ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2024-12-22 13:09:44 +05:30
Code Issues Packages Projects Releases Wiki Activity

Merge master into this branch

Browse Source
This commit is contained in:
sephster 2018-11-13 12:28:39 +00:00
commit d64fb3f526
No known key found for this signature in database
GPG Key ID: 077754CA23023F4F
23 changed files with 137 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.styleci.yml
View File

@ -4,6 +4,7 @@ enabled:
- binary_operator_spaces - binary_operator_spaces
- blank_line_before_return - blank_line_before_return
- concat_with_spaces - concat_with_spaces
- fully_qualified_strict_types
- function_typehint_space - function_typehint_space
- hash_to_slash_comment - hash_to_slash_comment
- include - include

11
src/AuthorizationServer.php
View File

@ -9,6 +9,7 @@
namespace League\OAuth2\Server; namespace League\OAuth2\Server;
use DateInterval;
use Defuse\Crypto\Key; use Defuse\Crypto\Key;
use League\Event\EmitterAwareInterface; use League\Event\EmitterAwareInterface;
use League\Event\EmitterAwareTrait; use League\Event\EmitterAwareTrait;
@ -34,7 +35,7 @@ class AuthorizationServer implements EmitterAwareInterface
protected $enabledGrantTypes = []; protected $enabledGrantTypes = [];
/** /**
* @var \DateInterval[] * @var DateInterval[]
*/ */
protected $grantTypeAccessTokenTTL = []; protected $grantTypeAccessTokenTTL = [];
@ -126,12 +127,12 @@ class AuthorizationServer implements EmitterAwareInterface
* Enable a grant type on the server. * Enable a grant type on the server.
* *
* @param GrantTypeInterface $grantType * @param GrantTypeInterface $grantType
* @param null|\DateInterval $accessTokenTTL * @param null|DateInterval $accessTokenTTL
*/ */
public function enableGrantType(GrantTypeInterface $grantType, \DateInterval $accessTokenTTL = null) public function enableGrantType(GrantTypeInterface $grantType, DateInterval $accessTokenTTL = null)
{ {
if ($accessTokenTTL instanceof \DateInterval === false) { if ($accessTokenTTL instanceof DateInterval === false) {
$accessTokenTTL = new \DateInterval('PT1H'); $accessTokenTTL = new DateInterval('PT1H');
} }
$grantType->setAccessTokenRepository($this->accessTokenRepository); $grantType->setAccessTokenRepository($this->accessTokenRepository);

13
src/AuthorizationValidators/BearerTokenValidator.php
View File

@ -9,6 +9,8 @@
namespace League\OAuth2\Server\AuthorizationValidators; namespace League\OAuth2\Server\AuthorizationValidators;
use BadMethodCallException;
use InvalidArgumentException;
use Lcobucci\JWT\Parser; use Lcobucci\JWT\Parser;
use Lcobucci\JWT\Signer\Rsa\Sha256; use Lcobucci\JWT\Signer\Rsa\Sha256;
use Lcobucci\JWT\ValidationData; use Lcobucci\JWT\ValidationData;
@ -17,6 +19,7 @@ use League\OAuth2\Server\CryptTrait;
use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface; use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Message\ServerRequestInterface;
use RuntimeException;
class BearerTokenValidator implements AuthorizationValidatorInterface class BearerTokenValidator implements AuthorizationValidatorInterface
{ {
@ -28,7 +31,7 @@ class BearerTokenValidator implements AuthorizationValidatorInterface
private $accessTokenRepository; private $accessTokenRepository;
/** /**
* @var \League\OAuth2\Server\CryptKey * @var CryptKey
*/ */
protected $publicKey; protected $publicKey;
@ -43,7 +46,7 @@ class BearerTokenValidator implements AuthorizationValidatorInterface
/** /**
* Set the public key * Set the public key
* *
* @param \League\OAuth2\Server\CryptKey $key * @param CryptKey $key
*/ */
public function setPublicKey(CryptKey $key) public function setPublicKey(CryptKey $key)
{ {
@ -69,7 +72,7 @@ class BearerTokenValidator implements AuthorizationValidatorInterface
if ($token->verify(new Sha256(), $this->publicKey->getKeyPath()) === false) { if ($token->verify(new Sha256(), $this->publicKey->getKeyPath()) === false) {
throw OAuthServerException::accessDenied('Access token could not be verified'); throw OAuthServerException::accessDenied('Access token could not be verified');
} }
} catch (\BadMethodCallException $exception) { } catch (BadMethodCallException $exception) {
throw OAuthServerException::accessDenied('Access token is not signed', null, $exception); throw OAuthServerException::accessDenied('Access token is not signed', null, $exception);
} }
@ -92,10 +95,10 @@ class BearerTokenValidator implements AuthorizationValidatorInterface
->withAttribute('oauth_client_id', $token->getClaim('aud')) ->withAttribute('oauth_client_id', $token->getClaim('aud'))
->withAttribute('oauth_user_id', $token->getClaim('sub')) ->withAttribute('oauth_user_id', $token->getClaim('sub'))
->withAttribute('oauth_scopes', $token->getClaim('scopes')); ->withAttribute('oauth_scopes', $token->getClaim('scopes'));
} catch (\InvalidArgumentException $exception) { } catch (InvalidArgumentException $exception) {
// JWT couldn't be parsed so return the request as is // JWT couldn't be parsed so return the request as is
throw OAuthServerException::accessDenied($exception->getMessage(), null, $exception); throw OAuthServerException::accessDenied($exception->getMessage(), null, $exception);
} catch (\RuntimeException $exception) { } catch (RuntimeException $exception) {
//JWR couldn't be parsed so return the request as is //JWR couldn't be parsed so return the request as is
throw OAuthServerException::accessDenied('Error while decoding to JSON', null, $exception); throw OAuthServerException::accessDenied('Error while decoding to JSON', null, $exception);
} }

