mirror of
https://github.com/elyby/oauth2-server.git
synced 2025-05-31 14:12:07 +05:30
Compare commits
61 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
d506969543 | ||
|
|
f9cb89c175 | ||
|
85312f6995 | ||
|
|
f463eb9db1 | ||
|
|
f4cdfa91c1 | ||
|
|
fe6ecb1dcf | ||
|
|
0bf2a5333a | ||
|
|
105a5b2a31 | ||
|
|
ecf2f2b9ea | ||
|
|
493834fcbf | ||
|
|
fb518715ce | ||
|
|
fce24aa74d | ||
|
|
0c30b9ca66 | ||
|
|
03aa81450e | ||
|
6c34535155 | ||
|
5bd62fe942 | ||
|
26781d2c38 | ||
|
|
18e1bb33de | ||
|
|
3a6468897f | ||
|
|
97484eea6a | ||
|
|
3341728eb2 | ||
|
|
6b172d4c27 | ||
|
|
4962762c28 | ||
|
|
56b559894c | ||
|
|
a9a68a5cc8 | ||
|
|
542ca52d49 | ||
|
|
7d0c075b36 | ||
|
|
c056be3e48 | ||
|
|
f3e6f99696 | ||
|
|
3ad4010526 | ||
|
|
07c07ccb5e | ||
|
|
6a8f8bf7b7 | ||
|
|
4917bc228c | ||
|
|
b58082b536 | ||
|
|
f70c039275 | ||
|
|
f102b4fb68 | ||
|
|
c003f699c7 | ||
|
|
ad78ec838b | ||
|
|
34a7d14557 | ||
|
|
f5b6b43bef | ||
|
|
3be3794311 | ||
|
|
710c65aa42 | ||
|
|
7d3712a4b1 | ||
|
|
d6955922e9 | ||
|
|
352d49ec5a | ||
|
|
88616853c4 | ||
|
|
8eb7dc0d76 | ||
|
|
4cc3f97569 | ||
|
|
e6545f9dca | ||
|
|
7b1b5e94cb | ||
|
|
eceb84b978 | ||
|
|
ffac434bcc | ||
|
|
e74e5061d8 | ||
|
|
cb523e7e34 | ||
|
|
da12c09fda | ||
|
|
e04e6d2fae | ||
|
|
e555f67c8d | ||
|
|
822669fc0c | ||
|
|
828bc299b2 | ||
|
|
d22e489626 | ||
|
|
6b2f5944ef |
12
.gitignore
vendored
12
.gitignore
vendored
@@ -1,8 +1,6 @@
|
||||
/vendor/
|
||||
/vendor
|
||||
/composer.lock
|
||||
/docs/build/
|
||||
/build/logs/
|
||||
/build/coverage/
|
||||
test
|
||||
/docs/
|
||||
/testing/
|
||||
/build/logs
|
||||
/build/coverage
|
||||
/docs
|
||||
/testing
|
||||
@@ -5,4 +5,4 @@ php:
|
||||
- 5.4
|
||||
|
||||
before_script: composer install --dev
|
||||
script: phpunit -c build/phpunit.xml
|
||||
script: phpunit
|
||||
14
CHANGELOG.md
14
CHANGELOG.md
@@ -1,6 +1,16 @@
|
||||
# Changelog
|
||||
|
||||
## 1.0.4 (released 2013-02-21)
|
||||
## 1.0.7 (released 2013-03-04)
|
||||
|
||||
* Added method `requireStateParam()`
|
||||
* Added method `requireScopeParam()`
|
||||
|
||||
## 1.0.6 (released 2013-02-22)
|
||||
|
||||
* Added links to tutorials in the README
|
||||
* Added missing `state` parameter request to the `checkAuthoriseParams()` method.
|
||||
|
||||
## 1.0.5 (released 2013-02-21)
|
||||
|
||||
* Fixed the SQL example for SessionInterface::getScopes()
|
||||
|
||||
@@ -19,4 +29,4 @@
|
||||
|
||||
## 1.0.0 (released 2013-02-15)
|
||||
|
||||
* First release
|
||||
* First major release
|
||||
11
README.md
11
README.md
@@ -29,10 +29,19 @@ The authorization server is a flexible class and following core specification gr
|
||||
* client credentials ([section 2.3.1](http://tools.ietf.org/html/rfc6749#section-2.3.1))
|
||||
* password (user credentials) ([section 4.3](http://tools.ietf.org/html/rfc6749#section-4.3))
|
||||
|
||||
An overview of the different OAuth 2.0 grants can be found at [http://alexbilbie.com/2013/02/a-guide-to-oauth-2-grants/](http://alexbilbie.com/2013/02/a-guide-to-oauth-2-grants/).
|
||||
|
||||
### Resource Server
|
||||
|
||||
The resource server allows you to secure your API endpoints by checking for a valid OAuth access token in the request and ensuring the token has the correct permission to access resources.
|
||||
|
||||
|
||||
## Tutorials
|
||||
|
||||
A tutorial on how to use the authorization server can be found at [http://alexbilbie.com/2013/02/developing-an-oauth2-authorization-server/](http://alexbilbie.com/2013/02/developing-an-oauth2-authorization-server/).
|
||||
|
||||
A tutorial on how to use the resource server to secure an API server can be found at [http://alexbilbie.com/2013/02/securing-your-api-with-oauth-2/](http://alexbilbie.com/2013/02/securing-your-api-with-oauth-2/).
|
||||
|
||||
## Future Goals
|
||||
|
||||
### Authorization Server
|
||||
@@ -49,4 +58,4 @@ This code was principally developed by [Alex Bilbie](http://alexbilbie.com/) ([T
|
||||
Valuable contribtions have been made by the following:
|
||||
|
||||
* [Dan Horrigan](http://dandoescode.com) ([Twitter](https://twitter.com/dandoescode)|[Github](https://github.com/dandoescode))
|
||||
* [Nick Jackson](http://nickjackson.me) ([Twitter](https://twitter.com/jacksonj04)|[Github](https://github.com/jacksonj04))
|
||||
* [Nick Jackson](http://nickjackson.me) ([Twitter](https://twitter.com/jacksonj04)|[Github](https://github.com/jacksonj04))
|
||||
|
||||
@@ -1,8 +0,0 @@
|
||||
<?xml version="1.0"?>
|
||||
<ruleset name="PHP_CodeSniffer">
|
||||
|
||||
<description>PHP_CodeSniffer configuration</description>
|
||||
|
||||
<rule ref="PSR2"/>
|
||||
|
||||
</ruleset>
|
||||
@@ -1,14 +0,0 @@
|
||||
<ruleset name="OAuth 2.0 Server"
|
||||
xmlns="http://pmd.sf.net/ruleset/1.0.0"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://pmd.sf.net/ruleset/1.0.0
|
||||
http://pmd.sf.net/ruleset_xml_schema.xsd"
|
||||
xsi:noNamespaceSchemaLocation="http://pmd.sf.net/ruleset_xml_schema.xsd">
|
||||
|
||||
<description>
|
||||
Ruleset for OAuth 2.0 server
|
||||
</description>
|
||||
|
||||
<!-- Import the entire unused code rule set -->
|
||||
<rule ref="rulesets/unusedcode.xml" />
|
||||
</ruleset>
|
||||
@@ -1,31 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<phpunit colors="true" convertNoticesToExceptions="true" convertWarningsToExceptions="true" stopOnError="false" stopOnFailure="false" stopOnIncomplete="false" stopOnSkipped="false" bootstrap="../tests/Bootstrap.php">
|
||||
<testsuites>
|
||||
<testsuite name="Authorization Server">
|
||||
<directory suffix="Test.php">../tests/authorization</directory>
|
||||
</testsuite>
|
||||
<testsuite name="Resource Server">
|
||||
<directory suffix="Test.php">../tests/resource</directory>
|
||||
</testsuite>
|
||||
<testsuite name="Utility Methods">
|
||||
<directory suffix="Test.php">../tests/util</directory>
|
||||
</testsuite>
|
||||
</testsuites>
|
||||
<filter>
|
||||
<blacklist>
|
||||
<directory suffix=".php">PEAR_INSTALL_DIR</directory>
|
||||
<directory suffix=".php">PHP_LIBDIR</directory>
|
||||
<directory suffix=".php">../vendor/composer</directory>
|
||||
<directory suffix=".php">../vendor/mockery</directory>
|
||||
<directory suffix=".php">../vendor/phpunit</directory>
|
||||
<directory suffix=".php">../tests</directory>
|
||||
<directory suffix=".php">../testing</directory>
|
||||
</blacklist>
|
||||
</filter>
|
||||
<logging>
|
||||
<log type="coverage-html" target="coverage" title="lncd/OAuth" charset="UTF-8" yui="true" highlight="true" lowUpperBound="50" highLowerBound="90"/>
|
||||
<log type="coverage-text" target="php://stdout" title="lncd/OAuth" charset="UTF-8" yui="true" highlight="true" lowUpperBound="50" highLowerBound="90"/>
|
||||
<log type="coverage-clover" target="logs/clover.xml"/>
|
||||
<log type="junit" target="logs/junit.xml" logIncompleteSkipped="false"/>
|
||||
</logging>
|
||||
</phpunit>
|
||||
@@ -1,22 +1,15 @@
|
||||
{
|
||||
"name": "lncd/oauth2",
|
||||
"description": "OAuth 2.0 Framework",
|
||||
"version": "1.0.4",
|
||||
"homepage": "https://github.com/lncd/OAuth2",
|
||||
"name": "league/oauth2-server",
|
||||
"description": "A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants",
|
||||
"version": "1.0.9",
|
||||
"homepage": "https://github.com/php-loep/oauth2-server",
|
||||
"license": "MIT",
|
||||
"require": {
|
||||
"php": ">=5.3.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"phpunit/phpunit": "*",
|
||||
"mockery/mockery": ">=0.7.2"
|
||||
"mockery/mockery": ">=0.7.2"
|
||||
},
|
||||
"repositories": [
|
||||
{
|
||||
"type": "git",
|
||||
"url": "https://github.com/lncd/OAuth2"
|
||||
}
|
||||
],
|
||||
"keywords": [
|
||||
"oauth",
|
||||
"oauth2",
|
||||
@@ -34,6 +27,10 @@
|
||||
"role": "Developer"
|
||||
}
|
||||
],
|
||||
"replace": {
|
||||
"lncd/oauth2": "*",
|
||||
"league/oauth2server": "*"
|
||||
},
|
||||
"autoload": {
|
||||
"psr-0": {
|
||||
"OAuth2": "src/"
|
||||
|
||||
31
phpunit.xml
Normal file
31
phpunit.xml
Normal file
@@ -0,0 +1,31 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<phpunit colors="true" convertNoticesToExceptions="true" convertWarningsToExceptions="true" stopOnError="false" stopOnFailure="false" stopOnIncomplete="false" stopOnSkipped="false" bootstrap="tests/Bootstrap.php">
|
||||
<testsuites>
|
||||
<testsuite name="Authorization Server">
|
||||
<directory suffix="Test.php">tests/authorization</directory>
|
||||
</testsuite>
|
||||
<testsuite name="Resource Server">
|
||||
<directory suffix="Test.php">tests/resource</directory>
|
||||
</testsuite>
|
||||
<testsuite name="Utility Methods">
|
||||
<directory suffix="Test.php">tests/util</directory>
|
||||
</testsuite>
|
||||
</testsuites>
|
||||
<filter>
|
||||
<blacklist>
|
||||
<directory suffix=".php">PEAR_INSTALL_DIR</directory>
|
||||
<directory suffix=".php">PHP_LIBDIR</directory>
|
||||
<directory suffix=".php">vendor/composer</directory>
|
||||
<directory suffix=".php">vendor/mockery</directory>
|
||||
<directory suffix=".php">vendor/phpunit</directory>
|
||||
<directory suffix=".php">tests</directory>
|
||||
<directory suffix=".php">testing</directory>
|
||||
</blacklist>
|
||||
</filter>
|
||||
<logging>
|
||||
<log type="coverage-html" target="build/coverage" title="lncd/OAuth" charset="UTF-8" yui="true" highlight="true" lowUpperBound="50" highLowerBound="90"/>
|
||||
<log type="coverage-text" target="php://stdout" title="lncd/OAuth" charset="UTF-8" yui="true" highlight="true" lowUpperBound="50" highLowerBound="90"/>
|
||||
<log type="coverage-clover" target="build/logs/clover.xml"/>
|
||||
<log type="junit" target="build/logs/junit.xml" logIncompleteSkipped="false"/>
|
||||
</logging>
|
||||
</phpunit>
|
||||
@@ -37,7 +37,7 @@ class AuthServer
|
||||
* The TTL (time to live) of an access token in seconds (default: 3600)
|
||||
* @var integer
|
||||
*/
|
||||
static protected $expiresIn = 3600;
|
||||
protected $expiresIn = 3600;
|
||||
|
||||
/**
|
||||
* The registered grant response types
|
||||
@@ -49,19 +49,37 @@ class AuthServer
|
||||
* The client, scope and session storage classes
|
||||
* @var array
|
||||
*/
|
||||
static protected $storages = array();
|
||||
protected $storages = array();
|
||||
|
||||
/**
|
||||
* The registered grant types
|
||||
* @var array
|
||||
*/
|
||||
static protected $grantTypes = array();
|
||||
protected $grantTypes = array();
|
||||
|
||||
/**
|
||||
* Require the "scope" parameter to be in checkAuthoriseParams()
|
||||
* @var boolean
|
||||
*/
|
||||
protected $requireScopeParam = true;
|
||||
|
||||
/**
|
||||
