ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2025-05-31 14:12:07 +05:30
Code Issues Packages Projects Releases Wiki Activity

Removed static functions, inject authserver instance into grants

Browse Source
This commit is contained in:
Alex Bilbie
2013-03-06 16:59:18 +00:00
parent 6a8f8bf7b7
commit 07c07ccb5e
10 changed files with 218 additions and 146 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
src/OAuth2/AuthServer.php
View File

@@ -37,7 +37,7 @@ class AuthServer
* The TTL (time to live) of an access token in seconds (default: 3600)
* @var integer
*/
static protected $expiresIn = 3600;
protected $expiresIn = 3600;
/**
* The registered grant response types
@@ -49,13 +49,13 @@ class AuthServer
* The client, scope and session storage classes
* @var array
*/
static protected $storages = array();
protected $storages = array();
/**
* The registered grant types
* @var array
*/
static protected $grantTypes = array();
protected $grantTypes = array();
/**
* Require the "scope" parameter to be in checkAuthoriseParams()
@@ -73,7 +73,7 @@ class AuthServer
* The request object
* @var Util\RequestInterface
*/
static protected $request = null;
protected $request = null;
/**
* Exception error codes
@@ -96,7 +96,7 @@ class AuthServer
* Exception error messages
* @var array
*/
static protected $exceptionMessages = array(
protected static $exceptionMessages = array(
'invalid_request' => 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the "%s" parameter.',
'unauthorized_client' => 'The client is not authorized to request an access token using this method.',
'access_denied' => 'The resource owner or authorization server denied the request.',
@@ -142,7 +142,7 @@ class AuthServer
*/
public function __construct(ClientInterface $client, SessionInterface $session, ScopeInterface $scope)
{
self::$storages = array(
$this->storages = array(
'client' => $client,
'session' => $session,
'scope' => $scope
@@ -159,7 +159,7 @@ class AuthServer
if (is_null($identifier)) {
$identifier = $grantType->getIdentifier();
}
self::$grantTypes[$identifier] = $grantType;
$this->grantTypes[$identifier] = $grantType;
if ( ! is_null($grantType->getResponseType())) {
$this->responseTypes[] = $grantType->getResponseType();
@@ -171,9 +171,9 @@ class AuthServer
* @param string $identifier The grant type identifier
* @return boolean Returns "true" if enabled, "false" if not
*/
public static function hasGrantType($identifier)
public function hasGrantType($identifier)
{
return (array_key_exists($identifier, self::$grantTypes));
return (array_key_exists($identifier, $this->grantTypes));
}
/**
@@ -220,9 +220,9 @@ class AuthServer
* Get the TTL for an access token
* @return int The TTL
*/
public static function getExpiresIn()
public function getExpiresIn()
{
return self::$expiresIn;
return $this->expiresIn;
}
/**
@@ -231,7 +231,7 @@ class AuthServer
*/
public function setExpiresIn($expiresIn)
{
self::$expiresIn = $expiresIn;
$this->expiresIn = $expiresIn;
}
/**
@@ -241,7 +241,7 @@ class AuthServer
*/
public function setRequest(Util\RequestInterface $request)
{
self::$request = $request;
$this->request = $request;
}
/**
@@ -249,16 +249,16 @@ class AuthServer
*
* @return Util\RequestInterface
*/
public static function getRequest()
public function getRequest()
{
if (self::$request === null) {
if ($this->request === null) {
// @codeCoverageIgnoreStart
self::$request = Request::buildFromGlobals();
$this->request = Request::buildFromGlobals();
}
// @codeCoverageIgnoreEnd
return self::$request;
return $this->request;
}
/**
@@ -266,9 +266,9 @@ class AuthServer
* @param string $obj The class required
* @return Storage\ClientInterface|Storage\ScopeInterface|Storage\SessionInterface
*/
public static function getStorage($obj)
public function getStorage($obj)
{
return self::$storages[$obj];
return $this->storages[$obj];
}
/**
@@ -281,7 +281,7 @@ class AuthServer
public function checkAuthoriseParams($inputParams = array())
{
// Auth params
$authParams = self::getParam(array('client_id', 'redirect_uri', 'response_type', 'scope', 'state'), 'get', $inputParams);
$authParams = $this->getParam(array('client_id', 'redirect_uri', 'response_type', 'scope', 'state'), 'get', $inputParams);
if (is_null($authParams['client_id'])) {
throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'client_id'), 0);
@@ -383,7 +383,7 @@ class AuthServer
}
// Ensure grant type is one that is recognised and is enabled
if ( ! in_array($grantType, array_keys(self::$grantTypes))) {
if ( ! in_array($grantType, array_keys($this->grantTypes))) {
throw new Exception\ClientException(sprintf(self::$exceptionMessages['unsupported_grant_type'], $grantType), 7);
}
@@ -398,7 +398,7 @@ class AuthServer
*/
protected function getGrantType($grantType)
{
return self::$grantTypes[$grantType];
return $this->grantTypes[$grantType];
}
/**
@@ -408,14 +408,14 @@ class AuthServer
* @param array $inputParams Passed input parameters
* @return mixed 'Null' if parameter is missing
*/
public static function getParam($param = '', $method = 'get', $inputParams = array())
public function getParam($param = '', $method = 'get', $inputParams = array())
{
if (is_string($param)) {
return (isset($inputParams[$param])) ? $inputParams[$param] : self::getRequest()->{$method}($param);
} else {
$response = array();
foreach ($param as $p) {
$response[$p] = self::getParam($p, $method, $inputParams);
$response[$p] = $this->getParam($p, $method, $inputParams);
}
return $response;
}

