From 130d42c85e35f0c03302ea9232bcd0a67673e77c Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 6 Aug 2014 09:37:19 +0100 Subject: [PATCH] Removed some files which shouldn't be there --- .../Exception/InsufficientScopeException.php | 20 - .../Exception/MissingAccessTokenException.php | 20 - .../OAuth2/Server/Grant/RefreshToken.php | 207 --------- src/League/OAuth2/Server/Resource.php | 395 ------------------ .../Server/Storage/SessionInterface.php | 332 --------------- .../Util/KeyAlgorithm/DefaultAlgorithm.php | 38 -- .../KeyAlgorithm/KeyAlgorithmInterface.php | 18 - src/League/OAuth2/Server/Util/Request.php | 149 ------- 8 files changed, 1179 deletions(-) delete mode 100644 src/League/OAuth2/Server/Exception/InsufficientScopeException.php delete mode 100644 src/League/OAuth2/Server/Exception/MissingAccessTokenException.php delete mode 100644 src/League/OAuth2/Server/Grant/RefreshToken.php delete mode 100644 src/League/OAuth2/Server/Resource.php delete mode 100644 src/League/OAuth2/Server/Storage/SessionInterface.php delete mode 100644 src/League/OAuth2/Server/Util/KeyAlgorithm/DefaultAlgorithm.php delete mode 100644 src/League/OAuth2/Server/Util/KeyAlgorithm/KeyAlgorithmInterface.php delete mode 100644 src/League/OAuth2/Server/Util/Request.php diff --git a/src/League/OAuth2/Server/Exception/InsufficientScopeException.php b/src/League/OAuth2/Server/Exception/InsufficientScopeException.php deleted file mode 100644 index 04f66848..00000000 --- a/src/League/OAuth2/Server/Exception/InsufficientScopeException.php +++ /dev/null @@ -1,20 +0,0 @@ - - * @copyright Copyright (c) 2014 PHP League of Extraordinary Packages - * @license http://mit-license.org/ - * @link http://github.com/php-loep/oauth2-server - */ - -namespace League\OAuth2\Server\Exception; - -/** - * InsufficientScope Exception - */ -class InsufficientScopeException extends OAuth2Exception -{ - -} diff --git a/src/League/OAuth2/Server/Exception/MissingAccessTokenException.php b/src/League/OAuth2/Server/Exception/MissingAccessTokenException.php deleted file mode 100644 index 7bc3fe83..00000000 --- a/src/League/OAuth2/Server/Exception/MissingAccessTokenException.php +++ /dev/null @@ -1,20 +0,0 @@ - - * @copyright Copyright (c) 2014 PHP League of Extraordinary Packages - * @license http://mit-license.org/ - * @link http://github.com/php-loep/oauth2-server - */ - -namespace League\OAuth2\Server\Exception; - -/** - * MissingAccessToken Exception - */ -class MissingAccessTokenException extends OAuth2Exception -{ - -} diff --git a/src/League/OAuth2/Server/Grant/RefreshToken.php b/src/League/OAuth2/Server/Grant/RefreshToken.php deleted file mode 100644 index baf890f3..00000000 --- a/src/League/OAuth2/Server/Grant/RefreshToken.php +++ /dev/null @@ -1,207 +0,0 @@ - - * @copyright Copyright (c) 2013 PHP League of Extraordinary Packages - * @license http://mit-license.org/ - * @link http://github.com/php-loep/oauth2-server - */ - -namespace League\OAuth2\Server\Grant; - -use League\OAuth2\Server\Request; -use League\OAuth2\Server\Authorization; -use League\OAuth2\Server\Exception; -use League\OAuth2\Server\Util\SecureKey; -use League\OAuth2\Server\Storage\SessionInterface; -use League\OAuth2\Server\Storage\ClientInterface; -use League\OAuth2\Server\Storage\ScopeInterface; - -/** - * Referesh token grant - */ -class RefreshToken implements GrantTypeInterface { - - use GrantTrait; - - /** - * Grant identifier - * @var string - */ - protected $identifier = 'refresh_token'; - - /** - * Response type - * @var string - */ - protected $responseType = null; - - /** - * AuthServer instance - * @var AuthServer - */ - protected $authServer = null; - - /** - * Access token expires in override - * @var int - */ - protected $accessTokenTTL = null; - - /** - * Refresh token TTL - * @var integer - */ - protected $refreshTokenTTL = 604800; - - /** - * Rotate refresh tokens - * @var boolean - */ - protected $rotateRefreshTokens = false; - - /** - * Set the TTL of the refresh token - * @param int $refreshTokenTTL - * @return void - */ - public function setRefreshTokenTTL($refreshTokenTTL) - { - $this->refreshTokenTTL = $refreshTokenTTL; - } - - /** - * Get the TTL of the refresh token - * @return int - */ - public function getRefreshTokenTTL() - { - return $this->refreshTokenTTL; - } - - /** - * When a new access is token, expire the refresh token used and issue a new one. - * @param boolean $rotateRefreshTokens Set to true to enable (default = false) - * @return void - */ - public function rotateRefreshTokens($rotateRefreshTokens = false) - { - $this->rotateRefreshTokens = $rotateRefreshTokens; - } - - /** - * Complete the refresh token grant - * @param null|array $inputParams - * @return array - */ - public function completeFlow($inputParams = null) - { - // Get the required params - $authParams = $this->authServer->getParam(array('client_id', 'client_secret', 'refresh_token', 'scope'), 'post', $inputParams); - - if (is_null($authParams['client_id'])) { - throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_id'), 0); - } - - if (is_null($authParams['client_secret'])) { - throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_secret'), 0); - } - - // Validate client ID and client secret - $clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret'], null, $this->identifier); - - if ($clientDetails === false) { - throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_client'), 8); - } - - $authParams['client_details'] = $clientDetails; - - if (is_null($authParams['refresh_token'])) { - throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'refresh_token'), 0); - } - - // Validate refresh token - $accessTokenId = $this->authServer->getStorage('session')->validateRefreshToken($authParams['refresh_token'], $authParams['client_id']); - - if ($accessTokenId === false) { - throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_refresh'), 0); - } - - // Get the existing access token - $accessTokenDetails = $this->authServer->getStorage('session')->getAccessToken($accessTokenId); - - // Get the scopes for the existing access token - $scopes = $this->authServer->getStorage('session')->getScopes($accessTokenDetails['access_token']); - - // Generate new tokens and associate them to the session - $accessToken = SecureKey::make(); - $accessTokenExpiresIn = ($this->accessTokenTTL !== null) ? $this->accessTokenTTL : $this->authServer->getAccessTokenTTL(); - $accessTokenExpires = time() + $accessTokenExpiresIn; - - // Associate the new access token with the session - $newAccessTokenId = $this->authServer->getStorage('session')->associateAccessToken($accessTokenDetails['session_id'], $accessToken, $accessTokenExpires); - - if ($this->rotateRefreshTokens === true) { - - // Generate a new refresh token - $refreshToken = SecureKey::make(); - $refreshTokenExpires = time() + $this->getRefreshTokenTTL(); - - // Revoke the old refresh token - $this->authServer->getStorage('session')->removeRefreshToken($authParams['refresh_token']); - - // Associate the new refresh token with the new access token - $this->authServer->getStorage('session')->associateRefreshToken($newAccessTokenId, $refreshToken, $refreshTokenExpires, $authParams['client_id']); - } - - // There isn't a request for reduced scopes so assign the original ones (or we're not rotating scopes) - if ( ! isset($authParams['scope'])) { - - foreach ($scopes as $scope) { - $this->authServer->getStorage('session')->associateScope($newAccessTokenId, $scope['id']); - } - - } elseif ( isset($authParams['scope']) && $this->rotateRefreshTokens === true) { - - // The request is asking for reduced scopes and rotate tokens is enabled - $reqestedScopes = explode($this->authServer->getScopeDelimeter(), $authParams['scope']); - - for ($i = 0; $i < count($reqestedScopes); $i++) { - $reqestedScopes[$i] = trim($reqestedScopes[$i]); - if ($reqestedScopes[$i] === '') unset($reqestedScopes[$i]); // Remove any junk scopes - } - - // Check that there aren't any new scopes being included - $existingScopes = array(); - foreach ($scopes as $s) { - $existingScopes[] = $s['scope']; - } - - foreach ($reqestedScopes as $reqScope) { - if ( ! in_array($reqScope, $existingScopes)) { - throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'scope'), 0); - } - - // Associate