mirror of
https://github.com/elyby/oauth2-server.git
synced 2025-04-01 08:36:23 +05:30
Removed some files which shouldn't be there
This commit is contained in:
parent
0433791bc6
commit
130d42c85e
@ -1,20 +0,0 @@
|
||||
<?php
|
||||
/**
|
||||
* OAuth 2.0 Insufficient Scope Exception
|
||||
*
|
||||
* @package php-loep/oauth2-server
|
||||
* @author Woody Gilk <woody@shadowhand.me>
|
||||
* @copyright Copyright (c) 2014 PHP League of Extraordinary Packages
|
||||
* @license http://mit-license.org/
|
||||
* @link http://github.com/php-loep/oauth2-server
|
||||
*/
|
||||
|
||||
namespace League\OAuth2\Server\Exception;
|
||||
|
||||
/**
|
||||
* InsufficientScope Exception
|
||||
*/
|
||||
class InsufficientScopeException extends OAuth2Exception
|
||||
{
|
||||
|
||||
}
|
@ -1,20 +0,0 @@
|
||||
<?php
|
||||
/**
|
||||
* OAuth 2.0 Missing Access Token Exception
|
||||
*
|
||||
* @package php-loep/oauth2-server
|
||||
* @author Woody Gilk <woody@shadowhand.me>
|
||||
* @copyright Copyright (c) 2014 PHP League of Extraordinary Packages
|
||||
* @license http://mit-license.org/
|
||||
* @link http://github.com/php-loep/oauth2-server
|
||||
*/
|
||||
|
||||
namespace League\OAuth2\Server\Exception;
|
||||
|
||||
/**
|
||||
* MissingAccessToken Exception
|
||||
*/
|
||||
class MissingAccessTokenException extends OAuth2Exception
|
||||
{
|
||||
|
||||
}
|
@ -1,207 +0,0 @@
|
||||
<?php
|
||||
/**
|
||||
* OAuth 2.0 Refresh token grant
|
||||
*
|
||||
* @package php-loep/oauth2-server
|
||||
* @author Alex Bilbie <hello@alexbilbie.com>
|
||||
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages
|
||||
* @license http://mit-license.org/
|
||||
* @link http://github.com/php-loep/oauth2-server
|
||||
*/
|
||||
|
||||
namespace League\OAuth2\Server\Grant;
|
||||
|
||||
use League\OAuth2\Server\Request;
|
||||
use League\OAuth2\Server\Authorization;
|
||||
use League\OAuth2\Server\Exception;
|
||||
use League\OAuth2\Server\Util\SecureKey;
|
||||
use League\OAuth2\Server\Storage\SessionInterface;
|
||||
use League\OAuth2\Server\Storage\ClientInterface;
|
||||
use League\OAuth2\Server\Storage\ScopeInterface;
|
||||
|
||||
/**
|
||||
* Referesh token grant
|
||||
*/
|
||||
class RefreshToken implements GrantTypeInterface {
|
||||
|
||||
use GrantTrait;
|
||||
|
||||
/**
|
||||
* Grant identifier
|
||||
* @var string
|
||||
*/
|
||||
protected $identifier = 'refresh_token';
|
||||
|
||||
/**
|
||||
* Response type
|
||||
* @var string
|
||||
*/
|
||||
protected $responseType = null;
|
||||
|
||||
/**
|
||||
* AuthServer instance
|
||||
* @var AuthServer
|
||||
*/
|
||||
protected $authServer = null;
|
||||
|
||||
/**
|
||||
* Access token expires in override
|
||||
* @var int
|
||||
*/
|
||||
protected $accessTokenTTL = null;
|
||||
|
||||
/**
|
||||
* Refresh token TTL
|
||||
* @var integer
|
||||
*/
|
||||
protected $refreshTokenTTL = 604800;
|
||||
|
||||
/**
|
||||
* Rotate refresh tokens
|
||||
* @var boolean
|
||||
*/
|
||||
protected $rotateRefreshTokens = false;
|
||||
|
||||
/**
|
||||
* Set the TTL of the refresh token
|
||||
* @param int $refreshTokenTTL
|
||||
* @return void
|
||||
*/
|
||||
public function setRefreshTokenTTL($refreshTokenTTL)
|
||||
{
|
||||
$this->refreshTokenTTL = $refreshTokenTTL;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the TTL of the refresh token
|
||||
* @return int
|
||||
*/
|
||||
public function getRefreshTokenTTL()
|
||||
{
|
||||
return $this->refreshTokenTTL;
|
||||
}
|
||||
|
||||
/**
|
||||
* When a new access is token, expire the refresh token used and issue a new one.
