joshtronic/pickles
1
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch '2.0' of github.com:picklesphp/pickles into 2.0

Browse source
This commit is contained in:
Josh Sherman 2014-10-16 10:34:12 -04:00
commit ba2729cb7f
11 changed files with 314 additions and 77 deletions
Download patch file Download diff file Expand all files Collapse all files

20
composer.json
View file

@ -1,14 +1,14 @@
{ {
"name": "picklesphp/pickles", "name": "picklesphp/pickles",
"description": "Pickles is a PHP framework for building kick-ass services", "description": "Pickles is a PHP framework for building kick-ass services",
"type": "library", "type": "library",
"keywords": ["framework", "api", "soa", "oauth"], "keywords": ["framework", "api", "soa", "oauth"],
"homepage": "http://picklesphp.com", "homepage": "http://picklesphp.com",
"license": "MIT", "license": "MIT",
"authors": [ "authors": [
{ {
"name": "Josh Sherman", "name": "Josh Sherman",
"email": "josh@gravityblvd.com", "email": "josh@gravityblvd.com",
"homepage": "http://joshtronic.com" "homepage": "http://joshtronic.com"
} }
], ],
@ -18,12 +18,12 @@
}, },
"minimum-stability" : "dev", "minimum-stability" : "dev",
"require-dev": { "require-dev": {
"phpunit/phpunit": "dev-master", "phpunit/phpunit": "dev-master",
"satooshi/php-coveralls": "dev-master" "satooshi/php-coveralls": "dev-master"
}, },
"require": { "require": {
"php": ">=5.4", "php": ">=5.4",
"league/oauth2-server": "4.*" "league/oauth2-server": "4.0.x-dev"
}, },
"autoload": { "autoload": {
"psr-4": { "psr-4": {

3
composer.lock generated
View file

@ -4,7 +4,7 @@
"Read more about it at http://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "Read more about it at http://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically" "This file is @generated automatically"
], ],
"hash": "76708e9b1bd8a87135b6c5b4c0e38a2a", "hash": "f919c496ec07285f990ccb4efab8cf18",
"packages": [ "packages": [
{ {
"name": "league/event", "name": "league/event",
@ -1434,6 +1434,7 @@
"aliases": [], "aliases": [],
"minimum-stability": "dev", "minimum-stability": "dev",
"stability-flags": { "stability-flags": {
"league/oauth2-server": 20,
"phpunit/phpunit": 20, "phpunit/phpunit": 20,
"satooshi/php-coveralls": 20 "satooshi/php-coveralls": 20
}, },

