mirror of
https://github.com/elyby/accounts.git
synced 2024-12-23 05:39:54 +05:30
Move OAuth module from API to common and solve PHPStan's errors
This commit is contained in:
parent
8a25ff9223
commit
5ed6f0ce86
@ -1,10 +0,0 @@
|
|||||||
<?php
|
|
||||||
declare(strict_types=1);
|
|
||||||
|
|
||||||
namespace api\components\OAuth2\Events;
|
|
||||||
|
|
||||||
use League\OAuth2\Server\EventEmitting\AbstractEvent;
|
|
||||||
|
|
||||||
class RequestedRefreshToken extends AbstractEvent {
|
|
||||||
|
|
||||||
}
|
|
@ -1,12 +0,0 @@
|
|||||||
<?php
|
|
||||||
declare(strict_types=1);
|
|
||||||
|
|
||||||
namespace api\components\OAuth2\Grants;
|
|
||||||
|
|
||||||
use api\components\OAuth2\CryptTrait;
|
|
||||||
use League\OAuth2\Server\Grant\ClientCredentialsGrant as BaseClientCredentialsGrant;
|
|
||||||
|
|
||||||
class ClientCredentialsGrant extends BaseClientCredentialsGrant {
|
|
||||||
use CryptTrait;
|
|
||||||
|
|
||||||
}
|
|
@ -1,12 +0,0 @@
|
|||||||
<?php
|
|
||||||
declare(strict_types=1);
|
|
||||||
|
|
||||||
namespace api\components\OAuth2\ResponseTypes;
|
|
||||||
|
|
||||||
use api\components\OAuth2\CryptTrait;
|
|
||||||
use League\OAuth2\Server\ResponseTypes\BearerTokenResponse as BaseBearerTokenResponse;
|
|
||||||
|
|
||||||
class BearerTokenResponse extends BaseBearerTokenResponse {
|
|
||||||
use CryptTrait;
|
|
||||||
|
|
||||||
}
|
|
@ -30,6 +30,9 @@ final readonly class TokenReader {
|
|||||||
return $this->token->claims()->get('client_id', false) ?: null;
|
return $this->token->claims()->get('client_id', false) ?: null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return list<string>|null
|
||||||
|
*/
|
||||||
public function getScopes(): ?array {
|
public function getScopes(): ?array {
|
||||||
$scopes = $this->token->claims()->get('scope', false);
|
$scopes = $this->token->claims()->get('scope', false);
|
||||||
if ($scopes !== false) {
|
if ($scopes !== false) {
|
||||||
|
@ -26,9 +26,6 @@ return [
|
|||||||
'user' => [
|
'user' => [
|
||||||
'class' => api\components\User\Component::class,
|
'class' => api\components\User\Component::class,
|
||||||
],
|
],
|
||||||
'oauth' => [
|
|
||||||
'class' => api\components\OAuth2\Component::class,
|
|
||||||
],
|
|
||||||
'tokens' => [
|
'tokens' => [
|
||||||
'class' => api\components\Tokens\Component::class,
|
'class' => api\components\Tokens\Component::class,
|
||||||
'privateKeyPath' => getenv('JWT_PRIVATE_KEY_PATH') ?: __DIR__ . '/../../data/certs/private.pem',
|
'privateKeyPath' => getenv('JWT_PRIVATE_KEY_PATH') ?: __DIR__ . '/../../data/certs/private.pem',
|
||||||
|
@ -9,10 +9,20 @@ use api\rbac\Permissions as P;
|
|||||||
use GuzzleHttp\Psr7\ServerRequest;
|
use GuzzleHttp\Psr7\ServerRequest;
|
||||||
use Psr\Http\Message\ServerRequestInterface;
|
use Psr\Http\Message\ServerRequestInterface;
|
||||||
use Yii;
|
use Yii;
|
||||||
|
use yii\base\Module;
|
||||||
use yii\filters\AccessControl;
|
use yii\filters\AccessControl;
|
||||||
use yii\helpers\ArrayHelper;
|
use yii\helpers\ArrayHelper;
|
||||||
|
|
||||||
class AuthorizationController extends Controller {
|
final class AuthorizationController extends Controller {
|
||||||
|
|
||||||
|
public function __construct(
|
||||||
|
string $id,
|
||||||
|
Module $module,
|
||||||
|
private readonly OauthProcess $oauthProcess,
|
||||||
|
array $config = [],
|
||||||
|
) {
|
||||||
|
parent::__construct($id, $module, $config);
|
||||||
|
}
|
||||||
|
|
||||||
public function behaviors(): array {
|
public function behaviors(): array {
|
||||||
return ArrayHelper::merge(Controller::behaviors(), [
|
return ArrayHelper::merge(Controller::behaviors(), [
|
||||||
@ -45,19 +55,15 @@ class AuthorizationController extends Controller {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public function actionValidate(): array {
|
public function actionValidate(): array {
|
||||||
return $this->createOauthProcess()->validate($this->getServerRequest());
|
return $this->oauthProcess->validate($this->getServerRequest());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function actionComplete(): array {
|
public function actionComplete(): array {
|
||||||
return $this->createOauthProcess()->complete($this->getServerRequest());
|
return $this->oauthProcess->complete($this->getServerRequest());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function actionToken(): array {
|
public function actionToken(): array {
|
||||||
return $this->createOauthProcess()->getToken($this->getServerRequest());
|
return $this->oauthProcess->getToken($this->getServerRequest());
|
||||||
}
|
|
||||||
|
|
||||||
private function createOauthProcess(): OauthProcess {
|
|
||||||
return new OauthProcess(Yii::$app->oauth->getAuthServer());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private function getServerRequest(): ServerRequestInterface {
|
private function getServerRequest(): ServerRequestInterface {
|
||||||
|
@ -3,9 +3,9 @@ declare(strict_types=1);
|
|||||||
|
|
||||||
namespace api\modules\oauth\models;
|
namespace api\modules\oauth\models;
|
||||||
|
|
||||||
use api\components\OAuth2\Entities\UserEntity;
|
|
||||||
use api\components\OAuth2\Events\RequestedRefreshToken;
|
|
||||||
use api\rbac\Permissions as P;
|
use api\rbac\Permissions as P;
|
||||||
|
use common\components\OAuth2\Entities\UserEntity;
|
||||||
|
use common\components\OAuth2\Events\RequestedRefreshToken;
|
||||||
use common\models\Account;
|
use common\models\Account;
|
||||||
use common\models\OauthClient;
|
use common\models\OauthClient;
|
||||||
use common\models\OauthSession;
|
use common\models\OauthSession;
|
||||||
@ -18,14 +18,16 @@ use Psr\Http\Message\ServerRequestInterface;
|
|||||||
use Webmozart\Assert\Assert;
|
use Webmozart\Assert\Assert;
|
||||||
use Yii;
|
use Yii;
|
||||||
|
|
||||||
class OauthProcess {
|
final readonly class OauthProcess {
|
||||||
|
|
||||||
private const array INTERNAL_PERMISSIONS_TO_PUBLIC_SCOPES = [
|
private const array INTERNAL_PERMISSIONS_TO_PUBLIC_SCOPES = [
|
||||||
P::OBTAIN_OWN_ACCOUNT_INFO => 'account_info',
|
P::OBTAIN_OWN_ACCOUNT_INFO => 'account_info',
|
||||||
P::OBTAIN_ACCOUNT_EMAIL => 'account_email',
|
P::OBTAIN_ACCOUNT_EMAIL => 'account_email',
|
||||||
];
|
];
|
||||||
|
|
||||||
public function __construct(private readonly AuthorizationServer $server) {
|
public function __construct(
|
||||||
|
private AuthorizationServer $server,
|
||||||
|
) {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -43,8 +45,7 @@ class OauthProcess {
|
|||||||
*
|
*
|
||||||
* In addition, you can pass the description value to override the application's description.