with the new access token - $scopeDetails = $this->authServer->getStorage('scope')->getScope($reqScope, $authParams['client_id'], $this->identifier); - $this->authServer->getStorage('session')->associateScope($newAccessTokenId, $scopeDetails['id']); - } - } - - $response = array( - 'access_token' => $accessToken, - 'token_type' => 'Bearer', - 'expires' => $accessTokenExpires, - 'expires_in' => $accessTokenExpiresIn - ); - - if ($this->rotateRefreshTokens === true) { - $response['refresh_token'] = $refreshToken; - } - - return $response; - } - -} diff --git a/src/League/OAuth2/Server/Resource.php b/src/League/OAuth2/Server/Resource.php deleted file mode 100644 index 898a3801..00000000 --- a/src/League/OAuth2/Server/Resource.php +++ /dev/null @@ -1,395 +0,0 @@ - - * @author Woody Gilk - * @copyright Copyright (c) 2013-2014 PHP League of Extraordinary Packages - * @license http://mit-license.org/ - * @link http://github.com/php-loep/oauth2-server - */ - -namespace League\OAuth2\Server; - -use OutOfBoundsException; -use League\OAuth2\Server\Storage\SessionInterface; -use League\OAuth2\Server\Util\RequestInterface; -use League\OAuth2\Server\Util\Request; - -/** - * OAuth 2.0 Resource Server - */ -class Resource -{ - /** - * The access token - * @var string - */ - protected $accessToken = null; - - /** - * The session ID - * @var string - */ - protected $sessionId = null; - - /** - * The type of the owner of the access token - * @var string - */ - protected $ownerType = null; - - /** - * The ID of the owner of the access token - * @var string - */ - protected $ownerId = null; - - /** - * The scopes associated with the access token - * @var array - */ - protected $sessionScopes = array(); - - /** - * The client, scope and session storage classes - * @var array - */ - protected $storages = array(); - - /** - * The request object - * @var Util\RequestInterface - */ - protected $request = null; - - /** - * The query string key which is used by clients to present the access token (default: access_token) - * @var string - */ - protected $tokenKey = 'access_token'; - - /** - * The client ID - * @var string - */ - protected $clientId = null; - - /** - * Exception error codes - * @var array - */ - protected static $exceptionCodes = array( - 0 => 'invalid_request', - 1 => 'invalid_token', - 2 => 'insufficient_scope', - ); - - /** - * Exception error messages - * @var array - */ - protected static $exceptionMessages = array( - 'invalid_request' => 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the "%s" parameter.', - 'invalid_token' => 'The access token provided is expired, revoked, malformed, or invalid for other reasons.', - 'insufficient_scope' => 'The request requires higher privileges than provided by the access token. Required scopes are: %s.', - ); - - /** - * Exception error HTTP status codes - * @var array - * - * RFC 6750, section 3.1: - * When a request fails, the resource server responds using the - * appropriate HTTP status code (typically, 400, 401, 403, or 405) and - * includes one of the following error codes in the response: - */ - protected static $exceptionHttpStatusCodes = array( - 'invalid_request' => 400, - 'invalid_token' => 401, - 'insufficient_scope' => 403, - ); - - /** - * Get an exception message - * - * @param string $error The error message key - * @return string The error message - */ - public static function getExceptionMessage($error = '') - { - return self::$exceptionMessages[$error]; - } - - /** - * Get an exception code - * - * @param integer $code The exception code - * @return string The exception code type - */ - public static function getExceptionType($code = 0) - { - return self::$exceptionCodes[$code]; - } - - /** - * Get all headers that have to be send with the error response - * - * @param string $error The error message key - * @return array Array with header values - */ - public static function getExceptionHttpHeaders($error) - { - $headers = array(); - switch (self::$exceptionHttpStatusCodes[$error]) { - case 401: - $headers[] = 'HTTP/1.1 401 Unauthorized'; - break; - case 403: - $headers[] = 'HTTP/1.1 403 Forbidden'; - break; - case 400: - default: - $headers[] = 'HTTP/1.1 400 Bad Request'; - } - - // Add "WWW-Authenticate" header - // - // RFC 6749, section 5.2.: - // "If the client attempted to authenticate via the 'Authorization' - // request header field, the authorization server MUST - // respond with an HTTP 401 (Unauthorized) status code and - // include the "WWW-Authenticate" response header field - // matching the authentication scheme used by the client. - // @codeCoverageIgnoreStart - if ($error === 'invalid_token') { - $authScheme = null; - $request = Request::buildFromGlobals(); - if ($request->server('PHP_AUTH_USER') !