mirror of
https://github.com/elyby/oauth2-server.git
synced 2025-05-31 14:12:07 +05:30
Compare commits
5 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
edaccab04b | ||
|
|
f8b61b47b9 | ||
|
|
b8331d12e4 | ||
|
|
92404ab2bf | ||
|
|
e1c0ff2685 |
@@ -1,5 +1,9 @@
|
||||
# Changelog
|
||||
|
||||
## 4.0.4 (released 2014-12-03)
|
||||
|
||||
* Ensure refresh token hasn't expired (Issue #270)
|
||||
|
||||
## 4.0.3 (released 2014-12-02)
|
||||
|
||||
* Fix bad type hintings (Issue #267)
|
||||
|
||||
@@ -102,7 +102,7 @@ class AuthorizationServer extends AbstractServer
|
||||
|
||||
/**
|
||||
* Check if a grant type has been enabled
|
||||
* @param string $identifier The grant type identifier
|
||||
* @param string $identifier The grant type identifier
|
||||
* @return boolean Returns "true" if enabled, "false" if not
|
||||
*/
|
||||
public function hasGrantType($identifier)
|
||||
@@ -247,7 +247,7 @@ class AuthorizationServer extends AbstractServer
|
||||
|
||||
/**
|
||||
* Return a grant type class
|
||||
* @param string $grantType The grant type identifier
|
||||
* @param string $grantType The grant type identifier
|
||||
* @return Grant\GrantTypeInterface
|
||||
* @throws
|
||||
*/
|
||||
|
||||
@@ -92,7 +92,7 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
|
||||
/**
|
||||
* Override the default access token expire time
|
||||
* @param int $accessTokenTTL
|
||||
* @param int $accessTokenTTL
|
||||
* @return self
|
||||
*/
|
||||
public function setAccessTokenTTL($accessTokenTTL)
|
||||
@@ -114,9 +114,9 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
|
||||
/**
|
||||
* Given a list of scopes, validate them and return an array of Scope entities
|
||||
* @param string $scopeParam A string of scopes (e.g. "profile email birthday")
|
||||
* @param \League\OAuth2\Server\Entity\ClientEntity $client Client entity
|
||||
* @param string|null $redirectUri The redirect URI to return the user to
|
||||
* @param string $scopeParam A string of scopes (e.g. "profile email birthday")
|
||||
* @param \League\OAuth2\Server\Entity\ClientEntity $client Client entity
|
||||
* @param string|null $redirectUri The redirect URI to return the user to
|
||||
* @return \League\OAuth2\Server\Entity\ScopeEntity[]
|
||||
* @throws \League\OAuth2\Server\Exception\InvalidScopeException If scope is invalid, or no scopes passed when required
|
||||
* @throws
|
||||
|
||||
@@ -57,7 +57,7 @@ class AuthCodeGrant extends AbstractGrant
|
||||
|
||||
/**
|
||||
* Override the default access token expire time
|
||||
* @param int $authTokenTTL
|
||||
* @param int $authTokenTTL
|
||||
* @return void
|
||||
*/
|
||||
public function setAuthTokenTTL($authTokenTTL)
|
||||
@@ -118,11 +118,11 @@ class AuthCodeGrant extends AbstractGrant
|
||||
$scopes = $this->validateScopes($scopeParam, $client, $redirectUri);
|
||||
|
||||
return [
|
||||
'client' => $client,
|
||||
'redirect_uri' => $redirectUri,
|
||||
'state' => $state,
|
||||
'response_type' => $responseType,
|
||||
'scopes' => $scopes
|
||||
'client' => $client,
|
||||
'redirect_uri' => $redirectUri,
|
||||
'state' => $state,
|
||||
'response_type' => $responseType,
|
||||
'scopes' => $scopes
|
||||
];
|
||||
}
|
||||
|
||||
@@ -166,20 +166,15 @@ class AuthCodeGrant extends AbstractGrant
|
||||
public function completeFlow()
|
||||
{
|
||||
// Get the required params
|
||||
$clientId = $this->server->getRequest()->request->get('client_id', null);