|
* In addition, you can pass the description value to override the application's description.
|
||||||
*
|
*
|
||||||
* @param ServerRequestInterface $request
|
* @return array<mixed>
|
||||||
* @return array
|
|
||||||
*/
|
*/
|
||||||
public function validate(ServerRequestInterface $request): array {
|
public function validate(ServerRequestInterface $request): array {
|
||||||
try {
|
try {
|
||||||
@ -77,8 +78,7 @@ class OauthProcess {
|
|||||||
* If the field is present, it will be interpreted as any value resulting in false positives.
|
* If the field is present, it will be interpreted as any value resulting in false positives.
|
||||||
* Otherwise, the value will be interpreted as "true".
|
* Otherwise, the value will be interpreted as "true".
|
||||||
*
|
*
|
||||||
* @param ServerRequestInterface $request
|
* @return array<mixed>
|
||||||
* @return array
|
|
||||||
*/
|
*/
|
||||||
public function complete(ServerRequestInterface $request): array {
|
public function complete(ServerRequestInterface $request): array {
|
||||||
try {
|
try {
|
||||||
@ -144,8 +144,7 @@ class OauthProcess {
|
|||||||
* grant_type,
|
* grant_type,
|
||||||
* ]
|
* ]
|
||||||
*
|
*
|
||||||
* @param ServerRequestInterface $request
|
* @return array<mixed>
|
||||||
* @return array
|
|
||||||
*/
|
*/
|
||||||
public function getToken(ServerRequestInterface $request): array {
|
public function getToken(ServerRequestInterface $request): array {
|
||||||
$params = (array)$request->getParsedBody();
|
$params = (array)$request->getParsedBody();
|
||||||
@ -232,11 +231,9 @@ class OauthProcess {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param ServerRequestInterface $request
|
|
||||||
* @param OauthClient $client
|
|
||||||
* @param ScopeEntityInterface[] $scopes
|
* @param ScopeEntityInterface[] $scopes
|
||||||
*
|
*
|
||||||
* @return array
|
* @return array<mixed>
|
||||||
*/
|
*/
|
||||||
private function buildSuccessResponse(ServerRequestInterface $request, OauthClient $client, array $scopes): array {
|
private function buildSuccessResponse(ServerRequestInterface $request, OauthClient $client, array $scopes): array {
|
||||||
return [
|
return [
|
||||||
@ -262,7 +259,7 @@ class OauthProcess {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* @param ScopeEntityInterface[] $scopes
|
* @param ScopeEntityInterface[] $scopes
|
||||||
* @return array
|
* @return string[]
|
||||||
*/
|
*/
|
||||||
private function buildScopesArray(array $scopes): array {
|
private function buildScopesArray(array $scopes): array {
|
||||||
$result = [];
|
$result = [];
|
||||||
@ -273,6 +270,15 @@ class OauthProcess {
|
|||||||
return $result;
|
return $result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return array{
|
||||||
|
* success: false,
|
||||||
|
* error: string,
|
||||||
|
* parameter: string|null,
|
||||||
|
* statusCode: int,
|
||||||
|
* redirectUri?: string,
|
||||||
|
* }
|
||||||
|
*/
|
||||||
private function buildCompleteErrorResponse(OAuthServerException $e): array {
|
private function buildCompleteErrorResponse(OAuthServerException $e): array {
|
||||||
$hint = $e->getPayload()['hint'] ?? '';
|
$hint = $e->getPayload()['hint'] ?? '';
|
||||||
if (preg_match('/the `(\w+)` scope/', $hint, $matches)) {
|
if (preg_match('/the `(\w+)` scope/', $hint, $matches)) {
|
||||||
@ -304,8 +310,10 @@ class OauthProcess {
|
|||||||
*
|
*
|
||||||
* Part of the existing texts are the legacy from the previous implementation.
|
* Part of the existing texts are the legacy from the previous implementation.
|
||||||
*
|
*
|
||||||
* @param OAuthServerException $e
|
* @return array{
|
||||||
* @return array
|
* error: string,
|
||||||
|
* message: string,
|
||||||
|
* }
|
||||||
*/
|
*/
|
||||||
private function buildIssueErrorResponse(OAuthServerException $e): array {
|
private function buildIssueErrorResponse(OAuthServerException $e): array {
|
||||||
$errorType = $e->getErrorType();
|
$errorType = $e->getErrorType();
|
||||||
@ -331,6 +339,9 @@ class OauthProcess {
|
|||||||
return new OAuthServerException('Client must accept authentication request.', 0, 'accept_required', 401);
|
return new OAuthServerException('Client must accept authentication request.', 0, 'accept_required', 401);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return list<string>
|
||||||
|
*/
|
||||||
private function getScopesList(AuthorizationRequestInterface $request): array {
|
private function getScopesList(AuthorizationRequestInterface $request): array {
|
||||||
return array_values(array_map(fn(ScopeEntityInterface $scope): string => $scope->getIdentifier(), $request->getScopes()));
|
return array_values(array_map(fn(ScopeEntityInterface $scope): string => $scope->getIdentifier(), $request->getScopes()));
|
||||||
}
|
}
|
||||||
|
@ -3,8 +3,8 @@ declare(strict_types=1);
|
|||||||
|
|
||||||
namespace api\tests\functional\_steps;
|
namespace api\tests\functional\_steps;
|
||||||
|
|
||||||
use api\components\OAuth2\Repositories\PublicScopeRepository;
|
|
||||||
use api\tests\FunctionalTester;
|
use api\tests\FunctionalTester;
|
||||||
|
use common\components\OAuth2\Repositories\PublicScopeRepository;
|
||||||
|
|
||||||
class OauthSteps extends FunctionalTester {
|
class OauthSteps extends FunctionalTester {
|
||||||
|
|
||||||
|
@ -3,8 +3,8 @@ declare(strict_types=1);
|
|||||||
|
|
||||||
namespace api\tests\unit\components\OAuth2\Entities;
|
namespace api\tests\unit\components\OAuth2\Entities;
|
||||||
|
|
||||||
use api\components\OAuth2\Entities\AccessTokenEntity;
|
|
||||||
use api\tests\unit\TestCase;
|
use api\tests\unit\TestCase;
|
||||||
|
use common\components\OAuth2\Entities\AccessTokenEntity;
|
||||||
use DateTimeImmutable;
|
use DateTimeImmutable;
|
||||||
use League\OAuth2\Server\Entities\ClientEntityInterface;
|
use League\OAuth2\Server\Entities\ClientEntityInterface;
|
||||||
use League\OAuth2\Server\Entities\ScopeEntityInterface;
|
use League\OAuth2\Server\Entities\ScopeEntityInterface;
|
||||||
|
@ -34,7 +34,6 @@ abstract class BaseApplication extends yii\base\Application {
|
|||||||
*
|
*
|
||||||
* @property \api\components\User\Component $user
|
* @property \api\components\User\Component $user
