From accb80289f17708d32b5ede8e71020825712fc85 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 10 May 2013 16:50:13 -0700 Subject: [PATCH 01/20] Added associateAuthCodeScope() method --- .../OAuth2/Server/Storage/SessionInterface.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/League/OAuth2/Server/Storage/SessionInterface.php b/src/League/OAuth2/Server/Storage/SessionInterface.php index 30b0a6e1..521fe750 100644 --- a/src/League/OAuth2/Server/Storage/SessionInterface.php +++ b/src/League/OAuth2/Server/Storage/SessionInterface.php @@ -241,6 +241,19 @@ interface SessionInterface public function getAccessToken($accessTokenId); /** + * Associate scopes with an auth code (bound to the session) + * + * Example SQL query: + * + * + * INSERT INTO `oauth_session_authcode_scopes` (`session_id`, `scope_id`) VALUES (:sessionId, :scopeId) + * + * + * @param int $sessionId The session ID + * @param int $scopeId The scope ID + * @return void + */ + public function associateAuthCodeScope($sessionId, $scopeId); * Associate a scope with an access token * * Example SQL query: From 9372cc85d0526f1644a00c5657f937b70a56a075 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 10 May 2013 16:50:34 -0700 Subject: [PATCH 02/20] Added getAuthCodeScopes() method --- .../Server/Storage/SessionInterface.php | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/src/League/OAuth2/Server/Storage/SessionInterface.php b/src/League/OAuth2/Server/Storage/SessionInterface.php index 521fe750..36c335fe 100644 --- a/src/League/OAuth2/Server/Storage/SessionInterface.php +++ b/src/League/OAuth2/Server/Storage/SessionInterface.php @@ -254,6 +254,36 @@ interface SessionInterface * @return void */ public function associateAuthCodeScope($sessionId, $scopeId); + + /** + * Get the scopes associated with an auth code + * + * Example SQL query: + * + * + * SELECT scope_id FROM `oauth_session_authcode_scopes` WHERE session_id = :sessionId + * + * + * Expected response: + * + * + * array( + * array( + * 'scope_id' => (int) + * ), + * array( + * 'scope_id' => (int) + * ), + * ... + * ) + * + * + * @param int $sessionId The session ID + * @return array + */ + public function getAuthCodeScopes($sessionId); + + /** * Associate a scope with an access token * * Example SQL query: From aa8d38108fcdbd343fe111cf642d3483b570aa0b Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 10 May 2013 16:53:21 -0700 Subject: [PATCH 03/20] Associate scopes to auth codes in separate method. Creating an auth code now returns an ID --- src/League/OAuth2/Server/Grant/AuthCode.php | 14 ++++++-------- .../OAuth2/Server/Storage/SessionInterface.php | 9 ++++----- 2 files changed, 10 insertions(+), 13 deletions(-) diff --git a/src/League/OAuth2/Server/Grant/AuthCode.php b/src/League/OAuth2/Server/Grant/AuthCode.php index b8837099..50fdad82 100644 --- a/src/League/OAuth2/Server/Grant/AuthCode.php +++ b/src/League/OAuth2/Server/Grant/AuthCode.php @@ -193,13 +193,6 @@ class AuthCode implements GrantTypeInterface { // Remove any old sessions the user might have $this->authServer->getStorage('session')->deleteSession($authParams['client_id'], $type, $typeId); - // List of scopes IDs - $scopeIds = array(); - foreach ($authParams['scopes'] as $scope) - { - $scopeIds[] = $scope['id']; - } - // Create a new session $sessionId = $this->authServer->getStorage('session')->createSession($authParams['client_id'], $type, $typeId); @@ -207,7 +200,12 @@ class AuthCode implements GrantTypeInterface { $this->authServer->getStorage('session')->associateRedirectUri($sessionId, $authParams['redirect_uri']); // Associate the auth code - $this->authServer->getStorage('session')->associateAuthCode($sessionId, $authCode, time() + $this->authTokenTTL, implode(',', $scopeIds)); + $authCodeId = $this->authServer->getStorage('session')->associateAuthCode($sessionId, $authCode, time() + $this->authTokenTTL, implode(',', $scopeIds)); + + // Associate the scopes to the auth code + foreach ($authParams['scopes'] as $scope) { + $this->authServer->getStorage('session')->associateAuthCodeScope($authCodeId, $scope['id']); + } return $authCode; } diff --git a/src/League/OAuth2/Server/Storage/SessionInterface.php b/src/League/OAuth2/Server/Storage/SessionInterface.php index 36c335fe..af4e0e3a 100644 --- a/src/League/OAuth2/Server/Storage/SessionInterface.php +++ b/src/League/OAuth2/Server/Storage/SessionInterface.php @@ -102,17 +102,16 @@ interface SessionInterface * Example SQL query: * * - * INSERT INTO oauth_session_authcodes (session_id, auth_code, auth_code_expires, scope_ids) - * VALUE (:sessionId, :authCode, :authCodeExpires, :scopeIds) + * INSERT INTO oauth_session_authcodes (session_id, auth_code, auth_code_expires) + * VALUE (:sessionId, :authCode, :authCodeExpires) * * * @param int $sessionId The session ID * @param string $authCode The authorization code * @param int $expireTime Unix timestamp of the access token expiry time - * @param string $scopeIds Comma seperated list of scope IDs to be later associated (default = null) - * @return void + * @return int The auth code ID */ - public function associateAuthCode($sessionId, $authCode, $expireTime, $scopeIds = null); + public function associateAuthCode($sessionId, $authCode, $expireTime); /** * Remove an associated authorization token from a session From 51138f8738ac82c537da197e09c311f934259100 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 10 May 2013 16:53:52 -0700 Subject: [PATCH 04/20] Return the session_id for validateAuthCode instead of an array --- .../OAuth2/Server/Storage/SessionInterface.php | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/src/League/OAuth2/Server/Storage/SessionInterface.php b/src/League/OAuth2/Server/Storage/SessionInterface.php index af4e0e3a..cd328cbb 100644 --- a/src/League/OAuth2/Server/Storage/SessionInterface.php +++ b/src/League/OAuth2/Server/Storage/SessionInterface.php @@ -133,27 +133,18 @@ interface SessionInterface * Example SQL query: * * - * SELECT oauth_sessions.id, oauth_session_authcodes.scope_ids FROM oauth_sessions + * SELECT oauth_sessions.id FROM oauth_sessions * JOIN oauth_session_authcodes ON oauth_session_authcodes.`session_id` = oauth_sessions.id - * JOIN oauth_session_redirects ON oauth_session_redirects.`session_id` = oauth_sessions.id WHERE - * oauth_sessions.client_id = :clientId AND oauth_session_authcodes.`auth_code` = :authCode + * JOIN oauth_session_redirects ON oauth_session_redirects.`session_id` = oauth_sessions.id + * WHERE oauth_sessions.client_id = :clientId AND oauth_session_authcodes.`auth_code` = :authCode * AND `oauth_session_authcodes`.`auth_code_expires` >= :time AND * `oauth_session_redirects`.`redirect_uri` = :redirectUri * * - * Expected response: - * - * - * array( - * 'id' => (int), // the session ID - * 'scope_ids' => (string) - * ) - * - * * @param string $clientId The client ID * @param string $redirectUri The redirect URI * @param string $authCode The authorization code - * @return array|bool False if invalid or array as above + * @return int|bool False if invalid or the session ID */ public function validateAuthCode($clientId, $redirectUri, $authCode); From 410ad09b5c2415840c0b43da1f3d139aaa613fa3 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 10 May 2013 16:56:38 -0700 Subject: [PATCH 05/20] Updated PDO associateAuthCode --- src/League/OAuth2/Server/Storage/PDO/Session.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/League/OAuth2/Server/Storage/PDO/Session.php b/src/League/OAuth2/Server/Storage/PDO/Session.php index 311ce3f1..87716522 100644 --- a/src/League/OAuth2/Server/Storage/PDO/Session.php +++ b/src/League/OAuth2/Server/Storage/PDO/Session.php @@ -70,17 +70,18 @@ class Session implements SessionInterface $stmt->execute(); } - public function associateAuthCode($sessionId, $authCode, $expireTime, $scopeIds = null) + public function associateAuthCode($sessionId, $authCode, $expireTime) { $db = \ezcDbInstance::get(); - $stmt = $db->prepare('INSERT INTO oauth_session_authcodes (session_id, auth_code, auth_code_expires, scope_ids) - VALUE (:sessionId, :authCode, :authCodeExpires, :scopeIds)'); + $stmt = $db->prepare('INSERT INTO oauth_session_authcodes (session_id, auth_code, auth_code_expires) + VALUE (:sessionId, :authCode, :authCodeExpires)'); $stmt->bindValue(':sessionId', $sessionId); $stmt->bindValue(':authCode', $authCode); $stmt->bindValue(':authCodeExpires', $expireTime); - $stmt->bindValue(':scopeIds', $scopeIds); $stmt->execute(); + + return $db->lastInsertId(); } public function removeAuthCode($sessionId) From 591139f44d8ac150d95ea57e0395dfb4e75ab84a Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 10 May 2013 16:57:12 -0700 Subject: [PATCH 06/20] Added associateAuthCodeScope to PDO --- src/League/OAuth2/Server/Storage/PDO/Session.php | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/League/OAuth2/Server/Storage/PDO/Session.php b/src/League/OAuth2/Server/Storage/PDO/Session.php index 87716522..d03446d6 100644 --- a/src/League/OAuth2/Server/Storage/PDO/Session.php +++ b/src/League/OAuth2/Server/Storage/PDO/Session.php @@ -161,6 +161,16 @@ class Session implements SessionInterface return ($result === false) ? false : (array) $result; } + public function associateAuthCodeScope($sessionId, $scopeId) + { + $db = \ezcDbInstance::get(); + + $stmt = $db->prepare('INSERT INTO `oauth_session_authcode_scopes` (`session_id`, `scope_id`) VALUES (:sessionId, :scopeId)'); + $stmt->bindValue(':sessionId', $sessionId); + $stmt->bindValue(':scopeId', $scopeId); + $stmt->execute(); + } + public function associateScope($accessTokenId, $scopeId) { $db = \ezcDbInstance::get(); From c66c8092f98ae6dd6ea25b978a9cdad528efc657 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 10 May 2013 16:57:39 -0700 Subject: [PATCH 07/20] Revert "Return the session_id for validateAuthCode instead of an array" This reverts commit 51138f8738ac82c537da197e09c311f934259100. --- .../OAuth2/Server/Storage/SessionInterface.php | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/src/League/OAuth2/Server/Storage/SessionInterface.php b/src/League/OAuth2/Server/Storage/SessionInterface.php index cd328cbb..af4e0e3a 100644 --- a/src/League/OAuth2/Server/Storage/SessionInterface.php +++ b/src/League/OAuth2/Server/Storage/SessionInterface.php @@ -133,18 +133,27 @@ interface SessionInterface * Example SQL query: * * - * SELECT oauth_sessions.id FROM oauth_sessions + * SELECT oauth_sessions.id, oauth_session_authcodes.scope_ids FROM oauth_sessions * JOIN oauth_session_authcodes ON oauth_session_authcodes.`session_id` = oauth_sessions.id - * JOIN oauth_session_redirects ON oauth_session_redirects.`session_id` = oauth_sessions.id - * WHERE oauth_sessions.client_id = :clientId AND oauth_session_authcodes.`auth_code` = :authCode + * JOIN oauth_session_redirects ON oauth_session_redirects.`session_id` = oauth_sessions.id WHERE + * oauth_sessions.client_id = :clientId AND oauth_session_authcodes.`auth_code` = :authCode * AND `oauth_session_authcodes`.`auth_code_expires` >= :time AND * `oauth_session_redirects`.`redirect_uri` = :redirectUri * * + * Expected response: + * + * + * array( + * 'id' => (int), // the session ID + * 'scope_ids' => (string) + * ) + * + * * @param string $clientId The client ID * @param string $redirectUri The redirect URI * @param string $authCode The authorization code - * @return int|bool False if invalid or the session ID + * @return array|bool False if invalid or array as above */ public function validateAuthCode($clientId, $redirectUri, $authCode); From 8d06a7b685b2ad105ce8f88aac9e99369e98ddb8 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 10 May 2013 17:06:05 -0700 Subject: [PATCH 08/20] Updated getAuthCodeScopes() in SessionInterface --- src/League/OAuth2/Server/Storage/SessionInterface.