Merge pull request #2 from vend/enable-alternative-token-generation-s…

…trategy

Change our OAuth2 server to enable an alternative token generation strategy

.gitignore

@@ -5,3 +5,5 @@
 /docs
 /nbproject
 composer.phar
+
+.idea

composer.json

@@ -8,7 +8,8 @@
 	},
 	"require-dev": {
 		"mockery/mockery": ">=0.7.2",
-		"league/phpunit-coverage-listener": "~1.0"
+		"league/phpunit-coverage-listener": "~1.0",
+		"phpunit/phpunit": "^4.8"
 	},
 	"repositories": [
 		{

src/League/OAuth2/Server/Grant/AuthCode.php

@@ -11,20 +11,17 @@
 
 namespace League\OAuth2\Server\Grant;
 
-use League\OAuth2\Server\Request;
 use League\OAuth2\Server\Authorization;
 use League\OAuth2\Server\Exception;
-use League\OAuth2\Server\Util\SecureKey;
-use League\OAuth2\Server\Storage\SessionInterface;
-use League\OAuth2\Server\Storage\ClientInterface;
-use League\OAuth2\Server\Storage\ScopeInterface;
+use League\OAuth2\Server\Exception\ClientException;
 
 /**
  * Auth code grant class
  */
-class AuthCode implements GrantTypeInterface {
-
+class AuthCode implements GrantTypeInterface
+{
     use GrantTrait;
+    use TokenGeneratorTrait;
 
     /**
      * Grant identifier
@@ -40,7 +37,7 @@ class AuthCode implements GrantTypeInterface {
 
     /**
      * AuthServer instance
-     * @var AuthServer
+     * @var Authorization
      */
     protected $authServer = null;
 
@@ -71,7 +68,7 @@ public function setAuthTokenTTL($authTokenTTL)
      * Check authorise parameters
      *
      * @param  array $inputParams Optional array of parsed $_GET keys
-     * @throws \OAuth2\Exception\ClientException
+     * @throws ClientException
      * @return array             Authorise request parameters
      */
     public function checkAuthoriseParams($inputParams = array())
@@ -153,7 +150,7 @@ public function checkAuthoriseParams($inputParams = array())
     public function newAuthoriseRequest($type, $typeId, $authParams = array())
     {
         // Generate an auth code
-        $authCode = SecureKey::make();
+        $authCode = $this->getTokenGenerator()->generate();
 
         // Remove any old sessions the user might have
         $this->authServer->getStorage('session')->deleteSession($authParams['client_id'], $type, $typeId);
@@ -223,7 +220,7 @@ public function completeFlow($inputParams = null)
         $scopes = $this->authServer->getStorage('session')->getAuthCodeScopes($authCodeDetails['authcode_id']);
 
         // A session ID was returned so update it with an access token and remove the authorisation code
-        $accessToken = SecureKey::make();
+        $accessToken = $this->getTokenGenerator()->generate();
         $accessTokenExpiresIn = ($this->accessTokenTTL !== null) ? $this->accessTokenTTL : $this->authServer->getAccessTokenTTL();
         $accessTokenExpires = time() + $accessTokenExpiresIn;
 
@@ -252,7 +249,7 @@ public function completeFlow($inputParams = null)
 
         // Associate a refresh token if set
         if ($this->authServer->hasGrantType('refresh_token')) {
-            $refreshToken = SecureKey::make();
+            $refreshToken = $this->getTokenGenerator()->generate();
             $refreshTokenTTL = time() + $this->authServer->getGrantType('refresh_token')->getRefreshTokenTTL();
             $this->authServer->getStorage('session')->associateRefreshToken($accessTokenId, $refreshToken, $refreshTokenTTL, $authParams['client_id']);
             $response['refresh_token'] = $refreshToken;

src/League/OAuth2/Server/Grant/ClientCredentials.php

@@ -22,9 +22,10 @@
 /**
  * Client credentials grant class
  */
-class ClientCredentials implements GrantTypeInterface {
-
+class ClientCredentials implements GrantTypeInterface
+{
     use GrantTrait;
+    use TokenGeneratorTrait;
 
     /**
      * Grant identifier
@@ -40,7 +41,7 @@ class ClientCredentials implements GrantTypeInterface {
 
     /**
      * AuthServer instance
-     * @var AuthServer
+     * @var Authorization
      */
     protected $authServer = null;
 
@@ -141,7 +142,7 @@ public function completeFlow($inputParams = null)
         }
 
         // Generate an access token
-        $accessToken = SecureKey::make();
+        $accessToken = $this->getTokenGenerator()->generate();
         $accessTokenExpiresIn = ($this->accessTokenTTL !== null) ? $this->accessTokenTTL : $this->authServer->getAccessTokenTTL();
         $accessTokenExpires = time() + $accessTokenExpiresIn;
 

src/League/OAuth2/Server/Grant/GrantTrait.php

@@ -13,7 +13,8 @@
 
 use League\OAuth2\Server\Authorization;
 
