From 95634fb3901d194348258ff5b055f968b5dd6db9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juli=C3=A1n=20Guti=C3=A9rrez?= Date: Sun, 17 Jan 2016 17:28:27 +0100 Subject: [PATCH 1/9] compound redirect uri with Psr\Http\Message\UriInterface --- src/Exception/OAuthServerException.php | 8 +++++- src/Utils/RedirectUri.php | 34 -------------------------- 2 files changed, 7 insertions(+), 35 deletions(-) delete mode 100644 src/Utils/RedirectUri.php diff --git a/src/Exception/OAuthServerException.php b/src/Exception/OAuthServerException.php index b0309290..936f41fd 100644 --- a/src/Exception/OAuthServerException.php +++ b/src/Exception/OAuthServerException.php @@ -6,6 +6,7 @@ use League\OAuth2\Server\Utils\RedirectUri; use Psr\Http\Message\ResponseInterface; use Zend\Diactoros\Response; use Zend\Diactoros\ServerRequest; +use Zend\Diactoros\Uri; class OAuthServerException extends \Exception { @@ -236,7 +237,12 @@ class OAuthServerException extends \Exception } if ($this->redirectUri !== null) { - $headers['Location'] = RedirectUri::make($this->redirectUri, $payload); + $redirectUri = new Uri($this->redirectUri); + parse_str($redirectUri->getQuery(), $redirectPayload); + + $headers['Location'] = (string) $redirectUri->withQuery(http_build_query( + array_merge($redirectPayload, $payload) + )); } foreach ($headers as $header => $content) { diff --git a/src/Utils/RedirectUri.php b/src/Utils/RedirectUri.php deleted file mode 100644 index d00f29cc..00000000 --- a/src/Utils/RedirectUri.php +++ /dev/null @@ -1,34 +0,0 @@ - - * @copyright Copyright (c) Alex Bilbie - * @license http://mit-license.org/ - * @link https://github.com/thephpleague/oauth2-server - */ - -namespace League\OAuth2\Server\Utils; - -/** - * RedirectUri class - */ -class RedirectUri -{ - /** - * Generate a new redirect uri - * - * @param string $uri The base URI - * @param array $params The query string parameters - * @param string $queryDelimiter The query string delimiter (default: "?") - * - * @return string The updated URI - */ - public static function make($uri, $params = [], $queryDelimiter = '?') - { - $uri .= (strstr($uri, $queryDelimiter) === false) ? $queryDelimiter : '&'; - - return $uri . http_build_query($params); - } -} From 94cc7c2bc76eef8de8ba8a5f27377e6e6913ff3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juli=C3=A1n=20Guti=C3=A9rrez?= Date: Wed, 20 Jan 2016 00:16:12 +0100 Subject: [PATCH 2/9] fix server reference --- src/Middleware/AuthenticationServerMiddleware.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Middleware/AuthenticationServerMiddleware.php b/src/Middleware/AuthenticationServerMiddleware.php index 28bd39cb..a71d4218 100644 --- a/src/Middleware/AuthenticationServerMiddleware.php +++ b/src/Middleware/AuthenticationServerMiddleware.php @@ -34,7 +34,7 @@ class AuthenticationServerMiddleware public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next) { try { - $response = $server->respondToRequest($request, $response); + $response = $this->server->respondToRequest($request, $response); } catch (OAuthServerException $exception) { return $exception->generateHttpResponse($response); } catch (\Exception $exception) { From ef5904ab1a9ed04d2d67be09c9575dc235d0fe83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juli=C3=A1n=20Guti=C3=A9rrez?= Date: Wed, 20 Jan 2016 00:32:59 +0100 Subject: [PATCH 3/9] exception based determineAccessTokenInHeader --- src/Middleware/ResourceServerMiddleware.php | 16 +++++----------- src/ResponseTypes/AbstractResponseType.php | 16 +++++++++++++++- src/ResponseTypes/BearerTokenResponse.php | 12 +++++++----- 3 files changed, 27 insertions(+), 17 deletions(-) diff --git a/src/Middleware/ResourceServerMiddleware.php b/src/Middleware/ResourceServerMiddleware.php index 874a14c6..ebcf2794 100644 --- a/src/Middleware/ResourceServerMiddleware.php +++ b/src/Middleware/ResourceServerMiddleware.php @@ -33,18 +33,12 @@ class ResourceServerMiddleware */ public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next) { - if ($request->hasHeader('authorization') === false) { - $exception = OAuthServerException::accessDenied('Missing authorization header'); - - return $exception->generateHttpResponse($response); - } - - $request = $this->server->getResponseType()->determineAccessTokenInHeader($request); - - if ($request->getAttribute('oauth_access_token') === null) { - $exception = OAuthServerException::accessDenied($request->getAttribute('oauth_access_token_error')); - + try { + $request = $this->server->getResponseType()->determineAccessTokenInHeader($request); + } catch (OAuthServerException $exception) { return $exception->generateHttpResponse($response); + } catch (\Exception $exception) { + return $response->withStatus(500)->write($exception->getMessage()); } // Pass the request and response on to the next responder in the chain diff --git a/src/ResponseTypes/AbstractResponseType.php b/src/ResponseTypes/AbstractResponseType.php index 2388582f..9605a463 100644 --- a/src/ResponseTypes/AbstractResponseType.php +++ b/src/ResponseTypes/AbstractResponseType.php @@ -13,7 +13,9 @@ namespace League\OAuth2\Server\ResponseTypes; use League\OAuth2\Server\Entities\Interfaces\AccessTokenEntityInterface; use League\OAuth2\Server\Entities\Interfaces\RefreshTokenEntityInterface; +use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface; +use Psr\Http\Message\ServerRequestInterface; abstract class AbstractResponseType implements ResponseTypeInterface { @@ -66,10 +68,22 @@ abstract class AbstractResponseType implements ResponseTypeInterface } /** - * @param \League\OAuth2\Server\Entities\Interfaces\RefreshTokenEntityInterface $refreshToken + * {@inheritdoc} */ public function setRefreshToken(RefreshTokenEntityInterface $refreshToken) { $this->refreshToken = $refreshToken; } + + /** + * {@inheritdoc} + */ + public function determineAccessTokenInHeader(ServerRequestInterface $request) + { + if ($request->hasHeader('authorization') === false) { + throw OAuthServerException::accessDenied('Missing "Authorization" header'); + } + + return $request; + } } diff --git a/src/ResponseTypes/BearerTokenResponse.php b/src/ResponseTypes/BearerTokenResponse.php index 278b166d..c67bc990 100644 --- a/src/ResponseTypes/BearerTokenResponse.php +++ b/src/ResponseTypes/BearerTokenResponse.php @@ -16,10 +16,10 @@ use Lcobucci\JWT\Parser; use Lcobucci\JWT\Signer\Key; use Lcobucci\JWT\Signer\Rsa\Sha256; use League\OAuth2\Server\Entities\Interfaces\RefreshTokenEntityInterface; +use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Utils\KeyCrypt; use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ServerRequestInterface; -use Zend\Diactoros\Response; class BearerTokenResponse extends AbstractResponseType { @@ -78,6 +78,8 @@ class BearerTokenResponse extends AbstractResponseType */ public function determineAccessTokenInHeader(ServerRequestInterface $request) { + $request = parent::determineAccessTokenInHeader($request); + $header = $request->getHeader('authorization'); $jwt = trim(preg_replace('/^(?:\s+)?Bearer\s/', '', $header[0])); @@ -85,12 +87,12 @@ class BearerTokenResponse extends AbstractResponseType // Attempt to parse and validate the JWT $token = (new Parser())->parse($jwt); if ($token->verify(new Sha256(), $this->pathToPublicKey) === false) { - return $request->withAttribute('oauth_access_token_error', 'Access token could not be verified'); + throw OAuthServerException::accessDenied('Access token could not be verified'); } // Check if token has been revoked if ($this->accessTokenRepository->isAccessTokenRevoked($token->getClaim('jti'))) { - return $request->withAttribute('oauth_access_token_error', 'Access token has been revoked'); + throw OAuthServerException::accessDenied('Access token has been revoked'); } // Return the request with additional attributes @@ -98,9 +100,9 @@ class BearerTokenResponse extends AbstractResponseType ->withAttribute('oauth_client_id', $token->getClaim('aud')) ->withAttribute('oauth_user_id', $token->getClaim('sub')) ->withAttribute('oauth_scopes', $token->getClaim('scopes')); - } catch (\InvalidArgumentException $e) { + } catch (\InvalidArgumentException $exception) { // JWT couldn't be parsed so return the request as is - return $request->withAttribute('oauth_access_token_error', $e->getMessage()); + throw OAuthServerException::accessDenied($exception->getMessage()); } } } From b7b1f56d0c86ebeeb1d2b6043baf7bfc9a6a52e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juli=C3=A1n=20Guti=C3=A9rrez?