mirror of
https://github.com/elyby/oauth2-server.git
synced 2025-01-09 05:23:53 +05:30
Removed lots of unnecessary if/else blocks.
Removed null value of expires/expiresIn parameter
This commit is contained in:
Alex Bilbie
parent
f2dc89cdf3
commit
0f30b2a803
@ -130,30 +130,22 @@ class Server
|
|||||||
|
|
||||||
// Client ID
|
// Client ID
|
||||||
if ( ! isset($authParams['client_id']) && ! isset($_GET['client_id'])) {
|
if ( ! isset($authParams['client_id']) && ! isset($_GET['client_id'])) {
|
||||||
|
|
||||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0);
|
throw new ClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0);
|
||||||
|
}
|
||||||
} else {
|
|
||||||
|
|
||||||
$params['client_id'] = (isset($authParams['client_id'])) ?
|
$params['client_id'] = (isset($authParams['client_id'])) ?
|
||||||
$authParams['client_id'] :
|
$authParams['client_id'] :
|
||||||
$_GET['client_id'];
|
$_GET['client_id'];
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
// Redirect URI
|
// Redirect URI
|
||||||
if ( ! isset($authParams['redirect_uri']) && ! isset($_GET['redirect_uri'])) {
|
if ( ! isset($authParams['redirect_uri']) && ! isset($_GET['redirect_uri'])) {
|
||||||
|
|
||||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'redirect_uri'), 0);
|
throw new ClientException(sprintf($this->errors['invalid_request'], 'redirect_uri'), 0);
|
||||||
|
}
|
||||||
} else {
|
|
||||||
|
|
||||||
$params['redirect_uri'] = (isset($authParams['redirect_uri'])) ?
|
$params['redirect_uri'] = (isset($authParams['redirect_uri'])) ?
|
||||||
$authParams['redirect_uri'] :
|
$authParams['redirect_uri'] :
|
||||||
$_GET['redirect_uri'];
|
$_GET['redirect_uri'];
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
// Validate client ID and redirect URI
|
// Validate client ID and redirect URI
|
||||||
$clientDetails = $this->_dbCall(
|
$clientDetails = $this->_dbCall(
|
||||||
'validateClient',
|
'validateClient',
|
||||||
@ -163,7 +155,6 @@ class Server
|
|||||||
);
|
);
|
||||||
|
|
||||||
if ($clientDetails === false) {
|
if ($clientDetails === false) {
|
||||||
|
|
||||||
throw new ClientException($this->errors['invalid_client'], 8);
|
throw new ClientException($this->errors['invalid_client'], 8);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -171,10 +162,8 @@ class Server
|
|||||||
|
|
||||||
// Response type
|
// Response type
|
||||||
if ( ! isset($authParams['response_type']) && ! isset($_GET['response_type'])) {
|
if ( ! isset($authParams['response_type']) && ! isset($_GET['response_type'])) {
|
||||||
|
|
||||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'response_type'), 0);
|
throw new ClientException(sprintf($this->errors['invalid_request'], 'response_type'), 0);
|
||||||
|
}
|
||||||
} else {
|
|
||||||
|
|
||||||
$params['response_type'] = (isset($authParams['response_type'])) ?
|
$params['response_type'] = (isset($authParams['response_type'])) ?
|
||||||
$authParams['response_type'] :
|
$authParams['response_type'] :
|
||||||
@ -182,10 +171,7 @@ class Server
|
|||||||
|
|
||||||
// Ensure response type is one that is recognised
|
// Ensure response type is one that is recognised
|
||||||
if ( ! in_array($params['response_type'], $this->_responseTypes)) {
|
if ( ! in_array($params['response_type'], $this->_responseTypes)) {
|
||||||
|
|
||||||
throw new ClientException($this->errors['unsupported_response_type'], 3);
|
throw new ClientException($this->errors['unsupported_response_type'], 3);
|
||||||
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get and validate scopes
|
// Get and validate scopes
|
||||||
@ -208,7 +194,6 @@ class Server
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (count($scopes) === 0) {
|
if (count($scopes) === 0) {
|
||||||
|
|
||||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'scope'), 0);
|
throw new ClientException(sprintf($this->errors['invalid_request'], 'scope'), 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -222,9 +207,7 @@ class Server
|
|||||||
);
|
);
|
||||||
|
|
||||||
if ($scopeDetails === false) {
|
if ($scopeDetails === false) {
|
||||||
|
|
||||||
throw new ClientException(sprintf($this->errors['invalid_scope'], $scope), 4);
|
throw new ClientException(sprintf($this->errors['invalid_scope'], $scope), 4);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$params['scopes'][] = $scopeDetails;
|
$params['scopes'][] = $scopeDetails;
|
||||||
@ -355,10 +338,8 @@ class Server
|
|||||||
$params = array();
|
$params = array();
|
||||||
|
|
||||||
if ( ! isset($authParams['grant_type']) && ! isset($_POST['grant_type'])) {
|
if ( ! isset($authParams['grant_type']) && ! isset($_POST['grant_type'])) {
|
||||||
|
|
||||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'grant_type'), 0);
|
throw new ClientException(sprintf($this->errors['invalid_request'], 'grant_type'), 0);
|
||||||
|
}
|
||||||
} else {
|
|
||||||
|
|
||||||
$params['grant_type'] = (isset($authParams['grant_type'])) ?
