From f70c0392758b397dfecd6febde152d5e210df127 Mon Sep 17 00:00:00 2001 From: Michael Gooden Date: Mon, 4 Mar 2013 17:31:59 +0200 Subject: [PATCH 001/106] Fix state parameter check typo --- src/OAuth2/AuthServer.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/OAuth2/AuthServer.php b/src/OAuth2/AuthServer.php index 995e1c75..f72ff446 100644 --- a/src/OAuth2/AuthServer.php +++ b/src/OAuth2/AuthServer.php @@ -291,8 +291,8 @@ class AuthServer throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'redirect_uri'), 0); } - if ($this->requireStateParam === true && is_null($authParams['redirect_uri'])) { - throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'redirect_uri'), 0); + if ($this->requireStateParam === true && is_null($authParams['state'])) { + throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'state'), 0); } // Validate client ID and redirect URI From 4917bc228c4aefe9ee853b11d00d0001396946f2 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 6 Mar 2013 16:57:29 +0000 Subject: [PATCH 002/106] Updated .gitignore --- .gitignore | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index e9100837..9aaece81 100644 --- a/.gitignore +++ b/.gitignore @@ -5,4 +5,6 @@ /build/coverage/ test /docs/ -/testing/ \ No newline at end of file +/testing/ +logs/ +coverage/ \ No newline at end of file From 6a8f8bf7b75b29d213cd7a5a73f6d8e2acb9adca Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 6 Mar 2013 16:58:29 +0000 Subject: [PATCH 003/106] Removed phpunit from composer.json --- composer.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/composer.json b/composer.json index 9cacbf5b..9aa7a05c 100644 --- a/composer.json +++ b/composer.json @@ -8,8 +8,7 @@ "php": ">=5.3.0" }, "require-dev": { - "phpunit/phpunit": "*", - "mockery/mockery": ">=0.7.2" + "mockery/mockery": ">=0.7.2" }, "repositories": [ { From 07c07ccb5e57ba07f0c0f5e095685b57bee8c5b6 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 6 Mar 2013 16:59:18 +0000 Subject: [PATCH 004/106] Removed static functions, inject authserver instance into grants --- src/OAuth2/AuthServer.php | 48 ++++++++--------- src/OAuth2/Grant/AuthCode.php | 44 +++++++++++----- src/OAuth2/Grant/ClientCredentials.php | 32 +++++++++--- src/OAuth2/Grant/GrantTypeInterface.php | 15 ++++-- src/OAuth2/Grant/Password.php | 44 +++++++++++----- src/OAuth2/Grant/RefreshToken.php | 40 ++++++++++----- tests/authorization/AuthServerTest.php | 51 ++++++++++--------- .../ClientCredentialsGrantTest.php | 26 +++++----- tests/authorization/PasswordGrantTest.php | 34 ++++++------- tests/authorization/RefreshTokenTest.php | 30 +++++------ 10 files changed, 218 insertions(+), 146 deletions(-) diff --git a/src/OAuth2/AuthServer.php b/src/OAuth2/AuthServer.php index f72ff446..6923c424 100644 --- a/src/OAuth2/AuthServer.php +++ b/src/OAuth2/AuthServer.php @@ -37,7 +37,7 @@ class AuthServer * The TTL (time to live) of an access token in seconds (default: 3600) * @var integer */ - static protected $expiresIn = 3600; + protected $expiresIn = 3600; /** * The registered grant response types @@ -49,13 +49,13 @@ class AuthServer * The client, scope and session storage classes * @var array */ - static protected $storages = array(); + protected $storages = array(); /** * The registered grant types * @var array */ - static protected $grantTypes = array(); + protected $grantTypes = array(); /** * Require the "scope" parameter to be in checkAuthoriseParams() @@ -73,7 +73,7 @@ class AuthServer * The request object * @var Util\RequestInterface */ - static protected $request = null; + protected $request = null; /** * Exception error codes @@ -96,7 +96,7 @@ class AuthServer * Exception error messages * @var array */ - static protected $exceptionMessages = array( + protected static $exceptionMessages = array( 'invalid_request' => 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the "%s" parameter.', 'unauthorized_client' => 'The client is not authorized to request an access token using this method.', 'access_denied' => 'The resource owner or authorization server denied the request.', @@ -142,7 +142,7 @@ class AuthServer */ public function __construct(ClientInterface $client, SessionInterface $session, ScopeInterface $scope) { - self::$storages = array( + $this->storages = array( 'client' => $client, 'session' => $session, 'scope' => $scope @@ -159,7 +159,7 @@ class AuthServer if (is_null($identifier)) { $identifier = $grantType->getIdentifier(); } - self::$grantTypes[$identifier] = $grantType; + $this->grantTypes[$identifier] = $grantType; if ( ! is_null($grantType->getResponseType())) { $this->responseTypes[] = $grantType->getResponseType(); @@ -171,9 +171,9 @@ class AuthServer * @param string $identifier The grant type identifier * @return boolean Returns "true" if enabled, "false" if not */ - public static function hasGrantType($identifier) + public function hasGrantType($identifier) { - return (array_key_exists($identifier, self::$grantTypes)); + return (array_key_exists($identifier, $this->grantTypes)); } /** @@ -220,9 +220,9 @@ class AuthServer * Get the TTL for an access token * @return int The TTL */ - public static function getExpiresIn() + public function getExpiresIn() { - return self::$expiresIn; + return $this->expiresIn; } /** @@ -231,7 +231,7 @@ class AuthServer */ public function setExpiresIn($expiresIn) { - self::$expiresIn = $expiresIn; + $this->expiresIn = $expiresIn; } /** @@ -241,7 +241,7 @@ class AuthServer */ public function setRequest(Util\RequestInterface $request) { - self::$request = $request; + $this->request = $request; } /** @@ -249,16 +249,16 @@ class AuthServer * * @return Util\RequestInterface */ - public static function getRequest() + public function getRequest() { - if (self::$request === null) { + if ($this->request === null) { // @codeCoverageIgnoreStart - self::$request = Request::buildFromGlobals(); + $this->request = Request::buildFromGlobals(); } // @codeCoverageIgnoreEnd - return self::$request; + return $this->request; } /** @@ -266,9 +266,9 @@ class AuthServer * @param string $obj The class required * @return Storage\ClientInterface|Storage\ScopeInterface|Storage\SessionInterface */ - public static function getStorage($obj) + public function getStorage($obj) { - return self::$storages[$obj]; + return $this->storages[$obj]; } /** @@ -281,7 +281,7 @@ class AuthServer public function checkAuthoriseParams($inputParams = array()) { // Auth params - $authParams = self::getParam(array('client_id', 'redirect_uri', 'response_type', 'scope', 'state'), 'get', $inputParams); + $authParams = $this->getParam(array('client_id', 'redirect_uri', 'response_type', 'scope', 'state'), 'get', $inputParams); if (is_null($authParams['client_id'])) { throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'client_id'), 0); @@ -383,7 +383,7 @@ class AuthServer } // Ensure grant type is one that is recognised and is enabled - if ( ! in_array($grantType, array_keys(self::$grantTypes))) { + if ( ! in_array($grantType, array_keys($this->grantTypes))) { throw new Exception\ClientException(sprintf(self::$exceptionMessages['unsupported_grant_type'], $grantType), 7); } @@ -398,7 +398,7 @@ class AuthServer */ protected function getGrantType($grantType) { - return self::$grantTypes[$grantType]; + return $this->grantTypes[$grantType]; } /** @@ -408,14 +408,14 @@ class AuthServer * @param array $inputParams Passed input parameters * @return mixed 'Null' if parameter is missing */ - public static function getParam($param = '', $method = 'get', $inputParams = array()) + public function getParam($param = '', $method = 'get', $inputParams = array()) { if (is_string($param)) { return (isset($inputParams[$param])) ? $inputParams[$param] : self::getRequest()->{$method}($param); } else { $response = array(); foreach ($param as $p) { - $response[$p] = self::getParam($p, $method, $inputParams); + $response[$p] = $this->getParam($p, $method, $inputParams); } return $response; } diff --git a/src/OAuth2/Grant/AuthCode.php b/src/OAuth2/Grant/AuthCode.php index 38c0316c..c0240cc5 100644 --- a/src/OAuth2/Grant/AuthCode.php +++ b/src/OAuth2/Grant/AuthCode.php @@ -36,6 +36,22 @@ class AuthCode implements GrantTypeInterface { */ protected $responseType = 'code'; + /** + * AuthServer instance + * @var AuthServer + */ + protected $authServer = null; + + /** + * Constructor + * @param AuthServer $authServer AuthServer instance + * @return void + */ + public function __construct(AuthServer $authServer) + { + $this->authServer = $authServer; + } + /** * Return the identifier * @return string @@ -62,51 +78,51 @@ class AuthCode implements GrantTypeInterface { public function completeFlow($inputParams = null) { // Get the required params - $authParams = AuthServer::getParam(array('client_id', 'client_secret', 'redirect_uri', 'code'), 'post', $inputParams); + $authParams = $this->authServer->getParam(array('client_id', 'client_secret', 'redirect_uri', 'code'), 'post', $inputParams); if (is_null($authParams['client_id'])) { - throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_id'), 0); + throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_id'), 0); } if (is_null($authParams['client_secret'])) { - throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_secret'), 0); + throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_secret'), 0); } if (is_null($authParams['redirect_uri'])) { - throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'redirect_uri'), 0); + throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'redirect_uri'), 0); } // Validate client ID and redirect URI - $clientDetails = AuthServer::getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret'], $authParams['redirect_uri']); + $clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret'], $authParams['redirect_uri']); if ($clientDetails === false) { - throw new Exception\ClientException(AuthServer::getExceptionMessage('invalid_client'), 8); + throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_client'), 8); } $authParams['client_details'] = $clientDetails; // Validate the authorization code if (is_null($authParams['code'])) { - throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'code'), 0); + throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'code'), 0); } // Verify the authorization code matches the client_id and the request_uri - $session = AuthServer::getStorage('session')->validateAuthCode($authParams['client_id'], $authParams['redirect_uri'], $authParams['code']); + $session = $this->authServer->getStorage('session')->validateAuthCode($authParams['client_id'], $authParams['redirect_uri'], $authParams['code']); if ( ! $session) { - throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_grant'), 'code'), 9); + throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_grant'), 'code'), 9); } // A session ID was returned so update it with an access token, // remove the authorisation code, change the stage to 'granted' $accessToken = SecureKey::make(); - $refreshToken = (AuthServer::hasGrantType('refresh_token')) ? SecureKey::make() : null; + $refreshToken = ($this->authServer->hasGrantType('refresh_token')) ? SecureKey::make() : null; - $accessTokenExpires = time() + AuthServer::getExpiresIn(); - $accessTokenExpiresIn = AuthServer::getExpiresIn(); + $accessTokenExpires = time() + $this->authServer->getExpiresIn(); + $accessTokenExpiresIn = $this->authServer->getExpiresIn(); - AuthServer::getStorage('session')->updateSession( + $this->authServer->getStorage('session')->updateSession( $session['id'], null, $accessToken, @@ -122,7 +138,7 @@ class AuthCode implements GrantTypeInterface { 'expires_in' => $accessTokenExpiresIn ); - if (AuthServer::hasGrantType('refresh_token')) { + if ($this->authServer->hasGrantType('refresh_token')) { $response['refresh_token'] = $refreshToken; } diff --git a/src/OAuth2/Grant/ClientCredentials.php b/src/OAuth2/Grant/ClientCredentials.php index 3bb590bb..baed0aa9 100644 --- a/src/OAuth2/Grant/ClientCredentials.php +++ b/src/OAuth2/Grant/ClientCredentials.php @@ -36,6 +36,22 @@ class ClientCredentials implements GrantTypeInterface { */ protected $responseType = null; + /** + * AuthServer instance + * @var AuthServer + */ + protected $authServer = null; + + /** + * Constructor + * @param AuthServer $authServer AuthServer instance + * @return void + */ + public function __construct(AuthServer $authServer) + { + $this->authServer = $authServer; + } + /** * Return the identifier * @return string @@ -62,7 +78,7 @@ class ClientCredentials implements GrantTypeInterface { public function completeFlow($inputParams = null) { // Get the required params - $authParams = AuthServer::getParam(array('client_id', 'client_secret'), 'post', $inputParams); + $authParams = $this->authServer->getParam(array('client_id', 'client_secret', 'scope'), 'post', $inputParams); if (is_null($authParams['client_id'])) { throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_id'), 0); @@ -73,7 +89,7 @@ class ClientCredentials implements GrantTypeInterface { } // Validate client ID and client secret - $clientDetails = AuthServer::getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret']); + $clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret']); if ($clientDetails === false) { throw new Exception\ClientException(AuthServer::getExceptionMessage('invalid_client'), 8); @@ -83,16 +99,16 @@ class ClientCredentials implements GrantTypeInterface { // Generate an access token $accessToken = SecureKey::make(); - $refreshToken = (AuthServer::hasGrantType('refresh_token')) ? SecureKey::make() : null; + $refreshToken = ($this->authServer->hasGrantType('refresh_token')) ? SecureKey::make() : null; - $accessTokenExpires = time() + AuthServer::getExpiresIn(); - $accessTokenExpiresIn = AuthServer::getExpiresIn(); + $accessTokenExpires = time() + $this->authServer->getExpiresIn(); + $accessTokenExpiresIn = $this->authServer->getExpiresIn(); // Delete any existing sessions just to be sure - AuthServer::getStorage('session')->deleteSession($authParams['client_id'], 'client', $authParams['client_id']); + $this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'client', $authParams['client_id']); // Create a new session - AuthServer::getStorage('session')->createSession( + $this->authServer->getStorage('session')->createSession( $authParams['client_id'], null, 'client', @@ -111,7 +127,7 @@ class ClientCredentials implements GrantTypeInterface { 'expires_in' => $accessTokenExpiresIn ); - if (AuthServer::hasGrantType('refresh_token')) { + if ($this->authServer->hasGrantType('refresh_token')) { $response['refresh_token'] = $refreshToken; } diff --git a/src/OAuth2/Grant/GrantTypeInterface.php b/src/OAuth2/Grant/GrantTypeInterface.php index b05c959e..56e45cfd 100644 --- a/src/OAuth2/Grant/GrantTypeInterface.php +++ b/src/OAuth2/Grant/GrantTypeInterface.php @@ -21,10 +21,17 @@ use OAuth2\Storage\ScopeInterface; interface GrantTypeInterface { - /** - * Returns the grant identifier (used to validate grant_type in OAuth2\AuthServer\issueAccessToken()) - * @return string - */ + /** + * Constructor + * @param AuthServer $authServer AuthServer instance + * @return void + */ + public function __construct(AuthServer $authServer); + + /** + * Returns the grant identifier (used to validate grant_type in OAuth2\AuthServer\issueAccessToken()) + * @return string + */ public function getIdentifier(); /** diff --git a/src/OAuth2/Grant/Password.php b/src/OAuth2/Grant/Password.php index 1cf61c74..ccd8a6a1 100644 --- a/src/OAuth2/Grant/Password.php +++ b/src/OAuth2/Grant/Password.php @@ -42,6 +42,22 @@ class Password implements GrantTypeInterface { */ protected $callback = null; + /** + * AuthServer instance + * @var AuthServer + */ + protected $authServer = null; + + /** + * Constructor + * @param AuthServer $authServer AuthServer instance + * @return void + */ + public function __construct(AuthServer $authServer) + { + $this->authServer = $authServer; + } + /** * Return the identifier * @return string @@ -90,52 +106,52 @@ class Password implements GrantTypeInterface { public function completeFlow($inputParams = null) { // Get the required params - $authParams = AuthServer::getParam(array('client_id', 'client_secret', 'username', 'password'), 'post', $inputParams); + $authParams = $this->authServer->getParam(array('client_id', 'client_secret', 'username', 'password'), 'post', $inputParams); if (is_null($authParams['client_id'])) { - throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_id'), 0); + throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_id'), 0); } if (is_null($authParams['client_secret'])) { - throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_secret'), 0); + throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_secret'), 0); } // Validate client ID and redirect URI - $clientDetails = AuthServer::getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret']); + $clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret']); if ($clientDetails === false) { - throw new Exception\ClientException(AuthServer::getExceptionMessage('invalid_client'), 8); + throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_client'), 8); } $authParams['client_details'] = $clientDetails; if (is_null($authParams['username'])) { - throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'username'), 0); + throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'username'), 0); } if (is_null($authParams['password'])) { - throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'password'), 0); + throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'password'), 0); } // Check if user's username and password are correct $userId = call_user_func($this->getVerifyCredentialsCallback(), $authParams['username'], $authParams['password']); if ($userId === false) { - throw new Exception\ClientException(AuthServer::getExceptionMessage('invalid_credentials'), 0); + throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_credentials'), 0); } // Generate an access token $accessToken = SecureKey::make(); - $refreshToken = (AuthServer::hasGrantType('refresh_token')) ? SecureKey::make() : null; + $refreshToken = ($this->authServer->hasGrantType('refresh_token')) ? SecureKey::make() : null; - $accessTokenExpires = time() + AuthServer::getExpiresIn(); - $accessTokenExpiresIn = AuthServer::getExpiresIn(); + $accessTokenExpires = time() + $this->authServer->getExpiresIn(); + $accessTokenExpiresIn = $this->authServer->getExpiresIn(); // Delete any existing sessions just to be sure - AuthServer::getStorage('session')->deleteSession($authParams['client_id'], 'user', $userId); + $this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'user', $userId); // Create a new session - AuthServer::getStorage('session')->createSession( + $this->authServer->getStorage('session')->createSession( $authParams['client_id'], null, 'user', @@ -154,7 +170,7 @@ class Password implements GrantTypeInterface { 'expires_in' => $accessTokenExpiresIn ); - if (AuthServer::hasGrantType('refresh_token')) { + if ($this->authServer->hasGrantType('refresh_token')) { $response['refresh_token'] = $refreshToken; } diff --git a/src/OAuth2/Grant/RefreshToken.php b/src/OAuth2/Grant/RefreshToken.php index bd7839ca..46d9103a 100644 --- a/src/OAuth2/Grant/RefreshToken.php +++ b/src/OAuth2/Grant/RefreshToken.php @@ -36,6 +36,22 @@ class RefreshToken implements GrantTypeInterface { */ protected $responseType = null; + /** + * AuthServer instance + * @var AuthServer + */ + protected $authServer = null; + + /** + * Constructor + * @param AuthServer $authServer AuthServer instance + * @return void + */ + public function __construct(AuthServer $authServer) + { + $this->authServer = $authServer; + } + /** * Return the identifier * @return string @@ -62,47 +78,47 @@ class RefreshToken implements GrantTypeInterface { public function completeFlow($inputParams = null) { // Get the required params - $authParams = AuthServer::getParam(array('client_id', 'client_secret', 'refresh_token'), 'post', $inputParams); + $authParams = $this->authServer->getParam(array('client_id', 'client_secret', 'refresh_token'), 'post', $inputParams); if (is_null($authParams['client_id'])) { - throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_id'), 0); + throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_id'), 0); } if (is_null($authParams['client_secret'])) { - throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_secret'), 0); + throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_secret'), 0); } // Validate client ID and client secret - $clientDetails = AuthServer::getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret']); + $clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret']); if ($clientDetails === false) { - throw new Exception\ClientException(AuthServer::getExceptionMessage('invalid_client'), 8); + throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_client'), 8); } $authParams['client_details'] = $clientDetails; if (is_null($authParams['refresh_token'])) { - throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'refresh_token'), 0); + throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'refresh_token'), 0); } // Validate refresh token - $sessionId = AuthServer::getStorage('client')->validateRefreshToken( + $sessionId = $this->authServer->getStorage('client')->validateRefreshToken( $authParams['refresh_token'], $authParams['client_id'] ); if ($sessionId === false) { - throw new Exception\ClientException(AuthServer::getExceptionMessage('invalid_refresh'), 0); + throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_refresh'), 0); } // Generate new tokens $accessToken = SecureKey::make(); - $refreshToken = (AuthServer::hasGrantType('refresh_token')) ? SecureKey::make() : null; + $refreshToken = ($this->authServer->hasGrantType('refresh_token')) ? SecureKey::make() : null; - $accessTokenExpires = time() + AuthServer::getExpiresIn(); - $accessTokenExpiresIn = AuthServer::getExpiresIn(); + $accessTokenExpires = time() + $this->authServer->getExpiresIn(); + $accessTokenExpiresIn = $this->authServer->getExpiresIn(); - AuthServer::getStorage('session')->updateRefreshToken($sessionId, $accessToken, $refreshToken, $accessTokenExpires); + $this->authServer->getStorage('session')->updateRefreshToken($sessionId, $accessToken, $refreshToken, $accessTokenExpires); return array( 'access_token' => $accessToken, diff --git a/tests/authorization/AuthServerTest.php b/tests/authorization/AuthServerTest.php index 6ab843f3..2e31999c 100644 --- a/tests/authorization/AuthServerTest.php +++ b/tests/authorization/AuthServerTest.php @@ -52,7 +52,8 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase public function test_hasGrantType() { - $this->assertFalse(OAuth2\AuthServer::hasGrantType('test')); + $a = $this->returnDefault(); + $this->assertFalse($a->hasGrantType('test')); } public function test_addGrantType() @@ -62,7 +63,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase $grant->shouldReceive('getResponseType')->andReturn('test'); $a->addGrantType($grant, 'test'); - $this->assertTrue(OAuth2\AuthServer::hasGrantType('test')); + $this->assertTrue($a->hasGrantType('test')); } public function test_addGrantType_noIdentifier() @@ -73,7 +74,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase $grant->shouldReceive('getResponseType')->andReturn('test'); $a->addGrantType($grant); - $this->assertTrue(OAuth2\AuthServer::hasGrantType('test')); + $this->assertTrue($a->hasGrantType('test')); } public function test_getScopeDelimeter() @@ -119,7 +120,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase { $a = $this->returnDefault(); $a->setExpiresIn(7200); - $this->assertEquals(7200, $a::getExpiresIn()); + $this->assertEquals(7200, $a->getExpiresIn()); } public function test_setExpiresIn() @@ -138,7 +139,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase $reflector = new ReflectionClass($a); $requestProperty = $reflector->getProperty('request'); $requestProperty->setAccessible(true); - $v = $requestProperty->getValue(); + $v = $requestProperty->getValue($a); $this->assertTrue($v instanceof OAuth2\Util\RequestInterface); } @@ -148,7 +149,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase $a = $this->returnDefault(); $request = new OAuth2\Util\Request(); $a->setRequest($request); - $v = $a::getRequest(); + $v = $a->getRequest(); $this->assertTrue($v instanceof OAuth2\Util\RequestInterface); } @@ -251,7 +252,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase )); $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\AuthCode()); + $a->addGrantType(new OAuth2\Grant\AuthCode($a)); $a->checkAuthoriseParams(array( 'client_id' => 1234, @@ -277,7 +278,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase $this->scope->shouldReceive('getScope')->andReturn(false); $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\AuthCode()); + $a->addGrantType(new OAuth2\Grant\AuthCode($a)); $a->checkAuthoriseParams(array( 'client_id' => 1234, @@ -290,7 +291,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase public function test_checkAuthoriseParams_passedInput() { $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\AuthCode()); + $a->addGrantType(new OAuth2\Grant\AuthCode($a)); $this->client->shouldReceive('getClient')->andReturn(array( 'client_id' => 1234, @@ -354,7 +355,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase )); $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\AuthCode()); + $a->addGrantType(new OAuth2\Grant\AuthCode($a)); $_GET['client_id'] = 1234; $_GET['redirect_uri'] = 'http://foo/redirect'; @@ -426,7 +427,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase public function test_getGrantType() { $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\AuthCode()); + $a->addGrantType(new OAuth2\Grant\AuthCode($a)); $reflector = new ReflectionClass($a); $method = $reflector->getMethod('getGrantType'); @@ -444,7 +445,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase public function test_issueAccessToken_missingGrantType() { $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\AuthCode()); + $a->addGrantType(new OAuth2\Grant\AuthCode($a)); $v = $a->issueAccessToken(); } @@ -456,7 +457,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase public function test_issueAccessToken_badGrantType() { $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\AuthCode()); + $a->addGrantType(new OAuth2\Grant\AuthCode($a)); $v = $a->issueAccessToken(array('grant_type' => 'foo')); } @@ -468,7 +469,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase public function test_issueAccessToken_missingClientId() { $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\AuthCode()); + $a->addGrantType(new OAuth2\Grant\AuthCode($a)); $v = $a->issueAccessToken(array( 'grant_type' => 'authorization_code' @@ -482,7 +483,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase public function test_issueAccessToken_missingClientSecret() { $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\AuthCode()); + $a->addGrantType(new OAuth2\Grant\AuthCode($a)); $v = $a->issueAccessToken(array( 'grant_type' => 'authorization_code', @@ -497,7 +498,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase public function test_issueAccessToken_missingRedirectUri() { $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\AuthCode()); + $a->addGrantType(new OAuth2\Grant\AuthCode($a)); $v = $a->issueAccessToken(array( 'grant_type' => 'authorization_code', @@ -515,7 +516,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase $this->client->shouldReceive('getClient')->andReturn(false); $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\AuthCode()); + $a->addGrantType(new OAuth2\Grant\AuthCode($a)); $v = $a->issueAccessToken(array( 'grant_type' => 'authorization_code', @@ -534,7 +535,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase $this->client->shouldReceive('getClient')->andReturn(array()); $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\AuthCode()); + $a->addGrantType(new OAuth2\Grant\AuthCode($a)); $v = $a->issueAccessToken(array( 'grant_type' => 'authorization_code', @@ -554,7 +555,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase $this->session->shouldReceive('validateAuthCode')->andReturn(false); $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\AuthCode()); + $a->addGrantType(new OAuth2\Grant\AuthCode($a)); $v = $a->issueAccessToken(array( 'grant_type' => 'authorization_code', @@ -578,7 +579,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase $this->session->shouldReceive('updateSession')->andReturn(null); $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\AuthCode()); + $a->addGrantType(new OAuth2\Grant\AuthCode($a)); $v = $a->issueAccessToken(array( 'grant_type' => 'authorization_code', @@ -593,8 +594,8 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase $this->assertArrayHasKey('expires', $v); $this->assertArrayHasKey('expires_in', $v); - $this->assertEquals($a::getExpiresIn(), $v['expires_in']); - $this->assertEquals(time()+$a::getExpiresIn(), $v['expires']); + $this->assertEquals($a->getExpiresIn(), $v['expires_in']); + $this->assertEquals(time()+$a->getExpiresIn(), $v['expires']); } public function test_issueAccessToken() @@ -610,7 +611,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase $this->session->shouldReceive('updateSession')->andReturn(null); $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\AuthCode()); + $a->addGrantType(new OAuth2\Grant\AuthCode($a)); $_POST['grant_type'] = 'authorization_code'; $_POST['client_id'] = 1234; @@ -628,8 +629,8 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase $this->assertArrayHasKey('expires', $v); $this->assertArrayHasKey('expires_in', $v); - $this->assertEquals($a::getExpiresIn(), $v['expires_in']); - $this->assertEquals(time()+$a::getExpiresIn(), $v['expires']); + $this->assertEquals($a->getExpiresIn(), $v['expires_in']); + $this->assertEquals(time()+$a->getExpiresIn(), $v['expires']); } public function tearDown() { diff --git a/tests/authorization/ClientCredentialsGrantTest.php b/tests/authorization/ClientCredentialsGrantTest.php index 72e68919..794294fb 100644 --- a/tests/authorization/ClientCredentialsGrantTest.php +++ b/tests/authorization/ClientCredentialsGrantTest.php @@ -27,7 +27,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase public function test_issueAccessToken_clientCredentialsGrant_missingClientId() { $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\ClientCredentials()); + $a->addGrantType(new OAuth2\Grant\ClientCredentials($a)); $request = new OAuth2\Util\Request(array(), $_POST); $a->setRequest($request); @@ -44,7 +44,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase public function test_issueAccessToken_clientCredentialsGrant_missingClientPassword() { $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\ClientCredentials()); + $a->addGrantType(new OAuth2\Grant\ClientCredentials($a)); $request = new OAuth2\Util\Request(array(), $_POST); $a->setRequest($request); @@ -64,7 +64,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase $this->client->shouldReceive('getClient')->andReturn(false); $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\ClientCredentials()); + $a->addGrantType(new OAuth2\Grant\ClientCredentials($a)); $request = new OAuth2\Util\Request(array(), $_POST); $a->setRequest($request); @@ -93,7 +93,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase $this->session->shouldReceive('updateRefreshToken')->andReturn(null); $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\ClientCredentials()); + $a->addGrantType(new OAuth2\Grant\ClientCredentials($a)); $v = $a->issueAccessToken(array( 'grant_type' => 'client_credentials', @@ -106,8 +106,8 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase $this->assertArrayHasKey('expires', $v); $this->assertArrayHasKey('expires_in', $v); - $this->assertEquals($a::getExpiresIn(), $v['expires_in']); - $this->assertEquals(time()+$a::getExpiresIn(), $v['expires']); + $this->assertEquals($a->getExpiresIn(), $v['expires_in']); + $this->assertEquals(time()+$a->getExpiresIn(), $v['expires']); } function test_issueAccessToken_clientCredentialsGrant() @@ -127,7 +127,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase $this->session->shouldReceive('updateRefreshToken')->andReturn(null); $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\ClientCredentials()); + $a->addGrantType(new OAuth2\Grant\ClientCredentials($a)); $_POST['grant_type'] = 'client_credentials'; $_POST['client_id'] = 1234; @@ -143,8 +143,8 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase $this->assertArrayHasKey('expires', $v); $this->assertArrayHasKey('expires_in', $v); - $this->assertEquals($a::getExpiresIn(), $v['expires_in']); - $this->assertEquals(time()+$a::getExpiresIn(), $v['expires']); + $this->assertEquals($a->getExpiresIn(), $v['expires_in']); + $this->assertEquals(time()+$a->getExpiresIn(), $v['expires']); } function test_issueAccessToken_clientCredentialsGrant_withRefreshToken() @@ -164,8 +164,8 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase $this->session->shouldReceive('updateRefreshToken')->andReturn(null); $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\ClientCredentials()); - $a->addGrantType(new OAuth2\Grant\RefreshToken()); + $a->addGrantType(new OAuth2\Grant\ClientCredentials($a)); + $a->addGrantType(new OAuth2\Grant\RefreshToken($a)); $_POST['grant_type'] = 'client_credentials'; $_POST['client_id'] = 1234; @@ -182,8 +182,8 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase $this->assertArrayHasKey('expires_in', $v); $this->assertArrayHasKey('refresh_token', $v); - $this->assertEquals($a::getExpiresIn(), $v['expires_in']); - $this->assertEquals(time()+$a::getExpiresIn(), $v['expires']); + $this->assertEquals($a->getExpiresIn(), $v['expires_in']); + $this->assertEquals(time()+$a->getExpiresIn(), $v['expires']); } } \ No newline at end of file diff --git a/tests/authorization/PasswordGrantTest.php b/tests/authorization/PasswordGrantTest.php index ac6a7c83..e458db6e 100644 --- a/tests/authorization/PasswordGrantTest.php +++ b/tests/authorization/PasswordGrantTest.php @@ -27,7 +27,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase public function test_issueAccessToken_passwordGrant_missingClientId() { $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\Password()); + $a->addGrantType(new OAuth2\Grant\Password($a)); $request = new OAuth2\Util\Request(array(), $_POST); $a->setRequest($request); @@ -44,7 +44,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase public function test_issueAccessToken_passwordGrant_missingClientPassword() { $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\Password()); + $a->addGrantType(new OAuth2\Grant\Password($a)); $request = new OAuth2\Util\Request(array(), $_POST); $a->setRequest($request); @@ -64,7 +64,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase $this->client->shouldReceive('getClient')->andReturn(false); $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\Password()); + $a->addGrantType(new OAuth2\Grant\Password($a)); $request = new OAuth2\Util\Request(array(), $_POST); $a->setRequest($request); @@ -98,7 +98,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase $testCredentials = null; $a = $this->returnDefault(); - $pgrant = new OAuth2\Grant\Password(); + $pgrant = new OAuth2\Grant\Password($a); $pgrant->setVerifyCredentialsCallback($testCredentials); $a->addGrantType($pgrant); @@ -134,7 +134,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase $testCredentials = function($u, $p) { return false; }; $a = $this->returnDefault(); - $pgrant = new OAuth2\Grant\Password(); + $pgrant = new OAuth2\Grant\Password($a); $pgrant->setVerifyCredentialsCallback($testCredentials); $a->addGrantType($pgrant); @@ -168,7 +168,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase $testCredentials = function($u, $p) { return false; }; $a = $this->returnDefault(); - $pgrant = new OAuth2\Grant\Password(); + $pgrant = new OAuth2\Grant\Password($a); $pgrant->setVerifyCredentialsCallback($testCredentials); $a->addGrantType($pgrant); @@ -203,7 +203,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase $testCredentials = function($u, $p) { return false; }; $a = $this->returnDefault(); - $pgrant = new OAuth2\Grant\Password(); + $pgrant = new OAuth2\Grant\Password($a); $pgrant->setVerifyCredentialsCallback($testCredentials); $a->addGrantType($pgrant); @@ -235,7 +235,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase $testCredentials = function($u, $p) { return 1; }; $a = $this->returnDefault(); - $pgrant = new OAuth2\Grant\Password(); + $pgrant = new OAuth2\Grant\Password($a); $pgrant->setVerifyCredentialsCallback($testCredentials); $a->addGrantType($pgrant); @@ -252,8 +252,8 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase $this->assertArrayHasKey('expires', $v); $this->assertArrayHasKey('expires_in', $v); - $this->assertEquals($a::getExpiresIn(), $v['expires_in']); - $this->assertEquals(time()+$a::getExpiresIn(), $v['expires']); + $this->assertEquals($a->getExpiresIn(), $v['expires_in']); + $this->assertEquals(time()+$a->getExpiresIn(), $v['expires']); } function test_issueAccessToken_passwordGrant() @@ -275,7 +275,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase $testCredentials = function($u, $p) { return 1; }; $a = $this->returnDefault(); - $pgrant = new OAuth2\Grant\Password(); + $pgrant = new OAuth2\Grant\Password($a); $pgrant->setVerifyCredentialsCallback($testCredentials); $a->addGrantType($pgrant); @@ -295,8 +295,8 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase $this->assertArrayHasKey('expires', $v); $this->assertArrayHasKey('expires_in', $v); - $this->assertEquals($a::getExpiresIn(), $v['expires_in']); - $this->assertEquals(time()+$a::getExpiresIn(), $v['expires']); + $this->assertEquals($a->getExpiresIn(), $v['expires_in']); + $this->assertEquals(time()+$a->getExpiresIn(), $v['expires']); } function test_issueAccessToken_passwordGrant_withRefreshToken() @@ -318,10 +318,10 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase $testCredentials = function($u, $p) { return 1; }; $a = $this->returnDefault(); - $pgrant = new OAuth2\Grant\Password(); + $pgrant = new OAuth2\Grant\Password($a); $pgrant->setVerifyCredentialsCallback($testCredentials); $a->addGrantType($pgrant); - $a->addGrantType(new OAuth2\Grant\RefreshToken()); + $a->addGrantType(new OAuth2\Grant\RefreshToken($a)); $_POST['grant_type'] = 'password'; $_POST['client_id'] = 1234; @@ -340,8 +340,8 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase $this->assertArrayHasKey('expires_in', $v); $this->assertArrayHasKey('refresh_token', $v); - $this->assertEquals($a::getExpiresIn(), $v['expires_in']); - $this->assertEquals(time()+$a::getExpiresIn(), $v['expires']); + $this->assertEquals($a->getExpiresIn(), $v['expires_in']); + $this->assertEquals(time()+$a->getExpiresIn(), $v['expires']); } } \ No newline at end of file diff --git a/tests/authorization/RefreshTokenTest.php b/tests/authorization/RefreshTokenTest.php index 556477b3..6ea99f2b 100644 --- a/tests/authorization/RefreshTokenTest.php +++ b/tests/authorization/RefreshTokenTest.php @@ -33,8 +33,8 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase $this->session->shouldReceive('updateSession')->andReturn(null); $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\AuthCode()); - $a->addGrantType(new OAuth2\Grant\RefreshToken()); + $a->addGrantType(new OAuth2\Grant\AuthCode($a)); + $a->addGrantType(new OAuth2\Grant\RefreshToken($a)); $_POST['grant_type'] = 'authorization_code'; $_POST['client_id'] = 1234; @@ -53,8 +53,8 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase $this->assertArrayHasKey('expires_in', $v); $this->assertArrayHasKey('refresh_token', $v); - $this->assertEquals($a::getExpiresIn(), $v['expires_in']); - $this->assertEquals(time()+$a::getExpiresIn(), $v['expires']); + $this->assertEquals($a->getExpiresIn(), $v['expires_in']); + $this->assertEquals(time()+$a->getExpiresIn(), $v['expires']); } /** @@ -64,7 +64,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase public function test_issueAccessToken_refreshTokenGrant_missingClientId() { $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\RefreshToken()); + $a->addGrantType(new OAuth2\Grant\RefreshToken($a)); $request = new OAuth2\Util\Request(array(), $_POST); $a->setRequest($request); @@ -81,7 +81,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase public function test_issueAccessToken_refreshTokenGrant_missingClientSecret() { $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\RefreshToken()); + $a->addGrantType(new OAuth2\Grant\RefreshToken($a)); $request = new OAuth2\Util\Request(array(), $_POST); $a->setRequest($request); @@ -101,7 +101,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase $this->client->shouldReceive('getClient')->andReturn(false); $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\RefreshToken()); + $a->addGrantType(new OAuth2\Grant\RefreshToken($a)); $request = new OAuth2\Util\Request(array(), $_POST); $a->setRequest($request); @@ -122,7 +122,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase $this->client->shouldReceive('getClient')->andReturn(array()); $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\RefreshToken()); + $a->addGrantType(new OAuth2\Grant\RefreshToken($a)); $request = new OAuth2\Util\Request(array(), $_POST); $a->setRequest($request); @@ -145,7 +145,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase $this->client->shouldReceive('validateRefreshToken')->andReturn(false); $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\RefreshToken()); + $a->addGrantType(new OAuth2\Grant\RefreshToken($a)); $request = new OAuth2\Util\Request(array(), $_POST); $a->setRequest($request); @@ -174,7 +174,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase $this->session->shouldReceive('updateRefreshToken')->andReturn(null); $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\RefreshToken()); + $a->addGrantType(new OAuth2\Grant\RefreshToken($a)); $_POST['grant_type'] = 'refresh_token'; $_POST['client_id'] = 1234; @@ -192,8 +192,8 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase $this->assertArrayHasKey('expires_in', $v); $this->assertArrayHasKey('refresh_token', $v); - $this->assertEquals($a::getExpiresIn(), $v['expires_in']); - $this->assertEquals(time()+$a::getExpiresIn(), $v['expires']); + $this->assertEquals($a->getExpiresIn(), $v['expires_in']); + $this->assertEquals(time()+$a->getExpiresIn(), $v['expires']); } public function test_issueAccessToken_refreshTokenGrant() @@ -212,7 +212,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase $this->session->shouldReceive('updateRefreshToken')->andReturn(null); $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\RefreshToken()); + $a->addGrantType(new OAuth2\Grant\RefreshToken($a)); $v = $a->issueAccessToken(array( 'grant_type' => 'refresh_token', @@ -227,7 +227,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase $this->assertArrayHasKey('expires_in', $v); $this->assertArrayHasKey('refresh_token', $v); - $this->assertEquals($a::getExpiresIn(), $v['expires_in']); - $this->assertEquals(time()+$a::getExpiresIn(), $v['expires']); + $this->assertEquals($a->getExpiresIn(), $v['expires_in']); + $this->assertEquals(time()+$a->getExpiresIn(), $v['expires']); } } \ No newline at end of file From 3ad40105267e7b24e44435af80185ec5fbc5948e Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 6 Mar 2013 17:04:31 +0000 Subject: [PATCH 005/106] Cleaned up .gitignore --- .gitignore | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/.gitignore b/.gitignore index 9aaece81..371a1385 100644 --- a/.gitignore +++ b/.gitignore @@ -1,10 +1,6 @@ -/vendor/ +/vendor /composer.lock -/docs/build/ -/build/logs/ -/build/coverage/ -test -/docs/ -/testing/ -logs/ -coverage/ \ No newline at end of file +/build/logs +/build/coverage +/docs +/testing \ No newline at end of file From f3e6f99696d701b7654a27fee30032acd5a0dfc6 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 6 Mar 2013 17:04:49 +0000 Subject: [PATCH 006/106] Removed old build files --- build/phpcs.xml | 8 -------- build/phpmd.xml | 14 -------------- build/phpunit.xml | 31 ------------------------------- phpunit.xml | 31 +++++++++++++++++++++++++++++++ 4 files changed, 31 insertions(+), 53 deletions(-) delete mode 100644 build/phpcs.xml delete mode 100644 build/phpmd.xml delete mode 100644 build/phpunit.xml create mode 100644 phpunit.xml diff --git a/build/phpcs.xml b/build/phpcs.xml deleted file mode 100644 index a6ee80da..00000000 --- a/build/phpcs.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - - PHP_CodeSniffer configuration - - - - \ No newline at end of file diff --git a/build/phpmd.xml b/build/phpmd.xml deleted file mode 100644 index 11f54dc1..00000000 --- a/build/phpmd.xml +++ /dev/null @@ -1,14 +0,0 @@ - - - - Ruleset for OAuth 2.0 server - - - - - \ No newline at end of file diff --git a/build/phpunit.xml b/build/phpunit.xml deleted file mode 100644 index 3281974b..00000000 --- a/build/phpunit.xml +++ /dev/null @@ -1,31 +0,0 @@ - - - - - ../tests/authorization - - - ../tests/resource - - - ../tests/util - - - - - PEAR_INSTALL_DIR - PHP_LIBDIR - ../vendor/composer - ../vendor/mockery - ../vendor/phpunit - ../tests - ../testing - - - - - - - - - \ No newline at end of file diff --git a/phpunit.xml b/phpunit.xml new file mode 100644 index 00000000..219005bc --- /dev/null +++ b/phpunit.xml @@ -0,0 +1,31 @@ + + + + + tests/authorization + + + tests/resource + + + tests/util + + + + + PEAR_INSTALL_DIR + PHP_LIBDIR + vendor/composer + vendor/mockery + vendor/phpunit + tests + testing + + + + + + + + + \ No newline at end of file From c056be3e48bbed34ce8aef2f6d3898ade3dfdf4c Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 6 Mar 2013 17:05:07 +0000 Subject: [PATCH 007/106] Updated .travis.yml --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 5034e99f..4f428b5f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,4 +5,4 @@ php: - 5.4 before_script: composer install --dev -script: phpunit -c build/phpunit.xml \ No newline at end of file +script: phpunit \ No newline at end of file From 7d0c075b36581bee17f00765862c4ec8a0ea0762 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 6 Mar 2013 17:18:04 +0000 Subject: [PATCH 008/106] It ain't static anymore Jim --- src/OAuth2/AuthServer.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/OAuth2/AuthServer.php b/src/OAuth2/AuthServer.php index 6923c424..9a531a78 100644 --- a/src/OAuth2/AuthServer.php +++ b/src/OAuth2/AuthServer.php @@ -376,7 +376,7 @@ class AuthServer */ public function issueAccessToken($inputParams = array()) { - $grantType = self::getParam('grant_type', 'post', $inputParams); + $grantType = $this->getParam('grant_type', 'post', $inputParams); if (is_null($grantType)) { throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'grant_type'), 0); From 542ca52d496083c5eeeabab569eaad1187b3398d Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 6 Mar 2013 17:18:13 +0000 Subject: [PATCH 009/106] Set a default parameter for getParam --- src/OAuth2/AuthServer.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/OAuth2/AuthServer.php b/src/OAuth2/AuthServer.php index 9a531a78..d3fb5fc2 100644 --- a/src/OAuth2/AuthServer.php +++ b/src/OAuth2/AuthServer.php @@ -408,10 +408,10 @@ class AuthServer * @param array $inputParams Passed input parameters * @return mixed 'Null' if parameter is missing */ - public function getParam($param = '', $method = 'get', $inputParams = array()) + public function getParam($param = '', $method = 'get', $inputParams = array(), $default = null) { if (is_string($param)) { - return (isset($inputParams[$param])) ? $inputParams[$param] : self::getRequest()->{$method}($param); + return (isset($inputParams[$param])) ? $inputParams[$param] : $this->getRequest()->{$method}($param, $default); } else { $response = array(); foreach ($param as $p) { From a9a68a5cc8b5304086dbbed84387c9d3dc20cb26 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 6 Mar 2013 17:18:37 +0000 Subject: [PATCH 010/106] Added scope parameter association for clientcredentials and password scope TODO: Unit tests --- src/OAuth2/Grant/ClientCredentials.php | 31 ++++++++++++++++++++++++-- src/OAuth2/Grant/Password.php | 29 +++++++++++++++++++++++- 2 files changed, 57 insertions(+), 3 deletions(-) diff --git a/src/OAuth2/Grant/ClientCredentials.php b/src/OAuth2/Grant/ClientCredentials.php index baed0aa9..b7736b3e 100644 --- a/src/OAuth2/Grant/ClientCredentials.php +++ b/src/OAuth2/Grant/ClientCredentials.php @@ -78,7 +78,7 @@ class ClientCredentials implements GrantTypeInterface { public function completeFlow($inputParams = null) { // Get the required params - $authParams = $this->authServer->getParam(array('client_id', 'client_secret', 'scope'), 'post', $inputParams); + $authParams = $this->authServer->getParam(array('client_id', 'client_secret'), 'post', $inputParams); if (is_null($authParams['client_id'])) { throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_id'), 0); @@ -97,6 +97,27 @@ class ClientCredentials implements GrantTypeInterface { $authParams['client_details'] = $clientDetails; + // Validate any scopes that are in the request + $scope = $this->authServer->getParam('scope', 'post', $inputParams, ''); + $scopes = explode($this->authServer->getScopeDelimeter(), $scope); + + for ($i = 0; $i < count($scopes); $i++) { + $scopes[$i] = trim($scopes[$i]); + if ($scopes[$i] === '') unset($scopes[$i]); // Remove any junk scopes + } + + $authParams['scopes'] = array(); + + foreach ($scopes as $scope) { + $scopeDetails = $this->authServer->getStorage('scope')->getScope($scope); + + if ($scopeDetails === false) { + throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_scope'], $scope), 4); + } + + $authParams['scopes'][] = $scopeDetails; + } + // Generate an access token $accessToken = SecureKey::make(); $refreshToken = ($this->authServer->hasGrantType('refresh_token')) ? SecureKey::make() : null; @@ -108,7 +129,7 @@ class ClientCredentials implements GrantTypeInterface { $this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'client', $authParams['client_id']); // Create a new session - $this->authServer->getStorage('session')->createSession( + $sessionId = $this->authServer->getStorage('session')->createSession( $authParams['client_id'], null, 'client', @@ -120,6 +141,12 @@ class ClientCredentials implements GrantTypeInterface { 'granted' ); + // Associate scopes with the new session + foreach ($authParams['scopes'] as $scope) + { + $this->authServer->getStorage('session')->associateScope($sessionId, $scope['id']); + } + $response = array( 'access_token' => $accessToken, 'token_type' => 'bearer', diff --git a/src/OAuth2/Grant/Password.php b/src/OAuth2/Grant/Password.php index ccd8a6a1..0fc5a7bc 100644 --- a/src/OAuth2/Grant/Password.php +++ b/src/OAuth2/Grant/Password.php @@ -140,6 +140,27 @@ class Password implements GrantTypeInterface { throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_credentials'), 0); } + // Validate any scopes that are in the request + $scope = $this->authServer->getParam('scope', 'post', $inputParams, ''); + $scopes = explode($this->authServer->getScopeDelimeter(), $scope); + + for ($i = 0; $i < count($scopes); $i++) { + $scopes[$i] = trim($scopes[$i]); + if ($scopes[$i] === '') unset($scopes[$i]); // Remove any junk scopes + } + + $authParams['scopes'] = array(); + + foreach ($scopes as $scope) { + $scopeDetails = $this->authServer->getStorage('scope')->getScope($scope); + + if ($scopeDetails === false) { + throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_scope'], $scope), 4); + } + + $authParams['scopes'][] = $scopeDetails; + } + // Generate an access token $accessToken = SecureKey::make(); $refreshToken = ($this->authServer->hasGrantType('refresh_token')) ? SecureKey::make() : null; @@ -151,7 +172,7 @@ class Password implements GrantTypeInterface { $this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'user', $userId); // Create a new session - $this->authServer->getStorage('session')->createSession( + $sessionId = $this->authServer->getStorage('session')->createSession( $authParams['client_id'], null, 'user', @@ -163,6 +184,12 @@ class Password implements GrantTypeInterface { 'granted' ); + // Associate scopes with the new session + foreach ($authParams['scopes'] as $scope) + { + $this->authServer->getStorage('session')->associateScope($sessionId, $scope['id']); + } + $response = array( 'access_token' => $accessToken, 'token_type' => 'bearer', From 56b559894cd435e69f33445ab80ed92da6a42b92 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 6 Mar 2013 17:57:48 +0000 Subject: [PATCH 011/106] Spelling fix --- src/OAuth2/Grant/ClientCredentials.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/OAuth2/Grant/ClientCredentials.php b/src/OAuth2/Grant/ClientCredentials.php index b7736b3e..9b90f55b 100644 --- a/src/OAuth2/Grant/ClientCredentials.php +++ b/src/OAuth2/Grant/ClientCredentials.php @@ -1,6 +1,6 @@ From 4962762c281dcae4f61f7f6f50bb8e256ee51302 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 6 Mar 2013 18:01:12 +0000 Subject: [PATCH 012/106] Change from static calls --- src/OAuth2/AuthServer.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/OAuth2/AuthServer.php b/src/OAuth2/AuthServer.php index d3fb5fc2..d5af3650 100644 --- a/src/OAuth2/AuthServer.php +++ b/src/OAuth2/AuthServer.php @@ -296,7 +296,7 @@ class AuthServer } // Validate client ID and redirect URI - $clientDetails = self::getStorage('client')->getClient($authParams['client_id'], null, $authParams['redirect_uri']); + $clientDetails = $this->getStorage('client')->getClient($authParams['client_id'], null, $authParams['redirect_uri']); if ($clientDetails === false) { throw new Exception\ClientException(self::$exceptionMessages['invalid_client'], 8); @@ -328,7 +328,7 @@ class AuthServer $authParams['scopes'] = array(); foreach ($scopes as $scope) { - $scopeDetails = self::getStorage('scope')->getScope($scope); + $scopeDetails = $this->getStorage('scope')->getScope($scope); if ($scopeDetails === false) { throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_scope'], $scope), 4); @@ -354,15 +354,15 @@ class AuthServer $authCode = SecureKey::make(); // Remove any old sessions the user might have - self::getStorage('session')->deleteSession($authParams['client_id'], $type, $typeId); + $this->getStorage('session')->deleteSession($authParams['client_id'], $type, $typeId); // Create a new session - $sessionId = self::getStorage('session')->createSession($authParams['client_id'], $authParams['redirect_uri'], $type, $typeId, $authCode); + $sessionId = $this->getStorage('session')->createSession($authParams['client_id'], $authParams['redirect_uri'], $type, $typeId, $authCode); // Associate scopes with the new session foreach ($authParams['scopes'] as $scope) { - self::getStorage('session')->associateScope($sessionId, $scope['id']); + $this->getStorage('session')->associateScope($sessionId, $scope['id']); } return $authCode; From 6b172d4c2761d66103d188ae3470316a5d0ef79b Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 6 Mar 2013 18:01:34 +0000 Subject: [PATCH 013/106] Made getGrantType public for use with implicit grant --- src/OAuth2/AuthServer.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/OAuth2/AuthServer.php b/src/OAuth2/AuthServer.php index d5af3650..97a46274 100644 --- a/src/OAuth2/AuthServer.php +++ b/src/OAuth2/AuthServer.php @@ -396,7 +396,7 @@ class AuthServer * @param string $grantType The grant type identifer * @return class */ - protected function getGrantType($grantType) + public function getGrantType($grantType) { return $this->grantTypes[$grantType]; } From 3341728eb2f8ca524fe0003516c94ce6f4586211 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 6 Mar 2013 18:01:44 +0000 Subject: [PATCH 014/106] Added implicit grant --- src/OAuth2/Grant/Implicit.php | 116 ++++++++++++++++++++++++++++++++++ 1 file changed, 116 insertions(+) create mode 100644 src/OAuth2/Grant/Implicit.php diff --git a/src/OAuth2/Grant/Implicit.php b/src/OAuth2/Grant/Implicit.php new file mode 100644 index 00000000..06b7a6f5 --- /dev/null +++ b/src/OAuth2/Grant/Implicit.php @@ -0,0 +1,116 @@ + + * @copyright Copyright (c) 2013 University of Lincoln + * @license http://mit-license.org/ + * @link http://github.com/lncd/oauth2 + */ + +namespace OAuth2\Grant; + +use OAuth2\Request; +use OAuth2\AuthServer; +use OAuth2\Exception; +use OAuth2\Util\SecureKey; +use OAuth2\Storage\SessionInterface; +use OAuth2\Storage\ClientInterface; +use OAuth2\Storage\ScopeInterface; + +/** + * Client credentials grant class + */ +class Implict implements GrantTypeInterface { + + /** + * Grant identifier + * @var string + */ + protected $identifier = 'implicit'; + + /** + * Response type + * @var string + */ + protected $responseType = 'token'; + + /** + * AuthServer instance + * @var AuthServer + */ + protected $authServer = null; + + /** + * Constructor + * @param AuthServer $authServer AuthServer instance + * @return void + */ + public function __construct(AuthServer $authServer) + { + $this->authServer = $authServer; + } + + /** + * Return the identifier + * @return string + */ + public function getIdentifier() + { + return $this->identifier; + } + + /** + * Return the response type + * @return string + */ + public function getResponseType() + { + return $this->responseType; + } + + /** + * Complete the client credentials grant + * @param null|array $inputParams + * @return array + */ + public function completeFlow($authParams = null) + { + // Remove any old sessions the user might have + $this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'user', $authParams['user_id']); + + // Generate a new access token + $accessToken = SecureKey::make(); + + // Compute expiry time + $accessTokenExpires = time() + $this->authServer->getExpiresIn(); + + // Create a new session + $sessionId = $this->authServer->getStorage('session')->createSession( + $authParams['client_id'], + $authParams['redirect_uri'], + 'user', + $authParams['user_id'], + null, + $accessToken, + null, + $accessTokenExpires, + 'granted' + ); + + // Associate scopes with the new session + foreach ($authParams['scopes'] as $scope) + { + $this->authServer->getStorage('session')->associateScope($sessionId, $scope['id']); + } + + $response = array( + 'access_token' => $accessToken + ); + + return $response; + } + } + +} \ No newline at end of file From 97484eea6a5d6005bb6c924dae2b9b9e4ceca107 Mon Sep 17 00:00:00 2001 From: lapause Date: Wed, 20 Mar 2013 15:55:42 +0100 Subject: [PATCH 015/106] Typo correction in inline doc --- src/OAuth2/AuthServer.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/OAuth2/AuthServer.php b/src/OAuth2/AuthServer.php index 97a46274..2d72bdd5 100644 --- a/src/OAuth2/AuthServer.php +++ b/src/OAuth2/AuthServer.php @@ -403,7 +403,7 @@ class AuthServer /** * Get a parameter from passed input parameters or the Request class - * @param string|array $param Requried parameter + * @param string|array $param Required parameter * @param string $method Get/put/post/delete * @param array $inputParams Passed input parameters * @return mixed 'Null' if parameter is missing From 3a6468897f52a788f39a4146ddce4236e896049d Mon Sep 17 00:00:00 2001 From: lapause Date: Wed, 20 Mar 2013 15:58:27 +0100 Subject: [PATCH 016/106] Removed obsolete namespace inclusion --- src/OAuth2/ResourceServer.php | 1 - 1 file changed, 1 deletion(-) diff --git a/src/OAuth2/ResourceServer.php b/src/OAuth2/ResourceServer.php index e7cc7d2f..05359de7 100644 --- a/src/OAuth2/ResourceServer.php +++ b/src/OAuth2/ResourceServer.php @@ -13,7 +13,6 @@ namespace OAuth2; use OutOfBoundsException; use OAuth2\Storage\SessionInterface; -use OAuth2\Storage\SessionScopeInterface; use OAuth2\Util\RequestInterface; use OAuth2\Util\Request; From 18e1bb33de933e3651088fcdb243a2812f2e4d80 Mon Sep 17 00:00:00 2001 From: lapause Date: Wed, 20 Mar 2013 16:05:48 +0100 Subject: [PATCH 017/106] Added missing details (return values on failure) to methods of SessionInterface --- src/OAuth2/Storage/SessionInterface.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/OAuth2/Storage/SessionInterface.php b/src/OAuth2/Storage/SessionInterface.php index 84651909..60c126ac 100644 --- a/src/OAuth2/Storage/SessionInterface.php +++ b/src/OAuth2/Storage/SessionInterface.php @@ -137,8 +137,8 @@ interface SessionInterface * ) * * - * @param [type] $accessToken [description] - * @return [type] [description] + * @param string $accessToken The access token + * @return bool|array Returns false if the validation fails, array on success */ public function validateAccessToken($accessToken); @@ -161,7 +161,7 @@ interface SessionInterface * Validate a refresh token * @param string $refreshToken The refresh token * @param string $clientId The client ID - * @return int The session ID + * @return bool|int The session ID, or false on failure */ public function validateRefreshToken($refreshToken, $clientId); From 26781d2c380176ef8725c87b15d1cc1b7dc52f70 Mon Sep 17 00:00:00 2001 From: lapause Date: Wed, 20 Mar 2013 22:07:30 +0100 Subject: [PATCH 018/106] Corrected wrong return documentation for SessionInterface::validateAuthCode() method --- src/OAuth2/Storage/SessionInterface.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/OAuth2/Storage/SessionInterface.php b/src/OAuth2/Storage/SessionInterface.php index 60c126ac..4ab8a3c4 100644 --- a/src/OAuth2/Storage/SessionInterface.php +++ b/src/OAuth2/Storage/SessionInterface.php @@ -108,7 +108,7 @@ interface SessionInterface * @param string $clientId The client ID * @param string $redirectUri The redirect URI * @param string $authCode The authorisation code - * @return int|bool Returns the session ID if the auth code + * @return array|bool Returns an array with the session ID in the 'id' key if the auth code * is valid otherwise returns false */ public function validateAuthCode( From 5bd62fe94250197582a6c7a83659aec9362158dd Mon Sep 17 00:00:00 2001 From: Michael Gooden Date: Mon, 4 Mar 2013 17:46:02 +0200 Subject: [PATCH 019/106] Add optional default scope parameter. Signed-off-by: Michael Gooden --- src/OAuth2/AuthServer.php | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/src/OAuth2/AuthServer.php b/src/OAuth2/AuthServer.php index 2d72bdd5..3c3dc008 100644 --- a/src/OAuth2/AuthServer.php +++ b/src/OAuth2/AuthServer.php @@ -63,6 +63,12 @@ class AuthServer */ protected $requireScopeParam = true; + /** + * Default scope to be used if none is provided and requireScopeParam is false + * @var string + */ + protected $defaultScope = null; + /** * Require the "state" parameter to be in checkAuthoriseParams() * @var boolean @@ -186,6 +192,15 @@ class AuthServer $this->requireScopeParam = $require; } + /** + * Default scope to be used if none is provided and requireScopeParam is false + * @var string + */ + public function defaultScope($default = null) + { + $this->defaultScope = $default; + } + /** * Require the "state" paremter in checkAuthoriseParams() * @param boolean $require @@ -323,6 +338,8 @@ class AuthServer if ($this->requireScopeParam === true && count($scopes) === 0) { throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'scope'), 0); + } elseif (count($scopes) === 0 && $this->defaultScope) { + $scopes = array($this->defaultScope); } $authParams['scopes'] = array(); From 6c34535155ca48e8be83dce0f14ba3f3bf7df93a Mon Sep 17 00:00:00 2001 From: Michael Gooden Date: Tue, 5 Mar 2013 08:22:04 +0200 Subject: [PATCH 020/106] First test case. Signed-off-by: Michael Gooden --- tests/authorization/AuthServerTest.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/authorization/AuthServerTest.php b/tests/authorization/AuthServerTest.php index 2e31999c..8a83faff 100644 --- a/tests/authorization/AuthServerTest.php +++ b/tests/authorization/AuthServerTest.php @@ -103,6 +103,19 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase $this->assertFalse($v); } + public function test_defaultScope() + { + $a = $this->returnDefault(); + $a->defaultScope('test.default'); + + $reflector = new ReflectionClass($a); + $requestProperty = $reflector->getProperty('defaultScope'); + $requestProperty->setAccessible(true); + $v = $requestProperty->getValue($a); + + $this->assertEquals('test.default', $v); + } + public function test_requireStateParam() { $a = $this->returnDefault(); From 03aa81450e0501defa51f66712aeddda001c92c1 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Thu, 21 Mar 2013 16:22:16 +0000 Subject: [PATCH 021/106] Renamed method to setDefaultScope --- src/OAuth2/AuthServer.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/OAuth2/AuthServer.php b/src/OAuth2/AuthServer.php index 3c3dc008..fde15351 100644 --- a/src/OAuth2/AuthServer.php +++ b/src/OAuth2/AuthServer.php @@ -196,7 +196,7 @@ class AuthServer * Default scope to be used if none is provided and requireScopeParam is false * @var string */ - public function defaultScope($default = null) + public function setDefaultScope($default = null) { $this->defaultScope = $default; } From 0c30b9ca66bc009572119ccca803902e0792be22 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Thu, 21 Mar 2013 16:22:29 +0000 Subject: [PATCH 022/106] Added scopeParamRequired method --- src/OAuth2/AuthServer.php | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/OAuth2/AuthServer.php b/src/OAuth2/AuthServer.php index fde15351..e717506e 100644 --- a/src/OAuth2/AuthServer.php +++ b/src/OAuth2/AuthServer.php @@ -192,6 +192,15 @@ class AuthServer $this->requireScopeParam = $require; } + /** + * Is the scope parameter required? + * @return bool + */ + public function scopeParamRequired() + { + return $this->requireScopeParam; + } + /** * Default scope to be used if none is provided and requireScopeParam is false * @var string From fce24aa74d5546f2c82588507b2a18a7df6c573e Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Thu, 21 Mar 2013 16:22:44 +0000 Subject: [PATCH 023/106] Added getDefaultScope method --- src/OAuth2/AuthServer.php | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/OAuth2/AuthServer.php b/src/OAuth2/AuthServer.php index e717506e..534a816c 100644 --- a/src/OAuth2/AuthServer.php +++ b/src/OAuth2/AuthServer.php @@ -210,6 +210,15 @@ class AuthServer $this->defaultScope = $default; } + /** + * Default scope to be used if none is provided and requireScopeParam is false + * @return string|null + */ + public function getDefaultScope() + { + return $this->defaultScope; + } + /** * Require the "state" paremter in checkAuthoriseParams() * @param boolean $require From fb518715ce89dc3609e754994838f3b221b953e7 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Thu, 21 Mar 2013 16:25:44 +0000 Subject: [PATCH 024/106] Updated authserver tests --- tests/authorization/AuthServerTest.php | 56 +++++++++++++++++++++++++- 1 file changed, 54 insertions(+), 2 deletions(-) diff --git a/tests/authorization/AuthServerTest.php b/tests/authorization/AuthServerTest.php index 8a83faff..bf534b64 100644 --- a/tests/authorization/AuthServerTest.php +++ b/tests/authorization/AuthServerTest.php @@ -103,10 +103,10 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase $this->assertFalse($v); } - public function test_defaultScope() + public function test_setDefaultScope() { $a = $this->returnDefault(); - $a->defaultScope('test.default'); + $a->setDefaultScope('test.default'); $reflector = new ReflectionClass($a); $requestProperty = $reflector->getProperty('defaultScope'); @@ -116,6 +116,13 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase $this->assertEquals('test.default', $v); } + public function test_getDefaultScope() + { + $a = $this->returnDefault(); + $a->setDefaultScope('test.default'); + $this->assertEquals('test.default', $a->getDefaultScope()); + } + public function test_requireStateParam() { $a = $this->returnDefault(); @@ -195,6 +202,20 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase )); } + /** + * @expectedException OAuth2\Exception\ClientException + * @expectedExceptionCode 0 + */ + public function test_checkAuthoriseParams_noRequiredState() + { + $a = $this->returnDefault(); + $a->requireStateParam(true); + $a->checkAuthoriseParams(array( + 'client_id' => 1234, + 'redirect_uri' => 'http://foo/redirect' + )); + } + /** * @expectedException OAuth2\Exception\ClientException * @expectedExceptionCode 8 @@ -275,6 +296,37 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase )); } + public function test_checkAuthoriseParams_defaultScope() + { + $this->client->shouldReceive('getClient')->andReturn(array( + 'client_id' => 1234, + 'client_secret' => 5678, + 'redirect_uri' => 'http://foo/redirect', + 'name' => 'Example Client' + )); + + $this->scope->shouldReceive('getScope')->andReturn(array( + 'id' => 1, + 'scope' => 'foo', + 'name' => 'Foo Name', + 'description' => 'Foo Name Description' + )); + + $a = $this->returnDefault(); + $a->addGrantType(new OAuth2\Grant\AuthCode($a)); + $a->setDefaultScope('test.scope'); + $a->requireScopeParam(false); + + $params = $a->checkAuthoriseParams(array( + 'client_id' => 1234, + 'redirect_uri' => 'http://foo/redirect', + 'response_type' => 'code', + 'scope' => '' + )); + + $this->assertArrayHasKey('scopes', $params); + } + /** * @expectedException OAuth2\Exception\ClientException * @expectedExceptionCode 4 From 493834fcbf4d2778533b15447da381573308f6dd Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 22 Mar 2013 10:35:42 +0000 Subject: [PATCH 025/106] Removed base64 decoding of token when present in authorization header. Fixes #23 --- src/OAuth2/ResourceServer.