ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2025-05-31 14:12:07 +05:30
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: ElyBy-Mirror:4.0.4
Branches Tags
ElyBy-Mirror:master ElyBy-Mirror:abstract_crypt_key ElyBy-Mirror:adaptation ElyBy-Mirror:export_redirect_uri ElyBy-Mirror:gh-pages ElyBy-Mirror:update-examples-for-version-8 ElyBy-Mirror:7.3.x ElyBy-Mirror:4.1.x ElyBy-Mirror:5.1.x ElyBy-Mirror:7.0.0-WIP ElyBy-Mirror:gh-pages-v4
ElyBy-Mirror:8.0.0 ElyBy-Mirror:7.4.0 ElyBy-Mirror:7.3.3 ElyBy-Mirror:7.3.2 ElyBy-Mirror:7.3.1 ElyBy-Mirror:7.3.0 ElyBy-Mirror:7.2.0 ElyBy-Mirror:4.1.7 ElyBy-Mirror:7.1.1 ElyBy-Mirror:7.1.0 ElyBy-Mirror:7.0.0 ElyBy-Mirror:6.1.1 ElyBy-Mirror:6.1.0 ElyBy-Mirror:5.1.6 ElyBy-Mirror:6.0.2 ElyBy-Mirror:6.0.1 ElyBy-Mirror:5.1.5 ElyBy-Mirror:6.0.0 ElyBy-Mirror:5.1.4 ElyBy-Mirror:5.1.3 ElyBy-Mirror:5.1.2 ElyBy-Mirror:4.1.6 ElyBy-Mirror:5.1.1 ElyBy-Mirror:5.1.0 ElyBy-Mirror:5.0.3 ElyBy-Mirror:5.0.2 ElyBy-Mirror:5.0.1 ElyBy-Mirror:5.0.0 ElyBy-Mirror:5.0.0-RC2 ElyBy-Mirror:5.0.0-RC1 ElyBy-Mirror:4.1.5 ElyBy-Mirror:4.1.4 ElyBy-Mirror:4.1.3 ElyBy-Mirror:4.1.2 ElyBy-Mirror:4.1.1 ElyBy-Mirror:4.1.0 ElyBy-Mirror:4.0.5 ElyBy-Mirror:4.0.4 ElyBy-Mirror:4.0.3 ElyBy-Mirror:4.0.2 ElyBy-Mirror:4.0.1 ElyBy-Mirror:4.0.0 ElyBy-Mirror:3.2.4 ElyBy-Mirror:3.2.3 ElyBy-Mirror:3.2.2 ElyBy-Mirror:3.2.1 ElyBy-Mirror:2.1.3 ElyBy-Mirror:2.1.2 ElyBy-Mirror:3.2 ElyBy-Mirror:3.1.2 ElyBy-Mirror:3.1.1 ElyBy-Mirror:3.1.0 ElyBy-Mirror:3.0.1 ElyBy-Mirror:3.0.0 ElyBy-Mirror:1.0.9 ElyBy-Mirror:2.1.1 ElyBy-Mirror:2.1 ElyBy-Mirror:2.0.5 ElyBy-Mirror:2.0.4 ElyBy-Mirror:2.0.3 ElyBy-Mirror:2.0.2 ElyBy-Mirror:2.0.1 ElyBy-Mirror:2.0 ElyBy-Mirror:1.0.8 ElyBy-Mirror:1.0.7 ElyBy-Mirror:1.0.6 ElyBy-Mirror:1.0.5 ElyBy-Mirror:1.0.4 ElyBy-Mirror:1.0.3 ElyBy-Mirror:1.0.2 ElyBy-Mirror:1.0.1 ElyBy-Mirror:1.0.0 ElyBy-Mirror:0.4.2 ElyBy-Mirror:0.4.1 ElyBy-Mirror:0.4 ElyBy-Mirror:0.3.5 ElyBy-Mirror:0.3.4 ElyBy-Mirror:0.3.3 ElyBy-Mirror:0.3.2 ElyBy-Mirror:0.3.1 ElyBy-Mirror:0.3 ElyBy-Mirror:0.2.3 ElyBy-Mirror:0.2.2 ElyBy-Mirror:0.2.1 ElyBy-Mirror:0.2 ElyBy-Mirror:0.1
...
compare: ElyBy-Mirror:4.1.x
Branches Tags
ElyBy-Mirror:abstract_crypt_key ElyBy-Mirror:adaptation ElyBy-Mirror:export_redirect_uri ElyBy-Mirror:master ElyBy-Mirror:gh-pages ElyBy-Mirror:update-examples-for-version-8 ElyBy-Mirror:7.3.x ElyBy-Mirror:4.1.x ElyBy-Mirror:5.1.x ElyBy-Mirror:7.0.0-WIP ElyBy-Mirror:gh-pages-v4
ElyBy-Mirror:8.0.0 ElyBy-Mirror:7.4.0 ElyBy-Mirror:7.3.3 ElyBy-Mirror:7.3.2 ElyBy-Mirror:7.3.1 ElyBy-Mirror:7.3.0 ElyBy-Mirror:7.2.0 ElyBy-Mirror:4.1.7 ElyBy-Mirror:7.1.1 ElyBy-Mirror:7.1.0 ElyBy-Mirror:7.0.0 ElyBy-Mirror:6.1.1 ElyBy-Mirror:6.1.0 ElyBy-Mirror:5.1.6 ElyBy-Mirror:6.0.2 ElyBy-Mirror:6.0.1 ElyBy-Mirror:5.1.5 ElyBy-Mirror:6.0.0 ElyBy-Mirror:5.1.4 ElyBy-Mirror:5.1.3 ElyBy-Mirror:5.1.2 ElyBy-Mirror:4.1.6 ElyBy-Mirror:5.1.1 ElyBy-Mirror:5.1.0 ElyBy-Mirror:5.0.3 ElyBy-Mirror:5.0.2 ElyBy-Mirror:5.0.1 ElyBy-Mirror:5.0.0 ElyBy-Mirror:5.0.0-RC2 ElyBy-Mirror:5.0.0-RC1 ElyBy-Mirror:4.1.5 ElyBy-Mirror:4.1.4 ElyBy-Mirror:4.1.3 ElyBy-Mirror:4.1.2 ElyBy-Mirror:4.1.1 ElyBy-Mirror:4.1.0 ElyBy-Mirror:4.0.5 ElyBy-Mirror:4.0.4 ElyBy-Mirror:4.0.3 ElyBy-Mirror:4.0.2 ElyBy-Mirror:4.0.1 ElyBy-Mirror:4.0.0 ElyBy-Mirror:3.2.4 ElyBy-Mirror:3.2.3 ElyBy-Mirror:3.2.2 ElyBy-Mirror:3.2.1 ElyBy-Mirror:2.1.3 ElyBy-Mirror:2.1.2 ElyBy-Mirror:3.2 ElyBy-Mirror:3.1.2 ElyBy-Mirror:3.1.1 ElyBy-Mirror:3.1.0 ElyBy-Mirror:3.0.1 ElyBy-Mirror:3.0.0 ElyBy-Mirror:1.0.9 ElyBy-Mirror:2.1.1 ElyBy-Mirror:2.1 ElyBy-Mirror:2.0.5 ElyBy-Mirror:2.0.4 ElyBy-Mirror:2.0.3 ElyBy-Mirror:2.0.2 ElyBy-Mirror:2.0.1 ElyBy-Mirror:2.0 ElyBy-Mirror:1.0.8 ElyBy-Mirror:1.0.7 ElyBy-Mirror:1.0.6 ElyBy-Mirror:1.0.5 ElyBy-Mirror:1.0.4 ElyBy-Mirror:1.0.3 ElyBy-Mirror:1.0.2 ElyBy-Mirror:1.0.1 ElyBy-Mirror:1.0.0 ElyBy-Mirror:0.4.2 ElyBy-Mirror:0.4.1 ElyBy-Mirror:0.4 ElyBy-Mirror:0.3.5 ElyBy-Mirror:0.3.4 ElyBy-Mirror:0.3.3 ElyBy-Mirror:0.3.2 ElyBy-Mirror:0.3.1 ElyBy-Mirror:0.3 ElyBy-Mirror:0.2.3 ElyBy-Mirror:0.2.2 ElyBy-Mirror:0.2.1 ElyBy-Mirror:0.2 ElyBy-Mirror:0.1

111 Commits
4.0.4 ... 4.1.x

Author SHA1 Message Date
Andrew Millington
138524984a Merge pull request #918 from Sephster/fix-914 
Fix empty issue in PHP 5.4
 2018-06-23 17:27:31 +01:00
sephster
8335935854 Fix empty issue in PHP 5.4 2018-06-22 13:47:22 +01:00
Alex Bilbie
3bec591393 Changelog update 2016-09-13 14:42:53 +01:00
Alex Bilbie
084b779cc6 Merge pull request #652 from rickshawhobo/4.1.x 
less restrictive on Authorization header check
 2016-09-13 14:38:47 +01:00
Guy Huynh
491f3f0e95 less restrictive on Authorization header check 2016-09-08 10:20:34 -04:00
Alex Bilbie
c5db707e69 Updated changelog 2016-01-04 19:56:12 +00:00
Alex Bilbie
ed7f78179a Merge pull request #412 from derrabus/symfony-3 
Allow Symfony 3.0
 2015-12-20 20:38:02 +00:00
Alexander M. Turek
6e92239dd7 Allow Symfony 3.0. 2015-12-11 15:24:13 +01:00
Alex Bilbie
f5d731def9 Updated changelog 2015-11-13 17:52:27 +00:00
Alex Bilbie
03815cec6d Merge pull request #388 from m4tthumphrey/master 
Added priority argument
 2015-10-13 11:21:52 +01:00
Matt Humphrey
c71dc47459 Added priority argument 2015-10-13 11:16:49 +01:00
Alex Bilbie
3bcd8fc3f8 Removed runs and increased timeout 2015-09-26 11:26:17 +01:00
Alex Bilbie
db6d4e0dc6 Only send data to Scrutinizer only for PHP 5.6 2015-09-26 11:25:26 +01:00
Alex Bilbie
f19189a999 Merge pull request #345 from mpipet/master 
Expose parameter passed to exceptions
 2015-09-04 08:38:35 +01:00
Alex Bilbie
ec9c91cc11 Update .scrutinizer.yml 2015-09-04 08:37:12 +01:00
Alex Bilbie
c3457107ee Merge pull request #370 from michaelhogg/fix-bug-hmac-encoding 
Fix bug: hash_hmac() should output raw binary data, not hexits
 2015-09-04 08:36:33 +01:00
Alex Bilbie
a9f61fd3ed Merge pull request #377 from starJammer/master 
AuthCodeGrant and RefreshTokenGrant don't require client_secret
 2015-09-04 08:29:39 +01:00
Alex Bilbie
b78d8ca1d8 Merge pull request #364 from apollopy/master 
Too idealistic. Should allow the client and server have some time difference.
 2015-09-04 08:28:14 +01:00
Jerry Saravia
8f82e8ef86 Added test for setRequireClientSecret 2015-09-03 23:16:09 -04:00
Jerry Saravia
d88e01c7dd Making client secret optional during refresh and access token requsets. 2015-09-03 22:50:35 -04:00
Michael Hogg
d21374fb0b Merge remote-tracking branch 'thephpleague/master' into fix-bug-hmac-encoding 2015-09-02 09:50:46 +01:00
Alex Bilbie
31e5f4d33c Merge pull request #368 from apollopy/mac_token_only_header 
Mac token only get to header
 2015-09-01 14:33:58 +01:00
Alex Bilbie
a773405adf Merge pull request #369 from joaopramos/mac-refresh-tokens 
Mac refresh tokens
 2015-09-01 14:32:45 +01:00
Alex Bilbie
ccc845b195 Merge pull request #371 from michaelhogg/fix-bug-base64-regex 
Fix bug: regex doesn't match all Base64 characters
 2015-09-01 14:30:38 +01:00
Alex Bilbie
21cd917892 Merge pull request #372 from michaelhogg/fix-bug-request-uri 
Fix bug: incorrect signature parameter
 2015-09-01 14:29:41 +01:00
Michael Hogg
a2c418ee07 Fix bug: incorrect signature parameter 2015-08-28 16:41:12 +01:00
Michael Hogg
b220368583 Fix bug: regex doesn't match all Base64 characters 2015-08-28 14:01:22 +01:00
Michael Hogg
2d26c38d6c Update unit test: testDetermineAccessTokenInHeaderValid() 2015-08-28 13:11:20 +01:00
Michael Hogg
eeaa68400f Fix bug: hash_hmac() should output raw binary data, not hexits 2015-08-28 12:46:53 +01:00
joao
56c73d2427 ISSUE #356: added the refresh token to the mac token type response 2015-08-28 10:40:13 +00:00
joao
f632fcc997 ISSUE #356: added the refresh token to the mac token type response 2015-08-28 10:38:45 +00:00
ApolloPY
618d84ddcf Mac token only get to header 2015-08-22 01:47:59 +08:00
apollopy
ace42e89e0 change to 300 seconds 2015-08-21 20:02:42 +08:00
ApolloPY
c496df98e4 Too idealistic. Should allow the client and server have some time difference. 2015-08-21 17:17:51 +08:00
Alex Bilbie
2496653968 Merge pull request #342 from gaomd/master 
Fix #328, strict check Bearer token
 2015-08-21 09:00:02 +01:00
Alex Bilbie
abf66ef9c8 Merge pull request #346 from Korri/Korri-patch-removed-duplicate-routing 
Removed duplicate routing setup code
 2015-08-21 08:59:35 +01:00
Alex Bilbie
4b9ec488f4 Merge pull request #352 from daveblake/master 
Fix typo in docblock
 2015-07-13 21:55:43 +01:00
DavidBlake
726d879607 Fix typo in docblock 2015-06-18 13:27:58 +01:00
Mathieu Pipet
b256195421 Expose parameter passed to exceptions 2015-06-09 17:42:25 +02:00
Mathieu Pipet
c84ea1ea62 Expose parameter passed to exceptions 2015-06-09 17:30:13 +02:00
Hugo Vacher
16685ccde4 Removed duplicate routing setup code 2015-06-08 15:50:55 -04:00
Mengdi Gao
7934c7bb53 Fix #328, strict check Bearer token 2015-06-01 21:36:44 +08:00
Alex Bilbie
c174b6fc65 Merge pull request #341 from thephpleague/philsturgeon-patch-1 
Added integration list to readme
 2015-05-20 13:22:42 +01:00
Phil Sturgeon
75ced70248 Added integration list to readme 
I figure it's a good idea to let people know where they can find their bridge packages to save em looking or building their own framework specific nonsense.
 2015-05-17 13:33:50 -04:00
Alex Bilbie
5b7fdaeece Merge pull request #330 from jakeasmith/patch-1 
Just a typo fix
 2015-04-16 17:48:00 +01:00
Jake A. Smith
430a752315 Just a typo fix 2015-04-16 10:41:37 -05:00
Alex Bilbie
810544ec0a Changelog update 2015-03-22 23:32:45 +00:00
Alex Bilbie
34a6b66b8c More .travis.yml updates 2015-03-22 23:19:36 +00:00
Alex Bilbie
61738a7fe2 Added fast_finish: true to .travis.yml 2015-03-22 23:13:41 +00:00
Alex Bilbie
51184259d1 Merge pull request #323 from rdohms/interface-docs 
Updated Interface Docs
 2015-03-20 11:43:47 +00:00
rdohms
b21de11429 Updated Interface Docs 
Made phpdocs match expectations like null when not found and using array notation for indicating array of <object>
 2015-03-20 11:33:03 +01:00
Alex Bilbie
cf6e86c9d4 Merge pull request #319 from Fuxy22/patch-1 
Fixed missing session scope
 2015-03-13 11:03:05 +00:00
Alex Bilbie
f6fdbc7142 Added PHP 7.0 testing 2015-03-03 22:00:47 +00:00
Norbert Fuksz
7f7f45662a Fixed missing session scope 
Close #297
 2015-03-02 17:47:48 +00:00
Alex Bilbie
f92a68cc72 Merge branch 'master' of github.com:thephpleague/oauth2-server 2015-02-22 19:47:44 +00:00
Alex Bilbie
295d8ffa24 Updated league/event to ~2.1. Fixes #311 2015-02-22 19:47:27 +00:00
Alex Bilbie
3d08140651 Merge pull request #300 from vvllaadd/patch-2 
Probable bug
 2015-02-22 19:45:14 +00:00
Alex Bilbie
ec8a8393ee Merge pull request #310 from ismailbaskin/master 
typo
 2015-02-10 10:03:53 +00:00
Ismail BASKIN
3869b8f406 typo 2015-02-10 10:28:57 +02:00
Alex Bilbie
7da7484008 Added security section 2015-02-05 16:14:59 +00:00
Alex Bilbie
b42ba4af17 Merge pull request #303 from hannesvdvreken/fix/consistent-use-and-fqcn 
Boyscouting the php docs to always use FQCNs
 2015-01-23 10:47:26 +00:00
Hannes Van De Vreken
dd795a82f4 Changed the order and added missing throws 2015-01-23 11:21:12 +01:00
Hannes Van De Vreken
166362d3cd Boyscouting the php docs to always use FQCNs 2015-01-23 11:17:19 +01:00
Vlad
d43391564c Probable bug 
AccessTokenStorage::delete should delete the token, not the scope associated with the token
 2015-01-15 14:20:54 +01:00
Alex Bilbie
ea6edf572a Changelog update 2015-01-01 12:56:20 +00:00
Alex Bilbie
19b64c2e65 Merge pull request #290 from sarciszewski/patch-1 
Remove side-effects in hash_equals()
 2015-01-01 12:52:03 +00:00
Scott Arciszewski
612775466c Remove side-effects in hash_equals() 
This is functionally identical, but without the side-effect of defining a function in the current namespace.

Also, it uses absolute function reference (`\hash_equals` instead of `hash_equals`) because if someone defined `League\OAuth2\Server\TokenType\hash_equals()` elsewhere, it would try that first.

