2017-08-08 03:01:11 +08:00
< ? php
namespace OAuth2\Storage ;
2020-04-30 21:43:07 +08:00
use OAuth2\OpenID\Storage\UserClaimsInterface ;
use OAuth2\OpenID\Storage\AuthorizationCodeInterface as OpenIDAuthorizationCodeInterface ;
use InvalidArgumentException ;
2017-08-08 03:01:11 +08:00
/**
* Simple PDO storage for all storage types
*
* NOTE : This class is meant to get users started
* quickly . If your application requires further
* customization , extend this class or create your own .
*
* NOTE : Passwords are stored in plaintext , which is never
* a good idea . Be sure to override this for your application
*
* @ author Brent Shaffer < bshafs at gmail dot com >
*/
class Pdo implements
AuthorizationCodeInterface ,
AccessTokenInterface ,
ClientCredentialsInterface ,
2020-04-30 21:43:07 +08:00
UserCredentialsInterface ,
2017-08-08 03:01:11 +08:00
RefreshTokenInterface ,
2020-04-30 21:43:07 +08:00
JwtBearerInterface ,
ScopeInterface ,
PublicKeyInterface ,
UserClaimsInterface ,
OpenIDAuthorizationCodeInterface
2017-08-08 03:01:11 +08:00
{
2020-04-30 21:43:07 +08:00
/**
* @ var \PDO
*/
2017-08-08 03:01:11 +08:00
protected $db ;
2020-04-30 21:43:07 +08:00
/**
* @ var array
*/
2017-08-08 03:01:11 +08:00
protected $config ;
2020-04-30 21:43:07 +08:00
/**
* @ param mixed $connection
* @ param array $config
*
* @ throws InvalidArgumentException
*/
2017-08-08 03:01:11 +08:00
public function __construct ( $connection , $config = array ())
{
if ( ! $connection instanceof \PDO ) {
if ( is_string ( $connection )) {
$connection = array ( 'dsn' => $connection );
}
if ( ! is_array ( $connection )) {
throw new \InvalidArgumentException ( 'First argument to OAuth2\Storage\Pdo must be an instance of PDO, a DSN string, or a configuration array' );
}
if ( ! isset ( $connection [ 'dsn' ])) {
throw new \InvalidArgumentException ( 'configuration array must contain "dsn"' );
}
// merge optional parameters
$connection = array_merge ( array (
'username' => null ,
'password' => null ,
'options' => array (),
), $connection );
$connection = new \PDO ( $connection [ 'dsn' ], $connection [ 'username' ], $connection [ 'password' ], $connection [ 'options' ]);
}
$this -> db = $connection ;
// debugging
$connection -> setAttribute ( \PDO :: ATTR_ERRMODE , \PDO :: ERRMODE_EXCEPTION );
$this -> config = array_merge ( array (
'client_table' => 'oauth_clients' ,
'access_token_table' => 'oauth_access_tokens' ,
'refresh_token_table' => 'oauth_refresh_tokens' ,
'code_table' => 'oauth_authorization_codes' ,
2020-04-30 21:43:07 +08:00
'user_table' => 'oauth_users' ,
'jwt_table' => 'oauth_jwt' ,
'jti_table' => 'oauth_jti' ,
2017-08-08 03:01:11 +08:00
'scope_table' => 'oauth_scopes' ,
2020-04-30 21:43:07 +08:00
'public_key_table' => 'oauth_public_keys' ,
2017-08-08 03:01:11 +08:00
'assoc_users_table' => 'users'
), $config );
}
2020-04-30 21:43:07 +08:00
/**
* @ param string $client_id
* @ param null | string $client_secret
* @ return bool
*/
2017-08-08 03:01:11 +08:00
public function checkClientCredentials ( $client_id , $client_secret = null )
{
$stmt = $this -> db -> prepare ( sprintf ( 'SELECT * from %s where client_id = :client_id' , $this -> config [ 'client_table' ]));
$stmt -> execute ( compact ( 'client_id' ));
$result = $stmt -> fetch ( \PDO :: FETCH_ASSOC );
// make this extensible
return $result && $result [ 'client_secret' ] == $client_secret ;
}
2020-04-30 21:43:07 +08:00
/**
* @ param string $client_id
* @ return bool
*/
2017-08-08 03:01:11 +08:00