== null) { - $authScheme = 'Basic'; - } else { - $authHeader = $request->header('Authorization'); - if ($authHeader !== null) { - if (strpos($authHeader, 'Bearer') === 0) { - $authScheme = 'Bearer'; - } elseif (strpos($authHeader, 'Basic') === 0) { - $authScheme = 'Basic'; - } - } - } - if ($authScheme !== null) { - $headers[] = 'WWW-Authenticate: '.$authScheme.' realm=""'; - } - } - // @codeCoverageIgnoreEnd - - return $headers; - } - - /** - * Sets up the Resource - * - * @param SessionInterface The Session Storage Object - */ - public function __construct(SessionInterface $session) - { - $this->storages['session'] = $session; - } - - /** - * Sets the Request Object - * - * @param RequestInterface The Request Object - */ - public function setRequest(RequestInterface $request) - { - $this->request = $request; - return $this; - } - - /** - * Gets the Request object. It will create one from the globals if one is not set. - * - * @return Util\RequestInterface - */ - public function getRequest() - { - if ($this->request === null) { - // @codeCoverageIgnoreStart - $this->request = Request::buildFromGlobals(); - } - // @codeCoverageIgnoreEnd - - return $this->request; - } - - /** - * Returns the query string key for the access token. - * - * @return string - */ - public function getTokenKey() - { - return $this->tokenKey; - } - - /** - * Sets the query string key for the access token. - * - * @param $key The new query string key - */ - public function setTokenKey($key) - { - $this->tokenKey = $key; - return $this; - } - - /** - * Gets the access token owner ID. - * - * @return string - */ - public function getOwnerId() - { - return $this->ownerId; - } - - /** - * Gets the owner type. - * - * @return string - */ - public function getOwnerType() - { - return $this->ownerType; - } - - /** - * Gets the access token. - * - * @return string - */ - public function getAccessToken() - { - return $this->accessToken; - } - - /** - * Gets the client ID that created the session - * @return string - */ - public function getClientId() - { - return $this->clientId; - } - - /** - * Checks if the access token is valid or not. - * - * @param $headersOnly Limit Access Token to Authorization header only - * @throws Exception\InvalidAccessTokenException Thrown if the presented access token is not valid - * @return bool - */ - public function isValid($headersOnly = false) - { - $accessToken = $this->determineAccessToken($headersOnly); - - $result = $this->storages['session']->validateAccessToken($accessToken); - - if (! $result) { - throw new Exception\InvalidAccessTokenException(self::$exceptionMessages['invalid_token'], 1); - } - - $this->accessToken = $accessToken; - $this->sessionId = $result['session_id']; - $this->clientId = $result['client_id']; - $this->ownerType = $result['owner_type']; - $this->ownerId = $result['owner_id']; - - $sessionScopes = $this->storages['session']->getScopes($this->accessToken); - foreach ($sessionScopes as $scope) { - $this->sessionScopes[] = $scope['scope']; - } - - return true; - } - - /** - * Get the session scopes - * @return array - */ - public function getScopes() - { - return $this->sessionScopes; - } - - /** - * Checks if the presented access token has the given scope(s). - * - * @param array|string An array of scopes or a single scope as a string - * @param bool If scopes are required, missing scope will trigger an exception - * @throws Exception\InsufficientScopeException Thrown if the any of the given scopes are not in the session - * @return