13
src/CryptKey.php
View File

@ -11,6 +11,9 @@
namespace League\OAuth2\Server; namespace League\OAuth2\Server;
use LogicException;
use RuntimeException;
class CryptKey class CryptKey
{ {
const RSA_KEY_PATTERN = const RSA_KEY_PATTERN =
@ -42,7 +45,7 @@ class CryptKey
} }
if (!file_exists($keyPath) || !is_readable($keyPath)) { if (!file_exists($keyPath) || !is_readable($keyPath)) {
throw new \LogicException(sprintf('Key path "%s" does not exist or is not readable', $keyPath)); throw new LogicException(sprintf('Key path "%s" does not exist or is not readable', $keyPath));
} }
if ($keyPermissionsCheck === true) { if ($keyPermissionsCheck === true) {
@ -64,7 +67,7 @@ class CryptKey
/** /**
* @param string $key * @param string $key
* *
* @throws \RuntimeException * @throws RuntimeException
* *
* @return string * @return string
*/ */
@ -79,19 +82,19 @@ class CryptKey
if (!touch($keyPath)) { if (!touch($keyPath)) {
// @codeCoverageIgnoreStart // @codeCoverageIgnoreStart
throw new \RuntimeException(sprintf('"%s" key file could not be created', $keyPath)); throw new RuntimeException(sprintf('"%s" key file could not be created', $keyPath));
// @codeCoverageIgnoreEnd // @codeCoverageIgnoreEnd
} }
if (file_put_contents($keyPath, $key) === false) { if (file_put_contents($keyPath, $key) === false) {
// @codeCoverageIgnoreStart // @codeCoverageIgnoreStart
throw new \RuntimeException(sprintf('Unable to write key file to temporary directory "%s"', $tmpDir)); throw new RuntimeException(sprintf('Unable to write key file to temporary directory "%s"', $tmpDir));
// @codeCoverageIgnoreEnd // @codeCoverageIgnoreEnd
} }
if (chmod($keyPath, 0600) === false) { if (chmod($keyPath, 0600) === false) {
// @codeCoverageIgnoreStart // @codeCoverageIgnoreStart
throw new \RuntimeException(sprintf('The key file "%s" file mode could not be changed with chmod to 600', $keyPath)); throw new RuntimeException(sprintf('The key file "%s" file mode could not be changed with chmod to 600', $keyPath));
// @codeCoverageIgnoreEnd // @codeCoverageIgnoreEnd
} }

14
src/CryptTrait.php
View File

@ -13,6 +13,8 @@ namespace League\OAuth2\Server;
use Defuse\Crypto\Crypto; use Defuse\Crypto\Crypto;
use Defuse\Crypto\Key; use Defuse\Crypto\Key;
use Exception;
use LogicException;
trait CryptTrait trait CryptTrait
{ {
@ -26,7 +28,7 @@ trait CryptTrait
* *
* @param string $unencryptedData * @param string $unencryptedData
* *
* @throws \LogicException * @throws LogicException
* *
* @return string * @return string
*/ */
@ -38,8 +40,8 @@ trait CryptTrait
} }
return Crypto::encryptWithPassword($unencryptedData, $this->encryptionKey); return Crypto::encryptWithPassword($unencryptedData, $this->encryptionKey);
} catch (\Exception $e) { } catch (Exception $e) {
throw new \LogicException($e->getMessage(), null, $e); throw new LogicException($e->getMessage(), null, $e);
} }
} }
@ -48,7 +50,7 @@ trait CryptTrait
* *
* @param string $encryptedData * @param string $encryptedData
* *
* @throws \LogicException * @throws LogicException
* *
* @return string * @return string
*/ */
@ -60,8 +62,8 @@ trait CryptTrait
} }
return Crypto::decryptWithPassword($encryptedData, $this->encryptionKey); return Crypto::decryptWithPassword($encryptedData, $this->encryptionKey);
} catch (\Exception $e) { } catch (Exception $e) {
throw new \LogicException($e->getMessage(), null, $e); throw new LogicException($e->getMessage(), null, $e);
} }
} }

8
src/Entities/RefreshTokenEntityInterface.php
View File

@ -9,6 +9,8 @@
namespace League\OAuth2\Server\Entities; namespace League\OAuth2\Server\Entities;
use DateTime;
interface RefreshTokenEntityInterface interface RefreshTokenEntityInterface
{ {
/** /**
@ -28,16 +30,16 @@ interface RefreshTokenEntityInterface
/** /**
* Get the token's expiry date time. * Get the token's expiry date time.
* *
* @return \DateTime * @return DateTime
*/ */
public function getExpiryDateTime(); public function getExpiryDateTime();
/** /**
* Set the date time when the token expires. * Set the date time when the token expires.
* *
* @param \DateTime $dateTime * @param DateTime $dateTime
*/ */
public function setExpiryDateTime(\DateTime $dateTime); public function setExpiryDateTime(DateTime $dateTime);
/** /**
* Set the access token that the refresh token was associated with. * Set the access token that the refresh token was associated with.

4
src/Entities/ScopeEntityInterface.php
View File

@ -9,7 +9,9 @@
namespace League\OAuth2\Server\Entities; namespace League\OAuth2\Server\Entities;
interface ScopeEntityInterface extends \JsonSerializable use JsonSerializable;
interface ScopeEntityInterface extends JsonSerializable
{ {
/** /**
* Get the scope's identifier. * Get the scope's identifier.

