1 | <?php |
---|
2 | |
---|
3 | /** |
---|
4 | * @file |
---|
5 | * Sample OAuth2 Library Mongo DB Implementation. |
---|
6 | * |
---|
7 | */ |
---|
8 | |
---|
9 | require __DIR__ . '/../../../../lib/OAuth2.php'; |
---|
10 | require __DIR__ . '/../../../../lib/IOAuth2Storage.php'; |
---|
11 | require __DIR__ . '/../../../../lib/IOAuth2GrantCode.php'; |
---|
12 | require __DIR__ . '/../../../../lib/IOAuth2RefreshTokens.php'; |
---|
13 | |
---|
14 | /** |
---|
15 | * WARNING: This example file has not been kept up to date like the PDO example has. |
---|
16 | * FIXME: Update the Mongo examples |
---|
17 | * |
---|
18 | * Mongo storage engine for the OAuth2 Library. |
---|
19 | */ |
---|
20 | class OAuth2StorageMongo implements IOAuth2GrantCode, IOAuth2RefreshTokens { |
---|
21 | |
---|
22 | /** |
---|
23 | * Change this to something unique for your system |
---|
24 | * @var string |
---|
25 | */ |
---|
26 | const SALT = 'CHANGE_ME!'; |
---|
27 | |
---|
28 | const CONNECTION = 'mongodb://user:pass@mongoserver/mydb'; |
---|
29 | const DB = 'mydb'; |
---|
30 | |
---|
31 | /** |
---|
32 | * @var Mongo |
---|
33 | */ |
---|
34 | private $db; |
---|
35 | |
---|
36 | /** |
---|
37 | * Implements OAuth2::__construct(). |
---|
38 | */ |
---|
39 | public function __construct(PDO $db) { |
---|
40 | |
---|
41 | $mongo = new Mongo(self::CONNECTION); |
---|
42 | $this->db = $mongo->selectDB(self::DB); |
---|
43 | } |
---|
44 | |
---|
45 | /** |
---|
46 | * Release DB connection during destruct. |
---|
47 | */ |
---|
48 | function __destruct() { |
---|
49 | $this->db = NULL; // Release db connection |
---|
50 | } |
---|
51 | |
---|
52 | /** |
---|
53 | * Handle PDO exceptional cases. |
---|
54 | */ |
---|
55 | private function handleException($e) { |
---|
56 | echo 'Database error: ' . $e->getMessage(); |
---|
57 | exit(); |
---|
58 | } |
---|
59 | |
---|
60 | /** |
---|
61 | * Little helper function to add a new client to the database. |
---|
62 | * |
---|
63 | * @param $client_id |
---|
64 | * Client identifier to be stored. |
---|
65 | * @param $client_secret |
---|
66 | * Client secret to be stored. |
---|
67 | * @param $redirect_uri |
---|
68 | * Redirect URI to be stored. |
---|
69 | */ |
---|
70 | public function addClient($client_id, $client_secret, $redirect_uri) { |
---|
71 | $this->db->clients->insert(array("_id" => $client_id, "pw" => $this->hash($client_secret, $client_id), "redirect_uri" => $redirect_uri)); |
---|
72 | } |
---|
73 | |
---|
74 | /** |
---|
75 | * Implements IOAuth2Storage::checkClientCredentials(). |
---|
76 | * |
---|
77 | */ |
---|
78 | public function checkClientCredentials($client_id, $client_secret = NULL) { |
---|
79 | $client = $this->db->clients->findOne(array("_id" => $client_id, "pw" => $client_secret)); |
---|
80 | return $this->checkPassword($client_secret, $result['client_secret'], $client_id); |
---|
81 | } |
---|
82 | |
---|
83 | /** |
---|
84 | * Implements IOAuth2Storage::getRedirectUri(). |
---|
85 | */ |
---|
86 | public function getClientDetails($client_id) { |
---|
87 | $result = $this->db->clients->findOne(array("_id" => $client_id), array("redirect_uri")); |
---|
88 | } |
---|
89 | |
---|
90 | /** |
---|
91 | * Implements IOAuth2Storage::getAccessToken(). |
---|
92 | */ |
---|
93 | public function getAccessToken($oauth_token) { |
