From bdbf9072f6ef15bf06f4045a2f458621768b2cb0 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 7 Sep 2012 12:59:41 +0200 Subject: [PATCH 1/9] Update README.md --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index a1f48c37..eb16e602 100644 --- a/README.md +++ b/README.md @@ -38,6 +38,10 @@ The resource server allows you to secure your API endpoints by checking for a va * Support for [JSON web tokens](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-json-web-token/). * Support for [SAML assertions](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-saml2-bearer/). +### Client support + +* Merge in https://github.com/philsturgeon/codeigniter-oauth2 + --- This code will be developed as part of the [Linkey](http://linkey.blogs.lincoln.ac.uk) project which has been funded by [JISC](http://jisc.ac.uk) under the Access and Identity Management programme. \ No newline at end of file From 3f3b987fb1747b82d18a93321fafb41b7364c196 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 19 Sep 2012 19:27:04 +0100 Subject: [PATCH 2/9] Check responses from the database are valid --- src/Oauth2/Resource/Server.php | 33 ++++++++++++++++++++++++++------- 1 file changed, 26 insertions(+), 7 deletions(-) diff --git a/src/Oauth2/Resource/Server.php b/src/Oauth2/Resource/Server.php index 0ec835a5..7b9841df 100644 --- a/src/Oauth2/Resource/Server.php +++ b/src/Oauth2/Resource/Server.php @@ -2,7 +2,12 @@ namespace Oauth2\Resource; -class OAuthResourceServerException extends \Exception +class ServerException extends \Exception +{ + +} + +class ClientException extends \Exception { } @@ -56,7 +61,9 @@ class Server */ public $errors = array( 'missing_access_token' => 'An access token was not presented with the request', - 'invalid_access_token' => 'The access token is not registered with the resource server' + 'invalid_access_token' => 'The access token is not registered with the resource server', + 'missing_access_token_details' => 'The registered database abstractor did not return a valid access token details response', + 'invalid_access_token_scopes' => 'The registered database abstractor did not return a valid access token scopes response', ); /** @@ -147,21 +154,33 @@ class Server if ($result === false) { - throw new OAuthResourceServerException($this->errors['invalid_access_token']); + throw new ClientException($this->errors['invalid_access_token']); } else { + if ( ! array_key_exists('id', $result) || ! array_key_exists('owner_id', $result) || + ! array_key_exists('owner_type', $result)) { + throw new ServerException($this->errors['missing_access_token_details']); + } + $this->_accessToken = $accessToken; $this->_type = $result['owner_type']; $this->_typeId = $result['owner_id']; // Get the scopes - $this->_scopes = $this->_dbCall('sessionScopes', $result['id']); + $scopes = $this->_dbCall('sessionScopes', $result['id']); + + if ( ! is_array($scopes)) + { + throw new ServerException($this->errors['invalid_access_token_scopes']); + } + + $this->_scopes = $scopes; } } else { - throw new OAuthResourceServerException($this->errors['missing_access_token']); + throw new ClientException($this->errors['missing_access_token']); } } @@ -208,11 +227,11 @@ class Server private function _dbCall() { if ($this->_db === null) { - throw new OAuthResourceServerException('No registered database abstractor'); + throw new ServerException('No registered database abstractor'); } if ( ! $this->_db instanceof Database) { - throw new OAuthResourceServerException('Registered database abstractor is not an instance of Oauth2\Resource\Database'); + throw new ServerException('The registered database abstractor is not an instance of Oauth2\Resource\Database'); } $args = func_get_args(); From 6ea2f6480d0c71060a6765b9eb87cf211b9d5267 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 19 Sep 2012 19:29:14 +0100 Subject: [PATCH 3/9] version number bump --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 353aa1d8..5d8aa30d 100644 --- a/composer.json +++ b/composer.json @@ -1,7 +1,7 @@ { "name": "lncd/Oauth2", "description": "OAuth 2.0 Framework", - "version": "0.2", + "version": "0.2.2", "homepage": "https://github.com/lncd/OAuth2", "license": "MIT", "require": { From 9844613b2d969fe70ecafa91e729015569c0e384 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 19 Sep 2012 19:34:05 +0100 Subject: [PATCH 4/9] Fixed test checks Signed-off-by: Alex Bilbie --- tests/resource/server_test.