aboutsummaryrefslogtreecommitdiffstats
path: root/library
diff options
context:
space:
mode:
Diffstat (limited to 'library')
-rw-r--r--library/blueimp_upload/.gitignore3
-rw-r--r--library/blueimp_upload/.jshintrc81
-rw-r--r--library/blueimp_upload/CONTRIBUTING.md43
-rw-r--r--library/blueimp_upload/Gruntfile.js37
-rw-r--r--library/blueimp_upload/LICENSE20
-rw-r--r--library/blueimp_upload/README.md58
-rw-r--r--library/blueimp_upload/angularjs.html14
-rw-r--r--library/blueimp_upload/basic-plus.html14
-rw-r--r--library/blueimp_upload/basic.html14
-rw-r--r--library/blueimp_upload/blueimp-file-upload.jquery.json50
-rwxr-xr-xlibrary/blueimp_upload/bower-version-update.js16
-rw-r--r--library/blueimp_upload/bower.json29
-rw-r--r--library/blueimp_upload/cors/postmessage.html6
-rw-r--r--library/blueimp_upload/cors/result.html4
-rw-r--r--library/blueimp_upload/css/demo-ie8.css4
-rw-r--r--library/blueimp_upload/css/demo.css4
-rw-r--r--library/blueimp_upload/css/jquery.fileupload-noscript.css6
-rw-r--r--library/blueimp_upload/css/jquery.fileupload-ui-noscript.css4
-rw-r--r--library/blueimp_upload/css/jquery.fileupload-ui.css4
-rw-r--r--library/blueimp_upload/css/jquery.fileupload.css7
-rw-r--r--library/blueimp_upload/css/style.css4
-rw-r--r--library/blueimp_upload/index.html12
-rw-r--r--library/blueimp_upload/jquery-ui.html14
-rw-r--r--library/blueimp_upload/js/app.js8
-rw-r--r--library/blueimp_upload/js/cors/jquery.postmessage-transport.js17
-rw-r--r--library/blueimp_upload/js/cors/jquery.xdr-transport.js11
-rw-r--r--library/blueimp_upload/js/jquery.fileupload-angular.js50
-rw-r--r--library/blueimp_upload/js/jquery.fileupload-audio.js15
-rw-r--r--library/blueimp_upload/js/jquery.fileupload-image.js23
-rw-r--r--[-rwxr-xr-x]library/blueimp_upload/js/jquery.fileupload-jquery-ui.js19
-rw-r--r--library/blueimp_upload/js/jquery.fileupload-process.js18
-rw-r--r--library/blueimp_upload/js/jquery.fileupload-ui.js23
-rw-r--r--library/blueimp_upload/js/jquery.fileupload-validate.js16
-rw-r--r--library/blueimp_upload/js/jquery.fileupload-video.js15
-rw-r--r--library/blueimp_upload/js/jquery.fileupload.js71
-rw-r--r--library/blueimp_upload/js/jquery.iframe-transport.js22
-rw-r--r--library/blueimp_upload/js/main.js6
-rw-r--r--library/blueimp_upload/js/vendor/jquery.ui.widget.js44
-rw-r--r--library/blueimp_upload/package.json39
-rw-r--r--library/blueimp_upload/server/gae-go/app/main.go297
-rw-r--r--library/blueimp_upload/server/gae-python/app.yaml5
-rw-r--r--library/blueimp_upload/server/gae-python/main.py208
-rw-r--r--library/blueimp_upload/server/node/.gitignore2
-rw-r--r--library/blueimp_upload/server/node/package.json41
-rw-r--r--library/blueimp_upload/server/node/public/files/.gitignore2
-rwxr-xr-xlibrary/blueimp_upload/server/node/server.js292
-rw-r--r--library/blueimp_upload/server/node/tmp/.gitignore0
-rw-r--r--library/blueimp_upload/server/php/Dockerfile38
-rwxr-xr-xlibrary/blueimp_upload/server/php/UploadHandler.php250
-rw-r--r--library/blueimp_upload/server/php/docker-compose.yml6
-rw-r--r--library/blueimp_upload/server/php/files/.htaccess14
-rw-r--r--library/blueimp_upload/server/php/index.php4
-rw-r--r--library/blueimp_upload/test/index.html16
-rw-r--r--library/blueimp_upload/test/test.js10
-rw-r--r--library/oauth2/.gitignore5
-rw-r--r--library/oauth2/.travis.yml30
-rw-r--r--library/oauth2/CHANGELOG.md152
-rw-r--r--library/oauth2/LICENSE21
-rw-r--r--library/oauth2/README.md8
-rw-r--r--library/oauth2/phpunit.xml25
-rw-r--r--library/oauth2/src/OAuth2/Autoloader.php48
-rw-r--r--library/oauth2/src/OAuth2/ClientAssertionType/ClientAssertionTypeInterface.php15
-rw-r--r--library/oauth2/src/OAuth2/ClientAssertionType/HttpBasic.php123
-rw-r--r--library/oauth2/src/OAuth2/Controller/AuthorizeController.php388
-rw-r--r--library/oauth2/src/OAuth2/Controller/AuthorizeControllerInterface.php43
-rw-r--r--library/oauth2/src/OAuth2/Controller/ResourceController.php111
-rw-r--r--library/oauth2/src/OAuth2/Controller/ResourceControllerInterface.php26
-rw-r--r--library/oauth2/src/OAuth2/Controller/TokenController.php278
-rw-r--r--library/oauth2/src/OAuth2/Controller/TokenControllerInterface.php32
-rw-r--r--library/oauth2/src/OAuth2/Encryption/EncryptionInterface.php11
-rw-r--r--library/oauth2/src/OAuth2/Encryption/FirebaseJwt.php47
-rw-r--r--library/oauth2/src/OAuth2/Encryption/Jwt.php173
-rw-r--r--library/oauth2/src/OAuth2/GrantType/AuthorizationCode.php100
-rw-r--r--library/oauth2/src/OAuth2/GrantType/ClientCredentials.php67
-rw-r--r--library/oauth2/src/OAuth2/GrantType/GrantTypeInterface.php20
-rw-r--r--library/oauth2/src/OAuth2/GrantType/JwtBearer.php226
-rw-r--r--library/oauth2/src/OAuth2/GrantType/RefreshToken.php111
-rw-r--r--library/oauth2/src/OAuth2/GrantType/UserCredentials.php83
-rw-r--r--library/oauth2/src/OAuth2/OpenID/Controller/AuthorizeController.php106
-rw-r--r--library/oauth2/src/OAuth2/OpenID/Controller/AuthorizeControllerInterface.php10
-rw-r--r--library/oauth2/src/OAuth2/OpenID/Controller/UserInfoController.php58
-rw-r--r--library/oauth2/src/OAuth2/OpenID/Controller/UserInfoControllerInterface.php23
-rw-r--r--library/oauth2/src/OAuth2/OpenID/GrantType/AuthorizationCode.php33
-rw-r--r--library/oauth2/src/OAuth2/OpenID/ResponseType/AuthorizationCode.php60
-rw-r--r--library/oauth2/src/OAuth2/OpenID/ResponseType/AuthorizationCodeInterface.php27
-rw-r--r--library/oauth2/src/OAuth2/OpenID/ResponseType/CodeIdToken.php24
-rw-r--r--library/oauth2/src/OAuth2/OpenID/ResponseType/CodeIdTokenInterface.php9
-rw-r--r--library/oauth2/src/OAuth2/OpenID/ResponseType/IdToken.php124
-rw-r--r--library/oauth2/src/OAuth2/OpenID/ResponseType/IdTokenInterface.php29
-rw-r--r--library/oauth2/src/OAuth2/OpenID/ResponseType/IdTokenToken.php27
-rw-r--r--library/oauth2/src/OAuth2/OpenID/ResponseType/IdTokenTokenInterface.php9
-rw-r--r--library/oauth2/src/OAuth2/OpenID/Storage/AuthorizationCodeInterface.php37
-rw-r--r--library/oauth2/src/OAuth2/OpenID/Storage/UserClaimsInterface.php38
-rw-r--r--library/oauth2/src/OAuth2/Request.php213
-rw-r--r--library/oauth2/src/OAuth2/RequestInterface.php16
-rw-r--r--library/oauth2/src/OAuth2/Response.php369
-rw-r--r--library/oauth2/src/OAuth2/ResponseInterface.php24
-rw-r--r--library/oauth2/src/OAuth2/ResponseType/AccessToken.php194
-rw-r--r--library/oauth2/src/OAuth2/ResponseType/AccessTokenInterface.php34
-rw-r--r--library/oauth2/src/OAuth2/ResponseType/AuthorizationCode.php100
-rw-r--r--library/oauth2/src/OAuth2/ResponseType/AuthorizationCodeInterface.php30
-rw-r--r--library/oauth2/src/OAuth2/ResponseType/JwtAccessToken.php124
-rw-r--r--library/oauth2/src/OAuth2/ResponseType/ResponseTypeInterface.php8
-rw-r--r--library/oauth2/src/OAuth2/Scope.php103
-rw-r--r--library/oauth2/src/OAuth2/ScopeInterface.php40
-rw-r--r--library/oauth2/src/OAuth2/Server.php832
-rw-r--r--library/oauth2/src/OAuth2/Storage/AccessTokenInterface.php64
-rw-r--r--library/oauth2/src/OAuth2/Storage/AuthorizationCodeInterface.php86
-rw-r--r--library/oauth2/src/OAuth2/Storage/Cassandra.php480
-rw-r--r--library/oauth2/src/OAuth2/Storage/ClientCredentialsInterface.php49
-rw-r--r--library/oauth2/src/OAuth2/Storage/ClientInterface.php66
-rwxr-xr-xlibrary/oauth2/src/OAuth2/Storage/CouchbaseDB.php331
-rw-r--r--library/oauth2/src/OAuth2/Storage/DynamoDB.php540
-rw-r--r--library/oauth2/src/OAuth2/Storage/JwtAccessToken.php88
-rw-r--r--library/oauth2/src/OAuth2/Storage/JwtAccessTokenInterface.php14
-rw-r--r--library/oauth2/src/OAuth2/Storage/JwtBearerInterface.php74
-rw-r--r--library/oauth2/src/OAuth2/Storage/Memory.php381
-rw-r--r--library/oauth2/src/OAuth2/Storage/Mongo.php339
-rw-r--r--library/oauth2/src/OAuth2/Storage/Pdo.php553
-rw-r--r--library/oauth2/src/OAuth2/Storage/PublicKeyInterface.php16
-rw-r--r--library/oauth2/src/OAuth2/Storage/Redis.php321
-rw-r--r--library/oauth2/src/OAuth2/Storage/RefreshTokenInterface.php82
-rw-r--r--library/oauth2/src/OAuth2/Storage/ScopeInterface.php46
-rw-r--r--library/oauth2/src/OAuth2/Storage/UserCredentialsInterface.php52
-rw-r--r--library/oauth2/src/OAuth2/TokenType/Bearer.php130
-rw-r--r--library/oauth2/src/OAuth2/TokenType/Mac.php22
-rw-r--r--library/oauth2/src/OAuth2/TokenType/TokenTypeInterface.php21
-rw-r--r--library/oauth2/test/OAuth2/AutoloadTest.php16
-rw-r--r--library/oauth2/test/OAuth2/Controller/AuthorizeControllerTest.php492
-rw-r--r--library/oauth2/test/OAuth2/Controller/ResourceControllerTest.php175
-rw-r--r--library/oauth2/test/OAuth2/Controller/TokenControllerTest.php289
-rw-r--r--library/oauth2/test/OAuth2/Encryption/FirebaseJwtTest.php102
-rw-r--r--library/oauth2/test/OAuth2/Encryption/JwtTest.php102
-rw-r--r--library/oauth2/test/OAuth2/GrantType/AuthorizationCodeTest.php207
-rw-r--r--library/oauth2/test/OAuth2/GrantType/ClientCredentialsTest.php159
-rw-r--r--library/oauth2/test/OAuth2/GrantType/ImplicitTest.php143
-rw-r--r--library/oauth2/test/OAuth2/GrantType/JwtBearerTest.php360
-rw-r--r--library/oauth2/test/OAuth2/GrantType/RefreshTokenTest.php204
-rw-r--r--library/oauth2/test/OAuth2/GrantType/UserCredentialsTest.php172
-rw-r--r--library/oauth2/test/OAuth2/OpenID/Controller/AuthorizeControllerTest.php182
-rw-r--r--library/oauth2/test/OAuth2/OpenID/Controller/UserInfoControllerTest.php44
-rw-r--r--library/oauth2/test/OAuth2/OpenID/GrantType/AuthorizationCodeTest.php57
-rw-r--r--library/oauth2/test/OAuth2/OpenID/ResponseType/CodeIdTokenTest.php182
-rw-r--r--library/oauth2/test/OAuth2/OpenID/ResponseType/IdTokenTest.php184
-rw-r--r--library/oauth2/test/OAuth2/OpenID/ResponseType/IdTokenTokenTest.php91
-rw-r--r--library/oauth2/test/OAuth2/OpenID/Storage/AuthorizationCodeTest.php95
-rw-r--r--library/oauth2/test/OAuth2/OpenID/Storage/UserClaimsTest.php41
-rw-r--r--library/oauth2/test/OAuth2/RequestTest.php98
-rw-r--r--library/oauth2/test/OAuth2/ResponseTest.php17
-rw-r--r--library/oauth2/test/OAuth2/ResponseType/AccessTokenTest.php107
-rw-r--r--library/oauth2/test/OAuth2/ResponseType/JwtAccessTokenTest.php160
-rw-r--r--library/oauth2/test/OAuth2/ScopeTest.php42
-rw-r--r--library/oauth2/test/OAuth2/ServerTest.php684
-rw-r--r--library/oauth2/test/OAuth2/Storage/AccessTokenTest.php102
-rw-r--r--library/oauth2/test/OAuth2/Storage/AuthorizationCodeTest.php106
-rw-r--r--library/oauth2/test/OAuth2/Storage/ClientCredentialsTest.php28
-rw-r--r--library/oauth2/test/OAuth2/Storage/ClientTest.php110
-rw-r--r--library/oauth2/test/OAuth2/Storage/DynamoDBTest.php40
-rw-r--r--library/oauth2/test/OAuth2/Storage/JwtAccessTokenTest.php41
-rw-r--r--library/oauth2/test/OAuth2/Storage/JwtBearerTest.php25
-rw-r--r--library/oauth2/test/OAuth2/Storage/PdoTest.php39
-rw-r--r--library/oauth2/test/OAuth2/Storage/PublicKeyTest.php29
-rw-r--r--library/oauth2/test/OAuth2/Storage/RefreshTokenTest.php41
-rw-r--r--library/oauth2/test/OAuth2/Storage/ScopeTest.php53
-rw-r--r--library/oauth2/test/OAuth2/Storage/UserCredentialsTest.php40
-rw-r--r--library/oauth2/test/OAuth2/TokenType/BearerTest.php58
-rw-r--r--library/oauth2/test/bootstrap.php12
-rw-r--r--library/oauth2/test/cleanup.php15
-rw-r--r--library/oauth2/test/config/keys/id_rsa15
-rw-r--r--library/oauth2/test/config/keys/id_rsa.pub16
-rw-r--r--library/oauth2/test/config/storage.json181
-rw-r--r--library/oauth2/test/lib/OAuth2/Request/TestRequest.php61
-rwxr-xr-xlibrary/oauth2/test/lib/OAuth2/Storage/BaseTest.php34
-rwxr-xr-xlibrary/oauth2/test/lib/OAuth2/Storage/Bootstrap.php888
-rw-r--r--library/oauth2/test/lib/OAuth2/Storage/NullStorage.php32
175 files changed, 913 insertions, 16087 deletions
diff --git a/library/blueimp_upload/.gitignore b/library/blueimp_upload/.gitignore
deleted file mode 100644
index 29a41a8c4..000000000
--- a/library/blueimp_upload/.gitignore
+++ /dev/null
@@ -1,3 +0,0 @@
-.DS_Store
-*.pyc
-node_modules
diff --git a/library/blueimp_upload/.jshintrc b/library/blueimp_upload/.jshintrc
deleted file mode 100644
index 4ad82e664..000000000
--- a/library/blueimp_upload/.jshintrc
+++ /dev/null
@@ -1,81 +0,0 @@
-{
- "bitwise" : true, // true: Prohibit bitwise operators (&, |, ^, etc.)
- "camelcase" : true, // true: Identifiers must be in camelCase
- "curly" : true, // true: Require {} for every new block or scope
- "eqeqeq" : true, // true: Require triple equals (===) for comparison
- "forin" : true, // true: Require filtering for..in loops with obj.hasOwnProperty()
- "immed" : true, // true: Require immediate invocations to be wrapped in parens
- // e.g. `(function () { } ());`
- "indent" : 4, // {int} Number of spaces to use for indentation
- "latedef" : true, // true: Require variables/functions to be defined before being used
- "newcap" : true, // true: Require capitalization of all constructor functions e.g. `new F()`
- "noarg" : true, // true: Prohibit use of `arguments.caller` and `arguments.callee`
- "noempty" : true, // true: Prohibit use of empty blocks
- "nonew" : true, // true: Prohibit use of constructors for side-effects (without assignment)
- "plusplus" : false, // true: Prohibit use of `++` & `--`
- "quotmark" : "single", // Quotation mark consistency:
- // false : do nothing (default)
- // true : ensure whatever is used is consistent
- // "single" : require single quotes
- // "double" : require double quotes
- "undef" : true, // true: Require all non-global variables to be declared (prevents global leaks)
- "unused" : true, // true: Require all defined variables be used
- "strict" : true, // true: Requires all functions run in ES5 Strict Mode
- "trailing" : true, // true: Prohibit trailing whitespaces
- "maxparams" : false, // {int} Max number of formal params allowed per function
- "maxdepth" : false, // {int} Max depth of nested blocks (within functions)
- "maxstatements" : false, // {int} Max number statements per function
- "maxcomplexity" : false, // {int} Max cyclomatic complexity per function
- "maxlen" : false, // {int} Max number of characters per line
-
- // Relaxing
- "asi" : false, // true: Tolerate Automatic Semicolon Insertion (no semicolons)
- "boss" : false, // true: Tolerate assignments where comparisons would be expected
- "debug" : false, // true: Allow debugger statements e.g. browser breakpoints.
- "eqnull" : false, // true: Tolerate use of `== null`
- "es5" : false, // true: Allow ES5 syntax (ex: getters and setters)
- "esnext" : false, // true: Allow ES.next (ES6) syntax (ex: `const`)
- "moz" : false, // true: Allow Mozilla specific syntax (extends and overrides esnext features)
- // (ex: `for each`, multiple try/catch, function expression…)
- "evil" : false, // true: Tolerate use of `eval` and `new Function()`
- "expr" : false, // true: Tolerate `ExpressionStatement` as Programs
- "funcscope" : false, // true: Tolerate defining variables inside control statements"
- "globalstrict" : false, // true: Allow global "use strict" (also enables 'strict')
- "iterator" : false, // true: Tolerate using the `__iterator__` property
- "lastsemic" : false, // true: Tolerate omitting a semicolon for the last statement of a 1-line block
- "laxbreak" : false, // true: Tolerate possibly unsafe line breakings
- "laxcomma" : false, // true: Tolerate comma-first style coding
- "loopfunc" : false, // true: Tolerate functions being defined in loops
- "multistr" : false, // true: Tolerate multi-line strings
- "proto" : false, // true: Tolerate using the `__proto__` property
- "scripturl" : false, // true: Tolerate script-targeted URLs
- "smarttabs" : false, // true: Tolerate mixed tabs/spaces when used for alignment
- "shadow" : false, // true: Allows re-define variables later in code e.g. `var x=1; x=2;`
- "sub" : false, // true: Tolerate using `[]` notation when it can still be expressed in dot notation
- "supernew" : false, // true: Tolerate `new function () { ... };` and `new Object;`
- "validthis" : false, // true: Tolerate using this in a non-constructor function
-
- // Environments
- "browser" : false, // Web Browser (window, document, etc)
- "couch" : false, // CouchDB
- "devel" : false, // Development/debugging (alert, confirm, etc)
- "dojo" : false, // Dojo Toolkit
- "jquery" : false, // jQuery
- "mootools" : false, // MooTools
- "node" : false, // Node.js
- "nonstandard" : false, // Widely adopted globals (escape, unescape, etc)
- "prototypejs" : false, // Prototype and Scriptaculous
- "rhino" : false, // Rhino
- "worker" : false, // Web Workers
- "wsh" : false, // Windows Scripting Host
- "yui" : false, // Yahoo User Interface
-
- // Legacy
- "nomen" : true, // true: Prohibit dangling `_` in variables
- "onevar" : true, // true: Allow only one `var` statement per function
- "passfail" : false, // true: Stop on first error
- "white" : true, // true: Check against strict whitespace and indentation rules
-
- // Custom Globals
- "globals" : {} // additional predefined global variables
-}
diff --git a/library/blueimp_upload/CONTRIBUTING.md b/library/blueimp_upload/CONTRIBUTING.md
index b8708f8b6..e182f9b37 100644
--- a/library/blueimp_upload/CONTRIBUTING.md
+++ b/library/blueimp_upload/CONTRIBUTING.md
@@ -1,42 +1,15 @@
-# Issue Guidelines
+Please follow these pull request guidelines:
-The issues tracker should only be used for **bugs** or **feature requests**.
-
-Please post **support requests** and **general discussions** about this project to the [support forum](https://groups.google.com/d/forum/jquery-fileupload).
-
-## Bugs
-
-Please follow these guidelines before reporting a bug:
-
-1. **Update to the latest version** — Check if you can reproduce the issue with the latest version from the `master` branch.
-
-2. **Use the GitHub issue search** — check if the issue has already been reported. If it has been, please comment on the existing issue.
-
-3. **Isolate the demonstrable problem** — Try to reproduce the problem with the [Demo](https://blueimp.github.io/jQuery-File-Upload/) or with a reduced test case that includes the least amount of code necessary to reproduce the problem.
-
-4. **Provide a means to reproduce the problem** — Please provide as much details as possible, e.g. server information, browser and operating system versions, steps to reproduce the problem. If possible, provide a link to your reduced test case, e.g. via [JSFiddle](http://jsfiddle.net/).
-
-
-## Feature requests
-
-Please follow the bug guidelines above for feature requests, i.e. update to the latest version and search for exising issues before posting a new request.
-
-Generally, feature requests might be accepted if the implementation would benefit a broader use case or the project could be considered incomplete without that feature.
-
-If you need help integrating this project into another framework, please post your request to the [support forum](https://groups.google.com/d/forum/jquery-fileupload).
-
-## Pull requests
-
-[Pull requests](https://help.github.com/articles/using-pull-requests) are welcome and the preferred way of accepting code contributions.
+1. Update your fork to the latest upstream version.
-However, if you add a server-side upload handler implementation for another framework, please continue to maintain this version in your own fork without sending a pull request. You are welcome to add a link and possibly documentation about your implementation to the [Wiki](https://github.com/blueimp/jQuery-File-Upload/wiki).
+2. Follow the coding conventions of the original source files (indentation, spaces, brackets layout).
-Please follow these guidelines before sending a pull request:
+3. Code changes must pass JSHint validation with the `.jshintrc` settings of this project.
-1. Update your fork to the latest upstream version.
+4. Code changes must pass the QUnit tests defined in the `test` folder.
-2. Follow the coding conventions of the original repository. Changes to one of the JavaScript source files are required to pass the [JSHint](http://www.jshint.com/) validation tool.
+5. New features should be covered by accompanying QUnit tests.
-3. Keep your commits as atomar as possible, i.e. create a new commit for every single bug fix or feature added.
+6. Keep your commits as atomic as possible, i.e. create a new commit for every single bug fix or feature added.
-4. Always add meaningfull commit messages.
+7. Always add meaningful commit messages.
diff --git a/library/blueimp_upload/Gruntfile.js b/library/blueimp_upload/Gruntfile.js
deleted file mode 100644
index dcdb5d57a..000000000
--- a/library/blueimp_upload/Gruntfile.js
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- * jQuery File Upload Gruntfile
- * https://github.com/blueimp/jQuery-File-Upload
- *
- * Copyright 2013, Sebastian Tschan
- * https://blueimp.net
- *
- * Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
- */
-
-/*global module */
-
-module.exports = function (grunt) {
- 'use strict';
-
- grunt.initConfig({
- jshint: {
- options: {
- jshintrc: '.jshintrc'
- },
- all: [
- 'Gruntfile.js',
- 'js/cors/*.js',
- 'js/*.js',
- 'server/node/server.js',
- 'test/test.js'
- ]
- }
- });
-
- grunt.loadNpmTasks('grunt-contrib-jshint');
- grunt.loadNpmTasks('grunt-bump-build-git');
- grunt.registerTask('test', ['jshint']);
- grunt.registerTask('default', ['test']);
-
-};
diff --git a/library/blueimp_upload/LICENSE b/library/blueimp_upload/LICENSE
new file mode 100644
index 000000000..0ecca3e8c
--- /dev/null
+++ b/library/blueimp_upload/LICENSE
@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 jQuery-File-Upload Authors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/library/blueimp_upload/README.md b/library/blueimp_upload/README.md
index 3aa33de42..56785b847 100644
--- a/library/blueimp_upload/README.md
+++ b/library/blueimp_upload/README.md
@@ -11,17 +11,6 @@ Supports cross-domain, chunked and resumable file uploads and client-side image
* [How to setup the plugin on your website](https://github.com/blueimp/jQuery-File-Upload/wiki/Setup)
* [How to use only the basic plugin (minimal setup guide).](https://github.com/blueimp/jQuery-File-Upload/wiki/Basic-plugin)
-## Support
-
-* **[Support Forum](https://groups.google.com/d/forum/jquery-fileupload)**
-**Support requests** and **general discussions** about the File Upload plugin can be posted to the official
-[Support Forum](https://groups.google.com/d/forum/jquery-fileupload).
-If your question is not directly related to the File Upload plugin, you might have a better chance to get a reply by posting to [Stack Overflow](http://stackoverflow.com/questions/tagged/blueimp+jquery+file-upload).
-
-* Bugs and Feature requests
-**Bugs** and **Feature requests** can be reported using the [issues tracker](https://github.com/blueimp/jQuery-File-Upload/issues).
-Please read the [issue guidelines](https://github.com/blueimp/jQuery-File-Upload/blob/master/CONTRIBUTING.md) before posting.
-
## Features
* **Multiple file upload:**
Allows to select multiple files at once and upload them simultaneously.
@@ -60,28 +49,18 @@ Please read the [issue guidelines](https://github.com/blueimp/jQuery-File-Upload
### Mandatory requirements
* [jQuery](https://jquery.com/) v. 1.6+
-* [jQuery UI widget factory](https://api.jqueryui.com/jQuery.widget/) v. 1.9+ (included)
-* [jQuery Iframe Transport plugin](https://github.com/blueimp/jQuery-File-Upload/blob/master/js/jquery.iframe-transport.js) (included)
-
-The jQuery UI widget factory is a requirement for the basic File Upload plugin, but very lightweight without any other dependencies from the jQuery UI suite.
-
-The jQuery Iframe Transport is required for [browsers without XHR file upload support](https://github.com/blueimp/jQuery-File-Upload/wiki/Browser-support).
+* [jQuery UI widget factory](https://api.jqueryui.com/jQuery.widget/) v. 1.9+ (included): Required for the basic File Upload plugin, but very lightweight without any other dependencies from the jQuery UI suite.
+* [jQuery Iframe Transport plugin](https://github.com/blueimp/jQuery-File-Upload/blob/master/js/jquery.iframe-transport.js) (included): Required for [browsers without XHR file upload support](https://github.com/blueimp/jQuery-File-Upload/wiki/Browser-support).
### Optional requirements
-* [JavaScript Templates engine](https://github.com/blueimp/JavaScript-Templates) v. 2.5.4+
-* [JavaScript Load Image library](https://github.com/blueimp/JavaScript-Load-Image) v. 1.13.0+
-* [JavaScript Canvas to Blob polyfill](https://github.com/blueimp/JavaScript-Canvas-to-Blob) v. 2.1.1+
-* [blueimp Gallery](https://github.com/blueimp/Gallery) v. 2.15.1+
-* [Bootstrap CSS framework](http://getbootstrap.com/) v. 3.2.0+
+* [JavaScript Templates engine](https://github.com/blueimp/JavaScript-Templates) v. 2.5.4+: Used to render the selected and uploaded files for the Basic Plus UI and jQuery UI versions.
+* [JavaScript Load Image library](https://github.com/blueimp/JavaScript-Load-Image) v. 1.13.0+: Required for the image previews and resizing functionality.
+* [JavaScript Canvas to Blob polyfill](https://github.com/blueimp/JavaScript-Canvas-to-Blob) v. 2.1.1+:Required for the image previews and resizing functionality.
+* [blueimp Gallery](https://github.com/blueimp/Gallery) v. 2.15.1+: Used to display the uploaded images in a lightbox.
+* [Bootstrap](http://getbootstrap.com/) v. 3.2.0+
* [Glyphicons](http://glyphicons.com/)
-The JavaScript Templates engine is used to render the selected and uploaded files for the Basic Plus UI and jQuery UI versions.
-
-The JavaScript Load Image library and JavaScript Canvas to Blob polyfill are required for the image previews and resizing functionality.
-
-The blueimp Gallery is used to display the uploaded images in a lightbox.
-
-The user interface of all versions except the jQuery UI version is built with Twitter's [Bootstrap](http://getbootstrap.com/) framework and icons from [Glyphicons](http://glyphicons.com/).
+The user interface of all versions except the jQuery UI version is built with [Bootstrap](http://getbootstrap.com/) and icons from [Glyphicons](http://glyphicons.com/).
### Cross-domain requirements
[Cross-domain File Uploads](https://github.com/blueimp/jQuery-File-Upload/wiki/Cross-domain-uploads) using the [Iframe Transport plugin](https://github.com/blueimp/jQuery-File-Upload/blob/master/js/jquery.iframe-transport.js) require a redirect back to the origin server to retrieve the upload results. The [example implementation](https://github.com/blueimp/jQuery-File-Upload/blob/master/js/main.js) makes use of [result.html](https://github.com/blueimp/jQuery-File-Upload/blob/master/cors/result.html) as a static redirect page for the origin server.
@@ -89,6 +68,10 @@ The user interface of all versions except the jQuery UI version is built with Tw
The repository also includes the [jQuery XDomainRequest Transport plugin](https://github.com/blueimp/jQuery-File-Upload/blob/master/js/cors/jquery.xdr-transport.js), which enables limited cross-domain AJAX requests in Microsoft Internet Explorer 8 and 9 (IE 10 supports cross-domain XHR requests).
The XDomainRequest object allows GET and POST requests only and doesn't support file uploads. It is used on the [Demo](https://blueimp.github.io/jQuery-File-Upload/) to delete uploaded files from the cross-domain demo file upload service.
+### Custom Backends
+
+You can add support for various backends by adhering to the specification [outlined here](https://github.com/blueimp/jQuery-File-Upload/wiki/JSON-Response).
+
## Browsers
### Desktop browsers
@@ -110,14 +93,15 @@ The File Upload plugin has been tested with and supports the following mobile br
* Opera Mobile 12.0+
### Supported features
-For a detailed overview of the features supported by each browser version please have a look at the [Extended browser support information](https://github.com/blueimp/jQuery-File-Upload/wiki/Browser-support).
+For a detailed overview of the features supported by each browser version, please have a look at the [Extended browser support information](https://github.com/blueimp/jQuery-File-Upload/wiki/Browser-support).
-## License
-Released under the [MIT license](http://www.opensource.org/licenses/MIT).
+## Contributing
+**Bug fixes** and **new features** can be proposed using [pull requests](https://github.com/blueimp/jQuery-File-Upload/pulls).
+Please read the [contribution guidelines](https://github.com/blueimp/jQuery-File-Upload/blob/master/CONTRIBUTING.md) before submitting a pull request.
-## Donations
-jQuery File Upload is free software, but you can donate to support the developer, Sebastian Tschan:
-
-Flattr: [![Flattr](https://api.flattr.com/button/flattr-badge-large.png)](https://flattr.com/thing/286433/jQuery-File-Upload-Plugin)
+## Support
+This project is actively maintained, but there is no official support channel.
+If you have a question that another developer might help you with, please post to [Stack Overflow](http://stackoverflow.com/questions/tagged/blueimp+jquery+file-upload) and tag your question with `blueimp jquery file upload`.
-PayPal: [![PayPal](https://www.paypalobjects.com/WEBSCR-640-20110429-1/en_US/i/btn/btn_donateCC_LG.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=PYWYSYP77KL54)
+## License
+Released under the [MIT license](https://opensource.org/licenses/MIT).
diff --git a/library/blueimp_upload/angularjs.html b/library/blueimp_upload/angularjs.html
index 2a3ca2007..4858c8600 100644
--- a/library/blueimp_upload/angularjs.html
+++ b/library/blueimp_upload/angularjs.html
@@ -1,14 +1,14 @@
<!DOCTYPE HTML>
<!--
/*
- * jQuery File Upload Plugin AngularJS Demo 2.2.0
+ * jQuery File Upload Plugin AngularJS Demo
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2013, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
+ * https://opensource.org/licenses/MIT
*/
-->
<html lang="en">
@@ -157,9 +157,9 @@
</div>
<div class="panel-body">
<ul>
- <li>The maximum file size for uploads in this demo is <strong>5 MB</strong> (default file size is unlimited).</li>
+ <li>The maximum file size for uploads in this demo is <strong>999 KB</strong> (default file size is unlimited).</li>
<li>Only image files (<strong>JPG, GIF, PNG</strong>) are allowed in this demo (by default there is no file type restriction).</li>
- <li>Uploaded files will be deleted automatically after <strong>5 minutes</strong> (demo setting).</li>
+ <li>Uploaded files will be deleted automatically after <strong>5 minutes or less</strong> (demo files are stored in memory).</li>
<li>You can <strong>drag &amp; drop</strong> files from your desktop on this webpage (see <a href="https://github.com/blueimp/jQuery-File-Upload/wiki/Browser-support">Browser support</a>).</li>
<li>Please refer to the <a href="https://github.com/blueimp/jQuery-File-Upload">project website</a> and <a href="https://github.com/blueimp/jQuery-File-Upload/wiki">documentation</a> for more information.</li>
<li>Built with the <a href="http://getbootstrap.com/">Bootstrap</a> CSS framework and Icons from <a href="http://glyphicons.com/">Glyphicons</a>.</li>
@@ -177,8 +177,8 @@
<a class="play-pause"></a>
<ol class="indicator"></ol>
</div>
-<script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
-<script src="//ajax.googleapis.com/ajax/libs/angularjs/1.2.23/angular.min.js"></script>
+<script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
+<script src="//ajax.googleapis.com/ajax/libs/angularjs/1.3.15/angular.min.js"></script>
<!-- The jQuery UI widget factory, can be omitted if jQuery UI is already included -->
<script src="js/vendor/jquery.ui.widget.js"></script>
<!-- The Load Image plugin is included for the preview images and image resizing functionality -->
@@ -207,5 +207,5 @@
<script src="js/jquery.fileupload-angular.js"></script>
<!-- The main application script -->
<script src="js/app.js"></script>
-</body>
+</body>
</html>
diff --git a/library/blueimp_upload/basic-plus.html b/library/blueimp_upload/basic-plus.html
index 59b73b60c..9e5c2321f 100644
--- a/library/blueimp_upload/basic-plus.html
+++ b/library/blueimp_upload/basic-plus.html
@@ -1,14 +1,14 @@
<!DOCTYPE HTML>
<!--
/*
- * jQuery File Upload Plugin Basic Plus Demo 1.4.0
+ * jQuery File Upload Plugin Basic Plus Demo
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2013, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
+ * https://opensource.org/licenses/MIT
*/
-->
<html lang="en">
@@ -86,9 +86,9 @@
</div>
<div class="panel-body">
<ul>
- <li>The maximum file size for uploads in this demo is <strong>5 MB</strong> (default file size is unlimited).</li>
+ <li>The maximum file size for uploads in this demo is <strong>999 KB</strong> (default file size is unlimited).</li>
<li>Only image files (<strong>JPG, GIF, PNG</strong>) are allowed in this demo (by default there is no file type restriction).</li>
- <li>Uploaded files will be deleted automatically after <strong>5 minutes</strong> (demo setting).</li>
+ <li>Uploaded files will be deleted automatically after <strong>5 minutes or less</strong> (demo files are stored in memory).</li>
<li>You can <strong>drag &amp; drop</strong> files from your desktop on this webpage (see <a href="https://github.com/blueimp/jQuery-File-Upload/wiki/Browser-support">Browser support</a>).</li>
<li>Please refer to the <a href="https://github.com/blueimp/jQuery-File-Upload">project website</a> and <a href="https://github.com/blueimp/jQuery-File-Upload/wiki">documentation</a> for more information.</li>
<li>Built with the <a href="http://getbootstrap.com/">Bootstrap</a> CSS framework and Icons from <a href="http://glyphicons.com/">Glyphicons</a>.</li>
@@ -96,7 +96,7 @@
</div>
</div>
</div>
-<script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
+<script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<!-- The jQuery UI widget factory, can be omitted if jQuery UI is already included -->
<script src="js/vendor/jquery.ui.widget.js"></script>
<!-- The Load Image plugin is included for the preview images and image resizing functionality -->
@@ -150,7 +150,7 @@ $(function () {
dataType: 'json',
autoUpload: false,
acceptFileTypes: /(\.|\/)(gif|jpe?g|png)$/i,
- maxFileSize: 5000000, // 5 MB
+ maxFileSize: 999000,
// Enable image resizing, except for Android and Opera,
// which actually support image resizing, but fail to
// send Blob objects via XHR requests:
@@ -222,5 +222,5 @@ $(function () {
.parent().addClass($.support.fileInput ? undefined : 'disabled');
});
</script>
-</body>
+</body>
</html>
diff --git a/library/blueimp_upload/basic.html b/library/blueimp_upload/basic.html
index f248f4d80..c0df639b4 100644
--- a/library/blueimp_upload/basic.html
+++ b/library/blueimp_upload/basic.html
@@ -1,14 +1,14 @@
<!DOCTYPE HTML>
<!--
/*
- * jQuery File Upload Plugin Basic Demo 1.3.0
+ * jQuery File Upload Plugin Basic Demo
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2013, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
+ * https://opensource.org/licenses/MIT
*/
-->
<html lang="en">
@@ -86,17 +86,17 @@
</div>
<div class="panel-body">
<ul>
- <li>The maximum file size for uploads in this demo is <strong>5 MB</strong> (default file size is unlimited).</li>
+ <li>The maximum file size for uploads in this demo is <strong>999 KB</strong> (default file size is unlimited).</li>
<li>Only image files (<strong>JPG, GIF, PNG</strong>) are allowed in this demo (by default there is no file type restriction).</li>
- <li>Uploaded files will be deleted automatically after <strong>5 minutes</strong> (demo setting).</li>
+ <li>Uploaded files will be deleted automatically after <strong>5 minutes or less</strong> (demo files are stored in memory).</li>
<li>You can <strong>drag &amp; drop</strong> files from your desktop on this webpage (see <a href="https://github.com/blueimp/jQuery-File-Upload/wiki/Browser-support">Browser support</a>).</li>
<li>Please refer to the <a href="https://github.com/blueimp/jQuery-File-Upload">project website</a> and <a href="https://github.com/blueimp/jQuery-File-Upload/wiki">documentation</a> for more information.</li>
- <li>Built with Twitter's <a href="http://twitter.github.com/bootstrap/">Bootstrap</a> CSS framework and Icons from <a href="http://glyphicons.com/">Glyphicons</a>.</li>
+ <li>Built with the <a href="http://getbootstrap.com/">Bootstrap</a> CSS framework and Icons from <a href="http://glyphicons.com/">Glyphicons</a>.</li>
</ul>
</div>
</div>
</div>
-<script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
+<script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<!-- The jQuery UI widget factory, can be omitted if jQuery UI is already included -->
<script src="js/vendor/jquery.ui.widget.js"></script>
<!-- The Iframe Transport is required for browsers without support for XHR file uploads -->
@@ -132,5 +132,5 @@ $(function () {
.parent().addClass($.support.fileInput ? undefined : 'disabled');
});
</script>
-</body>
+</body>
</html>
diff --git a/library/blueimp_upload/blueimp-file-upload.jquery.json b/library/blueimp_upload/blueimp-file-upload.jquery.json
deleted file mode 100644
index d6d8c911c..000000000
--- a/library/blueimp_upload/blueimp-file-upload.jquery.json
+++ /dev/null
@@ -1,50 +0,0 @@
-{
- "name": "blueimp-file-upload",
- "version": "9.8.0",
- "title": "jQuery File Upload",
- "author": {
- "name": "Sebastian Tschan",
- "url": "https://blueimp.net"
- },
- "licenses": [
- {
- "type": "MIT",
- "url": "http://www.opensource.org/licenses/MIT"
- }
- ],
- "dependencies": {
- "jquery": ">=1.6"
- },
- "description": "File Upload widget with multiple file selection, drag&amp;drop support, progress bar, validation and preview images, audio and video for jQuery. Supports cross-domain, chunked and resumable file uploads. Works with any server-side platform (Google App Engine, PHP, Python, Ruby on Rails, Java, etc.) that supports standard HTML form file uploads.",
- "keywords": [
- "jquery",
- "file",
- "upload",
- "widget",
- "multiple",
- "selection",
- "drag",
- "drop",
- "progress",
- "preview",
- "cross-domain",
- "cross-site",
- "chunk",
- "resume",
- "gae",
- "go",
- "python",
- "php",
- "bootstrap"
- ],
- "homepage": "https://github.com/blueimp/jQuery-File-Upload",
- "docs": "https://github.com/blueimp/jQuery-File-Upload/wiki",
- "demo": "https://blueimp.github.io/jQuery-File-Upload/",
- "bugs": "https://github.com/blueimp/jQuery-File-Upload/issues",
- "maintainers": [
- {
- "name": "Sebastian Tschan",
- "url": "https://blueimp.net"
- }
- ]
-}
diff --git a/library/blueimp_upload/bower-version-update.js b/library/blueimp_upload/bower-version-update.js
new file mode 100755
index 000000000..09ce3927e
--- /dev/null
+++ b/library/blueimp_upload/bower-version-update.js
@@ -0,0 +1,16 @@
+#!/usr/bin/env node
+
+'use strict';
+
+var path = require('path');
+var packageJSON = require(path.join(__dirname, 'package.json'));
+var bowerFile = path.join(__dirname, 'bower.json');
+var bowerJSON = require('bower-json').parse(
+ require(bowerFile),
+ {normalize: true}
+);
+bowerJSON.version = packageJSON.version;
+require('fs').writeFileSync(
+ bowerFile,
+ JSON.stringify(bowerJSON, null, 2) + '\n'
+);
diff --git a/library/blueimp_upload/bower.json b/library/blueimp_upload/bower.json
index c0d3d3259..90c74c792 100644
--- a/library/blueimp_upload/bower.json
+++ b/library/blueimp_upload/bower.json
@@ -1,8 +1,8 @@
{
"name": "blueimp-file-upload",
- "version": "9.8.0",
+ "version": "9.18.0",
"title": "jQuery File Upload",
- "description": "File Upload widget with multiple file selection, drag&amp;drop support, progress bar, validation and preview images, audio and video for jQuery. Supports cross-domain, chunked and resumable file uploads. Works with any server-side platform (Google App Engine, PHP, Python, Ruby on Rails, Java, etc.) that supports standard HTML form file uploads.",
+ "description": "File Upload widget with multiple file selection, drag&amp;drop support, progress bar, validation and preview images.",
"keywords": [
"jquery",
"file",
@@ -40,12 +40,7 @@
"url": "git://github.com/blueimp/jQuery-File-Upload.git"
},
"bugs": "https://github.com/blueimp/jQuery-File-Upload/issues",
- "licenses": [
- {
- "type": "MIT",
- "url": "http://www.opensource.org/licenses/MIT"
- }
- ],
+ "license": "MIT",
"dependencies": {
"jquery": ">=1.6",
"blueimp-tmpl": ">=2.5.4",
@@ -53,23 +48,7 @@
"blueimp-canvas-to-blob": ">=2.1.1"
},
"main": [
- "css/jquery.fileupload.css",
- "css/jquery.fileupload-ui.css",
- "css/jquery.fileupload-noscript.css",
- "css/jquery.fileupload-ui-noscript.css",
- "js/cors/jquery.postmessage-transport.js",
- "js/cors/jquery.xdr-transport.js",
- "js/vendor/jquery.ui.widget.js",
- "js/jquery.fileupload.js",
- "js/jquery.fileupload-process.js",
- "js/jquery.fileupload-validate.js",
- "js/jquery.fileupload-image.js",
- "js/jquery.fileupload-audio.js",
- "js/jquery.fileupload-video.js",
- "js/jquery.fileupload-ui.js",
- "js/jquery.fileupload-jquery-ui.js",
- "js/jquery.fileupload-angular.js",
- "js/jquery.iframe-transport.js"
+ "js/jquery.fileupload.js"
],
"ignore": [
"/*.*",
diff --git a/library/blueimp_upload/cors/postmessage.html b/library/blueimp_upload/cors/postmessage.html
index 3d1448f08..6db288cf9 100644
--- a/library/blueimp_upload/cors/postmessage.html
+++ b/library/blueimp_upload/cors/postmessage.html
@@ -1,14 +1,14 @@
<!DOCTYPE HTML>
<!--
/*
- * jQuery File Upload Plugin postMessage API 1.2.1
+ * jQuery File Upload Plugin postMessage API
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2011, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
+ * https://opensource.org/licenses/MIT
*/
-->
<html lang="en">
@@ -72,4 +72,4 @@ $(window).on('message', function (e) {
});
</script>
</body>
-</html> \ No newline at end of file
+</html>
diff --git a/library/blueimp_upload/cors/result.html b/library/blueimp_upload/cors/result.html
index 225131495..e3d629814 100644
--- a/library/blueimp_upload/cors/result.html
+++ b/library/blueimp_upload/cors/result.html
@@ -1,14 +1,14 @@
<!DOCTYPE HTML>
<!--
/*
- * jQuery Iframe Transport Plugin Redirect Page 2.0.1
+ * jQuery Iframe Transport Plugin Redirect Page
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2010, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
+ * https://opensource.org/licenses/MIT
*/
-->
<html lang="en">
diff --git a/library/blueimp_upload/css/demo-ie8.css b/library/blueimp_upload/css/demo-ie8.css
index 262493d08..e0e8ea9b0 100644
--- a/library/blueimp_upload/css/demo-ie8.css
+++ b/library/blueimp_upload/css/demo-ie8.css
@@ -1,13 +1,13 @@
@charset "UTF-8";
/*
- * jQuery File Upload Demo CSS Fixes for IE<9 1.0.0
+ * jQuery File Upload Demo CSS Fixes for IE<9
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2013, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
+ * https://opensource.org/licenses/MIT
*/
.navigation {
diff --git a/library/blueimp_upload/css/demo.css b/library/blueimp_upload/css/demo.css
index 2b4d43934..d7d524df5 100644
--- a/library/blueimp_upload/css/demo.css
+++ b/library/blueimp_upload/css/demo.css
@@ -1,13 +1,13 @@
@charset "UTF-8";
/*
- * jQuery File Upload Demo CSS 1.1.0
+ * jQuery File Upload Demo CSS
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2013, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
+ * https://opensource.org/licenses/MIT
*/
body {
diff --git a/library/blueimp_upload/css/jquery.fileupload-noscript.css b/library/blueimp_upload/css/jquery.fileupload-noscript.css
index 64d728fc3..2409bfb0a 100644
--- a/library/blueimp_upload/css/jquery.fileupload-noscript.css
+++ b/library/blueimp_upload/css/jquery.fileupload-noscript.css
@@ -1,20 +1,20 @@
@charset "UTF-8";
/*
- * jQuery File Upload Plugin NoScript CSS 1.2.0
+ * jQuery File Upload Plugin NoScript CSS
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2013, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
+ * https://opensource.org/licenses/MIT
*/
.fileinput-button input {
position: static;
opacity: 1;
filter: none;
- font-size: inherit;
+ font-size: inherit !important;
direction: inherit;
}
.fileinput-button span {
diff --git a/library/blueimp_upload/css/jquery.fileupload-ui-noscript.css b/library/blueimp_upload/css/jquery.fileupload-ui-noscript.css
index 87f110cdb..30651acf0 100644
--- a/library/blueimp_upload/css/jquery.fileupload-ui-noscript.css
+++ b/library/blueimp_upload/css/jquery.fileupload-ui-noscript.css
@@ -1,13 +1,13 @@
@charset "UTF-8";
/*
- * jQuery File Upload UI Plugin NoScript CSS 8.8.5
+ * jQuery File Upload UI Plugin NoScript CSS
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2012, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
+ * https://opensource.org/licenses/MIT
*/
.fileinput-button i,
diff --git a/library/blueimp_upload/css/jquery.fileupload-ui.css b/library/blueimp_upload/css/jquery.fileupload-ui.css
index 76fb376de..9e36c42c5 100644
--- a/library/blueimp_upload/css/jquery.fileupload-ui.css
+++ b/library/blueimp_upload/css/jquery.fileupload-ui.css
@@ -1,13 +1,13 @@
@charset "UTF-8";
/*
- * jQuery File Upload UI Plugin CSS 9.0.0
+ * jQuery File Upload UI Plugin CSS
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2010, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
+ * https://opensource.org/licenses/MIT
*/
.fileupload-buttonbar .btn,
diff --git a/library/blueimp_upload/css/jquery.fileupload.css b/library/blueimp_upload/css/jquery.fileupload.css
index fb6044d34..8ae3b09d4 100644
--- a/library/blueimp_upload/css/jquery.fileupload.css
+++ b/library/blueimp_upload/css/jquery.fileupload.css
@@ -1,18 +1,19 @@
@charset "UTF-8";
/*
- * jQuery File Upload Plugin CSS 1.3.0
+ * jQuery File Upload Plugin CSS
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2013, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
+ * https://opensource.org/licenses/MIT
*/
.fileinput-button {
position: relative;
overflow: hidden;
+ display: inline-block;
}
.fileinput-button input {
position: absolute;
@@ -21,7 +22,7 @@
margin: 0;
opacity: 0;
-ms-filter: 'alpha(opacity=0)';
- font-size: 200px;
+ font-size: 200px !important;
direction: ltr;
cursor: pointer;
}
diff --git a/library/blueimp_upload/css/style.css b/library/blueimp_upload/css/style.css
index b2c60a6f1..3aee25689 100644
--- a/library/blueimp_upload/css/style.css
+++ b/library/blueimp_upload/css/style.css
@@ -1,13 +1,13 @@
@charset "UTF-8";
/*
- * jQuery File Upload Plugin CSS Example 8.8.2
+ * jQuery File Upload Plugin CSS Example
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2013, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
+ * https://opensource.org/licenses/MIT
*/
body {
diff --git a/library/blueimp_upload/index.html b/library/blueimp_upload/index.html
index f92f04aab..2a8dc1521 100644
--- a/library/blueimp_upload/index.html
+++ b/library/blueimp_upload/index.html
@@ -1,14 +1,14 @@
<!DOCTYPE HTML>
<!--
/*
- * jQuery File Upload Plugin Demo 9.1.0
+ * jQuery File Upload Plugin Demo
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2010, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
+ * https://opensource.org/licenses/MIT
*/
-->
<html lang="en">
@@ -121,9 +121,9 @@
</div>
<div class="panel-body">
<ul>
- <li>The maximum file size for uploads in this demo is <strong>5 MB</strong> (default file size is unlimited).</li>
+ <li>The maximum file size for uploads in this demo is <strong>999 KB</strong> (default file size is unlimited).</li>
<li>Only image files (<strong>JPG, GIF, PNG</strong>) are allowed in this demo (by default there is no file type restriction).</li>
- <li>Uploaded files will be deleted automatically after <strong>5 minutes</strong> (demo setting).</li>
+ <li>Uploaded files will be deleted automatically after <strong>5 minutes or less</strong> (demo files are stored in memory).</li>
<li>You can <strong>drag &amp; drop</strong> files from your desktop on this webpage (see <a href="https://github.com/blueimp/jQuery-File-Upload/wiki/Browser-support">Browser support</a>).</li>
<li>Please refer to the <a href="https://github.com/blueimp/jQuery-File-Upload">project website</a> and <a href="https://github.com/blueimp/jQuery-File-Upload/wiki">documentation</a> for more information.</li>
<li>Built with the <a href="http://getbootstrap.com/">Bootstrap</a> CSS framework and Icons from <a href="http://glyphicons.com/">Glyphicons</a>.</li>
@@ -216,7 +216,7 @@
</tr>
{% } %}
</script>
-<script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
+<script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<!-- The jQuery UI widget factory, can be omitted if jQuery UI is already included -->
<script src="js/vendor/jquery.ui.widget.js"></script>
<!-- The Templates plugin is included to render the upload/download listings -->
@@ -251,5 +251,5 @@
<!--[if (gte IE 8)&(lt IE 10)]>
<script src="js/cors/jquery.xdr-transport.js"></script>
<![endif]-->
-</body>
+</body>
</html>
diff --git a/library/blueimp_upload/jquery-ui.html b/library/blueimp_upload/jquery-ui.html
index d61ee5233..83fe9acd1 100644
--- a/library/blueimp_upload/jquery-ui.html
+++ b/library/blueimp_upload/jquery-ui.html
@@ -1,14 +1,14 @@
<!DOCTYPE HTML>
<!--
/*
- * jQuery File Upload Plugin jQuery UI Demo 9.1.0
+ * jQuery File Upload Plugin jQuery UI Demo
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2013, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
+ * https://opensource.org/licenses/MIT
*/
-->
<html lang="en">
@@ -127,9 +127,9 @@
<br>
<h3>Demo Notes</h3>
<ul>
- <li>The maximum file size for uploads in this demo is <strong>5 MB</strong> (default file size is unlimited).</li>
+ <li>The maximum file size for uploads in this demo is <strong>999 KB</strong> (default file size is unlimited).</li>
<li>Only image files (<strong>JPG, GIF, PNG</strong>) are allowed in this demo (by default there is no file type restriction).</li>
- <li>Uploaded files will be deleted automatically after <strong>5 minutes</strong> (demo setting).</li>
+ <li>Uploaded files will be deleted automatically after <strong>5 minutes or less</strong> (demo files are stored in memory).</li>
<li>You can <strong>drag &amp; drop</strong> files from your desktop on this webpage (see <a href="https://github.com/blueimp/jQuery-File-Upload/wiki/Browser-support">Browser support</a>).</li>
<li>Please refer to the <a href="https://github.com/blueimp/jQuery-File-Upload">project website</a> and <a href="https://github.com/blueimp/jQuery-File-Upload/wiki">documentation</a> for more information.</li>
<li>Built with <a href="https://jqueryui.com">jQuery UI</a>.</li>
@@ -199,8 +199,8 @@
</tr>
{% } %}
</script>
-<script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
-<script src="//ajax.googleapis.com/ajax/libs/jqueryui/1.11.1/jquery-ui.min.js"></script>
+<script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
+<script src="//ajax.googleapis.com/ajax/libs/jqueryui/1.11.4/jquery-ui.min.js"></script>
<!-- The Templates plugin is included to render the upload/download listings -->
<script src="//blueimp.github.io/JavaScript-Templates/js/tmpl.min.js"></script>
<!-- The Load Image plugin is included for the preview images and image resizing functionality -->
@@ -246,5 +246,5 @@ $('#theme-switcher').change(function () {
<!--[if (gte IE 8)&(lt IE 10)]>
<script src="js/cors/jquery.xdr-transport.js"></script>
<![endif]-->
-</body>
+</body>
</html>
diff --git a/library/blueimp_upload/js/app.js b/library/blueimp_upload/js/app.js
index 47b4f923b..e6b7bce3e 100644
--- a/library/blueimp_upload/js/app.js
+++ b/library/blueimp_upload/js/app.js
@@ -1,18 +1,18 @@
/*
- * jQuery File Upload Plugin Angular JS Example 1.2.1
+ * jQuery File Upload Plugin Angular JS Example
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2013, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
+ * https://opensource.org/licenses/MIT
*/
/* jshint nomen:false */
/* global window, angular */
-(function () {
+;(function () {
'use strict';
var isOnGitHub = window.location.hostname === 'blueimp.github.io',
@@ -37,7 +37,7 @@
// send Blob objects via XHR requests:
disableImageResize: /Android(?!.*Chrome)|Opera/
.test(window.navigator.userAgent),
- maxFileSize: 5000000,
+ maxFileSize: 999000,
acceptFileTypes: /(\.|\/)(gif|jpe?g|png)$/i
});
}
diff --git a/library/blueimp_upload/js/cors/jquery.postmessage-transport.js b/library/blueimp_upload/js/cors/jquery.postmessage-transport.js
index 2b4851e67..2a0c38cb6 100644
--- a/library/blueimp_upload/js/cors/jquery.postmessage-transport.js
+++ b/library/blueimp_upload/js/cors/jquery.postmessage-transport.js
@@ -1,21 +1,24 @@
/*
- * jQuery postMessage Transport Plugin 1.1.1
+ * jQuery postMessage Transport Plugin
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2011, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
+ * https://opensource.org/licenses/MIT
*/
-/* global define, window, document */
+/* global define, require, window, document */
-(function (factory) {
+;(function (factory) {
'use strict';
if (typeof define === 'function' && define.amd) {
// Register as an anonymous AMD module:
define(['jquery'], factory);
+ } else if (typeof exports === 'object') {
+ // Node/CommonJS:
+ factory(require('jquery'));
} else {
// Browser globals:
factory(window.jQuery);
@@ -61,6 +64,12 @@
loc = $('<a>').prop('href', options.postMessage)[0],
target = loc.protocol + '//' + loc.host,
xhrUpload = options.xhr().upload;
+ // IE always includes the port for the host property of a link
+ // element, but not in the location.host or origin property for the
+ // default http port 80 and https port 443, so we strip it:
+ if (/^(http:\/\/.+:80)|(https:\/\/.+:443)$/.test(target)) {
+ target = target.replace(/:(80|443)$/, '');
+ }
return {
send: function (_, completeCallback) {
counter += 1;
diff --git a/library/blueimp_upload/js/cors/jquery.xdr-transport.js b/library/blueimp_upload/js/cors/jquery.xdr-transport.js
index 0044cc2d5..a4e2699c6 100644
--- a/library/blueimp_upload/js/cors/jquery.xdr-transport.js
+++ b/library/blueimp_upload/js/cors/jquery.xdr-transport.js
@@ -1,24 +1,27 @@
/*
- * jQuery XDomainRequest Transport Plugin 1.1.3
+ * jQuery XDomainRequest Transport Plugin
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2011, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
+ * https://opensource.org/licenses/MIT
*
* Based on Julian Aubourg's ajaxHooks xdr.js:
* https://github.com/jaubourg/ajaxHooks/
*/
-/* global define, window, XDomainRequest */
+/* global define, require, window, XDomainRequest */
-(function (factory) {
+;(function (factory) {
'use strict';
if (typeof define === 'function' && define.amd) {
// Register as an anonymous AMD module:
define(['jquery'], factory);
+ } else if (typeof exports === 'object') {
+ // Node/CommonJS:
+ factory(require('jquery'));
} else {
// Browser globals:
factory(window.jQuery);
diff --git a/library/blueimp_upload/js/jquery.fileupload-angular.js b/library/blueimp_upload/js/jquery.fileupload-angular.js
index e4ef3926b..1c2055276 100644
--- a/library/blueimp_upload/js/jquery.fileupload-angular.js
+++ b/library/blueimp_upload/js/jquery.fileupload-angular.js
@@ -1,18 +1,18 @@
/*
- * jQuery File Upload AngularJS Plugin 2.2.0
+ * jQuery File Upload AngularJS Plugin
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2013, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
+ * https://opensource.org/licenses/MIT
*/
/* jshint nomen:false */
-/* global define, angular */
+/* global define, angular, require */
-(function (factory) {
+;(function (factory) {
'use strict';
if (typeof define === 'function' && define.amd) {
// Register as an anonymous AMD module:
@@ -24,6 +24,16 @@
'./jquery.fileupload-video',
'./jquery.fileupload-validate'
], factory);
+ } else if (typeof exports === 'object') {
+ // Node/CommonJS:
+ factory(
+ require('jquery'),
+ require('angular'),
+ require('./jquery.fileupload-image'),
+ require('./jquery.fileupload-audio'),
+ require('./jquery.fileupload-video'),
+ require('./jquery.fileupload-validate')
+ );
} else {
factory();
}
@@ -91,7 +101,7 @@
angular.forEach(data.files, function (file) {
filesCopy.push(file);
});
- scope.$apply(function () {
+ scope.$parent.$applyAsync(function () {
addFileMethods(scope, data);
var method = scope.option('prependFiles') ?
'unshift' : 'push';
@@ -100,7 +110,7 @@
data.process(function () {
return scope.process(data);
}).always(function () {
- scope.$apply(function () {
+ scope.$parent.$applyAsync(function () {
addFileMethods(scope, data);
scope.replace(filesCopy, data.files);
});
@@ -112,12 +122,6 @@
}
});
},
- progress: function (e, data) {
- if (e.isDefaultPrevented()) {
- return false;
- }
- data.scope.$apply();
- },
done: function (e, data) {
if (e.isDefaultPrevented()) {
return false;
@@ -197,8 +201,8 @@
// The FileUploadController initializes the fileupload widget and
// provides scope methods to control the File Upload functionality:
.controller('FileUploadController', [
- '$scope', '$element', '$attrs', '$window', 'fileUpload',
- function ($scope, $element, $attrs, $window, fileUpload) {
+ '$scope', '$element', '$attrs', '$window', 'fileUpload','$q',
+ function ($scope, $element, $attrs, $window, fileUpload, $q) {
var uploadMethods = {
progress: function () {
return $element.fileupload('progress');
@@ -260,19 +264,21 @@
$scope.applyOnQueue = function (method) {
var list = this.queue.slice(0),
i,
- file;
+ file,
+ promises = [];
for (i = 0; i < list.length; i += 1) {
file = list[i];
if (file[method]) {
- file[method]();
+ promises.push(file[method]());
}
}
+ return $q.all(promises);
};
$scope.submit = function () {
- this.applyOnQueue('$submit');
+ return this.applyOnQueue('$submit');
};
$scope.cancel = function () {
- this.applyOnQueue('$cancel');
+ return this.applyOnQueue('$cancel');
};
// Add upload methods to the scope:
angular.extend($scope, uploadMethods);
@@ -320,9 +326,11 @@
'fileuploadprocessalways',
'fileuploadprocessstop'
].join(' '), function (e, data) {
- if ($scope.$emit(e.type, data).defaultPrevented) {
- e.preventDefault();
- }
+ $scope.$parent.$applyAsync(function () {
+ if ($scope.$emit(e.type, data).defaultPrevented) {
+ e.preventDefault();
+ }
+ });
}).on('remove', function () {
// Remove upload methods from the scope,
// when the widget is removed:
diff --git a/library/blueimp_upload/js/jquery.fileupload-audio.js b/library/blueimp_upload/js/jquery.fileupload-audio.js
index 575800e82..a25377619 100644
--- a/library/blueimp_upload/js/jquery.fileupload-audio.js
+++ b/library/blueimp_upload/js/jquery.fileupload-audio.js
@@ -1,18 +1,18 @@
/*
- * jQuery File Upload Audio Preview Plugin 1.0.3
+ * jQuery File Upload Audio Preview Plugin
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2013, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
+ * https://opensource.org/licenses/MIT
*/
/* jshint nomen:false */
-/* global define, window, document */
+/* global define, require, window, document */
-(function (factory) {
+;(function (factory) {
'use strict';
if (typeof define === 'function' && define.amd) {
// Register as an anonymous AMD module:
@@ -21,6 +21,13 @@
'load-image',
'./jquery.fileupload-process'
], factory);
+ } else if (typeof exports === 'object') {
+ // Node/CommonJS:
+ factory(
+ require('jquery'),
+ require('blueimp-load-image/js/load-image'),
+ require('./jquery.fileupload-process')
+ );
} else {
// Browser globals:
factory(
diff --git a/library/blueimp_upload/js/jquery.fileupload-image.js b/library/blueimp_upload/js/jquery.fileupload-image.js
index 5bb7026ae..65fc6d7b8 100644
--- a/library/blueimp_upload/js/jquery.fileupload-image.js
+++ b/library/blueimp_upload/js/jquery.fileupload-image.js
@@ -1,18 +1,18 @@
/*
- * jQuery File Upload Image Preview & Resize Plugin 1.7.2
+ * jQuery File Upload Image Preview & Resize Plugin
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2013, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
+ * https://opensource.org/licenses/MIT
*/
/* jshint nomen:false */
-/* global define, window, Blob */
+/* global define, require, window, Blob */
-(function (factory) {
+;(function (factory) {
'use strict';
if (typeof define === 'function' && define.amd) {
// Register as an anonymous AMD module:
@@ -20,11 +20,22 @@
'jquery',
'load-image',
'load-image-meta',
+ 'load-image-scale',
'load-image-exif',
- 'load-image-ios',
'canvas-to-blob',
'./jquery.fileupload-process'
], factory);
+ } else if (typeof exports === 'object') {
+ // Node/CommonJS:
+ factory(
+ require('jquery'),
+ require('blueimp-load-image/js/load-image'),
+ require('blueimp-load-image/js/load-image-meta'),
+ require('blueimp-load-image/js/load-image-scale'),
+ require('blueimp-load-image/js/load-image-exif'),
+ require('blueimp-canvas-to-blob'),
+ require('./jquery.fileupload-process')
+ );
} else {
// Browser globals:
factory(
@@ -236,7 +247,7 @@
blob.name = file.name;
} else if (file.name) {
blob.name = file.name.replace(
- /\..+$/,
+ /\.\w+$/,
'.' + blob.type.substr(6)
);
}
diff --git a/library/blueimp_upload/js/jquery.fileupload-jquery-ui.js b/library/blueimp_upload/js/jquery.fileupload-jquery-ui.js
index af0a00b1e..7b136b379 100755..100644
--- a/library/blueimp_upload/js/jquery.fileupload-jquery-ui.js
+++ b/library/blueimp_upload/js/jquery.fileupload-jquery-ui.js
@@ -1,22 +1,31 @@
/*
- * jQuery File Upload jQuery UI Plugin 8.7.1
+ * jQuery File Upload jQuery UI Plugin
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2013, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
+ * https://opensource.org/licenses/MIT
*/
/* jshint nomen:false */
-/* global define, window */
+/* global define, require, window */
-(function (factory) {
+;(function (factory) {
'use strict';
if (typeof define === 'function' && define.amd) {
// Register as an anonymous AMD module:
- define(['jquery', './jquery.fileupload-ui'], factory);
+ define([
+ 'jquery',
+ './jquery.fileupload-ui'
+ ], factory);
+ } else if (typeof exports === 'object') {
+ // Node/CommonJS:
+ factory(
+ require('jquery'),
+ require('./jquery.fileupload-ui')
+ );
} else {
// Browser globals:
factory(window.jQuery);
diff --git a/library/blueimp_upload/js/jquery.fileupload-process.js b/library/blueimp_upload/js/jquery.fileupload-process.js
index 8a6b929a6..638f0d26b 100644
--- a/library/blueimp_upload/js/jquery.fileupload-process.js
+++ b/library/blueimp_upload/js/jquery.fileupload-process.js
@@ -1,18 +1,18 @@
/*
- * jQuery File Upload Processing Plugin 1.3.0
+ * jQuery File Upload Processing Plugin
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2012, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
+ * https://opensource.org/licenses/MIT
*/
/* jshint nomen:false */
-/* global define, window */
+/* global define, require, window */
-(function (factory) {
+;(function (factory) {
'use strict';
if (typeof define === 'function' && define.amd) {
// Register as an anonymous AMD module:
@@ -20,6 +20,12 @@
'jquery',
'./jquery.fileupload'
], factory);
+ } else if (typeof exports === 'object') {
+ // Node/CommonJS:
+ factory(
+ require('jquery'),
+ require('./jquery.fileupload')
+ );
} else {
// Browser globals:
factory(
@@ -81,7 +87,7 @@
settings
);
};
- chain = chain.pipe(func, settings.always && func);
+ chain = chain.then(func, settings.always && func);
});
chain
.done(function () {
@@ -148,7 +154,7 @@
};
opts.index = index;
that._processing += 1;
- that._processingQueue = that._processingQueue.pipe(func, func)
+ that._processingQueue = that._processingQueue.then(func, func)
.always(function () {
that._processing -= 1;
if (that._processing === 0) {
diff --git a/library/blueimp_upload/js/jquery.fileupload-ui.js b/library/blueimp_upload/js/jquery.fileupload-ui.js
index 62cf9aa38..83e7449e6 100644
--- a/library/blueimp_upload/js/jquery.fileupload-ui.js
+++ b/library/blueimp_upload/js/jquery.fileupload-ui.js
@@ -1,29 +1,38 @@
/*
- * jQuery File Upload User Interface Plugin 9.6.0
+ * jQuery File Upload User Interface Plugin
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2010, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
+ * https://opensource.org/licenses/MIT
*/
/* jshint nomen:false */
-/* global define, window */
+/* global define, require, window */
-(function (factory) {
+;(function (factory) {
'use strict';
if (typeof define === 'function' && define.amd) {
// Register as an anonymous AMD module:
define([
'jquery',
- 'tmpl',
+ 'blueimp-tmpl',
'./jquery.fileupload-image',
'./jquery.fileupload-audio',
'./jquery.fileupload-video',
'./jquery.fileupload-validate'
], factory);
+ } else if (typeof exports === 'object') {
+ // Node/CommonJS:
+ factory(
+ require('jquery'),
+ require('blueimp-tmpl'),
+ require('./jquery.fileupload-image'),
+ require('./jquery.fileupload-video'),
+ require('./jquery.fileupload-validate')
+ );
} else {
// Browser globals:
factory(
@@ -62,10 +71,10 @@
// The expected data type of the upload response, sets the dataType
// option of the $.ajax upload requests:
dataType: 'json',
-
+
// Error and info messages:
messages: {
- unknownError: 'Unknown error'
+ unknownError: 'Unknown error'
},
// Function returning the current number of files,
diff --git a/library/blueimp_upload/js/jquery.fileupload-validate.js b/library/blueimp_upload/js/jquery.fileupload-validate.js
index f93a18fa2..eebeb3733 100644
--- a/library/blueimp_upload/js/jquery.fileupload-validate.js
+++ b/library/blueimp_upload/js/jquery.fileupload-validate.js
@@ -1,17 +1,17 @@
/*
- * jQuery File Upload Validation Plugin 1.1.2
+ * jQuery File Upload Validation Plugin
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2013, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
+ * https://opensource.org/licenses/MIT
*/
-/* global define, window */
+/* global define, require, window */
-(function (factory) {
+;(function (factory) {
'use strict';
if (typeof define === 'function' && define.amd) {
// Register as an anonymous AMD module:
@@ -19,6 +19,12 @@
'jquery',
'./jquery.fileupload-process'
], factory);
+ } else if (typeof exports === 'object') {
+ // Node/CommonJS:
+ factory(
+ require('jquery'),
+ require('./jquery.fileupload-process')
+ );
} else {
// Browser globals:
factory(
@@ -33,7 +39,7 @@
{
action: 'validate',
// Always trigger this action,
- // even if the previous action was rejected:
+ // even if the previous action was rejected:
always: true,
// Options taken from the global options map:
acceptFileTypes: '@',
diff --git a/library/blueimp_upload/js/jquery.fileupload-video.js b/library/blueimp_upload/js/jquery.fileupload-video.js
index 3764b27a2..aedcec2ba 100644
--- a/library/blueimp_upload/js/jquery.fileupload-video.js
+++ b/library/blueimp_upload/js/jquery.fileupload-video.js
@@ -1,18 +1,18 @@
/*
- * jQuery File Upload Video Preview Plugin 1.0.3
+ * jQuery File Upload Video Preview Plugin
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2013, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
+ * https://opensource.org/licenses/MIT
*/
/* jshint nomen:false */
-/* global define, window, document */
+/* global define, require, window, document */
-(function (factory) {
+;(function (factory) {
'use strict';
if (typeof define === 'function' && define.amd) {
// Register as an anonymous AMD module:
@@ -21,6 +21,13 @@
'load-image',
'./jquery.fileupload-process'
], factory);
+ } else if (typeof exports === 'object') {
+ // Node/CommonJS:
+ factory(
+ require('jquery'),
+ require('blueimp-load-image/js/load-image'),
+ require('./jquery.fileupload-process')
+ );
} else {
// Browser globals:
factory(
diff --git a/library/blueimp_upload/js/jquery.fileupload.js b/library/blueimp_upload/js/jquery.fileupload.js
index a4cfdc0ac..5ff151b53 100644
--- a/library/blueimp_upload/js/jquery.fileupload.js
+++ b/library/blueimp_upload/js/jquery.fileupload.js
@@ -1,25 +1,31 @@
/*
- * jQuery File Upload Plugin 5.42.0
+ * jQuery File Upload Plugin
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2010, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
+ * https://opensource.org/licenses/MIT
*/
/* jshint nomen:false */
-/* global define, window, document, location, Blob, FormData */
+/* global define, require, window, document, location, Blob, FormData */
-(function (factory) {
+;(function (factory) {
'use strict';
if (typeof define === 'function' && define.amd) {
// Register as an anonymous AMD module:
define([
'jquery',
- 'jquery.ui.widget'
+ 'jquery-ui/ui/widget'
], factory);
+ } else if (typeof exports === 'object') {
+ // Node/CommonJS:
+ factory(
+ require('jquery'),
+ require('./vendor/jquery.ui.widget')
+ );
} else {
// Browser globals:
factory(window.jQuery);
@@ -271,7 +277,8 @@
// The following are jQuery ajax settings required for the file uploads:
processData: false,
contentType: false,
- cache: false
+ cache: false,
+ timeout: 0
},
// A list of options that require reinitializing event listeners and/or
@@ -645,7 +652,7 @@
data.process = function (resolveFunc, rejectFunc) {
if (resolveFunc || rejectFunc) {
data._processQueue = this._processQueue =
- (this._processQueue || getPromise([this])).pipe(
+ (this._processQueue || getPromise([this])).then(
function () {
if (data.errorThrown) {
return $.Deferred()
@@ -653,7 +660,7 @@
}
return getPromise(arguments);
}
- ).pipe(resolveFunc, rejectFunc);
+ ).then(resolveFunc, rejectFunc);
}
return this._processQueue || getPromise([this]);
};
@@ -938,9 +945,9 @@
if (this.options.limitConcurrentUploads > 1) {
slot = $.Deferred();
this._slots.push(slot);
- pipe = slot.pipe(send);
+ pipe = slot.then(send);
} else {
- this._sequence = this._sequence.pipe(send, send);
+ this._sequence = this._sequence.then(send, send);
pipe = this._sequence;
}
// Return the piped Promise object, enhanced with an abort method,
@@ -977,7 +984,10 @@
fileSet,
i,
j = 0;
- if (limitSize && (!filesLength || files[0].size === undefined)) {
+ if (!filesLength) {
+ return false;
+ }
+ if (limitSize && files[0].size === undefined) {
limitSize = undefined;
}
if (!(options.singleFileUploads || limit || limitSize) ||
@@ -1036,13 +1046,19 @@
_replaceFileInput: function (data) {
var input = data.fileInput,
- inputClone = input.clone(true);
+ inputClone = input.clone(true),
+ restoreFocus = input.is(document.activeElement);
// Add a reference for the new cloned file input to the data argument:
data.fileInputClone = inputClone;
$('<form></form>').append(inputClone)[0].reset();
// Detaching allows to insert the fileInput on another form
// without loosing the file input value:
input.after(inputClone).detach();
+ // If the fileInput had focus before it was detached,
+ // restore focus to the inputClone.
+ if (restoreFocus) {
+ inputClone.focus();
+ }
// Avoid memory leaks with the detached file input:
$.cleanData(input.unbind('remove'));
// Replace the original file input element in the fileInput
@@ -1064,6 +1080,8 @@
_handleFileTreeEntry: function (entry, path) {
var that = this,
dfd = $.Deferred(),
+ entries = [],
+ dirReader,
errorHandler = function (e) {
if (e && !e.entry) {
e.entry = entry;
@@ -1091,8 +1109,7 @@
readEntries();
}
}, errorHandler);
- },
- dirReader, entries = [];
+ };
path = path || '';
if (entry.isFile) {
if (entry._file) {
@@ -1123,7 +1140,7 @@
$.map(entries, function (entry) {
return that._handleFileTreeEntry(entry, path);
})
- ).pipe(function () {
+ ).then(function () {
return Array.prototype.concat.apply(
[],
arguments
@@ -1192,7 +1209,7 @@
return $.when.apply(
$,
$.map(fileInput, this._getSingleFileInputFiles)
- ).pipe(function () {
+ ).then(function () {
return Array.prototype.concat.apply(
[],
arguments
@@ -1295,6 +1312,10 @@
this._off(this.options.fileInput, 'change');
},
+ _destroy: function () {
+ this._destroyEventHandlers();
+ },
+
_setOption: function (key, value) {
var reinit = $.inArray(key, this._specialOptions) !== -1;
if (reinit) {
@@ -1338,15 +1359,19 @@
_initDataAttributes: function () {
var that = this,
options = this.options,
- clone = $(this.element[0].cloneNode(false));
+ data = this.element.data();
// Initialize options set via HTML5 data-attributes:
$.each(
- clone.data(),
- function (key, value) {
- var dataAttributeName = 'data-' +
- // Convert camelCase to hyphen-ated key:
- key.replace(/([a-z])([A-Z])/g, '$1-$2').toLowerCase();
- if (clone.attr(dataAttributeName)) {
+ this.element[0].attributes,
+ function (index, attr) {
+ var key = attr.name.toLowerCase(),
+ value;
+ if (/^data-/.test(key)) {
+ // Convert hyphen-ated key to camelCase:
+ key = key.slice(5).replace(/-[a-z]/g, function (str) {
+ return str.charAt(1).toUpperCase();
+ });
+ value = data[key];
if (that._isRegExpOption(key, value)) {
value = that._getRegExp(value);
}
diff --git a/library/blueimp_upload/js/jquery.iframe-transport.js b/library/blueimp_upload/js/jquery.iframe-transport.js
index 8d64b591b..8d25c4641 100644
--- a/library/blueimp_upload/js/jquery.iframe-transport.js
+++ b/library/blueimp_upload/js/jquery.iframe-transport.js
@@ -1,21 +1,24 @@
/*
- * jQuery Iframe Transport Plugin 1.8.2
+ * jQuery Iframe Transport Plugin
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2011, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
+ * https://opensource.org/licenses/MIT
*/
-/* global define, window, document */
+/* global define, require, window, document, JSON */
-(function (factory) {
+;(function (factory) {
'use strict';
if (typeof define === 'function' && define.amd) {
// Register as an anonymous AMD module:
define(['jquery'], factory);
+ } else if (typeof exports === 'object') {
+ // Node/CommonJS:
+ factory(require('jquery'));
} else {
// Browser globals:
factory(window.jQuery);
@@ -24,7 +27,14 @@
'use strict';
// Helper variable to create unique names for the transport iframes:
- var counter = 0;
+ var counter = 0,
+ jsonAPI = $,
+ jsonParse = 'parseJSON';
+
+ if ('JSON' in window && 'parse' in JSON) {
+ jsonAPI = JSON;
+ jsonParse = 'parse';
+ }
// The iframe transport accepts four additional options:
// options.fileInput: a jQuery collection of file input fields
@@ -194,7 +204,7 @@
return iframe && $(iframe[0].body).text();
},
'iframe json': function (iframe) {
- return iframe && $.parseJSON($(iframe[0].body).text());
+ return iframe && jsonAPI[jsonParse]($(iframe[0].body).text());
},
'iframe html': function (iframe) {
return iframe && $(iframe[0].body).html();
diff --git a/library/blueimp_upload/js/main.js b/library/blueimp_upload/js/main.js
index 8f57967a3..0403682e7 100644
--- a/library/blueimp_upload/js/main.js
+++ b/library/blueimp_upload/js/main.js
@@ -1,12 +1,12 @@
/*
- * jQuery File Upload Plugin JS Example 8.9.1
+ * jQuery File Upload Plugin JS Example
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2010, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
+ * https://opensource.org/licenses/MIT
*/
/* global $, window */
@@ -40,7 +40,7 @@ $(function () {
// send Blob objects via XHR requests:
disableImageResize: /Android(?!.*Chrome)|Opera/
.test(window.navigator.userAgent),
- maxFileSize: 5000000,
+ maxFileSize: 999000,
acceptFileTypes: /(\.|\/)(gif|jpe?g|png)$/i
});
// Upload server status check for browsers with CORS support:
diff --git a/library/blueimp_upload/js/vendor/jquery.ui.widget.js b/library/blueimp_upload/js/vendor/jquery.ui.widget.js
index 7899e6bb3..e08df3fd0 100644
--- a/library/blueimp_upload/js/vendor/jquery.ui.widget.js
+++ b/library/blueimp_upload/js/vendor/jquery.ui.widget.js
@@ -1,13 +1,19 @@
-/*! jQuery UI - v1.11.1 - 2014-09-17
+/*! jQuery UI - v1.11.4+CommonJS - 2015-08-28
* http://jqueryui.com
* Includes: widget.js
-* Copyright 2014 jQuery Foundation and other contributors; Licensed MIT */
+* Copyright 2015 jQuery Foundation and other contributors; Licensed MIT */
(function( factory ) {
if ( typeof define === "function" && define.amd ) {
// AMD. Register as an anonymous module.
define([ "jquery" ], factory );
+
+ } else if ( typeof exports === "object" ) {
+
+ // Node/CommonJS
+ factory( require( "jquery" ) );
+
} else {
// Browser globals
@@ -15,10 +21,10 @@
}
}(function( $ ) {
/*!
- * jQuery UI Widget 1.11.1
+ * jQuery UI Widget 1.11.4
* http://jqueryui.com
*
- * Copyright 2014 jQuery Foundation and other contributors
+ * Copyright jQuery Foundation and other contributors
* Released under the MIT license.
* http://jquery.org/license
*
@@ -42,7 +48,7 @@ $.cleanData = (function( orig ) {
}
// http://bugs.jquery.com/ticket/8235
- } catch( e ) {}
+ } catch ( e ) {}
}
orig( elems );
};
@@ -196,11 +202,6 @@ $.widget.bridge = function( name, object ) {
args = widget_slice.call( arguments, 1 ),
returnValue = this;
- // allow multiple hashes to be passed on init
- options = !isMethodCall && args.length ?
