From 7bca63a18f7ef87d64a34887a29a6cdd6214cb39 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Thu, 5 Jul 2012 17:38:58 +0100 Subject: [PATCH 001/199] First commit --- composer.json | 33 ++++++++++++++++++++++++++++++++ src/oauth2server/AccessToken.php | 26 +++++++++++++++++++++++++ src/oauth2server/Client.php | 25 ++++++++++++++++++++++++ src/oauth2server/Scope.php | 16 ++++++++++++++++ src/oauth2server/Server.php | 18 +++++++++++++++++ src/oauth2server/db.php | 8 ++++++++ 6 files changed, 126 insertions(+) create mode 100644 composer.json create mode 100644 src/oauth2server/AccessToken.php create mode 100644 src/oauth2server/Client.php create mode 100644 src/oauth2server/Scope.php create mode 100644 src/oauth2server/Server.php create mode 100644 src/oauth2server/db.php diff --git a/composer.json b/composer.json new file mode 100644 index 00000000..e2229628 --- /dev/null +++ b/composer.json @@ -0,0 +1,33 @@ +{ + "name": "lncd/oauth2server", + "description": "OAuth 2.0 server", + "version": "0.0.1", + "require": { + "php": ">=5.3.0", + }, + "repositories": [ + { + "type": "git", + "url": "https://github.com/lncd/oauth2server" + } + ], + "keywords": [ + "oauth", + "oauth2", + "server" + ], + "license": "MIT", + "authors": [ + { + "name": "Alex Bilbie", + "email": "php-oauth2-server@alexbilbie.com", + "homepage": "http://www.httpster.org", + "role": "Developer" + } + ], + "autoload": { + "psr-0": { + "oauth2server": "src/" + } + } +} \ No newline at end of file diff --git a/src/oauth2server/AccessToken.php b/src/oauth2server/AccessToken.php new file mode 100644 index 00000000..8fa8e144 --- /dev/null +++ b/src/oauth2server/AccessToken.php @@ -0,0 +1,26 @@ + Date: Fri, 6 Jul 2012 08:20:19 +0100 Subject: [PATCH 002/199] Set the DB interface --- src/oauth2server/DbInterface.php | 30 ++++++++++++++++++++++++++++++ src/oauth2server/db.php | 8 -------- 2 files changed, 30 insertions(+), 8 deletions(-) create mode 100644 src/oauth2server/DbInterface.php delete mode 100644 src/oauth2server/db.php diff --git a/src/oauth2server/DbInterface.php b/src/oauth2server/DbInterface.php new file mode 100644 index 00000000..eeb8be42 --- /dev/null +++ b/src/oauth2server/DbInterface.php @@ -0,0 +1,30 @@ + Date: Fri, 6 Jul 2012 08:20:45 +0100 Subject: [PATCH 003/199] Comment about the purpose of details function --- src/oauth2server/Scope.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/oauth2server/Scope.php b/src/oauth2server/Scope.php index 90947361..4625eee6 100644 --- a/src/oauth2server/Scope.php +++ b/src/oauth2server/Scope.php @@ -11,6 +11,6 @@ class Scope public function details($scopes) { - + // returns details about a scope to display to a user } } \ No newline at end of file From fb98e7beb92c82a86c6b56c4d318c2fb1bc6f716 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 12:22:13 +0100 Subject: [PATCH 004/199] Added CodeSniffer and PHPMD rules --- build/phpcs.xml | 8 ++++++++ build/phpmd.xml | 14 ++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 build/phpcs.xml create mode 100644 build/phpmd.xml diff --git a/build/phpcs.xml b/build/phpcs.xml new file mode 100644 index 00000000..737ec5db --- /dev/null +++ b/build/phpcs.xml @@ -0,0 +1,8 @@ + + + + PHP_CodeSniffer configuration for OAuth 2.0 server + + + + \ No newline at end of file diff --git a/build/phpmd.xml b/build/phpmd.xml new file mode 100644 index 00000000..11f54dc1 --- /dev/null +++ b/build/phpmd.xml @@ -0,0 +1,14 @@ + + + + Ruleset for OAuth 2.0 server + + + + + \ No newline at end of file From 2044bb57bf2a9766b61abd1df635f24678d344fb Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 12:32:00 +0100 Subject: [PATCH 005/199] Added build.xml file --- build.xml | 132 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 132 insertions(+) create mode 100644 build.xml diff --git a/build.xml b/build.xml new file mode 100644 index 00000000..047861d4 --- /dev/null +++ b/build.xml @@ -0,0 +1,132 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file From 70dd803025ffd6174f580fda6b6158e4e83ef699 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 12:39:43 +0100 Subject: [PATCH 006/199] Missing semicolon --- src/oauth2server/Client.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/oauth2server/Client.php b/src/oauth2server/Client.php index 486f86b4..06c4ed3c 100644 --- a/src/oauth2server/Client.php +++ b/src/oauth2server/Client.php @@ -6,7 +6,7 @@ class Client { protected $id; protected $secret; - protected $redirect_uri + protected $redirect_uri; public function __construct() { From cff3817865a22a81ff1649c823fd5bdefd372801 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 12:40:50 +0100 Subject: [PATCH 007/199] Removed non-existant tests folder from being linted --- build.xml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/build.xml b/build.xml index 047861d4..27bfda9f 100644 --- a/build.xml +++ b/build.xml @@ -44,11 +44,6 @@ - - - - - From 6d7aa9726d60990f22a6b6cd97ea0471e83e9000 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 13:30:10 +0100 Subject: [PATCH 008/199] Coverted tabs to spaces --- src/oauth2server/AccessToken.php | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/src/oauth2server/AccessToken.php b/src/oauth2server/AccessToken.php index 8fa8e144..22a69787 100644 --- a/src/oauth2server/AccessToken.php +++ b/src/oauth2server/AccessToken.php @@ -4,23 +4,23 @@ namespace LNCD\OAuth2server; class AccessToken { - function __construct() - { + function __construct() + { - } + } - public function get(int $sessionId) - { - // returns an access token that the user may already have (else generate a new one) - } + public function get(int $sessionId) + { + // returns an access token that the user may already have (else generate a new one) + } - public function validate(string $accessToken, array $scopes) - { - // tests if an access token is valid - } + public function validate(string $accessToken, array $scopes) + { + // tests if an access token is valid + } - private function set(int $sessionId) - { - // generate a new access token - } + private function set(int $sessionId) + { + // generate a new access token + } } \ No newline at end of file From dfaa99eb2672918c6183ee42587de776b3d38706 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 13:31:26 +0100 Subject: [PATCH 009/199] Converted tabs to spaces --- src/oauth2server/Client.php | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/src/oauth2server/Client.php b/src/oauth2server/Client.php index 06c4ed3c..4472b478 100644 --- a/src/oauth2server/Client.php +++ b/src/oauth2server/Client.php @@ -4,22 +4,22 @@ namespace LNCD\OAuth2server; class Client { - protected $id; - protected $secret; - protected $redirect_uri; + protected $id; + protected $secret; + protected $redirect_uri; - public function __construct() - { + public function __construct() + { - } + } - public function validate(array $details) - { + public function validate(array $details) + { - } + } - public function redirectUri(string $redirectUri, array $params, $queryDelimeter = '?') - { - // Generates the redirect uri with appended params - } + public function redirectUri(string $redirectUri, array $params, $queryDelimeter = '?') + { + // Generates the redirect uri with appended params + } } \ No newline at end of file From 01e13d167b04f91df0074feef7ce01bff486665c Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 13:31:33 +0100 Subject: [PATCH 010/199] Converted spaces to tabs --- src/oauth2server/Scope.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/oauth2server/Scope.php b/src/oauth2server/Scope.php index 4625eee6..f3b974a4 100644 --- a/src/oauth2server/Scope.php +++ b/src/oauth2server/Scope.php @@ -4,10 +4,10 @@ namespace LNCD\OAuth2server; class Scope { - public function exists(string $scope) - { - // tests if a scope exists - } + public function exists(string $scope) + { + // tests if a scope exists + } public function details($scopes) { From 93f9727f195bdf7095226ec793b93dc9ff2d816a Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 13:32:36 +0100 Subject: [PATCH 011/199] Added scope to __construct method --- src/oauth2server/AccessToken.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/oauth2server/AccessToken.php b/src/oauth2server/AccessToken.php index 22a69787..95e9d853 100644 --- a/src/oauth2server/AccessToken.php +++ b/src/oauth2server/AccessToken.php @@ -4,7 +4,7 @@ namespace LNCD\OAuth2server; class AccessToken { - function __construct() + public function __construct() { } From 7874c7df15e4629a370258575d529ced3e55418c Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 13:32:50 +0100 Subject: [PATCH 012/199] Split line to less than 80 chars so PHPCS stops bitching --- src/oauth2server/AccessToken.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/oauth2server/AccessToken.php b/src/oauth2server/AccessToken.php index 95e9d853..150c7aca 100644 --- a/src/oauth2server/AccessToken.php +++ b/src/oauth2server/AccessToken.php @@ -11,7 +11,8 @@ class AccessToken public function get(int $sessionId) { - // returns an access token that the user may already have (else generate a new one) + // returns an access token that the user may already have + // (else generate a new one) } public function validate(string $accessToken, array $scopes) From 3eb408bf6f034fb7847107e2c7ed3db324e9d12d Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 13:38:05 +0100 Subject: [PATCH 013/199] Split functions so line lengths aren't so long --- src/oauth2server/DbInterface.php | 56 +++++++++++++++++++++++++++----- 1 file changed, 47 insertions(+), 9 deletions(-) diff --git a/src/oauth2server/DbInterface.php b/src/oauth2server/DbInterface.php index eeb8be42..c8057250 100644 --- a/src/oauth2server/DbInterface.php +++ b/src/oauth2server/DbInterface.php @@ -2,29 +2,67 @@ interface OAuth2ServerDatabase { - public function validateClient(string $clientId, $clientSecret, $redirectUri); + public function validateClient( + string $clientId, + $clientSecret, + $redirectUri + ); - public function newSession(string $clientId, string $redirectUri, string $type = 'user', string $typeId, $authCode, $accessToken, string $stage = 'request'); + public function newSession( + string $clientId, + string $redirectUri, + string $type = 'user', + string $typeId, + $authCode, + $accessToken, + string $stage = 'request' + ); - public function updateSession(string $clientId, string $type = 'user', string $typeId, $authCode, $accessToken, string $stage); + public function updateSession( + string $clientId, + string $type = 'user', + string $typeId, + $authCode, + $accessToken, + string $stage + ); - public function deleteSession(string $clientId, string $typeId); + public function deleteSession( + string $clientId, + string $typeId + ); - public function validateAuthCode(string $clientId, string $redirectUri, string $authCode); + public function validateAuthCode( + string $clientId, + string $redirectUri, + string $authCode + ); public function getAccessToken(int $sessionId); public function removeAuthCode(int $sessionId); - public function setAccessToken(int $sessionId, string $accessToken); + public function setAccessToken( + int $sessionId, + string $accessToken + ); - public function addSessionScope(int $sessionId, string $scope); + public function addSessionScope( + int $sessionId, + string $scope + ); public function getScope(string $scope); - public function updateSessionScopeAccessToken(int $sesstionId, string $accessToken); + public function updateSessionScopeAccessToken( + int $sesstionId, + string $accessToken + ); public function accessTokenScopes(string $accessToken); - public function validateUser(string $username, string $password); + public function validateUser( + string $username, + string $password + ); } \ No newline at end of file From 48a068b999c24dd9e26bbd02dcc2ccf290e314d1 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 13:40:59 +0100 Subject: [PATCH 014/199] $queryDelimeter should be a string --- src/oauth2server/Client.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/oauth2server/Client.php b/src/oauth2server/Client.php index 4472b478..c6825d86 100644 --- a/src/oauth2server/Client.php +++ b/src/oauth2server/Client.php @@ -18,7 +18,7 @@ class Client } - public function redirectUri(string $redirectUri, array $params, $queryDelimeter = '?') + public function redirectUri(string $redirectUri, array $params, string $queryDelimeter = '?') { // Generates the redirect uri with appended params } From ab6db8fe670c964a38c35cc9782ac2571e09948a Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 13:42:39 +0100 Subject: [PATCH 015/199] Undo 48a068b999c24dd9e26bbd02dcc2ccf290e314d1 --- src/oauth2server/Client.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/oauth2server/Client.php b/src/oauth2server/Client.php index c6825d86..4472b478 100644 --- a/src/oauth2server/Client.php +++ b/src/oauth2server/Client.php @@ -18,7 +18,7 @@ class Client } - public function redirectUri(string $redirectUri, array $params, string $queryDelimeter = '?') + public function redirectUri(string $redirectUri, array $params, $queryDelimeter = '?') { // Generates the redirect uri with appended params } From 8ac160006334d421b89c285b43d5ef444b0cb3e6 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 13:51:05 +0100 Subject: [PATCH 016/199] Default null values (and string type hinting) for various parameters --- src/oauth2server/DbInterface.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/oauth2server/DbInterface.php b/src/oauth2server/DbInterface.php index c8057250..c02ef506 100644 --- a/src/oauth2server/DbInterface.php +++ b/src/oauth2server/DbInterface.php @@ -4,26 +4,26 @@ interface OAuth2ServerDatabase { public function validateClient( string $clientId, - $clientSecret, - $redirectUri + string $clientSecret = null, + string $redirectUri = null ); public function newSession( string $clientId, string $redirectUri, string $type = 'user', - string $typeId, - $authCode, - $accessToken, + string $typeId = null, + string $authCode = null, + string $accessToken = null, string $stage = 'request' ); public function updateSession( string $clientId, string $type = 'user', - string $typeId, - $authCode, - $accessToken, + string $typeId = null, + string $authCode = null, + string $accessToken = null, string $stage ); From 6cab31d7e8a834652de7c61f00ac0821b4a07942 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 14:05:21 +0100 Subject: [PATCH 017/199] Fixing PHP errors --- src/oauth2server/DbInterface.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/oauth2server/DbInterface.php b/src/oauth2server/DbInterface.php index c02ef506..3435c41b 100644 --- a/src/oauth2server/DbInterface.php +++ b/src/oauth2server/DbInterface.php @@ -11,16 +11,16 @@ interface OAuth2ServerDatabase public function newSession( string $clientId, string $redirectUri, - string $type = 'user', + $type = 'user', string $typeId = null, string $authCode = null, string $accessToken = null, - string $stage = 'request' + $stage = 'request' ); public function updateSession( string $clientId, - string $type = 'user', + $type = 'user', string $typeId = null, string $authCode = null, string $accessToken = null, From 4eb0f8b596b031c9a78873fb3fc34bec99f77742 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 16:44:07 +0100 Subject: [PATCH 018/199] Added exceptions classes --- src/oauth2server/Server.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index 5c5e7125..3819e713 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -2,6 +2,12 @@ namespace LNCD\OAuth2server; +class OAuthSererClientException extends Exception {} + +class OAuthServerUserException extends Exception {} + +class OAuthServerException extends Exception {} + class Server { From 11c0a45bfba19e2a62cde728ef7af815d91ae78d Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 16:44:24 +0100 Subject: [PATCH 019/199] Added error codes and descriptions --- src/oauth2server/Server.php | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index 3819e713..4560599b 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -10,6 +10,15 @@ class OAuthServerException extends Exception {} class Server { + protected $errors = array( + 'invalid_request' => 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.', + 'unauthorized_client' => 'The client is not authorized to request an access token using this method.', + 'access_denied' => 'The resource owner or authorization server denied the request.', + 'unsupported_response_type' => 'The authorization server does not support obtaining an access token using this method.', + 'invalid_scope' => 'The requested scope is invalid, unknown, or malformed.', + 'server_error' => 'The authorization server encountered an unexpected condition which prevented it from fulfilling the request.', + 'temporarily_unavailable' => 'The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.' + ); public function __construct() { From cc23522b49e9823d720bf70e55f4c9798c3e80c4 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 16:47:11 +0100 Subject: [PATCH 020/199] Fixed line size errors --- src/oauth2server/Server.php | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index 4560599b..5e034770 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -11,13 +11,17 @@ class OAuthServerException extends Exception {} class Server { protected $errors = array( - 'invalid_request' => 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.', + 'invalid_request' => 'The request is missing a required parameter, includes an invalid parameter value, + includes a parameter more than once, or is otherwise malformed.', 'unauthorized_client' => 'The client is not authorized to request an access token using this method.', 'access_denied' => 'The resource owner or authorization server denied the request.', - 'unsupported_response_type' => 'The authorization server does not support obtaining an access token using this method.', + 'unsupported_response_type' => 'The authorization server does not support obtaining an access token using this + method.', 'invalid_scope' => 'The requested scope is invalid, unknown, or malformed.', - 'server_error' => 'The authorization server encountered an unexpected condition which prevented it from fulfilling the request.', - 'temporarily_unavailable' => 'The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.' + 'server_error' => 'The authorization server encountered an unexpected condition which prevented it from + fulfilling the request.', + 'temporarily_unavailable' => 'The authorization server is currently unable to handle the request due to a + temporary overloading or maintenance of the server.' ); public function __construct() From df0838c3217c9c4d058cfc0aec9cc6915419dbe1 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 17:42:50 +0100 Subject: [PATCH 021/199] Spelling fix --- src/oauth2server/Server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index 5e034770..29de4617 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -2,7 +2,7 @@ namespace LNCD\OAuth2server; -class OAuthSererClientException extends Exception {} +class OAuthServerClientException extends Exception {} class OAuthServerUserException extends Exception {} From e1c375f617a8b379fa6e9265513a489271871439 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 17:43:33 +0100 Subject: [PATCH 022/199] Database object (and register method) --- src/oauth2server/Server.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index 29de4617..65381cb4 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -10,6 +10,7 @@ class OAuthServerException extends Exception {} class Server { + private $db = NULL; protected $errors = array( 'invalid_request' => 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.', @@ -25,8 +26,10 @@ class Server ); public function __construct() + public function registerDbAbstractor(object $db) { + $this->db = $db; } public function registerDbAbstractor() From 9eacbdc77e1e5540981924b3adbf184e80fa397d Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 17:43:55 +0100 Subject: [PATCH 023/199] Config options --- src/oauth2server/Server.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index 65381cb4..279a5b9b 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -11,6 +11,14 @@ class OAuthServerException extends Exception {} class Server { private $db = NULL; + + private $config = array( + 'response_types' => array( + 'code' + ), + 'scope_delimeter' => ',' + ); + protected $errors = array( 'invalid_request' => 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.', @@ -26,6 +34,11 @@ class Server ); public function __construct() + public function __construct(array $options) + { + $this->options = array_merge($this->config, $options); + } + public function registerDbAbstractor(object $db) { From 213f2a4ad8e4759e706d398ad0f788916590246b Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 17:44:12 +0100 Subject: [PATCH 024/199] Added checkAuthoriseParams method --- src/oauth2server/Server.php | 96 +++++++++++++++++++++++++++++++++++-- 1 file changed, 93 insertions(+), 3 deletions(-) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index 279a5b9b..6d63a252 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -33,7 +33,6 @@ class Server temporary overloading or maintenance of the server.' ); - public function __construct() public function __construct(array $options) { $this->options = array_merge($this->config, $options); @@ -41,13 +40,104 @@ class Server public function registerDbAbstractor(object $db) { - $this->db = $db; } - public function registerDbAbstractor() + public function checkAuthoriseParams(array $authParams = NULL) { + $params = array(); + // Client ID + if ( ! isset($authParams['client_id']) && ! isset($_GET['client_id'])) { + + throw new OAuthServerClientException('invalid_request: ' . $this->errors['invalid_request']); + + } else { + + $params['client_id'] = (isset($authParams['client_id'])) ? + $authParams['client_id'] : $_GET['client_id']; + + } + + // Redirect URI + if ( ! isset($authParams['redirect_uri']) && ! isset($_GET['redirect_uri'])) { + + throw new OAuthServerClientException('invalid_request: ' . $this->errors['invalid_request']); + + } else { + + $params['redirect_uri'] = (isset($authParams['redirect_uri'])) ? + $authParams['redirect_uri'] : $_GET['redirect_uri']; + + } + + // Validate client ID and redirect URI + $clientDetails = $this->db->validateClient($params['client_id'], null, $params['redirect_uri']); + + if ($clientDetails === false) { + + throw new OAuthServerClientException('unauthorized_client: ' . $this->errors['unauthorized_client']); + } + + // Response type + if ( ! isset($authParams['response_type']) && ! isset($_GET['response_type'])) { + + throw new OAuthServerClientException('invalid_request: ' . $this->errors['invalid_request']); + + } else { + + $params['response_type'] = (isset($authParams['response_type'])) ? + $authParams['response_type'] : $_GET['response_type']; + + // Ensure response type is one that is recognised + if ( ! in_array($params['response_type'], $this->config['response_types'])) { + + throw new OAuthServerClientException('unsupported_response_type: ' . + $this->errors['unsupported_response_type']); + + } + } + + // Get and validate scopes + if (isset($authParams['scope']) || isset($_GET['scope'])) { + + $scopes = (isset($authParams['client_id'])) ?$authParams['scope'] : $_GET['scope']; + + $scopes = explode($this->config['scope_delimeter'], $scopes); + + for ($i = 0; $i++; $i < count($scopes)) + { + $scopes[$i] = trim($scopes[$i]); + + if ($scopes[$i] === '') { + unset($scopes[$i]); + } + } + + if (count($scopes) === 0) + { + throw new OAuthServerClientException('invalid_request: ' . $this->errors['invalid_request']); + } + + $params['scopes'] = array(); + + foreach ($scopes as $scope) + { + + $scopeDetails = $this->db->getScope($scope); + + if ($scopeDetails === false) { + + throw new OAuthServerClientException('invalid_scope: ' . $this->errors['invalid_scope']); + + } + + $params['scopes'][] = $scopeDetails; + + } + } + + return $params; } } \ No newline at end of file From 41d8e014823ed3750208c7fdcf6e3812c4d62f5a Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 17:48:20 +0100 Subject: [PATCH 025/199] NULL should be null --- src/oauth2server/Server.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index 6d63a252..42604010 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -10,7 +10,7 @@ class OAuthServerException extends Exception {} class Server { - private $db = NULL; + private $db = null; private $config = array( 'response_types' => array( @@ -43,7 +43,7 @@ class Server $this->db = $db; } - public function checkAuthoriseParams(array $authParams = NULL) + public function checkAuthoriseParams(array $authParams = null) { $params = array(); From e8be38cbfcc5480d91aeac6c3e465e50757059da Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 17:48:42 +0100 Subject: [PATCH 026/199] Fixed for, if and foreach opening brace position --- src/oauth2server/Server.php | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index 42604010..01fa60c0 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -105,8 +105,7 @@ class Server $scopes = explode($this->config['scope_delimeter'], $scopes); - for ($i = 0; $i++; $i < count($scopes)) - { + for ($i = 0; $i++; $i < count($scopes)) { $scopes[$i] = trim($scopes[$i]); if ($scopes[$i] === '') { @@ -114,15 +113,14 @@ class Server } } - if (count($scopes) === 0) - { + if (count($scopes) === 0) { + throw new OAuthServerClientException('invalid_request: ' . $this->errors['invalid_request']); } $params['scopes'] = array(); - foreach ($scopes as $scope) - { + foreach ($scopes as $scope) { $scopeDetails = $this->db->getScope($scope); From d01720bcc2d23f10f923479c2d35d681a9e5ccc1 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 17:52:47 +0100 Subject: [PATCH 027/199] Fixing line lengths --- src/oauth2server/Server.php | 66 +++++++++++++++++++++++-------------- 1 file changed, 42 insertions(+), 24 deletions(-) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index 01fa60c0..a97f20e2 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -20,17 +20,22 @@ class Server ); protected $errors = array( - 'invalid_request' => 'The request is missing a required parameter, includes an invalid parameter value, - includes a parameter more than once, or is otherwise malformed.', - 'unauthorized_client' => 'The client is not authorized to request an access token using this method.', - 'access_denied' => 'The resource owner or authorization server denied the request.', - 'unsupported_response_type' => 'The authorization server does not support obtaining an access token using this - method.', - 'invalid_scope' => 'The requested scope is invalid, unknown, or malformed.', - 'server_error' => 'The authorization server encountered an unexpected condition which prevented it from - fulfilling the request.', - 'temporarily_unavailable' => 'The authorization server is currently unable to handle the request due to a - temporary overloading or maintenance of the server.' + 'invalid_request' => 'The request is missing a required parameter, + includes an invalid parameter value, includes a parameter more than + once, or is otherwise malformed.', + 'unauthorized_client' => 'The client is not authorized to request an + access token using this method.', + 'access_denied' => 'The resource owner or authorization server denied + the request.', + 'unsupported_response_type' => 'The authorization server does not + support obtaining an access token using this method.', + 'invalid_scope' => 'The requested scope is invalid, unknown, or + malformed.', + 'server_error' => 'The authorization server encountered an unexpected + condition which prevented it from fulfilling the request.', + 'temporarily_unavailable' => 'The authorization server is currently + unable to handle the request due to a temporary overloading or + maintenance of the server.' ); public function __construct(array $options) @@ -50,7 +55,8 @@ class Server // Client ID if ( ! isset($authParams['client_id']) && ! isset($_GET['client_id'])) { - throw new OAuthServerClientException('invalid_request: ' . $this->errors['invalid_request']); + throw new OAuthServerClientException('invalid_request: ' . + $this->errors['invalid_request']); } else { @@ -60,9 +66,11 @@ class Server } // Redirect URI - if ( ! isset($authParams['redirect_uri']) && ! isset($_GET['redirect_uri'])) { + if ( ! isset($authParams['redirect_uri']) && + ! isset($_GET['redirect_uri'])) { - throw new OAuthServerClientException('invalid_request: ' . $this->errors['invalid_request']); + throw new OAuthServerClientException('invalid_request: ' . + $this->errors['invalid_request']); } else { @@ -72,17 +80,21 @@ class Server } // Validate client ID and redirect URI - $clientDetails = $this->db->validateClient($params['client_id'], null, $params['redirect_uri']); + $clientDetails = $this->db->validateClient($params['client_id'], null, + $params['redirect_uri']); if ($clientDetails === false) { - throw new OAuthServerClientException('unauthorized_client: ' . $this->errors['unauthorized_client']); + throw new OAuthServerClientException('unauthorized_client: ' . + $this->errors['unauthorized_client']); } // Response type - if ( ! isset($authParams['response_type']) && ! isset($_GET['response_type'])) { + if ( ! isset($authParams['response_type']) && + ! isset($_GET['response_type'])) { - throw new OAuthServerClientException('invalid_request: ' . $this->errors['invalid_request']); + throw new OAuthServerClientException('invalid_request: ' . + $this->errors['invalid_request']); } else { @@ -90,10 +102,11 @@ class Server $authParams['response_type'] : $_GET['response_type']; // Ensure response type is one that is recognised - if ( ! in_array($params['response_type'], $this->config['response_types'])) { + if ( ! in_array($params['response_type'], + $this->config['response_types'])) { - throw new OAuthServerClientException('unsupported_response_type: ' . - $this->errors['unsupported_response_type']); + throw new OAuthServerClientException('unsupported_response_type: + ' . $this->errors['unsupported_response_type']); } } @@ -101,7 +114,10 @@ class Server // Get and validate scopes if (isset($authParams['scope']) || isset($_GET['scope'])) { - $scopes = (isset($authParams['client_id'])) ?