mirror of
https://github.com/elyby/oauth2-server.git
synced 2025-05-31 14:12:07 +05:30
Merge remote-tracking branch 'upstream/8.0.0' into protect-client-entity-gets
This commit is contained in:
sephster
@@ -12,6 +12,8 @@ namespace League\OAuth2\Server\Grant;
|
||||
|
||||
use DateInterval;
|
||||
use DateTimeImmutable;
|
||||
use Error;
|
||||
use Exception;
|
||||
use League\Event\EmitterAwareTrait;
|
||||
use League\OAuth2\Server\CryptKey;
|
||||
use League\OAuth2\Server\CryptTrait;
|
||||
@@ -30,7 +32,9 @@ use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
|
||||
use League\OAuth2\Server\Repositories\UserRepositoryInterface;
|
||||
use League\OAuth2\Server\RequestEvent;
|
||||
use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
|
||||
use LogicException;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
use TypeError;
|
||||
|
||||
/**
|
||||
* Abstract grant class.
|
||||
@@ -79,7 +83,7 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
protected $refreshTokenTTL;
|
||||
|
||||
/**
|
||||
* @var \League\OAuth2\Server\CryptKey
|
||||
* @var CryptKey
|
||||
*/
|
||||
protected $privateKey;
|
||||
|
||||
@@ -147,7 +151,7 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
/**
|
||||
* Set the private key
|
||||
*
|
||||
* @param \League\OAuth2\Server\CryptKey $key
|
||||
* @param CryptKey $key
|
||||
*/
|
||||
public function setPrivateKey(CryptKey $key)
|
||||
{
|
||||
@@ -258,13 +262,13 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
ClientEntityInterface $client,
|
||||
ServerRequestInterface $request
|
||||
) {
|
||||
if (is_string($client->getRedirectUri())
|
||||
if (\is_string($client->getRedirectUri())
|
||||
&& (strcmp($client->getRedirectUri(), $redirectUri) !== 0)
|
||||
) {
|
||||
$this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
|
||||
throw OAuthServerException::invalidClient($request);
|
||||
} elseif (is_array($client->getRedirectUri())
|
||||
&& in_array($redirectUri, $client->getRedirectUri(), true) === false
|
||||
} elseif (\is_array($client->getRedirectUri())
|
||||
&& \in_array($redirectUri, $client->getRedirectUri(), true) === false
|
||||
) {
|
||||
$this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
|
||||
throw OAuthServerException::invalidClient($request);
|
||||
@@ -274,8 +278,8 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
/**
|
||||
* Validate scopes in the request.
|
||||
*
|
||||
* @param string $scopes
|
||||
* @param string $redirectUri
|
||||
* @param string|array $scopes
|
||||
* @param string $redirectUri
|
||||
*
|
||||
* @throws OAuthServerException
|
||||
*
|
||||
@@ -283,13 +287,13 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
*/
|
||||
public function validateScopes($scopes, $redirectUri = null)
|
||||
{
|
||||
$scopesList = array_filter(explode(self::SCOPE_DELIMITER_STRING, trim($scopes)), function ($scope) {
|
||||
return !empty($scope);
|
||||
});
|
||||
if (!\is_array($scopes)) {
|
||||
$scopes = $this->convertScopesQueryStringToArray($scopes);
|
||||
}
|
||||
|
||||
$validScopes = [];
|
||||
|
||||
foreach ($scopesList as $scopeItem) {
|
||||
foreach ($scopes as $scopeItem) {
|
||||
$scope = $this->scopeRepository->getScopeEntityByIdentifier($scopeItem);
|
||||
|
||||
if ($scope instanceof ScopeEntityInterface === false) {
|
||||
@@ -302,6 +306,20 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
return $validScopes;
|
||||
}
|
||||
|
||||
/**
|
||||
* Converts a scopes query string to an array to easily iterate for validation.
|
||||
*
|
||||
* @param string $scopes
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
private function convertScopesQueryStringToArray($scopes)
|
||||
{
|
||||
return array_filter(explode(self::SCOPE_DELIMITER_STRING, trim($scopes)), function ($scope) {
|
||||
return !empty($scope);
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve request parameter.
|
||||
*
|
||||
@@ -315,7 +333,7 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
{
|
||||
$requestParameters = (array) $request->getParsedBody();
|
||||
|
||||
return isset($requestParameters[$parameter]) ? $requestParameters[$parameter] : $default;
|
||||
return $requestParameters[$parameter] ?? $default;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -488,16 +506,21 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
* @throws OAuthServerException
|
||||
* @throws UniqueTokenIdentifierConstraintViolationException
|
||||
*
|
||||
* @return RefreshTokenEntityInterface
|
||||
* @return RefreshTokenEntityInterface|null
|
||||
*/
|
||||
protected function issueRefreshToken(AccessTokenEntityInterface $accessToken)
|
||||
{
|
||||
$maxGenerationAttempts = self::MAX_RANDOM_TOKEN_GENERATION_ATTEMPTS;
|
||||
|
||||
$refreshToken = $this->refreshTokenRepository->getNewRefreshToken();
|
||||
|
||||
if ($refreshToken === null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$refreshToken->setExpiryDateTime((new DateTimeImmutable())->add($this->refreshTokenTTL));
|
||||
$refreshToken->setAccessToken($accessToken);
|
||||
|
||||
$maxGenerationAttempts = self::MAX_RANDOM_TOKEN_GENERATION_ATTEMPTS;
|
||||
|
||||
while ($maxGenerationAttempts-- > 0) {
|
||||
$refreshToken->setIdentifier($this->generateUniqueIdentifier());
|
||||
try {
|
||||
@@ -526,13 +549,13 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
try {
|
||||
return bin2hex(random_bytes($length));
|
||||
// @codeCoverageIgnoreStart
|
||||
} catch (\TypeError $e) {
|
||||
throw OAuthServerException::serverError('An unexpected error has occurred');
|
||||
} catch (\Error $e) {
|
||||
throw OAuthServerException::serverError('An unexpected error has occurred');
|
||||
} catch (\Exception $e) {
|
||||
} catch (TypeError $e) {
|
||||
throw OAuthServerException::serverError('An unexpected error has occurred', $e);
|
||||
} catch (Error $e) {
|
||||
throw OAuthServerException::serverError('An unexpected error has occurred', $e);
|
||||
} catch (Exception $e) {
|
||||
// If you get this message, the CSPRNG failed hard.
|
||||
throw OAuthServerException::serverError('Could not generate a random string');
|
||||
throw OAuthServerException::serverError('Could not generate a random string', $e);
|
||||
}
|
||||
// @codeCoverageIgnoreEnd
|
||||
}
|
||||
@@ -563,7 +586,7 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
*/
|
||||
public function validateAuthorizationRequest(ServerRequestInterface $request)
|
||||
{
|
||||
throw new \LogicException('This grant cannot validate an authorization request');
|
||||
throw new LogicException('This grant cannot validate an authorization request');
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -571,6 +594,6 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
*/
|
||||
public function completeAuthorizationRequest(AuthorizationRequest $authorizationRequest)
|
||||
{
|
||||
throw new \LogicException('This grant cannot complete an authorization request');
|
||||
throw new LogicException('This grant cannot complete an authorization request');
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user