- $.widget.extend.apply( null, [ options ].concat(args) ) :
- options;
-
if ( isMethodCall ) {
this.each(function() {
var methodValue,
@@ -225,6 +226,12 @@ $.widget.bridge = function( name, object ) {
}
});
} else {
+
+ // Allow multiple hashes to be passed on init
+ if ( args.length ) {
+ options = $.widget.extend.apply( null, [ options ].concat(args) );
+ }
+
this.each(function() {
var instance = $.data( this, fullName );
if ( instance ) {
@@ -260,10 +267,6 @@ $.Widget.prototype = {
this.element = $( element );
this.uuid = widget_uuid++;
this.eventNamespace = "." + this.widgetName + this.uuid;
- this.options = $.widget.extend( {},
- this.options,
- this._getCreateOptions(),
- options );
this.bindings = $();
this.hoverable = $();
@@ -286,6 +289,11 @@ $.Widget.prototype = {
this.window = $( this.document[0].defaultView || this.document[0].parentWindow );
}
+ this.options = $.widget.extend( {},
+ this.options,
+ this._getCreateOptions(),
+ options );
+
this._create();
this._trigger( "create", null, this._getCreateEventData() );
this._init();
@@ -448,8 +456,14 @@ $.Widget.prototype = {
},
_off: function( element, eventName ) {
- eventName = (eventName || "").split( " " ).join( this.eventNamespace + " " ) + this.eventNamespace;
+ eventName = (eventName || "").split( " " ).join( this.eventNamespace + " " ) +
+ this.eventNamespace;
element.unbind( eventName ).undelegate( eventName );
+
+ // Clear the stack to avoid memory leaks (#10056)
+ this.bindings = $( this.bindings.not( element ).get() );
+ this.focusable = $( this.focusable.not( element ).get() );
+ this.hoverable = $( this.hoverable.not( element ).get() );
},
_delay: function( handler, delay ) {
diff --git a/library/blueimp_upload/package.json b/library/blueimp_upload/package.json
index 880574aa7..ed4d33681 100644
--- a/library/blueimp_upload/package.json
+++ b/library/blueimp_upload/package.json
@@ -1,8 +1,8 @@
{
"name": "blueimp-file-upload",
- "version": "9.8.0",
+ "version": "9.18.0",
"title": "jQuery File Upload",
- "description": "File Upload widget with multiple file selection, drag&amp;drop support, progress bar, validation and preview images, audio and video for jQuery. Supports cross-domain, chunked and resumable file uploads. Works with any server-side platform (Google App Engine, PHP, Python, Ruby on Rails, Java, etc.) that supports standard HTML form file uploads.",
+ "description": "File Upload widget with multiple file selection, drag&drop support, progress bar, validation and preview images, audio and video for jQuery. Supports cross-domain, chunked and resumable file uploads. Works with any server-side platform (Google App Engine, PHP, Python, Ruby on Rails, Java, etc.) that supports standard HTML form file uploads.",
"keywords": [
"jquery",
"file",
@@ -29,26 +29,27 @@
"name": "Sebastian Tschan",
"url": "https://blueimp.net"
},
- "maintainers": [
- {
- "name": "Sebastian Tschan",
- "url": "https://blueimp.net"
- }
- ],
"repository": {
"type": "git",
"url": "git://github.com/blueimp/jQuery-File-Upload.git"
},
- "bugs": "https://github.com/blueimp/jQuery-File-Upload/issues",
- "licenses": [
- {
- "type": "MIT",
- "url": "http://www.opensource.org/licenses/MIT"
- }
- ],
+ "license": "MIT",
+ "optionalDependencies": {
+ "blueimp-canvas-to-blob": "3.5.0",
+ "blueimp-load-image": "2.12.2",
+ "blueimp-tmpl": "3.6.0"
+ },
"devDependencies": {
- "grunt": "~0.4.5",
- "grunt-bump-build-git": "~1.1.1",
- "grunt-contrib-jshint": "~0.10.0"
- }
+ "bower-json": "0.8.1",
+ "jshint": "2.9.3"
+ },
+ "scripts": {
+ "bower-version-update": "./bower-version-update.js",
+ "lint": "jshint *.js js/*.js js/cors/*.js",
+ "test": "npm run lint",
+ "preversion": "npm test",
+ "version": "npm run bower-version-update && git add bower.json",
+ "postversion": "git push --tags origin master && npm publish"
+ },
+ "main": "js/jquery.fileupload.js"
}
diff --git a/library/blueimp_upload/server/gae-go/app/main.go b/library/blueimp_upload/server/gae-go/app/main.go
index 03af0b1d2..a92d128c0 100644
--- a/library/blueimp_upload/server/gae-go/app/main.go
+++ b/library/blueimp_upload/server/gae-go/app/main.go
@@ -1,59 +1,90 @@
/*
- * jQuery File Upload Plugin GAE Go Example 3.2.0
+ * jQuery File Upload Plugin GAE Go Example
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2011, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
+ * https://opensource.org/licenses/MIT
*/
package app
import (
- "appengine"
- "appengine/blobstore"
- "appengine/image"
- "appengine/taskqueue"
+ "bufio"
"bytes"
"encoding/json"
"fmt"
+ "github.com/disintegration/gift"
+ "golang.org/x/net/context"
+ "google.golang.org/appengine"
+ "google.golang.org/appengine/memcache"
+ "hash/crc32"
+ "image"
+ "image/gif"
+ "image/jpeg"
+ "image/png"
"io"
"log"
"mime/multipart"
"net/http"
"net/url"
+ "path/filepath"
"regexp"
"strings"
- "time"
)
const (
- WEBSITE = "https://blueimp.github.io/jQuery-File-Upload/"
- MIN_FILE_SIZE = 1 // bytes
- MAX_FILE_SIZE = 5000000 // bytes
+ WEBSITE = "https://blueimp.github.io/jQuery-File-Upload/"
+ MIN_FILE_SIZE = 1 // bytes
+ // Max file size is memcache limit (1MB) minus key size minus overhead:
+ MAX_FILE_SIZE = 999000 // bytes
IMAGE_TYPES = "image/(gif|p?jpeg|(x-)?png)"
ACCEPT_FILE_TYPES = IMAGE_TYPES
+ THUMB_MAX_WIDTH = 80
+ THUMB_MAX_HEIGHT = 80
EXPIRATION_TIME = 300 // seconds
- THUMBNAIL_PARAM = "=s80"
+ // If empty, only allow redirects to the referer protocol+host.
+ // Set to a regexp string for custom pattern matching:
+ REDIRECT_ALLOW_TARGET = ""
)
var (
imageTypes = regexp.MustCompile(IMAGE_TYPES)
acceptFileTypes = regexp.MustCompile(ACCEPT_FILE_TYPES)
+ thumbSuffix = "." + fmt.Sprint(THUMB_MAX_WIDTH) + "x" +
+ fmt.Sprint(THUMB_MAX_HEIGHT)
)
+func escape(s string) string {
+ return strings.Replace(url.QueryEscape(s), "+", "%20", -1)
+}
+
+func extractKey(r *http.Request) string {
+ // Use RequestURI instead of r.URL.Path, as we need the encoded form:
+ path := strings.Split(r.RequestURI, "?")[0]
+ // Also adjust double encoded slashes:
+ return strings.Replace(path[1:], "%252F", "%2F", -1)
+}
+
+func check(err error) {
+ if err != nil {
+ panic(err)
+ }
+}
+
type FileInfo struct {
- Key appengine.BlobKey `json:"-"`
- Url string `json:"url,omitempty"`
- ThumbnailUrl string `json:"thumbnailUrl,omitempty"`
- Name string `json:"name"`
- Type string `json:"type"`
- Size int64 `json:"size"`
- Error string `json:"error,omitempty"`
- DeleteUrl string `json:"deleteUrl,omitempty"`
- DeleteType string `json:"deleteType,omitempty"`
+ Key string `json:"-"`
+ ThumbnailKey string `json:"-"`
+ Url string `json:"url,omitempty"`
+ ThumbnailUrl string `json:"thumbnailUrl,omitempty"`
+ Name string `json:"name"`
+ Type string `json:"type"`
+ Size int64 `json:"size"`
+ Error string `json:"error,omitempty"`
+ DeleteUrl string `json:"deleteUrl,omitempty"`
+ DeleteType string `json:"deleteType,omitempty"`
}
func (fi *FileInfo) ValidateType() (valid bool) {
@@ -75,50 +106,58 @@ func (fi *FileInfo) ValidateSize() (valid bool) {
return false
}
-func (fi *FileInfo) CreateUrls(r *http.Request, c appengine.Context) {
+func (fi *FileInfo) CreateUrls(r *http.Request, c context.Context) {
u := &url.URL{
Scheme: r.URL.Scheme,
Host: appengine.DefaultVersionHostname(c),
Path: "/",
}
uString := u.String()
- fi.Url = uString + escape(string(fi.Key)) + "/" +
- escape(string(fi.Name))
- fi.DeleteUrl = fi.Url + "?delete=true"
+ fi.Url = uString + fi.Key
+ fi.DeleteUrl = fi.Url
fi.DeleteType = "DELETE"
- if imageTypes.MatchString(fi.Type) {
- servingUrl, err := image.ServingURL(
- c,
- fi.Key,
- &image.ServingURLOptions{
- Secure: strings.HasSuffix(u.Scheme, "s"),
- Size: 0,
- Crop: false,
- },
- )
- check(err)
- fi.ThumbnailUrl = servingUrl.String() + THUMBNAIL_PARAM
+ if fi.ThumbnailKey != "" {
+ fi.ThumbnailUrl = uString + fi.ThumbnailKey
}
}
-func check(err error) {
- if err != nil {
- panic(err)
- }
-}
-
-func escape(s string) string {
- return strings.Replace(url.QueryEscape(s), "+", "%20", -1)
+func (fi *FileInfo) SetKey(checksum uint32) {
+ fi.Key = escape(string(fi.Type)) + "/" +
+ escape(fmt.Sprint(checksum)) + "/" +
+ escape(string(fi.Name))
}
-func delayedDelete(c appengine.Context, fi *FileInfo) {
- if key := string(fi.Key); key != "" {
- task := &taskqueue.Task{
- Path: "/" + escape(key) + "/-",
- Method: "DELETE",
- Delay: time.Duration(EXPIRATION_TIME) * time.Second,
+func (fi *FileInfo) createThumb(buffer *bytes.Buffer, c context.Context) {
+ if imageTypes.MatchString(fi.Type) {
+ src, _, err := image.Decode(bytes.NewReader(buffer.Bytes()))
+ check(err)
+ filter := gift.New(gift.ResizeToFit(
+ THUMB_MAX_WIDTH,
+ THUMB_MAX_HEIGHT,
+ gift.LanczosResampling,
+ ))
+ dst := image.NewNRGBA(filter.Bounds(src.Bounds()))
+ filter.Draw(dst, src)
+ buffer.Reset()
+ bWriter := bufio.NewWriter(buffer)
+ switch fi.Type {
+ case "image/jpeg", "image/pjpeg":
+ err = jpeg.Encode(bWriter, dst, nil)
+ case "image/gif":
+ err = gif.Encode(bWriter, dst, nil)
+ default:
+ err = png.Encode(bWriter, dst)
+ }
+ check(err)
+ bWriter.Flush()
+ thumbnailKey := fi.Key + thumbSuffix + filepath.Ext(fi.Name)
+ item := &memcache.Item{
+ Key: thumbnailKey,
+ Value: buffer.Bytes(),
}
- taskqueue.Add(c, task, "")
+ err = memcache.Set(c, item)
+ check(err)
+ fi.ThumbnailKey = thumbnailKey
}
}
@@ -136,24 +175,26 @@ func handleUpload(r *http.Request, p *multipart.Part) (fi *FileInfo) {
fi.Error = rec.(error).Error()
}
}()
+ var buffer bytes.Buffer
+ hash := crc32.NewIEEE()
+ mw := io.MultiWriter(&buffer, hash)
lr := &io.LimitedReader{R: p, N: MAX_FILE_SIZE + 1}
+ _, err := io.Copy(mw, lr)
+ check(err)
+ fi.Size = MAX_FILE_SIZE + 1 - lr.N
+ if !fi.ValidateSize() {
+ return
+ }
+ fi.SetKey(hash.Sum32())
+ item := &memcache.Item{
+ Key: fi.Key,
+ Value: buffer.Bytes(),
+ }
context := appengine.NewContext(r)
- w, err := blobstore.Create(context, fi.Type)
- defer func() {
- w.Close()
- fi.Size = MAX_FILE_SIZE + 1 - lr.N
- fi.Key, err = w.Key()
- check(err)
- if !fi.ValidateSize() {
- err := blobstore.Delete(context, fi.Key)
- check(err)
- return
- }
- delayedDelete(context, fi)
- fi.CreateUrls(r, context)
- }()
+ err = memcache.Set(context, item)
check(err)
- _, err = io.Copy(w, lr)
+ fi.createThumb(&buffer, context)
+ fi.CreateUrls(r, context)
return
}
@@ -183,49 +224,70 @@ func handleUploads(r *http.Request) (fileInfos []*FileInfo) {
return
}
+func validateRedirect(r *http.Request, redirect string) bool {
+ if redirect != "" {
+ var redirectAllowTarget *regexp.Regexp
+ if REDIRECT_ALLOW_TARGET != "" {
+ redirectAllowTarget = regexp.MustCompile(REDIRECT_ALLOW_TARGET)
+ } else {
+ referer := r.Referer()
+ if referer == "" {
+ return false
+ }
+ refererUrl, err := url.Parse(referer)
+ if err != nil {
+ return false
+ }
+ redirectAllowTarget = regexp.MustCompile("^" + regexp.QuoteMeta(
+ refererUrl.Scheme+"://"+refererUrl.Host+"/",
+ ))
+ }
+ return redirectAllowTarget.MatchString(redirect)
+ }
+ return false
+}
+
func get(w http.ResponseWriter, r *http.Request) {
if r.URL.Path == "/" {
http.Redirect(w, r, WEBSITE, http.StatusFound)
return
}
- parts := strings.Split(r.URL.Path, "/")
+ // Use RequestURI instead of r.URL.Path, as we need the encoded form:
+ key := extractKey(r)
+ parts := strings.Split(key, "/")
if len(parts) == 3 {
- if key := parts[1]; key != "" {
- blobKey := appengine.BlobKey(key)
- bi, err := blobstore.Stat(appengine.NewContext(r), blobKey)
- if err == nil {
- w.Header().Add("X-Content-Type-Options", "nosniff")
- if !imageTypes.MatchString(bi.ContentType) {
- w.Header().Add("Content-Type", "application/octet-stream")
- w.Header().Add(
- "Content-Disposition",
- fmt.Sprintf("attachment; filename=\"%s\"", parts[2]),
- )
- }
- w.Header().Add(
- "Cache-Control",
- fmt.Sprintf("public,max-age=%d", EXPIRATION_TIME),
- )
- blobstore.Send(w, blobKey)
- return
+ context := appengine.NewContext(r)
+ item, err := memcache.Get(context, key)
+ if err == nil {
+ w.Header().Add("X-Content-Type-Options", "nosniff")
+ contentType, _ := url.QueryUnescape(parts[0])
+ if !imageTypes.MatchString(contentType) {
+ contentType = "application/octet-stream"
}
+ w.Header().Add("Content-Type", contentType)
+ w.Header().Add(
+ "Cache-Control",
+ fmt.Sprintf("public,max-age=%d", EXPIRATION_TIME),
+ )
+ w.Write(item.Value)
+ return
}
}
http.Error(w, "404 Not Found", http.StatusNotFound)
}
func post(w http.ResponseWriter, r *http.Request) {
- result := make(map[string][]*FileInfo, 1)
- result["files"] = handleUploads(r)
+ result := make(map[string][]*FileInfo, 1)
+ result["files"] = handleUploads(r)
b, err := json.Marshal(result)
check(err)
- if redirect := r.FormValue("redirect"); redirect != "" {
- if strings.Contains(redirect, "%s") {
- redirect = fmt.Sprintf(
- redirect,
- escape(string(b)),
- )
- }
+ if redirect := r.FormValue("redirect"); validateRedirect(r, redirect) {
+ if strings.Contains(redirect, "%s") {
+ redirect = fmt.Sprintf(
+ redirect,
+ escape(string(b)),
+ )
+ }
http.Redirect(w, r, redirect, http.StatusFound)
return
}
@@ -238,27 +300,30 @@ func post(w http.ResponseWriter, r *http.Request) {
}
func delete(w http.ResponseWriter, r *http.Request) {
- parts := strings.Split(r.URL.Path, "/")
- if len(parts) != 3 {
- return
- }
- result := make(map[string]bool, 1)
- if key := parts[1]; key != "" {
- c := appengine.NewContext(r)
- blobKey := appengine.BlobKey(key)
- err := blobstore.Delete(c, blobKey)
- check(err)
- err = image.DeleteServingURL(c, blobKey)
+ key := extractKey(r)
+ parts := strings.Split(key, "/")
+ if len(parts) == 3 {
+ result := make(map[string]bool, 1)
+ context := appengine.NewContext(r)
+ err := memcache.Delete(context, key)
+ if err == nil {
+ result[key] = true
+ contentType, _ := url.QueryUnescape(parts[0])
+ if imageTypes.MatchString(contentType) {
+ thumbnailKey := key + thumbSuffix + filepath.Ext(parts[2])
+ err := memcache.Delete(context, thumbnailKey)
+ if err == nil {
+ result[thumbnailKey] = true
+ }
+ }
+ }
+ w.Header().Set("Content-Type", "application/json")
+ b, err := json.Marshal(result)
check(err)
- result[key] = true
- }
- jsonType := "application/json"
- if strings.Index(r.Header.Get("Accept"), jsonType) != -1 {
- w.Header().Set("Content-Type", jsonType)
+ fmt.Fprintln(w, string(b))
+ } else {
+ http.Error(w, "405 Method not allowed", http.StatusMethodNotAllowed)
}
- b, err := json.Marshal(result)
- check(err)
- fmt.Fprintln(w, string(b))
}
func handle(w http.ResponseWriter, r *http.Request) {
@@ -267,15 +332,15 @@ func handle(w http.ResponseWriter, r *http.Request) {
w.Header().Add("Access-Control-Allow-Origin", "*")
w.Header().Add(
"Access-Control-Allow-Methods",
- "OPTIONS, HEAD, GET, POST, PUT, DELETE",
+ "OPTIONS, HEAD, GET, POST, DELETE",
)
w.Header().Add(
"Access-Control-Allow-Headers",
"Content-Type, Content-Range, Content-Disposition",
)
switch r.Method {
- case "OPTIONS":
- case "HEAD":
+ case "OPTIONS", "HEAD":
+ return
case "GET":
get(w, r)
case "POST":
diff --git a/library/blueimp_upload/server/gae-python/app.yaml b/library/blueimp_upload/server/gae-python/app.yaml
index 5fe123f59..764449b74 100644
--- a/library/blueimp_upload/server/gae-python/app.yaml
+++ b/library/blueimp_upload/server/gae-python/app.yaml
@@ -4,8 +4,9 @@ runtime: python27
api_version: 1
threadsafe: true
-builtins:
-- deferred: on
+libraries:
+- name: PIL
+ version: latest
handlers:
- url: /(favicon\.ico|robots\.txt)
diff --git a/library/blueimp_upload/server/gae-python/main.py b/library/blueimp_upload/server/gae-python/main.py
index 6276be6a0..1955ac00a 100644
--- a/library/blueimp_upload/server/gae-python/main.py
+++ b/library/blueimp_upload/server/gae-python/main.py
@@ -1,49 +1,57 @@
# -*- coding: utf-8 -*-
#
-# jQuery File Upload Plugin GAE Python Example 2.2.0
+# jQuery File Upload Plugin GAE Python Example
# https://github.com/blueimp/jQuery-File-Upload
#
# Copyright 2011, Sebastian Tschan
# https://blueimp.net
#
# Licensed under the MIT license:
-# http://www.opensource.org/licenses/MIT
+# https://opensource.org/licenses/MIT
#
-from __future__ import with_statement
-from google.appengine.api import files, images
-from google.appengine.ext import blobstore, deferred
-from google.appengine.ext.webapp import blobstore_handlers
+from google.appengine.api import memcache, images
import json
+import os
import re
import urllib
import webapp2
+DEBUG=os.environ.get('SERVER_SOFTWARE', '').startswith('Dev')
WEBSITE = 'https://blueimp.github.io/jQuery-File-Upload/'
MIN_FILE_SIZE = 1 # bytes
-MAX_FILE_SIZE = 5000000 # bytes
+# Max file size is memcache limit (1MB) minus key size minus overhead:
+MAX_FILE_SIZE = 999000 # bytes
IMAGE_TYPES = re.compile('image/(gif|p?jpeg|(x-)?png)')
ACCEPT_FILE_TYPES = IMAGE_TYPES
-THUMBNAIL_MODIFICATOR = '=s80' # max width / height
+THUMB_MAX_WIDTH = 80
+THUMB_MAX_HEIGHT = 80
+THUMB_SUFFIX = '.'+str(THUMB_MAX_WIDTH)+'x'+str(THUMB_MAX_HEIGHT)+'.png'
EXPIRATION_TIME = 300 # seconds
+# If set to None, only allow redirects to the referer protocol+host.
+# Set to a regexp for custom pattern matching against the redirect value:
+REDIRECT_ALLOW_TARGET = None
+
+class CORSHandler(webapp2.RequestHandler):
+ def cors(self):
+ headers = self.response.headers
+ headers['Access-Control-Allow-Origin'] = '*'
+ headers['Access-Control-Allow-Methods'] =\
+ 'OPTIONS, HEAD, GET, POST, DELETE'
+ headers['Access-Control-Allow-Headers'] =\
+ 'Content-Type, Content-Range, Content-Disposition'
+ def initialize(self, request, response):
+ super(CORSHandler, self).initialize(request, response)
+ self.cors()
-def cleanup(blob_keys):
- blobstore.delete(blob_keys)
-
-
-class UploadHandler(webapp2.RequestHandler):
+ def json_stringify(self, obj):
+ return json.dumps(obj, separators=(',', ':'))
- def initialize(self, request, response):
- super(UploadHandler, self).initialize(request, response)
- self.response.headers['Access-Control-Allow-Origin'] = '*'
- self.response.headers[
- 'Access-Control-Allow-Methods'
- ] = 'OPTIONS, HEAD, GET, POST, PUT, DELETE'
- self.response.headers[
- 'Access-Control-Allow-Headers'
- ] = 'Content-Type, Content-Range, Content-Disposition'
+ def options(self, *args, **kwargs):
+ pass
+class UploadHandler(CORSHandler):
def validate(self, file):
if file['size'] < MIN_FILE_SIZE:
file['error'] = 'File is too small'
@@ -55,6 +63,20 @@ class UploadHandler(webapp2.RequestHandler):
return True
return False
+ def validate_redirect(self, redirect):
+ if redirect:
+ if REDIRECT_ALLOW_TARGET:
+ return REDIRECT_ALLOW_TARGET.match(redirect)
+ referer = self.request.headers['referer']
+ if referer:
+ from urlparse import urlparse
+ parts = urlparse(referer)
+ redirect_allow_target = '^' + re.escape(
+ parts.scheme + '://' + parts.netloc + '/'
+ )
+ return re.match(redirect_allow_target, redirect)
+ return False
+
def get_file_size(self, file):
file.seek(0, 2) # Seek to the end of the file
size = file.tell() # Get the position of EOF
@@ -62,64 +84,58 @@ class UploadHandler(webapp2.RequestHandler):
return size
def write_blob(self, data, info):
- blob = files.blobstore.create(
- mime_type=info['type'],
- _blobinfo_uploaded_filename=info['name']
- )
- with files.open(blob, 'a') as f:
- f.write(data)
- files.finalize(blob)
- return files.blobstore.get_blob_key(blob)
+ key = urllib.quote(info['type'].encode('utf-8'), '') +\
+ '/' + str(hash(data)) +\
+ '/' + urllib.quote(info['name'].encode('utf-8'), '')
+ try:
+ memcache.set(key, data, time=EXPIRATION_TIME)
+ except: #Failed to add to memcache
+ return (None, None)
+ thumbnail_key = None
+ if IMAGE_TYPES.match(info['type']):
+ try:
+ img = images.Image(image_data=data)
+ img.resize(
+ width=THUMB_MAX_WIDTH,
+ height=THUMB_MAX_HEIGHT
+ )
+ thumbnail_data = img.execute_transforms()
+ thumbnail_key = key + THUMB_SUFFIX
+ memcache.set(
+ thumbnail_key,
+ thumbnail_data,
+ time=EXPIRATION_TIME
+ )
+ except: #Failed to resize Image or add to memcache
+ thumbnail_key = None
+ return (key, thumbnail_key)
def handle_upload(self):
results = []
- blob_keys = []
for name, fieldStorage in self.request.POST.items():
if type(fieldStorage) is unicode:
continue
result = {}
- result['name'] = re.sub(
- r'^.*\\',
- '',
- fieldStorage.filename
- )
+ result['name'] = urllib.unquote(fieldStorage.filename)
result['type'] = fieldStorage.type
result['size'] = self.get_file_size(fieldStorage.file)
if self.validate(result):
- blob_key = str(
- self.write_blob(fieldStorage.value, result)
+ key, thumbnail_key = self.write_blob(
+ fieldStorage.value,
+ result
)
- blob_keys.append(blob_key)
- result['deleteType'] = 'DELETE'
- result['deleteUrl'] = self.request.host_url +\
- '/?key=' + urllib.quote(blob_key, '')
- if (IMAGE_TYPES.match(result['type'])):
- try:
- result['url'] = images.get_serving_url(
- blob_key,
- secure_url=self.request.host_url.startswith(
- 'https'
- )
- )
- result['thumbnailUrl'] = result['url'] +\
- THUMBNAIL_MODIFICATOR
- except: # Could not get an image serving url
- pass
- if not 'url' in result:
- result['url'] = self.request.host_url +\
- '/' + blob_key + '/' + urllib.quote(
- result['name'].encode('utf-8'), '')
+ if key is not None:
+ result['url'] = self.request.host_url + '/' + key
+ result['deleteUrl'] = result['url']
+ result['deleteType'] = 'DELETE'
+ if thumbnail_key is not None:
+ result['thumbnailUrl'] = self.request.host_url +\
+ '/' + thumbnail_key
+ else:
+ result['error'] = 'Failed to store uploaded file.'
results.append(result)
- deferred.defer(
- cleanup,
- blob_keys,
- _countdown=EXPIRATION_TIME
- )
return results
- def options(self):
- pass
-
def head(self):
pass
@@ -130,9 +146,9 @@ class UploadHandler(webapp2.RequestHandler):
if (self.request.get('_method') == 'DELETE'):
return self.delete()
result = {'files': self.handle_upload()}
- s = json.dumps(result, separators=(',', ':'))
+ s = self.json_stringify(result)
redirect = self.request.get('redirect')
- if redirect:
+ if self.validate_redirect(redirect):
return self.redirect(str(
redirect.replace('%s', urllib.quote(s, ''), 1)
))
@@ -140,31 +156,49 @@ class UploadHandler(webapp2.RequestHandler):
self.response.headers['Content-Type'] = 'application/json'
self.response.write(s)
- def delete(self):
- key = self.request.get('key') or ''
- blobstore.delete(key)
- s = json.dumps({key: True}, separators=(',', ':'))
+class FileHandler(CORSHandler):
+ def normalize(self, str):
+ return urllib.quote(urllib.unquote(str), '')
+
+ def get(self, content_type, data_hash, file_name):
+ content_type = self.normalize(content_type)
+ file_name = self.normalize(file_name)
+ key = content_type + '/' + data_hash + '/' + file_name
+ data = memcache.get(key)
+ if data is None:
+ return self.error(404)
+ # Prevent browsers from MIME-sniffing the content-type:
+ self.response.headers['X-Content-Type-Options'] = 'nosniff'
+ content_type = urllib.unquote(content_type)
+ if not IMAGE_TYPES.match(content_type):
+ # Force a download dialog for non-image types:
+ content_type = 'application/octet-stream'
+ elif file_name.endswith(THUMB_SUFFIX):
+ content_type = 'image/png'
+ self.response.headers['Content-Type'] = content_type
+ # Cache for the expiration time:
+ self.response.headers['Cache-Control'] = 'public,max-age=%d' \
+ % EXPIRATION_TIME
+ self.response.write(data)
+
+ def delete(self, content_type, data_hash, file_name):
+ content_type = self.normalize(content_type)
+ file_name = self.normalize(file_name)
+ key = content_type + '/' + data_hash + '/' + file_name
+ result = {key: memcache.delete(key)}
+ content_type = urllib.unquote(content_type)
+ if IMAGE_TYPES.match(content_type):
+ thumbnail_key = key + THUMB_SUFFIX
+ result[thumbnail_key] = memcache.delete(thumbnail_key)
if 'application/json' in self.request.headers.get('Accept'):
self.response.headers['Content-Type'] = 'application/json'
+ s = self.json_stringify(result)
self.response.write(s)
-
-class DownloadHandler(blobstore_handlers.BlobstoreDownloadHandler):
- def get(self, key, filename):
- if not blobstore.get(key):
- self.error(404)
- else:
- # Prevent browsers from MIME-sniffing the content-type:
- self.response.headers['X-Content-Type-Options'] = 'nosniff'
- # Cache for the expiration time:
- self.response.headers['Cache-Control'] = 'public,max-age=%d' % EXPIRATION_TIME
- # Send the file forcing a download dialog:
- self.send_blob(key, save_as=filename, content_type='application/octet-stream')
-
app = webapp2.WSGIApplication(
[
('/', UploadHandler),
- ('/([^/]+)/([^/]+)', DownloadHandler)
+ ('/(.+)/([^/]+)/([^/]+)', FileHandler)
],
- debug=True
+ debug=DEBUG
)
diff --git a/library/blueimp_upload/server/node/.gitignore b/library/blueimp_upload/server/node/.gitignore
deleted file mode 100644
index 9daa8247d..000000000
--- a/library/blueimp_upload/server/node/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-.DS_Store
-node_modules
diff --git a/library/blueimp_upload/server/node/package.json b/library/blueimp_upload/server/node/package.json
deleted file mode 100644
index dd38c50ca..000000000
--- a/library/blueimp_upload/server/node/package.json
+++ /dev/null
@@ -1,41 +0,0 @@
-{
- "name": "blueimp-file-upload-node",
- "version": "2.1.0",
- "title": "jQuery File Upload Node.js example",
- "description": "Node.js implementation example of a file upload handler for jQuery File Upload.",
- "keywords": [
- "file",
- "upload",
- "cross-domain",
- "cross-site",
- "node"
- ],
- "homepage": "https://github.com/blueimp/jQuery-File-Upload",
- "author": {
- "name": "Sebastian Tschan",
- "url": "https://blueimp.net"
- },
- "maintainers": [
- {
- "name": "Sebastian Tschan",
- "url": "https://blueimp.net"
- }
- ],
- "repository": {
- "type": "git",
- "url": "git://github.com/blueimp/jQuery-File-Upload.git"
- },
- "bugs": "https://github.com/blueimp/jQuery-File-Upload/issues",
- "licenses": [
- {
- "type": "MIT",
- "url": "http://www.opensource.org/licenses/MIT"
- }
- ],
- "dependencies": {
- "formidable": ">=1.0.11",
- "node-static": ">=0.6.5",
- "imagemagick": ">=0.1.3"
- },
- "main": "server.js"
-}
diff --git a/library/blueimp_upload/server/node/public/files/.gitignore b/library/blueimp_upload/server/node/public/files/.gitignore
deleted file mode 100644
index d6b7ef32c..000000000
--- a/library/blueimp_upload/server/node/public/files/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-*
-!.gitignore
diff --git a/library/blueimp_upload/server/node/server.js b/library/blueimp_upload/server/node/server.js
deleted file mode 100755
index 808d6ffe1..000000000
--- a/library/blueimp_upload/server/node/server.js
+++ /dev/null
@@ -1,292 +0,0 @@
-#!/usr/bin/nodejs
-/*
- * jQuery File Upload Plugin Node.js Example 2.1.2
- * https://github.com/blueimp/jQuery-File-Upload
- *
- * Copyright 2012, Sebastian Tschan
- * https://blueimp.net
- *
- * Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
- */
-
-/* jshint nomen:false */
-/* global require, __dirname, unescape, console */
-
-(function (port) {
- 'use strict';
- var path = require('path'),
- fs = require('fs'),
- // Since Node 0.8, .existsSync() moved from path to fs:
- _existsSync = fs.existsSync || path.existsSync,
- formidable = require('formidable'),
- nodeStatic = require('node-static'),
- imageMagick = require('imagemagick'),
- options = {
- tmpDir: __dirname + '/tmp',
- publicDir: __dirname + '/public',
- uploadDir: __dirname + '/public/files',
- uploadUrl: '/files/',
- maxPostSize: 11000000000, // 11 GB
- minFileSize: 1,
- maxFileSize: 10000000000, // 10 GB
- acceptFileTypes: /.+/i,
- // Files not matched by this regular expression force a download dialog,
- // to prevent executing any scripts in the context of the service domain:
- inlineFileTypes: /\.(gif|jpe?g|png)$/i,
- imageTypes: /\.(gif|jpe?g|png)$/i,
- imageVersions: {
- 'thumbnail': {
- width: 80,
- height: 80
- }
- },
- accessControl: {
- allowOrigin: '*',
- allowMethods: 'OPTIONS, HEAD, GET, POST, PUT, DELETE',
- allowHeaders: 'Content-Type, Content-Range, Content-Disposition'
- },
- /* Uncomment and edit this section to provide the service via HTTPS:
- ssl: {
- key: fs.readFileSync('/Applications/XAMPP/etc/ssl.key/server.key'),
- cert: fs.readFileSync('/Applications/XAMPP/etc/ssl.crt/server.crt')
- },
- */
- nodeStatic: {
- cache: 3600 // seconds to cache served files
- }
- },
- utf8encode = function (str) {
- return unescape(encodeURIComponent(str));
- },
- fileServer = new nodeStatic.Server(options.publicDir, options.nodeStatic),
- nameCountRegexp = /(?:(?: \(([\d]+)\))?(\.[^.]+))?$/,
- nameCountFunc = function (s, index, ext) {
- return ' (' + ((parseInt(index, 10) || 0) + 1) + ')' + (ext || '');
- },
- FileInfo = function (file) {
- this.name = file.name;
- this.size = file.size;
- this.type = file.type;
- this.deleteType = 'DELETE';
- },
- UploadHandler = function (req, res, callback) {
- this.req = req;
- this.res = res;
- this.callback = callback;
- },
- serve = function (req, res) {
- res.setHeader(
- 'Access-Control-Allow-Origin',
- options.accessControl.allowOrigin
- );
- res.setHeader(
- 'Access-Control-Allow-Methods',
- options.accessControl.allowMethods
- );
- res.setHeader(
- 'Access-Control-Allow-Headers',
- options.accessControl.allowHeaders
- );
- var handleResult = function (result, redirect) {
- if (redirect) {
- res.writeHead(302, {
- 'Location': redirect.replace(
- /%s/,
- encodeURIComponent(JSON.stringify(result))
- )
- });
- res.end();
- } else {
- res.writeHead(200, {
- 'Content-Type': req.headers.accept
- .indexOf('application/json') !== -1 ?
- 'application/json' : 'text/plain'
- });
- res.end(JSON.stringify(result));
- }
- },
- setNoCacheHeaders = function () {
- res.setHeader('Pragma', 'no-cache');
- res.setHeader('Cache-Control', 'no-store, no-cache, must-revalidate');
- res.setHeader('Content-Disposition', 'inline; filename="files.json"');
- },
- handler = new UploadHandler(req, res, handleResult);
- switch (req.method) {
- case 'OPTIONS':
- res.end();
- break;
- case 'HEAD':
- case 'GET':
- if (req.url === '/') {
- setNoCacheHeaders();
- if (req.method === 'GET') {
- handler.get();
- } else {
- res.end();
- }
- } else {
- fileServer.serve(req, res);
- }
- break;
- case 'POST':
- setNoCacheHeaders();
- handler.post();
- break;
- case 'DELETE':
- handler.destroy();
- break;
- default:
- res.statusCode = 405;
- res.end();
- }
- };
- fileServer.respond = function (pathname, status, _headers, files, stat, req, res, finish) {
- // Prevent browsers from MIME-sniffing the content-type:
- _headers['X-Content-Type-Options'] = 'nosniff';
- if (!options.inlineFileTypes.test(files[0])) {
- // Force a download dialog for unsafe file extensions:
- _headers['Content-Type'] = 'application/octet-stream';
- _headers['Content-Disposition'] = 'attachment; filename="' +
- utf8encode(path.basename(files[0])) + '"';
- }
- nodeStatic.Server.prototype.respond
- .call(this, pathname, status, _headers, files, stat, req, res, finish);
- };
- FileInfo.prototype.validate = function () {
- if (options.minFileSize && options.minFileSize > this.size) {
- this.error = 'File is too small';
- } else if (options.maxFileSize && options.maxFileSize < this.size) {
- this.error = 'File is too big';
- } else if (!options.acceptFileTypes.test(this.name)) {
- this.error = 'Filetype not allowed';
- }
- return !this.error;
- };
- FileInfo.prototype.safeName = function () {
- // Prevent directory traversal and creating hidden system files:
- this.name = path.basename(this.name).replace(/^\.+/, '');
- // Prevent overwriting existing files:
- while (_existsSync(options.uploadDir + '/' + this.name)) {
- this.name = this.name.replace(nameCountRegexp, nameCountFunc);
- }
- };
- FileInfo.prototype.initUrls = function (req) {
- if (!this.error) {
- var that = this,
- baseUrl = (options.ssl ? 'https:' : 'http:') +
- '//' + req.headers.host + options.uploadUrl;
- this.url = this.deleteUrl = baseUrl + encodeURIComponent(this.name);
- Object.keys(options.imageVersions).forEach(function (version) {
- if (_existsSync(
- options.uploadDir + '/' + version + '/' + that.name
- )) {
- that[version + 'Url'] = baseUrl + version + '/' +
- encodeURIComponent(that.name);
- }
- });
- }
- };
- UploadHandler.prototype.get = function () {
- var handler = this,
- files = [];
- fs.readdir(options.uploadDir, function (err, list) {
- list.forEach(function (name) {
- var stats = fs.statSync(options.uploadDir + '/' + name),
- fileInfo;
- if (stats.isFile() && name[0] !== '.') {
- fileInfo = new FileInfo({
- name: name,
- size: stats.size
- });
- fileInfo.initUrls(handler.req);
- files.push(fileInfo);
- }
- });
- handler.callback({files: files});
- });
- };
- UploadHandler.prototype.post = function () {
- var handler = this,
- form = new formidable.IncomingForm(),
- tmpFiles = [],
- files = [],
- map = {},
- counter = 1,
- redirect,
- finish = function () {
- counter -= 1;
- if (!counter) {
- files.forEach(function (fileInfo) {
- fileInfo.initUrls(handler.req);
- });
- handler.callback({files: files}, redirect);
- }
- };
- form.uploadDir = options.tmpDir;
- form.on('fileBegin', function (name, file) {
- tmpFiles.push(file.path);
- var fileInfo = new FileInfo(file);
- fileInfo.safeName();
- map[path.basename(file.path)] = fileInfo;
- files.push(fileInfo);
- }).on('field', function (name, value) {
- if (name === 'redirect') {
- redirect = value;
- }
- }).on('file', function (name, file) {
- var fileInfo = map[path.basename(file.path)];
- fileInfo.size = file.size;
- if (!fileInfo.validate()) {
- fs.unlink(file.path);
- return;
- }
- fs.renameSync(file.path, options.uploadDir + '/' + fileInfo.name);
- if (options.imageTypes.test(fileInfo.name)) {
- Object.keys(options.imageVersions).forEach(function (version) {
- counter += 1;
- var opts = options.imageVersions[version];
- imageMagick.resize({
- width: opts.width,
- height: opts.height,
- srcPath: options.uploadDir + '/' + fileInfo.name,
- dstPath: options.uploadDir + '/' + version + '/' +
- fileInfo.name
- }, finish);
- });
- }
- }).on('aborted', function () {
- tmpFiles.forEach(function (file) {
- fs.unlink(file);
- });
- }).on('error', function (e) {
- console.log(e);
- }).on('progress', function (bytesReceived) {
- if (bytesReceived > options.maxPostSize) {
- handler.req.connection.destroy();
- }
- }).on('end', finish).parse(handler.req);
- };
- UploadHandler.prototype.destroy = function () {
- var handler = this,
- fileName;
- if (handler.req.url.slice(0, options.uploadUrl.length) === options.uploadUrl) {
- fileName = path.basename(decodeURIComponent(handler.req.url));
- if (fileName[0] !== '.') {
- fs.unlink(options.uploadDir + '/' + fileName, function (ex) {
- Object.keys(options.imageVersions).forEach(function (version) {
- fs.unlink(options.uploadDir + '/' + version + '/' + fileName);
- });
- handler.callback({success: !ex});
- });
- return;
- }
- }
- handler.callback({success: false});
- };
- if (options.ssl) {
- require('https').createServer(options.ssl, serve).listen(port);
- } else {
- require('http').createServer(serve).listen(port);
- }
-}(8888));
diff --git a/library/blueimp_upload/server/node/tmp/.gitignore b/library/blueimp_upload/server/node/tmp/.gitignore
deleted file mode 100644
index e69de29bb..000000000
--- a/library/blueimp_upload/server/node/tmp/.gitignore
+++ /dev/null
diff --git a/library/blueimp_upload/server/php/Dockerfile b/library/blueimp_upload/server/php/Dockerfile
new file mode 100644
index 000000000..ca88d3d0d
--- /dev/null
+++ b/library/blueimp_upload/server/php/Dockerfile
@@ -0,0 +1,38 @@
+FROM php:7.0-apache
+
+# Enable the Apache Headers module:
+RUN ln -s /etc/apache2/mods-available/headers.load \
+ /etc/apache2/mods-enabled/headers.load
+
+# Enable the Apache Rewrite module:
+RUN ln -s /etc/apache2/mods-available/rewrite.load \
+ /etc/apache2/mods-enabled/rewrite.load
+
+# Install GD, Imagick and ImageMagick as image conversion options:
+RUN DEBIAN_FRONTEND=noninteractive \
+ apt-get update && apt-get install -y --no-install-recommends \
+ libpng-dev \
+ libjpeg-dev \
+ libmagickwand-dev \
+ imagemagick \
+ && pecl install \
+ imagick \
+ && docker-php-ext-enable \
+ imagick \
+ && docker-php-ext-configure \
+ gd --with-jpeg-dir=/usr/include/ \
+ && docker-php-ext-install \
+ gd \
+ # Uninstall obsolete packages:
+ && apt-get autoremove -y \
+ libpng-dev \
+ libjpeg-dev \
+ libmagickwand-dev \
+ # Remove obsolete files:
+ && apt-get clean \
+ && rm -rf \
+ /tmp/* \
+ /usr/share/doc/* \
+ /var/cache/* \
+ /var/lib/apt/lists/* \
+ /var/tmp/*
diff --git a/library/blueimp_upload/server/php/UploadHandler.php b/library/blueimp_upload/server/php/UploadHandler.php
index fb77be1d0..1380d4739 100755
--- a/library/blueimp_upload/server/php/UploadHandler.php
+++ b/library/blueimp_upload/server/php/UploadHandler.php
@@ -1,13 +1,13 @@
<?php
/*
- * jQuery File Upload Plugin PHP Class 8.1.0
+ * jQuery File Upload Plugin PHP Class
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2010, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
+ * https://opensource.org/licenses/MIT
*/
class UploadHandler
@@ -40,11 +40,13 @@ class UploadHandler
protected $image_objects = array();
- function __construct($options = null, $initialize = true, $error_messages = null) {
+ public function __construct($options = null, $initialize = true, $error_messages = null) {
+ $this->response = array();
$this->options = array(
- 'script_url' => $this->get_full_url().'/',
+ 'script_url' => $this->get_full_url().'/'.$this->basename($this->get_server_var('SCRIPT_NAME')),
'upload_dir' => dirname($this->get_server_var('SCRIPT_FILENAME')).'/files/',
'upload_url' => $this->get_full_url().'/files/',
+ 'input_stream' => 'php://input',
'user_dirs' => false,
'mkdir_mode' => 0755,
'param_name' => 'files',
@@ -67,6 +69,14 @@ class UploadHandler
'Content-Range',
'Content-Disposition'
),
+ // By default, allow redirects to the referer protocol+host:
+ 'redirect_allow_target' => '/^'.preg_quote(
+ parse_url($this->get_server_var('HTTP_REFERER'), PHP_URL_SCHEME)
+ .'://'
+ .parse_url($this->get_server_var('HTTP_REFERER'), PHP_URL_HOST)
+ .'/', // Trailing slash to not match subdomains by mistake
+ '/' // preg_quote delimiter param
+ ).'/',
// Enable to provide file downloads via GET requests to the PHP script:
// 1. Set to 1 to download files via readfile method through PHP
// 2. Set to 2 to send a X-Sendfile header for lighttpd/Apache
@@ -147,7 +157,8 @@ class UploadHandler
'max_width' => 80,
'max_height' => 80
)
- )
+ ),
+ 'print_response' => true
);
if ($options) {
$this->options = $options + $this->options;
@@ -167,15 +178,15 @@ class UploadHandler
$this->head();
break;
case 'GET':
- $this->get();
+ $this->get($this->options['print_response']);
break;
case 'PATCH':
case 'PUT':
case 'POST':
- $this->post();
+ $this->post($this->options['print_response']);
break;
case 'DELETE':
- $this->delete();
+ $this->delete($this->options['print_response']);
break;
default:
$this->header('HTTP/1.1 405 Method Not Allowed');
@@ -300,7 +311,7 @@ class UploadHandler
$this->get_upload_path($file_name)
);
$file->url = $this->get_download_url($file->name);
- foreach($this->options['image_versions'] as $version => $options) {
+ foreach ($this->options['image_versions'] as $version => $options) {
if (!empty($version)) {
if (is_file($this->get_upload_path($file_name, $version))) {
$file->{$version.'Url'} = $this->get_download_url(
@@ -332,14 +343,15 @@ class UploadHandler
}
protected function get_error_message($error) {
- return array_key_exists($error, $this->error_messages) ?
+ return isset($this->error_messages[$error]) ?
$this->error_messages[$error] : $error;
}
- function get_config_bytes($val) {
+ public function get_config_bytes($val) {
$val = trim($val);
$last = strtolower($val[strlen($val)-1]);
- switch($last) {
+ $val = (int)$val;
+ switch ($last) {
case 'g':
$val *= 1024;
case 'm':
@@ -355,9 +367,9 @@ class UploadHandler
$file->error = $this->get_error_message($error);
return false;
}
- $content_length = $this->fix_integer_overflow(intval(
- $this->get_server_var('CONTENT_LENGTH')
- ));
+ $content_length = $this->fix_integer_overflow(
+ (int)$this->get_server_var('CONTENT_LENGTH')
+ );
$post_max_size = $this->get_config_bytes(ini_get('post_max_size'));
if ($post_max_size && ($content_length > $post_max_size)) {
$file->error = $this->get_error_message('post_max_size');
@@ -398,6 +410,21 @@ class UploadHandler
if (($max_width || $max_height || $min_width || $min_height)
&& preg_match($this->options['image_file_types'], $file->name)) {
list($img_width, $img_height) = $this->get_image_size($uploaded_file);
+
+ // If we are auto rotating the image by default, do the checks on
+ // the correct orientation
+ if (
+ @$this->options['image_versions']['']['auto_orient'] &&
+ function_exists('exif_read_data') &&
+ ($exif = @exif_read_data($uploaded_file)) &&
+ (((int) @$exif['Orientation']) >= 5)
+ ) {
+ $tmp = $img_width;
+ $img_width = $img_height;
+ $img_height = $tmp;
+ unset($tmp);
+ }
+
}
if (!empty($img_width)) {
if ($max_width && $img_width > $max_width) {
@@ -421,7 +448,7 @@ class UploadHandler
}
protected function upcount_name_callback($matches) {
- $index = isset($matches[1]) ? intval($matches[1]) + 1 : 1;
+ $index = isset($matches[1]) ? ((int)$matches[1]) + 1 : 1;
$ext = isset($matches[2]) ? $matches[2] : '';
return ' ('.$index.')'.$ext;
}
@@ -441,8 +468,8 @@ class UploadHandler
$name = $this->upcount_name($name);
}
// Keep an existing filename if this is part of a chunked upload:
- $uploaded_bytes = $this->fix_integer_overflow(intval($content_range[1]));
- while(is_file($this->get_upload_path($name))) {
+ $uploaded_bytes = $this->fix_integer_overflow((int)$content_range[1]);
+ while (is_file($this->get_upload_path($name))) {
if ($uploaded_bytes === $this->get_file_size(
$this->get_upload_path($name))) {
break;
@@ -461,7 +488,7 @@ class UploadHandler
}
if ($this->options['correct_image_extensions'] &&
function_exists('exif_imagetype')) {
- switch(@exif_imagetype($file_path)){
+ switch (@exif_imagetype($file_path)){
case IMAGETYPE_JPEG:
$extensions = array('jpg', 'jpeg');
break;
@@ -491,7 +518,7 @@ class UploadHandler
// Remove path information and dots around the filename, to prevent uploading
// into different directories or replacing hidden system files.
// Also remove control characters and spaces (\x00..\x20) around the filename:
- $name = trim(basename(stripslashes($name)), ".\x00..\x20");
+ $name = trim($this->basename(stripslashes($name)), ".\x00..\x20");
// Use a timestamp for empty filenames:
if (!$name) {
$name = str_replace('.', '-', microtime(true));
@@ -515,10 +542,6 @@ class UploadHandler
);
}
- protected function handle_form_data($file, $index) {
- // Handle form data, e.g. $_REQUEST['description'][$index]
- }
-
protected function get_scaled_image_file_paths($file_name, $version) {
$file_path = $this->get_upload_path($file_name);
if (!empty($version)) {
@@ -601,7 +624,7 @@ class UploadHandler
if ($exif === false) {
return false;
}
- $orientation = intval(@$exif['Orientation']);
+ $orientation = (int)@$exif['Orientation'];
if ($orientation < 2 || $orientation > 8) {
return false;
}
@@ -825,7 +848,7 @@ class UploadHandler
$this->get_scaled_image_file_paths($file_name, $version);
$image = $this->imagick_get_image_object(
$file_path,
- !empty($options['no_cache'])
+ !empty($options['crop']) || !empty($options['no_cache'])
);
if ($image->getImageFormat() === 'GIF') {
// Handle animated GIFs:
@@ -955,7 +978,7 @@ class UploadHandler
return $dimensions;
}
return false;
- } catch (Exception $e) {
+ } catch (\Exception $e) {
error_log($e->getMessage());
}
}
@@ -965,7 +988,7 @@ class UploadHandler
exec($cmd, $output, $error);
if (!$error && !empty($output)) {
// image.jpg JPEG 1920x1080 1920x1080+0+0 8-bit sRGB 465KB 0.000u 0:00.000
- $infos = preg_split('/\s+/', $output[0]);
+ $infos = preg_split('/\s+/', substr($output[0], strlen($file_path)));
$dimensions = preg_split('/x/', $infos[2]);
return $dimensions;
}
@@ -1008,7 +1031,7 @@ class UploadHandler
protected function handle_image_file($file_path, $file) {
$failed_versions = array();
- foreach($this->options['image_versions'] as $version => $options) {
+ foreach ($this->options['image_versions'] as $version => $options) {
if ($this->create_scaled_image($file->name, $version, $options)) {
if (!empty($version)) {
$file->{$version.'Url'} = $this->get_download_url(
@@ -1024,7 +1047,7 @@ class UploadHandler
}
if (count($failed_versions)) {
$file->error = $this->get_error_message('image_resize')
- .' ('.implode($failed_versions,', ').')';
+ .' ('.implode($failed_versions, ', ').')';
}
// Free memory:
$this->destroy_image_object($file_path);
@@ -1035,7 +1058,7 @@ class UploadHandler
$file = new \stdClass();
$file->name = $this->get_file_name($uploaded_file, $name, $size, $type, $error,
$index, $content_range);
- $file->size = $this->fix_integer_overflow(intval($size));
+ $file->size = $this->fix_integer_overflow((int)$size);
$file->type = $type;
if ($this->validate($uploaded_file, $file, $error, $index)) {
$this->handle_form_data($file, $index);
@@ -1061,7 +1084,7 @@ class UploadHandler
// Non-multipart uploads (PUT method support)
file_put_contents(
$file_path,
- fopen('php://input', 'r'),
+ fopen($this->options['input_stream'], 'r'),
$append_file ? FILE_APPEND : 0
);
}
@@ -1102,41 +1125,33 @@ class UploadHandler
protected function body($str) {
echo $str;
}
-
+
protected function header($str) {
header($str);
}
+ protected function get_upload_data($id) {
+ return @$_FILES[$id];
+ }
+
+ protected function get_post_param($id) {
+ return @$_POST[$id];
+ }
+
+ protected function get_query_param($id) {
+ return @$_GET[$id];
+ }
+
protected function get_server_var($id) {
- return isset($_SERVER[$id]) ? $_SERVER[$id] : '';
+ return @$_SERVER[$id];
}
- protected function generate_response($content, $print_response = true) {
- if ($print_response) {
- $json = json_encode($content);
- $redirect = isset($_REQUEST['redirect']) ?
- stripslashes($_REQUEST['redirect']) : null;
- if ($redirect) {
- $this->header('Location: '.sprintf($redirect, rawurlencode($json)));
- return;
- }
- $this->head();
- if ($this->get_server_var('HTTP_CONTENT_RANGE')) {
- $files = isset($content[$this->options['param_name']]) ?
- $content[$this->options['param_name']] : null;
- if ($files && is_array($files) && is_object($files[0]) && $files[0]->size) {
- $this->header('Range: 0-'.(
- $this->fix_integer_overflow(intval($files[0]->size)) - 1
- ));
- }
- }
- $this->body($json);
- }
- return $content;
+ protected function handle_form_data($file, $index) {
+ // Handle form data, e.g. $_POST['description'][$index]
}
protected function get_version_param() {
- return isset($_GET['version']) ? basename(stripslashes($_GET['version'])) : null;
+ return $this->basename(stripslashes($this->get_query_param('version')));
}
protected function get_singular_param_name() {
@@ -1145,14 +1160,16 @@ class UploadHandler
protected function get_file_name_param() {
$name = $this->get_singular_param_name();
- return isset($_REQUEST[$name]) ? basename(stripslashes($_REQUEST[$name])) : null;
+ return $this->basename(stripslashes($this->get_query_param($name)));
}
protected function get_file_names_params() {
- $params = isset($_REQUEST[$this->options['param_name']]) ?
- $_REQUEST[$this->options['param_name']] : array();
+ $params = $this->get_query_param($this->options['param_name']);
+ if (!$params) {
+ return null;
+ }
foreach ($params as $key => $value) {
- $params[$key] = basename(stripslashes($value));
+ $params[$key] = $this->basename(stripslashes($value));
}
return $params;
}
@@ -1232,6 +1249,34 @@ class UploadHandler
.implode(', ', $this->options['access_control_allow_headers']));
}
+ public function generate_response($content, $print_response = true) {
+ $this->response = $content;
+ if ($print_response) {
+ $json = json_encode($content);
+ $redirect = stripslashes($this->get_post_param('redirect'));
+ if ($redirect && preg_match($this->options['redirect_allow_target'], $redirect)) {
+ $this->header('Location: '.sprintf($redirect, rawurlencode($json)));
+ return;
+ }
+ $this->head();
+ if ($this->get_server_var('HTTP_CONTENT_RANGE')) {
+ $files = isset($content[$this->options['param_name']]) ?
+ $content[$this->options['param_name']] : null;
+ if ($files && is_array($files) && is_object($files[0]) && $files[0]->size) {
+ $this->header('Range: 0-'.(
+ $this->fix_integer_overflow((int)$files[0]->size) - 1
+ ));
+ }
+ }
+ $this->body($json);
+ }
+ return $content;
+ }
+
+ public function get_response () {
+ return $this->response;
+ }
+
public function head() {
$this->header('Pragma: no-cache');
$this->header('Cache-Control: no-store, no-cache, must-revalidate');
@@ -1245,7 +1290,7 @@ class UploadHandler
}
public function get($print_response = true) {
- if ($print_response && isset($_GET['download'])) {
+ if ($print_response && $this->get_query_param('download')) {
return $this->download();
}
$file_name = $this->get_file_name_param();
@@ -1262,58 +1307,59 @@ class UploadHandler
}
public function post($print_response = true) {
- if (isset($_REQUEST['_method']) && $_REQUEST['_method'] === 'DELETE') {
+ if ($this->get_query_param('_method') === 'DELETE') {
return $this->delete($print_response);
}
- $upload = isset($_FILES[$this->options['param_name']]) ?
- $_FILES[$this->options['param_name']] : null;
+ $upload = $this->get_upload_data($this->options['param_name']);
// Parse the Content-Disposition header, if available:
- $file_name = $this->get_server_var('HTTP_CONTENT_DISPOSITION') ?
+ $content_disposition_header = $this->get_server_var('HTTP_CONTENT_DISPOSITION');
+ $file_name = $content_disposition_header ?
rawurldecode(preg_replace(
'/(^[^"]+")|("$)/',
'',
- $this->get_server_var('HTTP_CONTENT_DISPOSITION')
+ $content_disposition_header
)) : null;
// Parse the Content-Range header, which has the following form:
// Content-Range: bytes 0-524287/2000000
- $content_range = $this->get_server_var('HTTP_CONTENT_RANGE') ?
- preg_split('/[^0-9]+/', $this->get_server_var('HTTP_CONTENT_RANGE')) : null;
+ $content_range_header = $this->get_server_var('HTTP_CONTENT_RANGE');
+ $content_range = $content_range_header ?
+ preg_split('/[^0-9]+/', $content_range_header) : null;
$size = $content_range ? $content_range[3] : null;
$files = array();
- if ($upload && is_array($upload['tmp_name'])) {
- // param_name is an array identifier like "files[]",
- // $_FILES is a multi-dimensional array:
- foreach ($upload['tmp_name'] as $index => $value) {
+ if ($upload) {
+ if (is_array($upload['tmp_name'])) {
+ // param_name is an array identifier like "files[]",
+ // $upload is a multi-dimensional array:
+ foreach ($upload['tmp_name'] as $index => $value) {
+ $files[] = $this->handle_file_upload(
+ $upload['tmp_name'][$index],
+ $file_name ? $file_name : $upload['name'][$index],
+ $size ? $size : $upload['size'][$index],
+ $upload['type'][$index],
+ $upload['error'][$index],
+ $index,
+ $content_range
+ );
+ }
+ } else {
+ // param_name is a single object identifier like "file",
+ // $upload is a one-dimensional array:
$files[] = $this->handle_file_upload(
- $upload['tmp_name'][$index],
- $file_name ? $file_name : $upload['name'][$index],
- $size ? $size : $upload['size'][$index],
- $upload['type'][$index],
- $upload['error'][$index],
- $index,
+ isset($upload['tmp_name']) ? $upload['tmp_name'] : null,
+ $file_name ? $file_name : (isset($upload['name']) ?
+ $upload['name'] : null),
+ $size ? $size : (isset($upload['size']) ?
+ $upload['size'] : $this->get_server_var('CONTENT_LENGTH')),
+ isset($upload['type']) ?
+ $upload['type'] : $this->get_server_var('CONTENT_TYPE'),
+ isset($upload['error']) ? $upload['error'] : null,
+ null,
$content_range
);
}
- } else {
- // param_name is a single object identifier like "file",
- // $_FILES is a one-dimensional array:
- $files[] = $this->handle_file_upload(
- isset($upload['tmp_name']) ? $upload['tmp_name'] : null,
- $file_name ? $file_name : (isset($upload['name']) ?
- $upload['name'] : null),
- $size ? $size : (isset($upload['size']) ?
- $upload['size'] : $this->get_server_var('CONTENT_LENGTH')),
- isset($upload['type']) ?
- $upload['type'] : $this->get_server_var('CONTENT_TYPE'),
- isset($upload['error']) ? $upload['error'] : null,
- null,
- $content_range
- );
}
- return $this->generate_response(
- array($this->options['param_name'] => $files),
- $print_response
- );
+ $response = array($this->options['param_name'] => $files);
+ return $this->generate_response($response, $print_response);
}
public function delete($print_response = true) {
@@ -1322,11 +1368,11 @@ class UploadHandler
$file_names = array($this->get_file_name_param());
}
$response = array();
- foreach($file_names as $file_name) {
+ foreach ($file_names as $file_name) {
$file_path = $this->get_upload_path($file_name);
$success = is_file($file_path) && $file_name[0] !== '.' && unlink($file_path);
if ($success) {
- foreach($this->options['image_versions'] as $version => $options) {
+ foreach ($this->options['image_versions'] as $version => $options) {
if (!empty($version)) {
$file = $this->get_upload_path($file_name, $version);
if (is_file($file)) {
@@ -1340,4 +1386,8 @@ class UploadHandler
return $this->generate_response($response, $print_response);
}
+ protected function basename($filepath, $suffix = null) {
+ $splited = preg_split('/\//', rtrim ($filepath, '/ '));
+ return substr(basename('X'.$splited[count($splited)-1], $suffix), 1);
+ }
}
diff --git a/library/blueimp_upload/server/php/docker-compose.yml b/library/blueimp_upload/server/php/docker-compose.yml
new file mode 100644
index 000000000..691ea9caa
--- /dev/null
+++ b/library/blueimp_upload/server/php/docker-compose.yml
@@ -0,0 +1,6 @@
+apache:
+ build: ./
+ ports:
+ - "80:80"
+ volumes:
+ - "../../:/var/www/html"
diff --git a/library/blueimp_upload/server/php/files/.htaccess b/library/blueimp_upload/server/php/files/.htaccess
index 56689f0bb..6f454afb9 100644
--- a/library/blueimp_upload/server/php/files/.htaccess
+++ b/library/blueimp_upload/server/php/files/.htaccess
@@ -1,8 +1,16 @@
-# The following directives force the content-type application/octet-stream
-# and force browsers to display a download dialog for non-image files.
-# This prevents the execution of script files in the context of the website:
+# To enable the Headers module, execute the following command and reload Apache:
+# sudo a2enmod headers
+
+# The following directives prevent the execution of script files
+# in the context of the website.
+# They also force the content-type application/octet-stream and
+# force browsers to display a download dialog for non-image files.
+SetHandler default-handler
ForceType application/octet-stream
Header set Content-Disposition attachment
+
+# The following unsets the forced type and Content-Disposition headers
+# for known image files:
<FilesMatch "(?i)\.(gif|jpe?g|png)$">
ForceType none
Header unset Content-Disposition
diff --git a/library/blueimp_upload/server/php/index.php b/library/blueimp_upload/server/php/index.php
index 3ae1295ef..6caabb710 100644
--- a/library/blueimp_upload/server/php/index.php
+++ b/library/blueimp_upload/server/php/index.php
@@ -1,13 +1,13 @@
<?php
/*
- * jQuery File Upload Plugin PHP Example 5.14
+ * jQuery File Upload Plugin PHP Example
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2010, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
+ * https://opensource.org/licenses/MIT
*/
error_reporting(E_ALL | E_STRICT);
diff --git a/library/blueimp_upload/test/index.html b/library/blueimp_upload/test/index.html
index a04e53433..4a9a6f328 100644
--- a/library/blueimp_upload/test/index.html
+++ b/library/blueimp_upload/test/index.html
@@ -1,14 +1,14 @@
<!DOCTYPE HTML>
<!--
/*
- * jQuery File Upload Plugin Test 9.1.0
+ * jQuery File Upload Plugin Test
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2010, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
+ * https://opensource.org/licenses/MIT
*/
-->
<html lang="en">
@@ -20,7 +20,7 @@
<meta charset="utf-8">
<title>jQuery File Upload Plugin Test</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
-<link rel="stylesheet" href="http://codeorigin.jquery.com/qunit/qunit-1.14.0.css">
+<link rel="stylesheet" href="//codeorigin.jquery.com/qunit/qunit-1.14.0.css">
</head>
<body>
<h1 id="qunit-header">jQuery File Upload Plugin Test</h1>
@@ -36,20 +36,20 @@
<div class="col-lg-7">
<!-- The fileinput-button span is used to style the file input field as button -->
<span class="btn btn-success fileinput-button">
- <i class="fa-plus fa fa-inverse"></i>
+ <i class="icon-plus icon-white"></i>
<span>Add files...</span>
<input type="file" name="files[]" multiple>
</span>
<button type="submit" class="btn btn-primary start">
- <i class="fa-arrow-circle-o-up fa fa-inverse"></i>
+ <i class="icon-upload icon-white"></i>
<span>Start upload</span>
</button>
<button type="reset" class="btn btn-warning cancel">
- <i class="fa-ban fa fa-inverse"></i>
+ <i class="icon-ban-circle icon-white"></i>
<span>Cancel upload</span>
</button>
<button type="button" class="btn btn-danger delete">
- <i class="fa-trash-o fa fa-inverse"></i>
+ <i class="icon-trash icon-white"></i>
<span>Delete</span>
</button>
<input type="checkbox" class="toggle">
@@ -168,5 +168,5 @@ window.testUIWidget = $.blueimp.fileupload;
</script>
<script src="//code.jquery.com/qunit/qunit-1.15.0.js"></script>
<script src="test.js"></script>
-</body>
+</body>
</html>
diff --git a/library/blueimp_upload/test/test.js b/library/blueimp_upload/test/test.js
index 72d08d99e..452127567 100644
--- a/library/blueimp_upload/test/test.js
+++ b/library/blueimp_upload/test/test.js
@@ -1,12 +1,12 @@
/*
- * jQuery File Upload Plugin Test 9.4.0
+ * jQuery File Upload Plugin Test
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2010, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
+ * https://opensource.org/licenses/MIT
*/
/* global $, QUnit, window, document, expect, module, test, asyncTest, start, ok, strictEqual, notStrictEqual */
@@ -83,7 +83,7 @@ $(function () {
});
test('Paste zone initialization', function () {
- ok($('#fileupload').fileupload()
+ ok($('#fileupload').fileupload({pasteZone: document})
.fileupload('option', 'pasteZone').length);
});
@@ -98,6 +98,7 @@ $(function () {
}
},
fu = $('#fileupload').fileupload({
+ pasteZone: document,
dragover: function () {
ok(true, 'Triggers dragover callback');
return false;
@@ -135,6 +136,7 @@ $(function () {
}
},
options = {
+ pasteZone: document,
dragover: function () {
ok(true, 'Triggers dragover callback');
return false;
@@ -178,6 +180,7 @@ $(function () {
}
},
fu = $('#fileupload').fileupload({
+ pasteZone: document,
dragover: function () {
ok(true, 'Triggers dragover callback');
return false;
@@ -221,6 +224,7 @@ $(function () {
}
},
fu = $('#fileupload').fileupload({
+ pasteZone: document,
dragover: function () {
ok(true, 'Triggers dragover callback');
return false;
diff --git a/library/oauth2/.gitignore b/library/oauth2/.gitignore
deleted file mode 100644
index c43a667d4..000000000
--- a/library/oauth2/.gitignore
+++ /dev/null
@@ -1,5 +0,0 @@
-# Test Files #
-test/config/test.sqlite
-vendor
-composer.lock
-.idea
diff --git a/library/oauth2/.travis.yml b/library/oauth2/.travis.yml
deleted file mode 100644
index dd4aae4a6..000000000
--- a/library/oauth2/.travis.yml
+++ /dev/null
@@ -1,30 +0,0 @@
-language: php
-sudo: false
-cache:
- directories:
- - $HOME/.composer/cache
- - vendor
-php:
-- 5.3
-- 5.4
-- 5.5
-- 5.6
-- 7
-- hhvm
-env:
- global:
- - SKIP_MONGO_TESTS=1
- - secure: Bc5ZqvZ1YYpoPZNNuU2eCB8DS6vBYrAdfBtTenBs5NSxzb+Vjven4kWakbzaMvZjb/Ib7Uph7DGuOtJXpmxnvBXPLd707LZ89oFWN/yqQlZKCcm8iErvJCB5XL+/ONHj2iPdR242HJweMcat6bMCwbVWoNDidjtWMH0U2mYFy3M=
- - secure: R3bXlymyFiY2k2jf7+fv/J8i34wtXTkmD4mCr5Ps/U+vn9axm2VtvR2Nj+r7LbRjn61gzFE/xIVjYft/wOyBOYwysrfriydrnRVS0owh6y+7EyOyQWbRX11vVQMf8o31QCQE5BY58V5AJZW3MjoOL0FVlTgySJiJvdw6Pv18v+E=
-services:
-- mongodb
-- redis-server
-- cassandra
-before_install:
-- phpenv config-rm xdebug.ini || return 0
-install:
-- composer install --no-interaction
-before_script:
-- psql -c 'create database oauth2_server_php;' -U postgres
-after_script:
-- php test/cleanup.php
diff --git a/library/oauth2/CHANGELOG.md b/library/oauth2/CHANGELOG.md
deleted file mode 100644
index 03d925e06..000000000
--- a/library/oauth2/CHANGELOG.md
+++ /dev/null
@@ -1,152 +0,0 @@
-CHANGELOG for 1.x
-=================
-
-This changelog references the relevant changes (bug and security fixes) done
-in 1.x minor versions.
-
-To see the files changed for a given bug, go to https://github.com/bshaffer/oauth2-server-php/issues/### where ### is the bug number
-To get the diff between two versions, go to https://github.com/bshaffer/oauth2-server-php/compare/v1.0...v1.1
-To get the diff for a specific change, go to https://github.com/bshaffer/oauth2-server-php/commit/XXX where XXX is the change hash
-
-* 1.8.0 (2015-09-18)
-
- PR: https://github.com/bshaffer/oauth2-server-php/pull/643
-
- * bug #594 - adds jti
- * bug #598 - fixes lifetime configurations for JWTs
- * bug #634 - fixes travis builds, upgrade to containers
- * bug #586 - support for revoking tokens
- * bug #636 - Adds FirebaseJWT bridge
- * bug #639 - Mongo HHVM compatibility
-
-* 1.7.0 (2015-04-23)
-
- PR: https://github.com/bshaffer/oauth2-server-php/pull/572
-
- * bug #500 - PDO fetch mode changed from FETCH_BOTH to FETCH_ASSOC
- * bug #508 - Case insensitive for Bearer token header name ba716d4
- * bug #512 - validateRedirectUri is now public
- * bug #530 - Add PublicKeyInterface, UserClaimsInterface to Cassandra Storage
- * bug #505 - DynamoDB storage fixes
- * bug #556 - adds "code id_token" return type to openid connect
- * bug #563 - Include "issuer" config key for JwtAccessToken
- * bug #564 - Fixes JWT vulnerability
- * bug #571 - Added unset_refresh_token_after_use option
-
-* 1.6 (2015-01-16)
-
- PR: https://github.com/bshaffer/oauth2-server-php/pull/496
-
- * bug 437 - renames CryptoToken to JwtAccessToken / use_crypto_tokens to use_jwt_access_tokens
- * bug 447 - Adds a Couchbase storage implementation
- * bug 460 - Rename JWT claims to match spec
- * bug 470 - order does not matter for multi-valued response types
- * bug 471 - Make validateAuthorizeRequest available for POST in addition to GET
- * bug 475 - Adds JTI table definitiion
- * bug 481 - better randomness for generating access tokens
- * bug 480 - Use hash_equals() for signature verification (prevents remote timing attacks)
- * bugs 489, 491, 498 - misc other fixes
-
-* 1.5 (2014-08-27)
-
- PR: https://github.com/bshaffer/oauth2-server-php/pull/446
-
- * bug #399 - Add DynamoDB Support
- * bug #404 - renamed error name for malformed/expired tokens
- * bug #412 - Openid connect: fixes for claims with more than one scope / Add support for the prompt parameter ('consent' and 'none')
- * bug #411 - fixes xml output
- * bug #413 - fixes invalid format error
- * bug #401 - fixes code standards / whitespace
- * bug #354 - bundles PDO SQL with the library
- * [BC] bug #397 - refresh tokens should not be encrypted
- * bug #423 - makes "scope" optional for refresh token storage
-
-* 1.4 (2014-06-12)
-
- PR: https://github.com/bshaffer/oauth2-server-php/pull/392
-
- * bug #189 Storage\PDO - allows DSN string in constructor
- * bug #233 Bearer Tokens - allows token in request body for PUT requests
- * bug #346 Fixes open_basedir warning
- * bug #351 Adds OpenID Connect support
- * bug #355 Adds php 5.6 and HHVM to travis.ci testing
- * [BC] bug #358 Adds `getQuerystringIdentifier()` to the GrantType interface
- * bug #363 Encryption\JWT - Allows for subclassing JWT Headers
- * bug #349 Bearer Tokens - adds requestHasToken method for when access tokens are optional
- * bug #301 Encryption\JWT - fixes urlSafeB64Encode(): ensures newlines are replaced as expected
- * bug #323 ResourceController - client_id is no longer required to be returned when calling getAccessToken
- * bug #367 Storage\PDO - adds Postgres support
- * bug #368 Access Tokens - use mcrypt_create_iv or openssl_random_pseudo_bytes to create token string
- * bug #376 Request - allows case insensitive headers
- * bug #384 Storage\PDO - can pass in PDO options in constructor of PDO storage
- * misc fixes #361, #292, #373, #374, #379, #396
-* 1.3 (2014-02-27)
-
- PR: https://github.com/bshaffer/oauth2-server-php/pull/325
-
- * bug #311 adds cassandra storage
- * bug #298 fixes response code for user credentials grant type
- * bug #318 adds 'use_crypto_tokens' config to Server class for better DX
- * [BC] bug #320 pass client_id to getDefaultScope
- * bug #324 better feedback when running tests
- * bug #335 adds support for non-expiring refresh tokens
- * bug #333 fixes Pdo storage for getClientKey
- * bug #336 fixes Redis storage for expireAuthorizationCode
-
-* 1.2 (2014-01-03)
-
- PR: https://github.com/bshaffer/oauth2-server-php/pull/288
-
- * bug #285 changed response header from 200 to 401 when empty token received
- * bug #286 adds documentation and links to spec for not including error messages when no token is supplied
- * bug #280 ensures PHP warnings do not get thrown as a result of an invalid argument to $jwt->decode()
- * bug #279 predis wrong number of arguments
- * bug #277 Securing JS WebApp client secret w/ password grant type
-
-* 1.1 (2013-12-17)
-
- PR: https://github.com/bshaffer/oauth2-server-php/pull/276
-
- * bug #278 adds refresh token configuration to Server class
- * bug #274 Supplying a null client_id and client_secret grants API access
- * bug #244 [MongoStorage] More detailed implementation info
- * bug #268 Implement jti for JWT Bearer tokens to prevent replay attacks.
- * bug #266 Removing unused argument to getAccessTokenData
- * bug #247 Make Bearer token type consistent
- * bug #253 Fixing CryptoToken refresh token lifetime
- * bug #246 refactors public key logic to be more intuitive
- * bug #245 adds support for JSON crypto tokens
- * bug #230 Remove unused columns in oauth_clients
- * bug #215 makes Redis Scope Storage obey the same paradigm as PDO
- * bug #228 removes scope group
- * bug #227 squelches open basedir restriction error
- * bug #223 Updated docblocks for RefreshTokenInterface.php
- * bug #224 Adds protected properties
- * bug #217 Implement ScopeInterface for PDO, Redis
-
-* 1.0 (2013-08-12)
-
- * bug #203 Add redirect\_status_code config param for AuthorizeController
- * bug #205 ensures unnecessary ? is not set when ** bug
- * bug #204 Fixed call to LogicException
- * bug #202 Add explode to checkRestrictedGrant in PDO Storage
- * bug #197 adds support for 'false' default scope ** bug
- * bug #192 reference errors and adds tests
- * bug #194 makes some appropriate properties ** bug
- * bug #191 passes config to HttpBasic
- * bug #190 validates client credentials before ** bug
- * bug #171 Fix wrong redirect following authorization step
- * bug #187 client_id is now passed to getDefaultScope().
- * bug #176 Require refresh_token in getRefreshToken response
- * bug #174 make user\_id not required for refresh_token grant
- * bug #173 Duplication in JwtBearer Grant
- * bug #168 user\_id not required for authorization_code grant
- * bug #133 hardens default security for user object
- * bug #163 allows redirect\_uri on authorization_code to be NULL in docs example
- * bug #162 adds getToken on ResourceController for convenience
- * bug #161 fixes fatal error
- * bug #163 Invalid redirect_uri handling
- * bug #156 user\_id in OAuth2\_Storage_AuthorizationCodeInterface::getAuthorizationCode() response
- * bug #157 Fix for extending access and refresh tokens
- * bug #154 ResponseInterface: getParameter method is used in the library but not defined in the interface
- * bug #148 Add more detail to examples in Readme.md
diff --git a/library/oauth2/LICENSE b/library/oauth2/LICENSE
deleted file mode 100644
index d7ece8467..000000000
--- a/library/oauth2/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-The MIT License
-
-Copyright (c) 2014 Brent Shaffer
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
diff --git a/library/oauth2/README.md b/library/oauth2/README.md
deleted file mode 100644
index 4ceda6cf9..000000000
--- a/library/oauth2/README.md
+++ /dev/null
@@ -1,8 +0,0 @@
-oauth2-server-php
-=================
-
-[![Build Status](https://travis-ci.org/bshaffer/oauth2-server-php.svg?branch=develop)](https://travis-ci.org/bshaffer/oauth2-server-php)
-
-[![Total Downloads](https://poser.pugx.org/bshaffer/oauth2-server-php/downloads.png)](https://packagist.org/packages/bshaffer/oauth2-server-php)
-
-View the [complete documentation](http://bshaffer.github.io/oauth2-server-php-docs/) \ No newline at end of file
diff --git a/library/oauth2/phpunit.xml b/library/oauth2/phpunit.xml
deleted file mode 100644
index e36403f0a..000000000
--- a/library/oauth2/phpunit.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<phpunit backupGlobals="false"
- backupStaticAttributes="false"
- colors="true"
- convertErrorsToExceptions="true"
- convertNoticesToExceptions="true"
- convertWarningsToExceptions="true"
- processIsolation="false"
- stopOnFailure="false"
- syntaxCheck="false"
- bootstrap="test/bootstrap.php"
->
- <testsuites>
- <testsuite name="Oauth2 Test Suite">
- <directory>./test/OAuth2/</directory>
- </testsuite>
- </testsuites>
-
- <filter>
- <whitelist>
- <directory suffix=".php">./src/OAuth2/</directory>
- </whitelist>
- </filter>
-</phpunit>
diff --git a/library/oauth2/src/OAuth2/Autoloader.php b/library/oauth2/src/OAuth2/Autoloader.php
deleted file mode 100644
index ecfb6ba75..000000000
--- a/library/oauth2/src/OAuth2/Autoloader.php
+++ /dev/null
@@ -1,48 +0,0 @@
-<?php
-
-namespace OAuth2;
-
-/**
- * Autoloads OAuth2 classes
- *
- * @author Brent Shaffer <bshafs at gmail dot com>
- * @license MIT License
- */
-class Autoloader
-{
- private $dir;
-
- public function __construct($dir = null)
- {
- if (is_null($dir)) {
- $dir = dirname(__FILE__).'/..';
- }
- $this->dir = $dir;
- }
- /**
- * Registers OAuth2\Autoloader as an SPL autoloader.
- */
- public static function register($dir = null)
- {
- ini_set('unserialize_callback_func', 'spl_autoload_call');
- spl_autoload_register(array(new self($dir), 'autoload'));
- }
-
- /**
- * Handles autoloading of classes.
- *
- * @param string $class A class name.
- *
- * @return boolean Returns true if the class has been loaded
- */
- public function autoload($class)
- {
- if (0 !== strpos($class, 'OAuth2')) {
- return;
- }
-
- if (file_exists($file = $this->dir.'/'.str_replace('\\', '/', $class).'.php')) {
- require $file;
- }
- }
-}
diff --git a/library/oauth2/src/OAuth2/ClientAssertionType/ClientAssertionTypeInterface.php b/library/oauth2/src/OAuth2/ClientAssertionType/ClientAssertionTypeInterface.php
deleted file mode 100644
index 29c7171b5..000000000
--- a/library/oauth2/src/OAuth2/ClientAssertionType/ClientAssertionTypeInterface.php
+++ /dev/null
@@ -1,15 +0,0 @@
-<?php
-
-namespace OAuth2\ClientAssertionType;
-
-use OAuth2\RequestInterface;
-use OAuth2\ResponseInterface;
-
-/**
- * Interface for all OAuth2 Client Assertion Types
- */
-interface ClientAssertionTypeInterface
-{
- public function validateRequest(RequestInterface $request, ResponseInterface $response);
- public function getClientId();
-}
diff --git a/library/oauth2/src/OAuth2/ClientAssertionType/HttpBasic.php b/library/oauth2/src/OAuth2/ClientAssertionType/HttpBasic.php
deleted file mode 100644
index 0ecb7e18d..000000000
--- a/library/oauth2/src/OAuth2/ClientAssertionType/HttpBasic.php
+++ /dev/null
@@ -1,123 +0,0 @@
-<?php
-
-namespace OAuth2\ClientAssertionType;
-
-use OAuth2\Storage\ClientCredentialsInterface;
-use OAuth2\RequestInterface;
-use OAuth2\ResponseInterface;
-
-/**
- * Validate a client via Http Basic authentication
- *
- * @author Brent Shaffer <bshafs at gmail dot com>
- */
-class HttpBasic implements ClientAssertionTypeInterface
-{
- private $clientData;
-
- protected $storage;
- protected $config;
-
- /**
- * @param OAuth2\Storage\ClientCredentialsInterface $clientStorage REQUIRED Storage class for retrieving client credentials information
- * @param array $config OPTIONAL Configuration options for the server
- * <code>
- * $config = array(
- * 'allow_credentials_in_request_body' => true, // whether to look for credentials in the POST body in addition to the Authorize HTTP Header
- * 'allow_public_clients' => true // if true, "public clients" (clients without a secret) may be authenticated
- * );
- * </code>
- */
- public function __construct(ClientCredentialsInterface $storage, array $config = array())
- {
- $this->storage = $storage;
- $this->config = array_merge(array(
- 'allow_credentials_in_request_body' => true,
- 'allow_public_clients' => true,
- ), $config);
- }
-
- public function validateRequest(RequestInterface $request, ResponseInterface $response)
- {
- if (!$clientData = $this->getClientCredentials($request, $response)) {
- return false;
- }
-
- if (!isset($clientData['client_id'])) {
- throw new \LogicException('the clientData array must have "client_id" set');
- }
-
- if (!isset($clientData['client_secret']) || $clientData['client_secret'] == '') {
- if (!$this->config['allow_public_clients']) {
- $response->setError(400, 'invalid_client', 'client credentials are required');
-
- return false;
- }
-
- if (!$this->storage->isPublicClient($clientData['client_id'])) {
- $response->setError(400, 'invalid_client', 'This client is invalid or must authenticate using a client secret');
-
- return false;
- }
- } elseif ($this->storage->checkClientCredentials($clientData['client_id'], $clientData['client_secret']) === false) {
- $response->setError(400, 'invalid_client', 'The client credentials are invalid');
-
- return false;
- }
-
- $this->clientData = $clientData;
-
- return true;
- }
-
- public function getClientId()
- {
- return $this->clientData['client_id'];
- }
-
- /**
- * Internal function used to get the client credentials from HTTP basic
- * auth or POST data.
- *
- * According to the spec (draft 20), the client_id can be provided in
- * the Basic Authorization header (recommended) or via GET/POST.