|
||||||
* @property \api\components\ReCaptcha\Component $reCaptcha
|
* @property \api\components\ReCaptcha\Component $reCaptcha
|
||||||
* @property \api\components\OAuth2\Component $oauth
|
|
||||||
* @property \api\components\Tokens\Component $tokens
|
* @property \api\components\Tokens\Component $tokens
|
||||||
* @property \api\components\Tokens\TokensFactory $tokensFactory
|
* @property \api\components\Tokens\TokensFactory $tokensFactory
|
||||||
*
|
*
|
||||||
|
@ -1,26 +1,16 @@
|
|||||||
<?php
|
<?php
|
||||||
declare(strict_types=1);
|
declare(strict_types=1);
|
||||||
|
|
||||||
namespace api\components\OAuth2;
|
namespace common\components\OAuth2;
|
||||||
|
|
||||||
use Carbon\CarbonInterval;
|
use Carbon\CarbonInterval;
|
||||||
use DateInterval;
|
use DateInterval;
|
||||||
use League\OAuth2\Server\AuthorizationServer;
|
use League\OAuth2\Server\AuthorizationServer;
|
||||||
use yii\base\Component as BaseComponent;
|
use yii\base\Component as BaseComponent;
|
||||||
|
|
||||||
final class Component extends BaseComponent {
|
final class AuthorizationServerFactory extends BaseComponent {
|
||||||
|
|
||||||
private ?AuthorizationServer $_authServer = null;
|
public static function build(): AuthorizationServer {
|
||||||
|
|
||||||
public function getAuthServer(): AuthorizationServer {
|
|
||||||
if ($this->_authServer === null) {
|
|
||||||
$this->_authServer = $this->createAuthServer();
|
|
||||||
}
|
|
||||||
|
|
||||||
return $this->_authServer;
|
|
||||||
}
|
|
||||||
|
|
||||||
private function createAuthServer(): AuthorizationServer {
|
|
||||||
$clientsRepo = new Repositories\ClientRepository();
|
$clientsRepo = new Repositories\ClientRepository();
|
||||||
$accessTokensRepo = new Repositories\AccessTokenRepository();
|
$accessTokensRepo = new Repositories\AccessTokenRepository();
|
||||||
$publicScopesRepo = new Repositories\PublicScopeRepository();
|
$publicScopesRepo = new Repositories\PublicScopeRepository();
|
@ -1,7 +1,7 @@
|
|||||||
<?php
|
<?php
|
||||||
declare(strict_types=1);
|
declare(strict_types=1);
|
||||||
|
|
||||||
namespace api\components\OAuth2;
|
namespace common\components\OAuth2;
|
||||||
|
|
||||||
use LogicException;
|
use LogicException;
|
||||||
use RangeException;
|
use RangeException;
|
||||||
@ -18,11 +18,11 @@ use Yii;
|
|||||||
*/
|
*/
|
||||||
trait CryptTrait {
|
trait CryptTrait {
|
||||||
|
|
||||||
protected function encrypt($unencryptedData): string {
|
protected function encrypt(string $unencryptedData): string {
|
||||||
return Yii::$app->tokens->encryptValue($unencryptedData);
|
return Yii::$app->tokens->encryptValue($unencryptedData);
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function decrypt($encryptedData): string {
|
protected function decrypt(string $encryptedData): string {
|
||||||
try {
|
try {
|
||||||
return Yii::$app->tokens->decryptValue($encryptedData);
|
return Yii::$app->tokens->decryptValue($encryptedData);
|
||||||
} catch (SodiumException|RangeException $e) {
|
} catch (SodiumException|RangeException $e) {
|
@ -1,7 +1,7 @@
|
|||||||
<?php
|
<?php
|
||||||
declare(strict_types=1);
|
declare(strict_types=1);
|
||||||
|
|
||||||
namespace api\components\OAuth2\Entities;
|
namespace common\components\OAuth2\Entities;
|
||||||
|
|
||||||
use League\OAuth2\Server\CryptKeyInterface;
|
use League\OAuth2\Server\CryptKeyInterface;
|
||||||
use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
|
use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
|
@ -1,14 +1,14 @@
|
|||||||
<?php
|
<?php
|
||||||
declare(strict_types=1);
|
declare(strict_types=1);
|
||||||
|
|
||||||
namespace api\components\OAuth2\Entities;
|
namespace common\components\OAuth2\Entities;
|
||||||
|
|
||||||
use League\OAuth2\Server\Entities\AuthCodeEntityInterface;
|
use League\OAuth2\Server\Entities\AuthCodeEntityInterface;
|
||||||
use League\OAuth2\Server\Entities\Traits\AuthCodeTrait;
|
use League\OAuth2\Server\Entities\Traits\AuthCodeTrait;
|
||||||
use League\OAuth2\Server\Entities\Traits\EntityTrait;
|
use League\OAuth2\Server\Entities\Traits\EntityTrait;
|
||||||
use League\OAuth2\Server\Entities\Traits\TokenEntityTrait;
|
use League\OAuth2\Server\Entities\Traits\TokenEntityTrait;
|
||||||
|
|
||||||
class AuthCodeEntity implements AuthCodeEntityInterface {
|
final class AuthCodeEntity implements AuthCodeEntityInterface {
|
||||||
use EntityTrait;
|
use EntityTrait;
|
||||||
use AuthCodeTrait;
|
use AuthCodeTrait;
|
||||||
use TokenEntityTrait;
|
use TokenEntityTrait;
|
@ -1,19 +1,19 @@
|
|||||||
<?php
|
<?php
|
||||||
declare(strict_types=1);
|
declare(strict_types=1);
|
||||||
|
|
||||||
namespace api\components\OAuth2\Entities;
|
namespace common\components\OAuth2\Entities;
|
||||||
|
|
||||||
use League\OAuth2\Server\Entities\ClientEntityInterface;
|
use League\OAuth2\Server\Entities\ClientEntityInterface;
|
||||||
use League\OAuth2\Server\Entities\Traits\ClientTrait;
|
use League\OAuth2\Server\Entities\Traits\ClientTrait;
|
||||||
use League\OAuth2\Server\Entities\Traits\EntityTrait;
|
use League\OAuth2\Server\Entities\Traits\EntityTrait;
|
||||||
|
|
||||||
class ClientEntity implements ClientEntityInterface {
|
final class ClientEntity implements ClientEntityInterface {
|
||||||
use EntityTrait;
|
use EntityTrait;
|
||||||
use ClientTrait;
|
use ClientTrait;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param non-empty-string $id
|
* @phpstan-param non-empty-string $id
|
||||||
* @param string|string[] $redirectUri
|
* @phpstan-param string|list<string> $redirectUri
|
||||||
*/
|
*/
|
||||||
public function __construct(
|
public function __construct(
|
||||||
string $id,
|
string $id,
|
@ -1,16 +1,19 @@
|
|||||||
<?php
|
<?php
|
||||||
declare(strict_types=1);
|
declare(strict_types=1);
|
||||||
|
|
||||||
namespace api\components\OAuth2\Entities;
|
namespace common\components\OAuth2\Entities;
|
||||||
|
|
||||||
use League\OAuth2\Server\Entities\ScopeEntityInterface;
|
use League\OAuth2\Server\Entities\ScopeEntityInterface;
|
||||||
use League\OAuth2\Server\Entities\Traits\EntityTrait;
|
use League\OAuth2\Server\Entities\Traits\EntityTrait;
|
||||||
