Changelog update

Do not forget to set the expire time

CHANGELOG.md

@@ -1,5 +1,14 @@
 # Changelog
 
+## 4.0.4 (released 2014-12-03)
+
+* Ensure refresh token hasn't expired (Issue #270)
+
+## 4.0.3 (released 2014-12-02)
+
+* Fix bad type hintings (Issue #267)
+* Do not forget to set the expire time (Issue #268)
+
 ## 4.0.2 (released 2014-11-21)
 
 * Improved interfaces (Issue #255)

examples/relational/Storage/AccessTokenStorage.php

@@ -34,7 +34,7 @@ class AccessTokenStorage extends AbstractStorage implements AccessTokenInterface
     /**
      * {@inheritdoc}
      */
-    public function getScopes(AbstractTokenEntity $token)
+    public function getScopes(AccessTokenEntity $token)
     {
         $result = Capsule::table('oauth_access_token_scopes')
                                     ->select(['oauth_scopes.id', 'oauth_scopes.description'])
@@ -73,7 +73,7 @@ class AccessTokenStorage extends AbstractStorage implements AccessTokenInterface
     /**
      * {@inheritdoc}
      */
-    public function associateScope(AbstractTokenEntity $token, ScopeEntity $scope)
+    public function associateScope(AccessTokenEntity $token, ScopeEntity $scope)
     {
         Capsule::table('oauth_access_token_scopes')
                     ->insert([
@@ -85,7 +85,7 @@ class AccessTokenStorage extends AbstractStorage implements AccessTokenInterface
     /**
      * {@inheritdoc}
      */
-    public function delete(AbstractTokenEntity $token)
+    public function delete(AccessTokenEntity $token)
     {
         Capsule::table('oauth_access_token_scopes')
                     ->where('access_token', $token->getId())

examples/relational/Storage/AuthCodeStorage.php

@@ -24,6 +24,7 @@ class AuthCodeStorage extends AbstractStorage implements AuthCodeInterface
             $token = new AuthCodeEntity($this->server);
             $token->setId($result[0]['auth_code']);
             $token->setRedirectUri($result[0]['client_redirect_uri']);
+            $token->setExpireTime($result[0]['expire_time']);
 
             return $token;
         }

src/Grant/AuthCodeGrant.php

@@ -166,21 +166,16 @@ class AuthCodeGrant extends AbstractGrant
     public function completeFlow()
     {
         // Get the required params
-        $clientId = $this->server->getRequest()->request->get('client_id', null);
-        if (is_null($clientId)) {
-            $clientId = $this->server->getRequest()->getUser();
+        $clientId = $this->server->getRequest()->request->get('client_id', $this->server->getRequest()->getUser());
         if (is_null($clientId)) {
             throw new Exception\InvalidRequestException('client_id');
         }
-        }
 
-        $clientSecret = $this->server->getRequest()->request->get('client_secret', null);
-        if (is_null($clientSecret)) {
-            $clientSecret = $this->server->getRequest()->getPassword();
+        $clientSecret = $this->server->getRequest()->request->get('client_secret',
+            $this->server->getRequest()->getPassword());
         if (is_null($clientSecret)) {
             throw new Exception\InvalidRequestException('client_secret');
         }
-        }
 
         $redirectUri = $this->server->getRequest()->request->get('redirect_uri', null);
         if (is_null($redirectUri)) {

src/Grant/ClientCredentialsGrant.php

@@ -55,21 +55,16 @@ class ClientCredentialsGrant extends AbstractGrant
     public function completeFlow()
     {
         // Get the required params
-        $clientId = $this->server->getRequest()->request->get('client_id', null);
-        if (is_null($clientId)) {
-            $clientId = $this->server->getRequest()->getUser();
+        $clientId = $this->server->getRequest()->request->get('client_id', $this->server->getRequest()->getUser());
         if (is_null($clientId)) {
             throw new Exception\InvalidRequestException('client_id');
         }
-        }
 