* Default scope to be used if none is provided and requireScopeParam is false
|
||||
* @var string
|
||||
*/
|
||||
protected $defaultScope = null;
|
||||
|
||||
/**
|
||||
* Require the "state" parameter to be in checkAuthoriseParams()
|
||||
* @var boolean
|
||||
*/
|
||||
protected $requireStateParam = false;
|
||||
|
||||
/**
|
||||
* The request object
|
||||
* @var Util\RequestInterface
|
||||
*/
|
||||
static protected $request = null;
|
||||
protected $request = null;
|
||||
|
||||
/**
|
||||
* Exception error codes
|
||||
@@ -84,7 +102,7 @@ class AuthServer
|
||||
* Exception error messages
|
||||
* @var array
|
||||
*/
|
||||
static protected $exceptionMessages = array(
|
||||
protected static $exceptionMessages = array(
|
||||
'invalid_request' => 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the "%s" parameter.',
|
||||
'unauthorized_client' => 'The client is not authorized to request an access token using this method.',
|
||||
'access_denied' => 'The resource owner or authorization server denied the request.',
|
||||
@@ -130,7 +148,7 @@ class AuthServer
|
||||
*/
|
||||
public function __construct(ClientInterface $client, SessionInterface $session, ScopeInterface $scope)
|
||||
{
|
||||
self::$storages = array(
|
||||
$this->storages = array(
|
||||
'client' => $client,
|
||||
'session' => $session,
|
||||
'scope' => $scope
|
||||
@@ -147,7 +165,7 @@ class AuthServer
|
||||
if (is_null($identifier)) {
|
||||
$identifier = $grantType->getIdentifier();
|
||||
}
|
||||
self::$grantTypes[$identifier] = $grantType;
|
||||
$this->grantTypes[$identifier] = $grantType;
|
||||
|
||||
if ( ! is_null($grantType->getResponseType())) {
|
||||
$this->responseTypes[] = $grantType->getResponseType();
|
||||
@@ -159,9 +177,56 @@ class AuthServer
|
||||
* @param string $identifier The grant type identifier
|
||||
* @return boolean Returns "true" if enabled, "false" if not
|
||||
*/
|
||||
public static function hasGrantType($identifier)
|
||||
public function hasGrantType($identifier)
|
||||
{
|
||||
return (array_key_exists($identifier, self::$grantTypes));
|
||||
return (array_key_exists($identifier, $this->grantTypes));
|
||||
}
|
||||
|
||||
/**
|
||||
* Require the "scope" paremter in checkAuthoriseParams()
|
||||
* @param boolean $require
|
||||
* @return void
|
||||
*/
|
||||
public function requireScopeParam($require = true)
|
||||
{
|
||||
$this->requireScopeParam = $require;
|
||||
}
|
||||
|
||||
/**
|
||||
* Is the scope parameter required?
|
||||
* @return bool
|
||||
*/
|
||||
public function scopeParamRequired()
|
||||
{
|
||||
return $this->requireScopeParam;
|
||||
}
|
||||
|
||||
/**
|
||||
* Default scope to be used if none is provided and requireScopeParam is false
|
||||
* @var string
|
||||
*/
|
||||
public function setDefaultScope($default = null)
|
||||
{
|
||||
$this->defaultScope = $default;
|
||||
}
|
||||
|
||||
/**
|
||||
* Default scope to be used if none is provided and requireScopeParam is false
|
||||
* @return string|null
|
||||
*/
|
||||
public function getDefaultScope()
|
||||
{
|
||||
return $this->defaultScope;
|
||||
}
|
||||
|
||||
/**
|
||||
* Require the "state" paremter in checkAuthoriseParams()
|
||||
* @param boolean $require
|
||||
* @return void
|
||||
*/
|
||||
public function requireStateParam($require = false)
|
||||
{
|
||||
$this->requireStateParam = $require;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -188,9 +253,9 @@ class AuthServer
|
||||
* Get the TTL for an access token
|
||||
* @return int The TTL
|
||||
*/
|
||||
public static function getExpiresIn()
|
||||
public function getExpiresIn()
|
||||
{
|
||||
return self::$expiresIn;
|
||||
return $this->expiresIn;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -199,7 +264,7 @@ class AuthServer
|
||||
*/
|
||||
public function setExpiresIn($expiresIn)
|
||||
{
|
||||
self::$expiresIn = $expiresIn;
|
||||
$this->expiresIn = $expiresIn;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -209,7 +274,7 @@ class AuthServer
|
||||
*/
|
||||
public function setRequest(Util\RequestInterface $request)
|
||||
{
|
||||
self::$request = $request;
|
||||
$this->request = $request;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -217,16 +282,16 @@ class AuthServer
|
||||
*
|
||||
* @return Util\RequestInterface
|
||||
*/
|
||||
public static function getRequest()
|
||||
public function getRequest()
|
||||
{
|
||||
if (self::$request === null) {
|
||||
if ($this->request === null) {
|
||||
// @codeCoverageIgnoreStart
|
||||
self::$request = Request::buildFromGlobals();
|
||||
$this->request = Request::buildFromGlobals();
|
||||
|
||||
}
|
||||
// @codeCoverageIgnoreEnd
|
||||
|
||||
return self::$request;
|
||||
return $this->request;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -234,9 +299,9 @@ class AuthServer
|
||||
* @param string $obj The class required
|
||||
* @return Storage\ClientInterface|Storage\ScopeInterface|Storage\SessionInterface
|
||||
*/
|
||||
public static function getStorage($obj)
|
||||
public function getStorage($obj)
|
||||
{
|
||||
return self::$storages[$obj];
|
||||
return $this->storages[$obj];
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -249,7 +314,7 @@ class AuthServer
|
||||
public function checkAuthoriseParams($inputParams = array())
|
||||
{
|
||||
// Auth params
|
||||
$authParams = self::getParam(array('client_id', 'redirect_uri', 'response_type', 'scope'), 'get', $inputParams);
|
||||
$authParams = $this->getParam(array('client_id', 'redirect_uri', 'response_type', 'scope', 'state'), 'get', $inputParams);
|
||||
|
||||
if (is_null($authParams['client_id'])) {
|
||||
throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'client_id'), 0);
|
||||
@@ -259,8 +324,12 @@ class AuthServer
|
||||
throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'redirect_uri'), 0);
|
||||
}
|
||||
|
||||
if ($this->requireStateParam === true && is_null($authParams['state'])) {
|
||||
throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'state'), 0);
|
||||
}
|
||||
|
||||
// Validate client ID and redirect URI
|
||||
$clientDetails = self::getStorage('client')->getClient($authParams['client_id'], null, $authParams['redirect_uri']);
|
||||
$clientDetails = $this->getStorage('client')->getClient($authParams['client_id'], null, $authParams['redirect_uri']);
|
||||
|
||||
if ($clientDetails === false) {
|
||||
throw new Exception\ClientException(self::$exceptionMessages['invalid_client'], 8);
|
||||
@@ -285,14 +354,16 @@ class AuthServer
|
||||
if ($scopes[$i] === '') unset($scopes[$i]); // Remove any junk scopes
|
||||
}
|
||||
|
||||
if (count($scopes) === 0) {
|
||||
if ($this->requireScopeParam === true && count($scopes) === 0) {
|
||||
throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'scope'), 0);
|
||||
} elseif (count($scopes) === 0 && $this->defaultScope) {
|
||||
$scopes = array($this->defaultScope);
|
||||
}
|
||||
|
||||
$authParams['scopes'] = array();
|
||||
|
||||
foreach ($scopes as $scope) {
|
||||
$scopeDetails = self::getStorage('scope')->getScope($scope);
|
||||
$scopeDetails = $this->getStorage('scope')->getScope($scope);
|
||||
|
||||
if ($scopeDetails === false) {
|
||||
throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_scope'], $scope), 4);
|
||||
@@ -318,15 +389,15 @@ class AuthServer
|
||||
$authCode = SecureKey::make();
|
||||
|
||||
// Remove any old sessions the user might have
|
||||
self::getStorage('session')->deleteSession($authParams['client_id'], $type, $typeId);
|
||||
$this->getStorage('session')->deleteSession($authParams['client_id'], $type, $typeId);
|
||||
|
||||
// Create a new session
|
||||
$sessionId = self::getStorage('session')->createSession($authParams['client_id'], $authParams['redirect_uri'], $type, $typeId, $authCode);
|
||||
$sessionId = $this->getStorage('session')->createSession($authParams['client_id'], $authParams['redirect_uri'], $type, $typeId, $authCode);
|
||||
|
||||
// Associate scopes with the new session
|
||||
foreach ($authParams['scopes'] as $scope)
|
||||
{
|
||||
self::getStorage('session')->associateScope($sessionId, $scope['id']);
|
||||
$this->getStorage('session')->associateScope($sessionId, $scope['id']);
|
||||
}
|
||||
|
||||
return $authCode;
|
||||
@@ -340,14 +411,14 @@ class AuthServer
|
||||
*/
|
||||
public function issueAccessToken($inputParams = array())
|
||||
{
|
||||
$grantType = self::getParam('grant_type', 'post', $inputParams);
|
||||
$grantType = $this->getParam('grant_type', 'post', $inputParams);
|
||||
|
||||
if (is_null($grantType)) {
|
||||
throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'grant_type'), 0);
|
||||
}
|
||||
|
||||
// Ensure grant type is one that is recognised and is enabled
|
||||
if ( ! in_array($grantType, array_keys(self::$grantTypes))) {
|
||||
if ( ! in_array($grantType, array_keys($this->grantTypes))) {
|
||||
throw new Exception\ClientException(sprintf(self::$exceptionMessages['unsupported_grant_type'], $grantType), 7);
|
||||
}
|
||||
|
||||
@@ -360,26 +431,34 @@ class AuthServer
|
||||
* @param string $grantType The grant type identifer
|
||||
* @return class
|
||||
*/
|
||||
protected function getGrantType($grantType)
|
||||
public function getGrantType($grantType)
|
||||
{
|
||||
return self::$grantTypes[$grantType];
|
||||
return $this->grantTypes[$grantType];
|
||||
}
|
||||
|
||||
/**
|
||||
* Get a parameter from passed input parameters or the Request class
|
||||
* @param string|array $param Requried parameter
|
||||
* @param string|array $param Required parameter
|
||||
* @param string $method Get/put/post/delete
|
||||
* @param array $inputParams Passed input parameters
|
||||
* @return mixed 'Null' if parameter is missing
|
||||
*/
|
||||
public static function getParam($param = '', $method = 'get', $inputParams = array())
|
||||
public function getParam($param = '', $method = 'get', $inputParams = array(), $default = null)
|
||||
{
|
||||
if (is_string($param)) {
|
||||
return (isset($inputParams[$param])) ? $inputParams[$param] : self::getRequest()->{$method}($param);
|
||||
if (isset($inputParams[$param])) {
|
||||
return $inputParams[$param];
|
||||
} elseif ($param === 'client_id' && ! is_null($client_id = $this->getRequest()->server('PHP_AUTH_USER'))) {
|
||||
return $client_id;
|
||||
} elseif ($param === 'client_secret' && ! is_null($client_secret = $this->getRequest()->server('PHP_AUTH_PW'))) {
|
||||
return $client_secret;
|
||||
} else {
|
||||
return $this->getRequest()->{$method}($param, $default);
|
||||
}
|
||||
} else {
|
||||