44
src/OAuth2/Grant/AuthCode.php
View File

@@ -36,6 +36,22 @@ class AuthCode implements GrantTypeInterface {
*/
protected $responseType = 'code';
/**
* AuthServer instance
* @var AuthServer
*/
protected $authServer = null;
/**
* Constructor
* @param AuthServer $authServer AuthServer instance
* @return void
*/
public function __construct(AuthServer $authServer)
{
$this->authServer = $authServer;
}
/**
* Return the identifier
* @return string
@@ -62,51 +78,51 @@ class AuthCode implements GrantTypeInterface {
public function completeFlow($inputParams = null)
{
// Get the required params
$authParams = AuthServer::getParam(array('client_id', 'client_secret', 'redirect_uri', 'code'), 'post', $inputParams);
$authParams = $this->authServer->getParam(array('client_id', 'client_secret', 'redirect_uri', 'code'), 'post', $inputParams);
if (is_null($authParams['client_id'])) {
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_id'), 0);
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_id'), 0);
}
if (is_null($authParams['client_secret'])) {
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_secret'), 0);
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_secret'), 0);
}
if (is_null($authParams['redirect_uri'])) {
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'redirect_uri'), 0);
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'redirect_uri'), 0);
}
// Validate client ID and redirect URI
$clientDetails = AuthServer::getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret'], $authParams['redirect_uri']);
$clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret'], $authParams['redirect_uri']);
if ($clientDetails === false) {
throw new Exception\ClientException(AuthServer::getExceptionMessage('invalid_client'), 8);
throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_client'), 8);
}
$authParams['client_details'] = $clientDetails;
// Validate the authorization code
if (is_null($authParams['code'])) {
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'code'), 0);
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'code'), 0);
}
// Verify the authorization code matches the client_id and the request_uri
$session = AuthServer::getStorage('session')->validateAuthCode($authParams['client_id'], $authParams['redirect_uri'], $authParams['code']);
$session = $this->authServer->getStorage('session')->validateAuthCode($authParams['client_id'], $authParams['redirect_uri'], $authParams['code']);
if ( ! $session) {
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_grant'), 'code'), 9);
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_grant'), 'code'), 9);
}
// A session ID was returned so update it with an access token,
// remove the authorisation code, change the stage to 'granted'
$accessToken = SecureKey::make();
$refreshToken = (AuthServer::hasGrantType('refresh_token')) ? SecureKey::make() : null;
$refreshToken = ($this->authServer->hasGrantType('refresh_token')) ? SecureKey::make() : null;
$accessTokenExpires = time() + AuthServer::getExpiresIn();
$accessTokenExpiresIn = AuthServer::getExpiresIn();
$accessTokenExpires = time() + $this->authServer->getExpiresIn();
$accessTokenExpiresIn = $this->authServer->getExpiresIn();
AuthServer::getStorage('session')->updateSession(
$this->authServer->getStorage('session')->updateSession(
$session['id'],
null,
$accessToken,
@@ -122,7 +138,7 @@ class AuthCode implements GrantTypeInterface {
'expires_in' => $accessTokenExpiresIn
);
if (AuthServer::hasGrantType('refresh_token')) {
if ($this->authServer->hasGrantType('refresh_token')) {
$response['refresh_token'] = $refreshToken;
}

