From 72dda68c937d2b8050f2ce1efbbe8b1fe7e334d2 Mon Sep 17 00:00:00 2001 From: Teodor Talov Date: Thu, 31 Aug 2017 11:34:25 -0400 Subject: [PATCH] Replaced web_ira with users table --- src/OAuth2/Storage/AetStorage.php | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/src/OAuth2/Storage/AetStorage.php b/src/OAuth2/Storage/AetStorage.php index bf83374..bca371a 100644 --- a/src/OAuth2/Storage/AetStorage.php +++ b/src/OAuth2/Storage/AetStorage.php @@ -4,7 +4,7 @@ class AetStorage implements AccessTokenInterface, - ClientCredentialsInterface, + ClientCredentialsInterface, UserCredentialsInterface { protected $db; @@ -27,7 +27,7 @@ public function __construct($config = array()) $connection = array('dsn' => $dsn, 'username' => $username, 'password' => $password); - + if (!$connection instanceof \PDO) { if (is_string($connection)) { $connection = array('dsn' => $connection); @@ -56,7 +56,7 @@ public function __construct($config = array()) 'access_token_table' => 'oauth_access_tokens', 'refresh_token_table' => 'oauth_refresh_tokens', 'code_table' => 'oauth_authorization_codes', - 'user_table' => 'web_ira', + 'user_table' => 'users', 'jwt_table' => 'oauth_jwt', 'jti_table' => 'oauth_jti', 'scope_table' => 'oauth_scopes', @@ -295,8 +295,7 @@ public function unsetRefreshToken($refresh_token) // plaintext passwords are bad! Override this for your application protected function checkPassword($user, $password) { -// return $user['password'] == sha1($password); - return $user['password'] == $password; + return password_verify($password, $user['password']); } public function getUser($username) @@ -304,10 +303,10 @@ public function getUser($username) $params = array( 'username' => $username ); - + $this->ci_ira_model->fxconnect(); $fxuser = $this->ci_ira_model->fxquery('web_ira', $params, 1); - + if($fxuser){ // Oauth TokenController required user_id field $fxuser[0]['user_id'] = $fxuser[0]['username']; @@ -327,8 +326,8 @@ public function tempGetUser($username) return array_merge(array( 'user_id' => $username ), $userInfo); - } - + } + public function setUser($username, $password, $firstName = null, $lastName = null) { // do not store in plaintext @@ -458,20 +457,20 @@ public function getEncryptionAlgorithm($client_id = null) } public function delete_user_access_tokens($user_id){ - + $sql = "DELETE FROM oauth_access_tokens WHERE user_id = :user_id"; $stmt = $this->db->prepare($sql); - $stmt->bindParam(':user_id', $user_id); + $stmt->bindParam(':user_id', $user_id); $stmt->execute(); } - + public function delete_expired_access_tokens(){ $sql = "DELETE FROM oauth_access_tokens WHERE expire < now()"; - $stmt = $this->db->prepare($sql); + $stmt = $this->db->prepare($sql); $stmt->execute(); } - + /** * DDL to create OAuth2 database and tables for PDO storage * @@ -559,4 +558,4 @@ public function getBuildSql($dbName = 'oauth2_server_php') return $sql; } -} +} \ No newline at end of file