|
||||
* @param boolean $rotateRefreshTokens Set to true to enable (default = false)
|
||||
* @return void
|
||||
*/
|
||||
public function rotateRefreshTokens($rotateRefreshTokens = false)
|
||||
{
|
||||
$this->rotateRefreshTokens = $rotateRefreshTokens;
|
||||
}
|
||||
|
||||
/**
|
||||
* Complete the refresh token grant
|
||||
* @param null|array $inputParams
|
||||
* @return array
|
||||
*/
|
||||
public function completeFlow($inputParams = null)
|
||||
{
|
||||
// Get the required params
|
||||
$authParams = $this->authServer->getParam(array('client_id', 'client_secret', 'refresh_token', 'scope'), 'post', $inputParams);
|
||||
|
||||
if (is_null($authParams['client_id'])) {
|
||||
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_id'), 0);
|
||||
}
|
||||
|
||||
if (is_null($authParams['client_secret'])) {
|
||||
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_secret'), 0);
|
||||
}
|
||||
|
||||
// Validate client ID and client secret
|
||||
$clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret'], null, $this->identifier);
|
||||
|
||||
if ($clientDetails === false) {
|
||||
throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_client'), 8);
|
||||
}
|
||||
|
||||
$authParams['client_details'] = $clientDetails;
|
||||
|
||||
if (is_null($authParams['refresh_token'])) {
|
||||
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'refresh_token'), 0);
|
||||
}
|
||||
|
||||
// Validate refresh token
|
||||
$accessTokenId = $this->authServer->getStorage('session')->validateRefreshToken($authParams['refresh_token'], $authParams['client_id']);
|
||||
|
||||
if ($accessTokenId === false) {
|
||||
throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_refresh'), 0);
|
||||
}
|
||||
|
||||
// Get the existing access token
|
||||
$accessTokenDetails = $this->authServer->getStorage('session')->getAccessToken($accessTokenId);
|
||||
|
||||
// Get the scopes for the existing access token
|
||||
$scopes = $this->authServer->getStorage('session')->getScopes($accessTokenDetails['access_token']);
|
||||
|
||||
// Generate new tokens and associate them to the session
|
||||
$accessToken = SecureKey::make();
|
||||
$accessTokenExpiresIn = ($this->accessTokenTTL !== null) ? $this->accessTokenTTL : $this->authServer->getAccessTokenTTL();
|
||||
$accessTokenExpires = time() + $accessTokenExpiresIn;
|
||||
|
||||
// Associate the new access token with the session
|
||||
$newAccessTokenId = $this->authServer->getStorage('session')->associateAccessToken($accessTokenDetails['session_id'], $accessToken, $accessTokenExpires);
|
||||
|
||||
if ($this->rotateRefreshTokens === true) {
|
||||
|
||||
// Generate a new refresh token
|
||||
$refreshToken = SecureKey::make();
|
||||
$refreshTokenExpires = time() + $this->getRefreshTokenTTL();
|
||||
|
||||
// Revoke the old refresh token
|
||||
$this->authServer->getStorage('session')->removeRefreshToken($authParams['refresh_token']);
|
||||
|
||||
// Associate the new refresh token with the new access token
|
||||
$this->authServer->getStorage('session')->associateRefreshToken($newAccessTokenId, $refreshToken, $refreshTokenExpires, $authParams['client_id']);
|
||||
}
|
||||
|
||||
// There isn't a request for reduced scopes so assign the original ones (or we're not rotating scopes)
|
||||
if ( ! isset($authParams['scope'])) {
|
||||
|
||||
foreach ($scopes as $scope) {
|
||||
$this->authServer->getStorage('session')->associateScope($newAccessTokenId, $scope['id']);
|
||||
}
|
||||
|
||||
} elseif ( isset($authParams['scope']) && $this->rotateRefreshTokens === true) {
|
||||
|
||||
// The request is asking for reduced scopes and rotate tokens is enabled
|
||||
$reqestedScopes = explode($this->authServer->getScopeDelimeter(), $authParams['scope']);
|
||||
|
||||
for ($i = 0; $i < count($reqestedScopes); $i++) {
|
||||
$reqestedScopes[$i] = trim($reqestedScopes[$i]);
|
||||
if ($reqestedScopes[$i] === '') unset($reqestedScopes[$i]); // Remove any junk scopes
|
||||
}
|
||||
|
||||
// Check that there aren't any new scopes being included
|
||||
$existingScopes = array();
|
||||
foreach ($scopes as $s) {
|
||||
$existingScopes[] = $s['scope'];
|
||||
}
|
||||
|
||||
foreach ($reqestedScopes as $reqScope) {
|
||||
if ( ! in_array($reqScope, $existingScopes)) {
|
||||
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'scope'), 0);
|
||||
}
|
||||
|
||||
// Associate with the new access token
|
||||
$scopeDetails = $this->authServer->getStorage('scope')->getScope($reqScope, $authParams['client_id'], $this->identifier);
|
||||
$this->authServer->getStorage('session')->associateScope($newAccessTokenId, $scopeDetails['id']);
|
||||
}
|
||||
}
|
||||
|
||||
$response = array(
|
||||
'access_token' => $accessToken,
|
||||
'token_type' => 'Bearer',
|
||||
'expires' => $accessTokenExpires,
|
||||
'expires_in' => $accessTokenExpiresIn
|
||||
);
|
||||
|
||||
if ($this->rotateRefreshTokens === true) {
|