- *
- * @return
- * A list containing the client identifier and password, for example
- * @code
- * return array(
- * "client_id" => CLIENT_ID, // REQUIRED the client id
- * "client_secret" => CLIENT_SECRET, // OPTIONAL the client secret (may be omitted for public clients)
- * );
- * @endcode
- *
- * @see http://tools.ietf.org/html/rfc6749#section-2.3.1
- *
- * @ingroup oauth2_section_2
- */
- public function getClientCredentials(RequestInterface $request, ResponseInterface $response = null)
- {
- if (!is_null($request->headers('PHP_AUTH_USER')) && !is_null($request->headers('PHP_AUTH_PW'))) {
- return array('client_id' => $request->headers('PHP_AUTH_USER'), 'client_secret' => $request->headers('PHP_AUTH_PW'));
- }
-
- if ($this->config['allow_credentials_in_request_body']) {
- // Using POST for HttpBasic authorization is not recommended, but is supported by specification
- if (!is_null($request->request('client_id'))) {
- /**
- * client_secret can be null if the client's password is an empty string
- * @see http://tools.ietf.org/html/rfc6749#section-2.3.1
- */
-
- return array('client_id' => $request->request('client_id'), 'client_secret' => $request->request('client_secret'));
- }
- }
-
- if ($response) {
- $message = $this->config['allow_credentials_in_request_body'] ? ' or body' : '';
- $response->setError(400, 'invalid_client', 'Client credentials were not found in the headers'.$message);
- }
-
- return null;
- }
-}
diff --git a/library/oauth2/src/OAuth2/Controller/AuthorizeController.php b/library/oauth2/src/OAuth2/Controller/AuthorizeController.php
deleted file mode 100644
index a9a722587..000000000
--- a/library/oauth2/src/OAuth2/Controller/AuthorizeController.php
+++ /dev/null
@@ -1,388 +0,0 @@
-<?php
-
-namespace OAuth2\Controller;
-
-use OAuth2\Storage\ClientInterface;
-use OAuth2\ScopeInterface;
-use OAuth2\RequestInterface;
-use OAuth2\ResponseInterface;
-use OAuth2\Scope;
-
-/**
- * @see OAuth2\Controller\AuthorizeControllerInterface
- */
-class AuthorizeController implements AuthorizeControllerInterface
-{
- private $scope;
- private $state;
- private $client_id;
- private $redirect_uri;
- private $response_type;
-
- protected $clientStorage;
- protected $responseTypes;
- protected $config;
- protected $scopeUtil;
-
- /**
- * @param OAuth2\Storage\ClientInterface $clientStorage REQUIRED Instance of OAuth2\Storage\ClientInterface to retrieve client information
- * @param array $responseTypes OPTIONAL Array of OAuth2\ResponseType\ResponseTypeInterface objects. Valid array
- * keys are "code" and "token"
- * @param array $config OPTIONAL Configuration options for the server
- * <code>
- * $config = array(
- * 'allow_implicit' => false, // if the controller should allow the "implicit" grant type
- * 'enforce_state' => true // if the controller should require the "state" parameter
- * 'require_exact_redirect_uri' => true, // if the controller should require an exact match on the "redirect_uri" parameter
- * 'redirect_status_code' => 302, // HTTP status code to use for redirect responses
- * );
- * </code>
- * @param OAuth2\ScopeInterface $scopeUtil OPTIONAL Instance of OAuth2\ScopeInterface to validate the requested scope
- */
- public function __construct(ClientInterface $clientStorage, array $responseTypes = array(), array $config = array(), ScopeInterface $scopeUtil = null)
- {
- $this->clientStorage = $clientStorage;
- $this->responseTypes = $responseTypes;
- $this->config = array_merge(array(
- 'allow_implicit' => false,
- 'enforce_state' => true,
- 'require_exact_redirect_uri' => true,
- 'redirect_status_code' => 302,
- ), $config);
-
- if (is_null($scopeUtil)) {
- $scopeUtil = new Scope();
- }
- $this->scopeUtil = $scopeUtil;
- }
-
- public function handleAuthorizeRequest(RequestInterface $request, ResponseInterface $response, $is_authorized, $user_id = null)
- {
- if (!is_bool($is_authorized)) {
- throw new \InvalidArgumentException('Argument "is_authorized" must be a boolean. This method must know if the user has granted access to the client.');
- }
-
- // We repeat this, because we need to re-validate. The request could be POSTed
- // by a 3rd-party (because we are not internally enforcing NONCEs, etc)
- if (!$this->validateAuthorizeRequest($request, $response)) {
- return;
- }
-
- // If no redirect_uri is passed in the request, use client's registered one
- if (empty($this->redirect_uri)) {
- $clientData = $this->clientStorage->getClientDetails($this->client_id);
- $registered_redirect_uri = $clientData['redirect_uri'];
- }
-
- // the user declined access to the client's application
- if ($is_authorized === false) {
- $redirect_uri = $this->redirect_uri ?: $registered_redirect_uri;
- $this->setNotAuthorizedResponse($request, $response, $redirect_uri, $user_id);
-
- return;
- }
-
- // build the parameters to set in the redirect URI
- if (!$params = $this->buildAuthorizeParameters($request, $response, $user_id)) {
- return;
- }
-
- $authResult = $this->responseTypes[$this->response_type]->getAuthorizeResponse($params, $user_id);
-
- list($redirect_uri, $uri_params) = $authResult;
-
- if (empty($redirect_uri) && !empty($registered_redirect_uri)) {
- $redirect_uri = $registered_redirect_uri;
- }
-
- $uri = $this->buildUri($redirect_uri, $uri_params);
-
- // return redirect response
- $response->setRedirect($this->config['redirect_status_code'], $uri);
- }
-
- protected function setNotAuthorizedResponse(RequestInterface $request, ResponseInterface $response, $redirect_uri, $user_id = null)
- {
- $error = 'access_denied';
- $error_message = 'The user denied access to your application';
- $response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $this->state, $error, $error_message);
- }
-
- /*
- * We have made this protected so this class can be extended to add/modify
- * these parameters
- */
- protected function buildAuthorizeParameters($request, $response, $user_id)
- {
- // @TODO: we should be explicit with this in the future
- $params = array(
- 'scope' => $this->scope,
- 'state' => $this->state,
- 'client_id' => $this->client_id,
- 'redirect_uri' => $this->redirect_uri,
- 'response_type' => $this->response_type,
- );
-
- return $params;
- }
-
- public function validateAuthorizeRequest(RequestInterface $request, ResponseInterface $response)
- {
- // Make sure a valid client id was supplied (we can not redirect because we were unable to verify the URI)
- if (!$client_id = $request->query('client_id', $request->request('client_id'))) {
- // We don't have a good URI to use
- $response->setError(400, 'invalid_client', "No client id supplied");
-
- return false;
- }
-
- // Get client details
- if (!$clientData = $this->clientStorage->getClientDetails($client_id)) {
- $response->setError(400, 'invalid_client', 'The client id supplied is invalid');
-
- return false;
- }
-
- $registered_redirect_uri = isset($clientData['redirect_uri']) ? $clientData['redirect_uri'] : '';
-
- // Make sure a valid redirect_uri was supplied. If specified, it must match the clientData URI.
- // @see http://tools.ietf.org/html/rfc6749#section-3.1.2
- // @see http://tools.ietf.org/html/rfc6749#section-4.1.2.1
- // @see http://tools.ietf.org/html/rfc6749#section-4.2.2.1
- if ($supplied_redirect_uri = $request->query('redirect_uri', $request->request('redirect_uri'))) {
- // validate there is no fragment supplied
- $parts = parse_url($supplied_redirect_uri);
- if (isset($parts['fragment']) && $parts['fragment']) {
- $response->setError(400, 'invalid_uri', 'The redirect URI must not contain a fragment');
-
- return false;
- }
-
- // validate against the registered redirect uri(s) if available
- if ($registered_redirect_uri && !$this->validateRedirectUri($supplied_redirect_uri, $registered_redirect_uri)) {
- $response->setError(400, 'redirect_uri_mismatch', 'The redirect URI provided is missing or does not match', '#section-3.1.2');
-
- return false;
- }
- $redirect_uri = $supplied_redirect_uri;
- } else {
- // use the registered redirect_uri if none has been supplied, if possible
- if (!$registered_redirect_uri) {
- $response->setError(400, 'invalid_uri', 'No redirect URI was supplied or stored');
-
- return false;
- }
-
- if (count(explode(' ', $registered_redirect_uri)) > 1) {
- $response->setError(400, 'invalid_uri', 'A redirect URI must be supplied when multiple redirect URIs are registered', '#section-3.1.2.3');
-
- return false;
- }
- $redirect_uri = $registered_redirect_uri;
- }
-
- // Select the redirect URI
- $response_type = $request->query('response_type', $request->request('response_type'));
-
- // for multiple-valued response types - make them alphabetical
- if (false !== strpos($response_type, ' ')) {
- $types = explode(' ', $response_type);
- sort($types);
- $response_type = ltrim(implode(' ', $types));
- }
-
- $state = $request->query('state', $request->request('state'));
-
- // type and client_id are required
- if (!$response_type || !in_array($response_type, $this->getValidResponseTypes())) {
- $response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $state, 'invalid_request', 'Invalid or missing response type', null);
-
- return false;
- }
-
- if ($response_type == self::RESPONSE_TYPE_AUTHORIZATION_CODE) {
- if (!isset($this->responseTypes['code'])) {
- $response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $state, 'unsupported_response_type', 'authorization code grant type not supported', null);
-
- return false;
- }
- if (!$this->clientStorage->checkRestrictedGrantType($client_id, 'authorization_code')) {
- $response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $state, 'unauthorized_client', 'The grant type is unauthorized for this client_id', null);
-
- return false;
- }
- if ($this->responseTypes['code']->enforceRedirect() && !$redirect_uri) {
- $response->setError(400, 'redirect_uri_mismatch', 'The redirect URI is mandatory and was not supplied');
-
- return false;
- }
- } else {
- if (!$this->config['allow_implicit']) {
- $response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $state, 'unsupported_response_type', 'implicit grant type not supported', null);
-
- return false;
- }
- if (!$this->clientStorage->checkRestrictedGrantType($client_id, 'implicit')) {
- $response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $state, 'unauthorized_client', 'The grant type is unauthorized for this client_id', null);
-
- return false;
- }
- }
-
- // validate requested scope if it exists
- $requestedScope = $this->scopeUtil->getScopeFromRequest($request);
-
- if ($requestedScope) {
- // restrict scope by client specific scope if applicable,
- // otherwise verify the scope exists
- $clientScope = $this->clientStorage->getClientScope($client_id);
- if ((empty($clientScope) && !$this->scopeUtil->scopeExists($requestedScope))
- || (!empty($clientScope) && !$this->scopeUtil->checkScope($requestedScope, $clientScope))) {
- $response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $state, 'invalid_scope', 'An unsupported scope was requested', null);
-
- return false;
- }
- } else {
- // use a globally-defined default scope
- $defaultScope = $this->scopeUtil->getDefaultScope($client_id);
-
- if (false === $defaultScope) {
- $response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $state, 'invalid_client', 'This application requires you specify a scope parameter', null);
-
- return false;
- }
-
- $requestedScope = $defaultScope;
- }
-
- // Validate state parameter exists (if configured to enforce this)
- if ($this->config['enforce_state'] && !$state) {
- $response->setRedirect($this->config['redirect_status_code'], $redirect_uri, null, 'invalid_request', 'The state parameter is required');
-
- return false;
- }
-
- // save the input data and return true
- $this->scope = $requestedScope;
- $this->state = $state;
- $this->client_id = $client_id;
- // Only save the SUPPLIED redirect URI (@see http://tools.ietf.org/html/rfc6749#section-4.1.3)
- $this->redirect_uri = $supplied_redirect_uri;
- $this->response_type = $response_type;
-
- return true;
- }
-
- /**
- * Build the absolute URI based on supplied URI and parameters.
- *
- * @param $uri An absolute URI.
- * @param $params Parameters to be append as GET.
- *
- * @return
- * An absolute URI with supplied parameters.
- *
- * @ingroup oauth2_section_4
- */
- private function buildUri($uri, $params)
- {
- $parse_url = parse_url($uri);
-
- // Add our params to the parsed uri
- foreach ($params as $k => $v) {
- if (isset($parse_url[$k])) {
- $parse_url[$k] .= "&" . http_build_query($v, '', '&');
- } else {
- $parse_url[$k] = http_build_query($v, '', '&');
- }
- }
-
- // Put humpty dumpty back together
- return
- ((isset($parse_url["scheme"])) ? $parse_url["scheme"] . "://" : "")
- . ((isset($parse_url["user"])) ? $parse_url["user"]
- . ((isset($parse_url["pass"])) ? ":" . $parse_url["pass"] : "") . "@" : "")
- . ((isset($parse_url["host"])) ? $parse_url["host"] : "")
- . ((isset($parse_url["port"])) ? ":" . $parse_url["port"] : "")
- . ((isset($parse_url["path"])) ? $parse_url["path"] : "")
- . ((isset($parse_url["query"]) && !empty($parse_url['query'])) ? "?" . $parse_url["query"] : "")
- . ((isset($parse_url["fragment"])) ? "#" . $parse_url["fragment"] : "")
- ;
- }
-
- protected function getValidResponseTypes()
- {
- return array(
- self::RESPONSE_TYPE_ACCESS_TOKEN,
- self::RESPONSE_TYPE_AUTHORIZATION_CODE,
- );
- }
-
- /**
- * Internal method for validating redirect URI supplied
- *
- * @param string $inputUri The submitted URI to be validated
- * @param string $registeredUriString The allowed URI(s) to validate against. Can be a space-delimited string of URIs to
- * allow for multiple URIs
- *
- * @see http://tools.ietf.org/html/rfc6749#section-3.1.2
- */
- protected function validateRedirectUri($inputUri, $registeredUriString)
- {
- if (!$inputUri || !$registeredUriString) {
- return false; // if either one is missing, assume INVALID
- }
-
- $registered_uris = explode(' ', $registeredUriString);
- foreach ($registered_uris as $registered_uri) {
- if ($this->config['require_exact_redirect_uri']) {
- // the input uri is validated against the registered uri using exact match
- if (strcmp($inputUri, $registered_uri) === 0) {
- return true;
- }
- } else {
- $registered_uri_length = strlen($registered_uri);
- if ($registered_uri_length === 0) {
- return false;
- }
-
- // the input uri is validated against the registered uri using case-insensitive match of the initial string
- // i.e. additional query parameters may be applied
- if (strcasecmp(substr($inputUri, 0, $registered_uri_length), $registered_uri) === 0) {
- return true;
- }
- }
- }
-
- return false;
- }
-
- /**
- * Convenience methods to access the parameters derived from the validated request
- */
-
- public function getScope()
- {
- return $this->scope;
- }
-
- public function getState()
- {
- return $this->state;
- }
-
- public function getClientId()
- {
- return $this->client_id;
- }
-
- public function getRedirectUri()
- {
- return $this->redirect_uri;
- }
-
- public function getResponseType()
- {
- return $this->response_type;
- }
-}
diff --git a/library/oauth2/src/OAuth2/Controller/AuthorizeControllerInterface.php b/library/oauth2/src/OAuth2/Controller/AuthorizeControllerInterface.php
deleted file mode 100644
index fa07ae8d2..000000000
--- a/library/oauth2/src/OAuth2/Controller/AuthorizeControllerInterface.php
+++ /dev/null
@@ -1,43 +0,0 @@
-<?php
-
-namespace OAuth2\Controller;
-
-use OAuth2\RequestInterface;
-use OAuth2\ResponseInterface;
-
-/**
- * This controller is called when a user should be authorized
- * by an authorization server. As OAuth2 does not handle
- * authorization directly, this controller ensures the request is valid, but
- * requires the application to determine the value of $is_authorized
- *
- * ex:
- * > $user_id = $this->somehowDetermineUserId();
- * > $is_authorized = $this->somehowDetermineUserAuthorization();
- * > $response = new OAuth2\Response();
- * > $authorizeController->handleAuthorizeRequest(
- * > OAuth2\Request::createFromGlobals(),
- * > $response,
- * > $is_authorized,
- * > $user_id);
- * > $response->send();
- *
- */
-interface AuthorizeControllerInterface
-{
- /**
- * List of possible authentication response types.
- * The "authorization_code" mechanism exclusively supports 'code'
- * and the "implicit" mechanism exclusively supports 'token'.
- *
- * @var string
- * @see http://tools.ietf.org/html/rfc6749#section-4.1.1
- * @see http://tools.ietf.org/html/rfc6749#section-4.2.1
- */
- const RESPONSE_TYPE_AUTHORIZATION_CODE = 'code';
- const RESPONSE_TYPE_ACCESS_TOKEN = 'token';
-
- public function handleAuthorizeRequest(RequestInterface $request, ResponseInterface $response, $is_authorized, $user_id = null);
-
- public function validateAuthorizeRequest(RequestInterface $request, ResponseInterface $response);
-}
diff --git a/library/oauth2/src/OAuth2/Controller/ResourceController.php b/library/oauth2/src/OAuth2/Controller/ResourceController.php
deleted file mode 100644
index e8588188f..000000000
--- a/library/oauth2/src/OAuth2/Controller/ResourceController.php
+++ /dev/null
@@ -1,111 +0,0 @@
-<?php
-
-namespace OAuth2\Controller;
-
-use OAuth2\TokenType\TokenTypeInterface;
-use OAuth2\Storage\AccessTokenInterface;
-use OAuth2\ScopeInterface;
-use OAuth2\RequestInterface;
-use OAuth2\ResponseInterface;
-use OAuth2\Scope;
-
-/**
- * @see OAuth2\Controller\ResourceControllerInterface
- */
-class ResourceController implements ResourceControllerInterface
-{
- private $token;
-
- protected $tokenType;
- protected $tokenStorage;
- protected $config;
- protected $scopeUtil;
-
- public function __construct(TokenTypeInterface $tokenType, AccessTokenInterface $tokenStorage, $config = array(), ScopeInterface $scopeUtil = null)
- {
- $this->tokenType = $tokenType;
- $this->tokenStorage = $tokenStorage;
-
- $this->config = array_merge(array(
- 'www_realm' => 'Service',
- ), $config);
-
- if (is_null($scopeUtil)) {
- $scopeUtil = new Scope();
- }
- $this->scopeUtil = $scopeUtil;
- }
-
- public function verifyResourceRequest(RequestInterface $request, ResponseInterface $response, $scope = null)
- {
- $token = $this->getAccessTokenData($request, $response);
-
- // Check if we have token data
- if (is_null($token)) {
- return false;
- }
-
- /**
- * Check scope, if provided
- * If token doesn't have a scope, it's null/empty, or it's insufficient, then throw 403
- * @see http://tools.ietf.org/html/rfc6750#section-3.1
- */
- if ($scope && (!isset($token["scope"]) || !$token["scope"] || !$this->scopeUtil->checkScope($scope, $token["scope"]))) {
- $response->setError(403, 'insufficient_scope', 'The request requires higher privileges than provided by the access token');
- $response->addHttpHeaders(array(
- 'WWW-Authenticate' => sprintf('%s realm="%s", scope="%s", error="%s", error_description="%s"',
- $this->tokenType->getTokenType(),
- $this->config['www_realm'],
- $scope,
- $response->getParameter('error'),
- $response->getParameter('error_description')
- )
- ));
-
- return false;
- }
-
- // allow retrieval of the token
- $this->token = $token;
-
- return (bool) $token;
- }
-
- public function getAccessTokenData(RequestInterface $request, ResponseInterface $response)
- {
- // Get the token parameter
- if ($token_param = $this->tokenType->getAccessTokenParameter($request, $response)) {
- // Get the stored token data (from the implementing subclass)
- // Check we have a well formed token
- // Check token expiration (expires is a mandatory paramter)
- if (!$token = $this->tokenStorage->getAccessToken($token_param)) {
- $response->setError(401, 'invalid_token', 'The access token provided is invalid');
- } elseif (!isset($token["expires"]) || !isset($token["client_id"])) {
- $response->setError(401, 'malformed_token', 'Malformed token (missing "expires")');
- } elseif (time() > $token["expires"]) {
- $response->setError(401, 'expired_token', 'The access token provided has expired');
- } else {
- return $token;
- }
- }
-
- $authHeader = sprintf('%s realm="%s"', $this->tokenType->getTokenType(), $this->config['www_realm']);
-
- if ($error = $response->getParameter('error')) {
- $authHeader = sprintf('%s, error="%s"', $authHeader, $error);
- if ($error_description = $response->getParameter('error_description')) {
- $authHeader = sprintf('%s, error_description="%s"', $authHeader, $error_description);
- }
- }
-
- $response->addHttpHeaders(array('WWW-Authenticate' => $authHeader));
-
- return null;
- }
-
- // convenience method to allow retrieval of the token
- public function getToken()
- {
- return $this->token;
- }
-}
diff --git a/library/oauth2/src/OAuth2/Controller/ResourceControllerInterface.php b/library/oauth2/src/OAuth2/Controller/ResourceControllerInterface.php
deleted file mode 100644
index 611421935..000000000
--- a/library/oauth2/src/OAuth2/Controller/ResourceControllerInterface.php
+++ /dev/null
@@ -1,26 +0,0 @@
-<?php
-
-namespace OAuth2\Controller;
-
-use OAuth2\RequestInterface;
-use OAuth2\ResponseInterface;
-
-/**
- * This controller is called when a "resource" is requested.
- * call verifyResourceRequest in order to determine if the request
- * contains a valid token.
- *
- * ex:
- * > if (!$resourceController->verifyResourceRequest(OAuth2\Request::createFromGlobals(), $response = new OAuth2\Response())) {
- * > $response->send(); // authorization failed
- * > die();
- * > }
- * > return json_encode($resource); // valid token! Send the stuff!
- *
- */
-interface ResourceControllerInterface
-{
- public function verifyResourceRequest(RequestInterface $request, ResponseInterface $response, $scope = null);
-
- public function getAccessTokenData(RequestInterface $request, ResponseInterface $response);
-}
diff --git a/library/oauth2/src/OAuth2/Controller/TokenController.php b/library/oauth2/src/OAuth2/Controller/TokenController.php
deleted file mode 100644
index 42dab892f..000000000
--- a/library/oauth2/src/OAuth2/Controller/TokenController.php
+++ /dev/null
@@ -1,278 +0,0 @@
-<?php
-
-namespace OAuth2\Controller;
-
-use OAuth2\ResponseType\AccessTokenInterface;
-use OAuth2\ClientAssertionType\ClientAssertionTypeInterface;
-use OAuth2\GrantType\GrantTypeInterface;
-use OAuth2\ScopeInterface;
-use OAuth2\Scope;
-use OAuth2\Storage\ClientInterface;
-use OAuth2\RequestInterface;
-use OAuth2\ResponseInterface;
-
-/**
- * @see OAuth2\Controller\TokenControllerInterface
- */
-class TokenController implements TokenControllerInterface
-{
- protected $accessToken;
- protected $grantTypes;
- protected $clientAssertionType;
- protected $scopeUtil;
- protected $clientStorage;
-
- public function __construct(AccessTokenInterface $accessToken, ClientInterface $clientStorage, array $grantTypes = array(), ClientAssertionTypeInterface $clientAssertionType = null, ScopeInterface $scopeUtil = null)
- {
- if (is_null($clientAssertionType)) {
- foreach ($grantTypes as $grantType) {
- if (!$grantType instanceof ClientAssertionTypeInterface) {
- throw new \InvalidArgumentException('You must supply an instance of OAuth2\ClientAssertionType\ClientAssertionTypeInterface or only use grant types which implement OAuth2\ClientAssertionType\ClientAssertionTypeInterface');
- }
- }
- }
- $this->clientAssertionType = $clientAssertionType;
- $this->accessToken = $accessToken;
- $this->clientStorage = $clientStorage;
- foreach ($grantTypes as $grantType) {
- $this->addGrantType($grantType);
- }
-
- if (is_null($scopeUtil)) {
- $scopeUtil = new Scope();
- }
- $this->scopeUtil = $scopeUtil;
- }
-
- public function handleTokenRequest(RequestInterface $request, ResponseInterface $response)
- {
- if ($token = $this->grantAccessToken($request, $response)) {
- // @see http://tools.ietf.org/html/rfc6749#section-5.1
- // server MUST disable caching in headers when tokens are involved
- $response->setStatusCode(200);
- $response->addParameters($token);
- $response->addHttpHeaders(array(
- 'Cache-Control' => 'no-store',
- 'Pragma' => 'no-cache',
- 'Content-Type' => 'application/json'
- ));
- }
- }
-
- /**
- * Grant or deny a requested access token.
- * This would be called from the "/token" endpoint as defined in the spec.
- * You can call your endpoint whatever you want.
- *
- * @param $request - RequestInterface
- * Request object to grant access token
- *
- * @throws InvalidArgumentException
- * @throws LogicException
- *
- * @see http://tools.ietf.org/html/rfc6749#section-4
- * @see http://tools.ietf.org/html/rfc6749#section-10.6
- * @see http://tools.ietf.org/html/rfc6749#section-4.1.3
- *
- * @ingroup oauth2_section_4
- */
- public function grantAccessToken(RequestInterface $request, ResponseInterface $response)
- {
- if (strtolower($request->server('REQUEST_METHOD')) != 'post') {
- $response->setError(405, 'invalid_request', 'The request method must be POST when requesting an access token', '#section-3.2');
- $response->addHttpHeaders(array('Allow' => 'POST'));
-
- return null;
- }
-
- /**
- * Determine grant type from request
- * and validate the request for that grant type
- */
- if (!$grantTypeIdentifier = $request->request('grant_type')) {
- $response->setError(400, 'invalid_request', 'The grant type was not specified in the request');
-
- return null;
- }
-
- if (!isset($this->grantTypes[$grantTypeIdentifier])) {
- /* TODO: If this is an OAuth2 supported grant type that we have chosen not to implement, throw a 501 Not Implemented instead */
- $response->setError(400, 'unsupported_grant_type', sprintf('Grant type "%s" not supported', $grantTypeIdentifier));
-
- return null;
- }
-
- $grantType = $this->grantTypes[$grantTypeIdentifier];
-
- /**
- * Retrieve the client information from the request
- * ClientAssertionTypes allow for grant types which also assert the client data
- * in which case ClientAssertion is handled in the validateRequest method
- *
- * @see OAuth2\GrantType\JWTBearer
- * @see OAuth2\GrantType\ClientCredentials
- */
- if (!$grantType instanceof ClientAssertionTypeInterface) {
- if (!$this->clientAssertionType->validateRequest($request, $response)) {
- return null;
- }
- $clientId = $this->clientAssertionType->getClientId();
- }
-
- /**
- * Retrieve the grant type information from the request
- * The GrantTypeInterface object handles all validation
- * If the object is an instance of ClientAssertionTypeInterface,
- * That logic is handled here as well
- */
- if (!$grantType->validateRequest($request, $response)) {
- return null;
- }
-
- if ($grantType instanceof ClientAssertionTypeInterface) {
- $clientId = $grantType->getClientId();
- } else {
- // validate the Client ID (if applicable)
- if (!is_null($storedClientId = $grantType->getClientId()) && $storedClientId != $clientId) {
- $response->setError(400, 'invalid_grant', sprintf('%s doesn\'t exist or is invalid for the client', $grantTypeIdentifier));
-
- return null;
- }
- }
-
- /**
- * Validate the client can use the requested grant type
- */
- if (!$this->clientStorage->checkRestrictedGrantType($clientId, $grantTypeIdentifier)) {
- $response->setError(400, 'unauthorized_client', 'The grant type is unauthorized for this client_id');
-
- return false;
- }
-
- /**
- * Validate the scope of the token
- *
- * requestedScope - the scope specified in the token request
- * availableScope - the scope associated with the grant type
- * ex: in the case of the "Authorization Code" grant type,
- * the scope is specified in the authorize request
- *
- * @see http://tools.ietf.org/html/rfc6749#section-3.3
- */
-
- $requestedScope = $this->scopeUtil->getScopeFromRequest($request);
- $availableScope = $grantType->getScope();
-
- if ($requestedScope) {
- // validate the requested scope
- if ($availableScope) {
- if (!$this->scopeUtil->checkScope($requestedScope, $availableScope)) {
- $response->setError(400, 'invalid_scope', 'The scope requested is invalid for this request');
-
- return null;
- }
- } else {
- // validate the client has access to this scope
- if ($clientScope = $this->clientStorage->getClientScope($clientId)) {
- if (!$this->scopeUtil->checkScope($requestedScope, $clientScope)) {
- $response->setError(400, 'invalid_scope', 'The scope requested is invalid for this client');
-
- return false;
- }
- } elseif (!$this->scopeUtil->scopeExists($requestedScope)) {
- $response->setError(400, 'invalid_scope', 'An unsupported scope was requested');
-
- return null;
- }
- }
- } elseif ($availableScope) {
- // use the scope associated with this grant type
- $requestedScope = $availableScope;
- } else {
- // use a globally-defined default scope
- $defaultScope = $this->scopeUtil->getDefaultScope($clientId);
-
- // "false" means default scopes are not allowed
- if (false === $defaultScope) {
- $response->setError(400, 'invalid_scope', 'This application requires you specify a scope parameter');
-
- return null;
- }
-
- $requestedScope = $defaultScope;
- }
-
- return $grantType->createAccessToken($this->accessToken, $clientId, $grantType->getUserId(), $requestedScope);
- }
-
- /**
- * addGrantType
- *
- * @param grantType - OAuth2\GrantTypeInterface
- * the grant type to add for the specified identifier
- * @param identifier - string
- * a string passed in as "grant_type" in the response that will call this grantType
- */
- public function addGrantType(GrantTypeInterface $grantType, $identifier = null)
- {
- if (is_null($identifier) || is_numeric($identifier)) {
- $identifier = $grantType->getQuerystringIdentifier();
- }
-
- $this->grantTypes[$identifier] = $grantType;
- }
-
- public function handleRevokeRequest(RequestInterface $request, ResponseInterface $response)
- {
- if ($this->revokeToken($request, $response)) {
- $response->setStatusCode(200);
- $response->addParameters(array('revoked' => true));
- }
- }
-
- /**
- * Revoke a refresh or access token. Returns true on success and when tokens are invalid
- *
- * Note: invalid tokens do not cause an error response since the client
- * cannot handle such an error in a reasonable way. Moreover, the
- * purpose of the revocation request, invalidating the particular token,
- * is already achieved.
- *
- * @param RequestInterface $request
- * @param ResponseInterface $response
- * @return bool|null
- */
- public function revokeToken(RequestInterface $request, ResponseInterface $response)
- {
- if (strtolower($request->server('REQUEST_METHOD')) != 'post') {
- $response->setError(405, 'invalid_request', 'The request method must be POST when revoking an access token', '#section-3.2');
- $response->addHttpHeaders(array('Allow' => 'POST'));
-
- return null;
- }
-
- $token_type_hint = $request->request('token_type_hint');
- if (!in_array($token_type_hint, array(null, 'access_token', 'refresh_token'), true)) {
- $response->setError(400, 'invalid_request', 'Token type hint must be either \'access_token\' or \'refresh_token\'');
-
- return null;
- }
-
- $token = $request->request('token');
- if ($token === null) {
- $response->setError(400, 'invalid_request', 'Missing token parameter to revoke');
-
- return null;
- }
-
- // @todo remove this check for v2.0
- if (!method_exists($this->accessToken, 'revokeToken')) {
- $class = get_class($this->accessToken);
- throw new \RuntimeException("AccessToken {$class} does not implement required revokeToken method");
- }
-
- $this->accessToken->revokeToken($token, $token_type_hint);
-
- return true;
- }
-}
diff --git a/library/oauth2/src/OAuth2/Controller/TokenControllerInterface.php b/library/oauth2/src/OAuth2/Controller/TokenControllerInterface.php
deleted file mode 100644
index 72d72570f..000000000
--- a/library/oauth2/src/OAuth2/Controller/TokenControllerInterface.php
+++ /dev/null
@@ -1,32 +0,0 @@
-<?php
-
-namespace OAuth2\Controller;
-
-use OAuth2\RequestInterface;
-use OAuth2\ResponseInterface;
-
-/**
- * This controller is called when a token is being requested.
- * it is called to handle all grant types the application supports.
- * It also validates the client's credentials
- *
- * ex:
- * > $tokenController->handleTokenRequest(OAuth2\Request::createFromGlobals(), $response = new OAuth2\Response());
- * > $response->send();
- *
- */
-interface TokenControllerInterface
-{
- /**
- * handleTokenRequest
- *
- * @param $request
- * OAuth2\RequestInterface - The current http request
- * @param $response
- * OAuth2\ResponseInterface - An instance of OAuth2\ResponseInterface to contain the response data
- *
- */
- public function handleTokenRequest(RequestInterface $request, ResponseInterface $response);
-
- public function grantAccessToken(RequestInterface $request, ResponseInterface $response);
-}
diff --git a/library/oauth2/src/OAuth2/Encryption/EncryptionInterface.php b/library/oauth2/src/OAuth2/Encryption/EncryptionInterface.php
deleted file mode 100644
index 2d336c664..000000000
--- a/library/oauth2/src/OAuth2/Encryption/EncryptionInterface.php
+++ /dev/null
@@ -1,11 +0,0 @@
-<?php
-
-namespace OAuth2\Encryption;
-
-interface EncryptionInterface
-{
- public function encode($payload, $key, $algorithm = null);
- public function decode($payload, $key, $algorithm = null);
- public function urlSafeB64Encode($data);
- public function urlSafeB64Decode($b64);
-}
diff --git a/library/oauth2/src/OAuth2/Encryption/FirebaseJwt.php b/library/oauth2/src/OAuth2/Encryption/FirebaseJwt.php
deleted file mode 100644
index 1b527e0a0..000000000
--- a/library/oauth2/src/OAuth2/Encryption/FirebaseJwt.php
+++ /dev/null
@@ -1,47 +0,0 @@
-<?php
-
-namespace OAuth2\Encryption;
-
-/**
- * Bridge file to use the firebase/php-jwt package for JWT encoding and decoding.
- * @author Francis Chuang <francis.chuang@gmail.com>
- */
-class FirebaseJwt implements EncryptionInterface
-{
- public function __construct()
- {
- if (!class_exists('\JWT')) {
- throw new \ErrorException('firebase/php-jwt must be installed to use this feature. You can do this by running "composer require firebase/php-jwt"');
- }
- }
-
- public function encode($payload, $key, $alg = 'HS256', $keyId = null)
- {
- return \JWT::encode($payload, $key, $alg, $keyId);
- }
-
- public function decode($jwt, $key = null, $allowedAlgorithms = null)
- {
- try {
-
- //Maintain BC: Do not verify if no algorithms are passed in.
- if (!$allowedAlgorithms) {
- $key = null;
- }
-
- return (array)\JWT::decode($jwt, $key, $allowedAlgorithms);
- } catch (\Exception $e) {
- return false;
- }
- }
-
- public function urlSafeB64Encode($data)
- {
- return \JWT::urlsafeB64Encode($data);
- }
-
- public function urlSafeB64Decode($b64)
- {
- return \JWT::urlsafeB64Decode($b64);
- }
-}
diff --git a/library/oauth2/src/OAuth2/Encryption/Jwt.php b/library/oauth2/src/OAuth2/Encryption/Jwt.php
deleted file mode 100644
index ee576e643..000000000
--- a/library/oauth2/src/OAuth2/Encryption/Jwt.php
+++ /dev/null
@@ -1,173 +0,0 @@
-<?php
-
-namespace OAuth2\Encryption;
-
-/**
- * @link https://github.com/F21/jwt
- * @author F21
- */
-class Jwt implements EncryptionInterface
-{
- public function encode($payload, $key, $algo = 'HS256')
- {
- $header = $this->generateJwtHeader($payload, $algo);
-
- $segments = array(
- $this->urlSafeB64Encode(json_encode($header)),
- $this->urlSafeB64Encode(json_encode($payload))
- );
-
- $signing_input = implode('.', $segments);
-
- $signature = $this->sign($signing_input, $key, $algo);
- $segments[] = $this->urlsafeB64Encode($signature);
-
- return implode('.', $segments);
- }
-
- public function decode($jwt, $key = null, $allowedAlgorithms = true)
- {
- if (!strpos($jwt, '.')) {
- return false;
- }
-
- $tks = explode('.', $jwt);
-
- if (count($tks) != 3) {
- return false;
- }
-
- list($headb64, $payloadb64, $cryptob64) = $tks;
-
- if (null === ($header = json_decode($this->urlSafeB64Decode($headb64), true))) {
- return false;
- }
-
- if (null === $payload = json_decode($this->urlSafeB64Decode($payloadb64), true)) {
- return false;
- }
-
- $sig = $this->urlSafeB64Decode($cryptob64);
-
- if ((bool) $allowedAlgorithms) {
- if (!isset($header['alg'])) {
- return false;
- }
-
- // check if bool arg supplied here to maintain BC
- if (is_array($allowedAlgorithms) && !in_array($header['alg'], $allowedAlgorithms)) {
- return false;
- }
-
- if (!$this->verifySignature($sig, "$headb64.$payloadb64", $key, $header['alg'])) {
- return false;
- }
- }
-
- return $payload;
- }
-
- private function verifySignature($signature, $input, $key, $algo = 'HS256')
- {
- // use constants when possible, for HipHop support
- switch ($algo) {
- case'HS256':
- case'HS384':
- case'HS512':
- return $this->hash_equals(
- $this->sign($input, $key, $algo),
- $signature
- );
-
- case 'RS256':
- return openssl_verify($input, $signature, $key, defined('OPENSSL_ALGO_SHA256') ? OPENSSL_ALGO_SHA256 : 'sha256') === 1;
-
- case 'RS384':
- return @openssl_verify($input, $signature, $key, defined('OPENSSL_ALGO_SHA384') ? OPENSSL_ALGO_SHA384 : 'sha384') === 1;
-
- case 'RS512':
- return @openssl_verify($input, $signature, $key, defined('OPENSSL_ALGO_SHA512') ? OPENSSL_ALGO_SHA512 : 'sha512') === 1;
-
- default:
- throw new \InvalidArgumentException("Unsupported or invalid signing algorithm.");
- }
- }
-
- private function sign($input, $key, $algo = 'HS256')
- {
- switch ($algo) {
- case 'HS256':
- return hash_hmac('sha256', $input, $key, true);
-
- case 'HS384':
- return hash_hmac('sha384', $input, $key, true);
-
- case 'HS512':
- return hash_hmac('sha512', $input, $key, true);
-
- case 'RS256':
- return $this->generateRSASignature($input, $key, defined('OPENSSL_ALGO_SHA256') ? OPENSSL_ALGO_SHA256 : 'sha256');
-
- case 'RS384':
- return $this->generateRSASignature($input, $key, defined('OPENSSL_ALGO_SHA384') ? OPENSSL_ALGO_SHA384 : 'sha384');
-
- case 'RS512':
- return $this->generateRSASignature($input, $key, defined('OPENSSL_ALGO_SHA512') ? OPENSSL_ALGO_SHA512 : 'sha512');
-
- default:
- throw new \Exception("Unsupported or invalid signing algorithm.");
- }
- }
-
- private function generateRSASignature($input, $key, $algo)
- {
- if (!openssl_sign($input, $signature, $key, $algo)) {
- throw new \Exception("Unable to sign data.");
- }
-
- return $signature;
- }
-
- public function urlSafeB64Encode($data)
- {
- $b64 = base64_encode($data);
- $b64 = str_replace(array('+', '/', "\r", "\n", '='),
- array('-', '_'),
- $b64);
-
- return $b64;
- }
-
- public function urlSafeB64Decode($b64)
- {
- $b64 = str_replace(array('-', '_'),
- array('+', '/'),
- $b64);
-
- return base64_decode($b64);
- }
-
- /**
- * Override to create a custom header
- */
- protected function generateJwtHeader($payload, $algorithm)
- {
- return array(
- 'typ' => 'JWT',
- 'alg' => $algorithm,
- );
- }
-
- protected function hash_equals($a, $b)
- {
- if (function_exists('hash_equals')) {
- return hash_equals($a, $b);
- }
- $diff = strlen($a) ^ strlen($b);
- for ($i = 0; $i < strlen($a) && $i < strlen($b); $i++) {
- $diff |= ord($a[$i]) ^ ord($b[$i]);
- }
-
- return $diff === 0;
- }
-}
diff --git a/library/oauth2/src/OAuth2/GrantType/AuthorizationCode.php b/library/oauth2/src/OAuth2/GrantType/AuthorizationCode.php
deleted file mode 100644
index e8995204c..000000000
--- a/library/oauth2/src/OAuth2/GrantType/AuthorizationCode.php
+++ /dev/null
@@ -1,100 +0,0 @@
-<?php
-
-namespace OAuth2\GrantType;
-
-use OAuth2\Storage\AuthorizationCodeInterface;
-use OAuth2\ResponseType\AccessTokenInterface;
-use OAuth2\RequestInterface;
-use OAuth2\ResponseInterface;
-
-/**
- *
- * @author Brent Shaffer <bshafs at gmail dot com>
- */
-class AuthorizationCode implements GrantTypeInterface
-{
- protected $storage;
- protected $authCode;
-
- /**
- * @param OAuth2\Storage\AuthorizationCodeInterface $storage REQUIRED Storage class for retrieving authorization code information
- */
- public function __construct(AuthorizationCodeInterface $storage)
- {
- $this->storage = $storage;
- }
-
- public function getQuerystringIdentifier()
- {
- return 'authorization_code';
- }
-
- public function validateRequest(RequestInterface $request, ResponseInterface $response)
- {
- if (!$request->request('code')) {
- $response->setError(400, 'invalid_request', 'Missing parameter: "code" is required');
-
- return false;
- }
-
- $code = $request->request('code');
- if (!$authCode = $this->storage->getAuthorizationCode($code)) {
- $response->setError(400, 'invalid_grant', 'Authorization code doesn\'t exist or is invalid for the client');
-
- return false;
- }
-
- /*
- * 4.1.3 - ensure that the "redirect_uri" parameter is present if the "redirect_uri" parameter was included in the initial authorization request
- * @uri - http://tools.ietf.org/html/rfc6749#section-4.1.3
- */
- if (isset($authCode['redirect_uri']) && $authCode['redirect_uri']) {
- if (!$request->request('redirect_uri') || urldecode($request->request('redirect_uri')) != $authCode['redirect_uri']) {
- $response->setError(400, 'redirect_uri_mismatch', "The redirect URI is missing or do not match", "#section-4.1.3");
-
- return false;
- }
- }
-
- if (!isset($authCode['expires'])) {
- throw new \Exception('Storage must return authcode with a value for "expires"');
- }
-
- if ($authCode["expires"] < time()) {
- $response->setError(400, 'invalid_grant', "The authorization code has expired");
-
- return false;
- }
-
- if (!isset($authCode['code'])) {
- $authCode['code'] = $code; // used to expire the code after the access token is granted
- }
-
- $this->authCode = $authCode;
-
- return true;
- }
-
- public function getClientId()
- {
- return $this->authCode['client_id'];
- }
-
- public function getScope()
- {
- return isset($this->authCode['scope']) ? $this->authCode['scope'] : null;
- }
-
- public function getUserId()
- {
- return isset($this->authCode['user_id']) ? $this->authCode['user_id'] : null;
- }
-
- public function createAccessToken(AccessTokenInterface $accessToken, $client_id, $user_id, $scope)
- {
- $token = $accessToken->createAccessToken($client_id, $user_id, $scope);
- $this->storage->expireAuthorizationCode($this->authCode['code']);
-
- return $token;
- }
-}
diff --git a/library/oauth2/src/OAuth2/GrantType/ClientCredentials.php b/library/oauth2/src/OAuth2/GrantType/ClientCredentials.php
deleted file mode 100644
index f953e4e8d..000000000
--- a/library/oauth2/src/OAuth2/GrantType/ClientCredentials.php
+++ /dev/null
@@ -1,67 +0,0 @@
-<?php
-
-namespace OAuth2\GrantType;
-
-use OAuth2\ClientAssertionType\HttpBasic;
-use OAuth2\ResponseType\AccessTokenInterface;
-use OAuth2\Storage\ClientCredentialsInterface;
-
-/**
- * @author Brent Shaffer <bshafs at gmail dot com>
- *
- * @see OAuth2\ClientAssertionType_HttpBasic
- */
-class ClientCredentials extends HttpBasic implements GrantTypeInterface
-{
- private $clientData;
-
- public function __construct(ClientCredentialsInterface $storage, array $config = array())
- {
- /**
- * The client credentials grant type MUST only be used by confidential clients
- *
- * @see http://tools.ietf.org/html/rfc6749#section-4.4
- */
- $config['allow_public_clients'] = false;
-
- parent::__construct($storage, $config);
- }
-
- public function getQuerystringIdentifier()
- {
- return 'client_credentials';
- }
-
- public function getScope()
- {
- $this->loadClientData();
-
- return isset($this->clientData['scope']) ? $this->clientData['scope'] : null;
- }
-
- public function getUserId()
- {
- $this->loadClientData();
-
- return isset($this->clientData['user_id']) ? $this->clientData['user_id'] : null;
- }
-
- public function createAccessToken(AccessTokenInterface $accessToken, $client_id, $user_id, $scope)
- {
- /**
- * Client Credentials Grant does NOT include a refresh token
- *
- * @see http://tools.ietf.org/html/rfc6749#section-4.4.3
- */
- $includeRefreshToken = false;
-
- return $accessToken->createAccessToken($client_id, $user_id, $scope, $includeRefreshToken);
- }
-
- private function loadClientData()
- {
- if (!$this->clientData) {
- $this->clientData = $this->storage->getClientDetails($this->getClientId());
- }
- }
-}
diff --git a/library/oauth2/src/OAuth2/GrantType/GrantTypeInterface.php b/library/oauth2/src/OAuth2/GrantType/GrantTypeInterface.php
deleted file mode 100644
index 98489e9c1..000000000
--- a/library/oauth2/src/OAuth2/GrantType/GrantTypeInterface.php
+++ /dev/null
@@ -1,20 +0,0 @@
-<?php
-
-namespace OAuth2\GrantType;
-
-use OAuth2\ResponseType\AccessTokenInterface;
-use OAuth2\RequestInterface;
-use OAuth2\ResponseInterface;
-
-/**
- * Interface for all OAuth2 Grant Types
- */
-interface GrantTypeInterface
-{
- public function getQuerystringIdentifier();
- public function validateRequest(RequestInterface $request, ResponseInterface $response);
- public function getClientId();
- public function getUserId();
- public function getScope();
- public function createAccessToken(AccessTokenInterface $accessToken, $client_id, $user_id, $scope);
-}
diff --git a/library/oauth2/src/OAuth2/GrantType/JwtBearer.php b/library/oauth2/src/OAuth2/GrantType/JwtBearer.php
deleted file mode 100644
index bb11a6954..000000000
--- a/library/oauth2/src/OAuth2/GrantType/JwtBearer.php
+++ /dev/null
@@ -1,226 +0,0 @@
-<?php
-
-namespace OAuth2\GrantType;
-
-use OAuth2\ClientAssertionType\ClientAssertionTypeInterface;
-use OAuth2\Storage\JwtBearerInterface;
-use OAuth2\Encryption\Jwt;
-use OAuth2\Encryption\EncryptionInterface;
-use OAuth2\ResponseType\AccessTokenInterface;
-use OAuth2\RequestInterface;
-use OAuth2\ResponseInterface;
-
-/**
- * The JWT bearer authorization grant implements JWT (JSON Web Tokens) as a grant type per the IETF draft.
- *
- * @see http://tools.ietf.org/html/draft-ietf-oauth-jwt-bearer-04#section-4
- *
- * @author F21
- * @author Brent Shaffer <bshafs at gmail dot com>
- */
-class JwtBearer implements GrantTypeInterface, ClientAssertionTypeInterface
-{
- private $jwt;
-
- protected $storage;
- protected $audience;
- protected $jwtUtil;
- protected $allowedAlgorithms;
-
- /**
- * Creates an instance of the JWT bearer grant type.
- *
- * @param OAuth2\Storage\JWTBearerInterface|JwtBearerInterface $storage A valid storage interface that implements storage hooks for the JWT bearer grant type.
- * @param string $audience The audience to validate the token against. This is usually the full URI of the OAuth token requests endpoint.
- * @param EncryptionInterface|OAuth2\Encryption\JWT $jwtUtil OPTONAL The class used to decode, encode and verify JWTs.
- * @param array $config
- */
- public function __construct(JwtBearerInterface $storage, $audience, EncryptionInterface $jwtUtil = null, array $config = array())
- {
- $this->storage = $storage;
- $this->audience = $audience;
-
- if (is_null($jwtUtil)) {
- $jwtUtil = new Jwt();
- }
-
- $this->config = array_merge(array(
- 'allowed_algorithms' => array('RS256', 'RS384', 'RS512')
- ), $config);
-
- $this->jwtUtil = $jwtUtil;
-
- $this->allowedAlgorithms = $this->config['allowed_algorithms'];
- }
-
- /**
- * Returns the grant_type get parameter to identify the grant type request as JWT bearer authorization grant.
- *
- * @return
- * The string identifier for grant_type.
- *
- * @see OAuth2\GrantType\GrantTypeInterface::getQuerystringIdentifier()
- */
- public function getQuerystringIdentifier()
- {
- return 'urn:ietf:params:oauth:grant-type:jwt-bearer';
- }
-
- /**
- * Validates the data from the decoded JWT.
- *
- * @return
- * TRUE if the JWT request is valid and can be decoded. Otherwise, FALSE is returned.
- *
- * @see OAuth2\GrantType\GrantTypeInterface::getTokenData()
- */
- public function validateRequest(RequestInterface $request, ResponseInterface $response)
- {
- if (!$request->request("assertion")) {
- $response->setError(400, 'invalid_request', 'Missing parameters: "assertion" required');
-
- return null;
- }
-
- // Store the undecoded JWT for later use
- $undecodedJWT = $request->request('assertion');
-
- // Decode the JWT
- $jwt = $this->jwtUtil->decode($request->request('assertion'), null, false);
-
- if (!$jwt) {
- $response->setError(400, 'invalid_request', "JWT is malformed");
-
- return null;
- }
-
- // ensure these properties contain a value
- // @todo: throw malformed error for missing properties
- $jwt = array_merge(array(
- 'scope' => null,
- 'iss' => null,
- 'sub' => null,
- 'aud' => null,
- 'exp' => null,
- 'nbf' => null,
- 'iat' => null,
- 'jti' => null,
- 'typ' => null,
- ), $jwt);
-
- if (!isset($jwt['iss'])) {
- $response->setError(400, 'invalid_grant', "Invalid issuer (iss) provided");
-
- return null;
- }
-
- if (!isset($jwt['sub'])) {
- $response->setError(400, 'invalid_grant', "Invalid subject (sub) provided");
-
- return null;
- }
-
- if (!isset($jwt['exp'])) {
- $response->setError(400, 'invalid_grant', "Expiration (exp) time must be present");
-
- return null;
- }
-
- // Check expiration
- if (ctype_digit($jwt['exp'])) {
- if ($jwt['exp'] <= time()) {
- $response->setError(400, 'invalid_grant', "JWT has expired");
-
- return null;
- }
- } else {
- $response->setError(400, 'invalid_grant', "Expiration (exp) time must be a unix time stamp");
-
- return null;
- }
-
- // Check the not before time
- if ($notBefore = $jwt['nbf']) {
- if (ctype_digit($notBefore)) {
- if ($notBefore > time()) {
- $response->setError(400, 'invalid_grant', "JWT cannot be used before the Not Before (nbf) time");
-
- return null;
- }
- } else {
- $response->setError(400, 'invalid_grant', "Not Before (nbf) time must be a unix time stamp");
-
- return null;
- }
- }
-
- // Check the audience if required to match
- if (!isset($jwt['aud']) || ($jwt['aud'] != $this->audience)) {
- $response->setError(400, 'invalid_grant', "Invalid audience (aud)");
-
- return null;
- }
-
- // Check the jti (nonce)
- // @see http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-13#section-4.1.7
- if (isset($jwt['jti'])) {
- $jti = $this->storage->getJti($jwt['iss'], $jwt['sub'], $jwt['aud'], $jwt['exp'], $jwt['jti']);
-
- //Reject if jti is used and jwt is still valid (exp parameter has not expired).
- if ($jti && $jti['expires'] > time()) {
- $response->setError(400, 'invalid_grant', "JSON Token Identifier (jti) has already been used");
-
- return null;
- } else {
- $this->storage->setJti($jwt['iss'], $jwt['sub'], $jwt['aud'], $jwt['exp'], $jwt['jti']);
- }
- }
-
- // Get the iss's public key
- // @see http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-06#section-4.1.1
- if (!$key = $this->storage->getClientKey($jwt['iss'], $jwt['sub'])) {
- $response->setError(400, 'invalid_grant', "Invalid issuer (iss) or subject (sub) provided");
-
- return null;
- }
-
- // Verify the JWT
- if (!$this->jwtUtil->decode($undecodedJWT, $key, $this->allowedAlgorithms)) {
- $response->setError(400, 'invalid_grant', "JWT failed signature verification");
-
- return null;
- }
-
- $this->jwt = $jwt;
-
- return true;
- }
-
- public function getClientId()
- {
- return $this->jwt['iss'];
- }
-
- public function getUserId()
- {
- return $this->jwt['sub'];
- }
-
- public function getScope()
- {
- return null;
- }
-
- /**
- * Creates an access token that is NOT associated with a refresh token.
- * If a subject (sub) the name of the user/account we are accessing data on behalf of.
- *
- * @see OAuth2\GrantType\GrantTypeInterface::createAccessToken()
- */
- public function createAccessToken(AccessTokenInterface $accessToken, $client_id, $user_id, $scope)
- {
- $includeRefreshToken = false;
-
- return $accessToken->createAccessToken($client_id, $user_id, $scope, $includeRefreshToken);
- }
-}
diff --git a/library/oauth2/src/OAuth2/GrantType/RefreshToken.php b/library/oauth2/src/OAuth2/GrantType/RefreshToken.php
deleted file mode 100644
index e55385222..000000000
--- a/library/oauth2/src/OAuth2/GrantType/RefreshToken.php
+++ /dev/null
@@ -1,111 +0,0 @@
-<?php
-
-namespace OAuth2\GrantType;
-
-use OAuth2\Storage\RefreshTokenInterface;
-use OAuth2\ResponseType\AccessTokenInterface;
-use OAuth2\RequestInterface;
-use OAuth2\ResponseInterface;
-
-/**
- *
- * @author Brent Shaffer <bshafs at gmail dot com>
- */
-class RefreshToken implements GrantTypeInterface
-{
- private $refreshToken;
-
- protected $storage;
- protected $config;
-
- /**
- * @param OAuth2\Storage\RefreshTokenInterface $storage REQUIRED Storage class for retrieving refresh token information
- * @param array $config OPTIONAL Configuration options for the server
- * <code>
- * $config = array(
- * 'always_issue_new_refresh_token' => true, // whether to issue a new refresh token upon successful token request
- * 'unset_refresh_token_after_use' => true // whether to unset the refresh token after after using
- * );
- * </code>
- */
- public function __construct(RefreshTokenInterface $storage, $config = array())
- {
- $this->config = array_merge(array(
- 'always_issue_new_refresh_token' => false,
- 'unset_refresh_token_after_use' => true
- ), $config);
-
- // to preserve B.C. with v1.6
- // @see https://github.com/bshaffer/oauth2-server-php/pull/580
- // @todo - remove in v2.0
- if (isset($config['always_issue_new_refresh_token']) && !isset($config['unset_refresh_token_after_use'])) {
- $this->config['unset_refresh_token_after_use'] = $config['always_issue_new_refresh_token'];
- }
-
- $this->storage = $storage;
- }
-
- public function getQuerystringIdentifier()
- {
- return 'refresh_token';
- }
-
- public function validateRequest(RequestInterface $request, ResponseInterface $response)
- {
- if (!$request->request("refresh_token")) {
- $response->setError(400, 'invalid_request', 'Missing parameter: "refresh_token" is required');
-
- return null;
- }
-
- if (!$refreshToken = $this->storage->getRefreshToken($request->request("refresh_token"))) {
- $response->setError(400, 'invalid_grant', 'Invalid refresh token');
-
- return null;
- }
-
- if ($refreshToken['expires'] > 0 && $refreshToken["expires"] < time()) {
- $response->setError(400, 'invalid_grant', 'Refresh token has expired');
-
- return null;
- }
-
- // store the refresh token locally so we can delete it when a new refresh token is generated
- $this->refreshToken = $refreshToken;
-
- return true;
- }
-
- public function getClientId()
- {
- return $this->refreshToken['client_id'];
- }
-
- public function getUserId()
- {
- return isset($this->refreshToken['user_id']) ? $this->refreshToken['user_id'] : null;
- }
-
- public function getScope()
- {
- return isset($this->refreshToken['scope']) ? $this->refreshToken['scope'] : null;
- }
-
- public function createAccessToken(AccessTokenInterface $accessToken, $client_id, $user_id, $scope)
- {
- /*
- * It is optional to force a new refresh token when a refresh token is used.
- * However, if a new refresh token is issued, the old one MUST be expired
- * @see http://tools.ietf.org/html/rfc6749#section-6
- */
- $issueNewRefreshToken = $this->config['always_issue_new_refresh_token'];
- $unsetRefreshToken = $this->config['unset_refresh_token_after_use'];
- $token = $accessToken->createAccessToken($client_id, $user_id, $scope, $issueNewRefreshToken);
-
- if ($unsetRefreshToken) {
- $this->storage->unsetRefreshToken($this->refreshToken['refresh_token']);
- }
-
- return $token;
- }
-}
diff --git a/library/oauth2/src/OAuth2/GrantType/UserCredentials.php b/library/oauth2/src/OAuth2/GrantType/UserCredentials.php
deleted file mode 100644
index f165538ba..000000000
--- a/library/oauth2/src/OAuth2/GrantType/UserCredentials.php
+++ /dev/null
@@ -1,83 +0,0 @@
-<?php
-
-namespace OAuth2\GrantType;
-
-use OAuth2\Storage\UserCredentialsInterface;
-use OAuth2\ResponseType\AccessTokenInterface;
-use OAuth2\RequestInterface;
-use OAuth2\ResponseInterface;
-
-/**
- *
- * @author Brent Shaffer <bshafs at gmail dot com>
- */
-class UserCredentials implements GrantTypeInterface
-{
- private $userInfo;
-
- protected $storage;
-
- /**
- * @param OAuth2\Storage\UserCredentialsInterface $storage REQUIRED Storage class for retrieving user credentials information
- */
- public function __construct(UserCredentialsInterface $storage)
- {
- $this->storage = $storage;
- }
-
- public function getQuerystringIdentifier()
- {
- return 'password';
- }
-
- public function validateRequest(RequestInterface $request, ResponseInterface $response)
- {
- if (!$request->request("password") || !$request->request("username")) {
- $response->setError(400, 'invalid_request', 'Missing parameters: "username" and "password" required');
-
- return null;
- }
-
- if (!$this->storage->checkUserCredentials($request->request("username"), $request->request("password"))) {
- $response->setError(401, 'invalid_grant', 'Invalid username and password combination');
-
- return null;
- }
-
- $userInfo = $this->storage->getUserDetails($request->request("username"));
-
- if (empty($userInfo)) {
- $response->setError(400, 'invalid_grant', 'Unable to retrieve user information');
-
- return null;
- }
-
- if (!isset($userInfo['user_id'])) {
- throw new \LogicException("you must set the user_id on the array returned by getUserDetails");
- }
-
- $this->userInfo = $userInfo;
-
- return true;
- }
-
- public function getClientId()
- {
- return null;
- }
-
- public function getUserId()
- {
- return $this->userInfo['user_id'];
- }
-
- public function getScope()
- {
- return isset($this->userInfo['scope']) ? $this->userInfo['scope'] : null;
- }
-
- public function createAccessToken(AccessTokenInterface $accessToken, $client_id, $user_id, $scope)
- {
- return $accessToken->createAccessToken($client_id, $user_id, $scope);
- }
-}
diff --git a/library/oauth2/src/OAuth2/OpenID/Controller/AuthorizeController.php b/library/oauth2/src/OAuth2/OpenID/Controller/AuthorizeController.php
deleted file mode 100644
index c9b5c6af7..000000000
--- a/library/oauth2/src/OAuth2/OpenID/Controller/AuthorizeController.php
+++ /dev/null
@@ -1,106 +0,0 @@
-<?php
-
-namespace OAuth2\OpenID\Controller;
-
-use OAuth2\Controller\AuthorizeController as BaseAuthorizeController;
-use OAuth2\RequestInterface;
-use OAuth2\ResponseInterface;
-
-/**
- * @see OAuth2\Controller\AuthorizeControllerInterface
- */
-class AuthorizeController extends BaseAuthorizeController implements AuthorizeControllerInterface
-{
- private $nonce;
-
- protected function setNotAuthorizedResponse(RequestInterface $request, ResponseInterface $response, $redirect_uri, $user_id = null)
- {
- $prompt = $request->query('prompt', 'consent');
- if ($prompt == 'none') {
- if (is_null($user_id)) {
- $error = 'login_required';
- $error_message = 'The user must log in';
- } else {
- $error = 'interaction_required';
- $error_message = 'The user must grant access to your application';
- }
- } else {
- $error = 'consent_required';
- $error_message = 'The user denied access to your application';
- }
-
- $response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $this->getState(), $error, $error_message);
- }
-
- protected function buildAuthorizeParameters($request, $response, $user_id)
- {
- if (!$params = parent::buildAuthorizeParameters($request, $response, $user_id)) {
- return;
- }
-
- // Generate an id token if needed.
- if ($this->needsIdToken($this->getScope()) && $this->getResponseType() == self::RESPONSE_TYPE_AUTHORIZATION_CODE) {
- $params['id_token'] = $this->responseTypes['id_token']->createIdToken($this->getClientId(), $user_id, $this->nonce);
- }
-
- // add the nonce to return with the redirect URI
- $params['nonce'] = $this->nonce;
-
- return $params;
- }
-
- public function validateAuthorizeRequest(RequestInterface $request, ResponseInterface $response)
- {
- if (!parent::validateAuthorizeRequest($request, $response)) {
- return false;
- }
-
- $nonce = $request->query('nonce');
-
- // Validate required nonce for "id_token" and "id_token token"
- if (!$nonce && in_array($this->getResponseType(), array(self::RESPONSE_TYPE_ID_TOKEN, self::RESPONSE_TYPE_ID_TOKEN_TOKEN))) {
- $response->setError(400, 'invalid_nonce', 'This application requires you specify a nonce parameter');
-
- return false;
- }
-
- $this->nonce = $nonce;
-
- return true;
- }
-
- protected function getValidResponseTypes()
- {
- return array(
- self::RESPONSE_TYPE_ACCESS_TOKEN,
- self::RESPONSE_TYPE_AUTHORIZATION_CODE,
- self::RESPONSE_TYPE_ID_TOKEN,
- self::RESPONSE_TYPE_ID_TOKEN_TOKEN,
- self::RESPONSE_TYPE_CODE_ID_TOKEN,
- );
- }
-
- /**
- * Returns whether the current request needs to generate an id token.
- *
- * ID Tokens are a part of the OpenID Connect specification, so this
- * method checks whether OpenID Connect is enabled in the server settings
- * and whether the openid scope was requested.
- *
- * @param $request_scope
- * A space-separated string of scopes.
- *
- * @return
- * TRUE if an id token is needed, FALSE otherwise.
- */
- public function needsIdToken($request_scope)
- {
- // see if the "openid" scope exists in the requested scope
- return $this->scopeUtil->checkScope('openid', $request_scope);
- }
-
- public function getNonce()
- {
- return $this->nonce;
- }
-}
diff --git a/library/oauth2/src/OAuth2/OpenID/Controller/AuthorizeControllerInterface.php b/library/oauth2/src/OAuth2/OpenID/Controller/AuthorizeControllerInterface.php
deleted file mode 100644
index 1e231d844..000000000
--- a/library/oauth2/src/OAuth2/OpenID/Controller/AuthorizeControllerInterface.php
+++ /dev/null
@@ -1,10 +0,0 @@
-<?php
-
-namespace OAuth2\OpenID\Controller;
-
-interface AuthorizeControllerInterface
-{
- const RESPONSE_TYPE_ID_TOKEN = 'id_token';
- const RESPONSE_TYPE_ID_TOKEN_TOKEN = 'id_token token';
- const RESPONSE_TYPE_CODE_ID_TOKEN = 'code id_token';
-}
diff --git a/library/oauth2/src/OAuth2/OpenID/Controller/UserInfoController.php b/library/oauth2/src/OAuth2/OpenID/Controller/UserInfoController.php
deleted file mode 100644
index 30cb942d0..000000000
--- a/library/oauth2/src/OAuth2/OpenID/Controller/UserInfoController.php
+++ /dev/null
@@ -1,58 +0,0 @@
-<?php
-
-namespace OAuth2\OpenID\Controller;
-
-use OAuth2\Scope;
-use OAuth2\TokenType\TokenTypeInterface;
-use OAuth2\Storage\AccessTokenInterface;
-use OAuth2\OpenID\Storage\UserClaimsInterface;
-use OAuth2\Controller\ResourceController;
-use OAuth2\ScopeInterface;
-use OAuth2\RequestInterface;
-use OAuth2\ResponseInterface;
-
-/**
- * @see OAuth2\Controller\UserInfoControllerInterface
- */
-class UserInfoController extends ResourceController implements UserInfoControllerInterface
-{
- private $token;
-
- protected $tokenType;
- protected $tokenStorage;
- protected $userClaimsStorage;
- protected $config;
- protected $scopeUtil;
-
- public function __construct(TokenTypeInterface $tokenType, AccessTokenInterface $tokenStorage, UserClaimsInterface $userClaimsStorage, $config = array(), ScopeInterface $scopeUtil = null)
- {
- $this->tokenType = $tokenType;
- $this->tokenStorage = $tokenStorage;
- $this->userClaimsStorage = $userClaimsStorage;
-
- $this->config = array_merge(array(
- 'www_realm' => 'Service',
- ), $config);
-
- if (is_null($scopeUtil)) {
- $scopeUtil = new Scope();
- }
- $this->scopeUtil = $scopeUtil;
- }
-
- public function handleUserInfoRequest(RequestInterface $request, ResponseInterface $response)
- {
- if (!$this->verifyResourceRequest($request, $response, 'openid')) {
- return;
- }
-
- $token = $this->getToken();
- $claims = $this->userClaimsStorage->getUserClaims($token['user_id'], $token['scope']);
- // The sub Claim MUST always be returned in the UserInfo Response.
- // http://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse
- $claims += array(
- 'sub' => $token['user_id'],
- );
- $response->addParameters($claims);
- }
-}
diff --git a/library/oauth2/src/OAuth2/OpenID/Controller/UserInfoControllerInterface.php b/library/oauth2/src/OAuth2/OpenID/Controller/UserInfoControllerInterface.php
deleted file mode 100644
index a89049d49..000000000
--- a/library/oauth2/src/OAuth2/OpenID/Controller/UserInfoControllerInterface.php
+++ /dev/null
@@ -1,23 +0,0 @@
-<?php
-
-namespace OAuth2\OpenID\Controller;
-
-use OAuth2\RequestInterface;
-use OAuth2\ResponseInterface;
-
-/**
- * This controller is called when the user claims for OpenID Connect's
- * UserInfo endpoint should be returned.
- *
- * ex:
- * > $response = new OAuth2\Response();
- * > $userInfoController->handleUserInfoRequest(
- * > OAuth2\Request::createFromGlobals(),
- * > $response;
- * > $response->send();
- *
- */
-interface UserInfoControllerInterface
-{
- public function handleUserInfoRequest(RequestInterface $request, ResponseInterface $response);
-}
diff --git a/library/oauth2/src/OAuth2/OpenID/GrantType/AuthorizationCode.php b/library/oauth2/src/OAuth2/OpenID/GrantType/AuthorizationCode.php
deleted file mode 100644
index 8ed1edc26..000000000
--- a/library/oauth2/src/OAuth2/OpenID/GrantType/AuthorizationCode.php
+++ /dev/null
@@ -1,33 +0,0 @@
-<?php
-
-namespace OAuth2\OpenID\GrantType;
-
-use OAuth2\GrantType\AuthorizationCode as BaseAuthorizationCode;
-use OAuth2\ResponseType\AccessTokenInterface;
-
-/**
- *
- * @author Brent Shaffer <bshafs at gmail dot com>
- */
-class AuthorizationCode extends BaseAuthorizationCode
-{
- public function createAccessToken(AccessTokenInterface $accessToken, $client_id, $user_id, $scope)
- {
- $includeRefreshToken = true;
- if (isset($this->authCode['id_token'])) {
- // OpenID Connect requests include the refresh token only if the
- // offline_access scope has been requested and granted.
- $scopes = explode(' ', trim($scope));
- $includeRefreshToken = in_array('offline_access', $scopes);
- }
-
- $token = $accessToken->createAccessToken($client_id, $user_id, $scope, $includeRefreshToken);
- if (isset($this->authCode['id_token'])) {
- $token['id_token'] = $this->authCode['id_token'];
- }
-
- $this->storage->expireAuthorizationCode($this->authCode['code']);
-
- return $token;
- }
-}
diff --git a/library/oauth2/src/OAuth2/OpenID/ResponseType/AuthorizationCode.php b/library/oauth2/src/OAuth2/OpenID/ResponseType/AuthorizationCode.php
deleted file mode 100644
index 8971954c5..000000000
--- a/library/oauth2/src/OAuth2/OpenID/ResponseType/AuthorizationCode.php
+++ /dev/null
@@ -1,60 +0,0 @@
-<?php
-
-namespace OAuth2\OpenID\ResponseType;
-
-use OAuth2\ResponseType\AuthorizationCode as BaseAuthorizationCode;
-use OAuth2\OpenID\Storage\AuthorizationCodeInterface as AuthorizationCodeStorageInterface;
-
-/**
- *
- * @author Brent Shaffer <bshafs at gmail dot com>
- */
-class AuthorizationCode extends BaseAuthorizationCode implements AuthorizationCodeInterface
-{
- public function __construct(AuthorizationCodeStorageInterface $storage, array $config = array())
- {
- parent::__construct($storage, $config);
- }
-
- public function getAuthorizeResponse($params, $user_id = null)
- {
- // build the URL to redirect to
- $result = array('query' => array());
-
- $params += array('scope' => null, 'state' => null, 'id_token' => null);
-
- $result['query']['code'] = $this->createAuthorizationCode($params['client_id'], $user_id, $params['redirect_uri'], $params['scope'], $params['id_token']);
-
- if (isset($params['state'])) {
- $result['query']['state'] = $params['state'];
- }
-
- return array($params['redirect_uri'], $result);
- }
-
- /**
- * Handle the creation of the authorization code.
- *
- * @param $client_id
- * Client identifier related to the authorization code
- * @param $user_id
- * User ID associated with the authorization code
- * @param $redirect_uri
- * An absolute URI to which the authorization server will redirect the
- * user-agent to when the end-user authorization step is completed.
- * @param $scope
- * (optional) Scopes to be stored in space-separated string.
- * @param $id_token
- * (optional) The OpenID Connect id_token.
- *
- * @see http://tools.ietf.org/html/rfc6749#section-4
- * @ingroup oauth2_section_4
- */
- public function createAuthorizationCode($client_id, $user_id, $redirect_uri, $scope = null, $id_token = null)
- {
- $code = $this->generateAuthorizationCode();
- $this->storage->setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, time() + $this->config['auth_code_lifetime'], $scope, $id_token);
-
- return $code;
- }
-}
diff --git a/library/oauth2/src/OAuth2/OpenID/ResponseType/AuthorizationCodeInterface.php b/library/oauth2/src/OAuth2/OpenID/ResponseType/AuthorizationCodeInterface.php
deleted file mode 100644
index ea4779255..000000000
--- a/library/oauth2/src/OAuth2/OpenID/ResponseType/AuthorizationCodeInterface.php
+++ /dev/null
@@ -1,27 +0,0 @@
-<?php
-
-namespace OAuth2\OpenID\ResponseType;
-
-use OAuth2\ResponseType\AuthorizationCodeInterface as BaseAuthorizationCodeInterface;
-
-/**
- *
- * @author Brent Shaffer <bshafs at gmail dot com>
- */
-interface AuthorizationCodeInterface extends BaseAuthorizationCodeInterface
-{
- /**
- * Handle the creation of the authorization code.
- *
- * @param $client_id Client identifier related to the authorization code
- * @param $user_id User ID associated with the authorization code
- * @param $redirect_uri An absolute URI to which the authorization server will redirect the
- * user-agent to when the end-user authorization step is completed.
- * @param $scope OPTIONAL Scopes to be stored in space-separated string.
- * @param $id_token OPTIONAL The OpenID Connect id_token.
- *
- * @see http://tools.ietf.org/html/rfc6749#section-4
- * @ingroup oauth2_section_4
- */
- public function createAuthorizationCode($client_id, $user_id, $redirect_uri, $scope = null, $id_token = null);
-}
diff --git a/library/oauth2/src/OAuth2/OpenID/ResponseType/CodeIdToken.php b/library/oauth2/src/OAuth2/OpenID/ResponseType/CodeIdToken.php
deleted file mode 100644
index ac7764d6c..000000000
--- a/library/oauth2/src/OAuth2/OpenID/ResponseType/CodeIdToken.php
+++ /dev/null
@@ -1,24 +0,0 @@
-<?php
-
-namespace OAuth2\OpenID\ResponseType;
-
-class CodeIdToken implements CodeIdTokenInterface
-{
- protected $authCode;
- protected $idToken;
-
- public function __construct(AuthorizationCodeInterface $authCode, IdTokenInterface $idToken)
- {
- $this->authCode = $authCode;
- $this->idToken = $idToken;
- }
-
- public function getAuthorizeResponse($params, $user_id = null)
- {
- $result = $this->authCode->getAuthorizeResponse($params, $user_id);
- $resultIdToken = $this->idToken->getAuthorizeResponse($params, $user_id);
- $result[1]['query']['id_token'] = $resultIdToken[1]['fragment']['id_token'];
-
- return $result;
- }
-}
diff --git a/library/oauth2/src/OAuth2/OpenID/ResponseType/CodeIdTokenInterface.php b/library/oauth2/src/OAuth2/OpenID/ResponseType/CodeIdTokenInterface.php
deleted file mode 100644
index 629adcca8..000000000
--- a/library/oauth2/src/OAuth2/OpenID/ResponseType/CodeIdTokenInterface.php
+++ /dev/null
@@ -1,9 +0,0 @@
-<?php
-
-namespace OAuth2\OpenID\ResponseType;
-
-use OAuth2\ResponseType\ResponseTypeInterface;
-
-interface CodeIdTokenInterface extends ResponseTypeInterface
-{
-}
diff --git a/library/oauth2/src/OAuth2/OpenID/ResponseType/IdToken.php b/library/oauth2/src/OAuth2/OpenID/ResponseType/IdToken.php
deleted file mode 100644
index 97777fbf2..000000000
--- a/library/oauth2/src/OAuth2/OpenID/ResponseType/IdToken.php
+++ /dev/null
@@ -1,124 +0,0 @@
-<?php
-
-namespace OAuth2\OpenID\ResponseType;
-
-use OAuth2\Encryption\EncryptionInterface;
-use OAuth2\Encryption\Jwt;
-use OAuth2\Storage\PublicKeyInterface;
-use OAuth2\OpenID\Storage\UserClaimsInterface;
-
-class IdToken implements IdTokenInterface
-{
- protected $userClaimsStorage;
- protected $publicKeyStorage;
- protected $config;
- protected $encryptionUtil;
-
- public function __construct(UserClaimsInterface $userClaimsStorage, PublicKeyInterface $publicKeyStorage, array $config = array(), EncryptionInterface $encryptionUtil = null)
- {
- $this->userClaimsStorage = $userClaimsStorage;
- $this->publicKeyStorage = $publicKeyStorage;
- if (is_null($encryptionUtil)) {
- $encryptionUtil = new Jwt();
- }
- $this->encryptionUtil = $encryptionUtil;
-
- if (!isset($config['issuer'])) {
- throw new \LogicException('config parameter "issuer" must be set');
- }
- $this->config = array_merge(array(
- 'id_lifetime' => 3600,
- ), $config);
- }
-
- public function getAuthorizeResponse($params, $userInfo = null)
- {
- // build the URL to redirect to
- $result = array('query' => array());
- $params += array('scope' => null, 'state' => null, 'nonce' => null);
-
- // create the id token.
- list($user_id, $auth_time) = $this->getUserIdAndAuthTime($userInfo);
- $userClaims = $this->userClaimsStorage->getUserClaims($user_id, $params['scope']);
-
- $id_token = $this->createIdToken($params['client_id'], $userInfo, $params['nonce'], $userClaims, null);
- $result["fragment"] = array('id_token' => $id_token);
- if (isset($params['state'])) {
- $result["fragment"]["state"] = $params['state'];
- }
-
- return array($params['redirect_uri'], $result);
- }
-
- public function createIdToken($client_id, $userInfo, $nonce = null, $userClaims = null, $access_token = null)
- {
- // pull auth_time from user info if supplied
- list($user_id, $auth_time) = $this->getUserIdAndAuthTime($userInfo);
-
- $token = array(
- 'iss' => $this->config['issuer'],
- 'sub' => $user_id,
- 'aud' => $client_id,
- 'iat' => time(),
- 'exp' => time() + $this->config['id_lifetime'],
- 'auth_time' => $auth_time,
- );
-
- if ($nonce) {
- $token['nonce'] = $nonce;
- }
-
- if ($userClaims) {
- $token += $userClaims;
- }
-
- if ($access_token) {
- $token['at_hash'] = $this->createAtHash($access_token, $client_id);
- }
-
- return $this->encodeToken($token, $client_id);
- }
-
- protected function createAtHash($access_token, $client_id = null)
- {
- // maps HS256 and RS256 to sha256, etc.
- $algorithm = $this->publicKeyStorage->getEncryptionAlgorithm($client_id);
- $hash_algorithm = 'sha' . substr($algorithm, 2);
- $hash = hash($hash_algorithm, $access_token, true);
- $at_hash = substr($hash, 0, strlen($hash) / 2);
-
- return $this->encryptionUtil->urlSafeB64Encode($at_hash);
- }
-
- protected function encodeToken(array $token, $client_id = null)
- {
- $private_key = $this->publicKeyStorage->getPrivateKey($client_id);
- $algorithm = $this->publicKeyStorage->getEncryptionAlgorithm($client_id);
-
- return $this->encryptionUtil->encode($token, $private_key, $algorithm);
- }
-
- private function getUserIdAndAuthTime($userInfo)
- {
- $auth_time = null;
-
- // support an array for user_id / auth_time
- if (is_array($userInfo)) {
- if (!isset($userInfo['user_id'])) {
- throw new \LogicException('if $user_id argument is an array, user_id index must be set');
- }
-
- $auth_time = isset($userInfo['auth_time']) ? $userInfo['auth_time'] : null;
- $user_id = $userInfo['user_id'];
- } else {
- $user_id = $userInfo;
- }
-
- if (is_null($auth_time)) {
- $auth_time = time();
- }
-
- // userInfo is a scalar, and so this is the $user_id. Auth Time is null
- return array($user_id, $auth_time);
- }
-}
diff --git a/library/oauth2/src/OAuth2/OpenID/ResponseType/IdTokenInterface.php b/library/oauth2/src/OAuth2/OpenID/ResponseType/IdTokenInterface.php
deleted file mode 100644
index 0bd2f8391..000000000
--- a/library/oauth2/src/OAuth2/OpenID/ResponseType/IdTokenInterface.php
+++ /dev/null
@@ -1,29 +0,0 @@
-<?php
-
-namespace OAuth2\OpenID\ResponseType;
-
-use OAuth2\ResponseType\ResponseTypeInterface;
-
-interface IdTokenInterface extends ResponseTypeInterface
-{
- /**
- * Create the id token.
- *
- * If Authorization Code Flow is used, the id_token is generated when the
- * authorization code is issued, and later returned from the token endpoint
- * together with the access_token.
- * If the Implicit Flow is used, the token and id_token are generated and
- * returned together.
- *
- * @param string $client_id The client id.
- * @param string $user_id The user id.
- * @param string $nonce OPTIONAL The nonce.
- * @param string $userClaims OPTIONAL Claims about the user.
- * @param string $access_token OPTIONAL The access token, if known.
- *
- * @return string The ID Token represented as a JSON Web Token (JWT).
- *
- * @see http://openid.net/specs/openid-connect-core-1_0.html#IDToken
- */
- public function createIdToken($client_id, $userInfo, $nonce = null, $userClaims = null, $access_token = null);
-}
diff --git a/library/oauth2/src/OAuth2/OpenID/ResponseType/IdTokenToken.php b/library/oauth2/src/OAuth2/OpenID/ResponseType/IdTokenToken.php
deleted file mode 100644
index f0c59799b..000000000
--- a/library/oauth2/src/OAuth2/OpenID/ResponseType/IdTokenToken.php
+++ /dev/null
@@ -1,27 +0,0 @@
-<?php
-
-namespace OAuth2\OpenID\ResponseType;
-
-use OAuth2\ResponseType\AccessTokenInterface;
-
-class IdTokenToken implements IdTokenTokenInterface
-{
- protected $accessToken;
- protected $idToken;
-
- public function __construct(AccessTokenInterface $accessToken, IdTokenInterface $idToken)
- {
- $this->accessToken = $accessToken;
- $this->idToken = $idToken;
- }
-
- public function getAuthorizeResponse($params, $user_id = null)
- {
- $result = $this->accessToken->getAuthorizeResponse($params, $user_id);
- $access_token = $result[1]['fragment']['access_token'];
- $id_token = $this->idToken->createIdToken($params['client_id'], $user_id, $params['nonce'], null, $access_token);
- $result[1]['fragment']['id_token'] = $id_token;
-
- return $result;
- }
-}
diff --git a/library/oauth2/src/OAuth2/OpenID/ResponseType/IdTokenTokenInterface.php b/library/oauth2/src/OAuth2/OpenID/ResponseType/IdTokenTokenInterface.php
deleted file mode 100644
index ac13e2032..000000000
--- a/library/oauth2/src/OAuth2/OpenID/ResponseType/IdTokenTokenInterface.php
+++ /dev/null
@@ -1,9 +0,0 @@
-<?php
-
-namespace OAuth2\OpenID\ResponseType;
-
-use OAuth2\ResponseType\ResponseTypeInterface;
-
-interface IdTokenTokenInterface extends ResponseTypeInterface
-{
-}
diff --git a/library/oauth2/src/OAuth2/OpenID/Storage/AuthorizationCodeInterface.php b/library/oauth2/src/OAuth2/OpenID/Storage/AuthorizationCodeInterface.php
deleted file mode 100644
index 51dd867ec..000000000
--- a/library/oauth2/src/OAuth2/OpenID/Storage/AuthorizationCodeInterface.php
+++ /dev/null
@@ -1,37 +0,0 @@
-<?php
-
-namespace OAuth2\OpenID\Storage;
-
-use OAuth2\Storage\AuthorizationCodeInterface as BaseAuthorizationCodeInterface;
-/**
- * Implement this interface to specify where the OAuth2 Server
- * should get/save authorization codes for the "Authorization Code"
- * grant type
- *
- * @author Brent Shaffer <bshafs at gmail dot com>
- */
-interface AuthorizationCodeInterface extends BaseAuthorizationCodeInterface
-{
- /**
- * Take the provided authorization code values and store them somewhere.
- *
- * This function should be the storage counterpart to getAuthCode().
- *
- * If storage fails for some reason, we're not currently checking for
- * any sort of success/failure, so you should bail out of the script
- * and provide a descriptive fail message.
- *
- * Required for OAuth2::GRANT_TYPE_AUTH_CODE.
- *
- * @param $code authorization code to be stored.
- * @param $client_id client identifier to be stored.
- * @param $user_id user identifier to be stored.
- * @param string $redirect_uri redirect URI(s) to be stored in a space-separated string.
- * @param int $expires expiration to be stored as a Unix timestamp.
- * @param string $scope OPTIONAL scopes to be stored in space-separated string.
- * @param string $id_token OPTIONAL the OpenID Connect id_token.
- *
- * @ingroup oauth2_section_4
- */
- public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null);
-}
diff --git a/library/oauth2/src/OAuth2/OpenID/Storage/UserClaimsInterface.php b/library/oauth2/src/OAuth2/OpenID/Storage/UserClaimsInterface.php
deleted file mode 100644
index f230bef9e..000000000
--- a/library/oauth2/src/OAuth2/OpenID/Storage/UserClaimsInterface.php
+++ /dev/null
@@ -1,38 +0,0 @@
-<?php
-
-namespace OAuth2\OpenID\Storage;
-
-/**
- * Implement this interface to specify where the OAuth2 Server
- * should retrieve user claims for the OpenID Connect id_token.
- */
-interface UserClaimsInterface
-{
- // valid scope values to pass into the user claims API call
- const VALID_CLAIMS = 'profile email address phone';
-
- // fields returned for the claims above
- const PROFILE_CLAIM_VALUES = 'name family_name given_name middle_name nickname preferred_username profile picture website gender birthdate zoneinfo locale updated_at';
- const EMAIL_CLAIM_VALUES = 'email email_verified';
- const ADDRESS_CLAIM_VALUES = 'formatted street_address locality region postal_code country';
- const PHONE_CLAIM_VALUES = 'phone_number phone_number_verified';
-
- /**
- * Return claims about the provided user id.
- *
- * Groups of claims are returned based on the requested scopes. No group
- * is required, and no claim is required.
- *
- * @param $user_id
- * The id of the user for which claims should be returned.
- * @param $scope
- * The requested scope.
- * Scopes with matching claims: profile, email, address, phone.
- *
- * @return
- * An array in the claim => value format.
- *
- * @see http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims
- */
- public function getUserClaims($user_id, $scope);
-}
diff --git a/library/oauth2/src/OAuth2/Request.php b/library/oauth2/src/OAuth2/Request.php
deleted file mode 100644
index c92cee821..000000000
--- a/library/oauth2/src/OAuth2/Request.php
+++ /dev/null
@@ -1,213 +0,0 @@
-<?php
-
-namespace OAuth2;
-
-/**
- * OAuth2\Request
- * This class is taken from the Symfony2 Framework and is part of the Symfony package.
- * See Symfony\Component\HttpFoundation\Request (https://github.com/symfony/symfony)
- */
-class Request implements RequestInterface
-{
- public $attributes;
- public $request;
- public $query;
- public $server;
- public $files;
- public $cookies;
- public $headers;
- public $content;
-
- /**
- * Constructor.
- *
- * @param array $query The GET parameters
- * @param array $request The POST parameters
- * @param array $attributes The request attributes (parameters parsed from the PATH_INFO, ...)
