Add Repository classes to be used with League\OAuth2\Server.

Author: Potherca

src/Repository/AccessToken.php

@@ -0,0 +1,88 @@
+<?php declare(strict_types=1);
+
+namespace Pdsinterop\Solid\Auth\Repository;
+
+use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
+use League\OAuth2\Server\Entities\ClientEntityInterface;
+use League\OAuth2\Server\Entities\ScopeEntityInterface;
+use League\OAuth2\Server\Exception\UniqueTokenIdentifierConstraintViolationException;
+use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
+use Pdsinterop\Solid\Auth\Entity\AccessToken as AccessTokenEntity;
+
+class AccessToken implements AccessTokenRepositoryInterface
+{
+    /**
+     * Create a new access token
+     *
+     * @param ClientEntityInterface $clientEntity
+     * @param ScopeEntityInterface[] $scopes
+     * @param mixed $userIdentifier
+     *
+     * @return AccessTokenEntityInterface
+     */
+    public function getNewToken(
+        ClientEntityInterface $clientEntity,
+        array $scopes,
+        $userIdentifier = null
+    ) : AccessTokenEntityInterface {
+        return new AccessTokenEntity($clientEntity);
+    }
+
+    /**
+     * Persists a new access token to permanent storage.
+     *
+     * @param AccessTokenEntityInterface $accessTokenEntity
+     *
+     * @throws UniqueTokenIdentifierConstraintViolationException
+     */
+    public function persistNewAccessToken(AccessTokenEntityInterface $accessTokenEntity) : void
+    {
+        // throw new UniqueTokenIdentifierConstraintViolationException()
+        /*/
+            When a new access token is created this method will be called. You don’t have to do anything here but for auditing you probably want to.
+
+            The access token entity passed in has a number of methods you can call which contain data worth saving to a database:
+
+                getIdentifier() : string this is randomly generated unique identifier (of 80+ characters in length) for the access token.
+                getExpiryDateTime() : \DateTime the expiry date and time of the access token.
+                getUserIdentifier() : string|null the user identifier represented by the access token.
+                getScopes() : ScopeEntityInterface[] an array of scope entities
+                getClient()->getIdentifier() : string the identifier of the client who requested the access token.
+
+        JWT access tokens contain an expiry date and so will be rejected automatically when used. You can safely clean up expired access tokens from your database.
+        /*/
+    }
+
+    /**
+     * Revoke an access token.
+     *
+     * @param string $tokenId
+     */
+    public function revokeAccessToken($tokenId) : void
+    {
+        /*/
+            This method is called when a refresh token is used to reissue an access token.
+
+            The original access token is revoked a new access token is issued.
+        /*/
+    }
+
+    /**
+     * Check if the access token has been revoked.
+     *
+     * @param string $tokenId
+     *
+     * @return bool Return true if this token has been revoked
+     */
+    public function isAccessTokenRevoked($tokenId) : bool
+    {
+        /*/
+            This method is called when an access token is validated by the resource server middleware.
+
+            Return true if the access token has been manually revoked before it expired.
+
+            If the token is still valid return false.
+        /*/
+        return false;
+    }
+}

