redCOMPONENT-COM / redCORE

extensions/libraries/redcore/api/oauth2/Response.php

Indentation +351 added lines, -351 removed lines

@@ -13,357 +13,357 @@
  */
 class Response implements ResponseInterface
 {
-    public $version;
-    protected $statusCode = 200;
-    protected $statusText;
-    protected $parameters = array();
-    protected $httpHeaders = array();
-
-    public static $statusTexts = array(
-        100 => 'Continue',
-        101 => 'Switching Protocols',
-        200 => 'OK',
-        201 => 'Created',
-        202 => 'Accepted',
-        203 => 'Non-Authoritative Information',
-        204 => 'No Content',
-        205 => 'Reset Content',
-        206 => 'Partial Content',
-        300 => 'Multiple Choices',
-        301 => 'Moved Permanently',
-        302 => 'Found',
-        303 => 'See Other',
-        304 => 'Not Modified',
-        305 => 'Use Proxy',
-        307 => 'Temporary Redirect',
-        400 => 'Bad Request',
-        401 => 'Unauthorized',
-        402 => 'Payment Required',
-        403 => 'Forbidden',
-        404 => 'Not Found',
-        405 => 'Method Not Allowed',
-        406 => 'Not Acceptable',
-        407 => 'Proxy Authentication Required',
-        408 => 'Request Timeout',
-        409 => 'Conflict',
-        410 => 'Gone',
-        411 => 'Length Required',
-        412 => 'Precondition Failed',
-        413 => 'Request Entity Too Large',
-        414 => 'Request-URI Too Long',
-        415 => 'Unsupported Media Type',
-        416 => 'Requested Range Not Satisfiable',
-        417 => 'Expectation Failed',
-        418 => 'I\'m a teapot',
-        500 => 'Internal Server Error',
-        501 => 'Not Implemented',
-        502 => 'Bad Gateway',
-        503 => 'Service Unavailable',
-        504 => 'Gateway Timeout',
-        505 => 'HTTP Version Not Supported',
-    );
-
-    public function __construct($parameters = array(), $statusCode = 200, $headers = array())
-    {
-        $this->setParameters($parameters);
-        $this->setStatusCode($statusCode);
-        $this->setHttpHeaders($headers);
-        $this->version = '1.1';
-    }
-
-    /**
-     * Converts the response object to string containing all headers and the response content.
-     *
-     * @return string The response with headers and content
-     */
-    public function __toString()
-    {
-        $headers = array();
-        foreach ($this->httpHeaders as $name => $value) {
-            $headers[$name] = (array) $value;
-        }
-
-        return
-            sprintf('HTTP/%s %s %s', $this->version, $this->statusCode, $this->statusText)."\r\n".
-            $this->getHttpHeadersAsString($headers)."\r\n".
-            $this->getResponseBody();
-    }
-
-    /**
-     * Returns the build header line.
-     *
-     * @param string $name  The header name
-     * @param string $value The header value
-     *
-     * @return string The built header line
-     */
-    protected function buildHeader($name, $value)
-    {
-        return sprintf("%s: %s\n", $name, $value);
-    }
-
-    public function getStatusCode()
-    {
-        return $this->statusCode;
-    }
-
-    public function setStatusCode($statusCode, $text = null)
-    {
-        $this->statusCode = (int) $statusCode;
-        if ($this->isInvalid()) {
-            throw new \InvalidArgumentException(sprintf('The HTTP status code "%s" is not valid.', $statusCode));
-        }
-
-        $this->statusText = false === $text ? '' : (null === $text ? self::$statusTexts[$this->statusCode] : $text);
-    }
-
-    public function getStatusText()
-    {
-        return $this->statusText;
-    }
-
-    public function getParameters()
-    {
-        return $this->parameters;
-    }
-
-    public function setParameters(array $parameters)
-    {
-        $this->parameters = $parameters;
-    }
-
-    public function addParameters(array $parameters)
-    {
-        $this->parameters = array_merge($this->parameters, $parameters);
-    }
-
-    public function getParameter($name, $default = null)
-    {
-        return isset($this->parameters[$name]) ? $this->parameters[$name] : $default;
-    }
-
-    public function setParameter($name, $value)
-    {
-        $this->parameters[$name] = $value;
-    }
-
-    public function setHttpHeaders(array $httpHeaders)
-    {
-        $this->httpHeaders = $httpHeaders;
-    }
-
-    public function setHttpHeader($name, $value)
-    {
-        $this->httpHeaders[$name] = $value;
-    }
-
-    public function addHttpHeaders(array $httpHeaders)
-    {
-        $this->httpHeaders = array_merge($this->httpHeaders, $httpHeaders);
-    }
-
-    public function getHttpHeaders()
-    {
-        return $this->httpHeaders;
-    }
-
-    public function getHttpHeader($name, $default = null)
-    {
-        return isset($this->httpHeaders[$name]) ? $this->httpHeaders[$name] : $default;
-    }
-
-    public function getResponseBody($format = 'json')
-    {
-        switch ($format) {
-            case 'json':
-                return json_encode($this->parameters);
-            case 'xml':
-                // this only works for single-level arrays
-                $xml = new \SimpleXMLElement('<response/>');
-                foreach ($this->parameters as $key => $param) {
-                    $xml->addChild($key, $param);
-                }
-
-                return $xml->asXML();
-        }
-
-        throw new \InvalidArgumentException(sprintf('The format %s is not supported', $format));
-
-    }
-
-    public function send($format = 'json')
-    {
-        // headers have already been sent by the developer
-        if (headers_sent()) {
-            return;
-        }
-
-        switch ($format) {
-            case 'json':
-                $this->setHttpHeader('Content-Type', 'application/json');
-                break;
-            case 'xml':
-                $this->setHttpHeader('Content-Type', 'text/xml');
-                break;
-        }
-        // status
-        header(sprintf('HTTP/%s %s %s', $this->version, $this->statusCode, $this->statusText));
-
-        foreach ($this->getHttpHeaders() as $name => $header) {
-            header(sprintf('%s: %s', $name, $header));
-        }
-        echo $this->getResponseBody($format);
-    }
-
-    public function setError($statusCode, $error, $errorDescription = null, $errorUri = null)
-    {
-        $parameters = array(
-            'error' => $error,
-            'error_description' => $errorDescription,
-        );
-
-        if (!is_null($errorUri)) {
-            if (strlen($errorUri) > 0 && $errorUri[0] == '#') {
-                // we are referencing an oauth bookmark (for brevity)
-                $errorUri = 'http://tools.ietf.org/html/rfc6749' . $errorUri;
-            }
-            $parameters['error_uri'] = $errorUri;
-        }
-
-        $httpHeaders = array(
-            'Cache-Control' => 'no-store'
-        );
-
-        $this->setStatusCode($statusCode);
-        $this->addParameters($parameters);
-        $this->addHttpHeaders($httpHeaders);
-
-        if (!$this->isClientError() && !$this->isServerError()) {
-            throw new \InvalidArgumentException(sprintf('The HTTP status code is not an error ("%s" given).', $statusCode));
-        }
-    }
-
-    public function setRedirect($statusCode, $url, $state = null, $error = null, $errorDescription = null, $errorUri = null)
-    {
-        if (empty($url)) {
-            throw new \InvalidArgumentException('Cannot redirect to an empty URL.');
-        }
-
-        $parameters = array();
-
-        if (!is_null($state)) {
-            $parameters['state'] = $state;
-        }
-
-        if (!is_null($error)) {
-            $this->setError(400, $error, $errorDescription, $errorUri);
-        }
-        $this->setStatusCode($statusCode);
-        $this->addParameters($parameters);
-
-        if (count($this->parameters) > 0) {
-            // add parameters to URL redirection
-            $parts = parse_url($url);
-            $sep = isset($parts['query']) && count($parts['query']) > 0 ? '&' : '?';
-            $url .= $sep . http_build_query($this->parameters);
-        }
-
-        $this->addHttpHeaders(array('Location' =>  $url));
-
-        if (!$this->isRedirection()) {
-            throw new \InvalidArgumentException(sprintf('The HTTP status code is not a redirect ("%s" given).', $statusCode));
-        }
-    }
-
-    // http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
-    /**
-     * @return Boolean
-     *
-     * @api
-     */
-    public function isInvalid()
-    {
-        return $this->statusCode < 100 || $this->statusCode >= 600;
-    }
-
-    /**
-     * @return Boolean
-     *
-     * @api
-     */
-    public function isInformational()
-    {
-        return $this->statusCode >= 100 && $this->statusCode < 200;
-    }
-
-    /**
-     * @return Boolean
-     *
-     * @api
-     */
-    public function isSuccessful()
-    {
-        return $this->statusCode >= 200 && $this->statusCode < 300;
-    }
-
-    /**
-     * @return Boolean
-     *
-     * @api
-     */
-    public function isRedirection()
-    {
-        return $this->statusCode >= 300 && $this->statusCode < 400;
-    }
-
-    /**
-     * @return Boolean
-     *
-     * @api
-     */
-    public function isClientError()
-    {
-        return $this->statusCode >= 400 && $this->statusCode < 500;
-    }
-
-    /**
-     * @return Boolean
-     *
-     * @api
-     */
-    public function isServerError()
-    {