||||
$response['refresh_token'] = $refreshToken;
|
||||
}
|
||||
|
||||
return $response;
|
||||
}
|
||||
|
||||
}
|
@ -1,395 +0,0 @@
|
||||
<?php
|
||||
/**
|
||||
* OAuth 2.0 Resource Server
|
||||
*
|
||||
* @package php-loep/oauth2-server
|
||||
* @author Alex Bilbie <hello@alexbilbie.com>
|
||||
* @author Woody Gilk <woody@shadowhand.me>
|
||||
* @copyright Copyright (c) 2013-2014 PHP League of Extraordinary Packages
|
||||
* @license http://mit-license.org/
|
||||
* @link http://github.com/php-loep/oauth2-server
|
||||
*/
|
||||
|
||||
namespace League\OAuth2\Server;
|
||||
|
||||
use OutOfBoundsException;
|
||||
use League\OAuth2\Server\Storage\SessionInterface;
|
||||
use League\OAuth2\Server\Util\RequestInterface;
|
||||
use League\OAuth2\Server\Util\Request;
|
||||
|
||||
/**
|
||||
* OAuth 2.0 Resource Server
|
||||
*/
|
||||
class Resource
|
||||
{
|
||||
/**
|
||||
* The access token
|
||||
* @var string
|
||||
*/
|
||||
protected $accessToken = null;
|
||||
|
||||
/**
|
||||
* The session ID
|
||||
* @var string
|
||||
*/
|
||||
protected $sessionId = null;
|
||||
|
||||
/**
|
||||
* The type of the owner of the access token
|
||||
* @var string
|
||||
*/
|
||||
protected $ownerType = null;
|
||||
|
||||
/**
|
||||
* The ID of the owner of the access token
|
||||
* @var string
|
||||
*/
|
||||
protected $ownerId = null;
|
||||
|
||||
/**
|
||||
* The scopes associated with the access token
|
||||
* @var array
|
||||
*/
|
||||
protected $sessionScopes = array();
|
||||
|
||||
/**
|
||||
* The client, scope and session storage classes
|
||||
* @var array
|
||||
*/
|
||||
protected $storages = array();
|
||||
|
||||
/**
|
||||
* The request object
|
||||
* @var Util\RequestInterface
|
||||
*/
|
||||
protected $request = null;
|
||||
|
||||
/**
|
||||
* The query string key which is used by clients to present the access token (default: access_token)
|
||||
* @var string
|
||||
*/
|
||||
protected $tokenKey = 'access_token';
|
||||
|
||||
/**
|
||||
* The client ID
|
||||
* @var string
|
||||
*/
|
||||
protected $clientId = null;
|
||||
|
||||
/**
|
||||
* Exception error codes
|
||||
* @var array
|
||||
*/
|
||||
protected static $exceptionCodes = array(
|
||||
0 => 'invalid_request',
|
||||
1 => 'invalid_token',
|
||||
2 => 'insufficient_scope',
|
||||
);
|
||||
|
||||
/**
|
||||
* Exception error messages
|
||||
* @var array
|
||||
*/
|
||||
protected static $exceptionMessages = array(
|
||||
'invalid_request' => 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the "%s" parameter.',
|
||||
'invalid_token' => 'The access token provided is expired, revoked, malformed, or invalid for other reasons.',
|
||||
'insufficient_scope' => 'The request requires higher privileges than provided by the access token. Required scopes are: %s.',
|
||||
);
|
||||
|
||||
/**
|
||||
* Exception error HTTP status codes
|
||||
* @var array
|
||||
*
|
||||
* RFC 6750, section 3.1:
|
||||
* When a request fails, the resource server responds using the
|
||||
* appropriate HTTP status code (typically, 400, 401, 403, or 405) and
|
||||
* includes one of the following error codes in the response:
|
||||
*/
|
||||
protected static $exceptionHttpStatusCodes = array(
|
||||
'invalid_request' => 400,
|
||||
'invalid_token' => 401,
|
||||
'insufficient_scope' => 403,
|
||||
);
|
||||
|
||||
/**
|
||||
* Get an exception message
|
||||
*
|
||||
* @param string $error The error message key
|
||||
* @return string The error message
|
||||
*/
|
||||
public static function getExceptionMessage($error = '')
|
||||
{
|
||||
return self::$exceptionMessages[$error];
|
||||
}
|
||||
|
||||
/**
|
||||
* Get an exception code
|
||||
*
|
||||
* @param integer $code The exception code
|
||||
* @return string The exception code type
|
||||
*/
|
||||
public static function getExceptionType($code = 0)
|
||||
{
|
||||
return self::$exceptionCodes[$code];
|
||||
}
|
||||
|
||||
/**
|
||||
* Get all headers that have to be send with the error response
|
||||
*
|
||||
* @param string $error The error message key
|
||||
* @return array Array with header values
|
||||
*/
|
||||
public static function getExceptionHttpHeaders($error)
|
||||
{
|
||||
$headers = array();
|
||||
switch (self::$exceptionHttpStatusCodes[$error]) {
|
||||
case 401:
|
||||
$headers[] = 'HTTP/1.1 401 Unauthorized';
|
||||
break;
|
||||
case 403:
|
||||
$headers[] = 'HTTP/1.1 403 Forbidden';
|
||||
break;
|
||||
case 400:
|
||||
default:
|
||||
$headers[] = 'HTTP/1.1 400 Bad Request';
|
||||
}
|
||||
|
||||
// Add "WWW-Authenticate" header
|
||||
//
|
||||
// RFC 6749, section 5.2.:
|
||||
// "If the client attempted to authenticate via the 'Authorization'
|
||||
// request header field, the authorization server MUST
|
||||
// respond with an HTTP 401 (Unauthorized) status code and
|
||||
// include the "WWW-Authenticate" response header field
|
||||
// matching the authentication scheme used by the client.
