mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-12-16 02:08:56 +05:30
Merge branch 'feature/grants' into develop
This commit is contained in:
commit
7279c8675b
7
.travis.yml
Normal file
7
.travis.yml
Normal file
@ -0,0 +1,7 @@
|
||||
language: php
|
||||
|
||||
php:
|
||||
- 5.3
|
||||
- 5.4
|
||||
|
||||
script: phpunit --coverage-text --configuration build/phpunit.xml
|
@ -13,6 +13,7 @@
|
||||
<directory suffix=".php">PEAR_INSTALL_DIR</directory>
|
||||
<directory suffix=".php">PHP_LIBDIR</directory>
|
||||
<directory suffix=".php">../vendor/composer</directory>
|
||||
<directory suffix=".php">../tests</directory>
|
||||
</blacklist>
|
||||
</filter>
|
||||
<logging>
|
||||
|
@ -21,11 +21,12 @@ CREATE TABLE `client_endpoints` (
|
||||
CREATE TABLE `oauth_sessions` (
|
||||
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
|
||||
`client_id` varchar(40) NOT NULL DEFAULT '',
|
||||
`redirect_uri` varchar(250) NOT NULL DEFAULT '',
|
||||
`redirect_uri` varchar(250) DEFAULT '',
|
||||
`owner_type` enum('user','client') NOT NULL DEFAULT 'user',
|
||||
`owner_id` varchar(255) DEFAULT NULL,
|
||||
`auth_code` varchar(40) DEFAULT '',
|
||||
`access_token` varchar(40) DEFAULT '',
|
||||
`refresh_token` varchar(40) NOT NULL,
|
||||
`access_token_expires` int(10) DEFAULT NULL,
|
||||
`stage` enum('requested','granted') NOT NULL DEFAULT 'requested',
|
||||
`first_requested` int(10) unsigned NOT NULL,
|
||||
@ -56,4 +57,4 @@ CREATE TABLE `oauth_session_scopes` (
|
||||
KEY `scope` (`scope`),
|
||||
CONSTRAINT `oauth_session_scopes_ibfk_3` FOREIGN KEY (`scope`) REFERENCES `scopes` (`scope`) ON DELETE CASCADE ON UPDATE CASCADE,
|
||||
CONSTRAINT `oauth_session_scopes_ibfk_4` FOREIGN KEY (`session_id`) REFERENCES `oauth_sessions` (`id`) ON DELETE CASCADE
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||
|
@ -56,18 +56,19 @@ interface Database
|
||||
*
|
||||
* <code>
|
||||
* INSERT INTO oauth_sessions (client_id, redirect_uri, owner_type,
|
||||
* owner_id, auth_code, access_token, stage, first_requested, last_updated)
|
||||
* VALUES ($clientId, $redirectUri, $type, $typeId, $authCode,
|
||||
* $accessToken, $stage, UNIX_TIMESTAMP(NOW()), UNIX_TIMESTAMP(NOW()))
|
||||
* owner_id, auth_code, access_token, refresh_token, stage, first_requested,
|
||||
* last_updated) VALUES ($clientId, $redirectUri, $type, $typeId, $authCode,
|
||||
* $accessToken, $stage, UNIX_TIMESTAMP(NOW()), UNIX_TIMESTAMP(NOW()))
|
||||
* </code>
|
||||
*
|
||||
* @param string $clientId The client ID
|
||||
* @param string $redirectUri The redirect URI
|
||||
* @param string $type The session owner's type (default = "user")
|
||||
* @param string $typeId The session owner's ID (default = "null")
|
||||
* @param string $authCode The authorisation code (default = "null")
|
||||
* @param string $accessToken The access token (default = "null")
|
||||
* @param string $stage The stage of the session (default ="request")
|
||||
* @param string $clientId The client ID
|
||||
* @param string $redirectUri The redirect URI
|
||||
* @param string $type The session owner's type (default = "user")
|
||||
* @param string $typeId The session owner's ID (default = "null")
|
||||
* @param string $authCode The authorisation code (default = "null")
|
||||
* @param string $accessToken The access token (default = "null")
|
||||
* @param string $refreshToken The refresh token (default = "null")
|
||||
* @param string $stage The stage of the session (default ="request")
|
||||
* @return int The session ID
|
||||
*/
|
||||
public function newSession(
|
||||
@ -77,6 +78,7 @@ interface Database
|
||||
$typeId = null,
|
||||
$authCode = null,
|
||||
$accessToken = null,
|
||||
$refreshToken = null,
|
||||
$accessTokenExpire = null,
|
||||
$stage = 'requested'
|
||||
);
|
||||
@ -92,16 +94,18 @@ interface Database
|
||||
* id = $sessionId
|
||||
* </code>
|
||||
*
|
||||
* @param string $sessionId The session ID
|
||||
* @param string $authCode The authorisation code (default = "null")
|
||||
* @param string $accessToken The access token (default = "null")
|
||||
* @param string $stage The stage of the session (default ="request")
|
||||
* @param string $sessionId The session ID
|
||||
* @param string $authCode The authorisation code (default = "null")
|
||||
* @param string $accessToken The access token (default = "null")
|
||||
* @param string $refreshToken The refresh token (default = "null")
|
||||
* @param string $stage The stage of the session (default ="request")
|
||||
* @return void
|
||||
*/
|
||||
public function updateSession(
|
||||
$sessionId,
|
||||
$authCode = null,
|
||||
$accessToken = null,
|
||||
$refreshToken = null,
|
||||
$accessTokenExpire = null,
|
||||
$stage = 'requested'
|
||||
);
|
||||
@ -125,6 +129,27 @@ interface Database
|
||||
$typeId
|
||||
);
|
||||
|
||||
public function validateRefreshToken($refreshToken, $clientId);
|
||||
|
||||
/**
|
||||
* Update the refresh token
|
||||
*
|
||||
* Database query:
|
||||
*
|
||||
* <code>
|
||||
* UPDATE oauth_sessions SET access_token = $newAccessToken, refresh_token =
|
||||
* $newRefreshToken, access_toke_expires = $accessTokenExpires, last_updated = UNIX_TIMESTAMP(NOW()) WHERE
|
||||
* id = $sessionId
|
||||
* </code>
|
||||
*
|
||||
* @param string $sessionId The session ID
|
||||
* @param string $newAccessToken The new access token for this session
|
||||
* @param string $newRefreshToken The new refresh token for the session
|
||||
* @param int $accessTokenExpires The UNIX timestamp of when the new token expires
|
||||
* @return void
|
||||
*/
|
||||
public function updateRefreshToken($sessionId, $newAccessToken, $newRefreshToken, $accessTokenExpires);
|
||||
|
||||
/**
|
||||
* Validate that an authorisation code is valid
|
||||
*
|
||||
|
@ -30,15 +30,15 @@ class Server
|
||||
* @var array
|
||||
*/
|
||||
private $_config = array(
|
||||
'scope_delimeter' => ',',
|
||||
'access_token_ttl' => 3600
|
||||
'scope_delimeter' => ',',
|
||||
'access_token_ttl' => 3600
|
||||
);
|
||||
|
||||
/**
|
||||
* Supported response types
|
||||
* @var array
|
||||
*/
|
||||
private $_responseTypes = array(
|
||||
private $_responseTypes = array(
|
||||
'code'
|
||||
);
|
||||
|
||||
@ -46,8 +46,15 @@ class Server
|
||||
* Supported grant types
|
||||
* @var array
|
||||
*/
|
||||
private $_grantTypes = array(
|
||||
'authorization_code'
|
||||
private $_grantTypes = array(
|
||||
'authorization_code' => false,
|
||||
'client_credentials' => false,
|
||||
'password' => false,
|
||||
'refresh_token' => false,
|
||||
);
|
||||
|
||||
private $_grantTypeCallbacks = array(
|
||||
'password' => null
|
||||
);
|
||||
|
||||
/**
|
||||
@ -75,16 +82,18 @@ class Server
|
||||
* @var array
|
||||
*/
|
||||
public $errors = array(
|
||||
'invalid_request' => 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the "%s" parameter.',
|
||||
'unauthorized_client' => 'The client is not authorized to request an access token using this method.',
|
||||
'access_denied' => 'The resource owner or authorization server denied the request.',
|
||||
'invalid_request' => 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the "%s" parameter.',
|
||||
'unauthorized_client' => 'The client is not authorized to request an access token using this method.',
|
||||
'access_denied' => 'The resource owner or authorization server denied the request.',
|
||||
'unsupported_response_type' => 'The authorization server does not support obtaining an access token using this method.',
|
||||
'invalid_scope' => 'The requested scope is invalid, unknown, or malformed. Check the "%s" scope.',
|
||||
'server_error' => 'The authorization server encountered an unexpected condition which prevented it from fulfilling the request.',
|
||||
'invalid_scope' => 'The requested scope is invalid, unknown, or malformed. Check the "%s" scope.',
|
||||
'server_error' => 'The authorization server encountered an unexpected condition which prevented it from fulfilling the request.',
|
||||
'temporarily_unavailable' => 'The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.',
|
||||
'unsupported_grant_type' => 'The authorization grant type is not supported by the authorization server',
|
||||
'invalid_client' => 'Client authentication failed',
|
||||
'invalid_grant' => 'The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client. Check the "%s" parameter.'