$response = array();
|
||||
foreach ($param as $p) {
|
||||
$response[$p] = self::getParam($p, $method, $inputParams);
|
||||
$response[$p] = $this->getParam($p, $method, $inputParams);
|
||||
}
|
||||
return $response;
|
||||
}
|
||||
|
||||
@@ -36,6 +36,22 @@ class AuthCode implements GrantTypeInterface {
|
||||
*/
|
||||
protected $responseType = 'code';
|
||||
|
||||
/**
|
||||
* AuthServer instance
|
||||
* @var AuthServer
|
||||
*/
|
||||
protected $authServer = null;
|
||||
|
||||
/**
|
||||
* Constructor
|
||||
* @param AuthServer $authServer AuthServer instance
|
||||
* @return void
|
||||
*/
|
||||
public function __construct(AuthServer $authServer)
|
||||
{
|
||||
$this->authServer = $authServer;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the identifier
|
||||
* @return string
|
||||
@@ -62,51 +78,51 @@ class AuthCode implements GrantTypeInterface {
|
||||
public function completeFlow($inputParams = null)
|
||||
{
|
||||
// Get the required params
|
||||
$authParams = AuthServer::getParam(array('client_id', 'client_secret', 'redirect_uri', 'code'), 'post', $inputParams);
|
||||
$authParams = $this->authServer->getParam(array('client_id', 'client_secret', 'redirect_uri', 'code'), 'post', $inputParams);
|
||||
|
||||
if (is_null($authParams['client_id'])) {
|
||||
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_id'), 0);
|
||||
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_id'), 0);
|
||||
}
|
||||
|
||||
if (is_null($authParams['client_secret'])) {
|
||||
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_secret'), 0);
|
||||
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_secret'), 0);
|
||||
}
|
||||
|
||||
if (is_null($authParams['redirect_uri'])) {
|
||||
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'redirect_uri'), 0);
|
||||
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'redirect_uri'), 0);
|
||||
}
|
||||
|
||||
// Validate client ID and redirect URI
|
||||
$clientDetails = AuthServer::getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret'], $authParams['redirect_uri']);
|
||||
$clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret'], $authParams['redirect_uri']);
|
||||
|
||||
if ($clientDetails === false) {
|
||||
throw new Exception\ClientException(AuthServer::getExceptionMessage('invalid_client'), 8);
|
||||
throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_client'), 8);
|
||||
}
|
||||
|
||||
$authParams['client_details'] = $clientDetails;
|
||||
|
||||
// Validate the authorization code
|
||||
if (is_null($authParams['code'])) {
|
||||
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'code'), 0);
|
||||
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'code'), 0);
|
||||
}
|
||||
|
||||
// Verify the authorization code matches the client_id and the request_uri
|
||||
$session = AuthServer::getStorage('session')->validateAuthCode($authParams['client_id'], $authParams['redirect_uri'], $authParams['code']);
|
||||
$session = $this->authServer->getStorage('session')->validateAuthCode($authParams['client_id'], $authParams['redirect_uri'], $authParams['code']);
|
||||
|
||||
if ( ! $session) {
|
||||
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_grant'), 'code'), 9);
|
||||
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_grant'), 'code'), 9);
|
||||
}
|
||||
|
||||
// A session ID was returned so update it with an access token,
|
||||
// remove the authorisation code, change the stage to 'granted'
|
||||
|
||||
$accessToken = SecureKey::make();
|
||||
$refreshToken = (AuthServer::hasGrantType('refresh_token')) ? SecureKey::make() : null;
|
||||
$refreshToken = ($this->authServer->hasGrantType('refresh_token')) ? SecureKey::make() : null;
|
||||
|
||||
$accessTokenExpires = time() + AuthServer::getExpiresIn();
|
||||
$accessTokenExpiresIn = AuthServer::getExpiresIn();
|
||||
$accessTokenExpires = time() + $this->authServer->getExpiresIn();
|
||||
$accessTokenExpiresIn = $this->authServer->getExpiresIn();
|
||||
|
||||
AuthServer::getStorage('session')->updateSession(
|
||||
$this->authServer->getStorage('session')->updateSession(
|
||||
$session['id'],
|
||||
null,
|
||||
$accessToken,
|
||||
@@ -122,7 +138,7 @@ class AuthCode implements GrantTypeInterface {
|
||||
'expires_in' => $accessTokenExpiresIn
|
||||
);
|
||||
|
||||
if (AuthServer::hasGrantType('refresh_token')) {
|
||||
if ($this->authServer->hasGrantType('refresh_token')) {
|
||||
$response['refresh_token'] = $refreshToken;
|
||||
}
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
<?php
|
||||
/**
|
||||
* OAuth 2.0 Auth code grant
|
||||
* OAuth 2.0 Client credentials grant
|
||||
*
|
||||
* @package lncd/oauth2
|
||||
* @author Alex Bilbie <hello@alexbilbie.com>
|
||||
@@ -36,6 +36,22 @@ class ClientCredentials implements GrantTypeInterface {
|
||||
*/
|
||||
protected $responseType = null;
|
||||
|
||||
/**
|
||||
* AuthServer instance
|
||||
* @var AuthServer
|
||||
*/
|
||||
protected $authServer = null;
|
||||
|
||||
/**
|
||||
* Constructor
|
||||
* @param AuthServer $authServer AuthServer instance
|
||||
* @return void
|
||||
*/
|
||||
public function __construct(AuthServer $authServer)
|
||||
{
|
||||
$this->authServer = $authServer;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the identifier
|
||||
* @return string
|
||||
@@ -62,7 +78,7 @@ class ClientCredentials implements GrantTypeInterface {
|
||||
public function completeFlow($inputParams = null)
|
||||
{
|
||||
// Get the required params
|
||||
$authParams = AuthServer::getParam(array('client_id', 'client_secret'), 'post', $inputParams);
|
||||
$authParams = $this->authServer->getParam(array('client_id', 'client_secret'), 'post', $inputParams);
|
||||
|
||||
if (is_null($authParams['client_id'])) {
|
||||
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_id'), 0);
|
||||
@@ -73,7 +89,7 @@ class ClientCredentials implements GrantTypeInterface {
|
||||
}
|
||||
|
||||
// Validate client ID and client secret
|
||||
$clientDetails = AuthServer::getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret']);
|
||||
$clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret']);
|
||||
|
||||
if ($clientDetails === false) {
|
||||
throw new Exception\ClientException(AuthServer::getExceptionMessage('invalid_client'), 8);
|
||||
@@ -81,18 +97,45 @@ class ClientCredentials implements GrantTypeInterface {
|
||||
|
||||
$authParams['client_details'] = $clientDetails;
|
||||
|
||||
// Validate any scopes that are in the request
|
||||
$scope = $this->authServer->getParam('scope', 'post', $inputParams, '');
|
||||
$scopes = explode($this->authServer->getScopeDelimeter(), $scope);
|
||||
|
||||
for ($i = 0; $i < count($scopes); $i++) {
|
||||
$scopes[$i] = trim($scopes[$i]);
|
||||
if ($scopes[$i] === '') unset($scopes[$i]); // Remove any junk scopes
|
||||
}
|
||||
|
||||
if ($this->authServer->scopeParamRequired() === true && count($scopes) === 0) {
|
||||
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'scope'), 0);
|
||||
} elseif (count($scopes) === 0 && $this->authServer->getDefaultScope()) {
|
||||
$scopes = array($this->authServer->getDefaultScope());
|
||||
}
|
||||
|
||||
$authParams['scopes'] = array();
|
||||
|
||||
foreach ($scopes as $scope) {
|
||||
$scopeDetails = $this->authServer->getStorage('scope')->getScope($scope);
|
||||
|
||||
if ($scopeDetails === false) {
|
||||
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_scope'), $scope), 4);
|
||||
}
|
||||
|
||||
$authParams['scopes'][] = $scopeDetails;
|
||||
}
|
||||
|
||||
// Generate an access token
|
||||
$accessToken = SecureKey::make();
|
||||
$refreshToken = (AuthServer::hasGrantType('refresh_token')) ? SecureKey::make() : null;
|
||||
$refreshToken = ($this->authServer->hasGrantType('refresh_token')) ? SecureKey::make() : null;
|
||||
|
||||
$accessTokenExpires = time() + AuthServer::getExpiresIn();
|
||||
$accessTokenExpiresIn = AuthServer::getExpiresIn();
|
||||
$accessTokenExpires = time() + $this->authServer->getExpiresIn();
|
||||
$accessTokenExpiresIn = $this->authServer->getExpiresIn();
|
||||
|
||||
// Delete any existing sessions just to be sure
|
||||
AuthServer::getStorage('session')->deleteSession($authParams['client_id'], 'client', $authParams['client_id']);
|
||||
$this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'client', $authParams['client_id']);
|
||||
|
||||
// Create a new session
|
||||
AuthServer::getStorage('session')->createSession(
|
||||
$sessionId = $this->authServer->getStorage('session')->createSession(
|
||||
$authParams['client_id'],
|
||||
null,
|
||||
'client',
|
||||
@@ -104,6 +147,12 @@ class ClientCredentials implements GrantTypeInterface {
|
||||
'granted'
|
||||
);
|
||||
|
||||
// Associate scopes with the new session
|
||||
foreach ($authParams['scopes'] as $scope)
|
||||
{
|
||||
$this->authServer->getStorage('session')->associateScope($sessionId, $scope['id']);
|
||||
}
|
||||
|
||||
$response = array(
|
||||
'access_token' => $accessToken,
|
||||
'token_type' => 'bearer',
|
||||
@@ -111,7 +160,7 @@ class ClientCredentials implements GrantTypeInterface {
|
||||
'expires_in' => $accessTokenExpiresIn
|
||||
);
|
||||
|
||||
if (AuthServer::hasGrantType('refresh_token')) {
|
||||
if ($this->authServer->hasGrantType('refresh_token')) {
|
||||
$response['refresh_token'] = $refreshToken;
|
||||
}
|
||||
|
||||
|
||||
@@ -21,10 +21,17 @@ use OAuth2\Storage\ScopeInterface;
|
||||
|
||||
interface GrantTypeInterface
|
||||
{
|
||||
/**
|
||||
* Returns the grant identifier (used to validate grant_type in OAuth2\AuthServer\issueAccessToken())
|
||||
* @return string
|
||||
*/
|
||||
/**
|
||||
* Constructor
|
||||
* @param AuthServer $authServer AuthServer instance
|
||||
* @return void
|
||||
*/
|
||||
public function __construct(AuthServer $authServer);
|
||||
|
||||
/**
|
||||
* Returns the grant identifier (used to validate grant_type in OAuth2\AuthServer\issueAccessToken())
|
||||
* @return string
|
||||
*/
|
||||
public function getIdentifier();
|
||||
|
||||
/**
|
||||
|
||||
116
src/OAuth2/Grant/Implicit.php
Normal file
116
src/OAuth2/Grant/Implicit.php
Normal file
@@ -0,0 +1,116 @@
|
||||
<?php
|
||||
/**
|
||||
* OAuth 2.0 implicit grant
|
||||
*
|
||||
* @package lncd/oauth2
|
||||
* @author Alex Bilbie <hello@alexbilbie.com>
|
||||
* @copyright Copyright (c) 2013 University of Lincoln
|
||||
* @license http://mit-license.org/
|
||||
* @link http://github.com/lncd/oauth2
|
||||
*/
|
||||
|
||||
namespace OAuth2\Grant;
|
||||
|
||||
use OAuth2\Request;
|
||||
use OAuth2\AuthServer;
