mirror of
https://github.com/elyby/oauth2-server.git
synced 2025-01-03 18:51:53 +05:30
Merge branch 'V5-WIP' into V5-AuthCode
# Conflicts: # src/Grant/AbstractGrant.php
This commit is contained in:
commit
5a08a0cbe2
@ -4,4 +4,4 @@ namespace League\OAuth2\Server\Entities\Interfaces;
|
|||||||
interface AccessTokenEntityInterface extends TokenInterface
|
interface AccessTokenEntityInterface extends TokenInterface
|
||||||
{
|
{
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -15,7 +15,7 @@ class ScopeEntity implements ScopeEntityInterface
|
|||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
function jsonSerialize()
|
public function jsonSerialize()
|
||||||
{
|
{
|
||||||
return $this->getIdentifier();
|
return $this->getIdentifier();
|
||||||
}
|
}
|
||||||
|
@ -25,4 +25,4 @@ trait ClientEntityTrait
|
|||||||
{
|
{
|
||||||
$this->name = $name;
|
$this->name = $name;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -50,4 +50,4 @@ trait RefreshTokenTrait
|
|||||||
{
|
{
|
||||||
$this->expiryDateTime = $dateTime;
|
$this->expiryDateTime = $dateTime;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -123,4 +123,4 @@ trait TokenEntityTrait
|
|||||||
{
|
{
|
||||||
return (new DateTime()) > $this->getExpiryDateTime();
|
return (new DateTime()) > $this->getExpiryDateTime();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -60,7 +60,8 @@ class OAuthServerException extends \Exception
|
|||||||
$localizedHint = null
|
$localizedHint = null
|
||||||
) {
|
) {
|
||||||
$errorMessage = (is_null($localizedError))
|
$errorMessage = (is_null($localizedError))
|
||||||
? 'The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.'
|
? 'The provided authorization grant is invalid, expired, revoked, does not match ' .
|
||||||
|
'the redirection URI used in the authorization request, or was issued to another client.'
|
||||||
: $localizedError;
|
: $localizedError;
|
||||||
$hint = (is_null($localizedHint))
|
$hint = (is_null($localizedHint))
|
||||||
? 'Check the `grant_type` parameter'
|
? 'Check the `grant_type` parameter'
|
||||||
@ -106,7 +107,8 @@ class OAuthServerException extends \Exception
|
|||||||
$localizedHint = null
|
$localizedHint = null
|
||||||
) {
|
) {
|
||||||
$errorMessage = (is_null($localizedError))
|
$errorMessage = (is_null($localizedError))
|
||||||
? 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.'
|
? 'The request is missing a required parameter, includes an invalid parameter value, ' .
|
||||||
|
'includes a parameter more than once, or is otherwise malformed.'