|
||||
'unsupported_grant_type' => 'The authorization grant type "%s" is not supported by the authorization server',
|
||||
'invalid_client' => 'Client authentication failed',
|
||||
'invalid_grant' => 'The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client. Check the "%s" parameter.',
|
||||
'invalid_credentials' => 'The user credentials were incorrect.',
|
||||
'invalid_refresh' => 'The refresh token is invalid.',
|
||||
);
|
||||
|
||||
/**
|
||||
@ -97,7 +106,7 @@ class Server
|
||||
public function __construct($options = null)
|
||||
{
|
||||
if ($options !== null) {
|
||||
$this->options = array_merge($this->_config, $options);
|
||||
$this->_config = array_merge($this->_config, $options);
|
||||
}
|
||||
}
|
||||
|
||||
@ -113,6 +122,27 @@ class Server
|
||||
$this->_db = $db;
|
||||
}
|
||||
|
||||
/**
|
||||
* Enable a grant type
|
||||
*
|
||||
* @access public
|
||||
* @return void
|
||||
*/
|
||||
public function enableGrantType($type, $callback = null)
|
||||
{
|
||||
if (isset($this->_grantTypes[$type])) {
|
||||
$this->_grantTypes[$type] = true;
|
||||
}
|
||||
|
||||
if (in_array($type, array_keys($this->_grantTypeCallbacks))) {
|
||||
if (is_null($callback) || ! is_callable($callback)) {
|
||||
throw new ServerException('No registered callback function for grant type `'.$type.'`');
|
||||
}
|
||||
|
||||
$this->_grantTypeCallbacks[$type] = $callback;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Check client authorise parameters
|
||||
*
|
||||
@ -126,30 +156,22 @@ class Server
|
||||
|
||||
// Client ID
|
||||
if ( ! isset($authParams['client_id']) && ! isset($_GET['client_id'])) {
|
||||
|
||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0);
|
||||
|
||||
} else {
|
||||
|
||||
$params['client_id'] = (isset($authParams['client_id'])) ?
|
||||
$authParams['client_id'] :
|
||||
$_GET['client_id'];
|
||||
|
||||
}
|
||||
|
||||
$params['client_id'] = (isset($authParams['client_id'])) ?
|
||||
$authParams['client_id'] :
|
||||
$_GET['client_id'];
|
||||
|
||||
// Redirect URI
|
||||
if ( ! isset($authParams['redirect_uri']) && ! isset($_GET['redirect_uri'])) {
|
||||
|
||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'redirect_uri'), 0);
|
||||
|
||||
} else {
|
||||
|
||||
$params['redirect_uri'] = (isset($authParams['redirect_uri'])) ?
|
||||
$authParams['redirect_uri'] :
|
||||
$_GET['redirect_uri'];
|
||||
|
||||
}
|
||||
|
||||
$params['redirect_uri'] = (isset($authParams['redirect_uri'])) ?
|
||||
$authParams['redirect_uri'] :
|
||||
$_GET['redirect_uri'];
|
||||
|
||||
// Validate client ID and redirect URI
|
||||
$clientDetails = $this->_dbCall(
|
||||
'validateClient',
|
||||
@ -159,7 +181,6 @@ class Server
|
||||
);
|
||||
|
||||
if ($clientDetails === false) {
|
||||
|
||||
throw new ClientException($this->errors['invalid_client'], 8);
|
||||
}
|
||||
|
||||
@ -167,29 +188,24 @@ class Server
|
||||
|
||||
// Response type
|
||||
if ( ! isset($authParams['response_type']) && ! isset($_GET['response_type'])) {
|
||||
|
||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'response_type'), 0);
|
||||
}
|
||||
|
||||
} else {
|
||||
$params['response_type'] = (isset($authParams['response_type'])) ?
|
||||
$authParams['response_type'] :
|
||||
$_GET['response_type'];
|
||||
|
||||
$params['response_type'] = (isset($authParams['response_type'])) ?
|
||||
$authParams['response_type'] :
|
||||
$_GET['response_type'];
|
||||
|
||||
// Ensure response type is one that is recognised
|
||||
if ( ! in_array($params['response_type'], $this->_responseTypes)) {
|
||||
|
||||
throw new ClientException($this->errors['unsupported_response_type'], 3);
|
||||
|
||||
}
|
||||
// Ensure response type is one that is recognised
|
||||
if ( ! in_array($params['response_type'], $this->_responseTypes)) {
|
||||
throw new ClientException($this->errors['unsupported_response_type'], 3);
|
||||
}
|
||||
|
||||
// Get and validate scopes
|
||||
if (isset($authParams['scope']) || isset($_GET['scope'])) {
|
||||
|
||||
$scopes = (isset($_GET['scope'])) ?
