Integration Testing

added more unit tests
refactored code to allow unit tests

Change-Id: I747ca90a1f6e964f3d857554c1dddcff40ba0003
Implements: blueprint openid-oauth2-integration-testing

app/config/app.php

@@ -106,6 +106,7 @@ return array(
         'Illuminate\Workbench\WorkbenchServiceProvider',
         'Illuminate\Redis\RedisServiceProvider',
         'services\utils\UtilsProvider',
+	    'repositories\RepositoriesProvider',
 	    'services\oauth2\OAuth2ServiceProvider',
         'services\openid\OpenIdProvider',
         'auth\AuthenticationServiceProvider',

app/config/local/app.php

@@ -106,6 +106,7 @@ return array(
         'Illuminate\Workbench\WorkbenchServiceProvider',
         'Illuminate\Redis\RedisServiceProvider',
         'services\utils\UtilsProvider',
+		'repositories\RepositoriesProvider',
 		'services\oauth2\OAuth2ServiceProvider',
         'services\openid\OpenIdProvider',
         'auth\AuthenticationServiceProvider',

app/controllers/UserController.php

@@ -220,7 +220,7 @@ class UserController extends BaseController
     public function getProfile()
     {
         $user    = $this->auth_service->getCurrentUser();
-        $sites   = $this->trusted_sites_service->getAllTrustedSitesByUser($user);
+        $sites   = $user->getTrustedSites();
         $actions = $user->getActions();
 
         return View::make("profile", array(

app/libs/auth/CustomAuthProvider.php

@@ -24,13 +24,20 @@ class CustomAuthProvider implements UserProviderInterface
     private $auth_extension_service;
     private $user_service;
     private $checkpoint_service;
+	private $user_repository;
+	private $member_repository;
 
-    public function __construct(IAuthenticationExtensionService $auth_extension_service,
+    public function __construct(IUserRepository $user_repository,
+	                            IMemberRepository $member_repository,
+	                            IAuthenticationExtensionService $auth_extension_service,
                                 IUserService $user_service,
                                 ICheckPointService $checkpoint_service){
+
         $this->auth_extension_service = $auth_extension_service;
         $this->user_service           = $user_service;
         $this->checkpoint_service     = $checkpoint_service;
+	    $this->user_repository        = $user_repository;
+	    $this->member_repository      = $member_repository;
     }
 
     /**
@@ -67,18 +74,20 @@ class CustomAuthProvider implements UserProviderInterface
         $user                   = null;
 	    $user_service           = $this->user_service;
 	    $auth_extension_service = $this->auth_extension_service;
+	    $user_repository        = $this->user_repository;
+	    $member_repository      = $this->member_repository;
 
         try {
 
 
-            DB::transaction(function () use ($credentials, &$user,&$user_service,&$auth_extension_service) {
+            DB::transaction(function () use ($credentials, &$user,&$user_repository,&$member_repository, &$user_service,&$auth_extension_service) {
 
                 if (!isset($credentials['username']) || !isset($credentials['password']))
                     throw new AuthenticationException("invalid crendentials");
 
                 $identifier = $credentials['username'];
                 $password   = $credentials['password'];
-                $user       = User::where('external_id', '=', $identifier)->first();
+                $user       = $user_repository->getByExternalId($identifier);
 
                 //check user status...
                 if (!is_null($user) && ($user->lock || !$user->active)){
@@ -87,7 +96,9 @@ class CustomAuthProvider implements UserProviderInterface
                 }
 
                 //get SS member
-                $member = Member::where('Email', '=', $identifier)->first();
+
+	            $member = $member_repository->getByEmail($identifier);
+
                 if (is_null($member)) //member must exists
                     throw new AuthenticationException(sprintf("member %s does not exists!", $identifier));
 
@@ -103,23 +114,21 @@ class CustomAuthProvider implements UserProviderInterface
                     $user->external_id     = $member->Email;
                     $user->identifier      = $member->Email;
                     $user->last_login_date = gmdate("Y-m-d H:i:s", time());
-                    $user->Save();
-                    $user = User::where('external_id', '=', $identifier)->first();
+	                $user_repository->add($user);
                 }
 
                 $user_name = $member->FirstName . "." . $member->Surname;
                 //do association between user and member
-	            $user_service->associateUser($user->id, strtolower($user_name));
+	            $user_service->associateUser($user, strtolower($user_name));
 
                 //update user fields
                 $user->last_login_date      = gmdate("Y-m-d H:i:s", time());
                 $user->login_failed_attempt = 0;
                 $user->active               = true;
                 $user->lock                 = false;
-                $user->Save();
-
+	            $user_repository->update($user);
                 //reload user...
-                $user                       = User::where('external_id', '=', $identifier)->first();
+                //$user                        = $user_repository->getByExternalId($identifier);
                 $user->setMember($member);
 
                 $auth_extensions = $auth_extension_service->getExtensions();

app/libs/auth/IMemberRepository.php

@@ -0,0 +1,17 @@
+<?php
+namespace auth;
+use Member;
+
+interface IMemberRepository {
+	/**
+	 * @param $id
+	 * @return Member
+	 */
+	public function get($id);
+
+	/**
+	 * @param $email
+	 * @return Member
+	 */
+	public function getByEmail($email);
+} 

app/libs/auth/IUserRepository.php

@@ -0,0 +1,62 @@
+<?php
+
+namespace auth;
+
+/**
+ * Interface IUserRepository
+ * @package auth
+ */
+interface IUserRepository {
+	/**
+	 * @param $id
+	 * @return User
+	 */
+	public function get($id);
+
+
+	/**
+	 * @param $external_id
+	 * @return User
+	 */
+	public function getByExternalId($external_id);
+
+	/**
+	 * @param $filters
+	 * @return array
+	 */
+	public function getByCriteria($filters);
+
+	/**
+	 * @param $filters
+	 * @return User
+	 */
+	public function getOneByCriteria($filters);
+
+	/**
+	 * @param User $u
+	 * @return bool
+	 */
+	public function update(User $u);
+
+	/**
+	 * @param User $u
+	 * @return bool
+	 */
+	public function add(User $u);
+
+	/**
+	 * @param int   $page_nbr
+	 * @param int   $page_size
+	 * @param array $filters
+	 * @param array $fields
+	 * @return array
+	 */
+	public function getByPage($page_nbr = 1, $page_size = 10, array $filters = array(), array $fields = array('*'));
+
+
+	/**
+	 * @param array $filters
+	 * @return int
+	 */
+	public function getCount(array $filters = array());
+} 

app/libs/auth/User.php

@@ -291,4 +291,9 @@ class User extends BaseModelEloquent implements UserInterface, IOpenIdUser, IOAu
         }
         return $this->member->Postcode;
     }
+
+	public function getTrustedSites()
+	{
+		return $this->trusted_sites()->get();
+	}
 }

app/libs/openid/handlers/OpenIdAuthenticationRequestHandler.php

@@ -28,6 +28,7 @@ use openid\services\INonceService;
 use openid\services\IServerConfigurationService;
 use openid\services\IServerExtensionsService;
 use openid\services\ITrustedSitesService;
+use openid\helpers\AssociationFactory;
 use utils\services\IAuthService;
 use utils\services\ILogService;
 use utils\services\ICheckPointService;
@@ -271,14 +272,9 @@ class OpenIdAuthenticationRequestHandler extends OpenIdMessageHandler
         //check former assoc handle...
 
         if (is_null($assoc_handle = $this->current_request->getAssocHandle()) || is_null($association = $this->association_service->getAssociation($assoc_handle))) {
-            // if not present or if it already void then enter on dumb mode
-            $new_secret = OpenIdCryptoHelper::generateSecret(OpenIdProtocol::SignatureAlgorithmHMAC_SHA256);
-            $new_handle = AssocHandleGenerator::generate();
-            $lifetime = $this->server_configuration_service->getConfigValue("Private.Association.Lifetime");
-            $issued = gmdate("Y-m-d H:i:s", time());
             //create private association ...
-            $association = $this->association_service->addAssociation($new_handle, $new_secret, OpenIdProtocol::SignatureAlgorithmHMAC_SHA256, $lifetime, $issued, IAssociation::TypePrivate, $realm);
-            $response->setAssocHandle($new_handle);
+            $association = $this->association_service->addAssociation(AssociationFactory::getInstance()->buildPrivateAssociation($realm,$this->server_configuration_service->getConfigValue("Private.Association.Lifetime")));
+            $response->setAssocHandle($association->getHandle());
             if (!empty($assoc_handle)) {
                 $response->setInvalidateHandle($assoc_handle);
             }

app/libs/openid/handlers/strategies/session_association/implementations/SessionAssociationDHStrategy.php