public function isPublicClient ( $client_id )
{
$stmt = $this -> db -> prepare ( sprintf ( 'SELECT * from %s where client_id = :client_id' , $this -> config [ 'client_table' ]));
$stmt -> execute ( compact ( 'client_id' ));
if ( ! $result = $stmt -> fetch ( \PDO :: FETCH_ASSOC )) {
return false ;
}
return empty ( $result [ 'client_secret' ]);
}
2020-04-30 21:43:07 +08:00
/**
* @ param string $client_id
* @ return array | mixed
*/
2017-08-08 03:01:11 +08:00
public function getClientDetails ( $client_id )
{
$stmt = $this -> db -> prepare ( sprintf ( 'SELECT * from %s where client_id = :client_id' , $this -> config [ 'client_table' ]));
$stmt -> execute ( compact ( 'client_id' ));
return $stmt -> fetch ( \PDO :: FETCH_ASSOC );
}
2020-04-30 21:43:07 +08:00
/**
* @ param string $client_id
* @ param null | string $client_secret
* @ param null | string $redirect_uri
* @ param null | array $grant_types
* @ param null | string $scope
* @ param null | string $user_id
* @ return bool
*/
public function setClientDetails ( $client_id , $client_secret = null , $redirect_uri = null , $grant_types = null , $scope = null , $user_id = null )
2017-08-08 03:01:11 +08:00
{
2020-04-30 21:43:07 +08:00
// if it exists, update it.
if ( $this -> getClientDetails ( $client_id )) {
$stmt = $this -> db -> prepare ( $sql = sprintf ( 'UPDATE %s SET client_secret=:client_secret, redirect_uri=:redirect_uri, grant_types=:grant_types, scope=:scope, user_id=:user_id where client_id=:client_id' , $this -> config [ 'client_table' ]));
} else {
$stmt = $this -> db -> prepare ( sprintf ( 'INSERT INTO %s (client_id, client_secret, redirect_uri, grant_types, scope, user_id) VALUES (:client_id, :client_secret, :redirect_uri, :grant_types, :scope, :user_id)' , $this -> config [ 'client_table' ]));
2017-08-08 03:01:11 +08:00
}
2020-04-30 21:43:07 +08:00
return $stmt -> execute ( compact ( 'client_id' , 'client_secret' , 'redirect_uri' , 'grant_types' , 'scope' , 'user_id' ));
2017-08-08 03:01:11 +08:00
}
2020-04-30 21:43:07 +08:00
/**
* @ param $client_id
* @ param $grant_type
* @ return bool
*/
2017-08-08 03:01:11 +08:00
public function checkRestrictedGrantType ( $client_id , $grant_type )
{
$details = $this -> getClientDetails ( $client_id );
if ( isset ( $details [ 'grant_types' ])) {
$grant_types = explode ( ' ' , $details [ 'grant_types' ]);
return in_array ( $grant_type , ( array ) $grant_types );
}
// if grant_types are not defined, then none are restricted
return true ;
}
2020-04-30 21:43:07 +08:00
/**
* @ param string $access_token
* @ return array | bool | mixed | null
*/
2017-08-08 03:01:11 +08:00
public function getAccessToken ( $access_token )
{
$stmt = $this -> db -> prepare ( sprintf ( 'SELECT * from %s where access_token = :access_token' , $this -> config [ 'access_token_table' ]));
$token = $stmt -> execute ( compact ( 'access_token' ));
if ( $token = $stmt -> fetch ( \PDO :: FETCH_ASSOC )) {
// convert date string back to timestamp
$token [ 'expires' ] = strtotime ( $token [ 'expires' ]);
}
return $token ;
}
2020-04-30 21:43:07 +08:00
/**
* @ param string $access_token
* @ param mixed $client_id
* @ param mixed $user_id
* @ param int $expires
* @ param string $scope
* @ return bool
*/
2017-08-08 03:01:11 +08:00
public function setAccessToken ( $access_token , $client_id , $user_id , $expires , $scope = null )
{
// convert expires to datestring
$expires = date ( 'Y-m-d H:i:s' , $expires );
// if it exists, update it.