src/Repository/AuthCode.php

@@ -0,0 +1,83 @@
+<?php declare(strict_types=1);
+
+namespace Pdsinterop\Solid\Auth\Repository;
+
+use League\OAuth2\Server\Entities\AuthCodeEntityInterface;
+use League\OAuth2\Server\Exception\UniqueTokenIdentifierConstraintViolationException;
+use League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface;
+use Pdsinterop\Solid\Auth\Entity\AuthCode as AuthCodeEntity;
+use Pdsinterop\Solid\Auth\Entity\ClientEntityTrait;
+
+class AuthCode implements AuthCodeRepositoryInterface
+{
+    use ClientEntityTrait;
+
+    /**
+     * Creates a new AuthCode
+     *
+     * @return AuthCodeEntityInterface
+     */
+    public function getNewAuthCode() : AuthCodeEntityInterface
+    {
+        return new AuthCodeEntity($this->getClientEntity());
+    }
+
+    /**
+     * Persists a new auth code to permanent storage.
+     *
+     * @param AuthCodeEntityInterface $authCodeEntity
+     *
+     * @throws UniqueTokenIdentifierConstraintViolationException
+     */
+    public function persistNewAuthCode(AuthCodeEntityInterface $authCodeEntity) : void
+    {
+        /*/
+            When a new auth code is created this method will be called. You don’t
+            have to do anything here but for auditing you probably want to.
+
+            The auth code entity passed in has a number of methods you can call
+            which contain data worth saving to a database:
+
+                getIdentifier() : string this is randomly generated unique identifier (of 80+ characters in length) for the auth code.
+                getExpiryDateTime() : \DateTime the expiry date and time of the auth code.
+                getUserIdentifier() : string|null the user identifier represented by the auth code.
+                getScopes() : ScopeEntityInterface[] an array of scope entities
+                getClient()->getIdentifier() : string the identifier of the client who requested the auth code.
+
+            The auth codes contain an expiry date and so will be rejected
+            automatically if used when expired. You can safely clean up expired
+            auth codes from your database.
+        /*/
+    }
+
+    /**
+     * Revoke an auth code.
+     *
+     * @param string $codeId
+     */
+    public function revokeAuthCode($codeId) : void
+    {
+        /*/
+            This method is called when an authorization code is exchanged for an
+            access token. You can also use it in your own business logic.
+        /*/
+    }
+
+    /**
+     * Check if the auth code has been revoked.
+     *
+     * @param string $codeId
+     *
+     * @return bool Return true if this code has been revoked
+     */
+    public function isAuthCodeRevoked($codeId) : bool
+    {
+        /*/
+            This method is called before an authorization code is exchanged for an
+            access token by the authorization server. Return true if the auth code
+            has been manually revoked before it expired. If the auth code is still
+            valid return false.
+        /*/
+        return false;
+    }
+}

src/Repository/Client.php

@@ -0,0 +1,100 @@
+<?php declare(strict_types=1);
+
+namespace Pdsinterop\Solid\Auth\Repository;
+
+use League\OAuth2\Server\Entities\ClientEntityInterface;
+use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
+use Pdsinterop\Solid\Auth\Entity\Client as ClientEntity;
+
+class Client implements ClientRepositoryInterface
+{
+    ////////////////////////////// CLASS PROPERTIES \\\\\\\\\\\\\\\\\\\\\\\\\\\\
+
+    /** @var array */
+    private $grantTypes;
+    /** @var string */
+    private $identifier;
+    /** @var string */
+    private $secret;
+
+    //////////////////////////// GETTERS AND SETTERS \\\\\\\\\\\\\\\\\\\\\\\\\\\
+
+    //////////////////////////////// PUBLIC API \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
+    /**
+     * @var string
+     */
+    private $name;
+    /**
+     * @var array
+     */
+    private $redirectUri;
+
+    public function __construct(
+        string $identifier,
+        string $secret = '',
+        string $name = '',
+        array $grants = [],
+        array $redirectUri = []
+    ) {
+        $this->grantTypes = $grants;
+        $this->identifier = $identifier;
+        $this->name = $name;
+        $this->redirectUri = $redirectUri;
+        $this->secret = $secret;
+    }
+
+    public function createClientEntity($identifier = null) : ClientEntityInterface
+    {
+        $client = new ClientEntity(
+            $identifier,
+            $this->name,
+            $this->redirectUri,
+            $this->secret !== ''
+        );
+
+        return $client;
+    }
+
+    /**
+     * Get a client.
+     *
+     * @param mixed $identifier The client's identifier
+     *
+     * @return ClientEntityInterface|null
+     */
+    public function getClientEntity($identifier) : ?ClientEntityInterface
+    {
+        return $this->createClientEntity($identifier);
+    }
+
+    /**
+     * Validate a client's secret.
+     *
+     * @param string $clientIdentifier The client's identifier
+     * @param null|string $clientSecret The client's secret (if sent)
+     * @param null|string $grantType The type of grant the client is using (if sent)
+     *
+     * @return bool
+     */
+    public function validateClient($clientIdentifier, $clientSecret, $grantType) : bool
+    {
+        /*/
+            This method is called to validate a client’s credentials.
+
+            The client secret may or may not be provided depending on the request sent by the client.
+
+            If the client is confidential (i.e. is capable of securely storing a secret) then the secret must be validated.
+
+            You can use the grant type to determine if the client is permitted to use the grant type.
+
+            If the client’s credentials are validated you should return true, otherwise return false.
+        /*/
+
+        return $this->identifier === $clientIdentifier
+            && ($this->secret === '' || $this->secret === $clientSecret)
+            && ($this->grantTypes === [] || in_array($grantType, $this->grantTypes, true))
+        ;
+    }
+
+    ////////////////////////////// UTILITY METHODS \\\\\\\\\\\\\\\\\\\\\\\\\\\\\
+}

