ENH: refs #951. Delete client implementation

-Also added cleanup hooks for removing expired tokens
midasplatform · Mar 8, 2013 · de73e66 · de73e66
1 parent 6f1f1cc
commit de73e66
Show file tree

Hide file tree

Showing 7 changed files with 78 additions and 2 deletions.
diff --git a/modules/oauth/Notification.php b/modules/oauth/Notification.php
@@ -23,16 +23,27 @@ class Oauth_Notification extends MIDAS_Notification
   {
   public $moduleName = 'oauth';
   public $_models = array('User');
-  public $_moduleModels = array('Token');
+  public $_moduleModels = array('Code', 'Token');
 
   /** init notification process*/
   public function init()
     {
     $this->addCallBack('CALLBACK_API_AUTH_INTERCEPT', 'handleAuth');
     $this->addCallBack('CALLBACK_API_REQUIRE_PERMISSIONS', 'requirePermissions');
     $this->addCallBack('CALLBACK_CORE_GET_CONFIG_TABS', 'getUserTabs');
+
+    $this->addTask('TASK_CLEANUP_PERFORM_CLEANUP', 'cleanExpired', 'Delete expired codes and tokens');
     }//end init
 
+  /**
+   * Remove expired auth codes and access tokens from the database
+   */
+  public function cleanExpired()
+    {
+    $this->Oauth_Code->cleanExpired();
+    $this->Oauth_Token->cleanExpired();
+    }
+
   /**
    * Set the required permissions in global registry for use later
    */

diff --git a/modules/oauth/configs/module.ini b/modules/oauth/configs/module.ini
@@ -7,3 +7,4 @@ fullname = OAuth 2.0
 description = "Support the OAuth 2.0 standard for third-party application authentication"
 ;Category
 category = Authentication
+dependencies = api
diff --git a/modules/oauth/models/base/ClientModelBase.php b/modules/oauth/models/base/ClientModelBase.php
@@ -32,7 +32,9 @@ public function __construct()
         'secret' => array('type' => MIDAS_DATA),
         'creation_date' => array('type' => MIDAS_DATA),
         'owner_id' => array('type' => MIDAS_DATA),
-        'owner' => array('type' => MIDAS_MANY_TO_ONE, 'model' => 'User', 'parent_column' => 'user_id', 'child_column' => 'owner_id')
+        'owner' => array('type' => MIDAS_MANY_TO_ONE, 'model' => 'User', 'parent_column' => 'user_id', 'child_column' => 'owner_id'),
+        'codes' => array('type' => MIDAS_ONE_TO_MANY, 'model' => 'Code', 'module' => 'oauth', 'parent_column' => 'client_id', 'child_column' => 'client_id'),
+        'tokens' => array('type' => MIDAS_ONE_TO_MANY, 'model' => 'Token', 'module' => 'oauth', 'parent_column' => 'client_id', 'child_column' => 'client_id')
         );
     $this->initialize(); // required
     } // end __construct()
@@ -63,5 +65,31 @@ public function create($userDao, $name)
 
     return $clientDao;
     }
+
+  /**
+   * Delete a client.  Deletes all associated tokens and codes
+   */
+  public function delete($clientDao)
+    {
+    $tokens = $clientDao->getTokens();
+    $tokenModel = MidasLoader::loadModel('Token', 'oauth');
+
+    foreach($tokens as $token)
+      {
+      $tokenModel->delete($token);
+      }
+    $tokens = null;
+
+    $codes = $clientDao->getCodes();
+    $codeModel = MidasLoader::loadModel('Code', 'oauth');
+
+    foreach($codes as $code)
+      {
+      $codeModel->delete($code);
+      }
+    $codes = null;
+
+    parent::delete($clientDao);
+    }
 }
 ?>
diff --git a/modules/oauth/models/base/CodeModelBase.php b/modules/oauth/models/base/CodeModelBase.php
@@ -44,6 +44,7 @@ public function __construct()
 
   public abstract function getByUser($userDao);
   public abstract function getByCode($code);
+  public abstract function cleanExpired();
 
   /**
    * Create and return a new oauth authorization code for the given client and user. Expires after 10 minutes

diff --git a/modules/oauth/models/base/TokenModelBase.php b/modules/oauth/models/base/TokenModelBase.php
@@ -46,6 +46,7 @@ public function __construct()
   public abstract function getByToken($token);
   public abstract function getByUser($userDao, $onlyValid = true);
   public abstract function expireTokens($userDao, $clientDao);
+  public abstract function cleanExpired();
 
   /**
    * Use the provided codeDao to create and return an oauth access token.

diff --git a/modules/oauth/models/pdo/CodeModel.php b/modules/oauth/models/pdo/CodeModel.php
@@ -48,5 +48,22 @@ public function getByCode($code)
                                           ->where('code = ?', $code));
     return $this->initDao('Code', $row, $this->moduleName);
     }
+
+  /**
+   * Removes expired access tokens from the database
+   */
+  public function cleanExpired()
+    {
+    $sql = $this->database->select()->setIntegrityCheck(false)
+                ->where('expiration_date < ?', date('c'));
+
+    $rows = $this->database->fetchAll($sql);
+    foreach($rows as $row)
+      {
+      $tmpDao = $this->initDao('Code', $row, $this->moduleName);
+      $this->delete($tmpDao);
+      $tmpDao = null; //mark for memory reclamation
+      }
+    }
 }
 ?>
diff --git a/modules/oauth/models/pdo/TokenModel.php b/modules/oauth/models/pdo/TokenModel.php
@@ -63,5 +63,22 @@ public function expireTokens($userDao, $clientDao)
     $data = array('expiration_date' => date('c'));
     $this->database->getDB()->update('oauth_token', $data, 'user_id = '.$userDao->getKey().' AND client_id = '.$clientDao->getKey());
     }
+
+  /**
+   * Removes expired access tokens from the database
+   */
+  public function cleanExpired()
+    {
+    $sql = $this->database->select()->setIntegrityCheck(false)
+                ->where('expiration_date < ?', date('c'))
+                ->where('type = ?', MIDAS_OAUTH_TOKEN_TYPE_ACCESS);
+    $rows = $this->database->fetchAll($sql);
+    foreach($rows as $row)
+      {
+      $tmpDao = $this->initDao('Token', $row, $this->moduleName);
+      $this->delete($tmpDao);
+      $tmpDao = null; //mark for memory reclamation
+      }
+    }
 }
 ?>