From 3e5889e93bcaaed4de1a0e205d0b00aeddef150f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juli=C3=A1n=20Guti=C3=A9rrez?= Date: Wed, 20 Jan 2016 10:36:16 +0100 Subject: [PATCH 1/2] minor improvements and documentation fixes --- .../Interfaces/AccessTokenEntityInterface.php | 2 +- src/Entities/ScopeEntity.php | 2 +- src/Entities/Traits/ClientEntityTrait.php | 2 +- src/Entities/Traits/RefreshTokenTrait.php | 2 +- src/Entities/Traits/TokenEntityTrait.php | 2 +- src/Exception/OAuthServerException.php | 6 ++++-- src/Grant/AbstractGrant.php | 19 ++++--------------- src/Grant/GrantTypeInterface.php | 11 ++--------- src/Grant/PasswordGrant.php | 2 +- src/Grant/RefreshTokenGrant.php | 9 ++++----- .../AuthCodeRepositoryInterface.php | 2 -- .../ClientRepositoryInterface.php | 4 ++-- src/Repositories/MacTokenInterface.php | 9 +++++---- .../RefreshTokenRepositoryInterface.php | 4 ++-- src/Repositories/ScopeRepositoryInterface.php | 6 +++--- src/ResponseTypes/BearerTokenResponse.php | 8 +++++--- src/Server.php | 1 - 17 files changed, 37 insertions(+), 54 deletions(-) diff --git a/src/Entities/Interfaces/AccessTokenEntityInterface.php b/src/Entities/Interfaces/AccessTokenEntityInterface.php index 242bc8da..2f62f045 100644 --- a/src/Entities/Interfaces/AccessTokenEntityInterface.php +++ b/src/Entities/Interfaces/AccessTokenEntityInterface.php @@ -4,4 +4,4 @@ namespace League\OAuth2\Server\Entities\Interfaces; interface AccessTokenEntityInterface extends TokenInterface { -} \ No newline at end of file +} diff --git a/src/Entities/ScopeEntity.php b/src/Entities/ScopeEntity.php index 09fd0227..5c21e55e 100644 --- a/src/Entities/ScopeEntity.php +++ b/src/Entities/ScopeEntity.php @@ -15,7 +15,7 @@ class ScopeEntity implements ScopeEntityInterface /** * @inheritdoc */ - function jsonSerialize() + public function jsonSerialize() { return $this->getIdentifier(); } diff --git a/src/Entities/Traits/ClientEntityTrait.php b/src/Entities/Traits/ClientEntityTrait.php index fee28e0e..80e61b93 100644 --- a/src/Entities/Traits/ClientEntityTrait.php +++ b/src/Entities/Traits/ClientEntityTrait.php @@ -25,4 +25,4 @@ trait ClientEntityTrait { $this->name = $name; } -} \ No newline at end of file +} diff --git a/src/Entities/Traits/RefreshTokenTrait.php b/src/Entities/Traits/RefreshTokenTrait.php index 71e39225..0e0a3500 100644 --- a/src/Entities/Traits/RefreshTokenTrait.php +++ b/src/Entities/Traits/RefreshTokenTrait.php @@ -50,4 +50,4 @@ trait RefreshTokenTrait { $this->expiryDateTime = $dateTime; } -} \ No newline at end of file +} diff --git a/src/Entities/Traits/TokenEntityTrait.php b/src/Entities/Traits/TokenEntityTrait.php index d16e6f8d..324de912 100644 --- a/src/Entities/Traits/TokenEntityTrait.php +++ b/src/Entities/Traits/TokenEntityTrait.php @@ -123,4 +123,4 @@ trait TokenEntityTrait { return (new DateTime()) > $this->getExpiryDateTime(); } -} \ No newline at end of file +} diff --git a/src/Exception/OAuthServerException.php b/src/Exception/OAuthServerException.php index b0309290..88b0ab04 100644 --- a/src/Exception/OAuthServerException.php +++ b/src/Exception/OAuthServerException.php @@ -60,7 +60,8 @@ class OAuthServerException extends \Exception $localizedHint = null ) { $errorMessage = (is_null($localizedError)) - ? 'The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.' + ? 'The provided authorization grant is invalid, expired, revoked, does not match ' . + 'the redirection URI used in the authorization request, or was issued to another client.' : $localizedError; $hint = (is_null($localizedHint)) ? 'Check the `grant_type` parameter' @@ -106,7 +107,8 @@ class OAuthServerException extends \Exception $localizedHint = null ) { $errorMessage = (is_null($localizedError)) - ? 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.' + ? 