ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2025-01-03 18:51:53 +05:30
Code Issues Packages Projects Releases Wiki Activity

Numerous bug fixes

Browse Source
This commit is contained in:
Alex Bilbie 2016-02-12 13:32:58 +00:00
parent 9b97778618
commit 0115c41eea
4 changed files with 125 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
examples/public/auth_code.php
View File

@ -1,10 +1,10 @@
<?php <?php
use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Grant\PasswordGrant;
use League\OAuth2\Server\Server; use League\OAuth2\Server\Server;
use OAuth2ServerExamples\Repositories\AccessTokenRepository; use OAuth2ServerExamples\Repositories\AccessTokenRepository;
use OAuth2ServerExamples\Repositories\AuthCodeRepository;
use OAuth2ServerExamples\Repositories\ClientRepository; use OAuth2ServerExamples\Repositories\ClientRepository;
use OAuth2ServerExamples\Repositories\RefreshTokenRepository; use OAuth2ServerExamples\Repositories\RefreshTokenRepository;
use OAuth2ServerExamples\Repositories\ScopeRepository; use OAuth2ServerExamples\Repositories\ScopeRepository;
@ -16,42 +16,64 @@ use Slim\Http\Response;
include(__DIR__ . '/../vendor/autoload.php'); include(__DIR__ . '/../vendor/autoload.php');
// Setup the authorization server
$server = new Server('file://' . __DIR__ . '/../private.key');
// Init our repositories
$userRepository = new UserRepository();
$clientRepository = new ClientRepository();
$scopeRepository = new ScopeRepository();
$accessTokenRepository = new AccessTokenRepository();
$refreshTokenRepository = new RefreshTokenRepository();
// Enable the client credentials grant on the server
$passwordGrant = new PasswordGrant(
$userRepository,
$clientRepository,
$scopeRepository,
$accessTokenRepository,
$refreshTokenRepository
);
$server->enableGrantType($passwordGrant);
// App // App
$app = new App([Server::class => $server]); $app = new App([
Server::class => function () {
$app->any('/authorise', function (Request $request, Response $response) { // Init our repositories
if (strtoupper($request->getMethod()) === 'GET') { $clientRepository = new ClientRepository();
$response = $response->withHeader('Set-Cookie', $authCodeGrant->storeOriginalRequestParams) $scopeRepository = new ScopeRepository();
} $accessTokenRepository = new AccessTokenRepository();
$userRepository = new UserRepository();
$refreshTokenRepository = new RefreshTokenRepository();
$authCodeRepository = new AuthCodeRepository();
$privateKeyPath = 'file://' . __DIR__ . '/../private.key';
$publicKeyPath = 'file://' . __DIR__ . '/../public.key';
// Setup the authorization server
$server = new Server(
$clientRepository,
$accessTokenRepository,
$scopeRepository,
$privateKeyPath,
$publicKeyPath
);
// Enable the password grant on the server with a token TTL of 1 hour
$server->enableGrantType(
new \League\OAuth2\Server\Grant\AuthCodeGrant(
$authCodeRepository,
$refreshTokenRepository,
$userRepository,
new \DateInterval('PT10M')
),
new \DateInterval('PT1H')
);
return $server;
},
]);
$app->any('/authorize', function (Request $request, Response $response) {
/** @var Server $server */
$server = $this->get(Server::class);
try {
return $server->respondToRequest($request, $response);
} catch (OAuthServerException $e) {
return $e->generateHttpResponse($response);
} catch (\Exception $e) {
return $response->withStatus(500)->write($e->getMessage());
}
}); });
$app->post('/access_token', function (Request $request, Response $response) { $app->post('/access_token', function (Request $request, Response $response) {
/** @var Server $server */ /** @var Server $server */
$server = $this->get(Server::class); $server = $this->get(Server::class);
try { try {
return $server->respondToRequest($request); return $server->respondToRequest($request, $response);
} catch (OAuthServerException $e) { } catch (OAuthServerException $e) {
return $e->generateHttpResponse(); return $e->generateHttpResponse($response);
} catch (\Exception $e) { } catch (\Exception $e) {
return $response->withStatus(500)->write($e->getMessage()); return $response->withStatus(500)->write($e->getMessage());
} }

