mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-11-15 17:56:14 +05:30
Merge branch 'develop' into feature/clients
This commit is contained in:
commit
6d1702a15d
4
.gitattributes
vendored
Normal file
4
.gitattributes
vendored
Normal file
@ -0,0 +1,4 @@
|
||||
tests/ export-ignore
|
||||
phpunit.xml export-ignore
|
||||
build.xml export-ignore
|
||||
test export-ignore
|
@ -38,6 +38,10 @@ The resource server allows you to secure your API endpoints by checking for a va
|
||||
* Support for [JSON web tokens](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-json-web-token/).
|
||||
* Support for [SAML assertions](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-saml2-bearer/).
|
||||
|
||||
### Client support
|
||||
|
||||
* Merge in https://github.com/philsturgeon/codeigniter-oauth2
|
||||
|
||||
---
|
||||
|
||||
This code will be developed as part of the [Linkey](http://linkey.blogs.lincoln.ac.uk) project which has been funded by [JISC](http://jisc.ac.uk) under the Access and Identity Management programme.
|
@ -1,14 +1,14 @@
|
||||
{
|
||||
"name": "lncd/Oauth2",
|
||||
"description": "OAuth 2.0 Framework",
|
||||
"version": "0.2.1",
|
||||
"version": "0.2.3",
|
||||
"homepage": "https://github.com/lncd/OAuth2",
|
||||
"license": "MIT",
|
||||
"require": {
|
||||
"php": ">=5.3.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"EHER/PHPUnit": "*"
|
||||
"phpunit/phpunit": "*"
|
||||
},
|
||||
"repositories": [
|
||||
{
|
||||
@ -27,7 +27,7 @@
|
||||
"authors": [
|
||||
{
|
||||
"name": "Alex Bilbie",
|
||||
"email": "oauth2server@alexbilbie.com",
|
||||
"email": "oauth2@alexbilbie.com",
|
||||
"homepage": "http://www.httpster.org",
|
||||
"role": "Developer"
|
||||
}
|
||||
|
@ -2,17 +2,17 @@
|
||||
|
||||
namespace Oauth2\Authentication;
|
||||
|
||||
class OAuthServerClientException extends \Exception
|
||||
class ClientException extends \Exception
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
class OAuthServerUserException extends \Exception
|
||||
class UserException extends \Exception
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
class OAuthServerException extends \Exception
|
||||
class ServerException extends \Exception
|
||||
{
|
||||
|
||||
}
|
||||
@ -127,7 +127,7 @@ class Server
|
||||
// Client ID
|
||||
if ( ! isset($authParams['client_id']) && ! isset($_GET['client_id'])) {
|
||||
|
||||
throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0);
|
||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0);
|
||||
|
||||
} else {
|
||||
|
||||
@ -138,7 +138,7 @@ class Server
|
||||
// Redirect URI
|
||||
if ( ! isset($authParams['redirect_uri']) && ! isset($_GET['redirect_uri'])) {
|
||||
|
||||
throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'redirect_uri'), 0);
|
||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'redirect_uri'), 0);
|
||||
|
||||
} else {
|
||||
|
||||
@ -151,13 +151,13 @@ class Server
|
||||
|
||||
if ($clientDetails === false) {
|
||||
|
||||
throw new OAuthServerClientException($this->errors['invalid_client'], 8);
|
||||
throw new ClientException($this->errors['invalid_client'], 8);
|
||||
}
|
||||
|
||||
// Response type
|
||||
if ( ! isset($authParams['response_type']) && ! isset($_GET['response_type'])) {
|
||||
|
||||
throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'response_type'), 0);
|
||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'response_type'), 0);
|
||||
|
||||
} else {
|
||||
|
||||
@ -166,7 +166,7 @@ class Server
|
||||
// Ensure response type is one that is recognised
|
||||
if ( ! in_array($params['response_type'], $this->_responseTypes)) {
|
||||
|
||||
throw new OAuthServerClientException($this->errors['unsupported_response_type'], 3);
|
||||
throw new ClientException($this->errors['unsupported_response_type'], 3);
|
||||
|
||||
}
|
||||
}
|
||||
@ -189,7 +189,7 @@ class Server
|
||||
|
||||
if (count($scopes) === 0) {
|
||||
|
||||
throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'scope'), 0);
|
||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'scope'), 0);
|
||||
}
|
||||
|
||||
