mirror of
https://github.com/elyby/oauth2-server.git
synced 2025-05-31 14:12:07 +05:30
Compare commits
17 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
13cd0cacdf | ||
|
f03e4a9e37 | ||
|
|
da92410ecb | ||
|
|
23303905a8 | ||
|
0b8e69f0d0 | ||
|
a448f2167b | ||
|
2f14f6b391 | ||
|
|
94369abd60 | ||
|
|
45edac4216 | ||
|
|
5bdfc9908a | ||
|
|
1890d71838 | ||
|
|
00d5fb5834 | ||
|
49b776c495 | ||
|
|
31e03c2d36 | ||
|
|
6f85bcbbf1 | ||
|
7771bc04ec | ||
|
|
f34dd4a0cb |
@@ -1,5 +1,9 @@
|
|||||||
# Changelog
|
# Changelog
|
||||||
|
|
||||||
|
## 3.2.2 (released 2014-07-23)
|
||||||
|
|
||||||
|
* Fix Resource server Request HTTP header access (Issue #188)
|
||||||
|
|
||||||
## 3.2 (released 2014-04-16)
|
## 3.2 (released 2014-04-16)
|
||||||
|
|
||||||
* Added the ability to change the algorithm that is used to generate the token strings (Issue #151)
|
* Added the ability to change the algorithm that is used to generate the token strings (Issue #151)
|
||||||
|
|||||||
16
README.md
16
README.md
@@ -42,27 +42,13 @@ The authorization server is a flexible class and the following core specificatio
|
|||||||
* client credentials ([section 2.3.1](http://tools.ietf.org/html/rfc6749#section-2.3.1))
|
* client credentials ([section 2.3.1](http://tools.ietf.org/html/rfc6749#section-2.3.1))
|
||||||
* password (user credentials) ([section 4.3](http://tools.ietf.org/html/rfc6749#section-4.3))
|
* password (user credentials) ([section 4.3](http://tools.ietf.org/html/rfc6749#section-4.3))
|
||||||
|
|
||||||
An [overview of the different OAuth 2.0 grants](https://github.com/thephpleague/oauth2-server/wiki/Which-OAuth-2.0-grant-should-I-use%3F) can be found in the [wiki].
|
|
||||||
|
|
||||||
### Resource Server
|
### Resource Server
|
||||||
|
|
||||||
The resource server allows you to secure your API endpoints by checking for a valid OAuth access token in the request and ensuring the token has the correct scope(s) (i.e. permissions) to access resources.
|
The resource server allows you to secure your API endpoints by checking for a valid OAuth access token in the request and ensuring the token has the correct scope(s) (i.e. permissions) to access resources.
|
||||||
|
|
||||||
### Custom grants
|
### Custom grants
|
||||||
|
|
||||||
Custom grants can be created easily by implementing an interface. Check out the [custom grant guide](https://github.com/thephpleague/oauth2-server/wiki/Creating-custom-grants).
|
Custom grants can be created easily by implementing an interface.
|
||||||
|
|
||||||
## Tutorials and Documentation
|
|
||||||
|
|
||||||
* **[Wiki]** - The wiki has lots of guides on how to use this library.
|
|
||||||
|
|
||||||
* **[Developing an OAuth-2.0 Authorization Server]** - A simple tutorial on how to use the authorization server.
|
|
||||||
|
|
||||||
* **[Securing your API with OAuth 2.0]** - A simple tutorial on how to use the resource server to secure an API server.
|
|
||||||
|
|
||||||
[Wiki]: https://github.com/thephpleague/oauth2-server/wiki
|
|
||||||
[Securing your API with OAuth 2.0]: https://github.com/thephpleague/oauth2-server/wiki/Securing-your-API-with-OAuth-2.0
|
|
||||||
[Developing an OAuth-2.0 Authorization Server]: https://github.com/thephpleague/oauth2-server/wiki/Developing-an-OAuth-2.0-authorization-server
|
|
||||||
|
|
||||||
## Changelog
|
## Changelog
|
||||||
|
|
||||||
|
|||||||
@@ -6,7 +6,7 @@
|
|||||||
"php": ">=5.4.0"
|
"php": ">=5.4.0"
|
||||||
},
|
},
|
||||||
"require-dev": {
|
"require-dev": {
|
||||||
"mockery/mockery": ">=0.7.2",
|
"mockery/mockery": "~0.8",
|
||||||
"league/phpunit-coverage-listener": "~1.0"
|
"league/phpunit-coverage-listener": "~1.0"
|
||||||
},
|
},
|
||||||
"repositories": [
|
"repositories": [
|
||||||
@@ -43,7 +43,9 @@
|
|||||||
"League\\OAuth2\\Server": "src/"
|
"League\\OAuth2\\Server": "src/"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"suggest": {
|
"extra": {
|
||||||
|
"branch-alias": {
|
||||||
|
"dev-master": "3.2.x-dev"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -84,6 +84,7 @@ class Resource
|
|||||||
0 => 'invalid_request',
|
0 => 'invalid_request',
|
||||||
1 => 'invalid_token',
|
1 => 'invalid_token',
|
||||||
2 => 'insufficient_scope',
|
2 => 'insufficient_scope',
|
||||||
|
3 => 'missing_token',
|
||||||
);
|
);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -94,6 +95,7 @@ class Resource
|
|||||||
'invalid_request' => 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the "%s" parameter.',
|
'invalid_request' => 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the "%s" parameter.',
|
||||||
'invalid_token' => 'The access token provided is expired, revoked, malformed, or invalid for other reasons.',
|
'invalid_token' => 'The access token provided is expired, revoked, malformed, or invalid for other reasons.',
|
||||||
'insufficient_scope' => 'The request requires higher privileges than provided by the access token. Required scopes are: %s.',
|
'insufficient_scope' => 'The request requires higher privileges than provided by the access token. Required scopes are: %s.',
|
||||||
|
'missing_token' => 'The request is missing an access token in either the Authorization header or the %s request parameter.',
|
||||||
);
|
);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -109,6 +111,7 @@ class Resource
|
|||||||
'invalid_request' => 400,
|
'invalid_request' => 400,
|
||||||
'invalid_token' => 401,
|
'invalid_token' => 401,
|
||||||
'insufficient_scope' => 403,
|
'insufficient_scope' => 403,
|
||||||
|
'missing_token' => 400,
|
||||||
);
|
);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -163,9 +166,9 @@ class Resource
|
|||||||
// include the "WWW-Authenticate" response header field
|
// include the "WWW-Authenticate" response header field
|
||||||
// matching the authentication scheme used by the client.