8
src/Entities/TokenInterface.php
View File

@ -9,6 +9,8 @@
namespace League\OAuth2\Server\Entities; namespace League\OAuth2\Server\Entities;
use DateTime;
interface TokenInterface interface TokenInterface
{ {
/** /**
@ -28,16 +30,16 @@ interface TokenInterface
/** /**
* Get the token's expiry date time. * Get the token's expiry date time.
* *
* @return \DateTime * @return DateTime
*/ */
public function getExpiryDateTime(); public function getExpiryDateTime();
/** /**
* Set the date time when the token expires. * Set the date time when the token expires.
* *
* @param \DateTime $dateTime * @param DateTime $dateTime
*/ */
public function setExpiryDateTime(\DateTime $dateTime); public function setExpiryDateTime(DateTime $dateTime);
/** /**
* Set the identifier of the user associated with the token. * Set the identifier of the user associated with the token.

3
src/Entities/Traits/AccessTokenTrait.php
View File

@ -9,6 +9,7 @@
namespace League\OAuth2\Server\Entities\Traits; namespace League\OAuth2\Server\Entities\Traits;
use DateTime;
use Lcobucci\JWT\Builder; use Lcobucci\JWT\Builder;
use Lcobucci\JWT\Signer\Key; use Lcobucci\JWT\Signer\Key;
use Lcobucci\JWT\Signer\Rsa\Sha256; use Lcobucci\JWT\Signer\Rsa\Sha256;
@ -46,7 +47,7 @@ trait AccessTokenTrait
abstract public function getClient(); abstract public function getClient();
/** /**
* @return \DateTime * @return DateTime
*/ */
abstract public function getExpiryDateTime(); abstract public function getExpiryDateTime();

9
src/Entities/Traits/RefreshTokenTrait.php
View File

@ -9,6 +9,7 @@
namespace League\OAuth2\Server\Entities\Traits; namespace League\OAuth2\Server\Entities\Traits;
use DateTime;
use League\OAuth2\Server\Entities\AccessTokenEntityInterface; use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
trait RefreshTokenTrait trait RefreshTokenTrait
@ -19,7 +20,7 @@ trait RefreshTokenTrait
protected $accessToken; protected $accessToken;
/** /**
* @var \DateTime * @var DateTime
*/ */
protected $expiryDateTime; protected $expiryDateTime;
@ -42,7 +43,7 @@ trait RefreshTokenTrait
/** /**
* Get the token's expiry date time. * Get the token's expiry date time.
* *
* @return \DateTime * @return DateTime
*/ */
public function getExpiryDateTime() public function getExpiryDateTime()
{ {
@ -52,9 +53,9 @@ trait RefreshTokenTrait
/** /**
* Set the date time when the token expires. * Set the date time when the token expires.
* *
* @param \DateTime $dateTime * @param DateTime $dateTime
*/ */
public function setExpiryDateTime(\DateTime $dateTime) public function setExpiryDateTime(DateTime $dateTime)
{ {
$this->expiryDateTime = $dateTime; $this->expiryDateTime = $dateTime;
} }

9
src/Entities/Traits/TokenEntityTrait.php
View File

@ -9,6 +9,7 @@
namespace League\OAuth2\Server\Entities\Traits; namespace League\OAuth2\Server\Entities\Traits;
use DateTime;
use League\OAuth2\Server\Entities\ClientEntityInterface; use League\OAuth2\Server\Entities\ClientEntityInterface;
use League\OAuth2\Server\Entities\ScopeEntityInterface; use League\OAuth2\Server\Entities\ScopeEntityInterface;
@ -20,7 +21,7 @@ trait TokenEntityTrait
protected $scopes = []; protected $scopes = [];
/** /**
* @var \DateTime * @var DateTime
*/ */
protected $expiryDateTime; protected $expiryDateTime;
@ -57,7 +58,7 @@ trait TokenEntityTrait
/** /**
* Get the token's expiry date time. * Get the token's expiry date time.
* *
* @return \DateTime * @return DateTime
*/ */
public function getExpiryDateTime() public function getExpiryDateTime()
{ {
@ -67,9 +68,9 @@ trait TokenEntityTrait
/** /**
* Set the date time when the token expires. * Set the date time when the token expires.
* *
* @param \DateTime $dateTime * @param DateTime $dateTime
*/ */
public function setExpiryDateTime(\DateTime $dateTime) public function setExpiryDateTime(DateTime $dateTime)
{ {
$this->expiryDateTime = $dateTime; $this->expiryDateTime = $dateTime;
} }

3
src/Exception/OAuthServerException.php
View File

@ -9,9 +9,10 @@
namespace League\OAuth2\Server\Exception; namespace League\OAuth2\Server\Exception;
use Exception;
use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ResponseInterface;
class OAuthServerException extends \Exception class OAuthServerException extends Exception
{ {
/** /**
* @var int * @var int

