redCOMPONENT-COM / redCORE

extensions/libraries/redcore/api/oauth2/Storage/Pdo.php

Indentation +444 added lines, -444 removed lines

@@ -18,449 +18,449 @@ 
  * @author Brent Shaffer <bshafs at gmail dot com>
  */
 class Pdo implements
-    AuthorizationCodeInterface,
-    AccessTokenInterface,
-    ClientCredentialsInterface,
-    UserCredentialsInterface,
-    RefreshTokenInterface,
-    JwtBearerInterface,
-    ScopeInterface,
-    PublicKeyInterface,
-    UserClaimsInterface,
-    OpenIDAuthorizationCodeInterface
+	AuthorizationCodeInterface,
+	AccessTokenInterface,
+	ClientCredentialsInterface,
+	UserCredentialsInterface,
+	RefreshTokenInterface,
+	JwtBearerInterface,
+	ScopeInterface,
+	PublicKeyInterface,
+	UserClaimsInterface,
+	OpenIDAuthorizationCodeInterface
 {
-    protected $db;
-    protected $config;
-
-    public function __construct($connection, $config = array())
-    {
-        if (!$connection instanceof \PDO) {
-            if (is_string($connection)) {
-                $connection = array('dsn' => $connection);
-            }
-            if (!is_array($connection)) {
-                throw new \InvalidArgumentException('First argument to OAuth2\Storage\Pdo must be an instance of PDO, a DSN string, or a configuration array');
-            }
-            if (!isset($connection['dsn'])) {
-                throw new \InvalidArgumentException('configuration array must contain "dsn"');
-            }
-            // merge optional parameters
-            $connection = array_merge(array(
-                'username' => null,
-                'password' => null,
-                'options' => array(),
-            ), $connection);
-            $connection = new \PDO($connection['dsn'], $connection['username'], $connection['password'], $connection['options']);
-        }
-        $this->db = $connection;
-
-        // debugging
-        $connection->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION);
-
-        $this->config = array_merge(array(
-            'client_table' => 'oauth_clients',
-            'access_token_table' => 'oauth_access_tokens',
-            'refresh_token_table' => 'oauth_refresh_tokens',
-            'code_table' => 'oauth_authorization_codes',
-            'user_table' => 'oauth_users',
-            'jwt_table'  => 'oauth_jwt',
-            'jti_table'  => 'oauth_jti',
-            'scope_table'  => 'oauth_scopes',
-            'public_key_table'  => 'oauth_public_keys',
-        ), $config);
-    }
-
-    /* OAuth2\Storage\ClientCredentialsInterface */
-    public function checkClientCredentials($client_id, $client_secret = null)
-    {
-        $stmt = $this->db->prepare(sprintf('SELECT * from %s where client_id = :client_id', $this->config['client_table']));
-        $stmt->execute(compact('client_id'));
-        $result = $stmt->fetch(\PDO::FETCH_ASSOC);
-
-        // make this extensible
-        return $result && $result['client_secret'] == $client_secret;
-    }
-
-    public function isPublicClient($client_id)
-    {
-        $stmt = $this->db->prepare(sprintf('SELECT * from %s where client_id = :client_id', $this->config['client_table']));
-        $stmt->execute(compact('client_id'));
-
-        if (!$result = $stmt->fetch(\PDO::FETCH_ASSOC)) {
-            return false;
-        }
-
-        return empty($result['client_secret']);
-    }
-
-    /* OAuth2\Storage\ClientInterface */
-    public function getClientDetails($client_id)
-    {
-        $stmt = $this->db->prepare(sprintf('SELECT * from %s where client_id = :client_id', $this->config['client_table']));
-        $stmt->execute(compact('client_id'));
-
-        return $stmt->fetch(\PDO::FETCH_ASSOC);
-    }
-
-    public function setClientDetails($client_id, $client_secret = null, $redirect_uri = null, $grant_types = null, $scope = null, $user_id = null)
-    {
-        // if it exists, update it.
-        if ($this->getClientDetails($client_id)) {
-            $stmt = $this->db->prepare($sql = sprintf('UPDATE %s SET client_secret=:client_secret, redirect_uri=:redirect_uri, grant_types=:grant_types, scope=:scope, user_id=:user_id where client_id=:client_id', $this->config['client_table']));
-        } else {
-            $stmt = $this->db->prepare(sprintf('INSERT INTO %s (client_id, client_secret, redirect_uri, grant_types, scope, user_id) VALUES (:client_id, :client_secret, :redirect_uri, :grant_types, :scope, :user_id)', $this->config['client_table']));
-        }
-
-        return $stmt->execute(compact('client_id', 'client_secret', 'redirect_uri', 'grant_types', 'scope', 'user_id'));
-    }
-
-    public function checkRestrictedGrantType($client_id, $grant_type)
-    {
-        $details = $this->getClientDetails($client_id);
-        if (isset($details['grant_types'])) {
-            $grant_types = explode(' ', $details['grant_types']);
-
-            return in_array($grant_type, (array) $grant_types);
-        }
-
-        // if grant_types are not defined, then none are restricted
-        return true;
-    }
-
-    /* OAuth2\Storage\AccessTokenInterface */
-    public function getAccessToken($access_token)
-    {
-        $stmt = $this->db->prepare(sprintf('SELECT * from %s where access_token = :access_token', $this->config['access_token_table']));
-
-        $token = $stmt->execute(compact('access_token'));
-        if ($token = $stmt->fetch(\PDO::FETCH_ASSOC)) {
-            // convert date string back to timestamp
-            $token['expires'] = strtotime($token['expires']);
-        }
-
-        return $token;
-    }
-
-    public function setAccessToken($access_token, $client_id, $user_id, $expires, $scope = null)
-    {
-        // convert expires to datestring
-        $expires = date('Y-m-d H:i:s', $expires);
-
-        // if it exists, update it.
-        if ($this->getAccessToken($access_token)) {
-            $stmt = $this->db->prepare(sprintf('UPDATE %s SET client_id=:client_id, expires=:expires, user_id=:user_id, scope=:scope where access_token=:access_token', $this->config['access_token_table']));
-        } else {
-            $stmt = $this->db->prepare(sprintf('INSERT INTO %s (access_token, client_id, expires, user_id, scope) VALUES (:access_token, :client_id, :expires, :user_id, :scope)', $this->config['access_token_table']));
-        }
-
-        return $stmt->execute(compact('access_token', 'client_id', 'user_id', 'expires', 'scope'));
-    }
-
-    public function unsetAccessToken($access_token)
-    {
-        $stmt = $this->db->prepare(sprintf('DELETE FROM %s WHERE access_token = :access_token', $this->config['access_token_table']));
-
-        return $stmt->execute(compact('access_token'));
-    }
-
-    /* OAuth2\Storage\AuthorizationCodeInterface */
-    public function getAuthorizationCode($code)
-    {
-        $stmt = $this->db->prepare(sprintf('SELECT * from %s where authorization_code = :code', $this->config['code_table']));
-        $stmt->execute(compact('code'));
-
-        if ($code = $stmt->fetch(\PDO::FETCH_ASSOC)) {
-            // convert date string back to timestamp
-            $code['expires'] = strtotime($code['expires']);
-        }
-
-        return $code;
-    }
-
-    public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
-    {
-        if (func_num_args() > 6) {
-            // we are calling with an id token
-            return call_user_func_array(array($this, 'setAuthorizationCodeWithIdToken'), func_get_args());
-        }
-
-        // convert expires to datestring
-        $expires = date('Y-m-d H:i:s', $expires);
-
-        // if it exists, update it.
-        if ($this->getAuthorizationCode($code)) {
-            $stmt = $this->db->prepare($sql = sprintf('UPDATE %s SET client_id=:client_id, user_id=:user_id, redirect_uri=:redirect_uri, expires=:expires, scope=:scope where authorization_code=:code', $this->config['code_table']));
-        } else {
-            $stmt = $this->db->prepare(sprintf('INSERT INTO %s (authorization_code, client_id, user_id, redirect_uri, expires, scope) VALUES (:code, :client_id, :user_id, :redirect_uri, :expires, :scope)', $this->config['code_table']));
-        }
-
-        return $stmt->execute(compact('code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'scope'));
-    }
-
-    private function setAuthorizationCodeWithIdToken($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
-    {
-        // convert expires to datestring
-        $expires = date('Y-m-d H:i:s', $expires);
-
-        // if it exists, update it.
-        if ($this->getAuthorizationCode($code)) {
-            $stmt = $this->db->prepare($sql = sprintf('UPDATE %s SET client_id=:client_id, user_id=:user_id, redirect_uri=:redirect_uri, expires=:expires, scope=:scope, id_token =:id_token where authorization_code=:code', $this->config['code_table']));
-        } else {
-            $stmt = $this->db->prepare(sprintf('INSERT INTO %s (authorization_code, client_id, user_id, redirect_uri, expires, scope, id_token) VALUES (:code, :client_id, :user_id, :redirect_uri, :expires, :scope, :id_token)', $this->config['code_table']));
-        }
-
-        return $stmt->execute(compact('code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'scope', 'id_token'));
-    }
-
-    public function expireAuthorizationCode($code)
-    {
-        $stmt = $this->db->prepare(sprintf('DELETE FROM %s WHERE authorization_code = :code', $this->config['code_table']));
-
-        return $stmt->execute(compact('code'));
-    }
-
-    /* OAuth2\Storage\UserCredentialsInterface */
-    public function checkUserCredentials($username, $password)
-    {
-        if ($user = $this->getUser($username)) {
-            return $this->checkPassword($user, $password);
-        }
-
-        return false;
-    }
-
-    public function getUserDetails($username)
-    {
-        return $this->getUser($username);
-    }
-
-    /* UserClaimsInterface */
-    public function getUserClaims($user_id, $claims)
-    {
-        if (!$userDetails = $this->getUserDetails($user_id)) {
-            return false;
-        }
-
-        $claims = explode(' ', trim($claims));
-        $userClaims = array();
-
-        // for each requested claim, if the user has the claim, set it in the response
-        $validClaims = explode(' ', self::VALID_CLAIMS);
-        foreach ($validClaims as $validClaim) {
-            if (in_array($validClaim, $claims)) {
-                if ($validClaim == 'address') {
-                    // address is an object with subfields
-                    $userClaims['address'] = $this->getUserClaim($validClaim, $userDetails['address'] ?: $userDetails);
-                } else {
-                    $userClaims = array_merge($userClaims, $this->getUserClaim($validClaim, $userDetails));
-                }
-            }
-        }
-
-        return $userClaims;
-    }
-
-    protected function getUserClaim($claim, $userDetails)
-    {
-        $userClaims = array();
-        $claimValuesString = constant(sprintf('self::%s_CLAIM_VALUES', strtoupper($claim)));
-        $claimValues = explode(' ', $claimValuesString);
-
-        foreach ($claimValues as $value) {
-            $userClaims[$value] = isset($userDetails[$value]) ? $userDetails[$value] : null;
-        }
-
-        return $userClaims;
-    }
-
-    /* OAuth2\Storage\RefreshTokenInterface */
-    public function getRefreshToken($refresh_token)
-    {
-        $stmt = $this->db->prepare(sprintf('SELECT * FROM %s WHERE refresh_token = :refresh_token', $this->config['refresh_token_table']));
-
-        $token = $stmt->execute(compact('refresh_token'));
-        if ($token = $stmt->fetch(\PDO::FETCH_ASSOC)) {
-            // convert expires to epoch time
-            $token['expires'] = strtotime($token['expires']);
-        }
-
-        return $token;
-    }
-
-    public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = null)
-    {
-        // convert expires to datestring
-        $expires = date('Y-m-d H:i:s', $expires);
-
-        $stmt = $this->db->prepare(sprintf('INSERT INTO %s (refresh_token, client_id, user_id, expires, scope) VALUES (:refresh_token, :client_id, :user_id, :expires, :scope)', $this->config['refresh_token_table']));
-
-        return $stmt->execute(compact('refresh_token', 'client_id', 'user_id', 'expires', 'scope'));
-    }
-
-    public function unsetRefreshToken($refresh_token)
-    {
-        $stmt = $this->db->prepare(sprintf('DELETE FROM %s WHERE refresh_token = :refresh_token', $this->config['refresh_token_table']));
-
-        return $stmt->execute(compact('refresh_token'));
-    }
-
-    // plaintext passwords are bad!  Override this for your application
-    protected function checkPassword($user, $password)
-    {
-        return $user['password'] == sha1($password);
-    }
-
-    public function getUser($username)
-    {
-        $stmt = $this->db->prepare($sql = sprintf('SELECT * from %s where username=:username', $this->config['user_table']));
-        $stmt->execute(array('username' => $username));
-
-        if (!$userInfo = $stmt->fetch(\PDO::FETCH_ASSOC)) {
-            return false;
-        }
-
-        // the default behavior is to use "username" as the user_id
-        return array_merge(array(
-            'user_id' => $username
-        ), $userInfo);
-    }
-
-    public function setUser($username, $password, $firstName = null, $lastName = null)
-    {
-        // do not store in plaintext
-        $password = sha1($password);
-
-        // if it exists, update it.
-        if ($this->getUser($username)) {
-            $stmt = $this->db->prepare($sql = sprintf('UPDATE %s SET password=:password, first_name=:firstName, last_name=:lastName where username=:username', $this->config['user_table']));
-        } else {
-            $stmt = $this->db->prepare(sprintf('INSERT INTO %s (username, password, first_name, last_name) VALUES (:username, :password, :firstName, :lastName)', $this->config['user_table']));
-        }
-
-        return $stmt->execute(compact('username', 'password', 'firstName', 'lastName'));
-    }
-
-    /* ScopeInterface */
-    public function scopeExists($scope)
-    {
-        $scope = explode(' ', $scope);
-        $whereIn = implode(',', array_fill(0, count($scope), '?'));
-        $stmt = $this->db->prepare(sprintf('SELECT count(scope) as count FROM %s WHERE scope IN (%s)', $this->config['scope_table'], $whereIn));
-        $stmt->execute($scope);
-
-        if ($result = $stmt->fetch(\PDO::FETCH_ASSOC)) {
-            return $result['count'] == count($scope);
-        }
-
-        return false;
-    }
-
-    public function getDefaultScope($client_id = null)
-    {
-        $stmt = $this->db->prepare(sprintf('SELECT scope FROM %s WHERE is_default=:is_default', $this->config['scope_table']));
-        $stmt->execute(array('is_default' => true));
-
-        if ($result = $stmt->fetchAll(\PDO::FETCH_ASSOC)) {
-            $defaultScope = array_map(function ($row) {
-                return $row['scope'];
-            }, $result);
-
-            return implode(' ', $defaultScope);
-        }
-
-        return null;
-    }
-
-    /* JWTBearerInterface */
-    public function getClientKey($client_id, $subject)
-    {
-        $stmt = $this->db->prepare($sql = sprintf('SELECT public_key from %s where client_id=:client_id AND subject=:subject', $this->config['jwt_table']));
-
-        $stmt->execute(array('client_id' => $client_id, 'subject' => $subject));
-
-        return $stmt->fetchColumn();
-    }
-
-    public function getClientScope($client_id)
-    {
-        if (!$clientDetails = $this->getClientDetails($client_id)) {
-            return false;
-        }
-
-        if (isset($clientDetails['scope'])) {
-            return $clientDetails['scope'];
-        }
-
-        return null;
-    }
-
-    public function getJti($client_id, $subject, $audience, $expires, $jti)
-    {
-        $stmt = $this->db->prepare($sql = sprintf('SELECT * FROM %s WHERE issuer=:client_id AND subject=:subject AND audience=:audience AND expires=:expires AND jti=:jti', $this->config['jti_table']));
-
-        $stmt->execute(compact('client_id', 'subject', 'audience', 'expires', 'jti'));
-
-        if ($result = $stmt->fetch(\PDO::FETCH_ASSOC)) {
-            return array(
-                'issuer' => $result['issuer'],
-                'subject' => $result['subject'],
-                'audience' => $result['audience'],
-                'expires' => $result['expires'],
-                'jti' => $result['jti'],
-            );
-        }
-
-        return null;
-    }
-
-    public function setJti($client_id, $subject, $audience, $expires, $jti)
-    {
-        $stmt = $this->db->prepare(sprintf('INSERT INTO %s (issuer, subject, audience, expires, jti) VALUES (:client_id, :subject, :audience, :expires, :jti)', $this->config['jti_table']));
-
-        return $stmt->execute(compact('client_id', 'subject', 'audience', 'expires', 'jti'));
-    }
-
-    /* PublicKeyInterface */
-    public function getPublicKey($client_id = null)
-    {
-        $stmt = $this->db->prepare($sql = sprintf('SELECT public_key FROM %s WHERE client_id=:client_id OR client_id IS NULL ORDER BY client_id IS NOT NULL DESC', $this->config['public_key_table']));
-
-        $stmt->execute(compact('client_id'));