90
sql/oauth2.sql
View file

@ -7,13 +7,16 @@ CREATE TABLE `oauth_clients` (
UNIQUE KEY `u_oacl_clse_clid` (`secret`,`id`) UNIQUE KEY `u_oacl_clse_clid` (`secret`,`id`)
) ENGINE=INNODB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci; ) ENGINE=INNODB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci;
CREATE TABLE `oauth_client_endpoints` ( CREATE TABLE `oauth_endpoints` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT, `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`client_id` char(40) NOT NULL, `client_id` char(40) NOT NULL,
`redirect_uri` varchar(255) NOT NULL, `redirect_uri` varchar(255) NOT NULL,
PRIMARY KEY (`id`), PRIMARY KEY (`id`),
KEY `i_oaclen_clid` (`client_id`), KEY `i_oaclen_clid` (`client_id`),
CONSTRAINT `f_oaclen_clid` FOREIGN KEY (`client_id`) REFERENCES `oauth_clients` (`id`) ON DELETE CASCADE ON UPDATE CASCADE CONSTRAINT `f_oaclen_clid`
FOREIGN KEY (`client_id`)
REFERENCES `oauth_clients` (`id`)
ON DELETE CASCADE ON UPDATE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci;
CREATE TABLE `oauth_sessions` ( CREATE TABLE `oauth_sessions` (
@ -23,46 +26,64 @@ CREATE TABLE `oauth_sessions` (
`owner_id` varchar(255) NOT NULL, `owner_id` varchar(255) NOT NULL,
PRIMARY KEY (`id`), PRIMARY KEY (`id`),
KEY `i_uase_clid_owty_owid` (`client_id`,`owner_type`,`owner_id`), KEY `i_uase_clid_owty_owid` (`client_id`,`owner_type`,`owner_id`),
CONSTRAINT `f_oase_clid` FOREIGN KEY (`client_id`) REFERENCES `oauth_clients` (`id`) ON DELETE CASCADE ON UPDATE CASCADE CONSTRAINT `f_oase_clid`
FOREIGN KEY (`client_id`)
REFERENCES `oauth_clients` (`id`)
ON DELETE CASCADE ON UPDATE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci;
CREATE TABLE `oauth_session_access_tokens` ( CREATE TABLE `oauth_access_tokens` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT, `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`session_id` int(10) unsigned NOT NULL, `session_id` int(10) unsigned NOT NULL,
`access_token` char(40) NOT NULL, `access_token` char(40) NOT NULL,
`access_token_expires` int(10) unsigned NOT NULL, `expires_at` int(10) unsigned NOT NULL,
PRIMARY KEY (`id`), PRIMARY KEY (`id`),
UNIQUE KEY `u_oaseacto_acto_seid` (`access_token`,`session_id`), UNIQUE KEY `u_oaseacto_acto_seid` (`access_token`,`session_id`),
KEY `f_oaseto_seid` (`session_id`), KEY `f_oaseto_seid` (`session_id`),
CONSTRAINT `f_oaseto_seid` FOREIGN KEY (`session_id`) REFERENCES `oauth_sessions` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION CONSTRAINT `f_oaseto_seid`
FOREIGN KEY (`session_id`)
REFERENCES `oauth_sessions` (`id`)
ON DELETE CASCADE ON UPDATE NO ACTION
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci;
CREATE TABLE `oauth_session_authcodes` ( CREATE TABLE `oauth_authorization_codes` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT, `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`session_id` int(10) unsigned NOT NULL, `session_id` int(10) unsigned NOT NULL,
`auth_code` char(40) NOT NULL, `authorization_code` char(40) NOT NULL,
`auth_code_expires` int(10) unsigned NOT NULL, `expires_at` int(10) unsigned NOT NULL,
PRIMARY KEY (`id`), PRIMARY KEY (`id`),
KEY `session_id` (`session_id`), KEY `session_id` (`session_id`),
CONSTRAINT `oauth_session_authcodes_ibfk_1` FOREIGN KEY (`session_id`) REFERENCES `oauth_sessions` (`id`) ON DELETE CASCADE CONSTRAINT `oauth_authorization_codes_ibfk_1`
FOREIGN KEY (`session_id`)
REFERENCES `oauth_sessions` (`id`)
ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci;
CREATE TABLE `oauth_session_redirects` ( CREATE TABLE `oauth_redirect_uris` (
`session_id` int(10) unsigned NOT NULL, `session_id` int(10) unsigned NOT NULL,
`redirect_uri` varchar(255) NOT NULL, `redirect_uri` varchar(255) NOT NULL,
PRIMARY KEY (`session_id`), PRIMARY KEY (`session_id`),
CONSTRAINT `f_oasere_seid` FOREIGN KEY (`session_id`) REFERENCES `oauth_sessions` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION CONSTRAINT `f_oasere_seid`
