oauth2-server/src/League/OAuth2/Server/Resource.php

<?php
/**
 * OAuth 2.0 Resource Server
 *
 * @package     php-loep/oauth2-server
 * @author      Alex Bilbie <hello@alexbilbie.com>
 * @copyright   Copyright (c) 2013 PHP League of Extraordinary Packages
 * @license     http://mit-license.org/
 * @link        http://github.com/php-loep/oauth2-server
 */

namespace League\OAuth2\Server;

use OutOfBoundsException;
use League\OAuth2\Server\Storage\SessionInterface;
use League\OAuth2\Server\Util\RequestInterface;
use League\OAuth2\Server\Util\Request;

/**
 * OAuth 2.0 Resource Server
 */
class Resource
{
    /**
     * The access token
     * @var string
     */
    protected $accessToken = null;

    /**
     * The session ID
     * @var string
     */
    protected $sessionId = null;

    /**
     * The type of the owner of the access token
     * @var string
     */
    protected $ownerType = null;

    /**
     * The ID of the owner of the access token
     * @var string
     */
    protected $ownerId = null;

    /**
     * The scopes associated with the access token
     * @var array
     */
    protected $sessionScopes = array();

    /**
     * The client, scope and session storage classes
     * @var array
     */
    protected $storages = array();

    /**
     * The request object
     * @var Util\RequestInterface
     */
    protected $request = null;

    /**
     * The query string key which is used by clients to present the access token (default: access_token)
     * @var string
     */
    protected $tokenKey = 'access_token';

    /**
     * The client ID
     * @var string
     */
    protected $clientId = null;

    /**
     * Sets up the Resource
     *
     * @param SessionInterface  The Session Storage Object
     */
    public function __construct(SessionInterface $session)
    {
        $this->storages['session'] = $session;
    }

    /**
     * Sets the Request Object
     *
     * @param  RequestInterface The Request Object
     */
    public function setRequest(RequestInterface $request)
    {
        $this->request = $request;
    }

    /**
     * Gets the Request object.  It will create one from the globals if one is not set.
     *
     * @return Util\RequestInterface
     */
    public function getRequest()
    {
        if ($this->request === null) {
            // @codeCoverageIgnoreStart
            $this->request = Request::buildFromGlobals();
        }
        // @codeCoverageIgnoreEnd

        return $this->request;
    }

    /**
     * Returns the query string key for the access token.
     *
     * @return string
     */
    public function getTokenKey()
    {
        return $this->tokenKey;
    }

    /**
     * Sets the query string key for the access token.
     *
     * @param $key The new query string key
     */
    public function setTokenKey($key)
    {
        $this->tokenKey = $key;
    }

    /**
     * Gets the access token owner ID.
     *
     * @return string
     */
    public function getOwnerId()
    {
        return $this->ownerId;
    }

    /**
     * Gets the owner type.
     *
     * @return string
     */
    public function getOwnerType()
    {
        return $this->ownerType;
    }

    /**
     * Gets the access token.
     *
     * @return string
     */
    public function getAccessToken()
    {
        return $this->accessToken;
    }

    /**
     * Gets the client ID that created the session
     * @return string
     */
    public function getClientId()
    {
        return $this->clientId;
    }

    /**
     * Checks if the access token is valid or not.
     *
     * @throws Exception\InvalidAccessTokenException Thrown if the presented access token is not valid
     * @return bool
     */
    public function isValid()
    {
        $accessToken = $this->determineAccessToken();

        $result = $this->storages['session']->validateAccessToken($accessToken);

        if ( ! $result) {
            throw new Exception\InvalidAccessTokenException('Access token is not valid');
        }

        $this->accessToken = $accessToken;
        $this->sessionId = $result['session_id'];
        $this->clientId = $result['client_id'];
        $this->ownerType = $result['owner_type'];
        $this->ownerId = $result['owner_id'];

        $sessionScopes = $this->storages['session']->getScopes($this->accessToken);
        foreach ($sessionScopes as $scope) {
            $this->sessionScopes[] = $scope['key'];
        }

        return true;
    }

    /**
     * Get the session scopes
     * @return array
     */
    public function getScopes()
    {
        return $this->sessionScopes;
    }