|
||||
$_GET['scope'] :
|
||||
$authParams['scope'];
|
||||
$_GET['scope'] :
|
||||
$authParams['scope'];
|
||||
|
||||
$scopes = explode($this->_config['scope_delimeter'], $scopes);
|
||||
|
||||
@ -204,7 +220,6 @@ class Server
|
||||
}
|
||||
|
||||
if (count($scopes) === 0) {
|
||||
|
||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'scope'), 0);
|
||||
}
|
||||
|
||||
@ -218,9 +233,7 @@ class Server
|
||||
);
|
||||
|
||||
if ($scopeDetails === false) {
|
||||
|
||||
throw new ClientException(sprintf($this->errors['invalid_scope'], $scope), 4);
|
||||
|
||||
}
|
||||
|
||||
$params['scopes'][] = $scopeDetails;
|
||||
@ -250,7 +263,7 @@ class Server
|
||||
);
|
||||
|
||||
// Create the new auth code
|
||||
$authCode = $this->newAuthCode(
|
||||
$authCode = $this->_newAuthCode(
|
||||
$authoriseParams['client_id'],
|
||||
'user',
|
||||
$typeId,
|
||||
@ -268,7 +281,7 @@ class Server
|
||||
*
|
||||
* @return string A unique code
|
||||
*/
|
||||
private function generateCode()
|
||||
private function _generateCode()
|
||||
{
|
||||
return sha1(uniqid(microtime()));
|
||||
}
|
||||
@ -284,53 +297,35 @@ class Server
|
||||
* @param string $accessToken The access token (default = null)
|
||||
* @return string An authorisation code
|
||||
*/
|
||||
private function newAuthCode($clientId, $type, $typeId, $redirectUri, $scopes = array(), $accessToken = null)
|
||||
private function _newAuthCode($clientId, $type, $typeId, $redirectUri, $scopes = array())
|
||||
{
|
||||
$authCode = $this->generateCode();
|
||||
$authCode = $this->_generateCode();
|
||||
|
||||
// If an access token exists then update the existing session with the
|
||||
// new authorisation code otherwise create a new session
|
||||
if ($accessToken !== null) {
|
||||
// Delete any existing sessions just to be sure
|
||||
$this->_dbCall('deleteSession', $clientId, $type, $typeId);
|
||||
|
||||
// Create a new session
|
||||
$sessionId = $this->_dbCall(
|
||||
'newSession',
|
||||
$clientId,
|
||||
$redirectUri,
|
||||
$type,
|
||||
$typeId,
|
||||
$authCode,
|
||||
null,
|
||||
null,
|
||||
'requested'
|
||||
);
|
||||
|
||||
// Add the scopes
|
||||
foreach ($scopes as $key => $scope) {
|
||||
|
||||
$this->_dbCall(
|
||||
'updateSession',
|
||||
$clientId,
|
||||
$type,
|
||||
$typeId,
|
||||
$authCode,
|
||||
$accessToken,
|
||||
'requested'
|
||||
'addSessionScope',
|
||||
$sessionId,
|
||||
$scope['scope']
|
||||
);
|
||||
|
||||
} else {
|
||||
|
||||
// Delete any existing sessions just to be sure
|
||||
$this->_dbCall('deleteSession', $clientId, $type, $typeId);
|
||||
|
||||
// Create a new session
|
||||
$sessionId = $this->_dbCall(
|
||||
'newSession',
|
||||
$clientId,
|
||||
$redirectUri,
|
||||
$type,
|
||||
$typeId,
|
||||
$authCode,
|
||||
null,
|
||||
null,
|
||||
'requested'
|
||||
);
|
||||
|
||||
// Add the scopes
|
||||
foreach ($scopes as $key => $scope) {
|
||||
|
||||
$this->_dbCall(
|
||||
'addSessionScope',
|
||||
$sessionId,
|
||||
$scope['scope']
|
||||
);
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
return $authCode;
|
||||
@ -347,40 +342,43 @@ class Server
|
||||
*/
|
||||
public function issueAccessToken($authParams = null)
|
||||
{
|
||||
$params = array();
|
||||
|
||||
if ( ! isset($authParams['grant_type']) && ! isset($_POST['grant_type'])) {
|
||||
|
||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'grant_type'), 0);
|
||||
}
|
||||
|
||||
} else {
|
||||
$params['grant_type'] = (isset($authParams['grant_type'])) ?
|
||||
$authParams['grant_type'] :
|
||||
$_POST['grant_type'];
|
||||
|
||||
$params['grant_type'] = (isset($authParams['grant_type'])) ?
|
||||
$authParams['grant_type'] :
|
||||
$_POST['grant_type'];
|
||||
|
||||
// Ensure grant type is one that is recognised
|
||||
if ( ! in_array($params['grant_type'], $this->_grantTypes)) {
|
||||
|
||||
throw new ClientException($this->errors['unsupported_grant_type'], 7);
|
||||
|
||||
}
|
||||
// Ensure grant type is one that is recognised and is enabled
|
||||
if ( ! in_array($params['grant_type'], array_keys($this->_grantTypes)) || $this->_grantTypes[$params['grant_type']] !== true) {
|
||||
throw new ClientException(sprintf($this->errors['unsupported_grant_type'], $params['grant_type']), 7);
|
||||
}
|
||||
|
||||
switch ($params['grant_type'])
|
||||
{
|
||||
|
||||
case 'authorization_code': // Authorization code grant
|
||||
return $this->completeAuthCodeGrant($authParams, $params);
|
||||
return $this->_completeAuthCodeGrant($authParams, $params);
|
||||
break;
|
||||
|
||||
case 'refresh_token': // Refresh token
|
||||
case 'password': // Resource owner password credentials grant
|
||||
case 'client_credentials': // Client credentials grant
|
||||
return $this->_completeClientCredentialsGrant($authParams, $params);
|
||||
break;
|
||||
|
||||
case 'password': // Resource owner password credentials grant
|
||||
return $this->_completeUserCredentialsGrant($authParams, $params);
|
||||
break;
|
||||
|
||||
case 'refresh_token': // Refresh token grant
|
||||
return $this->_completeRefreshTokenGrant($authParams, $params);
|
||||
break;
|
||||
|
||||
// @codeCoverageIgnoreStart
|
||||
default: // Unsupported
|
||||
throw new ServerException($this->errors['server_error'] . 'Tried to process an unsuppported grant type.', 5);
|
||||
break;
|
||||
}
|
||||
// @codeCoverageIgnoreEnd
|
||||
}
|
||||
|
||||
/**
|
||||
@ -393,47 +391,35 @@ class Server
|
||||
*
|
||||
* @return array Authorise request parameters
|
||||
*/
|
||||
private function completeAuthCodeGrant($authParams = array(), $params = array())
|
||||
private function _completeAuthCodeGrant($authParams = array(), $params = array())
|
||||
{
|
||||
// Client ID
|
||||
if ( ! isset($authParams['client_id']) && ! isset($_POST['client_id'])) {
|
||||
|
||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0);
|
||||
|
||||
} else {
|
||||
|
||||
$params['client_id'] = (isset($authParams['client_id'])) ?
|
||||
$authParams['client_id'] :
|
||||
$_POST['client_id'];
|
||||
|
||||
}
|
||||
|
||||
$params['client_id'] = (isset($authParams['client_id'])) ?
|
||||
$authParams['client_id'] :
|
||||
$_POST['client_id'];
|
||||
|
||||
// Client secret
|
||||
if ( ! isset($authParams['client_secret']) && ! isset($_POST['client_secret'])) {
|
||||
|
||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'client_secret'), 0);
|
||||
|
||||
} else {
|
||||
|
||||
$params['client_secret'] = (isset($authParams['client_secret'])) ?