---|
94 | return $this->db->tokens->findOne(array("_id" => $oauth_token)); |
---|
95 | } |
---|
96 | |
---|
97 | /** |
---|
98 | * Implements IOAuth2Storage::setAccessToken(). |
---|
99 | */ |
---|
100 | public function setAccessToken($oauth_token, $client_id, $user_id, $expires, $scope = NULL) { |
---|
101 | $this->db->tokens->insert(array("_id" => $oauth_token, "client_id" => $client_id, "expires" => $expires, "scope" => $scope)); |
---|
102 | } |
---|
103 | |
---|
104 | /** |
---|
105 | * @see IOAuth2Storage::getRefreshToken() |
---|
106 | */ |
---|
107 | public function getRefreshToken($refresh_token) { |
---|
108 | return $this->getToken($refresh_token, TRUE); |
---|
109 | } |
---|
110 | |
---|
111 | /** |
---|
112 | * @see IOAuth2Storage::setRefreshToken() |
---|
113 | */ |
---|
114 | public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = NULL) { |
---|
115 | return $this->setToken($refresh_token, $client_id, $user_id, $expires, $scope, TRUE); |
---|
116 | } |
---|
117 | |
---|
118 | /** |
---|
119 | * @see IOAuth2Storage::unsetRefreshToken() |
---|
120 | */ |
---|
121 | public function unsetRefreshToken($refresh_token) { |
---|
122 | try { |
---|
123 | $sql = 'DELETE FROM ' . self::TABLE_TOKENS . ' WHERE refresh_token = :refresh_token'; |
---|
124 | $stmt = $this->db->prepare($sql); |
---|
125 | $stmt->bindParam(':refresh_token', $refresh_token, PDO::PARAM_STR); |
---|
126 | $stmt->execute(); |
---|
127 | } catch (PDOException $e) { |
---|
128 | $this->handleException($e); |
---|
129 | } |
---|
130 | } |
---|
131 | |
---|
132 | /** |
---|
133 | * Implements IOAuth2Storage::getAuthCode(). |
---|
134 | */ |
---|
135 | public function getAuthCode($code) { |
---|
136 | $stored_code = $this->db->auth_codes->findOne(array("_id" => $code)); |
---|
137 | return $stored_code !== NULL ? $stored_code : FALSE; |
---|
138 | } |
---|
139 | |
---|
140 | /** |
---|
141 | * Implements IOAuth2Storage::setAuthCode(). |
---|
142 | */ |
---|
143 | public function setAuthCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = NULL) { |
---|
144 | $this->db->auth_codes->insert(array("_id" => $code, "client_id" => $client_id, "redirect_uri" => $redirect_uri, "expires" => $expires, "scope" => $scope)); |
---|
145 | } |
---|
146 | |
---|
147 | /** |
---|
148 | * @see IOAuth2Storage::checkRestrictedGrantType() |
---|
149 | */ |
---|
150 | public function checkRestrictedGrantType($client_id, $grant_type) { |
---|
151 | return TRUE; // Not implemented |
---|
152 | } |
---|
153 | |
---|
154 | /** |
---|
155 | * Change/override this to whatever your own password hashing method is. |
---|
156 | * |
---|
157 | * @param string $secret |
---|
158 | * @return string |
---|
159 | */ |
---|
160 | protected function hash($client_secret, $client_id) { |
---|
161 | return hash('blowfish', $client_id . $client_secret . self::SALT); |
---|
162 | } |
---|
163 | |
---|
164 | /** |
---|
165 | * Checks the password. |
---|
166 | * Override this if you need to |
---|
167 | * |
---|
168 | * @param string $client_id |
---|
169 | * @param string $client_secret |
---|
170 | * @param string $actualPassword |
---|
171 | */ |
---|
172 | protected function checkPassword($try, $client_secret, $client_id) { |
---|
173 | return $try == $this->hash($client_secret, $client_id); |
---|
174 | } |
---|
175 | } |
---|