-        if ($result = $stmt->fetch(\PDO::FETCH_ASSOC)) {
-            return $result['public_key'];
-        }
-    }
-
-    public function getPrivateKey($client_id = null)
-    {
-        $stmt = $this->db->prepare($sql = sprintf('SELECT private_key FROM %s WHERE client_id=:client_id OR client_id IS NULL ORDER BY client_id IS NOT NULL DESC', $this->config['public_key_table']));
-
-        $stmt->execute(compact('client_id'));
-        if ($result = $stmt->fetch(\PDO::FETCH_ASSOC)) {
-            return $result['private_key'];
-        }
-    }
-
-    public function getEncryptionAlgorithm($client_id = null)
-    {
-        $stmt = $this->db->prepare($sql = sprintf('SELECT encryption_algorithm FROM %s WHERE client_id=:client_id OR client_id IS NULL ORDER BY client_id IS NOT NULL DESC', $this->config['public_key_table']));
-
-        $stmt->execute(compact('client_id'));
-        if ($result = $stmt->fetch(\PDO::FETCH_ASSOC)) {
-            return $result['encryption_algorithm'];
-        }
-
-        return 'RS256';
-    }
-
-    /**
-     * DDL to create OAuth2 database and tables for PDO storage
-     *
-     * @see https://github.com/dsquier/oauth2-server-php-mysql
-     */
-    public function getBuildSql($dbName = 'oauth2_server_php')
-    {
-        $sql = "
+	protected $db;
+	protected $config;
+
+	public function __construct($connection, $config = array())
+	{
+		if (!$connection instanceof \PDO) {
+			if (is_string($connection)) {
+				$connection = array('dsn' => $connection);
+			}
+			if (!is_array($connection)) {
+				throw new \InvalidArgumentException('First argument to OAuth2\Storage\Pdo must be an instance of PDO, a DSN string, or a configuration array');
+			}
+			if (!isset($connection['dsn'])) {
+				throw new \InvalidArgumentException('configuration array must contain "dsn"');
+			}
+			// merge optional parameters
+			$connection = array_merge(array(
+				'username' => null,
+				'password' => null,
+				'options' => array(),
+			), $connection);
+			$connection = new \PDO($connection['dsn'], $connection['username'], $connection['password'], $connection['options']);
+		}
+		$this->db = $connection;
+
+		// debugging
+		$connection->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION);
+
+		$this->config = array_merge(array(
+			'client_table' => 'oauth_clients',
+			'access_token_table' => 'oauth_access_tokens',
+			'refresh_token_table' => 'oauth_refresh_tokens',
+			'code_table' => 'oauth_authorization_codes',
+			'user_table' => 'oauth_users',
+			'jwt_table'  => 'oauth_jwt',
+			'jti_table'  => 'oauth_jti',
+			'scope_table'  => 'oauth_scopes',
+			'public_key_table'  => 'oauth_public_keys',
+		), $config);
+	}
+
+	/* OAuth2\Storage\ClientCredentialsInterface */
+	public function checkClientCredentials($client_id, $client_secret = null)
+	{
+		$stmt = $this->db->prepare(sprintf('SELECT * from %s where client_id = :client_id', $this->config['client_table']));
+		$stmt->execute(compact('client_id'));
+		$result = $stmt->fetch(\PDO::FETCH_ASSOC);
+
+		// make this extensible
+		return $result && $result['client_secret'] == $client_secret;
+	}
+
+	public function isPublicClient($client_id)
+	{
+		$stmt = $this->db->prepare(sprintf('SELECT * from %s where client_id = :client_id', $this->config['client_table']));
+		$stmt->execute(compact('client_id'));
+
+		if (!$result = $stmt->fetch(\PDO::FETCH_ASSOC)) {
+			return false;
+		}
+
+		return empty($result['client_secret']);
+	}
+
+	/* OAuth2\Storage\ClientInterface */
+	public function getClientDetails($client_id)
+	{
+		$stmt = $this->db->prepare(sprintf('SELECT * from %s where client_id = :client_id', $this->config['client_table']));
+		$stmt->execute(compact('client_id'));
+
+		return $stmt->fetch(\PDO::FETCH_ASSOC);
+	}
+
+	public function setClientDetails($client_id, $client_secret = null, $redirect_uri = null, $grant_types = null, $scope = null, $user_id = null)
+	{
+		// if it exists, update it.
+		if ($this->getClientDetails($client_id)) {
+			$stmt = $this->db->prepare($sql = sprintf('UPDATE %s SET client_secret=:client_secret, redirect_uri=:redirect_uri, grant_types=:grant_types, scope=:scope, user_id=:user_id where client_id=:client_id', $this->config['client_table']));
+		} else {
+			$stmt = $this->db->prepare(sprintf('INSERT INTO %s (client_id, client_secret, redirect_uri, grant_types, scope, user_id) VALUES (:client_id, :client_secret, :redirect_uri, :grant_types, :scope, :user_id)', $this->config['client_table']));
+		}
+
+		return $stmt->execute(compact('client_id', 'client_secret', 'redirect_uri', 'grant_types', 'scope', 'user_id'));
+	}
+
+	public function checkRestrictedGrantType($client_id, $grant_type)
+	{
+		$details = $this->getClientDetails($client_id);
+		if (isset($details['grant_types'])) {
+			$grant_types = explode(' ', $details['grant_types']);
+
+			return in_array($grant_type, (array) $grant_types);
+		}
+
+		// if grant_types are not defined, then none are restricted
+		return true;
+	}
+
+	/* OAuth2\Storage\AccessTokenInterface */
+	public function getAccessToken($access_token)
+	{
+		$stmt = $this->db->prepare(sprintf('SELECT * from %s where access_token = :access_token', $this->config['access_token_table']));
+
+		$token = $stmt->execute(compact('access_token'));
+		if ($token = $stmt->fetch(\PDO::FETCH_ASSOC)) {
+			// convert date string back to timestamp
+			$token['expires'] = strtotime($token['expires']);
+		}
+
+		return $token;
+	}
+
+	public function setAccessToken($access_token, $client_id, $user_id, $expires, $scope = null)
+	{
+		// convert expires to datestring
+		$expires = date('Y-m-d H:i:s', $expires);
+
+		// if it exists, update it.
+		if ($this->getAccessToken($access_token)) {
+			$stmt = $this->db->prepare(sprintf('UPDATE %s SET client_id=:client_id, expires=:expires, user_id=:user_id, scope=:scope where access_token=:access_token', $this->config['access_token_table']));
+		} else {
+			$stmt = $this->db->prepare(sprintf('INSERT INTO %s (access_token, client_id, expires, user_id, scope) VALUES (:access_token, :client_id, :expires, :user_id, :scope)', $this->config['access_token_table']));
+		}
+
+		return $stmt->execute(compact('access_token', 'client_id', 'user_id', 'expires', 'scope'));
+	}
+
+	public function unsetAccessToken($access_token)
+	{
+		$stmt = $this->db->prepare(sprintf('DELETE FROM %s WHERE access_token = :access_token', $this->config['access_token_table']));
+
+		return $stmt->execute(compact('access_token'));
+	}
+
+	/* OAuth2\Storage\AuthorizationCodeInterface */
+	public function getAuthorizationCode($code)
+	{
+		$stmt = $this->db->prepare(sprintf('SELECT * from %s where authorization_code = :code', $this->config['code_table']));
+		$stmt->execute(compact('code'));
+
+		if ($code = $stmt->fetch(\PDO::FETCH_ASSOC)) {
+			// convert date string back to timestamp
+			$code['expires'] = strtotime($code['expires']);
+		}
+
+		return $code;
+	}
+
+	public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
+	{
+		if (func_num_args() > 6) {
+			// we are calling with an id token
+			return call_user_func_array(array($this, 'setAuthorizationCodeWithIdToken'), func_get_args());
+		}
+
+		// convert expires to datestring
+		$expires = date('Y-m-d H:i:s', $expires);
+
+		// if it exists, update it.
+		if ($this->getAuthorizationCode($code)) {
+			$stmt = $this->db->prepare($sql = sprintf('UPDATE %s SET client_id=:client_id, user_id=:user_id, redirect_uri=:redirect_uri, expires=:expires, scope=:scope where authorization_code=:code', $this->config['code_table']));
+		} else {
+			$stmt = $this->db->prepare(sprintf('INSERT INTO %s (authorization_code, client_id, user_id, redirect_uri, expires, scope) VALUES (:code, :client_id, :user_id, :redirect_uri, :expires, :scope)', $this->config['code_table']));
+		}
+
+		return $stmt->execute(compact('code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'scope'));
+	}
+
+	private function setAuthorizationCodeWithIdToken($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
+	{
+		// convert expires to datestring
+		$expires = date('Y-m-d H:i:s', $expires);
+
+		// if it exists, update it.
+		if ($this->getAuthorizationCode($code)) {
+			$stmt = $this->db->prepare($sql = sprintf('UPDATE %s SET client_id=:client_id, user_id=:user_id, redirect_uri=:redirect_uri, expires=:expires, scope=:scope, id_token =:id_token where authorization_code=:code', $this->config['code_table']));
+		} else {
+			$stmt = $this->db->prepare(sprintf('INSERT INTO %s (authorization_code, client_id, user_id, redirect_uri, expires, scope, id_token) VALUES (:code, :client_id, :user_id, :redirect_uri, :expires, :scope, :id_token)', $this->config['code_table']));
+		}
+
+		return $stmt->execute(compact('code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'scope', 'id_token'));
+	}
+
+	public function expireAuthorizationCode($code)
+	{
+		$stmt = $this->db->prepare(sprintf('DELETE FROM %s WHERE authorization_code = :code', $this->config['code_table']));
+
+		return $stmt->execute(compact('code'));
+	}
+
+	/* OAuth2\Storage\UserCredentialsInterface */
+	public function checkUserCredentials($username, $password)
+	{
+		if ($user = $this->getUser($username)) {
+			return $this->checkPassword($user, $password);
+		}
+
+		return false;
+	}
+
+	public function getUserDetails($username)
+	{
+		return $this->getUser($username);
+	}
+
+	/* UserClaimsInterface */
+	public function getUserClaims($user_id, $claims)
+	{
+		if (!$userDetails = $this->getUserDetails($user_id)) {
+			return false;
+		}
+
+		$claims = explode(' ', trim($claims));
+		$userClaims = array();
+
+		// for each requested claim, if the user has the claim, set it in the response
+		$validClaims = explode(' ', self::VALID_CLAIMS);
+		foreach ($validClaims as $validClaim) {
+			if (in_array($validClaim, $claims)) {
+				if ($validClaim == 'address') {
+					// address is an object with subfields
+					$userClaims['address'] = $this->getUserClaim($validClaim, $userDetails['address'] ?: $userDetails);
+				} else {
+					$userClaims = array_merge($userClaims, $this->getUserClaim($validClaim, $userDetails));
+				}
+			}
+		}
+
+		return $userClaims;
+	}
+
+	protected function getUserClaim($claim, $userDetails)
+	{
+		$userClaims = array();
+		$claimValuesString = constant(sprintf('self::%s_CLAIM_VALUES', strtoupper($claim)));
+		$claimValues = explode(' ', $claimValuesString);
+
+		foreach ($claimValues as $value) {
+			$userClaims[$value] = isset($userDetails[$value]) ? $userDetails[$value] : null;
+		}
+
+		return $userClaims;
+	}
+
+	/* OAuth2\Storage\RefreshTokenInterface */
+	public function getRefreshToken($refresh_token)
+	{
+		$stmt = $this->db->prepare(sprintf('SELECT * FROM %s WHERE refresh_token = :refresh_token', $this->config['refresh_token_table']));
+
+		$token = $stmt->execute(compact('refresh_token'));
+		if ($token = $stmt->fetch(\PDO::FETCH_ASSOC)) {
+			// convert expires to epoch time
+			$token['expires'] = strtotime($token['expires']);
+		}
+
+		return $token;
+	}
+
+	public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = null)
+	{
+		// convert expires to datestring
+		$expires = date('Y-m-d H:i:s', $expires);
+
+		$stmt = $this->db->prepare(sprintf('INSERT INTO %s (refresh_token, client_id, user_id, expires, scope) VALUES (:refresh_token, :client_id, :user_id, :expires, :scope)', $this->config['refresh_token_table']));
+
+		return $stmt->execute(compact('refresh_token', 'client_id', 'user_id', 'expires', 'scope'));
+	}
+
+	public function unsetRefreshToken($refresh_token)
+	{
+		$stmt = $this->db->prepare(sprintf('DELETE FROM %s WHERE refresh_token = :refresh_token', $this->config['refresh_token_table']));
+
+		return $stmt->execute(compact('refresh_token'));
+	}
+
+	// plaintext passwords are bad!  Override this for your application
+	protected function checkPassword($user, $password)
+	{
+		return $user['password'] == sha1($password);
+	}
+
+	public function getUser($username)
+	{
+		$stmt = $this->db->prepare($sql = sprintf('SELECT * from %s where username=:username', $this->config['user_table']));
+		$stmt->execute(array('username' => $username));
+
+		if (!$userInfo = $stmt->fetch(\PDO::FETCH_ASSOC)) {
+			return false;
+		}
+
+		// the default behavior is to use "username" as the user_id
+		return array_merge(array(
+			'user_id' => $username
+		), $userInfo);
+	}
+
+	public function setUser($username, $password, $firstName = null, $lastName = null)
+	{
+		// do not store in plaintext
+		$password = sha1($password);
+
+		// if it exists, update it.
+		if ($this->getUser($username)) {
+			$stmt = $this->db->prepare($sql = sprintf('UPDATE %s SET password=:password, first_name=:firstName, last_name=:lastName where username=:username', $this->config['user_table']));
+		} else {
+			$stmt = $this->db->prepare(sprintf('INSERT INTO %s (username, password, first_name, last_name) VALUES (:username, :password, :firstName, :lastName)', $this->config['user_table']));
+		}
+
+		return $stmt->execute(compact('username', 'password', 'firstName', 'lastName'));
+	}
+
+	/* ScopeInterface */
+	public function scopeExists($scope)
+	{
+		$scope = explode(' ', $scope);
+		$whereIn = implode(',', array_fill(0, count($scope), '?'));
+		$stmt = $this->db->prepare(sprintf('SELECT count(scope) as count FROM %s WHERE scope IN (%s)', $this->config['scope_table'], $whereIn));
+		$stmt->execute($scope);
+
+		if ($result = $stmt->fetch(\PDO::FETCH_ASSOC)) {
+			return $result['count'] == count($scope);
+		}
+
+		return false;
+	}
+
+	public function getDefaultScope($client_id = null)
+	{
+		$stmt = $this->db->prepare(sprintf('SELECT scope FROM %s WHERE is_default=:is_default', $this->config['scope_table']));
+		$stmt->execute(array('is_default' => true));
+
+		if ($result = $stmt->fetchAll(\PDO::FETCH_ASSOC)) {
+			$defaultScope = array_map(function ($row) {
+				return $row['scope'];
+			}, $result);
+
+			return implode(' ', $defaultScope);
+		}
+
+		return null;
+	}
+
+	/* JWTBearerInterface */
+	public function getClientKey($client_id, $subject)
+	{
+		$stmt = $this->db->prepare($sql = sprintf('SELECT public_key from %s where client_id=:client_id AND subject=:subject', $this->config['jwt_table']));
+
+		$stmt->execute(array('client_id' => $client_id, 'subject' => $subject));
+
+		return $stmt->fetchColumn();
+	}
+
+	public function getClientScope($client_id)
+	{
+		if (!$clientDetails = $this->getClientDetails($client_id)) {
+			return false;
+		}
+
+		if (isset($clientDetails['scope'])) {
+			return $clientDetails['scope'];
+		}
+
+		return null;
+	}
+
+	public function getJti($client_id, $subject, $audience, $expires, $jti)
+	{
+		$stmt = $this->db->prepare($sql = sprintf('SELECT * FROM %s WHERE issuer=:client_id AND subject=:subject AND audience=:audience AND expires=:expires AND jti=:jti', $this->config['jti_table']));
+
+		$stmt->execute(compact('client_id', 'subject', 'audience', 'expires', 'jti'));
+
+		if ($result = $stmt->fetch(\PDO::FETCH_ASSOC)) {
+			return array(
+				'issuer' => $result['issuer'],
+				'subject' => $result['subject'],
+				'audience' => $result['audience'],
+				'expires' => $result['expires'],
+				'jti' => $result['jti'],
+			);
+		}
+
+		return null;
+	}
+
+	public function setJti($client_id, $subject, $audience, $expires, $jti)
+	{
+		$stmt = $this->db->prepare(sprintf('INSERT INTO %s (issuer, subject, audience, expires, jti) VALUES (:client_id, :subject, :audience, :expires, :jti)', $this->config['jti_table']));
+
+		return $stmt->execute(compact('client_id', 'subject', 'audience', 'expires', 'jti'));
+	}
+
+	/* PublicKeyInterface */
+	public function getPublicKey($client_id = null)
+	{
+		$stmt = $this->db->prepare($sql = sprintf('SELECT public_key FROM %s WHERE client_id=:client_id OR client_id IS NULL ORDER BY client_id IS NOT NULL DESC', $this->config['public_key_table']));
+
+		$stmt->execute(compact('client_id'));
+		if ($result = $stmt->fetch(\PDO::FETCH_ASSOC)) {
+			return $result['public_key'];
+		}
+	}
+
+	public function getPrivateKey($client_id = null)
+	{
+		$stmt = $this->db->prepare($sql = sprintf('SELECT private_key FROM %s WHERE client_id=:client_id OR client_id IS NULL ORDER BY client_id IS NOT NULL DESC', $this->config['public_key_table']));
+
+		$stmt->execute(compact('client_id'));
+		if ($result = $stmt->fetch(\PDO::FETCH_ASSOC)) {
+			return $result['private_key'];
+		}
+	}
+
+	public function getEncryptionAlgorithm($client_id = null)
+	{
+		$stmt = $this->db->prepare($sql = sprintf('SELECT encryption_algorithm FROM %s WHERE client_id=:client_id OR client_id IS NULL ORDER BY client_id IS NOT NULL DESC', $this->config['public_key_table']));
+
+		$stmt->execute(compact('client_id'));
+		if ($result = $stmt->fetch(\PDO::FETCH_ASSOC)) {
+			return $result['encryption_algorithm'];
+		}
+
+		return 'RS256';
+	}
+
+	/**
+	 * DDL to create OAuth2 database and tables for PDO storage
+	 *
+	 * @see https://github.com/dsquier/oauth2-server-php-mysql
+	 */
+	public function getBuildSql($dbName = 'oauth2_server_php')
+	{
+		$sql = "
         CREATE TABLE {$this->config['client_table']} (
           client_id             VARCHAR(80)   NOT NULL,
           client_secret         VARCHAR(80)   NOT NULL,
@@ -538,6 +538,6 @@ 
         )
 ";
 
