Merge pull request #8 from tfrommen/house-cleaning

House cleaning.

README.md

@@ -16,7 +16,7 @@ This is in extremely early beta, and does not work yet. Please help us out and c
 
 This plugin is licensed under the GNU General Public License v2 or later:
 
-> Copyright 2016 by the contributors.
+> Copyright 2017 by the contributors.
 >
 > This program is free software; you can redistribute it and/or modify
 > it under the terms of the GNU General Public License as published by

bin/readme.txt

@@ -1,15 +1,15 @@
-=== WordPress REST API - OAuth 1.0a Server ===
+=== WordPress REST API - OAuth 2 Server ===
 Contributors: rmccue, rachelbaker, danielbachhuber, joehoyle
 Tags: json, rest, api, rest-api
-Requires at least: 4.4
-Tested up to: 4.7-alpha
+Requires at least: 4.8
+Tested up to: 4.8
 Stable tag: {{TAG}}
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
 == Description ==
 Connect applications to your WordPress site without ever giving away your password.
 
-This plugin uses the OAuth 1.0a protocol to allow delegated authorization; that is, to allow applications to access a site using a set of secondary credentials. This allows server administrators to control which applications can access the site, as well as allowing users to control which applications have access to their data.
+This plugin uses the OAuth 2 protocol to allow delegated authorization; that is, to allow applications to access a site using a set of secondary credentials. This allows server administrators to control which applications can access the site, as well as allowing users to control which applications have access to their data.
 
-This plugin only supports WordPress >= 4.4.
+This plugin only supports WordPress >= 4.8.

bin/release.sh

@@ -4,8 +4,8 @@
 
 TAG=$1
 
-PLUGIN="rest-api-oauth1"
-TMPDIR=/tmp/rest-api-oauth1-release-svn
+PLUGIN="rest-api-oauth2"
+TMPDIR=/tmp/rest-api-oauth2-release-svn
 PLUGINDIR="$PWD"
 PLUGINSVN="https://plugins.svn.wordpress.org/$PLUGIN"
 

book.json

@@ -6,11 +6,11 @@
   "plugins": ["edit-link", "github"],
   "pluginsConfig": {
     "edit-link": {
-      "base": "https://github.com/WP-API/OAuth1/tree/master",
+      "base": "https://github.com/WP-API/OAuth2/tree/master",
       "label": "Edit This Page"
     },
     "github": {
-      "url": "https://github.com/WP-API/OAuth1/"
+      "url": "https://github.com/WP-API/OAuth2/"
     }
   }
 }

composer.json

@@ -1,13 +1,12 @@
 {
-    "name": "wp-api/oauth1",
-    "description": "OAuth 1.0a Server for WordPress",
-    "type": "wordpress-plugin",
-    "license": "GPL2+",
-    "authors": [
-        {
-            "name": "WP-API Team",
-            "homepage": "http://wp-api.org/"
-        }
-    ],
-    "require": {}
+  "name": "wp-api/oauth2",
+  "description": "OAuth 2 Server for WordPress",
+  "type": "wordpress-plugin",
+  "license": "GPL2+",
+  "authors": [
+    {
+      "name": "WP-API Team",
+      "homepage": "http://wp-api.org/"
+    }
+  ]
 }

inc/admin/class-admin.php

@@ -3,7 +3,6 @@
 namespace WP\OAuth2\Admin;
 
 use WP\OAuth2\Client;
-use WP\OAuth2\Types;
 use WP_Error;
 
 class Admin {
@@ -136,6 +135,12 @@ class="add-new-h2"><?php echo esc_html_x( 'Add New', 'application', 'rest_oauth2
 		<?php
 	}
 
+	/**
+	 * Validates given parameters.
+	 *
+	 * @param array $params RAW parameters.
+	 * @return array|WP_Error Validated parameters, or error on failure.
+	 */
 	protected static function validate_parameters( $params ) {
 		$valid = [];
 
@@ -167,11 +172,11 @@ protected static function validate_parameters( $params ) {
 	/**
 	 * Handle submission of the add page
 	 *
-	 * @param $consumer
+	 * @param Client $consumer
 	 *
 	 * @return array|null List of errors. Issues a redirect and exits on success.
 	 */
-	protected static function handle_edit_submit( $consumer ) {
+	protected static function handle_edit_submit( Client $consumer = null ) {
 		$messages = [];
 		if ( empty( $consumer ) ) {
 			$did_action = 'add';
@@ -243,8 +248,9 @@ public static function render_edit_page() {
 		}
 