|
||||
use OAuth2\Exception;
|
||||
use OAuth2\Util\SecureKey;
|
||||
use OAuth2\Storage\SessionInterface;
|
||||
use OAuth2\Storage\ClientInterface;
|
||||
use OAuth2\Storage\ScopeInterface;
|
||||
|
||||
/**
|
||||
* Client credentials grant class
|
||||
*/
|
||||
class Implict implements GrantTypeInterface {
|
||||
|
||||
/**
|
||||
* Grant identifier
|
||||
* @var string
|
||||
*/
|
||||
protected $identifier = 'implicit';
|
||||
|
||||
/**
|
||||
* Response type
|
||||
* @var string
|
||||
*/
|
||||
protected $responseType = 'token';
|
||||
|
||||
/**
|
||||
* AuthServer instance
|
||||
* @var AuthServer
|
||||
*/
|
||||
protected $authServer = null;
|
||||
|
||||
/**
|
||||
* Constructor
|
||||
* @param AuthServer $authServer AuthServer instance
|
||||
* @return void
|
||||
*/
|
||||
public function __construct(AuthServer $authServer)
|
||||
{
|
||||
$this->authServer = $authServer;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the identifier
|
||||
* @return string
|
||||
*/
|
||||
public function getIdentifier()
|
||||
{
|
||||
return $this->identifier;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the response type
|
||||
* @return string
|
||||
*/
|
||||
public function getResponseType()
|
||||
{
|
||||
return $this->responseType;
|
||||
}
|
||||
|
||||
/**
|
||||
* Complete the client credentials grant
|
||||
* @param null|array $inputParams
|
||||
* @return array
|
||||
*/
|
||||
public function completeFlow($authParams = null)
|
||||
{
|
||||
// Remove any old sessions the user might have
|
||||
$this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'user', $authParams['user_id']);
|
||||
|
||||
// Generate a new access token
|
||||
$accessToken = SecureKey::make();
|
||||
|
||||
// Compute expiry time
|
||||
$accessTokenExpires = time() + $this->authServer->getExpiresIn();
|
||||
|
||||
// Create a new session
|
||||
$sessionId = $this->authServer->getStorage('session')->createSession(
|
||||
$authParams['client_id'],
|
||||
$authParams['redirect_uri'],
|
||||
'user',
|
||||
$authParams['user_id'],
|
||||
null,
|
||||
$accessToken,
|
||||
null,
|
||||
$accessTokenExpires,
|
||||
'granted'
|
||||
);
|
||||
|
||||
// Associate scopes with the new session
|
||||
foreach ($authParams['scopes'] as $scope)
|
||||
{
|
||||
$this->authServer->getStorage('session')->associateScope($sessionId, $scope['id']);
|
||||
}
|
||||
|
||||
$response = array(
|
||||
'access_token' => $accessToken
|
||||
);
|
||||
|
||||
return $response;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
@@ -42,6 +42,22 @@ class Password implements GrantTypeInterface {
|
||||
*/
|
||||
protected $callback = null;
|
||||
|
||||
/**
|
||||
* AuthServer instance
|
||||
* @var AuthServer
|
||||
*/
|
||||
protected $authServer = null;
|
||||
|
||||
/**
|
||||
* Constructor
|
||||
* @param AuthServer $authServer AuthServer instance
|
||||
* @return void
|
||||
*/
|
||||
public function __construct(AuthServer $authServer)
|
||||
{
|
||||
$this->authServer = $authServer;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the identifier
|
||||
* @return string
|
||||
@@ -90,52 +106,79 @@ class Password implements GrantTypeInterface {
|
||||
public function completeFlow($inputParams = null)
|
||||
{
|
||||
// Get the required params
|
||||
$authParams = AuthServer::getParam(array('client_id', 'client_secret', 'username', 'password'), 'post', $inputParams);
|
||||
$authParams = $this->authServer->getParam(array('client_id', 'client_secret', 'username', 'password'), 'post', $inputParams);
|
||||
|
||||
if (is_null($authParams['client_id'])) {
|
||||
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_id'), 0);
|
||||
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_id'), 0);
|
||||
}
|
||||
|
||||
if (is_null($authParams['client_secret'])) {
|
||||
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_secret'), 0);
|
||||
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_secret'), 0);
|
||||
}
|
||||
|
||||
// Validate client ID and redirect URI
|
||||
$clientDetails = AuthServer::getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret']);
|
||||
$clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret']);
|
||||
|
||||
if ($clientDetails === false) {
|
||||
throw new Exception\ClientException(AuthServer::getExceptionMessage('invalid_client'), 8);
|
||||
throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_client'), 8);
|
||||
}
|
||||
|
||||
$authParams['client_details'] = $clientDetails;
|
||||
|
||||
if (is_null($authParams['username'])) {
|
||||
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'username'), 0);
|
||||
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'username'), 0);
|
||||
}
|
||||
|
||||
if (is_null($authParams['password'])) {
|
||||
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'password'), 0);
|
||||
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'password'), 0);
|
||||
}
|
||||
|
||||
// Check if user's username and password are correct
|
||||
$userId = call_user_func($this->getVerifyCredentialsCallback(), $authParams['username'], $authParams['password']);
|
||||
|
||||
if ($userId === false) {
|
||||
throw new Exception\ClientException(AuthServer::getExceptionMessage('invalid_credentials'), 0);
|
||||
throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_credentials'), 0);
|
||||
}
|
||||
|
||||
// Validate any scopes that are in the request
|
||||
$scope = $this->authServer->getParam('scope', 'post', $inputParams, '');
|
||||
$scopes = explode($this->authServer->getScopeDelimeter(), $scope);
|
||||
|
||||
for ($i = 0; $i < count($scopes); $i++) {
|
||||
$scopes[$i] = trim($scopes[$i]);
|
||||
if ($scopes[$i] === '') unset($scopes[$i]); // Remove any junk scopes
|
||||
}
|
||||
|
||||
if ($this->authServer->scopeParamRequired() === true && count($scopes) === 0) {
|
||||
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'scope'), 0);
|
||||
} elseif (count($scopes) === 0 && $this->authServer->getDefaultScope()) {
|
||||
$scopes = array($this->authServer->getDefaultScope());
|
||||
}
|
||||
|
||||
$authParams['scopes'] = array();
|
||||
|
||||
foreach ($scopes as $scope) {
|
||||
$scopeDetails = $this->authServer->getStorage('scope')->getScope($scope);
|
||||
|
||||
if ($scopeDetails === false) {
|
||||
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_scope'), $scope), 4);
|
||||
}
|
||||
|
||||
$authParams['scopes'][] = $scopeDetails;
|
||||
}
|
||||
|
||||
// Generate an access token
|
||||
$accessToken = SecureKey::make();
|
||||
$refreshToken = (AuthServer::hasGrantType('refresh_token')) ? SecureKey::make() : null;
|
||||
$refreshToken = ($this->authServer->hasGrantType('refresh_token')) ? SecureKey::make() : null;
|
||||
|
||||
$accessTokenExpires = time() + AuthServer::getExpiresIn();
|
||||
$accessTokenExpiresIn = AuthServer::getExpiresIn();
|
||||
$accessTokenExpires = time() + $this->authServer->getExpiresIn();
|
||||
$accessTokenExpiresIn = $this->authServer->getExpiresIn();
|
||||
|
||||
// Delete any existing sessions just to be sure
|
||||
AuthServer::getStorage('session')->deleteSession($authParams['client_id'], 'user', $userId);
|
||||
$this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'user', $userId);
|
||||
|
||||
// Create a new session
|
||||
AuthServer::getStorage('session')->createSession(
|
||||
$sessionId = $this->authServer->getStorage('session')->createSession(
|
||||
$authParams['client_id'],
|
||||
null,
|
||||
'user',
|
||||
@@ -147,6 +190,12 @@ class Password implements GrantTypeInterface {
|
||||
'granted'
|
||||
);
|
||||
|
||||
// Associate scopes with the new session
|
||||
foreach ($authParams['scopes'] as $scope)
|
||||
{
|
||||
$this->authServer->getStorage('session')->associateScope($sessionId, $scope['id']);
|
||||
}
|
||||
|
||||
$response = array(
|
||||
'access_token' => $accessToken,
|
||||
'token_type' => 'bearer',
|
||||
@@ -154,7 +203,7 @@ class Password implements GrantTypeInterface {
|
||||
'expires_in' => $accessTokenExpiresIn
|
||||
);
|
||||
|
||||
if (AuthServer::hasGrantType('refresh_token')) {
|
||||
if ($this->authServer->hasGrantType('refresh_token')) {
|
||||
$response['refresh_token'] = $refreshToken;
|
||||
}
|
||||
|
||||
|
||||
@@ -36,6 +36,22 @@ class RefreshToken implements GrantTypeInterface {
|
||||
*/
|
||||
protected $responseType = null;
|
||||
|
||||
/**
|
||||
* AuthServer instance
|
||||
* @var AuthServer
|
||||
*/
|
||||
protected $authServer = null;
|
||||
|
||||
/**
|
||||
* Constructor
|
||||
* @param AuthServer $authServer AuthServer instance
|
||||
* @return void
|
||||
*/
|
||||
public function __construct(AuthServer $authServer)
|
||||
{
|
||||
$this->authServer = $authServer;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the identifier
|
||||
* @return string
|
||||
@@ -62,47 +78,47 @@ class RefreshToken implements GrantTypeInterface {
|
||||
public function completeFlow($inputParams = null)
|
||||
{
|
||||
// Get the required params
|
||||
$authParams = AuthServer::getParam(array('client_id', 'client_secret', 'refresh_token'), 'post', $inputParams);
|
||||
$authParams = $this->authServer->getParam(array('client_id', 'client_secret', 'refresh_token'), 'post', $inputParams);
|
||||
|
||||
if (is_null($authParams['client_id'])) {
|
||||
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_id'), 0);
|
||||
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_id'), 0);
|
||||
}
|
||||
|
||||
if (is_null($authParams['client_secret'])) {
|
||||
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_secret'), 0);
|
||||
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_secret'), 0);
|
||||
}
|
||||
|
||||
// Validate client ID and client secret
|
||||
$clientDetails = AuthServer::getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret']);
|
||||
$clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret']);
|
||||
|
||||
if ($clientDetails === false) {
|
||||
throw new Exception\ClientException(AuthServer::getExceptionMessage('invalid_client'), 8);
|
||||
throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_client'), 8);
|
||||
}
|
||||
|
||||
$authParams['client_details'] = $clientDetails;
|
||||
|
||||
if (is_null($authParams['refresh_token'])) {
|
||||
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'refresh_token'), 0);
|
||||
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'refresh_token'), 0);
|
||||
}
|
||||
|
||||
// Validate refresh token
|
||||
$sessionId = AuthServer::getStorage('client')->validateRefreshToken(
|
||||
$sessionId = $this->authServer->getStorage('client')->validateRefreshToken(
