aboutsummaryrefslogtreecommitdiffstats
path: root/vendor/bshaffer/oauth2-server-php/src/OAuth2/Server.php
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2017-12-21 13:36:33 -0800
committerzotlabs <mike@macgirvin.com>2017-12-21 13:36:33 -0800
commite7143a265ac97b31a8e0ada85b876ba76c911a3d (patch)
treedfa42a02359701960f525d10a22e1ebca5b82873 /vendor/bshaffer/oauth2-server-php/src/OAuth2/Server.php
parent684b572aa8005479f3eb219fc526c812c801ca76 (diff)
parent9c72963d7ce3c60709755edb5d40cb0b06b29cda (diff)
downloadvolse-hubzilla-e7143a265ac97b31a8e0ada85b876ba76c911a3d.tar.gz
volse-hubzilla-e7143a265ac97b31a8e0ada85b876ba76c911a3d.tar.bz2
volse-hubzilla-e7143a265ac97b31a8e0ada85b876ba76c911a3d.zip
Merge branch 'dev' of https://github.com/redmatrix/hubzilla into dev_merge
Diffstat (limited to 'vendor/bshaffer/oauth2-server-php/src/OAuth2/Server.php')
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/Server.php283
1 files changed, 211 insertions, 72 deletions
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Server.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Server.php
index 9cfcb83a5..62ae8970d 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Server.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Server.php
@@ -30,25 +30,28 @@ use OAuth2\GrantType\UserCredentials;
use OAuth2\GrantType\ClientCredentials;
use OAuth2\GrantType\RefreshToken;
use OAuth2\GrantType\AuthorizationCode;
+use OAuth2\Storage\ClientCredentialsInterface;
+use OAuth2\Storage\ClientInterface;
use OAuth2\Storage\JwtAccessToken as JwtAccessTokenStorage;
use OAuth2\Storage\JwtAccessTokenInterface;
+use InvalidArgumentException;
+use LogicException;
/**
* Server class for OAuth2
* This class serves as a convience class which wraps the other Controller classes
*
-* @see OAuth2\Controller\ResourceController
-* @see OAuth2\Controller\AuthorizeController
-* @see OAuth2\Controller\TokenController
+* @see \OAuth2\Controller\ResourceController
+* @see \OAuth2\Controller\AuthorizeController
+* @see \OAuth2\Controller\TokenController
*/
class Server implements ResourceControllerInterface,
AuthorizeControllerInterface,
TokenControllerInterface,
UserInfoControllerInterface
{
- // misc properties
/**
- * @var Response
+ * @var ResponseInterface
*/
protected $response;
@@ -62,7 +65,6 @@ class Server implements ResourceControllerInterface,
*/
protected $storages;
- // servers
/**
* @var AuthorizeControllerInterface
*/
@@ -83,17 +85,34 @@ class Server implements ResourceControllerInterface,
*/
protected $userInfoController;
- // config classes
- protected $grantTypes;
- protected $responseTypes;
+ /**
+ * @var array
+ */
+ protected $grantTypes = [];
+
+ /**
+ * @var array
+ */
+ protected $responseTypes = [];
+
+ /**
+ * @var TokenTypeInterface
+ */
protected $tokenType;
/**
* @var ScopeInterface
*/
protected $scopeUtil;
+
+ /**
+ * @var ClientAssertionTypeInterface
+ */
protected $clientAssertionType;
+ /**
+ * @var array
+ */
protected $storageMap = array(
'access_token' => 'OAuth2\Storage\AccessTokenInterface',
'authorization_code' => 'OAuth2\Storage\AuthorizationCodeInterface',
@@ -107,6 +126,9 @@ class Server implements ResourceControllerInterface,
'scope' => 'OAuth2\Storage\ScopeInterface',
);
+ /**
+ * @var array
+ */
protected $responseTypeMap = array(
'token' => 'OAuth2\ResponseType\AccessTokenInterface',
'code' => 'OAuth2\ResponseType\AuthorizationCodeInterface',
@@ -116,15 +138,15 @@ class Server implements ResourceControllerInterface,
);
/**
- * @param mixed $storage (array or OAuth2\Storage) - single object or array of objects implementing the
- * required storage types (ClientCredentialsInterface and AccessTokenInterface as a minimum)
- * @param array $config specify a different token lifetime, token header name, etc
