ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2024-11-01 16:33:07 +05:30
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'refs/heads/develop'

Browse Source 
Conflicts:
	composer.json
	src/OAuth2/AuthServer.php
	src/OAuth2/Grant/Password.php
This commit is contained in:
Alex Bilbie 2013-05-06 13:05:39 -07:00
commit e1f83a50ae
30 changed files with 2038 additions and 893 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
.gitignore vendored
View File

@ -1,8 +1,6 @@
/vendor/ /vendor
/composer.lock /composer.lock
/docs/build/ /build/logs
/build/logs/ /build/coverage
/build/coverage/ /docs
test /testing
/docs/
/testing/

2
.travis.yml
View File

@ -5,4 +5,4 @@ php:
- 5.4 - 5.4
before_script: composer install --dev before_script: composer install --dev
script: phpunit -c build/phpunit.xml script: phpunit

11
README.md
View File

@ -9,7 +9,7 @@ The framework is provided as a Composer package which can be installed by adding
```javascript ```javascript
{ {
"require": { "require": {
"lncd/OAuth2": "*" "league/oauth2server": "2.*"
} }
} }
``` ```
@ -51,11 +51,8 @@ A tutorial on how to use the resource server to secure an API server can be foun
--- ---
This code will be developed as part of the [Linkey](http://linkey.blogs.lincoln.ac.uk) project which has been funded by [JISC](http://jisc.ac.uk) under the Access and Identity Management programme. The initial code was developed as part of the [Linkey](http://linkey.blogs.lincoln.ac.uk) project which was funded by [JISC](http://jisc.ac.uk) under the Access and Identity Management programme.
This code was principally developed by [Alex Bilbie](http://alexbilbie.com/) ([Twitter](https://twitter.com/alexbilbie)|[Github](https://github.com/alexbilbie)). This code is principally developed by [Alex Bilbie](http://alexbilbie.com/) ([Twitter](https://twitter.com/alexbilbie)|[Github](https://github.com/alexbilbie)).
Valuable contribtions have been made by the following: A list of contributors can be found at [https://github.com/php-loep/oauth2-server/contributors](https://github.com/php-loep/oauth2-server/contributors).
* [Dan Horrigan](http://dandoescode.com) ([Twitter](https://twitter.com/dandoescode)|[Github](https://github.com/dandoescode))
* [Nick Jackson](http://nickjackson.me) ([Twitter](https://twitter.com/jacksonj04)|[Github](https://github.com/jacksonj04))

8
build/phpcs.xml
View File

@ -1,8 +0,0 @@
<?xml version="1.0"?>
<ruleset name="PHP_CodeSniffer">
<description>PHP_CodeSniffer configuration</description>
<rule ref="PSR2"/>
</ruleset>

14
build/phpmd.xml
View File

@ -1,14 +0,0 @@
<ruleset name="OAuth 2.0 Server"
xmlns="http://pmd.sf.net/ruleset/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://pmd.sf.net/ruleset/1.0.0
http://pmd.sf.net/ruleset_xml_schema.xsd"
xsi:noNamespaceSchemaLocation="http://pmd.sf.net/ruleset_xml_schema.xsd">
<description>
Ruleset for OAuth 2.0 server
</description>
<!-- Import the entire unused code rule set -->
<rule ref="rulesets/unusedcode.xml" />
</ruleset>

31
build/phpunit.xml
View File

@ -1,31 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<phpunit colors="true" convertNoticesToExceptions="true" convertWarningsToExceptions="true" stopOnError="false" stopOnFailure="false" stopOnIncomplete="false" stopOnSkipped="false" bootstrap="../tests/Bootstrap.php">
<testsuites>
<testsuite name="Authorization Server">
<directory suffix="Test.php">../tests/authorization</directory>
</testsuite>
<testsuite name="Resource Server">
<directory suffix="Test.php">../tests/resource</directory>
</testsuite>
<testsuite name="Utility Methods">
<directory suffix="Test.php">../tests/util</directory>
</testsuite>
</testsuites>
<filter>
<blacklist>
<directory suffix=".php">PEAR_INSTALL_DIR</directory>
<directory suffix=".php">PHP_LIBDIR</directory>
<directory suffix=".php">../vendor/composer</directory>
<directory suffix=".php">../vendor/mockery</directory>
<directory suffix=".php">../vendor/phpunit</directory>
<directory suffix=".php">../tests</directory>
<directory suffix=".php">../testing</directory>
</blacklist>
</filter>
<logging>
<log type="coverage-html" target="coverage" title="lncd/OAuth" charset="UTF-8" yui="true" highlight="true" lowUpperBound="50" highLowerBound="90"/>
<log type="coverage-text" target="php://stdout" title="lncd/OAuth" charset="UTF-8" yui="true" highlight="true" lowUpperBound="50" highLowerBound="90"/>
<log type="coverage-clover" target="logs/clover.xml"/>
<log type="junit" target="logs/junit.xml" logIncompleteSkipped="false"/>
</logging>
</phpunit>

19
composer.json
View File

@ -1,20 +1,20 @@
{ {
"name": "lncd/oauth2", "name": "league/oauth2server",
"description": "A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants", "description": "A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.",
"version": "1.0.8", "version": "2.0",
"homepage": "https://github.com/lncd/OAuth2", "homepage": "https://github.com/php-leop/oauth2-server",
"license": "MIT", "license": "MIT",
"require": { "require": {
"php": ">=5.3.0" "php": ">=5.3.0",
"zetacomponents/database": "dev-master"
}, },
"require-dev": { "require-dev": {
"phpunit/phpunit": "*", "mockery/mockery": ">=0.7.2"
"mockery/mockery": ">=0.7.2"
}, },
"repositories": [ "repositories": [
{ {
"type": "git", "type": "git",
"url": "https://github.com/lncd/OAuth2" "url": "https://github.com/php-leop/oauth2-server"
} }
], ],
"keywords": [ "keywords": [
@ -34,6 +34,9 @@
"role": "Developer" "role": "Developer"
} }
], ],
"replace": {
"lncd/oauth2": "*"
},
"autoload": { "autoload": {
"psr-0": { "psr-0": {
"OAuth2": "src/" "OAuth2": "src/"

31
phpunit.xml Normal file
View File

@ -0,0 +1,31 @@
<?xml version="1.0" encoding="UTF-8"?>
<phpunit colors="true" convertNoticesToExceptions="true" convertWarningsToExceptions="true" stopOnError="false" stopOnFailure="false" stopOnIncomplete="false" stopOnSkipped="false" bootstrap="tests/Bootstrap.php">
<testsuites>
<testsuite name="Authorization Server">
<directory suffix="Test.php">tests/authorization</directory>
</testsuite>
<testsuite name="Resource Server">
<directory suffix="Test.php">tests/resource</directory>
</testsuite>
<testsuite name="Utility Methods">
<directory suffix="Test.php">tests/util</directory>
</testsuite>
</testsuites>
<filter>
<blacklist>
<directory suffix=".php">PEAR_INSTALL_DIR</directory>
<directory suffix=".php">PHP_LIBDIR</directory>
<directory suffix=".php">vendor/composer</directory>
<directory suffix=".php">vendor/mockery</directory>
<directory suffix=".php">vendor/phpunit</directory>
<directory suffix=".php">tests</directory>
<directory suffix=".php">testing</directory>
</blacklist>
</filter>
<logging>
<log type="coverage-html" target="build/coverage" title="lncd/OAuth" charset="UTF-8" yui="true" highlight="true" lowUpperBound="50" highLowerBound="90"/>
<log type="coverage-text" target="php://stdout" title="lncd/OAuth" charset="UTF-8" yui="true" highlight="true" lowUpperBound="50" highLowerBound="90"/>
<log type="coverage-clover" target="build/logs/clover.xml"/>
<log type="junit" target="build/logs/junit.xml" logIncompleteSkipped="false"/>
</logging>
</phpunit>

107
sql/mysql.sql
View File

@ -1,53 +1,80 @@
CREATE TABLE `oauth_clients` ( CREATE TABLE `oauth_clients` (
`id` varchar(40) NOT NULL DEFAULT '', `id` CHAR(40) NOT NULL,
`secret` varchar(40) NOT NULL DEFAULT '', `secret` CHAR(40) NOT NULL,
`name` varchar(255) NOT NULL DEFAULT '', `name` VARCHAR(255) NOT NULL,
`auto_approve` tinyint(1) NOT NULL DEFAULT '0', `auto_approve` TINYINT(1) NOT NULL DEFAULT '0',
PRIMARY KEY (`id`) PRIMARY KEY (`id`),
) ENGINE=InnoDB DEFAULT CHARSET=utf8; UNIQUE KEY `u_oacl_clse_clid` (`secret`,`id`)
) ENGINE=INNODB DEFAULT CHARSET=utf8;
CREATE TABLE `oauth_client_endpoints` ( CREATE TABLE `oauth_client_endpoints` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT, `endpoint_id` INT(10) UNSIGNED NOT NULL AUTO_INCREMENT,
`client_id` varchar(40) NOT NULL DEFAULT '', `client_id` CHAR(40) NOT NULL,
`redirect_uri` varchar(255) DEFAULT NULL, `redirect_uri` VARCHAR(255) NOT NULL,
PRIMARY KEY (`id`), PRIMARY KEY (`endpoint_id`),
KEY `client_id` (`client_id`), KEY `i_oaclen_clid` (`client_id`),
CONSTRAINT `oauth_client_endpoints_ibfk_1` FOREIGN KEY (`client_id`) REFERENCES `oauth_clients` (`id`) ON DELETE CASCADE ON UPDATE CASCADE CONSTRAINT `f_oaclen_clid` FOREIGN KEY (`client_id`) REFERENCES `oauth_clients` (`id`) ON DELETE CASCADE ON UPDATE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8; ) ENGINE=INNODB DEFAULT CHARSET=utf8;
CREATE TABLE `oauth_sessions` ( CREATE TABLE `oauth_sessions` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT, `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`client_id` varchar(40) NOT NULL DEFAULT '', `client_id` char(40) NOT NULL,
`redirect_uri` varchar(250) DEFAULT '',
`owner_type` enum('user','client') NOT NULL DEFAULT 'user', `owner_type` enum('user','client') NOT NULL DEFAULT 'user',
`owner_id` varchar(255) DEFAULT '', `owner_id` varchar(255) NOT NULL,
`auth_code` varchar(40) DEFAULT '',
`access_token` varchar(40) DEFAULT '',
`refresh_token` varchar(40) DEFAULT '',
`access_token_expires` int(10) DEFAULT NULL,
`stage` enum('requested','granted') NOT NULL DEFAULT 'requested',
`first_requested` int(10) unsigned NOT NULL,
`last_updated` int(10) unsigned NOT NULL,
PRIMARY KEY (`id`), PRIMARY KEY (`id`),
KEY `client_id` (`client_id`) KEY `i_uase_clid_owty_owid` (`client_id`,`owner_type`,`owner_id`),
CONSTRAINT `f_oase_clid` FOREIGN KEY (`client_id`) REFERENCES `oauth_clients` (`id`) ON DELETE CASCADE ON UPDATE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `oauth_session_access_tokens` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`session_id` int(10) unsigned NOT NULL,
`access_token` char(40) NOT NULL DEFAULT '',
`access_token_expires` int(10) unsigned NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `u_oaseacto_acto_seid` (`access_token`,`session_id`),
KEY `f_oaseto_seid` (`session_id`),
CONSTRAINT `f_oaseto_seid` FOREIGN KEY (`session_id`) REFERENCES `oauth_sessions` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `oauth_session_authcodes` (
`session_id` int(10) unsigned NOT NULL,
`auth_code` char(40) NOT NULL DEFAULT '',
`auth_code_expires` int(10) unsigned NOT NULL,
PRIMARY KEY (`session_id`),
CONSTRAINT `f_oaseau_seid` FOREIGN KEY (`session_id`) REFERENCES `oauth_sessions` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `oauth_session_redirects` (
`session_id` int(10) unsigned NOT NULL,
`redirect_uri` varchar(255) NOT NULL DEFAULT '',
PRIMARY KEY (`session_id`),
CONSTRAINT `f_oasere_seid` FOREIGN KEY (`session_id`) REFERENCES `oauth_sessions` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `oauth_session_refresh_tokens` (
`session_access_token_id` int(10) unsigned NOT NULL,
`refresh_token` char(40) NOT NULL DEFAULT '',
PRIMARY KEY (`session_access_token_id`),
CONSTRAINT `f_oasetore_setoid` FOREIGN KEY (`session_access_token_id`) REFERENCES `oauth_session_access_tokens` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION
) ENGINE=InnoDB DEFAULT CHARSET=utf8; ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `oauth_scopes` ( CREATE TABLE `oauth_scopes` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT, `id` SMALLINT(5) UNSIGNED NOT NULL AUTO_INCREMENT,
`scope` varchar(255) NOT NULL DEFAULT '', `key` VARCHAR(255) NOT NULL,
`name` varchar(255) NOT NULL DEFAULT '', `name` VARCHAR(255) NOT NULL,
`description` varchar(255) DEFAULT '', `description` VARCHAR(255) DEFAULT NULL,
PRIMARY KEY (`id`), PRIMARY KEY (`id`),
UNIQUE KEY `scope` (`scope`) UNIQUE KEY `u_oasc_sc` (`key`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8; ) ENGINE=INNODB DEFAULT CHARSET=utf8;
CREATE TABLE `oauth_session_scopes` ( CREATE TABLE `oauth_session_token_scopes` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT, `session_token_scope_id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`session_id` int(11) unsigned NOT NULL, `session_access_token_id` int(10) unsigned DEFAULT NULL,
`scope_id` int(11) unsigned NOT NULL, `scope_id` smallint(5) unsigned NOT NULL,
PRIMARY KEY (`id`), PRIMARY KEY (`session_token_scope_id`),
KEY `session_id` (`session_id`), UNIQUE KEY `u_setosc_setoid_scid` (`session_access_token_id`,`scope_id`),
KEY `scope_id` (`scope_id`), KEY `f_oasetosc_scid` (`scope_id`),
CONSTRAINT `oauth_session_scopes_ibfk_5` FOREIGN KEY (`scope_id`) REFERENCES `oauth_scopes` (`id`) ON DELETE CASCADE, CONSTRAINT `f_oasetosc_scid` FOREIGN KEY (`scope_id`) REFERENCES `oauth_scopes` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION,
CONSTRAINT `oauth_session_scopes_ibfk_4` FOREIGN KEY (`session_id`) REFERENCES `oauth_sessions` (`id`) ON DELETE CASCADE CONSTRAINT `f_oasetosc_setoid` FOREIGN KEY (`session_access_token_id`) REFERENCES `oauth_session_access_tokens` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION
) ENGINE=InnoDB DEFAULT CHARSET=utf8; ) ENGINE=InnoDB DEFAULT CHARSET=utf8;

