joshtronic/pickles
1
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch '2.0' of github.com:picklesphp/pickles into 2.0

Browse source
This commit is contained in:
Josh Sherman 2014-10-16 10:34:12 -04:00
commit ba2729cb7f
11 changed files with 314 additions and 77 deletions
Download patch file Download diff file Expand all files Collapse all files

2
composer.json
View file

@ -23,7 +23,7 @@
},
"require": {
"php": ">=5.4",
"league/oauth2-server": "4.*"
"league/oauth2-server": "4.0.x-dev"
},
"autoload": {
"psr-4": {

3
composer.lock generated
View file

@ -4,7 +4,7 @@
"Read more about it at http://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically"
],
"hash": "76708e9b1bd8a87135b6c5b4c0e38a2a",
"hash": "f919c496ec07285f990ccb4efab8cf18",
"packages": [
{
"name": "league/event",
@ -1434,6 +1434,7 @@
"aliases": [],
"minimum-stability": "dev",
"stability-flags": {
"league/oauth2-server": 20,
"phpunit/phpunit": 20,
"satooshi/php-coveralls": 20
},

90
sql/oauth2.sql
View file

@ -7,13 +7,16 @@ CREATE TABLE `oauth_clients` (
UNIQUE KEY `u_oacl_clse_clid` (`secret`,`id`)
) ENGINE=INNODB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci;
CREATE TABLE `oauth_client_endpoints` (
CREATE TABLE `oauth_endpoints` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`client_id` char(40) NOT NULL,
`redirect_uri` varchar(255) NOT NULL,
PRIMARY KEY (`id`),
KEY `i_oaclen_clid` (`client_id`),
CONSTRAINT `f_oaclen_clid` FOREIGN KEY (`client_id`) REFERENCES `oauth_clients` (`id`) ON DELETE CASCADE ON UPDATE CASCADE
CONSTRAINT `f_oaclen_clid`
FOREIGN KEY (`client_id`)
REFERENCES `oauth_clients` (`id`)
ON DELETE CASCADE ON UPDATE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci;
CREATE TABLE `oauth_sessions` (
@ -23,46 +26,64 @@ CREATE TABLE `oauth_sessions` (
`owner_id` varchar(255) NOT NULL,
PRIMARY KEY (`id`),
KEY `i_uase_clid_owty_owid` (`client_id`,`owner_type`,`owner_id`),
CONSTRAINT `f_oase_clid` FOREIGN KEY (`client_id`) REFERENCES `oauth_clients` (`id`) ON DELETE CASCADE ON UPDATE CASCADE
CONSTRAINT `f_oase_clid`
FOREIGN KEY (`client_id`)
REFERENCES `oauth_clients` (`id`)
ON DELETE CASCADE ON UPDATE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci;
CREATE TABLE `oauth_session_access_tokens` (
CREATE TABLE `oauth_access_tokens` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`session_id` int(10) unsigned NOT NULL,
`access_token` char(40) NOT NULL,
`access_token_expires` int(10) unsigned NOT NULL,
`expires_at` int(10) unsigned NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `u_oaseacto_acto_seid` (`access_token`,`session_id`),
KEY `f_oaseto_seid` (`session_id`),
CONSTRAINT `f_oaseto_seid` FOREIGN KEY (`session_id`) REFERENCES `oauth_sessions` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION
CONSTRAINT `f_oaseto_seid`
FOREIGN KEY (`session_id`)
REFERENCES `oauth_sessions` (`id`)
ON DELETE CASCADE ON UPDATE NO ACTION
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci;
CREATE TABLE `oauth_session_authcodes` (
CREATE TABLE `oauth_authorization_codes` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`session_id` int(10) unsigned NOT NULL,
`auth_code` char(40) NOT NULL,
`auth_code_expires` int(10) unsigned NOT NULL,
`authorization_code` char(40) NOT NULL,
`expires_at` int(10) unsigned NOT NULL,
PRIMARY KEY (`id`),
KEY `session_id` (`session_id`),
CONSTRAINT `oauth_session_authcodes_ibfk_1` FOREIGN KEY (`session_id`) REFERENCES `oauth_sessions` (`id`) ON DELETE CASCADE
CONSTRAINT `oauth_authorization_codes_ibfk_1`
FOREIGN KEY (`session_id`)
REFERENCES `oauth_sessions` (`id`)
ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci;
CREATE TABLE `oauth_session_redirects` (
CREATE TABLE `oauth_redirect_uris` (
`session_id` int(10) unsigned NOT NULL,
