Cheetah
Redis.php
Go to the documentation of this file.
1 <?php
2 
3 namespace OAuth2\Storage;
4 
5 use OAuth2\OpenID\Storage\AuthorizationCodeInterface as OpenIDAuthorizationCodeInterface;
6 
18 class Redis implements AuthorizationCodeInterface,
19  AccessTokenInterface,
20  ClientCredentialsInterface,
21  UserCredentialsInterface,
22  RefreshTokenInterface,
23  JwtBearerInterface,
24  ScopeInterface,
25  OpenIDAuthorizationCodeInterface
26 {
27 
28  private $cache;
29 
30  /* The redis client */
31  protected $redis;
32 
33  /* Configuration array */
34  protected $config;
35 
42  public function __construct($redis, $config=array())
43  {
44  $this->redis = $redis;
45  $this->config = array_merge(array(
46  'client_key' => 'oauth_clients:',
47  'access_token_key' => 'oauth_access_tokens:',
48  'refresh_token_key' => 'oauth_refresh_tokens:',
49  'code_key' => 'oauth_authorization_codes:',
50  'user_key' => 'oauth_users:',
51  'jwt_key' => 'oauth_jwt:',
52  'scope_key' => 'oauth_scopes:',
53  ), $config);
54  }
55 
56  protected function getValue($key)
57  {
58  if ( isset($this->cache[$key]) ) {
59  return $this->cache[$key];
60  }
61  $value = $this->redis->get($key);
62  if ( isset($value) ) {
63  return json_decode($value, true);
64  } else {
65  return false;
66  }
67  }
68 
69  protected function setValue($key, $value, $expire=0)
70  {
71  $this->cache[$key] = $value;
72  $str = json_encode($value);
73  if ($expire > 0) {
74  $seconds = $expire - time();
75  $ret = $this->redis->setex($key, $seconds, $str);
76  } else {
77  $ret = $this->redis->set($key, $str);
78  }
79 
80  // check that the key was set properly
81  // if this fails, an exception will usually thrown, so this step isn't strictly necessary
82  return is_bool($ret) ? $ret : $ret->getPayload() == 'OK';
83  }
84 
85  protected function expireValue($key)
86  {
87  unset($this->cache[$key]);
88 
89  return $this->redis->del($key);
90  }
91 
92  /* AuthorizationCodeInterface */
93  public function getAuthorizationCode($code)
94  {
95  return $this->getValue($this->config['code_key'] . $code);
96  }
97 
98  public function setAuthorizationCode($authorization_code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
99  {
100  return $this->setValue(
101  $this->config['code_key'] . $authorization_code,
102  compact('authorization_code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'scope', 'id_token'),
103  $expires
104  );
105  }
106 
107  public function expireAuthorizationCode($code)
108  {
109  $key = $this->config['code_key'] . $code;
110  unset($this->cache[$key]);
111 
112  return $this->expireValue($key);
113  }
114 
115  /* UserCredentialsInterface */
116  public function checkUserCredentials($username, $password)
117  {
118  $user = $this->getUserDetails($username);
119 
120  return $user && $user['password'] === $password;
121  }
122 
123  public function getUserDetails($username)
124  {
125  return $this->getUser($username);
126  }
127 
128  public function getUser($username)
129  {
130  if (!$userInfo = $this->getValue($this->config['user_key'] . $username)) {
131  return false;
132  }
133 
134  // the default behavior is to use "username" as the user_id
135  return array_merge(array(
136  'user_id' => $username,
137  ), $userInfo);
138  }
139 
140  public function setUser($username, $password, $first_name = null, $last_name = null)
141  {
142  return $this->setValue(
143  $this->config['user_key'] . $username,
144  compact('username', 'password', 'first_name', 'last_name')
145  );
146  }
147 
148  /* ClientCredentialsInterface */
149  public function checkClientCredentials($client_id, $client_secret = null)
150  {
151  if (!$client = $this->getClientDetails($client_id)) {
152  return false;
153  }
154 
155  return isset($client['client_secret'])
156  && $client['client_secret'] == $client_secret;
157  }
158 
159  public function isPublicClient($client_id)
160  {
161  if (!$client = $this->getClientDetails($client_id)) {
162  return false;
163  }
164 
165  return empty($result['client_secret']);
166  }
167 
168  /* ClientInterface */
169  public function getClientDetails($client_id)
