mirror of
https://github.com/elyby/oauth2-server.git
synced 2025-05-31 14:12:07 +05:30
Compare commits
5 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
edaccab04b | ||
|
|
f8b61b47b9 | ||
|
|
b8331d12e4 | ||
|
|
92404ab2bf | ||
|
|
e1c0ff2685 |
@@ -1,5 +1,9 @@
|
|||||||
# Changelog
|
# Changelog
|
||||||
|
|
||||||
|
## 4.0.4 (released 2014-12-03)
|
||||||
|
|
||||||
|
* Ensure refresh token hasn't expired (Issue #270)
|
||||||
|
|
||||||
## 4.0.3 (released 2014-12-02)
|
## 4.0.3 (released 2014-12-02)
|
||||||
|
|
||||||
* Fix bad type hintings (Issue #267)
|
* Fix bad type hintings (Issue #267)
|
||||||
|
|||||||
@@ -102,7 +102,7 @@ class AuthorizationServer extends AbstractServer
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Check if a grant type has been enabled
|
* Check if a grant type has been enabled
|
||||||
* @param string $identifier The grant type identifier
|
* @param string $identifier The grant type identifier
|
||||||
* @return boolean Returns "true" if enabled, "false" if not
|
* @return boolean Returns "true" if enabled, "false" if not
|
||||||
*/
|
*/
|
||||||
public function hasGrantType($identifier)
|
public function hasGrantType($identifier)
|
||||||
@@ -247,7 +247,7 @@ class AuthorizationServer extends AbstractServer
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Return a grant type class
|
* Return a grant type class
|
||||||
* @param string $grantType The grant type identifier
|
* @param string $grantType The grant type identifier
|
||||||
* @return Grant\GrantTypeInterface
|
* @return Grant\GrantTypeInterface
|
||||||
* @throws
|
* @throws
|
||||||
*/
|
*/
|
||||||
|
|||||||
@@ -92,7 +92,7 @@ abstract class AbstractGrant implements GrantTypeInterface
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Override the default access token expire time
|
* Override the default access token expire time
|
||||||
* @param int $accessTokenTTL
|
* @param int $accessTokenTTL
|
||||||
* @return self
|
* @return self
|
||||||
*/
|
*/
|
||||||
public function setAccessTokenTTL($accessTokenTTL)
|
public function setAccessTokenTTL($accessTokenTTL)
|
||||||
@@ -114,9 +114,9 @@ abstract class AbstractGrant implements GrantTypeInterface
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Given a list of scopes, validate them and return an array of Scope entities
|
* Given a list of scopes, validate them and return an array of Scope entities
|
||||||
* @param string $scopeParam A string of scopes (e.g. "profile email birthday")
|
* @param string $scopeParam A string of scopes (e.g. "profile email birthday")
|
||||||
* @param \League\OAuth2\Server\Entity\ClientEntity $client Client entity
|
* @param \League\OAuth2\Server\Entity\ClientEntity $client Client entity
|
||||||
* @param string|null $redirectUri The redirect URI to return the user to
|
* @param string|null $redirectUri The redirect URI to return the user to
|
||||||
* @return \League\OAuth2\Server\Entity\ScopeEntity[]
|
* @return \League\OAuth2\Server\Entity\ScopeEntity[]
|
||||||
* @throws \League\OAuth2\Server\Exception\InvalidScopeException If scope is invalid, or no scopes passed when required
|
* @throws \League\OAuth2\Server\Exception\InvalidScopeException If scope is invalid, or no scopes passed when required
|
||||||
* @throws
|
* @throws
|
||||||
|
|||||||
@@ -57,7 +57,7 @@ class AuthCodeGrant extends AbstractGrant
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Override the default access token expire time
|
* Override the default access token expire time
|
||||||
* @param int $authTokenTTL
|
* @param int $authTokenTTL
|
||||||
* @return void
|
* @return void
|
||||||
*/
|
*/
|
||||||
public function setAuthTokenTTL($authTokenTTL)
|
public function setAuthTokenTTL($authTokenTTL)
|
||||||
@@ -118,11 +118,11 @@ class AuthCodeGrant extends AbstractGrant
|
|||||||
$scopes = $this->validateScopes($scopeParam, $client, $redirectUri);
|
$scopes = $this->validateScopes($scopeParam, $client, $redirectUri);
|
||||||
|
|
||||||
return [
|
return [
|
||||||
'client' => $client,
|
'client' => $client,
|
||||||
'redirect_uri' => $redirectUri,
|
'redirect_uri' => $redirectUri,
|
||||||
'state' => $state,
|
'state' => $state,
|
||||||
'response_type' => $responseType,
|
'response_type' => $responseType,
|
||||||
'scopes' => $scopes
|
'scopes' => $scopes
