* You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA * * response_type - 'code' corresponding to the authorization code grant flow and * 'token' corresponding to the implicit grant flow is supported. * client_id - a configured id string agreed upon by any given client and authorization server * redirect_uri - an optional configured uri to redirect the user agent to after authorization is granted or denied * scope - optional configured scope strings agreed upon by any given client and authorization server * state - optional string which clients can use to maintain state during authentication and authorization flows. */ session_cache_limiter('nocache'); $config = SimpleSAML_Configuration::getConfig('module_oauth2server.php'); $clientStore = new sspmod_oauth2server_OAuth2_ClientStore($config); if (isset($_REQUEST['client_id'])) { $client = $clientStore->getClient($_REQUEST['client_id']); } if (isset($client)) { $as = new SimpleSAML_Auth_Simple($config->getValue('authsource')); $params = sspmod_oauth2server_Utility_Uri::calculateScopingParameters($client); $as->requireAuth($params); if (array_key_exists('redirect_uri', $client) && is_array($client['redirect_uri']) && count($client['redirect_uri']) > 0) { $returnUri = isset($_REQUEST['redirect_uri']) ? $_REQUEST['redirect_uri'] : $client['redirect_uri'][0]; $legalRedirectUri = sspmod_oauth2server_Utility_Uri::validateRedirectUri($returnUri, $client); if ($legalRedirectUri) { $requestedScopes = sspmod_oauth2server_Utility_Uri::augmentRequestedScopesWithRequiredScopes($client, isset($_REQUEST['scope']) ? explode(' ', $_REQUEST['scope']) : array()); $invalidScopes = sspmod_oauth2server_Utility_Uri::findInvalidScopes($client, $requestedScopes); if (count($invalidScopes) == 0) { if (isset($_REQUEST['response_type']) && ($_REQUEST['response_type'] === 'code' || $_REQUEST['response_type'] === 'token')) { $state = array('clientId' => $_REQUEST['client_id'], 'redirectUri' => isset($_REQUEST['redirect_uri']) ? $_REQUEST['redirect_uri'] : null, 'requestedScopes' => array_unique($requestedScopes), 'returnUri' => $returnUri, 'response_type' => $_REQUEST['response_type']); if (array_key_exists('state', $_REQUEST)) {
} $liveAccessTokens = array(); foreach ($user['accessTokens'] as $id) { $token = $tokenStore->getAccessToken($id); if (!is_null($token)) { if (isset($_REQUEST['tokenId']) && $id === $_REQUEST['tokenId']) { $tokenStore->removeAccessToken($id); } else { array_push($accessTokens, $token); array_push($liveAccessTokens, $token['id']); } } } $liveClients = array(); foreach ($user['clients'] as $id) { $client = $clientStore->getClient($id); if (!is_null($client)) { array_push($clients, $client); array_push($liveClients, $client['id']); } } if (count($liveAuthorizationCodes) != count($user['authorizationCodes']) || count($liveRefreshTokens) != count($user['refreshTokens']) || count($liveAccessTokens) != count($user['accessTokens']) || count($liveClients) != count($user['clients'])) { $user['authorizationCodes'] = $liveAuthorizationCodes; $user['refreshTokens'] = $liveRefreshTokens; $user['accessTokens'] = $liveAccessTokens; $user['clients'] = $liveClients; $userStore->updateUser($user); } } $t = new SimpleSAML_XHTML_Template($globalConfig, 'oauth2server:manage/status.php'); $t->data['authorizationCodes'] = $authorizationCodes;
$token = $tokenStore->getRefreshToken($_REQUEST['tokenId']); if (is_array($token) && isset($_POST['revoke'])) { $tokenStore->removeRefreshToken($_REQUEST['tokenId']); SimpleSAML\Utils\HTTP::redirectTrustedURL(SimpleSAML_Module::getModuleURL('oauth2server/manage/status.php')); } } else { if (array_search($_REQUEST['tokenId'], $user['accessTokens']) !== false) { $token = $tokenStore->getAccessToken($_REQUEST['tokenId']); if (is_array($token) && isset($_POST['revoke'])) { $tokenStore->removeAccessToken($_REQUEST['tokenId']); SimpleSAML\Utils\HTTP::redirectTrustedURL(SimpleSAML_Module::getModuleURL('oauth2server/manage/status.php')); } } } } } $globalConfig = SimpleSAML_Configuration::getInstance(); $t = new SimpleSAML_XHTML_Template($globalConfig, 'oauth2server:manage/token.php'); foreach ($config->getValue('scopes', array()) as $scope => $translations) { $t->includeInlineTranslation('{oauth2server:oauth2server:' . $scope . '}', $translations); } if (isset($token)) { $clientStore = new sspmod_oauth2server_OAuth2_ClientStore($config); $client = $clientStore->getClient($token['clientId']); if (!is_null($client)) { $t->data['token'] = $token; $t->includeInlineTranslation('{oauth2server:oauth2server:client_description_text}', $client['description']); } } $t->data['form'] = SimpleSAML_Module::getModuleURL('oauth2server/manage/token.php'); $t->show();
