/** * @group unit * @group oauth2 */ public function testRemoveAuthorizationCode() { $store = new \sspmod_oauth2server_OAuth2_TokenStore($this->getDefaultConfiguration()); $code1 = array('id' => 'dummy', 'expire' => time() + 1000); $store->addAuthorizationCode($code1); $code2 = $store->getAuthorizationCode($code1['id']); $this->assertNotNull($code2); $this->assertEquals($code1['id'], $code2['id']); $store->removeAuthorizationCode($code2['id']); $code3 = $store->getAuthorizationCode($code2['id']); $this->assertNull($code3); }
$clientStore = new sspmod_oauth2server_OAuth2_ClientStore($config); $userStore = new sspmod_oauth2server_OAuth2_UserStore($config); $attributes = $as->getAttributes(); $user = $userStore->getUser($attributes[$idAttribute][0]); $globalConfig = SimpleSAML_Configuration::getInstance(); $authorizationCodes = array(); $refreshTokens = array(); $accessTokens = array(); $clients = array(); if (!is_null($user)) { $liveAuthorizationCodes = array(); foreach ($user['authorizationCodes'] as $id) { $token = $tokenStore->getAuthorizationCode($id); if (!is_null($token)) { if (isset($_REQUEST['tokenId']) && $id === $_REQUEST['tokenId']) { $tokenStore->removeAuthorizationCode($id); } else { array_push($authorizationCodes, $token); array_push($liveAuthorizationCodes, $token['id']); } } } $liveRefreshTokens = array(); foreach ($user['refreshTokens'] as $id) { $token = $tokenStore->getRefreshToken($id); if (!is_null($token)) { if (isset($_REQUEST['tokenId']) && $id === $_REQUEST['tokenId']) { $tokenStore->removeRefreshToken($id); } else { array_push($refreshTokens, $token); array_push($liveRefreshTokens, $token['id']);
$config = SimpleSAML_Configuration::getConfig('module_oauth2server.php'); $as = new SimpleSAML_Auth_Simple($config->getValue('authsource')); $as->requireAuth(); if (isset($_POST['back'])) { SimpleSAML\Utils\HTTP::redirectTrustedURL(SimpleSAML_Module::getModuleURL('oauth2server/manage/status.php')); } $idAttribute = $config->getValue('user_id_attribute', 'eduPersonScopedAffiliation'); $tokenStore = new sspmod_oauth2server_OAuth2_TokenStore($config); $userStore = new sspmod_oauth2server_OAuth2_UserStore($config); $attributes = $as->getAttributes(); $user = $userStore->getUser($attributes[$idAttribute][0]); if (!is_null($user) && isset($_REQUEST['tokenId'])) { if (array_search($_REQUEST['tokenId'], $user['authorizationCodes']) !== false) { $token = $tokenStore->getAuthorizationCode($_REQUEST['tokenId']); if (is_array($token) && isset($_POST['revoke'])) { $tokenStore->removeAuthorizationCode($_REQUEST['tokenId']); SimpleSAML\Utils\HTTP::redirectTrustedURL(SimpleSAML_Module::getModuleURL('oauth2server/manage/status.php')); } } else { if (array_search($_REQUEST['tokenId'], $user['refreshTokens']) !== false) { $token = $tokenStore->getRefreshToken($_REQUEST['tokenId']); if (is_array($token) && isset($_POST['revoke'])) { $tokenStore->removeRefreshToken($_REQUEST['tokenId']); SimpleSAML\Utils\HTTP::redirectTrustedURL(SimpleSAML_Module::getModuleURL('oauth2server/manage/status.php')); } } else { if (array_search($_REQUEST['tokenId'], $user['accessTokens']) !== false) { $token = $tokenStore->getAccessToken($_REQUEST['tokenId']); if (is_array($token) && isset($_POST['revoke'])) { $tokenStore->removeAccessToken($_REQUEST['tokenId']); SimpleSAML\Utils\HTTP::redirectTrustedURL(SimpleSAML_Module::getModuleURL('oauth2server/manage/status.php'));
} elseif (array_key_exists('client_id', $_POST)) { $clientId = $_POST['client_id']; } if (!is_null($clientId)) { $client = $clientStore->getClient($clientId); if (!is_null($client)) { if (!isset($client['password']) && is_null($password) || isset($client['password']) && $password === $client['password'] || isset($client['alternative_password']) && $password === $client['alternative_password']) { $tokenStore = new sspmod_oauth2server_OAuth2_TokenStore($config); $userStore = new sspmod_oauth2server_OAuth2_UserStore($config); $authorizationTokenId = null; $authorizationToken = null; $user = null; if ($_POST['grant_type'] === 'authorization_code' && array_key_exists('code', $_POST)) { $authorizationTokenId = $_POST['code']; $authorizationToken = $tokenStore->getAuthorizationCode($authorizationTokenId); $tokenStore->removeAuthorizationCode($_POST['code']); } elseif ($_POST['grant_type'] === 'refresh_token' && array_key_exists('refresh_token', $_POST)) { $authorizationTokenId = $_POST['refresh_token']; $authorizationToken = $tokenStore->getRefreshToken($authorizationTokenId); } if (!is_null($authorizationToken)) { $user = $userStore->getUser($authorizationToken['userId']); } if (!is_null($user)) { if ($clientId == $authorizationToken['clientId']) { $redirectUri = array_key_exists('redirect_uri', $_POST) ? $_POST['redirect_uri'] : null; if ($authorizationToken['redirectUri'] == $redirectUri) { $tokenFactory = new sspmod_oauth2server_OAuth2_TokenFactory($authorizationToken['authorizationCodeTTL'], $authorizationToken['accessTokenTTL'], $authorizationToken['refreshTokenTTL']); $accessToken = $tokenFactory->createBearerAccessToken($authorizationToken['clientId'], $authorizationToken['scopes'], $authorizationToken['userId']); if ($_POST['grant_type'] === 'authorization_code') { $refreshToken = $tokenFactory->createRefreshToken($authorizationToken['clientId'], $authorizationToken['redirectUri'], $authorizationToken['scopes'], $authorizationToken['userId']);