170  {
171  return $this->getValue($this->config['client_key'] . $client_id);
172  }
173 
174  public function setClientDetails($client_id, $client_secret = null, $redirect_uri = null, $grant_types = null, $scope = null, $user_id = null)
175  {
176  return $this->setValue(
177  $this->config['client_key'] . $client_id,
178  compact('client_id', 'client_secret', 'redirect_uri', 'grant_types', 'scope', 'user_id')
179  );
180  }
181 
182  public function checkRestrictedGrantType($client_id, $grant_type)
183  {
184  $details = $this->getClientDetails($client_id);
185  if (isset($details['grant_types'])) {
186  $grant_types = explode(' ', $details['grant_types']);
187 
188  return in_array($grant_type, (array) $grant_types);
189  }
190 
191  // if grant_types are not defined, then none are restricted
192  return true;
193  }
194 
195  /* RefreshTokenInterface */
196  public function getRefreshToken($refresh_token)
197  {
198  return $this->getValue($this->config['refresh_token_key'] . $refresh_token);
199  }
200 
201  public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = null)
202  {
203  return $this->setValue(
204  $this->config['refresh_token_key'] . $refresh_token,
205  compact('refresh_token', 'client_id', 'user_id', 'expires', 'scope'),
206  $expires
207  );
208  }
209 
210  public function unsetRefreshToken($refresh_token)
211  {
212  return $this->expireValue($this->config['refresh_token_key'] . $refresh_token);
213  }
214 
215  /* AccessTokenInterface */
216  public function getAccessToken($access_token)
217  {
218  return $this->getValue($this->config['access_token_key'].$access_token);
219  }
220 
221  public function setAccessToken($access_token, $client_id, $user_id, $expires, $scope = null)
222  {
223  return $this->setValue(
224  $this->config['access_token_key'].$access_token,
225  compact('access_token', 'client_id', 'user_id', 'expires', 'scope'),
226  $expires
227  );
228  }
229 
230  public function unsetAccessToken($access_token)
231  {
232  return $this->expireValue($this->config['access_token_key'] . $access_token);
233  }
234 
235  /* ScopeInterface */
236  public function scopeExists($scope)
237  {
238  $scope = explode(' ', $scope);
239 
240  $result = $this->getValue($this->config['scope_key'].'supported:global');
241 
242  $supportedScope = explode(' ', (string) $result);
243 
244  return (count(array_diff($scope, $supportedScope)) == 0);
245  }
246 
247  public function getDefaultScope($client_id = null)
248  {
249  if (is_null($client_id) || !$result = $this->getValue($this->config['scope_key'].'default:'.$client_id)) {
250  $result = $this->getValue($this->config['scope_key'].'default:global');
251  }
252 
253  return $result;
254  }
255 
256  public function setScope($scope, $client_id = null, $type = 'supported')
257  {
258  if (!in_array($type, array('default', 'supported'))) {
259  throw new \InvalidArgumentException('"$type" must be one of "default", "supported"');
260  }
261 
262  if (is_null($client_id)) {
263  $key = $this->config['scope_key'].$type.':global';
264  } else {
265  $key = $this->config['scope_key'].$type.':'.$client_id;
266  }
267 
268  return $this->setValue($key, $scope);
269  }
270 
271  /*JWTBearerInterface */
272  public function getClientKey($client_id, $subject)
273  {
274  if (!$jwt = $this->getValue($this->config['jwt_key'] . $client_id)) {
275  return false;
276  }
277 
278  if (isset($jwt['subject']) && $jwt['subject'] == $subject) {
279  return $jwt['key'];
280  }
281 
282  return null;
283  }
284 
285  public function setClientKey($client_id, $key, $subject = null)
286  {
287  return $this->setValue($this->config['jwt_key'] . $client_id, array(
288  'key' => $key,
289  'subject' => $subject
290  ));
291  }
292 
293  public function getClientScope($client_id)
294  {
295  if (!$clientDetails = $this->getClientDetails($client_id)) {
296  return false;
297  }
298 
299  if (isset($clientDetails['scope'])) {
300  return $clientDetails['scope'];
301  }
302 
303  return null;
304  }
305 
306  public function getJti($client_id, $subject, $audience, $expiration, $jti)
307  {
308  //TODO: Needs redis implementation.