42
examples/src/Repositories/AuthCodeRepository.php Normal file
View File

@ -0,0 +1,42 @@
<?php
namespace OAuth2ServerExamples\Repositories;
use League\OAuth2\Server\Entities\Interfaces\AuthCodeEntityInterface;
use League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface;
class AuthCodeRepository implements AuthCodeRepositoryInterface
{
/**
* Persists a new auth code to permanent storage
*
* @param \League\OAuth2\Server\Entities\Interfaces\AuthCodeEntityInterface $authCodeEntity
*/
public function persistNewAuthCode(AuthCodeEntityInterface $authCodeEntity)
{
// TODO: Implement persistNewAuthCode() method.
}
/**
* Revoke an auth code
*
* @param string $codeId
*/
public function revokeAuthCode($codeId)
{
// TODO: Implement revokeAuthCode() method.
}
/**
* Check if the auth code has been revoked
*
* @param string $codeId
*
* @return bool Return true if this code has been revoked
*/
public function isAuthCodeRevoked($codeId)
{
// TODO: Implement isAuthCodeRevoked() method.
}
}

46
src/Grant/AuthCodeGrant.php
View File

@ -3,10 +3,10 @@
namespace League\OAuth2\Server\Grant; namespace League\OAuth2\Server\Grant;
use DateInterval; use DateInterval;
use League\OAuth2\Server\Entities\ClientEntity;
use League\OAuth2\Server\Entities\Interfaces\UserEntityInterface; use League\OAuth2\Server\Entities\Interfaces\UserEntityInterface;
use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface; use League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface;
use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
use League\OAuth2\Server\Repositories\UserRepositoryInterface; use League\OAuth2\Server\Repositories\UserRepositoryInterface;
use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface; use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
use League\OAuth2\Server\Utils\KeyCrypt; use League\OAuth2\Server\Utils\KeyCrypt;
@ -42,20 +42,28 @@ class AuthCodeGrant extends AbstractGrant
private $pathToAuthorizeTemplate; private $pathToAuthorizeTemplate;
/** /**
* @param \League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface $authCodeRepository * @var \League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface
* @param \League\OAuth2\Server\Repositories\UserRepositoryInterface $userRepository */
* @param \DateInterval $authCodeTTL private $refreshTokenRepository;
* @param string|null $pathToLoginTemplate
* @param string|null $pathToAuthorizeTemplate /**
* @param \League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface $authCodeRepository
* @param \League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface $refreshTokenRepository
* @param \League\OAuth2\Server\Repositories\UserRepositoryInterface $userRepository
* @param \DateInterval $authCodeTTL
* @param string|null $pathToLoginTemplate
* @param string|null $pathToAuthorizeTemplate
*/ */
public function __construct( public function __construct(
AuthCodeRepositoryInterface $authCodeRepository, AuthCodeRepositoryInterface $authCodeRepository,
RefreshTokenRepositoryInterface $refreshTokenRepository,
UserRepositoryInterface $userRepository, UserRepositoryInterface $userRepository,
\DateInterval $authCodeTTL, \DateInterval $authCodeTTL,
$pathToLoginTemplate = null, $pathToLoginTemplate = null,
$pathToAuthorizeTemplate = null $pathToAuthorizeTemplate = null
) { ) {
$this->authCodeRepository = $authCodeRepository; $this->authCodeRepository = $authCodeRepository;
$this->refreshTokenRepository = $refreshTokenRepository;
$this->userRepository = $userRepository; $this->userRepository = $userRepository;
$this->authCodeTTL = $authCodeTTL; $this->authCodeTTL = $authCodeTTL;
$this->pathToLoginTemplate = $pathToLoginTemplate; $this->pathToLoginTemplate = $pathToLoginTemplate;
