Changelog update

Do not forget to set the expire time

CHANGELOG.md

@@ -1,5 +1,20 @@
 # Changelog
 
+## 4.0.4 (released 2014-12-03)
+
+* Ensure refresh token hasn't expired (Issue #270)
+
+## 4.0.3 (released 2014-12-02)
+
+* Fix bad type hintings (Issue #267)
+* Do not forget to set the expire time (Issue #268)
+
+## 4.0.2 (released 2014-11-21)
+
+* Improved interfaces (Issue #255)
+* Learnt how to spell delimiter and so `getScopeDelimiter()` and `setScopeDelimiter()` methods have been renamed
+* Docblock improvements (Issue #254)
+
 ## 4.0.1 (released 2014-11-09)
 
 * Alias the master branch in composer.json (Issue #243)

composer.json

@@ -55,10 +55,5 @@
 		"psr-4": {
 			"LeagueTests\\": "tests/unit/"
 		}
-	},
-	"extra": {
-       		"branch-alias": {
-            		"dev-master": "4.0.x-dev"
-        	}
 	}
 }

examples/relational/Storage/AccessTokenStorage.php

@@ -6,10 +6,10 @@ use Illuminate\Database\Capsule\Manager as Capsule;
 use League\OAuth2\Server\Entity\AbstractTokenEntity;
 use League\OAuth2\Server\Entity\AccessTokenEntity;
 use League\OAuth2\Server\Entity\ScopeEntity;
+use League\OAuth2\Server\Storage\AbstractStorage;
 use League\OAuth2\Server\Storage\AccessTokenInterface;
-use League\OAuth2\Server\Storage\Adapter;
 
-class AccessTokenStorage extends Adapter implements AccessTokenInterface
+class AccessTokenStorage extends AbstractStorage implements AccessTokenInterface
 {
     /**
      * {@inheritdoc}
@@ -34,7 +34,7 @@ class AccessTokenStorage extends Adapter implements AccessTokenInterface
     /**
      * {@inheritdoc}
      */
-    public function getScopes(AbstractTokenEntity $token)
+    public function getScopes(AccessTokenEntity $token)
     {
         $result = Capsule::table('oauth_access_token_scopes')
                                     ->select(['oauth_scopes.id', 'oauth_scopes.description'])
@@ -73,7 +73,7 @@ class AccessTokenStorage extends Adapter implements AccessTokenInterface
     /**
      * {@inheritdoc}
      */
-    public function associateScope(AbstractTokenEntity $token, ScopeEntity $scope)
+    public function associateScope(AccessTokenEntity $token, ScopeEntity $scope)
     {
         Capsule::table('oauth_access_token_scopes')
                     ->insert([
@@ -85,7 +85,7 @@ class AccessTokenStorage extends Adapter implements AccessTokenInterface
     /**
      * {@inheritdoc}
      */
-    public function delete(AbstractTokenEntity $token)
+    public function delete(AccessTokenEntity $token)
     {
         Capsule::table('oauth_access_token_scopes')
                     ->where('access_token', $token->getId())

examples/relational/Storage/AuthCodeStorage.php

@@ -5,10 +5,10 @@ namespace RelationalExample\Storage;
 use Illuminate\Database\Capsule\Manager as Capsule;
 use League\OAuth2\Server\Entity\AuthCodeEntity;
 use League\OAuth2\Server\Entity\ScopeEntity;
-use League\OAuth2\Server\Storage\Adapter;
+use League\OAuth2\Server\Storage\AbstractStorage;
 use League\OAuth2\Server\Storage\AuthCodeInterface;
 
-class AuthCodeStorage extends Adapter implements AuthCodeInterface
+class AuthCodeStorage extends AbstractStorage implements AuthCodeInterface
 {
     /**
      * {@inheritdoc}
@@ -24,6 +24,7 @@ class AuthCodeStorage extends Adapter implements AuthCodeInterface
             $token = new AuthCodeEntity($this->server);
             $token->setId($result[0]['auth_code']);
             $token->setRedirectUri($result[0]['client_redirect_uri']);
+            $token->setExpireTime($result[0]['expire_time']);
 
             return $token;
         }

examples/relational/Storage/ClientStorage.php

@@ -5,10 +5,10 @@ namespace RelationalExample\Storage;
 use Illuminate\Database\Capsule\Manager as Capsule;
 use League\OAuth2\Server\Entity\ClientEntity;
 use League\OAuth2\Server\Entity\SessionEntity;
-use League\OAuth2\Server\Storage\Adapter;
+use League\OAuth2\Server\Storage\AbstractStorage;
 use League\OAuth2\Server\Storage\ClientInterface;
 
-class ClientStorage extends Adapter implements ClientInterface
+class ClientStorage extends AbstractStorage implements ClientInterface
 {
     /**
      * {@inheritdoc}

examples/relational/Storage/RefreshTokenStorage.php

@@ -4,10 +4,10 @@ namespace RelationalExample\Storage;
 
 use Illuminate\Database\Capsule\Manager as Capsule;
 use League\OAuth2\Server\Entity\RefreshTokenEntity;
-use League\OAuth2\Server\Storage\Adapter;
+use League\OAuth2\Server\Storage\AbstractStorage;
 use League\OAuth2\Server\Storage\RefreshTokenInterface;
 