-        $clientSecret = $this->server->getRequest()->request->get('client_secret', null);
-        if (is_null($clientSecret)) {
-            $clientSecret = $this->server->getRequest()->getPassword();
+        $clientSecret = $this->server->getRequest()->request->get('client_secret',
+            $this->server->getRequest()->getPassword());
         if (is_null($clientSecret)) {
             throw new Exception\InvalidRequestException('client_secret');
         }
-        }
 
         // Validate client ID and client secret
         $client = $this->server->getClientStorage()->get(

src/Grant/PasswordGrant.php

@@ -65,7 +65,7 @@ class PasswordGrant extends AbstractGrant
      */
     protected function getVerifyCredentialsCallback()
     {
-        if (is_null($this->callback) || ! is_callable($this->callback)) {
+        if (is_null($this->callback) || !is_callable($this->callback)) {
             throw new Exception\ServerErrorException('Null or non-callable callback set on Password grant');
         }
 
@@ -80,21 +80,16 @@ class PasswordGrant extends AbstractGrant
     public function completeFlow()
     {
         // Get the required params
-        $clientId = $this->server->getRequest()->request->get('client_id', null);
-        if (is_null($clientId)) {
-            $clientId = $this->server->getRequest()->getUser();
+        $clientId = $this->server->getRequest()->request->get('client_id', $this->server->getRequest()->getUser());
         if (is_null($clientId)) {
             throw new Exception\InvalidRequestException('client_id');
         }
-        }
 
-        $clientSecret = $this->server->getRequest()->request->get('client_secret', null);
-        if (is_null($clientSecret)) {
-            $clientSecret = $this->server->getRequest()->getPassword();
+        $clientSecret = $this->server->getRequest()->request->get('client_secret',
+            $this->server->getRequest()->getPassword());
         if (is_null($clientSecret)) {
             throw new Exception\InvalidRequestException('client_secret');
         }
-        }
 
         // Validate client ID and client secret
         $client = $this->server->getClientStorage()->get(

src/Grant/RefreshTokenGrant.php

@@ -58,21 +58,16 @@ class RefreshTokenGrant extends AbstractGrant
      */
     public function completeFlow()
     {
-        $clientId = $this->server->getRequest()->request->get('client_id', null);
-        if (is_null($clientId)) {
-            $clientId = $this->server->getRequest()->getUser();
+        $clientId = $this->server->getRequest()->request->get('client_id', $this->server->getRequest()->getUser());
         if (is_null($clientId)) {
             throw new Exception\InvalidRequestException('client_id');
         }
-        }
 
-        $clientSecret = $this->server->getRequest()->request->get('client_secret', null);
-        if (is_null($clientSecret)) {
-            $clientSecret = $this->server->getRequest()->getPassword();
+        $clientSecret = $this->server->getRequest()->request->get('client_secret',
+            $this->server->getRequest()->getPassword());
         if (is_null($clientSecret)) {
             throw new Exception\InvalidRequestException('client_secret');
         }
-        }
 
         // Validate client ID and client secret
         $client = $this->server->getClientStorage()->get(
@@ -99,6 +94,11 @@ class RefreshTokenGrant extends AbstractGrant
             throw new Exception\InvalidRefreshException();
         }
 
+        // Ensure the old refresh token hasn't expired
+        if ($oldRefreshToken->isExpired() === true) {
+            throw new Exception\InvalidRefreshException();
+        }
+
         $oldAccessToken = $oldRefreshToken->getAccessToken();
 
         // Get the scopes for the original session

tests/unit/Grant/RefreshTokenGrantTest.php

@@ -190,7 +190,7 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
         $refreshTokenStorage->shouldReceive('delete');
         $refreshTokenStorage->shouldReceive('create');
         $refreshTokenStorage->shouldReceive('get')->andReturn(
-            (new RefreshTokenEntity($server))
+            (new RefreshTokenEntity($server))->setExpireTime(time() + 86400)
         );
 