- * @param array $grantTypes An array of OAuth2\GrantType\GrantTypeInterface to use for granting access tokens
- * @param array $responseTypes Response types to use. array keys should be "code" and and "token" for
- * Access Token and Authorization Code response types
- * @param \OAuth2\TokenType\TokenTypeInterface $tokenType The token type object to use. Valid token types are "bearer" and "mac"
- * @param \OAuth2\ScopeInterface $scopeUtil The scope utility class to use to validate scope
- * @param \OAuth2\ClientAssertionType\ClientAssertionTypeInterface $clientAssertionType The method in which to verify the client identity. Default is HttpBasic
+ * @param mixed $storage (array or OAuth2\Storage) - single object or array of objects implementing the
+ * required storage types (ClientCredentialsInterface and AccessTokenInterface as a minimum)
+ * @param array $config specify a different token lifetime, token header name, etc
+ * @param array $grantTypes An array of OAuth2\GrantType\GrantTypeInterface to use for granting access tokens
+ * @param array $responseTypes Response types to use. array keys should be "code" and "token" for
+ * Access Token and Authorization Code response types
+ * @param TokenTypeInterface $tokenType The token type object to use. Valid token types are "bearer" and "mac"
+ * @param ScopeInterface $scopeUtil The scope utility class to use to validate scope
+ * @param ClientAssertionTypeInterface $clientAssertionType The method in which to verify the client identity. Default is HttpBasic
*
* @ingroup oauth2_section_7
*/
@@ -172,6 +194,9 @@ class Server implements ResourceControllerInterface,
}
}
+ /**
+ * @return AuthorizeControllerInterface
+ */
public function getAuthorizeController()
{
if (is_null($this->authorizeController)) {
@@ -181,6 +206,9 @@ class Server implements ResourceControllerInterface,
return $this->authorizeController;
}
+ /**
+ * @return TokenController
+ */
public function getTokenController()
{
if (is_null($this->tokenController)) {
@@ -190,6 +218,9 @@ class Server implements ResourceControllerInterface,
return $this->tokenController;
}
+ /**
+ * @return ResourceControllerInterface
+ */
public function getResourceController()
{
if (is_null($this->resourceController)) {
@@ -199,6 +230,9 @@ class Server implements ResourceControllerInterface,
return $this->resourceController;
}
+ /**
+ * @return UserInfoControllerInterface
+ */
public function getUserInfoController()
{
if (is_null($this->userInfoController)) {
@@ -209,8 +243,6 @@ class Server implements ResourceControllerInterface,
}
/**
- * every getter deserves a setter
- *
* @param AuthorizeControllerInterface $authorizeController
*/
public function setAuthorizeController(AuthorizeControllerInterface $authorizeController)
@@ -219,8 +251,6 @@ class Server implements ResourceControllerInterface,
}
/**
- * every getter deserves a setter
- *
* @param TokenControllerInterface $tokenController
*/
public function setTokenController(TokenControllerInterface $tokenController)
@@ -229,8 +259,6 @@ class Server implements ResourceControllerInterface,
}
/**
- * every getter deserves a setter
- *
* @param ResourceControllerInterface $resourceController
*/
public function setResourceController(ResourceControllerInterface $resourceController)
@@ -239,8 +267,6 @@ class Server implements ResourceControllerInterface,
}
/**
- * every getter deserves a setter
- *
* @param UserInfoControllerInterface $userInfoController
*/
public function setUserInfoController(UserInfoControllerInterface $userInfoController)
@@ -252,12 +278,8 @@ class Server implements ResourceControllerInterface,
* Return claims about the authenticated end-user.
* This would be called from the "/UserInfo" endpoint as defined in the spec.