$authParams['scope'] : $_GET['scope']; + $scopes = $_GET['scope']; + if (isset($authParams['client_id'])) { + $authParams['scope']; + } $scopes = explode($this->config['scope_delimeter'], $scopes); @@ -115,7 +131,8 @@ class Server if (count($scopes) === 0) { - throw new OAuthServerClientException('invalid_request: ' . $this->errors['invalid_request']); + throw new OAuthServerClientException('invalid_request: ' . + $this->errors['invalid_request']); } $params['scopes'] = array(); @@ -126,7 +143,8 @@ class Server if ($scopeDetails === false) { - throw new OAuthServerClientException('invalid_scope: ' . $this->errors['invalid_scope']); + throw new OAuthServerClientException('invalid_scope: ' . + $this->errors['invalid_scope']); } From 2b44f0fd8139abf5a296e030342da5beac1addf3 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 17:56:15 +0100 Subject: [PATCH 028/199] Removed unnecessary files --- src/oauth2server/AccessToken.php | 27 --------------------------- src/oauth2server/Client.php | 25 ------------------------- src/oauth2server/Scope.php | 16 ---------------- 3 files changed, 68 deletions(-) delete mode 100644 src/oauth2server/AccessToken.php delete mode 100644 src/oauth2server/Client.php delete mode 100644 src/oauth2server/Scope.php diff --git a/src/oauth2server/AccessToken.php b/src/oauth2server/AccessToken.php deleted file mode 100644 index 150c7aca..00000000 --- a/src/oauth2server/AccessToken.php +++ /dev/null @@ -1,27 +0,0 @@ - Date: Fri, 6 Jul 2012 18:14:32 +0100 Subject: [PATCH 029/199] Removed validateUser function --- src/oauth2server/DbInterface.php | 5 ----- 1 file changed, 5 deletions(-) diff --git a/src/oauth2server/DbInterface.php b/src/oauth2server/DbInterface.php index 3435c41b..b567c90e 100644 --- a/src/oauth2server/DbInterface.php +++ b/src/oauth2server/DbInterface.php @@ -60,9 +60,4 @@ interface OAuth2ServerDatabase ); public function accessTokenScopes(string $accessToken); - - public function validateUser( - string $username, - string $password - ); } \ No newline at end of file From a823096b449c301732a1a2ce469c56caa7d9b1e9 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 18:15:03 +0100 Subject: [PATCH 030/199] If $options is not equal to null then overwrite default options --- src/oauth2server/Server.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index a97f20e2..fee789fd 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -41,6 +41,9 @@ class Server public function __construct(array $options) { $this->options = array_merge($this->config, $options); + if ($options !== null) { + $this->options = array_merge($this->config, $options); + } } public function registerDbAbstractor(object $db) From 00fe3d35018b15e71284551e2729f7831e302a90 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 18:15:28 +0100 Subject: [PATCH 031/199] $options is null by default (makes it optional) --- src/oauth2server/Server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index fee789fd..5b63e6b1 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -38,7 +38,7 @@ class Server maintenance of the server.' ); - public function __construct(array $options) + public function __construct(array $options = null) { $this->options = array_merge($this->config, $options); if ($options !== null) { From 13f296494409b1a6b02a9a23dbfaa102785b2be0 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 18:15:43 +0100 Subject: [PATCH 032/199] Optional $options --- src/oauth2server/Server.php | 1 - 1 file changed, 1 deletion(-) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index 5b63e6b1..cb549296 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -40,7 +40,6 @@ class Server public function __construct(array $options = null) { - $this->options = array_merge($this->config, $options); if ($options !== null) { $this->options = array_merge($this->config, $options); } From f9dc4cba79c598d3f994b3b607d616e68afd7e32 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 18:15:53 +0100 Subject: [PATCH 033/199] Added some docblocks --- src/oauth2server/Server.php | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index cb549296..2d9103f4 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -38,6 +38,11 @@ class Server maintenance of the server.' ); + /** + * Constructor + * @param array $options Optional list of options to overwrite the defaults + * @return void + */ public function __construct(array $options = null) { if ($options !== null) { @@ -45,11 +50,21 @@ class Server } } + /** + * Register a database abstrator class + * @param object $db A class that implements OAuth2ServerDatabase + * @return void + */ public function registerDbAbstractor(object $db) { $this->db = $db; } + /** + * Check authorise parameters + * @param array $authParams Optional array of parsed $_GET keys + * @return array Authorise request parameters + */ public function checkAuthoriseParams(array $authParams = null) { $params = array(); From 54a7a5b89393c3bee8bbae44a227747ba223e73a Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 19:20:04 +0100 Subject: [PATCH 034/199] Set a type for deleteSession() --- src/oauth2server/DbInterface.php | 1 + 1 file changed, 1 insertion(+) diff --git a/src/oauth2server/DbInterface.php b/src/oauth2server/DbInterface.php index b567c90e..8f40a5dc 100644 --- a/src/oauth2server/DbInterface.php +++ b/src/oauth2server/DbInterface.php @@ -29,6 +29,7 @@ interface OAuth2ServerDatabase public function deleteSession( string $clientId, + string $type, string $typeId ); From 11995764ba7b8b49fcdc42cbe89faf4a85a46c5d Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 19:20:21 +0100 Subject: [PATCH 035/199] Added hasAccessToken query --- src/oauth2server/DbInterface.php | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/oauth2server/DbInterface.php b/src/oauth2server/DbInterface.php index 8f40a5dc..81ef9f07 100644 --- a/src/oauth2server/DbInterface.php +++ b/src/oauth2server/DbInterface.php @@ -39,6 +39,20 @@ interface OAuth2ServerDatabase string $authCode ); + /** + * Has access token + * + * Check if an access token exists for a user (or an application) + * + * @access public + * @return bool|string Return FALSE is a token doesn't exist or return the + * access token as a string + */ + public function hasAccessToken( + string $typeId, + string $clientId + ); + public function getAccessToken(int $sessionId); public function removeAuthCode(int $sessionId); From fd90e76c9122be2483b40a656d3396d530b27ce3 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 19:20:53 +0100 Subject: [PATCH 036/199] Added redirectUri function --- src/oauth2server/Server.php | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index 2d9103f4..d70620b0 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -173,4 +173,32 @@ class Server return $params; } + /** + * Generates the redirect uri with appended params + * + * @param string $redirect_uri The redirect URI + * @param array $params The parameters to be appended to the URL + * @param string $query_delimeter The delimiter between the variables and the URL + * + * @access public + * @return string + */ + public function redirectUri(string $redirectUri, $params = array(), + $queryDelimeter = '?') { + + if (strstr($redirectUri, $queryDelimeter)) { + + $redirectUri = $redirectUri . '&' . http_build_query($params); + + } else { + + $redirectUri = $redirectUri . $queryDelimeter . + http_build_query($params); + + } + + return $redirectUri; + + } + } \ No newline at end of file From 1c447e4a8e331ea21e3908eb1e64bb5f8a947a03 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 19:21:11 +0100 Subject: [PATCH 037/199] Added newAuthCode function --- src/oauth2server/Server.php | 46 +++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index d70620b0..e336fcf0 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -173,6 +173,52 @@ class Server return $params; } + public function newAuthCode(string $clientId, $type = 'user', + string $typeId, string $redirectUri, $scopes = array(), + string $access_token = null) + { + $authCode = $this->generateCode(); + + // Update an existing session with the new code + if ($access_token !== null) { + + $this->db->updateSession( + $clientId, + $type, + $typeId, + $authCode, + $accessToken, + 'request' + ); + + // Create a new oauth session + } else { + + // Delete any existing sessions just to be sure + $this->db->deleteSession($clientId, $type, $typeId); + + // Create a new session + $sessionId = $this->db->newSession( + $clientId, + $redirectUri, + $type, + $typeId, + $authCode, + null, + $stage = 'request' + ); + + // Add the scopes + foreach ($scopes as $scope) + { + $this->db->addSessionScope($sessionId, $scope); + } + + } + + return $authCode; + } + /** * Generates the redirect uri with appended params * From 927d1dc838821c4edf92b8eb619b4041e8e2a3c4 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 19:21:50 +0100 Subject: [PATCH 038/199] Added generateCode function --- src/oauth2server/Server.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index e336fcf0..836145ba 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -173,6 +173,19 @@ class Server return $params; } + /** + * Generates a unique code + * + * Generate a unique code for an authorisation code, or token + * + * @access public + * @return string + */ + private function generateCode() + { + return sha1(uniqid(microtime())); + } + public function newAuthCode(string $clientId, $type = 'user', string $typeId, string $redirectUri, $scopes = array(), string $access_token = null) From 5fbdccde402e100b7e5fe66d878339a159d7d2b2 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 19:22:10 +0100 Subject: [PATCH 039/199] Added newAuthoriseRequest function --- src/oauth2server/Server.php | 41 +++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index 836145ba..31bed001 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -173,6 +173,47 @@ class Server return $params; } + function newAuthoriseRequest(string $typeId, array $authoriseParams) + { + // Check if the user already has an access token + $accessToken = $this->db->hasAccessToken($userId, + $authoriseParams['client_id']); + + if ($accessToken !== false) { + + // Validate the access token matches the scopes requested + $originalScopes = $this->db->accessTokenScopes($accessToken); + + foreach ($authoriseParams['scopes'] as $scope) { + + if ( ! in_array($scope, $originalScopes)) + { + throw new OAuthServerClientException('invalid_scope: ' . + $this->errors['invalid_scope']); + } + + } + + // The user has authorised the client so generate a new + // authorisation code and return it + + $authCode = $this->newAuthCode($authoriseParams['client_id'], + 'user', $typeId, $authoriseParams['redirect_uri'], + $authoriseParams['scopes'], $accessToken); + + return $authCode; + } + + else + { + $authCode = $this->newAuthCode($authoriseParams['client_id'], + 'user', $typeId, $authoriseParams['redirect_uri'], + $authoriseParams['scopes']); + + return $authCode; + } + } + /** * Generates a unique code * From 26d3d7789d327421a365154e797d270739153468 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 19:22:48 +0100 Subject: [PATCH 040/199] Renamed checkAuthoriseParams function to checkClientAuthoriseParams --- src/oauth2server/Server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index 31bed001..fa0407fb 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -65,7 +65,7 @@ class Server * @param array $authParams Optional array of parsed $_GET keys * @return array Authorise request parameters */ - public function checkAuthoriseParams(array $authParams = null) + public function checkClientAuthoriseParams(array $authParams = null) { $params = array(); From 0eb0d68464a282cf417ee462563d2f1262aa4638 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 19:22:57 +0100 Subject: [PATCH 041/199] Docblock updates --- src/oauth2server/Server.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index fa0407fb..81de99fc 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -40,6 +40,8 @@ class Server /** * Constructor + * + * @access public * @param array $options Optional list of options to overwrite the defaults * @return void */ @@ -52,6 +54,8 @@ class Server /** * Register a database abstrator class + * + * @access public * @param object $db A class that implements OAuth2ServerDatabase * @return void */ @@ -61,7 +65,9 @@ class Server } /** - * Check authorise parameters + * Check client authorise parameters + * + * @access public * @param array $authParams Optional array of parsed $_GET keys * @return array Authorise request parameters */ From 818ca8dd7fe35c72bf28626705bdf90850dbc412 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 19:24:06 +0100 Subject: [PATCH 042/199] Brace should be on a new line --- src/oauth2server/Server.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index 81de99fc..42d81e93 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -290,7 +290,8 @@ class Server * @return string */ public function redirectUri(string $redirectUri, $params = array(), - $queryDelimeter = '?') { + $queryDelimeter = '?') + { if (strstr($redirectUri, $queryDelimeter)) { From b4eeb7ca103d12cf17526e7195d70179d8b3ad50 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 19:24:51 +0100 Subject: [PATCH 043/199] Moved comment to silent PHPCS --- src/oauth2server/Server.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index 42d81e93..73cda428 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -251,8 +251,7 @@ class Server 'request' ); - // Create a new oauth session - } else { + } else { // Create a new oauth session // Delete any existing sessions just to be sure $this->db->deleteSession($clientId, $type, $typeId); From 9ea0d8f0e9a9cff65ab34a54dd5f797402983aa3 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 19:25:40 +0100 Subject: [PATCH 044/199] Added scope to newAuthoriseRequst function --- src/oauth2server/Server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index 73cda428..b3fb984a 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -179,7 +179,7 @@ class Server return $params; } - function newAuthoriseRequest(string $typeId, array $authoriseParams) + public function newAuthoriseRequest(string $typeId, array $authoriseParams) { // Check if the user already has an access token $accessToken = $this->db->hasAccessToken($userId, From e3ee9e84d28dedeb9252749eb7064ab3dff8ccce Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 19:26:49 +0100 Subject: [PATCH 045/199] Clarified comment --- src/oauth2server/Server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index b3fb984a..27baf1b0 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -283,7 +283,7 @@ class Server * * @param string $redirect_uri The redirect URI * @param array $params The parameters to be appended to the URL - * @param string $query_delimeter The delimiter between the variables and the URL + * @param string $query_delimeter The query string delimiter (default: ?) * * @access public * @return string From 1c5d2390872182fc75aabcc90295e8738908886a Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 19:28:09 +0100 Subject: [PATCH 046/199] Fixed brace placement --- src/oauth2server/Server.php | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index 27baf1b0..ea78fb12 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -192,10 +192,11 @@ class Server foreach ($authoriseParams['scopes'] as $scope) { - if ( ! in_array($scope, $originalScopes)) - { + if ( ! in_array($scope, $originalScopes)) { + throw new OAuthServerClientException('invalid_scope: ' . $this->errors['invalid_scope']); + } } @@ -208,10 +209,9 @@ class Server $authoriseParams['scopes'], $accessToken); return $authCode; - } + + } else { - else - { $authCode = $this->newAuthCode($authoriseParams['client_id'], 'user', $typeId, $authoriseParams['redirect_uri'], $authoriseParams['scopes']); @@ -268,9 +268,10 @@ class Server ); // Add the scopes - foreach ($scopes as $scope) - { + foreach ($scopes as $scope) { + $this->db->addSessionScope($sessionId, $scope); + } } From f0e36e6c9441e2860221dc7ec152e2278e5d99a9 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 19:29:20 +0100 Subject: [PATCH 047/199] Fixed invalid variable name --- src/oauth2server/Server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index ea78fb12..3faf92b6 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -182,7 +182,7 @@ class Server public function newAuthoriseRequest(string $typeId, array $authoriseParams) { // Check if the user already has an access token - $accessToken = $this->db->hasAccessToken($userId, + $accessToken = $this->db->hasAccessToken($typeId, $authoriseParams['client_id']); if ($accessToken !== false) { From 92be306d0499593357a602b8c36c623c9afa1ed8 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 19:29:39 +0100 Subject: [PATCH 048/199] Fixed variable name --- src/oauth2server/Server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index 3faf92b6..989af660 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -235,7 +235,7 @@ class Server public function newAuthCode(string $clientId, $type = 'user', string $typeId, string $redirectUri, $scopes = array(), - string $access_token = null) + string $accessToken = null) { $authCode = $this->generateCode(); From c29c9d1d93438704391f6a8e2aaef95383eeeeee Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 19:29:46 +0100 Subject: [PATCH 049/199] Spacing --- src/oauth2server/Server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index 989af660..bebecc72 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -271,7 +271,7 @@ class Server foreach ($scopes as $scope) { $this->db->addSessionScope($sessionId, $scope); - + } } From 45bfcffdc2eb7f0c8af7d6767b9cc2d2c6d7fb41 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 19:30:11 +0100 Subject: [PATCH 050/199] Fix --- src/oauth2server/Server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index bebecc72..15109983 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -264,7 +264,7 @@ class Server $typeId, $authCode, null, - $stage = 'request' + 'request' ); // Add the scopes From 2ba9a1d279ba13b01ab3ca7d59119da4c9813734 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 19:31:36 +0100 Subject: [PATCH 051/199] Comment changes --- src/oauth2server/Server.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index 15109983..58858db0 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -239,7 +239,8 @@ class Server { $authCode = $this->generateCode(); - // Update an existing session with the new code + // If an access token exists then update the existing session with the + // new authorisation code otherwise create a new session if ($access_token !== null) { $this->db->updateSession( @@ -251,7 +252,7 @@ class Server 'request' ); - } else { // Create a new oauth session + } else { // Delete any existing sessions just to be sure $this->db->deleteSession($clientId, $type, $typeId); From 938c54888fb43eb6d76a45a17773591e2416d0ce Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 6 Jul 2012 19:32:27 +0100 Subject: [PATCH 052/199] Fixed variable name --- src/oauth2server/Server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index 58858db0..1437dc45 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -241,7 +241,7 @@ class Server // If an access token exists then update the existing session with the // new authorisation code otherwise create a new session - if ($access_token !== null) { + if ($accessToken !== null) { $this->db->updateSession( $clientId, From 22f397efc31b97851c3729f4f0c2aeb29f597e62 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 9 Jul 2012 16:39:53 +0100 Subject: [PATCH 053/199] Added SQL folder with index.html --- src/sql/index.html | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 src/sql/index.html diff --git a/src/sql/index.html b/src/sql/index.html new file mode 100644 index 00000000..e69de29b From c8944419fab0b62f492ad149ab7bea9bf275b64f Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 9 Jul 2012 16:40:03 +0100 Subject: [PATCH 054/199] Added initial DB structure --- src/sql/database.sql | 58 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 src/sql/database.sql diff --git a/src/sql/database.sql b/src/sql/database.sql new file mode 100644 index 00000000..e17eeb8d --- /dev/null +++ b/src/sql/database.sql @@ -0,0 +1,58 @@ +-- Create syntax for TABLE 'clients' +CREATE TABLE `clients` ( + `id` varchar(40) NOT NULL DEFAULT '', + `secret` varchar(40) NOT NULL DEFAULT '', + `name` varchar(255) NOT NULL DEFAULT '', + `auto_approve` tinyint(1) NOT NULL DEFAULT '0', + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- Create syntax for TABLE 'client_endpoints' +CREATE TABLE `client_endpoints` ( + `id` int(11) unsigned NOT NULL AUTO_INCREMENT, + `client_id` varchar(40) NOT NULL DEFAULT '', + `redirect_uri` varchar(255) DEFAULT NULL, + PRIMARY KEY (`id`), + KEY `client_id` (`client_id`), + CONSTRAINT `client_endpoints_ibfk_1` FOREIGN KEY (`client_id`) REFERENCES `clients` (`id`) ON DELETE CASCADE ON UPDATE CASCADE +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- Create syntax for TABLE 'oauth_sessions' +CREATE TABLE `oauth_sessions` ( + `id` int(11) unsigned NOT NULL AUTO_INCREMENT, + `client_id` varchar(32) CHARACTER SET latin1 NOT NULL DEFAULT '', + `redirect_uri` varchar(250) CHARACTER SET latin1 NOT NULL DEFAULT '', + `owner_type` enum('user','client') CHARACTER SET latin1 NOT NULL DEFAULT 'user', + `owner_id` varchar(255) CHARACTER SET latin1 DEFAULT NULL, + `auth_code` varchar(40) CHARACTER SET latin1 DEFAULT '', + `access_token` varchar(40) CHARACTER SET latin1 DEFAULT '', + `stage` enum('requested','granted') CHARACTER SET latin1 NOT NULL DEFAULT 'requested', + `first_requested` int(10) unsigned NOT NULL, + `last_updated` int(10) unsigned NOT NULL, + PRIMARY KEY (`id`), + KEY `client_id` (`client_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- Create syntax for TABLE 'scopes' +CREATE TABLE `scopes` ( + `id` int(11) unsigned NOT NULL AUTO_INCREMENT, + `scope` varchar(255) NOT NULL DEFAULT '', + `name` varchar(255) NOT NULL DEFAULT '', + `description` varchar(255) DEFAULT '', + PRIMARY KEY (`id`), + UNIQUE KEY `scope` (`scope`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- Create syntax for TABLE 'oauth_session_scopes' +CREATE TABLE `oauth_session_scopes` ( + `id` int(11) unsigned NOT NULL AUTO_INCREMENT, + `session_id` int(11) unsigned NOT NULL, + `access_token` varchar(40) NOT NULL DEFAULT '', + `scope` varchar(255) NOT NULL DEFAULT '', + PRIMARY KEY (`id`), + KEY `session_id` (`session_id`), + KEY `access_token` (`access_token`), + KEY `scope` (`scope`), + CONSTRAINT `oauth_session_scopes_ibfk_2` FOREIGN KEY (`scope`) REFERENCES `scopes` (`scope`) ON DELETE CASCADE, + CONSTRAINT `oauth_session_scopes_ibfk_3` FOREIGN KEY (`scope`) REFERENCES `scopes` (`scope`) ON DELETE CASCADE ON UPDATE CASCADE +) ENGINE=InnoDB DEFAULT CHARSET=utf8; \ No newline at end of file From f8417f2a4a25767b925545269edfd1d529fc4ee4 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 9 Jul 2012 16:41:46 +0100 Subject: [PATCH 055/199] Added MIT license --- src/oauth2server/DbInterface.php | 9 +++++++++ src/oauth2server/Server.php | 9 +++++++++ 2 files changed, 18 insertions(+) diff --git a/src/oauth2server/DbInterface.php b/src/oauth2server/DbInterface.php index 81ef9f07..353c06a3 100644 --- a/src/oauth2server/DbInterface.php +++ b/src/oauth2server/DbInterface.php @@ -1,4 +1,13 @@ Date: Mon, 9 Jul 2012 16:48:14 +0100 Subject: [PATCH 056/199] Changed namespace --- src/oauth2server/Server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index 2dc9ee4c..0d21bc9c 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -9,7 +9,7 @@ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -namespace LNCD\OAuth2server; +namespace OAuth2; class OAuthServerClientException extends Exception {} From aa3a467aa2cf66d7420e743c84e73e4c24f9e75c Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 9 Jul 2012 16:48:26 +0100 Subject: [PATCH 057/199] Added homepage --- composer.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/composer.json b/composer.json index e2229628..df63c698 100644 --- a/composer.json +++ b/composer.json @@ -2,6 +2,8 @@ "name": "lncd/oauth2server", "description": "OAuth 2.0 server", "version": "0.0.1", + "homepage": "https://github.com/lncd/oauth2server", + "license": "MIT", "require": { "php": ">=5.3.0", }, @@ -16,7 +18,6 @@ "oauth2", "server" ], - "license": "MIT", "authors": [ { "name": "Alex Bilbie", From 9844652efbd2ecd6ab3a214797954366c729b3c9 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 11 Jul 2012 14:01:13 +0100 Subject: [PATCH 058/199] Fixed line length of license --- src/oauth2server/DbInterface.php | 19 +++++++++++++++---- src/oauth2server/Server.php | 19 +++++++++++++++---- 2 files changed, 30 insertions(+), 8 deletions(-) diff --git a/src/oauth2server/DbInterface.php b/src/oauth2server/DbInterface.php index 353c06a3..450c8375 100644 --- a/src/oauth2server/DbInterface.php +++ b/src/oauth2server/DbInterface.php @@ -1,12 +1,23 @@ Date: Wed, 11 Jul 2012 16:18:50 +0100 Subject: [PATCH 059/199] Fixed invalid JSON --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index df63c698..02ccb8b6 100644 --- a/composer.json +++ b/composer.json @@ -5,7 +5,7 @@ "homepage": "https://github.com/lncd/oauth2server", "license": "MIT", "require": { - "php": ">=5.3.0", + "php": ">=5.3.0" }, "repositories": [ { From 85e8fe808776a208f2f639ad7e4fafd528d9d72e Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 11 Jul 2012 16:27:10 +0100 Subject: [PATCH 060/199] Updated description --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 02ccb8b6..930f40f8 100644 --- a/composer.json +++ b/composer.json @@ -1,6 +1,6 @@ { "name": "lncd/oauth2server", - "description": "OAuth 2.0 server", + "description": "OAuth 2.0 server - UNDER DEVELOPMENT - NOT READY FOR PRIMETIME", "version": "0.0.1", "homepage": "https://github.com/lncd/oauth2server", "license": "MIT", From 7edb832c45ba32ccaddc983a8c363ee4dd964573 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 11 Jul 2012 17:02:32 +0100 Subject: [PATCH 061/199] Changed spacing to tabs --- composer.json | 64 +++++++++++++++++++++++++-------------------------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/composer.json b/composer.json index 930f40f8..34309cdd 100644 --- a/composer.json +++ b/composer.json @@ -1,34 +1,34 @@ { - "name": "lncd/oauth2server", - "description": "OAuth 2.0 server - UNDER DEVELOPMENT - NOT READY FOR PRIMETIME", - "version": "0.0.1", - "homepage": "https://github.com/lncd/oauth2server", - "license": "MIT", - "require": { - "php": ">=5.3.0" - }, - "repositories": [ - { - "type": "git", - "url": "https://github.com/lncd/oauth2server" - } - ], - "keywords": [ - "oauth", - "oauth2", - "server" - ], - "authors": [ - { - "name": "Alex Bilbie", - "email": "php-oauth2-server@alexbilbie.com", - "homepage": "http://www.httpster.org", - "role": "Developer" - } - ], - "autoload": { - "psr-0": { - "oauth2server": "src/" - } - } + "name": "lncd/oauth2server", + "description": "OAuth 2.0 server - UNDER DEVELOPMENT - NOT READY FOR PRIMETIME", + "version": "0.0.1", + "homepage": "https://github.com/lncd/oauth2server", + "license": "MIT", + "require": { + "php": ">=5.3.0" + }, + "repositories": [ + { + "type": "git", + "url": "https://github.com/lncd/oauth2server" + } + ], + "keywords": [ + "oauth", + "oauth2", + "server" + ], + "authors": [ + { + "name": "Alex Bilbie", + "email": "oauth2server@alexbilbie.com", + "homepage": "http://www.httpster.org", + "role": "Developer" + } + ], + "autoload": { + "psr-0": { + "oauth2server": "src/" + } + } } \ No newline at end of file From 8b7b70f43207a357b4a6d73afb165dee21146203 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 11 Jul 2012 17:03:14 +0100 Subject: [PATCH 062/199] Extend the default PHP Exception class --- src/oauth2server/Server.