use League\OAuth2\Server\Entities\Traits\ScopeTrait;
|
use League\OAuth2\Server\Entities\Traits\ScopeTrait;
|
||||||
|
|
||||||
class ScopeEntity implements ScopeEntityInterface {
|
final class ScopeEntity implements ScopeEntityInterface {
|
||||||
use EntityTrait;
|
use EntityTrait;
|
||||||
use ScopeTrait;
|
use ScopeTrait;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @phpstan-param non-empty-string $id
|
||||||
|
*/
|
||||||
public function __construct(string $id) {
|
public function __construct(string $id) {
|
||||||
$this->identifier = $id;
|
$this->identifier = $id;
|
||||||
}
|
}
|
@ -1,12 +1,12 @@
|
|||||||
<?php
|
<?php
|
||||||
declare(strict_types=1);
|
declare(strict_types=1);
|
||||||
|
|
||||||
namespace api\components\OAuth2\Entities;
|
namespace common\components\OAuth2\Entities;
|
||||||
|
|
||||||
use League\OAuth2\Server\Entities\Traits\EntityTrait;
|
use League\OAuth2\Server\Entities\Traits\EntityTrait;
|
||||||
use League\OAuth2\Server\Entities\UserEntityInterface;
|
use League\OAuth2\Server\Entities\UserEntityInterface;
|
||||||
|
|
||||||
class UserEntity implements UserEntityInterface {
|
final class UserEntity implements UserEntityInterface {
|
||||||
use EntityTrait;
|
use EntityTrait;
|
||||||
|
|
||||||
public function __construct(int $id) {
|
public function __construct(int $id) {
|
10
common/components/OAuth2/Events/RequestedRefreshToken.php
Normal file
10
common/components/OAuth2/Events/RequestedRefreshToken.php
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
<?php
|
||||||
|
declare(strict_types=1);
|
||||||
|
|
||||||
|
namespace common\components\OAuth2\Events;
|
||||||
|
|
||||||
|
use League\OAuth2\Server\EventEmitting\AbstractEvent;
|
||||||
|
|
||||||
|
final class RequestedRefreshToken extends AbstractEvent {
|
||||||
|
|
||||||
|
}
|
@ -1,35 +1,23 @@
|
|||||||
<?php
|
<?php
|
||||||
declare(strict_types=1);
|
declare(strict_types=1);
|
||||||
|
|
||||||
namespace api\components\OAuth2\Grants;
|
namespace common\components\OAuth2\Grants;
|
||||||
|
|
||||||
use api\components\OAuth2\CryptTrait;
|
use common\components\OAuth2\CryptTrait;
|
||||||
use api\components\OAuth2\Events\RequestedRefreshToken;
|
use common\components\OAuth2\Events\RequestedRefreshToken;
|
||||||
use api\components\OAuth2\Repositories\PublicScopeRepository;
|
use common\components\OAuth2\Repositories\PublicScopeRepository;
|
||||||
use DateInterval;
|
use DateInterval;
|
||||||
use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
|
use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
|
||||||
use League\OAuth2\Server\Entities\ClientEntityInterface;
|
use League\OAuth2\Server\Entities\ClientEntityInterface;
|
||||||
use League\OAuth2\Server\Entities\ScopeEntityInterface;
|
|
||||||
use League\OAuth2\Server\Exception\OAuthServerException;
|
use League\OAuth2\Server\Exception\OAuthServerException;
|
||||||
use League\OAuth2\Server\Exception\UniqueTokenIdentifierConstraintViolationException;
|
|
||||||
use League\OAuth2\Server\Grant\AuthCodeGrant as BaseAuthCodeGrant;
|
use League\OAuth2\Server\Grant\AuthCodeGrant as BaseAuthCodeGrant;
|
||||||
use League\OAuth2\Server\RequestEvent;
|
use League\OAuth2\Server\RequestEvent;
|
||||||
use Psr\Http\Message\ServerRequestInterface;
|
use Psr\Http\Message\ServerRequestInterface;
|
||||||
use yii\helpers\StringHelper;
|
use yii\helpers\StringHelper;
|
||||||
|
|
||||||
class AuthCodeGrant extends BaseAuthCodeGrant {
|
final class AuthCodeGrant extends BaseAuthCodeGrant {
|
||||||
use CryptTrait;
|
use CryptTrait;
|
||||||
|
|
||||||
/**
|
|
||||||
* @param DateInterval $accessTokenTTL
|
|
||||||
* @param ClientEntityInterface $client
|
|
||||||
* @param string|null $userIdentifier
|
|
||||||
* @param ScopeEntityInterface[] $scopes
|
|
||||||
*
|
|
||||||
* @return AccessTokenEntityInterface
|
|
||||||
* @throws OAuthServerException
|
|
||||||
* @throws UniqueTokenIdentifierConstraintViolationException
|
|
||||||
*/
|
|
||||||
protected function issueAccessToken(
|
protected function issueAccessToken(
|
||||||
DateInterval $accessTokenTTL,
|
DateInterval $accessTokenTTL,
|
||||||
ClientEntityInterface $client,
|
ClientEntityInterface $client,
|
12
common/components/OAuth2/Grants/ClientCredentialsGrant.php
Normal file
12
common/components/OAuth2/Grants/ClientCredentialsGrant.php
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
<?php
|
||||||
|
declare(strict_types=1);
|
||||||
|
|
||||||
|
namespace common\components\OAuth2\Grants;
|
||||||
|
|
||||||
|
use common\components\OAuth2\CryptTrait;
|
||||||
|
use League\OAuth2\Server\Grant\ClientCredentialsGrant as BaseClientCredentialsGrant;
|
||||||
|
|
||||||
|
final class ClientCredentialsGrant extends BaseClientCredentialsGrant {
|
||||||
|
use CryptTrait;
|
||||||
|
|
||||||
|
}
|
@ -1,11 +1,11 @@
|
|||||||
<?php
|
<?php
|
||||||
declare(strict_types=1);
|
declare(strict_types=1);
|
||||||
|
|
||||||
namespace api\components\OAuth2\Grants;
|
namespace common\components\OAuth2\Grants;
|
||||||
|
|
||||||
use api\components\OAuth2\CryptTrait;
|
|
||||||
use api\components\Tokens\TokenReader;
|
use api\components\Tokens\TokenReader;
|
||||||
use Carbon\FactoryImmutable;
|
use Carbon\FactoryImmutable;
|
||||||
|
use common\components\OAuth2\CryptTrait;
|
||||||
use common\models\OauthSession;
|
use common\models\OauthSession;
|
||||||
use InvalidArgumentException;
|
use InvalidArgumentException;
|
||||||
use Lcobucci\JWT\Validation\Constraint\LooseValidAt;
|
use Lcobucci\JWT\Validation\Constraint\LooseValidAt;
|
||||||
@ -18,7 +18,7 @@ use Psr\Http\Message\ServerRequestInterface;
|
|||||||
use Throwable;
|
use Throwable;
|
||||||
use Yii;
|
use Yii;
|
||||||
|
|
||||||
class RefreshTokenGrant extends BaseRefreshTokenGrant {
|
final class RefreshTokenGrant extends BaseRefreshTokenGrant {
|
||||||
use CryptTrait;
|
use CryptTrait;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -26,11 +26,7 @@ class RefreshTokenGrant extends BaseRefreshTokenGrant {
|
|||||||
* If received refresh token is matches the legacy token template,
|
* If received refresh token is matches the legacy token template,
|
||||||
* restore the information from the legacy storage.