if ( $this -> getAccessToken ( $access_token )) {
$stmt = $this -> db -> prepare ( sprintf ( 'UPDATE %s SET client_id=:client_id, expires=:expires, user_id=:user_id, scope=:scope where access_token=:access_token' , $this -> config [ 'access_token_table' ]));
} else {
$stmt = $this -> db -> prepare ( sprintf ( 'INSERT INTO %s (access_token, client_id, expires, user_id, scope) VALUES (:access_token, :client_id, :expires, :user_id, :scope)' , $this -> config [ 'access_token_table' ]));
}
return $stmt -> execute ( compact ( 'access_token' , 'client_id' , 'user_id' , 'expires' , 'scope' ));
}
2020-04-30 21:43:07 +08:00
/**
* @ param $access_token
* @ return bool
*/
2017-08-08 03:01:11 +08:00
public function unsetAccessToken ( $access_token )
{
$stmt = $this -> db -> prepare ( sprintf ( 'DELETE FROM %s WHERE access_token = :access_token' , $this -> config [ 'access_token_table' ]));
$stmt -> execute ( compact ( 'access_token' ));
return $stmt -> rowCount () > 0 ;
}
/* OAuth2\Storage\AuthorizationCodeInterface */
2020-04-30 21:43:07 +08:00
/**
* @ param string $code
* @ return mixed
*/
2017-08-08 03:01:11 +08:00
public function getAuthorizationCode ( $code )
{
$stmt = $this -> db -> prepare ( sprintf ( 'SELECT * from %s where authorization_code = :code' , $this -> config [ 'code_table' ]));
$stmt -> execute ( compact ( 'code' ));
if ( $code = $stmt -> fetch ( \PDO :: FETCH_ASSOC )) {
// convert date string back to timestamp
$code [ 'expires' ] = strtotime ( $code [ 'expires' ]);
}
return $code ;
2020-04-30 21:43:07 +08:00
}
/**
* @ param string $code
* @ param mixed $client_id
* @ param mixed $user_id
* @ param string $redirect_uri
* @ param int $expires
* @ param string $scope
* @ param string $id_token
* @ return bool | mixed
*/
2017-08-08 03:01:11 +08:00
2020-04-30 21:43:07 +08:00
public function setAuthorizationCode ( $code , $client_id , $user_id , $redirect_uri , $expires , $scope = null , $id_token = null )
2017-08-08 03:01:11 +08:00
{
2020-04-30 21:43:07 +08:00
if ( func_num_args () > 6 ) {
// we are calling with an id token
return call_user_func_array ( array ( $this , 'setAuthorizationCodeWithIdToken' ), func_get_args ());
}
2017-08-08 03:01:11 +08:00
// convert expires to datestring
$expires = date ( 'Y-m-d H:i:s' , $expires );
// if it exists, update it.
if ( $this -> getAuthorizationCode ( $code )) {
$stmt = $this -> db -> prepare ( $sql = sprintf ( 'UPDATE %s SET client_id=:client_id, user_id=:user_id, redirect_uri=:redirect_uri, expires=:expires, scope=:scope where authorization_code=:code' , $this -> config [ 'code_table' ]));
} else {
$stmt = $this -> db -> prepare ( sprintf ( 'INSERT INTO %s (authorization_code, client_id, user_id, redirect_uri, expires, scope) VALUES (:code, :client_id, :user_id, :redirect_uri, :expires, :scope)' , $this -> config [ 'code_table' ]));
}
return $stmt -> execute ( compact ( 'code' , 'client_id' , 'user_id' , 'redirect_uri' , 'expires' , 'scope' ));
}
2020-04-30 21:43:07 +08:00
/**
* @ param string $code
* @ param mixed $client_id
* @ param mixed $user_id
* @ param string $redirect_uri
* @ param string $expires
* @ param string $scope
* @ param string $id_token
* @ return bool
*/
private function setAuthorizationCodeWithIdToken ( $code , $client_id , $user_id , $redirect_uri , $expires , $scope = null , $id_token = null )
{
// convert expires to datestring
$expires = date ( 'Y-m-d H:i:s' , $expires );
// if it exists, update it.
