/**
* function to create the OAuth2 Server Object
*/
public function setup(Application $app)
{
$app['fixtures_manager'] = new FixturesManager($app);
// make sure the sqlite file is initialized
$sqliteFile = __DIR__ . '/../../../data/coop.sqlite';
$dbFileExists = file_exists($sqliteFile);
if (!$dbFileExists) {
$app['fixtures_manager']->resetDatabase();
}
// create PDO-based sqlite storage
$storage = new Pdo(array('dsn' => 'sqlite:' . $sqliteFile));
$app['storage'] = $storage;
// if we created the db, lets put in some data
if (!$dbFileExists) {
$app['fixtures_manager']->populateSqliteDb();
}
// create array of supported grant types
// todo - update the documentation in _authentication.twig when we add more
$grantTypes = array('authorization_code' => new AuthorizationCode($storage), 'client_credentials' => new ClientCredentials($storage), 'refresh_token' => new RefreshToken($storage, array('always_issue_new_refresh_token' => true)));
// instantiate the oauth server
$server = new OAuth2Server($storage, array('enforce_state' => false, 'allow_implicit' => true, 'access_lifetime' => 86400), $grantTypes);
$app['api_actions'] = ['barn-unlock' => 'Unlock the Barn', 'toiletseat-down' => 'Put the Toilet Seat Down', 'chickens-feed' => 'Feed Your Chickens', 'eggs-collect' => 'Collect Eggs from Your Chickens', 'eggs-count' => 'Get the Number of Eggs Collected Today'];
$app['scopes'] = array_merge($app['api_actions'], ['profile' => 'Access Your Profile Data']);
// add scopes
$memory = new Memory(array('supported_scopes' => array_keys($app['scopes'])));
$server->setScopeUtil(new Scope($memory));
// add the server to the silex "container" so we can use it in our controllers (see src/OAuth2Demo/Server/Controllers/.*)
$app['oauth_server'] = $server;
/**
* add HttpFoundataionBridge Response to the container, which returns a silex-compatible response object
* @see (https://github.com/bshaffer/oauth2-server-httpfoundation-bridge)
*/
$app['oauth_response'] = new BridgeResponse();
}
/**
* Create service
*
* @param ServiceLocatorInterface $serviceLocator
* @throws \InvalidArgumentException
* @return mixed
*/
public function createService(ServiceLocatorInterface $serviceLocator)
{
$config = $serviceLocator->get('Config');
if (isset($config['parrot-oauth2'])) {
$config = $config['parrot-oauth2'];
$storage = array('user_credentials' => $serviceLocator->get('Parrot\\Oauth2\\Storage\\UserCredentials'), 'client_credentials' => $serviceLocator->get('Parrot\\Oauth2\\Storage\\ClientCredentials'), 'access_token' => $serviceLocator->get('Parrot\\Oauth2\\Storage\\AccessToken'), 'scope' => $serviceLocator->get('Parrot\\Oauth2\\Storage\\Scope'));
$server = new Server($storage, $config);
$server->setScopeUtil($serviceLocator->get('Parrot\\Oauth2\\Storage\\Scope'));
return $server;
} else {
throw new InvalidArgumentException('Parrot OAuth2 requires a defined config');
}
}
public function setup(Application $app)
{
//$dsn = "mysql:dbname=renap_users;unix_socket=/tmp/mysqld.sock;host:localhost;";
$dsn = "mysql:dbname=renap_users;host:localhost;";
$username = "******";
$password = "******";
$storage = new Pdo(array("dsn" => $dsn, "username" => $username, "password" => $password));
$grantTypes = array('authorization_code' => new AuthorizationCode($storage), 'refresh_token' => new RefreshToken($storage, array('always_issue_new_refresh_token' => true)));
$server = new OAuth2Server($storage, array('enforce_state' => true, 'allow_implicit' => true, 'issuer' => $_SERVER['HTTP_HOST']), $grantTypes);
$defaultScope = 'basic';
$supportedScopes = array('basic', 'admin');
$memory = new Memory(array('default_scope' => $defaultScope, 'supported_scopes' => $supportedScopes));
$scopeUtil = new Scope($memory);
$server->setScopeUtil($scopeUtil);
$storage->setUser("admin", "admin", "Alexander", "Baquiax", 'admin');
$app['oauth_server'] = $server;
$app['mysql_client'] = $storage;
$app['oauth_response'] = new BridgeResponse();
}
protected function configure(Slim $app)
{
$app->container->singleton('request', function ($c) {
//Use adapter so slim and oauth2 library works with the same object
return new RequestAdapter($c['environment']);
//Request::createFromGlobals();
});
$app->container->singleton('response', function ($c) {
//Use adapter so slim and oauth2 library works with the same object
return new ResponseAdapter();
});
$app->container->singleton('saml_settings', function ($c) {
if ($saml_settings = (include $c['settings']['saml']['settings_file'])) {
return $saml_settings;
} else {
die("couldn find settings file in ['settings']['saml']['settings_file'] ");
}
});
$app->container->singleton('oauthServer', function ($c) {
//basic set up
$settings = $c['settings'];
$storage = new Pdo($settings['db']);
$server = new Server($storage);
//saml-bearer grant! This conf is actually the file from /inst/saml_settings.php
//and its almost directly handled by onelogin/php-saml library
//refer to onelogin/php-saml for more information.
//Note that you will have to properly configure saml IDP
$server->addGrantType(new Saml2Bearer($c['saml_settings']));
//just in case you only want to see how to set up basic stuff using slim
$server->addGrantType(new ClientCredentials($storage));
$server->addGrantType(new AuthorizationCode($storage));
$defaultScope = 'basic';
$supportedScopes = array('basic', 'mail', 'bank_account');
$memory = new Memory(array('default_scope' => $defaultScope, 'supported_scopes' => $supportedScopes));
$scopeUtil = new Scope($memory);
$server->setScopeUtil($scopeUtil);
return $server;
});
}
public function testEnforceScope()
{
$storage = Bootstrap::getInstance()->getMemoryStorage();
$server = new Server($storage);
$server->addGrantType(new ClientCredentials($storage));
$scope = new Scope(array('default_scope' => false, 'supported_scopes' => array('testscope')));
$server->setScopeUtil($scope);
$request = TestRequest::createPost(array('grant_type' => 'client_credentials', 'client_id' => 'Test Client ID', 'client_secret' => 'TestSecret'));
$response = $server->handleTokenRequest($request);
$this->assertEquals($response->getStatusCode(), 400);
$this->assertEquals($response->getParameter('error'), 'invalid_scope');
$this->assertEquals($response->getParameter('error_description'), 'This application requires you specify a scope parameter');
}
/**
* @return Server
*/
private function configureOAuth()
{
$storage = new \Components\PropelStorage();
$server = new Server($storage);
$server->addGrantType(new ClientCredentials($storage));
$server->addGrantType(new AuthorizationCode($storage));
$memory = new Memory(array('default_scope' => [], 'supported_scopes' => ['admin']));
$scopeUtil = new Scope($memory);
$server->setScopeUtil($scopeUtil);
return $server;
}
