Ejemplo n.º 1
0
 public function testVerifyRedirectUriRegExp()
 {
     $clientData = new ClientData(array('id' => 'foo', 'redirect_uri' => 'https://www.example.org/callback/[0-9]+', 'name' => 'Foo', 'type' => 'code', 'secret' => 'foo'));
     $this->assertTrue($clientData->verifyRedirectUri('https://www.example.org/callback/[0-9]+'));
     $this->assertTrue($clientData->verifyRedirectUri('https://www.example.org/callback/55', true));
     $this->assertFalse($clientData->verifyRedirectUri('https://www.example.org/callback/a5', true));
 }
Ejemplo n.º 2
0
 public function __construct(ClientData $clientData, Request $request, $redirectUri, array $urlParams)
 {
     $clientType = $clientData->getType();
     $urlParams['state'] = $request->getUrl()->getQueryParameter('state');
     // remove empty parameters
     foreach ($urlParams as $key => $value) {
         if (empty($value)) {
             unset($urlParams[$key]);
         }
     }
     if ('token' === $clientType) {
         $separator = '#';
     } else {
         $separator = false === strpos($redirectUri, '?') ? '?' : '&';
     }
     parent::__construct(sprintf('%s%s%s', $redirectUri, $separator, http_build_query($urlParams)), 302);
 }
Ejemplo n.º 3
0
 public function addClient(ClientData $clientData)
 {
     $stmt = $this->db->prepare('INSERT INTO clients (id, name, description, secret, disable_user_consent, redirect_uri, type, icon, allowed_scope, contact_email) VALUES(:client_id, :name, :description, :secret, :disable_user_consent, :redirect_uri, :type, :icon, :allowed_scope, :contact_email)');
     $stmt->bindValue(':client_id', $clientData->getId(), PDO::PARAM_STR);
     $stmt->bindValue(':name', $clientData->getName(), PDO::PARAM_STR);
     $stmt->bindValue(':description', $clientData->getDescription(), PDO::PARAM_STR);
     $stmt->bindValue(':secret', $clientData->getSecret(), PDO::PARAM_STR);
     $stmt->bindValue(':redirect_uri', $clientData->getRedirectUri(), PDO::PARAM_STR);
     $stmt->bindValue(':disable_user_consent', $clientData->getDisableUserConsent(), PDO::PARAM_BOOL);
     $stmt->bindValue(':type', $clientData->getType(), PDO::PARAM_STR);
     $stmt->bindValue(':icon', $clientData->getIcon(), PDO::PARAM_STR);
     $stmt->bindValue(':allowed_scope', $clientData->getAllowedScope(), PDO::PARAM_STR);
     $stmt->bindValue(':contact_email', $clientData->getContactEmail(), PDO::PARAM_STR);
     $stmt->execute();
     return 1 === $stmt->rowCount();
 }
 private function addApproval(ClientData $clientData, $userId, $scope)
 {
     $approval = $this->storage->getApprovalByResourceOwnerId($clientData->getId(), $userId);
     if (false === $approval) {
         // no approval exists, generate a refresh_token and add it
         $refreshToken = 'code' === $clientData->getType() ? $this->io->getRandomHex() : null;
         $this->storage->addApproval($clientData->getId(), $userId, $scope, $refreshToken);
     } else {
         // an approval exists, we don't care about the scope, we just
         // update it if needed keeping the same refresh_token
         $this->storage->updateApproval($clientData->getId(), $userId, $scope);
     }
 }
Ejemplo n.º 5
0
 public function handleRefreshToken(TokenRequest $tokenRequest, ClientData $clientData)
 {
     $refreshToken = $tokenRequest->getRefreshToken();
     $scope = $tokenRequest->getScope();
     $result = $this->db->getApprovalByRefreshToken($clientData->getId(), $refreshToken);
     if (false === $result) {
         throw new BadRequestException('invalid_grant', 'the refresh_token was not found');
     }
     $token = array();
     $token['access_token'] = $this->io->getRandomHex();
     $token['expires_in'] = $this->accessTokenExpiry;
     if (null !== $scope) {
         // the client wants to obtain a specific scope
         $requestedScope = new Scope($scope);
         $authorizedScope = new Scope($result['scope']);
         if ($requestedScope->hasOnlyScope($authorizedScope)) {
             // if it is a subset of the authorized scope we honor that
             $token['scope'] = $requestedScope->toString();
         } else {
             // if not the client gets the authorized scope
             $token['scope'] = $result['scope'];
         }
     } else {
         $token['scope'] = $result['scope'];
     }
     $token['token_type'] = 'bearer';
     $this->db->storeAccessToken($token['access_token'], $this->io->getTime(), $clientData->getId(), $result['resource_owner_id'], $token['scope'], $token['expires_in']);
     return $token;
 }