Merge branch 'develop' into feature/clients

2024-11-01 16:33:07 +05:30 · 2012-09-19 23:29:40 +01:00 · 2012-09-19 23:29:40 +01:00 · 6d1702a15d
commit 6d1702a15d
parent c993a0cdc0 500640c56c
9 changed files with 75 additions and 48 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,4 @@
+tests/ export-ignore
+phpunit.xml export-ignore
+build.xml export-ignore
+test export-ignore
--- a/README.md
+++ b/README.md
@ -38,6 +38,10 @@ The resource server allows you to secure your API endpoints by checking for a va
 * Support for [JSON web tokens](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-json-web-token/).
 * Support for [SAML assertions](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-saml2-bearer/).

+### Client support
+
+* Merge in https://github.com/philsturgeon/codeigniter-oauth2
+
 ---

 This code will be developed as part of the [Linkey](http://linkey.blogs.lincoln.ac.uk) project which has been funded by [JISC](http://jisc.ac.uk) under the Access and Identity Management programme.
--- a/composer.json
+++ b/composer.json
@ -1,14 +1,14 @@
 {
 	"name": "lncd/Oauth2",
 	"description": "OAuth 2.0 Framework",
-	"version": "0.2.1",
+	"version": "0.2.3",
 	"homepage": "https://github.com/lncd/OAuth2",
 	"license": "MIT",
 	"require": {
 		"php": ">=5.3.0"
 	},
 	"require-dev": {
-		"EHER/PHPUnit": "*"
+		"phpunit/phpunit": "*"
 	},
 	"repositories": [
 		{
@ -27,7 +27,7 @@
 	"authors": [
 		{
 			"name": "Alex Bilbie",
-			"email": "oauth2server@alexbilbie.com",
+			"email": "oauth2@alexbilbie.com",
 			"homepage": "http://www.httpster.org",
 			"role": "Developer"
 		}
--- a/src/sql/database.sql
+++ b/src/sql/database.sql
--- a/src/sql/index.html
+++ b/src/sql/index.html
--- a/src/Oauth2/Authentication/Server.php
+++ b/src/Oauth2/Authentication/Server.php
@ -2,17 +2,17 @@

 namespace Oauth2\Authentication;

-class OAuthServerClientException extends \Exception
+class ClientException extends \Exception
 {

 }

-class OAuthServerUserException extends \Exception
+class UserException extends \Exception
 {

 }

-class OAuthServerException extends \Exception
+class ServerException extends \Exception
 {

 }
@ -127,7 +127,7 @@ class Server
        // Client ID
        if ( ! isset($authParams['client_id']) && ! isset($_GET['client_id'])) {

-            throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0);
+            throw new ClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0);

        } else {

@ -138,7 +138,7 @@ class Server
        // Redirect URI
        if ( ! isset($authParams['redirect_uri']) && ! isset($_GET['redirect_uri'])) {

-            throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'redirect_uri'), 0);
+            throw new ClientException(sprintf($this->errors['invalid_request'], 'redirect_uri'), 0);

        } else {

@ -151,13 +151,13 @@ class Server

        if ($clientDetails === false) {

-            throw new OAuthServerClientException($this->errors['invalid_client'], 8);
+            throw new ClientException($this->errors['invalid_client'], 8);
        }

        // Response type
        if ( ! isset($authParams['response_type']) && ! isset($_GET['response_type'])) {

-            throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'response_type'), 0);
+            throw new ClientException(sprintf($this->errors['invalid_request'], 'response_type'), 0);

        } else {

@ -166,7 +166,7 @@ class Server
            // Ensure response type is one that is recognised
            if ( ! in_array($params['response_type'], $this->_responseTypes)) {

-                throw new OAuthServerClientException($this->errors['unsupported_response_type'], 3);
+                throw new ClientException($this->errors['unsupported_response_type'], 3);

