if (!is_null($user)) {
$liveAuthorizationCodes = array();
foreach ($user['authorizationCodes'] as $id) {
$token = $tokenStore->getAuthorizationCode($id);
if (!is_null($token)) {
if (isset($_REQUEST['tokenId']) && $id === $_REQUEST['tokenId']) {
$tokenStore->removeAuthorizationCode($id);
} else {
array_push($authorizationCodes, $token);
array_push($liveAuthorizationCodes, $token['id']);
}
}
}
$liveRefreshTokens = array();
foreach ($user['refreshTokens'] as $id) {
$token = $tokenStore->getRefreshToken($id);
if (!is_null($token)) {
if (isset($_REQUEST['tokenId']) && $id === $_REQUEST['tokenId']) {
$tokenStore->removeRefreshToken($id);
} else {
array_push($refreshTokens, $token);
array_push($liveRefreshTokens, $token['id']);
}
}
}
$liveAccessTokens = array();
foreach ($user['accessTokens'] as $id) {
$token = $tokenStore->getAccessToken($id);
if (!is_null($token)) {
if (isset($_REQUEST['tokenId']) && $id === $_REQUEST['tokenId']) {
$tokenStore->removeAccessToken($id);
if (!is_null($clientId)) {
$client = $clientStore->getClient($clientId);
if (!is_null($client)) {
if (!isset($client['password']) && is_null($password) || isset($client['password']) && $password === $client['password'] || isset($client['alternative_password']) && $password === $client['alternative_password']) {
$tokenStore = new sspmod_oauth2server_OAuth2_TokenStore($config);
$userStore = new sspmod_oauth2server_OAuth2_UserStore($config);
$authorizationTokenId = null;
$authorizationToken = null;
$user = null;
if ($_POST['grant_type'] === 'authorization_code' && array_key_exists('code', $_POST)) {
$authorizationTokenId = $_POST['code'];
$authorizationToken = $tokenStore->getAuthorizationCode($authorizationTokenId);
$tokenStore->removeAuthorizationCode($_POST['code']);
} elseif ($_POST['grant_type'] === 'refresh_token' && array_key_exists('refresh_token', $_POST)) {
$authorizationTokenId = $_POST['refresh_token'];
$authorizationToken = $tokenStore->getRefreshToken($authorizationTokenId);
}
if (!is_null($authorizationToken)) {
$user = $userStore->getUser($authorizationToken['userId']);
}
if (!is_null($user)) {
if ($clientId == $authorizationToken['clientId']) {
$redirectUri = array_key_exists('redirect_uri', $_POST) ? $_POST['redirect_uri'] : null;
if ($authorizationToken['redirectUri'] == $redirectUri) {
$tokenFactory = new sspmod_oauth2server_OAuth2_TokenFactory($authorizationToken['authorizationCodeTTL'], $authorizationToken['accessTokenTTL'], $authorizationToken['refreshTokenTTL']);
$accessToken = $tokenFactory->createBearerAccessToken($authorizationToken['clientId'], $authorizationToken['scopes'], $authorizationToken['userId']);
if ($_POST['grant_type'] === 'authorization_code') {
$refreshToken = $tokenFactory->createRefreshToken($authorizationToken['clientId'], $authorizationToken['redirectUri'], $authorizationToken['scopes'], $authorizationToken['userId']);
$tokenStore->addRefreshToken($refreshToken);
$liveRefreshTokens = array($refreshToken['id']);
foreach ($user['refreshTokens'] as $tokenId) {
}
$idAttribute = $config->getValue('user_id_attribute', 'eduPersonScopedAffiliation');
$tokenStore = new sspmod_oauth2server_OAuth2_TokenStore($config);
$userStore = new sspmod_oauth2server_OAuth2_UserStore($config);
$attributes = $as->getAttributes();
$user = $userStore->getUser($attributes[$idAttribute][0]);
if (!is_null($user) && isset($_REQUEST['tokenId'])) {
if (array_search($_REQUEST['tokenId'], $user['authorizationCodes']) !== false) {
$token = $tokenStore->getAuthorizationCode($_REQUEST['tokenId']);
if (is_array($token) && isset($_POST['revoke'])) {
$tokenStore->removeAuthorizationCode($_REQUEST['tokenId']);
SimpleSAML\Utils\HTTP::redirectTrustedURL(SimpleSAML_Module::getModuleURL('oauth2server/manage/status.php'));
}
} else {
if (array_search($_REQUEST['tokenId'], $user['refreshTokens']) !== false) {
$token = $tokenStore->getRefreshToken($_REQUEST['tokenId']);
if (is_array($token) && isset($_POST['revoke'])) {
$tokenStore->removeRefreshToken($_REQUEST['tokenId']);
SimpleSAML\Utils\HTTP::redirectTrustedURL(SimpleSAML_Module::getModuleURL('oauth2server/manage/status.php'));
}
} else {
if (array_search($_REQUEST['tokenId'], $user['accessTokens']) !== false) {
$token = $tokenStore->getAccessToken($_REQUEST['tokenId']);
if (is_array($token) && isset($_POST['revoke'])) {
$tokenStore->removeAccessToken($_REQUEST['tokenId']);
SimpleSAML\Utils\HTTP::redirectTrustedURL(SimpleSAML_Module::getModuleURL('oauth2server/manage/status.php'));
}
}
}
}
}
/**
* @group unit
* @group oauth2
*/
public function testAccessTokenIsolation()
{
$store = new \sspmod_oauth2server_OAuth2_TokenStore($this->getDefaultConfiguration());
$token1 = array('id' => 'dummy', 'expire' => time() + 1000);
$store->addAccessToken($token1);
$this->assertNull($store->getAuthorizationCode($token1['id']));
$this->assertNull($store->getRefreshToken($token1['id']));
}