$clientStore = new sspmod_oauth2server_OAuth2_ClientStore($config); $response = null; $errorCode = 200; if ($_SERVER['REQUEST_METHOD'] === 'POST') { if (array_key_exists('grant_type', $_POST)) { if ($_POST['grant_type'] === 'authorization_code' || $_POST['grant_type'] === 'refresh_token') { $clientId = null; $password = null; if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) { $clientId = $_SERVER['PHP_AUTH_USER']; $password = $_SERVER['PHP_AUTH_PW']; } elseif (array_key_exists('client_id', $_POST)) { $clientId = $_POST['client_id']; } if (!is_null($clientId)) { $client = $clientStore->getClient($clientId); if (!is_null($client)) { if (!isset($client['password']) && is_null($password) || isset($client['password']) && $password === $client['password'] || isset($client['alternative_password']) && $password === $client['alternative_password']) { $tokenStore = new sspmod_oauth2server_OAuth2_TokenStore($config); $userStore = new sspmod_oauth2server_OAuth2_UserStore($config); $authorizationTokenId = null; $authorizationToken = null; $user = null; if ($_POST['grant_type'] === 'authorization_code' && array_key_exists('code', $_POST)) { $authorizationTokenId = $_POST['code']; $authorizationToken = $tokenStore->getAuthorizationCode($authorizationTokenId); $tokenStore->removeAuthorizationCode($_POST['code']); } elseif ($_POST['grant_type'] === 'refresh_token' && array_key_exists('refresh_token', $_POST)) { $authorizationTokenId = $_POST['refresh_token']; $authorizationToken = $tokenStore->getRefreshToken($authorizationTokenId); }
session_cache_limiter('nocache'); header('Content-Type: application/json; charset=utf-8'); $config = SimpleSAML_Configuration::getConfig('module_oauth2server.php'); if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['access_token']) && isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) { $resourceServerId = $_SERVER['PHP_AUTH_USER']; $password = $_SERVER['PHP_AUTH_PW']; $resourceServers = $config->getValue('resources', array()); if (array_key_exists($resourceServerId, $resourceServers)) { $resourceServer = $resourceServers[$resourceServerId]; if ($password === $resourceServer['password'] || array_key_exists('alternative_password', $resourceServer) && $password === $resourceServer['alternative_password']) { $tokenStore = new sspmod_oauth2server_OAuth2_TokenStore($config); $accessToken = $tokenStore->getAccessToken($_POST['access_token']); if (is_array($accessToken)) { $clientStore = new sspmod_oauth2server_OAuth2_ClientStore($config); $userStore = new sspmod_oauth2server_OAuth2_UserStore($config); if (is_array($clientStore->getClient($accessToken['clientId'])) && is_array($userStore->getUser($accessToken['userId']))) { echo json_encode(array('status' => 'valid_token', 'expires_in' => $accessToken['expire'] - time(), 'scopes' => array_values($accessToken['scopes']), 'userId' => $accessToken['userId'])); return; } } echo json_encode(array('status' => 'unknown_token')); return; } } $errorCode = 401; $status = 'invalid_resource'; } else { if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) { $errorCode = 401; $status = 'invalid_resource'; } else {
/** * @group unit * @group oauth2 */ public function testRemoveClient() { $store = new \sspmod_oauth2server_OAuth2_ClientStore($this->getDefaultConfiguration()); $client1 = array('id' => 'dummy', 'expire' => time() + 1000, 'scope' => array('scope1' => false)); $store->addClient($client1); $client2 = $store->getClient($client1['id']); $this->assertNotNull($client2); $this->assertEquals($client1['id'], $client2['id']); $store->removeClient($client2['id']); $client3 = $store->getClient($client2['id']); $this->assertNull($client3); }
* This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA * */ session_cache_limiter('nocache'); $config = SimpleSAML_Configuration::getConfig('module_oauth2server.php'); $state = SimpleSAML_Auth_State::loadState($_REQUEST['stateId'], 'oauth2server:authorization/consent'); $globalConfig = SimpleSAML_Configuration::getInstance(); $clientStore = new sspmod_oauth2server_OAuth2_ClientStore($config); $client = $clientStore->getClient($state['clientId']); $as = new SimpleSAML_Auth_Simple($config->getValue('authsource')); $params = sspmod_oauth2server_Utility_Uri::calculateScopingParameters($client); $as->requireAuth($params); $authorizationCodeTTL = $config->getValue('authorization_code_time_to_live'); $accessTokenTTL = $config->getValue('access_token_time_to_live'); $tokenTTLs = $config->getValue('refresh_token_time_to_live'); if (empty($tokenTTLs)) { array_push($tokenTTLs, 3600); } if (array_key_exists('grant', $_REQUEST)) { if (array_key_exists('ttl', $_REQUEST) && array_key_exists($_REQUEST['ttl'], $tokenTTLs)) { $tokenTTL = $_REQUEST['ttl']; } else { $ttlNames = array_keys($tokenTTLs); $tokenTTL = $tokenTTLs[$ttlNames[0]];