Kudos for using `hash_equals()` in your original design for this feature. Many OAuth2 implementations neglect this nuance :)
 2015-01-01 01:34:22 -05:00
Alex Bilbie
740ea24e08 Changelog update 2014-12-31 16:03:26 +00:00
Alex Bilbie
e1c14abf6c Lowered symfony/http-foundation to ~2.4 so Laravel can use it 2014-12-31 15:51:52 +00:00
Alex Bilbie
d1aae27359 Version bump 2014-12-27 23:01:11 +00:00
Alex Bilbie
80aeaf9200 Merge branch 'Symplicity-master' into release/4.1.0 2014-12-27 23:00:17 +00:00
Alex Bilbie
282bb20cc8 Fix docblocks + method name 2014-12-27 23:00:11 +00:00
Alex Bilbie
b727be55a2 Merge branch 'master' of https://github.com/Symplicity/oauth2-server into Symplicity-master 2014-12-27 22:57:08 +00:00
Alex Bilbie
cf80a2d6ce README update 2014-12-27 22:55:30 +00:00
Alex Bilbie
72a5c1794a Remove unused namespace 2014-12-27 22:50:13 +00:00
Alex Bilbie
707c85b0d6 Fixes and tests 2014-12-27 22:26:31 +00:00
Alex Bilbie
c56562b0b8 PSR fixes 2014-12-27 21:38:01 +00:00
Alex Bilbie
d0b2498b43 Ignore PHPStorm 2014-12-27 21:35:45 +00:00
Alex Bilbie
17be6f4549 Added MacTokenInterface 2014-12-27 21:35:45 +00:00
Alex Bilbie
b50fbff1e3 Update docblock 2014-12-27 21:35:45 +00:00
Alex Bilbie
7375a348c6 PHP code fix 2014-12-27 21:35:45 +00:00
Alex Bilbie
ae5dd9ce65 Added MAC TokenType 2014-12-27 21:35:45 +00:00
Alex Bilbie
f9e56ff62a Added MAC storage getter and setter 2014-12-27 21:35:45 +00:00
Alex Bilbie
1bcf7ee20f Update .travis.yml 2014-12-26 17:03:35 +00:00
Alex Bilbie
bee9c6a51d Added Gitter.im 2014-12-26 16:59:09 +00:00
Dave Walker
851c7c0eb1 Per the spec: 
The authorization server MAY issue a new refresh token, in which case
   the client MUST discard the old refresh token and replace it with the
   new refresh token.  The authorization server MAY revoke the old
   refresh token after issuing a new refresh token to the client.  If a
   new refresh token is issued, the refresh token scope MUST be
   identical to that of the refresh token included by the client in the
   request.

This commit allows users to specifiy the time before the Refresh Token
expire time to issue a new Refresh Token.

alter method names, naming convention(?)
 2014-12-21 18:51:52 -05:00
Alex Bilbie
7fff4a8fe8 Merge pull request #280 from danprime/master 
Fix Example Init Code
 2014-12-17 10:10:50 +00:00
Alex Bilbie
44ac01ee0e Merge pull request #284 from mortenhauberg/fix-misspelling 
Changed "paremter" to "parameter"
 2014-12-16 19:48:40 +00:00
mortenhauberg
60bd334b46 Changed "paremter" to "parameter" 2014-12-16 19:04:03 +01:00
Alex Bilbie
7398bee59e Version bump 2014-12-15 17:34:38 +00:00
Alex Bilbie
40420f27ed Merge pull request #282 from maknz/master 
Prevent duplicate session in auth code grant
 2014-12-15 16:27:02 +00:00
Regan
d32bfaa757 Prevent duplicate session in auth code grant 
The session already exists in the database, so we don't need to save it again. Doing so results in the session used for the auth code hanging around in the database with nothing associated to it, while the access token is associated to a new session caused by the `save()` method creating a duplicate. Fixes #266.
 2014-12-15 15:09:36 +13:00
Daniel Tse
2653a174bb Update init.php 2014-12-12 10:25:52 -07:00
Daniel Tse
676fb4c06a Fix column declarations and references so that foreign keys and references work. 2014-12-11 15:50:42 -07:00
Alex Bilbie
7f815275d6 Fixes for .travis.yml 2014-12-11 14:25:35 +00:00
Alex Bilbie
a056e2fe03 Adding coverage to ghpages 2014-12-11 14:20:53 +00:00
Alex Bilbie
48d9fde133 Merge pull request #277 from GrahamCampbell/patch-1 
Removed an extra new line
 2014-12-10 15:19:50 +00:00
Graham Campbell
a12786cbd5 Removed an extra new line 2014-12-10 15:18:49 +00:00
Alex Bilbie
164cc6ddb9 Merge pull request #269 from Hywan/fix_example_api 
Fix bad accesses and bad arguments
 2014-12-10 15:13:10 +00:00
Alex Bilbie
27f51d33e1 Merge pull request #271 from inverse/example-fix 
Example fix
 2014-12-10 15:12:40 +00:00
Alex Bilbie
2108c88dfb Merge pull request #276 from GrahamCampbell/cs 
CS Fixes
 2014-12-10 15:12:16 +00:00
Graham Campbell
a1726903b5 CS fixes 2014-12-10 13:10:35 +00:00
Alex Bilbie
8075190e0c Merge pull request #275 from Hywan/cs 
Fix API CS.
 2014-12-10 09:58:06 +00:00
Ivan Enderlin
3b176fe220 Fix API CS. 2014-12-09 14:40:39 +01:00
Ivan Enderlin
986dc59627 The create method returns void. 2014-12-09 14:40:39 +01:00
Ivan Enderlin
0878897969 Fix API CS. 2014-12-09 14:15:36 +01:00
Alex Bilbie
0ce7ecb45a Merge pull request #273 from sarciszewski/patch-1 
Make Util/KeyAlgorithm/DefaultAlgorithm guarantee $len bytes of output even in edge cases.
 2014-12-09 12:53:04 +00:00
Scott Arciszewski
7a63f42462 Update DefaultAlgorithm.php 
Prevent edge-case whereby, if the majority of `base64_encode($bytes)` consists of `/` or `+` characters, the resulting key will be shorter and less unpredictable (due to a smaller keyspace) than anticipated.

As a result, the `$len * 2` hack has been removed. Although it is highly probable that `$len * 2` will stop most edge cases from occurring, it does not actually guarantee the end result will be at least 40 characters long.
 2014-12-08 18:40:31 -05:00
Malachi Soord
774341c346 Fixed tokeninfo 2014-12-05 18:24:24 +01:00
Malachi Soord
c8983b35a0 Fixed example API hasScope reference 2014-12-05 18:12:19 +01:00
Ivan Enderlin
3b17872f10 Fix bad accesses and bad arguments. 2014-12-02 11:54:45 +01:00
63 changed files with 1255 additions and 202 deletions
Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -11,4 +11,5 @@
/tests/codecept/tests/_log /tests/codecept/tests/_log
oauth2-server.paw oauth2-server.paw
/output_*/ /output_*/
/_site /_site
.idea

5
.scrutinizer.yml
View File

@@ -21,8 +21,7 @@ checks:
fix_doc_comments: true fix_doc_comments: true
tools: tools:
external_code_coverage: external_code_coverage:
timeout: 600 timeout: 1800
runs: 3
php_code_coverage: false php_code_coverage: false
php_code_sniffer: php_code_sniffer:
config: config:
@@ -34,4 +33,4 @@ tools:
excluded_dirs: [vendor, tests, examples] excluded_dirs: [vendor, tests, examples]
php_cpd: php_cpd:
enabled: true enabled: true
excluded_dirs: [vendor, tests, examples] excluded_dirs: [vendor, tests, examples]

44
.travis.yml
View File

@@ -1,18 +1,56 @@
language: php language: php
sudo: false
cache:
directories:
- vendor
php: php:
- 5.4 - 5.4
- 5.5 - 5.5
- 5.6 - 5.6
- 7.0
- hhvm - hhvm
matrix:
allow_failures:
- php: 7.0
fast_finish: true
install: install:
- travis_retry composer install --no-interaction --prefer-source - travis_retry composer install --no-interaction --prefer-source
script: script:
- mkdir -p build/logs - mkdir -p build/logs
- phpunit --coverage-text --verbose --coverage-clover=coverage.clover - phpunit --coverage-text --verbose --coverage-clover=coverage.clover --coverage-html coverage
after_script: after_script:
- wget https://scrutinizer-ci.com/ocular.phar - bash -c 'if [ "$TRAVIS_PHP_VERSION" == "5.6" ]; then wget https://scrutinizer-ci.com/ocular.phar; fi;
- php ocular.phar code-coverage:upload --format=php-clover coverage.clover - bash -c 'if [ "$TRAVIS_PHP_VERSION" == "5.6" ]; then php ocular.phar code-coverage:upload --format=php-clover coverage.clover; fi;
- git config --global user.email "travis@travis-ci.org"
- git config --global user.name "TravisCI"
- cp -R coverage ${HOME}/coverage
- cd ${HOME}
- git clone --quiet --branch=gh-pages https://${GITHUBTOKEN}@github.com/thephpleague/oauth2-server.git gh-pages > /dev/null
- cd gh-pages
- mkdir ${TRAVIS_BRANCH}
- cd ${TRAVIS_BRANCH}
- cp -Rf $HOME/coverage/* .
- git add -f .
- git commit -m "Travis pushed coverage of ${TRAVIS_COMMIT}@${TRAVIS_BRANCH} to gh-pages"
- git push -fq origin gh-pages > /dev/null
branches:
only:
- master
env:
global:
secure: "C4wD/BQefKSu9W594iyLp+IBCjlM8kKlmp+nXKXnZGi0L8IkV3m4mmNOb8PExxGMhZ3mlev5DnU4Uoh4oJaUxnkR1FpX4dSEpyzU3VknUzSE2yZOlL+bdCw3o85TGoCcp/+ReJCOw5sncxTskJKHlW1YMa33FznaXwLNoImpjTg="
notifications:
webhooks:
urls:
- https://webhooks.gitter.im/e/7de0ca12596cd5268f30
on_success: always # options: [always|never|change] default: always
on_failure: always # options: [always|never|change] default: always
on_start: false # default: false

54
CHANGELOG.md
View File

@@ -1,5 +1,59 @@
# Changelog # Changelog
## 4.1.6 (released 2016-09-13)
* Less restrictive on Authorization header check (Issue #652)
## 4.1.5 (released 2016-01-04)
* Enable Symfony 3.0 support (#412)
## 4.1.4 (released 2015-11-13)
* Fix for determining access token in header (Issue #328)
* Refresh tokens are now returned for MAC responses (Issue #356)
* Added integration list to readme (Issue #341)
* Expose parameter passed to exceptions (Issue #345)
* Removed duplicate routing setup code (Issue #346)
* Docs fix (Issues #347, #360, #380)
* Examples fix (Issues #348, #358)
* Fix typo in docblock (Issue #352)
* Improved timeouts for MAC tokens (Issue #364)
* `hash_hmac()` should output raw binary data, not hexits (Issue #370)
* Improved regex for matching all Base64 characters (Issue #371)
* Fix incorrect signature parameter (Issue #372)
* AuthCodeGrant and RefreshTokenGrant don't require client_secret (Issue #377)
* Added priority argument to event listener (Issue #388)
## 4.1.3 (released 2015-03-22)
* Docblock, namespace and inconsistency fixes (Issue #303)
* Docblock type fix (Issue #310)
* Example bug fix (Issue #300)
* Updated league/event to ~2.1 (Issue #311)
* Fixed missing session scope (Issue #319)
* Updated interface docs (Issue #323)
* `.travis.yml` updates
## 4.1.2 (released 2015-01-01)
* Remove side-effects in hash_equals() implementation (Issue #290)
## 4.1.1 (released 2014-12-31)
* Changed `symfony/http-foundation` dependency version to `~2.4` so package can be installed in Laravel `4.1.*`
## 4.1.0 (released 2014-12-27)
* Added MAC token support (Issue #158)
* Fixed example init code (Issue #280)
* Toggle refresh token rotation (Issue #286)
* Docblock fixes
## 4.0.5 (released 2014-12-15)
* Prevent duplicate session in auth code grant (Issue #282)
## 4.0.4 (released 2014-12-03) ## 4.0.4 (released 2014-12-03)
* Ensure refresh token hasn't expired (Issue #270) * Ensure refresh token hasn't expired (Issue #270)

15
README.md
View File

@@ -5,7 +5,7 @@
[![Build Status](https://img.shields.io/travis/thephpleague/oauth2-server/master.svg?style=flat-square)](https://travis-ci.org/thephpleague/oauth2-server) [![Build Status](https://img.shields.io/travis/thephpleague/oauth2-server/master.svg?style=flat-square)](https://travis-ci.org/thephpleague/oauth2-server)
[![Coverage Status](https://img.shields.io/scrutinizer/coverage/g/thephpleague/oauth2-server.svg?style=flat-square)](https://scrutinizer-ci.com/g/thephpleague/oauth2-server/code-structure) [![Coverage Status](https://img.shields.io/scrutinizer/coverage/g/thephpleague/oauth2-server.svg?style=flat-square)](https://scrutinizer-ci.com/g/thephpleague/oauth2-server/code-structure)
[![Quality Score](https://img.shields.io/scrutinizer/g/thephpleague/oauth2-server.svg?style=flat-square)](https://scrutinizer-ci.com/g/thephpleague/oauth2-server) [![Quality Score](https://img.shields.io/scrutinizer/g/thephpleague/oauth2-server.svg?style=flat-square)](https://scrutinizer-ci.com/g/thephpleague/oauth2-server)
[![Total Downloads](https://img.shields.io/packagist/dt/league/oauth2-server.svg?style=flat-square)](https://packagist.org/packages/league/oauth2-server) [![Total Downloads](https://img.shields.io/packagist/dt/league/oauth2-server.svg?style=flat-square)](https://packagist.org/packages/league/oauth2-server) [![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/thephpleague/oauth2-server?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
A standards compliant [OAuth 2.0](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-v2/) authorization server and resource server written in PHP which makes working with OAuth 2.0 trivial. You can easily configure an OAuth 2.0 server to protect your API with access tokens, or allow clients to request new access tokens and refresh them. A standards compliant [OAuth 2.0](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-v2/) authorization server and resource server written in PHP which makes working with OAuth 2.0 trivial. You can easily configure an OAuth 2.0 server to protect your API with access tokens, or allow clients to request new access tokens and refresh them.
@@ -22,9 +22,11 @@ You can also define your own grants.
In addition it supports the following token types: In addition it supports the following token types:
* Bearer tokens * Bearer tokens
* MAC tokens (coming soon) * MAC tokens
* JSON web tokens (coming soon) * JSON web tokens (coming soon)
You can also create you own tokens.
## Requirements ## Requirements
@@ -49,10 +51,19 @@ Contribute to this documentation in the [gh-pages branch](https://github.com/the
Please see [CONTRIBUTING](https://github.com/thephpleague/oauth2-server/blob/master/CONTRIBUTING.md) for details. Please see [CONTRIBUTING](https://github.com/thephpleague/oauth2-server/blob/master/CONTRIBUTING.md) for details.
## Integration
- [CakePHP 3](https://github.com/uafrica/oauth-server)
- [Laravel](https://github.com/lucadegasperi/oauth2-server-laravel)
## Support ## Support
Bugs and feature request are tracked on [GitHub](https://github.com/thephpleague/oauth2-server/issues) Bugs and feature request are tracked on [GitHub](https://github.com/thephpleague/oauth2-server/issues)
## Security
If you discover any security related issues, please email hello@alexbilbie.com instead of using the issue tracker.
## License ## License
This package is released under the MIT License. See the bundled [LICENSE](https://github.com/thephpleague/oauth2-server/blob/master/LICENSE) file for details. This package is released under the MIT License. See the bundled [LICENSE](https://github.com/thephpleague/oauth2-server/blob/master/LICENSE) file for details.

4
composer.json
View File

@@ -5,8 +5,8 @@
"license": "MIT", "license": "MIT",
"require": { "require": {
"php": ">=5.4.0", "php": ">=5.4.0",
"symfony/http-foundation": "~2.5", "symfony/http-foundation": "~2.4|~3.0",
"league/event": "1.0.*" "league/event": "~2.1"
}, },
"require-dev": { "require-dev": {
"phpunit/phpunit": "4.3.*", "phpunit/phpunit": "4.3.*",

2
examples/relational/Model/Users.php
View File

@@ -20,6 +20,6 @@ class Users
return $result; return $result;
} }
return null; return;
} }
} }

5
examples/relational/Storage/AccessTokenStorage.php
View File

@@ -3,7 +3,6 @@
namespace RelationalExample\Storage; namespace RelationalExample\Storage;
use Illuminate\Database\Capsule\Manager as Capsule; use Illuminate\Database\Capsule\Manager as Capsule;
use League\OAuth2\Server\Entity\AbstractTokenEntity;
use League\OAuth2\Server\Entity\AccessTokenEntity; use League\OAuth2\Server\Entity\AccessTokenEntity;
use League\OAuth2\Server\Entity\ScopeEntity; use League\OAuth2\Server\Entity\ScopeEntity;
use League\OAuth2\Server\Storage\AbstractStorage; use League\OAuth2\Server\Storage\AbstractStorage;
@@ -28,7 +27,7 @@ class AccessTokenStorage extends AbstractStorage implements AccessTokenInterface
return $token; return $token;
} }
return null; return;
} }
/** /**
@@ -87,7 +86,7 @@ class AccessTokenStorage extends AbstractStorage implements AccessTokenInterface
*/ */
public function delete(AccessTokenEntity $token) public function delete(AccessTokenEntity $token)
{ {
Capsule::table('oauth_access_token_scopes') Capsule::table('oauth_access_tokens')
->where('access_token', $token->getId()) ->where('access_token', $token->getId())
->delete(); ->delete();
} }

2
examples/relational/Storage/AuthCodeStorage.php
View File

@@ -29,7 +29,7 @@ class AuthCodeStorage extends AbstractStorage implements AuthCodeInterface
return $token; return $token;
} }
return null; return;
} }
public function create($token, $expireTime, $sessionId, $redirectUri) public function create($token, $expireTime, $sessionId, $redirectUri)

4
examples/relational/Storage/ClientStorage.php
View File

@@ -41,7 +41,7 @@ class ClientStorage extends AbstractStorage implements ClientInterface
return $client; return $client;
} }
return null; return;
} }
/** /**
@@ -65,6 +65,6 @@ class ClientStorage extends AbstractStorage implements ClientInterface
return $client; return $client;
} }
return null; return;
} }
} }

2
examples/relational/Storage/RefreshTokenStorage.php
View File

@@ -27,7 +27,7 @@ class RefreshTokenStorage extends AbstractStorage implements RefreshTokenInterfa
return $token; return $token;
} }
return null; return;
} }
/** /**

