ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2025-04-11 05:19:09 +05:30
Code Issues Packages Projects Releases Wiki Activity

Removed some files which shouldn't be there

Browse Source
This commit is contained in:
Alex Bilbie 2014-08-06 09:37:19 +01:00
parent 0433791bc6
commit 130d42c85e
8 changed files with 0 additions and 1179 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/League/OAuth2/Server/Exception/InsufficientScopeException.php
View File

@ -1,20 +0,0 @@
<?php
/**
* OAuth 2.0 Insufficient Scope Exception
*
* @package php-loep/oauth2-server
* @author Woody Gilk <woody@shadowhand.me>
* @copyright Copyright (c) 2014 PHP League of Extraordinary Packages
* @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server
*/
namespace League\OAuth2\Server\Exception;
/**
* InsufficientScope Exception
*/
class InsufficientScopeException extends OAuth2Exception
{
}

20
src/League/OAuth2/Server/Exception/MissingAccessTokenException.php
View File

@ -1,20 +0,0 @@
<?php
/**
* OAuth 2.0 Missing Access Token Exception
*
* @package php-loep/oauth2-server
* @author Woody Gilk <woody@shadowhand.me>
* @copyright Copyright (c) 2014 PHP League of Extraordinary Packages
* @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server
*/
namespace League\OAuth2\Server\Exception;
/**
* MissingAccessToken Exception
*/
class MissingAccessTokenException extends OAuth2Exception
{
}

