working on authorize and token methods

Controller/ServerController.php

@@ -1,5 +1,6 @@
 <?php
 require_once(CakePlugin::path('Oauth2') . 'Vendor' . DS . 'oauth2-php' . DS . 'lib' . DS . 'OAuth2.php');
+App::uses('OAuth2StorageCake', 'Oauth2.Lib');
 
 class ServerController extends AppController {
 /**
@@ -16,6 +17,7 @@ class ServerController extends AppController {
  */
 	public function beforeFilter() {
 		parent::beforeFilter();
+		$this->Storage = new OAuth2StorageCake();
 		if (isset($this->Auth)) {
 			$this->Auth->allow('*');
 		}
@@ -25,20 +27,37 @@ public function beforeFilter() {
  * 
  */
 	public function authorize() {
-		$oauth = new OAuth2();
-		if ($this->request->is('post') && $this->request->data['Server']['grant'] == 1) {
-			unset($this->request->data['Server']['grant']);
-			$oauth->finishClientAuthorization(true, $this->request->data);
+		// Clickjacking prevention (supported by IE8+, FF3.6.9+, Opera10.5+, Safari4+, Chrome 4.1.249.1042+)
+		header('X-Frame-Options: DENY');
+
+		$oauth = new OAuth2($this->Storage);
+
+		if ($this->request->is('post')) {
+			$userId = 42;
+			$oauth->finishClientAuthorization($this->request->data["accept"] == "Yep", $userId, $this->request->data);
+		}
+
+		try {
+			$authParams = $oauth->getAuthorizeParams();
+			$this->set(compact('authParams'));
+		} catch (OAuth2ServerException $oauthError) {
+			$oauthError->sendHttpResponse();
+			$this->_stop();
 		}
-		$this->set($authParams = $oauth->getAuthorizeParams());
+
 	}
 
 /**
  * 
  */
 	public function token() {
-		$oauth = new OAuth2();
-		$this->set('response', $oauth->grantAccessToken());
+		$oauth = new OAuth2($this->Storage);
+		try {
+			$oauth->grantAccessToken();
+		} catch (OAuth2ServerException $oauthError) {
+			$oauthError->sendHttpResponse();
+		}
+		$this->_stop();
 	}
 
 }

Lib/OAuth2StorageCake.php

@@ -1,9 +1,9 @@
 <?php
-$basePath = CakePlugin::path('Oauth2') . 'Vendor' . 'oauth2-php' . DS . 'lib'. DS;
-require_once($basePath . 'Oauth2.php')
-require_once($basePath . 'IOAuth2Storage.php')
-require_once($basePath . 'IOAuth2GrantCode.php')
-require_once($basePath . 'IOAuth2RefreshTokens.php')
+$basePath = CakePlugin::path('Oauth2') . 'Vendor' . DS .  'oauth2-php' . DS . 'lib'. DS;
+require_once($basePath . 'Oauth2.php');
+require_once($basePath . 'IOAuth2Storage.php');
+require_once($basePath . 'IOAuth2GrantCode.php');
+require_once($basePath . 'IOAuth2RefreshTokens.php');
 
 /**
  * CakePHP DBAL storage engine for the OAuth2 Library.
@@ -23,14 +23,14 @@ public function __construct($options = array()) {
 
 		$this->options = Set::merge($defaults, $options);
 
-		$this->SALT = Configure::read('Salt');
+		$this->salt = Configure::read('Oauth2.Salt');
 	}
 
 /**
  * Loads the required models on the fly
  */
 	public function __get($name) {
-		if (in_array($name, array_keys($this->options['models'])) {
+		if (in_array($name, array_keys($this->options['models']))) {
 			return ClassRegistry::init($this->options['models'][$name]);
 		}
 	}
@@ -61,7 +61,7 @@ public function addClient($client_id, $client_secret, $redirect_uri) {
 			$this->Client->alias => array(
 				'id' => $client_id,
 				'client_secret' > $client_secret,
-				'redirect_uri' => $redirect_uri));
+				'redirect_uri' => $redirect_uri)));
 	}
 
 /**
@@ -154,8 +154,8 @@ public function getAuthCode($code) {
  * Implements IOAuth2Storage::setAuthCode().
  */
 	public function setAuthCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = NULL) {
-		$this->AuthCode->save(
-			$this->AuthCode->alias => compact('code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'scope');
+		$this->AuthCode->save(array(
+			$this->AuthCode->alias => compact('code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'scope')));
 	}
 
 /**
@@ -181,8 +181,9 @@ protected function setToken($token, $client_id, $user_id, $expires, $scope, $isR
 			$model = 'RefreshToken';
 		}
 
-		$this->{$model}->save(
-			$this->{$model}->alias => compact('token', 'client_id', 'user_id', 'expires', 'scope');
+		$this->{$model}->save(array(
+			$this->{$model}->alias => compact('token', 'client_id', 'user_id', 'expires',
+				'scope')));
 	}
 
 /**
@@ -213,7 +214,7 @@ protected function getToken($token, $isRefresh = true) {
 	 * @return string
 	 */
 	protected function hash($client_secret, $client_id) {
-		return hash('sha256', $client_id.$client_secret.self::SALT);
+		return hash('sha256', $client_id . $client_secret . self::salt);
 	}
 
 /**

View/Server/authorize.ctp

@@ -1,10 +1,12 @@
+<form method="post" action="#">
 <?php
-	echo $this->Form->create();
-	foreach ($authParams as $k => $v) {
-		echo '<input type="hidden" name="' . $k . '" value="' . $v . '" />';
-	}
-	echo $this->Form->input('grant', array(
-		'type' => 'checkbox',
-		'label' => __('Do you authorize the app to do its thing?')));
-	echo $this->Form->end(__('Submit', true));
-?>
+	foreach ($authParams  as $key => $value) : ?>
+		<input type="hidden" name="<?=filter_var($key, FILTER_SANITIZE_FULL_SPECIAL_CHARS)?>" value="<?=filter_var($value, FILTER_SANITIZE_FULL_SPECIAL_CHARS)?>" />
+    <?php endforeach; ?>
+      Do you authorize the app to do its thing?
+      <p>
+        <input type="submit" name="accept" value="Yep" />
+        <input type="submit" name="accept" value="Nope" />
+      </p>
+    </form>
+