|
||||
// @codeCoverageIgnoreStart
|
||||
if ($error === 'invalid_token') {
|
||||
$authScheme = null;
|
||||
$request = Request::buildFromGlobals();
|
||||
if ($request->server('PHP_AUTH_USER') !== null) {
|
||||
$authScheme = 'Basic';
|
||||
} else {
|
||||
$authHeader = $request->header('Authorization');
|
||||
if ($authHeader !== null) {
|
||||
if (strpos($authHeader, 'Bearer') === 0) {
|
||||
$authScheme = 'Bearer';
|
||||
} elseif (strpos($authHeader, 'Basic') === 0) {
|
||||
$authScheme = 'Basic';
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($authScheme !== null) {
|
||||
$headers[] = 'WWW-Authenticate: '.$authScheme.' realm=""';
|
||||
}
|
||||
}
|
||||
// @codeCoverageIgnoreEnd
|
||||
|
||||
return $headers;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets up the Resource
|
||||
*
|
||||
* @param SessionInterface The Session Storage Object
|
||||
*/
|
||||
public function __construct(SessionInterface $session)
|
||||
{
|
||||
$this->storages['session'] = $session;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the Request Object
|
||||
*
|
||||
* @param RequestInterface The Request Object
|
||||
*/
|
||||
public function setRequest(RequestInterface $request)
|
||||
{
|
||||
$this->request = $request;
|
||||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the Request object. It will create one from the globals if one is not set.
|
||||
*
|
||||
* @return Util\RequestInterface
|
||||
*/
|
||||
public function getRequest()
|
||||
{
|
||||
if ($this->request === null) {
|
||||
// @codeCoverageIgnoreStart
|
||||
$this->request = Request::buildFromGlobals();
|
||||
}
|
||||
// @codeCoverageIgnoreEnd
|
||||
|
||||
return $this->request;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the query string key for the access token.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function getTokenKey()
|
||||
{
|
||||
return $this->tokenKey;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the query string key for the access token.
|
||||
*
|
||||
* @param $key The new query string key
|
||||
*/
|
||||
public function setTokenKey($key)
|
||||
{
|
||||
$this->tokenKey = $key;
|
||||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the access token owner ID.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function getOwnerId()
|
||||
{
|
||||
return $this->ownerId;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the owner type.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function getOwnerType()
|
||||
{
|
||||
return $this->ownerType;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the access token.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function getAccessToken()
|
||||
{
|
||||
return $this->accessToken;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the client ID that created the session
|
||||
* @return string
|
||||
*/
|
||||
public function getClientId()
|
||||
{
|
||||
return $this->clientId;
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if the access token is valid or not.
|
||||
*
|
||||
* @param $headersOnly Limit Access Token to Authorization header only
|
||||
* @throws Exception\InvalidAccessTokenException Thrown if the presented access token is not valid
|
||||
* @return bool
|
||||
*/
|
||||
public function isValid($headersOnly = false)
|
||||
{
|
||||
$accessToken = $this->determineAccessToken($headersOnly);
|
||||
|
||||
$result = $this->storages['session']->validateAccessToken($accessToken);
|
||||
|
||||
if (! $result) {
|
||||
throw new Exception\InvalidAccessTokenException(self::$exceptionMessages['invalid_token'], 1);
|
||||
}
|
||||
|
||||
$this->accessToken = $accessToken;
|
||||
$this->sessionId = $result['session_id'];
|
||||
$this->clientId = $result['client_id'];
|
||||
$this->ownerType = $result['owner_type'];
|
||||
$this->ownerId = $result['owner_id'];
|
||||
|
||||
$sessionScopes = $this->storages['session']->getScopes($this->accessToken);
|
||||
foreach ($sessionScopes as $scope) {
|
||||
$this->sessionScopes[] = $scope['scope'];
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the session scopes
|
||||
* @return array
|
||||
*/
|
||||
public function getScopes()
|
||||
{
|
||||
return $this->sessionScopes;
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if the presented access token has the given scope(s).
|
||||
*
|
||||
* @param array|string An array of scopes or a single scope as a string
|
||||
* @param bool If scopes are required, missing scope will trigger an exception
|
||||
* @throws Exception\InsufficientScopeException Thrown if the any of the given scopes are not in the session
|
||||
* @return bool Returns bool if all scopes are found, false if any fail
|
||||
*/
|
||||
public function hasScope($scopes, $required = false)
|
||||
{
|
||||
if (!is_array($scopes)) {
|
||||
$scopes = array($scopes);
|
||||
}
|
||||
|
||||
$missing = array_diff($scopes, $this->sessionScopes);
|
||||
|
||||
if ($missing) {
|
||||
if ($required) {
|
||||
$missing = implode(', ', $missing);
|
||||
throw new Exception\InsufficientScopeException(sprintf(self::$exceptionMessages['insufficient_scope'], $missing), 3);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Reads in the access token from the headers.
|
||||
*
|
||||
* @param $headersOnly Limit Access Token to Authorization header only
|
||||
* @throws Exception\MissingAccessTokenException Thrown if there is no access token presented
|
||||
* @return string
|
||||
*/
|
||||
public function determineAccessToken($headersOnly = false)
|
||||
{
|
||||
// Try to get it directly from a header
|
||||
if (! $header = $this->getRequest()->header('Authorization')) {
|
||||
|
||||
// Failing that try getting it from a server variable
|
||||
$header = $this->getRequest()->server('HTTP_AUTHORIZATION');
|
||||
}
|
||||
|
||||
// One of them worked
|
||||
if ($header) {
|
||||
// Check for special case, because cURL sometimes does an
|
||||
// internal second request and doubles the authorization header,
|
||||
// which always resulted in an error.