`redirect_uri` varchar(255) NOT NULL,
PRIMARY KEY (`session_id`),
CONSTRAINT `f_oasere_seid` FOREIGN KEY (`session_id`) REFERENCES `oauth_sessions` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION
CONSTRAINT `f_oasere_seid`
FOREIGN KEY (`session_id`)
REFERENCES `oauth_sessions` (`id`)
ON DELETE CASCADE ON UPDATE NO ACTION
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci;
CREATE TABLE `oauth_session_refresh_tokens` (
`session_access_token_id` int(10) unsigned NOT NULL,
CREATE TABLE `oauth_refresh_tokens` (
`access_token_id` int(10) unsigned NOT NULL,
`refresh_token` char(40) NOT NULL,
`refresh_token_expires` int(10) unsigned NOT NULL,
`expires_at` int(10) unsigned NOT NULL,
`client_id` char(40) NOT NULL,
PRIMARY KEY (`session_access_token_id`),
PRIMARY KEY (`access_token_id`),
KEY `client_id` (`client_id`),
CONSTRAINT `oauth_session_refresh_tokens_ibfk_1` FOREIGN KEY (`client_id`) REFERENCES `oauth_clients` (`id`) ON DELETE CASCADE,
CONSTRAINT `f_oasetore_setoid` FOREIGN KEY (`session_access_token_id`) REFERENCES `oauth_session_access_tokens` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION
CONSTRAINT `oauth_refresh_tokens_ibfk_1`
FOREIGN KEY (`client_id`)
REFERENCES `oauth_clients` (`id`)
ON DELETE CASCADE,
CONSTRAINT `f_oasetore_setoid`
FOREIGN KEY (`access_token_id`)
REFERENCES `oauth_access_tokens` (`id`)
ON DELETE CASCADE ON UPDATE NO ACTION
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci;
CREATE TABLE `oauth_scopes` (
@ -74,22 +95,35 @@ CREATE TABLE `oauth_scopes` (
UNIQUE KEY `u_oasc_sc` (`scope`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci;
CREATE TABLE `oauth_session_token_scopes` (
CREATE TABLE `oauth_access_token_scopes` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`session_access_token_id` int(10) unsigned DEFAULT NULL,
`access_token_id` int(10) unsigned DEFAULT NULL,
`scope_id` smallint(5) unsigned NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `u_setosc_setoid_scid` (`session_access_token_id`,`scope_id`),
UNIQUE KEY `u_setosc_setoid_scid` (`access_token_id`,`scope_id`),
KEY `f_oasetosc_scid` (`scope_id`),
CONSTRAINT `f_oasetosc_scid` FOREIGN KEY (`scope_id`) REFERENCES `oauth_scopes` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION,
CONSTRAINT `f_oasetosc_setoid` FOREIGN KEY (`session_access_token_id`) REFERENCES `oauth_session_access_tokens` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION
CONSTRAINT `f_oasetosc_scid`
FOREIGN KEY (`scope_id`)
REFERENCES `oauth_scopes` (`id`)
ON DELETE CASCADE ON UPDATE NO ACTION,
CONSTRAINT `f_oasetosc_setoid`
FOREIGN KEY (`access_token_id`)
REFERENCES `oauth_access_tokens` (`id`)
ON DELETE CASCADE ON UPDATE NO ACTION
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci;
CREATE TABLE `oauth_session_authcode_scopes` (
`oauth_session_authcode_id` int(10) unsigned NOT NULL,
CREATE TABLE `oauth_authorization_code_scopes` (
`authorization_code_id` int(10) unsigned NOT NULL,
`scope_id` smallint(5) unsigned NOT NULL,
KEY `oauth_session_authcode_id` (`oauth_session_authcode_id`),
KEY `authorization_code_id` (`authorization_code_id`),
KEY `scope_id` (`scope_id`),
CONSTRAINT `oauth_session_authcode_scopes_ibfk_2` FOREIGN KEY (`scope_id`) REFERENCES `oauth_scopes` (`id`) ON DELETE CASCADE,
CONSTRAINT `oauth_session_authcode_scopes_ibfk_1` FOREIGN KEY (`oauth_session_authcode_id`) REFERENCES `oauth_session_authcodes` (`id`) ON DELETE CASCADE
CONSTRAINT `oauth_authorization_code_scopes_ibfk_2`
FOREIGN KEY (`scope_id`)
REFERENCES `oauth_scopes` (`id`)
ON DELETE CASCADE,
CONSTRAINT `oauth_authorization_code_scopes_ibfk_1`
FOREIGN KEY (`authorization_code_id`)
REFERENCES `oauth_authorization_codes` (`id`)
ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci;

