Code Coverage for /home/travis/build/thephpleague/oauth2-server/src/Grant/AuthCodeGrant.php

	Code Coverage
	Classes and Traits			Functions and Methods				Lines
Total	100.00% covered (success)	100.00%	1 / 1	100.00% covered (success)	100.00%	5 / 5	CRAP	100.00% covered (success)	100.00%	93 / 93
AuthCodeGrant	100.00% covered (success)	100.00%	1 / 1	100.00% covered (success)	100.00%	6 / 6	28	100.00% covered (success)	100.00%	93 / 93
setAuthTokenTTL				100.00% covered (success)	100.00%	1 / 1	1	100.00% covered (success)	100.00%	2 / 2
setRequireClientSecret				100.00% covered (success)	100.00%	1 / 1	1	100.00% covered (success)	100.00%	0 / 0
shouldRequireClientSecret				100.00% covered (success)	100.00%	1 / 1	1	100.00% covered (success)	100.00%	1 / 1
checkAuthorizeParams				100.00% covered (success)	100.00%	1 / 1	8	100.00% covered (success)	100.00%	26 / 26
newAuthorizeRequest				100.00% covered (success)	100.00%	1 / 1	2	100.00% covered (success)	100.00%	14 / 14
completeFlow				100.00% covered (success)	100.00%	1 / 1	15	100.00% covered (success)	100.00%	50 / 50

1	<?php
2	/**
3	* OAuth 2.0 Auth code grant
4	*
5	* @package league/oauth2-server
6	* @author Alex Bilbie <hello@alexbilbie.com>
7	* @copyright Copyright (c) Alex Bilbie
8	* @license http://mit-license.org/
9	* @link https://github.com/thephpleague/oauth2-server
10	*/
11
12	namespace League\OAuth2\Server\Grant;
13
14	use League\OAuth2\Server\Entity\AccessTokenEntity;
15	use League\OAuth2\Server\Entity\AuthCodeEntity;
16	use League\OAuth2\Server\Entity\ClientEntity;
17	use League\OAuth2\Server\Entity\RefreshTokenEntity;
18	use League\OAuth2\Server\Entity\SessionEntity;
19	use League\OAuth2\Server\Event;
20	use League\OAuth2\Server\Exception;
21	use League\OAuth2\Server\Util\SecureKey;
22
23	/**
24	* Auth code grant class
25	*/
26	class AuthCodeGrant extends AbstractGrant
27	{
28	/**
29	* Grant identifier
30	*
31	* @var string
32	*/
33	protected $identifier = 'authorization_code';
34
35	/**
36	* Response type
37	*
38	* @var string
39	*/
40	protected $responseType = 'code';
41
42	/**
43	* AuthServer instance
44	*
45	* @var \League\OAuth2\Server\AuthorizationServer
46	*/
47	protected $server = null;
48
49	/**
50	* Access token expires in override
51	*
52	* @var int
53	*/
54	protected $accessTokenTTL = null;
55
56	/**
57	* The TTL of the auth token
58	*
59	* @var integer
60	*/
61	protected $authTokenTTL = 600;
62
63	/**
64	* Whether to require the client secret when
65	* completing the flow.
66	*
67	* @var boolean
68	*/
69	protected $requireClientSecret = true;
70
71	/**
72	* Override the default access token expire time
73	*
74	* @param int $authTokenTTL
75	*
76	* @return void
77	*/
78	public function setAuthTokenTTL($authTokenTTL)
79	{
80	$this->authTokenTTL = $authTokenTTL;
81	}
82
83	/**
84	*
85	* @param bool $required True to require client secret during access
86	* token request. False if not. Default = true
87	*/
88	public function setRequireClientSecret($required)
89	{
90	$this->requireClientSecret = $required;
91	}
92
93	/**
94	* True if client secret is required during
95	* access token request. False if it isn't.