-        return $this->statusCode >= 500 && $this->statusCode < 600;
-    }
-
-    /*
+	public $version;
+	protected $statusCode = 200;
+	protected $statusText;
+	protected $parameters = array();
+	protected $httpHeaders = array();
+
+	public static $statusTexts = array(
+		100 => 'Continue',
+		101 => 'Switching Protocols',
+		200 => 'OK',
+		201 => 'Created',
+		202 => 'Accepted',
+		203 => 'Non-Authoritative Information',
+		204 => 'No Content',
+		205 => 'Reset Content',
+		206 => 'Partial Content',
+		300 => 'Multiple Choices',
+		301 => 'Moved Permanently',
+		302 => 'Found',
+		303 => 'See Other',
+		304 => 'Not Modified',
+		305 => 'Use Proxy',
+		307 => 'Temporary Redirect',
+		400 => 'Bad Request',
+		401 => 'Unauthorized',
+		402 => 'Payment Required',
+		403 => 'Forbidden',
+		404 => 'Not Found',
+		405 => 'Method Not Allowed',
+		406 => 'Not Acceptable',
+		407 => 'Proxy Authentication Required',
+		408 => 'Request Timeout',
+		409 => 'Conflict',
+		410 => 'Gone',
+		411 => 'Length Required',
+		412 => 'Precondition Failed',
+		413 => 'Request Entity Too Large',
+		414 => 'Request-URI Too Long',
+		415 => 'Unsupported Media Type',
+		416 => 'Requested Range Not Satisfiable',
+		417 => 'Expectation Failed',
+		418 => 'I\'m a teapot',
+		500 => 'Internal Server Error',
+		501 => 'Not Implemented',
+		502 => 'Bad Gateway',
+		503 => 'Service Unavailable',
+		504 => 'Gateway Timeout',
+		505 => 'HTTP Version Not Supported',
+	);
+
+	public function __construct($parameters = array(), $statusCode = 200, $headers = array())
+	{
+		$this->setParameters($parameters);
+		$this->setStatusCode($statusCode);
+		$this->setHttpHeaders($headers);
+		$this->version = '1.1';
+	}
+
+	/**
+	 * Converts the response object to string containing all headers and the response content.
+	 *
+	 * @return string The response with headers and content
+	 */
+	public function __toString()
+	{
+		$headers = array();
+		foreach ($this->httpHeaders as $name => $value) {
+			$headers[$name] = (array) $value;
+		}
+
+		return
+			sprintf('HTTP/%s %s %s', $this->version, $this->statusCode, $this->statusText)."\r\n".
+			$this->getHttpHeadersAsString($headers)."\r\n".
+			$this->getResponseBody();
+	}
+
+	/**
+	 * Returns the build header line.
+	 *
+	 * @param string $name  The header name
+	 * @param string $value The header value
+	 *
+	 * @return string The built header line
+	 */
+	protected function buildHeader($name, $value)
+	{
+		return sprintf("%s: %s\n", $name, $value);
+	}
+
+	public function getStatusCode()
+	{
+		return $this->statusCode;
+	}
+
+	public function setStatusCode($statusCode, $text = null)
+	{
+		$this->statusCode = (int) $statusCode;
+		if ($this->isInvalid()) {
+			throw new \InvalidArgumentException(sprintf('The HTTP status code "%s" is not valid.', $statusCode));
+		}
+
+		$this->statusText = false === $text ? '' : (null === $text ? self::$statusTexts[$this->statusCode] : $text);
+	}
+
+	public function getStatusText()
+	{
+		return $this->statusText;
+	}
+
+	public function getParameters()
+	{
+		return $this->parameters;
+	}
+
+	public function setParameters(array $parameters)
+	{
+		$this->parameters = $parameters;
+	}
+
+	public function addParameters(array $parameters)
+	{
+		$this->parameters = array_merge($this->parameters, $parameters);
+	}
+
+	public function getParameter($name, $default = null)
+	{
+		return isset($this->parameters[$name]) ? $this->parameters[$name] : $default;
+	}
+
+	public function setParameter($name, $value)
+	{
+		$this->parameters[$name] = $value;
+	}
+
+	public function setHttpHeaders(array $httpHeaders)
+	{
+		$this->httpHeaders = $httpHeaders;
+	}
+
+	public function setHttpHeader($name, $value)
+	{
+		$this->httpHeaders[$name] = $value;
+	}
+
+	public function addHttpHeaders(array $httpHeaders)
+	{
+		$this->httpHeaders = array_merge($this->httpHeaders, $httpHeaders);
+	}
+
+	public function getHttpHeaders()
+	{
+		return $this->httpHeaders;
+	}
+
+	public function getHttpHeader($name, $default = null)
+	{
+		return isset($this->httpHeaders[$name]) ? $this->httpHeaders[$name] : $default;
+	}
+
+	public function getResponseBody($format = 'json')
+	{
+		switch ($format) {
+			case 'json':
+				return json_encode($this->parameters);
+			case 'xml':
+				// this only works for single-level arrays
+				$xml = new \SimpleXMLElement('<response/>');
+				foreach ($this->parameters as $key => $param) {
+					$xml->addChild($key, $param);
+				}
+
+				return $xml->asXML();
+		}
+
+		throw new \InvalidArgumentException(sprintf('The format %s is not supported', $format));
+
+	}
+
+	public function send($format = 'json')
+	{
+		// headers have already been sent by the developer
+		if (headers_sent()) {
+			return;
+		}
+
+		switch ($format) {
+			case 'json':
+				$this->setHttpHeader('Content-Type', 'application/json');
+				break;
+			case 'xml':
+				$this->setHttpHeader('Content-Type', 'text/xml');
+				break;
+		}
+		// status
+		header(sprintf('HTTP/%s %s %s', $this->version, $this->statusCode, $this->statusText));
+
+		foreach ($this->getHttpHeaders() as $name => $header) {
+			header(sprintf('%s: %s', $name, $header));
+		}
+		echo $this->getResponseBody($format);
+	}
+
+	public function setError($statusCode, $error, $errorDescription = null, $errorUri = null)
+	{
+		$parameters = array(
+			'error' => $error,
+			'error_description' => $errorDescription,
+		);
+
+		if (!is_null($errorUri)) {
+			if (strlen($errorUri) > 0 && $errorUri[0] == '#') {
+				// we are referencing an oauth bookmark (for brevity)
+				$errorUri = 'http://tools.ietf.org/html/rfc6749' . $errorUri;
+			}
+			$parameters['error_uri'] = $errorUri;
+		}
+
+		$httpHeaders = array(
+			'Cache-Control' => 'no-store'
+		);
+
+		$this->setStatusCode($statusCode);
+		$this->addParameters($parameters);
+		$this->addHttpHeaders($httpHeaders);
+
+		if (!$this->isClientError() && !$this->isServerError()) {
+			throw new \InvalidArgumentException(sprintf('The HTTP status code is not an error ("%s" given).', $statusCode));
+		}
+	}
+
+	public function setRedirect($statusCode, $url, $state = null, $error = null, $errorDescription = null, $errorUri = null)
+	{
+		if (empty($url)) {
+			throw new \InvalidArgumentException('Cannot redirect to an empty URL.');
+		}
+
+		$parameters = array();
+
+		if (!is_null($state)) {
+			$parameters['state'] = $state;
+		}
+
+		if (!is_null($error)) {
+			$this->setError(400, $error, $errorDescription, $errorUri);
+		}
+		$this->setStatusCode($statusCode);
+		$this->addParameters($parameters);
+
+		if (count($this->parameters) > 0) {
+			// add parameters to URL redirection
+			$parts = parse_url($url);
+			$sep = isset($parts['query']) && count($parts['query']) > 0 ? '&' : '?';
+			$url .= $sep . http_build_query($this->parameters);
+		}
+
+		$this->addHttpHeaders(array('Location' =>  $url));
+
+		if (!$this->isRedirection()) {
+			throw new \InvalidArgumentException(sprintf('The HTTP status code is not a redirect ("%s" given).', $statusCode));
+		}
+	}
+
+	// http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
+	/**
+	 * @return Boolean
+	 *
+	 * @api
+	 */
+	public function isInvalid()
+	{
+		return $this->statusCode < 100 || $this->statusCode >= 600;
+	}
+
+	/**
+	 * @return Boolean
+	 *
+	 * @api
+	 */
+	public function isInformational()
+	{
+		return $this->statusCode >= 100 && $this->statusCode < 200;
+	}
+
+	/**
+	 * @return Boolean
+	 *
+	 * @api
+	 */
+	public function isSuccessful()
+	{
+		return $this->statusCode >= 200 && $this->statusCode < 300;
+	}
+
+	/**
+	 * @return Boolean
+	 *
+	 * @api
+	 */
+	public function isRedirection()
+	{
+		return $this->statusCode >= 300 && $this->statusCode < 400;
+	}
+
+	/**
+	 * @return Boolean
+	 *
+	 * @api
+	 */
+	public function isClientError()
+	{
+		return $this->statusCode >= 400 && $this->statusCode < 500;
+	}
+
+	/**
+	 * @return Boolean
+	 *
+	 * @api
+	 */
+	public function isServerError()
+	{
+		return $this->statusCode >= 500 && $this->statusCode < 600;
+	}
+
+	/*
      * Functions from Symfony2 HttpFoundation - output pretty header
      */
-    private function getHttpHeadersAsString($headers)
-    {
-        if (count($headers) == 0) {
-            return '';
-        }
-
-        $max = max(array_map('strlen', array_keys($headers))) + 1;
-        $content = '';
-        ksort($headers);
-        foreach ($headers as $name => $values) {
-            foreach ($values as $value) {
-                $content .= sprintf("%-{$max}s %s\r\n", $this->beautifyHeaderName($name).':', $value);
-            }
-        }
-
-        return $content;
-    }
-
-    private function beautifyHeaderName($name)
-    {
-        return preg_replace_callback('/\-(.)/', array($this, 'beautifyCallback'), ucfirst($name));
-    }
-
-    private function beautifyCallback($match)
-    {
-        return '-'.strtoupper($match[1]);
-    }
+	private function getHttpHeadersAsString($headers)
+	{
+		if (count($headers) == 0) {
+			return '';
+		}
+
+		$max = max(array_map('strlen', array_keys($headers))) + 1;
+		$content = '';
+		ksort($headers);
+		foreach ($headers as $name => $values) {
+			foreach ($values as $value) {
+				$content .= sprintf("%-{$max}s %s\r\n", $this->beautifyHeaderName($name).':', $value);
+			}
+		}
+
+		return $content;
+	}
+
+	private function beautifyHeaderName($name)
+	{
+		return preg_replace_callback('/\-(.)/', array($this, 'beautifyCallback'), ucfirst($name));
+	}
+
+	private function beautifyCallback($match)
+	{
+		return '-'.strtoupper($match[1]);
+	}
 }