- * @param array $cookies The COOKIE parameters
- * @param array $files The FILES parameters
- * @param array $server The SERVER parameters
- * @param string $content The raw body data
- *
- * @api
- */
- public function __construct(array $query = array(), array $request = array(), array $attributes = array(), array $cookies = array(), array $files = array(), array $server = array(), $content = null, array $headers = null)
- {
- $this->initialize($query, $request, $attributes, $cookies, $files, $server, $content, $headers);
- }
-
- /**
- * Sets the parameters for this request.
- *
- * This method also re-initializes all properties.
- *
- * @param array $query The GET parameters
- * @param array $request The POST parameters
- * @param array $attributes The request attributes (parameters parsed from the PATH_INFO, ...)
- * @param array $cookies The COOKIE parameters
- * @param array $files The FILES parameters
- * @param array $server The SERVER parameters
- * @param string $content The raw body data
- *
- * @api
- */
- public function initialize(array $query = array(), array $request = array(), array $attributes = array(), array $cookies = array(), array $files = array(), array $server = array(), $content = null, array $headers = null)
- {
- $this->request = $request;
- $this->query = $query;
- $this->attributes = $attributes;
- $this->cookies = $cookies;
- $this->files = $files;
- $this->server = $server;
- $this->content = $content;
- $this->headers = is_null($headers) ? $this->getHeadersFromServer($this->server) : $headers;
- }
-
- public function query($name, $default = null)
- {
- return isset($this->query[$name]) ? $this->query[$name] : $default;
- }
-
- public function request($name, $default = null)
- {
- return isset($this->request[$name]) ? $this->request[$name] : $default;
- }
-
- public function server($name, $default = null)
- {
- return isset($this->server[$name]) ? $this->server[$name] : $default;
- }
-
- public function headers($name, $default = null)
- {
- $headers = array_change_key_case($this->headers);
- $name = strtolower($name);
-
- return isset($headers[$name]) ? $headers[$name] : $default;
- }
-
- public function getAllQueryParameters()
- {
- return $this->query;
- }
-
- /**
- * Returns the request body content.
- *
- * @param Boolean $asResource If true, a resource will be returned
- *
- * @return string|resource The request body content or a resource to read the body stream.
- */
- public function getContent($asResource = false)
- {
- if (false === $this->content || (true === $asResource && null !== $this->content)) {
- throw new \LogicException('getContent() can only be called once when using the resource return type.');
- }
-
- if (true === $asResource) {
- $this->content = false;
-
- return fopen('php://input', 'rb');
- }
-
- if (null === $this->content) {
- $this->content = file_get_contents('php://input');
- }
-
- return $this->content;
- }
-
- private function getHeadersFromServer($server)
- {
- $headers = array();
- foreach ($server as $key => $value) {
- if (0 === strpos($key, 'HTTP_')) {
- $headers[substr($key, 5)] = $value;
- }
- // CONTENT_* are not prefixed with HTTP_
- elseif (in_array($key, array('CONTENT_LENGTH', 'CONTENT_MD5', 'CONTENT_TYPE'))) {
- $headers[$key] = $value;
- }
- }
-
- if (isset($server['PHP_AUTH_USER'])) {
- $headers['PHP_AUTH_USER'] = $server['PHP_AUTH_USER'];
- $headers['PHP_AUTH_PW'] = isset($server['PHP_AUTH_PW']) ? $server['PHP_AUTH_PW'] : '';
- } else {
- /*
- * php-cgi under Apache does not pass HTTP Basic user/pass to PHP by default
- * For this workaround to work, add this line to your .htaccess file:
- * RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
- *
- * A sample .htaccess file:
- * RewriteEngine On
- * RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
- * RewriteCond %{REQUEST_FILENAME} !-f
- * RewriteRule ^(.*)$ app.php [QSA,L]
- */
-
- $authorizationHeader = null;
- if (isset($server['HTTP_AUTHORIZATION'])) {
- $authorizationHeader = $server['HTTP_AUTHORIZATION'];
- } elseif (isset($server['REDIRECT_HTTP_AUTHORIZATION'])) {
- $authorizationHeader = $server['REDIRECT_HTTP_AUTHORIZATION'];
- } elseif (function_exists('apache_request_headers')) {
- $requestHeaders = (array) apache_request_headers();
-
- // Server-side fix for bug in old Android versions (a nice side-effect of this fix means we don't care about capitalization for Authorization)
- $requestHeaders = array_combine(array_map('ucwords', array_keys($requestHeaders)), array_values($requestHeaders));
-
- if (isset($requestHeaders['Authorization'])) {
- $authorizationHeader = trim($requestHeaders['Authorization']);
- }
- }
-
- if (null !== $authorizationHeader) {
- $headers['AUTHORIZATION'] = $authorizationHeader;
- // Decode AUTHORIZATION header into PHP_AUTH_USER and PHP_AUTH_PW when authorization header is basic
- if (0 === stripos($authorizationHeader, 'basic')) {
- $exploded = explode(':', base64_decode(substr($authorizationHeader, 6)));
- if (count($exploded) == 2) {
- list($headers['PHP_AUTH_USER'], $headers['PHP_AUTH_PW']) = $exploded;
- }
- }
- }
- }
-
- // PHP_AUTH_USER/PHP_AUTH_PW
- if (isset($headers['PHP_AUTH_USER'])) {
- $headers['AUTHORIZATION'] = 'Basic '.base64_encode($headers['PHP_AUTH_USER'].':'.$headers['PHP_AUTH_PW']);
- }
-
- return $headers;
- }
-
- /**
- * Creates a new request with values from PHP's super globals.
- *
- * @return Request A new request
- *
- * @api
- */
- public static function createFromGlobals()
- {
- $class = get_called_class();
- $request = new $class($_GET, $_POST, array(), $_COOKIE, $_FILES, $_SERVER);
-
- $contentType = $request->server('CONTENT_TYPE', '');
- $requestMethod = $request->server('REQUEST_METHOD', 'GET');
- if (0 === strpos($contentType, 'application/x-www-form-urlencoded')
- && in_array(strtoupper($requestMethod), array('PUT', 'DELETE'))
- ) {
- parse_str($request->getContent(), $data);
- $request->request = $data;
- } elseif (0 === strpos($contentType, 'application/json')
- && in_array(strtoupper($requestMethod), array('POST', 'PUT', 'DELETE'))
- ) {
- $data = json_decode($request->getContent(), true);
- $request->request = $data;
- }
-
- return $request;
- }
-}
diff --git a/library/oauth2/src/OAuth2/RequestInterface.php b/library/oauth2/src/OAuth2/RequestInterface.php
deleted file mode 100644
index 8a70d5fad..000000000
--- a/library/oauth2/src/OAuth2/RequestInterface.php
+++ /dev/null
@@ -1,16 +0,0 @@
-<?php
-
-namespace OAuth2;
-
-interface RequestInterface
-{
- public function query($name, $default = null);
-
- public function request($name, $default = null);
-
- public function server($name, $default = null);
-
- public function headers($name, $default = null);
-
- public function getAllQueryParameters();
-}
diff --git a/library/oauth2/src/OAuth2/Response.php b/library/oauth2/src/OAuth2/Response.php
deleted file mode 100644
index d8eabe79e..000000000
--- a/library/oauth2/src/OAuth2/Response.php
+++ /dev/null
@@ -1,369 +0,0 @@
-<?php
-
-namespace OAuth2;
-
-/**
- * Class to handle OAuth2 Responses in a graceful way. Use this interface
- * to output the proper OAuth2 responses.
- *
- * @see OAuth2\ResponseInterface
- *
- * This class borrows heavily from the Symfony2 Framework and is part of the symfony package
- * @see Symfony\Component\HttpFoundation\Request (https://github.com/symfony/symfony)
- */
-class Response implements ResponseInterface
-{
- public $version;
- protected $statusCode = 200;
- protected $statusText;
- protected $parameters = array();
- protected $httpHeaders = array();
-
- public static $statusTexts = array(
- 100 => 'Continue',
- 101 => 'Switching Protocols',
- 200 => 'OK',
- 201 => 'Created',
- 202 => 'Accepted',
- 203 => 'Non-Authoritative Information',
- 204 => 'No Content',
- 205 => 'Reset Content',
- 206 => 'Partial Content',
- 300 => 'Multiple Choices',
- 301 => 'Moved Permanently',
- 302 => 'Found',
- 303 => 'See Other',
- 304 => 'Not Modified',
- 305 => 'Use Proxy',
- 307 => 'Temporary Redirect',
- 400 => 'Bad Request',
- 401 => 'Unauthorized',
- 402 => 'Payment Required',
- 403 => 'Forbidden',
- 404 => 'Not Found',
- 405 => 'Method Not Allowed',
- 406 => 'Not Acceptable',
- 407 => 'Proxy Authentication Required',
- 408 => 'Request Timeout',
- 409 => 'Conflict',
- 410 => 'Gone',
- 411 => 'Length Required',
- 412 => 'Precondition Failed',
- 413 => 'Request Entity Too Large',
- 414 => 'Request-URI Too Long',
- 415 => 'Unsupported Media Type',
- 416 => 'Requested Range Not Satisfiable',
- 417 => 'Expectation Failed',
- 418 => 'I\'m a teapot',
- 500 => 'Internal Server Error',
- 501 => 'Not Implemented',
- 502 => 'Bad Gateway',
- 503 => 'Service Unavailable',
- 504 => 'Gateway Timeout',
- 505 => 'HTTP Version Not Supported',
- );
-
- public function __construct($parameters = array(), $statusCode = 200, $headers = array())
- {
- $this->setParameters($parameters);
- $this->setStatusCode($statusCode);
- $this->setHttpHeaders($headers);
- $this->version = '1.1';
- }
-
- /**
- * Converts the response object to string containing all headers and the response content.
- *
- * @return string The response with headers and content
- */
- public function __toString()
- {
- $headers = array();
- foreach ($this->httpHeaders as $name => $value) {
- $headers[$name] = (array) $value;
- }
-
- return
- sprintf('HTTP/%s %s %s', $this->version, $this->statusCode, $this->statusText)."\r\n".
- $this->getHttpHeadersAsString($headers)."\r\n".
- $this->getResponseBody();
- }
-
- /**
- * Returns the build header line.
- *
- * @param string $name The header name
- * @param string $value The header value
- *
- * @return string The built header line
- */
- protected function buildHeader($name, $value)
- {
- return sprintf("%s: %s\n", $name, $value);
- }
-
- public function getStatusCode()
- {
- return $this->statusCode;
- }
-
- public function setStatusCode($statusCode, $text = null)
- {
- $this->statusCode = (int) $statusCode;
- if ($this->isInvalid()) {
- throw new \InvalidArgumentException(sprintf('The HTTP status code "%s" is not valid.', $statusCode));
- }
-
- $this->statusText = false === $text ? '' : (null === $text ? self::$statusTexts[$this->statusCode] : $text);
- }
-
- public function getStatusText()
- {
- return $this->statusText;
- }
-
- public function getParameters()
- {
- return $this->parameters;
- }
-
- public function setParameters(array $parameters)
- {
- $this->parameters = $parameters;
- }
-
- public function addParameters(array $parameters)
- {
- $this->parameters = array_merge($this->parameters, $parameters);
- }
-
- public function getParameter($name, $default = null)
- {
- return isset($this->parameters[$name]) ? $this->parameters[$name] : $default;
- }
-
- public function setParameter($name, $value)
- {
- $this->parameters[$name] = $value;
- }
-
- public function setHttpHeaders(array $httpHeaders)
- {
- $this->httpHeaders = $httpHeaders;
- }
-
- public function setHttpHeader($name, $value)
- {
- $this->httpHeaders[$name] = $value;
- }
-
- public function addHttpHeaders(array $httpHeaders)
- {
- $this->httpHeaders = array_merge($this->httpHeaders, $httpHeaders);
- }
-
- public function getHttpHeaders()
- {
- return $this->httpHeaders;
- }
-
- public function getHttpHeader($name, $default = null)
- {
- return isset($this->httpHeaders[$name]) ? $this->httpHeaders[$name] : $default;
- }
-
- public function getResponseBody($format = 'json')
- {
- switch ($format) {
- case 'json':
- return json_encode($this->parameters);
- case 'xml':
- // this only works for single-level arrays
- $xml = new \SimpleXMLElement('<response/>');
- foreach ($this->parameters as $key => $param) {
- $xml->addChild($key, $param);
- }
-
- return $xml->asXML();
- }
-
- throw new \InvalidArgumentException(sprintf('The format %s is not supported', $format));
-
- }
-
- public function send($format = 'json')
- {
- // headers have already been sent by the developer
- if (headers_sent()) {
- return;
- }
-
- switch ($format) {
- case 'json':
- $this->setHttpHeader('Content-Type', 'application/json');
- break;
- case 'xml':
- $this->setHttpHeader('Content-Type', 'text/xml');
- break;
- }
- // status
- header(sprintf('HTTP/%s %s %s', $this->version, $this->statusCode, $this->statusText));
-
- foreach ($this->getHttpHeaders() as $name => $header) {
- header(sprintf('%s: %s', $name, $header));
- }
- echo $this->getResponseBody($format);
- }
-
- public function setError($statusCode, $error, $errorDescription = null, $errorUri = null)
- {
- $parameters = array(
- 'error' => $error,
- 'error_description' => $errorDescription,
- );
-
- if (!is_null($errorUri)) {
- if (strlen($errorUri) > 0 && $errorUri[0] == '#') {
- // we are referencing an oauth bookmark (for brevity)
- $errorUri = 'http://tools.ietf.org/html/rfc6749' . $errorUri;
- }
- $parameters['error_uri'] = $errorUri;
- }
-
- $httpHeaders = array(
- 'Cache-Control' => 'no-store'
- );
-
- $this->setStatusCode($statusCode);
- $this->addParameters($parameters);
- $this->addHttpHeaders($httpHeaders);
-
- if (!$this->isClientError() && !$this->isServerError()) {
- throw new \InvalidArgumentException(sprintf('The HTTP status code is not an error ("%s" given).', $statusCode));
- }
- }
-
- public function setRedirect($statusCode, $url, $state = null, $error = null, $errorDescription = null, $errorUri = null)
- {
- if (empty($url)) {
- throw new \InvalidArgumentException('Cannot redirect to an empty URL.');
- }
-
- $parameters = array();
-
- if (!is_null($state)) {
- $parameters['state'] = $state;
- }
-
- if (!is_null($error)) {
- $this->setError(400, $error, $errorDescription, $errorUri);
- }
- $this->setStatusCode($statusCode);
- $this->addParameters($parameters);
-
- if (count($this->parameters) > 0) {
- // add parameters to URL redirection
- $parts = parse_url($url);
- $sep = isset($parts['query']) && count($parts['query']) > 0 ? '&' : '?';
- $url .= $sep . http_build_query($this->parameters);
- }
-
- $this->addHttpHeaders(array('Location' => $url));
-
- if (!$this->isRedirection()) {
- throw new \InvalidArgumentException(sprintf('The HTTP status code is not a redirect ("%s" given).', $statusCode));
- }
- }
-
- // http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
- /**
- * @return Boolean
- *
- * @api
- */
- public function isInvalid()
- {
- return $this->statusCode < 100 || $this->statusCode >= 600;
- }
-
- /**
- * @return Boolean
- *
- * @api
- */
- public function isInformational()
- {
- return $this->statusCode >= 100 && $this->statusCode < 200;
- }
-
- /**
- * @return Boolean
- *
- * @api
- */
- public function isSuccessful()
- {
- return $this->statusCode >= 200 && $this->statusCode < 300;
- }
-
- /**
- * @return Boolean
- *
- * @api
- */
- public function isRedirection()
- {
- return $this->statusCode >= 300 && $this->statusCode < 400;
- }
-
- /**
- * @return Boolean
- *
- * @api
- */
- public function isClientError()
- {
- return $this->statusCode >= 400 && $this->statusCode < 500;
- }
-
- /**
- * @return Boolean
- *
- * @api
- */
- public function isServerError()
- {
- return $this->statusCode >= 500 && $this->statusCode < 600;
- }
-
- /*
- * Functions from Symfony2 HttpFoundation - output pretty header
- */
- private function getHttpHeadersAsString($headers)
- {
- if (count($headers) == 0) {
- return '';
- }
-
- $max = max(array_map('strlen', array_keys($headers))) + 1;
- $content = '';
- ksort($headers);
- foreach ($headers as $name => $values) {
- foreach ($values as $value) {
- $content .= sprintf("%-{$max}s %s\r\n", $this->beautifyHeaderName($name).':', $value);
- }
- }
-
- return $content;
- }
-
- private function beautifyHeaderName($name)
- {
- return preg_replace_callback('/\-(.)/', array($this, 'beautifyCallback'), ucfirst($name));
- }
-
- private function beautifyCallback($match)
- {
- return '-'.strtoupper($match[1]);
- }
-}
diff --git a/library/oauth2/src/OAuth2/ResponseInterface.php b/library/oauth2/src/OAuth2/ResponseInterface.php
deleted file mode 100644
index c99b5f7d1..000000000
--- a/library/oauth2/src/OAuth2/ResponseInterface.php
+++ /dev/null
@@ -1,24 +0,0 @@
-<?php
-
-namespace OAuth2;
-
-/**
- * Interface which represents an object response. Meant to handle and display the proper OAuth2 Responses
- * for errors and successes
- *
- * @see OAuth2\Response
- */
-interface ResponseInterface
-{
- public function addParameters(array $parameters);
-
- public function addHttpHeaders(array $httpHeaders);
-
- public function setStatusCode($statusCode);
-
- public function setError($statusCode, $name, $description = null, $uri = null);
-
- public function setRedirect($statusCode, $url, $state = null, $error = null, $errorDescription = null, $errorUri = null);
-
- public function getParameter($name);
-}
diff --git a/library/oauth2/src/OAuth2/ResponseType/AccessToken.php b/library/oauth2/src/OAuth2/ResponseType/AccessToken.php
deleted file mode 100644
index b235ad0c5..000000000
--- a/library/oauth2/src/OAuth2/ResponseType/AccessToken.php
+++ /dev/null
@@ -1,194 +0,0 @@
-<?php
-
-namespace OAuth2\ResponseType;
-
-use OAuth2\Storage\AccessTokenInterface as AccessTokenStorageInterface;
-use OAuth2\Storage\RefreshTokenInterface;
-
-/**
- *
- * @author Brent Shaffer <bshafs at gmail dot com>
- */
-class AccessToken implements AccessTokenInterface
-{
- protected $tokenStorage;
- protected $refreshStorage;
- protected $config;
-
- /**
- * @param OAuth2\Storage\AccessTokenInterface $tokenStorage REQUIRED Storage class for saving access token information
- * @param OAuth2\Storage\RefreshTokenInterface $refreshStorage OPTIONAL Storage class for saving refresh token information
- * @param array $config OPTIONAL Configuration options for the server
- * <code>
- * $config = array(
- * 'token_type' => 'bearer', // token type identifier
- * 'access_lifetime' => 3600, // time before access token expires
- * 'refresh_token_lifetime' => 1209600, // time before refresh token expires
- * );
- * </endcode>
- */
- public function __construct(AccessTokenStorageInterface $tokenStorage, RefreshTokenInterface $refreshStorage = null, array $config = array())
- {
- $this->tokenStorage = $tokenStorage;
- $this->refreshStorage = $refreshStorage;
-
- $this->config = array_merge(array(
- 'token_type' => 'bearer',
- 'access_lifetime' => 3600,
- 'refresh_token_lifetime' => 1209600,
- ), $config);
- }
-
- public function getAuthorizeResponse($params, $user_id = null)
- {
- // build the URL to redirect to
- $result = array('query' => array());
-
- $params += array('scope' => null, 'state' => null);
-
- /*
- * a refresh token MUST NOT be included in the fragment
- *
- * @see http://tools.ietf.org/html/rfc6749#section-4.2.2
- */
- $includeRefreshToken = false;
- $result["fragment"] = $this->createAccessToken($params['client_id'], $user_id, $params['scope'], $includeRefreshToken);
-
- if (isset($params['state'])) {
- $result["fragment"]["state"] = $params['state'];
- }
-
- return array($params['redirect_uri'], $result);
- }
-
- /**
- * Handle the creation of access token, also issue refresh token if supported / desirable.
- *
- * @param $client_id client identifier related to the access token.
- * @param $user_id user ID associated with the access token
- * @param $scope OPTIONAL scopes to be stored in space-separated string.
- * @param bool $includeRefreshToken if true, a new refresh_token will be added to the response
- *
- * @see http://tools.ietf.org/html/rfc6749#section-5
- * @ingroup oauth2_section_5
- */
- public function createAccessToken($client_id, $user_id, $scope = null, $includeRefreshToken = true)
- {
- $token = array(
- "access_token" => $this->generateAccessToken(),
- "expires_in" => $this->config['access_lifetime'],
- "token_type" => $this->config['token_type'],
- "scope" => $scope
- );
-
- $this->tokenStorage->setAccessToken($token["access_token"], $client_id, $user_id, $this->config['access_lifetime'] ? time() + $this->config['access_lifetime'] : null, $scope);
-
- /*
- * Issue a refresh token also, if we support them
- *
- * Refresh Tokens are considered supported if an instance of OAuth2\Storage\RefreshTokenInterface
- * is supplied in the constructor
- */
- if ($includeRefreshToken && $this->refreshStorage) {
- $token["refresh_token"] = $this->generateRefreshToken();
- $expires = 0;
- if ($this->config['refresh_token_lifetime'] > 0) {
- $expires = time() + $this->config['refresh_token_lifetime'];
- }
- $this->refreshStorage->setRefreshToken($token['refresh_token'], $client_id, $user_id, $expires, $scope);
- }
-
- return $token;
- }
-
- /**
- * Generates an unique access token.
- *
- * Implementing classes may want to override this function to implement
- * other access token generation schemes.
- *
- * @return
- * An unique access token.
- *
- * @ingroup oauth2_section_4
- */
- protected function generateAccessToken()
- {
- if (function_exists('mcrypt_create_iv')) {
- $randomData = mcrypt_create_iv(20, MCRYPT_DEV_URANDOM);
- if ($randomData !== false && strlen($randomData) === 20) {
- return bin2hex($randomData);
- }
- }
- if (function_exists('openssl_random_pseudo_bytes')) {
- $randomData = openssl_random_pseudo_bytes(20);
- if ($randomData !== false && strlen($randomData) === 20) {
- return bin2hex($randomData);
- }
- }
- if (@file_exists('/dev/urandom')) { // Get 100 bytes of random data
- $randomData = file_get_contents('/dev/urandom', false, null, 0, 20);
- if ($randomData !== false && strlen($randomData) === 20) {
- return bin2hex($randomData);
- }
- }
- // Last resort which you probably should just get rid of:
- $randomData = mt_rand() . mt_rand() . mt_rand() . mt_rand() . microtime(true) . uniqid(mt_rand(), true);
-
- return substr(hash('sha512', $randomData), 0, 40);
- }
-
- /**
- * Generates an unique refresh token
- *
- * Implementing classes may want to override this function to implement
- * other refresh token generation schemes.
- *
- * @return
- * An unique refresh.
- *
- * @ingroup oauth2_section_4
- * @see OAuth2::generateAccessToken()
- */
- protected function generateRefreshToken()
- {
- return $this->generateAccessToken(); // let's reuse the same scheme for token generation
- }
-
- /**
- * Handle the revoking of refresh tokens, and access tokens if supported / desirable
- * RFC7009 specifies that "If the server is unable to locate the token using
- * the given hint, it MUST extend its search across all of its supported token types"
- *
- * @param $token
- * @param null $tokenTypeHint
- * @return boolean
- */
- public function revokeToken($token, $tokenTypeHint = null)
- {
- if ($tokenTypeHint == 'refresh_token') {
- if ($this->refreshStorage && $revoked = $this->refreshStorage->unsetRefreshToken($token)) {
- return true;
- }
- }
-
- /** @TODO remove in v2 */
- if (!method_exists($this->tokenStorage, 'unsetAccessToken')) {
- throw new \RuntimeException(
- sprintf('Token storage %s must implement unsetAccessToken method', get_class($this->tokenStorage)
- ));
- }
-
- $revoked = $this->tokenStorage->unsetAccessToken($token);
-
- // if a typehint is supplied and fails, try other storages
- // @see https://tools.ietf.org/html/rfc7009#section-2.1
- if (!$revoked && $tokenTypeHint != 'refresh_token') {
- if ($this->refreshStorage) {
- $revoked = $this->refreshStorage->unsetRefreshToken($token);
- }
- }
-
- return $revoked;
- }
-}
diff --git a/library/oauth2/src/OAuth2/ResponseType/AccessTokenInterface.php b/library/oauth2/src/OAuth2/ResponseType/AccessTokenInterface.php
deleted file mode 100644
index 4bd3928d8..000000000
--- a/library/oauth2/src/OAuth2/ResponseType/AccessTokenInterface.php
+++ /dev/null
@@ -1,34 +0,0 @@
-<?php
-
-namespace OAuth2\ResponseType;
-
-/**
- *
- * @author Brent Shaffer <bshafs at gmail dot com>
- */
-interface AccessTokenInterface extends ResponseTypeInterface
-{
- /**
- * Handle the creation of access token, also issue refresh token if supported / desirable.
- *
- * @param $client_id client identifier related to the access token.
- * @param $user_id user ID associated with the access token
- * @param $scope OPTONAL scopes to be stored in space-separated string.
- * @param bool $includeRefreshToken if true, a new refresh_token will be added to the response
- *
- * @see http://tools.ietf.org/html/rfc6749#section-5
- * @ingroup oauth2_section_5
- */
- public function createAccessToken($client_id, $user_id, $scope = null, $includeRefreshToken = true);
-
- /**
- * Handle the revoking of refresh tokens, and access tokens if supported / desirable
- *
- * @param $token
- * @param $tokenTypeHint
- * @return mixed
- *
- * @todo v2.0 include this method in interface. Omitted to maintain BC in v1.x
- */
- //public function revokeToken($token, $tokenTypeHint);
-}
diff --git a/library/oauth2/src/OAuth2/ResponseType/AuthorizationCode.php b/library/oauth2/src/OAuth2/ResponseType/AuthorizationCode.php
deleted file mode 100644
index 6a305fd75..000000000
--- a/library/oauth2/src/OAuth2/ResponseType/AuthorizationCode.php
+++ /dev/null
@@ -1,100 +0,0 @@
-<?php
-
-namespace OAuth2\ResponseType;
-
-use OAuth2\Storage\AuthorizationCodeInterface as AuthorizationCodeStorageInterface;
-
-/**
- *
- * @author Brent Shaffer <bshafs at gmail dot com>
- */
-class AuthorizationCode implements AuthorizationCodeInterface
-{
- protected $storage;
- protected $config;
-
- public function __construct(AuthorizationCodeStorageInterface $storage, array $config = array())
- {
- $this->storage = $storage;
- $this->config = array_merge(array(
- 'enforce_redirect' => false,
- 'auth_code_lifetime' => 30,
- ), $config);
- }
-
- public function getAuthorizeResponse($params, $user_id = null)
- {
- // build the URL to redirect to
- $result = array('query' => array());
-
- $params += array('scope' => null, 'state' => null);
-
- $result['query']['code'] = $this->createAuthorizationCode($params['client_id'], $user_id, $params['redirect_uri'], $params['scope']);
-
- if (isset($params['state'])) {
- $result['query']['state'] = $params['state'];
- }
-
- return array($params['redirect_uri'], $result);
- }
-
- /**
- * Handle the creation of the authorization code.
- *
- * @param $client_id
- * Client identifier related to the authorization code
- * @param $user_id
- * User ID associated with the authorization code
- * @param $redirect_uri
- * An absolute URI to which the authorization server will redirect the
- * user-agent to when the end-user authorization step is completed.
- * @param $scope
- * (optional) Scopes to be stored in space-separated string.
- *
- * @see http://tools.ietf.org/html/rfc6749#section-4
- * @ingroup oauth2_section_4
- */
- public function createAuthorizationCode($client_id, $user_id, $redirect_uri, $scope = null)
- {
- $code = $this->generateAuthorizationCode();
- $this->storage->setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, time() + $this->config['auth_code_lifetime'], $scope);
-
- return $code;
- }
-
- /**
- * @return
- * TRUE if the grant type requires a redirect_uri, FALSE if not
- */
- public function enforceRedirect()
- {
- return $this->config['enforce_redirect'];
- }
-
- /**
- * Generates an unique auth code.
- *
- * Implementing classes may want to override this function to implement
- * other auth code generation schemes.
- *
- * @return
- * An unique auth code.
- *
- * @ingroup oauth2_section_4
- */
- protected function generateAuthorizationCode()
- {
- $tokenLen = 40;
- if (function_exists('mcrypt_create_iv')) {
- $randomData = mcrypt_create_iv(100, MCRYPT_DEV_URANDOM);
- } elseif (function_exists('openssl_random_pseudo_bytes')) {
- $randomData = openssl_random_pseudo_bytes(100);
- } elseif (@file_exists('/dev/urandom')) { // Get 100 bytes of random data
- $randomData = file_get_contents('/dev/urandom', false, null, 0, 100) . uniqid(mt_rand(), true);
- } else {
- $randomData = mt_rand() . mt_rand() . mt_rand() . mt_rand() . microtime(true) . uniqid(mt_rand(), true);
- }
-
- return substr(hash('sha512', $randomData), 0, $tokenLen);
- }
-}
diff --git a/library/oauth2/src/OAuth2/ResponseType/AuthorizationCodeInterface.php b/library/oauth2/src/OAuth2/ResponseType/AuthorizationCodeInterface.php
deleted file mode 100644
index df777e221..000000000
--- a/library/oauth2/src/OAuth2/ResponseType/AuthorizationCodeInterface.php
+++ /dev/null
@@ -1,30 +0,0 @@
-<?php
-
-namespace OAuth2\ResponseType;
-
-/**
- *
- * @author Brent Shaffer <bshafs at gmail dot com>
- */
-interface AuthorizationCodeInterface extends ResponseTypeInterface
-{
- /**
- * @return
- * TRUE if the grant type requires a redirect_uri, FALSE if not
- */
- public function enforceRedirect();
-
- /**
- * Handle the creation of the authorization code.
- *
- * @param $client_id client identifier related to the authorization code
- * @param $user_id user id associated with the authorization code
- * @param $redirect_uri an absolute URI to which the authorization server will redirect the
- * user-agent to when the end-user authorization step is completed.
- * @param $scope OPTIONAL scopes to be stored in space-separated string.
- *
- * @see http://tools.ietf.org/html/rfc6749#section-4
- * @ingroup oauth2_section_4
- */
- public function createAuthorizationCode($client_id, $user_id, $redirect_uri, $scope = null);
-}
diff --git a/library/oauth2/src/OAuth2/ResponseType/JwtAccessToken.php b/library/oauth2/src/OAuth2/ResponseType/JwtAccessToken.php
deleted file mode 100644
index 3942fe41e..000000000
--- a/library/oauth2/src/OAuth2/ResponseType/JwtAccessToken.php
+++ /dev/null
@@ -1,124 +0,0 @@
-<?php
-
-namespace OAuth2\ResponseType;
-
-use OAuth2\Encryption\EncryptionInterface;
-use OAuth2\Encryption\Jwt;
-use OAuth2\Storage\AccessTokenInterface as AccessTokenStorageInterface;
-use OAuth2\Storage\RefreshTokenInterface;
-use OAuth2\Storage\PublicKeyInterface;
-use OAuth2\Storage\Memory;
-
-/**
- *
- * @author Brent Shaffer <bshafs at gmail dot com>
- */
-class JwtAccessToken extends AccessToken
-{
- protected $publicKeyStorage;
- protected $encryptionUtil;
-
- /**
- * @param $config
- * - store_encrypted_token_string (bool true)
- * whether the entire encrypted string is stored,
- * or just the token ID is stored
- */
- public function __construct(PublicKeyInterface $publicKeyStorage = null, AccessTokenStorageInterface $tokenStorage = null, RefreshTokenInterface $refreshStorage = null, array $config = array(), EncryptionInterface $encryptionUtil = null)
- {
- $this->publicKeyStorage = $publicKeyStorage;
- $config = array_merge(array(
- 'store_encrypted_token_string' => true,
- 'issuer' => ''
- ), $config);
- if (is_null($tokenStorage)) {
- // a pass-thru, so we can call the parent constructor
- $tokenStorage = new Memory();
- }
- if (is_null($encryptionUtil)) {
- $encryptionUtil = new Jwt();
- }
- $this->encryptionUtil = $encryptionUtil;
- parent::__construct($tokenStorage, $refreshStorage, $config);
- }
-
- /**
- * Handle the creation of access token, also issue refresh token if supported / desirable.
- *
- * @param $client_id
- * Client identifier related to the access token.
- * @param $user_id
- * User ID associated with the access token
- * @param $scope
- * (optional) Scopes to be stored in space-separated string.
- * @param bool $includeRefreshToken
- * If true, a new refresh_token will be added to the response
- *
- * @see http://tools.ietf.org/html/rfc6749#section-5
- * @ingroup oauth2_section_5
- */
- public function createAccessToken($client_id, $user_id, $scope = null, $includeRefreshToken = true)
- {
- // token to encrypt
- $expires = time() + $this->config['access_lifetime'];
- $id = $this->generateAccessToken();
- $jwtAccessToken = array(
- 'id' => $id, // for BC (see #591)
- 'jti' => $id,
- 'iss' => $this->config['issuer'],
- 'aud' => $client_id,
- 'sub' => $user_id,
- 'exp' => $expires,
- 'iat' => time(),
- 'token_type' => $this->config['token_type'],
- 'scope' => $scope
- );
-
- /*
- * Encode the token data into a single access_token string
- */
- $access_token = $this->encodeToken($jwtAccessToken, $client_id);
-
- /*
- * Save the token to a secondary storage. This is implemented on the
- * OAuth2\Storage\JwtAccessToken side, and will not actually store anything,
- * if no secondary storage has been supplied
- */
- $token_to_store = $this->config['store_encrypted_token_string'] ? $access_token : $jwtAccessToken['id'];
- $this->tokenStorage->setAccessToken($token_to_store, $client_id, $user_id, $this->config['access_lifetime'] ? time() + $this->config['access_lifetime'] : null, $scope);
-
- // token to return to the client
- $token = array(
- 'access_token' => $access_token,
- 'expires_in' => $this->config['access_lifetime'],
- 'token_type' => $this->config['token_type'],
- 'scope' => $scope
- );
-
- /*
- * Issue a refresh token also, if we support them
- *
- * Refresh Tokens are considered supported if an instance of OAuth2\Storage\RefreshTokenInterface
- * is supplied in the constructor
- */
- if ($includeRefreshToken && $this->refreshStorage) {
- $refresh_token = $this->generateRefreshToken();
- $expires = 0;
- if ($this->config['refresh_token_lifetime'] > 0) {
- $expires = time() + $this->config['refresh_token_lifetime'];
- }
- $this->refreshStorage->setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope);
- $token['refresh_token'] = $refresh_token;
- }
-
- return $token;
- }
-
- protected function encodeToken(array $token, $client_id = null)
- {
- $private_key = $this->publicKeyStorage->getPrivateKey($client_id);
- $algorithm = $this->publicKeyStorage->getEncryptionAlgorithm($client_id);
-
- return $this->encryptionUtil->encode($token, $private_key, $algorithm);
- }
-}
diff --git a/library/oauth2/src/OAuth2/ResponseType/ResponseTypeInterface.php b/library/oauth2/src/OAuth2/ResponseType/ResponseTypeInterface.php
deleted file mode 100644
index f8e26a5b0..000000000
--- a/library/oauth2/src/OAuth2/ResponseType/ResponseTypeInterface.php
+++ /dev/null
@@ -1,8 +0,0 @@
-<?php
-
-namespace OAuth2\ResponseType;
-
-interface ResponseTypeInterface
-{
- public function getAuthorizeResponse($params, $user_id = null);
-}
diff --git a/library/oauth2/src/OAuth2/Scope.php b/library/oauth2/src/OAuth2/Scope.php
deleted file mode 100644
index c44350bfd..000000000
--- a/library/oauth2/src/OAuth2/Scope.php
+++ /dev/null
@@ -1,103 +0,0 @@
-<?php
-
-namespace OAuth2;
-
-use OAuth2\Storage\Memory;
-use OAuth2\Storage\ScopeInterface as ScopeStorageInterface;
-
-/**
-* @see OAuth2\ScopeInterface
-*/
-class Scope implements ScopeInterface
-{
- protected $storage;
-
- /**
- * @param mixed @storage
- * Either an array of supported scopes, or an instance of OAuth2\Storage\ScopeInterface
- */
- public function __construct($storage = null)
- {
- if (is_null($storage) || is_array($storage)) {
- $storage = new Memory((array) $storage);
- }
-
- if (!$storage instanceof ScopeStorageInterface) {
- throw new \InvalidArgumentException("Argument 1 to OAuth2\Scope must be null, an array, or instance of OAuth2\Storage\ScopeInterface");
- }
-
- $this->storage = $storage;
- }
-
- /**
- * Check if everything in required scope is contained in available scope.
- *
- * @param $required_scope
- * A space-separated string of scopes.
- *
- * @return
- * TRUE if everything in required scope is contained in available scope,
- * and FALSE if it isn't.
- *
- * @see http://tools.ietf.org/html/rfc6749#section-7
- *
- * @ingroup oauth2_section_7
- */
- public function checkScope($required_scope, $available_scope)
- {
- $required_scope = explode(' ', trim($required_scope));
- $available_scope = explode(' ', trim($available_scope));
-
- return (count(array_diff($required_scope, $available_scope)) == 0);
- }
-
- /**
- * Check if the provided scope exists in storage.
- *
- * @param $scope
- * A space-separated string of scopes.
- *
- * @return
- * TRUE if it exists, FALSE otherwise.
- */
- public function scopeExists($scope)
- {
- // Check reserved scopes first.
- $scope = explode(' ', trim($scope));
- $reservedScope = $this->getReservedScopes();
- $nonReservedScopes = array_diff($scope, $reservedScope);
- if (count($nonReservedScopes) == 0) {
- return true;
- } else {
- // Check the storage for non-reserved scopes.
- $nonReservedScopes = implode(' ', $nonReservedScopes);
-
- return $this->storage->scopeExists($nonReservedScopes);
- }
- }
-
- public function getScopeFromRequest(RequestInterface $request)
- {
- // "scope" is valid if passed in either POST or QUERY
- return $request->request('scope', $request->query('scope'));
- }
-
- public function getDefaultScope($client_id = null)
- {
- return $this->storage->getDefaultScope($client_id);
- }
-
- /**
- * Get reserved scopes needed by the server.
- *
- * In case OpenID Connect is used, these scopes must include:
- * 'openid', offline_access'.
- *
- * @return
- * An array of reserved scopes.
- */
- public function getReservedScopes()
- {
- return array('openid', 'offline_access');
- }
-}
diff --git a/library/oauth2/src/OAuth2/ScopeInterface.php b/library/oauth2/src/OAuth2/ScopeInterface.php
deleted file mode 100644
index 5b60f9aee..000000000
--- a/library/oauth2/src/OAuth2/ScopeInterface.php
+++ /dev/null
@@ -1,40 +0,0 @@
-<?php
-
-namespace OAuth2;
-
-use OAuth2\Storage\ScopeInterface as ScopeStorageInterface;
-
-/**
- * Class to handle scope implementation logic
- *
- * @see OAuth2\Storage\ScopeInterface
- */
-interface ScopeInterface extends ScopeStorageInterface
-{
- /**
- * Check if everything in required scope is contained in available scope.
- *
- * @param $required_scope
- * A space-separated string of scopes.
- *
- * @return
- * TRUE if everything in required scope is contained in available scope,
- * and FALSE if it isn't.
- *
- * @see http://tools.ietf.org/html/rfc6749#section-7
- *
- * @ingroup oauth2_section_7
- */
- public function checkScope($required_scope, $available_scope);
-
- /**
- * Return scope info from request
- *
- * @param OAuth2\RequestInterface
- * Request object to check
- *
- * @return
- * string representation of requested scope
- */
- public function getScopeFromRequest(RequestInterface $request);
-}
diff --git a/library/oauth2/src/OAuth2/Server.php b/library/oauth2/src/OAuth2/Server.php
deleted file mode 100644
index 171a4f069..000000000
--- a/library/oauth2/src/OAuth2/Server.php
+++ /dev/null
@@ -1,832 +0,0 @@
-<?php
-
-namespace OAuth2;
-
-use OAuth2\Controller\ResourceControllerInterface;
-use OAuth2\Controller\ResourceController;
-use OAuth2\OpenID\Controller\UserInfoControllerInterface;
-use OAuth2\OpenID\Controller\UserInfoController;
-use OAuth2\OpenID\Controller\AuthorizeController as OpenIDAuthorizeController;
-use OAuth2\OpenID\ResponseType\AuthorizationCode as OpenIDAuthorizationCodeResponseType;
-use OAuth2\OpenID\Storage\AuthorizationCodeInterface as OpenIDAuthorizationCodeInterface;
-use OAuth2\OpenID\GrantType\AuthorizationCode as OpenIDAuthorizationCodeGrantType;
-use OAuth2\Controller\AuthorizeControllerInterface;
-use OAuth2\Controller\AuthorizeController;
-use OAuth2\Controller\TokenControllerInterface;
-use OAuth2\Controller\TokenController;
-use OAuth2\ClientAssertionType\ClientAssertionTypeInterface;
-use OAuth2\ClientAssertionType\HttpBasic;
-use OAuth2\ResponseType\ResponseTypeInterface;
-use OAuth2\ResponseType\AuthorizationCode as AuthorizationCodeResponseType;
-use OAuth2\ResponseType\AccessToken;
-use OAuth2\ResponseType\JwtAccessToken;
-use OAuth2\OpenID\ResponseType\CodeIdToken;
-use OAuth2\OpenID\ResponseType\IdToken;
-use OAuth2\OpenID\ResponseType\IdTokenToken;
-use OAuth2\TokenType\TokenTypeInterface;
-use OAuth2\TokenType\Bearer;
-use OAuth2\GrantType\GrantTypeInterface;
-use OAuth2\GrantType\UserCredentials;
-use OAuth2\GrantType\ClientCredentials;
-use OAuth2\GrantType\RefreshToken;
-use OAuth2\GrantType\AuthorizationCode;
-use OAuth2\Storage\JwtAccessToken as JwtAccessTokenStorage;
-use OAuth2\Storage\JwtAccessTokenInterface;
-
-/**
-* Server class for OAuth2
-* This class serves as a convience class which wraps the other Controller classes
-*
-* @see OAuth2\Controller\ResourceController
-* @see OAuth2\Controller\AuthorizeController
-* @see OAuth2\Controller\TokenController
-*/
-class Server implements ResourceControllerInterface,
- AuthorizeControllerInterface,
- TokenControllerInterface,
- UserInfoControllerInterface
-{
- // misc properties
- protected $response;
- protected $config;
- protected $storages;
-
- // servers
- protected $authorizeController;
- protected $tokenController;
- protected $resourceController;
- protected $userInfoController;
-
- // config classes
- protected $grantTypes;
- protected $responseTypes;
- protected $tokenType;
- protected $scopeUtil;
- protected $clientAssertionType;
-
- protected $storageMap = array(
- 'access_token' => 'OAuth2\Storage\AccessTokenInterface',
- 'authorization_code' => 'OAuth2\Storage\AuthorizationCodeInterface',
- 'client_credentials' => 'OAuth2\Storage\ClientCredentialsInterface',
- 'client' => 'OAuth2\Storage\ClientInterface',
- 'refresh_token' => 'OAuth2\Storage\RefreshTokenInterface',
- 'user_credentials' => 'OAuth2\Storage\UserCredentialsInterface',
- 'user_claims' => 'OAuth2\OpenID\Storage\UserClaimsInterface',
- 'public_key' => 'OAuth2\Storage\PublicKeyInterface',
- 'jwt_bearer' => 'OAuth2\Storage\JWTBearerInterface',
- 'scope' => 'OAuth2\Storage\ScopeInterface',
- );
-
- protected $responseTypeMap = array(
- 'token' => 'OAuth2\ResponseType\AccessTokenInterface',
- 'code' => 'OAuth2\ResponseType\AuthorizationCodeInterface',
- 'id_token' => 'OAuth2\OpenID\ResponseType\IdTokenInterface',
- 'id_token token' => 'OAuth2\OpenID\ResponseType\IdTokenTokenInterface',
- 'code id_token' => 'OAuth2\OpenID\ResponseType\CodeIdTokenInterface',
- );
-
- /**
- * @param mixed $storage (array or OAuth2\Storage) - single object or array of objects implementing the
- * required storage types (ClientCredentialsInterface and AccessTokenInterface as a minimum)
- * @param array $config specify a different token lifetime, token header name, etc
- * @param array $grantTypes An array of OAuth2\GrantType\GrantTypeInterface to use for granting access tokens
- * @param array $responseTypes Response types to use. array keys should be "code" and and "token" for
- * Access Token and Authorization Code response types
- * @param OAuth2\TokenType\TokenTypeInterface $tokenType The token type object to use. Valid token types are "bearer" and "mac"
- * @param OAuth2\ScopeInterface $scopeUtil The scope utility class to use to validate scope
- * @param OAuth2\ClientAssertionType\ClientAssertionTypeInterface $clientAssertionType The method in which to verify the client identity. Default is HttpBasic
- *
- * @ingroup oauth2_section_7
- */
- public function __construct($storage = array(), array $config = array(), array $grantTypes = array(), array $responseTypes = array(), TokenTypeInterface $tokenType = null, ScopeInterface $scopeUtil = null, ClientAssertionTypeInterface $clientAssertionType = null)
- {
- $storage = is_array($storage) ? $storage : array($storage);
- $this->storages = array();
- foreach ($storage as $key => $service) {
- $this->addStorage($service, $key);
- }
-
- // merge all config values. These get passed to our controller objects
- $this->config = array_merge(array(
- 'use_jwt_access_tokens' => false,
- 'store_encrypted_token_string' => true,
- 'use_openid_connect' => false,
- 'id_lifetime' => 3600,
- 'access_lifetime' => 3600,
- 'www_realm' => 'Service',
- 'token_param_name' => 'access_token',
- 'token_bearer_header_name' => 'Bearer',
- 'enforce_state' => true,
- 'require_exact_redirect_uri' => true,
- 'allow_implicit' => false,
- 'allow_credentials_in_request_body' => true,
- 'allow_public_clients' => true,
- 'always_issue_new_refresh_token' => false,
- 'unset_refresh_token_after_use' => true,
- ), $config);
-
- foreach ($grantTypes as $key => $grantType) {
- $this->addGrantType($grantType, $key);
- }
-
- foreach ($responseTypes as $key => $responseType) {
- $this->addResponseType($responseType, $key);
- }
-
- $this->tokenType = $tokenType;
- $this->scopeUtil = $scopeUtil;
- $this->clientAssertionType = $clientAssertionType;
-
- if ($this->config['use_openid_connect']) {
- $this->validateOpenIdConnect();
- }
- }
-
- public function getAuthorizeController()
- {
- if (is_null($this->authorizeController)) {
- $this->authorizeController = $this->createDefaultAuthorizeController();
- }
-
- return $this->authorizeController;
- }
-
- public function getTokenController()
- {
- if (is_null($this->tokenController)) {
- $this->tokenController = $this->createDefaultTokenController();
- }
-
- return $this->tokenController;
- }
-
- public function getResourceController()
- {
- if (is_null($this->resourceController)) {
- $this->resourceController = $this->createDefaultResourceController();
- }
-
- return $this->resourceController;
- }
-
- public function getUserInfoController()
- {
- if (is_null($this->userInfoController)) {
- $this->userInfoController = $this->createDefaultUserInfoController();
- }
-
- return $this->userInfoController;
- }
-
- /**
- * every getter deserves a setter
- */
- public function setAuthorizeController(AuthorizeControllerInterface $authorizeController)
- {
- $this->authorizeController = $authorizeController;
- }
-
- /**
- * every getter deserves a setter
- */
- public function setTokenController(TokenControllerInterface $tokenController)
- {
- $this->tokenController = $tokenController;
- }
-
- /**
- * every getter deserves a setter
- */
- public function setResourceController(ResourceControllerInterface $resourceController)
- {
- $this->resourceController = $resourceController;
- }
-
- /**
- * every getter deserves a setter
- */
- public function setUserInfoController(UserInfoControllerInterface $userInfoController)
- {
- $this->userInfoController = $userInfoController;
- }
-
- /**
- * Return claims about the authenticated end-user.
- * This would be called from the "/UserInfo" endpoint as defined in the spec.
- *
- * @param $request - OAuth2\RequestInterface
- * Request object to grant access token
- *
- * @param $response - OAuth2\ResponseInterface
- * Response object containing error messages (failure) or user claims (success)
- *
- * @throws InvalidArgumentException
- * @throws LogicException
- *
- * @see http://openid.net/specs/openid-connect-core-1_0.html#UserInfo
- */
- public function handleUserInfoRequest(RequestInterface $request, ResponseInterface $response = null)
- {
- $this->response = is_null($response) ? new Response() : $response;
- $this->getUserInfoController()->handleUserInfoRequest($request, $this->response);
-
- return $this->response;
- }
-
- /**
- * Grant or deny a requested access token.
- * This would be called from the "/token" endpoint as defined in the spec.
- * Obviously, you can call your endpoint whatever you want.
- *
- * @param $request - OAuth2\RequestInterface
- * Request object to grant access token
- *
- * @param $response - OAuth2\ResponseInterface
- * Response object containing error messages (failure) or access token (success)
- *
- * @throws InvalidArgumentException
- * @throws LogicException
- *
- * @see http://tools.ietf.org/html/rfc6749#section-4
- * @see http://tools.ietf.org/html/rfc6749#section-10.6
- * @see http://tools.ietf.org/html/rfc6749#section-4.1.3
- *
- * @ingroup oauth2_section_4
- */
- public function handleTokenRequest(RequestInterface $request, ResponseInterface $response = null)
- {
- $this->response = is_null($response) ? new Response() : $response;
- $this->getTokenController()->handleTokenRequest($request, $this->response);
-
- return $this->response;
- }
-
- public function grantAccessToken(RequestInterface $request, ResponseInterface $response = null)
- {
- $this->response = is_null($response) ? new Response() : $response;
- $value = $this->getTokenController()->grantAccessToken($request, $this->response);
-
- return $value;
- }
-
- /**
- * Handle a revoke token request
- * This would be called from the "/revoke" endpoint as defined in the draft Token Revocation spec
- *
- * @see https://tools.ietf.org/html/rfc7009#section-2
- *
- * @param RequestInterface $request
- * @param ResponseInterface $response
- * @return Response|ResponseInterface
- */
- public function handleRevokeRequest(RequestInterface $request, ResponseInterface $response = null)
- {
- $this->response = is_null($response) ? new Response() : $response;
- $this->getTokenController()->handleRevokeRequest($request, $this->response);
-
- return $this->response;
- }
-
- /**
- * Redirect the user appropriately after approval.
- *
- * After the user has approved or denied the resource request the
- * authorization server should call this function to redirect the user
- * appropriately.
- *
- * @param $request
- * The request should have the follow parameters set in the querystring:
- * - response_type: The requested response: an access token, an
- * authorization code, or both.
- * - client_id: The client identifier as described in Section 2.
- * - redirect_uri: An absolute URI to which the authorization server
- * will redirect the user-agent to when the end-user authorization
- * step is completed.
- * - scope: (optional) The scope of the resource request expressed as a
- * list of space-delimited strings.
- * - state: (optional) An opaque value used by the client to maintain
- * state between the request and callback.
- * @param $is_authorized
- * TRUE or FALSE depending on whether the user authorized the access.
- * @param $user_id
- * Identifier of user who authorized the client
- *
- * @see http://tools.ietf.org/html/rfc6749#section-4
- *
- * @ingroup oauth2_section_4
- */
- public function handleAuthorizeRequest(RequestInterface $request, ResponseInterface $response, $is_authorized, $user_id = null)
- {
- $this->response = $response;
- $this->getAuthorizeController()->handleAuthorizeRequest($request, $this->response, $is_authorized, $user_id);
-
- return $this->response;
- }
-
- /**
- * Pull the authorization request data out of the HTTP request.
- * - The redirect_uri is OPTIONAL as per draft 20. But your implementation can enforce it
- * by setting $config['enforce_redirect'] to true.
- * - The state is OPTIONAL but recommended to enforce CSRF. Draft 21 states, however, that
- * CSRF protection is MANDATORY. You can enforce this by setting the $config['enforce_state'] to true.
- *
- * The draft specifies that the parameters should be retrieved from GET, override the Response
- * object to change this
- *
- * @return
- * The authorization parameters so the authorization server can prompt
- * the user for approval if valid.
- *
- * @see http://tools.ietf.org/html/rfc6749#section-4.1.1
- * @see http://tools.ietf.org/html/rfc6749#section-10.12
- *
- * @ingroup oauth2_section_3
- */
- public function validateAuthorizeRequest(RequestInterface $request, ResponseInterface $response = null)
- {
- $this->response = is_null($response) ? new Response() : $response;
- $value = $this->getAuthorizeController()->validateAuthorizeRequest($request, $this->response);
-
- return $value;
- }
-
- public function verifyResourceRequest(RequestInterface $request, ResponseInterface $response = null, $scope = null)
- {
- $this->response = is_null($response) ? new Response() : $response;
- $value = $this->getResourceController()->verifyResourceRequest($request, $this->response, $scope);
-
- return $value;
- }
-
- public function getAccessTokenData(RequestInterface $request, ResponseInterface $response = null)
- {
- $this->response = is_null($response) ? new Response() : $response;
- $value = $this->getResourceController()->getAccessTokenData($request, $this->response);
-
- return $value;
- }
-
- public function addGrantType(GrantTypeInterface $grantType, $identifier = null)
- {
- if (!is_string($identifier)) {
- $identifier = $grantType->getQuerystringIdentifier();
- }
-
- $this->grantTypes[$identifier] = $grantType;
-
- // persist added grant type down to TokenController
- if (!is_null($this->tokenController)) {
- $this->getTokenController()->addGrantType($grantType, $identifier);
- }
- }
-
- /**
- * Set a storage object for the server
- *
- * @param $storage
- * An object implementing one of the Storage interfaces
- * @param $key
- * If null, the storage is set to the key of each storage interface it implements
- *
- * @see storageMap
- */
- public function addStorage($storage, $key = null)
- {
- // if explicitly set to a valid key, do not "magically" set below
- if (isset($this->storageMap[$key])) {
- if (!is_null($storage) && !$storage instanceof $this->storageMap[$key]) {
- throw new \InvalidArgumentException(sprintf('storage of type "%s" must implement interface "%s"', $key, $this->storageMap[$key]));
- }
- $this->storages[$key] = $storage;
-
- // special logic to handle "client" and "client_credentials" strangeness
- if ($key === 'client' && !isset($this->storages['client_credentials'])) {
- if ($storage instanceof \OAuth2\Storage\ClientCredentialsInterface) {
- $this->storages['client_credentials'] = $storage;
- }
- } elseif ($key === 'client_credentials' && !isset($this->storages['client'])) {
- if ($storage instanceof \OAuth2\Storage\ClientInterface) {
- $this->storages['client'] = $storage;
- }
- }
- } elseif (!is_null($key) && !is_numeric($key)) {
- throw new \InvalidArgumentException(sprintf('unknown storage key "%s", must be one of [%s]', $key, implode(', ', array_keys($this->storageMap))));
- } else {
- $set = false;
- foreach ($this->storageMap as $type => $interface) {
- if ($storage instanceof $interface) {
- $this->storages[$type] = $storage;
- $set = true;
- }
- }
-
- if (!$set) {
- throw new \InvalidArgumentException(sprintf('storage of class "%s" must implement one of [%s]', get_class($storage), implode(', ', $this->storageMap)));
- }
- }
- }
-
- public function addResponseType(ResponseTypeInterface $responseType, $key = null)
- {
- $key = $this->normalizeResponseType($key);
-
- if (isset($this->responseTypeMap[$key])) {
- if (!$responseType instanceof $this->responseTypeMap[$key]) {
- throw new \InvalidArgumentException(sprintf('responseType of type "%s" must implement interface "%s"', $key, $this->responseTypeMap[$key]));
- }
- $this->responseTypes[$key] = $responseType;
- } elseif (!is_null($key) && !is_numeric($key)) {
- throw new \InvalidArgumentException(sprintf('unknown responseType key "%s", must be one of [%s]', $key, implode(', ', array_keys($this->responseTypeMap))));
- } else {
- $set = false;
- foreach ($this->responseTypeMap as $type => $interface) {
- if ($responseType instanceof $interface) {
- $this->responseTypes[$type] = $responseType;
- $set = true;
- }
- }
-
- if (!$set) {
- throw new \InvalidArgumentException(sprintf('Unknown response type %s. Please implement one of [%s]', get_class($responseType), implode(', ', $this->responseTypeMap)));
- }
- }
- }
-
- public function getScopeUtil()
- {
- if (!$this->scopeUtil) {
- $storage = isset($this->storages['scope']) ? $this->storages['scope'] : null;
- $this->scopeUtil = new Scope($storage);
- }
-
- return $this->scopeUtil;
- }
-
- /**
- * every getter deserves a setter
- */
- public function setScopeUtil($scopeUtil)
- {
- $this->scopeUtil = $scopeUtil;
- }
-
- protected function createDefaultAuthorizeController()
- {
- if (!isset($this->storages['client'])) {
- throw new \LogicException("You must supply a storage object implementing OAuth2\Storage\ClientInterface to use the authorize server");
- }
- if (0 == count($this->responseTypes)) {
- $this->responseTypes = $this->getDefaultResponseTypes();
- }
- if ($this->config['use_openid_connect'] && !isset($this->responseTypes['id_token'])) {
- $this->responseTypes['id_token'] = $this->createDefaultIdTokenResponseType();
- if ($this->config['allow_implicit']) {
- $this->responseTypes['id_token token'] = $this->createDefaultIdTokenTokenResponseType();
- }
- }
-
- $config = array_intersect_key($this->config, array_flip(explode(' ', 'allow_implicit enforce_state require_exact_redirect_uri')));
-
- if ($this->config['use_openid_connect']) {
- return new OpenIDAuthorizeController($this->storages['client'], $this->responseTypes, $config, $this->getScopeUtil());
- }
-
- return new AuthorizeController($this->storages['client'], $this->responseTypes, $config, $this->getScopeUtil());
- }
-
- protected function createDefaultTokenController()
- {
- if (0 == count($this->grantTypes)) {
- $this->grantTypes = $this->getDefaultGrantTypes();
- }
-
- if (is_null($this->clientAssertionType)) {
- // see if HttpBasic assertion type is requred. If so, then create it from storage classes.
- foreach ($this->grantTypes as $grantType) {
- if (!$grantType instanceof ClientAssertionTypeInterface) {
- if (!isset($this->storages['client_credentials'])) {
- throw new \LogicException("You must supply a storage object implementing OAuth2\Storage\ClientCredentialsInterface to use the token server");
- }
- $config = array_intersect_key($this->config, array_flip(explode(' ', 'allow_credentials_in_request_body allow_public_clients')));
- $this->clientAssertionType = new HttpBasic($this->storages['client_credentials'], $config);
- break;
- }
- }
- }
-
- if (!isset($this->storages['client'])) {
- throw new \LogicException("You must supply a storage object implementing OAuth2\Storage\ClientInterface to use the token server");
- }
-
- $accessTokenResponseType = $this->getAccessTokenResponseType();
-
- return new TokenController($accessTokenResponseType, $this->storages['client'], $this->grantTypes, $this->clientAssertionType, $this->getScopeUtil());
- }
-
- protected function createDefaultResourceController()
- {
- if ($this->config['use_jwt_access_tokens']) {
- // overwrites access token storage with crypto token storage if "use_jwt_access_tokens" is set
- if (!isset($this->storages['access_token']) || !$this->storages['access_token'] instanceof JwtAccessTokenInterface) {
- $this->storages['access_token'] = $this->createDefaultJwtAccessTokenStorage();
- }
- } elseif (!isset($this->storages['access_token'])) {
- throw new \LogicException("You must supply a storage object implementing OAuth2\Storage\AccessTokenInterface or use JwtAccessTokens to use the resource server");
- }
-
- if (!$this->tokenType) {
- $this->tokenType = $this->getDefaultTokenType();
- }
-
- $config = array_intersect_key($this->config, array('www_realm' => ''));
-
- return new ResourceController($this->tokenType, $this->storages['access_token'], $config, $this->getScopeUtil());
- }
-
- protected function createDefaultUserInfoController()
- {
- if ($this->config['use_jwt_access_tokens']) {
- // overwrites access token storage with crypto token storage if "use_jwt_access_tokens" is set
- if (!isset($this->storages['access_token']) || !$this->storages['access_token'] instanceof JwtAccessTokenInterface) {
- $this->storages['access_token'] = $this->createDefaultJwtAccessTokenStorage();
- }
- } elseif (!isset($this->storages['access_token'])) {
- throw new \LogicException("You must supply a storage object implementing OAuth2\Storage\AccessTokenInterface or use JwtAccessTokens to use the UserInfo server");
- }
-
- if (!isset($this->storages['user_claims'])) {
- throw new \LogicException("You must supply a storage object implementing OAuth2\OpenID\Storage\UserClaimsInterface to use the UserInfo server");
- }
-
- if (!$this->tokenType) {
- $this->tokenType = $this->getDefaultTokenType();
- }
-
- $config = array_intersect_key($this->config, array('www_realm' => ''));
-
- return new UserInfoController($this->tokenType, $this->storages['access_token'], $this->storages['user_claims'], $config, $this->getScopeUtil());
- }
-
- protected function getDefaultTokenType()
- {
- $config = array_intersect_key($this->config, array_flip(explode(' ', 'token_param_name token_bearer_header_name')));
-
- return new Bearer($config);
- }
-
- protected function getDefaultResponseTypes()
- {
- $responseTypes = array();
-
- if ($this->config['allow_implicit']) {
- $responseTypes['token'] = $this->getAccessTokenResponseType();
- }
-
- if ($this->config['use_openid_connect']) {
- $responseTypes['id_token'] = $this->getIdTokenResponseType();
- if ($this->config['allow_implicit']) {
- $responseTypes['id_token token'] = $this->getIdTokenTokenResponseType();
- }
- }
-
- if (isset($this->storages['authorization_code'])) {
- $config = array_intersect_key($this->config, array_flip(explode(' ', 'enforce_redirect auth_code_lifetime')));
- if ($this->config['use_openid_connect']) {
- if (!$this->storages['authorization_code'] instanceof OpenIDAuthorizationCodeInterface) {
- throw new \LogicException("Your authorization_code storage must implement OAuth2\OpenID\Storage\AuthorizationCodeInterface to work when 'use_openid_connect' is true");
- }
- $responseTypes['code'] = new OpenIDAuthorizationCodeResponseType($this->storages['authorization_code'], $config);
- $responseTypes['code id_token'] = new CodeIdToken($responseTypes['code'], $responseTypes['id_token']);
- } else {
- $responseTypes['code'] = new AuthorizationCodeResponseType($this->storages['authorization_code'], $config);
- }
- }
-
- if (count($responseTypes) == 0) {
- throw new \LogicException("You must supply an array of response_types in the constructor or implement a OAuth2\Storage\AuthorizationCodeInterface storage object or set 'allow_implicit' to true and implement a OAuth2\Storage\AccessTokenInterface storage object");
- }
-
- return $responseTypes;
- }
-
- protected function getDefaultGrantTypes()
- {
- $grantTypes = array();
-
- if (isset($this->storages['user_credentials'])) {
- $grantTypes['password'] = new UserCredentials($this->storages['user_credentials']);
- }
-
- if (isset($this->storages['client_credentials'])) {
- $config = array_intersect_key($this->config, array('allow_credentials_in_request_body' => ''));
- $grantTypes['client_credentials'] = new ClientCredentials($this->storages['client_credentials'], $config);
- }
-
- if (isset($this->storages['refresh_token'])) {
- $config = array_intersect_key($this->config, array_flip(explode(' ', 'always_issue_new_refresh_token unset_refresh_token_after_use')));
- $grantTypes['refresh_token'] = new RefreshToken($this->storages['refresh_token'], $config);
- }
-
- if (isset($this->storages['authorization_code'])) {
- if ($this->config['use_openid_connect']) {
- if (!$this->storages['authorization_code'] instanceof OpenIDAuthorizationCodeInterface) {
- throw new \LogicException("Your authorization_code storage must implement OAuth2\OpenID\Storage\AuthorizationCodeInterface to work when 'use_openid_connect' is true");
- }
- $grantTypes['authorization_code'] = new OpenIDAuthorizationCodeGrantType($this->storages['authorization_code']);
- } else {
- $grantTypes['authorization_code'] = new AuthorizationCode($this->storages['authorization_code']);
- }
- }
-
- if (count($grantTypes) == 0) {
- throw new \LogicException("Unable to build default grant types - You must supply an array of grant_types in the constructor");
- }
-
- return $grantTypes;
- }
-
- protected function getAccessTokenResponseType()
- {
- if (isset($this->responseTypes['token'])) {
- return $this->responseTypes['token'];
- }
-
- if ($this->config['use_jwt_access_tokens']) {
- return $this->createDefaultJwtAccessTokenResponseType();
- }
-
- return $this->createDefaultAccessTokenResponseType();
- }
-
- protected function getIdTokenResponseType()
- {
- if (isset($this->responseTypes['id_token'])) {
- return $this->responseTypes['id_token'];
- }
-
- return $this->createDefaultIdTokenResponseType();
- }
-
- protected function getIdTokenTokenResponseType()
- {
- if (isset($this->responseTypes['id_token token'])) {
- return $this->responseTypes['id_token token'];
- }
-
- return $this->createDefaultIdTokenTokenResponseType();
- }
-
- /**
- * For Resource Controller
- */
- protected function createDefaultJwtAccessTokenStorage()
- {
- if (!isset($this->storages['public_key'])) {
- throw new \LogicException("You must supply a storage object implementing OAuth2\Storage\PublicKeyInterface to use crypto tokens");
- }
- $tokenStorage = null;
- if (!empty($this->config['store_encrypted_token_string']) && isset($this->storages['access_token'])) {
- $tokenStorage = $this->storages['access_token'];
- }
- // wrap the access token storage as required.
- return new JwtAccessTokenStorage($this->storages['public_key'], $tokenStorage);
- }
-
- /**
- * For Authorize and Token Controllers
- */
- protected function createDefaultJwtAccessTokenResponseType()
- {
- if (!isset($this->storages['public_key'])) {
- throw new \LogicException("You must supply a storage object implementing OAuth2\Storage\PublicKeyInterface to use crypto tokens");
- }
-
- $tokenStorage = null;
- if (isset($this->storages['access_token'])) {
- $tokenStorage = $this->storages['access_token'];
- }
-
- $refreshStorage = null;
- if (isset($this->storages['refresh_token'])) {
- $refreshStorage = $this->storages['refresh_token'];
- }
-
- $config = array_intersect_key($this->config, array_flip(explode(' ', 'store_encrypted_token_string issuer access_lifetime refresh_token_lifetime')));
-
- return new JwtAccessToken($this->storages['public_key'], $tokenStorage, $refreshStorage, $config);
- }
-
- protected function createDefaultAccessTokenResponseType()
- {
- if (!isset($this->storages['access_token'])) {
- throw new \LogicException("You must supply a response type implementing OAuth2\ResponseType\AccessTokenInterface, or a storage object implementing OAuth2\Storage\AccessTokenInterface to use the token server");
- }
-
- $refreshStorage = null;
- if (isset($this->storages['refresh_token'])) {
- $refreshStorage = $this->storages['refresh_token'];
- }
-
- $config = array_intersect_key($this->config, array_flip(explode(' ', 'access_lifetime refresh_token_lifetime')));
- $config['token_type'] = $this->tokenType ? $this->tokenType->getTokenType() : $this->getDefaultTokenType()->getTokenType();
-
- return new AccessToken($this->storages['access_token'], $refreshStorage, $config);
- }
-
- protected function createDefaultIdTokenResponseType()
- {
- if (!isset($this->storages['user_claims'])) {
- throw new \LogicException("You must supply a storage object implementing OAuth2\OpenID\Storage\UserClaimsInterface to use openid connect");
- }
- if (!isset($this->storages['public_key'])) {
- throw new \LogicException("You must supply a storage object implementing OAuth2\Storage\PublicKeyInterface to use openid connect");
- }
-
- $config = array_intersect_key($this->config, array_flip(explode(' ', 'issuer id_lifetime')));
-
- return new IdToken($this->storages['user_claims'], $this->storages['public_key'], $config);
- }
-
- protected function createDefaultIdTokenTokenResponseType()
- {
- return new IdTokenToken($this->getAccessTokenResponseType(), $this->getIdTokenResponseType());
- }
-
- protected function validateOpenIdConnect()
- {
- $authCodeGrant = $this->getGrantType('authorization_code');
- if (!empty($authCodeGrant) && !$authCodeGrant instanceof OpenIDAuthorizationCodeGrantType) {
- throw new \InvalidArgumentException('You have enabled OpenID Connect, but supplied a grant type that does not support it.');
- }
- }
-
- protected function normalizeResponseType($name)
- {
- // for multiple-valued response types - make them alphabetical
- if (!empty($name) && false !== strpos($name, ' ')) {
- $types = explode(' ', $name);
- sort($types);
- $name = implode(' ', $types);
- }
-
- return $name;
- }
-
- public function getResponse()
- {
- return $this->response;
- }
-
- public function getStorages()
- {
- return $this->storages;
- }
-
- public function getStorage($name)
- {
- return isset($this->storages[$name]) ? $this->storages[$name] : null;
- }
-
- public function getGrantTypes()
- {
- return $this->grantTypes;
- }
-
- public function getGrantType($name)
- {
- return isset($this->grantTypes[$name]) ? $this->grantTypes[$name] : null;
- }
-
- public function getResponseTypes()
- {
- return $this->responseTypes;
- }
-
- public function getResponseType($name)
- {
- // for multiple-valued response types - make them alphabetical
- $name = $this->normalizeResponseType($name);
-
- return isset($this->responseTypes[$name]) ? $this->responseTypes[$name] : null;
- }
-
- public function getTokenType()
- {
- return $this->tokenType;
- }
-
- public function getClientAssertionType()
- {
- return $this->clientAssertionType;
- }
-
- public function setConfig($name, $value)
- {
- $this->config[$name] = $value;
- }
-
- public function getConfig($name, $default = null)
- {
- return isset($this->config[$name]) ? $this->config[$name] : $default;
- }
-}
diff --git a/library/oauth2/src/OAuth2/Storage/AccessTokenInterface.php b/library/oauth2/src/OAuth2/Storage/AccessTokenInterface.php
deleted file mode 100644
index 1819158af..000000000
--- a/library/oauth2/src/OAuth2/Storage/AccessTokenInterface.php
+++ /dev/null
@@ -1,64 +0,0 @@
-<?php
-
-namespace OAuth2\Storage;
-
-/**
- * Implement this interface to specify where the OAuth2 Server
- * should get/save access tokens
- *
- * @author Brent Shaffer <bshafs at gmail dot com>
- */
-interface AccessTokenInterface
-{
- /**
- * Look up the supplied oauth_token from storage.
- *
- * We need to retrieve access token data as we create and verify tokens.
- *
- * @param $oauth_token
- * oauth_token to be check with.
- *
- * @return
- * An associative array as below, and return NULL if the supplied oauth_token
- * is invalid:
- * - expires: Stored expiration in unix timestamp.
- * - client_id: (optional) Stored client identifier.
- * - user_id: (optional) Stored user identifier.
- * - scope: (optional) Stored scope values in space-separated string.
- * - id_token: (optional) Stored id_token (if "use_openid_connect" is true).
- *
- * @ingroup oauth2_section_7
- */
- public function getAccessToken($oauth_token);
-
- /**
- * Store the supplied access token values to storage.
- *
- * We need to store access token data as we create and verify tokens.
- *
- * @param $oauth_token oauth_token to be stored.
- * @param $client_id client identifier to be stored.
- * @param $user_id user identifier to be stored.
- * @param int $expires expiration to be stored as a Unix timestamp.
- * @param string $scope OPTIONAL Scopes to be stored in space-separated string.
- *
- * @ingroup oauth2_section_4
- */
- public function setAccessToken($oauth_token, $client_id, $user_id, $expires, $scope = null);
-
- /**
- * Expire an access token.
- *
- * This is not explicitly required in the spec, but if defined in a draft RFC for token
- * revoking (RFC 7009) https://tools.ietf.org/html/rfc7009
- *
- * @param $access_token
- * Access token to be expired.
- *
- * @return BOOL true if an access token was unset, false if not
- * @ingroup oauth2_section_6
- *
- * @todo v2.0 include this method in interface. Omitted to maintain BC in v1.x
- */
- //public function unsetAccessToken($access_token);
-}
diff --git a/library/oauth2/src/OAuth2/Storage/AuthorizationCodeInterface.php b/library/oauth2/src/OAuth2/Storage/AuthorizationCodeInterface.php
deleted file mode 100644
index 3beb0e437..000000000
--- a/library/oauth2/src/OAuth2/Storage/AuthorizationCodeInterface.php
+++ /dev/null
@@ -1,86 +0,0 @@
-<?php
-
-namespace OAuth2\Storage;
-
-/**
- * Implement this interface to specify where the OAuth2 Server
- * should get/save authorization codes for the "Authorization Code"
- * grant type
- *
- * @author Brent Shaffer <bshafs at gmail dot com>
- */
-interface AuthorizationCodeInterface
-{
- /**
- * The Authorization Code grant type supports a response type of "code".
- *
- * @var string
- * @see http://tools.ietf.org/html/rfc6749#section-1.4.1
- * @see http://tools.ietf.org/html/rfc6749#section-4.2
- */
- const RESPONSE_TYPE_CODE = "code";
-
- /**
- * Fetch authorization code data (probably the most common grant type).
- *
- * Retrieve the stored data for the given authorization code.
- *
- * Required for OAuth2::GRANT_TYPE_AUTH_CODE.
- *
- * @param $code
- * Authorization code to be check with.
- *
- * @return
- * An associative array as below, and NULL if the code is invalid
- * @code
- * return array(
- * "client_id" => CLIENT_ID, // REQUIRED Stored client identifier
- * "user_id" => USER_ID, // REQUIRED Stored user identifier
- * "expires" => EXPIRES, // REQUIRED Stored expiration in unix timestamp
- * "redirect_uri" => REDIRECT_URI, // REQUIRED Stored redirect URI
- * "scope" => SCOPE, // OPTIONAL Stored scope values in space-separated string
- * );
- * @endcode
- *
- * @see http://tools.ietf.org/html/rfc6749#section-4.1
- *
- * @ingroup oauth2_section_4
- */
- public function getAuthorizationCode($code);
-
- /**
- * Take the provided authorization code values and store them somewhere.
- *
- * This function should be the storage counterpart to getAuthCode().
- *
- * If storage fails for some reason, we're not currently checking for
- * any sort of success/failure, so you should bail out of the script
- * and provide a descriptive fail message.
- *
- * Required for OAuth2::GRANT_TYPE_AUTH_CODE.
- *
- * @param string $code Authorization code to be stored.
- * @param mixed $client_id Client identifier to be stored.
- * @param mixed $user_id User identifier to be stored.
- * @param string $redirect_uri Redirect URI(s) to be stored in a space-separated string.
- * @param int $expires Expiration to be stored as a Unix timestamp.
- * @param string $scope OPTIONAL Scopes to be stored in space-separated string.
- *
- * @ingroup oauth2_section_4
- */
- public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null);
-
- /**
- * once an Authorization Code is used, it must be exipired
- *
- * @see http://tools.ietf.org/html/rfc6749#section-4.1.2
- *
- * The client MUST NOT use the authorization code
- * more than once. If an authorization code is used more than
- * once, the authorization server MUST deny the request and SHOULD
- * revoke (when possible) all tokens previously issued based on
- * that authorization code
- *
- */
- public function expireAuthorizationCode($code);
-}
diff --git a/library/oauth2/src/OAuth2/Storage/Cassandra.php b/library/oauth2/src/OAuth2/Storage/Cassandra.php
deleted file mode 100644
index 602e8a058..000000000
--- a/library/oauth2/src/OAuth2/Storage/Cassandra.php
+++ /dev/null
@@ -1,480 +0,0 @@
-<?php
-
-namespace OAuth2\Storage;
-
-use phpcassa\ColumnFamily;
-use phpcassa\ColumnSlice;
-use phpcassa\Connection\ConnectionPool;
-use OAuth2\OpenID\Storage\UserClaimsInterface;
-use OAuth2\OpenID\Storage\AuthorizationCodeInterface as OpenIDAuthorizationCodeInterface;
-
-/**
- * Cassandra storage for all storage types
- *
- * To use, install "thobbs/phpcassa" via composer
- * <code>
- * composer require thobbs/phpcassa:dev-master
- * </code>
- *
- * Once this is done, instantiate the
- * <code>
- * $cassandra = new \phpcassa\Connection\ConnectionPool('oauth2_server', array('127.0.0.1:9160'));
- * </code>
- *
- * Then, register the storage client:
- * <code>
- * $storage = new OAuth2\Storage\Cassandra($cassandra);
- * $storage->setClientDetails($client_id, $client_secret, $redirect_uri);
- * </code>
- *
- * @see test/lib/OAuth2/Storage/Bootstrap::getCassandraStorage
- */
-class Cassandra implements AuthorizationCodeInterface,
- AccessTokenInterface,
- ClientCredentialsInterface,
- UserCredentialsInterface,
- RefreshTokenInterface,
- JwtBearerInterface,
- ScopeInterface,
- PublicKeyInterface,
- UserClaimsInterface,
- OpenIDAuthorizationCodeInterface
-{
-
- private $cache;
-
- /* The cassandra client */
- protected $cassandra;
-
- /* Configuration array */
- protected $config;
-
- /**
- * Cassandra Storage! uses phpCassa
- *
- * @param \phpcassa\ConnectionPool $cassandra
- * @param array $config
- */
- public function __construct($connection = array(), array $config = array())
- {
- if ($connection instanceof ConnectionPool) {
- $this->cassandra = $connection;
- } else {
- if (!is_array($connection)) {
- throw new \InvalidArgumentException('First argument to OAuth2\Storage\Cassandra must be an instance of phpcassa\Connection\ConnectionPool or a configuration array');
- }
- $connection = array_merge(array(
- 'keyspace' => 'oauth2',
- 'servers' => null,
- ), $connection);
-
- $this->cassandra = new ConnectionPool($connection['keyspace'], $connection['servers']);
- }
-
- $this->config = array_merge(array(
- // cassandra config
- 'column_family' => 'auth',
-
- // key names
- 'client_key' => 'oauth_clients:',
- 'access_token_key' => 'oauth_access_tokens:',
- 'refresh_token_key' => 'oauth_refresh_tokens:',
- 'code_key' => 'oauth_authorization_codes:',
- 'user_key' => 'oauth_users:',
- 'jwt_key' => 'oauth_jwt:',
- 'scope_key' => 'oauth_scopes:',
- 'public_key_key' => 'oauth_public_keys:',
- ), $config);
- }
-
- protected function getValue($key)
- {
- if (isset($this->cache[$key])) {
- return $this->cache[$key];
- }
- $cf = new ColumnFamily($this->cassandra, $this->config['column_family']);
-
- try {
- $value = $cf->get($key, new ColumnSlice("", ""));
- $value = array_shift($value);
- } catch (\cassandra\NotFoundException $e) {
- return false;
- }
-
- return json_decode($value, true);
- }
-
- protected function setValue($key, $value, $expire = 0)
- {
- $this->cache[$key] = $value;
-
- $cf = new ColumnFamily($this->cassandra, $this->config['column_family']);
-
- $str = json_encode($value);
- if ($expire > 0) {
- try {
- $seconds = $expire - time();
- // __data key set as C* requires a field, note: max TTL can only be 630720000 seconds
- $cf->insert($key, array('__data' => $str), null, $seconds);
- } catch (\Exception $e) {
- return false;
- }
- } else {
- try {
- // __data key set as C* requires a field
- $cf->insert($key, array('__data' => $str));
- } catch (\Exception $e) {
- return false;
- }
- }
-
- return true;
- }
-
- protected function expireValue($key)
- {
- unset($this->cache[$key]);
-
- $cf = new ColumnFamily($this->cassandra, $this->config['column_family']);
-
- if ($cf->get_count($key) > 0) {
- try {
- // __data key set as C* requires a field
- $cf->remove($key, array('__data'));
- } catch (\Exception $e) {
- return false;
- }
-
- return true;
- }
-
- return false;
- }
-
- /* AuthorizationCodeInterface */
- public function getAuthorizationCode($code)
- {
- return $this->getValue($this->config['code_key'] . $code);
- }
-
- public function setAuthorizationCode($authorization_code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
- {
- return $this->setValue(
- $this->config['code_key'] . $authorization_code,
- compact('authorization_code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'scope', 'id_token'),
- $expires
- );
- }
-
- public function expireAuthorizationCode($code)
- {
- $key = $this->config['code_key'] . $code;
- unset($this->cache[$key]);
-
- return $this->expireValue($key);
- }
-
- /* UserCredentialsInterface */
- public function checkUserCredentials($username, $password)
- {
- if ($user = $this->getUser($username)) {
- return $this->checkPassword($user, $password);
- }
-
- return false;
- }
-
- // plaintext passwords are bad! Override this for your application
- protected function checkPassword($user, $password)
- {
- return $user['password'] == $this->hashPassword($password);
- }
-
- // use a secure hashing algorithm when storing passwords. Override this for your application
- protected function hashPassword($password)
- {
- return sha1($password);
- }
-
- public function getUserDetails($username)
- {
- return $this->getUser($username);
- }
-
- public function getUser($username)
- {
- if (!$userInfo = $this->getValue($this->config['user_key'] . $username)) {
- return false;
- }
-
- // the default behavior is to use "username" as the user_id
- return array_merge(array(
- 'user_id' => $username,
- ), $userInfo);
- }
-
- public function setUser($username, $password, $first_name = null, $last_name = null)
- {
- $password = $this->hashPassword($password);
-
- return $this->setValue(
- $this->config['user_key'] . $username,
- compact('username', 'password', 'first_name', 'last_name')
- );
- }
-
- /* ClientCredentialsInterface */
- public function checkClientCredentials($client_id, $client_secret = null)
- {
- if (!$client = $this->getClientDetails($client_id)) {
- return false;
- }
-
- return isset($client['client_secret'])
- && $client['client_secret'] == $client_secret;
- }
-
- public function isPublicClient($client_id)
- {
- if (!$client = $this->getClientDetails($client_id)) {
- return false;
- }
-
- return empty($client['client_secret']);;
- }
-
- /* ClientInterface */
- public function getClientDetails($client_id)
- {
- return $this->getValue($this->config['client_key'] . $client_id);
- }
-
- public function setClientDetails($client_id, $client_secret = null, $redirect_uri = null, $grant_types = null, $scope = null, $user_id = null)
- {
- return $this->setValue(
- $this->config['client_key'] . $client_id,
- compact('client_id', 'client_secret', 'redirect_uri', 'grant_types', 'scope', 'user_id')
- );
- }
-
- public function checkRestrictedGrantType($client_id, $grant_type)
- {
- $details = $this->getClientDetails($client_id);
- if (isset($details['grant_types'])) {
- $grant_types = explode(' ', $details['grant_types']);
-
- return in_array($grant_type, (array) $grant_types);
- }
-
- // if grant_types are not defined, then none are restricted
- return true;
- }
-
- /* RefreshTokenInterface */
- public function getRefreshToken($refresh_token)
- {
- return $this->getValue($this->config['refresh_token_key'] . $refresh_token);
- }
-
- public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = null)
- {
- return $this->setValue(
- $this->config['refresh_token_key'] . $refresh_token,
- compact('refresh_token', 'client_id', 'user_id', 'expires', 'scope'),
- $expires
- );
- }
-
- public function unsetRefreshToken($refresh_token)
- {
- return $this->expireValue($this->config['refresh_token_key'] . $refresh_token);
- }
-
- /* AccessTokenInterface */
- public function getAccessToken($access_token)
- {
- return $this->getValue($this->config['access_token_key'].$access_token);
- }
-
- public function setAccessToken($access_token, $client_id, $user_id, $expires, $scope = null)
- {
- return $this->setValue(
- $this->config['access_token_key'].$access_token,
- compact('access_token', 'client_id', 'user_id', 'expires', 'scope'),
- $expires
- );
- }
-
- public function unsetAccessToken($access_token)
- {
- return $this->expireValue($this->config['access_token_key'] . $access_token);
- }
-
- /* ScopeInterface */
- public function scopeExists($scope)
- {
- $scope = explode(' ', $scope);
-
- $result = $this->getValue($this->config['scope_key'].'supported:global');
-
- $supportedScope = explode(' ', (string) $result);
-
- return (count(array_diff($scope, $supportedScope)) == 0);
- }
-
- public function getDefaultScope($client_id = null)
- {
- if (is_null($client_id) || !$result = $this->getValue($this->config['scope_key'].'default:'.$client_id)) {
- $result = $this->getValue($this->config['scope_key'].'default:global');
- }
-
- return $result;
- }
-
- public function setScope($scope, $client_id = null, $type = 'supported')
- {
- if (!in_array($type, array('default', 'supported'))) {
- throw new \InvalidArgumentException('"$type" must be one of "default", "supported"');
- }
-
- if (is_null($client_id)) {
- $key = $this->config['scope_key'].$type.':global';
- } else {
- $key = $this->config['scope_key'].$type.':'.$client_id;
- }
-
- return $this->setValue($key, $scope);
- }
-
- /*JWTBearerInterface */
- public function getClientKey($client_id, $subject)
- {
- if (!$jwt = $this->getValue($this->config['jwt_key'] . $client_id)) {
- return false;
- }
-
- if (isset($jwt['subject']) && $jwt['subject'] == $subject ) {
- return $jwt['key'];
- }
-
- return null;
- }
-
- public function setClientKey($client_id, $key, $subject = null)
- {
- return $this->setValue($this->config['jwt_key'] . $client_id, array(
- 'key' => $key,
- 'subject' => $subject
- ));
- }
-
- /*ScopeInterface */
- public function getClientScope($client_id)
- {
- if (!$clientDetails = $this->getClientDetails($client_id)) {
- return false;
- }
-
- if (isset($clientDetails['scope'])) {
- return $clientDetails['scope'];
- }
-
- return null;
- }
-
- public function getJti($client_id, $subject, $audience, $expiration, $jti)
- {
- //TODO: Needs cassandra implementation.