bool Returns bool if all scopes are found, false if any fail - */ - public function hasScope($scopes, $required = false) - { - if (!is_array($scopes)) { - $scopes = array($scopes); - } - - $missing = array_diff($scopes, $this->sessionScopes); - - if ($missing) { - if ($required) { - $missing = implode(', ', $missing); - throw new Exception\InsufficientScopeException(sprintf(self::$exceptionMessages['insufficient_scope'], $missing), 3); - } - return false; - } - return true; - } - - /** - * Reads in the access token from the headers. - * - * @param $headersOnly Limit Access Token to Authorization header only - * @throws Exception\MissingAccessTokenException Thrown if there is no access token presented - * @return string - */ - public function determineAccessToken($headersOnly = false) - { - // Try to get it directly from a header - if (! $header = $this->getRequest()->header('Authorization')) { - - // Failing that try getting it from a server variable - $header = $this->getRequest()->server('HTTP_AUTHORIZATION'); - } - - // One of them worked - if ($header) { - // Check for special case, because cURL sometimes does an - // internal second request and doubles the authorization header, - // which always resulted in an error. - // - // 1st request: Authorization: Bearer XXX - // 2nd request: Authorization: Bearer XXX, Bearer XXX - if (strpos($header, ',') !== false) { - $headerPart = explode(',', $header); - $accessToken = trim(preg_replace('/^(?:\s+)?Bearer\s/', '', $headerPart[0])); - } else { - $accessToken = trim(preg_replace('/^(?:\s+)?Bearer\s/', '', $header)); - } - $accessToken = ($accessToken === 'Bearer') ? '' : $accessToken; - } elseif ($headersOnly === false) { - $method = $this->getRequest()->server('REQUEST_METHOD'); - $accessToken = $this->getRequest()->{$method}($this->tokenKey); - } - - if (empty($accessToken)) { - throw new Exception\MissingAccessTokenException(self::$exceptionMessages['invalid_request'], 0); - } - - return $accessToken; - } -} diff --git a/src/League/OAuth2/Server/Storage/SessionInterface.php b/src/League/OAuth2/Server/Storage/SessionInterface.php deleted file mode 100644 index f40b1406..00000000 --- a/src/League/OAuth2/Server/Storage/SessionInterface.php +++ /dev/null @@ -1,332 +0,0 @@ - - * @copyright Copyright (c) 2013 PHP League of Extraordinary Packages - * @license http://mit-license.org/ - * @link http://github.com/php-loep/oauth2-server - */ - -namespace League\OAuth2\Server\Storage; - -interface SessionInterface -{ - /** - * Create a new session - * - * Example SQL query: - * - * - * INSERT INTO oauth_sessions (client_id, owner_type, owner_id) - * VALUE (:clientId, :ownerType, :ownerId) - * - * - * @param string $clientId The client ID - * @param string $ownerType The type of the session owner (e.g. "user") - * @param string $ownerId The ID of the session owner (e.g. "123") - * @return int The session ID - */ - public function createSession($clientId, $ownerType, $ownerId); - - /** - * Delete a session - * - * Example SQL query: - * - * - * DELETE FROM oauth_sessions WHERE client_id = :clientId AND owner_type = :type AND owner_id = :typeId - * - * - * @param string $clientId The client ID - * @param string $ownerType The type of the session owner (e.g. "user") - * @param string $ownerId The ID of the session owner (e.g. "123") - * @return void - */ - public function deleteSession($clientId, $ownerType, $ownerId); - - /** - * Associate a redirect URI with a session - * - * Example SQL query: - * - * - * INSERT INTO oauth_session_redirects (session_id, redirect_uri) VALUE (:sessionId, :redirectUri) - * - * - * @param int $sessionId The session ID - * @param string $redirectUri The redirect URI - * @return void - */ - public function associateRedirectUri($sessionId, $redirectUri); - - /** - * Associate an access token with a session - * - * Example SQL query: - * - * - * INSERT INTO oauth_session_access_tokens (session_id, access_token, access_token_expires) - * VALUE (:sessionId, :accessToken, :accessTokenExpire) - * - * - * @param int $sessionId The session ID - * @param string $accessToken The access token - * @param