Merge branch 'cleanup' of github.com:dandoescode/OAuth2 into feature/reorg

Conflicts:
	src/OAuth2/Authentication/Server.php
	src/Oauth2/Resource/Server.php
This commit is contained in:
Daniel Horrigan 2013-01-08 16:26:17 -05:00
commit 385111a1f2
34 changed files with 354 additions and 316 deletions

View File

@ -35,10 +35,10 @@
], ],
"autoload": { "autoload": {
"psr-0": { "psr-0": {
"Oauth2": "src/" "OAuth2": "src/"
} }
}, },
"suggest": { "suggest": {
"lncd/oauth2-facebook": "Adds support for Facebook as an IDP" "lncd/oauth2-facebook": "Adds support for Facebook as an IDP"
} }
} }

View File

@ -1,6 +1,6 @@
<?php <?php
namespace Oauth2\Authentication; namespace OAuth2\Authentication;
interface Database interface Database
{ {

View File

@ -1,6 +1,6 @@
<?php <?php
namespace Oauth2\Authentication; namespace OAuth2\Authentication;
class ClientException extends \Exception class ClientException extends \Exception
{ {

View File

@ -0,0 +1,8 @@
<?php
namespace OAuth2;
interface GrantTypeInterface
{
public function getIdentifier();
}

View File

@ -0,0 +1,8 @@
<?php
namespace OAuth2;
class MissingAccessTokenException extends \Exception
{
}

94
src/OAuth2/Request.php Normal file
View File

@ -0,0 +1,94 @@
<?php
namespace OAuth2;
use OutOfBoundsException;
use InvalidMethodCallException;
use InvalidArgumentException;
class Request implements RequestInterface
{
protected $get = array();
protected $post = array();
protected $cookies = array();
protected $files = array();
protected $server = array();
protected $headers = array();
public static function buildFromGlobals()
{
return new static($_GET, $_POST, $_COOKIE, $_FILES, $_SERVER);
}
public function __construct(array $get = array(), array $post = array(), array $cookies = array(), array $files = array(), array $server = array(), $headers = array())
{
$this->get = $get;
$this->post = $post;
$this->cookies = $cookies;
$this->files = $files;
$this->server = $server;
if (empty($headers)) {
$this->headers = $this->readHeaders();
}
}
public function get($index = null, $default = null)
{
return $this->getPropertyValue('get', $index, $default);
}
public function post($index = null, $default = null)
{
return $this->getPropertyValue('post', $index, $default);
}
public function file($index = null, $default = null)
{
return $this->getPropertyValue('files', $index, $default);
}
public function cookie($index = null, $default = null)
{
return $this->getPropertyValue('cookies', $index, $default);
}
public function server($index = null, $default = null)
{
return $this->getPropertyValue('server', $index, $default);
}
public function header($index = null, $default = null)
{
return $this->getPropertyValue('headers', $index, $default);
}
protected function readHeaders()
{
$headers = array();
foreach ($this->server() as $name => $value) {
if (substr($name, 0, 5) == 'HTTP_') {
$name = str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))));
$headers[$name] = $value;
}
}
return $headers;
}
protected function getPropertyValue($property, $index = null, $default = null)
{
if ( ! isset($this->{$property})) {
throw new InvalidArgumentException("Property '$property' does not exist.");
}
if (is_null($index)) {
return $this->{$property};
}
if ( ! array_key_exists($index, $this->{$property})) {
return $default;
}
return $this->{$property}[$index];
}
}

View File

@ -0,0 +1,24 @@
<?php
namespace OAuth2;
interface RequestInterface
{
public static function buildFromGlobals();
public function __construct(array $get = array(), array $post = array(), array $cookies = array(), array $files = array(), array $server = array(), $headers = array());
public function get($index = null);
public function post($index = null);
public function cookie($index = null);
public function file($index = null);
public function server($index = null);
public function header($index = null);
}