-        return $sql;
-    }
+		return $sql;
+	}
 }

Spacing +1 added lines, -1 removed lines

@@ -361,7 +361,7 @@
         $stmt->execute(array('is_default' => true));
 
         if ($result = $stmt->fetchAll(\PDO::FETCH_ASSOC)) {
-            $defaultScope = array_map(function ($row) {
+            $defaultScope = array_map(function($row) {
                 return $row['scope'];
             }, $result);
 

extensions/libraries/redcore/api/oauth2/Storage/UserCredentialsInterface.php

Indentation +37 added lines, -37 removed lines

@@ -11,42 +11,42 @@
  */
 interface UserCredentialsInterface
 {
-    /**
-     * Grant access tokens for basic user credentials.
-     *
-     * Check the supplied username and password for validity.
-     *
-     * You can also use the $client_id param to do any checks required based
-     * on a client, if you need that.
-     *
-     * Required for OAuth2::GRANT_TYPE_USER_CREDENTIALS.
-     *
-     * @param $username
-     * Username to be check with.
-     * @param $password
-     * Password to be check with.
-     *
-     * @return
-     * TRUE if the username and password are valid, and FALSE if it isn't.
-     * Moreover, if the username and password are valid, and you want to
-     *
-     * @see http://tools.ietf.org/html/rfc6749#section-4.3
-     *
-     * @ingroup oauth2_section_4
-     */
-    public function checkUserCredentials($username, $password);
+	/**
+	 * Grant access tokens for basic user credentials.
+	 *
+	 * Check the supplied username and password for validity.
+	 *
+	 * You can also use the $client_id param to do any checks required based
+	 * on a client, if you need that.
+	 *
+	 * Required for OAuth2::GRANT_TYPE_USER_CREDENTIALS.
+	 *
+	 * @param $username
+	 * Username to be check with.
+	 * @param $password
+	 * Password to be check with.
+	 *
+	 * @return
+	 * TRUE if the username and password are valid, and FALSE if it isn't.
+	 * Moreover, if the username and password are valid, and you want to
+	 *
+	 * @see http://tools.ietf.org/html/rfc6749#section-4.3
+	 *
+	 * @ingroup oauth2_section_4
+	 */
+	public function checkUserCredentials($username, $password);
 
-    /**
-     * @return
-     * ARRAY the associated "user_id" and optional "scope" values
-     * This function MUST return FALSE if the requested user does not exist or is
-     * invalid. "scope" is a space-separated list of restricted scopes.
-     * @code
-     * return array(
-     *     "user_id"  => USER_ID,    // REQUIRED user_id to be stored with the authorization code or access token
-     *     "scope"    => SCOPE       // OPTIONAL space-separated list of restricted scopes
-     * );
-     * @endcode
-     */
-    public function getUserDetails($username);
+	/**
+	 * @return
+	 * ARRAY the associated "user_id" and optional "scope" values
+	 * This function MUST return FALSE if the requested user does not exist or is
+	 * invalid. "scope" is a space-separated list of restricted scopes.
+	 * @code
+	 * return array(
+	 *     "user_id"  => USER_ID,    // REQUIRED user_id to be stored with the authorization code or access token
+	 *     "scope"    => SCOPE       // OPTIONAL space-separated list of restricted scopes
+	 * );
+	 * @endcode
+	 */
+	public function getUserDetails($username);
 }

extensions/libraries/redcore/api/oauth2/Storage/PublicKeyInterface.php

Indentation +3 added lines, -3 removed lines

@@ -10,7 +10,7 @@
  */
 interface PublicKeyInterface
 {
-    public function getPublicKey($client_id = null);
-    public function getPrivateKey($client_id = null);
-    public function getEncryptionAlgorithm($client_id = null);
+	public function getPublicKey($client_id = null);
+	public function getPrivateKey($client_id = null);
+	public function getEncryptionAlgorithm($client_id = null);
 }

extensions/libraries/redcore/api/oauth2/Storage/JwtAccessToken.php

Indentation +63 added lines, -63 removed lines

@@ -11,78 +11,78 @@
  */
 class JwtAccessToken implements JwtAccessTokenInterface
 {
-    protected $publicKeyStorage;
-    protected $tokenStorage;
-    protected $encryptionUtil;
+	protected $publicKeyStorage;
+	protected $tokenStorage;
+	protected $encryptionUtil;
 
-    /**
-     * @param OAuth2\Encryption\PublicKeyInterface  $publicKeyStorage the public key encryption to use
-     * @param OAuth2\Storage\AccessTokenInterface   $tokenStorage     OPTIONAL persist the access token to another storage. This is useful if
-     *                                                                you want to retain access token grant information somewhere, but
-     *                                                                is not necessary when using this grant type.
-     * @param OAuth2\Encryption\EncryptionInterface $encryptionUtil   OPTIONAL class to use for "encode" and "decode" functions.
-     */
-    public function __construct(PublicKeyInterface $publicKeyStorage, AccessTokenInterface $tokenStorage = null, EncryptionInterface $encryptionUtil = null)
-    {
-        $this->publicKeyStorage = $publicKeyStorage;
-        $this->tokenStorage = $tokenStorage;
-        if (is_null($encryptionUtil)) {
-            $encryptionUtil = new Jwt;
-        }
-        $this->encryptionUtil = $encryptionUtil;
-    }
+	/**
+	 * @param OAuth2\Encryption\PublicKeyInterface  $publicKeyStorage the public key encryption to use
+	 * @param OAuth2\Storage\AccessTokenInterface   $tokenStorage     OPTIONAL persist the access token to another storage. This is useful if
+	 *                                                                you want to retain access token grant information somewhere, but
+	 *                                                                is not necessary when using this grant type.
+	 * @param OAuth2\Encryption\EncryptionInterface $encryptionUtil   OPTIONAL class to use for "encode" and "decode" functions.
+	 */
+	public function __construct(PublicKeyInterface $publicKeyStorage, AccessTokenInterface $tokenStorage = null, EncryptionInterface $encryptionUtil = null)
+	{
+		$this->publicKeyStorage = $publicKeyStorage;
+		$this->tokenStorage = $tokenStorage;
+		if (is_null($encryptionUtil)) {
+			$encryptionUtil = new Jwt;
+		}
+		$this->encryptionUtil = $encryptionUtil;
+	}
 
-    public function getAccessToken($oauth_token)
-    {
-        // just decode the token, don't verify
-        if (!$tokenData = $this->encryptionUtil->decode($oauth_token, null, false)) {
-            return false;
-        }
+	public function getAccessToken($oauth_token)
+	{
+		// just decode the token, don't verify
+		if (!$tokenData = $this->encryptionUtil->decode($oauth_token, null, false)) {
+			return false;
+		}
 
-        $client_id  = isset($tokenData['aud']) ? $tokenData['aud'] : null;
-        $public_key = $this->publicKeyStorage->getPublicKey($client_id);
-        $algorithm  = $this->publicKeyStorage->getEncryptionAlgorithm($client_id);
+		$client_id  = isset($tokenData['aud']) ? $tokenData['aud'] : null;
+		$public_key = $this->publicKeyStorage->getPublicKey($client_id);
+		$algorithm  = $this->publicKeyStorage->getEncryptionAlgorithm($client_id);
 
-        // now that we have the client_id, verify the token
-        if (false === $this->encryptionUtil->decode($oauth_token, $public_key, array($algorithm))) {
-            return false;
-        }
+		// now that we have the client_id, verify the token
+		if (false === $this->encryptionUtil->decode($oauth_token, $public_key, array($algorithm))) {
+			return false;
+		}
 
-        // normalize the JWT claims to the format expected by other components in this library
-        return $this->convertJwtToOAuth2($tokenData);
-    }
+		// normalize the JWT claims to the format expected by other components in this library
+		return $this->convertJwtToOAuth2($tokenData);
+	}
 
-    public function setAccessToken($oauth_token, $client_id, $user_id, $expires, $scope = null)
-    {
-        if ($this->tokenStorage) {
-            return $this->tokenStorage->setAccessToken($oauth_token, $client_id, $user_id, $expires, $scope);
-        }
-    }
+	public function setAccessToken($oauth_token, $client_id, $user_id, $expires, $scope = null)
+	{
+		if ($this->tokenStorage) {
+			return $this->tokenStorage->setAccessToken($oauth_token, $client_id, $user_id, $expires, $scope);
+		}
+	}
 