-class RefreshTokenStorage extends Adapter implements RefreshTokenInterface
+class RefreshTokenStorage extends AbstractStorage implements RefreshTokenInterface
 {
     /**
      * {@inheritdoc}

examples/relational/Storage/ScopeStorage.php

@@ -4,10 +4,10 @@ namespace RelationalExample\Storage;
 
 use Illuminate\Database\Capsule\Manager as Capsule;
 use League\OAuth2\Server\Entity\ScopeEntity;
-use League\OAuth2\Server\Storage\Adapter;
+use League\OAuth2\Server\Storage\AbstractStorage;
 use League\OAuth2\Server\Storage\ScopeInterface;
 
-class ScopeStorage extends Adapter implements ScopeInterface
+class ScopeStorage extends AbstractStorage implements ScopeInterface
 {
     /**
      * {@inheritdoc}

examples/relational/Storage/SessionStorage.php

@@ -7,10 +7,10 @@ use League\OAuth2\Server\Entity\AccessTokenEntity;
 use League\OAuth2\Server\Entity\AuthCodeEntity;
 use League\OAuth2\Server\Entity\ScopeEntity;
 use League\OAuth2\Server\Entity\SessionEntity;
-use League\OAuth2\Server\Storage\Adapter;
+use League\OAuth2\Server\Storage\AbstractStorage;
 use League\OAuth2\Server\Storage\SessionInterface;
 
-class SessionStorage extends Adapter implements SessionInterface
+class SessionStorage extends AbstractStorage implements SessionInterface
 {
     /**
      * {@inheritdoc}

src/AbstractServer.php

@@ -188,7 +188,7 @@ abstract class AbstractServer
 
     /**
      * Set the refresh token storage
-     * @param  \League\OAuth2\Server\Storage\RefreshTokenInteface $storage
+     * @param  \League\OAuth2\Server\Storage\RefreshTokenInterface $storage
      * @return self
      */
     public function setRefreshTokenStorage(RefreshTokenInterface $storage)
@@ -201,7 +201,7 @@ abstract class AbstractServer
 
     /**
      * Set the auth code storage
-     * @param  \League\OAuth2\Server\Storage\AuthCodeInterface $authCode
+     * @param  \League\OAuth2\Server\Storage\AuthCodeInterface $storage
      * @return self
      */
     public function setAuthCodeStorage(AuthCodeInterface $storage)

src/AuthorizationServer.php

@@ -13,7 +13,6 @@ namespace League\OAuth2\Server;
 
 use League\OAuth2\Server\Grant\GrantTypeInterface;
 use League\OAuth2\Server\TokenType\Bearer;
-use Symfony\Component\HttpFoundation\Request;
 
 /**
  * OAuth 2.0 authorization server class
@@ -25,7 +24,7 @@ class AuthorizationServer extends AbstractServer
      * The OAuth 2 specification states it should be a space but most use a comma
      * @var string
      */
-    protected $scopeDelimeter = ' ';
+    protected $scopeDelimiter = ' ';
 
     /**
      * The TTL (time to live) of an access token in seconds (default: 3600)
@@ -103,7 +102,7 @@ class AuthorizationServer extends AbstractServer
 
     /**
      * Check if a grant type has been enabled
-     * @param  string  $identifier The grant type identifier
+     * @param  string $identifier The grant type identifier
      * @return boolean Returns "true" if enabled, "false" if not
      */
     public function hasGrantType($identifier)
@@ -121,7 +120,7 @@ class AuthorizationServer extends AbstractServer
     }
 
     /**
-     * Require the "scope" paremter in checkAuthoriseParams()
+     * Require the "scope" parameter in checkAuthoriseParams()
      * @param  boolean $require
      * @return self
      */
@@ -144,7 +143,7 @@ class AuthorizationServer extends AbstractServer
     /**
      * Default scope to be used if none is provided and requireScopeParam() is false
      * @param string $default Name of the default scope
-     * @param self
+     * @return self
      */
     public function setDefaultScope($default = null)
     {
@@ -164,8 +163,7 @@ class AuthorizationServer extends AbstractServer
 
     /**
      * Require the "state" paremter in checkAuthoriseParams()
-     * @param  boolean $require
-     * @return void
+     * @return bool
      */
     public function stateParamRequired()
     {
@@ -175,7 +173,7 @@ class AuthorizationServer extends AbstractServer
     /**
      * Require the "state" paremter in checkAuthoriseParams()
      * @param  boolean $require
-     * @return void
+     * @return self
      */
     public function requireStateParam($require = true)
     {
@@ -185,21 +183,22 @@ class AuthorizationServer extends AbstractServer
     }
 
     /**
-     * Get the scope delimeter
+     * Get the scope delimiter
      * @return string The scope delimiter (default: ",")
      */
-    public function getScopeDelimeter()
+    public function getScopeDelimiter()
     {
-        return $this->scopeDelimeter;
+        return $this->scopeDelimiter;
     }
 
     /**
      * Set the scope delimiter
-     * @param string $scopeDelimeter
+     * @param string $scopeDelimiter
+     * @return self
      */
-    public function setScopeDelimeter($scopeDelimeter = ' ')
+    public function setScopeDelimiter($scopeDelimiter = ' ')
     {
-        $this->scopeDelimeter = $scopeDelimeter;
+        $this->scopeDelimiter = $scopeDelimiter;
 
         return $this;
     }
@@ -216,6 +215,7 @@ class AuthorizationServer extends AbstractServer
     /**
      * Set the TTL for an access token
      * @param int $accessTokenTTL The new TTL
+     * @return self
      */
     public function setAccessTokenTTL($accessTokenTTL = 3600)
     {
@@ -227,6 +227,7 @@ class AuthorizationServer extends AbstractServer
     /**
      * Issue an access token
      * @return array Authorise request parameters
+     * @throws
      */
     public function issueAccessToken()
     {
@@ -246,8 +247,9 @@ class AuthorizationServer extends AbstractServer
 
