Numerous bug fixes

2024-12-22 13:09:44 +05:30 · 2016-02-12 13:32:58 +00:00 · 2016-02-12 13:32:58 +00:00 · 0115c41eea
commit 0115c41eea
parent 9b97778618
4 changed files with 125 additions and 47 deletions
--- a/examples/public/auth_code.php
+++ b/examples/public/auth_code.php
@ -1,10 +1,10 @@
 <?php

 use League\OAuth2\Server\Exception\OAuthServerException;
-use League\OAuth2\Server\Grant\PasswordGrant;
 use League\OAuth2\Server\Server;

 use OAuth2ServerExamples\Repositories\AccessTokenRepository;
+use OAuth2ServerExamples\Repositories\AuthCodeRepository;
 use OAuth2ServerExamples\Repositories\ClientRepository;
 use OAuth2ServerExamples\Repositories\RefreshTokenRepository;
 use OAuth2ServerExamples\Repositories\ScopeRepository;
@ -16,42 +16,64 @@ use Slim\Http\Response;

 include(__DIR__ . '/../vendor/autoload.php');

-// Setup the authorization server
-$server = new Server('file://' . __DIR__ . '/../private.key');
-
-// Init our repositories
-$userRepository = new UserRepository();
-$clientRepository = new ClientRepository();
-$scopeRepository = new ScopeRepository();
-$accessTokenRepository = new AccessTokenRepository();
-$refreshTokenRepository = new RefreshTokenRepository();
-
-// Enable the client credentials grant on the server
-$passwordGrant = new PasswordGrant(
-    $userRepository,
-    $clientRepository,
-    $scopeRepository,
-    $accessTokenRepository,
-    $refreshTokenRepository
-);
-$server->enableGrantType($passwordGrant);
-
 // App
-$app = new App([Server::class => $server]);
+$app = new App([
+    Server::class => function () {

-$app->any('/authorise', function (Request $request, Response $response) {
-     if (strtoupper($request->getMethod()) === 'GET') {
-         $response = $response->withHeader('Set-Cookie', $authCodeGrant->storeOriginalRequestParams)
-     }
+        // Init our repositories
+        $clientRepository = new ClientRepository();
+        $scopeRepository = new ScopeRepository();
+        $accessTokenRepository = new AccessTokenRepository();
+        $userRepository = new UserRepository();
+        $refreshTokenRepository = new RefreshTokenRepository();
+        $authCodeRepository = new AuthCodeRepository();
+
+        $privateKeyPath = 'file://' . __DIR__ . '/../private.key';
+        $publicKeyPath = 'file://' . __DIR__ . '/../public.key';
+
+        // Setup the authorization server
+        $server = new Server(
+            $clientRepository,
+            $accessTokenRepository,
+            $scopeRepository,
+            $privateKeyPath,
+            $publicKeyPath
+        );
+
+        // Enable the password grant on the server with a token TTL of 1 hour
+        $server->enableGrantType(
+            new \League\OAuth2\Server\Grant\AuthCodeGrant(
+                $authCodeRepository,
+                $refreshTokenRepository,
+                $userRepository,
+                new \DateInterval('PT10M')
+            ),
+            new \DateInterval('PT1H')
+        );
+
+        return $server;
+    },
+]);
+
+$app->any('/authorize', function (Request $request, Response $response) {
+    /** @var Server $server */
+    $server = $this->get(Server::class);
+    try {
+        return $server->respondToRequest($request, $response);
+    } catch (OAuthServerException $e) {
+        return $e->generateHttpResponse($response);
+    } catch (\Exception $e) {
+        return $response->withStatus(500)->write($e->getMessage());
+    }
 });

 $app->post('/access_token', function (Request $request, Response $response) {
    /** @var Server $server */
    $server = $this->get(Server::class);
    try {
-        return $server->respondToRequest($request);
+        return $server->respondToRequest($request, $response);
    } catch (OAuthServerException $e) {
-        return $e->generateHttpResponse();
+        return $e->generateHttpResponse($response);
    } catch (\Exception $e) {
        return $response->withStatus(500)->write($e->getMessage());
    }
--- a/examples/src/Repositories/AuthCodeRepository.php
+++ b/examples/src/Repositories/AuthCodeRepository.php
@ -0,0 +1,42 @@
+<?php
+
+namespace OAuth2ServerExamples\Repositories;
+
+use League\OAuth2\Server\Entities\Interfaces\AuthCodeEntityInterface;
+use League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface;
+
+class AuthCodeRepository implements AuthCodeRepositoryInterface
+{
+
+    /**
+     * Persists a new auth code to permanent storage
+     *
+     * @param \League\OAuth2\Server\Entities\Interfaces\AuthCodeEntityInterface $authCodeEntity
+     */
+    public function persistNewAuthCode(AuthCodeEntityInterface $authCodeEntity)
+    {
+        // TODO: Implement persistNewAuthCode() method.
+    }
+
+    /**
+     * Revoke an auth code
+     *
+     * @param string $codeId
+     */
+    public function revokeAuthCode($codeId)
+    {
+        // TODO: Implement revokeAuthCode() method.
+    }
+
+    /**
+     * Check if the auth code has been revoked
+     *
+     * @param string $codeId
+     *
+     * @return bool Return true if this code has been revoked
+     */
+    public function isAuthCodeRevoked($codeId)
+    {
+        // TODO: Implement isAuthCodeRevoked() method.
+    }
+}
--- a/src/Grant/AuthCodeGrant.php
+++ b/src/Grant/AuthCodeGrant.php
@ -3,10 +3,10 @@
 namespace League\OAuth2\Server\Grant;

 use DateInterval;
-use League\OAuth2\Server\Entities\ClientEntity;
 use League\OAuth2\Server\Entities\Interfaces\UserEntityInterface;
 use League\OAuth2\Server\Exception\OAuthServerException;
 use League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface;
+use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
 use League\OAuth2\Server\Repositories\UserRepositoryInterface;
 use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
 use League\OAuth2\Server\Utils\KeyCrypt;
@ -42,20 +42,28 @@ class AuthCodeGrant extends AbstractGrant
    private $pathToAuthorizeTemplate;

