mirror of
https://github.com/elyby/oauth2-server.git
synced 2025-05-31 14:12:07 +05:30
Compare commits
17 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
c003f699c7 | ||
|
|
ad78ec838b | ||
|
|
34a7d14557 | ||
|
|
f5b6b43bef | ||
|
3be3794311 | ||
|
|
710c65aa42 | ||
|
|
352d49ec5a | ||
|
|
88616853c4 | ||
|
|
8eb7dc0d76 | ||
|
|
4cc3f97569 | ||
|
|
e6545f9dca | ||
|
|
7b1b5e94cb | ||
|
|
eceb84b978 | ||
|
|
ffac434bcc | ||
|
|
e74e5061d8 | ||
|
|
cb523e7e34 | ||
|
|
da12c09fda |
12
CHANGELOG.md
12
CHANGELOG.md
@@ -1,5 +1,15 @@
|
||||
# Changelog
|
||||
|
||||
## 1.0.7 (released 2013-03-04)
|
||||
|
||||
* Added method `requireStateParam()`
|
||||
* Added method `requireScopeParam()`
|
||||
|
||||
## 1.0.6 (released 2013-02-22)
|
||||
|
||||
* Added links to tutorials in the README
|
||||
* Added missing `state` parameter request to the `checkAuthoriseParams()` method.
|
||||
|
||||
## 1.0.5 (released 2013-02-21)
|
||||
|
||||
* Fixed the SQL example for SessionInterface::getScopes()
|
||||
@@ -19,4 +29,4 @@
|
||||
|
||||
## 1.0.0 (released 2013-02-15)
|
||||
|
||||
* First release
|
||||
* First major release
|
||||
@@ -29,10 +29,14 @@ The authorization server is a flexible class and following core specification gr
|
||||
* client credentials ([section 2.3.1](http://tools.ietf.org/html/rfc6749#section-2.3.1))
|
||||
* password (user credentials) ([section 4.3](http://tools.ietf.org/html/rfc6749#section-4.3))
|
||||
|
||||
A tutorial on how to use the authorization server can be found at [http://alexbilbie.com/2013/02/developing-an-oauth2-authorization-server/](http://alexbilbie.com/2013/02/developing-an-oauth2-authorization-server/).
|
||||
|
||||
### Resource Server
|
||||
|
||||
The resource server allows you to secure your API endpoints by checking for a valid OAuth access token in the request and ensuring the token has the correct permission to access resources.
|
||||
|
||||
A tutorial on how to use the resource server can be found at [http://alexbilbie.com/2013/02/securing-your-api-with-oauth-2/](http://alexbilbie.com/2013/02/securing-your-api-with-oauth-2/).
|
||||
|
||||
## Future Goals
|
||||
|
||||
### Authorization Server
|
||||
@@ -49,4 +53,4 @@ This code was principally developed by [Alex Bilbie](http://alexbilbie.com/) ([T
|
||||
Valuable contribtions have been made by the following:
|
||||
|
||||
* [Dan Horrigan](http://dandoescode.com) ([Twitter](https://twitter.com/dandoescode)|[Github](https://github.com/dandoescode))
|
||||
* [Nick Jackson](http://nickjackson.me) ([Twitter](https://twitter.com/jacksonj04)|[Github](https://github.com/jacksonj04))
|
||||
* [Nick Jackson](http://nickjackson.me) ([Twitter](https://twitter.com/jacksonj04)|[Github](https://github.com/jacksonj04))
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{
|
||||
"name": "lncd/oauth2",
|
||||
"description": "OAuth 2.0 Framework",
|
||||
"version": "1.0.5",
|
||||
"description": "A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants",
|
||||
"version": "1.0.7",
|
||||
"homepage": "https://github.com/lncd/OAuth2",
|
||||
"license": "MIT",
|
||||
"require": {
|
||||
|
||||
@@ -57,6 +57,18 @@ class AuthServer
|
||||
*/
|
||||
static protected $grantTypes = array();
|
||||
|
||||
/**
|
||||
* Require the "scope" parameter to be in checkAuthoriseParams()
|
||||
* @var boolean
|
||||
*/
|
||||
protected $requireScopeParam = true;
|
||||
|
||||
/**
|
||||
* Require the "state" parameter to be in checkAuthoriseParams()
|
||||
* @var boolean
|
||||
*/
|
||||
protected $requireStateParam = false;
|
||||
|
||||
/**
|
||||
* The request object
|
||||
* @var Util\RequestInterface
|
||||
@@ -164,6 +176,26 @@ class AuthServer
|
||||
return (array_key_exists($identifier, self::$grantTypes));
|
||||
}
|
||||
|
||||
/**
|
||||
* Require the "scope" paremter in checkAuthoriseParams()
|
||||
* @param boolean $require
|
||||
* @return void
|
||||
*/
|
||||
public function requireScopeParam($require = true)
|
||||
{
|
||||
$this->requireScopeParam = $require;
|
||||
}
|
||||
|
||||
/**
|
||||
* Require the "state" paremter in checkAuthoriseParams()
|
||||
* @param boolean $require
|
||||
* @return void
|
||||
*/
|
||||
public function requireStateParam($require = false)
|
||||
{
|
||||
$this->requireStateParam = $require;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the scope delimeter
|
||||
*
|
||||
@@ -249,7 +281,7 @@ class AuthServer
|
||||
public function checkAuthoriseParams($inputParams = array())
|
||||
{
|
||||
// Auth params
|
||||
$authParams = self::getParam(array('client_id', 'redirect_uri', 'response_type', 'scope'), 'get', $inputParams);
|
||||
$authParams = self::getParam(array('client_id', 'redirect_uri', 'response_type', 'scope', 'state'), 'get', $inputParams);
