aboutsummaryrefslogtreecommitdiffstats
path: root/vendor/bshaffer/oauth2-server-php
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2017-12-21 13:36:33 -0800
committerzotlabs <mike@macgirvin.com>2017-12-21 13:36:33 -0800
commite7143a265ac97b31a8e0ada85b876ba76c911a3d (patch)
treedfa42a02359701960f525d10a22e1ebca5b82873 /vendor/bshaffer/oauth2-server-php
parent684b572aa8005479f3eb219fc526c812c801ca76 (diff)
parent9c72963d7ce3c60709755edb5d40cb0b06b29cda (diff)
downloadvolse-hubzilla-e7143a265ac97b31a8e0ada85b876ba76c911a3d.tar.gz
volse-hubzilla-e7143a265ac97b31a8e0ada85b876ba76c911a3d.tar.bz2
volse-hubzilla-e7143a265ac97b31a8e0ada85b876ba76c911a3d.zip
Merge branch 'dev' of https://github.com/redmatrix/hubzilla into dev_merge
Diffstat (limited to 'vendor/bshaffer/oauth2-server-php')
-rw-r--r--vendor/bshaffer/oauth2-server-php/CHANGELOG.md20
-rw-r--r--vendor/bshaffer/oauth2-server-php/README.md2
-rw-r--r--vendor/bshaffer/oauth2-server-php/composer.json4
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/Autoloader.php12
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/ClientAssertionType/ClientAssertionTypeInterface.php13
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/ClientAssertionType/HttpBasic.php48
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/AuthorizeController.php139
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/AuthorizeControllerInterface.php37
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/ResourceController.php49
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/ResourceControllerInterface.php29
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/TokenController.php74
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/TokenControllerInterface.php27
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/Encryption/EncryptionInterface.php23
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/Encryption/Jwt.php58
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/AuthorizationCode.php48
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/ClientCredentials.php35
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/GrantTypeInterface.php41
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/JwtBearer.php47
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/RefreshToken.php63
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/UserCredentials.php46
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeController.php39
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeControllerInterface.php2
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/UserInfoController.php40
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/UserInfoControllerInterface.php21
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/GrantType/AuthorizationCode.php10
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/AuthorizationCode.php30
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/AuthorizationCodeInterface.php14
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/CodeIdToken.php16
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/IdToken.php58
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/IdTokenInterface.php13
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/IdTokenToken.php18
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Storage/AuthorizationCodeInterface.php14
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Storage/UserClaimsInterface.php9
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/Request.php70
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/RequestInterface.php23
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/Response.php134
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseInterface.php31
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AccessToken.php64
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AccessTokenInterface.php11
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AuthorizationCode.php5
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AuthorizationCodeInterface.php12
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/JwtAccessToken.php79
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/ResponseTypeInterface.php5
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/Scope.php40
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/ScopeInterface.php19
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/Server.php283
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/AccessTokenInterface.php33
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/AuthorizationCodeInterface.php12
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Cassandra.php230
-rw-r--r--[-rwxr-xr-x]vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/CouchbaseDB.php2
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/DynamoDB.php2
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/JwtAccessToken.php3
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Memory.php2
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Pdo.php318
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/PublicKeyInterface.php16
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/UserCredentialsInterface.php16
-rw-r--r--vendor/bshaffer/oauth2-server-php/test/OAuth2/AutoloadTest.php4
-rw-r--r--vendor/bshaffer/oauth2-server-php/test/OAuth2/Controller/AuthorizeControllerTest.php3
-rw-r--r--vendor/bshaffer/oauth2-server-php/test/OAuth2/Controller/ResourceControllerTest.php3
-rw-r--r--vendor/bshaffer/oauth2-server-php/test/OAuth2/Controller/TokenControllerTest.php45
-rw-r--r--vendor/bshaffer/oauth2-server-php/test/OAuth2/Encryption/FirebaseJwtTest.php3
-rw-r--r--vendor/bshaffer/oauth2-server-php/test/OAuth2/Encryption/JwtTest.php3
-rw-r--r--vendor/bshaffer/oauth2-server-php/test/OAuth2/GrantType/AuthorizationCodeTest.php3
-rw-r--r--vendor/bshaffer/oauth2-server-php/test/OAuth2/GrantType/ClientCredentialsTest.php3
-rw-r--r--vendor/bshaffer/oauth2-server-php/test/OAuth2/GrantType/ImplicitTest.php3
-rw-r--r--vendor/bshaffer/oauth2-server-php/test/OAuth2/GrantType/JwtBearerTest.php3
-rw-r--r--vendor/bshaffer/oauth2-server-php/test/OAuth2/GrantType/RefreshTokenTest.php3
-rw-r--r--vendor/bshaffer/oauth2-server-php/test/OAuth2/GrantType/UserCredentialsTest.php3
-rw-r--r--vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/Controller/AuthorizeControllerTest.php3
-rw-r--r--vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/Controller/UserInfoControllerTest.php3
-rw-r--r--vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/GrantType/AuthorizationCodeTest.php3
-rw-r--r--vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/ResponseType/CodeIdTokenTest.php3
-rw-r--r--vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/ResponseType/IdTokenTest.php3
-rw-r--r--vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/ResponseType/IdTokenTokenTest.php3
-rw-r--r--vendor/bshaffer/oauth2-server-php/test/OAuth2/RequestTest.php3
-rw-r--r--vendor/bshaffer/oauth2-server-php/test/OAuth2/ResponseTest.php4
-rw-r--r--vendor/bshaffer/oauth2-server-php/test/OAuth2/ResponseType/AccessTokenTest.php3
-rw-r--r--vendor/bshaffer/oauth2-server-php/test/OAuth2/ResponseType/JwtAccessTokenTest.php3
-rw-r--r--vendor/bshaffer/oauth2-server-php/test/OAuth2/ScopeTest.php3
-rw-r--r--vendor/bshaffer/oauth2-server-php/test/OAuth2/ServerTest.php3
-rw-r--r--vendor/bshaffer/oauth2-server-php/test/OAuth2/TokenType/BearerTest.php3
-rw-r--r--vendor/bshaffer/oauth2-server-php/test/lib/OAuth2/Request/TestRequest.php7
-rw-r--r--[-rwxr-xr-x]vendor/bshaffer/oauth2-server-php/test/lib/OAuth2/Storage/BaseTest.php4
-rw-r--r--[-rwxr-xr-x]vendor/bshaffer/oauth2-server-php/test/lib/OAuth2/Storage/Bootstrap.php0
84 files changed, 2085 insertions, 554 deletions
diff --git a/vendor/bshaffer/oauth2-server-php/CHANGELOG.md b/vendor/bshaffer/oauth2-server-php/CHANGELOG.md
index 4fddd72c9..7671b2396 100644
--- a/vendor/bshaffer/oauth2-server-php/CHANGELOG.md
+++ b/vendor/bshaffer/oauth2-server-php/CHANGELOG.md
@@ -8,6 +8,24 @@ To see the files changed for a given bug, go to https://github.com/bshaffer/oaut
To get the diff between two versions, go to https://github.com/bshaffer/oauth2-server-php/compare/v1.0...v1.1
To get the diff for a specific change, go to https://github.com/bshaffer/oauth2-server-php/commit/XXX where XXX is the change hash
+* 1.10.0 (2017-12-14)
+
+ PR: https://github.com/bshaffer/oauth2-server-php/pull/889
+
+ * #795 - [feature] added protected createPayload method to allow easier customization of JWT payload
+ * #807 - [refactor] simplifies UserInfoController constructor
+ * #814 - [docs] Adds https to README link
+ * #827 - [testing] Explicitly pulls in phpunit 4
+ * #828 - [docs] PHPDoc improvements and type hinting of variables.
+ * #829 - [bug] Fix CORS issue for revoking and requesting an access token
+ * #869 - [testing] Remove php 5.3 from travis and use vendored phpunit
+ * #834 - [feature] use random_bytes if available
+ * #851 - [docs] Fix PHPDoc
+ * #872 - [bug] Fix count() error on PHP 7.2
+ * #873 - [testing] adds php 7.2 to travis
+ * #794 - [docs] Fix typo in composer.json
+ * #885 - [testing] Use PHPUnit\Framework\TestCase instead of PHPUnit_Framework_TestCase
+
* 1.9.0 (2016-01-06)
PR: https://github.com/bshaffer/oauth2-server-php/pull/788
@@ -87,7 +105,7 @@ To get the diff for a specific change, go to https://github.com/bshaffer/oauth2-
* bug #346 Fixes open_basedir warning
* bug #351 Adds OpenID Connect support
* bug #355 Adds php 5.6 and HHVM to travis.ci testing
- * [BC] bug #358 Adds `getQuerystringIdentifier()` to the GrantType interface
+ * [BC] bug #358 Adds `getQueryStringIdentifier()` to the GrantType interface
* bug #363 Encryption\JWT - Allows for subclassing JWT Headers
* bug #349 Bearer Tokens - adds requestHasToken method for when access tokens are optional
* bug #301 Encryption\JWT - fixes urlSafeB64Encode(): ensures newlines are replaced as expected
diff --git a/vendor/bshaffer/oauth2-server-php/README.md b/vendor/bshaffer/oauth2-server-php/README.md
index 4ceda6cf9..f1788e9ce 100644
--- a/vendor/bshaffer/oauth2-server-php/README.md
+++ b/vendor/bshaffer/oauth2-server-php/README.md
@@ -5,4 +5,4 @@ oauth2-server-php
[![Total Downloads](https://poser.pugx.org/bshaffer/oauth2-server-php/downloads.png)](https://packagist.org/packages/bshaffer/oauth2-server-php)
-View the [complete documentation](http://bshaffer.github.io/oauth2-server-php-docs/) \ No newline at end of file
+View the [complete documentation](https://bshaffer.github.io/oauth2-server-php-docs/)
diff --git a/vendor/bshaffer/oauth2-server-php/composer.json b/vendor/bshaffer/oauth2-server-php/composer.json
index 561699f5e..272d20027 100644
--- a/vendor/bshaffer/oauth2-server-php/composer.json
+++ b/vendor/bshaffer/oauth2-server-php/composer.json
@@ -19,6 +19,7 @@
"php":">=5.3.9"
},
"require-dev": {
+ "phpunit/phpunit": "^4.0",
"aws/aws-sdk-php": "~2.8",
"firebase/php-jwt": "~2.2",
"predis/predis": "dev-master",
@@ -29,6 +30,7 @@
"predis/predis": "Required to use Redis storage",
"thobbs/phpcassa": "Required to use Cassandra storage",
"aws/aws-sdk-php": "~2.8 is required to use DynamoDB storage",
- "firebase/php-jwt": "~1.1 is required to use MondoDB storage"
+ "firebase/php-jwt": "~2.2 is required to use JWT features",
+ "mongodb/mongodb": "^1.1 is required to use MongoDB storage"
}
}
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Autoloader.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Autoloader.php
index ecfb6ba75..4ec08cbdd 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Autoloader.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Autoloader.php
@@ -10,8 +10,14 @@ namespace OAuth2;
*/
class Autoloader
{
+ /**
+ * @var string
+ */
private $dir;
+ /**
+ * @param string $dir
+ */
public function __construct($dir = null)
{
if (is_null($dir)) {
@@ -19,6 +25,7 @@ class Autoloader
}
$this->dir = $dir;
}
+
/**
* Registers OAuth2\Autoloader as an SPL autoloader.
*/
@@ -31,9 +38,8 @@ class Autoloader
/**
* Handles autoloading of classes.
*
- * @param string $class A class name.
- *
- * @return boolean Returns true if the class has been loaded
+ * @param string $class - A class name.
+ * @return boolean - Returns true if the class has been loaded
*/
public function autoload($class)
{
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/ClientAssertionType/ClientAssertionTypeInterface.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/ClientAssertionType/ClientAssertionTypeInterface.php
index 29c7171b5..6a167da90 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/ClientAssertionType/ClientAssertionTypeInterface.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/ClientAssertionType/ClientAssertionTypeInterface.php
@@ -10,6 +10,19 @@ use OAuth2\ResponseInterface;
*/
interface ClientAssertionTypeInterface
{
+ /**
+ * Validate the OAuth request
+ *
+ * @param RequestInterface $request
+ * @param ResponseInterface $response
+ * @return mixed
+ */
public function validateRequest(RequestInterface $request, ResponseInterface $response);
+
+ /**
+ * Get the client id
+ *
+ * @return mixed
+ */
public function getClientId();
}
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/ClientAssertionType/HttpBasic.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/ClientAssertionType/HttpBasic.php
index 0ecb7e18d..ef6120300 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/ClientAssertionType/HttpBasic.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/ClientAssertionType/HttpBasic.php
@@ -5,6 +5,7 @@ namespace OAuth2\ClientAssertionType;
use OAuth2\Storage\ClientCredentialsInterface;
use OAuth2\RequestInterface;
use OAuth2\ResponseInterface;
+use LogicException;
/**
* Validate a client via Http Basic authentication
@@ -19,14 +20,16 @@ class HttpBasic implements ClientAssertionTypeInterface
protected $config;
/**
- * @param OAuth2\Storage\ClientCredentialsInterface $clientStorage REQUIRED Storage class for retrieving client credentials information
- * @param array $config OPTIONAL Configuration options for the server
- * <code>
- * $config = array(
- * 'allow_credentials_in_request_body' => true, // whether to look for credentials in the POST body in addition to the Authorize HTTP Header
- * 'allow_public_clients' => true // if true, "public clients" (clients without a secret) may be authenticated
- * );
- * </code>
+ * Config array $config should look as follows:
+ * @code
+ * $config = array(
+ * 'allow_credentials_in_request_body' => true, // whether to look for credentials in the POST body in addition to the Authorize HTTP Header
+ * 'allow_public_clients' => true // if true, "public clients" (clients without a secret) may be authenticated
+ * );
+ * @endcode
+ *
+ * @param ClientCredentialsInterface $storage Storage
+ * @param array $config Configuration options for the server
*/
public function __construct(ClientCredentialsInterface $storage, array $config = array())
{
@@ -37,6 +40,14 @@ class HttpBasic implements ClientAssertionTypeInterface
), $config);
}
+ /**
+ * Validate the OAuth request
+ *
+ * @param RequestInterface $request
+ * @param ResponseInterface $response
+ * @return bool|mixed
+ * @throws LogicException
+ */
public function validateRequest(RequestInterface $request, ResponseInterface $response)
{
if (!$clientData = $this->getClientCredentials($request, $response)) {
@@ -44,7 +55,7 @@ class HttpBasic implements ClientAssertionTypeInterface
}
if (!isset($clientData['client_id'])) {
- throw new \LogicException('the clientData array must have "client_id" set');
+ throw new LogicException('the clientData array must have "client_id" set');
}
if (!isset($clientData['client_secret']) || $clientData['client_secret'] == '') {
@@ -70,6 +81,11 @@ class HttpBasic implements ClientAssertionTypeInterface
return true;
}
+ /**
+ * Get the client id
+ *
+ * @return mixed
+ */
public function getClientId()
{
return $this->clientData['client_id'];
@@ -82,13 +98,14 @@ class HttpBasic implements ClientAssertionTypeInterface
* According to the spec (draft 20), the client_id can be provided in
* the Basic Authorization header (recommended) or via GET/POST.
*
- * @return
- * A list containing the client identifier and password, for example
+ * @param RequestInterface $request
+ * @param ResponseInterface $response
+ * @return array|null A list containing the client identifier and password, for example:
* @code
- * return array(
- * "client_id" => CLIENT_ID, // REQUIRED the client id
- * "client_secret" => CLIENT_SECRET, // OPTIONAL the client secret (may be omitted for public clients)
- * );
+ * return array(
+ * "client_id" => CLIENT_ID, // REQUIRED the client id
+ * "client_secret" => CLIENT_SECRET, // OPTIONAL the client secret (may be omitted for public clients)
+ * );
* @endcode
*
* @see http://tools.ietf.org/html/rfc6749#section-2.3.1
@@ -108,7 +125,6 @@ class HttpBasic implements ClientAssertionTypeInterface
* client_secret can be null if the client's password is an empty string
* @see http://tools.ietf.org/html/rfc6749#section-2.3.1
*/
-
return array('client_id' => $request->request('client_id'), 'client_secret' => $request->request('client_secret'));
}
}
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/AuthorizeController.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/AuthorizeController.php
index ea7f54a87..4bafb1d24 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/AuthorizeController.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/AuthorizeController.php
@@ -7,37 +7,76 @@ use OAuth2\ScopeInterface;
use OAuth2\RequestInterface;
use OAuth2\ResponseInterface;
use OAuth2\Scope;
+use InvalidArgumentException;
/**
- * @see OAuth2\Controller\AuthorizeControllerInterface
+ * @see AuthorizeControllerInterface
*/
class AuthorizeController implements AuthorizeControllerInterface
{
+ /**
+ * @var string
+ */
private $scope;
+
+ /**
+ * @var int
+ */
private $state;
+
+ /**
+ * @var mixed
+ */
private $client_id;
+
+ /**
+ * @var string
+ */
private $redirect_uri;
+
+ /**
+ * The response type
+ *
+ * @var string
+ */
private $response_type;
+ /**
+ * @var ClientInterface
+ */
protected $clientStorage;
+
+ /**
+ * @var array
+ */
protected $responseTypes;
+
+ /**
+ * @var array
+ */
protected $config;
+
+ /**
+ * @var ScopeInterface
+ */
protected $scopeUtil;
/**
- * @param OAuth2\Storage\ClientInterface $clientStorage REQUIRED Instance of OAuth2\Storage\ClientInterface to retrieve client information
- * @param array $responseTypes OPTIONAL Array of OAuth2\ResponseType\ResponseTypeInterface objects. Valid array
- * keys are "code" and "token"
- * @param array $config OPTIONAL Configuration options for the server
- * <code>
- * $config = array(
- * 'allow_implicit' => false, // if the controller should allow the "implicit" grant type
- * 'enforce_state' => true // if the controller should require the "state" parameter
- * 'require_exact_redirect_uri' => true, // if the controller should require an exact match on the "redirect_uri" parameter
- * 'redirect_status_code' => 302, // HTTP status code to use for redirect responses
- * );
- * </code>
- * @param OAuth2\ScopeInterface $scopeUtil OPTIONAL Instance of OAuth2\ScopeInterface to validate the requested scope
+ * Constructor
+ *
+ * @param ClientInterface $clientStorage REQUIRED Instance of OAuth2\Storage\ClientInterface to retrieve client information
+ * @param array $responseTypes OPTIONAL Array of OAuth2\ResponseType\ResponseTypeInterface objects. Valid array
+ * keys are "code" and "token"
+ * @param array $config OPTIONAL Configuration options for the server:
+ * @param ScopeInterface $scopeUtil OPTIONAL Instance of OAuth2\ScopeInterface to validate the requested scope
+ * @code
+ * $config = array(
+ * 'allow_implicit' => false, // if the controller should allow the "implicit" grant type
+ * 'enforce_state' => true // if the controller should require the "state" parameter
+ * 'require_exact_redirect_uri' => true, // if the controller should require an exact match on the "redirect_uri" parameter
+ * 'redirect_status_code' => 302, // HTTP status code to use for redirect responses
+ * );
+ * @endcode
*/
public function __construct(ClientInterface $clientStorage, array $responseTypes = array(), array $config = array(), ScopeInterface $scopeUtil = null)
{
@@ -56,10 +95,20 @@ class AuthorizeController implements AuthorizeControllerInterface
$this->scopeUtil = $scopeUtil;
}
+ /**
+ * Handle the authorization request
+ *
+ * @param RequestInterface $request
+ * @param ResponseInterface $response
+ * @param boolean $is_authorized
+ * @param mixed $user_id
+ * @return mixed|void
+ * @throws InvalidArgumentException
+ */
public function handleAuthorizeRequest(RequestInterface $request, ResponseInterface $response, $is_authorized, $user_id = null)
{
if (!is_bool($is_authorized)) {
- throw new \InvalidArgumentException('Argument "is_authorized" must be a boolean. This method must know if the user has granted access to the client.');
+ throw new InvalidArgumentException('Argument "is_authorized" must be a boolean. This method must know if the user has granted access to the client.');
}
// We repeat this, because we need to re-validate. The request could be POSTed
@@ -101,6 +150,14 @@ class AuthorizeController implements AuthorizeControllerInterface
$response->setRedirect($this->config['redirect_status_code'], $uri);
}
+ /**
+ * Set not authorized response
+ *
+ * @param RequestInterface $request
+ * @param ResponseInterface $response
+ * @param string $redirect_uri
+ * @param mixed $user_id
+ */
protected function setNotAuthorizedResponse(RequestInterface $request, ResponseInterface $response, $redirect_uri, $user_id = null)
{
$error = 'access_denied';
@@ -108,9 +165,16 @@ class AuthorizeController implements AuthorizeControllerInterface
$response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $this->state, $error, $error_message);
}
- /*
+ /**
* We have made this protected so this class can be extended to add/modify
* these parameters
+ *
+ * @TODO: add dependency injection for the parameters in this method
+ *
+ * @param RequestInterface $request
+ * @param ResponseInterface $response
+ * @param mixed $user_id
+ * @return array
*/
protected function buildAuthorizeParameters($request, $response, $user_id)
{
@@ -127,6 +191,8 @@ class AuthorizeController implements AuthorizeControllerInterface
}
/**
+ * Validate the OAuth request
+ *
* @param RequestInterface $request
* @param ResponseInterface $response
* @return bool
@@ -186,7 +252,7 @@ class AuthorizeController implements AuthorizeControllerInterface
$redirect_uri = $registered_redirect_uri;
}
- // Select the redirect URI
+ // Select the response type
$response_type = $request->query('response_type', $request->request('response_type'));
// for multiple-valued response types - make them alphabetical
@@ -281,10 +347,10 @@ class AuthorizeController implements AuthorizeControllerInterface
/**
* Build the absolute URI based on supplied URI and parameters.
*
- * @param $uri An absolute URI.
- * @param $params Parameters to be append as GET.
+ * @param string $uri An absolute URI.
+ * @param array $params Parameters to be append as GET.
*
- * @return
+ * @return string
* An absolute URI with supplied parameters.
