Merge pull request #776 from yannickl88/fix/perm-key-check

Removed chmod from CryptKey and add toggle to disable checking
This commit is contained in:
Alex Bilbie 2017-08-03 16:04:08 +01:00 committed by GitHub
commit e184691ded
2 changed files with 18 additions and 16 deletions

View File

@ -29,8 +29,9 @@ class CryptKey
/** /**
* @param string $keyPath * @param string $keyPath
* @param null|string $passPhrase * @param null|string $passPhrase
* @param bool $keyPermissionsCheck
*/ */
public function __construct($keyPath, $passPhrase = null) public function __construct($keyPath, $passPhrase = null, $keyPermissionsCheck = true)
{ {
if (preg_match(self::RSA_KEY_PATTERN, $keyPath)) { if (preg_match(self::RSA_KEY_PATTERN, $keyPath)) {
$keyPath = $this->saveKeyToFile($keyPath); $keyPath = $this->saveKeyToFile($keyPath);
@ -44,21 +45,15 @@ class CryptKey
throw new \LogicException(sprintf('Key path "%s" does not exist or is not readable', $keyPath)); throw new \LogicException(sprintf('Key path "%s" does not exist or is not readable', $keyPath));
} }
if ($keyPermissionsCheck === true) {
// Verify the permissions of the key // Verify the permissions of the key
$keyPathPerms = decoct(fileperms($keyPath) & 0777); $keyPathPerms = decoct(fileperms($keyPath) & 0777);
if ($keyPathPerms !== '600') { if (in_array($keyPathPerms, ['600', '660'], true) === false) {
// Attempt to correct the permissions trigger_error(sprintf(
if (chmod($keyPath, 0600) === false) { 'Key file "%s" permissions are not correct, should be 600 or 660 instead of %s',
// @codeCoverageIgnoreStart
trigger_error(
sprintf(
'Key file "%s" permissions are not correct, should be 600 instead of %s, unable to automatically resolve the issue',
$keyPath, $keyPath,
$keyPathPerms $keyPathPerms
), ), E_USER_NOTICE);
E_USER_NOTICE
);
// @codeCoverageIgnoreEnd
} }
} }

View File

@ -26,6 +26,13 @@ use Zend\Diactoros\ServerRequestFactory;
class AuthorizationServerTest extends \PHPUnit_Framework_TestCase class AuthorizationServerTest extends \PHPUnit_Framework_TestCase
{ {
public function setUp()
{
// Make sure the keys have the correct permissions.
chmod(__DIR__ . '/Stubs/private.key', 0600);
chmod(__DIR__ . '/Stubs/public.key', 0600);
}
public function testRespondToRequestInvalidGrantType() public function testRespondToRequestInvalidGrantType()
{ {
$server = new AuthorizationServer( $server = new AuthorizationServer(