207
src/League/OAuth2/Server/Grant/RefreshToken.php
View File

@ -1,207 +0,0 @@
<?php
/**
* OAuth 2.0 Refresh token grant
*
* @package php-loep/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages
* @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server
*/
namespace League\OAuth2\Server\Grant;
use League\OAuth2\Server\Request;
use League\OAuth2\Server\Authorization;
use League\OAuth2\Server\Exception;
use League\OAuth2\Server\Util\SecureKey;
use League\OAuth2\Server\Storage\SessionInterface;
use League\OAuth2\Server\Storage\ClientInterface;
use League\OAuth2\Server\Storage\ScopeInterface;
/**
* Referesh token grant
*/
class RefreshToken implements GrantTypeInterface {
use GrantTrait;
/**
* Grant identifier
* @var string
*/
protected $identifier = 'refresh_token';
/**
* Response type
* @var string
*/
protected $responseType = null;
/**
* AuthServer instance
* @var AuthServer
*/
protected $authServer = null;
/**
* Access token expires in override
* @var int
*/
protected $accessTokenTTL = null;
/**
* Refresh token TTL
* @var integer
*/
protected $refreshTokenTTL = 604800;
/**
* Rotate refresh tokens
* @var boolean
*/
protected $rotateRefreshTokens = false;
/**
* Set the TTL of the refresh token
* @param int $refreshTokenTTL
* @return void
*/
public function setRefreshTokenTTL($refreshTokenTTL)
{
$this->refreshTokenTTL = $refreshTokenTTL;
}
/**
* Get the TTL of the refresh token
* @return int
*/
public function getRefreshTokenTTL()
{
return $this->refreshTokenTTL;
}
/**
* When a new access is token, expire the refresh token used and issue a new one.
* @param boolean $rotateRefreshTokens Set to true to enable (default = false)
* @return void
*/
public function rotateRefreshTokens($rotateRefreshTokens = false)
{
$this->rotateRefreshTokens = $rotateRefreshTokens;
}
/**
* Complete the refresh token grant
* @param null|array $inputParams
* @return array
*/
public function completeFlow($inputParams = null)
{
// Get the required params
$authParams = $this->authServer->getParam(array('client_id', 'client_secret', 'refresh_token', 'scope'), 'post', $inputParams);
if (is_null($authParams['client_id'])) {
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_id'), 0);
}
if (is_null($authParams['client_secret'])) {
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_secret'), 0);
}
// Validate client ID and client secret
$clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret'], null, $this->identifier);
if ($clientDetails === false) {
throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_client'), 8);
}
$authParams['client_details'] = $clientDetails;
if (is_null($authParams['refresh_token'])) {
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'refresh_token'), 0);
}
// Validate refresh token
$accessTokenId = $this->authServer->getStorage('session')->validateRefreshToken($authParams['refresh_token'], $authParams['client_id']);
if ($accessTokenId === false) {
throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_refresh'), 0);
}
// Get the existing access token
$accessTokenDetails = $this->authServer->getStorage('session')->getAccessToken($accessTokenId);
// Get the scopes for the existing access token
$scopes = $this->authServer->getStorage('session')->getScopes($accessTokenDetails['access_token']);
// Generate new tokens and associate them to the session
$accessToken = SecureKey::make();
$accessTokenExpiresIn = ($this->accessTokenTTL !== null) ? $this->accessTokenTTL : $this->authServer->getAccessTokenTTL();
$accessTokenExpires = time() + $accessTokenExpiresIn;
// Associate the new access token with the session
$newAccessTokenId = $this->authServer->getStorage('session')->associateAccessToken($accessTokenDetails['session_id'], $accessToken, $accessTokenExpires);
if ($this->rotateRefreshTokens === true) {
// Generate a new refresh token
$refreshToken = SecureKey::make();
$refreshTokenExpires = time() + $this->getRefreshTokenTTL();
// Revoke the old refresh token
$this->authServer->getStorage('session')->removeRefreshToken($authParams['refresh_token']);
// Associate the new refresh token with the new access token
$this->authServer->getStorage('session')->associateRefreshToken($newAccessTokenId, $refreshToken, $refreshTokenExpires, $authParams['client_id']);
}
// There isn't a request for reduced scopes so assign the original ones (or we're not rotating scopes)
if ( ! isset($authParams['scope'])) {
foreach ($scopes as $scope) {
$this->authServer->getStorage('session')->associateScope($newAccessTokenId, $scope['id']);
}
} elseif ( isset($authParams['scope']) && $this->rotateRefreshTokens === true) {
// The request is asking for reduced scopes and rotate tokens is enabled
$reqestedScopes = explode($this->authServer->getScopeDelimeter(), $authParams['scope']);
for ($i = 0; $i < count($reqestedScopes); $i++) {
$reqestedScopes[$i] = trim($reqestedScopes[$i]);
if ($reqestedScopes[$i] === '') unset($reqestedScopes[$i]); // Remove any junk scopes
}
// Check that there aren't any new scopes being included
$existingScopes = array();
foreach ($scopes as $s) {
$existingScopes[] = $s['scope'];
}
foreach ($reqestedScopes as $reqScope) {
if ( ! in_array($reqScope, $existingScopes)) {
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'scope'), 0);
}
// Associate with the new access token
$scopeDetails = $this->authServer->getStorage('scope')->getScope($reqScope, $authParams['client_id'], $this->identifier);
$this->authServer->getStorage('session')->associateScope($newAccessTokenId, $scopeDetails['id']);
}
}
$response = array(
'access_token' => $accessToken,
'token_type' => 'Bearer',
'expires' => $accessTokenExpires,
'expires_in' => $accessTokenExpiresIn
);
if ($this->rotateRefreshTokens === true) {
$response['refresh_token'] = $refreshToken;
}
return $response;
}
}