 		// Are we editing?
-		$consumer    = null;
-		$form_action = self::get_url( 'action=add' );
+		$consumer          = null;
+		$form_action       = self::get_url( 'action=add' );
+		$regenerate_action = '';
 		if ( ! empty( $_REQUEST['id'] ) ) {
 			$id       = absint( $_REQUEST['id'] );
 			$consumer = Client::get_by_post_id( $id );

inc/admin/class-listtable.php

@@ -56,6 +56,9 @@ public function get_columns() {
 		return $c;
 	}
 
+	/**
+	 * @param \WP_Post $item Post object.
+	 */
 	public function column_cb( $item ) {
 		?>
 		<label class="screen-reader-text"
@@ -67,6 +70,10 @@ public function column_cb( $item ) {
 		<?php
 	}
 
+	/**
+	 * @param \WP_Post $item Post object.
+	 * @return string Name of the column.
+	 */
 	protected function column_name( $item ) {
 		$title = get_the_title( $item->ID );
 		if ( empty( $title ) ) {
@@ -100,6 +107,10 @@ protected function column_name( $item ) {
 		return $title . ' ' . $action_html;
 	}
 
+	/**
+	 * @param \WP_Post $item Post object.
+	 * @return string Content of the column.
+	 */
 	protected function column_description( $item ) {
 		return $item->post_content;
 	}

inc/authentication/namespace.php

@@ -2,6 +2,8 @@
 
 namespace WP\OAuth2\Authentication;
 
+use WP_Error;
+use WP_User;
 use WP\OAuth2\Tokens;
 
 /**
@@ -33,6 +35,11 @@ function get_authorization_header() {
 	return null;
 }
 
+/**
+ * Extracts the token from the authorization header or the current request.
+ *
+ * @return string|null Token on success, null on failure.
+ */
 function get_provided_token() {
 	$header = get_authorization_header();
 	if ( $header ) {
@@ -47,6 +54,13 @@ function get_provided_token() {
 	return null;
 }
 
+/**
+ * Extracts the token from the given authorization header.
+ *
+ * @param string $header Authorization header.
+ *
+ * @return string|null Token on succes, null on failure.
+ */
 function get_token_from_bearer_header( $header ) {
 	if ( is_string( $header ) && preg_match( '/Bearer ([a-zA-Z0-9\-._~\+\/=]+)/', trim( $header ), $matches ) ) {
 		return $matches[1];
@@ -55,6 +69,11 @@ function get_token_from_bearer_header( $header ) {
 	return null;
 }
 
+/**
+ * Extracts the token from the current request.
+ *
+ * @return string|null Token on succes, null on failure.
+ */
 function get_token_from_request() {
 	if ( empty( $_GET['access_token'] ) ) {
 		return null;
@@ -74,9 +93,9 @@ function get_token_from_request() {
 /**
  * Try to authenticate if possible.
  *
- * @param \WP_User|null $user Existing authenticated user.
+ * @param WP_User|null $user Existing authenticated user.
  *
- * @return \WP_User|int|\WP_Error
+ * @return WP_User|int|WP_Error
  */
 function attempt_authentication( $user = null ) {
 	// Lock against infinite loops when querying the token itself.
@@ -115,6 +134,8 @@ function attempt_authentication( $user = null ) {
  * Attached to the rest_authentication_errors filter. Passes through existing
  * errors registered on the filter.
  *
+ * @param WP_Error|null Current error, or null.
+ *
  * @return WP_Error|null Error if one is set, otherwise null.
  */
 function maybe_report_errors( $error = null ) {
@@ -126,8 +147,15 @@ function maybe_report_errors( $error = null ) {
 	return $oauth2_error;
 }
 
+/**
+ * Creates an error object for the given invalid token.
+ *
+ * @param mixed $token Invalid token.
+ *
+ * @return WP_Error
+ */
 function create_invalid_token_error( $token ) {
-	return new \WP_Error(
+	return new WP_Error(
 		'oauth2.authentication.attempt_authentication.invalid_token',
 		__( 'Supplied token is invalid.', 'oauth2' ),
 		array(

inc/class-client.php

@@ -5,7 +5,6 @@
 use WP\OAuth2\Tokens\Access_Token;
 use WP\OAuth2\Tokens\Authorization_Code;
 use WP_Error;
-use WP_Http;
 use WP_Post;
 use WP_Query;
 use WP_User;
@@ -224,17 +223,17 @@ public function check_redirect_uri( $uri ) {
 			$valid = apply_filters( 'rest_oauth.check_callback', $valid, $uri, $registered_uri, $this );
 			if ( $valid ) {
 				// Stop checking, we have a match.
-				break;
+				return true;
 			}
 		}
 