    /**
     * Checks if the presented access token has the given scope(s).
     *
     * @param array|string  An array of scopes or a single scope as a string
     * @return bool         Returns bool if all scopes are found, false if any fail
     */
    public function hasScope($scopes)
    {
        if (is_string($scopes)) {
            if (in_array($scopes, $this->sessionScopes)) {
                return true;
            }
            return false;
        } elseif (is_array($scopes)) {
            foreach ($scopes as $scope) {
                if ( ! in_array($scope, $this->sessionScopes)) {
                    return false;
                }
            }
            return true;
        }

        return false;
    }

    /**
     * Reads in the access token from the headers.
     *
     * @throws Exception\MissingAccessTokenException  Thrown if there is no access token presented
     * @return string
     */
    protected function determineAccessToken()
    {
        if ($header = $this->getRequest()->header('Authorization')) {
            // Check for special case, because cURL sometimes does an
            // internal second request and doubles the authorization header,
            // which always resulted in an error.
            //
            // 1st request: Authorization: Bearer XXX
            // 2nd request: Authorization: Bearer XXX, Bearer XXX
            if (strpos($header, ',') !== false) {
                $headerPart = explode(',', $header);
                $accessToken = preg_replace('/^(?:\s+)?Bearer(\s{1})/', '', $headerPart[0]);
            } else {
                $accessToken = preg_replace('/^(?:\s+)?Bearer(\s{1})/', '', $header);
            }
            $accessToken = ($accessToken === 'Bearer') ? '' : $accessToken;
        } else {
            $method = $this->getRequest()->server('REQUEST_METHOD');
            $accessToken = $this->getRequest()->{$method}($this->tokenKey);
        }

        if (empty($accessToken)) {
            throw new Exception\InvalidAccessTokenException('Access token is missing');
        }

        return $accessToken;
    }

}
Starting the reorganization 2012-12-29 01:42:16 +05:30			`<?php`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`/**`
			`* OAuth 2.0 Resource Server`
			`*`
Moved files into server namespace/folder and updated docblock copyright statements 2013-05-08 23:59:24 +05:30			`* @package php-loep/oauth2-server`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`* @author Alex Bilbie <hello@alexbilbie.com>`
Moved files into server namespace/folder and updated docblock copyright statements 2013-05-08 23:59:24 +05:30			`* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`* @license http://mit-license.org/`
Fixed incorrect @link 2013-05-09 00:00:53 +05:30			`* @link http://github.com/php-loep/oauth2-server`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`*/`
Starting the reorganization 2012-12-29 01:42:16 +05:30
Renamed AuthServer to Authorization, renamed ResourceServer to Resource. Updated all tests and other files 2013-05-09 00:12:23 +05:30			`namespace League\OAuth2\Server;`
Starting the reorganization 2012-12-29 01:42:16 +05:30
			`use OutOfBoundsException;`
Renamed AuthServer to Authorization, renamed ResourceServer to Resource. Updated all tests and other files 2013-05-09 00:12:23 +05:30			`use League\OAuth2\Server\Storage\SessionInterface;`
			`use League\OAuth2\Server\Util\RequestInterface;`
			`use League\OAuth2\Server\Util\Request;`
Starting the reorganization 2012-12-29 01:42:16 +05:30
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`/**`
			`* OAuth 2.0 Resource Server`
			`*/`
Renamed AuthServer to Authorization, renamed ResourceServer to Resource. Updated all tests and other files 2013-05-09 00:12:23 +05:30			`class Resource`
Starting the reorganization 2012-12-29 01:42:16 +05:30			`{`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`/**`
			`* The access token`
			`* @var string`
			`*/`
Starting the reorganization 2012-12-29 01:42:16 +05:30			`protected $accessToken = null;`

Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`/**`
			`* The session ID`
			`* @var string`
			`*/`
Starting the reorganization 2012-12-29 01:42:16 +05:30			`protected $sessionId = null;`

Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`/**`
			`* The type of the owner of the access token`
			`* @var string`
			`*/`
Starting the reorganization 2012-12-29 01:42:16 +05:30			`protected $ownerType = null;`

Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`/**`
			`* The ID of the owner of the access token`
			`* @var string`
			`*/`
Starting the reorganization 2012-12-29 01:42:16 +05:30			`protected $ownerId = null;`

Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`/**`
			`* The scopes associated with the access token`
			`* @var array`
			`*/`
Starting the reorganization 2012-12-29 01:42:16 +05:30			`protected $sessionScopes = array();`

Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`/**`
			`* The client, scope and session storage classes`
			`* @var array`
			`*/`
Starting the reorganization 2012-12-29 01:42:16 +05:30			`protected $storages = array();`

Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`/**`
			`* The request object`
			`* @var Util\RequestInterface`
			`*/`
Starting the reorganization 2012-12-29 01:42:16 +05:30			`protected $request = null;`

Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`/**`
Changed 'oauth_token' to 'access_token' 2013-02-13 22:40:44 +05:30			`* The query string key which is used by clients to present the access token (default: access_token)`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`* @var string`
			`*/`
Changed 'oauth_token' to 'access_token' 2013-02-13 22:40:44 +05:30			`protected $tokenKey = 'access_token';`
Starting the reorganization 2012-12-29 01:42:16 +05:30
Added missing clientId variable, fixed docblock 2013-05-09 02:29:17 +05:30			`/**`
			`* The client ID`
			`* @var string`
			`*/`
			`protected $clientId = null;`

Starting the reorganization 2012-12-29 01:42:16 +05:30			`/**`
			`* Sets up the Resource`
			`*`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`* @param SessionInterface The Session Storage Object`
Starting the reorganization 2012-12-29 01:42:16 +05:30			`*/`
Various bug fixes 2013-02-05 21:50:45 +05:30			`public function __construct(SessionInterface $session)`
Starting the reorganization 2012-12-29 01:42:16 +05:30			`{`
			`$this->storages['session'] = $session;`
Fixing Resource bugs and moving the Request dep to a setter. 2013-01-05 03:51:24 +05:30			`}`
Starting the reorganization 2012-12-29 01:42:16 +05:30
Fixing Resource bugs and moving the Request dep to a setter. 2013-01-05 03:51:24 +05:30			`/**`
			`* Sets the Request Object`
			`*`
			`* @param RequestInterface The Request Object`
			`*/`
			`public function setRequest(RequestInterface $request)`
			`{`
Starting the reorganization 2012-12-29 01:42:16 +05:30			`$this->request = $request;`
			`}`

Fixing Resource bugs and moving the Request dep to a setter. 2013-01-05 03:51:24 +05:30			`/**`
			`* Gets the Request object. It will create one from the globals if one is not set.`
			`*`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`* @return Util\RequestInterface`
Fixing Resource bugs and moving the Request dep to a setter. 2013-01-05 03:51:24 +05:30			`*/`
			`public function getRequest()`
			`{`
			`if ($this->request === null) {`
Various bug fixes 2013-02-05 21:50:45 +05:30			`// @codeCoverageIgnoreStart`
Fixing Resource bugs and moving the Request dep to a setter. 2013-01-05 03:51:24 +05:30			`$this->request = Request::buildFromGlobals();`
			`}`
Various bug fixes 2013-02-05 21:50:45 +05:30			`// @codeCoverageIgnoreEnd`
Fixing Resource bugs and moving the Request dep to a setter. 2013-01-05 03:51:24 +05:30
			`return $this->request;`
			`}`

Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`/**`
			`* Returns the query string key for the access token.`
			`*`
			`* @return string`
			`*/`
Various bug fixes 2013-02-05 21:50:45 +05:30			`public function getTokenKey()`
			`{`
			`return $this->tokenKey;`
			`}`

Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`/**`
			`* Sets the query string key for the access token.`
			`*`
			`* @param $key The new query string key`
			`*/`
Various bug fixes 2013-02-05 21:50:45 +05:30			`public function setTokenKey($key)`
			`{`
			`$this->tokenKey = $key;`
			`}`

Adding a few Getters to the Resource, moving Exceptions and adding some new ones. 2013-01-18 01:49:01 +05:30			`/**`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`* Gets the access token owner ID.`
Adding a few Getters to the Resource, moving Exceptions and adding some new ones. 2013-01-18 01:49:01 +05:30			`*`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`* @return string`
Adding a few Getters to the Resource, moving Exceptions and adding some new ones. 2013-01-18 01:49:01 +05:30			`*/`
			`public function getOwnerId()`
			`{`
			`return $this->ownerId;`
			`}`

			`/**`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`* Gets the owner type.`
Adding a few Getters to the Resource, moving Exceptions and adding some new ones. 2013-01-18 01:49:01 +05:30			`*`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`* @return string`
Adding a few Getters to the Resource, moving Exceptions and adding some new ones. 2013-01-18 01:49:01 +05:30			`*/`
			`public function getOwnerType()`
			`{`
Various bug fixes 2013-02-05 21:50:45 +05:30			`return $this->ownerType;`
Adding a few Getters to the Resource, moving Exceptions and adding some new ones. 2013-01-18 01:49:01 +05:30			`}`