-    public function unsetAccessToken($access_token)
-    {
-        if ($this->tokenStorage) {
-            return $this->tokenStorage->unsetAccessToken($access_token);
-        }
-    }
+	public function unsetAccessToken($access_token)
+	{
+		if ($this->tokenStorage) {
+			return $this->tokenStorage->unsetAccessToken($access_token);
+		}
+	}
 
 
-    // converts a JWT access token into an OAuth2-friendly format
-    protected function convertJwtToOAuth2($tokenData)
-    {
-        $keyMapping = array(
-            'aud' => 'client_id',
-            'exp' => 'expires',
-            'sub' => 'user_id'
-        );
+	// converts a JWT access token into an OAuth2-friendly format
+	protected function convertJwtToOAuth2($tokenData)
+	{
+		$keyMapping = array(
+			'aud' => 'client_id',
+			'exp' => 'expires',
+			'sub' => 'user_id'
+		);
 
-        foreach ($keyMapping as $jwtKey => $oauth2Key) {
-            if (isset($tokenData[$jwtKey])) {
-                $tokenData[$oauth2Key] = $tokenData[$jwtKey];
-                unset($tokenData[$jwtKey]);
-            }
-        }
+		foreach ($keyMapping as $jwtKey => $oauth2Key) {
+			if (isset($tokenData[$jwtKey])) {
+				$tokenData[$oauth2Key] = $tokenData[$jwtKey];
+				unset($tokenData[$jwtKey]);
+			}
+		}
 
-        return $tokenData;
-    }
+		return $tokenData;
+	}
 }

extensions/libraries/redcore/api/oauth2/Storage/AuthorizationCodeInterface.php

Indentation +69 added lines, -69 removed lines

@@ -11,76 +11,76 @@
  */
 interface AuthorizationCodeInterface
 {
-    /**
-     * The Authorization Code grant type supports a response type of "code".
-     *
-     * @var string
-     * @see http://tools.ietf.org/html/rfc6749#section-1.4.1
-     * @see http://tools.ietf.org/html/rfc6749#section-4.2
-     */
-    const RESPONSE_TYPE_CODE = "code";
+	/**
+	 * The Authorization Code grant type supports a response type of "code".
+	 *
+	 * @var string
+	 * @see http://tools.ietf.org/html/rfc6749#section-1.4.1
+	 * @see http://tools.ietf.org/html/rfc6749#section-4.2
+	 */
+	const RESPONSE_TYPE_CODE = "code";
 
-    /**
-     * Fetch authorization code data (probably the most common grant type).
-     *
-     * Retrieve the stored data for the given authorization code.
-     *
-     * Required for OAuth2::GRANT_TYPE_AUTH_CODE.
-     *
-     * @param $code
-     * Authorization code to be check with.
-     *
-     * @return
-     * An associative array as below, and NULL if the code is invalid
-     * @code
-     * return array(
-     *     "client_id"    => CLIENT_ID,      // REQUIRED Stored client identifier
-     *     "user_id"      => USER_ID,        // REQUIRED Stored user identifier
-     *     "expires"      => EXPIRES,        // REQUIRED Stored expiration in unix timestamp
-     *     "redirect_uri" => REDIRECT_URI,   // REQUIRED Stored redirect URI
-     *     "scope"        => SCOPE,          // OPTIONAL Stored scope values in space-separated string
-     * );
-     * @endcode
-     *
-     * @see http://tools.ietf.org/html/rfc6749#section-4.1
-     *
-     * @ingroup oauth2_section_4
-     */
-    public function getAuthorizationCode($code);
+	/**
+	 * Fetch authorization code data (probably the most common grant type).
+	 *
+	 * Retrieve the stored data for the given authorization code.
+	 *
+	 * Required for OAuth2::GRANT_TYPE_AUTH_CODE.
+	 *
+	 * @param $code
+	 * Authorization code to be check with.
+	 *
+	 * @return
+	 * An associative array as below, and NULL if the code is invalid
+	 * @code
+	 * return array(
+	 *     "client_id"    => CLIENT_ID,      // REQUIRED Stored client identifier
+	 *     "user_id"      => USER_ID,        // REQUIRED Stored user identifier
+	 *     "expires"      => EXPIRES,        // REQUIRED Stored expiration in unix timestamp
+	 *     "redirect_uri" => REDIRECT_URI,   // REQUIRED Stored redirect URI
+	 *     "scope"        => SCOPE,          // OPTIONAL Stored scope values in space-separated string
+	 * );
+	 * @endcode
+	 *
+	 * @see http://tools.ietf.org/html/rfc6749#section-4.1
+	 *
+	 * @ingroup oauth2_section_4
+	 */
+	public function getAuthorizationCode($code);
 
-    /**
-     * Take the provided authorization code values and store them somewhere.
-     *
-     * This function should be the storage counterpart to getAuthCode().
-     *
-     * If storage fails for some reason, we're not currently checking for
-     * any sort of success/failure, so you should bail out of the script
-     * and provide a descriptive fail message.
-     *
-     * Required for OAuth2::GRANT_TYPE_AUTH_CODE.
-     *
-     * @param string $code         Authorization code to be stored.
-     * @param mixed  $client_id    Client identifier to be stored.
-     * @param mixed  $user_id      User identifier to be stored.
-     * @param string $redirect_uri Redirect URI(s) to be stored in a space-separated string.
-     * @param int    $expires      Expiration to be stored as a Unix timestamp.
-     * @param string $scope        OPTIONAL Scopes to be stored in space-separated string.
-     *
-     * @ingroup oauth2_section_4
-     */
-    public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null);
+	/**
+	 * Take the provided authorization code values and store them somewhere.
+	 *
+	 * This function should be the storage counterpart to getAuthCode().
+	 *
+	 * If storage fails for some reason, we're not currently checking for
+	 * any sort of success/failure, so you should bail out of the script
+	 * and provide a descriptive fail message.
+	 *
+	 * Required for OAuth2::GRANT_TYPE_AUTH_CODE.
+	 *
+	 * @param string $code         Authorization code to be stored.
+	 * @param mixed  $client_id    Client identifier to be stored.
+	 * @param mixed  $user_id      User identifier to be stored.
+	 * @param string $redirect_uri Redirect URI(s) to be stored in a space-separated string.
+	 * @param int    $expires      Expiration to be stored as a Unix timestamp.
+	 * @param string $scope        OPTIONAL Scopes to be stored in space-separated string.
+	 *
+	 * @ingroup oauth2_section_4
+	 */
+	public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null);
 
-    /**
-     * once an Authorization Code is used, it must be exipired
-     *
-     * @see http://tools.ietf.org/html/rfc6749#section-4.1.2
-     *
-     *    The client MUST NOT use the authorization code
-     *    more than once.  If an authorization code is used more than
-     *    once, the authorization server MUST deny the request and SHOULD
-     *    revoke (when possible) all tokens previously issued based on
-     *    that authorization code
-     *
-     */
-    public function expireAuthorizationCode($code);
+	/**
+	 * once an Authorization Code is used, it must be exipired
+	 *
+	 * @see http://tools.ietf.org/html/rfc6749#section-4.1.2
+	 *
+	 *    The client MUST NOT use the authorization code
+	 *    more than once.  If an authorization code is used more than
+	 *    once, the authorization server MUST deny the request and SHOULD
+	 *    revoke (when possible) all tokens previously issued based on
+	 *    that authorization code
+	 *
+	 */
+	public function expireAuthorizationCode($code);
 }