|
* restore the information from the legacy storage.
|
||||||
*
|
*
|
||||||
* @param ServerRequestInterface $request
|
* @inheritDoc
|
||||||
* @param string $clientId
|
|
||||||
*
|
|
||||||
* @return array
|
|
||||||
* @throws OAuthServerException
|
|
||||||
*/
|
*/
|
||||||
protected function validateOldRefreshToken(ServerRequestInterface $request, string $clientId): array {
|
protected function validateOldRefreshToken(ServerRequestInterface $request, string $clientId): array {
|
||||||
$refreshToken = $this->getRequestParameter('refresh_token', $request);
|
$refreshToken = $this->getRequestParameter('refresh_token', $request);
|
||||||
@ -45,18 +41,13 @@ class RefreshTokenGrant extends BaseRefreshTokenGrant {
|
|||||||
* Currently we're not rotating refresh tokens.
|
* Currently we're not rotating refresh tokens.
|
||||||
* So we're overriding this method to always return null, which means,
|
* So we're overriding this method to always return null, which means,
|
||||||
* that refresh_token will not be issued.
|
* that refresh_token will not be issued.
|
||||||
*
|
|
||||||
* @param AccessTokenEntityInterface $accessToken
|
|
||||||
*
|
|
||||||
* @return RefreshTokenEntityInterface|null
|
|
||||||
*/
|
*/
|
||||||
protected function issueRefreshToken(AccessTokenEntityInterface $accessToken): ?RefreshTokenEntityInterface {
|
protected function issueRefreshToken(AccessTokenEntityInterface $accessToken): ?RefreshTokenEntityInterface {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param string $refreshToken
|
* @return array<string, mixed>
|
||||||
* @return array
|
|
||||||
* @throws OAuthServerException
|
* @throws OAuthServerException
|
||||||
*/
|
*/
|
||||||
private function validateLegacyRefreshToken(string $refreshToken): array {
|
private function validateLegacyRefreshToken(string $refreshToken): array {
|
||||||
@ -91,14 +82,7 @@ class RefreshTokenGrant extends BaseRefreshTokenGrant {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return array{
|
* @return array<string, mixed>
|
||||||
* client_id: string,
|
|
||||||
* refresh_token_id?: string,
|
|
||||||
* access_token_id?: string,
|
|
||||||
* scopes: list<string>|null,
|
|
||||||
* user_id: string|null,
|
|
||||||
* expire_time: int|null,
|
|
||||||
* }
|
|
||||||
* @throws OAuthServerException
|
* @throws OAuthServerException
|
||||||
*/
|
*/
|
||||||
private function validateAccessToken(string $jwt): array {
|
private function validateAccessToken(string $jwt): array {
|
@ -1,11 +1,11 @@
|
|||||||
<?php
|
<?php
|
||||||
declare(strict_types=1);
|
declare(strict_types=1);
|
||||||
|
|
||||||
namespace api\components\OAuth2\Keys;
|
namespace common\components\OAuth2\Keys;
|
||||||
|
|
||||||
use League\OAuth2\Server\CryptKeyInterface;
|
use League\OAuth2\Server\CryptKeyInterface;
|
||||||
|
|
||||||
class EmptyKey implements CryptKeyInterface {
|
final class EmptyKey implements CryptKeyInterface {
|
||||||
|
|
||||||
public function getKeyPath(): string {
|
public function getKeyPath(): string {
|
||||||
return '';
|
return '';
|
@ -1,28 +1,23 @@
|
|||||||
<?php
|
<?php
|
||||||
declare(strict_types=1);
|
declare(strict_types=1);
|
||||||
|
|
||||||
namespace api\components\OAuth2\Repositories;
|
namespace common\components\OAuth2\Repositories;
|
||||||
|
|
||||||
use api\components\OAuth2\Entities\AccessTokenEntity;
|
use common\components\OAuth2\Entities\AccessTokenEntity;
|
||||||
use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
|
use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
|
||||||
use League\OAuth2\Server\Entities\ClientEntityInterface;
|
use League\OAuth2\Server\Entities\ClientEntityInterface;
|
||||||
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
|
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
|
||||||
|
|
||||||
class AccessTokenRepository implements AccessTokenRepositoryInterface {
|
final class AccessTokenRepository implements AccessTokenRepositoryInterface {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Create a new access token
|
* @inheritDoc
|
||||||
*
|
* @phpstan-param non-empty-string|null $userIdentifier
|
||||||
* @param ClientEntityInterface $clientEntity
|
|
||||||
* @param \League\OAuth2\Server\Entities\ScopeEntityInterface[] $scopes
|
|
||||||
* @param mixed $userIdentifier
|
|
||||||
*
|
|
||||||
* @return AccessTokenEntityInterface
|
|
||||||
*/
|
*/
|
||||||
public function getNewToken(
|
public function getNewToken(
|
||||||
ClientEntityInterface $clientEntity,
|
ClientEntityInterface $clientEntity,
|
||||||
array $scopes,
|
array $scopes,
|
||||||
$userIdentifier = null,
|
?string $userIdentifier = null,
|
||||||
): AccessTokenEntityInterface {
|
): AccessTokenEntityInterface {
|
||||||
$accessToken = new AccessTokenEntity();
|
$accessToken = new AccessTokenEntity();
|
||||||
$accessToken->setClient($clientEntity);
|
$accessToken->setClient($clientEntity);
|
||||||
@ -38,11 +33,11 @@ class AccessTokenRepository implements AccessTokenRepositoryInterface {
|
|||||||
// We don't store access tokens, so there's no need to do anything here
|
// We don't store access tokens, so there's no need to do anything here
|
||||||
}
|
}
|
||||||
|
|
||||||
public function revokeAccessToken($tokenId): void {
|
public function revokeAccessToken(string $tokenId): void {
|
||||||
// We don't store access tokens, so there's no need to do anything here
|
// We don't store access tokens, so there's no need to do anything here
|
||||||
}
|
}
|
||||||
|
|
||||||
public function isAccessTokenRevoked($tokenId): bool {
|
public function isAccessTokenRevoked(string $tokenId): bool {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
@ -1,13 +1,13 @@
|
|||||||
<?php
|
<?php
|
||||||
declare(strict_types=1);
|
declare(strict_types=1);
|
||||||
|
|
||||||
namespace api\components\OAuth2\Repositories;
|
namespace common\components\OAuth2\Repositories;
|
||||||
|
|
||||||
use api\components\OAuth2\Entities\AuthCodeEntity;
|
use common\components\OAuth2\Entities\AuthCodeEntity;
|
||||||
use League\OAuth2\Server\Entities\AuthCodeEntityInterface;
|
use League\OAuth2\Server\Entities\AuthCodeEntityInterface;
|
||||||
use League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface;
|
use League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface;
|
||||||
|
|
||||||
class AuthCodeRepository implements AuthCodeRepositoryInterface {
|
final class AuthCodeRepository implements AuthCodeRepositoryInterface {
|
||||||
|
|
||||||
public function getNewAuthCode(): AuthCodeEntityInterface {
|
public function getNewAuthCode(): AuthCodeEntityInterface {
|
||||||
return new AuthCodeEntity();
|
return new AuthCodeEntity();
|
||||||
@ -16,10 +16,10 @@ class AuthCodeRepository implements AuthCodeRepositoryInterface {
|
|||||||