|
$params['grant_type'] = (isset($authParams['grant_type'])) ?
|
||||||
$authParams['grant_type'] :
|
$authParams['grant_type'] :
|
||||||
@ -366,10 +347,7 @@ class Server
|
|||||||
|
|
||||||
// Ensure grant type is one that is recognised
|
// Ensure grant type is one that is recognised
|
||||||
if ( ! in_array($params['grant_type'], $this->_grantTypes)) {
|
if ( ! in_array($params['grant_type'], $this->_grantTypes)) {
|
||||||
|
|
||||||
throw new ClientException($this->errors['unsupported_grant_type'], 7);
|
throw new ClientException($this->errors['unsupported_grant_type'], 7);
|
||||||
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
switch ($params['grant_type'])
|
switch ($params['grant_type'])
|
||||||
@ -410,43 +388,31 @@ class Server
|
|||||||
{
|
{
|
||||||
// Client ID
|
// Client ID
|
||||||
if ( ! isset($authParams['client_id']) && ! isset($_POST['client_id'])) {
|
if ( ! isset($authParams['client_id']) && ! isset($_POST['client_id'])) {
|
||||||
|
|
||||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0);
|
throw new ClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0);
|
||||||
|
}
|
||||||
} else {
|
|
||||||
|
|
||||||
$params['client_id'] = (isset($authParams['client_id'])) ?
|
$params['client_id'] = (isset($authParams['client_id'])) ?
|
||||||
$authParams['client_id'] :
|
$authParams['client_id'] :
|
||||||
$_POST['client_id'];
|
$_POST['client_id'];
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
// Client secret
|
// Client secret
|
||||||
if ( ! isset($authParams['client_secret']) && ! isset($_POST['client_secret'])) {
|
if ( ! isset($authParams['client_secret']) && ! isset($_POST['client_secret'])) {
|
||||||
|
|
||||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'client_secret'), 0);
|
throw new ClientException(sprintf($this->errors['invalid_request'], 'client_secret'), 0);
|
||||||
|
}
|
||||||
} else {
|
|
||||||
|
|
||||||
$params['client_secret'] = (isset($authParams['client_secret'])) ?
|
$params['client_secret'] = (isset($authParams['client_secret'])) ?
|
||||||
$authParams['client_secret'] :
|
$authParams['client_secret'] :
|
||||||
$_POST['client_secret'];
|
$_POST['client_secret'];
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
// Redirect URI
|
// Redirect URI
|
||||||
if ( ! isset($authParams['redirect_uri']) && ! isset($_POST['redirect_uri'])) {
|
if ( ! isset($authParams['redirect_uri']) && ! isset($_POST['redirect_uri'])) {
|
||||||
|
|
||||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'redirect_uri'), 0);
|
throw new ClientException(sprintf($this->errors['invalid_request'], 'redirect_uri'), 0);
|
||||||
|
}
|
||||||
} else {
|
|
||||||
|
|
||||||
$params['redirect_uri'] = (isset($authParams['redirect_uri'])) ?
|
$params['redirect_uri'] = (isset($authParams['redirect_uri'])) ?