395
src/League/OAuth2/Server/Resource.php
View File

@ -1,395 +0,0 @@
<?php
/**
* OAuth 2.0 Resource Server
*
* @package php-loep/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com>
* @author Woody Gilk <woody@shadowhand.me>
* @copyright Copyright (c) 2013-2014 PHP League of Extraordinary Packages
* @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server
*/
namespace League\OAuth2\Server;
use OutOfBoundsException;
use League\OAuth2\Server\Storage\SessionInterface;
use League\OAuth2\Server\Util\RequestInterface;
use League\OAuth2\Server\Util\Request;
/**
* OAuth 2.0 Resource Server
*/
class Resource
{
/**
* The access token
* @var string
*/
protected $accessToken = null;
/**
* The session ID
* @var string
*/
protected $sessionId = null;
/**
* The type of the owner of the access token
* @var string
*/
protected $ownerType = null;
/**
* The ID of the owner of the access token
* @var string
*/
protected $ownerId = null;
/**
* The scopes associated with the access token
* @var array
*/
protected $sessionScopes = array();
/**
* The client, scope and session storage classes
* @var array
*/
protected $storages = array();
/**
* The request object
* @var Util\RequestInterface
*/
protected $request = null;
/**
* The query string key which is used by clients to present the access token (default: access_token)
* @var string
*/
protected $tokenKey = 'access_token';
/**
* The client ID
* @var string
*/
protected $clientId = null;
/**
* Exception error codes
* @var array
*/
protected static $exceptionCodes = array(
0 => 'invalid_request',
1 => 'invalid_token',
2 => 'insufficient_scope',
);
/**
* Exception error messages
* @var array
*/
protected static $exceptionMessages = array(
'invalid_request' => 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the "%s" parameter.',
'invalid_token' => 'The access token provided is expired, revoked, malformed, or invalid for other reasons.',
'insufficient_scope' => 'The request requires higher privileges than provided by the access token. Required scopes are: %s.',
);
/**
* Exception error HTTP status codes
* @var array
*
* RFC 6750, section 3.1:
* When a request fails, the resource server responds using the
* appropriate HTTP status code (typically, 400, 401, 403, or 405) and
* includes one of the following error codes in the response:
*/
protected static $exceptionHttpStatusCodes = array(
'invalid_request' => 400,
'invalid_token' => 401,
'insufficient_scope' => 403,
);
/**
* Get an exception message
*
* @param string $error The error message key
* @return string The error message
*/
public static function getExceptionMessage($error = '')
{
return self::$exceptionMessages[$error];
}
/**
* Get an exception code
*
* @param integer $code The exception code
* @return string The exception code type
*/
public static function getExceptionType($code = 0)
{
return self::$exceptionCodes[$code];
}
/**
* Get all headers that have to be send with the error response
*
* @param string $error The error message key
* @return array Array with header values
*/
public static function getExceptionHttpHeaders($error)
{
$headers = array();
switch (self::$exceptionHttpStatusCodes[$error]) {
case 401:
$headers[] = 'HTTP/1.1 401 Unauthorized';
break;
case 403:
$headers[] = 'HTTP/1.1 403 Forbidden';
break;
case 400:
default:
$headers[] = 'HTTP/1.1 400 Bad Request';
}
// Add "WWW-Authenticate" header
//
// RFC 6749, section 5.2.:
// "If the client attempted to authenticate via the 'Authorization'
// request header field, the authorization server MUST
// respond with an HTTP 401 (Unauthorized) status code and
// include the "WWW-Authenticate" response header field
// matching the authentication scheme used by the client.
// @codeCoverageIgnoreStart
if ($error === 'invalid_token') {
$authScheme = null;
$request = Request::buildFromGlobals();
if ($request->server('PHP_AUTH_USER') !== null) {
$authScheme = 'Basic';
} else {
$authHeader = $request->header('Authorization');
if ($authHeader !== null) {
if (strpos($authHeader, 'Bearer') === 0) {
$authScheme = 'Bearer';
} elseif (strpos($authHeader, 'Basic') === 0) {
$authScheme = 'Basic';
}
}
}
if ($authScheme !== null) {
$headers[] = 'WWW-Authenticate: '.$authScheme.' realm=""';
}
}
// @codeCoverageIgnoreEnd
return $headers;
}
/**
* Sets up the Resource
*
* @param SessionInterface The Session Storage Object
*/
public function __construct(SessionInterface $session)
{
$this->storages['session'] = $session;
}
/**
* Sets the Request Object
