/** * @group unit * @group oauth2 */ public function testRemoveUser() { $store = new \sspmod_oauth2server_OAuth2_UserStore($this->getDefaultConfiguration()); $user1 = array('id' => 'dummy', 'expire' => time() + 1000); $store->addUser($user1); $user2 = $store->getUser($user1['id']); $this->assertNotNull($user2); $this->assertEquals($user1['id'], $user2['id']); $store->removeUser($user2['id']); $user3 = $store->getUser($user2['id']); $this->assertNull($user3); }
* * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA * */ session_cache_limiter('nocache'); $config = SimpleSAML_Configuration::getConfig('module_oauth2server.php'); $as = new SimpleSAML_Auth_Simple($config->getValue('authsource')); $as->requireAuth(); $idAttribute = $config->getValue('user_id_attribute', 'eduPersonScopedAffiliation'); $tokenStore = new sspmod_oauth2server_OAuth2_TokenStore($config); $clientStore = new sspmod_oauth2server_OAuth2_ClientStore($config); $userStore = new sspmod_oauth2server_OAuth2_UserStore($config); $attributes = $as->getAttributes(); $user = $userStore->getUser($attributes[$idAttribute][0]); $globalConfig = SimpleSAML_Configuration::getInstance(); $authorizationCodes = array(); $refreshTokens = array(); $accessTokens = array(); $clients = array(); if (!is_null($user)) { $liveAuthorizationCodes = array(); foreach ($user['authorizationCodes'] as $id) { $token = $tokenStore->getAuthorizationCode($id); if (!is_null($token)) { if (isset($_REQUEST['tokenId']) && $id === $_REQUEST['tokenId']) { $tokenStore->removeAuthorizationCode($id); } else { array_push($authorizationCodes, $token); array_push($liveAuthorizationCodes, $token['id']);
if ($config->getValue('enable_resource_owner_service', false)) { if ($_SERVER['REQUEST_METHOD'] != 'OPTIONS') { //sort of ignore the damn ajax options pre-flight requests foreach (getallheaders() as $name => $value) { if ($name === 'Authorization' && strpos($value, 'Bearer ') === 0) { $tokenType = 'Bearer'; $accessTokenId = base64_decode(trim(substr($value, 7))); } } if (isset($accessTokenId)) { if ('Bearer' === $tokenType) { $tokenStore = new sspmod_oauth2server_OAuth2_TokenStore($config); $userStore = new sspmod_oauth2server_OAuth2_UserStore($config); $accessToken = $tokenStore->getAccessToken($accessTokenId); if ($accessToken != null) { $user = $userStore->getUser($accessToken['userId']); } if (isset($user) && $user != null) { $configuredAttributeScopes = $config->getValue('resource_owner_service_attribute_scopes', array()); $attributeScopes = array_intersect($accessToken['scopes'], array_keys($configuredAttributeScopes)); if (count($attributeScopes) > 0) { $response = array(); $attributeNames = array(); // null means grab all attributes foreach ($attributeScopes as $scope) { if (is_array($attributeNames) && is_array($configuredAttributeScopes[$scope])) { $attributeNames = array_merge($attributeNames, $configuredAttributeScopes[$scope]); } else { $attributeNames = null; break; }
if (!isset($client['password']) && is_null($password) || isset($client['password']) && $password === $client['password'] || isset($client['alternative_password']) && $password === $client['alternative_password']) { $tokenStore = new sspmod_oauth2server_OAuth2_TokenStore($config); $userStore = new sspmod_oauth2server_OAuth2_UserStore($config); $authorizationTokenId = null; $authorizationToken = null; $user = null; if ($_POST['grant_type'] === 'authorization_code' && array_key_exists('code', $_POST)) { $authorizationTokenId = $_POST['code']; $authorizationToken = $tokenStore->getAuthorizationCode($authorizationTokenId); $tokenStore->removeAuthorizationCode($_POST['code']); } elseif ($_POST['grant_type'] === 'refresh_token' && array_key_exists('refresh_token', $_POST)) { $authorizationTokenId = $_POST['refresh_token']; $authorizationToken = $tokenStore->getRefreshToken($authorizationTokenId); } if (!is_null($authorizationToken)) { $user = $userStore->getUser($authorizationToken['userId']); } if (!is_null($user)) { if ($clientId == $authorizationToken['clientId']) { $redirectUri = array_key_exists('redirect_uri', $_POST) ? $_POST['redirect_uri'] : null; if ($authorizationToken['redirectUri'] == $redirectUri) { $tokenFactory = new sspmod_oauth2server_OAuth2_TokenFactory($authorizationToken['authorizationCodeTTL'], $authorizationToken['accessTokenTTL'], $authorizationToken['refreshTokenTTL']); $accessToken = $tokenFactory->createBearerAccessToken($authorizationToken['clientId'], $authorizationToken['scopes'], $authorizationToken['userId']); if ($_POST['grant_type'] === 'authorization_code') { $refreshToken = $tokenFactory->createRefreshToken($authorizationToken['clientId'], $authorizationToken['redirectUri'], $authorizationToken['scopes'], $authorizationToken['userId']); $tokenStore->addRefreshToken($refreshToken); $liveRefreshTokens = array($refreshToken['id']); foreach ($user['refreshTokens'] as $tokenId) { if (!is_null($tokenStore->getRefreshToken($tokenId))) { array_push($liveRefreshTokens, $tokenId); }
session_cache_limiter('nocache'); header('Content-Type: application/json; charset=utf-8'); $config = SimpleSAML_Configuration::getConfig('module_oauth2server.php'); if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['access_token']) && isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) { $resourceServerId = $_SERVER['PHP_AUTH_USER']; $password = $_SERVER['PHP_AUTH_PW']; $resourceServers = $config->getValue('resources', array()); if (array_key_exists($resourceServerId, $resourceServers)) { $resourceServer = $resourceServers[$resourceServerId]; if ($password === $resourceServer['password'] || array_key_exists('alternative_password', $resourceServer) && $password === $resourceServer['alternative_password']) { $tokenStore = new sspmod_oauth2server_OAuth2_TokenStore($config); $accessToken = $tokenStore->getAccessToken($_POST['access_token']); if (is_array($accessToken)) { $clientStore = new sspmod_oauth2server_OAuth2_ClientStore($config); $userStore = new sspmod_oauth2server_OAuth2_UserStore($config); if (is_array($clientStore->getClient($accessToken['clientId'])) && is_array($userStore->getUser($accessToken['userId']))) { echo json_encode(array('status' => 'valid_token', 'expires_in' => $accessToken['expire'] - time(), 'scopes' => array_values($accessToken['scopes']), 'userId' => $accessToken['userId'])); return; } } echo json_encode(array('status' => 'unknown_token')); return; } } $errorCode = 401; $status = 'invalid_resource'; } else { if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) { $errorCode = 401; $status = 'invalid_resource'; } else {
} if (isset($_REQUEST['grantedScopes'])) { $scopesTemp = $_REQUEST['grantedScopes']; } else { $scopesTemp = array(); } \sspmod_oauth2server_Utility_Uri::augmentRequestedScopesWithRequiredScopes($client, $scopesTemp); $token['scopes'] = \sspmod_oauth2server_Utility_Uri::findValidScopes($client, $scopesTemp); $tokenStore = new sspmod_oauth2server_OAuth2_TokenStore($config); if ($state['response_type'] === 'code') { $tokenStore->addAuthorizationCode($token); } else { $tokenStore->addAccessToken($token); } $userStore = new sspmod_oauth2server_OAuth2_UserStore($config); $user = $userStore->getUser($token['userId']); if (is_array($user)) { $user['attributes'] = $as->getAttributes(); $liveTokens = array($token['id']); if ($state['response_type'] === 'code') { foreach ($user['authorizationCodes'] as $tokenId) { if (!is_null($tokenStore->getAuthorizationCode($tokenId))) { array_push($liveTokens, $tokenId); } } $user['authorizationCodes'] = $liveTokens; } else { foreach ($user['accessTokens'] as $tokenId) { if (!is_null($tokenStore->getAccessToken($tokenId))) { array_push($liveTokens, $tokenId); }