|
||||||
$authParams['redirect_uri'] :
|
$authParams['redirect_uri'] :
|
||||||
$_POST['redirect_uri'];
|
$_POST['redirect_uri'];
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
// Validate client ID and redirect URI
|
// Validate client ID and redirect URI
|
||||||
$clientDetails = $this->_dbCall(
|
$clientDetails = $this->_dbCall(
|
||||||
'validateClient',
|
'validateClient',
|
||||||
@ -456,25 +422,19 @@ class Server
|
|||||||
);
|
);
|
||||||
|
|
||||||
if ($clientDetails === false) {
|
if ($clientDetails === false) {
|
||||||
|
|
||||||
throw new ClientException($this->errors['invalid_client'], 8);
|
throw new ClientException($this->errors['invalid_client'], 8);
|
||||||
}
|
}
|
||||||
|
|
||||||
// The authorization code
|
// The authorization code
|
||||||
if ( ! isset($authParams['code']) && ! isset($_POST['code'])) {
|
if ( ! isset($authParams['code']) && ! isset($_POST['code'])) {
|
||||||
|
|
||||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'code'), 0);
|
throw new ClientException(sprintf($this->errors['invalid_request'], 'code'), 0);
|
||||||
|
}
|
||||||
} else {
|
|
||||||
|
|
||||||
$params['code'] = (isset($authParams['code'])) ?
|
$params['code'] = (isset($authParams['code'])) ?
|
||||||
$authParams['code'] :
|
$authParams['code'] :
|
||||||
$_POST['code'];
|
$_POST['code'];
|
||||||
|
|
||||||
}
|
// Verify the authorization code matches the client_id and the request_uri
|
||||||
|
|
||||||
// Verify the authorization code matches the client_id and the
|
|
||||||
// request_uri
|
|
||||||
$session = $this->_dbCall(
|
$session = $this->_dbCall(
|
||||||
'validateAuthCode',
|
'validateAuthCode',
|
||||||
$params['client_id'],
|
$params['client_id'],
|
||||||
@ -483,10 +443,8 @@ class Server
|
|||||||
);
|
);
|
||||||
|
|
||||||
if ( ! $session) {
|
if ( ! $session) {
|
||||||
|
|
||||||
throw new ClientException(sprintf($this->errors['invalid_grant'], 'code'), 9);
|
throw new ClientException(sprintf($this->errors['invalid_grant'], 'code'), 9);
|
||||||
|
}
|
||||||
} else {
|
|
||||||
|
|
||||||
// A session ID was returned so update it with an access token,
|
// A session ID was returned so update it with an access token,
|
||||||
// remove the authorisation code, change the stage to 'granted'
|
// remove the authorisation code, change the stage to 'granted'
|
||||||
@ -494,10 +452,8 @@ class Server
|
|||||||
$accessToken = $this->generateCode();
|
$accessToken = $this->generateCode();
|
||||||
$refreshToken = $this->generateCode();
|
$refreshToken = $this->generateCode();
|
||||||
|
|
||||||
$accessTokenExpires = ($this->_config['access_token_ttl'] === null) ?
|
$accessTokenExpires = time() + $this->_config['access_token_ttl'];
|
||||||
null :
|
$accessTokenExpiresIn = $this->_config['access_token_ttl'];
|
||||||
time() + $this->_config['access_token_ttl'];
|
|
||||||
$accessTokenExpiresIn = ($this->_config['access_token_ttl'] === null) ? 0 : $this->_config['access_token_ttl'];
|
|
||||||
|
|
||||||
$this->_dbCall(
|
$this->_dbCall(
|
||||||
'updateSession',
|
'updateSession',
|
||||||
@ -525,16 +481,13 @@ class Server
|
|||||||
'expires_in' => $accessTokenExpiresIn
|
'expires_in' => $accessTokenExpiresIn
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Complete the user credentials grant
|
* Complete the user credentials grant
|
||||||
*
|
*
|
||||||
* @access private
|
* @access private
|
||||||
*
|
|
||||||
* @param array $authParams Array of parsed $_POST keys
|
* @param array $authParams Array of parsed $_POST keys
|
||||||
* @param array $params Generated parameters from issueAccessToken()
|
* @param array $params Generated parameters from issueAccessToken()
|
||||||
*
|
|
||||||
* @return array Authorise request parameters
|
* @return array Authorise request parameters
|
||||||
*/
|
*/
|
||||||
private function completeUserCredentialsGrant($authParams = array(), $params = array())
|
private function completeUserCredentialsGrant($authParams = array(), $params = array())
|
||||||
@ -548,20 +501,19 @@ class Server
|
|||||||
// Client ID
|
// Client ID
|
||||||
if ( ! isset($authParams['client_id']) && ! isset($_POST['client_id'])) {
|
if ( ! isset($authParams['client_id']) && ! isset($_POST['client_id'])) {
|
||||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0);
|
throw new ClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0);
|
||||||
} else {
|
}
|
||||||
|
|
||||||
$params['client_id'] = (isset($authParams['client_id'])) ?