|
||||
//
|
||||
// 1st request: Authorization: Bearer XXX
|
||||
// 2nd request: Authorization: Bearer XXX, Bearer XXX
|
||||
if (strpos($header, ',') !== false) {
|
||||
$headerPart = explode(',', $header);
|
||||
$accessToken = trim(preg_replace('/^(?:\s+)?Bearer\s/', '', $headerPart[0]));
|
||||
} else {
|
||||
$accessToken = trim(preg_replace('/^(?:\s+)?Bearer\s/', '', $header));
|
||||
}
|
||||
$accessToken = ($accessToken === 'Bearer') ? '' : $accessToken;
|
||||
} elseif ($headersOnly === false) {
|
||||
$method = $this->getRequest()->server('REQUEST_METHOD');
|
||||
$accessToken = $this->getRequest()->{$method}($this->tokenKey);
|
||||
}
|
||||
|
||||
if (empty($accessToken)) {
|
||||
throw new Exception\MissingAccessTokenException(self::$exceptionMessages['invalid_request'], 0);
|
||||
}
|
||||
|
||||
return $accessToken;
|
||||
}
|
||||
}
|
@ -1,332 +0,0 @@
|
||||
<?php
|
||||
/**
|
||||
* OAuth 2.0 Session storage interface
|
||||
*
|
||||
* @package php-loep/oauth2-server
|
||||
* @author Alex Bilbie <hello@alexbilbie.com>
|
||||
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages
|
||||
* @license http://mit-license.org/
|
||||
* @link http://github.com/php-loep/oauth2-server
|
||||
*/
|
||||
|
||||
namespace League\OAuth2\Server\Storage;
|
||||
|
||||
interface SessionInterface
|
||||
{
|
||||
/**
|
||||
* Create a new session
|
||||
*
|
||||
* Example SQL query:
|
||||
*
|
||||
* <code>
|
||||
* INSERT INTO oauth_sessions (client_id, owner_type, owner_id)
|
||||
* VALUE (:clientId, :ownerType, :ownerId)
|
||||
* </code>
|
||||
*
|
||||
* @param string $clientId The client ID
|
||||
* @param string $ownerType The type of the session owner (e.g. "user")
|
||||
* @param string $ownerId The ID of the session owner (e.g. "123")
|
||||
* @return int The session ID
|
||||
*/
|
||||
public function createSession($clientId, $ownerType, $ownerId);
|
||||
|
||||
/**
|
||||
* Delete a session
|
||||
*
|
||||
* Example SQL query:
|
||||
*
|
||||
* <code>
|
||||
* DELETE FROM oauth_sessions WHERE client_id = :clientId AND owner_type = :type AND owner_id = :typeId
|
||||
* </code>
|
||||
*
|
||||
* @param string $clientId The client ID
|
||||
* @param string $ownerType The type of the session owner (e.g. "user")
|
||||
* @param string $ownerId The ID of the session owner (e.g. "123")
|
||||
* @return void
|
||||
*/
|
||||
public function deleteSession($clientId, $ownerType, $ownerId);
|
||||
|
||||
/**
|
||||
* Associate a redirect URI with a session
|
||||
*
|
||||
* Example SQL query:
|
||||
*
|
||||
* <code>
|
||||
* INSERT INTO oauth_session_redirects (session_id, redirect_uri) VALUE (:sessionId, :redirectUri)
|
||||
* </code>
|
||||
*
|
||||
* @param int $sessionId The session ID
|
||||
* @param string $redirectUri The redirect URI
|
||||
* @return void
|
||||
*/
|
||||
public function associateRedirectUri($sessionId, $redirectUri);
|
||||
|
||||
/**
|
||||
* Associate an access token with a session
|
||||
*
|
||||
* Example SQL query:
|
||||
*
|
||||
* <code>
|
||||
* INSERT INTO oauth_session_access_tokens (session_id, access_token, access_token_expires)
|
||||
* VALUE (:sessionId, :accessToken, :accessTokenExpire)
|
||||
* </code>
|
||||
*
|
||||
* @param int $sessionId The session ID
|
||||
* @param string $accessToken The access token
|
||||
* @param int $expireTime Unix timestamp of the access token expiry time
|
||||
* @return int The access token ID
|
||||
*/
|
||||
public function associateAccessToken($sessionId, $accessToken, $expireTime);
|
||||
|
||||
/**
|
||||
* Associate a refresh token with a session
|
||||
*
|
||||
* Example SQL query:
|
||||
*
|
||||
* <code>
|
||||
* INSERT INTO oauth_session_refresh_tokens (session_access_token_id, refresh_token, refresh_token_expires,
|
||||
* client_id) VALUE (:accessTokenId, :refreshToken, :expireTime, :clientId)
|
||||
* </code>
|
||||
*
|
||||
* @param int $accessTokenId The access token ID
|
||||
* @param string $refreshToken The refresh token
|
||||
* @param int $expireTime Unix timestamp of the refresh token expiry time
|
||||
* @param string $clientId The client ID
|
||||
* @return void
|
||||
*/
|
||||
public function associateRefreshToken($accessTokenId, $refreshToken, $expireTime, $clientId);
|
||||
|
||||
/**
|
||||
* Assocate an authorization code with a session
|
||||
*
|
||||
* Example SQL query:
|
||||
*
|
||||
* <code>
|
||||
* INSERT INTO oauth_session_authcodes (session_id, auth_code, auth_code_expires)
|
||||
* VALUE (:sessionId, :authCode, :authCodeExpires)
|
||||
* </code>
|
||||
*
|
||||
* @param int $sessionId The session ID
|
||||
* @param string $authCode The authorization code
|
||||
* @param int $expireTime Unix timestamp of the access token expiry time
|
||||
* @return int The auth code ID
|
||||
*/
|
||||
public function associateAuthCode($sessionId, $authCode, $expireTime);
|
||||
|
||||
/**
|
||||
* Remove an associated authorization token from a session