FOREIGN KEY (`session_id`)
REFERENCES `oauth_sessions` (`id`)
ON DELETE CASCADE ON UPDATE NO ACTION
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci;
CREATE TABLE `oauth_session_refresh_tokens` ( CREATE TABLE `oauth_refresh_tokens` (
`session_access_token_id` int(10) unsigned NOT NULL, `access_token_id` int(10) unsigned NOT NULL,
`refresh_token` char(40) NOT NULL, `refresh_token` char(40) NOT NULL,
`refresh_token_expires` int(10) unsigned NOT NULL, `expires_at` int(10) unsigned NOT NULL,
`client_id` char(40) NOT NULL, `client_id` char(40) NOT NULL,
PRIMARY KEY (`session_access_token_id`), PRIMARY KEY (`access_token_id`),
KEY `client_id` (`client_id`), KEY `client_id` (`client_id`),
CONSTRAINT `oauth_session_refresh_tokens_ibfk_1` FOREIGN KEY (`client_id`) REFERENCES `oauth_clients` (`id`) ON DELETE CASCADE, CONSTRAINT `oauth_refresh_tokens_ibfk_1`
CONSTRAINT `f_oasetore_setoid` FOREIGN KEY (`session_access_token_id`) REFERENCES `oauth_session_access_tokens` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION FOREIGN KEY (`client_id`)
REFERENCES `oauth_clients` (`id`)
ON DELETE CASCADE,
CONSTRAINT `f_oasetore_setoid`
FOREIGN KEY (`access_token_id`)
REFERENCES `oauth_access_tokens` (`id`)
ON DELETE CASCADE ON UPDATE NO ACTION
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci;
CREATE TABLE `oauth_scopes` ( CREATE TABLE `oauth_scopes` (
@ -74,22 +95,35 @@ CREATE TABLE `oauth_scopes` (
UNIQUE KEY `u_oasc_sc` (`scope`) UNIQUE KEY `u_oasc_sc` (`scope`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci;
CREATE TABLE `oauth_session_token_scopes` ( CREATE TABLE `oauth_access_token_scopes` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT, `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`session_access_token_id` int(10) unsigned DEFAULT NULL, `access_token_id` int(10) unsigned DEFAULT NULL,
`scope_id` smallint(5) unsigned NOT NULL, `scope_id` smallint(5) unsigned NOT NULL,
PRIMARY KEY (`id`), PRIMARY KEY (`id`),
UNIQUE KEY `u_setosc_setoid_scid` (`session_access_token_id`,`scope_id`), UNIQUE KEY `u_setosc_setoid_scid` (`access_token_id`,`scope_id`),
KEY `f_oasetosc_scid` (`scope_id`), KEY `f_oasetosc_scid` (`scope_id`),
CONSTRAINT `f_oasetosc_scid` FOREIGN KEY (`scope_id`) REFERENCES `oauth_scopes` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION, CONSTRAINT `f_oasetosc_scid`
CONSTRAINT `f_oasetosc_setoid` FOREIGN KEY (`session_access_token_id`) REFERENCES `oauth_session_access_tokens` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION FOREIGN KEY (`scope_id`)
REFERENCES `oauth_scopes` (`id`)
ON DELETE CASCADE ON UPDATE NO ACTION,
CONSTRAINT `f_oasetosc_setoid`
FOREIGN KEY (`access_token_id`)
REFERENCES `oauth_access_tokens` (`id`)
ON DELETE CASCADE ON UPDATE NO ACTION
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci;
CREATE TABLE `oauth_session_authcode_scopes` ( CREATE TABLE `oauth_authorization_code_scopes` (
`oauth_session_authcode_id` int(10) unsigned NOT NULL, `authorization_code_id` int(10) unsigned NOT NULL,
`scope_id` smallint(5) unsigned NOT NULL, `scope_id` smallint(5) unsigned NOT NULL,
KEY `oauth_session_authcode_id` (`oauth_session_authcode_id`), KEY `authorization_code_id` (`authorization_code_id`),
KEY `scope_id` (`scope_id`), KEY `scope_id` (`scope_id`),
CONSTRAINT `oauth_session_authcode_scopes_ibfk_2` FOREIGN KEY (`scope_id`) REFERENCES `oauth_scopes` (`id`) ON DELETE CASCADE, CONSTRAINT `oauth_authorization_code_scopes_ibfk_2`
CONSTRAINT `oauth_session_authcode_scopes_ibfk_1` FOREIGN KEY (`oauth_session_authcode_id`) REFERENCES `oauth_session_authcodes` (`id`) ON DELETE CASCADE FOREIGN KEY (`scope_id`)
REFERENCES `oauth_scopes` (`id`)
ON DELETE CASCADE,
CONSTRAINT `oauth_authorization_code_scopes_ibfk_1`
FOREIGN KEY (`authorization_code_id`)
REFERENCES `oauth_authorization_codes` (`id`)
ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci;

