Issue 725 (bshaffer#729)

bshaffer · web-flow · commit aa268911bbbd · 2016-07-27T09:43:51.000-07:00
* ensures unsetAccessToken and unsetRefreshToken return a bool
diff --git a/src/OAuth2/Storage/AccessTokenInterface.php b/src/OAuth2/Storage/AccessTokenInterface.php
@@ -55,6 +55,7 @@ public function setAccessToken($oauth_token, $client_id, $user_id, $expires, $sc
      * @param $access_token
      * Access token to be expired.
      *
+     * @return BOOL true if an access token was unset, false if not
      * @ingroup oauth2_section_6
      *
      * @todo v2.0 include this method in interface. Omitted to maintain BC in v1.x
diff --git a/src/OAuth2/Storage/Cassandra.php b/src/OAuth2/Storage/Cassandra.php
@@ -136,14 +136,19 @@ protected function expireValue($key)
         unset($this->cache[$key]);
 
         $cf = new ColumnFamily($this->cassandra, $this->config['column_family']);
-        try {
-            // __data key set as C* requires a field
-            $cf->remove($key, array('__data'));
-        } catch (\Exception $e) {
-            return false;
+
+        if ($cf->get_count($key) > 0) {
+            try {
+                // __data key set as C* requires a field
+                $cf->remove($key, array('__data'));
+            } catch (\Exception $e) {
+                return false;
+            }
+
+            return true;
         }
 
-        return true;
+        return false;
     }
 
     /* AuthorizationCodeInterface */
diff --git a/src/OAuth2/Storage/DynamoDB.php b/src/OAuth2/Storage/DynamoDB.php
@@ -186,10 +186,11 @@ public function unsetAccessToken($access_token)
     {
         $result = $this->client->deleteItem(array(
             'TableName' =>  $this->config['access_token_table'],
-            'Key' => $this->client->formatAttributes(array("access_token" => $access_token))
+            'Key' => $this->client->formatAttributes(array("access_token" => $access_token)),
+            'ReturnValues' => 'ALL_OLD',
         ));
 
-        return true;
+        return null !== $result->get('Attributes');
     }
 
     /* OAuth2\Storage\AuthorizationCodeInterface */
diff --git a/src/OAuth2/Storage/Memory.php b/src/OAuth2/Storage/Memory.php
@@ -236,7 +236,13 @@ public function setRefreshToken($refresh_token, $client_id, $user_id, $expires,
 
     public function unsetRefreshToken($refresh_token)
     {
-        unset($this->refreshTokens[$refresh_token]);
+        if (isset($this->refreshTokens[$refresh_token])) {
+            unset($this->refreshTokens[$refresh_token]);
+
+            return true;
+        }
+
+        return false;
     }
 
     public function setRefreshTokens($refresh_tokens)
@@ -259,7 +265,13 @@ public function setAccessToken($access_token, $client_id, $user_id, $expires, $s
 
     public function unsetAccessToken($access_token)
     {
-        unset($this->accessTokens[$access_token]);
+        if (isset($this->accessTokens[$access_token])) {
+            unset($this->accessTokens[$access_token]);
+
+            return true;
+        }
+
+        return false;
     }
 
     public function scopeExists($scope)
diff --git a/src/OAuth2/Storage/Mongo.php b/src/OAuth2/Storage/Mongo.php
@@ -161,7 +161,11 @@ public function setAccessToken($access_token, $client_id, $user_id, $expires, $s
 
     public function unsetAccessToken($access_token)
     {
-        $this->collection('access_token_table')->remove(array('access_token' => $access_token));
+        $result = $this->collection('access_token_table')->remove(array(
+            'access_token' => $access_token
+        ), array('w' => 1));
+
+        return $result['n'] > 0;
     }
 
 
@@ -254,9 +258,11 @@ public function setRefreshToken($refresh_token, $client_id, $user_id, $expires,
 
     public function unsetRefreshToken($refresh_token)
     {
-        $this->collection('refresh_token_table')->remove(array('refresh_token' => $refresh_token));
+        $result = $this->collection('refresh_token_table')->remove(array(
+            'refresh_token' => $refresh_token
+        ), array('w' => 1));
 
-        return true;
+        return $result['n'] > 0;
     }
 
     // plaintext passwords are bad!  Override this for your application
diff --git a/src/OAuth2/Storage/Pdo.php b/src/OAuth2/Storage/Pdo.php
@@ -160,7 +160,9 @@ public function unsetAccessToken($access_token)
     {
         $stmt = $this->db->prepare(sprintf('DELETE FROM %s WHERE access_token = :access_token', $this->config['access_token_table']));
 