|
// matching the authentication scheme used by the client.
|
||||||
// @codeCoverageIgnoreStart
|
// @codeCoverageIgnoreStart
|
||||||
if ($error === 'insufficient_scope') {
|
if ($error === 'invalid_token') {
|
||||||
$authScheme = null;
|
$authScheme = null;
|
||||||
$request = new Request();
|
$request = Request::buildFromGlobals();
|
||||||
if ($request->server('PHP_AUTH_USER') !== null) {
|
if ($request->server('PHP_AUTH_USER') !== null) {
|
||||||
$authScheme = 'Basic';
|
$authScheme = 'Basic';
|
||||||
} else {
|
} else {
|
||||||
@@ -387,7 +390,7 @@ class Resource
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (empty($accessToken)) {
|
if (empty($accessToken)) {
|
||||||
throw new Exception\MissingAccessTokenException(self::$exceptionMessages['invalid_request'], 0);
|
throw new Exception\MissingAccessTokenException(sprintf(self::$exceptionMessages['missing_token'], $this->tokenKey), 3);
|
||||||
}
|
}
|
||||||
|
|
||||||
return $accessToken;
|
return $accessToken;
|
||||||
|
|||||||
@@ -76,15 +76,18 @@ class Request implements RequestInterface
|
|||||||
|
|
||||||
protected function readHeaders()
|
protected function readHeaders()
|
||||||
{
|
{
|
||||||
if (function_exists('getallheaders')) {
|
if (function_exists('apache_request_headers')) {
|
||||||
// @codeCoverageIgnoreStart
|
// @codeCoverageIgnoreStart
|
||||||
$headers = getallheaders();
|
$headers = apache_request_headers();
|
||||||
|
} elseif (function_exists('http_get_request_headers')) {
|
||||||
|
$headers = http_get_request_headers();
|
||||||
} else {
|
} else {
|
||||||
// @codeCoverageIgnoreEnd
|
// @codeCoverageIgnoreEnd
|
||||||
$headers = array();
|
$headers = array();
|
||||||
foreach ($this->server() as $name => $value) {
|
foreach ($this->server() as $name => $value) {
|
||||||
if (substr($name, 0, 5) == 'HTTP_') {
|
if (substr($name, 0, 5) == 'HTTP_') {
|
||||||
$name = str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))));
|
// HTTP_FOO_BAR becomes FOO-BAR
|
||||||
|
$name = str_replace(array('HTTP_', '_'), array('', '-'), $name);
|
||||||
$headers[$name] = $value;
|
$headers[$name] = $value;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -38,8 +38,8 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase
|
|||||||
public function test_getExceptionHttpHeaders()
|
public function test_getExceptionHttpHeaders()
|
||||||
{
|
{
|
||||||
$this->assertEquals(array('HTTP/1.1 400 Bad Request'), League\OAuth2\Server\Resource::getExceptionHttpHeaders('invalid_request'));
|
$this->assertEquals(array('HTTP/1.1 400 Bad Request'), League\OAuth2\Server\Resource::getExceptionHttpHeaders('invalid_request'));
|
||||||
$this->assertEquals(array('HTTP/1.1 401 Unauthorized'), League\OAuth2\Server\Resource::getExceptionHttpHeaders('invalid_token'));
|
$this->assertContains('HTTP/1.1 401 Unauthorized', League\OAuth2\Server\Resource::getExceptionHttpHeaders('invalid_token'));
|
||||||
$this->assertContains('HTTP/1.1 403 Forbidden', League\OAuth2\Server\Resource::getExceptionHttpHeaders('insufficient_scope'));
|
$this->assertEquals(array('HTTP/1.1 403 Forbidden'), League\OAuth2\Server\Resource::getExceptionHttpHeaders('insufficient_scope'));
|
||||||
}
|
}
|
||||||
|
|
||||||
public function test_setRequest()
|
public function test_setRequest()
|
||||||
|
|||||||
Reference in New Issue
Block a user