mirror of
https://github.com/elyby/oauth2-server.git
synced 2025-01-03 18:51:53 +05:30
Merge branch 'master' of github.com:thephpleague/oauth2-server into fix-pkce-implementation
# Conflicts: # tests/Grant/AuthCodeGrantTest.php
This commit is contained in:
commit
ce2662ece7
1
.gitattributes
vendored
1
.gitattributes
vendored
@ -11,3 +11,4 @@
|
|||||||
/CHANGELOG.md export-ignore
|
/CHANGELOG.md export-ignore
|
||||||
/CONTRIBUTING.md export-ignore
|
/CONTRIBUTING.md export-ignore
|
||||||
/README.md export-ignore
|
/README.md export-ignore
|
||||||
|
|
||||||
|
@ -62,9 +62,7 @@ Bugs and feature request are tracked on [GitHub](https://github.com/thephpleague
|
|||||||
|
|
||||||
If you have any questions about OAuth _please_ open a ticket here; please **don't** email the address below.
|
If you have any questions about OAuth _please_ open a ticket here; please **don't** email the address below.
|
||||||
|
|
||||||
<a target='_blank' rel='nofollow' href='https://app.codesponsor.io/link/N2YMJcLBppt2Eg9E1jGu4gef/thephpleague/oauth2-server'>
|
|
||||||
<img alt='Sponsor' width='888' height='68' src='https://app.codesponsor.io/embed/N2YMJcLBppt2Eg9E1jGu4gef/thephpleague/oauth2-server.svg' />
|
|
||||||
</a>
|
|
||||||
|
|
||||||
## Commercial Support
|
## Commercial Support
|
||||||
|
|
||||||
|
@ -14,7 +14,7 @@ namespace League\OAuth2\Server;
|
|||||||
class CryptKey
|
class CryptKey
|
||||||
{
|
{
|
||||||
const RSA_KEY_PATTERN =
|
const RSA_KEY_PATTERN =
|
||||||
'/^(-----BEGIN (RSA )?(PUBLIC|PRIVATE) KEY-----\n)(.|\n)+(-----END (RSA )?(PUBLIC|PRIVATE) KEY-----)$/';
|
'/^(-----BEGIN (RSA )?(PUBLIC|PRIVATE) KEY-----)\R.*(-----END (RSA )?(PUBLIC|PRIVATE) KEY-----)\R?$/s';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @var string
|
* @var string
|
||||||
|
@ -153,7 +153,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
|
|||||||
case 'S256':
|
case 'S256':
|
||||||
if (
|
if (
|
||||||
hash_equals(
|
hash_equals(
|
||||||
hash('sha256', strtr(rtrim(base64_encode($codeVerifier), '='), '+/', '-_')),
|
strtr(rtrim(base64_encode(hash('sha256', $codeVerifier, true)), '='), '+/', '-_'),
|
||||||
$authCodePayload->code_challenge
|
$authCodePayload->code_challenge
|
||||||
) === false
|
) === false
|
||||||
) {
|
) {
|
||||||
|
@ -35,6 +35,7 @@ class AuthorizationServerTest extends TestCase
|
|||||||
// Make sure the keys have the correct permissions.
|
// Make sure the keys have the correct permissions.
|
||||||
chmod(__DIR__ . '/Stubs/private.key', 0600);
|
chmod(__DIR__ . '/Stubs/private.key', 0600);
|
||||||
chmod(__DIR__ . '/Stubs/public.key', 0600);
|
chmod(__DIR__ . '/Stubs/public.key', 0600);
|
||||||
|
chmod(__DIR__ . '/Stubs/private.key.crlf', 0600);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testRespondToRequestInvalidGrantType()
|
public function testRespondToRequestInvalidGrantType()
|
||||||
|
@ -33,5 +33,13 @@ class CryptKeyTest extends TestCase
|
|||||||
'file://' . sys_get_temp_dir() . '/' . sha1($keyContent) . '.key',
|
'file://' . sys_get_temp_dir() . '/' . sha1($keyContent) . '.key',
|
||||||
$key->getKeyPath()
|
$key->getKeyPath()
|
||||||
);
|
);
|
||||||
|
|
||||||
|
$keyContent = file_get_contents(__DIR__ . '/Stubs/private.key.crlf');
|
||||||
|
$key = new CryptKey($keyContent);
|
||||||
|
|
||||||
|
$this->assertEquals(
|
||||||
|
'file://' . sys_get_temp_dir() . '/' . sha1($keyContent) . '.key',