2
examples/relational/Storage/ScopeStorage.php
View File

@@ -19,7 +19,7 @@ class ScopeStorage extends AbstractStorage implements ScopeInterface
->get(); ->get();
if (count($result) === 0) { if (count($result) === 0) {
return null; return;
} }
return (new ScopeEntity($this->server))->hydrate([ return (new ScopeEntity($this->server))->hydrate([

4
examples/relational/Storage/SessionStorage.php
View File

@@ -31,7 +31,7 @@ class SessionStorage extends AbstractStorage implements SessionInterface
return $session; return $session;
} }
return null; return;
} }
/** /**
@@ -53,7 +53,7 @@ class SessionStorage extends AbstractStorage implements SessionInterface
return $session; return $session;
} }
return null; return;
} }
/** /**

27
examples/relational/api.php
View File

@@ -9,11 +9,6 @@ use RelationalExample\Storage;
include __DIR__.'/vendor/autoload.php'; include __DIR__.'/vendor/autoload.php';
// Routing setup
$request = (new Request())->createFromGlobals();
$router = new \Orno\Route\RouteCollection();
$router->setStrategy(\Orno\Route\RouteStrategyInterface::RESTFUL_STRATEGY);
// Set up the OAuth 2.0 resource server // Set up the OAuth 2.0 resource server
$sessionStorage = new Storage\SessionStorage(); $sessionStorage = new Storage\SessionStorage();
$accessTokenStorage = new Storage\AccessTokenStorage(); $accessTokenStorage = new Storage\AccessTokenStorage();
@@ -34,12 +29,14 @@ $router = new \Orno\Route\RouteCollection();
// GET /tokeninfo // GET /tokeninfo
$router->get('/tokeninfo', function (Request $request) use ($server) { $router->get('/tokeninfo', function (Request $request) use ($server) {
$accessToken = $server->getAccessToken();
$session = $server->getSessionStorage()->getByAccessToken($accessToken);
$token = [ $token = [
'owner_id' => $server->getOwnerId(), 'owner_id' => $session->getOwnerId(),
'owner_type' => $server->getOwnerType(), 'owner_type' => $session->getOwnerType(),
'access_token' => $server->getAccessToken(), 'access_token' => $accessToken,
'client_id' => $server->getClientId(), 'client_id' => $session->getClient()->getId(),
'scopes' => $server->getScopes(), 'scopes' => $accessToken->getScopes(),
]; ];
return new Response(json_encode($token)); return new Response(json_encode($token));
@@ -59,11 +56,11 @@ $router->get('/users', function (Request $request) use ($server) {
'name' => $result['name'], 'name' => $result['name'],
]; ];
if ($server->hasScope('email')) { if ($server->getAccessToken()->hasScope('email')) {
$user['email'] = $result['email']; $user['email'] = $result['email'];
} }
if ($server->hasScope('photo')) { if ($server->getAccessToken()->hasScope('photo')) {
$user['photo'] = $result['photo']; $user['photo'] = $result['photo'];
} }
@@ -74,7 +71,7 @@ $router->get('/users', function (Request $request) use ($server) {
}); });
// GET /users/{username} // GET /users/{username}
$router->get('/users/{username}', function (Request $request, $args) use ($server) { $router->get('/users/{username}', function (Request $request, Response $response, array $args) use ($server) {
$result = (new Model\Users())->get($args['username']); $result = (new Model\Users())->get($args['username']);
@@ -87,11 +84,11 @@ $router->get('/users/{username}', function (Request $request, $args) use ($serve
'name' => $result[0]['name'], 'name' => $result[0]['name'],
]; ];
if ($server->hasScope('email')) { if ($server->getAccessToken()->hasScope('email')) {
$user['email'] = $result[0]['email']; $user['email'] = $result[0]['email'];
} }
if ($server->hasScope('photo')) { if ($server->getAccessToken()->hasScope('photo')) {
$user['photo'] = $result[0]['photo']; $user['photo'] = $result[0]['photo'];
} }

14
examples/relational/config/init.php
View File

@@ -102,7 +102,7 @@ Capsule::table('oauth_scopes')->insert([
print 'Creating sessions table'.PHP_EOL; print 'Creating sessions table'.PHP_EOL;
Capsule::schema()->create('oauth_sessions', function ($table) { Capsule::schema()->create('oauth_sessions', function ($table) {
$table->increments('id'); $table->increments('id')->unsigned();
$table->string('owner_type'); $table->string('owner_type');
$table->string('owner_id'); $table->string('owner_id');
$table->string('client_id'); $table->string('client_id');
@@ -135,7 +135,7 @@ print 'Creating access tokens table'.PHP_EOL;
Capsule::schema()->create('oauth_access_tokens', function ($table) { Capsule::schema()->create('oauth_access_tokens', function ($table) {
$table->string('access_token')->primary(); $table->string('access_token')->primary();
$table->integer('session_id'); $table->integer('session_id')->unsigned();
$table->integer('expire_time'); $table->integer('expire_time');
$table->foreign('session_id')->references('id')->on('oauth_sessions')->onDelete('cascade'); $table->foreign('session_id')->references('id')->on('oauth_sessions')->onDelete('cascade');
@@ -168,7 +168,7 @@ Capsule::schema()->create('oauth_refresh_tokens', function ($table) {
$table->integer('expire_time'); $table->integer('expire_time');
$table->string('access_token'); $table->string('access_token');
$table->foreign('access_token')->references('id')->on('oauth_access_tokens')->onDelete('cascade'); $table->foreign('access_token')->references('access_token')->on('oauth_access_tokens')->onDelete('cascade');
}); });
/******************************************************************************/ /******************************************************************************/
@@ -177,7 +177,7 @@ print 'Creating auth codes table'.PHP_EOL;
Capsule::schema()->create('oauth_auth_codes', function ($table) { Capsule::schema()->create('oauth_auth_codes', function ($table) {
$table->string('auth_code')->primary(); $table->string('auth_code')->primary();
$table->integer('session_id'); $table->integer('session_id')->unsigned();
$table->integer('expire_time'); $table->integer('expire_time');
$table->string('client_redirect_uri'); $table->string('client_redirect_uri');
@@ -189,7 +189,7 @@ Capsule::schema()->create('oauth_auth_codes', function ($table) {
print 'Creating oauth access token scopes table'.PHP_EOL; print 'Creating oauth access token scopes table'.PHP_EOL;
Capsule::schema()->create('oauth_access_token_scopes', function ($table) { Capsule::schema()->create('oauth_access_token_scopes', function ($table) {
$table->increments('id'); $table->increments('id')->unsigned();
$table->string('access_token'); $table->string('access_token');
$table->string('scope'); $table->string('scope');
@@ -240,8 +240,8 @@ Capsule::schema()->create('oauth_auth_code_scopes', function ($table) {
print 'Creating oauth session scopes table'.PHP_EOL; print 'Creating oauth session scopes table'.PHP_EOL;
Capsule::schema()->create('oauth_session_scopes', function ($table) { Capsule::schema()->create('oauth_session_scopes', function ($table) {
$table->increments('id'); $table->increments('id')->unsigned();
$table->string('session_id'); $table->integer('session_id')->unsigned();
$table->string('scope'); $table->string('scope');
$table->foreign('session_id')->references('id')->on('oauth_sessions')->onDelete('cascade'); $table->foreign('session_id')->references('id')->on('oauth_sessions')->onDelete('cascade');

77
src/AbstractServer.php
View File

@@ -15,6 +15,7 @@ use League\Event\Emitter;
use League\OAuth2\Server\Storage\AccessTokenInterface; use League\OAuth2\Server\Storage\AccessTokenInterface;
use League\OAuth2\Server\Storage\AuthCodeInterface; use League\OAuth2\Server\Storage\AuthCodeInterface;
use League\OAuth2\Server\Storage\ClientInterface; use League\OAuth2\Server\Storage\ClientInterface;
use League\OAuth2\Server\Storage\MacTokenInterface;
use League\OAuth2\Server\Storage\RefreshTokenInterface; use League\OAuth2\Server\Storage\RefreshTokenInterface;
use League\OAuth2\Server\Storage\ScopeInterface; use League\OAuth2\Server\Storage\ScopeInterface;
use League\OAuth2\Server\Storage\SessionInterface; use League\OAuth2\Server\Storage\SessionInterface;
@@ -24,7 +25,6 @@ use Symfony\Component\HttpFoundation\Request;
/** /**
* OAuth 2.0 Resource Server * OAuth 2.0 Resource Server
*/ */
abstract class AbstractServer abstract class AbstractServer
{ {
/** /**
@@ -36,48 +36,61 @@ abstract class AbstractServer
/** /**
* Session storage * Session storage
*
* @var \League\OAuth2\Server\Storage\SessionInterface * @var \League\OAuth2\Server\Storage\SessionInterface
*/ */
protected $sessionStorage; protected $sessionStorage;
/** /**
* Access token storage * Access token storage
*
* @var \League\OAuth2\Server\Storage\AccessTokenInterface * @var \League\OAuth2\Server\Storage\AccessTokenInterface
*/ */
protected $accessTokenStorage; protected $accessTokenStorage;
/** /**
* Refresh token storage * Refresh token storage
*
* @var \League\OAuth2\Server\Storage\RefreshTokenInterface * @var \League\OAuth2\Server\Storage\RefreshTokenInterface
*/ */
protected $refreshTokenStorage; protected $refreshTokenStorage;
/** /**
* Auth code storage * Auth code storage
*
* @var \League\OAuth2\Server\Storage\AuthCodeInterface * @var \League\OAuth2\Server\Storage\AuthCodeInterface
*/ */
protected $authCodeStorage; protected $authCodeStorage;
/** /**
* Scope storage * Scope storage
*
* @var \League\OAuth2\Server\Storage\ScopeInterface * @var \League\OAuth2\Server\Storage\ScopeInterface
*/ */
protected $scopeStorage; protected $scopeStorage;
/** /**
* Client storage * Client storage
*
* @var \League\OAuth2\Server\Storage\ClientInterface * @var \League\OAuth2\Server\Storage\ClientInterface
*/ */
protected $clientStorage; protected $clientStorage;
/**
* @var \League\OAuth2\Server\Storage\MacTokenInterface
*/
protected $macStorage;
/** /**
* Token type * Token type
*
* @var \League\OAuth2\Server\TokenType\TokenTypeInterface * @var \League\OAuth2\Server\TokenType\TokenTypeInterface
*/ */
protected $tokenType; protected $tokenType;
/** /**
* Event emitter * Event emitter
*
* @var \League\Event\Emitter * @var \League\Event\Emitter
*/ */
protected $eventEmitter; protected $eventEmitter;
@@ -92,6 +105,7 @@ abstract class AbstractServer
/** /**
* Set an event emitter * Set an event emitter
*
* @param object $emitter Event emitter object * @param object $emitter Event emitter object
*/ */
public function setEventEmitter($emitter = null) public function setEventEmitter($emitter = null)
@@ -105,16 +119,19 @@ abstract class AbstractServer
/** /**
* Add an event listener to the event emitter * Add an event listener to the event emitter
*
* @param string $eventName Event name * @param string $eventName Event name
* @param callable $listener Callable function or method * @param callable $listener Callable function or method
* @param int $priority Priority of event listener
*/ */
public function addEventListener($eventName, callable $listener) public function addEventListener($eventName, callable $listener, $priority = Emitter::P_NORMAL)
{ {
$this->eventEmitter->addListener($eventName, $listener); $this->eventEmitter->addListener($eventName, $listener, $priority);
} }
/** /**
* Returns the event emitter * Returns the event emitter
*
* @return \League\Event\Emitter * @return \League\Event\Emitter
*/ */
public function getEventEmitter() public function getEventEmitter()
@@ -124,7 +141,9 @@ abstract class AbstractServer
/** /**
* Sets the Request Object * Sets the Request Object
*
* @param \Symfony\Component\HttpFoundation\Request The Request Object * @param \Symfony\Component\HttpFoundation\Request The Request Object
*
* @return self * @return self
*/ */
public function setRequest($request) public function setRequest($request)
@@ -136,6 +155,7 @@ abstract class AbstractServer
/** /**
* Gets the Request object. It will create one from the globals if one is not set. * Gets the Request object. It will create one from the globals if one is not set.
*
* @return \Symfony\Component\HttpFoundation\Request * @return \Symfony\Component\HttpFoundation\Request
*/ */
public function getRequest() public function getRequest()
@@ -149,7 +169,9 @@ abstract class AbstractServer
/** /**
* Set the client storage * Set the client storage
* @param \League\OAuth2\Server\Storage\ClientInterface $storage *
* @param \League\OAuth2\Server\Storage\ClientInterface $storage
*
* @return self * @return self
*/ */
public function setClientStorage(ClientInterface $storage) public function setClientStorage(ClientInterface $storage)
@@ -162,7 +184,9 @@ abstract class AbstractServer
/** /**
* Set the session storage * Set the session storage
* @param \League\OAuth2\Server\Storage\SessionInterface $storage *
* @param \League\OAuth2\Server\Storage\SessionInterface $storage
*
* @return self * @return self
*/ */
public function setSessionStorage(SessionInterface $storage) public function setSessionStorage(SessionInterface $storage)
@@ -175,7 +199,9 @@ abstract class AbstractServer
/** /**
* Set the access token storage * Set the access token storage
* @param \League\OAuth2\Server\Storage\AccessTokenInterface $storage *
* @param \League\OAuth2\Server\Storage\AccessTokenInterface $storage
*
* @return self * @return self
*/ */
public function setAccessTokenStorage(AccessTokenInterface $storage) public function setAccessTokenStorage(AccessTokenInterface $storage)
@@ -188,7 +214,9 @@ abstract class AbstractServer
/** /**
* Set the refresh token storage * Set the refresh token storage
* @param \League\OAuth2\Server\Storage\RefreshTokenInterface $storage *
* @param \League\OAuth2\Server\Storage\RefreshTokenInterface $storage
*
* @return self * @return self
*/ */
public function setRefreshTokenStorage(RefreshTokenInterface $storage) public function setRefreshTokenStorage(RefreshTokenInterface $storage)
@@ -201,7 +229,9 @@ abstract class AbstractServer
/** /**
* Set the auth code storage * Set the auth code storage
* @param \League\OAuth2\Server\Storage\AuthCodeInterface $storage *
* @param \League\OAuth2\Server\Storage\AuthCodeInterface $storage
*
* @return self * @return self
*/ */
public function setAuthCodeStorage(AuthCodeInterface $storage) public function setAuthCodeStorage(AuthCodeInterface $storage)
@@ -214,7 +244,9 @@ abstract class AbstractServer
/** /**
* Set the scope storage * Set the scope storage
* @param \League\OAuth2\Server\Storage\ScopeInterface $storage *
* @param \League\OAuth2\Server\Storage\ScopeInterface $storage
*
* @return self * @return self
*/ */
public function setScopeStorage(ScopeInterface $storage) public function setScopeStorage(ScopeInterface $storage)
@@ -227,6 +259,7 @@ abstract class AbstractServer
/** /**
* Return the client storage * Return the client storage
*
* @return \League\OAuth2\Server\Storage\ClientInterface * @return \League\OAuth2\Server\Storage\ClientInterface
*/ */
public function getClientStorage() public function getClientStorage()
@@ -236,6 +269,7 @@ abstract class AbstractServer
/** /**
* Return the scope storage * Return the scope storage
*
* @return \League\OAuth2\Server\Storage\ScopeInterface * @return \League\OAuth2\Server\Storage\ScopeInterface
*/ */
public function getScopeStorage() public function getScopeStorage()
@@ -245,6 +279,7 @@ abstract class AbstractServer
/** /**
* Return the session storage * Return the session storage
*
* @return \League\OAuth2\Server\Storage\SessionInterface * @return \League\OAuth2\Server\Storage\SessionInterface
*/ */
public function getSessionStorage() public function getSessionStorage()
@@ -254,6 +289,7 @@ abstract class AbstractServer
/** /**
* Return the refresh token storage * Return the refresh token storage
*
* @return \League\OAuth2\Server\Storage\RefreshTokenInterface * @return \League\OAuth2\Server\Storage\RefreshTokenInterface
*/ */
public function getRefreshTokenStorage() public function getRefreshTokenStorage()
@@ -263,6 +299,7 @@ abstract class AbstractServer
/** /**
* Return the access token storage * Return the access token storage
*
* @return \League\OAuth2\Server\Storage\AccessTokenInterface * @return \League\OAuth2\Server\Storage\AccessTokenInterface
*/ */
public function getAccessTokenStorage() public function getAccessTokenStorage()
@@ -272,6 +309,7 @@ abstract class AbstractServer
/** /**
* Return the auth code storage * Return the auth code storage
*
* @return \League\OAuth2\Server\Storage\AuthCodeInterface * @return \League\OAuth2\Server\Storage\AuthCodeInterface
*/ */
public function getAuthCodeStorage() public function getAuthCodeStorage()
@@ -281,7 +319,9 @@ abstract class AbstractServer
/** /**
* Set the access token type * Set the access token type
* @param TokenTypeInterface $tokenType The token type *
* @param TokenTypeInterface $tokenType The token type
*
* @return void * @return void
*/ */
public function setTokenType(TokenTypeInterface $tokenType) public function setTokenType(TokenTypeInterface $tokenType)
@@ -292,10 +332,27 @@ abstract class AbstractServer
/** /**
* Get the access token type * Get the access token type
*
* @return TokenTypeInterface * @return TokenTypeInterface
*/ */
public function getTokenType() public function getTokenType()
{ {
return $this->tokenType; return $this->tokenType;
} }
/**
* @return MacTokenInterface
*/
public function getMacStorage()
{
return $this->macStorage;
}
/**
* @param MacTokenInterface $macStorage
*/
public function setMacStorage(MacTokenInterface $macStorage)
{
$this->macStorage = $macStorage;
}
} }