38
src/Grant/AbstractGrant.php
View File

@ -10,6 +10,10 @@
*/ */
namespace League\OAuth2\Server\Grant; namespace League\OAuth2\Server\Grant;
use DateInterval;
use DateTime;
use Error;
use Exception;
use League\Event\EmitterAwareTrait; use League\Event\EmitterAwareTrait;
use League\OAuth2\Server\CryptKey; use League\OAuth2\Server\CryptKey;
use League\OAuth2\Server\CryptTrait; use League\OAuth2\Server\CryptTrait;
@ -28,7 +32,9 @@ use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
use League\OAuth2\Server\Repositories\UserRepositoryInterface; use League\OAuth2\Server\Repositories\UserRepositoryInterface;
use League\OAuth2\Server\RequestEvent; use League\OAuth2\Server\RequestEvent;
use League\OAuth2\Server\RequestTypes\AuthorizationRequest; use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
use LogicException;
use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Message\ServerRequestInterface;
use TypeError;
/** /**
* Abstract grant class. * Abstract grant class.
@ -72,12 +78,12 @@ abstract class AbstractGrant implements GrantTypeInterface
protected $userRepository; protected $userRepository;
/** /**
* @var \DateInterval * @var DateInterval
*/ */
protected $refreshTokenTTL; protected $refreshTokenTTL;
/** /**
* @var \League\OAuth2\Server\CryptKey * @var CryptKey
*/ */
protected $privateKey; protected $privateKey;
@ -137,7 +143,7 @@ abstract class AbstractGrant implements GrantTypeInterface
/** /**
* {@inheritdoc} * {@inheritdoc}
*/ */
public function setRefreshTokenTTL(\DateInterval $refreshTokenTTL) public function setRefreshTokenTTL(DateInterval $refreshTokenTTL)
{ {
$this->refreshTokenTTL = $refreshTokenTTL; $this->refreshTokenTTL = $refreshTokenTTL;
} }
@ -145,7 +151,7 @@ abstract class AbstractGrant implements GrantTypeInterface
/** /**
* Set the private key * Set the private key
* *
* @param \League\OAuth2\Server\CryptKey $key * @param CryptKey $key
*/ */
public function setPrivateKey(CryptKey $key) public function setPrivateKey(CryptKey $key)
{ {
@ -369,7 +375,7 @@ abstract class AbstractGrant implements GrantTypeInterface
/** /**
* Issue an access token. * Issue an access token.
* *
* @param \DateInterval $accessTokenTTL * @param DateInterval $accessTokenTTL
* @param ClientEntityInterface $client * @param ClientEntityInterface $client
* @param string|null $userIdentifier * @param string|null $userIdentifier
* @param ScopeEntityInterface[] $scopes * @param ScopeEntityInterface[] $scopes
@ -380,7 +386,7 @@ abstract class AbstractGrant implements GrantTypeInterface
* @return AccessTokenEntityInterface * @return AccessTokenEntityInterface
*/ */
protected function issueAccessToken( protected function issueAccessToken(
\DateInterval $accessTokenTTL, DateInterval $accessTokenTTL,
ClientEntityInterface $client, ClientEntityInterface $client,
$userIdentifier, $userIdentifier,
array $scopes = [] array $scopes = []
@ -390,7 +396,7 @@ abstract class AbstractGrant implements GrantTypeInterface
$accessToken = $this->accessTokenRepository->getNewToken($client, $scopes, $userIdentifier); $accessToken = $this->accessTokenRepository->getNewToken($client, $scopes, $userIdentifier);
$accessToken->setClient($client); $accessToken->setClient($client);
$accessToken->setUserIdentifier($userIdentifier); $accessToken->setUserIdentifier($userIdentifier);
$accessToken->setExpiryDateTime((new \DateTime())->add($accessTokenTTL)); $accessToken->setExpiryDateTime((new DateTime())->add($accessTokenTTL));
foreach ($scopes as $scope) { foreach ($scopes as $scope) {
$accessToken->addScope($scope); $accessToken->addScope($scope);
@ -413,7 +419,7 @@ abstract class AbstractGrant implements GrantTypeInterface
/** /**
* Issue an auth code. * Issue an auth code.
* *
* @param \DateInterval $authCodeTTL * @param DateInterval $authCodeTTL
* @param ClientEntityInterface $client * @param ClientEntityInterface $client
* @param string $userIdentifier * @param string $userIdentifier
* @param string|null $redirectUri * @param string|null $redirectUri
@ -425,7 +431,7 @@ abstract class AbstractGrant implements GrantTypeInterface
* @return AuthCodeEntityInterface * @return AuthCodeEntityInterface
*/ */
protected function issueAuthCode( protected function issueAuthCode(
\DateInterval $authCodeTTL, DateInterval $authCodeTTL,
ClientEntityInterface $client, ClientEntityInterface $client,
$userIdentifier, $userIdentifier,
$redirectUri, $redirectUri,
@ -434,7 +440,7 @@ abstract class AbstractGrant implements GrantTypeInterface
$maxGenerationAttempts = self::MAX_RANDOM_TOKEN_GENERATION_ATTEMPTS; $maxGenerationAttempts = self::MAX_RANDOM_TOKEN_GENERATION_ATTEMPTS;
$authCode = $this->authCodeRepository->getNewAuthCode(); $authCode = $this->authCodeRepository->getNewAuthCode();
$authCode->setExpiryDateTime((new \DateTime())->add($authCodeTTL)); $authCode->setExpiryDateTime((new DateTime())->add($authCodeTTL));
$authCode->setClient($client); $authCode->setClient($client);
$authCode->setUserIdentifier($userIdentifier); $authCode->setUserIdentifier($userIdentifier);
@ -473,7 +479,7 @@ abstract class AbstractGrant implements GrantTypeInterface
$maxGenerationAttempts = self::MAX_RANDOM_TOKEN_GENERATION_ATTEMPTS; $maxGenerationAttempts = self::MAX_RANDOM_TOKEN_GENERATION_ATTEMPTS;
$refreshToken = $this->refreshTokenRepository->getNewRefreshToken(); $refreshToken = $this->refreshTokenRepository->getNewRefreshToken();
$refreshToken->setExpiryDateTime((new \DateTime())->add($this->refreshTokenTTL)); $refreshToken->setExpiryDateTime((new DateTime())->add($this->refreshTokenTTL));
$refreshToken->setAccessToken($accessToken); $refreshToken->setAccessToken($accessToken);
while ($maxGenerationAttempts-- > 0) { while ($maxGenerationAttempts-- > 0) {
@ -504,11 +510,11 @@ abstract class AbstractGrant implements GrantTypeInterface
try { try {
return bin2hex(random_bytes($length)); return bin2hex(random_bytes($length));
// @codeCoverageIgnoreStart // @codeCoverageIgnoreStart
} catch (\TypeError $e) { } catch (TypeError $e) {
throw OAuthServerException::serverError('An unexpected error has occurred', $e); throw OAuthServerException::serverError('An unexpected error has occurred', $e);
} catch (\Error $e) { } catch (Error $e) {
throw OAuthServerException::serverError('An unexpected error has occurred', $e); throw OAuthServerException::serverError('An unexpected error has occurred', $e);
} catch (\Exception $e) { } catch (Exception $e) {
// If you get this message, the CSPRNG failed hard. // If you get this message, the CSPRNG failed hard.
throw OAuthServerException::serverError('Could not generate a random string', $e); throw OAuthServerException::serverError('Could not generate a random string', $e);
} }
@ -541,7 +547,7 @@ abstract class AbstractGrant implements GrantTypeInterface
*/ */
public function validateAuthorizationRequest(ServerRequestInterface $request) public function validateAuthorizationRequest(ServerRequestInterface $request)
{ {
throw new \LogicException('This grant cannot validate an authorization request'); throw new LogicException('This grant cannot validate an authorization request');
} }
/** /**
@ -549,6 +555,6 @@ abstract class AbstractGrant implements GrantTypeInterface
*/ */
public function completeAuthorizationRequest(AuthorizationRequest $authorizationRequest) public function completeAuthorizationRequest(AuthorizationRequest $authorizationRequest)
{ {
throw new \LogicException('This grant cannot complete an authorization request'); throw new LogicException('This grant cannot complete an authorization request');
} }
} }