-trait GrantTrait {
+trait GrantTrait
+{
 
     /**
      * Constructor

src/League/OAuth2/Server/Grant/GrantTypeInterface.php

@@ -11,13 +11,9 @@
 
 namespace League\OAuth2\Server\Grant;
 
-use League\OAuth2\Server\Request;
 use League\OAuth2\Server\Authorization;
 use League\OAuth2\Server\Exception;
-use League\OAuth2\Server\Util\SecureKey;
-use League\OAuth2\Server\Storage\SessionInterface;
-use League\OAuth2\Server\Storage\ClientInterface;
-use League\OAuth2\Server\Storage\ScopeInterface;
+use League\OAuth2\Server\Util\TokenGeneratorInterface;
 
 interface GrantTypeInterface
 {
@@ -27,6 +23,11 @@ interface GrantTypeInterface
      */
     public function __construct(Authorization $authServer = null);
 
+    /**
+     * @param TokenGeneratorInterface $generator
+     */
+    public function setTokenGenerator(TokenGeneratorInterface $generator);
+
     /**
      * Complete the grant flow
      *

src/League/OAuth2/Server/Grant/Implicit.php

@@ -11,20 +11,16 @@
 
 namespace League\OAuth2\Server\Grant;
 
-use League\OAuth2\Server\Request;
 use League\OAuth2\Server\Authorization;
 use League\OAuth2\Server\Exception;
-use League\OAuth2\Server\Util\SecureKey;
-use League\OAuth2\Server\Storage\SessionInterface;
-use League\OAuth2\Server\Storage\ClientInterface;
-use League\OAuth2\Server\Storage\ScopeInterface;
 
 /**
  * Client credentials grant class
  */
-class Implicit implements GrantTypeInterface {
-
+class Implicit implements GrantTypeInterface
+{
     use GrantTrait;
+    use TokenGeneratorTrait;
 
     /**
      * Grant identifier
@@ -40,7 +36,7 @@ class Implicit implements GrantTypeInterface {
 
     /**
      * AuthServer instance
-     * @var AuthServer
+     * @var Authorization
      */
     protected $authServer = null;
 
@@ -61,7 +57,7 @@ public function completeFlow($authParams = null)
         $this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'user', $authParams['user_id']);
 
         // Generate a new access token
-        $accessToken = SecureKey::make();
+        $accessToken = $this->getTokenGenerator()->generate();
 
         // Compute expiry time
         $accessTokenExpiresIn = ($this->accessTokenTTL !== null) ? $this->accessTokenTTL : $this->authServer->getAccessTokenTTL();
@@ -88,4 +84,4 @@ public function completeFlow($authParams = null)
         return $response;
     }
 
-}
+}

src/League/OAuth2/Server/Grant/Password.php

@@ -22,9 +22,10 @@
 /**
  * Password grant class
  */
-class Password implements GrantTypeInterface {
-
+class Password implements GrantTypeInterface
+{
     use GrantTrait;
+    use TokenGeneratorTrait;
 
     /**
      * Grant identifier
@@ -40,13 +41,13 @@ class Password implements GrantTypeInterface {
 
     /**
      * Callback to authenticate a user's name and password
-     * @var function
+     * @var callback
      */
     protected $callback = null;
 
     /**
      * AuthServer instance
-     * @var AuthServer
+     * @var Authorization
      */
     protected $authServer = null;
 
@@ -156,7 +157,7 @@ public function completeFlow($inputParams = null)
         }
 
         // Generate an access token
-        $accessToken = SecureKey::make();
+        $accessToken = $this->getTokenGenerator()->generate();
         $accessTokenExpiresIn = ($this->accessTokenTTL !== null) ? $this->accessTokenTTL : $this->authServer->getAccessTokenTTL();
         $accessTokenExpires = time() + $accessTokenExpiresIn;
 
@@ -180,7 +181,7 @@ public function completeFlow($inputParams = null)
 
         // Associate a refresh token if set
         if ($this->authServer->hasGrantType('refresh_token')) {
-            $refreshToken = SecureKey::make();
+            $refreshToken = $this->getTokenGenerator()->generate();
             $refreshTokenTTL = time() + $this->authServer->getGrantType('refresh_token')->getRefreshTokenTTL();
             $this->authServer->getStorage('session')->associateRefreshToken($accessTokenId, $refreshToken, $refreshTokenTTL, $authParams['client_id']);
             $response['refresh_token'] = $refreshToken;

src/League/OAuth2/Server/Grant/RefreshToken.php

@@ -22,9 +22,10 @@
 /**
  * Referesh token grant
  */
-class RefreshToken implements GrantTypeInterface {
-
+class RefreshToken implements GrantTypeInterface
+{
     use GrantTrait;
+    use TokenGeneratorTrait;
 