|
||||
$authParams['refresh_token'],
|
||||
$authParams['client_id']
|
||||
);
|
||||
|
||||
if ($sessionId === false) {
|
||||
throw new Exception\ClientException(AuthServer::getExceptionMessage('invalid_refresh'), 0);
|
||||
throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_refresh'), 0);
|
||||
}
|
||||
|
||||
// Generate new tokens
|
||||
$accessToken = SecureKey::make();
|
||||
$refreshToken = (AuthServer::hasGrantType('refresh_token')) ? SecureKey::make() : null;
|
||||
$refreshToken = ($this->authServer->hasGrantType('refresh_token')) ? SecureKey::make() : null;
|
||||
|
||||
$accessTokenExpires = time() + AuthServer::getExpiresIn();
|
||||
$accessTokenExpiresIn = AuthServer::getExpiresIn();
|
||||
$accessTokenExpires = time() + $this->authServer->getExpiresIn();
|
||||
$accessTokenExpiresIn = $this->authServer->getExpiresIn();
|
||||
|
||||
AuthServer::getStorage('session')->updateRefreshToken($sessionId, $accessToken, $refreshToken, $accessTokenExpires);
|
||||
$this->authServer->getStorage('session')->updateRefreshToken($sessionId, $accessToken, $refreshToken, $accessTokenExpires);
|
||||
|
||||
return array(
|
||||
'access_token' => $accessToken,
|
||||
|
||||
@@ -13,7 +13,6 @@ namespace OAuth2;
|
||||
|
||||
use OutOfBoundsException;
|
||||
use OAuth2\Storage\SessionInterface;
|
||||
use OAuth2\Storage\SessionScopeInterface;
|
||||
use OAuth2\Util\RequestInterface;
|
||||
use OAuth2\Util\Request;
|
||||
|
||||
@@ -216,7 +215,7 @@ class ResourceServer
|
||||
protected function determineAccessToken()
|
||||
{
|
||||
if ($header = $this->getRequest()->header('Authorization')) {
|
||||
$access_token = base64_decode(trim(str_replace('Bearer', '', $header)));
|
||||
$access_token = trim(str_replace('Bearer', '', $header));
|
||||
} else {
|
||||
$method = $this->getRequest()->server('REQUEST_METHOD');
|
||||
$access_token = $this->getRequest()->{$method}($this->tokenKey);
|
||||
|
||||
@@ -105,29 +105,10 @@ interface SessionInterface
|
||||
* redirect_uri = $redirectUri AND auth_code = $authCode
|
||||
* </code>
|
||||
*
|
||||
* Response:
|
||||
*
|
||||
* <code>
|
||||
* Array
|
||||
* (
|
||||
* [id] => (int) The session ID
|
||||
* [client_id] => (string) The client ID
|
||||
* [redirect_uri] => (string) The redirect URI
|
||||
* [owner_type] => (string) The session owner type
|
||||
* [owner_id] => (string) The session owner's ID
|
||||
* [auth_code] => (string) The authorisation code
|
||||
* [stage] => (string) The session's stage
|
||||
* [first_requested] => (int) Unix timestamp of the time the session was
|
||||
* first generated
|
||||
* [last_updated] => (int) Unix timestamp of the time the session was
|
||||
* last updated
|
||||
* )
|
||||
* </code>
|
||||
*
|
||||
* @param string $clientId The client ID
|
||||
* @param string $redirectUri The redirect URI
|
||||
* @param string $authCode The authorisation code
|
||||
* @return int|bool Returns the session ID if the auth code
|
||||
* @return array|bool Returns an array with the session ID in the 'id' key if the auth code
|
||||
* is valid otherwise returns false
|
||||
*/
|
||||
public function validateAuthCode(
|
||||
@@ -156,8 +137,8 @@ interface SessionInterface
|
||||
* )
|
||||
* </code>
|
||||
*
|
||||
* @param [type] $accessToken [description]
|
||||
* @return [type] [description]
|
||||
* @param string $accessToken The access token
|
||||
* @return bool|array Returns false if the validation fails, array on success
|
||||
*/
|
||||
public function validateAccessToken($accessToken);
|
||||
|
||||
@@ -180,7 +161,7 @@ interface SessionInterface
|
||||
* Validate a refresh token
|
||||
* @param string $refreshToken The refresh token
|
||||
* @param string $clientId The client ID
|
||||
* @return int The session ID
|
||||
* @return bool|int The session ID, or false on failure
|
||||
*/
|
||||
public function validateRefreshToken($refreshToken, $clientId);
|
||||
|
||||
@@ -201,7 +182,12 @@ interface SessionInterface
|
||||
* @param int $accessTokenExpires The UNIX timestamp of when the new token expires
|
||||
* @return void
|
||||
*/
|
||||
public function updateRefreshToken($sessionId, $newAccessToken, $newRefreshToken, $accessTokenExpires);
|
||||
public function updateRefreshToken(
|
||||
$sessionId,
|
||||
$newAccessToken,
|
||||
$newRefreshToken,
|
||||
$accessTokenExpires
|
||||
);
|
||||
|
||||
/**
|
||||
* Associates a session with a scope
|
||||
@@ -225,8 +211,7 @@ interface SessionInterface
|
||||
* Example SQL query:
|
||||
*
|
||||
* <code>
|
||||
* SELECT oauth_scopes.scope, oauth_scopes.name, oauth_scopes.description
|
||||
* FROM oauth_session_scopes JOIN oauth_scopes ON
|
||||
* SELECT oauth_scopes.scope FROM oauth_session_scopes JOIN oauth_scopes ON
|
||||
* oauth_session_scopes.scope_id = oauth_scopes.id WHERE
|
||||
* session_id = $sessionId
|
||||
* </code>
|
||||
@@ -236,12 +221,11 @@ interface SessionInterface
|
||||
* <code>
|
||||
* Array
|
||||
* (
|
||||
* [0] => Array
|
||||
* (
|
||||
* [scope] => (string) The scope
|
||||
* [name] => (string) The scope's name
|
||||
* [description] => (string) The scope's description
|
||||
* )
|
||||
* [0] => (string) The scope
|
||||
* [1] => (string) The scope
|
||||
* [2] => (string) The scope
|
||||
* ...
|
||||
* ...
|
||||
* )
|
||||
* </code>
|
||||
*
|
||||
|
||||
@@ -52,7 +52,8 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
|
||||
|
||||
public function test_hasGrantType()
|
||||
{
|
||||
$this->assertFalse(OAuth2\AuthServer::hasGrantType('test'));
|
||||
$a = $this->returnDefault();
|
||||
$this->assertFalse($a->hasGrantType('test'));
|
||||
}
|
||||
|
||||
public function test_addGrantType()
|
||||
@@ -62,7 +63,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
|
||||
$grant->shouldReceive('getResponseType')->andReturn('test');
|
||||
$a->addGrantType($grant, 'test');
|
||||
|
||||
$this->assertTrue(OAuth2\AuthServer::hasGrantType('test'));
|
||||
$this->assertTrue($a->hasGrantType('test'));
|
||||
}
|
||||
|
||||
public function test_addGrantType_noIdentifier()
|
||||
@@ -73,7 +74,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
|
||||
$grant->shouldReceive('getResponseType')->andReturn('test');
|
||||
$a->addGrantType($grant);
|
||||
|
||||
$this->assertTrue(OAuth2\AuthServer::hasGrantType('test'));
|
||||
$this->assertTrue($a->hasGrantType('test'));
|
||||
}
|
||||
|
||||
public function test_getScopeDelimeter()
|
||||
@@ -89,11 +90,65 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
|
||||
$this->assertEquals(';', $a->getScopeDelimeter());
|
||||
}
|
||||
|
||||
public function test_requireScopeParam()
|
||||
{
|
||||
$a = $this->returnDefault();
|
||||
$a->requireScopeParam(false);
|
||||
|
||||
$reflector = new ReflectionClass($a);
|
||||
$requestProperty = $reflector->getProperty('requireScopeParam');
|
||||
$requestProperty->setAccessible(true);
|
||||
$v = $requestProperty->getValue($a);
|
||||
|
||||
$this->assertFalse($v);
|
||||
}
|
||||
|
||||
public function test_scopeParamRequired()
|
||||
{
|
||||
$a = $this->returnDefault();
|
||||
$a->requireScopeParam(false);
|
||||
|
||||
$this->assertFalse($a->scopeParamRequired());
|
||||
}
|
||||
|
||||
public function test_setDefaultScope()
|
||||
{
|
||||
$a = $this->returnDefault();
|
||||
$a->setDefaultScope('test.default');
|
||||
|
||||
$reflector = new ReflectionClass($a);
|
||||
$requestProperty = $reflector->getProperty('defaultScope');
|
||||
$requestProperty->setAccessible(true);
|
||||
$v = $requestProperty->getValue($a);
|
||||
|
||||
$this->assertEquals('test.default', $v);
|
||||
}
|
||||
|
||||
public function test_getDefaultScope()
|
||||
{
|
||||
$a = $this->returnDefault();
|
||||
$a->setDefaultScope('test.default');
|
||||
$this->assertEquals('test.default', $a->getDefaultScope());
|
||||
}
|
||||
|
||||
public function test_requireStateParam()
|
||||
{
|
||||
$a = $this->returnDefault();
|
||||
$a->requireStateParam(true);
|
||||
|
||||
$reflector = new ReflectionClass($a);
|
||||
$requestProperty = $reflector->getProperty('requireStateParam');
|
||||
$requestProperty->setAccessible(true);
|
||||
$v = $requestProperty->getValue($a);
|
||||
|
||||
$this->assertTrue($v);
|
||||
}
|
||||
|
||||
public function test_getExpiresIn()
|
||||
{
|
||||
$a = $this->returnDefault();
|
||||
$a->setExpiresIn(7200);
|
||||
$this->assertEquals(7200, $a::getExpiresIn());
|
||||
$this->assertEquals(7200, $a->getExpiresIn());
|
||||
}
|
||||
|
||||
public function test_setExpiresIn()
|
||||
@@ -112,7 +167,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
|
||||
$reflector = new ReflectionClass($a);
|
||||
$requestProperty = $reflector->getProperty('request');
|
||||
$requestProperty->setAccessible(true);
|
||||
$v = $requestProperty->getValue();
|
||||
$v = $requestProperty->getValue($a);
|
||||
|
||||
$this->assertTrue($v instanceof OAuth2\Util\RequestInterface);
|
||||
}
|
||||
@@ -122,7 +177,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
|
||||
$a = $this->returnDefault();
|
||||
$request = new OAuth2\Util\Request();
|
||||
$a->setRequest($request);
|
||||
$v = $a::getRequest();
|
||||
$v = $a->getRequest();
|
||||
|
||||
$this->assertTrue($v instanceof OAuth2\Util\RequestInterface);
|
||||
}
|
||||
@@ -155,6 +210,20 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
|
||||
));
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException OAuth2\Exception\ClientException
|
||||
* @expectedExceptionCode 0
|
||||
*/
|
||||
public function test_checkAuthoriseParams_noRequiredState()
|
||||
{
|
||||
$a = $this->returnDefault();
|
||||
$a->requireStateParam(true);
|
||||
$a->checkAuthoriseParams(array(
|
||||
'client_id' => 1234,
|
||||
'redirect_uri' => 'http://foo/redirect'
|
||||
));
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException OAuth2\Exception\ClientException
|
||||
* @expectedExceptionCode 8
|
||||
@@ -225,7 +294,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
|
||||
));
|
||||
|
||||
$a = $this->returnDefault();
|
||||
$a->addGrantType(new OAuth2\Grant\AuthCode());
|
||||
$a->addGrantType(new OAuth2\Grant\AuthCode($a));
|
||||
|
||||
$a->checkAuthoriseParams(array(
|
||||
'client_id' => 1234,
|
||||
@@ -235,6 +304,37 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
|
||||
));
|
||||
}
|
||||
|
||||
public function test_checkAuthoriseParams_defaultScope()
|
||||
{
|
||||
$this->client->shouldReceive('getClient')->andReturn(array(
|
||||
'client_id' => 1234,
|
||||
'client_secret' => 5678,
|
||||
'redirect_uri' => 'http://foo/redirect',