int $expireTime Unix timestamp of the access token expiry time - * @return int The access token ID - */ - public function associateAccessToken($sessionId, $accessToken, $expireTime); - - /** - * Associate a refresh token with a session - * - * Example SQL query: - * - * - * INSERT INTO oauth_session_refresh_tokens (session_access_token_id, refresh_token, refresh_token_expires, - * client_id) VALUE (:accessTokenId, :refreshToken, :expireTime, :clientId) - * - * - * @param int $accessTokenId The access token ID - * @param string $refreshToken The refresh token - * @param int $expireTime Unix timestamp of the refresh token expiry time - * @param string $clientId The client ID - * @return void - */ - public function associateRefreshToken($accessTokenId, $refreshToken, $expireTime, $clientId); - - /** - * Assocate an authorization code with a session - * - * Example SQL query: - * - * - * INSERT INTO oauth_session_authcodes (session_id, auth_code, auth_code_expires) - * VALUE (:sessionId, :authCode, :authCodeExpires) - * - * - * @param int $sessionId The session ID - * @param string $authCode The authorization code - * @param int $expireTime Unix timestamp of the access token expiry time - * @return int The auth code ID - */ - public function associateAuthCode($sessionId, $authCode, $expireTime); - - /** - * Remove an associated authorization token from a session - * - * Example SQL query: - * - * - * DELETE FROM oauth_session_authcodes WHERE session_id = :sessionId - * - * - * @param int $sessionId The session ID - * @return void - */ - public function removeAuthCode($sessionId); - - /** - * Validate an authorization code - * - * Example SQL query: - * - * - * SELECT oauth_sessions.id AS session_id, oauth_session_authcodes.id AS authcode_id FROM oauth_sessions - * JOIN oauth_session_authcodes ON oauth_session_authcodes.`session_id` = oauth_sessions.id - * JOIN oauth_session_redirects ON oauth_session_redirects.`session_id` = oauth_sessions.id WHERE - * oauth_sessions.client_id = :clientId AND oauth_session_authcodes.`auth_code` = :authCode - * AND `oauth_session_authcodes`.`auth_code_expires` >= :time AND - * `oauth_session_redirects`.`redirect_uri` = :redirectUri - * - * - * Expected response: - * - * - * array( - * 'session_id' => (int) - * 'authcode_id' => (int) - * ) - * - * - * @param string $clientId The client ID - * @param string $redirectUri The redirect URI - * @param string $authCode The authorization code - * @return array|bool False if invalid or array as above - */ - public function validateAuthCode($clientId, $redirectUri, $authCode); - - /** - * Validate an access token - * - * Example SQL query: - * - * - * SELECT session_id, oauth_sessions.`client_id`, oauth_sessions.`owner_id`, oauth_sessions.`owner_type` - * FROM `oauth_session_access_tokens` JOIN oauth_sessions ON oauth_sessions.`id` = session_id WHERE - * access_token = :accessToken AND access_token_expires >= UNIX_TIMESTAMP(NOW()) - * - * - * Expected response: - * - * - * array( - * 'session_id' => (int), - * 'client_id' => (string), - * 'owner_id' => (string), - * 'owner_type' => (string) - * ) - * - * - * @param string $accessToken The access token - * @return array|bool False if invalid or an array as above - */ - public function validateAccessToken($accessToken); - - /** - * Removes a refresh token - * - * Example SQL query: - * - * - * DELETE FROM `oauth_session_refresh_tokens` WHERE refresh_token = :refreshToken - * - * - * @param string $refreshToken The refresh token to be removed - * @return void - */ - public function removeRefreshToken($refreshToken); - - /** - * Validate a refresh token - * - * Example SQL query: - * - * - * SELECT session_access_token_id FROM `oauth_session_refresh_tokens` WHERE refresh_token = :refreshToken - * AND refresh_token_expires >= UNIX_TIMESTAMP(NOW()) AND client_id = :clientId - * - * - * @param string $refreshToken The refresh token - * @param string $clientId The client ID - * @return int|bool The ID of the access token the refresh token is linked to (or false if invalid) - */ - public function validateRefreshToken($refreshToken, $clientId); - - /** - * Get