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/League/OAuth2/Server/Storage/SessionInterface.php b/src/League/OAuth2/Server/Storage/SessionInterface.php index af4e0e3a..1cce0c5b 100644 --- a/src/League/OAuth2/Server/Storage/SessionInterface.php +++ b/src/League/OAuth2/Server/Storage/SessionInterface.php @@ -260,7 +260,7 @@ interface SessionInterface * Example SQL query: * * - * SELECT scope_id FROM `oauth_session_authcode_scopes` WHERE session_id = :sessionId + * SELECT scope_id FROM `oauth_session_authcode_scopes` WHERE oauth_session_authcode_id = :authCodeId * * * Expected response: @@ -277,10 +277,10 @@ interface SessionInterface * ) * * - * @param int $sessionId The session ID + * @param int $oauthSessionAuthCodeId The session ID * @return array */ - public function getAuthCodeScopes($sessionId); + public function getAuthCodeScopes($oauthSessionAuthCodeId); /** * Associate a scope with an access token From 11022e16ef1d3276a3754f7f5ae9b90e79e67343 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 10 May 2013 17:06:44 -0700 Subject: [PATCH 09/20] Updated validateAuthCode() in SessionInterface --- src/League/OAuth2/Server/Storage/SessionInterface.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/League/OAuth2/Server/Storage/SessionInterface.php b/src/League/OAuth2/Server/Storage/SessionInterface.php index 1cce0c5b..883e87c7 100644 --- a/src/League/OAuth2/Server/Storage/SessionInterface.php +++ b/src/League/OAuth2/Server/Storage/SessionInterface.php @@ -133,7 +133,7 @@ interface SessionInterface * Example SQL query: * * - * SELECT oauth_sessions.id, oauth_session_authcodes.scope_ids FROM oauth_sessions + * SELECT oauth_sessions.id AS session_id, oauth_session_authcodes.id AS authcode_id FROM oauth_sessions * JOIN oauth_session_authcodes ON oauth_session_authcodes.`session_id` = oauth_sessions.id * JOIN oauth_session_redirects ON oauth_session_redirects.`session_id` = oauth_sessions.id WHERE * oauth_sessions.client_id = :clientId AND oauth_session_authcodes.`auth_code` = :authCode @@ -145,8 +145,8 @@ interface SessionInterface * * * array( - * 'id' => (int), // the session ID - * 'scope_ids' => (string) + * 'session_id' => (int) + * 'authcode_id' => (int) * ) * * From 3ea3eb5ebd5851cd676caca97790220f3effb75d Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 10 May 2013 17:07:06 -0700 Subject: [PATCH 10/20] Implemented getAuthCodeScopes() in PDO Session --- src/League/OAuth2/Server/Storage/PDO/Session.php | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/League/OAuth2/Server/Storage/PDO/Session.php b/src/League/OAuth2/Server/Storage/PDO/Session.php index d03446d6..af0c6bec 100644 --- a/src/League/OAuth2/Server/Storage/PDO/Session.php +++ b/src/League/OAuth2/Server/Storage/PDO/Session.php @@ -171,6 +171,17 @@ class Session implements SessionInterface $stmt->execute(); } + public function getAuthCodeScopes($oauthSessionAuthCodeId) + { + $db = \ezcDbInstance::get(); + + $stmt = $db->prepare('SELECT scope_id FROM `oauth_session_authcode_scopes` WHERE oauth_session_authcode_id = :authCodeId'); + $stmt->bindValue(':authCodeId', $oauthSessionAuthCodeId); + $stmt->execute(); + + return $stmt->fetchAll(); + } + public function associateScope($accessTokenId, $scopeId) { $db = \ezcDbInstance::get(); From a01810d8fa7236d74a91c4938ea84bd024b266e3 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 10 May 2013 17:07:29 -0700 Subject: [PATCH 11/20] Updated validateAuthCode in PDO Session --- src/League/OAuth2/Server/Storage/PDO/Session.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/League/OAuth2/Server/Storage/PDO/Session.php b/src/League/OAuth2/Server/Storage/PDO/Session.php index af0c6bec..7ecdbff2 100644 --- a/src/League/OAuth2/Server/Storage/PDO/Session.php +++ b/src/League/OAuth2/Server/Storage/PDO/Session.php @@ -97,12 +97,12 @@ class Session implements SessionInterface { $db = \ezcDbInstance::get(); - $stmt = $db->prepare('SELECT oauth_sessions.id, oauth_session_authcodes.scope_ids FROM oauth_sessions JOIN - oauth_session_authcodes ON oauth_session_authcodes.`session_id` = oauth_sessions.id JOIN - oauth_session_redirects ON oauth_session_redirects.`session_id` = oauth_sessions.id WHERE - oauth_sessions.client_id = :clientId AND oauth_session_authcodes.`auth_code` = :authCode AND - `oauth_session_authcodes`.