|
||||||
: $localizedError;
|
: $localizedError;
|
||||||
$hint = (is_null($localizedHint))
|
$hint = (is_null($localizedHint))
|
||||||
? sprintf('Check the `%s` parameter', $parameter)
|
? sprintf('Check the `%s` parameter', $parameter)
|
||||||
|
@ -11,6 +11,7 @@
|
|||||||
|
|
||||||
namespace League\OAuth2\Server\Grant;
|
namespace League\OAuth2\Server\Grant;
|
||||||
|
|
||||||
|
use League\Event\EmitterAwareTrait;
|
||||||
use League\Event\EmitterInterface;
|
use League\Event\EmitterInterface;
|
||||||
use League\Event\Event;
|
use League\Event\Event;
|
||||||
use League\OAuth2\Server\Entities\AccessTokenEntity;
|
use League\OAuth2\Server\Entities\AccessTokenEntity;
|
||||||
@ -29,6 +30,8 @@ use Psr\Http\Message\ServerRequestInterface;
|
|||||||
*/
|
*/
|
||||||
abstract class AbstractGrant implements GrantTypeInterface
|
abstract class AbstractGrant implements GrantTypeInterface
|
||||||
{
|
{
|
||||||
|
use EmitterAwareTrait;
|
||||||
|
|
||||||
const SCOPE_DELIMITER_STRING = ' ';
|
const SCOPE_DELIMITER_STRING = ' ';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -53,11 +56,6 @@ abstract class AbstractGrant implements GrantTypeInterface
|
|||||||
*/
|
*/
|
||||||
protected $accessTokenRepository;
|
protected $accessTokenRepository;
|
||||||
|
|
||||||
/**
|
|
||||||
* @var \League\Event\Emitter
|
|
||||||
*/
|
|
||||||
protected $emitter;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @var ScopeRepositoryInterface
|
* @var ScopeRepositoryInterface
|
||||||
*/
|
*/
|
||||||
@ -121,7 +119,7 @@ abstract class AbstractGrant implements GrantTypeInterface
|
|||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
public function setEmitter(EmitterInterface $emitter)
|
public function setEmitter(EmitterInterface $emitter = null)
|
||||||
{
|
{
|
||||||
$this->emitter = $emitter;
|
$this->emitter = $emitter;
|
||||||
}
|
}
|
||||||
@ -181,14 +179,14 @@ abstract class AbstractGrant implements GrantTypeInterface
|
|||||||
}
|
}
|
||||||
|
|
||||||
$client = $this->clientRepository->getClientEntity(
|
$client = $this->clientRepository->getClientEntity(
|
||||||
|
$this->getIdentifier(),
|
||||||
$clientId,
|
$clientId,
|
||||||
$clientSecret,
|
$clientSecret,
|
||||||
$redirectUri,
|
$redirectUri
|
||||||
$this->getIdentifier()
|
|
||||||
);
|
);
|
||||||
|
|
||||||
if (!$client instanceof ClientEntityInterface) {
|
if (!$client instanceof ClientEntityInterface) {
|
||||||
$this->emitter->emit(new Event('client.authentication.failed', $request));
|
$this->getEmitter()->emit(new Event('client.authentication.failed', $request));
|
||||||
|
|
||||||
throw OAuthServerException::invalidClient();
|
throw OAuthServerException::invalidClient();
|
||||||
}
|
}
|
||||||
|
@ -11,7 +11,7 @@
|
|||||||
|
|
||||||
namespace League\OAuth2\Server\Grant;
|
namespace League\OAuth2\Server\Grant;
|
||||||
|
|
||||||
use League\Event\EmitterInterface;
|
use League\Event\EmitterAwareInterface;
|
||||||
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
|
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
|
||||||
use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
|
use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
|
||||||
use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
|
use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
|
||||||
@ -21,7 +21,7 @@ use Psr\Http\Message\ServerRequestInterface;
|
|||||||
/**
|
/**
|
||||||
* Grant type interface
|
* Grant type interface
|
||||||
*/
|
*/
|
||||||
interface GrantTypeInterface
|
interface GrantTypeInterface extends EmitterAwareInterface
