Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

These changes make the mongodb example current and fix a couple minor issues. #13

Open
wants to merge 14 commits into from

1 participant

@elbunce

These changes also add testing to the mongodb example for password and client_credentials grant types.
Fix for the client_credentials to fail appropriately if the grant fails.
Fix so client_credentials grants_type doesn't generate a refresh_token as per the spec it SHOULD NOT.

elbunce and others added some commits
@elbunce elbunce Update MongoDB implementation and example. eeb82c2
@elbunce elbunce Remove unnecessary bit. 6037111
@elbunce elbunce Remove test db info. 48c80ca
@elbunce elbunce Make sure we stash the user_id in the collections. 2f7b9e2
@elbunce elbunce Add code to check client_credentials and password grant types to mong…
…o examples.

Fix client_credentials grant check to throw an exception if the grant fails.
4861a87
@elbunce elbunce Per http://tools.ietf.org/html/draft-ietf-oauth-v2-23#section-4.4.3 c…
…lient_credentials grant_type's SHOULD NOT generate refresh tokens.
ff17f92
@elbunce elbunce Remove some old PDO crud and an outdated comment. 7f91329
@elbunce elbunce Ok, turns out the grant type client credentials result check is super…
…flous (see checkRestrictedGrantType).
f2f729e
Virginie BARDALES Fix test suite and change requires to require_onces 990a8c4
@elbunce elbunce Merge pull request #1 from vbardales/fix-test-suite
Fix test suite and change requires to require_onces
3526518
@elbunce elbunce Make the mongo checkClientCredentialsGrant() example return something…
… more consistent with the other check{}Grant() calls.
a8e24a6
@elbunce elbunce Fix the $stored[] returns from user and client credentials path not b…
…ork if a scope is passed in.

Realistically the scope handling needs to be cleaned up, but not today...
beef5bf
@elbunce elbunce Merge branch 'master' of https://github.com/elbunce/oauth2-php a7a8511
@elbunce elbunce Make grantAccessToken return the token that was created (useful for l…
…ogging and other purposes.

Add a getError accessor method to OAuth2ServerException.
29a70d3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Feb 14, 2012
  1. @elbunce
  2. @elbunce

    Remove unnecessary bit.

    elbunce authored
  3. @elbunce

    Remove test db info.

    elbunce authored
  4. @elbunce
  5. @elbunce

    Add code to check client_credentials and password grant types to mong…

    elbunce authored
    …o examples.
    
    Fix client_credentials grant check to throw an exception if the grant fails.
  6. @elbunce

    Per http://tools.ietf.org/html/draft-ietf-oauth-v2-23#section-4.4.3 c…

    elbunce authored
    …lient_credentials grant_type's SHOULD NOT generate refresh tokens.
  7. @elbunce
Commits on Feb 15, 2012
  1. @elbunce

    Ok, turns out the grant type client credentials result check is super…

    elbunce authored
    …flous (see checkRestrictedGrantType).
Commits on Feb 17, 2012
  1. Fix test suite and change requires to require_onces

    Virginie BARDALES authored
Commits on Mar 29, 2012
  1. @elbunce

    Merge pull request #1 from vbardales/fix-test-suite

    elbunce authored
    Fix test suite and change requires to require_onces
  2. @elbunce

    Make the mongo checkClientCredentialsGrant() example return something…

    elbunce authored
    … more consistent with the other check{}Grant() calls.
  3. @elbunce

    Fix the $stored[] returns from user and client credentials path not b…

    elbunce authored
    …ork if a scope is passed in.
    
    Realistically the scope handling needs to be cleaned up, but not today...
  4. @elbunce
Commits on Apr 3, 2012
  1. @elbunce

    Make grantAccessToken return the token that was created (useful for l…

    elbunce authored
    …ogging and other purposes.
    