Spacing +4 added lines, -4 removed lines

@@ -84,8 +84,8 @@ 
         }
 
         return
-            sprintf('HTTP/%s %s %s', $this->version, $this->statusCode, $this->statusText)."\r\n".
-            $this->getHttpHeadersAsString($headers)."\r\n".
+            sprintf('HTTP/%s %s %s', $this->version, $this->statusCode, $this->statusText) . "\r\n" .
+            $this->getHttpHeadersAsString($headers) . "\r\n" .
             $this->getResponseBody();
     }
 
@@ -350,7 +350,7 @@ 
         ksort($headers);
         foreach ($headers as $name => $values) {
             foreach ($values as $value) {
-                $content .= sprintf("%-{$max}s %s\r\n", $this->beautifyHeaderName($name).':', $value);
+                $content .= sprintf("%-{$max}s %s\r\n", $this->beautifyHeaderName($name) . ':', $value);
             }
         }
 
@@ -364,6 +364,6 @@ 
 
     private function beautifyCallback($match)
     {
-        return '-'.strtoupper($match[1]);
+        return '-' . strtoupper($match[1]);
     }
 }

extensions/libraries/redcore/api/oauth2/ResponseType/ResponseTypeInterface.php

Indentation +1 added lines, -1 removed lines

@@ -4,5 +4,5 @@
 
 interface ResponseTypeInterface
 {
-    public function getAuthorizeResponse($params, $user_id = null);
+	public function getAuthorizeResponse($params, $user_id = null);
 }

extensions/libraries/redcore/api/oauth2/ResponseType/AuthorizationCode.php

Indentation +76 added lines, -76 removed lines

@@ -10,91 +10,91 @@
  */
 class AuthorizationCode implements AuthorizationCodeInterface
 {
-    protected $storage;
-    protected $config;
+	protected $storage;
+	protected $config;
 
-    public function __construct(AuthorizationCodeStorageInterface $storage, array $config = array())
-    {
-        $this->storage = $storage;
-        $this->config = array_merge(array(
-            'enforce_redirect' => false,
-            'auth_code_lifetime' => 30,
-        ), $config);
-    }
+	public function __construct(AuthorizationCodeStorageInterface $storage, array $config = array())
+	{
+		$this->storage = $storage;
+		$this->config = array_merge(array(
+			'enforce_redirect' => false,
+			'auth_code_lifetime' => 30,
+		), $config);
+	}
 
-    public function getAuthorizeResponse($params, $user_id = null)
-    {
-        // build the URL to redirect to
-        $result = array('query' => array());
+	public function getAuthorizeResponse($params, $user_id = null)
+	{
+		// build the URL to redirect to
+		$result = array('query' => array());
 
-        $params += array('scope' => null, 'state' => null);
+		$params += array('scope' => null, 'state' => null);
 
-        $result['query']['code'] = $this->createAuthorizationCode($params['client_id'], $user_id, $params['redirect_uri'], $params['scope']);
+		$result['query']['code'] = $this->createAuthorizationCode($params['client_id'], $user_id, $params['redirect_uri'], $params['scope']);
 
-        if (isset($params['state'])) {
-            $result['query']['state'] = $params['state'];
-        }
+		if (isset($params['state'])) {
+			$result['query']['state'] = $params['state'];
+		}
 
-        return array($params['redirect_uri'], $result);
-    }
+		return array($params['redirect_uri'], $result);
+	}
 
-    /**
-     * Handle the creation of the authorization code.
-     *
-     * @param $client_id
-     * Client identifier related to the authorization code
-     * @param $user_id
-     * User ID associated with the authorization code
-     * @param $redirect_uri
-     * An absolute URI to which the authorization server will redirect the
-     * user-agent to when the end-user authorization step is completed.
-     * @param $scope
-     * (optional) Scopes to be stored in space-separated string.
-     *
-     * @see http://tools.ietf.org/html/rfc6749#section-4
-     * @ingroup oauth2_section_4
-     */
-    public function createAuthorizationCode($client_id, $user_id, $redirect_uri, $scope = null)
-    {
-        $code = $this->generateAuthorizationCode();
-        $this->storage->setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, time() + $this->config['auth_code_lifetime'], $scope);
+	/**
+	 * Handle the creation of the authorization code.
+	 *
+	 * @param $client_id
+	 * Client identifier related to the authorization code
+	 * @param $user_id
+	 * User ID associated with the authorization code
+	 * @param $redirect_uri
+	 * An absolute URI to which the authorization server will redirect the
+	 * user-agent to when the end-user authorization step is completed.
+	 * @param $scope
+	 * (optional) Scopes to be stored in space-separated string.
+	 *
+	 * @see http://tools.ietf.org/html/rfc6749#section-4
+	 * @ingroup oauth2_section_4
+	 */
+	public function createAuthorizationCode($client_id, $user_id, $redirect_uri, $scope = null)
+	{
+		$code = $this->generateAuthorizationCode();
+		$this->storage->setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, time() + $this->config['auth_code_lifetime'], $scope);
 
-        return $code;
-    }
+		return $code;
+	}
 
-    /**
-     * @return
-     * TRUE if the grant type requires a redirect_uri, FALSE if not
-     */
-    public function enforceRedirect()
-    {
-        return $this->config['enforce_redirect'];
-    }
+	/**
+	 * @return
+	 * TRUE if the grant type requires a redirect_uri, FALSE if not
+	 */
+	public function enforceRedirect()
+	{
+		return $this->config['enforce_redirect'];
+	}
 
-    /**
-     * Generates an unique auth code.
-     *
-     * Implementing classes may want to override this function to implement
-     * other auth code generation schemes.
-     *
-     * @return
-     * An unique auth code.
-     *
-     * @ingroup oauth2_section_4
-     */
-    protected function generateAuthorizationCode()
-    {
-        $tokenLen = 40;
-        if (function_exists('mcrypt_create_iv')) {
-            $randomData = mcrypt_create_iv(100, MCRYPT_DEV_URANDOM);
-        } elseif (function_exists('openssl_random_pseudo_bytes')) {
-            $randomData = openssl_random_pseudo_bytes(100);
-        } elseif (@file_exists('/dev/urandom')) { // Get 100 bytes of random data
-            $randomData = file_get_contents('/dev/urandom', false, null, 0, 100) . uniqid(mt_rand(), true);
-        } else {
-            $randomData = mt_rand() . mt_rand() . mt_rand() . mt_rand() . microtime(true) . uniqid(mt_rand(), true);
-        }
+	/**
+	 * Generates an unique auth code.
+	 *
+	 * Implementing classes may want to override this function to implement
+	 * other auth code generation schemes.
+	 *
+	 * @return
+	 * An unique auth code.
+	 *
+	 * @ingroup oauth2_section_4
+	 */
+	protected function generateAuthorizationCode()
+	{
+		$tokenLen = 40;
+		if (function_exists('mcrypt_create_iv')) {
+			$randomData = mcrypt_create_iv(100, MCRYPT_DEV_URANDOM);
+		} elseif (function_exists('openssl_random_pseudo_bytes')) {
+			$randomData = openssl_random_pseudo_bytes(100);
+		} elseif (@file_exists('/dev/urandom')) { // Get 100 bytes of random data
+			$randomData = file_get_contents('/dev/urandom', false, null, 0, 100) . uniqid(mt_rand(), true);
+		} else {
+			$randomData = mt_rand() . mt_rand() . mt_rand() . mt_rand() . microtime(true) . uniqid(mt_rand(), true);
+		}
 