'The request is missing a required parameter, includes an invalid parameter value, ' . + 'includes a parameter more than once, or is otherwise malformed.' : $localizedError; $hint = (is_null($localizedHint)) ? sprintf('Check the `%s` parameter', $parameter) diff --git a/src/Grant/AbstractGrant.php b/src/Grant/AbstractGrant.php index 490ecf4c..0fe2c987 100644 --- a/src/Grant/AbstractGrant.php +++ b/src/Grant/AbstractGrant.php @@ -11,7 +11,7 @@ namespace League\OAuth2\Server\Grant; -use League\Event\EmitterInterface; +use League\Event\EmitterAwareTrait; use League\Event\Event; use League\OAuth2\Server\Entities\AccessTokenEntity; use League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface; @@ -29,6 +29,8 @@ use Psr\Http\Message\ServerRequestInterface; */ abstract class AbstractGrant implements GrantTypeInterface { + use EmitterAwareTrait; + const SCOPE_DELIMITER_STRING = ' '; /** @@ -60,11 +62,6 @@ abstract class AbstractGrant implements GrantTypeInterface */ protected $accessTokenRepository; - /** - * @var \League\Event\Emitter - */ - protected $emitter; - /** * @var ScopeRepositoryInterface */ @@ -120,14 +117,6 @@ abstract class AbstractGrant implements GrantTypeInterface $this->pathToPublicKey = $pathToPublicKey; } - /** - * @inheritdoc - */ - public function setEmitter(EmitterInterface $emitter) - { - $this->emitter = $emitter; - } - /** * {@inheritdoc} */ @@ -179,7 +168,7 @@ abstract class AbstractGrant implements GrantTypeInterface ); if (!$client instanceof ClientEntityInterface) { - $this->emitter->emit(new Event('client.authentication.failed', $request)); + $this->getEmitter()->emit(new Event('client.authentication.failed', $request)); throw OAuthServerException::invalidClient(); } diff --git a/src/Grant/GrantTypeInterface.php b/src/Grant/GrantTypeInterface.php index 5bc9bf08..bb2b07a6 100644 --- a/src/Grant/GrantTypeInterface.php +++ b/src/Grant/GrantTypeInterface.php @@ -12,7 +12,7 @@ namespace League\OAuth2\Server\Grant; use DateInterval; -use League\Event\EmitterInterface; +use League\Event\EmitterAwareInterface; use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface; use League\OAuth2\Server\Repositories\ClientRepositoryInterface; use League\OAuth2\Server\Repositories\ScopeRepositoryInterface; @@ -22,7 +22,7 @@ use Psr\Http\Message\ServerRequestInterface; /** * Grant type interface */ -interface GrantTypeInterface +interface GrantTypeInterface extends EmitterAwareInterface { /** * Return the identifier @@ -67,13 +67,6 @@ interface GrantTypeInterface */ public function canRespondToRequest(ServerRequestInterface $request); - /** - * Set the event emitter - * - * @param \League\Event\EmitterInterface $emitter - */ - public function setEmitter(EmitterInterface $emitter); - /** * Set the client repository * diff --git a/src/Grant/PasswordGrant.php b/src/Grant/PasswordGrant.php index 50593ef3..57b85570 100644 --- a/src/Grant/PasswordGrant.php +++ b/src/Grant/PasswordGrant.php @@ -100,7 +100,7 @@ class PasswordGrant extends AbstractGrant $user = $this->userRepository->getUserEntityByUserCredentials($username, $password); if (!$user instanceof UserEntityInterface) { - $this->emitter->emit(new Event('user.authentication.failed', $request)); + $this->getEmitter()->emit(new Event('user.authentication.failed', $request)); throw OAuthServerException::invalidCredentials(); } diff --git a/src/Grant/RefreshTokenGrant.php b/src/Grant/RefreshTokenGrant.php index d8348d25..df935c92 100644 --- a/src/Grant/RefreshTokenGrant.php +++ b/src/Grant/RefreshTokenGrant.php @@ -38,9 +38,8 @@ class RefreshTokenGrant extends AbstractGrant /** * @param \League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface $refreshTokenRepository */ - public function __construct( - RefreshTokenRepositoryInterface $refreshTokenRepository - ) { + public function __construct(RefreshTokenRepositoryInterface $refreshTokenRepository) + { $this->refreshTokenRepository = $refreshTokenRepository; } @@ -64,7 +63,7 @@ class RefreshTokenGrant extends AbstractGrant // the request doesn't include any new scopes foreach ($scopes as $scope) { if (in_array($scope->getIdentifier(), $oldRefreshToken['scopes']) === false) { - $this->emitter->emit(new Event('scope.selection.failed', $request)); + $this->getEmitter()->emit(new Event('scope.selection.failed', $request)); throw OAuthServerException::invalidScope($scope->getIdentifier()); } @@ -112,7 +111,7 @@ class RefreshTokenGrant extends AbstractGrant $refreshTokenData = json_decode($refreshToken, true); if ($refreshTokenData['client_id'] !