Started adding some Server methods, adding some Util classes and adding a way to get the token from the Resource 2013-01-22 21:55:51 +05:30			`/**`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`* Gets the access token.`
Started adding some Server methods, adding some Util classes and adding a way to get the token from the Resource 2013-01-22 21:55:51 +05:30			`*`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`* @return string`
Started adding some Server methods, adding some Util classes and adding a way to get the token from the Resource 2013-01-22 21:55:51 +05:30			`*/`
			`public function getAccessToken()`
			`{`
			`return $this->accessToken;`
			`}`

Added getClientId method 2013-05-09 06:36:18 +05:30			`/**`
			`* Gets the client ID that created the session`
			`* @return string`
			`*/`
			`public function getClientId()`
			`{`
			`return $this->clientId;`
			`}`

Starting the reorganization 2012-12-29 01:42:16 +05:30			`/**`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`* Checks if the access token is valid or not.`
Starting the reorganization 2012-12-29 01:42:16 +05:30			`*`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`* @throws Exception\InvalidAccessTokenException Thrown if the presented access token is not valid`
Starting the reorganization 2012-12-29 01:42:16 +05:30			`* @return bool`
			`*/`
			`public function isValid()`
			`{`
Changed variable syntax style to be PSR2 2013-05-05 22:35:46 +05:30			`$accessToken = $this->determineAccessToken();`
Starting the reorganization 2012-12-29 01:42:16 +05:30
Changed variable syntax style to be PSR2 2013-05-05 22:35:46 +05:30			`$result = $this->storages['session']->validateAccessToken($accessToken);`
Starting the reorganization 2012-12-29 01:42:16 +05:30
			`if ( ! $result) {`
Fixed silliness with access token verification 2013-02-08 17:15:51 +05:30			`throw new Exception\InvalidAccessTokenException('Access token is not valid');`
Starting the reorganization 2012-12-29 01:42:16 +05:30			`}`

Changed variable syntax style to be PSR2 2013-05-05 22:35:46 +05:30			`$this->accessToken = $accessToken;`
Updated response params 2013-05-05 22:41:01 +05:30			`$this->sessionId = $result['session_id'];`
			`$this->clientId = $result['client_id'];`
Starting the reorganization 2012-12-29 01:42:16 +05:30			`$this->ownerType = $result['owner_type'];`
			`$this->ownerId = $result['owner_id'];`

Fixed getting of session scopes 2013-05-05 22:48:37 +05:30			`$sessionScopes = $this->storages['session']->getScopes($this->accessToken);`
			`foreach ($sessionScopes as $scope) {`
			`$this->sessionScopes[] = $scope['key'];`
			`}`
Starting the reorganization 2012-12-29 01:42:16 +05:30
			`return true;`
			`}`

Added session scopes 2013-05-05 22:46:28 +05:30			`/**`
			`* Get the session scopes`
Added missing clientId variable, fixed docblock 2013-05-09 02:29:17 +05:30			`* @return array`
Added session scopes 2013-05-05 22:46:28 +05:30			`*/`
			`public function getScopes()`
			`{`
			`return $this->sessionScopes;`
			`}`

Starting the reorganization 2012-12-29 01:42:16 +05:30			`/**`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`* Checks if the presented access token has the given scope(s).`
Starting the reorganization 2012-12-29 01:42:16 +05:30			`*`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`* @param array\|string An array of scopes or a single scope as a string`
			`* @return bool Returns bool if all scopes are found, false if any fail`
Starting the reorganization 2012-12-29 01:42:16 +05:30			`*/`
			`public function hasScope($scopes)`
			`{`
			`if (is_string($scopes)) {`
			`if (in_array($scopes, $this->sessionScopes)) {`
			`return true;`
			`}`
			`return false;`
			`} elseif (is_array($scopes)) {`
			`foreach ($scopes as $scope) {`
			`if ( ! in_array($scope, $this->sessionScopes)) {`
			`return false;`
			`}`
			`}`
			`return true;`
			`}`