`auth_code_expires` >= :time AND `oauth_session_redirects`.`redirect_uri` - = :redirectUri'); + $stmt = $db->prepare('SELECT oauth_sessions.id AS session_id, oauth_session_authcodes.id AS authcode_id + FROM oauth_sessions JOIN oauth_session_authcodes ON oauth_session_authcodes.`session_id` + = oauth_sessions.id JOIN oauth_session_redirects ON oauth_session_redirects.`session_id` + = oauth_sessions.id WHERE oauth_sessions.client_id = :clientId AND oauth_session_authcodes.`auth_code` + = :authCode AND `oauth_session_authcodes`.`auth_code_expires` >= :time AND + `oauth_session_redirects`.`redirect_uri` = :redirectUri'); $stmt->bindValue(':clientId', $clientId); $stmt->bindValue(':redirectUri', $redirectUri); $stmt->bindValue(':authCode', $authCode); From 7373f312da626e6f3aae8359cbce020ac8c7343c Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 10 May 2013 17:08:10 -0700 Subject: [PATCH 12/20] Updated variable name --- src/League/OAuth2/Server/Grant/AuthCode.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/League/OAuth2/Server/Grant/AuthCode.php b/src/League/OAuth2/Server/Grant/AuthCode.php index 50fdad82..471c5a19 100644 --- a/src/League/OAuth2/Server/Grant/AuthCode.php +++ b/src/League/OAuth2/Server/Grant/AuthCode.php @@ -247,23 +247,24 @@ class AuthCode implements GrantTypeInterface { } // Verify the authorization code matches the client_id and the request_uri - $session = $this->authServer->getStorage('session')->validateAuthCode($authParams['client_id'], $authParams['redirect_uri'], $authParams['code']); + $authCodeDetails = $this->authServer->getStorage('session')->validateAuthCode($authParams['client_id'], $authParams['redirect_uri'], $authParams['code']); - if ( ! $session) { + if ( ! $authCodeDetails) { throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_grant'), 'code'), 9); } // A session ID was returned so update it with an access token and remove the authorisation code + // A session ID was returned so update it with an access token and remove the authorisation code $accessToken = SecureKey::make(); $accessTokenExpiresIn = ($this->accessTokenTTL !== null) ? $this->accessTokenTTL : $this->authServer->getAccessTokenTTL(); $accessTokenExpires = time() + $accessTokenExpiresIn; // Remove the auth code - $this->authServer->getStorage('session')->removeAuthCode($session['id']); + $this->authServer->getStorage('session')->removeAuthCode($authCodeDetails['session_id']); // Create an access token - $accessTokenId = $this->authServer->getStorage('session')->associateAccessToken($session['id'], $accessToken, $accessTokenExpires); + $accessTokenId = $this->authServer->getStorage('session')->associateAccessToken($authCodeDetails['session_id'], $accessToken, $accessTokenExpires); // Associate scopes with the access token if ( ! is_null($session['scope_ids'])) { From ba2dc90f3b334cba6b2026681288e4a5c46a5197 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 10 May 2013 17:08:20 -0700 Subject: [PATCH 13/20] Altered associateScope logic --- src/League/OAuth2/Server/Grant/AuthCode.php | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/src/League/OAuth2/Server/Grant/AuthCode.php b/src/League/OAuth2/Server/Grant/AuthCode.php index 471c5a19..b4d7cbde 100644 --- a/src/League/OAuth2/Server/Grant/AuthCode.php +++ b/src/League/OAuth2/Server/Grant/AuthCode.php @@ -253,7 +253,8 @@ class AuthCode implements GrantTypeInterface { throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_grant'), 'code'), 9); } - // A session ID was returned so update it with an access token and remove the authorisation code + // Get any associated scopes + $scopes = $this->authServer->getStorage('session')->getAuthCodeScopes($authCodeDetails['authcode_id']); // A session ID was returned so update it with an access token and remove the authorisation code $accessToken = SecureKey::make(); @@ -267,11 +268,9 @@ class AuthCode implements GrantTypeInterface { $accessTokenId = $this->authServer->getStorage('session')->associateAccessToken($authCodeDetails['session_id'], $accessToken, $accessTokenExpires); // Associate