if ( $this -> getAuthorizationCode ( $code )) {
$stmt = $this -> db -> prepare ( $sql = sprintf ( 'UPDATE %s SET client_id=:client_id, user_id=:user_id, redirect_uri=:redirect_uri, expires=:expires, scope=:scope, id_token =:id_token where authorization_code=:code' , $this -> config [ 'code_table' ]));
} else {
$stmt = $this -> db -> prepare ( sprintf ( 'INSERT INTO %s (authorization_code, client_id, user_id, redirect_uri, expires, scope, id_token) VALUES (:code, :client_id, :user_id, :redirect_uri, :expires, :scope, :id_token)' , $this -> config [ 'code_table' ]));
}
return $stmt -> execute ( compact ( 'code' , 'client_id' , 'user_id' , 'redirect_uri' , 'expires' , 'scope' , 'id_token' ));
}
/**
* @ param string $code
* @ return bool
*/
2017-08-08 03:01:11 +08:00
public function expireAuthorizationCode ( $code )
{
$stmt = $this -> db -> prepare ( sprintf ( 'DELETE FROM %s WHERE authorization_code = :code' , $this -> config [ 'code_table' ]));
return $stmt -> execute ( compact ( 'code' ));
}
2020-04-30 21:43:07 +08:00
/**
* @ param string $username
* @ param string $password
* @ return bool
*/
public function checkUserCredentials ( $username , $password )
{
if ( $user = $this -> getUser ( $username )) {
return $this -> checkPassword ( $user , $password );
}
return false ;
}
/**
* @ param string $username
* @ return array | bool
*/
public function getUserDetails ( $username )
{
return $this -> getUser ( $username );
}
/**
* @ param mixed $user_id
* @ param string $claims
* @ return array | bool
*/
public function getUserClaims ( $user_id , $claims )
{
if ( ! $userDetails = $this -> getUserDetails ( $user_id )) {
return false ;
}
$claims = explode ( ' ' , trim ( $claims ));
$userClaims = array ();
// for each requested claim, if the user has the claim, set it in the response
$validClaims = explode ( ' ' , self :: VALID_CLAIMS );
foreach ( $validClaims as $validClaim ) {
if ( in_array ( $validClaim , $claims )) {
if ( $validClaim == 'address' ) {
// address is an object with subfields
$userClaims [ 'address' ] = $this -> getUserClaim ( $validClaim , $userDetails [ 'address' ] ? : $userDetails );
} else {
$userClaims = array_merge ( $userClaims , $this -> getUserClaim ( $validClaim , $userDetails ));
}
}
}
return $userClaims ;
}
/**
* @ param string $claim
* @ param array $userDetails
* @ return array
*/
protected function getUserClaim ( $claim , $userDetails )
{
$userClaims = array ();
$claimValuesString = constant ( sprintf ( 'self::%s_CLAIM_VALUES' , strtoupper ( $claim )));
$claimValues = explode ( ' ' , $claimValuesString );
foreach ( $claimValues as $value ) {
$userClaims [ $value ] = isset ( $userDetails [ $value ]) ? $userDetails [ $value ] : null ;
}
2017-08-08 03:01:11 +08:00
2020-04-30 21:43:07 +08:00
return $userClaims ;
}
/**
* @ param string $refresh_token
* @ return bool | mixed
*/
2017-08-08 03:01:11 +08:00
public function getRefreshToken ( $refresh_token )
{
$stmt = $this -> db -> prepare ( sprintf ( 'SELECT * FROM %s WHERE refresh_token = :refresh_token' , $this -> config [ 'refresh_token_table' ]));
$token = $stmt -> execute ( compact ( 'refresh_token' ));
if ( $token = $stmt -> fetch ( \PDO :: FETCH_ASSOC )) {
// convert expires to epoch time
$token [ 'expires' ] = strtotime ( $token [ 'expires' ]);
}
return $token ;
}
2020-04-30 21:43:07 +08:00
/**
* @ param string $refresh_token
* @ param mixed $client_id
* @ param mixed $user_id
* @ param string $expires
* @ param string $scope
* @ return bool
*/
2017-08-08 03:01:11 +08:00
public function setRefreshToken ( $refresh_token , $client_id , $user_id , $expires , $scope = null )
{
// convert expires to datestring