    Add a getError accessor method to OAuth2ServerException.
This page is out of date. Refresh to see the latest.
View
41 lib/OAuth2.php
@@ -1,7 +1,7 @@
<?php
-require 'OAuth2ServerException.php';
-require 'OAuth2AuthenticateException.php';
-require 'OAuth2RedirectException.php';
+require_once 'OAuth2ServerException.php';
+require_once 'OAuth2AuthenticateException.php';
+require_once 'OAuth2RedirectException.php';
/**
* @mainpage
@@ -29,6 +29,7 @@
*
* @see http://code.google.com/p/oauth2-php/
* @see https://github.com/quizlet/oauth2-php
+ * @see https://github.com/elbunce/oauth2-php
*/
/**
@@ -574,6 +575,9 @@ private function checkScope($required_scope, $available_scope) {
* retrieved from POST, but you can override to whatever method you like.
* @throws OAuth2ServerException
*
+ * @return array
+ * Token
+ *
* @see http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-4
* @see http://tools.ietf.org/html/draft-ietf-oauth-v2-21#section-10.6
* @see http://tools.ietf.org/html/draft-ietf-oauth-v2-21#section-4.1.3
@@ -618,6 +622,9 @@ public function grantAccessToken(array $inputData = NULL, array $authHeaders = N
throw new OAuth2ServerException(self::HTTP_BAD_REQUEST, self::ERROR_UNAUTHORIZED_CLIENT, 'The grant type is unauthorized for this client_id');
}
+ // most grant types SHOULD generate a refresh token
+ $generate_refresh = TRUE;
+
// Do the granting
switch ($input["grant_type"]) {
case self::GRANT_TYPE_AUTH_CODE:
@@ -664,6 +671,8 @@ public function grantAccessToken(array $inputData = NULL, array $authHeaders = N
if ($stored === FALSE) {
throw new OAuth2ServerException(self::HTTP_BAD_REQUEST, self::ERROR_INVALID_GRANT);
}
+
+ $stored["scope"] = $input["scope"];
break;
case self::GRANT_TYPE_CLIENT_CREDENTIALS:
@@ -674,8 +683,14 @@ public function grantAccessToken(array $inputData = NULL, array $authHeaders = N
if (empty($client[1])) {
throw new OAuth2ServerException(self::HTTP_BAD_REQUEST, self::ERROR_INVALID_CLIENT, 'The client_secret is mandatory for the "client_credentials" grant type');
}
- // NB: We don't need to check for $stored==false, because it was checked above already
$stored = $this->storage->checkClientCredentialsGrant($client[0], $client[1]);
+ $stored["scope"] = $input["scope"];
+
+ // NB: We don't need to check for $stored==false, because it was checked above already
+
+ // per http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-4.4.3 client_credentials SHOULD NOT
+ // generate a refresh token
+ $generate_refresh = FALSE;
break;
case self::GRANT_TYPE_REFRESH_TOKEN:
@@ -696,7 +711,7 @@ public function grantAccessToken(array $inputData = NULL, array $authHeaders = N
if ($stored["expires"] < time()) {
throw new OAuth2ServerException(self::HTTP_BAD_REQUEST, self::ERROR_INVALID_GRANT, 'Refresh token has expired');
}
-
+
// store the refresh token locally so we can delete it when a new refresh token is generated
$this->oldRefreshToken = $stored["refresh_token"];
break;
@@ -737,11 +752,15 @@ public function grantAccessToken(array $inputData = NULL, array $authHeaders = N
}
$user_id = isset($stored['user_id']) ? $stored['user_id'] : null;
- $token = $this->createAccessToken($client[0], $user_id, $stored['scope']);
+ $token = $this->createAccessToken($client[0], $user_id, $stored['scope'], $generate_refresh);
// Send response
$this->sendJsonHeaders();
echo json_encode($token);
+
+ // give the caller some info on what was just created...
+ $token['client_id'] = $client[0];
+ return $token;
}
/**
@@ -914,7 +933,7 @@ public function finishClientAuthorization($is_authorized, $user_id = NULL, $para