scopes with the access token - if ( ! is_null($session['scope_ids'])) { - $scopeIds = explode(',', $session['scope_ids']); - - foreach ($scopeIds as $scopeId) { - $this->authServer->getStorage('session')->associateScope($accessTokenId, $scopeId); + if (count($scopes) > 0) { + foreach ($scopes as $scope) { + $this->authServer->getStorage('session')->associateScope($accessTokenId, $scope['scope_id']); } } From c57c4b1b4f19cbc617f5d6bd812d02b70e7d127c Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 10 May 2013 17:19:53 -0700 Subject: [PATCH 14/20] Fixed key name --- sql/mysql.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sql/mysql.sql b/sql/mysql.sql index e66b2205..3d62612c 100644 --- a/sql/mysql.sql +++ b/sql/mysql.sql @@ -70,7 +70,7 @@ CREATE TABLE `oauth_scopes` ( `name` varchar(255) NOT NULL, `description` varchar(255) DEFAULT NULL, PRIMARY KEY (`id`), - UNIQUE KEY `u_oasc_sc` (`scope_key`) + UNIQUE KEY `u_oasc_sc` (`scope`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; CREATE TABLE `oauth_session_token_scopes` ( From 252afddbd33ad19e171011789dd3732c375230b0 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 10 May 2013 17:24:31 -0700 Subject: [PATCH 15/20] Updated oauth_session_authcodes table. Added id field, remove scope_ids field --- sql/mysql.sql | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/sql/mysql.sql b/sql/mysql.sql index 3d62612c..0d56e8c8 100644 --- a/sql/mysql.sql +++ b/sql/mysql.sql @@ -38,12 +38,11 @@ CREATE TABLE `oauth_session_access_tokens` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8; CREATE TABLE `oauth_session_authcodes` ( + `id` int(10) unsigned NOT NULL AUTO_INCREMENT, `session_id` int(10) unsigned NOT NULL, `auth_code` char(40) NOT NULL, `auth_code_expires` int(10) unsigned NOT NULL, - `scope_ids` char(255) DEFAULT NULL, - PRIMARY KEY (`session_id`), - CONSTRAINT `f_oaseau_seid` FOREIGN KEY (`session_id`) REFERENCES `oauth_sessions` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION + PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; CREATE TABLE `oauth_session_redirects` ( From ca599437f61c24d1fed0f3e54ff9a55408818397 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 10 May 2013 17:24:46 -0700 Subject: [PATCH 16/20] Added oauth_session_authcode_scopes --- sql/mysql.sql | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/sql/mysql.sql b/sql/mysql.sql index 0d56e8c8..b51a2c4b 100644 --- a/sql/mysql.sql +++ b/sql/mysql.sql @@ -81,4 +81,13 @@ CREATE TABLE `oauth_session_token_scopes` ( KEY `f_oasetosc_scid` (`scope_id`), CONSTRAINT `f_oasetosc_scid` FOREIGN KEY (`scope_id`) REFERENCES `oauth_scopes` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION, CONSTRAINT `f_oasetosc_setoid` FOREIGN KEY (`session_access_token_id`) REFERENCES `oauth_session_access_tokens` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +CREATE TABLE `oauth_session_authcode_scopes` ( + `oauth_session_authcode_id` int(10) unsigned NOT NULL, + `scope_id` smallint(5) unsigned NOT NULL, + KEY `oauth_session_authcode_id` (`oauth_session_authcode_id`), + KEY `scope_id` (`scope_id`), + CONSTRAINT `oauth_session_authcode_scopes_ibfk_2` FOREIGN KEY (`scope_id`) REFERENCES `oauth_scopes` (`id`) ON DELETE CASCADE, + CONSTRAINT `oauth_session_authcode_scopes_ibfk_1` FOREIGN KEY (`oauth_session_authcode_id`) REFERENCES `oauth_session_authcodes` (`id`) ON DELETE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=utf8; \ No newline at end of file From d531a37412839afa140ea777037851bf7d986a84 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 10 May 2013 17:26:23 -0700 Subject: [PATCH 17/20] Don't add scope IDs --- src/League/OAuth2/Server/Grant/AuthCode.