$params['scopes'] = array();
|
||||
@ -200,7 +200,7 @@ class Server
|
||||
|
||||
if ($scopeDetails === false) {
|
||||
|
||||
throw new OAuthServerClientException(sprintf($this->errors['invalid_scope'], $scope), 4);
|
||||
throw new ClientException(sprintf($this->errors['invalid_scope'], $scope), 4);
|
||||
|
||||
}
|
||||
|
||||
@ -325,7 +325,7 @@ class Server
|
||||
|
||||
if ( ! isset($authParams['grant_type']) && ! isset($_POST['grant_type'])) {
|
||||
|
||||
throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'grant_type'), 0);
|
||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'grant_type'), 0);
|
||||
|
||||
} else {
|
||||
|
||||
@ -334,7 +334,7 @@ class Server
|
||||
// Ensure grant type is one that is recognised
|
||||
if ( ! in_array($params['grant_type'], $this->_grantTypes)) {
|
||||
|
||||
throw new OAuthServerClientException($this->errors['unsupported_grant_type'], 7);
|
||||
throw new ClientException($this->errors['unsupported_grant_type'], 7);
|
||||
|
||||
}
|
||||
}
|
||||
@ -350,7 +350,7 @@ class Server
|
||||
case 'password': // Resource owner password credentials grant
|
||||
case 'client_credentials': // Client credentials grant
|
||||
default: // Unsupported
|
||||
throw new OAuthServerException($this->errors['server_error'] . 'Tried to process an unsuppported grant type.', 5);
|
||||
throw new ServerException($this->errors['server_error'] . 'Tried to process an unsuppported grant type.', 5);
|
||||
break;
|
||||
}
|
||||
}
|
||||
@ -370,7 +370,7 @@ class Server
|
||||
// Client ID
|
||||
if ( ! isset($authParams['client_id']) && ! isset($_POST['client_id'])) {
|
||||
|
||||
throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0);
|
||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0);
|
||||
|
||||
} else {
|
||||
|
||||
@ -381,7 +381,7 @@ class Server
|
||||
// Client secret
|
||||
if ( ! isset($authParams['client_secret']) && ! isset($_POST['client_secret'])) {
|
||||
|
||||
throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'client_secret'), 0);
|
||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'client_secret'), 0);
|
||||
|
||||
} else {
|
||||
|
||||
@ -392,7 +392,7 @@ class Server
|
||||
// Redirect URI
|
||||
if ( ! isset($authParams['redirect_uri']) && ! isset($_POST['redirect_uri'])) {
|
||||
|
||||
throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'redirect_uri'), 0);
|
||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'redirect_uri'), 0);
|
||||
|
||||
} else {
|
||||
|
||||
@ -409,13 +409,13 @@ class Server
|
||||
|
||||
if ($clientDetails === false) {
|
||||
|
||||
throw new OAuthServerClientException($this->errors['invalid_client'], 8);
|
||||
throw new ClientException($this->errors['invalid_client'], 8);
|
||||
}
|
||||
|
||||
// The authorization code
|
||||
if ( ! isset($authParams['code']) && ! isset($_POST['code'])) {
|
||||
|
||||
throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'code'), 0);
|
||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'code'), 0);
|
||||
|
||||
} else {
|
||||
|
||||
@ -433,7 +433,7 @@ class Server
|
||||
|
||||
if ( ! $session) {
|
||||
|
||||
throw new OAuthServerClientException(sprintf($this->errors['invalid_grant'], 'code'), 9);
|
||||
throw new ClientException(sprintf($this->errors['invalid_grant'], 'code'), 9);
|
||||
|
||||
} else {
|
||||
|
||||
@ -500,11 +500,11 @@ class Server
|
||||
private function _dbCall()
|
||||
{
|
||||
if ($this->_db === null) {
|
||||
throw new OAuthServerException('No registered database abstractor');
|
||||
throw new ServerException('No registered database abstractor');
|
||||
}
|
||||
|
||||
if ( ! $this->_db instanceof Database) {
|
||||
throw new OAuthServerException('Registered database abstractor is not an instance of Oauth2\Authentication\Database');
|
||||
throw new ServerException('Registered database abstractor is not an instance of Oauth2\Authentication\Database');
|
||||
}
|
||||
|
||||
$args = func_get_args();
|
||||
|
@ -2,7 +2,12 @@
|
||||
|
||||
namespace Oauth2\Resource;
|
||||
|
||||
class OAuthResourceServerException extends \Exception