51
src/AuthorizationServer.php
View File

@@ -20,50 +20,58 @@ use League\OAuth2\Server\TokenType\Bearer;
class AuthorizationServer extends AbstractServer class AuthorizationServer extends AbstractServer
{ {
/** /**
* The delimeter between scopes specified in the scope query string parameter * The delimiter between scopes specified in the scope query string parameter
* The OAuth 2 specification states it should be a space but most use a comma * The OAuth 2 specification states it should be a space but most use a comma
*
* @var string * @var string
*/ */
protected $scopeDelimiter = ' '; protected $scopeDelimiter = ' ';
/** /**
* The TTL (time to live) of an access token in seconds (default: 3600) * The TTL (time to live) of an access token in seconds (default: 3600)
*
* @var integer * @var integer
*/ */
protected $accessTokenTTL = 3600; protected $accessTokenTTL = 3600;
/** /**
* The registered grant response types * The registered grant response types
*
* @var array * @var array
*/ */
protected $responseTypes = []; protected $responseTypes = [];
/** /**
* The registered grant types * The registered grant types
*
* @var array * @var array
*/ */
protected $grantTypes = []; protected $grantTypes = [];
/** /**
* Require the "scope" parameter to be in checkAuthoriseParams() * Require the "scope" parameter to be in checkAuthoriseParams()
*
* @var boolean * @var boolean
*/ */
protected $requireScopeParam = false; protected $requireScopeParam = false;
/** /**
* Default scope(s) to be used if none is provided * Default scope(s) to be used if none is provided
*
* @var string|array * @var string|array
*/ */
protected $defaultScope; protected $defaultScope;
/** /**
* Require the "state" parameter to be in checkAuthoriseParams() * Require the "state" parameter to be in checkAuthoriseParams()
*
* @var boolean * @var boolean
*/ */
protected $requireStateParam = false; protected $requireStateParam = false;
/** /**
* Create a new OAuth2 authorization server * Create a new OAuth2 authorization server
*
* @return self * @return self
*/ */
public function __construct() public function __construct()
@@ -78,8 +86,10 @@ class AuthorizationServer extends AbstractServer
/** /**
* Enable support for a grant * Enable support for a grant
* @param GrantTypeInterface $grantType A grant class which conforms to Interface/GrantTypeInterface *
* @param null|string $identifier An identifier for the grant (autodetected if not passed) * @param GrantTypeInterface $grantType A grant class which conforms to Interface/GrantTypeInterface
* @param null|string $identifier An identifier for the grant (autodetected if not passed)
*
* @return self * @return self
*/ */
public function addGrantType(GrantTypeInterface $grantType, $identifier = null) public function addGrantType(GrantTypeInterface $grantType, $identifier = null)
@@ -102,7 +112,9 @@ class AuthorizationServer extends AbstractServer
/** /**
* Check if a grant type has been enabled * Check if a grant type has been enabled
* @param string $identifier The grant type identifier *
* @param string $identifier The grant type identifier
*
* @return boolean Returns "true" if enabled, "false" if not * @return boolean Returns "true" if enabled, "false" if not
*/ */
public function hasGrantType($identifier) public function hasGrantType($identifier)
@@ -112,6 +124,7 @@ class AuthorizationServer extends AbstractServer
/** /**
* Returns response types * Returns response types
*
* @return array * @return array
*/ */
public function getResponseTypes() public function getResponseTypes()
@@ -121,7 +134,9 @@ class AuthorizationServer extends AbstractServer
/** /**
* Require the "scope" parameter in checkAuthoriseParams() * Require the "scope" parameter in checkAuthoriseParams()
* @param boolean $require *
* @param boolean $require
*
* @return self * @return self
*/ */
public function requireScopeParam($require = true) public function requireScopeParam($require = true)
@@ -133,6 +148,7 @@ class AuthorizationServer extends AbstractServer
/** /**
* Is the scope parameter required? * Is the scope parameter required?
*
* @return bool * @return bool
*/ */
public function scopeParamRequired() public function scopeParamRequired()
@@ -142,7 +158,9 @@ class AuthorizationServer extends AbstractServer
/** /**
* Default scope to be used if none is provided and requireScopeParam() is false * Default scope to be used if none is provided and requireScopeParam() is false
*
* @param string $default Name of the default scope * @param string $default Name of the default scope
*
* @return self * @return self
*/ */
public function setDefaultScope($default = null) public function setDefaultScope($default = null)
@@ -154,6 +172,7 @@ class AuthorizationServer extends AbstractServer
/** /**
* Default scope to be used if none is provided and requireScopeParam is false * Default scope to be used if none is provided and requireScopeParam is false
*
* @return string|null * @return string|null
*/ */
public function getDefaultScope() public function getDefaultScope()
@@ -162,7 +181,8 @@ class AuthorizationServer extends AbstractServer
} }
/** /**
* Require the "state" paremter in checkAuthoriseParams() * Require the "state" parameter in checkAuthoriseParams()
*
* @return bool * @return bool
*/ */
public function stateParamRequired() public function stateParamRequired()
@@ -171,8 +191,10 @@ class AuthorizationServer extends AbstractServer
} }
/** /**
* Require the "state" paremter in checkAuthoriseParams() * Require the "state" parameter in checkAuthoriseParams()
* @param boolean $require *
* @param boolean $require
*
* @return self * @return self
*/ */
public function requireStateParam($require = true) public function requireStateParam($require = true)
@@ -184,6 +206,7 @@ class AuthorizationServer extends AbstractServer
/** /**
* Get the scope delimiter * Get the scope delimiter
*
* @return string The scope delimiter (default: ",") * @return string The scope delimiter (default: ",")
*/ */
public function getScopeDelimiter() public function getScopeDelimiter()
@@ -193,7 +216,9 @@ class AuthorizationServer extends AbstractServer
/** /**
* Set the scope delimiter * Set the scope delimiter
*
* @param string $scopeDelimiter * @param string $scopeDelimiter
*
* @return self * @return self
*/ */
public function setScopeDelimiter($scopeDelimiter = ' ') public function setScopeDelimiter($scopeDelimiter = ' ')
@@ -205,6 +230,7 @@ class AuthorizationServer extends AbstractServer
/** /**
* Get the TTL for an access token * Get the TTL for an access token
*
* @return int The TTL * @return int The TTL
*/ */
public function getAccessTokenTTL() public function getAccessTokenTTL()
@@ -214,7 +240,9 @@ class AuthorizationServer extends AbstractServer
/** /**
* Set the TTL for an access token * Set the TTL for an access token
*
* @param int $accessTokenTTL The new TTL * @param int $accessTokenTTL The new TTL
*
* @return self * @return self
*/ */
public function setAccessTokenTTL($accessTokenTTL = 3600) public function setAccessTokenTTL($accessTokenTTL = 3600)
@@ -226,7 +254,9 @@ class AuthorizationServer extends AbstractServer
/** /**
* Issue an access token * Issue an access token
*
* @return array Authorise request parameters * @return array Authorise request parameters
*
* @throws * @throws
*/ */
public function issueAccessToken() public function issueAccessToken()
@@ -247,8 +277,11 @@ class AuthorizationServer extends AbstractServer
/** /**
* Return a grant type class * Return a grant type class
* @param string $grantType The grant type identifier *
* @param string $grantType The grant type identifier
*
* @return Grant\GrantTypeInterface * @return Grant\GrantTypeInterface
*
* @throws * @throws
*/ */
public function getGrantType($grantType) public function getGrantType($grantType)

33
src/Entity/AbstractTokenEntity.php
View File

@@ -21,37 +21,44 @@ abstract class AbstractTokenEntity
{ {
/** /**
* Token identifier * Token identifier
*
* @var string * @var string
*/ */
protected $id; protected $id;
/** /**
* Associated session * Associated session
*
* @var \League\OAuth2\Server\Entity\SessionEntity * @var \League\OAuth2\Server\Entity\SessionEntity
*/ */
protected $session; protected $session;
/** /**
* Session scopes * Session scopes
*
* @var \League\OAuth2\Server\Entity\ScopeEntity[] * @var \League\OAuth2\Server\Entity\ScopeEntity[]
*/ */
protected $scopes; protected $scopes;
/** /**
* Token expire time * Token expire time
*
* @var int * @var int
*/ */
protected $expireTime = 0; protected $expireTime = 0;
/** /**
* Authorization or resource server * Authorization or resource server
*
* @var \League\OAuth2\Server\AbstractServer * @var \League\OAuth2\Server\AbstractServer
*/ */
protected $server; protected $server;
/** /**
* __construct * __construct
* @param \League\OAuth2\Server\AbstractServer $server *
* @param \League\OAuth2\Server\AbstractServer $server
*
* @return self * @return self
*/ */
public function __construct(AbstractServer $server) public function __construct(AbstractServer $server)
@@ -63,7 +70,9 @@ abstract class AbstractTokenEntity
/** /**
* Set session * Set session
* @param \League\OAuth2\Server\Entity\SessionEntity $session *
* @param \League\OAuth2\Server\Entity\SessionEntity $session
*
* @return self * @return self
*/ */
public function setSession(SessionEntity $session) public function setSession(SessionEntity $session)
@@ -75,7 +84,9 @@ abstract class AbstractTokenEntity
/** /**
* Set the expire time of the token * Set the expire time of the token
* @param integer $expireTime Unix time stamp *
* @param integer $expireTime Unix time stamp
*
* @return self * @return self
*/ */
public function setExpireTime($expireTime) public function setExpireTime($expireTime)
@@ -87,6 +98,7 @@ abstract class AbstractTokenEntity
/** /**
* Return token expire time * Return token expire time
*
* @return int * @return int
*/ */
public function getExpireTime() public function getExpireTime()
@@ -96,6 +108,7 @@ abstract class AbstractTokenEntity
/** /**
* Is the token expired? * Is the token expired?
*
* @return bool * @return bool
*/ */
public function isExpired() public function isExpired()
@@ -105,7 +118,9 @@ abstract class AbstractTokenEntity
/** /**
* Set token ID * Set token ID
* @param string $id Token ID *
* @param string $id Token ID
*
* @return self * @return self
*/ */
public function setId($id = null) public function setId($id = null)
@@ -117,6 +132,7 @@ abstract class AbstractTokenEntity
/** /**
* Get the token ID * Get the token ID
*
* @return string * @return string
*/ */
public function getId() public function getId()
@@ -126,7 +142,9 @@ abstract class AbstractTokenEntity
/** /**
* Associate a scope * Associate a scope
* @param \League\OAuth2\Server\Entity\ScopeEntity $scope *
* @param \League\OAuth2\Server\Entity\ScopeEntity $scope
*
* @return self * @return self
*/ */
public function associateScope(ScopeEntity $scope) public function associateScope(ScopeEntity $scope)
@@ -140,7 +158,9 @@ abstract class AbstractTokenEntity
/** /**
* Format the local scopes array * Format the local scopes array
*
* @param \League\OAuth2\Server\Entity\ScopeEntity[] * @param \League\OAuth2\Server\Entity\ScopeEntity[]
*
* @return array * @return array
*/ */
protected function formatScopes($unformatted = []) protected function formatScopes($unformatted = [])
@@ -161,6 +181,7 @@ abstract class AbstractTokenEntity
/** /**
* Returns the token as a string if the object is cast as a string * Returns the token as a string if the object is cast as a string
*
* @return string * @return string
*/ */
public function __toString() public function __toString()
@@ -174,12 +195,14 @@ abstract class AbstractTokenEntity
/** /**
* Expire the token * Expire the token
*
* @return void * @return void
*/ */
abstract public function expire(); abstract public function expire();
/** /**
* Save the token * Save the token
*
* @return void * @return void
*/ */
abstract public function save(); abstract public function save();

6
src/Entity/AccessTokenEntity.php
View File

@@ -18,6 +18,7 @@ class AccessTokenEntity extends AbstractTokenEntity
{ {
/** /**
* Get session * Get session
*
* @return \League\OAuth2\Server\Entity\SessionEntity * @return \League\OAuth2\Server\Entity\SessionEntity
*/ */
public function getSession() public function getSession()
@@ -33,7 +34,9 @@ class AccessTokenEntity extends AbstractTokenEntity
/** /**
* Check if access token has an associated scope * Check if access token has an associated scope
* @param string $scope Scope to check *
* @param string $scope Scope to check
*
* @return bool * @return bool
*/ */
public function hasScope($scope) public function hasScope($scope)
@@ -47,6 +50,7 @@ class AccessTokenEntity extends AbstractTokenEntity
/** /**
* Return all scopes associated with the access token * Return all scopes associated with the access token
*
* @return \League\OAuth2\Server\Entity\ScopeEntity[] * @return \League\OAuth2\Server\Entity\ScopeEntity[]
*/ */
public function getScopes() public function getScopes()

16
src/Entity/AuthCodeEntity.php
View File

@@ -12,19 +12,22 @@
namespace League\OAuth2\Server\Entity; namespace League\OAuth2\Server\Entity;
/** /**
* Access token entity class * Auth Code entity class
*/ */
class AuthCodeEntity extends AbstractTokenEntity class AuthCodeEntity extends AbstractTokenEntity
{ {
/** /**
* Redirect URI * Redirect URI
*
* @var string * @var string
*/ */
protected $redirectUri = ''; protected $redirectUri = '';
/** /**
* Set the redirect URI for the authorization request * Set the redirect URI for the authorization request
* @param string $redirectUri *
* @param string $redirectUri
*
* @return self * @return self
*/ */
public function setRedirectUri($redirectUri) public function setRedirectUri($redirectUri)
@@ -36,6 +39,7 @@ class AuthCodeEntity extends AbstractTokenEntity
/** /**
* Get the redirect URI * Get the redirect URI
*
* @return string * @return string
*/ */
public function getRedirectUri() public function getRedirectUri()
@@ -45,8 +49,10 @@ class AuthCodeEntity extends AbstractTokenEntity
/** /**
* Generate a redirect URI * Generate a redirect URI
* @param string $state The state parameter if set by the client *
* @param string $queryDelimeter The query delimiter ('?' for auth code grant, '#' for implicit grant) * @param string $state The state parameter if set by the client
* @param string $queryDelimeter The query delimiter ('?' for auth code grant, '#' for implicit grant)
*
* @return string * @return string
*/ */
public function generateRedirectUri($state = null, $queryDelimeter = '?') public function generateRedirectUri($state = null, $queryDelimeter = '?')
@@ -62,6 +68,7 @@ class AuthCodeEntity extends AbstractTokenEntity
/** /**
* Get session * Get session
*
* @return \League\OAuth2\Server\Entity\SessionEntity * @return \League\OAuth2\Server\Entity\SessionEntity
*/ */
public function getSession() public function getSession()
@@ -77,6 +84,7 @@ class AuthCodeEntity extends AbstractTokenEntity
/** /**
* Return all scopes associated with the session * Return all scopes associated with the session
*
* @return \League\OAuth2\Server\Entity\ScopeEntity[] * @return \League\OAuth2\Server\Entity\ScopeEntity[]
*/ */
public function getScopes() public function getScopes()

13
src/Entity/ClientEntity.php
View File

@@ -22,37 +22,44 @@ class ClientEntity
/** /**
* Client identifier * Client identifier
*
* @var string * @var string
*/ */
protected $id = null; protected $id = null;
/** /**
* Client secret * Client secret
*
* @var string * @var string
*/ */
protected $secret = null; protected $secret = null;
/** /**
* Client name * Client name
*
* @var string * @var string
*/ */
protected $name = null; protected $name = null;
/** /**
* Client redirect URI * Client redirect URI
*
* @var string * @var string
*/ */
protected $redirectUri = null; protected $redirectUri = null;
/** /**
* Authorization or resource server * Authorization or resource server
*
* @var \League\OAuth2\Server\AbstractServer * @var \League\OAuth2\Server\AbstractServer
*/ */
protected $server; protected $server;
/** /**
* __construct * __construct
* @param \League\OAuth2\Server\AbstractServer $server *
* @param \League\OAuth2\Server\AbstractServer $server
*
* @return self * @return self
*/ */
public function __construct(AbstractServer $server) public function __construct(AbstractServer $server)
@@ -64,6 +71,7 @@ class ClientEntity
/** /**
* Return the client identifier * Return the client identifier
*
* @return string * @return string
*/ */
public function getId() public function getId()
@@ -73,6 +81,7 @@ class ClientEntity
/** /**
* Return the client secret * Return the client secret
*
* @return string * @return string
*/ */
public function getSecret() public function getSecret()
@@ -82,6 +91,7 @@ class ClientEntity
/** /**
* Get the client name * Get the client name
*
* @return string * @return string
*/ */
public function getName() public function getName()
@@ -91,6 +101,7 @@ class ClientEntity
/** /**
* Returnt the client redirect URI * Returnt the client redirect URI
*
* @return string * @return string
*/ */
public function getRedirectUri() public function getRedirectUri()

2
src/Entity/EntityTrait.php
View File

@@ -15,7 +15,9 @@ trait EntityTrait
{ {
/** /**
* Hydrate an entity with properites * Hydrate an entity with properites
*
* @param array $properties * @param array $properties
*
* @return self * @return self
*/ */
public function hydrate(array $properties) public function hydrate(array $properties)

11
src/Entity/RefreshTokenEntity.php
View File

@@ -18,19 +18,23 @@ class RefreshTokenEntity extends AbstractTokenEntity
{ {
/** /**
* Access token associated to refresh token * Access token associated to refresh token
*
* @var \League\OAuth2\Server\Entity\AccessTokenEntity * @var \League\OAuth2\Server\Entity\AccessTokenEntity
*/ */
protected $accessTokenEntity; protected $accessTokenEntity;
/** /**
* Id of the access token * Id of the access token
*
* @var string * @var string
*/ */
protected $accessTokenId; protected $accessTokenId;
/** /**
* Set the ID of the associated access token * Set the ID of the associated access token
* @param string $accessTokenId *
* @param string $accessTokenId
*
* @return self * @return self
*/ */
public function setAccessTokenId($accessTokenId) public function setAccessTokenId($accessTokenId)
@@ -42,7 +46,9 @@ class RefreshTokenEntity extends AbstractTokenEntity
/** /**
* Associate an access token * Associate an access token
* @param \League\OAuth2\Server\Entity\AccessTokenEntity $accessTokenEntity *
* @param \League\OAuth2\Server\Entity\AccessTokenEntity $accessTokenEntity
*
* @return self * @return self
*/ */
public function setAccessToken(AccessTokenEntity $accessTokenEntity) public function setAccessToken(AccessTokenEntity $accessTokenEntity)
@@ -54,6 +60,7 @@ class RefreshTokenEntity extends AbstractTokenEntity
/** /**
* Return access token * Return access token
*
* @return AccessTokenEntity * @return AccessTokenEntity
*/ */
public function getAccessToken() public function getAccessToken()