48
src/OAuth2/AccessTokenStorage.php
View file

@ -3,6 +3,7 @@
namespace Pickles\OAuth2; namespace Pickles\OAuth2;
use \League\OAuth2\Server\Entity\AbstractTokenEntity; use \League\OAuth2\Server\Entity\AbstractTokenEntity;
use \League\OAuth2\Server\Entity\AccessTokenEntity;
use \League\OAuth2\Server\Entity\ScopeEntity; use \League\OAuth2\Server\Entity\ScopeEntity;
use \League\OAuth2\Server\Storage\AccessTokenInterface; use \League\OAuth2\Server\Storage\AccessTokenInterface;
@ -10,27 +11,74 @@ class AccessTokenStorage extends StorageAdapter implements AccessTokenInterface
{ {
public function get($token) public function get($token)
{ {
$sql = 'SELECT oauth_access_tokens.*'
. ' FROM oauth_access_tokens'
. ' WHERE access_token = ?'
. ' AND expires_at >= ?;';
$results = $this->db->fetch($sql, [$token, time()]);
if (count($results) === 1)
{
return (new AccessTokenEntity($this->server))
->setId($results[0]['access_token'])
->setExpireTime($results[0]['expires_at']);
}
return null;
} }
public function getScopes(AbstractTokenEntity $token) public function getScopes(AbstractTokenEntity $token)
{ {
$sql = 'SELECT oauth_scopes.id, oauth_scopes.description'
. ' FROM oauth_access_token_scopes'
. ' INNER JOIN oauth_scopes'
. ' ON oauth_access_token_scopes.scope_id = oauth_scopes.id'
. ' WHERE oauth_access_token_scopes.access_token_id = ?;';
$results = $this->db->fetch($sql, [$token->getId()]);
$response = [];
if (count($results) > 0)
{
foreach ($results as $row)
{
$response[] = (new ScopeEntity($this->server))->hydrate([
'id' => $row['id'],
'description' => $row['description']
]);
}
}
return $response;
} }
public function create($token, $expiration, $session_id) public function create($token, $expiration, $session_id)
{ {
$sql = 'INSERT INTO oauth_access_tokens'
. ' (access_token, session_id, expires_at)'
. ' VALUES'
. ' (?, ?, ?);';
$this->db->execute($sql, [$token, $session_id, $expiration]);
} }
public function associateScope(AbstractTokenEntity $token, ScopeEntity $scope) public function associateScope(AbstractTokenEntity $token, ScopeEntity $scope)
{ {
$sql = 'INSERT INTO oauth_access_token_scopes'
. ' (access_token, scope)'
. ' VALUES'
. ' (?, ?);';
$this->db->execute($sql, [$token->getId(), $scope->getId()]);
} }
public function delete(AbstractTokenEntity $token) public function delete(AbstractTokenEntity $token)
{ {
$sql = 'DELETE FROM oauth_access_token_scopes'
. ' WHERE access_token = ?;';
$this->db->execute($sql, [$token->getId()]);
} }
} }

28
src/OAuth2/ClientStorage.php
View file

@ -16,8 +16,8 @@ class ClientStorage extends StorageAdapter implements ClientInterface
if ($redirect_uri) if ($redirect_uri)
{ {
$sql .= ', oauth_client_redirect_uris.*' $sql .= ', oauth_client_redirect_uris.*'
. ' INNER JOIN oauth_client_redirect_uris' . ' INNER JOIN oauth_redirect_uris'
. ' ON oauth_clients.id = oauth_client_redirect_uris.client_id'; . ' ON oauth_clients.id = oauth_redirect_uris.client_id';
} }
$sql .= ' FROM oauth_clients WHERE oauth_clients.id = ?'; $sql .= ' FROM oauth_clients WHERE oauth_clients.id = ?';
@ -32,7 +32,7 @@ class ClientStorage extends StorageAdapter implements ClientInterface
if ($redirect_uri) if ($redirect_uri)
{ {
$sql .= 'AND oauth_client_redirect_uris.redirect_uri = ?'; $sql .= 'AND oauth_redirect_uris.redirect_uri = ?';
$parameters[] = $redirect_uri; $parameters[] = $redirect_uri;
} }
@ -55,25 +55,27 @@ class ClientStorage extends StorageAdapter implements ClientInterface
public function getBySession(SessionEntity $session) public function getBySession(SessionEntity $session)
{ {
/* $sql = 'SELECT oauth_clients.id, oauth_clients.name'
$result = Capsule::table('oauth_clients') . ' FROM oauth_clients'
->select(['oauth_clients.id', 'oauth_clients.name']) . ' INNER JOIN oauth_sessions'
->join('oauth_sessions', 'oauth_clients.id', '=', 'oauth_sessions.client_id') . ' ON oauth_clients.id = oauth_sessions.client_id'
->where('oauth_sessions.id', $session->getId()) . ' WHERE oauth_sessions.id = ?';
->get();
if (count($result) === 1) { $results = $this->db->fetch($sql, [$session->getId()]);
if (count($results) === 1)
{
$client = new ClientEntity($this->server); $client = new ClientEntity($this->server);
$client->hydrate([ $client->hydrate([
'id' => $result[0]['id'], 'id' => $results[0]['id'],
'name' => $result[0]['name'] 'name' => $results[0]['name']
]); ]);
return $client; return $client;
} }
return null; return null;
*/
} }
} }