*
* @ingroup oauth2_section_4
@@ -302,9 +368,9 @@ class AuthorizeController implements AuthorizeControllerInterface
}
}
- // Put humpty dumpty back together
+ // Put the uri back together
return
- ((isset($parse_url["scheme"])) ? $parse_url["scheme"] . "://" : "")
+ ((isset($parse_url["scheme"])) ? $parse_url["scheme"] . "://" : "")
. ((isset($parse_url["user"])) ? $parse_url["user"]
. ((isset($parse_url["pass"])) ? ":" . $parse_url["pass"] : "") . "@" : "")
. ((isset($parse_url["host"])) ? $parse_url["host"] : "")
@@ -326,10 +392,10 @@ class AuthorizeController implements AuthorizeControllerInterface
/**
* Internal method for validating redirect URI supplied
*
- * @param string $inputUri The submitted URI to be validated
+ * @param string $inputUri The submitted URI to be validated
* @param string $registeredUriString The allowed URI(s) to validate against. Can be a space-delimited string of URIs to
* allow for multiple URIs
- *
+ * @return bool
* @see http://tools.ietf.org/html/rfc6749#section-3.1.2
*/
protected function validateRedirectUri($inputUri, $registeredUriString)
@@ -363,29 +429,50 @@ class AuthorizeController implements AuthorizeControllerInterface
}
/**
- * Convenience methods to access the parameters derived from the validated request
+ * Convenience method to access the scope
+ *
+ * @return string
*/
-
public function getScope()
{
return $this->scope;
}
+ /**
+ * Convenience method to access the state
+ *
+ * @return int
+ */
public function getState()
{
return $this->state;
}
+ /**
+ * Convenience method to access the client id
+ *
+ * @return mixed
+ */
public function getClientId()
{
return $this->client_id;
}
+ /**
+ * Convenience method to access the redirect url
+ *
+ * @return string
+ */
public function getRedirectUri()
{
return $this->redirect_uri;
}
+ /**
+ * Convenience method to access the response type
+ *
+ * @return string
+ */
public function getResponseType()
{
return $this->response_type;
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/AuthorizeControllerInterface.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/AuthorizeControllerInterface.php
index fa07ae8d2..f758f976a 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/AuthorizeControllerInterface.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/AuthorizeControllerInterface.php
@@ -11,17 +11,18 @@ use OAuth2\ResponseInterface;
* authorization directly, this controller ensures the request is valid, but
* requires the application to determine the value of $is_authorized
*
- * ex:
- * > $user_id = $this->somehowDetermineUserId();
- * > $is_authorized = $this->somehowDetermineUserAuthorization();
- * > $response = new OAuth2\Response();
- * > $authorizeController->handleAuthorizeRequest(
- * > OAuth2\Request::createFromGlobals(),
- * > $response,
- * > $is_authorized,
- * > $user_id);
- * > $response->send();
- *
+ * @code
+ * $user_id = $this->somehowDetermineUserId();
+ * $is_authorized = $this->somehowDetermineUserAuthorization();
+ * $response = new OAuth2\Response();
+ * $authorizeController->handleAuthorizeRequest(
+ * OAuth2\Request::createFromGlobals(),
+ * $response,
+ * $is_authorized,
+ * $user_id
+ * );
+ * $response->send();
+ * @endcode
*/
interface AuthorizeControllerInterface
{
@@ -37,7 +38,21 @@ interface AuthorizeControllerInterface
const RESPONSE_TYPE_AUTHORIZATION_CODE = 'code';
const RESPONSE_TYPE_ACCESS_TOKEN = 'token';
+ /**
+ * Handle the OAuth request
+ *
+ * @param RequestInterface $request
+ * @param ResponseInterface $response
+ * @param $is_authorized
+ * @param null $user_id
+ * @return mixed
+ */
public function handleAuthorizeRequest(RequestInterface $request, ResponseInterface $response, $is_authorized, $user_id = null);
+ /**
+ * @param RequestInterface $request
+ * @param ResponseInterface $response
+ * @return bool
+ */
public function validateAuthorizeRequest(RequestInterface $request, ResponseInterface $response);
}
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/ResourceController.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/ResourceController.php
index 3cfaaaf12..926f90fda 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/ResourceController.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/ResourceController.php
@@ -10,17 +10,43 @@ use OAuth2\ResponseInterface;
use OAuth2\Scope;
/**
- * @see OAuth2\Controller\ResourceControllerInterface
+ * @see ResourceControllerInterface
*/
class ResourceController implements ResourceControllerInterface
{
+ /**
+ * @var array
+ */
private $token;
+ /**
+ * @var TokenTypeInterface
+ */
protected $tokenType;
+
+ /**
+ * @var AccessTokenInterface
+ */
protected $tokenStorage;
+
+ /**
+ * @var array
+ */
protected $config;
+
+ /**
+ * @var ScopeInterface
+ */
protected $scopeUtil;
+ /**
+ * Constructor
+ *
+ * @param TokenTypeInterface $tokenType
+ * @param AccessTokenInterface $tokenStorage
+ * @param array $config
+ * @param ScopeInterface $scopeUtil
+ */
public function __construct(TokenTypeInterface $tokenType, AccessTokenInterface $tokenStorage, $config = array(), ScopeInterface $scopeUtil = null)
{
$this->tokenType = $tokenType;
@@ -36,6 +62,14 @@ class ResourceController implements ResourceControllerInterface
$this->scopeUtil = $scopeUtil;
}
+ /**
+ * Verify the resource request
+ *
+ * @param RequestInterface $request
+ * @param ResponseInterface $response
+ * @param null $scope
+ * @return bool
+ */
public function verifyResourceRequest(RequestInterface $request, ResponseInterface $response, $scope = null)
{
$token = $this->getAccessTokenData($request, $response);
@@ -71,6 +105,13 @@ class ResourceController implements ResourceControllerInterface
return (bool) $token;
}
+ /**
+ * Get access token data.
+ *
+ * @param RequestInterface $request
+ * @param ResponseInterface $response
+ * @return array|null
+ */
public function getAccessTokenData(RequestInterface $request, ResponseInterface $response)
{
// Get the token parameter
@@ -103,7 +144,11 @@ class ResourceController implements ResourceControllerInterface
return null;
}
- // convenience method to allow retrieval of the token
+ /**
+ * convenience method to allow retrieval of the token.
+ *
+ * @return array
+ */
public function getToken()
{
return $this->token;
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/ResourceControllerInterface.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/ResourceControllerInterface.php
index 611421935..0e847ca61 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/ResourceControllerInterface.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/ResourceControllerInterface.php
@@ -10,17 +10,32 @@ use OAuth2\ResponseInterface;
* call verifyResourceRequest in order to determine if the request
* contains a valid token.
*
- * ex:
- * > if (!$resourceController->verifyResourceRequest(OAuth2\Request::createFromGlobals(), $response = new OAuth2\Response())) {
- * > $response->send(); // authorization failed
- * > die();
- * > }
- * > return json_encode($resource); // valid token! Send the stuff!
- *
+ * @code
+ * if (!$resourceController->verifyResourceRequest(OAuth2\Request::createFromGlobals(), $response = new OAuth2\Response())) {
+ * $response->send(); // authorization failed
+ * die();
+ * }
+ * return json_encode($resource); // valid token! Send the stuff!
+ * @endcode
*/
interface ResourceControllerInterface
{
+ /**
+ * Verify the resource request
+ *
+ * @param RequestInterface $request - Request object
+ * @param ResponseInterface $response - Response object
+ * @param string $scope
+ * @return mixed
+ */
public function verifyResourceRequest(RequestInterface $request, ResponseInterface $response, $scope = null);
+ /**
+ * Get access token data.
+ *
+ * @param RequestInterface $request - Request object
+ * @param ResponseInterface $response - Response object
+ * @return mixed
+ */
public function getAccessTokenData(RequestInterface $request, ResponseInterface $response);
}
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/TokenController.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/TokenController.php
index 5d2d731fe..7fdaf85a6 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/TokenController.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/TokenController.php
@@ -10,9 +10,12 @@ use OAuth2\Scope;
use OAuth2\Storage\ClientInterface;
use OAuth2\RequestInterface;
use OAuth2\ResponseInterface;
+use InvalidArgumentException;
+use LogicException;
+use RuntimeException;
/**
- * @see \OAuth2\Controller\TokenControllerInterface
+ * @see TokenControllerInterface
*/
class TokenController implements TokenControllerInterface
{
@@ -22,7 +25,7 @@ class TokenController implements TokenControllerInterface
protected $accessToken;
/**
- * @var array
+ * @var array<GrantTypeInterface>
*/
protected $grantTypes;
@@ -32,7 +35,7 @@ class TokenController implements TokenControllerInterface
protected $clientAssertionType;
/**
- * @var Scope|ScopeInterface
+ * @var ScopeInterface
*/
protected $scopeUtil;
@@ -41,12 +44,22 @@ class TokenController implements TokenControllerInterface
*/
protected $clientStorage;
+ /**
+ * Constructor
+ *
+ * @param AccessTokenInterface $accessToken
+ * @param ClientInterface $clientStorage
+ * @param array $grantTypes
+ * @param ClientAssertionTypeInterface $clientAssertionType
+ * @param ScopeInterface $scopeUtil
+ * @throws InvalidArgumentException
+ */
public function __construct(AccessTokenInterface $accessToken, ClientInterface $clientStorage, array $grantTypes = array(), ClientAssertionTypeInterface $clientAssertionType = null, ScopeInterface $scopeUtil = null)
{
if (is_null($clientAssertionType)) {
foreach ($grantTypes as $grantType) {
if (!$grantType instanceof ClientAssertionTypeInterface) {
- throw new \InvalidArgumentException('You must supply an instance of OAuth2\ClientAssertionType\ClientAssertionTypeInterface or only use grant types which implement OAuth2\ClientAssertionType\ClientAssertionTypeInterface');
+ throw new InvalidArgumentException('You must supply an instance of OAuth2\ClientAssertionType\ClientAssertionTypeInterface or only use grant types which implement OAuth2\ClientAssertionType\ClientAssertionTypeInterface');
}
}
}
@@ -63,6 +76,12 @@ class TokenController implements TokenControllerInterface
$this->scopeUtil = $scopeUtil;
}
+ /**
+ * Handle the token request.
+ *
+ * @param RequestInterface $request - Request object to grant access token
+ * @param ResponseInterface $response - Response object
+ */
public function handleTokenRequest(RequestInterface $request, ResponseInterface $response)
{
if ($token = $this->grantAccessToken($request, $response)) {
@@ -83,8 +102,10 @@ class TokenController implements TokenControllerInterface
* This would be called from the "/token" endpoint as defined in the spec.
* You can call your endpoint whatever you want.
*
- * @param RequestInterface $request Request object to grant access token
- * @param ResponseInterface $response
+ * @param RequestInterface $request - Request object to grant access token
+ * @param ResponseInterface $response - Response object
+ *
+ * @return bool|null|array
*
* @throws \InvalidArgumentException
* @throws \LogicException
@@ -97,9 +118,15 @@ class TokenController implements TokenControllerInterface
*/
public function grantAccessToken(RequestInterface $request, ResponseInterface $response)
{
- if (strtolower($request->server('REQUEST_METHOD')) != 'post') {
+ if (strtolower($request->server('REQUEST_METHOD')) === 'options') {
+ $response->addHttpHeaders(array('Allow' => 'POST, OPTIONS'));
+
+ return null;
+ }
+
+ if (strtolower($request->server('REQUEST_METHOD')) !== 'post') {
$response->setError(405, 'invalid_request', 'The request method must be POST when requesting an access token', '#section-3.2');
- $response->addHttpHeaders(array('Allow' => 'POST'));
+ $response->addHttpHeaders(array('Allow' => 'POST, OPTIONS'));
return null;
}
@@ -121,6 +148,7 @@ class TokenController implements TokenControllerInterface
return null;
}
+ /** @var GrantTypeInterface $grantType */
$grantType = $this->grantTypes[$grantTypeIdentifier];
/**
@@ -128,8 +156,8 @@ class TokenController implements TokenControllerInterface
* ClientAssertionTypes allow for grant types which also assert the client data
* in which case ClientAssertion is handled in the validateRequest method
*
- * @see OAuth2\GrantType\JWTBearer
- * @see OAuth2\GrantType\ClientCredentials
+ * @see \OAuth2\GrantType\JWTBearer
+ * @see \OAuth2\GrantType\ClientCredentials
*/
if (!$grantType instanceof ClientAssertionTypeInterface) {
if (!$this->clientAssertionType->validateRequest($request, $response)) {
@@ -178,7 +206,6 @@ class TokenController implements TokenControllerInterface
*
* @see http://tools.ietf.org/html/rfc6749#section-3.3
*/
-
$requestedScope = $this->scopeUtil->getScopeFromRequest($request);
$availableScope = $grantType->getScope();
@@ -225,20 +252,24 @@ class TokenController implements TokenControllerInterface
}
/**
- * addGrantType
+ * Add grant type
*
- * @param GrantTypeInterface $grantType the grant type to add for the specified identifier
- * @param string $identifier a string passed in as "grant_type" in the response that will call this grantType
+ * @param GrantTypeInterface $grantType - the grant type to add for the specified identifier
+ * @param string|null $identifier - a string passed in as "grant_type" in the response that will call this grantType
*/
public function addGrantType(GrantTypeInterface $grantType, $identifier = null)
{
if (is_null($identifier) || is_numeric($identifier)) {
- $identifier = $grantType->getQuerystringIdentifier();
+ $identifier = $grantType->getQueryStringIdentifier();
}
$this->grantTypes[$identifier] = $grantType;
}
+ /**
+ * @param RequestInterface $request
+ * @param ResponseInterface $response
+ */
public function handleRevokeRequest(RequestInterface $request, ResponseInterface $response)
{
if ($this->revokeToken($request, $response)) {
@@ -257,13 +288,20 @@ class TokenController implements TokenControllerInterface
*
* @param RequestInterface $request
* @param ResponseInterface $response
+ * @throws RuntimeException
* @return bool|null
*/
public function revokeToken(RequestInterface $request, ResponseInterface $response)
{
- if (strtolower($request->server('REQUEST_METHOD')) != 'post') {
+ if (strtolower($request->server('REQUEST_METHOD')) === 'options') {
+ $response->addHttpHeaders(array('Allow' => 'POST, OPTIONS'));
+
+ return null;
+ }
+
+ if (strtolower($request->server('REQUEST_METHOD')) !== 'post') {
$response->setError(405, 'invalid_request', 'The request method must be POST when revoking an access token', '#section-3.2');
- $response->addHttpHeaders(array('Allow' => 'POST'));
+ $response->addHttpHeaders(array('Allow' => 'POST, OPTIONS'));
return null;
}
@@ -285,7 +323,7 @@ class TokenController implements TokenControllerInterface
// @todo remove this check for v2.0
if (!method_exists($this->accessToken, 'revokeToken')) {
$class = get_class($this->accessToken);
- throw new \RuntimeException("AccessToken {$class} does not implement required revokeToken method");
+ throw new RuntimeException("AccessToken {$class} does not implement required revokeToken method");
}
$this->accessToken->revokeToken($token, $token_type_hint);
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/TokenControllerInterface.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/TokenControllerInterface.php
index 72d72570f..2f83ce4bd 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/TokenControllerInterface.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/TokenControllerInterface.php
@@ -10,23 +10,30 @@ use OAuth2\ResponseInterface;
* it is called to handle all grant types the application supports.
* It also validates the client's credentials
*
- * ex:
- * > $tokenController->handleTokenRequest(OAuth2\Request::createFromGlobals(), $response = new OAuth2\Response());
- * > $response->send();
- *
+ * @code
+ * $tokenController->handleTokenRequest(OAuth2\Request::createFromGlobals(), $response = new OAuth2\Response());
+ * $response->send();
+ * @endcode
*/
interface TokenControllerInterface
{
/**
- * handleTokenRequest
- *
- * @param $request
- * OAuth2\RequestInterface - The current http request
- * @param $response
- * OAuth2\ResponseInterface - An instance of OAuth2\ResponseInterface to contain the response data
+ * Handle the token request
*
+ * @param RequestInterface $request - The current http request
+ * @param ResponseInterface $response - An instance of OAuth2\ResponseInterface to contain the response data
*/
public function handleTokenRequest(RequestInterface $request, ResponseInterface $response);
+ /**
+ * Grant or deny a requested access token.
+ * This would be called from the "/token" endpoint as defined in the spec.
+ * You can call your endpoint whatever you want.
+ *
+ * @param RequestInterface $request - Request object to grant access token
+ * @param ResponseInterface $response - Response object
+ *
+ * @return mixed
+ */
public function grantAccessToken(RequestInterface $request, ResponseInterface $response);
}
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Encryption/EncryptionInterface.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Encryption/EncryptionInterface.php
index 2d336c664..8dc720a43 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Encryption/EncryptionInterface.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Encryption/EncryptionInterface.php
@@ -4,8 +4,31 @@ namespace OAuth2\Encryption;
interface EncryptionInterface
{
+ /**
+ * @param $payload
+ * @param $key
+ * @param null $algorithm
+ * @return mixed
+ */
public function encode($payload, $key, $algorithm = null);
+
+ /**
+ * @param $payload
+ * @param $key
+ * @param null $algorithm
+ * @return mixed
+ */
public function decode($payload, $key, $algorithm = null);
+
+ /**
+ * @param $data
+ * @return mixed
+ */
public function urlSafeB64Encode($data);
+
+ /**
+ * @param $b64
+ * @return mixed
+ */
public function urlSafeB64Decode($b64);
}
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Encryption/Jwt.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Encryption/Jwt.php
index ee576e643..c258b8fc3 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Encryption/Jwt.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Encryption/Jwt.php
@@ -2,12 +2,21 @@
namespace OAuth2\Encryption;
+use Exception;
+use InvalidArgumentException;
+
/**
* @link https://github.com/F21/jwt
* @author F21
*/
class Jwt implements EncryptionInterface
{
+ /**
+ * @param $payload
+ * @param $key
+ * @param string $algo
+ * @return string
+ */
public function encode($payload, $key, $algo = 'HS256')
{
$header = $this->generateJwtHeader($payload, $algo);
@@ -25,6 +34,12 @@ class Jwt implements EncryptionInterface
return implode('.', $segments);
}
+ /**
+ * @param string $jwt
+ * @param null $key
+ * @param array|bool $allowedAlgorithms
+ * @return bool|mixed
+ */
public function decode($jwt, $key = null, $allowedAlgorithms = true)
{
if (!strpos($jwt, '.')) {
@@ -67,6 +82,14 @@ class Jwt implements EncryptionInterface
return $payload;
}
+ /**
+ * @param $signature
+ * @param $input
+ * @param $key
+ * @param string $algo
+ * @return bool
+ * @throws InvalidArgumentException
+ */
private function verifySignature($signature, $input, $key, $algo = 'HS256')
{
// use constants when possible, for HipHop support
@@ -89,10 +112,17 @@ class Jwt implements EncryptionInterface
return @openssl_verify($input, $signature, $key, defined('OPENSSL_ALGO_SHA512') ? OPENSSL_ALGO_SHA512 : 'sha512') === 1;
default:
- throw new \InvalidArgumentException("Unsupported or invalid signing algorithm.");
+ throw new InvalidArgumentException("Unsupported or invalid signing algorithm.");
}
}
+ /**
+ * @param $input
+ * @param $key
+ * @param string $algo
+ * @return string
+ * @throws Exception
+ */
private function sign($input, $key, $algo = 'HS256')
{
switch ($algo) {
@@ -115,19 +145,30 @@ class Jwt implements EncryptionInterface
return $this->generateRSASignature($input, $key, defined('OPENSSL_ALGO_SHA512') ? OPENSSL_ALGO_SHA512 : 'sha512');
default:
- throw new \Exception("Unsupported or invalid signing algorithm.");
+ throw new Exception("Unsupported or invalid signing algorithm.");
}
}
+ /**
+ * @param $input
+ * @param $key
+ * @param string $algo
+ * @return mixed
+ * @throws Exception
+ */
private function generateRSASignature($input, $key, $algo)
{
if (!openssl_sign($input, $signature, $key, $algo)) {
- throw new \Exception("Unable to sign data.");
+ throw new Exception("Unable to sign data.");
}
return $signature;
}
+ /**
+ * @param string $data
+ * @return string
+ */
public function urlSafeB64Encode($data)
{
$b64 = base64_encode($data);
@@ -138,6 +179,10 @@ class Jwt implements EncryptionInterface
return $b64;
}
+ /**
+ * @param string $b64
+ * @return mixed|string
+ */
public function urlSafeB64Decode($b64)
{
$b64 = str_replace(array('-', '_'),
@@ -158,6 +203,11 @@ class Jwt implements EncryptionInterface
);
}
+ /**
+ * @param string $a
+ * @param string $b
+ * @return bool
+ */
protected function hash_equals($a, $b)
{
if (function_exists('hash_equals')) {
@@ -170,4 +220,4 @@ class Jwt implements EncryptionInterface
return $diff === 0;
}
-}
+} \ No newline at end of file
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/AuthorizationCode.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/AuthorizationCode.php
index cae9f787d..784f6b3a3 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/AuthorizationCode.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/AuthorizationCode.php
@@ -6,29 +6,47 @@ use OAuth2\Storage\AuthorizationCodeInterface;
use OAuth2\ResponseType\AccessTokenInterface;
use OAuth2\RequestInterface;
use OAuth2\ResponseInterface;
+use Exception;
/**
- *
* @author Brent Shaffer <bshafs at gmail dot com>
*/
class AuthorizationCode implements GrantTypeInterface
{
+ /**
+ * @var AuthorizationCodeInterface
+ */
protected $storage;
+
+ /**
+ * @var array
+ */
protected $authCode;
/**
- * @param \OAuth2\Storage\AuthorizationCodeInterface $storage REQUIRED Storage class for retrieving authorization code information
+ * @param AuthorizationCodeInterface $storage - REQUIRED Storage class for retrieving authorization code information
*/
public function __construct(AuthorizationCodeInterface $storage)
{
$this->storage = $storage;
}
- public function getQuerystringIdentifier()
+ /**
+ * @return string
+ */
+ public function getQueryStringIdentifier()
{
return 'authorization_code';
}
+ /**
+ * Validate the OAuth request
+ *
+ * @param RequestInterface $request
+ * @param ResponseInterface $response
+ * @return bool
+ * @throws Exception
+ */
public function validateRequest(RequestInterface $request, ResponseInterface $response)
{
if (!$request->request('code')) {
@@ -75,21 +93,45 @@ class AuthorizationCode implements GrantTypeInterface
return true;
}
+ /**
+ * Get the client id
+ *
+ * @return mixed
+ */
public function getClientId()
{
return $this->authCode['client_id'];
}
+ /**
+ * Get the scope
+ *
+ * @return string
+ */
public function getScope()
{
return isset($this->authCode['scope']) ? $this->authCode['scope'] : null;
}
+ /**
+ * Get the user id
+ *
+ * @return mixed
+ */
public function getUserId()
{
return isset($this->authCode['user_id']) ? $this->authCode['user_id'] : null;
}
+ /**
+ * Create access token
+ *
+ * @param AccessTokenInterface $accessToken
+ * @param mixed $client_id - client identifier related to the access token.
+ * @param mixed $user_id - user id associated with the access token
+ * @param string $scope - scopes to be stored in space-separated string.
+ * @return array
+ */
public function createAccessToken(AccessTokenInterface $accessToken, $client_id, $user_id, $scope)
{
$token = $accessToken->createAccessToken($client_id, $user_id, $scope);
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/ClientCredentials.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/ClientCredentials.php
index f953e4e8d..e135c2dd2 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/ClientCredentials.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/ClientCredentials.php
@@ -9,12 +9,19 @@ use OAuth2\Storage\ClientCredentialsInterface;
/**
* @author Brent Shaffer <bshafs at gmail dot com>
*
- * @see OAuth2\ClientAssertionType_HttpBasic
+ * @see HttpBasic
*/
class ClientCredentials extends HttpBasic implements GrantTypeInterface
{
+ /**
+ * @var array
+ */
private $clientData;
+ /**
+ * @param ClientCredentialsInterface $storage
+ * @param array $config
+ */
public function __construct(ClientCredentialsInterface $storage, array $config = array())
{
/**
@@ -27,11 +34,21 @@ class ClientCredentials extends HttpBasic implements GrantTypeInterface
parent::__construct($storage, $config);
}
- public function getQuerystringIdentifier()
+ /**
+ * Get query string identifier
+ *
+ * @return string
+ */
+ public function getQueryStringIdentifier()
{
return 'client_credentials';
}
+ /**
+ * Get scope
+ *
+ * @return string|null
+ */
public function getScope()
{
$this->loadClientData();
@@ -39,6 +56,11 @@ class ClientCredentials extends HttpBasic implements GrantTypeInterface
return isset($this->clientData['scope']) ? $this->clientData['scope'] : null;
}
+ /**
+ * Get user id
+ *
+ * @return mixed
+ */
public function getUserId()
{
$this->loadClientData();
@@ -46,6 +68,15 @@ class ClientCredentials extends HttpBasic implements GrantTypeInterface
return isset($this->clientData['user_id']) ? $this->clientData['user_id'] : null;
}
+ /**
+ * Create access token
+ *
+ * @param AccessTokenInterface $accessToken
+ * @param mixed $client_id - client identifier related to the access token.
+ * @param mixed $user_id - user id associated with the access token
+ * @param string $scope - scopes to be stored in space-separated string.
+ * @return array
+ */
public function createAccessToken(AccessTokenInterface $accessToken, $client_id, $user_id, $scope)
{
/**
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/GrantTypeInterface.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/GrantTypeInterface.php
index 98489e9c1..f45786ff5 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/GrantTypeInterface.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/GrantTypeInterface.php
@@ -11,10 +11,49 @@ use OAuth2\ResponseInterface;
*/
interface GrantTypeInterface
{
- public function getQuerystringIdentifier();
+ /**
+ * Get query string identifier
+ *
+ * @return string
+ */
+ public function getQueryStringIdentifier();
+
+ /**
+ * @param RequestInterface $request
+ * @param ResponseInterface $response
+ * @return mixed
+ */
public function validateRequest(RequestInterface $request, ResponseInterface $response);
+
+ /**
+ * Get client id
+ *
+ * @return mixed
+ */
public function getClientId();
+
+ /**
+ * Get user id
+ *
+ * @return mixed
+ */
public function getUserId();
+
+ /**
+ * Get scope
+ *
+ * @return string|null
+ */
public function getScope();
+
+ /**
+ * Create access token
+ *
+ * @param AccessTokenInterface $accessToken
+ * @param mixed $client_id - client identifier related to the access token.