*
- * @param $request - \OAuth2\RequestInterface
- * Request object to grant access token
- *
- * @param $response - \OAuth2\ResponseInterface
- * Response object containing error messages (failure) or user claims (success)
- *
+ * @param RequestInterface $request - Request object to grant access token
+ * @param ResponseInterface $response - Response object containing error messages (failure) or user claims (success)
* @return ResponseInterface
*
* @throws \InvalidArgumentException
@@ -278,12 +300,8 @@ class Server implements ResourceControllerInterface,
* This would be called from the "/token" endpoint as defined in the spec.
* Obviously, you can call your endpoint whatever you want.
*
- * @param $request - \OAuth2\RequestInterface
- * Request object to grant access token
- *
- * @param $response - \OAuth2\ResponseInterface
- * Response object containing error messages (failure) or access token (success)
- *
+ * @param RequestInterface $request - Request object to grant access token
+ * @param ResponseInterface $response - Response object containing error messages (failure) or access token (success)
* @return ResponseInterface
*
* @throws \InvalidArgumentException
@@ -303,6 +321,11 @@ class Server implements ResourceControllerInterface,
return $this->response;
}
+ /**
+ * @param RequestInterface $request - Request object to grant access token
+ * @param ResponseInterface $response - Response object
+ * @return mixed
+ */
public function grantAccessToken(RequestInterface $request, ResponseInterface $response = null)
{
$this->response = is_null($response) ? new Response() : $response;
@@ -336,25 +359,18 @@ class Server implements ResourceControllerInterface,
* authorization server should call this function to redirect the user
* appropriately.
*
- * @param $request
- * The request should have the follow parameters set in the querystring:
- * - response_type: The requested response: an access token, an
- * authorization code, or both.
+ * @param RequestInterface $request - The request should have the follow parameters set in the querystring:
+ * - response_type: The requested response: an access token, an authorization code, or both.
* - client_id: The client identifier as described in Section 2.
- * - redirect_uri: An absolute URI to which the authorization server
- * will redirect the user-agent to when the end-user authorization
- * step is completed.
- * - scope: (optional) The scope of the resource request expressed as a
- * list of space-delimited strings.
- * - state: (optional) An opaque value used by the client to maintain
- * state between the request and callback.
- * @param ResponseInterface $response
- * @param $is_authorized
- * TRUE or FALSE depending on whether the user authorized the access.
- * @param $user_id
- * Identifier of user who authorized the client
+ * - redirect_uri: An absolute URI to which the authorization server will redirect the user-agent to when the
+ * end-user authorization step is completed.
+ * - scope: (optional) The scope of the resource request expressed as a list of space-delimited strings.
+ * - state: (optional) An opaque value used by the client to maintain state between the request and callback.
*
- * @return Response
+ * @param ResponseInterface $response - Response object
+ * @param bool $is_authorized - TRUE or FALSE depending on whether the user authorized the access.
+ * @param mixed $user_id - Identifier of user who authorized the client
+ * @return ResponseInterface
*
* @see http://tools.ietf.org/html/rfc6749#section-4
*
@@ -371,14 +387,17 @@ class Server implements ResourceControllerInterface,
/**
* Pull the authorization request data out of the HTTP request.
* - The redirect_uri is OPTIONAL as per draft 20. But your implementation can enforce it
- * by setting $config['enforce_redirect'] to true.
+ * by setting $config['enforce_redirect'] to true.
* - The state is OPTIONAL but recommended to enforce CSRF. Draft 21 states, however, that
- * CSRF protection is MANDATORY. You can enforce this by setting the $config['enforce_state'] to true.
+ * CSRF protection is MANDATORY. You can enforce this by setting the $config['enforce_state'] to true.
*
* The draft specifies that the parameters should be retrieved from GET, override the Response
* object to change this
*
- * @return
+ * @param RequestInterface $request - Request object
+ * @param ResponseInterface $response - Response object
+ * @return bool
+ *
* The authorization parameters so the authorization server can prompt
* the user for approval if valid.