            }
        }
@ -189,7 +189,7 @@ class Server

            if (count($scopes) === 0) {

-                throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'scope'), 0);
+                throw new ClientException(sprintf($this->errors['invalid_request'], 'scope'), 0);
            }

            $params['scopes'] = array();
@ -200,7 +200,7 @@ class Server
                
                if ($scopeDetails === false) {

-                    throw new OAuthServerClientException(sprintf($this->errors['invalid_scope'], $scope), 4);
+                    throw new ClientException(sprintf($this->errors['invalid_scope'], $scope), 4);

                }

@ -325,7 +325,7 @@ class Server

        if ( ! isset($authParams['grant_type']) && ! isset($_POST['grant_type'])) {

-            throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'grant_type'), 0);
+            throw new ClientException(sprintf($this->errors['invalid_request'], 'grant_type'), 0);

        } else {

@ -334,7 +334,7 @@ class Server
            // Ensure grant type is one that is recognised
            if ( ! in_array($params['grant_type'], $this->_grantTypes)) {

-                throw new OAuthServerClientException($this->errors['unsupported_grant_type'], 7);
+                throw new ClientException($this->errors['unsupported_grant_type'], 7);

            }
        }
@ -350,7 +350,7 @@ class Server
            case 'password': // Resource owner password credentials grant
            case 'client_credentials': // Client credentials grant
            default: // Unsupported
-                throw new OAuthServerException($this->errors['server_error'] . 'Tried to process an unsuppported grant type.', 5);
+                throw new ServerException($this->errors['server_error'] . 'Tried to process an unsuppported grant type.', 5);
                break;
        }
    }
@ -370,7 +370,7 @@ class Server
        // Client ID
        if ( ! isset($authParams['client_id']) && ! isset($_POST['client_id'])) {

-            throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0);
+            throw new ClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0);

        } else {

@ -381,7 +381,7 @@ class Server
        // Client secret
        if ( ! isset($authParams['client_secret']) && ! isset($_POST['client_secret'])) {

-            throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'client_secret'), 0);
+            throw new ClientException(sprintf($this->errors['invalid_request'], 'client_secret'), 0);

        } else {

@ -392,7 +392,7 @@ class Server
        // Redirect URI
        if ( ! isset($authParams['redirect_uri']) && ! isset($_POST['redirect_uri'])) {

-            throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'redirect_uri'), 0);
+            throw new ClientException(sprintf($this->errors['invalid_request'], 'redirect_uri'), 0);

        } else {

@ -409,13 +409,13 @@ class Server

        if ($clientDetails === false) {

-            throw new OAuthServerClientException($this->errors['invalid_client'], 8);
+            throw new ClientException($this->errors['invalid_client'], 8);
        }

        // The authorization code
        if ( ! isset($authParams['code']) && ! isset($_POST['code'])) {

-            throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'code'), 0);
+            throw new ClientException(sprintf($this->errors['invalid_request'], 'code'), 0);

        } else {

@ -433,7 +433,7 @@ class Server

        if ( ! $session) {

-            throw new OAuthServerClientException(sprintf($this->errors['invalid_grant'], 'code'), 9);
+            throw new ClientException(sprintf($this->errors['invalid_grant'], 'code'), 9);
        
        } else {

@ -500,11 +500,11 @@ class Server
    private function _dbCall()
    {
        if ($this->_db === null) {
-            throw new OAuthServerException('No registered database abstractor');
+            throw new ServerException('No registered database abstractor');
        }

        if ( ! $this->_db instanceof Database) {
-            throw new OAuthServerException('Registered database abstractor is not an instance of Oauth2\Authentication\Database');
+            throw new ServerException('Registered database abstractor is not an instance of Oauth2\Authentication\Database');
        }

        $args = func_get_args();
--- a/src/Oauth2/Resource/Server.php
+++ b/src/Oauth2/Resource/Server.php
@ -2,7 +2,12 @@

 namespace Oauth2\Resource;