+ * @param mixed $user_id - user id associated with the access token
+ * @param string $scope - scopes to be stored in space-separated string.
+ * @return array
+ */
public function createAccessToken(AccessTokenInterface $accessToken, $client_id, $user_id, $scope);
}
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/JwtBearer.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/JwtBearer.php
index bb11a6954..62c1efabd 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/JwtBearer.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/JwtBearer.php
@@ -30,10 +30,12 @@ class JwtBearer implements GrantTypeInterface, ClientAssertionTypeInterface
/**
* Creates an instance of the JWT bearer grant type.
*
- * @param OAuth2\Storage\JWTBearerInterface|JwtBearerInterface $storage A valid storage interface that implements storage hooks for the JWT bearer grant type.
- * @param string $audience The audience to validate the token against. This is usually the full URI of the OAuth token requests endpoint.
- * @param EncryptionInterface|OAuth2\Encryption\JWT $jwtUtil OPTONAL The class used to decode, encode and verify JWTs.
- * @param array $config
+ * @param JwtBearerInterface $storage - A valid storage interface that implements storage hooks for the JWT
+ * bearer grant type.
+ * @param string $audience - The audience to validate the token against. This is usually the full
+ * URI of the OAuth token requests endpoint.
+ * @param EncryptionInterface|JWT $jwtUtil - OPTONAL The class used to decode, encode and verify JWTs.
+ * @param array $config
*/
public function __construct(JwtBearerInterface $storage, $audience, EncryptionInterface $jwtUtil = null, array $config = array())
{
@@ -56,12 +58,11 @@ class JwtBearer implements GrantTypeInterface, ClientAssertionTypeInterface
/**
* Returns the grant_type get parameter to identify the grant type request as JWT bearer authorization grant.
*
- * @return
- * The string identifier for grant_type.
+ * @return string - The string identifier for grant_type.
*
- * @see OAuth2\GrantType\GrantTypeInterface::getQuerystringIdentifier()
+ * @see GrantTypeInterface::getQueryStringIdentifier()
*/
- public function getQuerystringIdentifier()
+ public function getQueryStringIdentifier()
{
return 'urn:ietf:params:oauth:grant-type:jwt-bearer';
}
@@ -69,10 +70,9 @@ class JwtBearer implements GrantTypeInterface, ClientAssertionTypeInterface
/**
* Validates the data from the decoded JWT.
*
- * @return
- * TRUE if the JWT request is valid and can be decoded. Otherwise, FALSE is returned.
- *
- * @see OAuth2\GrantType\GrantTypeInterface::getTokenData()
+ * @param RequestInterface $request
+ * @param ResponseInterface $response
+ * @return bool|mixed|null TRUE if the JWT request is valid and can be decoded. Otherwise, FALSE is returned.@see GrantTypeInterface::getTokenData()
*/
public function validateRequest(RequestInterface $request, ResponseInterface $response)
{
@@ -196,16 +196,31 @@ class JwtBearer implements GrantTypeInterface, ClientAssertionTypeInterface
return true;
}
+ /**
+ * Get client id
+ *
+ * @return mixed
+ */
public function getClientId()
{
return $this->jwt['iss'];
}
+ /**
+ * Get user id
+ *
+ * @return mixed
+ */
public function getUserId()
{
return $this->jwt['sub'];
}
+ /**
+ * Get scope
+ *
+ * @return null
+ */
public function getScope()
{
return null;
@@ -215,7 +230,13 @@ class JwtBearer implements GrantTypeInterface, ClientAssertionTypeInterface
* Creates an access token that is NOT associated with a refresh token.
* If a subject (sub) the name of the user/account we are accessing data on behalf of.
*
- * @see OAuth2\GrantType\GrantTypeInterface::createAccessToken()
+ * @see GrantTypeInterface::createAccessToken()
+ *
+ * @param AccessTokenInterface $accessToken
+ * @param mixed $client_id - client identifier related to the access token.
+ * @param mixed $user_id - user id associated with the access token
+ * @param string $scope - scopes to be stored in space-separated string.
+ * @return array
*/
public function createAccessToken(AccessTokenInterface $accessToken, $client_id, $user_id, $scope)
{
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/RefreshToken.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/RefreshToken.php
index e55385222..75c611f1d 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/RefreshToken.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/RefreshToken.php
@@ -8,25 +8,34 @@ use OAuth2\RequestInterface;
use OAuth2\ResponseInterface;
/**
- *
* @author Brent Shaffer <bshafs at gmail dot com>
*/
class RefreshToken implements GrantTypeInterface
{
+ /**
+ * @var array
+ */
private $refreshToken;
+ /**
+ * @var RefreshTokenInterface
+ */
protected $storage;
+
+ /**
+ * @var array
+ */
protected $config;
/**
- * @param OAuth2\Storage\RefreshTokenInterface $storage REQUIRED Storage class for retrieving refresh token information
- * @param array $config OPTIONAL Configuration options for the server
- * <code>
- * $config = array(
- * 'always_issue_new_refresh_token' => true, // whether to issue a new refresh token upon successful token request
- * 'unset_refresh_token_after_use' => true // whether to unset the refresh token after after using
- * );
- * </code>
+ * @param RefreshTokenInterface $storage - REQUIRED Storage class for retrieving refresh token information
+ * @param array $config - OPTIONAL Configuration options for the server
+ * @code
+ * $config = array(
+ * 'always_issue_new_refresh_token' => true, // whether to issue a new refresh token upon successful token request
+ * 'unset_refresh_token_after_use' => true // whether to unset the refresh token after after using
+ * );
+ * @endcode
*/
public function __construct(RefreshTokenInterface $storage, $config = array())
{
@@ -45,11 +54,21 @@ class RefreshToken implements GrantTypeInterface
$this->storage = $storage;
}
- public function getQuerystringIdentifier()
+ /**
+ * @return string
+ */
+ public function getQueryStringIdentifier()
{
return 'refresh_token';
}
+ /**
+ * Validate the OAuth request
+ *
+ * @param RequestInterface $request
+ * @param ResponseInterface $response
+ * @return bool|mixed|null
+ */
public function validateRequest(RequestInterface $request, ResponseInterface $response)
{
if (!$request->request("refresh_token")) {
@@ -76,21 +95,45 @@ class RefreshToken implements GrantTypeInterface
return true;
}
+ /**
+ * Get client id
+ *
+ * @return mixed
+ */
public function getClientId()
{
return $this->refreshToken['client_id'];
}
+ /**
+ * Get user id
+ *
+ * @return mixed|null
+ */
public function getUserId()
{
return isset($this->refreshToken['user_id']) ? $this->refreshToken['user_id'] : null;
}
+ /**
+ * Get scope
+ *
+ * @return null|string
+ */
public function getScope()
{
return isset($this->refreshToken['scope']) ? $this->refreshToken['scope'] : null;
}
+ /**
+ * Create access token
+ *
+ * @param AccessTokenInterface $accessToken
+ * @param mixed $client_id - client identifier related to the access token.
+ * @param mixed $user_id - user id associated with the access token
+ * @param string $scope - scopes to be stored in space-separated string.
+ * @return array
+ */
public function createAccessToken(AccessTokenInterface $accessToken, $client_id, $user_id, $scope)
{
/*
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/UserCredentials.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/UserCredentials.php
index f165538ba..b10c2dd09 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/UserCredentials.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/UserCredentials.php
@@ -6,30 +6,46 @@ use OAuth2\Storage\UserCredentialsInterface;
use OAuth2\ResponseType\AccessTokenInterface;
use OAuth2\RequestInterface;
use OAuth2\ResponseInterface;
+use LogicException;
/**
- *
* @author Brent Shaffer <bshafs at gmail dot com>
*/
class UserCredentials implements GrantTypeInterface
{
+ /**
+ * @var array
+ */
private $userInfo;
+ /**
+ * @var UserCredentialsInterface
+ */
protected $storage;
/**
- * @param OAuth2\Storage\UserCredentialsInterface $storage REQUIRED Storage class for retrieving user credentials information
+ * @param UserCredentialsInterface $storage - REQUIRED Storage class for retrieving user credentials information
*/
public function __construct(UserCredentialsInterface $storage)
{
$this->storage = $storage;
}
- public function getQuerystringIdentifier()
+ /**
+ * @return string
+ */
+ public function getQueryStringIdentifier()
{
return 'password';
}
+ /**
+ * @param RequestInterface $request
+ * @param ResponseInterface $response
+ * @return bool|mixed|null
+ *
+ * @throws LogicException
+ */
public function validateRequest(RequestInterface $request, ResponseInterface $response)
{
if (!$request->request("password") || !$request->request("username")) {
@@ -61,21 +77,45 @@ class UserCredentials implements GrantTypeInterface
return true;
}
+ /**
+ * Get client id
+ *
+ * @return mixed|null
+ */
public function getClientId()
{
return null;
}
+ /**
+ * Get user id
+ *
+ * @return mixed
+ */
public function getUserId()
{
return $this->userInfo['user_id'];
}
+ /**
+ * Get scope
+ *
+ * @return null|string
+ */
public function getScope()
{
return isset($this->userInfo['scope']) ? $this->userInfo['scope'] : null;
}
+ /**
+ * Create access token
+ *
+ * @param AccessTokenInterface $accessToken
+ * @param mixed $client_id - client identifier related to the access token.
+ * @param mixed $user_id - user id associated with the access token
+ * @param string $scope - scopes to be stored in space-separated string.
+ * @return array
+ */
public function createAccessToken(AccessTokenInterface $accessToken, $client_id, $user_id, $scope)
{
return $accessToken->createAccessToken($client_id, $user_id, $scope);
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeController.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeController.php
index c9b5c6af7..54c5f9a63 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeController.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeController.php
@@ -11,8 +11,19 @@ use OAuth2\ResponseInterface;
*/
class AuthorizeController extends BaseAuthorizeController implements AuthorizeControllerInterface
{
+ /**
+ * @var mixed
+ */
private $nonce;
+ /**
+ * Set not authorized response
+ *
+ * @param RequestInterface $request
+ * @param ResponseInterface $response
+ * @param string $redirect_uri
+ * @param null $user_id
+ */
protected function setNotAuthorizedResponse(RequestInterface $request, ResponseInterface $response, $redirect_uri, $user_id = null)
{
$prompt = $request->query('prompt', 'consent');
@@ -32,6 +43,14 @@ class AuthorizeController extends BaseAuthorizeController implements AuthorizeCo
$response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $this->getState(), $error, $error_message);
}
+ /**
+ * @TODO: add dependency injection for the parameters in this method
+ *
+ * @param RequestInterface $request
+ * @param ResponseInterface $response
+ * @param mixed $user_id
+ * @return array
+ */
protected function buildAuthorizeParameters($request, $response, $user_id)
{
if (!$params = parent::buildAuthorizeParameters($request, $response, $user_id)) {
@@ -49,6 +68,11 @@ class AuthorizeController extends BaseAuthorizeController implements AuthorizeCo
return $params;
}
+ /**
+ * @param RequestInterface $request
+ * @param ResponseInterface $response
+ * @return bool
+ */
public function validateAuthorizeRequest(RequestInterface $request, ResponseInterface $response)
{
if (!parent::validateAuthorizeRequest($request, $response)) {
@@ -69,6 +93,11 @@ class AuthorizeController extends BaseAuthorizeController implements AuthorizeCo
return true;
}
+ /**
+ * Array of valid response types
+ *
+ * @return array
+ */
protected function getValidResponseTypes()
{
return array(
@@ -87,11 +116,8 @@ class AuthorizeController extends BaseAuthorizeController implements AuthorizeCo
* method checks whether OpenID Connect is enabled in the server settings
* and whether the openid scope was requested.
*
- * @param $request_scope
- * A space-separated string of scopes.
- *
- * @return
- * TRUE if an id token is needed, FALSE otherwise.
+ * @param string $request_scope - A space-separated string of scopes.
+ * @return boolean - TRUE if an id token is needed, FALSE otherwise.
*/
public function needsIdToken($request_scope)
{
@@ -99,6 +125,9 @@ class AuthorizeController extends BaseAuthorizeController implements AuthorizeCo
return $this->scopeUtil->checkScope('openid', $request_scope);
}
+ /**
+ * @return mixed
+ */
public function getNonce()
{
return $this->nonce;
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeControllerInterface.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeControllerInterface.php
index 1e231d844..b4967c317 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeControllerInterface.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeControllerInterface.php
@@ -5,6 +5,8 @@ namespace OAuth2\OpenID\Controller;
interface AuthorizeControllerInterface
{
const RESPONSE_TYPE_ID_TOKEN = 'id_token';
+
const RESPONSE_TYPE_ID_TOKEN_TOKEN = 'id_token token';
+
const RESPONSE_TYPE_CODE_ID_TOKEN = 'code id_token';
}
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/UserInfoController.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/UserInfoController.php
index 30cb942d0..c489b7af3 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/UserInfoController.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/UserInfoController.php
@@ -16,30 +16,34 @@ use OAuth2\ResponseInterface;
*/
class UserInfoController extends ResourceController implements UserInfoControllerInterface
{
- private $token;
-
- protected $tokenType;
- protected $tokenStorage;
+ /**
+ * @var UserClaimsInterface
+ */
protected $userClaimsStorage;
- protected $config;
- protected $scopeUtil;
+ /**
+ * Constructor
+ *
+ * @param TokenTypeInterface $tokenType
+ * @param AccessTokenInterface $tokenStorage
+ * @param UserClaimsInterface $userClaimsStorage
+ * @param array $config
+ * @param ScopeInterface $scopeUtil
+ */
public function __construct(TokenTypeInterface $tokenType, AccessTokenInterface $tokenStorage, UserClaimsInterface $userClaimsStorage, $config = array(), ScopeInterface $scopeUtil = null)
{
- $this->tokenType = $tokenType;
- $this->tokenStorage = $tokenStorage;
- $this->userClaimsStorage = $userClaimsStorage;
-
- $this->config = array_merge(array(
- 'www_realm' => 'Service',
- ), $config);
+ parent::__construct($tokenType, $tokenStorage, $config, $scopeUtil);
- if (is_null($scopeUtil)) {
- $scopeUtil = new Scope();
- }
- $this->scopeUtil = $scopeUtil;
+ $this->userClaimsStorage = $userClaimsStorage;
}
+ /**
+ * Handle the user info request
+ *
+ * @param RequestInterface $request
+ * @param ResponseInterface $response
+ * @return void
+ */
public function handleUserInfoRequest(RequestInterface $request, ResponseInterface $response)
{
if (!$this->verifyResourceRequest($request, $response, 'openid')) {
@@ -55,4 +59,4 @@ class UserInfoController extends ResourceController implements UserInfoControlle
);
$response->addParameters($claims);
}
-}
+} \ No newline at end of file
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/UserInfoControllerInterface.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/UserInfoControllerInterface.php
index a89049d49..88e9228d0 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/UserInfoControllerInterface.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/UserInfoControllerInterface.php
@@ -9,15 +9,22 @@ use OAuth2\ResponseInterface;
* This controller is called when the user claims for OpenID Connect's
* UserInfo endpoint should be returned.
*
- * ex:
- * > $response = new OAuth2\Response();
- * > $userInfoController->handleUserInfoRequest(
- * > OAuth2\Request::createFromGlobals(),
- * > $response;
- * > $response->send();
- *
+ * @code
+ * $response = new OAuth2\Response();
+ * $userInfoController->handleUserInfoRequest(
+ * OAuth2\Request::createFromGlobals(),
+ * $response
+ * );
+ * $response->send();
+ * @endcode
*/
interface UserInfoControllerInterface
{
+ /**
+ * Handle user info request
+ *
+ * @param RequestInterface $request
+ * @param ResponseInterface $response
+ */
public function handleUserInfoRequest(RequestInterface $request, ResponseInterface $response);
}
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/GrantType/AuthorizationCode.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/GrantType/AuthorizationCode.php
index 8ed1edc26..ee113a0e5 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/GrantType/AuthorizationCode.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/GrantType/AuthorizationCode.php
@@ -6,11 +6,19 @@ use OAuth2\GrantType\AuthorizationCode as BaseAuthorizationCode;
use OAuth2\ResponseType\AccessTokenInterface;
/**
- *
* @author Brent Shaffer <bshafs at gmail dot com>
*/
class AuthorizationCode extends BaseAuthorizationCode
{
+ /**
+ * Create access token
+ *
+ * @param AccessTokenInterface $accessToken
+ * @param mixed $client_id - client identifier related to the access token.
+ * @param mixed $user_id - user id associated with the access token
+ * @param string $scope - scopes to be stored in space-separated string.
+ * @return array
+ */
public function createAccessToken(AccessTokenInterface $accessToken, $client_id, $user_id, $scope)
{
$includeRefreshToken = true;
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/AuthorizationCode.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/AuthorizationCode.php
index 8971954c5..b8ad41ffb 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/AuthorizationCode.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/AuthorizationCode.php
@@ -6,16 +6,26 @@ use OAuth2\ResponseType\AuthorizationCode as BaseAuthorizationCode;
use OAuth2\OpenID\Storage\AuthorizationCodeInterface as AuthorizationCodeStorageInterface;
/**
- *
* @author Brent Shaffer <bshafs at gmail dot com>
*/
class AuthorizationCode extends BaseAuthorizationCode implements AuthorizationCodeInterface
{
+ /**
+ * Constructor
+ *
+ * @param AuthorizationCodeStorageInterface $storage
+ * @param array $config
+ */
public function __construct(AuthorizationCodeStorageInterface $storage, array $config = array())
{
parent::__construct($storage, $config);
}
+ /**
+ * @param $params
+ * @param null $user_id
+ * @return array
+ */
public function getAuthorizeResponse($params, $user_id = null)
{
// build the URL to redirect to
@@ -35,18 +45,14 @@ class AuthorizationCode extends BaseAuthorizationCode implements AuthorizationCo
/**
* Handle the creation of the authorization code.
*
- * @param $client_id
- * Client identifier related to the authorization code
- * @param $user_id
- * User ID associated with the authorization code
- * @param $redirect_uri
- * An absolute URI to which the authorization server will redirect the
- * user-agent to when the end-user authorization step is completed.
- * @param $scope
- * (optional) Scopes to be stored in space-separated string.
- * @param $id_token
- * (optional) The OpenID Connect id_token.
+ * @param mixed $client_id - Client identifier related to the authorization code
+ * @param mixed $user_id - User ID associated with the authorization code
+ * @param string $redirect_uri - An absolute URI to which the authorization server will redirect the
+ * user-agent to when the end-user authorization step is completed.
+ * @param string $scope - OPTIONAL Scopes to be stored in space-separated string.
+ * @param string $id_token - OPTIONAL The OpenID Connect id_token.
*
+ * @return string
* @see http://tools.ietf.org/html/rfc6749#section-4
* @ingroup oauth2_section_4
*/
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/AuthorizationCodeInterface.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/AuthorizationCodeInterface.php
index ea4779255..eb94ef077 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/AuthorizationCodeInterface.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/AuthorizationCodeInterface.php
@@ -5,7 +5,6 @@ namespace OAuth2\OpenID\ResponseType;
use OAuth2\ResponseType\AuthorizationCodeInterface as BaseAuthorizationCodeInterface;
/**
- *
* @author Brent Shaffer <bshafs at gmail dot com>
*/
interface AuthorizationCodeInterface extends BaseAuthorizationCodeInterface
@@ -13,12 +12,13 @@ interface AuthorizationCodeInterface extends BaseAuthorizationCodeInterface
/**
* Handle the creation of the authorization code.
*
- * @param $client_id Client identifier related to the authorization code
- * @param $user_id User ID associated with the authorization code
- * @param $redirect_uri An absolute URI to which the authorization server will redirect the
- * user-agent to when the end-user authorization step is completed.
- * @param $scope OPTIONAL Scopes to be stored in space-separated string.
- * @param $id_token OPTIONAL The OpenID Connect id_token.
+ * @param mixed $client_id - Client identifier related to the authorization code
+ * @param mixed $user_id - User ID associated with the authorization code
+ * @param string $redirect_uri - An absolute URI to which the authorization server will redirect the
+ * user-agent to when the end-user authorization step is completed.
+ * @param string $scope - OPTIONAL Scopes to be stored in space-separated string.
+ * @param string $id_token - OPTIONAL The OpenID Connect id_token.
+ * @return string
*
* @see http://tools.ietf.org/html/rfc6749#section-4
* @ingroup oauth2_section_4
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/CodeIdToken.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/CodeIdToken.php
index ac7764d6c..2696ada37 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/CodeIdToken.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/CodeIdToken.php
@@ -4,15 +4,31 @@ namespace OAuth2\OpenID\ResponseType;
class CodeIdToken implements CodeIdTokenInterface
{
+ /**
+ * @var AuthorizationCodeInterface
+ */
protected $authCode;
+
+ /**
+ * @var IdTokenInterface
+ */
protected $idToken;
+ /**
+ * @param AuthorizationCodeInterface $authCode
+ * @param IdTokenInterface $idToken
+ */
public function __construct(AuthorizationCodeInterface $authCode, IdTokenInterface $idToken)
{
$this->authCode = $authCode;
$this->idToken = $idToken;
}
+ /**
+ * @param array $params
+ * @param mixed $user_id
+ * @return mixed
+ */
public function getAuthorizeResponse($params, $user_id = null)
{
$result = $this->authCode->getAuthorizeResponse($params, $user_id);
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/IdToken.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/IdToken.php
index 97777fbf2..55e446074 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/IdToken.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/IdToken.php
@@ -6,14 +6,38 @@ use OAuth2\Encryption\EncryptionInterface;
use OAuth2\Encryption\Jwt;
use OAuth2\Storage\PublicKeyInterface;
use OAuth2\OpenID\Storage\UserClaimsInterface;
+use LogicException;
class IdToken implements IdTokenInterface
{
+ /**
+ * @var UserClaimsInterface
+ */
protected $userClaimsStorage;
+ /**
+ * @var PublicKeyInterface
+ */
protected $publicKeyStorage;
+
+ /**
+ * @var array
+ */
protected $config;
+
+ /**
+ * @var EncryptionInterface
+ */
protected $encryptionUtil;
+ /**
+ * Constructor
+ *
+ * @param UserClaimsInterface $userClaimsStorage
+ * @param PublicKeyInterface $publicKeyStorage
+ * @param array $config
+ * @param EncryptionInterface $encryptionUtil
+ * @throws LogicException
+ */
public function __construct(UserClaimsInterface $userClaimsStorage, PublicKeyInterface $publicKeyStorage, array $config = array(), EncryptionInterface $encryptionUtil = null)
{
$this->userClaimsStorage = $userClaimsStorage;
@@ -24,13 +48,18 @@ class IdToken implements IdTokenInterface
$this->encryptionUtil = $encryptionUtil;
if (!isset($config['issuer'])) {
- throw new \LogicException('config parameter "issuer" must be set');
+ throw new LogicException('config parameter "issuer" must be set');
}
$this->config = array_merge(array(
'id_lifetime' => 3600,
), $config);
}
+ /**
+ * @param array $params
+ * @param null $userInfo
+ * @return array|mixed
+ */
public function getAuthorizeResponse($params, $userInfo = null)
{
// build the URL to redirect to
@@ -50,6 +79,16 @@ class IdToken implements IdTokenInterface
return array($params['redirect_uri'], $result);
}
+ /**
+ * Create id token
+ *
+ * @param string $client_id
+ * @param mixed $userInfo
+ * @param mixed $nonce
+ * @param mixed $userClaims
+ * @param mixed $access_token
+ * @return mixed|string
+ */
public function createIdToken($client_id, $userInfo, $nonce = null, $userClaims = null, $access_token = null)
{
// pull auth_time from user info if supplied
@@ -79,6 +118,11 @@ class IdToken implements IdTokenInterface
return $this->encodeToken($token, $client_id);
}
+ /**
+ * @param $access_token
+ * @param null $client_id
+ * @return mixed|string
+ */
protected function createAtHash($access_token, $client_id = null)
{
// maps HS256 and RS256 to sha256, etc.