-        return substr(hash('sha512', $randomData), 0, $tokenLen);
-    }
+		return substr(hash('sha512', $randomData), 0, $tokenLen);
+	}
 }

extensions/libraries/redcore/api/oauth2/ResponseType/AccessTokenInterface.php

Indentation +22 added lines, -22 removed lines

@@ -8,27 +8,27 @@
  */
 interface AccessTokenInterface extends ResponseTypeInterface
 {
-    /**
-     * Handle the creation of access token, also issue refresh token if supported / desirable.
-     *
-     * @param $client_id                client identifier related to the access token.
-     * @param $user_id                  user ID associated with the access token
-     * @param $scope                    OPTONAL scopes to be stored in space-separated string.
-     * @param bool $includeRefreshToken if true, a new refresh_token will be added to the response
-     *
-     * @see http://tools.ietf.org/html/rfc6749#section-5
-     * @ingroup oauth2_section_5
-     */
-    public function createAccessToken($client_id, $user_id, $scope = null, $includeRefreshToken = true);
+	/**
+	 * Handle the creation of access token, also issue refresh token if supported / desirable.
+	 *
+	 * @param $client_id                client identifier related to the access token.
+	 * @param $user_id                  user ID associated with the access token
+	 * @param $scope                    OPTONAL scopes to be stored in space-separated string.
+	 * @param bool $includeRefreshToken if true, a new refresh_token will be added to the response
+	 *
+	 * @see http://tools.ietf.org/html/rfc6749#section-5
+	 * @ingroup oauth2_section_5
+	 */
+	public function createAccessToken($client_id, $user_id, $scope = null, $includeRefreshToken = true);
 
-    /**
-     * Handle the revoking of refresh tokens, and access tokens if supported / desirable
-     *
-     * @param $token
-     * @param $tokenTypeHint
-     * @return mixed
-     *
-     * @todo v2.0 include this method in interface. Omitted to maintain BC in v1.x
-     */
-    //public function revokeToken($token, $tokenTypeHint);
+	/**
+	 * Handle the revoking of refresh tokens, and access tokens if supported / desirable
+	 *
+	 * @param $token
+	 * @param $tokenTypeHint
+	 * @return mixed
+	 *
+	 * @todo v2.0 include this method in interface. Omitted to maintain BC in v1.x
+	 */
+	//public function revokeToken($token, $tokenTypeHint);
 }

extensions/libraries/redcore/api/oauth2/ResponseType/JwtAccessToken.php

Indentation +86 added lines, -86 removed lines

@@ -15,110 +15,110 @@
  */
 class JwtAccessToken extends AccessToken
 {
-    protected $publicKeyStorage;
-    protected $encryptionUtil;
+	protected $publicKeyStorage;
+	protected $encryptionUtil;
 
-    /**
-     * @param $config
-     *  - store_encrypted_token_string (bool true)
-     *       whether the entire encrypted string is stored,
-     *       or just the token ID is stored
-     */
-    public function __construct(PublicKeyInterface $publicKeyStorage = null, AccessTokenStorageInterface $tokenStorage = null, RefreshTokenInterface $refreshStorage = null, array $config = array(), EncryptionInterface $encryptionUtil = null)
-    {
-        $this->publicKeyStorage = $publicKeyStorage;
-        $config = array_merge(array(
-            'store_encrypted_token_string' => true,
-            'issuer' => ''
-        ), $config);
-        if (is_null($tokenStorage)) {
-            // a pass-thru, so we can call the parent constructor
-            $tokenStorage = new Memory();
-        }
-        if (is_null($encryptionUtil)) {
-            $encryptionUtil = new Jwt();
-        }
-        $this->encryptionUtil = $encryptionUtil;
-        parent::__construct($tokenStorage, $refreshStorage, $config);
-    }
+	/**
+	 * @param $config
+	 *  - store_encrypted_token_string (bool true)
+	 *       whether the entire encrypted string is stored,
+	 *       or just the token ID is stored
+	 */
+	public function __construct(PublicKeyInterface $publicKeyStorage = null, AccessTokenStorageInterface $tokenStorage = null, RefreshTokenInterface $refreshStorage = null, array $config = array(), EncryptionInterface $encryptionUtil = null)
+	{
+		$this->publicKeyStorage = $publicKeyStorage;
+		$config = array_merge(array(
+			'store_encrypted_token_string' => true,
+			'issuer' => ''
+		), $config);
+		if (is_null($tokenStorage)) {
+			// a pass-thru, so we can call the parent constructor
+			$tokenStorage = new Memory();
+		}
+		if (is_null($encryptionUtil)) {
+			$encryptionUtil = new Jwt();
+		}
+		$this->encryptionUtil = $encryptionUtil;
+		parent::__construct($tokenStorage, $refreshStorage, $config);
+	}
 
-    /**
-     * Handle the creation of access token, also issue refresh token if supported / desirable.
-     *
-     * @param $client_id
-     * Client identifier related to the access token.
-     * @param $user_id
-     * User ID associated with the access token
-     * @param $scope
-     * (optional) Scopes to be stored in space-separated string.
-     * @param bool $includeRefreshToken
-     *                                  If true, a new refresh_token will be added to the response
-     *
-     * @see http://tools.ietf.org/html/rfc6749#section-5
-     * @ingroup oauth2_section_5
-     */
-    public function createAccessToken($client_id, $user_id, $scope = null, $includeRefreshToken = true)
-    {
-        // token to encrypt
-        $expires = time() + $this->config['access_lifetime'];
-        $id = $this->generateAccessToken();
-        $jwtAccessToken = array(
-            'id'         => $id, // for BC (see #591)
-            'jti'        => $id,
-            'iss'        => $this->config['issuer'],
-            'aud'        => $client_id,
-            'sub'        => $user_id,
-            'exp'        => $expires,
-            'iat'        => time(),
-            'token_type' => $this->config['token_type'],
-            'scope'      => $scope
-        );
+	/**
+	 * Handle the creation of access token, also issue refresh token if supported / desirable.
+	 *
+	 * @param $client_id
+	 * Client identifier related to the access token.
+	 * @param $user_id
+	 * User ID associated with the access token
+	 * @param $scope
+	 * (optional) Scopes to be stored in space-separated string.
+	 * @param bool $includeRefreshToken
+	 *                                  If true, a new refresh_token will be added to the response
+	 *
+	 * @see http://tools.ietf.org/html/rfc6749#section-5
+	 * @ingroup oauth2_section_5
+	 */
+	public function createAccessToken($client_id, $user_id, $scope = null, $includeRefreshToken = true)
+	{
+		// token to encrypt
+		$expires = time() + $this->config['access_lifetime'];
+		$id = $this->generateAccessToken();
+		$jwtAccessToken = array(
+			'id'         => $id, // for BC (see #591)
+			'jti'        => $id,
+			'iss'        => $this->config['issuer'],
+			'aud'        => $client_id,
+			'sub'        => $user_id,
+			'exp'        => $expires,
+			'iat'        => time(),
+			'token_type' => $this->config['token_type'],
+			'scope'      => $scope
+		);
 
-        /*
+		/*
          * Encode the token data into a single access_token string
          */
-        $access_token = $this->encodeToken($jwtAccessToken, $client_id);
+		$access_token = $this->encodeToken($jwtAccessToken, $client_id);
 
-        /*
+		/*
          * Save the token to a secondary storage.  This is implemented on the
          * OAuth2\Storage\JwtAccessToken side, and will not actually store anything,
          * if no secondary storage has been supplied
          */
-        $token_to_store = $this->config['store_encrypted_token_string'] ? $access_token : $jwtAccessToken['id'];
-        $this->tokenStorage->setAccessToken($token_to_store, $client_id, $user_id, $this->config['access_lifetime'] ? time() + $this->config['access_lifetime'] : null, $scope);
+		$token_to_store = $this->config['store_encrypted_token_string'] ? $access_token : $jwtAccessToken['id'];
+		$this->tokenStorage->setAccessToken($token_to_store, $client_id, $user_id, $this->config['access_lifetime'] ? time() + $this->config['access_lifetime'] : null, $scope);
 