if ($response_type == self::RESPONSE_TYPE_AUTH_CODE) {
$result["query"]["code"] = $this->createAuthCode($client_id, $user_id, $redirect_uri, $scope);
} elseif ($response_type == self::RESPONSE_TYPE_ACCESS_TOKEN) {
- $result["fragment"] = $this->createAccessToken($client_id, $user_id, $scope);
+ $result["fragment"] = $this->createAccessToken($client_id, $user_id, $scope, TRUE);
}
}
@@ -989,13 +1008,17 @@ private function buildUri($uri, $params) {
*
* @param $client_id
* Client identifier related to the access token.
+ * @param $user_id
+ * User identifier related to the access token
* @param $scope
* (optional) Scopes to be stored in space-separated string.
+ * @param $generate_refresh
+ * (optional) Generate a refresh token
*
* @see http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-5
* @ingroup oauth2_section_5
*/
- protected function createAccessToken($client_id, $user_id, $scope = NULL) {
+ protected function createAccessToken($client_id, $user_id, $scope = NULL, $generate_refresh = TRUE) {
$token = array(
"access_token" => $this->genAccessToken(),
@@ -1007,7 +1030,7 @@ protected function createAccessToken($client_id, $user_id, $scope = NULL) {
$this->storage->setAccessToken($token["access_token"], $client_id, $user_id, time() + $this->getVariable(self::CONFIG_ACCESS_LIFETIME), $scope);
// Issue a refresh token also, if we support them
- if ($this->storage instanceof IOAuth2RefreshTokens) {
+ if ($generate_refresh && $this->storage instanceof IOAuth2RefreshTokens) {
$token["refresh_token"] = $this->genAccessToken();
$this->storage->setRefreshToken($token["refresh_token"], $client_id, $user_id, time() + $this->getVariable(self::CONFIG_REFRESH_LIFETIME), $scope);
View
7 lib/OAuth2ServerException.php
@@ -41,6 +41,13 @@ public function getDescription() {
/**
* @return string
*/
+ public function getError() {
+ return $this->errorData['error'];
+ }
+
+ /**
+ * @return string
+ */
public function getHttpCode() {
return $this->httpCode;
}
View
16 server/examples/mongo/addclient.php
@@ -7,11 +7,11 @@
* Obviously not production-ready code, just simple and to the point.
*/
-require "lib/MongoOAuth2.php";
+require_once "lib/OAuth2StorageMongo.php";
if ($_POST && isset($_POST["client_id"]) && isset($_POST["client_secret"]) && isset($_POST["redirect_uri"])) {
- $oauth = new MongoOAuth2();
- $oauth->addClient($_POST["client_id"], $_POST["client_secret"], $_POST["redirect_uri"]);
+ $oauth = new OAuth2StorageMongo();
+ $oauth->addClient($_POST["client_id"], $_POST["client_secret"], $_POST["redirect_uri"], $_POST["grant_types"]);
}
?>
@@ -22,12 +22,10 @@
</head>
<body>
<form method="post" action="addclient.php">
-<p><label for="client_id">Client ID:</label> <input type="text"
- name="client_id" id="client_id" /></p>
-<p><label for="client_secret">Client Secret (password/key):</label> <input
- type="text" name="client_secret" id="client_secret" /></p>
-<p><label for="redirect_uri">Redirect URI:</label> <input type="text"
- name="redirect_uri" id="redirect_uri" /></p>
+<p><label for="client_id">Client ID:</label> <input type="text" name="client_id" id="client_id" /></p>
+<p><label for="client_secret">Client Secret (password/key):</label> <input type="text" name="client_secret" id="client_secret" /></p>
+<p><label for="redirect_uri">Redirect URI:</label> <input type="text" name="redirect_uri" id="redirect_uri" size='80' /></p>
+<p><label for="grant_types">Grant Types:</label> <input type="text" name="grant_types" id="grant_types" value="authorization_code,refresh_token,extensions"/ size='80'></p>
