diff options
Diffstat (limited to 'vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType')
6 files changed, 112 insertions, 64 deletions
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AccessToken.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AccessToken.php index 98f51218f..e836a3447 100644 --- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AccessToken.php +++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AccessToken.php @@ -4,28 +4,39 @@ namespace OAuth2\ResponseType; use OAuth2\Storage\AccessTokenInterface as AccessTokenStorageInterface; use OAuth2\Storage\RefreshTokenInterface; +use RuntimeException; /** - * * @author Brent Shaffer <bshafs at gmail dot com> */ class AccessToken implements AccessTokenInterface { + /** + * @var AccessTokenInterface + */ protected $tokenStorage; + + /** + * @var RefreshTokenInterface + */ protected $refreshStorage; + + /** + * @var array + */ protected $config; /** - * @param OAuth2\Storage\AccessTokenInterface $tokenStorage REQUIRED Storage class for saving access token information - * @param OAuth2\Storage\RefreshTokenInterface $refreshStorage OPTIONAL Storage class for saving refresh token information - * @param array $config OPTIONAL Configuration options for the server - * <code> - * $config = array( - * 'token_type' => 'bearer', // token type identifier - * 'access_lifetime' => 3600, // time before access token expires - * 'refresh_token_lifetime' => 1209600, // time before refresh token expires - * ); - * </endcode> + * @param AccessTokenStorageInterface $tokenStorage - REQUIRED Storage class for saving access token information + * @param RefreshTokenInterface $refreshStorage - OPTIONAL Storage class for saving refresh token information + * @param array $config - OPTIONAL Configuration options for the server + * @code + * $config = array( + * 'token_type' => 'bearer', // token type identifier + * 'access_lifetime' => 3600, // time before access token expires + * 'refresh_token_lifetime' => 1209600, // time before refresh token expires + * ); + * @endcode */ public function __construct(AccessTokenStorageInterface $tokenStorage, RefreshTokenInterface $refreshStorage = null, array $config = array()) { @@ -39,6 +50,13 @@ class AccessToken implements AccessTokenInterface ), $config); } + /** + * Get authorize response + * + * @param array $params + * @param mixed $user_id + * @return array + */ public function getAuthorizeResponse($params, $user_id = null) { // build the URL to redirect to @@ -64,10 +82,11 @@ class AccessToken implements AccessTokenInterface /** * Handle the creation of access token, also issue refresh token if supported / desirable. * - * @param $client_id client identifier related to the access token. - * @param $user_id user ID associated with the access token - * @param $scope OPTIONAL scopes to be stored in space-separated string. - * @param bool $includeRefreshToken if true, a new refresh_token will be added to the response + * @param mixed $client_id - client identifier related to the access token. + * @param mixed $user_id - user ID associated with the access token + * @param string $scope - OPTIONAL scopes to be stored in space-separated string. + * @param bool $includeRefreshToken - if true, a new refresh_token will be added to the response + * @return array * * @see http://tools.ietf.org/html/rfc6749#section-5 * @ingroup oauth2_section_5 @@ -107,13 +126,18 @@ class AccessToken implements AccessTokenInterface * Implementing classes may want to override this function to implement * other access token generation schemes. * - * @return - * An unique access token. + * @return string - A unique access token. * * @ingroup oauth2_section_4 */ protected function generateAccessToken() { + if (function_exists('random_bytes')) { + $randomData = random_bytes(20); + if ($randomData !== false && strlen($randomData) === 20) { + return bin2hex($randomData); + } + } if (function_exists('openssl_random_pseudo_bytes')) { $randomData = openssl_random_pseudo_bytes(20); if ($randomData !== false && strlen($randomData) === 20) { @@ -144,8 +168,7 @@ class AccessToken implements AccessTokenInterface * Implementing classes may want to override this function to implement * other refresh token generation schemes. * - * @return - * An unique refresh. + * @return string - A unique refresh token. * * @ingroup oauth2_section_4 * @see OAuth2::generateAccessToken() @@ -162,6 +185,7 @@ class AccessToken implements AccessTokenInterface * * @param $token * @param null $tokenTypeHint + * @throws RuntimeException * @return boolean */ public function revokeToken($token, $tokenTypeHint = null) @@ -174,7 +198,7 @@ class AccessToken implements AccessTokenInterface /** @TODO remove in v2 */ if (!method_exists($this->tokenStorage, 'unsetAccessToken')) { - throw new \RuntimeException( + throw new RuntimeException( sprintf('Token storage %s must implement unsetAccessToken method', get_class($this->tokenStorage) )); } diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AccessTokenInterface.