|
||||
'name' => 'Example Client'
|
||||
));
|
||||
|
||||
$this->scope->shouldReceive('getScope')->andReturn(array(
|
||||
'id' => 1,
|
||||
'scope' => 'foo',
|
||||
'name' => 'Foo Name',
|
||||
'description' => 'Foo Name Description'
|
||||
));
|
||||
|
||||
$a = $this->returnDefault();
|
||||
$a->addGrantType(new OAuth2\Grant\AuthCode($a));
|
||||
$a->setDefaultScope('test.scope');
|
||||
$a->requireScopeParam(false);
|
||||
|
||||
$params = $a->checkAuthoriseParams(array(
|
||||
'client_id' => 1234,
|
||||
'redirect_uri' => 'http://foo/redirect',
|
||||
'response_type' => 'code',
|
||||
'scope' => ''
|
||||
));
|
||||
|
||||
$this->assertArrayHasKey('scopes', $params);
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException OAuth2\Exception\ClientException
|
||||
* @expectedExceptionCode 4
|
||||
@@ -251,7 +351,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
|
||||
$this->scope->shouldReceive('getScope')->andReturn(false);
|
||||
|
||||
$a = $this->returnDefault();
|
||||
$a->addGrantType(new OAuth2\Grant\AuthCode());
|
||||
$a->addGrantType(new OAuth2\Grant\AuthCode($a));
|
||||
|
||||
$a->checkAuthoriseParams(array(
|
||||
'client_id' => 1234,
|
||||
@@ -264,7 +364,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
|
||||
public function test_checkAuthoriseParams_passedInput()
|
||||
{
|
||||
$a = $this->returnDefault();
|
||||
$a->addGrantType(new OAuth2\Grant\AuthCode());
|
||||
$a->addGrantType(new OAuth2\Grant\AuthCode($a));
|
||||
|
||||
$this->client->shouldReceive('getClient')->andReturn(array(
|
||||
'client_id' => 1234,
|
||||
@@ -284,7 +384,8 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
|
||||
'client_id' => 1234,
|
||||
'redirect_uri' => 'http://foo/redirect',
|
||||
'response_type' => 'code',
|
||||
'scope' => 'foo'
|
||||
'scope' => 'foo',
|
||||
'state' => 'xyz'
|
||||
));
|
||||
|
||||
$this->assertEquals(array(
|
||||
@@ -305,7 +406,8 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
|
||||
'description' => 'Foo Name Description'
|
||||
)
|
||||
),
|
||||
'scope' => 'foo'
|
||||
'scope' => 'foo',
|
||||
'state' => 'xyz'
|
||||
), $v);
|
||||
}
|
||||
|
||||
@@ -326,12 +428,13 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
|
||||
));
|
||||
|
||||
$a = $this->returnDefault();
|
||||
$a->addGrantType(new OAuth2\Grant\AuthCode());
|
||||
$a->addGrantType(new OAuth2\Grant\AuthCode($a));
|
||||
|
||||
$_GET['client_id'] = 1234;
|
||||
$_GET['redirect_uri'] = 'http://foo/redirect';
|
||||
$_GET['response_type'] = 'code';
|
||||
$_GET['scope'] = 'foo';
|
||||
$_GET['state'] = 'xyz';
|
||||
|
||||
$request = new OAuth2\Util\Request($_GET);
|
||||
$a->setRequest($request);
|
||||
@@ -356,7 +459,8 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
|
||||
'description' => 'Foo Name Description'
|
||||
)
|
||||
),
|
||||
'scope' => 'foo'
|
||||
'scope' => 'foo',
|
||||
'state' => 'xyz'
|
||||
), $v);
|
||||
}
|
||||
|
||||
@@ -396,7 +500,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
|
||||
public function test_getGrantType()
|
||||
{
|
||||
$a = $this->returnDefault();
|
||||
$a->addGrantType(new OAuth2\Grant\AuthCode());
|
||||
$a->addGrantType(new OAuth2\Grant\AuthCode($a));
|
||||
|
||||
$reflector = new ReflectionClass($a);
|
||||
$method = $reflector->getMethod('getGrantType');
|
||||
@@ -414,7 +518,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
|
||||
public function test_issueAccessToken_missingGrantType()
|
||||
{
|
||||
$a = $this->returnDefault();
|
||||
$a->addGrantType(new OAuth2\Grant\AuthCode());
|
||||
$a->addGrantType(new OAuth2\Grant\AuthCode($a));
|
||||
|
||||
$v = $a->issueAccessToken();
|
||||
}
|
||||
@@ -426,7 +530,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
|
||||
public function test_issueAccessToken_badGrantType()
|
||||
{
|
||||
$a = $this->returnDefault();
|
||||
$a->addGrantType(new OAuth2\Grant\AuthCode());
|
||||
$a->addGrantType(new OAuth2\Grant\AuthCode($a));
|
||||
|
||||
$v = $a->issueAccessToken(array('grant_type' => 'foo'));
|
||||
}
|
||||
@@ -438,7 +542,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
|
||||
public function test_issueAccessToken_missingClientId()
|
||||
{
|
||||
$a = $this->returnDefault();
|
||||
$a->addGrantType(new OAuth2\Grant\AuthCode());
|
||||
$a->addGrantType(new OAuth2\Grant\AuthCode($a));
|
||||
|
||||
$v = $a->issueAccessToken(array(
|
||||
'grant_type' => 'authorization_code'
|
||||
@@ -452,7 +556,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
|
||||
public function test_issueAccessToken_missingClientSecret()
|
||||
{
|
||||
$a = $this->returnDefault();
|
||||
$a->addGrantType(new OAuth2\Grant\AuthCode());
|
||||
$a->addGrantType(new OAuth2\Grant\AuthCode($a));
|
||||
|
||||
$v = $a->issueAccessToken(array(
|
||||
'grant_type' => 'authorization_code',
|
||||
@@ -467,7 +571,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
|
||||
public function test_issueAccessToken_missingRedirectUri()
|
||||
{
|
||||
$a = $this->returnDefault();
|
||||
$a->addGrantType(new OAuth2\Grant\AuthCode());
|
||||
$a->addGrantType(new OAuth2\Grant\AuthCode($a));
|
||||
|
||||
$v = $a->issueAccessToken(array(
|
||||
'grant_type' => 'authorization_code',
|
||||
@@ -485,7 +589,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
|
||||
$this->client->shouldReceive('getClient')->andReturn(false);
|
||||
|
||||
$a = $this->returnDefault();
|
||||
$a->addGrantType(new OAuth2\Grant\AuthCode());
|
||||
$a->addGrantType(new OAuth2\Grant\AuthCode($a));
|
||||
|
||||
$v = $a->issueAccessToken(array(
|
||||
'grant_type' => 'authorization_code',
|
||||
@@ -504,7 +608,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
|
||||
$this->client->shouldReceive('getClient')->andReturn(array());
|
||||
|
||||
$a = $this->returnDefault();
|
||||
$a->addGrantType(new OAuth2\Grant\AuthCode());
|
||||
$a->addGrantType(new OAuth2\Grant\AuthCode($a));
|
||||
|
||||
$v = $a->issueAccessToken(array(
|
||||
'grant_type' => 'authorization_code',
|
||||
@@ -524,7 +628,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
|
||||
$this->session->shouldReceive('validateAuthCode')->andReturn(false);
|
||||
|
||||
$a = $this->returnDefault();
|
||||
$a->addGrantType(new OAuth2\Grant\AuthCode());
|
||||
$a->addGrantType(new OAuth2\Grant\AuthCode($a));
|
||||
|
||||
$v = $a->issueAccessToken(array(
|
||||
'grant_type' => 'authorization_code',
|
||||
@@ -548,7 +652,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
|
||||
$this->session->shouldReceive('updateSession')->andReturn(null);
|
||||
|
||||
$a = $this->returnDefault();
|
||||
$a->addGrantType(new OAuth2\Grant\AuthCode());
|
||||
$a->addGrantType(new OAuth2\Grant\AuthCode($a));
|
||||
|
||||
$v = $a->issueAccessToken(array(
|
||||
'grant_type' => 'authorization_code',
|
||||
@@ -563,8 +667,8 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
|
||||
$this->assertArrayHasKey('expires', $v);
|
||||
$this->assertArrayHasKey('expires_in', $v);
|
||||
|
||||
$this->assertEquals($a::getExpiresIn(), $v['expires_in']);
|
||||
$this->assertEquals(time()+$a::getExpiresIn(), $v['expires']);
|
||||
$this->assertEquals($a->getExpiresIn(), $v['expires_in']);
|
||||
$this->assertEquals(time()+$a->getExpiresIn(), $v['expires']);
|
||||
}
|
||||
|
||||
public function test_issueAccessToken()
|
||||
@@ -580,7 +684,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
|
||||
$this->session->shouldReceive('updateSession')->andReturn(null);
|
||||
|
||||
$a = $this->returnDefault();
|
||||
$a->addGrantType(new OAuth2\Grant\AuthCode());
|
||||
$a->addGrantType(new OAuth2\Grant\AuthCode($a));
|
||||
|
||||
$_POST['grant_type'] = 'authorization_code';
|
||||
$_POST['client_id'] = 1234;
|
||||
@@ -598,8 +702,43 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
|
||||
$this->assertArrayHasKey('expires', $v);
|
||||
$this->assertArrayHasKey('expires_in', $v);
|
||||
|
||||
$this->assertEquals($a::getExpiresIn(), $v['expires_in']);
|
||||
$this->assertEquals(time()+$a::getExpiresIn(), $v['expires']);
|
||||
$this->assertEquals($a->getExpiresIn(), $v['expires_in']);
|
||||
$this->assertEquals(time()+$a->getExpiresIn(), $v['expires']);
|
||||
}
|
||||
|
||||
public function test_issueAccessToken_HTTP_auth()
|
||||
{
|
||||
$this->client->shouldReceive('getClient')->andReturn(array(
|
||||
'client_id' => 1234,
|
||||
'client_secret' => 5678,
|
||||
'redirect_uri' => 'http://foo/redirect',
|
||||
'name' => 'Example Client'
|
||||
));
|
||||
|
||||
$this->session->shouldReceive('validateAuthCode')->andReturn(1);
|
||||
$this->session->shouldReceive('updateSession')->andReturn(null);
|
||||
|
||||
$a = $this->returnDefault();
|
||||
$a->addGrantType(new OAuth2\Grant\AuthCode($a));
|
||||
|
||||
$_POST['grant_type'] = 'authorization_code';
|
||||
$_SERVER['PHP_AUTH_USER'] = 1234;
|
||||
$_SERVER['PHP_AUTH_PW'] = 5678;
|
||||
$_POST['redirect_uri'] = 'http://foo/redirect';
|
||||
$_POST['code'] = 'foobar';
|
||||
|
||||
$request = new OAuth2\Util\Request(array(), $_POST, array(), array(), $_SERVER);
|
||||
$a->setRequest($request);
|
||||
|
||||
$v = $a->issueAccessToken();
|
||||
|
||||
$this->assertArrayHasKey('access_token', $v);
|
||||
$this->assertArrayHasKey('token_type', $v);
|
||||
$this->assertArrayHasKey('expires', $v);
|
||||
$this->assertArrayHasKey('expires_in', $v);
|
||||
|
||||
$this->assertEquals($a->getExpiresIn(), $v['expires_in']);
|
||||
$this->assertEquals(time()+$a->getExpiresIn(), $v['expires']);
|
||||
}
|
||||
|
||||
public function tearDown() {
|
||||
|
||||
@@ -27,7 +27,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
|
||||
public function test_issueAccessToken_clientCredentialsGrant_missingClientId()
|
||||
{
|
||||
$a = $this->returnDefault();
|
||||
$a->addGrantType(new OAuth2\Grant\ClientCredentials());
|
||||
$a->addGrantType(new OAuth2\Grant\ClientCredentials($a));
|
||||
|
||||
$request = new OAuth2\Util\Request(array(), $_POST);
|
||||
$a->setRequest($request);
|
||||
@@ -44,7 +44,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
|
||||
public function test_issueAccessToken_clientCredentialsGrant_missingClientPassword()
|
||||
{
|
||||
$a = $this->returnDefault();
|
||||
$a->addGrantType(new OAuth2\Grant\ClientCredentials());
|
||||
$a->addGrantType(new OAuth2\Grant\ClientCredentials($a));
|
||||
|
||||
$request = new OAuth2\Util\Request(array(), $_POST);
|
||||
$a->setRequest($request);
|
||||
@@ -64,7 +64,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
|
||||
$this->client->shouldReceive('getClient')->andReturn(false);
|
||||
|
||||
$a = $this->returnDefault();