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/League/OAuth2/Server/Grant/AuthCode.php b/src/League/OAuth2/Server/Grant/AuthCode.php index b4d7cbde..70447a41 100644 --- a/src/League/OAuth2/Server/Grant/AuthCode.php +++ b/src/League/OAuth2/Server/Grant/AuthCode.php @@ -200,7 +200,7 @@ class AuthCode implements GrantTypeInterface { $this->authServer->getStorage('session')->associateRedirectUri($sessionId, $authParams['redirect_uri']); // Associate the auth code - $authCodeId = $this->authServer->getStorage('session')->associateAuthCode($sessionId, $authCode, time() + $this->authTokenTTL, implode(',', $scopeIds)); + $authCodeId = $this->authServer->getStorage('session')->associateAuthCode($sessionId, $authCode, time() + $this->authTokenTTL); // Associate the scopes to the auth code foreach ($authParams['scopes'] as $scope) { From ef4a138237a0f3cb7a2f7be697597771ed3f2233 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 10 May 2013 17:29:28 -0700 Subject: [PATCH 18/20] Fixed associateAuthCodeScope() query --- src/League/OAuth2/Server/Storage/PDO/Session.php | 6 +++--- src/League/OAuth2/Server/Storage/SessionInterface.php | 9 +++++---- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/src/League/OAuth2/Server/Storage/PDO/Session.php b/src/League/OAuth2/Server/Storage/PDO/Session.php index 7ecdbff2..abde8b2b 100644 --- a/src/League/OAuth2/Server/Storage/PDO/Session.php +++ b/src/League/OAuth2/Server/Storage/PDO/Session.php @@ -161,12 +161,12 @@ class Session implements SessionInterface return ($result === false) ? false : (array) $result; } - public function associateAuthCodeScope($sessionId, $scopeId) + public function associateAuthCodeScope($authCodeId, $scopeId) { $db = \ezcDbInstance::get(); - $stmt = $db->prepare('INSERT INTO `oauth_session_authcode_scopes` (`session_id`, `scope_id`) VALUES (:sessionId, :scopeId)'); - $stmt->bindValue(':sessionId', $sessionId); + $stmt = $db->prepare('INSERT INTO `oauth_session_authcode_scopes` (`oauth_session_authcode_id`, `scope_id`) VALUES (:authCodeId, :scopeId)'); + $stmt->bindValue(':authCodeId', $authCodeId); $stmt->bindValue(':scopeId', $scopeId); $stmt->execute(); } diff --git a/src/League/OAuth2/Server/Storage/SessionInterface.php b/src/League/OAuth2/Server/Storage/SessionInterface.php index 883e87c7..08cd4c53 100644 --- a/src/League/OAuth2/Server/Storage/SessionInterface.php +++ b/src/League/OAuth2/Server/Storage/SessionInterface.php @@ -245,14 +245,15 @@ interface SessionInterface * Example SQL query: * * - * INSERT INTO `oauth_session_authcode_scopes` (`session_id`, `scope_id`) VALUES (:sessionId, :scopeId) + * INSERT INTO `oauth_session_authcode_scopes` (`oauth_session_authcode_id`, `scope_id`) VALUES + * (:authCodeId, :scopeId) * * - * @param int $sessionId The session ID - * @param int $scopeId The scope ID + * @param int $authCodeId The auth code ID + * @param int $scopeId The scope ID * @return void */ - public function associateAuthCodeScope($sessionId, $scopeId); + public function associateAuthCodeScope($authCodeId, $scopeId); /** * Get the scopes associated with an auth code From 86fb02d218946b0aa7b319086a8ed146308f05b4 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 10 May 2013 17:32:39 -0700 Subject: [PATCH 19/20] Added cascading relationship between oauth_sessions_authcodes and oauth_sessions --- sql/mysql.sql | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sql/mysql.sql b/sql/mysql.sql index b51a2c4b..552b5e02 100644 --- a/sql/mysql.sql +++ b/sql/mysql.sql @@ -42,7 +42,9 @@ CREATE TABLE `oauth_session_authcodes` ( `session_id` int(10) unsigned NOT NULL, `auth_code` char(40) NOT NULL, `auth_code_expires` int(10) unsigned NOT NULL, - PRIMARY KEY (`id`) + PRIMARY KEY (`id`), + KEY `session_id` (`session_id`), + CONSTRAINT `oauth_session_authcodes_ibfk_1` FOREIGN KEY (`session_id`) REFERENCES `oauth_sessions` (`id`) ON DELETE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=utf8; CREATE TABLE `oauth_session_redirects` ( From f5251a6080d3fa9ed3127d66803fac3bcf60ed27 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 10 May 2013 17:39:29 -0700 Subject: [PATCH 20/20] Updated sessions --- tests/authorization/AuthCodeGrantTest.php | 3 ++- tests/authorization/AuthServerTest.php | 11 +++++++++-- tests/authorization/RefreshTokenTest.php | 2 ++ 