*
* @param RequestInterface The Request Object
*/
public function setRequest(RequestInterface $request)
{
$this->request = $request;
return $this;
}
/**
* Gets the Request object. It will create one from the globals if one is not set.
*
* @return Util\RequestInterface
*/
public function getRequest()
{
if ($this->request === null) {
// @codeCoverageIgnoreStart
$this->request = Request::buildFromGlobals();
}
// @codeCoverageIgnoreEnd
return $this->request;
}
/**
* Returns the query string key for the access token.
*
* @return string
*/
public function getTokenKey()
{
return $this->tokenKey;
}
/**
* Sets the query string key for the access token.
*
* @param $key The new query string key
*/
public function setTokenKey($key)
{
$this->tokenKey = $key;
return $this;
}
/**
* Gets the access token owner ID.
*
* @return string
*/
public function getOwnerId()
{
return $this->ownerId;
}
/**
* Gets the owner type.
*
* @return string
*/
public function getOwnerType()
{
return $this->ownerType;
}
/**
* Gets the access token.
*
* @return string
*/
public function getAccessToken()
{
return $this->accessToken;
}
/**
* Gets the client ID that created the session
* @return string
*/
public function getClientId()
{
return $this->clientId;
}
/**
* Checks if the access token is valid or not.
*
* @param $headersOnly Limit Access Token to Authorization header only
* @throws Exception\InvalidAccessTokenException Thrown if the presented access token is not valid
* @return bool
*/
public function isValid($headersOnly = false)
{
$accessToken = $this->determineAccessToken($headersOnly);
$result = $this->storages['session']->validateAccessToken($accessToken);
if (! $result) {
throw new Exception\InvalidAccessTokenException(self::$exceptionMessages['invalid_token'], 1);
}
$this->accessToken = $accessToken;
$this->sessionId = $result['session_id'];
$this->clientId = $result['client_id'];
$this->ownerType = $result['owner_type'];
$this->ownerId = $result['owner_id'];
$sessionScopes = $this->storages['session']->getScopes($this->accessToken);
foreach ($sessionScopes as $scope) {
$this->sessionScopes[] = $scope['scope'];
}
return true;
}
/**
* Get the session scopes
* @return array
*/
public function getScopes()
{
return $this->sessionScopes;
}
/**
* Checks if the presented access token has the given scope(s).
*
* @param array|string An array of scopes or a single scope as a string
* @param bool If scopes are required, missing scope will trigger an exception
* @throws Exception\InsufficientScopeException Thrown if the any of the given scopes are not in the session
* @return bool Returns bool if all scopes are found, false if any fail
*/
public function hasScope($scopes, $required = false)
{
if (!is_array($scopes)) {
$scopes = array($scopes);
}
$missing = array_diff($scopes, $this->sessionScopes);
if ($missing) {
if ($required) {
$missing = implode(', ', $missing);
throw new Exception\InsufficientScopeException(sprintf(self::$exceptionMessages['insufficient_scope'], $missing), 3);
}
return false;
}
return true;
}
/**
* Reads in the access token from the headers.
*
* @param $headersOnly Limit Access Token to Authorization header only
* @throws Exception\MissingAccessTokenException Thrown if there is no access token presented
* @return string
*/
public function determineAccessToken($headersOnly = false)
{
// Try to get it directly from a header
if (! $header = $this->getRequest()->header('Authorization')) {
// Failing that try getting it from a server variable
$header = $this->getRequest()->server('HTTP_AUTHORIZATION');
}
// One of them worked
if ($header) {
// Check for special case, because cURL sometimes does an
// internal second request and doubles the authorization header,
// which always resulted in an error.
//
// 1st request: Authorization: Bearer XXX
// 2nd request: Authorization: Bearer XXX, Bearer XXX
if (strpos($header, ',') !== false) {
$headerPart = explode(',', $header);
$accessToken = trim(preg_replace('/^(?:\s+)?Bearer\s/', '', $headerPart[0]));
} else {
$accessToken = trim(preg_replace('/^(?:\s+)?Bearer\s/', '', $header));
}
$accessToken = ($accessToken === 'Bearer') ? '' : $accessToken;
} elseif ($headersOnly === false) {
$method = $this->getRequest()->server('REQUEST_METHOD');
$accessToken = $this->getRequest()->{$method}($this->tokenKey);
}
if (empty($accessToken)) {
throw new Exception\MissingAccessTokenException(self::$exceptionMessages['invalid_request'], 0);
}
return $accessToken;
}
}