public function persistNewAuthCode(AuthCodeEntityInterface $authCodeEntity): void {
|
public function persistNewAuthCode(AuthCodeEntityInterface $authCodeEntity): void {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function revokeAuthCode($codeId): void {
|
public function revokeAuthCode(string $codeId): void {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function isAuthCodeRevoked($codeId): bool {
|
public function isAuthCodeRevoked(string $codeId): bool {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
@ -1,26 +1,27 @@
|
|||||||
<?php
|
<?php
|
||||||
declare(strict_types=1);
|
declare(strict_types=1);
|
||||||
|
|
||||||
namespace api\components\OAuth2\Repositories;
|
namespace common\components\OAuth2\Repositories;
|
||||||
|
|
||||||
use api\components\OAuth2\Entities\ClientEntity;
|
use common\components\OAuth2\Entities\ClientEntity;
|
||||||
use common\models\OauthClient;
|
use common\models\OauthClient;
|
||||||
use League\OAuth2\Server\Entities\ClientEntityInterface;
|
use League\OAuth2\Server\Entities\ClientEntityInterface;
|
||||||
use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
|
use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
|
||||||
|
|
||||||
class ClientRepository implements ClientRepositoryInterface {
|
final class ClientRepository implements ClientRepositoryInterface {
|
||||||
|
|
||||||
public function getClientEntity($clientId): ?ClientEntityInterface {
|
public function getClientEntity(string $clientIdentifier): ?ClientEntityInterface {
|
||||||
$client = $this->findModel($clientId);
|
$client = $this->findModel($clientIdentifier);
|
||||||
if ($client === null) {
|
if ($client === null) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
return new ClientEntity($client->id, $client->name, $client->redirect_uri ?? '', (bool)$client->is_trusted);
|
// @phpstan-ignore argument.type
|
||||||
|
return new ClientEntity($client->id, $client->name, $client->redirect_uri ?: '', (bool)$client->is_trusted);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function validateClient($clientId, $clientSecret, $grantType): bool {
|
public function validateClient(string $clientIdentifier, ?string $clientSecret, ?string $grantType): bool {
|
||||||
$client = $this->findModel($clientId);
|
$client = $this->findModel($clientIdentifier);
|
||||||
if ($client === null) {
|
if ($client === null) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
@ -1,7 +1,7 @@
|
|||||||
<?php
|
<?php
|
||||||
declare(strict_types=1);
|
declare(strict_types=1);
|
||||||
|
|
||||||
namespace api\components\OAuth2\Repositories;
|
namespace common\components\OAuth2\Repositories;
|
||||||
|
|
||||||
use League\OAuth2\Server\Entities\ClientEntityInterface;
|
use League\OAuth2\Server\Entities\ClientEntityInterface;
|
||||||
use League\OAuth2\Server\Entities\ScopeEntityInterface;
|
use League\OAuth2\Server\Entities\ScopeEntityInterface;
|
||||||
@ -12,7 +12,7 @@ use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
|
|||||||
* To create an instance of the authorization server, you need to pass the scopes
|
* To create an instance of the authorization server, you need to pass the scopes
|
||||||
* repository. This class acts as a dummy to meet this requirement.
|
* repository. This class acts as a dummy to meet this requirement.
|
||||||
*/
|
*/
|
||||||
class EmptyScopeRepository implements ScopeRepositoryInterface {
|
final class EmptyScopeRepository implements ScopeRepositoryInterface {
|
||||||
|
|
||||||
public function getScopeEntityByIdentifier($identifier): ?ScopeEntityInterface {
|
public function getScopeEntityByIdentifier($identifier): ?ScopeEntityInterface {
|
||||||
return null;
|
return null;
|
||||||
@ -20,9 +20,9 @@ class EmptyScopeRepository implements ScopeRepositoryInterface {
|
|||||||
|
|
||||||
public function finalizeScopes(
|
public function finalizeScopes(
|
||||||
array $scopes,
|
array $scopes,
|
||||||
$grantType,
|
string $grantType,
|
||||||
ClientEntityInterface $clientEntity,
|
ClientEntityInterface $clientEntity,
|
||||||
$userIdentifier = null,
|
?string $userIdentifier = null,
|
||||||
?string $authCodeId = null,
|
?string $authCodeId = null,
|
||||||
): array {
|
): array {
|
||||||
return $scopes;
|
return $scopes;
|
@ -1,17 +1,17 @@
|
|||||||
<?php
|
<?php
|
||||||
declare(strict_types=1);
|
declare(strict_types=1);
|
||||||
|
|
||||||
namespace api\components\OAuth2\Repositories;
|
namespace common\components\OAuth2\Repositories;
|
||||||
|
|
||||||
use api\components\OAuth2\Entities\ClientEntity;
|
|
||||||
use api\components\OAuth2\Entities\ScopeEntity;
|
|
||||||
use api\rbac\Permissions as P;
|
use api\rbac\Permissions as P;
|
||||||
|
use common\components\OAuth2\Entities\ClientEntity;
|
||||||
|
use common\components\OAuth2\Entities\ScopeEntity;
|
||||||
use League\OAuth2\Server\Entities\ClientEntityInterface;
|
use League\OAuth2\Server\Entities\ClientEntityInterface;
|
||||||
use League\OAuth2\Server\Entities\ScopeEntityInterface;
|
use League\OAuth2\Server\Entities\ScopeEntityInterface;
|
||||||
use League\OAuth2\Server\Exception\OAuthServerException;
|
use League\OAuth2\Server\Exception\OAuthServerException;
|
||||||
use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
|
use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
|
||||||
|
|
||||||
class InternalScopeRepository implements ScopeRepositoryInterface {
|
final class InternalScopeRepository implements ScopeRepositoryInterface {
|
||||||
|
|
||||||
private const array ALLOWED_SCOPES = [
|
private const array ALLOWED_SCOPES = [
|
||||||
P::CHANGE_ACCOUNT_USERNAME,
|
P::CHANGE_ACCOUNT_USERNAME,
|
||||||
@ -39,9 +39,9 @@ class InternalScopeRepository implements ScopeRepositoryInterface {
|
|||||||
*/
|
*/
|
||||||
public function finalizeScopes(
|
public function finalizeScopes(
|
||||||
array $scopes,
|
array $scopes,
|
||||||
$grantType,
|
string $grantType,
|
||||||
ClientEntityInterface $clientEntity,
|
ClientEntityInterface $clientEntity,
|
||||||
$userIdentifier = null,
|
?string $userIdentifier = null,
|
||||||
?string $authCodeId = null,
|
?string $authCodeId = null,
|
||||||
): array {
|
): array {
|
||||||
if (empty($scopes)) {
|
if (empty($scopes)) {
|
@ -1,15 +1,15 @@
|
|||||||
<?php
|
<?php
|
||||||
declare(strict_types=1);
|
declare(strict_types=1);
|
||||||
|
|
||||||
namespace api\components\OAuth2\Repositories;
|
namespace common\components\OAuth2\Repositories;
|
||||||
|
|
||||||
use api\components\OAuth2\Entities\ScopeEntity;
|
|
||||||
use api\rbac\Permissions as P;
|
use api\rbac\Permissions as P;
|
||||||
|
use common\components\OAuth2\Entities\ScopeEntity;
|
||||||
use League\OAuth2\Server\Entities\ClientEntityInterface;
|
use League\OAuth2\Server\Entities\ClientEntityInterface;
|
||||||
use League\OAuth2\Server\Entities\ScopeEntityInterface;