- throw new \Exception('getJti() for the Cassandra driver is currently unimplemented.');
- }
-
- public function setJti($client_id, $subject, $audience, $expiration, $jti)
- {
- //TODO: Needs cassandra implementation.
- throw new \Exception('setJti() for the Cassandra driver is currently unimplemented.');
- }
-
- /* PublicKeyInterface */
- public function getPublicKey($client_id = '')
- {
- $public_key = $this->getValue($this->config['public_key_key'] . $client_id);
- if (is_array($public_key)) {
- return $public_key['public_key'];
- }
- $public_key = $this->getValue($this->config['public_key_key']);
- if (is_array($public_key)) {
- return $public_key['public_key'];
- }
- }
-
- public function getPrivateKey($client_id = '')
- {
- $public_key = $this->getValue($this->config['public_key_key'] . $client_id);
- if (is_array($public_key)) {
- return $public_key['private_key'];
- }
- $public_key = $this->getValue($this->config['public_key_key']);
- if (is_array($public_key)) {
- return $public_key['private_key'];
- }
- }
-
- public function getEncryptionAlgorithm($client_id = null)
- {
- $public_key = $this->getValue($this->config['public_key_key'] . $client_id);
- if (is_array($public_key)) {
- return $public_key['encryption_algorithm'];
- }
- $public_key = $this->getValue($this->config['public_key_key']);
- if (is_array($public_key)) {
- return $public_key['encryption_algorithm'];
- }
-
- return 'RS256';
- }
-
- /* UserClaimsInterface */
- public function getUserClaims($user_id, $claims)
- {
- $userDetails = $this->getUserDetails($user_id);
- if (!is_array($userDetails)) {
- return false;
- }
-
- $claims = explode(' ', trim($claims));
- $userClaims = array();
-
- // for each requested claim, if the user has the claim, set it in the response
- $validClaims = explode(' ', self::VALID_CLAIMS);
- foreach ($validClaims as $validClaim) {
- if (in_array($validClaim, $claims)) {
- if ($validClaim == 'address') {
- // address is an object with subfields
- $userClaims['address'] = $this->getUserClaim($validClaim, $userDetails['address'] ?: $userDetails);
- } else {
- $userClaims = array_merge($userClaims, $this->getUserClaim($validClaim, $userDetails));
- }
- }
- }
-
- return $userClaims;
- }
-
- protected function getUserClaim($claim, $userDetails)
- {
- $userClaims = array();
- $claimValuesString = constant(sprintf('self::%s_CLAIM_VALUES', strtoupper($claim)));
- $claimValues = explode(' ', $claimValuesString);
-
- foreach ($claimValues as $value) {
- if ($value == 'email_verified') {
- $userClaims[$value] = $userDetails[$value]=='true' ? true : false;
- } else {
- $userClaims[$value] = isset($userDetails[$value]) ? $userDetails[$value] : null;
- }
- }
-
- return $userClaims;
- }
-
-}
diff --git a/library/oauth2/src/OAuth2/Storage/ClientCredentialsInterface.php b/library/oauth2/src/OAuth2/Storage/ClientCredentialsInterface.php
deleted file mode 100644
index 3318c6966..000000000
--- a/library/oauth2/src/OAuth2/Storage/ClientCredentialsInterface.php
+++ /dev/null
@@ -1,49 +0,0 @@
-<?php
-
-namespace OAuth2\Storage;
-
-/**
- * Implement this interface to specify how the OAuth2 Server
- * should verify client credentials
- *
- * @author Brent Shaffer <bshafs at gmail dot com>
- */
-interface ClientCredentialsInterface extends ClientInterface
-{
-
- /**
- * Make sure that the client credentials is valid.
- *
- * @param $client_id
- * Client identifier to be check with.
- * @param $client_secret
- * (optional) If a secret is required, check that they've given the right one.
- *
- * @return
- * TRUE if the client credentials are valid, and MUST return FALSE if it isn't.
- * @endcode
- *
- * @see http://tools.ietf.org/html/rfc6749#section-3.1
- *
- * @ingroup oauth2_section_3
- */
- public function checkClientCredentials($client_id, $client_secret = null);
-
- /**
- * Determine if the client is a "public" client, and therefore
- * does not require passing credentials for certain grant types
- *
- * @param $client_id
- * Client identifier to be check with.
- *
- * @return
- * TRUE if the client is public, and FALSE if it isn't.
- * @endcode
- *
- * @see http://tools.ietf.org/html/rfc6749#section-2.3
- * @see https://github.com/bshaffer/oauth2-server-php/issues/257
- *
- * @ingroup oauth2_section_2
- */
- public function isPublicClient($client_id);
-}
diff --git a/library/oauth2/src/OAuth2/Storage/ClientInterface.php b/library/oauth2/src/OAuth2/Storage/ClientInterface.php
deleted file mode 100644
index 09a5bffc1..000000000
--- a/library/oauth2/src/OAuth2/Storage/ClientInterface.php
+++ /dev/null
@@ -1,66 +0,0 @@
-<?php
-
-namespace OAuth2\Storage;
-
-/**
- * Implement this interface to specify where the OAuth2 Server
- * should retrieve client information
- *
- * @author Brent Shaffer <bshafs at gmail dot com>
- */
-interface ClientInterface
-{
- /**
- * Get client details corresponding client_id.
- *
- * OAuth says we should store request URIs for each registered client.
- * Implement this function to grab the stored URI for a given client id.
- *
- * @param $client_id
- * Client identifier to be check with.
- *
- * @return array
- * Client details. The only mandatory key in the array is "redirect_uri".
- * This function MUST return FALSE if the given client does not exist or is
- * invalid. "redirect_uri" can be space-delimited to allow for multiple valid uris.
- * <code>
- * return array(
- * "redirect_uri" => REDIRECT_URI, // REQUIRED redirect_uri registered for the client
- * "client_id" => CLIENT_ID, // OPTIONAL the client id
- * "grant_types" => GRANT_TYPES, // OPTIONAL an array of restricted grant types
- * "user_id" => USER_ID, // OPTIONAL the user identifier associated with this client
- * "scope" => SCOPE, // OPTIONAL the scopes allowed for this client
- * );
- * </code>
- *
- * @ingroup oauth2_section_4
- */
- public function getClientDetails($client_id);
-
- /**
- * Get the scope associated with this client
- *
- * @return
- * STRING the space-delineated scope list for the specified client_id
- */
- public function getClientScope($client_id);
-
- /**
- * Check restricted grant types of corresponding client identifier.
- *
- * If you want to restrict clients to certain grant types, override this
- * function.
- *
- * @param $client_id
- * Client identifier to be check with.
- * @param $grant_type
- * Grant type to be check with
- *
- * @return
- * TRUE if the grant type is supported by this client identifier, and
- * FALSE if it isn't.
- *
- * @ingroup oauth2_section_4
- */
- public function checkRestrictedGrantType($client_id, $grant_type);
-}
diff --git a/library/oauth2/src/OAuth2/Storage/CouchbaseDB.php b/library/oauth2/src/OAuth2/Storage/CouchbaseDB.php
deleted file mode 100755
index 1eb55f027..000000000
--- a/library/oauth2/src/OAuth2/Storage/CouchbaseDB.php
+++ /dev/null
@@ -1,331 +0,0 @@
-<?php
-
-namespace OAuth2\Storage;
-
-use OAuth2\OpenID\Storage\AuthorizationCodeInterface as OpenIDAuthorizationCodeInterface;
-
-/**
- * Simple Couchbase storage for all storage types
- *
- * This class should be extended or overridden as required
- *
- * NOTE: Passwords are stored in plaintext, which is never
- * a good idea. Be sure to override this for your application
- *
- * @author Tom Park <tom@raucter.com>
- */
-class CouchbaseDB implements AuthorizationCodeInterface,
- AccessTokenInterface,
- ClientCredentialsInterface,
- UserCredentialsInterface,
- RefreshTokenInterface,
- JwtBearerInterface,
- OpenIDAuthorizationCodeInterface
-{
- protected $db;
- protected $config;
-
- public function __construct($connection, $config = array())
- {
- if ($connection instanceof \Couchbase) {
- $this->db = $connection;
- } else {
- if (!is_array($connection) || !is_array($connection['servers'])) {
- throw new \InvalidArgumentException('First argument to OAuth2\Storage\CouchbaseDB must be an instance of Couchbase or a configuration array containing a server array');
- }
-
- $this->db = new \Couchbase($connection['servers'], (!isset($connection['username'])) ? '' : $connection['username'], (!isset($connection['password'])) ? '' : $connection['password'], $connection['bucket'], false);
- }
-
- $this->config = array_merge(array(
- 'client_table' => 'oauth_clients',
- 'access_token_table' => 'oauth_access_tokens',
- 'refresh_token_table' => 'oauth_refresh_tokens',
- 'code_table' => 'oauth_authorization_codes',
- 'user_table' => 'oauth_users',
- 'jwt_table' => 'oauth_jwt',
- ), $config);
- }
-
- // Helper function to access couchbase item by type:
- protected function getObjectByType($name,$id)
- {
- return json_decode($this->db->get($this->config[$name].'-'.$id),true);
- }
-
- // Helper function to set couchbase item by type:
- protected function setObjectByType($name,$id,$array)
- {
- $array['type'] = $name;
-
- return $this->db->set($this->config[$name].'-'.$id,json_encode($array));
- }
-
- // Helper function to delete couchbase item by type, wait for persist to at least 1 node
- protected function deleteObjectByType($name,$id)
- {
- $this->db->delete($this->config[$name].'-'.$id,"",1);
- }
-
- /* ClientCredentialsInterface */
- public function checkClientCredentials($client_id, $client_secret = null)
- {
- if ($result = $this->getObjectByType('client_table',$client_id)) {
- return $result['client_secret'] == $client_secret;
- }
-
- return false;
- }
-
- public function isPublicClient($client_id)
- {
- if (!$result = $this->getObjectByType('client_table',$client_id)) {
- return false;
- }
-
- return empty($result['client_secret']);
- }
-
- /* ClientInterface */
- public function getClientDetails($client_id)
- {
- $result = $this->getObjectByType('client_table',$client_id);
-
- return is_null($result) ? false : $result;
- }
-
- public function setClientDetails($client_id, $client_secret = null, $redirect_uri = null, $grant_types = null, $scope = null, $user_id = null)
- {
- if ($this->getClientDetails($client_id)) {
-
- $this->setObjectByType('client_table',$client_id, array(
- 'client_id' => $client_id,
- 'client_secret' => $client_secret,
- 'redirect_uri' => $redirect_uri,
- 'grant_types' => $grant_types,
- 'scope' => $scope,
- 'user_id' => $user_id,
- ));
- } else {
- $this->setObjectByType('client_table',$client_id, array(
- 'client_id' => $client_id,
- 'client_secret' => $client_secret,
- 'redirect_uri' => $redirect_uri,
- 'grant_types' => $grant_types,
- 'scope' => $scope,
- 'user_id' => $user_id,
- ));
- }
-
- return true;
- }
-
- public function checkRestrictedGrantType($client_id, $grant_type)
- {
- $details = $this->getClientDetails($client_id);
- if (isset($details['grant_types'])) {
- $grant_types = explode(' ', $details['grant_types']);
-
- return in_array($grant_type, $grant_types);
- }
-
- // if grant_types are not defined, then none are restricted
- return true;
- }
-
- /* AccessTokenInterface */
- public function getAccessToken($access_token)
- {
- $token = $this->getObjectByType('access_token_table',$access_token);
-
- return is_null($token) ? false : $token;
- }
-
- public function setAccessToken($access_token, $client_id, $user_id, $expires, $scope = null)
- {
- // if it exists, update it.
- if ($this->getAccessToken($access_token)) {
- $this->setObjectByType('access_token_table',$access_token, array(
- 'access_token' => $access_token,
- 'client_id' => $client_id,
- 'expires' => $expires,
- 'user_id' => $user_id,
- 'scope' => $scope
- ));
- } else {
- $this->setObjectByType('access_token_table',$access_token, array(
- 'access_token' => $access_token,
- 'client_id' => $client_id,
- 'expires' => $expires,
- 'user_id' => $user_id,
- 'scope' => $scope
- ));
- }
-
- return true;
- }
-
- /* AuthorizationCodeInterface */
- public function getAuthorizationCode($code)
- {
- $code = $this->getObjectByType('code_table',$code);
-
- return is_null($code) ? false : $code;
- }
-
- public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
- {
- // if it exists, update it.
- if ($this->getAuthorizationCode($code)) {
- $this->setObjectByType('code_table',$code, array(
- 'authorization_code' => $code,
- 'client_id' => $client_id,
- 'user_id' => $user_id,
- 'redirect_uri' => $redirect_uri,
- 'expires' => $expires,
- 'scope' => $scope,
- 'id_token' => $id_token,
- ));
- } else {
- $this->setObjectByType('code_table',$code,array(
- 'authorization_code' => $code,
- 'client_id' => $client_id,
- 'user_id' => $user_id,
- 'redirect_uri' => $redirect_uri,
- 'expires' => $expires,
- 'scope' => $scope,
- 'id_token' => $id_token,
- ));
- }
-
- return true;
- }
-
- public function expireAuthorizationCode($code)
- {
- $this->deleteObjectByType('code_table',$code);
-
- return true;
- }
-
- /* UserCredentialsInterface */
- public function checkUserCredentials($username, $password)
- {
- if ($user = $this->getUser($username)) {
- return $this->checkPassword($user, $password);
- }
-
- return false;
- }
-
- public function getUserDetails($username)
- {
- if ($user = $this->getUser($username)) {
- $user['user_id'] = $user['username'];
- }
-
- return $user;
- }
-
- /* RefreshTokenInterface */
- public function getRefreshToken($refresh_token)
- {
- $token = $this->getObjectByType('refresh_token_table',$refresh_token);
-
- return is_null($token) ? false : $token;
- }
-
- public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = null)
- {
- $this->setObjectByType('refresh_token_table',$refresh_token, array(
- 'refresh_token' => $refresh_token,
- 'client_id' => $client_id,
- 'user_id' => $user_id,
- 'expires' => $expires,
- 'scope' => $scope
- ));
-
- return true;
- }
-
- public function unsetRefreshToken($refresh_token)
- {
- $this->deleteObjectByType('refresh_token_table',$refresh_token);
-
- return true;
- }
-
- // plaintext passwords are bad! Override this for your application
- protected function checkPassword($user, $password)
- {
- return $user['password'] == $password;
- }
-
- public function getUser($username)
- {
- $result = $this->getObjectByType('user_table',$username);
-
- return is_null($result) ? false : $result;
- }
-
- public function setUser($username, $password, $firstName = null, $lastName = null)
- {
- if ($this->getUser($username)) {
- $this->setObjectByType('user_table',$username, array(
- 'username' => $username,
- 'password' => $password,
- 'first_name' => $firstName,
- 'last_name' => $lastName
- ));
-
- } else {
- $this->setObjectByType('user_table',$username, array(
- 'username' => $username,
- 'password' => $password,
- 'first_name' => $firstName,
- 'last_name' => $lastName
- ));
-
- }
-
- return true;
- }
-
- public function getClientKey($client_id, $subject)
- {
- if (!$jwt = $this->getObjectByType('jwt_table',$client_id)) {
- return false;
- }
-
- if (isset($jwt['subject']) && $jwt['subject'] == $subject) {
- return $jwt['key'];
- }
-
- return false;
- }
-
- public function getClientScope($client_id)
- {
- if (!$clientDetails = $this->getClientDetails($client_id)) {
- return false;
- }
-
- if (isset($clientDetails['scope'])) {
- return $clientDetails['scope'];
- }
-
- return null;
- }
-
- public function getJti($client_id, $subject, $audience, $expiration, $jti)
- {
- //TODO: Needs couchbase implementation.
- throw new \Exception('getJti() for the Couchbase driver is currently unimplemented.');
- }
-
- public function setJti($client_id, $subject, $audience, $expiration, $jti)
- {
- //TODO: Needs couchbase implementation.
- throw new \Exception('setJti() for the Couchbase driver is currently unimplemented.');
- }
-}
diff --git a/library/oauth2/src/OAuth2/Storage/DynamoDB.php b/library/oauth2/src/OAuth2/Storage/DynamoDB.php
deleted file mode 100644
index 8347ab258..000000000
--- a/library/oauth2/src/OAuth2/Storage/DynamoDB.php
+++ /dev/null
@@ -1,540 +0,0 @@
-<?php
-
-namespace OAuth2\Storage;
-
-use Aws\DynamoDb\DynamoDbClient;
-
-use OAuth2\OpenID\Storage\UserClaimsInterface;
-use OAuth2\OpenID\Storage\AuthorizationCodeInterface as OpenIDAuthorizationCodeInterface;
-/**
- * DynamoDB storage for all storage types
- *
- * To use, install "aws/aws-sdk-php" via composer
- * <code>
- * composer require aws/aws-sdk-php:dev-master
- * </code>
- *
- * Once this is done, instantiate the DynamoDB client
- * <code>
- * $storage = new OAuth2\Storage\Dynamodb(array("key" => "YOURKEY", "secret" => "YOURSECRET", "region" => "YOURREGION"));
- * </code>
- *
- * Table :
- * - oauth_access_tokens (primary hash key : access_token)
- * - oauth_authorization_codes (primary hash key : authorization_code)
- * - oauth_clients (primary hash key : client_id)
- * - oauth_jwt (primary hash key : client_id, primary range key : subject)
- * - oauth_public_keys (primary hash key : client_id)
- * - oauth_refresh_tokens (primary hash key : refresh_token)
- * - oauth_scopes (primary hash key : scope, secondary index : is_default-index hash key is_default)
- * - oauth_users (primary hash key : username)
- *
- * @author Frederic AUGUSTE <frederic.auguste at gmail dot com>
- */
-class DynamoDB implements
- AuthorizationCodeInterface,
- AccessTokenInterface,
- ClientCredentialsInterface,
- UserCredentialsInterface,
- RefreshTokenInterface,
- JwtBearerInterface,
- ScopeInterface,
- PublicKeyInterface,
- UserClaimsInterface,
- OpenIDAuthorizationCodeInterface
-{
- protected $client;
- protected $config;
-
- public function __construct($connection, $config = array())
- {
- if (!($connection instanceof DynamoDbClient)) {
- if (!is_array($connection)) {
- throw new \InvalidArgumentException('First argument to OAuth2\Storage\Dynamodb must be an instance a configuration array containt key, secret, region');
- }
- if (!array_key_exists("key",$connection) || !array_key_exists("secret",$connection) || !array_key_exists("region",$connection) ) {
- throw new \InvalidArgumentException('First argument to OAuth2\Storage\Dynamodb must be an instance a configuration array containt key, secret, region');
- }
- $this->client = DynamoDbClient::factory(array(
- 'key' => $connection["key"],
- 'secret' => $connection["secret"],
- 'region' =>$connection["region"]
- ));
- } else {
- $this->client = $connection;
- }
-
- $this->config = array_merge(array(
- 'client_table' => 'oauth_clients',
- 'access_token_table' => 'oauth_access_tokens',
- 'refresh_token_table' => 'oauth_refresh_tokens',
- 'code_table' => 'oauth_authorization_codes',
- 'user_table' => 'oauth_users',
- 'jwt_table' => 'oauth_jwt',
- 'scope_table' => 'oauth_scopes',
- 'public_key_table' => 'oauth_public_keys',
- ), $config);
- }
-
- /* OAuth2\Storage\ClientCredentialsInterface */
- public function checkClientCredentials($client_id, $client_secret = null)
- {
- $result = $this->client->getItem(array(
- "TableName"=> $this->config['client_table'],
- "Key" => array('client_id' => array('S' => $client_id))
- ));
-
- return $result->count()==1 && $result["Item"]["client_secret"]["S"] == $client_secret;
- }
-
- public function isPublicClient($client_id)
- {
- $result = $this->client->getItem(array(
- "TableName"=> $this->config['client_table'],
- "Key" => array('client_id' => array('S' => $client_id))
- ));
-
- if ($result->count()==0) {
- return false ;
- }
-
- return empty($result["Item"]["client_secret"]);
- }
-
- /* OAuth2\Storage\ClientInterface */
- public function getClientDetails($client_id)
- {
- $result = $this->client->getItem(array(
- "TableName"=> $this->config['client_table'],
- "Key" => array('client_id' => array('S' => $client_id))
- ));
- if ($result->count()==0) {
- return false ;
- }
- $result = $this->dynamo2array($result);
- foreach (array('client_id', 'client_secret', 'redirect_uri', 'grant_types', 'scope', 'user_id') as $key => $val) {
- if (!array_key_exists ($val, $result)) {
- $result[$val] = null;
- }
- }
-
- return $result;
- }
-
- public function setClientDetails($client_id, $client_secret = null, $redirect_uri = null, $grant_types = null, $scope = null, $user_id = null)
- {
- $clientData = compact('client_id', 'client_secret', 'redirect_uri', 'grant_types', 'scope', 'user_id');
- $clientData = array_filter($clientData, 'self::isNotEmpty');
-
- $result = $this->client->putItem(array(
- 'TableName' => $this->config['client_table'],
- 'Item' => $this->client->formatAttributes($clientData)
- ));
-
- return true;
- }
-
- public function checkRestrictedGrantType($client_id, $grant_type)
- {
- $details = $this->getClientDetails($client_id);
- if (isset($details['grant_types'])) {
- $grant_types = explode(' ', $details['grant_types']);
-
- return in_array($grant_type, (array) $grant_types);
- }
-
- // if grant_types are not defined, then none are restricted
- return true;
- }
-
- /* OAuth2\Storage\AccessTokenInterface */
- public function getAccessToken($access_token)
- {
- $result = $this->client->getItem(array(
- "TableName"=> $this->config['access_token_table'],
- "Key" => array('access_token' => array('S' => $access_token))
- ));
- if ($result->count()==0) {
- return false ;
- }
- $token = $this->dynamo2array($result);
- if (array_key_exists ('expires', $token)) {
- $token['expires'] = strtotime($token['expires']);
- }
-
- return $token;
- }
-
- public function setAccessToken($access_token, $client_id, $user_id, $expires, $scope = null)
- {
- // convert expires to datestring
- $expires = date('Y-m-d H:i:s', $expires);
-
- $clientData = compact('access_token', 'client_id', 'user_id', 'expires', 'scope');
- $clientData = array_filter($clientData, 'self::isNotEmpty');
-
- $result = $this->client->putItem(array(
- 'TableName' => $this->config['access_token_table'],
- 'Item' => $this->client->formatAttributes($clientData)
- ));
-
- return true;
-
- }
-
- public function unsetAccessToken($access_token)
- {
- $result = $this->client->deleteItem(array(
- 'TableName' => $this->config['access_token_table'],
- 'Key' => $this->client->formatAttributes(array("access_token" => $access_token)),
- 'ReturnValues' => 'ALL_OLD',
- ));
-
- return null !== $result->get('Attributes');
- }
-
- /* OAuth2\Storage\AuthorizationCodeInterface */
- public function getAuthorizationCode($code)
- {
- $result = $this->client->getItem(array(
- "TableName"=> $this->config['code_table'],
- "Key" => array('authorization_code' => array('S' => $code))
- ));
- if ($result->count()==0) {
- return false ;
- }
- $token = $this->dynamo2array($result);
- if (!array_key_exists("id_token", $token )) {
- $token['id_token'] = null;
- }
- $token['expires'] = strtotime($token['expires']);
-
- return $token;
-
- }
-
- public function setAuthorizationCode($authorization_code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
- {
- // convert expires to datestring
- $expires = date('Y-m-d H:i:s', $expires);
-
- $clientData = compact('authorization_code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'id_token', 'scope');
- $clientData = array_filter($clientData, 'self::isNotEmpty');
-
- $result = $this->client->putItem(array(
- 'TableName' => $this->config['code_table'],
- 'Item' => $this->client->formatAttributes($clientData)
- ));
-
- return true;
- }
-
- public function expireAuthorizationCode($code)
- {
-
- $result = $this->client->deleteItem(array(
- 'TableName' => $this->config['code_table'],
- 'Key' => $this->client->formatAttributes(array("authorization_code" => $code))
- ));
-
- return true;
- }
-
- /* OAuth2\Storage\UserCredentialsInterface */
- public function checkUserCredentials($username, $password)
- {
- if ($user = $this->getUser($username)) {
- return $this->checkPassword($user, $password);
- }
-
- return false;
- }
-
- public function getUserDetails($username)
- {
- return $this->getUser($username);
- }
-
- /* UserClaimsInterface */
- public function getUserClaims($user_id, $claims)
- {
- if (!$userDetails = $this->getUserDetails($user_id)) {
- return false;
- }
-
- $claims = explode(' ', trim($claims));
- $userClaims = array();
-
- // for each requested claim, if the user has the claim, set it in the response
- $validClaims = explode(' ', self::VALID_CLAIMS);
- foreach ($validClaims as $validClaim) {
- if (in_array($validClaim, $claims)) {
- if ($validClaim == 'address') {
- // address is an object with subfields
- $userClaims['address'] = $this->getUserClaim($validClaim, $userDetails['address'] ?: $userDetails);
- } else {
- $userClaims = array_merge($userClaims, $this->getUserClaim($validClaim, $userDetails));
- }
- }
- }
-
- return $userClaims;
- }
-
- protected function getUserClaim($claim, $userDetails)
- {
- $userClaims = array();
- $claimValuesString = constant(sprintf('self::%s_CLAIM_VALUES', strtoupper($claim)));
- $claimValues = explode(' ', $claimValuesString);
-
- foreach ($claimValues as $value) {
- if ($value == 'email_verified') {
- $userClaims[$value] = $userDetails[$value]=='true' ? true : false;
- } else {
- $userClaims[$value] = isset($userDetails[$value]) ? $userDetails[$value] : null;
- }
- }
-
- return $userClaims;
- }
-
- /* OAuth2\Storage\RefreshTokenInterface */
- public function getRefreshToken($refresh_token)
- {
- $result = $this->client->getItem(array(
- "TableName"=> $this->config['refresh_token_table'],
- "Key" => array('refresh_token' => array('S' => $refresh_token))
- ));
- if ($result->count()==0) {
- return false ;
- }
- $token = $this->dynamo2array($result);
- $token['expires'] = strtotime($token['expires']);
-
- return $token;
- }
-
- public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = null)
- {
- // convert expires to datestring
- $expires = date('Y-m-d H:i:s', $expires);
-
- $clientData = compact('refresh_token', 'client_id', 'user_id', 'expires', 'scope');
- $clientData = array_filter($clientData, 'self::isNotEmpty');
-
- $result = $this->client->putItem(array(
- 'TableName' => $this->config['refresh_token_table'],
- 'Item' => $this->client->formatAttributes($clientData)
- ));
-
- return true;
- }
-
- public function unsetRefreshToken($refresh_token)
- {
- $result = $this->client->deleteItem(array(
- 'TableName' => $this->config['refresh_token_table'],
- 'Key' => $this->client->formatAttributes(array("refresh_token" => $refresh_token))
- ));
-
- return true;
- }
-
- // plaintext passwords are bad! Override this for your application
- protected function checkPassword($user, $password)
- {
- return $user['password'] == $this->hashPassword($password);
- }
-
- // use a secure hashing algorithm when storing passwords. Override this for your application
- protected function hashPassword($password)
- {
- return sha1($password);
- }
-
- public function getUser($username)
- {
- $result = $this->client->getItem(array(
- "TableName"=> $this->config['user_table'],
- "Key" => array('username' => array('S' => $username))
- ));
- if ($result->count()==0) {
- return false ;
- }
- $token = $this->dynamo2array($result);
- $token['user_id'] = $username;
-
- return $token;
- }
-
- public function setUser($username, $password, $first_name = null, $last_name = null)
- {
- // do not store in plaintext
- $password = $this->hashPassword($password);
-
- $clientData = compact('username', 'password', 'first_name', 'last_name');
- $clientData = array_filter($clientData, 'self::isNotEmpty');
-
- $result = $this->client->putItem(array(
- 'TableName' => $this->config['user_table'],
- 'Item' => $this->client->formatAttributes($clientData)
- ));
-
- return true;
-
- }
-
- /* ScopeInterface */
- public function scopeExists($scope)
- {
- $scope = explode(' ', $scope);
- $scope_query = array();
- $count = 0;
- foreach ($scope as $key => $val) {
- $result = $this->client->query(array(
- 'TableName' => $this->config['scope_table'],
- 'Select' => 'COUNT',
- 'KeyConditions' => array(
- 'scope' => array(
- 'AttributeValueList' => array(array('S' => $val)),
- 'ComparisonOperator' => 'EQ'
- )
- )
- ));
- $count += $result['Count'];
- }
-
- return $count == count($scope);
- }
-
- public function getDefaultScope($client_id = null)
- {
-
- $result = $this->client->query(array(
- 'TableName' => $this->config['scope_table'],
- 'IndexName' => 'is_default-index',
- 'Select' => 'ALL_ATTRIBUTES',
- 'KeyConditions' => array(
- 'is_default' => array(
- 'AttributeValueList' => array(array('S' => 'true')),
- 'ComparisonOperator' => 'EQ',
- ),
- )
- ));
- $defaultScope = array();
- if ($result->count() > 0) {
- $array = $result->toArray();
- foreach ($array["Items"] as $item) {
- $defaultScope[] = $item['scope']['S'];
- }
-
- return empty($defaultScope) ? null : implode(' ', $defaultScope);
- }
-
- return null;
- }
-
- /* JWTBearerInterface */
- public function getClientKey($client_id, $subject)
- {
- $result = $this->client->getItem(array(
- "TableName"=> $this->config['jwt_table'],
- "Key" => array('client_id' => array('S' => $client_id), 'subject' => array('S' => $subject))
- ));
- if ($result->count()==0) {
- return false ;
- }
- $token = $this->dynamo2array($result);
-
- return $token['public_key'];
- }
-
- public function getClientScope($client_id)
- {
- if (!$clientDetails = $this->getClientDetails($client_id)) {
- return false;
- }
-
- if (isset($clientDetails['scope'])) {
- return $clientDetails['scope'];
- }
-
- return null;
- }
-
- public function getJti($client_id, $subject, $audience, $expires, $jti)
- {
- //TODO not use.
- }
-
- public function setJti($client_id, $subject, $audience, $expires, $jti)
- {
- //TODO not use.
- }
-
- /* PublicKeyInterface */
- public function getPublicKey($client_id = '0')
- {
-
- $result = $this->client->getItem(array(
- "TableName"=> $this->config['public_key_table'],
- "Key" => array('client_id' => array('S' => $client_id))
- ));
- if ($result->count()==0) {
- return false ;
- }
- $token = $this->dynamo2array($result);
-
- return $token['public_key'];
-
- }
-
- public function getPrivateKey($client_id = '0')
- {
- $result = $this->client->getItem(array(
- "TableName"=> $this->config['public_key_table'],
- "Key" => array('client_id' => array('S' => $client_id))
- ));
- if ($result->count()==0) {
- return false ;
- }
- $token = $this->dynamo2array($result);
-
- return $token['private_key'];
- }
-
- public function getEncryptionAlgorithm($client_id = null)
- {
- $result = $this->client->getItem(array(
- "TableName"=> $this->config['public_key_table'],
- "Key" => array('client_id' => array('S' => $client_id))
- ));
- if ($result->count()==0) {
- return 'RS256' ;
- }
- $token = $this->dynamo2array($result);
-
- return $token['encryption_algorithm'];
- }
-
- /**
- * Transform dynamodb resultset to an array.
- * @param $dynamodbResult
- * @return $array
- */
- private function dynamo2array($dynamodbResult)
- {
- $result = array();
- foreach ($dynamodbResult["Item"] as $key => $val) {
- $result[$key] = $val["S"];
- $result[] = $val["S"];
- }
-
- return $result;
- }
-
- private static function isNotEmpty($value)
- {
- return null !== $value && '' !== $value;
- }
-}
diff --git a/library/oauth2/src/OAuth2/Storage/JwtAccessToken.php b/library/oauth2/src/OAuth2/Storage/JwtAccessToken.php
deleted file mode 100644
index 75b49d301..000000000
--- a/library/oauth2/src/OAuth2/Storage/JwtAccessToken.php
+++ /dev/null
@@ -1,88 +0,0 @@
-<?php
-
-namespace OAuth2\Storage;
-
-use OAuth2\Encryption\EncryptionInterface;
-use OAuth2\Encryption\Jwt;
-
-/**
- *
- * @author Brent Shaffer <bshafs at gmail dot com>
- */
-class JwtAccessToken implements JwtAccessTokenInterface
-{
- protected $publicKeyStorage;
- protected $tokenStorage;
- protected $encryptionUtil;
-
- /**
- * @param OAuth2\Encryption\PublicKeyInterface $publicKeyStorage the public key encryption to use
- * @param OAuth2\Storage\AccessTokenInterface $tokenStorage OPTIONAL persist the access token to another storage. This is useful if
- * you want to retain access token grant information somewhere, but
- * is not necessary when using this grant type.
- * @param OAuth2\Encryption\EncryptionInterface $encryptionUtil OPTIONAL class to use for "encode" and "decode" functions.
- */
- public function __construct(PublicKeyInterface $publicKeyStorage, AccessTokenInterface $tokenStorage = null, EncryptionInterface $encryptionUtil = null)
- {
- $this->publicKeyStorage = $publicKeyStorage;
- $this->tokenStorage = $tokenStorage;
- if (is_null($encryptionUtil)) {
- $encryptionUtil = new Jwt;
- }
- $this->encryptionUtil = $encryptionUtil;
- }
-
- public function getAccessToken($oauth_token)
- {
- // just decode the token, don't verify
- if (!$tokenData = $this->encryptionUtil->decode($oauth_token, null, false)) {
- return false;
- }
-
- $client_id = isset($tokenData['aud']) ? $tokenData['aud'] : null;
- $public_key = $this->publicKeyStorage->getPublicKey($client_id);
- $algorithm = $this->publicKeyStorage->getEncryptionAlgorithm($client_id);
-
- // now that we have the client_id, verify the token
- if (false === $this->encryptionUtil->decode($oauth_token, $public_key, array($algorithm))) {
- return false;
- }
-
- // normalize the JWT claims to the format expected by other components in this library
- return $this->convertJwtToOAuth2($tokenData);
- }
-
- public function setAccessToken($oauth_token, $client_id, $user_id, $expires, $scope = null)
- {
- if ($this->tokenStorage) {
- return $this->tokenStorage->setAccessToken($oauth_token, $client_id, $user_id, $expires, $scope);
- }
- }
-
- public function unsetAccessToken($access_token)
- {
- if ($this->tokenStorage) {
- return $this->tokenStorage->unsetAccessToken($access_token);
- }
- }
-
-
- // converts a JWT access token into an OAuth2-friendly format
- protected function convertJwtToOAuth2($tokenData)
- {
- $keyMapping = array(
- 'aud' => 'client_id',
- 'exp' => 'expires',
- 'sub' => 'user_id'
- );
-
- foreach ($keyMapping as $jwtKey => $oauth2Key) {
- if (isset($tokenData[$jwtKey])) {
- $tokenData[$oauth2Key] = $tokenData[$jwtKey];
- unset($tokenData[$jwtKey]);
- }
- }
-
- return $tokenData;
- }
-}
diff --git a/library/oauth2/src/OAuth2/Storage/JwtAccessTokenInterface.php b/library/oauth2/src/OAuth2/Storage/JwtAccessTokenInterface.php
deleted file mode 100644
index 3abb2aa2d..000000000
--- a/library/oauth2/src/OAuth2/Storage/JwtAccessTokenInterface.php
+++ /dev/null
@@ -1,14 +0,0 @@
-<?php
-
-namespace OAuth2\Storage;
-
-/**
- * No specific methods, but allows the library to check "instanceof"
- * against interface rather than class
- *
- * @author Brent Shaffer <bshafs at gmail dot com>
- */
-interface JwtAccessTokenInterface extends AccessTokenInterface
-{
-
-}
diff --git a/library/oauth2/src/OAuth2/Storage/JwtBearerInterface.php b/library/oauth2/src/OAuth2/Storage/JwtBearerInterface.php
deleted file mode 100644
index c83aa72ea..000000000
--- a/library/oauth2/src/OAuth2/Storage/JwtBearerInterface.php
+++ /dev/null
@@ -1,74 +0,0 @@
-<?php
-
-namespace OAuth2\Storage;
-
-/**
- * Implement this interface to specify where the OAuth2 Server
- * should get the JWT key for clients
- *
- * @TODO consider extending ClientInterface, as this will almost always
- * be the same storage as retrieving clientData
- *
- * @author F21
- * @author Brent Shaffer <bshafs at gmail dot com>
- */
-interface JwtBearerInterface
-{
- /**
- * Get the public key associated with a client_id
- *
- * @param $client_id
- * Client identifier to be checked with.
- *
- * @return
- * STRING Return the public key for the client_id if it exists, and MUST return FALSE if it doesn't.
- */
- public function getClientKey($client_id, $subject);
-
- /**
- * Get a jti (JSON token identifier) by matching against the client_id, subject, audience and expiration.
- *
- * @param $client_id
- * Client identifier to match.
- *
- * @param $subject
- * The subject to match.
- *
- * @param $audience
- * The audience to match.
- *
- * @param $expiration
- * The expiration of the jti.
- *
- * @param $jti
- * The jti to match.
- *
- * @return
- * An associative array as below, and return NULL if the jti does not exist.
- * - issuer: Stored client identifier.
- * - subject: Stored subject.
- * - audience: Stored audience.
- * - expires: Stored expiration in unix timestamp.
- * - jti: The stored jti.
- */
- public function getJti($client_id, $subject, $audience, $expiration, $jti);
-
- /**
- * Store a used jti so that we can check against it to prevent replay attacks.
- * @param $client_id
- * Client identifier to insert.
- *
- * @param $subject
- * The subject to insert.
- *
- * @param $audience
- * The audience to insert.
- *
- * @param $expiration
- * The expiration of the jti.
- *
- * @param $jti
- * The jti to insert.
- */
- public function setJti($client_id, $subject, $audience, $expiration, $jti);
-}
diff --git a/library/oauth2/src/OAuth2/Storage/Memory.php b/library/oauth2/src/OAuth2/Storage/Memory.php
deleted file mode 100644
index 42d833ccb..000000000
--- a/library/oauth2/src/OAuth2/Storage/Memory.php
+++ /dev/null
@@ -1,381 +0,0 @@
-<?php
-
-namespace OAuth2\Storage;
-
-use OAuth2\OpenID\Storage\UserClaimsInterface;
-use OAuth2\OpenID\Storage\AuthorizationCodeInterface as OpenIDAuthorizationCodeInterface;
-
-/**
- * Simple in-memory storage for all storage types
- *
- * NOTE: This class should never be used in production, and is
- * a stub class for example use only
- *
- * @author Brent Shaffer <bshafs at gmail dot com>
- */
-class Memory implements AuthorizationCodeInterface,
- UserCredentialsInterface,
- UserClaimsInterface,
- AccessTokenInterface,
- ClientCredentialsInterface,
- RefreshTokenInterface,
- JwtBearerInterface,
- ScopeInterface,
- PublicKeyInterface,
- OpenIDAuthorizationCodeInterface
-{
- public $authorizationCodes;
- public $userCredentials;
- public $clientCredentials;
- public $refreshTokens;
- public $accessTokens;
- public $jwt;
- public $jti;
- public $supportedScopes;
- public $defaultScope;
- public $keys;
-
- public function __construct($params = array())
- {
- $params = array_merge(array(
- 'authorization_codes' => array(),
- 'user_credentials' => array(),
- 'client_credentials' => array(),
- 'refresh_tokens' => array(),
- 'access_tokens' => array(),
- 'jwt' => array(),
- 'jti' => array(),
- 'default_scope' => null,
- 'supported_scopes' => array(),
- 'keys' => array(),
- ), $params);
-
- $this->authorizationCodes = $params['authorization_codes'];
- $this->userCredentials = $params['user_credentials'];
- $this->clientCredentials = $params['client_credentials'];
- $this->refreshTokens = $params['refresh_tokens'];
- $this->accessTokens = $params['access_tokens'];
- $this->jwt = $params['jwt'];
- $this->jti = $params['jti'];
- $this->supportedScopes = $params['supported_scopes'];
- $this->defaultScope = $params['default_scope'];
- $this->keys = $params['keys'];
- }
-
- /* AuthorizationCodeInterface */
- public function getAuthorizationCode($code)
- {
- if (!isset($this->authorizationCodes[$code])) {
- return false;
- }
-
- return array_merge(array(
- 'authorization_code' => $code,
- ), $this->authorizationCodes[$code]);
- }
-
- public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
- {
- $this->authorizationCodes[$code] = compact('code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'scope', 'id_token');
-
- return true;
- }
-
- public function setAuthorizationCodes($authorization_codes)
- {
- $this->authorizationCodes = $authorization_codes;
- }
-
- public function expireAuthorizationCode($code)
- {
- unset($this->authorizationCodes[$code]);
- }
-
- /* UserCredentialsInterface */
- public function checkUserCredentials($username, $password)
- {
- $userDetails = $this->getUserDetails($username);
-
- return $userDetails && $userDetails['password'] && $userDetails['password'] === $password;
- }
-
- public function setUser($username, $password, $firstName = null, $lastName = null)
- {
- $this->userCredentials[$username] = array(
- 'password' => $password,
- 'first_name' => $firstName,
- 'last_name' => $lastName,
- );
-
- return true;
- }
-
- public function getUserDetails($username)
- {
- if (!isset($this->userCredentials[$username])) {
- return false;
- }
-
- return array_merge(array(
- 'user_id' => $username,
- 'password' => null,
- 'first_name' => null,
- 'last_name' => null,
- ), $this->userCredentials[$username]);
- }
-
- /* UserClaimsInterface */
- public function getUserClaims($user_id, $claims)
- {
- if (!$userDetails = $this->getUserDetails($user_id)) {
- return false;
- }
-
- $claims = explode(' ', trim($claims));
- $userClaims = array();
-
- // for each requested claim, if the user has the claim, set it in the response
- $validClaims = explode(' ', self::VALID_CLAIMS);
- foreach ($validClaims as $validClaim) {
- if (in_array($validClaim, $claims)) {
- if ($validClaim == 'address') {
- // address is an object with subfields
- $userClaims['address'] = $this->getUserClaim($validClaim, $userDetails['address'] ?: $userDetails);
- } else {
- $userClaims = array_merge($userClaims, $this->getUserClaim($validClaim, $userDetails));
- }
- }
- }
-
- return $userClaims;
- }
-
- protected function getUserClaim($claim, $userDetails)
- {
- $userClaims = array();
- $claimValuesString = constant(sprintf('self::%s_CLAIM_VALUES', strtoupper($claim)));
- $claimValues = explode(' ', $claimValuesString);
-
- foreach ($claimValues as $value) {
- $userClaims[$value] = isset($userDetails[$value]) ? $userDetails[$value] : null;
- }
-
- return $userClaims;
- }
-
- /* ClientCredentialsInterface */
- public function checkClientCredentials($client_id, $client_secret = null)
- {
- return isset($this->clientCredentials[$client_id]['client_secret']) && $this->clientCredentials[$client_id]['client_secret'] === $client_secret;
- }
-
- public function isPublicClient($client_id)
- {
- if (!isset($this->clientCredentials[$client_id])) {
- return false;
- }
-
- return empty($this->clientCredentials[$client_id]['client_secret']);
- }
-
- /* ClientInterface */
- public function getClientDetails($client_id)
- {
- if (!isset($this->clientCredentials[$client_id])) {
- return false;
- }
-
- $clientDetails = array_merge(array(
- 'client_id' => $client_id,
- 'client_secret' => null,
- 'redirect_uri' => null,
- 'scope' => null,
- ), $this->clientCredentials[$client_id]);
-
- return $clientDetails;
- }
-
- public function checkRestrictedGrantType($client_id, $grant_type)
- {
- if (isset($this->clientCredentials[$client_id]['grant_types'])) {
- $grant_types = explode(' ', $this->clientCredentials[$client_id]['grant_types']);
-
- return in_array($grant_type, $grant_types);
- }
-
- // if grant_types are not defined, then none are restricted
- return true;
- }
-
- public function setClientDetails($client_id, $client_secret = null, $redirect_uri = null, $grant_types = null, $scope = null, $user_id = null)
- {
- $this->clientCredentials[$client_id] = array(
- 'client_id' => $client_id,
- 'client_secret' => $client_secret,
- 'redirect_uri' => $redirect_uri,
- 'grant_types' => $grant_types,
- 'scope' => $scope,
- 'user_id' => $user_id,
- );
-
- return true;
- }
-
- /* RefreshTokenInterface */
- public function getRefreshToken($refresh_token)
- {
- return isset($this->refreshTokens[$refresh_token]) ? $this->refreshTokens[$refresh_token] : false;
- }
-
- public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = null)
- {
- $this->refreshTokens[$refresh_token] = compact('refresh_token', 'client_id', 'user_id', 'expires', 'scope');
-
- return true;
- }
-
- public function unsetRefreshToken($refresh_token)
- {
- if (isset($this->refreshTokens[$refresh_token])) {
- unset($this->refreshTokens[$refresh_token]);
-
- return true;
- }
-
- return false;
- }
-
- public function setRefreshTokens($refresh_tokens)
- {
- $this->refreshTokens = $refresh_tokens;
- }
-
- /* AccessTokenInterface */
- public function getAccessToken($access_token)
- {
- return isset($this->accessTokens[$access_token]) ? $this->accessTokens[$access_token] : false;
- }
-
- public function setAccessToken($access_token, $client_id, $user_id, $expires, $scope = null, $id_token = null)
- {
- $this->accessTokens[$access_token] = compact('access_token', 'client_id', 'user_id', 'expires', 'scope', 'id_token');
-
- return true;
- }
-
- public function unsetAccessToken($access_token)
- {
- if (isset($this->accessTokens[$access_token])) {
- unset($this->accessTokens[$access_token]);
-
- return true;
- }
-
- return false;
- }
-
- public function scopeExists($scope)
- {
- $scope = explode(' ', trim($scope));
-
- return (count(array_diff($scope, $this->supportedScopes)) == 0);
- }
-
- public function getDefaultScope($client_id = null)
- {
- return $this->defaultScope;
- }
-
- /*JWTBearerInterface */
- public function getClientKey($client_id, $subject)
- {
- if (isset($this->jwt[$client_id])) {
- $jwt = $this->jwt[$client_id];
- if ($jwt) {
- if ($jwt["subject"] == $subject) {
- return $jwt["key"];
- }
- }
- }
-
- return false;
- }
-
- public function getClientScope($client_id)
- {
- if (!$clientDetails = $this->getClientDetails($client_id)) {
- return false;
- }
-
- if (isset($clientDetails['scope'])) {
- return $clientDetails['scope'];
- }
-
- return null;
- }
-
- public function getJti($client_id, $subject, $audience, $expires, $jti)
- {
- foreach ($this->jti as $storedJti) {
- if ($storedJti['issuer'] == $client_id && $storedJti['subject'] == $subject && $storedJti['audience'] == $audience && $storedJti['expires'] == $expires && $storedJti['jti'] == $jti) {
- return array(
- 'issuer' => $storedJti['issuer'],
- 'subject' => $storedJti['subject'],
- 'audience' => $storedJti['audience'],
- 'expires' => $storedJti['expires'],
- 'jti' => $storedJti['jti']
- );
- }
- }
-
- return null;
- }
-
- public function setJti($client_id, $subject, $audience, $expires, $jti)
- {
- $this->jti[] = array('issuer' => $client_id, 'subject' => $subject, 'audience' => $audience, 'expires' => $expires, 'jti' => $jti);
- }
-
- /*PublicKeyInterface */
- public function getPublicKey($client_id = null)
- {
- if (isset($this->keys[$client_id])) {
- return $this->keys[$client_id]['public_key'];
- }
-
- // use a global encryption pair
- if (isset($this->keys['public_key'])) {
- return $this->keys['public_key'];
- }
-
- return false;
- }
-
- public function getPrivateKey($client_id = null)
- {
- if (isset($this->keys[$client_id])) {
- return $this->keys[$client_id]['private_key'];
- }
-
- // use a global encryption pair
- if (isset($this->keys['private_key'])) {
- return $this->keys['private_key'];
- }
-
- return false;
- }
-
- public function getEncryptionAlgorithm($client_id = null)
- {
- if (isset($this->keys[$client_id]['encryption_algorithm'])) {
- return $this->keys[$client_id]['encryption_algorithm'];
- }
-
- // use a global encryption algorithm
- if (isset($this->keys['encryption_algorithm'])) {
- return $this->keys['encryption_algorithm'];
- }
-
- return 'RS256';
- }
-}
diff --git a/library/oauth2/src/OAuth2/Storage/Mongo.php b/library/oauth2/src/OAuth2/Storage/Mongo.php
deleted file mode 100644
index cef35e5e9..000000000
--- a/library/oauth2/src/OAuth2/Storage/Mongo.php
+++ /dev/null
@@ -1,339 +0,0 @@
-<?php
-
-namespace OAuth2\Storage;
-
-use OAuth2\OpenID\Storage\AuthorizationCodeInterface as OpenIDAuthorizationCodeInterface;
-
-/**
- * Simple MongoDB storage for all storage types
- *
- * NOTE: This class is meant to get users started
- * quickly. If your application requires further
- * customization, extend this class or create your own.
- *
- * NOTE: Passwords are stored in plaintext, which is never
- * a good idea. Be sure to override this for your application
- *
- * @author Julien Chaumond <chaumond@gmail.com>
- */
-class Mongo implements AuthorizationCodeInterface,
- AccessTokenInterface,
- ClientCredentialsInterface,
- UserCredentialsInterface,
- RefreshTokenInterface,
- JwtBearerInterface,
- OpenIDAuthorizationCodeInterface
-{
- protected $db;
- protected $config;
-
- public function __construct($connection, $config = array())
- {
- if ($connection instanceof \MongoDB) {
- $this->db = $connection;
- } else {
- if (!is_array($connection)) {
- throw new \InvalidArgumentException('First argument to OAuth2\Storage\Mongo must be an instance of MongoDB or a configuration array');
- }
- $server = sprintf('mongodb://%s:%d', $connection['host'], $connection['port']);
- $m = new \MongoClient($server);
- $this->db = $m->{$connection['database']};
- }
-
- $this->config = array_merge(array(
- 'client_table' => 'oauth_clients',
- 'access_token_table' => 'oauth_access_tokens',
- 'refresh_token_table' => 'oauth_refresh_tokens',
- 'code_table' => 'oauth_authorization_codes',
- 'user_table' => 'oauth_users',
- 'jwt_table' => 'oauth_jwt',
- ), $config);
- }
-
- // Helper function to access a MongoDB collection by `type`:
- protected function collection($name)
- {
- return $this->db->{$this->config[$name]};
- }
-
- /* ClientCredentialsInterface */
- public function checkClientCredentials($client_id, $client_secret = null)
- {
- if ($result = $this->collection('client_table')->findOne(array('client_id' => $client_id))) {
- return $result['client_secret'] == $client_secret;
- }
-
- return false;
- }
-
- public function isPublicClient($client_id)
- {
- if (!$result = $this->collection('client_table')->findOne(array('client_id' => $client_id))) {
- return false;
- }
-
- return empty($result['client_secret']);
- }
-
- /* ClientInterface */
- public function getClientDetails($client_id)
- {
- $result = $this->collection('client_table')->findOne(array('client_id' => $client_id));
-
- return is_null($result) ? false : $result;
- }
-
- public function setClientDetails($client_id, $client_secret = null, $redirect_uri = null, $grant_types = null, $scope = null, $user_id = null)
- {
- if ($this->getClientDetails($client_id)) {
- $this->collection('client_table')->update(
- array('client_id' => $client_id),
- array('$set' => array(
- 'client_secret' => $client_secret,
- 'redirect_uri' => $redirect_uri,
- 'grant_types' => $grant_types,
- 'scope' => $scope,
- 'user_id' => $user_id,
- ))
- );
- } else {
- $client = array(
- 'client_id' => $client_id,
- 'client_secret' => $client_secret,
- 'redirect_uri' => $redirect_uri,
- 'grant_types' => $grant_types,
- 'scope' => $scope,
- 'user_id' => $user_id,
- );
- $this->collection('client_table')->insert($client);
- }
-
- return true;
- }
-
- public function checkRestrictedGrantType($client_id, $grant_type)
- {
- $details = $this->getClientDetails($client_id);
- if (isset($details['grant_types'])) {
- $grant_types = explode(' ', $details['grant_types']);
-
- return in_array($grant_type, $grant_types);
- }
-
- // if grant_types are not defined, then none are restricted
- return true;
- }
-
- /* AccessTokenInterface */
- public function getAccessToken($access_token)
- {
- $token = $this->collection('access_token_table')->findOne(array('access_token' => $access_token));
-
- return is_null($token) ? false : $token;
- }
-
- public function setAccessToken($access_token, $client_id, $user_id, $expires, $scope = null)
- {
- // if it exists, update it.
- if ($this->getAccessToken($access_token)) {
- $this->collection('access_token_table')->update(
- array('access_token' => $access_token),
- array('$set' => array(
- 'client_id' => $client_id,
- 'expires' => $expires,
- 'user_id' => $user_id,
- 'scope' => $scope
- ))
- );
- } else {
- $token = array(
- 'access_token' => $access_token,
- 'client_id' => $client_id,
- 'expires' => $expires,
- 'user_id' => $user_id,
- 'scope' => $scope
- );
- $this->collection('access_token_table')->insert($token);
- }
-
- return true;
- }
-
- public function unsetAccessToken($access_token)
- {
- $result = $this->collection('access_token_table')->remove(array(
- 'access_token' => $access_token
- ), array('w' => 1));
-
- return $result['n'] > 0;
- }
-
-
- /* AuthorizationCodeInterface */
- public function getAuthorizationCode($code)
- {
- $code = $this->collection('code_table')->findOne(array('authorization_code' => $code));
-
- return is_null($code) ? false : $code;
- }
-
- public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
- {
- // if it exists, update it.
- if ($this->getAuthorizationCode($code)) {
- $this->collection('code_table')->update(
- array('authorization_code' => $code),
- array('$set' => array(
- 'client_id' => $client_id,
- 'user_id' => $user_id,
- 'redirect_uri' => $redirect_uri,
- 'expires' => $expires,
- 'scope' => $scope,
- 'id_token' => $id_token,
- ))
- );
- } else {
- $token = array(
- 'authorization_code' => $code,
- 'client_id' => $client_id,
- 'user_id' => $user_id,
- 'redirect_uri' => $redirect_uri,
- 'expires' => $expires,
- 'scope' => $scope,
- 'id_token' => $id_token,
- );
- $this->collection('code_table')->insert($token);
- }
-
- return true;
- }
-
- public function expireAuthorizationCode($code)
- {
- $this->collection('code_table')->remove(array('authorization_code' => $code));
-
- return true;
- }
-
- /* UserCredentialsInterface */
- public function checkUserCredentials($username, $password)
- {
- if ($user = $this->getUser($username)) {
- return $this->checkPassword($user, $password);
- }
-
- return false;
- }
-
- public function getUserDetails($username)
- {
- if ($user = $this->getUser($username)) {
- $user['user_id'] = $user['username'];
- }
-
- return $user;
- }
-
- /* RefreshTokenInterface */
- public function getRefreshToken($refresh_token)
- {
- $token = $this->collection('refresh_token_table')->findOne(array('refresh_token' => $refresh_token));
-
- return is_null($token) ? false : $token;
- }
-
- public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = null)
- {
- $token = array(
- 'refresh_token' => $refresh_token,
- 'client_id' => $client_id,
- 'user_id' => $user_id,
- 'expires' => $expires,
- 'scope' => $scope
- );
- $this->collection('refresh_token_table')->insert($token);
-
- return true;
- }
-
- public function unsetRefreshToken($refresh_token)
- {
- $result = $this->collection('refresh_token_table')->remove(array(
- 'refresh_token' => $refresh_token
- ), array('w' => 1));
-
- return $result['n'] > 0;
- }
-
- // plaintext passwords are bad! Override this for your application
- protected function checkPassword($user, $password)
- {
- return $user['password'] == $password;
- }
-
- public function getUser($username)
- {
- $result = $this->collection('user_table')->findOne(array('username' => $username));
-
- return is_null($result) ? false : $result;
- }
-
- public function setUser($username, $password, $firstName = null, $lastName = null)
- {
- if ($this->getUser($username)) {
- $this->collection('user_table')->update(
- array('username' => $username),
- array('$set' => array(
- 'password' => $password,
- 'first_name' => $firstName,
- 'last_name' => $lastName
- ))
- );
- } else {
- $user = array(
- 'username' => $username,
- 'password' => $password,
- 'first_name' => $firstName,
- 'last_name' => $lastName
- );
- $this->collection('user_table')->insert($user);
- }
-
- return true;
- }
-
- public function getClientKey($client_id, $subject)
- {
- $result = $this->collection('jwt_table')->findOne(array(
- 'client_id' => $client_id,
- 'subject' => $subject
- ));
-
- return is_null($result) ? false : $result['key'];
- }
-
- public function getClientScope($client_id)
- {
- if (!$clientDetails = $this->getClientDetails($client_id)) {
- return false;
- }
-
- if (isset($clientDetails['scope'])) {
- return $clientDetails['scope'];
- }
-
- return null;
- }
-
- public function getJti($client_id, $subject, $audience, $expiration, $jti)
- {
- //TODO: Needs mongodb implementation.
- throw new \Exception('getJti() for the MongoDB driver is currently unimplemented.');
- }
-
- public function setJti($client_id, $subject, $audience, $expiration, $jti)
- {
- //TODO: Needs mongodb implementation.
- throw new \Exception('setJti() for the MongoDB driver is currently unimplemented.');
- }
-}
diff --git a/library/oauth2/src/OAuth2/Storage/Pdo.php b/library/oauth2/src/OAuth2/Storage/Pdo.php
deleted file mode 100644
index ae5107e29..000000000
--- a/library/oauth2/src/OAuth2/Storage/Pdo.php
+++ /dev/null
@@ -1,553 +0,0 @@
-<?php
-
-namespace OAuth2\Storage;
-
-use OAuth2\OpenID\Storage\UserClaimsInterface;
-use OAuth2\OpenID\Storage\AuthorizationCodeInterface as OpenIDAuthorizationCodeInterface;
-
-/**
- * Simple PDO storage for all storage types
- *
- * NOTE: This class is meant to get users started
- * quickly. If your application requires further
- * customization, extend this class or create your own.
- *
- * NOTE: Passwords are stored in plaintext, which is never
- * a good idea. Be sure to override this for your application
- *
- * @author Brent Shaffer <bshafs at gmail dot com>
- */
-class Pdo implements
- AuthorizationCodeInterface,
- AccessTokenInterface,
- ClientCredentialsInterface,
- UserCredentialsInterface,
- RefreshTokenInterface,
- JwtBearerInterface,
- ScopeInterface,
- PublicKeyInterface,
- UserClaimsInterface,
- OpenIDAuthorizationCodeInterface
-{
- protected $db;
- protected $config;
-
- public function __construct($connection, $config = array())
- {
- if (!$connection instanceof \PDO) {
- if (is_string($connection)) {
- $connection = array('dsn' => $connection);
- }
- if (!is_array($connection)) {
- throw new \InvalidArgumentException('First argument to OAuth2\Storage\Pdo must be an instance of PDO, a DSN string, or a configuration array');
- }
- if (!isset($connection['dsn'])) {
- throw new \InvalidArgumentException('configuration array must contain "dsn"');
- }
- // merge optional parameters
- $connection = array_merge(array(
- 'username' => null,
- 'password' => null,
- 'options' => array(),
- ), $connection);
- $connection = new \PDO($connection['dsn'], $connection['username'], $connection['password'], $connection['options']);
- }
- $this->db = $connection;
-
- // debugging
- $connection->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION);
-
- $this->config = array_merge(array(
- 'client_table' => 'oauth_clients',
- 'access_token_table' => 'oauth_access_tokens',
- 'refresh_token_table' => 'oauth_refresh_tokens',
- 'code_table' => 'oauth_authorization_codes',
- 'user_table' => 'oauth_users',
- 'jwt_table' => 'oauth_jwt',
- 'jti_table' => 'oauth_jti',
- 'scope_table' => 'oauth_scopes',
- 'public_key_table' => 'oauth_public_keys',
- ), $config);
- }
-
- /* OAuth2\Storage\ClientCredentialsInterface */
- public function checkClientCredentials($client_id, $client_secret = null)
- {
- $stmt = $this->db->prepare(sprintf('SELECT * from %s where client_id = :client_id', $this->config['client_table']));
- $stmt->execute(compact('client_id'));
- $result = $stmt->fetch(\PDO::FETCH_ASSOC);
-
- // make this extensible
- return $result && $result['client_secret'] == $client_secret;
- }
-
- public function isPublicClient($client_id)
- {
- $stmt = $this->db->prepare(sprintf('SELECT * from %s where client_id = :client_id', $this->config['client_table']));
- $stmt->execute(compact('client_id'));
-
- if (!$result = $stmt->fetch(\PDO::FETCH_ASSOC)) {
- return false;
- }
-
- return empty($result['client_secret']);
- }
-
- /* OAuth2\Storage\ClientInterface */
- public function getClientDetails($client_id)
- {
- $stmt = $this->db->prepare(sprintf('SELECT * from %s where client_id = :client_id', $this->config['client_table']));
- $stmt->execute(compact('client_id'));
-
- return $stmt->fetch(\PDO::FETCH_ASSOC);
- }
-
- public function setClientDetails($client_id, $client_secret = null, $redirect_uri = null, $grant_types = null, $scope = null, $user_id = null)
- {
- // if it exists, update it.
- if ($this->getClientDetails($client_id)) {
- $stmt = $this->db->prepare($sql = sprintf('UPDATE %s SET client_secret=:client_secret, redirect_uri=:redirect_uri, grant_types=:grant_types, scope=:scope, user_id=:user_id where client_id=:client_id', $this->config['client_table']));
- } else {
- $stmt = $this->db->prepare(sprintf('INSERT INTO %s (client_id, client_secret, redirect_uri, grant_types, scope, user_id) VALUES (:client_id, :client_secret, :redirect_uri, :grant_types, :scope, :user_id)', $this->config['client_table']));
- }
-
- return $stmt->execute(compact('client_id', 'client_secret', 'redirect_uri', 'grant_types', 'scope', 'user_id'));
- }
-
- public function checkRestrictedGrantType($client_id, $grant_type)
- {
- $details = $this->getClientDetails($client_id);
- if (isset($details['grant_types'])) {
- $grant_types = explode(' ', $details['grant_types']);
-
- return in_array($grant_type, (array) $grant_types);
- }
-
- // if grant_types are not defined, then none are restricted
- return true;
- }
-
- /* OAuth2\Storage\AccessTokenInterface */
- public function getAccessToken($access_token)
- {
- $stmt = $this->db->prepare(sprintf('SELECT * from %s where access_token = :access_token', $this->config['access_token_table']));
-
- $token = $stmt->execute(compact('access_token'));
- if ($token = $stmt->fetch(\PDO::FETCH_ASSOC)) {
- // convert date string back to timestamp
- $token['expires'] = strtotime($token['expires']);
- }
-
- return $token;
- }
-
- public function setAccessToken($access_token, $client_id, $user_id, $expires, $scope = null)
- {
- // convert expires to datestring
- $expires = date('Y-m-d H:i:s', $expires);
-
- // if it exists, update it.
- if ($this->getAccessToken($access_token)) {
- $stmt = $this->db->prepare(sprintf('UPDATE %s SET client_id=:client_id, expires=:expires, user_id=:user_id, scope=:scope where access_token=:access_token', $this->config['access_token_table']));
- } else {
- $stmt = $this->db->prepare(sprintf('INSERT INTO %s (access_token, client_id, expires, user_id, scope) VALUES (:access_token, :client_id, :expires, :user_id, :scope)', $this->config['access_token_table']));
- }
-
- return $stmt->execute(compact('access_token', 'client_id', 'user_id', 'expires', 'scope'));
- }
-
- public function unsetAccessToken($access_token)
- {
- $stmt = $this->db->prepare(sprintf('DELETE FROM %s WHERE access_token = :access_token', $this->config['access_token_table']));
-
- $stmt->execute(compact('access_token'));
-
- return $stmt->rowCount() > 0;
- }
-
- /* OAuth2\Storage\AuthorizationCodeInterface */
- public function getAuthorizationCode($code)
- {
- $stmt = $this->db->prepare(sprintf('SELECT * from %s where authorization_code = :code', $this->config['code_table']));
- $stmt->execute(compact('code'));
-
- if ($code = $stmt->fetch(\PDO::FETCH_ASSOC)) {
- // convert date string back to timestamp
- $code['expires'] = strtotime($code['expires']);
- }
-
- return $code;
- }
-
- public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
- {
- if (func_num_args() > 6) {
- // we are calling with an id token
- return call_user_func_array(array($this, 'setAuthorizationCodeWithIdToken'), func_get_args());
- }
-
- // convert expires to datestring
- $expires = date('Y-m-d H:i:s', $expires);
-
- // if it exists, update it.
- if ($this->getAuthorizationCode($code)) {
- $stmt = $this->db->prepare($sql = sprintf('UPDATE %s SET client_id=:client_id, user_id=:user_id, redirect_uri=:redirect_uri, expires=:expires, scope=:scope where authorization_code=:code', $this->config['code_table']));
- } else {
- $stmt = $this->db->prepare(sprintf('INSERT INTO %s (authorization_code, client_id, user_id, redirect_uri, expires, scope) VALUES (:code, :client_id, :user_id, :redirect_uri, :expires, :scope)', $this->config['code_table']));
- }
-
- return $stmt->execute(compact('code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'scope'));
- }
-
- private function setAuthorizationCodeWithIdToken($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
- {
- // convert expires to datestring
- $expires = date('Y-m-d H:i:s', $expires);
-
- // if it exists, update it.
- if ($this->getAuthorizationCode($code)) {
- $stmt = $this->db->prepare($sql = sprintf('UPDATE %s SET client_id=:client_id, user_id=:user_id, redirect_uri=:redirect_uri, expires=:expires, scope=:scope, id_token =:id_token where authorization_code=:code', $this->config['code_table']));
- } else {
- $stmt = $this->db->prepare(sprintf('INSERT INTO %s (authorization_code, client_id, user_id, redirect_uri, expires, scope, id_token) VALUES (:code, :client_id, :user_id, :redirect_uri, :expires, :scope, :id_token)', $this->config['code_table']));
- }
-
- return $stmt->execute(compact('code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'scope', 'id_token'));
- }
-
- public function expireAuthorizationCode($code)
- {
- $stmt = $this->db->prepare(sprintf('DELETE FROM %s WHERE authorization_code = :code', $this->config['code_table']));
-
- return $stmt->execute(compact('code'));
- }
-
- /* OAuth2\Storage\UserCredentialsInterface */
- public function checkUserCredentials($username, $password)
- {
- if ($user = $this->getUser($username)) {
- return $this->checkPassword($user, $password);
- }
-
- return false;
- }
-
- public function getUserDetails($username)
- {
- return $this->getUser($username);
- }
-
- /* UserClaimsInterface */
- public function getUserClaims($user_id, $claims)
- {
- if (!$userDetails = $this->getUserDetails($user_id)) {
- return false;
- }
-
- $claims = explode(' ', trim($claims));
- $userClaims = array();
-
- // for each requested claim, if the user has the claim, set it in the response
- $validClaims = explode(' ', self::VALID_CLAIMS);
- foreach ($validClaims as $validClaim) {
- if (in_array($validClaim, $claims)) {
- if ($validClaim == 'address') {
- // address is an object with subfields
- $userClaims['address'] = $this->getUserClaim($validClaim, $userDetails['address'] ?: $userDetails);
- } else {
- $userClaims = array_merge($userClaims, $this->getUserClaim($validClaim, $userDetails));
- }
- }
- }
-
- return $userClaims;
- }
-
- protected function getUserClaim($claim, $userDetails)
- {
- $userClaims = array();
- $claimValuesString = constant(sprintf('self::%s_CLAIM_VALUES', strtoupper($claim)));
- $claimValues = explode(' ', $claimValuesString);
-
- foreach ($claimValues as $value) {
- $userClaims[$value] = isset($userDetails[$value]) ? $userDetails[$value] : null;
- }
-
- return $userClaims;
- }
-
- /* OAuth2\Storage\RefreshTokenInterface */
- public function getRefreshToken($refresh_token)
- {
- $stmt = $this->db->prepare(sprintf('SELECT * FROM %s WHERE refresh_token = :refresh_token', $this->config['refresh_token_table']));
-
- $token = $stmt->execute(compact('refresh_token'));
- if ($token = $stmt->fetch(\PDO::FETCH_ASSOC)) {
- // convert expires to epoch time
- $token['expires'] = strtotime($token['expires']);
- }
-
- return $token;
- }
-
- public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = null)
- {
- // convert expires to datestring
- $expires = date('Y-m-d H:i:s', $expires);
-
- $stmt = $this->db->prepare(sprintf('INSERT INTO %s (refresh_token, client_id, user_id, expires, scope) VALUES (:refresh_token, :client_id, :user_id, :expires, :scope)', $this->config['refresh_token_table']));
-
- return $stmt->execute(compact('refresh_token', 'client_id', 'user_id', 'expires', 'scope'));
- }
-
- public function unsetRefreshToken($refresh_token)
- {
- $stmt = $this->db->prepare(sprintf('DELETE FROM %s WHERE refresh_token = :refresh_token', $this->config['refresh_token_table']));
-
- $stmt->execute(compact('refresh_token'));
-
- return $stmt->rowCount() > 0;
- }
-
- // plaintext passwords are bad! Override this for your application
- protected function checkPassword($user, $password)
- {
- return $user['password'] == $this->hashPassword($password);
- }
-
- // use a secure hashing algorithm when storing passwords. Override this for your application
- protected function hashPassword($password)
- {
- return sha1($password);
- }
-
- public function getUser($username)
- {
- $stmt = $this->db->prepare($sql = sprintf('SELECT * from %s where username=:username', $this->config['user_table']));
- $stmt->execute(array('username' => $username));
-
- if (!$userInfo = $stmt->fetch(\PDO::FETCH_ASSOC)) {
- return false;
- }
-
- // the default behavior is to use "username" as the user_id
- return array_merge(array(
- 'user_id' => $username
- ), $userInfo);
- }
-
- public function setUser($username, $password, $firstName = null, $lastName = null)
- {
- // do not store in plaintext
- $password = $this->hashPassword($password);
-
- // if it exists, update it.
- if ($this->getUser($username)) {
- $stmt = $this->db->prepare($sql = sprintf('UPDATE %s SET password=:password, first_name=:firstName, last_name=:lastName where username=:username', $this->config['user_table']));
- } else {
- $stmt = $this->db->prepare(sprintf('INSERT INTO %s (username, password, first_name, last_name) VALUES (:username, :password, :firstName, :lastName)', $this->config['user_table']));
- }
-
- return $stmt->execute(compact('username', 'password', 'firstName', 'lastName'));
- }
-
- /* ScopeInterface */
- public function scopeExists($scope)
- {
- $scope = explode(' ', $scope);
- $whereIn = implode(',', array_fill(0, count($scope), '?'));
- $stmt = $this->db->prepare(sprintf('SELECT count(scope) as count FROM %s WHERE scope IN (%s)', $this->config['scope_table'], $whereIn));
- $stmt->execute($scope);
-
- if ($result = $stmt->fetch(\PDO::FETCH_ASSOC)) {
- return $result['count'] == count($scope);
- }
-
- return false;
- }
-
- public function getDefaultScope($client_id = null)
- {
- $stmt = $this->db->prepare(sprintf('SELECT scope FROM %s WHERE is_default=:is_default', $this->config['scope_table']));
- $stmt->execute(array('is_default' => true));
-
- if ($result = $stmt->fetchAll(\PDO::FETCH_ASSOC)) {
- $defaultScope = array_map(function ($row) {
- return $row['scope'];
- }, $result);
-
- return implode(' ', $defaultScope);
- }
-
- return null;
- }
-
- /* JWTBearerInterface */
- public function getClientKey($client_id, $subject)
- {
- $stmt = $this->db->prepare($sql = sprintf('SELECT public_key from %s where client_id=:client_id AND subject=:subject', $this->config['jwt_table']));
-
- $stmt->execute(array('client_id' => $client_id, 'subject' => $subject));
-
- return $stmt->fetchColumn();
- }
-
- public function getClientScope($client_id)
- {
- if (!$clientDetails = $this->getClientDetails($client_id)) {
- return false;
- }
-
- if (isset($clientDetails['scope'])) {
- return $clientDetails['scope'];
- }
-
- return null;
- }
-
- public function getJti($client_id, $subject, $audience, $expires, $jti)
- {
- $stmt = $this->db->prepare($sql = sprintf('SELECT * FROM %s WHERE issuer=:client_id AND subject=:subject AND audience=:audience AND expires=:expires AND jti=:jti', $this->config['jti_table']));
-
- $stmt->execute(compact('client_id', 'subject', 'audience', 'expires', 'jti'));
-
- if ($result = $stmt->fetch(\PDO::FETCH_ASSOC)) {
- return array(
- 'issuer' => $result['issuer'],
- 'subject' => $result['subject'],
- 'audience' => $result['audience'],
- 'expires' => $result['expires'],
- 'jti' => $result['jti'],
- );
- }
-
- return null;
- }
-
- public function setJti($client_id, $subject, $audience, $expires, $jti)
- {
- $stmt = $this->db->prepare(sprintf('INSERT INTO %s (issuer, subject, audience, expires, jti) VALUES (:client_id, :subject, :audience, :expires, :jti)', $this->config['jti_table']));
-
- return $stmt->execute(compact('client_id', 'subject', 'audience', 'expires', 'jti'));
- }
-
- /* PublicKeyInterface */
- public function getPublicKey($client_id = null)
- {
- $stmt = $this->db->prepare($sql = sprintf('SELECT public_key FROM %s WHERE client_id=:client_id OR client_id IS NULL ORDER BY client_id IS NOT NULL DESC', $this->config['public_key_table']));
-
- $stmt->execute(compact('client_id'));
- if ($result = $stmt->fetch(\PDO::FETCH_ASSOC)) {
- return $result['public_key'];
- }
- }
-
- public function getPrivateKey($client_id = null)
- {
- $stmt = $this->db->prepare($sql = sprintf('SELECT private_key FROM %s WHERE client_id=:client_id OR client_id IS NULL ORDER BY client_id IS NOT NULL DESC', $this->config['public_key_table']));
-
- $stmt->execute(compact('client_id'));
- if ($result = $stmt->fetch(\PDO::FETCH_ASSOC)) {
- return $result['private_key'];
- }
- }
-
- public function getEncryptionAlgorithm($client_id = null)
- {
- $stmt = $this->db->prepare($sql = sprintf('SELECT encryption_algorithm FROM %s WHERE client_id=:client_id OR client_id IS NULL ORDER BY client_id IS NOT NULL DESC', $this->config['public_key_table']));
-
- $stmt->execute(compact('client_id'));
- if ($result = $stmt->fetch(\PDO::FETCH_ASSOC)) {
- return $result['encryption_algorithm'];
- }
-
- return 'RS256';
- }
-
- /**
- * DDL to create OAuth2 database and tables for PDO storage
- *
- * @see https://github.com/dsquier/oauth2-server-php-mysql
- */
- public function getBuildSql($dbName = 'oauth2_server_php')
- {
- $sql = "
- CREATE TABLE {$this->config['client_table']} (
- client_id VARCHAR(80) NOT NULL,
- client_secret VARCHAR(80),
- redirect_uri VARCHAR(2000),
- grant_types VARCHAR(80),
- scope VARCHAR(4000),
- user_id VARCHAR(80),
- PRIMARY KEY (client_id)
- );
-
- CREATE TABLE {$this->config['access_token_table']} (
- access_token VARCHAR(40) NOT NULL,
- client_id VARCHAR(80) NOT NULL,
- user_id VARCHAR(80),
- expires TIMESTAMP NOT NULL,
- scope VARCHAR(4000),
- PRIMARY KEY (access_token)
- );
-
- CREATE TABLE {$this->config['code_table']} (
- authorization_code VARCHAR(40) NOT NULL,
- client_id VARCHAR(80) NOT NULL,
- user_id VARCHAR(80),
- redirect_uri VARCHAR(2000),
- expires TIMESTAMP NOT NULL,
- scope VARCHAR(4000),
- id_token VARCHAR(1000),
- PRIMARY KEY (authorization_code)
- );
-
- CREATE TABLE {$this->config['refresh_token_table']} (
- refresh_token VARCHAR(40) NOT NULL,
- client_id VARCHAR(80) NOT NULL,
- user_id VARCHAR(80),
- expires TIMESTAMP NOT NULL,
- scope VARCHAR(4000),
- PRIMARY KEY (refresh_token)
- );
-
- CREATE TABLE {$this->config['user_table']} (
- username VARCHAR(80),
- password VARCHAR(80),
- first_name VARCHAR(80),
- last_name VARCHAR(80),
- email VARCHAR(80),
- email_verified BOOLEAN,
- scope VARCHAR(4000)
- );
-
- CREATE TABLE {$this->config['scope_table']} (
- scope VARCHAR(80) NOT NULL,
- is_default BOOLEAN,
- PRIMARY KEY (scope)
- );
-
- CREATE TABLE {$this->config['jwt_table']} (
- client_id VARCHAR(80) NOT NULL,
- subject VARCHAR(80),
- public_key VARCHAR(2000) NOT NULL
- );
-
- CREATE TABLE {$this->config['jti_table']} (
- issuer VARCHAR(80) NOT NULL,
- subject VARCHAR(80),
- audience VARCHAR(80),
- expires TIMESTAMP NOT NULL,
- jti VARCHAR(2000) NOT NULL
- );
-
- CREATE TABLE {$this->config['public_key_table']} (
- client_id VARCHAR(80),
- public_key VARCHAR(2000),
- private_key VARCHAR(2000),
- encryption_algorithm VARCHAR(100) DEFAULT 'RS256'
- )
-";
-
- return $sql;
- }
-}
diff --git a/library/oauth2/src/OAuth2/Storage/PublicKeyInterface.php b/library/oauth2/src/OAuth2/Storage/PublicKeyInterface.php
deleted file mode 100644
index 108418d3a..000000000
--- a/library/oauth2/src/OAuth2/Storage/PublicKeyInterface.php
+++ /dev/null
@@ -1,16 +0,0 @@
-<?php
-
-namespace OAuth2\Storage;
-
-/**
- * Implement this interface to specify where the OAuth2 Server
- * should get public/private key information
- *
- * @author Brent Shaffer <bshafs at gmail dot com>
- */
-interface PublicKeyInterface
-{
- public function getPublicKey($client_id = null);
- public function getPrivateKey($client_id = null);
- public function getEncryptionAlgorithm($client_id = null);
-}
diff --git a/library/oauth2/src/OAuth2/Storage/Redis.php b/library/oauth2/src/OAuth2/Storage/Redis.php
deleted file mode 100644
index e6294e22d..000000000
--- a/library/oauth2/src/OAuth2/Storage/Redis.php
+++ /dev/null
@@ -1,321 +0,0 @@
-<?php
-
-namespace OAuth2\Storage;
-
-use OAuth2\OpenID\Storage\AuthorizationCodeInterface as OpenIDAuthorizationCodeInterface;
-
-/**
- * redis storage for all storage types
- *
- * To use, install "predis/predis" via composer
- *
- * Register client:
- * <code>
- * $storage = new OAuth2\Storage\Redis($redis);
- * $storage->setClientDetails($client_id, $client_secret, $redirect_uri);
- * </code>
- */
-class Redis implements AuthorizationCodeInterface,
- AccessTokenInterface,
- ClientCredentialsInterface,
- UserCredentialsInterface,
- RefreshTokenInterface,
- JwtBearerInterface,
- ScopeInterface,
- OpenIDAuthorizationCodeInterface
-{
-
- private $cache;
-
- /* The redis client */
- protected $redis;
-
- /* Configuration array */
- protected $config;
-
- /**
- * Redis Storage!