288
src/OAuth2/AuthServer.php
View File

@ -37,7 +37,7 @@ class AuthServer
* The TTL (time to live) of an access token in seconds (default: 3600) * The TTL (time to live) of an access token in seconds (default: 3600)
* @var integer * @var integer
*/ */
static protected $expiresIn = 3600; protected $expiresIn = 3600;
/** /**
* The registered grant response types * The registered grant response types
@ -49,13 +49,13 @@ class AuthServer
* The client, scope and session storage classes * The client, scope and session storage classes
* @var array * @var array
*/ */
static protected $storages = array(); protected $storages = array();
/** /**
* The registered grant types * The registered grant types
* @var array * @var array
*/ */
static protected $grantTypes = array(); protected $grantTypes = array();
/** /**
* Require the "scope" parameter to be in checkAuthoriseParams() * Require the "scope" parameter to be in checkAuthoriseParams()
@ -63,6 +63,12 @@ class AuthServer
*/ */
protected $requireScopeParam = true; protected $requireScopeParam = true;
/**
* Default scope to be used if none is provided and requireScopeParam is false
* @var string
*/
protected $defaultScope = null;
/** /**
* Require the "state" parameter to be in checkAuthoriseParams() * Require the "state" parameter to be in checkAuthoriseParams()
* @var boolean * @var boolean
@ -73,7 +79,7 @@ class AuthServer
* The request object * The request object
* @var Util\RequestInterface * @var Util\RequestInterface
*/ */
static protected $request = null; protected $request = null;
/** /**
* Exception error codes * Exception error codes
@ -96,7 +102,7 @@ class AuthServer
* Exception error messages * Exception error messages
* @var array * @var array
*/ */
static protected $exceptionMessages = array( protected static $exceptionMessages = array(
'invalid_request' => 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the "%s" parameter.', 'invalid_request' => 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the "%s" parameter.',
'unauthorized_client' => 'The client is not authorized to request an access token using this method.', 'unauthorized_client' => 'The client is not authorized to request an access token using this method.',
'access_denied' => 'The resource owner or authorization server denied the request.', 'access_denied' => 'The resource owner or authorization server denied the request.',
@ -111,6 +117,87 @@ class AuthServer
'invalid_refresh' => 'The refresh token is invalid.', 'invalid_refresh' => 'The refresh token is invalid.',
); );
/**
* Exception error HTTP status codes
* @var array
*
* RFC 6749, section 4.1.2.1.:
* No 503 status code for 'temporarily_unavailable', because
* "a 503 Service Unavailable HTTP status code cannot be
* returned to the client via an HTTP redirect"
*/
protected static $exceptionHttpStatusCodes = array(
'invalid_request' => 400,
'unauthorized_client' => 400,
'access_denied' => 401,
'unsupported_response_type' => 400,
'invalid_scope' => 400,
'server_error' => 500,
'temporarily_unavailable' => 400,
'unsupported_grant_type' => 501,
'invalid_client' => 401,
'invalid_grant' => 400,
'invalid_credentials' => 400,
'invalid_refresh' => 400,
);
/**
* Get all headers that have to be send with the error response
*
* @param string $error The error message key
* @return array Array with header values
*/
public static function getExceptionHttpHeaders($error)
{
$headers = array();
switch (self::$exceptionHttpStatusCodes[$error]) {
case 401:
$headers[] = 'HTTP/1.1 401 Unauthorized';
break;
case 500:
$headers[] = 'HTTP/1.1 500 Internal Server Error';
break;
case 501:
$headers[] = 'HTTP/1.1 501 Not Implemented';
break;
case 400:
default:
$headers[] = 'HTTP/1.1 400 Bad Request';
}
// Add "WWW-Authenticate" header
//
// RFC 6749, section 5.2.:
// "If the client attempted to authenticate via the 'Authorization'
// request header field, the authorization server MUST
// respond with an HTTP 401 (Unauthorized) status code and
// include the "WWW-Authenticate" response header field
// matching the authentication scheme used by the client.
// @codeCoverageIgnoreStart
if ($error === 'invalid_client') {
$authScheme = null;
$request = new Request();
if ($request->server('PHP_AUTH_USER') !== null) {
$authScheme = 'Basic';
} else {
$authHeader = $request->header('Authorization');
if ($authHeader !== null) {
if (strpos($authHeader, 'Bearer') === 0) {
$authScheme = 'Bearer';
} elseif (strpos($authHeader, 'Basic') === 0) {
$authScheme = 'Basic';
}
}
}
if ($authScheme !== null) {
$headers[] = 'WWW-Authenticate: '.$authScheme.' realm=""';
}
}
// @codeCoverageIgnoreEnd
return $headers;
}
/** /**
* Get an exception message * Get an exception message
* *
@ -142,7 +229,7 @@ class AuthServer
*/ */
public function __construct(ClientInterface $client, SessionInterface $session, ScopeInterface $scope) public function __construct(ClientInterface $client, SessionInterface $session, ScopeInterface $scope)
{ {
self::$storages = array( $this->storages = array(
'client' => $client, 'client' => $client,
'session' => $session, 'session' => $session,
'scope' => $scope 'scope' => $scope
@ -159,7 +246,7 @@ class AuthServer
if (is_null($identifier)) { if (is_null($identifier)) {
$identifier = $grantType->getIdentifier(); $identifier = $grantType->getIdentifier();
} }
self::$grantTypes[$identifier] = $grantType; $this->grantTypes[$identifier] = $grantType;
if ( ! is_null($grantType->getResponseType())) { if ( ! is_null($grantType->getResponseType())) {
$this->responseTypes[] = $grantType->getResponseType(); $this->responseTypes[] = $grantType->getResponseType();
@ -171,9 +258,14 @@ class AuthServer
* @param string $identifier The grant type identifier * @param string $identifier The grant type identifier
* @return boolean Returns "true" if enabled, "false" if not * @return boolean Returns "true" if enabled, "false" if not
*/ */
public static function hasGrantType($identifier) public function hasGrantType($identifier)
{ {
return (array_key_exists($identifier, self::$grantTypes)); return (array_key_exists($identifier, $this->grantTypes));
}
public function getResponseTypes()
{
return $this->responseTypes;
} }
/** /**
@ -186,6 +278,43 @@ class AuthServer
$this->requireScopeParam = $require; $this->requireScopeParam = $require;
} }
/**
* Is the scope parameter required?
* @return bool
*/
public function scopeParamRequired()
{
return $this->requireScopeParam;
}
/**
* Default scope to be used if none is provided and requireScopeParam is false
* @var string
*/
public function setDefaultScope($default = null)
{
$this->defaultScope = $default;
}
/**
* Default scope to be used if none is provided and requireScopeParam is false
* @return string|null
*/
public function getDefaultScope()
{
return $this->defaultScope;
}
/**
* Require the "state" paremter in checkAuthoriseParams()
* @param boolean $require
* @return void
*/
public function stateParamRequired()
{
return $this->requireStateParam;
}
/** /**
* Require the "state" paremter in checkAuthoriseParams() * Require the "state" paremter in checkAuthoriseParams()
* @param boolean $require * @param boolean $require
@ -220,9 +349,9 @@ class AuthServer
* Get the TTL for an access token * Get the TTL for an access token
* @return int The TTL * @return int The TTL
*/ */
public static function getExpiresIn() public function getExpiresIn()
{ {
return self::$expiresIn; return $this->expiresIn;
} }
/** /**
@ -231,7 +360,7 @@ class AuthServer
*/ */
public function setExpiresIn($expiresIn) public function setExpiresIn($expiresIn)
{ {
self::$expiresIn = $expiresIn; $this->expiresIn = $expiresIn;
} }
/** /**
@ -241,7 +370,7 @@ class AuthServer
*/ */
public function setRequest(Util\RequestInterface $request) public function setRequest(Util\RequestInterface $request)
{ {
self::$request = $request; $this->request = $request;
} }
/** /**
@ -249,16 +378,16 @@ class AuthServer
* *
* @return Util\RequestInterface * @return Util\RequestInterface
*/ */
public static function getRequest() public function getRequest()
{ {
if (self::$request === null) { if ($this->request === null) {
// @codeCoverageIgnoreStart // @codeCoverageIgnoreStart
self::$request = Request::buildFromGlobals(); $this->request = Request::buildFromGlobals();
} }
// @codeCoverageIgnoreEnd // @codeCoverageIgnoreEnd
return self::$request; return $this->request;
} }
/** /**
@ -266,106 +395,9 @@ class AuthServer
* @param string $obj The class required * @param string $obj The class required
* @return Storage\ClientInterface|Storage\ScopeInterface|Storage\SessionInterface * @return Storage\ClientInterface|Storage\ScopeInterface|Storage\SessionInterface
*/ */
public static function getStorage($obj) public function getStorage($obj)
{ {
return self::$storages[$obj]; return $this->storages[$obj];
}
/**
* Check authorise parameters
*
* @param array $inputParams Optional array of parsed $_GET keys
* @throws \OAuth2\Exception\ClientException
* @return array Authorise request parameters
*/
public function checkAuthoriseParams($inputParams = array())
{
// Auth params
$authParams = self::getParam(array('client_id', 'redirect_uri', 'response_type', 'scope', 'state'), 'get', $inputParams);
if (is_null($authParams['client_id'])) {
throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'client_id'), 0);
}
if (is_null($authParams['redirect_uri'])) {
throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'redirect_uri'), 0);
}
if ($this->requireStateParam === true && is_null($authParams['state'])) {
throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'state'), 0);
}
// Validate client ID and redirect URI
$clientDetails = self::getStorage('client')->getClient($authParams['client_id'], null, $authParams['redirect_uri']);
if ($clientDetails === false) {
throw new Exception\ClientException(self::$exceptionMessages['invalid_client'], 8);
}
$authParams['client_details'] = $clientDetails;
if (is_null($authParams['response_type'])) {
throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'response_type'), 0);
}
// Ensure response type is one that is recognised
if ( ! in_array($authParams['response_type'], $this->responseTypes)) {
throw new Exception\ClientException(self::$exceptionMessages['unsupported_response_type'], 3);
}
// Validate scopes
$scopes = explode($this->scopeDelimeter, $authParams['scope']);
for ($i = 0; $i < count($scopes); $i++) {
$scopes[$i] = trim($scopes[$i]);
if ($scopes[$i] === '') unset($scopes[$i]); // Remove any junk scopes
}
if ($this->requireScopeParam === true && count($scopes) === 0) {
throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'scope'), 0);
}
$authParams['scopes'] = array();
foreach ($scopes as $scope) {
$scopeDetails = self::getStorage('scope')->getScope($scope);
if ($scopeDetails === false) {
throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_scope'], $scope), 4);
}
$authParams['scopes'][] = $scopeDetails;
}
return $authParams;
}
/**
* Parse a new authorise request
*
* @param string $type The session owner's type
* @param string $typeId The session owner's ID
* @param array $authParams The authorise request $_GET parameters
* @return string An authorisation code
*/
public function newAuthoriseRequest($type, $typeId, $authParams = array())
{
// Generate an auth code
$authCode = SecureKey::make();
// Remove any old sessions the user might have
self::getStorage('session')->deleteSession($authParams['client_id'], $type, $typeId);
// Create a new session
$sessionId = self::getStorage('session')->createSession($authParams['client_id'], $authParams['redirect_uri'], $type, $typeId, $authCode);
// Associate scopes with the new session
foreach ($authParams['scopes'] as $scope)
{
self::getStorage('session')->associateScope($sessionId, $scope['id']);
}
return $authCode;
} }
/** /**
@ -376,14 +408,14 @@ class AuthServer
*/ */
public function issueAccessToken($inputParams = array()) public function issueAccessToken($inputParams = array())
{ {
$grantType = self::getParam('grant_type', 'post', $inputParams); $grantType = $this->getParam('grant_type', 'post', $inputParams);
if (is_null($grantType)) { if (is_null($grantType)) {
throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'grant_type'), 0); throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'grant_type'), 0);
} }
// Ensure grant type is one that is recognised and is enabled // Ensure grant type is one that is recognised and is enabled
if ( ! in_array($grantType, array_keys(self::$grantTypes))) { if ( ! in_array($grantType, array_keys($this->grantTypes))) {
throw new Exception\ClientException(sprintf(self::$exceptionMessages['unsupported_grant_type'], $grantType), 7); throw new Exception\ClientException(sprintf(self::$exceptionMessages['unsupported_grant_type'], $grantType), 7);
} }
@ -396,26 +428,34 @@ class AuthServer
* @param string $grantType The grant type identifer * @param string $grantType The grant type identifer
* @return class * @return class
*/ */
protected function getGrantType($grantType) public function getGrantType($grantType)
{ {
return self::$grantTypes[$grantType]; return $this->grantTypes[$grantType];
} }
/** /**
* Get a parameter from passed input parameters or the Request class * Get a parameter from passed input parameters or the Request class
* @param string|array $param Requried parameter * @param string|array $param Required parameter
* @param string $method Get/put/post/delete * @param string $method Get/put/post/delete
* @param array $inputParams Passed input parameters * @param array $inputParams Passed input parameters
* @return mixed 'Null' if parameter is missing * @return mixed 'Null' if parameter is missing
*/ */
public static function getParam($param = '', $method = 'get', $inputParams = array()) public function getParam($param = '', $method = 'get', $inputParams = array(), $default = null)
{ {
if (is_string($param)) { if (is_string($param)) {
return (isset($inputParams[$param])) ? $inputParams[$param] : self::getRequest()->{$method}($param); if (isset($inputParams[$param])) {
return $inputParams[$param];
} elseif ($param === 'client_id' && ! is_null($client_id = $this->getRequest()->server('PHP_AUTH_USER'))) {
return $client_id;
} elseif ($param === 'client_secret' && ! is_null($client_secret = $this->getRequest()->server('PHP_AUTH_PW'))) {
return $client_secret;
} else {
return $this->getRequest()->{$method}($param, $default);
}
} else { } else {
$response = array(); $response = array();
foreach ($param as $p) { foreach ($param as $p) {
$response[$p] = self::getParam($p, $method, $inputParams); $response[$p] = $this->getParam($p, $method, $inputParams);
} }
return $response; return $response;
} }

174
src/OAuth2/Grant/AuthCode.php
View File

@ -36,6 +36,22 @@ class AuthCode implements GrantTypeInterface {
*/ */
protected $responseType = 'code'; protected $responseType = 'code';
/**
* AuthServer instance
* @var AuthServer
*/
protected $authServer = null;
/**
* Constructor
* @param AuthServer $authServer AuthServer instance
* @return void
*/
public function __construct(AuthServer $authServer)
{
$this->authServer = $authServer;
}
/** /**
* Return the identifier * Return the identifier
* @return string * @return string
@ -54,6 +70,112 @@ class AuthCode implements GrantTypeInterface {
return $this->responseType; return $this->responseType;
} }
/**
* Check authorise parameters
*
* @param array $inputParams Optional array of parsed $_GET keys
* @throws \OAuth2\Exception\ClientException
* @return array Authorise request parameters
*/
public function checkAuthoriseParams($inputParams = array())
{
// Auth params
$authParams = $this->authServer->getParam(array('client_id', 'redirect_uri', 'response_type', 'scope', 'state'), 'get', $inputParams);
if (is_null($authParams['client_id'])) {
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_id'), 0);
}
if (is_null($authParams['redirect_uri'])) {
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'redirect_uri'), 0);
}
if ($this->authServer->stateParamRequired() === true && is_null($authParams['state'])) {
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'state'), 0);
}
// Validate client ID and redirect URI
$clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], null, $authParams['redirect_uri']);
if ($clientDetails === false) {
throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_client'), 8);
}
$authParams['client_details'] = $clientDetails;
if (is_null($authParams['response_type'])) {
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'response_type'), 0);
}
// Ensure response type is one that is recognised
if ( ! in_array($authParams['response_type'], $this->authServer->getResponseTypes())) {
throw new Exception\ClientException($this->authServer->getExceptionMessage('unsupported_response_type'), 3);
}
// Validate scopes
$scopes = explode($this->authServer->getScopeDelimeter(), $authParams['scope']);
for ($i = 0; $i < count($scopes); $i++) {
$scopes[$i] = trim($scopes[$i]);
if ($scopes[$i] === '') unset($scopes[$i]); // Remove any junk scopes
}
if ($this->authServer->scopeParamRequired() === true && count($scopes) === 0) {
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'scope'), 0);
} elseif (count($scopes) === 0 && $this->authServer->getDefaultScope()) {
$scopes = array($this->authServer->getDefaultScope());
}
$authParams['scopes'] = array();
foreach ($scopes as $scope) {
$scopeDetails = $this->authServer->getStorage('scope')->getScope($scope, $authParams['client_id'], $this->identifier);
if ($scopeDetails === false) {
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_scope'), $scope), 4);
}
$authParams['scopes'][] = $scopeDetails;
}
return $authParams;
}
/**
* Parse a new authorise request
*
* @param string $type The session owner's type
* @param string $typeId The session owner's ID
* @param array $authParams The authorise request $_GET parameters
* @return string An authorisation code
*/
public function newAuthoriseRequest($type, $typeId, $authParams = array())
{
// Generate an auth code
$authCode = SecureKey::make();
// Remove any old sessions the user might have
$this->authServer->getStorage('session')->deleteSession($authParams['client_id'], $type, $typeId);
// List of scopes IDs
$scopeIds = array();
foreach ($authParams['scopes'] as $scope)
{
$scopeIds[] = $scope['id'];
}
// Create a new session
$sessionId = $this->authServer->getStorage('session')->createSession($authParams['client_id'], $type, $typeId);
// Associate a redirect URI
$this->authServer->getStorage('session')->associateRedirectUri($sessionId, $authParams['redirect_uri']);
// Associate the auth code
$this->authServer->getStorage('session')->associateAuthCode($sessionId, $authCode, time()+600, implode(',', $scopeIds));
return $authCode;
}
/** /**
* Complete the auth code grant * Complete the auth code grant
* @param null|array $inputParams * @param null|array $inputParams
@ -62,58 +184,61 @@ class AuthCode implements GrantTypeInterface {
public function completeFlow($inputParams = null) public function completeFlow($inputParams = null)
{ {
// Get the required params // Get the required params
$authParams = AuthServer::getParam(array('client_id', 'client_secret', 'redirect_uri', 'code'), 'post', $inputParams); $authParams = $this->authServer->getParam(array('client_id', 'client_secret', 'redirect_uri', 'code'), 'post', $inputParams);
if (is_null($authParams['client_id'])) { if (is_null($authParams['client_id'])) {
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_id'), 0); throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_id'), 0);
} }
if (is_null($authParams['client_secret'])) { if (is_null($authParams['client_secret'])) {
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_secret'), 0); throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_secret'), 0);
} }
if (is_null($authParams['redirect_uri'])) { if (is_null($authParams['redirect_uri'])) {
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'redirect_uri'), 0); throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'redirect_uri'), 0);
} }
// Validate client ID and redirect URI // Validate client ID and redirect URI
$clientDetails = AuthServer::getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret'], $authParams['redirect_uri']); $clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret'], $authParams['redirect_uri'], $this->identifier);
if ($clientDetails === false) { if ($clientDetails === false) {
throw new Exception\ClientException(AuthServer::getExceptionMessage('invalid_client'), 8); throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_client'), 8);
} }
$authParams['client_details'] = $clientDetails; $authParams['client_details'] = $clientDetails;
// Validate the authorization code // Validate the authorization code
if (is_null($authParams['code'])) { if (is_null($authParams['code'])) {
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'code'), 0); throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'code'), 0);
} }
// Verify the authorization code matches the client_id and the request_uri // Verify the authorization code matches the client_id and the request_uri
$session = AuthServer::getStorage('session')->validateAuthCode($authParams['client_id'], $authParams['redirect_uri'], $authParams['code']); $session = $this->authServer->getStorage('session')->validateAuthCode($authParams['client_id'], $authParams['redirect_uri'], $authParams['code']);
if ( ! $session) { if ( ! $session) {
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_grant'), 'code'), 9); throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_grant'), 'code'), 9);
} }
// A session ID was returned so update it with an access token, // A session ID was returned so update it with an access token and remove the authorisation code
// remove the authorisation code, change the stage to 'granted'
$accessToken = SecureKey::make(); $accessToken = SecureKey::make();
$refreshToken = (AuthServer::hasGrantType('refresh_token')) ? SecureKey::make() : null; $accessTokenExpires = time() + $this->authServer->getExpiresIn();
$accessTokenExpiresIn = $this->authServer->getExpiresIn();
$accessTokenExpires = time() + AuthServer::getExpiresIn(); // Remove the auth code
$accessTokenExpiresIn = AuthServer::getExpiresIn(); $this->authServer->getStorage('session')->removeAuthCode($session['id']);
AuthServer::getStorage('session')->updateSession( // Create an access token
$session['id'], $accessTokenId = $this->authServer->getStorage('session')->associateAccessToken($session['id'], $accessToken, $accessTokenExpires);
null,
$accessToken, // Associate scopes with the access token
$refreshToken, if ( ! is_null($session['scope_ids'])) {
$accessTokenExpires, $scopeIds = explode(',', $session['scope_ids']);
'granted'
); foreach ($scopeIds as $scopeId) {
$this->authServer->getStorage('session')->associateScope($accessTokenId, $scopeId);
}
}
$response = array( $response = array(
'access_token' => $accessToken, 'access_token' => $accessToken,
@ -122,7 +247,10 @@ class AuthCode implements GrantTypeInterface {
'expires_in' => $accessTokenExpiresIn 'expires_in' => $accessTokenExpiresIn
); );
if (AuthServer::hasGrantType('refresh_token')) { // Associate a refresh token if set
if ($this->authServer->hasGrantType('refresh_token')) {
$refreshToken = SecureKey::make();
$this->authServer->getStorage('session')->associateRefreshToken($accessTokenId, $refreshToken);
$response['refresh_token'] = $refreshToken; $response['refresh_token'] = $refreshToken;
} }