10
src/Entity/ScopeEntity.php
View File

@@ -22,25 +22,30 @@ class ScopeEntity implements \JsonSerializable
/** /**
* Scope identifier * Scope identifier
*
* @var string * @var string
*/ */
protected $id; protected $id;
/** /**
* Scope description * Scope description
*
* @var string * @var string
*/ */
protected $description; protected $description;
/** /**
* Authorization or resource server * Authorization or resource server
*
* @var \League\OAuth2\Server\AbstractServer * @var \League\OAuth2\Server\AbstractServer
*/ */
protected $server; protected $server;
/** /**
* __construct * __construct
* @param \League\OAuth2\Server\AbstractServer $server *
* @param \League\OAuth2\Server\AbstractServer $server
*
* @return self * @return self
*/ */
public function __construct(AbstractServer $server) public function __construct(AbstractServer $server)
@@ -52,6 +57,7 @@ class ScopeEntity implements \JsonSerializable
/** /**
* Return the scope identifer * Return the scope identifer
*
* @return string * @return string
*/ */
public function getId() public function getId()
@@ -61,6 +67,7 @@ class ScopeEntity implements \JsonSerializable
/** /**
* Return the scope's description * Return the scope's description
*
* @return string * @return string
*/ */
public function getDescription() public function getDescription()
@@ -70,6 +77,7 @@ class ScopeEntity implements \JsonSerializable
/** /**
* Returns a JSON object when entity is passed into json_encode * Returns a JSON object when entity is passed into json_encode
*
* @return array * @return array
*/ */
public function jsonSerialize() public function jsonSerialize()

51
src/Entity/SessionEntity.php
View File

@@ -21,61 +21,72 @@ class SessionEntity
{ {
/** /**
* Session identifier * Session identifier
*
* @var string * @var string
*/ */
protected $id; protected $id;
/** /**
* Client identifier * Client identifier
*
* @var \League\OAuth2\Server\Entity\ClientEntity * @var \League\OAuth2\Server\Entity\ClientEntity
*/ */
protected $client; protected $client;
/** /**
* Session owner identifier * Session owner identifier
*
* @var string * @var string
*/ */
protected $ownerId; protected $ownerId;
/** /**
* Session owner type (e.g. "user") * Session owner type (e.g. "user")
*
* @var string * @var string
*/ */
protected $ownerType; protected $ownerType;
/** /**
* Auth code * Auth code
*
* @var \League\OAuth2\Server\Entity\AuthCodeEntity * @var \League\OAuth2\Server\Entity\AuthCodeEntity
*/ */
protected $authCode; protected $authCode;
/** /**
* Access token * Access token
*
* @var \League\OAuth2\Server\Entity\AccessTokenEntity * @var \League\OAuth2\Server\Entity\AccessTokenEntity
*/ */
protected $accessToken; protected $accessToken;
/** /**
* Refresh token * Refresh token
*
* @var \League\OAuth2\Server\Entity\RefreshTokenEntity * @var \League\OAuth2\Server\Entity\RefreshTokenEntity
*/ */
protected $refreshToken; protected $refreshToken;
/** /**
* Session scopes * Session scopes
*
* @var \Symfony\Component\HttpFoundation\ParameterBag * @var \Symfony\Component\HttpFoundation\ParameterBag
*/ */
protected $scopes; protected $scopes;
/** /**
* Authorization or resource server * Authorization or resource server
*
* @var \League\OAuth2\Server\AuthorizationServer|\League\OAuth2\Server\ResourceServer * @var \League\OAuth2\Server\AuthorizationServer|\League\OAuth2\Server\ResourceServer
*/ */
protected $server; protected $server;
/** /**
* __construct * __construct
* @param \League\OAuth2\Server\AbstractServer $server *
* @param \League\OAuth2\Server\AbstractServer $server
*
* @return self * @return self
*/ */
public function __construct(AbstractServer $server) public function __construct(AbstractServer $server)
@@ -87,7 +98,9 @@ class SessionEntity
/** /**
* Set the session identifier * Set the session identifier
* @param string $id *
* @param string $id
*
* @return self * @return self
*/ */
public function setId($id) public function setId($id)
@@ -99,6 +112,7 @@ class SessionEntity
/** /**
* Return the session identifier * Return the session identifier
*
* @return string * @return string
*/ */
public function getId() public function getId()
@@ -108,7 +122,9 @@ class SessionEntity
/** /**
* Associate a scope * Associate a scope
* @param \League\OAuth2\Server\Entity\ScopeEntity $scope *
* @param \League\OAuth2\Server\Entity\ScopeEntity $scope
*
* @return self * @return self
*/ */
public function associateScope(ScopeEntity $scope) public function associateScope(ScopeEntity $scope)
@@ -122,7 +138,9 @@ class SessionEntity
/** /**
* Check if access token has an associated scope * Check if access token has an associated scope
* @param string $scope Scope to check *
* @param string $scope Scope to check
*
* @return bool * @return bool
*/ */
public function hasScope($scope) public function hasScope($scope)
@@ -136,6 +154,7 @@ class SessionEntity
/** /**
* Return all scopes associated with the session * Return all scopes associated with the session
*
* @return \League\OAuth2\Server\Entity\ScopeEntity[] * @return \League\OAuth2\Server\Entity\ScopeEntity[]
*/ */
public function getScopes() public function getScopes()
@@ -149,7 +168,9 @@ class SessionEntity
/** /**
* Format the local scopes array * Format the local scopes array
*
* @param \League\OAuth2\Server\Entity\Scope[] * @param \League\OAuth2\Server\Entity\Scope[]
*
* @return array * @return array
*/ */
private function formatScopes($unformatted = []) private function formatScopes($unformatted = [])
@@ -168,7 +189,9 @@ class SessionEntity
/** /**
* Associate an access token with the session * Associate an access token with the session
* @param \League\OAuth2\Server\Entity\AccessTokenEntity $accessToken *
* @param \League\OAuth2\Server\Entity\AccessTokenEntity $accessToken
*
* @return self * @return self
*/ */
public function associateAccessToken(AccessTokenEntity $accessToken) public function associateAccessToken(AccessTokenEntity $accessToken)
@@ -180,7 +203,9 @@ class SessionEntity
/** /**
* Associate a refresh token with the session * Associate a refresh token with the session
* @param \League\OAuth2\Server\Entity\RefreshTokenEntity $refreshToken *
* @param \League\OAuth2\Server\Entity\RefreshTokenEntity $refreshToken
*
* @return self * @return self
*/ */
public function associateRefreshToken(RefreshTokenEntity $refreshToken) public function associateRefreshToken(RefreshTokenEntity $refreshToken)
@@ -192,7 +217,9 @@ class SessionEntity
/** /**
* Associate a client with the session * Associate a client with the session
* @param \League\OAuth2\Server\Entity\ClientEntity $client The client *
* @param \League\OAuth2\Server\Entity\ClientEntity $client The client
*
* @return self * @return self
*/ */
public function associateClient(ClientEntity $client) public function associateClient(ClientEntity $client)
@@ -204,6 +231,7 @@ class SessionEntity
/** /**
* Return the session client * Return the session client
*
* @return \League\OAuth2\Server\Entity\ClientEntity * @return \League\OAuth2\Server\Entity\ClientEntity
*/ */
public function getClient() public function getClient()
@@ -219,8 +247,10 @@ class SessionEntity
/** /**
* Set the session owner * Set the session owner
* @param string $type The type of the owner (e.g. user, app) *
* @param string $id The identifier of the owner * @param string $type The type of the owner (e.g. user, app)
* @param string $id The identifier of the owner
*
* @return self * @return self
*/ */
public function setOwner($type, $id) public function setOwner($type, $id)
@@ -235,6 +265,7 @@ class SessionEntity
/** /**
* Return session owner identifier * Return session owner identifier
*
* @return string * @return string
*/ */
public function getOwnerId() public function getOwnerId()
@@ -244,6 +275,7 @@ class SessionEntity
/** /**
* Return session owner type * Return session owner type
*
* @return string * @return string
*/ */
public function getOwnerType() public function getOwnerType()
@@ -253,6 +285,7 @@ class SessionEntity
/** /**
* Save the session * Save the session
*
* @return void * @return void
*/ */
public function save() public function save()

4
src/Event/ClientAuthenticationFailedEvent.php
View File

@@ -18,12 +18,14 @@ class ClientAuthenticationFailedEvent extends AbstractEvent
{ {
/** /**
* Request * Request
*
* @var \Symfony\Component\HttpFoundation\Request * @var \Symfony\Component\HttpFoundation\Request
*/ */
private $request; private $request;
/** /**
* Init the event with a request * Init the event with a request
*
* @param \Symfony\Component\HttpFoundation\Request $request * @param \Symfony\Component\HttpFoundation\Request $request
*/ */
public function __construct(Request $request) public function __construct(Request $request)
@@ -33,6 +35,7 @@ class ClientAuthenticationFailedEvent extends AbstractEvent
/** /**
* The name of the event * The name of the event
*
* @return string * @return string
*/ */
public function getName() public function getName()
@@ -42,6 +45,7 @@ class ClientAuthenticationFailedEvent extends AbstractEvent
/** /**
* Return request * Return request
*
* @return \Symfony\Component\HttpFoundation\Request * @return \Symfony\Component\HttpFoundation\Request
*/ */
public function getRequest() public function getRequest()

4
src/Event/SessionOwnerEvent.php
View File

@@ -18,12 +18,14 @@ class SessionOwnerEvent extends AbstractEvent
{ {
/** /**
* Session entity * Session entity
*
* @var \League\OAuth2\Server\Entity\SessionEntity * @var \League\OAuth2\Server\Entity\SessionEntity
*/ */
private $session; private $session;
/** /**
* Init the event with a session * Init the event with a session
*
* @param \League\OAuth2\Server\Entity\SessionEntity $session * @param \League\OAuth2\Server\Entity\SessionEntity $session
*/ */
public function __construct(SessionEntity $session) public function __construct(SessionEntity $session)
@@ -33,6 +35,7 @@ class SessionOwnerEvent extends AbstractEvent
/** /**
* The name of the event * The name of the event
*
* @return string * @return string
*/ */
public function getName() public function getName()
@@ -42,6 +45,7 @@ class SessionOwnerEvent extends AbstractEvent
/** /**
* Return session * Return session
*
* @return \League\OAuth2\Server\Entity\SessionEntity * @return \League\OAuth2\Server\Entity\SessionEntity
*/ */
public function getSession() public function getSession()

4
src/Event/UserAuthenticationFailedEvent.php
View File

@@ -18,12 +18,14 @@ class UserAuthenticationFailedEvent extends AbstractEvent
{ {
/** /**
* Request * Request
*
* @var \Symfony\Component\HttpFoundation\Request * @var \Symfony\Component\HttpFoundation\Request
*/ */
private $request; private $request;
/** /**
* Init the event with a request * Init the event with a request
*
* @param \Symfony\Component\HttpFoundation\Request $request * @param \Symfony\Component\HttpFoundation\Request $request
*/ */
public function __construct(Request $request) public function __construct(Request $request)
@@ -33,6 +35,7 @@ class UserAuthenticationFailedEvent extends AbstractEvent
/** /**
* The name of the event * The name of the event
*
* @return string * @return string
*/ */
public function getName() public function getName()
@@ -42,6 +45,7 @@ class UserAuthenticationFailedEvent extends AbstractEvent
/** /**
* Return request * Return request
*
* @return \Symfony\Component\HttpFoundation\Request * @return \Symfony\Component\HttpFoundation\Request
*/ */
public function getRequest() public function getRequest()

1
src/Exception/InvalidGrantException.php
View File

@@ -32,6 +32,7 @@ class InvalidGrantException extends OAuthException
public function __construct($parameter) public function __construct($parameter)
{ {
$this->parameter = $parameter;
parent::__construct( parent::__construct(
sprintf( sprintf(
'The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client. Check the "%s" parameter.', 'The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client. Check the "%s" parameter.',

1
src/Exception/InvalidRequestException.php
View File

@@ -32,6 +32,7 @@ class InvalidRequestException extends OAuthException
public function __construct($parameter, $redirectUri = null) public function __construct($parameter, $redirectUri = null)
{ {
$this->parameter = $parameter;
parent::__construct( parent::__construct(
sprintf( sprintf(
'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the "%s" parameter.', 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the "%s" parameter.',

1
src/Exception/InvalidScopeException.php
View File

@@ -32,6 +32,7 @@ class InvalidScopeException extends OAuthException
public function __construct($parameter, $redirectUri = null) public function __construct($parameter, $redirectUri = null)
{ {
$this->parameter = $parameter;
parent::__construct( parent::__construct(
sprintf( sprintf(
'The requested scope is invalid, unknown, or malformed. Check the "%s" scope.', 'The requested scope is invalid, unknown, or malformed. Check the "%s" scope.',

20
src/Exception/OAuthException.php
View File

@@ -26,6 +26,7 @@ class OAuthException extends \Exception
/** /**
* Redirect URI if the server should redirect back to the client * Redirect URI if the server should redirect back to the client
*
* @var string|null * @var string|null
*/ */
public $redirectUri = null; public $redirectUri = null;
@@ -35,8 +36,14 @@ class OAuthException extends \Exception
*/ */
public $errorType = ''; public $errorType = '';
/**
* Parameter eventually passed to Exception
*/
public $parameter = '';
/** /**
* Throw a new exception * Throw a new exception
*
* @param string $msg Exception Message * @param string $msg Exception Message
*/ */
public function __construct($msg = 'An error occured') public function __construct($msg = 'An error occured')
@@ -46,6 +53,7 @@ class OAuthException extends \Exception
/** /**
* Should the server redirect back to the client? * Should the server redirect back to the client?
*
* @return bool * @return bool
*/ */
public function shouldRedirect() public function shouldRedirect()
@@ -55,6 +63,7 @@ class OAuthException extends \Exception
/** /**
* Return redirect URI if set * Return redirect URI if set
*
* @return string|null * @return string|null
*/ */
public function getRedirectUri() public function getRedirectUri()
@@ -68,8 +77,19 @@ class OAuthException extends \Exception
); );
} }
/**
* Return parameter if set
*
* @return string
*/
public function getParameter()
{
return $this->parameter;
}
/** /**
* Get all headers that have to be send with the error response * Get all headers that have to be send with the error response
*
* @return array Array with header values * @return array Array with header values
*/ */
public function getHttpHeaders() public function getHttpHeaders()

2
src/Exception/ServerErrorException.php
View File

@@ -31,7 +31,9 @@ class ServerErrorException extends OAuthException
*/ */
public function __construct($parameter = null) public function __construct($parameter = null)
{ {
$this->parameter = $parameter;
$parameter = is_null($parameter) ? 'The authorization server encountered an unexpected condition which prevented it from fulfilling the request.' : $parameter; $parameter = is_null($parameter) ? 'The authorization server encountered an unexpected condition which prevented it from fulfilling the request.' : $parameter;
parent::__construct($parameter); parent::__construct($parameter);
} }
} }

1
src/Exception/UnsupportedGrantTypeException.php
View File

@@ -32,6 +32,7 @@ class UnsupportedGrantTypeException extends OAuthException
public function __construct($parameter) public function __construct($parameter)
{ {
$this->parameter = $parameter;
parent::__construct( parent::__construct(
sprintf( sprintf(
'The authorization grant type "%s" is not supported by the authorization server.', 'The authorization grant type "%s" is not supported by the authorization server.',

1
src/Exception/UnsupportedResponseTypeException.php
View File

@@ -31,6 +31,7 @@ class UnsupportedResponseTypeException extends OAuthException
*/ */
public function __construct($parameter, $redirectUri = null) public function __construct($parameter, $redirectUri = null)
{ {
$this->parameter = $parameter;
parent::__construct('The authorization server does not support obtaining an access token using this method.'); parent::__construct('The authorization server does not support obtaining an access token using this method.');
$this->redirectUri = $redirectUri; $this->redirectUri = $redirectUri;
} }

21
src/Grant/AbstractGrant.php
View File

@@ -23,30 +23,35 @@ abstract class AbstractGrant implements GrantTypeInterface
{ {
/** /**
* Grant identifier * Grant identifier
*
* @var string * @var string
*/ */
protected $identifier = ''; protected $identifier = '';
/** /**
* Response type * Response type
*
* @var string * @var string
*/ */
protected $responseType; protected $responseType;
/** /**
* Callback to authenticate a user's name and password * Callback to authenticate a user's name and password
*
* @var callable * @var callable
*/ */
protected $callback; protected $callback;
/** /**
* AuthServer instance * AuthServer instance
*
* @var \League\OAuth2\Server\AuthorizationServer * @var \League\OAuth2\Server\AuthorizationServer
*/ */
protected $server; protected $server;
/** /**
* Access token expires in override * Access token expires in override
*
* @var int * @var int
*/ */
protected $accessTokenTTL; protected $accessTokenTTL;
@@ -79,6 +84,7 @@ abstract class AbstractGrant implements GrantTypeInterface
/** /**
* Get the TTL for an access token * Get the TTL for an access token
*
* @return int The TTL * @return int The TTL
*/ */
public function getAccessTokenTTL() public function getAccessTokenTTL()
@@ -92,7 +98,9 @@ abstract class AbstractGrant implements GrantTypeInterface
/** /**
* Override the default access token expire time * Override the default access token expire time
* @param int $accessTokenTTL *
* @param int $accessTokenTTL
*
* @return self * @return self
*/ */
public function setAccessTokenTTL($accessTokenTTL) public function setAccessTokenTTL($accessTokenTTL)
@@ -114,10 +122,13 @@ abstract class AbstractGrant implements GrantTypeInterface
/** /**
* Given a list of scopes, validate them and return an array of Scope entities * Given a list of scopes, validate them and return an array of Scope entities
* @param string $scopeParam A string of scopes (e.g. "profile email birthday") *
* @param \League\OAuth2\Server\Entity\ClientEntity $client Client entity * @param string $scopeParam A string of scopes (e.g. "profile email birthday")
* @param string|null $redirectUri The redirect URI to return the user to * @param \League\OAuth2\Server\Entity\ClientEntity $client Client entity
* @param string|null $redirectUri The redirect URI to return the user to
*
* @return \League\OAuth2\Server\Entity\ScopeEntity[] * @return \League\OAuth2\Server\Entity\ScopeEntity[]
*
* @throws \League\OAuth2\Server\Exception\InvalidScopeException If scope is invalid, or no scopes passed when required * @throws \League\OAuth2\Server\Exception\InvalidScopeException If scope is invalid, or no scopes passed when required
* @throws * @throws
*/ */
@@ -167,7 +178,9 @@ abstract class AbstractGrant implements GrantTypeInterface
/** /**
* Format the local scopes array * Format the local scopes array
*
* @param \League\OAuth2\Server\Entity\ScopeEntity[] * @param \League\OAuth2\Server\Entity\ScopeEntity[]
*
* @return array * @return array
*/ */
protected function formatScopes($unformated = []) protected function formatScopes($unformated = [])