|
||||
$a->addGrantType(new OAuth2\Grant\ClientCredentials());
|
||||
$a->addGrantType(new OAuth2\Grant\ClientCredentials($a));
|
||||
|
||||
$request = new OAuth2\Util\Request(array(), $_POST);
|
||||
$a->setRequest($request);
|
||||
@@ -93,7 +93,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
|
||||
$this->session->shouldReceive('updateRefreshToken')->andReturn(null);
|
||||
|
||||
$a = $this->returnDefault();
|
||||
$a->addGrantType(new OAuth2\Grant\ClientCredentials());
|
||||
$a->addGrantType(new OAuth2\Grant\ClientCredentials($a));
|
||||
|
||||
$v = $a->issueAccessToken(array(
|
||||
'grant_type' => 'client_credentials',
|
||||
@@ -106,8 +106,8 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
|
||||
$this->assertArrayHasKey('expires', $v);
|
||||
$this->assertArrayHasKey('expires_in', $v);
|
||||
|
||||
$this->assertEquals($a::getExpiresIn(), $v['expires_in']);
|
||||
$this->assertEquals(time()+$a::getExpiresIn(), $v['expires']);
|
||||
$this->assertEquals($a->getExpiresIn(), $v['expires_in']);
|
||||
$this->assertEquals(time()+$a->getExpiresIn(), $v['expires']);
|
||||
}
|
||||
|
||||
function test_issueAccessToken_clientCredentialsGrant()
|
||||
@@ -127,7 +127,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
|
||||
$this->session->shouldReceive('updateRefreshToken')->andReturn(null);
|
||||
|
||||
$a = $this->returnDefault();
|
||||
$a->addGrantType(new OAuth2\Grant\ClientCredentials());
|
||||
$a->addGrantType(new OAuth2\Grant\ClientCredentials($a));
|
||||
|
||||
$_POST['grant_type'] = 'client_credentials';
|
||||
$_POST['client_id'] = 1234;
|
||||
@@ -143,8 +143,8 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
|
||||
$this->assertArrayHasKey('expires', $v);
|
||||
$this->assertArrayHasKey('expires_in', $v);
|
||||
|
||||
$this->assertEquals($a::getExpiresIn(), $v['expires_in']);
|
||||
$this->assertEquals(time()+$a::getExpiresIn(), $v['expires']);
|
||||
$this->assertEquals($a->getExpiresIn(), $v['expires_in']);
|
||||
$this->assertEquals(time()+$a->getExpiresIn(), $v['expires']);
|
||||
}
|
||||
|
||||
function test_issueAccessToken_clientCredentialsGrant_withRefreshToken()
|
||||
@@ -164,8 +164,8 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
|
||||
$this->session->shouldReceive('updateRefreshToken')->andReturn(null);
|
||||
|
||||
$a = $this->returnDefault();
|
||||
$a->addGrantType(new OAuth2\Grant\ClientCredentials());
|
||||
$a->addGrantType(new OAuth2\Grant\RefreshToken());
|
||||
$a->addGrantType(new OAuth2\Grant\ClientCredentials($a));
|
||||
$a->addGrantType(new OAuth2\Grant\RefreshToken($a));
|
||||
|
||||
$_POST['grant_type'] = 'client_credentials';
|
||||
$_POST['client_id'] = 1234;
|
||||
@@ -182,8 +182,8 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
|
||||
$this->assertArrayHasKey('expires_in', $v);
|
||||
$this->assertArrayHasKey('refresh_token', $v);
|
||||
|
||||
$this->assertEquals($a::getExpiresIn(), $v['expires_in']);
|
||||
$this->assertEquals(time()+$a::getExpiresIn(), $v['expires']);
|
||||
$this->assertEquals($a->getExpiresIn(), $v['expires_in']);
|
||||
$this->assertEquals(time()+$a->getExpiresIn(), $v['expires']);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -27,7 +27,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
|
||||
public function test_issueAccessToken_passwordGrant_missingClientId()
|
||||
{
|
||||
$a = $this->returnDefault();
|
||||
$a->addGrantType(new OAuth2\Grant\Password());
|
||||
$a->addGrantType(new OAuth2\Grant\Password($a));
|
||||
|
||||
$request = new OAuth2\Util\Request(array(), $_POST);
|
||||
$a->setRequest($request);
|
||||
@@ -44,7 +44,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
|
||||
public function test_issueAccessToken_passwordGrant_missingClientPassword()
|
||||
{
|
||||
$a = $this->returnDefault();
|
||||
$a->addGrantType(new OAuth2\Grant\Password());
|
||||
$a->addGrantType(new OAuth2\Grant\Password($a));
|
||||
|
||||
$request = new OAuth2\Util\Request(array(), $_POST);
|
||||
$a->setRequest($request);
|
||||
@@ -64,7 +64,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
|
||||
$this->client->shouldReceive('getClient')->andReturn(false);
|
||||
|
||||
$a = $this->returnDefault();
|
||||
$a->addGrantType(new OAuth2\Grant\Password());
|
||||
$a->addGrantType(new OAuth2\Grant\Password($a));
|
||||
|
||||
$request = new OAuth2\Util\Request(array(), $_POST);
|
||||
$a->setRequest($request);
|
||||
@@ -98,7 +98,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
|
||||
$testCredentials = null;
|
||||
|
||||
$a = $this->returnDefault();
|
||||
$pgrant = new OAuth2\Grant\Password();
|
||||
$pgrant = new OAuth2\Grant\Password($a);
|
||||
$pgrant->setVerifyCredentialsCallback($testCredentials);
|
||||
$a->addGrantType($pgrant);
|
||||
|
||||
@@ -134,7 +134,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
|
||||
$testCredentials = function($u, $p) { return false; };
|
||||
|
||||
$a = $this->returnDefault();
|
||||
$pgrant = new OAuth2\Grant\Password();
|
||||
$pgrant = new OAuth2\Grant\Password($a);
|
||||
$pgrant->setVerifyCredentialsCallback($testCredentials);
|
||||
$a->addGrantType($pgrant);
|
||||
|
||||
@@ -168,7 +168,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
|
||||
$testCredentials = function($u, $p) { return false; };
|
||||
|
||||
$a = $this->returnDefault();
|
||||
$pgrant = new OAuth2\Grant\Password();
|
||||
$pgrant = new OAuth2\Grant\Password($a);
|
||||
$pgrant->setVerifyCredentialsCallback($testCredentials);
|
||||
$a->addGrantType($pgrant);
|
||||
|
||||
@@ -203,7 +203,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
|
||||
$testCredentials = function($u, $p) { return false; };
|
||||
|
||||
$a = $this->returnDefault();
|
||||
$pgrant = new OAuth2\Grant\Password();
|
||||
$pgrant = new OAuth2\Grant\Password($a);
|
||||
$pgrant->setVerifyCredentialsCallback($testCredentials);
|
||||
$a->addGrantType($pgrant);
|
||||
|
||||
@@ -216,6 +216,162 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
|
||||
));
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException OAuth2\Exception\ClientException
|
||||
* @expectedExceptionCode 4
|
||||
*/
|
||||
public function test_issueAccessToken_passwordGrant_badScopes()
|
||||
{
|
||||
$this->scope->shouldReceive('getScope')->andReturn(false);
|
||||
|
||||
$this->client->shouldReceive('getClient')->andReturn(array(
|
||||
'client_id' => 1234,
|
||||
'client_secret' => 5678,
|
||||
'redirect_uri' => 'http://foo/redirect',
|
||||
'name' => 'Example Client'
|
||||
));
|
||||
|
||||
$this->client->shouldReceive('validateRefreshToken')->andReturn(1);
|
||||
$this->session->shouldReceive('validateAuthCode')->andReturn(1);
|
||||
$this->session->shouldReceive('createSession')->andReturn(1);
|
||||
$this->session->shouldReceive('deleteSession')->andReturn(null);
|
||||
$this->session->shouldReceive('updateRefreshToken')->andReturn(null);
|
||||
|
||||
$testCredentials = function($u, $p) { return 1; };
|
||||
|
||||
$a = $this->returnDefault();
|
||||
$pgrant = new OAuth2\Grant\Password($a);
|
||||
$pgrant->setVerifyCredentialsCallback($testCredentials);
|
||||
$a->addGrantType($pgrant);
|
||||
|
||||
$v = $a->issueAccessToken(array(
|
||||
'grant_type' => 'password',
|
||||
'client_id' => 1234,
|
||||
'client_secret' => 5678,
|
||||
'username' => 'foo',
|
||||
'password' => 'bar',
|
||||
'scope' => 'blah'
|
||||
));
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException OAuth2\Exception\ClientException
|
||||
* @expectedExceptionCode 0
|
||||
*/
|
||||
public function test_issueAccessToken_passwordGrant_missingScopes()
|
||||
{
|
||||
$this->client->shouldReceive('getClient')->andReturn(array(
|
||||
'client_id' => 1234,
|
||||
'client_secret' => 5678,
|
||||
'redirect_uri' => 'http://foo/redirect',
|
||||
'name' => 'Example Client'
|
||||
));
|
||||
|
||||
$this->client->shouldReceive('validateRefreshToken')->andReturn(1);
|
||||
$this->session->shouldReceive('validateAuthCode')->andReturn(1);
|
||||
$this->session->shouldReceive('createSession')->andReturn(1);
|
||||
$this->session->shouldReceive('deleteSession')->andReturn(null);
|
||||
$this->session->shouldReceive('updateRefreshToken')->andReturn(null);
|
||||
|
||||
$testCredentials = function($u, $p) { return 1; };
|
||||
|
||||
$a = $this->returnDefault();
|
||||
$pgrant = new OAuth2\Grant\Password($a);
|
||||
$pgrant->setVerifyCredentialsCallback($testCredentials);
|
||||
$a->addGrantType($pgrant);
|
||||
$a->requireScopeParam(true);
|
||||
|
||||
$v = $a->issueAccessToken(array(
|
||||
'grant_type' => 'password',
|
||||
'client_id' => 1234,
|
||||
'client_secret' => 5678,
|
||||
'username' => 'foo',
|
||||
'password' => 'bar'
|
||||
));
|
||||
}
|
||||
|
||||
public function test_issueAccessToken_passwordGrant_defaultScope()
|
||||
{
|
||||
$this->scope->shouldReceive('getScope')->andReturn(array(
|
||||
'id' => 1,
|
||||
'scope' => 'foo',
|
||||
'name' => 'Foo Name',
|
||||
'description' => 'Foo Name Description'
|
||||
));
|
||||
|
||||
$this->client->shouldReceive('getClient')->andReturn(array(
|
||||
'client_id' => 1234,
|
||||
'client_secret' => 5678,
|
||||
'redirect_uri' => 'http://foo/redirect',
|
||||
'name' => 'Example Client'
|
||||
));
|
||||
|
||||
$this->client->shouldReceive('validateRefreshToken')->andReturn(1);
|
||||
$this->session->shouldReceive('validateAuthCode')->andReturn(1);
|
||||
$this->session->shouldReceive('createSession')->andReturn(1);
|
||||
$this->session->shouldReceive('deleteSession')->andReturn(null);
|
||||
$this->session->shouldReceive('updateRefreshToken')->andReturn(null);
|
||||
$this->session->shouldReceive('associateScope')->andReturn(null);
|
||||
|
||||
$testCredentials = function($u, $p) { return 1; };
|
||||
|
||||
$a = $this->returnDefault();
|
||||
$pgrant = new OAuth2\Grant\Password($a);
|
||||
$pgrant->setVerifyCredentialsCallback($testCredentials);
|
||||
$a->addGrantType($pgrant);
|
||||
$a->requireScopeParam(false);
|
||||
$a->setDefaultScope('foobar');
|
||||
|
||||
$v = $a->issueAccessToken(array(
|
||||
'grant_type' => 'password',
|
||||
'client_id' => 1234,
|
||||
'client_secret' => 5678,
|
||||
'username' => 'foo',
|
||||
'password' => 'bar',
|
||||
'scope' => ''
|
||||
));
|
||||
}
|
||||
|
||||
public function test_issueAccessToken_passwordGrant_goodScope()
|
||||
{
|
||||
$this->scope->shouldReceive('getScope')->andReturn(array(
|
||||
'id' => 1,
|
||||
'scope' => 'foo',
|
||||
'name' => 'Foo Name',
|
||||
'description' => 'Foo Name Description'
|
||||
));
|
||||
|
||||
$this->client->shouldReceive('getClient')->andReturn(array(