@@ -90,6 +134,11 @@ class IdToken implements IdTokenInterface
return $this->encryptionUtil->urlSafeB64Encode($at_hash);
}
+ /**
+ * @param array $token
+ * @param null $client_id
+ * @return mixed|string
+ */
protected function encodeToken(array $token, $client_id = null)
{
$private_key = $this->publicKeyStorage->getPrivateKey($client_id);
@@ -98,6 +147,11 @@ class IdToken implements IdTokenInterface
return $this->encryptionUtil->encode($token, $private_key, $algorithm);
}
+ /**
+ * @param $userInfo
+ * @return array
+ * @throws LogicException
+ */
private function getUserIdAndAuthTime($userInfo)
{
$auth_time = null;
@@ -105,7 +159,7 @@ class IdToken implements IdTokenInterface
// support an array for user_id / auth_time
if (is_array($userInfo)) {
if (!isset($userInfo['user_id'])) {
- throw new \LogicException('if $user_id argument is an array, user_id index must be set');
+ throw new LogicException('if $user_id argument is an array, user_id index must be set');
}
$auth_time = isset($userInfo['auth_time']) ? $userInfo['auth_time'] : null;
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/IdTokenInterface.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/IdTokenInterface.php
index 0bd2f8391..226a3bcbb 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/IdTokenInterface.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/IdTokenInterface.php
@@ -15,12 +15,13 @@ interface IdTokenInterface extends ResponseTypeInterface
* If the Implicit Flow is used, the token and id_token are generated and
* returned together.
*
- * @param string $client_id The client id.
- * @param string $user_id The user id.
- * @param string $nonce OPTIONAL The nonce.
- * @param string $userClaims OPTIONAL Claims about the user.
- * @param string $access_token OPTIONAL The access token, if known.
- *
+ * @param string $client_id - The client id.
+ * @param mixed $userInfo - User info
+ * @param string $nonce - OPTIONAL The nonce.
+ * @param string $userClaims - OPTIONAL Claims about the user.
+ * @param string $access_token - OPTIONAL The access token, if known.
+
+ * @internal param string $user_id - The user id.
* @return string The ID Token represented as a JSON Web Token (JWT).
*
* @see http://openid.net/specs/openid-connect-core-1_0.html#IDToken
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/IdTokenToken.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/IdTokenToken.php
index f0c59799b..94c51ae4d 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/IdTokenToken.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/IdTokenToken.php
@@ -6,15 +6,33 @@ use OAuth2\ResponseType\AccessTokenInterface;
class IdTokenToken implements IdTokenTokenInterface
{
+ /**
+ * @var AccessTokenInterface
+ */
protected $accessToken;
+
+ /**
+ * @var IdTokenInterface
+ */
protected $idToken;
+ /**
+ * Constructor
+ *
+ * @param AccessTokenInterface $accessToken
+ * @param IdTokenInterface $idToken
+ */
public function __construct(AccessTokenInterface $accessToken, IdTokenInterface $idToken)
{
$this->accessToken = $accessToken;
$this->idToken = $idToken;
}
+ /**
+ * @param array $params
+ * @param mixed $user_id
+ * @return mixed
+ */
public function getAuthorizeResponse($params, $user_id = null)
{
$result = $this->accessToken->getAuthorizeResponse($params, $user_id);
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Storage/AuthorizationCodeInterface.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Storage/AuthorizationCodeInterface.php
index 51dd867ec..446cec928 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Storage/AuthorizationCodeInterface.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Storage/AuthorizationCodeInterface.php
@@ -23,13 +23,13 @@ interface AuthorizationCodeInterface extends BaseAuthorizationCodeInterface
*
* Required for OAuth2::GRANT_TYPE_AUTH_CODE.
*
- * @param $code authorization code to be stored.
- * @param $client_id client identifier to be stored.
- * @param $user_id user identifier to be stored.
- * @param string $redirect_uri redirect URI(s) to be stored in a space-separated string.
- * @param int $expires expiration to be stored as a Unix timestamp.
- * @param string $scope OPTIONAL scopes to be stored in space-separated string.
- * @param string $id_token OPTIONAL the OpenID Connect id_token.
+ * @param string $code - authorization code to be stored.
+ * @param mixed $client_id - client identifier to be stored.
+ * @param mixed $user_id - user identifier to be stored.
+ * @param string $redirect_uri - redirect URI(s) to be stored in a space-separated string.
+ * @param int $expires - expiration to be stored as a Unix timestamp.
+ * @param string $scope - OPTIONAL scopes to be stored in space-separated string.
+ * @param string $id_token - OPTIONAL the OpenID Connect id_token.
*
* @ingroup oauth2_section_4
*/
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Storage/UserClaimsInterface.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Storage/UserClaimsInterface.php
index f230bef9e..9c5e7c8c4 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Storage/UserClaimsInterface.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Storage/UserClaimsInterface.php
@@ -23,14 +23,11 @@ interface UserClaimsInterface
* Groups of claims are returned based on the requested scopes. No group
* is required, and no claim is required.
*
- * @param $user_id
- * The id of the user for which claims should be returned.
- * @param $scope
- * The requested scope.
+ * @param mixed $user_id - The id of the user for which claims should be returned.
+ * @param string $scope - The requested scope.
* Scopes with matching claims: profile, email, address, phone.
*
- * @return
- * An array in the claim => value format.
+ * @return array - An array in the claim => value format.
*
* @see http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims
*/
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Request.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Request.php
index c92cee821..c96cb972f 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Request.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Request.php
@@ -2,6 +2,8 @@
namespace OAuth2;
+use LogicException;
+
/**
* OAuth2\Request
* This class is taken from the Symfony2 Framework and is part of the Symfony package.
@@ -21,13 +23,14 @@ class Request implements RequestInterface
/**
* Constructor.
*
- * @param array $query The GET parameters
- * @param array $request The POST parameters
- * @param array $attributes The request attributes (parameters parsed from the PATH_INFO, ...)
- * @param array $cookies The COOKIE parameters
- * @param array $files The FILES parameters
- * @param array $server The SERVER parameters
- * @param string $content The raw body data
+ * @param array $query - The GET parameters
+ * @param array $request - The POST parameters
+ * @param array $attributes - The request attributes (parameters parsed from the PATH_INFO, ...)
+ * @param array $cookies - The COOKIE parameters
+ * @param array $files - The FILES parameters
+ * @param array $server - The SERVER parameters
+ * @param string $content - The raw body data
+ * @param array $headers - The headers
*
* @api
*/
@@ -41,13 +44,14 @@ class Request implements RequestInterface
*
* This method also re-initializes all properties.
*
- * @param array $query The GET parameters
- * @param array $request The POST parameters
- * @param array $attributes The request attributes (parameters parsed from the PATH_INFO, ...)
- * @param array $cookies The COOKIE parameters
- * @param array $files The FILES parameters
- * @param array $server The SERVER parameters
- * @param string $content The raw body data
+ * @param array $query - The GET parameters
+ * @param array $request - The POST parameters
+ * @param array $attributes - The request attributes (parameters parsed from the PATH_INFO, ...)
+ * @param array $cookies - The COOKIE parameters
+ * @param array $files - The FILES parameters
+ * @param array $server - The SERVER parameters
+ * @param string $content - The raw body data
+ * @param array $headers - The headers
*
* @api
*/
@@ -63,21 +67,41 @@ class Request implements RequestInterface
$this->headers = is_null($headers) ? $this->getHeadersFromServer($this->server) : $headers;
}
+ /**
+ * @param string $name
+ * @param mixed $default
+ * @return mixed
+ */
public function query($name, $default = null)
{
return isset($this->query[$name]) ? $this->query[$name] : $default;
}
+ /**
+ * @param string $name
+ * @param mixed $default
+ * @return mixed
+ */
public function request($name, $default = null)
{
return isset($this->request[$name]) ? $this->request[$name] : $default;
}
+ /**
+ * @param string $name
+ * @param mixed $default
+ * @return mixed
+ */
public function server($name, $default = null)
{
return isset($this->server[$name]) ? $this->server[$name] : $default;
}
+ /**
+ * @param string $name
+ * @param mixed $default
+ * @return mixed
+ */
public function headers($name, $default = null)
{
$headers = array_change_key_case($this->headers);
@@ -86,6 +110,9 @@ class Request implements RequestInterface
return isset($headers[$name]) ? $headers[$name] : $default;
}
+ /**
+ * @return array
+ */
public function getAllQueryParameters()
{
return $this->query;
@@ -94,14 +121,15 @@ class Request implements RequestInterface
/**
* Returns the request body content.
*
- * @param Boolean $asResource If true, a resource will be returned
+ * @param boolean $asResource - If true, a resource will be returned
+ * @return string|resource - The request body content or a resource to read the body stream.
*
- * @return string|resource The request body content or a resource to read the body stream.
+ * @throws LogicException
*/
public function getContent($asResource = false)
{
if (false === $this->content || (true === $asResource && null !== $this->content)) {
- throw new \LogicException('getContent() can only be called once when using the resource return type.');
+ throw new LogicException('getContent() can only be called once when using the resource return type.');
}
if (true === $asResource) {
@@ -117,6 +145,10 @@ class Request implements RequestInterface
return $this->content;
}
+ /**
+ * @param array $server
+ * @return array
+ */
private function getHeadersFromServer($server)
{
$headers = array();
@@ -185,13 +217,15 @@ class Request implements RequestInterface
/**
* Creates a new request with values from PHP's super globals.
*
- * @return Request A new request
+ * @return Request - A new request
*
* @api
*/
public static function createFromGlobals()
{
$class = get_called_class();
+
+ /** @var Request $request */
$request = new $class($_GET, $_POST, array(), $_COOKIE, $_FILES, $_SERVER);
$contentType = $request->server('CONTENT_TYPE', '');
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/RequestInterface.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/RequestInterface.php
index 8a70d5fad..1d036b735 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/RequestInterface.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/RequestInterface.php
@@ -4,13 +4,36 @@ namespace OAuth2;
interface RequestInterface
{
+ /**
+ * @param string $name
+ * @param mixed $default
+ * @return mixed
+ */
public function query($name, $default = null);
+ /**
+ * @param string $name
+ * @param mixed $default
+ * @return mixed
+ */
public function request($name, $default = null);
+ /**
+ * @param string $name
+ * @param mixed $default
+ * @return mixed
+ */
public function server($name, $default = null);
+ /**
+ * @param string $name
+ * @param mixed $default
+ * @return mixed
+ */
public function headers($name, $default = null);
+ /**
+ * @return mixed
+ */
public function getAllQueryParameters();
}
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Response.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Response.php
index fc1e62a98..ccd797ae7 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Response.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Response.php
@@ -2,6 +2,8 @@
namespace OAuth2;
+use InvalidArgumentException;
+
/**
* Class to handle OAuth2 Responses in a graceful way. Use this interface
* to output the proper OAuth2 responses.
@@ -13,12 +15,34 @@ namespace OAuth2;
*/
class Response implements ResponseInterface
{
+ /**
+ * @var string
+ */
public $version;
+
+ /**
+ * @var int
+ */
protected $statusCode = 200;
+
+ /**
+ * @var string
+ */
protected $statusText;
+
+ /**
+ * @var array
+ */
protected $parameters = array();
+
+ /**
+ * @var array
+ */
protected $httpHeaders = array();
+ /**
+ * @var array
+ */
public static $statusTexts = array(
100 => 'Continue',
101 => 'Switching Protocols',
@@ -63,6 +87,11 @@ class Response implements ResponseInterface
505 => 'HTTP Version Not Supported',
);
+ /**
+ * @param array $parameters
+ * @param int $statusCode
+ * @param array $headers
+ */
public function __construct($parameters = array(), $statusCode = 200, $headers = array())
{
$this->setParameters($parameters);
@@ -102,76 +131,128 @@ class Response implements ResponseInterface
return sprintf("%s: %s\n", $name, $value);
}
+ /**
+ * @return int
+ */
public function getStatusCode()
{
return $this->statusCode;
}
+ /**
+ * @param int $statusCode
+ * @param string $text
+ * @throws InvalidArgumentException
+ */
public function setStatusCode($statusCode, $text = null)
{
$this->statusCode = (int) $statusCode;
if ($this->isInvalid()) {
- throw new \InvalidArgumentException(sprintf('The HTTP status code "%s" is not valid.', $statusCode));
+ throw new InvalidArgumentException(sprintf('The HTTP status code "%s" is not valid.', $statusCode));
}
$this->statusText = false === $text ? '' : (null === $text ? self::$statusTexts[$this->statusCode] : $text);
}
+ /**
+ * @return string
+ */
public function getStatusText()
{
return $this->statusText;
}
+ /**
+ * @return array
+ */
public function getParameters()
{
return $this->parameters;
}
+ /**
+ * @param array $parameters
+ */
public function setParameters(array $parameters)
{
$this->parameters = $parameters;
}
+ /**
+ * @param array $parameters
+ */
public function addParameters(array $parameters)
{
$this->parameters = array_merge($this->parameters, $parameters);
}
+ /**
+ * @param string $name
+ * @param mixed $default
+ * @return mixed
+ */
public function getParameter($name, $default = null)
{
return isset($this->parameters[$name]) ? $this->parameters[$name] : $default;
}
+ /**
+ * @param string $name
+ * @param mixed $value
+ */
public function setParameter($name, $value)
{
$this->parameters[$name] = $value;
}
+ /**
+ * @param array $httpHeaders
+ */
public function setHttpHeaders(array $httpHeaders)
{
$this->httpHeaders = $httpHeaders;
}
+ /**
+ * @param string $name
+ * @param mixed $value
+ */
public function setHttpHeader($name, $value)
{
$this->httpHeaders[$name] = $value;
}
+ /**
+ * @param array $httpHeaders
+ */
public function addHttpHeaders(array $httpHeaders)
{
$this->httpHeaders = array_merge($this->httpHeaders, $httpHeaders);
}
+ /**
+ * @return array
+ */
public function getHttpHeaders()
{
return $this->httpHeaders;
}
+ /**
+ * @param string $name
+ * @param mixed $default
+ * @return mixed
+ */
public function getHttpHeader($name, $default = null)
{
return isset($this->httpHeaders[$name]) ? $this->httpHeaders[$name] : $default;
}
+ /**
+ * @param string $format
+ * @return mixed
+ * @throws InvalidArgumentException
+ */
public function getResponseBody($format = 'json')
{
switch ($format) {
@@ -187,10 +268,13 @@ class Response implements ResponseInterface
return $xml->asXML();
}
- throw new \InvalidArgumentException(sprintf('The format %s is not supported', $format));
+ throw new InvalidArgumentException(sprintf('The format %s is not supported', $format));
}
+ /**
+ * @param string $format
+ */
public function send($format = 'json')
{
// headers have already been sent by the developer
@@ -215,6 +299,14 @@ class Response implements ResponseInterface
echo $this->getResponseBody($format);
}
+ /**
+ * @param int $statusCode
+ * @param string $error
+ * @param string $errorDescription
+ * @param string $errorUri
+ * @return mixed
+ * @throws InvalidArgumentException
+ */
public function setError($statusCode, $error, $errorDescription = null, $errorUri = null)
{
$parameters = array(
@@ -239,14 +331,24 @@ class Response implements ResponseInterface
$this->addHttpHeaders($httpHeaders);
if (!$this->isClientError() && !$this->isServerError()) {
- throw new \InvalidArgumentException(sprintf('The HTTP status code is not an error ("%s" given).', $statusCode));
+ throw new InvalidArgumentException(sprintf('The HTTP status code is not an error ("%s" given).', $statusCode));
}
}
+ /**
+ * @param int $statusCode
+ * @param string $url
+ * @param string $state
+ * @param string $error
+ * @param string $errorDescription
+ * @param string $errorUri
+ * @return mixed
+ * @throws InvalidArgumentException
+ */
public function setRedirect($statusCode, $url, $state = null, $error = null, $errorDescription = null, $errorUri = null)
{
if (empty($url)) {
- throw new \InvalidArgumentException('Cannot redirect to an empty URL.');
+ throw new InvalidArgumentException('Cannot redirect to an empty URL.');
}
$parameters = array();
@@ -271,15 +373,16 @@ class Response implements ResponseInterface
$this->addHttpHeaders(array('Location' => $url));
if (!$this->isRedirection()) {
- throw new \InvalidArgumentException(sprintf('The HTTP status code is not a redirect ("%s" given).', $statusCode));
+ throw new InvalidArgumentException(sprintf('The HTTP status code is not a redirect ("%s" given).', $statusCode));
}
}
- // http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
/**
* @return Boolean
*
* @api
+ *
+ * @see http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
*/
public function isInvalid()
{
@@ -336,8 +439,11 @@ class Response implements ResponseInterface
return $this->statusCode >= 500 && $this->statusCode < 600;
}
- /*
- * Functions from Symfony2 HttpFoundation - output pretty header
+ /**
+ * Function from Symfony2 HttpFoundation - output pretty header
+ *
+ * @param array $headers
+ * @return string
*/
private function getHttpHeadersAsString($headers)
{
@@ -357,11 +463,23 @@ class Response implements ResponseInterface
return $content;
}
+ /**
+ * Function from Symfony2 HttpFoundation - output pretty header
+ *
+ * @param string $name
+ * @return mixed
+ */
private function beautifyHeaderName($name)
{
return preg_replace_callback('/\-(.)/', array($this, 'beautifyCallback'), ucfirst($name));
}
+ /**
+ * Function from Symfony2 HttpFoundation - output pretty header
+ *
+ * @param array $match
+ * @return string
+ */
private function beautifyCallback($match)
{
return '-'.strtoupper($match[1]);
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseInterface.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseInterface.php
index c99b5f7d1..fe920864a 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseInterface.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseInterface.php
@@ -6,19 +6,48 @@ namespace OAuth2;
* Interface which represents an object response. Meant to handle and display the proper OAuth2 Responses
* for errors and successes
*
- * @see OAuth2\Response
+ * @see \OAuth2\Response
*/
interface ResponseInterface
{
+ /**
+ * @param array $parameters
+ */
public function addParameters(array $parameters);
+ /**
+ * @param array $httpHeaders
+ */
public function addHttpHeaders(array $httpHeaders);
+ /**
+ * @param int $statusCode
+ */
public function setStatusCode($statusCode);
+ /**
+ * @param int $statusCode
+ * @param string $name
+ * @param string $description
+ * @param string $uri
+ * @return mixed
+ */
public function setError($statusCode, $name, $description = null, $uri = null);
+ /**
+ * @param int $statusCode
+ * @param string $url
+ * @param string $state
+ * @param string $error
+ * @param string $errorDescription
+ * @param string $errorUri
+ * @return mixed
+ */
public function setRedirect($statusCode, $url, $state = null, $error = null, $errorDescription = null, $errorUri = null);
+ /**
+ * @param string $name
+ * @return mixed
+ */
public function getParameter($name);
}
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AccessToken.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AccessToken.php
index 98f51218f..e836a3447 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AccessToken.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AccessToken.php
@@ -4,28 +4,39 @@ namespace OAuth2\ResponseType;
use OAuth2\Storage\AccessTokenInterface as AccessTokenStorageInterface;
use OAuth2\Storage\RefreshTokenInterface;
+use RuntimeException;
/**
- *
* @author Brent Shaffer <bshafs at gmail dot com>
*/
class AccessToken implements AccessTokenInterface
{
+ /**
+ * @var AccessTokenInterface
+ */
protected $tokenStorage;
+
+ /**
+ * @var RefreshTokenInterface
+ */
protected $refreshStorage;
+
+ /**
+ * @var array
+ */
protected $config;
/**
- * @param OAuth2\Storage\AccessTokenInterface $tokenStorage REQUIRED Storage class for saving access token information
- * @param OAuth2\Storage\RefreshTokenInterface $refreshStorage OPTIONAL Storage class for saving refresh token information
- * @param array $config OPTIONAL Configuration options for the server
- * <code>
- * $config = array(
- * 'token_type' => 'bearer', // token type identifier
- * 'access_lifetime' => 3600, // time before access token expires
- * 'refresh_token_lifetime' => 1209600, // time before refresh token expires
- * );
- * </endcode>
+ * @param AccessTokenStorageInterface $tokenStorage - REQUIRED Storage class for saving access token information
+ * @param RefreshTokenInterface $refreshStorage - OPTIONAL Storage class for saving refresh token information
+ * @param array $config - OPTIONAL Configuration options for the server
+ * @code
+ * $config = array(
+ * 'token_type' => 'bearer', // token type identifier
+ * 'access_lifetime' => 3600, // time before access token expires
+ * 'refresh_token_lifetime' => 1209600, // time before refresh token expires
+ * );
+ * @endcode
*/
public function __construct(AccessTokenStorageInterface $tokenStorage, RefreshTokenInterface $refreshStorage = null, array $config = array())
{
@@ -39,6 +50,13 @@ class AccessToken implements AccessTokenInterface
), $config);
}
+ /**
+ * Get authorize response
+ *
+ * @param array $params
+ * @param mixed $user_id
+ * @return array
+ */
public function getAuthorizeResponse($params, $user_id = null)
{
// build the URL to redirect to
@@ -64,10 +82,11 @@ class AccessToken implements AccessTokenInterface
/**
* Handle the creation of access token, also issue refresh token if supported / desirable.
*
- * @param $client_id client identifier related to the access token.
- * @param $user_id user ID associated with the access token
- * @param $scope OPTIONAL scopes to be stored in space-separated string.
- * @param bool $includeRefreshToken if true, a new refresh_token will be added to the response
+ * @param mixed $client_id - client identifier related to the access token.
+ * @param mixed $user_id - user ID associated with the access token
+ * @param string $scope - OPTIONAL scopes to be stored in space-separated string.
+ * @param bool $includeRefreshToken - if true, a new refresh_token will be added to the response
+ * @return array
*
* @see http://tools.ietf.org/html/rfc6749#section-5
* @ingroup oauth2_section_5
@@ -107,13 +126,18 @@ class AccessToken implements AccessTokenInterface
* Implementing classes may want to override this function to implement
* other access token generation schemes.
*
- * @return
- * An unique access token.
+ * @return string - A unique access token.
*
* @ingroup oauth2_section_4
*/
protected function generateAccessToken()
{
+ if (function_exists('random_bytes')) {
+ $randomData = random_bytes(20);
+ if ($randomData !== false && strlen($randomData) === 20) {
+ return bin2hex($randomData);
+ }
+ }
if (function_exists('openssl_random_pseudo_bytes')) {
$randomData = openssl_random_pseudo_bytes(20);
if ($randomData !== false && strlen($randomData) === 20) {
@@ -144,8 +168,7 @@ class AccessToken implements AccessTokenInterface
* Implementing classes may want to override this function to implement
* other refresh token generation schemes.
*
- * @return
- * An unique refresh.
+ * @return string - A unique refresh token.
*
* @ingroup oauth2_section_4
* @see OAuth2::generateAccessToken()
@@ -162,6 +185,7 @@ class AccessToken implements AccessTokenInterface
*
* @param $token
* @param null $tokenTypeHint
+ * @throws RuntimeException
* @return boolean
*/
public function revokeToken($token, $tokenTypeHint = null)
@@ -174,7 +198,7 @@ class AccessToken implements AccessTokenInterface
/** @TODO remove in v2 */
if (!method_exists($this->tokenStorage, 'unsetAccessToken')) {
- throw new \RuntimeException(
+ throw new RuntimeException(
sprintf('Token storage %s must implement unsetAccessToken method', get_class($this->tokenStorage)
));
}
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AccessTokenInterface.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AccessTokenInterface.php
index 4bd3928d8..0e576df52 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AccessTokenInterface.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AccessTokenInterface.php
@@ -3,7 +3,6 @@
namespace OAuth2\ResponseType;
/**
- *
* @author Brent Shaffer <bshafs at gmail dot com>
*/
interface AccessTokenInterface extends ResponseTypeInterface
@@ -11,10 +10,10 @@ interface AccessTokenInterface extends ResponseTypeInterface
/**
* Handle the creation of access token, also issue refresh token if supported / desirable.
*
- * @param $client_id client identifier related to the access token.
- * @param $user_id user ID associated with the access token
- * @param $scope OPTONAL scopes to be stored in space-separated string.
- * @param bool $includeRefreshToken if true, a new refresh_token will be added to the response
+ * @param mixed $client_id - client identifier related to the access token.
+ * @param mixed $user_id - user ID associated with the access token
+ * @param string $scope - OPTONAL scopes to be stored in space-separated string.