@ -242,6 +250,7 @@ class AuthCodeGrant extends AbstractGrant
* @param \DateInterval $accessTokenTTL * @param \DateInterval $accessTokenTTL
* *
* @return \League\OAuth2\Server\ResponseTypes\ResponseTypeInterface * @return \League\OAuth2\Server\ResponseTypes\ResponseTypeInterface
* @throws \League\OAuth2\Server\Exception\OAuthServerException
*/ */
protected function respondToAccessTokenRequest( protected function respondToAccessTokenRequest(
ServerRequestInterface $request, ServerRequestInterface $request,
@ -250,37 +259,44 @@ class AuthCodeGrant extends AbstractGrant
) { ) {
// Validate request // Validate request
$client = $this->validateClient($request); $client = $this->validateClient($request);
$scopes = $this->validateScopes($request, $client); $encryptedAuthCode = $this->getRequestParameter('code', $request, null);
$encryptedAuthcode = $this->getRequestParameter('code', $request, null);
if ($encryptedAuthcode === null) { if ($encryptedAuthCode === null) {
throw OAuthServerException::invalidRequest('code'); throw OAuthServerException::invalidRequest('code');
} }
// Validate the authorization code // Validate the authorization code
try { try {
$authCodePayload = json_decode(KeyCrypt::decrypt($encryptedAuthcode, $this->pathToPrivateKey)); $authCodePayload = json_decode(KeyCrypt::decrypt($encryptedAuthCode, $this->pathToPrivateKey));
if (time() > $authCodePayload->expire_time) { if (time() > $authCodePayload->expire_time) {
throw OAuthServerException::invalidRequest('code', 'Authorization code has expired'); throw OAuthServerException::invalidRequest('code', 'Authorization code has expired');
} }
if ($this->authCodeRepository->isAuthCodeRevoked($authCodePayload->auth_code_id) === true) {
throw OAuthServerException::invalidRequest('code', 'Authorization code has been revoked');
}
if ($authCodePayload->client_id !== $client->getIdentifier()) {
throw OAuthServerException::invalidRequest('code', 'Authorization code was not issued to this client');
}
} catch (\LogicException $e) { } catch (\LogicException $e) {
throw OAuthServerException::invalidRequest('code'); throw OAuthServerException::invalidRequest('code');
} }
$client = new ClientEntity(); // Issue and persist access + refresh tokens
$client->setIdentifier($authCodePayload->client_id);
// Issue and persist access token
$accessToken = $this->issueAccessToken( $accessToken = $this->issueAccessToken(
$accessTokenTTL, $accessTokenTTL,
$client, $client,
$authCodePayload->user_id, $authCodePayload->user_id,
$authCodePayload->scopes $authCodePayload->scopes
); );
$refreshToken = $this->issueRefreshToken($accessToken);
$this->accessTokenRepository->persistNewAccessToken($accessToken); $this->accessTokenRepository->persistNewAccessToken($accessToken);
$this->refreshTokenRepository->persistNewRefreshToken($refreshToken);
// Inject access token into response type // Inject tokens into response type
$responseType->setAccessToken($accessToken); $responseType->setAccessToken($accessToken);
$responseType->setRefreshToken($refreshToken);
return $responseType; return $responseType;
} }

6
src/Repositories/AuthCodeRepositoryInterface.php
View File

@ -21,11 +21,9 @@ interface AuthCodeRepositoryInterface extends RepositoryInterface
/** /**
* Persists a new auth code to permanent storage * Persists a new auth code to permanent storage
* *
* @param \League\OAuth2\Server\Entities\Interfaces\AuthCodeEntityInterface $authCodeEntityInterface * @param \League\OAuth2\Server\Entities\Interfaces\AuthCodeEntityInterface $authCodeEntity
*
* @return
*/ */
public function persistNewAuthCode(AuthCodeEntityInterface $authCodeEntityInterface); public function persistNewAuthCode(AuthCodeEntityInterface $authCodeEntity);
/** /**
* Revoke an auth code * Revoke an auth code