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index 427aaf67..2ef9da79 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -22,11 +22,11 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. namespace OAuth2; -class OAuthServerClientException extends Exception {} +class OAuthServerClientException extends \Exception {} -class OAuthServerUserException extends Exception {} +class OAuthServerUserException extends \Exception {} -class OAuthServerException extends Exception {} +class OAuthServerException extends \Exception {} class Server { From 813b19cb7aec3e004564d4c06e12f990fe995823 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 11 Jul 2012 17:04:00 +0100 Subject: [PATCH 063/199] Removed the type hinting otherwise it tries to extend OAuth2\object which doesn't exist --- src/oauth2server/Server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index 2ef9da79..20931995 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -79,7 +79,7 @@ class Server * @param object $db A class that implements OAuth2ServerDatabase * @return void */ - public function registerDbAbstractor(object $db) + public function registerDbAbstractor($db) { $this->db = $db; } From 3c6ad24f22511d6ce73a3e82a7a71d1d0cf0954e Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Thu, 12 Jul 2012 14:57:29 +0100 Subject: [PATCH 064/199] Changed the namespace to oauth2server --- src/oauth2server/Server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index 20931995..415d5cb8 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -20,7 +20,7 @@ IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -namespace OAuth2; +namespace oauth2server; class OAuthServerClientException extends \Exception {} From ec706fc9505f5408971b6b8aa1c919a51c111279 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Thu, 12 Jul 2012 15:00:30 +0100 Subject: [PATCH 065/199] Added namespace to the interface --- src/oauth2server/DbInterface.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/oauth2server/DbInterface.php b/src/oauth2server/DbInterface.php index 450c8375..35826ba9 100644 --- a/src/oauth2server/DbInterface.php +++ b/src/oauth2server/DbInterface.php @@ -20,6 +20,8 @@ IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ +namespace oauth2server; + interface OAuth2ServerDatabase { public function validateClient( From 96435463bc2f8abf68920075133de0189fe0464c Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Thu, 12 Jul 2012 15:07:34 +0100 Subject: [PATCH 066/199] Added use statement to hopefully pull in the OAuth2ServerDatabase interface --- src/oauth2server/Server.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index 415d5cb8..e756af95 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -22,6 +22,8 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. namespace oauth2server; +use oauth2server\OAuth2ServerDatabase; + class OAuthServerClientException extends \Exception {} class OAuthServerUserException extends \Exception {} From ad26632a712c2dadd63cc4a0f4bef07fa1624a3a Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Thu, 12 Jul 2012 15:11:29 +0100 Subject: [PATCH 067/199] Created an abstract class --- src/oauth2server/Server.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index e756af95..6737d431 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -24,6 +24,8 @@ namespace oauth2server; use oauth2server\OAuth2ServerDatabase; +abstract class ServerDB implements OAuth2ServerDatabase {} + class OAuthServerClientException extends \Exception {} class OAuthServerUserException extends \Exception {} From 4eacf97dff8055a9cc3e3699581fda5687d5a44c Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 13 Jul 2012 09:41:21 +0100 Subject: [PATCH 068/199] Added a test class to make debugging easier --- test/index.php | 84 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 test/index.php diff --git a/test/index.php b/test/index.php new file mode 100644 index 00000000..0ca23ac0 --- /dev/null +++ b/test/index.php @@ -0,0 +1,84 @@ + Date: Mon, 16 Jul 2012 15:27:11 +0100 Subject: [PATCH 069/199] Removed the abstract class --- src/oauth2server/Server.php | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index 6737d431..415d5cb8 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -22,10 +22,6 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. namespace oauth2server; -use oauth2server\OAuth2ServerDatabase; - -abstract class ServerDB implements OAuth2ServerDatabase {} - class OAuthServerClientException extends \Exception {} class OAuthServerUserException extends \Exception {} From 36c2513a7fa79c6d827ed21a0e7b7c939acfbc65 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 16 Jul 2012 15:27:24 +0100 Subject: [PATCH 070/199] Removed type hints and changed the name of the class --- src/oauth2server/DbInterface.php | 66 ++++++++++++++++---------------- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/src/oauth2server/DbInterface.php b/src/oauth2server/DbInterface.php index 35826ba9..debc9590 100644 --- a/src/oauth2server/DbInterface.php +++ b/src/oauth2server/DbInterface.php @@ -22,43 +22,43 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. namespace oauth2server; -interface OAuth2ServerDatabase +interface DatabaseInteface { public function validateClient( - string $clientId, - string $clientSecret = null, - string $redirectUri = null + $clientId, + $clientSecret, + $redirectUri ); public function newSession( - string $clientId, - string $redirectUri, + $clientId, + $redirectUri, $type = 'user', - string $typeId = null, - string $authCode = null, - string $accessToken = null, + $typeId = null, + $authCode = null, + $accessToken = null, $stage = 'request' ); public function updateSession( - string $clientId, + $clientId, $type = 'user', - string $typeId = null, - string $authCode = null, - string $accessToken = null, - string $stage + $typeId = null, + $authCode = null, + $accessToken = null, + $stage ); public function deleteSession( - string $clientId, - string $type, - string $typeId + $clientId, + $type, + $typeId ); public function validateAuthCode( - string $clientId, - string $redirectUri, - string $authCode + $clientId, + $redirectUri, + $authCode ); /** @@ -67,34 +67,34 @@ interface OAuth2ServerDatabase * Check if an access token exists for a user (or an application) * * @access public - * @return bool|string Return FALSE is a token doesn't exist or return the + * @return bool|Return FALSE is a token doesn't exist or return the * access token as a string */ public function hasAccessToken( - string $typeId, - string $clientId + $typeId, + $clientId ); - public function getAccessToken(int $sessionId); + public function getAccessToken($sessionId); - public function removeAuthCode(int $sessionId); + public function removeAuthCode($sessionId); public function setAccessToken( - int $sessionId, - string $accessToken + $sessionId, + $accessToken ); public function addSessionScope( - int $sessionId, - string $scope + $sessionId, + $scope ); - public function getScope(string $scope); + public function getScope($scope); public function updateSessionScopeAccessToken( - int $sesstionId, - string $accessToken + $sesstionId, + $accessToken ); - public function accessTokenScopes(string $accessToken); + public function accessTokenScopes($accessToken); } \ No newline at end of file From f98c705fff9aae89f6ccb62de5f832242b1c1de0 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 16 Jul 2012 15:27:46 +0100 Subject: [PATCH 071/199] Renamed interface file --- src/oauth2server/{DbInterface.php => DatabaseInterface.php} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename src/oauth2server/{DbInterface.php => DatabaseInterface.php} (100%) diff --git a/src/oauth2server/DbInterface.php b/src/oauth2server/DatabaseInterface.php similarity index 100% rename from src/oauth2server/DbInterface.php rename to src/oauth2server/DatabaseInterface.php From d0a40f208c3aee33c0c947b59a0b95b49cbe1c56 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 16 Jul 2012 15:28:29 +0100 Subject: [PATCH 072/199] Moved license into it's own file --- license.txt | 18 ++++++++++++++++++ src/oauth2server/DatabaseInterface.php | 20 -------------------- src/oauth2server/Server.php | 20 -------------------- 3 files changed, 18 insertions(+), 40 deletions(-) create mode 100644 license.txt diff --git a/license.txt b/license.txt new file mode 100644 index 00000000..4a846093 --- /dev/null +++ b/license.txt @@ -0,0 +1,18 @@ +Copyright (C) 2012 University of Lincoln + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software is furnished to do so, +subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR +COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. \ No newline at end of file diff --git a/src/oauth2server/DatabaseInterface.php b/src/oauth2server/DatabaseInterface.php index debc9590..63ed0980 100644 --- a/src/oauth2server/DatabaseInterface.php +++ b/src/oauth2server/DatabaseInterface.php @@ -1,24 +1,4 @@ Date: Mon, 16 Jul 2012 15:46:02 +0100 Subject: [PATCH 073/199] Added NULL default back to $clientSecret and $redirectUri --- src/oauth2server/DatabaseInterface.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/oauth2server/DatabaseInterface.php b/src/oauth2server/DatabaseInterface.php index 63ed0980..acf96f97 100644 --- a/src/oauth2server/DatabaseInterface.php +++ b/src/oauth2server/DatabaseInterface.php @@ -6,8 +6,8 @@ interface DatabaseInteface { public function validateClient( $clientId, - $clientSecret, - $redirectUri + $clientSecret = null, + $redirectUri = null ); public function newSession( From 78551b08595b4e530c83902e658cdf288296d7fd Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 16 Jul 2012 16:47:54 +0100 Subject: [PATCH 074/199] Added parameter doc blocks --- src/oauth2server/DatabaseInterface.php | 93 +++++++++++++++++++++++--- 1 file changed, 85 insertions(+), 8 deletions(-) diff --git a/src/oauth2server/DatabaseInterface.php b/src/oauth2server/DatabaseInterface.php index acf96f97..2bc70808 100644 --- a/src/oauth2server/DatabaseInterface.php +++ b/src/oauth2server/DatabaseInterface.php @@ -4,12 +4,30 @@ namespace oauth2server; interface DatabaseInteface { + /** + * [validateClient description] + * @param string $clientId The client's ID + * @param string $clientSecret The client's secret (default = "null") + * @param string $redirectUri The client's redirect URI (default = "null") + * @return [type] [description] + */ public function validateClient( $clientId, $clientSecret = null, $redirectUri = null ); + /** + * [newSession description] + * @param string $clientId The client ID + * @param string $redirectUri The redirect URI + * @param string $type The session owner's type (default = "user") + * @param string $typeId The session owner's ID (default = "null") + * @param string $authCode The authorisation code (default = "null") + * @param string $accessToken The access token (default = "null") + * @param string $stage The stage of the session (default ="request") + * @return [type] [description] + */ public function newSession( $clientId, $redirectUri, @@ -20,6 +38,16 @@ interface DatabaseInteface $stage = 'request' ); + /** + * [updateSession description] + * @param string $clientId The client ID + * @param string $type The session owner's type (default = "user") + * @param string $typeId The session owner's ID (default = "null") + * @param string $authCode The authorisation code (default = "null") + * @param string $accessToken The access token (default = "null") + * @param string $stage The stage of the session (default ="request") + * @return [type] [description] + */ public function updateSession( $clientId, $type = 'user', @@ -29,12 +57,26 @@ interface DatabaseInteface $stage ); + /** + * [deleteSession description] + * @param string $clientId The client ID + * @param string $type The session owner's type + * @param string $typeId The session owner's ID + * @return [type] [description] + */ public function deleteSession( $clientId, $type, $typeId ); + /** + * [validateAuthCode description] + * @param string $clientId The client ID + * @param string $redirectUri The redirect URI + * @param string $authCode The authorisation code + * @return [type] [description] + */ public function validateAuthCode( $clientId, $redirectUri, @@ -42,39 +84,74 @@ interface DatabaseInteface ); /** - * Has access token - * - * Check if an access token exists for a user (or an application) - * - * @access public - * @return bool|Return FALSE is a token doesn't exist or return the - * access token as a string + * [hasAccessToken description] + * @param string $type The session owner's type + * @param string $typeId The session owner's ID + * @param string $clientId The client ID + * @return boolean [description] */ public function hasAccessToken( + $type, $typeId, $clientId ); + /** + * [getAccessToken description] + * @param int $sessionId The OAuth session ID + * @return [type] [description] + */ public function getAccessToken($sessionId); + /** + * [removeAuthCode description] + * @param int $sessionId The OAuth session ID + * @return [type] [description] + */ public function removeAuthCode($sessionId); + /** + * [setAccessToken description] + * @param int $sessionId The OAuth session ID + * @param string $accessToken The access token + */ public function setAccessToken( - $sessionId, + int $sessionId, $accessToken ); + /** + * [addSessionScope description] + * @param int $sessionId [description] + * @param string $scope [description] + */ public function addSessionScope( $sessionId, $scope ); + /** + * [getScope description] + * @param string $scope [description] + * @return [type] [description] + */ public function getScope($scope); + /** + * [updateSessionScopeAccessToken description] + * @param int $sesstionId [description] + * @param string $accessToken [description] + * @return [type] [description] + */ public function updateSessionScopeAccessToken( $sesstionId, $accessToken ); + /** + * [accessTokenScopes description] + * @param string $accessToken [description] + * @return [type] [description] + */ public function accessTokenScopes($accessToken); } \ No newline at end of file From 3ab685f8e36299c91c73c3b19c5fc27250ed9a05 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 16 Jul 2012 18:11:50 +0100 Subject: [PATCH 075/199] Updated docblocks for almost all of the methods --- src/oauth2server/DatabaseInterface.php | 180 ++++++++++++++++++++----- 1 file changed, 149 insertions(+), 31 deletions(-) diff --git a/src/oauth2server/DatabaseInterface.php b/src/oauth2server/DatabaseInterface.php index 2bc70808..7f601c3c 100644 --- a/src/oauth2server/DatabaseInterface.php +++ b/src/oauth2server/DatabaseInterface.php @@ -71,11 +71,37 @@ interface DatabaseInteface ); /** - * [validateAuthCode description] - * @param string $clientId The client ID - * @param string $redirectUri The redirect URI - * @param string $authCode The authorisation code - * @return [type] [description] + * Validate that an authorisation code is valid + * + * Database query: + * + * + * SELECT * FROM oauth_sessions WHERE client_id = $clientID AND + * redirect_uri = $redirectUri AND auth_code = $authCode + * + * + * Response: + * + * + * Array + * ( + * [id] => (int) The session ID + * [client_id] => (string) The client ID + * [redirect_uri] => (string) The redirect URI + * [owner_type] => (string) The session owner type + * [owner_id] => (string) The session owner's ID + * [auth_code] => (string) The authorisation code + * [stage] => (string) The session's stage + * [first_requested] => (int) Unix timestamp of the time the session was first generated + * [last_updated] => (int) Unix timestamp of the time the session was last updated + * ) + * + * + * @param string $clientId The client ID + * @param string $redirectUri The redirect URI + * @param string $authCode The authorisation code + * @return array|null Returns an array if the authorisation + * code is valid otherwise returns null */ public function validateAuthCode( $clientId, @@ -84,11 +110,20 @@ interface DatabaseInteface ); /** - * [hasAccessToken description] - * @param string $type The session owner's type - * @param string $typeId The session owner's ID - * @param string $clientId The client ID - * @return boolean [description] + * Return the access token for a given session owner and client combination + * + * Database query: + * + * + * SELECT access_token FROM oauth_sessions WHERE client_id = $clientId + * AND owner_type = $type AND owner_id = $typeId + * + * + * @param string $type The session owner's type + * @param string $typeId The session owner's ID + * @param string $clientId The client ID + * @return string|null Return the access token as a string if + * found otherwise returns null */ public function hasAccessToken( $type, @@ -97,33 +132,66 @@ interface DatabaseInteface ); /** - * [getAccessToken description] - * @param int $sessionId The OAuth session ID - * @return [type] [description] + * Return the access token for a given session + * + * Database query: + * + * + * SELECT access_token FROM oauth_sessions WHERE id = $sessionId + * + * + * @param int $sessionId The OAuth session ID + * @return string|null Returns the access token as a string if + * found otherwise returns null */ public function getAccessToken($sessionId); /** - * [removeAuthCode description] + * Removes an authorisation code associated with a session + * + * Database query: + * + * + * UPDATE oauth_sessions SET auth_code = NULL WHERE id = $sessionId + * + * * @param int $sessionId The OAuth session ID - * @return [type] [description] + * @return void */ public function removeAuthCode($sessionId); /** - * [setAccessToken description] + * Sets a sessions access token + * + * Database query: + * + * + * UPDATE oauth_sessions SET access_token = $accessToken WHERE id = + * $sessionId + * + * * @param int $sessionId The OAuth session ID * @param string $accessToken The access token + * @return void */ public function setAccessToken( - int $sessionId, + $sessionId, $accessToken ); /** - * [addSessionScope description] - * @param int $sessionId [description] - * @param string $scope [description] + * Associates a session with a scope + * + * Database query: + * + * + * INSERT INTO oauth_session_scopes (session_id, scope) VALUE ($sessionId, + * $scope) + * + * + * @param int $sessionId The session ID + * @param string $scope The scope + * @return void */ public function addSessionScope( $sessionId, @@ -131,27 +199,77 @@ interface DatabaseInteface ); /** - * [getScope description] - * @param string $scope [description] - * @return [type] [description] + * Return information about a scope + * + * Database query: + * + * + * SELECT * FROM scopes WHERE scope = $scope + * + * + * Response: + * + * + * Array + * ( + * [id] => (int) The scope's ID + * [scope] => (string) The scope itself + * [name] => (string) The scope's name + * [description] => (string) The scope's description + * ) + * + * + * @param string $scope The scope + * @return array */ public function getScope($scope); /** - * [updateSessionScopeAccessToken description] - * @param int $sesstionId [description] - * @param string $accessToken [description] - * @return [type] [description] + * Associate a session's scopes with an access token + * + * Database query: + * + * + * UPDATE oauth_session_scopes SET access_token = $accessToken WHERE + * session_id = $sessionId + * + * + * @param int $sessionId The session ID + * @param string $accessToken The access token + * @return void */ public function updateSessionScopeAccessToken( - $sesstionId, + $sessionId, $accessToken ); /** - * [accessTokenScopes description] - * @param string $accessToken [description] - * @return [type] [description] + * Return the scopes associated with an access token + * + * Database query: + * + * + * SELECT scopes.scope, scopes.name, scopes.description FROM + * oauth_session_scopes JOIN scopes ON oauth_session_scopes.scope = + * scopes.scope WHERE access_token = $accessToken + * + * + * Response: + * + * + * Array + * ( + * [0] => Array + * ( + * [scope] => (string) The scope + * [name] => (string) The scope's name + * [description] => (string) The scope's description + * ) + * ) + * + * + * @param string $accessToken The access token + * @return array */ public function accessTokenScopes($accessToken); } \ No newline at end of file From 0b0ab19ccbca598e1a2e06dbedaa107400d12ddd Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Thu, 19 Jul 2012 15:30:52 +0100 Subject: [PATCH 076/199] Finished final docblock SQL statements and descriptions. TODO: finish return types --- src/oauth2server/DatabaseInterface.php | 53 ++++++++++++++++++++++++-- 1 file changed, 49 insertions(+), 4 deletions(-) diff --git a/src/oauth2server/DatabaseInterface.php b/src/oauth2server/DatabaseInterface.php index 7f601c3c..c818d1b9 100644 --- a/src/oauth2server/DatabaseInterface.php +++ b/src/oauth2server/DatabaseInterface.php @@ -5,7 +5,27 @@ namespace oauth2server; interface DatabaseInteface { /** - * [validateClient description] + * Validate a client + * + * Database query: + * + * + * # Client ID + redirect URI + * SELECT clients.id FROM clients LEFT JOIN client_endpoints ON + * client_endpoints.client_id = clients.id WHERE clients.id = $clientId AND + * client_endpoints.redirect_uri = $redirectUri + * + * # Client ID + client secret + * SELECT clients.id FROM clients WHERE clients.id = $clientId AND + * clients.secret = $clientSecret + * + * # Client ID + client secret + redirect URI + * SELECT clients.id FROM clients LEFT JOIN client_endpoints ON + * client_endpoints.client_id = clients.id WHERE clients.id = $clientId AND + * clients.secret = $clientSecret AND client_endpoints.redirect_uri = + * $redirectUri + * + * * @param string $clientId The client's ID * @param string $clientSecret The client's secret (default = "null") * @param string $redirectUri The client's redirect URI (default = "null") @@ -18,7 +38,17 @@ interface DatabaseInteface ); /** - * [newSession description] + * Create a new OAuth session + * + * Database query: + * + * + * INSERT INTO oauth_sessions (client_id, redirect_uri, owner_type, + * owner_id, auth_code, access_token, stage, first_requested, last_updated) + * VALUES ($clientId, $redirectUri, $type, $typeId, $authCode, + * $accessToken, $stage, UNIX_TIMESTAMP(NOW()), UNIX_TIMESTAMP(NOW())) + * + * * @param string $clientId The client ID * @param string $redirectUri The redirect URI * @param string $type The session owner's type (default = "user") @@ -39,7 +69,16 @@ interface DatabaseInteface ); /** - * [updateSession description] + * Update an OAuth session + * + * Database query: + * + * + * UPDATE oauth_sessions SET auth_code = $authCode, access_token = + * $accessToken, stage = $stage, last_updated = UNIX_TIMESTAMP(NOW()) WHERE + * client_id = $clientId AND owner_type = $type AND owner_id = $typeId + * + * * @param string $clientId The client ID * @param string $type The session owner's type (default = "user") * @param string $typeId The session owner's ID (default = "null") @@ -58,7 +97,13 @@ interface DatabaseInteface ); /** - * [deleteSession description] + * Delete an OAuth session + * + * + * DELETE FROM oauth_sessions WHERE client_id = $clientId AND owner_type = + * $type AND owner_id = $typeId + * + * * @param string $clientId The client ID * @param string $type The session owner's type * @param string $typeId The session owner's ID From 3998f1414a31bfb91353aa1b06f5cfaa7bebd999 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Thu, 19 Jul 2012 15:32:38 +0100 Subject: [PATCH 077/199] Clarified license type --- license.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/license.txt b/license.txt index 4a846093..91f8b897 100644 --- a/license.txt +++ b/license.txt @@ -1,3 +1,5 @@ +MIT License + Copyright (C) 2012 University of Lincoln Permission is hereby granted, free of charge, to any person obtaining a copy of From e8db4ee20e510ec9584261b0957015c24f1d877f Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Thu, 19 Jul 2012 15:34:19 +0100 Subject: [PATCH 078/199] Fixed line lengths of comments --- src/oauth2server/DatabaseInterface.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/oauth2server/DatabaseInterface.php b/src/oauth2server/DatabaseInterface.php index c818d1b9..560b32a4 100644 --- a/src/oauth2server/DatabaseInterface.php +++ b/src/oauth2server/DatabaseInterface.php @@ -137,8 +137,10 @@ interface DatabaseInteface * [owner_id] => (string) The session owner's ID * [auth_code] => (string) The authorisation code * [stage] => (string) The session's stage - * [first_requested] => (int) Unix timestamp of the time the session was first generated - * [last_updated] => (int) Unix timestamp of the time the session was last updated + * [first_requested] => (int) Unix timestamp of the time the session was + * first generated + * [last_updated] => (int) Unix timestamp of the time the session was + * last updated * ) * * From 727cdb54e77d05726f60f275cfca084b21d321d9 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 20 Jul 2012 11:04:08 +0100 Subject: [PATCH 079/199] Lots of docblock updates --- src/oauth2server/Server.php | 46 +++++++++++++++++++++++++------------ 1 file changed, 31 insertions(+), 15 deletions(-) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index c84aa2fb..bfc1a841 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -179,7 +179,15 @@ class Server return $params; } - public function newAuthoriseRequest(string $typeId, array $authoriseParams) + /** + * Parse a new authorise request + * + * @param string $type The session owner's type + * @param string $typeId The session owner's ID + * @param array $authoriseParams The authorise request $_GET parameters + * @return string An authorisation code + */ + public function newAuthoriseRequest(string $type, string $typeId, array $authoriseParams) { // Check if the user already has an access token $accessToken = $this->db->hasAccessToken($typeId, @@ -221,21 +229,31 @@ class Server } /** - * Generates a unique code + * Generate a unique code * * Generate a unique code for an authorisation code, or token * - * @access public - * @return string + * @return string A unique code */ private function generateCode() { return sha1(uniqid(microtime())); } - public function newAuthCode(string $clientId, $type = 'user', - string $typeId, string $redirectUri, $scopes = array(), - string $accessToken = null) + /** + * Create a new authorisation code + * + * @param string $clientId The client ID + * @param string $type The type of the owner of the session + * @param string $typeId The session owner's ID + * @param string $redirectUri The redirect URI + * @param array $scopes The requested scopes + * @param string $accessToken The access token (default = null) + * @return string An authorisation code + */ + public function newAuthCode(string $clientId, $type = 'user', + string $typeId, string $redirectUri, $scopes = array(), + string $accessToken = null) { $authCode = $this->generateCode(); @@ -278,20 +296,18 @@ class Server } return $authCode; - } + } /** * Generates the redirect uri with appended params * - * @param string $redirect_uri The redirect URI - * @param array $params The parameters to be appended to the URL - * @param string $query_delimeter The query string delimiter (default: ?) - * - * @access public - * @return string + * @param string $redirectUri The redirect URI + * @param array $params The parameters to be appended to the URL + * @param string $query_delimeter The query string delimiter (default: ?) + * @return string The updated redirect URI */ public function redirectUri(string $redirectUri, $params = array(), - $queryDelimeter = '?') + $queryDelimeter = '?') { if (strstr($redirectUri, $queryDelimeter)) { From b1a55806a83c9c2461a58fc3511261ee2aaef122 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 20 Jul 2012 11:04:23 +0100 Subject: [PATCH 080/199] Changed the class to AuthServer --- src/oauth2server/Server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index bfc1a841..eb789796 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -8,7 +8,7 @@ class OAuthServerUserException extends \Exception {} class OAuthServerException extends \Exception {} -class Server +class AuthServer { private $db = null; From 5c32269ad42316487c172010cc64bbf37a8832b7 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 20 Jul 2012 11:05:26 +0100 Subject: [PATCH 081/199] Renamed the file to AuthServer.php --- src/oauth2server/{Server.php => AuthServer.php} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename src/oauth2server/{Server.php => AuthServer.php} (100%) diff --git a/src/oauth2server/Server.php b/src/oauth2server/AuthServer.php similarity index 100% rename from src/oauth2server/Server.php rename to src/oauth2server/AuthServer.php From eb0756e7e01735d0e8ecf81123f99901d837543b Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 20 Jul 2012 11:06:20 +0100 Subject: [PATCH 082/199] Fixed line length --- src/oauth2server/AuthServer.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/oauth2server/AuthServer.php b/src/oauth2server/AuthServer.php index eb789796..67da6108 100644 --- a/src/oauth2server/AuthServer.php +++ b/src/oauth2server/AuthServer.php @@ -187,7 +187,8 @@ class AuthServer * @param array $authoriseParams The authorise request $_GET parameters * @return string An authorisation code */ - public function newAuthoriseRequest(string $type, string $typeId, array $authoriseParams) + public function newAuthoriseRequest(string $type, string $typeId, + array $authoriseParams) { // Check if the user already has an access token $accessToken = $this->db->hasAccessToken($typeId, From 7f6d2db0a254d7c2c3f48081bc4d4285c90a33c9 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 20 Jul 2012 11:20:58 +0100 Subject: [PATCH 083/199] renamed class as test --- src/oauth2server/AuthServer.