<input type="submit" value="Submit" /></form>
</body>
</html>
View
29 server/examples/mongo/adduser.php
@@ -0,0 +1,29 @@
+<?php
+
+/**
+ * @file
+ * Sample user add script.
+ *
+ * Obviously not production-ready code, just simple and to the point.
+ */
+
+require_once "lib/OAuth2StorageMongo.php";
+
+if ($_POST && isset($_POST["user_name"]) && isset($_POST["user_secret"])) {
+ $oauth = new OAuth2StorageMongo();
+ $oauth->addUser($_POST["user_name"], $_POST["user_secret"]);
+}
+
+?>
+
+<html>
+<head>
+Add User
+</head>
+<body>
+<form method="post" action="adduser.php">
+<p><label for="client_id">Usernae:</label> <input type="text" name="user_name" id="user_name" /></p>
+<p><label for="client_secret">User Secret (password/key):</label> <input type="text" name="user_secret" id="user_secret" /></p>
+<input type="submit" value="Submit" /></form>
+</body>
+</html>
View
39 server/examples/mongo/authorize.php
@@ -9,12 +9,28 @@
* In reality, you'd probably use a nifty framework to handle most of the crud for you.
*/
-require "lib/MongoOAuth2.php";
+// Clickjacking prevention (supported by IE8+, FF3.6.9+, Opera10.5+, Safari4+, Chrome 4.1.249.1042+)
+header('X-Frame-Options: DENY');
-$oauth = new MongoOAuth2();
+require_once "lib/OAuth2StorageMongo.php";
+
+/*
+ * You would need to authenticate the user before authorization.
+ *
+ * Below is some psudeo-code to show what you might do:
+ *
+session_start();
+if (!isLoggedIn()) {
+ redirectToLoginPage();
+ exit();
+}
+ */
+
+$oauth = new OAuth2(new OAuth2StorageMongo());
if ($_POST) {
- $oauth->finishClientAuthorization($_POST["accept"] == "Yep", $_POST);
+ $userId = 100; // Use whatever method you have for identifying users.
+ $oauth->finishClientAuthorization($_POST["accept"] == "Yep", $userId, $_POST);
}
try {
@@ -26,14 +42,21 @@
?>
<html>
<head>
-Authorize
+<title>Authorize</title>
+<script>
+ if (top != self) {
+ window.document.write("<div style='background:black; opacity:0.5; filter: alpha (opacity = 50); position: absolute; top:0px; left: 0px;"
+ + "width: 9999px; height: 9999px; zindex: 1000001' onClick='top.location.href=window.location.href'></div>");
+ }
+ </script>
</head>
<body>
<form method="post" action="authorize.php">
- <?php foreach ($auth_params as $k => $v) { ?>
- <input type="hidden" name="<?php echo $k ?>"
- value="<?php echo $v ?>" />
- <?php } ?>
+ <?php foreach ($auth_params as $key => $value) : ?>
+ <input type="hidden"
+ name="<?php echo htmlspecialchars($key, ENT_QUOTES); ?>"
+ value="<?php echo htmlspecialchars($value, ENT_QUOTES); ?>" />
+ <?php endforeach; ?>
Do you authorize the app to do its thing?
<p><input type="submit" name="accept" value="Yep" /> <input
type="submit" name="accept" value="Nope" /></p>
View
111 server/examples/mongo/lib/OAuth2StorageMongo.php
@@ -6,18 +6,18 @@
*
*/
-require __DIR__ . '/../../../../lib/OAuth2.php';
-require __DIR__ . '/../../../../lib/IOAuth2Storage.php';
-require __DIR__ . '/../../../../lib/IOAuth2GrantCode.php';
-require __DIR__ . '/../../../../lib/IOAuth2RefreshTokens.php';
+require_once __DIR__ . '/../../../../lib/OAuth2.php';
+require_once __DIR__ . '/../../../../lib/IOAuth2Storage.php';
+require_once __DIR__ . '/../../../../lib/IOAuth2GrantCode.php';
+require_once __DIR__ . '/../../../../lib/IOAuth2GrantClient.php';
+require_once __DIR__ . '/../../../../lib/IOAuth2GrantUser.php';
+require_once __DIR__ . '/../../../../lib/IOAuth2RefreshTokens.php';
/**
- * WARNING: This example file has not been kept up to date like the PDO example has.
- * FIXME: Update the Mongo examples
*