48
src/OAuth2/AccessTokenStorage.php
View file

@ -3,6 +3,7 @@
namespace Pickles\OAuth2;
use \League\OAuth2\Server\Entity\AbstractTokenEntity;
use \League\OAuth2\Server\Entity\AccessTokenEntity;
use \League\OAuth2\Server\Entity\ScopeEntity;
use \League\OAuth2\Server\Storage\AccessTokenInterface;
@ -10,27 +11,74 @@ class AccessTokenStorage extends StorageAdapter implements AccessTokenInterface
{
public function get($token)
{
$sql = 'SELECT oauth_access_tokens.*'
. ' FROM oauth_access_tokens'
. ' WHERE access_token = ?'
. ' AND expires_at >= ?;';
$results = $this->db->fetch($sql, [$token, time()]);
if (count($results) === 1)
{
return (new AccessTokenEntity($this->server))
->setId($results[0]['access_token'])
->setExpireTime($results[0]['expires_at']);
}
return null;
}
public function getScopes(AbstractTokenEntity $token)
{
$sql = 'SELECT oauth_scopes.id, oauth_scopes.description'
. ' FROM oauth_access_token_scopes'
. ' INNER JOIN oauth_scopes'
. ' ON oauth_access_token_scopes.scope_id = oauth_scopes.id'
. ' WHERE oauth_access_token_scopes.access_token_id = ?;';
$results = $this->db->fetch($sql, [$token->getId()]);
$response = [];
if (count($results) > 0)
{
foreach ($results as $row)
{
$response[] = (new ScopeEntity($this->server))->hydrate([
'id' => $row['id'],
'description' => $row['description']
]);
}
}
return $response;
}
public function create($token, $expiration, $session_id)
{
$sql = 'INSERT INTO oauth_access_tokens'
. ' (access_token, session_id, expires_at)'
. ' VALUES'
. ' (?, ?, ?);';
$this->db->execute($sql, [$token, $session_id, $expiration]);
}
public function associateScope(AbstractTokenEntity $token, ScopeEntity $scope)
{
$sql = 'INSERT INTO oauth_access_token_scopes'
. ' (access_token, scope)'
. ' VALUES'
. ' (?, ?);';
$this->db->execute($sql, [$token->getId(), $scope->getId()]);
}
public function delete(AbstractTokenEntity $token)
{
$sql = 'DELETE FROM oauth_access_token_scopes'
. ' WHERE access_token = ?;';
$this->db->execute($sql, [$token->getId()]);
}
}