     /**
      * Return a grant type class
-     * @param  string                   $grantType The grant type identifer
+     * @param  string $grantType The grant type identifier
      * @return Grant\GrantTypeInterface
+     * @throws
      */
     public function getGrantType($grantType)
     {

src/Entity/AbstractTokenEntity.php

@@ -105,7 +105,7 @@ abstract class AbstractTokenEntity
 
     /**
      * Set token ID
-     * @param  string $token Token ID
+     * @param  string $id Token ID
      * @return self
      */
     public function setId($id = null)

src/Entity/AccessTokenEntity.php

@@ -47,7 +47,7 @@ class AccessTokenEntity extends AbstractTokenEntity
 
     /**
      * Return all scopes associated with the access token
-     * @return \League\OAuth2\Server\Entity\Scope[]
+     * @return \League\OAuth2\Server\Entity\ScopeEntity[]
      */
     public function getScopes()
     {

src/Entity/AuthCodeEntity.php

@@ -77,7 +77,7 @@ class AuthCodeEntity extends AbstractTokenEntity
 
     /**
      * Return all scopes associated with the session
-     * @return \League\OAuth2\Server\Entity\Scope[]
+     * @return \League\OAuth2\Server\Entity\ScopeEntity[]
      */
     public function getScopes()
     {

src/Entity/EntityTrait.php

@@ -16,6 +16,7 @@ trait EntityTrait
     /**
      * Hydrate an entity with properites
      * @param array $properties
+     * @return self
      */
     public function hydrate(array $properties)
     {

src/Entity/RefreshTokenEntity.php

@@ -30,7 +30,7 @@ class RefreshTokenEntity extends AbstractTokenEntity
 
     /**
      * Set the ID of the associated access token
-     * @param  string $accessToken
+     * @param  string $accessTokenId
      * @return self
      */
     public function setAccessTokenId($accessTokenId)
@@ -42,7 +42,7 @@ class RefreshTokenEntity extends AbstractTokenEntity
 
     /**
      * Associate an access token
-     * @param  \League\OAuth2\Server\Entity\AccessTokenEntity $accessToken
+     * @param  \League\OAuth2\Server\Entity\AccessTokenEntity $accessTokenEntity
      * @return self
      */
     public function setAccessToken(AccessTokenEntity $accessTokenEntity)
@@ -54,7 +54,7 @@ class RefreshTokenEntity extends AbstractTokenEntity
 
     /**
      * Return access token
-     * @return AccessToken
+     * @return AccessTokenEntity
      */
     public function getAccessToken()
     {

src/Entity/SessionEntity.php

@@ -12,8 +12,7 @@
 namespace League\OAuth2\Server\Entity;
 
 use League\OAuth2\Server\AbstractServer;
-use League\OAuth2\Server\Event;
-use Symfony\Component\HttpFoundation\ParameterBag;
+use League\OAuth2\Server\Event\SessionOwnerEvent;
 
 /**
  * Session entity grant
@@ -137,7 +136,7 @@ class SessionEntity
 
     /**
      * Return all scopes associated with the session
-     * @return \League\OAuth2\Server\Entity\Scope[]
+     * @return \League\OAuth2\Server\Entity\ScopeEntity[]
      */
     public function getScopes()
     {
@@ -153,11 +152,11 @@ class SessionEntity
      * @param  \League\OAuth2\Server\Entity\Scope[]
      * @return array
      */
-    private function formatScopes($unformated = [])
+    private function formatScopes($unformatted = [])
     {
         $scopes = [];
-        if (is_array($unformated)) {
-            foreach ($unformated as $scope) {
+        if (is_array($unformatted)) {
+            foreach ($unformatted as $scope) {
                 if ($scope instanceof ScopeEntity) {
                     $scopes[$scope->getId()] = $scope;
                 }
@@ -229,7 +228,7 @@ class SessionEntity
         $this->ownerType = $type;
         $this->ownerId = $id;
 
-        $this->server->getEventEmitter()->emit(new Event\SessionOwnerEvent($this));
+        $this->server->getEventEmitter()->emit(new SessionOwnerEvent($this));
 
         return $this;
     }

src/Event/ClientAuthenticationFailedEvent.php

@@ -24,7 +24,7 @@ class ClientAuthenticationFailedEvent extends AbstractEvent
 
     /**
      * Init the event with a request
-     * @param \Symfony\Component\HttpFoundation\Requesty $request
+     * @param \Symfony\Component\HttpFoundation\Request $request
      */
     public function __construct(Request $request)
     {

src/Event/UserAuthenticationFailedEvent.php

@@ -24,7 +24,7 @@ class UserAuthenticationFailedEvent extends AbstractEvent
 
     /**
      * Init the event with a request
-     * @param \Symfony\Component\HttpFoundation\Requesty $request
+     * @param \Symfony\Component\HttpFoundation\Request $request
      */
     public function __construct(Request $request)
     {

src/Exception/OAuthException.php

@@ -11,6 +11,7 @@
 
 namespace League\OAuth2\Server\Exception;
 
+use League\OAuth2\Server\Util\RedirectUri;
 use Symfony\Component\HttpFoundation\Request;
 