|
||||||
{
|
{
|
||||||
/**
|
/**
|
||||||
* Set refresh token TTL
|
* Set refresh token TTL
|
||||||
@ -73,13 +73,6 @@ interface GrantTypeInterface
|
|||||||
*/
|
*/
|
||||||
public function canRespondToRequest(ServerRequestInterface $request);
|
public function canRespondToRequest(ServerRequestInterface $request);
|
||||||
|
|
||||||
/**
|
|
||||||
* Set the event emitter
|
|
||||||
*
|
|
||||||
* @param \League\Event\EmitterInterface $emitter
|
|
||||||
*/
|
|
||||||
public function setEmitter(EmitterInterface $emitter);
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Set the client repository
|
* Set the client repository
|
||||||
*
|
*
|
||||||
|
@ -95,7 +95,7 @@ class PasswordGrant extends AbstractGrant
|
|||||||
|
|
||||||
$user = $this->userRepository->getUserEntityByUserCredentials($username, $password);
|
$user = $this->userRepository->getUserEntityByUserCredentials($username, $password);
|
||||||
if (!$user instanceof UserEntityInterface) {
|
if (!$user instanceof UserEntityInterface) {
|
||||||
$this->emitter->emit(new Event('user.authentication.failed', $request));
|
$this->getEmitter()->emit(new Event('user.authentication.failed', $request));
|
||||||
|
|
||||||
throw OAuthServerException::invalidCredentials();
|
throw OAuthServerException::invalidCredentials();
|
||||||
}
|
}
|
||||||
|
@ -31,9 +31,8 @@ class RefreshTokenGrant extends AbstractGrant
|
|||||||
/**
|
/**
|
||||||
* @param \League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface $refreshTokenRepository
|
* @param \League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface $refreshTokenRepository
|
||||||
*/
|
*/
|
||||||
public function __construct(
|
public function __construct(RefreshTokenRepositoryInterface $refreshTokenRepository)
|
||||||
RefreshTokenRepositoryInterface $refreshTokenRepository
|
{
|
||||||
) {
|
|
||||||
$this->refreshTokenRepository = $refreshTokenRepository;
|
$this->refreshTokenRepository = $refreshTokenRepository;
|
||||||
|
|
||||||
$this->refreshTokenTTL = new \DateInterval('P1M');
|
$this->refreshTokenTTL = new \DateInterval('P1M');
|
||||||
@ -60,7 +59,7 @@ class RefreshTokenGrant extends AbstractGrant
|
|||||||
// the request doesn't include any new scopes
|
// the request doesn't include any new scopes
|
||||||
foreach ($scopes as $scope) {
|
foreach ($scopes as $scope) {
|
||||||
if (in_array($scope->getIdentifier(), $oldRefreshToken['scopes']) === false) {
|
if (in_array($scope->getIdentifier(), $oldRefreshToken['scopes']) === false) {
|
||||||
$this->emitter->emit(new Event('scope.selection.failed', $request));
|
$this->getEmitter()->emit(new Event('scope.selection.failed', $request));
|
||||||
|
|
||||||
throw OAuthServerException::invalidScope($scope->getIdentifier());
|
throw OAuthServerException::invalidScope($scope->getIdentifier());
|
||||||
}
|
}
|
||||||
@ -108,7 +107,7 @@ class RefreshTokenGrant extends AbstractGrant
|
|||||||
|
|
||||||
$refreshTokenData = json_decode($refreshToken, true);
|
$refreshTokenData = json_decode($refreshToken, true);
|
||||||
if ($refreshTokenData['client_id'] !== $clientId) {
|
if ($refreshTokenData['client_id'] !== $clientId) {
|
||||||
$this->emitter->emit(new Event('refresh_token.client.failed', $request));
|
$this->getEmitter()->emit(new Event('refresh_token.client.failed', $request));
|
||||||
|
|
||||||
throw OAuthServerException::invalidRefreshToken(
|
throw OAuthServerException::invalidRefreshToken(
|
||||||
'Token is not linked to client,' .
|
'Token is not linked to client,' .