			`return false;`
			`}`

Fixing Resource bugs and moving the Request dep to a setter. 2013-01-05 03:51:24 +05:30			`/**`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`* Reads in the access token from the headers.`
Fixing Resource bugs and moving the Request dep to a setter. 2013-01-05 03:51:24 +05:30			`*`
Updated docblocks for the two main classes 2013-02-13 02:03:23 +05:30			`* @throws Exception\MissingAccessTokenException Thrown if there is no access token presented`
Fixing Resource bugs and moving the Request dep to a setter. 2013-01-05 03:51:24 +05:30			`* @return string`
			`*/`
Starting the reorganization 2012-12-29 01:42:16 +05:30			`protected function determineAccessToken()`
			`{`
Fixing Resource bugs and moving the Request dep to a setter. 2013-01-05 03:51:24 +05:30			`if ($header = $this->getRequest()->header('Authorization')) {`
Fixed two probems in access token check 1) The method returned the wrong result in case when the access token itself contained the string "Bearer". 2) When using cURL, the request is sometimes send twice (in my case when the first request returned a 404 error), and the Authorization header of the second request is doubled, so that you get a "Authorization: Bearer XXX, Bearer XXX". This case is checked now. (BTW: Tested with the current PHP version 5.4.15 on Windows.) 2013-05-10 23:30:01 +05:30			`// Check for special case, because cURL sometimes does an`
			`// internal second request and doubles the authorization header,`
			`// which always resulted in an error.`
			`//`
			`// 1st request: Authorization: Bearer XXX`
			`// 2nd request: Authorization: Bearer XXX, Bearer XXX`
			`if (strpos($header, ',') !== false) {`
Updated @ziege's patch to overcome awkward access token definition requirement (i.e. access token can have a space in it) and also optimised code. Fixes #52 2013-05-11 01:27:06 +05:30			`$headerPart = explode(',', $header);`
			`$accessToken = preg_replace('/^(?:\s+)?Bearer(\s{1})/', '', $headerPart[0]);`
Fixed two probems in access token check 1) The method returned the wrong result in case when the access token itself contained the string "Bearer". 2) When using cURL, the request is sometimes send twice (in my case when the first request returned a 404 error), and the Authorization header of the second request is doubled, so that you get a "Authorization: Bearer XXX, Bearer XXX". This case is checked now. (BTW: Tested with the current PHP version 5.4.15 on Windows.) 2013-05-10 23:30:01 +05:30			`} else {`
Updated @ziege's patch to overcome awkward access token definition requirement (i.e. access token can have a space in it) and also optimised code. Fixes #52 2013-05-11 01:27:06 +05:30			`$accessToken = preg_replace('/^(?:\s+)?Bearer(\s{1})/', '', $header);`
Fixed two probems in access token check 1) The method returned the wrong result in case when the access token itself contained the string "Bearer". 2) When using cURL, the request is sometimes send twice (in my case when the first request returned a 404 error), and the Authorization header of the second request is doubled, so that you get a "Authorization: Bearer XXX, Bearer XXX". This case is checked now. (BTW: Tested with the current PHP version 5.4.15 on Windows.) 2013-05-10 23:30:01 +05:30			`}`
Updated @ziege's patch to overcome awkward access token definition requirement (i.e. access token can have a space in it) and also optimised code. Fixes #52 2013-05-11 01:27:06 +05:30			`$accessToken = ($accessToken === 'Bearer') ? '' : $accessToken;`
Starting the reorganization 2012-12-29 01:42:16 +05:30			`} else {`
Fixing Resource bugs and moving the Request dep to a setter. 2013-01-05 03:51:24 +05:30			`$method = $this->getRequest()->server('REQUEST_METHOD');`
Changed variable syntax style to be PSR2 2013-05-05 22:35:46 +05:30			`$accessToken = $this->getRequest()->{$method}($this->tokenKey);`
Starting the reorganization 2012-12-29 01:42:16 +05:30			`}`

Changed variable syntax style to be PSR2 2013-05-05 22:35:46 +05:30			`if (empty($accessToken)) {`
Various fixes and tweaks 2013-02-08 17:10:33 +05:30			`throw new Exception\InvalidAccessTokenException('Access token is missing');`
Starting the reorganization 2012-12-29 01:42:16 +05:30			`}`

Changed variable syntax style to be PSR2 2013-05-05 22:35:46 +05:30			`return $accessToken;`
Starting the reorganization 2012-12-29 01:42:16 +05:30			`}`

			`}`