Add an authentication storage based on access tokens

config/module.config.php

@@ -27,6 +27,7 @@
             'ZfrOAuth2\Server\Service\ClientService'                           => 'ZfrOAuth2Module\Server\Factory\ClientServiceFactory',
             'ZfrOAuth2\Server\Service\ScopeService'                            => 'ZfrOAuth2Module\Server\Factory\ScopeServiceFactory',
             'ZfrOAuth2Module\Server\Authentication\Adapter\AccessTokenAdapter' => 'ZfrOAuth2Module\Server\Factory\AccessTokenAdapterFactory',
+            'ZfrOAuth2Module\Server\Authentication\Storage\AccessTokenStorage' => 'ZfrOAuth2Module\Server\Factory\AccessTokenStorageFactory',
             'ZfrOAuth2Module\Server\Options\ModuleOptions'                     => 'ZfrOAuth2Module\Server\Factory\ModuleOptionsFactory',
             'ZfrOAuth2Module\Server\Grant\GrantPluginManager'                  => 'ZfrOAuth2Module\Server\Factory\GrantPluginManagerFactory',
 

src/ZfrOAuth2Module/Server/Authentication/Storage/AccessTokenStorage.php

@@ -0,0 +1,75 @@
+<?php
+/*
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * This software consists of voluntary contributions made by many individuals
+ * and is licensed under the MIT license.
+ */
+
+namespace ZfrOAuth2Module\Server\Authentication\Storage;
+
+use Zend\Authentication\Storage\NonPersistent;
+use Zend\Http\Request as HttpRequest;
+use ZfrOAuth2\Server\ResourceServer;
+
+/**
+ * @author  Michaël Gallego <mic.gallego@gmail.com>
+ * @licence MIT
+ */
+class AccessTokenStorage extends NonPersistent
+{
+    /**
+     * @var ResourceServer
+     */
+    protected $resourceServer;
+
+    /**
+     * @var HttpRequest
+     */
+    protected $request;
+
+    /**
+     * @param ResourceServer $resourceServer
+     */
+    public function __construct(ResourceServer $resourceServer)
+    {
+        $this->resourceServer = $resourceServer;
+    }
+
+    /**
+     * Set the HTTP request
+     *
+     * @param  HttpRequest $request
+     * @return void
+     */
+    public function setRequest(HttpRequest $request)
+    {
+        $this->request = $request;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public function isEmpty()
+    {
+        return $this->resourceServer->getAccessToken($this->request) === null;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public function read()
+    {
+        return $this->resourceServer->getAccessToken($this->request)->getOwner();
+    }
+}

src/ZfrOAuth2Module/Server/Factory/AccessTokenStorageFactory.php

@@ -0,0 +1,48 @@
+<?php
+/*
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * This software consists of voluntary contributions made by many individuals
+ * and is licensed under the MIT license.
+ */
+
+namespace ZfrOAuth2Module\Server\Factory;
+
+use Zend\Http\Request as HttpRequest;
+use Zend\ServiceManager\FactoryInterface;
+use Zend\ServiceManager\ServiceLocatorInterface;
+use ZfrOAuth2Module\Server\Authentication\Storage\AccessTokenStorage;
+
+/**
+ * @author  Michaël Gallego <mic.gallego@gmail.com>
+ * @licence MIT
+ */
+class AccessTokenStorageFactory implements FactoryInterface
+{
+    /**
+     * {@inheritDoc}
+     */
+    public function createService(ServiceLocatorInterface $serviceLocator)
+    {
+        $accessTokenStorage = new AccessTokenStorage($serviceLocator->get('ZfrOAuth2\Server\ResourceServer'));
+
+        // It only makes sense to set the request if it is HTTP request
+        $request = $serviceLocator->get('Application')->getRequest();
+
+        if ($request instanceof HttpRequest) {
+            $accessTokenStorage->setRequest($request);
+        }
+
+        return $accessTokenStorage;
+    }
+}

src/ZfrOAuth2Module/Server/Factory/AuthenticationServiceFactory.php

@@ -19,7 +19,6 @@
 namespace ZfrOAuth2Module\Server\Factory;
 
 use Zend\Authentication\AuthenticationService;
-use Zend\Authentication\Storage\NonPersistent;
 use Zend\ServiceManager\FactoryInterface;
 use Zend\ServiceManager\ServiceLocatorInterface;
 