83
src/OAuth2/Grant/ClientCredentials.php
View File

@ -1,6 +1,6 @@
<?php <?php
/** /**
* OAuth 2.0 Auth code grant * OAuth 2.0 Client credentials grant
* *
* @package lncd/oauth2 * @package lncd/oauth2
* @author Alex Bilbie <hello@alexbilbie.com> * @author Alex Bilbie <hello@alexbilbie.com>
@ -36,6 +36,22 @@ class ClientCredentials implements GrantTypeInterface {
*/ */
protected $responseType = null; protected $responseType = null;
/**
* AuthServer instance
* @var AuthServer
*/
protected $authServer = null;
/**
* Constructor
* @param AuthServer $authServer AuthServer instance
* @return void
*/
public function __construct(AuthServer $authServer)
{
$this->authServer = $authServer;
}
/** /**
* Return the identifier * Return the identifier
* @return string * @return string
@ -62,7 +78,7 @@ class ClientCredentials implements GrantTypeInterface {
public function completeFlow($inputParams = null) public function completeFlow($inputParams = null)
{ {
// Get the required params // Get the required params
$authParams = AuthServer::getParam(array('client_id', 'client_secret'), 'post', $inputParams); $authParams = $this->authServer->getParam(array('client_id', 'client_secret'), 'post', $inputParams);
if (is_null($authParams['client_id'])) { if (is_null($authParams['client_id'])) {
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_id'), 0); throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_id'), 0);
@ -73,7 +89,7 @@ class ClientCredentials implements GrantTypeInterface {
} }
// Validate client ID and client secret // Validate client ID and client secret
$clientDetails = AuthServer::getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret']); $clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret'], null, $this->identifier);
if ($clientDetails === false) { if ($clientDetails === false) {
throw new Exception\ClientException(AuthServer::getExceptionMessage('invalid_client'), 8); throw new Exception\ClientException(AuthServer::getExceptionMessage('invalid_client'), 8);
@ -81,28 +97,53 @@ class ClientCredentials implements GrantTypeInterface {
$authParams['client_details'] = $clientDetails; $authParams['client_details'] = $clientDetails;
// Validate any scopes that are in the request
$scope = $this->authServer->getParam('scope', 'post', $inputParams, '');
$scopes = explode($this->authServer->getScopeDelimeter(), $scope);
for ($i = 0; $i < count($scopes); $i++) {
$scopes[$i] = trim($scopes[$i]);
if ($scopes[$i] === '') unset($scopes[$i]); // Remove any junk scopes
}
if ($this->authServer->scopeParamRequired() === true && count($scopes) === 0) {
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'scope'), 0);
} elseif (count($scopes) === 0 && $this->authServer->getDefaultScope()) {
$scopes = array($this->authServer->getDefaultScope());
}
$authParams['scopes'] = array();
foreach ($scopes as $scope) {
$scopeDetails = $this->authServer->getStorage('scope')->getScope($scope, $authParams['client_id'], $this->identifier);
if ($scopeDetails === false) {
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_scope'), $scope), 4);
}
$authParams['scopes'][] = $scopeDetails;
}
// Generate an access token // Generate an access token
$accessToken = SecureKey::make(); $accessToken = SecureKey::make();
$refreshToken = (AuthServer::hasGrantType('refresh_token')) ? SecureKey::make() : null;
$accessTokenExpires = time() + AuthServer::getExpiresIn(); $accessTokenExpires = time() + $this->authServer->getExpiresIn();
$accessTokenExpiresIn = AuthServer::getExpiresIn(); $accessTokenExpiresIn = $this->authServer->getExpiresIn();
// Delete any existing sessions just to be sure // Delete any existing sessions just to be sure
AuthServer::getStorage('session')->deleteSession($authParams['client_id'], 'client', $authParams['client_id']); $this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'client', $authParams['client_id']);
// Create a new session // Create a new session
AuthServer::getStorage('session')->createSession( $sessionId = $this->authServer->getStorage('session')->createSession($authParams['client_id'], 'client', $authParams['client_id']);
$authParams['client_id'],
null, // Add the access token
'client', $accessTokenId = $this->authServer->getStorage('session')->associateAccessToken($sessionId, $accessToken, $accessTokenExpires);
$authParams['client_id'],
null, // Associate scopes with the new session
$accessToken, foreach ($authParams['scopes'] as $scope)
$refreshToken, {
$accessTokenExpires, $this->authServer->getStorage('session')->associateScope($accessTokenId, $scope['id']);
'granted' }
);
$response = array( $response = array(
'access_token' => $accessToken, 'access_token' => $accessToken,
@ -111,11 +152,7 @@ class ClientCredentials implements GrantTypeInterface {
'expires_in' => $accessTokenExpiresIn 'expires_in' => $accessTokenExpiresIn
); );
if (AuthServer::hasGrantType('refresh_token')) {
$response['refresh_token'] = $refreshToken;
}
return $response; return $response;
} }
} }

15
src/OAuth2/Grant/GrantTypeInterface.php
View File

@ -21,10 +21,17 @@ use OAuth2\Storage\ScopeInterface;
interface GrantTypeInterface interface GrantTypeInterface
{ {
/** /**
* Returns the grant identifier (used to validate grant_type in OAuth2\AuthServer\issueAccessToken()) * Constructor
* @return string * @param AuthServer $authServer AuthServer instance
*/ * @return void
*/
public function __construct(AuthServer $authServer);
/**
* Returns the grant identifier (used to validate grant_type in OAuth2\AuthServer\issueAccessToken())
* @return string
*/
public function getIdentifier(); public function getIdentifier();
/** /**

107
src/OAuth2/Grant/Implicit.php Normal file
View File

@ -0,0 +1,107 @@
<?php
/**
* OAuth 2.0 implicit grant
*
* @package lncd/oauth2
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) 2013 University of Lincoln
* @license http://mit-license.org/
* @link http://github.com/lncd/oauth2
*/
namespace OAuth2\Grant;
use OAuth2\Request;
use OAuth2\AuthServer;
use OAuth2\Exception;
use OAuth2\Util\SecureKey;
use OAuth2\Storage\SessionInterface;
use OAuth2\Storage\ClientInterface;
use OAuth2\Storage\ScopeInterface;
/**
* Client credentials grant class
*/
class Implict implements GrantTypeInterface {
/**
* Grant identifier
* @var string
*/
protected $identifier = 'implicit';
/**
* Response type
* @var string
*/
protected $responseType = 'token';
/**
* AuthServer instance
* @var AuthServer
*/
protected $authServer = null;
/**
* Constructor
* @param AuthServer $authServer AuthServer instance
* @return void
*/
public function __construct(AuthServer $authServer)
{
$this->authServer = $authServer;
}
/**
* Return the identifier
* @return string
*/
public function getIdentifier()
{
return $this->identifier;
}
/**
* Return the response type
* @return string
*/
public function getResponseType()
{
return $this->responseType;
}
/**
* Complete the client credentials grant
* @param null|array $inputParams
* @return array
*/
public function completeFlow($authParams = null)
{
// Remove any old sessions the user might have
$this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'user', $authParams['user_id']);
// Generate a new access token
$accessToken = SecureKey::make();
// Compute expiry time
$accessTokenExpires = time() + $this->authServer->getExpiresIn();
// Create a new session
$sessionId = $this->authServer->getStorage('session')->createSession($authParams['client_id'], 'user', $authParams['user_id']);
// Create an access token
$accessTokenId = $this->authServer->getStorage('session')->associateAccessToken($sessionId, $accessToken, $accessTokenExpires);
// Associate scopes with the access token
foreach ($authParams['scopes'] as $scope) {
$this->authServer->getStorage('session')->associateScope($accessTokenId, $scope['id']);
}
$response = array(
'access_token' => $accessToken
);
return $response;
}
}

96
src/OAuth2/Grant/Password.php
View File

@ -42,6 +42,22 @@ class Password implements GrantTypeInterface {
*/ */
protected $callback = null; protected $callback = null;
/**
* AuthServer instance
* @var AuthServer
*/
protected $authServer = null;
/**
* Constructor
* @param AuthServer $authServer AuthServer instance
* @return void
*/
public function __construct(AuthServer $authServer)
{
$this->authServer = $authServer;
}
/** /**
* Return the identifier * Return the identifier
* @return string * @return string
@ -90,62 +106,85 @@ class Password implements GrantTypeInterface {
public function completeFlow($inputParams = null) public function completeFlow($inputParams = null)
{ {
// Get the required params // Get the required params
$authParams = AuthServer::getParam(array('client_id', 'client_secret', 'username', 'password'), 'post', $inputParams); $authParams = $this->authServer->getParam(array('client_id', 'client_secret', 'username', 'password'), 'post', $inputParams);
if (is_null($authParams['client_id'])) { if (is_null($authParams['client_id'])) {
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_id'), 0); throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_id'), 0);
} }
if (is_null($authParams['client_secret'])) { if (is_null($authParams['client_secret'])) {
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_secret'), 0); throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_secret'), 0);
} }
// Validate client ID and redirect URI // Validate client credentials
$clientDetails = AuthServer::getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret']); $clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret'], null, $this->identifier);
if ($clientDetails === false) { if ($clientDetails === false) {
throw new Exception\ClientException(AuthServer::getExceptionMessage('invalid_client'), 8); throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_client'), 8);
} }
$authParams['client_details'] = $clientDetails; $authParams['client_details'] = $clientDetails;
if (is_null($authParams['username'])) { if (is_null($authParams['username'])) {
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'username'), 0); throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'username'), 0);
} }
if (is_null($authParams['password'])) { if (is_null($authParams['password'])) {
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'password'), 0); throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'password'), 0);
} }
// Check if user's username and password are correct // Check if user's username and password are correct
$userId = call_user_func($this->getVerifyCredentialsCallback(), $authParams['username'], $authParams['password']); $userId = call_user_func($this->getVerifyCredentialsCallback(), $authParams['username'], $authParams['password']);
if ($userId === false || $userId === null) { if ($userId === false) {
throw new Exception\ClientException(AuthServer::getExceptionMessage('invalid_credentials'), 0); throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_credentials'), 0);
}
// Validate any scopes that are in the request
$scope = $this->authServer->getParam('scope', 'post', $inputParams, '');
$scopes = explode($this->authServer->getScopeDelimeter(), $scope);
for ($i = 0; $i < count($scopes); $i++) {
$scopes[$i] = trim($scopes[$i]);
if ($scopes[$i] === '') unset($scopes[$i]); // Remove any junk scopes
}
if ($this->authServer->scopeParamRequired() === true && count($scopes) === 0) {
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'scope'), 0);
} elseif (count($scopes) === 0 && $this->authServer->getDefaultScope()) {
$scopes = array($this->authServer->getDefaultScope());
}
$authParams['scopes'] = array();
foreach ($scopes as $scope) {
$scopeDetails = $this->authServer->getStorage('scope')->getScope($scope, $authParams['client_id'], $this->identifier);
if ($scopeDetails === false) {
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_scope'), $scope), 4);
}
$authParams['scopes'][] = $scopeDetails;
} }
// Generate an access token // Generate an access token
$accessToken = SecureKey::make(); $accessToken = SecureKey::make();
$refreshToken = (AuthServer::hasGrantType('refresh_token')) ? SecureKey::make() : null; $accessTokenExpires = time() + $this->authServer->getExpiresIn();
$accessTokenExpiresIn = $this->authServer->getExpiresIn();
$accessTokenExpires = time() + AuthServer::getExpiresIn();
$accessTokenExpiresIn = AuthServer::getExpiresIn();
// Delete any existing sessions just to be sure // Delete any existing sessions just to be sure
AuthServer::getStorage('session')->deleteSession($authParams['client_id'], 'user', $userId); $this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'user', $userId);
// Create a new session // Create a new session
AuthServer::getStorage('session')->createSession( $sessionId = $this->authServer->getStorage('session')->createSession($authParams['client_id'], 'user', $userId);
$authParams['client_id'],
null, // Associate an access token with the session
'user', $accessTokenId = $this->authServer->getStorage('session')->associateAccessToken($sessionId, $accessToken, $accessTokenExpires);
$userId,
null, // Associate scopes with the access token
$accessToken, foreach ($authParams['scopes'] as $scope) {
$refreshToken, $this->authServer->getStorage('session')->associateScope($accessTokenId, $scope['id']);
$accessTokenExpires, }
'granted'
);
$response = array( $response = array(
'access_token' => $accessToken, 'access_token' => $accessToken,
@ -154,7 +193,10 @@ class Password implements GrantTypeInterface {
'expires_in' => $accessTokenExpiresIn 'expires_in' => $accessTokenExpiresIn
); );
if (AuthServer::hasGrantType('refresh_token')) { // Associate a refresh token if set
if ($this->authServer->hasGrantType('refresh_token')) {
$refreshToken = SecureKey::make();
$this->authServer->getStorage('session')->associateRefreshToken($accessTokenId, $refreshToken);
$response['refresh_token'] = $refreshToken; $response['refresh_token'] = $refreshToken;
} }

60
src/OAuth2/Grant/RefreshToken.php
View File

@ -36,6 +36,22 @@ class RefreshToken implements GrantTypeInterface {
*/ */
protected $responseType = null; protected $responseType = null;
/**
* AuthServer instance
* @var AuthServer
*/
protected $authServer = null;
/**
* Constructor
* @param AuthServer $authServer AuthServer instance
* @return void
*/
public function __construct(AuthServer $authServer)
{
$this->authServer = $authServer;
}
/** /**
* Return the identifier * Return the identifier
* @return string * @return string
@ -62,47 +78,55 @@ class RefreshToken implements GrantTypeInterface {
public function completeFlow($inputParams = null) public function completeFlow($inputParams = null)
{ {
// Get the required params // Get the required params
$authParams = AuthServer::getParam(array('client_id', 'client_secret', 'refresh_token'), 'post', $inputParams); $authParams = $this->authServer->getParam(array('client_id', 'client_secret', 'refresh_token'), 'post', $inputParams);
if (is_null($authParams['client_id'])) { if (is_null($authParams['client_id'])) {
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_id'), 0); throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_id'), 0);
} }
if (is_null($authParams['client_secret'])) { if (is_null($authParams['client_secret'])) {
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_secret'), 0); throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_secret'), 0);
} }
// Validate client ID and client secret // Validate client ID and client secret
$clientDetails = AuthServer::getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret']); $clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret'], null, $this->identifier);
if ($clientDetails === false) { if ($clientDetails === false) {
throw new Exception\ClientException(AuthServer::getExceptionMessage('invalid_client'), 8); throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_client'), 8);
} }
$authParams['client_details'] = $clientDetails; $authParams['client_details'] = $clientDetails;
if (is_null($authParams['refresh_token'])) { if (is_null($authParams['refresh_token'])) {
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'refresh_token'), 0); throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'refresh_token'), 0);
} }
// Validate refresh token // Validate refresh token
$sessionId = AuthServer::getStorage('client')->validateRefreshToken( $accessTokenId = $this->authServer->getStorage('session')->validateRefreshToken($authParams['refresh_token']);
$authParams['refresh_token'],
$authParams['client_id']
);
if ($sessionId === false) { if ($accessTokenId === false) {
throw new Exception\ClientException(AuthServer::getExceptionMessage('invalid_refresh'), 0); throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_refresh'), 0);
} }
// Generate new tokens // Get the existing access token
$accessTokenDetails = $this->authServer->getStorage('session')->getAccessToken($accessTokenId);
// Get the scopes for the existing access token
$scopes = $this->authServer->getStorage('session')->getScopes($accessTokenDetails['access_token']);
// Generate new tokens and associate them to the session
$accessToken = SecureKey::make(); $accessToken = SecureKey::make();
$refreshToken = (AuthServer::hasGrantType('refresh_token')) ? SecureKey::make() : null; $accessTokenExpires = time() + $this->authServer->getExpiresIn();
$accessTokenExpiresIn = $this->authServer->getExpiresIn();
$refreshToken = SecureKey::make();
$accessTokenExpires = time() + AuthServer::getExpiresIn(); $newAccessTokenId = $this->authServer->getStorage('session')->associateAccessToken($accessTokenDetails['session_id'], $accessToken, $accessTokenExpires);
$accessTokenExpiresIn = AuthServer::getExpiresIn();
AuthServer::getStorage('session')->updateRefreshToken($sessionId, $accessToken, $refreshToken, $accessTokenExpires); foreach ($scopes as $scope) {
$this->authServer->getStorage('session')->associateScope($newAccessTokenId, $scope['id']);
}
$this->authServer->getStorage('session')->associateRefreshToken($newAccessTokenId, $refreshToken);
return array( return array(
'access_token' => $accessToken, 'access_token' => $accessToken,
@ -113,4 +137,4 @@ class RefreshToken implements GrantTypeInterface {
); );
} }
} }