|
||||
class ServerException extends \Exception
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
class ClientException extends \Exception
|
||||
{
|
||||
|
||||
}
|
||||
@ -56,7 +61,9 @@ class Server
|
||||
*/
|
||||
public $errors = array(
|
||||
'missing_access_token' => 'An access token was not presented with the request',
|
||||
'invalid_access_token' => 'The access token is not registered with the resource server'
|
||||
'invalid_access_token' => 'The access token is not registered with the resource server',
|
||||
'missing_access_token_details' => 'The registered database abstractor did not return a valid access token details response',
|
||||
'invalid_access_token_scopes' => 'The registered database abstractor did not return a valid access token scopes response',
|
||||
);
|
||||
|
||||
/**
|
||||
@ -150,21 +157,33 @@ class Server
|
||||
|
||||
if ($result === false) {
|
||||
|
||||
throw new OAuthResourceServerException($this->errors['invalid_access_token']);
|
||||
throw new ClientException($this->errors['invalid_access_token']);
|
||||
|
||||
} else {
|
||||
|
||||
if ( ! array_key_exists('id', $result) || ! array_key_exists('owner_id', $result) ||
|
||||
! array_key_exists('owner_type', $result)) {
|
||||
throw new ServerException($this->errors['missing_access_token_details']);
|
||||
}
|
||||
|
||||
$this->_accessToken = $accessToken;
|
||||
$this->_type = $result['owner_type'];
|
||||
$this->_typeId = $result['owner_id'];
|
||||
|
||||
// Get the scopes
|
||||
$this->_scopes = $this->_dbCall('sessionScopes', $result['id']);
|
||||
$scopes = $this->_dbCall('sessionScopes', $result['id']);
|
||||
|
||||
if ( ! is_array($scopes))
|
||||
{
|
||||
throw new ServerException($this->errors['invalid_access_token_scopes']);
|
||||
}
|
||||
|
||||
$this->_scopes = $scopes;
|
||||
}
|
||||
|
||||
} else {
|
||||
|
||||
throw new OAuthResourceServerException($this->errors['missing_access_token']);
|
||||
throw new ClientException($this->errors['missing_access_token']);
|
||||
|
||||
}
|
||||
}
|
||||
@ -211,11 +230,11 @@ class Server
|
||||
private function _dbCall()
|
||||
{
|
||||
if ($this->_db === null) {
|
||||
throw new OAuthResourceServerException('No registered database abstractor');
|
||||
throw new ServerException('No registered database abstractor');
|
||||
}
|
||||
|
||||
if ( ! $this->_db instanceof Database) {
|
||||
throw new OAuthResourceServerException('Registered database abstractor is not an instance of Oauth2\Resource\Database');
|
||||
throw new ServerException('The registered database abstractor is not an instance of Oauth2\Resource\Database');
|
||||
}
|
||||
|
||||
$args = func_get_args();
|
||||
|
@ -90,7 +90,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException Oauth2\Authentication\OAuthServerClientException
|
||||
* @expectedException Oauth2\Authentication\ClientException
|
||||
* @expectedExceptionCode 0
|
||||
*/
|
||||
function test_checkClientAuthoriseParams_missingClientId()
|
||||
@ -99,7 +99,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException Oauth2\Authentication\OAuthServerClientException
|
||||
* @expectedException Oauth2\Authentication\ClientException
|
||||
* @expectedExceptionCode 0
|
||||
*/
|
||||
function test_checkClientAuthoriseParams_missingRedirectUri()
|
||||
@ -110,7 +110,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException Oauth2\Authentication\OAuthServerClientException
|
||||
* @expectedException Oauth2\Authentication\ClientException
|
||||
* @expectedExceptionCode 0
|
||||
*/
|
||||
function test_checkClientAuthoriseParams_missingResponseType()
|
||||
@ -122,7 +122,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException Oauth2\Authentication\OAuthServerClientException
|
||||
* @expectedException Oauth2\Authentication\ClientException
|
||||
* @expectedExceptionCode 0
|
||||
*/
|
||||
function test_checkClientAuthoriseParams_missingScopes()
|
||||
@ -136,7 +136,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException Oauth2\Authentication\OAuthServerClientException
|
||||
* @expectedException Oauth2\Authentication\ClientException