55
src/Grant/AuthCodeGrant.php
View File

@@ -27,37 +27,52 @@ class AuthCodeGrant extends AbstractGrant
{ {
/** /**
* Grant identifier * Grant identifier
*
* @var string * @var string
*/ */
protected $identifier = 'authorization_code'; protected $identifier = 'authorization_code';
/** /**
* Response type * Response type
*
* @var string * @var string
*/ */
protected $responseType = 'code'; protected $responseType = 'code';
/** /**
* AuthServer instance * AuthServer instance
*
* @var \League\OAuth2\Server\AuthorizationServer * @var \League\OAuth2\Server\AuthorizationServer
*/ */
protected $server = null; protected $server = null;
/** /**
* Access token expires in override * Access token expires in override
*
* @var int * @var int
*/ */
protected $accessTokenTTL = null; protected $accessTokenTTL = null;
/** /**
* The TTL of the auth token * The TTL of the auth token
*
* @var integer * @var integer
*/ */
protected $authTokenTTL = 600; protected $authTokenTTL = 600;
/**
* Whether to require the client secret when
* completing the flow.
*
* @var boolean
*/
protected $requireClientSecret = true;
/** /**
* Override the default access token expire time * Override the default access token expire time
* @param int $authTokenTTL *
* @param int $authTokenTTL
*
* @return void * @return void
*/ */
public function setAuthTokenTTL($authTokenTTL) public function setAuthTokenTTL($authTokenTTL)
@@ -65,6 +80,27 @@ class AuthCodeGrant extends AbstractGrant
$this->authTokenTTL = $authTokenTTL; $this->authTokenTTL = $authTokenTTL;
} }
/**
*
* @param bool $required True to require client secret during access
* token request. False if not. Default = true
*/
public function setRequireClientSecret($required)
{
$this->requireClientSecret = $required;
}
/**
* True if client secret is required during
* access token request. False if it isn't.
*
* @return bool
*/
public function shouldRequireClientSecret()
{
return $this->requireClientSecret;
}
/** /**
* Check authorize parameters * Check authorize parameters
* *
@@ -129,9 +165,10 @@ class AuthCodeGrant extends AbstractGrant
/** /**
* Parse a new authorize request * Parse a new authorize request
* *
* @param string $type The session owner's type * @param string $type The session owner's type
* @param string $typeId The session owner's ID * @param string $typeId The session owner's ID
* @param array $authParams The authorize request $_GET parameters * @param array $authParams The authorize request $_GET parameters
*
* @return string An authorisation code * @return string An authorisation code
*/ */
public function newAuthorizeRequest($type, $typeId, $authParams = []) public function newAuthorizeRequest($type, $typeId, $authParams = [])
@@ -140,7 +177,6 @@ class AuthCodeGrant extends AbstractGrant
$session = new SessionEntity($this->server); $session = new SessionEntity($this->server);
$session->setOwner($type, $typeId); $session->setOwner($type, $typeId);
$session->associateClient($authParams['client']); $session->associateClient($authParams['client']);
$session->save();
// Create a new auth code // Create a new auth code
$authCode = new AuthCodeEntity($this->server); $authCode = new AuthCodeEntity($this->server);
@@ -150,8 +186,10 @@ class AuthCodeGrant extends AbstractGrant
foreach ($authParams['scopes'] as $scope) { foreach ($authParams['scopes'] as $scope) {
$authCode->associateScope($scope); $authCode->associateScope($scope);
$session->associateScope($scope);
} }
$session->save();
$authCode->setSession($session); $authCode->setSession($session);
$authCode->save(); $authCode->save();
@@ -160,7 +198,9 @@ class AuthCodeGrant extends AbstractGrant
/** /**
* Complete the auth code grant * Complete the auth code grant
*
* @return array * @return array
*
* @throws * @throws
*/ */
public function completeFlow() public function completeFlow()
@@ -173,7 +213,7 @@ class AuthCodeGrant extends AbstractGrant
$clientSecret = $this->server->getRequest()->request->get('client_secret', $clientSecret = $this->server->getRequest()->request->get('client_secret',
$this->server->getRequest()->getPassword()); $this->server->getRequest()->getPassword());
if (is_null($clientSecret)) { if ($this->shouldRequireClientSecret() && is_null($clientSecret)) {
throw new Exception\InvalidRequestException('client_secret'); throw new Exception\InvalidRequestException('client_secret');
} }
@@ -250,7 +290,6 @@ class AuthCodeGrant extends AbstractGrant
$code->expire(); $code->expire();
// Save all the things // Save all the things
$session->save();
$accessToken->setSession($session); $accessToken->setSession($session);
$accessToken->save(); $accessToken->save();
@@ -261,4 +300,4 @@ class AuthCodeGrant extends AbstractGrant
return $this->server->getTokenType()->generateResponse(); return $this->server->getTokenType()->generateResponse();
} }
} }

6
src/Grant/ClientCredentialsGrant.php
View File

@@ -25,31 +25,37 @@ class ClientCredentialsGrant extends AbstractGrant
{ {
/** /**
* Grant identifier * Grant identifier
*
* @var string * @var string
*/ */
protected $identifier = 'client_credentials'; protected $identifier = 'client_credentials';
/** /**
* Response type * Response type
*
* @var string * @var string
*/ */
protected $responseType = null; protected $responseType = null;
/** /**
* AuthServer instance * AuthServer instance
*
* @var \League\OAuth2\Server\AuthorizationServer * @var \League\OAuth2\Server\AuthorizationServer
*/ */
protected $server = null; protected $server = null;
/** /**
* Access token expires in override * Access token expires in override
*
* @var int * @var int
*/ */
protected $accessTokenTTL = null; protected $accessTokenTTL = null;
/** /**
* Complete the client credentials grant * Complete the client credentials grant
*
* @return array * @return array
*
* @throws * @throws
*/ */
public function completeFlow() public function completeFlow()

11
src/Grant/GrantTypeInterface.php
View File

@@ -20,32 +20,39 @@ interface GrantTypeInterface
{ {
/** /**
* Return the identifier * Return the identifier
*
* @return string * @return string
*/ */
public function getIdentifier(); public function getIdentifier();
/** /**
* Return the identifier * Return the identifier
* @param string $identifier *
* @param string $identifier
*
* @return self * @return self
*/ */
public function setIdentifier($identifier); public function setIdentifier($identifier);
/** /**
* Return the response type * Return the response type
*
* @return string * @return string
*/ */
public function getResponseType(); public function getResponseType();
/** /**
* Inject the authorization server into the grant * Inject the authorization server into the grant
* @param \League\OAuth2\Server\AuthorizationServer $server The authorization server instance *
* @param \League\OAuth2\Server\AuthorizationServer $server The authorization server instance
*
* @return self * @return self
*/ */
public function setAuthorizationServer(AuthorizationServer $server); public function setAuthorizationServer(AuthorizationServer $server);
/** /**
* Complete the grant flow * Complete the grant flow
*
* @return array * @return array
*/ */
public function completeFlow(); public function completeFlow();

12
src/Grant/PasswordGrant.php
View File

@@ -26,31 +26,37 @@ class PasswordGrant extends AbstractGrant
{ {
/** /**
* Grant identifier * Grant identifier
*
* @var string * @var string
*/ */
protected $identifier = 'password'; protected $identifier = 'password';
/** /**
* Response type * Response type
*
* @var string * @var string
*/ */
protected $responseType; protected $responseType;
/** /**
* Callback to authenticate a user's name and password * Callback to authenticate a user's name and password
*
* @var callable * @var callable
*/ */
protected $callback; protected $callback;
/** /**
* Access token expires in override * Access token expires in override
*
* @var int * @var int
*/ */
protected $accessTokenTTL; protected $accessTokenTTL;
/** /**
* Set the callback to verify a user's username and password * Set the callback to verify a user's username and password
* @param callable $callback The callback function *
* @param callable $callback The callback function
*
* @return void * @return void
*/ */
public function setVerifyCredentialsCallback(callable $callback) public function setVerifyCredentialsCallback(callable $callback)
@@ -60,7 +66,9 @@ class PasswordGrant extends AbstractGrant
/** /**
* Return the callback function * Return the callback function
*
* @return callable * @return callable
*
* @throws * @throws
*/ */
protected function getVerifyCredentialsCallback() protected function getVerifyCredentialsCallback()
@@ -74,7 +82,9 @@ class PasswordGrant extends AbstractGrant
/** /**
* Complete the password grant * Complete the password grant
*
* @return array * @return array
*
* @throws * @throws
*/ */
public function completeFlow() public function completeFlow()

90
src/Grant/RefreshTokenGrant.php
View File

@@ -19,7 +19,7 @@ use League\OAuth2\Server\Exception;
use League\OAuth2\Server\Util\SecureKey; use League\OAuth2\Server\Util\SecureKey;
/** /**
* Referesh token grant * Refresh token grant
*/ */
class RefreshTokenGrant extends AbstractGrant class RefreshTokenGrant extends AbstractGrant
{ {
@@ -30,13 +30,31 @@ class RefreshTokenGrant extends AbstractGrant
/** /**
* Refresh token TTL (default = 604800 | 1 week) * Refresh token TTL (default = 604800 | 1 week)
*
* @var integer * @var integer
*/ */
protected $refreshTokenTTL = 604800; protected $refreshTokenTTL = 604800;
/**
* Rotate token (default = true)
*
* @var integer
*/
protected $refreshTokenRotate = true;
/**
* Whether to require the client secret when
* completing the flow.
*
* @var boolean
*/
protected $requireClientSecret = true;
/** /**
* Set the TTL of the refresh token * Set the TTL of the refresh token
* @param int $refreshTokenTTL *
* @param int $refreshTokenTTL
*
* @return void * @return void
*/ */
public function setRefreshTokenTTL($refreshTokenTTL) public function setRefreshTokenTTL($refreshTokenTTL)
@@ -46,6 +64,7 @@ class RefreshTokenGrant extends AbstractGrant
/** /**
* Get the TTL of the refresh token * Get the TTL of the refresh token
*
* @return int * @return int
*/ */
public function getRefreshTokenTTL() public function getRefreshTokenTTL()
@@ -53,6 +72,47 @@ class RefreshTokenGrant extends AbstractGrant
return $this->refreshTokenTTL; return $this->refreshTokenTTL;
} }
/**
* Set the rotation boolean of the refresh token
* @param bool $refreshTokenRotate
*/
public function setRefreshTokenRotation($refreshTokenRotate = true)
{
$this->refreshTokenRotate = $refreshTokenRotate;
}
/**
* Get rotation boolean of the refresh token
*
* @return bool
*/
public function shouldRotateRefreshTokens()
{
return $this->refreshTokenRotate;
}
/**
*
* @param bool $required True to require client secret during access
* token request. False if not. Default = true
*/
public function setRequireClientSecret($required)
{
$this->requireClientSecret = $required;
}
/**
* True if client secret is required during
* access token request. False if it isn't.
*
* @return bool
*/
public function shouldRequireClientSecret()
{
return $this->requireClientSecret;
}
/** /**
* {@inheritdoc} * {@inheritdoc}
*/ */
@@ -65,7 +125,7 @@ class RefreshTokenGrant extends AbstractGrant
$clientSecret = $this->server->getRequest()->request->get('client_secret', $clientSecret = $this->server->getRequest()->request->get('client_secret',
$this->server->getRequest()->getPassword()); $this->server->getRequest()->getPassword());
if (is_null($clientSecret)) { if ($this->shouldRequireClientSecret() && is_null($clientSecret)) {
throw new Exception\InvalidRequestException('client_secret'); throw new Exception\InvalidRequestException('client_secret');
} }
@@ -142,18 +202,22 @@ class RefreshTokenGrant extends AbstractGrant
$this->server->getTokenType()->setParam('access_token', $newAccessToken->getId()); $this->server->getTokenType()->setParam('access_token', $newAccessToken->getId());
$this->server->getTokenType()->setParam('expires_in', $this->getAccessTokenTTL()); $this->server->getTokenType()->setParam('expires_in', $this->getAccessTokenTTL());
// Expire the old refresh token if ($this->shouldRotateRefreshTokens()) {
$oldRefreshToken->expire(); // Expire the old refresh token
$oldRefreshToken->expire();
// Generate a new refresh token // Generate a new refresh token
$newRefreshToken = new RefreshTokenEntity($this->server); $newRefreshToken = new RefreshTokenEntity($this->server);
$newRefreshToken->setId(SecureKey::generate()); $newRefreshToken->setId(SecureKey::generate());
$newRefreshToken->setExpireTime($this->getRefreshTokenTTL() + time()); $newRefreshToken->setExpireTime($this->getRefreshTokenTTL() + time());
$newRefreshToken->setAccessToken($newAccessToken); $newRefreshToken->setAccessToken($newAccessToken);
$newRefreshToken->save(); $newRefreshToken->save();
$this->server->getTokenType()->setParam('refresh_token', $newRefreshToken->getId()); $this->server->getTokenType()->setParam('refresh_token', $newRefreshToken->getId());
} else {
$this->server->getTokenType()->setParam('refresh_token', $oldRefreshToken->getId());
}
return $this->server->getTokenType()->generateResponse(); return $this->server->getTokenType()->generateResponse();
} }
} }

53
src/ResourceServer.php
View File

@@ -12,11 +12,14 @@
namespace League\OAuth2\Server; namespace League\OAuth2\Server;
use League\OAuth2\Server\Entity\AccessTokenEntity; use League\OAuth2\Server\Entity\AccessTokenEntity;
use League\OAuth2\Server\Exception\AccessDeniedException;
use League\OAuth2\Server\Exception\InvalidRequestException;
use League\OAuth2\Server\Storage\AccessTokenInterface; use League\OAuth2\Server\Storage\AccessTokenInterface;
use League\OAuth2\Server\Storage\ClientInterface; use League\OAuth2\Server\Storage\ClientInterface;
use League\OAuth2\Server\Storage\ScopeInterface; use League\OAuth2\Server\Storage\ScopeInterface;
use League\OAuth2\Server\Storage\SessionInterface; use League\OAuth2\Server\Storage\SessionInterface;
use League\OAuth2\Server\TokenType\Bearer; use League\OAuth2\Server\TokenType\Bearer;
use League\OAuth2\Server\TokenType\MAC;
/** /**
* OAuth 2.0 Resource Server * OAuth 2.0 Resource Server
@@ -25,22 +28,26 @@ class ResourceServer extends AbstractServer
{ {
/** /**
* The access token * The access token
*
* @var \League\OAuth2\Server\Entity\AccessTokenEntity * @var \League\OAuth2\Server\Entity\AccessTokenEntity
*/ */
protected $accessToken; protected $accessToken;
/** /**
* The query string key which is used by clients to present the access token (default: access_token) * The query string key which is used by clients to present the access token (default: access_token)
*
* @var string * @var string
*/ */
protected $tokenKey = 'access_token'; protected $tokenKey = 'access_token';
/** /**
* Initialise the resource server * Initialise the resource server
* @param SessionInterface $sessionStorage *
* @param AccessTokenInterface $accessTokenStorage * @param \League\OAuth2\Server\Storage\SessionInterface $sessionStorage
* @param ClientInterface $clientStorage * @param \League\OAuth2\Server\Storage\AccessTokenInterface $accessTokenStorage
* @param ScopeInterface $scopeStorage * @param \League\OAuth2\Server\Storage\ClientInterface $clientStorage
* @param \League\OAuth2\Server\Storage\ScopeInterface $scopeStorage
*
* @return self * @return self
*/ */
public function __construct( public function __construct(
@@ -64,7 +71,9 @@ class ResourceServer extends AbstractServer
/** /**
* Sets the query string key for the access token. * Sets the query string key for the access token.
*
* @param string $key The new query string key * @param string $key The new query string key
*
* @return self * @return self
*/ */
public function setIdKey($key) public function setIdKey($key)
@@ -76,6 +85,7 @@ class ResourceServer extends AbstractServer
/** /**
* Gets the access token * Gets the access token
*
* @return \League\OAuth2\Server\Entity\AccessTokenEntity * @return \League\OAuth2\Server\Entity\AccessTokenEntity
*/ */
public function getAccessToken() public function getAccessToken()
@@ -85,31 +95,33 @@ class ResourceServer extends AbstractServer
/** /**
* Checks if the access token is valid or not * Checks if the access token is valid or not
* @param bool $headersOnly Limit Access Token to Authorization header only *
* @param AccessTokenEntity|null $accessToken Access Token * @param bool $headerOnly Limit Access Token to Authorization header
* @param \League\OAuth2\Server\Entity\AccessTokenEntity|null $accessToken Access Token
*
* @throws \League\OAuth2\Server\Exception\AccessDeniedException
* @throws \League\OAuth2\Server\Exception\InvalidRequestException
* *
* @return bool * @return bool
*
* @throws
*/ */
public function isValidRequest($headersOnly = true, $accessToken = null) public function isValidRequest($headerOnly = true, $accessToken = null)
{ {
$accessTokenString = ($accessToken !== null) $accessTokenString = ($accessToken !== null)
? $accessToken ? $accessToken
: $this->determineAccessToken($headersOnly); : $this->determineAccessToken($headerOnly);
// Set the access token // Set the access token
$this->accessToken = $this->getAccessTokenStorage()->get($accessTokenString); $this->accessToken = $this->getAccessTokenStorage()->get($accessTokenString);
// Ensure the access token exists // Ensure the access token exists
if (!$this->accessToken instanceof AccessTokenEntity) { if (!$this->accessToken instanceof AccessTokenEntity) {
throw new Exception\AccessDeniedException(); throw new AccessDeniedException();
} }
// Check the access token hasn't expired // Check the access token hasn't expired
// Ensure the auth code hasn't expired // Ensure the auth code hasn't expired
if ($this->accessToken->isExpired() === true) { if ($this->accessToken->isExpired() === true) {
throw new Exception\AccessDeniedException(); throw new AccessDeniedException();
} }
return true; return true;
@@ -117,22 +129,27 @@ class ResourceServer extends AbstractServer
/** /**
* Reads in the access token from the headers * Reads in the access token from the headers
* @param bool $headersOnly Limit Access Token to Authorization header only *
* @throws Exception\InvalidRequestException Thrown if there is no access token presented * @param bool $headerOnly Limit Access Token to Authorization header
*
* @throws \League\OAuth2\Server\Exception\InvalidRequestException Thrown if there is no access token presented
*
* @return string * @return string
*/ */
public function determineAccessToken($headersOnly = false) public function determineAccessToken($headerOnly = false)
{ {
if ($this->getRequest()->headers->get('Authorization') !== null) { $authHeader = $this->getRequest()->headers->get('Authorization');
if (!empty($authHeader)) {
$accessToken = $this->getTokenType()->determineAccessTokenInHeader($this->getRequest()); $accessToken = $this->getTokenType()->determineAccessTokenInHeader($this->getRequest());
} elseif ($headersOnly === false) { } elseif ($headerOnly === false && (! $this->getTokenType() instanceof MAC)) {
$accessToken = ($this->getRequest()->server->get('REQUEST_METHOD') === 'GET') $accessToken = ($this->getRequest()->server->get('REQUEST_METHOD') === 'GET')
? $this->getRequest()->query->get($this->tokenKey) ? $this->getRequest()->query->get($this->tokenKey)
: $this->getRequest()->request->get($this->tokenKey); : $this->getRequest()->request->get($this->tokenKey);
} }
if (empty($accessToken)) { if (empty($accessToken)) {
throw new Exception\InvalidRequestException('access token'); throw new InvalidRequestException('access token');
} }
return $accessToken; return $accessToken;