+ * @param bool $includeRefreshToken - if true, a new refresh_token will be added to the response
*
* @see http://tools.ietf.org/html/rfc6749#section-5
* @ingroup oauth2_section_5
@@ -31,4 +30,4 @@ interface AccessTokenInterface extends ResponseTypeInterface
* @todo v2.0 include this method in interface. Omitted to maintain BC in v1.x
*/
//public function revokeToken($token, $tokenTypeHint);
-}
+} \ No newline at end of file
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AuthorizationCode.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AuthorizationCode.php
index 52aeb4be5..b92c73cda 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AuthorizationCode.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AuthorizationCode.php
@@ -5,7 +5,6 @@ namespace OAuth2\ResponseType;
use OAuth2\Storage\AuthorizationCodeInterface as AuthorizationCodeStorageInterface;
/**
- *
* @author Brent Shaffer <bshafs at gmail dot com>
*/
class AuthorizationCode implements AuthorizationCodeInterface
@@ -85,7 +84,9 @@ class AuthorizationCode implements AuthorizationCodeInterface
protected function generateAuthorizationCode()
{
$tokenLen = 40;
- if (function_exists('openssl_random_pseudo_bytes')) {
+ if (function_exists('random_bytes')) {
+ $randomData = random_bytes(100);
+ } elseif (function_exists('openssl_random_pseudo_bytes')) {
$randomData = openssl_random_pseudo_bytes(100);
} elseif (function_exists('mcrypt_create_iv')) {
$randomData = mcrypt_create_iv(100, MCRYPT_DEV_URANDOM);
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AuthorizationCodeInterface.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AuthorizationCodeInterface.php
index df777e221..4f0a29df4 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AuthorizationCodeInterface.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AuthorizationCodeInterface.php
@@ -3,7 +3,6 @@
namespace OAuth2\ResponseType;
/**
- *
* @author Brent Shaffer <bshafs at gmail dot com>
*/
interface AuthorizationCodeInterface extends ResponseTypeInterface
@@ -17,11 +16,12 @@ interface AuthorizationCodeInterface extends ResponseTypeInterface
/**
* Handle the creation of the authorization code.
*
- * @param $client_id client identifier related to the authorization code
- * @param $user_id user id associated with the authorization code
- * @param $redirect_uri an absolute URI to which the authorization server will redirect the
- * user-agent to when the end-user authorization step is completed.
- * @param $scope OPTIONAL scopes to be stored in space-separated string.
+ * @param mixed $client_id - Client identifier related to the authorization code
+ * @param mixed $user_id - User ID associated with the authorization code
+ * @param string $redirect_uri - An absolute URI to which the authorization server will redirect the
+ * user-agent to when the end-user authorization step is completed.
+ * @param string $scope - OPTIONAL Scopes to be stored in space-separated string.
+ * @return string
*
* @see http://tools.ietf.org/html/rfc6749#section-4
* @ingroup oauth2_section_4
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/JwtAccessToken.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/JwtAccessToken.php
index 3942fe41e..0af9705ff 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/JwtAccessToken.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/JwtAccessToken.php
@@ -10,7 +10,6 @@ use OAuth2\Storage\PublicKeyInterface;
use OAuth2\Storage\Memory;
/**
- *
* @author Brent Shaffer <bshafs at gmail dot com>
*/
class JwtAccessToken extends AccessToken
@@ -19,10 +18,13 @@ class JwtAccessToken extends AccessToken
protected $encryptionUtil;
/**
- * @param $config
- * - store_encrypted_token_string (bool true)
- * whether the entire encrypted string is stored,
- * or just the token ID is stored
+ * @param PublicKeyInterface $publicKeyStorage -
+ * @param AccessTokenStorageInterface $tokenStorage -
+ * @param RefreshTokenInterface $refreshStorage -
+ * @param array $config - array with key store_encrypted_token_string (bool true)
+ * whether the entire encrypted string is stored,
+ * or just the token ID is stored
+ * @param EncryptionInterface $encryptionUtil -
*/
public function __construct(PublicKeyInterface $publicKeyStorage = null, AccessTokenStorageInterface $tokenStorage = null, RefreshTokenInterface $refreshStorage = null, array $config = array(), EncryptionInterface $encryptionUtil = null)
{
@@ -45,46 +47,31 @@ class JwtAccessToken extends AccessToken
/**
* Handle the creation of access token, also issue refresh token if supported / desirable.
*
- * @param $client_id
- * Client identifier related to the access token.
- * @param $user_id
- * User ID associated with the access token
- * @param $scope
- * (optional) Scopes to be stored in space-separated string.
- * @param bool $includeRefreshToken
- * If true, a new refresh_token will be added to the response
+ * @param mixed $client_id - Client identifier related to the access token.
+ * @param mixed $user_id - User ID associated with the access token
+ * @param string $scope - (optional) Scopes to be stored in space-separated string.
+ * @param bool $includeRefreshToken - If true, a new refresh_token will be added to the response
+ * @return array - The access token
*
* @see http://tools.ietf.org/html/rfc6749#section-5
* @ingroup oauth2_section_5
*/
public function createAccessToken($client_id, $user_id, $scope = null, $includeRefreshToken = true)
{
- // token to encrypt
- $expires = time() + $this->config['access_lifetime'];
- $id = $this->generateAccessToken();
- $jwtAccessToken = array(
- 'id' => $id, // for BC (see #591)
- 'jti' => $id,
- 'iss' => $this->config['issuer'],
- 'aud' => $client_id,
- 'sub' => $user_id,
- 'exp' => $expires,
- 'iat' => time(),
- 'token_type' => $this->config['token_type'],
- 'scope' => $scope
- );
+ // payload to encrypt
+ $payload = $this->createPayload($client_id, $user_id, $scope);
/*
- * Encode the token data into a single access_token string
+ * Encode the payload data into a single JWT access_token string
*/
- $access_token = $this->encodeToken($jwtAccessToken, $client_id);
+ $access_token = $this->encodeToken($payload, $client_id);
/*
* Save the token to a secondary storage. This is implemented on the
* OAuth2\Storage\JwtAccessToken side, and will not actually store anything,
* if no secondary storage has been supplied
*/
- $token_to_store = $this->config['store_encrypted_token_string'] ? $access_token : $jwtAccessToken['id'];
+ $token_to_store = $this->config['store_encrypted_token_string'] ? $access_token : $payload['id'];
$this->tokenStorage->setAccessToken($token_to_store, $client_id, $user_id, $this->config['access_lifetime'] ? time() + $this->config['access_lifetime'] : null, $scope);
// token to return to the client
@@ -114,6 +101,11 @@ class JwtAccessToken extends AccessToken
return $token;
}
+ /**
+ * @param array $token
+ * @param mixed $client_id
+ * @return mixed
+ */
protected function encodeToken(array $token, $client_id = null)
{
$private_key = $this->publicKeyStorage->getPrivateKey($client_id);
@@ -121,4 +113,31 @@ class JwtAccessToken extends AccessToken
return $this->encryptionUtil->encode($token, $private_key, $algorithm);
}
+
+ /**
+ * This function can be used to create custom JWT payloads
+ *
+ * @param mixed $client_id - Client identifier related to the access token.
+ * @param mixed $user_id - User ID associated with the access token
+ * @param string $scope - (optional) Scopes to be stored in space-separated string.
+ * @return array - The access token
+ */
+ protected function createPayload($client_id, $user_id, $scope = null)
+ {
+ // token to encrypt
+ $expires = time() + $this->config['access_lifetime'];
+ $id = $this->generateAccessToken();
+
+ return array(
+ 'id' => $id, // for BC (see #591)
+ 'jti' => $id,
+ 'iss' => $this->config['issuer'],
+ 'aud' => $client_id,
+ 'sub' => $user_id,
+ 'exp' => $expires,
+ 'iat' => time(),
+ 'token_type' => $this->config['token_type'],
+ 'scope' => $scope
+ );
+ }
}
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/ResponseTypeInterface.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/ResponseTypeInterface.php
index f8e26a5b0..a27156580 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/ResponseTypeInterface.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/ResponseTypeInterface.php
@@ -4,5 +4,10 @@ namespace OAuth2\ResponseType;
interface ResponseTypeInterface
{
+ /**
+ * @param array $params
+ * @param mixed $user_id
+ * @return mixed
+ */
public function getAuthorizeResponse($params, $user_id = null);
}
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Scope.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Scope.php
index c44350bfd..3ba6e5328 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Scope.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Scope.php
@@ -2,19 +2,23 @@
namespace OAuth2;
+use InvalidArgumentException;
use OAuth2\Storage\Memory;
use OAuth2\Storage\ScopeInterface as ScopeStorageInterface;
/**
-* @see OAuth2\ScopeInterface
+* @see ScopeInterface
*/
class Scope implements ScopeInterface
{
protected $storage;
/**
- * @param mixed @storage
- * Either an array of supported scopes, or an instance of OAuth2\Storage\ScopeInterface
+ * Constructor
+ *
+ * @param mixed $storage - Either an array of supported scopes, or an instance of OAuth2\Storage\ScopeInterface
+ *
+ * @throws InvalidArgumentException
*/
public function __construct($storage = null)
{
@@ -23,7 +27,7 @@ class Scope implements ScopeInterface
}
if (!$storage instanceof ScopeStorageInterface) {
- throw new \InvalidArgumentException("Argument 1 to OAuth2\Scope must be null, an array, or instance of OAuth2\Storage\ScopeInterface");
+ throw new InvalidArgumentException("Argument 1 to OAuth2\Scope must be null, an array, or instance of OAuth2\Storage\ScopeInterface");
}
$this->storage = $storage;
@@ -32,12 +36,10 @@ class Scope implements ScopeInterface
/**
* Check if everything in required scope is contained in available scope.
*
- * @param $required_scope
- * A space-separated string of scopes.
- *
- * @return
- * TRUE if everything in required scope is contained in available scope,
- * and FALSE if it isn't.
+ * @param string $required_scope - A space-separated string of scopes.
+ * @param string $available_scope - A space-separated string of scopes.
+ * @return bool - TRUE if everything in required scope is contained in available scope and FALSE
+ * if it isn't.
*
* @see http://tools.ietf.org/html/rfc6749#section-7
*
@@ -54,11 +56,8 @@ class Scope implements ScopeInterface
/**
* Check if the provided scope exists in storage.
*
- * @param $scope
- * A space-separated string of scopes.
- *
- * @return
- * TRUE if it exists, FALSE otherwise.
+ * @param string $scope - A space-separated string of scopes.
+ * @return bool - TRUE if it exists, FALSE otherwise.
*/
public function scopeExists($scope)
{
@@ -76,12 +75,20 @@ class Scope implements ScopeInterface
}
}
+ /**
+ * @param RequestInterface $request
+ * @return string
+ */
public function getScopeFromRequest(RequestInterface $request)
{
// "scope" is valid if passed in either POST or QUERY
return $request->request('scope', $request->query('scope'));
}
+ /**
+ * @param null $client_id
+ * @return mixed
+ */
public function getDefaultScope($client_id = null)
{
return $this->storage->getDefaultScope($client_id);
@@ -93,8 +100,7 @@ class Scope implements ScopeInterface
* In case OpenID Connect is used, these scopes must include:
* 'openid', offline_access'.
*
- * @return
- * An array of reserved scopes.
+ * @return array - An array of reserved scopes.
*/
public function getReservedScopes()
{
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/ScopeInterface.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/ScopeInterface.php
index 5b60f9aee..f65cfa7bd 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/ScopeInterface.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/ScopeInterface.php
@@ -7,19 +7,17 @@ use OAuth2\Storage\ScopeInterface as ScopeStorageInterface;
/**
* Class to handle scope implementation logic
*
- * @see OAuth2\Storage\ScopeInterface
+ * @see \OAuth2\Storage\ScopeInterface
*/
interface ScopeInterface extends ScopeStorageInterface
{
/**
* Check if everything in required scope is contained in available scope.
*
- * @param $required_scope
- * A space-separated string of scopes.
- *
- * @return
- * TRUE if everything in required scope is contained in available scope,
- * and FALSE if it isn't.
+ * @param string $required_scope - A space-separated string of scopes.
+ * @param string $available_scope - A space-separated string of scopes.
+ * @return boolean - TRUE if everything in required scope is contained in available scope and FALSE
+ * if it isn't.
*
* @see http://tools.ietf.org/html/rfc6749#section-7
*
@@ -30,11 +28,8 @@ interface ScopeInterface extends ScopeStorageInterface
/**
* Return scope info from request
*
- * @param OAuth2\RequestInterface
- * Request object to check
- *
- * @return
- * string representation of requested scope
+ * @param RequestInterface $request - Request object to check
+ * @return string - representation of requested scope
*/
public function getScopeFromRequest(RequestInterface $request);
}
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Server.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Server.php
index 9cfcb83a5..62ae8970d 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Server.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Server.php
@@ -30,25 +30,28 @@ use OAuth2\GrantType\UserCredentials;
use OAuth2\GrantType\ClientCredentials;
use OAuth2\GrantType\RefreshToken;
use OAuth2\GrantType\AuthorizationCode;
+use OAuth2\Storage\ClientCredentialsInterface;
+use OAuth2\Storage\ClientInterface;
use OAuth2\Storage\JwtAccessToken as JwtAccessTokenStorage;
use OAuth2\Storage\JwtAccessTokenInterface;
+use InvalidArgumentException;
+use LogicException;
/**
* Server class for OAuth2
* This class serves as a convience class which wraps the other Controller classes
*
-* @see OAuth2\Controller\ResourceController
-* @see OAuth2\Controller\AuthorizeController
-* @see OAuth2\Controller\TokenController
+* @see \OAuth2\Controller\ResourceController
+* @see \OAuth2\Controller\AuthorizeController
+* @see \OAuth2\Controller\TokenController
*/
class Server implements ResourceControllerInterface,
AuthorizeControllerInterface,
TokenControllerInterface,
UserInfoControllerInterface
{
- // misc properties
/**
- * @var Response
+ * @var ResponseInterface
*/
protected $response;
@@ -62,7 +65,6 @@ class Server implements ResourceControllerInterface,
*/
protected $storages;
- // servers
/**
* @var AuthorizeControllerInterface
*/
@@ -83,17 +85,34 @@ class Server implements ResourceControllerInterface,
*/
protected $userInfoController;
- // config classes
- protected $grantTypes;
- protected $responseTypes;
+ /**
+ * @var array
+ */
+ protected $grantTypes = [];
+
+ /**
+ * @var array
+ */
+ protected $responseTypes = [];
+
+ /**
+ * @var TokenTypeInterface
+ */
protected $tokenType;
/**
* @var ScopeInterface
*/
protected $scopeUtil;
+
+ /**
+ * @var ClientAssertionTypeInterface
+ */
protected $clientAssertionType;
+ /**
+ * @var array
+ */
protected $storageMap = array(
'access_token' => 'OAuth2\Storage\AccessTokenInterface',
'authorization_code' => 'OAuth2\Storage\AuthorizationCodeInterface',
@@ -107,6 +126,9 @@ class Server implements ResourceControllerInterface,
'scope' => 'OAuth2\Storage\ScopeInterface',
);
+ /**
+ * @var array
+ */
protected $responseTypeMap = array(
'token' => 'OAuth2\ResponseType\AccessTokenInterface',
'code' => 'OAuth2\ResponseType\AuthorizationCodeInterface',
@@ -116,15 +138,15 @@ class Server implements ResourceControllerInterface,
);
/**
- * @param mixed $storage (array or OAuth2\Storage) - single object or array of objects implementing the
- * required storage types (ClientCredentialsInterface and AccessTokenInterface as a minimum)
- * @param array $config specify a different token lifetime, token header name, etc
- * @param array $grantTypes An array of OAuth2\GrantType\GrantTypeInterface to use for granting access tokens
- * @param array $responseTypes Response types to use. array keys should be "code" and and "token" for
- * Access Token and Authorization Code response types
- * @param \OAuth2\TokenType\TokenTypeInterface $tokenType The token type object to use. Valid token types are "bearer" and "mac"
- * @param \OAuth2\ScopeInterface $scopeUtil The scope utility class to use to validate scope
- * @param \OAuth2\ClientAssertionType\ClientAssertionTypeInterface $clientAssertionType The method in which to verify the client identity. Default is HttpBasic
+ * @param mixed $storage (array or OAuth2\Storage) - single object or array of objects implementing the
+ * required storage types (ClientCredentialsInterface and AccessTokenInterface as a minimum)
+ * @param array $config specify a different token lifetime, token header name, etc
+ * @param array $grantTypes An array of OAuth2\GrantType\GrantTypeInterface to use for granting access tokens
+ * @param array $responseTypes Response types to use. array keys should be "code" and "token" for
+ * Access Token and Authorization Code response types
+ * @param TokenTypeInterface $tokenType The token type object to use. Valid token types are "bearer" and "mac"
+ * @param ScopeInterface $scopeUtil The scope utility class to use to validate scope
+ * @param ClientAssertionTypeInterface $clientAssertionType The method in which to verify the client identity. Default is HttpBasic
*
* @ingroup oauth2_section_7
*/
@@ -172,6 +194,9 @@ class Server implements ResourceControllerInterface,
}
}
+ /**
+ * @return AuthorizeControllerInterface
+ */
public function getAuthorizeController()
{
if (is_null($this->authorizeController)) {
@@ -181,6 +206,9 @@ class Server implements ResourceControllerInterface,
return $this->authorizeController;
}
+ /**
+ * @return TokenController
+ */
public function getTokenController()
{
if (is_null($this->tokenController)) {
@@ -190,6 +218,9 @@ class Server implements ResourceControllerInterface,
return $this->tokenController;
}
+ /**
+ * @return ResourceControllerInterface
+ */
public function getResourceController()
{
if (is_null($this->resourceController)) {
@@ -199,6 +230,9 @@ class Server implements ResourceControllerInterface,
return $this->resourceController;
}
+ /**
+ * @return UserInfoControllerInterface
+ */
public function getUserInfoController()
{
if (is_null($this->userInfoController)) {
@@ -209,8 +243,6 @@ class Server implements ResourceControllerInterface,
}
/**
- * every getter deserves a setter
- *
* @param AuthorizeControllerInterface $authorizeController
*/
public function setAuthorizeController(AuthorizeControllerInterface $authorizeController)
@@ -219,8 +251,6 @@ class Server implements ResourceControllerInterface,
}
/**
- * every getter deserves a setter
- *
* @param TokenControllerInterface $tokenController
*/
public function setTokenController(TokenControllerInterface $tokenController)
@@ -229,8 +259,6 @@ class Server implements ResourceControllerInterface,
}
/**
- * every getter deserves a setter
- *
* @param ResourceControllerInterface $resourceController
*/
public function setResourceController(ResourceControllerInterface $resourceController)
@@ -239,8 +267,6 @@ class Server implements ResourceControllerInterface,
}
/**
- * every getter deserves a setter
- *
* @param UserInfoControllerInterface $userInfoController
*/
public function setUserInfoController(UserInfoControllerInterface $userInfoController)
@@ -252,12 +278,8 @@ class Server implements ResourceControllerInterface,
* Return claims about the authenticated end-user.
* This would be called from the "/UserInfo" endpoint as defined in the spec.
*
- * @param $request - \OAuth2\RequestInterface
- * Request object to grant access token
- *
- * @param $response - \OAuth2\ResponseInterface
- * Response object containing error messages (failure) or user claims (success)
- *
+ * @param RequestInterface $request - Request object to grant access token
+ * @param ResponseInterface $response - Response object containing error messages (failure) or user claims (success)
* @return ResponseInterface
*
* @throws \InvalidArgumentException
@@ -278,12 +300,8 @@ class Server implements ResourceControllerInterface,
* This would be called from the "/token" endpoint as defined in the spec.
* Obviously, you can call your endpoint whatever you want.
*
- * @param $request - \OAuth2\RequestInterface
- * Request object to grant access token
- *
- * @param $response - \OAuth2\ResponseInterface
- * Response object containing error messages (failure) or access token (success)
- *
+ * @param RequestInterface $request - Request object to grant access token
+ * @param ResponseInterface $response - Response object containing error messages (failure) or access token (success)
* @return ResponseInterface
*
* @throws \InvalidArgumentException
@@ -303,6 +321,11 @@ class Server implements ResourceControllerInterface,
return $this->response;
}
+ /**
+ * @param RequestInterface $request - Request object to grant access token
+ * @param ResponseInterface $response - Response object
+ * @return mixed
+ */
public function grantAccessToken(RequestInterface $request, ResponseInterface $response = null)
{
$this->response = is_null($response) ? new Response() : $response;
@@ -336,25 +359,18 @@ class Server implements ResourceControllerInterface,
* authorization server should call this function to redirect the user
* appropriately.
*
- * @param $request
- * The request should have the follow parameters set in the querystring:
- * - response_type: The requested response: an access token, an
- * authorization code, or both.
+ * @param RequestInterface $request - The request should have the follow parameters set in the querystring:
+ * - response_type: The requested response: an access token, an authorization code, or both.
* - client_id: The client identifier as described in Section 2.
- * - redirect_uri: An absolute URI to which the authorization server
- * will redirect the user-agent to when the end-user authorization
- * step is completed.
- * - scope: (optional) The scope of the resource request expressed as a
- * list of space-delimited strings.
- * - state: (optional) An opaque value used by the client to maintain
- * state between the request and callback.
- * @param ResponseInterface $response
- * @param $is_authorized
- * TRUE or FALSE depending on whether the user authorized the access.
- * @param $user_id
- * Identifier of user who authorized the client
+ * - redirect_uri: An absolute URI to which the authorization server will redirect the user-agent to when the
+ * end-user authorization step is completed.
+ * - scope: (optional) The scope of the resource request expressed as a list of space-delimited strings.
+ * - state: (optional) An opaque value used by the client to maintain state between the request and callback.
*
- * @return Response
+ * @param ResponseInterface $response - Response object
+ * @param bool $is_authorized - TRUE or FALSE depending on whether the user authorized the access.
+ * @param mixed $user_id - Identifier of user who authorized the client
+ * @return ResponseInterface
*
* @see http://tools.ietf.org/html/rfc6749#section-4
*
@@ -371,14 +387,17 @@ class Server implements ResourceControllerInterface,
/**
* Pull the authorization request data out of the HTTP request.
* - The redirect_uri is OPTIONAL as per draft 20. But your implementation can enforce it
- * by setting $config['enforce_redirect'] to true.
+ * by setting $config['enforce_redirect'] to true.
* - The state is OPTIONAL but recommended to enforce CSRF. Draft 21 states, however, that
- * CSRF protection is MANDATORY. You can enforce this by setting the $config['enforce_state'] to true.
+ * CSRF protection is MANDATORY. You can enforce this by setting the $config['enforce_state'] to true.
*
* The draft specifies that the parameters should be retrieved from GET, override the Response
* object to change this
*
- * @return
+ * @param RequestInterface $request - Request object
+ * @param ResponseInterface $response - Response object
+ * @return bool
+ *
* The authorization parameters so the authorization server can prompt
* the user for approval if valid.