|
||||
$clientId = $this->server->getRequest()->request->get('client_id', $this->server->getRequest()->getUser());
|
||||
if (is_null($clientId)) {
|
||||
$clientId = $this->server->getRequest()->getUser();
|
||||
if (is_null($clientId)) {
|
||||
throw new Exception\InvalidRequestException('client_id');
|
||||
}
|
||||
throw new Exception\InvalidRequestException('client_id');
|
||||
}
|
||||
|
||||
$clientSecret = $this->server->getRequest()->request->get('client_secret', null);
|
||||
$clientSecret = $this->server->getRequest()->request->get('client_secret',
|
||||
$this->server->getRequest()->getPassword());
|
||||
if (is_null($clientSecret)) {
|
||||
$clientSecret = $this->server->getRequest()->getPassword();
|
||||
if (is_null($clientSecret)) {
|
||||
throw new Exception\InvalidRequestException('client_secret');
|
||||
}
|
||||
throw new Exception\InvalidRequestException('client_secret');
|
||||
}
|
||||
|
||||
$redirectUri = $this->server->getRequest()->request->get('redirect_uri', null);
|
||||
|
||||
@@ -55,20 +55,15 @@ class ClientCredentialsGrant extends AbstractGrant
|
||||
public function completeFlow()
|
||||
{
|
||||
// Get the required params
|
||||
$clientId = $this->server->getRequest()->request->get('client_id', null);
|
||||
$clientId = $this->server->getRequest()->request->get('client_id', $this->server->getRequest()->getUser());
|
||||
if (is_null($clientId)) {
|
||||
$clientId = $this->server->getRequest()->getUser();
|
||||
if (is_null($clientId)) {
|
||||
throw new Exception\InvalidRequestException('client_id');
|
||||
}
|
||||
throw new Exception\InvalidRequestException('client_id');
|
||||
}
|
||||
|
||||
$clientSecret = $this->server->getRequest()->request->get('client_secret', null);
|
||||
$clientSecret = $this->server->getRequest()->request->get('client_secret',
|
||||
$this->server->getRequest()->getPassword());
|
||||
if (is_null($clientSecret)) {
|
||||
$clientSecret = $this->server->getRequest()->getPassword();
|
||||
if (is_null($clientSecret)) {
|
||||
throw new Exception\InvalidRequestException('client_secret');
|
||||
}
|
||||
throw new Exception\InvalidRequestException('client_secret');
|
||||
}
|
||||
|
||||
// Validate client ID and client secret
|
||||
|
||||
@@ -65,7 +65,7 @@ class PasswordGrant extends AbstractGrant
|
||||
*/
|
||||
protected function getVerifyCredentialsCallback()
|
||||
{
|
||||
if (is_null($this->callback) || ! is_callable($this->callback)) {
|
||||
if (is_null($this->callback) || !is_callable($this->callback)) {
|
||||
throw new Exception\ServerErrorException('Null or non-callable callback set on Password grant');
|
||||
}
|
||||
|
||||
@@ -80,20 +80,15 @@ class PasswordGrant extends AbstractGrant
|
||||
public function completeFlow()
|
||||
{
|
||||
// Get the required params
|
||||
$clientId = $this->server->getRequest()->request->get('client_id', null);
|
||||
$clientId = $this->server->getRequest()->request->get('client_id', $this->server->getRequest()->getUser());
|
||||
if (is_null($clientId)) {
|
||||
$clientId = $this->server->getRequest()->getUser();
|
||||
if (is_null($clientId)) {
|
||||
throw new Exception\InvalidRequestException('client_id');
|
||||
}
|
||||
throw new Exception\InvalidRequestException('client_id');
|
||||
}
|
||||
|
||||
$clientSecret = $this->server->getRequest()->request->get('client_secret', null);
|
||||
$clientSecret = $this->server->getRequest()->request->get('client_secret',