4
src/Storage/AbstractStorage.php
View File

@@ -20,13 +20,16 @@ abstract class AbstractStorage implements StorageInterface
{ {
/** /**
* Server * Server
*
* @var \League\OAuth2\Server\AbstractServer $server * @var \League\OAuth2\Server\AbstractServer $server
*/ */
protected $server; protected $server;
/** /**
* Set the server * Set the server
*
* @param \League\OAuth2\Server\AbstractServer $server * @param \League\OAuth2\Server\AbstractServer $server
*
* @return self * @return self
*/ */
public function setServer(AbstractServer $server) public function setServer(AbstractServer $server)
@@ -38,6 +41,7 @@ abstract class AbstractStorage implements StorageInterface
/** /**
* Return the server * Return the server
*
* @return \League\OAuth2\Server\AbstractServer * @return \League\OAuth2\Server\AbstractServer
*/ */
protected function getServer() protected function getServer()

32
src/Storage/AccessTokenInterface.php
View File

@@ -21,38 +21,48 @@ interface AccessTokenInterface extends StorageInterface
{ {
/** /**
* Get an instance of Entity\AccessTokenEntity * Get an instance of Entity\AccessTokenEntity
* @param string $token The access token *
* @return \League\OAuth2\Server\Entity\AccessTokenEntity * @param string $token The access token
*
* @return \League\OAuth2\Server\Entity\AccessTokenEntity | null
*/ */
public function get($token); public function get($token);
/** /**
* Get the scopes for an access token * Get the scopes for an access token
* @param \League\OAuth2\Server\Entity\AccessTokenEntity $token The access token *
* @return array Array of \League\OAuth2\Server\Entity\ScopeEntity * @param \League\OAuth2\Server\Entity\AccessTokenEntity $token The access token
*
* @return \League\OAuth2\Server\Entity\ScopeEntity[] Array of \League\OAuth2\Server\Entity\ScopeEntity
*/ */
public function getScopes(AccessTokenEntity $token); public function getScopes(AccessTokenEntity $token);
/** /**
* Creates a new access token * Creates a new access token
* @param string $token The access token *
* @param integer $expireTime The expire time expressed as a unix timestamp * @param string $token The access token
* @param string|integer $sessionId The session ID * @param integer $expireTime The expire time expressed as a unix timestamp
* @return \League\OAuth2\Server\Entity\AccessTokenEntity * @param string|integer $sessionId The session ID
*
* @return void
*/ */
public function create($token, $expireTime, $sessionId); public function create($token, $expireTime, $sessionId);
/** /**
* Associate a scope with an acess token * Associate a scope with an acess token
* @param \League\OAuth2\Server\Entity\AccessTokenEntity $token The access token *
* @param \League\OAuth2\Server\Entity\ScopeEntity $scope The scope * @param \League\OAuth2\Server\Entity\AccessTokenEntity $token The access token
* @param \League\OAuth2\Server\Entity\ScopeEntity $scope The scope
*
* @return void * @return void
*/ */
public function associateScope(AccessTokenEntity $token, ScopeEntity $scope); public function associateScope(AccessTokenEntity $token, ScopeEntity $scope);
/** /**
* Delete an access token * Delete an access token
* @param \League\OAuth2\Server\Entity\AccessTokenEntity $token The access token to delete *
* @param \League\OAuth2\Server\Entity\AccessTokenEntity $token The access token to delete
*
* @return void * @return void
*/ */
public function delete(AccessTokenEntity $token); public function delete(AccessTokenEntity $token);

23
src/Storage/AuthCodeInterface.php
View File

@@ -21,13 +21,16 @@ interface AuthCodeInterface extends StorageInterface
{ {
/** /**
* Get the auth code * Get the auth code
* @param string $code *
* @return \League\OAuth2\Server\Entity\AuthCodeEntity * @param string $code
*
* @return \League\OAuth2\Server\Entity\AuthCodeEntity | null
*/ */
public function get($code); public function get($code);
/** /**
* Create an auth code. * Create an auth code.
*
* @param string $token The token ID * @param string $token The token ID
* @param integer $expireTime Token expire time * @param integer $expireTime Token expire time
* @param integer $sessionId Session identifier * @param integer $sessionId Session identifier
@@ -39,22 +42,28 @@ interface AuthCodeInterface extends StorageInterface
/** /**
* Get the scopes for an access token * Get the scopes for an access token
* @param \League\OAuth2\Server\Entity\AuthCodeEntity $token The auth code *
* @return array Array of \League\OAuth2\Server\Entity\ScopeEntity * @param \League\OAuth2\Server\Entity\AuthCodeEntity $token The auth code
*
* @return \League\OAuth2\Server\Entity\ScopeEntity[] Array of \League\OAuth2\Server\Entity\ScopeEntity
*/ */
public function getScopes(AuthCodeEntity $token); public function getScopes(AuthCodeEntity $token);
/** /**
* Associate a scope with an acess token * Associate a scope with an acess token
* @param \League\OAuth2\Server\Entity\AuthCodeEntity $token The auth code *
* @param \League\OAuth2\Server\Entity\ScopeEntity $scope The scope * @param \League\OAuth2\Server\Entity\AuthCodeEntity $token The auth code
* @param \League\OAuth2\Server\Entity\ScopeEntity $scope The scope
*
* @return void * @return void
*/ */
public function associateScope(AuthCodeEntity $token, ScopeEntity $scope); public function associateScope(AuthCodeEntity $token, ScopeEntity $scope);
/** /**
* Delete an access token * Delete an access token
* @param \League\OAuth2\Server\Entity\AuthCodeEntity $token The access token to delete *
* @param \League\OAuth2\Server\Entity\AuthCodeEntity $token The access token to delete
*
* @return void * @return void
*/ */
public function delete(AuthCodeEntity $token); public function delete(AuthCodeEntity $token);

18
src/Storage/ClientInterface.php
View File

@@ -20,18 +20,22 @@ interface ClientInterface extends StorageInterface
{ {
/** /**
* Validate a client * Validate a client
* @param string $clientId The client's ID *
* @param string $clientSecret The client's secret (default = "null") * @param string $clientId The client's ID
* @param string $redirectUri The client's redirect URI (default = "null") * @param string $clientSecret The client's secret (default = "null")
* @param string $grantType The grant type used (default = "null") * @param string $redirectUri The client's redirect URI (default = "null")
* @return \League\OAuth2\Server\Entity\ClientEntity * @param string $grantType The grant type used (default = "null")
*
* @return \League\OAuth2\Server\Entity\ClientEntity | null
*/ */
public function get($clientId, $clientSecret = null, $redirectUri = null, $grantType = null); public function get($clientId, $clientSecret = null, $redirectUri = null, $grantType = null);
/** /**
* Get the client associated with a session * Get the client associated with a session
* @param \League\OAuth2\Server\Entity\SessionEntity $session The session *
* @return \League\OAuth2\Server\Entity\ClientEntity * @param \League\OAuth2\Server\Entity\SessionEntity $session The session
*
* @return \League\OAuth2\Server\Entity\ClientEntity | null
*/ */
public function getBySession(SessionEntity $session); public function getBySession(SessionEntity $session);
} }

34
src/Storage/MacTokenInterface.php Normal file
View File

@@ -0,0 +1,34 @@
<?php
/**
* OAuth 2.0 MAC Token Interface
*
* @package league/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
* @link https://github.com/thephpleague/oauth2-server
*/
namespace League\OAuth2\Server\Storage;
/**
* MacTokenInterface
*/
interface MacTokenInterface extends StorageInterface
{
/**
* Create a MAC key linked to an access token
* @param string $macKey
* @param string $accessToken
* @return void
*/
public function create($macKey, $accessToken);
/**
* Get a MAC key by access token
* @param string $accessToken
* @return string
*/
public function getByAccessToken($accessToken);
}

18
src/Storage/RefreshTokenInterface.php
View File

@@ -20,23 +20,29 @@ interface RefreshTokenInterface extends StorageInterface
{ {
/** /**
* Return a new instance of \League\OAuth2\Server\Entity\RefreshTokenEntity * Return a new instance of \League\OAuth2\Server\Entity\RefreshTokenEntity
* @param string $token *
* @return \League\OAuth2\Server\Entity\RefreshTokenEntity * @param string $token
*
* @return \League\OAuth2\Server\Entity\RefreshTokenEntity | null
*/ */
public function get($token); public function get($token);
/** /**
* Create a new refresh token_name * Create a new refresh token_name
* @param string $token *
* @param integer $expireTime * @param string $token
* @param string $accessToken * @param integer $expireTime
* @param string $accessToken
*
* @return \League\OAuth2\Server\Entity\RefreshTokenEntity * @return \League\OAuth2\Server\Entity\RefreshTokenEntity
*/ */
public function create($token, $expireTime, $accessToken); public function create($token, $expireTime, $accessToken);
/** /**
* Delete the refresh token * Delete the refresh token
* @param \League\OAuth2\Server\Entity\RefreshTokenEntity $token *
* @param \League\OAuth2\Server\Entity\RefreshTokenEntity $token
*
* @return void * @return void
*/ */
public function delete(RefreshTokenEntity $token); public function delete(RefreshTokenEntity $token);

10
src/Storage/ScopeInterface.php
View File

@@ -18,10 +18,12 @@ interface ScopeInterface extends StorageInterface
{ {
/** /**
* Return information about a scope * Return information about a scope
* @param string $scope The scope *
* @param string $grantType The grant type used in the request (default = "null") * @param string $scope The scope
* @param string $clientId The client sending the request (default = "null") * @param string $grantType The grant type used in the request (default = "null")
* @return \League\OAuth2\Server\Entity\ScopeEntity * @param string $clientId The client sending the request (default = "null")
*
* @return \League\OAuth2\Server\Entity\ScopeEntity | null
*/ */
public function get($scope, $grantType = null, $clientId = null); public function get($scope, $grantType = null, $clientId = null);
} }

32
src/Storage/SessionInterface.php
View File

@@ -23,39 +23,49 @@ interface SessionInterface extends StorageInterface
{ {
/** /**
* Get a session from an access token * Get a session from an access token
* @param \League\OAuth2\Server\Entity\AccessTokenEntity $accessToken The access token *
* @return \League\OAuth2\Server\Entity\SessionEntity * @param \League\OAuth2\Server\Entity\AccessTokenEntity $accessToken The access token
*
* @return \League\OAuth2\Server\Entity\SessionEntity | null
*/ */
public function getByAccessToken(AccessTokenEntity $accessToken); public function getByAccessToken(AccessTokenEntity $accessToken);
/** /**
* Get a session from an auth code * Get a session from an auth code
* @param \League\OAuth2\Server\Entity\AuthCodeEntity $authCode The auth code *
* @return \League\OAuth2\Server\Entity\SessionEntity * @param \League\OAuth2\Server\Entity\AuthCodeEntity $authCode The auth code
*
* @return \League\OAuth2\Server\Entity\SessionEntity | null
*/ */
public function getByAuthCode(AuthCodeEntity $authCode); public function getByAuthCode(AuthCodeEntity $authCode);
/** /**
* Get a session's scopes * Get a session's scopes
*
* @param \League\OAuth2\Server\Entity\SessionEntity * @param \League\OAuth2\Server\Entity\SessionEntity
* @return array Array of \League\OAuth2\Server\Entity\ScopeEntity *
* @return \League\OAuth2\Server\Entity\ScopeEntity[] Array of \League\OAuth2\Server\Entity\ScopeEntity
*/ */
public function getScopes(SessionEntity $session); public function getScopes(SessionEntity $session);
/** /**
* Create a new session * Create a new session
* @param string $ownerType Session owner's type (user, client) *
* @param string $ownerId Session owner's ID * @param string $ownerType Session owner's type (user, client)
* @param string $clientId Client ID * @param string $ownerId Session owner's ID
* @param string $clientRedirectUri Client redirect URI (default = null) * @param string $clientId Client ID
* @param string $clientRedirectUri Client redirect URI (default = null)
*
* @return integer The session's ID * @return integer The session's ID
*/ */
public function create($ownerType, $ownerId, $clientId, $clientRedirectUri = null); public function create($ownerType, $ownerId, $clientId, $clientRedirectUri = null);
/** /**
* Associate a scope with a session * Associate a scope with a session
* @param \League\OAuth2\Server\Entity\SessionEntity $session The session *
* @param \League\OAuth2\Server\Entity\ScopeEntity $scope The scope * @param \League\OAuth2\Server\Entity\SessionEntity $session The session
* @param \League\OAuth2\Server\Entity\ScopeEntity $scope The scope
*
* @return void * @return void
*/ */
public function associateScope(SessionEntity $session, ScopeEntity $scope); public function associateScope(SessionEntity $session, ScopeEntity $scope);

1
src/Storage/StorageInterface.php
View File

@@ -20,6 +20,7 @@ interface StorageInterface
{ {
/** /**
* Set the server * Set the server
*
* @param \League\OAuth2\Server\AbstractServer $server * @param \League\OAuth2\Server\AbstractServer $server
*/ */
public function setServer(AbstractServer $server); public function setServer(AbstractServer $server);

3
src/TokenType/AbstractTokenType.php
View File

@@ -18,18 +18,21 @@ abstract class AbstractTokenType
{ {
/** /**
* Response array * Response array
*
* @var array * @var array
*/ */
protected $response = []; protected $response = [];
/** /**
* Server * Server
*
* @var \League\OAuth2\Server\AbstractServer $server * @var \League\OAuth2\Server\AbstractServer $server
*/ */
protected $server; protected $server;
/** /**
* Server * Server
*
* @var \League\OAuth2\Server\Entity\SessionEntity $session * @var \League\OAuth2\Server\Entity\SessionEntity $session
*/ */
protected $session; protected $session;

13
src/TokenType/Bearer.php
View File

@@ -38,9 +38,16 @@ class Bearer extends AbstractTokenType implements TokenTypeInterface
*/ */
public function determineAccessTokenInHeader(Request $request) public function determineAccessTokenInHeader(Request $request)
{ {
$header = $request->headers->get('Authorization'); if ($request->headers->has('Authorization') === false) {
$accessToken = trim(preg_replace('/^(?:\s+)?Bearer\s/', '', $header)); return;
}
return ($accessToken === 'Bearer') ? '' : $accessToken; $header = $request->headers->get('Authorization');
if (substr($header, 0, 7) !== 'Bearer ') {
return;
}
return trim(substr($header, 7));
} }
} }

156
src/TokenType/MAC.php Normal file
View File

@@ -0,0 +1,156 @@
<?php
/**
* OAuth 2.0 MAC Token Type
*
* @package league/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
* @link https://github.com/thephpleague/oauth2-server
*/
namespace League\OAuth2\Server\TokenType;
use League\OAuth2\Server\Util\SecureKey;
use Symfony\Component\HttpFoundation\ParameterBag;
use Symfony\Component\HttpFoundation\Request;
/**
* MAC Token Type
*/
class MAC extends AbstractTokenType implements TokenTypeInterface
{
/**
* {@inheritdoc}
*/
public function generateResponse()
{
$macKey = SecureKey::generate();
$this->server->getMacStorage()->create($macKey, $this->getParam('access_token'));
$response = [
'access_token' => $this->getParam('access_token'),
'token_type' => 'mac',
'expires_in' => $this->getParam('expires_in'),
'mac_key' => $macKey,
'mac_algorithm' => 'hmac-sha-256',
];
if (!is_null($this->getParam('refresh_token'))) {
$response['refresh_token'] = $this->getParam('refresh_token');
}
return $response;
}
/**
* {@inheritdoc}
*/
public function determineAccessTokenInHeader(Request $request)
{
if ($request->headers->has('Authorization') === false) {
return;
}
$header = $request->headers->get('Authorization');
if (substr($header, 0, 4) !== 'MAC ') {
return;
}
// Find all the parameters expressed in the header
$paramsRaw = explode(',', substr($header, 4));
$params = new ParameterBag();
array_map(function ($param) use (&$params) {
$param = trim($param);
preg_match_all('/([a-zA-Z]*)="([\w=\/+]*)"/', $param, $matches);
// @codeCoverageIgnoreStart
if (count($matches) !== 3) {
return;
}
// @codeCoverageIgnoreEnd
$key = reset($matches[1]);
$value = trim(reset($matches[2]));
if (empty($value)) {
return;
}
$params->set($key, $value);
}, $paramsRaw);
// Validate parameters
if ($params->has('id') === false || $params->has('ts') === false || $params->has('nonce') === false || $params->has('mac') === false) {
return;
}
if (abs($params->get('ts') - time()) > 300) {
return;
}
$accessToken = $params->get('id');
$timestamp = (int) $params->get('ts');
$nonce = $params->get('nonce');
$signature = $params->get('mac');
// Try to find the MAC key for the access token
$macKey = $this->server->getMacStorage()->getByAccessToken($accessToken);
if ($macKey === null) {
return;
}
// Calculate and compare the signature
$calculatedSignatureParts = [
$timestamp,
$nonce,
strtoupper($request->getMethod()),
$request->getRequestUri(),
$request->getHost(),
$request->getPort(),
];
if ($params->has('ext')) {
$calculatedSignatureParts[] = $params->get('ext');
}
$calculatedSignature = base64_encode(
hash_hmac(
'sha256',
implode("\n", $calculatedSignatureParts),
$macKey,
true // raw_output: outputs raw binary data
)
);
// Return the access token if the signature matches
return ($this->hash_equals($calculatedSignature, $signature)) ? $accessToken : null;
}
/**
* Prevent timing attack
* @param string $knownString
* @param string $userString
* @return bool
*/
private function hash_equals($knownString, $userString)
{
if (function_exists('\hash_equals')) {
return \hash_equals($knownString, $userString);
}
if (strlen($knownString) !== strlen($userString)) {
return false;
}
$len = strlen($knownString);
$result = 0;
for ($i = 0; $i < $len; $i++) {
$result |= (ord($knownString[$i]) ^ ord($userString[$i]));
}
// They are only identical strings if $result is exactly 0...
return 0 === $result;
}
}