28
src/OAuth2/ClientStorage.php
View file

@ -16,8 +16,8 @@ class ClientStorage extends StorageAdapter implements ClientInterface
if ($redirect_uri)
{
$sql .= ', oauth_client_redirect_uris.*'
. ' INNER JOIN oauth_client_redirect_uris'
. ' ON oauth_clients.id = oauth_client_redirect_uris.client_id';
. ' INNER JOIN oauth_redirect_uris'
. ' ON oauth_clients.id = oauth_redirect_uris.client_id';
}
$sql .= ' FROM oauth_clients WHERE oauth_clients.id = ?';
@ -32,7 +32,7 @@ class ClientStorage extends StorageAdapter implements ClientInterface
if ($redirect_uri)
{
$sql .= 'AND oauth_client_redirect_uris.redirect_uri = ?';
$sql .= 'AND oauth_redirect_uris.redirect_uri = ?';
$parameters[] = $redirect_uri;
}
@ -55,25 +55,27 @@ class ClientStorage extends StorageAdapter implements ClientInterface
public function getBySession(SessionEntity $session)
{
/*
$result = Capsule::table('oauth_clients')
->select(['oauth_clients.id', 'oauth_clients.name'])
->join('oauth_sessions', 'oauth_clients.id', '=', 'oauth_sessions.client_id')
->where('oauth_sessions.id', $session->getId())
->get();
$sql = 'SELECT oauth_clients.id, oauth_clients.name'
. ' FROM oauth_clients'
. ' INNER JOIN oauth_sessions'
. ' ON oauth_clients.id = oauth_sessions.client_id'
. ' WHERE oauth_sessions.id = ?';
if (count($result) === 1) {
$results = $this->db->fetch($sql, [$session->getId()]);
if (count($results) === 1)
{
$client = new ClientEntity($this->server);
$client->hydrate([
'id' => $result[0]['id'],
'name' => $result[0]['name']
'id' => $results[0]['id'],
'name' => $results[0]['name']
]);
return $client;
}
return null;
*/
}
}

56
src/OAuth2/RefreshTokenStorage.php Normal file
View file

@ -0,0 +1,56 @@
<?php
namespace Pickles\OAuth2;
use \League\OAuth2\Server\Entity\RefreshTokenEntity;
use \League\OAuth2\Server\Storage\RefreshTokenInterface;
class RefreshTokenStorage extends StorageAdapter implements RefreshTokenInterface
{
public function get($token)
{
$sql = 'SELECT oauth_refresh_tokens.*'
. ' FROM oauth_refresh_tokens'
. ' WHERE refresh_token = ?'
. ' AND expires_at >= ?;';
$results = $this->db->fetch($sql, [$token, time()]);
if (count($results) === 1)
{
return (new RefreshTokenEntity($this->server))
->setId($result[0]['refresh_token'])
->setExpireTime($result[0]['expires_at'])
->setAccessTokenId($result[0]['access_token_id']);
}
return null;
}
public function create($token, $expiration, $access_token)
{
$sql = 'SELECT id FROM oauth_access_tokens WHERE access_token = ?;';
$results = $this->db->fetch($sql, [$access_token]);
$token_id = $results[0]['id'];
$sql = 'INSERT INTO oauth_refresh_tokens'
. ' (refresh_token, access_token_id, expires_at, client_id)'
. ' VALUES'
. ' (?, ?, ?, ?);';
$this->db->execute($sql, [
$token,
$token_id,
$expiration,
$this->server->getRequest()->request->get('client_id', null),
]);
}
public function delete(RefreshTokenEntity $token)
{
$sql = 'DELETE FROM oauth_refresh_tokens WHERE refresh_token = ?;';
$this->db->execute($sql, [$token->getId()]);
}
}