    /**
-     * @param \League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface $authCodeRepository
-     * @param \League\OAuth2\Server\Repositories\UserRepositoryInterface     $userRepository
-     * @param \DateInterval                                                  $authCodeTTL
-     * @param string|null                                                    $pathToLoginTemplate
-     * @param string|null                                                    $pathToAuthorizeTemplate
+     * @var \League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface
+     */
+    private $refreshTokenRepository;
+
+    /**
+     * @param \League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface     $authCodeRepository
+     * @param \League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface $refreshTokenRepository
+     * @param \League\OAuth2\Server\Repositories\UserRepositoryInterface         $userRepository
+     * @param \DateInterval                                                      $authCodeTTL
+     * @param string|null                                                        $pathToLoginTemplate
+     * @param string|null                                                        $pathToAuthorizeTemplate
     */
    public function __construct(
        AuthCodeRepositoryInterface $authCodeRepository,
+        RefreshTokenRepositoryInterface $refreshTokenRepository,
        UserRepositoryInterface $userRepository,
        \DateInterval $authCodeTTL,
        $pathToLoginTemplate = null,
        $pathToAuthorizeTemplate = null
    ) {
        $this->authCodeRepository = $authCodeRepository;
+        $this->refreshTokenRepository = $refreshTokenRepository;
        $this->userRepository = $userRepository;
        $this->authCodeTTL = $authCodeTTL;
        $this->pathToLoginTemplate = $pathToLoginTemplate;
@ -242,6 +250,7 @@ class AuthCodeGrant extends AbstractGrant
     * @param \DateInterval                                             $accessTokenTTL
     *
     * @return \League\OAuth2\Server\ResponseTypes\ResponseTypeInterface
+     * @throws \League\OAuth2\Server\Exception\OAuthServerException
     */
    protected function respondToAccessTokenRequest(
        ServerRequestInterface $request,
@ -250,37 +259,44 @@ class AuthCodeGrant extends AbstractGrant
    ) {
        // Validate request
        $client = $this->validateClient($request);
-        $scopes = $this->validateScopes($request, $client);
-        $encryptedAuthcode = $this->getRequestParameter('code', $request, null);
+        $encryptedAuthCode = $this->getRequestParameter('code', $request, null);

-        if ($encryptedAuthcode === null) {
+        if ($encryptedAuthCode === null) {
            throw OAuthServerException::invalidRequest('code');
        }

        // Validate the authorization code
        try {
-            $authCodePayload = json_decode(KeyCrypt::decrypt($encryptedAuthcode, $this->pathToPrivateKey));
+            $authCodePayload = json_decode(KeyCrypt::decrypt($encryptedAuthCode, $this->pathToPrivateKey));
            if (time() > $authCodePayload->expire_time) {
                throw OAuthServerException::invalidRequest('code', 'Authorization code has expired');
            }
+
+            if ($this->authCodeRepository->isAuthCodeRevoked($authCodePayload->auth_code_id) === true) {
+                throw OAuthServerException::invalidRequest('code', 'Authorization code has been revoked');
+            }
+
+            if ($authCodePayload->client_id !== $client->getIdentifier()) {
+                throw OAuthServerException::invalidRequest('code', 'Authorization code was not issued to this client');
+            }
        } catch (\LogicException  $e) {
            throw OAuthServerException::invalidRequest('code');
        }

-        $client = new ClientEntity();
-        $client->setIdentifier($authCodePayload->client_id);
-
-        // Issue and persist access token
+        // Issue and persist access + refresh tokens
        $accessToken = $this->issueAccessToken(
            $accessTokenTTL,
            $client,
            $authCodePayload->user_id,
            $authCodePayload->scopes
        );
+        $refreshToken = $this->issueRefreshToken($accessToken);
        $this->accessTokenRepository->persistNewAccessToken($accessToken);
+        $this->refreshTokenRepository->persistNewRefreshToken($refreshToken);

-        // Inject access token into response type
+        // Inject tokens into response type
        $responseType->setAccessToken($accessToken);
+        $responseType->setRefreshToken($refreshToken);

        return $responseType;
    }
--- a/src/Repositories/AuthCodeRepositoryInterface.php
+++ b/src/Repositories/AuthCodeRepositoryInterface.php
@ -21,11 +21,9 @@ interface AuthCodeRepositoryInterface extends RepositoryInterface
    /**
     * Persists a new auth code to permanent storage
     *
-     * @param \League\OAuth2\Server\Entities\Interfaces\AuthCodeEntityInterface $authCodeEntityInterface
-     *
-     * @return
+     * @param \League\OAuth2\Server\Entities\Interfaces\AuthCodeEntityInterface $authCodeEntity
     */
-    public function persistNewAuthCode(AuthCodeEntityInterface $authCodeEntityInterface);
+    public function persistNewAuthCode(AuthCodeEntityInterface $authCodeEntity);

    /**
     * Revoke an auth code