Changelog update

The authorization server MAY issue a new refresh token, in which case
   the client MUST discard the old refresh token and replace it with the
   new refresh token.  The authorization server MAY revoke the old
   refresh token after issuing a new refresh token to the client.  If a
   new refresh token is issued, the refresh token scope MUST be
   identical to that of the refresh token included by the client in the
   request.

This commit allows users to specifiy the time before the Refresh Token
expire time to issue a new Refresh Token.

alter method names, naming convention(?)

CHANGELOG.md

@@ -1,5 +1,16 @@
 # Changelog
 
+## 4.1.1 (released 2014-12-31)
+
+* Changed `symfony/http-foundation` dependency version to `~2.4` so package can be installed in Laravel `4.1.*`
+
+## 4.1.0 (released 2014-12-27)
+
+* Added MAC token support (Issue #158)
+* Fixed example init code (Issue #280)
+* Toggle refresh token rotation (Issue #286)
+* Docblock fixes
+
 ## 4.0.5 (released 2014-12-15)
 
 * Prevent duplicate session in auth code grant (Issue #282)

README.md

@@ -22,9 +22,11 @@ You can also define your own grants.
 In addition it supports the following token types:
 
 * Bearer tokens
-* MAC tokens (coming soon)
+* MAC tokens
 * JSON web tokens (coming soon)
 
+You can also create you own tokens.
+
 
 ## Requirements
 

composer.json

@@ -5,7 +5,7 @@
 	"license": "MIT",
 	"require": {
 		"php": ">=5.4.0",
-		"symfony/http-foundation": "~2.5",
+		"symfony/http-foundation": "~2.4",
 		"league/event": "1.0.*"
 	},
 	"require-dev": {

src/Grant/RefreshTokenGrant.php

@@ -35,6 +35,13 @@ class RefreshTokenGrant extends AbstractGrant
      */
     protected $refreshTokenTTL = 604800;
 
+    /**
+     * Rotate token (default = true)
+     *
+     * @var integer
+     */
+    protected $refreshTokenRotate = true;
+
     /**
      * Set the TTL of the refresh token
      *
@@ -57,6 +64,25 @@ class RefreshTokenGrant extends AbstractGrant
         return $this->refreshTokenTTL;
     }
 
+    /**
+     * Set the rotation boolean of the refresh token
+     * @param bool $refreshTokenRotate
+     */
+    public function setRefreshTokenRotation($refreshTokenRotate = true)
+    {
+        $this->refreshTokenRotate = $refreshTokenRotate;
+    }
+
+    /**
+     * Get rotation boolean of the refresh token
+     *
+     * @return bool
+     */
+    public function shouldRotateRefreshTokens()
+    {
+        return $this->refreshTokenRotate;
+    }
+
     /**
      * {@inheritdoc}
      */
@@ -146,17 +172,21 @@ class RefreshTokenGrant extends AbstractGrant
         $this->server->getTokenType()->setParam('access_token', $newAccessToken->getId());
         $this->server->getTokenType()->setParam('expires_in', $this->getAccessTokenTTL());
 
-        // Expire the old refresh token
+        if ($this->shouldRotateRefreshTokens()) {
-        $oldRefreshToken->expire();
+            // Expire the old refresh token
+            $oldRefreshToken->expire();
 
-        // Generate a new refresh token
+            // Generate a new refresh token
-        $newRefreshToken = new RefreshTokenEntity($this->server);
+            $newRefreshToken = new RefreshTokenEntity($this->server);
-        $newRefreshToken->setId(SecureKey::generate());
+            $newRefreshToken->setId(SecureKey::generate());
-        $newRefreshToken->setExpireTime($this->getRefreshTokenTTL() + time());
+            $newRefreshToken->setExpireTime($this->getRefreshTokenTTL() + time());
-        $newRefreshToken->setAccessToken($newAccessToken);
+            $newRefreshToken->setAccessToken($newAccessToken);
-        $newRefreshToken->save();
+            $newRefreshToken->save();
 