== $clientId) { - $this->emitter->emit(new Event('refresh_token.client.failed', $request)); + $this->getEmitter()->emit(new Event('refresh_token.client.failed', $request)); throw OAuthServerException::invalidRefreshToken( 'Token is not linked to client,' . diff --git a/src/Repositories/AuthCodeRepositoryInterface.php b/src/Repositories/AuthCodeRepositoryInterface.php index 85852ef3..481106d3 100644 --- a/src/Repositories/AuthCodeRepositoryInterface.php +++ b/src/Repositories/AuthCodeRepositoryInterface.php @@ -33,8 +33,6 @@ interface AuthCodeRepositoryInterface extends RepositoryInterface * @param string $code The authorization code string * @param integer $expireTime Token expire time * @param string $redirectUri Client redirect uri - * - * @return void */ public function persistNewAuthCode($code, $expireTime, $redirectUri); diff --git a/src/Repositories/ClientRepositoryInterface.php b/src/Repositories/ClientRepositoryInterface.php index b9b9aa3a..0cd88ad2 100644 --- a/src/Repositories/ClientRepositoryInterface.php +++ b/src/Repositories/ClientRepositoryInterface.php @@ -20,11 +20,11 @@ interface ClientRepositoryInterface extends RepositoryInterface * Get a client * * @param string $clientIdentifier The client's identifier - * @param string|null $clientSecret The client's secret + * @param string $clientSecret The client's secret * @param string|null $redirectUri The client's redirect URI * @param string|null $grantType The grant type used * * @return \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface */ - public function getClientEntity($clientIdentifier, $grantType, $clientSecret = null, $redirectUri = null); + public function getClientEntity($clientIdentifier, $clientSecret, $redirectUri = null, $grantType = null); } diff --git a/src/Repositories/MacTokenInterface.php b/src/Repositories/MacTokenInterface.php index 4b84b147..833a0d7b 100644 --- a/src/Repositories/MacTokenInterface.php +++ b/src/Repositories/MacTokenInterface.php @@ -13,7 +13,6 @@ namespace League\OAuth2\Server\Storage; use League\OAuth2\Server\Repositories\RepositoryInterface; - /** * MacTokenInterface */ @@ -21,15 +20,17 @@ interface MacTokenInterface extends RepositoryInterface { /** * Create a MAC key linked to an access token - * @param string $macKey - * @param string $accessToken - * @return void + * + * @param string $macKey + * @param string $accessToken */ public function persistMacTokenEntity($macKey, $accessToken); /** * Get a MAC key by access token + * * @param string $accessToken + * * @return string */ public function getMacKeyByAccessTokenString($accessToken); diff --git a/src/Repositories/RefreshTokenRepositoryInterface.php b/src/Repositories/RefreshTokenRepositoryInterface.php index 1ac9a0d1..533351d8 100644 --- a/src/Repositories/RefreshTokenRepositoryInterface.php +++ b/src/Repositories/RefreshTokenRepositoryInterface.php @@ -21,9 +21,9 @@ interface RefreshTokenRepositoryInterface extends RepositoryInterface /** * Create a new refresh token_name * - * @param \League\OAuth2\Server\Entities\Interfaces\RefreshTokenEntityInterface $refreshTokenEntityInterface + * @param \League\OAuth2\Server\Entities\Interfaces\RefreshTokenEntityInterface $refreshTokenEntity */ - public function persistNewRefreshToken(RefreshTokenEntityInterface $refreshTokenEntityInterface); + public function persistNewRefreshToken(RefreshTokenEntityInterface $refreshTokenEntity); /** * Revoke the refresh token diff --git a/src/Repositories/ScopeRepositoryInterface.php b/src/Repositories/ScopeRepositoryInterface.php index 276ce264..0b45efe9 100644 --- a/src/Repositories/ScopeRepositoryInterface.php +++ b/src/Repositories/ScopeRepositoryInterface.php @@ -19,9 +19,9 @@ interface ScopeRepositoryInterface extends RepositoryInterface /** * Return information about a scope * - * @param string $identifier The scope identifier - * @param string $grantType