$expires = date ( 'Y-m-d H:i:s' , $expires );
$stmt = $this -> db -> prepare ( sprintf ( 'INSERT INTO %s (refresh_token, client_id, user_id, expires, scope) VALUES (:refresh_token, :client_id, :user_id, :expires, :scope)' , $this -> config [ 'refresh_token_table' ]));
return $stmt -> execute ( compact ( 'refresh_token' , 'client_id' , 'user_id' , 'expires' , 'scope' ));
}
2020-04-30 21:43:07 +08:00
/**
* @ param string $refresh_token
* @ return bool
*/
2017-08-08 03:01:11 +08:00
public function unsetRefreshToken ( $refresh_token )
{
$stmt = $this -> db -> prepare ( sprintf ( 'DELETE FROM %s WHERE refresh_token = :refresh_token' , $this -> config [ 'refresh_token_table' ]));
$stmt -> execute ( compact ( 'refresh_token' ));
return $stmt -> rowCount () > 0 ;
}
2020-04-30 21:43:07 +08:00
/**
* plaintext passwords are bad ! Override this for your application
*
* @ param array $user
* @ param string $password
* @ return bool
*/
protected function checkPassword ( $user , $password )
{
return $user [ 'password' ] == $this -> hashPassword ( $password );
}
// use a secure hashing algorithm when storing passwords. Override this for your application
protected function hashPassword ( $password )
{
return sha1 ( $password );
}
/**
* @ param string $username
* @ return array | bool
*/
public function getUser ( $username )
{
$stmt = $this -> db -> prepare ( $sql = sprintf ( 'SELECT * from %s where username=:username' , $this -> config [ 'user_table' ]));
$stmt -> execute ( array ( 'username' => $username ));
if ( ! $userInfo = $stmt -> fetch ( \PDO :: FETCH_ASSOC )) {
return false ;
}
// the default behavior is to use "username" as the user_id
return array_merge ( array (
'user_id' => $username
), $userInfo );
}
/**
* plaintext passwords are bad ! Override this for your application
*
* @ param string $username
* @ param string $password
* @ param string $firstName
* @ param string $lastName
* @ return bool
*/
public function setUser ( $username , $password , $firstName = null , $lastName = null )
{
// do not store in plaintext
$password = $this -> hashPassword ( $password );
// if it exists, update it.
if ( $this -> getUser ( $username )) {
$stmt = $this -> db -> prepare ( $sql = sprintf ( 'UPDATE %s SET password=:password, first_name=:firstName, last_name=:lastName where username=:username' , $this -> config [ 'user_table' ]));
} else {
$stmt = $this -> db -> prepare ( sprintf ( 'INSERT INTO %s (username, password, first_name, last_name) VALUES (:username, :password, :firstName, :lastName)' , $this -> config [ 'user_table' ]));
}
return $stmt -> execute ( compact ( 'username' , 'password' , 'firstName' , 'lastName' ));
}
/**
* @ param string $scope
* @ return bool
*/
2017-08-08 03:01:11 +08:00
public function scopeExists ( $scope )
{
$scope = explode ( ' ' , $scope );
$whereIn = implode ( ',' , array_fill ( 0 , count ( $scope ), '?' ));
$stmt = $this -> db -> prepare ( sprintf ( 'SELECT count(scope) as count FROM %s WHERE scope IN (%s)' , $this -> config [ 'scope_table' ], $whereIn ));
$stmt -> execute ( $scope );
if ( $result = $stmt -> fetch ( \PDO :: FETCH_ASSOC )) {
return $result [ 'count' ] == count ( $scope );
}
return false ;
}
2020-04-30 21:43:07 +08:00
/**
* @ param mixed $client_id
* @ return null | string
*/
2017-08-08 03:01:11 +08:00
public function getDefaultScope ( $client_id = null )
{
$stmt = $this -> db -> prepare ( sprintf ( 'SELECT scope FROM %s WHERE is_default=:is_default' , $this -> config [ 'scope_table' ]));
$stmt -> execute ( array ( 'is_default' => true ));
if ( $result = $stmt -> fetchAll ( \PDO :: FETCH_ASSOC )) {
$defaultScope = array_map ( function ( $row ) {
return $row [ 'scope' ];
}, $result );