extensions/libraries/redcore/api/oauth2/Storage/Mongo.php

Indentation +312 added lines, -312 removed lines

@@ -17,317 +17,317 @@
  * @author Julien Chaumond <chaumond@gmail.com>
  */
 class Mongo implements AuthorizationCodeInterface,
-    AccessTokenInterface,
-    ClientCredentialsInterface,
-    UserCredentialsInterface,
-    RefreshTokenInterface,
-    JwtBearerInterface,
-    OpenIDAuthorizationCodeInterface
+	AccessTokenInterface,
+	ClientCredentialsInterface,
+	UserCredentialsInterface,
+	RefreshTokenInterface,
+	JwtBearerInterface,
+	OpenIDAuthorizationCodeInterface
 {
-    protected $db;
-    protected $config;
-
-    public function __construct($connection, $config = array())
-    {
-        if ($connection instanceof \MongoDB) {
-            $this->db = $connection;
-        } else {
-            if (!is_array($connection)) {
-                throw new \InvalidArgumentException('First argument to OAuth2\Storage\Mongo must be an instance of MongoDB or a configuration array');
-            }
-            $server = sprintf('mongodb://%s:%d', $connection['host'], $connection['port']);
-            $m = new \MongoClient($server);
-            $this->db = $m->{$connection['database']};
-        }
-
-        $this->config = array_merge(array(
-            'client_table' => 'oauth_clients',
-            'access_token_table' => 'oauth_access_tokens',
-            'refresh_token_table' => 'oauth_refresh_tokens',
-            'code_table' => 'oauth_authorization_codes',
-            'user_table' => 'oauth_users',
-            'jwt_table' => 'oauth_jwt',
-        ), $config);
-    }
-
-    // Helper function to access a MongoDB collection by `type`:
-    protected function collection($name)
-    {
-        return $this->db->{$this->config[$name]};
-    }
-
-    /* ClientCredentialsInterface */
-    public function checkClientCredentials($client_id, $client_secret = null)
-    {
-        if ($result = $this->collection('client_table')->findOne(array('client_id' => $client_id))) {
-            return $result['client_secret'] == $client_secret;
-        }
-
-        return false;
-    }
-
-    public function isPublicClient($client_id)
-    {
-        if (!$result = $this->collection('client_table')->findOne(array('client_id' => $client_id))) {
-            return false;
-        }
-
-        return empty($result['client_secret']);
-    }
-
-    /* ClientInterface */
-    public function getClientDetails($client_id)
-    {
-        $result = $this->collection('client_table')->findOne(array('client_id' => $client_id));
-
-        return is_null($result) ? false : $result;
-    }
-
-    public function setClientDetails($client_id, $client_secret = null, $redirect_uri = null, $grant_types = null, $scope = null, $user_id = null)
-    {
-        if ($this->getClientDetails($client_id)) {
-            $this->collection('client_table')->update(
-                array('client_id' => $client_id),
-                array('$set' => array(
-                    'client_secret' => $client_secret,
-                    'redirect_uri'  => $redirect_uri,
-                    'grant_types'   => $grant_types,
-                    'scope'         => $scope,
-                    'user_id'       => $user_id,
-                ))
-            );
-        } else {
-            $client = array(
-                'client_id'     => $client_id,
-                'client_secret' => $client_secret,
-                'redirect_uri'  => $redirect_uri,
-                'grant_types'   => $grant_types,
-                'scope'         => $scope,
-                'user_id'       => $user_id,
-            );
-            $this->collection('client_table')->insert($client);
-        }
-
-        return true;
-    }
-
-    public function checkRestrictedGrantType($client_id, $grant_type)
-    {
-        $details = $this->getClientDetails($client_id);
-        if (isset($details['grant_types'])) {
-            $grant_types = explode(' ', $details['grant_types']);
-
-            return in_array($grant_type, $grant_types);
-        }
-
-        // if grant_types are not defined, then none are restricted
-        return true;
-    }
-
-    /* AccessTokenInterface */
-    public function getAccessToken($access_token)
-    {
-        $token = $this->collection('access_token_table')->findOne(array('access_token' => $access_token));
-
-        return is_null($token) ? false : $token;
-    }
-
-    public function setAccessToken($access_token, $client_id, $user_id, $expires, $scope = null)
-    {
-        // if it exists, update it.
-        if ($this->getAccessToken($access_token)) {
-            $this->collection('access_token_table')->update(
-                array('access_token' => $access_token),
-                array('$set' => array(
-                    'client_id' => $client_id,
-                    'expires' => $expires,
-                    'user_id' => $user_id,
-                    'scope' => $scope
-                ))
-            );
-        } else {
-            $token = array(
-                'access_token' => $access_token,
-                'client_id' => $client_id,
-                'expires' => $expires,
-                'user_id' => $user_id,
-                'scope' => $scope
-            );
-            $this->collection('access_token_table')->insert($token);
-        }
-
-        return true;
-    }
-
-    public function unsetAccessToken($access_token)
-    {
-        $this->collection('access_token_table')->remove(array('access_token' => $access_token));
-    }
-
-
-    /* AuthorizationCodeInterface */
-    public function getAuthorizationCode($code)
-    {
-        $code = $this->collection('code_table')->findOne(array('authorization_code' => $code));
-
-        return is_null($code) ? false : $code;
-    }
-
-    public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
-    {
-        // if it exists, update it.
-        if ($this->getAuthorizationCode($code)) {
-            $this->collection('code_table')->update(
-                array('authorization_code' => $code),
-                array('$set' => array(
-                    'client_id' => $client_id,
-                    'user_id' => $user_id,
-                    'redirect_uri' => $redirect_uri,
-                    'expires' => $expires,
-                    'scope' => $scope,
-                    'id_token' => $id_token,
-                ))
-            );
-        } else {
-            $token = array(
-                'authorization_code' => $code,
-                'client_id' => $client_id,
-                'user_id' => $user_id,
-                'redirect_uri' => $redirect_uri,
-                'expires' => $expires,
-                'scope' => $scope,
-                'id_token' => $id_token,
-            );
-            $this->collection('code_table')->insert($token);
-        }
-
-        return true;
-    }
-
-    public function expireAuthorizationCode($code)
-    {
-        $this->collection('code_table')->remove(array('authorization_code' => $code));
-
-        return true;
-    }
-
-    /* UserCredentialsInterface */
-    public function checkUserCredentials($username, $password)
-    {
-        if ($user = $this->getUser($username)) {
-            return $this->checkPassword($user, $password);
-        }
-
-        return false;
-    }
-
-    public function getUserDetails($username)
-    {
-        if ($user = $this->getUser($username)) {
-            $user['user_id'] = $user['username'];
-        }
-
-        return $user;
-    }
-
-    /* RefreshTokenInterface */
-    public function getRefreshToken($refresh_token)
-    {
-        $token = $this->collection('refresh_token_table')->findOne(array('refresh_token' => $refresh_token));
-
-        return is_null($token) ? false : $token;
-    }
-
-    public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = null)
-    {
-        $token = array(
-            'refresh_token' => $refresh_token,
-            'client_id' => $client_id,
-            'user_id' => $user_id,
-            'expires' => $expires,
-            'scope' => $scope
-        );
-        $this->collection('refresh_token_table')->insert($token);
-
-        return true;
-    }
-
-    public function unsetRefreshToken($refresh_token)
-    {
-        $this->collection('refresh_token_table')->remove(array('refresh_token' => $refresh_token));
-
-        return true;
-    }
-
-    // plaintext passwords are bad!  Override this for your application
-    protected function checkPassword($user, $password)
-    {
-        return $user['password'] == $password;
-    }
-
-    public function getUser($username)
-    {
-        $result = $this->collection('user_table')->findOne(array('username' => $username));
-
-        return is_null($result) ? false : $result;
-    }
-
-    public function setUser($username, $password, $firstName = null, $lastName = null)
-    {
-        if ($this->getUser($username)) {
-            $this->collection('user_table')->update(
-                array('username' => $username),
-                array('$set' => array(
-                    'password' => $password,
-                    'first_name' => $firstName,
-                    'last_name' => $lastName
-                ))
-            );
-        } else {
-            $user = array(
-                'username' => $username,
-                'password' => $password,
-                'first_name' => $firstName,
-                'last_name' => $lastName
-            );
-            $this->collection('user_table')->insert($user);
-        }
-
-        return true;
-    }
-
-    public function getClientKey($client_id, $subject)
-    {
-        $result = $this->collection('jwt_table')->findOne(array(
-            'client_id' => $client_id,
-            'subject' => $subject
-        ));
-
-        return is_null($result) ? false : $result['key'];
-    }
-
-    public function getClientScope($client_id)
-    {
-        if (!$clientDetails = $this->getClientDetails($client_id)) {
-            return false;
-        }
-
-        if (isset($clientDetails['scope'])) {
-            return $clientDetails['scope'];
-        }
-
-        return null;
-    }
-
-    public function getJti($client_id, $subject, $audience, $expiration, $jti)
-    {
-        //TODO: Needs mongodb implementation.
-        throw new \Exception('getJti() for the MongoDB driver is currently unimplemented.');
-    }
-
-    public function setJti($client_id, $subject, $audience, $expiration, $jti)
-    {
-        //TODO: Needs mongodb implementation.
-        throw new \Exception('setJti() for the MongoDB driver is currently unimplemented.');
-    }
+	protected $db;
+	protected $config;
+
+	public function __construct($connection, $config = array())
+	{
+		if ($connection instanceof \MongoDB) {
+			$this->db = $connection;
+		} else {
+			if (!is_array($connection)) {
+				throw new \InvalidArgumentException('First argument to OAuth2\Storage\Mongo must be an instance of MongoDB or a configuration array');
+			}
+			$server = sprintf('mongodb://%s:%d', $connection['host'], $connection['port']);
+			$m = new \MongoClient($server);
+			$this->db = $m->{$connection['database']};
+		}
+
+		$this->config = array_merge(array(
+			'client_table' => 'oauth_clients',
+			'access_token_table' => 'oauth_access_tokens',
+			'refresh_token_table' => 'oauth_refresh_tokens',
+			'code_table' => 'oauth_authorization_codes',
+			'user_table' => 'oauth_users',
+			'jwt_table' => 'oauth_jwt',
+		), $config);
+	}
+
+	// Helper function to access a MongoDB collection by `type`:
+	protected function collection($name)
+	{
+		return $this->db->{$this->config[$name]};
+	}
+
+	/* ClientCredentialsInterface */
+	public function checkClientCredentials($client_id, $client_secret = null)
+	{
+		if ($result = $this->collection('client_table')->findOne(array('client_id' => $client_id))) {
+			return $result['client_secret'] == $client_secret;
+		}
+
+		return false;
+	}
+
+	public function isPublicClient($client_id)
+	{
+		if (!$result = $this->collection('client_table')->findOne(array('client_id' => $client_id))) {
+			return false;
+		}
+
+		return empty($result['client_secret']);
+	}
+
+	/* ClientInterface */
+	public function getClientDetails($client_id)
+	{
+		$result = $this->collection('client_table')->findOne(array('client_id' => $client_id));
+
+		return is_null($result) ? false : $result;
+	}
+
+	public function setClientDetails($client_id, $client_secret = null, $redirect_uri = null, $grant_types = null, $scope = null, $user_id = null)
+	{
+		if ($this->getClientDetails($client_id)) {
+			$this->collection('client_table')->update(
+				array('client_id' => $client_id),
+				array('$set' => array(
+					'client_secret' => $client_secret,
+					'redirect_uri'  => $redirect_uri,
+					'grant_types'   => $grant_types,
+					'scope'         => $scope,
+					'user_id'       => $user_id,
+				))
+			);
+		} else {
+			$client = array(
+				'client_id'     => $client_id,
+				'client_secret' => $client_secret,
+				'redirect_uri'  => $redirect_uri,
+				'grant_types'   => $grant_types,
+				'scope'         => $scope,
+				'user_id'       => $user_id,
+			);
+			$this->collection('client_table')->insert($client);
+		}
+
+		return true;
+	}
+
+	public function checkRestrictedGrantType($client_id, $grant_type)
+	{
+		$details = $this->getClientDetails($client_id);
+		if (isset($details['grant_types'])) {
+			$grant_types = explode(' ', $details['grant_types']);
+
+			return in_array($grant_type, $grant_types);
+		}
+
+		// if grant_types are not defined, then none are restricted
+		return true;
+	}
+
+	/* AccessTokenInterface */
+	public function getAccessToken($access_token)
+	{
+		$token = $this->collection('access_token_table')->findOne(array('access_token' => $access_token));
+
+		return is_null($token) ? false : $token;
+	}
+
+	public function setAccessToken($access_token, $client_id, $user_id, $expires, $scope = null)
+	{
+		// if it exists, update it.
+		if ($this->getAccessToken($access_token)) {
+			$this->collection('access_token_table')->update(
+				array('access_token' => $access_token),
+				array('$set' => array(
+					'client_id' => $client_id,
+					'expires' => $expires,
+					'user_id' => $user_id,
+					'scope' => $scope
+				))
+			);
+		} else {
+			$token = array(
+				'access_token' => $access_token,
+				'client_id' => $client_id,
+				'expires' => $expires,
+				'user_id' => $user_id,
+				'scope' => $scope
+			);
+			$this->collection('access_token_table')->insert($token);
+		}
+
+		return true;
+	}
+
+	public function unsetAccessToken($access_token)
+	{
+		$this->collection('access_token_table')->remove(array('access_token' => $access_token));
+	}
+
+
+	/* AuthorizationCodeInterface */
+	public function getAuthorizationCode($code)
+	{
+		$code = $this->collection('code_table')->findOne(array('authorization_code' => $code));
+
+		return is_null($code) ? false : $code;
+	}
+
+	public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
+	{
+		// if it exists, update it.
+		if ($this->getAuthorizationCode($code)) {
+			$this->collection('code_table')->update(
+				array('authorization_code' => $code),
+				array('$set' => array(
+					'client_id' => $client_id,
+					'user_id' => $user_id,
+					'redirect_uri' => $redirect_uri,
+					'expires' => $expires,
+					'scope' => $scope,
+					'id_token' => $id_token,
+				))
+			);
+		} else {
+			$token = array(
+				'authorization_code' => $code,
+				'client_id' => $client_id,
+				'user_id' => $user_id,
+				'redirect_uri' => $redirect_uri,
+				'expires' => $expires,
+				'scope' => $scope,
+				'id_token' => $id_token,
+			);
+			$this->collection('code_table')->insert($token);
+		}
+
+		return true;
+	}
+
+	public function expireAuthorizationCode($code)
+	{
+		$this->collection('code_table')->remove(array('authorization_code' => $code));
+
+		return true;
+	}
+
+	/* UserCredentialsInterface */
+	public function checkUserCredentials($username, $password)
+	{
+		if ($user = $this->getUser($username)) {
+			return $this->checkPassword($user, $password);
+		}
+
+		return false;
+	}
+
+	public function getUserDetails($username)
+	{
+		if ($user = $this->getUser($username)) {
+			$user['user_id'] = $user['username'];
+		}
+
+		return $user;
+	}
+
+	/* RefreshTokenInterface */
+	public function getRefreshToken($refresh_token)
+	{
+		$token = $this->collection('refresh_token_table')->findOne(array('refresh_token' => $refresh_token));
+
+		return is_null($token) ? false : $token;
+	}
+
+	public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = null)
+	{
+		$token = array(
+			'refresh_token' => $refresh_token,
+			'client_id' => $client_id,
+			'user_id' => $user_id,
+			'expires' => $expires,
+			'scope' => $scope
+		);
+		$this->collection('refresh_token_table')->insert($token);
+
+		return true;
+	}
+
+	public function unsetRefreshToken($refresh_token)
+	{
+		$this->collection('refresh_token_table')->remove(array('refresh_token' => $refresh_token));
+
+		return true;
+	}
+
+	// plaintext passwords are bad!  Override this for your application
+	protected function checkPassword($user, $password)
+	{
+		return $user['password'] == $password;
+	}
+
+	public function getUser($username)
+	{
+		$result = $this->collection('user_table')->findOne(array('username' => $username));
+
+		return is_null($result) ? false : $result;
+	}
+
+	public function setUser($username, $password, $firstName = null, $lastName = null)
+	{
+		if ($this->getUser($username)) {
+			$this->collection('user_table')->update(
+				array('username' => $username),
+				array('$set' => array(
+					'password' => $password,
+					'first_name' => $firstName,
+					'last_name' => $lastName
+				))
+			);
+		} else {
+			$user = array(
+				'username' => $username,
+				'password' => $password,
+				'first_name' => $firstName,
+				'last_name' => $lastName
+			);
+			$this->collection('user_table')->insert($user);
+		}
+
+		return true;
+	}
+
+	public function getClientKey($client_id, $subject)
+	{
+		$result = $this->collection('jwt_table')->findOne(array(
+			'client_id' => $client_id,
+			'subject' => $subject
+		));
+
+		return is_null($result) ? false : $result['key'];
+	}
+
+	public function getClientScope($client_id)
+	{
+		if (!$clientDetails = $this->getClientDetails($client_id)) {
+			return false;
+		}
+
+		if (isset($clientDetails['scope'])) {
+			return $clientDetails['scope'];
+		}
+
+		return null;
+	}
+
+	public function getJti($client_id, $subject, $audience, $expiration, $jti)
+	{
+		//TODO: Needs mongodb implementation.
+		throw new \Exception('getJti() for the MongoDB driver is currently unimplemented.');
+	}
+
+	public function setJti($client_id, $subject, $audience, $expiration, $jti)
+	{
+		//TODO: Needs mongodb implementation.
+		throw new \Exception('setJti() for the MongoDB driver is currently unimplemented.');
+	}
 }

extensions/libraries/redcore/api/oauth2/Storage/ScopeInterface.php

Indentation +31 added lines, -31 removed lines

@@ -11,36 +11,36 @@
  */
 interface ScopeInterface
 {
-    /**
-     * Check if the provided scope exists.
-     *
-     * @param $scope
-     * A space-separated string of scopes.
-     *
-     * @return
-     * TRUE if it exists, FALSE otherwise.
-     */
-    public function scopeExists($scope);
+	/**
+	 * Check if the provided scope exists.
+	 *
+	 * @param $scope
+	 * A space-separated string of scopes.
+	 *
+	 * @return
+	 * TRUE if it exists, FALSE otherwise.
+	 */
+	public function scopeExists($scope);
 
-    /**
-     * The default scope to use in the event the client
-     * does not request one. By returning "false", a
-     * request_error is returned by the server to force a
-     * scope request by the client. By returning "null",
-     * opt out of requiring scopes
-     *
-     * @param $client_id
-     * An optional client id that can be used to return customized default scopes.
-     *
-     * @return
-     * string representation of default scope, null if
-     * scopes are not defined, or false to force scope
-     * request by the client
-     *
-     * ex:
-     *     'default'
-     * ex:
-     *     null
-     */
-    public function getDefaultScope($client_id = null);
+	/**
+	 * The default scope to use in the event the client
+	 * does not request one. By returning "false", a
+	 * request_error is returned by the server to force a
+	 * scope request by the client. By returning "null",
+	 * opt out of requiring scopes
+	 *
+	 * @param $client_id
+	 * An optional client id that can be used to return customized default scopes.
+	 *
+	 * @return
+	 * string representation of default scope, null if
+	 * scopes are not defined, or false to force scope
+	 * request by the client
+	 *
+	 * ex:
+	 *     'default'
+	 * ex:
+	 *     null
+	 */
+	public function getDefaultScope($client_id = null);
 }