= Date: Wed, 20 Jan 2016 10:58:45 +0100 Subject: [PATCH 4/9] stream write fix --- src/Exception/OAuthServerException.php | 4 ++-- src/Middleware/AuthenticationServerMiddleware.php | 4 +++- src/Middleware/ResourceServerMiddleware.php | 4 +++- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/src/Exception/OAuthServerException.php b/src/Exception/OAuthServerException.php index b0309290..c68c541d 100644 --- a/src/Exception/OAuthServerException.php +++ b/src/Exception/OAuthServerException.php @@ -243,9 +243,9 @@ class OAuthServerException extends \Exception $response = $response->withHeader($header, $content); } - $response = $response->withStatus($this->getHttpStatusCode()); $response->getBody()->write(json_encode($payload)); - return $response; + + return $response->withStatus($this->getHttpStatusCode()); } /** diff --git a/src/Middleware/AuthenticationServerMiddleware.php b/src/Middleware/AuthenticationServerMiddleware.php index a71d4218..14ac1c32 100644 --- a/src/Middleware/AuthenticationServerMiddleware.php +++ b/src/Middleware/AuthenticationServerMiddleware.php @@ -38,7 +38,9 @@ class AuthenticationServerMiddleware } catch (OAuthServerException $exception) { return $exception->generateHttpResponse($response); } catch (\Exception $exception) { - return $response->withStatus(500)->write($exception->getMessage()); + $response->getBody()->write($exception->getMessage()); + + return $response->withStatus(500); } if (in_array($response->getStatusCode(), [400, 401, 500])) { diff --git a/src/Middleware/ResourceServerMiddleware.php b/src/Middleware/ResourceServerMiddleware.php index ebcf2794..1794cdce 100644 --- a/src/Middleware/ResourceServerMiddleware.php +++ b/src/Middleware/ResourceServerMiddleware.php @@ -38,7 +38,9 @@ class ResourceServerMiddleware } catch (OAuthServerException $exception) { return $exception->generateHttpResponse($response); } catch (\Exception $exception) { - return $response->withStatus(500)->write($exception->getMessage()); + $response->getBody()->write($exception->getMessage()); + + return $response->withStatus(500); } // Pass the request and response on to the next responder in the chain From 44155a8efc1e95ce44a9ea54ae379554b4382651 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juli=C3=A1n=20Guti=C3=A9rrez?= Date: Wed, 20 Jan 2016 12:21:44 +0100 Subject: [PATCH 5/9] allow refresh token ttl assign --- src/Grant/AbstractGrant.php | 5 ++- src/Grant/ClientCredentialsGrant.php | 5 ++- src/Grant/GrantTypeInterface.php | 7 +-- src/Grant/PasswordGrant.php | 7 +-- src/Grant/RefreshTokenGrant.php | 8 ++-- src/Server.php | 65 +++++++++++++--------------- 6 files changed, 50 insertions(+), 47 deletions(-) diff --git a/src/Grant/AbstractGrant.php b/src/Grant/AbstractGrant.php index 490ecf4c..22ffd77f 100644 --- a/src/Grant/AbstractGrant.php +++ b/src/Grant/AbstractGrant.php @@ -283,15 +283,16 @@ abstract class AbstractGrant implements GrantTypeInterface } /** + * @param \DateInterval $tokenTTL * @param \League\OAuth2\Server\Entities\AccessTokenEntity $accessToken * * @return \League\OAuth2\Server\Entities\RefreshTokenEntity */ - protected function issueRefreshToken(AccessTokenEntity $accessToken) + protected function issueRefreshToken(\DateInterval $tokenTTL, AccessTokenEntity $accessToken) { $refreshToken = new RefreshTokenEntity(); $refreshToken->setIdentifier(SecureKey::generate()); - $refreshToken->setExpiryDateTime((new \DateTime())->add(new \DateInterval('P1M'))); + $refreshToken->setExpiryDateTime((new \DateTime())->add($tokenTTL)); $refreshToken->setAccessToken($accessToken); return $refreshToken; diff --git a/src/Grant/ClientCredentialsGrant.php b/src/Grant/ClientCredentialsGrant.php index 03c6c721..6fea3926 100644 --- a/src/Grant/ClientCredentialsGrant.php +++ b/src/Grant/ClientCredentialsGrant.php @@ -32,14 +32,15 @@ class ClientCredentialsGrant extends AbstractGrant public function respondToRequest( ServerRequestInterface $request, ResponseTypeInterface $responseType, - \DateInterval $tokenTTL + \DateInterval $accessTokenTTL, + \DateInterval $refreshTokenTTL ) { // Validate request $client = $this->validateClient($request); $scopes = $this->validateScopes($request, $client); // Issue and persist access token - $accessToken = $this->issueAccessToken($tokenTTL, $client, $client->getIdentifier(), $scopes); + $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $client->getIdentifier(), $scopes); $this->accessTokenRepository->persistNewAccessToken($accessToken); // Inject access token into response type diff --git a/src/Grant/GrantTypeInterface.php b/src/Grant/GrantTypeInterface.php index 5bc9bf08..acf32ad3 100644 --- a/src/Grant/GrantTypeInterface.php +++ b/src/Grant/GrantTypeInterface.php @@ -11,7 +11,6 @@ namespace League\OAuth2\Server\Grant; -use DateInterval; use League\Event\EmitterInterface; use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface; use League\OAuth2\Server\Repositories\ClientRepositoryInterface; @@ -43,14 +42,16 @@ interface GrantTypeInterface * * @param \Psr\Http\Message\ServerRequestInterface $request * @param \League\OAuth2\Server\ResponseTypes\ResponseTypeInterface $responseType - * @param \DateInterval $tokenTTL + * @param \DateInterval $accessTokenTTL + * @param \DateInterval $refreshTokenTTL * * @return \League\OAuth2\Server\ResponseTypes\ResponseTypeInterface */ public function respondToRequest( ServerRequestInterface $request, ResponseTypeInterface $responseType, - DateInterval $tokenTTL + \DateInterval $accessTokenTTL, + \DateInterval $refreshTokenTTL ); /** diff --git a/src/Grant/PasswordGrant.php b/src/Grant/PasswordGrant.php index 50593ef3..b6a3771e 100644 --- a/src/Grant/PasswordGrant.php +++ b/src/Grant/PasswordGrant.php @@ -59,7 +59,8 @@ class PasswordGrant extends AbstractGrant public function respondToRequest( ServerRequestInterface $request, ResponseTypeInterface $responseType, - \DateInterval $tokenTTL + \DateInterval $accessTokenTTL, + \DateInterval $refreshTokenTTL ) { // Validate request $client = $this->validateClient($request); @@ -67,8 +68,8 @@ class PasswordGrant extends AbstractGrant $scopes = $this->validateScopes($request, $client); // Issue and persist new tokens - $accessToken = $this->issueAccessToken($tokenTTL, $client, $user->getIdentifier(), $scopes); - $refreshToken = $this->issueRefreshToken($accessToken); + $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $user->getIdentifier(), $scopes); + $refreshToken = $this->issueRefreshToken($refreshTokenTTL, $accessToken); $this->accessTokenRepository->persistNewAccessToken($accessToken); $this->refreshTokenRepository->persistNewRefreshToken($refreshToken); diff --git a/src/Grant/RefreshTokenGrant.php b/src/Grant/RefreshTokenGrant.php index d8348d25..8af43365 100644 --- a/src/Grant/RefreshTokenGrant.php +++ b/src/Grant/RefreshTokenGrant.php @@ -50,8 +50,10 @@ class RefreshTokenGrant extends AbstractGrant public function respondToRequest( ServerRequestInterface $request, ResponseTypeInterface $responseType, - \DateInterval $tokenTTL + \DateInterval $accessTokenTTL, + \DateInterval $refreshTokenTTL ) { + // Validate request $client = $this->validateClient($request); $oldRefreshToken = $this->validateOldRefreshToken($request, $client->getIdentifier()); $scopes = $this->validateScopes($request, $client); @@ -75,8 +77,8 @@ class RefreshTokenGrant extends AbstractGrant $this->accessTokenRepository->revokeAccessToken($oldRefreshToken['access_token_id']); $this->refreshTokenRepository->revokeRefreshToken($oldRefreshToken['refresh_token_id']); - $accessToken = $this->issueAccessToken($tokenTTL, $client, $oldRefreshToken['user_id'], $scopes); - $refreshToken = $this->issueRefreshToken($accessToken); + $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $oldRefreshToken['user_id'], $scopes); + $refreshToken = $this->issueRefreshToken($refreshTokenTTL, $accessToken); $this->accessTokenRepository->persistNewAccessToken($accessToken); $this->refreshTokenRepository->persistNewRefreshToken($refreshToken); diff --git a/src/Server.php b/src/Server.php index a62e8b32..70822010 100644 --- a/src/Server.php +++ b/src/Server.php @@ -26,15 +26,10 @@ class Server implements EmitterAwareInterface */ protected $enabledGrantTypes = []; - /** - * @var ResponseTypeInterface[] - */ - protected $grantResponseTypes = []; - /** * @var DateInterval[] */ - protected $grantTypeAccessTokenTTL = []; + protected $grantTypeTokensTTL = []; /** * @var string @@ -92,48 +87,31 @@ class Server implements EmitterAwareInterface $this->responseType = $responseType; } - /** - * Get the token type that grants will return in the HTTP response - * - * @return ResponseTypeInterface - */ - public function getResponseType() - { - if (!$this->responseType instanceof ResponseTypeInterface) { - $this->responseType = new BearerTokenResponse( - $this->privateKeyPath, - $this->publicKeyPath, - $this->accessTokenRepository - ); - } - - return $this->responseType; - } - /** * Enable a grant type on the server * * @param \League\OAuth2\Server\Grant\GrantTypeInterface $grantType - * @param DateInterval $accessTokenTTL + * @param DateInterval|null $accessTokenTTL + * @param DateInterval|null $refreshTokenTTL */ public function enableGrantType( GrantTypeInterface $grantType, - \DateInterval $accessTokenTTL + \DateInterval $accessTokenTTL, + \DateInterval $refreshTokenTTL = null ) { $grantType->setAccessTokenRepository($this->accessTokenRepository); $grantType->setClientRepository($this->clientRepository); $grantType->setScopeRepository($this->scopeRepository); $grantType->setPathToPrivateKey($this->privateKeyPath); $grantType->setPathToPublicKey($this->publicKeyPath); - $grantType->setEmitter($this->getEmitter()); + $this->enabledGrantTypes[$grantType->getIdentifier()] = $grantType; - // Set grant response type - $this->grantResponseTypes[$grantType->getIdentifier()] = $this->getResponseType(); - - // Set grant access token TTL - $this->grantTypeAccessTokenTTL[$grantType->getIdentifier()] = $accessTokenTTL; + $this->grantTypeTokensTTL[$grantType->getIdentifier()] = [ + 'access' => $accessTokenTTL, + 'refresh' => $refreshTokenTTL !== null ? $refreshTokenTTL : new \DateInterval('P1M'), + ]; } /** @@ -160,8 +138,9 @@ class Server implements EmitterAwareInterface if ($grantType->canRespondToRequest($request)) { $tokenResponse = $grantType->respondToRequest( $request, - $this->grantResponseTypes[$grantType->getIdentifier()], - $this->grantTypeAccessTokenTTL[$grantType->getIdentifier()] + $this->getResponseType(), + $this->grantTypeTokensTTL[$grantType->getIdentifier()]['access'], + $this->grantTypeTokensTTL[$grantType->getIdentifier()]['refresh'] ); } } @@ -172,4 +151,22 @@ class Server implements EmitterAwareInterface return $tokenResponse->generateHttpResponse($response); } + + /** + * Get the token type that grants will return in the HTTP response + * + * @return ResponseTypeInterface + */ + public function getResponseType() + { + if (!$this->responseType instanceof ResponseTypeInterface) { + $this->responseType = new BearerTokenResponse( + $this->privateKeyPath, + $this->publicKeyPath, + $this->accessTokenRepository + ); + } + + return $this->responseType; + } } From b85f81c429e7e9a8615eeace343477a6d288d7f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juli=C3=A1n=20Guti=C3=A9rrez?