return implode ( ' ' , $defaultScope );
}
return null ;
}
2020-04-30 21:43:07 +08:00
/**
* @ param mixed $client_id
* @ param $subject
* @ return string
*/
public function getClientKey ( $client_id , $subject )
{
$stmt = $this -> db -> prepare ( $sql = sprintf ( 'SELECT public_key from %s where client_id=:client_id AND subject=:subject' , $this -> config [ 'jwt_table' ]));
$stmt -> execute ( array ( 'client_id' => $client_id , 'subject' => $subject ));
return $stmt -> fetchColumn ();
}
/**
* @ param mixed $client_id
* @ return bool | null
*/
public function getClientScope ( $client_id )
{
if ( ! $clientDetails = $this -> getClientDetails ( $client_id )) {
return false ;
}
if ( isset ( $clientDetails [ 'scope' ])) {
return $clientDetails [ 'scope' ];
}
return null ;
}
/**
* @ param mixed $client_id
* @ param $subject
* @ param $audience
* @ param $expires
* @ param $jti
* @ return array | null
*/
public function getJti ( $client_id , $subject , $audience , $expires , $jti )
{
$stmt = $this -> db -> prepare ( $sql = sprintf ( 'SELECT * FROM %s WHERE issuer=:client_id AND subject=:subject AND audience=:audience AND expires=:expires AND jti=:jti' , $this -> config [ 'jti_table' ]));
$stmt -> execute ( compact ( 'client_id' , 'subject' , 'audience' , 'expires' , 'jti' ));
if ( $result = $stmt -> fetch ( \PDO :: FETCH_ASSOC )) {
return array (
'issuer' => $result [ 'issuer' ],
'subject' => $result [ 'subject' ],
'audience' => $result [ 'audience' ],
'expires' => $result [ 'expires' ],
'jti' => $result [ 'jti' ],
);
}
return null ;
}
/**
* @ param mixed $client_id
* @ param $subject
* @ param $audience
* @ param $expires
* @ param $jti
* @ return bool
*/
public function setJti ( $client_id , $subject , $audience , $expires , $jti )
{
$stmt = $this -> db -> prepare ( sprintf ( 'INSERT INTO %s (issuer, subject, audience, expires, jti) VALUES (:client_id, :subject, :audience, :expires, :jti)' , $this -> config [ 'jti_table' ]));
return $stmt -> execute ( compact ( 'client_id' , 'subject' , 'audience' , 'expires' , 'jti' ));
}
/**
* @ param mixed $client_id
* @ return mixed
*/
public function getPublicKey ( $client_id = null )
{
$stmt = $this -> db -> prepare ( $sql = sprintf ( 'SELECT public_key FROM %s WHERE client_id=:client_id OR client_id IS NULL ORDER BY client_id IS NOT NULL DESC' , $this -> config [ 'public_key_table' ]));
$stmt -> execute ( compact ( 'client_id' ));
if ( $result = $stmt -> fetch ( \PDO :: FETCH_ASSOC )) {
return $result [ 'public_key' ];
}
}
/**
* @ param mixed $client_id
* @ return mixed
*/
public function getPrivateKey ( $client_id = null )
{
$stmt = $this -> db -> prepare ( $sql = sprintf ( 'SELECT private_key FROM %s WHERE client_id=:client_id OR client_id IS NULL ORDER BY client_id IS NOT NULL DESC' , $this -> config [ 'public_key_table' ]));
$stmt -> execute ( compact ( 'client_id' ));
if ( $result = $stmt -> fetch ( \PDO :: FETCH_ASSOC )) {
return $result [ 'private_key' ];
}
}
/**
* @ param mixed $client_id
* @ return string
*/
public function getEncryptionAlgorithm ( $client_id = null )
{
$stmt = $this -> db -> prepare ( $sql = sprintf ( 'SELECT encryption_algorithm FROM %s WHERE client_id=:client_id OR client_id IS NULL ORDER BY client_id IS NOT NULL DESC' , $this -> config [ 'public_key_table' ]));
$stmt -> execute ( compact ( 'client_id' ));
if ( $result = $stmt -> fetch ( \PDO :: FETCH_ASSOC )) {
return $result [ 'encryption_algorithm' ];
}
return 'RS256' ;
}
2017-08-08 03:01:11 +08:00
/*-------------------------------------------------------------------------------------------------------------------------------------------------*/
/**
* @ author Denis CLAVIER < clavierd at gmail dot com >