src/Repository/RefreshToken.php

@@ -0,0 +1,79 @@
+<?php declare(strict_types=1);
+
+namespace Pdsinterop\Solid\Auth\Repository;
+
+use League\OAuth2\Server\Entities\RefreshTokenEntityInterface;
+use League\OAuth2\Server\Exception\UniqueTokenIdentifierConstraintViolationException;
+use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
+use Pdsinterop\Solid\Auth\Entity\RefreshToken as RefreshTokenEntity;
+
+class RefreshToken implements RefreshTokenRepositoryInterface
+{
+    /**
+     * Creates a new refresh token
+     *
+     * @return RefreshTokenEntityInterface|null
+     */
+    public function getNewRefreshToken() : ?RefreshTokenEntityInterface
+    {
+        return new RefreshTokenEntity();
+    }
+
+    /**
+     * Called when a new refresh token is created
+     *
+     * @param RefreshTokenEntityInterface $refreshTokenEntity
+     *
+     * @throws UniqueTokenIdentifierConstraintViolationException
+     */
+    public function persistNewRefreshToken(RefreshTokenEntityInterface $refreshTokenEntity) : void
+    {
+        // throw new UniqueTokenIdentifierConstraintViolationException;
+        /*/
+            When a new refresh token is created this method will be called. You don’t have to do anything here but for
+            auditing you might want to.
+
+            The refresh token entity passed in has a number of methods you can call which contain data worth saving to
+            a database:
+
+                getIdentifier() : string this is randomly generated unique identifier (of 80+ characters in length) for the refresh token.
+                getExpiryDateTime() : \DateTime the expiry date and time of the refresh token.
+                getAccessToken()->getIdentifier() : string the linked access token’s identifier.
+
+            JWT access tokens contain an expiry date and so will be rejected automatically when used. You can safely
+            clean up expired access tokens from your database.
+        /*/
+    }
+
+    /**
+     * Revoke the refresh token.
+     *
+     * @param string $tokenId
+     */
+    public function revokeRefreshToken($tokenId) : void
+    {
+        /*/
+            This method is called when a refresh token is used to reissue an access token.
+
+            The original refresh token is revoked a new refresh token is issued.
+        /*/
+    }
+
+    /**
+     * Check if the refresh token has been revoked.
+     *
+     * @param string $tokenId
+     *
+     * @return bool Return true if this token has been revoked
+     */
+    public function isRefreshTokenRevoked($tokenId) : bool
+    {
+        /*/
+            This method is called when an refresh token is used to issue a new access token.
+
+            Return true if the refresh token has been manually revoked before it expired.
+            If the token is still valid return false.
+        /*/
+        return false;
+    }
+}