|
$params['client_id'] = (isset($authParams['client_id'])) ?
|
||||||
$authParams['client_id'] :
|
$authParams['client_id'] :
|
||||||
$_POST['client_id'];
|
$_POST['client_id'];
|
||||||
}
|
|
||||||
|
|
||||||
// Client secret
|
// Client secret
|
||||||
if ( ! isset($authParams['client_secret']) && ! isset($_POST['client_secret'])) {
|
if ( ! isset($authParams['client_secret']) && ! isset($_POST['client_secret'])) {
|
||||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'client_secret'), 0);
|
throw new ClientException(sprintf($this->errors['invalid_request'], 'client_secret'), 0);
|
||||||
} else {
|
}
|
||||||
$params['client_secret'] = (isset($authParams['client_secret'])) ?
|
$params['client_secret'] = (isset($authParams['client_secret'])) ?
|
||||||
$authParams['client_secret'] :
|
$authParams['client_secret'] :
|
||||||
$_POST['client_secret'];
|
$_POST['client_secret'];
|
||||||
}
|
|
||||||
|
|
||||||
// Validate client ID and redirect URI
|
// Validate client ID and redirect URI
|
||||||
$clientDetails = $this->_dbCall(
|
$clientDetails = $this->_dbCall(
|
||||||
@ -578,30 +530,24 @@ class Server
|
|||||||
// Check for grant
|
// Check for grant
|
||||||
if ( ! isset($_POST['grant_type'])) {
|
if ( ! isset($_POST['grant_type'])) {
|
||||||
throw new \Oauth2\Authentication\ClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0);
|
throw new \Oauth2\Authentication\ClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0);
|
||||||
} else {
|
|
||||||
$params['grant_type'] = $_POST['grant_type'];
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($params['grant_type'] == 'user_credentials')
|
$params['grant_type'] = $_POST['grant_type'];
|
||||||
{
|
|
||||||
|
if ($params['grant_type'] == 'user_credentials') {
|
||||||
// Check if user's u+p are correct
|
// Check if user's u+p are correct
|
||||||
$userId = call_user_func($authParams['user_auth_callback']);
|
$userId = call_user_func($authParams['user_auth_callback']);
|
||||||
|
|
||||||
if ($userId === false)
|
if ($userId === false) {
|
||||||
{
|
|
||||||
throw new \Oauth2\Authentication\ClientException($this->errors['invalid_credentials'], 0);
|
throw new \Oauth2\Authentication\ClientException($this->errors['invalid_credentials'], 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
else
|
|
||||||
{
|
|
||||||
// Generate an access token
|
// Generate an access token
|
||||||
$accessToken = $this->generateCode();
|
$accessToken = $this->generateCode();
|
||||||
$refreshToken = $this->generateCode();
|
$refreshToken = $this->generateCode();
|
||||||
|
|
||||||
$accessTokenExpires = ($this->_config['access_token_ttl'] === null) ?