32
src/OAuth2/ResourceServer.php
View File

@ -13,7 +13,6 @@ namespace OAuth2;
use OutOfBoundsException; use OutOfBoundsException;
use OAuth2\Storage\SessionInterface; use OAuth2\Storage\SessionInterface;
use OAuth2\Storage\SessionScopeInterface;
use OAuth2\Util\RequestInterface; use OAuth2\Util\RequestInterface;
use OAuth2\Util\Request; use OAuth2\Util\Request;
@ -164,24 +163,37 @@ class ResourceServer
*/ */
public function isValid() public function isValid()
{ {
$access_token = $this->determineAccessToken(); $accessToken = $this->determineAccessToken();
$result = $this->storages['session']->validateAccessToken($access_token); $result = $this->storages['session']->validateAccessToken($accessToken);
if ( ! $result) { if ( ! $result) {
throw new Exception\InvalidAccessTokenException('Access token is not valid'); throw new Exception\InvalidAccessTokenException('Access token is not valid');
} }
$this->accessToken = $access_token; $this->accessToken = $accessToken;
$this->sessionId = $result['id']; $this->sessionId = $result['session_id'];
$this->clientId = $result['client_id'];
$this->ownerType = $result['owner_type']; $this->ownerType = $result['owner_type'];
$this->ownerId = $result['owner_id']; $this->ownerId = $result['owner_id'];
$this->sessionScopes = $this->storages['session']->getScopes($this->sessionId); $sessionScopes = $this->storages['session']->getScopes($this->accessToken);
foreach ($sessionScopes as $scope) {
$this->sessionScopes[] = $scope['key'];
}
return true; return true;
} }
/**
* Get the session scopes
* @return [type] [description]
*/
public function getScopes()
{
return $this->sessionScopes;
}
/** /**
* Checks if the presented access token has the given scope(s). * Checks if the presented access token has the given scope(s).
* *
@ -216,17 +228,17 @@ class ResourceServer
protected function determineAccessToken() protected function determineAccessToken()
{ {
if ($header = $this->getRequest()->header('Authorization')) { if ($header = $this->getRequest()->header('Authorization')) {
$access_token = base64_decode(trim(str_replace('Bearer', '', $header))); $accessToken = trim(str_replace('Bearer', '', $header));
} else { } else {
$method = $this->getRequest()->server('REQUEST_METHOD'); $method = $this->getRequest()->server('REQUEST_METHOD');
$access_token = $this->getRequest()->{$method}($this->tokenKey); $accessToken = $this->getRequest()->{$method}($this->tokenKey);
} }
if (empty($access_token)) { if (empty($accessToken)) {
throw new Exception\InvalidAccessTokenException('Access token is missing'); throw new Exception\InvalidAccessTokenException('Access token is missing');
} }
return $access_token; return $accessToken;
} }
} }

3
src/OAuth2/Storage/ClientInterface.php
View File

@ -48,7 +48,8 @@ interface ClientInterface
* @param string $clientId The client's ID * @param string $clientId The client's ID
* @param string $clientSecret The client's secret (default = "null") * @param string $clientSecret The client's secret (default = "null")
* @param string $redirectUri The client's redirect URI (default = "null") * @param string $redirectUri The client's redirect URI (default = "null")
* @param string $grantType The grant type used in the request
* @return bool|array Returns false if the validation fails, array on success * @return bool|array Returns false if the validation fails, array on success
*/ */
public function getClient($clientId = null, $clientSecret = null, $redirectUri = null); public function getClient($clientId = null, $clientSecret = null, $redirectUri = null, $grantType = null);
} }

45
src/OAuth2/Storage/PDO/Client.php Normal file
View File

@ -0,0 +1,45 @@
<?php
namespace OAuth2\Storage\PDO;
use OAuth2\Storage\ClientInterface;
class Client implements ClientInterface
{
public function getClient($clientId = null, $clientSecret = null, $redirectUri = null, $grantType = null)
{
$db = \ezcDbInstance::get();
if ( ! is_null($redirectUri) && is_null($clientSecret)) {
$stmt = $db->prepare('SELECT oauth_clients.id, oauth_clients.secret, oauth_client_endpoints.redirect_uri, oauth_clients.name FROM oauth_clients LEFT JOIN oauth_client_endpoints ON oauth_client_endpoints.client_id = oauth_clients.id WHERE oauth_clients.id = :clientId AND oauth_client_endpoints.redirect_uri = :redirectUri');
$stmt->bindValue(':redirectUri', $redirectUri);
}
elseif ( ! is_null($clientSecret) && is_null($redirectUri)) {
$stmt = $db->prepare('SELECT oauth_clients.id, oauth_clients.secret, oauth_clients.name FROM oauth_clients WHERE oauth_clients.id = :clientId AND oauth_clients.secret = :clientSecret');
$stmt->bindValue(':clientSecret', $clientSecret);
}
elseif ( ! is_null($clientSecret) && ! is_null($redirectUri)) {
$stmt = $db->prepare('SELECT oauth_clients.id, oauth_clients.secret, oauth_client_endpoints.redirect_uri, oauth_clients.name FROM oauth_clients LEFT JOIN oauth_client_endpoints ON oauth_client_endpoints.client_id = oauth_clients.id WHERE oauth_clients.id = :clientId AND oauth_clients.secret = :clientSecret AND oauth_client_endpoints.redirect_uri = :redirectUri');
$stmt->bindValue(':redirectUri', $redirectUri);
$stmt->bindValue(':clientSecret', $clientSecret);
}
$stmt->bindValue(':clientId', $clientId);
$stmt->execute();
$row = $stmt->fetchObject();
if ($row === false) {
return false;
}
return array(
'client_id' => $row->id,
'client_secret' => $row->secret,
'redirect_uri' => (isset($row->redirect_uri)) ? $row->redirect_uri : null,
'name' => $row->name
);
}
}

12
src/OAuth2/Storage/PDO/Db.php Normal file
View File

@ -0,0 +1,12 @@
<?php
namespace OAuth2\Storage\PDO;
class Db
{
public function __construct($dsn = '')
{
$db = \ezcDbFactory::create($dsn);
\ezcDbInstance::set($db);
}
}

31
src/OAuth2/Storage/PDO/Scope.php Normal file
View File

@ -0,0 +1,31 @@
<?php
namespace OAuth2\Storage\PDO;
use OAuth2\Storage\ScopeInterface;
class Scope implements ScopeInterface
{
public function getScope($scope, $clientId = null, $grantType = null)
{
$db = \ezcDbInstance::get();
$stmt = $db->prepare('SELECT * FROM oauth_scopes WHERE oauth_scopes.key = :scope');
$stmt->bindValue(':scope', $scope);
$stmt->execute();
$row = $stmt->fetchObject();
if ($row === false) {
return false;
}
return array(
'id' => $row->id,
'scope' => $row->key,
'name' => $row->name,
'description' => $row->description
);
}
}

267
src/OAuth2/Storage/PDO/Session.php Normal file
View File

@ -0,0 +1,267 @@
<?php
namespace OAuth2\Storage\PDO;
use OAuth2\Storage\SessionInterface;
class Session implements SessionInterface
{
/**
* Create a new session
* @param string $clientId The client ID
* @param string $ownerType The type of the session owner (e.g. "user")
* @param string $ownerId The ID of the session owner (e.g. "123")
* @return int The session ID
*/
public function createSession($clientId, $ownerType, $ownerId)
{
$db = \ezcDbInstance::get();
$stmt = $db->prepare('INSERT INTO oauth_sessions (client_id, owner_type, owner_id) VALUE
(:clientId, :ownerType, :ownerId)');
$stmt->bindValue(':clientId', $clientId);
$stmt->bindValue(':ownerType', $ownerType);
$stmt->bindValue(':ownerId', $ownerId);
$stmt->execute();
return $db->lastInsertId();
}
/**
* Delete a session
* @param string $clientId The client ID
* @param string $ownerType The type of the session owner (e.g. "user")
* @param string $ownerId The ID of the session owner (e.g. "123")
* @return void
*/
public function deleteSession($clientId, $ownerType, $ownerId)
{
$db = \ezcDbInstance::get();
$stmt = $db->prepare('DELETE FROM oauth_sessions WHERE client_id = :clientId AND
owner_type = :type AND owner_id = :typeId');
$stmt->bindValue(':clientId', $clientId);
$stmt->bindValue(':type', $ownerType);
$stmt->bindValue(':typeId', $ownerId);
$stmt->execute();
}
/**
* Associate a redirect URI with a session
* @param int $sessionId The session ID
* @param string $redirectUri The redirect URI
* @return void
*/
public function associateRedirectUri($sessionId, $redirectUri)
{
$db = \ezcDbInstance::get();
$stmt = $db->prepare('INSERT INTO oauth_session_redirects (session_id, redirect_uri)
VALUE (:sessionId, :redirectUri)');
$stmt->bindValue(':sessionId', $sessionId);
$stmt->bindValue(':redirectUri', $redirectUri);
$stmt->execute();
}
/**
* Associate an access token with a session
* @param int $sessionId The session ID
* @param string $accessToken The access token
* @param int $expireTime Unix timestamp of the access token expiry time
* @return void
*/
public function associateAccessToken($sessionId, $accessToken, $expireTime)
{
$db = \ezcDbInstance::get();
$stmt = $db->prepare('INSERT INTO oauth_session_access_tokens (session_id, access_token, access_token_expires)
VALUE (:sessionId, :accessToken, :accessTokenExpire)');
$stmt->bindValue(':sessionId', $sessionId);
$stmt->bindValue(':accessToken', $accessToken);
$stmt->bindValue(':accessTokenExpire', $expireTime);
$stmt->execute();
return $db->lastInsertId();
}
/**
* Remove an associated access token from a session
* @param int $sessionId The session ID
* @return void
*/
public function removeAccessToken($sessionId)
{
$db = \ezcDbInstance::get();
$stmt = $db->prepare('INSERT INTO oauth_session_refresh_tokens (session_access_token_id, refresh_token) VALUE
(:accessTokenId, :refreshToken)');
$stmt->bindValue(':accessTokenId', $accessTokenId);
$stmt->bindValue(':refreshToken', $params['refresh_token']);
$stmt->execute();
}
/**
* Associate a refresh token with a session
* @param int $accessTokenId The access token ID
* @param string $refreshToken The refresh token
* @return void
*/
public function associateRefreshToken($accessTokenId, $refreshToken)
{
$db = \ezcDbInstance::get();
$stmt = $db->prepare('INSERT INTO oauth_session_refresh_tokens (session_access_token_id, refresh_token) VALUE
(:accessTokenId, :refreshToken)');
$stmt->bindValue(':accessTokenId', $accessTokenId);
$stmt->bindValue(':refreshToken', $refreshToken);
$stmt->execute();
}
/**
* Assocate an authorization code with a session
* @param int $sessionId The session ID
* @param string $authCode The authorization code
* @param int $expireTime Unix timestamp of the access token expiry time
* @param string $scopeIds Comma seperated list of scope IDs to be later associated (default = null)
* @return void
*/
public function associateAuthCode($sessionId, $authCode, $expireTime, $scopeIds = null)
{
$db = \ezcDbInstance::get();
$stmt = $db->prepare('INSERT INTO oauth_session_authcodes (session_id, auth_code, auth_code_expires, scope_ids)
VALUE (:sessionId, :authCode, :authCodeExpires, :scopeIds)');
$stmt->bindValue(':sessionId', $sessionId);
$stmt->bindValue(':authCode', $authCode);
$stmt->bindValue(':authCodeExpires', $expireTime);
$stmt->bindValue(':scopeIds', $scopeIds);
$stmt->execute();
}
/**
* Remove an associated authorization token from a session
* @param int $sessionId The session ID
* @return void
*/
public function removeAuthCode($sessionId)
{
$db = \ezcDbInstance::get();
$stmt = $db->prepare('DELETE FROM oauth_session_authcodes WHERE session_id = :sessionId');
$stmt->bindValue(':sessionId', $sessionId);
$stmt->execute();
}
/**
* Validate an authorization code
* @param string $clientId The client ID
* @param string $redirectUri The redirect URI
* @param string $authCode The authorization code
* @return void
*/
public function validateAuthCode($clientId, $redirectUri, $authCode)
{
$db = \ezcDbInstance::get();
$stmt = $db->prepare('SELECT oauth_sessions.id, oauth_session_authcodes.scope_ids FROM oauth_sessions JOIN
oauth_session_authcodes ON oauth_session_authcodes.`session_id` = oauth_sessions.id JOIN
oauth_session_redirects ON oauth_session_redirects.`session_id` = oauth_sessions.id WHERE
oauth_sessions.client_id = :clientId AND oauth_session_authcodes.`auth_code` = :authCode AND
`oauth_session_authcodes`.`auth_code_expires` >= :time AND `oauth_session_redirects`.`redirect_uri`
= :redirectUri');
$stmt->bindValue(':clientId', $clientId);
$stmt->bindValue(':redirectUri', $redirectUri);
$stmt->bindValue(':authCode', $authCode);
$stmt->bindValue(':time', time());
$stmt->execute();
$result = $stmt->fetchObject();
return ($result === false) ? false : (array) $result;
}
/**
* Validate an access token
* @param string $accessToken The access token to be validated
* @return void
*/
public function validateAccessToken($accessToken)
{
$db = \ezcDbInstance::get();
$stmt = $db->prepare('SELECT session_id, oauth_sessions.`client_id`, oauth_sessions.`owner_id`, oauth_sessions.`owner_type` FROM `oauth_session_access_tokens` JOIN oauth_sessions ON oauth_sessions.`id` = session_id WHERE access_token = :accessToken AND access_token_expires >= ' . time());
$stmt->bindValue(':accessToken', $accessToken);
$stmt->execute();
$result = $stmt->fetchObject();
return ($result === false) ? false : (array) $result;
}
/**
* Validate a refresh token
* @param string $refreshToken The access token
* @return void
*/
public function validateRefreshToken($refreshToken)
{
$db = \ezcDbInstance::get();
$stmt = $db->prepare('SELECT session_access_token_id FROM `oauth_session_refresh_tokens` WHERE
refresh_token = :refreshToken');
$stmt->bindValue(':refreshToken', $refreshToken);
$stmt->execute();
$result = $stmt->fetchObject();
return ($result === false) ? false : $result->session_access_token_id;
}
/**
* Get an access token by ID
* @param int $accessTokenId The access token ID
* @return array
*/
public function getAccessToken($accessTokenId)
{
$db = \ezcDbInstance::get();
$stmt = $db->prepare('SELECT * FROM `oauth_session_access_tokens` WHERE `id` = :accessTokenId');
$stmt->bindValue(':accessTokenId', $accessTokenId);
$stmt->execute();
$result = $stmt->fetchObject();
return ($result === false) ? false : (array) $result;
}
/**
* Associate a scope with an access token
* @param int $accessTokenId The ID of the access token
* @param int $scopeId The ID of the scope
* @return void
*/
public function associateScope($accessTokenId, $scopeId)
{
$db = \ezcDbInstance::get();
$stmt = $db->prepare('INSERT INTO `oauth_session_token_scopes` (`session_access_token_id`, `scope_id`)
VALUE (:accessTokenId, :scopeId)');
$stmt->bindValue(':accessTokenId', $accessTokenId);
$stmt->bindValue(':scopeId', $scopeId);
$stmt->execute();
}
/**
* Get all associated access tokens for an access token
* @param string $accessToken The access token
* @return array
*/
public function getScopes($accessToken)
{
$db = \ezcDbInstance::get();
$stmt = $db->prepare('SELECT oauth_scopes.* FROM oauth_session_token_scopes JOIN oauth_session_access_tokens ON oauth_session_access_tokens.`id` = `oauth_session_token_scopes`.`session_access_token_id` JOIN oauth_scopes ON oauth_scopes.id = `oauth_session_token_scopes`.`scope_id` WHERE access_token = :accessToken');
$stmt->bindValue(':accessToken', $accessToken);
$stmt->execute();
return $stmt->fetchAll();
}
}

5
src/OAuth2/Storage/ScopeInterface.php
View File

@ -34,8 +34,9 @@ interface ScopeInterface
* ) * )
* </code> * </code>
* *
* @param string $scope The scope * @param string $scope The scope
* @param string $clientId The client ID
* @return bool|array If the scope doesn't exist return false * @return bool|array If the scope doesn't exist return false
*/ */
public function getScope($scope); public function getScope($scope, $clientId = null, $grantType = null);
} }