     /**
      * Grant identifier
@@ -40,7 +41,7 @@ class RefreshToken implements GrantTypeInterface {
 
     /**
      * AuthServer instance
-     * @var AuthServer
+     * @var Authorization
      */
     protected $authServer = null;
 
@@ -140,7 +141,7 @@ public function completeFlow($inputParams = null)
         $scopes = $this->authServer->getStorage('session')->getScopes($accessTokenDetails['access_token']);
 
         // Generate new tokens and associate them to the session
-        $accessToken = SecureKey::make();
+        $accessToken = $this->getTokenGenerator()->generate();
         $accessTokenExpiresIn = ($this->accessTokenTTL !== null) ? $this->accessTokenTTL : $this->authServer->getAccessTokenTTL();
         $accessTokenExpires = time() + $accessTokenExpiresIn;
 
@@ -153,7 +154,7 @@ public function completeFlow($inputParams = null)
         if ($this->rotateRefreshTokens === true) {
 
             // Generate a new refresh token
-            $refreshToken = SecureKey::make();
+            $refreshToken = $this->getTokenGenerator()->generate();
             $refreshTokenExpires = time() + $this->getRefreshTokenTTL();
 
             // Revoke the old refresh token

src/League/OAuth2/Server/Grant/TokenGeneratorTrait.php

@@ -0,0 +1,34 @@
+<?php
+
+namespace League\OAuth2\Server\Grant;
+
+use League\OAuth2\Server\Util\DefaultGenerator;
+use League\OAuth2\Server\Util\TokenGeneratorInterface;
+
+trait TokenGeneratorTrait
+{
+    /**
+     * @var TokenGeneratorInterface
+     */
+    private $tokenGenerator;
+
+    /**
+     * @param TokenGeneratorInterface $generator
+     */
+    public function setTokenGenerator(TokenGeneratorInterface $generator)
+    {
+        $this->tokenGenerator = $generator;
+    }
+
+    /**
+     * @return TokenGeneratorInterface
+     */
+    public function getTokenGenerator()
+    {
+        if (!$this->tokenGenerator) {
+            return new DefaultGenerator();
+        }
+
+        return $this->tokenGenerator;
+    }
+}

src/League/OAuth2/Server/Util/SecureKey.php → src/League/OAuth2/Server/Util/DefaultGenerator.php

@@ -11,18 +11,15 @@
 
 namespace League\OAuth2\Server\Util;
 
-/**
- * SecureKey class
- */
-class SecureKey
+class DefaultGenerator implements TokenGeneratorInterface
 {
     /**
-     * Generate a new unique code
+     * Generate a new unique token
      * 
-     * @param  integer $len Length of the generated code
+     * @param  int    $len Length of the generated token
      * @return string
      */
-    public static function make($len = 40)
+    public function generate($len = 40)
     {
         // We generate twice as many bytes here because we want to ensure we have
         // enough after we base64 encode it to get the length we need because we
@@ -38,4 +35,4 @@ public static function make($len = 40)
 
         return substr(str_replace(array('/', '+', '='), '', base64_encode($bytes)), 0, $len);
     }
-}
+}

src/League/OAuth2/Server/Util/TokenGeneratorInterface.php

@@ -0,0 +1,14 @@
+<?php
+
+namespace League\OAuth2\Server\Util;
+
+interface TokenGeneratorInterface
+{
+    /**
+     * Generate a unique access token
+     *
+     * @param int $len
+     * @return string
+     */
+    public function generate($len = 40);
+}

tests/util/DefaultGeneratorTest.php

@@ -0,0 +1,27 @@
+<?php
+
+use League\OAuth2\Server\Util\DefaultGenerator;
+
+class DefaultGenerator_test extends PHPUnit_Framework_TestCase
+{
+	/**
+	 * @var DefaultGenerator
+	 */
+	private $generator;
+
+	public function setUp()
+	{
+		$this->generator = new DefaultGenerator();
+	}
+
+	function test_generate()
+	{
+		$v1 = $this->generator->generate();
+		$v2 = $this->generator->generate();
+		$v3 = $this->generator->generate(50);
+
+		$this->assertEquals(40, strlen($v1));
+		$this->assertTrue($v1 !== $v2);
+		$this->assertEquals(50, strlen($v3));
+	}
+}