332
src/League/OAuth2/Server/Storage/SessionInterface.php
View File

@ -1,332 +0,0 @@
<?php
/**
* OAuth 2.0 Session storage interface
*
* @package php-loep/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages
* @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server
*/
namespace League\OAuth2\Server\Storage;
interface SessionInterface
{
/**
* Create a new session
*
* Example SQL query:
*
* <code>
* INSERT INTO oauth_sessions (client_id, owner_type, owner_id)
* VALUE (:clientId, :ownerType, :ownerId)
* </code>
*
* @param string $clientId The client ID
* @param string $ownerType The type of the session owner (e.g. "user")
* @param string $ownerId The ID of the session owner (e.g. "123")
* @return int The session ID
*/
public function createSession($clientId, $ownerType, $ownerId);
/**
* Delete a session
*
* Example SQL query:
*
* <code>
* DELETE FROM oauth_sessions WHERE client_id = :clientId AND owner_type = :type AND owner_id = :typeId
* </code>
*
* @param string $clientId The client ID
* @param string $ownerType The type of the session owner (e.g. "user")
* @param string $ownerId The ID of the session owner (e.g. "123")
* @return void
*/
public function deleteSession($clientId, $ownerType, $ownerId);
/**
* Associate a redirect URI with a session
*
* Example SQL query:
*
* <code>
* INSERT INTO oauth_session_redirects (session_id, redirect_uri) VALUE (:sessionId, :redirectUri)
* </code>
*
* @param int $sessionId The session ID
* @param string $redirectUri The redirect URI
* @return void
*/
public function associateRedirectUri($sessionId, $redirectUri);
/**
* Associate an access token with a session
*
* Example SQL query:
*
* <code>
* INSERT INTO oauth_session_access_tokens (session_id, access_token, access_token_expires)
* VALUE (:sessionId, :accessToken, :accessTokenExpire)
* </code>
*
* @param int $sessionId The session ID
* @param string $accessToken The access token
* @param int $expireTime Unix timestamp of the access token expiry time
* @return int The access token ID
*/
public function associateAccessToken($sessionId, $accessToken, $expireTime);
/**
* Associate a refresh token with a session
*
* Example SQL query:
*
* <code>
* INSERT INTO oauth_session_refresh_tokens (session_access_token_id, refresh_token, refresh_token_expires,
* client_id) VALUE (:accessTokenId, :refreshToken, :expireTime, :clientId)
* </code>
*
* @param int $accessTokenId The access token ID
* @param string $refreshToken The refresh token
* @param int $expireTime Unix timestamp of the refresh token expiry time
* @param string $clientId The client ID
* @return void
*/
public function associateRefreshToken($accessTokenId, $refreshToken, $expireTime, $clientId);
/**
* Assocate an authorization code with a session
*
* Example SQL query:
*
* <code>
* INSERT INTO oauth_session_authcodes (session_id, auth_code, auth_code_expires)
* VALUE (:sessionId, :authCode, :authCodeExpires)
* </code>
*
* @param int $sessionId The session ID
* @param string $authCode The authorization code
* @param int $expireTime Unix timestamp of the access token expiry time
* @return int The auth code ID
*/
public function associateAuthCode($sessionId, $authCode, $expireTime);
/**
* Remove an associated authorization token from a session
*
* Example SQL query:
*
* <code>
* DELETE FROM oauth_session_authcodes WHERE session_id = :sessionId
* </code>
*
* @param int $sessionId The session ID
* @return void
*/
public function removeAuthCode($sessionId);
/**
* Validate an authorization code
*
* Example SQL query:
*
* <code>
* SELECT oauth_sessions.id AS session_id, oauth_session_authcodes.id AS authcode_id FROM oauth_sessions
* JOIN oauth_session_authcodes ON oauth_session_authcodes.`session_id` = oauth_sessions.id
* JOIN oauth_session_redirects ON oauth_session_redirects.`session_id` = oauth_sessions.id WHERE
* oauth_sessions.client_id = :clientId AND oauth_session_authcodes.`auth_code` = :authCode
* AND `oauth_session_authcodes`.`auth_code_expires` >= :time AND
* `oauth_session_redirects`.`redirect_uri` = :redirectUri
* </code>
*
* Expected response:
*
* <code>
* array(
* 'session_id' => (int)