20
src/OAuth2/Resource.php
View file

@ -4,14 +4,14 @@ namespace Pickles\OAuth2;
use \League\OAuth2\Server\AuthorizationServer;
use \League\OAuth2\Server\Grant\PasswordGrant;
use \League\OAuth2\Server\Grant\RefreshTokenGrant;
use \Pickles\App\Models\User;
use \Pickles\Config;
class Resource extends \Pickles\Resource
{
public function __construct()
public function POST()
{
parent::__construct();
if (!isset($this->config['oauth'][$_SERVER['__version']]))
{
throw new \Exception('Forbidden.', 403);
@ -28,6 +28,7 @@ class Resource extends \Pickles\Resource
$server->setAccessTokenStorage(new AccessTokenStorage);
$server->setClientStorage(new ClientStorage);
$server->setScopeStorage(new ScopeStorage);
$server->setRefreshTokenStorage(new RefreshTokenStorage);
switch ($_REQUEST['grant_type'])
{
@ -45,10 +46,16 @@ class Resource extends \Pickles\Resource
case 'password':
$grant = new PasswordGrant;
$grant->setAccessTokenTTL(3600);
// @todo ^^^ check config and use that value
$grant->setVerifyCredentialsCallback(function ($username, $password)
{
$user = new User(['email' => $username]);
$user = new User([
'conditions' => [
'email' => $username,
],
]);
return $user->count()
&& password_verify($password, $user->record['password']);
@ -63,7 +70,12 @@ class Resource extends \Pickles\Resource
$server->addGrantType($grant);
$refreshTokenGrant = new RefreshTokenGrant;
$server->addGrantType($refreshTokenGrant);
$response = $server->issueAccessToken();
return $response;
}
catch (\Exception $e)
{

11
src/OAuth2/ScopeStorage.php
View file

@ -9,7 +9,18 @@ class ScopeStorage extends StorageAdapter implements ScopeInterface
{
public function get($scope, $grant_type = null, $client_id = null)
{
$sql = 'SELECT * FROM oauth_scopes WHERE id = ?;';
$results = $this->db->fetch($sql, [$scope]);
if (count($results) === 0)
{
return null;
}
return (new ScopeEntity($this->server))->hydrate([
'id' => $result[0]['id'],
'description' => $result[0]['description'],
]);
}
}