283
src/OAuth2/Storage/SessionInterface.php
View File

@ -13,224 +13,115 @@ namespace OAuth2\Storage;
interface SessionInterface interface SessionInterface
{ {
/** /**
* Create a new OAuth session * Create a new session
* * @param string $clientId The client ID
* Example SQL query: * @param string $ownerType The type of the session owner (e.g. "user")
* * @param string $ownerId The ID of the session owner (e.g. "123")
* <code> * @return int The session ID
* INSERT INTO oauth_sessions (client_id, redirect_uri, owner_type,
* owner_id, auth_code, access_token, refresh_token, stage, first_requested,
* last_updated) VALUES ($clientId, $redirectUri, $type, $typeId, $authCode,
* $accessToken, $stage, UNIX_TIMESTAMP(NOW()), UNIX_TIMESTAMP(NOW()))
* </code>
*
* @param string $clientId The client ID
* @param string $redirectUri The redirect URI
* @param string $type The session owner's type (default = "user")
* @param string $typeId The session owner's ID (default = "null")
* @param string $authCode The authorisation code (default = "null")
* @param string $accessToken The access token (default = "null")
* @param string $refreshToken The refresh token (default = "null")
* @param int $accessTokenExpire The expiry time of an access token as a unix timestamp
* @param string $stage The stage of the session (default ="request")
* @return int The session ID
*/ */
public function createSession( public function createSession($clientId, $ownerType, $ownerId);
$clientId,
$redirectUri,
$type = 'user',
$typeId = null,
$authCode = null,
$accessToken = null,
$refreshToken = null,
$accessTokenExpire = null,
$stage = 'requested'
);
/** /**
* Update an OAuth session * Delete a session
* * @param string $clientId The client ID
* Example SQL query: * @param string $ownerType The type of the session owner (e.g. "user")
* * @param string $ownerId The ID of the session owner (e.g. "123")
* <code> * @return void
* UPDATE oauth_sessions SET auth_code = $authCode, access_token =
* $accessToken, stage = $stage, last_updated = UNIX_TIMESTAMP(NOW()) WHERE
* id = $sessionId
* </code>
*
* @param string $sessionId The session ID
* @param string $authCode The authorisation code (default = "null")
* @param string $accessToken The access token (default = "null")
* @param string $refreshToken The refresh token (default = "null")
* @param int $accessTokenExpire The expiry time of an access token as a unix timestamp
* @param string $stage The stage of the session (default ="request")
* @return void
*/ */
public function updateSession( public function deleteSession($clientId, $ownerType, $ownerId);
$sessionId,
$authCode = null,
$accessToken = null,
$refreshToken = null,
$accessTokenExpire = null,
$stage = 'requested'
);
/** /**
* Delete an OAuth session * Associate a redirect URI with a session
* * @param int $sessionId The session ID
* <code> * @param string $redirectUri The redirect URI
* DELETE FROM oauth_sessions WHERE client_id = $clientId AND owner_type = * @return void
* $type AND owner_id = $typeId
* </code>
*
* @param string $clientId The client ID
* @param string $type The session owner's type
* @param string $typeId The session owner's ID
* @return void
*/ */
public function deleteSession( public function associateRedirectUri($sessionId, $redirectUri);
$clientId,
$type,
$typeId
);
/** /**
* Validate that an authorisation code is valid * Associate an access token with a session
* * @param int $sessionId The session ID
* Example SQL query: * @param string $accessToken The access token
* * @param int $expireTime Unix timestamp of the access token expiry time
* <code> * @return void
* SELECT id FROM oauth_sessions WHERE client_id = $clientID AND
* redirect_uri = $redirectUri AND auth_code = $authCode
* </code>
*
* @param string $clientId The client ID
* @param string $redirectUri The redirect URI
* @param string $authCode The authorisation code
* @return int|bool Returns the session ID if the auth code
* is valid otherwise returns false
*/ */
public function validateAuthCode( public function associateAccessToken($sessionId, $accessToken, $expireTime);
$clientId,
$redirectUri, /**
$authCode * Remove an associated access token from a session
); * @param int $sessionId The session ID
* @return void
*/
public function removeAccessToken($sessionId);
/**
* Associate a refresh token with a session
* @param int $accessTokenId The access token ID
* @param string $refreshToken The refresh token
* @return void
*/
public function associateRefreshToken($accessTokenId, $refreshToken);
/**
* Assocate an authorization code with a session
* @param int $sessionId The session ID
* @param string $authCode The authorization code
* @param int $expireTime Unix timestamp of the access token expiry time
* @param string $scopeIds Comma seperated list of scope IDs to be later associated (default = null)
* @return void
*/
public function associateAuthCode($sessionId, $authCode, $expireTime, $scopeIds = null);
/**
* Remove an associated authorization token from a session
* @param int $sessionId The session ID
* @return void
*/
public function removeAuthCode($sessionId);
/**
* Validate an authorization code
* @param string $clientId The client ID
* @param string $redirectUri The redirect URI
* @param string $authCode The authorization code
* @return void
*/
public function validateAuthCode($clientId, $redirectUri, $authCode);
/** /**
* Validate an access token * Validate an access token
* * @param string $accessToken [description]
* Example SQL query: * @return void
*
* <code>
* SELECT id, owner_id, owner_type FROM oauth_sessions WHERE access_token = $accessToken
* </code>
*
* Response:
*
* <code>
* Array
* (
* [id] => (int) The session ID
* [owner_type] => (string) The owner type
* [owner_id] => (string) The owner ID
* )
* </code>
*
* @param [type] $accessToken [description]
* @return [type] [description]
*/ */
public function validateAccessToken($accessToken); public function validateAccessToken($accessToken);
/**
* Return the access token for a given session
*
* Example SQL query:
*
* <code>
* SELECT access_token FROM oauth_sessions WHERE id = $sessionId
* </code>
*
* @param int $sessionId The OAuth session ID
* @return string|null Returns the access token as a string if
* found otherwise returns null
*/
public function getAccessToken($sessionId);
/** /**
* Validate a refresh token * Validate a refresh token
* @param string $refreshToken The refresh token * @param string $refreshToken The access token
* @param string $clientId The client ID
* @return int The session ID
*/
public function validateRefreshToken($refreshToken, $clientId);
/**
* Update the refresh token
*
* Example SQL query:
*
* <code>
* UPDATE oauth_sessions SET access_token = $newAccessToken, refresh_token =
* $newRefreshToken, access_toke_expires = $accessTokenExpires, last_updated = UNIX_TIMESTAMP(NOW()) WHERE
* id = $sessionId
* </code>
*
* @param string $sessionId The session ID
* @param string $newAccessToken The new access token for this session
* @param string $newRefreshToken The new refresh token for the session
* @param int $accessTokenExpires The UNIX timestamp of when the new token expires
* @return void * @return void
*/ */
public function updateRefreshToken( public function validateRefreshToken($refreshToken);
$sessionId,
$newAccessToken,
$newRefreshToken,
$accessTokenExpires
);
/** /**
* Associates a session with a scope * Get an access token by ID
* * @param int $accessTokenId The access token ID
* Example SQL query:
*
* <code>
* INSERT INTO oauth_session_scopes (session_id, scope_id) VALUE ($sessionId,
* $scopeId)
* </code>
*
* @param int $sessionId The session ID
* @param string $scopeId The scope ID
* @return void
*/
public function associateScope($sessionId, $scopeId);
/**
* Return the scopes associated with an access token
*
* Example SQL query:
*
* <code>
* SELECT oauth_scopes.scope FROM oauth_session_scopes JOIN oauth_scopes ON
* oauth_session_scopes.scope_id = oauth_scopes.id WHERE
* session_id = $sessionId
* </code>
*
* Response:
*
* <code>
* Array
* (
* [0] => (string) The scope
* [1] => (string) The scope
* [2] => (string) The scope
* ...
* ...
* )
* </code>
*
* @param int $sessionId The session ID
* @return array * @return array
*/ */
public function getScopes($sessionId); public function getAccessToken($accessTokenId);
/**
* Associate a scope with an access token
* @param int $accessTokenId The ID of the access token
* @param int $scopeId The ID of the scope
* @return void
*/
public function associateScope($accessTokenId, $scopeId);
/**
* Get all associated access tokens for an access token
* @param string $accessToken The access token
* @return array
*/
public function getScopes($accessToken);
} }

361
tests/authorization/AuthCodeGrantTest.php Normal file
View File

@ -0,0 +1,361 @@
<?php
use \Mockery as m;
class Auth_Code_Grant_Test extends PHPUnit_Framework_TestCase
{
private $client;
private $session;
private $scope;
public function setUp()
{
$this->client = M::mock('OAuth2\Storage\ClientInterface');
$this->session = M::mock('OAuth2\Storage\SessionInterface');
$this->scope = M::mock('OAuth2\Storage\ScopeInterface');
}
private function returnDefault()
{
return new OAuth2\AuthServer($this->client, $this->session, $this->scope);
}
/**
* @expectedException OAuth2\Exception\ClientException
* @expectedExceptionCode 0
*/
public function test_checkAuthoriseParams_noClientId()
{
$a = $this->returnDefault();
$g = new OAuth2\Grant\AuthCode($a);
$a->addGrantType($g);
$g->checkAuthoriseParams();
}
/**
* @expectedException OAuth2\Exception\ClientException
* @expectedExceptionCode 0
*/
public function test_checkAuthoriseParams_noRedirectUri()
{
$a = $this->returnDefault();
$g = new OAuth2\Grant\AuthCode($a);
$a->addGrantType($g);
$g->checkAuthoriseParams(array(
'client_id' => 1234
));
}
/**
* @expectedException OAuth2\Exception\ClientException
* @expectedExceptionCode 0
*/
public function test_checkAuthoriseParams_noRequiredState()
{
$a = $this->returnDefault();
$g = new OAuth2\Grant\AuthCode($a);
$a->addGrantType($g);
$a->requireStateParam(true);
$g->checkAuthoriseParams(array(
'client_id' => 1234,
'redirect_uri' => 'http://foo/redirect'
));
}
/**
* @expectedException OAuth2\Exception\ClientException
* @expectedExceptionCode 8
*/
public function test_checkAuthoriseParams_badClient()
{
$this->client->shouldReceive('getClient')->andReturn(false);
$a = $this->returnDefault();
$g = new OAuth2\Grant\AuthCode($a);
$a->addGrantType($g);
$g->checkAuthoriseParams(array(
'client_id' => 1234,
'redirect_uri' => 'http://foo/redirect'
));
}
/**
* @expectedException OAuth2\Exception\ClientException
* @expectedExceptionCode 0
*/
public function test_checkAuthoriseParams_missingResponseType()
{
$this->client->shouldReceive('getClient')->andReturn(array(
'client_id' => 1234,
'client_secret' => 5678,
'redirect_uri' => 'http://foo/redirect',
'name' => 'Example Client'
));
$a = $this->returnDefault();
$g = new OAuth2\Grant\AuthCode($a);
$a->addGrantType($g);
$g->checkAuthoriseParams(array(
'client_id' => 1234,
'redirect_uri' => 'http://foo/redirect'
));
}
/**
* @expectedException OAuth2\Exception\ClientException
* @expectedExceptionCode 3
*/
public function test_checkAuthoriseParams_badResponseType()
{
$this->client->shouldReceive('getClient')->andReturn(array(
'client_id' => 1234,
'client_secret' => 5678,
'redirect_uri' => 'http://foo/redirect',
'name' => 'Example Client'
));
$a = $this->returnDefault();
$g = new OAuth2\Grant\AuthCode($a);
$a->addGrantType($g);
$g->checkAuthoriseParams(array(
'client_id' => 1234,
'redirect_uri' => 'http://foo/redirect',
'response_type' => 'foo'
));
}
/**
* @expectedException OAuth2\Exception\ClientException
* @expectedExceptionCode 0
*/
public function test_checkAuthoriseParams_missingScopes()
{
$this->client->shouldReceive('getClient')->andReturn(array(
'client_id' => 1234,
'client_secret' => 5678,
'redirect_uri' => 'http://foo/redirect',
'name' => 'Example Client'
));
$a = $this->returnDefault();
$g = new OAuth2\Grant\AuthCode($a);
$a->addGrantType($g);
$a->addGrantType(new OAuth2\Grant\AuthCode($a));
$g->checkAuthoriseParams(array(
'client_id' => 1234,
'redirect_uri' => 'http://foo/redirect',
'response_type' => 'code',
'scope' => ''
));
}
public function test_checkAuthoriseParams_defaultScope()
{
$this->client->shouldReceive('getClient')->andReturn(array(
'client_id' => 1234,
'client_secret' => 5678,
'redirect_uri' => 'http://foo/redirect',
'name' => 'Example Client'
));
$this->scope->shouldReceive('getScope')->andReturn(array(
'id' => 1,
'scope' => 'foo',
'name' => 'Foo Name',
'description' => 'Foo Name Description'
));
$a = $this->returnDefault();
$g = new OAuth2\Grant\AuthCode($a);
$a->addGrantType($g);
$a->addGrantType(new OAuth2\Grant\AuthCode($a));
$a->setDefaultScope('test.scope');
$a->requireScopeParam(false);
$params = $g->checkAuthoriseParams(array(
'client_id' => 1234,
'redirect_uri' => 'http://foo/redirect',
'response_type' => 'code',
'scope' => ''
));
$this->assertArrayHasKey('scopes', $params);
}
/**
* @expectedException OAuth2\Exception\ClientException
* @expectedExceptionCode 4
*/
public function test_checkAuthoriseParams_badScopes()
{
$this->client->shouldReceive('getClient')->andReturn(array(
'client_id' => 1234,
'client_secret' => 5678,
'redirect_uri' => 'http://foo/redirect',
'name' => 'Example Client'
));
$this->scope->shouldReceive('getScope')->andReturn(false);
$a = $this->returnDefault();
$g = new OAuth2\Grant\AuthCode($a);
$a->addGrantType($g);
$a->addGrantType(new OAuth2\Grant\AuthCode($a));
$g->checkAuthoriseParams(array(
'client_id' => 1234,
'redirect_uri' => 'http://foo/redirect',
'response_type' => 'code',
'scope' => 'foo'
));
}
public function test_checkAuthoriseParams_passedInput()
{
$a = $this->returnDefault();
$g = new OAuth2\Grant\AuthCode($a);
$a->addGrantType($g);
$a->addGrantType(new OAuth2\Grant\AuthCode($a));
$this->client->shouldReceive('getClient')->andReturn(array(
'client_id' => 1234,
'client_secret' => 5678,
'redirect_uri' => 'http://foo/redirect',
'name' => 'Example Client'
));
$this->scope->shouldReceive('getScope')->andReturn(array(
'id' => 1,
'scope' => 'foo',
'name' => 'Foo Name',
'description' => 'Foo Name Description'
));
$v = $g->checkAuthoriseParams(array(
'client_id' => 1234,
'redirect_uri' => 'http://foo/redirect',
'response_type' => 'code',
'scope' => 'foo',
'state' => 'xyz'
));
$this->assertEquals(array(
'client_id' => 1234,
'redirect_uri' => 'http://foo/redirect',
'client_details' => array(
'client_id' => 1234,
'client_secret' => 5678,
'redirect_uri' => 'http://foo/redirect',
'name' => 'Example Client'
),
'response_type' => 'code',
'scopes' => array(
array(
'id' => 1,
'scope' => 'foo',
'name' => 'Foo Name',
'description' => 'Foo Name Description'
)
),
'scope' => 'foo',
'state' => 'xyz'
), $v);
}
public function test_checkAuthoriseParams()
{
$this->client->shouldReceive('getClient')->andReturn(array(
'client_id' => 1234,
'client_secret' => 5678,
'redirect_uri' => 'http://foo/redirect',
'name' => 'Example Client'
));
$this->scope->shouldReceive('getScope')->andReturn(array(
'id' => 1,
'scope' => 'foo',
'name' => 'Foo Name',
'description' => 'Foo Name Description'
));
$a = $this->returnDefault();
$g = new OAuth2\Grant\AuthCode($a);
$a->addGrantType($g);
$a->addGrantType(new OAuth2\Grant\AuthCode($a));
$_GET['client_id'] = 1234;
$_GET['redirect_uri'] = 'http://foo/redirect';
$_GET['response_type'] = 'code';
$_GET['scope'] = 'foo';
$_GET['state'] = 'xyz';
$request = new OAuth2\Util\Request($_GET);
$a->setRequest($request);
$v = $g->checkAuthoriseParams();
$this->assertEquals(array(
'client_id' => 1234,
'redirect_uri' => 'http://foo/redirect',
'client_details' => array(
'client_id' => 1234,
'client_secret' => 5678,
'redirect_uri' => 'http://foo/redirect',
'name' => 'Example Client'
),
'response_type' => 'code',
'scopes' => array(
array(
'id' => 1,
'scope' => 'foo',
'name' => 'Foo Name',
'description' => 'Foo Name Description'
)
),
'scope' => 'foo',
'state' => 'xyz'
), $v);
}
function test_newAuthoriseRequest()
{
$this->session->shouldReceive('deleteSession')->andReturn(null);
$this->session->shouldReceive('createSession')->andReturn(1);
$this->session->shouldReceive('associateScope')->andReturn(null);
$this->session->shouldReceive('associateRedirectUri')->andReturn(null);
$this->session->shouldReceive('associateAuthCode')->andReturn(null);
$a = $this->returnDefault();
$g = new OAuth2\Grant\AuthCode($a);
$a->addGrantType($g);
$params = array(
'client_id' => 1234,
'redirect_uri' => 'http://foo/redirect',
'client_details' => array(
'client_id' => 1234,
'client_secret' => 5678,
'redirect_uri' => 'http://foo/redirect',
'name' => 'Example Client'
),
'response_type' => 'code',
'scopes' => array(
array(
'id' => 1,
'scope' => 'foo',
'name' => 'Foo Name',
'description' => 'Foo Name Description'
)
)
);
$v = $g->newAuthoriseRequest('user', 123, $params);
$this->assertEquals(40, strlen($v));
}
}

