Implementing XenForo [bd] API Provider

sas1024 · Feb 9, 2017 · 096be00 · 096be00
1 parent 9fd7daf
commit 096be00
Show file tree

Hide file tree

Showing 6 changed files with 239 additions and 89 deletions.
diff --git a/README.md b/README.md
@@ -0,0 +1,84 @@
+# XenForo [bd] API OAuth2-Server support for the PHP League's OAuth 2.0 Client
+[![Software License](https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square)](LICENSE)
+
+This package provides XenForo [bd] API OAuth 2.0 support for the PHP League's [OAuth 2.0 Client](https://github.com/thephpleague/oauth2-client).
+
+## Installation
+
+To install, use composer:
+
+```
+composer require sas1024/oauth2-xenforo-bdapi
+```
+
+## Usage
+
+Usage is the same as The League's OAuth client, using `\Sas1024\OAuth2\Client\Provider\XenForoBdApi` as the provider.
+
+### Authorization Code Flow
+
+```php
+
+use Sas1024\OAuth2\Client\Provider\XenForoBdApi;
+
+require_once('./vendor/autoload.php');
+session_start();
+
+$provider = new XenForoBdApi([
+    'clientId'          => '{xenforo-bdapi-client-id}',
+    'clientSecret'      => '{xenforo-bdapi-client-secret}',
+    'redirectUri'       => 'https://example.com/callback-url',
+    'baseUrl'           => 'https://example.com',
+]);
+
+if (!isset($_GET['code'])) {
+
+    // If we don't have an authorization code then get one
+    $authUrl = $provider->getAuthorizationUrl();
+    $_SESSION['oauth2state'] = $provider->getState();
+    header('Location: '.$authUrl);
+    exit;
+
+// Check given state against previously stored one to mitigate CSRF attack
+} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {
+
+    unset($_SESSION['oauth2state']);
+    exit('Invalid state');
+
+} else {
+
+    // Try to get an access token (using the authorization code grant)
+    $token = $provider->getAccessToken('authorization_code', [
+        'code' => $_GET['code']
+    ]);
+
+    // Optional: Now you have a token you can look up a users profile data
+    try {
+
+        // We got an access token, let's now get the user's details
+        $user = $provider->getResourceOwner($token);
+
+        // Use these details to create a new profile
+        printf('Hello %s!', $user->getUsername());
+
+    } catch (Exception $e) {
+
+        // Failed to get user details
+        exit('Oh dear...');
+    }
+
+    // Use this to interact with an API on the users behalf
+    echo $token->getToken();
+}
+
+```
+
+## Testing
+
+``` bash
+$ ./vendor/bin/phpunit
+```
+
+## License
+
+The MIT License (MIT). Please see [License File](https://github.com/sas1024/oauth2-xenforo-bdapi/blob/master/LICENSE) for more information.
diff --git a/composer.json b/composer.json
@@ -1,6 +1,6 @@
 {
   "name": "sas1024/oauth2-xenforo-bdapi",
-  "description": "XenForo [bd] Api Client Provider for The PHP League OAuth2-Client",
+  "description": "XenForo [bd] API OAuth2-Server support for the PHP League's OAuth 2.0 Client",
   "minimum-stability": "stable",
   "license": "MIT",
   "authors": [
@@ -23,7 +23,9 @@
     "league/oauth2-client": "^2.0"
   },
   "require-dev": {
-    "phpunit/phpunit": "~4.3"
+    "phpunit/phpunit": "~4.0",
+    "mockery/mockery": "~0.9",
+    "squizlabs/php_codesniffer": "~2.0"
   },
   "autoload": {
     "psr-4": {
@@ -32,7 +34,7 @@
   },
   "autoload-dev": {
     "psr-4": {
-      "Sas1024\\OAuth2\\Client\\Test\\": "test/"
+      "Sas1024\\OAuth2\\Client\\Test\\": "test/src/"
     }
   }
 }
diff --git a/phpunit.xml b/phpunit.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit backupGlobals="false"
+         backupStaticAttributes="false"
+         bootstrap="vendor/autoload.php"
+         colors="true"
+         convertErrorsToExceptions="true"
+         convertNoticesToExceptions="true"
+         convertWarningsToExceptions="true"
+         processIsolation="false"
+         stopOnFailure="false"
+         syntaxCheck="false"
+>
+    <logging>
+        <log type="coverage-html"
+                target="./build/coverage/html"
+                charset="UTF-8"
+                highlight="false"
+                lowUpperBound="35"
+                highLowerBound="70"/>
+          <log type="coverage-clover"
+                target="./build/coverage/log/coverage.xml"/>
+    </logging>
+    <testsuites>
+        <testsuite name="Package Test Suite">
+            <directory suffix=".php">./test/</directory>
+        </testsuite>
+    </testsuites>
+    <filter>
+        <whitelist>
+            <directory suffix=".php">./</directory>
+            <exclude>
+                <directory suffix=".php">./vendor</directory>
+                <directory suffix=".php">./test</directory>
+            </exclude>
+        </whitelist>
+    </filter>
+</phpunit>
diff --git a/src/Provider/XenForoBdApi.php b/src/Provider/XenForoBdApi.php
@@ -2,51 +2,24 @@
 
 namespace Sas1024\OAuth2\Client\Provider;
 