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/OAuth2/ResourceServer.php b/src/OAuth2/ResourceServer.php index 05359de7..195f98ed 100644 --- a/src/OAuth2/ResourceServer.php +++ b/src/OAuth2/ResourceServer.php @@ -215,7 +215,7 @@ class ResourceServer protected function determineAccessToken() { if ($header = $this->getRequest()->header('Authorization')) { - $access_token = base64_decode(trim(str_replace('Bearer', '', $header))); + $access_token = trim(str_replace('Bearer', '', $header)); } else { $method = $this->getRequest()->server('REQUEST_METHOD'); $access_token = $this->getRequest()->{$method}($this->tokenKey); From ecf2f2b9ea6ecfd3f1039c6b558e6788fb14dfde Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 22 Mar 2013 10:37:01 +0000 Subject: [PATCH 026/106] Updated ResourceServerTest --- tests/resource/ResourceServerTest.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/resource/ResourceServerTest.php b/tests/resource/ResourceServerTest.php index c6bc058d..9e3ef6d8 100644 --- a/tests/resource/ResourceServerTest.php +++ b/tests/resource/ResourceServerTest.php @@ -85,7 +85,7 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase $param = $requestReflector->getProperty('headers'); $param->setAccessible(true); $param->setValue($request, array( - 'Authorization' => 'Bearer YWJjZGVm' + 'Authorization' => 'Bearer abcdef' )); $s = $this->returnDefault(); $s->setRequest($request); @@ -131,7 +131,7 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase $param = $requestReflector->getProperty('headers'); $param->setAccessible(true); $param->setValue($request, array( - 'Authorization' => 'Bearer YWJjZGVm' + 'Authorization' => 'Bearer abcdef' )); $s = $this->returnDefault(); $s->setRequest($request); @@ -153,7 +153,7 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase $param = $requestReflector->getProperty('headers'); $param->setAccessible(true); $param->setValue($request, array( - 'Authorization' => 'Bearer YWJjZGVm' + 'Authorization' => 'Bearer abcdef' )); $s = $this->returnDefault(); $s->setRequest($request); From 105a5b2a3153d7177b50cd42abb220d601862805 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 22 Mar 2013 10:40:47 +0000 Subject: [PATCH 027/106] Fixed client_id and client_secret retrieval from request in conformity with the RFC --- src/OAuth2/AuthServer.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/OAuth2/AuthServer.php b/src/OAuth2/AuthServer.php index 534a816c..483d137c 100644 --- a/src/OAuth2/AuthServer.php +++ b/src/OAuth2/AuthServer.php @@ -446,7 +446,13 @@ class AuthServer public function getParam($param = '', $method = 'get', $inputParams = array(), $default = null) { if (is_string($param)) { - return (isset($inputParams[$param])) ? $inputParams[$param] : $this->getRequest()->{$method}($param, $default); + if(isset($inputParams[$param])) { + return $inputParams[$param]; + } elseif($param == 'client_id' && !is_null($client_id = $this->getRequest()->server('PHP_AUTH_USER'))) { + return $client_id; + } elseif($param == 'client_secret' && !is_null($client_secret = $this->getRequest()->server('PHP_AUTH_PW'))) { + return $client_secret; + } else return $this->getRequest()->{$method}($param, $default); } else { $response = array(); foreach ($param as $p) { From 0bf2a5333a126310bc6d4079701d11ce109aaed9 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 22 Mar 2013 11:07:55 +0000 Subject: [PATCH 028/106] Added test_scopeParamRequired() --- tests/authorization/AuthServerTest.php | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tests/authorization/AuthServerTest.php b/tests/authorization/AuthServerTest.php index bf534b64..5b3d3a08 100644 --- a/tests/authorization/AuthServerTest.php +++ b/tests/authorization/AuthServerTest.php @@ -103,6 +103,14 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase $this->assertFalse($v); } + public function test_scopeParamRequired() + { + $a = $this->returnDefault(); + $a->requireScopeParam(false); + + $this->assertFalse($a->scopeParamRequired()); + } + public function test_setDefaultScope() { $a = $this->returnDefault(); From fe6ecb1dcff2cda6de914eb806282e9477af4a71 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 22 Mar 2013 11:08:52 +0000 Subject: [PATCH 029/106] Added test_issueAccessToken_HTTP_auth(). Fixes #22 --- tests/authorization/AuthServerTest.php | 35 ++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/tests/authorization/AuthServerTest.php b/tests/authorization/AuthServerTest.php index 5b3d3a08..0158b887 100644 --- a/tests/authorization/AuthServerTest.php +++ b/tests/authorization/AuthServerTest.php @@ -706,6 +706,41 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase $this->assertEquals(time()+$a->getExpiresIn(), $v['expires']); } + public function test_issueAccessToken_HTTP_auth() + { + $this->client->shouldReceive('getClient')->andReturn(array( + 'client_id' => 1234, + 'client_secret' => 5678, + 'redirect_uri' => 'http://foo/redirect', + 'name' => 'Example Client' + )); + + $this->session->shouldReceive('validateAuthCode')->andReturn(1); + $this->session->shouldReceive('updateSession')->andReturn(null); + + $a = $this->returnDefault(); + $a->addGrantType(new OAuth2\Grant\AuthCode($a)); + + $_POST['grant_type'] = 'authorization_code'; + $_SERVER['PHP_AUTH_USER'] = 1234; + $_SERVER['PHP_AUTH_PW'] = 5678; + $_POST['redirect_uri'] = 'http://foo/redirect'; + $_POST['code'] = 'foobar'; + + $request = new OAuth2\Util\Request(array(), $_POST, array(), array(), $_SERVER); + $a->setRequest($request); + + $v = $a->issueAccessToken(); + + $this->assertArrayHasKey('access_token', $v); + $this->assertArrayHasKey('token_type', $v); + $this->assertArrayHasKey('expires', $v); + $this->assertArrayHasKey('expires_in', $v); + + $this->assertEquals($a->getExpiresIn(), $v['expires_in']); + $this->assertEquals(time()+$a->getExpiresIn(), $v['expires']); + } + public function tearDown() { M::close(); } From f4cdfa91c19b77461198a67c3b891466c562ed9d Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 22 Mar 2013 11:41:04 +0000 Subject: [PATCH 030/106] Updated Password grant --- src/OAuth2/Grant/Password.php | 8 +- tests/authorization/PasswordGrantTest.php | 159 ++++++++++++++++++++++ 2 files changed, 166 insertions(+), 1 deletion(-) diff --git a/src/OAuth2/Grant/Password.php b/src/OAuth2/Grant/Password.php index 0fc5a7bc..c9eb0cf6 100644 --- a/src/OAuth2/Grant/Password.php +++ b/src/OAuth2/Grant/Password.php @@ -149,13 +149,19 @@ class Password implements GrantTypeInterface { if ($scopes[$i] === '') unset($scopes[$i]); // Remove any junk scopes } + if ($this->authServer->scopeParamRequired() === true && count($scopes) === 0) { + throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'scope'), 0); + } elseif (count($scopes) === 0 && $this->authServer->getDefaultScope()) { + $scopes = array($this->authServer->getDefaultScope()); + } + $authParams['scopes'] = array(); foreach ($scopes as $scope) { $scopeDetails = $this->authServer->getStorage('scope')->getScope($scope); if ($scopeDetails === false) { - throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_scope'], $scope), 4); + throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_scope'), $scope), 4); } $authParams['scopes'][] = $scopeDetails; diff --git a/tests/authorization/PasswordGrantTest.php b/tests/authorization/PasswordGrantTest.php index e458db6e..22d6b035 100644 --- a/tests/authorization/PasswordGrantTest.php +++ b/tests/authorization/PasswordGrantTest.php @@ -216,6 +216,162 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase )); } + /** + * @expectedException OAuth2\Exception\ClientException + * @expectedExceptionCode 4 + */ + public function test_issueAccessToken_passwordGrant_badScopes() + { + $this->scope->shouldReceive('getScope')->andReturn(false); + + $this->client->shouldReceive('getClient')->andReturn(array( + 'client_id' => 1234, + 'client_secret' => 5678, + 'redirect_uri' => 'http://foo/redirect', + 'name' => 'Example Client' + )); + + $this->client->shouldReceive('validateRefreshToken')->andReturn(1); + $this->session->shouldReceive('validateAuthCode')->andReturn(1); + $this->session->shouldReceive('createSession')->andReturn(1); + $this->session->shouldReceive('deleteSession')->andReturn(null); + $this->session->shouldReceive('updateRefreshToken')->andReturn(null); + + $testCredentials = function($u, $p) { return 1; }; + + $a = $this->returnDefault(); + $pgrant = new OAuth2\Grant\Password($a); + $pgrant->setVerifyCredentialsCallback($testCredentials); + $a->addGrantType($pgrant); + + $v = $a->issueAccessToken(array( + 'grant_type' => 'password', + 'client_id' => 1234, + 'client_secret' => 5678, + 'username' => 'foo', + 'password' => 'bar', + 'scope' => 'blah' + )); + } + + /** + * @expectedException OAuth2\Exception\ClientException + * @expectedExceptionCode 0 + */ + public function test_issueAccessToken_passwordGrant_missingScopes() + { + $this->client->shouldReceive('getClient')->andReturn(array( + 'client_id' => 1234, + 'client_secret' => 5678, + 'redirect_uri' => 'http://foo/redirect', + 'name' => 'Example Client' + )); + + $this->client->shouldReceive('validateRefreshToken')->andReturn(1); + $this->session->shouldReceive('validateAuthCode')->andReturn(1); + $this->session->shouldReceive('createSession')->andReturn(1); + $this->session->shouldReceive('deleteSession')->andReturn(null); + $this->session->shouldReceive('updateRefreshToken')->andReturn(null); + + $testCredentials = function($u, $p) { return 1; }; + + $a = $this->returnDefault(); + $pgrant = new OAuth2\Grant\Password($a); + $pgrant->setVerifyCredentialsCallback($testCredentials); + $a->addGrantType($pgrant); + $a->requireScopeParam(true); + + $v = $a->issueAccessToken(array( + 'grant_type' => 'password', + 'client_id' => 1234, + 'client_secret' => 5678, + 'username' => 'foo', + 'password' => 'bar' + )); + } + + public function test_issueAccessToken_passwordGrant_defaultScope() + { + $this->scope->shouldReceive('getScope')->andReturn(array( + 'id' => 1, + 'scope' => 'foo', + 'name' => 'Foo Name', + 'description' => 'Foo Name Description' + )); + + $this->client->shouldReceive('getClient')->andReturn(array( + 'client_id' => 1234, + 'client_secret' => 5678, + 'redirect_uri' => 'http://foo/redirect', + 'name' => 'Example Client' + )); + + $this->client->shouldReceive('validateRefreshToken')->andReturn(1); + $this->session->shouldReceive('validateAuthCode')->andReturn(1); + $this->session->shouldReceive('createSession')->andReturn(1); + $this->session->shouldReceive('deleteSession')->andReturn(null); + $this->session->shouldReceive('updateRefreshToken')->andReturn(null); + $this->session->shouldReceive('associateScope')->andReturn(null); + + $testCredentials = function($u, $p) { return 1; }; + + $a = $this->returnDefault(); + $pgrant = new OAuth2\Grant\Password($a); + $pgrant->setVerifyCredentialsCallback($testCredentials); + $a->addGrantType($pgrant); + $a->requireScopeParam(false); + $a->setDefaultScope('foobar'); + + $v = $a->issueAccessToken(array( + 'grant_type' => 'password', + 'client_id' => 1234, + 'client_secret' => 5678, + 'username' => 'foo', + 'password' => 'bar', + 'scope' => '' + )); + } + + public function test_issueAccessToken_passwordGrant_goodScope() + { + $this->scope->shouldReceive('getScope')->andReturn(array( + 'id' => 1, + 'scope' => 'foo', + 'name' => 'Foo Name', + 'description' => 'Foo Name Description' + )); + + $this->client->shouldReceive('getClient')->andReturn(array( + 'client_id' => 1234, + 'client_secret' => 5678, + 'redirect_uri' => 'http://foo/redirect', + 'name' => 'Example Client' + )); + + $this->client->shouldReceive('validateRefreshToken')->andReturn(1); + $this->session->shouldReceive('validateAuthCode')->andReturn(1); + $this->session->shouldReceive('createSession')->andReturn(1); + $this->session->shouldReceive('deleteSession')->andReturn(null); + $this->session->shouldReceive('updateRefreshToken')->andReturn(null); + $this->session->shouldReceive('associateScope')->andReturn(null); + + $testCredentials = function($u, $p) { return 1; }; + + $a = $this->returnDefault(); + $pgrant = new OAuth2\Grant\Password($a); + $pgrant->setVerifyCredentialsCallback($testCredentials); + $a->addGrantType($pgrant); + + $v = $a->issueAccessToken(array( + 'grant_type' => 'password', + 'client_id' => 1234, + 'client_secret' => 5678, + 'username' => 'foo', + 'password' => 'bar', + 'scope' => 'blah' + )); + } + function test_issueAccessToken_passwordGrant_passedInput() { $this->client->shouldReceive('getClient')->andReturn(array( @@ -238,6 +394,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase $pgrant = new OAuth2\Grant\Password($a); $pgrant->setVerifyCredentialsCallback($testCredentials); $a->addGrantType($pgrant); + $a->requireScopeParam(false); $v = $a->issueAccessToken(array( 'grant_type' => 'password', @@ -278,6 +435,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase $pgrant = new OAuth2\Grant\Password($a); $pgrant->setVerifyCredentialsCallback($testCredentials); $a->addGrantType($pgrant); + $a->requireScopeParam(false); $_POST['grant_type'] = 'password'; $_POST['client_id'] = 1234; @@ -322,6 +480,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase $pgrant->setVerifyCredentialsCallback($testCredentials); $a->addGrantType($pgrant); $a->addGrantType(new OAuth2\Grant\RefreshToken($a)); + $a->requireScopeParam(false); $_POST['grant_type'] = 'password'; $_POST['client_id'] = 1234; From f463eb9db15043221654944644880792463b1a4a Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 22 Mar 2013 11:44:53 +0000 Subject: [PATCH 031/106] Style fixes --- src/OAuth2/AuthServer.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/OAuth2/AuthServer.php b/src/OAuth2/AuthServer.php index 483d137c..54fb7811 100644 --- a/src/OAuth2/AuthServer.php +++ b/src/OAuth2/AuthServer.php @@ -446,13 +446,15 @@ class AuthServer public function getParam($param = '', $method = 'get', $inputParams = array(), $default = null) { if (is_string($param)) { - if(isset($inputParams[$param])) { + if (isset($inputParams[$param])) { return $inputParams[$param]; - } elseif($param == 'client_id' && !is_null($client_id = $this->getRequest()->server('PHP_AUTH_USER'))) { + } elseif ($param === 'client_id' && ! is_null($client_id = $this->getRequest()->server('PHP_AUTH_USER'))) { return $client_id; - } elseif($param == 'client_secret' && !is_null($client_secret = $this->getRequest()->server('PHP_AUTH_PW'))) { + } elseif ($param === 'client_secret' && ! is_null($client_secret = $this->getRequest()->server('PHP_AUTH_PW'))) { return $client_secret; - } else return $this->getRequest()->{$method}($param, $default); + } else { + return $this->getRequest()->{$method}($param, $default); + } } else { $response = array(); foreach ($param as $p) { From 85312f69950e33e7b579712b9725e332e194d791 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 22 Mar 2013 12:36:18 +0000 Subject: [PATCH 032/106] Updated ClientCredentials to properly include scopes --- src/OAuth2/Grant/ClientCredentials.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/OAuth2/Grant/ClientCredentials.php b/src/OAuth2/Grant/ClientCredentials.php index 9b90f55b..19103e3e 100644 --- a/src/OAuth2/Grant/ClientCredentials.php +++ b/src/OAuth2/Grant/ClientCredentials.php @@ -106,13 +106,19 @@ class ClientCredentials implements GrantTypeInterface { if ($scopes[$i] === '') unset($scopes[$i]); // Remove any junk scopes } + if ($this->authServer->scopeParamRequired() === true && count($scopes) === 0) { + throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'scope'), 0); + } elseif (count($scopes) === 0 && $this->authServer->getDefaultScope()) { + $scopes = array($this->authServer->getDefaultScope()); + } + $authParams['scopes'] = array(); foreach ($scopes as $scope) { $scopeDetails = $this->authServer->getStorage('scope')->getScope($scope); if ($scopeDetails === false) { - throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_scope'], $scope), 4); + throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_scope'), $scope), 4); } $authParams['scopes'][] = $scopeDetails; From 521e5b22aa05f78a4e5ba6a5b5ff8478391b8163 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 22 Mar 2013 12:43:53 +0000 Subject: [PATCH 033/106] Updated unit tests --- .../ClientCredentialsGrantTest.php | 138 +++++++++++++++++- 1 file changed, 137 insertions(+), 1 deletion(-) diff --git a/tests/authorization/ClientCredentialsGrantTest.php b/tests/authorization/ClientCredentialsGrantTest.php index 794294fb..18d07a8c 100644 --- a/tests/authorization/ClientCredentialsGrantTest.php +++ b/tests/authorization/ClientCredentialsGrantTest.php @@ -76,6 +76,139 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase )); } + /** + * @expectedException OAuth2\Exception\ClientException + * @expectedExceptionCode 0 + */ + public function test_issueAccessToken_clientCredentialsGrant_missingScopes() + { + $this->client->shouldReceive('getClient')->andReturn(array( + 'client_id' => 1234, + 'client_secret' => 5678, + 'redirect_uri' => 'http://foo/redirect', + 'name' => 'Example Client' + )); + + $this->client->shouldReceive('validateRefreshToken')->andReturn(1); + $this->session->shouldReceive('validateAuthCode')->andReturn(1); + $this->session->shouldReceive('createSession')->andReturn(1); + $this->session->shouldReceive('deleteSession')->andReturn(null); + $this->session->shouldReceive('updateRefreshToken')->andReturn(null); + + $a = $this->returnDefault(); + $a->addGrantType(new OAuth2\Grant\ClientCredentials($a)); + $a->requireScopeParam(true); + + $v = $a->issueAccessToken(array( + 'grant_type' => 'client_credentials', + 'client_id' => 1234, + 'client_secret' => 5678 + )); + } + + public function test_issueAccessToken_clientCredentialsGrant_defaultScope() + { + $this->scope->shouldReceive('getScope')->andReturn(array( + 'id' => 1, + 'scope' => 'foo', + 'name' => 'Foo Name', + 'description' => 'Foo Name Description' + )); + + $this->client->shouldReceive('getClient')->andReturn(array( + 'client_id' => 1234, + 'client_secret' => 5678, + 'redirect_uri' => 'http://foo/redirect', + 'name' => 'Example Client' + )); + + $this->client->shouldReceive('validateRefreshToken')->andReturn(1); + $this->session->shouldReceive('validateAuthCode')->andReturn(1); + $this->session->shouldReceive('createSession')->andReturn(1); + $this->session->shouldReceive('deleteSession')->andReturn(null); + $this->session->shouldReceive('updateRefreshToken')->andReturn(null); + $this->session->shouldReceive('associateScope')->andReturn(null); + + $a = $this->returnDefault(); + $a->addGrantType(new OAuth2\Grant\ClientCredentials($a)); + $a->requireScopeParam(false); + $a->setDefaultScope('foobar'); + + $v = $a->issueAccessToken(array( + 'grant_type' => 'client_credentials', + 'client_id' => 1234, + 'client_secret' => 5678, + 'scope' => '' + )); + } + + /** + * @expectedException OAuth2\Exception\ClientException + * @expectedExceptionCode 4 + */ + public function test_issueAccessToken_clientCredentialsGrant_badScope() + { + $this->scope->shouldReceive('getScope')->andReturn(false); + + $this->client->shouldReceive('getClient')->andReturn(array( + 'client_id' => 1234, + 'client_secret' => 5678, + 'redirect_uri' => 'http://foo/redirect', + 'name' => 'Example Client' + )); + + $this->client->shouldReceive('validateRefreshToken')->andReturn(1); + $this->session->shouldReceive('validateAuthCode')->andReturn(1); + $this->session->shouldReceive('createSession')->andReturn(1); + $this->session->shouldReceive('deleteSession')->andReturn(null); + $this->session->shouldReceive('updateRefreshToken')->andReturn(null); + $this->session->shouldReceive('associateScope')->andReturn(null); + + $a = $this->returnDefault(); + $a->addGrantType(new OAuth2\Grant\ClientCredentials($a)); + + $v = $a->issueAccessToken(array( + 'grant_type' => 'client_credentials', + 'client_id' => 1234, + 'client_secret' => 5678, + 'scope' => 'blah' + )); + } + + public function test_issueAccessToken_clientCredentialsGrant_goodScope() + { + $this->scope->shouldReceive('getScope')->andReturn(array( + 'id' => 1, + 'scope' => 'foo', + 'name' => 'Foo Name', + 'description' => 'Foo Name Description' + )); + + $this->client->shouldReceive('getClient')->andReturn(array( + 'client_id' => 1234, + 'client_secret' => 5678, + 'redirect_uri' => 'http://foo/redirect', + 'name' => 'Example Client' + )); + + $this->client->shouldReceive('validateRefreshToken')->andReturn(1); + $this->session->shouldReceive('validateAuthCode')->andReturn(1); + $this->session->shouldReceive('createSession')->andReturn(1); + $this->session->shouldReceive('deleteSession')->andReturn(null); + $this->session->shouldReceive('updateRefreshToken')->andReturn(null); + $this->session->shouldReceive('associateScope')->andReturn(null); + + $a = $this->returnDefault(); + $a->addGrantType(new OAuth2\Grant\ClientCredentials($a)); + + $v = $a->issueAccessToken(array( + 'grant_type' => 'client_credentials', + 'client_id' => 1234, + 'client_secret' => 5678, + 'scope' => 'blah' + )); + } + function test_issueAccessToken_clientCredentialsGrant_passedInput() { $this->client->shouldReceive('getClient')->andReturn(array( @@ -94,11 +227,12 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase $a = $this->returnDefault(); $a->addGrantType(new OAuth2\Grant\ClientCredentials($a)); + $a->requireScopeParam(false); $v = $a->issueAccessToken(array( 'grant_type' => 'client_credentials', 'client_id' => 1234, - 'client_secret' => 5678 + 'client_secret' => 5678, )); $this->assertArrayHasKey('access_token', $v); @@ -128,6 +262,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase $a = $this->returnDefault(); $a->addGrantType(new OAuth2\Grant\ClientCredentials($a)); + $a->requireScopeParam(false); $_POST['grant_type'] = 'client_credentials'; $_POST['client_id'] = 1234; @@ -166,6 +301,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase $a = $this->returnDefault(); $a->addGrantType(new OAuth2\Grant\ClientCredentials($a)); $a->addGrantType(new OAuth2\Grant\RefreshToken($a)); + $a->requireScopeParam(false); $_POST['grant_type'] = 'client_credentials'; $_POST['client_id'] = 1234; From 74d9946db37591c83b0a59b8359ebc35259908fb Mon Sep 17 00:00:00 2001 From: ziege Date: Fri, 22 Mar 2013 17:24:36 +0100 Subject: [PATCH 034/106] Storage corrected Wrong client storage replaced with session storage --- src/OAuth2/Grant/RefreshToken.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/OAuth2/Grant/RefreshToken.php b/src/OAuth2/Grant/RefreshToken.php index 46d9103a..ee941554 100644 --- a/src/OAuth2/Grant/RefreshToken.php +++ b/src/OAuth2/Grant/RefreshToken.php @@ -102,7 +102,7 @@ class RefreshToken implements GrantTypeInterface { } // Validate refresh token - $sessionId = $this->authServer->getStorage('client')->validateRefreshToken( + $sessionId = $this->authServer->getStorage('session')->validateRefreshToken( $authParams['refresh_token'], $authParams['client_id'] ); @@ -129,4 +129,4 @@ class RefreshToken implements GrantTypeInterface { ); } -} \ No newline at end of file +} From be478561b6fd3cf15bad356d51ce611d78d3b5dc Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Fri, 22 Mar 2013 16:28:45 +0000 Subject: [PATCH 035/106] Fixed unit tests following 74d9946db37591c83b0a59b8359ebc35259908fb --- tests/authorization/RefreshTokenTest.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/tests/authorization/RefreshTokenTest.php b/tests/authorization/RefreshTokenTest.php index 6ea99f2b..8ec7aa0f 100644 --- a/tests/authorization/RefreshTokenTest.php +++ b/tests/authorization/RefreshTokenTest.php @@ -142,7 +142,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase public function test_issueAccessToken_refreshTokenGrant_badRefreshToken() { $this->client->shouldReceive('getClient')->andReturn(array()); - $this->client->shouldReceive('validateRefreshToken')->andReturn(false); + $this->session->shouldReceive('validateRefreshToken')->andReturn(false); $a = $this->returnDefault(); $a->addGrantType(new OAuth2\Grant\RefreshToken($a)); @@ -167,8 +167,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase 'name' => 'Example Client' )); - $this->client->shouldReceive('validateRefreshToken')->andReturn(1); - + $this->session->shouldReceive('validateRefreshToken')->andReturn(1); $this->session->shouldReceive('validateAuthCode')->andReturn(1); $this->session->shouldReceive('updateSession')->andReturn(null); $this->session->shouldReceive('updateRefreshToken')->andReturn(null); @@ -205,7 +204,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase 'name' => 'Example Client' )); - $this->client->shouldReceive('validateRefreshToken')->andReturn(1); + $this->session->shouldReceive('validateRefreshToken')->andReturn(1); $this->session->shouldReceive('validateAuthCode')->andReturn(1); $this->session->shouldReceive('updateSession')->andReturn(null); From 4cb4d5ba21426c1d33ea2fc5ddbaa3398684a118 Mon Sep 17 00:00:00 2001 From: ziege Date: Tue, 26 Mar 2013 07:20:26 +0100 Subject: [PATCH 036/106] Refresh token removed in Client Credentials Grant As defined in RFC: http://tools.ietf.org/html/rfc6749#section-4.4.3 --- src/OAuth2/Grant/ClientCredentials.php | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/src/OAuth2/Grant/ClientCredentials.php b/src/OAuth2/Grant/ClientCredentials.php index 19103e3e..2becff4f 100644 --- a/src/OAuth2/Grant/ClientCredentials.php +++ b/src/OAuth2/Grant/ClientCredentials.php @@ -126,7 +126,6 @@ class ClientCredentials implements GrantTypeInterface { // Generate an access token $accessToken = SecureKey::make(); - $refreshToken = ($this->authServer->hasGrantType('refresh_token')) ? SecureKey::make() : null; $accessTokenExpires = time() + $this->authServer->getExpiresIn(); $accessTokenExpiresIn = $this->authServer->getExpiresIn(); @@ -142,7 +141,7 @@ class ClientCredentials implements GrantTypeInterface { $authParams['client_id'], null, $accessToken, - $refreshToken, + null, $accessTokenExpires, 'granted' ); @@ -160,11 +159,7 @@ class ClientCredentials implements GrantTypeInterface { 'expires_in' => $accessTokenExpiresIn ); - if ($this->authServer->hasGrantType('refresh_token')) { - $response['refresh_token'] = $refreshToken; - } - return $response; } -} \ No newline at end of file +} From 28f85e3bea50cb715d5c2282831dcb9d26263a91 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 27 Mar 2013 13:29:11 +0000 Subject: [PATCH 037/106] Fixed broken unit test. Fixes #28 --- tests/authorization/ClientCredentialsGrantTest.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/authorization/ClientCredentialsGrantTest.php b/tests/authorization/ClientCredentialsGrantTest.php index 18d07a8c..8ea1af20 100644 --- a/tests/authorization/ClientCredentialsGrantTest.php +++ b/tests/authorization/ClientCredentialsGrantTest.php @@ -300,7 +300,6 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase $a = $this->returnDefault(); $a->addGrantType(new OAuth2\Grant\ClientCredentials($a)); - $a->addGrantType(new OAuth2\Grant\RefreshToken($a)); $a->requireScopeParam(false); $_POST['grant_type'] = 'client_credentials'; @@ -316,7 +315,6 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase $this->assertArrayHasKey('token_type', $v); $this->assertArrayHasKey('expires', $v); $this->assertArrayHasKey('expires_in', $v); - $this->assertArrayHasKey('refresh_token', $v); $this->assertEquals($a->getExpiresIn(), $v['expires_in']); $this->assertEquals(time()+$a->getExpiresIn(), $v['expires']); From e563230f1086cfc765a030a405729f55d0d53a69 Mon Sep 17 00:00:00 2001 From: ziege Date: Tue, 26 Mar 2013 17:17:01 +0100 Subject: [PATCH 038/106] Method to get all headers for the error response Method added to get all required headers for the error response, according to the RFC - the correct HTTP status code and the "WWW-Authenticate" header in special cases. --- src/OAuth2/AuthServer.php | 79 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) diff --git a/src/OAuth2/AuthServer.php b/src/OAuth2/AuthServer.php index 54fb7811..c31f3bde 100644 --- a/src/OAuth2/AuthServer.php +++ b/src/OAuth2/AuthServer.php @@ -117,6 +117,85 @@ class AuthServer 'invalid_refresh' => 'The refresh token is invalid.', ); + /** + * Exception error HTTP status codes + * @var array + * + * RFC 6749, section 4.1.2.1.: + * No 503 status code for 'temporarily_unavailable', because + * "a 503 Service Unavailable HTTP status code cannot be + * returned to the client via an HTTP redirect" + */ + protected static $exceptionHttpStatusCodes = array( + 'invalid_request' => 400, + 'unauthorized_client' => 400, + 'access_denied' => 401, + 'unsupported_response_type' => 400, + 'invalid_scope' => 400, + 'server_error' => 500, + 'temporarily_unavailable' => 400, + 'unsupported_grant_type' => 400, + 'invalid_client' => 401, + 'invalid_grant' => 400, + 'invalid_credentials' => 400, + 'invalid_refresh' => 400, + ); + + /** + * Get all headers that have to be send with the error response + * + * @param string $error The error message key + * @return array Array with header values + */ + public static function getExceptionHttpHeaders($error) + { + $headers = array(); + switch (self::$exceptionHttpStatusCodes[$error]) { + case 401: + $headers[] = 'HTTP/1.1 401 Unauthorized'; + break; + case 500: + $headers[] = 'HTTP/1.1 500 Internal Server Error'; + break; + case 501: + $headers[] = 'HTTP/1.1 501 Not Implemented'; + break; + case 400: + default: + $headers[] = 'HTTP/1.1 400 Bad Request'; + } + + // Add "WWW-Authenticate" header + // + // RFC 6749, section 5.2.: + // "If the client attempted to authenticate via the 'Authorization' + // request header field, the authorization server MUST + // respond with an HTTP 401 (Unauthorized) status code and + // include the "WWW-Authenticate" response header field + // matching the authentication scheme used by the client. + if ($error === 'invalid_client') { + $auth_scheme = null; + $request = new Request(); + if ($request->server('PHP_AUTH_USER') !== null) { + $auth_scheme = 'Basic'; + } else { + $auth_header = $request->header('Authorization'); + if ($auth_header !== null) { + if (strpos($auth_header, 'Bearer') === 0) { + $auth_scheme = 'Bearer'; + } elseif (strpos($auth_header, 'Basic') === 0) { + $auth_scheme = 'Basic'; + } + } + } + if ($auth_scheme !== null) { + $headers[] = "WWW-Authenticate: $auth_scheme realm=\"\""; + } + } + + return $headers; + } + /** * Get an exception message * From 3481ec8aa2fbf7bba8ec07b422dd461a5e3dc7fe Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 27 Mar 2013 14:26:46 +0000 Subject: [PATCH 039/106] Variable name fixes + little changes to support unit tests --- src/OAuth2/AuthServer.php | 36 +++++++++++++++++++----------------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/src/OAuth2/AuthServer.php b/src/OAuth2/AuthServer.php index c31f3bde..1e45f363 100644 --- a/src/OAuth2/AuthServer.php +++ b/src/OAuth2/AuthServer.php @@ -120,9 +120,9 @@ class AuthServer /** * Exception error HTTP status codes * @var array - * + * * RFC 6749, section 4.1.2.1.: - * No 503 status code for 'temporarily_unavailable', because + * No 503 status code for 'temporarily_unavailable', because * "a 503 Service Unavailable HTTP status code cannot be * returned to the client via an HTTP redirect" */ @@ -134,13 +134,13 @@ class AuthServer 'invalid_scope' => 400, 'server_error' => 500, 'temporarily_unavailable' => 400, - 'unsupported_grant_type' => 400, + 'unsupported_grant_type' => 501, 'invalid_client' => 401, 'invalid_grant' => 400, 'invalid_credentials' => 400, 'invalid_refresh' => 400, ); - + /** * Get all headers that have to be send with the error response * @@ -164,35 +164,37 @@ class AuthServer default: $headers[] = 'HTTP/1.1 400 Bad Request'; } - + // Add "WWW-Authenticate" header // - // RFC 6749, section 5.2.: + // RFC 6749, section 5.2.: // "If the client attempted to authenticate via the 'Authorization' // request header field, the authorization server MUST // respond with an HTTP 401 (Unauthorized) status code and // include the "WWW-Authenticate" response header field // matching the authentication scheme used by the client. + // @codeCoverageIgnoreStart if ($error === 'invalid_client') { - $auth_scheme = null; + $authScheme = null; $request = new Request(); if ($request->server('PHP_AUTH_USER') !== null) { - $auth_scheme = 'Basic'; + $authScheme = 'Basic'; } else { - $auth_header = $request->header('Authorization'); - if ($auth_header !== null) { - if (strpos($auth_header, 'Bearer') === 0) { - $auth_scheme = 'Bearer'; - } elseif (strpos($auth_header, 'Basic') === 0) { - $auth_scheme = 'Basic'; + $authHeader = $request->header('Authorization'); + if ($authHeader !== null) { + if (strpos($authHeader, 'Bearer') === 0) { + $authScheme = 'Bearer'; + } elseif (strpos($authHeader, 'Basic') === 0) { + $authScheme = 'Basic'; } } } - if ($auth_scheme !== null) { - $headers[] = "WWW-Authenticate: $auth_scheme realm=\"\""; + if ($authScheme !== null) { + $headers[] = 'WWW-Authenticate: '.