|
||||
$authParams['client_secret'] :
|
||||
$_POST['client_secret'];
|
||||
|
||||
}
|
||||
|
||||
$params['client_secret'] = (isset($authParams['client_secret'])) ?
|
||||
$authParams['client_secret'] :
|
||||
$_POST['client_secret'];
|
||||
|
||||
// Redirect URI
|
||||
if ( ! isset($authParams['redirect_uri']) && ! isset($_POST['redirect_uri'])) {
|
||||
|
||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'redirect_uri'), 0);
|
||||
|
||||
} else {
|
||||
|
||||
$params['redirect_uri'] = (isset($authParams['redirect_uri'])) ?
|
||||
$authParams['redirect_uri'] :
|
||||
$_POST['redirect_uri'];
|
||||
|
||||
}
|
||||
|
||||
$params['redirect_uri'] = (isset($authParams['redirect_uri'])) ?
|
||||
$authParams['redirect_uri'] :
|
||||
$_POST['redirect_uri'];
|
||||
|
||||
// Validate client ID and redirect URI
|
||||
$clientDetails = $this->_dbCall(
|
||||
'validateClient',
|
||||
@ -443,25 +429,19 @@ class Server
|
||||
);
|
||||
|
||||
if ($clientDetails === false) {
|
||||
|
||||
throw new ClientException($this->errors['invalid_client'], 8);
|
||||
}
|
||||
|
||||
// The authorization code
|
||||
if ( ! isset($authParams['code']) && ! isset($_POST['code'])) {
|
||||
|
||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'code'), 0);
|
||||
|
||||
} else {
|
||||
|
||||
$params['code'] = (isset($authParams['code'])) ?
|
||||
$authParams['code'] :
|
||||
$_POST['code'];
|
||||
|
||||
}
|
||||
|
||||
// Verify the authorization code matches the client_id and the
|
||||
// request_uri
|
||||
$params['code'] = (isset($authParams['code'])) ?
|
||||
$authParams['code'] :
|
||||
$_POST['code'];
|
||||
|
||||
// Verify the authorization code matches the client_id and the request_uri
|
||||
$session = $this->_dbCall(
|
||||
'validateAuthCode',
|
||||
$params['client_id'],
|
||||
@ -470,42 +450,306 @@ class Server
|
||||
);
|
||||
|
||||
if ( ! $session) {
|
||||
|
||||
throw new ClientException(sprintf($this->errors['invalid_grant'], 'code'), 9);
|
||||
|
||||
} else {
|
||||
|
||||
// A session ID was returned so update it with an access token,
|
||||
// remove the authorisation code, change the stage to 'granted'
|
||||
|
||||
$accessToken = $this->generateCode();
|
||||
|
||||
$accessTokenExpires = ($this->_config['access_token_ttl'] === null) ?
|
||||
null :
|
||||
time() + $this->_config['access_token_ttl'];
|
||||
|
||||
$this->_dbCall(
|
||||
'updateSession',
|
||||
$session['id'],
|
||||
null,
|
||||
$accessToken,
|
||||
$accessTokenExpires,
|
||||
'granted'
|
||||
);
|
||||
|
||||
// Update the session's scopes to reference the access token
|
||||
$this->_dbCall(
|
||||
'updateSessionScopeAccessToken',
|
||||
$session['id'],
|
||||
$accessToken
|
||||
);
|
||||
|
||||
return array(
|
||||
'access_token' => $accessToken,
|
||||
'token_type' => 'bearer',
|
||||
'expires_in' => $this->_config['access_token_ttl']
|
||||
);
|
||||
}
|
||||
|
||||
// A session ID was returned so update it with an access token,
|
||||
// remove the authorisation code, change the stage to 'granted'
|
||||
|
||||
$accessToken = $this->_generateCode();
|
||||
$refreshToken = ($this->_grantTypes['refresh_token']) ?
|
||||
$this->_generateCode() :
|
||||
null;
|
||||
|
||||
$accessTokenExpires = time() + $this->_config['access_token_ttl'];
|
||||
$accessTokenExpiresIn = $this->_config['access_token_ttl'];
|
||||
|
||||
$this->_dbCall(
|
||||
'updateSession',
|
||||
$session['id'],
|
||||
null,
|
||||
$accessToken,
|
||||
$refreshToken,
|
||||
$accessTokenExpires,
|
||||
'granted'
|
||||
);
|
||||
|
||||
// Update the session's scopes to reference the access token
|
||||
$this->_dbCall(
|
||||
'updateSessionScopeAccessToken',
|
||||
$session['id'],
|
||||
$accessToken,
|
||||
$refreshToken
|
||||
);
|
||||
|
||||
$response = array(
|
||||
'access_token' => $accessToken,
|
||||
'token_type' => 'bearer',
|
||||
'expires' => $accessTokenExpires,
|
||||
'expires_in' => $accessTokenExpiresIn
|
||||
);
|
||||
|
||||
if ($this->_grantTypes['refresh_token']) {
|
||||
$response['refresh_token'] = $refreshToken;
|
||||
}
|
||||
|
||||
return $response;
|
||||
}
|
||||
|
||||
/**
|
||||
* Complete the resource owner password credentials grant
|
||||
*
|
||||
* @access private
|
||||
* @param array $authParams Array of parsed $_POST keys
|
||||
* @param array $params Generated parameters from issueAccessToken()
|
||||
* @return array Authorise request parameters
|
||||
*/
|
||||
private function _completeClientCredentialsGrant($authParams = array(), $params = array())
|
||||
{
|
||||
// Client ID
|
||||
if ( ! isset($authParams['client_id']) && ! isset($_POST['client_id'])) {
|
||||
// @codeCoverageIgnoreStart
|
||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0);
|
||||
// @codeCoverageIgnoreEnd
|
||||
}
|
||||
|
||||
$params['client_id'] = (isset($authParams['client_id'])) ?
|
||||
$authParams['client_id'] :
|
||||
$_POST['client_id'];
|
||||
|
||||
// Client secret
|
||||
if ( ! isset($authParams['client_secret']) && ! isset($_POST['client_secret'])) {
|
||||
// @codeCoverageIgnoreStart
|
||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'client_secret'), 0);
|
||||
// @codeCoverageIgnoreEnd
|
||||
}
|
||||
|
||||
$params['client_secret'] = (isset($authParams['client_secret'])) ?
|
||||
$authParams['client_secret'] :
|
||||
$_POST['client_secret'];
|
||||
|
||||
// Validate client ID and client secret
|
||||
$clientDetails = $this->_dbCall(
|
||||
'validateClient',
|
||||
$params['client_id'],
|
||||
$params['client_secret'],
|
||||
null
|
||||
);
|
||||
|
||||
if ($clientDetails === false) {
|
||||
// @codeCoverageIgnoreStart
|
||||
throw new ClientException($this->errors['invalid_client'], 8);
|
||||
// @codeCoverageIgnoreEnd
|
||||
}
|
||||
|
||||
// Generate an access token
|
||||
$accessToken = $this->_generateCode();
|
||||
$refreshToken = ($this->_grantTypes['refresh_token']) ?