- *
- * @param \Predis\Client $redis
- * @param array $config
- */
- public function __construct($redis, $config=array())
- {
- $this->redis = $redis;
- $this->config = array_merge(array(
- 'client_key' => 'oauth_clients:',
- 'access_token_key' => 'oauth_access_tokens:',
- 'refresh_token_key' => 'oauth_refresh_tokens:',
- 'code_key' => 'oauth_authorization_codes:',
- 'user_key' => 'oauth_users:',
- 'jwt_key' => 'oauth_jwt:',
- 'scope_key' => 'oauth_scopes:',
- ), $config);
- }
-
- protected function getValue($key)
- {
- if ( isset($this->cache[$key]) ) {
- return $this->cache[$key];
- }
- $value = $this->redis->get($key);
- if ( isset($value) ) {
- return json_decode($value, true);
- } else {
- return false;
- }
- }
-
- protected function setValue($key, $value, $expire=0)
- {
- $this->cache[$key] = $value;
- $str = json_encode($value);
- if ($expire > 0) {
- $seconds = $expire - time();
- $ret = $this->redis->setex($key, $seconds, $str);
- } else {
- $ret = $this->redis->set($key, $str);
- }
-
- // check that the key was set properly
- // if this fails, an exception will usually thrown, so this step isn't strictly necessary
- return is_bool($ret) ? $ret : $ret->getPayload() == 'OK';
- }
-
- protected function expireValue($key)
- {
- unset($this->cache[$key]);
-
- return $this->redis->del($key);
- }
-
- /* AuthorizationCodeInterface */
- public function getAuthorizationCode($code)
- {
- return $this->getValue($this->config['code_key'] . $code);
- }
-
- public function setAuthorizationCode($authorization_code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
- {
- return $this->setValue(
- $this->config['code_key'] . $authorization_code,
- compact('authorization_code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'scope', 'id_token'),
- $expires
- );
- }
-
- public function expireAuthorizationCode($code)
- {
- $key = $this->config['code_key'] . $code;
- unset($this->cache[$key]);
-
- return $this->expireValue($key);
- }
-
- /* UserCredentialsInterface */
- public function checkUserCredentials($username, $password)
- {
- $user = $this->getUserDetails($username);
-
- return $user && $user['password'] === $password;
- }
-
- public function getUserDetails($username)
- {
- return $this->getUser($username);
- }
-
- public function getUser($username)
- {
- if (!$userInfo = $this->getValue($this->config['user_key'] . $username)) {
- return false;
- }
-
- // the default behavior is to use "username" as the user_id
- return array_merge(array(
- 'user_id' => $username,
- ), $userInfo);
- }
-
- public function setUser($username, $password, $first_name = null, $last_name = null)
- {
- return $this->setValue(
- $this->config['user_key'] . $username,
- compact('username', 'password', 'first_name', 'last_name')
- );
- }
-
- /* ClientCredentialsInterface */
- public function checkClientCredentials($client_id, $client_secret = null)
- {
- if (!$client = $this->getClientDetails($client_id)) {
- return false;
- }
-
- return isset($client['client_secret'])
- && $client['client_secret'] == $client_secret;
- }
-
- public function isPublicClient($client_id)
- {
- if (!$client = $this->getClientDetails($client_id)) {
- return false;
- }
-
- return empty($client['client_secret']);
- }
-
- /* ClientInterface */
- public function getClientDetails($client_id)
- {
- return $this->getValue($this->config['client_key'] . $client_id);
- }
-
- public function setClientDetails($client_id, $client_secret = null, $redirect_uri = null, $grant_types = null, $scope = null, $user_id = null)
- {
- return $this->setValue(
- $this->config['client_key'] . $client_id,
- compact('client_id', 'client_secret', 'redirect_uri', 'grant_types', 'scope', 'user_id')
- );
- }
-
- public function checkRestrictedGrantType($client_id, $grant_type)
- {
- $details = $this->getClientDetails($client_id);
- if (isset($details['grant_types'])) {
- $grant_types = explode(' ', $details['grant_types']);
-
- return in_array($grant_type, (array) $grant_types);
- }
-
- // if grant_types are not defined, then none are restricted
- return true;
- }
-
- /* RefreshTokenInterface */
- public function getRefreshToken($refresh_token)
- {
- return $this->getValue($this->config['refresh_token_key'] . $refresh_token);
- }
-
- public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = null)
- {
- return $this->setValue(
- $this->config['refresh_token_key'] . $refresh_token,
- compact('refresh_token', 'client_id', 'user_id', 'expires', 'scope'),
- $expires
- );
- }
-
- public function unsetRefreshToken($refresh_token)
- {
- $result = $this->expireValue($this->config['refresh_token_key'] . $refresh_token);
-
- return $result > 0;
- }
-
- /* AccessTokenInterface */
- public function getAccessToken($access_token)
- {
- return $this->getValue($this->config['access_token_key'].$access_token);
- }
-
- public function setAccessToken($access_token, $client_id, $user_id, $expires, $scope = null)
- {
- return $this->setValue(
- $this->config['access_token_key'].$access_token,
- compact('access_token', 'client_id', 'user_id', 'expires', 'scope'),
- $expires
- );
- }
-
- public function unsetAccessToken($access_token)
- {
- $result = $this->expireValue($this->config['access_token_key'] . $access_token);
-
- return $result > 0;
- }
-
- /* ScopeInterface */
- public function scopeExists($scope)
- {
- $scope = explode(' ', $scope);
-
- $result = $this->getValue($this->config['scope_key'].'supported:global');
-
- $supportedScope = explode(' ', (string) $result);
-
- return (count(array_diff($scope, $supportedScope)) == 0);
- }
-
- public function getDefaultScope($client_id = null)
- {
- if (is_null($client_id) || !$result = $this->getValue($this->config['scope_key'].'default:'.$client_id)) {
- $result = $this->getValue($this->config['scope_key'].'default:global');
- }
-
- return $result;
- }
-
- public function setScope($scope, $client_id = null, $type = 'supported')
- {
- if (!in_array($type, array('default', 'supported'))) {
- throw new \InvalidArgumentException('"$type" must be one of "default", "supported"');
- }
-
- if (is_null($client_id)) {
- $key = $this->config['scope_key'].$type.':global';
- } else {
- $key = $this->config['scope_key'].$type.':'.$client_id;
- }
-
- return $this->setValue($key, $scope);
- }
-
- /*JWTBearerInterface */
- public function getClientKey($client_id, $subject)
- {
- if (!$jwt = $this->getValue($this->config['jwt_key'] . $client_id)) {
- return false;
- }
-
- if (isset($jwt['subject']) && $jwt['subject'] == $subject) {
- return $jwt['key'];
- }
-
- return null;
- }
-
- public function setClientKey($client_id, $key, $subject = null)
- {
- return $this->setValue($this->config['jwt_key'] . $client_id, array(
- 'key' => $key,
- 'subject' => $subject
- ));
- }
-
- public function getClientScope($client_id)
- {
- if (!$clientDetails = $this->getClientDetails($client_id)) {
- return false;
- }
-
- if (isset($clientDetails['scope'])) {
- return $clientDetails['scope'];
- }
-
- return null;
- }
-
- public function getJti($client_id, $subject, $audience, $expiration, $jti)
- {
- //TODO: Needs redis implementation.
- throw new \Exception('getJti() for the Redis driver is currently unimplemented.');
- }
-
- public function setJti($client_id, $subject, $audience, $expiration, $jti)
- {
- //TODO: Needs redis implementation.
- throw new \Exception('setJti() for the Redis driver is currently unimplemented.');
- }
-}
diff --git a/library/oauth2/src/OAuth2/Storage/RefreshTokenInterface.php b/library/oauth2/src/OAuth2/Storage/RefreshTokenInterface.php
deleted file mode 100644
index 0273f2125..000000000
--- a/library/oauth2/src/OAuth2/Storage/RefreshTokenInterface.php
+++ /dev/null
@@ -1,82 +0,0 @@
-<?php
-
-namespace OAuth2\Storage;
-
-/**
- * Implement this interface to specify where the OAuth2 Server
- * should get/save refresh tokens for the "Refresh Token"
- * grant type
- *
- * @author Brent Shaffer <bshafs at gmail dot com>
- */
-interface RefreshTokenInterface
-{
- /**
- * Grant refresh access tokens.
- *
- * Retrieve the stored data for the given refresh token.
- *
- * Required for OAuth2::GRANT_TYPE_REFRESH_TOKEN.
- *
- * @param $refresh_token
- * Refresh token to be check with.
- *
- * @return
- * An associative array as below, and NULL if the refresh_token is
- * invalid:
- * - refresh_token: Refresh token identifier.
- * - client_id: Client identifier.
- * - user_id: User identifier.
- * - expires: Expiration unix timestamp, or 0 if the token doesn't expire.
- * - scope: (optional) Scope values in space-separated string.
- *
- * @see http://tools.ietf.org/html/rfc6749#section-6
- *
- * @ingroup oauth2_section_6
- */
- public function getRefreshToken($refresh_token);
-
- /**
- * Take the provided refresh token values and store them somewhere.
- *
- * This function should be the storage counterpart to getRefreshToken().
- *
- * If storage fails for some reason, we're not currently checking for
- * any sort of success/failure, so you should bail out of the script
- * and provide a descriptive fail message.
- *
- * Required for OAuth2::GRANT_TYPE_REFRESH_TOKEN.
- *
- * @param $refresh_token
- * Refresh token to be stored.
- * @param $client_id
- * Client identifier to be stored.
- * @param $user_id
- * User identifier to be stored.
- * @param $expires
- * Expiration timestamp to be stored. 0 if the token doesn't expire.
- * @param $scope
- * (optional) Scopes to be stored in space-separated string.
- *
- * @ingroup oauth2_section_6
- */
- public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = null);
-
- /**
- * Expire a used refresh token.
- *
- * This is not explicitly required in the spec, but is almost implied.
- * After granting a new refresh token, the old one is no longer useful and
- * so should be forcibly expired in the data store so it can't be used again.
- *
- * If storage fails for some reason, we're not currently checking for
- * any sort of success/failure, so you should bail out of the script
- * and provide a descriptive fail message.
- *
- * @param $refresh_token
- * Refresh token to be expirse.
- *
- * @ingroup oauth2_section_6
- */
- public function unsetRefreshToken($refresh_token);
-}
diff --git a/library/oauth2/src/OAuth2/Storage/ScopeInterface.php b/library/oauth2/src/OAuth2/Storage/ScopeInterface.php
deleted file mode 100644
index a8292269b..000000000
--- a/library/oauth2/src/OAuth2/Storage/ScopeInterface.php
+++ /dev/null
@@ -1,46 +0,0 @@
-<?php
-
-namespace OAuth2\Storage;
-
-/**
- * Implement this interface to specify where the OAuth2 Server
- * should retrieve data involving the relevent scopes associated
- * with this implementation.
- *
- * @author Brent Shaffer <bshafs at gmail dot com>
- */
-interface ScopeInterface
-{
- /**
- * Check if the provided scope exists.
- *
- * @param $scope
- * A space-separated string of scopes.
- *
- * @return
- * TRUE if it exists, FALSE otherwise.
- */
- public function scopeExists($scope);
-
- /**
- * The default scope to use in the event the client
- * does not request one. By returning "false", a
- * request_error is returned by the server to force a
- * scope request by the client. By returning "null",
- * opt out of requiring scopes
- *
- * @param $client_id
- * An optional client id that can be used to return customized default scopes.
- *
- * @return
- * string representation of default scope, null if
- * scopes are not defined, or false to force scope
- * request by the client
- *
- * ex:
- * 'default'
- * ex:
- * null
- */
- public function getDefaultScope($client_id = null);
-}
diff --git a/library/oauth2/src/OAuth2/Storage/UserCredentialsInterface.php b/library/oauth2/src/OAuth2/Storage/UserCredentialsInterface.php
deleted file mode 100644
index 6e0fd7bad..000000000
--- a/library/oauth2/src/OAuth2/Storage/UserCredentialsInterface.php
+++ /dev/null
@@ -1,52 +0,0 @@
-<?php
-
-namespace OAuth2\Storage;
-
-/**
- * Implement this interface to specify where the OAuth2 Server
- * should retrieve user credentials for the
- * "Resource Owner Password Credentials" grant type
- *
- * @author Brent Shaffer <bshafs at gmail dot com>
- */
-interface UserCredentialsInterface
-{
- /**
- * Grant access tokens for basic user credentials.
- *
- * Check the supplied username and password for validity.
- *
- * You can also use the $client_id param to do any checks required based
- * on a client, if you need that.
- *
- * Required for OAuth2::GRANT_TYPE_USER_CREDENTIALS.
- *
- * @param $username
- * Username to be check with.
- * @param $password
- * Password to be check with.
- *
- * @return
- * TRUE if the username and password are valid, and FALSE if it isn't.
- * Moreover, if the username and password are valid, and you want to
- *
- * @see http://tools.ietf.org/html/rfc6749#section-4.3
- *
- * @ingroup oauth2_section_4
- */
- public function checkUserCredentials($username, $password);
-
- /**
- * @return
- * ARRAY the associated "user_id" and optional "scope" values
- * This function MUST return FALSE if the requested user does not exist or is
- * invalid. "scope" is a space-separated list of restricted scopes.
- * @code
- * return array(
- * "user_id" => USER_ID, // REQUIRED user_id to be stored with the authorization code or access token
- * "scope" => SCOPE // OPTIONAL space-separated list of restricted scopes
- * );
- * @endcode
- */
- public function getUserDetails($username);
-}
diff --git a/library/oauth2/src/OAuth2/TokenType/Bearer.php b/library/oauth2/src/OAuth2/TokenType/Bearer.php
deleted file mode 100644
index 8ac8596ac..000000000
--- a/library/oauth2/src/OAuth2/TokenType/Bearer.php
+++ /dev/null
@@ -1,130 +0,0 @@
-<?php
-
-namespace OAuth2\TokenType;
-
-use OAuth2\RequestInterface;
-use OAuth2\ResponseInterface;
-
-/**
-*
-*/
-class Bearer implements TokenTypeInterface
-{
- private $config;
-
- public function __construct(array $config = array())
- {
- $this->config = array_merge(array(
- 'token_param_name' => 'access_token',
- 'token_bearer_header_name' => 'Bearer',
- ), $config);
- }
-
- public function getTokenType()
- {
- return 'Bearer';
- }
-
- /**
- * Check if the request has supplied token
- *
- * @see https://github.com/bshaffer/oauth2-server-php/issues/349#issuecomment-37993588
- */
- public function requestHasToken(RequestInterface $request)
- {
- $headers = $request->headers('AUTHORIZATION');
-
- // check the header, then the querystring, then the request body
- return !empty($headers) || (bool) ($request->request($this->config['token_param_name'])) || (bool) ($request->query($this->config['token_param_name']));
- }
-
- /**
- * This is a convenience function that can be used to get the token, which can then
- * be passed to getAccessTokenData(). The constraints specified by the draft are
- * attempted to be adheared to in this method.
- *
- * As per the Bearer spec (draft 8, section 2) - there are three ways for a client
- * to specify the bearer token, in order of preference: Authorization Header,
- * POST and GET.
- *
- * NB: Resource servers MUST accept tokens via the Authorization scheme
- * (http://tools.ietf.org/html/rfc6750#section-2).
- *
- * @todo Should we enforce TLS/SSL in this function?
- *
- * @see http://tools.ietf.org/html/rfc6750#section-2.1
- * @see http://tools.ietf.org/html/rfc6750#section-2.2
- * @see http://tools.ietf.org/html/rfc6750#section-2.3
- *
- * Old Android version bug (at least with version 2.2)
- * @see http://code.google.com/p/android/issues/detail?id=6684
- *
- */
- public function getAccessTokenParameter(RequestInterface $request, ResponseInterface $response)
- {
- $headers = $request->headers('AUTHORIZATION');
-
- /**
- * Ensure more than one method is not used for including an
- * access token
- *
- * @see http://tools.ietf.org/html/rfc6750#section-3.1
- */
- $methodsUsed = !empty($headers) + (bool) ($request->query($this->config['token_param_name'])) + (bool) ($request->request($this->config['token_param_name']));
- if ($methodsUsed > 1) {
- $response->setError(400, 'invalid_request', 'Only one method may be used to authenticate at a time (Auth header, GET or POST)');
-
- return null;
- }
-
- /**
- * If no authentication is provided, set the status code
- * to 401 and return no other error information
- *
- * @see http://tools.ietf.org/html/rfc6750#section-3.1
- */
- if ($methodsUsed == 0) {
- $response->setStatusCode(401);
-
- return null;
- }
-
- // HEADER: Get the access token from the header
- if (!empty($headers)) {
- if (!preg_match('/' . $this->config['token_bearer_header_name'] . '\s(\S+)/i', $headers, $matches)) {
- $response->setError(400, 'invalid_request', 'Malformed auth header');
-
- return null;
- }
-
- return $matches[1];
- }
-
- if ($request->request($this->config['token_param_name'])) {
- // // POST: Get the token from POST data
- if (!in_array(strtolower($request->server('REQUEST_METHOD')), array('post', 'put'))) {
- $response->setError(400, 'invalid_request', 'When putting the token in the body, the method must be POST or PUT', '#section-2.2');
-
- return null;
- }
-
- $contentType = $request->server('CONTENT_TYPE');
- if (false !== $pos = strpos($contentType, ';')) {
- $contentType = substr($contentType, 0, $pos);
- }
-
- if ($contentType !== null && $contentType != 'application/x-www-form-urlencoded') {
- // IETF specifies content-type. NB: Not all webservers populate this _SERVER variable
- // @see http://tools.ietf.org/html/rfc6750#section-2.2
- $response->setError(400, 'invalid_request', 'The content type for POST requests must be "application/x-www-form-urlencoded"');
-
- return null;
- }
-
- return $request->request($this->config['token_param_name']);
- }
-
- // GET method
- return $request->query($this->config['token_param_name']);
- }
-}
diff --git a/library/oauth2/src/OAuth2/TokenType/Mac.php b/library/oauth2/src/OAuth2/TokenType/Mac.php
deleted file mode 100644
index fe6a86aa6..000000000
--- a/library/oauth2/src/OAuth2/TokenType/Mac.php
+++ /dev/null
@@ -1,22 +0,0 @@
-<?php
-
-namespace OAuth2\TokenType;
-
-use OAuth2\RequestInterface;
-use OAuth2\ResponseInterface;
-
-/**
-* This is not yet supported!
-*/
-class Mac implements TokenTypeInterface
-{
- public function getTokenType()
- {
- return 'mac';
- }
-
- public function getAccessTokenParameter(RequestInterface $request, ResponseInterface $response)
- {
- throw new \LogicException("Not supported");
- }
-}
diff --git a/library/oauth2/src/OAuth2/TokenType/TokenTypeInterface.php b/library/oauth2/src/OAuth2/TokenType/TokenTypeInterface.php
deleted file mode 100644
index ad77d4a25..000000000
--- a/library/oauth2/src/OAuth2/TokenType/TokenTypeInterface.php
+++ /dev/null
@@ -1,21 +0,0 @@
-<?php
-
-namespace OAuth2\TokenType;
-
-use OAuth2\RequestInterface;
-use OAuth2\ResponseInterface;
-
-interface TokenTypeInterface
-{
- /**
- * Token type identification string
- *
- * ex: "bearer" or "mac"
- */
- public function getTokenType();
-
- /**
- * Retrieves the token string from the request object
- */
- public function getAccessTokenParameter(RequestInterface $request, ResponseInterface $response);
-}
diff --git a/library/oauth2/test/OAuth2/AutoloadTest.php b/library/oauth2/test/OAuth2/AutoloadTest.php
deleted file mode 100644
index 5901bdc42..000000000
--- a/library/oauth2/test/OAuth2/AutoloadTest.php
+++ /dev/null
@@ -1,16 +0,0 @@
-<?php
-
-namespace OAuth2;
-
-class AutoloadTest extends \PHPUnit_Framework_TestCase
-{
- public function testClassesExist()
- {
- // autoloader is called in test/bootstrap.php
- $this->assertTrue(class_exists('OAuth2\Server'));
- $this->assertTrue(class_exists('OAuth2\Request'));
- $this->assertTrue(class_exists('OAuth2\Response'));
- $this->assertTrue(class_exists('OAuth2\GrantType\UserCredentials'));
- $this->assertTrue(interface_exists('OAuth2\Storage\AccessTokenInterface'));
- }
-}
diff --git a/library/oauth2/test/OAuth2/Controller/AuthorizeControllerTest.php b/library/oauth2/test/OAuth2/Controller/AuthorizeControllerTest.php
deleted file mode 100644
index 3bfc760e4..000000000
--- a/library/oauth2/test/OAuth2/Controller/AuthorizeControllerTest.php
+++ /dev/null
@@ -1,492 +0,0 @@
-<?php
-
-namespace OAuth2\Controller;
-
-use OAuth2\Storage\Memory;
-use OAuth2\Scope;
-use OAuth2\Storage\Bootstrap;
-use OAuth2\Server;
-use OAuth2\GrantType\AuthorizationCode;
-use OAuth2\Request;
-use OAuth2\Response;
-use OAuth2\Request\TestRequest;
-
-class AuthorizeControllerTest extends \PHPUnit_Framework_TestCase
-{
- public function testNoClientIdResponse()
- {
- $server = $this->getTestServer();
- $request = new Request();
- $server->handleAuthorizeRequest($request, $response = new Response(), false);
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_client');
- $this->assertEquals($response->getParameter('error_description'), 'No client id supplied');
- }
-
- public function testInvalidClientIdResponse()
- {
- $server = $this->getTestServer();
- $request = new Request(array(
- 'client_id' => 'Fake Client ID', // invalid client id
- ));
- $server->handleAuthorizeRequest($request, $response = new Response(), false);
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_client');
- $this->assertEquals($response->getParameter('error_description'), 'The client id supplied is invalid');
- }
-
- public function testNoRedirectUriSuppliedOrStoredResponse()
- {
- $server = $this->getTestServer();
- $request = new Request(array(
- 'client_id' => 'Test Client ID', // valid client id
- ));
- $server->handleAuthorizeRequest($request, $response = new Response(), false);
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_uri');
- $this->assertEquals($response->getParameter('error_description'), 'No redirect URI was supplied or stored');
- }
-
- public function testNoResponseTypeResponse()
- {
- $server = $this->getTestServer();
- $request = new Request(array(
- 'client_id' => 'Test Client ID', // valid client id
- 'redirect_uri' => 'http://adobe.com', // valid redirect URI
- ));
- $server->handleAuthorizeRequest($request, $response = new Response(), false);
-
- $this->assertEquals($response->getStatusCode(), 302);
- $location = $response->getHttpHeader('Location');
- $parts = parse_url($location);
- parse_str($parts['query'], $query);
-
- $this->assertEquals($query['error'], 'invalid_request');
- $this->assertEquals($query['error_description'], 'Invalid or missing response type');
- }
-
- public function testInvalidResponseTypeResponse()
- {
- $server = $this->getTestServer();
- $request = new Request(array(
- 'client_id' => 'Test Client ID', // valid client id
- 'redirect_uri' => 'http://adobe.com', // valid redirect URI
- 'response_type' => 'invalid', // invalid response type
- ));
- $server->handleAuthorizeRequest($request, $response = new Response(), false);
-
- $this->assertEquals($response->getStatusCode(), 302);
- $location = $response->getHttpHeader('Location');
- $parts = parse_url($location);
- parse_str($parts['query'], $query);
-
- $this->assertEquals($query['error'], 'invalid_request');
- $this->assertEquals($query['error_description'], 'Invalid or missing response type');
- }
-
- public function testRedirectUriFragmentResponse()
- {
- $server = $this->getTestServer();
- $request = new Request(array(
- 'client_id' => 'Test Client ID', // valid client id
- 'redirect_uri' => 'http://adobe.com#fragment', // valid redirect URI
- 'response_type' => 'code', // invalid response type
- ));
- $server->handleAuthorizeRequest($request, $response = new Response(), true);
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_uri');
- $this->assertEquals($response->getParameter('error_description'), 'The redirect URI must not contain a fragment');
- }
-
- public function testEnforceState()
- {
- $server = $this->getTestServer(array('enforce_state' => true));
- $request = new Request(array(
- 'client_id' => 'Test Client ID', // valid client id
- 'redirect_uri' => 'http://adobe.com', // valid redirect URI
- 'response_type' => 'code',
- ));
- $server->handleAuthorizeRequest($request, $response = new Response(), true);
-
- $this->assertEquals($response->getStatusCode(), 302);
- $location = $response->getHttpHeader('Location');
- $parts = parse_url($location);
- parse_str($parts['query'], $query);
-
- $this->assertEquals($query['error'], 'invalid_request');
- $this->assertEquals($query['error_description'], 'The state parameter is required');
- }
-
- public function testDoNotEnforceState()
- {
- $server = $this->getTestServer(array('enforce_state' => false));
- $request = new Request(array(
- 'client_id' => 'Test Client ID', // valid client id
- 'redirect_uri' => 'http://adobe.com', // valid redirect URI
- 'response_type' => 'code',
- ));
- $server->handleAuthorizeRequest($request, $response = new Response(), true);
-
- $this->assertEquals($response->getStatusCode(), 302);
- $this->assertNotContains('error', $response->getHttpHeader('Location'));
- }
-
- public function testEnforceScope()
- {
- $server = $this->getTestServer();
- $scopeStorage = new Memory(array('default_scope' => false, 'supported_scopes' => array('testscope')));
- $server->setScopeUtil(new Scope($scopeStorage));
-
- $request = new Request(array(
- 'client_id' => 'Test Client ID', // valid client id
- 'redirect_uri' => 'http://adobe.com', // valid redirect URI
- 'response_type' => 'code',
- 'state' => 'xyz',
- ));
- $server->handleAuthorizeRequest($request, $response = new Response(), true);
-
- $this->assertEquals($response->getStatusCode(), 302);
- $parts = parse_url($response->getHttpHeader('Location'));
- parse_str($parts['query'], $query);
-
- $this->assertEquals($query['error'], 'invalid_client');
- $this->assertEquals($query['error_description'], 'This application requires you specify a scope parameter');
-
- $request->query['scope'] = 'testscope';
- $server->handleAuthorizeRequest($request, $response = new Response(), true);
-
- $this->assertEquals($response->getStatusCode(), 302);
- $this->assertNotContains('error', $response->getHttpHeader('Location'));
- }
-
- public function testInvalidRedirectUri()
- {
- $server = $this->getTestServer();
- $request = new Request(array(
- 'client_id' => 'Test Client ID with Redirect Uri', // valid client id
- 'redirect_uri' => 'http://adobe.com', // invalid redirect URI
- 'response_type' => 'code',
- ));
- $server->handleAuthorizeRequest($request, $response = new Response(), true);
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'redirect_uri_mismatch');
- $this->assertEquals($response->getParameter('error_description'), 'The redirect URI provided is missing or does not match');
- }
-
- public function testInvalidRedirectUriApprovedByBuggyRegisteredUri()
- {
- $server = $this->getTestServer();
- $server->setConfig('require_exact_redirect_uri', false);
- $request = new Request(array(
- 'client_id' => 'Test Client ID with Buggy Redirect Uri', // valid client id
- 'redirect_uri' => 'http://adobe.com', // invalid redirect URI
- 'response_type' => 'code',
- ));
- $server->handleAuthorizeRequest($request, $response = new Response(), true);
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'redirect_uri_mismatch');
- $this->assertEquals($response->getParameter('error_description'), 'The redirect URI provided is missing or does not match');
- }
-
- public function testNoRedirectUriWithMultipleRedirectUris()
- {
- $server = $this->getTestServer();
-
- // create a request with no "redirect_uri" in querystring
- $request = new Request(array(
- 'client_id' => 'Test Client ID with Multiple Redirect Uris', // valid client id
- 'response_type' => 'code',
- ));
-
- $server->handleAuthorizeRequest($request, $response = new Response(), true);
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_uri');
- $this->assertEquals($response->getParameter('error_description'), 'A redirect URI must be supplied when multiple redirect URIs are registered');
- }
-
- public function testRedirectUriWithValidRedirectUri()
- {
- $server = $this->getTestServer();
-
- // create a request with no "redirect_uri" in querystring
- $request = new Request(array(
- 'client_id' => 'Test Client ID with Redirect Uri Parts', // valid client id
- 'response_type' => 'code',
- 'redirect_uri' => 'http://user:pass@brentertainment.com:2222/authorize/cb?auth_type=oauth&test=true',
- 'state' => 'xyz',
- ));
-
- $server->handleAuthorizeRequest($request, $response = new Response(), true);
-
- $this->assertEquals($response->getStatusCode(), 302);
- $this->assertContains('code', $response->getHttpHeader('Location'));
- }
-
- public function testRedirectUriWithDifferentQueryAndExactMatchRequired()
- {
- $server = $this->getTestServer(array('require_exact_redirect_uri' => true));
-
- // create a request with no "redirect_uri" in querystring
- $request = new Request(array(
- 'client_id' => 'Test Client ID with Redirect Uri Parts', // valid client id
- 'response_type' => 'code',
- 'redirect_uri' => 'http://user:pass@brentertainment.com:2222/authorize/cb?auth_type=oauth&test=true&hereisa=querystring',
- ));
-
- $server->handleAuthorizeRequest($request, $response = new Response(), true);
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'redirect_uri_mismatch');
- $this->assertEquals($response->getParameter('error_description'), 'The redirect URI provided is missing or does not match');
- }
-
- public function testRedirectUriWithDifferentQueryAndExactMatchNotRequired()
- {
- $server = $this->getTestServer(array('require_exact_redirect_uri' => false));
-
- // create a request with no "redirect_uri" in querystring
- $request = new Request(array(
- 'client_id' => 'Test Client ID with Redirect Uri Parts', // valid client id
- 'response_type' => 'code',
- 'redirect_uri' => 'http://user:pass@brentertainment.com:2222/authorize/cb?auth_type=oauth&test=true&hereisa=querystring',
- 'state' => 'xyz',
- ));
-
- $server->handleAuthorizeRequest($request, $response = new Response(), true);
-
- $this->assertEquals($response->getStatusCode(), 302);
- $this->assertContains('code', $response->getHttpHeader('Location'));
- }
-
- public function testMultipleRedirectUris()
- {
- $server = $this->getTestServer();
- $request = new Request(array(
- 'client_id' => 'Test Client ID with Multiple Redirect Uris', // valid client id
- 'redirect_uri' => 'http://brentertainment.com', // valid redirect URI
- 'response_type' => 'code',
- 'state' => 'xyz'
- ));
-
- $server->handleAuthorizeRequest($request, $response = new Response(), true);
- $this->assertEquals($response->getStatusCode(), 302);
- $this->assertContains('code', $response->getHttpHeader('Location'));
-
- // call again with different (but still valid) redirect URI
- $request->query['redirect_uri'] = 'http://morehazards.com';
-
- $server->handleAuthorizeRequest($request, $response = new Response(), true);
- $this->assertEquals($response->getStatusCode(), 302);
- $this->assertContains('code', $response->getHttpHeader('Location'));
- }
-
- /**
- * @see http://tools.ietf.org/html/rfc6749#section-4.1.3
- * @see https://github.com/bshaffer/oauth2-server-php/issues/163
- */
- public function testNoRedirectUriSuppliedDoesNotRequireTokenRedirectUri()
- {
- $server = $this->getTestServer();
- $request = new Request(array(
- 'client_id' => 'Test Client ID with Redirect Uri', // valid client id
- 'response_type' => 'code',
- 'state' => 'xyz',
- ));
-
- $server->handleAuthorizeRequest($request, $response = new Response(), true);
- $this->assertEquals($response->getStatusCode(), 302);
- $this->assertContains('state', $response->getHttpHeader('Location'));
- $this->assertStringStartsWith('http://brentertainment.com?code=', $response->getHttpHeader('Location'));
-
- $parts = parse_url($response->getHttpHeader('Location'));
- parse_str($parts['query'], $query);
-
- // call token endpoint with no redirect_uri supplied
- $request = TestRequest::createPost(array(
- 'client_id' => 'Test Client ID with Redirect Uri', // valid client id
- 'client_secret' => 'TestSecret2',
- 'grant_type' => 'authorization_code',
- 'code' => $query['code'],
- ));
-
- $server->handleTokenRequest($request, $response = new Response(), true);
- $this->assertEquals($response->getStatusCode(), 200);
- $this->assertNotNull($response->getParameter('access_token'));
- }
-
- public function testUserDeniesAccessResponse()
- {
- $server = $this->getTestServer();
- $request = new Request(array(
- 'client_id' => 'Test Client ID', // valid client id
- 'redirect_uri' => 'http://adobe.com', // valid redirect URI
- 'response_type' => 'code',
- 'state' => 'xyz',
- ));
- $server->handleAuthorizeRequest($request, $response = new Response(), false);
-
- $this->assertEquals($response->getStatusCode(), 302);
- $location = $response->getHttpHeader('Location');
- $parts = parse_url($location);
- parse_str($parts['query'], $query);
-
- $this->assertEquals($query['error'], 'access_denied');
- $this->assertEquals($query['error_description'], 'The user denied access to your application');
- }
-
- public function testCodeQueryParamIsSet()
- {
- $server = $this->getTestServer();
- $request = new Request(array(
- 'client_id' => 'Test Client ID', // valid client id
- 'redirect_uri' => 'http://adobe.com', // valid redirect URI
- 'response_type' => 'code',
- 'state' => 'xyz',
- ));
- $server->handleAuthorizeRequest($request, $response = new Response(), true);
-
- $this->assertEquals($response->getStatusCode(), 302);
- $location = $response->getHttpHeader('Location');
- $parts = parse_url($location);
- parse_str($parts['query'], $query);
-
- $location = $response->getHttpHeader('Location');
- $parts = parse_url($location);
-
- $this->assertEquals('http', $parts['scheme']); // same as passed in to redirect_uri
- $this->assertEquals('adobe.com', $parts['host']); // same as passed in to redirect_uri
- $this->assertArrayHasKey('query', $parts);
- $this->assertFalse(isset($parts['fragment']));
-
- // assert fragment is in "application/x-www-form-urlencoded" format
- parse_str($parts['query'], $query);
- $this->assertNotNull($query);
- $this->assertArrayHasKey('code', $query);
-
- // ensure no id_token was saved, since the openid scope wasn't requested
- $storage = $server->getStorage('authorization_code');
- $code = $storage->getAuthorizationCode($query['code']);
- $this->assertTrue(empty($code['id_token']));
-
- // ensure no error was returned
- $this->assertFalse(isset($query['error']));
- $this->assertFalse(isset($query['error_description']));
- }
-
- public function testSuccessfulRequestReturnsStateParameter()
- {
- $server = $this->getTestServer(array('allow_implicit' => true));
- $request = new Request(array(
- 'client_id' => 'Test Client ID', // valid client id
- 'redirect_uri' => 'http://adobe.com', // valid redirect URI
- 'response_type' => 'code',
- 'state' => 'test', // valid state string (just needs to be passed back to us)
- ));
- $server->handleAuthorizeRequest($request, $response = new Response(), true);
-
- $this->assertEquals($response->getStatusCode(), 302);
-
- $location = $response->getHttpHeader('Location');
- $parts = parse_url($location);
- $this->assertArrayHasKey('query', $parts);
- parse_str($parts['query'], $query);
-
- $this->assertArrayHasKey('state', $query);
- $this->assertEquals($query['state'], 'test');
-
- // ensure no error was returned
- $this->assertFalse(isset($query['error']));
- $this->assertFalse(isset($query['error_description']));
- }
-
- public function testSuccessfulRequestStripsExtraParameters()
- {
- $server = $this->getTestServer(array('allow_implicit' => true));
- $request = new Request(array(
- 'client_id' => 'Test Client ID', // valid client id
- 'redirect_uri' => 'http://adobe.com', // valid redirect URI
- 'response_type' => 'code',
- 'state' => 'test', // valid state string (just needs to be passed back to us)
- 'fake' => 'something', // extra query param
- ));
- $server->handleAuthorizeRequest($request, $response = new Response(), true);
-
- $this->assertEquals($response->getStatusCode(), 302);
- $location = $response->getHttpHeader('Location');
- $this->assertNotContains('error', $location);
-
- $parts = parse_url($location);
- $this->assertFalse(isset($parts['fake']));
- $this->assertArrayHasKey('query', $parts);
- parse_str($parts['query'], $query);
-
- $this->assertFalse(isset($parmas['fake']));
- $this->assertArrayHasKey('state', $query);
- $this->assertEquals($query['state'], 'test');
- }
-
- public function testSuccessfulOpenidConnectRequest()
- {
- $server = $this->getTestServer(array(
- 'use_openid_connect' => true,
- 'issuer' => 'bojanz',
- ));
-
- $request = new Request(array(
- 'client_id' => 'Test Client ID',
- 'redirect_uri' => 'http://adobe.com',
- 'response_type' => 'code',
- 'state' => 'xyz',
- 'scope' => 'openid',
- ));
- $server->handleAuthorizeRequest($request, $response = new Response(), true);
-
- $this->assertEquals($response->getStatusCode(), 302);
- $location = $response->getHttpHeader('Location');
- $parts = parse_url($location);
- parse_str($parts['query'], $query);
-
- $location = $response->getHttpHeader('Location');
- $parts = parse_url($location);
- $this->assertArrayHasKey('query', $parts);
- $this->assertFalse(isset($parts['fragment']));
-
- // assert fragment is in "application/x-www-form-urlencoded" format
- parse_str($parts['query'], $query);
- $this->assertNotNull($query);
- $this->assertArrayHasKey('code', $query);
-
- // ensure no error was returned
- $this->assertFalse(isset($query['error']));
- $this->assertFalse(isset($query['error_description']));
-
- // confirm that the id_token has been created.
- $storage = $server->getStorage('authorization_code');
- $code = $storage->getAuthorizationCode($query['code']);
- $this->assertTrue(!empty($code['id_token']));
- }
-
- public function testCreateController()
- {
- $storage = Bootstrap::getInstance()->getMemoryStorage();
- $controller = new AuthorizeController($storage);
- }
-
- private function getTestServer($config = array())
- {
- $storage = Bootstrap::getInstance()->getMemoryStorage();
- $server = new Server($storage, $config);
-
- // Add the two types supported for authorization grant
- $server->addGrantType(new AuthorizationCode($storage));
-
- return $server;
- }
-}
diff --git a/library/oauth2/test/OAuth2/Controller/ResourceControllerTest.php b/library/oauth2/test/OAuth2/Controller/ResourceControllerTest.php
deleted file mode 100644
index ee6d96ff8..000000000
--- a/library/oauth2/test/OAuth2/Controller/ResourceControllerTest.php
+++ /dev/null
@@ -1,175 +0,0 @@
-<?php
-
-namespace OAuth2\Controller;
-
-use OAuth2\Storage\Bootstrap;
-use OAuth2\Server;
-use OAuth2\GrantType\AuthorizationCode;
-use OAuth2\Request;
-use OAuth2\Response;
-
-class ResourceControllerTest extends \PHPUnit_Framework_TestCase
-{
- public function testNoAccessToken()
- {
- $server = $this->getTestServer();
- $request = Request::createFromGlobals();
- $allow = $server->verifyResourceRequest($request, $response = new Response());
- $this->assertFalse($allow);
-
- $this->assertEquals($response->getStatusCode(), 401);
- $this->assertNull($response->getParameter('error'));
- $this->assertNull($response->getParameter('error_description'));
- }
-
- public function testMalformedHeader()
- {
- $server = $this->getTestServer();
- $request = Request::createFromGlobals();
- $request->headers['AUTHORIZATION'] = 'tH1s i5 B0gU5';
- $allow = $server->verifyResourceRequest($request, $response = new Response());
- $this->assertFalse($allow);
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_request');
- $this->assertEquals($response->getParameter('error_description'), 'Malformed auth header');
- }
-
- public function testMultipleTokensSubmitted()
- {
- $server = $this->getTestServer();
- $request = Request::createFromGlobals();
- $request->request['access_token'] = 'TEST';
- $request->query['access_token'] = 'TEST';
- $allow = $server->verifyResourceRequest($request, $response = new Response());
- $this->assertFalse($allow);
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_request');
- $this->assertEquals($response->getParameter('error_description'), 'Only one method may be used to authenticate at a time (Auth header, GET or POST)');
- }
-
- public function testInvalidRequestMethod()
- {
- $server = $this->getTestServer();
- $request = Request::createFromGlobals();
- $request->server['REQUEST_METHOD'] = 'GET';
- $request->request['access_token'] = 'TEST';
- $allow = $server->verifyResourceRequest($request, $response = new Response());
- $this->assertFalse($allow);
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_request');
- $this->assertEquals($response->getParameter('error_description'), 'When putting the token in the body, the method must be POST or PUT');
- }
-
- public function testInvalidContentType()
- {
- $server = $this->getTestServer();
- $request = Request::createFromGlobals();
- $request->server['REQUEST_METHOD'] = 'POST';
- $request->server['CONTENT_TYPE'] = 'application/json';
- $request->request['access_token'] = 'TEST';
- $allow = $server->verifyResourceRequest($request, $response = new Response());
- $this->assertFalse($allow);
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_request');
- $this->assertEquals($response->getParameter('error_description'), 'The content type for POST requests must be "application/x-www-form-urlencoded"');
- }
-
- public function testInvalidToken()
- {
- $server = $this->getTestServer();
- $request = Request::createFromGlobals();
- $request->headers['AUTHORIZATION'] = 'Bearer TESTTOKEN';
- $allow = $server->verifyResourceRequest($request, $response = new Response());
- $this->assertFalse($allow);
-
- $this->assertEquals($response->getStatusCode(), 401);
- $this->assertEquals($response->getParameter('error'), 'invalid_token');
- $this->assertEquals($response->getParameter('error_description'), 'The access token provided is invalid');
- }
-
- public function testExpiredToken()
- {
- $server = $this->getTestServer();
- $request = Request::createFromGlobals();
- $request->headers['AUTHORIZATION'] = 'Bearer accesstoken-expired';
- $allow = $server->verifyResourceRequest($request, $response = new Response());
- $this->assertFalse($allow);
-
- $this->assertEquals($response->getStatusCode(), 401);
- $this->assertEquals($response->getParameter('error'), 'expired_token');
- $this->assertEquals($response->getParameter('error_description'), 'The access token provided has expired');
- }
-
- public function testOutOfScopeToken()
- {
- $server = $this->getTestServer();
- $request = Request::createFromGlobals();
- $request->headers['AUTHORIZATION'] = 'Bearer accesstoken-scope';
- $scope = 'outofscope';
- $allow = $server->verifyResourceRequest($request, $response = new Response(), $scope);
- $this->assertFalse($allow);
-
- $this->assertEquals($response->getStatusCode(), 403);
- $this->assertEquals($response->getParameter('error'), 'insufficient_scope');
- $this->assertEquals($response->getParameter('error_description'), 'The request requires higher privileges than provided by the access token');
-
- // verify the "scope" has been set in the "WWW-Authenticate" header
- preg_match('/scope="(.*?)"/', $response->getHttpHeader('WWW-Authenticate'), $matches);
- $this->assertEquals(2, count($matches));
- $this->assertEquals($matches[1], 'outofscope');
- }
-
- public function testMalformedToken()
- {
- $server = $this->getTestServer();
- $request = Request::createFromGlobals();
- $request->headers['AUTHORIZATION'] = 'Bearer accesstoken-malformed';
- $allow = $server->verifyResourceRequest($request, $response = new Response());
- $this->assertFalse($allow);
-
- $this->assertEquals($response->getStatusCode(), 401);
- $this->assertEquals($response->getParameter('error'), 'malformed_token');
- $this->assertEquals($response->getParameter('error_description'), 'Malformed token (missing "expires")');
- }
-
- public function testValidToken()
- {
- $server = $this->getTestServer();
- $request = Request::createFromGlobals();
- $request->headers['AUTHORIZATION'] = 'Bearer accesstoken-scope';
- $allow = $server->verifyResourceRequest($request, $response = new Response());
- $this->assertTrue($allow);
- }
-
- public function testValidTokenWithScopeParam()
- {
- $server = $this->getTestServer();
- $request = Request::createFromGlobals();
- $request->headers['AUTHORIZATION'] = 'Bearer accesstoken-scope';
- $request->query['scope'] = 'testscope';
- $allow = $server->verifyResourceRequest($request, $response = new Response());
- $this->assertTrue($allow);
- }
-
- public function testCreateController()
- {
- $storage = Bootstrap::getInstance()->getMemoryStorage();
- $tokenType = new \OAuth2\TokenType\Bearer();
- $controller = new ResourceController($tokenType, $storage);
- }
-
- private function getTestServer($config = array())
- {
- $storage = Bootstrap::getInstance()->getMemoryStorage();
- $server = new Server($storage, $config);
-
- // Add the two types supported for authorization grant
- $server->addGrantType(new AuthorizationCode($storage));
-
- return $server;
- }
-}
diff --git a/library/oauth2/test/OAuth2/Controller/TokenControllerTest.php b/library/oauth2/test/OAuth2/Controller/TokenControllerTest.php
deleted file mode 100644
index 4a217bd55..000000000
--- a/library/oauth2/test/OAuth2/Controller/TokenControllerTest.php
+++ /dev/null
@@ -1,289 +0,0 @@
-<?php
-
-namespace OAuth2\Controller;
-
-use OAuth2\Storage\Bootstrap;
-use OAuth2\Server;
-use OAuth2\GrantType\AuthorizationCode;
-use OAuth2\GrantType\ClientCredentials;
-use OAuth2\GrantType\UserCredentials;
-use OAuth2\Scope;
-use OAuth2\Request\TestRequest;
-use OAuth2\Response;
-
-class TokenControllerTest extends \PHPUnit_Framework_TestCase
-{
- public function testNoGrantType()
- {
- // add the test parameters in memory
- $server = $this->getTestServer();
- $server->handleTokenRequest(TestRequest::createPost(), $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_request');
- $this->assertEquals($response->getParameter('error_description'), 'The grant type was not specified in the request');
- }
-
- public function testInvalidGrantType()
- {
- // add the test parameters in memory
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'invalid_grant_type', // invalid grant type
- ));
- $server->handleTokenRequest($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'unsupported_grant_type');
- $this->assertEquals($response->getParameter('error_description'), 'Grant type "invalid_grant_type" not supported');
- }
-
- public function testNoClientId()
- {
- // add the test parameters in memory
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'authorization_code', // valid grant type
- 'code' => 'testcode',
- ));
- $server->handleTokenRequest($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_client');
- $this->assertEquals($response->getParameter('error_description'), 'Client credentials were not found in the headers or body');
- }
-
- public function testNoClientSecretWithConfidentialClient()
- {
- // add the test parameters in memory
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'authorization_code', // valid grant type
- 'code' => 'testcode',
- 'client_id' => 'Test Client ID', // valid client id
- ));
- $server->handleTokenRequest($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_client');
- $this->assertEquals($response->getParameter('error_description'), 'This client is invalid or must authenticate using a client secret');
- }
-
- public function testNoClientSecretWithEmptySecret()
- {
- // add the test parameters in memory
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'authorization_code', // valid grant type
- 'code' => 'testcode-empty-secret',
- 'client_id' => 'Test Client ID Empty Secret', // valid client id
- ));
- $server->handleTokenRequest($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 200);
- }
-
- public function testInvalidClientId()
- {
- // add the test parameters in memory
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'authorization_code', // valid grant type
- 'code' => 'testcode',
- 'client_id' => 'Fake Client ID', // invalid client id
- 'client_secret' => 'TestSecret', // valid client secret
- ));
- $server->handleTokenRequest($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_client');
- $this->assertEquals($response->getParameter('error_description'), 'The client credentials are invalid');
- }
-
- public function testInvalidClientSecret()
- {
- // add the test parameters in memory
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'authorization_code', // valid grant type
- 'code' => 'testcode',
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'Fake Client Secret', // invalid client secret
- ));
- $server->handleTokenRequest($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_client');
- $this->assertEquals($response->getParameter('error_description'), 'The client credentials are invalid');
- }
-
- public function testValidTokenResponse()
- {
- // add the test parameters in memory
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'authorization_code', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'code' => 'testcode', // valid authorization code
- ));
- $server->handleTokenRequest($request, $response = new Response());
-
- $this->assertTrue($response instanceof Response);
- $this->assertEquals($response->getStatusCode(), 200);
- $this->assertNull($response->getParameter('error'));
- $this->assertNull($response->getParameter('error_description'));
- $this->assertNotNull($response->getParameter('access_token'));
- $this->assertNotNull($response->getParameter('expires_in'));
- $this->assertNotNull($response->getParameter('token_type'));
- }
-
- public function testValidClientIdScope()
- {
- // add the test parameters in memory
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'authorization_code', // valid grant type
- 'code' => 'testcode',
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'scope' => 'clientscope1 clientscope2'
- ));
- $server->handleTokenRequest($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 200);
- $this->assertNull($response->getParameter('error'));
- $this->assertNull($response->getParameter('error_description'));
- $this->assertEquals('clientscope1 clientscope2', $response->getParameter('scope'));
- }
-
- public function testInvalidClientIdScope()
- {
- // add the test parameters in memory
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'authorization_code', // valid grant type
- 'code' => 'testcode-with-scope',
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'scope' => 'clientscope3'
- ));
- $server->handleTokenRequest($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_scope');
- $this->assertEquals($response->getParameter('error_description'), 'The scope requested is invalid for this request');
- }
-
- public function testEnforceScope()
- {
- $storage = Bootstrap::getInstance()->getMemoryStorage();
- $server = new Server($storage);
- $server->addGrantType(new ClientCredentials($storage));
-
- $scope = new Scope(array(
- 'default_scope' => false,
- 'supported_scopes' => array('testscope')
- ));
- $server->setScopeUtil($scope);
-
- $request = TestRequest::createPost(array(
- 'grant_type' => 'client_credentials', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- ));
- $response = $server->handleTokenRequest($request);
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_scope');
- $this->assertEquals($response->getParameter('error_description'), 'This application requires you specify a scope parameter');
- }
-
- public function testCanReceiveAccessTokenUsingPasswordGrantTypeWithoutClientSecret()
- {
- // add the test parameters in memory
- $storage = Bootstrap::getInstance()->getMemoryStorage();
- $server = new Server($storage);
- $server->addGrantType(new UserCredentials($storage));
-
- $request = TestRequest::createPost(array(
- 'grant_type' => 'password', // valid grant type
- 'client_id' => 'Test Client ID For Password Grant', // valid client id
- 'username' => 'johndoe', // valid username
- 'password' => 'password', // valid password for username
- ));
- $server->handleTokenRequest($request, $response = new Response());
-
- $this->assertTrue($response instanceof Response);
- $this->assertEquals(200, $response->getStatusCode(), var_export($response, 1));
- $this->assertNull($response->getParameter('error'));
- $this->assertNull($response->getParameter('error_description'));
- $this->assertNotNull($response->getParameter('access_token'));
- $this->assertNotNull($response->getParameter('expires_in'));
- $this->assertNotNull($response->getParameter('token_type'));
- }
-
- public function testInvalidTokenTypeHintForRevoke()
- {
- $server = $this->getTestServer();
-
- $request = TestRequest::createPost(array(
- 'token_type_hint' => 'foo',
- 'token' => 'sometoken'
- ));
-
- $server->handleRevokeRequest($request, $response = new Response());
-
- $this->assertTrue($response instanceof Response);
- $this->assertEquals(400, $response->getStatusCode(), var_export($response, 1));
- $this->assertEquals($response->getParameter('error'), 'invalid_request');
- $this->assertEquals($response->getParameter('error_description'), 'Token type hint must be either \'access_token\' or \'refresh_token\'');
- }
-
- public function testMissingTokenForRevoke()
- {
- $server = $this->getTestServer();
-
- $request = TestRequest::createPost(array(
- 'token_type_hint' => 'access_token'
- ));
-
- $server->handleRevokeRequest($request, $response = new Response());
- $this->assertTrue($response instanceof Response);
- $this->assertEquals(400, $response->getStatusCode(), var_export($response, 1));
- $this->assertEquals($response->getParameter('error'), 'invalid_request');
- $this->assertEquals($response->getParameter('error_description'), 'Missing token parameter to revoke');
- }
-
- public function testInvalidRequestMethodForRevoke()
- {
- $server = $this->getTestServer();
-
- $request = new TestRequest();
- $request->setQuery(array(
- 'token_type_hint' => 'access_token'
- ));
-
- $server->handleRevokeRequest($request, $response = new Response());
- $this->assertTrue($response instanceof Response);
- $this->assertEquals(405, $response->getStatusCode(), var_export($response, 1));
- $this->assertEquals($response->getParameter('error'), 'invalid_request');
- $this->assertEquals($response->getParameter('error_description'), 'The request method must be POST when revoking an access token');
- }
-
- public function testCreateController()
- {
- $storage = Bootstrap::getInstance()->getMemoryStorage();
- $accessToken = new \OAuth2\ResponseType\AccessToken($storage);
- $controller = new TokenController($accessToken, $storage);
- }
-
- private function getTestServer()
- {
- $storage = Bootstrap::getInstance()->getMemoryStorage();
- $server = new Server($storage);
- $server->addGrantType(new AuthorizationCode($storage));
-
- return $server;
- }
-}
diff --git a/library/oauth2/test/OAuth2/Encryption/FirebaseJwtTest.php b/library/oauth2/test/OAuth2/Encryption/FirebaseJwtTest.php
deleted file mode 100644
index d34136767..000000000
--- a/library/oauth2/test/OAuth2/Encryption/FirebaseJwtTest.php
+++ /dev/null
@@ -1,102 +0,0 @@
-<?php
-
-namespace OAuth2\Encryption;
-
-use OAuth2\Storage\Bootstrap;
-
-class FirebaseJwtTest extends \PHPUnit_Framework_TestCase
-{
- private $privateKey;
-
- public function setUp()
- {
- $this->privateKey = <<<EOD
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQC5/SxVlE8gnpFqCxgl2wjhzY7ucEi00s0kUg3xp7lVEvgLgYcA
-nHiWp+gtSjOFfH2zsvpiWm6Lz5f743j/FEzHIO1owR0p4d9pOaJK07d01+RzoQLO
-IQAgXrr4T1CCWUesncwwPBVCyy2Mw3Nmhmr9MrF8UlvdRKBxriRnlP3qJQIDAQAB
-AoGAVgJJVU4fhYMu1e5JfYAcTGfF+Gf+h3iQm4JCpoUcxMXf5VpB9ztk3K7LRN5y
-kwFuFALpnUAarRcUPs0D8FoP4qBluKksbAtgHkO7bMSH9emN+mH4le4qpFlR7+P1
-3fLE2Y19IBwPwEfClC+TpJvuog6xqUYGPlg6XLq/MxQUB4ECQQDgovP1v+ONSeGS
-R+NgJTR47noTkQT3M2izlce/OG7a+O0yw6BOZjNXqH2wx3DshqMcPUFrTjibIClP
-l/tEQ3ShAkEA0/TdBYDtXpNNjqg0R9GVH2pw7Kh68ne6mZTuj0kCgFYpUF6L6iMm
-zXamIJ51rTDsTyKTAZ1JuAhAsK/M2BbDBQJAKQ5fXEkIA+i+64dsDUR/hKLBeRYG
-PFAPENONQGvGBwt7/s02XV3cgGbxIgAxqWkqIp0neb9AJUoJgtyaNe3GQQJANoL4
-QQ0af0NVJAZgg8QEHTNL3aGrFSbzx8IE5Lb7PLRsJa5bP5lQxnDoYuU+EI/Phr62
-niisp/b/ZDGidkTMXQJBALeRsH1I+LmICAvWXpLKa9Gv0zGCwkuIJLiUbV9c6CVh
-suocCAteQwL5iW2gA4AnYr5OGeHFsEl7NCQcwfPZpJ0=
------END RSA PRIVATE KEY-----
-EOD;
- }
-
- /** @dataProvider provideClientCredentials */
- public function testJwtUtil($client_id, $client_key)
- {
- $jwtUtil = new FirebaseJwt();
-
- $params = array(
- 'iss' => $client_id,
- 'exp' => time() + 1000,
- 'iat' => time(),
- 'sub' => 'testuser@ourdomain.com',
- 'aud' => 'http://myapp.com/oauth/auth',
- 'scope' => null,
- );
-
- $encoded = $jwtUtil->encode($params, $this->privateKey, 'RS256');
-
- // test BC behaviour of trusting the algorithm in the header
- $payload = $jwtUtil->decode($encoded, $client_key, array('RS256'));
- $this->assertEquals($params, $payload);
-
- // test BC behaviour of not verifying by passing false
- $payload = $jwtUtil->decode($encoded, $client_key, false);
- $this->assertEquals($params, $payload);
-
- // test the new restricted algorithms header
- $payload = $jwtUtil->decode($encoded, $client_key, array('RS256'));
- $this->assertEquals($params, $payload);
- }
-
- public function testInvalidJwt()
- {
- $jwtUtil = new FirebaseJwt();
-
- $this->assertFalse($jwtUtil->decode('goob'));
- $this->assertFalse($jwtUtil->decode('go.o.b'));
- }
-
- /** @dataProvider provideClientCredentials */
- public function testInvalidJwtHeader($client_id, $client_key)
- {
- $jwtUtil = new FirebaseJwt();
-
- $params = array(
- 'iss' => $client_id,
- 'exp' => time() + 1000,
- 'iat' => time(),
- 'sub' => 'testuser@ourdomain.com',
- 'aud' => 'http://myapp.com/oauth/auth',
- 'scope' => null,
- );
-
- // testing for algorithm tampering when only RSA256 signing is allowed
- // @see https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/
- $tampered = $jwtUtil->encode($params, $client_key, 'HS256');
-
- $payload = $jwtUtil->decode($tampered, $client_key, array('RS256'));
-
- $this->assertFalse($payload);
- }
-
- public function provideClientCredentials()
- {
- $storage = Bootstrap::getInstance()->getMemoryStorage();
- $client_id = 'Test Client ID';
- $client_key = $storage->getClientKey($client_id, "testuser@ourdomain.com");
-
- return array(
- array($client_id, $client_key),
- );
- }
-}
diff --git a/library/oauth2/test/OAuth2/Encryption/JwtTest.php b/library/oauth2/test/OAuth2/Encryption/JwtTest.php
deleted file mode 100644
index 214eebac8..000000000
--- a/library/oauth2/test/OAuth2/Encryption/JwtTest.php
+++ /dev/null
@@ -1,102 +0,0 @@
-<?php
-
-namespace OAuth2\Encryption;
-
-use OAuth2\Storage\Bootstrap;
-
-class JwtTest extends \PHPUnit_Framework_TestCase
-{
- private $privateKey;
-
- public function setUp()
- {
- $this->privateKey = <<<EOD
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQC5/SxVlE8gnpFqCxgl2wjhzY7ucEi00s0kUg3xp7lVEvgLgYcA
-nHiWp+gtSjOFfH2zsvpiWm6Lz5f743j/FEzHIO1owR0p4d9pOaJK07d01+RzoQLO
-IQAgXrr4T1CCWUesncwwPBVCyy2Mw3Nmhmr9MrF8UlvdRKBxriRnlP3qJQIDAQAB
-AoGAVgJJVU4fhYMu1e5JfYAcTGfF+Gf+h3iQm4JCpoUcxMXf5VpB9ztk3K7LRN5y
-kwFuFALpnUAarRcUPs0D8FoP4qBluKksbAtgHkO7bMSH9emN+mH4le4qpFlR7+P1
-3fLE2Y19IBwPwEfClC+TpJvuog6xqUYGPlg6XLq/MxQUB4ECQQDgovP1v+ONSeGS
-R+NgJTR47noTkQT3M2izlce/OG7a+O0yw6BOZjNXqH2wx3DshqMcPUFrTjibIClP
-l/tEQ3ShAkEA0/TdBYDtXpNNjqg0R9GVH2pw7Kh68ne6mZTuj0kCgFYpUF6L6iMm
-zXamIJ51rTDsTyKTAZ1JuAhAsK/M2BbDBQJAKQ5fXEkIA+i+64dsDUR/hKLBeRYG
-PFAPENONQGvGBwt7/s02XV3cgGbxIgAxqWkqIp0neb9AJUoJgtyaNe3GQQJANoL4
-QQ0af0NVJAZgg8QEHTNL3aGrFSbzx8IE5Lb7PLRsJa5bP5lQxnDoYuU+EI/Phr62
-niisp/b/ZDGidkTMXQJBALeRsH1I+LmICAvWXpLKa9Gv0zGCwkuIJLiUbV9c6CVh
-suocCAteQwL5iW2gA4AnYr5OGeHFsEl7NCQcwfPZpJ0=
------END RSA PRIVATE KEY-----
-EOD;
- }
-
- /** @dataProvider provideClientCredentials */
- public function testJwtUtil($client_id, $client_key)
- {
- $jwtUtil = new Jwt();
-
- $params = array(
- 'iss' => $client_id,
- 'exp' => time() + 1000,
- 'iat' => time(),
- 'sub' => 'testuser@ourdomain.com',
- 'aud' => 'http://myapp.com/oauth/auth',
- 'scope' => null,
- );
-
- $encoded = $jwtUtil->encode($params, $this->privateKey, 'RS256');
-
- // test BC behaviour of trusting the algorithm in the header
- $payload = $jwtUtil->decode($encoded, $client_key);
- $this->assertEquals($params, $payload);
-
- // test BC behaviour of not verifying by passing false
- $payload = $jwtUtil->decode($encoded, $client_key, false);
- $this->assertEquals($params, $payload);
-
- // test the new restricted algorithms header
- $payload = $jwtUtil->decode($encoded, $client_key, array('RS256'));
- $this->assertEquals($params, $payload);
- }
-
- public function testInvalidJwt()
- {
- $jwtUtil = new Jwt();
-
- $this->assertFalse($jwtUtil->decode('goob'));
- $this->assertFalse($jwtUtil->decode('go.o.b'));
- }
-
- /** @dataProvider provideClientCredentials */
- public function testInvalidJwtHeader($client_id, $client_key)
- {
- $jwtUtil = new Jwt();
-
- $params = array(
- 'iss' => $client_id,
- 'exp' => time() + 1000,
- 'iat' => time(),
- 'sub' => 'testuser@ourdomain.com',
- 'aud' => 'http://myapp.com/oauth/auth',
- 'scope' => null,
- );
-
- // testing for algorithm tampering when only RSA256 signing is allowed
- // @see https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/
- $tampered = $jwtUtil->encode($params, $client_key, 'HS256');
-
- $payload = $jwtUtil->decode($tampered, $client_key, array('RS256'));
-
- $this->assertFalse($payload);
- }
-
- public function provideClientCredentials()
- {
- $storage = Bootstrap::getInstance()->getMemoryStorage();
- $client_id = 'Test Client ID';
- $client_key = $storage->getClientKey($client_id, "testuser@ourdomain.com");
-
- return array(
- array($client_id, $client_key),
- );
- }
-}
diff --git a/library/oauth2/test/OAuth2/GrantType/AuthorizationCodeTest.php b/library/oauth2/test/OAuth2/GrantType/AuthorizationCodeTest.php
deleted file mode 100644
index 740989635..000000000
--- a/library/oauth2/test/OAuth2/GrantType/AuthorizationCodeTest.php
+++ /dev/null
@@ -1,207 +0,0 @@
-<?php
-
-namespace OAuth2\GrantType;
-
-use OAuth2\Storage\Bootstrap;
-use OAuth2\Server;
-use OAuth2\Request\TestRequest;
-use OAuth2\Response;
-
-class AuthorizationCodeTest extends \PHPUnit_Framework_TestCase
-{
- public function testNoCode()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'authorization_code', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- ));
- $server->handleTokenRequest($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_request');
- $this->assertEquals($response->getParameter('error_description'), 'Missing parameter: "code" is required');
- }
-
- public function testInvalidCode()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'authorization_code', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'code' => 'InvalidCode', // invalid authorization code
- ));
- $server->handleTokenRequest($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_grant');
- $this->assertEquals($response->getParameter('error_description'), 'Authorization code doesn\'t exist or is invalid for the client');
- }
-
- public function testCodeCannotBeUsedTwice()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'authorization_code', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'code' => 'testcode', // valid code
- ));
- $server->handleTokenRequest($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 200);
- $this->assertNotNull($response->getParameter('access_token'));
-
- // try to use the same code again
- $server->handleTokenRequest($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_grant');
- $this->assertEquals($response->getParameter('error_description'), 'Authorization code doesn\'t exist or is invalid for the client');
- }
-
- public function testExpiredCode()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'authorization_code', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'code' => 'testcode-expired', // expired authorization code
- ));
- $server->handleTokenRequest($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_grant');
- $this->assertEquals($response->getParameter('error_description'), 'The authorization code has expired');
- }
-
- public function testValidCode()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'authorization_code', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'code' => 'testcode', // valid code
- ));
- $token = $server->grantAccessToken($request, new Response());
-
- $this->assertNotNull($token);
- $this->assertArrayHasKey('access_token', $token);
- }
-
- public function testValidCodeNoScope()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'authorization_code', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'code' => 'testcode-with-scope', // valid code
- ));
- $token = $server->grantAccessToken($request, new Response());
-
- $this->assertNotNull($token);
- $this->assertArrayHasKey('access_token', $token);
- $this->assertArrayHasKey('scope', $token);
- $this->assertEquals($token['scope'], 'scope1 scope2');
- }
-
- public function testValidCodeSameScope()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'authorization_code', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'code' => 'testcode-with-scope', // valid code
- 'scope' => 'scope2 scope1',
- ));
- $token = $server->grantAccessToken($request, new Response());
-
- $this->assertNotNull($token);
- $this->assertArrayHasKey('access_token', $token);
- $this->assertArrayHasKey('scope', $token);
- $this->assertEquals($token['scope'], 'scope2 scope1');
- }
-
- public function testValidCodeLessScope()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'authorization_code', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'code' => 'testcode-with-scope', // valid code
- 'scope' => 'scope1',
- ));
- $token = $server->grantAccessToken($request, new Response());
-
- $this->assertNotNull($token);
- $this->assertArrayHasKey('access_token', $token);
- $this->assertArrayHasKey('scope', $token);
- $this->assertEquals($token['scope'], 'scope1');
- }
-
- public function testValidCodeDifferentScope()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'authorization_code', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'code' => 'testcode-with-scope', // valid code
- 'scope' => 'scope3',
- ));
- $token = $server->grantAccessToken($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_scope');
- $this->assertEquals($response->getParameter('error_description'), 'The scope requested is invalid for this request');
- }
-
- public function testValidCodeInvalidScope()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'authorization_code', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'code' => 'testcode-with-scope', // valid code
- 'scope' => 'invalid-scope',
- ));
- $token = $server->grantAccessToken($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_scope');
- $this->assertEquals($response->getParameter('error_description'), 'The scope requested is invalid for this request');
- }
-
- public function testValidClientDifferentCode()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'authorization_code', // valid grant type
- 'client_id' => 'Test Some Other Client', // valid client id
- 'client_secret' => 'TestSecret3', // valid client secret
- 'code' => 'testcode', // valid code
- ));
- $token = $server->grantAccessToken($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_grant');
- $this->assertEquals($response->getParameter('error_description'), 'authorization_code doesn\'t exist or is invalid for the client');
- }
-
- private function getTestServer()
- {
- $storage = Bootstrap::getInstance()->getMemoryStorage();
- $server = new Server($storage);
- $server->addGrantType(new AuthorizationCode($storage));
-
- return $server;
- }
-}
diff --git a/library/oauth2/test/OAuth2/GrantType/ClientCredentialsTest.php b/library/oauth2/test/OAuth2/GrantType/ClientCredentialsTest.php
deleted file mode 100644
index f0d46ccb3..000000000
--- a/library/oauth2/test/OAuth2/GrantType/ClientCredentialsTest.php
+++ /dev/null
@@ -1,159 +0,0 @@
-<?php
-
-namespace OAuth2\GrantType;
-
-use OAuth2\Storage\Bootstrap;
-use OAuth2\Server;
-use OAuth2\Request\TestRequest;
-use OAuth2\Request;
-use OAuth2\Response;
-
-class ClientCredentialsTest extends \PHPUnit_Framework_TestCase
-{
- public function testInvalidCredentials()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'client_credentials', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'FakeSecret', // valid client secret
- ));
- $server->handleTokenRequest($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_client');
- $this->assertEquals($response->getParameter('error_description'), 'The client credentials are invalid');
- }
-
- public function testValidCredentials()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'client_credentials', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- ));
- $token = $server->grantAccessToken($request, new Response());
-
- $this->assertNotNull($token);
- $this->assertArrayHasKey('scope', $token);
- $this->assertNull($token['scope']);
- }
-
- public function testValidCredentialsWithScope()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'client_credentials', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'scope' => 'scope1',
- ));
- $token = $server->grantAccessToken($request, new Response());
-
- $this->assertNotNull($token);
- $this->assertArrayHasKey('access_token', $token);
- $this->assertArrayHasKey('scope', $token);
- $this->assertEquals($token['scope'], 'scope1');
- }
-
- public function testValidCredentialsInvalidScope()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'client_credentials', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'scope' => 'invalid-scope',
- ));
- $token = $server->grantAccessToken($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_scope');
- $this->assertEquals($response->getParameter('error_description'), 'An unsupported scope was requested');
- }
-
- public function testValidCredentialsInHeader()
- {
- // create with HTTP_AUTHORIZATION in header
- $server = $this->getTestServer();
- $headers = array('HTTP_AUTHORIZATION' => 'Basic '.base64_encode('Test Client ID:TestSecret'), 'REQUEST_METHOD' => 'POST');
- $params = array('grant_type' => 'client_credentials');
- $request = new Request(array(), $params, array(), array(), array(), $headers);
- $token = $server->grantAccessToken($request, new Response());
-
- $this->assertNotNull($token);
- $this->assertArrayHasKey('access_token', $token);
- $this->assertNotNull($token['access_token']);
-
- // create using PHP Authorization Globals
- $headers = array('PHP_AUTH_USER' => 'Test Client ID', 'PHP_AUTH_PW' => 'TestSecret', 'REQUEST_METHOD' => 'POST');
- $params = array('grant_type' => 'client_credentials');
- $request = new Request(array(), $params, array(), array(), array(), $headers);
- $token = $server->grantAccessToken($request, new Response());
-
- $this->assertNotNull($token);
- $this->assertArrayHasKey('access_token', $token);
- $this->assertNotNull($token['access_token']);
- }
-
- public function testValidCredentialsInRequest()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'client_credentials', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- ));
- $token = $server->grantAccessToken($request, new Response());
-
- $this->assertNotNull($token);
- $this->assertArrayHasKey('access_token', $token);
- $this->assertNotNull($token['access_token']);
- }
-
- public function testValidCredentialsInQuerystring()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'client_credentials', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- ));
- $token = $server->grantAccessToken($request, new Response());
-
- $this->assertNotNull($token);
- $this->assertArrayHasKey('access_token', $token);
- $this->assertNotNull($token['access_token']);
- }
-
- public function testClientUserIdIsSetInAccessToken()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'client_credentials', // valid grant type
- 'client_id' => 'Client ID With User ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- ));
- $token = $server->grantAccessToken($request, new Response());
-
- $this->assertNotNull($token);
- $this->assertArrayHasKey('access_token', $token);
-
- // verify the user_id was associated with the token
- $storage = $server->getStorage('client');
- $token = $storage->getAccessToken($token['access_token']);
- $this->assertNotNull($token);
- $this->assertArrayHasKey('user_id', $token);
- $this->assertEquals($token['user_id'], 'brent@brentertainment.com');
- }
-
- private function getTestServer()
- {
- $storage = Bootstrap::getInstance()->getMemoryStorage();
- $server = new Server($storage);
- $server->addGrantType(new ClientCredentials($storage));
-
- return $server;
- }
-}
diff --git a/library/oauth2/test/OAuth2/GrantType/ImplicitTest.php b/library/oauth2/test/OAuth2/GrantType/ImplicitTest.php
deleted file mode 100644
index a47aae3e8..000000000
--- a/library/oauth2/test/OAuth2/GrantType/ImplicitTest.php
+++ /dev/null
@@ -1,143 +0,0 @@
-<?php
-
-namespace OAuth2\GrantType;
-
-use OAuth2\Storage\Bootstrap;
-use OAuth2\Server;
-use OAuth2\Request;
-use OAuth2\Response;
-
-class ImplicitTest extends \PHPUnit_Framework_TestCase
-{
- public function testImplicitNotAllowedResponse()
- {
- $server = $this->getTestServer();
- $request = new Request(array(
- 'client_id' => 'Test Client ID', // valid client id
- 'redirect_uri' => 'http://adobe.com', // valid redirect URI
- 'response_type' => 'token', // invalid response type
- ));
- $server->handleAuthorizeRequest($request, $response = new Response(), false);
-
- $this->assertEquals($response->getStatusCode(), 302);
- $location = $response->getHttpHeader('Location');
- $parts = parse_url($location);
- parse_str($parts['query'], $query);
-
- $this->assertEquals($query['error'], 'unsupported_response_type');
- $this->assertEquals($query['error_description'], 'implicit grant type not supported');
- }
-
- public function testUserDeniesAccessResponse()
- {
- $server = $this->getTestServer(array('allow_implicit' => true));
- $request = new Request(array(
- 'client_id' => 'Test Client ID', // valid client id
- 'redirect_uri' => 'http://adobe.com', // valid redirect URI
- 'response_type' => 'token', // valid response type
- 'state' => 'xyz',
- ));
- $server->handleAuthorizeRequest($request, $response = new Response(), false);
-
- $this->assertEquals($response->getStatusCode(), 302);
- $location = $response->getHttpHeader('Location');
- $parts = parse_url($location);
- parse_str($parts['query'], $query);
-
- $this->assertEquals($query['error'], 'access_denied');
- $this->assertEquals($query['error_description'], 'The user denied access to your application');
- }
-
- public function testSuccessfulRequestFragmentParameter()
- {
- $server = $this->getTestServer(array('allow_implicit' => true));
- $request = new Request(array(
- 'client_id' => 'Test Client ID', // valid client id
- 'redirect_uri' => 'http://adobe.com', // valid redirect URI
- 'response_type' => 'token', // valid response type
- 'state' => 'xyz',
- ));
- $server->handleAuthorizeRequest($request, $response = new Response(), true);
-
- $this->assertEquals($response->getStatusCode(), 302);
- $this->assertNull($response->getParameter('error'));
- $this->assertNull($response->getParameter('error_description'));
-
- $location = $response->getHttpHeader('Location');
- $parts = parse_url($location);
-
- $this->assertEquals('http', $parts['scheme']); // same as passed in to redirect_uri
- $this->assertEquals('adobe.com', $parts['host']); // same as passed in to redirect_uri
- $this->assertArrayHasKey('fragment', $parts);
- $this->assertFalse(isset($parts['query']));
-
- // assert fragment is in "application/x-www-form-urlencoded" format
- parse_str($parts['fragment'], $params);
- $this->assertNotNull($params);
- $this->assertArrayHasKey('access_token', $params);
- $this->assertArrayHasKey('expires_in', $params);
- $this->assertArrayHasKey('token_type', $params);
- }
-
- public function testSuccessfulRequestReturnsStateParameter()
- {
- $server = $this->getTestServer(array('allow_implicit' => true));
- $request = new Request(array(
- 'client_id' => 'Test Client ID', // valid client id
- 'redirect_uri' => 'http://adobe.com', // valid redirect URI
- 'response_type' => 'token', // valid response type
- 'state' => 'test', // valid state string (just needs to be passed back to us)
- ));
- $server->handleAuthorizeRequest($request, $response = new Response(), true);
-
- $this->assertEquals($response->getStatusCode(), 302);
- $this->assertNull($response->getParameter('error'));
- $this->assertNull($response->getParameter('error_description'));
-
- $location = $response->getHttpHeader('Location');
- $parts = parse_url($location);
- $this->assertArrayHasKey('fragment', $parts);
- parse_str($parts['fragment'], $params);
-
- $this->assertArrayHasKey('state', $params);
- $this->assertEquals($params['state'], 'test');
- }
-
- public function testSuccessfulRequestStripsExtraParameters()
- {
- $server = $this->getTestServer(array('allow_implicit' => true));
- $request = new Request(array(
- 'client_id' => 'Test Client ID', // valid client id
- 'redirect_uri' => 'http://adobe.com?fake=something', // valid redirect URI
- 'response_type' => 'token', // valid response type
- 'state' => 'test', // valid state string (just needs to be passed back to us)
- 'fake' => 'something', // add extra param to querystring
- ));
- $server->handleAuthorizeRequest($request, $response = new Response(), true);
-
- $this->assertEquals($response->getStatusCode(), 302);
- $this->assertNull($response->getParameter('error'));
- $this->assertNull($response->getParameter('error_description'));
-
- $location = $response->getHttpHeader('Location');
- $parts = parse_url($location);
- $this->assertFalse(isset($parts['fake']));
- $this->assertArrayHasKey('fragment', $parts);
- parse_str($parts['fragment'], $params);
-
- $this->assertFalse(isset($params['fake']));
- $this->assertArrayHasKey('state', $params);
- $this->assertEquals($params['state'], 'test');
- }
-
- private function getTestServer($config = array())
- {
- $storage = Bootstrap::getInstance()->getMemoryStorage();
- $server = new Server($storage, $config);
-
- // Add the two types supported for authorization grant
- $server->addGrantType(new AuthorizationCode($storage));
-
- return $server;
- }
-}
diff --git a/library/oauth2/test/OAuth2/GrantType/JwtBearerTest.php b/library/oauth2/test/OAuth2/GrantType/JwtBearerTest.php
deleted file mode 100644
index 0a6c4b827..000000000
--- a/library/oauth2/test/OAuth2/GrantType/JwtBearerTest.php
+++ /dev/null
@@ -1,360 +0,0 @@
-<?php
-
-namespace OAuth2\GrantType;
-
-use OAuth2\Storage\Bootstrap;
-use OAuth2\Server;
-use OAuth2\Request\TestRequest;
-use OAuth2\Response;
-use OAuth2\Encryption\Jwt;
-
-class JwtBearerTest extends \PHPUnit_Framework_TestCase
-{
- private $privateKey;
-
- public function setUp()
- {
- $this->privateKey = <<<EOD
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQC5/SxVlE8gnpFqCxgl2wjhzY7ucEi00s0kUg3xp7lVEvgLgYcA
-nHiWp+gtSjOFfH2zsvpiWm6Lz5f743j/FEzHIO1owR0p4d9pOaJK07d01+RzoQLO
-IQAgXrr4T1CCWUesncwwPBVCyy2Mw3Nmhmr9MrF8UlvdRKBxriRnlP3qJQIDAQAB
-AoGAVgJJVU4fhYMu1e5JfYAcTGfF+Gf+h3iQm4JCpoUcxMXf5VpB9ztk3K7LRN5y
-kwFuFALpnUAarRcUPs0D8FoP4qBluKksbAtgHkO7bMSH9emN+mH4le4qpFlR7+P1
-3fLE2Y19IBwPwEfClC+TpJvuog6xqUYGPlg6XLq/MxQUB4ECQQDgovP1v+ONSeGS
-R+NgJTR47noTkQT3M2izlce/OG7a+O0yw6BOZjNXqH2wx3DshqMcPUFrTjibIClP
-l/tEQ3ShAkEA0/TdBYDtXpNNjqg0R9GVH2pw7Kh68ne6mZTuj0kCgFYpUF6L6iMm
-zXamIJ51rTDsTyKTAZ1JuAhAsK/M2BbDBQJAKQ5fXEkIA+i+64dsDUR/hKLBeRYG
-PFAPENONQGvGBwt7/s02XV3cgGbxIgAxqWkqIp0neb9AJUoJgtyaNe3GQQJANoL4
-QQ0af0NVJAZgg8QEHTNL3aGrFSbzx8IE5Lb7PLRsJa5bP5lQxnDoYuU+EI/Phr62
-niisp/b/ZDGidkTMXQJBALeRsH1I+LmICAvWXpLKa9Gv0zGCwkuIJLiUbV9c6CVh
-suocCAteQwL5iW2gA4AnYr5OGeHFsEl7NCQcwfPZpJ0=
------END RSA PRIVATE KEY-----
-EOD;
- }
-
- public function testMalformedJWT()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', // valid grant type
- ));
-
- //Get the jwt and break it
- $jwt = $this->getJWT();
- $jwt = substr_replace($jwt, 'broken', 3, 6);
-
- $request->request['assertion'] = $jwt;
-
- $server->grantAccessToken($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_request');
- $this->assertEquals($response->getParameter('error_description'), 'JWT is malformed');
- }
-
- public function testBrokenSignature()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', // valid grant type
- ));
-
- //Get the jwt and break signature
- $jwt = $this->getJWT() . 'notSupposeToBeHere';
- $request->request['assertion'] = $jwt;
-
- $server->grantAccessToken($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_grant');
- $this->assertEquals($response->getParameter('error_description'), 'JWT failed signature verification');
- }
-
- public function testExpiredJWT()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', // valid grant type
- ));
-
- //Get an expired JWT
- $jwt = $this->getJWT(1234);
- $request->request['assertion'] = $jwt;
-
- $server->grantAccessToken($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_grant');
- $this->assertEquals($response->getParameter('error_description'), 'JWT has expired');
- }
-
- public function testBadExp()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', // valid grant type
- ));
-
- //Get an expired JWT
- $jwt = $this->getJWT('badtimestamp');
- $request->request['assertion'] = $jwt;
-
- $server->grantAccessToken($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_grant');
- $this->assertEquals($response->getParameter('error_description'), 'Expiration (exp) time must be a unix time stamp');
- }
-
- public function testNoAssert()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', // valid grant type
- ));
-
- //Do not pass the assert (JWT)
-
- $server->grantAccessToken($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_request');
- $this->assertEquals($response->getParameter('error_description'), 'Missing parameters: "assertion" required');
- }
-
- public function testNotBefore()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', // valid grant type
- ));
-
- //Get a future NBF
- $jwt = $this->getJWT(null, time() + 10000);
- $request->request['assertion'] = $jwt;
-
- $server->grantAccessToken($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_grant');
- $this->assertEquals($response->getParameter('error_description'), 'JWT cannot be used before the Not Before (nbf) time');
- }
-
- public function testBadNotBefore()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', // valid grant type
- ));
-
- //Get a non timestamp nbf
- $jwt = $this->getJWT(null, 'notatimestamp');
- $request->request['assertion'] = $jwt;
-
- $server->grantAccessToken($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_grant');
- $this->assertEquals($response->getParameter('error_description'), 'Not Before (nbf) time must be a unix time stamp');
- }
-
- public function testNonMatchingAudience()
- {
- $server = $this->getTestServer('http://google.com/oauth/o/auth');
- $request = TestRequest::createPost(array(
- 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', // valid grant type
- 'assertion' => $this->getJWT(),
- ));
-
- $server->grantAccessToken($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_grant');
- $this->assertEquals($response->getParameter('error_description'), 'Invalid audience (aud)');
- }
-
- public function testBadClientID()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', // valid grant type
- 'assertion' => $this->getJWT(null, null, null, 'bad_client_id'),
- ));
-
- $server->grantAccessToken($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_grant');
- $this->assertEquals($response->getParameter('error_description'), 'Invalid issuer (iss) or subject (sub) provided');
- }
-
- public function testBadSubject()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', // valid grant type
- 'assertion' => $this->getJWT(null, null, 'anotheruser@ourdomain,com'),
- ));
-
- $server->grantAccessToken($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_grant');
- $this->assertEquals($response->getParameter('error_description'), 'Invalid issuer (iss) or subject (sub) provided');
- }
-
- public function testMissingKey()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', // valid grant type
- 'assertion' => $this->getJWT(null, null, null, 'Missing Key Cli,nt'),
- ));
-
- $server->grantAccessToken($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_grant');
- $this->assertEquals($response->getParameter('error_description'), 'Invalid issuer (iss) or subject (sub) provided');
- }
-
- public function testValidJwt()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', // valid grant type
- 'assertion' => $this->getJWT(), // valid assertion
- ));
-
- $token = $server->grantAccessToken($request, new Response());
- $this->assertNotNull($token);
- $this->assertArrayHasKey('access_token', $token);
- }
-
- public function testValidJwtWithScope()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', // valid grant type
- 'assertion' => $this->getJWT(null, null, null, 'Test Client ID'), // valid assertion
- 'scope' => 'scope1', // valid scope
- ));
- $token = $server->grantAccessToken($request, new Response());
-
- $this->assertNotNull($token);
- $this->assertArrayHasKey('access_token', $token);
- $this->assertArrayHasKey('scope', $token);
- $this->assertEquals($token['scope'], 'scope1');
- }
-
- public function testValidJwtInvalidScope()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', // valid grant type
- 'assertion' => $this->getJWT(null, null, null, 'Test Client ID'), // valid assertion
- 'scope' => 'invalid-scope', // invalid scope
- ));
- $token = $server->grantAccessToken($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_scope');
- $this->assertEquals($response->getParameter('error_description'), 'An unsupported scope was requested');
- }
-
- public function testValidJti()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', // valid grant type
- 'assertion' => $this->getJWT(null, null, 'testuser@ourdomain.com', 'Test Client ID', 'unused_jti'), // valid assertion with invalid scope
- ));
- $token = $server->grantAccessToken($request, $response = new Response());
-
- $this->assertNotNull($token);
- $this->assertArrayHasKey('access_token', $token);
- }
-
- public function testInvalidJti()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', // valid grant type
- 'assertion' => $this->getJWT(99999999900, null, 'testuser@ourdomain.com', 'Test Client ID', 'used_jti'), // valid assertion with invalid scope
- ));
- $token = $server->grantAccessToken($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_grant');
- $this->assertEquals($response->getParameter('error_description'), 'JSON Token Identifier (jti) has already been used');
- }
-
- public function testJtiReplayAttack()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', // valid grant type
- 'assertion' => $this->getJWT(99999999900, null, 'testuser@ourdomain.com', 'Test Client ID', 'totally_new_jti'), // valid assertion with invalid scope
- ));
- $token = $server->grantAccessToken($request, $response = new Response());
-
- $this->assertNotNull($token);
- $this->assertArrayHasKey('access_token', $token);
-
- //Replay the same request
- $token = $server->grantAccessToken($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_grant');
- $this->assertEquals($response->getParameter('error_description'), 'JSON Token Identifier (jti) has already been used');
- }
-
- /**
- * Generates a JWT
- * @param $exp The expiration date. If the current time is greater than the exp, the JWT is invalid.
- * @param $nbf The "not before" time. If the current time is less than the nbf, the JWT is invalid.
- * @param $sub The subject we are acting on behalf of. This could be the email address of the user in the system.