= Date: Thu, 21 Jan 2016 18:11:53 +0100 Subject: [PATCH 6/9] configurable refresh token TTL per grant --- src/Grant/AbstractGrant.php | 18 +++++++++++++++--- src/Grant/ClientCredentialsGrant.php | 3 +-- src/Grant/GrantTypeInterface.php | 11 ++++++++--- src/Grant/PasswordGrant.php | 7 ++++--- src/Grant/RefreshTokenGrant.php | 9 +++++---- src/Server.php | 21 +++++++-------------- 6 files changed, 40 insertions(+), 29 deletions(-) diff --git a/src/Grant/AbstractGrant.php b/src/Grant/AbstractGrant.php index 22ffd77f..c6ffc760 100644 --- a/src/Grant/AbstractGrant.php +++ b/src/Grant/AbstractGrant.php @@ -80,6 +80,11 @@ abstract class AbstractGrant implements GrantTypeInterface */ protected $pathToPublicKey; + /** + * @var \DateInterval + */ + protected $refreshTokenTTL; + /** * @param ClientRepositoryInterface $clientRepository */ @@ -128,6 +133,14 @@ abstract class AbstractGrant implements GrantTypeInterface $this->emitter = $emitter; } + /** + * @inheritdoc + */ + public function setRefreshTokenTTL(\DateInterval $refreshTokenTTL) + { + $this->refreshTokenTTL = $refreshTokenTTL; + } + /** * {@inheritdoc} */ @@ -283,16 +296,15 @@ abstract class AbstractGrant implements GrantTypeInterface } /** - * @param \DateInterval $tokenTTL * @param \League\OAuth2\Server\Entities\AccessTokenEntity $accessToken * * @return \League\OAuth2\Server\Entities\RefreshTokenEntity */ - protected function issueRefreshToken(\DateInterval $tokenTTL, AccessTokenEntity $accessToken) + protected function issueRefreshToken(AccessTokenEntity $accessToken) { $refreshToken = new RefreshTokenEntity(); $refreshToken->setIdentifier(SecureKey::generate()); - $refreshToken->setExpiryDateTime((new \DateTime())->add($tokenTTL)); + $refreshToken->setExpiryDateTime((new \DateTime())->add($this->refreshTokenTTL)); $refreshToken->setAccessToken($accessToken); return $refreshToken; diff --git a/src/Grant/ClientCredentialsGrant.php b/src/Grant/ClientCredentialsGrant.php index 6fea3926..918586f9 100644 --- a/src/Grant/ClientCredentialsGrant.php +++ b/src/Grant/ClientCredentialsGrant.php @@ -32,8 +32,7 @@ class ClientCredentialsGrant extends AbstractGrant public function respondToRequest( ServerRequestInterface $request, ResponseTypeInterface $responseType, - \DateInterval $accessTokenTTL, - \DateInterval $refreshTokenTTL + \DateInterval $accessTokenTTL ) { // Validate request $client = $this->validateClient($request); diff --git a/src/Grant/GrantTypeInterface.php b/src/Grant/GrantTypeInterface.php index acf32ad3..a6a5c63a 100644 --- a/src/Grant/GrantTypeInterface.php +++ b/src/Grant/GrantTypeInterface.php @@ -23,6 +23,13 @@ use Psr\Http\Message\ServerRequestInterface; */ interface GrantTypeInterface { + /** + * Set refresh token TTL + * + * @param \DateInterval $refreshTokenTTL + */ + public function setRefreshTokenTTL(\DateInterval $refreshTokenTTL); + /** * Return the identifier * @@ -43,15 +50,13 @@ interface GrantTypeInterface * @param \Psr\Http\Message\ServerRequestInterface $request * @param \League\OAuth2\Server\ResponseTypes\ResponseTypeInterface $responseType * @param \DateInterval $accessTokenTTL - * @param \DateInterval $refreshTokenTTL * * @return \League\OAuth2\Server\ResponseTypes\ResponseTypeInterface */ public function respondToRequest( ServerRequestInterface $request, ResponseTypeInterface $responseType, - \DateInterval $accessTokenTTL, - \DateInterval $refreshTokenTTL + \DateInterval $accessTokenTTL ); /** diff --git a/src/Grant/PasswordGrant.php b/src/Grant/PasswordGrant.php index b6a3771e..9f4f41e8 100644 --- a/src/Grant/PasswordGrant.php +++ b/src/Grant/PasswordGrant.php @@ -51,6 +51,8 @@ class PasswordGrant extends AbstractGrant ) { $this->userRepository = $userRepository; $this->refreshTokenRepository = $refreshTokenRepository; + + $this->refreshTokenTTL = new \DateInterval('P1M'); } /** @@ -59,8 +61,7 @@ class PasswordGrant extends AbstractGrant public function respondToRequest( ServerRequestInterface $request, ResponseTypeInterface $responseType, - \DateInterval $accessTokenTTL, - \DateInterval $refreshTokenTTL + \DateInterval $accessTokenTTL ) { // Validate request $client = $this->validateClient($request); @@ -69,7 +70,7 @@ class PasswordGrant extends AbstractGrant // Issue and persist new tokens $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $user->getIdentifier(), $scopes); - $refreshToken = $this->issueRefreshToken($refreshTokenTTL, $accessToken); + $refreshToken = $this->issueRefreshToken($accessToken); $this->accessTokenRepository->persistNewAccessToken($accessToken); $this->refreshTokenRepository->persistNewRefreshToken($refreshToken); diff --git a/src/Grant/RefreshTokenGrant.php b/src/Grant/RefreshTokenGrant.php index 8af43365..cf3286c8 100644 --- a/src/Grant/RefreshTokenGrant.php +++ b/src/Grant/RefreshTokenGrant.php @@ -42,6 +42,8 @@ class RefreshTokenGrant extends AbstractGrant RefreshTokenRepositoryInterface $refreshTokenRepository ) { $this->refreshTokenRepository = $refreshTokenRepository; + + $this->refreshTokenTTL = new \DateInterval('P1M'); } /** @@ -50,8 +52,7 @@ class RefreshTokenGrant extends AbstractGrant public function respondToRequest( ServerRequestInterface $request, ResponseTypeInterface $responseType, - \DateInterval $accessTokenTTL, - \DateInterval $refreshTokenTTL + \DateInterval $accessTokenTTL ) { // Validate request $client = $this->validateClient($request); @@ -77,9 +78,9 @@ class RefreshTokenGrant extends AbstractGrant $this->accessTokenRepository->revokeAccessToken($oldRefreshToken['access_token_id']); $this->refreshTokenRepository->revokeRefreshToken($oldRefreshToken['refresh_token_id']); + // Issue and persist new tokens $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $oldRefreshToken['user_id'], $scopes); - $refreshToken = $this->issueRefreshToken($refreshTokenTTL, $accessToken); - + $refreshToken = $this->issueRefreshToken($accessToken); $this->accessTokenRepository->persistNewAccessToken($accessToken); $this->refreshTokenRepository->persistNewRefreshToken($refreshToken); diff --git a/src/Server.php b/src/Server.php index 70822010..adb6936d 100644 --- a/src/Server.php +++ b/src/Server.php @@ -7,6 +7,7 @@ use League\Event\EmitterAwareInterface; use League\Event\EmitterAwareTrait; use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Grant\GrantTypeInterface; +use League\OAuth2\Server\Grant\ClientCredentialsGrant; use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface; use League\OAuth2\Server\Repositories\ClientRepositoryInterface; use League\OAuth2\Server\Repositories\ScopeRepositoryInterface; @@ -29,7 +30,7 @@ class Server implements EmitterAwareInterface /** * @var DateInterval[] */ - protected $grantTypeTokensTTL = []; + protected $grantTypeAccessTokenTTL = []; /** * @var string @@ -91,14 +92,10 @@ class Server implements EmitterAwareInterface * Enable a grant type on the server * * @param \League\OAuth2\Server\Grant\GrantTypeInterface $grantType - * @param DateInterval|null $accessTokenTTL - * @param DateInterval|null $refreshTokenTTL + * @param DateInterval $accessTokenTTL */ - public function enableGrantType( - GrantTypeInterface $grantType, - \DateInterval $accessTokenTTL, - \DateInterval $refreshTokenTTL = null - ) { + public function enableGrantType(GrantTypeInterface $grantType, \DateInterval $accessTokenTTL) + { $grantType->setAccessTokenRepository($this->accessTokenRepository); $grantType->setClientRepository($this->clientRepository); $grantType->setScopeRepository($this->scopeRepository); @@ -108,10 +105,7 @@ class Server implements EmitterAwareInterface $this->enabledGrantTypes[$grantType->getIdentifier()] = $grantType; - $this->grantTypeTokensTTL[$grantType->getIdentifier()] = [ - 'access' => $accessTokenTTL, - 'refresh' => $refreshTokenTTL !