-		return $valid;
+		return false;
 	}
 
 	/**
 	 * @param WP_User $user
 	 *
-	 * @return string|WP_Error
+	 * @return Authorization_Code|WP_Error
 	 */
 	public function generate_authorization_code( WP_User $user ) {
 		return Authorization_Code::create( $this, $user );
@@ -244,7 +243,7 @@ public function generate_authorization_code( WP_User $user ) {
 	 * Get data stored for an authorization code.
 	 *
 	 * @param string $code Authorization code to fetch.
-	 * @return array|WP_Error Data if available, error if invalid code.
+	 * @return Authorization_Code|WP_Error Data if available, error if invalid code.
 	 */
 	public function get_authorization_code( $code ) {
 		return Authorization_Code::get_by_code( $this, $code );
@@ -266,7 +265,7 @@ public function regenerate_secret() {
 	 * Issue token for a user.
 	 *
 	 * @param \WP_User $user
-	 * 
+	 *
 	 * @return Access_Token
 	 */
 	public function issue_token( WP_User $user ) {

inc/endpoints/class-authorization.php

@@ -4,8 +4,6 @@
 
 use WP_Error;
 use WP\OAuth2;
-use WP\OAuth2\Client;
-use WP\OAuth2\Types;
 
 class Authorization {
 	const LOGIN_ACTION = 'oauth2_authorize';
@@ -27,19 +25,21 @@ public function handle_request() {
 
 		// Match type to a handler.
 		$grant_types = OAuth2\get_grant_types();
-		foreach ( $grant_types as $type_handler ) {
-			if ( $type_handler->get_response_type_code() === $type ) {
-				$handler = $type_handler;
+		if ( $grant_types ) {
+			foreach ( array_reverse( $grant_types ) as $type_handler ) {
+				if ( $type_handler->get_response_type_code() === $type ) {
+					$handler = $type_handler;
+					break;
+				}
 			}
 		}
+
 		if ( empty( $handler ) ) {
 			$result = new WP_Error(
 				'oauth2.endpoints.authorization.handle_request.invalid_type',
 				__( 'Invalid response type specified.', 'oauth2' )
 			);
-		}
-
-		if ( empty( $result ) ) {
+		} else {
 			$result = $handler->handle_authorisation();
 		}
 

inc/endpoints/class-token.php

@@ -35,10 +35,24 @@ public function register_routes() {
 		));
 	}
 
+	/**
+	 * Validates the given grant type.
+	 *
+	 * @param string $type Grant type.
+	 *
+	 * @return bool Whether or not the grant type is valid.
+	 */
 	public function validate_grant_type( $type ) {
 		return $type === 'authorization_code';
 	}
 
+	/**
+	 * Validates the token given in the request, and issues a new token for the user.
+	 *
+	 * @param WP_REST_Request $request Request object.
+	 *
+	 * @return array|WP_Error Token data on success, or error on failure.
+	 */
 	public function exchange_token( WP_REST_Request $request ) {
 		$client = Client::get_by_id( $request['client_id'] );
 		if ( empty( $client ) ) {

inc/tokens/class-access-token.php

@@ -11,7 +11,10 @@ class Access_Token extends Token {
 	const META_PREFIX = '_oauth2_access_';
 	const KEY_LENGTH = 12;
 
-	protected static function get_meta_prefix() {
+	/**
+	 * @return string Meta prefix.
+	 */
+	protected function get_meta_prefix() {
 		return static::META_PREFIX;
 	}
 
@@ -66,6 +69,14 @@ public static function get_by_id( $id ) {
 		return new static( $key, $value[0] );
 	}
 
+	/**
+	 * Creates a new token for the given client and user.
+	 *
+	 * @param Client  $client
+	 * @param WP_User $user
+	 *
+	 * @return Access_Token|WP_Error Token instance, or error on failure.
+	 */
 	public static function create( Client $client, WP_User $user ) {
 		if ( ! $user->exists() ) {
 			return new WP_Error(
@@ -90,4 +101,13 @@ public static function create( Client $client, WP_User $user ) {
 
 		return new static( $key, $data );
 	}
-}
+
+	/**
+	 * Check if the token is valid.
+	 *
+	 * @return bool True if the token is valid, false otherwise.
+	 */
+	public function is_valid() {
+		return true;
+	}
+}