32
src/OAuth2/Grant/ClientCredentials.php
View File

@@ -36,6 +36,22 @@ class ClientCredentials implements GrantTypeInterface {
*/
protected $responseType = null;
/**
* AuthServer instance
* @var AuthServer
*/
protected $authServer = null;
/**
* Constructor
* @param AuthServer $authServer AuthServer instance
* @return void
*/
public function __construct(AuthServer $authServer)
{
$this->authServer = $authServer;
}
/**
* Return the identifier
* @return string
@@ -62,7 +78,7 @@ class ClientCredentials implements GrantTypeInterface {
public function completeFlow($inputParams = null)
{
// Get the required params
$authParams = AuthServer::getParam(array('client_id', 'client_secret'), 'post', $inputParams);
$authParams = $this->authServer->getParam(array('client_id', 'client_secret', 'scope'), 'post', $inputParams);
if (is_null($authParams['client_id'])) {
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_id'), 0);
@@ -73,7 +89,7 @@ class ClientCredentials implements GrantTypeInterface {
}
// Validate client ID and client secret
$clientDetails = AuthServer::getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret']);
$clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret']);
if ($clientDetails === false) {
throw new Exception\ClientException(AuthServer::getExceptionMessage('invalid_client'), 8);
@@ -83,16 +99,16 @@ class ClientCredentials implements GrantTypeInterface {
// Generate an access token
$accessToken = SecureKey::make();
$refreshToken = (AuthServer::hasGrantType('refresh_token')) ? SecureKey::make() : null;
$refreshToken = ($this->authServer->hasGrantType('refresh_token')) ? SecureKey::make() : null;
$accessTokenExpires = time() + AuthServer::getExpiresIn();
$accessTokenExpiresIn = AuthServer::getExpiresIn();
$accessTokenExpires = time() + $this->authServer->getExpiresIn();
$accessTokenExpiresIn = $this->authServer->getExpiresIn();
// Delete any existing sessions just to be sure
AuthServer::getStorage('session')->deleteSession($authParams['client_id'], 'client', $authParams['client_id']);
$this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'client', $authParams['client_id']);
// Create a new session
AuthServer::getStorage('session')->createSession(
$this->authServer->getStorage('session')->createSession(
$authParams['client_id'],
null,
'client',
@@ -111,7 +127,7 @@ class ClientCredentials implements GrantTypeInterface {
'expires_in' => $accessTokenExpiresIn
);
if (AuthServer::hasGrantType('refresh_token')) {
if ($this->authServer->hasGrantType('refresh_token')) {
$response['refresh_token'] = $refreshToken;
}

15
src/OAuth2/Grant/GrantTypeInterface.php
View File

@@ -21,10 +21,17 @@ use OAuth2\Storage\ScopeInterface;
interface GrantTypeInterface
{
/**
* Returns the grant identifier (used to validate grant_type in OAuth2\AuthServer\issueAccessToken())
* @return string
*/
/**
* Constructor
* @param AuthServer $authServer AuthServer instance
* @return void
*/
public function __construct(AuthServer $authServer);
/**
* Returns the grant identifier (used to validate grant_type in OAuth2\AuthServer\issueAccessToken())
* @return string
*/
public function getIdentifier();
/**