-        // token to return to the client
-        $token = array(
-            'access_token' => $access_token,
-            'expires_in' => $this->config['access_lifetime'],
-            'token_type' => $this->config['token_type'],
-            'scope' => $scope
-        );
+		// token to return to the client
+		$token = array(
+			'access_token' => $access_token,
+			'expires_in' => $this->config['access_lifetime'],
+			'token_type' => $this->config['token_type'],
+			'scope' => $scope
+		);
 
-        /*
+		/*
          * Issue a refresh token also, if we support them
          *
          * Refresh Tokens are considered supported if an instance of OAuth2\Storage\RefreshTokenInterface
          * is supplied in the constructor
          */
-        if ($includeRefreshToken && $this->refreshStorage) {
-            $refresh_token = $this->generateRefreshToken();
-            $expires = 0;
-            if ($this->config['refresh_token_lifetime'] > 0) {
-                $expires = time() + $this->config['refresh_token_lifetime'];
-            }
-            $this->refreshStorage->setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope);
-            $token['refresh_token'] = $refresh_token;
-        }
+		if ($includeRefreshToken && $this->refreshStorage) {
+			$refresh_token = $this->generateRefreshToken();
+			$expires = 0;
+			if ($this->config['refresh_token_lifetime'] > 0) {
+				$expires = time() + $this->config['refresh_token_lifetime'];
+			}
+			$this->refreshStorage->setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope);
+			$token['refresh_token'] = $refresh_token;
+		}
 
-        return $token;
-    }
+		return $token;
+	}
 
-    protected function encodeToken(array $token, $client_id = null)
-    {
-        $private_key = $this->publicKeyStorage->getPrivateKey($client_id);
-        $algorithm   = $this->publicKeyStorage->getEncryptionAlgorithm($client_id);
+	protected function encodeToken(array $token, $client_id = null)
+	{
+		$private_key = $this->publicKeyStorage->getPrivateKey($client_id);
+		$algorithm   = $this->publicKeyStorage->getEncryptionAlgorithm($client_id);
 
-        return $this->encryptionUtil->encode($token, $private_key, $algorithm);
-    }
+		return $this->encryptionUtil->encode($token, $private_key, $algorithm);
+	}
 }

extensions/libraries/redcore/api/oauth2/ResponseType/AuthorizationCodeInterface.php

Indentation +18 added lines, -18 removed lines

@@ -8,23 +8,23 @@
  */
 interface AuthorizationCodeInterface extends ResponseTypeInterface
 {
-    /**
-     * @return
-     * TRUE if the grant type requires a redirect_uri, FALSE if not
-     */
-    public function enforceRedirect();
+	/**
+	 * @return
+	 * TRUE if the grant type requires a redirect_uri, FALSE if not
+	 */
+	public function enforceRedirect();
 
-    /**
-     * Handle the creation of the authorization code.
-     *
-     * @param $client_id    client identifier related to the authorization code
-     * @param $user_id      user id associated with the authorization code
-     * @param $redirect_uri an absolute URI to which the authorization server will redirect the
-     *                      user-agent to when the end-user authorization step is completed.
-     * @param $scope        OPTIONAL scopes to be stored in space-separated string.
-     *
-     * @see http://tools.ietf.org/html/rfc6749#section-4
-     * @ingroup oauth2_section_4
-     */
-    public function createAuthorizationCode($client_id, $user_id, $redirect_uri, $scope = null);
+	/**
+	 * Handle the creation of the authorization code.
+	 *
+	 * @param $client_id    client identifier related to the authorization code
+	 * @param $user_id      user id associated with the authorization code
+	 * @param $redirect_uri an absolute URI to which the authorization server will redirect the
+	 *                      user-agent to when the end-user authorization step is completed.
+	 * @param $scope        OPTIONAL scopes to be stored in space-separated string.
+	 *
+	 * @see http://tools.ietf.org/html/rfc6749#section-4
+	 * @ingroup oauth2_section_4
+	 */
+	public function createAuthorizationCode($client_id, $user_id, $redirect_uri, $scope = null);
 }

