1 : <?php
2 :
3 : require ROOTPATH . '/library/oauth2/lib/OAuth2.php';
4 : require ROOTPATH . '/library/oauth2/lib/IOAuth2Storage.php';
5 : require ROOTPATH . '/library/oauth2/lib/IOAuth2GrantCode.php';
6 : require ROOTPATH . '/library/oauth2/lib/IOAuth2RefreshTokens.php';
7 :
8 : require ROOTPATH . '/library/oauth2/lib/IOAuth2GrantUser.php';
9 :
10 :
11 : class OAuth2StorageUserCredential implements IOAuth2GrantUser, IOAuth2RefreshTokens {
12 :
13 : public function checkUserCredentials($client_id, $username, $password) {
14 :
15 : //Authentica no LDAP
16 2 : $usuario = Controller::find(array('concept'=>'user' , 'service' => 'OpenLDAP'), false , array('filter' => array('AND', array('=' , 'uid' , $username ), array('=' , 'password', '{md5}' . base64_encode(pack("H*",md5($password)))) ) ));
17 :
18 2 : if(isset($usuario[0]['id']))
19 2 : {
20 1 : return array('scope' => 'all' , 'user_id' => $usuario[0]['id']);
21 : }
22 :
23 1 : return false;
24 : }
25 :
26 : /**
27 : * Make sure that the client credentials is valid.
28 : *
29 : * @param $client_id
30 : * Client identifier to be check with.
31 : * @param $client_secret
32 : * (optional) If a secret is required, check that they've given the right one.
33 : *
34 : * @return
35 : * TRUE if the client credentials are valid, and MUST return FALSE if it isn't.
36 : * @endcode
37 : *
38 : * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-3.1
39 : *
40 : * @ingroup oauth2_section_3
41 : */
42 : public function checkClientCredentials($client_id, $client_secret = NULL) {
43 3 : if($client_secret == NULL) {
44 1 : return false;
45 : }
46 :
47 2 : $res = Controller::find(array('concept' => 'oauthCliente'), array('client_secret') , array('filter' => array('=' , 'client_id' , $client_id)) );
48 :
49 2 : if(isset($res[0]['client_secret']) && $res[0]['client_secret'] == $client_secret) {
50 1 : return true;
51 : }
52 : else {
53 1 : return false;
54 : }
55 : }
56 :
57 : /**
58 : * Get client details corresponding client_id.
59 : *
60 : * OAuth says we should store request URIs for each registered client.
61 : * Implement this function to grab the stored URI for a given client id.
62 : *
63 : * @param $client_id
64 : * Client identifier to be check with.
65 : *
66 : * @return array
67 : * Client details. Only mandatory item is the "registered redirect URI", and MUST
68 : * return FALSE if the given client does not exist or is invalid.
69 : *
70 : * @ingroup oauth2_section_4
71 : */
72 : public function getClientDetails($client_id) {
73 2 : $res = Controller::find(array('concept' => 'oauthCliente'), array('redirect_uri') , array('filter' => array('=' , 'client_id' , $client_id)));
74 2 : if(isset($res[0]['redirect_uri'])) {
75 1 : return $res[0]['redirect_uri'];
76 : }
77 : else {
78 1 : return false;
79 : }
80 : }
81 :
82 : /**
83 : * Look up the supplied oauth_token from storage.
84 : *
85 : * We need to retrieve access token data as we create and verify tokens.
86 : *
87 : * @param $oauth_token
88 : * oauth_token to be check with.
89 : *
90 : * @return
91 : * An associative array as below, and return NULL if the supplied oauth_token
92 : * is invalid:
93 : * - client_id: Stored client identifier.
94 : * - expires: Stored expiration in unix timestamp.
95 : * - scope: (optional) Stored scope values in space-separated string.
96 : *
97 : * @ingroup oauth2_section_7
98 : */
99 : public function getAccessToken($oauth_token) {
100 2 : return $this->getToken($oauth_token, false);
101 : }
102 :
103 : /**
104 : * Take the provided refresh token values and store them somewhere.
105 : *
106 : * This function should be the storage counterpart to getRefreshToken().
107 : *
108 : * If storage fails for some reason, we're not currently checking for
109 : * any sort of success/failure, so you should bail out of the script
110 : * and provide a descriptive fail message.
111 : *
112 : * Required for OAuth2::GRANT_TYPE_REFRESH_TOKEN.
113 : *
114 : * @param $refresh_token
115 : * Refresh token to be stored.
116 : * @param $client_id
117 : * Client identifier to be stored.
118 : * @param $expires
119 : * expires to be stored.
120 : * @param $scope
121 : * (optional) Scopes to be stored in space-separated string.
122 : *
123 : * @ingroup oauth2_section_6
124 : */
125 : public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = NULL) {
126 :
127 12 : $data = array();
128 12 : $data['refresh_token'] = $refresh_token;
129 12 : $data['client_id'] = $client_id;
130 12 : $data['user_id'] = $user_id;
131 12 : $data['expires'] = $expires;
132 12 : $data['scope'] = $scope;
133 :
134 12 : Controller::create(array('concept' => 'oauthRefreshToken'), $data);
135 12 : }
136 :
137 : /**
138 : * Store the supplied access token values to storage.