|
||||
*
|
||||
* Example SQL query:
|
||||
*
|
||||
* <code>
|
||||
* DELETE FROM oauth_session_authcodes WHERE session_id = :sessionId
|
||||
* </code>
|
||||
*
|
||||
* @param int $sessionId The session ID
|
||||
* @return void
|
||||
*/
|
||||
public function removeAuthCode($sessionId);
|
||||
|
||||
/**
|
||||
* Validate an authorization code
|
||||
*
|
||||
* Example SQL query:
|
||||
*
|
||||
* <code>
|
||||
* SELECT oauth_sessions.id AS session_id, oauth_session_authcodes.id AS authcode_id FROM oauth_sessions
|
||||
* JOIN oauth_session_authcodes ON oauth_session_authcodes.`session_id` = oauth_sessions.id
|
||||
* JOIN oauth_session_redirects ON oauth_session_redirects.`session_id` = oauth_sessions.id WHERE
|
||||
* oauth_sessions.client_id = :clientId AND oauth_session_authcodes.`auth_code` = :authCode
|
||||
* AND `oauth_session_authcodes`.`auth_code_expires` >= :time AND
|
||||
* `oauth_session_redirects`.`redirect_uri` = :redirectUri
|
||||
* </code>
|
||||
*
|
||||
* Expected response:
|
||||
*
|
||||
* <code>
|
||||
* array(
|
||||
* 'session_id' => (int)
|
||||
* 'authcode_id' => (int)
|
||||
* )
|
||||
* </code>
|
||||
*
|
||||
* @param string $clientId The client ID
|
||||
* @param string $redirectUri The redirect URI
|
||||
* @param string $authCode The authorization code
|
||||
* @return array|bool False if invalid or array as above
|
||||
*/
|
||||
public function validateAuthCode($clientId, $redirectUri, $authCode);
|
||||
|
||||
/**
|
||||
* Validate an access token
|
||||
*
|
||||
* Example SQL query:
|
||||
*
|
||||
* <code>
|
||||
* SELECT session_id, oauth_sessions.`client_id`, oauth_sessions.`owner_id`, oauth_sessions.`owner_type`
|
||||
* FROM `oauth_session_access_tokens` JOIN oauth_sessions ON oauth_sessions.`id` = session_id WHERE
|
||||
* access_token = :accessToken AND access_token_expires >= UNIX_TIMESTAMP(NOW())
|
||||
* </code>
|
||||
*
|
||||
* Expected response:
|
||||
*
|
||||
* <code>
|
||||
* array(
|
||||
* 'session_id' => (int),
|
||||
* 'client_id' => (string),
|
||||
* 'owner_id' => (string),
|
||||
* 'owner_type' => (string)
|
||||
* )
|
||||
* </code>
|
||||
*
|
||||
* @param string $accessToken The access token
|
||||
* @return array|bool False if invalid or an array as above
|
||||
*/
|
||||
public function validateAccessToken($accessToken);
|
||||
|
||||
/**
|
||||
* Removes a refresh token
|
||||
*
|
||||
* Example SQL query:
|
||||
*
|
||||
* <code>
|
||||
* DELETE FROM `oauth_session_refresh_tokens` WHERE refresh_token = :refreshToken
|
||||
* </code>
|
||||
*
|
||||
* @param string $refreshToken The refresh token to be removed
|
||||
* @return void
|
||||
*/
|
||||
public function removeRefreshToken($refreshToken);
|
||||
|
||||
/**
|
||||
* Validate a refresh token
|
||||
*
|
||||
* Example SQL query:
|
||||
*
|
||||
* <code>
|
||||
* SELECT session_access_token_id FROM `oauth_session_refresh_tokens` WHERE refresh_token = :refreshToken
|
||||
* AND refresh_token_expires >= UNIX_TIMESTAMP(NOW()) AND client_id = :clientId
|
||||
* </code>
|
||||
*
|
||||
* @param string $refreshToken The refresh token
|
||||
* @param string $clientId The client ID
|
||||
* @return int|bool The ID of the access token the refresh token is linked to (or false if invalid)
|
||||
*/
|
||||
public function validateRefreshToken($refreshToken, $clientId);
|
||||
|
||||
/**
|
||||
* Get an access token by ID
|
||||
*
|
||||
* Example SQL query:
|
||||
*
|
||||
* <code>
|
||||
* SELECT * FROM `oauth_session_access_tokens` WHERE `id` = :accessTokenId
|
||||
* </code>
|
||||
*
|
||||
* Expected response:
|
||||
*
|
||||
* <code>
|
||||
* array(
|
||||
* 'id' => (int),
|
||||
* 'session_id' => (int),
|
||||
* 'access_token' => (string),
|
||||
* 'access_token_expires' => (int)
|
||||
* )
|
||||
* </code>
|
||||
*
|
||||
* @param int $accessTokenId The access token ID
|
||||
* @return array
|
||||
*/
|
||||
public function getAccessToken($accessTokenId);
|
||||
|
||||
/**
|
||||
* Associate scopes with an auth code (bound to the session)
|
||||
*
|
||||
* Example SQL query:
|
||||
*
|
||||
* <code>
|
||||
* INSERT INTO `oauth_session_authcode_scopes` (`oauth_session_authcode_id`, `scope_id`) VALUES
|
||||
* (:authCodeId, :scopeId)
|
||||
* </code>
|
||||
*
|
||||
* @param int $authCodeId The auth code ID
|
||||
* @param int $scopeId The scope ID
|
||||
* @return void
|
||||
*/
|
||||
public function associateAuthCodeScope($authCodeId, $scopeId);
|
||||
|
||||
/**
|
||||
* Get the scopes associated with an auth code
|
||||
*
|
||||
* Example SQL query:
|
||||
*
|
||||
* <code>
|
||||
* SELECT scope_id FROM `oauth_session_authcode_scopes` WHERE oauth_session_authcode_id = :authCodeId
|
||||
* </code>
|
||||
*
|
||||
* Expected response:
|
||||
*
|
||||
* <code>
|
||||
* array(
|
||||
* array(
|
||||
* 'scope_id' => (int)
|
||||
* ),
|
||||
* array(
|
||||
* 'scope_id' => (int)
|
||||
* ),
|
||||
* ...