*
@@ -395,6 +414,12 @@ class Server implements ResourceControllerInterface,
return $value;
}
+ /**
+ * @param RequestInterface $request - Request object
+ * @param ResponseInterface $response - Response object
+ * @param string $scope - Scope
+ * @return mixed
+ */
public function verifyResourceRequest(RequestInterface $request, ResponseInterface $response = null, $scope = null)
{
$this->response = is_null($response) ? new Response() : $response;
@@ -403,6 +428,11 @@ class Server implements ResourceControllerInterface,
return $value;
}
+ /**
+ * @param RequestInterface $request - Request object
+ * @param ResponseInterface $response - Response object
+ * @return mixed
+ */
public function getAccessTokenData(RequestInterface $request, ResponseInterface $response = null)
{
$this->response = is_null($response) ? new Response() : $response;
@@ -411,10 +441,14 @@ class Server implements ResourceControllerInterface,
return $value;
}
+ /**
+ * @param GrantTypeInterface $grantType
+ * @param mixed $identifier
+ */
public function addGrantType(GrantTypeInterface $grantType, $identifier = null)
{
if (!is_string($identifier)) {
- $identifier = $grantType->getQuerystringIdentifier();
+ $identifier = $grantType->getQueryStringIdentifier();
}
$this->grantTypes[$identifier] = $grantType;
@@ -428,11 +462,10 @@ class Server implements ResourceControllerInterface,
/**
* Set a storage object for the server
*
- * @param $storage
- * An object implementing one of the Storage interfaces
- * @param $key
- * If null, the storage is set to the key of each storage interface it implements
+ * @param object $storage - An object implementing one of the Storage interfaces
+ * @param mixed $key - If null, the storage is set to the key of each storage interface it implements
*
+ * @throws InvalidArgumentException
* @see storageMap
*/
public function addStorage($storage, $key = null)
@@ -446,11 +479,11 @@ class Server implements ResourceControllerInterface,
// special logic to handle "client" and "client_credentials" strangeness
if ($key === 'client' && !isset($this->storages['client_credentials'])) {
- if ($storage instanceof \OAuth2\Storage\ClientCredentialsInterface) {
+ if ($storage instanceof ClientCredentialsInterface) {
$this->storages['client_credentials'] = $storage;
}
} elseif ($key === 'client_credentials' && !isset($this->storages['client'])) {
- if ($storage instanceof \OAuth2\Storage\ClientInterface) {
+ if ($storage instanceof ClientInterface) {
$this->storages['client'] = $storage;
}
}
@@ -471,6 +504,12 @@ class Server implements ResourceControllerInterface,
}
}
+ /**
+ * @param ResponseTypeInterface $responseType
+ * @param mixed $key
+ *
+ * @throws InvalidArgumentException
+ */
public function addResponseType(ResponseTypeInterface $responseType, $key = null)
{
$key = $this->normalizeResponseType($key);
@@ -497,6 +536,9 @@ class Server implements ResourceControllerInterface,
}
}
+ /**
+ * @return ScopeInterface
+ */
public function getScopeUtil()
{
if (!$this->scopeUtil) {
@@ -508,8 +550,6 @@ class Server implements ResourceControllerInterface,
}
/**
- * every getter deserves a setter
- *
* @param ScopeInterface $scopeUtil
*/
public function setScopeUtil($scopeUtil)
@@ -517,6 +557,10 @@ class Server implements ResourceControllerInterface,
$this->scopeUtil = $scopeUtil;
}
+ /**
+ * @return AuthorizeControllerInterface
+ * @throws LogicException
+ */
protected function createDefaultAuthorizeController()
{
if (!isset($this->storages['client'])) {
@@ -541,6 +585,10 @@ class Server implements ResourceControllerInterface,
return new AuthorizeController($this->storages['client'], $this->responseTypes, $config, $this->getScopeUtil());
}
+ /**
+ * @return TokenControllerInterface
+ * @throws LogicException
+ */
protected function createDefaultTokenController()
{
if (0 == count($this->grantTypes)) {
@@ -562,7 +610,7 @@ class Server implements ResourceControllerInterface,
}
if (!isset($this->storages['client'])) {
- throw new \LogicException('You must supply a storage object implementing OAuth2\Storage\ClientInterface to use the token server');
+ throw new LogicException("You must supply a storage object implementing OAuth2\Storage\ClientInterface to use the token server");
}
$accessTokenResponseType = $this->getAccessTokenResponseType();
@@ -570,6 +618,10 @@ class Server implements ResourceControllerInterface,
return new TokenController($accessTokenResponseType, $this->storages['client'], $this->grantTypes, $this->clientAssertionType, $this->getScopeUtil());
}
+ /**
+ * @return ResourceControllerInterface
+ * @throws LogicException
+ */
protected function createDefaultResourceController()
{
if ($this->config['use_jwt_access_tokens']) {
@@ -590,6 +642,10 @@ class Server implements ResourceControllerInterface,
return new ResourceController($this->tokenType, $this->storages['access_token'], $config, $this->getScopeUtil());
}
+ /**
+ * @return UserInfoControllerInterface
+ * @throws LogicException
+ */
protected function createDefaultUserInfoController()
{
if ($this->config['use_jwt_access_tokens']) {
@@ -614,6 +670,9 @@ class Server implements ResourceControllerInterface,
return new UserInfoController($this->tokenType, $this->storages['access_token'], $this->storages['user_claims'], $config, $this->getScopeUtil());
}
+ /**
+ * @return Bearer
+ */
protected function getDefaultTokenType()
{
$config = array_intersect_key($this->config, array_flip(explode(' ', 'token_param_name token_bearer_header_name')));
@@ -621,6 +680,10 @@ class Server implements ResourceControllerInterface,
return new Bearer($config);
}
+ /**
+ * @return array
+ * @throws LogicException
+ */
protected function getDefaultResponseTypes()
{
$responseTypes = array();
@@ -656,6 +719,10 @@ class Server implements ResourceControllerInterface,
return $responseTypes;
}
+ /**
+ * @return array
+ * @throws LogicException
+ */
protected function getDefaultGrantTypes()
{
$grantTypes = array();
@@ -692,6 +759,9 @@ class Server implements ResourceControllerInterface,
return $grantTypes;
}
+ /**
+ * @return AccessToken
+ */
protected function getAccessTokenResponseType()
{
if (isset($this->responseTypes['token'])) {
@@ -705,6 +775,9 @@ class Server implements ResourceControllerInterface,
return $this->createDefaultAccessTokenResponseType();
}
+ /**
+ * @return IdToken
+ */
protected function getIdTokenResponseType()
{
if (isset($this->responseTypes['id_token'])) {
@@ -714,6 +787,9 @@ class Server implements ResourceControllerInterface,
return $this->createDefaultIdTokenResponseType();
}
+ /**
+ * @return IdTokenToken
+ */
protected function getIdTokenTokenResponseType()
{
if (isset($this->responseTypes['id_token token'])) {
@@ -725,6 +801,9 @@ class Server implements ResourceControllerInterface,
/**
* For Resource Controller
+ *
+ * @return JwtAccessTokenStorage
+ * @throws LogicException
*/
protected function createDefaultJwtAccessTokenStorage()
{
@@ -741,6 +820,9 @@ class Server implements ResourceControllerInterface,
/**
* For Authorize and Token Controllers
+ *
+ * @return JwtAccessToken
+ * @throws LogicException
*/
protected function createDefaultJwtAccessTokenResponseType()
{
@@ -763,10 +845,14 @@ class Server implements ResourceControllerInterface,
return new JwtAccessToken($this->storages['public_key'], $tokenStorage, $refreshStorage, $config);
}
+ /**
+ * @return AccessToken
+ * @throws LogicException
+ */
protected function createDefaultAccessTokenResponseType()
{
if (!isset($this->storages['access_token'])) {
- throw new \LogicException('You must supply a response type implementing OAuth2\ResponseType\AccessTokenInterface, or a storage object implementing OAuth2\Storage\AccessTokenInterface to use the token server');
+ throw new LogicException("You must supply a response type implementing OAuth2\ResponseType\AccessTokenInterface, or a storage object implementing OAuth2\Storage\AccessTokenInterface to use the token server");
}
$refreshStorage = null;
@@ -780,13 +866,17 @@ class Server implements ResourceControllerInterface,
return new AccessToken($this->storages['access_token'], $refreshStorage, $config);
}
+ /**
+ * @return IdToken
+ * @throws LogicException
+ */
protected function createDefaultIdTokenResponseType()
{
if (!isset($this->storages['user_claims'])) {
- throw new \LogicException('You must supply a storage object implementing OAuth2\OpenID\Storage\UserClaimsInterface to use openid connect');
+ throw new LogicException("You must supply a storage object implementing OAuth2\OpenID\Storage\UserClaimsInterface to use openid connect");
}
if (!isset($this->storages['public_key'])) {
- throw new \LogicException('You must supply a storage object implementing OAuth2\Storage\PublicKeyInterface to use openid connect');
+ throw new LogicException("You must supply a storage object implementing OAuth2\Storage\PublicKeyInterface to use openid connect");
}
$config = array_intersect_key($this->config, array_flip(explode(' ', 'issuer id_lifetime')));
@@ -794,11 +884,17 @@ class Server implements ResourceControllerInterface,
return new IdToken($this->storages['user_claims'], $this->storages['public_key'], $config);
}
+ /**
+ * @return IdTokenToken
+ */
protected function createDefaultIdTokenTokenResponseType()
{
return new IdTokenToken($this->getAccessTokenResponseType(), $this->getIdTokenResponseType());
}
+ /**
+ * @throws InvalidArgumentException
+ */
protected function validateOpenIdConnect()
{
$authCodeGrant = $this->getGrantType('authorization_code');
@@ -807,6 +903,10 @@ class Server implements ResourceControllerInterface,
}
}
+ /**
+ * @param string $name
+ * @return string
+ */
protected function normalizeResponseType($name)
{
// for multiple-valued response types - make them alphabetical
@@ -819,36 +919,60 @@ class Server implements ResourceControllerInterface,
return $name;
}
+ /**
+ * @return mixed
+ */
public function getResponse()
{
return $this->response;
}
+ /**
+ * @return array
+ */
public function getStorages()
{
return $this->storages;
}
+ /**
+ * @param string $name
+ * @return object|null
+ */
public function getStorage($name)
{
return isset($this->storages[$name]) ? $this->storages[$name] : null;
}
+ /**
+ * @return array
+ */
public function getGrantTypes()
{
return $this->grantTypes;
}
+ /**
+ * @param string $name
+ * @return object|null
+ */
public function getGrantType($name)
{
return isset($this->grantTypes[$name]) ? $this->grantTypes[$name] : null;
}
+ /**
+ * @return array
+ */
public function getResponseTypes()
{
return $this->responseTypes;
}
+ /**
+ * @param string $name
+ * @return object|null
+ */
public function getResponseType($name)
{
// for multiple-valued response types - make them alphabetical
@@ -857,23 +981,38 @@ class Server implements ResourceControllerInterface,
return isset($this->responseTypes[$name]) ? $this->responseTypes[$name] : null;
}
+ /**
+ * @return TokenTypeInterface
+ */
public function getTokenType()
{
return $this->tokenType;
}
+ /**
+ * @return ClientAssertionTypeInterface
+ */
public function getClientAssertionType()
{
return $this->clientAssertionType;
}
+ /**
+ * @param string $name
+ * @param mixed $value
+ */
public function setConfig($name, $value)
{
$this->config[$name] = $value;
}
+ /**
+ * @param string $name
+ * @param mixed $default
+ * @return mixed
+ */
public function getConfig($name, $default = null)
{
return isset($this->config[$name]) ? $this->config[$name] : $default;
}
-}
+} \ No newline at end of file
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/AccessTokenInterface.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/AccessTokenInterface.php
index 1819158af..22428f2c8 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/AccessTokenInterface.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/AccessTokenInterface.php
@@ -15,17 +15,18 @@ interface AccessTokenInterface
*
* We need to retrieve access token data as we create and verify tokens.
*
- * @param $oauth_token
- * oauth_token to be check with.
+ * @param string $oauth_token - oauth_token to be check with.
*
- * @return
- * An associative array as below, and return NULL if the supplied oauth_token
- * is invalid:
- * - expires: Stored expiration in unix timestamp.
- * - client_id: (optional) Stored client identifier.
- * - user_id: (optional) Stored user identifier.
- * - scope: (optional) Stored scope values in space-separated string.
- * - id_token: (optional) Stored id_token (if "use_openid_connect" is true).
+ * @return array|null - An associative array as below, and return NULL if the supplied oauth_token is invalid:
+ * @code
+ * array(
+ * 'expires' => $expires, // Stored expiration in unix timestamp.
+ * 'client_id' => $client_id, // (optional) Stored client identifier.
+ * 'user_id' => $user_id, // (optional) Stored user identifier.
+ * 'scope' => $scope, // (optional) Stored scope values in space-separated string.
+ * 'id_token' => $id_token // (optional) Stored id_token (if "use_openid_connect" is true).
+ * );
+ * @endcode
*
* @ingroup oauth2_section_7
*/
@@ -36,11 +37,11 @@ interface AccessTokenInterface
*
* We need to store access token data as we create and verify tokens.
*
- * @param $oauth_token oauth_token to be stored.
- * @param $client_id client identifier to be stored.
- * @param $user_id user identifier to be stored.
- * @param int $expires expiration to be stored as a Unix timestamp.
- * @param string $scope OPTIONAL Scopes to be stored in space-separated string.
+ * @param string $oauth_token - oauth_token to be stored.
+ * @param mixed $client_id - client identifier to be stored.
+ * @param mixed $user_id - user identifier to be stored.
+ * @param int $expires - expiration to be stored as a Unix timestamp.
+ * @param string $scope - OPTIONAL Scopes to be stored in space-separated string.
*
* @ingroup oauth2_section_4
*/
@@ -61,4 +62,4 @@ interface AccessTokenInterface
* @todo v2.0 include this method in interface. Omitted to maintain BC in v1.x
*/
//public function unsetAccessToken($access_token);
-}
+} \ No newline at end of file
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/AuthorizationCodeInterface.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/AuthorizationCodeInterface.php
index edc7c70e5..2dbc138ac 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/AuthorizationCodeInterface.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/AuthorizationCodeInterface.php
@@ -59,12 +59,12 @@ interface AuthorizationCodeInterface
*
* Required for OAuth2::GRANT_TYPE_AUTH_CODE.
*
- * @param string $code Authorization code to be stored.
- * @param mixed $client_id Client identifier to be stored.
- * @param mixed $user_id User identifier to be stored.
- * @param string $redirect_uri Redirect URI(s) to be stored in a space-separated string.
- * @param int $expires Expiration to be stored as a Unix timestamp.
- * @param string $scope OPTIONAL Scopes to be stored in space-separated string.
+ * @param string $code - Authorization code to be stored.
+ * @param mixed $client_id - Client identifier to be stored.
+ * @param mixed $user_id - User identifier to be stored.
+ * @param string $redirect_uri - Redirect URI(s) to be stored in a space-separated string.
+ * @param int $expires - Expiration to be stored as a Unix timestamp.
+ * @param string $scope - OPTIONAL Scopes to be stored in space-separated string.
*
* @ingroup oauth2_section_4
*/
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Cassandra.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Cassandra.php
index c5048c08d..e60e9d3ad 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Cassandra.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Cassandra.php
@@ -7,24 +7,25 @@ use phpcassa\ColumnSlice;
use phpcassa\Connection\ConnectionPool;
use OAuth2\OpenID\Storage\UserClaimsInterface;
use OAuth2\OpenID\Storage\AuthorizationCodeInterface as OpenIDAuthorizationCodeInterface;
+use InvalidArgumentException;
/**
* Cassandra storage for all storage types
*
- * To use, install "thobbs/phpcassa" via composer
+ * To use, install "thobbs/phpcassa" via composer:
* <code>
- * composer require thobbs/phpcassa:dev-master
+ * composer require thobbs/phpcassa:dev-master
* </code>
*
- * Once this is done, instantiate the
+ * Once this is done, instantiate the connection:
* <code>
- * $cassandra = new \phpcassa\Connection\ConnectionPool('oauth2_server', array('127.0.0.1:9160'));
+ * $cassandra = new \phpcassa\Connection\ConnectionPool('oauth2_server', array('127.0.0.1:9160'));
* </code>
*
* Then, register the storage client:
* <code>
- * $storage = new OAuth2\Storage\Cassandra($cassandra);
- * $storage->setClientDetails($client_id, $client_secret, $redirect_uri);
+ * $storage = new OAuth2\Storage\Cassandra($cassandra);
+ * $storage->setClientDetails($client_id, $client_secret, $redirect_uri);
* </code>
*
* @see test/lib/OAuth2/Storage/Bootstrap::getCassandraStorage
@@ -43,17 +44,23 @@ class Cassandra implements AuthorizationCodeInterface,
private $cache;
- /* The cassandra client */
+ /**
+ * @var ConnectionPool
+ */
protected $cassandra;
- /* Configuration array */
+ /**
+ * @var array
+ */
protected $config;
/**
* Cassandra Storage! uses phpCassa
*
- * @param \phpcassa\ConnectionPool $cassandra
- * @param array $config
+ * @param ConnectionPool|array $connection
+ * @param array $config
+ *
+ * @throws InvalidArgumentException
*/
public function __construct($connection = array(), array $config = array())
{
@@ -61,7 +68,7 @@ class Cassandra implements AuthorizationCodeInterface,
$this->cassandra = $connection;
} else {
if (!is_array($connection)) {
- throw new \InvalidArgumentException('First argument to OAuth2\Storage\Cassandra must be an instance of phpcassa\Connection\ConnectionPool or a configuration array');
+ throw new InvalidArgumentException('First argument to OAuth2\Storage\Cassandra must be an instance of phpcassa\Connection\ConnectionPool or a configuration array');
}
$connection = array_merge(array(
'keyspace' => 'oauth2',
@@ -87,6 +94,10 @@ class Cassandra implements AuthorizationCodeInterface,
), $config);
}
+ /**
+ * @param $key
+ * @return bool|mixed
+ */
protected function getValue($key)
{
if (isset($this->cache[$key])) {
@@ -104,6 +115,12 @@ class Cassandra implements AuthorizationCodeInterface,
return json_decode($value, true);
}
+ /**
+ * @param $key
+ * @param $value
+ * @param int $expire
+ * @return bool
+ */
protected function setValue($key, $value, $expire = 0)
{
$this->cache[$key] = $value;
@@ -131,6 +148,10 @@ class Cassandra implements AuthorizationCodeInterface,
return true;
}
+ /**
+ * @param $key
+ * @return bool
+ */
protected function expireValue($key)
{
unset($this->cache[$key]);
@@ -151,12 +172,25 @@ class Cassandra implements AuthorizationCodeInterface,
return false;
}
- /* AuthorizationCodeInterface */
+ /**
+ * @param string $code
+ * @return bool|mixed
+ */
public function getAuthorizationCode($code)
{
return $this->getValue($this->config['code_key'] . $code);
}
+ /**
+ * @param string $authorization_code
+ * @param mixed $client_id
+ * @param mixed $user_id
+ * @param string $redirect_uri
+ * @param int $expires
+ * @param string $scope
+ * @param string $id_token
+ * @return bool
+ */
public function setAuthorizationCode($authorization_code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
{
return $this->setValue(
@@ -166,6 +200,10 @@ class Cassandra implements AuthorizationCodeInterface,
);
}
+ /**
+ * @param string $code
+ * @return bool
+ */
public function expireAuthorizationCode($code)
{
$key = $this->config['code_key'] . $code;
@@ -174,7 +212,11 @@ class Cassandra implements AuthorizationCodeInterface,
return $this->expireValue($key);
}
- /* UserCredentialsInterface */
+ /**
+ * @param string $username
+ * @param string $password
+ * @return bool
+ */
public function checkUserCredentials($username, $password)
{
if ($user = $this->getUser($username)) {
@@ -184,7 +226,13 @@ class Cassandra implements AuthorizationCodeInterface,
return false;
}
- // plaintext passwords are bad! Override this for your application
+ /**
+ * plaintext passwords are bad! Override this for your application
+ *
+ * @param array $user
+ * @param string $password
+ * @return bool
+ */
protected function checkPassword($user, $password)
{
return $user['password'] == $this->hashPassword($password);
@@ -196,11 +244,19 @@ class Cassandra implements AuthorizationCodeInterface,
return sha1($password);
}
+ /**
+ * @param string $username
+ * @return array|bool|false
+ */
public function getUserDetails($username)
{
return $this->getUser($username);
}
+ /**
+ * @param string $username
+ * @return array|bool
+ */
public function getUser($username)
{
if (!$userInfo = $this->getValue($this->config['user_key'] . $username)) {
@@ -213,6 +269,13 @@ class Cassandra implements AuthorizationCodeInterface,
), $userInfo);
}
+ /**
+ * @param string $username
+ * @param string $password
+ * @param string $first_name
+ * @param string $last_name
+ * @return bool
+ */
public function setUser($username, $password, $first_name = null, $last_name = null)
{
$password = $this->hashPassword($password);
@@ -223,7 +286,11 @@ class Cassandra implements AuthorizationCodeInterface,
);
}
- /* ClientCredentialsInterface */
+ /**
+ * @param mixed $client_id
+ * @param string $client_secret
+ * @return bool
+ */
public function checkClientCredentials($client_id, $client_secret = null)
{
if (!$client = $this->getClientDetails($client_id)) {
@@ -234,6 +301,10 @@ class Cassandra implements AuthorizationCodeInterface,
&& $client['client_secret'] == $client_secret;
}
+ /**
+ * @param $client_id
+ * @return bool
+ */
public function isPublicClient($client_id)
{
if (!$client = $this->getClientDetails($client_id)) {
@@ -243,12 +314,24 @@ class Cassandra implements AuthorizationCodeInterface,
return empty($client['client_secret']);
}
- /* ClientInterface */
+ /**
+ * @param $client_id
+ * @return array|bool|mixed
+ */
public function getClientDetails($client_id)
{
return $this->getValue($this->config['client_key'] . $client_id);
}
+ /**
+ * @param $client_id
+ * @param null $client_secret
+ * @param null $redirect_uri
+ * @param null $grant_types
+ * @param null $scope
+ * @param null $user_id
+ * @return bool
+ */
public function setClientDetails($client_id, $client_secret = null, $redirect_uri = null, $grant_types = null, $scope = null, $user_id = null)
{
return $this->setValue(
@@ -257,6 +340,11 @@ class Cassandra implements AuthorizationCodeInterface,
);
}
+ /**
+ * @param $client_id
+ * @param $grant_type
+ * @return bool
+ */
public function checkRestrictedGrantType($client_id, $grant_type)
{
$details = $this->getClientDetails($client_id);
@@ -270,12 +358,23 @@ class Cassandra implements AuthorizationCodeInterface,
return true;
}
- /* RefreshTokenInterface */
+ /**
+ * @param $refresh_token
+ * @return bool|mixed
+ */
public function getRefreshToken($refresh_token)
{
return $this->getValue($this->config['refresh_token_key'] . $refresh_token);
}
+ /**
+ * @param $refresh_token
+ * @param $client_id
+ * @param $user_id
+ * @param $expires
+ * @param null $scope
+ * @return bool
+ */
public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = null)
{
return $this->setValue(
@@ -285,17 +384,32 @@ class Cassandra implements AuthorizationCodeInterface,
);
}
+ /**
+ * @param $refresh_token
+ * @return bool
+ */
public function unsetRefreshToken($refresh_token)
{
return $this->expireValue($this->config['refresh_token_key'] . $refresh_token);
}
- /* AccessTokenInterface */
+ /**
+ * @param string $access_token
+ * @return array|bool|mixed|null
+ */
public function getAccessToken($access_token)
{
return $this->getValue($this->config['access_token_key'].$access_token);
}
+ /**
+ * @param string $access_token
+ * @param mixed $client_id
+ * @param mixed $user_id
+ * @param int $expires
+ * @param null $scope
+ * @return bool
+ */
public function setAccessToken($access_token, $client_id, $user_id, $expires, $scope = null)
{
return $this->setValue(
@@ -305,12 +419,19 @@ class Cassandra implements AuthorizationCodeInterface,
);
}
+ /**
+ * @param $access_token
+ * @return bool
+ */
public function unsetAccessToken($access_token)
{
return $this->expireValue($this->config['access_token_key'] . $access_token);
}
- /* ScopeInterface */
+ /**
+ * @param $scope
+ * @return bool
+ */
public function scopeExists($scope)
{
$scope = explode(' ', $scope);
@@ -322,6 +443,10 @@ class Cassandra implements AuthorizationCodeInterface,
return (count(array_diff($scope, $supportedScope)) == 0);
}
+ /**
+ * @param null $client_id
+ * @return bool|mixed
+ */
public function getDefaultScope($client_id = null)
{
if (is_null($client_id) || !$result = $this->getValue($this->config['scope_key'].'default:'.$client_id)) {
@@ -331,6 +456,13 @@ class Cassandra implements AuthorizationCodeInterface,
return $result;
}
+ /**
+ * @param $scope
+ * @param null $client_id
+ * @param string $type
+ * @return bool
+ * @throws \InvalidArgumentException
+ */
public function setScope($scope, $client_id = null, $type = 'supported')
{
if (!in_array($type, array('default', 'supported'))) {
@@ -346,7 +478,11 @@ class Cassandra implements AuthorizationCodeInterface,
return $this->setValue($key, $scope);
}
- /*JWTBearerInterface */
+ /**
+ * @param $client_id
+ * @param $subject
+ * @return bool|null
+ */
public function getClientKey($client_id, $subject)
{
if (!$jwt = $this->getValue($this->config['jwt_key'] . $client_id)) {
@@ -360,6 +496,12 @@ class Cassandra implements AuthorizationCodeInterface,
return null;
}
+ /**
+ * @param $client_id
+ * @param $key
+ * @param null $subject
+ * @return bool
+ */
public function setClientKey($client_id, $key, $subject = null)
{
return $this->setValue($this->config['jwt_key'] . $client_id, array(
@@ -368,7 +510,10 @@ class Cassandra implements AuthorizationCodeInterface,
));
}
- /*ScopeInterface */
+ /**
+ * @param $client_id
+ * @return bool|null
+ */
public function getClientScope($client_id)
{
if (!$clientDetails = $this->getClientDetails($client_id)) {
@@ -382,19 +527,38 @@ class Cassandra implements AuthorizationCodeInterface,
return null;
}
+ /**
+ * @param $client_id
+ * @param $subject
+ * @param $audience
+ * @param $expiration
+ * @param $jti
+ * @throws \Exception
+ */
public function getJti($client_id, $subject, $audience, $expiration, $jti)
{
//TODO: Needs cassandra implementation.
