Ejemplo n.º 1
0
 /**
  * Tests OAuth2->verifyAccessToken() with different scopes
  *
  * @dataProvider generateScopes
  */
 public function testVerifyAccessTokenCheckScope($scopeRequired, $token, $expectedToPass)
 {
     // Set up the mock storage to say this token does not exist
     $mockStorage = $this->getMock('IOAuth2Storage');
     $mockStorage->expects($this->once())->method('getAccessToken')->will($this->returnValue($token));
     $this->fixture = new OAuth2($mockStorage);
     // When valid, we just want any sort of token
     if ($expectedToPass) {
         $actual = $this->fixture->verifyAccessToken($this->tokenId, $scopeRequired);
         $this->assertNotEmpty($actual, "verifyAccessToken() was expected to PASS, but it failed");
         $this->assertInternalType('array', $actual);
     } else {
         $this->setExpectedException('OAuth2AuthenticateException');
         $this->fixture->verifyAccessToken($this->tokenId, $scopeRequired);
     }
 }
Ejemplo n.º 2
0
     }
     break;
 case 'request_token':
     header('X-Frame-Options: DENY');
     error_reporting(0);
     try {
         $oauth->grantAccessToken();
     } catch (OAuth2ServerException $oauthError) {
         $oauthError->sendHttpResponse();
     }
     break;
 case 'request_access':
     error_reporting(0);
     try {
         $token = $oauth->getBearerToken();
         $data = $oauth->verifyAccessToken($token);
         // GET THE USER ID FROM THE TOKEN AND NOT THE REQUESTING PARTY
         $user_id = $data['user_id'];
         global $wpdb;
         $info = $wpdb->get_row("SELECT * FROM {$wpdb->prefix}users WHERE ID = " . $user_id . "");
         // don't send sensitive info accross the wire.
         unset($info->user_pass);
         unset($info->user_activation_key);
         // add user metadata
         $infometa = $wpdb->get_results("SELECT meta_key, meta_value FROM {$wpdb->prefix}usermeta WHERE user_id = " . $user_id . "");
         foreach ($infometa as $metarow) {
             // exclude sensitive data
             if (1 === preg_match("/pmpro_|token|wp_|theme_my_login_security|credit|card|password/i", $metarow->meta_key)) {
                 continue;
             }
             $key = $metarow->meta_key;
Ejemplo n.º 3
0
 /**
  * @param \OAuth2 $oauth2
  * @return bool
  */
 private function verifyAccessToken(\OAuth2 $oauth2)
 {
     return $oauth2->verifyAccessToken($this->verifyOptions['scope'], $this->verifyOptions['exit_not_present'], $this->verifyOptions['exit_invalid'], $this->verifyOptions['exit_expired'], $this->verifyOptions['exit_scope'], $this->verifyOptions['realm']);
 }