13
src/TokenType/TokenTypeInterface.php
View File

@@ -19,19 +19,23 @@ interface TokenTypeInterface
{ {
/** /**
* Generate a response * Generate a response
*
* @return array * @return array
*/ */
public function generateResponse(); public function generateResponse();
/** /**
* Set the server * Set the server
*
* @param \League\OAuth2\Server\AbstractServer $server * @param \League\OAuth2\Server\AbstractServer $server
*
* @return self * @return self
*/ */
public function setServer(AbstractServer $server); public function setServer(AbstractServer $server);
/** /**
* Set a key/value response pair * Set a key/value response pair
*
* @param string $key * @param string $key
* @param mixed $value * @param mixed $value
*/ */
@@ -39,20 +43,25 @@ interface TokenTypeInterface
/** /**
* Get a key from the response array * Get a key from the response array
* @param string $key *
* @param string $key
*
* @return mixed * @return mixed
*/ */
public function getParam($key); public function getParam($key);
/** /**
* @param \League\OAuth2\Server\Entity\SessionEntity $session * @param \League\OAuth2\Server\Entity\SessionEntity $session
*
* @return self * @return self
*/ */
public function setSession(SessionEntity $session); public function setSession(SessionEntity $session);
/** /**
* Determine the access token in the authorization header * Determine the access token in the authorization header
* @param \Symfony\Component\HttpFoundation\Request $request *
* @param \Symfony\Component\HttpFoundation\Request $request
*
* @return string * @return string
*/ */
public function determineAccessTokenInHeader(Request $request); public function determineAccessTokenInHeader(Request $request);

23
src/Util/KeyAlgorithm/DefaultAlgorithm.php
View File

@@ -18,18 +18,19 @@ class DefaultAlgorithm implements KeyAlgorithmInterface
*/ */
public function generate($len = 40) public function generate($len = 40)
{ {
// We generate twice as many bytes here because we want to ensure we have $stripped = '';
// enough after we base64 encode it to get the length we need because we do {
// take out the "/", "+", and "=" characters. $bytes = openssl_random_pseudo_bytes($len, $strong);
$bytes = openssl_random_pseudo_bytes($len * 2, $strong);
// We want to stop execution if the key fails because, well, that is bad. // We want to stop execution if the key fails because, well, that is bad.
if ($bytes === false || $strong === false) { if ($bytes === false || $strong === false) {
// @codeCoverageIgnoreStart // @codeCoverageIgnoreStart
throw new \Exception('Error Generating Key'); throw new \Exception('Error Generating Key');
// @codeCoverageIgnoreEnd // @codeCoverageIgnoreEnd
} }
$stripped .= str_replace(['/', '+', '='], '', base64_encode($bytes));
} while (strlen($stripped) < $len);
return substr(str_replace(['/', '+', '='], '', base64_encode($bytes)), 0, $len); return substr($stripped, 0, $len);
} }
} }

4
src/Util/KeyAlgorithm/KeyAlgorithmInterface.php
View File

@@ -15,7 +15,9 @@ interface KeyAlgorithmInterface
{ {
/** /**
* Generate a new unique code * Generate a new unique code
* @param integer $len Length of the generated code *
* @param integer $len Length of the generated code
*
* @return string * @return string
*/ */
public function generate($len); public function generate($len);

8
src/Util/RedirectUri.php
View File

@@ -18,9 +18,11 @@ class RedirectUri
{ {
/** /**
* Generate a new redirect uri * Generate a new redirect uri
* @param string $uri The base URI *
* @param array $params The query string parameters * @param string $uri The base URI
* @param string $queryDelimeter The query string delimeter (default: "?") * @param array $params The query string parameters
* @param string $queryDelimeter The query string delimeter (default: "?")
*
* @return string The updated URI * @return string The updated URI
*/ */
public static function make($uri, $params = [], $queryDelimeter = '?') public static function make($uri, $params = [], $queryDelimeter = '?')

4
src/Util/SecureKey.php
View File

@@ -23,7 +23,9 @@ class SecureKey
/** /**
* Generate a new unique code * Generate a new unique code
* @param integer $len Length of the generated code *
* @param integer $len Length of the generated code
*
* @return string * @return string
*/ */
public static function generate($len = 40) public static function generate($len = 40)

2
tests/unit/Entity/AbstractTokenEntityTest.php
View File

@@ -2,10 +2,10 @@
namespace LeagueTests\Entity; namespace LeagueTests\Entity;
use LeagueTests\Stubs\StubAbstractTokenEntity;
use League\OAuth2\Server\AuthorizationServer; use League\OAuth2\Server\AuthorizationServer;
use League\OAuth2\Server\Entity\ScopeEntity; use League\OAuth2\Server\Entity\ScopeEntity;
use League\OAuth2\Server\Entity\SessionEntity; use League\OAuth2\Server\Entity\SessionEntity;
use LeagueTests\Stubs\StubAbstractTokenEntity;
use Mockery as M; use Mockery as M;
class AbstractTokenEntityTest extends \PHPUnit_Framework_TestCase class AbstractTokenEntityTest extends \PHPUnit_Framework_TestCase

2
tests/unit/Grant/AbstractGrantTest.php
View File

@@ -2,12 +2,12 @@
namespace LeagueTests\Grant; namespace LeagueTests\Grant;
use LeagueTests\Stubs\StubAbstractGrant;
use League\OAuth2\Server\AuthorizationServer; use League\OAuth2\Server\AuthorizationServer;
use League\OAuth2\Server\Entity\ClientEntity; use League\OAuth2\Server\Entity\ClientEntity;
use League\OAuth2\Server\Entity\ScopeEntity; use League\OAuth2\Server\Entity\ScopeEntity;
use League\OAuth2\Server\Exception\InvalidRequestException; use League\OAuth2\Server\Exception\InvalidRequestException;
use League\OAuth2\Server\Grant; use League\OAuth2\Server\Grant;
use LeagueTests\Stubs\StubAbstractGrant;
use Mockery as M; use Mockery as M;
class AbstractGrantTest extends \PHPUnit_Framework_TestCase class AbstractGrantTest extends \PHPUnit_Framework_TestCase

148
tests/unit/Grant/RefreshTokenGrantTest.php
View File

@@ -288,7 +288,7 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
public function testCompleteFlowExpiredRefreshToken() public function testCompleteFlowExpiredRefreshToken()
{ {
$this->setExpectedException('League\OAuth2\Server\Exception\InvalidRefreshException'); $this->setExpectedException('League\OAuth2\Server\Exception\InvalidRefreshException');
$_POST = [ $_POST = [
'grant_type' => 'refresh_token', 'grant_type' => 'refresh_token',
'client_id' => 'testapp', 'client_id' => 'testapp',
@@ -421,4 +421,150 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
$server->issueAccessToken(); $server->issueAccessToken();
} }
public function testCompleteFlowRotateRefreshToken()
{
$_POST = [
'grant_type' => 'refresh_token',
'client_id' => 'testapp',
'client_secret' => 'foobar',
'refresh_token' => 'refresh_token',
];
$server = new AuthorizationServer();
$grant = new RefreshTokenGrant();
$clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
$clientStorage->shouldReceive('setServer');
$clientStorage->shouldReceive('get')->andReturn(
(new ClientEntity($server))->hydrate(['id' => 'testapp'])
);
$sessionStorage = M::mock('League\OAuth2\Server\Storage\SessionInterface');
$sessionStorage->shouldReceive('setServer');
$sessionStorage->shouldReceive('getScopes')->shouldReceive('getScopes')->andReturn([]);
$sessionStorage->shouldReceive('associateScope');
$sessionStorage->shouldReceive('getByAccessToken')->andReturn(
(new SessionEntity($server))
);
$accessTokenStorage = M::mock('League\OAuth2\Server\Storage\AccessTokenInterface');
$accessTokenStorage->shouldReceive('setServer');
$accessTokenStorage->shouldReceive('get')->andReturn(
(new AccessTokenEntity($server))
);
$accessTokenStorage->shouldReceive('delete');
$accessTokenStorage->shouldReceive('create');
$accessTokenStorage->shouldReceive('getScopes')->andReturn([
(new ScopeEntity($server))->hydrate(['id' => 'foo']),
]);
$accessTokenStorage->shouldReceive('associateScope');
$refreshTokenStorage = M::mock('League\OAuth2\Server\Storage\RefreshTokenInterface');
$refreshTokenStorage->shouldReceive('setServer');
$refreshTokenStorage->shouldReceive('associateScope');
$refreshTokenStorage->shouldReceive('delete');
$refreshTokenStorage->shouldReceive('create');
$refreshTokenStorage->shouldReceive('get')->andReturn(
(new RefreshTokenEntity($server))->setId('refresh_token')->setExpireTime(time() + 86400)
);
$scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
$scopeStorage->shouldReceive('setServer');
$scopeStorage->shouldReceive('get')->andReturn(
(new ScopeEntity($server))->hydrate(['id' => 'foo'])
);
$server->setClientStorage($clientStorage);
$server->setScopeStorage($scopeStorage);
$server->setSessionStorage($sessionStorage);
$server->setAccessTokenStorage($accessTokenStorage);
$server->setRefreshTokenStorage($refreshTokenStorage);
$server->addGrantType($grant);
$response = $server->issueAccessToken();
$this->assertTrue(array_key_exists('access_token', $response));
$this->assertTrue(array_key_exists('refresh_token', $response));
$this->assertTrue(array_key_exists('token_type', $response));
$this->assertTrue(array_key_exists('expires_in', $response));
$this->assertNotEquals($response['refresh_token'], $_POST['refresh_token']);
$grant->setRefreshTokenRotation(false);
$response = $server->issueAccessToken();
$this->assertTrue(array_key_exists('access_token', $response));
$this->assertTrue(array_key_exists('refresh_token', $response));
$this->assertTrue(array_key_exists('token_type', $response));
$this->assertTrue(array_key_exists('expires_in', $response));
$this->assertEquals($response['refresh_token'], $_POST['refresh_token']);
}
public function testCompleteFlowShouldRequireClientSecret()
{
$_POST = [
'grant_type' => 'refresh_token',
'client_id' => 'testapp',
'refresh_token' => 'refresh_token',
];
$server = new AuthorizationServer();
$grant = new RefreshTokenGrant();
$grant->setRequireClientSecret(false);
$clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
$clientStorage->shouldReceive('setServer');
$clientStorage->shouldReceive('get')->andReturn(
(new ClientEntity($server))->hydrate(['id' => 'testapp'])
);
$sessionStorage = M::mock('League\OAuth2\Server\Storage\SessionInterface');
$sessionStorage->shouldReceive('setServer');
$sessionStorage->shouldReceive('getScopes')->shouldReceive('getScopes')->andReturn([]);
$sessionStorage->shouldReceive('associateScope');
$sessionStorage->shouldReceive('getByAccessToken')->andReturn(
(new SessionEntity($server))
);
$accessTokenStorage = M::mock('League\OAuth2\Server\Storage\AccessTokenInterface');
$accessTokenStorage->shouldReceive('setServer');
$accessTokenStorage->shouldReceive('get')->andReturn(
(new AccessTokenEntity($server))
);
$accessTokenStorage->shouldReceive('delete');
$accessTokenStorage->shouldReceive('create');
$accessTokenStorage->shouldReceive('getScopes')->andReturn([
(new ScopeEntity($server))->hydrate(['id' => 'foo']),
]);
$accessTokenStorage->shouldReceive('associateScope');
$refreshTokenStorage = M::mock('League\OAuth2\Server\Storage\RefreshTokenInterface');
$refreshTokenStorage->shouldReceive('setServer');
$refreshTokenStorage->shouldReceive('associateScope');
$refreshTokenStorage->shouldReceive('delete');
$refreshTokenStorage->shouldReceive('create');
$refreshTokenStorage->shouldReceive('get')->andReturn(
(new RefreshTokenEntity($server))->setId('refresh_token')->setExpireTime(time() + 86400)
);
$scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
$scopeStorage->shouldReceive('setServer');
$scopeStorage->shouldReceive('get')->andReturn(
(new ScopeEntity($server))->hydrate(['id' => 'foo'])
);
$server->setClientStorage($clientStorage);
$server->setScopeStorage($scopeStorage);
$server->setSessionStorage($sessionStorage);
$server->setAccessTokenStorage($accessTokenStorage);
$server->setRefreshTokenStorage($refreshTokenStorage);
$server->addGrantType($grant);
$response = $server->issueAccessToken();
$this->assertTrue(array_key_exists('access_token', $response));
$this->assertTrue(array_key_exists('refresh_token', $response));
$this->assertTrue(array_key_exists('token_type', $response));
$this->assertTrue(array_key_exists('expires_in', $response));
}
} }

165
tests/unit/TokenType/MacTest.php Normal file
View File

@@ -0,0 +1,165 @@
<?php
namespace LeagueTests\TokenType;
use League\OAuth2\Server\AuthorizationServer;
use League\OAuth2\Server\Entity\AccessTokenEntity;
use League\OAuth2\Server\TokenType\MAC;
use Mockery as M;
use Symfony\Component\HttpFoundation\Request;
class MacTest extends \PHPUnit_Framework_TestCase
{
public function testGenerateResponse()
{
$macStorage = M::mock('\League\OAuth2\Server\Storage\MacTokenInterface');
$macStorage->shouldReceive('create');
$server = new AuthorizationServer();
$server->setMacStorage($macStorage);
$tokenType = new MAC();
$tokenType->setServer($server);
$accessToken = new AccessTokenEntity($server);
$accessToken->setId(uniqid());
$accessToken->setExpireTime(time());
$tokenType->setParam('access_token', $accessToken->getId());
$tokenType->setParam('expires_in', 3600);
$response = $tokenType->generateResponse();
$this->assertEquals($accessToken->getId(), $response['access_token']);
$this->assertEquals('mac', $response['token_type']);
$this->assertEquals(3600, $response['expires_in']);
$this->assertEquals('hmac-sha-256', $response['mac_algorithm']);
$this->assertArrayHasKey('mac_key', $response);
}
public function testDetermineAccessTokenInHeaderValid()
{
$macStorage = M::mock('\League\OAuth2\Server\Storage\MacTokenInterface');
$macStorage->shouldReceive('getByAccessToken')->andReturn('abcdef');
$server = new AuthorizationServer();
$server->setMacStorage($macStorage);
$ts = time();
$request = Request::createFromGlobals();
$calculatedSignatureParts = [
$ts,
'foo',
strtoupper($request->getMethod()),
$request->getRequestUri(),
$request->getHost(),
$request->getPort(),
'ext'
];
$calculatedSignature = base64_encode(hash_hmac('sha256', implode("\n", $calculatedSignatureParts), 'abcdef', true));
$request->headers->set('Authorization', sprintf('MAC id="foo", nonce="foo", ts="%s", mac="%s", ext="ext"', $ts, $calculatedSignature));
$tokenType = new MAC();
$tokenType->setServer($server);
$response = $tokenType->determineAccessTokenInHeader($request);
$this->assertEquals('foo', $response);
}
public function testDetermineAccessTokenInHeaderMissingHeader()
{
$macStorage = M::mock('\League\OAuth2\Server\Storage\MacTokenInterface');
$macStorage->shouldReceive('getByAccessToken')->andReturn('abcdef');
$server = new AuthorizationServer();
$server->setMacStorage($macStorage);
$request = Request::createFromGlobals();
$tokenType = new MAC();
$tokenType->setServer($server);
$response = $tokenType->determineAccessTokenInHeader($request);
$this->assertEquals(null, $response);
}
public function testDetermineAccessTokenInHeaderMissingAuthMac()
{
$macStorage = M::mock('\League\OAuth2\Server\Storage\MacTokenInterface');
$macStorage->shouldReceive('getByAccessToken')->andReturn('abcdef');
$server = new AuthorizationServer();
$server->setMacStorage($macStorage);
$request = Request::createFromGlobals();
$request->headers->set('Authorization', '');
$tokenType = new MAC();
$tokenType->setServer($server);
$response = $tokenType->determineAccessTokenInHeader($request);
$this->assertEquals(null, $response);
}
public function testDetermineAccessTokenInHeaderInvalidParam()
{
$macStorage = M::mock('\League\OAuth2\Server\Storage\MacTokenInterface');
$macStorage->shouldReceive('getByAccessToken')->andReturn('abcdef');
$server = new AuthorizationServer();
$server->setMacStorage($macStorage);
$request = Request::createFromGlobals();
$request->headers->set('Authorization', 'MAC ');
$tokenType = new MAC();
$tokenType->setServer($server);
$response = $tokenType->determineAccessTokenInHeader($request);
$this->assertEquals(null, $response);
}
public function testDetermineAccessTokenInHeaderMismatchTimestamp()
{
$macStorage = M::mock('\League\OAuth2\Server\Storage\MacTokenInterface');
$macStorage->shouldReceive('getByAccessToken')->andReturn('abcdef');
$server = new AuthorizationServer();
$server->setMacStorage($macStorage);
$ts = time() - 100;
$request = Request::createFromGlobals();
$request->headers->set('Authorization', sprintf('MAC id="foo", nonce="foo", ts="%s", mac="%s", ext="ext"', $ts, 'foo'));
$tokenType = new MAC();
$tokenType->setServer($server);
$response = $tokenType->determineAccessTokenInHeader($request);
$this->assertEquals(null, $response);
}
public function testDetermineAccessTokenInHeaderMissingMacKey()
{
$macStorage = M::mock('\League\OAuth2\Server\Storage\MacTokenInterface');
$macStorage->shouldReceive('getByAccessToken')->andReturn(null);
$server = new AuthorizationServer();
$server->setMacStorage($macStorage);
$ts = time();
$request = Request::createFromGlobals();
$request->headers->set('Authorization', sprintf('MAC id="foo", nonce="foo", ts="%s", mac="%s", ext="ext"', $ts, 'foo'));
$tokenType = new MAC();
$tokenType->setServer($server);
$response = $tokenType->determineAccessTokenInHeader($request);
$this->assertEquals(null, $response);
}
}