|
||||
$this->server->getRequest()->getPassword());
|
||||
if (is_null($clientSecret)) {
|
||||
$clientSecret = $this->server->getRequest()->getPassword();
|
||||
if (is_null($clientSecret)) {
|
||||
throw new Exception\InvalidRequestException('client_secret');
|
||||
}
|
||||
throw new Exception\InvalidRequestException('client_secret');
|
||||
}
|
||||
|
||||
// Validate client ID and client secret
|
||||
|
||||
@@ -36,7 +36,7 @@ class RefreshTokenGrant extends AbstractGrant
|
||||
|
||||
/**
|
||||
* Set the TTL of the refresh token
|
||||
* @param int $refreshTokenTTL
|
||||
* @param int $refreshTokenTTL
|
||||
* @return void
|
||||
*/
|
||||
public function setRefreshTokenTTL($refreshTokenTTL)
|
||||
@@ -58,20 +58,15 @@ class RefreshTokenGrant extends AbstractGrant
|
||||
*/
|
||||
public function completeFlow()
|
||||
{
|
||||
$clientId = $this->server->getRequest()->request->get('client_id', null);
|
||||
$clientId = $this->server->getRequest()->request->get('client_id', $this->server->getRequest()->getUser());
|
||||
if (is_null($clientId)) {
|
||||
$clientId = $this->server->getRequest()->getUser();
|
||||
if (is_null($clientId)) {
|
||||
throw new Exception\InvalidRequestException('client_id');
|
||||
}
|
||||
throw new Exception\InvalidRequestException('client_id');
|
||||
}
|
||||
|
||||
$clientSecret = $this->server->getRequest()->request->get('client_secret', null);
|
||||
$clientSecret = $this->server->getRequest()->request->get('client_secret',
|
||||
$this->server->getRequest()->getPassword());
|
||||
if (is_null($clientSecret)) {
|
||||
$clientSecret = $this->server->getRequest()->getPassword();
|
||||
if (is_null($clientSecret)) {
|
||||
throw new Exception\InvalidRequestException('client_secret');
|
||||
}
|
||||
throw new Exception\InvalidRequestException('client_secret');
|
||||
}
|
||||
|
||||
// Validate client ID and client secret
|
||||
@@ -99,6 +94,11 @@ class RefreshTokenGrant extends AbstractGrant
|
||||
throw new Exception\InvalidRefreshException();
|
||||
}
|
||||
|
||||
// Ensure the old refresh token hasn't expired
|
||||
if ($oldRefreshToken->isExpired() === true) {
|
||||
throw new Exception\InvalidRefreshException();
|
||||
}
|
||||
|
||||
$oldAccessToken = $oldRefreshToken->getAccessToken();
|
||||
|
||||
// Get the scopes for the original session
|
||||
|
||||
@@ -190,7 +190,7 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
|
||||
$refreshTokenStorage->shouldReceive('delete');
|
||||
$refreshTokenStorage->shouldReceive('create');
|
||||
$refreshTokenStorage->shouldReceive('get')->andReturn(
|
||||
(new RefreshTokenEntity($server))
|
||||
(new RefreshTokenEntity($server))->setExpireTime(time() + 86400)
|
||||
);
|
||||
|
||||
$scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
|
||||
@@ -261,7 +261,7 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
|
||||
$refreshTokenStorage->shouldReceive('delete');
|
||||
$refreshTokenStorage->shouldReceive('create');
|
||||
$refreshTokenStorage->shouldReceive('get')->andReturn(
|
||||
(new RefreshTokenEntity($server))
|
||||
(new RefreshTokenEntity($server))->setExpireTime(time() + 86400)
|
||||
);
|
||||
|
||||
$scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
|
||||
@@ -285,6 +285,74 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
|
||||
$this->assertTrue(isset($response['expires_in']));
|
||||
}
|
||||
|
||||