* 'authcode_id' => (int)
* )
* </code>
*
* @param string $clientId The client ID
* @param string $redirectUri The redirect URI
* @param string $authCode The authorization code
* @return array|bool False if invalid or array as above
*/
public function validateAuthCode($clientId, $redirectUri, $authCode);
/**
* Validate an access token
*
* Example SQL query:
*
* <code>
* SELECT session_id, oauth_sessions.`client_id`, oauth_sessions.`owner_id`, oauth_sessions.`owner_type`
* FROM `oauth_session_access_tokens` JOIN oauth_sessions ON oauth_sessions.`id` = session_id WHERE
* access_token = :accessToken AND access_token_expires >= UNIX_TIMESTAMP(NOW())
* </code>
*
* Expected response:
*
* <code>
* array(
* 'session_id' => (int),
* 'client_id' => (string),
* 'owner_id' => (string),
* 'owner_type' => (string)
* )
* </code>
*
* @param string $accessToken The access token
* @return array|bool False if invalid or an array as above
*/
public function validateAccessToken($accessToken);
/**
* Removes a refresh token
*
* Example SQL query:
*
* <code>
* DELETE FROM `oauth_session_refresh_tokens` WHERE refresh_token = :refreshToken
* </code>
*
* @param string $refreshToken The refresh token to be removed
* @return void
*/
public function removeRefreshToken($refreshToken);
/**
* Validate a refresh token
*
* Example SQL query:
*
* <code>
* SELECT session_access_token_id FROM `oauth_session_refresh_tokens` WHERE refresh_token = :refreshToken
* AND refresh_token_expires >= UNIX_TIMESTAMP(NOW()) AND client_id = :clientId
* </code>
*
* @param string $refreshToken The refresh token
* @param string $clientId The client ID
* @return int|bool The ID of the access token the refresh token is linked to (or false if invalid)
*/
public function validateRefreshToken($refreshToken, $clientId);
/**
* Get an access token by ID
*
* Example SQL query:
*
* <code>
* SELECT * FROM `oauth_session_access_tokens` WHERE `id` = :accessTokenId
* </code>
*
* Expected response:
*
* <code>
* array(
* 'id' => (int),
* 'session_id' => (int),
* 'access_token' => (string),
* 'access_token_expires' => (int)
* )
* </code>
*
* @param int $accessTokenId The access token ID
* @return array
*/
public function getAccessToken($accessTokenId);
/**
* Associate scopes with an auth code (bound to the session)
*
* Example SQL query:
*
* <code>
* INSERT INTO `oauth_session_authcode_scopes` (`oauth_session_authcode_id`, `scope_id`) VALUES
* (:authCodeId, :scopeId)
* </code>
*
* @param int $authCodeId The auth code ID
* @param int $scopeId The scope ID
* @return void
*/
public function associateAuthCodeScope($authCodeId, $scopeId);
/**
* Get the scopes associated with an auth code
*
* Example SQL query:
*
* <code>
* SELECT scope_id FROM `oauth_session_authcode_scopes` WHERE oauth_session_authcode_id = :authCodeId
* </code>
*
* Expected response:
*
* <code>
* array(
* array(
* 'scope_id' => (int)
* ),
* array(
* 'scope_id' => (int)
* ),
* ...
* )
* </code>
*
* @param int $oauthSessionAuthCodeId The session ID
* @return array
*/
public function getAuthCodeScopes($oauthSessionAuthCodeId);
/**
* Associate a scope with an access token
*
* Example SQL query:
*
* <code>
* INSERT INTO `oauth_session_token_scopes` (`session_access_token_id`, `scope_id`) VALUE (:accessTokenId, :scopeId)
* </code>
*
* @param int $accessTokenId The ID of the access token
* @param int $scopeId The ID of the scope
* @return void
*/
public function associateScope($accessTokenId, $scopeId);
/**
* Get all associated access tokens for an access token
*
* Example SQL query:
*
* <code>
* SELECT oauth_scopes.* FROM oauth_session_token_scopes JOIN oauth_session_access_tokens
* ON oauth_session_access_tokens.`id` = `oauth_session_token_scopes`.`session_access_token_id`
* JOIN oauth_scopes ON oauth_scopes.id = `oauth_session_token_scopes`.`scope_id`
* WHERE access_token = :accessToken
* </code>
*
* Expected response:
*
* <code>
* array (
* array(
* 'id' => (int),
* 'scope' => (string),
* 'name' => (string),
* 'description' => (string)
* ),
* ...
* ...
* )
* </code>
*
* @param string $accessToken The access token
* @return array
*/
public function getScopes($accessToken);
}

