mirror of
https://github.com/elyby/oauth2-server.git
synced 2025-01-09 05:23:53 +05:30
Fix #231
This commit is contained in:
parent
856051bfb3
commit
b9debaab26
@ -20,7 +20,6 @@ class AccessTokenStorage extends Adapter implements AccessTokenInterface
|
|||||||
{
|
{
|
||||||
$result = Capsule::table('oauth_access_tokens')
|
$result = Capsule::table('oauth_access_tokens')
|
||||||
->where('access_token', $token)
|
->where('access_token', $token)
|
||||||
->where('expire_time', '>=', time())
|
|
||||||
->get();
|
->get();
|
||||||
|
|
||||||
if (count($result) === 1) {
|
if (count($result) === 1) {
|
||||||
|
@ -17,7 +17,6 @@ class RefreshTokenStorage extends Adapter implements RefreshTokenInterface
|
|||||||
{
|
{
|
||||||
$result = Capsule::table('oauth_refresh_tokens')
|
$result = Capsule::table('oauth_refresh_tokens')
|
||||||
->where('refresh_token', $token)
|
->where('refresh_token', $token)
|
||||||
->where('expire_time', '>=', time())
|
|
||||||
->get();
|
->get();
|
||||||
|
|
||||||
if (count($result) === 1) {
|
if (count($result) === 1) {
|
||||||
|
@ -96,6 +96,15 @@ abstract class AbstractTokenEntity
|
|||||||
return $this->expireTime;
|
return $this->expireTime;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Is the token expired?
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public function isExpired()
|
||||||
|
{
|
||||||
|
return ((time() - $this->expireTime) > 0);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Set token ID
|
* Set token ID
|
||||||
* @param string $token Token ID
|
* @param string $token Token ID
|
||||||
|
@ -209,6 +209,11 @@ class AuthCodeGrant extends AbstractGrant
|
|||||||
throw new Exception\InvalidRequestException('code');
|
throw new Exception\InvalidRequestException('code');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Ensure the auth code hasn't expired
|
||||||
|
if ($code->isExpired() === true) {
|
||||||
|
throw new Exception\InvalidRequestException('code');
|
||||||
|
}
|
||||||
|
|
||||||
// Check redirect URI presented matches redirect URI originally used in authorize request
|
// Check redirect URI presented matches redirect URI originally used in authorize request
|
||||||
if ($code->getRedirectUri() !== $redirectUri) {
|
if ($code->getRedirectUri() !== $redirectUri) {
|
||||||
throw new Exception\InvalidRequestException('redirect_uri');
|
throw new Exception\InvalidRequestException('redirect_uri');
|
||||||
|
@ -99,10 +99,17 @@ class ResourceServer extends AbstractServer
|
|||||||
// Set the access token
|
// Set the access token
|
||||||
$this->accessToken = $this->getAccessTokenStorage()->get($accessTokenString);
|
$this->accessToken = $this->getAccessTokenStorage()->get($accessTokenString);
|
||||||
|
|
||||||
|
// Ensure the access token exists
|
||||||
if (!$this->accessToken instanceof AccessTokenEntity) {
|
if (!$this->accessToken instanceof AccessTokenEntity) {
|
||||||
throw new Exception\AccessDeniedException;
|
throw new Exception\AccessDeniedException;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Check the access token hasn't expired
|
||||||
|
// Ensure the auth code hasn't expired
|
||||||
|
if ($this->accessToken->isExpired() === true) {
|
||||||
|
throw new Exception\AccessDeniedException;
|
||||||
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -551,7 +551,7 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
|
|||||||
$authCodeStorage->shouldReceive('setServer');
|
$authCodeStorage->shouldReceive('setServer');
|
||||||
$authCodeStorage->shouldReceive('delete');
|
$authCodeStorage->shouldReceive('delete');
|
||||||
$authCodeStorage->shouldReceive('get')->andReturn(
|
$authCodeStorage->shouldReceive('get')->andReturn(
|
||||||
(new AuthCodeEntity($server))->setId('foobar')->setRedirectUri('http://foo/bar')
|
(new AuthCodeEntity($server))->setId('foobar')->setRedirectUri('http://foo/bar')->setExpireTime(time() + 300)
|
||||||
);
|
);
|
||||||
$authCodeStorage->shouldReceive('getScopes')->andReturn([
|
$authCodeStorage->shouldReceive('getScopes')->andReturn([
|
||||||
(new ScopeEntity($server))->hydrate(['id' => 'foo'])
|