$authScheme.' realm=""'; } } - + // @codeCoverageIgnoreEnd + return $headers; } From d53abc661c525b3785c5516df6e6f9f2a21b8203 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 27 Mar 2013 14:27:06 +0000 Subject: [PATCH 040/106] getExceptionHttpHeaders() unit tests --- tests/authorization/AuthServerTest.php | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tests/authorization/AuthServerTest.php b/tests/authorization/AuthServerTest.php index 0158b887..8b4c7bbe 100644 --- a/tests/authorization/AuthServerTest.php +++ b/tests/authorization/AuthServerTest.php @@ -50,6 +50,14 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase $this->assertEquals('access_denied', OAuth2\AuthServer::getExceptionType(2)); } + public function test_getExceptionHttpHeaders() + { + $this->assertEquals(array('HTTP/1.1 401 Unauthorized'), OAuth2\AuthServer::getExceptionHttpHeaders('access_denied')); + $this->assertEquals(array('HTTP/1.1 500 Internal Server Error'), OAuth2\AuthServer::getExceptionHttpHeaders('server_error')); + $this->assertEquals(array('HTTP/1.1 501 Not Implemented'), OAuth2\AuthServer::getExceptionHttpHeaders('unsupported_grant_type')); + $this->assertEquals(array('HTTP/1.1 400 Bad Request'), OAuth2\AuthServer::getExceptionHttpHeaders('invalid_refresh')); + } + public function test_hasGrantType() { $a = $this->returnDefault(); From a7b4f7d66bfc3bb650eb831f1a6df3215f17ee5b Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 27 Mar 2013 14:47:07 +0000 Subject: [PATCH 041/106] Added grant to getClient calls. Fixes #21 --- src/OAuth2/Grant/AuthCode.php | 2 +- src/OAuth2/Grant/ClientCredentials.php | 2 +- src/OAuth2/Grant/Password.php | 4 ++-- src/OAuth2/Grant/RefreshToken.php | 2 +- src/OAuth2/Storage/ClientInterface.php | 3 ++- 5 files changed, 7 insertions(+), 6 deletions(-) diff --git a/src/OAuth2/Grant/AuthCode.php b/src/OAuth2/Grant/AuthCode.php index c0240cc5..d6e77d03 100644 --- a/src/OAuth2/Grant/AuthCode.php +++ b/src/OAuth2/Grant/AuthCode.php @@ -93,7 +93,7 @@ class AuthCode implements GrantTypeInterface { } // Validate client ID and redirect URI - $clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret'], $authParams['redirect_uri']); + $clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret'], $authParams['redirect_uri'], $this->identifier); if ($clientDetails === false) { throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_client'), 8); diff --git a/src/OAuth2/Grant/ClientCredentials.php b/src/OAuth2/Grant/ClientCredentials.php index 2becff4f..88ac8d1a 100644 --- a/src/OAuth2/Grant/ClientCredentials.php +++ b/src/OAuth2/Grant/ClientCredentials.php @@ -89,7 +89,7 @@ class ClientCredentials implements GrantTypeInterface { } // Validate client ID and client secret - $clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret']); + $clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret'], null, $this->identifier); if ($clientDetails === false) { throw new Exception\ClientException(AuthServer::getExceptionMessage('invalid_client'), 8); diff --git a/src/OAuth2/Grant/Password.php b/src/OAuth2/Grant/Password.php index c9eb0cf6..8ea78101 100644 --- a/src/OAuth2/Grant/Password.php +++ b/src/OAuth2/Grant/Password.php @@ -116,8 +116,8 @@ class Password implements GrantTypeInterface { throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_secret'), 0); } - // Validate client ID and redirect URI - $clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret']); + // Validate client credentials + $clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret'], null, $this->identifier); if ($clientDetails === false) { throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_client'), 8); diff --git a/src/OAuth2/Grant/RefreshToken.php b/src/OAuth2/Grant/RefreshToken.php index ee941554..b8f62805 100644 --- a/src/OAuth2/Grant/RefreshToken.php +++ b/src/OAuth2/Grant/RefreshToken.php @@ -89,7 +89,7 @@ class RefreshToken implements GrantTypeInterface { } // Validate client ID and client secret - $clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret']); + $clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret'], null, $this->identifier); if ($clientDetails === false) { throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_client'), 8); diff --git a/src/OAuth2/Storage/ClientInterface.php b/src/OAuth2/Storage/ClientInterface.php index 408ff959..ee4437b8 100644 --- a/src/OAuth2/Storage/ClientInterface.php +++ b/src/OAuth2/Storage/ClientInterface.php @@ -48,7 +48,8 @@ interface ClientInterface * @param string $clientId The client's ID * @param string $clientSecret The client's secret (default = "null") * @param string $redirectUri The client's redirect URI (default = "null") + * @param string $grantType The grant type used in the request * @return bool|array Returns false if the validation fails, array on success */ - public function getClient($clientId = null, $clientSecret = null, $redirectUri = null); + public function getClient($clientId = null, $clientSecret = null, $redirectUri = null, $grantType = null); } \ No newline at end of file From a18b4184f590dc61e02e429a7f8f92a373339f52 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Thu, 28 Mar 2013 10:44:45 +0000 Subject: [PATCH 042/106] getScopes() now have the grant type and client ID passed --- src/OAuth2/Grant/ClientCredentials.php | 2 +- src/OAuth2/Grant/Password.php | 2 +- src/OAuth2/Storage/ScopeInterface.php | 5 +++-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/src/OAuth2/Grant/ClientCredentials.php b/src/OAuth2/Grant/ClientCredentials.php index 88ac8d1a..2909132e 100644 --- a/src/OAuth2/Grant/ClientCredentials.php +++ b/src/OAuth2/Grant/ClientCredentials.php @@ -115,7 +115,7 @@ class ClientCredentials implements GrantTypeInterface { $authParams['scopes'] = array(); foreach ($scopes as $scope) { - $scopeDetails = $this->authServer->getStorage('scope')->getScope($scope); + $scopeDetails = $this->authServer->getStorage('scope')->getScope($scope, $authParams['client_id'], $this->identifier); if ($scopeDetails === false) { throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_scope'), $scope), 4); diff --git a/src/OAuth2/Grant/Password.php b/src/OAuth2/Grant/Password.php index 8ea78101..e82c03b7 100644 --- a/src/OAuth2/Grant/Password.php +++ b/src/OAuth2/Grant/Password.php @@ -158,7 +158,7 @@ class Password implements GrantTypeInterface { $authParams['scopes'] = array(); foreach ($scopes as $scope) { - $scopeDetails = $this->authServer->getStorage('scope')->getScope($scope); + $scopeDetails = $this->authServer->getStorage('scope')->getScope($scope, $authParams['client_id'], $this->identifier); if ($scopeDetails === false) { throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_scope'), $scope), 4); diff --git a/src/OAuth2/Storage/ScopeInterface.php b/src/OAuth2/Storage/ScopeInterface.php index 99c6689a..f254facc 100644 --- a/src/OAuth2/Storage/ScopeInterface.php +++ b/src/OAuth2/Storage/ScopeInterface.php @@ -34,8 +34,9 @@ interface ScopeInterface * ) * * - * @param string $scope The scope + * @param string $scope The scope + * @param string $clientId The client ID * @return bool|array If the scope doesn't exist return false */ - public function getScope($scope); + public function getScope($scope, $clientId = null, $grantType = null); } From 9c9db978c666db7a7de27ea545c8b7f6a3283cd4 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Sun, 31 Mar 2013 13:37:02 +0100 Subject: [PATCH 043/106] Move authorisation code grant stuff into own grant --- src/OAuth2/AuthServer.php | 99 ------ src/OAuth2/Grant/AuthCode.php | 99 ++++++ tests/authorization/AuthCodeGrantTest.php | 359 ++++++++++++++++++++++ tests/authorization/AuthServerTest.php | 309 ------------------- 4 files changed, 458 insertions(+), 408 deletions(-) create mode 100644 tests/authorization/AuthCodeGrantTest.php diff --git a/src/OAuth2/AuthServer.php b/src/OAuth2/AuthServer.php index 1e45f363..1b882622 100644 --- a/src/OAuth2/AuthServer.php +++ b/src/OAuth2/AuthServer.php @@ -385,105 +385,6 @@ class AuthServer return $this->storages[$obj]; } - /** - * Check authorise parameters - * - * @param array $inputParams Optional array of parsed $_GET keys - * @throws \OAuth2\Exception\ClientException - * @return array Authorise request parameters - */ - public function checkAuthoriseParams($inputParams = array()) - { - // Auth params - $authParams = $this->getParam(array('client_id', 'redirect_uri', 'response_type', 'scope', 'state'), 'get', $inputParams); - - if (is_null($authParams['client_id'])) { - throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'client_id'), 0); - } - - if (is_null($authParams['redirect_uri'])) { - throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'redirect_uri'), 0); - } - - if ($this->requireStateParam === true && is_null($authParams['state'])) { - throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'state'), 0); - } - - // Validate client ID and redirect URI - $clientDetails = $this->getStorage('client')->getClient($authParams['client_id'], null, $authParams['redirect_uri']); - - if ($clientDetails === false) { - throw new Exception\ClientException(self::$exceptionMessages['invalid_client'], 8); - } - - $authParams['client_details'] = $clientDetails; - - if (is_null($authParams['response_type'])) { - throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'response_type'), 0); - } - - // Ensure response type is one that is recognised - if ( ! in_array($authParams['response_type'], $this->responseTypes)) { - throw new Exception\ClientException(self::$exceptionMessages['unsupported_response_type'], 3); - } - - // Validate scopes - $scopes = explode($this->scopeDelimeter, $authParams['scope']); - - for ($i = 0; $i < count($scopes); $i++) { - $scopes[$i] = trim($scopes[$i]); - if ($scopes[$i] === '') unset($scopes[$i]); // Remove any junk scopes - } - - if ($this->requireScopeParam === true && count($scopes) === 0) { - throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'scope'), 0); - } elseif (count($scopes) === 0 && $this->defaultScope) { - $scopes = array($this->defaultScope); - } - - $authParams['scopes'] = array(); - - foreach ($scopes as $scope) { - $scopeDetails = $this->getStorage('scope')->getScope($scope); - - if ($scopeDetails === false) { - throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_scope'], $scope), 4); - } - - $authParams['scopes'][] = $scopeDetails; - } - - return $authParams; - } - - /** - * Parse a new authorise request - * - * @param string $type The session owner's type - * @param string $typeId The session owner's ID - * @param array $authParams The authorise request $_GET parameters - * @return string An authorisation code - */ - public function newAuthoriseRequest($type, $typeId, $authParams = array()) - { - // Generate an auth code - $authCode = SecureKey::make(); - - // Remove any old sessions the user might have - $this->getStorage('session')->deleteSession($authParams['client_id'], $type, $typeId); - - // Create a new session - $sessionId = $this->getStorage('session')->createSession($authParams['client_id'], $authParams['redirect_uri'], $type, $typeId, $authCode); - - // Associate scopes with the new session - foreach ($authParams['scopes'] as $scope) - { - $this->getStorage('session')->associateScope($sessionId, $scope['id']); - } - - return $authCode; - } - /** * Issue an access token * diff --git a/src/OAuth2/Grant/AuthCode.php b/src/OAuth2/Grant/AuthCode.php index d6e77d03..acae346a 100644 --- a/src/OAuth2/Grant/AuthCode.php +++ b/src/OAuth2/Grant/AuthCode.php @@ -70,6 +70,105 @@ class AuthCode implements GrantTypeInterface { return $this->responseType; } + /** + * Check authorise parameters + * + * @param array $inputParams Optional array of parsed $_GET keys + * @throws \OAuth2\Exception\ClientException + * @return array Authorise request parameters + */ + public function checkAuthoriseParams($inputParams = array()) + { + // Auth params + $authParams = $this->authServer->getParam(array('client_id', 'redirect_uri', 'response_type', 'scope', 'state'), 'get', $inputParams); + + if (is_null($authParams['client_id'])) { + throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_id'), 0); + } + + if (is_null($authParams['redirect_uri'])) { + throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'redirect_uri'), 0); + } + + if ($this->authServer->scopeParamRequired() === true && is_null($authParams['state'])) { + throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'state'), 0); + } + + // Validate client ID and redirect URI + $clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], null, $authParams['redirect_uri']); + + if ($clientDetails === false) { + throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_client'), 8); + } + + $authParams['client_details'] = $clientDetails; + + if (is_null($authParams['response_type'])) { + throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'response_type'), 0); + } + + // Ensure response type is one that is recognised + if ( ! in_array($authParams['response_type'], $this->authServer->getResponseTypes())) { + throw new Exception\ClientException($this->authServer->getExceptionMessage('unsupported_response_type'), 3); + } + + // Validate scopes + $scopes = explode($this->authServer->getScopeDelimeter(), $authParams['scope']); + + for ($i = 0; $i < count($scopes); $i++) { + $scopes[$i] = trim($scopes[$i]); + if ($scopes[$i] === '') unset($scopes[$i]); // Remove any junk scopes + } + + if ($this->authServer->scopeParamRequired() === true && count($scopes) === 0) { + throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'scope'), 0); + } elseif (count($scopes) === 0 && $this->authServer->getDefaultScope()) { + $scopes = array($this->authServer->getDefaultScope()); + } + + $authParams['scopes'] = array(); + + foreach ($scopes as $scope) { + $scopeDetails = $this->authServer->getStorage('scope')->getScope($scope, $authParams['client_id'], $this->identifier); + + if ($scopeDetails === false) { + throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_scope'), $scope), 4); + } + + $authParams['scopes'][] = $scopeDetails; + } + + return $authParams; + } + + /** + * Parse a new authorise request + * + * @param string $type The session owner's type + * @param string $typeId The session owner's ID + * @param array $authParams The authorise request $_GET parameters + * @return string An authorisation code + */ + public function newAuthoriseRequest($type, $typeId, $authParams = array()) + { + // Generate an auth code + $authCode = SecureKey::make(); + + // Remove any old sessions the user might have + $this->authServer->getStorage('session')->deleteSession($authParams['client_id'], $type, $typeId); + + // Create a new session + $sessionId = $this->authServer->getStorage('session')->createSession($authParams['client_id'], $authParams['redirect_uri'], $type, $typeId, $authCode); + + // Associate scopes with the new session + foreach ($authParams['scopes'] as $scope) + { + $this->authServer->getStorage('session')->associateScope($sessionId, $scope['id']); + } + + return $authCode; + } + /** * Complete the auth code grant * @param null|array $inputParams diff --git a/tests/authorization/AuthCodeGrantTest.php b/tests/authorization/AuthCodeGrantTest.php new file mode 100644 index 00000000..acea6775 --- /dev/null +++ b/tests/authorization/AuthCodeGrantTest.php @@ -0,0 +1,359 @@ +client = M::mock('OAuth2\Storage\ClientInterface'); + $this->session = M::mock('OAuth2\Storage\SessionInterface'); + $this->scope = M::mock('OAuth2\Storage\ScopeInterface'); + } + + private function returnDefault() + { + return new OAuth2\AuthServer($this->client, $this->session, $this->scope); + } + + /** + * @expectedException OAuth2\Exception\ClientException + * @expectedExceptionCode 0 + */ + public function test_checkAuthoriseParams_noClientId() + { + $a = $this->returnDefault(); + $g = new OAuth2\Grant\AuthCode($a); + $a->addGrantType($g); + $g->checkAuthoriseParams(); + } + + /** + * @expectedException OAuth2\Exception\ClientException + * @expectedExceptionCode 0 + */ + public function test_checkAuthoriseParams_noRedirectUri() + { + $a = $this->returnDefault(); + $g = new OAuth2\Grant\AuthCode($a); + $a->addGrantType($g); + $g->checkAuthoriseParams(array( + 'client_id' => 1234 + )); + } + + /** + * @expectedException OAuth2\Exception\ClientException + * @expectedExceptionCode 0 + */ + public function test_checkAuthoriseParams_noRequiredState() + { + $a = $this->returnDefault(); + $g = new OAuth2\Grant\AuthCode($a); + $a->addGrantType($g); + $a->requireStateParam(true); + $g->checkAuthoriseParams(array( + 'client_id' => 1234, + 'redirect_uri' => 'http://foo/redirect' + )); + } + + + /** + * @expectedException OAuth2\Exception\ClientException + * @expectedExceptionCode 8 + */ + public function test_checkAuthoriseParams_badClient() + { + $this->client->shouldReceive('getClient')->andReturn(false); + + $a = $this->returnDefault(); + $g = new OAuth2\Grant\AuthCode($a); + $a->addGrantType($g); + $g->checkAuthoriseParams(array( + 'client_id' => 1234, + 'redirect_uri' => 'http://foo/redirect' + )); + } + + /** + * @expectedException OAuth2\Exception\ClientException + * @expectedExceptionCode 0 + */ + public function test_checkAuthoriseParams_missingResponseType() + { + $this->client->shouldReceive('getClient')->andReturn(array( + 'client_id' => 1234, + 'client_secret' => 5678, + 'redirect_uri' => 'http://foo/redirect', + 'name' => 'Example Client' + )); + + $a = $this->returnDefault(); + $g = new OAuth2\Grant\AuthCode($a); + $a->addGrantType($g); + $g->checkAuthoriseParams(array( + 'client_id' => 1234, + 'redirect_uri' => 'http://foo/redirect' + )); + } + + /** + * @expectedException OAuth2\Exception\ClientException + * @expectedExceptionCode 3 + */ + public function test_checkAuthoriseParams_badResponseType() + { + $this->client->shouldReceive('getClient')->andReturn(array( + 'client_id' => 1234, + 'client_secret' => 5678, + 'redirect_uri' => 'http://foo/redirect', + 'name' => 'Example Client' + )); + + $a = $this->returnDefault(); + $g = new OAuth2\Grant\AuthCode($a); + $a->addGrantType($g); + $g->checkAuthoriseParams(array( + 'client_id' => 1234, + 'redirect_uri' => 'http://foo/redirect', + 'response_type' => 'foo' + )); + } + + /** + * @expectedException OAuth2\Exception\ClientException + * @expectedExceptionCode 0 + */ + public function test_checkAuthoriseParams_missingScopes() + { + $this->client->shouldReceive('getClient')->andReturn(array( + 'client_id' => 1234, + 'client_secret' => 5678, + 'redirect_uri' => 'http://foo/redirect', + 'name' => 'Example Client' + )); + + $a = $this->returnDefault(); + $g = new OAuth2\Grant\AuthCode($a); + $a->addGrantType($g); + $a->addGrantType(new OAuth2\Grant\AuthCode($a)); + + $g->checkAuthoriseParams(array( + 'client_id' => 1234, + 'redirect_uri' => 'http://foo/redirect', + 'response_type' => 'code', + 'scope' => '' + )); + } + + public function test_checkAuthoriseParams_defaultScope() + { + $this->client->shouldReceive('getClient')->andReturn(array( + 'client_id' => 1234, + 'client_secret' => 5678, + 'redirect_uri' => 'http://foo/redirect', + 'name' => 'Example Client' + )); + + $this->scope->shouldReceive('getScope')->andReturn(array( + 'id' => 1, + 'scope' => 'foo', + 'name' => 'Foo Name', + 'description' => 'Foo Name Description' + )); + + $a = $this->returnDefault(); + $g = new OAuth2\Grant\AuthCode($a); + $a->addGrantType($g); + $a->addGrantType(new OAuth2\Grant\AuthCode($a)); + $a->setDefaultScope('test.scope'); + $a->requireScopeParam(false); + + $params = $g->checkAuthoriseParams(array( + 'client_id' => 1234, + 'redirect_uri' => 'http://foo/redirect', + 'response_type' => 'code', + 'scope' => '' + )); + + $this->assertArrayHasKey('scopes', $params); + } + + /** + * @expectedException OAuth2\Exception\ClientException + * @expectedExceptionCode 4 + */ + public function test_checkAuthoriseParams_badScopes() + { + $this->client->shouldReceive('getClient')->andReturn(array( + 'client_id' => 1234, + 'client_secret' => 5678, + 'redirect_uri' => 'http://foo/redirect', + 'name' => 'Example Client' + )); + + $this->scope->shouldReceive('getScope')->andReturn(false); + + $a = $this->returnDefault(); + $g = new OAuth2\Grant\AuthCode($a); + $a->addGrantType($g); + $a->addGrantType(new OAuth2\Grant\AuthCode($a)); + + $g->checkAuthoriseParams(array( + 'client_id' => 1234, + 'redirect_uri' => 'http://foo/redirect', + 'response_type' => 'code', + 'scope' => 'foo' + )); + } + + public function test_checkAuthoriseParams_passedInput() + { + $a = $this->returnDefault(); + $g = new OAuth2\Grant\AuthCode($a); + $a->addGrantType($g); + $a->addGrantType(new OAuth2\Grant\AuthCode($a)); + + $this->client->shouldReceive('getClient')->andReturn(array( + 'client_id' => 1234, + 'client_secret' => 5678, + 'redirect_uri' => 'http://foo/redirect', + 'name' => 'Example Client' + )); + + $this->scope->shouldReceive('getScope')->andReturn(array( + 'id' => 1, + 'scope' => 'foo', + 'name' => 'Foo Name', + 'description' => 'Foo Name Description' + )); + + $v = $g->checkAuthoriseParams(array( + 'client_id' => 1234, + 'redirect_uri' => 'http://foo/redirect', + 'response_type' => 'code', + 'scope' => 'foo', + 'state' => 'xyz' + )); + + $this->assertEquals(array( + 'client_id' => 1234, + 'redirect_uri' => 'http://foo/redirect', + 'client_details' => array( + 'client_id' => 1234, + 'client_secret' => 5678, + 'redirect_uri' => 'http://foo/redirect', + 'name' => 'Example Client' + ), + 'response_type' => 'code', + 'scopes' => array( + array( + 'id' => 1, + 'scope' => 'foo', + 'name' => 'Foo Name', + 'description' => 'Foo Name Description' + ) + ), + 'scope' => 'foo', + 'state' => 'xyz' + ), $v); + } + + public function test_checkAuthoriseParams() + { + $this->client->shouldReceive('getClient')->andReturn(array( + 'client_id' => 1234, + 'client_secret' => 5678, + 'redirect_uri' => 'http://foo/redirect', + 'name' => 'Example Client' + )); + + $this->scope->shouldReceive('getScope')->andReturn(array( + 'id' => 1, + 'scope' => 'foo', + 'name' => 'Foo Name', + 'description' => 'Foo Name Description' + )); + + $a = $this->returnDefault(); + $g = new OAuth2\Grant\AuthCode($a); + $a->addGrantType($g); + $a->addGrantType(new OAuth2\Grant\AuthCode($a)); + + $_GET['client_id'] = 1234; + $_GET['redirect_uri'] = 'http://foo/redirect'; + $_GET['response_type'] = 'code'; + $_GET['scope'] = 'foo'; + $_GET['state'] = 'xyz'; + + $request = new OAuth2\Util\Request($_GET); + $a->setRequest($request); + + $v = $g->checkAuthoriseParams(); + + $this->assertEquals(array( + 'client_id' => 1234, + 'redirect_uri' => 'http://foo/redirect', + 'client_details' => array( + 'client_id' => 1234, + 'client_secret' => 5678, + 'redirect_uri' => 'http://foo/redirect', + 'name' => 'Example Client' + ), + 'response_type' => 'code', + 'scopes' => array( + array( + 'id' => 1, + 'scope' => 'foo', + 'name' => 'Foo Name', + 'description' => 'Foo Name Description' + ) + ), + 'scope' => 'foo', + 'state' => 'xyz' + ), $v); + } + + + function test_newAuthoriseRequest() + { + $this->session->shouldReceive('deleteSession')->andReturn(null); + $this->session->shouldReceive('createSession')->andReturn(1); + $this->session->shouldReceive('associateScope')->andReturn(null); + + $a = $this->returnDefault(); + $g = new OAuth2\Grant\AuthCode($a); + $a->addGrantType($g); + + $params = array( + 'client_id' => 1234, + 'redirect_uri' => 'http://foo/redirect', + 'client_details' => array( + 'client_id' => 1234, + 'client_secret' => 5678, + 'redirect_uri' => 'http://foo/redirect', + 'name' => 'Example Client' + ), + 'response_type' => 'code', + 'scopes' => array( + array( + 'id' => 1, + 'scope' => 'foo', + 'name' => 'Foo Name', + 'description' => 'Foo Name Description' + ) + ) + ); + + $v = $g->newAuthoriseRequest('user', 123, $params); + + $this->assertEquals(40, strlen($v)); + } + + +} \ No newline at end of file diff --git a/tests/authorization/AuthServerTest.php b/tests/authorization/AuthServerTest.php index 8b4c7bbe..feb0118d 100644 --- a/tests/authorization/AuthServerTest.php +++ b/tests/authorization/AuthServerTest.php @@ -196,315 +196,6 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase $this->assertTrue($a->getStorage('session') instanceof OAuth2\Storage\SessionInterface); } - /** - * @expectedException OAuth2\Exception\ClientException - * @expectedExceptionCode 0 - */ - public function test_checkAuthoriseParams_noClientId() - { - $a = $this->returnDefault(); - $a->checkAuthoriseParams(); - } - - /** - * @expectedException OAuth2\Exception\ClientException - * @expectedExceptionCode 0 - */ - public function test_checkAuthoriseParams_noRedirectUri() - { - $a = $this->returnDefault(); - $a->checkAuthoriseParams(array( - 'client_id' => 1234 - )); - } - - /** - * @expectedException OAuth2\Exception\ClientException - * @expectedExceptionCode 0 - */ - public function test_checkAuthoriseParams_noRequiredState() - { - $a = $this->returnDefault(); - $a->requireStateParam(true); - $a->checkAuthoriseParams(array( - 'client_id' => 1234, - 'redirect_uri' => 'http://foo/redirect' - )); - } - - /** - * @expectedException OAuth2\Exception\ClientException - * @expectedExceptionCode 8 - */ - public function test_checkAuthoriseParams_badClient() - { - $this->client->shouldReceive('getClient')->andReturn(false); - - $a = $this->returnDefault(); - $a->checkAuthoriseParams(array( - 'client_id' => 1234, - 'redirect_uri' => 'http://foo/redirect' - )); - } - - /** - * @expectedException OAuth2\Exception\ClientException - * @expectedExceptionCode 0 - */ - public function test_checkAuthoriseParams_missingResponseType() - { - $this->client->shouldReceive('getClient')->andReturn(array( - 'client_id' => 1234, - 'client_secret' => 5678, - 'redirect_uri' => 'http://foo/redirect', - 'name' => 'Example Client' - )); - - $a = $this->returnDefault(); - $a->checkAuthoriseParams(array( - 'client_id' => 1234, - 'redirect_uri' => 'http://foo/redirect' - )); - } - - /** - * @expectedException OAuth2\Exception\ClientException - * @expectedExceptionCode 3 - */ - public function test_checkAuthoriseParams_badResponseType() - { - $this->client->shouldReceive('getClient')->andReturn(array( - 'client_id' => 1234, - 'client_secret' => 5678, - 'redirect_uri' => 'http://foo/redirect', - 'name' => 'Example Client' - )); - - $a = $this->returnDefault(); - $a->checkAuthoriseParams(array( - 'client_id' => 1234, - 'redirect_uri' => 'http://foo/redirect', - 'response_type' => 'foo' - )); - } - - /** - * @expectedException OAuth2\Exception\ClientException - * @expectedExceptionCode 0 - */ - public function test_checkAuthoriseParams_missingScopes() - { - $this->client->shouldReceive('getClient')->andReturn(array( - 'client_id' => 1234, - 'client_secret' => 5678, - 'redirect_uri' => 'http://foo/redirect', - 'name' => 'Example Client' - )); - - $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\AuthCode($a)); - - $a->checkAuthoriseParams(array( - 'client_id' => 1234, - 'redirect_uri' => 'http://foo/redirect', - 'response_type' => 'code', - 'scope' => '' - )); - } - - public function test_checkAuthoriseParams_defaultScope() - { - $this->client->shouldReceive('getClient')->andReturn(array( - 'client_id' => 1234, - 'client_secret' => 5678, - 'redirect_uri' => 'http://foo/redirect', - 'name' => 'Example Client' - )); - - $this->scope->shouldReceive('getScope')->andReturn(array( - 'id' => 1, - 'scope' => 'foo', - 'name' => 'Foo Name', - 'description' => 'Foo Name Description' - )); - - $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\AuthCode($a)); - $a->setDefaultScope('test.scope'); - $a->requireScopeParam(false); - - $params = $a->checkAuthoriseParams(array( - 'client_id' => 1234, - 'redirect_uri' => 'http://foo/redirect', - 'response_type' => 'code', - 'scope' => '' - )); - - $this->assertArrayHasKey('scopes', $params); - } - - /** - * @expectedException OAuth2\Exception\ClientException - * @expectedExceptionCode 4 - */ - public function test_checkAuthoriseParams_badScopes() - { - $this->client->shouldReceive('getClient')->andReturn(array( - 'client_id' => 1234, - 'client_secret' => 5678, - 'redirect_uri' => 'http://foo/redirect', - 'name' => 'Example Client' - )); - - $this->scope->shouldReceive('getScope')->andReturn(false); - - $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\AuthCode($a)); - - $a->checkAuthoriseParams(array( - 'client_id' => 1234, - 'redirect_uri' => 'http://foo/redirect', - 'response_type' => 'code', - 'scope' => 'foo' - )); - } - - public function test_checkAuthoriseParams_passedInput() - { - $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\AuthCode($a)); - - $this->client->shouldReceive('getClient')->andReturn(array( - 'client_id' => 1234, - 'client_secret' => 5678, - 'redirect_uri' => 'http://foo/redirect', - 'name' => 'Example Client' - )); - - $this->scope->shouldReceive('getScope')->andReturn(array( - 'id' => 1, - 'scope' => 'foo', - 'name' => 'Foo Name', - 'description' => 'Foo Name Description' - )); - - $v = $a->checkAuthoriseParams(array( - 'client_id' => 1234, - 'redirect_uri' => 'http://foo/redirect', - 'response_type' => 'code', - 'scope' => 'foo', - 'state' => 'xyz' - )); - - $this->assertEquals(array( - 'client_id' => 1234, - 'redirect_uri' => 'http://foo/redirect', - 'client_details' => array( - 'client_id' => 1234, - 'client_secret' => 5678, - 'redirect_uri' => 'http://foo/redirect', - 'name' => 'Example Client' - ), - 'response_type' => 'code', - 'scopes' => array( - array( - 'id' => 1, - 'scope' => 'foo', - 'name' => 'Foo Name', - 'description' => 'Foo Name Description' - ) - ), - 'scope' => 'foo', - 'state' => 'xyz' - ), $v); - } - - public function test_checkAuthoriseParams() - { - $this->client->shouldReceive('getClient')->andReturn(array( - 'client_id' => 1234, - 'client_secret' => 5678, - 'redirect_uri' => 'http://foo/redirect', - 'name' => 'Example Client' - )); - - $this->scope->shouldReceive('getScope')->andReturn(array( - 'id' => 1, - 'scope' => 'foo', - 'name' => 'Foo Name', - 'description' => 'Foo Name Description' - )); - - $a = $this->returnDefault(); - $a->addGrantType(new OAuth2\Grant\AuthCode($a)); - - $_GET['client_id'] = 1234; - $_GET['redirect_uri'] = 'http://foo/redirect'; - $_GET['response_type'] = 'code'; - $_GET['scope'] = 'foo'; - $_GET['state'] = 'xyz'; - - $request = new OAuth2\Util\Request($_GET); - $a->setRequest($request); - - $v = $a->checkAuthoriseParams(); - - $this->assertEquals(array( - 'client_id' => 1234, - 'redirect_uri' => 'http://foo/redirect', - 'client_details' => array( - 'client_id' => 1234, - 'client_secret' => 5678, - 'redirect_uri' => 'http://foo/redirect', - 'name' => 'Example Client' - ), - 'response_type' => 'code', - 'scopes' => array( - array( - 'id' => 1, - 'scope' => 'foo', - 'name' => 'Foo Name', - 'description' => 'Foo Name Description' - ) - ), - 'scope' => 'foo', - 'state' => 'xyz' - ), $v); - } - - function test_newAuthoriseRequest() - { - $this->session->shouldReceive('deleteSession')->andReturn(null); - $this->session->shouldReceive('createSession')->andReturn(1); - $this->session->shouldReceive('associateScope')->andReturn(null); - - $a = $this->returnDefault(); - - $params = array( - 'client_id' => 1234, - 'redirect_uri' => 'http://foo/redirect', - 'client_details' => array( - 'client_id' => 1234, - 'client_secret' => 5678, - 'redirect_uri' => 'http://foo/redirect', - 'name' => 'Example Client' - ), - 'response_type' => 'code', - 'scopes' => array( - array( - 'id' => 1, - 'scope' => 'foo', - 'name' => 'Foo Name', - 'description' => 'Foo Name Description' - ) - ) - ); - - $v = $a->newAuthoriseRequest('user', 123, $params); - - $this->assertEquals(40, strlen($v)); - } - public function test_getGrantType() { $a = $this->returnDefault(); From 351580d9d8a82ebfd9663da6a6bffc08b0e146ed Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Sun, 31 Mar 2013 13:37:12 +0100 Subject: [PATCH 044/106] Added getResponseTypes() method --- src/OAuth2/AuthServer.