 /**
@@ -36,6 +37,7 @@ class OAuthException extends \Exception
 
     /**
      * Throw a new exception
+     * @param string $msg Exception Message
      */
     public function __construct($msg = 'An error occured')
     {
@@ -57,7 +59,7 @@ class OAuthException extends \Exception
      */
     public function getRedirectUri()
     {
-        return \League\OAuth2\Server\Util\RedirectUri::make(
+        return RedirectUri::make(
             $this->redirectUri,
             [
                 'error' =>  $this->errorType,

src/Grant/AbstractGrant.php

@@ -35,7 +35,7 @@ abstract class AbstractGrant implements GrantTypeInterface
 
     /**
      * Callback to authenticate a user's name and password
-     * @var function
+     * @var callable
      */
     protected $callback;
 
@@ -52,8 +52,7 @@ abstract class AbstractGrant implements GrantTypeInterface
     protected $accessTokenTTL;
 
     /**
-     * Return the identifier
-     * @return string
+     * {@inheritdoc}
      */
     public function getIdentifier()
     {
@@ -61,9 +60,7 @@ abstract class AbstractGrant implements GrantTypeInterface
     }
 
     /**
-     * Return the identifier
-     * @param  string $identifier
-     * @return self
+     * {@inheritdoc}
      */
     public function setIdentifier($identifier)
     {
@@ -73,8 +70,7 @@ abstract class AbstractGrant implements GrantTypeInterface
     }
 
     /**
-     * Return the response type
-     * @return string
+     * {@inheritdoc}
      */
     public function getResponseType()
     {
@@ -96,7 +92,7 @@ abstract class AbstractGrant implements GrantTypeInterface
 
     /**
      * Override the default access token expire time
-     * @param  int  $accessTokenTTL
+     * @param  int $accessTokenTTL
      * @return self
      */
     public function setAccessTokenTTL($accessTokenTTL)
@@ -107,9 +103,7 @@ abstract class AbstractGrant implements GrantTypeInterface
     }
 
     /**
-     * Inject the authorization server into the grant
-     * @param  \League\OAuth2\Server\AuthorizationServer $server The authorization server instance
-     * @return self
+     * {@inheritdoc}
      */
     public function setAuthorizationServer(AuthorizationServer $server)
     {
@@ -120,15 +114,16 @@ abstract class AbstractGrant implements GrantTypeInterface
 
     /**
      * Given a list of scopes, validate them and return an array of Scope entities
-     * @param  string                                                $scopeParam  A string of scopes (e.g. "profile email birthday")
-     * @param  \League\OAuth2\Server\Entity\ClientEntity             $client      Client entity
-     * @param  string|null                                           $redirectUri The redirect URI to return the user to
+     * @param  string                                    $scopeParam  A string of scopes (e.g. "profile email birthday")
+     * @param  \League\OAuth2\Server\Entity\ClientEntity $client      Client entity
+     * @param  string|null                               $redirectUri The redirect URI to return the user to
      * @return \League\OAuth2\Server\Entity\ScopeEntity[]
      * @throws \League\OAuth2\Server\Exception\InvalidScopeException If scope is invalid, or no scopes passed when required
+     * @throws
      */
     public function validateScopes($scopeParam = '', ClientEntity $client, $redirectUri = null)
     {
-        $scopesList = explode($this->server->getScopeDelimeter(), $scopeParam);
+        $scopesList = explode($this->server->getScopeDelimiter(), $scopeParam);
 
         for ($i = 0; $i < count($scopesList); $i++) {
             $scopesList[$i] = trim($scopesList[$i]);

src/Grant/AuthCodeGrant.php

@@ -18,7 +18,6 @@ use League\OAuth2\Server\Entity\RefreshTokenEntity;
 use League\OAuth2\Server\Entity\SessionEntity;
 use League\OAuth2\Server\Event;
 use League\OAuth2\Server\Exception;
-use League\OAuth2\Server\Request;
 use League\OAuth2\Server\Util\SecureKey;
 
 /**
@@ -40,7 +39,7 @@ class AuthCodeGrant extends AbstractGrant
 
     /**
      * AuthServer instance
-     * @var AuthServer
+     * @var \League\OAuth2\Server\AuthorizationServer
      */
     protected $server = null;
 
@@ -58,7 +57,7 @@ class AuthCodeGrant extends AbstractGrant
 
     /**
      * Override the default access token expire time
-     * @param  int  $authTokenTTL
+     * @param  int $authTokenTTL
      * @return void
      */
     public function setAuthTokenTTL($authTokenTTL)
@@ -70,6 +69,8 @@ class AuthCodeGrant extends AbstractGrant
      * Check authorize parameters
      *
      * @return array Authorize request parameters
+     *
+     * @throws
      */
     public function checkAuthorizeParams()
     {
@@ -117,11 +118,11 @@ class AuthCodeGrant extends AbstractGrant
         $scopes = $this->validateScopes($scopeParam, $client, $redirectUri);
 
         return [
-            'client'        =>  $client,
-            'redirect_uri'  =>  $redirectUri,
-            'state'         =>  $state,
-            'response_type' =>  $responseType,
-            'scopes'        =>  $scopes
+            'client'        => $client,
+            'redirect_uri'  => $redirectUri,
+            'state'         => $state,
+            'response_type' => $responseType,
+            'scopes'        => $scopes
         ];
     }
 