-        $this->server->getTokenType()->setParam('refresh_token', $newRefreshToken->getId());
+            $this->server->getTokenType()->setParam('refresh_token', $newRefreshToken->getId());
+        } else {
+            $this->server->getTokenType()->setParam('refresh_token', $oldRefreshToken->getId());
+        }
 
         return $this->server->getTokenType()->generateResponse();
     }

tests/unit/Grant/RefreshTokenGrantTest.php

@@ -421,4 +421,81 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
 
         $server->issueAccessToken();
     }
+
+    public function testCompleteFlowRotateRefreshToken()
+    {
+        $_POST = [
+            'grant_type'    => 'refresh_token',
+            'client_id'     =>  'testapp',
+            'client_secret' =>  'foobar',
+            'refresh_token' =>  'refresh_token',
+        ];
+
+        $server = new AuthorizationServer();
+        $grant = new RefreshTokenGrant();
+
+        $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
+        $clientStorage->shouldReceive('setServer');
+        $clientStorage->shouldReceive('get')->andReturn(
+            (new ClientEntity($server))->hydrate(['id' => 'testapp'])
+        );
+
+        $sessionStorage = M::mock('League\OAuth2\Server\Storage\SessionInterface');
+        $sessionStorage->shouldReceive('setServer');
+        $sessionStorage->shouldReceive('getScopes')->shouldReceive('getScopes')->andReturn([]);
+        $sessionStorage->shouldReceive('associateScope');
+        $sessionStorage->shouldReceive('getByAccessToken')->andReturn(
+            (new SessionEntity($server))
+        );
+
+        $accessTokenStorage = M::mock('League\OAuth2\Server\Storage\AccessTokenInterface');
+        $accessTokenStorage->shouldReceive('setServer');
+        $accessTokenStorage->shouldReceive('get')->andReturn(
+            (new AccessTokenEntity($server))
+        );
+        $accessTokenStorage->shouldReceive('delete');
+        $accessTokenStorage->shouldReceive('create');
+        $accessTokenStorage->shouldReceive('getScopes')->andReturn([
+            (new ScopeEntity($server))->hydrate(['id' => 'foo']),
+        ]);
+        $accessTokenStorage->shouldReceive('associateScope');
+
+        $refreshTokenStorage = M::mock('League\OAuth2\Server\Storage\RefreshTokenInterface');
+        $refreshTokenStorage->shouldReceive('setServer');
+        $refreshTokenStorage->shouldReceive('associateScope');
+        $refreshTokenStorage->shouldReceive('delete');
+        $refreshTokenStorage->shouldReceive('create');
+        $refreshTokenStorage->shouldReceive('get')->andReturn(
+            (new RefreshTokenEntity($server))->setId('refresh_token')->setExpireTime(time() + 86400)
+        );
+
+        $scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
+        $scopeStorage->shouldReceive('setServer');
+        $scopeStorage->shouldReceive('get')->andReturn(
+            (new ScopeEntity($server))->hydrate(['id' => 'foo'])
+        );
+
+        $server->setClientStorage($clientStorage);
+        $server->setScopeStorage($scopeStorage);
+        $server->setSessionStorage($sessionStorage);
+        $server->setAccessTokenStorage($accessTokenStorage);
+        $server->setRefreshTokenStorage($refreshTokenStorage);
+
+        $server->addGrantType($grant);
+
+        $response = $server->issueAccessToken();
+        $this->assertTrue(array_key_exists('access_token', $response));
+        $this->assertTrue(array_key_exists('refresh_token', $response));
+        $this->assertTrue(array_key_exists('token_type', $response));
+        $this->assertTrue(array_key_exists('expires_in', $response));
+        $this->assertNotEquals($response['refresh_token'], $_POST['refresh_token']);
+
+        $grant->setRefreshTokenRotation(false);
+        $response = $server->issueAccessToken();
+        $this->assertTrue(array_key_exists('access_token', $response));
+        $this->assertTrue(array_key_exists('refresh_token', $response));
+        $this->assertTrue(array_key_exists('token_type', $response));
+        $this->assertTrue(array_key_exists('expires_in', $response));
+        $this->assertEquals($response['refresh_token'], $_POST['refresh_token']);
+    }
 }