-        return $stmt->execute(compact('access_token'));
+        $stmt->execute(compact('access_token'));
+
+        return $stmt->rowCount() > 0;
     }
 
     /* OAuth2\Storage\AuthorizationCodeInterface */
@@ -301,7 +303,9 @@ public function unsetRefreshToken($refresh_token)
     {
         $stmt = $this->db->prepare(sprintf('DELETE FROM %s WHERE refresh_token = :refresh_token', $this->config['refresh_token_table']));
 
-        return $stmt->execute(compact('refresh_token'));
+        $stmt->execute(compact('refresh_token'));
+
+        return $stmt->rowCount() > 0;
     }
 
     // plaintext passwords are bad!  Override this for your application
diff --git a/src/OAuth2/Storage/Redis.php b/src/OAuth2/Storage/Redis.php
@@ -209,7 +209,9 @@ public function setRefreshToken($refresh_token, $client_id, $user_id, $expires,
 
     public function unsetRefreshToken($refresh_token)
     {
-        return $this->expireValue($this->config['refresh_token_key'] . $refresh_token);
+        $result = $this->expireValue($this->config['refresh_token_key'] . $refresh_token);
+
+        return $result > 0;
     }
 
     /* AccessTokenInterface */
@@ -229,7 +231,9 @@ public function setAccessToken($access_token, $client_id, $user_id, $expires, $s
 
     public function unsetAccessToken($access_token)
     {
-        return $this->expireValue($this->config['access_token_key'] . $access_token);
+        $result = $this->expireValue($this->config['access_token_key'] . $access_token);
+
+        return $result > 0;
     }
 
     /* ScopeInterface */
diff --git a/test/OAuth2/Storage/AccessTokenTest.php b/test/OAuth2/Storage/AccessTokenTest.php
@@ -64,7 +64,7 @@ public function testUnsetAccessToken(AccessTokenInterface $storage)
             return;
         }
 
-        // assert token we are unset does not exist
+        // assert token we are about to unset does not exist
         $token = $storage->getAccessToken('revokabletoken');
         $this->assertFalse($token);
 
@@ -73,10 +73,30 @@ public function testUnsetAccessToken(AccessTokenInterface $storage)
         $success = $storage->setAccessToken('revokabletoken', 'client ID', 'SOMEUSERID', $expires);
         $this->assertTrue($success);
 
-        $storage->unsetAccessToken('revokabletoken');
+        // assert unsetAccessToken returns true
+        $result = $storage->unsetAccessToken('revokabletoken');
+        $this->assertTrue($result);
 