309  throw new \Exception('getJti() for the Redis driver is currently unimplemented.');
310  }
311 
312  public function setJti($client_id, $subject, $audience, $expiration, $jti)
313  {
314  //TODO: Needs redis implementation.
315  throw new \Exception('setJti() for the Redis driver is currently unimplemented.');
316  }
317 }
OAuth2\Storage\Redis\unsetAccessToken
unsetAccessToken($access_token)
Definition: Redis.php:230
OAuth2\Storage\Redis\__construct
__construct($redis, $config=array())
Definition: Redis.php:42
OAuth2\Storage\Redis\unsetRefreshToken
unsetRefreshToken($refresh_token)
Definition: Redis.php:210
OAuth2\OpenID\Storage\AuthorizationCodeInterface
Definition: AuthorizationCodeInterface.php:14
OAuth2\Storage\Redis\setClientKey
setClientKey($client_id, $key, $subject=null)
Definition: Redis.php:285
OAuth2\Storage\Redis\getClientScope
getClientScope($client_id)
Definition: Redis.php:293
OAuth2\Storage\Redis\setJti
setJti($client_id, $subject, $audience, $expiration, $jti)
Definition: Redis.php:312
OAuth2\Storage\Redis\setAuthorizationCode
setAuthorizationCode($authorization_code, $client_id, $user_id, $redirect_uri, $expires, $scope=null, $id_token=null)
Definition: Redis.php:98
OAuth2\Storage\Redis\getRefreshToken
getRefreshToken($refresh_token)
Definition: Redis.php:196
OAuth2\Storage\Redis\checkClientCredentials
checkClientCredentials($client_id, $client_secret=null)
Definition: Redis.php:149
OAuth2\Storage\Redis\checkUserCredentials
checkUserCredentials($username, $password)
Definition: Redis.php:116
OAuth2\Storage\Redis\$redis
$redis
Definition: Redis.php:31
$ret
$ret
Definition: index.php:39
use
GNU LESSER GENERAL PUBLIC LICENSE February Free Software Inc Franklin Fifth MA USA Everyone is permitted to copy and distribute verbatim copies of this license but changing it is not allowed[This is the first released version of the Lesser GPL. It also counts as the successor of the GNU Library Public License, version 2, hence the version number 2.1.] Preamble The licenses for most software are designed to take away your freedom to share and change it By the GNU General Public Licenses are intended to guarantee your freedom to share and change free software to make sure the software is free for all its users This the Lesser General Public applies to some specially designated software packages typically libraries of the Free Software Foundation and other authors who decide to use it You can use it but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular based on the explanations below When we speak of free we are referring to freedom of use
Definition: license.txt:27
OAuth2\Storage\Redis\getClientKey
getClientKey($client_id, $subject)
Definition: Redis.php:272
OAuth2\Storage\Redis\setScope
setScope($scope, $client_id=null, $type='supported')
Definition: Redis.php:256
php
OAuth2\Storage\ScopeInterface
Definition: ScopeInterface.php:13
OAuth2\Storage\UserCredentialsInterface
Definition: UserCredentialsInterface.php:13
OAuth2\Storage\AuthorizationCodeInterface
Definition: AuthorizationCodeInterface.php:13
OAuth2\Storage\Redis\getDefaultScope
getDefaultScope($client_id=null)
Definition: Redis.php:247
OAuth2\Storage\Redis\getAuthorizationCode
getAuthorizationCode($code)
Definition: Redis.php:93
OAuth2\Storage\Redis\expireAuthorizationCode
expireAuthorizationCode($code)
Definition: Redis.php:107
OAuth2\Storage\Redis\checkRestrictedGrantType
checkRestrictedGrantType($client_id, $grant_type)
Definition: Redis.php:182
OAuth2\Storage\Redis\setRefreshToken
setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope=null)
Definition: Redis.php:201
OAuth2\Storage\Redis\setUser
setUser($username, $password, $first_name=null, $last_name=null)
Definition: Redis.php:140
OAuth2\Storage\Redis\getUser
getUser($username)
Definition: Redis.php:128
OAuth2\Storage\Redis\getAccessToken
getAccessToken($access_token)
Definition: Redis.php:216
OAuth2\Storage\Redis\getClientDetails
getClientDetails($client_id)
Definition: Redis.php:169
time