-class OAuthResourceServerException extends \Exception
+class ServerException extends \Exception
+{
+
+}
+
+class ClientException extends \Exception
 {

 }
@ -56,7 +61,9 @@ class Server
     */
    public $errors = array(
        'missing_access_token'  =>  'An access token was not presented with the request',
-        'invalid_access_token'  =>  'The access token is not registered with the resource server'
+        'invalid_access_token'  =>  'The access token is not registered with the resource server',
+        'missing_access_token_details'  =>  'The registered database abstractor did not return a valid access token details response',
+        'invalid_access_token_scopes'   =>  'The registered database abstractor did not return a valid access token scopes response',
    );

    /**
@ -150,21 +157,33 @@ class Server

            if ($result === false) {

-                throw new OAuthResourceServerException($this->errors['invalid_access_token']);
+                throw new ClientException($this->errors['invalid_access_token']);

            } else {

+                if ( ! array_key_exists('id', $result) || ! array_key_exists('owner_id', $result) || 
+                     ! array_key_exists('owner_type', $result)) {
+                    throw new ServerException($this->errors['missing_access_token_details']);
+                }
+
                $this->_accessToken = $accessToken;
                $this->_type = $result['owner_type'];
                $this->_typeId = $result['owner_id'];

                // Get the scopes
-                $this->_scopes = $this->_dbCall('sessionScopes', $result['id']);
+                $scopes = $this->_dbCall('sessionScopes', $result['id']);
+
+                if ( ! is_array($scopes))
+                {
+                    throw new ServerException($this->errors['invalid_access_token_scopes']);
+                }
+
+                $this->_scopes = $scopes;
            }

        } else {

-            throw new OAuthResourceServerException($this->errors['missing_access_token']);
+            throw new ClientException($this->errors['missing_access_token']);

        }
    }
@ -211,11 +230,11 @@ class Server
    private function _dbCall()
    {
        if ($this->_db === null) {
-            throw new OAuthResourceServerException('No registered database abstractor');
+            throw new ServerException('No registered database abstractor');
        }

        if ( ! $this->_db instanceof Database) {
-            throw new OAuthResourceServerException('Registered database abstractor is not an instance of Oauth2\Resource\Database');
+            throw new ServerException('The registered database abstractor is not an instance of Oauth2\Resource\Database');
        }

        $args = func_get_args();
--- a/tests/authentication/server_test.php
+++ b/tests/authentication/server_test.php
@ -90,7 +90,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
 	}

 	/**
-	 * @expectedException        Oauth2\Authentication\OAuthServerClientException
+	 * @expectedException        Oauth2\Authentication\ClientException
 	 * @expectedExceptionCode    0
 	 */
 	function test_checkClientAuthoriseParams_missingClientId()
@ -99,7 +99,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
 	}

 	/**
-	 * @expectedException        Oauth2\Authentication\OAuthServerClientException
+	 * @expectedException        Oauth2\Authentication\ClientException
 	 * @expectedExceptionCode    0
 	 */
 	function test_checkClientAuthoriseParams_missingRedirectUri()
@ -110,7 +110,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
 	}

 	/**
-	 * @expectedException        Oauth2\Authentication\OAuthServerClientException
+	 * @expectedException        Oauth2\Authentication\ClientException
 	 * @expectedExceptionCode    0
 	 */
 	function test_checkClientAuthoriseParams_missingResponseType()
@ -122,7 +122,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
 	}

 	/**
-	 * @expectedException        Oauth2\Authentication\OAuthServerClientException
+	 * @expectedException        Oauth2\Authentication\ClientException
 	 * @expectedExceptionCode    0
 	 */
 	function test_checkClientAuthoriseParams_missingScopes()
@ -136,7 +136,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
 	}

 	/**
-	 * @expectedException        Oauth2\Authentication\OAuthServerClientException
+	 * @expectedException        Oauth2\Authentication\ClientException
 	 * @expectedExceptionCode    4
 	 */
 	function test_checkClientAuthoriseParams_invalidScopes()
@ -247,7 +247,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
 	}