*
@@ -395,6 +414,12 @@ class Server implements ResourceControllerInterface,
return $value;
}
+ /**
+ * @param RequestInterface $request - Request object
+ * @param ResponseInterface $response - Response object
+ * @param string $scope - Scope
+ * @return mixed
+ */
public function verifyResourceRequest(RequestInterface $request, ResponseInterface $response = null, $scope = null)
{
$this->response = is_null($response) ? new Response() : $response;
@@ -403,6 +428,11 @@ class Server implements ResourceControllerInterface,
return $value;
}
+ /**
+ * @param RequestInterface $request - Request object
+ * @param ResponseInterface $response - Response object
+ * @return mixed
+ */
public function getAccessTokenData(RequestInterface $request, ResponseInterface $response = null)
{
$this->response = is_null($response) ? new Response() : $response;
@@ -411,10 +441,14 @@ class Server implements ResourceControllerInterface,
return $value;
}
+ /**
+ * @param GrantTypeInterface $grantType
+ * @param mixed $identifier
+ */
public function addGrantType(GrantTypeInterface $grantType, $identifier = null)
{
if (!is_string($identifier)) {
- $identifier = $grantType->getQuerystringIdentifier();
+ $identifier = $grantType->getQueryStringIdentifier();
}
$this->grantTypes[$identifier] = $grantType;
@@ -428,11 +462,10 @@ class Server implements ResourceControllerInterface,
/**
* Set a storage object for the server
*
- * @param $storage
- * An object implementing one of the Storage interfaces
- * @param $key
- * If null, the storage is set to the key of each storage interface it implements
+ * @param object $storage - An object implementing one of the Storage interfaces
+ * @param mixed $key - If null, the storage is set to the key of each storage interface it implements
*
+ * @throws InvalidArgumentException
* @see storageMap
*/
public function addStorage($storage, $key = null)
@@ -446,11 +479,11 @@ class Server implements ResourceControllerInterface,
// special logic to handle "client" and "client_credentials" strangeness
if ($key === 'client' && !isset($this->storages['client_credentials'])) {
- if ($storage instanceof \OAuth2\Storage\ClientCredentialsInterface) {
+ if ($storage instanceof ClientCredentialsInterface) {
$this->storages['client_credentials'] = $storage;
}
} elseif ($key === 'client_credentials' && !isset($this->storages['client'])) {
- if ($storage instanceof \OAuth2\Storage\ClientInterface) {
+ if ($storage instanceof ClientInterface) {
$this->storages['client'] = $storage;
}
}
@@ -471,6 +504,12 @@ class Server implements ResourceControllerInterface,
}
}
+ /**
+ * @param ResponseTypeInterface $responseType
+ * @param mixed $key
+ *
+ * @throws InvalidArgumentException
+ */
public function addResponseType(ResponseTypeInterface $responseType, $key = null)
{
$key = $this->normalizeResponseType($key);
@@ -497,6 +536,9 @@ class Server implements ResourceControllerInterface,
}
}
+ /**
+ * @return ScopeInterface
+ */
public function getScopeUtil()
{
if (!$this->scopeUtil) {
@@ -508,8 +550,6 @@ class Server implements ResourceControllerInterface,
}
/**
- * every getter deserves a setter
- *
* @param ScopeInterface $scopeUtil
*/
public function setScopeUtil($scopeUtil)
@@ -517,6 +557,10 @@ class Server implements ResourceControllerInterface,
$this->scopeUtil = $scopeUtil;
}
+ /**
+ * @return AuthorizeControllerInterface
+ * @throws LogicException
+ */
protected function createDefaultAuthorizeController()
{
if (!isset($this->storages['client'])) {
@@ -541,6 +585,10 @@ class Server implements ResourceControllerInterface,
return new AuthorizeController($this->storages['client'], $this->responseTypes, $config, $this->getScopeUtil());
}
+ /**
+ * @return TokenControllerInterface
+ * @throws LogicException
+ */
protected function createDefaultTokenController()
{