|
||||
* )
|
||||
* </code>
|
||||
*
|
||||
* @param int $oauthSessionAuthCodeId The session ID
|
||||
* @return array
|
||||
*/
|
||||
public function getAuthCodeScopes($oauthSessionAuthCodeId);
|
||||
|
||||
/**
|
||||
* Associate a scope with an access token
|
||||
*
|
||||
* Example SQL query:
|
||||
*
|
||||
* <code>
|
||||
* INSERT INTO `oauth_session_token_scopes` (`session_access_token_id`, `scope_id`) VALUE (:accessTokenId, :scopeId)
|
||||
* </code>
|
||||
*
|
||||
* @param int $accessTokenId The ID of the access token
|
||||
* @param int $scopeId The ID of the scope
|
||||
* @return void
|
||||
*/
|
||||
public function associateScope($accessTokenId, $scopeId);
|
||||
|
||||
/**
|
||||
* Get all associated access tokens for an access token
|
||||
*
|
||||
* Example SQL query:
|
||||
*
|
||||
* <code>
|
||||
* SELECT oauth_scopes.* FROM oauth_session_token_scopes JOIN oauth_session_access_tokens
|
||||
* ON oauth_session_access_tokens.`id` = `oauth_session_token_scopes`.`session_access_token_id`
|
||||
* JOIN oauth_scopes ON oauth_scopes.id = `oauth_session_token_scopes`.`scope_id`
|
||||
* WHERE access_token = :accessToken
|
||||
* </code>
|
||||
*
|
||||
* Expected response:
|
||||
*
|
||||
* <code>
|
||||
* array (
|
||||
* array(
|
||||
* 'id' => (int),
|
||||
* 'scope' => (string),
|
||||
* 'name' => (string),
|
||||
* 'description' => (string)
|
||||
* ),
|
||||
* ...
|
||||
* ...
|
||||
* )
|
||||
* </code>
|
||||
*
|
||||
* @param string $accessToken The access token
|
||||
* @return array
|
||||
*/
|
||||
public function getScopes($accessToken);
|
||||
}
|
@ -1,38 +0,0 @@
|
||||
<?php
|
||||
/**
|
||||
* OAuth 2.0 Secure key default algorithm
|
||||
*
|
||||
* @package php-loep/oauth2-server
|
||||
* @author Alex Bilbie <hello@alexbilbie.com>
|
||||
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages
|
||||
* @license http://mit-license.org/
|
||||
* @link http://github.com/php-loep/oauth2-server
|
||||
*/
|
||||
|
||||
namespace League\OAuth2\Server\Util\KeyAlgorithm;
|
||||
|
||||
|
||||
class DefaultAlgorithm implements KeyAlgorithmInterface
|
||||
{
|
||||
/**
|
||||
* @param int $len
|
||||
* @return string
|
||||
* @throws \Exception
|
||||
*/
|
||||
public function make($len = 40)
|
||||
{
|
||||
// We generate twice as many bytes here because we want to ensure we have
|
||||
// enough after we base64 encode it to get the length we need because we
|
||||
// take out the "/", "+", and "=" characters.
|
||||
$bytes = openssl_random_pseudo_bytes($len * 2, $strong);
|
||||
|
||||
// We want to stop execution if the key fails because, well, that is bad.
