From 75ccb958af6c834994100e23257915eb6e98d0f2 Mon Sep 17 00:00:00 2001 From: Arie Timmerman Date: Fri, 24 Nov 2023 11:35:04 +0100 Subject: [PATCH] Formatting and warning fixes --- src/AdvancedResourceServer.php | 1 - src/Entities/AccessTokenEntityInterface.php | 2 +- src/Entities/ClaimEntityInterface.php | 4 +- src/Entities/IdToken.php | 3 +- src/Grant/AuthCodeGrant.php | 5 ++- src/Grant/ImplicitGrant.php | 37 ++++++++++++++++--- src/IdTokenEvent.php | 2 +- src/ProviderController.php | 3 +- .../AccessTokenRepositoryInterface.php | 1 - src/Repositories/ClaimRepositoryInterface.php | 2 +- src/ResponseHandler.php | 1 - .../RedirectResponseHandler.php | 3 +- src/SessionInformation.php | 2 +- src/UserInfo.php | 1 - 14 files changed, 45 insertions(+), 22 deletions(-) diff --git a/src/AdvancedResourceServer.php b/src/AdvancedResourceServer.php index 8032c3f..65ac6da 100644 --- a/src/AdvancedResourceServer.php +++ b/src/AdvancedResourceServer.php @@ -8,7 +8,6 @@ class AdvancedResourceServer extends ResourceServer { - /** * @var null|AuthorizationValidatorInterface */ diff --git a/src/Entities/AccessTokenEntityInterface.php b/src/Entities/AccessTokenEntityInterface.php index 9b9f16a..55b8079 100644 --- a/src/Entities/AccessTokenEntityInterface.php +++ b/src/Entities/AccessTokenEntityInterface.php @@ -16,7 +16,7 @@ public function getClaims(); /** * Return an array of scopes associated with the token - * + * * @return ScopeEntityInterface[] */ public function getScopes(); diff --git a/src/Entities/ClaimEntityInterface.php b/src/Entities/ClaimEntityInterface.php index 565d238..8f53244 100644 --- a/src/Entities/ClaimEntityInterface.php +++ b/src/Entities/ClaimEntityInterface.php @@ -6,8 +6,8 @@ interface ClaimEntityInterface extends JsonSerializable { - const TYPE_ID_TOKEN = 'id_token'; - const TYPE_USERINFO = 'userinfo'; + public const TYPE_ID_TOKEN = 'id_token'; + public const TYPE_USERINFO = 'userinfo'; /** * Get the scope's identifier. diff --git a/src/Entities/IdToken.php b/src/Entities/IdToken.php index 6ae56d2..e1d8c80 100644 --- a/src/Entities/IdToken.php +++ b/src/Entities/IdToken.php @@ -4,7 +4,6 @@ use DateTimeImmutable; use Lcobucci\JWT\Signer\Rsa\Sha256; -use Lcobucci\JWT\Token\RegisteredClaims; use League\OAuth2\Server\CryptKey; use Lcobucci\JWT\Configuration; use Lcobucci\JWT\Signer\Key\InMemory; @@ -105,7 +104,7 @@ public function setAudience($audience) /** * Get the value of expiration */ - public function getExpiration() : \DateTimeImmutable + public function getExpiration(): \DateTimeImmutable { return $this->expiration; } diff --git a/src/Grant/AuthCodeGrant.php b/src/Grant/AuthCodeGrant.php index 48fb1bd..694e270 100644 --- a/src/Grant/AuthCodeGrant.php +++ b/src/Grant/AuthCodeGrant.php @@ -89,7 +89,8 @@ public function canRespondToAccessTokenRequest(ServerRequestInterface $request) $requestParameters = (array) $request->getParsedBody(); // Don't try to handle code when it isn't even an authorization_code request - if (!array_key_exists('grant_type', $requestParameters) + if ( + !array_key_exists('grant_type', $requestParameters) || $requestParameters['grant_type'] !== 'authorization_code' ) { return false; @@ -114,7 +115,7 @@ public function canRespondToAccessTokenRequest(ServerRequestInterface $request) public function validateAuthorizationRequest(ServerRequestInterface $request) { $result = parent::validateAuthorizationRequest($request); - + $redirectUri = $this->getQueryStringParameter( 'redirect_uri', $request diff --git a/src/Grant/ImplicitGrant.php b/src/Grant/ImplicitGrant.php index b03231a..9068342 100644 --- a/src/Grant/ImplicitGrant.php +++ b/src/Grant/ImplicitGrant.php @@ -2,7 +2,6 @@ namespace Idaas\OpenID\Grant; -use DateTimeImmutable; use