|
||||||
|
$key->getKeyPath()
|
||||||
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -47,8 +47,12 @@ class AuthCodeGrantTest extends TestCase
|
|||||||
public function setUp()
|
public function setUp()
|
||||||
{
|
{
|
||||||
$this->cryptStub = new CryptTraitStub;
|
$this->cryptStub = new CryptTraitStub;
|
||||||
$this->codeVerifier = rtrim(strtr(base64_encode(random_bytes(32)), '+/', '-_'), '=');
|
|
||||||
$this->codeChallenge = hash('sha256', strtr(rtrim(base64_encode($this->codeVerifier), '='), '+/', '-_'));
|
// [RFC 7636] Appendix B. Example for the S256 code_challenge_method
|
||||||
|
// $this->codeVerifier = 'dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk';
|
||||||
|
$this->codeVerifier = strtr(rtrim(base64_encode(random_bytes(32)), '='), '+/', '-_');
|
||||||
|
// $this->codeChallenge = 'E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM';
|
||||||
|
$this->codeChallenge = strtr(rtrim(base64_encode(hash('sha256', $this->codeVerifier, true)), '='), '+/', '-_');
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetIdentifier()
|
public function testGetIdentifier()
|
||||||
|
1
tests/Stubs/.gitattributes
vendored
Normal file
1
tests/Stubs/.gitattributes
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
private.key.crlf text eol=crlf
|
27
tests/Stubs/private.key.crlf
Normal file
27
tests/Stubs/private.key.crlf
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIIEpAIBAAKCAQEAtHYxRBYATiiyDFs3pEhFg6Ei/UiQEmolTaQyQK810xHY23+X
|
||||||
|
4elLl6HP1J09mefmJ3ZdIgjIOS6rfK1BQnZIvI+IkoC7+qpD92y9f48iL0tCYKsn
|
||||||
|
i1LFFjP0bESTGDe7XANifQPkp9GvKgJbu7h1/ac8x4CBSU0ZjtEvinQRsdYil6OM
|
||||||
|
MXLWGozbBy13X8G+Ganv2i1aPZ2B25GyrH6lVIEwztGrSYxUrFVL+8dHhONf6PYX
|
||||||
|
19gjdzxkXCYQy2AGMc1FevZmnpIqDNQwX7CUUXQ4TDJmiP0aBEni094gUhnRFUr9
|
||||||
|
dmGpLQcCb2i0WMh2K+swFk3EutDAJ+73LKoZ3QIDAQABAoIBADo8Tge3xd9zGIoO
|
||||||
|
QbV9MRmaPW1ZJk0a/fDBRQpEwGzdvIqQ8VWQ8Lj9GdF18LQi9s3TT5i1FtAFNIfm
|
||||||
|
bUHiY/SdqSgF7SOmIIrPB5QLf6+dbM0/TmKSklFo8L6jnohZK9g0q2rGf9p8Ozem
|
||||||
|
TS4WB9WUS3PiD1a1T8Mb1Gisri0h7rvI4TIkrcx6lUUCgphCZd2TWUhmE3YmybOg
|
||||||
|
4h855W685g/ydzjwB+5Y6CS3V6a78Z5Gb4df3l0XfqCWh/xzuNs7nIpRv8CE0vRE
|
||||||
|
vq9j/cVyKkzMjiagteJaisTCBkDmtAi9dEVL8uaSDoTJq1g+VOGuJxHUm31Pavqr
|
||||||
|
3RwvXS0CgYEA74jUqmzxAwr/uBWquIkfMg+hsKjJe3gsSAJIAPzcA9OkzZd9w/1R
|
||||||
|
P8C92N2UaDbCW7ZEl7ZzS+IO6nA4OcR98j77/nBk6cYykyVRkSaj01epz3bRApxc
|
||||||
|
R18e49MBftSMnI5R7lIJO/UAIRfd0rntX4jkdVAdn9s/VOvG8w4KQXcCgYEAwN3W
|
||||||
|
b3azSNYlj4CW8+t6qS/3JQ/qpPgVuqkqP9dQXC9O6VlV03pJIwFk2Ldjd7/eXT+0
|
||||||
|
hFVB3O71iECfet/1UgustlgFp5I4ZrPmYF/J1nGpx1KIE8P4d0qC8lODtdnsGAcU
|
||||||
|
+/vBjXinX7pWgM8e6LAJzqNUq/xal/wNY325dEsCgYB7J0+n+/ECToJhhApNbHq0
|
||||||
|
g2LvcCh/Ka8iqsGYeGkqMoOWDKBlxvUiIRe6y1nFJvpQquqjUfP/fM+Ma3wM/2B9
|
||||||
|
zzJChEjuBK/2BYblaQdr3rN47i7R99BeBaLdIZywN9m/mFC5hkYnJHUXjqzG7j8E
|
||||||
|
El7bjgBdMx1hrQOR7ZMKSwKBgQC2SXXBiBlPwEdj6I/EH06h1hnrR63pGim/cN/j
|
||||||
|
0ye62WPmHW+HH888bLbaNgqnRgtvayS85rAHlzst+pZBVqfRUgN9nJhLl2IDgAlA
|
||||||
|
EYj9TBTBtXmz5MdUSHKXguO73yrMUvU8bOi1Q9I+IipcOGboWmoKikke/LbLa4lj
|
||||||
|
/ZJpHQKBgQCuDanU+AJKgUQkkC2gHwT8quxPoRcFFErHp3iaDAwd5XsZJG9FHQUP
|
||||||
|
RkPE+JkSaj65byFLhCPHUayfk4Y4udHEy4cXiv2SxZNK8q1HwuFEvb7uFprj0hNs
|
||||||
|
14qJunONVt/jzswdwO5kGVbpGlHl7U0JABnTJP71fW/rE5SH4zYxqg==
|
||||||
|
-----END RSA PRIVATE KEY-----
|
Loading…
Reference in New Issue
Block a user