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -166,20 +166,15 @@ class AuthCodeGrant extends AbstractGrant
|
|||||||
public function completeFlow()
|
public function completeFlow()
|
||||||
{
|
{
|
||||||
// Get the required params
|
// Get the required params
|
||||||
$clientId = $this->server->getRequest()->request->get('client_id', null);
|
$clientId = $this->server->getRequest()->request->get('client_id', $this->server->getRequest()->getUser());
|
||||||
if (is_null($clientId)) {
|
if (is_null($clientId)) {
|
||||||
$clientId = $this->server->getRequest()->getUser();
|
throw new Exception\InvalidRequestException('client_id');
|
||||||
if (is_null($clientId)) {
|
|
||||||
throw new Exception\InvalidRequestException('client_id');
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$clientSecret = $this->server->getRequest()->request->get('client_secret', null);
|
$clientSecret = $this->server->getRequest()->request->get('client_secret',
|
||||||
|
$this->server->getRequest()->getPassword());
|
||||||
if (is_null($clientSecret)) {
|
if (is_null($clientSecret)) {
|
||||||
$clientSecret = $this->server->getRequest()->getPassword();
|
throw new Exception\InvalidRequestException('client_secret');
|
||||||
if (is_null($clientSecret)) {
|
|
||||||
throw new Exception\InvalidRequestException('client_secret');
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$redirectUri = $this->server->getRequest()->request->get('redirect_uri', null);
|
$redirectUri = $this->server->getRequest()->request->get('redirect_uri', null);
|
||||||
|
|||||||
@@ -55,20 +55,15 @@ class ClientCredentialsGrant extends AbstractGrant
|
|||||||
public function completeFlow()
|
public function completeFlow()
|
||||||
{
|
{
|
||||||
// Get the required params
|
// Get the required params
|
||||||
$clientId = $this->server->getRequest()->request->get('client_id', null);
|
$clientId = $this->server->getRequest()->request->get('client_id', $this->server->getRequest()->getUser());
|
||||||
if (is_null($clientId)) {
|
if (is_null($clientId)) {
|
||||||
$clientId = $this->server->getRequest()->getUser();
|
throw new Exception\InvalidRequestException('client_id');
|
||||||
if (is_null($clientId)) {
|
|
||||||
throw new Exception\InvalidRequestException('client_id');
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$clientSecret = $this->server->getRequest()->request->get('client_secret', null);
|
$clientSecret = $this->server->getRequest()->request->get('client_secret',
|
||||||
|
$this->server->getRequest()->getPassword());
|
||||||
if (is_null($clientSecret)) {
|
if (is_null($clientSecret)) {
|
||||||
$clientSecret = $this->server->getRequest()->getPassword();
|
throw new Exception\InvalidRequestException('client_secret');
|
||||||
if (is_null($clientSecret)) {
|
|
||||||
throw new Exception\InvalidRequestException('client_secret');
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Validate client ID and client secret
|
// Validate client ID and client secret
|
||||||
|
|||||||
@@ -65,7 +65,7 @@ class PasswordGrant extends AbstractGrant
|
|||||||
*/
|
*/
|
||||||
protected function getVerifyCredentialsCallback()
|
protected function getVerifyCredentialsCallback()
|
||||||
{
|
{
|
||||||
if (is_null($this->callback) || ! is_callable($this->callback)) {
|
if (is_null($this->callback) || !is_callable($this->callback)) {
|
||||||
throw new Exception\ServerErrorException('Null or non-callable callback set on Password grant');
|
throw new Exception\ServerErrorException('Null or non-callable callback set on Password grant');
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -80,20 +80,15 @@ class PasswordGrant extends AbstractGrant
|
|||||||
public function completeFlow()
|
public function completeFlow()
|
||||||
{
|
{
|
||||||
// Get the required params
|
// Get the required params
|
||||||
$clientId = $this->server->getRequest()->request->get('client_id', null);
|
$clientId = $this->server->getRequest()->request->get('client_id', $this->server->getRequest()->getUser());
|
||||||
if (is_null($clientId)) {
|
if (is_null($clientId)) {
|
||||||
$clientId = $this->server->getRequest()->getUser();
|
throw new Exception\InvalidRequestException('client_id');
|
||||||
if (is_null($clientId)) {
|
|
||||||
throw new Exception\InvalidRequestException('client_id');
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$clientSecret = $this->server->getRequest()->request->get('client_secret', null);