         $scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
@@ -261,7 +261,7 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
         $refreshTokenStorage->shouldReceive('delete');
         $refreshTokenStorage->shouldReceive('create');
         $refreshTokenStorage->shouldReceive('get')->andReturn(
-            (new RefreshTokenEntity($server))
+            (new RefreshTokenEntity($server))->setExpireTime(time() + 86400)
         );
 
         $scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
@@ -285,6 +285,74 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
         $this->assertTrue(isset($response['expires_in']));
     }
 
+    public function testCompleteFlowExpiredRefreshToken()
+    {
+        $this->setExpectedException('League\OAuth2\Server\Exception\InvalidRefreshException');
+        
+        $_POST = [
+            'grant_type'    => 'refresh_token',
+            'client_id'     =>  'testapp',
+            'client_secret' =>  'foobar',
+            'refresh_token' =>  'refresh_token',
+            'scope'         =>  'foo',
+        ];
+
+        $server = new AuthorizationServer();
+        $grant = new RefreshTokenGrant();
+
+        $oldSession = (new SessionEntity($server))->associateScope((new ScopeEntity($server))->hydrate(['id' => 'foo']));
+
+        $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
+        $clientStorage->shouldReceive('setServer');
+        $clientStorage->shouldReceive('get')->andReturn(
+            (new ClientEntity($server))->hydrate(['id' => 'testapp'])
+        );
+
+        $sessionStorage = M::mock('League\OAuth2\Server\Storage\SessionInterface');
+        $sessionStorage->shouldReceive('setServer');
+        $sessionStorage->shouldReceive('getScopes')->shouldReceive('getScopes')->andReturn([]);
+        $sessionStorage->shouldReceive('associateScope');
+        $sessionStorage->shouldReceive('getByAccessToken')->andReturn(
+            $oldSession
+        );
+
+        $accessTokenStorage = M::mock('League\OAuth2\Server\Storage\AccessTokenInterface');
+        $accessTokenStorage->shouldReceive('setServer');
+        $accessTokenStorage->shouldReceive('get')->andReturn(
+            (new AccessTokenEntity($server))
+        );
+        $accessTokenStorage->shouldReceive('delete');
+        $accessTokenStorage->shouldReceive('create');
+        $accessTokenStorage->shouldReceive('getScopes')->andReturn([
+            (new ScopeEntity($server))->hydrate(['id' => 'foo']),
+        ]);
+        $accessTokenStorage->shouldReceive('associateScope');
+
+        $refreshTokenStorage = M::mock('League\OAuth2\Server\Storage\RefreshTokenInterface');
+        $refreshTokenStorage->shouldReceive('setServer');
+        $refreshTokenStorage->shouldReceive('associateScope');
+        $refreshTokenStorage->shouldReceive('delete');
+        $refreshTokenStorage->shouldReceive('create');
+        $refreshTokenStorage->shouldReceive('get')->andReturn(
+            (new RefreshTokenEntity($server))
+        );
+
+        $scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
+        $scopeStorage->shouldReceive('setServer');
+        $scopeStorage->shouldReceive('get')->andReturn(
+            (new ScopeEntity($server))->hydrate(['id' => 'foo'])
+        );
+
+        $server->setClientStorage($clientStorage);
+        $server->setScopeStorage($scopeStorage);
+        $server->setSessionStorage($sessionStorage);
+        $server->setAccessTokenStorage($accessTokenStorage);
+        $server->setRefreshTokenStorage($refreshTokenStorage);
+
+        $server->addGrantType($grant);
+        $server->issueAccessToken();
+    }
+
     public function testCompleteFlowRequestScopesInvalid()
     {
         $_POST = [
@@ -332,7 +400,7 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
         $refreshTokenStorage->shouldReceive('delete');
         $refreshTokenStorage->shouldReceive('create');
         $refreshTokenStorage->shouldReceive('get')->andReturn(
-            (new RefreshTokenEntity($server))
+            (new RefreshTokenEntity($server))->setExpireTime(time() + 86400)
         );
 
         $scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');