134
src/OAuth2/Resource.php Normal file
View File

@ -0,0 +1,134 @@
<?php
namespace OAuth2;
use OutOfBoundsException;
use OAuth2\Storage\SessionInterface;
use OAuth2\Storage\SessionScopeInterface;
class Resource
{
protected $accessToken = null;
protected $sessionId = null;
protected $ownerType = null;
protected $ownerId = null;
protected $sessionScopes = array();
protected $storages = array();
protected $request = null;
protected $tokenKey = 'oauth_token';
/**
* Sets up the Resource
*
* @param SessionInterface The Session Storage Object
* @param SessionScopeInterface The Session Scope Storage Object
*/
public function __construct(SessionInterface $session, SessionScopeInterface $session_scope)
{
$this->storages['session'] = $session;
$this->storages['session_scope'] = $session_scope;
}
/**
* Sets the Request Object
*
* @param RequestInterface The Request Object
*/
public function setRequest(RequestInterface $request)
{
$this->request = $request;
}
/**
* Gets the Request object. It will create one from the globals if one is not set.
*
* @return RequestInterface
*/
public function getRequest()
{
if ($this->request === null) {
$this->request = Request::buildFromGlobals();
}
return $this->request;
}
/**
* Checks if the Access Token is valid or not.
*
* @return bool
*/
public function isValid()
{
$access_token = $this->determineAccessToken();
$result = $this->storages['session']->validateAccessToken($access_token);
if ( ! $result) {
return false;
}
$this->accessToken = $access_token;
$this->sessionId = $result['id'];
$this->ownerType = $result['owner_type'];
$this->ownerId = $result['owner_id'];
$this->sessionScopes = $this->storages['session_scope']->getScopes($this->sessionId);
return true;
}
/**
* Checks if the current session has the given scope(s).
*
* @param array
*/
public function hasScope($scopes)
{
if (is_string($scopes)) {
if (in_array($scopes, $this->sessionScopes)) {
return true;
}
return false;
} elseif (is_array($scopes)) {
foreach ($scopes as $scope) {
if ( ! in_array($scope, $this->sessionScopes)) {
return false;
}
}
return true;
}
return false;
}
/**
* Reads in the Access Token from the headers.
*
* @return string
* @throws MissingAccessTokenException
*/
protected function determineAccessToken()
{
if ($header = $this->getRequest()->header('Authorization')) {
$access_token = trim(str_replace('Bearer', '', $header));
} else {
$method = $this->getRequest()->server('REQUEST_METHOD');
$access_token = $this->getRequest()->{$method}($this->tokenKey);
}
if (empty($access_token)) {
throw new MissingAccessTokenException('Access Token is Missing');
}
return $access_token;
}
}

42
src/OAuth2/Server.php Normal file
View File

@ -0,0 +1,42 @@
<?php
namespace OAuth2;
class Server
{
protected $scopeDelimeter = ',';
protected $expiresIn = 3600;
protected $responseTypes = array(
'code'
);
protected $storages = array();
protected $grantTypes = array();
public function __construct($storage)
{
}
public function addGrantType(GrantTypeInterface $grant_type, $identifier = null)
{
if (is_null($identifier)) {
$identifier = $grant_type->getIdentifier();
}
$this->grantTypes[$identifier] = $grant_type;
}
public function setScopeDelimeter($scope_delimeter)
{
$this->scopeDelimeter = $scope_delimeter;
}
public function setExpiresIn($expires_in)
{
$this->expiresIn = $expires_in;
}
}

View File

@ -0,0 +1,8 @@
<?php
namespace OAuth2\Storage;
interface ClientEndpointInterface
{
}

View File

@ -0,0 +1,8 @@
<?php
namespace OAuth2\Storage;
interface ClientInterface
{
}

View File

@ -0,0 +1,8 @@
<?php
namespace OAuth2\Storage;
interface ScopeInterface
{
}

View File

@ -0,0 +1,8 @@
<?php
namespace OAuth2\Storage;
interface SessionInterface
{
public function validateAccessToken($access_token);
}

View File

@ -0,0 +1,8 @@
<?php
namespace OAuth2\Storage;
interface SessionScopeInterface
{
public function getScopes($session_id);
}

View File

@ -1,59 +0,0 @@
<?php
namespace Oauth2\Resource;
interface Database
{
/**
* Validate an access token and return the session details.
*
* Database query:
*
* <code>
* SELECT id, owner_type, owner_id FROM oauth_sessions WHERE access_token =
* $accessToken AND stage = 'granted' AND
* access_token_expires > UNIX_TIMESTAMP(now())
* </code>
*
* Response:
*
* <code>
* Array
* (
* [id] => (int) The session ID
* [owner_type] => (string) The session owner type
* [owner_id] => (string) The session owner's ID
* )
* </code>
*
* @param string $accessToken The access token
* @return array|bool Return an array on success or false on failure
*/
public function validateAccessToken($accessToken);
/**
* Returns the scopes that the session is authorised with.
*
* Database query:
*
* <code>
* SELECT scope FROM oauth_session_scopes WHERE session_id =
* $sessionId
* </code>
*
* Response:
*
* <code>
* Array
* (
* [0] => (string) A scope
* [1] => (string) Another scope
* ...
* )
* </code>
*
* @param int $sessionId The session ID
* @return array A list of scopes
*/
public function sessionScopes($sessionId);
}