extensions/libraries/redcore/api/oauth2/ResponseType/AccessToken.php

Indentation +171 added lines, -171 removed lines

@@ -11,184 +11,184 @@
  */
 class AccessToken implements AccessTokenInterface
 {
-    protected $tokenStorage;
-    protected $refreshStorage;
-    protected $config;
-
-    /**
-     * @param OAuth2\Storage\AccessTokenInterface  $tokenStorage   REQUIRED Storage class for saving access token information
-     * @param OAuth2\Storage\RefreshTokenInterface $refreshStorage OPTIONAL Storage class for saving refresh token information
-     * @param array                                $config         OPTIONAL Configuration options for the server
-     *                                                             <code>
-     *                                                             $config = array(
-     *                                                             'token_type' => 'bearer',              // token type identifier
-     *                                                             'access_lifetime' => 3600,             // time before access token expires
-     *                                                             'refresh_token_lifetime' => 1209600,   // time before refresh token expires
-     *                                                             );
-     *                                                             </endcode>
-     */
-    public function __construct(AccessTokenStorageInterface $tokenStorage, RefreshTokenInterface $refreshStorage = null, array $config = array())
-    {
-        $this->tokenStorage = $tokenStorage;
-        $this->refreshStorage = $refreshStorage;
-
-        $this->config = array_merge(array(
-            'token_type'             => 'bearer',
-            'access_lifetime'        => 3600,
-            'refresh_token_lifetime' => 1209600,
-        ), $config);
-    }
-
-    public function getAuthorizeResponse($params, $user_id = null)
-    {
-        // build the URL to redirect to
-        $result = array('query' => array());
-
-        $params += array('scope' => null, 'state' => null);
-
-        /*
+	protected $tokenStorage;
+	protected $refreshStorage;
+	protected $config;
+
+	/**
+	 * @param OAuth2\Storage\AccessTokenInterface  $tokenStorage   REQUIRED Storage class for saving access token information
+	 * @param OAuth2\Storage\RefreshTokenInterface $refreshStorage OPTIONAL Storage class for saving refresh token information
+	 * @param array                                $config         OPTIONAL Configuration options for the server
+	 *                                                             <code>
+	 *                                                             $config = array(
+	 *                                                             'token_type' => 'bearer',              // token type identifier
+	 *                                                             'access_lifetime' => 3600,             // time before access token expires
+	 *                                                             'refresh_token_lifetime' => 1209600,   // time before refresh token expires
+	 *                                                             );
+	 *                                                             </endcode>
+	 */
+	public function __construct(AccessTokenStorageInterface $tokenStorage, RefreshTokenInterface $refreshStorage = null, array $config = array())
+	{
+		$this->tokenStorage = $tokenStorage;
+		$this->refreshStorage = $refreshStorage;
+
+		$this->config = array_merge(array(
+			'token_type'             => 'bearer',
+			'access_lifetime'        => 3600,
+			'refresh_token_lifetime' => 1209600,
+		), $config);
+	}
+
+	public function getAuthorizeResponse($params, $user_id = null)
+	{
+		// build the URL to redirect to
+		$result = array('query' => array());
+
+		$params += array('scope' => null, 'state' => null);
+
+		/*
          * a refresh token MUST NOT be included in the fragment
          *
          * @see http://tools.ietf.org/html/rfc6749#section-4.2.2
          */
-        $includeRefreshToken = false;
-        $result["fragment"] = $this->createAccessToken($params['client_id'], $user_id, $params['scope'], $includeRefreshToken);
-
-        if (isset($params['state'])) {
-            $result["fragment"]["state"] = $params['state'];
-        }
-
-        return array($params['redirect_uri'], $result);
-    }
-
-    /**
-     * Handle the creation of access token, also issue refresh token if supported / desirable.
-     *
-     * @param $client_id                client identifier related to the access token.
-     * @param $user_id                  user ID associated with the access token
-     * @param $scope                    OPTIONAL scopes to be stored in space-separated string.
-     * @param bool $includeRefreshToken if true, a new refresh_token will be added to the response
-     *
-     * @see http://tools.ietf.org/html/rfc6749#section-5
-     * @ingroup oauth2_section_5
-     */
-    public function createAccessToken($client_id, $user_id, $scope = null, $includeRefreshToken = true)
-    {
-        $token = array(
-            "access_token" => $this->generateAccessToken(),
-            "expires_in" => $this->config['access_lifetime'],
-            "token_type" => $this->config['token_type'],
-            "scope" => $scope
-        );
-
-        $this->tokenStorage->setAccessToken($token["access_token"], $client_id, $user_id, $this->config['access_lifetime'] ? time() + $this->config['access_lifetime'] : null, $scope);
-
-        /*
+		$includeRefreshToken = false;
+		$result["fragment"] = $this->createAccessToken($params['client_id'], $user_id, $params['scope'], $includeRefreshToken);
+
+		if (isset($params['state'])) {
+			$result["fragment"]["state"] = $params['state'];
+		}
+
+		return array($params['redirect_uri'], $result);
+	}
+
+	/**
+	 * Handle the creation of access token, also issue refresh token if supported / desirable.
+	 *
+	 * @param $client_id                client identifier related to the access token.
+	 * @param $user_id                  user ID associated with the access token
+	 * @param $scope                    OPTIONAL scopes to be stored in space-separated string.
+	 * @param bool $includeRefreshToken if true, a new refresh_token will be added to the response
+	 *
+	 * @see http://tools.ietf.org/html/rfc6749#section-5
+	 * @ingroup oauth2_section_5
+	 */
+	public function createAccessToken($client_id, $user_id, $scope = null, $includeRefreshToken = true)
+	{
+		$token = array(
+			"access_token" => $this->generateAccessToken(),
+			"expires_in" => $this->config['access_lifetime'],
+			"token_type" => $this->config['token_type'],
+			"scope" => $scope
+		);
+
+		$this->tokenStorage->setAccessToken($token["access_token"], $client_id, $user_id, $this->config['access_lifetime'] ? time() + $this->config['access_lifetime'] : null, $scope);
+
+		/*
          * Issue a refresh token also, if we support them
          *
          * Refresh Tokens are considered supported if an instance of OAuth2\Storage\RefreshTokenInterface