an access token by ID - * - * Example SQL query: - * - * - * SELECT * FROM `oauth_session_access_tokens` WHERE `id` = :accessTokenId - * - * - * Expected response: - * - * - * array( - * 'id' => (int), - * 'session_id' => (int), - * 'access_token' => (string), - * 'access_token_expires' => (int) - * ) - * - * - * @param int $accessTokenId The access token ID - * @return array - */ - public function getAccessToken($accessTokenId); - - /** - * Associate scopes with an auth code (bound to the session) - * - * Example SQL query: - * - * - * INSERT INTO `oauth_session_authcode_scopes` (`oauth_session_authcode_id`, `scope_id`) VALUES - * (:authCodeId, :scopeId) - * - * - * @param int $authCodeId The auth code ID - * @param int $scopeId The scope ID - * @return void - */ - public function associateAuthCodeScope($authCodeId, $scopeId); - - /** - * Get the scopes associated with an auth code - * - * Example SQL query: - * - * - * SELECT scope_id FROM `oauth_session_authcode_scopes` WHERE oauth_session_authcode_id = :authCodeId - * - * - * Expected response: - * - * - * array( - * array( - * 'scope_id' => (int) - * ), - * array( - * 'scope_id' => (int) - * ), - * ... - * ) - * - * - * @param int $oauthSessionAuthCodeId The session ID - * @return array - */ - public function getAuthCodeScopes($oauthSessionAuthCodeId); - - /** - * Associate a scope with an access token - * - * Example SQL query: - * - * - * INSERT INTO `oauth_session_token_scopes` (`session_access_token_id`, `scope_id`) VALUE (:accessTokenId, :scopeId) - * - * - * @param int $accessTokenId The ID of the access token - * @param int $scopeId The ID of the scope - * @return void - */ - public function associateScope($accessTokenId, $scopeId); - - /** - * Get all associated access tokens for an access token - * - * Example SQL query: - * - * - * SELECT oauth_scopes.* FROM oauth_session_token_scopes JOIN oauth_session_access_tokens - * ON oauth_session_access_tokens.`id` = `oauth_session_token_scopes`.`session_access_token_id` - * JOIN oauth_scopes ON oauth_scopes.id = `oauth_session_token_scopes`.`scope_id` - * WHERE access_token = :accessToken - * - * - * Expected response: - * - * - * array ( - * array( - * 'id' => (int), - * 'scope' => (string), - * 'name' => (string), - * 'description' => (string) - * ), - * ... - * ... - * ) - * - * - * @param string $accessToken The access token - * @return array - */ - public function getScopes($accessToken); -} diff --git a/src/League/OAuth2/Server/Util/KeyAlgorithm/DefaultAlgorithm.php b/src/League/OAuth2/Server/Util/KeyAlgorithm/DefaultAlgorithm.php deleted file mode 100644 index de9aaff1..00000000 --- a/src/League/OAuth2/Server/Util/KeyAlgorithm/DefaultAlgorithm.php +++ /dev/null @@ -1,38 +0,0 @@ - - * @copyright Copyright (c) 2013 PHP League of Extraordinary Packages - * @license http://mit-license.org/ - * @link http://github.com/php-loep/oauth2-server - */ - -namespace League\OAuth2\Server\Util\KeyAlgorithm; - - -class DefaultAlgorithm implements KeyAlgorithmInterface -{ - /** - * @param int $len - * @return string - * @throws \Exception - */ - public function make($len = 40) - { - // We generate twice as many bytes here because we want to ensure we have - // enough after we base64 encode it to get the length we need because we - // take out the "/", "+", and "=" characters. - $bytes = openssl_random_pseudo_bytes($len * 2, $strong); - - // We want to stop execution if the key fails because, well, that is bad. - if ($bytes === false || $strong === false) { - // @codeCoverageIgnoreStart - throw new \Exception('Error Generating Key'); - // @codeCoverageIgnoreEnd - } - - return substr(str_replace(array('/', '+', '='), '', base64_encode($bytes)), 0, $len); - } -} \ No newline at end of file diff --git a/src/League/OAuth2/Server/Util/KeyAlgorithm/KeyAlgorithmInterface.php b/src/League/OAuth2/Server/Util/KeyAlgorithm/KeyAlgorithmInterface.php deleted file mode 100644 index 583daf71..00000000 --- a/src/League/OAuth2/Server/Util/KeyAlgorithm/KeyAlgorithmInterface.php +++ /dev/null @@ -1,18 +0,0 @@ - - * @copyright Copyright (c) 2013 PHP League of Extraordinary Packages - * @license http://mit-license.org/ - * @link http://github.com/php-loep/oauth2-server - */ - -namespace League\OAuth2\Server\Util\KeyAlgorithm; - - -interface KeyAlgorithmInterface -{ - public function make($len = 40); -} \ No newline at end of file diff --git a/src/League/OAuth2/Server/Util/Request.php b/src/League/OAuth2/Server/Util/Request.php deleted file mode 100644 index 5e20923e..00000000 --- a/src/League/OAuth2/Server/Util/Request.php +++ /dev/null @@ -1,149 +0,0 @@ - - * @copyright Copyright (c) 2013 PHP League of Extraordinary Packages - * @license http://mit-license.org/ - * @link http://github.com/php-loep/oauth2-server - */ - -namespace League\OAuth2\Server\Util; - -use OutOfBoundsException; -use InvalidMethodCallException; -use InvalidArgumentException; - -class Request implements RequestInterface -{ - protected $get = array(); - protected $post = array(); - protected $cookies = array(); - protected $files = array(); - protected $server = array(); - protected $headers = array(); - - public static function buildFromGlobals() - { - return new static($_GET, $_POST, $_COOKIE, $_FILES, $_SERVER); - } - - public function __construct(array $get = array(), array $post = array(), array $cookies = array(), array $files = array(), array $server = array(), $headers = array()) - { - $this->get = $get; - $this->post = $post; - $this->cookies = $cookies; - $this->files = $files; - $this->server = $server; - - if (empty($headers)) { - $this->headers = $this->readHeaders(); - } else { - $this->headers = $this->normalizeHeaders($headers); - } - } - - public function get($index = null, $default = null) - { - return $this->getPropertyValue('get', $index, $default); - } - - public function post($index = null, $default = null) - { - return $this->getPropertyValue('post', $index, $default); - } - - public function file($index = null, $default = null) - { - return $this->getPropertyValue('files', $index, $default); - } - - public function cookie($index = null, $default = null) - { - return $this->getPropertyValue('cookies', $index, $default); - } - - public function server($index = null, $default = null) - { - return $this->getPropertyValue('server', $index, $default); - } - - public function header($index = null, $default = null) - { - return $this->getPropertyValue('headers', $index, $default); - } - - protected function readHeaders() - { - if (function_exists('apache_request_headers')) { - // @codeCoverageIgnoreStart - $headers = apache_request_headers(); - } elseif (function_exists('http_get_request_headers')) { - $headers = http_get_request_headers(); - } else { - // @codeCoverageIgnoreEnd - $headers = array(); - foreach ($this->server() as $name => $value) { - if (substr($name, 0, 5) == 'HTTP_') { - // HTTP_FOO_BAR becomes FOO-BAR - $name = str_replace(array('HTTP_', '_'), array('', '-'), $name); - $headers[$name] = $value; - } - } - } - - return $this->normalizeHeaders($headers); - } - - protected function getPropertyValue($property, $index = null, $default = null) - { - if ( ! isset($this->{$property})) { - throw new InvalidArgumentException("Property '$property' does not exist."); - } - if (is_null($index)) { - return $this->{$property}; - } - - if ( ! array_key_exists($index, $this->{$property})) { - return $default; - } - - return $this->{$property}[$index]; - } - - /** - * Takes all of the headers and normalizes them in a canonical form. - * - * @param array $headers The request headers. - * @return array An arry of headers with the header name normalized - */ - protected function normalizeHeaders(array $headers) - { - $normalized = array(); - foreach ($headers as $key => $value) { - $normalized[ucfirst($this->normalizeKey($key))] = $value; - } - - return $normalized; - } - - /** - * Transform header name into canonical form - * - * Taken from the Slim codebase... - * - * @param string $key - * @return string - */ - protected function normalizeKey($key) - { - $key = strtolower($key); - $key = str_replace(array('-', '_'), ' ', $key); - $key = preg_replace('#^http #', '', $key); - $key = ucwords($key); - $key = str_replace(' ', '-', $key); - - return $key; - } -}