From 6fdb6177bcdc9cfd81a43217ebc07608f5b0010c Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 20 Aug 2012 15:09:33 +0100 Subject: [PATCH] Lots of fixes --- src/Oauth2/Resource/Server.php | 100 ++++++++++++++++++--------------- 1 file changed, 55 insertions(+), 45 deletions(-) diff --git a/src/Oauth2/Resource/Server.php b/src/Oauth2/Resource/Server.php index 89c2e0c6..b9c6ca42 100644 --- a/src/Oauth2/Resource/Server.php +++ b/src/Oauth2/Resource/Server.php @@ -9,6 +9,12 @@ class OAuthResourceServerException extends \Exception class Server { + /** + * Reference to the database abstractor + * @var object + */ + private $_db = null; + /** * The access token. * @access private @@ -37,10 +43,22 @@ class Server * Server configuration * @var array */ - private $config = array( + private $_config = array( 'token_key' => 'oauth_token' ); + /** + * Error codes. + * + * To provide i8ln errors just overwrite the keys + * + * @var array + */ + public $errors = array( + 'missing_access_token' => 'An access token was not presented with the request', + 'invalid_access_token' => 'The access token is not registered with the resource server' + ); + /** * Constructor * @@ -56,21 +74,22 @@ class Server /** * Magic method to test if access token represents a particular owner type - * @param [type] $method [description] - * @param [type] $arguements [description] - * @return [type] [description] + * @param string $method The method name + * @param mixed $arguements The method arguements + * @return bool If method is valid, and access token is owned by the requested party then true, */ - public function __call($method, $arguements) + public function __call($method, $arguements = null) { - if (substr($method, 0, 2) === 'is') - { - if ($this->_type === strtolower(substr($method, 2))) - { + if (substr($method, 0, 2) === 'is') { + + if ($this->_type === strtolower(substr($method, 2))) { return $this->_typeId; } return false; } + + trigger_error('Call to undefined function ' . $method . '()'); } /** @@ -82,7 +101,7 @@ class Server */ public function registerDbAbstractor($db) { - $this->db = $db; + $this->_db = $db; } /** @@ -99,18 +118,18 @@ class Server switch ($server['REQUEST_METHOD']) { case 'POST': - $accessToken = isset($_POST[$this->config['token_key']]) ? $_POST[$this->config['token_key']] : null; + $accessToken = isset($_POST[$this->_config['token_key']]) ? $_POST[$this->_config['token_key']] : null; break; default: - $accessToken = isset($_GET[$this->config['token_key']]) ? $_GET[$this->config['token_key']] : null; + $accessToken = isset($_GET[$this->_config['token_key']]) ? $_GET[$this->_config['token_key']] : null; break; } // Try and get an access token from the auth header $headers = getallheaders(); - if (isset($headers['Authorization'])) - { + if (isset($headers['Authorization'])) { + $rawToken = trim(str_replace('Bearer', '', $headers['Authorization'])); if ( ! empty($rawToken)) { @@ -118,38 +137,29 @@ class Server } } - if ($accessToken) - { - $sessionQuery = $this->ci->db->get_where('oauth_sessions', array('access_token' => $accessToken, 'stage' => 'granted')); - - if ($session_query->num_rows() === 1) + if ($accessToken) { + + $result = $this->_dbCall('validateAccessToken', array($accessToken)); + + if ($result === false) { - $session = $session_query->row(); - $this->_accessToken = $session->access_token; - $this->_type = $session->type; - $this->_typeId = $session->type_id; - - $scopes_query = $this->ci->db->get_where('oauth_session_scopes', array('access_token' => $accessToken)); - if ($scopes_query->num_rows() > 0) - { - foreach ($scopes_query->result() as $scope) - { - $this->_scopes[] = $scope->scope; - } - } + throw new OAuthResourceServerException($this->errors['invalid_access_token']); } - + else { - $this->ci->output->set_status_header(403); - $this->ci->output->set_output('Invalid access token'); + $this->_accessToken = $accessToken; + $this->_type = $result['owner_type']; + $this->_typeId = $result['owner_id']; + + // Get the scopes + $this->_scopes = $this->_dbCall('sessionScopes', array($result['id'])); } - } - - else - { - $this->ci->output->set_status_header(403); - $this->ci->output->set_output('Missing access token'); + + } else { + + throw new OAuthResourceServerException($this->errors['missing_access_token']); + } } @@ -194,13 +204,13 @@ class Server * * @return mixed The query result */ - private function dbcall() + private function _dbCall() { - if ($this->db === null) { + if ($this->_db === null) { throw new OAuthResourceServerException('No registered database abstractor'); } - if ( ! $this->db instanceof Database) { + if ( ! $this->_db instanceof Database) { throw new OAuthResourceServerException('Registered database abstractor is not an instance of Oauth2\Resource\Database'); } @@ -209,6 +219,6 @@ class Server unset($args[0]); $params = array_values($args); - return call_user_func_array(array($this->db, $method), $args); + return call_user_func_array(array($this->_db, $method), $args); } } \ No newline at end of file