Merge pull request #204 from ushahidi/missing-token-message

Add a new "missing_token" exception message to Resource server

.gitignore

@@ -2,4 +2,5 @@
 /composer.lock
 /tests/coverage
 /docs
-/testing
+/testing
+build/coverage

CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## 3.2.2 (released 2014-07-23)
+
+* Fix Resource server Request HTTP header access (Issue #188)
+
 ## 3.2 (released 2014-04-16)
 
 * Added the ability to change the algorithm that is used to generate the token strings (Issue #151)

README.md

@@ -42,27 +42,13 @@ The authorization server is a flexible class and the following core specificatio
 * client credentials ([section 2.3.1](http://tools.ietf.org/html/rfc6749#section-2.3.1))
 * password (user credentials) ([section 4.3](http://tools.ietf.org/html/rfc6749#section-4.3))
 
-An [overview of the different OAuth 2.0 grants](https://github.com/thephpleague/oauth2-server/wiki/Which-OAuth-2.0-grant-should-I-use%3F) can be found in the [wiki].
-
 ### Resource Server
 
 The resource server allows you to secure your API endpoints by checking for a valid OAuth access token in the request and ensuring the token has the correct scope(s) (i.e. permissions) to access resources.
 
 ### Custom grants
 
-Custom grants can be created easily by implementing an interface. Check out the [custom grant guide](https://github.com/thephpleague/oauth2-server/wiki/Creating-custom-grants).
-
-## Tutorials and Documentation
-
-* **[Wiki]** - The wiki has lots of guides on how to use this library.
-
-* **[Developing an OAuth-2.0 Authorization Server]** - A simple tutorial on how to use the authorization server.
-
-* **[Securing your API with OAuth 2.0]** - A simple tutorial on how to use the resource server to secure an API server.
-
-[Wiki]: https://github.com/thephpleague/oauth2-server/wiki
-[Securing your API with OAuth 2.0]: https://github.com/thephpleague/oauth2-server/wiki/Securing-your-API-with-OAuth-2.0
-[Developing an OAuth-2.0 Authorization Server]: https://github.com/thephpleague/oauth2-server/wiki/Developing-an-OAuth-2.0-authorization-server
+Custom grants can be created easily by implementing an interface.
 
 ## Changelog
 

composer.json

@@ -1,13 +1,12 @@
 {
 	"name": "league/oauth2-server",
 	"description": "A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.",
-	"version": "3.2",
 	"license": "MIT",
 	"require": {
 		"php": ">=5.4.0"
 	},
 	"require-dev": {
-		"mockery/mockery": ">=0.7.2",
+		"mockery/mockery": "~0.8",
 		"league/phpunit-coverage-listener": "~1.0"
 	},
 	"repositories": [
@@ -44,7 +43,9 @@
 			"League\\OAuth2\\Server": "src/"
 		}
 	},
-	"suggest": {
-
+	"extra": {
+		"branch-alias": {
+			"dev-master": "3.2.x-dev"
+		}
 	}
 }

src/League/OAuth2/Server/Resource.php

@@ -84,6 +84,7 @@ class Resource
         0   =>  'invalid_request',
         1   =>  'invalid_token',
         2   =>  'insufficient_scope',
+        3   =>  'missing_token',
     );
 
     /**
@@ -94,6 +95,7 @@ class Resource
         'invalid_request'    =>  'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the "%s" parameter.',
         'invalid_token'      =>  'The access token provided is expired, revoked, malformed, or invalid for other reasons.',
         'insufficient_scope' =>  'The request requires higher privileges than provided by the access token. Required scopes are: %s.',
+        'missing_token'      =>  'The request is missing an access token in either the Authorization header or the %s request parameter.',
     );
 
     /**
@@ -109,6 +111,7 @@ class Resource
         'invalid_request'    =>  400,
         'invalid_token'      =>  401,
         'insufficient_scope' =>  403,
+        'missing_token'      =>  400,
     );
 
     /**
@@ -165,7 +168,7 @@ class Resource
         // @codeCoverageIgnoreStart
         if ($error === 'invalid_token') {
             $authScheme = null;
-            $request = new Request();
+            $request = Request::buildFromGlobals();
             if ($request->server('PHP_AUTH_USER') !== null) {
                 $authScheme = 'Basic';
             } else {
@@ -387,7 +390,7 @@ class Resource
         }
 
         if (empty($accessToken)) {
-            throw new Exception\MissingAccessTokenException(self::$exceptionMessages['invalid_request'], 0);
+            throw new Exception\MissingAccessTokenException(sprintf(self::$exceptionMessages['missing_token'], $this->tokenKey), 3);
         }
 
         return $accessToken;

src/League/OAuth2/Server/Util/Request.php

@@ -76,22 +76,25 @@ class Request implements RequestInterface
 
     protected function readHeaders()
     {
-        if (function_exists('getallheaders')) {
+        if (function_exists('apache_request_headers')) {
             // @codeCoverageIgnoreStart
-            $headers = getallheaders();
+            $headers = apache_request_headers();
+        } elseif (function_exists('http_get_request_headers')) {
+            $headers = http_get_request_headers();
         } else {
             // @codeCoverageIgnoreEnd
             $headers = array();
             foreach ($this->server() as $name => $value) {
                 if (substr($name, 0, 5) == 'HTTP_') {
-                    $name = str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))));
+                    // HTTP_FOO_BAR becomes FOO-BAR
+                    $name = str_replace(array('HTTP_', '_'), array('', '-'), $name);
                     $headers[$name] = $value;
                 }
             }
         }
 
         return $this->normalizeHeaders($headers);
-   }
+    }
 
     protected function getPropertyValue($property, $index = null, $default = null)
     {
@@ -143,4 +146,4 @@ class Request implements RequestInterface
 
         return $key;
     }
-}
+}