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/oauth2server/AuthServer.php b/src/oauth2server/AuthServer.php index 67da6108..5ceaa0d5 100644 --- a/src/oauth2server/AuthServer.php +++ b/src/oauth2server/AuthServer.php @@ -8,7 +8,7 @@ class OAuthServerUserException extends \Exception {} class OAuthServerException extends \Exception {} -class AuthServer +class Authserver { private $db = null; From 63435154f404be4a03156d951885c9367cfe33e1 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 20 Jul 2012 11:22:04 +0100 Subject: [PATCH 084/199] Rename back to Server.php --- src/oauth2server/{AuthServer.php => Server.php} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename src/oauth2server/{AuthServer.php => Server.php} (100%) diff --git a/src/oauth2server/AuthServer.php b/src/oauth2server/Server.php similarity index 100% rename from src/oauth2server/AuthServer.php rename to src/oauth2server/Server.php From f1547080316b5cf0565b9ed901fd6994fddb76a3 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 20 Jul 2012 11:22:31 +0100 Subject: [PATCH 085/199] Renamed class --- src/oauth2server/Server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index 5ceaa0d5..b02c456e 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -8,7 +8,7 @@ class OAuthServerUserException extends \Exception {} class OAuthServerException extends \Exception {} -class Authserver +class Server { private $db = null; From 971f7bf4026118aff2a449fc6375cc51ac21e72d Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 20 Jul 2012 11:25:29 +0100 Subject: [PATCH 086/199] Renamed inteface to Database --- src/oauth2server/DatabaseInterface.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/oauth2server/DatabaseInterface.php b/src/oauth2server/DatabaseInterface.php index 560b32a4..2c8a1a28 100644 --- a/src/oauth2server/DatabaseInterface.php +++ b/src/oauth2server/DatabaseInterface.php @@ -2,7 +2,7 @@ namespace oauth2server; -interface DatabaseInteface +interface Database { /** * Validate a client From e3b2c4a95cb7048217a07e670ce8ec7a152489bd Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 20 Jul 2012 11:25:58 +0100 Subject: [PATCH 087/199] Renamed interface file --- src/oauth2server/{DatabaseInterface.php => Database.php} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename src/oauth2server/{DatabaseInterface.php => Database.php} (100%) diff --git a/src/oauth2server/DatabaseInterface.php b/src/oauth2server/Database.php similarity index 100% rename from src/oauth2server/DatabaseInterface.php rename to src/oauth2server/Database.php From 386b5794e7892bbfe33267b723b4ed4b904af61e Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 20 Jul 2012 15:41:04 +0100 Subject: [PATCH 088/199] Updated exceptions to use exception codes and sprintf to state which parameters or scopes are wrong --- src/oauth2server/Server.php | 56 +++++++++++++++++++------------------ 1 file changed, 29 insertions(+), 27 deletions(-) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index b02c456e..ff57534b 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -19,24 +19,34 @@ class Server 'scope_delimeter' => ',' ); + public $exceptionCodes = array( + 0 => 'invalid_request', + 1 => 'unauthorized_client', + 2 => 'access_denied', + 3 => 'unsupported_response_type', + 4 => 'invalid_scope', + 5 => 'server_error', + 6 => 'temporarily_unavailable' + ); + protected $errors = array( - 'invalid_request' => 'The request is missing a required parameter, - includes an invalid parameter value, includes a parameter more than - once, or is otherwise malformed.', + 'invalid_request' => 'The request is missing a required parameter, + includes an invalid parameter value, includes a parameter more than + once, or is otherwise malformed. Check the "%s" parameter.', 'unauthorized_client' => 'The client is not authorized to request an - access token using this method.', +access token using this method.', 'access_denied' => 'The resource owner or authorization server denied - the request.', +the request.', 'unsupported_response_type' => 'The authorization server does not - support obtaining an access token using this method.', +support obtaining an access token using this method.', 'invalid_scope' => 'The requested scope is invalid, unknown, or - malformed.', + malformed. Check the "%s" scope.', 'server_error' => 'The authorization server encountered an unexpected - condition which prevented it from fulfilling the request.', +condition which prevented it from fulfilling the request.', 'temporarily_unavailable' => 'The authorization server is currently - unable to handle the request due to a temporary overloading or - maintenance of the server.' - ); +unable to handle the request due to a temporary overloading or +maintenance of the server.' + ); /** * Constructor @@ -78,8 +88,7 @@ class Server // Client ID if ( ! isset($authParams['client_id']) && ! isset($_GET['client_id'])) { - throw new OAuthServerClientException('invalid_request: ' . - $this->errors['invalid_request']); + throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0); } else { @@ -92,8 +101,7 @@ class Server if ( ! isset($authParams['redirect_uri']) && ! isset($_GET['redirect_uri'])) { - throw new OAuthServerClientException('invalid_request: ' . - $this->errors['invalid_request']); + throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'redirect_uri'), 0); } else { @@ -108,16 +116,14 @@ class Server if ($clientDetails === false) { - throw new OAuthServerClientException('unauthorized_client: ' . - $this->errors['unauthorized_client']); + throw new OAuthServerClientException($this->errors['unauthorized_client'], 1); } // Response type if ( ! isset($authParams['response_type']) && ! isset($_GET['response_type'])) { - throw new OAuthServerClientException('invalid_request: ' . - $this->errors['invalid_request']); + throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'response_type'), 0); } else { @@ -128,8 +134,7 @@ class Server if ( ! in_array($params['response_type'], $this->config['response_types'])) { - throw new OAuthServerClientException('unsupported_response_type: - ' . $this->errors['unsupported_response_type']); + throw new OAuthServerClientException($this->errors['unsupported_response_type'], 3); } } @@ -154,8 +159,7 @@ class Server if (count($scopes) === 0) { - throw new OAuthServerClientException('invalid_request: ' . - $this->errors['invalid_request']); + throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'scope'), 0); } $params['scopes'] = array(); @@ -166,8 +170,7 @@ class Server if ($scopeDetails === false) { - throw new OAuthServerClientException('invalid_scope: ' . - $this->errors['invalid_scope']); + throw new OAuthServerClientException(sprintf($this->errors['invalid_scope'], $scope), 4); } @@ -203,8 +206,7 @@ class Server if ( ! in_array($scope, $originalScopes)) { - throw new OAuthServerClientException('invalid_scope: ' . - $this->errors['invalid_scope']); + throw new OAuthServerClientException($this->errors['invalid_scope'], 4); } From 0638bc39d9458084d0f07f676c55377abcf5a359 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 20 Jul 2012 15:43:08 +0100 Subject: [PATCH 089/199] Missing $type in fund call --- src/oauth2server/Server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index ff57534b..94aaf763 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -194,7 +194,7 @@ maintenance of the server.' array $authoriseParams) { // Check if the user already has an access token - $accessToken = $this->db->hasAccessToken($typeId, + $accessToken = $this->db->hasAccessToken($type, $typeId, $authoriseParams['client_id']); if ($accessToken !== false) { From 4cc2a890b078473397becc3dd75f09e6292d7cfb Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 20 Jul 2012 15:44:07 +0100 Subject: [PATCH 090/199] Fixed line lengths --- src/oauth2server/Server.php | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index 94aaf763..133a450f 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -88,7 +88,8 @@ maintenance of the server.' // Client ID if ( ! isset($authParams['client_id']) && ! isset($_GET['client_id'])) { - throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0); + throw new OAuthServerClientException(sprintf( + $this->errors['invalid_request'], 'client_id'), 0); } else { @@ -101,7 +102,8 @@ maintenance of the server.' if ( ! isset($authParams['redirect_uri']) && ! isset($_GET['redirect_uri'])) { - throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'redirect_uri'), 0); + throw new OAuthServerClientException(sprintf( + $this->errors['invalid_request'], 'redirect_uri'), 0); } else { @@ -116,14 +118,16 @@ maintenance of the server.' if ($clientDetails === false) { - throw new OAuthServerClientException($this->errors['unauthorized_client'], 1); + throw new OAuthServerClientException( + $this->errors['unauthorized_client'], 1); } // Response type if ( ! isset($authParams['response_type']) && ! isset($_GET['response_type'])) { - throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'response_type'), 0); + throw new OAuthServerClientException(sprintf( + $this->errors['invalid_request'], 'response_type'), 0); } else { @@ -134,7 +138,8 @@ maintenance of the server.' if ( ! in_array($params['response_type'], $this->config['response_types'])) { - throw new OAuthServerClientException($this->errors['unsupported_response_type'], 3); + throw new OAuthServerClientException( + $this->errors['unsupported_response_type'], 3); } } @@ -159,7 +164,8 @@ maintenance of the server.' if (count($scopes) === 0) { - throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'scope'), 0); + throw new OAuthServerClientException(sprintf( + $this->errors['invalid_request'], 'scope'), 0); } $params['scopes'] = array(); @@ -170,7 +176,8 @@ maintenance of the server.' if ($scopeDetails === false) { - throw new OAuthServerClientException(sprintf($this->errors['invalid_scope'], $scope), 4); + throw new OAuthServerClientException(sprintf( + $this->errors['invalid_scope'], $scope), 4); } @@ -206,7 +213,8 @@ maintenance of the server.' if ( ! in_array($scope, $originalScopes)) { - throw new OAuthServerClientException($this->errors['invalid_scope'], 4); + throw new OAuthServerClientException( + $this->errors['invalid_scope'], 4); } From a292c4fe86b7a6b4878e22529b8acd0de93ac192 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 20 Jul 2012 15:56:56 +0100 Subject: [PATCH 091/199] Fixed for loop parameter order. FOOL. --- src/oauth2server/Server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index 133a450f..50153c0e 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -154,7 +154,7 @@ maintenance of the server.' $scopes = explode($this->config['scope_delimeter'], $scopes); - for ($i = 0; $i++; $i < count($scopes)) { + for ($i = 0; $i < count($scopes); $i++) { $scopes[$i] = trim($scopes[$i]); if ($scopes[$i] === '') { From 2b6db69a5a9c842bd0b510dee7d6fa2dec21bbea Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 20 Jul 2012 15:57:29 +0100 Subject: [PATCH 092/199] Added comment to explain code that removes invalid scopes --- src/oauth2server/Server.php | 1 + 1 file changed, 1 insertion(+) diff --git a/src/oauth2server/Server.php b/src/oauth2server/Server.php index 50153c0e..857daefe 100644 --- a/src/oauth2server/Server.php +++ b/src/oauth2server/Server.php @@ -154,6 +154,7 @@ maintenance of the server.' $scopes = explode($this->config['scope_delimeter'], $scopes); + // Remove any junk scopes for ($i = 0; $i < count($scopes); $i++) { $scopes[$i] = trim($scopes[$i]); From 2e653ca351a95fa6f009f189373391d3c346fce9 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 20 Jul 2012 17:49:06 +0100 Subject: [PATCH 093/199] Renamed folder --- src/{oauth2server => OAuth2}/Database.php | 0 src/{oauth2server => OAuth2}/Server.php | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename src/{oauth2server => OAuth2}/Database.php (100%) rename src/{oauth2server => OAuth2}/Server.php (100%) diff --git a/src/oauth2server/Database.php b/src/OAuth2/Database.php similarity index 100% rename from src/oauth2server/Database.php rename to src/OAuth2/Database.php diff --git a/src/oauth2server/Server.php b/src/OAuth2/Server.php similarity index 100% rename from src/oauth2server/Server.php rename to src/OAuth2/Server.php From d7cde41fb1dbf9272aafaeee56280bf606bef41e Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 20 Jul 2012 17:49:59 +0100 Subject: [PATCH 094/199] Changed the namespace to "OAuth2" --- src/OAuth2/Database.php | 2 +- src/OAuth2/Server.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/OAuth2/Database.php b/src/OAuth2/Database.php index 2c8a1a28..1ee6b928 100644 --- a/src/OAuth2/Database.php +++ b/src/OAuth2/Database.php @@ -1,6 +1,6 @@ Date: Mon, 23 Jul 2012 14:22:05 +0100 Subject: [PATCH 095/199] Updated composer.json --- composer.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/composer.json b/composer.json index 34309cdd..24c4d1c9 100644 --- a/composer.json +++ b/composer.json @@ -1,8 +1,8 @@ { - "name": "lncd/oauth2server", + "name": "lncd/OAuth2", "description": "OAuth 2.0 server - UNDER DEVELOPMENT - NOT READY FOR PRIMETIME", "version": "0.0.1", - "homepage": "https://github.com/lncd/oauth2server", + "homepage": "https://github.com/lncd/OAuth2", "license": "MIT", "require": { "php": ">=5.3.0" @@ -10,7 +10,7 @@ "repositories": [ { "type": "git", - "url": "https://github.com/lncd/oauth2server" + "url": "https://github.com/lncd/OAuth2" } ], "keywords": [ From f346fde718b9d7af9876ed7b045d0f29f7e78453 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 23 Jul 2012 14:41:15 +0100 Subject: [PATCH 096/199] Fixed naming issues --- composer.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/composer.json b/composer.json index 24c4d1c9..f917cf1d 100644 --- a/composer.json +++ b/composer.json @@ -1,5 +1,5 @@ { - "name": "lncd/OAuth2", + "name": "lncd/Oauth2", "description": "OAuth 2.0 server - UNDER DEVELOPMENT - NOT READY FOR PRIMETIME", "version": "0.0.1", "homepage": "https://github.com/lncd/OAuth2", @@ -28,7 +28,7 @@ ], "autoload": { "psr-0": { - "oauth2server": "src/" + "Oauth2": "src/" } } } \ No newline at end of file From 2b17c1f7afbfb5386fc277fabb4de41abe2b33b2 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 23 Jul 2012 14:41:32 +0100 Subject: [PATCH 097/199] Fixed namespaces --- src/OAuth2/Database.php | 2 +- src/OAuth2/Server.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/OAuth2/Database.php b/src/OAuth2/Database.php index 1ee6b928..6d6a5159 100644 --- a/src/OAuth2/Database.php +++ b/src/OAuth2/Database.php @@ -1,6 +1,6 @@ Date: Mon, 23 Jul 2012 14:42:15 +0100 Subject: [PATCH 098/199] Temp fix for folder name --- src/{OAuth2 => Oauth2a}/Database.php | 0 src/{OAuth2 => Oauth2a}/Server.php | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename src/{OAuth2 => Oauth2a}/Database.php (100%) rename src/{OAuth2 => Oauth2a}/Server.php (100%) diff --git a/src/OAuth2/Database.php b/src/Oauth2a/Database.php similarity index 100% rename from src/OAuth2/Database.php rename to src/Oauth2a/Database.php diff --git a/src/OAuth2/Server.php b/src/Oauth2a/Server.php similarity index 100% rename from src/OAuth2/Server.php rename to src/Oauth2a/Server.php From 7201d3ad88cb1e87077739c931b2dd67987c87d9 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 23 Jul 2012 14:42:36 +0100 Subject: [PATCH 099/199] Fixed folder name --- src/{Oauth2a => Oauth2}/Database.php | 0 src/{Oauth2a => Oauth2}/Server.php | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename src/{Oauth2a => Oauth2}/Database.php (100%) rename src/{Oauth2a => Oauth2}/Server.php (100%) diff --git a/src/Oauth2a/Database.php b/src/Oauth2/Database.php similarity index 100% rename from src/Oauth2a/Database.php rename to src/Oauth2/Database.php diff --git a/src/Oauth2a/Server.php b/src/Oauth2/Server.php similarity index 100% rename from src/Oauth2a/Server.php rename to src/Oauth2/Server.php From d4026677e40fb05864eac36ebe3dad9daece4892 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 25 Jul 2012 12:02:23 +0100 Subject: [PATCH 100/199] Added access_token_expire option (for refresh token support) --- src/Oauth2/Server.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/Oauth2/Server.php b/src/Oauth2/Server.php index 94710320..7279a67f 100644 --- a/src/Oauth2/Server.php +++ b/src/Oauth2/Server.php @@ -13,10 +13,11 @@ class Server private $db = null; private $config = array( - 'response_types' => array( - 'code' - ), - 'scope_delimeter' => ',' + 'response_types' => array( + 'code' + ), + 'scope_delimeter' => ',', + 'access_token_expire' => 0 ); public $exceptionCodes = array( From 17ce8b97d8911a98d586a4c89042e98f643ec88c Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 25 Jul 2012 12:02:41 +0100 Subject: [PATCH 101/199] Removed typecasting --- src/Oauth2/Server.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/Oauth2/Server.php b/src/Oauth2/Server.php index 7279a67f..9d277509 100644 --- a/src/Oauth2/Server.php +++ b/src/Oauth2/Server.php @@ -199,8 +199,7 @@ maintenance of the server.' * @param array $authoriseParams The authorise request $_GET parameters * @return string An authorisation code */ - public function newAuthoriseRequest(string $type, string $typeId, - array $authoriseParams) + public function newAuthoriseRequest($type, $typeId, $authoriseParams) { // Check if the user already has an access token $accessToken = $this->db->hasAccessToken($type, $typeId, From 411cab17344d99e733fc89430ae060b5ab066a3e Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 25 Jul 2012 12:03:25 +0100 Subject: [PATCH 102/199] Reworked newAuthoriseRequest method so that is always creates a new session (and removes any existing sessions) --- src/Oauth2/Server.php | 50 +++++++++++++------------------------------ 1 file changed, 15 insertions(+), 35 deletions(-) diff --git a/src/Oauth2/Server.php b/src/Oauth2/Server.php index 9d277509..631ed00b 100644 --- a/src/Oauth2/Server.php +++ b/src/Oauth2/Server.php @@ -201,43 +201,23 @@ maintenance of the server.' */ public function newAuthoriseRequest($type, $typeId, $authoriseParams) { - // Check if the user already has an access token - $accessToken = $this->db->hasAccessToken($type, $typeId, - $authoriseParams['client_id']); + // Remove any old sessions the user might have + $this->db->deleteSession( + $authoriseParams['client_id'], + $type, + $typeId + ); - if ($accessToken !== false) { + // Create the new auth code + $authCode = $this->newAuthCode( + $authoriseParams['client_id'], + 'user', + $typeId, + $authoriseParams['redirect_uri'], + $authoriseParams['scopes'] + ); - // Validate the access token matches the scopes requested - $originalScopes = $this->db->accessTokenScopes($accessToken); - - foreach ($authoriseParams['scopes'] as $scope) { - - if ( ! in_array($scope, $originalScopes)) { - - throw new OAuthServerClientException( - $this->errors['invalid_scope'], 4); - - } - - } - - // The user has authorised the client so generate a new - // authorisation code and return it - - $authCode = $this->newAuthCode($authoriseParams['client_id'], - 'user', $typeId, $authoriseParams['redirect_uri'], - $authoriseParams['scopes'], $accessToken); - - return $authCode; - - } else { - - $authCode = $this->newAuthCode($authoriseParams['client_id'], - 'user', $typeId, $authoriseParams['redirect_uri'], - $authoriseParams['scopes']); - - return $authCode; - } + return $authCode; } /** From d5c898329391ca9b5103110ce93b13d8b2c679ae Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 25 Jul 2012 12:03:50 +0100 Subject: [PATCH 103/199] Removed typecasting of parameters and tidied up appearance --- src/Oauth2/Server.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/Oauth2/Server.php b/src/Oauth2/Server.php index 631ed00b..a2492cf6 100644 --- a/src/Oauth2/Server.php +++ b/src/Oauth2/Server.php @@ -243,9 +243,14 @@ maintenance of the server.' * @param string $accessToken The access token (default = null) * @return string An authorisation code */ - public function newAuthCode(string $clientId, $type = 'user', - string $typeId, string $redirectUri, $scopes = array(), - string $accessToken = null) + public function newAuthCode( + $clientId, + $type = 'user', + $typeId, + $redirectUri, + $scopes = array(), + $accessToken = null + ) { $authCode = $this->generateCode(); From 1d129e4af87404c9a75e36005e51cab12fe71afd Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 25 Jul 2012 12:06:15 +0100 Subject: [PATCH 104/199] Reworked query of hasSession --- src/Oauth2/Database.php | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/Oauth2/Database.php b/src/Oauth2/Database.php index 6d6a5159..4a3b42a5 100644 --- a/src/Oauth2/Database.php +++ b/src/Oauth2/Database.php @@ -76,16 +76,14 @@ interface Database * * UPDATE oauth_sessions SET auth_code = $authCode, access_token = * $accessToken, stage = $stage, last_updated = UNIX_TIMESTAMP(NOW()) WHERE - * client_id = $clientId AND owner_type = $type AND owner_id = $typeId + * id = $sessionId * * - * @param string $clientId The client ID - * @param string $type The session owner's type (default = "user") - * @param string $typeId The session owner's ID (default = "null") + * @param string $sessionId The session ID * @param string $authCode The authorisation code (default = "null") * @param string $accessToken The access token (default = "null") * @param string $stage The stage of the session (default ="request") - * @return [type] [description] + * @return void */ public function updateSession( $clientId, From e860ca0d0a3880c35fa696c4341e874f98c1f06a Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 25 Jul 2012 12:06:33 +0100 Subject: [PATCH 105/199] Reworked update session --- src/Oauth2/Database.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/Oauth2/Database.php b/src/Oauth2/Database.php index 4a3b42a5..15f18e97 100644 --- a/src/Oauth2/Database.php +++ b/src/Oauth2/Database.php @@ -86,12 +86,10 @@ interface Database * @return void */ public function updateSession( - $clientId, - $type = 'user', - $typeId = null, + $sessionId, $authCode = null, $accessToken = null, - $stage + $stage = 'request' ); /** From 854ea81ed8cb40852d4b9bbe385bf1ec2675d9cf Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 25 Jul 2012 12:07:08 +0100 Subject: [PATCH 106/199] Fixing hasSession --- src/Oauth2/Database.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/Oauth2/Database.php b/src/Oauth2/Database.php index 15f18e97..0ee0931d 100644 --- a/src/Oauth2/Database.php +++ b/src/Oauth2/Database.php @@ -153,22 +153,22 @@ interface Database ); /** - * Return the access token for a given session owner and client combination + * Return the session ID for a given session owner and client combination * * Database query: * * - * SELECT access_token FROM oauth_sessions WHERE client_id = $clientId + * SELECT id FROM oauth_sessions WHERE client_id = $clientId * AND owner_type = $type AND owner_id = $typeId * * * @param string $type The session owner's type * @param string $typeId The session owner's ID * @param string $clientId The client ID - * @return string|null Return the access token as a string if - * found otherwise returns null + * @return string|null Return the session ID as an integer if + * found otherwise returns false */ - public function hasAccessToken( + public function hasSession( $type, $typeId, $clientId From 03fd7aa50152c981d36fdcd9a91b5ef04d72dc0c Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 25 Jul 2012 12:18:12 +0100 Subject: [PATCH 107/199] Removed typecasting --- src/Oauth2/Server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Oauth2/Server.php b/src/Oauth2/Server.php index a2492cf6..7d6b444d 100644 --- a/src/Oauth2/Server.php +++ b/src/Oauth2/Server.php @@ -303,7 +303,7 @@ maintenance of the server.' * @param string $query_delimeter The query string delimiter (default: ?) * @return string The updated redirect URI */ - public function redirectUri(string $redirectUri, $params = array(), + public function redirectUri($redirectUri, $params = array(), $queryDelimeter = '?') { From bb4ca4eb3763eafd757fd5a4b1e737623d294348 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 25 Jul 2012 12:22:31 +0100 Subject: [PATCH 108/199] Fixed relationships between oauth_session_scope table and oauth_sessions --- src/sql/database.sql | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/sql/database.sql b/src/sql/database.sql index e17eeb8d..69454b7a 100644 --- a/src/sql/database.sql +++ b/src/sql/database.sql @@ -53,6 +53,6 @@ CREATE TABLE `oauth_session_scopes` ( KEY `session_id` (`session_id`), KEY `access_token` (`access_token`), KEY `scope` (`scope`), - CONSTRAINT `oauth_session_scopes_ibfk_2` FOREIGN KEY (`scope`) REFERENCES `scopes` (`scope`) ON DELETE CASCADE, - CONSTRAINT `oauth_session_scopes_ibfk_3` FOREIGN KEY (`scope`) REFERENCES `scopes` (`scope`) ON DELETE CASCADE ON UPDATE CASCADE + CONSTRAINT `oauth_session_scopes_ibfk_3` FOREIGN KEY (`scope`) REFERENCES `scopes` (`scope`) ON DELETE CASCADE ON UPDATE CASCADE, + CONSTRAINT `oauth_session_scopes_ibfk_4` FOREIGN KEY (`session_id`) REFERENCES `oauth_sessions` (`id`) ON DELETE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=utf8; \ No newline at end of file From d25ef6bb89f07bc8f1217383006f1cec2db4390c Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 25 Jul 2012 12:22:51 +0100 Subject: [PATCH 109/199] Fixed adding scope to a session --- src/Oauth2/Server.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Oauth2/Server.php b/src/Oauth2/Server.php index 7d6b444d..02be4c5b 100644 --- a/src/Oauth2/Server.php +++ b/src/Oauth2/Server.php @@ -284,9 +284,9 @@ maintenance of the server.' ); // Add the scopes - foreach ($scopes as $scope) { + foreach ($scopes as $key => $scope) { - $this->db->addSessionScope($sessionId, $scope); + $this->db->addSessionScope($sessionId, $scope['scope']); } From 5d012c6cf442d7631f0559372c283ddf9480d710 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 25 Jul 2012 14:29:04 +0100 Subject: [PATCH 110/199] Added access_token_expires column to oauth_sessions table --- src/sql/database.sql | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/src/sql/database.sql b/src/sql/database.sql index 69454b7a..0c218795 100644 --- a/src/sql/database.sql +++ b/src/sql/database.sql @@ -20,13 +20,14 @@ CREATE TABLE `client_endpoints` ( -- Create syntax for TABLE 'oauth_sessions' CREATE TABLE `oauth_sessions` ( `id` int(11) unsigned NOT NULL AUTO_INCREMENT, - `client_id` varchar(32) CHARACTER SET latin1 NOT NULL DEFAULT '', - `redirect_uri` varchar(250) CHARACTER SET latin1 NOT NULL DEFAULT '', - `owner_type` enum('user','client') CHARACTER SET latin1 NOT NULL DEFAULT 'user', - `owner_id` varchar(255) CHARACTER SET latin1 DEFAULT NULL, - `auth_code` varchar(40) CHARACTER SET latin1 DEFAULT '', - `access_token` varchar(40) CHARACTER SET latin1 DEFAULT '', - `stage` enum('requested','granted') CHARACTER SET latin1 NOT NULL DEFAULT 'requested', + `client_id` varchar(32) NOT NULL DEFAULT '', + `redirect_uri` varchar(250) NOT NULL DEFAULT '', + `owner_type` enum('user','client') NOT NULL DEFAULT 'user', + `owner_id` varchar(255) DEFAULT NULL, + `auth_code` varchar(40) DEFAULT '', + `access_token` varchar(40) DEFAULT '', + `access_token_expires` int(10) DEFAULT NULL, + `stage` enum('requested','granted') NOT NULL DEFAULT 'requested', `first_requested` int(10) unsigned NOT NULL, `last_updated` int(10) unsigned NOT NULL, PRIMARY KEY (`id`), From b0bd812da2ebd04752d7a8857c764ab4b78afb72 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 25 Jul 2012 14:29:58 +0100 Subject: [PATCH 111/199] Changed $config['access_token_expire'] to $config['access_token_ttl']. Default value is now null --- src/Oauth2/Server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Oauth2/Server.php b/src/Oauth2/Server.php index 02be4c5b..1c49b604 100644 --- a/src/Oauth2/Server.php +++ b/src/Oauth2/Server.php @@ -17,7 +17,7 @@ class Server 'code' ), 'scope_delimeter' => ',', - 'access_token_expire' => 0 + 'access_token_ttl' => null ); public $exceptionCodes = array( From a23bb301c08b7195a36a46960e8bc35cbf4e30a6 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 25 Jul 2012 14:30:24 +0100 Subject: [PATCH 112/199] Added more error messages and codes --- src/Oauth2/Server.php | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/src/Oauth2/Server.php b/src/Oauth2/Server.php index 1c49b604..7992aa65 100644 --- a/src/Oauth2/Server.php +++ b/src/Oauth2/Server.php @@ -27,7 +27,10 @@ class Server 3 => 'unsupported_response_type', 4 => 'invalid_scope', 5 => 'server_error', - 6 => 'temporarily_unavailable' + 6 => 'temporarily_unavailable', + 7 => 'unsupported_grant_type', + 8 => 'invalid_client', + 9 => 'invalid_grant' ); protected $errors = array( @@ -46,7 +49,14 @@ support obtaining an access token using this method.', condition which prevented it from fulfilling the request.', 'temporarily_unavailable' => 'The authorization server is currently unable to handle the request due to a temporary overloading or -maintenance of the server.' +maintenance of the server.', + 'unsupported_grant_type' => 'The authorization grant type is not + supported by the authorization server', + 'invalid_client' => 'Client authentication failed', + 'invalid_grant' => 'The provided authorization grant is invalid, + expired, revoked, does not match the redirection URI used in the + authorization request, or was issued to another client. Check the + "%s" parameter.' ); /** From fd1fe96c07c011eba7be304f88b0116ea6e705f8 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 25 Jul 2012 14:30:39 +0100 Subject: [PATCH 113/199] Removed typehinting --- src/Oauth2/Server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Oauth2/Server.php b/src/Oauth2/Server.php index 7992aa65..ee520c6b 100644 --- a/src/Oauth2/Server.php +++ b/src/Oauth2/Server.php @@ -92,7 +92,7 @@ maintenance of the server.', * @param array $authParams Optional array of parsed $_GET keys * @return array Authorise request parameters */ - public function checkClientAuthoriseParams(array $authParams = null) + public function checkClientAuthoriseParams($authParams = null) { $params = array(); From 3c599e54546d9ea4af8e0c6a1506fc19fcb61267 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 25 Jul 2012 14:31:09 +0100 Subject: [PATCH 114/199] Changed the error thrown if the client credentials are invalid to invalid_client --- src/Oauth2/Server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Oauth2/Server.php b/src/Oauth2/Server.php index ee520c6b..99dcf214 100644 --- a/src/Oauth2/Server.php +++ b/src/Oauth2/Server.php @@ -130,7 +130,7 @@ maintenance of the server.', if ($clientDetails === false) { throw new OAuthServerClientException( - $this->errors['unauthorized_client'], 1); + $this->errors['invalid_client'], 8); } // Response type From d9953ef1edb7f6da08a8ba71771b92d988dff78e Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 25 Jul 2012 14:31:32 +0100 Subject: [PATCH 115/199] Changed scope of newAuthCode method to private --- src/Oauth2/Server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Oauth2/Server.php b/src/Oauth2/Server.php index 99dcf214..9f3473ea 100644 --- a/src/Oauth2/Server.php +++ b/src/Oauth2/Server.php @@ -253,7 +253,7 @@ maintenance of the server.', * @param string $accessToken The access token (default = null) * @return string An authorisation code */ - public function newAuthCode( + private function newAuthCode( $clientId, $type = 'user', $typeId, From ee7308c0c9e855b6ce3969987e6dfbf401257223 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 25 Jul 2012 14:31:52 +0100 Subject: [PATCH 116/199] Included extra default parameter for access token expiry --- src/Oauth2/Server.php | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Oauth2/Server.php b/src/Oauth2/Server.php index 9f3473ea..02c34c8a 100644 --- a/src/Oauth2/Server.php +++ b/src/Oauth2/Server.php @@ -290,6 +290,7 @@ maintenance of the server.', $typeId, $authCode, null, + null, 'request' ); From 79ff22f48c3ab9c2d4a0f84356a851c2753d6937 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 25 Jul 2012 14:32:27 +0100 Subject: [PATCH 117/199] Added new completeAuthCodeGrant method --- src/Oauth2/Server.php | 131 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 130 insertions(+), 1 deletion(-) diff --git a/src/Oauth2/Server.php b/src/Oauth2/Server.php index 02c34c8a..66844d4f 100644 --- a/src/Oauth2/Server.php +++ b/src/Oauth2/Server.php @@ -304,7 +304,136 @@ maintenance of the server.', } return $authCode; - } + } + + /** + * Complete the authorisation code grant + * + * @access public + * @param array $authParams Optional array of parsed $_POST keys + * @return array Authorise request parameters + */ + public function completeAuthCodeGrant($authParams = null) + { + $params = array(); + + // Client ID + if ( ! isset($authParams['client_id']) && ! isset($_POST['client_id'])) { + + throw new OAuthServerClientException(sprintf( + $this->errors['invalid_request'], 'client_id'), 0); + + } else { + + $params['client_id'] = (isset($authParams['client_id'])) ? + $authParams['client_id'] : $_POST['client_id']; + + } + + // Client secret + if ( ! isset($authParams['client_secret']) && ! isset($_POST['client_secret'])) { + + throw new OAuthServerClientException(sprintf( + $this->errors['invalid_request'], 'client_secret'), 0); + + } else { + + $params['client_secret'] = (isset($authParams['client_secret'])) ? + $authParams['client_secret'] : $_POST['client_secret']; + + } + + // Redirect URI + if ( ! isset($authParams['redirect_uri']) && + ! isset($_POST['redirect_uri'])) { + + throw new OAuthServerClientException(sprintf( + $this->errors['invalid_request'], 'redirect_uri'), 0); + + } else { + + $params['redirect_uri'] = (isset($authParams['redirect_uri'])) ? + $authParams['redirect_uri'] : $_POST['redirect_uri']; + + } + + // Validate client ID and redirect URI + $clientDetails = $this->db->validateClient($params['client_id'], $params['client_secret'], + $params['redirect_uri']); + + if ($clientDetails === false) { + + throw new OAuthServerClientException( + $this->errors['invalid_client'], 8); + } + + // Grant type (must be 'authorization_code') + if ( ! isset($authParams['grant_type']) && + ! isset($_POST['grant_type'])) { + + throw new OAuthServerClientException(sprintf( + $this->errors['invalid_request'], 'grant_type'), 0); + + } else { + + $params['grant_type'] = (isset($authParams['grant_type'])) ? + $authParams['grant_type'] : $_POST['grant_type']; + + // Ensure response type is one that is recognised + if ($params['response_type'] !