@@ -36,7 +35,7 @@ public function createService(ServiceLocatorInterface $serviceLocator)
     {
         // When using an API based on a REST API, the authentication is stateless
         return new AuthenticationService(
-            new NonPersistent(),
+            $serviceLocator->get('ZfrOAuth2Module\Server\Authentication\Storage\AccessTokenStorage'),
             $serviceLocator->get('ZfrOAuth2Module\Server\Authentication\Adapter\AccessTokenAdapter')
         );
     }

tests/ZfrOAuth2ModuleTest/Server/Authentication/Storage/AccessTokenStorageTest.php

@@ -0,0 +1,69 @@
+<?php
+/*
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * This software consists of voluntary contributions made by many individuals
+ * and is licensed under the MIT license.
+ */
+
+namespace ZfrOAuth2ModuleTest\Server\Authentication\Storage;
+
+use Zend\Authentication\Result;
+use Zend\Http\Request as HttpRequest;
+use ZfrOAuth2\Server\Entity\AccessToken;
+use ZfrOAuth2Module\Server\Authentication\Storage\AccessTokenStorage;
+
+/**
+ * @author  Michaël Gallego <mic.gallego@gmail.com>
+ * @licence MIT
+ *
+ * @covers \ZfrOAuth2Module\Server\Authentication\Storage\AccessTokenStorage
+ */
+class AccessTokenStorageTest extends \PHPUnit_Framework_TestCase
+{
+    public function testIsConsideredAsEmptyIfNoAccessToken()
+    {
+        $resourceServer = $this->getMock('ZfrOAuth2\Server\ResourceServer', [], [], '', false);
+        $request        = new HttpRequest();
+
+        $storage = new AccessTokenStorage($resourceServer);
+        $storage->setRequest($request);
+
+        $resourceServer->expects($this->once())
+                       ->method('getAccessToken')
+                       ->with($request)
+                       ->will($this->returnValue(null));
+
+        $this->isTrue($storage->isEmpty());
+    }
+
+    public function testReadOwnerFromAccessToken()
+    {
+        $resourceServer = $this->getMock('ZfrOAuth2\Server\ResourceServer', [], [], '', false);
+        $request        = new HttpRequest();
+
+        $storage = new AccessTokenStorage($resourceServer);
+        $storage->setRequest($request);
+
+        $token = new AccessToken();
+        $owner = $this->getMock('ZfrOAuth2\Server\Entity\TokenOwnerInterface');
+        $token->setOwner($owner);
+
+        $resourceServer->expects($this->once())
+                       ->method('getAccessToken')
+                       ->with($request)
+                       ->will($this->returnValue($token));
+
+        $this->assertSame($owner, $storage->read());
+    }
+}

tests/ZfrOAuth2ModuleTest/Server/Factory/AuthenticationServiceFactoryTest.php

@@ -33,6 +33,11 @@ public function testCanCreateFromFactory()
     {
         $serviceManager = new ServiceManager();
 
+        $serviceManager->setService(
+            'ZfrOAuth2Module\Server\Authentication\Storage\AccessTokenStorage',
+            $this->getMock('Zend\Authentication\Storage\StorageInterface')
+        );
+
         $serviceManager->setService(
             'ZfrOAuth2Module\Server\Authentication\Adapter\AccessTokenAdapter',
             $this->getMock('Zend\Authentication\Adapter\AdapterInterface')
@@ -42,6 +47,5 @@ public function testCanCreateFromFactory()
         $service = $factory->createService($serviceManager);
 
         $this->assertInstanceOf('Zend\Authentication\AuthenticationService', $service);
-        $this->assertInstanceOf('Zend\Authentication\Storage\NonPersistent', $service->getStorage());
     }
 }