|
use League\OAuth2\Server\Entities\ScopeEntityInterface;
|
||||||
use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
|
use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
|
||||||
|
|
||||||
class PublicScopeRepository implements ScopeRepositoryInterface {
|
final class PublicScopeRepository implements ScopeRepositoryInterface {
|
||||||
|
|
||||||
public const string OFFLINE_ACCESS = 'offline_access';
|
public const string OFFLINE_ACCESS = 'offline_access';
|
||||||
public const string CHANGE_SKIN = 'change_skin';
|
public const string CHANGE_SKIN = 'change_skin';
|
||||||
@ -41,9 +41,9 @@ class PublicScopeRepository implements ScopeRepositoryInterface {
|
|||||||
|
|
||||||
public function finalizeScopes(
|
public function finalizeScopes(
|
||||||
array $scopes,
|
array $scopes,
|
||||||
$grantType,
|
string $grantType,
|
||||||
ClientEntityInterface $clientEntity,
|
ClientEntityInterface $clientEntity,
|
||||||
$userIdentifier = null,
|
?string $userIdentifier = null,
|
||||||
?string $authCodeId = null,
|
?string $authCodeId = null,
|
||||||
): array {
|
): array {
|
||||||
return $scopes;
|
return $scopes;
|
@ -1,12 +1,12 @@
|
|||||||
<?php
|
<?php
|
||||||
declare(strict_types=1);
|
declare(strict_types=1);
|
||||||
|
|
||||||
namespace api\components\OAuth2\Repositories;
|
namespace common\components\OAuth2\Repositories;
|
||||||
|
|
||||||
use League\OAuth2\Server\Entities\RefreshTokenEntityInterface;
|
use League\OAuth2\Server\Entities\RefreshTokenEntityInterface;
|
||||||
use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
|
use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
|
||||||
|
|
||||||
class RefreshTokenRepository implements RefreshTokenRepositoryInterface {
|
final class RefreshTokenRepository implements RefreshTokenRepositoryInterface {
|
||||||
|
|
||||||
public function getNewRefreshToken(): ?RefreshTokenEntityInterface {
|
public function getNewRefreshToken(): ?RefreshTokenEntityInterface {
|
||||||
return null;
|
return null;
|
||||||
@ -16,11 +16,11 @@ class RefreshTokenRepository implements RefreshTokenRepositoryInterface {
|
|||||||
// Do nothing
|
// Do nothing
|
||||||
}
|
}
|
||||||
|
|
||||||
public function revokeRefreshToken($tokenId): void {
|
public function revokeRefreshToken(string $tokenId): void {
|
||||||
// Do nothing
|
// Do nothing
|
||||||
}
|
}
|
||||||
|
|
||||||
public function isRefreshTokenRevoked($tokenId): bool {
|
public function isRefreshTokenRevoked(string $tokenId): bool {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
@ -0,0 +1,12 @@
|
|||||||
|
<?php
|
||||||
|
declare(strict_types=1);
|
||||||
|
|
||||||
|
namespace common\components\OAuth2\ResponseTypes;
|
||||||
|
|
||||||
|
use common\components\OAuth2\CryptTrait;
|
||||||
|
use League\OAuth2\Server\ResponseTypes\BearerTokenResponse as BaseBearerTokenResponse;
|
||||||
|
|
||||||
|
final class BearerTokenResponse extends BaseBearerTokenResponse {
|
||||||
|
use CryptTrait;
|
||||||
|
|
||||||
|
}
|
@ -26,6 +26,7 @@ return [
|
|||||||
'http://' . (getenv('CHRLY_HOST') ?: 'skinsystem.ely.by'),
|
'http://' . (getenv('CHRLY_HOST') ?: 'skinsystem.ely.by'),
|
||||||
],
|
],
|
||||||
],
|
],
|
||||||
|
League\OAuth2\Server\AuthorizationServer::class => common\components\OAuth2\AuthorizationServerFactory::build(...),
|
||||||
],
|
],
|
||||||
],
|
],
|
||||||
'components' => [
|
'components' => [
|
||||||
|
@ -5,151 +5,6 @@ parameters:
|
|||||||
count: 1
|
count: 1
|
||||||
path: api/components/ErrorHandler.php
|
path: api/components/ErrorHandler.php
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Property api\\\\components\\\\OAuth2\\\\Entities\\\\ScopeEntity\\:\\:\\$identifier \\(non\\-empty\\-string\\) does not accept string\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/components/OAuth2/Entities/ScopeEntity.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\components\\\\OAuth2\\\\Grants\\\\AuthCodeGrant\\:\\:decrypt\\(\\) has parameter \\$encryptedData with no type specified\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/components/OAuth2/Grants/AuthCodeGrant.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\components\\\\OAuth2\\\\Grants\\\\AuthCodeGrant\\:\\:encrypt\\(\\) has parameter \\$unencryptedData with no type specified\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/components/OAuth2/Grants/AuthCodeGrant.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\components\\\\OAuth2\\\\Grants\\\\ClientCredentialsGrant\\:\\:decrypt\\(\\) has parameter \\$encryptedData with no type specified\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/components/OAuth2/Grants/ClientCredentialsGrant.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\components\\\\OAuth2\\\\Grants\\\\ClientCredentialsGrant\\:\\:encrypt\\(\\) has parameter \\$unencryptedData with no type specified\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/components/OAuth2/Grants/ClientCredentialsGrant.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\components\\\\OAuth2\\\\Grants\\\\RefreshTokenGrant\\:\\:decrypt\\(\\) has parameter \\$encryptedData with no type specified\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/components/OAuth2/Grants/RefreshTokenGrant.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\components\\\\OAuth2\\\\Grants\\\\RefreshTokenGrant\\:\\:encrypt\\(\\) has parameter \\$unencryptedData with no type specified\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/components/OAuth2/Grants/RefreshTokenGrant.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\components\\\\OAuth2\\\\Grants\\\\RefreshTokenGrant\\:\\:validateAccessToken\\(\\) should return array\\{client_id\\: string, refresh_token_id\\?\\: string, access_token_id\\?\\: string, scopes\\: array\\<int, string\\>\\|null, user_id\\: string\\|null, expire_time\\: int\\|null\\} but returns array\\{client_id\\: string\\|null, refresh_token_id\\: '', access_token_id\\: '', scopes\\: array\\|null, user_id\\: int\\|null, expire_time\\: null\\}\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/components/OAuth2/Grants/RefreshTokenGrant.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\components\\\\OAuth2\\\\Grants\\\\RefreshTokenGrant\\:\\:validateLegacyRefreshToken\\(\\) return type has no value type specified in iterable type array\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/components/OAuth2/Grants/RefreshTokenGrant.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\components\\\\OAuth2\\\\Grants\\\\RefreshTokenGrant\\:\\:validateOldRefreshToken\\(\\) return type has no value type specified in iterable type array\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/components/OAuth2/Grants/RefreshTokenGrant.