== 'authorization_code') { + + throw new OAuthServerClientException( + $this->errors['unsupported_grant_type'], 7); + + } + } + + // The authorization code + if ( ! isset($authParams['code']) && + ! isset($_GET['code'])) { + + throw new OAuthServerClientException(sprintf( + $this->errors['invalid_request'], 'code'), 0); + + } else { + + $params['code'] = (isset($authParams['code'])) ? + $authParams['code'] : $_POST['code']; + + } + + // Verify the authorization code matches the client_id and the + // request_uri + $sessionId = $this->db->validateAuthCode($params['client_id'], + $params['request_uri'], $params['code']); + + if ( ! $sessionId) + { + throw new OAuthServerClientException(sprintf( + $this->errors['invalid_grant'], 'code'), 9); + } + + else + { + // A session ID was returned so update it with an access token, + // remove the authorisation code, change the stage to 'granted' + + $accessToken = $this->generateCode(); + + $accessTokenExpires = ($this->config['access_token_ttl'] === null) ? null : time() + $this->config['access_token_ttl']; + + $this->db->updateSession($sessionId, null, $accessToken, $accessTokenExpires, 'granted'); + + // Update the session's scopes to reference the access token + $this->db->updateSessionScopeAccessToken($sessionId, $accessToken); + + return array( + 'access_token' => $accessToken, + 'token_type' => 'bearer', + 'expires_in' => $this->config['access_token_ttl'] + ); + } + } /** * Generates the redirect uri with appended params From fb1eb183ea82e64707ec2f7afdcc53ee7b824aae Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 25 Jul 2012 14:33:02 +0100 Subject: [PATCH 118/199] Added new accessTokenExpire parameter --- src/Oauth2/Database.php | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Oauth2/Database.php b/src/Oauth2/Database.php index 0ee0931d..30cd071e 100644 --- a/src/Oauth2/Database.php +++ b/src/Oauth2/Database.php @@ -66,6 +66,7 @@ interface Database $authCode = null, $accessToken = null, $stage = 'request' + $accessTokenExpire = null, ); /** From 817a93a9096ddd7478dfea33b3c6b6c4df33ffa7 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 25 Jul 2012 14:33:32 +0100 Subject: [PATCH 119/199] Added new accessTokenExpire parameter --- src/Oauth2/Database.php | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Oauth2/Database.php b/src/Oauth2/Database.php index 30cd071e..b8eef5f0 100644 --- a/src/Oauth2/Database.php +++ b/src/Oauth2/Database.php @@ -91,6 +91,7 @@ interface Database $authCode = null, $accessToken = null, $stage = 'request' + $accessTokenExpire = null, ); /** From b15a2c09b30ea9cb75c87b37ed2a0e701addd3f0 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 25 Jul 2012 14:34:03 +0100 Subject: [PATCH 120/199] Changed default stage parameter value to 'requested' from 'request' --- src/Oauth2/Database.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Oauth2/Database.php b/src/Oauth2/Database.php index b8eef5f0..f09ff2c8 100644 --- a/src/Oauth2/Database.php +++ b/src/Oauth2/Database.php @@ -65,8 +65,8 @@ interface Database $typeId = null, $authCode = null, $accessToken = null, - $stage = 'request' $accessTokenExpire = null, + $stage = 'requested' ); /** @@ -90,8 +90,8 @@ interface Database $sessionId, $authCode = null, $accessToken = null, - $stage = 'request' $accessTokenExpire = null, + $stage = 'requested' ); /** From fdf71b758bfcedbef229e3a2093ee5dc197a7394 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 25 Jul 2012 14:34:19 +0100 Subject: [PATCH 121/199] Clarified return type of validateAuthCode method --- src/Oauth2/Database.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Oauth2/Database.php b/src/Oauth2/Database.php index f09ff2c8..8fcac265 100644 --- a/src/Oauth2/Database.php +++ b/src/Oauth2/Database.php @@ -145,8 +145,8 @@ interface Database * @param string $clientId The client ID * @param string $redirectUri The redirect URI * @param string $authCode The authorisation code - * @return array|null Returns an array if the authorisation - * code is valid otherwise returns null + * @return int|bool Returns the session ID if the auth code + * is valid otherwise returns false */ public function validateAuthCode( $clientId, From 7ba0f4ee1a1a2ef81e6d4e51bb56392fb542994f Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 25 Jul 2012 14:40:08 +0100 Subject: [PATCH 122/199] Fixed line lengths --- src/Oauth2/Server.php | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/src/Oauth2/Server.php b/src/Oauth2/Server.php index 66844d4f..e42168d4 100644 --- a/src/Oauth2/Server.php +++ b/src/Oauth2/Server.php @@ -16,6 +16,9 @@ class Server 'response_types' => array( 'code' ), + 'grant_types' => array( + 'authorization_code' + ), 'scope_delimeter' => ',', 'access_token_ttl' => null ); @@ -318,7 +321,8 @@ maintenance of the server.', $params = array(); // Client ID - if ( ! isset($authParams['client_id']) && ! isset($_POST['client_id'])) { + if ( ! isset($authParams['client_id']) && + ! isset($_POST['client_id'])) { throw new OAuthServerClientException(sprintf( $this->errors['invalid_request'], 'client_id'), 0); @@ -331,7 +335,8 @@ maintenance of the server.', } // Client secret - if ( ! isset($authParams['client_secret']) && ! isset($_POST['client_secret'])) { + if ( ! isset($authParams['client_secret']) && + ! isset($_POST['client_secret'])) { throw new OAuthServerClientException(sprintf( $this->errors['invalid_request'], 'client_secret'), 0); @@ -358,7 +363,8 @@ maintenance of the server.', } // Validate client ID and redirect URI - $clientDetails = $this->db->validateClient($params['client_id'], $params['client_secret'], + $clientDetails = $this->db->validateClient($params['client_id'], + $params['client_secret'], $params['redirect_uri']); if ($clientDetails === false) { @@ -407,22 +413,23 @@ maintenance of the server.', $sessionId = $this->db->validateAuthCode($params['client_id'], $params['request_uri'], $params['code']); - if ( ! $sessionId) - { + if ( ! $sessionId) { + throw new OAuthServerClientException(sprintf( $this->errors['invalid_grant'], 'code'), 9); - } + + } else { - else - { // A session ID was returned so update it with an access token, // remove the authorisation code, change the stage to 'granted' $accessToken = $this->generateCode(); - $accessTokenExpires = ($this->config['access_token_ttl'] === null) ? null : time() + $this->config['access_token_ttl']; + $accessTokenExpires = ($this->config['access_token_ttl'] === null) + ? null : time() + $this->config['access_token_ttl']; - $this->db->updateSession($sessionId, null, $accessToken, $accessTokenExpires, 'granted'); + $this->db->updateSession($sessionId, null, $accessToken, + $accessTokenExpires, 'granted'); // Update the session's scopes to reference the access token $this->db->updateSessionScopeAccessToken($sessionId, $accessToken); From def2f4822cccb6222bd4b2da18dd1b65c5982eee Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 25 Jul 2012 15:16:56 +0100 Subject: [PATCH 123/199] Moved the files into a new folder ready for Client libraries and Resource server libraries --- src/Oauth2/{ => Authentication}/Database.php | 0 src/Oauth2/{ => Authentication}/Server.php | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename src/Oauth2/{ => Authentication}/Database.php (100%) rename src/Oauth2/{ => Authentication}/Server.php (100%) diff --git a/src/Oauth2/Database.php b/src/Oauth2/Authentication/Database.php similarity index 100% rename from src/Oauth2/Database.php rename to src/Oauth2/Authentication/Database.php diff --git a/src/Oauth2/Server.php b/src/Oauth2/Authentication/Server.php similarity index 100% rename from src/Oauth2/Server.php rename to src/Oauth2/Authentication/Server.php From 3ca2abc0ae45f3f2e2042e806aef2e4d213dbe78 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 25 Jul 2012 15:18:49 +0100 Subject: [PATCH 124/199] Updated namespaces --- src/Oauth2/Authentication/Database.php | 2 +- src/Oauth2/Authentication/Server.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Oauth2/Authentication/Database.php b/src/Oauth2/Authentication/Database.php index 8fcac265..755e7182 100644 --- a/src/Oauth2/Authentication/Database.php +++ b/src/Oauth2/Authentication/Database.php @@ -1,6 +1,6 @@ Date: Wed, 25 Jul 2012 15:18:58 +0100 Subject: [PATCH 125/199] Added empty resource server file --- src/Oauth2/Resource/Server.php | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 src/Oauth2/Resource/Server.php diff --git a/src/Oauth2/Resource/Server.php b/src/Oauth2/Resource/Server.php new file mode 100644 index 00000000..6c80148c --- /dev/null +++ b/src/Oauth2/Resource/Server.php @@ -0,0 +1,8 @@ + Date: Wed, 25 Jul 2012 16:04:52 +0100 Subject: [PATCH 126/199] Broke the supported response types and authorisation grants out into their own variables --- src/Oauth2/Authentication/Server.php | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/src/Oauth2/Authentication/Server.php b/src/Oauth2/Authentication/Server.php index 361befec..644dae78 100644 --- a/src/Oauth2/Authentication/Server.php +++ b/src/Oauth2/Authentication/Server.php @@ -13,16 +13,25 @@ class Server private $db = null; private $config = array( - 'response_types' => array( - 'code' - ), - 'grant_types' => array( - 'authorization_code' - ), 'scope_delimeter' => ',', 'access_token_ttl' => null ); + /** + * Supported response types + * @var array + */ + private $response_types = array( + 'code' + ); + + /** + * Supported grant types + * @var array + */ + private $grant_types = array( + 'authorization_code' + ); public $exceptionCodes = array( 0 => 'invalid_request', 1 => 'unauthorized_client', From df9c762b2e52037864d0edf2723aee6c6b2ea506 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 25 Jul 2012 16:05:45 +0100 Subject: [PATCH 127/199] Class variable docblocks --- src/Oauth2/Authentication/Server.php | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/src/Oauth2/Authentication/Server.php b/src/Oauth2/Authentication/Server.php index 644dae78..273b29d9 100644 --- a/src/Oauth2/Authentication/Server.php +++ b/src/Oauth2/Authentication/Server.php @@ -10,8 +10,16 @@ class OAuthServerException extends \Exception {} class Server { - private $db = null; + /** + * Reference to the database abstractor + * @var object + */ + private $db; + /** + * Server configuration + * @var array + */ private $config = array( 'scope_delimeter' => ',', 'access_token_ttl' => null @@ -32,6 +40,11 @@ class Server private $grant_types = array( 'authorization_code' ); + + /** + * Exception error codes + * @var array + */ public $exceptionCodes = array( 0 => 'invalid_request', 1 => 'unauthorized_client', @@ -45,7 +58,14 @@ class Server 9 => 'invalid_grant' ); - protected $errors = array( + /** + * Error codes. + * + * To provide i8ln errors just overwrite the keys + * + * @var array + */ + public $errors = array( 'invalid_request' => 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the "%s" parameter.', From 8286724d5693646122a04e11925b7988f26dad5a Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 25 Jul 2012 16:05:55 +0100 Subject: [PATCH 128/199] Removed typecasting --- src/Oauth2/Authentication/Server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Oauth2/Authentication/Server.php b/src/Oauth2/Authentication/Server.php index 273b29d9..5f6e816b 100644 --- a/src/Oauth2/Authentication/Server.php +++ b/src/Oauth2/Authentication/Server.php @@ -98,7 +98,7 @@ maintenance of the server.', * @param array $options Optional list of options to overwrite the defaults * @return void */ - public function __construct(array $options = null) + public function __construct($options = null) { if ($options !== null) { $this->options = array_merge($this->config, $options); From 26751ef6b999084a6f53069d0b091b2847c6a203 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 25 Jul 2012 16:06:37 +0100 Subject: [PATCH 129/199] Broke up the issueAccessToken method to support additional grant types --- src/Oauth2/Authentication/Server.php | 88 ++++++++++++++++++++-------- 1 file changed, 65 insertions(+), 23 deletions(-) diff --git a/src/Oauth2/Authentication/Server.php b/src/Oauth2/Authentication/Server.php index 5f6e816b..107fa387 100644 --- a/src/Oauth2/Authentication/Server.php +++ b/src/Oauth2/Authentication/Server.php @@ -339,16 +339,78 @@ maintenance of the server.', } /** - * Complete the authorisation code grant + * Issue an access token * * @access public + * * @param array $authParams Optional array of parsed $_POST keys + * * @return array Authorise request parameters */ - public function completeAuthCodeGrant($authParams = null) + public function issueAccessToken($authParams = null) { $params = array(); + // Grant type (must be 'authorization_code') + if ( ! isset($authParams['grant_type']) && + ! isset($_POST['grant_type'])) { + + throw new OAuthServerClientException(sprintf( + $this->errors['invalid_request'], 'grant_type'), 0); + + } else { + + $params['grant_type'] = (isset($authParams['grant_type'])) ? + $authParams['grant_type'] : $_POST['grant_type']; + + // Ensure response type is one that is recognised + if ( ! in_array($params['response_type'], + $this->config['grant_types'])) { + + throw new OAuthServerClientException( + $this->errors['unsupported_grant_type'], 7); + + } + } + + switch ($params['grant_type']) + { + // Authorization code grant + case 'authorization_code': + return $this->completeAuthCodeGrant($authParams, $params); + break; + + // Refresh token + case 'refresh_token': + + // Resource owner password credentials grant + case 'password': + + // Client credentials grant + case 'client_credentials': + + // Unsupported + default: + throw new OAuthServerException($this->errors['server_error'] . + 'Tried to process an unsuppported grant type.', + 5); + break; + } + } + + /** + * Complete the authorisation code grant + * + * @access private + * + * @param array $authParams Array of parsed $_POST keys + * @param array $params Generated parameters from issueAccessToken() + * + * @return array Authorise request parameters + */ + private function completeAuthCodeGrant($authParams = array(), $params = + array()) + { // Client ID if ( ! isset($authParams['client_id']) && ! isset($_POST['client_id'])) { @@ -402,27 +464,6 @@ maintenance of the server.', $this->errors['invalid_client'], 8); } - // Grant type (must be 'authorization_code') - if ( ! isset($authParams['grant_type']) && - ! isset($_POST['grant_type'])) { - - throw new OAuthServerClientException(sprintf( - $this->errors['invalid_request'], 'grant_type'), 0); - - } else { - - $params['grant_type'] = (isset($authParams['grant_type'])) ? - $authParams['grant_type'] : $_POST['grant_type']; - - // Ensure response type is one that is recognised - if ($params['response_type'] !== 'authorization_code') { - - throw new OAuthServerClientException( - $this->errors['unsupported_grant_type'], 7); - - } - } - // The authorization code if ( ! isset($authParams['code']) && ! isset($_GET['code'])) { @@ -477,6 +518,7 @@ maintenance of the server.', * @param string $redirectUri The redirect URI * @param array $params The parameters to be appended to the URL * @param string $query_delimeter The query string delimiter (default: ?) + * * @return string The updated redirect URI */ public function redirectUri($redirectUri, $params = array(), From 7027eab507e084ef7ea36e5f23a9eb63b63ecce1 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 25 Jul 2012 16:08:41 +0100 Subject: [PATCH 130/199] Fixed errors relating to response types and grant type variables being moved into their own variables --- src/Oauth2/Authentication/Server.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/Oauth2/Authentication/Server.php b/src/Oauth2/Authentication/Server.php index 107fa387..6125fb02 100644 --- a/src/Oauth2/Authentication/Server.php +++ b/src/Oauth2/Authentication/Server.php @@ -179,7 +179,7 @@ maintenance of the server.', // Ensure response type is one that is recognised if ( ! in_array($params['response_type'], - $this->config['response_types'])) { + $this->response_types)) { throw new OAuthServerClientException( $this->errors['unsupported_response_type'], 3); @@ -364,8 +364,7 @@ maintenance of the server.', $authParams['grant_type'] : $_POST['grant_type']; // Ensure response type is one that is recognised - if ( ! in_array($params['response_type'], - $this->config['grant_types'])) { + if ( ! in_array($params['response_type'], $this->grant_types)) { throw new OAuthServerClientException( $this->errors['unsupported_grant_type'], 7); From 10898ed8d4cd12af2a614a2a97f573e3877b9c0d Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 25 Jul 2012 16:14:16 +0100 Subject: [PATCH 131/199] Changed indentation to spaces --- src/Oauth2/Resource/Server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Oauth2/Resource/Server.php b/src/Oauth2/Resource/Server.php index 6c80148c..15d62fa1 100644 --- a/src/Oauth2/Resource/Server.php +++ b/src/Oauth2/Resource/Server.php @@ -4,5 +4,5 @@ namespace Oauth2\Resource; class Server { - + } \ No newline at end of file From c2ac787f09afb938e372ff922f9e830ebfd49ef7 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 25 Jul 2012 16:15:14 +0100 Subject: [PATCH 132/199] Fixed placement of grant comments to stop PHPCS bitching --- src/Oauth2/Authentication/Server.php | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/src/Oauth2/Authentication/Server.php b/src/Oauth2/Authentication/Server.php index 6125fb02..81b78206 100644 --- a/src/Oauth2/Authentication/Server.php +++ b/src/Oauth2/Authentication/Server.php @@ -374,22 +374,15 @@ maintenance of the server.', switch ($params['grant_type']) { - // Authorization code grant - case 'authorization_code': + + case 'authorization_code': // Authorization code grant return $this->completeAuthCodeGrant($authParams, $params); break; - // Refresh token - case 'refresh_token': - - // Resource owner password credentials grant - case 'password': - - // Client credentials grant - case 'client_credentials': - - // Unsupported - default: + case 'refresh_token': // Refresh token + case 'password': // Resource owner password credentials grant + case 'client_credentials': // Client credentials grant + default: // Unsupported throw new OAuthServerException($this->errors['server_error'] . 'Tried to process an unsuppported grant type.', 5); From 9ead06077c3866616f19e4679627f6a0eab57c20 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Thu, 26 Jul 2012 12:52:48 +0100 Subject: [PATCH 133/199] Updated rule reference to use the official PSR sniffs from https://github.com/squizlabs/PHP_CodeSniffer --- build/phpcs.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build/phpcs.xml b/build/phpcs.xml index 737ec5db..a6ee80da 100644 --- a/build/phpcs.xml +++ b/build/phpcs.xml @@ -1,8 +1,8 @@ - PHP_CodeSniffer configuration for OAuth 2.0 server + PHP_CodeSniffer configuration - + \ No newline at end of file From 9df1c8e20deb936c1b33dbbe0fd77a2d369fe346 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Thu, 26 Jul 2012 12:53:07 +0100 Subject: [PATCH 134/199] Fixed incorrect parameter name --- src/Oauth2/Authentication/Server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Oauth2/Authentication/Server.php b/src/Oauth2/Authentication/Server.php index 81b78206..2f5a1054 100644 --- a/src/Oauth2/Authentication/Server.php +++ b/src/Oauth2/Authentication/Server.php @@ -364,7 +364,7 @@ maintenance of the server.', $authParams['grant_type'] : $_POST['grant_type']; // Ensure response type is one that is recognised - if ( ! in_array($params['response_type'], $this->grant_types)) { + if ( ! in_array($params['grant_type'], $this->grant_types)) { throw new OAuthServerClientException( $this->errors['unsupported_grant_type'], 7); From 8946e0172beff255f6abc5dcb7cff05235f106c4 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Thu, 26 Jul 2012 12:54:29 +0100 Subject: [PATCH 135/199] Added resource server database --- src/Oauth2/Resource/Database.php | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 src/Oauth2/Resource/Database.php diff --git a/src/Oauth2/Resource/Database.php b/src/Oauth2/Resource/Database.php new file mode 100644 index 00000000..c39bb471 --- /dev/null +++ b/src/Oauth2/Resource/Database.php @@ -0,0 +1,7 @@ + Date: Thu, 26 Jul 2012 17:02:01 +0100 Subject: [PATCH 136/199] Removed hard line limit of 80 characters --- src/Oauth2/Authentication/Server.php | 172 ++++++++++----------------- 1 file changed, 65 insertions(+), 107 deletions(-) diff --git a/src/Oauth2/Authentication/Server.php b/src/Oauth2/Authentication/Server.php index 2f5a1054..24e81191 100644 --- a/src/Oauth2/Authentication/Server.php +++ b/src/Oauth2/Authentication/Server.php @@ -66,29 +66,16 @@ class Server * @var array */ public $errors = array( - 'invalid_request' => 'The request is missing a required parameter, - includes an invalid parameter value, includes a parameter more than - once, or is otherwise malformed. Check the "%s" parameter.', - 'unauthorized_client' => 'The client is not authorized to request an -access token using this method.', - 'access_denied' => 'The resource owner or authorization server denied -the request.', - 'unsupported_response_type' => 'The authorization server does not -support obtaining an access token using this method.', - 'invalid_scope' => 'The requested scope is invalid, unknown, or - malformed. Check the "%s" scope.', - 'server_error' => 'The authorization server encountered an unexpected -condition which prevented it from fulfilling the request.', - 'temporarily_unavailable' => 'The authorization server is currently -unable to handle the request due to a temporary overloading or -maintenance of the server.', - 'unsupported_grant_type' => 'The authorization grant type is not - supported by the authorization server', + 'invalid_request' => 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the "%s" parameter.', + 'unauthorized_client' => 'The client is not authorized to request an access token using this method.', + 'access_denied' => 'The resource owner or authorization server denied the request.', + 'unsupported_response_type' => 'The authorization server does not support obtaining an access token using this method.', + 'invalid_scope' => 'The requested scope is invalid, unknown, or malformed. Check the "%s" scope.', + 'server_error' => 'The authorization server encountered an unexpected condition which prevented it from fulfilling the request.', + 'temporarily_unavailable' => 'The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.', + 'unsupported_grant_type' => 'The authorization grant type is not supported by the authorization server', 'invalid_client' => 'Client authentication failed', - 'invalid_grant' => 'The provided authorization grant is invalid, - expired, revoked, does not match the redirection URI used in the - authorization request, or was issued to another client. Check the - "%s" parameter.' + 'invalid_grant' => 'The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client. Check the "%s" parameter.' ); /** @@ -131,33 +118,27 @@ maintenance of the server.', // Client ID if ( ! isset($authParams['client_id']) && ! isset($_GET['client_id'])) { - throw new OAuthServerClientException(sprintf( - $this->errors['invalid_request'], 'client_id'), 0); + throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0); } else { - $params['client_id'] = (isset($authParams['client_id'])) ? - $authParams['client_id'] : $_GET['client_id']; + $params['client_id'] = (isset($authParams['client_id'])) ? $authParams['client_id'] : $_GET['client_id']; } // Redirect URI - if ( ! isset($authParams['redirect_uri']) && - ! isset($_GET['redirect_uri'])) { + if ( ! isset($authParams['redirect_uri']) && ! isset($_GET['redirect_uri'])) { - throw new OAuthServerClientException(sprintf( - $this->errors['invalid_request'], 'redirect_uri'), 0); + throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'redirect_uri'), 0); } else { - $params['redirect_uri'] = (isset($authParams['redirect_uri'])) ? - $authParams['redirect_uri'] : $_GET['redirect_uri']; + $params['redirect_uri'] = (isset($authParams['redirect_uri'])) ? $authParams['redirect_uri'] : $_GET['redirect_uri']; } // Validate client ID and redirect URI - $clientDetails = $this->db->validateClient($params['client_id'], null, - $params['redirect_uri']); + $clientDetails = $this->db->validateClient($params['client_id'], null, $params['redirect_uri']); if ($clientDetails === false) { @@ -166,23 +147,18 @@ maintenance of the server.', } // Response type - if ( ! isset($authParams['response_type']) && - ! isset($_GET['response_type'])) { + if ( ! isset($authParams['response_type']) && ! isset($_GET['response_type'])) { - throw new OAuthServerClientException(sprintf( - $this->errors['invalid_request'], 'response_type'), 0); + throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'response_type'), 0); } else { - $params['response_type'] = (isset($authParams['response_type'])) ? - $authParams['response_type'] : $_GET['response_type']; + $params['response_type'] = (isset($authParams['response_type'])) ? $authParams['response_type'] : $_GET['response_type']; // Ensure response type is one that is recognised - if ( ! in_array($params['response_type'], - $this->response_types)) { + if ( ! in_array($params['response_type'], $this->response_types)) { - throw new OAuthServerClientException( - $this->errors['unsupported_response_type'], 3); + throw new OAuthServerClientException($this->errors['unsupported_response_type'], 3); } } @@ -208,8 +184,7 @@ maintenance of the server.', if (count($scopes) === 0) { - throw new OAuthServerClientException(sprintf( - $this->errors['invalid_request'], 'scope'), 0); + throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'scope'), 0); } $params['scopes'] = array(); @@ -220,8 +195,7 @@ maintenance of the server.', if ($scopeDetails === false) { - throw new OAuthServerClientException(sprintf( - $this->errors['invalid_scope'], $scope), 4); + throw new OAuthServerClientException(sprintf($this->errors['invalid_scope'], $scope), 4); } @@ -285,14 +259,7 @@ maintenance of the server.', * @param string $accessToken The access token (default = null) * @return string An authorisation code */ - private function newAuthCode( - $clientId, - $type = 'user', - $typeId, - $redirectUri, - $scopes = array(), - $accessToken = null - ) + private function newAuthCode($clientId, $type = 'user', $typeId, $redirectUri, $scopes = array(), $accessToken = null) { $authCode = $this->generateCode(); @@ -352,22 +319,18 @@ maintenance of the server.', $params = array(); // Grant type (must be 'authorization_code') - if ( ! isset($authParams['grant_type']) && - ! isset($_POST['grant_type'])) { + if ( ! isset($authParams['grant_type']) && ! isset($_POST['grant_type'])) { - throw new OAuthServerClientException(sprintf( - $this->errors['invalid_request'], 'grant_type'), 0); + throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'grant_type'), 0); } else { - $params['grant_type'] = (isset($authParams['grant_type'])) ? - $authParams['grant_type'] : $_POST['grant_type']; + $params['grant_type'] = (isset($authParams['grant_type'])) ? $authParams['grant_type'] : $_POST['grant_type']; // Ensure response type is one that is recognised if ( ! in_array($params['grant_type'], $this->grant_types)) { - throw new OAuthServerClientException( - $this->errors['unsupported_grant_type'], 7); + throw new OAuthServerClientException($this->errors['unsupported_grant_type'], 7); } } @@ -383,9 +346,7 @@ maintenance of the server.', case 'password': // Resource owner password credentials grant case 'client_credentials': // Client credentials grant default: // Unsupported - throw new OAuthServerException($this->errors['server_error'] . - 'Tried to process an unsuppported grant type.', - 5); + throw new OAuthServerException($this->errors['server_error'] . 