View File

@ -1,253 +0,0 @@
<?php
namespace Oauth2\Resource;
class ServerException extends \Exception
{
}
class ClientException extends \Exception
{
}
class Server
{
/**
* Reference to the database abstractor
* @var object
*/
private $_db = null;
/**
* The access token.
* @access private
*/
private $_accessToken = null;
/**
* The scopes the access token has access to.
* @access private
*/
private $_scopes = array();
/**
* The type of owner of the access token.
* @access private
*/
private $_type = null;
/**
* The ID of the owner of the access token.
* @access private
*/
private $_typeId = null;
/**
* Server configuration
* @var array
*/
private $_config = array(
'token_key' => 'oauth_token'
);
/**
* Error codes.
*
* To provide i8ln errors just overwrite the keys
*
* @var array
*/
public $errors = array(
'missing_access_token' => 'An access token was not presented with the request',
'invalid_access_token' => 'The access token is not registered with the resource server',
'missing_access_token_details' => 'The registered database abstractor did not return a valid access token details response',
'invalid_access_token_scopes' => 'The registered database abstractor did not return a valid access token scopes response',
);
/**
* Constructor
*
* @access public
* @return void
*/
public function __construct($options = null)
{
if ($options !== null) {
$this->_config = array_merge($this->_config, $options);
}
}
/**
* Magic method to test if access token represents a particular owner type
* @param string $method The method name
* @param mixed $arguements The method arguements
* @return bool If method is valid, and access token is owned by the requested party then true,
*/
public function __call($method, $arguements = null)
{
if (substr($method, 0, 2) === 'is') {
if ($this->_type === strtolower(substr($method, 2))) {
return $this->_typeId;
}
return false;
}
trigger_error('Call to undefined function ' . $method . '()');
}
/**
* Register a database abstrator class
*
* @access public
* @param object $db A class that implements OAuth2ServerDatabase
* @return void
*/
public function registerDbAbstractor($db)
{
$this->_db = $db;
}
/**
* Init function
*
* @access public
* @return void
*/
public function init()
{
$accessToken = null;
$_SERVER['REQUEST_METHOD'] = isset($_SERVER['REQUEST_METHOD']) ?
$_SERVER['REQUEST_METHOD'] :
null;
// Try and get the access token via an access_token or oauth_token parameter
switch ($_SERVER['REQUEST_METHOD'])
{
case 'POST':
$accessToken = isset($_POST[$this->_config['token_key']]) ?
$_POST[$this->_config['token_key']] :
null;
break;
default:
$accessToken = isset($_GET[$this->_config['token_key']]) ?
$_GET[$this->_config['token_key']] :
null;
break;
}
// Try and get an access token from the auth header
if (function_exists('getallheaders')) {
$headers = getallheaders();
if (isset($headers['Authorization'])) {
$rawToken = base64_decode(str_replace('Bearer ', '', trim($headers['Authorization'])));
if ( ! empty($rawToken)) {
$accessToken = $rawToken;
}
}
}
if ($accessToken) {
$result = $this->_dbCall('validateAccessToken', $accessToken);
if ($result === false) {
throw new ClientException($this->errors['invalid_access_token']);
} else {
if ( ! array_key_exists('id', $result) ||
! array_key_exists('owner_id', $result) ||
! array_key_exists('owner_type', $result)) {
throw new ServerException($this->errors['missing_access_token_details']);
}
$this->_accessToken = $accessToken;
$this->_type = $result['owner_type'];
$this->_typeId = $result['owner_id'];
// Get the scopes
$scopes = $this->_dbCall('sessionScopes', $result['id']);
if ( ! is_array($scopes))
{
throw new ServerException($this->errors['invalid_access_token_scopes']);
}
$this->_scopes = $scopes;
}
} else {
throw new ClientException($this->errors['missing_access_token']);
}
}
/**
* Test if the access token has a specific scope
*
* @param mixed $scopes Scope(s) to check
*
* @access public
* @return string|bool
*/
public function hasScope($scopes)
{
if (is_string($scopes)) {
if (in_array($scopes, $this->_scopes)) {
return true;
}
return false;
} elseif (is_array($scopes)) {
foreach ($scopes as $scope) {
if ( ! in_array($scope, $this->_scopes)) {
return false;
}
}
return true;
}
return false;
}
/**
* Call database methods from the abstractor
*
* @return mixed The query result
*/
private function _dbCall()
{
if ($this->_db === null) {
throw new ServerException('No registered database abstractor');
}
if ( ! $this->_db instanceof Database) {
throw new ServerException('The registered database abstractor is not an instance of Oauth2\Resource\Database');
}
$args = func_get_args();
$method = $args[0];
unset($args[0]);
$params = array_values($args);
return call_user_func_array(array($this->_db, $method), $params);
}
}