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/resource/server_test.php b/tests/resource/server_test.php index fdb35be4..7feb4389 100644 --- a/tests/resource/server_test.php +++ b/tests/resource/server_test.php @@ -72,7 +72,7 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase { } /** - * @expectedException \Oauth2\Resource\OAuthResourceServerException + * @expectedException \Oauth2\Resource\ClientException * @expectedExceptionMessage An access token was not presented with the request */ function test_init_missingToken() @@ -81,7 +81,7 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase { } /** - * @expectedException \Oauth2\Resource\OAuthResourceServerException + * @expectedException \Oauth2\Resource\ClientException * @expectedExceptionMessage The access token is not registered with the resource server */ function test_init_wrongToken() From 1440a5e46cad0ae1eedd76a76b1ae84c02f9b653 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 19 Sep 2012 19:48:32 +0100 Subject: [PATCH 5/9] Added a .gitattributes file Signed-off-by: Alex Bilbie --- .gitattributes | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 .gitattributes diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 00000000..2bed4430 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,4 @@ +tests/ export-ignore +phpunit.xml export-ignore +build.xml export-ignore +test export-ignore \ No newline at end of file From 3c2720ece43907ab8c607a2c74d2e3308195f3ae Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 19 Sep 2012 19:52:52 +0100 Subject: [PATCH 6/9] Renamed exceptions Signed-off-by: Alex Bilbie --- src/Oauth2/Authentication/Server.php | 42 ++++++++++++++-------------- tests/authentication/server_test.php | 30 ++++++++++---------- 2 files changed, 36 insertions(+), 36 deletions(-) diff --git a/src/Oauth2/Authentication/Server.php b/src/Oauth2/Authentication/Server.php index ef65d9f8..1051bd85 100644 --- a/src/Oauth2/Authentication/Server.php +++ b/src/Oauth2/Authentication/Server.php @@ -2,17 +2,17 @@ namespace Oauth2\Authentication; -class OAuthServerClientException extends \Exception +class ClientException extends \Exception { } -class OAuthServerUserException extends \Exception +class UserException extends \Exception { } -class OAuthServerException extends \Exception +class ServerException extends \Exception { } @@ -127,7 +127,7 @@ class Server // Client ID if ( ! isset($authParams['client_id']) && ! isset($_GET['client_id'])) { - throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0); + throw new ClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0); } else { @@ -138,7 +138,7 @@ class Server // Redirect URI if ( ! isset($authParams['redirect_uri']) && ! isset($_GET['redirect_uri'])) { - throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'redirect_uri'), 0); + throw new ClientException(sprintf($this->errors['invalid_request'], 'redirect_uri'), 0); } else { @@ -151,13 +151,13 @@ class Server if ($clientDetails === false) { - throw new OAuthServerClientException($this->errors['invalid_client'], 8); + throw new ClientException($this->errors['invalid_client'], 8); } // Response type if ( ! isset($authParams['response_type']) && ! isset($_GET['response_type'])) { - throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'response_type'), 0); + throw new ClientException(sprintf($this->errors['invalid_request'], 'response_type'), 0); } else { @@ -166,7 +166,7 @@ class Server // Ensure response type is one that is recognised if ( ! in_array($params['response_type'], $this->_responseTypes)) { - throw new OAuthServerClientException($this->errors['unsupported_response_type'], 3); + throw new ClientException($this->errors['unsupported_response_type'], 3); } } @@ -189,7 +189,7 @@ class Server if (count($scopes) === 0) { - throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'scope'), 0); + throw new ClientException(sprintf($this->errors['invalid_request'], 'scope'), 0); } $params['scopes'] = array(); @@ -200,7 +200,7 @@ class Server if ($scopeDetails === false) { - throw new OAuthServerClientException(sprintf($this->errors['invalid_scope'], $scope), 4); + throw new ClientException(sprintf($this->errors['invalid_scope'], $scope), 4); } @@ -325,7 +325,7 @@ class Server if ( ! isset($authParams['grant_type']) && ! isset($_POST['grant_type'])) { - throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'grant_type'), 0); + throw new ClientException(sprintf($this->errors['invalid_request'], 'grant_type'), 0); } else { @@ -334,7 +334,7 @@ class Server // Ensure grant type is one that is recognised if ( ! in_array($params['grant_type'], $this->_grantTypes)) { - throw new OAuthServerClientException($this->errors['unsupported_grant_type'], 7); + throw new ClientException($this->errors['unsupported_grant_type'], 7); } } @@ -350,7 +350,7 @@ class Server case 'password': // Resource owner password credentials grant case 'client_credentials': // Client credentials grant default: // Unsupported - throw new OAuthServerException($this->errors['server_error'] . 