@@ -160,24 +161,20 @@ class AuthCodeGrant extends AbstractGrant
     /**
      * Complete the auth code grant
      * @return array
+     * @throws
      */
     public function completeFlow()
     {
         // Get the required params
-        $clientId = $this->server->getRequest()->request->get('client_id', null);
+        $clientId = $this->server->getRequest()->request->get('client_id', $this->server->getRequest()->getUser());
         if (is_null($clientId)) {
-            $clientId = $this->server->getRequest()->getUser();
-            if (is_null($clientId)) {
-                throw new Exception\InvalidRequestException('client_id');
-            }
+            throw new Exception\InvalidRequestException('client_id');
         }
 
-        $clientSecret = $this->server->getRequest()->request->get('client_secret', null);
+        $clientSecret = $this->server->getRequest()->request->get('client_secret',
+            $this->server->getRequest()->getPassword());
         if (is_null($clientSecret)) {
-            $clientSecret = $this->server->getRequest()->getPassword();
-            if (is_null($clientSecret)) {
-                throw new Exception\InvalidRequestException('client_secret');
-            }
+            throw new Exception\InvalidRequestException('client_secret');
         }
 
         $redirectUri = $this->server->getRequest()->request->get('redirect_uri', null);
@@ -257,7 +254,7 @@ class AuthCodeGrant extends AbstractGrant
         $accessToken->setSession($session);
         $accessToken->save();
 
-        if ($this->server->hasGrantType('refresh_token')) {
+        if (isset($refreshToken) && $this->server->hasGrantType('refresh_token')) {
             $refreshToken->setAccessToken($accessToken);
             $refreshToken->save();
         }

src/Grant/ClientCredentialsGrant.php

@@ -37,7 +37,7 @@ class ClientCredentialsGrant extends AbstractGrant
 
     /**
      * AuthServer instance
-     * @var AuthServer
+     * @var \League\OAuth2\Server\AuthorizationServer
      */
     protected $server = null;
 
@@ -50,24 +50,20 @@ class ClientCredentialsGrant extends AbstractGrant
     /**
      * Complete the client credentials grant
      * @return array
+     * @throws
      */
     public function completeFlow()
     {
         // Get the required params
-        $clientId = $this->server->getRequest()->request->get('client_id', null);
+        $clientId = $this->server->getRequest()->request->get('client_id', $this->server->getRequest()->getUser());
         if (is_null($clientId)) {
-            $clientId = $this->server->getRequest()->getUser();
-            if (is_null($clientId)) {
-                throw new Exception\InvalidRequestException('client_id');
-            }
+            throw new Exception\InvalidRequestException('client_id');
         }
 
-        $clientSecret = $this->server->getRequest()->request->get('client_secret', null);
+        $clientSecret = $this->server->getRequest()->request->get('client_secret',
+            $this->server->getRequest()->getPassword());
         if (is_null($clientSecret)) {
-            $clientSecret = $this->server->getRequest()->getPassword();
-            if (is_null($clientSecret)) {
-                throw new Exception\InvalidRequestException('client_secret');
-            }
+            throw new Exception\InvalidRequestException('client_secret');
         }
 
         // Validate client ID and client secret

src/Grant/GrantTypeInterface.php

@@ -11,11 +11,39 @@
 
 namespace League\OAuth2\Server\Grant;
 
+use League\OAuth2\Server\AuthorizationServer;
+
 /**
  * Grant type interface
  */
 interface GrantTypeInterface
 {
+    /**
+     * Return the identifier
+     * @return string
+     */
+    public function getIdentifier();
+
+    /**
+     * Return the identifier
+     * @param  string $identifier
+     * @return self
+     */
+    public function setIdentifier($identifier);
+
+    /**
+     * Return the response type
+     * @return string
+     */
+    public function getResponseType();
+
+    /**
+     * Inject the authorization server into the grant
+     * @param  \League\OAuth2\Server\AuthorizationServer $server The authorization server instance
+     * @return self
+     */
+    public function setAuthorizationServer(AuthorizationServer $server);
+
     /**
      * Complete the grant flow
      * @return array

src/Grant/PasswordGrant.php

@@ -61,10 +61,11 @@ class PasswordGrant extends AbstractGrant
     /**
      * Return the callback function
      * @return callable
+     * @throws
      */
     protected function getVerifyCredentialsCallback()
     {
-        if (is_null($this->callback) || ! is_callable($this->callback)) {
+        if (is_null($this->callback) || !is_callable($this->callback)) {
             throw new Exception\ServerErrorException('Null or non-callable callback set on Password grant');
         }
 
@@ -74,24 +75,20 @@ class PasswordGrant extends AbstractGrant
     /**
      * Complete the password grant
      * @return array
+     * @throws
      */
     public function completeFlow()
     {
         // Get the required params
-        $clientId = $this->server->getRequest()->request->get('client_id', null);
+        $clientId = $this->server->getRequest()->request->get('client_id', $this->server->getRequest()->getUser());
         if (is_null($clientId)) {
-            $clientId = $this->server->getRequest()->getUser();
-            if (is_null($clientId)) {
-                throw new Exception\InvalidRequestException('client_id');
-            }
+            throw new Exception\InvalidRequestException('client_id');
         }
 
-        $clientSecret = $this->server->getRequest()->request->get('client_secret', null);
+        $clientSecret = $this->server->getRequest()->request->get('client_secret',
+            $this->server->getRequest()->getPassword());
         if (is_null($clientSecret)) {
-            $clientSecret = $this->server->getRequest()->getPassword();
-            if (is_null($clientSecret)) {
-                throw new Exception\InvalidRequestException('client_secret');
-            }
+            throw new Exception\InvalidRequestException('client_secret');
         }
 