- * @param $iss The issuer, usually the client_id.
- * @return string
- */
- private function getJWT($exp = null, $nbf = null, $sub = null, $iss = 'Test Client ID', $jti = null)
- {
- if (!$exp) {
- $exp = time() + 1000;
- }
-
- if (!$sub) {
- $sub = "testuser@ourdomain.com";
- }
-
- $params = array(
- 'iss' => $iss,
- 'exp' => $exp,
- 'iat' => time(),
- 'sub' => $sub,
- 'aud' => 'http://myapp.com/oauth/auth',
- );
-
- if ($nbf) {
- $params['nbf'] = $nbf;
- }
-
- if ($jti) {
- $params['jti'] = $jti;
- }
-
- $jwtUtil = new Jwt();
-
- return $jwtUtil->encode($params, $this->privateKey, 'RS256');
- }
-
- private function getTestServer($audience = 'http://myapp.com/oauth/auth')
- {
- $storage = Bootstrap::getInstance()->getMemoryStorage();
- $server = new Server($storage);
- $server->addGrantType(new JwtBearer($storage, $audience, new Jwt()));
-
- return $server;
- }
-}
diff --git a/library/oauth2/test/OAuth2/GrantType/RefreshTokenTest.php b/library/oauth2/test/OAuth2/GrantType/RefreshTokenTest.php
deleted file mode 100644
index a458aad8a..000000000
--- a/library/oauth2/test/OAuth2/GrantType/RefreshTokenTest.php
+++ /dev/null
@@ -1,204 +0,0 @@
-<?php
-
-namespace OAuth2\GrantType;
-
-use OAuth2\Storage\Bootstrap;
-use OAuth2\Server;
-use OAuth2\Request\TestRequest;
-use OAuth2\Response;
-
-class RefreshTokenTest extends \PHPUnit_Framework_TestCase
-{
- private $storage;
-
- public function testNoRefreshToken()
- {
- $server = $this->getTestServer();
- $server->addGrantType(new RefreshToken($this->storage));
-
- $request = TestRequest::createPost(array(
- 'grant_type' => 'refresh_token', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- ));
- $server->grantAccessToken($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_request');
- $this->assertEquals($response->getParameter('error_description'), 'Missing parameter: "refresh_token" is required');
- }
-
- public function testInvalidRefreshToken()
- {
- $server = $this->getTestServer();
- $server->addGrantType(new RefreshToken($this->storage));
-
- $request = TestRequest::createPost(array(
- 'grant_type' => 'refresh_token', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'refresh_token' => 'fake-token', // invalid refresh token
- ));
- $server->grantAccessToken($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_grant');
- $this->assertEquals($response->getParameter('error_description'), 'Invalid refresh token');
- }
-
- public function testValidRefreshTokenWithNewRefreshTokenInResponse()
- {
- $server = $this->getTestServer();
- $server->addGrantType(new RefreshToken($this->storage, array('always_issue_new_refresh_token' => true)));
-
- $request = TestRequest::createPost(array(
- 'grant_type' => 'refresh_token', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'refresh_token' => 'test-refreshtoken', // valid refresh token
- ));
- $token = $server->grantAccessToken($request, new Response());
- $this->assertTrue(isset($token['refresh_token']), 'refresh token should always refresh');
-
- $refresh_token = $this->storage->getRefreshToken($token['refresh_token']);
- $this->assertNotNull($refresh_token);
- $this->assertEquals($refresh_token['refresh_token'], $token['refresh_token']);
- $this->assertEquals($refresh_token['client_id'], $request->request('client_id'));
- $this->assertTrue($token['refresh_token'] != 'test-refreshtoken', 'the refresh token returned is not the one used');
- $used_token = $this->storage->getRefreshToken('test-refreshtoken');
- $this->assertFalse($used_token, 'the refresh token used is no longer valid');
- }
-
- public function testValidRefreshTokenDoesNotUnsetToken()
- {
- $server = $this->getTestServer();
- $server->addGrantType(new RefreshToken($this->storage, array(
- 'always_issue_new_refresh_token' => true,
- 'unset_refresh_token_after_use' => false,
- )));
-
- $request = TestRequest::createPost(array(
- 'grant_type' => 'refresh_token', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'refresh_token' => 'test-refreshtoken', // valid refresh token
- ));
- $token = $server->grantAccessToken($request, new Response());
- $this->assertTrue(isset($token['refresh_token']), 'refresh token should always refresh');
-
- $used_token = $this->storage->getRefreshToken('test-refreshtoken');
- $this->assertNotNull($used_token, 'the refresh token used is still valid');
- }
-
- public function testValidRefreshTokenWithNoRefreshTokenInResponse()
- {
- $server = $this->getTestServer();
- $server->addGrantType(new RefreshToken($this->storage, array('always_issue_new_refresh_token' => false)));
-
- $request = TestRequest::createPost(array(
- 'grant_type' => 'refresh_token', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'refresh_token' => 'test-refreshtoken', // valid refresh token
- ));
- $token = $server->grantAccessToken($request, new Response());
- $this->assertFalse(isset($token['refresh_token']), 'refresh token should not be returned');
-
- $used_token = $this->storage->getRefreshToken('test-refreshtoken');
- $this->assertNotNull($used_token, 'the refresh token used is still valid');
- }
-
- public function testValidRefreshTokenSameScope()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'refresh_token', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'refresh_token' => 'test-refreshtoken-with-scope', // valid refresh token (with scope)
- 'scope' => 'scope2 scope1',
- ));
- $token = $server->grantAccessToken($request, new Response());
-
- $this->assertNotNull($token);
- $this->assertArrayHasKey('access_token', $token);
- $this->assertArrayHasKey('scope', $token);
- $this->assertEquals($token['scope'], 'scope2 scope1');
- }
-
- public function testValidRefreshTokenLessScope()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'refresh_token', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'refresh_token' => 'test-refreshtoken-with-scope', // valid refresh token (with scope)
- 'scope' => 'scope1',
- ));
- $token = $server->grantAccessToken($request, new Response());
-
- $this->assertNotNull($token);
- $this->assertArrayHasKey('access_token', $token);
- $this->assertArrayHasKey('scope', $token);
- $this->assertEquals($token['scope'], 'scope1');
- }
-
- public function testValidRefreshTokenDifferentScope()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'refresh_token', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'refresh_token' => 'test-refreshtoken-with-scope', // valid refresh token (with scope)
- 'scope' => 'scope3',
- ));
- $token = $server->grantAccessToken($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_scope');
- $this->assertEquals($response->getParameter('error_description'), 'The scope requested is invalid for this request');
- }
-
- public function testValidRefreshTokenInvalidScope()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'refresh_token', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'refresh_token' => 'test-refreshtoken-with-scope', // valid refresh token (with scope)
- 'scope' => 'invalid-scope',
- ));
- $token = $server->grantAccessToken($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_scope');
- $this->assertEquals($response->getParameter('error_description'), 'The scope requested is invalid for this request');
- }
-
- public function testValidClientDifferentRefreshToken()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'refresh_token', // valid grant type
- 'client_id' => 'Test Some Other Client', // valid client id
- 'client_secret' => 'TestSecret3', // valid client secret
- 'refresh_token' => 'test-refreshtoken', // valid refresh token
- ));
- $token = $server->grantAccessToken($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_grant');
- $this->assertEquals($response->getParameter('error_description'), 'refresh_token doesn\'t exist or is invalid for the client');
- }
-
- private function getTestServer()
- {
- $this->storage = Bootstrap::getInstance()->getMemoryStorage();
- $server = new Server($this->storage);
-
- return $server;
- }
-}
diff --git a/library/oauth2/test/OAuth2/GrantType/UserCredentialsTest.php b/library/oauth2/test/OAuth2/GrantType/UserCredentialsTest.php
deleted file mode 100644
index 18943d055..000000000
--- a/library/oauth2/test/OAuth2/GrantType/UserCredentialsTest.php
+++ /dev/null
@@ -1,172 +0,0 @@
-<?php
-
-namespace OAuth2\GrantType;
-
-use OAuth2\Storage\Bootstrap;
-use OAuth2\Server;
-use OAuth2\Request\TestRequest;
-use OAuth2\Response;
-
-class UserCredentialsTest extends \PHPUnit_Framework_TestCase
-{
- public function testNoUsername()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'password', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'password' => 'testpass', // valid password
- ));
- $server->grantAccessToken($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_request');
- $this->assertEquals($response->getParameter('error_description'), 'Missing parameters: "username" and "password" required');
- }
-
- public function testNoPassword()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'password', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'username' => 'test-username', // valid username
- ));
- $server->grantAccessToken($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_request');
- $this->assertEquals($response->getParameter('error_description'), 'Missing parameters: "username" and "password" required');
- }
-
- public function testInvalidUsername()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'password', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'username' => 'fake-username', // valid username
- 'password' => 'testpass', // valid password
- ));
- $token = $server->grantAccessToken($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 401);
- $this->assertEquals($response->getParameter('error'), 'invalid_grant');
- $this->assertEquals($response->getParameter('error_description'), 'Invalid username and password combination');
- }
-
- public function testInvalidPassword()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'password', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'username' => 'test-username', // valid username
- 'password' => 'fakepass', // invalid password
- ));
- $token = $server->grantAccessToken($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 401);
- $this->assertEquals($response->getParameter('error'), 'invalid_grant');
- $this->assertEquals($response->getParameter('error_description'), 'Invalid username and password combination');
- }
-
- public function testValidCredentials()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'password', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'username' => 'test-username', // valid username
- 'password' => 'testpass', // valid password
- ));
- $token = $server->grantAccessToken($request, new Response());
-
- $this->assertNotNull($token);
- $this->assertArrayHasKey('access_token', $token);
- }
-
- public function testValidCredentialsWithScope()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'password', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'username' => 'test-username', // valid username
- 'password' => 'testpass', // valid password
- 'scope' => 'scope1', // valid scope
- ));
- $token = $server->grantAccessToken($request, new Response());
-
- $this->assertNotNull($token);
- $this->assertArrayHasKey('access_token', $token);
- $this->assertArrayHasKey('scope', $token);
- $this->assertEquals($token['scope'], 'scope1');
- }
-
- public function testValidCredentialsInvalidScope()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'password', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'username' => 'test-username', // valid username
- 'password' => 'testpass', // valid password
- 'scope' => 'invalid-scope',
- ));
- $token = $server->grantAccessToken($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_scope');
- $this->assertEquals($response->getParameter('error_description'), 'An unsupported scope was requested');
- }
-
- public function testNoSecretWithPublicClient()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'password', // valid grant type
- 'client_id' => 'Test Client ID Empty Secret', // valid public client
- 'username' => 'test-username', // valid username
- 'password' => 'testpass', // valid password
- ));
-
- $token = $server->grantAccessToken($request, $response = new Response());
-
- $this->assertNotNull($token);
- $this->assertArrayHasKey('access_token', $token);
- }
-
- public function testNoSecretWithConfidentialClient()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'password', // valid grant type
- 'client_id' => 'Test Client ID', // valid public client
- 'username' => 'test-username', // valid username
- 'password' => 'testpass', // valid password
- ));
-
- $token = $server->grantAccessToken($request, $response = new Response());
-
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_client');
- $this->assertEquals($response->getParameter('error_description'), 'This client is invalid or must authenticate using a client secret');
- }
-
- private function getTestServer()
- {
- $storage = Bootstrap::getInstance()->getMemoryStorage();
- $server = new Server($storage);
- $server->addGrantType(new UserCredentials($storage));
-
- return $server;
- }
-}
diff --git a/library/oauth2/test/OAuth2/OpenID/Controller/AuthorizeControllerTest.php b/library/oauth2/test/OAuth2/OpenID/Controller/AuthorizeControllerTest.php
deleted file mode 100644
index 46de936d8..000000000
--- a/library/oauth2/test/OAuth2/OpenID/Controller/AuthorizeControllerTest.php
+++ /dev/null
@@ -1,182 +0,0 @@
-<?php
-
-namespace OAuth2\OpenID\Controller;
-
-use OAuth2\Storage\Bootstrap;
-use OAuth2\Server;
-use OAuth2\Request;
-use OAuth2\Response;
-
-class AuthorizeControllerTest extends \PHPUnit_Framework_TestCase
-{
- public function testValidateAuthorizeRequest()
- {
- $server = $this->getTestServer();
-
- $response = new Response();
- $request = new Request(array(
- 'client_id' => 'Test Client ID', // valid client id
- 'redirect_uri' => 'http://adobe.com', // valid redirect URI
- 'response_type' => 'id_token',
- 'state' => 'af0ifjsldkj',
- 'nonce' => 'n-0S6_WzA2Mj',
- ));
-
- // Test valid id_token request
- $server->handleAuthorizeRequest($request, $response, true);
-
- $parts = parse_url($response->getHttpHeader('Location'));
- parse_str($parts['fragment'], $query);
-
- $this->assertEquals('n-0S6_WzA2Mj', $server->getAuthorizeController()->getNonce());
- $this->assertEquals($query['state'], 'af0ifjsldkj');
-
- $this->assertArrayHasKey('id_token', $query);
- $this->assertArrayHasKey('state', $query);
- $this->assertArrayNotHasKey('access_token', $query);
- $this->assertArrayNotHasKey('expires_in', $query);
- $this->assertArrayNotHasKey('token_type', $query);
-
- // Test valid token id_token request
- $request->query['response_type'] = 'id_token token';
- $server->handleAuthorizeRequest($request, $response, true);
-
- $parts = parse_url($response->getHttpHeader('Location'));
- parse_str($parts['fragment'], $query);
-
- $this->assertEquals('n-0S6_WzA2Mj', $server->getAuthorizeController()->getNonce());
- $this->assertEquals($query['state'], 'af0ifjsldkj');
-
- $this->assertArrayHasKey('access_token', $query);
- $this->assertArrayHasKey('expires_in', $query);
- $this->assertArrayHasKey('token_type', $query);
- $this->assertArrayHasKey('state', $query);
- $this->assertArrayHasKey('id_token', $query);
-
- // assert that with multiple-valued response types, order does not matter
- $request->query['response_type'] = 'token id_token';
- $server->handleAuthorizeRequest($request, $response, true);
-
- $parts = parse_url($response->getHttpHeader('Location'));
- parse_str($parts['fragment'], $query);
-
- $this->assertEquals('n-0S6_WzA2Mj', $server->getAuthorizeController()->getNonce());
- $this->assertEquals($query['state'], 'af0ifjsldkj');
-
- $this->assertArrayHasKey('access_token', $query);
- $this->assertArrayHasKey('expires_in', $query);
- $this->assertArrayHasKey('token_type', $query);
- $this->assertArrayHasKey('state', $query);
- $this->assertArrayHasKey('id_token', $query);
-
- // assert that with multiple-valued response types with extra spaces do not matter
- $request->query['response_type'] = ' token id_token ';
- $server->handleAuthorizeRequest($request, $response, true);
-
- $parts = parse_url($response->getHttpHeader('Location'));
- parse_str($parts['fragment'], $query);
-
- $this->assertEquals('n-0S6_WzA2Mj', $server->getAuthorizeController()->getNonce());
- $this->assertEquals($query['state'], 'af0ifjsldkj');
-
- $this->assertArrayHasKey('access_token', $query);
- $this->assertArrayHasKey('expires_in', $query);
- $this->assertArrayHasKey('token_type', $query);
- $this->assertArrayHasKey('state', $query);
- $this->assertArrayHasKey('id_token', $query);
- }
-
- public function testMissingNonce()
- {
- $server = $this->getTestServer();
- $authorize = $server->getAuthorizeController();
-
- $response = new Response();
- $request = new Request(array(
- 'client_id' => 'Test Client ID', // valid client id
- 'redirect_uri' => 'http://adobe.com', // valid redirect URI
- 'response_type' => 'id_token',
- 'state' => 'xyz',
- ));
-
- // Test missing nonce for 'id_token' response type
- $server->handleAuthorizeRequest($request, $response, true);
- $params = $response->getParameters();
-
- $this->assertEquals($params['error'], 'invalid_nonce');
- $this->assertEquals($params['error_description'], 'This application requires you specify a nonce parameter');
-
- // Test missing nonce for 'id_token token' response type
- $request->query['response_type'] = 'id_token token';
- $server->handleAuthorizeRequest($request, $response, true);
- $params = $response->getParameters();
-
- $this->assertEquals($params['error'], 'invalid_nonce');
- $this->assertEquals($params['error_description'], 'This application requires you specify a nonce parameter');
- }
-
- public function testNotGrantedApplication()
- {
- $server = $this->getTestServer();
-
- $response = new Response();
- $request = new Request(array(
- 'client_id' => 'Test Client ID', // valid client id
- 'redirect_uri' => 'http://adobe.com', // valid redirect URI
- 'response_type' => 'id_token',
- 'state' => 'af0ifjsldkj',
- 'nonce' => 'n-0S6_WzA2Mj',
- ));
-
- // Test not approved application
- $server->handleAuthorizeRequest($request, $response, false);
-
- $params = $response->getParameters();
-
- $this->assertEquals($params['error'], 'consent_required');
- $this->assertEquals($params['error_description'], 'The user denied access to your application');
-
- // Test not approved application with prompt parameter
- $request->query['prompt'] = 'none';
- $server->handleAuthorizeRequest($request, $response, false);
-
- $params = $response->getParameters();
-
- $this->assertEquals($params['error'], 'login_required');
- $this->assertEquals($params['error_description'], 'The user must log in');
-
- // Test not approved application with user_id set
- $request->query['prompt'] = 'none';
- $server->handleAuthorizeRequest($request, $response, false, 'some-user-id');
-
- $params = $response->getParameters();
-
- $this->assertEquals($params['error'], 'interaction_required');
- $this->assertEquals($params['error_description'], 'The user must grant access to your application');
- }
-
- public function testNeedsIdToken()
- {
- $server = $this->getTestServer();
- $authorize = $server->getAuthorizeController();
-
- $this->assertTrue($authorize->needsIdToken('openid'));
- $this->assertTrue($authorize->needsIdToken('openid profile'));
- $this->assertFalse($authorize->needsIdToken(''));
- $this->assertFalse($authorize->needsIdToken('some-scope'));
- }
-
- private function getTestServer($config = array())
- {
- $config += array(
- 'use_openid_connect' => true,
- 'issuer' => 'phpunit',
- 'allow_implicit' => true
- );
-
- $storage = Bootstrap::getInstance()->getMemoryStorage();
- $server = new Server($storage, $config);
-
- return $server;
- }
-}
diff --git a/library/oauth2/test/OAuth2/OpenID/Controller/UserInfoControllerTest.php b/library/oauth2/test/OAuth2/OpenID/Controller/UserInfoControllerTest.php
deleted file mode 100644
index b1b687077..000000000
--- a/library/oauth2/test/OAuth2/OpenID/Controller/UserInfoControllerTest.php
+++ /dev/null
@@ -1,44 +0,0 @@
-<?php
-
-namespace OAuth2\OpenID\Controller;
-
-use OAuth2\Storage\Bootstrap;
-use OAuth2\Server;
-use OAuth2\Request;
-use OAuth2\Response;
-
-class UserInfoControllerTest extends \PHPUnit_Framework_TestCase
-{
- public function testCreateController()
- {
- $tokenType = new \OAuth2\TokenType\Bearer();
- $storage = new \OAuth2\Storage\Memory();
- $controller = new UserInfoController($tokenType, $storage, $storage);
-
- $response = new Response();
- $controller->handleUserInfoRequest(new Request(), $response);
- $this->assertEquals(401, $response->getStatusCode());
- }
-
- public function testValidToken()
- {
- $server = $this->getTestServer();
- $request = Request::createFromGlobals();
- $request->headers['AUTHORIZATION'] = 'Bearer accesstoken-openid-connect';
- $response = new Response();
-
- $server->handleUserInfoRequest($request, $response);
- $parameters = $response->getParameters();
- $this->assertEquals($parameters['sub'], 'testuser');
- $this->assertEquals($parameters['email'], 'testuser@test.com');
- $this->assertEquals($parameters['email_verified'], true);
- }
-
- private function getTestServer($config = array())
- {
- $storage = Bootstrap::getInstance()->getMemoryStorage();
- $server = new Server($storage, $config);
-
- return $server;
- }
-}
diff --git a/library/oauth2/test/OAuth2/OpenID/GrantType/AuthorizationCodeTest.php b/library/oauth2/test/OAuth2/OpenID/GrantType/AuthorizationCodeTest.php
deleted file mode 100644
index 776002d1e..000000000
--- a/library/oauth2/test/OAuth2/OpenID/GrantType/AuthorizationCodeTest.php
+++ /dev/null
@@ -1,57 +0,0 @@
-<?php
-
-namespace OAuth2\OpenID\GrantType;
-
-use OAuth2\Storage\Bootstrap;
-use OAuth2\Server;
-use OAuth2\Request\TestRequest;
-use OAuth2\Response;
-
-class AuthorizationCodeTest extends \PHPUnit_Framework_TestCase
-{
- public function testValidCode()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'authorization_code', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'code' => 'testcode-openid', // valid code
- ));
- $token = $server->grantAccessToken($request, new Response());
-
- $this->assertNotNull($token);
- $this->assertArrayHasKey('id_token', $token);
- $this->assertEquals('test_id_token', $token['id_token']);
-
- // this is only true if "offline_access" was requested
- $this->assertFalse(isset($token['refresh_token']));
- }
-
- public function testOfflineAccess()
- {
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'authorization_code', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'code' => 'testcode-openid', // valid code
- 'scope' => 'offline_access', // valid code
- ));
- $token = $server->grantAccessToken($request, new Response());
-
- $this->assertNotNull($token);
- $this->assertArrayHasKey('id_token', $token);
- $this->assertEquals('test_id_token', $token['id_token']);
- $this->assertTrue(isset($token['refresh_token']));
- }
-
- private function getTestServer()
- {
- $storage = Bootstrap::getInstance()->getMemoryStorage();
- $server = new Server($storage, array('use_openid_connect' => true));
- $server->addGrantType(new AuthorizationCode($storage));
-
- return $server;
- }
-}
diff --git a/library/oauth2/test/OAuth2/OpenID/ResponseType/CodeIdTokenTest.php b/library/oauth2/test/OAuth2/OpenID/ResponseType/CodeIdTokenTest.php
deleted file mode 100644
index b0311434a..000000000
--- a/library/oauth2/test/OAuth2/OpenID/ResponseType/CodeIdTokenTest.php
+++ /dev/null
@@ -1,182 +0,0 @@
-<?php
-
-namespace OAuth2\OpenID\ResponseType;
-
-use OAuth2\Server;
-use OAuth2\Request;
-use OAuth2\Response;
-use OAuth2\Storage\Bootstrap;
-use OAuth2\GrantType\ClientCredentials;
-
-class CodeIdTokenTest extends \PHPUnit_Framework_TestCase
-{
- public function testHandleAuthorizeRequest()
- {
- // add the test parameters in memory
- $server = $this->getTestServer();
-
- $request = new Request(array(
- 'response_type' => 'code id_token',
- 'redirect_uri' => 'http://adobe.com',
- 'client_id' => 'Test Client ID',
- 'scope' => 'openid',
- 'state' => 'test',
- 'nonce' => 'test',
- ));
-
- $server->handleAuthorizeRequest($request, $response = new Response(), true);
-
- $this->assertEquals($response->getStatusCode(), 302);
- $location = $response->getHttpHeader('Location');
- $this->assertNotContains('error', $location);
-
- $parts = parse_url($location);
- $this->assertArrayHasKey('query', $parts);
-
- // assert fragment is in "application/x-www-form-urlencoded" format
- parse_str($parts['query'], $params);
- $this->assertNotNull($params);
- $this->assertArrayHasKey('id_token', $params);
- $this->assertArrayHasKey('code', $params);
-
- // validate ID Token
- $parts = explode('.', $params['id_token']);
- foreach ($parts as &$part) {
- // Each part is a base64url encoded json string.
- $part = str_replace(array('-', '_'), array('+', '/'), $part);
- $part = base64_decode($part);
- $part = json_decode($part, true);
- }
- list($header, $claims, $signature) = $parts;
-
- $this->assertArrayHasKey('iss', $claims);
- $this->assertArrayHasKey('sub', $claims);
- $this->assertArrayHasKey('aud', $claims);
- $this->assertArrayHasKey('iat', $claims);
- $this->assertArrayHasKey('exp', $claims);
- $this->assertArrayHasKey('auth_time', $claims);
- $this->assertArrayHasKey('nonce', $claims);
-
- // only exists if an access token was granted along with the id_token
- $this->assertArrayNotHasKey('at_hash', $claims);
-
- $this->assertEquals($claims['iss'], 'test');
- $this->assertEquals($claims['aud'], 'Test Client ID');
- $this->assertEquals($claims['nonce'], 'test');
- $duration = $claims['exp'] - $claims['iat'];
- $this->assertEquals($duration, 3600);
- }
-
- public function testUserClaimsWithUserId()
- {
- // add the test parameters in memory
- $server = $this->getTestServer();
-
- $request = new Request(array(
- 'response_type' => 'code id_token',
- 'redirect_uri' => 'http://adobe.com',
- 'client_id' => 'Test Client ID',
- 'scope' => 'openid email',
- 'state' => 'test',
- 'nonce' => 'test',
- ));
-
- $userId = 'testuser';
- $server->handleAuthorizeRequest($request, $response = new Response(), true, $userId);
-
- $this->assertEquals($response->getStatusCode(), 302);
- $location = $response->getHttpHeader('Location');
- $this->assertNotContains('error', $location);
-
- $parts = parse_url($location);
- $this->assertArrayHasKey('query', $parts);
-
- // assert fragment is in "application/x-www-form-urlencoded" format
- parse_str($parts['query'], $params);
- $this->assertNotNull($params);
- $this->assertArrayHasKey('id_token', $params);
- $this->assertArrayHasKey('code', $params);
-
- // validate ID Token
- $parts = explode('.', $params['id_token']);
- foreach ($parts as &$part) {
- // Each part is a base64url encoded json string.
- $part = str_replace(array('-', '_'), array('+', '/'), $part);
- $part = base64_decode($part);
- $part = json_decode($part, true);
- }
- list($header, $claims, $signature) = $parts;
-
- $this->assertArrayHasKey('email', $claims);
- $this->assertArrayHasKey('email_verified', $claims);
- $this->assertNotNull($claims['email']);
- $this->assertNotNull($claims['email_verified']);
- }
-
- public function testUserClaimsWithoutUserId()
- {
- // add the test parameters in memory
- $server = $this->getTestServer();
-
- $request = new Request(array(
- 'response_type' => 'code id_token',
- 'redirect_uri' => 'http://adobe.com',
- 'client_id' => 'Test Client ID',
- 'scope' => 'openid email',
- 'state' => 'test',
- 'nonce' => 'test',
- ));
-
- $userId = null;
- $server->handleAuthorizeRequest($request, $response = new Response(), true, $userId);
-
- $this->assertEquals($response->getStatusCode(), 302);
- $location = $response->getHttpHeader('Location');
- $this->assertNotContains('error', $location);
-
- $parts = parse_url($location);
- $this->assertArrayHasKey('query', $parts);
-
- // assert fragment is in "application/x-www-form-urlencoded" format
- parse_str($parts['query'], $params);
- $this->assertNotNull($params);
- $this->assertArrayHasKey('id_token', $params);
- $this->assertArrayHasKey('code', $params);
-
- // validate ID Token
- $parts = explode('.', $params['id_token']);
- foreach ($parts as &$part) {
- // Each part is a base64url encoded json string.
- $part = str_replace(array('-', '_'), array('+', '/'), $part);
- $part = base64_decode($part);
- $part = json_decode($part, true);
- }
- list($header, $claims, $signature) = $parts;
-
- $this->assertArrayNotHasKey('email', $claims);
- $this->assertArrayNotHasKey('email_verified', $claims);
- }
-
- private function getTestServer($config = array())
- {
- $config += array(
- 'use_openid_connect' => true,
- 'issuer' => 'test',
- 'id_lifetime' => 3600,
- 'allow_implicit' => true,
- );
-
- $memoryStorage = Bootstrap::getInstance()->getMemoryStorage();
- $memoryStorage->supportedScopes[] = 'email';
- $responseTypes = array(
- 'code' => $code = new AuthorizationCode($memoryStorage),
- 'id_token' => $idToken = new IdToken($memoryStorage, $memoryStorage, $config),
- 'code id_token' => new CodeIdToken($code, $idToken),
- );
-
- $server = new Server($memoryStorage, $config, array(), $responseTypes);
- $server->addGrantType(new ClientCredentials($memoryStorage));
-
- return $server;
- }
-}
diff --git a/library/oauth2/test/OAuth2/OpenID/ResponseType/IdTokenTest.php b/library/oauth2/test/OAuth2/OpenID/ResponseType/IdTokenTest.php
deleted file mode 100644
index e772f6be4..000000000
--- a/library/oauth2/test/OAuth2/OpenID/ResponseType/IdTokenTest.php
+++ /dev/null
@@ -1,184 +0,0 @@
-<?php
-
-namespace OAuth2\OpenID\ResponseType;
-
-use OAuth2\Server;
-use OAuth2\Request;
-use OAuth2\Response;
-use OAuth2\Storage\Bootstrap;
-use OAuth2\GrantType\ClientCredentials;
-use OAuth2\Encryption\Jwt;
-
-class IdTokenTest extends \PHPUnit_Framework_TestCase
-{
- public function testValidateAuthorizeRequest()
- {
- $query = array(
- 'response_type' => 'id_token',
- 'redirect_uri' => 'http://adobe.com',
- 'client_id' => 'Test Client ID',
- 'scope' => 'openid',
- 'state' => 'test',
- );
-
- // attempt to do the request without a nonce.
- $server = $this->getTestServer(array('allow_implicit' => true));
- $request = new Request($query);
- $valid = $server->validateAuthorizeRequest($request, $response = new Response());
-
- // Add a nonce and retry.
- $query['nonce'] = 'test';
- $request = new Request($query);
- $valid = $server->validateAuthorizeRequest($request, $response = new Response());
- $this->assertTrue($valid);
- }
-
- public function testHandleAuthorizeRequest()
- {
- // add the test parameters in memory
- $server = $this->getTestServer(array('allow_implicit' => true));
- $request = new Request(array(
- 'response_type' => 'id_token',
- 'redirect_uri' => 'http://adobe.com',
- 'client_id' => 'Test Client ID',
- 'scope' => 'openid email',
- 'state' => 'test',
- 'nonce' => 'test',
- ));
-
- $user_id = 'testuser';
- $server->handleAuthorizeRequest($request, $response = new Response(), true, $user_id);
-
- $this->assertEquals($response->getStatusCode(), 302);
- $location = $response->getHttpHeader('Location');
- $this->assertNotContains('error', $location);
-
- $parts = parse_url($location);
- $this->assertArrayHasKey('fragment', $parts);
- $this->assertFalse(isset($parts['query']));
-
- // assert fragment is in "application/x-www-form-urlencoded" format
- parse_str($parts['fragment'], $params);
- $this->assertNotNull($params);
- $this->assertArrayHasKey('id_token', $params);
- $this->assertArrayNotHasKey('access_token', $params);
- $this->validateIdToken($params['id_token']);
- }
-
- public function testPassInAuthTime()
- {
- $server = $this->getTestServer(array('allow_implicit' => true));
- $request = new Request(array(
- 'response_type' => 'id_token',
- 'redirect_uri' => 'http://adobe.com',
- 'client_id' => 'Test Client ID',
- 'scope' => 'openid email',
- 'state' => 'test',
- 'nonce' => 'test',
- ));
-
- // test with a scalar user id
- $user_id = 'testuser123';
- $server->handleAuthorizeRequest($request, $response = new Response(), true, $user_id);
-
- list($header, $payload, $signature) = $this->extractTokenDataFromResponse($response);
-
- $this->assertTrue(is_array($payload));
- $this->assertArrayHasKey('sub', $payload);
- $this->assertEquals($user_id, $payload['sub']);
- $this->assertArrayHasKey('auth_time', $payload);
-
- // test with an array of user info
- $userInfo = array(
- 'user_id' => 'testuser1234',
- 'auth_time' => date('Y-m-d H:i:s', strtotime('20 minutes ago')
- ));
-
- $server->handleAuthorizeRequest($request, $response = new Response(), true, $userInfo);
-
- list($header, $payload, $signature) = $this->extractTokenDataFromResponse($response);
-
- $this->assertTrue(is_array($payload));
- $this->assertArrayHasKey('sub', $payload);
- $this->assertEquals($userInfo['user_id'], $payload['sub']);
- $this->assertArrayHasKey('auth_time', $payload);
- $this->assertEquals($userInfo['auth_time'], $payload['auth_time']);
- }
-
- private function extractTokenDataFromResponse(Response $response)
- {
- $this->assertEquals($response->getStatusCode(), 302);
- $location = $response->getHttpHeader('Location');
- $this->assertNotContains('error', $location);
-
- $parts = parse_url($location);
- $this->assertArrayHasKey('fragment', $parts);
- $this->assertFalse(isset($parts['query']));
-
- parse_str($parts['fragment'], $params);
- $this->assertNotNull($params);
- $this->assertArrayHasKey('id_token', $params);
- $this->assertArrayNotHasKey('access_token', $params);
-
- list($headb64, $payloadb64, $signature) = explode('.', $params['id_token']);
-
- $jwt = new Jwt();
- $header = json_decode($jwt->urlSafeB64Decode($headb64), true);
- $payload = json_decode($jwt->urlSafeB64Decode($payloadb64), true);
-
- return array($header, $payload, $signature);
- }
-
- private function validateIdToken($id_token)
- {
- $parts = explode('.', $id_token);
- foreach ($parts as &$part) {
- // Each part is a base64url encoded json string.
- $part = str_replace(array('-', '_'), array('+', '/'), $part);
- $part = base64_decode($part);
- $part = json_decode($part, true);
- }
- list($header, $claims, $signature) = $parts;
-
- $this->assertArrayHasKey('iss', $claims);
- $this->assertArrayHasKey('sub', $claims);
- $this->assertArrayHasKey('aud', $claims);
- $this->assertArrayHasKey('iat', $claims);
- $this->assertArrayHasKey('exp', $claims);
- $this->assertArrayHasKey('auth_time', $claims);
- $this->assertArrayHasKey('nonce', $claims);
- $this->assertArrayHasKey('email', $claims);
- $this->assertArrayHasKey('email_verified', $claims);
-
- $this->assertEquals($claims['iss'], 'test');
- $this->assertEquals($claims['aud'], 'Test Client ID');
- $this->assertEquals($claims['nonce'], 'test');
- $this->assertEquals($claims['email'], 'testuser@test.com');
- $duration = $claims['exp'] - $claims['iat'];
- $this->assertEquals($duration, 3600);
- }
-
- private function getTestServer($config = array())
- {
- $config += array(
- 'use_openid_connect' => true,
- 'issuer' => 'test',
- 'id_lifetime' => 3600,
- );
-
- $memoryStorage = Bootstrap::getInstance()->getMemoryStorage();
- $memoryStorage->supportedScopes[] = 'email';
- $storage = array(
- 'client' => $memoryStorage,
- 'scope' => $memoryStorage,
- );
- $responseTypes = array(
- 'id_token' => new IdToken($memoryStorage, $memoryStorage, $config),
- );
-
- $server = new Server($storage, $config, array(), $responseTypes);
- $server->addGrantType(new ClientCredentials($memoryStorage));
-
- return $server;
- }
-}
diff --git a/library/oauth2/test/OAuth2/OpenID/ResponseType/IdTokenTokenTest.php b/library/oauth2/test/OAuth2/OpenID/ResponseType/IdTokenTokenTest.php
deleted file mode 100644
index bc564d37b..000000000
--- a/library/oauth2/test/OAuth2/OpenID/ResponseType/IdTokenTokenTest.php
+++ /dev/null
@@ -1,91 +0,0 @@
-<?php
-
-namespace OAuth2\OpenID\ResponseType;
-
-use OAuth2\Server;
-use OAuth2\Request;
-use OAuth2\Response;
-use OAuth2\Storage\Bootstrap;
-use OAuth2\GrantType\ClientCredentials;
-use OAuth2\ResponseType\AccessToken;
-
-class IdTokenTokenTest extends \PHPUnit_Framework_TestCase
-{
-
- public function testHandleAuthorizeRequest()
- {
- // add the test parameters in memory
- $server = $this->getTestServer(array('allow_implicit' => true));
-
- $request = new Request(array(
- 'response_type' => 'id_token token',
- 'redirect_uri' => 'http://adobe.com',
- 'client_id' => 'Test Client ID',
- 'scope' => 'openid',
- 'state' => 'test',
- 'nonce' => 'test',
- ));
-
- $server->handleAuthorizeRequest($request, $response = new Response(), true);
-
- $this->assertEquals($response->getStatusCode(), 302);
- $location = $response->getHttpHeader('Location');
- $this->assertNotContains('error', $location);
-
- $parts = parse_url($location);
- $this->assertArrayHasKey('fragment', $parts);
- $this->assertFalse(isset($parts['query']));
-
- // assert fragment is in "application/x-www-form-urlencoded" format
- parse_str($parts['fragment'], $params);
- $this->assertNotNull($params);
- $this->assertArrayHasKey('id_token', $params);
- $this->assertArrayHasKey('access_token', $params);
-
- // validate ID Token
- $parts = explode('.', $params['id_token']);
- foreach ($parts as &$part) {
- // Each part is a base64url encoded json string.
- $part = str_replace(array('-', '_'), array('+', '/'), $part);
- $part = base64_decode($part);
- $part = json_decode($part, true);
- }
- list($header, $claims, $signature) = $parts;
-
- $this->assertArrayHasKey('iss', $claims);
- $this->assertArrayHasKey('sub', $claims);
- $this->assertArrayHasKey('aud', $claims);
- $this->assertArrayHasKey('iat', $claims);
- $this->assertArrayHasKey('exp', $claims);
- $this->assertArrayHasKey('auth_time', $claims);
- $this->assertArrayHasKey('nonce', $claims);
- $this->assertArrayHasKey('at_hash', $claims);
-
- $this->assertEquals($claims['iss'], 'test');
- $this->assertEquals($claims['aud'], 'Test Client ID');
- $this->assertEquals($claims['nonce'], 'test');
- $duration = $claims['exp'] - $claims['iat'];
- $this->assertEquals($duration, 3600);
- }
-
- private function getTestServer($config = array())
- {
- $config += array(
- 'use_openid_connect' => true,
- 'issuer' => 'test',
- 'id_lifetime' => 3600,
- );
-
- $memoryStorage = Bootstrap::getInstance()->getMemoryStorage();
- $responseTypes = array(
- 'token' => $token = new AccessToken($memoryStorage, $memoryStorage),
- 'id_token' => $idToken = new IdToken($memoryStorage, $memoryStorage, $config),
- 'id_token token' => new IdTokenToken($token, $idToken),
- );
-
- $server = new Server($memoryStorage, $config, array(), $responseTypes);
- $server->addGrantType(new ClientCredentials($memoryStorage));
-
- return $server;
- }
-}
diff --git a/library/oauth2/test/OAuth2/OpenID/Storage/AuthorizationCodeTest.php b/library/oauth2/test/OAuth2/OpenID/Storage/AuthorizationCodeTest.php
deleted file mode 100644
index bdfb085e3..000000000
--- a/library/oauth2/test/OAuth2/OpenID/Storage/AuthorizationCodeTest.php
+++ /dev/null
@@ -1,95 +0,0 @@
-<?php
-
-namespace OAuth2\OpenID\Storage;
-
-use OAuth2\Storage\BaseTest;
-use OAuth2\Storage\NullStorage;
-
-class AuthorizationCodeTest extends BaseTest
-{
- /** @dataProvider provideStorage */
- public function testCreateAuthorizationCode($storage)
- {
- if ($storage instanceof NullStorage) {
- $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage());
-
- return;
- }
-
- if (!$storage instanceof AuthorizationCodeInterface) {
- return;
- }
-
- // assert code we are about to add does not exist
- $code = $storage->getAuthorizationCode('new-openid-code');
- $this->assertFalse($code);
-
- // add new code
- $expires = time() + 20;
- $scope = null;
- $id_token = 'fake_id_token';
- $success = $storage->setAuthorizationCode('new-openid-code', 'client ID', 'SOMEUSERID', 'http://example.com', $expires, $scope, $id_token);
- $this->assertTrue($success);
-
- $code = $storage->getAuthorizationCode('new-openid-code');
- $this->assertNotNull($code);
- $this->assertArrayHasKey('authorization_code', $code);
- $this->assertArrayHasKey('client_id', $code);
- $this->assertArrayHasKey('user_id', $code);
- $this->assertArrayHasKey('redirect_uri', $code);
- $this->assertArrayHasKey('expires', $code);
- $this->assertEquals($code['authorization_code'], 'new-openid-code');
- $this->assertEquals($code['client_id'], 'client ID');
- $this->assertEquals($code['user_id'], 'SOMEUSERID');
- $this->assertEquals($code['redirect_uri'], 'http://example.com');
- $this->assertEquals($code['expires'], $expires);
- $this->assertEquals($code['id_token'], $id_token);
-
- // change existing code
- $expires = time() + 42;
- $new_id_token = 'fake_id_token-2';
- $success = $storage->setAuthorizationCode('new-openid-code', 'client ID2', 'SOMEOTHERID', 'http://example.org', $expires, $scope, $new_id_token);
- $this->assertTrue($success);
-
- $code = $storage->getAuthorizationCode('new-openid-code');
- $this->assertNotNull($code);
- $this->assertArrayHasKey('authorization_code', $code);
- $this->assertArrayHasKey('client_id', $code);
- $this->assertArrayHasKey('user_id', $code);
- $this->assertArrayHasKey('redirect_uri', $code);
- $this->assertArrayHasKey('expires', $code);
- $this->assertEquals($code['authorization_code'], 'new-openid-code');
- $this->assertEquals($code['client_id'], 'client ID2');
- $this->assertEquals($code['user_id'], 'SOMEOTHERID');
- $this->assertEquals($code['redirect_uri'], 'http://example.org');
- $this->assertEquals($code['expires'], $expires);
- $this->assertEquals($code['id_token'], $new_id_token);
- }
-
- /** @dataProvider provideStorage */
- public function testRemoveIdTokenFromAuthorizationCode($storage)
- {
- // add new code
- $expires = time() + 20;
- $scope = null;
- $id_token = 'fake_id_token_to_remove';
- $authcode = 'new-openid-code-'.rand();
- $success = $storage->setAuthorizationCode($authcode, 'client ID', 'SOMEUSERID', 'http://example.com', $expires, $scope, $id_token);
- $this->assertTrue($success);
-
- // verify params were set
- $code = $storage->getAuthorizationCode($authcode);
- $this->assertNotNull($code);
- $this->assertArrayHasKey('id_token', $code);
- $this->assertEquals($code['id_token'], $id_token);
-
- // remove the id_token
- $success = $storage->setAuthorizationCode($authcode, 'client ID', 'SOMEUSERID', 'http://example.com', $expires, $scope, null);
-
- // verify the "id_token" is now null
- $code = $storage->getAuthorizationCode($authcode);
- $this->assertNotNull($code);
- $this->assertArrayHasKey('id_token', $code);
- $this->assertEquals($code['id_token'], null);
- }
-}
diff --git a/library/oauth2/test/OAuth2/OpenID/Storage/UserClaimsTest.php b/library/oauth2/test/OAuth2/OpenID/Storage/UserClaimsTest.php
deleted file mode 100644
index 840f6c566..000000000
--- a/library/oauth2/test/OAuth2/OpenID/Storage/UserClaimsTest.php
+++ /dev/null
@@ -1,41 +0,0 @@
-<?php
-
-namespace OAuth2\OpenID\Storage;
-
-use OAuth2\Storage\BaseTest;
-use OAuth2\Storage\NullStorage;
-
-class UserClaimsTest extends BaseTest
-{
- /** @dataProvider provideStorage */
- public function testGetUserClaims($storage)
- {
- if ($storage instanceof NullStorage) {
- $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage());
-
- return;
- }
-
- if (!$storage instanceof UserClaimsInterface) {
- // incompatible storage
- return;
- }
-
- // invalid user
- $claims = $storage->getUserClaims('fake-user', '');
- $this->assertFalse($claims);
-
- // valid user (no scope)
- $claims = $storage->getUserClaims('testuser', '');
-
- /* assert the decoded token is the same */
- $this->assertFalse(isset($claims['email']));
-
- // valid user
- $claims = $storage->getUserClaims('testuser', 'email');
-
- /* assert the decoded token is the same */
- $this->assertEquals($claims['email'], "testuser@test.com");
- $this->assertEquals($claims['email_verified'], true);
- }
-}
diff --git a/library/oauth2/test/OAuth2/RequestTest.php b/library/oauth2/test/OAuth2/RequestTest.php
deleted file mode 100644
index 10db3215c..000000000
--- a/library/oauth2/test/OAuth2/RequestTest.php
+++ /dev/null
@@ -1,98 +0,0 @@
-<?php
-
-namespace OAuth2;
-
-use OAuth2\Request\TestRequest;
-use OAuth2\Storage\Bootstrap;
-use OAuth2\GrantType\AuthorizationCode;
-
-class RequestTest extends \PHPUnit_Framework_TestCase
-{
- public function testRequestOverride()
- {
- $request = new TestRequest();
- $server = $this->getTestServer();
-
- // Smoke test for override request class
- // $server->handleTokenRequest($request, $response = new Response());
- // $this->assertInstanceOf('Response', $response);
- // $server->handleAuthorizeRequest($request, $response = new Response(), true);
- // $this->assertInstanceOf('Response', $response);
- // $response = $server->verifyResourceRequest($request, $response = new Response());
- // $this->assertTrue(is_bool($response));
-
- /*** make some valid requests ***/
-
- // Valid Token Request
- $request->setPost(array(
- 'grant_type' => 'authorization_code',
- 'client_id' => 'Test Client ID',
- 'client_secret' => 'TestSecret',
- 'code' => 'testcode',
- ));
- $server->handleTokenRequest($request, $response = new Response());
- $this->assertEquals($response->getStatusCode(), 200);
- $this->assertNull($response->getParameter('error'));
- $this->assertNotNUll($response->getParameter('access_token'));
- }
-
- public function testHeadersReturnsValueByKey()
- {
- $request = new Request(
- array(),
- array(),
- array(),
- array(),
- array(),
- array(),
- array(),
- array('AUTHORIZATION' => 'Basic secret')
- );
-
- $this->assertEquals('Basic secret', $request->headers('AUTHORIZATION'));
- }
-
- public function testHeadersReturnsDefaultIfHeaderNotPresent()
- {
- $request = new Request();
-
- $this->assertEquals('Bearer', $request->headers('AUTHORIZATION', 'Bearer'));
- }
-
- public function testHeadersIsCaseInsensitive()
- {
- $request = new Request(
- array(),
- array(),
- array(),
- array(),
- array(),
- array(),
- array(),
- array('AUTHORIZATION' => 'Basic secret')
- );
-
- $this->assertEquals('Basic secret', $request->headers('Authorization'));
- }
-
- public function testRequestReturnsPostParamIfNoQueryParamAvailable()
- {
- $request = new Request(
- array(),
- array('client_id' => 'correct')
- );
-
- $this->assertEquals('correct', $request->query('client_id', $request->request('client_id')));
- }
-
- private function getTestServer($config = array())
- {
- $storage = Bootstrap::getInstance()->getMemoryStorage();
- $server = new Server($storage, $config);
-
- // Add the two types supported for authorization grant
- $server->addGrantType(new AuthorizationCode($storage));
-
- return $server;
- }
-}
diff --git a/library/oauth2/test/OAuth2/ResponseTest.php b/library/oauth2/test/OAuth2/ResponseTest.php
deleted file mode 100644
index b8149005d..000000000
--- a/library/oauth2/test/OAuth2/ResponseTest.php
+++ /dev/null
@@ -1,17 +0,0 @@
-<?php
-
-namespace OAuth2;
-
-class ResponseTest extends \PHPUnit_Framework_TestCase
-{
- public function testRenderAsXml()
- {
- $response = new Response(array(
- 'foo' => 'bar',
- 'halland' => 'oates',
- ));
-
- $string = $response->getResponseBody('xml');
- $this->assertContains('<response><foo>bar</foo><halland>oates</halland></response>', $string);
- }
-}
diff --git a/library/oauth2/test/OAuth2/ResponseType/AccessTokenTest.php b/library/oauth2/test/OAuth2/ResponseType/AccessTokenTest.php
deleted file mode 100644
index 0ed1c82fc..000000000
--- a/library/oauth2/test/OAuth2/ResponseType/AccessTokenTest.php
+++ /dev/null
@@ -1,107 +0,0 @@
-<?php
-
-namespace OAuth2\ResponseType;
-
-use OAuth2\Server;
-use OAuth2\Storage\Memory;
-
-class AccessTokenTest extends \PHPUnit_Framework_TestCase
-{
- public function testRevokeAccessTokenWithTypeHint()
- {
- $tokenStorage = new Memory(array(
- 'access_tokens' => array(
- 'revoke' => array('mytoken'),
- ),
- ));
-
- $this->assertEquals(array('mytoken'), $tokenStorage->getAccessToken('revoke'));
- $accessToken = new AccessToken($tokenStorage);
- $accessToken->revokeToken('revoke', 'access_token');
- $this->assertFalse($tokenStorage->getAccessToken('revoke'));
- }
-
- public function testRevokeAccessTokenWithoutTypeHint()
- {
- $tokenStorage = new Memory(array(
- 'access_tokens' => array(
- 'revoke' => array('mytoken'),
- ),
- ));
-
- $this->assertEquals(array('mytoken'), $tokenStorage->getAccessToken('revoke'));
- $accessToken = new AccessToken($tokenStorage);
- $accessToken->revokeToken('revoke');
- $this->assertFalse($tokenStorage->getAccessToken('revoke'));
- }
-
- public function testRevokeRefreshTokenWithTypeHint()
- {
- $tokenStorage = new Memory(array(
- 'refresh_tokens' => array(
- 'revoke' => array('mytoken'),
- ),
- ));
-
- $this->assertEquals(array('mytoken'), $tokenStorage->getRefreshToken('revoke'));
- $accessToken = new AccessToken(new Memory, $tokenStorage);
- $accessToken->revokeToken('revoke', 'refresh_token');
- $this->assertFalse($tokenStorage->getRefreshToken('revoke'));
- }
-
- public function testRevokeRefreshTokenWithoutTypeHint()
- {
- $tokenStorage = new Memory(array(
- 'refresh_tokens' => array(
- 'revoke' => array('mytoken'),
- ),
- ));
-
- $this->assertEquals(array('mytoken'), $tokenStorage->getRefreshToken('revoke'));
- $accessToken = new AccessToken(new Memory, $tokenStorage);
- $accessToken->revokeToken('revoke');
- $this->assertFalse($tokenStorage->getRefreshToken('revoke'));
- }
-
- public function testRevokeAccessTokenWithRefreshTokenTypeHint()
- {
- $tokenStorage = new Memory(array(
- 'access_tokens' => array(
- 'revoke' => array('mytoken'),
- ),
- ));
-
- $this->assertEquals(array('mytoken'), $tokenStorage->getAccessToken('revoke'));
- $accessToken = new AccessToken($tokenStorage);
- $accessToken->revokeToken('revoke', 'refresh_token');
- $this->assertFalse($tokenStorage->getAccessToken('revoke'));
- }
-
- public function testRevokeAccessTokenWithBogusTypeHint()
- {
- $tokenStorage = new Memory(array(
- 'access_tokens' => array(
- 'revoke' => array('mytoken'),
- ),
- ));
-
- $this->assertEquals(array('mytoken'), $tokenStorage->getAccessToken('revoke'));
- $accessToken = new AccessToken($tokenStorage);
- $accessToken->revokeToken('revoke', 'foo');
- $this->assertFalse($tokenStorage->getAccessToken('revoke'));
- }
-
- public function testRevokeRefreshTokenWithBogusTypeHint()
- {
- $tokenStorage = new Memory(array(
- 'refresh_tokens' => array(
- 'revoke' => array('mytoken'),
- ),
- ));
-
- $this->assertEquals(array('mytoken'), $tokenStorage->getRefreshToken('revoke'));
- $accessToken = new AccessToken(new Memory, $tokenStorage);
- $accessToken->revokeToken('revoke', 'foo');
- $this->assertFalse($tokenStorage->getRefreshToken('revoke'));
- }
-}
diff --git a/library/oauth2/test/OAuth2/ResponseType/JwtAccessTokenTest.php b/library/oauth2/test/OAuth2/ResponseType/JwtAccessTokenTest.php
deleted file mode 100644
index 51b01a927..000000000
--- a/library/oauth2/test/OAuth2/ResponseType/JwtAccessTokenTest.php
+++ /dev/null
@@ -1,160 +0,0 @@
-<?php
-
-namespace OAuth2\ResponseType;
-
-use OAuth2\Server;
-use OAuth2\Response;
-use OAuth2\Request\TestRequest;
-use OAuth2\Storage\Bootstrap;
-use OAuth2\Storage\JwtAccessToken as JwtAccessTokenStorage;
-use OAuth2\GrantType\ClientCredentials;
-use OAuth2\GrantType\UserCredentials;
-use OAuth2\GrantType\RefreshToken;
-use OAuth2\Encryption\Jwt;
-
-class JwtAccessTokenTest extends \PHPUnit_Framework_TestCase
-{
- public function testCreateAccessToken()
- {
- $server = $this->getTestServer();
- $jwtResponseType = $server->getResponseType('token');
-
- $accessToken = $jwtResponseType->createAccessToken('Test Client ID', 123, 'test', false);
- $jwt = new Jwt;
- $decodedAccessToken = $jwt->decode($accessToken['access_token'], null, false);
-
- $this->assertArrayHasKey('id', $decodedAccessToken);
- $this->assertArrayHasKey('jti', $decodedAccessToken);
- $this->assertArrayHasKey('iss', $decodedAccessToken);
- $this->assertArrayHasKey('aud', $decodedAccessToken);
- $this->assertArrayHasKey('exp', $decodedAccessToken);
- $this->assertArrayHasKey('iat', $decodedAccessToken);
- $this->assertArrayHasKey('token_type', $decodedAccessToken);
- $this->assertArrayHasKey('scope', $decodedAccessToken);
-
- $this->assertEquals('https://api.example.com', $decodedAccessToken['iss']);
- $this->assertEquals('Test Client ID', $decodedAccessToken['aud']);
- $this->assertEquals(123, $decodedAccessToken['sub']);
- $delta = $decodedAccessToken['exp'] - $decodedAccessToken['iat'];
- $this->assertEquals(3600, $delta);
- $this->assertEquals($decodedAccessToken['id'], $decodedAccessToken['jti']);
- }
-
- public function testGrantJwtAccessToken()
- {
- // add the test parameters in memory
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'client_credentials', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- ));
- $server->handleTokenRequest($request, $response = new Response());
-
- $this->assertNotNull($response->getParameter('access_token'));
- $this->assertEquals(2, substr_count($response->getParameter('access_token'), '.'));
- }
-
- public function testAccessResourceWithJwtAccessToken()
- {
- // add the test parameters in memory
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'client_credentials', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- ));
- $server->handleTokenRequest($request, $response = new Response());
- $this->assertNotNull($JwtAccessToken = $response->getParameter('access_token'));
-
- // make a call to the resource server using the crypto token
- $request = TestRequest::createPost(array(
- 'access_token' => $JwtAccessToken,
- ));
-
- $this->assertTrue($server->verifyResourceRequest($request));
- }
-
- public function testAccessResourceWithJwtAccessTokenUsingSecondaryStorage()
- {
- // add the test parameters in memory
- $server = $this->getTestServer();
- $request = TestRequest::createPost(array(
- 'grant_type' => 'client_credentials', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- ));
- $server->handleTokenRequest($request, $response = new Response());
- $this->assertNotNull($JwtAccessToken = $response->getParameter('access_token'));
-
- // make a call to the resource server using the crypto token
- $request = TestRequest::createPost(array(
- 'access_token' => $JwtAccessToken,
- ));
-
- // create a resource server with the "memory" storage from the grant server
- $resourceServer = new Server($server->getStorage('client_credentials'));
-
- $this->assertTrue($resourceServer->verifyResourceRequest($request));
- }
-
- public function testJwtAccessTokenWithRefreshToken()
- {
- $server = $this->getTestServer();
-
- // add "UserCredentials" grant type and "JwtAccessToken" response type
- // and ensure "JwtAccessToken" response type has "RefreshToken" storage
- $memoryStorage = Bootstrap::getInstance()->getMemoryStorage();
- $server->addGrantType(new UserCredentials($memoryStorage));
- $server->addGrantType(new RefreshToken($memoryStorage));
- $server->addResponseType(new JwtAccessToken($memoryStorage, $memoryStorage, $memoryStorage), 'token');
-
- $request = TestRequest::createPost(array(
- 'grant_type' => 'password', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'username' => 'test-username', // valid username
- 'password' => 'testpass', // valid password
- ));
-
- // make the call to grant a crypto token
- $server->handleTokenRequest($request, $response = new Response());
- $this->assertNotNull($JwtAccessToken = $response->getParameter('access_token'));
- $this->assertNotNull($refreshToken = $response->getParameter('refresh_token'));
-
- // decode token and make sure refresh_token isn't set
- list($header, $payload, $signature) = explode('.', $JwtAccessToken);
- $decodedToken = json_decode(base64_decode($payload), true);
- $this->assertFalse(array_key_exists('refresh_token', $decodedToken));
-
- // use the refresh token to get another access token
- $request = TestRequest::createPost(array(
- 'grant_type' => 'refresh_token',
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'refresh_token' => $refreshToken,
- ));
-
- $server->handleTokenRequest($request, $response = new Response());
- $this->assertNotNull($response->getParameter('access_token'));
- }
-
- private function getTestServer()
- {
- $memoryStorage = Bootstrap::getInstance()->getMemoryStorage();
-
- $storage = array(
- 'access_token' => new JwtAccessTokenStorage($memoryStorage),
- 'client' => $memoryStorage,
- 'client_credentials' => $memoryStorage,
- );
- $server = new Server($storage);
- $server->addGrantType(new ClientCredentials($memoryStorage));
-
- // make the "token" response type a JwtAccessToken
- $config = array('issuer' => 'https://api.example.com');
- $server->addResponseType(new JwtAccessToken($memoryStorage, $memoryStorage, null, $config));
-
- return $server;
- }
-}
diff --git a/library/oauth2/test/OAuth2/ScopeTest.php b/library/oauth2/test/OAuth2/ScopeTest.php
deleted file mode 100644
index 99f9cf6eb..000000000
--- a/library/oauth2/test/OAuth2/ScopeTest.php
+++ /dev/null
@@ -1,42 +0,0 @@
-<?php
-
-namespace OAuth2;
-
-use OAuth2\Storage\Memory;
-
-class ScopeTest extends \PHPUnit_Framework_TestCase
-{
- public function testCheckScope()
- {
- $scopeUtil = new Scope();
-
- $this->assertFalse($scopeUtil->checkScope('invalid', 'list of scopes'));
- $this->assertTrue($scopeUtil->checkScope('valid', 'valid and-some other-scopes'));
- $this->assertTrue($scopeUtil->checkScope('valid another-valid', 'valid another-valid and-some other-scopes'));
- // all scopes must match
- $this->assertFalse($scopeUtil->checkScope('valid invalid', 'valid and-some other-scopes'));
- $this->assertFalse($scopeUtil->checkScope('valid valid2 invalid', 'valid valid2 and-some other-scopes'));
- }
-
- public function testScopeStorage()
- {
- $scopeUtil = new Scope();
- $this->assertEquals($scopeUtil->getDefaultScope(), null);
-
- $scopeUtil = new Scope(array(
- 'default_scope' => 'default',
- 'supported_scopes' => array('this', 'that', 'another'),
- ));
- $this->assertEquals($scopeUtil->getDefaultScope(), 'default');
- $this->assertTrue($scopeUtil->scopeExists('this that another', 'client_id'));
-
- $memoryStorage = new Memory(array(
- 'default_scope' => 'base',
- 'supported_scopes' => array('only-this-one'),
- ));
- $scopeUtil = new Scope($memoryStorage);
-
- $this->assertEquals($scopeUtil->getDefaultScope(), 'base');
- $this->assertTrue($scopeUtil->scopeExists('only-this-one', 'client_id'));
- }
-}
diff --git a/library/oauth2/test/OAuth2/ServerTest.php b/library/oauth2/test/OAuth2/ServerTest.php
deleted file mode 100644
index 747e120f5..000000000
--- a/library/oauth2/test/OAuth2/ServerTest.php
+++ /dev/null
@@ -1,684 +0,0 @@
-<?php
-
-namespace OAuth2;
-
-use OAuth2\Request\TestRequest;
-use OAuth2\ResponseType\AuthorizationCode;
-use OAuth2\Storage\Bootstrap;
-
-class ServerTest extends \PHPUnit_Framework_TestCase
-{
- /**
- * @expectedException LogicException OAuth2\Storage\ClientInterface
- **/
- public function testGetAuthorizeControllerWithNoClientStorageThrowsException()
- {
- // must set Client Storage
- $server = new Server();
- $server->getAuthorizeController();
- }
-
- /**
- * @expectedException LogicException OAuth2\Storage\AccessTokenInterface
- **/
- public function testGetAuthorizeControllerWithNoAccessTokenStorageThrowsException()
- {
- // must set AccessToken or AuthorizationCode
- $server = new Server();
- $server->addStorage($this->getMock('OAuth2\Storage\ClientInterface'));
- $server->getAuthorizeController();
- }
-
- public function testGetAuthorizeControllerWithClientStorageAndAccessTokenResponseType()
- {
- // must set AccessToken or AuthorizationCode
- $server = new Server();
- $server->addStorage($this->getMock('OAuth2\Storage\ClientInterface'));
- $server->addResponseType($this->getMock('OAuth2\ResponseType\AccessTokenInterface'));
-
- $this->assertNotNull($server->getAuthorizeController());
- }
-
- public function testGetAuthorizeControllerWithClientStorageAndAuthorizationCodeResponseType()
- {
- // must set AccessToken or AuthorizationCode
- $server = new Server();
- $server->addStorage($this->getMock('OAuth2\Storage\ClientInterface'));
- $server->addResponseType($this->getMock('OAuth2\ResponseType\AuthorizationCodeInterface'));
-
- $this->assertNotNull($server->getAuthorizeController());
- }
-
- /**
- * @expectedException LogicException allow_implicit
- **/
- public function testGetAuthorizeControllerWithClientStorageAndAccessTokenStorageThrowsException()
- {
- // must set AuthorizationCode or AccessToken / implicit
- $server = new Server();
- $server->addStorage($this->getMock('OAuth2\Storage\ClientInterface'));
- $server->addStorage($this->getMock('OAuth2\Storage\AccessTokenInterface'));
-
- $this->assertNotNull($server->getAuthorizeController());
- }
-
- public function testGetAuthorizeControllerWithClientStorageAndAccessTokenStorage()
- {
- // must set AuthorizationCode or AccessToken / implicit
- $server = new Server(array(), array('allow_implicit' => true));
- $server->addStorage($this->getMock('OAuth2\Storage\ClientInterface'));
- $server->addStorage($this->getMock('OAuth2\Storage\AccessTokenInterface'));
-
- $this->assertNotNull($server->getAuthorizeController());
- }
-
- public function testGetAuthorizeControllerWithClientStorageAndAuthorizationCodeStorage()
- {
- // must set AccessToken or AuthorizationCode
- $server = new Server();
- $server->addStorage($this->getMock('OAuth2\Storage\ClientInterface'));
- $server->addStorage($this->getMock('OAuth2\Storage\AuthorizationCodeInterface'));
-
- $this->assertNotNull($server->getAuthorizeController());
- }
-
- /**
- * @expectedException LogicException grant_types
- **/
- public function testGetTokenControllerWithGrantTypeStorageThrowsException()
- {
- $server = new Server();
- $server->getTokenController();
- }
-
- /**
- * @expectedException LogicException OAuth2\Storage\ClientCredentialsInterface
- **/
- public function testGetTokenControllerWithNoClientCredentialsStorageThrowsException()
- {
- $server = new Server();
- $server->addStorage($this->getMock('OAuth2\Storage\UserCredentialsInterface'));
- $server->getTokenController();
- }
-
- /**
- * @expectedException LogicException OAuth2\Storage\AccessTokenInterface
- **/
- public function testGetTokenControllerWithNoAccessTokenStorageThrowsException()
- {
- $server = new Server();
- $server->addStorage($this->getMock('OAuth2\Storage\ClientCredentialsInterface'));
- $server->getTokenController();
- }
-
- public function testGetTokenControllerWithAccessTokenAndClientCredentialsStorage()
- {
- $server = new Server();
- $server->addStorage($this->getMock('OAuth2\Storage\AccessTokenInterface'));
- $server->addStorage($this->getMock('OAuth2\Storage\ClientCredentialsInterface'));
- $server->getTokenController();
- }
-
- public function testGetTokenControllerAccessTokenStorageAndClientCredentialsStorageAndGrantTypes()
- {
- $server = new Server();
- $server->addStorage($this->getMock('OAuth2\Storage\AccessTokenInterface'));
- $server->addStorage($this->getMock('OAuth2\Storage\ClientCredentialsInterface'));
- $server->addGrantType($this->getMockBuilder('OAuth2\GrantType\AuthorizationCode')->disableOriginalConstructor()->getMock());
- $server->getTokenController();
- }
-
- /**
- * @expectedException LogicException OAuth2\Storage\AccessTokenInterface
- **/
- public function testGetResourceControllerWithNoAccessTokenStorageThrowsException()
- {
- $server = new Server();
- $server->getResourceController();
- }
-
- public function testGetResourceControllerWithAccessTokenStorage()
- {
- $server = new Server();
- $server->addStorage($this->getMock('OAuth2\Storage\AccessTokenInterface'));
- $server->getResourceController();
- }
-
- /**
- * @expectedException InvalidArgumentException OAuth2\Storage\AccessTokenInterface
- **/
- public function testAddingStorageWithInvalidClass()
- {
- $server = new Server();
- $server->addStorage(new \StdClass());
- }
-
- /**
- * @expectedException InvalidArgumentException access_token
- **/
- public function testAddingStorageWithInvalidKey()
- {
- $server = new Server();
- $server->addStorage($this->getMock('OAuth2\Storage\AccessTokenInterface'), 'nonexistant_storage');
- }
-
- /**
- * @expectedException InvalidArgumentException OAuth2\Storage\AuthorizationCodeInterface
- **/
- public function testAddingStorageWithInvalidKeyStorageCombination()
- {
- $server = new Server();
- $server->addStorage($this->getMock('OAuth2\Storage\AccessTokenInterface'), 'authorization_code');
- }
-
- public function testAddingStorageWithValidKeyOnlySetsThatKey()
- {
- $server = new Server();
- $server->addStorage($this->getMock('OAuth2\Storage\Memory'), 'access_token');
-
- $reflection = new \ReflectionClass($server);
- $prop = $reflection->getProperty('storages');
- $prop->setAccessible(true);
-
- $storages = $prop->getValue($server); // get the private "storages" property
-
- $this->assertEquals(1, count($storages));
- $this->assertTrue(isset($storages['access_token']));
- $this->assertFalse(isset($storages['authorization_code']));
- }
-
- public function testAddingClientStorageSetsClientCredentialsStorageByDefault()
- {
- $server = new Server();
- $memory = $this->getMock('OAuth2\Storage\Memory');
- $server->addStorage($memory, 'client');
-
- $client_credentials = $server->getStorage('client_credentials');
-
- $this->assertNotNull($client_credentials);
- $this->assertEquals($client_credentials, $memory);
- }
-
- public function testAddStorageWithNullValue()
- {
- $memory = $this->getMock('OAuth2\Storage\Memory');
- $server = new Server($memory);
- $server->addStorage(null, 'refresh_token');
-
- $client_credentials = $server->getStorage('client_credentials');
-
- $this->assertNotNull($client_credentials);
- $this->assertEquals($client_credentials, $memory);
-
- $refresh_token = $server->getStorage('refresh_token');
-
- $this->assertNull($refresh_token);
- }
-
- public function testNewServerWithNullStorageValue()
- {
- $memory = $this->getMock('OAuth2\Storage\Memory');
- $server = new Server(array(
- 'client_credentials' => $memory,
- 'refresh_token' => null,
- ));
-
- $client_credentials = $server->getStorage('client_credentials');
-
- $this->assertNotNull($client_credentials);
- $this->assertEquals($client_credentials, $memory);
-
- $refresh_token = $server->getStorage('refresh_token');
-
- $this->assertNull($refresh_token);
- }
-
- public function testAddingClientCredentialsStorageSetsClientStorageByDefault()
- {
- $server = new Server();
- $memory = $this->getMock('OAuth2\Storage\Memory');
- $server->addStorage($memory, 'client_credentials');
-
- $client = $server->getStorage('client');
-
- $this->assertNotNull($client);
- $this->assertEquals($client, $memory);
- }
-
- public function testSettingClientStorageByDefaultDoesNotOverrideSetStorage()
- {
- $server = new Server();
- $pdo = $this->getMockBuilder('OAuth2\Storage\Pdo')
- ->disableOriginalConstructor()->getMock();
-
- $memory = $this->getMock('OAuth2\Storage\Memory');
-
- $server->addStorage($pdo, 'client');
- $server->addStorage($memory, 'client_credentials');
-
- $client = $server->getStorage('client');
- $client_credentials = $server->getStorage('client_credentials');
-
- $this->assertEquals($client, $pdo);
- $this->assertEquals($client_credentials, $memory);
- }
-
- public function testAddingResponseType()
- {
- $storage = $this->getMock('OAuth2\Storage\Memory');
- $storage
- ->expects($this->any())
- ->method('getClientDetails')
- ->will($this->returnValue(array('client_id' => 'some_client')));
- $storage
- ->expects($this->any())
- ->method('checkRestrictedGrantType')
- ->will($this->returnValue(true));
-
- // add with the "code" key explicitly set
- $codeType = new AuthorizationCode($storage);
- $server = new Server();
- $server->addStorage($storage);
- $server->addResponseType($codeType);
- $request = new Request(array(
- 'response_type' => 'code',
- 'client_id' => 'some_client',
- 'redirect_uri' => 'http://example.com',
- 'state' => 'xyx',
- ));
- $server->handleAuthorizeRequest($request, $response = new Response(), true);
-
- // the response is successful
- $this->assertEquals($response->getStatusCode(), 302);
- $parts = parse_url($response->getHttpHeader('Location'));
- parse_str($parts['query'], $query);
- $this->assertTrue(isset($query['code']));
- $this->assertFalse(isset($query['error']));
-
- // add with the "code" key not set
- $codeType = new AuthorizationCode($storage);
- $server = new Server(array($storage), array(), array(), array($codeType));
- $request = new Request(array(
- 'response_type' => 'code',
- 'client_id' => 'some_client',
- 'redirect_uri' => 'http://example.com',
- 'state' => 'xyx',
- ));
- $server->handleAuthorizeRequest($request, $response = new Response(), true);
-
- // the response is successful
- $this->assertEquals($response->getStatusCode(), 302);
- $parts = parse_url($response->getHttpHeader('Location'));
- parse_str($parts['query'], $query);
- $this->assertTrue(isset($query['code']));
- $this->assertFalse(isset($query['error']));
- }
-
- public function testCustomClientAssertionType()
- {
- $request = TestRequest::createPost(array(
- 'grant_type' => 'authorization_code',
- 'client_id' =>'Test Client ID',
- 'code' => 'testcode',
- ));
- // verify the mock clientAssertionType was called as expected
- $clientAssertionType = $this->getMock('OAuth2\ClientAssertionType\ClientAssertionTypeInterface', array('validateRequest', 'getClientId'));
- $clientAssertionType
- ->expects($this->once())
- ->method('validateRequest')
- ->will($this->returnValue(true));
- $clientAssertionType
- ->expects($this->once())
- ->method('getClientId')
- ->will($this->returnValue('Test Client ID'));
-
- // create mock storage
- $storage = Bootstrap::getInstance()->getMemoryStorage();
- $server = new Server(array($storage), array(), array(), array(), null, null, $clientAssertionType);
- $server->handleTokenRequest($request, $response = new Response());
- }
-
- public function testHttpBasicConfig()
- {
- // create mock storage
- $storage = Bootstrap::getInstance()->getMemoryStorage();
- $server = new Server(array($storage), array(
- 'allow_credentials_in_request_body' => false,
- 'allow_public_clients' => false
- ));
- $server->getTokenController();
- $httpBasic = $server->getClientAssertionType();
-
- $reflection = new \ReflectionClass($httpBasic);
- $prop = $reflection->getProperty('config');
- $prop->setAccessible(true);
-
- $config = $prop->getValue($httpBasic); // get the private "config" property
-
- $this->assertEquals($config['allow_credentials_in_request_body'], false);
- $this->assertEquals($config['allow_public_clients'], false);
- }
-
- public function testRefreshTokenConfig()
- {
- // create mock storage
- $storage = Bootstrap::getInstance()->getMemoryStorage();
- $server1 = new Server(array($storage));
- $server2 = new Server(array($storage), array('always_issue_new_refresh_token' => true, 'unset_refresh_token_after_use' => false));
-
- $server1->getTokenController();
- $refreshToken1 = $server1->getGrantType('refresh_token');
-
- $server2->getTokenController();
- $refreshToken2 = $server2->getGrantType('refresh_token');
-
- $reflection1 = new \ReflectionClass($refreshToken1);
- $prop1 = $reflection1->getProperty('config');
- $prop1->setAccessible(true);
-
- $reflection2 = new \ReflectionClass($refreshToken2);
- $prop2 = $reflection2->getProperty('config');
- $prop2->setAccessible(true);
-
- // get the private "config" property
- $config1 = $prop1->getValue($refreshToken1);
- $config2 = $prop2->getValue($refreshToken2);
-
- $this->assertEquals($config1['always_issue_new_refresh_token'], false);
- $this->assertEquals($config2['always_issue_new_refresh_token'], true);
-
- $this->assertEquals($config1['unset_refresh_token_after_use'], true);
- $this->assertEquals($config2['unset_refresh_token_after_use'], false);
- }
-
- /**
- * Test setting "always_issue_new_refresh_token" on a server level
- *
- * @see test/OAuth2/GrantType/RefreshTokenTest::testValidRefreshTokenWithNewRefreshTokenInResponse
- **/
- public function testValidRefreshTokenWithNewRefreshTokenInResponse()
- {
- $storage = Bootstrap::getInstance()->getMemoryStorage();
- $server = new Server($storage, array('always_issue_new_refresh_token' => true));
-
- $request = TestRequest::createPost(array(
- 'grant_type' => 'refresh_token', // valid grant type
- 'client_id' => 'Test Client ID', // valid client id
- 'client_secret' => 'TestSecret', // valid client secret
- 'refresh_token' => 'test-refreshtoken', // valid refresh token
- ));
- $token = $server->grantAccessToken($request, new Response());
- $this->assertTrue(isset($token['refresh_token']), 'refresh token should always refresh');
-
- $refresh_token = $storage->getRefreshToken($token['refresh_token']);
- $this->assertNotNull($refresh_token);
- $this->assertEquals($refresh_token['refresh_token'], $token['refresh_token']);
- $this->assertEquals($refresh_token['client_id'], $request->request('client_id'));
- $this->assertTrue($token['refresh_token'] != 'test-refreshtoken', 'the refresh token returned is not the one used');
- $used_token = $storage->getRefreshToken('test-refreshtoken');
- $this->assertFalse($used_token, 'the refresh token used is no longer valid');
- }
-
- /**
- * @expectedException InvalidArgumentException OAuth2\ResponseType\AuthorizationCodeInterface
- **/
- public function testAddingUnknownResponseTypeThrowsException()
- {
- $server = new Server();
- $server->addResponseType($this->getMock('OAuth2\ResponseType\ResponseTypeInterface'));
- }
-
- /**
- * @expectedException LogicException OAuth2\Storage\PublicKeyInterface
- **/
- public function testUsingJwtAccessTokensWithoutPublicKeyStorageThrowsException()
- {
- $server = new Server(array(), array('use_jwt_access_tokens' => true));
- $server->addGrantType($this->getMock('OAuth2\GrantType\GrantTypeInterface'));
- $server->addStorage($this->getMock('OAuth2\Storage\ClientCredentialsInterface'));
- $server->addStorage($this->getMock('OAuth2\Storage\ClientCredentialsInterface'));
-
- $server->getTokenController();
- }
-
- public function testUsingJustJwtAccessTokenStorageWithResourceControllerIsOkay()
- {
- $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface');
- $server = new Server(array($pubkey), array('use_jwt_access_tokens' => true));
-
- $this->assertNotNull($server->getResourceController());
- $this->assertInstanceOf('OAuth2\Storage\PublicKeyInterface', $server->getStorage('public_key'));
- }
-
- /**
- * @expectedException LogicException OAuth2\Storage\ClientInterface
- **/
- public function testUsingJustJwtAccessTokenStorageWithAuthorizeControllerThrowsException()
- {
- $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface');
- $server = new Server(array($pubkey), array('use_jwt_access_tokens' => true));
- $this->assertNotNull($server->getAuthorizeController());
- }
-
- /**
- * @expectedException LogicException grant_types
- **/
- public function testUsingJustJwtAccessTokenStorageWithTokenControllerThrowsException()
- {
- $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface');
- $server = new Server(array($pubkey), array('use_jwt_access_tokens' => true));
- $server->getTokenController();
- }
-
- public function testUsingJwtAccessTokenAndClientStorageWithAuthorizeControllerIsOkay()
- {
- $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface');
- $client = $this->getMock('OAuth2\Storage\ClientInterface');
- $server = new Server(array($pubkey, $client), array('use_jwt_access_tokens' => true, 'allow_implicit' => true));
- $this->assertNotNull($server->getAuthorizeController());
-
- $this->assertInstanceOf('OAuth2\ResponseType\JwtAccessToken', $server->getResponseType('token'));
- }
-
- /**
- * @expectedException LogicException UserClaims
- **/
- public function testUsingOpenIDConnectWithoutUserClaimsThrowsException()
- {
- $client = $this->getMock('OAuth2\Storage\ClientInterface');
- $server = new Server($client, array('use_openid_connect' => true));
-
- $server->getAuthorizeController();
- }
-
- /**
- * @expectedException LogicException PublicKeyInterface
- **/
- public function testUsingOpenIDConnectWithoutPublicKeyThrowsException()
- {
- $client = $this->getMock('OAuth2\Storage\ClientInterface');
