Refactor

Config/Migration/1376749679_enlarge_secrets.php

@@ -0,0 +1,59 @@
+<?php
+
+class EnlargeSecrets extends CakeMigration {
+
+/**
+ * Migration description
+ *
+ * @var string
+ * @access public
+ */
+	public $description = 'Enlarge client_secret field to support encryption';
+
+/**
+ * Actions to be performed
+ *
+ * @var array $migration
+ * @access public
+ */
+	public $migration = array(
+		'up' => array(
+			'alter_field' => array(
+				'clients' => array(
+					'client_secret' => array('type' => 'string', 'null' => false, 'default' => NULL, 'length' => 132, 'collate' => 'utf8_general_ci', 'charset' => 'utf8', 'after' => 'client_id'),
+				),
+			),
+		),
+
+		'down' => array(
+			'alter_field' => array(
+				'clients' => array(
+					'client_secret' => array('type' => 'string', 'null' => false, 'default' => NULL, 'length' => 40, 'collate' => 'utf8_general_ci', 'charset' => 'utf8', 'after' => 'client_id'),
+				),
+			),
+		),
+	);
+
+/**
+ * Before migration callback
+ *
+ * @param string $direction, up or down direction of migration process
+ * @return boolean Should process continue
+ * @access public
+ */
+	public function before($direction) {
+		return true;
+	}
+
+/**
+ * After migration callback
+ *
+ * @param string $direction, up or down direction of migration process
+ * @return boolean Should process continue
+ * @access public
+ */
+	public function after($direction) {
+		return true;
+	}
+
+}

Config/Migration/1376879144_clients_add_name_date_fields.php

@@ -0,0 +1,80 @@
+<?php
+
+class ClientsAddNameDateFields extends CakeMigration {
+
+/**
+ * Migration description
+ *
+ * @var string
+ * @access public
+ */
+	public $description = '';
+
+/**
+ * Actions to be performed
+ *
+ * @var array $migration
+ * @access public
+ */
+	public $migration = array(
+		'up' => array(
+			'create_field' => array(
+				'clients' => array(
+					'name' => array(
+						'type' => 'string',
+						'null' => false,
+						'default' => null,
+						'length' => 256,
+						'collate' =>
+						'utf8_general_ci',
+						'charset' => 'utf8',
+						'after' => 'client_id',
+					),
+					'created' => array(
+						'type' => 'datetime',
+						'after' => 'user_id',
+						'null' => true,
+					),
+					'modified' => array(
+						'type' => 'datetime',
+						'after' => 'created',
+						'null' => true,
+					),
+				),
+			),
+		),
+
+		'down' => array(
+			'drop_field' => array(
+				'clients' => array(
+					'name',
+					'created',
+					'modified',
+				),
+			),
+		),
+	);
+
+/**
+ * Before migration callback
+ *
+ * @param string $direction, up or down direction of migration process
+ * @return boolean Should process continue
+ * @access public
+ */
+	public function before($direction) {
+		return true;
+	}
+
+/**
+ * After migration callback
+ *
+ * @param string $direction, up or down direction of migration process
+ * @return boolean Should process continue
+ * @access public
+ */
+	public function after($direction) {
+		return true;
+	}
+
+}