The grant type used in the request - * @param string $clientId The client sending the request + * @param string $identifier The scope identifier + * @param string $grantType The grant type used in the request + * @param string|null $clientId The client sending the request * * @return \League\OAuth2\Server\Entities\Interfaces\ScopeEntityInterface */ diff --git a/src/ResponseTypes/BearerTokenResponse.php b/src/ResponseTypes/BearerTokenResponse.php index 278b166d..ae171fb1 100644 --- a/src/ResponseTypes/BearerTokenResponse.php +++ b/src/ResponseTypes/BearerTokenResponse.php @@ -28,12 +28,14 @@ class BearerTokenResponse extends AbstractResponseType */ public function generateHttpResponse(ResponseInterface $response) { + $expireDateTime = $this->accessToken->getExpiryDateTime()->getTimestamp(); + $jwtAccessToken = (new Builder()) ->setAudience($this->accessToken->getClient()->getIdentifier()) ->setId($this->accessToken->getIdentifier(), true) ->setIssuedAt(time()) ->setNotBefore(time()) - ->setExpiration($this->accessToken->getExpiryDateTime()->getTimestamp()) + ->setExpiration($expireDateTime) ->setSubject($this->accessToken->getUserIdentifier()) ->set('scopes', $this->accessToken->getScopes()) ->sign(new Sha256(), new Key($this->pathToPrivateKey)) @@ -41,7 +43,7 @@ class BearerTokenResponse extends AbstractResponseType $responseParams = [ 'token_type' => 'Bearer', - 'expires_in' => $this->accessToken->getExpiryDateTime()->getTimestamp() - (new \DateTime())->getTimestamp(), + 'expires_in' => $expireDateTime - (new \DateTime)->getTimestamp(), 'access_token' => (string) $jwtAccessToken, ]; @@ -54,7 +56,7 @@ class BearerTokenResponse extends AbstractResponseType 'access_token_id' => $this->accessToken->getIdentifier(), 'scopes' => $this->accessToken->getScopes(), 'user_id' => $this->accessToken->getUserIdentifier(), - 'expire_time' => $this->refreshToken->getExpiryDateTime()->getTimestamp(), + 'expire_time' => $expireDateTime, ] ), $this->pathToPrivateKey diff --git a/src/Server.php b/src/Server.php index a62e8b32..afc2a73a 100644 --- a/src/Server.php +++ b/src/Server.php @@ -2,7 +2,6 @@ namespace League\OAuth2\Server; -use DateInterval; use League\Event\EmitterAwareInterface; use League\Event\EmitterAwareTrait; use League\OAuth2\Server\Exception\OAuthServerException; From 8fb64041df61259dbb13cfd3a6279905ffb6e005 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juli=C3=A1n=20Guti=C3=A9rrez?= Date: Wed, 20 Jan 2016 12:50:23 +0100 Subject: [PATCH 2/2] client secret can be null --- src/Grant/AbstractGrant.php | 4 ++-- src/Repositories/ClientRepositoryInterface.php | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/Grant/AbstractGrant.php b/src/Grant/AbstractGrant.php index 0fe2c987..f4fe47ba 100644 --- a/src/Grant/AbstractGrant.php +++ b/src/Grant/AbstractGrant.php @@ -161,10 +161,10 @@ abstract class AbstractGrant implements GrantTypeInterface } $client = $this->clientRepository->getClientEntity( + $this->getIdentifier(), $clientId, $clientSecret, - null, - $this->getIdentifier() + null ); if (!$client instanceof ClientEntityInterface) { diff --git a/src/Repositories/ClientRepositoryInterface.php b/src/Repositories/ClientRepositoryInterface.php index 0cd88ad2..3bec9452 100644 --- a/src/Repositories/ClientRepositoryInterface.php +++ b/src/Repositories/ClientRepositoryInterface.php @@ -19,12 +19,12 @@ interface ClientRepositoryInterface extends RepositoryInterface /** * Get a client * + * @param string $grantType The grant type used * @param string $clientIdentifier The client's identifier - * @param string $clientSecret The client's secret + * @param string|null $clientSecret The client's secret * @param string|null $redirectUri The client's redirect URI - * @param string|null $grantType The grant type used * * @return \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface */ - public function getClientEntity($clientIdentifier, $clientSecret, $redirectUri = null, $grantType = null); + public function getClientEntity($grantType, $clientIdentifier, $clientSecret = null, $redirectUri = null); }