 	/**
-	 * @expectedException        Oauth2\Authentication\OAuthServerClientException
+	 * @expectedException        Oauth2\Authentication\ClientException
 	 * @expectedExceptionCode    0
 	 */
 	function test_issueAccessToken_missingGrantType()
@ -256,7 +256,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
 	}

 	/**
-	 * @expectedException        Oauth2\Authentication\OAuthServerClientException
+	 * @expectedException        Oauth2\Authentication\ClientException
 	 * @expectedExceptionCode    7
 	 */
 	function test_issueAccessToken_unsupportedGrantType()
@ -267,7 +267,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
 	}

 	/**
-	 * @expectedException        Oauth2\Authentication\OAuthServerClientException
+	 * @expectedException        Oauth2\Authentication\ClientException
 	 * @expectedExceptionCode    0
 	 */
 	function test_completeAuthCodeGrant_missingClientId()
@ -280,7 +280,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
 	}

 	/**
-	 * @expectedException        Oauth2\Authentication\OAuthServerClientException
+	 * @expectedException        Oauth2\Authentication\ClientException
 	 * @expectedExceptionCode    0
 	 */
 	function test_completeAuthCodeGrant_missingClientSecret()
@ -295,7 +295,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
 	}

 	/**
-	 * @expectedException        Oauth2\Authentication\OAuthServerClientException
+	 * @expectedException        Oauth2\Authentication\ClientException
 	 * @expectedExceptionCode    0
 	 */
 	function test_completeAuthCodeGrant_missingRedirectUri()
@ -311,7 +311,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
 	}

 	/**
-	 * @expectedException        Oauth2\Authentication\OAuthServerClientException
+	 * @expectedException        Oauth2\Authentication\ClientException
 	 * @expectedExceptionCode    8
 	 */
 	function test_completeAuthCodeGrant_invalidClient()
@ -328,7 +328,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
 	}

 	/**
-	 * @expectedException        Oauth2\Authentication\OAuthServerClientException
+	 * @expectedException        Oauth2\Authentication\ClientException
 	 * @expectedExceptionCode    0
 	 */
 	function test_completeAuthCodeGrant_missingCode()
@ -345,7 +345,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
 	}

 	/**
-	 * @expectedException        Oauth2\Authentication\OAuthServerClientException
+	 * @expectedException        Oauth2\Authentication\ClientException
 	 * @expectedExceptionCode    9
 	 */
 	function test_completeAuthCodeGrant_invalidCode()
@ -363,7 +363,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
 	}

 	/**
-	 * @expectedException        Oauth2\Authentication\OAuthServerException
+	 * @expectedException        Oauth2\Authentication\ServerException
 	 * @expectedExceptionMessage No registered database abstractor
 	 */
 	function test_noRegisteredDatabaseAbstractor()
@ -380,7 +380,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
 	}

 	/**
-	 * @expectedException        Oauth2\Authentication\OAuthServerException
+	 * @expectedException        Oauth2\Authentication\ServerException
 	 * @expectedExceptionMessage Registered database abstractor is not an instance of Oauth2\Authentication\Database
 	 */
 	function test_invalidRegisteredDatabaseAbstractor()
--- a/tests/resource/server_test.php
+++ b/tests/resource/server_test.php
@ -72,7 +72,7 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase {
 	}

 	/**
-	 * @expectedException        \Oauth2\Resource\OAuthResourceServerException
+	 * @expectedException        \Oauth2\Resource\ClientException
 	 * @expectedExceptionMessage An access token was not presented with the request
 	 */
 	function test_init_missingToken()
@ -81,7 +81,7 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase {
 	}

 	/**
-	 * @expectedException        \Oauth2\Resource\OAuthResourceServerException
+	 * @expectedException        \Oauth2\Resource\ClientException
 	 * @expectedExceptionMessage The access token is not registered with the resource server
 	 */
 	function test_init_wrongToken()