Idaas\OpenID\Entities\IdToken; use Idaas\OpenID\IdTokenEvent; use Idaas\OpenID\Repositories\ClaimRepositoryInterface; @@ -11,6 +10,7 @@ use Idaas\OpenID\SessionInterface; use League\OAuth2\Server\Entities\UserEntityInterface; use League\OAuth2\Server\Exception\OAuthServerException; +use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface; use League\OAuth2\Server\RequestTypes\AuthorizationRequest; use League\OAuth2\Server\ResponseTypes\RedirectResponse; use Psr\Http\Message\ServerRequestInterface; @@ -35,6 +35,12 @@ class ImplicitGrant extends \League\OAuth2\Server\Grant\ImplicitGrant */ protected $session; + /** + * Same as $accessTokenTTL, but used for the ID Token + * @var \DateInterval + */ + protected $accessTokenTTLCopy; + /** * @param \DateInterval $accessTokenTTL * @param string $queryDelimiter @@ -53,7 +59,7 @@ public function __construct( $this->claimRepositoryInterface = $claimRepositoryInterface; $this->session = $session; - $this->accessTokenTTL = $accessTokenTTL; + $this->accessTokenTTLCopy = $accessTokenTTL; $this->idTokenTTL = $idTokenTTL; $this->queryDelimiter = $queryDelimiter; } @@ -66,7 +72,11 @@ public function getIdentifier() public function canRespondToAuthorizationRequest(ServerRequestInterface $request) { $result = (isset($request->getQueryParams()['response_type']) - && ($request->getQueryParams()['response_type'] === 'id_token token' || $request->getQueryParams()['response_type'] === 'id_token' || $request->getQueryParams()['response_type'] === 'token') + && ( + $request->getQueryParams()['response_type'] === 'id_token token' || + $request->getQueryParams()['response_type'] === 'id_token' || + $request->getQueryParams()['response_type'] === 'token' + ) && isset($request->getQueryParams()['client_id'])); $queryParams = $request->getQueryParams(); @@ -147,7 +157,7 @@ public function completeAuthorizationRequest(AuthorizationRequest $authorization // The user approved the client, redirect them back with an access token if ($authorizationRequest->isAuthorizationApproved() === true) { $accessToken = $this->issueAccessToken( - $this->accessTokenTTL, + $this->accessTokenTTLCopy, $authorizationRequest->getClient(), $authorizationRequest->getUser()->getIdentifier(), $authorizationRequest->getScopes() @@ -192,7 +202,10 @@ public function completeAuthorizationRequest(AuthorizationRequest $authorization $idToken->addExtra($key, $value); } } else { - $this->accessTokenRepository->storeClaims($accessToken, $claimsRequested); + // This check is not really needed, as accessTokenRepisitory is guaranted to be of this type + if ($this->accessTokenRepository instanceof \Idaas\OpenID\Repositories\AccessTokenRepositoryInterface) { + $this->accessTokenRepository->storeClaims($accessToken, $claimsRequested); + } } /** @@ -210,7 +223,10 @@ public function completeAuthorizationRequest(AuthorizationRequest $authorization //Only add the access token and related parameters if requested //TODO: Check if OpenID Connect flow is allowed if only a token is requested. - if ($authorizationRequest->getResponseType() == 'id_token token' || $authorizationRequest->getResponseType() == 'token') { + if ( + $authorizationRequest->getResponseType() == 'id_token token' || + $authorizationRequest->getResponseType() == 'token' + ) { $accessToken->setPrivateKey($this->privateKey); $parameters['access_token'] = (string) $accessToken; $parameters['token_type'] = 'Bearer'; @@ -243,4 +259,13 @@ public function completeAuthorizationRequest(AuthorizationRequest $authorization ) ); } + + public function setAccessTokenRepository(AccessTokenRepositoryInterface $accessTokenRepository) + { + if (!