390
tests/authorization/AuthServerTest.php
View File

@ -50,9 +50,18 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
$this->assertEquals('access_denied', OAuth2\AuthServer::getExceptionType(2)); $this->assertEquals('access_denied', OAuth2\AuthServer::getExceptionType(2));
} }
public function test_getExceptionHttpHeaders()
{
$this->assertEquals(array('HTTP/1.1 401 Unauthorized'), OAuth2\AuthServer::getExceptionHttpHeaders('access_denied'));
$this->assertEquals(array('HTTP/1.1 500 Internal Server Error'), OAuth2\AuthServer::getExceptionHttpHeaders('server_error'));
$this->assertEquals(array('HTTP/1.1 501 Not Implemented'), OAuth2\AuthServer::getExceptionHttpHeaders('unsupported_grant_type'));
$this->assertEquals(array('HTTP/1.1 400 Bad Request'), OAuth2\AuthServer::getExceptionHttpHeaders('invalid_refresh'));
}
public function test_hasGrantType() public function test_hasGrantType()
{ {
$this->assertFalse(OAuth2\AuthServer::hasGrantType('test')); $a = $this->returnDefault();
$this->assertFalse($a->hasGrantType('test'));
} }
public function test_addGrantType() public function test_addGrantType()
@ -62,7 +71,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
$grant->shouldReceive('getResponseType')->andReturn('test'); $grant->shouldReceive('getResponseType')->andReturn('test');
$a->addGrantType($grant, 'test'); $a->addGrantType($grant, 'test');
$this->assertTrue(OAuth2\AuthServer::hasGrantType('test')); $this->assertTrue($a->hasGrantType('test'));
} }
public function test_addGrantType_noIdentifier() public function test_addGrantType_noIdentifier()
@ -73,7 +82,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
$grant->shouldReceive('getResponseType')->andReturn('test'); $grant->shouldReceive('getResponseType')->andReturn('test');
$a->addGrantType($grant); $a->addGrantType($grant);
$this->assertTrue(OAuth2\AuthServer::hasGrantType('test')); $this->assertTrue($a->hasGrantType('test'));
} }
public function test_getScopeDelimeter() public function test_getScopeDelimeter()
@ -102,6 +111,34 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
$this->assertFalse($v); $this->assertFalse($v);
} }
public function test_scopeParamRequired()
{
$a = $this->returnDefault();
$a->requireScopeParam(false);
$this->assertFalse($a->scopeParamRequired());
}
public function test_setDefaultScope()
{
$a = $this->returnDefault();
$a->setDefaultScope('test.default');
$reflector = new ReflectionClass($a);
$requestProperty = $reflector->getProperty('defaultScope');
$requestProperty->setAccessible(true);
$v = $requestProperty->getValue($a);
$this->assertEquals('test.default', $v);
}
public function test_getDefaultScope()
{
$a = $this->returnDefault();
$a->setDefaultScope('test.default');
$this->assertEquals('test.default', $a->getDefaultScope());
}
public function test_requireStateParam() public function test_requireStateParam()
{ {
$a = $this->returnDefault(); $a = $this->returnDefault();
@ -119,7 +156,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
{ {
$a = $this->returnDefault(); $a = $this->returnDefault();
$a->setExpiresIn(7200); $a->setExpiresIn(7200);
$this->assertEquals(7200, $a::getExpiresIn()); $this->assertEquals(7200, $a->getExpiresIn());
} }
public function test_setExpiresIn() public function test_setExpiresIn()
@ -138,7 +175,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
$reflector = new ReflectionClass($a); $reflector = new ReflectionClass($a);
$requestProperty = $reflector->getProperty('request'); $requestProperty = $reflector->getProperty('request');
$requestProperty->setAccessible(true); $requestProperty->setAccessible(true);
$v = $requestProperty->getValue(); $v = $requestProperty->getValue($a);
$this->assertTrue($v instanceof OAuth2\Util\RequestInterface); $this->assertTrue($v instanceof OAuth2\Util\RequestInterface);
} }
@ -148,7 +185,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
$a = $this->returnDefault(); $a = $this->returnDefault();
$request = new OAuth2\Util\Request(); $request = new OAuth2\Util\Request();
$a->setRequest($request); $a->setRequest($request);
$v = $a::getRequest(); $v = $a->getRequest();
$this->assertTrue($v instanceof OAuth2\Util\RequestInterface); $this->assertTrue($v instanceof OAuth2\Util\RequestInterface);
} }
@ -159,274 +196,10 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
$this->assertTrue($a->getStorage('session') instanceof OAuth2\Storage\SessionInterface); $this->assertTrue($a->getStorage('session') instanceof OAuth2\Storage\SessionInterface);
} }
/**
* @expectedException OAuth2\Exception\ClientException
* @expectedExceptionCode 0
*/
public function test_checkAuthoriseParams_noClientId()
{
$a = $this->returnDefault();
$a->checkAuthoriseParams();
}
/**
* @expectedException OAuth2\Exception\ClientException
* @expectedExceptionCode 0
*/
public function test_checkAuthoriseParams_noRedirectUri()
{
$a = $this->returnDefault();
$a->checkAuthoriseParams(array(
'client_id' => 1234
));
}
/**
* @expectedException OAuth2\Exception\ClientException
* @expectedExceptionCode 8
*/
public function test_checkAuthoriseParams_badClient()
{
$this->client->shouldReceive('getClient')->andReturn(false);
$a = $this->returnDefault();
$a->checkAuthoriseParams(array(
'client_id' => 1234,
'redirect_uri' => 'http://foo/redirect'
));
}
/**
* @expectedException OAuth2\Exception\ClientException
* @expectedExceptionCode 0
*/
public function test_checkAuthoriseParams_missingResponseType()
{
$this->client->shouldReceive('getClient')->andReturn(array(
'client_id' => 1234,
'client_secret' => 5678,
'redirect_uri' => 'http://foo/redirect',
'name' => 'Example Client'
));
$a = $this->returnDefault();
$a->checkAuthoriseParams(array(
'client_id' => 1234,
'redirect_uri' => 'http://foo/redirect'
));
}
/**
* @expectedException OAuth2\Exception\ClientException
* @expectedExceptionCode 3
*/
public function test_checkAuthoriseParams_badResponseType()
{
$this->client->shouldReceive('getClient')->andReturn(array(
'client_id' => 1234,
'client_secret' => 5678,
'redirect_uri' => 'http://foo/redirect',
'name' => 'Example Client'
));
$a = $this->returnDefault();
$a->checkAuthoriseParams(array(
'client_id' => 1234,
'redirect_uri' => 'http://foo/redirect',
'response_type' => 'foo'
));
}
/**
* @expectedException OAuth2\Exception\ClientException
* @expectedExceptionCode 0
*/
public function test_checkAuthoriseParams_missingScopes()
{
$this->client->shouldReceive('getClient')->andReturn(array(
'client_id' => 1234,
'client_secret' => 5678,
'redirect_uri' => 'http://foo/redirect',
'name' => 'Example Client'
));
$a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\AuthCode());
$a->checkAuthoriseParams(array(
'client_id' => 1234,
'redirect_uri' => 'http://foo/redirect',
'response_type' => 'code',
'scope' => ''
));
}
/**
* @expectedException OAuth2\Exception\ClientException
* @expectedExceptionCode 4
*/
public function test_checkAuthoriseParams_badScopes()
{
$this->client->shouldReceive('getClient')->andReturn(array(
'client_id' => 1234,
'client_secret' => 5678,
'redirect_uri' => 'http://foo/redirect',
'name' => 'Example Client'
));
$this->scope->shouldReceive('getScope')->andReturn(false);
$a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\AuthCode());
$a->checkAuthoriseParams(array(
'client_id' => 1234,
'redirect_uri' => 'http://foo/redirect',
'response_type' => 'code',
'scope' => 'foo'
));
}
public function test_checkAuthoriseParams_passedInput()
{
$a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\AuthCode());
$this->client->shouldReceive('getClient')->andReturn(array(
'client_id' => 1234,
'client_secret' => 5678,
'redirect_uri' => 'http://foo/redirect',
'name' => 'Example Client'
));
$this->scope->shouldReceive('getScope')->andReturn(array(
'id' => 1,
'scope' => 'foo',
'name' => 'Foo Name',
'description' => 'Foo Name Description'
));
$v = $a->checkAuthoriseParams(array(
'client_id' => 1234,
'redirect_uri' => 'http://foo/redirect',
'response_type' => 'code',
'scope' => 'foo',
'state' => 'xyz'
));
$this->assertEquals(array(
'client_id' => 1234,
'redirect_uri' => 'http://foo/redirect',
'client_details' => array(
'client_id' => 1234,
'client_secret' => 5678,
'redirect_uri' => 'http://foo/redirect',
'name' => 'Example Client'
),
'response_type' => 'code',
'scopes' => array(
array(
'id' => 1,
'scope' => 'foo',
'name' => 'Foo Name',
'description' => 'Foo Name Description'
)
),
'scope' => 'foo',
'state' => 'xyz'
), $v);
}
public function test_checkAuthoriseParams()
{
$this->client->shouldReceive('getClient')->andReturn(array(
'client_id' => 1234,
'client_secret' => 5678,
'redirect_uri' => 'http://foo/redirect',
'name' => 'Example Client'
));
$this->scope->shouldReceive('getScope')->andReturn(array(
'id' => 1,
'scope' => 'foo',
'name' => 'Foo Name',
'description' => 'Foo Name Description'
));
$a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\AuthCode());
$_GET['client_id'] = 1234;
$_GET['redirect_uri'] = 'http://foo/redirect';
$_GET['response_type'] = 'code';
$_GET['scope'] = 'foo';
$_GET['state'] = 'xyz';
$request = new OAuth2\Util\Request($_GET);
$a->setRequest($request);
$v = $a->checkAuthoriseParams();
$this->assertEquals(array(
'client_id' => 1234,
'redirect_uri' => 'http://foo/redirect',
'client_details' => array(
'client_id' => 1234,
'client_secret' => 5678,
'redirect_uri' => 'http://foo/redirect',
'name' => 'Example Client'
),
'response_type' => 'code',
'scopes' => array(
array(
'id' => 1,
'scope' => 'foo',
'name' => 'Foo Name',
'description' => 'Foo Name Description'
)
),
'scope' => 'foo',
'state' => 'xyz'
), $v);
}
function test_newAuthoriseRequest()
{
$this->session->shouldReceive('deleteSession')->andReturn(null);
$this->session->shouldReceive('createSession')->andReturn(1);
$this->session->shouldReceive('associateScope')->andReturn(null);
$a = $this->returnDefault();
$params = array(
'client_id' => 1234,
'redirect_uri' => 'http://foo/redirect',
'client_details' => array(
'client_id' => 1234,
'client_secret' => 5678,
'redirect_uri' => 'http://foo/redirect',
'name' => 'Example Client'
),
'response_type' => 'code',
'scopes' => array(
array(
'id' => 1,
'scope' => 'foo',
'name' => 'Foo Name',
'description' => 'Foo Name Description'
)
)
);
$v = $a->newAuthoriseRequest('user', 123, $params);
$this->assertEquals(40, strlen($v));
}
public function test_getGrantType() public function test_getGrantType()
{ {
$a = $this->returnDefault(); $a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\AuthCode()); $a->addGrantType(new OAuth2\Grant\AuthCode($a));
$reflector = new ReflectionClass($a); $reflector = new ReflectionClass($a);
$method = $reflector->getMethod('getGrantType'); $method = $reflector->getMethod('getGrantType');
@ -444,7 +217,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
public function test_issueAccessToken_missingGrantType() public function test_issueAccessToken_missingGrantType()
{ {
$a = $this->returnDefault(); $a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\AuthCode()); $a->addGrantType(new OAuth2\Grant\AuthCode($a));
$v = $a->issueAccessToken(); $v = $a->issueAccessToken();
} }
@ -456,7 +229,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
public function test_issueAccessToken_badGrantType() public function test_issueAccessToken_badGrantType()
{ {
$a = $this->returnDefault(); $a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\AuthCode()); $a->addGrantType(new OAuth2\Grant\AuthCode($a));
$v = $a->issueAccessToken(array('grant_type' => 'foo')); $v = $a->issueAccessToken(array('grant_type' => 'foo'));
} }
@ -468,7 +241,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
public function test_issueAccessToken_missingClientId() public function test_issueAccessToken_missingClientId()
{ {
$a = $this->returnDefault(); $a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\AuthCode()); $a->addGrantType(new OAuth2\Grant\AuthCode($a));
$v = $a->issueAccessToken(array( $v = $a->issueAccessToken(array(
'grant_type' => 'authorization_code' 'grant_type' => 'authorization_code'
@ -482,7 +255,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
public function test_issueAccessToken_missingClientSecret() public function test_issueAccessToken_missingClientSecret()
{ {
$a = $this->returnDefault(); $a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\AuthCode()); $a->addGrantType(new OAuth2\Grant\AuthCode($a));
$v = $a->issueAccessToken(array( $v = $a->issueAccessToken(array(
'grant_type' => 'authorization_code', 'grant_type' => 'authorization_code',
@ -497,7 +270,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
public function test_issueAccessToken_missingRedirectUri() public function test_issueAccessToken_missingRedirectUri()
{ {
$a = $this->returnDefault(); $a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\AuthCode()); $a->addGrantType(new OAuth2\Grant\AuthCode($a));
$v = $a->issueAccessToken(array( $v = $a->issueAccessToken(array(
'grant_type' => 'authorization_code', 'grant_type' => 'authorization_code',
@ -515,7 +288,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
$this->client->shouldReceive('getClient')->andReturn(false); $this->client->shouldReceive('getClient')->andReturn(false);
$a = $this->returnDefault(); $a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\AuthCode()); $a->addGrantType(new OAuth2\Grant\AuthCode($a));
$v = $a->issueAccessToken(array( $v = $a->issueAccessToken(array(
'grant_type' => 'authorization_code', 'grant_type' => 'authorization_code',
@ -534,7 +307,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
$this->client->shouldReceive('getClient')->andReturn(array()); $this->client->shouldReceive('getClient')->andReturn(array());
$a = $this->returnDefault(); $a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\AuthCode()); $a->addGrantType(new OAuth2\Grant\AuthCode($a));
$v = $a->issueAccessToken(array( $v = $a->issueAccessToken(array(
'grant_type' => 'authorization_code', 'grant_type' => 'authorization_code',
@ -554,7 +327,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
$this->session->shouldReceive('validateAuthCode')->andReturn(false); $this->session->shouldReceive('validateAuthCode')->andReturn(false);
$a = $this->returnDefault(); $a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\AuthCode()); $a->addGrantType(new OAuth2\Grant\AuthCode($a));
$v = $a->issueAccessToken(array( $v = $a->issueAccessToken(array(
'grant_type' => 'authorization_code', 'grant_type' => 'authorization_code',
@ -574,11 +347,17 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
'name' => 'Example Client' 'name' => 'Example Client'
)); ));
$this->session->shouldReceive('validateAuthCode')->andReturn(1); $this->session->shouldReceive('validateAuthCode')->andReturn(array(
'id' => 1,
'scope_ids' => '1'
));
$this->session->shouldReceive('updateSession')->andReturn(null); $this->session->shouldReceive('updateSession')->andReturn(null);
$this->session->shouldReceive('removeAuthCode')->andReturn(null);
$this->session->shouldReceive('associateAccessToken')->andReturn(1);
$this->session->shouldReceive('associateScope')->andReturn(null);
$a = $this->returnDefault(); $a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\AuthCode()); $a->addGrantType(new OAuth2\Grant\AuthCode($a));
$v = $a->issueAccessToken(array( $v = $a->issueAccessToken(array(
'grant_type' => 'authorization_code', 'grant_type' => 'authorization_code',
@ -593,8 +372,8 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
$this->assertArrayHasKey('expires', $v); $this->assertArrayHasKey('expires', $v);
$this->assertArrayHasKey('expires_in', $v); $this->assertArrayHasKey('expires_in', $v);
$this->assertEquals($a::getExpiresIn(), $v['expires_in']); $this->assertEquals($a->getExpiresIn(), $v['expires_in']);
$this->assertEquals(time()+$a::getExpiresIn(), $v['expires']); $this->assertEquals(time()+$a->getExpiresIn(), $v['expires']);
} }
public function test_issueAccessToken() public function test_issueAccessToken()
@ -608,9 +387,11 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
$this->session->shouldReceive('validateAuthCode')->andReturn(1); $this->session->shouldReceive('validateAuthCode')->andReturn(1);
$this->session->shouldReceive('updateSession')->andReturn(null); $this->session->shouldReceive('updateSession')->andReturn(null);
$this->session->shouldReceive('removeAuthCode')->andReturn(null);
$this->session->shouldReceive('associateAccessToken')->andReturn(1);
$a = $this->returnDefault(); $a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\AuthCode()); $a->addGrantType(new OAuth2\Grant\AuthCode($a));
$_POST['grant_type'] = 'authorization_code'; $_POST['grant_type'] = 'authorization_code';
$_POST['client_id'] = 1234; $_POST['client_id'] = 1234;
@ -628,8 +409,45 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
$this->assertArrayHasKey('expires', $v); $this->assertArrayHasKey('expires', $v);
$this->assertArrayHasKey('expires_in', $v); $this->assertArrayHasKey('expires_in', $v);
$this->assertEquals($a::getExpiresIn(), $v['expires_in']); $this->assertEquals($a->getExpiresIn(), $v['expires_in']);
$this->assertEquals(time()+$a::getExpiresIn(), $v['expires']); $this->assertEquals(time()+$a->getExpiresIn(), $v['expires']);
}
public function test_issueAccessToken_HTTP_auth()
{
$this->client->shouldReceive('getClient')->andReturn(array(
'client_id' => 1234,
'client_secret' => 5678,
'redirect_uri' => 'http://foo/redirect',
'name' => 'Example Client'
));
$this->session->shouldReceive('validateAuthCode')->andReturn(1);
$this->session->shouldReceive('updateSession')->andReturn(null);
$this->session->shouldReceive('removeAuthCode')->andReturn(null);
$this->session->shouldReceive('associateAccessToken')->andReturn(1);
$a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\AuthCode($a));
$_POST['grant_type'] = 'authorization_code';
$_SERVER['PHP_AUTH_USER'] = 1234;
$_SERVER['PHP_AUTH_PW'] = 5678;
$_POST['redirect_uri'] = 'http://foo/redirect';
$_POST['code'] = 'foobar';
$request = new OAuth2\Util\Request(array(), $_POST, array(), array(), $_SERVER);
$a->setRequest($request);
$v = $a->issueAccessToken();
$this->assertArrayHasKey('access_token', $v);
$this->assertArrayHasKey('token_type', $v);
$this->assertArrayHasKey('expires', $v);
$this->assertArrayHasKey('expires_in', $v);
$this->assertEquals($a->getExpiresIn(), $v['expires_in']);
$this->assertEquals(time()+$a->getExpiresIn(), $v['expires']);
} }
public function tearDown() { public function tearDown() {