== null ? $refreshTokenTTL : new \DateInterval('P1M'), - ]; + $this->grantTypeAccessTokenTTL[$grantType->getIdentifier()] = $accessTokenTTL; } /** @@ -139,8 +133,7 @@ class Server implements EmitterAwareInterface $tokenResponse = $grantType->respondToRequest( $request, $this->getResponseType(), - $this->grantTypeTokensTTL[$grantType->getIdentifier()]['access'], - $this->grantTypeTokensTTL[$grantType->getIdentifier()]['refresh'] + $this->grantTypeAccessTokenTTL[$grantType->getIdentifier()] ); } } From 11d25eb5a1da2f39e42c27ff3cd73fa964d2f64f Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Thu, 11 Feb 2016 17:49:24 +0000 Subject: [PATCH 7/9] Removed old exceptions --- src/Exception/UnauthorizedClientException.php | 36 ------------------ .../UnsupportedResponseTypeException.php | 37 ------------------- 2 files changed, 73 deletions(-) delete mode 100644 src/Exception/UnauthorizedClientException.php delete mode 100644 src/Exception/UnsupportedResponseTypeException.php diff --git a/src/Exception/UnauthorizedClientException.php b/src/Exception/UnauthorizedClientException.php deleted file mode 100644 index fd1f18c3..00000000 --- a/src/Exception/UnauthorizedClientException.php +++ /dev/null @@ -1,36 +0,0 @@ - - * @copyright Copyright (c) Alex Bilbie - * @license http://mit-license.org/ - * @link https://github.com/thephpleague/oauth2-server - */ - -namespace League\OAuth2\Server\Exception; - -/** - * Exception class - */ -class UnauthorizedClientException extends OAuthException -{ - /** - * {@inheritdoc} - */ - public $httpStatusCode = 400; - - /** - * {@inheritdoc} - */ - public $errorType = 'unauthorized_client'; - - /** - * {@inheritdoc} - */ - public function __construct() - { - parent::__construct('The client is not authorized to request an access token using this method.'); - } -} diff --git a/src/Exception/UnsupportedResponseTypeException.php b/src/Exception/UnsupportedResponseTypeException.php deleted file mode 100644 index 8707f0c5..00000000 --- a/src/Exception/UnsupportedResponseTypeException.php +++ /dev/null @@ -1,37 +0,0 @@ - - * @copyright Copyright (c) Alex Bilbie - * @license http://mit-license.org/ - * @link https://github.com/thephpleague/oauth2-server - */ - -namespace League\OAuth2\Server\Exception; - -/** - * Exception class - */ -class UnsupportedResponseTypeException extends OAuthException -{ - /** - * {@inheritdoc} - */ - public $httpStatusCode = 400; - - /** - * {@inheritdoc} - */ - public $errorType = 'unsupported_response_type'; - - /** - * {@inheritdoc} - */ - public function __construct($parameter, $redirectUri = null) - { - parent::__construct('The authorization server does not support obtaining an access token using this method.'); - $this->redirectUri = $redirectUri; - } -} From 4bc89f3fc2965b6c9b649741f5950352021548fd Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Thu, 11 Feb 2016 17:49:31 +0000 Subject: [PATCH 8/9] Removed unused import --- src/Server.php | 1 - 1 file changed, 1 deletion(-) diff --git a/src/Server.php b/src/Server.php index adb6936d..cc7eb320 100644 --- a/src/Server.php +++ b/src/Server.php @@ -7,7 +7,6 @@ use League\Event\EmitterAwareInterface; use League\Event\EmitterAwareTrait; use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Grant\GrantTypeInterface; -use League\OAuth2\Server\Grant\ClientCredentialsGrant; use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface; use League\OAuth2\Server\Repositories\ClientRepositoryInterface; use League\OAuth2\Server\Repositories\ScopeRepositoryInterface; From a40ac5d77be06bd0ab44dd719ee3bf5dd1e5c6a0 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Thu, 11 Feb 2016 17:49:41 +0000 Subject: [PATCH 9/9] Minor fixes --- src/Exception/OAuthServerException.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Exception/OAuthServerException.php b/src/Exception/OAuthServerException.php index 5531d5ee..09ef4ec5 100644 --- a/src/Exception/OAuthServerException.php +++ b/src/Exception/OAuthServerException.php @@ -2,7 +2,6 @@ namespace League\OAuth2\Server\Exception; -use League\OAuth2\Server\Utils\RedirectUri; use Psr\Http\Message\ResponseInterface; use Zend\Diactoros\Response; use Zend\Diactoros\ServerRequest; @@ -185,6 +184,7 @@ class OAuthServerException extends \Exception /** * Invalid refresh token * + * @param string|null $hint * @return static */ public static function invalidRefreshToken($hint = null)