|
||||
$this->_generateCode() :
|
||||
null;
|
||||
|
||||
$accessTokenExpires = time() + $this->_config['access_token_ttl'];
|
||||
$accessTokenExpiresIn = $this->_config['access_token_ttl'];
|
||||
|
||||
// Delete any existing sessions just to be sure
|
||||
$this->_dbCall('deleteSession', $params['client_id'], 'client', $params['client_id']);
|
||||
|
||||
// Create a new session
|
||||
$this->_dbCall('newSession', $params['client_id'], null, 'client', $params['client_id'], null, $accessToken, $refreshToken, $accessTokenExpires, 'granted');
|
||||
|
||||
$response = array(
|
||||
'access_token' => $accessToken,
|
||||
'token_type' => 'bearer',
|
||||
'expires' => $accessTokenExpires,
|
||||
'expires_in' => $accessTokenExpiresIn
|
||||
);
|
||||
|
||||
if ($this->_grantTypes['refresh_token']) {
|
||||
$response['refresh_token'] = $refreshToken;
|
||||
}
|
||||
|
||||
return $response;
|
||||
}
|
||||
|
||||
/**
|
||||
* Complete the resource owner password credentials grant
|
||||
*
|
||||
* @access private
|
||||
* @param array $authParams Array of parsed $_POST keys
|
||||
* @param array $params Generated parameters from issueAccessToken()
|
||||
* @return array Authorise request parameters
|
||||
*/
|
||||
private function _completeUserCredentialsGrant($authParams = array(), $params = array())
|
||||
{
|
||||
// Client ID
|
||||
if ( ! isset($authParams['client_id']) && ! isset($_POST['client_id'])) {
|
||||
// @codeCoverageIgnoreStart
|
||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0);
|
||||
// @codeCoverageIgnoreEnd
|
||||
}
|
||||
|
||||
$params['client_id'] = (isset($authParams['client_id'])) ?
|
||||
$authParams['client_id'] :
|
||||
$_POST['client_id'];
|
||||
|
||||
// Client secret
|
||||
if ( ! isset($authParams['client_secret']) && ! isset($_POST['client_secret'])) {
|
||||
// @codeCoverageIgnoreStart
|
||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'client_secret'), 0);
|
||||
// @codeCoverageIgnoreEnd
|
||||
}
|
||||
|
||||
$params['client_secret'] = (isset($authParams['client_secret'])) ?
|
||||
$authParams['client_secret'] :
|
||||
$_POST['client_secret'];
|
||||
|
||||
// Validate client ID and client secret
|
||||
$clientDetails = $this->_dbCall(
|
||||
'validateClient',
|
||||
$params['client_id'],
|
||||
$params['client_secret'],
|
||||
null
|
||||
);
|
||||
|
||||
if ($clientDetails === false) {
|
||||
// @codeCoverageIgnoreStart
|
||||
throw new ClientException($this->errors['invalid_client'], 8);
|
||||
// @codeCoverageIgnoreEnd
|
||||
}
|
||||
|
||||
// User's username
|
||||
if ( ! isset($authParams['username']) && ! isset($_POST['username'])) {
|
||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'username'), 0);
|
||||
}
|
||||
|
||||
$params['username'] = (isset($authParams['username'])) ?
|
||||
$authParams['username'] :
|
||||
$_POST['username'];
|
||||
|
||||
// User's password
|
||||
if ( ! isset($authParams['password']) && ! isset($_POST['password'])) {
|
||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'password'), 0);
|
||||
}
|
||||
|
||||
$params['password'] = (isset($authParams['password'])) ?
|
||||
$authParams['password'] :
|
||||
$_POST['password'];
|
||||
|
||||
// Check if user's username and password are correct
|
||||
$userId = call_user_func($this->_grantTypeCallbacks['password'], $params['username'], $params['password']);
|
||||
|
||||
if ($userId === false) {
|
||||
throw new \Oauth2\Authentication\ClientException($this->errors['invalid_credentials'], 0);
|
||||
}
|
||||
|
||||
// Generate an access token
|
||||
$accessToken = $this->_generateCode();
|
||||
$refreshToken = ($this->_grantTypes['refresh_token']) ?
|
||||
$this->_generateCode() :
|
||||
null;
|
||||
|
||||
$accessTokenExpires = time() + $this->_config['access_token_ttl'];
|
||||
$accessTokenExpiresIn = $this->_config['access_token_ttl'];
|
||||
|
||||
// Delete any existing sessions just to be sure
|
||||
$this->_dbCall('deleteSession', $params['client_id'], 'user', $userId);
|
||||
|
||||
// Create a new session
|
||||
$this->_dbCall('newSession', $params['client_id'], null, 'user', $userId, null, $accessToken, $refreshToken, $accessTokenExpires, 'granted');
|
||||
|
||||
$response = array(
|
||||
'access_token' => $accessToken,
|
||||
'token_type' => 'bearer',
|
||||
'expires' => $accessTokenExpires,
|
||||
'expires_in' => $accessTokenExpiresIn
|
||||
);
|
||||
|
||||
if ($this->_grantTypes['refresh_token']) {
|
||||
$response['refresh_token'] = $refreshToken;
|
||||
}
|
||||
|
||||
return $response;
|
||||
}
|
||||
|
||||
/**
|
||||
* Complete the refresh token grant
|
||||
*
|
||||
* @access private
|
||||
* @param array $authParams Array of parsed $_POST keys
|
||||
* @param array $params Generated parameters from issueAccessToken()
|
||||
* @return array Authorise request parameters
|
||||
*/
|
||||
private function _completeRefreshTokenGrant($authParams = array(), $params = array())
|
||||
{
|
||||
// Client ID
|
||||
if ( ! isset($authParams['client_id']) && ! isset($_POST['client_id'])) {
|
||||
// @codeCoverageIgnoreStart
|
||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0);
|
||||
// @codeCoverageIgnoreEnd
|
||||
}
|
||||
|
||||
$params['client_id'] = (isset($authParams['client_id'])) ?
|
||||
$authParams['client_id'] :
|
||||
$_POST['client_id'];
|
||||
|
||||
// Client secret
|
||||
if ( ! isset($authParams['client_secret']) && ! isset($_POST['client_secret'])) {
|
||||
// @codeCoverageIgnoreStart
|
||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'client_secret'), 0);
|
||||
// @codeCoverageIgnoreEnd
|
||||
}
|
||||
|
||||
$params['client_secret'] = (isset($authParams['client_secret'])) ?
|
||||
$authParams['client_secret'] :
|
||||
$_POST['client_secret'];
|
||||
|
||||
// Validate client ID and client secret
|
||||
$clientDetails = $this->_dbCall(
|
||||
'validateClient',
|
||||
$params['client_id'],
|
||||
$params['client_secret'],
|
||||
null
|
||||
);
|
||||
|
||||
if ($clientDetails === false) {
|
||||
// @codeCoverageIgnoreStart
|
||||
throw new ClientException($this->errors['invalid_client'], 8);
|
||||
// @codeCoverageIgnoreEnd
|
||||
}
|
||||
|
||||
// Refresh token
|
||||
if ( ! isset($authParams['refresh_token']) && ! isset($_POST['refresh_token'])) {
|
||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'refresh_token'), 0);
|
||||
}
|
||||
|
||||
$params['refresh_token'] = (isset($authParams['refresh_token'])) ?