'Tried to process an unsuppported grant type.', 5); break; } } @@ -404,81 +365,73 @@ maintenance of the server.', array()) { // Client ID - if ( ! isset($authParams['client_id']) && - ! isset($_POST['client_id'])) { + if ( ! isset($authParams['client_id']) && ! isset($_POST['client_id'])) { - throw new OAuthServerClientException(sprintf( - $this->errors['invalid_request'], 'client_id'), 0); + throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0); } else { - $params['client_id'] = (isset($authParams['client_id'])) ? - $authParams['client_id'] : $_POST['client_id']; + $params['client_id'] = (isset($authParams['client_id'])) ? $authParams['client_id'] : $_POST['client_id']; } // Client secret - if ( ! isset($authParams['client_secret']) && - ! isset($_POST['client_secret'])) { + if ( ! isset($authParams['client_secret']) && ! isset($_POST['client_secret'])) { - throw new OAuthServerClientException(sprintf( - $this->errors['invalid_request'], 'client_secret'), 0); + throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'client_secret'), 0); } else { - $params['client_secret'] = (isset($authParams['client_secret'])) ? - $authParams['client_secret'] : $_POST['client_secret']; + $params['client_secret'] = (isset($authParams['client_secret'])) ? $authParams['client_secret'] : $_POST['client_secret']; } // Redirect URI - if ( ! isset($authParams['redirect_uri']) && - ! isset($_POST['redirect_uri'])) { + if ( ! isset($authParams['redirect_uri']) && ! isset($_POST['redirect_uri'])) { - throw new OAuthServerClientException(sprintf( - $this->errors['invalid_request'], 'redirect_uri'), 0); + throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'redirect_uri'), 0); } else { - $params['redirect_uri'] = (isset($authParams['redirect_uri'])) ? - $authParams['redirect_uri'] : $_POST['redirect_uri']; + $params['redirect_uri'] = (isset($authParams['redirect_uri'])) ? $authParams['redirect_uri'] : $_POST['redirect_uri']; } // Validate client ID and redirect URI - $clientDetails = $this->db->validateClient($params['client_id'], - $params['client_secret'], - $params['redirect_uri']); + $clientDetails = $this->db->validateClient( + $params['client_id'], + $params['client_secret'], + $params['redirect_uri'] + ); if ($clientDetails === false) { - throw new OAuthServerClientException( - $this->errors['invalid_client'], 8); + throw new OAuthServerClientException($this->errors['invalid_client'], 8); } // The authorization code if ( ! isset($authParams['code']) && ! isset($_GET['code'])) { - throw new OAuthServerClientException(sprintf( - $this->errors['invalid_request'], 'code'), 0); + throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'code'), 0); } else { - $params['code'] = (isset($authParams['code'])) ? - $authParams['code'] : $_POST['code']; + $params['code'] = (isset($authParams['code'])) ? $authParams['code'] : $_POST['code']; } // Verify the authorization code matches the client_id and the // request_uri - $sessionId = $this->db->validateAuthCode($params['client_id'], - $params['request_uri'], $params['code']); + $sessionId = $this->db->validateAuthCode( + $params['client_id'], + $params['request_uri'], + $params['code'] + ); if ( ! $sessionId) { - throw new OAuthServerClientException(sprintf( - $this->errors['invalid_grant'], 'code'), 9); + throw new OAuthServerClientException(sprintf($this->errors['invalid_grant'], 'code'), 9); } else { @@ -487,14 +440,21 @@ maintenance of the server.', $accessToken = $this->generateCode(); - $accessTokenExpires = ($this->config['access_token_ttl'] === null) - ? null : time() + $this->config['access_token_ttl']; + $accessTokenExpires = ($this->config['access_token_ttl'] === null) ? null : time() + $this->config['access_token_ttl']; - $this->db->updateSession($sessionId, null, $accessToken, - $accessTokenExpires, 'granted'); + $this->db->updateSession( + $sessionId, + null, + $accessToken, + $accessTokenExpires, + 'granted' + ); // Update the session's scopes to reference the access token - $this->db->updateSessionScopeAccessToken($sessionId, $accessToken); + $this->db->updateSessionScopeAccessToken( + $sessionId, + $accessToken + ); return array( 'access_token' => $accessToken, @@ -513,8 +473,7 @@ maintenance of the server.', * * @return string The updated redirect URI */ - public function redirectUri($redirectUri, $params = array(), - $queryDelimeter = '?') + public function redirectUri($redirectUri, $params = array(), $queryDelimeter = '?') { if (strstr($redirectUri, $queryDelimeter)) { @@ -523,8 +482,7 @@ maintenance of the server.', } else { - $redirectUri = $redirectUri . $queryDelimeter . - http_build_query($params); + $redirectUri = $redirectUri . $queryDelimeter . http_build_query($params); } From 8c991b0c6117d3940309d4c84f18c47be6b14960 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 30 Jul 2012 12:08:53 +0100 Subject: [PATCH 137/199] Line length fix --- src/Oauth2/Authentication/Server.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/Oauth2/Authentication/Server.php b/src/Oauth2/Authentication/Server.php index 24e81191..125cb93a 100644 --- a/src/Oauth2/Authentication/Server.php +++ b/src/Oauth2/Authentication/Server.php @@ -361,8 +361,7 @@ class Server * * @return array Authorise request parameters */ - private function completeAuthCodeGrant($authParams = array(), $params = - array()) + private function completeAuthCodeGrant($authParams = array(), $params = array()) { // Client ID if ( ! isset($authParams['client_id']) && ! isset($_POST['client_id'])) { From ef928b19cfef64686222122edeadd6dcce7bc966 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 30 Jul 2012 12:10:13 +0100 Subject: [PATCH 138/199] Fixed HTTP method for getting `code` parameter --- src/Oauth2/Authentication/Server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Oauth2/Authentication/Server.php b/src/Oauth2/Authentication/Server.php index 125cb93a..a7b1ac9a 100644 --- a/src/Oauth2/Authentication/Server.php +++ b/src/Oauth2/Authentication/Server.php @@ -410,7 +410,7 @@ class Server // The authorization code if ( ! isset($authParams['code']) && - ! isset($_GET['code'])) { + ! isset($_POST['code'])) { throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'code'), 0); From 4abe7e7dda31bf471a772ad3ed10b0515b9dd1fd Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 30 Jul 2012 12:10:22 +0100 Subject: [PATCH 139/199] Spelling fix --- src/Oauth2/Authentication/Server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Oauth2/Authentication/Server.php b/src/Oauth2/Authentication/Server.php index a7b1ac9a..bb381c79 100644 --- a/src/Oauth2/Authentication/Server.php +++ b/src/Oauth2/Authentication/Server.php @@ -424,7 +424,7 @@ class Server // request_uri $sessionId = $this->db->validateAuthCode( $params['client_id'], - $params['request_uri'], + $params['redirect_uri'], $params['code'] ); From 2b9d1c0e67610eacb8e93ba3fce7e13113fc0958 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 30 Jul 2012 14:06:46 +0100 Subject: [PATCH 140/199] Variable reference fixes --- src/Oauth2/Authentication/Server.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Oauth2/Authentication/Server.php b/src/Oauth2/Authentication/Server.php index bb381c79..9a4bd3aa 100644 --- a/src/Oauth2/Authentication/Server.php +++ b/src/Oauth2/Authentication/Server.php @@ -422,13 +422,13 @@ class Server // Verify the authorization code matches the client_id and the // request_uri - $sessionId = $this->db->validateAuthCode( + $session = $this->db->validateAuthCode( $params['client_id'], $params['redirect_uri'], $params['code'] ); - if ( ! $sessionId) { + if ( ! $session) { throw new OAuthServerClientException(sprintf($this->errors['invalid_grant'], 'code'), 9); @@ -442,7 +442,7 @@ class Server $accessTokenExpires = ($this->config['access_token_ttl'] === null) ? null : time() + $this->config['access_token_ttl']; $this->db->updateSession( - $sessionId, + $session['id'], null, $accessToken, $accessTokenExpires, @@ -451,7 +451,7 @@ class Server // Update the session's scopes to reference the access token $this->db->updateSessionScopeAccessToken( - $sessionId, + $session['id'], $accessToken ); From 18ad2067a15fb761adece4ed489c9d51e33194a1 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Tue, 31 Jul 2012 15:52:02 +0100 Subject: [PATCH 141/199] SQL clarrification --- src/Oauth2/Authentication/Database.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Oauth2/Authentication/Database.php b/src/Oauth2/Authentication/Database.php index 755e7182..ede5942d 100644 --- a/src/Oauth2/Authentication/Database.php +++ b/src/Oauth2/Authentication/Database.php @@ -119,7 +119,7 @@ interface Database * Database query: * * - * SELECT * FROM oauth_sessions WHERE client_id = $clientID AND + * SELECT id FROM oauth_sessions WHERE client_id = $clientID AND * redirect_uri = $redirectUri AND auth_code = $authCode * * From 3f2f25a6a78e8c96814af4174d5a3559a78da9a2 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Tue, 31 Jul 2012 16:00:55 +0100 Subject: [PATCH 142/199] PSR2 wants a blank line at the end of the file --- src/Oauth2/Authentication/Database.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Oauth2/Authentication/Database.php b/src/Oauth2/Authentication/Database.php index ede5942d..ed526f89 100644 --- a/src/Oauth2/Authentication/Database.php +++ b/src/Oauth2/Authentication/Database.php @@ -317,4 +317,4 @@ interface Database * @return array */ public function accessTokenScopes($accessToken); -} \ No newline at end of file +} From f049997f5967b195fa26b0170cf5fe09ea90dfbb Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Tue, 31 Jul 2012 16:16:38 +0100 Subject: [PATCH 143/199] Various spacing fixes --- src/Oauth2/Authentication/Server.php | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/src/Oauth2/Authentication/Server.php b/src/Oauth2/Authentication/Server.php index 9a4bd3aa..d074c5ad 100644 --- a/src/Oauth2/Authentication/Server.php +++ b/src/Oauth2/Authentication/Server.php @@ -2,11 +2,20 @@ namespace Oauth2\Authentication; -class OAuthServerClientException extends \Exception {} +class OAuthServerClientException extends \Exception +{ -class OAuthServerUserException extends \Exception {} +} -class OAuthServerException extends \Exception {} +class OAuthServerUserException extends \Exception +{ + +} + +class OAuthServerException extends \Exception +{ + +} class Server { @@ -259,7 +268,7 @@ class Server * @param string $accessToken The access token (default = null) * @return string An authorisation code */ - private function newAuthCode($clientId, $type = 'user', $typeId, $redirectUri, $scopes = array(), $accessToken = null) + private function newAuthCode($clientId, $type, $typeId, $redirectUri, $scopes = array(), $accessToken = null) { $authCode = $this->generateCode(); @@ -488,5 +497,4 @@ class Server return $redirectUri; } - -} \ No newline at end of file +} From 5c463a69b85a45046ae274c7ee4e80b46daf4b71 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 1 Aug 2012 14:50:31 +0100 Subject: [PATCH 144/199] Little fixes --- src/Oauth2/Authentication/Server.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/Oauth2/Authentication/Server.php b/src/Oauth2/Authentication/Server.php index d074c5ad..a809bb08 100644 --- a/src/Oauth2/Authentication/Server.php +++ b/src/Oauth2/Authentication/Server.php @@ -327,7 +327,6 @@ class Server { $params = array(); - // Grant type (must be 'authorization_code') if ( ! isset($authParams['grant_type']) && ! isset($_POST['grant_type'])) { throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'grant_type'), 0); @@ -336,7 +335,7 @@ class Server $params['grant_type'] = (isset($authParams['grant_type'])) ? $authParams['grant_type'] : $_POST['grant_type']; - // Ensure response type is one that is recognised + // Ensure grant type is one that is recognised if ( ! in_array($params['grant_type'], $this->grant_types)) { throw new OAuthServerClientException($this->errors['unsupported_grant_type'], 7); @@ -349,7 +348,7 @@ class Server case 'authorization_code': // Authorization code grant return $this->completeAuthCodeGrant($authParams, $params); - break; + break; case 'refresh_token': // Refresh token case 'password': // Resource owner password credentials grant From 5ef85e53af4ab04579c839403bd35f4b8bd88159 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 1 Aug 2012 15:41:24 +0100 Subject: [PATCH 145/199] Removed old test file --- test/index.php | 84 -------------------------------------------------- 1 file changed, 84 deletions(-) delete mode 100644 test/index.php diff --git a/test/index.php b/test/index.php deleted file mode 100644 index 0ca23ac0..00000000 --- a/test/index.php +++ /dev/null @@ -1,84 +0,0 @@ - Date: Wed, 1 Aug 2012 15:41:41 +0100 Subject: [PATCH 146/199] Require PHPunit in dev composer mode --- composer.json | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/composer.json b/composer.json index f917cf1d..476135a6 100644 --- a/composer.json +++ b/composer.json @@ -5,7 +5,10 @@ "homepage": "https://github.com/lncd/OAuth2", "license": "MIT", "require": { - "php": ">=5.3.0" + "php": ">=5.3.0", + }, + "require-dev": { + "EHER/PHPUnit": "*" }, "repositories": [ { From 9935cc5d2119ff8544013a0333a804e09b7a8438 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 1 Aug 2012 15:44:03 +0100 Subject: [PATCH 147/199] JSON error fix --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 476135a6..cff35e42 100644 --- a/composer.json +++ b/composer.json @@ -5,7 +5,7 @@ "homepage": "https://github.com/lncd/OAuth2", "license": "MIT", "require": { - "php": ">=5.3.0", + "php": ">=5.3.0" }, "require-dev": { "EHER/PHPUnit": "*" From d0bb79bd7cd04247229373779eeb33a1149f3d57 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 1 Aug 2012 17:15:16 +0100 Subject: [PATCH 148/199] Added phpunit.xml --- tests/phpunit.xml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 tests/phpunit.xml diff --git a/tests/phpunit.xml b/tests/phpunit.xml new file mode 100644 index 00000000..d9d0d406 --- /dev/null +++ b/tests/phpunit.xml @@ -0,0 +1,21 @@ + + + + + ./authentication + + + + + PEAR_INSTALL_DIR + PHP_LIBDIR + + + \ No newline at end of file From 1409df6eb40b07ad33169777cd128b56f31c4bad Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 1 Aug 2012 17:15:29 +0100 Subject: [PATCH 149/199] Started adding tests for auth server --- tests/authentication/server_test.php | 37 ++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 tests/authentication/server_test.php diff --git a/tests/authentication/server_test.php b/tests/authentication/server_test.php new file mode 100644 index 00000000..f9d4df29 --- /dev/null +++ b/tests/authentication/server_test.php @@ -0,0 +1,37 @@ +oauth = new Oauth2\Authentication\Server(); + + //$this->oauth->registerDbAbstractor($this->oauthdb); + } + + function test_generateCode() + { + $reflector = new ReflectionClass($this->oauth); + $method = $reflector->getMethod('generateCode'); + $method->setAccessible(true); + + $result = $method->invoke($this->oauth); + $result2 = $method->invoke($this->oauth); + + $this->assertEquals(40, strlen($result)); + $this->assertNotEquals($result, $result2); + } + + function test_redirectUri() + { + $result1 = $this->oauth->redirectUri('http://example.com/foo'); + $result2 = $this->oauth->redirectUri('http://example.com/foo', array('foo' => 'bar')); + $result3 = $this->oauth->redirectUri('http://example.com/foo', array('foo' => 'bar'), '#'); + + $this->assertEquals('http://example.com/foo?', $result1); + $this->assertEquals('http://example.com/foo?foo=bar', $result2); + $this->assertEquals('http://example.com/foo#foo=bar', $result3); + } + + +} \ No newline at end of file From 0748ba379b830e4ca39b0c9fb94f8ba29bf3a8cb Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 1 Aug 2012 17:15:48 +0100 Subject: [PATCH 150/199] test executable --- test | 1 + 1 file changed, 1 insertion(+) create mode 100755 test diff --git a/test b/test new file mode 100755 index 00000000..f5147d16 --- /dev/null +++ b/test @@ -0,0 +1 @@ +vendor/bin/phpunit --coverage-text --configuration tests/phpunit.xml From b67a804e19e90b1c1dc1a5c6c72df7b5c131afd1 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 3 Aug 2012 16:13:23 +0100 Subject: [PATCH 151/199] Removed old test/index.php --- test/index.php | 84 -------------------------------------------------- 1 file changed, 84 deletions(-) delete mode 100644 test/index.php diff --git a/test/index.php b/test/index.php deleted file mode 100644 index 0ca23ac0..00000000 --- a/test/index.php +++ /dev/null @@ -1,84 +0,0 @@ - Date: Sat, 4 Aug 2012 09:11:39 +0100 Subject: [PATCH 152/199] Spacing fix --- src/Oauth2/Authentication/Server.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/Oauth2/Authentication/Server.php b/src/Oauth2/Authentication/Server.php index a809bb08..7a88b9c9 100644 --- a/src/Oauth2/Authentication/Server.php +++ b/src/Oauth2/Authentication/Server.php @@ -151,8 +151,7 @@ class Server if ($clientDetails === false) { - throw new OAuthServerClientException( - $this->errors['invalid_client'], 8); + throw new OAuthServerClientException($this->errors['invalid_client'], 8); } // Response type From c17cd7b1cc01f65bd7d9755d94f08af7e1cd0d29 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Sat, 4 Aug 2012 09:12:12 +0100 Subject: [PATCH 153/199] Fixed variable reference bug --- src/Oauth2/Authentication/Server.php | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/Oauth2/Authentication/Server.php b/src/Oauth2/Authentication/Server.php index 7a88b9c9..d5d7e764 100644 --- a/src/Oauth2/Authentication/Server.php +++ b/src/Oauth2/Authentication/Server.php @@ -174,10 +174,7 @@ class Server // Get and validate scopes if (isset($authParams['scope']) || isset($_GET['scope'])) { - $scopes = $_GET['scope']; - if (isset($authParams['client_id'])) { - $authParams['scope']; - } + $scopes = (isset($_GET['scope'])) ? $_GET['scope'] : $authParams['scope']; $scopes = explode($this->config['scope_delimeter'], $scopes); From a5f019ad19bc400ced6762a0efd85785a470f17c Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 6 Aug 2012 10:59:20 +0100 Subject: [PATCH 154/199] Call database methods via the dbcall() method --- src/Oauth2/Authentication/Server.php | 43 ++++++++++++++++++++-------- 1 file changed, 31 insertions(+), 12 deletions(-) diff --git a/src/Oauth2/Authentication/Server.php b/src/Oauth2/Authentication/Server.php index d5d7e764..67fc4e86 100644 --- a/src/Oauth2/Authentication/Server.php +++ b/src/Oauth2/Authentication/Server.php @@ -23,7 +23,7 @@ class Server * Reference to the database abstractor * @var object */ - private $db; + private $db = null; /** * Server configuration @@ -147,7 +147,7 @@ class Server } // Validate client ID and redirect URI - $clientDetails = $this->db->validateClient($params['client_id'], null, $params['redirect_uri']); + $clientDetails = $this->dbcall('validateClient', $params['client_id'], null, $params['redirect_uri']); if ($clientDetails === false) { @@ -196,7 +196,7 @@ class Server foreach ($scopes as $scope) { - $scopeDetails = $this->db->getScope($scope); + $scopeDetails = $this->dbcall('getScope', $scope); if ($scopeDetails === false) { @@ -223,7 +223,7 @@ class Server public function newAuthoriseRequest($type, $typeId, $authoriseParams) { // Remove any old sessions the user might have - $this->db->deleteSession( + $this->dbcall('deleteSession', $authoriseParams['client_id'], $type, $typeId @@ -272,7 +272,7 @@ class Server // new authorisation code otherwise create a new session if ($accessToken !== null) { - $this->db->updateSession( + $this->dbcall('updateSession', $clientId, $type, $typeId, @@ -284,10 +284,10 @@ class Server } else { // Delete any existing sessions just to be sure - $this->db->deleteSession($clientId, $type, $typeId); + $this->dbcall('deleteSession', $clientId, $type, $typeId); // Create a new session - $sessionId = $this->db->newSession( + $sessionId = $this->dbcall('newSession', $clientId, $redirectUri, $type, @@ -301,7 +301,7 @@ class Server // Add the scopes foreach ($scopes as $key => $scope) { - $this->db->addSessionScope($sessionId, $scope['scope']); + $this->dbcall('addSessionScope', $sessionId, $scope['scope']); } @@ -401,7 +401,7 @@ class Server } // Validate client ID and redirect URI - $clientDetails = $this->db->validateClient( + $clientDetails = $this->dbcall('validateClient', $params['client_id'], $params['client_secret'], $params['redirect_uri'] @@ -426,7 +426,7 @@ class Server // Verify the authorization code matches the client_id and the // request_uri - $session = $this->db->validateAuthCode( + $session = $this->dbcall('validateAuthCode', $params['client_id'], $params['redirect_uri'], $params['code'] @@ -445,7 +445,7 @@ class Server $accessTokenExpires = ($this->config['access_token_ttl'] === null) ? null : time() + $this->config['access_token_ttl']; - $this->db->updateSession( + $this->dbcall('updateSession', $session['id'], null, $accessToken, @@ -454,7 +454,7 @@ class Server ); // Update the session's scopes to reference the access token - $this->db->updateSessionScopeAccessToken( + $this->dbcall('updateSessionScopeAccessToken', $session['id'], $accessToken ); @@ -492,4 +492,23 @@ class Server return $redirectUri; } + + /** + * Call database methods from the abstractor + * + * @return mixed The query result + */ + private function dbcall() + { + if ($this->db === null) { + throw new OAuthServerException('No registered database abstractor'); + } + + $args = func_get_args(); + $method = $args[0]; + unset ($args[0]); + $params = $args; + + return call_user_func(array($this, $method), $args); + } } From 2e315fc257c584b5c11184afbab9f5cac65f54b6 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 6 Aug 2012 10:59:36 +0100 Subject: [PATCH 155/199] New tests --- tests/authentication/server_test.php | 74 ++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) diff --git a/tests/authentication/server_test.php b/tests/authentication/server_test.php index f9d4df29..afe69bbc 100644 --- a/tests/authentication/server_test.php +++ b/tests/authentication/server_test.php @@ -33,5 +33,79 @@ class Server_test extends PHPUnit_Framework_TestCase { $this->assertEquals('http://example.com/foo#foo=bar', $result3); } + function test_checkClientAuthoriseParams() + { + // Test without passing params + $_GET['client_id'] = 'test'; + $_GET['redirect_uri'] = 'http://example.com/test'; + $_GET['response_type'] = 'code'; + $_GET['scope'] = 'test'; + + $this->assertEquals(array( + 'client_id' => 'test', + 'redirect_uri' => 'http://example.com/test', + 'response_type' => 'code', + 'scopes' => array( + 'id' => 1, + 'scope' => 'test', + 'name' => 'test', + 'description' => 'test' + ) + ), $this->oauth->checkClientAuthoriseParams()); + + + // Test with passed params + unset($_GET['client_id']); + unset($_GET['redirect_uri']); + unset($_GET['response_type']); + unset($_GET['scope']); + + $params = array( + 'client_id' => 'test', + 'redirect_uri' => 'http://example.com/test', + 'response_type' => 'code', + 'scope' => 'test' + ); + + $this->assertEquals(array( + 'client_id' => 'test', + 'redirect_uri' => 'http://example.com/test', + 'response_type' => 'code', + 'scopes' => array(array( + 'id' => 1, + 'scope' => 'test', + 'name' => 'test', + 'description' => 'test' + )) + ), $this->oauth->checkClientAuthoriseParams($params)); + } + + function test_newAuthoriseRequest() + { + $result1 = $this->oauth->newAuthoriseRequest('user', '123', array( + 'client_id' => 'test', + 'redirect_uri' => 'http://example.com/test', + 'scopes' => array(array( + 'id' => 1, + 'scope' => 'test', + 'name' => 'test', + 'description' => 'test' + )) + )); + + $result2 = $this->oauth->newAuthoriseRequest('user', '123', array( + 'client_id' => 'test', + 'redirect_uri' => 'http://example.com/test', + 'scopes' => array(array( + 'id' => 1, + 'scope' => 'test', + 'name' => 'test', + 'description' => 'test' + )) + )); + + $this->assertEquals(40, strlen($result1)); + $this->assertNotEquals($result1, $result2); + } } \ No newline at end of file From 7ea3a045cd31b6880f4180e16b2260513f697bc8 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 6 Aug 2012 14:42:02 +0100 Subject: [PATCH 156/199] Moved the phpunit.xml config file to the build folder --- {tests => build}/phpunit.xml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) rename {tests => build}/phpunit.xml (54%) diff --git a/tests/phpunit.xml b/build/phpunit.xml similarity index 54% rename from tests/phpunit.xml rename to build/phpunit.xml index d9d0d406..8287497a 100644 --- a/tests/phpunit.xml +++ b/build/phpunit.xml @@ -9,7 +9,7 @@ stopOnSkipped="false"> - ./authentication + ../tests/authentication @@ -18,4 +18,12 @@ PHP_LIBDIR + + + + + \ No newline at end of file From 983c1faf0a61fc7ba0bd83c2bf61928628ba79a9 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 6 Aug 2012 14:42:18 +0100 Subject: [PATCH 157/199] Updated build.xml to run PHPUnit --- build.xml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/build.xml b/build.xml index 27bfda9f..5c481ea7 100644 --- a/build.xml +++ b/build.xml @@ -1,10 +1,10 @@ - + - + @@ -109,6 +109,13 @@ + + + + + + + From 95068c5176dae54fd49b565f0d1f2534d1f7e2f7 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 6 Aug 2012 14:42:58 +0100 Subject: [PATCH 158/199] Lots of fixes following errors found from unit tests --- src/Oauth2/Authentication/Server.php | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/Oauth2/Authentication/Server.php b/src/Oauth2/Authentication/Server.php index 67fc4e86..1e6ee1f5 100644 --- a/src/Oauth2/Authentication/Server.php +++ b/src/Oauth2/Authentication/Server.php @@ -197,7 +197,7 @@ class Server foreach ($scopes as $scope) { $scopeDetails = $this->dbcall('getScope', $scope); - + //die(var_dump($scopeDetails)); if ($scopeDetails === false) { throw new OAuthServerClientException(sprintf($this->errors['invalid_scope'], $scope), 4); @@ -504,11 +504,15 @@ class Server throw new OAuthServerException('No registered database abstractor'); } + if ( ! $this->db instanceof Database) { + throw new OAuthServerException('Registered database abstractor is not an instance of Oauth2\Authentication\Database'); + } + $args = func_get_args(); $method = $args[0]; - unset ($args[0]); - $params = $args; + unset($args[0]); + $params = array_values($args); - return call_user_func(array($this, $method), $args); + return call_user_func_array(array($this->db, $method), $args); } } From 770580556811fe93b2cf8dc55e14522811656099 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 6 Aug 2012 15:32:11 +0100 Subject: [PATCH 159/199] build sh tool location fix --- test | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test b/test index f5147d16..dae89d37 100755 --- a/test +++ b/test @@ -1 +1 @@ -vendor/bin/phpunit --coverage-text --configuration tests/phpunit.xml +vendor/bin/phpunit --coverage-text --configuration build/phpunit.xml From a9e816f336868e333b96c5ff2a5ecb7faaab2115 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 6 Aug 2012 15:32:25 +0100 Subject: [PATCH 160/199] Updated name of project and build location --- build/phpunit.