168
tests/authorization/ClientCredentialsGrantTest.php
View File

@ -27,7 +27,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
public function test_issueAccessToken_clientCredentialsGrant_missingClientId() public function test_issueAccessToken_clientCredentialsGrant_missingClientId()
{ {
$a = $this->returnDefault(); $a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\ClientCredentials()); $a->addGrantType(new OAuth2\Grant\ClientCredentials($a));
$request = new OAuth2\Util\Request(array(), $_POST); $request = new OAuth2\Util\Request(array(), $_POST);
$a->setRequest($request); $a->setRequest($request);
@ -44,7 +44,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
public function test_issueAccessToken_clientCredentialsGrant_missingClientPassword() public function test_issueAccessToken_clientCredentialsGrant_missingClientPassword()
{ {
$a = $this->returnDefault(); $a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\ClientCredentials()); $a->addGrantType(new OAuth2\Grant\ClientCredentials($a));
$request = new OAuth2\Util\Request(array(), $_POST); $request = new OAuth2\Util\Request(array(), $_POST);
$a->setRequest($request); $a->setRequest($request);
@ -64,7 +64,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
$this->client->shouldReceive('getClient')->andReturn(false); $this->client->shouldReceive('getClient')->andReturn(false);
$a = $this->returnDefault(); $a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\ClientCredentials()); $a->addGrantType(new OAuth2\Grant\ClientCredentials($a));
$request = new OAuth2\Util\Request(array(), $_POST); $request = new OAuth2\Util\Request(array(), $_POST);
$a->setRequest($request); $a->setRequest($request);
@ -76,6 +76,137 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
)); ));
} }
/**
* @expectedException OAuth2\Exception\ClientException
* @expectedExceptionCode 0
*/
public function test_issueAccessToken_clientCredentialsGrant_missingScopes()
{
$this->client->shouldReceive('getClient')->andReturn(array(
'client_id' => 1234,
'client_secret' => 5678,
'redirect_uri' => 'http://foo/redirect',
'name' => 'Example Client'
));
$this->client->shouldReceive('validateRefreshToken')->andReturn(1);
$this->session->shouldReceive('validateAuthCode')->andReturn(1);
$this->session->shouldReceive('createSession')->andReturn(1);
$this->session->shouldReceive('deleteSession')->andReturn(null);
$a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\ClientCredentials($a));
$a->requireScopeParam(true);
$v = $a->issueAccessToken(array(
'grant_type' => 'client_credentials',
'client_id' => 1234,
'client_secret' => 5678
));
}
public function test_issueAccessToken_clientCredentialsGrant_defaultScope()
{
$this->scope->shouldReceive('getScope')->andReturn(array(
'id' => 1,
'key' => 'foo',
'name' => 'Foo Name',
'description' => 'Foo Name Description'
));
$this->client->shouldReceive('getClient')->andReturn(array(
'client_id' => 1234,
'client_secret' => 5678,
'redirect_uri' => 'http://foo/redirect',
'name' => 'Example Client'
));
$this->client->shouldReceive('validateRefreshToken')->andReturn(1);
$this->session->shouldReceive('validateAuthCode')->andReturn(1);
$this->session->shouldReceive('createSession')->andReturn(1);
$this->session->shouldReceive('deleteSession')->andReturn(null);
$this->session->shouldReceive('associateScope')->andReturn(null);
$this->session->shouldReceive('associateAccessToken')->andReturn(1);
$a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\ClientCredentials($a));
$a->requireScopeParam(false);
$a->setDefaultScope('foobar');
$v = $a->issueAccessToken(array(
'grant_type' => 'client_credentials',
'client_id' => 1234,
'client_secret' => 5678,
'scope' => ''
));
}
/**
* @expectedException OAuth2\Exception\ClientException
* @expectedExceptionCode 4
*/
public function test_issueAccessToken_clientCredentialsGrant_badScope()
{
$this->scope->shouldReceive('getScope')->andReturn(false);
$this->client->shouldReceive('getClient')->andReturn(array(
'client_id' => 1234,
'client_secret' => 5678,
'redirect_uri' => 'http://foo/redirect',
'name' => 'Example Client'
));
$this->client->shouldReceive('validateRefreshToken')->andReturn(1);
$this->session->shouldReceive('validateAuthCode')->andReturn(1);
$this->session->shouldReceive('createSession')->andReturn(1);
$this->session->shouldReceive('deleteSession')->andReturn(null);
$this->session->shouldReceive('associateScope')->andReturn(null);
$a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\ClientCredentials($a));
$v = $a->issueAccessToken(array(
'grant_type' => 'client_credentials',
'client_id' => 1234,
'client_secret' => 5678,
'scope' => 'blah'
));
}
public function test_issueAccessToken_clientCredentialsGrant_goodScope()
{
$this->scope->shouldReceive('getScope')->andReturn(array(
'id' => 1,
'key' => 'foo',
'name' => 'Foo Name',
'description' => 'Foo Name Description'
));
$this->client->shouldReceive('getClient')->andReturn(array(
'client_id' => 1234,
'client_secret' => 5678,
'redirect_uri' => 'http://foo/redirect',
'name' => 'Example Client'
));
$this->client->shouldReceive('validateRefreshToken')->andReturn(1);
$this->session->shouldReceive('validateAuthCode')->andReturn(1);
$this->session->shouldReceive('createSession')->andReturn(1);
$this->session->shouldReceive('deleteSession')->andReturn(null);
$this->session->shouldReceive('associateScope')->andReturn(null);
$this->session->shouldReceive('associateAccessToken')->andReturn(1);
$a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\ClientCredentials($a));
$v = $a->issueAccessToken(array(
'grant_type' => 'client_credentials',
'client_id' => 1234,
'client_secret' => 5678,
'scope' => 'blah'
));
}
function test_issueAccessToken_clientCredentialsGrant_passedInput() function test_issueAccessToken_clientCredentialsGrant_passedInput()
{ {
$this->client->shouldReceive('getClient')->andReturn(array( $this->client->shouldReceive('getClient')->andReturn(array(
@ -90,15 +221,16 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
$this->session->shouldReceive('validateAuthCode')->andReturn(1); $this->session->shouldReceive('validateAuthCode')->andReturn(1);
$this->session->shouldReceive('createSession')->andReturn(1); $this->session->shouldReceive('createSession')->andReturn(1);
$this->session->shouldReceive('deleteSession')->andReturn(null); $this->session->shouldReceive('deleteSession')->andReturn(null);
$this->session->shouldReceive('updateRefreshToken')->andReturn(null); $this->session->shouldReceive('associateAccessToken')->andReturn(1);
$a = $this->returnDefault(); $a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\ClientCredentials()); $a->addGrantType(new OAuth2\Grant\ClientCredentials($a));
$a->requireScopeParam(false);
$v = $a->issueAccessToken(array( $v = $a->issueAccessToken(array(
'grant_type' => 'client_credentials', 'grant_type' => 'client_credentials',
'client_id' => 1234, 'client_id' => 1234,
'client_secret' => 5678 'client_secret' => 5678,
)); ));
$this->assertArrayHasKey('access_token', $v); $this->assertArrayHasKey('access_token', $v);
@ -106,8 +238,8 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
$this->assertArrayHasKey('expires', $v); $this->assertArrayHasKey('expires', $v);
$this->assertArrayHasKey('expires_in', $v); $this->assertArrayHasKey('expires_in', $v);
$this->assertEquals($a::getExpiresIn(), $v['expires_in']); $this->assertEquals($a->getExpiresIn(), $v['expires_in']);
$this->assertEquals(time()+$a::getExpiresIn(), $v['expires']); $this->assertEquals(time()+$a->getExpiresIn(), $v['expires']);
} }
function test_issueAccessToken_clientCredentialsGrant() function test_issueAccessToken_clientCredentialsGrant()
@ -124,10 +256,11 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
$this->session->shouldReceive('validateAuthCode')->andReturn(1); $this->session->shouldReceive('validateAuthCode')->andReturn(1);
$this->session->shouldReceive('createSession')->andReturn(1); $this->session->shouldReceive('createSession')->andReturn(1);
$this->session->shouldReceive('deleteSession')->andReturn(null); $this->session->shouldReceive('deleteSession')->andReturn(null);
$this->session->shouldReceive('updateRefreshToken')->andReturn(null); $this->session->shouldReceive('associateAccessToken')->andReturn(1);
$a = $this->returnDefault(); $a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\ClientCredentials()); $a->addGrantType(new OAuth2\Grant\ClientCredentials($a));
$a->requireScopeParam(false);
$_POST['grant_type'] = 'client_credentials'; $_POST['grant_type'] = 'client_credentials';
$_POST['client_id'] = 1234; $_POST['client_id'] = 1234;
@ -143,8 +276,8 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
$this->assertArrayHasKey('expires', $v); $this->assertArrayHasKey('expires', $v);
$this->assertArrayHasKey('expires_in', $v); $this->assertArrayHasKey('expires_in', $v);
$this->assertEquals($a::getExpiresIn(), $v['expires_in']); $this->assertEquals($a->getExpiresIn(), $v['expires_in']);
$this->assertEquals(time()+$a::getExpiresIn(), $v['expires']); $this->assertEquals(time()+$a->getExpiresIn(), $v['expires']);
} }
function test_issueAccessToken_clientCredentialsGrant_withRefreshToken() function test_issueAccessToken_clientCredentialsGrant_withRefreshToken()
@ -161,11 +294,11 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
$this->session->shouldReceive('validateAuthCode')->andReturn(1); $this->session->shouldReceive('validateAuthCode')->andReturn(1);
$this->session->shouldReceive('createSession')->andReturn(1); $this->session->shouldReceive('createSession')->andReturn(1);
$this->session->shouldReceive('deleteSession')->andReturn(null); $this->session->shouldReceive('deleteSession')->andReturn(null);
$this->session->shouldReceive('updateRefreshToken')->andReturn(null); $this->session->shouldReceive('associateAccessToken')->andReturn(1);
$a = $this->returnDefault(); $a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\ClientCredentials()); $a->addGrantType(new OAuth2\Grant\ClientCredentials($a));
$a->addGrantType(new OAuth2\Grant\RefreshToken()); $a->requireScopeParam(false);
$_POST['grant_type'] = 'client_credentials'; $_POST['grant_type'] = 'client_credentials';
$_POST['client_id'] = 1234; $_POST['client_id'] = 1234;
@ -180,10 +313,9 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
$this->assertArrayHasKey('token_type', $v); $this->assertArrayHasKey('token_type', $v);
$this->assertArrayHasKey('expires', $v); $this->assertArrayHasKey('expires', $v);
$this->assertArrayHasKey('expires_in', $v); $this->assertArrayHasKey('expires_in', $v);
$this->assertArrayHasKey('refresh_token', $v);
$this->assertEquals($a::getExpiresIn(), $v['expires_in']); $this->assertEquals($a->getExpiresIn(), $v['expires_in']);
$this->assertEquals(time()+$a::getExpiresIn(), $v['expires']); $this->assertEquals(time()+$a->getExpiresIn(), $v['expires']);
} }
} }

200
tests/authorization/PasswordGrantTest.php
View File

@ -27,7 +27,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
public function test_issueAccessToken_passwordGrant_missingClientId() public function test_issueAccessToken_passwordGrant_missingClientId()
{ {
$a = $this->returnDefault(); $a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\Password()); $a->addGrantType(new OAuth2\Grant\Password($a));
$request = new OAuth2\Util\Request(array(), $_POST); $request = new OAuth2\Util\Request(array(), $_POST);
$a->setRequest($request); $a->setRequest($request);
@ -44,7 +44,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
public function test_issueAccessToken_passwordGrant_missingClientPassword() public function test_issueAccessToken_passwordGrant_missingClientPassword()
{ {
$a = $this->returnDefault(); $a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\Password()); $a->addGrantType(new OAuth2\Grant\Password($a));
$request = new OAuth2\Util\Request(array(), $_POST); $request = new OAuth2\Util\Request(array(), $_POST);
$a->setRequest($request); $a->setRequest($request);
@ -64,7 +64,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
$this->client->shouldReceive('getClient')->andReturn(false); $this->client->shouldReceive('getClient')->andReturn(false);
$a = $this->returnDefault(); $a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\Password()); $a->addGrantType(new OAuth2\Grant\Password($a));
$request = new OAuth2\Util\Request(array(), $_POST); $request = new OAuth2\Util\Request(array(), $_POST);
$a->setRequest($request); $a->setRequest($request);
@ -98,7 +98,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
$testCredentials = null; $testCredentials = null;
$a = $this->returnDefault(); $a = $this->returnDefault();
$pgrant = new OAuth2\Grant\Password(); $pgrant = new OAuth2\Grant\Password($a);
$pgrant->setVerifyCredentialsCallback($testCredentials); $pgrant->setVerifyCredentialsCallback($testCredentials);
$a->addGrantType($pgrant); $a->addGrantType($pgrant);
@ -134,7 +134,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
$testCredentials = function($u, $p) { return false; }; $testCredentials = function($u, $p) { return false; };
$a = $this->returnDefault(); $a = $this->returnDefault();
$pgrant = new OAuth2\Grant\Password(); $pgrant = new OAuth2\Grant\Password($a);
$pgrant->setVerifyCredentialsCallback($testCredentials); $pgrant->setVerifyCredentialsCallback($testCredentials);
$a->addGrantType($pgrant); $a->addGrantType($pgrant);
@ -168,7 +168,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
$testCredentials = function($u, $p) { return false; }; $testCredentials = function($u, $p) { return false; };
$a = $this->returnDefault(); $a = $this->returnDefault();
$pgrant = new OAuth2\Grant\Password(); $pgrant = new OAuth2\Grant\Password($a);
$pgrant->setVerifyCredentialsCallback($testCredentials); $pgrant->setVerifyCredentialsCallback($testCredentials);
$a->addGrantType($pgrant); $a->addGrantType($pgrant);
@ -203,7 +203,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
$testCredentials = function($u, $p) { return false; }; $testCredentials = function($u, $p) { return false; };
$a = $this->returnDefault(); $a = $this->returnDefault();
$pgrant = new OAuth2\Grant\Password(); $pgrant = new OAuth2\Grant\Password($a);
$pgrant->setVerifyCredentialsCallback($testCredentials); $pgrant->setVerifyCredentialsCallback($testCredentials);
$a->addGrantType($pgrant); $a->addGrantType($pgrant);
@ -216,6 +216,164 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
)); ));
} }
/**
* @expectedException OAuth2\Exception\ClientException
* @expectedExceptionCode 4
*/
public function test_issueAccessToken_passwordGrant_badScopes()
{
$this->scope->shouldReceive('getScope')->andReturn(false);
$this->client->shouldReceive('getClient')->andReturn(array(
'client_id' => 1234,
'client_secret' => 5678,
'redirect_uri' => 'http://foo/redirect',
'name' => 'Example Client'
));
$this->client->shouldReceive('validateRefreshToken')->andReturn(1);
$this->session->shouldReceive('validateAuthCode')->andReturn(1);
$this->session->shouldReceive('createSession')->andReturn(1);
$this->session->shouldReceive('deleteSession')->andReturn(null);
$this->session->shouldReceive('updateRefreshToken')->andReturn(null);
$testCredentials = function($u, $p) { return 1; };
$a = $this->returnDefault();
$pgrant = new OAuth2\Grant\Password($a);
$pgrant->setVerifyCredentialsCallback($testCredentials);
$a->addGrantType($pgrant);
$v = $a->issueAccessToken(array(
'grant_type' => 'password',
'client_id' => 1234,
'client_secret' => 5678,
'username' => 'foo',
'password' => 'bar',
'scope' => 'blah'
));
}
/**
* @expectedException OAuth2\Exception\ClientException
* @expectedExceptionCode 0
*/
public function test_issueAccessToken_passwordGrant_missingScopes()
{
$this->client->shouldReceive('getClient')->andReturn(array(
'client_id' => 1234,
'client_secret' => 5678,
'redirect_uri' => 'http://foo/redirect',
'name' => 'Example Client'
));
$this->client->shouldReceive('validateRefreshToken')->andReturn(1);
$this->session->shouldReceive('validateAuthCode')->andReturn(1);
$this->session->shouldReceive('createSession')->andReturn(1);
$this->session->shouldReceive('deleteSession')->andReturn(null);
$this->session->shouldReceive('updateRefreshToken')->andReturn(null);
$testCredentials = function($u, $p) { return 1; };
$a = $this->returnDefault();
$pgrant = new OAuth2\Grant\Password($a);
$pgrant->setVerifyCredentialsCallback($testCredentials);
$a->addGrantType($pgrant);
$a->requireScopeParam(true);
$v = $a->issueAccessToken(array(
'grant_type' => 'password',
'client_id' => 1234,
'client_secret' => 5678,
'username' => 'foo',
'password' => 'bar'
));
}
public function test_issueAccessToken_passwordGrant_defaultScope()
{
$this->scope->shouldReceive('getScope')->andReturn(array(
'id' => 1,
'scope' => 'foo',
'name' => 'Foo Name',
'description' => 'Foo Name Description'
));
$this->client->shouldReceive('getClient')->andReturn(array(
'client_id' => 1234,
'client_secret' => 5678,
'redirect_uri' => 'http://foo/redirect',
'name' => 'Example Client'
));
$this->client->shouldReceive('validateRefreshToken')->andReturn(1);
$this->session->shouldReceive('validateAuthCode')->andReturn(1);
$this->session->shouldReceive('createSession')->andReturn(1);
$this->session->shouldReceive('deleteSession')->andReturn(null);
$this->session->shouldReceive('updateRefreshToken')->andReturn(null);
$this->session->shouldReceive('associateScope')->andReturn(null);
$this->session->shouldReceive('associateAccessToken')->andReturn(1);
$testCredentials = function($u, $p) { return 1; };
$a = $this->returnDefault();
$pgrant = new OAuth2\Grant\Password($a);
$pgrant->setVerifyCredentialsCallback($testCredentials);
$a->addGrantType($pgrant);
$a->requireScopeParam(false);
$a->setDefaultScope('foobar');
$v = $a->issueAccessToken(array(
'grant_type' => 'password',
'client_id' => 1234,
'client_secret' => 5678,
'username' => 'foo',
'password' => 'bar',
'scope' => ''
));
}
public function test_issueAccessToken_passwordGrant_goodScope()
{
$this->scope->shouldReceive('getScope')->andReturn(array(
'id' => 1,
'scope' => 'foo',
'name' => 'Foo Name',
'description' => 'Foo Name Description'
));
$this->client->shouldReceive('getClient')->andReturn(array(
'client_id' => 1234,
'client_secret' => 5678,
'redirect_uri' => 'http://foo/redirect',
'name' => 'Example Client'
));
$this->client->shouldReceive('validateRefreshToken')->andReturn(1);
$this->session->shouldReceive('validateAuthCode')->andReturn(1);
$this->session->shouldReceive('createSession')->andReturn(1);
$this->session->shouldReceive('deleteSession')->andReturn(null);
$this->session->shouldReceive('updateRefreshToken')->andReturn(null);
$this->session->shouldReceive('associateScope')->andReturn(null);
$this->session->shouldReceive('associateAccessToken')->andReturn(1);
$testCredentials = function($u, $p) { return 1; };
$a = $this->returnDefault();
$pgrant = new OAuth2\Grant\Password($a);
$pgrant->setVerifyCredentialsCallback($testCredentials);
$a->addGrantType($pgrant);
$v = $a->issueAccessToken(array(
'grant_type' => 'password',
'client_id' => 1234,
'client_secret' => 5678,
'username' => 'foo',
'password' => 'bar',
'scope' => 'blah'
));
}
function test_issueAccessToken_passwordGrant_passedInput() function test_issueAccessToken_passwordGrant_passedInput()
{ {
$this->client->shouldReceive('getClient')->andReturn(array( $this->client->shouldReceive('getClient')->andReturn(array(
@ -231,13 +389,15 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
$this->session->shouldReceive('createSession')->andReturn(1); $this->session->shouldReceive('createSession')->andReturn(1);
$this->session->shouldReceive('deleteSession')->andReturn(null); $this->session->shouldReceive('deleteSession')->andReturn(null);
$this->session->shouldReceive('updateRefreshToken')->andReturn(null); $this->session->shouldReceive('updateRefreshToken')->andReturn(null);
$this->session->shouldReceive('associateAccessToken')->andReturn(1);
$testCredentials = function($u, $p) { return 1; }; $testCredentials = function($u, $p) { return 1; };
$a = $this->returnDefault(); $a = $this->returnDefault();
$pgrant = new OAuth2\Grant\Password(); $pgrant = new OAuth2\Grant\Password($a);
$pgrant->setVerifyCredentialsCallback($testCredentials); $pgrant->setVerifyCredentialsCallback($testCredentials);
$a->addGrantType($pgrant); $a->addGrantType($pgrant);
$a->requireScopeParam(false);
$v = $a->issueAccessToken(array( $v = $a->issueAccessToken(array(
'grant_type' => 'password', 'grant_type' => 'password',
@ -252,8 +412,8 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
$this->assertArrayHasKey('expires', $v); $this->assertArrayHasKey('expires', $v);
$this->assertArrayHasKey('expires_in', $v); $this->assertArrayHasKey('expires_in', $v);
$this->assertEquals($a::getExpiresIn(), $v['expires_in']); $this->assertEquals($a->getExpiresIn(), $v['expires_in']);
$this->assertEquals(time()+$a::getExpiresIn(), $v['expires']); $this->assertEquals(time()+$a->getExpiresIn(), $v['expires']);
} }
function test_issueAccessToken_passwordGrant() function test_issueAccessToken_passwordGrant()
@ -271,13 +431,15 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
$this->session->shouldReceive('createSession')->andReturn(1); $this->session->shouldReceive('createSession')->andReturn(1);
$this->session->shouldReceive('deleteSession')->andReturn(null); $this->session->shouldReceive('deleteSession')->andReturn(null);
$this->session->shouldReceive('updateRefreshToken')->andReturn(null); $this->session->shouldReceive('updateRefreshToken')->andReturn(null);
$this->session->shouldReceive('associateAccessToken')->andReturn(1);
$testCredentials = function($u, $p) { return 1; }; $testCredentials = function($u, $p) { return 1; };
$a = $this->returnDefault(); $a = $this->returnDefault();
$pgrant = new OAuth2\Grant\Password(); $pgrant = new OAuth2\Grant\Password($a);
$pgrant->setVerifyCredentialsCallback($testCredentials); $pgrant->setVerifyCredentialsCallback($testCredentials);
$a->addGrantType($pgrant); $a->addGrantType($pgrant);
$a->requireScopeParam(false);
$_POST['grant_type'] = 'password'; $_POST['grant_type'] = 'password';
$_POST['client_id'] = 1234; $_POST['client_id'] = 1234;
@ -295,8 +457,8 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
$this->assertArrayHasKey('expires', $v); $this->assertArrayHasKey('expires', $v);
$this->assertArrayHasKey('expires_in', $v); $this->assertArrayHasKey('expires_in', $v);
$this->assertEquals($a::getExpiresIn(), $v['expires_in']); $this->assertEquals($a->getExpiresIn(), $v['expires_in']);
$this->assertEquals(time()+$a::getExpiresIn(), $v['expires']); $this->assertEquals(time()+$a->getExpiresIn(), $v['expires']);
} }
function test_issueAccessToken_passwordGrant_withRefreshToken() function test_issueAccessToken_passwordGrant_withRefreshToken()
@ -309,19 +471,21 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
)); ));
$this->client->shouldReceive('validateRefreshToken')->andReturn(1); $this->client->shouldReceive('validateRefreshToken')->andReturn(1);
$this->session->shouldReceive('validateAuthCode')->andReturn(1); $this->session->shouldReceive('validateAuthCode')->andReturn(1);
$this->session->shouldReceive('createSession')->andReturn(1); $this->session->shouldReceive('createSession')->andReturn(1);
$this->session->shouldReceive('deleteSession')->andReturn(null); $this->session->shouldReceive('deleteSession')->andReturn(null);
$this->session->shouldReceive('updateRefreshToken')->andReturn(null); $this->session->shouldReceive('updateRefreshToken')->andReturn(null);
$this->session->shouldReceive('associateAccessToken')->andReturn(1);
$this->session->shouldReceive('associateRefreshToken')->andReturn(null);
$testCredentials = function($u, $p) { return 1; }; $testCredentials = function($u, $p) { return 1; };
$a = $this->returnDefault(); $a = $this->returnDefault();
$pgrant = new OAuth2\Grant\Password(); $pgrant = new OAuth2\Grant\Password($a);
$pgrant->setVerifyCredentialsCallback($testCredentials); $pgrant->setVerifyCredentialsCallback($testCredentials);
$a->addGrantType($pgrant); $a->addGrantType($pgrant);
$a->addGrantType(new OAuth2\Grant\RefreshToken()); $a->addGrantType(new OAuth2\Grant\RefreshToken($a));
$a->requireScopeParam(false);
$_POST['grant_type'] = 'password'; $_POST['grant_type'] = 'password';
$_POST['client_id'] = 1234; $_POST['client_id'] = 1234;
@ -340,8 +504,8 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
$this->assertArrayHasKey('expires_in', $v); $this->assertArrayHasKey('expires_in', $v);
$this->assertArrayHasKey('refresh_token', $v); $this->assertArrayHasKey('refresh_token', $v);
$this->assertEquals($a::getExpiresIn(), $v['expires_in']); $this->assertEquals($a->getExpiresIn(), $v['expires_in']);
$this->assertEquals(time()+$a::getExpiresIn(), $v['expires']); $this->assertEquals(time()+$a->getExpiresIn(), $v['expires']);
} }
} }

