} $liveRefreshTokens = array(); foreach ($user['refreshTokens'] as $id) { $token = $tokenStore->getRefreshToken($id); if (!is_null($token)) { if (isset($_REQUEST['tokenId']) && $id === $_REQUEST['tokenId']) { $tokenStore->removeRefreshToken($id); } else { array_push($refreshTokens, $token); array_push($liveRefreshTokens, $token['id']); } } } $liveAccessTokens = array(); foreach ($user['accessTokens'] as $id) { $token = $tokenStore->getAccessToken($id); if (!is_null($token)) { if (isset($_REQUEST['tokenId']) && $id === $_REQUEST['tokenId']) { $tokenStore->removeAccessToken($id); } else { array_push($accessTokens, $token); array_push($liveAccessTokens, $token['id']); } } } $liveClients = array(); foreach ($user['clients'] as $id) { $client = $clientStore->getClient($id); if (!is_null($client)) { array_push($clients, $client); array_push($liveClients, $client['id']);
$errorCode = 200; $response = null; if ($config->getValue('enable_resource_owner_service', false)) { if ($_SERVER['REQUEST_METHOD'] != 'OPTIONS') { //sort of ignore the damn ajax options pre-flight requests foreach (getallheaders() as $name => $value) { if ($name === 'Authorization' && strpos($value, 'Bearer ') === 0) { $tokenType = 'Bearer'; $accessTokenId = base64_decode(trim(substr($value, 7))); } } if (isset($accessTokenId)) { if ('Bearer' === $tokenType) { $tokenStore = new sspmod_oauth2server_OAuth2_TokenStore($config); $userStore = new sspmod_oauth2server_OAuth2_UserStore($config); $accessToken = $tokenStore->getAccessToken($accessTokenId); if ($accessToken != null) { $user = $userStore->getUser($accessToken['userId']); } if (isset($user) && $user != null) { $configuredAttributeScopes = $config->getValue('resource_owner_service_attribute_scopes', array()); $attributeScopes = array_intersect($accessToken['scopes'], array_keys($configuredAttributeScopes)); if (count($attributeScopes) > 0) { $response = array(); $attributeNames = array(); // null means grab all attributes foreach ($attributeScopes as $scope) { if (is_array($attributeNames) && is_array($configuredAttributeScopes[$scope])) { $attributeNames = array_merge($attributeNames, $configuredAttributeScopes[$scope]); } else { $attributeNames = null;
if (array_search($_REQUEST['tokenId'], $user['authorizationCodes']) !== false) { $token = $tokenStore->getAuthorizationCode($_REQUEST['tokenId']); if (is_array($token) && isset($_POST['revoke'])) { $tokenStore->removeAuthorizationCode($_REQUEST['tokenId']); SimpleSAML\Utils\HTTP::redirectTrustedURL(SimpleSAML_Module::getModuleURL('oauth2server/manage/status.php')); } } else { if (array_search($_REQUEST['tokenId'], $user['refreshTokens']) !== false) { $token = $tokenStore->getRefreshToken($_REQUEST['tokenId']); if (is_array($token) && isset($_POST['revoke'])) { $tokenStore->removeRefreshToken($_REQUEST['tokenId']); SimpleSAML\Utils\HTTP::redirectTrustedURL(SimpleSAML_Module::getModuleURL('oauth2server/manage/status.php')); } } else { if (array_search($_REQUEST['tokenId'], $user['accessTokens']) !== false) { $token = $tokenStore->getAccessToken($_REQUEST['tokenId']); if (is_array($token) && isset($_POST['revoke'])) { $tokenStore->removeAccessToken($_REQUEST['tokenId']); SimpleSAML\Utils\HTTP::redirectTrustedURL(SimpleSAML_Module::getModuleURL('oauth2server/manage/status.php')); } } } } } $globalConfig = SimpleSAML_Configuration::getInstance(); $t = new SimpleSAML_XHTML_Template($globalConfig, 'oauth2server:manage/token.php'); foreach ($config->getValue('scopes', array()) as $scope => $translations) { $t->includeInlineTranslation('{oauth2server:oauth2server:' . $scope . '}', $translations); } if (isset($token)) { $clientStore = new sspmod_oauth2server_OAuth2_ClientStore($config);
if ($refreshToken['expire'] > $user['expire']) { $user['expire'] = $refreshToken['expire']; } if (($index = array_search($authorizationTokenId, $user['authorizationCodes'])) !== false) { unset($user['authorizationCodes'][$index]); } } else { $refreshToken = $authorizationToken; } if ($accessToken['expire'] > $refreshToken['expire']) { $accessToken['expire'] = $refreshToken['expire']; } $tokenStore->addAccessToken($accessToken); $liveAccessTokens = array($accessToken['id']); foreach ($user['accessTokens'] as $tokenId) { if (!is_null($tokenStore->getAccessToken($tokenId))) { array_push($liveAccessTokens, $tokenId); } } $user['accessTokens'] = $liveAccessTokens; if (isset($client['expire'])) { $clientGracePeriod = $config->getValue('client_grace_period', 30 * 24 * 60 * 60); $now = time(); if ($client['expire'] < $now + $clientGracePeriod / 2) { $client['expire'] = $now + $clientGracePeriod; $clientStore->updateClient($client); } if ($client['expire'] > $user['expire']) { $user['expire'] = $client['expire']; } }
* json array containing a status attribute as well as access token properties, if * the token was valid * */ session_cache_limiter('nocache'); header('Content-Type: application/json; charset=utf-8'); $config = SimpleSAML_Configuration::getConfig('module_oauth2server.php'); if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['access_token']) && isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) { $resourceServerId = $_SERVER['PHP_AUTH_USER']; $password = $_SERVER['PHP_AUTH_PW']; $resourceServers = $config->getValue('resources', array()); if (array_key_exists($resourceServerId, $resourceServers)) { $resourceServer = $resourceServers[$resourceServerId]; if ($password === $resourceServer['password'] || array_key_exists('alternative_password', $resourceServer) && $password === $resourceServer['alternative_password']) { $tokenStore = new sspmod_oauth2server_OAuth2_TokenStore($config); $accessToken = $tokenStore->getAccessToken($_POST['access_token']); if (is_array($accessToken)) { $clientStore = new sspmod_oauth2server_OAuth2_ClientStore($config); $userStore = new sspmod_oauth2server_OAuth2_UserStore($config); if (is_array($clientStore->getClient($accessToken['clientId'])) && is_array($userStore->getUser($accessToken['userId']))) { echo json_encode(array('status' => 'valid_token', 'expires_in' => $accessToken['expire'] - time(), 'scopes' => array_values($accessToken['scopes']), 'userId' => $accessToken['userId'])); return; } } echo json_encode(array('status' => 'unknown_token')); return; } } $errorCode = 401; $status = 'invalid_resource'; } else {
/** * @group unit * @group oauth2 */ public function testRemoveAccessToken() { $store = new \sspmod_oauth2server_OAuth2_TokenStore($this->getDefaultConfiguration()); $token1 = array('id' => 'dummy', 'expire' => time() + 1000); $store->addAccessToken($token1); $token2 = $store->getAccessToken($token1['id']); $this->assertNotNull($token2); $this->assertEquals($token1['id'], $token2['id']); $store->removeAccessToken($token2['id']); $token3 = $store->getAccessToken($token2['id']); $this->assertNull($token3); }