@@ -3,7 +3,6 @@
 namespace openid\handlers\strategies\implementations;
 
 use openid\handlers\strategies\ISessionAssociationStrategy;
-use openid\helpers\AssocHandleGenerator;
 use openid\helpers\OpenIdCryptoHelper;
 use openid\model\IAssociation;
 use openid\requests\OpenIdDHAssociationSessionRequest;
@@ -13,6 +12,7 @@ use Zend\Crypt\PublicKey\DiffieHellman;
 use openid\services\IAssociationService;
 use openid\services\IServerConfigurationService;
 use utils\services\ILogService;
+use openid\helpers\AssociationFactory;
 
 class SessionAssociationDHStrategy implements ISessionAssociationStrategy
 {
@@ -46,28 +46,25 @@ class SessionAssociationDHStrategy implements ISessionAssociationStrategy
     {
         $response = null;
         try {
-            $assoc_type = $this->current_request->getAssocType();
-            $session_type = $this->current_request->getSessionType();
+            $assoc_type       = $this->current_request->getAssocType();
+            $session_type     = $this->current_request->getSessionType();
             //DH parameters
-            $public_prime = $this->current_request->getDHModulus(); //p
+            $public_prime     = $this->current_request->getDHModulus(); //p
             $public_generator = $this->current_request->getDHGen(); //g
             //get (g ^ xa mod p) where xa is rp secret key
-            $rp_public_key = $this->current_request->getDHConsumerPublic();
+            $rp_public_key    = $this->current_request->getDHConsumerPublic();
+	        //create association
+	        $association      = $this->association_service->addAssociation(AssociationFactory::getInstance()->buildSessionAssociation($assoc_type, $this->server_configuration_service->getConfigValue("Session.Association.Lifetime")));
+	        $dh               = new DiffieHellman($public_prime, $public_generator);
+	        $dh->generateKeys();
+	        //server public key (g ^ xb mod p ), where xb is server private key
+	        // g ^ (xa * xb) mod p = (g ^ xa) ^ xb mod p = (g ^ xb) ^ xa mod p
+	        $shared_secret        = $dh->computeSecretKey($rp_public_key, DiffieHellman::FORMAT_NUMBER, DiffieHellman::FORMAT_BTWOC);
+	        $hashed_shared_secret = OpenIdCryptoHelper::digest($session_type, $shared_secret);
+	        $server_public_key    = base64_encode($dh->getPublicKey(DiffieHellman::FORMAT_BTWOC));
+	        $enc_mac_key          = base64_encode($association->getSecret()  ^ $hashed_shared_secret);
 
-            $dh = new DiffieHellman($public_prime, $public_generator);
-            $dh->generateKeys();
-            //server public key (g ^ xb mod p ), where xb is server private key
-            // g ^ (xa * xb) mod p = (g ^ xa) ^ xb mod p = (g ^ xb) ^ xa mod p
-            $shared_secret = $dh->computeSecretKey($rp_public_key, DiffieHellman::FORMAT_NUMBER, DiffieHellman::FORMAT_BTWOC);
-            $hashed_shared_secret = OpenIdCryptoHelper::digest($session_type, $shared_secret);
-            $HMAC_secret_handle = OpenIdCryptoHelper::generateSecret($assoc_type);
-            $server_public_key = base64_encode($dh->getPublicKey(DiffieHellman::FORMAT_BTWOC));
-            $enc_mac_key = base64_encode($HMAC_secret_handle ^ $hashed_shared_secret);
-            $assoc_handle = AssocHandleGenerator::generate();
-            $expires_in = $this->server_configuration_service->getConfigValue("Session.Association.Lifetime");
-            $response = new OpenIdDiffieHellmanAssociationSessionResponse($assoc_handle, $session_type, $assoc_type, $expires_in, $server_public_key, $enc_mac_key);
-            $issued = gmdate("Y-m-d H:i:s", time());
-            $this->association_service->addAssociation($assoc_handle, $HMAC_secret_handle, $assoc_type, $expires_in, $issued, IAssociation::TypeSession, null);
+	        $response             = new OpenIdDiffieHellmanAssociationSessionResponse($association->getHandle(), $session_type, $assoc_type, $association->getLifetime(), $server_public_key, $enc_mac_key);
 
         } catch (InvalidDHParam $exDH) {
             $response = new OpenIdDirectGenericErrorResponse($exDH->getMessage());

app/libs/openid/handlers/strategies/session_association/implementations/SessionAssociationUnencryptedStrategy.php

@@ -17,7 +17,12 @@ use Zend\Crypt\Exception\RuntimeException;
 use openid\services\IAssociationService;
 use openid\services\IServerConfigurationService;
 use utils\services\ILogService;
+use openid\helpers\AssociationFactory;
 
+/**
+ * Class SessionAssociationUnencryptedStrategy
+ * @package openid\handlers\strategies\implementations
+ */
 class SessionAssociationUnencryptedStrategy implements ISessionAssociationStrategy {
 
 
@@ -46,16 +51,8 @@ class SessionAssociationUnencryptedStrategy implements ISessionAssociationStrate
         try {
             $assoc_type   = $this->current_request->getAssocType();
             $session_type = $this->current_request->getSessionType();
-
-            $HMAC_secret_handle = OpenIdCryptoHelper::generateSecret($assoc_type);
-
-            $assoc_handle = AssocHandleGenerator::generate();
-
-            $expires_in = $this->server_configuration_service->getConfigValue("Session.Association.Lifetime");
-
-            $response = new OpenIdUnencryptedAssociationSessionResponse($assoc_handle, $session_type, $assoc_type, $expires_in, $HMAC_secret_handle);
-            $issued = gmdate("Y-m-d H:i:s", time());
-            $this->association_service->addAssociation($assoc_handle, $HMAC_secret_handle, $assoc_type, $expires_in, $issued, IAssociation::TypeSession, null);
+			$association  = $this->association_service->addAssociation(AssociationFactory::getInstance()->buildSessionAssociation($assoc_type,$this->server_configuration_service->getConfigValue("Session.Association.Lifetime")));
+	        $response     = new OpenIdUnencryptedAssociationSessionResponse($association->getHandle() , $session_type, $assoc_type, $association->getLifetime(), $association->getSecret());
 
         } catch (InvalidDHParam $exDH) {
             $response = new OpenIdDirectGenericErrorResponse($exDH->getMessage());

app/libs/openid/helpers/AssociationFactory.php

@@ -0,0 +1,66 @@
+<?php
+namespace openid\helpers;
+
+use openid\model\Association;
+use openid\model\IAssociation;
+use openid\OpenIdProtocol;
+
+/**
+ * Class AssociationFactory
+ * Singleton Factory that creates OpenId Associations
+ * @package openid\helpers
+ */
+class AssociationFactory {
+
+	private static $instance = null;
+
+	private function __construct(){
+	}
+
+	public static function getInstance()
+	{
+		if (self::$instance == null) {
+			self::$instance = new AssociationFactory();
+		}
+
+		return self::$instance;
+	}
+
+	/**
+	 * @param $realm
+	 * @param $lifetime
+	 * @return IAssociation
+	 */
+	public function buildPrivateAssociation($realm,$lifetime)
+	{
+		return $this->buildAssociation(IAssociation::TypePrivate,OpenIdProtocol::SignatureAlgorithmHMAC_SHA256,$lifetime,$realm);
+	}
+
+	/**
+	 * @param $mac_function
+	 * @param $lifetime
+	 * @return IAssociation
+	 */
+	public function buildSessionAssociation($mac_function,$lifetime){
+		return $this->buildAssociation(IAssociation::TypeSession,$mac_function,$lifetime,null);
+	}
+
+	/**
+	 * @param $type
+	 * @param $mac_function
+	 * @param $lifetime
+	 * @param $realm
+	 * @return IAssociation
+	 */
+	private function buildAssociation($type,$mac_function,$lifetime,$realm){
+		$new_secret           = OpenIdCryptoHelper::generateSecret($mac_function);
+		$new_handle           = AssocHandleGenerator::generate();
+		$expires_in           = intval($lifetime);
+		$issued               = gmdate("Y-m-d H:i:s", time());
+		return new Association($new_handle, $new_secret, $mac_function, $expires_in, $issued, $type, $realm);
+	}
+
+	private function __clone()
+	{
+	}
+} 