|
$clientSecret = $this->server->getRequest()->request->get('client_secret',
|
||||||
|
$this->server->getRequest()->getPassword());
|
||||||
if (is_null($clientSecret)) {
|
if (is_null($clientSecret)) {
|
||||||
$clientSecret = $this->server->getRequest()->getPassword();
|
throw new Exception\InvalidRequestException('client_secret');
|
||||||
if (is_null($clientSecret)) {
|
|
||||||
throw new Exception\InvalidRequestException('client_secret');
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Validate client ID and client secret
|
// Validate client ID and client secret
|
||||||
|
|||||||
@@ -36,7 +36,7 @@ class RefreshTokenGrant extends AbstractGrant
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Set the TTL of the refresh token
|
* Set the TTL of the refresh token
|
||||||
* @param int $refreshTokenTTL
|
* @param int $refreshTokenTTL
|
||||||
* @return void
|
* @return void
|
||||||
*/
|
*/
|
||||||
public function setRefreshTokenTTL($refreshTokenTTL)
|
public function setRefreshTokenTTL($refreshTokenTTL)
|
||||||
@@ -58,20 +58,15 @@ class RefreshTokenGrant extends AbstractGrant
|
|||||||
*/
|
*/
|
||||||
public function completeFlow()
|
public function completeFlow()
|
||||||
{
|
{
|
||||||
$clientId = $this->server->getRequest()->request->get('client_id', null);
|
$clientId = $this->server->getRequest()->request->get('client_id', $this->server->getRequest()->getUser());
|
||||||
if (is_null($clientId)) {
|
if (is_null($clientId)) {
|
||||||
$clientId = $this->server->getRequest()->getUser();
|
throw new Exception\InvalidRequestException('client_id');
|
||||||
if (is_null($clientId)) {
|
|
||||||
throw new Exception\InvalidRequestException('client_id');
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$clientSecret = $this->server->getRequest()->request->get('client_secret', null);
|
$clientSecret = $this->server->getRequest()->request->get('client_secret',
|
||||||
|
$this->server->getRequest()->getPassword());
|
||||||
if (is_null($clientSecret)) {
|
if (is_null($clientSecret)) {
|
||||||
$clientSecret = $this->server->getRequest()->getPassword();
|
throw new Exception\InvalidRequestException('client_secret');
|
||||||
if (is_null($clientSecret)) {
|
|
||||||
throw new Exception\InvalidRequestException('client_secret');
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Validate client ID and client secret
|
// Validate client ID and client secret
|
||||||
@@ -99,6 +94,11 @@ class RefreshTokenGrant extends AbstractGrant
|
|||||||
throw new Exception\InvalidRefreshException();
|
throw new Exception\InvalidRefreshException();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Ensure the old refresh token hasn't expired
|
||||||
|
if ($oldRefreshToken->isExpired() === true) {
|
||||||
|
throw new Exception\InvalidRefreshException();
|
||||||
|
}
|
||||||
|
|
||||||
$oldAccessToken = $oldRefreshToken->getAccessToken();
|
$oldAccessToken = $oldRefreshToken->getAccessToken();
|
||||||
|
|
||||||
// Get the scopes for the original session
|
// Get the scopes for the original session
|
||||||
|
|||||||
@@ -190,7 +190,7 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
|
|||||||
$refreshTokenStorage->shouldReceive('delete');
|
$refreshTokenStorage->shouldReceive('delete');
|
||||||
$refreshTokenStorage->shouldReceive('create');
|
$refreshTokenStorage->shouldReceive('create');
|
||||||
$refreshTokenStorage->shouldReceive('get')->andReturn(
|
$refreshTokenStorage->shouldReceive('get')->andReturn(
|
||||||
(new RefreshTokenEntity($server))
|
(new RefreshTokenEntity($server))->setExpireTime(time() + 86400)
|
||||||
);
|
);
|
||||||
|
|
||||||
$scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
|
$scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
|
||||||
@@ -261,7 +261,7 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
|
|||||||
$refreshTokenStorage->shouldReceive('delete');
|
$refreshTokenStorage->shouldReceive('delete');
|
||||||
$refreshTokenStorage->shouldReceive('create');
|
$refreshTokenStorage->shouldReceive('create');
|
||||||
$refreshTokenStorage->shouldReceive('get')->andReturn(
|
$refreshTokenStorage->shouldReceive('get')->andReturn(
|
||||||
(new RefreshTokenEntity($server))
|
(new RefreshTokenEntity($server))->setExpireTime(time() + 86400)
|
||||||
);
|
);
|
||||||
|
|
||||||
$scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
|
$scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
|
||||||
@@ -285,6 +285,74 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
|
|||||||
$this->assertTrue(isset($response['expires_in']));
|
$this->assertTrue(isset($response['expires_in']));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testCompleteFlowExpiredRefreshToken()
|
||||||
|
{
|
||||||
|
$this->setExpectedException('League\OAuth2\Server\Exception\InvalidRefreshException');
|
||||||
|
|
||||||
|
$_POST = [
|
||||||
|
'grant_type' => 'refresh_token',
|
||||||
|
'client_id' => 'testapp',
|
||||||
|
'client_secret' => 'foobar',
|
||||||
|
'refresh_token' => 'refresh_token',
|
||||||
|
'scope' => 'foo',
|
||||||
|
];
|
||||||
|
|
||||||
|
$server = new AuthorizationServer();
|
||||||
|
$grant = new RefreshTokenGrant();
|
||||||
|
|
||||||
|
$oldSession = (new SessionEntity($server))->associateScope((new ScopeEntity($server))->hydrate(['id' => 'foo']));
|
||||||
|
|
||||||
|
$clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
|
||||||
|
$clientStorage->shouldReceive('setServer');
|
||||||
|
$clientStorage->shouldReceive('get')->andReturn(
|
||||||
|
(new ClientEntity($server))->hydrate(['id' => 'testapp'])
|
||||||
|
);
|
||||||
|
|
||||||
|
$sessionStorage = M::mock('League\OAuth2\Server\Storage\SessionInterface');
|
||||||
|
$sessionStorage->shouldReceive('setServer');
|
||||||
|
$sessionStorage->shouldReceive('getScopes')->shouldReceive('getScopes')->andReturn([]);
|
||||||
|
$sessionStorage->shouldReceive('associateScope');
|
||||||
|
$sessionStorage->shouldReceive('getByAccessToken')->andReturn(
|
||||||
|
$oldSession
|
||||||
|
);
|
||||||
|
|
||||||
|
$accessTokenStorage = M::mock('League\OAuth2\Server\Storage\AccessTokenInterface');
|
||||||
|
$accessTokenStorage->shouldReceive('setServer');
|
||||||
|
$accessTokenStorage->shouldReceive('get')->andReturn(
|
||||||
|
(new AccessTokenEntity($server))
|
||||||
|
);
|
||||||
|
$accessTokenStorage->shouldReceive('delete');
|
||||||
|
$accessTokenStorage->shouldReceive('create');
|
||||||
|
$accessTokenStorage->shouldReceive('getScopes')->andReturn([
|
||||||
|
(new ScopeEntity($server))->hydrate(['id' => 'foo']),
|
||||||
|
]);
|
||||||
|
$accessTokenStorage->shouldReceive('associateScope');
|
||||||
|
|
||||||
|
$refreshTokenStorage = M::mock('League\OAuth2\Server\Storage\RefreshTokenInterface');
|
||||||
|
$refreshTokenStorage->shouldReceive('setServer');
|
||||||
|
$refreshTokenStorage->shouldReceive('associateScope');
|
||||||
|
$refreshTokenStorage->shouldReceive('delete');
|
||||||
|
$refreshTokenStorage->shouldReceive('create');
|
||||||
|
$refreshTokenStorage->shouldReceive('get')->andReturn(
|
||||||
|
(new RefreshTokenEntity($server))
|
||||||
|
);
|
||||||
|
|
||||||
|
$scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
|
||||||
|
$scopeStorage->shouldReceive('setServer');
|
||||||
|
$scopeStorage->shouldReceive('get')->andReturn(
|
||||||
|
(new ScopeEntity($server))->hydrate(['id' => 'foo'])
|
||||||
|
);
|
||||||
|
|
||||||
|
$server->setClientStorage($clientStorage);
|
||||||
|
$server->setScopeStorage($scopeStorage);
|
||||||
|
$server->setSessionStorage($sessionStorage);
|
||||||
|
$server->setAccessTokenStorage($accessTokenStorage);
|
||||||
|
$server->setRefreshTokenStorage($refreshTokenStorage);
|
||||||
|
|
||||||
|
$server->addGrantType($grant);
|
||||||
|
$server->issueAccessToken();
|
||||||
|
}
|
||||||
|
|
||||||
public function testCompleteFlowRequestScopesInvalid()
|
public function testCompleteFlowRequestScopesInvalid()
|
||||||
{
|
{
|
||||||
$_POST = [
|
$_POST = [
|
||||||
@@ -332,7 +400,7 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
|
|||||||
$refreshTokenStorage->shouldReceive('delete');
|
$refreshTokenStorage->shouldReceive('delete');
|
||||||
$refreshTokenStorage->shouldReceive('create');
|
$refreshTokenStorage->shouldReceive('create');
|
||||||
$refreshTokenStorage->shouldReceive('get')->andReturn(
|
$refreshTokenStorage->shouldReceive('get')->andReturn(
|
||||||
(new RefreshTokenEntity($server))
|
(new RefreshTokenEntity($server))->setExpireTime(time() + 86400)
|
||||||
);
|
);
|
||||||
|
|
||||||
$scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
|
$scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
|
||||||
|
|||||||
Reference in New Issue
Block a user