|
||||
$authParams['refresh_token'] :
|
||||
$_POST['refresh_token'];
|
||||
|
||||
// Validate refresh token
|
||||
$sessionId = $this->_dbCall('validateRefreshToken', $params['refresh_token'], $params['client_id']);
|
||||
|
||||
if ($sessionId === false) {
|
||||
throw new \Oauth2\Authentication\ClientException($this->errors['invalid_refresh'], 0);
|
||||
}
|
||||
|
||||
// Generate new tokens
|
||||
$accessToken = $this->_generateCode();
|
||||
$refreshToken = $this->_generateCode();
|
||||
|
||||
$accessTokenExpires = time() + $this->_config['access_token_ttl'];
|
||||
$accessTokenExpiresIn = $this->_config['access_token_ttl'];
|
||||
|
||||
// Update the tokens
|
||||
$this->_dbCall('updateRefreshToken', $sessionId, $accessToken, $refreshToken, $accessTokenExpires);
|
||||
|
||||
return array(
|
||||
'access_token' => $accessToken,
|
||||
'refresh_token' => $refreshToken,
|
||||
'token_type' => 'bearer',
|
||||
'expires' => $accessTokenExpires,
|
||||
'expires_in' => $accessTokenExpiresIn
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -519,19 +763,7 @@ class Server
|
||||
*/
|
||||
public function redirectUri($redirectUri, $params = array(), $queryDelimeter = '?')
|
||||
{
|
||||
|
||||
if (strstr($redirectUri, $queryDelimeter)) {
|
||||
|
||||
$redirectUri = $redirectUri . '&' . http_build_query($params);
|
||||
|
||||
} else {
|
||||
|
||||
$redirectUri = $redirectUri . $queryDelimeter . http_build_query($params);
|
||||
|
||||
}
|
||||
|
||||
return $redirectUri;
|
||||
|
||||
return (strstr($redirectUri, $queryDelimeter)) ? $redirectUri . '&' . http_build_query($params) : $redirectUri . $queryDelimeter . http_build_query($params);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -4,151 +4,165 @@ use Oauth2\Authentication\Database;
|
||||
|
||||
class OAuthdb implements Database
|
||||
{
|
||||
private $sessions = array();
|
||||
private $sessions_client_type_id = array();
|
||||
private $sessions_code = array();
|
||||
private $session_scopes = array();
|
||||
private $sessions = array();
|
||||
private $sessions_client_type_id = array();
|
||||
private $sessions_code = array();
|
||||
private $session_scopes = array();
|
||||
|
||||
private $clients = array(0 => array(
|
||||
'client_id' => 'test',
|
||||
'client_secret' => 'test',
|
||||
'redirect_uri' => 'http://example.com/test',
|
||||
'name' => 'Test Client'
|
||||
));
|
||||
private $clients = array(0 => array(
|
||||
'client_id' => 'test',
|
||||
'client_secret' => 'test',
|
||||
'redirect_uri' => 'http://example.com/test',
|
||||
'name' => 'Test Client'
|
||||
));
|
||||
|
||||
private $scopes = array('test' => array(
|
||||
'id' => 1,
|
||||
'scope' => 'test',
|
||||
'name' => 'test',
|
||||
'description' => 'test'
|
||||
));
|
||||
private $scopes = array('test' => array(
|
||||
'id' => 1,
|
||||
'scope' => 'test',
|
||||
'name' => 'test',
|
||||
'description' => 'test'
|
||||
));
|
||||
|
||||
public function validateClient($clientId, $clientSecret = null, $redirectUri = null)
|
||||
{
|
||||
if ($clientId !== $this->clients[0]['client_id'])
|
||||
{
|
||||
return false;
|
||||
}
|
||||
public function validateClient($clientId, $clientSecret = null, $redirectUri = null)
|
||||
{
|
||||
if ($clientId !== $this->clients[0]['client_id']) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if ($clientSecret !== null && $clientSecret !== $this->clients[0]['client_secret'])
|
||||
{
|
||||
return false;
|
||||
}
|
||||
if ($clientSecret !== null && $clientSecret !== $this->clients[0]['client_secret']) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if ($redirectUri !== null && $redirectUri !== $this->clients[0]['redirect_uri'])
|
||||
{
|
||||
return false;
|
||||
}
|
||||
if ($redirectUri !== null && $redirectUri !== $this->clients[0]['redirect_uri']) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return $this->clients[0];
|
||||
}
|
||||
return $this->clients[0];
|
||||
}
|
||||
|
||||
public function newSession($clientId, $redirectUri, $type = 'user', $typeId = null, $authCode = null, $accessToken = null, $accessTokenExpire = null, $stage = 'requested')
|
||||
{
|
||||
$id = count($this->sessions);
|
||||
public function newSession($clientId, $redirectUri, $type = 'user', $typeId = null, $authCode = null, $accessToken = null, $refreshToken = null, $accessTokenExpire = null, $stage = 'requested')
|
||||
{
|
||||
$id = count($this->sessions);
|
||||
|
||||
$this->sessions[$id] = array(
|
||||
'id' => $id,
|
||||
'client_id' => $clientId,
|
||||
'redirect_uri' => $redirectUri,
|
||||
'owner_type' => $type,
|
||||
'owner_id' => $typeId,
|
||||
'auth_code' => $authCode,
|
||||
'access_token' => $accessToken,
|
||||
'access_token_expire' => $accessTokenExpire,
|
||||
'stage' => $stage
|
||||
);
|
||||
$this->sessions[$id] = array(
|
||||
'id' => $id,
|
||||
'client_id' => $clientId,
|
||||
'redirect_uri' => $redirectUri,
|
||||
'owner_type' => $type,
|
||||
'owner_id' => $typeId,
|
||||
'auth_code' => $authCode,
|
||||
'access_token' => $accessToken,
|
||||
'refresh_token' => $refreshToken,
|
||||
'access_token_expire' => $accessTokenExpire,
|
||||
'stage' => $stage
|
||||
);
|
||||
|
||||
$this->sessions_client_type_id[$clientId . ':' . $type . ':' . $typeId] = $id;
|
||||
$this->sessions_code[$clientId . ':' . $redirectUri . ':' . $authCode] = $id;
|
||||
$this->sessions_client_type_id[$clientId . ':' . $type . ':' . $typeId] = $id;
|
||||
$this->sessions_code[$clientId . ':' . $redirectUri . ':' . $authCode] = $id;
|
||||
|
||||
return $id;
|
||||
}
|
||||
return $id;
|
||||
}
|
||||
|
||||
public function updateSession($sessionId, $authCode = null, $accessToken = null, $accessTokenExpire = null, $stage = 'requested')
|
||||
{
|
||||
$this->sessions[$sessionId]['auth_code'] = $authCode;
|
||||
$this->sessions[$sessionId]['access_token'] = $accessToken;
|
||||
$this->sessions[$sessionId]['access_token_expire'] = $accessTokenExpire;
|
||||
$this->sessions[$sessionId]['stage'] = $stage;
|
||||
public function updateSession($sessionId, $authCode = null, $accessToken = null, $refreshToken = null, $accessTokenExpire = null, $stage = 'requested')
|
||||
{
|
||||
$this->sessions[$sessionId]['auth_code'] = $authCode;
|
||||
$this->sessions[$sessionId]['access_token'] = $accessToken;
|
||||