* Mongo storage engine for the OAuth2 Library.
*/
-class OAuth2StorageMongo implements IOAuth2GrantCode, IOAuth2RefreshTokens {
+class OAuth2StorageMongo implements IOAuth2GrantCode, IOAuth2RefreshTokens, IOAuth2GrantClient, IOAuth2GrantUser {
/**
* Change this to something unique for your system
@@ -26,6 +26,7 @@ class OAuth2StorageMongo implements IOAuth2GrantCode, IOAuth2RefreshTokens {
const SALT = 'CHANGE_ME!';
const CONNECTION = 'mongodb://user:pass@mongoserver/mydb';
+// const CONNECTION = 'mongodb://user:pass@localhost/mydb';
const DB = 'mydb';
/**
@@ -36,7 +37,7 @@ class OAuth2StorageMongo implements IOAuth2GrantCode, IOAuth2RefreshTokens {
/**
* Implements OAuth2::__construct().
*/
- public function __construct(PDO $db) {
+ public function __construct() {
$mongo = new Mongo(self::CONNECTION);
$this->db = $mongo->selectDB(self::DB);
@@ -50,14 +51,6 @@ function __destruct() {
}
/**
- * Handle PDO exceptional cases.
- */
- private function handleException($e) {
- echo 'Database error: ' . $e->getMessage();
- exit();
- }
-
- /**
* Little helper function to add a new client to the database.
*
* @param $client_id
@@ -66,9 +59,27 @@ private function handleException($e) {
* Client secret to be stored.
* @param $redirect_uri
* Redirect URI to be stored.
+ * @param $grant_types
+ * Supported grant types
+ */
+ public function addClient($client_id, $client_secret, $redirect_uri, $grant_types) {
+ $client = array("_id" => $client_id, "pw" => $this->hash($client_secret, $client_id), "redirect_uri" => $redirect_uri);
+ if ($grant_types)
+ $client['grant_types'] = explode(',', $grant_types);
+ $this->db->clients->save($client);
+ }
+
+ /**
+ * Little helper function to add a new user to the database.
+ *
+ * @param $username
+ * Username identifier to be stored.
+ * @param $password
+ * Password to be stored.
*/
- public function addClient($client_id, $client_secret, $redirect_uri) {
- $this->db->clients->insert(array("_id" => $client_id, "pw" => $this->hash($client_secret, $client_id), "redirect_uri" => $redirect_uri));
+ public function addUser($username, $password) {
+ $user = array("_id" => $username, "pw" => $this->hash($password, $username));
+ $this->db->users->save($user);
}
/**
@@ -76,8 +87,8 @@ public function addClient($client_id, $client_secret, $redirect_uri) {
*
*/
public function checkClientCredentials($client_id, $client_secret = NULL) {
- $client = $this->db->clients->findOne(array("_id" => $client_id, "pw" => $client_secret));
- return $this->checkPassword($client_secret, $result['client_secret'], $client_id);
+ $client = $this->db->clients->findOne(array("_id" => $client_id), array("pw"));
+ return $this->checkPassword($client['pw'], $client_secret, $client_id);
}
/**
@@ -85,6 +96,7 @@ public function checkClientCredentials($client_id, $client_secret = NULL) {
*/
public function getClientDetails($client_id) {
$result = $this->db->clients->findOne(array("_id" => $client_id), array("redirect_uri"));
+ return $result;
}
/**
@@ -98,38 +110,57 @@ public function getAccessToken($oauth_token) {
* Implements IOAuth2Storage::setAccessToken().
*/
public function setAccessToken($oauth_token, $client_id, $user_id, $expires, $scope = NULL) {
- $this->db->tokens->insert(array("_id" => $oauth_token, "client_id" => $client_id, "expires" => $expires, "scope" => $scope));
+ $this->db->tokens->insert(array("_id" => $oauth_token, "client_id" => $client_id, "user_id" => $user_id, "expires" => $expires, "scope" => $scope));
}
/**
- * @see IOAuth2Storage::getRefreshToken()
+ * @see IOAuth2RefreshTokens::getRefreshToken()
*/