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/build/phpunit.xml b/build/phpunit.xml index 8287497a..4181c278 100644 --- a/build/phpunit.xml +++ b/build/phpunit.xml @@ -19,11 +19,11 @@ - - - + \ No newline at end of file From 30ef11c1d78294bc0ee0d9e39c9db6660c306c94 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 6 Aug 2012 15:32:35 +0100 Subject: [PATCH 161/199] ALL OF THE TESTS! --- tests/authentication/database_mock.php | 191 +++++++++++++++++++++++++ tests/authentication/server_test.php | 76 ++++++++-- 2 files changed, 254 insertions(+), 13 deletions(-) create mode 100644 tests/authentication/database_mock.php diff --git a/tests/authentication/database_mock.php b/tests/authentication/database_mock.php new file mode 100644 index 00000000..955035ed --- /dev/null +++ b/tests/authentication/database_mock.php @@ -0,0 +1,191 @@ + array( + 'client_id' => 'test', + 'client_secret' => 'test', + 'redirect_uri' => 'http://example.com/test', + 'name' => 'Test Client' + )); + + private $scopes = array('test' => array( + 'id' => 1, + 'scope' => 'test', + 'name' => 'test', + 'description' => 'test' + )); + + public function validateClient( + $clientId, + $clientSecret = null, + $redirectUri = null + ) + { + if ($clientId !== $this->clients[0]['client_id']) + { + return false; + } + + if ($clientSecret !== null && $clientSecret !== $this->clients[0]['client_secret']) + { + return false; + } + + if ($redirectUri !== null && $redirectUri !== $this->clients[0]['redirect_uri']) + { + return false; + } + + return $this->clients[0]; + } + + public function newSession( + $clientId, + $redirectUri, + $type = 'user', + $typeId = null, + $authCode = null, + $accessToken = null, + $accessTokenExpire = null, + $stage = 'requested' + ) + { + $id = count($this->sessions); + + $this->sessions[$id] = array( + 'id' => $id, + 'client_id' => $clientId, + 'redirect_uri' => $redirectUri, + 'owner_type' => $type, + 'owner_id' => $typeId, + 'auth_code' => $authCode, + 'access_token' => $accessToken, + 'access_token_expire' => $accessTokenExpire, + 'stage' => $stage + ); + + $this->sessions_client_type_id[$clientId . ':' . $type . ':' . $typeId] = $id; + $this->sessions_code[$clientId . ':' . $redirectUri . ':' . $authCode] = $id; + + return true; + } + + public function updateSession( + $sessionId, + $authCode = null, + $accessToken = null, + $accessTokenExpire = null, + $stage = 'requested' + ) + { + $this->sessions[$sessionId]['auth_code'] = $authCode; + $this->sessions[$sessionId]['access_token'] = $accessToken; + $this->sessions[$sessionId]['access_token_expire'] = $accessTokenExpire; + $this->sessions[$sessionId]['stage'] = $stage; + + return true; + } + + public function deleteSession( + $clientId, + $type, + $typeId + ) + { + $key = $clientId . ':' . $type . ':' . $typeId; + if (isset($this->sessions_client_type_id[$key])) + { + unset($this->sessions[$this->sessions_client_type_id[$key]]); + } + return true; + } + + public function validateAuthCode( + $clientId, + $redirectUri, + $authCode + ) + { + $key = $clientId . ':' . $redirectUri . ':' . $authCode; + + if (isset($this->sessions_code[$key])) + { + return $this->sessions[$this->sessions_code[$key]]; + } + + return false; + } + + public function hasSession( + $type, + $typeId, + $clientId + ) + { + die('not implemented hasSession'); + } + + public function getAccessToken($sessionId) + { + die('not implemented getAccessToken'); + } + + public function removeAuthCode($sessionId) + { + die('not implemented removeAuthCode'); + } + + public function setAccessToken( + $sessionId, + $accessToken + ) + { + die('not implemented setAccessToken'); + } + + public function addSessionScope( + $sessionId, + $scope + ) + { + if ( ! isset($this->session_scopes[$sessionId])) + { + $this->session_scopes[$sessionId] = array(); + } + + $this->session_scopes[$sessionId][] = $scope; + + return true; + } + + public function getScope($scope) + { + if ( ! isset($this->scopes[$scope])) + { + return false; + } + + return $this->scopes[$scope]; + } + + public function updateSessionScopeAccessToken( + $sessionId, + $accessToken + ) + { + return true; + } + + public function accessTokenScopes($accessToken) + { + die('not implemented accessTokenScopes'); + } +} \ No newline at end of file diff --git a/tests/authentication/server_test.php b/tests/authentication/server_test.php index afe69bbc..b479bfb4 100644 --- a/tests/authentication/server_test.php +++ b/tests/authentication/server_test.php @@ -2,11 +2,13 @@ class Server_test extends PHPUnit_Framework_TestCase { - function __construct() + function setUp() { $this->oauth = new Oauth2\Authentication\Server(); - //$this->oauth->registerDbAbstractor($this->oauthdb); + require_once('database_mock.php'); + $this->oauthdb = new OAuthdb(); + $this->oauth->registerDbAbstractor($this->oauthdb); } function test_generateCode() @@ -33,28 +35,34 @@ class Server_test extends PHPUnit_Framework_TestCase { $this->assertEquals('http://example.com/foo#foo=bar', $result3); } - function test_checkClientAuthoriseParams() + function test_checkClientAuthoriseParams_GET() { - // Test without passing params $_GET['client_id'] = 'test'; $_GET['redirect_uri'] = 'http://example.com/test'; $_GET['response_type'] = 'code'; $_GET['scope'] = 'test'; - $this->assertEquals(array( + $expect = array( 'client_id' => 'test', 'redirect_uri' => 'http://example.com/test', 'response_type' => 'code', 'scopes' => array( - 'id' => 1, - 'scope' => 'test', - 'name' => 'test', - 'description' => 'test' + 0 => array( + 'id' => 1, + 'scope' => 'test', + 'name' => 'test', + 'description' => 'test' + ) ) - ), $this->oauth->checkClientAuthoriseParams()); + ); + $result = $this->oauth->checkClientAuthoriseParams(); - // Test with passed params + $this->assertEquals($expect, $result); + } + + function test_checkClientAuthoriseParams_PassedParams() + { unset($_GET['client_id']); unset($_GET['redirect_uri']); unset($_GET['response_type']); @@ -71,7 +79,7 @@ class Server_test extends PHPUnit_Framework_TestCase { 'client_id' => 'test', 'redirect_uri' => 'http://example.com/test', 'response_type' => 'code', - 'scopes' => array(array( + 'scopes' => array(0 => array( 'id' => 1, 'scope' => 'test', 'name' => 'test', @@ -81,6 +89,22 @@ class Server_test extends PHPUnit_Framework_TestCase { } function test_newAuthoriseRequest() + { + $result = $this->oauth->newAuthoriseRequest('user', '123', array( + 'client_id' => 'test', + 'redirect_uri' => 'http://example.com/test', + 'scopes' => array(array( + 'id' => 1, + 'scope' => 'test', + 'name' => 'test', + 'description' => 'test' + )) + )); + + $this->assertEquals(40, strlen($result)); + } + + function test_newAuthoriseRequest_isUnique() { $result1 = $this->oauth->newAuthoriseRequest('user', '123', array( 'client_id' => 'test', @@ -104,8 +128,34 @@ class Server_test extends PHPUnit_Framework_TestCase { )) )); - $this->assertEquals(40, strlen($result1)); $this->assertNotEquals($result1, $result2); } + function test_issueAccessToken_POST() + { + $auth_code = $this->oauth->newAuthoriseRequest('user', '123', array( + 'client_id' => 'test', + 'redirect_uri' => 'http://example.com/test', + 'scopes' => array(array( + 'id' => 1, + 'scope' => 'test', + 'name' => 'test', + 'description' => 'test' + )) + )); + + $_POST['client_id'] = 'test'; + $_POST['client_secret'] = 'test'; + $_POST['redirect_uri'] = 'http://example.com/test'; + $_POST['grant_type'] = 'authorization_code'; + $_POST['code'] = $auth_code; + + $result = $this->oauth->issueAccessToken(); + + $this->assertCount(3, $result); + $this->assertArrayHasKey('access_token', $result); + $this->assertArrayHasKey('token_type', $result); + $this->assertArrayHasKey('expires_in', $result); + } + } \ No newline at end of file From 7c7dfec4c45b804c545a61ac6cee76c95bd4bbcd Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 6 Aug 2012 15:48:33 +0100 Subject: [PATCH 162/199] Execute the local phpunit --- build.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.xml b/build.xml index 5c481ea7..e79d1880 100644 --- a/build.xml +++ b/build.xml @@ -111,7 +111,7 @@ - + From 9aa8f86f3ada2a7fe6036d4d1bafb846a04b9561 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 6 Aug 2012 15:53:10 +0100 Subject: [PATCH 163/199] Remove the composer.lock file and the vendor folder --- build.xml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/build.xml b/build.xml index e79d1880..6b21e56c 100644 --- a/build.xml +++ b/build.xml @@ -25,6 +25,8 @@ + + From 095ea72b627af7a7e97a0d14970763e9f85c6c09 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 6 Aug 2012 15:57:57 +0100 Subject: [PATCH 164/199] Added composer install --- build.xml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/build.xml b/build.xml index 6b21e56c..675bc5e5 100644 --- a/build.xml +++ b/build.xml @@ -1,10 +1,11 @@ - + + - + @@ -112,6 +113,13 @@ + + + + + + + From 1a925788e61d7672f9d16fc5d64ff35705d25887 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 6 Aug 2012 16:06:03 +0100 Subject: [PATCH 165/199] Fix for phpunit log paths --- build/phpunit.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build/phpunit.xml b/build/phpunit.xml index 4181c278..68a07022 100644 --- a/build/phpunit.xml +++ b/build/phpunit.xml @@ -22,8 +22,8 @@ - - + \ No newline at end of file From d743412cf7b85095a2ad4dccc142de3331c3d6ec Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 6 Aug 2012 16:10:22 +0100 Subject: [PATCH 166/199] Trying to get phpunit to log somewhere sensible --- build/phpunit.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build/phpunit.xml b/build/phpunit.xml index 68a07022..4181c278 100644 --- a/build/phpunit.xml +++ b/build/phpunit.xml @@ -22,8 +22,8 @@ - - + \ No newline at end of file From 176c678c23879f039e4bcf5e035a1b92adf6f5fa Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 6 Aug 2012 16:13:27 +0100 Subject: [PATCH 167/199] Don't remove composer.json and vendor dir --- build.xml | 2 -- 1 file changed, 2 deletions(-) diff --git a/build.xml b/build.xml index 675bc5e5..8008f502 100644 --- a/build.xml +++ b/build.xml @@ -26,8 +26,6 @@ - - From 8720de48de790695f3c867d2e0a0068131e35d84 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Tue, 14 Aug 2012 15:44:25 +0100 Subject: [PATCH 168/199] Initial update with some PSR-* changes --- src/Oauth2/Resource/Server.php | 206 +++++++++++++++++++++++++++++++++ 1 file changed, 206 insertions(+) diff --git a/src/Oauth2/Resource/Server.php b/src/Oauth2/Resource/Server.php index 15d62fa1..bd6a8984 100644 --- a/src/Oauth2/Resource/Server.php +++ b/src/Oauth2/Resource/Server.php @@ -2,7 +2,213 @@ namespace Oauth2\Resource; +class OAuthResourceServerException extends \Exception +{ + +} + class Server { + /** + * The access token. + * @access private + */ + private $_accessToken = NULL; + + /** + * The scopes the access token has access to. + * @access private + */ + private $_scopes = array(); + + /** + * The type of owner of the access token. + * @access private + */ + private $_type = NULL; + + /** + * The ID of the owner of the access token. + * @access private + */ + private $_typeId = NULL; + + /** + * Server configuration + * @var array + */ + private $config = array( + 'token_key' => 'oauth_token' + ); + + /** + * Constructor + * + * @access public + * @return void + */ + public function __construct($options = null) + { + if ($options !== null) { + $this->config = array_merge($this->config, $options); + } + } + + /** + * Magic method to test if access token represents a particular owner type + * @param [type] $method [description] + * @param [type] $arguements [description] + * @return [type] [description] + */ + public function __call($method, $arguements) + { + if (substr($method, 0, 2) === 'is') + { + if ($this->_type === strtolower(substr($method, 2))) + { + return $this->_typeId; + } + + return false; + } + } + + /** + * Register a database abstrator class + * + * @access public + * @param object $db A class that implements OAuth2ServerDatabase + * @return void + */ + public function registerDbAbstractor($db) + { + $this->db = $db; + } + /** + * Init function + * + * @access public + * @return void + */ + public function init() + { + $accessToken = null; + + // Try and get the access token via an access_token or oauth_token parameter + switch ($server['REQUEST_METHOD']) + { + case 'POST': + $accessToken = isset($_POST[$this->config['token_key']]) ? $_POST[$this->config['token_key']] : null; + break; + + default: + $accessToken = isset($_GET[$this->config['token_key']]) ? $_GET[$this->config['token_key']] : null; + break; + } + + // Try and get an access token from the auth header + $headers = getallheaders(); + if (isset($headers['Authorization'])) + { + $rawToken = trim(str_replace('Bearer', '', $headers['Authorization'])); + if ( ! empty($rawToken)) + { + $accessToken = base64_decode($rawToken); + } + } + + if ($accessToken) + { + $sessionQuery = $this->ci->db->get_where('oauth_sessions', array('access_token' => $accessToken, 'stage' => 'granted')); + + if ($session_query->num_rows() === 1) + { + $session = $session_query->row(); + $this->_accessToken = $session->access_token; + $this->_type = $session->type; + $this->_typeId = $session->type_id; + + $scopes_query = $this->ci->db->get_where('oauth_session_scopes', array('access_token' => $accessToken)); + if ($scopes_query->num_rows() > 0) + { + foreach ($scopes_query->result() as $scope) + { + $this->_scopes[] = $scope->scope; + } + } + } + + else + { + $this->ci->output->set_status_header(403); + $this->ci->output->set_output('Invalid access token'); + } + } + + else + { + $this->ci->output->set_status_header(403); + $this->ci->output->set_output('Missing access token'); + } + } + + /** + * Test if the access token has a specific scope + * + * @param mixed $scopes Scope(s) to check + * + * @access public + * @return string|bool + */ + public function hasScope($scopes) + { + if (is_string($scopes)) + { + if (in_array($scopes, $this->_scopes)) + { + return true; + } + + return false; + } + + elseif (is_array($scopes)) + { + foreach ($scopes as $scope) + { + if ( ! in_array($scope, $this->_scopes)) + { + return false; + } + } + + return true; + } + + return false; + } + + /** + * Call database methods from the abstractor + * + * @return mixed The query result + */ + private function dbcall() + { + if ($this->db === null) { + throw new OAuthResourceServerException('No registered database abstractor'); + } + + if ( ! $this->db instanceof Database) { + throw new OAuthResourceServerException('Registered database abstractor is not an instance of Oauth2\Resource\Database'); + } + + $args = func_get_args(); + $method = $args[0]; + unset($args[0]); + $params = array_values($args); + + return call_user_func_array(array($this->db, $method), $args); + } } \ No newline at end of file From 77ce18df56dc5896bad64cf26fc14fbc27e20d73 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Tue, 14 Aug 2012 15:46:58 +0100 Subject: [PATCH 169/199] Added the resource server database interface --- src/Oauth2/Resource/Database.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/Oauth2/Resource/Database.php b/src/Oauth2/Resource/Database.php index c39bb471..a6ff8a2a 100644 --- a/src/Oauth2/Resource/Database.php +++ b/src/Oauth2/Resource/Database.php @@ -4,4 +4,7 @@ namespace Oauth2\Resource; interface Database { + public function validateAccessToken($accessToken); + + public function sessionScopes($sessionId); } \ No newline at end of file From e859f435a17ad6db7cb9fb8823417510f7d29a16 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Tue, 14 Aug 2012 16:28:40 +0100 Subject: [PATCH 170/199] Added docblocks for the database interface --- src/Oauth2/Resource/Database.php | 51 +++++++++++++++++++++++++++++++- 1 file changed, 50 insertions(+), 1 deletion(-) diff --git a/src/Oauth2/Resource/Database.php b/src/Oauth2/Resource/Database.php index a6ff8a2a..ac91bfa9 100644 --- a/src/Oauth2/Resource/Database.php +++ b/src/Oauth2/Resource/Database.php @@ -4,7 +4,56 @@ namespace Oauth2\Resource; interface Database { + /** + * Validate an access token and return the session details. + * + * Database query: + * + * + * SELECT id, owner_type, owner_id FROM oauth_sessions WHERE access_token = + * $accessToken AND stage = 'granted' AND + * access_token_expires > UNIX_TIMESTAMP(now()) + * + * + * Response: + * + * + * Array + * ( + * [id] => (int) The session ID + * [owner_type] => (string) The session owner type + * [owner_id] => (string) The session owner's ID + * ) + * + * + * @param string $accessToken The access token + * @return array|bool Return an array on success or false on failure + */ public function validateAccessToken($accessToken); - + + /** + * Returns the scopes that the session is authorised with. + * + * Database query: + * + * + * SELECT scope FROM oauth_session_scopes WHERE access_token = + * '291dca1c74900f5f252de351e0105aa3fc91b90b' + * + * + * Response: + * + * + * Array + * ( + * [0] => (string) A scope + * [1] => (string) Another scope + * ... + * ) + * + * + * @param int $sessionId The session ID + * @return array A list of scopes + */ public function sessionScopes($sessionId); } \ No newline at end of file From 519d20f0a51b09fd009d579fb54b1696bee19ae8 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Tue, 14 Aug 2012 16:34:43 +0100 Subject: [PATCH 171/199] Changed indent to spaces --- src/Oauth2/Resource/Database.php | 80 ++++++++++++++++---------------- 1 file changed, 40 insertions(+), 40 deletions(-) diff --git a/src/Oauth2/Resource/Database.php b/src/Oauth2/Resource/Database.php index ac91bfa9..9c5d1b44 100644 --- a/src/Oauth2/Resource/Database.php +++ b/src/Oauth2/Resource/Database.php @@ -4,16 +4,16 @@ namespace Oauth2\Resource; interface Database { - /** - * Validate an access token and return the session details. - * - * Database query: - * - * - * SELECT id, owner_type, owner_id FROM oauth_sessions WHERE access_token = - * $accessToken AND stage = 'granted' AND - * access_token_expires > UNIX_TIMESTAMP(now()) - * + /** + * Validate an access token and return the session details. + * + * Database query: + * + * + * SELECT id, owner_type, owner_id FROM oauth_sessions WHERE access_token = + * $accessToken AND stage = 'granted' AND + * access_token_expires > UNIX_TIMESTAMP(now()) + * * * Response: * @@ -25,35 +25,35 @@ interface Database * [owner_id] => (string) The session owner's ID * ) * - * - * @param string $accessToken The access token - * @return array|bool Return an array on success or false on failure - */ - public function validateAccessToken($accessToken); + * + * @param string $accessToken The access token + * @return array|bool Return an array on success or false on failure + */ + public function validateAccessToken($accessToken); - /** - * Returns the scopes that the session is authorised with. - * - * Database query: - * - * - * SELECT scope FROM oauth_session_scopes WHERE access_token = - * '291dca1c74900f5f252de351e0105aa3fc91b90b' - * - * - * Response: - * - * - * Array - * ( - * [0] => (string) A scope - * [1] => (string) Another scope - * ... - * ) - * - * - * @param int $sessionId The session ID - * @return array A list of scopes - */ - public function sessionScopes($sessionId); + /** + * Returns the scopes that the session is authorised with. + * + * Database query: + * + * + * SELECT scope FROM oauth_session_scopes WHERE access_token = + * '291dca1c74900f5f252de351e0105aa3fc91b90b' + * + * + * Response: + * + * + * Array + * ( + * [0] => (string) A scope + * [1] => (string) Another scope + * ... + * ) + * + * + * @param int $sessionId The session ID + * @return array A list of scopes + */ + public function sessionScopes($sessionId); } \ No newline at end of file From ed3238b862b16e5d3b83a236581cd651530ccdd9 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 20 Aug 2012 14:19:33 +0100 Subject: [PATCH 172/199] Fixed constance letter casing --- src/Oauth2/Resource/Server.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Oauth2/Resource/Server.php b/src/Oauth2/Resource/Server.php index bd6a8984..89c2e0c6 100644 --- a/src/Oauth2/Resource/Server.php +++ b/src/Oauth2/Resource/Server.php @@ -13,7 +13,7 @@ class Server * The access token. * @access private */ - private $_accessToken = NULL; + private $_accessToken = null; /** * The scopes the access token has access to. @@ -25,13 +25,13 @@ class Server * The type of owner of the access token. * @access private */ - private $_type = NULL; + private $_type = null; /** * The ID of the owner of the access token. * @access private */ - private $_typeId = NULL; + private $_typeId = null; /** * Server configuration From 6fdb6177bcdc9cfd81a43217ebc07608f5b0010c Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 20 Aug 2012 15:09:33 +0100 Subject: [PATCH 173/199] Lots of fixes --- src/Oauth2/Resource/Server.php | 100 ++++++++++++++++++--------------- 1 file changed, 55 insertions(+), 45 deletions(-) diff --git a/src/Oauth2/Resource/Server.php b/src/Oauth2/Resource/Server.php index 89c2e0c6..b9c6ca42 100644 --- a/src/Oauth2/Resource/Server.php +++ b/src/Oauth2/Resource/Server.php @@ -9,6 +9,12 @@ class OAuthResourceServerException extends \Exception class Server { + /** + * Reference to the database abstractor + * @var object + */ + private $_db = null; + /** * The access token. * @access private @@ -37,10 +43,22 @@ class Server * Server configuration * @var array */ - private $config = array( + private $_config = array( 'token_key' => 'oauth_token' ); + /** + * Error codes. + * + * To provide i8ln errors just overwrite the keys + * + * @var array + */ + public $errors = array( + 'missing_access_token' => 'An access token was not presented with the request', + 'invalid_access_token' => 'The access token is not registered with the resource server' + ); + /** * Constructor * @@ -56,21 +74,22 @@ class Server /** * Magic method to test if access token represents a particular owner type - * @param [type] $method [description] - * @param [type] $arguements [description] - * @return [type] [description] + * @param string $method The method name + * @param mixed $arguements The method arguements + * @return bool If method is valid, and access token is owned by the requested party then true, */ - public function __call($method, $arguements) + public function __call($method, $arguements = null) { - if (substr($method, 0, 2) === 'is') - { - if ($this->_type === strtolower(substr($method, 2))) - { + if (substr($method, 0, 2) === 'is') { + + if ($this->_type === strtolower(substr($method, 2))) { return $this->_typeId; } return false; } + + trigger_error('Call to undefined function ' . $method . '()'); } /** @@ -82,7 +101,7 @@ class Server */ public function registerDbAbstractor($db) { - $this->db = $db; + $this->_db = $db; } /** @@ -99,18 +118,18 @@ class Server switch ($server['REQUEST_METHOD']) { case 'POST': - $accessToken = isset($_POST[$this->config['token_key']]) ? $_POST[$this->config['token_key']] : null; + $accessToken = isset($_POST[$this->_config['token_key']]) ? $_POST[$this->_config['token_key']] : null; break; default: - $accessToken = isset($_GET[$this->config['token_key']]) ? $_GET[$this->config['token_key']] : null; + $accessToken = isset($_GET[$this->_config['token_key']]) ? $_GET[$this->_config['token_key']] : null; break; } // Try and get an access token from the auth header $headers = getallheaders(); - if (isset($headers['Authorization'])) - { + if (isset($headers['Authorization'])) { + $rawToken = trim(str_replace('Bearer', '', $headers['Authorization'])); if ( ! empty($rawToken)) { @@ -118,38 +137,29 @@ class Server } } - if ($accessToken) - { - $sessionQuery = $this->ci->db->get_where('oauth_sessions', array('access_token' => $accessToken, 'stage' => 'granted')); - - if ($session_query->num_rows() === 1) + if ($accessToken) { + + $result = $this->_dbCall('validateAccessToken', array($accessToken)); + + if ($result === false) { - $session = $session_query->row(); - $this->_accessToken = $session->access_token; - $this->_type = $session->type; - $this->_typeId = $session->type_id; - - $scopes_query = $this->ci->db->get_where('oauth_session_scopes', array('access_token' => $accessToken)); - if ($scopes_query->num_rows() > 0) - { - foreach ($scopes_query->result() as $scope) - { - $this->_scopes[] = $scope->scope; - } - } + throw new OAuthResourceServerException($this->errors['invalid_access_token']); } - + else { - $this->ci->output->set_status_header(403); - $this->ci->output->set_output('Invalid access token'); + $this->_accessToken = $accessToken; + $this->_type = $result['owner_type']; + $this->_typeId = $result['owner_id']; + + // Get the scopes + $this->_scopes = $this->_dbCall('sessionScopes', array($result['id'])); } - } - - else - { - $this->ci->output->set_status_header(403); - $this->ci->output->set_output('Missing access token'); + + } else { + + throw new OAuthResourceServerException($this->errors['missing_access_token']); + } } @@ -194,13 +204,13 @@ class Server * * @return mixed The query result */ - private function dbcall() + private function _dbCall() { - if ($this->db === null) { + if ($this->_db === null) { throw new OAuthResourceServerException('No registered database abstractor'); } - if ( ! $this->db instanceof Database) { + if ( ! $this->_db instanceof Database) { throw new OAuthResourceServerException('Registered database abstractor is not an instance of Oauth2\Resource\Database'); } @@ -209,6 +219,6 @@ class Server unset($args[0]); $params = array_values($args); - return call_user_func_array(array($this->db, $method), $args); + return call_user_func_array(array($this->_db, $method), $args); } } \ No newline at end of file From 326e96cc1787a724015d3f65750d923e80af964d Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 20 Aug 2012 15:49:57 +0100 Subject: [PATCH 174/199] Bug fix in dbcall --- src/Oauth2/Authentication/Server.php | 2 +- src/Oauth2/Resource/Server.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Oauth2/Authentication/Server.php b/src/Oauth2/Authentication/Server.php index 1e6ee1f5..733b51e3 100644 --- a/src/Oauth2/Authentication/Server.php +++ b/src/Oauth2/Authentication/Server.php @@ -513,6 +513,6 @@ class Server unset($args[0]); $params = array_values($args); - return call_user_func_array(array($this->db, $method), $args); + return call_user_func_array(array($this->db, $method), $params); } } diff --git a/src/Oauth2/Resource/Server.php b/src/Oauth2/Resource/Server.php index b9c6ca42..ab4626c3 100644 --- a/src/Oauth2/Resource/Server.php +++ b/src/Oauth2/Resource/Server.php @@ -219,6 +219,6 @@ class Server unset($args[0]); $params = array_values($args); - return call_user_func_array(array($this->_db, $method), $args); + return call_user_func_array(array($this->_db, $method), $params); } } \ No newline at end of file From 78424ce100dfe7c07c6d9c9951f642154ebbbce3 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Thu, 23 Aug 2012 12:21:59 +0100 Subject: [PATCH 175/199] Added resource server test suite --- build/phpunit.xml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/build/phpunit.xml b/build/phpunit.xml index 4181c278..3a5b9f99 100644 --- a/build/phpunit.xml +++ b/build/phpunit.xml @@ -8,9 +8,12 @@ stopOnIncomplete="false" stopOnSkipped="false"> - + ../tests/authentication + + ../tests/resource + @@ -19,11 +22,8 @@ - + - + \ No newline at end of file From 66ee8df5b178b19fae1fc287463e415fec5faf78 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Thu, 23 Aug 2012 12:22:16 +0100 Subject: [PATCH 176/199] Added database mock for resource tests --- tests/resource/database_mock.php | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 tests/resource/database_mock.php diff --git a/tests/resource/database_mock.php b/tests/resource/database_mock.php new file mode 100644 index 00000000..15f9dc28 --- /dev/null +++ b/tests/resource/database_mock.php @@ -0,0 +1,29 @@ + array( + 'id' => 1, + 'owner_type' => 'user', + 'owner_id' => 123 + )); + + private $sessionScopes = array( + 1 => array( + 'foo', + 'bar' + ) + ); + + public function validateAccessToken($accessToken) + { + return (isset($this->accessTokens[$accessToken])) ? $this->accessTokens[$accessToken] : false; + } + + public function sessionScopes($sessionId) + { + return (isset($this->sessionScopes[$sessionId])) ? $this->sessionScopes[$sessionId] : array(); + } +} \ No newline at end of file From 81a7322933001ee45d4525f301dabf5787a894c9 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Thu, 23 Aug 2012 12:22:39 +0100 Subject: [PATCH 177/199] Started resource server unit tests TODO: authentication header test --- tests/resource/server_test.php | 77 ++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 tests/resource/server_test.php diff --git a/tests/resource/server_test.php b/tests/resource/server_test.php new file mode 100644 index 00000000..1d91536e --- /dev/null +++ b/tests/resource/server_test.php @@ -0,0 +1,77 @@ +server = new Oauth2\Resource\Server(); + $this->db = new ResourceDB(); + + $this->server->registerDbAbstractor($this->db); + } + + function test_init_POST() + { + $_POST['oauth_token'] = 'test12345'; + + $this->server->init(); + + $this->assertEquals($this->server->_accessToken, $_POST['oauth_token']); + $this->assertEquals($this->server->_type, 'user'); + $this->assertEquals($this->server->_typeId, 123); + $this->assertEquals($this->server->_scopes, array('foo', 'bar')); + } + + function test_init_GET() + { + $_GET['oauth_token'] = 'test12345'; + + $this->server->init(); + + $this->assertEquals($this->server->_accessToken, $_GET['oauth_token']); + $this->assertEquals($this->server->_type, 'user'); + $this->assertEquals($this->server->_typeId, 123); + $this->assertEquals($this->server->_scopes, array('foo', 'bar')); + } + + function test_init_header() + { + // Test with authorisation header + } + + /** + * @exception OAuthResourceServerException + */ + function test_init_wrongToken() + { + $_POST['access_token'] = 'test12345'; + + $this->server->init(); + } + + function test_hasScope() + { + $_POST['oauth_token'] = 'test12345'; + + $this->server->init(); + + $this->assertEquals(true, $this->server->hasScope('foo')); + $this->assertEquals(true, $this->server->hasScope('bar')); + $this->assertEquals(true, $this->server->hasScope(array('foo', 'bar'))); + + $this->assertEquals(false, $this->server->hasScope('foobar')); + $this->assertEquals(false, $this->server->hasScope(array('foobar'))); + } + + function test___call() + { + $_POST['oauth_token'] = 'test12345'; + + $this->server->init(); + + $this->assertEquals(123, $this->server->isUser()); + $this->assertEquals(false, $this->server->isMachine()); + } + +} \ No newline at end of file From f53f6ca6097e08ae48df5ed20cad1903c8d57952 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 24 Aug 2012 12:19:31 +0100 Subject: [PATCH 178/199] Added .gitignore --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..94d6d75a --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +/vendor/ +/composer.lock \ No newline at end of file From 2c3e8427027661f0c542eb589839b26bea9bdd85 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 24 Aug 2012 12:21:11 +0100 Subject: [PATCH 179/199] Updated .gitignore --- .gitignore | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 94d6d75a..de1a9ba2 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ /vendor/ -/composer.lock \ No newline at end of file +/composer.lock +/docs/build/ \ No newline at end of file From 829735aeebf5e08d6586f487e0da6ea46ebe3ea3 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 24 Aug 2012 12:23:04 +0100 Subject: [PATCH 180/199] Update .gitignore --- .gitignore | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index de1a9ba2..308d8954 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ /vendor/ /composer.lock -/docs/build/ \ No newline at end of file +/docs/build/ +/build/logs/ \ No newline at end of file From b987c71820dd0227ee04a3caa0dd3ba91abdf932 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 24 Aug 2012 12:23:16 +0100 Subject: [PATCH 181/199] Renamed test classes --- tests/authentication/server_test.php | 2 +- tests/resource/server_test.