mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-12-23 05:29:52 +05:30
Lots of fixes
This commit is contained in:
parent
ed3238b862
commit
6fdb6177bc
@ -9,6 +9,12 @@ class OAuthResourceServerException extends \Exception
|
|||||||
|
|
||||||
class Server
|
class Server
|
||||||
{
|
{
|
||||||
|
/**
|
||||||
|
* Reference to the database abstractor
|
||||||
|
* @var object
|
||||||
|
*/
|
||||||
|
private $_db = null;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The access token.
|
* The access token.
|
||||||
* @access private
|
* @access private
|
||||||
@ -37,10 +43,22 @@ class Server
|
|||||||
* Server configuration
|
* Server configuration
|
||||||
* @var array
|
* @var array
|
||||||
*/
|
*/
|
||||||
private $config = array(
|
private $_config = array(
|
||||||
'token_key' => 'oauth_token'
|
'token_key' => 'oauth_token'
|
||||||
);
|
);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Error codes.
|
||||||
|
*
|
||||||
|
* To provide i8ln errors just overwrite the keys
|
||||||
|
*
|
||||||
|
* @var array
|
||||||
|
*/
|
||||||
|
public $errors = array(
|
||||||
|
'missing_access_token' => 'An access token was not presented with the request',
|
||||||
|
'invalid_access_token' => 'The access token is not registered with the resource server'
|
||||||
|
);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Constructor
|
* Constructor
|
||||||
*
|
*
|
||||||
@ -56,21 +74,22 @@ class Server
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Magic method to test if access token represents a particular owner type
|
* Magic method to test if access token represents a particular owner type
|
||||||
* @param [type] $method [description]
|
* @param string $method The method name
|
||||||
* @param [type] $arguements [description]
|
* @param mixed $arguements The method arguements
|
||||||
* @return [type] [description]
|
* @return bool If method is valid, and access token is owned by the requested party then true,
|
||||||
*/
|
*/
|
||||||
public function __call($method, $arguements)
|
public function __call($method, $arguements = null)
|
||||||
{
|
{
|
||||||
if (substr($method, 0, 2) === 'is')
|
if (substr($method, 0, 2) === 'is') {
|
||||||
{
|
|
||||||
if ($this->_type === strtolower(substr($method, 2)))
|
if ($this->_type === strtolower(substr($method, 2))) {
|
||||||
{
|
|
||||||
return $this->_typeId;
|
return $this->_typeId;
|
||||||
}
|
}
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
trigger_error('Call to undefined function ' . $method . '()');
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -82,7 +101,7 @@ class Server
|
|||||||
*/
|
*/
|
||||||
public function registerDbAbstractor($db)
|
public function registerDbAbstractor($db)
|
||||||
{
|
{
|
||||||
$this->db = $db;
|
$this->_db = $db;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -99,18 +118,18 @@ class Server
|
|||||||
switch ($server['REQUEST_METHOD'])
|
switch ($server['REQUEST_METHOD'])
|
||||||
{
|
{
|
||||||
case 'POST':
|
case 'POST':
|
||||||
$accessToken = isset($_POST[$this->config['token_key']]) ? $_POST[$this->config['token_key']] : null;
|
$accessToken = isset($_POST[$this->_config['token_key']]) ? $_POST[$this->_config['token_key']] : null;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
$accessToken = isset($_GET[$this->config['token_key']]) ? $_GET[$this->config['token_key']] : null;
|
$accessToken = isset($_GET[$this->_config['token_key']]) ? $_GET[$this->_config['token_key']] : null;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Try and get an access token from the auth header
|
// Try and get an access token from the auth header
|
||||||
$headers = getallheaders();
|
$headers = getallheaders();
|
||||||
if (isset($headers['Authorization']))
|
if (isset($headers['Authorization'])) {
|
||||||
{
|
|
||||||
$rawToken = trim(str_replace('Bearer', '', $headers['Authorization']));
|
$rawToken = trim(str_replace('Bearer', '', $headers['Authorization']));
|
||||||
if ( ! empty($rawToken))
|
if ( ! empty($rawToken))
|
||||||
{
|
{
|
||||||
@ -118,38 +137,29 @@ class Server
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($accessToken)
|
if ($accessToken) {
|
||||||
{
|
|
||||||
$sessionQuery = $this->ci->db->get_where('oauth_sessions', array('access_token' => $accessToken, 'stage' => 'granted'));
|
|
||||||
|
|
||||||
if ($session_query->num_rows() === 1)
|
$result = $this->_dbCall('validateAccessToken', array($accessToken));
|
||||||
|
|
||||||
|
if ($result === false)
|
||||||
{
|
{
|
||||||
$session = $session_query->row();
|
throw new OAuthResourceServerException($this->errors['invalid_access_token']);
|
||||||
$this->_accessToken = $session->access_token;
|
|
||||||
$this->_type = $session->type;
|
|
||||||
$this->_typeId = $session->type_id;
|
|
||||||
|
|
||||||
$scopes_query = $this->ci->db->get_where('oauth_session_scopes', array('access_token' => $accessToken));
|
|
||||||
if ($scopes_query->num_rows() > 0)
|
|
||||||
{
|
|
||||||
foreach ($scopes_query->result() as $scope)
|
|
||||||
{
|
|
||||||
$this->_scopes[] = $scope->scope;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
$this->ci->output->set_status_header(403);
|
$this->_accessToken = $accessToken;
|
||||||
$this->ci->output->set_output('Invalid access token');
|
$this->_type = $result['owner_type'];
|
||||||
}
|
$this->_typeId = $result['owner_id'];
|
||||||
}
|
|
||||||
|
// Get the scopes
|
||||||
|
$this->_scopes = $this->_dbCall('sessionScopes', array($result['id']));
|
||||||
|
}
|
||||||
|
|
||||||
|
} else {
|
||||||
|
|
||||||
|
throw new OAuthResourceServerException($this->errors['missing_access_token']);
|
||||||
|
|
||||||
else
|
|
||||||
{
|
|
||||||
$this->ci->output->set_status_header(403);
|
|
||||||
$this->ci->output->set_output('Missing access token');
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -194,13 +204,13 @@ class Server
|
|||||||
*
|
*
|
||||||
* @return mixed The query result
|
* @return mixed The query result
|
||||||
*/
|
*/
|
||||||
private function dbcall()
|
private function _dbCall()
|
||||||
{
|
{
|
||||||
if ($this->db === null) {
|
if ($this->_db === null) {
|
||||||
throw new OAuthResourceServerException('No registered database abstractor');
|
throw new OAuthResourceServerException('No registered database abstractor');
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( ! $this->db instanceof Database) {
|
if ( ! $this->_db instanceof Database) {
|
||||||
throw new OAuthResourceServerException('Registered database abstractor is not an instance of Oauth2\Resource\Database');
|
throw new OAuthResourceServerException('Registered database abstractor is not an instance of Oauth2\Resource\Database');
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -209,6 +219,6 @@ class Server
|
|||||||
unset($args[0]);
|
unset($args[0]);
|
||||||
$params = array_values($args);
|
$params = array_values($args);
|
||||||
|
|
||||||
return call_user_func_array(array($this->db, $method), $args);
|
return call_user_func_array(array($this->_db, $method), $args);
|
||||||
}
|
}
|
||||||
}
|
}
|
Loading…
Reference in New Issue
Block a user