$this->sessions[$sessionId]['refresh_token'] = $refreshToken;
|
||||
$this->sessions[$sessionId]['access_token_expire'] = $accessTokenExpire;
|
||||
$this->sessions[$sessionId]['stage'] = $stage;
|
||||
|
||||
return true;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
public function deleteSession($clientId, $type, $typeId)
|
||||
{
|
||||
$key = $clientId . ':' . $type . ':' . $typeId;
|
||||
if (isset($this->sessions_client_type_id[$key]))
|
||||
{
|
||||
unset($this->sessions[$this->sessions_client_type_id[$key]]);
|
||||
}
|
||||
return true;
|
||||
}
|
||||
public function deleteSession($clientId, $type, $typeId)
|
||||
{
|
||||
$key = $clientId . ':' . $type . ':' . $typeId;
|
||||
if (isset($this->sessions_client_type_id[$key])) {
|
||||
unset($this->sessions[$this->sessions_client_type_id[$key]]);
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
public function validateAuthCode($clientId, $redirectUri, $authCode)
|
||||
{
|
||||
$key = $clientId . ':' . $redirectUri . ':' . $authCode;
|
||||
public function refreshToken($currentRefreshToken, $newAccessToken, $newRefreshToken, $accessTokenExpires)
|
||||
{
|
||||
die('not implemented refreshToken');
|
||||
}
|
||||
|
||||
if (isset($this->sessions_code[$key]))
|
||||
{
|
||||
return $this->sessions[$this->sessions_code[$key]];
|
||||
}
|
||||
public function validateAuthCode($clientId, $redirectUri, $authCode)
|
||||
{
|
||||
$key = $clientId . ':' . $redirectUri . ':' . $authCode;
|
||||
|
||||
return false;
|
||||
}
|
||||
if (isset($this->sessions_code[$key])) {
|
||||
return $this->sessions[$this->sessions_code[$key]];
|
||||
}
|
||||
|
||||
public function hasSession($type, $typeId, $clientId)
|
||||
{
|
||||
die('not implemented hasSession');
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public function getAccessToken($sessionId)
|
||||
{
|
||||
die('not implemented getAccessToken');
|
||||
}
|
||||
public function hasSession($type, $typeId, $clientId)
|
||||
{
|
||||
die('not implemented hasSession');
|
||||
}
|
||||
|
||||
public function removeAuthCode($sessionId)
|
||||
{
|
||||
die('not implemented removeAuthCode');
|
||||
}
|
||||
public function getAccessToken($sessionId)
|
||||
{
|
||||
die('not implemented getAccessToken');
|
||||
}
|
||||
|
||||
public function setAccessToken(
|
||||
$sessionId,
|
||||
$accessToken
|
||||
)
|
||||
{
|
||||
die('not implemented setAccessToken');
|
||||
}
|
||||
public function removeAuthCode($sessionId)
|
||||
{
|
||||
die('not implemented removeAuthCode');
|
||||
}
|
||||
|
||||
public function addSessionScope($sessionId, $scope)
|
||||
{
|
||||
if ( ! isset($this->session_scopes[$sessionId]))
|
||||
{
|
||||
$this->session_scopes[$sessionId] = array();
|
||||
}
|
||||
public function setAccessToken($sessionId, $accessToken)
|
||||
{
|
||||
die('not implemented setAccessToken');
|
||||
}
|
||||
|
||||
$this->session_scopes[$sessionId][] = $scope;
|
||||
public function addSessionScope($sessionId, $scope)
|
||||
{
|
||||
if ( ! isset($this->session_scopes[$sessionId])) {
|
||||
$this->session_scopes[$sessionId] = array();
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
$this->session_scopes[$sessionId][] = $scope;
|
||||
|
||||
public function getScope($scope)
|
||||
{
|
||||
if ( ! isset($this->scopes[$scope]))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
return $this->scopes[$scope];
|
||||
}
|
||||
public function getScope($scope)
|
||||
{
|
||||
if ( ! isset($this->scopes[$scope])) {
|
||||
return false;
|
||||
}
|
||||
|
||||
public function updateSessionScopeAccessToken($sessionId, $accessToken)
|
||||
{
|
||||
return true;
|
||||
}
|
||||
return $this->scopes[$scope];
|
||||
}
|
||||
|
||||
public function accessTokenScopes($accessToken)
|
||||
{
|
||||
die('not implemented accessTokenScopes');
|
||||
}
|
||||
public function updateSessionScopeAccessToken($sessionId, $accessToken)
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
public function accessTokenScopes($accessToken)
|
||||
{
|
||||
die('not implemented accessTokenScopes');
|
||||
}
|
||||
|
||||
public function validateRefreshToken($refreshToken, $clientId)
|
||||
{
|
||||
if ($refreshToken !== $this->sessions[0]['refresh_token'])
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
public function updateRefreshToken($sessionId, $newAccessToken, $newRefreshToken, $accessTokenExpires)
|
||||
{
|
||||
$this->sessions[$sessionId]['access_token'] = $newAccessToken;
|
||||
$this->sessions[$sessionId]['refresh_token'] = $newRefreshToken;
|
||||
$this->sessions[$sessionId]['access_token_expire'] = $accessTokenExpires;
|
||||
}
|
||||
}
|
File diff suppressed because it is too large
Load Diff
@ -2,120 +2,123 @@
|
||||
|
||||
class Resource_Server_test extends PHPUnit_Framework_TestCase {
|
||||
|
||||
function setUp()
|
||||
{
|
||||
require_once('database_mock.php');
|
||||
$this->server = new Oauth2\Resource\Server();
|
||||
$this->db = new ResourceDB();
|
||||
function setUp()
|
||||
{
|
||||
require_once 'src/OAuth2/Resource/Server.php';
|
||||
require_once 'src/OAuth2/Resource/Database.php';
|
||||
|
||||
$this->assertInstanceOf('Oauth2\Resource\Database', $this->db);
|
||||
$this->server->registerDbAbstractor($this->db);
|
||||
}
|
||||
require_once('database_mock.php');
|
||||
$this->server = new Oauth2\Resource\Server();
|
||||
$this->db = new ResourceDB();
|
||||
|
||||
function test_init_POST()
|
||||
{
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
$_POST['oauth_token'] = 'test12345';
|
||||
$this->assertInstanceOf('Oauth2\Resource\Database', $this->db);
|
||||
$this->server->registerDbAbstractor($this->db);
|
||||
}
|
||||
|
||||
$this->server->init();
|
||||
function test_init_POST()
|
||||
{
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
$_POST['oauth_token'] = 'test12345';
|
||||
|
||||
$reflector = new ReflectionClass($this->server);
|
||||
$this->server->init();
|
||||
|
||||
$_accessToken = $reflector->getProperty('_accessToken');
|
||||
$_accessToken->setAccessible(true);
|
||||
$reflector = new ReflectionClass($this->server);
|
||||
|
||||
$_type = $reflector->getProperty('_type');
|
||||
$_type->setAccessible(true);
|
||||
$_accessToken = $reflector->getProperty('_accessToken');
|
||||
$_accessToken->setAccessible(true);
|
||||
|
||||