that in the case of a Adaptation or at a minimum such credit will if a credit for all contributing authors of the Adaptation or Collection then as part of these credits and in a manner at least as prominent as the credits for the other contributing authors For the avoidance of You may only use the credit required by this Section for the purpose of attribution in the manner set out above by exercising Your rights under this You may not implicitly or explicitly assert or imply any connection sponsorship or endorsement by the Original Licensor and or Attribution as of You or Your use of the without the express prior written permission of the Original Licensor and or Attribution Parties Except as otherwise agreed in writing by the Licensor or as may be otherwise permitted by applicable if You Distribute or Publicly Perform the Work either by itself or as part of any Adaptations or You must not modify or take other derogatory action in relation to the Work which would be prejudicial to the Original Author s honor or reputation Licensor agrees that in those in which any exercise of the right granted in modification or other derogatory action prejudicial to the Original Author s honor and the Licensor will waive or not as this to the fullest extent permitted by the applicable national to enable You to reasonably exercise Your right under Warranties and Disclaimer UNLESS OTHERWISE MUTUALLY AGREED TO BY THE PARTIES IN LICENSOR OFFERS THE WORK AS IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND CONCERNING THE STATUTORY OR WITHOUT WARRANTIES OF FITNESS FOR A PARTICULAR OR THE ABSENCE OF LATENT OR OTHER OR THE PRESENCE OF ABSENCE OF WHETHER OR NOT DISCOVERABLE SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED SO SUCH EXCLUSION MAY NOT APPLY TO YOU Limitation on Liability EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR ANY PUNITIVE OR EXEMPLARY DAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE EVEN IF LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES Termination This License and the rights granted hereunder will terminate automatically upon any breach by You of the terms of this License Individuals or entities who have received Adaptations or Collections from You under this will not have their licenses terminated provided such individuals or entities remain in full compliance with those licenses and will survive any termination of this License Subject to the above terms and the license granted here is Licensor reserves the right to release the Work under different license terms or to stop distributing the Work at any time
Definition: license.txt:56
OAuth2\Storage\ClientCredentialsInterface
Definition: ClientCredentialsInterface.php:12
OAuth2\Storage\Redis\scopeExists
scopeExists($scope)
Definition: Redis.php:236
OAuth2\Storage\Redis\getUserDetails
getUserDetails($username)
Definition: Redis.php:123
OAuth2\Storage\Redis\setAccessToken
setAccessToken($access_token, $client_id, $user_id, $expires, $scope=null)
Definition: Redis.php:221
OAuth2\Storage\RefreshTokenInterface
Definition: RefreshTokenInterface.php:13
OAuth2\Storage\Redis\getValue
getValue($key)
Definition: Redis.php:56
OAuth2\Storage\Redis\getJti
getJti($client_id, $subject, $audience, $expiration, $jti)
Definition: Redis.php:306
OAuth2\Storage\Redis\setValue
setValue($key, $value, $expire=0)
Definition: Redis.php:69
OAuth2\Storage\Redis\expireValue
expireValue($key)
Definition: Redis.php:85
OAuth2\Storage
Definition: AccessTokenInterface.php:3
OAuth2\Storage\Redis
Definition: Redis.php:26
OAuth2\Storage\Redis\isPublicClient
isPublicClient($client_id)
Definition: Redis.php:159
OAuth2\Storage\Redis\setClientDetails
setClientDetails($client_id, $client_secret=null, $redirect_uri=null, $grant_types=null, $scope=null, $user_id=null)
Definition: Redis.php:174
OAuth2\Storage\JwtBearerInterface
Definition: JwtBearerInterface.php:16
empty
Attr AllowedRel this is empty
Definition: Attr.AllowedRel.txt:7
as
as
Definition: Filter.ExtractStyleBlocks.Escaping.txt:10
OAuth2\Storage\Redis\$config
$config
Definition: Redis.php:34
OAuth2\Storage\AccessTokenInterface
Definition: AccessTokenInterface.php:12
Generated by doxygen 1.8.20