|
$accessTokenExpires = time() + $this->_config['access_token_ttl'];
|
||||||
null :
|
$accessTokenExpiresIn = $this->_config['access_token_ttl'];
|
||||||
time() + $this->_config['access_token_ttl'];
|
|
||||||
$accessTokenExpiresIn = ($this->_config['access_token_ttl'] === null) ? 0 : $this->_config['access_token_ttl'];
|
|
||||||
|
|
||||||
// Delete any existing sessions just to be sure
|
// Delete any existing sessions just to be sure
|
||||||
$this->_dbCall('deleteSession', $params['client_id'], 'user', $userId);
|
$this->_dbCall('deleteSession', $params['client_id'], 'user', $userId);
|
||||||
@ -616,7 +562,7 @@ class Server
|
|||||||
'expires' => $accessTokenExpires,
|
'expires' => $accessTokenExpires,
|
||||||
'expires_in' => $accessTokenExpiresIn
|
'expires_in' => $accessTokenExpiresIn
|
||||||
);
|
);
|
||||||
}
|
|
||||||
} else {
|
} else {
|
||||||
throw new \Oauth2\Authentication\ClientException($this->errors['unsupported_grant_type'], 7);
|
throw new \Oauth2\Authentication\ClientException($this->errors['unsupported_grant_type'], 7);
|
||||||
}
|
}
|
||||||
@ -640,29 +586,26 @@ class Server
|
|||||||
// Check for grant
|
// Check for grant
|
||||||
if ( ! isset($_POST['grant_type'])) {
|
if ( ! isset($_POST['grant_type'])) {
|
||||||
throw new \Oauth2\Authentication\ClientException(sprintf($this->errors['invalid_request'], 'grant_type'), 0);
|
throw new \Oauth2\Authentication\ClientException(sprintf($this->errors['invalid_request'], 'grant_type'), 0);
|
||||||
} else {
|
|
||||||
$params['grant_type'] = $_POST['grant_type'];
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$params['grant_type'] = $_POST['grant_type'];
|
||||||
|
|
||||||
if ( ! isset($authParams['refresh_token']) && ! isset($_POST['refresh_token'])) {
|
if ( ! isset($authParams['refresh_token']) && ! isset($_POST['refresh_token'])) {
|
||||||
throw new ClientException(sprintf($this->errors['invalid_request'], 'refresh_token'), 0);
|
throw new ClientException(sprintf($this->errors['invalid_request'], 'refresh_token'), 0);
|
||||||
} else {
|
}
|
||||||
|
|
||||||
$params['refresh_token'] = (isset($authParams['refresh_token'])) ?
|
$params['refresh_token'] = (isset($authParams['refresh_token'])) ?
|
||||||
$authParams['refresh_token'] :
|
$authParams['refresh_token'] :
|
||||||
$_POST['refresh_token'];
|
$_POST['refresh_token'];
|
||||||
}
|
|
||||||
|
|
||||||
if ($params['grant_type'] == 'refresh_token')
|
if ($params['grant_type'] == 'refresh_token') {
|
||||||
{
|
|
||||||
// Generate an access token
|
// Generate an access token
|
||||||
$accessToken = $this->generateCode();
|
$accessToken = $this->generateCode();
|
||||||
$refreshToken = $this->generateCode();
|
$refreshToken = $this->generateCode();
|
||||||
|
|
||||||
$accessTokenExpires = ($this->_config['access_token_ttl'] === null) ?
|
$accessTokenExpires = time() + $this->_config['access_token_ttl'];
|
||||||
null :
|
$accessTokenExpiresIn = $this->_config['access_token_ttl'];
|
||||||
time() + $this->_config['access_token_ttl'];
|
|
||||||
|
|
||||||
$accessTokenExpiresIn = ($this->_config['access_token_ttl'] === null) ? 0 : $this->_config['access_token_ttl'];
|
|
||||||
|
|
||||||
// Delete any existing sessions just to be sure
|
// Delete any existing sessions just to be sure
|
||||||
$result = $this->_dbCall('refreshToken', $params['refresh_token'], $accessToken, $refreshToken, $accessTokenExpires);
|
$result = $this->_dbCall('refreshToken', $params['refresh_token'], $accessToken, $refreshToken, $accessTokenExpires);
|
||||||
@ -678,6 +621,7 @@ class Server
|
|||||||
'expires' => $accessTokenExpires,
|
'expires' => $accessTokenExpires,
|
||||||
'expires_in' => $accessTokenExpiresIn
|
'expires_in' => $accessTokenExpiresIn
|
||||||
);
|
);
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
throw new \Oauth2\Authentication\ClientException($this->errors['unsupported_grant_type'], 7);
|
throw new \Oauth2\Authentication\ClientException($this->errors['unsupported_grant_type'], 7);
|
||||||
}
|
}
|
||||||
@ -695,19 +639,7 @@ class Server
|
|||||||
*/
|
*/
|
||||||
public function redirectUri($redirectUri, $params = array(), $queryDelimeter = '?')
|
public function redirectUri($redirectUri, $params = array(), $queryDelimeter = '?')
|
||||||
{
|
{
|
||||||
|
return (strstr($redirectUri, $queryDelimeter)) ? $redirectUri . '&' . http_build_query($params) : $redirectUri . $queryDelimeter . http_build_query($params);
|
||||||
if (strstr($redirectUri, $queryDelimeter)) {
|
|
||||||
|
|
||||||
$redirectUri = $redirectUri . '&' . http_build_query($params);
|
|
||||||
|
|
||||||
} else {
|
|
||||||
|
|
||||||
$redirectUri = $redirectUri . $queryDelimeter . http_build_query($params);
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
return $redirectUri;
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user