- $userclaims = $this->getMock('OAuth2\OPenID\Storage\UserClaimsInterface');
- $server = new Server(array($client, $userclaims), array('use_openid_connect' => true));
-
- $server->getAuthorizeController();
- }
-
- /**
- * @expectedException LogicException issuer
- **/
- public function testUsingOpenIDConnectWithoutIssuerThrowsException()
- {
- $client = $this->getMock('OAuth2\Storage\ClientInterface');
- $userclaims = $this->getMock('OAuth2\OpenID\Storage\UserClaimsInterface');
- $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface');
- $server = new Server(array($client, $userclaims, $pubkey), array('use_openid_connect' => true));
-
- $server->getAuthorizeController();
- }
-
- public function testUsingOpenIDConnectWithIssuerPublicKeyAndUserClaimsIsOkay()
- {
- $client = $this->getMock('OAuth2\Storage\ClientInterface');
- $userclaims = $this->getMock('OAuth2\OpenID\Storage\UserClaimsInterface');
- $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface');
- $server = new Server(array($client, $userclaims, $pubkey), array(
- 'use_openid_connect' => true,
- 'issuer' => 'someguy',
- ));
-
- $server->getAuthorizeController();
-
- $this->assertInstanceOf('OAuth2\OpenID\ResponseType\IdTokenInterface', $server->getResponseType('id_token'));
- $this->assertNull($server->getResponseType('id_token token'));
- }
-
- /**
- * @expectedException LogicException OAuth2\ResponseType\AccessTokenInterface
- **/
- public function testUsingOpenIDConnectWithAllowImplicitWithoutTokenStorageThrowsException()
- {
- $client = $this->getMock('OAuth2\Storage\ClientInterface');
- $userclaims = $this->getMock('OAuth2\OpenID\Storage\UserClaimsInterface');
- $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface');
- $server = new Server(array($client, $userclaims, $pubkey), array(
- 'use_openid_connect' => true,
- 'issuer' => 'someguy',
- 'allow_implicit' => true,
- ));
-
- $server->getAuthorizeController();
- }
-
- public function testUsingOpenIDConnectWithAllowImplicitAndUseJwtAccessTokensIsOkay()
- {
- $client = $this->getMock('OAuth2\Storage\ClientInterface');
- $userclaims = $this->getMock('OAuth2\OpenID\Storage\UserClaimsInterface');
- $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface');
- $server = new Server(array($client, $userclaims, $pubkey), array(
- 'use_openid_connect' => true,
- 'issuer' => 'someguy',
- 'allow_implicit' => true,
- 'use_jwt_access_tokens' => true,
- ));
-
- $server->getAuthorizeController();
-
- $this->assertInstanceOf('OAuth2\OpenID\ResponseType\IdTokenInterface', $server->getResponseType('id_token'));
- $this->assertInstanceOf('OAuth2\OpenID\ResponseType\IdTokenTokenInterface', $server->getResponseType('id_token token'));
- }
-
- public function testUsingOpenIDConnectWithAllowImplicitAndAccessTokenStorageIsOkay()
- {
- $client = $this->getMock('OAuth2\Storage\ClientInterface');
- $userclaims = $this->getMock('OAuth2\OpenID\Storage\UserClaimsInterface');
- $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface');
- $token = $this->getMock('OAuth2\Storage\AccessTokenInterface');
- $server = new Server(array($client, $userclaims, $pubkey, $token), array(
- 'use_openid_connect' => true,
- 'issuer' => 'someguy',
- 'allow_implicit' => true,
- ));
-
- $server->getAuthorizeController();
-
- $this->assertInstanceOf('OAuth2\OpenID\ResponseType\IdTokenInterface', $server->getResponseType('id_token'));
- $this->assertInstanceOf('OAuth2\OpenID\ResponseType\IdTokenTokenInterface', $server->getResponseType('id_token token'));
- }
-
- public function testUsingOpenIDConnectWithAllowImplicitAndAccessTokenResponseTypeIsOkay()
- {
- $client = $this->getMock('OAuth2\Storage\ClientInterface');
- $userclaims = $this->getMock('OAuth2\OpenID\Storage\UserClaimsInterface');
- $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface');
- // $token = $this->getMock('OAuth2\Storage\AccessTokenInterface');
- $server = new Server(array($client, $userclaims, $pubkey), array(
- 'use_openid_connect' => true,
- 'issuer' => 'someguy',
- 'allow_implicit' => true,
- ));
-
- $token = $this->getMock('OAuth2\ResponseType\AccessTokenInterface');
- $server->addResponseType($token, 'token');
-
- $server->getAuthorizeController();
-
- $this->assertInstanceOf('OAuth2\OpenID\ResponseType\IdTokenInterface', $server->getResponseType('id_token'));
- $this->assertInstanceOf('OAuth2\OpenID\ResponseType\IdTokenTokenInterface', $server->getResponseType('id_token token'));
- }
-
- /**
- * @expectedException LogicException OAuth2\OpenID\Storage\AuthorizationCodeInterface
- **/
- public function testUsingOpenIDConnectWithAuthorizationCodeStorageThrowsException()
- {
- $client = $this->getMock('OAuth2\Storage\ClientCredentialsInterface');
- $userclaims = $this->getMock('OAuth2\OpenID\Storage\UserClaimsInterface');
- $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface');
- $token = $this->getMock('OAuth2\Storage\AccessTokenInterface');
- $authcode = $this->getMock('OAuth2\Storage\AuthorizationCodeInterface');
-
- $server = new Server(array($client, $userclaims, $pubkey, $token, $authcode), array(
- 'use_openid_connect' => true,
- 'issuer' => 'someguy'
- ));
-
- $server->getTokenController();
-
- $this->assertInstanceOf('OAuth2\OpenID\GrantType\AuthorizationCode', $server->getGrantType('authorization_code'));
- }
-
- public function testUsingOpenIDConnectWithOpenIDAuthorizationCodeStorageCreatesOpenIDAuthorizationCodeGrantType()
- {
- $client = $this->getMock('OAuth2\Storage\ClientCredentialsInterface');
- $userclaims = $this->getMock('OAuth2\OpenID\Storage\UserClaimsInterface');
- $pubkey = $this->getMock('OAuth2\Storage\PublicKeyInterface');
- $token = $this->getMock('OAuth2\Storage\AccessTokenInterface');
- $authcode = $this->getMock('OAuth2\OpenID\Storage\AuthorizationCodeInterface');
-
- $server = new Server(array($client, $userclaims, $pubkey, $token, $authcode), array(
- 'use_openid_connect' => true,
- 'issuer' => 'someguy'
- ));
-
- $server->getTokenController();
-
- $this->assertInstanceOf('OAuth2\OpenID\GrantType\AuthorizationCode', $server->getGrantType('authorization_code'));
- }
-
- public function testMultipleValuedResponseTypeOrderDoesntMatter()
- {
- $responseType = $this->getMock('OAuth2\OpenID\ResponseType\IdTokenTokenInterface');
- $server = new Server(array(), array(), array(), array(
- 'token id_token' => $responseType,
- ));
-
- $this->assertEquals($responseType, $server->getResponseType('id_token token'));
- }
-
- public function testAddGrantTypeWithoutKey()
- {
- $server = new Server();
- $server->addGrantType(new \OAuth2\GrantType\AuthorizationCode($this->getMock('OAuth2\Storage\AuthorizationCodeInterface')));
-
- $grantTypes = $server->getGrantTypes();
- $this->assertEquals('authorization_code', key($grantTypes));
- }
-
- public function testAddGrantTypeWithKey()
- {
- $server = new Server();
- $server->addGrantType(new \OAuth2\GrantType\AuthorizationCode($this->getMock('OAuth2\Storage\AuthorizationCodeInterface')), 'ac');
-
- $grantTypes = $server->getGrantTypes();
- $this->assertEquals('ac', key($grantTypes));
- }
-
- public function testAddGrantTypeWithKeyNotString()
- {
- $server = new Server();
- $server->addGrantType(new \OAuth2\GrantType\AuthorizationCode($this->getMock('OAuth2\Storage\AuthorizationCodeInterface')), 42);
-
- $grantTypes = $server->getGrantTypes();
- $this->assertEquals('authorization_code', key($grantTypes));
- }
-}
diff --git a/library/oauth2/test/OAuth2/Storage/AccessTokenTest.php b/library/oauth2/test/OAuth2/Storage/AccessTokenTest.php
deleted file mode 100644
index b34e0bfc0..000000000
--- a/library/oauth2/test/OAuth2/Storage/AccessTokenTest.php
+++ /dev/null
@@ -1,102 +0,0 @@
-<?php
-
-namespace OAuth2\Storage;
-
-class AccessTokenTest extends BaseTest
-{
- /** @dataProvider provideStorage */
- public function testSetAccessToken(AccessTokenInterface $storage)
- {
- if ($storage instanceof NullStorage) {
- $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage());
-
- return;
- }
-
- // assert token we are about to add does not exist
- $token = $storage->getAccessToken('newtoken');
- $this->assertFalse($token);
-
- // add new token
- $expires = time() + 20;
- $success = $storage->setAccessToken('newtoken', 'client ID', 'SOMEUSERID', $expires);
- $this->assertTrue($success);
-
- $token = $storage->getAccessToken('newtoken');
- $this->assertNotNull($token);
- $this->assertArrayHasKey('access_token', $token);
- $this->assertArrayHasKey('client_id', $token);
- $this->assertArrayHasKey('user_id', $token);
- $this->assertArrayHasKey('expires', $token);
- $this->assertEquals($token['access_token'], 'newtoken');
- $this->assertEquals($token['client_id'], 'client ID');
- $this->assertEquals($token['user_id'], 'SOMEUSERID');
- $this->assertEquals($token['expires'], $expires);
-
- // change existing token
- $expires = time() + 42;
- $success = $storage->setAccessToken('newtoken', 'client ID2', 'SOMEOTHERID', $expires);
- $this->assertTrue($success);
-
- $token = $storage->getAccessToken('newtoken');
- $this->assertNotNull($token);
- $this->assertArrayHasKey('access_token', $token);
- $this->assertArrayHasKey('client_id', $token);
- $this->assertArrayHasKey('user_id', $token);
- $this->assertArrayHasKey('expires', $token);
- $this->assertEquals($token['access_token'], 'newtoken');
- $this->assertEquals($token['client_id'], 'client ID2');
- $this->assertEquals($token['user_id'], 'SOMEOTHERID');
- $this->assertEquals($token['expires'], $expires);
-
- // add token with scope having an empty string value
- $expires = time() + 42;
- $success = $storage->setAccessToken('newtoken', 'client ID', 'SOMEOTHERID', $expires, '');
- $this->assertTrue($success);
- }
-
- /** @dataProvider provideStorage */
- public function testUnsetAccessToken(AccessTokenInterface $storage)
- {
- if ($storage instanceof NullStorage || !method_exists($storage, 'unsetAccessToken')) {
- $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage());
-
- return;
- }
-
- // assert token we are about to unset does not exist
- $token = $storage->getAccessToken('revokabletoken');
- $this->assertFalse($token);
-
- // add new token
- $expires = time() + 20;
- $success = $storage->setAccessToken('revokabletoken', 'client ID', 'SOMEUSERID', $expires);
- $this->assertTrue($success);
-
- // assert unsetAccessToken returns true
- $result = $storage->unsetAccessToken('revokabletoken');
- $this->assertTrue($result);
-
- // assert token we unset does not exist
- $token = $storage->getAccessToken('revokabletoken');
- $this->assertFalse($token);
- }
-
- /** @dataProvider provideStorage */
- public function testUnsetAccessTokenReturnsFalse(AccessTokenInterface $storage)
- {
- if ($storage instanceof NullStorage || !method_exists($storage, 'unsetAccessToken')) {
- $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage());
-
- return;
- }
-
- // assert token we are about to unset does not exist
- $token = $storage->getAccessToken('nonexistanttoken');
- $this->assertFalse($token);
-
- // assert unsetAccessToken returns false
- $result = $storage->unsetAccessToken('nonexistanttoken');
- $this->assertFalse($result);
- }
-}
diff --git a/library/oauth2/test/OAuth2/Storage/AuthorizationCodeTest.php b/library/oauth2/test/OAuth2/Storage/AuthorizationCodeTest.php
deleted file mode 100644
index 2d901b501..000000000
--- a/library/oauth2/test/OAuth2/Storage/AuthorizationCodeTest.php
+++ /dev/null
@@ -1,106 +0,0 @@
-<?php
-
-namespace OAuth2\Storage;
-
-class AuthorizationCodeTest extends BaseTest
-{
- /** @dataProvider provideStorage */
- public function testGetAuthorizationCode(AuthorizationCodeInterface $storage)
- {
- if ($storage instanceof NullStorage) {
- $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage());
-
- return;
- }
-
- // nonexistant client_id
- $details = $storage->getAuthorizationCode('faketoken');
- $this->assertFalse($details);
-
- // valid client_id
- $details = $storage->getAuthorizationCode('testtoken');
- $this->assertNotNull($details);
- }
-
- /** @dataProvider provideStorage */
- public function testSetAuthorizationCode(AuthorizationCodeInterface $storage)
- {
- if ($storage instanceof NullStorage) {
- $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage());
-
- return;
- }
-
- // assert code we are about to add does not exist
- $code = $storage->getAuthorizationCode('newcode');
- $this->assertFalse($code);
-
- // add new code
- $expires = time() + 20;
- $success = $storage->setAuthorizationCode('newcode', 'client ID', 'SOMEUSERID', 'http://example.com', $expires);
- $this->assertTrue($success);
-
- $code = $storage->getAuthorizationCode('newcode');
- $this->assertNotNull($code);
- $this->assertArrayHasKey('authorization_code', $code);
- $this->assertArrayHasKey('client_id', $code);
- $this->assertArrayHasKey('user_id', $code);
- $this->assertArrayHasKey('redirect_uri', $code);
- $this->assertArrayHasKey('expires', $code);
- $this->assertEquals($code['authorization_code'], 'newcode');
- $this->assertEquals($code['client_id'], 'client ID');
- $this->assertEquals($code['user_id'], 'SOMEUSERID');
- $this->assertEquals($code['redirect_uri'], 'http://example.com');
- $this->assertEquals($code['expires'], $expires);
-
- // change existing code
- $expires = time() + 42;
- $success = $storage->setAuthorizationCode('newcode', 'client ID2', 'SOMEOTHERID', 'http://example.org', $expires);
- $this->assertTrue($success);
-
- $code = $storage->getAuthorizationCode('newcode');
- $this->assertNotNull($code);
- $this->assertArrayHasKey('authorization_code', $code);
- $this->assertArrayHasKey('client_id', $code);
- $this->assertArrayHasKey('user_id', $code);
- $this->assertArrayHasKey('redirect_uri', $code);
- $this->assertArrayHasKey('expires', $code);
- $this->assertEquals($code['authorization_code'], 'newcode');
- $this->assertEquals($code['client_id'], 'client ID2');
- $this->assertEquals($code['user_id'], 'SOMEOTHERID');
- $this->assertEquals($code['redirect_uri'], 'http://example.org');
- $this->assertEquals($code['expires'], $expires);
-
- // add new code with scope having an empty string value
- $expires = time() + 20;
- $success = $storage->setAuthorizationCode('newcode', 'client ID', 'SOMEUSERID', 'http://example.com', $expires, '');
- $this->assertTrue($success);
- }
-
- /** @dataProvider provideStorage */
- public function testExpireAccessToken(AccessTokenInterface $storage)
- {
- if ($storage instanceof NullStorage) {
- $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage());
-
- return;
- }
-
- // create a valid code
- $expires = time() + 20;
- $success = $storage->setAuthorizationCode('code-to-expire', 'client ID', 'SOMEUSERID', 'http://example.com', time() + 20);
- $this->assertTrue($success);
-
- // verify the new code exists
- $code = $storage->getAuthorizationCode('code-to-expire');
- $this->assertNotNull($code);
-
- $this->assertArrayHasKey('authorization_code', $code);
- $this->assertEquals($code['authorization_code'], 'code-to-expire');
-
- // now expire the code and ensure it's no longer available
- $storage->expireAuthorizationCode('code-to-expire');
- $code = $storage->getAuthorizationCode('code-to-expire');
- $this->assertFalse($code);
- }
-}
diff --git a/library/oauth2/test/OAuth2/Storage/ClientCredentialsTest.php b/library/oauth2/test/OAuth2/Storage/ClientCredentialsTest.php
deleted file mode 100644
index 15289af30..000000000
--- a/library/oauth2/test/OAuth2/Storage/ClientCredentialsTest.php
+++ /dev/null
@@ -1,28 +0,0 @@
-<?php
-
-namespace OAuth2\Storage;
-
-class ClientCredentialsTest extends BaseTest
-{
- /** @dataProvider provideStorage */
- public function testCheckClientCredentials(ClientCredentialsInterface $storage)
- {
- if ($storage instanceof NullStorage) {
- $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage());
-
- return;
- }
-
- // nonexistant client_id
- $pass = $storage->checkClientCredentials('fakeclient', 'testpass');
- $this->assertFalse($pass);
-
- // invalid password
- $pass = $storage->checkClientCredentials('oauth_test_client', 'invalidcredentials');
- $this->assertFalse($pass);
-
- // valid credentials
- $pass = $storage->checkClientCredentials('oauth_test_client', 'testpass');
- $this->assertTrue($pass);
- }
-}
diff --git a/library/oauth2/test/OAuth2/Storage/ClientTest.php b/library/oauth2/test/OAuth2/Storage/ClientTest.php
deleted file mode 100644
index 6a5cc0b49..000000000
--- a/library/oauth2/test/OAuth2/Storage/ClientTest.php
+++ /dev/null
@@ -1,110 +0,0 @@
-<?php
-
-namespace OAuth2\Storage;
-
-class ClientTest extends BaseTest
-{
- /** @dataProvider provideStorage */
- public function testGetClientDetails(ClientInterface $storage)
- {
- if ($storage instanceof NullStorage) {
- $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage());
-
- return;
- }
-
- // nonexistant client_id
- $details = $storage->getClientDetails('fakeclient');
- $this->assertFalse($details);
-
- // valid client_id
- $details = $storage->getClientDetails('oauth_test_client');
- $this->assertNotNull($details);
- $this->assertArrayHasKey('client_id', $details);
- $this->assertArrayHasKey('client_secret', $details);
- $this->assertArrayHasKey('redirect_uri', $details);
- }
-
- /** @dataProvider provideStorage */
- public function testCheckRestrictedGrantType(ClientInterface $storage)
- {
- if ($storage instanceof NullStorage) {
- $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage());
-
- return;
- }
-
- // Check invalid
- $pass = $storage->checkRestrictedGrantType('oauth_test_client', 'authorization_code');
- $this->assertFalse($pass);
-
- // Check valid
- $pass = $storage->checkRestrictedGrantType('oauth_test_client', 'implicit');
- $this->assertTrue($pass);
- }
-
- /** @dataProvider provideStorage */
- public function testGetAccessToken(ClientInterface $storage)
- {
- if ($storage instanceof NullStorage) {
- $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage());
-
- return;
- }
-
- // nonexistant client_id
- $details = $storage->getAccessToken('faketoken');
- $this->assertFalse($details);
-
- // valid client_id
- $details = $storage->getAccessToken('testtoken');
- $this->assertNotNull($details);
- }
-
- /** @dataProvider provideStorage */
- public function testIsPublicClient(ClientInterface $storage)
- {
- if ($storage instanceof NullStorage) {
- $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage());
-
- return;
- }
-
- $publicClientId = 'public-client-'.rand();
- $confidentialClientId = 'confidential-client-'.rand();
-
- // create a new client
- $success1 = $storage->setClientDetails($publicClientId, '');
- $success2 = $storage->setClientDetails($confidentialClientId, 'some-secret');
- $this->assertTrue($success1);
- $this->assertTrue($success2);
-
- // assert isPublicClient for both
- $this->assertTrue($storage->isPublicClient($publicClientId));
- $this->assertFalse($storage->isPublicClient($confidentialClientId));
- }
-
- /** @dataProvider provideStorage */
- public function testSaveClient(ClientInterface $storage)
- {
- if ($storage instanceof NullStorage) {
- $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage());
-
- return;
- }
-
- $clientId = 'some-client-'.rand();
-
- // create a new client
- $success = $storage->setClientDetails($clientId, 'somesecret', 'http://test.com', 'client_credentials', 'clientscope1', 'brent@brentertainment.com');
- $this->assertTrue($success);
-
- // valid client_id
- $details = $storage->getClientDetails($clientId);
- $this->assertEquals($details['client_secret'], 'somesecret');
- $this->assertEquals($details['redirect_uri'], 'http://test.com');
- $this->assertEquals($details['grant_types'], 'client_credentials');
- $this->assertEquals($details['scope'], 'clientscope1');
- $this->assertEquals($details['user_id'], 'brent@brentertainment.com');
- }
-}
diff --git a/library/oauth2/test/OAuth2/Storage/DynamoDBTest.php b/library/oauth2/test/OAuth2/Storage/DynamoDBTest.php
deleted file mode 100644
index 2147f0914..000000000
--- a/library/oauth2/test/OAuth2/Storage/DynamoDBTest.php
+++ /dev/null
@@ -1,40 +0,0 @@
-<?php
-
-namespace OAuth2\Storage;
-
-class DynamoDBTest extends BaseTest
-{
- public function testGetDefaultScope()
- {
- $client = $this->getMockBuilder('\Aws\DynamoDb\DynamoDbClient')
- ->disableOriginalConstructor()
- ->setMethods(array('query'))
- ->getMock();
-
- $return = $this->getMockBuilder('\Guzzle\Service\Resource\Model')
- ->setMethods(array('count', 'toArray'))
- ->getMock();
-
- $data = array(
- 'Items' => array(),
- 'Count' => 0,
- 'ScannedCount'=> 0
- );
-
- $return->expects($this->once())
- ->method('count')
- ->will($this->returnValue(count($data)));
-
- $return->expects($this->once())
- ->method('toArray')
- ->will($this->returnValue($data));
-
- // should return null default scope if none is set in database
- $client->expects($this->once())
- ->method('query')
- ->will($this->returnValue($return));
-
- $storage = new DynamoDB($client);
- $this->assertNull($storage->getDefaultScope());
- }
-}
diff --git a/library/oauth2/test/OAuth2/Storage/JwtAccessTokenTest.php b/library/oauth2/test/OAuth2/Storage/JwtAccessTokenTest.php
deleted file mode 100644
index a6acbea1f..000000000
--- a/library/oauth2/test/OAuth2/Storage/JwtAccessTokenTest.php
+++ /dev/null
@@ -1,41 +0,0 @@
-<?php
-
-namespace OAuth2\Storage;
-
-use OAuth2\Encryption\Jwt;
-
-class JwtAccessTokenTest extends BaseTest
-{
- /** @dataProvider provideStorage */
- public function testSetAccessToken($storage)
- {
- if (!$storage instanceof PublicKey) {
- // incompatible storage
- return;
- }
-
- $crypto = new jwtAccessToken($storage);
-
- $publicKeyStorage = Bootstrap::getInstance()->getMemoryStorage();
- $encryptionUtil = new Jwt();
-
- $jwtAccessToken = array(
- 'access_token' => rand(),
- 'expires' => time() + 100,
- 'scope' => 'foo',
- );
-
- $token = $encryptionUtil->encode($jwtAccessToken, $storage->getPrivateKey(), $storage->getEncryptionAlgorithm());
-
- $this->assertNotNull($token);
-
- $tokenData = $crypto->getAccessToken($token);
-
- $this->assertTrue(is_array($tokenData));
-
- /* assert the decoded token is the same */
- $this->assertEquals($tokenData['access_token'], $jwtAccessToken['access_token']);
- $this->assertEquals($tokenData['expires'], $jwtAccessToken['expires']);
- $this->assertEquals($tokenData['scope'], $jwtAccessToken['scope']);
- }
-}
diff --git a/library/oauth2/test/OAuth2/Storage/JwtBearerTest.php b/library/oauth2/test/OAuth2/Storage/JwtBearerTest.php
deleted file mode 100644
index d0ab9b899..000000000
--- a/library/oauth2/test/OAuth2/Storage/JwtBearerTest.php
+++ /dev/null
@@ -1,25 +0,0 @@
-<?php
-
-namespace OAuth2\Storage;
-
-class JwtBearerTest extends BaseTest
-{
- /** @dataProvider provideStorage */
- public function testGetClientKey(JwtBearerInterface $storage)
- {
- if ($storage instanceof NullStorage) {
- $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage());
-
- return;
- }
-
- // nonexistant client_id
- $key = $storage->getClientKey('this-is-not-real', 'nor-is-this');
- $this->assertFalse($key);
-
- // valid client_id and subject
- $key = $storage->getClientKey('oauth_test_client', 'test_subject');
- $this->assertNotNull($key);
- $this->assertEquals($key, Bootstrap::getInstance()->getTestPublicKey());
- }
-}
diff --git a/library/oauth2/test/OAuth2/Storage/PdoTest.php b/library/oauth2/test/OAuth2/Storage/PdoTest.php
deleted file mode 100644
index 57eb39072..000000000
--- a/library/oauth2/test/OAuth2/Storage/PdoTest.php
+++ /dev/null
@@ -1,39 +0,0 @@
-<?php
-
-namespace OAuth2\Storage;
-
-class PdoTest extends BaseTest
-{
- public function testCreatePdoStorageUsingPdoClass()
- {
- $pdo = new \PDO(sprintf('sqlite://%s', Bootstrap::getInstance()->getSqliteDir()));
- $storage = new Pdo($pdo);
-
- $this->assertNotNull($storage->getClientDetails('oauth_test_client'));
- }
-
- public function testCreatePdoStorageUsingDSN()
- {
- $dsn = sprintf('sqlite://%s', Bootstrap::getInstance()->getSqliteDir());
- $storage = new Pdo($dsn);
-
- $this->assertNotNull($storage->getClientDetails('oauth_test_client'));
- }
-
- public function testCreatePdoStorageUsingConfig()
- {
- $config = array('dsn' => sprintf('sqlite://%s', Bootstrap::getInstance()->getSqliteDir()));
- $storage = new Pdo($config);
-
- $this->assertNotNull($storage->getClientDetails('oauth_test_client'));
- }
-
- /**
- * @expectedException InvalidArgumentException dsn
- */
- public function testCreatePdoStorageWithoutDSNThrowsException()
- {
- $config = array('username' => 'brent', 'password' => 'brentisaballer');
- $storage = new Pdo($config);
- }
-}
diff --git a/library/oauth2/test/OAuth2/Storage/PublicKeyTest.php b/library/oauth2/test/OAuth2/Storage/PublicKeyTest.php
deleted file mode 100644
index f85195870..000000000
--- a/library/oauth2/test/OAuth2/Storage/PublicKeyTest.php
+++ /dev/null
@@ -1,29 +0,0 @@
-<?php
-
-namespace OAuth2\Storage;
-
-class PublicKeyTest extends BaseTest
-{
- /** @dataProvider provideStorage */
- public function testSetAccessToken($storage)
- {
- if ($storage instanceof NullStorage) {
- $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage());
-
- return;
- }
-
- if (!$storage instanceof PublicKeyInterface) {
- // incompatible storage
- return;
- }
-
- $configDir = Bootstrap::getInstance()->getConfigDir();
- $globalPublicKey = file_get_contents($configDir.'/keys/id_rsa.pub');
- $globalPrivateKey = file_get_contents($configDir.'/keys/id_rsa');
-
- /* assert values from storage */
- $this->assertEquals($storage->getPublicKey(), $globalPublicKey);
- $this->assertEquals($storage->getPrivateKey(), $globalPrivateKey);
- }
-}
diff --git a/library/oauth2/test/OAuth2/Storage/RefreshTokenTest.php b/library/oauth2/test/OAuth2/Storage/RefreshTokenTest.php
deleted file mode 100644
index 314c93195..000000000
--- a/library/oauth2/test/OAuth2/Storage/RefreshTokenTest.php
+++ /dev/null
@@ -1,41 +0,0 @@
-<?php
-
-namespace OAuth2\Storage;
-
-class RefreshTokenTest extends BaseTest
-{
- /** @dataProvider provideStorage */
- public function testSetRefreshToken(RefreshTokenInterface $storage)
- {
- if ($storage instanceof NullStorage) {
- $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage());
-
- return;
- }
-
- // assert token we are about to add does not exist
- $token = $storage->getRefreshToken('refreshtoken');
- $this->assertFalse($token);
-
- // add new token
- $expires = time() + 20;
- $success = $storage->setRefreshToken('refreshtoken', 'client ID', 'SOMEUSERID', $expires);
- $this->assertTrue($success);
-
- $token = $storage->getRefreshToken('refreshtoken');
- $this->assertNotNull($token);
- $this->assertArrayHasKey('refresh_token', $token);
- $this->assertArrayHasKey('client_id', $token);
- $this->assertArrayHasKey('user_id', $token);
- $this->assertArrayHasKey('expires', $token);
- $this->assertEquals($token['refresh_token'], 'refreshtoken');
- $this->assertEquals($token['client_id'], 'client ID');
- $this->assertEquals($token['user_id'], 'SOMEUSERID');
- $this->assertEquals($token['expires'], $expires);
-
- // add token with scope having an empty string value
- $expires = time() + 20;
- $success = $storage->setRefreshToken('refreshtoken2', 'client ID', 'SOMEUSERID', $expires, '');
- $this->assertTrue($success);
- }
-}
diff --git a/library/oauth2/test/OAuth2/Storage/ScopeTest.php b/library/oauth2/test/OAuth2/Storage/ScopeTest.php
deleted file mode 100644
index fd1edeb93..000000000
--- a/library/oauth2/test/OAuth2/Storage/ScopeTest.php
+++ /dev/null
@@ -1,53 +0,0 @@
-<?php
-
-namespace OAuth2\Storage;
-
-use OAuth2\Scope;
-
-class ScopeTest extends BaseTest
-{
- /** @dataProvider provideStorage */
- public function testScopeExists($storage)
- {
- if ($storage instanceof NullStorage) {
- $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage());
-
- return;
- }
-
- if (!$storage instanceof ScopeInterface) {
- // incompatible storage
- return;
- }
-
- //Test getting scopes
- $scopeUtil = new Scope($storage);
- $this->assertTrue($scopeUtil->scopeExists('supportedscope1'));
- $this->assertTrue($scopeUtil->scopeExists('supportedscope1 supportedscope2 supportedscope3'));
- $this->assertFalse($scopeUtil->scopeExists('fakescope'));
- $this->assertFalse($scopeUtil->scopeExists('supportedscope1 supportedscope2 supportedscope3 fakescope'));
- }
-
- /** @dataProvider provideStorage */
- public function testGetDefaultScope($storage)
- {
- if ($storage instanceof NullStorage) {
- $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage());
-
- return;
- }
-
- if (!$storage instanceof ScopeInterface) {
- // incompatible storage
- return;
- }
-
- // test getting default scope
- $scopeUtil = new Scope($storage);
- $expected = explode(' ', $scopeUtil->getDefaultScope());
- $actual = explode(' ', 'defaultscope1 defaultscope2');
- sort($expected);
- sort($actual);
- $this->assertEquals($expected, $actual);
- }
-}
diff --git a/library/oauth2/test/OAuth2/Storage/UserCredentialsTest.php b/library/oauth2/test/OAuth2/Storage/UserCredentialsTest.php
deleted file mode 100644
index 65655a6b2..000000000
--- a/library/oauth2/test/OAuth2/Storage/UserCredentialsTest.php
+++ /dev/null
@@ -1,40 +0,0 @@
-<?php
-
-namespace OAuth2\Storage;
-
-class UserCredentialsTest extends BaseTest
-{
- /** @dataProvider provideStorage */
- public function testCheckUserCredentials(UserCredentialsInterface $storage)
- {
- if ($storage instanceof NullStorage) {
- $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage());
-
- return;
- }
-
- // create a new user for testing
- $success = $storage->setUser('testusername', 'testpass', 'Test', 'User');
- $this->assertTrue($success);
-
- // correct credentials
- $this->assertTrue($storage->checkUserCredentials('testusername', 'testpass'));
- // invalid password
- $this->assertFalse($storage->checkUserCredentials('testusername', 'fakepass'));
- // invalid username
- $this->assertFalse($storage->checkUserCredentials('fakeusername', 'testpass'));
-
- // invalid username
- $this->assertFalse($storage->getUserDetails('fakeusername'));
-
- // ensure all properties are set
- $user = $storage->getUserDetails('testusername');
- $this->assertTrue($user !== false);
- $this->assertArrayHasKey('user_id', $user);
- $this->assertArrayHasKey('first_name', $user);
- $this->assertArrayHasKey('last_name', $user);
- $this->assertEquals($user['user_id'], 'testusername');
- $this->assertEquals($user['first_name'], 'Test');
- $this->assertEquals($user['last_name'], 'User');
- }
-}
diff --git a/library/oauth2/test/OAuth2/TokenType/BearerTest.php b/library/oauth2/test/OAuth2/TokenType/BearerTest.php
deleted file mode 100644
index a2e000e22..000000000
--- a/library/oauth2/test/OAuth2/TokenType/BearerTest.php
+++ /dev/null
@@ -1,58 +0,0 @@
-<?php
-
-namespace OAuth2\TokenType;
-
-use OAuth2\Request\TestRequest;
-use OAuth2\Response;
-
-class BearerTest extends \PHPUnit_Framework_TestCase
-{
- public function testValidContentTypeWithCharset()
- {
- $bearer = new Bearer();
- $request = TestRequest::createPost(array(
- 'access_token' => 'ThisIsMyAccessToken'
- ));
- $request->server['CONTENT_TYPE'] = 'application/x-www-form-urlencoded; charset=UTF-8';
-
- $param = $bearer->getAccessTokenParameter($request, $response = new Response());
- $this->assertEquals($param, 'ThisIsMyAccessToken');
- }
-
- public function testInvalidContentType()
- {
- $bearer = new Bearer();
- $request = TestRequest::createPost(array(
- 'access_token' => 'ThisIsMyAccessToken'
- ));
- $request->server['CONTENT_TYPE'] = 'application/json; charset=UTF-8';
-
- $param = $bearer->getAccessTokenParameter($request, $response = new Response());
- $this->assertNull($param);
- $this->assertEquals($response->getStatusCode(), 400);
- $this->assertEquals($response->getParameter('error'), 'invalid_request');
- $this->assertEquals($response->getParameter('error_description'), 'The content type for POST requests must be "application/x-www-form-urlencoded"');
- }
-
- public function testValidRequestUsingAuthorizationHeader()
- {
- $bearer = new Bearer();
- $request = new TestRequest();
- $request->headers['AUTHORIZATION'] = 'Bearer MyToken';
- $request->server['CONTENT_TYPE'] = 'application/x-www-form-urlencoded; charset=UTF-8';
-
- $param = $bearer->getAccessTokenParameter($request, $response = new Response());
- $this->assertEquals('MyToken', $param);
- }
-
- public function testValidRequestUsingAuthorizationHeaderCaseInsensitive()
- {
- $bearer = new Bearer();
- $request = new TestRequest();
- $request->server['CONTENT_TYPE'] = 'application/x-www-form-urlencoded; charset=UTF-8';
- $request->headers['Authorization'] = 'Bearer MyToken';
-
- $param = $bearer->getAccessTokenParameter($request, $response = new Response());
- $this->assertEquals('MyToken', $param);
- }
-}
diff --git a/library/oauth2/test/bootstrap.php b/library/oauth2/test/bootstrap.php
deleted file mode 100644
index 0a4af0716..000000000
--- a/library/oauth2/test/bootstrap.php
+++ /dev/null
@@ -1,12 +0,0 @@
-<?php
-
-require_once(dirname(__FILE__).'/../src/OAuth2/Autoloader.php');
-OAuth2\Autoloader::register();
-
-// register test classes
-OAuth2\Autoloader::register(dirname(__FILE__).'/lib');
-
-// register vendors if possible
-if (file_exists(__DIR__.'/../vendor/autoload.php')) {
- require_once(__DIR__.'/../vendor/autoload.php');
-}
diff --git a/library/oauth2/test/cleanup.php b/library/oauth2/test/cleanup.php
deleted file mode 100644
index 8663a901b..000000000
--- a/library/oauth2/test/cleanup.php
+++ /dev/null
@@ -1,15 +0,0 @@
-<?php
-
-require_once(dirname(__FILE__).'/../src/OAuth2/Autoloader.php');
-OAuth2\Autoloader::register();
-
-// register test classes
-OAuth2\Autoloader::register(dirname(__FILE__).'/lib');
-
-// register vendors if possible
-if (file_exists(__DIR__.'/../vendor/autoload.php')) {
- require_once(__DIR__.'/../vendor/autoload.php');
-}
-
-// remove the dynamoDB database that was created for this build
-OAuth2\Storage\Bootstrap::getInstance()->cleanupTravisDynamoDb();
diff --git a/library/oauth2/test/config/keys/id_rsa b/library/oauth2/test/config/keys/id_rsa
deleted file mode 100644
index e8b9eff2d..000000000
--- a/library/oauth2/test/config/keys/id_rsa
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQC8fpi06NfVYHAOAnxNMVnTXr/ptsLsNjP+uAt2eO0cc5J9H5XV
-8lFVujOrRu/JWi1TDmAvOaf/6A3BphIA1Pwp0AAqlZdwizIum8j0KzpsGYH5qReN
-QDwF3oUSKMsQCCGCDHrDYifG/pRi9bN1ZVjEXPr35HJuBe+FQpZTs8DewwIDAQAB
-AoGARfNxNknmtx/n1bskZ/01iZRzAge6BLEE0LV6Q4gS7mkRZu/Oyiv39Sl5vUlA
-+WdGxLjkBwKNjxGN8Vxw9/ASd8rSsqeAUYIwAeifXrHhj5DBPQT/pDPkeFnp9B1w
-C6jo+3AbBQ4/b0ONSIEnCL2xGGglSIAxO17T1ViXp7lzXPECQQDe63nkRdWM0OCb
-oaHQPT3E26224maIstrGFUdt9yw3yJf4bOF7TtiPLlLuHsTTge3z+fG6ntC0xG56
-1cl37C3ZAkEA2HdVcRGugNp/qmVz4LJTpD+WZKi73PLAO47wDOrYh9Pn2I6fcEH0
-CPnggt1ko4ujvGzFTvRH64HXa6aPCv1j+wJBAMQMah3VQPNf/DlDVFEUmw9XeBZg
-VHaifX851aEjgXLp6qVj9IYCmLiLsAmVa9rr6P7p8asD418nZlaHUHE0eDkCQQCr
-uxis6GMx1Ka971jcJX2X696LoxXPd0KsvXySMupv79yagKPa8mgBiwPjrnK+EPVo
-cj6iochA/bSCshP/mwFrAkBHEKPi6V6gb94JinCT7x3weahbdp6bJ6/nzBH/p9VA
-HoT1JtwNFhGv9BCjmDydshQHfSWpY9NxlccBKL7ITm8R
------END RSA PRIVATE KEY----- \ No newline at end of file
diff --git a/library/oauth2/test/config/keys/id_rsa.pub b/library/oauth2/test/config/keys/id_rsa.pub
deleted file mode 100644
index 1ac15f5eb..000000000
--- a/library/oauth2/test/config/keys/id_rsa.pub
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICiDCCAfGgAwIBAgIBADANBgkqhkiG9w0BAQQFADA9MQswCQYDVQQGEwJVUzEL
-MAkGA1UECBMCVVQxITAfBgNVBAoTGFZpZ25ldHRlIENvcnBvcmF0aW9uIFNCWDAe
-Fw0xMTEwMTUwMzE4MjdaFw0zMTEwMTAwMzE4MjdaMD0xCzAJBgNVBAYTAlVTMQsw
-CQYDVQQIEwJVVDEhMB8GA1UEChMYVmlnbmV0dGUgQ29ycG9yYXRpb24gU0JYMIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8fpi06NfVYHAOAnxNMVnTXr/ptsLs
-NjP+uAt2eO0cc5J9H5XV8lFVujOrRu/JWi1TDmAvOaf/6A3BphIA1Pwp0AAqlZdw
-izIum8j0KzpsGYH5qReNQDwF3oUSKMsQCCGCDHrDYifG/pRi9bN1ZVjEXPr35HJu
-Be+FQpZTs8DewwIDAQABo4GXMIGUMB0GA1UdDgQWBBRe8hrEXm+Yim4YlD5Nx+1K
-vCYs9DBlBgNVHSMEXjBcgBRe8hrEXm+Yim4YlD5Nx+1KvCYs9KFBpD8wPTELMAkG
-A1UEBhMCVVMxCzAJBgNVBAgTAlVUMSEwHwYDVQQKExhWaWduZXR0ZSBDb3Jwb3Jh
-dGlvbiBTQliCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBjhyRD
-lM7vnLn6drgQVftW5V9nDFAyPAuiGvMIKFSbiAf1PxXCRn5sfJquwWKsJUi4ZGNl
-aViXdFmN6/F13PSM+yg63tpKy0fYqMbTM+Oe5WuSHkSW1VuYNHV+24adgNk/FRDL
-FRrlM1f6s9VTLWvwGItjfrof0Ba8Uq7ZDSb9Xg==
------END CERTIFICATE----- \ No newline at end of file
diff --git a/library/oauth2/test/config/storage.json b/library/oauth2/test/config/storage.json
deleted file mode 100644
index a31d3bca2..000000000
--- a/library/oauth2/test/config/storage.json
+++ /dev/null
@@ -1,181 +0,0 @@
-{
- "authorization_codes": {
- "testcode": {
- "client_id": "Test Client ID",
- "user_id": "",
- "redirect_uri": "",
- "expires": "9999999999",
- "id_token": "IDTOKEN"
- },
- "testcode-with-scope": {
- "client_id": "Test Client ID",
- "user_id": "",
- "redirect_uri": "",
- "expires": "9999999999",
- "scope": "scope1 scope2"
- },
- "testcode-expired": {
- "client_id": "Test Client ID",
- "user_id": "",
- "redirect_uri": "",
- "expires": "1356998400"
- },
- "testcode-empty-secret": {
- "client_id": "Test Client ID Empty Secret",
- "user_id": "",
- "redirect_uri": "",
- "expires": "9999999999"
- },
- "testcode-openid": {
- "client_id": "Test Client ID",
- "user_id": "",
- "redirect_uri": "",
- "expires": "9999999999",
- "id_token": "test_id_token"
- }
- },
- "client_credentials" : {
- "Test Client ID": {
- "client_secret": "TestSecret"
- },
- "Test Client ID with Redirect Uri": {
- "client_secret": "TestSecret2",
- "redirect_uri": "http://brentertainment.com"
- },
- "Test Client ID with Buggy Redirect Uri": {
- "client_secret": "TestSecret2",
- "redirect_uri": " http://brentertainment.com"
- },
- "Test Client ID with Multiple Redirect Uris": {
- "client_secret": "TestSecret3",
- "redirect_uri": "http://brentertainment.com http://morehazards.com"
- },
- "Test Client ID with Redirect Uri Parts": {
- "client_secret": "TestSecret4",
- "redirect_uri": "http://user:pass@brentertainment.com:2222/authorize/cb?auth_type=oauth&test=true"
- },
- "Test Some Other Client": {
- "client_secret": "TestSecret3"
- },
- "Test Client ID Empty Secret": {
- "client_secret": ""
- },
- "Test Client ID For Password Grant": {
- "grant_types": "password",
- "client_secret": ""
- },
- "Client ID With User ID": {
- "client_secret": "TestSecret",
- "user_id": "brent@brentertainment.com"
- },
- "oauth_test_client": {
- "client_secret": "testpass",
- "grant_types": "implicit password"
- }
- },
- "user_credentials" : {
- "test-username": {
- "password": "testpass"
- },
- "testusername": {
- "password": "testpass"
- },
- "testuser": {
- "password": "password",
- "email": "testuser@test.com",
- "email_verified": true
- },
- "johndoe": {
- "password": "password"
- }
- },
- "refresh_tokens" : {
- "test-refreshtoken": {
- "refresh_token": "test-refreshtoken",
- "client_id": "Test Client ID",
- "user_id": "test-username",
- "expires": 0,
- "scope": null
- },
- "test-refreshtoken-with-scope": {
- "refresh_token": "test-refreshtoken",
- "client_id": "Test Client ID",
- "user_id": "test-username",
- "expires": 0,
- "scope": "scope1 scope2"
- }
- },
- "access_tokens" : {
- "accesstoken-expired": {
- "access_token": "accesstoken-expired",
- "client_id": "Test Client ID",
- "expires": 1234567,
- "scope": null
- },
- "accesstoken-scope": {
- "access_token": "accesstoken-scope",
- "client_id": "Test Client ID",
- "expires": 99999999900,
- "scope": "testscope"
- },
- "accesstoken-openid-connect": {
- "access_token": "accesstoken-openid-connect",
- "client_id": "Test Client ID",
- "user_id": "testuser",
- "expires": 99999999900,
- "scope": "openid email"
- },
- "accesstoken-malformed": {
- "access_token": "accesstoken-mallformed",
- "expires": 99999999900,
- "scope": "testscope"
- }
- },
- "jwt": {
- "Test Client ID": {
- "key": "-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5/SxVlE8gnpFqCxgl2wjhzY7u\ncEi00s0kUg3xp7lVEvgLgYcAnHiWp+gtSjOFfH2zsvpiWm6Lz5f743j/FEzHIO1o\nwR0p4d9pOaJK07d01+RzoQLOIQAgXrr4T1CCWUesncwwPBVCyy2Mw3Nmhmr9MrF8\nUlvdRKBxriRnlP3qJQIDAQAB\n-----END PUBLIC KEY-----",
- "subject": "testuser@ourdomain.com"
- },
- "Test Client ID PHP-5.2": {
- "key": "mysecretkey",
- "subject": "testuser@ourdomain.com"
- },
- "Missing Key Client": {
- "key": null,
- "subject": "testuser@ourdomain.com"
- },
- "Missing Key Client PHP-5.2": {
- "key": null,
- "subject": "testuser@ourdomain.com"
- },
- "oauth_test_client": {
- "key": "-----BEGIN CERTIFICATE-----\nMIICiDCCAfGgAwIBAgIBADANBgkqhkiG9w0BAQQFADA9MQswCQYDVQQGEwJVUzEL\nMAkGA1UECBMCVVQxITAfBgNVBAoTGFZpZ25ldHRlIENvcnBvcmF0aW9uIFNCWDAe\nFw0xMTEwMTUwMzE4MjdaFw0zMTEwMTAwMzE4MjdaMD0xCzAJBgNVBAYTAlVTMQsw\nCQYDVQQIEwJVVDEhMB8GA1UEChMYVmlnbmV0dGUgQ29ycG9yYXRpb24gU0JYMIGf\nMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8fpi06NfVYHAOAnxNMVnTXr/ptsLs\nNjP+uAt2eO0cc5J9H5XV8lFVujOrRu/JWi1TDmAvOaf/6A3BphIA1Pwp0AAqlZdw\nizIum8j0KzpsGYH5qReNQDwF3oUSKMsQCCGCDHrDYifG/pRi9bN1ZVjEXPr35HJu\nBe+FQpZTs8DewwIDAQABo4GXMIGUMB0GA1UdDgQWBBRe8hrEXm+Yim4YlD5Nx+1K\nvCYs9DBlBgNVHSMEXjBcgBRe8hrEXm+Yim4YlD5Nx+1KvCYs9KFBpD8wPTELMAkG\nA1UEBhMCVVMxCzAJBgNVBAgTAlVUMSEwHwYDVQQKExhWaWduZXR0ZSBDb3Jwb3Jh\ndGlvbiBTQliCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBjhyRD\nlM7vnLn6drgQVftW5V9nDFAyPAuiGvMIKFSbiAf1PxXCRn5sfJquwWKsJUi4ZGNl\naViXdFmN6/F13PSM+yg63tpKy0fYqMbTM+Oe5WuSHkSW1VuYNHV+24adgNk/FRDL\nFRrlM1f6s9VTLWvwGItjfrof0Ba8Uq7ZDSb9Xg==\n-----END CERTIFICATE-----",
- "subject": "test_subject"
- }
- },
- "jti": [
- {
- "issuer": "Test Client ID",
- "subject": "testuser@ourdomain.com",
- "audience": "http://myapp.com/oauth/auth",
- "expires": 99999999900,
- "jti": "used_jti"
- }
- ],
- "supported_scopes" : [
- "scope1",
- "scope2",
- "scope3",
- "clientscope1",
- "clientscope2",
- "clientscope3",
- "supportedscope1",
- "supportedscope2",
- "supportedscope3",
- "supportedscope4"
- ],
- "keys": {
- "public_key": "-----BEGIN CERTIFICATE-----\nMIICiDCCAfGgAwIBAgIBADANBgkqhkiG9w0BAQQFADA9MQswCQYDVQQGEwJVUzEL\nMAkGA1UECBMCVVQxITAfBgNVBAoTGFZpZ25ldHRlIENvcnBvcmF0aW9uIFNCWDAe\nFw0xMTEwMTUwMzE4MjdaFw0zMTEwMTAwMzE4MjdaMD0xCzAJBgNVBAYTAlVTMQsw\nCQYDVQQIEwJVVDEhMB8GA1UEChMYVmlnbmV0dGUgQ29ycG9yYXRpb24gU0JYMIGf\nMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8fpi06NfVYHAOAnxNMVnTXr/ptsLs\nNjP+uAt2eO0cc5J9H5XV8lFVujOrRu/JWi1TDmAvOaf/6A3BphIA1Pwp0AAqlZdw\nizIum8j0KzpsGYH5qReNQDwF3oUSKMsQCCGCDHrDYifG/pRi9bN1ZVjEXPr35HJu\nBe+FQpZTs8DewwIDAQABo4GXMIGUMB0GA1UdDgQWBBRe8hrEXm+Yim4YlD5Nx+1K\nvCYs9DBlBgNVHSMEXjBcgBRe8hrEXm+Yim4YlD5Nx+1KvCYs9KFBpD8wPTELMAkG\nA1UEBhMCVVMxCzAJBgNVBAgTAlVUMSEwHwYDVQQKExhWaWduZXR0ZSBDb3Jwb3Jh\ndGlvbiBTQliCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBjhyRD\nlM7vnLn6drgQVftW5V9nDFAyPAuiGvMIKFSbiAf1PxXCRn5sfJquwWKsJUi4ZGNl\naViXdFmN6/F13PSM+yg63tpKy0fYqMbTM+Oe5WuSHkSW1VuYNHV+24adgNk/FRDL\nFRrlM1f6s9VTLWvwGItjfrof0Ba8Uq7ZDSb9Xg==\n-----END CERTIFICATE-----",
- "private_key": "-----BEGIN RSA PRIVATE KEY-----\nMIICXQIBAAKBgQC8fpi06NfVYHAOAnxNMVnTXr/ptsLsNjP+uAt2eO0cc5J9H5XV\n8lFVujOrRu/JWi1TDmAvOaf/6A3BphIA1Pwp0AAqlZdwizIum8j0KzpsGYH5qReN\nQDwF3oUSKMsQCCGCDHrDYifG/pRi9bN1ZVjEXPr35HJuBe+FQpZTs8DewwIDAQAB\nAoGARfNxNknmtx/n1bskZ/01iZRzAge6BLEE0LV6Q4gS7mkRZu/Oyiv39Sl5vUlA\n+WdGxLjkBwKNjxGN8Vxw9/ASd8rSsqeAUYIwAeifXrHhj5DBPQT/pDPkeFnp9B1w\nC6jo+3AbBQ4/b0ONSIEnCL2xGGglSIAxO17T1ViXp7lzXPECQQDe63nkRdWM0OCb\noaHQPT3E26224maIstrGFUdt9yw3yJf4bOF7TtiPLlLuHsTTge3z+fG6ntC0xG56\n1cl37C3ZAkEA2HdVcRGugNp/qmVz4LJTpD+WZKi73PLAO47wDOrYh9Pn2I6fcEH0\nCPnggt1ko4ujvGzFTvRH64HXa6aPCv1j+wJBAMQMah3VQPNf/DlDVFEUmw9XeBZg\nVHaifX851aEjgXLp6qVj9IYCmLiLsAmVa9rr6P7p8asD418nZlaHUHE0eDkCQQCr\nuxis6GMx1Ka971jcJX2X696LoxXPd0KsvXySMupv79yagKPa8mgBiwPjrnK+EPVo\ncj6iochA/bSCshP/mwFrAkBHEKPi6V6gb94JinCT7x3weahbdp6bJ6/nzBH/p9VA\nHoT1JtwNFhGv9BCjmDydshQHfSWpY9NxlccBKL7ITm8R\n-----END RSA PRIVATE KEY-----"
- }
-}
diff --git a/library/oauth2/test/lib/OAuth2/Request/TestRequest.php b/library/oauth2/test/lib/OAuth2/Request/TestRequest.php
deleted file mode 100644
index 7bbce28a4..000000000
--- a/library/oauth2/test/lib/OAuth2/Request/TestRequest.php
+++ /dev/null
@@ -1,61 +0,0 @@
-<?php
-
-namespace OAuth2\Request;
-
-use OAuth2\Request;
-use OAuth2\RequestInterface;
-
-/**
-*
-*/
-class TestRequest extends Request implements RequestInterface
-{
- public $query, $request, $server, $headers;
-
- public function __construct()
- {
- $this->query = $_GET;
- $this->request = $_POST;
- $this->server = $_SERVER;
- $this->headers = array();
- }
-
- public function query($name, $default = null)
- {
- return isset($this->query[$name]) ? $this->query[$name] : $default;
- }
-
- public function request($name, $default = null)
- {
- return isset($this->request[$name]) ? $this->request[$name] : $default;
- }
-
- public function server($name, $default = null)
- {
- return isset($this->server[$name]) ? $this->server[$name] : $default;
- }
-
- public function getAllQueryParameters()
- {
- return $this->query;
- }
-
- public function setQuery(array $query)
- {
- $this->query = $query;
- }
-
- public function setPost(array $params)
- {
- $this->server['REQUEST_METHOD'] = 'POST';
- $this->request = $params;
- }
-
- public static function createPost(array $params = array())
- {
- $request = new self();
- $request->setPost($params);
-
- return $request;
- }
-}
diff --git a/library/oauth2/test/lib/OAuth2/Storage/BaseTest.php b/library/oauth2/test/lib/OAuth2/Storage/BaseTest.php
deleted file mode 100755
index 921d52500..000000000
--- a/library/oauth2/test/lib/OAuth2/Storage/BaseTest.php
+++ /dev/null
@@ -1,34 +0,0 @@
-<?php
-
-namespace OAuth2\Storage;
-
-abstract class BaseTest extends \PHPUnit_Framework_TestCase
-{
- public function provideStorage()
- {
- $memory = Bootstrap::getInstance()->getMemoryStorage();
- $sqlite = Bootstrap::getInstance()->getSqlitePdo();
- $mysql = Bootstrap::getInstance()->getMysqlPdo();
- $postgres = Bootstrap::getInstance()->getPostgresPdo();
- $mongo = Bootstrap::getInstance()->getMongo();
- $redis = Bootstrap::getInstance()->getRedisStorage();
- $cassandra = Bootstrap::getInstance()->getCassandraStorage();
- $dynamodb = Bootstrap::getInstance()->getDynamoDbStorage();
- $couchbase = Bootstrap::getInstance()->getCouchbase();
-
- /* hack until we can fix "default_scope" dependencies in other tests */
- $memory->defaultScope = 'defaultscope1 defaultscope2';
-
- return array(
- array($memory),
- array($sqlite),
- array($mysql),
- array($postgres),
- array($mongo),
- array($redis),
- array($cassandra),
- array($dynamodb),
- array($couchbase),
- );
- }
-}
diff --git a/library/oauth2/test/lib/OAuth2/Storage/Bootstrap.php b/library/oauth2/test/lib/OAuth2/Storage/Bootstrap.php
deleted file mode 100755
index 4ac9022b1..000000000
--- a/library/oauth2/test/lib/OAuth2/Storage/Bootstrap.php
+++ /dev/null
@@ -1,888 +0,0 @@
-<?php
-
-namespace OAuth2\Storage;
-
-class Bootstrap
-{
- const DYNAMODB_PHP_VERSION = 'none';
-
- protected static $instance;
- private $mysql;
- private $sqlite;
- private $postgres;
- private $mongo;
- private $redis;
- private $cassandra;
- private $configDir;
- private $dynamodb;
- private $couchbase;
-
- public function __construct()
- {
- $this->configDir = __DIR__.'/../../../config';
- }
-
- public static function getInstance()
- {
- if (!self::$instance) {
- self::$instance = new self();
- }
-
- return self::$instance;
- }
-
- public function getSqlitePdo()
- {
- if (!$this->sqlite) {
- $this->removeSqliteDb();
- $pdo = new \PDO(sprintf('sqlite://%s', $this->getSqliteDir()));
- $pdo->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION);
- $this->createSqliteDb($pdo);
-
- $this->sqlite = new Pdo($pdo);
- }
-
- return $this->sqlite;
- }
-
- public function getPostgresPdo()
- {
- if (!$this->postgres) {
- if (in_array('pgsql', \PDO::getAvailableDrivers())) {
- $this->removePostgresDb();
- $this->createPostgresDb();
- if ($pdo = $this->getPostgresDriver()) {
- $pdo->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION);
- $this->populatePostgresDb($pdo);
- $this->postgres = new Pdo($pdo);
- }
- } else {
- $this->postgres = new NullStorage('Postgres', 'Missing postgres PDO extension.');
- }
- }
-
- return $this->postgres;
- }
-
- public function getPostgresDriver()
- {
- try {
- $pdo = new \PDO('pgsql:host=localhost;dbname=oauth2_server_php', 'postgres');
-
- return $pdo;
- } catch (\PDOException $e) {
- $this->postgres = new NullStorage('Postgres', $e->getMessage());
- }
- }
-
- public function getMemoryStorage()
- {
- return new Memory(json_decode(file_get_contents($this->configDir. '/storage.json'), true));
- }
-
- public function getRedisStorage()
- {
- if (!$this->redis) {
- if (class_exists('Predis\Client')) {
- $redis = new \Predis\Client();
- if ($this->testRedisConnection($redis)) {
- $redis->flushdb();
- $this->redis = new Redis($redis);
- $this->createRedisDb($this->redis);
- } else {
- $this->redis = new NullStorage('Redis', 'Unable to connect to redis server on port 6379');
- }
- } else {
- $this->redis = new NullStorage('Redis', 'Missing redis library. Please run "composer.phar require predis/predis:dev-master"');
- }
- }
-
- return $this->redis;
- }
-
- private function testRedisConnection(\Predis\Client $redis)
- {
- try {
- $redis->connect();
- } catch (\Predis\CommunicationException $exception) {
- // we were unable to connect to the redis server
- return false;
- }
-
- return true;
- }
-
- public function getMysqlPdo()
- {
- if (!$this->mysql) {
- $pdo = null;
- try {
- $pdo = new \PDO('mysql:host=localhost;', 'root');
- } catch (\PDOException $e) {
- $this->mysql = new NullStorage('MySQL', 'Unable to connect to MySQL on root@localhost');
- }
-
- if ($pdo) {
- $pdo->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION);
- $this->removeMysqlDb($pdo);
- $this->createMysqlDb($pdo);
-
- $this->mysql = new Pdo($pdo);
- }
- }
-
- return $this->mysql;
- }
-
- public function getMongo()
- {
- if (!$this->mongo) {
- $skipMongo = $this->getEnvVar('SKIP_MONGO_TESTS');
- if (!$skipMongo && class_exists('MongoClient')) {
- $mongo = new \MongoClient('mongodb://localhost:27017', array('connect' => false));
- if ($this->testMongoConnection($mongo)) {
- $db = $mongo->oauth2_server_php;
- $this->removeMongoDb($db);
- $this->createMongoDb($db);
-
- $this->mongo = new Mongo($db);
- } else {
- $this->mongo = new NullStorage('Mongo', 'Unable to connect to mongo server on "localhost:27017"');
- }
- } else {
- $this->mongo = new NullStorage('Mongo', 'Missing mongo php extension. Please install mongo.so');
- }
- }
-
- return $this->mongo;
- }
-
- private function testMongoConnection(\MongoClient $mongo)
- {
- try {
- $mongo->connect();
- } catch (\MongoConnectionException $e) {
- return false;
- }
-
- return true;
- }
-
- public function getCouchbase()
- {
- if (!$this->couchbase) {
- if ($this->getEnvVar('SKIP_COUCHBASE_TESTS')) {
- $this->couchbase = new NullStorage('Couchbase', 'Skipping Couchbase tests');
- } elseif (!class_exists('Couchbase')) {
- $this->couchbase = new NullStorage('Couchbase', 'Missing Couchbase php extension. Please install couchbase.so');
- } else {
- // round-about way to make sure couchbase is working
- // this is required because it throws a "floating point exception" otherwise
- $code = "new \Couchbase(array('localhost:8091'), '', '', 'auth', false);";
- $exec = sprintf('php -r "%s"', $code);
- $ret = exec($exec, $test, $var);
- if ($ret != 0) {
- $couchbase = new \Couchbase(array('localhost:8091'), '', '', 'auth', false);
- if ($this->testCouchbaseConnection($couchbase)) {
- $this->clearCouchbase($couchbase);
- $this->createCouchbaseDB($couchbase);
-
- $this->couchbase = new CouchbaseDB($couchbase);
- } else {
- $this->couchbase = new NullStorage('Couchbase', 'Unable to connect to Couchbase server on "localhost:8091"');
- }
- } else {
- $this->couchbase = new NullStorage('Couchbase', 'Error while trying to connect to Couchbase');
- }
- }
- }
-
- return $this->couchbase;
- }
-
- private function testCouchbaseConnection(\Couchbase $couchbase)
- {
- try {
- if (count($couchbase->getServers()) > 0) {
- return true;
- }
- } catch (\CouchbaseException $e) {
- return false;
- }
-
- return true;
- }
-
- public function getCassandraStorage()
- {
- if (!$this->cassandra) {
- if (class_exists('phpcassa\ColumnFamily')) {
- $cassandra = new \phpcassa\Connection\ConnectionPool('oauth2_test', array('127.0.0.1:9160'));
- if ($this->testCassandraConnection($cassandra)) {
- $this->removeCassandraDb();
- $this->cassandra = new Cassandra($cassandra);
- $this->createCassandraDb($this->cassandra);
- } else {
- $this->cassandra = new NullStorage('Cassandra', 'Unable to connect to cassandra server on "127.0.0.1:9160"');
- }
- } else {
- $this->cassandra = new NullStorage('Cassandra', 'Missing cassandra library. Please run "composer.phar require thobbs/phpcassa:dev-master"');
- }
- }
-
- return $this->cassandra;
- }
-
- private function testCassandraConnection(\phpcassa\Connection\ConnectionPool $cassandra)
- {
- try {
- new \phpcassa\SystemManager('localhost:9160');
- } catch (\Exception $e) {
- return false;
- }
-
- return true;
- }
-
- private function removeCassandraDb()
- {
- $sys = new \phpcassa\SystemManager('localhost:9160');
-
- try {
- $sys->drop_keyspace('oauth2_test');
- } catch (\cassandra\InvalidRequestException $e) {
-
- }
- }
-
- private function createCassandraDb(Cassandra $storage)
- {
- // create the cassandra keyspace and column family
- $sys = new \phpcassa\SystemManager('localhost:9160');
-
- $sys->create_keyspace('oauth2_test', array(
- "strategy_class" => \phpcassa\Schema\StrategyClass::SIMPLE_STRATEGY,
- "strategy_options" => array('replication_factor' => '1')
- ));
-
- $sys->create_column_family('oauth2_test', 'auth');
- $cassandra = new \phpcassa\Connection\ConnectionPool('oauth2_test', array('127.0.0.1:9160'));
- $cf = new \phpcassa\ColumnFamily($cassandra, 'auth');
-
- // populate the data
- $storage->setClientDetails("oauth_test_client", "testpass", "http://example.com", 'implicit password');
- $storage->setAccessToken("testtoken", "Some Client", '', time() + 1000);
- $storage->setAuthorizationCode("testcode", "Some Client", '', '', time() + 1000);
-
- $storage->setScope('supportedscope1 supportedscope2 supportedscope3 supportedscope4');
- $storage->setScope('defaultscope1 defaultscope2', null, 'default');
-
- $storage->setScope('clientscope1 clientscope2', 'Test Client ID');
- $storage->setScope('clientscope1 clientscope2', 'Test Client ID', 'default');
-
- $storage->setScope('clientscope1 clientscope2 clientscope3', 'Test Client ID 2');
- $storage->setScope('clientscope1 clientscope2', 'Test Client ID 2', 'default');
-
- $storage->setScope('clientscope1 clientscope2', 'Test Default Scope Client ID');
- $storage->setScope('clientscope1 clientscope2', 'Test Default Scope Client ID', 'default');
-
- $storage->setScope('clientscope1 clientscope2 clientscope3', 'Test Default Scope Client ID 2');
- $storage->setScope('clientscope3', 'Test Default Scope Client ID 2', 'default');
-
- $storage->setClientKey('oauth_test_client', $this->getTestPublicKey(), 'test_subject');
-
- $cf->insert("oauth_public_keys:ClientID_One", array('__data' => json_encode(array("public_key" => "client_1_public", "private_key" => "client_1_private", "encryption_algorithm" => "RS256"))));
- $cf->insert("oauth_public_keys:ClientID_Two", array('__data' => json_encode(array("public_key" => "client_2_public", "private_key" => "client_2_private", "encryption_algorithm" => "RS256"))));
- $cf->insert("oauth_public_keys:", array('__data' => json_encode(array("public_key" => $this->getTestPublicKey(), "private_key" => $this->getTestPrivateKey(), "encryption_algorithm" => "RS256"))));
-
- $cf->insert("oauth_users:testuser", array('__data' =>json_encode(array("password" => "password", "email" => "testuser@test.com", "email_verified" => true))));
-
- }
-
- private function createSqliteDb(\PDO $pdo)
- {
- $this->runPdoSql($pdo);
- }
-
- private function removeSqliteDb()
- {
- if (file_exists($this->getSqliteDir())) {
- unlink($this->getSqliteDir());
- }
- }
-
- private function createMysqlDb(\PDO $pdo)
- {
- $pdo->exec('CREATE DATABASE oauth2_server_php');
- $pdo->exec('USE oauth2_server_php');
- $this->runPdoSql($pdo);
- }
-
- private function removeMysqlDb(\PDO $pdo)
- {
- $pdo->exec('DROP DATABASE IF EXISTS oauth2_server_php');
- }
-
- private function createPostgresDb()
- {
- if (!`psql postgres -tAc "SELECT 1 FROM pg_roles WHERE rolname='postgres'"`) {
- `createuser -s -r postgres`;
- }
-
- `createdb -O postgres oauth2_server_php`;
- }
-
- private function populatePostgresDb(\PDO $pdo)
- {
- $this->runPdoSql($pdo);
- }
-
- private function removePostgresDb()
- {
- if (trim(`psql -l | grep oauth2_server_php | wc -l`)) {
- `dropdb oauth2_server_php`;
- }
- }
-
- public function runPdoSql(\PDO $pdo)
- {
- $storage = new Pdo($pdo);
- foreach (explode(';', $storage->getBuildSql()) as $statement) {
- $result = $pdo->exec($statement);
- }
-
- // set up scopes
- $sql = 'INSERT INTO oauth_scopes (scope) VALUES (?)';
- foreach (explode(' ', 'supportedscope1 supportedscope2 supportedscope3 supportedscope4 clientscope1 clientscope2 clientscope3') as $supportedScope) {
- $pdo->prepare($sql)->execute(array($supportedScope));
- }
-
- $sql = 'INSERT INTO oauth_scopes (scope, is_default) VALUES (?, ?)';
- foreach (array('defaultscope1', 'defaultscope2') as $defaultScope) {
- $pdo->prepare($sql)->execute(array($defaultScope, true));
- }
-
- // set up clients
- $sql = 'INSERT INTO oauth_clients (client_id, client_secret, scope, grant_types) VALUES (?, ?, ?, ?)';
- $pdo->prepare($sql)->execute(array('Test Client ID', 'TestSecret', 'clientscope1 clientscope2', null));
- $pdo->prepare($sql)->execute(array('Test Client ID 2', 'TestSecret', 'clientscope1 clientscope2 clientscope3', null));
- $pdo->prepare($sql)->execute(array('Test Default Scope Client ID', 'TestSecret', 'clientscope1 clientscope2', null));
- $pdo->prepare($sql)->execute(array('oauth_test_client', 'testpass', null, 'implicit password'));
-
- // set up misc
- $sql = 'INSERT INTO oauth_access_tokens (access_token, client_id, expires, user_id) VALUES (?, ?, ?, ?)';
- $pdo->prepare($sql)->execute(array('testtoken', 'Some Client', date('Y-m-d H:i:s', strtotime('+1 hour')), null));
- $pdo->prepare($sql)->execute(array('accesstoken-openid-connect', 'Some Client', date('Y-m-d H:i:s', strtotime('+1 hour')), 'testuser'));
-
- $sql = 'INSERT INTO oauth_authorization_codes (authorization_code, client_id, expires) VALUES (?, ?, ?)';
- $pdo->prepare($sql)->execute(array('testcode', 'Some Client', date('Y-m-d H:i:s', strtotime('+1 hour'))));
-
- $sql = 'INSERT INTO oauth_users (username, password, email, email_verified) VALUES (?, ?, ?, ?)';
- $pdo->prepare($sql)->execute(array('testuser', 'password', 'testuser@test.com', true));
-
- $sql = 'INSERT INTO oauth_public_keys (client_id, public_key, private_key, encryption_algorithm) VALUES (?, ?, ?, ?)';
- $pdo->prepare($sql)->execute(array('ClientID_One', 'client_1_public', 'client_1_private', 'RS256'));
- $pdo->prepare($sql)->execute(array('ClientID_Two', 'client_2_public', 'client_2_private', 'RS256'));
-
- $sql = 'INSERT INTO oauth_public_keys (client_id, public_key, private_key, encryption_algorithm) VALUES (?, ?, ?, ?)';
- $pdo->prepare($sql)->execute(array(null, $this->getTestPublicKey(), $this->getTestPrivateKey(), 'RS256'));
-
- $sql = 'INSERT INTO oauth_jwt (client_id, subject, public_key) VALUES (?, ?, ?)';
- $pdo->prepare($sql)->execute(array('oauth_test_client', 'test_subject', $this->getTestPublicKey()));
- }
-
- public function getSqliteDir()
- {
- return $this->configDir. '/test.sqlite';
- }
-
- public function getConfigDir()
- {
- return $this->configDir;
- }
-
- private function createCouchbaseDB(\Couchbase $db)
- {
- $db->set('oauth_clients-oauth_test_client',json_encode(array(
- 'client_id' => "oauth_test_client",
- 'client_secret' => "testpass",
- 'redirect_uri' => "http://example.com",
- 'grant_types' => 'implicit password'
- )));
-
- $db->set('oauth_access_tokens-testtoken',json_encode(array(
- 'access_token' => "testtoken",
- 'client_id' => "Some Client"
- )));
-
- $db->set('oauth_authorization_codes-testcode',json_encode(array(
- 'access_token' => "testcode",
- 'client_id' => "Some Client"
- )));
-
- $db->set('oauth_users-testuser',json_encode(array(
- 'username' => 'testuser',
- 'password' => 'password',
- 'email' => 'testuser@test.com',
- 'email_verified' => true,
- )));
-
- $db->set('oauth_jwt-oauth_test_client',json_encode(array(
- 'client_id' => 'oauth_test_client',
- 'key' => $this->getTestPublicKey(),
- 'subject' => 'test_subject',
- )));
- }
-
- private function clearCouchbase(\Couchbase $cb)
- {
- $cb->delete('oauth_authorization_codes-new-openid-code');
- $cb->delete('oauth_access_tokens-newtoken');
- $cb->delete('oauth_authorization_codes-newcode');
- $cb->delete('oauth_refresh_tokens-refreshtoken');
- }
-
- private function createMongoDb(\MongoDB $db)
- {
- $db->oauth_clients->insert(array(
- 'client_id' => "oauth_test_client",
- 'client_secret' => "testpass",
- 'redirect_uri' => "http://example.com",
- 'grant_types' => 'implicit password'
- ));
-
- $db->oauth_access_tokens->insert(array(
- 'access_token' => "testtoken",
- 'client_id' => "Some Client"
- ));
-
- $db->oauth_authorization_codes->insert(array(
- 'authorization_code' => "testcode",
- 'client_id' => "Some Client"
- ));
-
- $db->oauth_users->insert(array(
- 'username' => 'testuser',
- 'password' => 'password',
- 'email' => 'testuser@test.com',
- 'email_verified' => true,
- ));
-
- $db->oauth_jwt->insert(array(
- 'client_id' => 'oauth_test_client',
- 'key' => $this->getTestPublicKey(),
- 'subject' => 'test_subject',
- ));
- }
-
- private function createRedisDb(Redis $storage)
- {
- $storage->setClientDetails("oauth_test_client", "testpass", "http://example.com", 'implicit password');
- $storage->setAccessToken("testtoken", "Some Client", '', time() + 1000);
- $storage->setAuthorizationCode("testcode", "Some Client", '', '', time() + 1000);
- $storage->setUser("testuser", "password");
-
- $storage->setScope('supportedscope1 supportedscope2 supportedscope3 supportedscope4');
- $storage->setScope('defaultscope1 defaultscope2', null, 'default');
-
- $storage->setScope('clientscope1 clientscope2', 'Test Client ID');
- $storage->setScope('clientscope1 clientscope2', 'Test Client ID', 'default');
-
- $storage->setScope('clientscope1 clientscope2 clientscope3', 'Test Client ID 2');
- $storage->setScope('clientscope1 clientscope2', 'Test Client ID 2', 'default');
-
- $storage->setScope('clientscope1 clientscope2', 'Test Default Scope Client ID');
- $storage->setScope('clientscope1 clientscope2', 'Test Default Scope Client ID', 'default');
-
- $storage->setScope('clientscope1 clientscope2 clientscope3', 'Test Default Scope Client ID 2');
- $storage->setScope('clientscope3', 'Test Default Scope Client ID 2', 'default');
-
- $storage->setClientKey('oauth_test_client', $this->getTestPublicKey(), 'test_subject');
- }
-
- public function removeMongoDb(\MongoDB $db)
- {
- $db->drop();
- }
-
- public function getTestPublicKey()
- {
- return file_get_contents(__DIR__.'/../../../config/keys/id_rsa.pub');
- }
-
- private function getTestPrivateKey()
- {
- return file_get_contents(__DIR__.'/../../../config/keys/id_rsa');
- }
-
- public function getDynamoDbStorage()
- {
- if (!$this->dynamodb) {
- // only run once per travis build
- if (true == $this->getEnvVar('TRAVIS')) {
- if (self::DYNAMODB_PHP_VERSION != $this->getEnvVar('TRAVIS_PHP_VERSION')) {
- $this->dynamodb = new NullStorage('DynamoDb', 'Skipping for travis.ci - only run once per build');
-
- return;
- }
- }
- if (class_exists('\Aws\DynamoDb\DynamoDbClient')) {
- if ($client = $this->getDynamoDbClient()) {
- // travis runs a unique set of tables per build, to avoid conflict
- $prefix = '';
- if ($build_id = $this->getEnvVar('TRAVIS_JOB_NUMBER')) {
- $prefix = sprintf('build_%s_', $build_id);
- } else {
- if (!$this->deleteDynamoDb($client, $prefix, true)) {
- return $this->dynamodb = new NullStorage('DynamoDb', 'Timed out while waiting for DynamoDB deletion (30 seconds)');
- }
- }
- $this->createDynamoDb($client, $prefix);
- $this->populateDynamoDb($client, $prefix);
- $config = array(
- 'client_table' => $prefix.'oauth_clients',
- 'access_token_table' => $prefix.'oauth_access_tokens',
- 'refresh_token_table' => $prefix.'oauth_refresh_tokens',
- 'code_table' => $prefix.'oauth_authorization_codes',
- 'user_table' => $prefix.'oauth_users',
- 'jwt_table' => $prefix.'oauth_jwt',
- 'scope_table' => $prefix.'oauth_scopes',
- 'public_key_table' => $prefix.'oauth_public_keys',
- );
- $this->dynamodb = new DynamoDB($client, $config);
- } elseif (!$this->dynamodb) {
- $this->dynamodb = new NullStorage('DynamoDb', 'unable to connect to DynamoDB');
- }
- } else {
- $this->dynamodb = new NullStorage('DynamoDb', 'Missing DynamoDB library. Please run "composer.phar require aws/aws-sdk-php:dev-master');
- }
- }
-
- return $this->dynamodb;
- }
-
- private function getDynamoDbClient()
- {
- $config = array();
- // check for environment variables
- if (($key = $this->getEnvVar('AWS_ACCESS_KEY_ID')) && ($secret = $this->getEnvVar('AWS_SECRET_KEY'))) {
- $config['key'] = $key;
- $config['secret'] = $secret;
- } else {
- // fall back on ~/.aws/credentials file
- // @see http://docs.aws.amazon.com/aws-sdk-php/guide/latest/credentials.html#credential-profiles
- if (!file_exists($this->getEnvVar('HOME') . '/.aws/credentials')) {
- $this->dynamodb = new NullStorage('DynamoDb', 'No aws credentials file found, and no AWS_ACCESS_KEY_ID or AWS_SECRET_KEY environment variable set');
-
- return;
- }
-
- // set profile in AWS_PROFILE environment variable, defaults to "default"
- $config['profile'] = $this->getEnvVar('AWS_PROFILE', 'default');
- }
-
- // set region in AWS_REGION environment variable, defaults to "us-east-1"
- $config['region'] = $this->getEnvVar('AWS_REGION', \Aws\Common\Enum\Region::US_EAST_1);
-
- return \Aws\DynamoDb\DynamoDbClient::factory($config);
- }
-
- private function deleteDynamoDb(\Aws\DynamoDb\DynamoDbClient $client, $prefix = null, $waitForDeletion = false)
- {
- $tablesList = explode(' ', 'oauth_access_tokens oauth_authorization_codes oauth_clients oauth_jwt oauth_public_keys oauth_refresh_tokens oauth_scopes oauth_users');
- $nbTables = count($tablesList);
-
- // Delete all table.
- foreach ($tablesList as $key => $table) {
- try {
- $client->deleteTable(array('TableName' => $prefix.$table));
- } catch (\Aws\DynamoDb\Exception\DynamoDbException $e) {
- // Table does not exist : nothing to do
- }
- }
-
- // Wait for deleting
- if ($waitForDeletion) {
- $retries = 5;
- $nbTableDeleted = 0;
- while ($nbTableDeleted != $nbTables) {
- $nbTableDeleted = 0;
- foreach ($tablesList as $key => $table) {
- try {
- $result = $client->describeTable(array('TableName' => $prefix.$table));
- } catch (\Aws\DynamoDb\Exception\DynamoDbException $e) {
- // Table does not exist : nothing to do
- $nbTableDeleted++;
- }
- }
- if ($nbTableDeleted != $nbTables) {
- if ($retries < 0) {
- // we are tired of waiting
- return false;
- }
- sleep(5);
- echo "Sleeping 5 seconds for DynamoDB ($retries more retries)...\n";
- $retries--;
- }
- }
- }
-
- return true;
- }
-
- private function createDynamoDb(\Aws\DynamoDb\DynamoDbClient $client, $prefix = null)
- {
- $tablesList = explode(' ', 'oauth_access_tokens oauth_authorization_codes oauth_clients oauth_jwt oauth_public_keys oauth_refresh_tokens oauth_scopes oauth_users');
- $nbTables = count($tablesList);
- $client->createTable(array(
- 'TableName' => $prefix.'oauth_access_tokens',
- 'AttributeDefinitions' => array(
- array('AttributeName' => 'access_token','AttributeType' => 'S')
- ),
- 'KeySchema' => array(array('AttributeName' => 'access_token','KeyType' => 'HASH')),
- 'ProvisionedThroughput' => array('ReadCapacityUnits' => 1,'WriteCapacityUnits' => 1)
- ));
-
- $client->createTable(array(
- 'TableName' => $prefix.'oauth_authorization_codes',
- 'AttributeDefinitions' => array(
- array('AttributeName' => 'authorization_code','AttributeType' => 'S')
- ),
- 'KeySchema' => array(array('AttributeName' => 'authorization_code','KeyType' => 'HASH')),
- 'ProvisionedThroughput' => array('ReadCapacityUnits' => 1,'WriteCapacityUnits' => 1)
- ));
-
- $client->createTable(array(
- 'TableName' => $prefix.'oauth_clients',
- 'AttributeDefinitions' => array(
- array('AttributeName' => 'client_id','AttributeType' => 'S')
- ),
- 'KeySchema' => array(array('AttributeName' => 'client_id','KeyType' => 'HASH')),
- 'ProvisionedThroughput' => array('ReadCapacityUnits' => 1,'WriteCapacityUnits' => 1)
- ));
-
- $client->createTable(array(
- 'TableName' => $prefix.'oauth_jwt',
- 'AttributeDefinitions' => array(
- array('AttributeName' => 'client_id','AttributeType' => 'S'),
- array('AttributeName' => 'subject','AttributeType' => 'S')
- ),
- 'KeySchema' => array(
- array('AttributeName' => 'client_id','KeyType' => 'HASH'),
- array('AttributeName' => 'subject','KeyType' => 'RANGE')
- ),
- 'ProvisionedThroughput' => array('ReadCapacityUnits' => 1,'WriteCapacityUnits' => 1)
- ));
-
- $client->createTable(array(
- 'TableName' => $prefix.'oauth_public_keys',
- 'AttributeDefinitions' => array(
- array('AttributeName' => 'client_id','AttributeType' => 'S')
- ),
- 'KeySchema' => array(array('AttributeName' => 'client_id','KeyType' => 'HASH')),
- 'ProvisionedThroughput' => array('ReadCapacityUnits' => 1,'WriteCapacityUnits' => 1)
- ));
-
- $client->createTable(array(
- 'TableName' => $prefix.'oauth_refresh_tokens',
- 'AttributeDefinitions' => array(
- array('AttributeName' => 'refresh_token','AttributeType' => 'S')
- ),
- 'KeySchema' => array(array('AttributeName' => 'refresh_token','KeyType' => 'HASH')),
- 'ProvisionedThroughput' => array('ReadCapacityUnits' => 1,'WriteCapacityUnits' => 1)
- ));
-
- $client->createTable(array(
- 'TableName' => $prefix.'oauth_scopes',
- 'AttributeDefinitions' => array(
- array('AttributeName' => 'scope','AttributeType' => 'S'),
- array('AttributeName' => 'is_default','AttributeType' => 'S')
- ),
- 'KeySchema' => array(array('AttributeName' => 'scope','KeyType' => 'HASH')),
- 'GlobalSecondaryIndexes' => array(
- array(
- 'IndexName' => 'is_default-index',
- 'KeySchema' => array(array('AttributeName' => 'is_default', 'KeyType' => 'HASH')),
- 'Projection' => array('ProjectionType' => 'ALL'),
- 'ProvisionedThroughput' => array('ReadCapacityUnits' => 1,'WriteCapacityUnits' => 1)
- ),
- ),
- 'ProvisionedThroughput' => array('ReadCapacityUnits' => 1,'WriteCapacityUnits' => 1)
- ));
-
- $client->createTable(array(
- 'TableName' => $prefix.'oauth_users',
- 'AttributeDefinitions' => array(array('AttributeName' => 'username','AttributeType' => 'S')),
- 'KeySchema' => array(array('AttributeName' => 'username','KeyType' => 'HASH')),
- 'ProvisionedThroughput' => array('ReadCapacityUnits' => 1,'WriteCapacityUnits' => 1)
- ));
-
- // Wait for creation
- $nbTableCreated = 0;
- while ($nbTableCreated != $nbTables) {
- $nbTableCreated = 0;
- foreach ($tablesList as $key => $table) {
- try {
- $result = $client->describeTable(array('TableName' => $prefix.$table));
- if ($result['Table']['TableStatus'] == 'ACTIVE') {
- $nbTableCreated++;
- }
- } catch (\Aws\DynamoDb\Exception\DynamoDbException $e) {
- // Table does not exist : nothing to do
- $nbTableCreated++;
- }
- }
- if ($nbTableCreated != $nbTables) {
- sleep(1);
- }
- }
- }
-
- private function populateDynamoDb($client, $prefix = null)
- {
- // set up scopes
- foreach (explode(' ', 'supportedscope1 supportedscope2 supportedscope3 supportedscope4 clientscope1 clientscope2 clientscope3') as $supportedScope) {
- $client->putItem(array(
- 'TableName' => $prefix.'oauth_scopes',
- 'Item' => array('scope' => array('S' => $supportedScope))
- ));
- }
-
- foreach (array('defaultscope1', 'defaultscope2') as $defaultScope) {
- $client->putItem(array(
- 'TableName' => $prefix.'oauth_scopes',
- 'Item' => array('scope' => array('S' => $defaultScope), 'is_default' => array('S' => "true"))
- ));
- }
-
- $client->putItem(array(
- 'TableName' => $prefix.'oauth_clients',
- 'Item' => array(
- 'client_id' => array('S' => 'Test Client ID'),
- 'client_secret' => array('S' => 'TestSecret'),
- 'scope' => array('S' => 'clientscope1 clientscope2')
- )
- ));
-
- $client->putItem(array(
- 'TableName' => $prefix.'oauth_clients',
- 'Item' => array(
- 'client_id' => array('S' => 'Test Client ID 2'),
- 'client_secret' => array('S' => 'TestSecret'),
- 'scope' => array('S' => 'clientscope1 clientscope2 clientscope3')
- )
- ));
-
- $client->putItem(array(
- 'TableName' => $prefix.'oauth_clients',
- 'Item' => array(
- 'client_id' => array('S' => 'Test Default Scope Client ID'),
- 'client_secret' => array('S' => 'TestSecret'),
- 'scope' => array('S' => 'clientscope1 clientscope2')
- )
- ));
-
- $client->putItem(array(
- 'TableName' => $prefix.'oauth_clients',
- 'Item' => array(
- 'client_id' => array('S' => 'oauth_test_client'),
- 'client_secret' => array('S' => 'testpass'),
- 'grant_types' => array('S' => 'implicit password')
- )
- ));
-
- $client->putItem(array(
- 'TableName' => $prefix.'oauth_access_tokens',
- 'Item' => array(
- 'access_token' => array('S' => 'testtoken'),
- 'client_id' => array('S' => 'Some Client'),
- )
- ));
-
- $client->putItem(array(
- 'TableName' => $prefix.'oauth_access_tokens',
- 'Item' => array(
- 'access_token' => array('S' => 'accesstoken-openid-connect'),
- 'client_id' => array('S' => 'Some Client'),
- 'user_id' => array('S' => 'testuser'),
- )
- ));
-
- $client->putItem(array(
- 'TableName' => $prefix.'oauth_authorization_codes',
- 'Item' => array(
- 'authorization_code' => array('S' => 'testcode'),
- 'client_id' => array('S' => 'Some Client'),
- )
- ));
-
- $client->putItem(array(
- 'TableName' => $prefix.'oauth_users',
- 'Item' => array(
- 'username' => array('S' => 'testuser'),
- 'password' => array('S' => 'password'),
- 'email' => array('S' => 'testuser@test.com'),
- 'email_verified' => array('S' => 'true'),
- )
- ));
-
- $client->putItem(array(
- 'TableName' => $prefix.'oauth_public_keys',
- 'Item' => array(
- 'client_id' => array('S' => 'ClientID_One'),
- 'public_key' => array('S' => 'client_1_public'),
- 'private_key' => array('S' => 'client_1_private'),
- 'encryption_algorithm' => array('S' => 'RS256'),
- )
- ));
-
- $client->putItem(array(
- 'TableName' => $prefix.'oauth_public_keys',
- 'Item' => array(
- 'client_id' => array('S' => 'ClientID_Two'),
- 'public_key' => array('S' => 'client_2_public'),
- 'private_key' => array('S' => 'client_2_private'),
- 'encryption_algorithm' => array('S' => 'RS256'),
- )
- ));
-
- $client->putItem(array(
- 'TableName' => $prefix.'oauth_public_keys',
- 'Item' => array(
- 'client_id' => array('S' => '0'),
- 'public_key' => array('S' => $this->getTestPublicKey()),
- 'private_key' => array('S' => $this->getTestPrivateKey()),
- 'encryption_algorithm' => array('S' => 'RS256'),
- )
- ));
-
- $client->putItem(array(
- 'TableName' => $prefix.'oauth_jwt',
- 'Item' => array(
- 'client_id' => array('S' => 'oauth_test_client'),
- 'subject' => array('S' => 'test_subject'),
- 'public_key' => array('S' => $this->getTestPublicKey()),
- )
- ));
- }
-
- public function cleanupTravisDynamoDb($prefix = null)
- {
- if (is_null($prefix)) {
- // skip this when not applicable
- if (!$this->getEnvVar('TRAVIS') || self::DYNAMODB_PHP_VERSION != $this->getEnvVar('TRAVIS_PHP_VERSION')) {
- return;
- }
-
- $prefix = sprintf('build_%s_', $this->getEnvVar('TRAVIS_JOB_NUMBER'));
- }
-
- $client = $this->getDynamoDbClient();
- $this->deleteDynamoDb($client, $prefix);
- }
-
- private function getEnvVar($var, $default = null)
- {
- return isset($_SERVER[$var]) ? $_SERVER[$var] : (getenv($var) ?: $default);
- }
-}
diff --git a/library/oauth2/test/lib/OAuth2/Storage/NullStorage.php b/library/oauth2/test/lib/OAuth2/Storage/NullStorage.php
deleted file mode 100644
index 6caa62068..000000000
--- a/library/oauth2/test/lib/OAuth2/Storage/NullStorage.php
+++ /dev/null
@@ -1,32 +0,0 @@
-<?php
-
-namespace OAuth2\Storage;
-
-/**
-*
-*/
-class NullStorage extends Memory
-{
- private $name;
- private $description;
-
- public function __construct($name, $description = null)
- {
- $this->name = $name;
- $this->description = $description;
- }
-
- public function __toString()
- {
- return $this->name;
- }
-
- public function getMessage()
- {
- if ($this->description) {
- return $this->description;
- }
-
- return $this->name;
- }
-}