This commit is contained in:
Alex Bilbie 2014-11-08 16:44:39 +00:00
parent 856051bfb3
commit b9debaab26
7 changed files with 80 additions and 5 deletions

View File

@ -20,7 +20,6 @@ class AccessTokenStorage extends Adapter implements AccessTokenInterface
{ {
$result = Capsule::table('oauth_access_tokens') $result = Capsule::table('oauth_access_tokens')
->where('access_token', $token) ->where('access_token', $token)
->where('expire_time', '>=', time())
->get(); ->get();
if (count($result) === 1) { if (count($result) === 1) {

View File

@ -17,7 +17,6 @@ class RefreshTokenStorage extends Adapter implements RefreshTokenInterface
{ {
$result = Capsule::table('oauth_refresh_tokens') $result = Capsule::table('oauth_refresh_tokens')
->where('refresh_token', $token) ->where('refresh_token', $token)
->where('expire_time', '>=', time())
->get(); ->get();
if (count($result) === 1) { if (count($result) === 1) {

View File

@ -96,6 +96,15 @@ abstract class AbstractTokenEntity
return $this->expireTime; return $this->expireTime;
} }
/**
* Is the token expired?
* @return bool
*/
public function isExpired()
{
return ((time() - $this->expireTime) > 0);
}
/** /**
* Set token ID * Set token ID
* @param string $token Token ID * @param string $token Token ID

View File

@ -209,6 +209,11 @@ class AuthCodeGrant extends AbstractGrant
throw new Exception\InvalidRequestException('code'); throw new Exception\InvalidRequestException('code');
} }
// Ensure the auth code hasn't expired
if ($code->isExpired() === true) {
throw new Exception\InvalidRequestException('code');
}
// Check redirect URI presented matches redirect URI originally used in authorize request // Check redirect URI presented matches redirect URI originally used in authorize request
if ($code->getRedirectUri() !== $redirectUri) { if ($code->getRedirectUri() !== $redirectUri) {
throw new Exception\InvalidRequestException('redirect_uri'); throw new Exception\InvalidRequestException('redirect_uri');

View File

@ -99,10 +99,17 @@ class ResourceServer extends AbstractServer
// Set the access token // Set the access token
$this->accessToken = $this->getAccessTokenStorage()->get($accessTokenString); $this->accessToken = $this->getAccessTokenStorage()->get($accessTokenString);
// Ensure the access token exists
if (!$this->accessToken instanceof AccessTokenEntity) { if (!$this->accessToken instanceof AccessTokenEntity) {
throw new Exception\AccessDeniedException; throw new Exception\AccessDeniedException;
} }
// Check the access token hasn't expired
// Ensure the auth code hasn't expired
if ($this->accessToken->isExpired() === true) {
throw new Exception\AccessDeniedException;
}
return true; return true;
} }

View File

@ -551,7 +551,7 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
$authCodeStorage->shouldReceive('setServer'); $authCodeStorage->shouldReceive('setServer');
$authCodeStorage->shouldReceive('delete'); $authCodeStorage->shouldReceive('delete');
$authCodeStorage->shouldReceive('get')->andReturn( $authCodeStorage->shouldReceive('get')->andReturn(
(new AuthCodeEntity($server))->setId('foobar')->setRedirectUri('http://foo/bar') (new AuthCodeEntity($server))->setId('foobar')->setRedirectUri('http://foo/bar')->setExpireTime(time() + 300)
); );
$authCodeStorage->shouldReceive('getScopes')->andReturn([ $authCodeStorage->shouldReceive('getScopes')->andReturn([
(new ScopeEntity($server))->hydrate(['id' => 'foo']) (new ScopeEntity($server))->hydrate(['id' => 'foo'])
@ -622,7 +622,7 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
$authCodeStorage->shouldReceive('setServer'); $authCodeStorage->shouldReceive('setServer');
$authCodeStorage->shouldReceive('delete'); $authCodeStorage->shouldReceive('delete');
$authCodeStorage->shouldReceive('get')->andReturn( $authCodeStorage->shouldReceive('get')->andReturn(
(new AuthCodeEntity($server))->setId('foobar')->setRedirectUri('http://foo/bar') (new AuthCodeEntity($server))->setId('foobar')->setRedirectUri('http://foo/bar')->setExpireTime(time() + 300)
); );
$authCodeStorage->shouldReceive('getScopes')->andReturn([ $authCodeStorage->shouldReceive('getScopes')->andReturn([
(new ScopeEntity($server))->hydrate(['id' => 'foo']) (new ScopeEntity($server))->hydrate(['id' => 'foo'])

View File

@ -142,7 +142,7 @@ class ResourceServerTest extends \PHPUnit_Framework_TestCase
}); });
$accessTokenStorage->shouldReceive('get')->andReturn( $accessTokenStorage->shouldReceive('get')->andReturn(
(new AccessTokenEntity($server))->setId('abcdef') (new AccessTokenEntity($server))->setId('abcdef')->setExpireTime(time() + 300)
); );
$accessTokenStorage->shouldReceive('getScopes')->andReturn([ $accessTokenStorage->shouldReceive('getScopes')->andReturn([
@ -167,4 +167,60 @@ class ResourceServerTest extends \PHPUnit_Framework_TestCase
$this->assertTrue($server->isValidRequest()); $this->assertTrue($server->isValidRequest());
$this->assertEquals('abcdef', $server->getAccessToken()); $this->assertEquals('abcdef', $server->getAccessToken());
} }
/**
* @expectedException League\OAuth2\Server\Exception\AccessDeniedException
*/
public function testIsValidExpiredToken()
{
$sessionStorage = M::mock('League\OAuth2\Server\Storage\SessionInterface');
$sessionStorage->shouldReceive('setServer');
$accessTokenStorage = M::mock('League\OAuth2\Server\Storage\AccessTokenInterface');
$accessTokenStorage->shouldReceive('setServer');
$clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
$clientStorage->shouldReceive('setServer');
$scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
$scopeStorage->shouldReceive('setServer');
$server = new ResourceServer(
$sessionStorage,
$accessTokenStorage,
$clientStorage,
$scopeStorage
);
$server->setIdKey('at');
$server->addEventListener('session.owner', function($event) {
$this->assertTrue($event->getSession() instanceof \League\OAuth2\Server\Entity\SessionEntity);
});
$accessTokenStorage->shouldReceive('get')->andReturn(
(new AccessTokenEntity($server))->setId('abcdef')->setExpireTime(time() - 300)
);
$accessTokenStorage->shouldReceive('getScopes')->andReturn([
(new ScopeEntity($server))->hydrate(['id' => 'foo']),
(new ScopeEntity($server))->hydrate(['id' => 'bar'])
]);
$sessionStorage->shouldReceive('getByAccessToken')->andReturn(
(new SessionEntity($server))->setId('foobar')->setOwner('user', 123)
);
$clientStorage->shouldReceive('getBySession')->andReturn(
(new ClientEntity($server))->hydrate(['id' => 'testapp'])
);
$request = new \Symfony\Component\HttpFoundation\Request();
$request->headers = new \Symfony\Component\HttpFoundation\ParameterBag([
'Authorization' => 'Bearer abcdef'
]);
$server->setRequest($request);
$server->isValidRequest();
}
} }