From 05d4b6858624df50c51078887fbb350f70e1c6ae Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 10 May 2013 23:00:47 -0700 Subject: [PATCH 1/9] Optimised regex and re-added trim() following conversation in #52 --- src/League/OAuth2/Server/Resource.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/League/OAuth2/Server/Resource.php b/src/League/OAuth2/Server/Resource.php index be902208..849f481c 100644 --- a/src/League/OAuth2/Server/Resource.php +++ b/src/League/OAuth2/Server/Resource.php @@ -251,9 +251,9 @@ class Resource // 2nd request: Authorization: Bearer XXX, Bearer XXX if (strpos($header, ',') !== false) { $headerPart = explode(',', $header); - $accessToken = preg_replace('/^(?:\s+)?Bearer(\s{1})/', '', $headerPart[0]); + $accessToken = trim(preg_replace('/^(?:\s+)?Bearer\s/', '', $headerPart[0])); } else { - $accessToken = preg_replace('/^(?:\s+)?Bearer(\s{1})/', '', $header); + $accessToken = trim(preg_replace('/^(?:\s+)?Bearer\s/', '', $header)); } $accessToken = ($accessToken === 'Bearer') ? '' : $accessToken; } else { From 4b3e0bf66865454f0296d2304956284a2fda7559 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 10 May 2013 23:01:54 -0700 Subject: [PATCH 2/9] Fixed semantic meaning of `requireScopeParam()` and `requireStateParam()` by changing their default value to true --- src/League/OAuth2/Server/Authorization.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/League/OAuth2/Server/Authorization.php b/src/League/OAuth2/Server/Authorization.php index fd11316f..32748d8a 100644 --- a/src/League/OAuth2/Server/Authorization.php +++ b/src/League/OAuth2/Server/Authorization.php @@ -271,7 +271,7 @@ class Authorization * @param boolean $require * @return void */ - public function requireScopeParam($require = false) + public function requireScopeParam($require = true) { $this->requireScopeParam = $require; } @@ -318,7 +318,7 @@ class Authorization * @param boolean $require * @return void */ - public function requireStateParam($require = false) + public function requireStateParam($require = true) { $this->requireStateParam = $require; } From ee9549287eade61290ca41dedd7a3d1416e1e94f Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Tue, 14 May 2013 08:59:53 +0100 Subject: [PATCH 3/9] Updated docblocks --- src/League/OAuth2/Server/Storage/ScopeInterface.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/League/OAuth2/Server/Storage/ScopeInterface.php b/src/League/OAuth2/Server/Storage/ScopeInterface.php index 15eb214b..60efd9ca 100644 --- a/src/League/OAuth2/Server/Storage/ScopeInterface.php +++ b/src/League/OAuth2/Server/Storage/ScopeInterface.php @@ -35,8 +35,8 @@ interface ScopeInterface * * * @param string $scope The scope - * @param string $clientId The client ID - * @param string $grantType The grant type used in the request + * @param string $clientId The client ID (default = "null") + * @param string $grantType The grant type used in the request (default = "null") * @return bool|array If the scope doesn't exist return false */ public function getScope($scope, $clientId = null, $grantType = null); From 92b6ce3335610fd7be7fff2dede6a6a9be48dcb9 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Tue, 14 May 2013 09:00:36 +0100 Subject: [PATCH 4/9] Added default value for final argument in ClientInterface::getClient(). Fixes #56 --- src/League/OAuth2/Server/Storage/ClientInterface.php | 4 ++-- src/League/OAuth2/Server/Storage/PDO/Client.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/League/OAuth2/Server/Storage/ClientInterface.php b/src/League/OAuth2/Server/Storage/ClientInterface.php index b98da03d..72538561 100644 --- a/src/League/OAuth2/Server/Storage/ClientInterface.php +++ b/src/League/OAuth2/Server/Storage/ClientInterface.php @@ -50,8 +50,8 @@ interface ClientInterface * @param string $clientId The client's ID * @param string $clientSecret The client's secret (default = "null") * @param string $redirectUri The client's redirect URI (default = "null") - * @param string $grantType The grant type used in the request + * @param string $grantType The grant type used in the request (default = "null") * @return bool|array Returns false if the validation fails, array on success */ - public function getClient($clientId, $clientSecret = null, $redirectUri = null, $grantType); + public function getClient($clientId, $clientSecret = null, $redirectUri = null, $grantType = null); } \ No newline at end of file diff --git a/src/League/OAuth2/Server/Storage/PDO/Client.php b/src/League/OAuth2/Server/Storage/PDO/Client.php index ced1a3ca..1fcb3642 100644 --- a/src/League/OAuth2/Server/Storage/PDO/Client.php +++ b/src/League/OAuth2/Server/Storage/PDO/Client.php @@ -6,7 +6,7 @@ use League\OAuth2\Server\Storage\ClientInterface; class Client implements ClientInterface { - public function getClient($clientId, $clientSecret = null, $redirectUri = null, $grantType) + public function getClient($clientId, $clientSecret = null, $redirectUri = null, $grantType = null) { $db = \ezcDbInstance::get(); From 47c24e3181b12a261ae472db0a63778255567d70 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 27 May 2013 20:33:07 +0200 Subject: [PATCH 5/9] Corrected array key call. Fixes #63 --- src/League/OAuth2/Server/Resource.