app/libs/openid/model/Association.php

@@ -0,0 +1,103 @@
+<?php
+
+namespace openid\model;
+
+/**
+ * Class Association
+ * @package openid\model
+ */
+class Association implements IAssociation {
+
+	private $handle;
+	private $secret;
+	private $mac_function;
+	private $lifetime;
+	private $issued;
+	private $type;
+	private $realm;
+
+	public function __construct($handle, $secret, $mac_function, $lifetime, $issued, $type, $realm){
+		$this->handle =	$handle;
+		$this->secret = $secret;
+		$this->mac_function = $mac_function;
+		$this->lifetime = $lifetime;
+		$this->issued =  $issued;
+		$this->type = $type;
+		$this->realm = $realm;
+	}
+
+	public function getMacFunction()
+	{
+		return $this->mac_function;
+	}
+
+	public function setMacFunction($mac_function)
+	{
+		// TODO: Implement setMacFunction() method.
+	}
+
+	public function getSecret()
+	{
+		return $this->secret;
+	}
+
+	public function setSecret($secret)
+	{
+		// TODO: Implement setSecret() method.
+	}
+
+	public function getLifetime()
+	{
+		return intval($this->lifetime);
+	}
+
+	public function setLifetime($lifetime)
+	{
+		// TODO: Implement setLifetime() method.
+	}
+
+	public function getIssued()
+	{
+		return $this->issued;
+	}
+
+	public function setIssued($issued)
+	{
+		// TODO: Implement setIssued() method.
+	}
+
+	public function getType()
+	{
+		return $this->type;
+	}
+
+	public function setType($type)
+	{
+		// TODO: Implement setType() method.
+	}
+
+	public function getRealm()
+	{
+		return $this->realm;
+	}
+
+	public function setRealm($realm)
+	{
+		// TODO: Implement setRealm() method.
+	}
+
+	public function IsExpired()
+	{
+		// TODO: Implement IsExpired() method.
+	}
+
+	public function getRemainingLifetime()
+	{
+		// TODO: Implement getRemainingLifetime() method.
+	}
+
+	public function getHandle()
+	{
+		return $this->handle;
+	}
+}

app/libs/openid/model/IAssociation.php

@@ -36,4 +36,6 @@ interface IAssociation
 
     public function getRemainingLifetime();
 
+	public function getHandle();
+
 }

app/libs/openid/model/IOpenIdUser.php

@@ -39,4 +39,5 @@ interface IOpenIdUser {
     public function getBio();
     public function getPic();
     public function getActions();
+	public function getTrustedSites();
 }

app/libs/openid/model/OpenIdNonce.php

@@ -1,15 +1,19 @@
 <?php
-
 namespace openid\model;
 
 use openid\exceptions\InvalidNonce;
 use openid\helpers\OpenIdErrorMessages;
 
+/**
+ * Class OpenIdNonce
+ * @package openid\model
+ */
 class OpenIdNonce
 {
 
     const NonceRegexFormat = '/(\d{4})-(\d\d)-(\d\d)T(\d\d):(\d\d):(\d\d)Z(.*)/';
     const NonceTimeFormat = '%Y-%m-%dT%H:%M:%SZ';
+
     private $timestamp;
     private $unique_id;
     private $raw_format;

app/libs/openid/services/IAssociationService.php

@@ -20,18 +20,13 @@ interface IAssociationService
      */
     public function getAssociation($handle, $realm = null);
 
-    /**
-     * @param $handle
-     * @param $secret
-     * @param $mac_function
-     * @param $lifetime
-     * @param $issued
-     * @param $type
-     * @param null $realm
-     * @return IAssociation
-     * @throws \openid\exceptions\ReplayAttackException
-     */
-    public function addAssociation($handle, $secret, $mac_function, $lifetime, $issued, $type, $realm);
+
+	/**
+	 * @param IAssociation $association
+	 * @return IAssociation
+	 * @throws \openid\exceptions\ReplayAttackException
+	 */
+	public function addAssociation(IAssociation $association);
 
     /**
      * @param $handle
@@ -39,13 +34,4 @@ interface IAssociationService
      */
     public function deleteAssociation($handle);
 
-    /**
-     * For verifying signatures an OP MUST only use private associations and MUST NOT
-     * use associations that have shared keys. If the verification request contains a handle
-     * for a shared association, it means the Relying Party no longer knows the shared secret,
-     * or an entity other than the RP (e.g. an attacker) has established this association with the OP.
-     * @param $handle
-     * @return mixed
-     */
-    public function getAssociationType($handle);
 }

app/libs/openid/services/ITrustedSitesService.php

@@ -7,9 +7,21 @@ use openid\model\IOpenIdUser;
 
 interface ITrustedSitesService
 {
+	/**
+	 * @param IOpenIdUser $user
+	 * @param             $realm
+	 * @param             $policy
+	 * @param array       $data
+	 * @return bool1|ITrustedSite
+	 * @throws \Exception
+	 */
     public function addTrustedSite(IOpenIdUser $user, $realm, $policy, $data = array());
 
-    public function delTrustedSite($id);
+	/**
+	 * @param $id
+	 * @return bool
+	 */
+	public function delTrustedSite($id);
 
     /**
      * @param IOpenIdUser $user
@@ -19,5 +31,4 @@ interface ITrustedSitesService
      */
     public function getTrustedSites(IOpenIdUser $user, $realm, $data = array());
 
-    public function getAllTrustedSitesByUser(IOpenIdUser $user);
 }

app/libs/openid/services/IUserService.php

@@ -1,7 +1,7 @@
 <?php
 
 namespace openid\services;
-
+use openid\model\IOpenIdUser;
 /**
  * Interface IUserService
  * @package openid\services
@@ -10,12 +10,13 @@ interface IUserService
 {
 
     public function get($id);
-    /**
-     * @param $id
-     * @param $proposed_username
-     * @return mixed
-     */
-    public function associateUser($id, $proposed_username);
+
+	/**
+	 * @param IOpenIdUser $user
+	 * @param             $proposed_username
+	 * @return bool|IOpenIdUser
+	 */
+	public function associateUser(IOpenIdUser &$user , $proposed_username);
 
     /**
      * @param $identifier

app/models/openid/IOpenIdAssociationRepository.php

@@ -0,0 +1,15 @@
+<?php
+namespace openid\repositories;
+use OpenIdAssociation;
+
+/**
+ * Interface IOpenIdAssociationRepository
+ * @package openid\repositories
+ */
+interface  IOpenIdAssociationRepository {
+	public function add(OpenIdAssociation $a);
+	public function deleteById($id);
+	public function delete(OpenIdAssociation $a);
+	public function get($id);
+	public function getByHandle($handle);
+} 

app/models/openid/IOpenIdTrustedSiteRepository.php

@@ -0,0 +1,27 @@
+<?php
+namespace openid\repositories;
+use OpenIdTrustedSite;
+
+/**
+ * Interface IOpenIdTrustedSiteRepository
+ * @package openid\repositories
+ */
+interface  IOpenIdTrustedSiteRepository {
+	/**
+	 * @param OpenIdTrustedSite $s
+	 * @return bool
+	 */
+	public function add(OpenIdTrustedSite $s);
+	public function deleteById($id);
+	public function delete(OpenIdTrustedSite $s);
+	public function get($id);
+
+	/**
+	 * @param int   $user_id
+	 * @param array $sub_domains
+	 * @param array $data
+	 * @return array
+	 */
+	public function getMatchingOnesByUserId($user_id, array $sub_domains, array $data);
+
+} 

app/models/openid/OpenIdAssociation.php

@@ -84,4 +84,9 @@ class OpenIdAssociation extends Eloquent implements IAssociation
         $seconds = abs($created_at->getTimestamp() - $now->getTimestamp());;
         return $seconds;
     }
+
+	public function getHandle()
+	{
+		return $this->identifier;
+	}
 }

app/repositories/EloquentMemberRepository.php

@@ -0,0 +1,43 @@
+<?php
+
+namespace repositories;
+
+use auth\IMemberRepository;
+use Member;
+use utils\services\ILogService;
+
+/**
+ * Class EloquentMemberRepository
+ * @package repositories
+ */
+class EloquentMemberRepository implements IMemberRepository{
+
+	private $member;
+	private $log_service;
+
+	/**
+	 * @param Member      $member
+	 * @param ILogService $log_service
+	 */
+	public function __construct(Member $member, ILogService $log_service){
+		$this->member      = $member;
+		$this->log_service = $log_service;
+	}
+	/**
+	 * @param $id
+	 * @return Member
+	 */
+	public function get($id)
+	{
+		return $this->member->find($id);
+	}
+
+	/**
+	 * @param $email
+	 * @return Member
+	 */
+	public function getByEmail($email)
+	{
+		return $this->member->where('Email', '=', $email)->first();
+	}
+}

app/repositories/EloquentOpenIdAssociationRepository.php

@@ -0,0 +1,47 @@
+<?php
+
+namespace repositories;
+
+use openid\repositories\IOpenIdAssociationRepository;
+use OpenIdAssociation;
+
+/**
+ * Class EloquentOpenIdAssociationRepository
+ * @package repositories
+ */
+
+class EloquentOpenIdAssociationRepository implements IOpenIdAssociationRepository {
+
+	private $association;
+
+	public function __construct(OpenIdAssociation $association){
+		$this->association = $association;
+	}
+
+	public function add(OpenIdAssociation $a)
+	{
+		return $a->Save();
+	}
+
+	public function deleteById($id)
+	{
+		return $this->delete($this->get($id));
+	}
+
+	public function getByHandle($handle)
+	{
+		return $this->association->where('identifier', '=', $handle)->first();
+	}
+
+	public function delete(OpenIdAssociation $a)
+	{
+		if(!is_null($a))
+			return $a->delete();
+		return false;
+	}
+
+	public function get($id)
+	{
+		return $this->association->find($id);
+	}
+}