throw new \Exception('getJti() for the Cassandra driver is currently unimplemented.');
}
+ /**
+ * @param $client_id
+ * @param $subject
+ * @param $audience
+ * @param $expiration
+ * @param $jti
+ * @throws \Exception
+ */
public function setJti($client_id, $subject, $audience, $expiration, $jti)
{
//TODO: Needs cassandra implementation.
throw new \Exception('setJti() for the Cassandra driver is currently unimplemented.');
}
- /* PublicKeyInterface */
+ /**
+ * @param string $client_id
+ * @return mixed
+ */
public function getPublicKey($client_id = '')
{
$public_key = $this->getValue($this->config['public_key_key'] . $client_id);
@@ -407,6 +571,10 @@ class Cassandra implements AuthorizationCodeInterface,
}
}
+ /**
+ * @param string $client_id
+ * @return mixed
+ */
public function getPrivateKey($client_id = '')
{
$public_key = $this->getValue($this->config['public_key_key'] . $client_id);
@@ -419,6 +587,10 @@ class Cassandra implements AuthorizationCodeInterface,
}
}
+ /**
+ * @param null $client_id
+ * @return mixed|string
+ */
public function getEncryptionAlgorithm($client_id = null)
{
$public_key = $this->getValue($this->config['public_key_key'] . $client_id);
@@ -433,7 +605,11 @@ class Cassandra implements AuthorizationCodeInterface,
return 'RS256';
}
- /* UserClaimsInterface */
+ /**
+ * @param mixed $user_id
+ * @param string $claims
+ * @return array|bool
+ */
public function getUserClaims($user_id, $claims)
{
$userDetails = $this->getUserDetails($user_id);
@@ -460,6 +636,11 @@ class Cassandra implements AuthorizationCodeInterface,
return $userClaims;
}
+ /**
+ * @param $claim
+ * @param $userDetails
+ * @return array
+ */
protected function getUserClaim($claim, $userDetails)
{
$userClaims = array();
@@ -476,5 +657,4 @@ class Cassandra implements AuthorizationCodeInterface,
return $userClaims;
}
-
-}
+} \ No newline at end of file
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/CouchbaseDB.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/CouchbaseDB.php
index 1eb55f027..9e8148b6b 100755..100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/CouchbaseDB.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/CouchbaseDB.php
@@ -328,4 +328,4 @@ class CouchbaseDB implements AuthorizationCodeInterface,
//TODO: Needs couchbase implementation.
throw new \Exception('setJti() for the Couchbase driver is currently unimplemented.');
}
-}
+} \ No newline at end of file
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/DynamoDB.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/DynamoDB.php
index 8347ab258..a54cb3712 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/DynamoDB.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/DynamoDB.php
@@ -537,4 +537,4 @@ class DynamoDB implements
{
return null !== $value && '' !== $value;
}
-}
+} \ No newline at end of file
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/JwtAccessToken.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/JwtAccessToken.php
index 75b49d301..6ccacd6d9 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/JwtAccessToken.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/JwtAccessToken.php
@@ -6,7 +6,6 @@ use OAuth2\Encryption\EncryptionInterface;
use OAuth2\Encryption\Jwt;
/**
- *
* @author Brent Shaffer <bshafs at gmail dot com>
*/
class JwtAccessToken implements JwtAccessTokenInterface
@@ -85,4 +84,4 @@ class JwtAccessToken implements JwtAccessTokenInterface
return $tokenData;
}
-}
+} \ No newline at end of file
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Memory.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Memory.php
index 42d833ccb..2c60b71ce 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Memory.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Memory.php
@@ -378,4 +378,4 @@ class Memory implements AuthorizationCodeInterface,
return 'RS256';
}
-}
+} \ No newline at end of file
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Pdo.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Pdo.php
index ae5107e29..074cee447 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Pdo.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Pdo.php
@@ -4,6 +4,7 @@ namespace OAuth2\Storage;
use OAuth2\OpenID\Storage\UserClaimsInterface;
use OAuth2\OpenID\Storage\AuthorizationCodeInterface as OpenIDAuthorizationCodeInterface;
+use InvalidArgumentException;
/**
* Simple PDO storage for all storage types
@@ -29,9 +30,22 @@ class Pdo implements
UserClaimsInterface,
OpenIDAuthorizationCodeInterface
{
+ /**
+ * @var \PDO
+ */
protected $db;
+
+ /**
+ * @var array
+ */
protected $config;
+ /**
+ * @param mixed $connection
+ * @param array $config
+ *
+ * @throws InvalidArgumentException
+ */
public function __construct($connection, $config = array())
{
if (!$connection instanceof \PDO) {
@@ -70,7 +84,11 @@ class Pdo implements
), $config);
}
- /* OAuth2\Storage\ClientCredentialsInterface */
+ /**
+ * @param string $client_id
+ * @param null|string $client_secret
+ * @return bool
+ */
public function checkClientCredentials($client_id, $client_secret = null)
{
$stmt = $this->db->prepare(sprintf('SELECT * from %s where client_id = :client_id', $this->config['client_table']));
@@ -81,6 +99,10 @@ class Pdo implements
return $result && $result['client_secret'] == $client_secret;
}
+ /**
+ * @param string $client_id
+ * @return bool
+ */
public function isPublicClient($client_id)
{
$stmt = $this->db->prepare(sprintf('SELECT * from %s where client_id = :client_id', $this->config['client_table']));
@@ -93,7 +115,10 @@ class Pdo implements
return empty($result['client_secret']);
}
- /* OAuth2\Storage\ClientInterface */
+ /**
+ * @param string $client_id
+ * @return array|mixed
+ */
public function getClientDetails($client_id)
{
$stmt = $this->db->prepare(sprintf('SELECT * from %s where client_id = :client_id', $this->config['client_table']));
@@ -102,6 +127,15 @@ class Pdo implements
return $stmt->fetch(\PDO::FETCH_ASSOC);
}
+ /**
+ * @param string $client_id
+ * @param null|string $client_secret
+ * @param null|string $redirect_uri
+ * @param null|array $grant_types
+ * @param null|string $scope
+ * @param null|string $user_id
+ * @return bool
+ */
public function setClientDetails($client_id, $client_secret = null, $redirect_uri = null, $grant_types = null, $scope = null, $user_id = null)
{
// if it exists, update it.
@@ -114,6 +148,11 @@ class Pdo implements
return $stmt->execute(compact('client_id', 'client_secret', 'redirect_uri', 'grant_types', 'scope', 'user_id'));
}
+ /**
+ * @param $client_id
+ * @param $grant_type
+ * @return bool
+ */
public function checkRestrictedGrantType($client_id, $grant_type)
{
$details = $this->getClientDetails($client_id);
@@ -127,7 +166,10 @@ class Pdo implements
return true;
}
- /* OAuth2\Storage\AccessTokenInterface */
+ /**
+ * @param string $access_token
+ * @return array|bool|mixed|null
+ */
public function getAccessToken($access_token)
{
$stmt = $this->db->prepare(sprintf('SELECT * from %s where access_token = :access_token', $this->config['access_token_table']));
@@ -141,6 +183,14 @@ class Pdo implements
return $token;
}
+ /**
+ * @param string $access_token
+ * @param mixed $client_id
+ * @param mixed $user_id
+ * @param int $expires
+ * @param string $scope
+ * @return bool
+ */
public function setAccessToken($access_token, $client_id, $user_id, $expires, $scope = null)
{
// convert expires to datestring
@@ -156,6 +206,10 @@ class Pdo implements
return $stmt->execute(compact('access_token', 'client_id', 'user_id', 'expires', 'scope'));
}
+ /**
+ * @param $access_token
+ * @return bool
+ */
public function unsetAccessToken($access_token)
{
$stmt = $this->db->prepare(sprintf('DELETE FROM %s WHERE access_token = :access_token', $this->config['access_token_table']));
@@ -166,6 +220,10 @@ class Pdo implements
}
/* OAuth2\Storage\AuthorizationCodeInterface */
+ /**
+ * @param string $code
+ * @return mixed
+ */
public function getAuthorizationCode($code)
{
$stmt = $this->db->prepare(sprintf('SELECT * from %s where authorization_code = :code', $this->config['code_table']));
@@ -179,6 +237,16 @@ class Pdo implements
return $code;
}
+ /**
+ * @param string $code
+ * @param mixed $client_id
+ * @param mixed $user_id
+ * @param string $redirect_uri
+ * @param int $expires
+ * @param string $scope
+ * @param string $id_token
+ * @return bool|mixed
+ */
public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
{
if (func_num_args() > 6) {
@@ -199,6 +267,16 @@ class Pdo implements
return $stmt->execute(compact('code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'scope'));
}
+ /**
+ * @param string $code
+ * @param mixed $client_id
+ * @param mixed $user_id
+ * @param string $redirect_uri
+ * @param string $expires
+ * @param string $scope
+ * @param string $id_token
+ * @return bool
+ */
private function setAuthorizationCodeWithIdToken($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
{
// convert expires to datestring
@@ -214,6 +292,10 @@ class Pdo implements
return $stmt->execute(compact('code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'scope', 'id_token'));
}
+ /**
+ * @param string $code
+ * @return bool
+ */
public function expireAuthorizationCode($code)
{
$stmt = $this->db->prepare(sprintf('DELETE FROM %s WHERE authorization_code = :code', $this->config['code_table']));
@@ -221,7 +303,11 @@ class Pdo implements
return $stmt->execute(compact('code'));
}
- /* OAuth2\Storage\UserCredentialsInterface */
+ /**
+ * @param string $username
+ * @param string $password
+ * @return bool
+ */
public function checkUserCredentials($username, $password)
{
if ($user = $this->getUser($username)) {
@@ -231,12 +317,20 @@ class Pdo implements
return false;
}
+ /**
+ * @param string $username
+ * @return array|bool
+ */
public function getUserDetails($username)
{
return $this->getUser($username);
}
- /* UserClaimsInterface */
+ /**
+ * @param mixed $user_id
+ * @param string $claims
+ * @return array|bool
+ */
public function getUserClaims($user_id, $claims)
{
if (!$userDetails = $this->getUserDetails($user_id)) {
@@ -262,6 +356,11 @@ class Pdo implements
return $userClaims;
}
+ /**
+ * @param string $claim
+ * @param array $userDetails
+ * @return array
+ */
protected function getUserClaim($claim, $userDetails)
{
$userClaims = array();
@@ -275,7 +374,10 @@ class Pdo implements
return $userClaims;
}
- /* OAuth2\Storage\RefreshTokenInterface */
+ /**
+ * @param string $refresh_token
+ * @return bool|mixed
+ */
public function getRefreshToken($refresh_token)
{
$stmt = $this->db->prepare(sprintf('SELECT * FROM %s WHERE refresh_token = :refresh_token', $this->config['refresh_token_table']));
@@ -289,6 +391,14 @@ class Pdo implements
return $token;
}
+ /**
+ * @param string $refresh_token
+ * @param mixed $client_id
+ * @param mixed $user_id
+ * @param string $expires
+ * @param string $scope
+ * @return bool
+ */
public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = null)
{
// convert expires to datestring
@@ -299,6 +409,10 @@ class Pdo implements
return $stmt->execute(compact('refresh_token', 'client_id', 'user_id', 'expires', 'scope'));
}
+ /**
+ * @param string $refresh_token
+ * @return bool
+ */
public function unsetRefreshToken($refresh_token)
{
$stmt = $this->db->prepare(sprintf('DELETE FROM %s WHERE refresh_token = :refresh_token', $this->config['refresh_token_table']));
@@ -308,7 +422,13 @@ class Pdo implements
return $stmt->rowCount() > 0;
}
- // plaintext passwords are bad! Override this for your application
+ /**
+ * plaintext passwords are bad! Override this for your application
+ *
+ * @param array $user
+ * @param string $password
+ * @return bool
+ */
protected function checkPassword($user, $password)
{
return $user['password'] == $this->hashPassword($password);
@@ -320,6 +440,10 @@ class Pdo implements
return sha1($password);
}
+ /**
+ * @param string $username
+ * @return array|bool
+ */
public function getUser($username)
{
$stmt = $this->db->prepare($sql = sprintf('SELECT * from %s where username=:username', $this->config['user_table']));
@@ -335,6 +459,15 @@ class Pdo implements
), $userInfo);
}
+ /**
+ * plaintext passwords are bad! Override this for your application
+ *
+ * @param string $username
+ * @param string $password
+ * @param string $firstName
+ * @param string $lastName
+ * @return bool
+ */
public function setUser($username, $password, $firstName = null, $lastName = null)
{
// do not store in plaintext
@@ -350,7 +483,10 @@ class Pdo implements
return $stmt->execute(compact('username', 'password', 'firstName', 'lastName'));
}
- /* ScopeInterface */
+ /**
+ * @param string $scope
+ * @return bool
+ */
public function scopeExists($scope)
{
$scope = explode(' ', $scope);
@@ -365,6 +501,10 @@ class Pdo implements
return false;
}
+ /**
+ * @param mixed $client_id
+ * @return null|string
+ */
public function getDefaultScope($client_id = null)
{
$stmt = $this->db->prepare(sprintf('SELECT scope FROM %s WHERE is_default=:is_default', $this->config['scope_table']));
@@ -381,7 +521,11 @@ class Pdo implements
return null;
}
- /* JWTBearerInterface */
+ /**
+ * @param mixed $client_id
+ * @param $subject
+ * @return string
+ */
public function getClientKey($client_id, $subject)
{
$stmt = $this->db->prepare($sql = sprintf('SELECT public_key from %s where client_id=:client_id AND subject=:subject', $this->config['jwt_table']));
@@ -391,6 +535,10 @@ class Pdo implements
return $stmt->fetchColumn();
}
+ /**
+ * @param mixed $client_id
+ * @return bool|null
+ */
public function getClientScope($client_id)
{
if (!$clientDetails = $this->getClientDetails($client_id)) {
@@ -404,6 +552,14 @@ class Pdo implements
return null;
}
+ /**
+ * @param mixed $client_id
+ * @param $subject
+ * @param $audience
+ * @param $expires
+ * @param $jti
+ * @return array|null
+ */
public function getJti($client_id, $subject, $audience, $expires, $jti)
{
$stmt = $this->db->prepare($sql = sprintf('SELECT * FROM %s WHERE issuer=:client_id AND subject=:subject AND audience=:audience AND expires=:expires AND jti=:jti', $this->config['jti_table']));
@@ -423,6 +579,14 @@ class Pdo implements
return null;
}
+ /**
+ * @param mixed $client_id
+ * @param $subject
+ * @param $audience
+ * @param $expires
+ * @param $jti
+ * @return bool
+ */
public function setJti($client_id, $subject, $audience, $expires, $jti)
{
$stmt = $this->db->prepare(sprintf('INSERT INTO %s (issuer, subject, audience, expires, jti) VALUES (:client_id, :subject, :audience, :expires, :jti)', $this->config['jti_table']));
@@ -430,7 +594,10 @@ class Pdo implements
return $stmt->execute(compact('client_id', 'subject', 'audience', 'expires', 'jti'));
}
- /* PublicKeyInterface */
+ /**
+ * @param mixed $client_id
+ * @return mixed
+ */
public function getPublicKey($client_id = null)
{
$stmt = $this->db->prepare($sql = sprintf('SELECT public_key FROM %s WHERE client_id=:client_id OR client_id IS NULL ORDER BY client_id IS NOT NULL DESC', $this->config['public_key_table']));
@@ -441,6 +608,10 @@ class Pdo implements
}
}
+ /**
+ * @param mixed $client_id
+ * @return mixed
+ */
public function getPrivateKey($client_id = null)
{
$stmt = $this->db->prepare($sql = sprintf('SELECT private_key FROM %s WHERE client_id=:client_id OR client_id IS NULL ORDER BY client_id IS NOT NULL DESC', $this->config['public_key_table']));
@@ -451,6 +622,10 @@ class Pdo implements
}
}
+ /**
+ * @param mixed $client_id
+ * @return string
+ */
public function getEncryptionAlgorithm($client_id = null)
{
$stmt = $this->db->prepare($sql = sprintf('SELECT encryption_algorithm FROM %s WHERE client_id=:client_id OR client_id IS NULL ORDER BY client_id IS NOT NULL DESC', $this->config['public_key_table']));
@@ -467,6 +642,9 @@ class Pdo implements
* DDL to create OAuth2 database and tables for PDO storage
*
* @see https://github.com/dsquier/oauth2-server-php-mysql
+ *
+ * @param string $dbName
+ * @return string
*/
public function getBuildSql($dbName = 'oauth2_server_php')
{
@@ -481,73 +659,73 @@ class Pdo implements
PRIMARY KEY (client_id)
);
- CREATE TABLE {$this->config['access_token_table']} (
- access_token VARCHAR(40) NOT NULL,
- client_id VARCHAR(80) NOT NULL,
- user_id VARCHAR(80),
- expires TIMESTAMP NOT NULL,
- scope VARCHAR(4000),
- PRIMARY KEY (access_token)
- );
+ CREATE TABLE {$this->config['access_token_table']} (
+ access_token VARCHAR(40) NOT NULL,
+ client_id VARCHAR(80) NOT NULL,
+ user_id VARCHAR(80),
+ expires TIMESTAMP NOT NULL,
+ scope VARCHAR(4000),
+ PRIMARY KEY (access_token)
+ );
- CREATE TABLE {$this->config['code_table']} (
- authorization_code VARCHAR(40) NOT NULL,
- client_id VARCHAR(80) NOT NULL,
- user_id VARCHAR(80),
- redirect_uri VARCHAR(2000),
- expires TIMESTAMP NOT NULL,
- scope VARCHAR(4000),
- id_token VARCHAR(1000),
- PRIMARY KEY (authorization_code)
- );
+ CREATE TABLE {$this->config['code_table']} (
+ authorization_code VARCHAR(40) NOT NULL,
+ client_id VARCHAR(80) NOT NULL,
+ user_id VARCHAR(80),
+ redirect_uri VARCHAR(2000),
+ expires TIMESTAMP NOT NULL,
+ scope VARCHAR(4000),
+ id_token VARCHAR(1000),
+ PRIMARY KEY (authorization_code)
+ );
- CREATE TABLE {$this->config['refresh_token_table']} (
- refresh_token VARCHAR(40) NOT NULL,
- client_id VARCHAR(80) NOT NULL,
- user_id VARCHAR(80),
- expires TIMESTAMP NOT NULL,
- scope VARCHAR(4000),
- PRIMARY KEY (refresh_token)
- );
+ CREATE TABLE {$this->config['refresh_token_table']} (
+ refresh_token VARCHAR(40) NOT NULL,
+ client_id VARCHAR(80) NOT NULL,
+ user_id VARCHAR(80),
+ expires TIMESTAMP NOT NULL,
+ scope VARCHAR(4000),
+ PRIMARY KEY (refresh_token)
+ );
- CREATE TABLE {$this->config['user_table']} (
- username VARCHAR(80),
- password VARCHAR(80),
- first_name VARCHAR(80),
- last_name VARCHAR(80),
- email VARCHAR(80),
- email_verified BOOLEAN,
- scope VARCHAR(4000)
- );
+ CREATE TABLE {$this->config['user_table']} (
+ username VARCHAR(80),
+ password VARCHAR(80),
+ first_name VARCHAR(80),
+ last_name VARCHAR(80),
+ email VARCHAR(80),
+ email_verified BOOLEAN,
+ scope VARCHAR(4000)
+ );
- CREATE TABLE {$this->config['scope_table']} (
- scope VARCHAR(80) NOT NULL,
- is_default BOOLEAN,
- PRIMARY KEY (scope)
- );
+ CREATE TABLE {$this->config['scope_table']} (
+ scope VARCHAR(80) NOT NULL,
+ is_default BOOLEAN,
+ PRIMARY KEY (scope)
+ );
- CREATE TABLE {$this->config['jwt_table']} (
- client_id VARCHAR(80) NOT NULL,
- subject VARCHAR(80),
- public_key VARCHAR(2000) NOT NULL
- );
+ CREATE TABLE {$this->config['jwt_table']} (
+ client_id VARCHAR(80) NOT NULL,
+ subject VARCHAR(80),
+ public_key VARCHAR(2000) NOT NULL
+ );
- CREATE TABLE {$this->config['jti_table']} (
- issuer VARCHAR(80) NOT NULL,
- subject VARCHAR(80),
- audience VARCHAR(80),
- expires TIMESTAMP NOT NULL,
- jti VARCHAR(2000) NOT NULL
- );
+ CREATE TABLE {$this->config['jti_table']} (
+ issuer VARCHAR(80) NOT NULL,
+ subject VARCHAR(80),
+ audiance VARCHAR(80),
+ expires TIMESTAMP NOT NULL,
+ jti VARCHAR(2000) NOT NULL
+ );
- CREATE TABLE {$this->config['public_key_table']} (
- client_id VARCHAR(80),
- public_key VARCHAR(2000),
- private_key VARCHAR(2000),
- encryption_algorithm VARCHAR(100) DEFAULT 'RS256'
- )
-";
+ CREATE TABLE {$this->config['public_key_table']} (
+ client_id VARCHAR(80),
+ public_key VARCHAR(2000),
+ private_key VARCHAR(2000),
+ encryption_algorithm VARCHAR(100) DEFAULT 'RS256'
+ )
+ ";
return $sql;
}
-}
+} \ No newline at end of file
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/PublicKeyInterface.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/PublicKeyInterface.php
index 108418d3a..a6dc49fb5 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/PublicKeyInterface.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/PublicKeyInterface.php
@@ -10,7 +10,21 @@ namespace OAuth2\Storage;
*/
interface PublicKeyInterface
{
+ /**
+ * @param mixed $client_id
+ * @return mixed
+ */
public function getPublicKey($client_id = null);
+
+ /**
+ * @param mixed $client_id
+ * @return mixed
+ */
public function getPrivateKey($client_id = null);
+
+ /**
+ * @param mixed $client_id
+ * @return mixed
+ */
public function getEncryptionAlgorithm($client_id = null);
-}
+} \ No newline at end of file
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/UserCredentialsInterface.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/UserCredentialsInterface.php
index 6e0fd7bad..f550579e4 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/UserCredentialsInterface.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/UserCredentialsInterface.php
@@ -37,15 +37,15 @@ interface UserCredentialsInterface
public function checkUserCredentials($username, $password);
/**
- * @return
- * ARRAY the associated "user_id" and optional "scope" values
- * This function MUST return FALSE if the requested user does not exist or is
- * invalid. "scope" is a space-separated list of restricted scopes.
+ * @param string $username - username to get details for
+ * @return array|false - the associated "user_id" and optional "scope" values
+ * This function MUST return FALSE if the requested user does not exist or is
+ * invalid. "scope" is a space-separated list of restricted scopes.