-use InvalidArgumentException;
 use League\OAuth2\Client\Provider\AbstractProvider;
 use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
-use League\OAuth2\Client\Provider\ResourceOwnerInterface;
 use League\OAuth2\Client\Token\AccessToken;
 use Psr\Http\Message\ResponseInterface;
 
 class XenForoBdApi extends AbstractProvider
 {
-
-    /**
-     * @var string
-     */
-    private $urlAuthorize;
-
     /**
      * @var string
      */
-    private $urlAccessToken;
+    protected $baseUrl;
 
     /**
-     * @var string
-     */
-    private $urlResourceOwnerDetails;
-
-    /**
-     * @param array $options
-     * @param array $collaborators
-     * @throws \InvalidArgumentException
+     * @return string
      */
-    public function __construct(array $options = [], array $collaborators = [])
+    public function getBaseUrl()
     {
-        $this->assertRequiredOptions($options);
-
-        $possible = $this->getConfigurableOptions();
-        $configured = array_intersect_key($options, array_flip($possible));
-
-        foreach ($configured as $key => $value) {
-            $this->$key = $value;
-        }
-
-        // Remove all options that are only used locally
-        $options = array_diff_key($options, $configured);
-
-        parent::__construct($options, $collaborators);
+        return $this->baseUrl;
     }
 
     /**
@@ -58,7 +31,7 @@ public function __construct(array $options = [], array $collaborators = [])
      */
     public function getBaseAuthorizationUrl()
     {
-        return $this->urlAuthorize;
+        return $this->getBaseUrl() . '/index.php?oauth/authorize';
     }
 
 
@@ -72,7 +45,7 @@ public function getBaseAuthorizationUrl()
      */
     public function getBaseAccessTokenUrl(array $params)
     {
-        return $this->urlAccessToken;
+        return $this->getBaseUrl() . '/index.php?oauth/token';
     }
 
 
@@ -84,7 +57,7 @@ public function getBaseAccessTokenUrl(array $params)
      */
     public function getResourceOwnerDetailsUrl(AccessToken $token)
     {
-        return $this->urlResourceOwnerDetails;
+        return $this->getBaseUrl() . '/index.php?users/me&oauth_token=' . $token->getToken();
     }
 
 
@@ -98,7 +71,7 @@ public function getResourceOwnerDetailsUrl(AccessToken $token)
      */
     protected function getDefaultScopes()
     {
-        return [];
+        return ['read'];
     }
 
 
@@ -124,58 +97,10 @@ protected function checkResponse(ResponseInterface $response, $data)
      *
      * @param  array $response
      * @param  AccessToken $token
-     * @return ResourceOwnerInterface
+     * @return XenForoBdApiResourceOwner
      */
     protected function createResourceOwner(array $response, AccessToken $token)
     {
         return new XenForoBdApiResourceOwner($response);
     }
-
-    /**
-     * Returns all options that can be configured.
-     *
-     * @return array
-     */
-    protected function getConfigurableOptions()
-    {
-        return array_merge($this->getRequiredOptions(), [
-            'accessTokenMethod',
-            'accessTokenResourceOwnerId',
-            'scopeSeparator',
-            'responseResourceOwnerId',
-            'scopes',
-        ]);
-    }
-
-    /**
-     * Returns all options that are required.
-     *
-     * @return array
-     */
-    protected function getRequiredOptions()
-    {
-        return [
-            'urlAuthorize',
-            'urlAccessToken',
-            'urlResourceOwnerDetails',
-        ];
-    }
-
-    /**
-     * Verifies that all required options have been passed.
-     *
-     * @param  array $options
-     * @return void
-     * @throws InvalidArgumentException
-     */
-    private function assertRequiredOptions(array $options)
-    {
-        $missing = array_diff_key(array_flip($this->getRequiredOptions()), $options);
-
-        if (!empty($missing)) {
-            throw new InvalidArgumentException(
-                'Required options not defined: ' . implode(', ', array_keys($missing))
-            );
-        }
-    }
 }
diff --git a/src/Provider/XenForoBdApiResourceOwner.php b/src/Provider/XenForoBdApiResourceOwner.php
@@ -28,7 +28,7 @@ public function __construct(array $response = [])
     /**
      * Get resource owner id
      *
-     * @return string|null
+     * @return int|null
      */
     public function getId()
     {
@@ -78,7 +78,7 @@ public function getIsVerified()
     /**
      * Get resource owner user groups
      *
-     * @return bool|null
+     * @return array|null
      */
     public function getUserGroups()
     {