app/repositories/EloquentOpenIdTrustedSiteRepository.php

@@ -0,0 +1,64 @@
+<?php
+namespace repositories;
+use openid\repositories\IOpenIdTrustedSiteRepository;
+use OpenIdTrustedSite;
+
+class EloquentOpenIdTrustedSiteRepository implements  IOpenIdTrustedSiteRepository {
+
+	private $openid_trusted_site;
+
+	public function __construct(OpenIdTrustedSite $openid_trusted_site){
+		$this->openid_trusted_site = $openid_trusted_site;
+	}
+	/**
+	 * @param OpenIdTrustedSite $s
+	 * @return bool
+	 */
+	public function add(OpenIdTrustedSite $s)
+	{
+		return $s->Save();
+	}
+
+	public function deleteById($id)
+	{
+		return $this->delete($this->get($id));
+	}
+
+	public function delete(OpenIdTrustedSite $s)
+	{
+		if(!is_null($s))
+			return $s->delete();
+		return false;
+	}
+
+	public function get($id)
+	{
+		return $this->openid_trusted_site->find($id);
+	}
+
+	/**
+	 * @param int   $user_id
+	 * @param array $sub_domains
+	 * @param array $data
+	 * @return array
+	 */
+	public function getMatchingOnesByUserId($user_id, array $sub_domains, array $data)
+	{
+		$query = $this->openid_trusted_site->where("user_id", "=", intval($user_id));
+		//add or condition for all given sub-domains
+		if (count($sub_domains)) {
+			$query = $query->where(function ($query) use ($sub_domains) {
+				foreach ($sub_domains as $sub_domain) {
+					$query = $query->orWhere(function ($query_aux) use ($sub_domain) {
+						$query_aux->where('realm', '=', $sub_domain);
+					});
+				}
+			});
+		}
+		//add conditions for all possible pre approved data
+		foreach ($data as $value) {
+			$query = $query->where("data", "LIKE", '%"' . $value . '"%');
+		}
+		return $query->get();
+	}
+}

app/repositories/EloquentUserRepository.php

@@ -0,0 +1,83 @@
+<?php
+
+namespace repositories;
+
+use auth\IUserRepository;
+use auth\User;
+use utils\services\ILogService;
+use DB;
+
+class EloquentUserRepository implements IUserRepository {
+
+	private $user;
+	private $log_service;
+	public function __construct(User $user,ILogService $log_service){
+		$this->user        = $user;
+		$this->log_service = $log_service;
+	}
+	/**
+	 * @param $id
+	 * @return User
+	 */
+	public function get($id)
+	{
+		return $this->user->find($id);
+	}
+
+	public function getByCriteria($filters){
+		return $this->user->Filter($filters)->get();
+	}
+
+	public function getOneByCriteria($filters){
+		return $this->user->Filter($filters)->first();
+	}
+
+	/**
+	 * @param User $u
+	 * @return bool
+	 */
+	public function update(User $u)
+	{
+		return $u->Save();
+	}
+
+	/**
+	 * @param User $u
+	 * @return bool
+	 */
+	public function add(User $u)
+	{
+		return $u->Save();
+	}
+
+	/**
+	 * @param int   $page_nbr
+	 * @param int   $page_size
+	 * @param array $filters
+	 * @param array $fields
+	 * @return array
+	 */
+	public function getByPage($page_nbr = 1, $page_size = 10, array $filters = array(), array $fields = array('*'))
+	{
+		DB::getPaginator()->setCurrentPage($page_nbr);
+		return $this->user->Filter($filters)->paginate($page_size, $fields);
+	}
+
+	/**
+	 * @param array $filters
+	 * @return int
+	 */
+	public function getCount(array $filters = array())
+	{
+		return $this->user->Filter($filters)->count();
+	}
+
+	/**
+	 * @param $external_id
+	 * @return User
+	 */
+	public function getByExternalId($external_id)
+	{
+		return $this->user->where('external_id', '=', $external_id)->first();
+	}
+}

app/repositories/RepositoriesProvider.php

@@ -0,0 +1,25 @@
+<?php
+
+namespace repositories;
+
+use Illuminate\Support\ServiceProvider;
+use App;
+
+/**
+ * Class RepositoriesProvider
+ * @package repositories
+ */
+class RepositoriesProvider extends ServiceProvider
+{
+	protected $defer = false;
+
+	public function boot(){
+	}
+
+	public function register(){
+		App::singleton('openid\repositories\IOpenIdAssociationRepository', 'repositories\EloquentOpenIdAssociationRepository');
+		App::singleton('openid\repositories\IOpenIdTrustedSiteRepository', 'repositories\EloquentOpenIdTrustedSiteRepository');
+		App::singleton('auth\IUserRepository', 'repositories\EloquentUserRepository');
+		App::singleton('auth\IMemberRepository', 'repositories\EloquentMemberRepository');
+	}
+}

app/services/openid/AssociationService.php

@@ -1,12 +1,9 @@
 <?php
 
 namespace services\openid;
-
-use Log;
 use openid\exceptions\OpenIdInvalidRealmException;
 use openid\exceptions\ReplayAttackException;
 use openid\exceptions\InvalidAssociation;
-
 use openid\helpers\OpenIdErrorMessages;
 use openid\model\IAssociation;
 use openid\services\IAssociationService;
@@ -14,6 +11,8 @@ use OpenIdAssociation;
 use utils\exceptions\UnacquiredLockException;
 use utils\services\ILockManagerService;
 use utils\services\ICacheService;
+use openid\repositories\IOpenIdAssociationRepository;
+
 /**
  * Class AssociationService
  * @package services
@@ -23,15 +22,20 @@ class AssociationService implements IAssociationService
 
     private $lock_manager_service;
     private $cache_service;
+	private $repository;
 
 	/**
-	 * @param ILockManagerService $lock_manager_service
-	 * @param ICacheService       $cache_service
+	 * @param IOpenIdAssociationRepository $repository
+	 * @param ILockManagerService          $lock_manager_service
+	 * @param ICacheService                $cache_service
 	 */
-	public function __construct(ILockManagerService $lock_manager_service, ICacheService $cache_service)
+	public function __construct(IOpenIdAssociationRepository $repository,
+								ILockManagerService $lock_manager_service,
+	                            ICacheService $cache_service)
     {
         $this->lock_manager_service = $lock_manager_service;
         $this->cache_service        = $cache_service;
+	    $this->repository           = $repository;
     }
 
     /**
@@ -53,7 +57,7 @@ class AssociationService implements IAssociationService
             // check if association is on cache
             if (!$this->cache_service->exists($handle)) {
                 // if not , check on db
-                $assoc = OpenIdAssociation::where('identifier', '=', $handle)->first();
+                $assoc = $this->repository->getByHandle($handle);
                 if(is_null($assoc))
                     throw new InvalidAssociation(sprintf('openid association %s does not exists!',$handle));
                 //check association lifetime ...
@@ -120,81 +124,59 @@ class AssociationService implements IAssociationService
     public function deleteAssociation($handle)
     {
         $this->cache_service->delete($handle);
-        $assoc = OpenIdAssociation::where('identifier', '=', $handle)->first();
-        if (!is_null($assoc)) {
-            $assoc->delete();
-            return true;
+        $assoc = $this->repository->getByHandle($handle);
+	    if (!is_null($assoc)) {
+            return $this->repository->delete($assoc);
         }
         return false;
     }
 
-    /**
-     * @param $handle
-     * @param $secret
-     * @param $mac_function
-     * @param $lifetime
-     * @param $issued
-     * @param $type
-     * @param null $realm
-     * @return IAssociation
-     * @throws \openid\exceptions\ReplayAttackException
-     */
-    public function addAssociation($handle, $secret, $mac_function, $lifetime, $issued, $type, $realm = null)
+	/**
+	 * @param IAssociation $association
+	 * @return IAssociation|OpenIdAssociation
+	 * @throws \openid\exceptions\ReplayAttackException
+	 */
+	public function addAssociation(IAssociation $association)
     {
         $assoc = new OpenIdAssociation();
         try {
-            $lock_name = 'lock.add.assoc.' . $handle;
+            $lock_name = 'lock.add.assoc.' . $association->getHandle();
             $this->lock_manager_service->acquireLock($lock_name);
 