Console/Command/ClientsShell.php

@@ -0,0 +1,130 @@
+<?php
+
+App::uses('OAuthUtility', 'OAuth.Lib');
+App::uses('Shell', 'Console');
+App::uses('Validation', 'Utility');
+
+/**
+ * Client utility shell class
+ */
+class ClientsShell extends Shell {
+
+/**
+ * Models used by this shell
+ */
+	public $uses = array(
+		'OAuth.Client',
+	);
+
+/**
+ * Configure option parser
+ */
+	public function getOptionParser() {
+		return parent::getOptionParser()
+			->description('Client Utility')
+			->addSubCommand('list', array(
+				'help' => 'List existing client records',
+				'parser' => array(
+					'options' => array(
+						'secret' => array(
+							'help' => 'Display secrets',
+							'short' => 's',
+							'boolean' => true,
+						),
+					),
+				),
+			))
+			->addSubCommand('add', array(
+				'help' => 'Add a new client',
+				'parser' => array(
+					'options' => array(
+						'name' => array(
+							'required' => true,
+							'help' => 'Client Name',
+							'short' => 'n',
+						),
+						'redirect_uri' => array(
+							'required' => true,
+							'help' => 'Redirect URI',
+							'short' => 'u',
+						),
+					),
+				),
+			));
+	}
+
+/**
+ * Shell entry point
+ */
+	public function main() {
+		$method = null;
+		if (isset($this->args[0])) {
+			$method = $this->args[0];
+		}
+
+		switch ($method) {
+			case 'list':
+				$this->_clients();
+			break;
+
+			default:
+				$this->_displayHelp();
+			break;
+		}
+	}
+
+/**
+ * List all client records
+ */
+	protected function _clients() {
+		$clients = $this->Client->find('all', array(
+			'recursive' => -1,
+		));
+		$this->out("");
+		foreach ($clients as $data) {
+			$client = $data['Client'];
+			$this->out(sprintf('%-15s: %s', 'Client Id', $client['client_id']));
+			$this->out(sprintf('%-15s: %s', 'Client Name', $client['name']));
+			if ($this->params['secret']) {
+				$secret = OAuthUtility::decrypt($client['client_secret']);
+				$this->out(sprintf('%-15s: %s', 'Client Secret', $secret));
+			}
+			$this->out(sprintf('%-15s: %s', 'Redirect URI', $client['redirect_uri']));
+			$this->out("");
+		}
+		$this->out(sprintf('%d record(s) found', count($clients)));
+	}
+
+/**
+ * Add a new client record
+ */
+	public function add() {
+		if (empty($this->params['name'])) {
+			return $this->error('Please provide `name`');
+		}
+		if (empty($this->params['redirect_uri'])) {
+			return $this->error('Please provide `redirect_uri`');
+		}
+		if (!Validation::url($this->params['redirect_uri'])) {
+			return $this->error('Please provide a valid `redirect_uri`');
+		}
+		$client = $this->Client->create(array(
+			'name' => $this->params['name'],
+			'redirect_uri' => $this->params['redirect_uri'],
+		));
+		$client = $this->Client->add($client);
+		if (!$client) {
+			$this->err('<error>Unable to add client record</error>');
+			if (isset($this->Client->validationErrors)) {
+				$this->error('Validation error', print_r($this->Client->validationErrors, true));
+			}
+			return;
+		}
+		$this->out("Client successfully added:\n");
+		$this->out(sprintf("\tClient id: %s", $client['Client']['client_id']));
+		$this->out(sprintf("\tClient name: %s", $client['Client']['name']));
+		$this->out(sprintf("\tClient secret: %s", $this->Client->addClientSecret));
+		$this->out();
+	}
+
+}

Controller/Component/Auth/OAuthAuthenticate.php

@@ -0,0 +1,90 @@
+<?php
+
+App::uses('BaseAuthenticate', 'Controller/Component/Auth');
+App::uses('OAuthUtility', 'OAuth.Lib');
+
+/**
+ * An authentication adapter for OAuth2
+ *
+ * @author [email protected]
+ * @licent MIT
+ */
+class OAuthAuthenticate extends BaseAuthenticate {
+
+/**
+ * Constructor
+ */
+	public function __construct(ComponentCollection $collection, $settings) {
+		parent::__construct($collection, $settings);
+		$this->OAuthUtility = new OAuthUtility();
+	}
+
+/**
+ * Checks wether request has credential data
+ *
+ * @param CakeRequest $request Request object
+ * @return bool True when request has token/bearer data
+ */
+	protected function _hasCredentials(CakeRequest $request) {
+		return isset($request->query['access_token']) || $request->header('Authorization');
+	}
+
+/**
+ * Authenticate a user based on the request information
+ *
+ * @see BaseAuthenticate
+ */
+	public function authenticate(CakeRequest $request, CakeResponse $response) {
+		return $this->getUser($request);
+	}
+
+/**
+ * Gets a user based on information in the request.
+ *
+ * @param CakeRequest $request Request object
+ * @return mixed Either false or an array of user information
+ * @see OAuth2::getBearerToken()
+ */
+	public function getUser($request) {
+		if (!$this->_hasCredentials($request)) {
+			return false;
+		}
+		$token = $this->OAuthUtility->getBearerToken();
+		if (!$token) {
+			return false;
+		}
+
+		$AccessToken = ClassRegistry::init('OAuth.AccessToken');
+		$accessToken = $AccessToken->find('first', array(
+			'conditions' => array(
+				'oauth_token' => $token,
+			),
+		));
+
+		if (empty($accessToken['AccessToken']['user_id'])) {
+			return false;
+		}
+
+		$fields = $this->settings['fields'];
+		list($plugin, $model) = pluginSplit($this->settings['userModel']);
+		$User = ClassRegistry::init($this->settings['userModel']);
+
+		$conditions = array(
+			$model . '.' . $User->primaryKey => $accessToken['AccessToken']['user_id'],
+		);
+
+		$result = $User->find('first', array(
+			'conditions' => $conditions,
+			'recursive' => (int)$this->settings['recursive'],
+			'contain' => $this->settings['contain'],
+		));
+		if (empty($result[$model])) {
+			return false;
+		}
+		$user = $result[$model];
+		unset($user[$fields['password']]);
+		unset($result[$model]);
+		return array_merge($user, $result);
+	}
+
+}