'Tried to process an unsuppported grant type.', 5); + throw new ServerException($this->errors['server_error'] . 'Tried to process an unsuppported grant type.', 5); break; } } @@ -370,7 +370,7 @@ class Server // Client ID if ( ! isset($authParams['client_id']) && ! isset($_POST['client_id'])) { - throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0); + throw new ClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0); } else { @@ -381,7 +381,7 @@ class Server // Client secret if ( ! isset($authParams['client_secret']) && ! isset($_POST['client_secret'])) { - throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'client_secret'), 0); + throw new ClientException(sprintf($this->errors['invalid_request'], 'client_secret'), 0); } else { @@ -392,7 +392,7 @@ class Server // Redirect URI if ( ! isset($authParams['redirect_uri']) && ! isset($_POST['redirect_uri'])) { - throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'redirect_uri'), 0); + throw new ClientException(sprintf($this->errors['invalid_request'], 'redirect_uri'), 0); } else { @@ -409,13 +409,13 @@ class Server if ($clientDetails === false) { - throw new OAuthServerClientException($this->errors['invalid_client'], 8); + throw new ClientException($this->errors['invalid_client'], 8); } // The authorization code if ( ! isset($authParams['code']) && ! isset($_POST['code'])) { - throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'code'), 0); + throw new ClientException(sprintf($this->errors['invalid_request'], 'code'), 0); } else { @@ -433,7 +433,7 @@ class Server if ( ! $session) { - throw new OAuthServerClientException(sprintf($this->errors['invalid_grant'], 'code'), 9); + throw new ClientException(sprintf($this->errors['invalid_grant'], 'code'), 9); } else { @@ -500,11 +500,11 @@ class Server private function _dbCall() { if ($this->_db === null) { - throw new OAuthServerException('No registered database abstractor'); + throw new ServerException('No registered database abstractor'); } if ( ! $this->_db instanceof Database) { - throw new OAuthServerException('Registered database abstractor is not an instance of Oauth2\Authentication\Database'); + throw new ServerException('Registered database abstractor is not an instance of Oauth2\Authentication\Database'); } $args = func_get_args(); diff --git a/tests/authentication/server_test.php b/tests/authentication/server_test.php index 9d0ee045..7af8651e 100644 --- a/tests/authentication/server_test.php +++ b/tests/authentication/server_test.php @@ -90,7 +90,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase { } /** - * @expectedException Oauth2\Authentication\OAuthServerClientException + * @expectedException Oauth2\Authentication\ClientException * @expectedExceptionCode 0 */ function test_checkClientAuthoriseParams_missingClientId() @@ -99,7 +99,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase { } /** - * @expectedException Oauth2\Authentication\OAuthServerClientException + * @expectedException Oauth2\Authentication\ClientException * @expectedExceptionCode 0 */ function test_checkClientAuthoriseParams_missingRedirectUri() @@ -110,7 +110,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase { } /** - * @expectedException Oauth2\Authentication\OAuthServerClientException + * @expectedException Oauth2\Authentication\ClientException * @expectedExceptionCode 0 */ function test_checkClientAuthoriseParams_missingResponseType() @@ -122,7 +122,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase { } /** - * @expectedException Oauth2\Authentication\OAuthServerClientException + * @expectedException Oauth2\Authentication\ClientException * @expectedExceptionCode 0 */ function test_checkClientAuthoriseParams_missingScopes() @@ -136,7 +136,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase { } /** - * @expectedException Oauth2\Authentication\OAuthServerClientException + * @expectedException Oauth2\Authentication\ClientException * @expectedExceptionCode 4 */ function test_checkClientAuthoriseParams_invalidScopes() @@ -247,7 +247,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase { } /** - * @expectedException Oauth2\Authentication\OAuthServerClientException + * @expectedException Oauth2\Authentication\ClientException * @expectedExceptionCode 0 */ function test_issueAccessToken_missingGrantType() @@ -256,7 +256,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase { } /** - * @expectedException Oauth2\Authentication\OAuthServerClientException + * @expectedException Oauth2\Authentication\ClientException * @expectedExceptionCode 7 */ function test_issueAccessToken_unsupportedGrantType() @@ -267,7 +267,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase { } /** - * @expectedException Oauth2\Authentication\OAuthServerClientException + * @expectedException Oauth2\Authentication\ClientException * @expectedExceptionCode 0 */ function test_completeAuthCodeGrant_missingClientId() @@ -280,7 +280,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase { } /** - * @expectedException Oauth2\Authentication\OAuthServerClientException + * @expectedException Oauth2\Authentication\ClientException * @expectedExceptionCode 0 */ function test_completeAuthCodeGrant_missingClientSecret() @@ -295,7 +295,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase { } /** - * @expectedException Oauth2\Authentication\OAuthServerClientException + * @expectedException Oauth2\Authentication\ClientException * @expectedExceptionCode 0 */ function test_completeAuthCodeGrant_missingRedirectUri() @@ -311,7 +311,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase { } /** - * @expectedException Oauth2\Authentication\OAuthServerClientException + * @expectedException Oauth2\Authentication\ClientException * @expectedExceptionCode 8 */ function test_completeAuthCodeGrant_invalidClient() @@ -328,7 +328,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase { } /** - * @expectedException Oauth2\Authentication\OAuthServerClientException + * @expectedException Oauth2\Authentication\ClientException * @expectedExceptionCode 0 */ function test_completeAuthCodeGrant_missingCode() @@ -345,7 +345,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase { } /** - * @expectedException Oauth2\Authentication\OAuthServerClientException + * @expectedException Oauth2\Authentication\ClientException * @expectedExceptionCode 9 */ function test_completeAuthCodeGrant_invalidCode() @@ -363,7 +363,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase { } /** - * @expectedException Oauth2\Authentication\OAuthServerException + * @expectedException Oauth2\Authentication\ServerException * @expectedExceptionMessage No registered database abstractor */ function test_noRegisteredDatabaseAbstractor() @@ -380,7 +380,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase { } /** - * @expectedException Oauth2\Authentication\OAuthServerException + * @expectedException Oauth2\Authentication\ServerException * @expectedExceptionMessage Registered database abstractor is not an instance of Oauth2\Authentication\Database */ function test_invalidRegisteredDatabaseAbstractor() From 7e009a2d02e0eae9364b24adde5df2d391755495 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 19 Sep 2012 19:54:11 +0100 Subject: [PATCH 7/9] Version number bump + email change Signed-off-by: Alex Bilbie --- composer.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/composer.json b/composer.json index 5d8aa30d..6c6ef26b 100644 --- a/composer.json +++ b/composer.json @@ -1,7 +1,7 @@ { "name": "lncd/Oauth2", "description": "OAuth 2.0 Framework", - "version": "0.2.2", + "version": "0.2.3", "homepage": "https://github.com/lncd/OAuth2", "license": "MIT", "require": { @@ -27,7 +27,7 @@ "authors": [ { "name": "Alex Bilbie", - "email": "oauth2server@alexbilbie.com", + "email": "oauth2@alexbilbie.com", "homepage": "http://www.httpster.org", "role": "Developer" } From 7d50b8e812887bc88b1bb1bf4a97e485d4482bb8 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 19 Sep 2012 19:59:00 +0100 Subject: [PATCH 8/9] Moved SQL files Signed-off-by: Alex Bilbie --- {src/sql => sql}/database.sql | 0 {src/sql => sql}/index.html | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename {src/sql => sql}/database.sql (100%) rename {src/sql => sql}/index.html (100%) diff --git a/src/sql/database.sql b/sql/database.sql similarity index 100% rename from src/sql/database.sql rename to sql/database.sql diff --git a/src/sql/index.html b/sql/index.html similarity index 100% rename from src/sql/index.html rename to sql/index.html From 500640c56cd58edb912fb5891e403bbcea5096a6 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 19 Sep 2012 22:04:18 +0100 Subject: [PATCH 9/9] phpunit/phpunit is now officially composer compatible Signed-off-by: Alex Bilbie --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 6c6ef26b..0257cf95 100644 --- a/composer.json +++ b/composer.json @@ -8,7 +8,7 @@ "php": ">=5.3.0" }, "require-dev": { - "EHER/PHPUnit": "*" + "phpunit/phpunit": "*" }, "repositories": [ {