-            $assoc->identifier   = $handle;
-            $assoc->secret       = $secret;
-            $assoc->type         = $type;
-            $assoc->mac_function = $mac_function;
-            $assoc->lifetime     = intval($lifetime);
-            $assoc->issued       = $issued;
+            $assoc->identifier   = $association->getHandle();;
+            $assoc->secret       = $association->getSecret();
+            $assoc->type         = $association->getType();;
+            $assoc->mac_function = $association->getMacFunction();
+            $assoc->lifetime     = intval($association->getLifetime());
+            $assoc->issued       = $association->getIssued();
 
-            if (!is_null($realm))
-                $assoc->realm = $realm;
+            if (!is_null($association->getRealm()))
+                $assoc->realm = $association->getRealm();
 
-            if ($type == IAssociation::TypeSession) {
-                $assoc->Save();
+            if ($association->getType() == IAssociation::TypeSession) {
+                $this->repository->add($assoc);
             }
-
-            if (is_null($realm))
-                $realm = '';
 	        //convert secret to hexa representation
 	        // bin2hex
-	        $secret_unpack = \unpack('H*', $secret);
+	        $secret_unpack = \unpack('H*', $association->getSecret());
 	        $secret_unpack = array_shift($secret_unpack);
 
-            $this->cache_service->storeHash($handle, array(
-                "type"         => $type,
-                "mac_function" => $mac_function,
-                "issued"       => $issued,
-                "lifetime"     => $lifetime,
-	            "secret"       => $secret_unpack,
-	            "realm"        => $realm),$lifetime);
+            $this->cache_service->storeHash($association->getHandle(),
+	            array(
+	                "type"         => $association->getType(),
+	                "mac_function" => $association->getMacFunction(),
+	                "issued"       => $association->getIssued(),
+	                "lifetime"     => intval($association->getLifetime()),
+		            "secret"       => $secret_unpack,
+		            "realm"        => !is_null($association->getRealm())?$association->getRealm():''
+	            ),
+	            intval($association->getLifetime())
+            );
 
         } catch (UnacquiredLockException $ex1) {
-            throw new ReplayAttackException(sprintf(OpenIdErrorMessages::ReplayAttackPrivateAssociationAlreadyUsed, $handle));
+            throw new ReplayAttackException(sprintf(OpenIdErrorMessages::ReplayAttackPrivateAssociationAlreadyUsed, $association->getHandle()));
         }
         return $assoc;
     }
 
-    /**
-     * For verifying signatures an OP MUST only use private associations and MUST NOT
-     * use associations that have shared keys. If the verification request contains a handle
-     * for a shared association, it means the Relying Party no longer knows the shared secret,
-     * or an entity other than the RP (e.g. an attacker) has established this association with the OP.
-     * @param $handle
-     * @return mixed
-     */
-    public function getAssociationType($handle)
-    {
-        $assoc = OpenIdAssociation::where('identifier', '=', $handle)->first();
-        if (!is_null($assoc)) {
-            return $assoc->type;
-        }
-        return false;
-    }
 }

app/services/openid/TrustedSitesService.php

@@ -1,5 +1,4 @@
 <?php
-
 namespace services\openid;
 
 use Exception;
@@ -10,6 +9,7 @@ use openid\services\ITrustedSitesService;
 use OpenIdTrustedSite;
 use utils\services\IAuthService;
 use utils\services\ILogService;
+use openid\repositories\IOpenIdTrustedSiteRepository;
 
 /**
  * Class TrustedSitesService
@@ -17,17 +17,18 @@ use utils\services\ILogService;
  */
 class TrustedSitesService implements ITrustedSitesService
 {
+
+	private $repository;
 	private $log_service;
-	private $openid_trusted_site;
 
 	/**
-	 * @param OpenIdTrustedSite $openid_trusted_site
-	 * @param ILogService       $log_service
+	 * @param IOpenIdTrustedSiteRepository $repository
+	 * @param ILogService                  $log_service
 	 */
-	public function __construct(OpenIdTrustedSite $openid_trusted_site, ILogService $log_service)
+	public function __construct(IOpenIdTrustedSiteRepository $repository,  ILogService $log_service)
 	{
-		$this->log_service = $log_service;
-		$this->openid_trusted_site = $openid_trusted_site;
+		$this->repository          = $repository;
+		$this->log_service         = $log_service;
 	}
 
 	/**
@@ -35,7 +36,7 @@ class TrustedSitesService implements ITrustedSitesService
 	 * @param             $realm
 	 * @param             $policy
 	 * @param array       $data
-	 * @return bool
+	 * @return bool1|ITrustedSite
 	 * @throws \Exception
 	 */
 	public function addTrustedSite(IOpenIdUser $user, $realm, $policy, $data = array())
@@ -44,31 +45,28 @@ class TrustedSitesService implements ITrustedSitesService
 
 			if (!OpenIdUriHelper::isValidRealm($realm))
 				throw new OpenIdInvalidRealmException(sprintf('realm %s is invalid', $realm));
-
-			$res = $this->openid_trusted_site->create(
-				array(
-					'realm' => $realm,
-					'policy' => $policy,
-					'user_id' => $user->getId(),
-					'data' => json_encode($data)
-				)
-			);
+			$site          = new OpenIdTrustedSite;
+			$site->realm   = $realm;
+			$site->policy  = $policy;
+			$site->user_id = $user->getId();
+			$site->data    = json_encode($data);
+			return $this->repository->add($site)?$site:false;
 
 		} catch (Exception $ex) {
 			$this->log_service->error($ex);
 			throw $ex;
 		}
-		return $res;
+		return false;
 	}
 
 	/**
 	 * @param $id
+	 * @return bool
 	 */
 	public function delTrustedSite($id)
 	{
 		try {
-			$site = $this->openid_trusted_site->where("id", "=", $id)->first();
-			if (!is_null($site)) $site->delete();
+			return $this->repository->deleteById($id);
 		} catch (Exception $ex) {
 			$this->log_service->error($ex);
 		}
@@ -83,34 +81,14 @@ class TrustedSitesService implements ITrustedSitesService
 	 */
 	public function getTrustedSites(IOpenIdUser $user, $realm, $data = array())
 	{
-		$sites = null;
+		$res = array();
 		try {
 
 			if (!OpenIdUriHelper::isValidRealm($realm))
 				throw new OpenIdInvalidRealmException(sprintf('realm %s is invalid', $realm));
-
 			//get all possible sub-domains
 			$sub_domains = $this->getSubDomains($realm);
-			//build query....
-			$query = $this->openid_trusted_site->where("user_id", "=", intval($user->getId()));
-			//add or condition for all given sub-domains
-			if (count($sub_domains)) {
-				$query = $query->where(function ($query) use ($sub_domains) {
-					foreach ($sub_domains as $sub_domain) {
-						$query = $query->orWhere(function ($query_aux) use ($sub_domain) {
-							$query_aux->where('realm', '=', $sub_domain);
-						});
-					}
-				});
-			}
-			//add conditions for all possible pre approved data
-			foreach ($data as $value) {
-				$query = $query->where("data", "LIKE", '%"' . $value . '"%');
-			}
-			$sites = $query->get();
-
-
-			$res = array();
+			$sites       = $this->repository->getMatchingOnesByUserId($user->getId(),$sub_domains,$data);
 			//iterate over all retrieved sites and check the set policies by user
 			foreach ($sites as $site) {
 				$policy = $site->getAuthorizationPolicy();
@@ -179,15 +157,4 @@ class TrustedSitesService implements ITrustedSitesService
 		return $scheme;
 	}
 
-	public function getAllTrustedSitesByUser(IOpenIdUser $user)
-	{
-		$sites = null;
-		try {
-			$sites = $this->openid_trusted_site->where("user_id", "=", $user->getId())->get();
-		} catch (Exception $ex) {
-			$this->log_service->error($ex);
-			throw $ex;
-		}
-		return $sites;
-	}
 }

app/services/openid/UserService.php

@@ -1,150 +1,223 @@
 <?php
-
 namespace services\openid;
 
+use auth\IUserRepository;
 use auth\User;
+use openid\model\IOpenIdUser;
 use DB;
 use Exception;
-use Log;
 use openid\services\IUserService;
+use utils\services\ILogService;
 
+/**
+ * Class UserService
+ * @package services\openid
+ */
 class UserService implements IUserService
 {
 