extensions/libraries/redcore/api/oauth2/Storage/CouchbaseDB.php

Indentation +312 added lines, -312 removed lines

@@ -15,317 +15,317 @@
  * @author Tom Park <tom@raucter.com>
  */
 class CouchbaseDB implements AuthorizationCodeInterface,
-    AccessTokenInterface,
-    ClientCredentialsInterface,
-    UserCredentialsInterface,
-    RefreshTokenInterface,
-    JwtBearerInterface,
-    OpenIDAuthorizationCodeInterface
+	AccessTokenInterface,
+	ClientCredentialsInterface,
+	UserCredentialsInterface,
+	RefreshTokenInterface,
+	JwtBearerInterface,
+	OpenIDAuthorizationCodeInterface
 {
-    protected $db;
-    protected $config;
-
-    public function __construct($connection, $config = array())
-    {
-        if ($connection instanceof \Couchbase) {
-            $this->db = $connection;
-        } else {
-            if (!is_array($connection) || !is_array($connection['servers'])) {
-                throw new \InvalidArgumentException('First argument to OAuth2\Storage\CouchbaseDB must be an instance of Couchbase or a configuration array containing a server array');
-            }
-
-            $this->db = new \Couchbase($connection['servers'], (!isset($connection['username'])) ? '' : $connection['username'], (!isset($connection['password'])) ? '' : $connection['password'], $connection['bucket'], false);
-        }
-
-        $this->config = array_merge(array(
-            'client_table' => 'oauth_clients',
-            'access_token_table' => 'oauth_access_tokens',
-            'refresh_token_table' => 'oauth_refresh_tokens',
-            'code_table' => 'oauth_authorization_codes',
-            'user_table' => 'oauth_users',
-            'jwt_table' => 'oauth_jwt',
-        ), $config);
-    }
-
-    // Helper function to access couchbase item by type:
-    protected function getObjectByType($name,$id)
-    {
-        return json_decode($this->db->get($this->config[$name].'-'.$id),true);
-    }
-
-    // Helper function to set couchbase item by type:
-    protected function setObjectByType($name,$id,$array)
-    {
-        $array['type'] = $name;
-
-        return $this->db->set($this->config[$name].'-'.$id,json_encode($array));
-    }
-
-    // Helper function to delete couchbase item by type, wait for persist to at least 1 node
-    protected function deleteObjectByType($name,$id)
-    {
-        $this->db->delete($this->config[$name].'-'.$id,"",1);
-    }
-
-    /* ClientCredentialsInterface */
-    public function checkClientCredentials($client_id, $client_secret = null)
-    {
-        if ($result = $this->getObjectByType('client_table',$client_id)) {
-            return $result['client_secret'] == $client_secret;
-        }
-
-        return false;
-    }
-
-    public function isPublicClient($client_id)
-    {
-        if (!$result = $this->getObjectByType('client_table',$client_id)) {
-            return false;
-        }
-
-        return empty($result['client_secret']);
-    }
-
-    /* ClientInterface */
-    public function getClientDetails($client_id)
-    {
-        $result = $this->getObjectByType('client_table',$client_id);
-
-        return is_null($result) ? false : $result;
-    }
-
-    public function setClientDetails($client_id, $client_secret = null, $redirect_uri = null, $grant_types = null, $scope = null, $user_id = null)
-    {
-        if ($this->getClientDetails($client_id)) {
-
-            $this->setObjectByType('client_table',$client_id, array(
-                'client_id'     => $client_id,
-                'client_secret' => $client_secret,
-                'redirect_uri'  => $redirect_uri,
-                'grant_types'   => $grant_types,
-                'scope'         => $scope,
-                'user_id'       => $user_id,
-            ));
-        } else {
-            $this->setObjectByType('client_table',$client_id, array(
-                'client_id'     => $client_id,
-                'client_secret' => $client_secret,
-                'redirect_uri'  => $redirect_uri,
-                'grant_types'   => $grant_types,
-                'scope'         => $scope,
-                'user_id'       => $user_id,
-            ));
-        }
-
-        return true;
-    }
-
-    public function checkRestrictedGrantType($client_id, $grant_type)
-    {
-        $details = $this->getClientDetails($client_id);
-        if (isset($details['grant_types'])) {
-            $grant_types = explode(' ', $details['grant_types']);
-
-            return in_array($grant_type, $grant_types);
-        }
-
-        // if grant_types are not defined, then none are restricted
-        return true;
-    }
-
-    /* AccessTokenInterface */
-    public function getAccessToken($access_token)
-    {
-        $token = $this->getObjectByType('access_token_table',$access_token);
-
-        return is_null($token) ? false : $token;
-    }
-
-    public function setAccessToken($access_token, $client_id, $user_id, $expires, $scope = null)
-    {
-        // if it exists, update it.
-        if ($this->getAccessToken($access_token)) {
-            $this->setObjectByType('access_token_table',$access_token, array(
-                'access_token' => $access_token,
-                'client_id' => $client_id,
-                'expires' => $expires,
-                'user_id' => $user_id,
-                'scope' => $scope
-            ));
-        } else {
-            $this->setObjectByType('access_token_table',$access_token,  array(
-                'access_token' => $access_token,
-                'client_id' => $client_id,
-                'expires' => $expires,
-                'user_id' => $user_id,
-                'scope' => $scope
-            ));
-        }
-
-        return true;
-    }
-
-    /* AuthorizationCodeInterface */
-    public function getAuthorizationCode($code)
-    {
-        $code = $this->getObjectByType('code_table',$code);
-
-        return is_null($code) ? false : $code;
-    }
-
-    public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
-    {
-        // if it exists, update it.
-        if ($this->getAuthorizationCode($code)) {
-            $this->setObjectByType('code_table',$code, array(
-                'authorization_code' => $code,
-                'client_id' => $client_id,
-                'user_id' => $user_id,
-                'redirect_uri' => $redirect_uri,
-                'expires' => $expires,
-                'scope' => $scope,
-                'id_token' => $id_token,
-            ));
-        } else {
-            $this->setObjectByType('code_table',$code,array(
-                'authorization_code' => $code,
-                'client_id' => $client_id,
-                'user_id' => $user_id,
-                'redirect_uri' => $redirect_uri,
-                'expires' => $expires,
-                'scope' => $scope,
-                'id_token' => $id_token,
-            ));
-        }
-
-        return true;
-    }
-
-    public function expireAuthorizationCode($code)
-    {
-        $this->deleteObjectByType('code_table',$code);
-
-        return true;
-    }
-
-    /* UserCredentialsInterface */
-    public function checkUserCredentials($username, $password)
-    {
-        if ($user = $this->getUser($username)) {
-            return $this->checkPassword($user, $password);
-        }
-
-        return false;
-    }
-
-    public function getUserDetails($username)
-    {
-        if ($user = $this->getUser($username)) {
-            $user['user_id'] = $user['username'];
-        }
-
-        return $user;
-    }
-
-    /* RefreshTokenInterface */
-    public function getRefreshToken($refresh_token)
-    {
-        $token = $this->getObjectByType('refresh_token_table',$refresh_token);
-
-        return is_null($token) ? false : $token;
-    }
-
-    public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = null)
-    {
-        $this->setObjectByType('refresh_token_table',$refresh_token, array(
-            'refresh_token' => $refresh_token,
-            'client_id' => $client_id,
-            'user_id' => $user_id,
-            'expires' => $expires,
-            'scope' => $scope
-        ));
-
-        return true;
-    }
-
-    public function unsetRefreshToken($refresh_token)
-    {
-        $this->deleteObjectByType('refresh_token_table',$refresh_token);
-
-        return true;
-    }
-
-    // plaintext passwords are bad!  Override this for your application
-    protected function checkPassword($user, $password)
-    {
-        return $user['password'] == $password;
-    }
-
-    public function getUser($username)
-    {
-        $result = $this->getObjectByType('user_table',$username);
-
-        return is_null($result) ? false : $result;
-    }
-
-    public function setUser($username, $password, $firstName = null, $lastName = null)
-    {
-        if ($this->getUser($username)) {
-            $this->setObjectByType('user_table',$username, array(
-                'username' => $username,
-                'password' => $password,
-                'first_name' => $firstName,
-                'last_name' => $lastName
-            ));
-
-        } else {
-            $this->setObjectByType('user_table',$username, array(
-                'username' => $username,
-                'password' => $password,
-                'first_name' => $firstName,
-                'last_name' => $lastName
-            ));
-
-        }
-
-        return true;
-    }
-
-    public function getClientKey($client_id, $subject)
-    {
-        if (!$jwt = $this->getObjectByType('jwt_table',$client_id)) {
-            return false;
-        }
-
-        if (isset($jwt['subject']) && $jwt['subject'] == $subject) {
-            return $jwt['key'];
-        }
-
-        return false;
-    }
-
-    public function getClientScope($client_id)
-    {
-        if (!$clientDetails = $this->getClientDetails($client_id)) {
-            return false;
-        }
-
-        if (isset($clientDetails['scope'])) {
-            return $clientDetails['scope'];
-        }
-
-        return null;
-    }
-
-    public function getJti($client_id, $subject, $audience, $expiration, $jti)
-    {
-        //TODO: Needs couchbase implementation.
-        throw new \Exception('getJti() for the Couchbase driver is currently unimplemented.');
-    }
-
-    public function setJti($client_id, $subject, $audience, $expiration, $jti)
-    {
-        //TODO: Needs couchbase implementation.
-        throw new \Exception('setJti() for the Couchbase driver is currently unimplemented.');
-    }
+	protected $db;
+	protected $config;
+
+	public function __construct($connection, $config = array())
+	{
+		if ($connection instanceof \Couchbase) {
+			$this->db = $connection;
+		} else {
+			if (!is_array($connection) || !is_array($connection['servers'])) {
+				throw new \InvalidArgumentException('First argument to OAuth2\Storage\CouchbaseDB must be an instance of Couchbase or a configuration array containing a server array');
+			}
+
+			$this->db = new \Couchbase($connection['servers'], (!isset($connection['username'])) ? '' : $connection['username'], (!isset($connection['password'])) ? '' : $connection['password'], $connection['bucket'], false);
+		}
+
+		$this->config = array_merge(array(
+			'client_table' => 'oauth_clients',
+			'access_token_table' => 'oauth_access_tokens',
+			'refresh_token_table' => 'oauth_refresh_tokens',
+			'code_table' => 'oauth_authorization_codes',
+			'user_table' => 'oauth_users',
+			'jwt_table' => 'oauth_jwt',
+		), $config);
+	}
+
+	// Helper function to access couchbase item by type:
+	protected function getObjectByType($name,$id)
+	{
+		return json_decode($this->db->get($this->config[$name].'-'.$id),true);
+	}
+
+	// Helper function to set couchbase item by type:
+	protected function setObjectByType($name,$id,$array)
+	{
+		$array['type'] = $name;
+
+		return $this->db->set($this->config[$name].'-'.$id,json_encode($array));
+	}
+
+	// Helper function to delete couchbase item by type, wait for persist to at least 1 node
+	protected function deleteObjectByType($name,$id)
+	{
+		$this->db->delete($this->config[$name].'-'.$id,"",1);
+	}
+
+	/* ClientCredentialsInterface */
+	public function checkClientCredentials($client_id, $client_secret = null)
+	{
+		if ($result = $this->getObjectByType('client_table',$client_id)) {
+			return $result['client_secret'] == $client_secret;
+		}
+
+		return false;
+	}
+
+	public function isPublicClient($client_id)
+	{
+		if (!$result = $this->getObjectByType('client_table',$client_id)) {
+			return false;
+		}
+
+		return empty($result['client_secret']);
+	}
+
+	/* ClientInterface */
+	public function getClientDetails($client_id)
+	{
+		$result = $this->getObjectByType('client_table',$client_id);
+
+		return is_null($result) ? false : $result;
+	}
+
+	public function setClientDetails($client_id, $client_secret = null, $redirect_uri = null, $grant_types = null, $scope = null, $user_id = null)
+	{
+		if ($this->getClientDetails($client_id)) {
+
+			$this->setObjectByType('client_table',$client_id, array(
+				'client_id'     => $client_id,
+				'client_secret' => $client_secret,
+				'redirect_uri'  => $redirect_uri,
+				'grant_types'   => $grant_types,
+				'scope'         => $scope,
+				'user_id'       => $user_id,
+			));
+		} else {
+			$this->setObjectByType('client_table',$client_id, array(
+				'client_id'     => $client_id,
+				'client_secret' => $client_secret,
+				'redirect_uri'  => $redirect_uri,
+				'grant_types'   => $grant_types,
+				'scope'         => $scope,
+				'user_id'       => $user_id,
+			));
+		}
+
+		return true;
+	}
+
+	public function checkRestrictedGrantType($client_id, $grant_type)
+	{
+		$details = $this->getClientDetails($client_id);
+		if (isset($details['grant_types'])) {
+			$grant_types = explode(' ', $details['grant_types']);
+
+			return in_array($grant_type, $grant_types);
+		}
+
+		// if grant_types are not defined, then none are restricted
+		return true;
+	}
+
+	/* AccessTokenInterface */
+	public function getAccessToken($access_token)
+	{
+		$token = $this->getObjectByType('access_token_table',$access_token);
+
+		return is_null($token) ? false : $token;
+	}
+
+	public function setAccessToken($access_token, $client_id, $user_id, $expires, $scope = null)
+	{
+		// if it exists, update it.
+		if ($this->getAccessToken($access_token)) {
+			$this->setObjectByType('access_token_table',$access_token, array(
+				'access_token' => $access_token,
+				'client_id' => $client_id,
+				'expires' => $expires,
+				'user_id' => $user_id,
+				'scope' => $scope
+			));
+		} else {
+			$this->setObjectByType('access_token_table',$access_token,  array(
+				'access_token' => $access_token,
+				'client_id' => $client_id,
+				'expires' => $expires,
+				'user_id' => $user_id,
+				'scope' => $scope
+			));
+		}
+
+		return true;
+	}
+
+	/* AuthorizationCodeInterface */
+	public function getAuthorizationCode($code)
+	{
+		$code = $this->getObjectByType('code_table',$code);
+
+		return is_null($code) ? false : $code;
+	}
+
+	public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
+	{
+		// if it exists, update it.
+		if ($this->getAuthorizationCode($code)) {
+			$this->setObjectByType('code_table',$code, array(
+				'authorization_code' => $code,
+				'client_id' => $client_id,
+				'user_id' => $user_id,
+				'redirect_uri' => $redirect_uri,
+				'expires' => $expires,
+				'scope' => $scope,
+				'id_token' => $id_token,
+			));
+		} else {
+			$this->setObjectByType('code_table',$code,array(
+				'authorization_code' => $code,
+				'client_id' => $client_id,
+				'user_id' => $user_id,
+				'redirect_uri' => $redirect_uri,
+				'expires' => $expires,
+				'scope' => $scope,
+				'id_token' => $id_token,
+			));
+		}
+
+		return true;
+	}
+
+	public function expireAuthorizationCode($code)
+	{
+		$this->deleteObjectByType('code_table',$code);
+
+		return true;
+	}
+
+	/* UserCredentialsInterface */
+	public function checkUserCredentials($username, $password)
+	{
+		if ($user = $this->getUser($username)) {
+			return $this->checkPassword($user, $password);
+		}
+
+		return false;
+	}
+
+	public function getUserDetails($username)
+	{
+		if ($user = $this->getUser($username)) {
+			$user['user_id'] = $user['username'];
+		}
+
+		return $user;
+	}
+
+	/* RefreshTokenInterface */
+	public function getRefreshToken($refresh_token)
+	{
+		$token = $this->getObjectByType('refresh_token_table',$refresh_token);
+
+		return is_null($token) ? false : $token;
+	}
+
+	public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = null)
+	{
+		$this->setObjectByType('refresh_token_table',$refresh_token, array(
+			'refresh_token' => $refresh_token,
+			'client_id' => $client_id,
+			'user_id' => $user_id,
+			'expires' => $expires,
+			'scope' => $scope
+		));
+
+		return true;
+	}
+
+	public function unsetRefreshToken($refresh_token)
+	{
+		$this->deleteObjectByType('refresh_token_table',$refresh_token);
+
+		return true;
+	}
+
+	// plaintext passwords are bad!  Override this for your application
+	protected function checkPassword($user, $password)
+	{
+		return $user['password'] == $password;
+	}
+
+	public function getUser($username)
+	{
+		$result = $this->getObjectByType('user_table',$username);
+
+		return is_null($result) ? false : $result;
+	}
+
+	public function setUser($username, $password, $firstName = null, $lastName = null)
+	{
+		if ($this->getUser($username)) {
+			$this->setObjectByType('user_table',$username, array(
+				'username' => $username,
+				'password' => $password,
+				'first_name' => $firstName,
+				'last_name' => $lastName
+			));
+
+		} else {
+			$this->setObjectByType('user_table',$username, array(
+				'username' => $username,
+				'password' => $password,
+				'first_name' => $firstName,
+				'last_name' => $lastName
+			));
+
+		}
+
+		return true;
+	}
+
+	public function getClientKey($client_id, $subject)
+	{
+		if (!$jwt = $this->getObjectByType('jwt_table',$client_id)) {
+			return false;
+		}
+
+		if (isset($jwt['subject']) && $jwt['subject'] == $subject) {
+			return $jwt['key'];
+		}
+
+		return false;
+	}
+
+	public function getClientScope($client_id)
+	{
+		if (!$clientDetails = $this->getClientDetails($client_id)) {
+			return false;
+		}
+
+		if (isset($clientDetails['scope'])) {
+			return $clientDetails['scope'];
+		}
+
+		return null;
+	}
+
+	public function getJti($client_id, $subject, $audience, $expiration, $jti)
+	{
+		//TODO: Needs couchbase implementation.
+		throw new \Exception('getJti() for the Couchbase driver is currently unimplemented.');
+	}
+
+	public function setJti($client_id, $subject, $audience, $expiration, $jti)
+	{
+		//TODO: Needs couchbase implementation.
+		throw new \Exception('setJti() for the Couchbase driver is currently unimplemented.');
+	}
 }