67
src/OAuth2/SessionStorage.php
View file

@ -13,27 +13,94 @@ class SessionStorage extends StorageAdapter implements SessionInterface
{
public function getByAccessToken(AccessTokenEntity $access_token)
{
$sql = 'SELECT oauth_sessions.id, oauth_sessions.owner_type,'
. ' oauth_sessions.owner_id, oauth_sessions.client_id,'
. ' oauth_sessions.client_redirect_uri'
. ' FROM oauth_sessions'
. ' INNER JOIN oauth_access_tokens'
. ' ON oauth_access_tokens.session_id = oauth_sessions.id'
. ' WHERE oauth_access_tokens.access_token = ?;';
$results = $this->db->fetch($sql, [$access_token->getId()]);
if (count($results) === 1)
{
$session = new SessionEntity($this->server);
$session->setId($result[0]['id']);
$session->setOwner($result[0]['owner_type'], $result[0]['owner_id']);
return $session;
}
return null;
}
public function getByAuthCode(AuthCodeEntity $auth_code)
{
$sql = 'SELECT oauth_sessions.id, oauth_sessions.owner_type,'
. ' oauth_sessions.owner_id, oauth_sessions.client_id,'
. ' oauth_sessions.client_redirect_uri'
. ' FROM oauth_sessions'
. ' INNER JOIN oauth_authorization_codes'
. ' ON oauth_authorization_codes.session_id = oauth_sessions.id'
. ' WHERE oauth_authorization_codes.authorization_code = ?;';
$results = $this->db->fetch($sql, [$auth_code->getId()]);
if (count($results) === 1)
{
$session = new SessionEntity($this->server);
$session->setId($result[0]['id']);
$session->setOwner($result[0]['owner_type'], $result[0]['owner_id']);
return $session;
}
return null;
}
public function getScopes(SessionEntity $session)
{
$sql = 'SELECT oauth_sessions.*'
. ' FROM oauth_sessions'
. ' INNER JOIN oauth_access_token_scopes'
. ' ON oauth_sessions.id = oauth_access_token_scopes.access_token_id'
. ' INNER JOIN oauth_scopes'
. ' ON oauth_scopes.id = oauth_access_token_scopes.scope_id'
. ' WHERE oauth_sessions.id = ?;';
$results = $this->db->fetch($sql, [$session->getId()]);
$scopes = [];
foreach ($results as $scope)
{
$scopes[] = (new ScopeEntity($this->server))->hydrate([
'id' => $scope['id'],
'description' => $scope['description'],
]);
}
return $scopes;
}
public function create($owner_type, $owner_id, $client_id, $client_redirect_uri = null)
{
$sql = 'INSERT INTO oauth_sessions'
. ' (owner_type, owner_id, client_id)'
. ' VALUES'
. ' (?, ?, ?);';
return $this->db->execute($sql, [$owner_type, $owner_id, $client_id]);
}
public function associateScope(SessionEntity $session, ScopeEntity $scope)
{
$sql = 'INSERT INTO oauth_access_token_scopes'
. ' (access_token_id, scope_id)'
. ' VALUES'
. ' (?, ?);';
$this->db->execute($sql, [$session->getId(), $scope->getId()]);
}
}

42
src/Resource.php
View file

@ -14,6 +14,12 @@
namespace Pickles;
use \League\OAuth2\Server\ResourceServer;
use Pickles\OAuth2\AccessTokenStorage;
use Pickles\OAuth2\ClientStorage;
use Pickles\OAuth2\ScopeStorage;
use Pickles\OAuth2\SessionStorage;
/**
* Resource Class
*
@ -26,15 +32,6 @@ namespace Pickles;
*/
class Resource extends Object
{
/**
* HTTPS
*
* Whether or not the page should be loaded via HTTP Secure.
*
* @var boolean defaults to false
*/
public $https = false;
/**
* Filter
*
@ -83,25 +80,28 @@ class Resource extends Object
try
{
// Determines if we need to serve over HTTP or HTTPS
if (($this->https === true
|| (isset($this->https[$method]) && $this->https[$method]))
&& (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == false))
{
throw new \Exception('HTTPS is required.', 400);
}
// Check auth if flag is explicitly true or is true for the method
// Checks if auth flag is explicity true or true for the method
if ($this->auth === true
|| (isset($this->auth[$method]) && $this->auth[$method]))
{
if (!isset($this->config['oauth2'][$_SERVER['__version']]))
if (isset($this->config['oauth'][$_SERVER['__version']]))
{
$server = new ResourceServer(
new SessionStorage,
new AccessTokenStorage,
new ClientStorage,
new ScopeStorage
);
$server->isValidRequest();
}
else
{
throw new \Exception('Authentication is not configured properly.', 401);
}
}
// Hack together some new globals
// Hacks together some new globals
if (in_array($method, ['PUT', 'DELETE']))
{
$GLOBALS['_' . $method] = [];
@ -337,7 +337,7 @@ class Resource extends Object
{
http_response_code($this->status);
header('Content-Type: application/json');
header('X-Powered-By: Pickles v2 - https://picklesphp.com');
header('X-Powered-By: Pickles (http://picklesphp.com)');
$meta = [
'status' => $this->status,

6
src/Router.php
View file

@ -39,6 +39,12 @@ class Router extends Object
try
{
// Secure by default
if (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == false)
{
throw new \Exception('HTTPS is required.', 400);
}
// Grabs the requested page
$request = $_REQUEST['request'];
$components = explode('/', $request);