source: branches/2.4/prototype/rest/oauth/OAuth2StorageUserCredential.php @ 6754

Revision 6754, 8.0 KB checked in by niltonneto, 12 years ago (diff)

Ticket #0000 - Copiadas as alterações do Trunk. Versão final da 2.4.1.
  • Property svn:executable set to *
Line 
1<?php
2
3require ROOTPATH . '/library/oauth2/lib/OAuth2.php';
4require ROOTPATH . '/library/oauth2/lib/IOAuth2Storage.php';
5require ROOTPATH . '/library/oauth2/lib/IOAuth2GrantCode.php';
6require ROOTPATH . '/library/oauth2/lib/IOAuth2RefreshTokens.php';
7
8require ROOTPATH . '/library/oauth2/lib/IOAuth2GrantUser.php';
9
10
11class OAuth2StorageUserCredential implements IOAuth2GrantUser, IOAuth2RefreshTokens {
12
13        public function checkUserCredentials($client_id, $username, $password) {
14           
15                //Authentica no LDAP
16                $usuario =  Controller::find(array('concept'=>'user' , 'service' => 'OpenLDAP'), false , array('filter' => array('AND', array('=' , 'uid' , $username ), array('=' , 'password', '{md5}' . base64_encode(pack("H*",md5($password))))  ) ));
17
18                if(isset($usuario[0]['id']))
19                {
20                    return array('scope' => 'all' , 'user_id' => $usuario[0]['id']);
21                }
22
23                return false;
24        }
25       
26        /**
27         * Make sure that the client credentials is valid.
28         *
29         * @param $client_id
30         * Client identifier to be check with.
31         * @param $client_secret
32         * (optional) If a secret is required, check that they've given the right one.
33         *
34         * @return
35         * TRUE if the client credentials are valid, and MUST return FALSE if it isn't.
36         * @endcode
37         *
38         * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-3.1
39         *
40         * @ingroup oauth2_section_3
41         */
42        public function checkClientCredentials($client_id, $client_secret = NULL) {
43                if($client_secret == NULL) {
44                        return false;
45                }
46
47                $res =  Controller::find(array('concept' => 'oauthCliente'), array('client_secret') , array('filter' => array('=' , 'client_id' , $client_id)) );
48
49                if(isset($res[0]['client_secret']) && $res[0]['client_secret'] == $client_secret) {
50                        return true;
51                }
52                else {
53                        return false;
54                }
55        }
56
57        /**
58         * Get client details corresponding client_id.
59         *
60         * OAuth says we should store request URIs for each registered client.
61         * Implement this function to grab the stored URI for a given client id.
62         *
63         * @param $client_id
64         * Client identifier to be check with.
65         *
66         * @return array
67         * Client details. Only mandatory item is the "registered redirect URI", and MUST
68         * return FALSE if the given client does not exist or is invalid.
69         *
70         * @ingroup oauth2_section_4
71         */
72        public function getClientDetails($client_id) {
73                $res =  Controller::find(array('concept' => 'oauthCliente'), array('redirect_uri') , array('filter' => array('=' , 'client_id' , $client_id)));
74                if(isset($res[0]['redirect_uri'])) {
75                        return $res[0]['redirect_uri'];
76                }
77                else {
78                        return false;
79                }
80        }
81
82        /**
83         * Look up the supplied oauth_token from storage.
84         *
85         * We need to retrieve access token data as we create and verify tokens.
86         *
87         * @param $oauth_token
88         * oauth_token to be check with.
89         *
90         * @return
91         * An associative array as below, and return NULL if the supplied oauth_token
92         * is invalid:
93         * - client_id: Stored client identifier.
94         * - expires: Stored expiration in unix timestamp.
95         * - scope: (optional) Stored scope values in space-separated string.
96         *
97         * @ingroup oauth2_section_7
98         */
99        public function getAccessToken($oauth_token) {
100                return $this->getToken($oauth_token, false);
101        }
102
103        /**
104         * Take the provided refresh token values and store them somewhere.
105         *
106         * This function should be the storage counterpart to getRefreshToken().
107         *
108         * If storage fails for some reason, we're not currently checking for
109         * any sort of success/failure, so you should bail out of the script
110         * and provide a descriptive fail message.
111         *
112         * Required for OAuth2::GRANT_TYPE_REFRESH_TOKEN.
113         *
114         * @param $refresh_token
115         * Refresh token to be stored.
116         * @param $client_id
117         * Client identifier to be stored.
118         * @param $expires
119         * expires to be stored.
120         * @param $scope
121         * (optional) Scopes to be stored in space-separated string.
