mirror of
https://github.com/elyby/oauth2-server.git
synced 2025-01-03 10:41:51 +05:30
Merge pull request #776 from yannickl88/fix/perm-key-check
Removed chmod from CryptKey and add toggle to disable checking
This commit is contained in:
commit
e184691ded
@ -29,8 +29,9 @@ class CryptKey
|
|||||||
/**
|
/**
|
||||||
* @param string $keyPath
|
* @param string $keyPath
|
||||||
* @param null|string $passPhrase
|
* @param null|string $passPhrase
|
||||||
|
* @param bool $keyPermissionsCheck
|
||||||
*/
|
*/
|
||||||
public function __construct($keyPath, $passPhrase = null)
|
public function __construct($keyPath, $passPhrase = null, $keyPermissionsCheck = true)
|
||||||
{
|
{
|
||||||
if (preg_match(self::RSA_KEY_PATTERN, $keyPath)) {
|
if (preg_match(self::RSA_KEY_PATTERN, $keyPath)) {
|
||||||
$keyPath = $this->saveKeyToFile($keyPath);
|
$keyPath = $this->saveKeyToFile($keyPath);
|
||||||
@ -44,21 +45,15 @@ class CryptKey
|
|||||||
throw new \LogicException(sprintf('Key path "%s" does not exist or is not readable', $keyPath));
|
throw new \LogicException(sprintf('Key path "%s" does not exist or is not readable', $keyPath));
|
||||||
}
|
}
|
||||||
|
|
||||||
// Verify the permissions of the key
|
if ($keyPermissionsCheck === true) {
|
||||||
$keyPathPerms = decoct(fileperms($keyPath) & 0777);
|
// Verify the permissions of the key
|
||||||
if ($keyPathPerms !== '600') {
|
$keyPathPerms = decoct(fileperms($keyPath) & 0777);
|
||||||
// Attempt to correct the permissions
|
if (in_array($keyPathPerms, ['600', '660'], true) === false) {
|
||||||
if (chmod($keyPath, 0600) === false) {
|
trigger_error(sprintf(
|
||||||
// @codeCoverageIgnoreStart
|
'Key file "%s" permissions are not correct, should be 600 or 660 instead of %s',
|
||||||
trigger_error(
|
$keyPath,
|
||||||
sprintf(
|
$keyPathPerms
|
||||||
'Key file "%s" permissions are not correct, should be 600 instead of %s, unable to automatically resolve the issue',
|
), E_USER_NOTICE);
|
||||||
$keyPath,
|
|
||||||
$keyPathPerms
|
|
||||||
),
|
|
||||||
E_USER_NOTICE
|
|
||||||
);
|
|
||||||
// @codeCoverageIgnoreEnd
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -26,6 +26,13 @@ use Zend\Diactoros\ServerRequestFactory;
|
|||||||
|
|
||||||
class AuthorizationServerTest extends \PHPUnit_Framework_TestCase
|
class AuthorizationServerTest extends \PHPUnit_Framework_TestCase
|
||||||
{
|
{
|
||||||
|
public function setUp()
|
||||||
|
{
|
||||||
|
// Make sure the keys have the correct permissions.
|
||||||
|
chmod(__DIR__ . '/Stubs/private.key', 0600);
|
||||||
|
chmod(__DIR__ . '/Stubs/public.key', 0600);
|
||||||
|
}
|
||||||
|
|
||||||
public function testRespondToRequestInvalidGrantType()
|
public function testRespondToRequestInvalidGrantType()
|
||||||
{
|
{
|
||||||
$server = new AuthorizationServer(
|
$server = new AuthorizationServer(
|
||||||
|
Loading…
Reference in New Issue
Block a user