|
||||
|
||||
if (is_null($authParams['client_id'])) {
|
||||
throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'client_id'), 0);
|
||||
@@ -259,6 +291,10 @@ class AuthServer
|
||||
throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'redirect_uri'), 0);
|
||||
}
|
||||
|
||||
if ($this->requireStateParam === true && is_null($authParams['redirect_uri'])) {
|
||||
throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'redirect_uri'), 0);
|
||||
}
|
||||
|
||||
// Validate client ID and redirect URI
|
||||
$clientDetails = self::getStorage('client')->getClient($authParams['client_id'], null, $authParams['redirect_uri']);
|
||||
|
||||
@@ -285,7 +321,7 @@ class AuthServer
|
||||
if ($scopes[$i] === '') unset($scopes[$i]); // Remove any junk scopes
|
||||
}
|
||||
|
||||
if (count($scopes) === 0) {
|
||||
if ($this->requireScopeParam === true && count($scopes) === 0) {
|
||||
throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'scope'), 0);
|
||||
}
|
||||
|
||||
|
||||
@@ -105,25 +105,6 @@ interface SessionInterface
|
||||
* redirect_uri = $redirectUri AND auth_code = $authCode
|
||||
* </code>
|
||||
*
|
||||
* Response:
|
||||
*
|
||||
* <code>
|
||||
* Array
|
||||
* (
|
||||
* [id] => (int) The session ID
|
||||
* [client_id] => (string) The client ID
|
||||
* [redirect_uri] => (string) The redirect URI
|
||||
* [owner_type] => (string) The session owner type
|
||||
* [owner_id] => (string) The session owner's ID
|
||||
* [auth_code] => (string) The authorisation code
|
||||
* [stage] => (string) The session's stage
|
||||
* [first_requested] => (int) Unix timestamp of the time the session was
|
||||
* first generated
|
||||
* [last_updated] => (int) Unix timestamp of the time the session was
|
||||
* last updated
|
||||
* )
|
||||
* </code>
|
||||
*
|
||||
* @param string $clientId The client ID
|
||||
* @param string $redirectUri The redirect URI
|
||||
* @param string $authCode The authorisation code
|
||||
@@ -201,7 +182,12 @@ interface SessionInterface
|
||||
* @param int $accessTokenExpires The UNIX timestamp of when the new token expires
|
||||
* @return void
|
||||
*/
|
||||
public function updateRefreshToken($sessionId, $newAccessToken, $newRefreshToken, $accessTokenExpires);
|
||||
public function updateRefreshToken(
|
||||
$sessionId,
|
||||
$newAccessToken,
|
||||
$newRefreshToken,
|
||||
$accessTokenExpires
|
||||
);
|
||||
|
||||
/**
|
||||
* Associates a session with a scope
|
||||
|
||||
@@ -89,6 +89,32 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
|
||||
$this->assertEquals(';', $a->getScopeDelimeter());
|
||||
}
|
||||
|
||||
public function test_requireScopeParam()
|
||||
{
|
||||
$a = $this->returnDefault();
|
||||
$a->requireScopeParam(false);
|
||||
|
||||
$reflector = new ReflectionClass($a);
|
||||
$requestProperty = $reflector->getProperty('requireScopeParam');
|
||||
$requestProperty->setAccessible(true);
|
||||
$v = $requestProperty->getValue($a);
|
||||
|
||||
$this->assertFalse($v);
|
||||
}
|
||||
|
||||
public function test_requireStateParam()
|
||||
{
|
||||
$a = $this->returnDefault();
|
||||
$a->requireStateParam(true);
|
||||
|
||||
$reflector = new ReflectionClass($a);
|
||||
$requestProperty = $reflector->getProperty('requireStateParam');
|
||||
$requestProperty->setAccessible(true);
|
||||
$v = $requestProperty->getValue($a);
|
||||
|
||||
$this->assertTrue($v);
|
||||
}
|
||||
|
||||
public function test_getExpiresIn()
|
||||
{
|
||||
$a = $this->returnDefault();
|
||||
@@ -284,7 +310,8 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
|
||||
'client_id' => 1234,
|
||||
'redirect_uri' => 'http://foo/redirect',
|
||||
'response_type' => 'code',
|
||||
'scope' => 'foo'
|
||||
'scope' => 'foo',
|
||||
'state' => 'xyz'
|
||||
));
|
||||
|
||||
$this->assertEquals(array(
|
||||
@@ -305,7 +332,8 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
|
||||
'description' => 'Foo Name Description'
|
||||
)
|
||||
),
|
||||
'scope' => 'foo'
|
||||
'scope' => 'foo',
|
||||
'state' => 'xyz'
|
||||
), $v);
|
||||
}
|
||||
|
||||
@@ -332,6 +360,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
|
||||
$_GET['redirect_uri'] = 'http://foo/redirect';
|
||||
$_GET['response_type'] = 'code';
|
||||
$_GET['scope'] = 'foo';
|
||||
$_GET['state'] = 'xyz';
|
||||
|
||||
$request = new OAuth2\Util\Request($_GET);
|
||||
$a->setRequest($request);
|
||||
@@ -356,7 +385,8 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
|
||||
'description' => 'Foo Name Description'
|
||||
)
|
||||
),
|
||||
'scope' => 'foo'
|
||||
'scope' => 'foo',
|
||||
'state' => 'xyz'
|
||||
), $v);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user