From 993d27903fe3bbe4023dacfb097ca9eb3bfc0364 Mon Sep 17 00:00:00 2001 From: Brad Jones Date: Fri, 11 Nov 2022 17:31:20 -0700 Subject: [PATCH] Abstract out tokens from being tied tightly to access --- src/Token/AbstractToken.php | 93 +++++++++++++++++++ src/Token/AccessToken.php | 73 +-------------- src/Token/IdToken.php | 29 ++++++ .../ResourceOwnerAccessTokenInterface.php | 11 +-- src/Token/ResourceOwnerTokenInterface.php | 25 +++++ 5 files changed, 154 insertions(+), 77 deletions(-) create mode 100644 src/Token/AbstractToken.php create mode 100644 src/Token/IdToken.php create mode 100644 src/Token/ResourceOwnerTokenInterface.php diff --git a/src/Token/AbstractToken.php b/src/Token/AbstractToken.php new file mode 100644 index 00000000..af2316f4 --- /dev/null +++ b/src/Token/AbstractToken.php @@ -0,0 +1,93 @@ + + * @license http://opensource.org/licenses/MIT MIT + * @link http://thephpleague.com/oauth2-client/ Documentation + * @link https://packagist.org/packages/league/oauth2-client Packagist + * @link https://github.com/thephpleague/oauth2-client GitHub + */ + +namespace League\OAuth2\Client\Token; + +abstract class AbstractToken { + + /** + * @var int + */ + protected $expires; + + /** + * @var array + */ + protected $values = []; + + /** + * @var int + */ + private static $timeNow; + + /** + * Constructs an access token. + * + * @param array $options An array of options returned by the service provider + * in the access token request. The `access_token` option is required. + * @throws InvalidArgumentException if `access_token` is not provided in `$options`. + */ + public function __construct(array $options = []) { + // We need to know when the token expires. Show preference to + // 'expires_in' since it is defined in RFC6749 Section 5.1. + // Defer to 'expires' if it is provided instead. + if (isset($options['expires_in'])) { + if (!is_numeric($options['expires_in'])) { + throw new \InvalidArgumentException('expires_in value must be an integer'); + } + + $this->expires = $options['expires_in'] != 0 ? $this->getTimeNow() + $options['expires_in'] : 0; + } elseif (!empty($options['expires'])) { + // Some providers supply the seconds until expiration rather than + // the exact timestamp. Take a best guess at which we received. + $expires = $options['expires']; + + if (!$this->isExpirationTimestamp($expires)) { + $expires += $this->getTimeNow(); + } + + $this->expires = $expires; + } + } + + /** + * Set the time now. This should only be used for testing purposes. + * + * @param int $timeNow the time in seconds since epoch + * @return void + */ + public static function setTimeNow($timeNow) + { + self::$timeNow = $timeNow; + } + + /** + * Reset the time now if it was set for test purposes. + * + * @return void + */ + public static function resetTimeNow() + { + self::$timeNow = null; + } + + /** + * @return int + */ + public function getTimeNow() + { + return self::$timeNow ? self::$timeNow : time(); + } + +} diff --git a/src/Token/AccessToken.php b/src/Token/AccessToken.php index 81533c30..6372f5d9 100644 --- a/src/Token/AccessToken.php +++ b/src/Token/AccessToken.php @@ -22,7 +22,7 @@ * * @link http://tools.ietf.org/html/rfc6749#section-1.4 Access Token (RFC 6749, ยง1.4) */ -class AccessToken implements AccessTokenInterface, ResourceOwnerAccessTokenInterface +class AccessToken extends AbstractToken implements AccessTokenInterface, ResourceOwnerAccessTokenInterface { /** * @var string @@ -44,54 +44,12 @@ class AccessToken implements AccessTokenInterface, ResourceOwnerAccessTokenInter */ protected $resourceOwnerId; - /** - * @var array - */ - protected $values = []; - - /** - * @var int - */ - private static $timeNow; - - /** - * Set the time now. This should only be used for testing purposes. - * - * @param int $timeNow the time in seconds since epoch - * @return void - */ - public static function setTimeNow($timeNow) - { - self::$timeNow = $timeNow; - } - - /** - * Reset the time