56
src/OAuth2/RefreshTokenStorage.php Normal file
View file

@ -0,0 +1,56 @@
<?php
namespace Pickles\OAuth2;
use \League\OAuth2\Server\Entity\RefreshTokenEntity;
use \League\OAuth2\Server\Storage\RefreshTokenInterface;
class RefreshTokenStorage extends StorageAdapter implements RefreshTokenInterface
{
public function get($token)
{
$sql = 'SELECT oauth_refresh_tokens.*'
. ' FROM oauth_refresh_tokens'
. ' WHERE refresh_token = ?'
. ' AND expires_at >= ?;';
$results = $this->db->fetch($sql, [$token, time()]);
if (count($results) === 1)
{
return (new RefreshTokenEntity($this->server))
->setId($result[0]['refresh_token'])
->setExpireTime($result[0]['expires_at'])
->setAccessTokenId($result[0]['access_token_id']);
}
return null;
}
public function create($token, $expiration, $access_token)
{
$sql = 'SELECT id FROM oauth_access_tokens WHERE access_token = ?;';
$results = $this->db->fetch($sql, [$access_token]);
$token_id = $results[0]['id'];
$sql = 'INSERT INTO oauth_refresh_tokens'
. ' (refresh_token, access_token_id, expires_at, client_id)'
. ' VALUES'
. ' (?, ?, ?, ?);';
$this->db->execute($sql, [
$token,
$token_id,
$expiration,
$this->server->getRequest()->request->get('client_id', null),
]);
}
public function delete(RefreshTokenEntity $token)
{
$sql = 'DELETE FROM oauth_refresh_tokens WHERE refresh_token = ?;';
$this->db->execute($sql, [$token->getId()]);
}
}