if (0 == count($this->grantTypes)) {
@@ -562,7 +610,7 @@ class Server implements ResourceControllerInterface,
}
if (!isset($this->storages['client'])) {
- throw new \LogicException('You must supply a storage object implementing OAuth2\Storage\ClientInterface to use the token server');
+ throw new LogicException("You must supply a storage object implementing OAuth2\Storage\ClientInterface to use the token server");
}
$accessTokenResponseType = $this->getAccessTokenResponseType();
@@ -570,6 +618,10 @@ class Server implements ResourceControllerInterface,
return new TokenController($accessTokenResponseType, $this->storages['client'], $this->grantTypes, $this->clientAssertionType, $this->getScopeUtil());
}
+ /**
+ * @return ResourceControllerInterface
+ * @throws LogicException
+ */
protected function createDefaultResourceController()
{
if ($this->config['use_jwt_access_tokens']) {
@@ -590,6 +642,10 @@ class Server implements ResourceControllerInterface,
return new ResourceController($this->tokenType, $this->storages['access_token'], $config, $this->getScopeUtil());
}
+ /**
+ * @return UserInfoControllerInterface
+ * @throws LogicException
+ */
protected function createDefaultUserInfoController()
{
if ($this->config['use_jwt_access_tokens']) {
@@ -614,6 +670,9 @@ class Server implements ResourceControllerInterface,
return new UserInfoController($this->tokenType, $this->storages['access_token'], $this->storages['user_claims'], $config, $this->getScopeUtil());
}
+ /**
+ * @return Bearer
+ */
protected function getDefaultTokenType()
{
$config = array_intersect_key($this->config, array_flip(explode(' ', 'token_param_name token_bearer_header_name')));
@@ -621,6 +680,10 @@ class Server implements ResourceControllerInterface,
return new Bearer($config);
}
+ /**
+ * @return array
+ * @throws LogicException
+ */
protected function getDefaultResponseTypes()
{
$responseTypes = array();
@@ -656,6 +719,10 @@ class Server implements ResourceControllerInterface,
return $responseTypes;
}
+ /**
+ * @return array
+ * @throws LogicException
+ */
protected function getDefaultGrantTypes()
{
$grantTypes = array();
@@ -692,6 +759,9 @@ class Server implements ResourceControllerInterface,
return $grantTypes;
}
+ /**
+ * @return AccessToken
+ */
protected function getAccessTokenResponseType()
{
if (isset($this->responseTypes['token'])) {
@@ -705,6 +775,9 @@ class Server implements ResourceControllerInterface,
return $this->createDefaultAccessTokenResponseType();
}
+ /**
+ * @return IdToken
+ */
protected function getIdTokenResponseType()
{
if (isset($this->responseTypes['id_token'])) {
@@ -714,6 +787,9 @@ class Server implements ResourceControllerInterface,
return $this->createDefaultIdTokenResponseType();
}
+ /**
+ * @return IdTokenToken
+ */
protected function getIdTokenTokenResponseType()
{
if (isset($this->responseTypes['id_token token'])) {
@@ -725,6 +801,9 @@ class Server implements ResourceControllerInterface,
/**
* For Resource Controller
+ *
+ * @return JwtAccessTokenStorage
+ * @throws LogicException
*/
protected function createDefaultJwtAccessTokenStorage()
{
@@ -741,6 +820,9 @@ class Server implements ResourceControllerInterface,
/**
* For Authorize and Token Controllers
+ *
+ * @return JwtAccessToken
+ * @throws LogicException
*/
protected function createDefaultJwtAccessTokenResponseType()
{
@@ -763,10 +845,14 @@ class Server implements ResourceControllerInterface,
return new JwtAccessToken($this->storages['public_key'], $tokenStorage, $refreshStorage, $config);
}
+ /**
+ * @return AccessToken
+ * @throws LogicException
+ */
protected function createDefaultAccessTokenResponseType()
{
if (!isset($this->storages['access_token'])) {
- throw new \LogicException('You must supply a response type implementing OAuth2\ResponseType\AccessTokenInterface, or a storage object implementing OAuth2\Storage\AccessTokenInterface to use the token server');
