public function setUp() { parent::setUp(); $this->account = API_OAuth2_Account::load_with_user(self::$DI['app'], self::$DI['oauth2-app-user'], self::$DI['user']); $expires = time() + 100; $this->code = random::generatePassword(8); $this->object = API_OAuth2_AuthCode::create(self::$DI['app'], $this->account, $this->code, $expires); }
public function setUp() { parent::setUp(); $this->account = API_OAuth2_Account::load_with_user(self::$DI['app'], self::$DI['oauth2-app-user'], self::$DI['user']); $expires = time() + 100; $this->token = random::generatePassword(8); $this->scope = 'scopidou'; $this->object = API_OAuth2_RefreshToken::create(self::$DI['app'], $this->account, $expires, $this->token, $this->scope); }
public function setUp() { parent::setUp(); $account = API_OAuth2_Account::load_with_user(self::$DI['app'], self::$DI['oauth2-app-user'], self::$DI['user']); try { new API_OAuth2_Token(self::$DI['app']['phraseanet.appbox'], $account); $this->fail(); } catch (Exception $e) { } $this->object = API_OAuth2_Token::create(self::$DI['app']['phraseanet.appbox'], $account); }
/** * * @param Application $app * @param User $user * @param type $name * @return API_OAuth2_Application */ public static function create(Application $app, User $user = null, $name) { $sql = ' INSERT INTO api_applications ( application_id, creator, created_on, name, last_modified, nonce, client_id, client_secret, activated, grant_password ) VALUES ( null, :usr_id, NOW(), :name, NOW(), :nonce, :client_id, :client_secret, :activated, :grant_password )'; $nonce = random::generatePassword(6); $client_secret = API_OAuth2_Token::generate_token(); $client_token = API_OAuth2_Token::generate_token(); $params = [':usr_id' => $user ? $user->getId() : null, ':name' => $name, ':client_id' => $client_token, ':client_secret' => $client_secret, ':nonce' => $nonce, ':activated' => 1, ':grant_password' => 0]; $stmt = $app['phraseanet.appbox']->get_connection()->prepare($sql); $stmt->execute($params); $stmt->closeCursor(); $application_id = $app['phraseanet.appbox']->get_connection()->lastInsertId(); $application = new self($app, $application_id); if ($user) { API_OAuth2_Account::create($app, $user, $application); } return $application; }
public static function create(Application $app, API_OAuth2_Account $account, $route, $status_code, $format, $ressource, $general = null, $aspect = null, $action = null) { $sql = ' INSERT INTO api_logs ( api_log_id, api_account_id, api_log_route, api_log_date, api_log_status_code, api_log_format, api_log_ressource, api_log_general, api_log_aspect, api_log_action ) VALUES ( null, :account_id, :route, NOW(), :status_code, :format, :ressource, :general, :aspect, :action )'; $params = [':account_id' => $account->get_id(), ':route' => $route, ':status_code' => $status_code, ':format' => $format, ':ressource' => $ressource, ':general' => $general, ':aspect' => $aspect, ':action' => $action]; $stmt = $app['phraseanet.appbox']->get_connection()->prepare($sql); $stmt->execute($params); $stmt->closeCursor(); $log_id = $app['phraseanet.appbox']->get_connection()->lastInsertId(); return new self($app, $log_id); }
/** * * @param appbox $appbox * @param API_OAuth2_Account $account * @param string $scope * @return API_OAuth2_Token */ public static function create(appbox $appbox, API_OAuth2_Account $account, $scope = null) { $sql = 'INSERT INTO api_oauth_tokens (oauth_token, session_id, api_account_id, expires, scope) VALUES (:token, null, :account_id, :expire, :scope)'; $expires = new \DateTime('+1 hour'); $params = [':token' => self::generate_token(), ':account_id' => $account->get_id(), ':expire' => $expires->format(DATE_ISO8601), ':scope' => $scope]; $stmt = $appbox->get_connection()->prepare($sql); $stmt->execute($params); $stmt->closeCursor(); return new API_OAuth2_Token($appbox, $account); }
public function testLoad_with_user() { $loaded = API_OAuth2_Account::load_with_user(self::$DI['app'], self::$DI['oauth2-app-user'], self::$DI['user']); $this->assertInstanceOf('API_OAuth2_Account', $loaded); $this->assertEquals($this->object, $loaded); }