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/OAuth2/AuthServer.php b/src/OAuth2/AuthServer.php index 1b882622..fcae8a1f 100644 --- a/src/OAuth2/AuthServer.php +++ b/src/OAuth2/AuthServer.php @@ -263,6 +263,12 @@ class AuthServer return (array_key_exists($identifier, $this->grantTypes)); } + public function getResponseTypes() + { + die(var_dump($this->responseTypes)); + return $this->responseTypes; + } + /** * Require the "scope" paremter in checkAuthoriseParams() * @param boolean $require From 5f1609577e7ae229f05d0b6a65a92b7a276dc3a3 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Sun, 31 Mar 2013 13:57:24 +0100 Subject: [PATCH 045/106] Added stateParamRequired method --- src/OAuth2/AuthServer.php | 10 ++++++++++ src/OAuth2/Grant/AuthCode.php | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/src/OAuth2/AuthServer.php b/src/OAuth2/AuthServer.php index fcae8a1f..d357c0ff 100644 --- a/src/OAuth2/AuthServer.php +++ b/src/OAuth2/AuthServer.php @@ -306,6 +306,16 @@ class AuthServer return $this->defaultScope; } + /** + * Require the "state" paremter in checkAuthoriseParams() + * @param boolean $require + * @return void + */ + public function stateParamRequired() + { + return $this->requireStateParam; + } + /** * Require the "state" paremter in checkAuthoriseParams() * @param boolean $require diff --git a/src/OAuth2/Grant/AuthCode.php b/src/OAuth2/Grant/AuthCode.php index acae346a..3b2d400d 100644 --- a/src/OAuth2/Grant/AuthCode.php +++ b/src/OAuth2/Grant/AuthCode.php @@ -90,7 +90,7 @@ class AuthCode implements GrantTypeInterface { throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'redirect_uri'), 0); } - if ($this->authServer->scopeParamRequired() === true && is_null($authParams['state'])) { + if ($this->authServer->stateParamRequired() === true && is_null($authParams['state'])) { throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'state'), 0); } From 645d412c027666d10c3866f67c1ddb92a9c1b058 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Sun, 31 Mar 2013 13:57:35 +0100 Subject: [PATCH 046/106] Removed die(var_dump()) --- src/OAuth2/AuthServer.php | 1 - 1 file changed, 1 deletion(-) diff --git a/src/OAuth2/AuthServer.php b/src/OAuth2/AuthServer.php index d357c0ff..24787c6a 100644 --- a/src/OAuth2/AuthServer.php +++ b/src/OAuth2/AuthServer.php @@ -265,7 +265,6 @@ class AuthServer public function getResponseTypes() { - die(var_dump($this->responseTypes)); return $this->responseTypes; } From d75d2663765906e8e87be81a97f16735741a66d4 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 3 Apr 2013 15:50:07 +0100 Subject: [PATCH 047/106] Updated SQL structure --- sql/mysql.sql | 122 +++++++++++++++++++++++++++++++------------------- 1 file changed, 76 insertions(+), 46 deletions(-) diff --git a/sql/mysql.sql b/sql/mysql.sql index a6e96d0c..fdd0ce51 100644 --- a/sql/mysql.sql +++ b/sql/mysql.sql @@ -1,53 +1,83 @@ CREATE TABLE `oauth_clients` ( - `id` varchar(40) NOT NULL DEFAULT '', - `secret` varchar(40) NOT NULL DEFAULT '', - `name` varchar(255) NOT NULL DEFAULT '', - `auto_approve` tinyint(1) NOT NULL DEFAULT '0', - PRIMARY KEY (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; + `client_id` CHAR(40) NOT NULL, + `client_secret` CHAR(40) NOT NULL, + `client_name` VARCHAR(255) NOT NULL, + `auto_approve` TINYINT(1) NOT NULL DEFAULT '0', + PRIMARY KEY (`client_id`), + UNIQUE KEY `u_oacl_clse_clid` (`client_secret`,`client_id`) +) ENGINE=INNODB DEFAULT CHARSET=utf8; CREATE TABLE `oauth_client_endpoints` ( - `id` int(11) unsigned NOT NULL AUTO_INCREMENT, - `client_id` varchar(40) NOT NULL DEFAULT '', - `redirect_uri` varchar(255) DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `client_id` (`client_id`), - CONSTRAINT `oauth_client_endpoints_ibfk_1` FOREIGN KEY (`client_id`) REFERENCES `oauth_clients` (`id`) ON DELETE CASCADE ON UPDATE CASCADE -) ENGINE=InnoDB DEFAULT CHARSET=utf8; + `endpoint_id` INT(10) UNSIGNED NOT NULL AUTO_INCREMENT, + `client_id` CHAR(40) NOT NULL, + `redirect_uri` VARCHAR(255) NOT NULL, + PRIMARY KEY (`endpoint_id`), + KEY `i_oaclen_clid` (`client_id`), + CONSTRAINT `f_oaclen_clid` FOREIGN KEY (`client_id`) REFERENCES `oauth_clients` (`client_id`) ON DELETE CASCADE ON UPDATE CASCADE +) ENGINE=INNODB DEFAULT CHARSET=utf8; -CREATE TABLE `oauth_sessions` ( - `id` int(11) unsigned NOT NULL AUTO_INCREMENT, - `client_id` varchar(40) NOT NULL DEFAULT '', - `redirect_uri` varchar(250) DEFAULT '', - `owner_type` enum('user','client') NOT NULL DEFAULT 'user', - `owner_id` varchar(255) DEFAULT '', - `auth_code` varchar(40) DEFAULT '', - `access_token` varchar(40) DEFAULT '', - `refresh_token` varchar(40) DEFAULT '', - `access_token_expires` int(10) DEFAULT NULL, - `stage` enum('requested','granted') NOT NULL DEFAULT 'requested', - `first_requested` int(10) unsigned NOT NULL, - `last_updated` int(10) unsigned NOT NULL, - PRIMARY KEY (`id`), - KEY `client_id` (`client_id`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +CREATE TABLE `oauth_session` ( + `session_id` INT(10) UNSIGNED NOT NULL AUTO_INCREMENT, + `client_id` CHAR(40) NOT NULL, + `owner_type` ENUM('user','client') NOT NULL DEFAULT 'user', + `owner_id` VARCHAR(255) NOT NULL, + PRIMARY KEY (`session_id`), + KEY `i_uase_clid_owty_owid` (`client_id`,`owner_type`,`owner_id`), + CONSTRAINT `f_oase_clid` FOREIGN KEY (`client_id`) REFERENCES `oauth_clients` (`client_id`) ON DELETE CASCADE ON UPDATE CASCADE +) ENGINE=INNODB DEFAULT CHARSET=utf8; + +CREATE TABLE `oauth_session_access_token` ( + `session_token_id` INT(10) UNSIGNED NOT NULL AUTO_INCREMENT, + `session_id` INT(10) UNSIGNED NOT NULL, + `access_token` CHAR(40) CHARACTER SET utf8 NOT NULL DEFAULT '', + `access_token_expires` INT(10) UNSIGNED NOT NULL, + PRIMARY KEY (`session_token_id`), + UNIQUE KEY `u_oaseacto_acto_seid` (`access_token`,`session_id`), + KEY `f_oaseto_seid` (`session_id`), + CONSTRAINT `f_oaseto_seid` FOREIGN KEY (`session_id`) REFERENCES `oauth_session` (`session_id`) ON DELETE CASCADE ON UPDATE NO ACTION +) ENGINE=INNODB DEFAULT CHARSET=latin1; + +CREATE TABLE `oauth_session_authcode` ( + `session_id` INT(10) UNSIGNED NOT NULL, + `session_token_id` INT(10) UNSIGNED DEFAULT NULL, + `auth_code` CHAR(40) CHARACTER SET utf8 NOT NULL DEFAULT '', + `auth_code_expires` INT(10) UNSIGNED NOT NULL, + PRIMARY KEY (`session_id`), + KEY `f_oaseau_setoid` (`session_token_id`), + CONSTRAINT `f_oaseau_seid` FOREIGN KEY (`session_id`) REFERENCES `oauth_session` (`session_id`) ON DELETE CASCADE ON UPDATE NO ACTION, + CONSTRAINT `f_oaseau_setoid` FOREIGN KEY (`session_token_id`) REFERENCES `oauth_session_access_token` (`session_token_id`) ON DELETE CASCADE ON UPDATE NO ACTION +) ENGINE=INNODB DEFAULT CHARSET=latin1; + +CREATE TABLE `oauth_session_redirect` ( + `session_id` INT(10) UNSIGNED NOT NULL, + `redirect_uri` VARCHAR(255) CHARACTER SET utf8 NOT NULL DEFAULT '', + PRIMARY KEY (`session_id`), + CONSTRAINT `f_oasere_seid` FOREIGN KEY (`session_id`) REFERENCES `oauth_session` (`session_id`) ON DELETE CASCADE ON UPDATE NO ACTION +) ENGINE=INNODB DEFAULT CHARSET=latin1; + +CREATE TABLE `oauth_session_refresh_token` ( + `session_token_id` INT(10) UNSIGNED NOT NULL, + `refresh_token` CHAR(40) CHARACTER SET utf8 NOT NULL DEFAULT '', + PRIMARY KEY (`session_token_id`), + CONSTRAINT `f_oasetore_setoid` FOREIGN KEY (`session_token_id`) REFERENCES `oauth_session_access_token` (`session_token_id`) ON DELETE CASCADE ON UPDATE NO ACTION +) ENGINE=INNODB DEFAULT CHARSET=latin1; CREATE TABLE `oauth_scopes` ( - `id` int(11) unsigned NOT NULL AUTO_INCREMENT, - `scope` varchar(255) NOT NULL DEFAULT '', - `name` varchar(255) NOT NULL DEFAULT '', - `description` varchar(255) DEFAULT '', - PRIMARY KEY (`id`), - UNIQUE KEY `scope` (`scope`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; + `scope_id` SMALLINT(5) UNSIGNED NOT NULL AUTO_INCREMENT, + `scope_key` VARCHAR(255) NOT NULL, + `scope_name` VARCHAR(255) NOT NULL, + `scope_description` VARCHAR(255) DEFAULT NULL, + PRIMARY KEY (`scope_id`), + UNIQUE KEY `u_oasc_sc` (`scope_key`) +) ENGINE=INNODB DEFAULT CHARSET=utf8; -CREATE TABLE `oauth_session_scopes` ( - `id` int(11) unsigned NOT NULL AUTO_INCREMENT, - `session_id` int(11) unsigned NOT NULL, - `scope_id` int(11) unsigned NOT NULL, - PRIMARY KEY (`id`), - KEY `session_id` (`session_id`), - KEY `scope_id` (`scope_id`), - CONSTRAINT `oauth_session_scopes_ibfk_5` FOREIGN KEY (`scope_id`) REFERENCES `oauth_scopes` (`id`) ON DELETE CASCADE, - CONSTRAINT `oauth_session_scopes_ibfk_4` FOREIGN KEY (`session_id`) REFERENCES `oauth_sessions` (`id`) ON DELETE CASCADE -) ENGINE=InnoDB DEFAULT CHARSET=utf8; \ No newline at end of file +CREATE TABLE `oauth_session_token_scope` ( + `session_token_scope_id` BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT, + `session_token_id` INT(10) UNSIGNED NOT NULL, + `scope_id` SMALLINT(5) UNSIGNED NOT NULL, + PRIMARY KEY (`session_token_scope_id`), + UNIQUE KEY `u_setosc_setoid_scid` (`session_token_id`,`scope_id`), + KEY `f_oasetosc_scid` (`scope_id`), + CONSTRAINT `f_oasetosc_setoid` FOREIGN KEY (`session_token_id`) REFERENCES `oauth_session_access_token` (`session_token_id`) ON DELETE CASCADE ON UPDATE NO ACTION, + CONSTRAINT `f_oasetosc_scid` FOREIGN KEY (`scope_id`) REFERENCES `oauth_scopes` (`scope_id`) ON DELETE CASCADE ON UPDATE NO ACTION +) ENGINE=INNODB DEFAULT CHARSET=utf8; \ No newline at end of file From 09b74aa61d9f358711727e5799c9f34d4e8b2752 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 17 Apr 2013 14:22:42 +0100 Subject: [PATCH 048/106] renamed package to oauth2-server --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 9aa7a05c..084e2b15 100644 --- a/composer.json +++ b/composer.json @@ -1,5 +1,5 @@ { - "name": "lncd/oauth2", + "name": "lncd/oauth2-server", "description": "A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants", "version": "1.0.7", "homepage": "https://github.com/lncd/OAuth2", From 67641acdffaa180edc25f069cbbf630a1313d4d5 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Wed, 17 Apr 2013 14:27:09 +0100 Subject: [PATCH 049/106] Revert "renamed package to oauth2-server" This reverts commit 09b74aa61d9f358711727e5799c9f34d4e8b2752. --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 084e2b15..9aa7a05c 100644 --- a/composer.json +++ b/composer.json @@ -1,5 +1,5 @@ { - "name": "lncd/oauth2-server", + "name": "lncd/oauth2", "description": "A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants", "version": "1.0.7", "homepage": "https://github.com/lncd/OAuth2", From 4727a83d846c8c3cbdb2cb87520d8882bf716fb5 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Tue, 23 Apr 2013 13:29:33 +0100 Subject: [PATCH 050/106] Removed stage parameter --- src/OAuth2/Storage/SessionInterface.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/OAuth2/Storage/SessionInterface.php b/src/OAuth2/Storage/SessionInterface.php index 4ab8a3c4..b82ecb45 100644 --- a/src/OAuth2/Storage/SessionInterface.php +++ b/src/OAuth2/Storage/SessionInterface.php @@ -33,7 +33,6 @@ interface SessionInterface * @param string $accessToken The access token (default = "null") * @param string $refreshToken The refresh token (default = "null") * @param int $accessTokenExpire The expiry time of an access token as a unix timestamp - * @param string $stage The stage of the session (default ="request") * @return int The session ID */ public function createSession( @@ -44,8 +43,7 @@ interface SessionInterface $authCode = null, $accessToken = null, $refreshToken = null, - $accessTokenExpire = null, - $stage = 'requested' + $accessTokenExpire = null ); /** From b7bae1120bccae3f28a26535e757e98d814dcd45 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Tue, 23 Apr 2013 13:44:21 +0100 Subject: [PATCH 051/106] Fixed mysql character set --- sql/mysql.sql | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sql/mysql.sql b/sql/mysql.sql index fdd0ce51..d75ea5c7 100644 --- a/sql/mysql.sql +++ b/sql/mysql.sql @@ -35,7 +35,7 @@ CREATE TABLE `oauth_session_access_token` ( UNIQUE KEY `u_oaseacto_acto_seid` (`access_token`,`session_id`), KEY `f_oaseto_seid` (`session_id`), CONSTRAINT `f_oaseto_seid` FOREIGN KEY (`session_id`) REFERENCES `oauth_session` (`session_id`) ON DELETE CASCADE ON UPDATE NO ACTION -) ENGINE=INNODB DEFAULT CHARSET=latin1; +) ENGINE=INNODB DEFAULT CHARSET=utf8; CREATE TABLE `oauth_session_authcode` ( `session_id` INT(10) UNSIGNED NOT NULL, @@ -46,21 +46,21 @@ CREATE TABLE `oauth_session_authcode` ( KEY `f_oaseau_setoid` (`session_token_id`), CONSTRAINT `f_oaseau_seid` FOREIGN KEY (`session_id`) REFERENCES `oauth_session` (`session_id`) ON DELETE CASCADE ON UPDATE NO ACTION, CONSTRAINT `f_oaseau_setoid` FOREIGN KEY (`session_token_id`) REFERENCES `oauth_session_access_token` (`session_token_id`) ON DELETE CASCADE ON UPDATE NO ACTION -) ENGINE=INNODB DEFAULT CHARSET=latin1; +) ENGINE=InnoDB DEFAULT CHARSET=utf8; CREATE TABLE `oauth_session_redirect` ( `session_id` INT(10) UNSIGNED NOT NULL, `redirect_uri` VARCHAR(255) CHARACTER SET utf8 NOT NULL DEFAULT '', PRIMARY KEY (`session_id`), CONSTRAINT `f_oasere_seid` FOREIGN KEY (`session_id`) REFERENCES `oauth_session` (`session_id`) ON DELETE CASCADE ON UPDATE NO ACTION -) ENGINE=INNODB DEFAULT CHARSET=latin1; +) ENGINE=INNODB DEFAULT CHARSET=utf8; CREATE TABLE `oauth_session_refresh_token` ( `session_token_id` INT(10) UNSIGNED NOT NULL, `refresh_token` CHAR(40) CHARACTER SET utf8 NOT NULL DEFAULT '', PRIMARY KEY (`session_token_id`), CONSTRAINT `f_oasetore_setoid` FOREIGN KEY (`session_token_id`) REFERENCES `oauth_session_access_token` (`session_token_id`) ON DELETE CASCADE ON UPDATE NO ACTION -) ENGINE=INNODB DEFAULT CHARSET=latin1; +) ENGINE=INNODB DEFAULT CHARSET=utf8; CREATE TABLE `oauth_scopes` ( `scope_id` SMALLINT(5) UNSIGNED NOT NULL AUTO_INCREMENT, From 859e6720bf3ef8c7ed0a9594abe6f9aabb992aab Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Tue, 23 Apr 2013 13:45:07 +0100 Subject: [PATCH 052/106] Removed `session_token_id` column from oauth_session_authcode --- sql/mysql.sql | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/sql/mysql.sql b/sql/mysql.sql index d75ea5c7..543f4586 100644 --- a/sql/mysql.sql +++ b/sql/mysql.sql @@ -38,14 +38,11 @@ CREATE TABLE `oauth_session_access_token` ( ) ENGINE=INNODB DEFAULT CHARSET=utf8; CREATE TABLE `oauth_session_authcode` ( - `session_id` INT(10) UNSIGNED NOT NULL, - `session_token_id` INT(10) UNSIGNED DEFAULT NULL, - `auth_code` CHAR(40) CHARACTER SET utf8 NOT NULL DEFAULT '', - `auth_code_expires` INT(10) UNSIGNED NOT NULL, + `session_id` int(10) unsigned NOT NULL, + `auth_code` char(40) CHARACTER SET utf8 NOT NULL DEFAULT '', + `auth_code_expires` int(10) unsigned NOT NULL, PRIMARY KEY (`session_id`), - KEY `f_oaseau_setoid` (`session_token_id`), - CONSTRAINT `f_oaseau_seid` FOREIGN KEY (`session_id`) REFERENCES `oauth_session` (`session_id`) ON DELETE CASCADE ON UPDATE NO ACTION, - CONSTRAINT `f_oaseau_setoid` FOREIGN KEY (`session_token_id`) REFERENCES `oauth_session_access_token` (`session_token_id`) ON DELETE CASCADE ON UPDATE NO ACTION + CONSTRAINT `f_oaseau_seid` FOREIGN KEY (`session_id`) REFERENCES `oauth_session` (`session_id`) ON DELETE CASCADE ON UPDATE NO ACTION ) ENGINE=InnoDB DEFAULT CHARSET=utf8; CREATE TABLE `oauth_session_redirect` ( From a265b027ccd848199ae7b910601041d827c5038d Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Tue, 23 Apr 2013 13:52:21 +0100 Subject: [PATCH 053/106] Removed stage parameter --- src/OAuth2/Storage/SessionInterface.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/OAuth2/Storage/SessionInterface.php b/src/OAuth2/Storage/SessionInterface.php index b82ecb45..6e5a3a3c 100644 --- a/src/OAuth2/Storage/SessionInterface.php +++ b/src/OAuth2/Storage/SessionInterface.php @@ -70,8 +70,7 @@ interface SessionInterface $authCode = null, $accessToken = null, $refreshToken = null, - $accessTokenExpire = null, - $stage = 'requested' + $accessTokenExpire = null ); /** From b0d3ba7e70338297b414524ed2638451d30159a3 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Tue, 23 Apr 2013 13:56:13 +0100 Subject: [PATCH 054/106] Revert "Removed `session_token_id` column from oauth_session_authcode" This reverts commit 859e6720bf3ef8c7ed0a9594abe6f9aabb992aab. --- sql/mysql.sql | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/sql/mysql.sql b/sql/mysql.sql index 543f4586..d75ea5c7 100644 --- a/sql/mysql.sql +++ b/sql/mysql.sql @@ -38,11 +38,14 @@ CREATE TABLE `oauth_session_access_token` ( ) ENGINE=INNODB DEFAULT CHARSET=utf8; CREATE TABLE `oauth_session_authcode` ( - `session_id` int(10) unsigned NOT NULL, - `auth_code` char(40) CHARACTER SET utf8 NOT NULL DEFAULT '', - `auth_code_expires` int(10) unsigned NOT NULL, + `session_id` INT(10) UNSIGNED NOT NULL, + `session_token_id` INT(10) UNSIGNED DEFAULT NULL, + `auth_code` CHAR(40) CHARACTER SET utf8 NOT NULL DEFAULT '', + `auth_code_expires` INT(10) UNSIGNED NOT NULL, PRIMARY KEY (`session_id`), - CONSTRAINT `f_oaseau_seid` FOREIGN KEY (`session_id`) REFERENCES `oauth_session` (`session_id`) ON DELETE CASCADE ON UPDATE NO ACTION + KEY `f_oaseau_setoid` (`session_token_id`), + CONSTRAINT `f_oaseau_seid` FOREIGN KEY (`session_id`) REFERENCES `oauth_session` (`session_id`) ON DELETE CASCADE ON UPDATE NO ACTION, + CONSTRAINT `f_oaseau_setoid` FOREIGN KEY (`session_token_id`) REFERENCES `oauth_session_access_token` (`session_token_id`) ON DELETE CASCADE ON UPDATE NO ACTION ) ENGINE=InnoDB DEFAULT CHARSET=utf8; CREATE TABLE `oauth_session_redirect` ( From 6f71439edd6a9bcd7ce14185fa3a9539e298d9e8 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Tue, 23 Apr 2013 14:20:38 +0100 Subject: [PATCH 055/106] Renamed lots of columns --- sql/mysql.sql | 60 +++++++++++++++++++++++++-------------------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/sql/mysql.sql b/sql/mysql.sql index d75ea5c7..b77a216a 100644 --- a/sql/mysql.sql +++ b/sql/mysql.sql @@ -1,10 +1,10 @@ CREATE TABLE `oauth_clients` ( - `client_id` CHAR(40) NOT NULL, - `client_secret` CHAR(40) NOT NULL, - `client_name` VARCHAR(255) NOT NULL, + `id` CHAR(40) NOT NULL, + `secret` CHAR(40) NOT NULL, + `name` VARCHAR(255) NOT NULL, `auto_approve` TINYINT(1) NOT NULL DEFAULT '0', - PRIMARY KEY (`client_id`), - UNIQUE KEY `u_oacl_clse_clid` (`client_secret`,`client_id`) + PRIMARY KEY (`id`), + UNIQUE KEY `u_oacl_clse_clid` (`secret`,`id`) ) ENGINE=INNODB DEFAULT CHARSET=utf8; CREATE TABLE `oauth_client_endpoints` ( @@ -13,71 +13,71 @@ CREATE TABLE `oauth_client_endpoints` ( `redirect_uri` VARCHAR(255) NOT NULL, PRIMARY KEY (`endpoint_id`), KEY `i_oaclen_clid` (`client_id`), - CONSTRAINT `f_oaclen_clid` FOREIGN KEY (`client_id`) REFERENCES `oauth_clients` (`client_id`) ON DELETE CASCADE ON UPDATE CASCADE + CONSTRAINT `f_oaclen_clid` FOREIGN KEY (`client_id`) REFERENCES `oauth_clients` (`id`) ON DELETE CASCADE ON UPDATE CASCADE ) ENGINE=INNODB DEFAULT CHARSET=utf8; CREATE TABLE `oauth_session` ( - `session_id` INT(10) UNSIGNED NOT NULL AUTO_INCREMENT, + `id` INT(10) UNSIGNED NOT NULL AUTO_INCREMENT, `client_id` CHAR(40) NOT NULL, `owner_type` ENUM('user','client') NOT NULL DEFAULT 'user', `owner_id` VARCHAR(255) NOT NULL, - PRIMARY KEY (`session_id`), + PRIMARY KEY (`id`), KEY `i_uase_clid_owty_owid` (`client_id`,`owner_type`,`owner_id`), - CONSTRAINT `f_oase_clid` FOREIGN KEY (`client_id`) REFERENCES `oauth_clients` (`client_id`) ON DELETE CASCADE ON UPDATE CASCADE + CONSTRAINT `f_oase_clid` FOREIGN KEY (`client_id`) REFERENCES `oauth_clients` (`id`) ON DELETE CASCADE ON UPDATE CASCADE ) ENGINE=INNODB DEFAULT CHARSET=utf8; CREATE TABLE `oauth_session_access_token` ( - `session_token_id` INT(10) UNSIGNED NOT NULL AUTO_INCREMENT, + `id` INT(10) UNSIGNED NOT NULL AUTO_INCREMENT, `session_id` INT(10) UNSIGNED NOT NULL, `access_token` CHAR(40) CHARACTER SET utf8 NOT NULL DEFAULT '', `access_token_expires` INT(10) UNSIGNED NOT NULL, - PRIMARY KEY (`session_token_id`), + PRIMARY KEY (`id`), UNIQUE KEY `u_oaseacto_acto_seid` (`access_token`,`session_id`), KEY `f_oaseto_seid` (`session_id`), - CONSTRAINT `f_oaseto_seid` FOREIGN KEY (`session_id`) REFERENCES `oauth_session` (`session_id`) ON DELETE CASCADE ON UPDATE NO ACTION + CONSTRAINT `f_oaseto_seid` FOREIGN KEY (`session_id`) REFERENCES `oauth_session` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION ) ENGINE=INNODB DEFAULT CHARSET=utf8; CREATE TABLE `oauth_session_authcode` ( `session_id` INT(10) UNSIGNED NOT NULL, - `session_token_id` INT(10) UNSIGNED DEFAULT NULL, + `session_access_token_id` INT(10) UNSIGNED DEFAULT NULL, `auth_code` CHAR(40) CHARACTER SET utf8 NOT NULL DEFAULT '', `auth_code_expires` INT(10) UNSIGNED NOT NULL, PRIMARY KEY (`session_id`), - KEY `f_oaseau_setoid` (`session_token_id`), - CONSTRAINT `f_oaseau_seid` FOREIGN KEY (`session_id`) REFERENCES `oauth_session` (`session_id`) ON DELETE CASCADE ON UPDATE NO ACTION, - CONSTRAINT `f_oaseau_setoid` FOREIGN KEY (`session_token_id`) REFERENCES `oauth_session_access_token` (`session_token_id`) ON DELETE CASCADE ON UPDATE NO ACTION + KEY `f_oaseau_setoid` (`session_access_token_id`), + CONSTRAINT `f_oaseau_seid` FOREIGN KEY (`session_id`) REFERENCES `oauth_session` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION, + CONSTRAINT `f_oaseau_setoid` FOREIGN KEY (`session_access_token_id`) REFERENCES `oauth_session_access_token` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION ) ENGINE=InnoDB DEFAULT CHARSET=utf8; CREATE TABLE `oauth_session_redirect` ( `session_id` INT(10) UNSIGNED NOT NULL, `redirect_uri` VARCHAR(255) CHARACTER SET utf8 NOT NULL DEFAULT '', PRIMARY KEY (`session_id`), - CONSTRAINT `f_oasere_seid` FOREIGN KEY (`session_id`) REFERENCES `oauth_session` (`session_id`) ON DELETE CASCADE ON UPDATE NO ACTION + CONSTRAINT `f_oasere_seid` FOREIGN KEY (`session_id`) REFERENCES `oauth_session` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION ) ENGINE=INNODB DEFAULT CHARSET=utf8; CREATE TABLE `oauth_session_refresh_token` ( - `session_token_id` INT(10) UNSIGNED NOT NULL, + `session_access_token_id` INT(10) UNSIGNED NOT NULL, `refresh_token` CHAR(40) CHARACTER SET utf8 NOT NULL DEFAULT '', - PRIMARY KEY (`session_token_id`), - CONSTRAINT `f_oasetore_setoid` FOREIGN KEY (`session_token_id`) REFERENCES `oauth_session_access_token` (`session_token_id`) ON DELETE CASCADE ON UPDATE NO ACTION + PRIMARY KEY (`session_access_token_id`), + CONSTRAINT `f_oasetore_setoid` FOREIGN KEY (`session_access_token_id`) REFERENCES `oauth_session_access_token` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION ) ENGINE=INNODB DEFAULT CHARSET=utf8; CREATE TABLE `oauth_scopes` ( - `scope_id` SMALLINT(5) UNSIGNED NOT NULL AUTO_INCREMENT, - `scope_key` VARCHAR(255) NOT NULL, - `scope_name` VARCHAR(255) NOT NULL, - `scope_description` VARCHAR(255) DEFAULT NULL, - PRIMARY KEY (`scope_id`), - UNIQUE KEY `u_oasc_sc` (`scope_key`) + `id` SMALLINT(5) UNSIGNED NOT NULL AUTO_INCREMENT, + `key` VARCHAR(255) NOT NULL, + `name` VARCHAR(255) NOT NULL, + `description` VARCHAR(255) DEFAULT NULL, + PRIMARY KEY (`id`), + UNIQUE KEY `u_oasc_sc` (`key`) ) ENGINE=INNODB DEFAULT CHARSET=utf8; CREATE TABLE `oauth_session_token_scope` ( `session_token_scope_id` BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT, - `session_token_id` INT(10) UNSIGNED NOT NULL, + `session_access_token_id` INT(10) UNSIGNED NOT NULL, `scope_id` SMALLINT(5) UNSIGNED NOT NULL, PRIMARY KEY (`session_token_scope_id`), - UNIQUE KEY `u_setosc_setoid_scid` (`session_token_id`,`scope_id`), + UNIQUE KEY `u_setosc_setoid_scid` (`session_access_token_id`,`scope_id`), KEY `f_oasetosc_scid` (`scope_id`), - CONSTRAINT `f_oasetosc_setoid` FOREIGN KEY (`session_token_id`) REFERENCES `oauth_session_access_token` (`session_token_id`) ON DELETE CASCADE ON UPDATE NO ACTION, - CONSTRAINT `f_oasetosc_scid` FOREIGN KEY (`scope_id`) REFERENCES `oauth_scopes` (`scope_id`) ON DELETE CASCADE ON UPDATE NO ACTION + CONSTRAINT `f_oasetosc_setoid` FOREIGN KEY (`session_access_token_id`) REFERENCES `oauth_session_access_token` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION, + CONSTRAINT `f_oasetosc_scid` FOREIGN KEY (`scope_id`) REFERENCES `oauth_scopes` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION ) ENGINE=INNODB DEFAULT CHARSET=utf8; \ No newline at end of file From d0d0d2a7c3adf7cdb188786401a6729b0b18ff29 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Sun, 28 Apr 2013 19:06:21 +0100 Subject: [PATCH 056/106] Require zetacompontents/database --- composer.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 9aa7a05c..c57c1e93 100644 --- a/composer.json +++ b/composer.json @@ -5,7 +5,8 @@ "homepage": "https://github.com/lncd/OAuth2", "license": "MIT", "require": { - "php": ">=5.3.0" + "php": ">=5.3.0", + "zetacomponents/database": "dev-master" }, "require-dev": { "mockery/mockery": ">=0.7.2" From a93a039df3d590df6aa683da69c5921a80adcd8b Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Sun, 28 Apr 2013 23:56:17 +0100 Subject: [PATCH 057/106] Lots of table fixes --- sql/mysql.sql | 77 +++++++++++++++++++++++++-------------------------- 1 file changed, 37 insertions(+), 40 deletions(-) diff --git a/sql/mysql.sql b/sql/mysql.sql index b77a216a..9debe1a7 100644 --- a/sql/mysql.sql +++ b/sql/mysql.sql @@ -16,51 +16,48 @@ CREATE TABLE `oauth_client_endpoints` ( CONSTRAINT `f_oaclen_clid` FOREIGN KEY (`client_id`) REFERENCES `oauth_clients` (`id`) ON DELETE CASCADE ON UPDATE CASCADE ) ENGINE=INNODB DEFAULT CHARSET=utf8; -CREATE TABLE `oauth_session` ( - `id` INT(10) UNSIGNED NOT NULL AUTO_INCREMENT, - `client_id` CHAR(40) NOT NULL, - `owner_type` ENUM('user','client') NOT NULL DEFAULT 'user', - `owner_id` VARCHAR(255) NOT NULL, +CREATE TABLE `oauth_sessions` ( + `id` int(10) unsigned NOT NULL AUTO_INCREMENT, + `client_id` char(40) NOT NULL, + `owner_type` enum('user','client') NOT NULL DEFAULT 'user', + `owner_id` varchar(255) NOT NULL, PRIMARY KEY (`id`), KEY `i_uase_clid_owty_owid` (`client_id`,`owner_type`,`owner_id`), CONSTRAINT `f_oase_clid` FOREIGN KEY (`client_id`) REFERENCES `oauth_clients` (`id`) ON DELETE CASCADE ON UPDATE CASCADE -) ENGINE=INNODB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8; -CREATE TABLE `oauth_session_access_token` ( - `id` INT(10) UNSIGNED NOT NULL AUTO_INCREMENT, - `session_id` INT(10) UNSIGNED NOT NULL, - `access_token` CHAR(40) CHARACTER SET utf8 NOT NULL DEFAULT '', - `access_token_expires` INT(10) UNSIGNED NOT NULL, +CREATE TABLE `oauth_session_access_tokens` ( + `id` int(10) unsigned NOT NULL AUTO_INCREMENT, + `session_id` int(10) unsigned NOT NULL, + `access_token` char(40) NOT NULL DEFAULT '', + `access_token_expires` int(10) unsigned NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `u_oaseacto_acto_seid` (`access_token`,`session_id`), KEY `f_oaseto_seid` (`session_id`), - CONSTRAINT `f_oaseto_seid` FOREIGN KEY (`session_id`) REFERENCES `oauth_session` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION -) ENGINE=INNODB DEFAULT CHARSET=utf8; - -CREATE TABLE `oauth_session_authcode` ( - `session_id` INT(10) UNSIGNED NOT NULL, - `session_access_token_id` INT(10) UNSIGNED DEFAULT NULL, - `auth_code` CHAR(40) CHARACTER SET utf8 NOT NULL DEFAULT '', - `auth_code_expires` INT(10) UNSIGNED NOT NULL, - PRIMARY KEY (`session_id`), - KEY `f_oaseau_setoid` (`session_access_token_id`), - CONSTRAINT `f_oaseau_seid` FOREIGN KEY (`session_id`) REFERENCES `oauth_session` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION, - CONSTRAINT `f_oaseau_setoid` FOREIGN KEY (`session_access_token_id`) REFERENCES `oauth_session_access_token` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION + CONSTRAINT `f_oaseto_seid` FOREIGN KEY (`session_id`) REFERENCES `oauth_sessions` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION ) ENGINE=InnoDB DEFAULT CHARSET=utf8; -CREATE TABLE `oauth_session_redirect` ( - `session_id` INT(10) UNSIGNED NOT NULL, - `redirect_uri` VARCHAR(255) CHARACTER SET utf8 NOT NULL DEFAULT '', +CREATE TABLE `oauth_session_authcodes` ( + `session_id` int(10) unsigned NOT NULL, + `auth_code` char(40) NOT NULL DEFAULT '', + `auth_code_expires` int(10) unsigned NOT NULL, PRIMARY KEY (`session_id`), - CONSTRAINT `f_oasere_seid` FOREIGN KEY (`session_id`) REFERENCES `oauth_session` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION -) ENGINE=INNODB DEFAULT CHARSET=utf8; + CONSTRAINT `f_oaseau_seid` FOREIGN KEY (`session_id`) REFERENCES `oauth_sessions` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION +) ENGINE=InnoDB DEFAULT CHARSET=utf8; -CREATE TABLE `oauth_session_refresh_token` ( - `session_access_token_id` INT(10) UNSIGNED NOT NULL, - `refresh_token` CHAR(40) CHARACTER SET utf8 NOT NULL DEFAULT '', +CREATE TABLE `oauth_session_redirects` ( + `session_id` int(10) unsigned NOT NULL, + `redirect_uri` varchar(255) NOT NULL DEFAULT '', + PRIMARY KEY (`session_id`), + CONSTRAINT `f_oasere_seid` FOREIGN KEY (`session_id`) REFERENCES `oauth_sessions` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +CREATE TABLE `oauth_session_refresh_tokens` ( + `session_access_token_id` int(10) unsigned NOT NULL, + `refresh_token` char(40) NOT NULL DEFAULT '', PRIMARY KEY (`session_access_token_id`), - CONSTRAINT `f_oasetore_setoid` FOREIGN KEY (`session_access_token_id`) REFERENCES `oauth_session_access_token` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION -) ENGINE=INNODB DEFAULT CHARSET=utf8; + CONSTRAINT `f_oasetore_setoid` FOREIGN KEY (`session_access_token_id`) REFERENCES `oauth_session_access_tokens` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION +) ENGINE=InnoDB DEFAULT CHARSET=utf8; CREATE TABLE `oauth_scopes` ( `id` SMALLINT(5) UNSIGNED NOT NULL AUTO_INCREMENT, @@ -71,13 +68,13 @@ CREATE TABLE `oauth_scopes` ( UNIQUE KEY `u_oasc_sc` (`key`) ) ENGINE=INNODB DEFAULT CHARSET=utf8; -CREATE TABLE `oauth_session_token_scope` ( - `session_token_scope_id` BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT, - `session_access_token_id` INT(10) UNSIGNED NOT NULL, - `scope_id` SMALLINT(5) UNSIGNED NOT NULL, +CREATE TABLE `oauth_session_token_scopes` ( + `session_token_scope_id` bigint(20) unsigned NOT NULL AUTO_INCREMENT, + `session_access_token_id` int(10) unsigned DEFAULT NULL, + `scope_id` smallint(5) unsigned NOT NULL, PRIMARY KEY (`session_token_scope_id`), UNIQUE KEY `u_setosc_setoid_scid` (`session_access_token_id`,`scope_id`), KEY `f_oasetosc_scid` (`scope_id`), - CONSTRAINT `f_oasetosc_setoid` FOREIGN KEY (`session_access_token_id`) REFERENCES `oauth_session_access_token` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION, - CONSTRAINT `f_oasetosc_scid` FOREIGN KEY (`scope_id`) REFERENCES `oauth_scopes` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION -) ENGINE=INNODB DEFAULT CHARSET=utf8; \ No newline at end of file + CONSTRAINT `f_oasetosc_scid` FOREIGN KEY (`scope_id`) REFERENCES `oauth_scopes` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION, + CONSTRAINT `f_oasetosc_setoid` FOREIGN KEY (`session_access_token_id`) REFERENCES `oauth_session_access_tokens` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION +) ENGINE=InnoDB DEFAULT CHARSET=utf8; \ No newline at end of file From 81d6bcf00aa6ac869ac065d5f094f689fd04eaee Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Sun, 28 Apr 2013 23:57:29 +0100 Subject: [PATCH 058/106] Changed params around and removed line breaks --- src/OAuth2/Storage/SessionInterface.php | 82 ++++++++----------------- 1 file changed, 24 insertions(+), 58 deletions(-) diff --git a/src/OAuth2/Storage/SessionInterface.php b/src/OAuth2/Storage/SessionInterface.php index 6e5a3a3c..404bade7 100644 --- a/src/OAuth2/Storage/SessionInterface.php +++ b/src/OAuth2/Storage/SessionInterface.php @@ -19,32 +19,19 @@ interface SessionInterface * Example SQL query: * * - * INSERT INTO oauth_sessions (client_id, redirect_uri, owner_type, - * owner_id, auth_code, access_token, refresh_token, stage, first_requested, - * last_updated) VALUES ($clientId, $redirectUri, $type, $typeId, $authCode, - * $accessToken, $stage, UNIX_TIMESTAMP(NOW()), UNIX_TIMESTAMP(NOW())) + * INSERT INTO oauth_sessions (client_id, owner_type, owner_id) VALUES ($clientId, $type, $typeId) + * + * INSERT INTO oauth_session_authcodes (session_id, auth_code, auth_code_expires) VALUE + * ($sessionId, $authCode, $authCodeExpires) + * + * INSERT INTO oauth_session_access_tokens (session_id, access_token, access_token_expires) VALUE + * ($sessionId, $accessToken, $accessTokenExpire) * * - * @param string $clientId The client ID - * @param string $redirectUri The redirect URI - * @param string $type The session owner's type (default = "user") - * @param string $typeId The session owner's ID (default = "null") - * @param string $authCode The authorisation code (default = "null") - * @param string $accessToken The access token (default = "null") - * @param string $refreshToken The refresh token (default = "null") - * @param int $accessTokenExpire The expiry time of an access token as a unix timestamp - * @return int The session ID + * @param array $params Session parameters + * @return int The session ID */ - public function createSession( - $clientId, - $redirectUri, - $type = 'user', - $typeId = null, - $authCode = null, - $accessToken = null, - $refreshToken = null, - $accessTokenExpire = null - ); + public function createSession($params = array()); /** * Update an OAuth session @@ -57,21 +44,10 @@ interface SessionInterface * id = $sessionId * * - * @param string $sessionId The session ID - * @param string $authCode The authorisation code (default = "null") - * @param string $accessToken The access token (default = "null") - * @param string $refreshToken The refresh token (default = "null") - * @param int $accessTokenExpire The expiry time of an access token as a unix timestamp - * @param string $stage The stage of the session (default ="request") - * @return void + * @param array $sessionId The session ID + * @return int ID of the access token */ - public function updateSession( - $sessionId, - $authCode = null, - $accessToken = null, - $refreshToken = null, - $accessTokenExpire = null - ); + public function updateSession($sessionId, $params = array()); /** * Delete an OAuth session @@ -86,11 +62,7 @@ interface SessionInterface * @param string $typeId The session owner's ID * @return void */ - public function deleteSession( - $clientId, - $type, - $typeId - ); + public function deleteSession($clientId, $type, $typeId); /** * Validate that an authorisation code is valid @@ -98,8 +70,12 @@ interface SessionInterface * Example SQL query: * * - * SELECT id FROM oauth_sessions WHERE client_id = $clientID AND - * redirect_uri = $redirectUri AND auth_code = $authCode + * SELECT oauth_sessions.id FROM oauth_sessions JOIN oauth_session_authcodes ON + * oauth_session_authcodes.`session_id` = oauth_sessions.id JOIN oauth_session_redirects ON + * oauth_session_redirects.`session_id` = oauth_sessions.id WHERE oauth_sessions.client_id = $clientId + * AND oauth_session_authcodes.`auth_code` = $authCode AND + * `oauth_session_authcodes`.`auth_code_expires` >= UNIX_TIMESTAMP(NOW()) AND + * `oauth_session_redirects`.`redirect_uri` = $redirectUri * * * @param string $clientId The client ID @@ -108,11 +84,7 @@ interface SessionInterface * @return array|bool Returns an array with the session ID in the 'id' key if the auth code * is valid otherwise returns false */ - public function validateAuthCode( - $clientId, - $redirectUri, - $authCode - ); + public function validateAuthCode($clientId, $redirectUri, $authCode); /** * Validate an access token @@ -179,12 +151,7 @@ interface SessionInterface * @param int $accessTokenExpires The UNIX timestamp of when the new token expires * @return void */ - public function updateRefreshToken( - $sessionId, - $newAccessToken, - $newRefreshToken, - $accessTokenExpires - ); + public function updateRefreshToken($sessionId, $newAccessToken, $newRefreshToken, $accessTokenExpires); /** * Associates a session with a scope @@ -192,15 +159,14 @@ interface SessionInterface * Example SQL query: * * - * INSERT INTO oauth_session_scopes (session_id, scope_id) VALUE ($sessionId, - * $scopeId) + * INSERT INTO oauth_session_scopes (session_id, scope_id) VALUE ($sessionId, $scopeId) * * * @param int $sessionId The session ID * @param string $scopeId The scope ID * @return void */ - public function associateScope($sessionId, $scopeId); + public function associateScope($accessTokenId, $scopeId); /** * Return the scopes associated with an access token From 7bfbe81f61198cec84d335a07a43a653c6a2e458 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Sun, 28 Apr 2013 23:57:50 +0100 Subject: [PATCH 059/106] Started PDO storage classes --- src/OAuth2/Storage/PDO/Client.php | 45 +++++++++++++++++++++++++++++++ src/OAuth2/Storage/PDO/Db.php | 12 +++++++++ src/OAuth2/Storage/PDO/Scope.php | 31 +++++++++++++++++++++ 3 files changed, 88 insertions(+) create mode 100644 src/OAuth2/Storage/PDO/Client.php create mode 100644 src/OAuth2/Storage/PDO/Db.php create mode 100644 src/OAuth2/Storage/PDO/Scope.php diff --git a/src/OAuth2/Storage/PDO/Client.php b/src/OAuth2/Storage/PDO/Client.php new file mode 100644 index 00000000..a972aa15 --- /dev/null +++ b/src/OAuth2/Storage/PDO/Client.php @@ -0,0 +1,45 @@ +prepare('SELECT oauth_clients.id, oauth_clients.secret, oauth_client_endpoints.redirect_uri, oauth_clients.name FROM oauth_clients LEFT JOIN oauth_client_endpoints ON oauth_client_endpoints.client_id = oauth_clients.id WHERE oauth_clients.id = :clientId AND oauth_client_endpoints.redirect_uri = :redirectUri'); + $stmt->bindValue(':redirectUri', $redirectUri); + } + + elseif ( ! is_null($clientSecret) && is_null($redirectUri)) { + $stmt = $db->prepare('SELECT oauth_clients.id, oauth_clients.secret, oauth_clients.name FROM oauth_clients WHERE oauth_clients.id = :clientId AND oauth_clients.secret = :clientSecret'); + $stmt->bindValue(':clientSecret', $clientSecret); + } + + elseif ( ! is_null($clientSecret) && ! is_null($redirectUri)) { + $stmt = $db->prepare('SELECT oauth_clients.id, oauth_clients.secret, oauth_client_endpoints.redirect_uri, oauth_clients.name FROM oauth_clients LEFT JOIN oauth_client_endpoints ON oauth_client_endpoints.client_id = oauth_clients.id WHERE oauth_clients.id = :clientId AND oauth_clients.secret = :clientSecret AND oauth_client_endpoints.redirect_uri = :redirectUri'); + $stmt->bindValue(':redirectUri', $redirectUri); + $stmt->bindValue(':clientSecret', $clientSecret); + } + + $stmt->bindValue(':clientId', $clientId); + $stmt->execute(); + + $row = $stmt->fetchObject(); + + if ($row === false) { + return false; + } + + return array( + 'client_id' => $row->id, + 'client_secret' => $row->secret, + 'redirect_uri' => (isset($row->redirect_uri)) ? $row->redirect_uri : null, + 'name' => $row->name + ); + } +} \ No newline at end of file diff --git a/src/OAuth2/Storage/PDO/Db.php b/src/OAuth2/Storage/PDO/Db.php new file mode 100644 index 00000000..0d47642e --- /dev/null +++ b/src/OAuth2/Storage/PDO/Db.php @@ -0,0 +1,12 @@ +prepare('SELECT * FROM oauth_scopes WHERE oauth_scopes.key = :scope'); + $stmt->bindValue(':scope', $scope); + $stmt->execute(); + + $row = $stmt->fetchObject(); + + if ($row === false) { + return false; + } + + return array( + 'id' => $row->id, + 'scope' => $row->key, + 'name' => $row->name, + 'description' => $row->description + ); + + } +} \ No newline at end of file From 4ef8030a93164d1e02947a86988e5b3760bd51b2 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Sun, 28 Apr 2013 23:58:01 +0100 Subject: [PATCH 060/106] First commit of PDO storage class --- src/OAuth2/Storage/PDO/Session.php | 151 +++++++++++++++++++++++++++++ 1 file changed, 151 insertions(+) create mode 100644 src/OAuth2/Storage/PDO/Session.php diff --git a/src/OAuth2/Storage/PDO/Session.php b/src/OAuth2/Storage/PDO/Session.php new file mode 100644 index 00000000..0d6c42ef --- /dev/null +++ b/src/OAuth2/Storage/PDO/Session.php @@ -0,0 +1,151 @@ +prepare('INSERT INTO oauth_sessions (client_id, owner_type, owner_id) VALUE (:clientId, :ownerType, :ownerId)'); + $stmt->bindValue(':clientId', $params['client_id']); + $stmt->bindValue(':ownerType', $params['owner_type']); + $stmt->bindValue(':ownerId', $params['owner_id']); + $stmt->execute(); + + $sessionId = $db->lastInsertId(); + + if (isset($params['redirect_uri'])) { + $stmt = $db->prepare('INSERT INTO oauth_session_redirects (session_id, redirect_uri) VALUE (:sessionId, :redirectUri)'); + $stmt->bindValue(':sessionId', $sessionId); + $stmt->bindValue(':redirectUri', $params['redirect_uri']); + $stmt->execute(); + } + + if (isset($params['auth_code'])) { + $stmt = $db->prepare('INSERT INTO oauth_session_authcodes (session_id, auth_code, auth_code_expires, scope_ids) VALUE (:sessionId, :authCode, :authCodeExpires, :scopeIds)'); + $stmt->bindValue(':sessionId', $sessionId); + $stmt->bindValue(':authCode', $params['auth_code']); + $stmt->bindValue(':authCodeExpires', time() + 600); + $stmt->bindValue(':scopeIds', isset($params['scope_ids']) ? $params['scope_ids'] : null); + $stmt->execute(); + } + + if (isset($params['access_token'])) { + $stmt = $db->prepare('INSERT INTO oauth_session_access_tokens (session_id, access_token, access_token_expires) VALUE (:sessionId, :accessToken, :accessTokenExpire)'); + $stmt->bindValue(':sessionId', $sessionId); + $stmt->bindValue(':accessToken', $params['access_token']); + $stmt->bindValue(':accessTokenExpire', $params['access_token_expire']); + $stmt->execute(); + + $accessTokenId = $db->lastInsertId(); + + if (isset($params['refresh_token']) && $params['refresh_token'] !