|
||||||
|
@ -33,8 +33,6 @@ interface AuthCodeRepositoryInterface extends RepositoryInterface
|
|||||||
* @param string $code The authorization code string
|
* @param string $code The authorization code string
|
||||||
* @param integer $expireTime Token expire time
|
* @param integer $expireTime Token expire time
|
||||||
* @param string $redirectUri Client redirect uri
|
* @param string $redirectUri Client redirect uri
|
||||||
*
|
|
||||||
* @return void
|
|
||||||
*/
|
*/
|
||||||
public function persistNewAuthCode($code, $expireTime, $redirectUri);
|
public function persistNewAuthCode($code, $expireTime, $redirectUri);
|
||||||
|
|
||||||
|
@ -19,12 +19,12 @@ interface ClientRepositoryInterface extends RepositoryInterface
|
|||||||
/**
|
/**
|
||||||
* Get a client
|
* Get a client
|
||||||
*
|
*
|
||||||
|
* @param string $grantType The grant type used
|
||||||
* @param string $clientIdentifier The client's identifier
|
* @param string $clientIdentifier The client's identifier
|
||||||
* @param string|null $clientSecret The client's secret
|
* @param string|null $clientSecret The client's secret
|
||||||
* @param string|null $redirectUri The client's redirect URI
|
* @param string|null $redirectUri The client's redirect URI
|
||||||
* @param string|null $grantType The grant type used
|
|
||||||
*
|
*
|
||||||
* @return \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface
|
* @return \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface
|
||||||
*/
|
*/
|
||||||
public function getClientEntity($clientIdentifier, $grantType, $clientSecret = null, $redirectUri = null);
|
public function getClientEntity($grantType, $clientIdentifier, $clientSecret = null, $redirectUri = null);
|
||||||
}
|
}
|
||||||
|
@ -13,7 +13,6 @@ namespace League\OAuth2\Server\Storage;
|
|||||||
|
|
||||||
use League\OAuth2\Server\Repositories\RepositoryInterface;
|
use League\OAuth2\Server\Repositories\RepositoryInterface;
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* MacTokenInterface
|
* MacTokenInterface
|
||||||
*/
|
*/
|
||||||
@ -21,15 +20,17 @@ interface MacTokenInterface extends RepositoryInterface
|
|||||||
{
|
{
|
||||||
/**
|
/**
|
||||||
* Create a MAC key linked to an access token
|
* Create a MAC key linked to an access token
|
||||||
* @param string $macKey
|
*
|
||||||
* @param string $accessToken
|
* @param string $macKey
|
||||||
* @return void
|
* @param string $accessToken
|
||||||
*/
|
*/
|
||||||
public function persistMacTokenEntity($macKey, $accessToken);
|
public function persistMacTokenEntity($macKey, $accessToken);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get a MAC key by access token
|
* Get a MAC key by access token
|
||||||
|
*
|
||||||
* @param string $accessToken
|
* @param string $accessToken
|
||||||
|
*
|
||||||
* @return string
|
* @return string
|
||||||
*/
|
*/
|
||||||
public function getMacKeyByAccessTokenString($accessToken);
|
public function getMacKeyByAccessTokenString($accessToken);
|
||||||
|
@ -21,9 +21,9 @@ interface RefreshTokenRepositoryInterface extends RepositoryInterface
|
|||||||
/**
|
/**
|
||||||
* Create a new refresh token_name
|
* Create a new refresh token_name
|
||||||
*
|
*
|
||||||
* @param \League\OAuth2\Server\Entities\Interfaces\RefreshTokenEntityInterface $refreshTokenEntityInterface
|
* @param \League\OAuth2\Server\Entities\Interfaces\RefreshTokenEntityInterface $refreshTokenEntity
|
||||||
*/
|
*/
|
||||||
public function persistNewRefreshToken(RefreshTokenEntityInterface $refreshTokenEntityInterface);
|
public function persistNewRefreshToken(RefreshTokenEntityInterface $refreshTokenEntity);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Revoke the refresh token
|