-    public function associateUser($id, $proposed_username)
+	private $repository;
+	private $log_service;
+
+	/**
+	 * @param IUserRepository $repository
+	 * @param ILogService     $log_service
+	 */
+	public function __construct(IUserRepository $repository, ILogService $log_service){
+		$this->repository  = $repository;
+		$this->log_service = $log_service;
+	}
+
+
+	/**
+	 * @param IOpenIdUser $user
+	 * @param             $proposed_username
+	 * @return bool|IOpenIdUser
+	 * @throws \Exception
+	 */
+	public function associateUser(IOpenIdUser &$user, $proposed_username)
     {
         try {
-            $user = User::where('id', '=', $id)->first();
-            if (!is_null($user)) {
-                DB::transaction(function () use ($id, $proposed_username) {
-                    $done = false;
+	        $repository = $this->repository;
+            if (!is_null($user) && $user->identifier === $user->external_id) {
+                DB::transaction(function () use ($proposed_username,&$user,&$repository) {
+
+                    $done         = false;
                     $fragment_nbr = 1;
                     $aux_proposed_username = $proposed_username;
                     do {
-                        $old_user = \DB::table('openid_users')
-                            ->where('identifier', '=', $aux_proposed_username)
-                            ->where('id', '<>', $id)
-                            ->first();
+
+                        $old_user = $repository->getOneByCriteria(array(
+							array('name' => 'identifier','op' => '=','value' => $aux_proposed_username),
+	                        array('name' => 'id','op' => '<>','value' => $user->id) ));
+
                         if (is_null($old_user)) {
-                            \DB::table('openid_users')->where('id', '=', $id)->update(array('identifier' => $aux_proposed_username));
-                            $done = true;
+
+	                        $user->identifier = $aux_proposed_username;
+	                        $done = $repository->update($user);
                         } else {
                             $aux_proposed_username = $proposed_username . "." . $fragment_nbr;
                             $fragment_nbr++;
                         }
 
                     } while (!$done);
-                    return $aux_proposed_username;
+                    return $user;
                 });
             }
         } catch (Exception $ex) {
-            Log::error($ex);
+            $this->log_service->error($ex);
+	        throw $ex;
         }
         return false;
     }
 
-    public function updateLastLoginDate($identifier)
+	/**
+	 * @param $identifier
+	 * @return mixed|void
+	 * @throws \Exception
+	 */
+	public function updateLastLoginDate($identifier)
     {
         try {
-            $user = User::where('id', '=', $identifier)->first();
+	        $user = $this->repository->get($identifier);
             if (!is_null($user)) {
-                DB::transaction(function () use ($identifier) {
-                    DB::table('openid_users')->where('id', '=', $identifier)->update(array('last_login_date' => gmdate("Y-m-d H:i:s", time())));
-                });
+	            $user->last_login_date = gmdate("Y-m-d H:i:s", time());
+	            $this->repository->update($user);
             }
         } catch (Exception $ex) {
-            Log::error($ex);
+	        $this->log_service->error($ex);
+	        throw $ex;
         }
     }
 
-    public function updateFailedLoginAttempts($identifier)
+	/**
+	 * @param $identifier
+	 * @return mixed|void
+	 * @throws \Exception
+	 */
+	public function updateFailedLoginAttempts($identifier)
     {
         try {
-            $user = User::where('id', '=', $identifier)->first();
+	        $user = $this->repository->get($identifier);
             if (!is_null($user)) {
-                $attempts = $user->login_failed_attempt;
-                ++$attempts;
-                DB::transaction(function () use ($identifier, $attempts) {
-                    DB::table('openid_users')->where('id', '=', $identifier)->update(array('login_failed_attempt' => $attempts));
-                });
+                $user->login_failed_attempt+=1;
+                $this->repository->update($user);
             }
         } catch (Exception $ex) {
-            Log::error($ex);
+	        $this->log_service->error($ex);
+	        throw $ex;
         }
     }
 
-    public function lockUser($identifier)
+	/**
+	 * @param $identifier
+	 * @return mixed|void
+	 * @throws \Exception
+	 */
+	public function lockUser($identifier)
     {
         try {
-            $user = User::where('id', '=', $identifier)->first();
+	        $user = $this->repository->get($identifier);
             if (!is_null($user)) {
-                DB::transaction(function () use ($identifier) {
-                    DB::table('openid_users')->where('id', '=', $identifier)->update(array('lock' => true));
-                });
+
+	            $user->lock = true;
+	            $this->repository->update($user);
+
                 Log::warning(sprintf("User %d locked ", $identifier));
             }
         } catch (Exception $ex) {
-            Log::error($ex);
+	        $this->log_service->error($ex);
+	        throw $ex;
         }
     }
 
-    public function unlockUser($identifier)
+	/**
+	 * @param $identifier
+	 * @return mixed|void
+	 * @throws \Exception
+	 */
+	public function unlockUser($identifier)
     {
-        $res = false;
-        DB::transaction(function () use ($identifier, &$res) {
-            $user = User::where('id', '=', $identifier)->first();
-            if (!is_null($user)) {
-                $res = DB::table('openid_users')->where('id', '=', $identifier)->update(array('lock' => false));
-            }
-        });
-        return $res;
+	    try {
+		    $user = $this->repository->get($identifier);
+		    if (!is_null($user)) {
+
+			    $user->lock = false;
+			    $this->repository->update($user);
+
+			    Log::warning(sprintf("User %d unlocked ", $identifier));
+		    }
+	    } catch (Exception $ex) {
+		    $this->log_service->error($ex);
+		    throw $ex;
+	    }
     }
 
-    public function activateUser($identifier)
+	/**
+	 * @param $identifier
+	 * @return mixed|void
+	 * @throws \Exception
+	 */
+	public function activateUser($identifier)
     {
         try {
-            $user = User::where('id', '=', $identifier)->first();
+	        $user = $this->repository->get($identifier);
             if (!is_null($user)) {
-                DB::transaction(function () use ($identifier) {
-                    DB::table('openid_users')->where('id', '=', $identifier)->update(array('active' => 1));
-                });
+	            $user->active = true;
+	            $this->repository->update($user);
             }
         } catch (Exception $ex) {
-            Log::error($ex);
+	        $this->log_service->error($ex);
+	        throw $ex;
         }
     }
 
-    public function deActivateUser($identifier)
+	/**
+	 * @param $identifier
+	 * @return mixed|void
+	 * @throws \Exception
+	 */
+	public function deActivateUser($identifier)
     {
-        try {
-            $user = User::where('id', '=', $identifier)->first();
-            if (!is_null($user)) {
-                DB::transaction(function () use ($identifier) {
-                    DB::table('openid_users')->where('id', '=', $identifier)->update(array('active' => 0));
-                });
-            }
-        } catch (Exception $ex) {
-            Log::error($ex);
-        }
+	    try {
+		    $user = $this->repository->get($identifier);
+		    if (!is_null($user)) {
+			    $user->active = false;
+			    $this->repository->update($user);
+		    }
+	    } catch (Exception $ex) {
+		    $this->log_service->error($ex);
+		    throw $ex;
+	    }
     }
 
-    public function saveProfileInfo($identifier, $show_pic, $show_full_name, $show_email)
+	/**
+	 * @param $identifier
+	 * @param $show_pic
+	 * @param $show_full_name
+	 * @param $show_email
+	 * @return bool
+	 * @throws \Exception
+	 */
+	public function saveProfileInfo($identifier, $show_pic, $show_full_name, $show_email)
     {
         try {
-            $user = User::where('id', '=', $identifier)->first();
+	        $user = $this->repository->get($identifier);
             if (!is_null($user)) {
                 $user->public_profile_show_photo = $show_pic;
                 $user->public_profile_show_fullname = $show_full_name;
                 $user->public_profile_show_email = $show_email;
-                $user->Save();
+	            return $this->repository->update($user);
             }
         } catch (Exception $ex) {
-            Log::error($ex);
+	        $this->log_service->error($ex);
+	        throw $ex;
         }
+	    return false;
     }
 
     public function get($id){
-        return User::find($id);
+        return $this->repository->get($id);
     }
     /**
      * @param int $page_nbr
@@ -155,7 +228,6 @@ class UserService implements IUserService
      */
     public function getAll($page_nbr = 1, $page_size = 10, array $filters = array(), array $fields = array('*'))
     {
-        DB::getPaginator()->setCurrentPage($page_nbr);
-        return User::Filter($filters)->paginate($page_size, $fields);
+	    return $this->repository->getByPage($page_nbr, $page_size, $filters,$fields);
     }
 }

app/services/security_policies/LockUserCounterMeasure.php

@@ -2,7 +2,7 @@
 
 namespace services;
 
-use auth\User;
+use auth\IUserRepository;
 use Exception;
 use Log;
 use openid\services\IUserService;
@@ -13,10 +13,12 @@ class LockUserCounterMeasure implements ISecurityPolicyCounterMeasure
 {
 	private $server_configuration;
 	private $user_service;
+	private $repository;
 
-	public function __construct(IUserService $user_service, IServerConfigurationService $server_configuration){
+	public function __construct(IUserRepository $repository, IUserService $user_service, IServerConfigurationService $server_configuration){
 		$this->user_service         = $user_service;
 		$this->server_configuration = $server_configuration;
+		$this->repository           = $repository;
 	}
 
     public function trigger(array $params = array())
@@ -26,7 +28,7 @@ class LockUserCounterMeasure implements ISecurityPolicyCounterMeasure
             if (!isset($params["user_identifier"])) return;
             $user_identifier      = $params["user_identifier"];
 