|
||||
if ($bytes === false || $strong === false) {
|
||||
// @codeCoverageIgnoreStart
|
||||
throw new \Exception('Error Generating Key');
|
||||
// @codeCoverageIgnoreEnd
|
||||
}
|
||||
|
||||
return substr(str_replace(array('/', '+', '='), '', base64_encode($bytes)), 0, $len);
|
||||
}
|
||||
}
|
@ -1,18 +0,0 @@
|
||||
<?php
|
||||
/**
|
||||
* OAuth 2.0 Key algorithm interface
|
||||
*
|
||||
* @package php-loep/oauth2-server
|
||||
* @author Alex Bilbie <hello@alexbilbie.com>
|
||||
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages
|
||||
* @license http://mit-license.org/
|
||||
* @link http://github.com/php-loep/oauth2-server
|
||||
*/
|
||||
|
||||
namespace League\OAuth2\Server\Util\KeyAlgorithm;
|
||||
|
||||
|
||||
interface KeyAlgorithmInterface
|
||||
{
|
||||
public function make($len = 40);
|
||||
}
|
@ -1,149 +0,0 @@
|
||||
<?php
|
||||
/**
|
||||
* OAuth 2.0 Request class
|
||||
*
|
||||
* @package php-loep/oauth2-server
|
||||
* @author Alex Bilbie <hello@alexbilbie.com>
|
||||
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages
|
||||
* @license http://mit-license.org/
|
||||
* @link http://github.com/php-loep/oauth2-server
|
||||
*/
|
||||
|
||||
namespace League\OAuth2\Server\Util;
|
||||
|
||||
use OutOfBoundsException;
|
||||
use InvalidMethodCallException;
|
||||
use InvalidArgumentException;
|
||||
|
||||
class Request implements RequestInterface
|
||||
{
|
||||
protected $get = array();
|
||||
protected $post = array();
|
||||
protected $cookies = array();
|
||||
protected $files = array();
|
||||
protected $server = array();
|
||||
protected $headers = array();
|
||||
|
||||
public static function buildFromGlobals()
|
||||
{
|
||||
return new static($_GET, $_POST, $_COOKIE, $_FILES, $_SERVER);
|
||||
}
|
||||
|
||||
public function __construct(array $get = array(), array $post = array(), array $cookies = array(), array $files = array(), array $server = array(), $headers = array())
|
||||
{
|
||||
$this->get = $get;
|
||||
$this->post = $post;
|
||||
$this->cookies = $cookies;
|
||||
$this->files = $files;
|
||||
$this->server = $server;
|
||||
|
||||
if (empty($headers)) {
|
||||
$this->headers = $this->readHeaders();
|
||||
} else {
|
||||
$this->headers = $this->normalizeHeaders($headers);
|
||||
}
|
||||
}
|
||||
|
||||
public function get($index = null, $default = null)
|
||||
{
|
||||
return $this->getPropertyValue('get', $index, $default);
|
||||
}
|
||||
|
||||
public function post($index = null, $default = null)
|
||||
{
|
||||
return $this->getPropertyValue('post', $index, $default);
|
||||
}
|
||||
|
||||
public function file($index = null, $default = null)
|
||||
{
|
||||
return $this->getPropertyValue('files', $index, $default);
|
||||
}
|
||||
|
||||
public function cookie($index = null, $default = null)
|
||||
{
|
||||
return $this->getPropertyValue('cookies', $index, $default);
|
||||
}
|
||||
|
||||
public function server($index = null, $default = null)
|
||||
{
|
||||
return $this->getPropertyValue('server', $index, $default);
|
||||
}
|
||||
|
||||
public function header($index = null, $default = null)
|
||||
{
|
||||
return $this->getPropertyValue('headers', $index, $default);
|
||||
}
|
||||
|
||||
protected function readHeaders()
|
||||
{
|
||||
if (function_exists('apache_request_headers')) {
|
||||
// @codeCoverageIgnoreStart
|
||||
$headers = apache_request_headers();
|
||||
} elseif (function_exists('http_get_request_headers')) {
|
||||
$headers = http_get_request_headers();
|
||||
} else {
|
||||
// @codeCoverageIgnoreEnd
|
||||
$headers = array();
|
||||
foreach ($this->server() as $name => $value) {
|
||||
if (substr($name, 0, 5) == 'HTTP_') {
|
||||
// HTTP_FOO_BAR becomes FOO-BAR
|
||||
$name = str_replace(array('HTTP_', '_'), array('', '-'), $name);
|
||||
$headers[$name] = $value;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $this->normalizeHeaders($headers);
|
||||
}
|
||||
|
||||
protected function getPropertyValue($property, $index = null, $default = null)
|
||||
{
|
||||
if ( ! isset($this->{$property})) {
|
||||
throw new InvalidArgumentException("Property '$property' does not exist.");
|
||||
}
|
||||
if (is_null($index)) {
|
||||
return $this->{$property};
|
||||
}
|
||||
|
||||
if ( ! array_key_exists($index, $this->{$property})) {
|
||||
return $default;
|
||||
}
|
||||
|
||||
return $this->{$property}[$index];
|
||||
}
|
||||
|
||||
/**
|
||||
* Takes all of the headers and normalizes them in a canonical form.
|
||||
*
|
||||
* @param array $headers The request headers.
|
||||
* @return array An arry of headers with the header name normalized
|
||||
*/
|
||||
protected function normalizeHeaders(array $headers)
|
||||
{
|
||||
$normalized = array();
|
||||
foreach ($headers as $key => $value) {
|
||||
$normalized[ucfirst($this->normalizeKey($key))] = $value;
|
||||
}
|
||||
|
||||
return $normalized;
|
||||
}
|
||||
|
||||
/**
|
||||
* Transform header name into canonical form
|
||||
*
|
||||
* Taken from the Slim codebase...
|
||||
*
|
||||
* @param string $key
|
||||
* @return string
|
||||
*/
|
||||
protected function normalizeKey($key)
|
||||
{
|
||||
$key = strtolower($key);
|
||||
$key = str_replace(array('-', '_'), ' ', $key);
|
||||
$key = preg_replace('#^http #', '', $key);
|
||||
$key = ucwords($key);
|
||||
$key = str_replace(' ', '-', $key);
|
||||
|
||||
return $key;
|
||||
}
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user