38
src/League/OAuth2/Server/Util/KeyAlgorithm/DefaultAlgorithm.php
View File

@ -1,38 +0,0 @@
<?php
/**
* OAuth 2.0 Secure key default algorithm
*
* @package php-loep/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages
* @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server
*/
namespace League\OAuth2\Server\Util\KeyAlgorithm;
class DefaultAlgorithm implements KeyAlgorithmInterface
{
/**
* @param int $len
* @return string
* @throws \Exception
*/
public function make($len = 40)
{
// We generate twice as many bytes here because we want to ensure we have
// enough after we base64 encode it to get the length we need because we
// take out the "/", "+", and "=" characters.
$bytes = openssl_random_pseudo_bytes($len * 2, $strong);
// We want to stop execution if the key fails because, well, that is bad.
if ($bytes === false || $strong === false) {
// @codeCoverageIgnoreStart
throw new \Exception('Error Generating Key');
// @codeCoverageIgnoreEnd
}
return substr(str_replace(array('/', '+', '='), '', base64_encode($bytes)), 0, $len);
}
}

18
src/League/OAuth2/Server/Util/KeyAlgorithm/KeyAlgorithmInterface.php
View File

@ -1,18 +0,0 @@
<?php
/**
* OAuth 2.0 Key algorithm interface
*
* @package php-loep/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages
* @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server
*/
namespace League\OAuth2\Server\Util\KeyAlgorithm;
interface KeyAlgorithmInterface
{
public function make($len = 40);
}

149
src/League/OAuth2/Server/Util/Request.php
View File

@ -1,149 +0,0 @@
<?php
/**
* OAuth 2.0 Request class
*
* @package php-loep/oauth2-server
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages
* @license http://mit-license.org/
* @link http://github.com/php-loep/oauth2-server
*/
namespace League\OAuth2\Server\Util;
use OutOfBoundsException;
use InvalidMethodCallException;
use InvalidArgumentException;
class Request implements RequestInterface
{
protected $get = array();
protected $post = array();
protected $cookies = array();
protected $files = array();
protected $server = array();
protected $headers = array();
public static function buildFromGlobals()
{
return new static($_GET, $_POST, $_COOKIE, $_FILES, $_SERVER);
}
public function __construct(array $get = array(), array $post = array(), array $cookies = array(), array $files = array(), array $server = array(), $headers = array())
{
$this->get = $get;
$this->post = $post;
$this->cookies = $cookies;
$this->files = $files;
$this->server = $server;
if (empty($headers)) {
$this->headers = $this->readHeaders();
} else {
$this->headers = $this->normalizeHeaders($headers);
}
}
public function get($index = null, $default = null)
{
return $this->getPropertyValue('get', $index, $default);
}
public function post($index = null, $default = null)
{
return $this->getPropertyValue('post', $index, $default);
}
public function file($index = null, $default = null)
{
return $this->getPropertyValue('files', $index, $default);
}
public function cookie($index = null, $default = null)
{
return $this->getPropertyValue('cookies', $index, $default);
}
public function server($index = null, $default = null)
{
return $this->getPropertyValue('server', $index, $default);
}
public function header($index = null, $default = null)
{
return $this->getPropertyValue('headers', $index, $default);
}
protected function readHeaders()
{
if (function_exists('apache_request_headers')) {
// @codeCoverageIgnoreStart
$headers = apache_request_headers();
} elseif (function_exists('http_get_request_headers')) {
$headers = http_get_request_headers();
} else {
// @codeCoverageIgnoreEnd
$headers = array();
foreach ($this->server() as $name => $value) {
if (substr($name, 0, 5) == 'HTTP_') {
// HTTP_FOO_BAR becomes FOO-BAR
$name = str_replace(array('HTTP_', '_'), array('', '-'), $name);
$headers[$name] = $value;
}
}
}
return $this->normalizeHeaders($headers);
}
protected function getPropertyValue($property, $index = null, $default = null)
{
if ( ! isset($this->{$property})) {
throw new InvalidArgumentException("Property '$property' does not exist.");
}
if (is_null($index)) {
return $this->{$property};
}
if ( ! array_key_exists($index, $this->{$property})) {
return $default;
}
return $this->{$property}[$index];
}
/**
* Takes all of the headers and normalizes them in a canonical form.
*
* @param array $headers The request headers.
* @return array An arry of headers with the header name normalized
*/
protected function normalizeHeaders(array $headers)
{
$normalized = array();
foreach ($headers as $key => $value) {
$normalized[ucfirst($this->normalizeKey($key))] = $value;
}
return $normalized;
}
/**
* Transform header name into canonical form
*
* Taken from the Slim codebase...
*
* @param string $key
* @return string
*/
protected function normalizeKey($key)
{
$key = strtolower($key);
$key = str_replace(array('-', '_'), ' ', $key);
$key = preg_replace('#^http #', '', $key);
$key = ucwords($key);
$key = str_replace(' ', '-', $key);
return $key;
}
}