27
src/Grant/AuthCodeGrant.php
View File

@ -9,6 +9,9 @@
namespace League\OAuth2\Server\Grant; namespace League\OAuth2\Server\Grant;
use DateInterval;
use DateTime;
use Exception;
use League\OAuth2\Server\Entities\ClientEntityInterface; use League\OAuth2\Server\Entities\ClientEntityInterface;
use League\OAuth2\Server\Entities\UserEntityInterface; use League\OAuth2\Server\Entities\UserEntityInterface;
use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Exception\OAuthServerException;
@ -18,12 +21,14 @@ use League\OAuth2\Server\RequestEvent;
use League\OAuth2\Server\RequestTypes\AuthorizationRequest; use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
use League\OAuth2\Server\ResponseTypes\RedirectResponse; use League\OAuth2\Server\ResponseTypes\RedirectResponse;
use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface; use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
use LogicException;
use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Message\ServerRequestInterface;
use stdClass;
class AuthCodeGrant extends AbstractAuthorizeGrant class AuthCodeGrant extends AbstractAuthorizeGrant
{ {
/** /**
* @var \DateInterval * @var DateInterval
*/ */
private $authCodeTTL; private $authCodeTTL;
@ -35,19 +40,19 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
/** /**
* @param AuthCodeRepositoryInterface $authCodeRepository * @param AuthCodeRepositoryInterface $authCodeRepository
* @param RefreshTokenRepositoryInterface $refreshTokenRepository * @param RefreshTokenRepositoryInterface $refreshTokenRepository
* @param \DateInterval $authCodeTTL * @param DateInterval $authCodeTTL
* *
* @throws \Exception * @throws Exception
*/ */
public function __construct( public function __construct(
AuthCodeRepositoryInterface $authCodeRepository, AuthCodeRepositoryInterface $authCodeRepository,
RefreshTokenRepositoryInterface $refreshTokenRepository, RefreshTokenRepositoryInterface $refreshTokenRepository,
\DateInterval $authCodeTTL DateInterval $authCodeTTL
) { ) {
$this->setAuthCodeRepository($authCodeRepository); $this->setAuthCodeRepository($authCodeRepository);
$this->setRefreshTokenRepository($refreshTokenRepository); $this->setRefreshTokenRepository($refreshTokenRepository);
$this->authCodeTTL = $authCodeTTL; $this->authCodeTTL = $authCodeTTL;
$this->refreshTokenTTL = new \DateInterval('P1M'); $this->refreshTokenTTL = new DateInterval('P1M');
} }
public function enableCodeExchangeProof() public function enableCodeExchangeProof()
@ -60,7 +65,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
* *
* @param ServerRequestInterface $request * @param ServerRequestInterface $request
* @param ResponseTypeInterface $responseType * @param ResponseTypeInterface $responseType
* @param \DateInterval $accessTokenTTL * @param DateInterval $accessTokenTTL
* *
* @throws OAuthServerException * @throws OAuthServerException
* *
@ -69,7 +74,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
public function respondToAccessTokenRequest( public function respondToAccessTokenRequest(
ServerRequestInterface $request, ServerRequestInterface $request,
ResponseTypeInterface $responseType, ResponseTypeInterface $responseType,
\DateInterval $accessTokenTTL DateInterval $accessTokenTTL
) { ) {
// Validate request // Validate request
$client = $this->validateClient($request); $client = $this->validateClient($request);
@ -90,7 +95,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
$client, $client,
$authCodePayload->user_id $authCodePayload->user_id
); );
} catch (\LogicException $e) { } catch (LogicException $e) {
throw OAuthServerException::invalidRequest('code', 'Cannot decrypt the authorization code', $e); throw OAuthServerException::invalidRequest('code', 'Cannot decrypt the authorization code', $e);
} }
@ -161,7 +166,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
/** /**
* Validate the authorization code. * Validate the authorization code.
* *
* @param \stdClass $authCodePayload * @param stdClass $authCodePayload
* @param ClientEntityInterface $client * @param ClientEntityInterface $client
* @param ServerRequestInterface $request * @param ServerRequestInterface $request
*/ */
@ -311,7 +316,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
public function completeAuthorizationRequest(AuthorizationRequest $authorizationRequest) public function completeAuthorizationRequest(AuthorizationRequest $authorizationRequest)
{ {
if ($authorizationRequest->getUser() instanceof UserEntityInterface === false) { if ($authorizationRequest->getUser() instanceof UserEntityInterface === false) {
throw new \LogicException('An instance of UserEntityInterface should be set on the AuthorizationRequest'); throw new LogicException('An instance of UserEntityInterface should be set on the AuthorizationRequest');
} }
$finalRedirectUri = $authorizationRequest->getRedirectUri() $finalRedirectUri = $authorizationRequest->getRedirectUri()
@ -333,7 +338,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
'auth_code_id' => $authCode->getIdentifier(), 'auth_code_id' => $authCode->getIdentifier(),
'scopes' => $authCode->getScopes(), 'scopes' => $authCode->getScopes(),
'user_id' => $authCode->getUserIdentifier(), 'user_id' => $authCode->getUserIdentifier(),
'expire_time' => (new \DateTime())->add($this->authCodeTTL)->format('U'), 'expire_time' => (new DateTime())->add($this->authCodeTTL)->format('U'),
'code_challenge' => $authorizationRequest->getCodeChallenge(), 'code_challenge' => $authorizationRequest->getCodeChallenge(),
'code_challenge_method' => $authorizationRequest->getCodeChallengeMethod(), 'code_challenge_method' => $authorizationRequest->getCodeChallengeMethod(),
]; ];