== null) { + $stmt = $db->prepare('INSERT INTO oauth_session_refresh_tokens (session_access_token_id, refresh_token) VALUE (:accessTokenId, :refreshToken)'); + $stmt->bindValue(':accessTokenId', $accessTokenId); + $stmt->bindValue(':refreshToken', $params['refresh_token']); + $stmt->execute(); + } + } + + return $sessionId; + } + + public function updateSession($sessionId, $params = array()) + { + $db = \ezcDbInstance::get(); + + if (isset($params['access_token'])) { + $stmt = $db->prepare('INSERT INTO oauth_session_access_tokens (session_id, access_token, access_token_expires) VALUE (:sessionId, :accessToken, :accessTokenExpire)'); + $stmt->bindValue(':sessionId', $sessionId); + $stmt->bindValue(':accessToken', $params['access_token']); + $stmt->bindValue(':accessTokenExpire', $params['access_token_expire']); + $stmt->execute(); + + $accessTokenId = $db->lastInsertId(); + + if (isset($params['refresh_token']) && $params['refresh_token'] !== null) { + $stmt = $db->prepare('INSERT INTO oauth_session_refresh_tokens (session_access_token_id, refresh_token) VALUE (:accessTokenId, :refreshToken)'); + $stmt->bindValue(':accessTokenId', $accessTokenId); + $stmt->bindValue(':refreshToken', $params['refresh_token']); + $stmt->execute(); + } + + return $accessTokenId; + } + } + + public function deleteSession($clientId, $type, $typeId) + { + $db = \ezcDbInstance::get(); + + $stmt = $db->prepare('DELETE FROM oauth_sessions WHERE client_id = :clientId AND owner_type = :type AND owner_id = :typeId'); + $stmt->bindValue(':clientId', $clientId); + $stmt->bindValue(':type', $type); + $stmt->bindValue(':typeId', $typeId); + $stmt->execute(); + } + + public function validateAuthCode($clientId, $redirectUri, $authCode) + { + $db = \ezcDbInstance::get(); + + $stmt = $db->prepare('SELECT oauth_sessions.id, oauth_session_authcodes.scope_ids FROM oauth_sessions JOIN oauth_session_authcodes ON oauth_session_authcodes.`session_id` = oauth_sessions.id JOIN oauth_session_redirects ON oauth_session_redirects.`session_id` = oauth_sessions.id WHERE oauth_sessions.client_id = :clientId AND oauth_session_authcodes.`auth_code` = :authCode AND `oauth_session_authcodes`.`auth_code_expires` >= :time AND `oauth_session_redirects`.`redirect_uri` = :redirectUri'); + $stmt->bindValue(':clientId', $clientId); + $stmt->bindValue(':redirectUri', $redirectUri); + $stmt->bindValue(':authCode', $authCode); + $stmt->bindValue(':time', time()); + $stmt->execute(); + + $result = $stmt->fetchObject(); + + return ($result === false) ? false : (array) $result; + } + + public function deleteAuthCode($sessionId) + { + $db = \ezcDbInstance::get(); + + $stmt = $db->prepare('DELETE FROM oauth_session_authcodes WHERE session_id = :sessionId'); + $stmt->bindValue(':sessionId', $sessionId); + $stmt->execute(); + } + + public function validateAccessToken($accessToken) + { + throw new \Exception('Not implemented '.debug_backtrace()[0]['function']); + } + + public function getAccessToken($sessionId) + { + throw new \Exception('Not implemented '.debug_backtrace()[0]['function']); + } + + public function validateRefreshToken($refreshToken, $clientId) + { + throw new \Exception('Not implemented '.debug_backtrace()[0]['function']); + } + + public function updateRefreshToken($sessionId, $newAccessToken, $newRefreshToken, $accessTokenExpires) + { + throw new \Exception('Not implemented '.debug_backtrace()[0]['function']); + } + + public function associateScope($accessTokenId, $scopeId) + { + $db = \ezcDbInstance::get(); + + $stmt = $db->prepare('INSERT INTO `oauth_session_token_scopes` (`session_access_token_id`, `scope_id`) VALUE (:accessTokenId, :scopeId)'); + $stmt->bindValue(':accessTokenId', $accessTokenId); + $stmt->bindValue(':scopeId', $scopeId); + $stmt->execute(); + } + + public function getScopes($sessionId) + { + throw new \Exception('Not implemented '.debug_backtrace()[0]['function']); + } +} \ No newline at end of file From a4715bfc3b0e57d73cbf67d58d850e030923b70c Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 29 Apr 2013 00:00:04 +0100 Subject: [PATCH 061/106] Updated create a new session --- src/OAuth2/Grant/AuthCode.php | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/OAuth2/Grant/AuthCode.php b/src/OAuth2/Grant/AuthCode.php index 3b2d400d..37c540bf 100644 --- a/src/OAuth2/Grant/AuthCode.php +++ b/src/OAuth2/Grant/AuthCode.php @@ -157,8 +157,6 @@ class AuthCode implements GrantTypeInterface { // Remove any old sessions the user might have $this->authServer->getStorage('session')->deleteSession($authParams['client_id'], $type, $typeId); - // Create a new session - $sessionId = $this->authServer->getStorage('session')->createSession($authParams['client_id'], $authParams['redirect_uri'], $type, $typeId, $authCode); // Associate scopes with the new session foreach ($authParams['scopes'] as $scope) @@ -166,6 +164,16 @@ class AuthCode implements GrantTypeInterface { $this->authServer->getStorage('session')->associateScope($sessionId, $scope['id']); } + // Create a new session + $sessionId = $this->authServer->getStorage('session')->createSession(array( + 'client_id' => $authParams['client_id'], + 'owner_type' => $type, + 'owner_id' => $typeId, + 'redirect_uri' =>$authParams['redirect_uri'], + 'auth_code' => $authCode, + 'scope_ids' => implode(',', $scopeIds) + )); + return $authCode; } From 351bec6019fa5f169b0a6ea49183ad3533f20bf1 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 29 Apr 2013 00:01:07 +0100 Subject: [PATCH 062/106] Don't associate a scope with a session, we associate it with an access token later --- src/OAuth2/Grant/AuthCode.php | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/src/OAuth2/Grant/AuthCode.php b/src/OAuth2/Grant/AuthCode.php index 37c540bf..cee20e03 100644 --- a/src/OAuth2/Grant/AuthCode.php +++ b/src/OAuth2/Grant/AuthCode.php @@ -157,11 +157,11 @@ class AuthCode implements GrantTypeInterface { // Remove any old sessions the user might have $this->authServer->getStorage('session')->deleteSession($authParams['client_id'], $type, $typeId); - - // Associate scopes with the new session + // List of scopes IDs + $scopeIds = array(); foreach ($authParams['scopes'] as $scope) { - $this->authServer->getStorage('session')->associateScope($sessionId, $scope['id']); + $scopeIds[] = $scope['id']; } // Create a new session @@ -237,6 +237,14 @@ class AuthCode implements GrantTypeInterface { $accessTokenExpires, 'granted' ); + // Associate scopes with the access token + if ( ! is_null($session['scope_ids'])) { + $scopeIds = explode(',', $session['scope_ids']); + + foreach ($scopeIds as $scopeId) { + $this->authServer->getStorage('session')->associateScope($accessTokenId, $scopeId); + } + } $response = array( 'access_token' => $accessToken, From 6543ebcd4daf19e7882fb812ba70898d5e7fca1a Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 29 Apr 2013 00:01:34 +0100 Subject: [PATCH 063/106] Updated updateSession code --- src/OAuth2/Grant/AuthCode.php | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/src/OAuth2/Grant/AuthCode.php b/src/OAuth2/Grant/AuthCode.php index cee20e03..55b9db76 100644 --- a/src/OAuth2/Grant/AuthCode.php +++ b/src/OAuth2/Grant/AuthCode.php @@ -229,14 +229,12 @@ class AuthCode implements GrantTypeInterface { $accessTokenExpires = time() + $this->authServer->getExpiresIn(); $accessTokenExpiresIn = $this->authServer->getExpiresIn(); - $this->authServer->getStorage('session')->updateSession( - $session['id'], - null, - $accessToken, - $refreshToken, - $accessTokenExpires, - 'granted' - ); + + $accessTokenId = $this->authServer->getStorage('session')->updateSession($session['id'], array( + 'access_token' => $accessToken, + 'access_token_expire' => $accessTokenExpires, + 'refresh_token' => $refreshToken + )); // Associate scopes with the access token if ( ! is_null($session['scope_ids'])) { $scopeIds = explode(',', $session['scope_ids']); From 17bc6a1512ad89adf4a861a36683e5ff5cafdf6b Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 29 Apr 2013 00:01:51 +0100 Subject: [PATCH 064/106] Comment update --- src/OAuth2/Grant/AuthCode.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/OAuth2/Grant/AuthCode.php b/src/OAuth2/Grant/AuthCode.php index 55b9db76..e82f1812 100644 --- a/src/OAuth2/Grant/AuthCode.php +++ b/src/OAuth2/Grant/AuthCode.php @@ -220,8 +220,7 @@ class AuthCode implements GrantTypeInterface { throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_grant'), 'code'), 9); } - // A session ID was returned so update it with an access token, - // remove the authorisation code, change the stage to 'granted' + // A session ID was returned so update it with an access token and remove the authorisation code $accessToken = SecureKey::make(); $refreshToken = ($this->authServer->hasGrantType('refresh_token')) ? SecureKey::make() : null; From 79338d0d7557b6c3b1021aad69f6403d07db8669 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 29 Apr 2013 00:02:00 +0100 Subject: [PATCH 065/106] Delete an associated auth code --- src/OAuth2/Grant/AuthCode.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/OAuth2/Grant/AuthCode.php b/src/OAuth2/Grant/AuthCode.php index e82f1812..e9044db2 100644 --- a/src/OAuth2/Grant/AuthCode.php +++ b/src/OAuth2/Grant/AuthCode.php @@ -228,12 +228,14 @@ class AuthCode implements GrantTypeInterface { $accessTokenExpires = time() + $this->authServer->getExpiresIn(); $accessTokenExpiresIn = $this->authServer->getExpiresIn(); + $this->authServer->getStorage('session')->deleteAuthCode($session['id']); $accessTokenId = $this->authServer->getStorage('session')->updateSession($session['id'], array( 'access_token' => $accessToken, 'access_token_expire' => $accessTokenExpires, 'refresh_token' => $refreshToken )); + // Associate scopes with the access token if ( ! is_null($session['scope_ids'])) { $scopeIds = explode(',', $session['scope_ids']); From 53a55d4946551819814114534d42244df2471c5c Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 29 Apr 2013 10:34:11 +0100 Subject: [PATCH 066/106] Completely scrapped the old SessionInterface and simplified it --- src/OAuth2/Storage/SessionInterface.php | 248 +++++++++--------------- 1 file changed, 92 insertions(+), 156 deletions(-) diff --git a/src/OAuth2/Storage/SessionInterface.php b/src/OAuth2/Storage/SessionInterface.php index 404bade7..4b865045 100644 --- a/src/OAuth2/Storage/SessionInterface.php +++ b/src/OAuth2/Storage/SessionInterface.php @@ -13,187 +13,123 @@ namespace OAuth2\Storage; interface SessionInterface { - /** - * Create a new OAuth session - * - * Example SQL query: - * - * - * INSERT INTO oauth_sessions (client_id, owner_type, owner_id) VALUES ($clientId, $type, $typeId) - * - * INSERT INTO oauth_session_authcodes (session_id, auth_code, auth_code_expires) VALUE - * ($sessionId, $authCode, $authCodeExpires) - * - * INSERT INTO oauth_session_access_tokens (session_id, access_token, access_token_expires) VALUE - * ($sessionId, $accessToken, $accessTokenExpire) - * - * - * @param array $params Session parameters - * @return int The session ID + /** + * Create a new session + * @param string $clientId The client ID + * @param string $ownerType The type of the session owner (e.g. "user") + * @param string $ownerId The ID of the session owner (e.g. "123") + * @return int The session ID */ - public function createSession($params = array()); + public function createSession(string $clientId, string $ownerType, string $ownerId); /** - * Update an OAuth session - * - * Example SQL query: - * - * - * UPDATE oauth_sessions SET auth_code = $authCode, access_token = - * $accessToken, stage = $stage, last_updated = UNIX_TIMESTAMP(NOW()) WHERE - * id = $sessionId - * - * - * @param array $sessionId The session ID - * @return int ID of the access token + * Delete a session + * @param string $clientId The client ID + * @param string $ownerType The type of the session owner (e.g. "user") + * @param string $ownerId The ID of the session owner (e.g. "123") + * @return void */ - public function updateSession($sessionId, $params = array()); + public function deleteSession(string $clientId, string $ownerType, string $ownerId); /** - * Delete an OAuth session - * - * - * DELETE FROM oauth_sessions WHERE client_id = $clientId AND owner_type = - * $type AND owner_id = $typeId - * - * - * @param string $clientId The client ID - * @param string $type The session owner's type - * @param string $typeId The session owner's ID - * @return void + * Associate a redirect URI with a session + * @param int $sessionId The session ID + * @param string $redirectUri The redirect URI + * @return void */ - public function deleteSession($clientId, $type, $typeId); + public function associateRedirectUri(int $sessionId, string $redirectUri); /** - * Validate that an authorisation code is valid - * - * Example SQL query: - * - * - * SELECT oauth_sessions.id FROM oauth_sessions JOIN oauth_session_authcodes ON - * oauth_session_authcodes.`session_id` = oauth_sessions.id JOIN oauth_session_redirects ON - * oauth_session_redirects.`session_id` = oauth_sessions.id WHERE oauth_sessions.client_id = $clientId - * AND oauth_session_authcodes.`auth_code` = $authCode AND - * `oauth_session_authcodes`.`auth_code_expires` >= UNIX_TIMESTAMP(NOW()) AND - * `oauth_session_redirects`.`redirect_uri` = $redirectUri - * - * - * @param string $clientId The client ID - * @param string $redirectUri The redirect URI - * @param string $authCode The authorisation code - * @return array|bool Returns an array with the session ID in the 'id' key if the auth code - * is valid otherwise returns false + * Remove an associated redirect URI + * @param int $sessionId The session ID + * @return void */ - public function validateAuthCode($clientId, $redirectUri, $authCode); + public function removeRedirectUri(int $sessionId); + + /** + * Associate an access token with a session + * @param int $sessionId The session ID + * @param string $accessToken The access token + * @param int $expireTime Unix timestamp of the access token expiry time + * @return void + */ + public function associateAccessToken(int $sessionId, string $accessToken, int $expireTime); + + /** + * Remove an associated access token from a session + * @param int $sessionId The session ID + * @return void + */ + public function removeAccessToken(int $sessionId); + + /** + * Associate a refresh token with a session + * @param int $sessionId The session ID + * @param string $refreshToken The refresh token + * @return void + */ + public function associateRefreshToken(int $sessionId, string $refreshToken); + + /** + * Remove an associated refresh token from a session + * @param int $sessionId The session ID + * @return void + */ + public function removeRefreshToken(int $sessionId); + + /** + * Assocate an authorization code with a session + * @param int $sessionId The session ID + * @param string $authCode The authorization code + * @param int $expireTime Unix timestamp of the access token expiry time + * @param string $scopeIds Comma seperated list of scope IDs to be later associated (default = null) + * @return void + */ + public function associateAuthCode(int $sessionId, string $authCode, int $expireTime, string $scopeIds = null); + + /** + * Remove an associated authorization token from a session + * @param int $sessionId The session ID + * @return void + */ + public function removeAuthCode(int $sessionId); + + /** + * Validate an authorization code + * @param string $clientId The client ID + * @param string $redirectUri The redirect URI + * @param string $authCode The authorization code + * @return void + */ + public function validateAuthCode(string $clientId, string $redirectUri, string $authCode); /** * Validate an access token - * - * Example SQL query: - * - * - * SELECT id, owner_id, owner_type FROM oauth_sessions WHERE access_token = $accessToken - * - * - * Response: - * - * - * Array - * ( - * [id] => (int) The session ID - * [owner_type] => (string) The owner type - * [owner_id] => (string) The owner ID - * ) - * - * - * @param string $accessToken The access token - * @return bool|array Returns false if the validation fails, array on success + * @param string $accessToken [description] + * @return void */ - public function validateAccessToken($accessToken); - - /** - * Return the access token for a given session - * - * Example SQL query: - * - * - * SELECT access_token FROM oauth_sessions WHERE id = $sessionId - * - * - * @param int $sessionId The OAuth session ID - * @return string|null Returns the access token as a string if - * found otherwise returns null - */ - public function getAccessToken($sessionId); + public function validateAccessToken(string $accessToken); /** * Validate a refresh token - * @param string $refreshToken The refresh token - * @param string $clientId The client ID - * @return bool|int The session ID, or false on failure - */ - public function validateRefreshToken($refreshToken, $clientId); - - /** - * Update the refresh token - * - * Example SQL query: - * - * - * UPDATE oauth_sessions SET access_token = $newAccessToken, refresh_token = - * $newRefreshToken, access_toke_expires = $accessTokenExpires, last_updated = UNIX_TIMESTAMP(NOW()) WHERE - * id = $sessionId - * - * - * @param string $sessionId The session ID - * @param string $newAccessToken The new access token for this session - * @param string $newRefreshToken The new refresh token for the session - * @param int $accessTokenExpires The UNIX timestamp of when the new token expires + * @param string $accessToken The access token * @return void */ - public function updateRefreshToken($sessionId, $newAccessToken, $newRefreshToken, $accessTokenExpires); + public function validateRefreshToken(string $accessToken); /** - * Associates a session with a scope - * - * Example SQL query: - * - * - * INSERT INTO oauth_session_scopes (session_id, scope_id) VALUE ($sessionId, $scopeId) - * - * - * @param int $sessionId The session ID - * @param string $scopeId The scope ID + * Associate a scope with an access token + * @param int $accessTokenId The ID of the access token + * @param int $scopeId The ID of the scope * @return void */ - public function associateScope($accessTokenId, $scopeId); + public function associateScope(int $accessTokenId, int $scopeId); /** - * Return the scopes associated with an access token - * - * Example SQL query: - * - * - * SELECT oauth_scopes.scope FROM oauth_session_scopes JOIN oauth_scopes ON - * oauth_session_scopes.scope_id = oauth_scopes.id WHERE - * session_id = $sessionId - * - * - * Response: - * - * - * Array - * ( - * [0] => (string) The scope - * [1] => (string) The scope - * [2] => (string) The scope - * ... - * ... - * ) - * - * - * @param int $sessionId The session ID + * Get a session's associated scopes + * @param int $accessTokenId The ID of the access token + * @param int $scopeId The ID of the scope] * @return array */ - public function getScopes($sessionId); + public function getScopes(int $accessTokenId, int $scopeId); } From 6751c4d2fe323895f30150e9a91e373140849867 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 29 Apr 2013 10:35:47 +0100 Subject: [PATCH 067/106] Fixed mistake from previous commit --- src/OAuth2/Storage/SessionInterface.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/OAuth2/Storage/SessionInterface.php b/src/OAuth2/Storage/SessionInterface.php index 4b865045..f3201a53 100644 --- a/src/OAuth2/Storage/SessionInterface.php +++ b/src/OAuth2/Storage/SessionInterface.php @@ -126,10 +126,9 @@ interface SessionInterface public function associateScope(int $accessTokenId, int $scopeId); /** - * Get a session's associated scopes - * @param int $accessTokenId The ID of the access token - * @param int $scopeId The ID of the scope] + * Get all associated access tokens for an access token + * @param string $accessToken The access token * @return array */ - public function getScopes(int $accessTokenId, int $scopeId); + public function getScopes(string $accessToken); } From 4034bea6d10bab6aaf24211a28c7e7eb0f0d35a9 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 29 Apr 2013 10:36:35 +0100 Subject: [PATCH 068/106] Updated client credentials grant --- src/OAuth2/Grant/ClientCredentials.php | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/src/OAuth2/Grant/ClientCredentials.php b/src/OAuth2/Grant/ClientCredentials.php index 2909132e..680c55fb 100644 --- a/src/OAuth2/Grant/ClientCredentials.php +++ b/src/OAuth2/Grant/ClientCredentials.php @@ -134,22 +134,15 @@ class ClientCredentials implements GrantTypeInterface { $this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'client', $authParams['client_id']); // Create a new session - $sessionId = $this->authServer->getStorage('session')->createSession( - $authParams['client_id'], - null, - 'client', - $authParams['client_id'], - null, - $accessToken, - null, - $accessTokenExpires, - 'granted' - ); + $sessionId = $this->authServer->getStorage('session')->createSession($authParams['client_id'], 'client', $authParams['client_id']); + + // Add the access token + $accessTokenId = $this->authServer->getStorage('session')->associateAccessToken($sessionId, $accessToken); // Associate scopes with the new session foreach ($authParams['scopes'] as $scope) { - $this->authServer->getStorage('session')->associateScope($sessionId, $scope['id']); + $this->authServer->getStorage('session')->associateScope($accessTokenId, $scope['id']); } $response = array( From b7ca5d330b07c3e8dbd726c30e12d9d493623c53 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 29 Apr 2013 11:02:03 +0100 Subject: [PATCH 069/106] Updated associateRefreshToken --- src/OAuth2/Storage/SessionInterface.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/OAuth2/Storage/SessionInterface.php b/src/OAuth2/Storage/SessionInterface.php index f3201a53..3b5b52d3 100644 --- a/src/OAuth2/Storage/SessionInterface.php +++ b/src/OAuth2/Storage/SessionInterface.php @@ -64,11 +64,11 @@ interface SessionInterface /** * Associate a refresh token with a session - * @param int $sessionId The session ID - * @param string $refreshToken The refresh token + * @param int $accessTokenId The access token ID + * @param string $refreshToken The refresh token * @return void */ - public function associateRefreshToken(int $sessionId, string $refreshToken); + public function associateRefreshToken(int $accessTokenId, string $refreshToken); /** * Remove an associated refresh token from a session From 725ab74e5c839cde8d9635599672590cd8eb70e1 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 29 Apr 2013 11:02:32 +0100 Subject: [PATCH 070/106] Updated PDO session --- src/OAuth2/Storage/PDO/Session.php | 263 ++++++++++++++++++----------- 1 file changed, 169 insertions(+), 94 deletions(-) diff --git a/src/OAuth2/Storage/PDO/Session.php b/src/OAuth2/Storage/PDO/Session.php index 0d6c42ef..37bab24f 100644 --- a/src/OAuth2/Storage/PDO/Session.php +++ b/src/OAuth2/Storage/PDO/Session.php @@ -6,90 +6,163 @@ use OAuth2\Storage\SessionInterface; class Session implements SessionInterface { - public function createSession($params = array()) + /** + * Create a new session + * @param string $clientId The client ID + * @param string $ownerType The type of the session owner (e.g. "user") + * @param string $ownerId The ID of the session owner (e.g. "123") + * @return int The session ID + */ + public function createSession(string $clientId, string $ownerType, string $ownerId) { $db = \ezcDbInstance::get(); $stmt = $db->prepare('INSERT INTO oauth_sessions (client_id, owner_type, owner_id) VALUE (:clientId, :ownerType, :ownerId)'); - $stmt->bindValue(':clientId', $params['client_id']); - $stmt->bindValue(':ownerType', $params['owner_type']); - $stmt->bindValue(':ownerId', $params['owner_id']); + $stmt->bindValue(':clientId', $clientId); + $stmt->bindValue(':ownerType', $ownerType); + $stmt->bindValue(':ownerId', $ownerId); $stmt->execute(); - $sessionId = $db->lastInsertId(); - - if (isset($params['redirect_uri'])) { - $stmt = $db->prepare('INSERT INTO oauth_session_redirects (session_id, redirect_uri) VALUE (:sessionId, :redirectUri)'); - $stmt->bindValue(':sessionId', $sessionId); - $stmt->bindValue(':redirectUri', $params['redirect_uri']); - $stmt->execute(); - } - - if (isset($params['auth_code'])) { - $stmt = $db->prepare('INSERT INTO oauth_session_authcodes (session_id, auth_code, auth_code_expires, scope_ids) VALUE (:sessionId, :authCode, :authCodeExpires, :scopeIds)'); - $stmt->bindValue(':sessionId', $sessionId); - $stmt->bindValue(':authCode', $params['auth_code']); - $stmt->bindValue(':authCodeExpires', time() + 600); - $stmt->bindValue(':scopeIds', isset($params['scope_ids']) ? $params['scope_ids'] : null); - $stmt->execute(); - } - - if (isset($params['access_token'])) { - $stmt = $db->prepare('INSERT INTO oauth_session_access_tokens (session_id, access_token, access_token_expires) VALUE (:sessionId, :accessToken, :accessTokenExpire)'); - $stmt->bindValue(':sessionId', $sessionId); - $stmt->bindValue(':accessToken', $params['access_token']); - $stmt->bindValue(':accessTokenExpire', $params['access_token_expire']); - $stmt->execute(); - - $accessTokenId = $db->lastInsertId(); - - if (isset($params['refresh_token']) && $params['refresh_token'] !== null) { - $stmt = $db->prepare('INSERT INTO oauth_session_refresh_tokens (session_access_token_id, refresh_token) VALUE (:accessTokenId, :refreshToken)'); - $stmt->bindValue(':accessTokenId', $accessTokenId); - $stmt->bindValue(':refreshToken', $params['refresh_token']); - $stmt->execute(); - } - } - - return $sessionId; + return $db->lastInsertId(); } - public function updateSession($sessionId, $params = array()) - { - $db = \ezcDbInstance::get(); - - if (isset($params['access_token'])) { - $stmt = $db->prepare('INSERT INTO oauth_session_access_tokens (session_id, access_token, access_token_expires) VALUE (:sessionId, :accessToken, :accessTokenExpire)'); - $stmt->bindValue(':sessionId', $sessionId); - $stmt->bindValue(':accessToken', $params['access_token']); - $stmt->bindValue(':accessTokenExpire', $params['access_token_expire']); - $stmt->execute(); - - $accessTokenId = $db->lastInsertId(); - - if (isset($params['refresh_token']) && $params['refresh_token'] !== null) { - $stmt = $db->prepare('INSERT INTO oauth_session_refresh_tokens (session_access_token_id, refresh_token) VALUE (:accessTokenId, :refreshToken)'); - $stmt->bindValue(':accessTokenId', $accessTokenId); - $stmt->bindValue(':refreshToken', $params['refresh_token']); - $stmt->execute(); - } - - return $accessTokenId; - } - } - - public function deleteSession($clientId, $type, $typeId) + /** + * Delete a session + * @param string $clientId The client ID + * @param string $ownerType The type of the session owner (e.g. "user") + * @param string $ownerId The ID of the session owner (e.g. "123") + * @return void + */ + public function deleteSession(string $clientId, string $ownerType, string $ownerId) { $db = \ezcDbInstance::get(); $stmt = $db->prepare('DELETE FROM oauth_sessions WHERE client_id = :clientId AND owner_type = :type AND owner_id = :typeId'); $stmt->bindValue(':clientId', $clientId); - $stmt->bindValue(':type', $type); - $stmt->bindValue(':typeId', $typeId); + $stmt->bindValue(':type', $ownerType); + $stmt->bindValue(':typeId', $ownerId); $stmt->execute(); } - public function validateAuthCode($clientId, $redirectUri, $authCode) + /** + * Associate a redirect URI with a session + * @param int $sessionId The session ID + * @param string $redirectUri The redirect URI + * @return void + */ + public function associateRedirectUri(int $sessionId, string $redirectUri) + { + $stmt = $db->prepare('INSERT INTO oauth_session_redirects (session_id, redirect_uri) VALUE (:sessionId, :redirectUri)'); + $stmt->bindValue(':sessionId', $sessionId); + $stmt->bindValue(':redirectUri', $redirectUri); + $stmt->execute(); + } + + /** + * Remove an associated redirect URI + * @param int $sessionId The session ID + * @return void + */ + public function removeRedirectUri(int $sessionId) + { + throw new \Exception('Not implemented - ' . debug_backtrace()[0]['function']); + } + + /** + * Associate an access token with a session + * @param int $sessionId The session ID + * @param string $accessToken The access token + * @param int $expireTime Unix timestamp of the access token expiry time + * @return void + */ + public function associateAccessToken(int $sessionId, string $accessToken, int $expireTime) + { + $stmt = $db->prepare('INSERT INTO oauth_session_access_tokens (session_id, access_token, access_token_expires) VALUE (:sessionId, :accessToken, :accessTokenExpire)'); + $stmt->bindValue(':sessionId', $sessionId); + $stmt->bindValue(':accessToken', $accessToken); + $stmt->bindValue(':accessTokenExpire', $expireTime); + $stmt->execute(); + + return $db->lastInsertId(); + } + + /** + * Remove an associated access token from a session + * @param int $sessionId The session ID + * @return void + */ + public function removeAccessToken(int $sessionId) + { + $stmt = $db->prepare('INSERT INTO oauth_session_refresh_tokens (session_access_token_id, refresh_token) VALUE (:accessTokenId, :refreshToken)'); + $stmt->bindValue(':accessTokenId', $accessTokenId); + $stmt->bindValue(':refreshToken', $params['refresh_token']); + $stmt->execute(); + } + + /** + * Associate a refresh token with a session + * @param int $accessTokenId The access token ID + * @param string $refreshToken The refresh token + * @return void + */ + public function associateRefreshToken(int $accessTokenId, string $refreshToken) + { + $stmt = $db->prepare('INSERT INTO oauth_session_refresh_tokens (session_access_token_id, refresh_token) VALUE (:accessTokenId, :refreshToken)'); + $stmt->bindValue(':accessTokenId', $accessTokenId); + $stmt->bindValue(':refreshToken', $refreshToken); + $stmt->execute(); + } + + /** + * Remove an associated refresh token from a session + * @param int $sessionId The session ID + * @return void + */ + public function removeRefreshToken(int $sessionId) + { + + } + + /** + * Assocate an authorization code with a session + * @param int $sessionId The session ID + * @param string $authCode The authorization code + * @param int $expireTime Unix timestamp of the access token expiry time + * @param string $scopeIds Comma seperated list of scope IDs to be later associated (default = null) + * @return void + */ + public function associateAuthCode(int $sessionId, string $authCode, int $expireTime, string $scopeIds = null) + { + $stmt = $db->prepare('INSERT INTO oauth_session_authcodes (session_id, auth_code, auth_code_expires, scope_ids) VALUE (:sessionId, :authCode, :authCodeExpires, :scopeIds)'); + $stmt->bindValue(':sessionId', $sessionId); + $stmt->bindValue(':authCode', $authCode); + $stmt->bindValue(':authCodeExpires', $expireTime); + $stmt->bindValue(':scopeIds', $scopeIds); + $stmt->execute(); + } + + /** + * Remove an associated authorization token from a session + * @param int $sessionId The session ID + * @return void + */ + public function removeAuthCode(int $sessionId) + { + $db = \ezcDbInstance::get(); + + $stmt = $db->prepare('DELETE FROM oauth_session_authcodes WHERE session_id = :sessionId'); + $stmt->bindValue(':sessionId', $sessionId); + $stmt->execute(); + } + + /** + * Validate an authorization code + * @param string $clientId The client ID + * @param string $redirectUri The redirect URI + * @param string $authCode The authorization code + * @return void + */ + public function validateAuthCode(string $clientId, string $redirectUri, string $authCode) { $db = \ezcDbInstance::get(); @@ -105,36 +178,33 @@ class Session implements SessionInterface return ($result === false) ? false : (array) $result; } - public function deleteAuthCode($sessionId) + /** + * Validate an access token + * @param string $accessToken [description] + * @return void + */ + public function validateAccessToken(string $accessToken) { - $db = \ezcDbInstance::get(); - - $stmt = $db->prepare('DELETE FROM oauth_session_authcodes WHERE session_id = :sessionId'); - $stmt->bindValue(':sessionId', $sessionId); - $stmt->execute(); + throw new \Exception('Not implemented - ' . debug_backtrace()[0]['function']); } - public function validateAccessToken($accessToken) + /** + * Validate a refresh token + * @param string $accessToken The access token + * @return void + */ + public function validateRefreshToken(string $accessToken) { - throw new \Exception('Not implemented '.debug_backtrace()[0]['function']); + throw new \Exception('Not implemented - ' . debug_backtrace()[0]['function']); } - public function getAccessToken($sessionId) - { - throw new \Exception('Not implemented '.debug_backtrace()[0]['function']); - } - - public function validateRefreshToken($refreshToken, $clientId) - { - throw new \Exception('Not implemented '.debug_backtrace()[0]['function']); - } - - public function updateRefreshToken($sessionId, $newAccessToken, $newRefreshToken, $accessTokenExpires) - { - throw new \Exception('Not implemented '.debug_backtrace()[0]['function']); - } - - public function associateScope($accessTokenId, $scopeId) + /** + * Associate a scope with an access token + * @param int $accessTokenId The ID of the access token + * @param int $scopeId The ID of the scope + * @return void + */ + public function associateScope(int $accessTokenId, int $scopeId) { $db = \ezcDbInstance::get(); @@ -144,8 +214,13 @@ class Session implements SessionInterface $stmt->execute(); } - public function getScopes($sessionId) + /** + * Get all associated access tokens for an access token + * @param string $accessToken The access token + * @return array + */ + public function getScopes(string $accessToken) { - throw new \Exception('Not implemented '.debug_backtrace()[0]['function']); + throw new \Exception('Not implemented - ' . debug_backtrace()[0]['function']); } } \ No newline at end of file From 757d2a4fd9e593d5b4afaf0055923641fcbcbdf6 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 29 Apr 2013 11:11:16 +0100 Subject: [PATCH 071/106] Removed scalar type hinting because it isn't supported --- src/OAuth2/Storage/PDO/Session.php | 32 ++++++++++++------------- src/OAuth2/Storage/SessionInterface.php | 30 +++++++++++------------ 2 files changed, 31 insertions(+), 31 deletions(-) diff --git a/src/OAuth2/Storage/PDO/Session.php b/src/OAuth2/Storage/PDO/Session.php index 37bab24f..a51fe808 100644 --- a/src/OAuth2/Storage/PDO/Session.php +++ b/src/OAuth2/Storage/PDO/Session.php @@ -13,7 +13,7 @@ class Session implements SessionInterface * @param string $ownerId The ID of the session owner (e.g. "123") * @return int The session ID */ - public function createSession(string $clientId, string $ownerType, string $ownerId) + public function createSession($clientId, $ownerType, $ownerId) { $db = \ezcDbInstance::get(); @@ -33,7 +33,7 @@ class Session implements SessionInterface * @param string $ownerId The ID of the session owner (e.g. "123") * @return void */ - public function deleteSession(string $clientId, string $ownerType, string $ownerId) + public function deleteSession($clientId, $ownerType, $ownerId) { $db = \ezcDbInstance::get(); @@ -50,7 +50,7 @@ class Session implements SessionInterface * @param string $redirectUri The redirect URI * @return void */ - public function associateRedirectUri(int $sessionId, string $redirectUri) + public function associateRedirectUri($sessionId, $redirectUri) { $stmt = $db->prepare('INSERT INTO oauth_session_redirects (session_id, redirect_uri) VALUE (:sessionId, :redirectUri)'); $stmt->bindValue(':sessionId', $sessionId); @@ -63,7 +63,7 @@ class Session implements SessionInterface * @param int $sessionId The session ID * @return void */ - public function removeRedirectUri(int $sessionId) + public function removeRedirectUri($sessionId) { throw new \Exception('Not implemented - ' . debug_backtrace()[0]['function']); } @@ -75,7 +75,7 @@ class Session implements SessionInterface * @param int $expireTime Unix timestamp of the access token expiry time * @return void */ - public function associateAccessToken(int $sessionId, string $accessToken, int $expireTime) + public function associateAccessToken($sessionId, $accessToken, $expireTime) { $stmt = $db->prepare('INSERT INTO oauth_session_access_tokens (session_id, access_token, access_token_expires) VALUE (:sessionId, :accessToken, :accessTokenExpire)'); $stmt->bindValue(':sessionId', $sessionId); @@ -91,7 +91,7 @@ class Session implements SessionInterface * @param int $sessionId The session ID * @return void */ - public function removeAccessToken(int $sessionId) + public function removeAccessToken($sessionId) { $stmt = $db->prepare('INSERT INTO oauth_session_refresh_tokens (session_access_token_id, refresh_token) VALUE (:accessTokenId, :refreshToken)'); $stmt->bindValue(':accessTokenId', $accessTokenId); @@ -102,10 +102,10 @@ class Session implements SessionInterface /** * Associate a refresh token with a session * @param int $accessTokenId The access token ID - * @param string $refreshToken The refresh token + * @param $refreshToken The refresh token * @return void */ - public function associateRefreshToken(int $accessTokenId, string $refreshToken) + public function associateRefreshToken($accessTokenId, $refreshToken) { $stmt = $db->prepare('INSERT INTO oauth_session_refresh_tokens (session_access_token_id, refresh_token) VALUE (:accessTokenId, :refreshToken)'); $stmt->bindValue(':accessTokenId', $accessTokenId); @@ -118,7 +118,7 @@ class Session implements SessionInterface * @param int $sessionId The session ID * @return void */ - public function removeRefreshToken(int $sessionId) + public function removeRefreshToken($sessionId) { } @@ -131,7 +131,7 @@ class Session implements SessionInterface * @param string $scopeIds Comma seperated list of scope IDs to be later associated (default = null) * @return void */ - public function associateAuthCode(int $sessionId, string $authCode, int $expireTime, string $scopeIds = null) + public function associateAuthCode($sessionId, $authCode, $expireTime, $scopeIds = null) { $stmt = $db->prepare('INSERT INTO oauth_session_authcodes (session_id, auth_code, auth_code_expires, scope_ids) VALUE (:sessionId, :authCode, :authCodeExpires, :scopeIds)'); $stmt->bindValue(':sessionId', $sessionId); @@ -146,7 +146,7 @@ class Session implements SessionInterface * @param int $sessionId The session ID * @return void */ - public function removeAuthCode(int $sessionId) + public function removeAuthCode($sessionId) { $db = \ezcDbInstance::get(); @@ -162,7 +162,7 @@ class Session implements SessionInterface * @param string $authCode The authorization code * @return void */ - public function validateAuthCode(string $clientId, string $redirectUri, string $authCode) + public function validateAuthCode($clientId, $redirectUri, $authCode) { $db = \ezcDbInstance::get(); @@ -183,7 +183,7 @@ class Session implements SessionInterface * @param string $accessToken [description] * @return void */ - public function validateAccessToken(string $accessToken) + public function validateAccessToken($accessToken) { throw new \Exception('Not implemented - ' . debug_backtrace()[0]['function']); } @@ -193,7 +193,7 @@ class Session implements SessionInterface * @param string $accessToken The access token * @return void */ - public function validateRefreshToken(string $accessToken) + public function validateRefreshToken($accessToken) { throw new \Exception('Not implemented - ' . debug_backtrace()[0]['function']); } @@ -204,7 +204,7 @@ class Session implements SessionInterface * @param int $scopeId The ID of the scope * @return void */ - public function associateScope(int $accessTokenId, int $scopeId) + public function associateScope($accessTokenId, $scopeId) { $db = \ezcDbInstance::get(); @@ -219,7 +219,7 @@ class Session implements SessionInterface * @param string $accessToken The access token * @return array */ - public function getScopes(string $accessToken) + public function getScopes($accessToken) { throw new \Exception('Not implemented - ' . debug_backtrace()[0]['function']); } diff --git a/src/OAuth2/Storage/SessionInterface.php b/src/OAuth2/Storage/SessionInterface.php index 3b5b52d3..5264e4a9 100644 --- a/src/OAuth2/Storage/SessionInterface.php +++ b/src/OAuth2/Storage/SessionInterface.php @@ -20,7 +20,7 @@ interface SessionInterface * @param string $ownerId The ID of the session owner (e.g. "123") * @return int The session ID */ - public function createSession(string $clientId, string $ownerType, string $ownerId); + public function createSession($clientId, $ownerType, $ownerId); /** * Delete a session @@ -29,7 +29,7 @@ interface SessionInterface * @param string $ownerId The ID of the session owner (e.g. "123") * @return void */ - public function deleteSession(string $clientId, string $ownerType, string $ownerId); + public function deleteSession($clientId, $ownerType, $ownerId); /** * Associate a redirect URI with a session @@ -37,14 +37,14 @@ interface SessionInterface * @param string $redirectUri The redirect URI * @return void */ - public function associateRedirectUri(int $sessionId, string $redirectUri); + public function associateRedirectUri($sessionId, $redirectUri); /** * Remove an associated redirect URI * @param int $sessionId The session ID * @return void */ - public function removeRedirectUri(int $sessionId); + public function removeRedirectUri($sessionId); /** * Associate an access token with a session @@ -53,14 +53,14 @@ interface SessionInterface * @param int $expireTime Unix timestamp of the access token expiry time * @return void */ - public function associateAccessToken(int $sessionId, string $accessToken, int $expireTime); + public function associateAccessToken($sessionId, $accessToken, $expireTime); /** * Remove an associated access token from a session * @param int $sessionId The session ID * @return void */ - public function removeAccessToken(int $sessionId); + public function removeAccessToken($sessionId); /** * Associate a refresh token with a session @@ -68,14 +68,14 @@ interface SessionInterface * @param string $refreshToken The refresh token * @return void */ - public function associateRefreshToken(int $accessTokenId, string $refreshToken); + public function associateRefreshToken($accessTokenId, $refreshToken); /** * Remove an associated refresh token from a session * @param int $sessionId The session ID * @return void */ - public function removeRefreshToken(int $sessionId); + public function removeRefreshToken($sessionId); /** * Assocate an authorization code with a session @@ -85,14 +85,14 @@ interface SessionInterface * @param string $scopeIds Comma seperated list of scope IDs to be later associated (default = null) * @return void */ - public function associateAuthCode(int $sessionId, string $authCode, int $expireTime, string $scopeIds = null); + public function associateAuthCode($sessionId, $authCode, $expireTime, $scopeIds = null); /** * Remove an associated authorization token from a session * @param int $sessionId The session ID * @return void */ - public function removeAuthCode(int $sessionId); + public function removeAuthCode($sessionId); /** * Validate an authorization code @@ -101,21 +101,21 @@ interface SessionInterface * @param string $authCode The authorization code * @return void */ - public function validateAuthCode(string $clientId, string $redirectUri, string $authCode); + public function validateAuthCode($clientId, $redirectUri, $authCode); /** * Validate an access token * @param string $accessToken [description] * @return void */ - public function validateAccessToken(string $accessToken); + public function validateAccessToken($accessToken); /** * Validate a refresh token * @param string $accessToken The access token * @return void */ - public function validateRefreshToken(string $accessToken); + public function validateRefreshToken($accessToken); /** * Associate a scope with an access token @@ -123,12 +123,12 @@ interface SessionInterface * @param int $scopeId The ID of the scope * @return void */ - public function associateScope(int $accessTokenId, int $scopeId); + public function associateScope($accessTokenId, $scopeId); /** * Get all associated access tokens for an access token * @param string $accessToken The access token * @return array */ - public function getScopes(string $accessToken); + public function getScopes($accessToken); } From 325242e3aa048739065268d232cc15e31f21604e Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 29 Apr 2013 11:12:35 +0100 Subject: [PATCH 072/106] Added missing third parameter --- src/OAuth2/Grant/ClientCredentials.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/OAuth2/Grant/ClientCredentials.php b/src/OAuth2/Grant/ClientCredentials.php index 680c55fb..4a520ee7 100644 --- a/src/OAuth2/Grant/ClientCredentials.php +++ b/src/OAuth2/Grant/ClientCredentials.php @@ -137,7 +137,7 @@ class ClientCredentials implements GrantTypeInterface { $sessionId = $this->authServer->getStorage('session')->createSession($authParams['client_id'], 'client', $authParams['client_id']); // Add the access token - $accessTokenId = $this->authServer->getStorage('session')->associateAccessToken($sessionId, $accessToken); + $accessTokenId = $this->authServer->getStorage('session')->associateAccessToken($sessionId, $accessToken, $accessTokenExpires); // Associate scopes with the new session foreach ($authParams['scopes'] as $scope) From b39a9a5edc0737d795de31663476f528a07c868b Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 29 Apr 2013 11:13:31 +0100 Subject: [PATCH 073/106] Added missing DB instance::get() calls --- src/OAuth2/Storage/PDO/Session.php | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/OAuth2/Storage/PDO/Session.php b/src/OAuth2/Storage/PDO/Session.php index a51fe808..6fa098e6 100644 --- a/src/OAuth2/Storage/PDO/Session.php +++ b/src/OAuth2/Storage/PDO/Session.php @@ -52,6 +52,8 @@ class Session implements SessionInterface */ public function associateRedirectUri($sessionId, $redirectUri) { + $db = \ezcDbInstance::get(); + $stmt = $db->prepare('INSERT INTO oauth_session_redirects (session_id, redirect_uri) VALUE (:sessionId, :redirectUri)'); $stmt->bindValue(':sessionId', $sessionId); $stmt->bindValue(':redirectUri', $redirectUri); @@ -77,6 +79,8 @@ class Session implements SessionInterface */ public function associateAccessToken($sessionId, $accessToken, $expireTime) { + $db = \ezcDbInstance::get(); + $stmt = $db->prepare('INSERT INTO oauth_session_access_tokens (session_id, access_token, access_token_expires) VALUE (:sessionId, :accessToken, :accessTokenExpire)'); $stmt->bindValue(':sessionId', $sessionId); $stmt->bindValue(':accessToken', $accessToken); @@ -93,6 +97,8 @@ class Session implements SessionInterface */ public function removeAccessToken($sessionId) { + $db = \ezcDbInstance::get(); + $stmt = $db->prepare('INSERT INTO oauth_session_refresh_tokens (session_access_token_id, refresh_token) VALUE (:accessTokenId, :refreshToken)'); $stmt->bindValue(':accessTokenId', $accessTokenId); $stmt->bindValue(':refreshToken', $params['refresh_token']); @@ -133,6 +139,8 @@ class Session implements SessionInterface */ public function associateAuthCode($sessionId, $authCode, $expireTime, $scopeIds = null) { + $db = \ezcDbInstance::get(); + $stmt = $db->prepare('INSERT INTO oauth_session_authcodes (session_id, auth_code, auth_code_expires, scope_ids) VALUE (:sessionId, :authCode, :authCodeExpires, :scopeIds)'); $stmt->bindValue(':sessionId', $sessionId); $stmt->bindValue(':authCode', $authCode); From 2dcb81d93cb52ce28b1f45a39bc4ca35a8daecd4 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 29 Apr 2013 11:25:23 +0100 Subject: [PATCH 074/106] Updated newAuthoriseRequest --- src/OAuth2/Grant/AuthCode.php | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/src/OAuth2/Grant/AuthCode.php b/src/OAuth2/Grant/AuthCode.php index e9044db2..2da7701b 100644 --- a/src/OAuth2/Grant/AuthCode.php +++ b/src/OAuth2/Grant/AuthCode.php @@ -165,14 +165,13 @@ class AuthCode implements GrantTypeInterface { } // Create a new session - $sessionId = $this->authServer->getStorage('session')->createSession(array( - 'client_id' => $authParams['client_id'], - 'owner_type' => $type, - 'owner_id' => $typeId, - 'redirect_uri' =>$authParams['redirect_uri'], - 'auth_code' => $authCode, - 'scope_ids' => implode(',', $scopeIds) - )); + $sessionId = $this->authServer->getStorage('session')->createSession($authParams['client_id'], $type, $typeId); + + // Associate a redirect URI + $this->authServer->getStorage('session')->associateRedirectUri($sessionId, $authParams['redirect_uri']); + + // Associate the auth code + $this->authServer->getStorage('session')->associateAuthCode($sessionId, $authCode, time()+600, implode(',', $scopeIds)); return $authCode; } From 13c67c9a40a9faf470ff24100a127df5c7c868c2 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 29 Apr 2013 11:31:07 +0100 Subject: [PATCH 075/106] Updated completeFlow --- src/OAuth2/Grant/AuthCode.php | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/src/OAuth2/Grant/AuthCode.php b/src/OAuth2/Grant/AuthCode.php index 2da7701b..ba3b47a6 100644 --- a/src/OAuth2/Grant/AuthCode.php +++ b/src/OAuth2/Grant/AuthCode.php @@ -222,18 +222,14 @@ class AuthCode implements GrantTypeInterface { // A session ID was returned so update it with an access token and remove the authorisation code $accessToken = SecureKey::make(); - $refreshToken = ($this->authServer->hasGrantType('refresh_token')) ? SecureKey::make() : null; - $accessTokenExpires = time() + $this->authServer->getExpiresIn(); $accessTokenExpiresIn = $this->authServer->getExpiresIn(); - $this->authServer->getStorage('session')->deleteAuthCode($session['id']); + // Remove the auth code + $this->authServer->getStorage('session')->removeAuthCode($session['id']); - $accessTokenId = $this->authServer->getStorage('session')->updateSession($session['id'], array( - 'access_token' => $accessToken, - 'access_token_expire' => $accessTokenExpires, - 'refresh_token' => $refreshToken - )); + // Create an access token + $accessTokenId = $this->authServer->getStorage('session')->associateAccessToken($session['id'], $accessToken, $accessTokenExpires)); // Associate scopes with the access token if ( ! is_null($session['scope_ids'])) { @@ -251,7 +247,10 @@ class AuthCode implements GrantTypeInterface { 'expires_in' => $accessTokenExpiresIn ); + // Associate a refresh token if set if ($this->authServer->hasGrantType('refresh_token')) { + $refreshToken = SecureKey::make(); + $this->authServer->getStorage('session')->associateRefreshToken($accessTokenId, $refreshToken); $response['refresh_token'] = $refreshToken; } From 1696903b8b55760f862fa376e43d77ddbf3f6c45 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 29 Apr 2013 11:53:20 +0100 Subject: [PATCH 076/106] Removed extra bracket --- src/OAuth2/Grant/AuthCode.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/OAuth2/Grant/AuthCode.php b/src/OAuth2/Grant/AuthCode.php index ba3b47a6..b0edc0b0 100644 --- a/src/OAuth2/Grant/AuthCode.php +++ b/src/OAuth2/Grant/AuthCode.php @@ -229,7 +229,7 @@ class AuthCode implements GrantTypeInterface { $this->authServer->getStorage('session')->removeAuthCode($session['id']); // Create an access token - $accessTokenId = $this->authServer->getStorage('session')->associateAccessToken($session['id'], $accessToken, $accessTokenExpires)); + $accessTokenId = $this->authServer->getStorage('session')->associateAccessToken($session['id'], $accessToken, $accessTokenExpires); // Associate scopes with the access token if ( ! is_null($session['scope_ids'])) { From 14cff9ea44ac08f6ddd50f7c5b22ca5645177eee Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 29 Apr 2013 11:59:45 +0100 Subject: [PATCH 077/106] Added missing db init --- src/OAuth2/Storage/PDO/Session.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/OAuth2/Storage/PDO/Session.php b/src/OAuth2/Storage/PDO/Session.php index 6fa098e6..23ab75f1 100644 --- a/src/OAuth2/Storage/PDO/Session.php +++ b/src/OAuth2/Storage/PDO/Session.php @@ -113,6 +113,8 @@ class Session implements SessionInterface */ public function associateRefreshToken($accessTokenId, $refreshToken) { + $db = \ezcDbInstance::get(); + $stmt = $db->prepare('INSERT INTO oauth_session_refresh_tokens (session_access_token_id, refresh_token) VALUE (:accessTokenId, :refreshToken)'); $stmt->bindValue(':accessTokenId', $accessTokenId); $stmt->bindValue(':refreshToken', $refreshToken); @@ -126,7 +128,7 @@ class Session implements SessionInterface */ public function removeRefreshToken($sessionId) { - + throw new \Exception('Not implemented - ' . debug_backtrace()[0]['function']); } /** From 18eea191ed4bbceb78003f9c33b180a732c701e3 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Tue, 30 Apr 2013 14:28:40 +0100 Subject: [PATCH 078/106] Fixed docblock --- src/OAuth2/Storage/PDO/Session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/OAuth2/Storage/PDO/Session.php b/src/OAuth2/Storage/PDO/Session.php index 23ab75f1..5c6fa473 100644 --- a/src/OAuth2/Storage/PDO/Session.php +++ b/src/OAuth2/Storage/PDO/Session.php @@ -108,7 +108,7 @@ class Session implements SessionInterface /** * Associate a refresh token with a session * @param int $accessTokenId The access token ID - * @param $refreshToken The refresh token + * @param string $refreshToken The refresh token * @return void */ public function associateRefreshToken($accessTokenId, $refreshToken) From 85a53d74705a7e4729302140da81ece00023738e Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Tue, 30 Apr 2013 14:28:59 +0100 Subject: [PATCH 079/106] Fixed Password grant to match past updates --- src/OAuth2/Grant/Password.php | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/src/OAuth2/Grant/Password.php b/src/OAuth2/Grant/Password.php index e82c03b7..23965d40 100644 --- a/src/OAuth2/Grant/Password.php +++ b/src/OAuth2/Grant/Password.php @@ -178,22 +178,15 @@ class Password implements GrantTypeInterface { $this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'user', $userId); // Create a new session - $sessionId = $this->authServer->getStorage('session')->createSession( - $authParams['client_id'], - null, - 'user', - $userId, - null, - $accessToken, - $refreshToken, - $accessTokenExpires, - 'granted' - ); + $sessionId = $this->authServer->getStorage('session')->createSession($authParams['client_id'], 'user', $userId); - // Associate scopes with the new session + // Associate an access token with the session + $accessTokenId = $this->authServer->getStorage('session')->associateAccessToken($sessionId, $accessToken, $accessTokenExpires); + + // Associate scopes with the access token foreach ($authParams['scopes'] as $scope) { - $this->authServer->getStorage('session')->associateScope($sessionId, $scope['id']); + $this->authServer->getStorage('session')->associateScope($accessTokenId, $scope['id']); } $response = array( @@ -203,7 +196,10 @@ class Password implements GrantTypeInterface { 'expires_in' => $accessTokenExpiresIn ); + // Associate a refresh token if set if ($this->authServer->hasGrantType('refresh_token')) { + $refreshToken = SecureKey::make(); + $this->authServer->getStorage('session')->associateRefreshToken($accessTokenId, $refreshToken); $response['refresh_token'] = $refreshToken; } From c73d45fc07032c5260b766cf451109b6454e0c74 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Tue, 30 Apr 2013 14:33:30 +0100 Subject: [PATCH 080/106] PSR-2 fix --- src/OAuth2/Grant/Password.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/OAuth2/Grant/Password.php b/src/OAuth2/Grant/Password.php index 23965d40..4f95acfc 100644 --- a/src/OAuth2/Grant/Password.php +++ b/src/OAuth2/Grant/Password.php @@ -184,8 +184,7 @@ class Password implements GrantTypeInterface { $accessTokenId = $this->authServer->getStorage('session')->associateAccessToken($sessionId, $accessToken, $accessTokenExpires); // Associate scopes with the access token - foreach ($authParams['scopes'] as $scope) - { + foreach ($authParams['scopes'] as $scope) { $this->authServer->getStorage('session')->associateScope($accessTokenId, $scope['id']); } From a6616341949746ca2a71fd3746c2aa1ab3eba289 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Tue, 30 Apr 2013 15:07:44 +0100 Subject: [PATCH 081/106] Updated refresh token grant --- src/OAuth2/Grant/RefreshToken.php | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/src/OAuth2/Grant/RefreshToken.php b/src/OAuth2/Grant/RefreshToken.php index b8f62805..538d75bd 100644 --- a/src/OAuth2/Grant/RefreshToken.php +++ b/src/OAuth2/Grant/RefreshToken.php @@ -102,23 +102,31 @@ class RefreshToken implements GrantTypeInterface { } // Validate refresh token - $sessionId = $this->authServer->getStorage('session')->validateRefreshToken( - $authParams['refresh_token'], - $authParams['client_id'] - ); + $accessTokenId = $this->authServer->getStorage('session')->validateRefreshToken($authParams['refresh_token']); - if ($sessionId === false) { + if ($accessTokenId === false) { throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_refresh'), 0); } - // Generate new tokens - $accessToken = SecureKey::make(); - $refreshToken = ($this->authServer->hasGrantType('refresh_token')) ? SecureKey::make() : null; + // Get the existing access token + $accessTokenDetails = $this->authServer->getStorage('session')->getAccessToken($accessTokenId); + // Get the scopes for the existing access token + $scopes = $this->authServer->getStorage('session')->getScopes($accessTokenDetails['access_token']); + + // Generate new tokens and associate them to the session + $accessToken = SecureKey::make(); $accessTokenExpires = time() + $this->authServer->getExpiresIn(); $accessTokenExpiresIn = $this->authServer->getExpiresIn(); + $refreshToken = SecureKey::make(); - $this->authServer->getStorage('session')->updateRefreshToken($sessionId, $accessToken, $refreshToken, $accessTokenExpires); + $newAccessTokenId = $this->authServer->getStorage('session')->associateAccessToken($accessTokenDetails['session_id'], $accessToken, $accessTokenExpires); + + foreach ($scopes as $scope) { + $this->authServer->getStorage('session')->associateScope($newAccessTokenId, $scope['id']); + } + + $this->authServer->getStorage('session')->associateRefreshToken($newAccessTokenId, $refreshToken); return array( 'access_token' => $accessToken, From 5b03859467c39bd1a4298393a339a0feefde86ad Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Tue, 30 Apr 2013 15:08:03 +0100 Subject: [PATCH 082/106] Removed unnecessary code --- src/OAuth2/Grant/Password.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/OAuth2/Grant/Password.php b/src/OAuth2/Grant/Password.php index 4f95acfc..b8d098db 100644 --- a/src/OAuth2/Grant/Password.php +++ b/src/OAuth2/Grant/Password.php @@ -169,8 +169,6 @@ class Password implements GrantTypeInterface { // Generate an access token $accessToken = SecureKey::make(); - $refreshToken = ($this->authServer->hasGrantType('refresh_token')) ? SecureKey::make() : null; - $accessTokenExpires = time() + $this->authServer->getExpiresIn(); $accessTokenExpiresIn = $this->authServer->getExpiresIn(); From c0d8a2c4fbb90eba1e456165c0ba844636a2ad1e Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Tue, 30 Apr 2013 15:08:20 +0100 Subject: [PATCH 083/106] Lots of updated functions --- src/OAuth2/Storage/PDO/Session.php | 62 ++++++++++++++++++++++++------ 1 file changed, 50 insertions(+), 12 deletions(-) diff --git a/src/OAuth2/Storage/PDO/Session.php b/src/OAuth2/Storage/PDO/Session.php index 5c6fa473..ed1f8bc0 100644 --- a/src/OAuth2/Storage/PDO/Session.php +++ b/src/OAuth2/Storage/PDO/Session.php @@ -17,7 +17,8 @@ class Session implements SessionInterface { $db = \ezcDbInstance::get(); - $stmt = $db->prepare('INSERT INTO oauth_sessions (client_id, owner_type, owner_id) VALUE (:clientId, :ownerType, :ownerId)'); + $stmt = $db->prepare('INSERT INTO oauth_sessions (client_id, owner_type, owner_id) VALUE + (:clientId, :ownerType, :ownerId)'); $stmt->bindValue(':clientId', $clientId); $stmt->bindValue(':ownerType', $ownerType); $stmt->bindValue(':ownerId', $ownerId); @@ -37,7 +38,8 @@ class Session implements SessionInterface { $db = \ezcDbInstance::get(); - $stmt = $db->prepare('DELETE FROM oauth_sessions WHERE client_id = :clientId AND owner_type = :type AND owner_id = :typeId'); + $stmt = $db->prepare('DELETE FROM oauth_sessions WHERE client_id = :clientId AND + owner_type = :type AND owner_id = :typeId'); $stmt->bindValue(':clientId', $clientId); $stmt->bindValue(':type', $ownerType); $stmt->bindValue(':typeId', $ownerId); @@ -54,7 +56,8 @@ class Session implements SessionInterface { $db = \ezcDbInstance::get(); - $stmt = $db->prepare('INSERT INTO oauth_session_redirects (session_id, redirect_uri) VALUE (:sessionId, :redirectUri)'); + $stmt = $db->prepare('INSERT INTO oauth_session_redirects (session_id, redirect_uri) + VALUE (:sessionId, :redirectUri)'); $stmt->bindValue(':sessionId', $sessionId); $stmt->bindValue(':redirectUri', $redirectUri); $stmt->execute(); @@ -81,7 +84,8 @@ class Session implements SessionInterface { $db = \ezcDbInstance::get(); - $stmt = $db->prepare('INSERT INTO oauth_session_access_tokens (session_id, access_token, access_token_expires) VALUE (:sessionId, :accessToken, :accessTokenExpire)'); + $stmt = $db->prepare('INSERT INTO oauth_session_access_tokens (session_id, access_token, access_token_expires) + VALUE (:sessionId, :accessToken, :accessTokenExpire)'); $stmt->bindValue(':sessionId', $sessionId); $stmt->bindValue(':accessToken', $accessToken); $stmt->bindValue(':accessTokenExpire', $expireTime); @@ -99,7 +103,8 @@ class Session implements SessionInterface { $db = \ezcDbInstance::get(); - $stmt = $db->prepare('INSERT INTO oauth_session_refresh_tokens (session_access_token_id, refresh_token) VALUE (:accessTokenId, :refreshToken)'); + $stmt = $db->prepare('INSERT INTO oauth_session_refresh_tokens (session_access_token_id, refresh_token) VALUE + (:accessTokenId, :refreshToken)'); $stmt->bindValue(':accessTokenId', $accessTokenId); $stmt->bindValue(':refreshToken', $params['refresh_token']); $stmt->execute(); @@ -115,7 +120,8 @@ class Session implements SessionInterface { $db = \ezcDbInstance::get(); - $stmt = $db->prepare('INSERT INTO oauth_session_refresh_tokens (session_access_token_id, refresh_token) VALUE (:accessTokenId, :refreshToken)'); + $stmt = $db->prepare('INSERT INTO oauth_session_refresh_tokens (session_access_token_id, refresh_token) VALUE + (:accessTokenId, :refreshToken)'); $stmt->bindValue(':accessTokenId', $accessTokenId); $stmt->bindValue(':refreshToken', $refreshToken); $stmt->execute(); @@ -143,7 +149,8 @@ class Session implements SessionInterface { $db = \ezcDbInstance::get(); - $stmt = $db->prepare('INSERT INTO oauth_session_authcodes (session_id, auth_code, auth_code_expires, scope_ids) VALUE (:sessionId, :authCode, :authCodeExpires, :scopeIds)'); + $stmt = $db->prepare('INSERT INTO oauth_session_authcodes (session_id, auth_code, auth_code_expires, scope_ids) + VALUE (:sessionId, :authCode, :authCodeExpires, :scopeIds)'); $stmt->bindValue(':sessionId', $sessionId); $stmt->bindValue(':authCode', $authCode); $stmt->bindValue(':authCodeExpires', $expireTime); @@ -176,7 +183,12 @@ class Session implements SessionInterface { $db = \ezcDbInstance::get(); - $stmt = $db->prepare('SELECT oauth_sessions.id, oauth_session_authcodes.scope_ids FROM oauth_sessions JOIN oauth_session_authcodes ON oauth_session_authcodes.`session_id` = oauth_sessions.id JOIN oauth_session_redirects ON oauth_session_redirects.`session_id` = oauth_sessions.id WHERE oauth_sessions.client_id = :clientId AND oauth_session_authcodes.`auth_code` = :authCode AND `oauth_session_authcodes`.`auth_code_expires` >= :time AND `oauth_session_redirects`.`redirect_uri` = :redirectUri'); + $stmt = $db->prepare('SELECT oauth_sessions.id, oauth_session_authcodes.scope_ids FROM oauth_sessions JOIN + oauth_session_authcodes ON oauth_session_authcodes.`session_id` = oauth_sessions.id JOIN + oauth_session_redirects ON oauth_session_redirects.`session_id` = oauth_sessions.id WHERE + oauth_sessions.client_id = :clientId AND oauth_session_authcodes.`auth_code` = :authCode AND + `oauth_session_authcodes`.`auth_code_expires` >= :time AND `oauth_session_redirects`.`redirect_uri` + = :redirectUri'); $stmt->bindValue(':clientId', $clientId); $stmt->bindValue(':redirectUri', $redirectUri); $stmt->bindValue(':authCode', $authCode); @@ -200,12 +212,37 @@ class Session implements SessionInterface /** * Validate a refresh token - * @param string $accessToken The access token + * @param string $refreshToken The access token * @return void */ - public function validateRefreshToken($accessToken) + public function validateRefreshToken($refreshToken) { - throw new \Exception('Not implemented - ' . debug_backtrace()[0]['function']); + $db = \ezcDbInstance::get(); + + $stmt = $db->prepare('SELECT session_access_token_id FROM `oauth_session_refresh_tokens` WHERE + refresh_token = :refreshToken'); + $stmt->bindValue(':refreshToken', $refreshToken); + $stmt->execute(); + + $result = $stmt->fetchObject(); + return ($result === false) ? false : $result->session_access_token_id; + } + + /** + * Get an access token by ID + * @param int $accessTokenId The access token ID + * @return array + */ + public function getAccessToken($accessTokenId) + { + $db = \ezcDbInstance::get(); + + $stmt = $db->prepare('SELECT * FROM `oauth_session_access_tokens` WHERE `id` = :accessTokenId'); + $stmt->bindValue(':accessTokenId', $accessTokenId); + $stmt->execute(); + + $result = $stmt->fetchObject(); + return ($result === false) ? false : (array) $result; } /** @@ -218,7 +255,8 @@ class Session implements SessionInterface { $db = \ezcDbInstance::get(); - $stmt = $db->prepare('INSERT INTO `oauth_session_token_scopes` (`session_access_token_id`, `scope_id`) VALUE (:accessTokenId, :scopeId)'); + $stmt = $db->prepare('INSERT INTO `oauth_session_token_scopes` (`session_access_token_id`, `scope_id`) + VALUE (:accessTokenId, :scopeId)'); $stmt->bindValue(':accessTokenId', $accessTokenId); $stmt->bindValue(':scopeId', $scopeId); $stmt->execute(); From d149490c789d631ea8a6f06e1bd26fbf98e29dbd Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Tue, 30 Apr 2013 15:32:07 +0100 Subject: [PATCH 084/106] Updated getScopes --- src/OAuth2/Storage/PDO/Session.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/OAuth2/Storage/PDO/Session.php b/src/OAuth2/Storage/PDO/Session.php index ed1f8bc0..bff184a1 100644 --- a/src/OAuth2/Storage/PDO/Session.php +++ b/src/OAuth2/Storage/PDO/Session.php @@ -269,6 +269,12 @@ class Session implements SessionInterface */ public function getScopes($accessToken) { - throw new \Exception('Not implemented - ' . debug_backtrace()[0]['function']); + $db = \ezcDbInstance::get(); + + $stmt = $db->prepare('SELECT oauth_scopes.* FROM oauth_session_token_scopes JOIN oauth_session_access_tokens ON oauth_session_access_tokens.`id` = `oauth_session_token_scopes`.`session_access_token_id` JOIN oauth_scopes ON oauth_scopes.id = `oauth_session_token_scopes`.