(new ScopeEntity($server))->hydrate(['id' => 'foo'])
|
||||||
@ -622,7 +622,7 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
|
|||||||
$authCodeStorage->shouldReceive('setServer');
|
$authCodeStorage->shouldReceive('setServer');
|
||||||
$authCodeStorage->shouldReceive('delete');
|
$authCodeStorage->shouldReceive('delete');
|
||||||
$authCodeStorage->shouldReceive('get')->andReturn(
|
$authCodeStorage->shouldReceive('get')->andReturn(
|
||||||
(new AuthCodeEntity($server))->setId('foobar')->setRedirectUri('http://foo/bar')
|
(new AuthCodeEntity($server))->setId('foobar')->setRedirectUri('http://foo/bar')->setExpireTime(time() + 300)
|
||||||
);
|
);
|
||||||
$authCodeStorage->shouldReceive('getScopes')->andReturn([
|
$authCodeStorage->shouldReceive('getScopes')->andReturn([
|
||||||
(new ScopeEntity($server))->hydrate(['id' => 'foo'])
|
(new ScopeEntity($server))->hydrate(['id' => 'foo'])
|
||||||
|
@ -142,7 +142,7 @@ class ResourceServerTest extends \PHPUnit_Framework_TestCase
|
|||||||
});
|
});
|
||||||
|
|
||||||
$accessTokenStorage->shouldReceive('get')->andReturn(
|
$accessTokenStorage->shouldReceive('get')->andReturn(
|
||||||
(new AccessTokenEntity($server))->setId('abcdef')
|
(new AccessTokenEntity($server))->setId('abcdef')->setExpireTime(time() + 300)
|
||||||
);
|
);
|
||||||
|
|
||||||
$accessTokenStorage->shouldReceive('getScopes')->andReturn([
|
$accessTokenStorage->shouldReceive('getScopes')->andReturn([
|
||||||
@ -167,4 +167,60 @@ class ResourceServerTest extends \PHPUnit_Framework_TestCase
|
|||||||
$this->assertTrue($server->isValidRequest());
|
$this->assertTrue($server->isValidRequest());
|
||||||
$this->assertEquals('abcdef', $server->getAccessToken());
|
$this->assertEquals('abcdef', $server->getAccessToken());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @expectedException League\OAuth2\Server\Exception\AccessDeniedException
|
||||||
|
*/
|
||||||
|
public function testIsValidExpiredToken()
|
||||||
|
{
|
||||||
|
$sessionStorage = M::mock('League\OAuth2\Server\Storage\SessionInterface');
|
||||||
|
$sessionStorage->shouldReceive('setServer');
|
||||||
|
|
||||||
|
$accessTokenStorage = M::mock('League\OAuth2\Server\Storage\AccessTokenInterface');
|
||||||
|
$accessTokenStorage->shouldReceive('setServer');
|
||||||
|
|
||||||
|
$clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
|
||||||
|
$clientStorage->shouldReceive('setServer');
|
||||||
|
|
||||||
|
$scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
|
||||||
|
$scopeStorage->shouldReceive('setServer');
|
||||||
|
|
||||||
|
$server = new ResourceServer(
|
||||||
|
$sessionStorage,
|
||||||
|
$accessTokenStorage,
|
||||||
|
$clientStorage,
|
||||||
|
$scopeStorage
|
||||||
|
);
|
||||||
|
|
||||||
|
$server->setIdKey('at');
|
||||||
|
|
||||||
|
$server->addEventListener('session.owner', function($event) {
|
||||||
|
$this->assertTrue($event->getSession() instanceof \League\OAuth2\Server\Entity\SessionEntity);
|
||||||
|
});
|
||||||
|
|
||||||
|
$accessTokenStorage->shouldReceive('get')->andReturn(
|
||||||
|
(new AccessTokenEntity($server))->setId('abcdef')->setExpireTime(time() - 300)
|
||||||
|
);
|
||||||
|
|
||||||
|
$accessTokenStorage->shouldReceive('getScopes')->andReturn([
|
||||||
|
(new ScopeEntity($server))->hydrate(['id' => 'foo']),
|
||||||
|
(new ScopeEntity($server))->hydrate(['id' => 'bar'])
|
||||||
|
]);
|
||||||
|
|
||||||
|
$sessionStorage->shouldReceive('getByAccessToken')->andReturn(
|
||||||
|
(new SessionEntity($server))->setId('foobar')->setOwner('user', 123)
|
||||||
|
);
|
||||||
|
|
||||||
|
$clientStorage->shouldReceive('getBySession')->andReturn(
|
||||||
|
(new ClientEntity($server))->hydrate(['id' => 'testapp'])
|
||||||
|
);
|
||||||
|
|
||||||
|
$request = new \Symfony\Component\HttpFoundation\Request();
|
||||||
|
$request->headers = new \Symfony\Component\HttpFoundation\ParameterBag([
|
||||||
|
'Authorization' => 'Bearer abcdef'
|
||||||
|
]);
|
||||||
|
$server->setRequest($request);
|
||||||
|
|
||||||
|
$server->isValidRequest();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user