ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2024-11-01 16:33:07 +05:30
Code Issues Packages Projects Releases Wiki Activity

Removed hard line limit of 80 characters

Browse Source
This commit is contained in:
Alex Bilbie 2012-07-26 17:02:01 +01:00
parent 8946e0172b
commit f8941a9209
1 changed files with 65 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

172
src/Oauth2/Authentication/Server.php
View File

@ -66,29 +66,16 @@ class Server
* @var array
*/
public $errors = array(
'invalid_request' => 'The request is missing a required parameter,
includes an invalid parameter value, includes a parameter more than
once, or is otherwise malformed. Check the "%s" parameter.',
'unauthorized_client' => 'The client is not authorized to request an
access token using this method.',
'access_denied' => 'The resource owner or authorization server denied
the request.',
'unsupported_response_type' => 'The authorization server does not
support obtaining an access token using this method.',
'invalid_scope' => 'The requested scope is invalid, unknown, or
malformed. Check the "%s" scope.',
'server_error' => 'The authorization server encountered an unexpected
condition which prevented it from fulfilling the request.',
'temporarily_unavailable' => 'The authorization server is currently
unable to handle the request due to a temporary overloading or
maintenance of the server.',
'unsupported_grant_type' => 'The authorization grant type is not
supported by the authorization server',
'invalid_request' => 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the "%s" parameter.',
'unauthorized_client' => 'The client is not authorized to request an access token using this method.',
'access_denied' => 'The resource owner or authorization server denied the request.',
'unsupported_response_type' => 'The authorization server does not support obtaining an access token using this method.',
'invalid_scope' => 'The requested scope is invalid, unknown, or malformed. Check the "%s" scope.',
'server_error' => 'The authorization server encountered an unexpected condition which prevented it from fulfilling the request.',
'temporarily_unavailable' => 'The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.',
'unsupported_grant_type' => 'The authorization grant type is not supported by the authorization server',
'invalid_client' => 'Client authentication failed',
'invalid_grant' => 'The provided authorization grant is invalid,
expired, revoked, does not match the redirection URI used in the
authorization request, or was issued to another client. Check the
"%s" parameter.'
'invalid_grant' => 'The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client. Check the "%s" parameter.'
);
/**
@ -131,33 +118,27 @@ maintenance of the server.',
// Client ID
if ( ! isset($authParams['client_id']) && ! isset($_GET['client_id'])) {
throw new OAuthServerClientException(sprintf(
$this->errors['invalid_request'], 'client_id'), 0);
throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0);
} else {
$params['client_id'] = (isset($authParams['client_id'])) ?
$authParams['client_id'] : $_GET['client_id'];
$params['client_id'] = (isset($authParams['client_id'])) ? $authParams['client_id'] : $_GET['client_id'];
}
// Redirect URI
if ( ! isset($authParams['redirect_uri']) &&
! isset($_GET['redirect_uri'])) {
if ( ! isset($authParams['redirect_uri']) && ! isset($_GET['redirect_uri'])) {
throw new OAuthServerClientException(sprintf(
$this->errors['invalid_request'], 'redirect_uri'), 0);
throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'redirect_uri'), 0);
} else {
$params['redirect_uri'] = (isset($authParams['redirect_uri'])) ?
$authParams['redirect_uri'] : $_GET['redirect_uri'];
$params['redirect_uri'] = (isset($authParams['redirect_uri'])) ? $authParams['redirect_uri'] : $_GET['redirect_uri'];
}
// Validate client ID and redirect URI
$clientDetails = $this->db->validateClient($params['client_id'], null,
$params['redirect_uri']);
$clientDetails = $this->db->validateClient($params['client_id'], null, $params['redirect_uri']);
if ($clientDetails === false) {
@ -166,23 +147,18 @@ maintenance of the server.',
}
// Response type
if ( ! isset($authParams['response_type']) &&
! isset($_GET['response_type'])) {
if ( ! isset($authParams['response_type']) && ! isset($_GET['response_type'])) {
throw new OAuthServerClientException(sprintf(
$this->errors['invalid_request'], 'response_type'), 0);
throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'response_type'), 0);
} else {
$params['response_type'] = (isset($authParams['response_type'])) ?