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/tests/authorization/AuthCodeGrantTest.php b/tests/authorization/AuthCodeGrantTest.php index 7cec3ded..ee6a5af9 100644 --- a/tests/authorization/AuthCodeGrantTest.php +++ b/tests/authorization/AuthCodeGrantTest.php @@ -376,7 +376,8 @@ class Auth_Code_Grant_Test extends PHPUnit_Framework_TestCase $this->session->shouldReceive('createSession')->andReturn(1); $this->session->shouldReceive('associateScope')->andReturn(null); $this->session->shouldReceive('associateRedirectUri')->andReturn(null); - $this->session->shouldReceive('associateAuthCode')->andReturn(null); + $this->session->shouldReceive('associateAuthCode')->andReturn(1); + $this->session->shouldReceive('associateAuthCodeScope')->andReturn(null); $a = $this->returnDefault(); $g = new League\OAuth2\Server\Grant\AuthCode($a); diff --git a/tests/authorization/AuthServerTest.php b/tests/authorization/AuthServerTest.php index baf0af00..f4bd2db4 100644 --- a/tests/authorization/AuthServerTest.php +++ b/tests/authorization/AuthServerTest.php @@ -358,13 +358,14 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase )); $this->session->shouldReceive('validateAuthCode')->andReturn(array( - 'id' => 1, - 'scope_ids' => '1' + 'session_id' => 1, + 'authcode_id' => 1 )); $this->session->shouldReceive('updateSession')->andReturn(null); $this->session->shouldReceive('removeAuthCode')->andReturn(null); $this->session->shouldReceive('associateAccessToken')->andReturn(1); $this->session->shouldReceive('associateScope')->andReturn(null); + $this->session->shouldReceive('getAuthCodeScopes')->andReturn(array('scope_id' => 1)); $a = $this->returnDefault(); $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a)); @@ -399,6 +400,8 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase $this->session->shouldReceive('updateSession')->andReturn(null); $this->session->shouldReceive('removeAuthCode')->andReturn(null); $this->session->shouldReceive('associateAccessToken')->andReturn(1); + $this->session->shouldReceive('getAuthCodeScopes')->andReturn(array('scope_id' => 1)); + $this->session->shouldReceive('associateScope')->andReturn(null); $a = $this->returnDefault(); $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a)); @@ -436,6 +439,8 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase $this->session->shouldReceive('updateSession')->andReturn(null); $this->session->shouldReceive('removeAuthCode')->andReturn(null); $this->session->shouldReceive('associateAccessToken')->andReturn(1); + $this->session->shouldReceive('getAuthCodeScopes')->andReturn(array('scope_id' => 1)); + $this->session->shouldReceive('associateScope')->andReturn(null); $a = $this->returnDefault(); $grant = new League\OAuth2\Server\Grant\AuthCode($a); @@ -477,6 +482,8 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase $this->session->shouldReceive('updateSession')->andReturn(null); $this->session->shouldReceive('removeAuthCode')->andReturn(null); $this->session->shouldReceive('associateAccessToken')->andReturn(1); + $this->session->shouldReceive('getAuthCodeScopes')->andReturn(array('scope_id' => 1)); + $this->session->shouldReceive('associateScope')->andReturn(null); $a = $this->returnDefault(); $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a)); diff --git a/tests/authorization/RefreshTokenTest.php b/tests/authorization/RefreshTokenTest.php index 12dad385..f4882454 100644 --- a/tests/authorization/RefreshTokenTest.php +++ b/tests/authorization/RefreshTokenTest.php @@ -42,6 +42,8 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase $this->session->shouldReceive('removeAuthCode')->andReturn(null); $this->session->shouldReceive('associateAccessToken')->andReturn(1); $this->session->shouldReceive('associateRefreshToken')->andReturn(1); + $this->session->shouldReceive('associateScope')->andReturn(null); + $this->session->shouldReceive('getAuthCodeScopes')->andReturn(array('scope_id' => 1)); $a = $this->returnDefault(); $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));