$_typeId = $reflector->getProperty('_typeId');
|
||||
$_typeId->setAccessible(true);
|
||||
$_type = $reflector->getProperty('_type');
|
||||
$_type->setAccessible(true);
|
||||
|
||||
$_scopes = $reflector->getProperty('_scopes');
|
||||
$_scopes->setAccessible(true);
|
||||
$_typeId = $reflector->getProperty('_typeId');
|
||||
$_typeId->setAccessible(true);
|
||||
|
||||
$this->assertEquals($_accessToken->getValue($this->server), $_POST['oauth_token']);
|
||||
$this->assertEquals($_type->getValue($this->server), 'user');
|
||||
$this->assertEquals($_typeId->getValue($this->server), 123);
|
||||
$this->assertEquals($_scopes->getValue($this->server), array('foo', 'bar'));
|
||||
}
|
||||
$_scopes = $reflector->getProperty('_scopes');
|
||||
$_scopes->setAccessible(true);
|
||||
|
||||
function test_init_GET()
|
||||
{
|
||||
$_GET['oauth_token'] = 'test12345';
|
||||
$this->assertEquals($_accessToken->getValue($this->server), $_POST['oauth_token']);
|
||||
$this->assertEquals($_type->getValue($this->server), 'user');
|
||||
$this->assertEquals($_typeId->getValue($this->server), 123);
|
||||
$this->assertEquals($_scopes->getValue($this->server), array('foo', 'bar'));
|
||||
}
|
||||
|
||||
$this->server->init();
|
||||
function test_init_GET()
|
||||
{
|
||||
$_GET['oauth_token'] = 'test12345';
|
||||
|
||||
$reflector = new ReflectionClass($this->server);
|
||||
$this->server->init();
|
||||
|
||||
$_accessToken = $reflector->getProperty('_accessToken');
|
||||
$_accessToken->setAccessible(true);
|
||||
$reflector = new ReflectionClass($this->server);
|
||||
|
||||
$_type = $reflector->getProperty('_type');
|
||||
$_type->setAccessible(true);
|
||||
$_accessToken = $reflector->getProperty('_accessToken');
|
||||
$_accessToken->setAccessible(true);
|
||||
|
||||
$_typeId = $reflector->getProperty('_typeId');
|
||||
$_typeId->setAccessible(true);
|
||||
$_type = $reflector->getProperty('_type');
|
||||
$_type->setAccessible(true);
|
||||
|
||||
$_scopes = $reflector->getProperty('_scopes');
|
||||
$_scopes->setAccessible(true);
|
||||
$_typeId = $reflector->getProperty('_typeId');
|
||||
$_typeId->setAccessible(true);
|
||||
|
||||
$this->assertEquals($_accessToken->getValue($this->server), $_GET['oauth_token']);
|
||||
$this->assertEquals($_type->getValue($this->server), 'user');
|
||||
$this->assertEquals($_typeId->getValue($this->server), 123);
|
||||
$this->assertEquals($_scopes->getValue($this->server), array('foo', 'bar'));
|
||||
}
|
||||
$_scopes = $reflector->getProperty('_scopes');
|
||||
$_scopes->setAccessible(true);
|
||||
|
||||
function test_init_header()
|
||||
{
|
||||
// Test with authorisation header
|
||||
$this->markTestIncomplete('Authorisation header test has not been implemented yet.');
|
||||
}
|
||||
$this->assertEquals($_accessToken->getValue($this->server), $_GET['oauth_token']);
|
||||
$this->assertEquals($_type->getValue($this->server), 'user');
|
||||
$this->assertEquals($_typeId->getValue($this->server), 123);
|
||||
$this->assertEquals($_scopes->getValue($this->server), array('foo', 'bar'));
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException \Oauth2\Resource\ClientException
|
||||
* @expectedExceptionMessage An access token was not presented with the request
|
||||
*/
|
||||
function test_init_missingToken()
|
||||
{
|
||||
$this->server->init();
|
||||
}
|
||||
function test_init_header()
|
||||
{
|
||||
// Test with authorisation header
|
||||
$this->markTestIncomplete('Authorisation header test has not been implemented yet.');
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException \Oauth2\Resource\ClientException
|
||||
* @expectedExceptionMessage The access token is not registered with the resource server
|
||||
*/
|
||||
function test_init_wrongToken()
|
||||
{
|
||||
$_POST['oauth_token'] = 'blah';
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
/**
|
||||
* @expectedException \Oauth2\Resource\ClientException
|
||||
* @expectedExceptionMessage An access token was not presented with the request
|
||||
*/
|
||||
function test_init_missingToken()
|
||||
{
|
||||
$this->server->init();
|
||||
}
|
||||
|
||||
$this->server->init();
|
||||
}
|
||||
/**
|
||||
* @expectedException \Oauth2\Resource\ClientException
|
||||
* @expectedExceptionMessage The access token is not registered with the resource server
|
||||
*/
|
||||
function test_init_wrongToken()
|
||||
{
|
||||
$_POST['oauth_token'] = 'blah';
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
|
||||
function test_hasScope()
|
||||
{
|
||||
$_POST['oauth_token'] = 'test12345';
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
$this->server->init();
|
||||
}
|
||||
|
||||
$this->server->init();
|
||||
function test_hasScope()
|
||||
{
|
||||
$_POST['oauth_token'] = 'test12345';
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
|
||||
$this->assertEquals(true, $this->server->hasScope('foo'));
|
||||
$this->assertEquals(true, $this->server->hasScope('bar'));
|
||||
$this->assertEquals(true, $this->server->hasScope(array('foo', 'bar')));
|
||||
$this->server->init();
|
||||
|
||||
$this->assertEquals(false, $this->server->hasScope('foobar'));
|
||||
$this->assertEquals(false, $this->server->hasScope(array('foobar')));
|
||||
}
|
||||
$this->assertEquals(true, $this->server->hasScope('foo'));
|
||||
$this->assertEquals(true, $this->server->hasScope('bar'));
|
||||
$this->assertEquals(true, $this->server->hasScope(array('foo', 'bar')));
|
||||
|
||||
function test___call()
|
||||
{
|
||||
$_POST['oauth_token'] = 'test12345';
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
$this->assertEquals(false, $this->server->hasScope('foobar'));
|
||||
$this->assertEquals(false, $this->server->hasScope(array('foobar')));
|
||||
}
|
||||
|
||||
$this->server->init();
|
||||
function test___call()
|
||||
{
|
||||
$_POST['oauth_token'] = 'test12345';
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
|
||||
$this->assertEquals(123, $this->server->isUser());
|
||||
$this->assertEquals(false, $this->server->isMachine());
|
||||
}
|
||||
$this->server->init();
|
||||
|
||||
$this->assertEquals(123, $this->server->isUser());
|
||||
$this->assertEquals(false, $this->server->isMachine());
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in New Issue
Block a user