96	*
97	* @return bool
98	*/
99	public function shouldRequireClientSecret()
100	{
101	return $this->requireClientSecret;
102	}
103
104	/**
105	* Check authorize parameters
106	*
107	* @return array Authorize request parameters
108	*
109	* @throws
110	*/
111	public function checkAuthorizeParams()
112	{
113	// Get required params
114	$clientId = $this->server->getRequest()->query->get('client_id', null);
115	if (is_null($clientId)) {
116	throw new Exception\InvalidRequestException('client_id');
117	}
118
119	$redirectUri = $this->server->getRequest()->query->get('redirect_uri', null);
120	if (is_null($redirectUri)) {
121	throw new Exception\InvalidRequestException('redirect_uri');
122	}
123
124	// Validate client ID and redirect URI
125	$client = $this->server->getClientStorage()->get(
126	$clientId,
127	null,
128	$redirectUri,
129	$this->getIdentifier()
130	);
131
132	if (($client instanceof ClientEntity) === false) {
133	$this->server->getEventEmitter()->emit(new Event\ClientAuthenticationFailedEvent($this->server->getRequest()));
134	throw new Exception\InvalidClientException();
135	}
136
137	$state = $this->server->getRequest()->query->get('state', null);
138	if ($this->server->stateParamRequired() === true && is_null($state)) {
139	throw new Exception\InvalidRequestException('state', $redirectUri);
140	}
141
142	$responseType = $this->server->getRequest()->query->get('response_type', null);
143	if (is_null($responseType)) {
144	throw new Exception\InvalidRequestException('response_type', $redirectUri);
145	}
146
147	// Ensure response type is one that is recognised
148	if (!in_array($responseType, $this->server->getResponseTypes())) {
149	throw new Exception\UnsupportedResponseTypeException($responseType, $redirectUri);
150	}
151
152	// Validate any scopes that are in the request
153	$scopeParam = $this->server->getRequest()->query->get('scope', '');
154	$scopes = $this->validateScopes($scopeParam, $client, $redirectUri);
155
156	return [
157	'client' => $client,
158	'redirect_uri' => $redirectUri,
159	'state' => $state,
160	'response_type' => $responseType,
161	'scopes' => $scopes
162	];
163	}
164
165	/**
166	* Parse a new authorize request
167	*
168	* @param string $type The session owner's type
169	* @param string $typeId The session owner's ID
170	* @param array $authParams The authorize request $_GET parameters
171	*
172	* @return string An authorisation code
173	*/
174	public function newAuthorizeRequest($type, $typeId, $authParams = [])
175	{
176	// Create a new session
177	$session = new SessionEntity($this->server);
178	$session->setOwner($type, $typeId);
179	$session->associateClient($authParams['client']);
180
181	// Create a new auth code
182	$authCode = new AuthCodeEntity($this->server);
183	$authCode->setId(SecureKey::generate());
184	$authCode->setRedirectUri($authParams['redirect_uri']);
185	$authCode->setExpireTime(time() + $this->authTokenTTL);
186
187	foreach ($authParams['scopes'] as $scope) {
188	$authCode->associateScope($scope);
189	$session->associateScope($scope);
190	}
191
192	$session->save();
193	$authCode->setSession($session);
194	$authCode->save();
195
196	return $authCode->generateRedirectUri($authParams['state']);
197	}
198
199	/**
200	* Complete the auth code grant
201	*
202	* @return array
203	*
204	* @throws
205	*/
206	public function completeFlow()
207	{
208	// Get the required params
209	$clientId = $this->server->getRequest()->request->get('client_id', $this->server->getRequest()->getUser());
210	if (is_null($clientId)) {
211	throw new Exception\InvalidRequestException('client_id');
212	}
213
214	$clientSecret = $this->server->getRequest()->request->get('client_secret',
215	$this->server->getRequest()->getPassword());
216	if ($this->shouldRequireClientSecret() && is_null($clientSecret)) {
217	throw new Exception\InvalidRequestException('client_secret');
218	}
219
220	$redirectUri = $this->server->getRequest()->request->get('redirect_uri', null);
221	if (is_null($redirectUri)) {
222	throw new Exception\InvalidRequestException('redirect_uri');
223	}
224
225	// Validate client ID and client secret
226	$client = $this->server->getClientStorage()->get(
227	$clientId,
228	$clientSecret,
229	$redirectUri,
230	$this->getIdentifier()
231	);
232
233	if (($client instanceof ClientEntity) === false) {
234	$this->server->getEventEmitter()->emit(new Event\ClientAuthenticationFailedEvent($this->server->getRequest()));
235	throw new Exception\InvalidClientException();
236	}
237
238	// Validate the auth code
239	$authCode = $this->server->getRequest()->request->get('code', null);
240	if (is_null($authCode)) {
241	throw new Exception\InvalidRequestException('code');
242	}
243
244	$code = $this->server->getAuthCodeStorage()->get($authCode);
245	if (($code instanceof AuthCodeEntity) === false) {
246	throw new Exception\InvalidRequestException('code');
247	}
248
249	// Ensure the auth code hasn't expired
250	if ($code->isExpired() === true) {
251	throw new Exception\InvalidRequestException('code');
252	}
253
254	// Check redirect URI presented matches redirect URI originally used in authorize request
255	if ($code->getRedirectUri() !== $redirectUri) {
256	throw new Exception\InvalidRequestException('redirect_uri');
257	}
258
259	$session = $code->getSession();
260	$session->associateClient($client);
261
262	$authCodeScopes = $code->getScopes();
263
264	// Generate the access token
265	$accessToken = new AccessTokenEntity($this->server);
266	$accessToken->setId(SecureKey::generate());
267	$accessToken->setExpireTime($this->getAccessTokenTTL() + time());
268
269	foreach ($authCodeScopes as $authCodeScope) {
270	$session->associateScope($authCodeScope);
271	}
272
273	foreach ($session->getScopes() as $scope) {
274	$accessToken->associateScope($scope);
275	}
276
277	$this->server->getTokenType()->setSession($session);
278	$this->server->getTokenType()->setParam('access_token', $accessToken->getId());
279	$this->server->getTokenType()->setParam('expires_in', $this->getAccessTokenTTL());
280
281	// Associate a refresh token if set
282	if ($this->server->hasGrantType('refresh_token')) {
283	$refreshToken = new RefreshTokenEntity($this->server);
284	$refreshToken->setId(SecureKey::generate());
285	$refreshToken->setExpireTime($this->server->getGrantType('refresh_token')->getRefreshTokenTTL() + time());
286	$this->server->getTokenType()->setParam('refresh_token', $refreshToken->getId());
287	}
288
289	// Expire the auth code
290	$code->expire();
291
292	// Save all the things
293	$accessToken->setSession($session);
294	$accessToken->save();
295
296	if (isset($refreshToken) && $this->server->hasGrantType('refresh_token')) {
297	$refreshToken->setAccessToken($accessToken);
298	$refreshToken->save();
299	}
300
301	return $this->server->getTokenType()->generateResponse();
302	}
303	}