         // Validate client ID and client secret

src/Grant/RefreshTokenGrant.php

@@ -16,7 +16,6 @@ use League\OAuth2\Server\Entity\ClientEntity;
 use League\OAuth2\Server\Entity\RefreshTokenEntity;
 use League\OAuth2\Server\Event;
 use League\OAuth2\Server\Exception;
-use League\OAuth2\Server\Request;
 use League\OAuth2\Server\Util\SecureKey;
 
 /**
@@ -37,7 +36,7 @@ class RefreshTokenGrant extends AbstractGrant
 
     /**
      * Set the TTL of the refresh token
-     * @param  int  $refreshTokenTTL
+     * @param  int $refreshTokenTTL
      * @return void
      */
     public function setRefreshTokenTTL($refreshTokenTTL)
@@ -59,20 +58,15 @@ class RefreshTokenGrant extends AbstractGrant
      */
     public function completeFlow()
     {
-        $clientId = $this->server->getRequest()->request->get('client_id', null);
+        $clientId = $this->server->getRequest()->request->get('client_id', $this->server->getRequest()->getUser());
         if (is_null($clientId)) {
-            $clientId = $this->server->getRequest()->getUser();
-            if (is_null($clientId)) {
-                throw new Exception\InvalidRequestException('client_id');
-            }
+            throw new Exception\InvalidRequestException('client_id');
         }
 
-        $clientSecret = $this->server->getRequest()->request->get('client_secret', null);
+        $clientSecret = $this->server->getRequest()->request->get('client_secret',
+            $this->server->getRequest()->getPassword());
         if (is_null($clientSecret)) {
-            $clientSecret = $this->server->getRequest()->getPassword();
-            if (is_null($clientSecret)) {
-                throw new Exception\InvalidRequestException('client_secret');
-            }
+            throw new Exception\InvalidRequestException('client_secret');
         }
 
         // Validate client ID and client secret
@@ -100,6 +94,11 @@ class RefreshTokenGrant extends AbstractGrant
             throw new Exception\InvalidRefreshException();
         }
 
+        // Ensure the old refresh token hasn't expired
+        if ($oldRefreshToken->isExpired() === true) {
+            throw new Exception\InvalidRefreshException();
+        }
+
         $oldAccessToken = $oldRefreshToken->getAccessToken();
 
         // Get the scopes for the original session

src/ResourceServer.php

@@ -17,7 +17,6 @@ use League\OAuth2\Server\Storage\ClientInterface;
 use League\OAuth2\Server\Storage\ScopeInterface;
 use League\OAuth2\Server\Storage\SessionInterface;
 use League\OAuth2\Server\TokenType\Bearer;
-use Symfony\Component\HttpFoundation\Request;
 
 /**
  * OAuth 2.0 Resource Server
@@ -38,10 +37,10 @@ class ResourceServer extends AbstractServer
 
     /**
      * Initialise the resource server
-     * @param  SessionInterface    $sessionStorage
-     * @param  AccessTokenInteface $accessTokenStorage
-     * @param  ClientInterface     $clientStorage
-     * @param  ScopeInterface      $scopeStorage
+     * @param  SessionInterface     $sessionStorage
+     * @param  AccessTokenInterface $accessTokenStorage
+     * @param  ClientInterface      $clientStorage
+     * @param  ScopeInterface       $scopeStorage
      * @return self
      */
     public function __construct(
@@ -65,7 +64,7 @@ class ResourceServer extends AbstractServer
 
     /**
      * Sets the query string key for the access token.
-     * @param $key The new query string key
+     * @param string $key The new query string key
      * @return self
      */
     public function setIdKey($key)
@@ -86,8 +85,12 @@ class ResourceServer extends AbstractServer
 
     /**
      * Checks if the access token is valid or not
-     * @param $headersOnly Limit Access Token to Authorization header only
+     * @param bool $headersOnly Limit Access Token to Authorization header only
+     * @param AccessTokenEntity|null $accessToken Access Token
+     *
      * @return bool
+     *
+     * @throws
      */
     public function isValidRequest($headersOnly = true, $accessToken = null)
     {
@@ -114,8 +117,8 @@ class ResourceServer extends AbstractServer
 
     /**
      * Reads in the access token from the headers
-     * @param $headersOnly Limit Access Token to Authorization header only
-     * @throws Exception\MissingAccessTokenException Thrown if there is no access token presented
+     * @param bool $headersOnly Limit Access Token to Authorization header only
+     * @throws Exception\InvalidRequestException Thrown if there is no access token presented
      * @return string
      */
     public function determineAccessToken($headersOnly = false)

src/Storage/AbstractStorage.php

@@ -27,6 +27,7 @@ abstract class AbstractStorage implements StorageInterface
     /**
      * Set the server
      * @param \League\OAuth2\Server\AbstractServer $server
+     * @return self
      */
     public function setServer(AbstractServer $server)
     {

src/Storage/AccessTokenInterface.php

@@ -11,7 +11,6 @@
 
 namespace League\OAuth2\Server\Storage;
 
-use League\OAuth2\Server\Entity\AbstractTokenEntity;
 use League\OAuth2\Server\Entity\AccessTokenEntity;
 use League\OAuth2\Server\Entity\ScopeEntity;
 
@@ -29,32 +28,32 @@ interface AccessTokenInterface extends StorageInterface
 
     /**
      * Get the scopes for an access token
-     * @param  \League\OAuth2\Server\Entity\AbstractTokenEntity $token The access token
+     * @param  \League\OAuth2\Server\Entity\AccessTokenEntity $token The access token
      * @return array                                            Array of \League\OAuth2\Server\Entity\ScopeEntity
      */
-    public function getScopes(AbstractTokenEntity $token);
+    public function getScopes(AccessTokenEntity $token);
 