Spacing +25 added lines, -25 removed lines

@@ -48,29 +48,29 @@ 
     }
 
     // Helper function to access couchbase item by type:
-    protected function getObjectByType($name,$id)
+    protected function getObjectByType($name, $id)
     {
-        return json_decode($this->db->get($this->config[$name].'-'.$id),true);
+        return json_decode($this->db->get($this->config[$name] . '-' . $id), true);
     }
 
     // Helper function to set couchbase item by type:
-    protected function setObjectByType($name,$id,$array)
+    protected function setObjectByType($name, $id, $array)
     {
         $array['type'] = $name;
 
-        return $this->db->set($this->config[$name].'-'.$id,json_encode($array));
+        return $this->db->set($this->config[$name] . '-' . $id, json_encode($array));
     }
 
     // Helper function to delete couchbase item by type, wait for persist to at least 1 node
-    protected function deleteObjectByType($name,$id)
+    protected function deleteObjectByType($name, $id)
     {
-        $this->db->delete($this->config[$name].'-'.$id,"",1);
+        $this->db->delete($this->config[$name] . '-' . $id, "", 1);
     }
 
     /* ClientCredentialsInterface */
     public function checkClientCredentials($client_id, $client_secret = null)
     {
-        if ($result = $this->getObjectByType('client_table',$client_id)) {
+        if ($result = $this->getObjectByType('client_table', $client_id)) {
             return $result['client_secret'] == $client_secret;
         }
 
@@ -79,7 +79,7 @@ 
 
     public function isPublicClient($client_id)
     {
-        if (!$result = $this->getObjectByType('client_table',$client_id)) {
+        if (!$result = $this->getObjectByType('client_table', $client_id)) {
             return false;
         }
 
@@ -89,7 +89,7 @@ 
     /* ClientInterface */
     public function getClientDetails($client_id)
     {
-        $result = $this->getObjectByType('client_table',$client_id);
+        $result = $this->getObjectByType('client_table', $client_id);
 
         return is_null($result) ? false : $result;
     }
@@ -98,7 +98,7 @@ 
     {
         if ($this->getClientDetails($client_id)) {
 
-            $this->setObjectByType('client_table',$client_id, array(
+            $this->setObjectByType('client_table', $client_id, array(
                 'client_id'     => $client_id,
                 'client_secret' => $client_secret,
                 'redirect_uri'  => $redirect_uri,
@@ -107,7 +107,7 @@ 
                 'user_id'       => $user_id,
             ));
         } else {
-            $this->setObjectByType('client_table',$client_id, array(
+            $this->setObjectByType('client_table', $client_id, array(
                 'client_id'     => $client_id,
                 'client_secret' => $client_secret,
                 'redirect_uri'  => $redirect_uri,
@@ -136,7 +136,7 @@ 
     /* AccessTokenInterface */
     public function getAccessToken($access_token)
     {
-        $token = $this->getObjectByType('access_token_table',$access_token);
+        $token = $this->getObjectByType('access_token_table', $access_token);
 
         return is_null($token) ? false : $token;
     }
@@ -145,7 +145,7 @@ 
     {
         // if it exists, update it.
         if ($this->getAccessToken($access_token)) {
-            $this->setObjectByType('access_token_table',$access_token, array(
+            $this->setObjectByType('access_token_table', $access_token, array(
                 'access_token' => $access_token,
                 'client_id' => $client_id,
                 'expires' => $expires,
@@ -153,7 +153,7 @@ 
                 'scope' => $scope
             ));
         } else {
-            $this->setObjectByType('access_token_table',$access_token,  array(
+            $this->setObjectByType('access_token_table', $access_token, array(
                 'access_token' => $access_token,
                 'client_id' => $client_id,
                 'expires' => $expires,
@@ -168,7 +168,7 @@ 
     /* AuthorizationCodeInterface */
     public function getAuthorizationCode($code)
     {
-        $code = $this->getObjectByType('code_table',$code);
+        $code = $this->getObjectByType('code_table', $code);
 
         return is_null($code) ? false : $code;
     }
@@ -177,7 +177,7 @@ 
     {
         // if it exists, update it.
         if ($this->getAuthorizationCode($code)) {
-            $this->setObjectByType('code_table',$code, array(
+            $this->setObjectByType('code_table', $code, array(
                 'authorization_code' => $code,
                 'client_id' => $client_id,
                 'user_id' => $user_id,
@@ -187,7 +187,7 @@ 
                 'id_token' => $id_token,
             ));
         } else {
-            $this->setObjectByType('code_table',$code,array(
+            $this->setObjectByType('code_table', $code, array(
                 'authorization_code' => $code,
                 'client_id' => $client_id,
                 'user_id' => $user_id,
@@ -203,7 +203,7 @@ 
 
     public function expireAuthorizationCode($code)
     {
-        $this->deleteObjectByType('code_table',$code);
+        $this->deleteObjectByType('code_table', $code);
 
         return true;
     }
@@ -230,14 +230,14 @@ 
     /* RefreshTokenInterface */
     public function getRefreshToken($refresh_token)
     {
-        $token = $this->getObjectByType('refresh_token_table',$refresh_token);
+        $token = $this->getObjectByType('refresh_token_table', $refresh_token);
 
         return is_null($token) ? false : $token;
     }
 
     public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = null)
     {
-        $this->setObjectByType('refresh_token_table',$refresh_token, array(
+        $this->setObjectByType('refresh_token_table', $refresh_token, array(
             'refresh_token' => $refresh_token,
             'client_id' => $client_id,
             'user_id' => $user_id,
@@ -250,7 +250,7 @@ 
 
     public function unsetRefreshToken($refresh_token)
     {
-        $this->deleteObjectByType('refresh_token_table',$refresh_token);
+        $this->deleteObjectByType('refresh_token_table', $refresh_token);
 
         return true;
     }
@@ -263,7 +263,7 @@ 
 
     public function getUser($username)
     {
-        $result = $this->getObjectByType('user_table',$username);
+        $result = $this->getObjectByType('user_table', $username);
 
         return is_null($result) ? false : $result;
     }
@@ -271,7 +271,7 @@ 
     public function setUser($username, $password, $firstName = null, $lastName = null)
     {
         if ($this->getUser($username)) {
-            $this->setObjectByType('user_table',$username, array(
+            $this->setObjectByType('user_table', $username, array(
                 'username' => $username,
                 'password' => $password,
                 'first_name' => $firstName,
@@ -279,7 +279,7 @@ 
             ));
 
         } else {
-            $this->setObjectByType('user_table',$username, array(
+            $this->setObjectByType('user_table', $username, array(
                 'username' => $username,
                 'password' => $password,
                 'first_name' => $firstName,
@@ -293,7 +293,7 @@ 
 
     public function getClientKey($client_id, $subject)
     {
-        if (!$jwt = $this->getObjectByType('jwt_table',$client_id)) {
+        if (!$jwt = $this->getObjectByType('jwt_table', $client_id)) {
             return false;
         }
 