-            $user = User::where('external_id', '=', $user_identifier)->first();
+	        $user = $this->repository->getByExternalId($user_identifier);
             if(is_null($user))
                 return;
             //apply lock policy

app/tests/AssociationServiceTest.php

@@ -0,0 +1,245 @@
+<?php
+
+use openid\services\AssociationService;
+use openid\services\OpenIdServiceCatalog;
+use utils\services\IAuthService;
+use Way\Tests\Factory;
+use openid\helpers\AssociationFactory;
+use openid\OpenIdProtocol;
+use utils\services\UtilsServiceCatalog;
+use utils\exceptions\UnacquiredLockException;
+
+class AssociationServiceTest extends TestCase {
+
+	public function __construct(){
+
+	}
+
+	public function tearDown()
+	{
+		Mockery::close();
+	}
+
+	protected function prepareForTests()
+	{
+		parent::prepareForTests();
+	}
+
+	public function testAddPrivateAssociation(){
+
+		$cache_stub = new CacheServiceStub;
+		$this->app->instance(UtilsServiceCatalog::CacheService,$cache_stub);
+
+		$lock_manager_service_mock = Mockery::mock('utils\services\ILockManagerService');
+		$lock_manager_service_mock->shouldReceive('acquireLock')->once();
+
+		$this->app->instance(UtilsServiceCatalog::LockManagerService ,$lock_manager_service_mock);
+
+		$service = $this->app[OpenIdServiceCatalog::AssociationService];
+		$assoc   = AssociationFactory::getInstance()->buildPrivateAssociation('https://www.test.com/', 3600);
+		$res     = $service->addAssociation($assoc);
+
+		$this->assertTrue(!is_null($res));
+	}
+
+
+	public function testAddSessionAssociation(){
+
+		$cache_stub = new CacheServiceStub;
+		$this->app->instance(UtilsServiceCatalog::CacheService,$cache_stub);
+
+		$lock_manager_service_mock = Mockery::mock('utils\services\ILockManagerService');
+		$lock_manager_service_mock->shouldReceive('acquireLock')->once();
+
+		$this->app->instance(UtilsServiceCatalog::LockManagerService ,$lock_manager_service_mock);
+
+		$service = $this->app[OpenIdServiceCatalog::AssociationService];
+		$assoc   = AssociationFactory::getInstance()->buildSessionAssociation(OpenIdProtocol::AssociationSessionTypeDHSHA256, 3600);
+		$res     = $service->addAssociation($assoc);
+
+		$this->assertTrue(!is_null($res));
+	}
+
+	public function testGetSessionAssociationRedisCrash(){
+
+		$cache_mock = Mockery::mock('utils\services\ICacheService');
+		$cache_mock->shouldReceive('storeHash')->once();
+		$this->app->instance(UtilsServiceCatalog::CacheService,$cache_mock);
+
+		$lock_manager_service_mock = Mockery::mock('utils\services\ILockManagerService');
+		$lock_manager_service_mock->shouldReceive('acquireLock')->once();
+
+		$this->app->instance(UtilsServiceCatalog::LockManagerService ,$lock_manager_service_mock);
+
+		$service = $this->app[OpenIdServiceCatalog::AssociationService];
+		$assoc   = AssociationFactory::getInstance()->buildSessionAssociation(OpenIdProtocol::AssociationSessionTypeDHSHA256, 3600);
+		$res     = $service->addAssociation($assoc);
+
+		$this->assertTrue(!is_null($res));
+		$hash = null;
+		$cache_mock->shouldReceive('storeHash')->once()->andReturnUsing(function($name, $values, $ttl) use(&$hash){
+			$hash = $values;
+		});
+		$cache_mock->shouldReceive('exists')->once()->andReturn(false);
+		$cache_mock->shouldReceive('getHash')->once()->andReturnUsing(function($name, $values) use(&$hash){
+			return $hash;
+		});
+
+		$res2  = $service->getAssociation($res->getHandle());
+
+		$this->assertTrue(!is_null($res2));
+
+		$this->assertTrue($res2->getSecret()===$res->getSecret());
+	}
+
+
+	/**
+	 * @expectedException \openid\exceptions\InvalidAssociation
+	 */
+	public function testGetSessionAssociationMustFail_InvalidAssociation(){
+
+		$cache_mock = Mockery::mock('utils\services\ICacheService');
+		$cache_mock->shouldReceive('storeHash')->once();
+		$this->app->instance(UtilsServiceCatalog::CacheService,$cache_mock);
+
+		$lock_manager_service_mock = Mockery::mock('utils\services\ILockManagerService');
+		$lock_manager_service_mock->shouldReceive('acquireLock')->once();
+
+		$this->app->instance(UtilsServiceCatalog::LockManagerService ,$lock_manager_service_mock);
+
+		$repo_mock = Mockery::mock('openid\repositories\IOpenIdAssociationRepository');
+		$this->app->instance('openid\repositories\IOpenIdAssociationRepository',$repo_mock);
+		$repo_mock->shouldReceive('add')->once();
+		$repo_mock->shouldReceive('getByHandle')->once()->andReturnNull();
+
+		$service = $this->app[OpenIdServiceCatalog::AssociationService];
+		$assoc   = AssociationFactory::getInstance()->buildSessionAssociation(OpenIdProtocol::AssociationSessionTypeDHSHA256, 3600);
+		$res     = $service->addAssociation($assoc);
+
+		$this->assertTrue(!is_null($res));
+		$hash = null;
+		$cache_mock->shouldReceive('exists')->once()->andReturn(false);
+		$service->getAssociation($res->getHandle());
+	}
+
+
+	/**
+	 * @expectedException \openid\exceptions\ReplayAttackException
+	 */
+	public function testAddPrivateAssociationMustFail_ReplayAttackException(){
+
+		$cache_stub = new CacheServiceStub;
+		$this->app->instance(UtilsServiceCatalog::CacheService,$cache_stub);
+
+		$lock_manager_service_mock = Mockery::mock('utils\services\ILockManagerService');
+		$lock_manager_service_mock->shouldReceive('acquireLock')->once();
+
+		$this->app->instance(UtilsServiceCatalog::LockManagerService ,$lock_manager_service_mock);
+
+		$service = $this->app[OpenIdServiceCatalog::AssociationService];
+		$assoc   = AssociationFactory::getInstance()->buildPrivateAssociation('https://www.test.com/', 3600);
+		$res     = $service->addAssociation($assoc);
+
+		$this->assertTrue(!is_null($res));
+		$lock_manager_service_mock->shouldReceive('acquireLock')->once()->andThrow(new UnacquiredLockException);
+		$service->addAssociation($assoc);
+	}
+
+	public function testGetPrivateAssociation(){
+
+		$cache_stub = new CacheServiceStub;
+		$this->app->instance(UtilsServiceCatalog::CacheService,$cache_stub);
+
+		$lock_manager_service_mock = Mockery::mock('utils\services\ILockManagerService');
+		$lock_manager_service_mock->shouldReceive('acquireLock')->twice();
+
+		$this->app->instance(UtilsServiceCatalog::LockManagerService ,$lock_manager_service_mock);
+
+		$service = $this->app[OpenIdServiceCatalog::AssociationService];
+		$assoc   = AssociationFactory::getInstance()->buildPrivateAssociation('https://www.test.com/', 3600);
+		$res     = $service->addAssociation($assoc);
+
+		$this->assertTrue(!is_null($res));
+
+		$res2 = $service->getAssociation($res->getHandle(),'https://www.test.com/');
+
+		$this->assertTrue(!is_null($res2));
+
+		$this->assertTrue($res2->getSecret()===$res->getSecret());
+	}
+
+
+	/**
+	 * @expectedException \openid\exceptions\OpenIdInvalidRealmException
+	 */
+	public function testGetPrivateAssociationMustFail_OpenIdInvalidRealmException(){
+
+		$cache_stub = new CacheServiceStub;
+		$this->app->instance(UtilsServiceCatalog::CacheService,$cache_stub);
+
+		$lock_manager_service_mock = Mockery::mock('utils\services\ILockManagerService');
+		$lock_manager_service_mock->shouldReceive('acquireLock')->once();
+
+		$this->app->instance(UtilsServiceCatalog::LockManagerService ,$lock_manager_service_mock);
+
+		$service = $this->app[OpenIdServiceCatalog::AssociationService];
+		$assoc   = AssociationFactory::getInstance()->buildPrivateAssociation('https://www.test.com/', 3600);
+		$res     = $service->addAssociation($assoc);
+
+		$this->assertTrue(!is_null($res));
+
+		$service->getAssociation($res->getHandle(),'https://www1.test.com/');
+	}
+
+	/**
+	 * @expectedException \openid\exceptions\InvalidAssociation
+	 */
+	public function testGetPrivateAssociationMustFail_InvalidAssociation(){
+
+		$cache_stub = new CacheServiceStub;
+		$this->app->instance(UtilsServiceCatalog::CacheService,$cache_stub);
+
+		$lock_manager_service_mock = Mockery::mock('utils\services\ILockManagerService');
+		$lock_manager_service_mock->shouldReceive('acquireLock')->once();
+
+		$this->app->instance(UtilsServiceCatalog::LockManagerService ,$lock_manager_service_mock);
+
+		$service = $this->app[OpenIdServiceCatalog::AssociationService];
+		$assoc   = AssociationFactory::getInstance()->buildPrivateAssociation('https://www.test.com/', 3600);
+		$res     = $service->addAssociation($assoc);
+
+		$this->assertTrue(!is_null($res));
+
+		$service->getAssociation('123456','https://www1.test.com/');
+	}
+
+
+	/**
+	 * @expectedException \openid\exceptions\ReplayAttackException
+	 */
+	public function testGetPrivateAssociationMustFail_ReplayAttackException(){
+
+
+		$cache_stub = new CacheServiceStub;
+		$this->app->instance(UtilsServiceCatalog::CacheService,$cache_stub);
+
+		$lock_manager_service_mock = Mockery::mock('utils\services\ILockManagerService');
+		$lock_manager_service_mock->shouldReceive('acquireLock')->times(2);
+
+		$this->app->instance(UtilsServiceCatalog::LockManagerService ,$lock_manager_service_mock);
+
+		$service = $this->app[OpenIdServiceCatalog::AssociationService];
+		$assoc   = AssociationFactory::getInstance()->buildPrivateAssociation('https://www.test.com/', 3600);
+		$res     = $service->addAssociation($assoc);
+
+		$this->assertTrue(!is_null($res));
+
+		$res2 = $service->getAssociation($res->getHandle(),'https://www.test.com/');
+
+		$this->assertTrue(!is_null($res2));
+
+		$this->assertTrue($res2->getSecret()===$res->getSecret());
+		$lock_manager_service_mock->shouldReceive('acquireLock')->once()->andThrow(new UnacquiredLockException);
+		$service->getAssociation($res->getHandle(),'https://www.test.com/');
+	}
+} 