-        // assert token we are unset does not exist
+        // assert token we unset does not exist
         $token = $storage->getAccessToken('revokabletoken');
         $this->assertFalse($token);
     }
+
+    /** @dataProvider provideStorage */
+    public function testUnsetAccessTokenReturnsFalse(AccessTokenInterface $storage)
+    {
+        if ($storage instanceof NullStorage || !method_exists($storage, 'unsetAccessToken')) {
+            $this->markTestSkipped('Skipped Storage: ' . $storage->getMessage());
+
+            return;
+        }
+
+        // assert token we are about to unset does not exist
+        $token = $storage->getAccessToken('nonexistanttoken');
+        $this->assertFalse($token);
+
+        // assert unsetAccessToken returns false
+        $result = $storage->unsetAccessToken('nonexistanttoken');
+        $this->assertFalse($result);
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -55,6 +55,7 @@ public function setAccessToken($oauth_token, $client_id, $user_id, $expires, $sc`
`55`	`55`	`* @param $access_token`
`56`	`56`	`* Access token to be expired.`
`57`	`57`	`*`
	`58`	`+ * @return BOOL true if an access token was unset, false if not`
`58`	`59`	`* @ingroup oauth2_section_6`
`59`	`60`	`*`
`60`	`61`	`* @todo v2.0 include this method in interface. Omitted to maintain BC in v1.x`
Original file line number	Diff line number	Diff line change
`@@ -186,10 +186,11 @@ public function unsetAccessToken($access_token)`
`186`	`186`	`{`
`187`	`187`	`$result = $this->client->deleteItem(array(`
`188`	`188`	`'TableName' => $this->config['access_token_table'],`
`189`		`- 'Key' => $this->client->formatAttributes(array("access_token" => $access_token))`
	`189`	`+ 'Key' => $this->client->formatAttributes(array("access_token" => $access_token)),`
	`190`	`+ 'ReturnValues' => 'ALL_OLD',`
`190`	`191`	`));`
`191`	`192`
`192`		`- return true;`
	`193`	`+ return null !== $result->get('Attributes');`
`193`	`194`	`}`
`194`	`195`
`195`	`196`	`/* OAuth2\Storage\AuthorizationCodeInterface */`
Original file line number	Diff line number	Diff line change
`@@ -161,7 +161,11 @@ public function setAccessToken($access_token, $client_id, $user_id, $expires, $s`
`161`	`161`
`162`	`162`	`public function unsetAccessToken($access_token)`
`163`	`163`	`{`
`164`		`- $this->collection('access_token_table')->remove(array('access_token' => $access_token));`
	`164`	`+ $result = $this->collection('access_token_table')->remove(array(`
	`165`	`+ 'access_token' => $access_token`
	`166`	`+ ), array('w' => 1));`
	`167`	`+`
	`168`	`+ return $result['n'] > 0;`
`165`	`169`	`}`
`166`	`170`
`167`	`171`
`@@ -254,9 +258,11 @@ public function setRefreshToken($refresh_token, $client_id, $user_id, $expires,`
`254`	`258`
`255`	`259`	`public function unsetRefreshToken($refresh_token)`
`256`	`260`	`{`
`257`		`- $this->collection('refresh_token_table')->remove(array('refresh_token' => $refresh_token));`
	`261`	`+ $result = $this->collection('refresh_token_table')->remove(array(`
	`262`	`+ 'refresh_token' => $refresh_token`
	`263`	`+ ), array('w' => 1));`
`258`	`264`
`259`		`- return true;`
	`265`	`+ return $result['n'] > 0;`
`260`	`266`	`}`
`261`	`267`
`262`	`268`	`// plaintext passwords are bad! Override this for your application`
Original file line number	Diff line number	Diff line change
`@@ -160,7 +160,9 @@ public function unsetAccessToken($access_token)`
`160`	`160`	`{`
`161`	`161`	`$stmt = $this->db->prepare(sprintf('DELETE FROM %s WHERE access_token = :access_token', $this->config['access_token_table']));`
`162`	`162`
`163`		`- return $stmt->execute(compact('access_token'));`
	`163`	`+ $stmt->execute(compact('access_token'));`
	`164`	`+`
	`165`	`+ return $stmt->rowCount() > 0;`
`164`	`166`	`}`
`165`	`167`
`166`	`168`	`/* OAuth2\Storage\AuthorizationCodeInterface */`
`@@ -301,7 +303,9 @@ public function unsetRefreshToken($refresh_token)`
`301`	`303`	`{`
`302`	`304`	`$stmt = $this->db->prepare(sprintf('DELETE FROM %s WHERE refresh_token = :refresh_token', $this->config['refresh_token_table']));`
`303`	`305`
`304`		`- return $stmt->execute(compact('refresh_token'));`
	`306`	`+ $stmt->execute(compact('refresh_token'));`
	`307`	`+`
	`308`	`+ return $stmt->rowCount() > 0;`
`305`	`309`	`}`
`306`	`310`
`307`	`311`	`// plaintext passwords are bad! Override this for your application`
Original file line number	Diff line number	Diff line change
`@@ -209,7 +209,9 @@ public function setRefreshToken($refresh_token, $client_id, $user_id, $expires,`
`209`	`209`
`210`	`210`	`public function unsetRefreshToken($refresh_token)`
`211`	`211`	`{`
`212`		`- return $this->expireValue($this->config['refresh_token_key'] . $refresh_token);`
	`212`	`+ $result = $this->expireValue($this->config['refresh_token_key'] . $refresh_token);`
	`213`	`+`
	`214`	`+ return $result > 0;`
`213`	`215`	`}`
`214`	`216`
`215`	`217`	`/* AccessTokenInterface */`
`@@ -229,7 +231,9 @@ public function setAccessToken($access_token, $client_id, $user_id, $expires, $s`
`229`	`231`
`230`	`232`	`public function unsetAccessToken($access_token)`
`231`	`233`	`{`
`232`		`- return $this->expireValue($this->config['access_token_key'] . $access_token);`
	`234`	`+ $result = $this->expireValue($this->config['access_token_key'] . $access_token);`
	`235`	`+`
	`236`	`+ return $result > 0;`
`233`	`237`	`}`
`234`	`238`
`235`	`239`	`/* ScopeInterface */`