extensions/libraries/redcore/api/oauth2/Storage/Memory.php

Indentation +351 added lines, -351 removed lines

@@ -14,356 +14,356 @@
  * @author Brent Shaffer <bshafs at gmail dot com>
  */
 class Memory implements AuthorizationCodeInterface,
-    UserCredentialsInterface,
-    UserClaimsInterface,
-    AccessTokenInterface,
-    ClientCredentialsInterface,
-    RefreshTokenInterface,
-    JwtBearerInterface,
-    ScopeInterface,
-    PublicKeyInterface,
-    OpenIDAuthorizationCodeInterface
+	UserCredentialsInterface,
+	UserClaimsInterface,
+	AccessTokenInterface,
+	ClientCredentialsInterface,
+	RefreshTokenInterface,
+	JwtBearerInterface,
+	ScopeInterface,
+	PublicKeyInterface,
+	OpenIDAuthorizationCodeInterface
 {
-    public $authorizationCodes;
-    public $userCredentials;
-    public $clientCredentials;
-    public $refreshTokens;
-    public $accessTokens;
-    public $jwt;
-    public $jti;
-    public $supportedScopes;
-    public $defaultScope;
-    public $keys;
-
-    public function __construct($params = array())
-    {
-        $params = array_merge(array(
-            'authorization_codes' => array(),
-            'user_credentials' => array(),
-            'client_credentials' => array(),
-            'refresh_tokens' => array(),
-            'access_tokens' => array(),
-            'jwt' => array(),
-            'jti' => array(),
-            'default_scope' => null,
-            'supported_scopes' => array(),
-            'keys' => array(),
-        ), $params);
-
-        $this->authorizationCodes = $params['authorization_codes'];
-        $this->userCredentials = $params['user_credentials'];
-        $this->clientCredentials = $params['client_credentials'];
-        $this->refreshTokens = $params['refresh_tokens'];
-        $this->accessTokens = $params['access_tokens'];
-        $this->jwt = $params['jwt'];
-        $this->jti = $params['jti'];
-        $this->supportedScopes = $params['supported_scopes'];
-        $this->defaultScope = $params['default_scope'];
-        $this->keys = $params['keys'];
-    }
-
-    /* AuthorizationCodeInterface */
-    public function getAuthorizationCode($code)
-    {
-        if (!isset($this->authorizationCodes[$code])) {
-            return false;
-        }
-
-        return array_merge(array(
-            'authorization_code' => $code,
-        ), $this->authorizationCodes[$code]);
-    }
-
-    public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
-    {
-        $this->authorizationCodes[$code] = compact('code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'scope', 'id_token');
-
-        return true;
-    }
-
-    public function setAuthorizationCodes($authorization_codes)
-    {
-        $this->authorizationCodes = $authorization_codes;
-    }
-
-    public function expireAuthorizationCode($code)
-    {
-        unset($this->authorizationCodes[$code]);
-    }
-
-    /* UserCredentialsInterface */
-    public function checkUserCredentials($username, $password)
-    {
-        $userDetails = $this->getUserDetails($username);
-
-        return $userDetails && $userDetails['password'] && $userDetails['password'] === $password;
-    }
-
-    public function setUser($username, $password, $firstName = null, $lastName = null)
-    {
-        $this->userCredentials[$username] = array(
-            'password'   => $password,
-            'first_name' => $firstName,
-            'last_name'  => $lastName,
-        );
-
-        return true;
-    }
-
-    public function getUserDetails($username)
-    {
-        if (!isset($this->userCredentials[$username])) {
-            return false;
-        }
-
-        return array_merge(array(
-            'user_id'    => $username,
-            'password'   => null,
-            'first_name' => null,
-            'last_name'  => null,
-        ), $this->userCredentials[$username]);
-    }
-
-    /* UserClaimsInterface */
-    public function getUserClaims($user_id, $claims)
-    {
-        if (!$userDetails = $this->getUserDetails($user_id)) {
-            return false;
-        }
-
-        $claims = explode(' ', trim($claims));
-        $userClaims = array();
-
-        // for each requested claim, if the user has the claim, set it in the response
-        $validClaims = explode(' ', self::VALID_CLAIMS);
-        foreach ($validClaims as $validClaim) {
-            if (in_array($validClaim, $claims)) {
-                if ($validClaim == 'address') {
-                    // address is an object with subfields
-                    $userClaims['address'] = $this->getUserClaim($validClaim, $userDetails['address'] ?: $userDetails);
-                } else {
-                    $userClaims = array_merge($this->getUserClaim($validClaim, $userDetails));
-                }
-            }
-        }
-
-        return $userClaims;
-    }
-
-    protected function getUserClaim($claim, $userDetails)
-    {
-        $userClaims = array();
-        $claimValuesString = constant(sprintf('self::%s_CLAIM_VALUES', strtoupper($claim)));
-        $claimValues = explode(' ', $claimValuesString);
-
-        foreach ($claimValues as $value) {
-            $userClaims[$value] = isset($userDetails[$value]) ? $userDetails[$value] : null;
-        }
-
-        return $userClaims;
-    }
-
-    /* ClientCredentialsInterface */
-    public function checkClientCredentials($client_id, $client_secret = null)
-    {
-        return isset($this->clientCredentials[$client_id]['client_secret']) && $this->clientCredentials[$client_id]['client_secret'] === $client_secret;
-    }
-
-    public function isPublicClient($client_id)
-    {
-        if (!isset($this->clientCredentials[$client_id])) {
-            return false;
-        }
-
-        return empty($this->clientCredentials[$client_id]['client_secret']);
-    }
-
-    /* ClientInterface */
-    public function getClientDetails($client_id)
-    {
-        if (!isset($this->clientCredentials[$client_id])) {
-            return false;
-        }
-
-        $clientDetails = array_merge(array(
-            'client_id'     => $client_id,
-            'client_secret' => null,
-            'redirect_uri'  => null,
-            'scope'         => null,
-        ), $this->clientCredentials[$client_id]);
-
-        return $clientDetails;
-    }
-
-    public function checkRestrictedGrantType($client_id, $grant_type)
-    {
-        if (isset($this->clientCredentials[$client_id]['grant_types'])) {
-            $grant_types = explode(' ', $this->clientCredentials[$client_id]['grant_types']);
-
-            return in_array($grant_type, $grant_types);
-        }
-
-        // if grant_types are not defined, then none are restricted
-        return true;
-    }
-
-    public function setClientDetails($client_id, $client_secret = null, $redirect_uri = null, $grant_types = null, $scope = null, $user_id = null)
-    {
-        $this->clientCredentials[$client_id] = array(
-            'client_id'     => $client_id,
-            'client_secret' => $client_secret,
-            'redirect_uri'  => $redirect_uri,
-            'grant_types'   => $grant_types,
-            'scope'         => $scope,
-            'user_id'       => $user_id,
-        );
-
-        return true;
-    }
-
-    /* RefreshTokenInterface */
-    public function getRefreshToken($refresh_token)
-    {
-        return isset($this->refreshTokens[$refresh_token]) ? $this->refreshTokens[$refresh_token] : false;
-    }
-
-    public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = null)
-    {
-        $this->refreshTokens[$refresh_token] = compact('refresh_token', 'client_id', 'user_id', 'expires', 'scope');
-
-        return true;
-    }
-
-    public function unsetRefreshToken($refresh_token)
-    {
-        unset($this->refreshTokens[$refresh_token]);
-    }
-
-    public function setRefreshTokens($refresh_tokens)
-    {
-        $this->refreshTokens = $refresh_tokens;
-    }
-
-    /* AccessTokenInterface */
-    public function getAccessToken($access_token)
-    {
-        return isset($this->accessTokens[$access_token]) ? $this->accessTokens[$access_token] : false;
-    }
-
-    public function setAccessToken($access_token, $client_id, $user_id, $expires, $scope = null, $id_token = null)
-    {
-        $this->accessTokens[$access_token] = compact('access_token', 'client_id', 'user_id', 'expires', 'scope', 'id_token');
-
-        return true;
-    }
-
-    public function unsetAccessToken($access_token)
-    {
-        unset($this->accessTokens[$access_token]);
-    }
-
-    public function scopeExists($scope)
-    {
-        $scope = explode(' ', trim($scope));
-
-        return (count(array_diff($scope, $this->supportedScopes)) == 0);
-    }
-
-    public function getDefaultScope($client_id = null)
-    {
-        return $this->defaultScope;
-    }
-
-    /*JWTBearerInterface */
-    public function getClientKey($client_id, $subject)
-    {
-        if (isset($this->jwt[$client_id])) {
-            $jwt = $this->jwt[$client_id];
-            if ($jwt) {
-                if ($jwt["subject"] == $subject) {
-                    return $jwt["key"];
-                }
-            }
-        }
-
-        return false;
-    }
-
-    public function getClientScope($client_id)
-    {
-        if (!$clientDetails = $this->getClientDetails($client_id)) {
-            return false;
-        }
-
-        if (isset($clientDetails['scope'])) {
-            return $clientDetails['scope'];
-        }
-
-        return null;
-    }
-
-    public function getJti($client_id, $subject, $audience, $expires, $jti)
-    {
-        foreach ($this->jti as $storedJti) {
-            if ($storedJti['issuer'] == $client_id && $storedJti['subject'] == $subject && $storedJti['audience'] == $audience && $storedJti['expires'] == $expires && $storedJti['jti'] == $jti) {
-                return array(
-                    'issuer' => $storedJti['issuer'],
-                    'subject' => $storedJti['subject'],
-                    'audience' => $storedJti['audience'],
-                    'expires' => $storedJti['expires'],
-                    'jti' => $storedJti['jti']
-                );
-            }
-        }
-
-        return null;
-    }
-
-    public function setJti($client_id, $subject, $audience, $expires, $jti)
-    {
-        $this->jti[] = array('issuer' => $client_id, 'subject' => $subject, 'audience' => $audience, 'expires' => $expires, 'jti' => $jti);
-    }
-
-    /*PublicKeyInterface */
-    public function getPublicKey($client_id = null)
-    {
-        if (isset($this->keys[$client_id])) {
-            return $this->keys[$client_id]['public_key'];
-        }
-
-        // use a global encryption pair
-        if (isset($this->keys['public_key'])) {
-            return $this->keys['public_key'];
-        }
-
-        return false;
-    }
-
-    public function getPrivateKey($client_id = null)
-    {
-        if (isset($this->keys[$client_id])) {
-            return $this->keys[$client_id]['private_key'];
-        }
-
-        // use a global encryption pair
-        if (isset($this->keys['private_key'])) {
-            return $this->keys['private_key'];
-        }
-
-        return false;
-    }
-
-    public function getEncryptionAlgorithm($client_id = null)
-    {
-        if (isset($this->keys[$client_id]['encryption_algorithm'])) {
-            return $this->keys[$client_id]['encryption_algorithm'];
-        }
-
-        // use a global encryption algorithm
-        if (isset($this->keys['encryption_algorithm'])) {
-            return $this->keys['encryption_algorithm'];
-        }
-
-        return 'RS256';
-    }
+	public $authorizationCodes;
+	public $userCredentials;
+	public $clientCredentials;
+	public $refreshTokens;
+	public $accessTokens;
+	public $jwt;
+	public $jti;
+	public $supportedScopes;
+	public $defaultScope;
+	public $keys;
+
+	public function __construct($params = array())
+	{
+		$params = array_merge(array(
+			'authorization_codes' => array(),
+			'user_credentials' => array(),
+			'client_credentials' => array(),
+			'refresh_tokens' => array(),
+			'access_tokens' => array(),
+			'jwt' => array(),
+			'jti' => array(),
+			'default_scope' => null,
+			'supported_scopes' => array(),
+			'keys' => array(),
+		), $params);
+
+		$this->authorizationCodes = $params['authorization_codes'];
+		$this->userCredentials = $params['user_credentials'];
+		$this->clientCredentials = $params['client_credentials'];
+		$this->refreshTokens = $params['refresh_tokens'];
+		$this->accessTokens = $params['access_tokens'];
+		$this->jwt = $params['jwt'];
+		$this->jti = $params['jti'];
+		$this->supportedScopes = $params['supported_scopes'];
+		$this->defaultScope = $params['default_scope'];
+		$this->keys = $params['keys'];
+	}
+
+	/* AuthorizationCodeInterface */
+	public function getAuthorizationCode($code)
+	{
+		if (!isset($this->authorizationCodes[$code])) {
+			return false;
+		}
+
+		return array_merge(array(
+			'authorization_code' => $code,
+		), $this->authorizationCodes[$code]);
+	}
+
+	public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
+	{
+		$this->authorizationCodes[$code] = compact('code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'scope', 'id_token');
+
+		return true;
+	}
+
+	public function setAuthorizationCodes($authorization_codes)
+	{
+		$this->authorizationCodes = $authorization_codes;
+	}
+
+	public function expireAuthorizationCode($code)
+	{
+		unset($this->authorizationCodes[$code]);
+	}
+
+	/* UserCredentialsInterface */
+	public function checkUserCredentials($username, $password)
+	{
+		$userDetails = $this->getUserDetails($username);
+
+		return $userDetails && $userDetails['password'] && $userDetails['password'] === $password;
+	}
+
+	public function setUser($username, $password, $firstName = null, $lastName = null)
+	{
+		$this->userCredentials[$username] = array(
+			'password'   => $password,
+			'first_name' => $firstName,
+			'last_name'  => $lastName,
+		);
+
+		return true;
+	}
+
+	public function getUserDetails($username)
+	{
+		if (!isset($this->userCredentials[$username])) {
+			return false;
+		}
+
+		return array_merge(array(
+			'user_id'    => $username,
+			'password'   => null,
+			'first_name' => null,
+			'last_name'  => null,
+		), $this->userCredentials[$username]);
+	}
+
+	/* UserClaimsInterface */
+	public function getUserClaims($user_id, $claims)
+	{
+		if (!$userDetails = $this->getUserDetails($user_id)) {
+			return false;
+		}
+
+		$claims = explode(' ', trim($claims));
+		$userClaims = array();
+
+		// for each requested claim, if the user has the claim, set it in the response
+		$validClaims = explode(' ', self::VALID_CLAIMS);
+		foreach ($validClaims as $validClaim) {
+			if (in_array($validClaim, $claims)) {
+				if ($validClaim == 'address') {
+					// address is an object with subfields
+					$userClaims['address'] = $this->getUserClaim($validClaim, $userDetails['address'] ?: $userDetails);
+				} else {
+					$userClaims = array_merge($this->getUserClaim($validClaim, $userDetails));
+				}
+			}
+		}
+
+		return $userClaims;
+	}
+
+	protected function getUserClaim($claim, $userDetails)
+	{
+		$userClaims = array();
+		$claimValuesString = constant(sprintf('self::%s_CLAIM_VALUES', strtoupper($claim)));
+		$claimValues = explode(' ', $claimValuesString);
+
+		foreach ($claimValues as $value) {
+			$userClaims[$value] = isset($userDetails[$value]) ? $userDetails[$value] : null;
+		}
+
+		return $userClaims;
+	}
+
+	/* ClientCredentialsInterface */
+	public function checkClientCredentials($client_id, $client_secret = null)
+	{
+		return isset($this->clientCredentials[$client_id]['client_secret']) && $this->clientCredentials[$client_id]['client_secret'] === $client_secret;
+	}
+
+	public function isPublicClient($client_id)
+	{
+		if (!isset($this->clientCredentials[$client_id])) {
+			return false;
+		}
+
+		return empty($this->clientCredentials[$client_id]['client_secret']);
+	}
+
+	/* ClientInterface */
+	public function getClientDetails($client_id)
+	{
+		if (!isset($this->clientCredentials[$client_id])) {
+			return false;
+		}
+
+		$clientDetails = array_merge(array(
+			'client_id'     => $client_id,
+			'client_secret' => null,
+			'redirect_uri'  => null,
+			'scope'         => null,
+		), $this->clientCredentials[$client_id]);
+
+		return $clientDetails;
+	}
+
+	public function checkRestrictedGrantType($client_id, $grant_type)
+	{
+		if (isset($this->clientCredentials[$client_id]['grant_types'])) {
+			$grant_types = explode(' ', $this->clientCredentials[$client_id]['grant_types']);
+
+			return in_array($grant_type, $grant_types);
+		}
+
+		// if grant_types are not defined, then none are restricted
+		return true;
+	}
+
+	public function setClientDetails($client_id, $client_secret = null, $redirect_uri = null, $grant_types = null, $scope = null, $user_id = null)
+	{
+		$this->clientCredentials[$client_id] = array(
+			'client_id'     => $client_id,
+			'client_secret' => $client_secret,
+			'redirect_uri'  => $redirect_uri,
+			'grant_types'   => $grant_types,
+			'scope'         => $scope,
+			'user_id'       => $user_id,
+		);
+
+		return true;
+	}
+
+	/* RefreshTokenInterface */
+	public function getRefreshToken($refresh_token)
+	{
+		return isset($this->refreshTokens[$refresh_token]) ? $this->refreshTokens[$refresh_token] : false;
+	}
+
+	public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = null)
+	{
+		$this->refreshTokens[$refresh_token] = compact('refresh_token', 'client_id', 'user_id', 'expires', 'scope');
+
+		return true;
+	}
+
+	public function unsetRefreshToken($refresh_token)
+	{
+		unset($this->refreshTokens[$refresh_token]);
+	}
+
+	public function setRefreshTokens($refresh_tokens)
+	{
+		$this->refreshTokens = $refresh_tokens;
+	}
+
+	/* AccessTokenInterface */
+	public function getAccessToken($access_token)
+	{
+		return isset($this->accessTokens[$access_token]) ? $this->accessTokens[$access_token] : false;
+	}
+
+	public function setAccessToken($access_token, $client_id, $user_id, $expires, $scope = null, $id_token = null)
+	{
+		$this->accessTokens[$access_token] = compact('access_token', 'client_id', 'user_id', 'expires', 'scope', 'id_token');
+
+		return true;
+	}
+
+	public function unsetAccessToken($access_token)
+	{
+		unset($this->accessTokens[$access_token]);
+	}
+
+	public function scopeExists($scope)
+	{
+		$scope = explode(' ', trim($scope));
+
+		return (count(array_diff($scope, $this->supportedScopes)) == 0);
+	}
+
+	public function getDefaultScope($client_id = null)
+	{
+		return $this->defaultScope;
+	}
+
+	/*JWTBearerInterface */
+	public function getClientKey($client_id, $subject)
+	{
+		if (isset($this->jwt[$client_id])) {
+			$jwt = $this->jwt[$client_id];
+			if ($jwt) {
+				if ($jwt["subject"] == $subject) {
+					return $jwt["key"];
+				}
+			}
+		}
+
+		return false;
+	}
+
+	public function getClientScope($client_id)
+	{
+		if (!$clientDetails = $this->getClientDetails($client_id)) {
+			return false;
+		}
+
+		if (isset($clientDetails['scope'])) {
+			return $clientDetails['scope'];
+		}
+
+		return null;
+	}
+
+	public function getJti($client_id, $subject, $audience, $expires, $jti)
+	{
+		foreach ($this->jti as $storedJti) {
+			if ($storedJti['issuer'] == $client_id && $storedJti['subject'] == $subject && $storedJti['audience'] == $audience && $storedJti['expires'] == $expires && $storedJti['jti'] == $jti) {
+				return array(
+					'issuer' => $storedJti['issuer'],
+					'subject' => $storedJti['subject'],
+					'audience' => $storedJti['audience'],
+					'expires' => $storedJti['expires'],
+					'jti' => $storedJti['jti']
+				);
+			}
+		}
+
+		return null;
+	}
+
+	public function setJti($client_id, $subject, $audience, $expires, $jti)
+	{
+		$this->jti[] = array('issuer' => $client_id, 'subject' => $subject, 'audience' => $audience, 'expires' => $expires, 'jti' => $jti);
+	}
+
+	/*PublicKeyInterface */
+	public function getPublicKey($client_id = null)
+	{
+		if (isset($this->keys[$client_id])) {
+			return $this->keys[$client_id]['public_key'];
+		}
+
+		// use a global encryption pair
+		if (isset($this->keys['public_key'])) {
+			return $this->keys['public_key'];
+		}
+
+		return false;
+	}
+
+	public function getPrivateKey($client_id = null)
+	{
+		if (isset($this->keys[$client_id])) {
+			return $this->keys[$client_id]['private_key'];
+		}
+
+		// use a global encryption pair
+		if (isset($this->keys['private_key'])) {
+			return $this->keys['private_key'];
+		}
+
+		return false;
+	}
+
+	public function getEncryptionAlgorithm($client_id = null)
+	{
+		if (isset($this->keys[$client_id]['encryption_algorithm'])) {
+			return $this->keys[$client_id]['encryption_algorithm'];
+		}
+
+		// use a global encryption algorithm
+		if (isset($this->keys['encryption_algorithm'])) {
+			return $this->keys['encryption_algorithm'];
+		}
+
+		return 'RS256';
+	}
 }