diff --git a/.travis.yml b/.travis.yml index 21f3e926..85474626 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,7 +4,11 @@ sudo: false cache: directories: - - vendor + - vendor + +env: + - DEPENDENCIES="" + - DEPENDENCIES="--prefer-lowest --prefer-stable" php: - 7.0 @@ -12,7 +16,7 @@ php: - 7.2 install: - - travis_retry composer install --no-interaction --prefer-source + - composer update --no-interaction --prefer-dist $DEPENDENCIES script: - vendor/bin/phpunit diff --git a/composer.json b/composer.json index 814d7054..8e7fd7e6 100644 --- a/composer.json +++ b/composer.json @@ -7,16 +7,17 @@ "php": ">=7.0.0", "ext-openssl": "*", "league/event": "^2.1", - "lcobucci/jwt": "^3.1", + "lcobucci/jwt": "^3.2.2", "paragonie/random_compat": "^2.0", - "psr/http-message": "^1.0", + "psr/http-message": "^1.0.1", "defuse/php-encryption": "^2.1" }, "require-dev": { "phpunit/phpunit": "^6.3 || ^7.0", - "zendframework/zend-diactoros": "^1.0", + "zendframework/zend-diactoros": "^1.3.2", "phpstan/phpstan": "^0.9.2", - "phpstan/phpstan-phpunit": "^0.9.4" + "phpstan/phpstan-phpunit": "^0.9.4", + "phpstan/phpstan-strict-rules": "^0.9.0" }, "repositories": [ { diff --git a/phpstan.neon b/phpstan.neon index a4800dd5..88c21d40 100644 --- a/phpstan.neon +++ b/phpstan.neon @@ -2,8 +2,4 @@ includes: - vendor/phpstan/phpstan-phpunit/extension.neon - vendor/phpstan/phpstan-phpunit/rules.neon - vendor/phpstan/phpstan-phpunit/strictRules.neon -parameters: - ignoreErrors: - - '#Class Zend\\Diactoros\\ServerRequest constructor invoked with \d+ parameters, 0-6 required#' - - '#Parameter \#2 \$key of method Lcobucci\\JWT\\Builder::sign\(\) expects string, Lcobucci\\JWT\\Signer\\Key given#' - reportUnmatchedIgnoredErrors: false + - vendor/phpstan/phpstan-strict-rules/rules.neon diff --git a/src/Exception/OAuthServerException.php b/src/Exception/OAuthServerException.php index 281eae0e..97fc142e 100644 --- a/src/Exception/OAuthServerException.php +++ b/src/Exception/OAuthServerException.php @@ -262,13 +262,10 @@ class OAuthServerException extends \Exception $this->redirectUri .= (strstr($this->redirectUri, '?') === false) ? '?' : '&'; } - /** @var ResponseInterface $response */ - $response = $response->withStatus(302)->withHeader('Location', $this->redirectUri . http_build_query($payload)); - return $response; + return $response->withStatus(302)->withHeader('Location', $this->redirectUri . http_build_query($payload)); } foreach ($headers as $header => $content) { - /** @var ResponseInterface $response */ $response = $response->withHeader($header, $content); } diff --git a/src/Grant/AbstractGrant.php b/src/Grant/AbstractGrant.php index e806ba09..304ba99b 100644 --- a/src/Grant/AbstractGrant.php +++ b/src/Grant/AbstractGrant.php @@ -204,7 +204,7 @@ abstract class AbstractGrant implements GrantTypeInterface throw OAuthServerException::invalidClient(); } elseif ( is_array($client->getRedirectUri()) - && in_array($redirectUri, $client->getRedirectUri()) === false + && in_array($redirectUri, $client->getRedirectUri(), true) === false ) { $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); throw OAuthServerException::invalidClient(); diff --git a/src/Grant/AuthCodeGrant.php b/src/Grant/AuthCodeGrant.php index d7900581..dc880365 100644 --- a/src/Grant/AuthCodeGrant.php +++ b/src/Grant/AuthCodeGrant.php @@ -235,13 +235,13 @@ class AuthCodeGrant extends AbstractAuthorizeGrant throw OAuthServerException::invalidClient(); } elseif ( is_array($client->getRedirectUri()) - && in_array($redirectUri, $client->getRedirectUri()) === false + && in_array($redirectUri, $client->getRedirectUri(), true) === false ) { $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); throw OAuthServerException::invalidClient(); } - } elseif (is_array($client->getRedirectUri()) && count($client->getRedirectUri()) !== 1 - || empty($client->getRedirectUri())) { + } elseif (is_array($client->getRedirectUri()) && count($client->getRedirectUri()) !== 1 + || empty($client->getRedirectUri())) { $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); throw OAuthServerException::invalidClient(); } else { @@ -278,7 +278,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant } $codeChallengeMethod = $this->getQueryStringParameter('code_challenge_method', $request, 'plain'); - if (in_array($codeChallengeMethod, ['plain', 'S256']) === false) { + if (in_array($codeChallengeMethod, ['plain', 'S256'], true) === false) { throw OAuthServerException::invalidRequest( 'code_challenge_method', 'Code challenge method must be `plain` or `S256`' diff --git a/src/Grant/ImplicitGrant.php b/src/Grant/ImplicitGrant.php index 5a6fccb1..dfb96743 100644 --- a/src/Grant/ImplicitGrant.php +++ b/src/Grant/ImplicitGrant.php @@ -144,12 +144,12 @@ class ImplicitGrant extends AbstractAuthorizeGrant throw OAuthServerException::invalidClient(); } elseif ( is_array($client->getRedirectUri()) - && in_array($redirectUri, $client->getRedirectUri()) === false + && in_array($redirectUri, $client->getRedirectUri(), true) === false ) { $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); throw OAuthServerException::invalidClient(); } - } elseif (is_array($client->getRedirectUri()) && count($client->getRedirectUri()) !== 1 + } elseif (is_array($client->getRedirectUri()) && count($client->getRedirectUri()) !== 1 || empty($client->getRedirectUri())) { $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); throw OAuthServerException::invalidClient(); diff --git a/src/Grant/RefreshTokenGrant.php b/src/Grant/RefreshTokenGrant.php index 66a3b266..f8e022b4 100644 --- a/src/Grant/RefreshTokenGrant.php +++ b/src/Grant/RefreshTokenGrant.php @@ -11,7 +11,6 @@ namespace League\OAuth2\Server\Grant; -use League\OAuth2\Server\Entities\ScopeEntityInterface; use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface; use League\OAuth2\Server\RequestEvent; @@ -53,7 +52,7 @@ class RefreshTokenGrant extends AbstractGrant // The OAuth spec says that a refreshed access token can have the original scopes or fewer so ensure // the request doesn't include any new scopes foreach ($scopes as $scope) { - if (in_array($scope->getIdentifier(), $oldRefreshToken['scopes']) === false) { + if (in_array($scope->getIdentifier(), $oldRefreshToken['scopes'], true) === false) { throw OAuthServerException::invalidScope($scope->getIdentifier()); } } diff --git a/src/ResponseTypes/RedirectResponse.php b/src/ResponseTypes/RedirectResponse.php index f40f087b..e4639148 100644 --- a/src/ResponseTypes/RedirectResponse.php +++ b/src/ResponseTypes/RedirectResponse.php @@ -35,8 +35,6 @@ class RedirectResponse extends AbstractResponseType */ public function generateHttpResponse(ResponseInterface $response) { - /** @var ResponseInterface $response */ - $response = $response->withStatus(302)->withHeader('Location', $this->redirectUri); - return $response; + return $response->withStatus(302)->withHeader('Location', $this->redirectUri); } }