44
src/OAuth2/Grant/Password.php
View File

@@ -42,6 +42,22 @@ class Password implements GrantTypeInterface {
*/
protected $callback = null;
/**
* AuthServer instance
* @var AuthServer
*/
protected $authServer = null;
/**
* Constructor
* @param AuthServer $authServer AuthServer instance
* @return void
*/
public function __construct(AuthServer $authServer)
{
$this->authServer = $authServer;
}
/**
* Return the identifier
* @return string
@@ -90,52 +106,52 @@ class Password implements GrantTypeInterface {
public function completeFlow($inputParams = null)
{
// Get the required params
$authParams = AuthServer::getParam(array('client_id', 'client_secret', 'username', 'password'), 'post', $inputParams);
$authParams = $this->authServer->getParam(array('client_id', 'client_secret', 'username', 'password'), 'post', $inputParams);
if (is_null($authParams['client_id'])) {
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_id'), 0);
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_id'), 0);
}
if (is_null($authParams['client_secret'])) {
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_secret'), 0);
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_secret'), 0);
}
// Validate client ID and redirect URI
$clientDetails = AuthServer::getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret']);
$clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret']);
if ($clientDetails === false) {
throw new Exception\ClientException(AuthServer::getExceptionMessage('invalid_client'), 8);
throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_client'), 8);
}
$authParams['client_details'] = $clientDetails;
if (is_null($authParams['username'])) {
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'username'), 0);
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'username'), 0);
}
if (is_null($authParams['password'])) {
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'password'), 0);
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'password'), 0);
}
// Check if user's username and password are correct
$userId = call_user_func($this->getVerifyCredentialsCallback(), $authParams['username'], $authParams['password']);
if ($userId === false) {
throw new Exception\ClientException(AuthServer::getExceptionMessage('invalid_credentials'), 0);
throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_credentials'), 0);
}
// Generate an access token
$accessToken = SecureKey::make();
$refreshToken = (AuthServer::hasGrantType('refresh_token')) ? SecureKey::make() : null;
$refreshToken = ($this->authServer->hasGrantType('refresh_token')) ? SecureKey::make() : null;
$accessTokenExpires = time() + AuthServer::getExpiresIn();
$accessTokenExpiresIn = AuthServer::getExpiresIn();
$accessTokenExpires = time() + $this->authServer->getExpiresIn();
$accessTokenExpiresIn = $this->authServer->getExpiresIn();
// Delete any existing sessions just to be sure
AuthServer::getStorage('session')->deleteSession($authParams['client_id'], 'user', $userId);
$this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'user', $userId);
// Create a new session
AuthServer::getStorage('session')->createSession(
$this->authServer->getStorage('session')->createSession(
$authParams['client_id'],
null,
'user',
@@ -154,7 +170,7 @@ class Password implements GrantTypeInterface {
'expires_in' => $accessTokenExpiresIn
);
if (AuthServer::hasGrantType('refresh_token')) {
if ($this->authServer->hasGrantType('refresh_token')) {
$response['refresh_token'] = $refreshToken;
}

40
src/OAuth2/Grant/RefreshToken.php
View File

@@ -36,6 +36,22 @@ class RefreshToken implements GrantTypeInterface {
*/
protected $responseType = null;
/**
* AuthServer instance
* @var AuthServer
*/
protected $authServer = null;
/**
* Constructor
* @param AuthServer $authServer AuthServer instance
* @return void
*/
public function __construct(AuthServer $authServer)
{
$this->authServer = $authServer;
}
/**
* Return the identifier
* @return string
@@ -62,47 +78,47 @@ class RefreshToken implements GrantTypeInterface {
public function completeFlow($inputParams = null)
{
// Get the required params
$authParams = AuthServer::getParam(array('client_id', 'client_secret', 'refresh_token'), 'post', $inputParams);
$authParams = $this->authServer->getParam(array('client_id', 'client_secret', 'refresh_token'), 'post', $inputParams);
if (is_null($authParams['client_id'])) {
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_id'), 0);
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_id'), 0);
}
if (is_null($authParams['client_secret'])) {
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_secret'), 0);
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_secret'), 0);
}
// Validate client ID and client secret
$clientDetails = AuthServer::getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret']);
$clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret']);
if ($clientDetails === false) {
throw new Exception\ClientException(AuthServer::getExceptionMessage('invalid_client'), 8);
throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_client'), 8);
}
$authParams['client_details'] = $clientDetails;
if (is_null($authParams['refresh_token'])) {
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'refresh_token'), 0);
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'refresh_token'), 0);
}
// Validate refresh token
$sessionId = AuthServer::getStorage('client')->validateRefreshToken(
$sessionId = $this->authServer->getStorage('client')->validateRefreshToken(
$authParams['refresh_token'],
$authParams['client_id']
);
if ($sessionId === false) {
throw new Exception\ClientException(AuthServer::getExceptionMessage('invalid_refresh'), 0);
throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_refresh'), 0);
}
// Generate new tokens
$accessToken = SecureKey::make();
$refreshToken = (AuthServer::hasGrantType('refresh_token')) ? SecureKey::make() : null;
$refreshToken = ($this->authServer->hasGrantType('refresh_token')) ? SecureKey::make() : null;
$accessTokenExpires = time() + AuthServer::getExpiresIn();
$accessTokenExpiresIn = AuthServer::getExpiresIn();
$accessTokenExpires = time() + $this->authServer->getExpiresIn();
$accessTokenExpiresIn = $this->authServer->getExpiresIn();
AuthServer::getStorage('session')->updateRefreshToken($sessionId, $accessToken, $refreshToken, $accessTokenExpires);
$this->authServer->getStorage('session')->updateRefreshToken($sessionId, $accessToken, $refreshToken, $accessTokenExpires);
return array(
'access_token' => $accessToken,