3
src/Grant/ClientCredentialsGrant.php
View File

@ -11,6 +11,7 @@
namespace League\OAuth2\Server\Grant; namespace League\OAuth2\Server\Grant;
use DateInterval;
use League\OAuth2\Server\RequestEvent; use League\OAuth2\Server\RequestEvent;
use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface; use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Message\ServerRequestInterface;
@ -26,7 +27,7 @@ class ClientCredentialsGrant extends AbstractGrant
public function respondToAccessTokenRequest( public function respondToAccessTokenRequest(
ServerRequestInterface $request, ServerRequestInterface $request,
ResponseTypeInterface $responseType, ResponseTypeInterface $responseType,
\DateInterval $accessTokenTTL DateInterval $accessTokenTTL
) { ) {
// Validate request // Validate request
$client = $this->validateClient($request); $client = $this->validateClient($request);

9
src/Grant/GrantTypeInterface.php
View File

@ -11,6 +11,7 @@
namespace League\OAuth2\Server\Grant; namespace League\OAuth2\Server\Grant;
use DateInterval;
use Defuse\Crypto\Key; use Defuse\Crypto\Key;
use League\Event\EmitterAwareInterface; use League\Event\EmitterAwareInterface;
use League\OAuth2\Server\CryptKey; use League\OAuth2\Server\CryptKey;
@ -29,9 +30,9 @@ interface GrantTypeInterface extends EmitterAwareInterface
/** /**
* Set refresh token TTL. * Set refresh token TTL.
* *
* @param \DateInterval $refreshTokenTTL * @param DateInterval $refreshTokenTTL
*/ */
public function setRefreshTokenTTL(\DateInterval $refreshTokenTTL); public function setRefreshTokenTTL(DateInterval $refreshTokenTTL);
/** /**
* Return the grant identifier that can be used in matching up requests. * Return the grant identifier that can be used in matching up requests.
@ -45,14 +46,14 @@ interface GrantTypeInterface extends EmitterAwareInterface
* *
* @param ServerRequestInterface $request * @param ServerRequestInterface $request
* @param ResponseTypeInterface $responseType * @param ResponseTypeInterface $responseType
* @param \DateInterval $accessTokenTTL * @param DateInterval $accessTokenTTL
* *
* @return ResponseTypeInterface * @return ResponseTypeInterface
*/ */
public function respondToAccessTokenRequest( public function respondToAccessTokenRequest(
ServerRequestInterface $request, ServerRequestInterface $request,
ResponseTypeInterface $responseType, ResponseTypeInterface $responseType,
\DateInterval $accessTokenTTL DateInterval $accessTokenTTL
); );
/** /**