now if it was set for test purposes. - * - * @return void - */ - public static function resetTimeNow() - { - self::$timeNow = null; - } - - /** - * @return int - */ - public function getTimeNow() - { - return self::$timeNow ? self::$timeNow : time(); - } - - /** - * Constructs an access token. - * - * @param array $options An array of options returned by the service provider - * in the access token request. The `access_token` option is required. - * @throws InvalidArgumentException if `access_token` is not provided in `$options`. - */ + /** + * @inheritDoc + */ public function __construct(array $options = []) { + parent::__construct($options); if (empty($options['access_token'])) { throw new InvalidArgumentException('Required option not passed: "access_token"'); } @@ -106,27 +64,6 @@ public function __construct(array $options = []) $this->refreshToken = $options['refresh_token']; } - // We need to know when the token expires. Show preference to - // 'expires_in' since it is defined in RFC6749 Section 5.1. - // Defer to 'expires' if it is provided instead. - if (isset($options['expires_in'])) { - if (!is_numeric($options['expires_in'])) { - throw new \InvalidArgumentException('expires_in value must be an integer'); - } - - $this->expires = $options['expires_in'] != 0 ? $this->getTimeNow() + $options['expires_in'] : 0; - } elseif (!empty($options['expires'])) { - // Some providers supply the seconds until expiration rather than - // the exact timestamp. Take a best guess at which we received. - $expires = $options['expires']; - - if (!$this->isExpirationTimestamp($expires)) { - $expires += $this->getTimeNow(); - } - - $this->expires = $expires; - } - // Capture any additional values that might exist in the token but are // not part of the standard response. Vendors will sometimes pass // additional user data this way. diff --git a/src/Token/IdToken.php b/src/Token/IdToken.php new file mode 100644 index 00000000..b294225b --- /dev/null +++ b/src/Token/IdToken.php @@ -0,0 +1,29 @@ + + * @license http://opensource.org/licenses/MIT MIT + * @link http://thephpleague.com/oauth2-client/ Documentation + * @link https://packagist.org/packages/league/oauth2-client Packagist + * @link https://github.com/thephpleague/oauth2-client GitHub + */ + +namespace League\OAuth2\Client\Token; + +class IdToken extends AbstractToken implements ResourceOwnerTokenInterface { + + /** + * @inheritDoc + */ + public function __construct(array $options = []) { + parent::__construct($options); + if (!empty($options['resource_owner_id'])) { + $this->resourceOwnerId = $options['resource_owner_id']; + } + } + +} diff --git a/src/Token/ResourceOwnerAccessTokenInterface.php b/src/Token/ResourceOwnerAccessTokenInterface.php index 51e4ce41..225c743c 100644 --- a/src/Token/ResourceOwnerAccessTokenInterface.php +++ b/src/Token/ResourceOwnerAccessTokenInterface.php @@ -14,12 +14,5 @@ namespace League\OAuth2\Client\Token; -interface ResourceOwnerAccessTokenInterface extends AccessTokenInterface -{ - /** - * Returns the resource owner identifier, if defined. - * - * @return string|null - */ - public function getResourceOwnerId(); -} +interface ResourceOwnerAccessTokenInterface extends AccessTokenInterface, ResourceOwnerTokenInterface +{} diff --git a/src/Token/ResourceOwnerTokenInterface.php b/src/Token/ResourceOwnerTokenInterface.php new file mode 100644 index 00000000..240b6cc0 --- /dev/null +++ b/src/Token/ResourceOwnerTokenInterface.php @@ -0,0 +1,25 @@ + + * @license http://opensource.org/licenses/MIT MIT + * @link http://thephpleague.com/oauth2-client/ Documentation + * @link https://packagist.org/packages/league/oauth2-client Packagist + * @link https://github.com/thephpleague/oauth2-client GitHub + */ + +namespace League\OAuth2\Client\Token; + +interface ResourceOwnerTokenInterface +{ + /** + * Returns the resource owner identifier, if defined. + * + * @return string|null + */ + public function getResourceOwnerId(); +}