139 : *
140 : * We need to store access token data as we create and verify tokens.
141 : *
142 : * @param $oauth_token
143 : * oauth_token to be stored.
144 : * @param $client_id
145 : * Client identifier to be stored.
146 : * @param $user_id
147 : * User identifier to be stored.
148 : * @param $expires
149 : * Expiration to be stored.
150 : * @param $scope
151 : * (optional) Scopes to be stored in space-separated string.
152 : *
153 : * @ingroup oauth2_section_4
154 : */
155 : public function setAccessToken($oauth_token, $client_id, $user_id, $expires, $scope = NULL, $refresh_token) {
156 :
157 12 : $data = array();
158 12 : $data['oauth_token'] = $oauth_token;
159 12 : $data['client_id'] = $client_id;
160 12 : $data['user_id'] = $user_id;
161 12 : $data['expires'] = $expires;
162 12 : $data['scope'] = $scope;
163 12 : $data['refresh_token'] = $refresh_token;
164 :
165 12 : Controller::create(array('concept' => 'oauthToken'), $data);
166 :
167 12 : }
168 :
169 : /**
170 : * Check restricted grant types of corresponding client identifier.
171 : *
172 : * If you want to restrict clients to certain grant types, override this
173 : * function.
174 : *
175 : * @param $client_id
176 : * Client identifier to be check with.
177 : * @param $grant_type
178 : * Grant type to be check with, would be one of the values contained in
179 : * OAuth2::GRANT_TYPE_REGEXP.
180 : *
181 : * @return
182 : * TRUE if the grant type is supported by this client identifier, and
183 : * FALSE if it isn't.
184 : *
185 : * @ingroup oauth2_section_4
186 : */
187 : public function checkRestrictedGrantType($client_id, $grant_type) {
188 : /*TODO: essa função deve verificar se o cliente tem permissao para realizar o login via 'password'
189 : * deixe para implementar no prox. sprint, quando trataremos de seguranca. Deve-se criar um campo extra no banco para guardar quais tipos
190 : * de grant_type o cliente esta autorizado a fazer
191 : */
192 :
193 1 : return true;
194 : }
195 :
196 : /**
197 : * Grant refresh access tokens.
198 : *
199 : * Retrieve the stored data for the given refresh token.
200 : *
201 : * Required for OAuth2::GRANT_TYPE_REFRESH_TOKEN.
202 : *
203 : * @param $refresh_token
204 : * Refresh token to be check with.
205 : *
206 : * @return
207 : * An associative array as below, and NULL if the refresh_token is
208 : * invalid:
209 : * - client_id: Stored client identifier.
210 : * - expires: Stored expiration unix timestamp.
211 : * - scope: (optional) Stored scope values in space-separated string.
212 : *
213 : * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-6
214 : *
215 : * @ingroup oauth2_section_6
216 : */
217 : public function getRefreshToken($refresh_token) {
218 2 : return $this->getToken($refresh_token, true);
219 : }
220 :
221 : /**
222 : * Expire a used refresh token.
223 : *
224 : * This is not explicitly required in the spec, but is almost implied.
225 : * After granting a new refresh token, the old one is no longer useful and
226 : * so should be forcibly expired in the data store so it can't be used again.
227 : *
228 : * If storage fails for some reason, we're not currently checking for
229 : * any sort of success/failure, so you should bail out of the script
230 : * and provide a descriptive fail message.
231 : *
232 : * @param $refresh_token
233 : * Refresh token to be expirse.
234 : *
235 : * @ingroup oauth2_section_6
236 : */
237 : public function unsetRefreshToken($refresh_token) {
238 12 : Controller::delete(
239 12 : array('concept' => 'oauthRefreshToken'),
240 12 : false,
241 12 : array('filter' => array('=', 'refresh_token', $refresh_token ))
242 12 : );
243 12 : }
244 : public function unsetAccessToken($refresh_token) {
245 12 : Controller::delete(
246 12 : array('concept' => 'oauthToken'),
247 12 : false,
248 12 : array('filter' => array('=', 'oauth_token', $refresh_token ))
249 12 : );
250 12 : }
251 :
252 : /**
253 : * Retrieves an access or refresh token.
254 : *
255 : * @param string $token
256 : * @param bool $refresh
257 : */
258 : protected function getToken($token, $isRefresh = true) {
259 :
260 4 : $tokenConcept = $isRefresh ? 'oauthRefreshToken' : 'oauthToken';
261 4 : $filter = $isRefresh ? 'refresh_token' : 'oauth_token';
262 :
263 4 : $res = Controller::find(
264 4 : array('concept' => $tokenConcept),
265 4 : false,
266 4 : array('filter' => array('=' , $filter , $token))
267 4 : );
268 :
269 : /*return (!empty($res[0]))? $res[0] : false;*/
270 4 : if(!empty($res[0])) {
271 2 : return $res[0];
272 : }
273 : else {
274 2 : return false;
275 : }
276 : }
277 : }
278 :
279 :
|
