diff options
author | Mario Vavti <mario@mariovavti.com> | 2017-07-03 21:33:24 +0200 |
---|---|---|
committer | Mario Vavti <mario@mariovavti.com> | 2017-07-03 21:33:24 +0200 |
commit | d0961068247ce57ba0eb45afc078cacb44b87810 (patch) | |
tree | f9372689e943a522f4c0bd417d4458474aee0cfd /library/oauth2/src/OAuth2/Storage/DynamoDB.php | |
parent | 562124c29f821b046bc4cf4b48a7bde39c70a07b (diff) | |
parent | 64cad0a041e44940f75bf351fc3755b3202f9029 (diff) | |
download | volse-hubzilla-d0961068247ce57ba0eb45afc078cacb44b87810.tar.gz volse-hubzilla-d0961068247ce57ba0eb45afc078cacb44b87810.tar.bz2 volse-hubzilla-d0961068247ce57ba0eb45afc078cacb44b87810.zip |
merge red into hubzilla
Diffstat (limited to 'library/oauth2/src/OAuth2/Storage/DynamoDB.php')
-rw-r--r-- | library/oauth2/src/OAuth2/Storage/DynamoDB.php | 540 |
1 files changed, 0 insertions, 540 deletions
diff --git a/library/oauth2/src/OAuth2/Storage/DynamoDB.php b/library/oauth2/src/OAuth2/Storage/DynamoDB.php deleted file mode 100644 index 8347ab258..000000000 --- a/library/oauth2/src/OAuth2/Storage/DynamoDB.php +++ /dev/null @@ -1,540 +0,0 @@ -<?php - -namespace OAuth2\Storage; - -use Aws\DynamoDb\DynamoDbClient; - -use OAuth2\OpenID\Storage\UserClaimsInterface; -use OAuth2\OpenID\Storage\AuthorizationCodeInterface as OpenIDAuthorizationCodeInterface; -/** - * DynamoDB storage for all storage types - * - * To use, install "aws/aws-sdk-php" via composer - * <code> - * composer require aws/aws-sdk-php:dev-master - * </code> - * - * Once this is done, instantiate the DynamoDB client - * <code> - * $storage = new OAuth2\Storage\Dynamodb(array("key" => "YOURKEY", "secret" => "YOURSECRET", "region" => "YOURREGION")); - * </code> - * - * Table : - * - oauth_access_tokens (primary hash key : access_token) - * - oauth_authorization_codes (primary hash key : authorization_code) - * - oauth_clients (primary hash key : client_id) - * - oauth_jwt (primary hash key : client_id, primary range key : subject) - * - oauth_public_keys (primary hash key : client_id) - * - oauth_refresh_tokens (primary hash key : refresh_token) - * - oauth_scopes (primary hash key : scope, secondary index : is_default-index hash key is_default) - * - oauth_users (primary hash key : username) - * - * @author Frederic AUGUSTE <frederic.auguste at gmail dot com> - */ -class DynamoDB implements - AuthorizationCodeInterface, - AccessTokenInterface, - ClientCredentialsInterface, - UserCredentialsInterface, - RefreshTokenInterface, - JwtBearerInterface, - ScopeInterface, - PublicKeyInterface, - UserClaimsInterface, - OpenIDAuthorizationCodeInterface -{ - protected $client; - protected $config; - - public function __construct($connection, $config = array()) - { - if (!($connection instanceof DynamoDbClient)) { - if (!is_array($connection)) { - throw new \InvalidArgumentException('First argument to OAuth2\Storage\Dynamodb must be an instance a configuration array containt key, secret, region'); - } - if (!array_key_exists("key",$connection) || !array_key_exists("secret",$connection) || !array_key_exists("region",$connection) ) { - throw new \InvalidArgumentException('First argument to OAuth2\Storage\Dynamodb must be an instance a configuration array containt key, secret, region'); - } - $this->client = DynamoDbClient::factory(array( - 'key' => $connection["key"], - 'secret' => $connection["secret"], - 'region' =>$connection["region"] - )); - } else { - $this->client = $connection; - } - - $this->config = array_merge(array( - 'client_table' => 'oauth_clients', - 'access_token_table' => 'oauth_access_tokens', - 'refresh_token_table' => 'oauth_refresh_tokens', - 'code_table' => 'oauth_authorization_codes', - 'user_table' => 'oauth_users', - 'jwt_table' => 'oauth_jwt', - 'scope_table' => 'oauth_scopes', - 'public_key_table' => 'oauth_public_keys', - ), $config); - } - - /* OAuth2\Storage\ClientCredentialsInterface */ - public function checkClientCredentials($client_id, $client_secret = null) - { - $result = $this->client->getItem(array( - "TableName"=> $this->config['client_table'], - "Key" => array('client_id' => array('S' => $client_id)) - )); - - return $result->count()==1 && $result["Item"]["client_secret"]["S"] == $client_secret; - } - - public function isPublicClient($client_id) - { - $result = $this->client->getItem(array( - "TableName"=> $this->config['client_table'], - "Key" => array('client_id' => array('S' => $client_id)) - )); - - if ($result->count()==0) { - return false ; - } - - return empty($result["Item"]["client_secret"]); - } - - /* OAuth2\Storage\ClientInterface */ - public function getClientDetails($client_id) - { - $result = $this->client->getItem(array( - "TableName"=> $this->config['client_table'], - "Key" => array('client_id' => array('S' => $client_id)) - )); - if ($result->count()==0) { - return false ; - } - $result = $this->dynamo2array($result); - foreach (array('client_id', 'client_secret', 'redirect_uri', 'grant_types', 'scope', 'user_id') as $key => $val) { - if (!array_key_exists ($val, $result)) { - $result[$val] = null; - } - } - - return $result; - } - - public function setClientDetails($client_id, $client_secret = null, $redirect_uri = null, $grant_types = null, $scope = null, $user_id = null) - { - $clientData = compact('client_id', 'client_secret', 'redirect_uri', 'grant_types', 'scope', 'user_id'); - $clientData = array_filter($clientData, 'self::isNotEmpty'); - - $result = $this->client->putItem(array( - 'TableName' => $this->config['client_table'], - 'Item' => $this->client->formatAttributes($clientData) - )); - - return true; - } - - public function checkRestrictedGrantType($client_id, $grant_type) - { - $details = $this->getClientDetails($client_id); - if (isset($details['grant_types'])) { - $grant_types = explode(' ', $details['grant_types']); - - return in_array($grant_type, (array) $grant_types); - } - - // if grant_types are not defined, then none are restricted - return true; - } - - /* OAuth2\Storage\AccessTokenInterface */ - public function getAccessToken($access_token) - { - $result = $this->client->getItem(array( - "TableName"=> $this->config['access_token_table'], - "Key" => array('access_token' => array('S' => $access_token)) - )); - if ($result->count()==0) { - return false ; - } - $token = $this->dynamo2array($result); - if (array_key_exists ('expires', $token)) { - $token['expires'] = strtotime($token['expires']); - } - - return $token; - } - - public function setAccessToken($access_token, $client_id, $user_id, $expires, $scope = null) - { - // convert expires to datestring - $expires = date('Y-m-d H:i:s', $expires); - - $clientData = compact('access_token', 'client_id', 'user_id', 'expires', 'scope'); - $clientData = array_filter($clientData, 'self::isNotEmpty'); - - $result = $this->client->putItem(array( - 'TableName' => $this->config['access_token_table'], - 'Item' => $this->client->formatAttributes($clientData) - )); - - return true; - - } - - public function unsetAccessToken($access_token) - { - $result = $this->client->deleteItem(array( - 'TableName' => $this->config['access_token_table'], - 'Key' => $this->client->formatAttributes(array("access_token" => $access_token)), - 'ReturnValues' => 'ALL_OLD', - )); - - return null !== $result->get('Attributes'); - } - - /* OAuth2\Storage\AuthorizationCodeInterface */ - public function getAuthorizationCode($code) - { - $result = $this->client->getItem(array( - "TableName"=> $this->config['code_table'], - "Key" => array('authorization_code' => array('S' => $code)) - )); - if ($result->count()==0) { - return false ; - } - $token = $this->dynamo2array($result); - if (!array_key_exists("id_token", $token )) { - $token['id_token'] = null; - } - $token['expires'] = strtotime($token['expires']); - - return $token; - - } - - public function setAuthorizationCode($authorization_code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null) - { - // convert expires to datestring - $expires = date('Y-m-d H:i:s', $expires); - - $clientData = compact('authorization_code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'id_token', 'scope'); - $clientData = array_filter($clientData, 'self::isNotEmpty'); - - $result = $this->client->putItem(array( - 'TableName' => $this->config['code_table'], - 'Item' => $this->client->formatAttributes($clientData) - )); - - return true; - } - - public function expireAuthorizationCode($code) - { - - $result = $this->client->deleteItem(array( - 'TableName' => $this->config['code_table'], - 'Key' => $this->client->formatAttributes(array("authorization_code" => $code)) - )); - - return true; - } - - /* OAuth2\Storage\UserCredentialsInterface */ - public function checkUserCredentials($username, $password) - { - if ($user = $this->getUser($username)) { - return $this->checkPassword($user, $password); - } - - return false; - } - - public function getUserDetails($username) - { - return $this->getUser($username); - } - - /* UserClaimsInterface */ - public function getUserClaims($user_id, $claims) - { - if (!$userDetails = $this->getUserDetails($user_id)) { - return false; - } - - $claims = explode(' ', trim($claims)); - $userClaims = array(); - - // for each requested claim, if the user has the claim, set it in the response - $validClaims = explode(' ', self::VALID_CLAIMS); - foreach ($validClaims as $validClaim) { - if (in_array($validClaim, $claims)) { - if ($validClaim == 'address') { - // address is an object with subfields - $userClaims['address'] = $this->getUserClaim($validClaim, $userDetails['address'] ?: $userDetails); - } else { - $userClaims = array_merge($userClaims, $this->getUserClaim($validClaim, $userDetails)); - } - } - } - - return $userClaims; - } - - protected function getUserClaim($claim, $userDetails) - { - $userClaims = array(); - $claimValuesString = constant(sprintf('self::%s_CLAIM_VALUES', strtoupper($claim))); - $claimValues = explode(' ', $claimValuesString); - - foreach ($claimValues as $value) { - if ($value == 'email_verified') { - $userClaims[$value] = $userDetails[$value]=='true' ? true : false; - } else { - $userClaims[$value] = isset($userDetails[$value]) ? $userDetails[$value] : null; - } - } - - return $userClaims; - } - - /* OAuth2\Storage\RefreshTokenInterface */ - public function getRefreshToken($refresh_token) - { - $result = $this->client->getItem(array( - "TableName"=> $this->config['refresh_token_table'], - "Key" => array('refresh_token' => array('S' => $refresh_token)) - )); - if ($result->count()==0) { - return false ; - } - $token = $this->dynamo2array($result); - $token['expires'] = strtotime($token['expires']); - - return $token; - } - - public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = null) - { - // convert expires to datestring - $expires = date('Y-m-d H:i:s', $expires); - - $clientData = compact('refresh_token', 'client_id', 'user_id', 'expires', 'scope'); - $clientData = array_filter($clientData, 'self::isNotEmpty'); - - $result = $this->client->putItem(array( - 'TableName' => $this->config['refresh_token_table'], - 'Item' => $this->client->formatAttributes($clientData) - )); - - return true; - } - - public function unsetRefreshToken($refresh_token) - { - $result = $this->client->deleteItem(array( - 'TableName' => $this->config['refresh_token_table'], - 'Key' => $this->client->formatAttributes(array("refresh_token" => $refresh_token)) - )); - - return true; - } - - // plaintext passwords are bad! Override this for your application - protected function checkPassword($user, $password) - { - return $user['password'] == $this->hashPassword($password); - } - - // use a secure hashing algorithm when storing passwords. Override this for your application - protected function hashPassword($password) - { - return sha1($password); - } - - public function getUser($username) - { - $result = $this->client->getItem(array( - "TableName"=> $this->config['user_table'], - "Key" => array('username' => array('S' => $username)) - )); - if ($result->count()==0) { - return false ; - } - $token = $this->dynamo2array($result); - $token['user_id'] = $username; - - return $token; - } - - public function setUser($username, $password, $first_name = null, $last_name = null) - { - // do not store in plaintext - $password = $this->hashPassword($password); - - $clientData = compact('username', 'password', 'first_name', 'last_name'); - $clientData = array_filter($clientData, 'self::isNotEmpty'); - - $result = $this->client->putItem(array( - 'TableName' => $this->config['user_table'], - 'Item' => $this->client->formatAttributes($clientData) - )); - - return true; - - } - - /* ScopeInterface */ - public function scopeExists($scope) - { - $scope = explode(' ', $scope); - $scope_query = array(); - $count = 0; - foreach ($scope as $key => $val) { - $result = $this->client->query(array( - 'TableName' => $this->config['scope_table'], - 'Select' => 'COUNT', - 'KeyConditions' => array( - 'scope' => array( - 'AttributeValueList' => array(array('S' => $val)), - 'ComparisonOperator' => 'EQ' - ) - ) - )); - $count += $result['Count']; - } - - return $count == count($scope); - } - - public function getDefaultScope($client_id = null) - { - - $result = $this->client->query(array( - 'TableName' => $this->config['scope_table'], - 'IndexName' => 'is_default-index', - 'Select' => 'ALL_ATTRIBUTES', - 'KeyConditions' => array( - 'is_default' => array( - 'AttributeValueList' => array(array('S' => 'true')), - 'ComparisonOperator' => 'EQ', - ), - ) - )); - $defaultScope = array(); - if ($result->count() > 0) { - $array = $result->toArray(); - foreach ($array["Items"] as $item) { - $defaultScope[] = $item['scope']['S']; - } - - return empty($defaultScope) ? null : implode(' ', $defaultScope); - } - - return null; - } - - /* JWTBearerInterface */ - public function getClientKey($client_id, $subject) - { - $result = $this->client->getItem(array( - "TableName"=> $this->config['jwt_table'], - "Key" => array('client_id' => array('S' => $client_id), 'subject' => array('S' => $subject)) - )); - if ($result->count()==0) { - return false ; - } - $token = $this->dynamo2array($result); - - return $token['public_key']; - } - - public function getClientScope($client_id) - { - if (!$clientDetails = $this->getClientDetails($client_id)) { - return false; - } - - if (isset($clientDetails['scope'])) { - return $clientDetails['scope']; - } - - return null; - } - - public function getJti($client_id, $subject, $audience, $expires, $jti) - { - //TODO not use. - } - - public function setJti($client_id, $subject, $audience, $expires, $jti) - { - //TODO not use. - } - - /* PublicKeyInterface */ - public function getPublicKey($client_id = '0') - { - - $result = $this->client->getItem(array( - "TableName"=> $this->config['public_key_table'], - "Key" => array('client_id' => array('S' => $client_id)) - )); - if ($result->count()==0) { - return false ; - } - $token = $this->dynamo2array($result); - - return $token['public_key']; - - } - - public function getPrivateKey($client_id = '0') - { - $result = $this->client->getItem(array( - "TableName"=> $this->config['public_key_table'], - "Key" => array('client_id' => array('S' => $client_id)) - )); - if ($result->count()==0) { - return false ; - } - $token = $this->dynamo2array($result); - - return $token['private_key']; - } - - public function getEncryptionAlgorithm($client_id = null) - { - $result = $this->client->getItem(array( - "TableName"=> $this->config['public_key_table'], - "Key" => array('client_id' => array('S' => $client_id)) - )); - if ($result->count()==0) { - return 'RS256' ; - } - $token = $this->dynamo2array($result); - - return $token['encryption_algorithm']; - } - - /** - * Transform dynamodb resultset to an array. - * @param $dynamodbResult - * @return $array - */ - private function dynamo2array($dynamodbResult) - { - $result = array(); - foreach ($dynamodbResult["Item"] as $key => $val) { - $result[$key] = $val["S"]; - $result[] = $val["S"]; - } - - return $result; - } - - private static function isNotEmpty($value) - { - return null !== $value && '' !== $value; - } -} |