public function testCompleteFlowExpiredRefreshToken()
|
||||
{
|
||||
$this->setExpectedException('League\OAuth2\Server\Exception\InvalidRefreshException');
|
||||
|
||||
$_POST = [
|
||||
'grant_type' => 'refresh_token',
|
||||
'client_id' => 'testapp',
|
||||
'client_secret' => 'foobar',
|
||||
'refresh_token' => 'refresh_token',
|
||||
'scope' => 'foo',
|
||||
];
|
||||
|
||||
$server = new AuthorizationServer();
|
||||
$grant = new RefreshTokenGrant();
|
||||
|
||||
$oldSession = (new SessionEntity($server))->associateScope((new ScopeEntity($server))->hydrate(['id' => 'foo']));
|
||||
|
||||
$clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
|
||||
$clientStorage->shouldReceive('setServer');
|
||||
$clientStorage->shouldReceive('get')->andReturn(
|
||||
(new ClientEntity($server))->hydrate(['id' => 'testapp'])
|
||||
);
|
||||
|
||||
$sessionStorage = M::mock('League\OAuth2\Server\Storage\SessionInterface');
|
||||
$sessionStorage->shouldReceive('setServer');
|
||||
$sessionStorage->shouldReceive('getScopes')->shouldReceive('getScopes')->andReturn([]);
|
||||
$sessionStorage->shouldReceive('associateScope');
|
||||
$sessionStorage->shouldReceive('getByAccessToken')->andReturn(
|
||||
$oldSession
|
||||
);
|
||||
|
||||
$accessTokenStorage = M::mock('League\OAuth2\Server\Storage\AccessTokenInterface');
|
||||
$accessTokenStorage->shouldReceive('setServer');
|
||||
$accessTokenStorage->shouldReceive('get')->andReturn(
|
||||
(new AccessTokenEntity($server))
|
||||
);
|
||||
$accessTokenStorage->shouldReceive('delete');
|
||||
$accessTokenStorage->shouldReceive('create');
|
||||
$accessTokenStorage->shouldReceive('getScopes')->andReturn([
|
||||
(new ScopeEntity($server))->hydrate(['id' => 'foo']),
|
||||
]);
|
||||
$accessTokenStorage->shouldReceive('associateScope');
|
||||
|
||||
$refreshTokenStorage = M::mock('League\OAuth2\Server\Storage\RefreshTokenInterface');
|
||||
$refreshTokenStorage->shouldReceive('setServer');
|
||||
$refreshTokenStorage->shouldReceive('associateScope');
|
||||
$refreshTokenStorage->shouldReceive('delete');
|
||||
$refreshTokenStorage->shouldReceive('create');
|
||||
$refreshTokenStorage->shouldReceive('get')->andReturn(
|
||||
(new RefreshTokenEntity($server))
|
||||
);
|
||||
|
||||
$scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
|
||||
$scopeStorage->shouldReceive('setServer');
|
||||
$scopeStorage->shouldReceive('get')->andReturn(
|
||||
(new ScopeEntity($server))->hydrate(['id' => 'foo'])
|
||||
);
|
||||
|
||||
$server->setClientStorage($clientStorage);
|
||||
$server->setScopeStorage($scopeStorage);
|
||||
$server->setSessionStorage($sessionStorage);
|
||||
$server->setAccessTokenStorage($accessTokenStorage);
|
||||
$server->setRefreshTokenStorage($refreshTokenStorage);
|
||||
|
||||
$server->addGrantType($grant);
|
||||
$server->issueAccessToken();
|
||||
}
|
||||
|
||||
public function testCompleteFlowRequestScopesInvalid()
|
||||
{
|
||||
$_POST = [
|
||||
@@ -332,7 +400,7 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
|
||||
$refreshTokenStorage->shouldReceive('delete');
|
||||
$refreshTokenStorage->shouldReceive('create');
|
||||
$refreshTokenStorage->shouldReceive('get')->andReturn(
|
||||
(new RefreshTokenEntity($server))
|
||||
(new RefreshTokenEntity($server))->setExpireTime(time() + 86400)
|
||||
);
|
||||
|
||||
$scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
|
||||
|
||||
Reference in New Issue
Block a user