122         *
123         * @ingroup oauth2_section_6
124         */
125        public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = NULL) {
126               
127                $data = array();
128                $data['refresh_token']  = $refresh_token;
129                $data['client_id'] = $client_id;
130                $data['user_id'] = $user_id;
131                $data['expires'] = $expires;
132                $data['scope'] = $scope;
133
134                Controller::create(array('concept' => 'oauthRefreshToken'), $data);
135        }
136       
137        /**
138         * Store the supplied access token values to storage.
139         *
140         * We need to store access token data as we create and verify tokens.
141         *
142         * @param $oauth_token
143         * oauth_token to be stored.
144         * @param $client_id
145         * Client identifier to be stored.
146         * @param $user_id
147         * User identifier to be stored.
148         * @param $expires
149         * Expiration to be stored.
150         * @param $scope
151         * (optional) Scopes to be stored in space-separated string.
152         *
153         * @ingroup oauth2_section_4
154         */
155        public function setAccessToken($oauth_token, $client_id, $user_id, $expires, $scope = NULL, $refresh_token) {
156           
157                $data = array();
158                $data['oauth_token']  = $oauth_token;
159                $data['client_id'] = $client_id;
160                $data['user_id'] = $user_id;
161                $data['expires'] = $expires;
162                $data['scope'] = $scope;
163                $data['refresh_token'] = $refresh_token;
164               
165                Controller::create(array('concept' => 'oauthToken'), $data);
166
167        }
168
169        /**
170         * Check restricted grant types of corresponding client identifier.
171         *
172         * If you want to restrict clients to certain grant types, override this
173         * function.
174         *
175         * @param $client_id
176         * Client identifier to be check with.
177         * @param $grant_type
178         * Grant type to be check with, would be one of the values contained in
179         * OAuth2::GRANT_TYPE_REGEXP.
180         *
181         * @return
182         * TRUE if the grant type is supported by this client identifier, and
183         * FALSE if it isn't.
184         *
185         * @ingroup oauth2_section_4
186         */
187        public function checkRestrictedGrantType($client_id, $grant_type) {
188                /*TODO: essa função deve verificar se o cliente tem permissao para realizar o login via 'password'
189                 * deixe para implementar no prox. sprint, quando trataremos de seguranca. Deve-se criar um campo extra no banco para guardar quais tipos
190                 * de grant_type o cliente esta autorizado a fazer
191                */
192
193                return true;           
194        }
195
196        /**
197         * Grant refresh access tokens.
198         *
199         * Retrieve the stored data for the given refresh token.
200         *
201         * Required for OAuth2::GRANT_TYPE_REFRESH_TOKEN.
202         *
203         * @param $refresh_token
204         * Refresh token to be check with.
205         *
206         * @return
207         * An associative array as below, and NULL if the refresh_token is
208         * invalid:
209         * - client_id: Stored client identifier.
210         * - expires: Stored expiration unix timestamp.
211         * - scope: (optional) Stored scope values in space-separated string.
212         *
213         * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-6
214         *
215         * @ingroup oauth2_section_6
216         */
217        public function getRefreshToken($refresh_token) {
218                return $this->getToken($refresh_token, true);
219        }
220
221        /**
222         * Expire a used refresh token.
223         *
224         * This is not explicitly required in the spec, but is almost implied.
225         * After granting a new refresh token, the old one is no longer useful and
226         * so should be forcibly expired in the data store so it can't be used again.
227         *
228         * If storage fails for some reason, we're not currently checking for
229         * any sort of success/failure, so you should bail out of the script
230         * and provide a descriptive fail message.
231         *
232         * @param $refresh_token
233         * Refresh token to be expirse.
234         *
235         * @ingroup oauth2_section_6
236         */
237        public function unsetRefreshToken($refresh_token) {
238                Controller::delete(
239                        array('concept' => 'oauthRefreshToken'),
240                        false,
241                        array('filter' => array('=', 'refresh_token', $refresh_token ))
242                );
243        }
244        public function unsetAccessToken($refresh_token) {
245                Controller::delete(
246                        array('concept' => 'oauthToken'),
247                        false,
248                        array('filter' => array('=', 'oauth_token', $refresh_token ))
249                );
250        }
251
252        /**
253         * Retrieves an access or refresh token.
254         *
255         * @param string $token
256         * @param bool $refresh
257         */
258        protected function getToken($token, $isRefresh = true) {
259
260                $tokenConcept = $isRefresh ? 'oauthRefreshToken' : 'oauthToken';
261                $filter =  $isRefresh ? 'refresh_token' : 'oauth_token';
262               
263                $res = Controller::find(
264                        array('concept' => $tokenConcept),
265                        false,
266                        array('filter' => array('=' , $filter , $token))
267                );
268
269                /*return (!empty($res[0]))? $res[0] : false;*/
270                if(!empty($res[0])) {
271                        return $res[0];
272                }
273                else {
274                        return false;
275                }
276        }
277}
278
279
Note: See TracBrowser for help on using the repository browser.