/** * * @param Application $app * @param API_OAuth2_Account $account * @param int $expires * @param type $refresh_token * @param type $scope * @return API_OAuth2_RefreshToken */ public static function create(Application $app, API_OAuth2_Account $account, $expires, $refresh_token, $scope) { $sql = 'INSERT INTO api_oauth_refresh_tokens (refresh_token, api_account_id, expires, scope) VALUES (:refresh_token, :account_id, :expires, :scope)'; $stmt = $app['phraseanet.appbox']->get_connection()->prepare($sql); $params = [":refresh_token" => $refresh_token, ":account_id" => $account->get_id(), ":expires" => $expires, ":scope" => $scope]; $stmt->execute($params); $stmt->closeCursor(); return new self($app, $refresh_token); }
/** * * @param Application $app * @param API_OAuth2_Account $account * @param type $code * @param int $expires * @return API_OAuth2_AuthCode */ public static function create(Application $app, API_OAuth2_Account $account, $code, $expires) { $sql = 'INSERT INTO api_oauth_codes (code, api_account_id, expires) VALUES (:code, :account_id, FROM_UNIXTIME(:expires))'; $stmt = $app['phraseanet.appbox']->get_connection()->prepare($sql); $params = [":code" => $code, ":account_id" => $account->get_id(), ":expires" => $expires]; $stmt->execute($params); $stmt->closeCursor(); return new self($app, $code); }
/** * * @param int $usr_id * @return API_OAuth2_Account */ private function createAccount($usr_id) { $user = $this->app['manipulator.user']->getRepository()->find($usr_id); return API_OAuth2_Account::create($this->app, $user, $this->client); }
/** * Display authorized applications that can access user informations * * @param Application $app A Silex application where the controller is mounted on * @param Request $request The current request * @param Integer $application_id The application id * * @return JsonResponse */ public function grantAccess(Application $app, Request $request, $application_id) { if (!$request->isXmlHttpRequest() || !array_key_exists($request->getMimeType('json'), array_flip($request->getAcceptableContentTypes()))) { $app->abort(400, $app->trans('Bad request format, only JSON is allowed')); } $error = false; try { $account = \API_OAuth2_Account::load_with_user($app, new \API_OAuth2_Application($app, $application_id), $app['authentication']->getUser()); $account->set_revoked((bool) $request->query->get('revoke'), false); } catch (NotFoundHttpException $e) { $error = true; } return $app->json(['success' => !$error]); }
/** * @dataProvider revokeProvider */ public function testAUthorizedAppGrantAccessSuccessfull($revoke, $expected) { self::$DI['client']->request('GET', '/account/security/application/' . self::$DI['oauth2-app-user']->get_id() . '/grant/', ['revoke' => $revoke], [], ['HTTP_ACCEPT' => 'application/json', 'HTTP_X-Requested-With' => 'XMLHttpRequest']); $response = self::$DI['client']->getResponse(); $this->assertTrue($response->isOk()); $json = json_decode($response->getContent()); $this->assertInstanceOf('StdClass', $json); $this->assertObjectHasAttribute('success', $json); $this->assertTrue($json->success); $account = \API_OAuth2_Account::load_with_user(self::$DI['app'], self::$DI['oauth2-app-user'], self::$DI['user']); $this->assertEquals($expected, $account->is_revoked()); }
public function testCheckNativeApp() { $value = self::$DI['app']['conf']->get(['registry', 'api-clients', 'navigator-enabled']); self::$DI['app']['conf']->set(['registry', 'api-clients', 'navigator-enabled'], false); $fail = null; try { $nativeApp = \API_OAuth2_Application::load_from_client_id(self::$DI['app'], \API_OAuth2_Application_Navigator::CLIENT_ID); $account = \API_OAuth2_Account::create(self::$DI['app'], self::$DI['user'], $nativeApp); $token = $account->get_token()->get_value(); $this->setToken($token); self::$DI['client']->request('GET', '/api/v1/databoxes/list/', $this->getParameters(), [], ['HTTP_Accept' => $this->getAcceptMimeType()]); $content = $this->unserialize(self::$DI['client']->getResponse()->getContent()); if (403 != $content['meta']['http_code']) { $fail = new \Exception('Result does not match expected 403, returns ' . $content['meta']['http_code']); } } catch (\Exception $e) { $fail = $e; } self::$DI['app']['conf']->set(['registry', 'api-clients', 'navigator-enabled'], false); if ($fail) { throw $fail; } }