*/
/**
* get user id on Oauth2 server
*
* @ param string $username
* Username of an LDAP user ( often uid )
*
* @ return
* The id associated to username in users table
* and FALSE if username is not in the users table
*/
public function getUsersID ( $username )
{
$stmt = $this -> db -> prepare ( $sql = sprintf ( 'SELECT id FROM %s WHERE username=:username' , $this -> config [ 'assoc_users_table' ]));
$stmt -> execute ( compact ( 'username' ));
// If user exist return his id
if ( $result = $stmt -> fetch ( \PDO :: FETCH_ASSOC )) {
return $result [ 'id' ];
}
// If user does not exist, return false
return false ;
}
/**
* set an id for username on Oauth2 server
*
* @ param string $username
* Username of an LDAP user ( often uid )
*
* @ return
* TRUE if insertion has succeed
* and FALSE if is not
*
* An unique ID is linked to the username after this function
*/
public function setUsersID ( $username )
{
$stmt = $this -> db -> prepare ( sprintf ( 'INSERT INTO %s (username) VALUES (:username)' , $this -> config [ 'assoc_users_table' ]));
return $stmt -> execute ( compact ( 'username' ));
}
/*-------------------------------------------------------------------------------------------------------------------------------------------------*/
2020-04-30 21:43:07 +08:00
2017-08-08 03:01:11 +08:00
/**
* DDL to create OAuth2 database and tables for PDO storage
*
* @ see https :// github . com / dsquier / oauth2 - server - php - mysql
2020-04-30 21:43:07 +08:00
*
* @ param string $dbName
* @ return string
2017-08-08 03:01:11 +08:00
*/
public function getBuildSql ( $dbName = 'oauth2_server_php' )
{
$sql = "
CREATE TABLE { $this -> config [ 'client_table' ]} (
client_id VARCHAR ( 80 ) NOT NULL ,
client_secret VARCHAR ( 80 ),
redirect_uri VARCHAR ( 2000 ),
grant_types VARCHAR ( 80 ),
scope VARCHAR ( 4000 ),
user_id VARCHAR ( 80 ),
PRIMARY KEY ( client_id )
);
2020-04-30 21:43:07 +08:00
CREATE TABLE { $this -> config [ 'access_token_table' ]} (
access_token VARCHAR ( 40 ) NOT NULL ,
client_id VARCHAR ( 80 ) NOT NULL ,
user_id VARCHAR ( 80 ),
expires TIMESTAMP NOT NULL ,
scope VARCHAR ( 4000 ),
PRIMARY KEY ( access_token )
);
CREATE TABLE { $this -> config [ 'code_table' ]} (
authorization_code VARCHAR ( 40 ) NOT NULL ,
client_id VARCHAR ( 80 ) NOT NULL ,
user_id VARCHAR ( 80 ),
redirect_uri VARCHAR ( 2000 ),
expires TIMESTAMP NOT NULL ,
scope VARCHAR ( 4000 ),
id_token VARCHAR ( 1000 ),
PRIMARY KEY ( authorization_code )
);
CREATE TABLE { $this -> config [ 'refresh_token_table' ]} (
refresh_token VARCHAR ( 40 ) NOT NULL ,
client_id VARCHAR ( 80 ) NOT NULL ,
user_id VARCHAR ( 80 ),
expires TIMESTAMP NOT NULL ,
scope VARCHAR ( 4000 ),
PRIMARY KEY ( refresh_token )
);
CREATE TABLE { $this -> config [ 'user_table' ]} (
username VARCHAR ( 80 ),
password VARCHAR ( 80 ),
first_name VARCHAR ( 80 ),
last_name VARCHAR ( 80 ),
email VARCHAR ( 80 ),
email_verified BOOLEAN ,
scope VARCHAR ( 4000 )
);
CREATE TABLE { $this -> config [ 'scope_table' ]} (
scope VARCHAR ( 80 ) NOT NULL ,
is_default BOOLEAN ,
PRIMARY KEY ( scope )
);
CREATE TABLE { $this -> config [ 'jwt_table' ]} (
client_id VARCHAR ( 80 ) NOT NULL ,
subject VARCHAR ( 80 ),
public_key VARCHAR ( 2000 ) NOT NULL
);
CREATE TABLE { $this -> config [ 'jti_table' ]} (
issuer VARCHAR ( 80 ) NOT NULL ,
subject VARCHAR ( 80 ),
audiance VARCHAR ( 80 ),
expires TIMESTAMP NOT NULL ,
jti VARCHAR ( 2000 ) NOT NULL
);
CREATE TABLE { $this -> config [ 'public_key_table' ]} (
client_id VARCHAR ( 80 ),
public_key VARCHAR ( 2000 ),
private_key VARCHAR ( 2000 ),
encryption_algorithm VARCHAR ( 100 ) DEFAULT 'RS256'
)
" ;
2017-08-08 03:01:11 +08:00
return $sql ;
}
}
