From 449ba5005c0956e82b15086a972dbac4d9393dab Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 16 Dec 2013 23:47:03 +0000 Subject: [PATCH] First commit of updated ResourceServer --- src/League/OAuth2/Server/Resource.php | 200 +++++++++++++++----------- 1 file changed, 119 insertions(+), 81 deletions(-) diff --git a/src/League/OAuth2/Server/Resource.php b/src/League/OAuth2/Server/Resource.php index 55339567..9f1720ca 100644 --- a/src/League/OAuth2/Server/Resource.php +++ b/src/League/OAuth2/Server/Resource.php @@ -13,8 +13,9 @@ namespace League\OAuth2\Server; use OutOfBoundsException; use League\OAuth2\Server\Storage\SessionInterface; -use League\OAuth2\Server\Util\RequestInterface; -use League\OAuth2\Server\Util\Request; +use League\OAuth2\Server\Storage\AccessTokenInterface; +use League\OAuth2\Server\Storage\ClientInterface; +use Symfony\Component\HttpFoundation\Request; /** * OAuth 2.0 Resource Server @@ -23,92 +24,100 @@ class Resource { /** * The access token - * @var string + * + * @var League\OAuth2\Server\AccessToken */ protected $accessToken = null; /** - * The session ID - * @var string + * The session + * + * @var \League\OAuth2\Server\Session */ - protected $sessionId = null; - - /** - * The type of the owner of the access token - * @var string - */ - protected $ownerType = null; - - /** - * The ID of the owner of the access token - * @var string - */ - protected $ownerId = null; - - /** - * The scopes associated with the access token - * @var array - */ - protected $sessionScopes = array(); - - /** - * The client, scope and session storage classes - * @var array - */ - protected $storages = array(); + protected $session = null; /** * The request object + * * @var Util\RequestInterface */ protected $request = null; /** * The query string key which is used by clients to present the access token (default: access_token) + * * @var string */ protected $tokenKey = 'access_token'; /** * The client ID - * @var string + * + * @var League\OAuth2\Server\Client */ - protected $clientId = null; + protected $client = null; /** - * Sets up the Resource + * Session storage * - * @param SessionInterface The Session Storage Object + * @var League\OAuth2\Server\Storage\SessionInterface */ - public function __construct(SessionInterface $session) - { - $this->storages['session'] = $session; + protected $sessionStorage = null; + + /** + * Access token storage + * + * @var League\OAuth2\Server\Storage\AccessTokenInterface + */ + protected $accessTokenStorage = null; + + /** + * Client storage + * + * @var League\OAuth2\Server\Storage\ClientInterface + */ + protected $clientStorage = null; + + /** + * Initialise the resource server + * + * @param SessionInterface $sessionStorage [description] + * @param AccessTokenInteface $accessTokenStorage [description] + * @param ClientInterface $clientStorage [description] + * + * @return self + */ + public function __construct( + SessionInterface $sessionStorage, + AccessTokenInteface $accessTokenStorage, + ClientInterface $clientStorage + ) { + $this->sessionStorage = $sessionStorage; + $this->accessTokenStorage = $accessTokenStorage; + $this->clientStorage = $clientStorage; + return $this; } /** * Sets the Request Object * - * @param RequestInterface The Request Object + * @param \Symfony\Component\HttpFoundation\Request The Request Object + * + * @return self */ - public function setRequest(RequestInterface $request) + public function setRequest(Request $request) { $this->request = $request; return $this; } /** - * Gets the Request object. It will create one from the globals if one is not set. + * Gets the Request object. It will create one from the globals if one is not set. * - * @return Util\RequestInterface + * @return Symfony\Component\HttpFoundation\Request */ public function getRequest() { - if ($this->request === null) { - // @codeCoverageIgnoreStart - $this->request = Request::buildFromGlobals(); - } - // @codeCoverageIgnoreEnd - return $this->request; } @@ -126,6 +135,8 @@ class Resource * Sets the query string key for the access token. * * @param $key The new query string key + * + * @return self */ public function setTokenKey($key) { @@ -134,119 +145,147 @@ class Resource } /** - * Gets the access token owner ID. + * Gets the access token owner ID * * @return string */ public function getOwnerId() { - return $this->ownerId; + return $this->session->getOwnerId(); } /** - * Gets the owner type. + * Gets the owner type * * @return string */ public function getOwnerType() { - return $this->ownerType; + return $this->session->getOwnerType(); } /** - * Gets the access token. + * Gets the access token * * @return string */ public function getAccessToken() { - return $this->accessToken; + return $this->accessToken->getId(); } /** * Gets the client ID that created the session + * * @return string */ public function getClientId() { - return $this->clientId; + return $this->client->getId(); } /** - * Checks if the access token is valid or not. + * Checks if the access token is valid or not * * @param $headersOnly Limit Access Token to Authorization header only - * @throws Exception\InvalidAccessTokenException Thrown if the presented access token is not valid + * * @return bool */ public function isValid($headersOnly = false) { - $accessToken = $this->determineAccessToken($headersOnly); + try { + $accessToken = $this->determineAccessToken($headersOnly); + } catch (Exception $e) { + return false; + } - $result = $this->storages['session']->validateAccessToken($accessToken); + // Set the access token + $tokenResult = $this->accessTokenStorage->getToken($accessToken); + if ($tokenResult === null) { + return false; + } - if ( ! $result) { - throw new Exception\InvalidAccessTokenException('Access token is not valid'); + $accessToken = new AccessToken; + $accessToken->setId($token); + $accessToken->setTTL($tokenResult['ttl']); + $accessToken->setTimestamp($tokenResult['created']); + + $scopes = $this->accessTokenStorage->getTokenScopes($token); + foreach ($scopes as $scope => $details) { + $accessToken->associateScope($scope, $details); } $this->accessToken = $accessToken; - $this->sessionId = $result['session_id']; - $this->clientId = $result['client_id']; - $this->ownerType = $result['owner_type']; - $this->ownerId = $result['owner_id']; - $sessionScopes = $this->storages['session']->getScopes($this->accessToken); - foreach ($sessionScopes as $scope) { - $this->sessionScopes[] = $scope['scope']; + + // Set the session + $sessionResult = $this->sessionStorage->getSession($tokenResult['session_id']); + if ($sessionResult === null) { + return false; } + $session = new Session(); + $session->setOwner($sessionResult['owner_type'], $sessionResult['owner_id']); + + $this->session = $session; + + // Set the client + $clientResult = $this->clientStorage->getClient($sessionResult['client_id']); + if ($clientResult === null) { + return false; + } + + $client = new Client(); + $client->setCredentials($clientResult['client_id'], $clientResult['client_secret']); + + $this->client = $client; + return true; } /** * Get the session scopes + * * @return array */ public function getScopes() { - return $this->sessionScopes; + return $this->accessToken->getScopes(); } /** - * Checks if the presented access token has the given scope(s). + * Checks if the presented access token has the given scope(s) * * @param array|string An array of scopes or a single scope as a string + * * @return bool Returns bool if all scopes are found, false if any fail */ public function hasScope($scopes) { if (is_string($scopes)) { - if (in_array($scopes, $this->sessionScopes)) { - return true; - } - return false; + return $this->accessToken->hasScope($scopes); } elseif (is_array($scopes)) { foreach ($scopes as $scope) { - if ( ! in_array($scope, $this->sessionScopes)) { + if (!$this->accessToken->hasScope($scope)) { return false; } } return true; } - - return false; } /** - * Reads in the access token from the headers. + * Reads in the access token from the headers * * @param $headersOnly Limit Access Token to Authorization header only + * * @throws Exception\MissingAccessTokenException Thrown if there is no access token presented + * * @return string */ public function determineAccessToken($headersOnly = false) { - if ($header = $this->getRequest()->header('Authorization')) { + if ($header = $this->getRequest()->headers->get('Authorization')) { // Check for special case, because cURL sometimes does an // internal second request and doubles the authorization header, // which always resulted in an error. @@ -261,8 +300,8 @@ class Resource } $accessToken = ($accessToken === 'Bearer') ? '' : $accessToken; } elseif ($headersOnly === false) { - $method = $this->getRequest()->server('REQUEST_METHOD'); - $accessToken = $this->getRequest()->{$method}($this->tokenKey); + $method = $this->getRequest()->server->get('REQUEST_METHOD'); + $accessToken = $this->getRequest()->request->get($this->tokenKey); } if (empty($accessToken)) { @@ -271,5 +310,4 @@ class Resource return $accessToken; } - }