* @code
- * return array(
- * "user_id" => USER_ID, // REQUIRED user_id to be stored with the authorization code or access token
- * "scope" => SCOPE // OPTIONAL space-separated list of restricted scopes
- * );
+ * return array(
+ * "user_id" => USER_ID, // REQUIRED user_id to be stored with the authorization code or access token
+ * "scope" => SCOPE // OPTIONAL space-separated list of restricted scopes
+ * );
* @endcode
*/
public function getUserDetails($username);
diff --git a/vendor/bshaffer/oauth2-server-php/test/OAuth2/AutoloadTest.php b/vendor/bshaffer/oauth2-server-php/test/OAuth2/AutoloadTest.php
index 5901bdc42..2cb292389 100644
--- a/vendor/bshaffer/oauth2-server-php/test/OAuth2/AutoloadTest.php
+++ b/vendor/bshaffer/oauth2-server-php/test/OAuth2/AutoloadTest.php
@@ -2,7 +2,9 @@
namespace OAuth2;
-class AutoloadTest extends \PHPUnit_Framework_TestCase
+use PHPUnit\Framework\TestCase;
+
+class AutoloadTest extends TestCase
{
public function testClassesExist()
{
diff --git a/vendor/bshaffer/oauth2-server-php/test/OAuth2/Controller/AuthorizeControllerTest.php b/vendor/bshaffer/oauth2-server-php/test/OAuth2/Controller/AuthorizeControllerTest.php
index 3bfc760e4..fe3553b23 100644
--- a/vendor/bshaffer/oauth2-server-php/test/OAuth2/Controller/AuthorizeControllerTest.php
+++ b/vendor/bshaffer/oauth2-server-php/test/OAuth2/Controller/AuthorizeControllerTest.php
@@ -10,8 +10,9 @@ use OAuth2\GrantType\AuthorizationCode;
use OAuth2\Request;
use OAuth2\Response;
use OAuth2\Request\TestRequest;
+use PHPUnit\Framework\TestCase;
-class AuthorizeControllerTest extends \PHPUnit_Framework_TestCase
+class AuthorizeControllerTest extends TestCase
{
public function testNoClientIdResponse()
{
diff --git a/vendor/bshaffer/oauth2-server-php/test/OAuth2/Controller/ResourceControllerTest.php b/vendor/bshaffer/oauth2-server-php/test/OAuth2/Controller/ResourceControllerTest.php
index b277514a5..cd54d239a 100644
--- a/vendor/bshaffer/oauth2-server-php/test/OAuth2/Controller/ResourceControllerTest.php
+++ b/vendor/bshaffer/oauth2-server-php/test/OAuth2/Controller/ResourceControllerTest.php
@@ -7,8 +7,9 @@ use OAuth2\Server;
use OAuth2\GrantType\AuthorizationCode;
use OAuth2\Request;
use OAuth2\Response;
+use PHPUnit\Framework\TestCase;
-class ResourceControllerTest extends \PHPUnit_Framework_TestCase
+class ResourceControllerTest extends TestCase
{
public function testNoAccessToken()
{
diff --git a/vendor/bshaffer/oauth2-server-php/test/OAuth2/Controller/TokenControllerTest.php b/vendor/bshaffer/oauth2-server-php/test/OAuth2/Controller/TokenControllerTest.php
index 4a217bd55..d18eaa6d7 100644
--- a/vendor/bshaffer/oauth2-server-php/test/OAuth2/Controller/TokenControllerTest.php
+++ b/vendor/bshaffer/oauth2-server-php/test/OAuth2/Controller/TokenControllerTest.php
@@ -10,8 +10,9 @@ use OAuth2\GrantType\UserCredentials;
use OAuth2\Scope;
use OAuth2\Request\TestRequest;
use OAuth2\Response;
+use PHPUnit\Framework\TestCase;
-class TokenControllerTest extends \PHPUnit_Framework_TestCase
+class TokenControllerTest extends TestCase
{
public function testNoGrantType()
{
@@ -271,6 +272,48 @@ class TokenControllerTest extends \PHPUnit_Framework_TestCase
$this->assertEquals($response->getParameter('error_description'), 'The request method must be POST when revoking an access token');
}
+ public function testCanUseCrossOriginRequestForRevoke()
+ {
+ $server = $this->getTestServer();
+
+ $request = new TestRequest();
+ $request->setMethod('OPTIONS');
+
+ $server->handleRevokeRequest($request, $response = new Response());
+ $this->assertTrue($response instanceof Response);
+ $this->assertEquals(200, $response->getStatusCode(), var_export($response, 1));
+ $this->assertEquals($response->getHttpHeader('Allow'), 'POST, OPTIONS');
+ }
+
+ public function testInvalidRequestMethodForAccessToken()
+ {
+ $server = $this->getTestServer();
+
+ $request = new TestRequest();
+ $request->setQuery(array(
+ 'token_type_hint' => 'access_token'
+ ));
+
+ $server->handleTokenRequest($request, $response = new Response());
+ $this->assertTrue($response instanceof Response);
+ $this->assertEquals(405, $response->getStatusCode(), var_export($response, 1));
+ $this->assertEquals($response->getParameter('error'), 'invalid_request');
+ $this->assertEquals($response->getParameter('error_description'), 'The request method must be POST when requesting an access token');
+ }
+
+ public function testCanUseCrossOriginRequestForAccessToken()
+ {
+ $server = $this->getTestServer();
+
+ $request = new TestRequest();
+ $request->setMethod('OPTIONS');
+
+ $server->handleTokenRequest($request, $response = new Response());
+ $this->assertTrue($response instanceof Response);
+ $this->assertEquals(200, $response->getStatusCode(), var_export($response, 1));
+ $this->assertEquals($response->getHttpHeader('Allow'), 'POST, OPTIONS');
+ }
+
public function testCreateController()
{
$storage = Bootstrap::getInstance()->getMemoryStorage();
diff --git a/vendor/bshaffer/oauth2-server-php/test/OAuth2/Encryption/FirebaseJwtTest.php b/vendor/bshaffer/oauth2-server-php/test/OAuth2/Encryption/FirebaseJwtTest.php
index d34136767..c7e92c053 100644
--- a/vendor/bshaffer/oauth2-server-php/test/OAuth2/Encryption/FirebaseJwtTest.php
+++ b/vendor/bshaffer/oauth2-server-php/test/OAuth2/Encryption/FirebaseJwtTest.php
@@ -3,8 +3,9 @@
namespace OAuth2\Encryption;
use OAuth2\Storage\Bootstrap;
+use PHPUnit\Framework\TestCase;
-class FirebaseJwtTest extends \PHPUnit_Framework_TestCase
+class FirebaseJwtTest extends TestCase
{
private $privateKey;
diff --git a/vendor/bshaffer/oauth2-server-php/test/OAuth2/Encryption/JwtTest.php b/vendor/bshaffer/oauth2-server-php/test/OAuth2/Encryption/JwtTest.php
index 214eebac8..d73b4c923 100644
--- a/vendor/bshaffer/oauth2-server-php/test/OAuth2/Encryption/JwtTest.php
+++ b/vendor/bshaffer/oauth2-server-php/test/OAuth2/Encryption/JwtTest.php
@@ -3,8 +3,9 @@
namespace OAuth2\Encryption;
use OAuth2\Storage\Bootstrap;
+use PHPUnit\Framework\TestCase;
-class JwtTest extends \PHPUnit_Framework_TestCase
+class JwtTest extends TestCase
{
private $privateKey;
diff --git a/vendor/bshaffer/oauth2-server-php/test/OAuth2/GrantType/AuthorizationCodeTest.php b/vendor/bshaffer/oauth2-server-php/test/OAuth2/GrantType/AuthorizationCodeTest.php
index 356b8e53c..b2314ffc6 100644
--- a/vendor/bshaffer/oauth2-server-php/test/OAuth2/GrantType/AuthorizationCodeTest.php
+++ b/vendor/bshaffer/oauth2-server-php/test/OAuth2/GrantType/AuthorizationCodeTest.php
@@ -6,8 +6,9 @@ use OAuth2\Storage\Bootstrap;
use OAuth2\Server;
use OAuth2\Request\TestRequest;
use OAuth2\Response;
+use PHPUnit\Framework\TestCase;
-class AuthorizationCodeTest extends \PHPUnit_Framework_TestCase
+class AuthorizationCodeTest extends TestCase
{
public function testNoCode()
{
diff --git a/vendor/bshaffer/oauth2-server-php/test/OAuth2/GrantType/ClientCredentialsTest.php b/vendor/bshaffer/oauth2-server-php/test/OAuth2/GrantType/ClientCredentialsTest.php
index f0d46ccb3..2a7d0eb3d 100644
--- a/vendor/bshaffer/oauth2-server-php/test/OAuth2/GrantType/ClientCredentialsTest.php
+++ b/vendor/bshaffer/oauth2-server-php/test/OAuth2/GrantType/ClientCredentialsTest.php
@@ -7,8 +7,9 @@ use OAuth2\Server;
use OAuth2\Request\TestRequest;
use OAuth2\Request;
use OAuth2\Response;
+use PHPUnit\Framework\TestCase;
-class ClientCredentialsTest extends \PHPUnit_Framework_TestCase
+class ClientCredentialsTest extends TestCase
{
public function testInvalidCredentials()
{
diff --git a/vendor/bshaffer/oauth2-server-php/test/OAuth2/GrantType/ImplicitTest.php b/vendor/bshaffer/oauth2-server-php/test/OAuth2/GrantType/ImplicitTest.php
index a47aae3e8..14bf980f1 100644
--- a/vendor/bshaffer/oauth2-server-php/test/OAuth2/GrantType/ImplicitTest.php
+++ b/vendor/bshaffer/oauth2-server-php/test/OAuth2/GrantType/ImplicitTest.php
@@ -6,8 +6,9 @@ use OAuth2\Storage\Bootstrap;
use OAuth2\Server;
use OAuth2\Request;
use OAuth2\Response;
+use PHPUnit\Framework\TestCase;
-class ImplicitTest extends \PHPUnit_Framework_TestCase
+class ImplicitTest extends TestCase
{
public function testImplicitNotAllowedResponse()
{
diff --git a/vendor/bshaffer/oauth2-server-php/test/OAuth2/GrantType/JwtBearerTest.php b/vendor/bshaffer/oauth2-server-php/test/OAuth2/GrantType/JwtBearerTest.php
index 0a6c4b827..e60023b3c 100644
--- a/vendor/bshaffer/oauth2-server-php/test/OAuth2/GrantType/JwtBearerTest.php
+++ b/vendor/bshaffer/oauth2-server-php/test/OAuth2/GrantType/JwtBearerTest.php
@@ -7,8 +7,9 @@ use OAuth2\Server;
use OAuth2\Request\TestRequest;
use OAuth2\Response;
use OAuth2\Encryption\Jwt;
+use PHPUnit\Framework\TestCase;
-class JwtBearerTest extends \PHPUnit_Framework_TestCase
+class JwtBearerTest extends TestCase
{
private $privateKey;
diff --git a/vendor/bshaffer/oauth2-server-php/test/OAuth2/GrantType/RefreshTokenTest.php b/vendor/bshaffer/oauth2-server-php/test/OAuth2/GrantType/RefreshTokenTest.php
index a458aad8a..c964c6bbd 100644
--- a/vendor/bshaffer/oauth2-server-php/test/OAuth2/GrantType/RefreshTokenTest.php
+++ b/vendor/bshaffer/oauth2-server-php/test/OAuth2/GrantType/RefreshTokenTest.php
@@ -6,8 +6,9 @@ use OAuth2\Storage\Bootstrap;
use OAuth2\Server;
use OAuth2\Request\TestRequest;
use OAuth2\Response;
+use PHPUnit\Framework\TestCase;
-class RefreshTokenTest extends \PHPUnit_Framework_TestCase
+class RefreshTokenTest extends TestCase
{
private $storage;
diff --git a/vendor/bshaffer/oauth2-server-php/test/OAuth2/GrantType/UserCredentialsTest.php b/vendor/bshaffer/oauth2-server-php/test/OAuth2/GrantType/UserCredentialsTest.php
index 18943d055..8b725e13a 100644
--- a/vendor/bshaffer/oauth2-server-php/test/OAuth2/GrantType/UserCredentialsTest.php
+++ b/vendor/bshaffer/oauth2-server-php/test/OAuth2/GrantType/UserCredentialsTest.php
@@ -6,8 +6,9 @@ use OAuth2\Storage\Bootstrap;
use OAuth2\Server;
use OAuth2\Request\TestRequest;
use OAuth2\Response;
+use PHPUnit\Framework\TestCase;
-class UserCredentialsTest extends \PHPUnit_Framework_TestCase
+class UserCredentialsTest extends TestCase
{
public function testNoUsername()
{
diff --git a/vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/Controller/AuthorizeControllerTest.php b/vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/Controller/AuthorizeControllerTest.php
index 46de936d8..fdc16daba 100644
--- a/vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/Controller/AuthorizeControllerTest.php
+++ b/vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/Controller/AuthorizeControllerTest.php
@@ -6,8 +6,9 @@ use OAuth2\Storage\Bootstrap;
use OAuth2\Server;
use OAuth2\Request;
use OAuth2\Response;
+use PHPUnit\Framework\TestCase;
-class AuthorizeControllerTest extends \PHPUnit_Framework_TestCase
+class AuthorizeControllerTest extends TestCase
{
public function testValidateAuthorizeRequest()
{
diff --git a/vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/Controller/UserInfoControllerTest.php b/vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/Controller/UserInfoControllerTest.php
index b1b687077..62e84df57 100644
--- a/vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/Controller/UserInfoControllerTest.php
+++ b/vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/Controller/UserInfoControllerTest.php
@@ -6,8 +6,9 @@ use OAuth2\Storage\Bootstrap;
use OAuth2\Server;
use OAuth2\Request;
use OAuth2\Response;
+use PHPUnit\Framework\TestCase;
-class UserInfoControllerTest extends \PHPUnit_Framework_TestCase
+class UserInfoControllerTest extends TestCase
{
public function testCreateController()
{
diff --git a/vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/GrantType/AuthorizationCodeTest.php b/vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/GrantType/AuthorizationCodeTest.php
index 776002d1e..c89a1ae97 100644
--- a/vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/GrantType/AuthorizationCodeTest.php
+++ b/vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/GrantType/AuthorizationCodeTest.php
@@ -6,8 +6,9 @@ use OAuth2\Storage\Bootstrap;
use OAuth2\Server;
use OAuth2\Request\TestRequest;
use OAuth2\Response;
+use PHPUnit\Framework\TestCase;
-class AuthorizationCodeTest extends \PHPUnit_Framework_TestCase
+class AuthorizationCodeTest extends TestCase
{
public function testValidCode()
{
diff --git a/vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/ResponseType/CodeIdTokenTest.php b/vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/ResponseType/CodeIdTokenTest.php
index b0311434a..7b892c946 100644
--- a/vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/ResponseType/CodeIdTokenTest.php
+++ b/vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/ResponseType/CodeIdTokenTest.php
@@ -7,8 +7,9 @@ use OAuth2\Request;
use OAuth2\Response;
use OAuth2\Storage\Bootstrap;
use OAuth2\GrantType\ClientCredentials;
+use PHPUnit\Framework\TestCase;
-class CodeIdTokenTest extends \PHPUnit_Framework_TestCase
+class CodeIdTokenTest extends TestCase
{
public function testHandleAuthorizeRequest()
{
diff --git a/vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/ResponseType/IdTokenTest.php b/vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/ResponseType/IdTokenTest.php
index e772f6be4..a0df3a936 100644
--- a/vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/ResponseType/IdTokenTest.php
+++ b/vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/ResponseType/IdTokenTest.php
@@ -8,8 +8,9 @@ use OAuth2\Response;
use OAuth2\Storage\Bootstrap;
use OAuth2\GrantType\ClientCredentials;
use OAuth2\Encryption\Jwt;
+use PHPUnit\Framework\TestCase;
-class IdTokenTest extends \PHPUnit_Framework_TestCase
+class IdTokenTest extends TestCase
{
public function testValidateAuthorizeRequest()
{
diff --git a/vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/ResponseType/IdTokenTokenTest.php b/vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/ResponseType/IdTokenTokenTest.php
index bc564d37b..0573a9866 100644
--- a/vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/ResponseType/IdTokenTokenTest.php
+++ b/vendor/bshaffer/oauth2-server-php/test/OAuth2/OpenID/ResponseType/IdTokenTokenTest.php
@@ -8,8 +8,9 @@ use OAuth2\Response;
use OAuth2\Storage\Bootstrap;
use OAuth2\GrantType\ClientCredentials;
use OAuth2\ResponseType\AccessToken;
+use PHPUnit\Framework\TestCase;
-class IdTokenTokenTest extends \PHPUnit_Framework_TestCase
+class IdTokenTokenTest extends TestCase
{
public function testHandleAuthorizeRequest()
diff --git a/vendor/bshaffer/oauth2-server-php/test/OAuth2/RequestTest.php b/vendor/bshaffer/oauth2-server-php/test/OAuth2/RequestTest.php
index 10db3215c..cbf8f096b 100644
--- a/vendor/bshaffer/oauth2-server-php/test/OAuth2/RequestTest.php
+++ b/vendor/bshaffer/oauth2-server-php/test/OAuth2/RequestTest.php
@@ -5,8 +5,9 @@ namespace OAuth2;
use OAuth2\Request\TestRequest;
use OAuth2\Storage\Bootstrap;
use OAuth2\GrantType\AuthorizationCode;
+use PHPUnit\Framework\TestCase;
-class RequestTest extends \PHPUnit_Framework_TestCase
+class RequestTest extends TestCase
{
public function testRequestOverride()
{
diff --git a/vendor/bshaffer/oauth2-server-php/test/OAuth2/ResponseTest.php b/vendor/bshaffer/oauth2-server-php/test/OAuth2/ResponseTest.php
index b8149005d..2d2c57ee6 100644
--- a/vendor/bshaffer/oauth2-server-php/test/OAuth2/ResponseTest.php
+++ b/vendor/bshaffer/oauth2-server-php/test/OAuth2/ResponseTest.php
@@ -1,8 +1,8 @@
<?php
-namespace OAuth2;
+namespace OAuth2;use PHPUnit\Framework\TestCase;
-class ResponseTest extends \PHPUnit_Framework_TestCase
+class ResponseTest extends TestCase
{
public function testRenderAsXml()
{
diff --git a/vendor/bshaffer/oauth2-server-php/test/OAuth2/ResponseType/AccessTokenTest.php b/vendor/bshaffer/oauth2-server-php/test/OAuth2/ResponseType/AccessTokenTest.php
index 0ed1c82fc..43b02254f 100644
--- a/vendor/bshaffer/oauth2-server-php/test/OAuth2/ResponseType/AccessTokenTest.php
+++ b/vendor/bshaffer/oauth2-server-php/test/OAuth2/ResponseType/AccessTokenTest.php
@@ -4,8 +4,9 @@ namespace OAuth2\ResponseType;
use OAuth2\Server;
use OAuth2\Storage\Memory;
+use PHPUnit\Framework\TestCase;
-class AccessTokenTest extends \PHPUnit_Framework_TestCase
+class AccessTokenTest extends TestCase
{
public function testRevokeAccessTokenWithTypeHint()
{
diff --git a/vendor/bshaffer/oauth2-server-php/test/OAuth2/ResponseType/JwtAccessTokenTest.php b/vendor/bshaffer/oauth2-server-php/test/OAuth2/ResponseType/JwtAccessTokenTest.php
index 51b01a927..7e37509ef 100644
--- a/vendor/bshaffer/oauth2-server-php/test/OAuth2/ResponseType/JwtAccessTokenTest.php
+++ b/vendor/bshaffer/oauth2-server-php/test/OAuth2/ResponseType/JwtAccessTokenTest.php
@@ -11,8 +11,9 @@ use OAuth2\GrantType\ClientCredentials;
use OAuth2\GrantType\UserCredentials;
use OAuth2\GrantType\RefreshToken;
use OAuth2\Encryption\Jwt;
+use PHPUnit\Framework\TestCase;
-class JwtAccessTokenTest extends \PHPUnit_Framework_TestCase
+class JwtAccessTokenTest extends TestCase
{
public function testCreateAccessToken()
{
diff --git a/vendor/bshaffer/oauth2-server-php/test/OAuth2/ScopeTest.php b/vendor/bshaffer/oauth2-server-php/test/OAuth2/ScopeTest.php
index 99f9cf6eb..5b51be1d1 100644
--- a/vendor/bshaffer/oauth2-server-php/test/OAuth2/ScopeTest.php
+++ b/vendor/bshaffer/oauth2-server-php/test/OAuth2/ScopeTest.php
@@ -3,8 +3,9 @@
namespace OAuth2;
use OAuth2\Storage\Memory;
+use PHPUnit\Framework\TestCase;
-class ScopeTest extends \PHPUnit_Framework_TestCase
+class ScopeTest extends TestCase
{
public function testCheckScope()
{
diff --git a/vendor/bshaffer/oauth2-server-php/test/OAuth2/ServerTest.php b/vendor/bshaffer/oauth2-server-php/test/OAuth2/ServerTest.php
index 747e120f5..3106961e2 100644
--- a/vendor/bshaffer/oauth2-server-php/test/OAuth2/ServerTest.php
+++ b/vendor/bshaffer/oauth2-server-php/test/OAuth2/ServerTest.php
@@ -5,8 +5,9 @@ namespace OAuth2;
use OAuth2\Request\TestRequest;
use OAuth2\ResponseType\AuthorizationCode;
use OAuth2\Storage\Bootstrap;
+use PHPUnit\Framework\TestCase;
-class ServerTest extends \PHPUnit_Framework_TestCase
+class ServerTest extends TestCase
{
/**
* @expectedException LogicException OAuth2\Storage\ClientInterface
diff --git a/vendor/bshaffer/oauth2-server-php/test/OAuth2/TokenType/BearerTest.php b/vendor/bshaffer/oauth2-server-php/test/OAuth2/TokenType/BearerTest.php
index a2e000e22..71cca3bd9 100644
--- a/vendor/bshaffer/oauth2-server-php/test/OAuth2/TokenType/BearerTest.php
+++ b/vendor/bshaffer/oauth2-server-php/test/OAuth2/TokenType/BearerTest.php
@@ -4,8 +4,9 @@ namespace OAuth2\TokenType;
use OAuth2\Request\TestRequest;
use OAuth2\Response;
+use PHPUnit\Framework\TestCase;
-class BearerTest extends \PHPUnit_Framework_TestCase
+class BearerTest extends TestCase
{
public function testValidContentTypeWithCharset()
{
diff --git a/vendor/bshaffer/oauth2-server-php/test/lib/OAuth2/Request/TestRequest.php b/vendor/bshaffer/oauth2-server-php/test/lib/OAuth2/Request/TestRequest.php
index 7bbce28a4..a916ff2a3 100644
--- a/vendor/bshaffer/oauth2-server-php/test/lib/OAuth2/Request/TestRequest.php
+++ b/vendor/bshaffer/oauth2-server-php/test/lib/OAuth2/Request/TestRequest.php
@@ -45,9 +45,14 @@ class TestRequest extends Request implements RequestInterface
$this->query = $query;
}
+ public function setMethod($method)
+ {
+ $this->server['REQUEST_METHOD'] = $method;
+ }
+
public function setPost(array $params)
{
- $this->server['REQUEST_METHOD'] = 'POST';
+ $this->setMethod('POST');
$this->request = $params;
}
diff --git a/vendor/bshaffer/oauth2-server-php/test/lib/OAuth2/Storage/BaseTest.php b/vendor/bshaffer/oauth2-server-php/test/lib/OAuth2/Storage/BaseTest.php
index f0b1274a2..e841d3ad2 100755..100644
--- a/vendor/bshaffer/oauth2-server-php/test/lib/OAuth2/Storage/BaseTest.php
+++ b/vendor/bshaffer/oauth2-server-php/test/lib/OAuth2/Storage/BaseTest.php
@@ -2,7 +2,9 @@
namespace OAuth2\Storage;
-abstract class BaseTest extends \PHPUnit_Framework_TestCase
+use PHPUnit\Framework\TestCase;
+
+abstract class BaseTest extends TestCase
{
public function provideStorage()
{
diff --git a/vendor/bshaffer/oauth2-server-php/test/lib/OAuth2/Storage/Bootstrap.php b/vendor/bshaffer/oauth2-server-php/test/lib/OAuth2/Storage/Bootstrap.php
index 3d7bdd4e9..3d7bdd4e9 100755..100644
--- a/vendor/bshaffer/oauth2-server-php/test/lib/OAuth2/Storage/Bootstrap.php
+++ b/vendor/bshaffer/oauth2-server-php/test/lib/OAuth2/Storage/Bootstrap.php