$authParams['response_type'] : $_GET['response_type'];
$params['response_type'] = (isset($authParams['response_type'])) ? $authParams['response_type'] : $_GET['response_type'];
// Ensure response type is one that is recognised
if ( ! in_array($params['response_type'],
$this->response_types)) {
if ( ! in_array($params['response_type'], $this->response_types)) {
throw new OAuthServerClientException(
$this->errors['unsupported_response_type'], 3);
throw new OAuthServerClientException($this->errors['unsupported_response_type'], 3);
}
}
@ -208,8 +184,7 @@ maintenance of the server.',
if (count($scopes) === 0) {
throw new OAuthServerClientException(sprintf(
$this->errors['invalid_request'], 'scope'), 0);
throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'scope'), 0);
}
$params['scopes'] = array();
@ -220,8 +195,7 @@ maintenance of the server.',
if ($scopeDetails === false) {
throw new OAuthServerClientException(sprintf(
$this->errors['invalid_scope'], $scope), 4);
throw new OAuthServerClientException(sprintf($this->errors['invalid_scope'], $scope), 4);
}
@ -285,14 +259,7 @@ maintenance of the server.',
* @param string $accessToken The access token (default = null)
* @return string An authorisation code
*/
private function newAuthCode(
$clientId,
$type = 'user',
$typeId,
$redirectUri,
$scopes = array(),
$accessToken = null
)
private function newAuthCode($clientId, $type = 'user', $typeId, $redirectUri, $scopes = array(), $accessToken = null)
{
$authCode = $this->generateCode();
@ -352,22 +319,18 @@ maintenance of the server.',
$params = array();
// Grant type (must be 'authorization_code')
if ( ! isset($authParams['grant_type']) &&
! isset($_POST['grant_type'])) {
if ( ! isset($authParams['grant_type']) && ! isset($_POST['grant_type'])) {
throw new OAuthServerClientException(sprintf(
$this->errors['invalid_request'], 'grant_type'), 0);
throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'grant_type'), 0);
} else {
$params['grant_type'] = (isset($authParams['grant_type'])) ?
$authParams['grant_type'] : $_POST['grant_type'];
$params['grant_type'] = (isset($authParams['grant_type'])) ? $authParams['grant_type'] : $_POST['grant_type'];
// Ensure response type is one that is recognised
if ( ! in_array($params['grant_type'], $this->grant_types)) {
throw new OAuthServerClientException(
$this->errors['unsupported_grant_type'], 7);
throw new OAuthServerClientException($this->errors['unsupported_grant_type'], 7);
}
}
@ -383,9 +346,7 @@ maintenance of the server.',
case 'password': // Resource owner password credentials grant
case 'client_credentials': // Client credentials grant
default: // Unsupported
throw new OAuthServerException($this->errors['server_error'] .
'Tried to process an unsuppported grant type.',
5);
throw new OAuthServerException($this->errors['server_error'] . 'Tried to process an unsuppported grant type.', 5);
break;
}
}
@ -404,81 +365,73 @@ maintenance of the server.',
array())
{
// Client ID
if ( ! isset($authParams['client_id']) &&
! isset($_POST['client_id'])) {
if ( ! isset($authParams['client_id']) && ! isset($_POST['client_id'])) {
throw new OAuthServerClientException(sprintf(
$this->errors['invalid_request'], 'client_id'), 0);
throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0);
} else {
$params['client_id'] = (isset($authParams['client_id'])) ?
$authParams['client_id'] : $_POST['client_id'];
$params['client_id'] = (isset($authParams['client_id'])) ? $authParams['client_id'] : $_POST['client_id'];
}
// Client secret
if ( ! isset($authParams['client_secret']) &&
! isset($_POST['client_secret'])) {
if ( ! isset($authParams['client_secret']) && ! isset($_POST['client_secret'])) {
throw new OAuthServerClientException(sprintf(
$this->errors['invalid_request'], 'client_secret'), 0);
throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'client_secret'), 0);
} else {
$params['client_secret'] = (isset($authParams['client_secret'])) ?