20
src/OAuth2/Resource.php
View file

@ -4,14 +4,14 @@ namespace Pickles\OAuth2;
use \League\OAuth2\Server\AuthorizationServer; use \League\OAuth2\Server\AuthorizationServer;
use \League\OAuth2\Server\Grant\PasswordGrant; use \League\OAuth2\Server\Grant\PasswordGrant;
use \League\OAuth2\Server\Grant\RefreshTokenGrant;
use \Pickles\App\Models\User; use \Pickles\App\Models\User;
use \Pickles\Config;
class Resource extends \Pickles\Resource class Resource extends \Pickles\Resource
{ {
public function __construct() public function POST()
{ {
parent::__construct();
if (!isset($this->config['oauth'][$_SERVER['__version']])) if (!isset($this->config['oauth'][$_SERVER['__version']]))
{ {
throw new \Exception('Forbidden.', 403); throw new \Exception('Forbidden.', 403);
@ -28,6 +28,7 @@ class Resource extends \Pickles\Resource
$server->setAccessTokenStorage(new AccessTokenStorage); $server->setAccessTokenStorage(new AccessTokenStorage);
$server->setClientStorage(new ClientStorage); $server->setClientStorage(new ClientStorage);
$server->setScopeStorage(new ScopeStorage); $server->setScopeStorage(new ScopeStorage);
$server->setRefreshTokenStorage(new RefreshTokenStorage);
switch ($_REQUEST['grant_type']) switch ($_REQUEST['grant_type'])
{ {
@ -45,10 +46,16 @@ class Resource extends \Pickles\Resource
case 'password': case 'password':
$grant = new PasswordGrant; $grant = new PasswordGrant;
$grant->setAccessTokenTTL(3600);
// @todo ^^^ check config and use that value
$grant->setVerifyCredentialsCallback(function ($username, $password) $grant->setVerifyCredentialsCallback(function ($username, $password)
{ {
$user = new User(['email' => $username]); $user = new User([
'conditions' => [
'email' => $username,
],
]);
return $user->count() return $user->count()
&& password_verify($password, $user->record['password']); && password_verify($password, $user->record['password']);
@ -63,7 +70,12 @@ class Resource extends \Pickles\Resource
$server->addGrantType($grant); $server->addGrantType($grant);
$refreshTokenGrant = new RefreshTokenGrant;
$server->addGrantType($refreshTokenGrant);
$response = $server->issueAccessToken(); $response = $server->issueAccessToken();
return $response;
} }
catch (\Exception $e) catch (\Exception $e)
{ {

11
src/OAuth2/ScopeStorage.php
View file

@ -9,7 +9,18 @@ class ScopeStorage extends StorageAdapter implements ScopeInterface
{ {
public function get($scope, $grant_type = null, $client_id = null) public function get($scope, $grant_type = null, $client_id = null)
{ {
$sql = 'SELECT * FROM oauth_scopes WHERE id = ?;';
$results = $this->db->fetch($sql, [$scope]);
if (count($results) === 0)
{
return null;
}
return (new ScopeEntity($this->server))->hydrate([
'id' => $result[0]['id'],
'description' => $result[0]['description'],
]);
} }
} }

67
src/OAuth2/SessionStorage.php
View file

@ -13,27 +13,94 @@ class SessionStorage extends StorageAdapter implements SessionInterface
{ {
public function getByAccessToken(AccessTokenEntity $access_token) public function getByAccessToken(AccessTokenEntity $access_token)
{ {
$sql = 'SELECT oauth_sessions.id, oauth_sessions.owner_type,'
. ' oauth_sessions.owner_id, oauth_sessions.client_id,'
. ' oauth_sessions.client_redirect_uri'
. ' FROM oauth_sessions'
. ' INNER JOIN oauth_access_tokens'
. ' ON oauth_access_tokens.session_id = oauth_sessions.id'
. ' WHERE oauth_access_tokens.access_token = ?;';
$results = $this->db->fetch($sql, [$access_token->getId()]);
if (count($results) === 1)
{
$session = new SessionEntity($this->server);
$session->setId($result[0]['id']);
$session->setOwner($result[0]['owner_type'], $result[0]['owner_id']);
return $session;
}
return null;
} }
public function getByAuthCode(AuthCodeEntity $auth_code) public function getByAuthCode(AuthCodeEntity $auth_code)
{ {
$sql = 'SELECT oauth_sessions.id, oauth_sessions.owner_type,'
. ' oauth_sessions.owner_id, oauth_sessions.client_id,'
. ' oauth_sessions.client_redirect_uri'
. ' FROM oauth_sessions'
. ' INNER JOIN oauth_authorization_codes'
. ' ON oauth_authorization_codes.session_id = oauth_sessions.id'
. ' WHERE oauth_authorization_codes.authorization_code = ?;';
$results = $this->db->fetch($sql, [$auth_code->getId()]);
if (count($results) === 1)
{
$session = new SessionEntity($this->server);
$session->setId($result[0]['id']);
$session->setOwner($result[0]['owner_type'], $result[0]['owner_id']);
return $session;
}
return null;
} }
public function getScopes(SessionEntity $session) public function getScopes(SessionEntity $session)
{ {
$sql = 'SELECT oauth_sessions.*'
. ' FROM oauth_sessions'
. ' INNER JOIN oauth_access_token_scopes'
. ' ON oauth_sessions.id = oauth_access_token_scopes.access_token_id'
. ' INNER JOIN oauth_scopes'
. ' ON oauth_scopes.id = oauth_access_token_scopes.scope_id'
. ' WHERE oauth_sessions.id = ?;';
$results = $this->db->fetch($sql, [$session->getId()]);
$scopes = [];
foreach ($results as $scope)
{
$scopes[] = (new ScopeEntity($this->server))->hydrate([
'id' => $scope['id'],
'description' => $scope['description'],
]);
}
return $scopes;
} }
public function create($owner_type, $owner_id, $client_id, $client_redirect_uri = null) public function create($owner_type, $owner_id, $client_id, $client_redirect_uri = null)
{ {
$sql = 'INSERT INTO oauth_sessions'
. ' (owner_type, owner_id, client_id)'
. ' VALUES'
. ' (?, ?, ?);';
return $this->db->execute($sql, [$owner_type, $owner_id, $client_id]);
} }
public function associateScope(SessionEntity $session, ScopeEntity $scope) public function associateScope(SessionEntity $session, ScopeEntity $scope)
{ {
$sql = 'INSERT INTO oauth_access_token_scopes'
. ' (access_token_id, scope_id)'
. ' VALUES'
. ' (?, ?);';
$this->db->execute($sql, [$session->getId(), $scope->getId()]);
} }
} }