public function getRefreshToken($refresh_token) {
- return $this->getToken($refresh_token, TRUE);
+ return $this->db->refresh_tokens->findOne(array("_id" => $refresh_token));
}
/**
- * @see IOAuth2Storage::setRefreshToken()
+ * @see IOAuth2RefreshTokens::setRefreshToken()
*/
public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = NULL) {
- return $this->setToken($refresh_token, $client_id, $user_id, $expires, $scope, TRUE);
+ $this->db->refresh_tokens->insert(array("_id" => $refresh_token, "client_id" => $client_id, "user_id" => $user_id, "expires" => $expires, "scope" => $scope));
}
/**
- * @see IOAuth2Storage::unsetRefreshToken()
+ * @see IOAuth2RefreshTokens::unsetRefreshToken()
*/
public function unsetRefreshToken($refresh_token) {
- try {
- $sql = 'DELETE FROM ' . self::TABLE_TOKENS . ' WHERE refresh_token = :refresh_token';
- $stmt = $this->db->prepare($sql);
- $stmt->bindParam(':refresh_token', $refresh_token, PDO::PARAM_STR);
- $stmt->execute();
- } catch (PDOException $e) {
- $this->handleException($e);
- }
+ $this->db->refresh_tokens->remove(array("_id" => $refresh_token));
}
/**
+ * @see IOAuth2GrantClient::checkClientCredentialsGrant()
+ */
+ public function checkClientCredentialsGrant($client_id, $client_secret) {
+ $client = $this->db->clients->findOne(array('_id' => $client_id), array('pw'));
+
+ if (!$this->checkPassword($client['pw'], $client_secret, $client_id))
+ return FALSE;
+
+ return array("client_id" => $client_id);
+ }
+
+ /**
+ * @see IOAuth2GrantUser::checkUserCredentials()
+ */
+ public function checkUserCredentials($client_id, $username, $password) {
+ $user = $this->db->users->findOne(array("_id" => $username));
+ if (!$this->checkPassword($user['pw'], $password, $username))
+ return false;
+
+ // we could check a users collection, blah blah, but this will suffice for now
+ $user['user_id'] = $user['_id'];
+ return $user;
+ }
+
+
+ /**
* Implements IOAuth2Storage::getAuthCode().
*/
public function getAuthCode($code) {
@@ -141,14 +172,21 @@ public function getAuthCode($code) {
* Implements IOAuth2Storage::setAuthCode().
*/
public function setAuthCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = NULL) {
- $this->db->auth_codes->insert(array("_id" => $code, "client_id" => $client_id, "redirect_uri" => $redirect_uri, "expires" => $expires, "scope" => $scope));
+ $this->db->auth_codes->insert(array("_id" => $code, "client_id" => $client_id, "redirect_uri" => $redirect_uri, "user_id" => $user_id, "expires" => $expires, "scope" => $scope));
}
/**
* @see IOAuth2Storage::checkRestrictedGrantType()
*/
public function checkRestrictedGrantType($client_id, $grant_type) {
- return TRUE; // Not implemented
+ $client = $this->db->clients->findOne(array('_id' => $client_id), array('grant_types'));
+
+ // if no grant types are specified, assume all are valid
+ if (!isset($client['grant_types']))
+ return TRUE;
+
+ // return true iff the grant_type is amongst those listed
+ return in_array($grant_type, $client['grant_types']);
}
/**
@@ -158,6 +196,7 @@ public function checkRestrictedGrantType($client_id, $grant_type) {
* @return string
*/
protected function hash($client_secret, $client_id) {
+// return hash('sha1', $client_id . $client_secret . self::SALT);
return hash('blowfish', $client_id . $client_secret . self::SALT);
}
View
4 server/examples/mongo/protected_resource.php
@@ -9,9 +9,7 @@
* In reality, you'd probably use a nifty framework to handle most of the crud for you.
*/
-require "lib/OAuth2StorageMongo.php";
-
-$token = isset($_GET[OAuth2::TOKEN_PARAM_NAME]) ? $_GET[OAuth2::TOKEN_PARAM_NAME] : null;