* Revoke the refresh token
|
||||||
|
@ -19,9 +19,9 @@ interface ScopeRepositoryInterface extends RepositoryInterface
|
|||||||
/**
|
/**
|
||||||
* Return information about a scope
|
* Return information about a scope
|
||||||
*
|
*
|
||||||
* @param string $identifier The scope identifier
|
* @param string $identifier The scope identifier
|
||||||
* @param string $grantType The grant type used in the request
|
* @param string $grantType The grant type used in the request
|
||||||
* @param string $clientId The client sending the request
|
* @param string|null $clientId The client sending the request
|
||||||
*
|
*
|
||||||
* @return \League\OAuth2\Server\Entities\Interfaces\ScopeEntityInterface
|
* @return \League\OAuth2\Server\Entities\Interfaces\ScopeEntityInterface
|
||||||
*/
|
*/
|
||||||
|
@ -28,12 +28,14 @@ class BearerTokenResponse extends AbstractResponseType
|
|||||||
*/
|
*/
|
||||||
public function generateHttpResponse(ResponseInterface $response)
|
public function generateHttpResponse(ResponseInterface $response)
|
||||||
{
|
{
|
||||||
|
$expireDateTime = $this->accessToken->getExpiryDateTime()->getTimestamp();
|
||||||
|
|
||||||
$jwtAccessToken = (new Builder())
|
$jwtAccessToken = (new Builder())
|
||||||
->setAudience($this->accessToken->getClient()->getIdentifier())
|
->setAudience($this->accessToken->getClient()->getIdentifier())
|
||||||
->setId($this->accessToken->getIdentifier(), true)
|
->setId($this->accessToken->getIdentifier(), true)
|
||||||
->setIssuedAt(time())
|
->setIssuedAt(time())
|
||||||
->setNotBefore(time())
|
->setNotBefore(time())
|
||||||
->setExpiration($this->accessToken->getExpiryDateTime()->getTimestamp())
|
->setExpiration($expireDateTime)
|
||||||
->setSubject($this->accessToken->getUserIdentifier())
|
->setSubject($this->accessToken->getUserIdentifier())
|
||||||
->set('scopes', $this->accessToken->getScopes())
|
->set('scopes', $this->accessToken->getScopes())
|
||||||
->sign(new Sha256(), new Key($this->pathToPrivateKey))
|
->sign(new Sha256(), new Key($this->pathToPrivateKey))
|
||||||
@ -41,7 +43,7 @@ class BearerTokenResponse extends AbstractResponseType
|
|||||||
|
|
||||||
$responseParams = [
|
$responseParams = [
|
||||||
'token_type' => 'Bearer',
|
'token_type' => 'Bearer',
|
||||||
'expires_in' => $this->accessToken->getExpiryDateTime()->getTimestamp() - (new \DateTime())->getTimestamp(),
|
'expires_in' => $expireDateTime - (new \DateTime)->getTimestamp(),
|
||||||
'access_token' => (string) $jwtAccessToken,
|
'access_token' => (string) $jwtAccessToken,
|
||||||
];
|
];
|
||||||
|
|
||||||
@ -54,7 +56,7 @@ class BearerTokenResponse extends AbstractResponseType
|
|||||||
'access_token_id' => $this->accessToken->getIdentifier(),
|
'access_token_id' => $this->accessToken->getIdentifier(),
|
||||||
'scopes' => $this->accessToken->getScopes(),
|
'scopes' => $this->accessToken->getScopes(),
|
||||||
'user_id' => $this->accessToken->getUserIdentifier(),
|
'user_id' => $this->accessToken->getUserIdentifier(),
|
||||||
'expire_time' => $this->refreshToken->getExpiryDateTime()->getTimestamp(),
|
'expire_time' => $expireDateTime,
|
||||||
]
|
]
|
||||||
),
|
),
|
||||||
$this->pathToPrivateKey
|
$this->pathToPrivateKey
|
||||||
|
@ -2,7 +2,6 @@
|
|||||||
|
|
||||||
namespace League\OAuth2\Server;
|
namespace League\OAuth2\Server;
|
||||||
|
|
||||||
use DateInterval;
|
|
||||||
use League\Event\EmitterAwareInterface;
|
use League\Event\EmitterAwareInterface;
|
||||||
use League\Event\EmitterAwareTrait;
|
use League\Event\EmitterAwareTrait;
|
||||||
use League\OAuth2\Server\Exception\OAuthServerException;
|
use League\OAuth2\Server\Exception\OAuthServerException;
|
||||||
|
Loading…
Reference in New Issue
Block a user