50
tests/authorization/RefreshTokenTest.php
View File

@ -31,10 +31,13 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
$this->session->shouldReceive('validateAuthCode')->andReturn(1); $this->session->shouldReceive('validateAuthCode')->andReturn(1);
$this->session->shouldReceive('updateSession')->andReturn(null); $this->session->shouldReceive('updateSession')->andReturn(null);
$this->session->shouldReceive('removeAuthCode')->andReturn(null);
$this->session->shouldReceive('associateAccessToken')->andReturn(1);
$this->session->shouldReceive('associateRefreshToken')->andReturn(1);
$a = $this->returnDefault(); $a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\AuthCode()); $a->addGrantType(new OAuth2\Grant\AuthCode($a));
$a->addGrantType(new OAuth2\Grant\RefreshToken()); $a->addGrantType(new OAuth2\Grant\RefreshToken($a));
$_POST['grant_type'] = 'authorization_code'; $_POST['grant_type'] = 'authorization_code';
$_POST['client_id'] = 1234; $_POST['client_id'] = 1234;
@ -53,8 +56,8 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
$this->assertArrayHasKey('expires_in', $v); $this->assertArrayHasKey('expires_in', $v);
$this->assertArrayHasKey('refresh_token', $v); $this->assertArrayHasKey('refresh_token', $v);
$this->assertEquals($a::getExpiresIn(), $v['expires_in']); $this->assertEquals($a->getExpiresIn(), $v['expires_in']);
$this->assertEquals(time()+$a::getExpiresIn(), $v['expires']); $this->assertEquals(time()+$a->getExpiresIn(), $v['expires']);
} }
/** /**
@ -64,7 +67,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
public function test_issueAccessToken_refreshTokenGrant_missingClientId() public function test_issueAccessToken_refreshTokenGrant_missingClientId()
{ {
$a = $this->returnDefault(); $a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\RefreshToken()); $a->addGrantType(new OAuth2\Grant\RefreshToken($a));
$request = new OAuth2\Util\Request(array(), $_POST); $request = new OAuth2\Util\Request(array(), $_POST);
$a->setRequest($request); $a->setRequest($request);
@ -81,7 +84,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
public function test_issueAccessToken_refreshTokenGrant_missingClientSecret() public function test_issueAccessToken_refreshTokenGrant_missingClientSecret()
{ {
$a = $this->returnDefault(); $a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\RefreshToken()); $a->addGrantType(new OAuth2\Grant\RefreshToken($a));
$request = new OAuth2\Util\Request(array(), $_POST); $request = new OAuth2\Util\Request(array(), $_POST);
$a->setRequest($request); $a->setRequest($request);
@ -101,7 +104,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
$this->client->shouldReceive('getClient')->andReturn(false); $this->client->shouldReceive('getClient')->andReturn(false);
$a = $this->returnDefault(); $a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\RefreshToken()); $a->addGrantType(new OAuth2\Grant\RefreshToken($a));
$request = new OAuth2\Util\Request(array(), $_POST); $request = new OAuth2\Util\Request(array(), $_POST);
$a->setRequest($request); $a->setRequest($request);
@ -122,7 +125,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
$this->client->shouldReceive('getClient')->andReturn(array()); $this->client->shouldReceive('getClient')->andReturn(array());
$a = $this->returnDefault(); $a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\RefreshToken()); $a->addGrantType(new OAuth2\Grant\RefreshToken($a));
$request = new OAuth2\Util\Request(array(), $_POST); $request = new OAuth2\Util\Request(array(), $_POST);
$a->setRequest($request); $a->setRequest($request);
@ -142,10 +145,10 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
public function test_issueAccessToken_refreshTokenGrant_badRefreshToken() public function test_issueAccessToken_refreshTokenGrant_badRefreshToken()
{ {
$this->client->shouldReceive('getClient')->andReturn(array()); $this->client->shouldReceive('getClient')->andReturn(array());
$this->client->shouldReceive('validateRefreshToken')->andReturn(false); $this->session->shouldReceive('validateRefreshToken')->andReturn(false);
$a = $this->returnDefault(); $a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\RefreshToken()); $a->addGrantType(new OAuth2\Grant\RefreshToken($a));
$request = new OAuth2\Util\Request(array(), $_POST); $request = new OAuth2\Util\Request(array(), $_POST);
$a->setRequest($request); $a->setRequest($request);
@ -167,14 +170,17 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
'name' => 'Example Client' 'name' => 'Example Client'
)); ));
$this->client->shouldReceive('validateRefreshToken')->andReturn(1); $this->session->shouldReceive('validateRefreshToken')->andReturn(1);
$this->session->shouldReceive('validateAuthCode')->andReturn(1); $this->session->shouldReceive('validateAuthCode')->andReturn(1);
$this->session->shouldReceive('updateSession')->andReturn(null); $this->session->shouldReceive('updateSession')->andReturn(null);
$this->session->shouldReceive('updateRefreshToken')->andReturn(null); $this->session->shouldReceive('updateRefreshToken')->andReturn(null);
$this->session->shouldReceive('associateAccessToken')->andReturn(1);
$this->session->shouldReceive('associateRefreshToken')->andReturn(1);
$this->session->shouldReceive('getAccessToken')->andReturn(null);
$this->session->shouldReceive('getScopes')->andReturn(array());
$a = $this->returnDefault(); $a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\RefreshToken()); $a->addGrantType(new OAuth2\Grant\RefreshToken($a));
$_POST['grant_type'] = 'refresh_token'; $_POST['grant_type'] = 'refresh_token';
$_POST['client_id'] = 1234; $_POST['client_id'] = 1234;
@ -192,8 +198,8 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
$this->assertArrayHasKey('expires_in', $v); $this->assertArrayHasKey('expires_in', $v);
$this->assertArrayHasKey('refresh_token', $v); $this->assertArrayHasKey('refresh_token', $v);
$this->assertEquals($a::getExpiresIn(), $v['expires_in']); $this->assertEquals($a->getExpiresIn(), $v['expires_in']);
$this->assertEquals(time()+$a::getExpiresIn(), $v['expires']); $this->assertEquals(time()+$a->getExpiresIn(), $v['expires']);
} }
public function test_issueAccessToken_refreshTokenGrant() public function test_issueAccessToken_refreshTokenGrant()
@ -205,14 +211,18 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
'name' => 'Example Client' 'name' => 'Example Client'
)); ));
$this->client->shouldReceive('validateRefreshToken')->andReturn(1); $this->session->shouldReceive('validateRefreshToken')->andReturn(1);
$this->session->shouldReceive('validateAuthCode')->andReturn(1); $this->session->shouldReceive('validateAuthCode')->andReturn(1);
$this->session->shouldReceive('updateSession')->andReturn(null); $this->session->shouldReceive('updateSession')->andReturn(null);
$this->session->shouldReceive('updateRefreshToken')->andReturn(null); $this->session->shouldReceive('updateRefreshToken')->andReturn(null);
$this->session->shouldReceive('getAccessToken')->andReturn(null);
$this->session->shouldReceive('getScopes')->andReturn(array('id' => 1));
$this->session->shouldReceive('associateAccessToken')->andReturn(1);
$this->session->shouldReceive('associateRefreshToken')->andReturn(1);
$this->session->shouldReceive('associateScope')->andReturn(null);
$a = $this->returnDefault(); $a = $this->returnDefault();
$a->addGrantType(new OAuth2\Grant\RefreshToken()); $a->addGrantType(new OAuth2\Grant\RefreshToken($a));
$v = $a->issueAccessToken(array( $v = $a->issueAccessToken(array(
'grant_type' => 'refresh_token', 'grant_type' => 'refresh_token',
@ -227,7 +237,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
$this->assertArrayHasKey('expires_in', $v); $this->assertArrayHasKey('expires_in', $v);
$this->assertArrayHasKey('refresh_token', $v); $this->assertArrayHasKey('refresh_token', $v);
$this->assertEquals($a::getExpiresIn(), $v['expires_in']); $this->assertEquals($a->getExpiresIn(), $v['expires_in']);
$this->assertEquals(time()+$a::getExpiresIn(), $v['expires']); $this->assertEquals(time()+$a->getExpiresIn(), $v['expires']);
} }
} }

26
tests/resource/ResourceServerTest.php
View File

@ -59,6 +59,12 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase
$this->assertEquals('oauth_token', $v); $this->assertEquals('oauth_token', $v);
} }
public function test_getScopes()
{
$s = $this->returnDefault();
$this->assertEquals(array(), $s->getScopes());
}
/** /**
* @expectedException OAuth2\Exception\InvalidAccessTokenException * @expectedException OAuth2\Exception\InvalidAccessTokenException
*/ */
@ -85,7 +91,7 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase
$param = $requestReflector->getProperty('headers'); $param = $requestReflector->getProperty('headers');
$param->setAccessible(true); $param->setAccessible(true);
$param->setValue($request, array( $param->setValue($request, array(
'Authorization' => 'Bearer YWJjZGVm' 'Authorization' => 'Bearer abcdef'
)); ));
$s = $this->returnDefault(); $s = $this->returnDefault();
$s->setRequest($request); $s->setRequest($request);
@ -131,7 +137,7 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase
$param = $requestReflector->getProperty('headers'); $param = $requestReflector->getProperty('headers');
$param->setAccessible(true); $param->setAccessible(true);
$param->setValue($request, array( $param->setValue($request, array(
'Authorization' => 'Bearer YWJjZGVm' 'Authorization' => 'Bearer abcdef'
)); ));
$s = $this->returnDefault(); $s = $this->returnDefault();
$s->setRequest($request); $s->setRequest($request);
@ -142,19 +148,25 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase
public function test_isValid_valid() public function test_isValid_valid()
{ {
$this->session->shouldReceive('validateAccessToken')->andReturn(array( $this->session->shouldReceive('validateAccessToken')->andReturn(array(
'id' => 1, 'session_id' => 1,
'owner_type' => 'user', 'owner_type' => 'user',
'owner_id' => 123 'owner_id' => 123,
'client_id' => 'testapp'
)); ));
$this->session->shouldReceive('getScopes')->andReturn(array('foo', 'bar'));
$this->session->shouldReceive('getScopes')->andReturn(array(
array('key' => 'foo'),
array('key' => 'bar')
));
$request = new OAuth2\Util\Request(); $request = new OAuth2\Util\Request();
$requestReflector = new ReflectionClass($request); $requestReflector = new ReflectionClass($request);
$param = $requestReflector->getProperty('headers'); $param = $requestReflector->getProperty('headers');
$param->setAccessible(true); $param->setAccessible(true);
$param->setValue($request, array( $param->setValue($request, array(
'Authorization' => 'Bearer YWJjZGVm' 'Authorization' => 'Bearer abcdef'
)); ));
$s = $this->returnDefault(); $s = $this->returnDefault();
$s->setRequest($request); $s->setRequest($request);