|
||||
'client_id' => 1234,
|
||||
'client_secret' => 5678,
|
||||
'redirect_uri' => 'http://foo/redirect',
|
||||
'name' => 'Example Client'
|
||||
));
|
||||
|
||||
$this->client->shouldReceive('validateRefreshToken')->andReturn(1);
|
||||
$this->session->shouldReceive('validateAuthCode')->andReturn(1);
|
||||
$this->session->shouldReceive('createSession')->andReturn(1);
|
||||
$this->session->shouldReceive('deleteSession')->andReturn(null);
|
||||
$this->session->shouldReceive('updateRefreshToken')->andReturn(null);
|
||||
$this->session->shouldReceive('associateScope')->andReturn(null);
|
||||
|
||||
$testCredentials = function($u, $p) { return 1; };
|
||||
|
||||
$a = $this->returnDefault();
|
||||
$pgrant = new OAuth2\Grant\Password($a);
|
||||
$pgrant->setVerifyCredentialsCallback($testCredentials);
|
||||
$a->addGrantType($pgrant);
|
||||
|
||||
$v = $a->issueAccessToken(array(
|
||||
'grant_type' => 'password',
|
||||
'client_id' => 1234,
|
||||
'client_secret' => 5678,
|
||||
'username' => 'foo',
|
||||
'password' => 'bar',
|
||||
'scope' => 'blah'
|
||||
));
|
||||
}
|
||||
|
||||
function test_issueAccessToken_passwordGrant_passedInput()
|
||||
{
|
||||
$this->client->shouldReceive('getClient')->andReturn(array(
|
||||
@@ -235,9 +391,10 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
|
||||
$testCredentials = function($u, $p) { return 1; };
|
||||
|
||||
$a = $this->returnDefault();
|
||||
$pgrant = new OAuth2\Grant\Password();
|
||||
$pgrant = new OAuth2\Grant\Password($a);
|
||||
$pgrant->setVerifyCredentialsCallback($testCredentials);
|
||||
$a->addGrantType($pgrant);
|
||||
$a->requireScopeParam(false);
|
||||
|
||||
$v = $a->issueAccessToken(array(
|
||||
'grant_type' => 'password',
|
||||
@@ -252,8 +409,8 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
|
||||
$this->assertArrayHasKey('expires', $v);
|
||||
$this->assertArrayHasKey('expires_in', $v);
|
||||
|
||||
$this->assertEquals($a::getExpiresIn(), $v['expires_in']);
|
||||
$this->assertEquals(time()+$a::getExpiresIn(), $v['expires']);
|
||||
$this->assertEquals($a->getExpiresIn(), $v['expires_in']);
|
||||
$this->assertEquals(time()+$a->getExpiresIn(), $v['expires']);
|
||||
}
|
||||
|
||||
function test_issueAccessToken_passwordGrant()
|
||||
@@ -275,9 +432,10 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
|
||||
$testCredentials = function($u, $p) { return 1; };
|
||||
|
||||
$a = $this->returnDefault();
|
||||
$pgrant = new OAuth2\Grant\Password();
|
||||
$pgrant = new OAuth2\Grant\Password($a);
|
||||
$pgrant->setVerifyCredentialsCallback($testCredentials);
|
||||
$a->addGrantType($pgrant);
|
||||
$a->requireScopeParam(false);
|
||||
|
||||
$_POST['grant_type'] = 'password';
|
||||
$_POST['client_id'] = 1234;
|
||||
@@ -295,8 +453,8 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
|
||||
$this->assertArrayHasKey('expires', $v);
|
||||
$this->assertArrayHasKey('expires_in', $v);
|
||||
|
||||
$this->assertEquals($a::getExpiresIn(), $v['expires_in']);
|
||||
$this->assertEquals(time()+$a::getExpiresIn(), $v['expires']);
|
||||
$this->assertEquals($a->getExpiresIn(), $v['expires_in']);
|
||||
$this->assertEquals(time()+$a->getExpiresIn(), $v['expires']);
|
||||
}
|
||||
|
||||
function test_issueAccessToken_passwordGrant_withRefreshToken()
|
||||
@@ -318,10 +476,11 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
|
||||
$testCredentials = function($u, $p) { return 1; };
|
||||
|
||||
$a = $this->returnDefault();
|
||||
$pgrant = new OAuth2\Grant\Password();
|
||||
$pgrant = new OAuth2\Grant\Password($a);
|
||||
$pgrant->setVerifyCredentialsCallback($testCredentials);
|
||||
$a->addGrantType($pgrant);
|
||||
$a->addGrantType(new OAuth2\Grant\RefreshToken());
|
||||
$a->addGrantType(new OAuth2\Grant\RefreshToken($a));
|
||||
$a->requireScopeParam(false);
|
||||
|
||||
$_POST['grant_type'] = 'password';
|
||||
$_POST['client_id'] = 1234;
|
||||
@@ -340,8 +499,8 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
|
||||
$this->assertArrayHasKey('expires_in', $v);
|
||||
$this->assertArrayHasKey('refresh_token', $v);
|
||||
|
||||
$this->assertEquals($a::getExpiresIn(), $v['expires_in']);
|
||||
$this->assertEquals(time()+$a::getExpiresIn(), $v['expires']);
|
||||
$this->assertEquals($a->getExpiresIn(), $v['expires_in']);
|
||||
$this->assertEquals(time()+$a->getExpiresIn(), $v['expires']);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -33,8 +33,8 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
|
||||
$this->session->shouldReceive('updateSession')->andReturn(null);
|
||||
|
||||
$a = $this->returnDefault();
|
||||
$a->addGrantType(new OAuth2\Grant\AuthCode());
|
||||
$a->addGrantType(new OAuth2\Grant\RefreshToken());
|
||||
$a->addGrantType(new OAuth2\Grant\AuthCode($a));
|
||||
$a->addGrantType(new OAuth2\Grant\RefreshToken($a));
|
||||
|
||||
$_POST['grant_type'] = 'authorization_code';
|
||||
$_POST['client_id'] = 1234;
|
||||
@@ -53,8 +53,8 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
|
||||
$this->assertArrayHasKey('expires_in', $v);
|
||||
$this->assertArrayHasKey('refresh_token', $v);
|
||||
|
||||
$this->assertEquals($a::getExpiresIn(), $v['expires_in']);
|
||||
$this->assertEquals(time()+$a::getExpiresIn(), $v['expires']);
|
||||
$this->assertEquals($a->getExpiresIn(), $v['expires_in']);
|
||||
$this->assertEquals(time()+$a->getExpiresIn(), $v['expires']);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -64,7 +64,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
|
||||
public function test_issueAccessToken_refreshTokenGrant_missingClientId()
|
||||
{
|
||||
$a = $this->returnDefault();
|
||||
$a->addGrantType(new OAuth2\Grant\RefreshToken());
|
||||
$a->addGrantType(new OAuth2\Grant\RefreshToken($a));
|
||||
|
||||
$request = new OAuth2\Util\Request(array(), $_POST);
|
||||
$a->setRequest($request);
|
||||
@@ -81,7 +81,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
|
||||
public function test_issueAccessToken_refreshTokenGrant_missingClientSecret()
|
||||
{
|
||||
$a = $this->returnDefault();
|
||||
$a->addGrantType(new OAuth2\Grant\RefreshToken());
|
||||
$a->addGrantType(new OAuth2\Grant\RefreshToken($a));
|
||||
|
||||
$request = new OAuth2\Util\Request(array(), $_POST);
|
||||
$a->setRequest($request);
|
||||
@@ -101,7 +101,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
|
||||
$this->client->shouldReceive('getClient')->andReturn(false);
|
||||
|
||||
$a = $this->returnDefault();
|
||||
$a->addGrantType(new OAuth2\Grant\RefreshToken());
|
||||
$a->addGrantType(new OAuth2\Grant\RefreshToken($a));
|
||||
|
||||
$request = new OAuth2\Util\Request(array(), $_POST);
|
||||
$a->setRequest($request);
|
||||
@@ -122,7 +122,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
|
||||
$this->client->shouldReceive('getClient')->andReturn(array());
|
||||
|
||||
$a = $this->returnDefault();
|
||||
$a->addGrantType(new OAuth2\Grant\RefreshToken());
|
||||
$a->addGrantType(new OAuth2\Grant\RefreshToken($a));
|
||||
|
||||
$request = new OAuth2\Util\Request(array(), $_POST);
|
||||
$a->setRequest($request);
|
||||
@@ -145,7 +145,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
|
||||
$this->client->shouldReceive('validateRefreshToken')->andReturn(false);
|
||||
|
||||
$a = $this->returnDefault();
|
||||
$a->addGrantType(new OAuth2\Grant\RefreshToken());
|
||||
$a->addGrantType(new OAuth2\Grant\RefreshToken($a));
|
||||
|
||||
$request = new OAuth2\Util\Request(array(), $_POST);
|
||||
$a->setRequest($request);
|
||||
@@ -174,7 +174,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
|
||||
$this->session->shouldReceive('updateRefreshToken')->andReturn(null);
|
||||
|
||||
$a = $this->returnDefault();
|
||||
$a->addGrantType(new OAuth2\Grant\RefreshToken());
|
||||
$a->addGrantType(new OAuth2\Grant\RefreshToken($a));
|
||||
|
||||
$_POST['grant_type'] = 'refresh_token';
|
||||
$_POST['client_id'] = 1234;
|
||||
@@ -192,8 +192,8 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
|
||||
$this->assertArrayHasKey('expires_in', $v);
|
||||
$this->assertArrayHasKey('refresh_token', $v);
|
||||
|
||||
$this->assertEquals($a::getExpiresIn(), $v['expires_in']);
|
||||
$this->assertEquals(time()+$a::getExpiresIn(), $v['expires']);
|
||||
$this->assertEquals($a->getExpiresIn(), $v['expires_in']);
|
||||
$this->assertEquals(time()+$a->getExpiresIn(), $v['expires']);
|
||||
}
|
||||
|
||||
public function test_issueAccessToken_refreshTokenGrant()
|
||||
@@ -212,7 +212,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
|
||||
$this->session->shouldReceive('updateRefreshToken')->andReturn(null);
|
||||
|
||||
$a = $this->returnDefault();
|
||||
$a->addGrantType(new OAuth2\Grant\RefreshToken());
|
||||
$a->addGrantType(new OAuth2\Grant\RefreshToken($a));
|
||||
|
||||
$v = $a->issueAccessToken(array(
|
||||
'grant_type' => 'refresh_token',
|
||||
@@ -227,7 +227,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
|
||||
$this->assertArrayHasKey('expires_in', $v);
|
||||
$this->assertArrayHasKey('refresh_token', $v);
|
||||
|
||||
$this->assertEquals($a::getExpiresIn(), $v['expires_in']);
|
||||
$this->assertEquals(time()+$a::getExpiresIn(), $v['expires']);
|
||||
$this->assertEquals($a->getExpiresIn(), $v['expires_in']);
|
||||
$this->assertEquals(time()+$a->getExpiresIn(), $v['expires']);
|
||||
}
|
||||
}
|
||||
@@ -85,7 +85,7 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase
|
||||
$param = $requestReflector->getProperty('headers');
|
||||
$param->setAccessible(true);
|
||||
$param->setValue($request, array(
|
||||
'Authorization' => 'Bearer YWJjZGVm'
|
||||
'Authorization' => 'Bearer abcdef'
|
||||
));
|
||||
$s = $this->returnDefault();
|
||||
$s->setRequest($request);
|
||||
@@ -131,7 +131,7 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase
|
||||
$param = $requestReflector->getProperty('headers');
|
||||
$param->setAccessible(true);
|
||||
$param->setValue($request, array(
|
||||
'Authorization' => 'Bearer YWJjZGVm'
|
||||
'Authorization' => 'Bearer abcdef'
|
||||
));
|
||||
$s = $this->returnDefault();
|
||||
$s->setRequest($request);
|
||||
@@ -153,7 +153,7 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase
|
||||
$param = $requestReflector->getProperty('headers');
|
||||
$param->setAccessible(true);
|
||||
$param->setValue($request, array(
|
||||
'Authorization' => 'Bearer YWJjZGVm'
|
||||
'Authorization' => 'Bearer abcdef'
|
||||
));
|
||||
$s = $this->returnDefault();
|
||||
$s->setRequest($request);
|
||||
|
||||
Reference in New Issue
Block a user