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AccessTokenInterface.php index 4bd3928d8..0e576df52 100644 --- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AccessTokenInterface.php +++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AccessTokenInterface.php @@ -3,7 +3,6 @@ namespace OAuth2\ResponseType; /** - * * @author Brent Shaffer <bshafs at gmail dot com> */ interface AccessTokenInterface extends ResponseTypeInterface @@ -11,10 +10,10 @@ interface AccessTokenInterface extends ResponseTypeInterface /** * Handle the creation of access token, also issue refresh token if supported / desirable. * - * @param $client_id client identifier related to the access token. - * @param $user_id user ID associated with the access token - * @param $scope OPTONAL scopes to be stored in space-separated string. - * @param bool $includeRefreshToken if true, a new refresh_token will be added to the response + * @param mixed $client_id - client identifier related to the access token. + * @param mixed $user_id - user ID associated with the access token + * @param string $scope - OPTONAL scopes to be stored in space-separated string. + * @param bool $includeRefreshToken - if true, a new refresh_token will be added to the response * * @see http://tools.ietf.org/html/rfc6749#section-5 * @ingroup oauth2_section_5 @@ -31,4 +30,4 @@ interface AccessTokenInterface extends ResponseTypeInterface * @todo v2.0 include this method in interface. Omitted to maintain BC in v1.x */ //public function revokeToken($token, $tokenTypeHint); -} +}
\ No newline at end of file diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AuthorizationCode.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AuthorizationCode.php index 52aeb4be5..b92c73cda 100644 --- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AuthorizationCode.php +++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AuthorizationCode.php @@ -5,7 +5,6 @@ namespace OAuth2\ResponseType; use OAuth2\Storage\AuthorizationCodeInterface as AuthorizationCodeStorageInterface; /** - * * @author Brent Shaffer <bshafs at gmail dot com> */ class AuthorizationCode implements AuthorizationCodeInterface @@ -85,7 +84,9 @@ class AuthorizationCode implements AuthorizationCodeInterface protected function generateAuthorizationCode() { $tokenLen = 40; - if (function_exists('openssl_random_pseudo_bytes')) { + if (function_exists('random_bytes')) { + $randomData = random_bytes(100); + } elseif (function_exists('openssl_random_pseudo_bytes')) { $randomData = openssl_random_pseudo_bytes(100); } elseif (function_exists('mcrypt_create_iv')) { $randomData = mcrypt_create_iv(100, MCRYPT_DEV_URANDOM); diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AuthorizationCodeInterface.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AuthorizationCodeInterface.php index df777e221..4f0a29df4 100644 --- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AuthorizationCodeInterface.php +++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/AuthorizationCodeInterface.php @@ -3,7 +3,6 @@ namespace OAuth2\ResponseType; /** - * * @author Brent Shaffer <bshafs at gmail dot com> */ interface AuthorizationCodeInterface extends ResponseTypeInterface @@ -17,11 +16,12 @@ interface AuthorizationCodeInterface extends ResponseTypeInterface /** * Handle the creation of the authorization code. * - * @param $client_id client identifier related to the authorization code - * @param $user_id user id associated with the authorization code - * @param $redirect_uri an absolute URI to which the authorization server will redirect the - * user-agent to when the end-user authorization step is completed. - * @param $scope OPTIONAL scopes to be stored in space-separated string. + * @param mixed $client_id - Client identifier related to the authorization code + * @param mixed $user_id - User ID associated with the authorization code + * @param string $redirect_uri - An absolute URI to which the authorization server will redirect the + * user-agent to when the end-user authorization step is completed. + * @param string $scope - OPTIONAL Scopes to be stored in space-separated string. + * @return string * * @see http://tools.ietf.org/html/rfc6749#section-4 * @ingroup oauth2_section_4 diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/JwtAccessToken.