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/authentication/server_test.php b/tests/authentication/server_test.php index b479bfb4..87842d03 100644 --- a/tests/authentication/server_test.php +++ b/tests/authentication/server_test.php @@ -1,6 +1,6 @@ Date: Fri, 24 Aug 2012 12:24:55 +0100 Subject: [PATCH 182/199] Corrected namespace --- tests/resource/database_mock.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/resource/database_mock.php b/tests/resource/database_mock.php index 15f9dc28..bf050561 100644 --- a/tests/resource/database_mock.php +++ b/tests/resource/database_mock.php @@ -1,6 +1,6 @@ Date: Fri, 24 Aug 2012 12:25:31 +0100 Subject: [PATCH 183/199] Wrapped getallheaders() method in function_exists (function isn't available on command line) --- src/Oauth2/Resource/Server.php | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/src/Oauth2/Resource/Server.php b/src/Oauth2/Resource/Server.php index ab4626c3..46982a86 100644 --- a/src/Oauth2/Resource/Server.php +++ b/src/Oauth2/Resource/Server.php @@ -127,13 +127,15 @@ class Server } // Try and get an access token from the auth header - $headers = getallheaders(); - if (isset($headers['Authorization'])) { + if (function_exists('getallheaders')) { + $headers = getallheaders(); + if (isset($headers['Authorization'])) { - $rawToken = trim(str_replace('Bearer', '', $headers['Authorization'])); - if ( ! empty($rawToken)) - { - $accessToken = base64_decode($rawToken); + $rawToken = trim(str_replace('Bearer', '', $headers['Authorization'])); + if ( ! empty($rawToken)) + { + $accessToken = base64_decode($rawToken); + } } } From 9e0115732447e3b6a9232afa9015608e89081d48 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 24 Aug 2012 12:26:13 +0100 Subject: [PATCH 184/199] Updated .gitignore --- .gitignore | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 308d8954..044880fd 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ /vendor/ /composer.lock /docs/build/ -/build/logs/ \ No newline at end of file +/build/logs/ +/build/coverage/ \ No newline at end of file From 00562858f9d3d878c14638a0ba35fc609c50f7c1 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 27 Aug 2012 14:23:26 +0100 Subject: [PATCH 185/199] Excluded Composer autoload --- build/phpunit.xml | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/build/phpunit.xml b/build/phpunit.xml index 3a5b9f99..e74535da 100644 --- a/build/phpunit.xml +++ b/build/phpunit.xml @@ -1,12 +1,5 @@ - + ../tests/authentication @@ -15,15 +8,16 @@ ../tests/resource - + PEAR_INSTALL_DIR PHP_LIBDIR + ../vendor/composer - + - - - + + + \ No newline at end of file From 3e7b471e757383d9120aed0d6b9e92f1ad9ec14d Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 27 Aug 2012 14:23:50 +0100 Subject: [PATCH 186/199] Lots of beautiful tests --- tests/resource/server_test.php | 58 ++++++++++++++++++++++++++++------ 1 file changed, 48 insertions(+), 10 deletions(-) diff --git a/tests/resource/server_test.php b/tests/resource/server_test.php index 2414cc90..07dca58f 100644 --- a/tests/resource/server_test.php +++ b/tests/resource/server_test.php @@ -13,14 +13,29 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase { function test_init_POST() { + $_SERVER['REQUEST_METHOD'] = 'POST'; $_POST['oauth_token'] = 'test12345'; $this->server->init(); - $this->assertEquals($this->server->_accessToken, $_POST['oauth_token']); - $this->assertEquals($this->server->_type, 'user'); - $this->assertEquals($this->server->_typeId, 123); - $this->assertEquals($this->server->_scopes, array('foo', 'bar')); + $reflector = new ReflectionClass($this->server); + + $_accessToken = $reflector->getProperty('_accessToken'); + $_accessToken->setAccessible(true); + + $_type = $reflector->getProperty('_type'); + $_type->setAccessible(true); + + $_typeId = $reflector->getProperty('_typeId'); + $_typeId->setAccessible(true); + + $_scopes = $reflector->getProperty('_scopes'); + $_scopes->setAccessible(true); + + $this->assertEquals($_accessToken->getValue($this->server), $_POST['oauth_token']); + $this->assertEquals($_type->getValue($this->server), 'user'); + $this->assertEquals($_typeId->getValue($this->server), 123); + $this->assertEquals($_scopes->getValue($this->server), array('foo', 'bar')); } function test_init_GET() @@ -29,23 +44,44 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase { $this->server->init(); - $this->assertEquals($this->server->_accessToken, $_GET['oauth_token']); - $this->assertEquals($this->server->_type, 'user'); - $this->assertEquals($this->server->_typeId, 123); - $this->assertEquals($this->server->_scopes, array('foo', 'bar')); + $reflector = new ReflectionClass($this->server); + + $_accessToken = $reflector->getProperty('_accessToken'); + $_accessToken->setAccessible(true); + + $_type = $reflector->getProperty('_type'); + $_type->setAccessible(true); + + $_typeId = $reflector->getProperty('_typeId'); + $_typeId->setAccessible(true); + + $_scopes = $reflector->getProperty('_scopes'); + $_scopes->setAccessible(true); + + $this->assertEquals($_accessToken->getValue($this->server), $_GET['oauth_token']); + $this->assertEquals($_type->getValue($this->server), 'user'); + $this->assertEquals($_typeId->getValue($this->server), 123); + $this->assertEquals($_scopes->getValue($this->server), array('foo', 'bar')); } function test_init_header() { // Test with authorisation header + //$this->markTestIncomplete('Authorisation header test has not been implemented yet.'); } /** - * @exception OAuthResourceServerException + * @expectedException \Oauth2\Resource\OAuthResourceServerException */ + function test_init_missingToken() + { + $this->server->init(); + } + function test_init_wrongToken() { - $_POST['access_token'] = 'test12345'; + $_POST['oauth_token'] = 'test12345'; + $_SERVER['REQUEST_METHOD'] = 'POST'; $this->server->init(); } @@ -53,6 +89,7 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase { function test_hasScope() { $_POST['oauth_token'] = 'test12345'; + $_SERVER['REQUEST_METHOD'] = 'POST'; $this->server->init(); @@ -67,6 +104,7 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase { function test___call() { $_POST['oauth_token'] = 'test12345'; + $_SERVER['REQUEST_METHOD'] = 'POST'; $this->server->init(); From 3ab511f2f72e2518658b964091fde8cbfb252c60 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 27 Aug 2012 14:24:32 +0100 Subject: [PATCH 187/199] Spacing fix --- tests/resource/database_mock.php | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/tests/resource/database_mock.php b/tests/resource/database_mock.php index bf050561..52c698d8 100644 --- a/tests/resource/database_mock.php +++ b/tests/resource/database_mock.php @@ -4,11 +4,13 @@ use Oauth2\Resource\Database; class ResourceDB implements Database { - private $accessTokens = array('test12345' => array( - 'id' => 1, - 'owner_type' => 'user', - 'owner_id' => 123 - )); + private $accessTokens = array( + 'test12345' => array( + 'id' => 1, + 'owner_type' => 'user', + 'owner_id' => 123 + ) + ); private $sessionScopes = array( 1 => array( From 95931abd6b6d06c093e86e4b11c0c39322bf0cc6 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 27 Aug 2012 14:24:43 +0100 Subject: [PATCH 188/199] Spelling fix --- src/Oauth2/Resource/Server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Oauth2/Resource/Server.php b/src/Oauth2/Resource/Server.php index 46982a86..f8514d94 100644 --- a/src/Oauth2/Resource/Server.php +++ b/src/Oauth2/Resource/Server.php @@ -115,7 +115,7 @@ class Server $accessToken = null; // Try and get the access token via an access_token or oauth_token parameter - switch ($server['REQUEST_METHOD']) + switch ($_SERVER['REQUEST_METHOD']) { case 'POST': $accessToken = isset($_POST[$this->_config['token_key']]) ? $_POST[$this->_config['token_key']] : null; From e191566260e12a16dc6a6a9847003bfd144d48cf Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 27 Aug 2012 14:25:18 +0100 Subject: [PATCH 189/199] Fixed errors with handling database calls --- src/Oauth2/Resource/Server.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Oauth2/Resource/Server.php b/src/Oauth2/Resource/Server.php index f8514d94..41431058 100644 --- a/src/Oauth2/Resource/Server.php +++ b/src/Oauth2/Resource/Server.php @@ -141,7 +141,7 @@ class Server if ($accessToken) { - $result = $this->_dbCall('validateAccessToken', array($accessToken)); + $result = $this->_dbCall('validateAccessToken', $accessToken); if ($result === false) { @@ -155,7 +155,7 @@ class Server $this->_typeId = $result['owner_id']; // Get the scopes - $this->_scopes = $this->_dbCall('sessionScopes', array($result['id'])); + $this->_scopes = $this->_dbCall('sessionScopes', $result['id']); } } else { From 3642b8432ee1ab6b3b8cb85fa93f8bdbec7f803c Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 27 Aug 2012 14:25:24 +0100 Subject: [PATCH 190/199] PHPCS fixes --- src/Oauth2/Resource/Server.php | 41 +++++++++++++++++----------------- 1 file changed, 20 insertions(+), 21 deletions(-) diff --git a/src/Oauth2/Resource/Server.php b/src/Oauth2/Resource/Server.php index 41431058..0ec835a5 100644 --- a/src/Oauth2/Resource/Server.php +++ b/src/Oauth2/Resource/Server.php @@ -128,12 +128,14 @@ class Server // Try and get an access token from the auth header if (function_exists('getallheaders')) { + $headers = getallheaders(); + if (isset($headers['Authorization'])) { $rawToken = trim(str_replace('Bearer', '', $headers['Authorization'])); - if ( ! empty($rawToken)) - { + + if ( ! empty($rawToken)) { $accessToken = base64_decode($rawToken); } } @@ -143,13 +145,12 @@ class Server $result = $this->_dbCall('validateAccessToken', $accessToken); - if ($result === false) - { - throw new OAuthResourceServerException($this->errors['invalid_access_token']); - } + if ($result === false) { + + throw new OAuthResourceServerException($this->errors['invalid_access_token']); + + } else { - else - { $this->_accessToken = $accessToken; $this->_type = $result['owner_type']; $this->_typeId = $result['owner_id']; @@ -158,7 +159,7 @@ class Server $this->_scopes = $this->_dbCall('sessionScopes', $result['id']); } - } else { + } else { throw new OAuthResourceServerException($this->errors['missing_access_token']); @@ -175,24 +176,22 @@ class Server */ public function hasScope($scopes) { - if (is_string($scopes)) - { - if (in_array($scopes, $this->_scopes)) - { + if (is_string($scopes)) { + + if (in_array($scopes, $this->_scopes)) { return true; } return false; - } - - elseif (is_array($scopes)) - { - foreach ($scopes as $scope) - { - if ( ! in_array($scope, $this->_scopes)) - { + + } elseif (is_array($scopes)) { + + foreach ($scopes as $scope) { + + if ( ! in_array($scope, $this->_scopes)) { return false; } + } return true; From 337b2e0a928ad96497096261322884c745de19f1 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 27 Aug 2012 14:32:06 +0100 Subject: [PATCH 191/199] Marked test_init_header as incomplete --- tests/resource/server_test.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/resource/server_test.php b/tests/resource/server_test.php index 07dca58f..e66a05a6 100644 --- a/tests/resource/server_test.php +++ b/tests/resource/server_test.php @@ -67,7 +67,7 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase { function test_init_header() { // Test with authorisation header - //$this->markTestIncomplete('Authorisation header test has not been implemented yet.'); + $this->markTestIncomplete('Authorisation header test has not been implemented yet.'); } /** From 5da908841045999a152265982229683cfbb2d97a Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 27 Aug 2012 14:43:12 +0100 Subject: [PATCH 192/199] Assert that mock database objects are proper instances of their interfaces --- tests/authentication/server_test.php | 3 ++- tests/resource/server_test.php | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/authentication/server_test.php b/tests/authentication/server_test.php index 87842d03..211c03a1 100644 --- a/tests/authentication/server_test.php +++ b/tests/authentication/server_test.php @@ -5,9 +5,10 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase { function setUp() { $this->oauth = new Oauth2\Authentication\Server(); - + require_once('database_mock.php'); $this->oauthdb = new OAuthdb(); + $this->assertInstanceOf('Oauth2\Authentication\Database', $this->oauthdb); $this->oauth->registerDbAbstractor($this->oauthdb); } diff --git a/tests/resource/server_test.php b/tests/resource/server_test.php index e66a05a6..456f686c 100644 --- a/tests/resource/server_test.php +++ b/tests/resource/server_test.php @@ -8,6 +8,7 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase { $this->server = new Oauth2\Resource\Server(); $this->db = new ResourceDB(); + $this->assertInstanceOf('Oauth2\Resource\Database', $this->db); $this->server->registerDbAbstractor($this->db); } From b7d73accdcc3dfac9605be91b615578421fd37cd Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 27 Aug 2012 15:25:14 +0100 Subject: [PATCH 193/199] Removed old die statement --- src/Oauth2/Authentication/Server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Oauth2/Authentication/Server.php b/src/Oauth2/Authentication/Server.php index 733b51e3..9658cab5 100644 --- a/src/Oauth2/Authentication/Server.php +++ b/src/Oauth2/Authentication/Server.php @@ -197,7 +197,7 @@ class Server foreach ($scopes as $scope) { $scopeDetails = $this->dbcall('getScope', $scope); - //die(var_dump($scopeDetails)); + if ($scopeDetails === false) { throw new OAuthServerClientException(sprintf($this->errors['invalid_scope'], $scope), 4); From 7a4aece507ace9f7ce7a02f3e89bae35b7fe25cf Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 27 Aug 2012 15:25:28 +0100 Subject: [PATCH 194/199] Stylistic fix --- src/Oauth2/Authentication/Server.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/Oauth2/Authentication/Server.php b/src/Oauth2/Authentication/Server.php index 9658cab5..0c6f9476 100644 --- a/src/Oauth2/Authentication/Server.php +++ b/src/Oauth2/Authentication/Server.php @@ -413,8 +413,7 @@ class Server } // The authorization code - if ( ! isset($authParams['code']) && - ! isset($_POST['code'])) { + if ( ! isset($authParams['code']) && ! isset($_POST['code'])) { throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'code'), 0); From 7341d5ddc8b479a398f88785993affac8bedb6e4 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 27 Aug 2012 15:25:41 +0100 Subject: [PATCH 195/199] Moaaaare tests! --- tests/authentication/server_test.php | 236 +++++++++++++++++++++++++++ 1 file changed, 236 insertions(+) diff --git a/tests/authentication/server_test.php b/tests/authentication/server_test.php index 211c03a1..6e79e24c 100644 --- a/tests/authentication/server_test.php +++ b/tests/authentication/server_test.php @@ -89,6 +89,66 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase { ), $this->oauth->checkClientAuthoriseParams($params)); } + /** + * @expectedException Oauth2\Authentication\OAuthServerClientException + * @expectedExceptionCode 0 + */ + function test_checkClientAuthoriseParams_missingClientId() + { + $this->oauth->checkClientAuthoriseParams(); + } + + /** + * @expectedException Oauth2\Authentication\OAuthServerClientException + * @expectedExceptionCode 0 + */ + function test_checkClientAuthoriseParams_missingRedirectUri() + { + $_GET['client_id'] = 'test'; + + $this->oauth->checkClientAuthoriseParams(); + } + + /** + * @expectedException Oauth2\Authentication\OAuthServerClientException + * @expectedExceptionCode 0 + */ + function test_checkClientAuthoriseParams_missingResponseType() + { + $_GET['client_id'] = 'test'; + $_GET['redirect_uri'] = 'http://example.com/test'; + + $this->oauth->checkClientAuthoriseParams(); + } + + /** + * @expectedException Oauth2\Authentication\OAuthServerClientException + * @expectedExceptionCode 0 + */ + function test_checkClientAuthoriseParams_missingScopes() + { + $_GET['client_id'] = 'test'; + $_GET['redirect_uri'] = 'http://example.com/test'; + $_GET['response_type'] = 'code'; + $_GET['scope'] = ' '; + + $this->oauth->checkClientAuthoriseParams(); + } + + /** + * @expectedException Oauth2\Authentication\OAuthServerClientException + * @expectedExceptionCode 4 + */ + function test_checkClientAuthoriseParams_invalidScopes() + { + $_GET['client_id'] = 'test'; + $_GET['redirect_uri'] = 'http://example.com/test'; + $_GET['response_type'] = 'code'; + $_GET['scope'] = 'blah'; + + $this->oauth->checkClientAuthoriseParams(); + } + function test_newAuthoriseRequest() { $result = $this->oauth->newAuthoriseRequest('user', '123', array( @@ -159,4 +219,180 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase { $this->assertArrayHasKey('expires_in', $result); } + function test_issueAccessToken_PassedParams() + { + $auth_code = $this->oauth->newAuthoriseRequest('user', '123', array( + 'client_id' => 'test', + 'redirect_uri' => 'http://example.com/test', + 'scopes' => array(array( + 'id' => 1, + 'scope' => 'test', + 'name' => 'test', + 'description' => 'test' + )) + )); + + $params['client_id'] = 'test'; + $params['client_secret'] = 'test'; + $params['redirect_uri'] = 'http://example.com/test'; + $params['grant_type'] = 'authorization_code'; + $params['code'] = $auth_code; + + $result = $this->oauth->issueAccessToken($params); + + $this->assertCount(3, $result); + $this->assertArrayHasKey('access_token', $result); + $this->assertArrayHasKey('token_type', $result); + $this->assertArrayHasKey('expires_in', $result); + } + + /** + * @expectedException Oauth2\Authentication\OAuthServerClientException + * @expectedExceptionCode 0 + */ + function test_issueAccessToken_missingGrantType() + { + $this->oauth->issueAccessToken(); + } + + /** + * @expectedException Oauth2\Authentication\OAuthServerClientException + * @expectedExceptionCode 7 + */ + function test_issueAccessToken_unsupportedGrantType() + { + $params['grant_type'] = 'blah'; + + $this->oauth->issueAccessToken($params); + } + + /** + * @expectedException Oauth2\Authentication\OAuthServerClientException + * @expectedExceptionCode 0 + */ + function test_completeAuthCodeGrant_missingClientId() + { + $reflector = new ReflectionClass($this->oauth); + $method = $reflector->getMethod('completeAuthCodeGrant'); + $method->setAccessible(true); + + $method->invoke($this->oauth); + } + + /** + * @expectedException Oauth2\Authentication\OAuthServerClientException + * @expectedExceptionCode 0 + */ + function test_completeAuthCodeGrant_missingClientSecret() + { + $reflector = new ReflectionClass($this->oauth); + $method = $reflector->getMethod('completeAuthCodeGrant'); + $method->setAccessible(true); + + $authParams['client_id'] = 'test'; + + $method->invoke($this->oauth, $authParams); + } + + /** + * @expectedException Oauth2\Authentication\OAuthServerClientException + * @expectedExceptionCode 0 + */ + function test_completeAuthCodeGrant_missingRedirectUri() + { + $reflector = new ReflectionClass($this->oauth); + $method = $reflector->getMethod('completeAuthCodeGrant'); + $method->setAccessible(true); + + $authParams['client_id'] = 'test'; + $authParams['client_secret'] = 'test'; + + $method->invoke($this->oauth, $authParams); + } + + /** + * @expectedException Oauth2\Authentication\OAuthServerClientException + * @expectedExceptionCode 8 + */ + function test_completeAuthCodeGrant_invalidClient() + { + $reflector = new ReflectionClass($this->oauth); + $method = $reflector->getMethod('completeAuthCodeGrant'); + $method->setAccessible(true); + + $authParams['client_id'] = 'test'; + $authParams['client_secret'] = 'test123'; + $authParams['redirect_uri'] = 'http://example.com/test'; + + $method->invoke($this->oauth, $authParams); + } + + /** + * @expectedException Oauth2\Authentication\OAuthServerClientException + * @expectedExceptionCode 0 + */ + function test_completeAuthCodeGrant_missingCode() + { + $reflector = new ReflectionClass($this->oauth); + $method = $reflector->getMethod('completeAuthCodeGrant'); + $method->setAccessible(true); + + $authParams['client_id'] = 'test'; + $authParams['client_secret'] = 'test'; + $authParams['redirect_uri'] = 'http://example.com/test'; + + $method->invoke($this->oauth, $authParams); + } + + /** + * @expectedException Oauth2\Authentication\OAuthServerClientException + * @expectedExceptionCode 9 + */ + function test_completeAuthCodeGrant_invalidCode() + { + $reflector = new ReflectionClass($this->oauth); + $method = $reflector->getMethod('completeAuthCodeGrant'); + $method->setAccessible(true); + + $authParams['client_id'] = 'test'; + $authParams['client_secret'] = 'test'; + $authParams['redirect_uri'] = 'http://example.com/test'; + $authParams['code'] = 'blah'; + + $method->invoke($this->oauth, $authParams); + } + + /** + * @expectedException Oauth2\Authentication\OAuthServerException + * @expectedExceptionMessage No registered database abstractor + */ + function test_noRegisteredDatabaseAbstractor() + { + $reflector = new ReflectionClass($this->oauth); + $method = $reflector->getMethod('dbcall'); + $method->setAccessible(true); + + $dbAbstractor = $reflector->getProperty('db'); + $dbAbstractor->setAccessible(true); + $dbAbstractor->setValue($this->oauth, null); + + $result = $method->invoke($this->oauth); + } + + /** + * @expectedException Oauth2\Authentication\OAuthServerException + * @expectedExceptionMessage Registered database abstractor is not an instance of Oauth2\Authentication\Database + */ + function test_invalidRegisteredDatabaseAbstractor() + { + $fake = new stdClass; + $this->oauth->registerDbAbstractor($fake); + + $reflector = new ReflectionClass($this->oauth); + $method = $reflector->getMethod('dbcall'); + $method->setAccessible(true); + + $result = $method->invoke($this->oauth); + } + } \ No newline at end of file From 8f20659f1d8eeb05640a7d690436f406b99ad6d8 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 27 Aug 2012 15:25:59 +0100 Subject: [PATCH 196/199] Check for correct exception messages --- tests/resource/server_test.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/tests/resource/server_test.php b/tests/resource/server_test.php index 456f686c..fdb35be4 100644 --- a/tests/resource/server_test.php +++ b/tests/resource/server_test.php @@ -72,16 +72,21 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase { } /** - * @expectedException \Oauth2\Resource\OAuthResourceServerException + * @expectedException \Oauth2\Resource\OAuthResourceServerException + * @expectedExceptionMessage An access token was not presented with the request */ function test_init_missingToken() { $this->server->init(); } + /** + * @expectedException \Oauth2\Resource\OAuthResourceServerException + * @expectedExceptionMessage The access token is not registered with the resource server + */ function test_init_wrongToken() { - $_POST['oauth_token'] = 'test12345'; + $_POST['oauth_token'] = 'blah'; $_SERVER['REQUEST_METHOD'] = 'POST'; $this->server->init(); From c89fe5bdf8563c688fce334d2cd177a6205a9442 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 27 Aug 2012 15:43:17 +0100 Subject: [PATCH 197/199] Updated README --- README.md | 44 ++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 40 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index d2f4bc60..a1f48c37 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,43 @@ -# PHP OAuth server +# PHP OAuth Framework -The goal of this project is to develop a standards compliant [OAuth 2](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-v2/) server that supports a number of different authentication flows, and two extensions, [JSON web tokens](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-json-web-token/) and [SAML assertions](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-saml2-bearer/). +The goal of this project is to develop a standards compliant [OAuth 2](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-v2/) authentication server, resource server and client library with support for a major OAuth 2 providers. -The library will be a [composer](http://getcomposer.org/) package and will be framework agnostic. +## Package Installation -This code will be developed as part of the [Linkey](http://linkey.blogs.lincoln.ac.uk) project which has been funded by [JISC](http://jisc.ac.uk) under the access and identity management programme. \ No newline at end of file +The framework is provided as a Composer package which can be installed by adding the package to your composer.json file: + +```javascript +{ + "require": { + "lncd\Oauth2": "*" + } +} +``` + +## Package Integration + +Check out the [wiki](https://github.com/lncd/OAuth2/wiki) + +## Current Features + +### Authentication Server + +The authentication server is a flexible class that supports the standard authorization code grant. + +### Resource Server + +The resource server allows you to secure your API endpoints by checking for a valid OAuth access token in the request and ensuring the token has the correct permission to access resources. + + + + +## Future Goals + +### Authentication Server + +* Support for [JSON web tokens](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-json-web-token/). +* Support for [SAML assertions](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-saml2-bearer/). + +--- + +This code will be developed as part of the [Linkey](http://linkey.blogs.lincoln.ac.uk) project which has been funded by [JISC](http://jisc.ac.uk) under the Access and Identity Management programme. \ No newline at end of file From 8724a1efb07e60008a38d741358a5e2d064c5623 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 27 Aug 2012 15:43:26 +0100 Subject: [PATCH 198/199] Updated composer.json with new version --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index cff35e42..0ab791d7 100644 --- a/composer.json +++ b/composer.json @@ -1,7 +1,7 @@ { "name": "lncd/Oauth2", "description": "OAuth 2.0 server - UNDER DEVELOPMENT - NOT READY FOR PRIMETIME", - "version": "0.0.1", + "version": "0.1", "homepage": "https://github.com/lncd/OAuth2", "license": "MIT", "require": { From c05880471c23d3c6c8d96b71cb5dafd5024e8d48 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 27 Aug 2012 15:44:06 +0100 Subject: [PATCH 199/199] Updated composer.json --- composer.json | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/composer.json b/composer.json index 0ab791d7..fc8f52b0 100644 --- a/composer.json +++ b/composer.json @@ -1,6 +1,6 @@ { "name": "lncd/Oauth2", - "description": "OAuth 2.0 server - UNDER DEVELOPMENT - NOT READY FOR PRIMETIME", + "description": "OAuth 2.0 Framework", "version": "0.1", "homepage": "https://github.com/lncd/OAuth2", "license": "MIT", @@ -19,7 +19,10 @@ "keywords": [ "oauth", "oauth2", - "server" + "server", + "authorization", + "authentication", + "resource" ], "authors": [ {