Lots of fixes

This commit is contained in:
Alex Bilbie 2012-08-20 15:09:33 +01:00
parent ed3238b862
commit 6fdb6177bc

View File

@ -9,6 +9,12 @@ class OAuthResourceServerException extends \Exception
class Server
{
/**
* Reference to the database abstractor
* @var object
*/
private $_db = null;
/**
* The access token.
* @access private
@ -37,10 +43,22 @@ class Server
* Server configuration
* @var array
*/
private $config = array(
private $_config = array(
'token_key' => 'oauth_token'
);
/**
* Error codes.
*
* To provide i8ln errors just overwrite the keys
*
* @var array
*/
public $errors = array(
'missing_access_token' => 'An access token was not presented with the request',
'invalid_access_token' => 'The access token is not registered with the resource server'
);
/**
* Constructor
*
@ -56,21 +74,22 @@ class Server
/**
* Magic method to test if access token represents a particular owner type
* @param [type] $method [description]
* @param [type] $arguements [description]
* @return [type] [description]
* @param string $method The method name
* @param mixed $arguements The method arguements
* @return bool If method is valid, and access token is owned by the requested party then true,
*/
public function __call($method, $arguements)
{
if (substr($method, 0, 2) === 'is')
{
if ($this->_type === strtolower(substr($method, 2)))
public function __call($method, $arguements = null)
{
if (substr($method, 0, 2) === 'is') {
if ($this->_type === strtolower(substr($method, 2))) {
return $this->_typeId;
}
return false;
}
trigger_error('Call to undefined function ' . $method . '()');
}
/**
@ -82,7 +101,7 @@ class Server
*/
public function registerDbAbstractor($db)
{
$this->db = $db;
$this->_db = $db;
}
/**
@ -99,18 +118,18 @@ class Server
switch ($server['REQUEST_METHOD'])
{
case 'POST':
$accessToken = isset($_POST[$this->config['token_key']]) ? $_POST[$this->config['token_key']] : null;
$accessToken = isset($_POST[$this->_config['token_key']]) ? $_POST[$this->_config['token_key']] : null;
break;
default:
$accessToken = isset($_GET[$this->config['token_key']]) ? $_GET[$this->config['token_key']] : null;
$accessToken = isset($_GET[$this->_config['token_key']]) ? $_GET[$this->_config['token_key']] : null;
break;
}
// Try and get an access token from the auth header
$headers = getallheaders();
if (isset($headers['Authorization']))
{
if (isset($headers['Authorization'])) {
$rawToken = trim(str_replace('Bearer', '', $headers['Authorization']));
if ( ! empty($rawToken))
{
@ -118,38 +137,29 @@ class Server
}
}
if ($accessToken)
{
$sessionQuery = $this->ci->db->get_where('oauth_sessions', array('access_token' => $accessToken, 'stage' => 'granted'));
if ($accessToken) {
if ($session_query->num_rows() === 1)
{
$session = $session_query->row();
$this->_accessToken = $session->access_token;
$this->_type = $session->type;
$this->_typeId = $session->type_id;
$result = $this->_dbCall('validateAccessToken', array($accessToken));
$scopes_query = $this->ci->db->get_where('oauth_session_scopes', array('access_token' => $accessToken));
if ($scopes_query->num_rows() > 0)
if ($result === false)
{
foreach ($scopes_query->result() as $scope)
{
$this->_scopes[] = $scope->scope;
}
}
throw new OAuthResourceServerException($this->errors['invalid_access_token']);
}
else
{
$this->ci->output->set_status_header(403);
$this->ci->output->set_output('Invalid access token');
}
$this->_accessToken = $accessToken;
$this->_type = $result['owner_type'];
$this->_typeId = $result['owner_id'];
// Get the scopes
$this->_scopes = $this->_dbCall('sessionScopes', array($result['id']));
}
else
{
$this->ci->output->set_status_header(403);
$this->ci->output->set_output('Missing access token');
} else {
throw new OAuthResourceServerException($this->errors['missing_access_token']);
}
}
@ -194,13 +204,13 @@ class Server
*
* @return mixed The query result
*/
private function dbcall()
private function _dbCall()
{
if ($this->db === null) {
if ($this->_db === null) {
throw new OAuthResourceServerException('No registered database abstractor');
}
if ( ! $this->db instanceof Database) {
if ( ! $this->_db instanceof Database) {
throw new OAuthResourceServerException('Registered database abstractor is not an instance of Oauth2\Resource\Database');
}
@ -209,6 +219,6 @@ class Server
unset($args[0]);
$params = array_values($args);
return call_user_func_array(array($this->db, $method), $args);
return call_user_func_array(array($this->_db, $method), $args);
}
}