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/JwtAccessToken.php index 3942fe41e..0af9705ff 100644 --- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/JwtAccessToken.php +++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/JwtAccessToken.php @@ -10,7 +10,6 @@ use OAuth2\Storage\PublicKeyInterface; use OAuth2\Storage\Memory; /** - * * @author Brent Shaffer <bshafs at gmail dot com> */ class JwtAccessToken extends AccessToken @@ -19,10 +18,13 @@ class JwtAccessToken extends AccessToken protected $encryptionUtil; /** - * @param $config - * - store_encrypted_token_string (bool true) - * whether the entire encrypted string is stored, - * or just the token ID is stored + * @param PublicKeyInterface $publicKeyStorage - + * @param AccessTokenStorageInterface $tokenStorage - + * @param RefreshTokenInterface $refreshStorage - + * @param array $config - array with key store_encrypted_token_string (bool true) + * whether the entire encrypted string is stored, + * or just the token ID is stored + * @param EncryptionInterface $encryptionUtil - */ public function __construct(PublicKeyInterface $publicKeyStorage = null, AccessTokenStorageInterface $tokenStorage = null, RefreshTokenInterface $refreshStorage = null, array $config = array(), EncryptionInterface $encryptionUtil = null) { @@ -45,46 +47,31 @@ class JwtAccessToken extends AccessToken /** * Handle the creation of access token, also issue refresh token if supported / desirable. * - * @param $client_id - * Client identifier related to the access token. - * @param $user_id - * User ID associated with the access token - * @param $scope - * (optional) Scopes to be stored in space-separated string. - * @param bool $includeRefreshToken - * If true, a new refresh_token will be added to the response + * @param mixed $client_id - Client identifier related to the access token. + * @param mixed $user_id - User ID associated with the access token + * @param string $scope - (optional) Scopes to be stored in space-separated string. + * @param bool $includeRefreshToken - If true, a new refresh_token will be added to the response + * @return array - The access token * * @see http://tools.ietf.org/html/rfc6749#section-5 * @ingroup oauth2_section_5 */ public function createAccessToken($client_id, $user_id, $scope = null, $includeRefreshToken = true) { - // token to encrypt - $expires = time() + $this->config['access_lifetime']; - $id = $this->generateAccessToken(); - $jwtAccessToken = array( - 'id' => $id, // for BC (see #591) - 'jti' => $id, - 'iss' => $this->config['issuer'], - 'aud' => $client_id, - 'sub' => $user_id, - 'exp' => $expires, - 'iat' => time(), - 'token_type' => $this->config['token_type'], - 'scope' => $scope - ); + // payload to encrypt + $payload = $this->createPayload($client_id, $user_id, $scope); /* - * Encode the token data into a single access_token string + * Encode the payload data into a single JWT access_token string */ - $access_token = $this->encodeToken($jwtAccessToken, $client_id); + $access_token = $this->encodeToken($payload, $client_id); /* * Save the token to a secondary storage. This is implemented on the * OAuth2\Storage\JwtAccessToken side, and will not actually store anything, * if no secondary storage has been supplied */ - $token_to_store = $this->config['store_encrypted_token_string'] ? $access_token : $jwtAccessToken['id']; + $token_to_store = $this->config['store_encrypted_token_string'] ? $access_token : $payload['id']; $this->tokenStorage->setAccessToken($token_to_store, $client_id, $user_id, $this->config['access_lifetime'] ? time() + $this->config['access_lifetime'] : null, $scope); // token to return to the client @@ -114,6 +101,11 @@ class JwtAccessToken extends AccessToken return $token; } + /** + * @param array $token + * @param mixed $client_id + * @return mixed + */ protected function encodeToken(array $token, $client_id = null) { $private_key = $this->publicKeyStorage->getPrivateKey($client_id); @@ -121,4 +113,31 @@ class JwtAccessToken extends AccessToken return $this->encryptionUtil->encode($token, $private_key, $algorithm); } + + /** + * This function can be used to create custom JWT payloads + * + * @param mixed $client_id - Client identifier related to the access token. + * @param mixed $user_id - User ID associated with the access token + * @param string $scope - (optional) Scopes to be stored in space-separated string. + * @return array - The access token + */ + protected function createPayload($client_id, $user_id, $scope = null) + { + // token to encrypt + $expires = time() + $this->config['access_lifetime']; + $id = $this->generateAccessToken(); + + return array( + 'id' => $id, // for BC (see #591) + 'jti' => $id, + 'iss' => $this->config['issuer'], + 'aud' => $client_id, + 'sub' => $user_id, + 'exp' => $expires, + 'iat' => time(), + 'token_type' => $this->config['token_type'], + 'scope' => $scope + ); + } } diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/ResponseTypeInterface.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/ResponseTypeInterface.php index f8e26a5b0..a27156580 100644 --- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/ResponseTypeInterface.php +++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/ResponseType/ResponseTypeInterface.php @@ -4,5 +4,10 @@ namespace OAuth2\ResponseType; interface ResponseTypeInterface { + /** + * @param array $params + * @param mixed $user_id + * @return mixed + */ public function getAuthorizeResponse($params, $user_id = null); } |