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/League/OAuth2/Server/Resource.php b/src/League/OAuth2/Server/Resource.php index 849f481c..647441c9 100644 --- a/src/League/OAuth2/Server/Resource.php +++ b/src/League/OAuth2/Server/Resource.php @@ -194,7 +194,7 @@ class Resource $sessionScopes = $this->storages['session']->getScopes($this->accessToken); foreach ($sessionScopes as $scope) { - $this->sessionScopes[] = $scope['key']; + $this->sessionScopes[] = $scope['scope']; } return true; From a9ecca92fc9d8547475b5f6fc14110925cc25675 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 27 May 2013 19:38:07 +0100 Subject: [PATCH 6/9] Fixed broken test --- tests/resource/ResourceServerTest.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/resource/ResourceServerTest.php b/tests/resource/ResourceServerTest.php index c05966bf..04f988ca 100644 --- a/tests/resource/ResourceServerTest.php +++ b/tests/resource/ResourceServerTest.php @@ -196,8 +196,8 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase )); $this->session->shouldReceive('getScopes')->andReturn(array( - array('key' => 'foo'), - array('key' => 'bar') + array('scope' => 'foo'), + array('scope' => 'bar') )); $request = new League\OAuth2\Server\Util\Request(); From a4a8f6e661e7e61da91e5887542d857da4b5a5e0 Mon Sep 17 00:00:00 2001 From: Alex McRoberts Date: Mon, 27 May 2013 21:27:30 -0700 Subject: [PATCH 7/9] This fixes #57. By passing in a conditional flag refering to headersOnly, the library would stil respect RFC6749 Section 7 and RFC6750 Section 2. --- src/League/OAuth2/Server/Resource.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/League/OAuth2/Server/Resource.php b/src/League/OAuth2/Server/Resource.php index 647441c9..49f149ee 100644 --- a/src/League/OAuth2/Server/Resource.php +++ b/src/League/OAuth2/Server/Resource.php @@ -173,12 +173,13 @@ class Resource /** * Checks if the access token is valid or not. * + * @param $headersOnly Limit Access Token to Authorization header only * @throws Exception\InvalidAccessTokenException Thrown if the presented access token is not valid * @return bool */ - public function isValid() + public function isValid($headersOnly = false) { - $accessToken = $this->determineAccessToken(); + $accessToken = $this->determineAccessToken($headersOnly); $result = $this->storages['session']->validateAccessToken($accessToken); @@ -237,10 +238,11 @@ class Resource /** * Reads in the access token from the headers. * + * @param $headersOnly Limit Access Token to Authorization header only * @throws Exception\MissingAccessTokenException Thrown if there is no access token presented * @return string */ - protected function determineAccessToken() + protected function determineAccessToken($headersOnly = false) { if ($header = $this->getRequest()->header('Authorization')) { // Check for special case, because cURL sometimes does an @@ -256,7 +258,7 @@ class Resource $accessToken = trim(preg_replace('/^(?:\s+)?Bearer\s/', '', $header)); } $accessToken = ($accessToken === 'Bearer') ? '' : $accessToken; - } else { + } elseif ($headersOnly === false) { $method = $this->getRequest()->server('REQUEST_METHOD'); $accessToken = $this->getRequest()->{$method}($this->tokenKey); } From dca0898c2fae31c749136877a34a5d64be8b8738 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Sun, 2 Jun 2013 13:54:47 +0100 Subject: [PATCH 8/9] Version bump --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 2d37cdd9..40db4273 100644 --- a/composer.json +++ b/composer.json @@ -1,7 +1,7 @@ { "name": "league/oauth2-server", "description": "A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.", - "version": "2.1", + "version": "2.1.1", "homepage": "https://github.com/php-loep/oauth2-server", "license": "MIT", "require": { From e0f4ccb77515851c784acc001f4cdb8aca3da2cd Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Sun, 2 Jun 2013 13:54:54 +0100 Subject: [PATCH 9/9] Updated changelog --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f18643fd..8da0979f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ # Changelog +## 2.1.1 (released 2013-06-02) + +* Added conditional `isValid()` flag to check for Authorization header only (thanks @alexmcroberts) +* Fixed semantic meaning of `requireScopeParam()` and `requireStateParam()` by changing their default value to true +* Updated some duff docblocks +* Corrected array key call in Resource.php (Issue #63) + ## 2.1 (released 2013-05-10) * Moved zetacomponents/database to "suggest" in composer.json. If you rely on this feature you now need to include " zetacomponents/database" into "require" key in your own composer.json. (Issue #51)