33
src/Grant/ImplicitGrant.php
View File

@ -9,6 +9,8 @@
namespace League\OAuth2\Server\Grant; namespace League\OAuth2\Server\Grant;
use DateInterval;
use DateTime;
use League\OAuth2\Server\Entities\ClientEntityInterface; use League\OAuth2\Server\Entities\ClientEntityInterface;
use League\OAuth2\Server\Entities\UserEntityInterface; use League\OAuth2\Server\Entities\UserEntityInterface;
use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Exception\OAuthServerException;
@ -17,12 +19,13 @@ use League\OAuth2\Server\RequestEvent;
use League\OAuth2\Server\RequestTypes\AuthorizationRequest; use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
use League\OAuth2\Server\ResponseTypes\RedirectResponse; use League\OAuth2\Server\ResponseTypes\RedirectResponse;
use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface; use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
use LogicException;
use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Message\ServerRequestInterface;
class ImplicitGrant extends AbstractAuthorizeGrant class ImplicitGrant extends AbstractAuthorizeGrant
{ {
/** /**
* @var \DateInterval * @var DateInterval
*/ */
private $accessTokenTTL; private $accessTokenTTL;
@ -32,33 +35,33 @@ class ImplicitGrant extends AbstractAuthorizeGrant
private $queryDelimiter; private $queryDelimiter;
/** /**
* @param \DateInterval $accessTokenTTL * @param DateInterval $accessTokenTTL
* @param string $queryDelimiter * @param string $queryDelimiter
*/ */
public function __construct(\DateInterval $accessTokenTTL, $queryDelimiter = '#') public function __construct(DateInterval $accessTokenTTL, $queryDelimiter = '#')
{ {
$this->accessTokenTTL = $accessTokenTTL; $this->accessTokenTTL = $accessTokenTTL;
$this->queryDelimiter = $queryDelimiter; $this->queryDelimiter = $queryDelimiter;
} }
/** /**
* @param \DateInterval $refreshTokenTTL * @param DateInterval $refreshTokenTTL
* *
* @throw \LogicException * @throw LogicException
*/ */
public function setRefreshTokenTTL(\DateInterval $refreshTokenTTL) public function setRefreshTokenTTL(DateInterval $refreshTokenTTL)
{ {
throw new \LogicException('The Implicit Grant does not return refresh tokens'); throw new LogicException('The Implicit Grant does not return refresh tokens');
} }
/** /**
* @param RefreshTokenRepositoryInterface $refreshTokenRepository * @param RefreshTokenRepositoryInterface $refreshTokenRepository
* *
* @throw \LogicException * @throw LogicException
*/ */
public function setRefreshTokenRepository(RefreshTokenRepositoryInterface $refreshTokenRepository) public function setRefreshTokenRepository(RefreshTokenRepositoryInterface $refreshTokenRepository)
{ {
throw new \LogicException('The Implicit Grant does not return refresh tokens'); throw new LogicException('The Implicit Grant does not return refresh tokens');
} }
/** /**
@ -84,16 +87,16 @@ class ImplicitGrant extends AbstractAuthorizeGrant
* *
* @param ServerRequestInterface $request * @param ServerRequestInterface $request
* @param ResponseTypeInterface $responseType * @param ResponseTypeInterface $responseType
* @param \DateInterval $accessTokenTTL * @param DateInterval $accessTokenTTL
* *
* @return ResponseTypeInterface * @return ResponseTypeInterface
*/ */
public function respondToAccessTokenRequest( public function respondToAccessTokenRequest(
ServerRequestInterface $request, ServerRequestInterface $request,
ResponseTypeInterface $responseType, ResponseTypeInterface $responseType,
\DateInterval $accessTokenTTL DateInterval $accessTokenTTL
) { ) {
throw new \LogicException('This grant does not used this method'); throw new LogicException('This grant does not used this method');
} }
/** /**
@ -176,7 +179,7 @@ class ImplicitGrant extends AbstractAuthorizeGrant
public function completeAuthorizationRequest(AuthorizationRequest $authorizationRequest) public function completeAuthorizationRequest(AuthorizationRequest $authorizationRequest)
{ {
if ($authorizationRequest->getUser() instanceof UserEntityInterface === false) { if ($authorizationRequest->getUser() instanceof UserEntityInterface === false) {
throw new \LogicException('An instance of UserEntityInterface should be set on the AuthorizationRequest'); throw new LogicException('An instance of UserEntityInterface should be set on the AuthorizationRequest');
} }
$finalRedirectUri = ($authorizationRequest->getRedirectUri() === null) $finalRedirectUri = ($authorizationRequest->getRedirectUri() === null)
@ -209,7 +212,7 @@ class ImplicitGrant extends AbstractAuthorizeGrant
[ [
'access_token' => (string) $accessToken->convertToJWT($this->privateKey), 'access_token' => (string) $accessToken->convertToJWT($this->privateKey),
'token_type' => 'Bearer', 'token_type' => 'Bearer',
'expires_in' => $accessToken->getExpiryDateTime()->getTimestamp() - (new \DateTime())->getTimestamp(), 'expires_in' => $accessToken->getExpiryDateTime()->getTimestamp() - (new DateTime())->getTimestamp(),
'state' => $authorizationRequest->getState(), 'state' => $authorizationRequest->getState(),
], ],
$this->queryDelimiter $this->queryDelimiter

5
src/Grant/PasswordGrant.php
View File

@ -11,6 +11,7 @@
namespace League\OAuth2\Server\Grant; namespace League\OAuth2\Server\Grant;
use DateInterval;
use League\OAuth2\Server\Entities\ClientEntityInterface; use League\OAuth2\Server\Entities\ClientEntityInterface;
use League\OAuth2\Server\Entities\UserEntityInterface; use League\OAuth2\Server\Entities\UserEntityInterface;
use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Exception\OAuthServerException;
@ -36,7 +37,7 @@ class PasswordGrant extends AbstractGrant
$this->setUserRepository($userRepository); $this->setUserRepository($userRepository);
$this->setRefreshTokenRepository($refreshTokenRepository); $this->setRefreshTokenRepository($refreshTokenRepository);
$this->refreshTokenTTL = new \DateInterval('P1M'); $this->refreshTokenTTL = new DateInterval('P1M');
} }
/** /**
@ -45,7 +46,7 @@ class PasswordGrant extends AbstractGrant
public function respondToAccessTokenRequest( public function respondToAccessTokenRequest(
ServerRequestInterface $request, ServerRequestInterface $request,
ResponseTypeInterface $responseType, ResponseTypeInterface $responseType,
\DateInterval $accessTokenTTL DateInterval $accessTokenTTL
) { ) {
// Validate request // Validate request
$client = $this->validateClient($request); $client = $this->validateClient($request);