42
src/Resource.php
View file

@ -14,6 +14,12 @@
namespace Pickles; namespace Pickles;
use \League\OAuth2\Server\ResourceServer;
use Pickles\OAuth2\AccessTokenStorage;
use Pickles\OAuth2\ClientStorage;
use Pickles\OAuth2\ScopeStorage;
use Pickles\OAuth2\SessionStorage;
/** /**
* Resource Class * Resource Class
* *
@ -26,15 +32,6 @@ namespace Pickles;
*/ */
class Resource extends Object class Resource extends Object
{ {
/**
* HTTPS
*
* Whether or not the page should be loaded via HTTP Secure.
*
* @var boolean defaults to false
*/
public $https = false;
/** /**
* Filter * Filter
* *
@ -83,25 +80,28 @@ class Resource extends Object
try try
{ {
// Determines if we need to serve over HTTP or HTTPS // Checks if auth flag is explicity true or true for the method
if (($this->https === true
|| (isset($this->https[$method]) && $this->https[$method]))
&& (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == false))
{
throw new \Exception('HTTPS is required.', 400);
}
// Check auth if flag is explicitly true or is true for the method
if ($this->auth === true if ($this->auth === true
|| (isset($this->auth[$method]) && $this->auth[$method])) || (isset($this->auth[$method]) && $this->auth[$method]))
{ {
if (!isset($this->config['oauth2'][$_SERVER['__version']])) if (isset($this->config['oauth'][$_SERVER['__version']]))
{
$server = new ResourceServer(
new SessionStorage,
new AccessTokenStorage,
new ClientStorage,
new ScopeStorage
);
$server->isValidRequest();
}
else
{ {
throw new \Exception('Authentication is not configured properly.', 401); throw new \Exception('Authentication is not configured properly.', 401);
} }
} }
// Hack together some new globals // Hacks together some new globals
if (in_array($method, ['PUT', 'DELETE'])) if (in_array($method, ['PUT', 'DELETE']))
{ {
$GLOBALS['_' . $method] = []; $GLOBALS['_' . $method] = [];
@ -337,7 +337,7 @@ class Resource extends Object
{ {
http_response_code($this->status); http_response_code($this->status);
header('Content-Type: application/json'); header('Content-Type: application/json');
header('X-Powered-By: Pickles v2 - https://picklesphp.com'); header('X-Powered-By: Pickles (http://picklesphp.com)');
$meta = [ $meta = [
'status' => $this->status, 'status' => $this->status,

6
src/Router.php
View file

@ -39,6 +39,12 @@ class Router extends Object
try try
{ {
// Secure by default
if (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == false)
{
throw new \Exception('HTTPS is required.', 400);
}
// Grabs the requested page // Grabs the requested page
$request = $_REQUEST['request']; $request = $_REQUEST['request'];
$components = explode('/', $request); $components = explode('/', $request);