     /**
      * Creates a new access token
      * @param  string                                   $token      The access token
      * @param  integer                                  $expireTime The expire time expressed as a unix timestamp
      * @param  string|integer                           $sessionId  The session ID
-     * @return \League\OAuth2\Server\Entity\AccessToken
+     * @return \League\OAuth2\Server\Entity\AccessTokenEntity
      */
     public function create($token, $expireTime, $sessionId);
 
     /**
      * Associate a scope with an acess token
-     * @param  \League\OAuth2\Server\Entity\AbstractTokenEntity $token The access token
+     * @param  \League\OAuth2\Server\Entity\AccessTokenEntity $token The access token
      * @param  \League\OAuth2\Server\Entity\ScopeEntity         $scope The scope
      * @return void
      */
-    public function associateScope(AbstractTokenEntity $token, ScopeEntity $scope);
+    public function associateScope(AccessTokenEntity $token, ScopeEntity $scope);
 
     /**
      * Delete an access token
-     * @param  \League\OAuth2\Server\Entity\AbstractTokenEntity $token The access token to delete
+     * @param  \League\OAuth2\Server\Entity\AccessTokenEntity $token The access token to delete
      * @return void
      */
-    public function delete(AbstractTokenEntity $token);
+    public function delete(AccessTokenEntity $token);
 }

src/Storage/ClientInterface.php

@@ -24,7 +24,7 @@ interface ClientInterface extends StorageInterface
      * @param  string                                   $clientSecret The client's secret (default = "null")
      * @param  string                                   $redirectUri  The client's redirect URI (default = "null")
      * @param  string                                   $grantType    The grant type used (default = "null")
-     * @return League\OAuth2\Server\Entity\ClientEntity
+     * @return \League\OAuth2\Server\Entity\ClientEntity
      */
     public function get($clientId, $clientSecret = null, $redirectUri = null, $grantType = null);
 

src/Storage/SessionInterface.php

@@ -54,7 +54,7 @@ interface SessionInterface extends StorageInterface
 
     /**
      * Associate a scope with a session
-     * @param  \League\OAuth2\Server\Entity\SessionEntity $scope The scope
+     * @param  \League\OAuth2\Server\Entity\SessionEntity $session The session
      * @param  \League\OAuth2\Server\Entity\ScopeEntity   $scope The scope
      * @return void
      */

src/TokenType/AbstractTokenType.php

@@ -13,7 +13,6 @@ namespace League\OAuth2\Server\TokenType;
 
 use League\OAuth2\Server\AbstractServer;
 use League\OAuth2\Server\Entity\SessionEntity;
-use Symfony\Component\HttpFoundation\Request;
 
 abstract class AbstractTokenType
 {
@@ -36,8 +35,7 @@ abstract class AbstractTokenType
     protected $session;
 
     /**
-     * Set the server
-     * @param \League\OAuth2\Server\AbstractServer $server
+     * {@inheritdoc}
      */
     public function setServer(AbstractServer $server)
     {
@@ -47,8 +45,7 @@ abstract class AbstractTokenType
     }
 
     /**
-     * Set the session entity
-     * @param \League\OAuth2\Server\Entity\SessionEntity $session
+     * {@inheritdoc}
      */
     public function setSession(SessionEntity $session)
     {
@@ -58,9 +55,7 @@ abstract class AbstractTokenType
     }
 
     /**
-     * Set a key/value response pair
-     * @param string $key
-     * @param mixed  $value
+     * {@inheritdoc}
      */
     public function setParam($key, $value)
     {
@@ -68,19 +63,10 @@ abstract class AbstractTokenType
     }
 
     /**
-     * Get a key from the response array
-     * @param  string $key
-     * @return mixed
+     * {@inheritdoc}
      */
     public function getParam($key)
     {
         return isset($this->response[$key]) ? $this->response[$key] : null;
     }
-
-    /**
-     * Determine the access token in the authorization header
-     * @param  \Symfony\Component\HttpFoundation\Request $request
-     * @return string
-     */
-    abstract public function determineAccessTokenInHeader(Request $request);
 }

src/TokenType/TokenTypeInterface.php

@@ -11,6 +11,10 @@
 
 namespace League\OAuth2\Server\TokenType;
 
+use League\OAuth2\Server\AbstractServer;
+use League\OAuth2\Server\Entity\SessionEntity;
+use Symfony\Component\HttpFoundation\Request;
+
 interface TokenTypeInterface
 {
     /**
@@ -18,4 +22,38 @@ interface TokenTypeInterface
      * @return array
      */
     public function generateResponse();
+
+    /**
+     * Set the server
+     * @param \League\OAuth2\Server\AbstractServer $server
+     * @return self
+     */
+    public function setServer(AbstractServer $server);
+
+    /**
+     * Set a key/value response pair
+     * @param string $key
+     * @param mixed  $value
+     */
+    public function setParam($key, $value);
+
+    /**
+     * Get a key from the response array
+     * @param  string $key
+     * @return mixed
+     */
+    public function getParam($key);
+
+    /**
+     * @param \League\OAuth2\Server\Entity\SessionEntity $session
+     * @return self
+     */
+    public function setSession(SessionEntity $session);
+
+    /**
+     * Determine the access token in the authorization header
+     * @param  \Symfony\Component\HttpFoundation\Request $request
+     * @return string
+     */
+    public function determineAccessTokenInHeader(Request $request);
 }

tests/unit/AuthorizationServerTest.php

@@ -15,7 +15,7 @@ class AuthorizationServerTest extends \PHPUnit_Framework_TestCase
         $server->requireScopeParam(true);
         $server->requireStateParam(true);
         $server->setDefaultScope('foobar');
-        $server->setScopeDelimeter(',');
+        $server->setScopeDelimiter(',');
         $server->setAccessTokenTTL(1);
 