`scope_id` WHERE access_token = :accessToken'); + $stmt->bindValue(':accessToken', $accessToken); + + $result = $stmt->fetchObject(); + return ($result === false) ? array() : (array) $result; } } \ No newline at end of file From 2a3ae641ab3222bd578ba9aa8cf2470671e3e07c Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Tue, 30 Apr 2013 15:38:48 +0100 Subject: [PATCH 085/106] Added getAccessToken, fixed validateRefreshToken docblock --- src/OAuth2/Storage/SessionInterface.php | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/OAuth2/Storage/SessionInterface.php b/src/OAuth2/Storage/SessionInterface.php index 5264e4a9..b9ca2118 100644 --- a/src/OAuth2/Storage/SessionInterface.php +++ b/src/OAuth2/Storage/SessionInterface.php @@ -112,10 +112,17 @@ interface SessionInterface /** * Validate a refresh token - * @param string $accessToken The access token + * @param string $refreshToken The access token * @return void */ - public function validateRefreshToken($accessToken); + public function validateRefreshToken($refreshToken); + + /** + * Get an access token by ID + * @param int $accessTokenId The access token ID + * @return array + */ + public function getAccessToken($accessTokenId); /** * Associate a scope with an access token From b9570ac6b07e29b5f04054ec5f110d2d71c78b9f Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Tue, 30 Apr 2013 15:48:11 +0100 Subject: [PATCH 086/106] Fixed getScopes --- src/OAuth2/Storage/PDO/Session.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/OAuth2/Storage/PDO/Session.php b/src/OAuth2/Storage/PDO/Session.php index bff184a1..a49302a9 100644 --- a/src/OAuth2/Storage/PDO/Session.php +++ b/src/OAuth2/Storage/PDO/Session.php @@ -273,8 +273,8 @@ class Session implements SessionInterface $stmt = $db->prepare('SELECT oauth_scopes.* FROM oauth_session_token_scopes JOIN oauth_session_access_tokens ON oauth_session_access_tokens.`id` = `oauth_session_token_scopes`.`session_access_token_id` JOIN oauth_scopes ON oauth_scopes.id = `oauth_session_token_scopes`.`scope_id` WHERE access_token = :accessToken'); $stmt->bindValue(':accessToken', $accessToken); + $stmt->execute(); - $result = $stmt->fetchObject(); - return ($result === false) ? array() : (array) $result; + return $stmt->fetchAll(); } } \ No newline at end of file From 28661853493142663f406117e965b7dffac6d49e Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Tue, 30 Apr 2013 15:51:55 +0100 Subject: [PATCH 087/106] Updated implicit grant --- src/OAuth2/Grant/Implicit.php | 47 ++++++++++++++--------------------- 1 file changed, 19 insertions(+), 28 deletions(-) diff --git a/src/OAuth2/Grant/Implicit.php b/src/OAuth2/Grant/Implicit.php index 06b7a6f5..9ca9d611 100644 --- a/src/OAuth2/Grant/Implicit.php +++ b/src/OAuth2/Grant/Implicit.php @@ -77,40 +77,31 @@ class Implict implements GrantTypeInterface { */ public function completeFlow($authParams = null) { - // Remove any old sessions the user might have - $this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'user', $authParams['user_id']); + // Remove any old sessions the user might have + $this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'user', $authParams['user_id']); - // Generate a new access token - $accessToken = SecureKey::make(); + // Generate a new access token + $accessToken = SecureKey::make(); - // Compute expiry time - $accessTokenExpires = time() + $this->authServer->getExpiresIn(); + // Compute expiry time + $accessTokenExpires = time() + $this->authServer->getExpiresIn(); - // Create a new session - $sessionId = $this->authServer->getStorage('session')->createSession( - $authParams['client_id'], - $authParams['redirect_uri'], - 'user', - $authParams['user_id'], - null, - $accessToken, - null, - $accessTokenExpires, - 'granted' - ); + // Create a new session + $sessionId = $this->authServer->getStorage('session')->createSession($authParams['client_id'], 'user', $authParams['user_id']); - // Associate scopes with the new session - foreach ($authParams['scopes'] as $scope) - { - $this->authServer->getStorage('session')->associateScope($sessionId, $scope['id']); - } + // Create an access token + $accessTokenId = $this->authServer->getStorage('session')->associateAccessToken($sessionId, $accessToken, $accessTokenExpires); - $response = array( - 'access_token' => $accessToken - ); - - return $response; + // Associate scopes with the access token + foreach ($authParams['scopes'] as $scope) { + $this->authServer->getStorage('session')->associateScope($accessTokenId, $scope['id']); } + + $response = array( + 'access_token' => $accessToken + ); + + return $response; } } \ No newline at end of file From 92303c7b263137d927afd700cac6cac31ee17fe3 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Sun, 5 May 2013 17:58:40 +0100 Subject: [PATCH 088/106] Implemented validateAccessToken in PDO --- src/OAuth2/Storage/PDO/Session.php | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/OAuth2/Storage/PDO/Session.php b/src/OAuth2/Storage/PDO/Session.php index a49302a9..eed62b0a 100644 --- a/src/OAuth2/Storage/PDO/Session.php +++ b/src/OAuth2/Storage/PDO/Session.php @@ -202,12 +202,20 @@ class Session implements SessionInterface /** * Validate an access token - * @param string $accessToken [description] + * @param string $accessToken The access token to be validated * @return void */ public function validateAccessToken($accessToken) { - throw new \Exception('Not implemented - ' . debug_backtrace()[0]['function']); + $db = \ezcDbInstance::get(); + + $stmt = $db->prepare('SELECT session_access_token_id FROM `oauth_session_access_tokens` WHERE + access_token = :accessToken AND access_token_expires <= ' . time()); + $stmt->bindValue(':accessToken', $accessToken); + $stmt->execute(); + + $result = $stmt->fetchObject(); + return ($result === false) ? false : $result->session_access_token_id; } /** From cc81e2020650d27a6ba286a1711768a48e1afa26 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Sun, 5 May 2013 18:00:08 +0100 Subject: [PATCH 089/106] Bug fix in validateAccessToken --- src/OAuth2/Storage/PDO/Session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/OAuth2/Storage/PDO/Session.php b/src/OAuth2/Storage/PDO/Session.php index eed62b0a..5c92c59e 100644 --- a/src/OAuth2/Storage/PDO/Session.php +++ b/src/OAuth2/Storage/PDO/Session.php @@ -215,7 +215,7 @@ class Session implements SessionInterface $stmt->execute(); $result = $stmt->fetchObject(); - return ($result === false) ? false : $result->session_access_token_id; + return ($result === false) ? false : $result->session_id; } /** From acfadc899378e0177120f4fa41fd1a13af1b6477 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Sun, 5 May 2013 18:01:00 +0100 Subject: [PATCH 090/106] Actually fixed the bug in validateAccessToken this time --- src/OAuth2/Storage/PDO/Session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/OAuth2/Storage/PDO/Session.php b/src/OAuth2/Storage/PDO/Session.php index 5c92c59e..6af2d107 100644 --- a/src/OAuth2/Storage/PDO/Session.php +++ b/src/OAuth2/Storage/PDO/Session.php @@ -209,7 +209,7 @@ class Session implements SessionInterface { $db = \ezcDbInstance::get(); - $stmt = $db->prepare('SELECT session_access_token_id FROM `oauth_session_access_tokens` WHERE + $stmt = $db->prepare('SELECT session_id FROM `oauth_session_access_tokens` WHERE access_token = :accessToken AND access_token_expires <= ' . time()); $stmt->bindValue(':accessToken', $accessToken); $stmt->execute(); From 6897e233d4b1274fe924d3e48d8e7af2f3a13cfc Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Sun, 5 May 2013 18:05:46 +0100 Subject: [PATCH 091/106] Changed variable syntax style to be PSR2 --- src/OAuth2/ResourceServer.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/OAuth2/ResourceServer.php b/src/OAuth2/ResourceServer.php index 195f98ed..474b1635 100644 --- a/src/OAuth2/ResourceServer.php +++ b/src/OAuth2/ResourceServer.php @@ -163,15 +163,15 @@ class ResourceServer */ public function isValid() { - $access_token = $this->determineAccessToken(); + $accessToken = $this->determineAccessToken(); - $result = $this->storages['session']->validateAccessToken($access_token); + $result = $this->storages['session']->validateAccessToken($accessToken); if ( ! $result) { throw new Exception\InvalidAccessTokenException('Access token is not valid'); } - $this->accessToken = $access_token; + $this->accessToken = $accessToken; $this->sessionId = $result['id']; $this->ownerType = $result['owner_type']; $this->ownerId = $result['owner_id']; @@ -215,17 +215,17 @@ class ResourceServer protected function determineAccessToken() { if ($header = $this->getRequest()->header('Authorization')) { - $access_token = trim(str_replace('Bearer', '', $header)); + $accessToken = trim(str_replace('Bearer', '', $header)); } else { $method = $this->getRequest()->server('REQUEST_METHOD'); - $access_token = $this->getRequest()->{$method}($this->tokenKey); + $accessToken = $this->getRequest()->{$method}($this->tokenKey); } - if (empty($access_token)) { + if (empty($accessToken)) { throw new Exception\InvalidAccessTokenException('Access token is missing'); } - return $access_token; + return $accessToken; } } From 9b73eab07c05544abe8b1ec5e5e5afa8fdaac8ab Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Sun, 5 May 2013 18:06:00 +0100 Subject: [PATCH 092/106] SQL query fix --- src/OAuth2/Storage/PDO/Session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/OAuth2/Storage/PDO/Session.php b/src/OAuth2/Storage/PDO/Session.php index 6af2d107..e3df933d 100644 --- a/src/OAuth2/Storage/PDO/Session.php +++ b/src/OAuth2/Storage/PDO/Session.php @@ -210,7 +210,7 @@ class Session implements SessionInterface $db = \ezcDbInstance::get(); $stmt = $db->prepare('SELECT session_id FROM `oauth_session_access_tokens` WHERE - access_token = :accessToken AND access_token_expires <= ' . time()); + access_token = :accessToken AND access_token_expires >= ' . time()); $stmt->bindValue(':accessToken', $accessToken); $stmt->execute(); From 89850420f6e0d65f542aff8015d52ebbbbfb051b Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Sun, 5 May 2013 18:09:47 +0100 Subject: [PATCH 093/106] Updated query to return session details --- src/OAuth2/Storage/PDO/Session.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/OAuth2/Storage/PDO/Session.php b/src/OAuth2/Storage/PDO/Session.php index e3df933d..7a24d388 100644 --- a/src/OAuth2/Storage/PDO/Session.php +++ b/src/OAuth2/Storage/PDO/Session.php @@ -209,13 +209,12 @@ class Session implements SessionInterface { $db = \ezcDbInstance::get(); - $stmt = $db->prepare('SELECT session_id FROM `oauth_session_access_tokens` WHERE - access_token = :accessToken AND access_token_expires >= ' . time()); + $stmt = $db->prepare('SELECT session_id, oauth_sessions.`client_id`, oauth_sessions.`owner_id`, oauth_sessions.`owner_type` FROM `oauth_session_access_tokens` JOIN oauth_sessions ON oauth_sessions.`id` = session_id WHERE access_token = :accessToken AND access_token_expires >= ' . time()); $stmt->bindValue(':accessToken', $accessToken); $stmt->execute(); $result = $stmt->fetchObject(); - return ($result === false) ? false : $result->session_id; + return ($result === false) ? false : (array) $result; } /** From 10d7d3cb3d7c9de19d51259538da0c1610d06455 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Sun, 5 May 2013 18:11:01 +0100 Subject: [PATCH 094/106] Updated response params --- src/OAuth2/ResourceServer.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/OAuth2/ResourceServer.php b/src/OAuth2/ResourceServer.php index 474b1635..59219a0d 100644 --- a/src/OAuth2/ResourceServer.php +++ b/src/OAuth2/ResourceServer.php @@ -172,7 +172,8 @@ class ResourceServer } $this->accessToken = $accessToken; - $this->sessionId = $result['id']; + $this->sessionId = $result['session_id']; + $this->clientId = $result['client_id']; $this->ownerType = $result['owner_type']; $this->ownerId = $result['owner_id']; From 90508a191d09e451f68fc24972a587c7728fd9a7 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Sun, 5 May 2013 18:14:27 +0100 Subject: [PATCH 095/106] Get scopes by access token instead of session ID --- src/OAuth2/ResourceServer.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/OAuth2/ResourceServer.php b/src/OAuth2/ResourceServer.php index 59219a0d..c70f67b0 100644 --- a/src/OAuth2/ResourceServer.php +++ b/src/OAuth2/ResourceServer.php @@ -177,7 +177,7 @@ class ResourceServer $this->ownerType = $result['owner_type']; $this->ownerId = $result['owner_id']; - $this->sessionScopes = $this->storages['session']->getScopes($this->sessionId); + $this->sessionScopes = $this->storages['session']->getScopes($this->accessToken); return true; } From 9be23cf22227b61783e576a3b464f96cacbce1c6 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Sun, 5 May 2013 18:16:28 +0100 Subject: [PATCH 096/106] Added session scopes --- src/OAuth2/ResourceServer.php | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/OAuth2/ResourceServer.php b/src/OAuth2/ResourceServer.php index c70f67b0..b30cd32e 100644 --- a/src/OAuth2/ResourceServer.php +++ b/src/OAuth2/ResourceServer.php @@ -182,6 +182,15 @@ class ResourceServer return true; } + /** + * Get the session scopes + * @return [type] [description] + */ + public function getScopes() + { + return $this->sessionScopes; + } + /** * Checks if the presented access token has the given scope(s). * From d0abd8c29502273a36bdc1729cdf603f1c88e803 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Sun, 5 May 2013 18:18:37 +0100 Subject: [PATCH 097/106] Fixed getting of session scopes --- src/OAuth2/ResourceServer.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/OAuth2/ResourceServer.php b/src/OAuth2/ResourceServer.php index b30cd32e..f9e51fc5 100644 --- a/src/OAuth2/ResourceServer.php +++ b/src/OAuth2/ResourceServer.php @@ -177,7 +177,10 @@ class ResourceServer $this->ownerType = $result['owner_type']; $this->ownerId = $result['owner_id']; - $this->sessionScopes = $this->storages['session']->getScopes($this->accessToken); + $sessionScopes = $this->storages['session']->getScopes($this->accessToken); + foreach ($sessionScopes as $scope) { + $this->sessionScopes[] = $scope['key']; + } return true; } From 38f6be2aa0e23e764c788041e6066377214cfacc Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Sun, 5 May 2013 18:22:03 +0100 Subject: [PATCH 098/106] Removed unnecessary methods --- src/OAuth2/Storage/PDO/Session.php | 20 -------------------- src/OAuth2/Storage/SessionInterface.php | 14 -------------- 2 files changed, 34 deletions(-) diff --git a/src/OAuth2/Storage/PDO/Session.php b/src/OAuth2/Storage/PDO/Session.php index 7a24d388..a5121074 100644 --- a/src/OAuth2/Storage/PDO/Session.php +++ b/src/OAuth2/Storage/PDO/Session.php @@ -63,16 +63,6 @@ class Session implements SessionInterface $stmt->execute(); } - /** - * Remove an associated redirect URI - * @param int $sessionId The session ID - * @return void - */ - public function removeRedirectUri($sessionId) - { - throw new \Exception('Not implemented - ' . debug_backtrace()[0]['function']); - } - /** * Associate an access token with a session * @param int $sessionId The session ID @@ -127,16 +117,6 @@ class Session implements SessionInterface $stmt->execute(); } - /** - * Remove an associated refresh token from a session - * @param int $sessionId The session ID - * @return void - */ - public function removeRefreshToken($sessionId) - { - throw new \Exception('Not implemented - ' . debug_backtrace()[0]['function']); - } - /** * Assocate an authorization code with a session * @param int $sessionId The session ID diff --git a/src/OAuth2/Storage/SessionInterface.php b/src/OAuth2/Storage/SessionInterface.php index b9ca2118..2933af6c 100644 --- a/src/OAuth2/Storage/SessionInterface.php +++ b/src/OAuth2/Storage/SessionInterface.php @@ -39,13 +39,6 @@ interface SessionInterface */ public function associateRedirectUri($sessionId, $redirectUri); - /** - * Remove an associated redirect URI - * @param int $sessionId The session ID - * @return void - */ - public function removeRedirectUri($sessionId); - /** * Associate an access token with a session * @param int $sessionId The session ID @@ -70,13 +63,6 @@ interface SessionInterface */ public function associateRefreshToken($accessTokenId, $refreshToken); - /** - * Remove an associated refresh token from a session - * @param int $sessionId The session ID - * @return void - */ - public function removeRefreshToken($sessionId); - /** * Assocate an authorization code with a session * @param int $sessionId The session ID From 9349425ecd93f21a9b23c1078a1fca0df02dc29a Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 6 May 2013 10:28:49 -0700 Subject: [PATCH 099/106] Fixed ResourceServerTest.php --- tests/resource/ResourceServerTest.php | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/tests/resource/ResourceServerTest.php b/tests/resource/ResourceServerTest.php index 9e3ef6d8..b0bb830e 100644 --- a/tests/resource/ResourceServerTest.php +++ b/tests/resource/ResourceServerTest.php @@ -142,11 +142,16 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase public function test_isValid_valid() { $this->session->shouldReceive('validateAccessToken')->andReturn(array( - 'id' => 1, - 'owner_type' => 'user', - 'owner_id' => 123 + 'session_id' => 1, + 'owner_type' => 'user', + 'owner_id' => 123, + 'client_id' => 'testapp' )); - $this->session->shouldReceive('getScopes')->andReturn(array('foo', 'bar')); + + $this->session->shouldReceive('getScopes')->andReturn(array( + array('key' => 'foo'), + array('key' => 'bar') + )); $request = new OAuth2\Util\Request(); $requestReflector = new ReflectionClass($request); @@ -155,6 +160,7 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase $param->setValue($request, array( 'Authorization' => 'Bearer abcdef' )); + $s = $this->returnDefault(); $s->setRequest($request); From 1ca8a4f4c35e8e7e931901954da7e59d43dc8d05 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 6 May 2013 11:09:36 -0700 Subject: [PATCH 100/106] Updated authserver tests --- tests/authorization/AuthCodeGrantTest.php | 2 ++ tests/authorization/AuthServerTest.php | 12 +++++++++++- .../authorization/ClientCredentialsGrantTest.php | 16 +++++++--------- tests/authorization/PasswordGrantTest.php | 7 ++++++- tests/authorization/RefreshTokenTest.php | 13 ++++++++++++- tests/resource/ResourceServerTest.php | 6 ++++++ 6 files changed, 44 insertions(+), 12 deletions(-) diff --git a/tests/authorization/AuthCodeGrantTest.php b/tests/authorization/AuthCodeGrantTest.php index acea6775..38a8e27c 100644 --- a/tests/authorization/AuthCodeGrantTest.php +++ b/tests/authorization/AuthCodeGrantTest.php @@ -325,6 +325,8 @@ class Auth_Code_Grant_Test extends PHPUnit_Framework_TestCase $this->session->shouldReceive('deleteSession')->andReturn(null); $this->session->shouldReceive('createSession')->andReturn(1); $this->session->shouldReceive('associateScope')->andReturn(null); + $this->session->shouldReceive('associateRedirectUri')->andReturn(null); + $this->session->shouldReceive('associateAuthCode')->andReturn(null); $a = $this->returnDefault(); $g = new OAuth2\Grant\AuthCode($a); diff --git a/tests/authorization/AuthServerTest.php b/tests/authorization/AuthServerTest.php index feb0118d..5ffa92fb 100644 --- a/tests/authorization/AuthServerTest.php +++ b/tests/authorization/AuthServerTest.php @@ -347,8 +347,14 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase 'name' => 'Example Client' )); - $this->session->shouldReceive('validateAuthCode')->andReturn(1); + $this->session->shouldReceive('validateAuthCode')->andReturn(array( + 'id' => 1, + 'scope_ids' => '1' + )); $this->session->shouldReceive('updateSession')->andReturn(null); + $this->session->shouldReceive('removeAuthCode')->andReturn(null); + $this->session->shouldReceive('associateAccessToken')->andReturn(1); + $this->session->shouldReceive('associateScope')->andReturn(null); $a = $this->returnDefault(); $a->addGrantType(new OAuth2\Grant\AuthCode($a)); @@ -381,6 +387,8 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase $this->session->shouldReceive('validateAuthCode')->andReturn(1); $this->session->shouldReceive('updateSession')->andReturn(null); + $this->session->shouldReceive('removeAuthCode')->andReturn(null); + $this->session->shouldReceive('associateAccessToken')->andReturn(1); $a = $this->returnDefault(); $a->addGrantType(new OAuth2\Grant\AuthCode($a)); @@ -416,6 +424,8 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase $this->session->shouldReceive('validateAuthCode')->andReturn(1); $this->session->shouldReceive('updateSession')->andReturn(null); + $this->session->shouldReceive('removeAuthCode')->andReturn(null); + $this->session->shouldReceive('associateAccessToken')->andReturn(1); $a = $this->returnDefault(); $a->addGrantType(new OAuth2\Grant\AuthCode($a)); diff --git a/tests/authorization/ClientCredentialsGrantTest.php b/tests/authorization/ClientCredentialsGrantTest.php index 8ea1af20..327030d9 100644 --- a/tests/authorization/ClientCredentialsGrantTest.php +++ b/tests/authorization/ClientCredentialsGrantTest.php @@ -93,7 +93,6 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase $this->session->shouldReceive('validateAuthCode')->andReturn(1); $this->session->shouldReceive('createSession')->andReturn(1); $this->session->shouldReceive('deleteSession')->andReturn(null); - $this->session->shouldReceive('updateRefreshToken')->andReturn(null); $a = $this->returnDefault(); $a->addGrantType(new OAuth2\Grant\ClientCredentials($a)); @@ -110,7 +109,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase { $this->scope->shouldReceive('getScope')->andReturn(array( 'id' => 1, - 'scope' => 'foo', + 'key' => 'foo', 'name' => 'Foo Name', 'description' => 'Foo Name Description' )); @@ -126,8 +125,8 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase $this->session->shouldReceive('validateAuthCode')->andReturn(1); $this->session->shouldReceive('createSession')->andReturn(1); $this->session->shouldReceive('deleteSession')->andReturn(null); - $this->session->shouldReceive('updateRefreshToken')->andReturn(null); $this->session->shouldReceive('associateScope')->andReturn(null); + $this->session->shouldReceive('associateAccessToken')->andReturn(1); $a = $this->returnDefault(); $a->addGrantType(new OAuth2\Grant\ClientCredentials($a)); @@ -161,7 +160,6 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase $this->session->shouldReceive('validateAuthCode')->andReturn(1); $this->session->shouldReceive('createSession')->andReturn(1); $this->session->shouldReceive('deleteSession')->andReturn(null); - $this->session->shouldReceive('updateRefreshToken')->andReturn(null); $this->session->shouldReceive('associateScope')->andReturn(null); $a = $this->returnDefault(); @@ -179,7 +177,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase { $this->scope->shouldReceive('getScope')->andReturn(array( 'id' => 1, - 'scope' => 'foo', + 'key' => 'foo', 'name' => 'Foo Name', 'description' => 'Foo Name Description' )); @@ -195,8 +193,8 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase $this->session->shouldReceive('validateAuthCode')->andReturn(1); $this->session->shouldReceive('createSession')->andReturn(1); $this->session->shouldReceive('deleteSession')->andReturn(null); - $this->session->shouldReceive('updateRefreshToken')->andReturn(null); $this->session->shouldReceive('associateScope')->andReturn(null); + $this->session->shouldReceive('associateAccessToken')->andReturn(1); $a = $this->returnDefault(); $a->addGrantType(new OAuth2\Grant\ClientCredentials($a)); @@ -223,7 +221,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase $this->session->shouldReceive('validateAuthCode')->andReturn(1); $this->session->shouldReceive('createSession')->andReturn(1); $this->session->shouldReceive('deleteSession')->andReturn(null); - $this->session->shouldReceive('updateRefreshToken')->andReturn(null); + $this->session->shouldReceive('associateAccessToken')->andReturn(1); $a = $this->returnDefault(); $a->addGrantType(new OAuth2\Grant\ClientCredentials($a)); @@ -258,7 +256,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase $this->session->shouldReceive('validateAuthCode')->andReturn(1); $this->session->shouldReceive('createSession')->andReturn(1); $this->session->shouldReceive('deleteSession')->andReturn(null); - $this->session->shouldReceive('updateRefreshToken')->andReturn(null); + $this->session->shouldReceive('associateAccessToken')->andReturn(1); $a = $this->returnDefault(); $a->addGrantType(new OAuth2\Grant\ClientCredentials($a)); @@ -296,7 +294,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase $this->session->shouldReceive('validateAuthCode')->andReturn(1); $this->session->shouldReceive('createSession')->andReturn(1); $this->session->shouldReceive('deleteSession')->andReturn(null); - $this->session->shouldReceive('updateRefreshToken')->andReturn(null); + $this->session->shouldReceive('associateAccessToken')->andReturn(1); $a = $this->returnDefault(); $a->addGrantType(new OAuth2\Grant\ClientCredentials($a)); diff --git a/tests/authorization/PasswordGrantTest.php b/tests/authorization/PasswordGrantTest.php index 22d6b035..bb54d808 100644 --- a/tests/authorization/PasswordGrantTest.php +++ b/tests/authorization/PasswordGrantTest.php @@ -312,6 +312,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase $this->session->shouldReceive('deleteSession')->andReturn(null); $this->session->shouldReceive('updateRefreshToken')->andReturn(null); $this->session->shouldReceive('associateScope')->andReturn(null); + $this->session->shouldReceive('associateAccessToken')->andReturn(1); $testCredentials = function($u, $p) { return 1; }; @@ -354,6 +355,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase $this->session->shouldReceive('deleteSession')->andReturn(null); $this->session->shouldReceive('updateRefreshToken')->andReturn(null); $this->session->shouldReceive('associateScope')->andReturn(null); + $this->session->shouldReceive('associateAccessToken')->andReturn(1); $testCredentials = function($u, $p) { return 1; }; @@ -387,6 +389,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase $this->session->shouldReceive('createSession')->andReturn(1); $this->session->shouldReceive('deleteSession')->andReturn(null); $this->session->shouldReceive('updateRefreshToken')->andReturn(null); + $this->session->shouldReceive('associateAccessToken')->andReturn(1); $testCredentials = function($u, $p) { return 1; }; @@ -428,6 +431,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase $this->session->shouldReceive('createSession')->andReturn(1); $this->session->shouldReceive('deleteSession')->andReturn(null); $this->session->shouldReceive('updateRefreshToken')->andReturn(null); + $this->session->shouldReceive('associateAccessToken')->andReturn(1); $testCredentials = function($u, $p) { return 1; }; @@ -467,11 +471,12 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase )); $this->client->shouldReceive('validateRefreshToken')->andReturn(1); - $this->session->shouldReceive('validateAuthCode')->andReturn(1); $this->session->shouldReceive('createSession')->andReturn(1); $this->session->shouldReceive('deleteSession')->andReturn(null); $this->session->shouldReceive('updateRefreshToken')->andReturn(null); + $this->session->shouldReceive('associateAccessToken')->andReturn(1); + $this->session->shouldReceive('associateRefreshToken')->andReturn(null); $testCredentials = function($u, $p) { return 1; }; diff --git a/tests/authorization/RefreshTokenTest.php b/tests/authorization/RefreshTokenTest.php index 8ec7aa0f..188eb6fb 100644 --- a/tests/authorization/RefreshTokenTest.php +++ b/tests/authorization/RefreshTokenTest.php @@ -31,6 +31,9 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase $this->session->shouldReceive('validateAuthCode')->andReturn(1); $this->session->shouldReceive('updateSession')->andReturn(null); + $this->session->shouldReceive('removeAuthCode')->andReturn(null); + $this->session->shouldReceive('associateAccessToken')->andReturn(1); + $this->session->shouldReceive('associateRefreshToken')->andReturn(1); $a = $this->returnDefault(); $a->addGrantType(new OAuth2\Grant\AuthCode($a)); @@ -171,6 +174,10 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase $this->session->shouldReceive('validateAuthCode')->andReturn(1); $this->session->shouldReceive('updateSession')->andReturn(null); $this->session->shouldReceive('updateRefreshToken')->andReturn(null); + $this->session->shouldReceive('associateAccessToken')->andReturn(1); + $this->session->shouldReceive('associateRefreshToken')->andReturn(1); + $this->session->shouldReceive('getAccessToken')->andReturn(null); + $this->session->shouldReceive('getScopes')->andReturn(array()); $a = $this->returnDefault(); $a->addGrantType(new OAuth2\Grant\RefreshToken($a)); @@ -205,10 +212,14 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase )); $this->session->shouldReceive('validateRefreshToken')->andReturn(1); - $this->session->shouldReceive('validateAuthCode')->andReturn(1); $this->session->shouldReceive('updateSession')->andReturn(null); $this->session->shouldReceive('updateRefreshToken')->andReturn(null); + $this->session->shouldReceive('getAccessToken')->andReturn(null); + $this->session->shouldReceive('getScopes')->andReturn(array('id' => 1)); + $this->session->shouldReceive('associateAccessToken')->andReturn(1); + $this->session->shouldReceive('associateRefreshToken')->andReturn(1); + $this->session->shouldReceive('associateScope')->andReturn(null); $a = $this->returnDefault(); $a->addGrantType(new OAuth2\Grant\RefreshToken($a)); diff --git a/tests/resource/ResourceServerTest.php b/tests/resource/ResourceServerTest.php index b0bb830e..f4e16c16 100644 --- a/tests/resource/ResourceServerTest.php +++ b/tests/resource/ResourceServerTest.php @@ -59,6 +59,12 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase $this->assertEquals('oauth_token', $v); } + public function test_getScopes() + { + $s = $this->returnDefault(); + $this->assertEquals(array(), $s->getScopes()); + } + /** * @expectedException OAuth2\Exception\InvalidAccessTokenException */ From e713d0df9c7bad76da88eabd96aee49178bdc493 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 6 May 2013 12:43:27 -0700 Subject: [PATCH 101/106] Renamed package --- composer.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/composer.json b/composer.json index c57c1e93..f621fa02 100644 --- a/composer.json +++ b/composer.json @@ -1,8 +1,8 @@ { - "name": "lncd/oauth2", "description": "A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants", "version": "1.0.7", - "homepage": "https://github.com/lncd/OAuth2", + "name": "league/oauth2server", + "homepage": "https://github.com/php-leop/oauth2-server", "license": "MIT", "require": { "php": ">=5.3.0", @@ -14,7 +14,7 @@ "repositories": [ { "type": "git", - "url": "https://github.com/lncd/OAuth2" + "url": "https://github.com/php-leop/oauth2-server" } ], "keywords": [ From f207a1909f0572014503930a88abd75671c1b5c8 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 6 May 2013 12:43:38 -0700 Subject: [PATCH 102/106] Updated package description --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index f621fa02..555782b1 100644 --- a/composer.json +++ b/composer.json @@ -1,7 +1,7 @@ { - "description": "A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants", "version": "1.0.7", "name": "league/oauth2server", + "description": "A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.", "homepage": "https://github.com/php-leop/oauth2-server", "license": "MIT", "require": { From 18151d9a8ecf1556bc4ed7a76d77a79b16ad3b0e Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 6 May 2013 12:43:50 -0700 Subject: [PATCH 103/106] Version 2.0 baby! --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 555782b1..3652ccf8 100644 --- a/composer.json +++ b/composer.json @@ -1,7 +1,7 @@ { - "version": "1.0.7", "name": "league/oauth2server", "description": "A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.", + "version": "2.0", "homepage": "https://github.com/php-leop/oauth2-server", "license": "MIT", "require": { From 5867774beefe514340207a80443abb0644ef47c1 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 6 May 2013 12:53:39 -0700 Subject: [PATCH 104/106] Added "replace" key into composer.json --- composer.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/composer.json b/composer.json index 3652ccf8..b9f4309f 100644 --- a/composer.json +++ b/composer.json @@ -34,6 +34,9 @@ "role": "Developer" } ], + "replace": [ + "lncd/oauth2" + ], "autoload": { "psr-0": { "OAuth2": "src/" From eada9053ad81ee39a404e20a29c86a0dbacb0fe0 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 6 May 2013 12:54:16 -0700 Subject: [PATCH 105/106] Updated README --- README.md | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 67623f25..109279c8 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ The framework is provided as a Composer package which can be installed by adding ```javascript { "require": { - "lncd/OAuth2": "*" + "league/oauth2server": "2.*" } } ``` @@ -51,11 +51,8 @@ A tutorial on how to use the resource server to secure an API server can be foun --- -This code will be developed as part of the [Linkey](http://linkey.blogs.lincoln.ac.uk) project which has been funded by [JISC](http://jisc.ac.uk) under the Access and Identity Management programme. +The initial code was developed as part of the [Linkey](http://linkey.blogs.lincoln.ac.uk) project which was funded by [JISC](http://jisc.ac.uk) under the Access and Identity Management programme. -This code was principally developed by [Alex Bilbie](http://alexbilbie.com/) ([Twitter](https://twitter.com/alexbilbie)|[Github](https://github.com/alexbilbie)). +This code is principally developed by [Alex Bilbie](http://alexbilbie.com/) ([Twitter](https://twitter.com/alexbilbie)|[Github](https://github.com/alexbilbie)). -Valuable contribtions have been made by the following: - -* [Dan Horrigan](http://dandoescode.com) ([Twitter](https://twitter.com/dandoescode)|[Github](https://github.com/dandoescode)) -* [Nick Jackson](http://nickjackson.me) ([Twitter](https://twitter.com/jacksonj04)|[Github](https://github.com/jacksonj04)) +A list of contributors can be found at [https://github.com/php-loep/oauth2-server/contributors](https://github.com/php-loep/oauth2-server/contributors). \ No newline at end of file From 8cdc273dbad03cce00f400e3bab07b7d37889fc3 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 6 May 2013 12:57:44 -0700 Subject: [PATCH 106/106] Fixed composer.json replace key --- composer.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/composer.json b/composer.json index b9f4309f..9bd64747 100644 --- a/composer.json +++ b/composer.json @@ -34,9 +34,9 @@ "role": "Developer" } ], - "replace": [ - "lncd/oauth2" - ], + "replace": { + "lncd/oauth2": "*" + }, "autoload": { "psr-0": { "OAuth2": "src/"