier(), $scopes);
|
$accessToken = $this->issueAccessToken($accessTokenTTL, $client, $client->getIdentifier(), $scopes);
|
||||||
$this->accessTokenRepository->persistNewAccessToken($accessToken);
|
|
||||||
|
|
||||||
// Inject access token into response type
|
// Inject access token into response type
|
||||||
$responseType->setAccessToken($accessToken);
|
$responseType->setAccessToken($accessToken);
|
||||||
|
|||||||
@ -29,11 +29,6 @@ class PasswordGrant extends AbstractGrant
|
|||||||
*/
|
*/
|
||||||
private $userRepository;
|
private $userRepository;
|
||||||
|
|
||||||
/**
|
|
||||||
* @var \League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface
|
|
||||||
*/
|
|
||||||
private $refreshTokenRepository;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param \League\OAuth2\Server\Repositories\UserRepositoryInterface $userRepository
|
* @param \League\OAuth2\Server\Repositories\UserRepositoryInterface $userRepository
|
||||||
* @param \League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface $refreshTokenRepository
|
* @param \League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface $refreshTokenRepository
|
||||||
@ -43,7 +38,7 @@ class PasswordGrant extends AbstractGrant
|
|||||||
RefreshTokenRepositoryInterface $refreshTokenRepository
|
RefreshTokenRepositoryInterface $refreshTokenRepository
|
||||||
) {
|
) {
|
||||||
$this->userRepository = $userRepository;
|
$this->userRepository = $userRepository;
|
||||||
$this->refreshTokenRepository = $refreshTokenRepository;
|
$this->setRefreshTokenRepository($refreshTokenRepository);
|
||||||
|
|
||||||
$this->refreshTokenTTL = new \DateInterval('P1M');
|
$this->refreshTokenTTL = new \DateInterval('P1M');
|
||||||
}
|
}
|
||||||
@ -64,8 +59,6 @@ class PasswordGrant extends AbstractGrant
|
|||||||
// Issue and persist new tokens
|
// Issue and persist new tokens
|
||||||
$accessToken = $this->issueAccessToken($accessTokenTTL, $client, $user->getIdentifier(), $scopes);
|
$accessToken = $this->issueAccessToken($accessTokenTTL, $client, $user->getIdentifier(), $scopes);
|
||||||
$refreshToken = $this->issueRefreshToken($accessToken);
|
$refreshToken = $this->issueRefreshToken($accessToken);
|
||||||
$this->accessTokenRepository->persistNewAccessToken($accessToken);
|
|
||||||
$this->refreshTokenRepository->persistNewRefreshToken($refreshToken);
|
|
||||||
|
|
||||||
// Inject tokens into response
|
// Inject tokens into response
|
||||||
$responseType->setAccessToken($accessToken);
|
$responseType->setAccessToken($accessToken);
|
||||||
|
|||||||
@ -24,17 +24,12 @@ use Psr\Http\Message\ServerRequestInterface;
|
|||||||
*/
|
*/
|
||||||
class RefreshTokenGrant extends AbstractGrant
|
class RefreshTokenGrant extends AbstractGrant
|
||||||
{
|
{
|
||||||
/**
|
|
||||||
* @var \League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface
|
|
||||||
*/
|
|
||||||
private $refreshTokenRepository;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param \League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface $refreshTokenRepository
|
* @param \League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface $refreshTokenRepository
|
||||||
*/
|
*/
|
||||||
public function __construct(RefreshTokenRepositoryInterface $refreshTokenRepository)
|
public function __construct(RefreshTokenRepositoryInterface $refreshTokenRepository)
|
||||||
{
|
{
|
||||||
$this->refreshTokenRepository = $refreshTokenRepository;
|
$this->setRefreshTokenRepository($refreshTokenRepository);
|
||||||
|
|
||||||
$this->refreshTokenTTL = new \DateInterval('P1M');
|
$this->refreshTokenTTL = new \DateInterval('P1M');
|
||||||
}
|
}
|
||||||
@ -73,13 +68,13 @@ class RefreshTokenGrant extends AbstractGrant
|
|||||||
|
|
||||||
// Expire old tokens
|
// Expire old tokens
|
||||||
$this->accessTokenRepository->revokeAccessToken($oldRefreshToken['access_token_id']);
|
$this->accessTokenRepository->revokeAccessToken($oldRefreshToken['access_token_id']);
|
||||||
$this->refreshTokenRepository->revokeRefreshToken($oldRefreshToken['refresh_token_id']);
|
$this->getRefreshTokenRepository()->revokeRefreshToken($oldRefreshToken['refresh_token_id']);
|
||||||
|
|
||||||
// Issue and persist new tokens
|
// Issue and persist new tokens
|
||||||
$accessToken = $this->issueAccessToken($accessTokenTTL, $client, $oldRefreshToken['user_id'], $scopes);
|
$accessToken = $this->issueAccessToken($accessTokenTTL, $client, $oldRefreshToken['user_id'], $scopes);
|
||||||
$refreshToken = $this->issueRefreshToken($accessToken);
|
$refreshToken = $this->issueRefreshToken($accessToken);
|
||||||
$this->accessTokenRepository->persistNewAccessToken($accessToken);
|
$this->accessTokenRepository->persistNewAccessToken($accessToken);
|
||||||
$this->refreshTokenRepository->persistNewRefreshToken($refreshToken);
|
$this->getRefreshTokenRepository()->persistNewRefreshToken($refreshToken);
|
||||||
|
|
||||||
// Inject tokens into response
|
// Inject tokens into response
|
||||||
$responseType->setAccessToken($accessToken);
|
$responseType->setAccessToken($accessToken);
|
||||||
@ -125,7 +120,7 @@ class RefreshTokenGrant extends AbstractGrant
|
|||||||
throw OAuthServerException::invalidRefreshToken('Token has expired');
|
throw OAuthServerException::invalidRefreshToken('Token has expired');
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($this->refreshTokenRepository->isRefreshTokenRevoked($refreshTokenData['refresh_token_id']) === true) {
|
if ($this->getRefreshTokenRepository()->isRefreshTokenRevoked($refreshTokenData['refresh_token_id']) === true) {
|
||||||
throw OAuthServerException::invalidRefreshToken('Token has been revoked');
|
throw OAuthServerException::invalidRefreshToken('Token has been revoked');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user