$authParams['client_secret'] : $_POST['client_secret'];
$params['client_secret'] = (isset($authParams['client_secret'])) ? $authParams['client_secret'] : $_POST['client_secret'];
}
// Redirect URI
if ( ! isset($authParams['redirect_uri']) &&
! isset($_POST['redirect_uri'])) {
if ( ! isset($authParams['redirect_uri']) && ! isset($_POST['redirect_uri'])) {
throw new OAuthServerClientException(sprintf(
$this->errors['invalid_request'], 'redirect_uri'), 0);
throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'redirect_uri'), 0);
} else {
$params['redirect_uri'] = (isset($authParams['redirect_uri'])) ?
$authParams['redirect_uri'] : $_POST['redirect_uri'];
$params['redirect_uri'] = (isset($authParams['redirect_uri'])) ? $authParams['redirect_uri'] : $_POST['redirect_uri'];
}
// Validate client ID and redirect URI
$clientDetails = $this->db->validateClient($params['client_id'],
$params['client_secret'],
$params['redirect_uri']);
$clientDetails = $this->db->validateClient(
$params['client_id'],
$params['client_secret'],
$params['redirect_uri']
);
if ($clientDetails === false) {
throw new OAuthServerClientException(
$this->errors['invalid_client'], 8);
throw new OAuthServerClientException($this->errors['invalid_client'], 8);
}
// The authorization code
if ( ! isset($authParams['code']) &&
! isset($_GET['code'])) {
throw new OAuthServerClientException(sprintf(
$this->errors['invalid_request'], 'code'), 0);
throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'code'), 0);
} else {
$params['code'] = (isset($authParams['code'])) ?
$authParams['code'] : $_POST['code'];
$params['code'] = (isset($authParams['code'])) ? $authParams['code'] : $_POST['code'];
}
// Verify the authorization code matches the client_id and the
// request_uri
$sessionId = $this->db->validateAuthCode($params['client_id'],
$params['request_uri'], $params['code']);
$sessionId = $this->db->validateAuthCode(
$params['client_id'],
$params['request_uri'],
$params['code']
);
if ( ! $sessionId) {
throw new OAuthServerClientException(sprintf(
$this->errors['invalid_grant'], 'code'), 9);
throw new OAuthServerClientException(sprintf($this->errors['invalid_grant'], 'code'), 9);
} else {
@ -487,14 +440,21 @@ maintenance of the server.',
$accessToken = $this->generateCode();
$accessTokenExpires = ($this->config['access_token_ttl'] === null)
? null : time() + $this->config['access_token_ttl'];
$accessTokenExpires = ($this->config['access_token_ttl'] === null) ? null : time() + $this->config['access_token_ttl'];
$this->db->updateSession($sessionId, null, $accessToken,
$accessTokenExpires, 'granted');
$this->db->updateSession(
$sessionId,
null,
$accessToken,
$accessTokenExpires,
'granted'
);
// Update the session's scopes to reference the access token
$this->db->updateSessionScopeAccessToken($sessionId, $accessToken);
$this->db->updateSessionScopeAccessToken(
$sessionId,
$accessToken
);
return array(
'access_token' => $accessToken,
@ -513,8 +473,7 @@ maintenance of the server.',
*
* @return string The updated redirect URI
*/
public function redirectUri($redirectUri, $params = array(),
$queryDelimeter = '?')
public function redirectUri($redirectUri, $params = array(), $queryDelimeter = '?')
{
if (strstr($redirectUri, $queryDelimeter)) {
@ -523,8 +482,7 @@ maintenance of the server.',
} else {
$redirectUri = $redirectUri . $queryDelimeter .
http_build_query($params);
$redirectUri = $redirectUri . $queryDelimeter . http_build_query($params);
}