8
src/Grant/RefreshTokenGrant.php
View File

@ -11,6 +11,8 @@
namespace League\OAuth2\Server\Grant; namespace League\OAuth2\Server\Grant;
use DateInterval;
use Exception;
use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface; use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
use League\OAuth2\Server\RequestEvent; use League\OAuth2\Server\RequestEvent;
@ -29,7 +31,7 @@ class RefreshTokenGrant extends AbstractGrant
{ {
$this->setRefreshTokenRepository($refreshTokenRepository); $this->setRefreshTokenRepository($refreshTokenRepository);
$this->refreshTokenTTL = new \DateInterval('P1M'); $this->refreshTokenTTL = new DateInterval('P1M');
} }
/** /**
@ -38,7 +40,7 @@ class RefreshTokenGrant extends AbstractGrant
public function respondToAccessTokenRequest( public function respondToAccessTokenRequest(
ServerRequestInterface $request, ServerRequestInterface $request,
ResponseTypeInterface $responseType, ResponseTypeInterface $responseType,
\DateInterval $accessTokenTTL DateInterval $accessTokenTTL
) { ) {
// Validate request // Validate request
$client = $this->validateClient($request); $client = $this->validateClient($request);
@ -94,7 +96,7 @@ class RefreshTokenGrant extends AbstractGrant
// Validate refresh token // Validate refresh token
try { try {
$refreshToken = $this->decrypt($encryptedRefreshToken); $refreshToken = $this->decrypt($encryptedRefreshToken);
} catch (\Exception $e) { } catch (Exception $e) {
throw OAuthServerException::invalidRefreshToken('Cannot decrypt the refresh token', $e); throw OAuthServerException::invalidRefreshToken('Cannot decrypt the refresh token', $e);
} }

3
src/Middleware/AuthorizationServerMiddleware.php
View File

@ -9,6 +9,7 @@
namespace League\OAuth2\Server\Middleware; namespace League\OAuth2\Server\Middleware;
use Exception;
use League\OAuth2\Server\AuthorizationServer; use League\OAuth2\Server\AuthorizationServer;
use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Exception\OAuthServerException;
use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ResponseInterface;
@ -43,7 +44,7 @@ class AuthorizationServerMiddleware
} catch (OAuthServerException $exception) { } catch (OAuthServerException $exception) {
return $exception->generateHttpResponse($response); return $exception->generateHttpResponse($response);
// @codeCoverageIgnoreStart // @codeCoverageIgnoreStart
} catch (\Exception $exception) { } catch (Exception $exception) {
return (new OAuthServerException($exception->getMessage(), 0, 'unknown_error', 500)) return (new OAuthServerException($exception->getMessage(), 0, 'unknown_error', 500))
->generateHttpResponse($response); ->generateHttpResponse($response);
// @codeCoverageIgnoreEnd // @codeCoverageIgnoreEnd

5
src/Middleware/ResourceServerMiddleware.php
View File

@ -9,6 +9,7 @@
namespace League\OAuth2\Server\Middleware; namespace League\OAuth2\Server\Middleware;
use Exception;
use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\ResourceServer; use League\OAuth2\Server\ResourceServer;
use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ResponseInterface;
@ -34,7 +35,7 @@ class ResourceServerMiddleware
* @param ResponseInterface $response * @param ResponseInterface $response
* @param callable $next * @param callable $next
* *
* @return \Psr\Http\Message\ResponseInterface * @return ResponseInterface
*/ */
public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next) public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)
{ {
@ -43,7 +44,7 @@ class ResourceServerMiddleware
} catch (OAuthServerException $exception) { } catch (OAuthServerException $exception) {
return $exception->generateHttpResponse($response); return $exception->generateHttpResponse($response);
// @codeCoverageIgnoreStart // @codeCoverageIgnoreStart
} catch (\Exception $exception) { } catch (Exception $exception) {
return (new OAuthServerException($exception->getMessage(), 0, 'unknown_error', 500)) return (new OAuthServerException($exception->getMessage(), 0, 'unknown_error', 500))
->generateHttpResponse($response); ->generateHttpResponse($response);
// @codeCoverageIgnoreEnd // @codeCoverageIgnoreEnd

2
src/ResponseTypes/AbstractResponseType.php
View File

@ -54,7 +54,7 @@ abstract class AbstractResponseType implements ResponseTypeInterface
/** /**
* Set the private key * Set the private key
* *
* @param \League\OAuth2\Server\CryptKey $key * @param CryptKey $key
*/ */
public function setPrivateKey(CryptKey $key) public function setPrivateKey(CryptKey $key)
{ {

3
src/ResponseTypes/BearerTokenResponse.php
View File

@ -11,6 +11,7 @@
namespace League\OAuth2\Server\ResponseTypes; namespace League\OAuth2\Server\ResponseTypes;
use DateTime;
use League\OAuth2\Server\Entities\AccessTokenEntityInterface; use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
use League\OAuth2\Server\Entities\RefreshTokenEntityInterface; use League\OAuth2\Server\Entities\RefreshTokenEntityInterface;
use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ResponseInterface;
@ -28,7 +29,7 @@ class BearerTokenResponse extends AbstractResponseType
$responseParams = [ $responseParams = [
'token_type' => 'Bearer', 'token_type' => 'Bearer',
'expires_in' => $expireDateTime - (new \DateTime())->getTimestamp(), 'expires_in' => $expireDateTime - (new DateTime())->getTimestamp(),
'access_token' => (string) $jwtAccessToken, 'access_token' => (string) $jwtAccessToken,
]; ];