From 5d10d9f68a7968b56d506b28aa677a5d0c2317ee Mon Sep 17 00:00:00 2001
From: Sonia Zorba <sonia.zorba@inaf.it>
Date: Wed, 18 Mar 2020 18:01:59 +0100
Subject: [PATCH] Refactoring and minor changes
---
classes/OAuth2RequestHandler.php | 21 ++++++++++---------
classes/TokenBuilder.php | 1 -
.../datalayer/mysql/MySQLRefreshTokenDAO.php | 2 +-
3 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/classes/OAuth2RequestHandler.php b/classes/OAuth2RequestHandler.php
index c656d12..1ce8a7c 100644
--- a/classes/OAuth2RequestHandler.php
+++ b/classes/OAuth2RequestHandler.php
@@ -127,7 +127,8 @@ class OAuth2RequestHandler {
throw new BadRequestException("refresh_token is required");
}
- $refreshToken = $this->locator->getRefreshTokenDAO()->getRefreshTokenData($params['refresh_token']);
+ $tokenHash = hash('sha256', $params['refresh_token']);
+ $refreshToken = $this->locator->getRefreshTokenDAO()->getRefreshTokenData($tokenHash);
if ($refreshToken === null || $refreshToken->isExpired()) {
throw new UnauthorizedException("Invalid refresh token");
@@ -136,22 +137,22 @@ class OAuth2RequestHandler {
$scope = $this->getScope($params, $refreshToken);
// Generating a new access token
- $accessToken = new AccessTokenData();
- $accessToken->token = base64_encode(bin2hex(openssl_random_pseudo_bytes(128)));
- $accessToken->clientId = $refreshToken->clientId;
- $accessToken->userId = $refreshToken->userId;
- $accessToken->scope = $scope;
+ $accessTokenData = new AccessTokenData();
+ $accessTokenData->token = base64_encode(bin2hex(openssl_random_pseudo_bytes(128)));
+ $accessTokenData->clientId = $refreshToken->clientId;
+ $accessTokenData->userId = $refreshToken->userId;
+ $accessTokenData->scope = $scope;
- $accessToken = $this->locator->getAccessTokenDAO()->createAccessToken($accessToken);
+ $accessTokenData = $this->locator->getAccessTokenDAO()->createTokenData($accessTokenData);
- return $this->getAccessTokenResponse($accessToken);
+ return $this->getAccessTokenResponse($accessTokenData);
}
/**
* We can request a new access token with a scope that is a subset (or the
* same set) of the scope defined for the refresh token.
*/
- private function getScope(array $params, RefreshToken $refreshToken): ?array {
+ private function getScope(array $params, RefreshTokenData $refreshToken): ?array {
$scope = $refreshToken->scope;
@@ -174,7 +175,7 @@ class OAuth2RequestHandler {
$scope = $newScopeValues;
}
-
+
return $scope;
}
diff --git a/classes/TokenBuilder.php b/classes/TokenBuilder.php
index 75c6a04..b6a53fa 100644
--- a/classes/TokenBuilder.php
+++ b/classes/TokenBuilder.php
@@ -78,7 +78,6 @@ class TokenBuilder {
$client = $this->locator->getOAuth2ClientDAO()->getOAuth2ClientByClientId($tokenData->clientId);
$audiences = [$tokenData->clientId];
- error_log(json_encode($client->scopeAudienceMap));
foreach ($tokenData->scope as $scope) {
if (array_key_exists($scope, $client->scopeAudienceMap)) {
diff --git a/classes/datalayer/mysql/MySQLRefreshTokenDAO.php b/classes/datalayer/mysql/MySQLRefreshTokenDAO.php
index a99864e..28b5c28 100644
--- a/classes/datalayer/mysql/MySQLRefreshTokenDAO.php
+++ b/classes/datalayer/mysql/MySQLRefreshTokenDAO.php
@@ -43,7 +43,7 @@ class MySQLRefreshTokenDAO extends BaseMySQLDAO implements RefreshTokenDAO {
$stmt = $dbh->prepare("SELECT user_id, client_id, creation_time, expiration_time, scope "
. " FROM refresh_token WHERE token_hash = :token_hash");
- $stmt->bindParam(':token', $tokenHash);
+ $stmt->bindParam(':token_hash', $tokenHash);
$stmt->execute();
--
GitLab