          * is supplied in the constructor
          */
-        if ($includeRefreshToken && $this->refreshStorage) {
-            $token["refresh_token"] = $this->generateRefreshToken();
-            $expires = 0;
-            if ($this->config['refresh_token_lifetime'] > 0) {
-                $expires = time() + $this->config['refresh_token_lifetime'];
-            }
-            $this->refreshStorage->setRefreshToken($token['refresh_token'], $client_id, $user_id, $expires, $scope);
-        }
-
-        return $token;
-    }
-
-    /**
-     * Generates an unique access token.
-     *
-     * Implementing classes may want to override this function to implement
-     * other access token generation schemes.
-     *
-     * @return
-     * An unique access token.
-     *
-     * @ingroup oauth2_section_4
-     */
-    protected function generateAccessToken()
-    {
-        if (function_exists('mcrypt_create_iv')) {
-            $randomData = mcrypt_create_iv(20, MCRYPT_DEV_URANDOM);
-            if ($randomData !== false && strlen($randomData) === 20) {
-                return bin2hex($randomData);
-            }
-        }
-        if (function_exists('openssl_random_pseudo_bytes')) {
-            $randomData = openssl_random_pseudo_bytes(20);
-            if ($randomData !== false && strlen($randomData) === 20) {
-                return bin2hex($randomData);
-            }
-        }
-        if (@file_exists('/dev/urandom')) { // Get 100 bytes of random data
-            $randomData = file_get_contents('/dev/urandom', false, null, 0, 20);
-            if ($randomData !== false && strlen($randomData) === 20) {
-                return bin2hex($randomData);
-            }
-        }
-        // Last resort which you probably should just get rid of:
-        $randomData = mt_rand() . mt_rand() . mt_rand() . mt_rand() . microtime(true) . uniqid(mt_rand(), true);
-
-        return substr(hash('sha512', $randomData), 0, 40);
-    }
-
-    /**
-     * Generates an unique refresh token
-     *
-     * Implementing classes may want to override this function to implement
-     * other refresh token generation schemes.
-     *
-     * @return
-     * An unique refresh.
-     *
-     * @ingroup oauth2_section_4
-     * @see OAuth2::generateAccessToken()
-     */
-    protected function generateRefreshToken()
-    {
-        return $this->generateAccessToken(); // let's reuse the same scheme for token generation
-    }
-
-    /**
-     * Handle the revoking of refresh tokens, and access tokens if supported / desirable
-     * RFC7009 specifies that "If the server is unable to locate the token using
-     * the given hint, it MUST extend its search across all of its supported token types"
-     *
-     * @param $token
-     * @param null $tokenTypeHint
-     * @return boolean
-     */
-    public function revokeToken($token, $tokenTypeHint = null)
-    {
-        if ($tokenTypeHint == 'refresh_token') {
-            if ($this->refreshStorage && $revoked = $this->refreshStorage->unsetRefreshToken($token)) {
-                return true;
-            }
-        }
-
-        /** @TODO remove in v2 */
-        if (!method_exists($this->tokenStorage, 'unsetAccessToken')) {
-            throw new \RuntimeException(
-                sprintf('Token storage %s must implement unsetAccessToken method', get_class($this->tokenStorage)
-            ));
-        }
-
-        $revoked = $this->tokenStorage->unsetAccessToken($token);
-
-        // if a typehint is supplied and fails, try other storages 
-        // @see https://tools.ietf.org/html/rfc7009#section-2.1
-        if (!$revoked && $tokenTypeHint != 'refresh_token') {
-            if ($this->refreshStorage) {
-                $revoked = $this->refreshStorage->unsetRefreshToken($token);
-            }
-        }
-
-        return $revoked;
-    }
+		if ($includeRefreshToken && $this->refreshStorage) {
+			$token["refresh_token"] = $this->generateRefreshToken();
+			$expires = 0;
+			if ($this->config['refresh_token_lifetime'] > 0) {
+				$expires = time() + $this->config['refresh_token_lifetime'];
+			}
+			$this->refreshStorage->setRefreshToken($token['refresh_token'], $client_id, $user_id, $expires, $scope);
+		}
+
+		return $token;
+	}
+
+	/**
+	 * Generates an unique access token.
+	 *
+	 * Implementing classes may want to override this function to implement
+	 * other access token generation schemes.
+	 *
+	 * @return
+	 * An unique access token.
+	 *
+	 * @ingroup oauth2_section_4
+	 */
+	protected function generateAccessToken()
+	{
+		if (function_exists('mcrypt_create_iv')) {
+			$randomData = mcrypt_create_iv(20, MCRYPT_DEV_URANDOM);
+			if ($randomData !== false && strlen($randomData) === 20) {
+				return bin2hex($randomData);
+			}
+		}
+		if (function_exists('openssl_random_pseudo_bytes')) {
+			$randomData = openssl_random_pseudo_bytes(20);
+			if ($randomData !== false && strlen($randomData) === 20) {
+				return bin2hex($randomData);
+			}
+		}
+		if (@file_exists('/dev/urandom')) { // Get 100 bytes of random data
+			$randomData = file_get_contents('/dev/urandom', false, null, 0, 20);
+			if ($randomData !== false && strlen($randomData) === 20) {
+				return bin2hex($randomData);
+			}
+		}
+		// Last resort which you probably should just get rid of:
+		$randomData = mt_rand() . mt_rand() . mt_rand() . mt_rand() . microtime(true) . uniqid(mt_rand(), true);
+
+		return substr(hash('sha512', $randomData), 0, 40);
+	}
+
+	/**
+	 * Generates an unique refresh token
+	 *
+	 * Implementing classes may want to override this function to implement
+	 * other refresh token generation schemes.
+	 *
+	 * @return
+	 * An unique refresh.
+	 *
+	 * @ingroup oauth2_section_4
+	 * @see OAuth2::generateAccessToken()
+	 */
+	protected function generateRefreshToken()
+	{
+		return $this->generateAccessToken(); // let's reuse the same scheme for token generation
+	}
+
+	/**
+	 * Handle the revoking of refresh tokens, and access tokens if supported / desirable
+	 * RFC7009 specifies that "If the server is unable to locate the token using
+	 * the given hint, it MUST extend its search across all of its supported token types"
+	 *
+	 * @param $token
+	 * @param null $tokenTypeHint
+	 * @return boolean
+	 */
+	public function revokeToken($token, $tokenTypeHint = null)
+	{
+		if ($tokenTypeHint == 'refresh_token') {
+			if ($this->refreshStorage && $revoked = $this->refreshStorage->unsetRefreshToken($token)) {
+				return true;
+			}
+		}
+
+		/** @TODO remove in v2 */
+		if (!method_exists($this->tokenStorage, 'unsetAccessToken')) {
+			throw new \RuntimeException(
+				sprintf('Token storage %s must implement unsetAccessToken method', get_class($this->tokenStorage)
+			));
+		}
+
+		$revoked = $this->tokenStorage->unsetAccessToken($token);
+
+		// if a typehint is supplied and fails, try other storages 
+		// @see https://tools.ietf.org/html/rfc7009#section-2.1
+		if (!$revoked && $tokenTypeHint != 'refresh_token') {
+			if ($this->refreshStorage) {
+				$revoked = $this->refreshStorage->unsetRefreshToken($token);
+			}
+		}
+
+		return $revoked;
+	}
 }