+ throw new LogicException("You must supply a response type implementing OAuth2\ResponseType\AccessTokenInterface, or a storage object implementing OAuth2\Storage\AccessTokenInterface to use the token server");
}
$refreshStorage = null;
@@ -780,13 +866,17 @@ class Server implements ResourceControllerInterface,
return new AccessToken($this->storages['access_token'], $refreshStorage, $config);
}
+ /**
+ * @return IdToken
+ * @throws LogicException
+ */
protected function createDefaultIdTokenResponseType()
{
if (!isset($this->storages['user_claims'])) {
- throw new \LogicException('You must supply a storage object implementing OAuth2\OpenID\Storage\UserClaimsInterface to use openid connect');
+ throw new LogicException("You must supply a storage object implementing OAuth2\OpenID\Storage\UserClaimsInterface to use openid connect");
}
if (!isset($this->storages['public_key'])) {
- throw new \LogicException('You must supply a storage object implementing OAuth2\Storage\PublicKeyInterface to use openid connect');
+ throw new LogicException("You must supply a storage object implementing OAuth2\Storage\PublicKeyInterface to use openid connect");
}
$config = array_intersect_key($this->config, array_flip(explode(' ', 'issuer id_lifetime')));
@@ -794,11 +884,17 @@ class Server implements ResourceControllerInterface,
return new IdToken($this->storages['user_claims'], $this->storages['public_key'], $config);
}
+ /**
+ * @return IdTokenToken
+ */
protected function createDefaultIdTokenTokenResponseType()
{
return new IdTokenToken($this->getAccessTokenResponseType(), $this->getIdTokenResponseType());
}
+ /**
+ * @throws InvalidArgumentException
+ */
protected function validateOpenIdConnect()
{
$authCodeGrant = $this->getGrantType('authorization_code');
@@ -807,6 +903,10 @@ class Server implements ResourceControllerInterface,
}
}
+ /**
+ * @param string $name
+ * @return string
+ */
protected function normalizeResponseType($name)
{
// for multiple-valued response types - make them alphabetical
@@ -819,36 +919,60 @@ class Server implements ResourceControllerInterface,
return $name;
}
+ /**
+ * @return mixed
+ */
public function getResponse()
{
return $this->response;
}
+ /**
+ * @return array
+ */
public function getStorages()
{
return $this->storages;
}
+ /**
+ * @param string $name
+ * @return object|null
+ */
public function getStorage($name)
{
return isset($this->storages[$name]) ? $this->storages[$name] : null;
}
+ /**
+ * @return array
+ */
public function getGrantTypes()
{
return $this->grantTypes;
}
+ /**
+ * @param string $name
+ * @return object|null
+ */
public function getGrantType($name)
{
return isset($this->grantTypes[$name]) ? $this->grantTypes[$name] : null;
}
+ /**
+ * @return array
+ */
public function getResponseTypes()
{
return $this->responseTypes;
}
+ /**
+ * @param string $name
+ * @return object|null
+ */
public function getResponseType($name)
{
// for multiple-valued response types - make them alphabetical
@@ -857,23 +981,38 @@ class Server implements ResourceControllerInterface,
return isset($this->responseTypes[$name]) ? $this->responseTypes[$name] : null;
}
+ /**
+ * @return TokenTypeInterface
+ */
public function getTokenType()
{
return $this->tokenType;
}
+ /**
+ * @return ClientAssertionTypeInterface
+ */
public function getClientAssertionType()
{
return $this->clientAssertionType;
}
+ /**
+ * @param string $name
+ * @param mixed $value
+ */
public function setConfig($name, $value)
{
$this->config[$name] = $value;
}
+ /**
+ * @param string $name
+ * @param mixed $default
+ * @return mixed
+ */
public function getConfig($name, $default = null)
{
return isset($this->config[$name]) ? $this->config[$name] : $default;
}
-}
+} \ No newline at end of file