app/tests/CacheServiceStub.php

@@ -0,0 +1,154 @@
+<?php
+
+use utils\services\ICacheService;
+
+class CacheServiceStub implements ICacheService{
+
+	private static $cache = array();
+
+	/**
+	 * Determine if a key exists
+	 * @param $key
+	 * @return bool
+	 */
+	public function exists($key)
+	{
+		return array_key_exists($key,self::$cache);
+	}
+
+	/**
+	 * Delete a key
+	 * @param $key
+	 * @return mixed
+	 */
+	public function delete($key)
+	{
+		if(array_key_exists($key,self::$cache))
+			unset(self::$cache[$key]);
+	}
+
+	/**
+	 * Delete a key
+	 * @param array $keys
+	 * @return mixed
+	 */
+	public function deleteArray(array $keys)
+	{
+		foreach($keys as $key)
+			$this->delete($key);
+	}
+
+	/**
+	 * retrieves a hash
+	 * @param       $name
+	 * @param array $values
+	 * @return array
+	 */
+	public function getHash($name, array $values)
+	{
+		if(array_key_exists($name,self::$cache))
+			return self::$cache[$name];
+	}
+
+	/**
+	 * save a hash, with an optional time to live
+	 * @param       $name
+	 * @param array $values
+	 * @param int   $ttl
+	 * @return mixed
+	 */
+	public function storeHash($name, array $values, $ttl = 0)
+	{
+		self::$cache[$name] = $values;
+	}
+
+	/**
+	 * @param     $counter_name
+	 * @param int $ttl
+	 * @return mixed
+	 */
+	public function incCounter($counter_name, $ttl = 0)
+	{
+		if(!array_key_exists($counter_name,self::$cache))
+		{
+			self::$cache[$counter_name] = 0;
+		}
+		self::$cache[$counter_name] = intval(self::$cache[$counter_name]) + 1;
+	}
+
+	/**
+	 * @param $counter_name
+	 * @return mixed
+	 */
+	public function incCounterIfExists($counter_name)
+	{
+		if(array_key_exists($counter_name,self::$cache))
+		{
+			self::$cache[$counter_name] = intval(self::$cache[$counter_name]) + 1;
+		}
+	}
+
+	public function addMemberSet($set_name, $member)
+	{
+		// TODO: Implement addMemberSet() method.
+	}
+
+	public function deleteMemberSet($set_name, $member)
+	{
+		// TODO: Implement deleteMemberSet() method.
+	}
+
+	public function getSet($set_name)
+	{
+		if(array_key_exists($set_name,self::$cache)){
+			return self::$cache[$set_name];
+		}
+		return null;
+	}
+
+	public function getSingleValue($key)
+	{
+		if(array_key_exists($key,self::$cache)){
+			return self::$cache[$key];
+		}
+		return null;
+	}
+
+	public function setSingleValue($key, $value, $ttl = 0)
+	{
+		self::$cache[$key]= $value;
+	}
+
+	/**
+	 * adds a single value if given keys does not exists, with an optional
+	 * time to live
+	 * @param     $key
+	 * @param     $value
+	 * @param int $ttl
+	 * @return mixed
+	 */
+	public function addSingleValue($key, $value, $ttl = 0)
+	{
+		if(!array_key_exists($key,self::$cache)){
+			self::$cache[$key]= $value;
+			return true;
+		}
+		return false;
+	}
+
+	/**
+	 * Set time to live to a given key
+	 * @param $key
+	 * @param $ttl
+	 * @return mixed
+	 */
+	public function setKeyExpiration($key, $ttl)
+	{
+		// TODO: Implement setKeyExpiration() method.
+	}
+
+	public function boot()
+	{
+		// TODO: Implement boot() method.
+	}
+}

app/tests/TrustedSitesServiceTest.php

@@ -12,22 +12,23 @@ class TrustedSitesServiceTest extends TestCase {
 
 	}
 
-    public function tearDown()
+	protected function prepareForTests()
+	{
+		parent::prepareForTests();
+	}
+
+	public function tearDown()
     {
         Mockery::close();
     }
 
-	protected function prepareForTests()
-	{
-		parent::prepareForTests();
-
-	}
 
 	public function testBehaviorAdd(){
 
-		$trusted_site = Mockery::mock('Eloquent','OpenIdTrustedSite');
-		$trusted_site->shouldReceive('create')->andReturn($trusted_site)->once();
-        $this->app->instance('OpenIdTrustedSite', $trusted_site);
+		$repo_mock = Mockery::mock('repositories\EloquentOpenIdTrustedSiteRepository');
+
+		$repo_mock->shouldReceive('add')->andReturn(true)->once();
+	    $this->app->instance('openid\repositories\IOpenIdTrustedSiteRepository', $repo_mock);
 
 		$mock_user = Mockery::mock('openid\model\IOpenIdUser');
 		$mock_user->shouldReceive('getId')->andReturn(1);
@@ -39,7 +40,6 @@ class TrustedSitesServiceTest extends TestCase {
 			                            $data = array());
 
 		$this->assertTrue(!is_null($res));
-		$this->assertTrue($res===$trusted_site);
 	}
 
 	public function testAdd(){

bootstrap/start.php

@@ -1,6 +1,5 @@
 <?php
 
-use utils\services\ServiceLocator;
 use utils\services\UtilsServiceCatalog;
 use openid\services\OpenIdServiceCatalog;
 /*
@@ -73,9 +72,11 @@ use auth\CustomAuthProvider;
 Auth::extend('custom', function($app) {
     return new Guard(
         new CustomAuthProvider(
-            ServiceLocator::getInstance()->getService('auth\\IAuthenticationExtensionService'),
-            ServiceLocator::getInstance()->getService(OpenIdServiceCatalog::UserService),
-            ServiceLocator::getInstance()->getService(UtilsServiceCatalog::CheckPointService)
+	        App::make('auth\\IUserRepository'),
+	        App::make('auth\\IMemberRepository'),
+	        App::make('auth\\IAuthenticationExtensionService'),
+	        App::make(OpenIdServiceCatalog::UserService),
+	        App::make(UtilsServiceCatalog::CheckPointService)
             ),
         App::make('session.store')
     );
@@ -95,3 +96,4 @@ Auth::extend('custom', function($app) {
 
 return $app;
 
+

composer.json

@@ -20,9 +20,11 @@
 			"app/models",
 			"app/database/migrations",
 			"app/database/seeds",
+            "app/tests",
 			"app/tests/TestCase.php",
             "app/libs",
             "app/services",
+            "app/repositories",
             "app/strategies",
             "app/filters",
             "app/validators"