extensions/libraries/redcore/api/oauth2/Encryption/EncryptionInterface.php

Indentation +4 added lines, -4 removed lines

@@ -4,8 +4,8 @@
 
 interface EncryptionInterface
 {
-    public function encode($payload, $key, $algorithm = null);
-    public function decode($payload, $key, $algorithm = null);
-    public function urlSafeB64Encode($data);
-    public function urlSafeB64Decode($b64);
+	public function encode($payload, $key, $algorithm = null);
+	public function decode($payload, $key, $algorithm = null);
+	public function urlSafeB64Encode($data);
+	public function urlSafeB64Decode($b64);
 }

extensions/libraries/redcore/api/oauth2/Encryption/FirebaseJwt.php

Indentation +36 added lines, -36 removed lines

@@ -8,40 +8,40 @@
  */
 class FirebaseJwt implements EncryptionInterface
 {
-    public function __construct()
-    {
-        if (!class_exists('\JWT')) {
-            throw new \ErrorException('firebase/php-jwt must be installed to use this feature. You can do this by running "composer require firebase/php-jwt"');
-        }
-    }
-
-    public function encode($payload, $key, $alg = 'HS256', $keyId = null)
-    {
-        return \JWT::encode($payload, $key, $alg, $keyId);
-    }
-
-    public function decode($jwt, $key = null, $allowedAlgorithms = null)
-    {
-        try {
-
-            //Maintain BC: Do not verify if no algorithms are passed in.
-            if (!$allowedAlgorithms) {
-                $key = null;
-            }
-
-            return (array)\JWT::decode($jwt, $key, $allowedAlgorithms);
-        } catch (\Exception $e) {
-            return false;
-        }
-    }
-
-    public function urlSafeB64Encode($data)
-    {
-        return \JWT::urlsafeB64Encode($data);
-    }
-
-    public function urlSafeB64Decode($b64)
-    {
-        return \JWT::urlsafeB64Decode($b64);
-    }
+	public function __construct()
+	{
+		if (!class_exists('\JWT')) {
+			throw new \ErrorException('firebase/php-jwt must be installed to use this feature. You can do this by running "composer require firebase/php-jwt"');
+		}
+	}
+
+	public function encode($payload, $key, $alg = 'HS256', $keyId = null)
+	{
+		return \JWT::encode($payload, $key, $alg, $keyId);
+	}
+
+	public function decode($jwt, $key = null, $allowedAlgorithms = null)
+	{
+		try {
+
+			//Maintain BC: Do not verify if no algorithms are passed in.
+			if (!$allowedAlgorithms) {
+				$key = null;
+			}
+
+			return (array)\JWT::decode($jwt, $key, $allowedAlgorithms);
+		} catch (\Exception $e) {
+			return false;
+		}
+	}
+
+	public function urlSafeB64Encode($data)
+	{
+		return \JWT::urlsafeB64Encode($data);
+	}
+
+	public function urlSafeB64Decode($b64)
+	{
+		return \JWT::urlsafeB64Decode($b64);
+	}
 }

Spacing +1 added lines, -1 removed lines

@@ -29,7 +29,7 @@
                 $key = null;
             }
 
-            return (array)\JWT::decode($jwt, $key, $allowedAlgorithms);
+            return (array) \JWT::decode($jwt, $key, $allowedAlgorithms);
         } catch (\Exception $e) {
             return false;
         }