         $grant = M::mock('League\OAuth2\Server\Grant\GrantTypeInterface');
@@ -36,7 +36,7 @@ class AuthorizationServerTest extends \PHPUnit_Framework_TestCase
         $this->assertTrue($server->stateParamRequired());
         $this->assertTrue($server->getScopeStorage() instanceof ScopeInterface);
         $this->assertEquals('foobar', $server->getDefaultScope());
-        $this->assertEquals(',', $server->getScopeDelimeter());
+        $this->assertEquals(',', $server->getScopeDelimiter());
         $this->assertEquals(1, $server->getAccessTokenTTL());
     }
 

tests/unit/Grant/RefreshTokenGrantTest.php

@@ -190,7 +190,7 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
         $refreshTokenStorage->shouldReceive('delete');
         $refreshTokenStorage->shouldReceive('create');
         $refreshTokenStorage->shouldReceive('get')->andReturn(
-            (new RefreshTokenEntity($server))
+            (new RefreshTokenEntity($server))->setExpireTime(time() + 86400)
         );
 
         $scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
@@ -261,7 +261,7 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
         $refreshTokenStorage->shouldReceive('delete');
         $refreshTokenStorage->shouldReceive('create');
         $refreshTokenStorage->shouldReceive('get')->andReturn(
-            (new RefreshTokenEntity($server))
+            (new RefreshTokenEntity($server))->setExpireTime(time() + 86400)
         );
 
         $scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
@@ -285,6 +285,74 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
         $this->assertTrue(isset($response['expires_in']));
     }
 
+    public function testCompleteFlowExpiredRefreshToken()
+    {
+        $this->setExpectedException('League\OAuth2\Server\Exception\InvalidRefreshException');
+        
+        $_POST = [
+            'grant_type'    => 'refresh_token',
+            'client_id'     =>  'testapp',
+            'client_secret' =>  'foobar',
+            'refresh_token' =>  'refresh_token',
+            'scope'         =>  'foo',
+        ];
+
+        $server = new AuthorizationServer();
+        $grant = new RefreshTokenGrant();
+
+        $oldSession = (new SessionEntity($server))->associateScope((new ScopeEntity($server))->hydrate(['id' => 'foo']));
+
+        $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
+        $clientStorage->shouldReceive('setServer');
+        $clientStorage->shouldReceive('get')->andReturn(
+            (new ClientEntity($server))->hydrate(['id' => 'testapp'])
+        );
+
+        $sessionStorage = M::mock('League\OAuth2\Server\Storage\SessionInterface');
+        $sessionStorage->shouldReceive('setServer');
+        $sessionStorage->shouldReceive('getScopes')->shouldReceive('getScopes')->andReturn([]);
+        $sessionStorage->shouldReceive('associateScope');
+        $sessionStorage->shouldReceive('getByAccessToken')->andReturn(
+            $oldSession
+        );
+
+        $accessTokenStorage = M::mock('League\OAuth2\Server\Storage\AccessTokenInterface');
+        $accessTokenStorage->shouldReceive('setServer');
+        $accessTokenStorage->shouldReceive('get')->andReturn(
+            (new AccessTokenEntity($server))
+        );
+        $accessTokenStorage->shouldReceive('delete');
+        $accessTokenStorage->shouldReceive('create');
+        $accessTokenStorage->shouldReceive('getScopes')->andReturn([
+            (new ScopeEntity($server))->hydrate(['id' => 'foo']),
+        ]);
+        $accessTokenStorage->shouldReceive('associateScope');
+
+        $refreshTokenStorage = M::mock('League\OAuth2\Server\Storage\RefreshTokenInterface');
+        $refreshTokenStorage->shouldReceive('setServer');
+        $refreshTokenStorage->shouldReceive('associateScope');
+        $refreshTokenStorage->shouldReceive('delete');
+        $refreshTokenStorage->shouldReceive('create');
+        $refreshTokenStorage->shouldReceive('get')->andReturn(
+            (new RefreshTokenEntity($server))
+        );
+
+        $scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
+        $scopeStorage->shouldReceive('setServer');
+        $scopeStorage->shouldReceive('get')->andReturn(
+            (new ScopeEntity($server))->hydrate(['id' => 'foo'])
+        );
+
+        $server->setClientStorage($clientStorage);
+        $server->setScopeStorage($scopeStorage);
+        $server->setSessionStorage($sessionStorage);
+        $server->setAccessTokenStorage($accessTokenStorage);
+        $server->setRefreshTokenStorage($refreshTokenStorage);
+
+        $server->addGrantType($grant);
+        $server->issueAccessToken();
+    }
+
     public function testCompleteFlowRequestScopesInvalid()
     {
         $_POST = [
@@ -332,7 +400,7 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
         $refreshTokenStorage->shouldReceive('delete');
         $refreshTokenStorage->shouldReceive('create');
         $refreshTokenStorage->shouldReceive('get')->andReturn(
-            (new RefreshTokenEntity($server))
+            (new RefreshTokenEntity($server))->setExpireTime(time() + 86400)
         );
 
         $scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');