|
||||
* @expectedExceptionCode 4
|
||||
*/
|
||||
function test_checkClientAuthoriseParams_invalidScopes()
|
||||
@ -247,7 +247,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException Oauth2\Authentication\OAuthServerClientException
|
||||
* @expectedException Oauth2\Authentication\ClientException
|
||||
* @expectedExceptionCode 0
|
||||
*/
|
||||
function test_issueAccessToken_missingGrantType()
|
||||
@ -256,7 +256,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException Oauth2\Authentication\OAuthServerClientException
|
||||
* @expectedException Oauth2\Authentication\ClientException
|
||||
* @expectedExceptionCode 7
|
||||
*/
|
||||
function test_issueAccessToken_unsupportedGrantType()
|
||||
@ -267,7 +267,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException Oauth2\Authentication\OAuthServerClientException
|
||||
* @expectedException Oauth2\Authentication\ClientException
|
||||
* @expectedExceptionCode 0
|
||||
*/
|
||||
function test_completeAuthCodeGrant_missingClientId()
|
||||
@ -280,7 +280,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException Oauth2\Authentication\OAuthServerClientException
|
||||
* @expectedException Oauth2\Authentication\ClientException
|
||||
* @expectedExceptionCode 0
|
||||
*/
|
||||
function test_completeAuthCodeGrant_missingClientSecret()
|
||||
@ -295,7 +295,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException Oauth2\Authentication\OAuthServerClientException
|
||||
* @expectedException Oauth2\Authentication\ClientException
|
||||
* @expectedExceptionCode 0
|
||||
*/
|
||||
function test_completeAuthCodeGrant_missingRedirectUri()
|
||||
@ -311,7 +311,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException Oauth2\Authentication\OAuthServerClientException
|
||||
* @expectedException Oauth2\Authentication\ClientException
|
||||
* @expectedExceptionCode 8
|
||||
*/
|
||||
function test_completeAuthCodeGrant_invalidClient()
|
||||
@ -328,7 +328,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException Oauth2\Authentication\OAuthServerClientException
|
||||
* @expectedException Oauth2\Authentication\ClientException
|
||||
* @expectedExceptionCode 0
|
||||
*/
|
||||
function test_completeAuthCodeGrant_missingCode()
|
||||
@ -345,7 +345,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException Oauth2\Authentication\OAuthServerClientException
|
||||
* @expectedException Oauth2\Authentication\ClientException
|
||||
* @expectedExceptionCode 9
|
||||
*/
|
||||
function test_completeAuthCodeGrant_invalidCode()
|
||||
@ -363,7 +363,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException Oauth2\Authentication\OAuthServerException
|
||||
* @expectedException Oauth2\Authentication\ServerException
|
||||
* @expectedExceptionMessage No registered database abstractor
|
||||
*/
|
||||
function test_noRegisteredDatabaseAbstractor()
|
||||
@ -380,7 +380,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException Oauth2\Authentication\OAuthServerException
|
||||
* @expectedException Oauth2\Authentication\ServerException
|
||||
* @expectedExceptionMessage Registered database abstractor is not an instance of Oauth2\Authentication\Database
|
||||
*/
|
||||
function test_invalidRegisteredDatabaseAbstractor()
|
||||
|
@ -72,7 +72,7 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase {
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException \Oauth2\Resource\OAuthResourceServerException
|
||||
* @expectedException \Oauth2\Resource\ClientException
|
||||
* @expectedExceptionMessage An access token was not presented with the request
|
||||
*/
|
||||
function test_init_missingToken()
|
||||
@ -81,7 +81,7 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase {
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException \Oauth2\Resource\OAuthResourceServerException
|
||||
* @expectedException \Oauth2\Resource\ClientException
|
||||
* @expectedExceptionMessage The access token is not registered with the resource server
|
||||
*/
|
||||
function test_init_wrongToken()
|
||||
|
Loading…
Reference in New Issue
Block a user