($accessTokenRepository instanceof \Idaas\OpenID\Repositories\AccessTokenRepositoryInterface)) { + throw new \LogicException('The access token repository must be an instance of Idaas\OpenID\Repositories\AccessTokenRepositoryInterface'); + } + + $this->accessTokenRepository = $accessTokenRepository; + } } diff --git a/src/IdTokenEvent.php b/src/IdTokenEvent.php index 0449add..25fc52b 100644 --- a/src/IdTokenEvent.php +++ b/src/IdTokenEvent.php @@ -8,7 +8,7 @@ class IdTokenEvent extends Event { - const TOKEN_POPULATED = 'id_token.populated'; + public const TOKEN_POPULATED = 'id_token.populated'; /** * @var IdToken diff --git a/src/ProviderController.php b/src/ProviderController.php index 373651f..557306f 100644 --- a/src/ProviderController.php +++ b/src/ProviderController.php @@ -1,5 +1,6 @@ x509; $key = str_replace(array('-----BEGIN CERTIFICATE-----','-----END CERTIFICATE-----',"\r", "\n", " "), "", $key); - $keyForParsing = "-----BEGIN CERTIFICATE-----\n".chunk_split($key, 64, "\n")."-----END CERTIFICATE-----\n"; + $keyForParsing = "-----BEGIN CERTIFICATE-----\n" . chunk_split($key, 64, "\n") . "-----END CERTIFICATE-----\n"; $result = openssl_pkey_get_details(openssl_pkey_get_public(openssl_x509_read($keyForParsing))); diff --git a/src/Repositories/AccessTokenRepositoryInterface.php b/src/Repositories/AccessTokenRepositoryInterface.php index 52bbf37..6a1f2f4 100644 --- a/src/Repositories/AccessTokenRepositoryInterface.php +++ b/src/Repositories/AccessTokenRepositoryInterface.php @@ -8,7 +8,6 @@ interface AccessTokenRepositoryInterface extends LeagueAccessTokenRepositoryInterface { - /** * @param array $claims ClaimEntityInterface[] */ diff --git a/src/Repositories/ClaimRepositoryInterface.php b/src/Repositories/ClaimRepositoryInterface.php index 16f1d55..a91e58f 100644 --- a/src/Repositories/ClaimRepositoryInterface.php +++ b/src/Repositories/ClaimRepositoryInterface.php @@ -23,7 +23,7 @@ public function getClaimEntityByIdentifier($identifier, $type, $essential); /** * @return ClaimEntityInterface[] */ - public function getClaimsByScope(ScopeEntityInterface $scope) : iterable; + public function getClaimsByScope(ScopeEntityInterface $scope): iterable; public function claimsRequestToEntities(array $json = null); } diff --git a/src/ResponseHandler.php b/src/ResponseHandler.php index 8a21f8e..86e5fe1 100644 --- a/src/ResponseHandler.php +++ b/src/ResponseHandler.php @@ -9,7 +9,6 @@ class ResponseHandler { - protected $handlers; public function __construct() diff --git a/src/ResponseHandlers/RedirectResponseHandler.php b/src/ResponseHandlers/RedirectResponseHandler.php index 2e37b43..f27f142 100644 --- a/src/ResponseHandlers/RedirectResponseHandler.php +++ b/src/ResponseHandlers/RedirectResponseHandler.php @@ -19,7 +19,8 @@ public function generateResponse(AuthenticationRequest $authenticationRequest, $ { $queryDelimiter = '?'; - if ($authenticationRequest->getResponseMode() === 'fragment' || + if ( + $authenticationRequest->getResponseMode() === 'fragment' || strpos($authenticationRequest->getResponseType(), 'code') === false ) { $queryDelimiter = '#'; diff --git a/src/SessionInformation.php b/src/SessionInformation.php index 30e0fd6..8134805 100644 --- a/src/SessionInformation.php +++ b/src/SessionInformation.php @@ -23,7 +23,7 @@ public static function fromJSON($json) public function toJSON() { - return json_encode(['acr'=>$this->acr, 'amr'=>$this->amr,'azp'=>$this->azp]); + return json_encode(['acr' => $this->acr, 'amr' => $this->amr,'azp' => $this->azp]); } public function __toString() diff --git a/src/UserInfo.php b/src/UserInfo.php index 8d5641c..619987b 100644 --- a/src/UserInfo.php +++ b/src/UserInfo.php @@ -11,7 +11,6 @@ class UserInfo { - protected $userRepository; protected $tokenRepository; protected $resourceServer;