+require_once "lib/OAuth2StorageMongo.php";
try {
$oauth = new OAuth2(new OAuth2StorageMongo());
View
4 server/examples/mongo/token.php
@@ -9,9 +9,9 @@
* In reality, you'd probably use a nifty framework to handle most of the crud for you.
*/
-require "lib/MongoOAuth2.php";
+require_once "lib/OAuth2StorageMongo.php";
-$oauth = new MongoOAuth2();
+$oauth = new OAuth2(new OAuth2StorageMongo());
try {
$oauth->grantAccessToken();
} catch (OAuth2ServerException $oauthError) {
View
2  server/examples/pdo/addclient.php
@@ -7,7 +7,7 @@
* Obviously not production-ready code, just simple and to the point.
*/
-require "lib/OAuth2StoragePdo.php";
+require_once "lib/OAuth2StoragePdo.php";
if ($_POST && isset($_POST["client_id"]) && isset($_POST["client_secret"]) && isset($_POST["redirect_uri"])) {
$oauth = new OAuth2StoragePDO();
View
2  server/examples/pdo/authorize.php
@@ -11,7 +11,7 @@
// Clickjacking prevention (supported by IE8+, FF3.6.9+, Opera10.5+, Safari4+, Chrome 4.1.249.1042+)
header('X-Frame-Options: DENY');
-require "lib/OAuth2StoragePDO.php";
+require_once "lib/OAuth2StoragePDO.php";
/*
* You would need to authenticate the user before authorization.
View
8 server/examples/pdo/lib/OAuth2StoragePdo.php
@@ -8,10 +8,10 @@
* new OAuth2StoragePDO( new PDO('mysql:dbname=mydb;host=localhost', 'user', 'pass') );
*/
-require __DIR__ . '/../../../../lib/OAuth2.php';
-require __DIR__ . '/../../../../lib/IOAuth2Storage.php';
-require __DIR__ . '/../../../../lib/IOAuth2GrantCode.php';
-require __DIR__ . '/../../../../lib/IOAuth2RefreshTokens.php';
+require_once __DIR__ . '/../../../../lib/OAuth2.php';
+require_once __DIR__ . '/../../../../lib/IOAuth2Storage.php';
+require_once __DIR__ . '/../../../../lib/IOAuth2GrantCode.php';
+require_once __DIR__ . '/../../../../lib/IOAuth2RefreshTokens.php';
/**
* PDO storage engine for the OAuth2 Library.
View
2  server/examples/pdo/protected_resource.php
@@ -9,7 +9,7 @@
* In reality, you'd probably use a nifty framework to handle most of the crud for you.
*/
-require "lib/OAuth2StoragePDO.php";
+require_once "lib/OAuth2StoragePDO.php";
try {
$oauth = new OAuth2(new OAuth2StoragePDO());
View
2  server/examples/pdo/token.php
@@ -9,7 +9,7 @@
* In reality, you'd probably use a nifty framework to handle most of the crud for you.
*/
-require "lib/OAuth2StoragePDO.php";
+require_once "lib/OAuth2StoragePDO.php";
$oauth = new OAuth2(new OAuth2StoragePDO());
try {
View
2  tests/All_OAuth2_Tests.php
@@ -13,7 +13,7 @@ public function __construct() {
$this->setName ( 'OAuth2Suite' );
foreach (glob(__DIR__.'/*Test.php') as $filename) {
- require $filename;
+ require_once $filename;
$class = basename($filename, '.php');
$this->addTestSuite($class);
}
View
6 tests/OAuth2OutputTest.php
@@ -1,7 +1,7 @@
<?php
-require __DIR__ . '/../lib/OAuth2.php';
-require __DIR__ . '/../lib/IOAuth2Storage.php';
-require __DIR__ . '/../lib/IOAuth2GrantCode.php';
+require_once __DIR__ . '/../lib/OAuth2.php';
+require_once __DIR__ . '/../lib/IOAuth2Storage.php';
+require_once __DIR__ . '/../lib/IOAuth2GrantCode.php';
/**
* OAuth2 test cases that invovle capturing output.
View
6 tests/OAuth2Test.php
@@ -1,7 +1,7 @@
<?php
-require __DIR__ . '/../lib/OAuth2.php';
-require __DIR__ . '/../lib/IOAuth2Storage.php';
-require __DIR__ . '/../lib/IOAuth2GrantCode.php';
+require_once __DIR__ . '/../lib/OAuth2.php';
+require_once __DIR__ . '/../lib/IOAuth2Storage.php';
+require_once __DIR__ . '/../lib/IOAuth2GrantCode.php';
/**
* OAuth2 test case.
Something went wrong with that request. Please try again.