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\components\\\\OAuth2\\\\Repositories\\\\AccessTokenRepository\\:\\:isAccessTokenRevoked\\(\\) has parameter \\$tokenId with no type specified\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/components/OAuth2/Repositories/AccessTokenRepository.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\components\\\\OAuth2\\\\Repositories\\\\AccessTokenRepository\\:\\:revokeAccessToken\\(\\) has parameter \\$tokenId with no type specified\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/components/OAuth2/Repositories/AccessTokenRepository.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\components\\\\OAuth2\\\\Repositories\\\\AuthCodeRepository\\:\\:isAuthCodeRevoked\\(\\) has parameter \\$codeId with no type specified\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/components/OAuth2/Repositories/AuthCodeRepository.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\components\\\\OAuth2\\\\Repositories\\\\AuthCodeRepository\\:\\:revokeAuthCode\\(\\) has parameter \\$codeId with no type specified\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/components/OAuth2/Repositories/AuthCodeRepository.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\components\\\\OAuth2\\\\Repositories\\\\ClientRepository\\:\\:getClientEntity\\(\\) has parameter \\$clientId with no type specified\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/components/OAuth2/Repositories/ClientRepository.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\components\\\\OAuth2\\\\Repositories\\\\ClientRepository\\:\\:validateClient\\(\\) has parameter \\$clientId with no type specified\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/components/OAuth2/Repositories/ClientRepository.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\components\\\\OAuth2\\\\Repositories\\\\ClientRepository\\:\\:validateClient\\(\\) has parameter \\$clientSecret with no type specified\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/components/OAuth2/Repositories/ClientRepository.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\components\\\\OAuth2\\\\Repositories\\\\ClientRepository\\:\\:validateClient\\(\\) has parameter \\$grantType with no type specified\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/components/OAuth2/Repositories/ClientRepository.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Parameter \\#1 \\$id of class api\\\\components\\\\OAuth2\\\\Entities\\\\ClientEntity constructor expects non\\-empty\\-string, string given\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/components/OAuth2/Repositories/ClientRepository.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\components\\\\OAuth2\\\\Repositories\\\\EmptyScopeRepository\\:\\:finalizeScopes\\(\\) has parameter \\$grantType with no type specified\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/components/OAuth2/Repositories/EmptyScopeRepository.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\components\\\\OAuth2\\\\Repositories\\\\EmptyScopeRepository\\:\\:finalizeScopes\\(\\) has parameter \\$userIdentifier with no type specified\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/components/OAuth2/Repositories/EmptyScopeRepository.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\components\\\\OAuth2\\\\Repositories\\\\InternalScopeRepository\\:\\:finalizeScopes\\(\\) has parameter \\$grantType with no type specified\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/components/OAuth2/Repositories/InternalScopeRepository.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\components\\\\OAuth2\\\\Repositories\\\\InternalScopeRepository\\:\\:finalizeScopes\\(\\) has parameter \\$userIdentifier with no type specified\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/components/OAuth2/Repositories/InternalScopeRepository.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\components\\\\OAuth2\\\\Repositories\\\\PublicScopeRepository\\:\\:finalizeScopes\\(\\) has parameter \\$grantType with no type specified\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/components/OAuth2/Repositories/PublicScopeRepository.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\components\\\\OAuth2\\\\Repositories\\\\PublicScopeRepository\\:\\:finalizeScopes\\(\\) has parameter \\$userIdentifier with no type specified\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/components/OAuth2/Repositories/PublicScopeRepository.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\components\\\\OAuth2\\\\Repositories\\\\RefreshTokenRepository\\:\\:isRefreshTokenRevoked\\(\\) has parameter \\$tokenId with no type specified\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/components/OAuth2/Repositories/RefreshTokenRepository.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\components\\\\OAuth2\\\\Repositories\\\\RefreshTokenRepository\\:\\:revokeRefreshToken\\(\\) has parameter \\$tokenId with no type specified\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/components/OAuth2/Repositories/RefreshTokenRepository.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\components\\\\OAuth2\\\\ResponseTypes\\\\BearerTokenResponse\\:\\:decrypt\\(\\) has parameter \\$encryptedData with no type specified\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/components/OAuth2/ResponseTypes/BearerTokenResponse.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\components\\\\OAuth2\\\\ResponseTypes\\\\BearerTokenResponse\\:\\:encrypt\\(\\) has parameter \\$unencryptedData with no type specified\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/components/OAuth2/ResponseTypes/BearerTokenResponse.php
|
|
||||||
|
|
||||||
-
|
-
|
||||||
message: "#^Property api\\\\components\\\\ReCaptcha\\\\Component\\:\\:\\$public has no type specified\\.$#"
|
message: "#^Property api\\\\components\\\\ReCaptcha\\\\Component\\:\\:\\$public has no type specified\\.$#"
|
||||||
count: 1
|
count: 1
|
||||||
@ -220,11 +75,6 @@ parameters:
|
|||||||
count: 1
|
count: 1
|
||||||
path: api/components/Tokens/Component.php
|
path: api/components/Tokens/Component.php
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\components\\\\Tokens\\\\TokenReader\\:\\:getScopes\\(\\) return type has no value type specified in iterable type array\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/components/Tokens/TokenReader.php
|
|
||||||
|
|
||||||
-
|
-
|
||||||
message: "#^Property api\\\\components\\\\User\\\\Component\\:\\:\\$loginUrl type has no value type specified in iterable type array\\.$#"
|
message: "#^Property api\\\\components\\\\User\\\\Component\\:\\:\\$loginUrl type has no value type specified in iterable type array\\.$#"
|
||||||
count: 1
|
count: 1
|
||||||
@ -305,16 +155,6 @@ parameters:
|
|||||||
count: 1
|
count: 1
|
||||||
path: api/models/authentication/ConfirmEmailForm.php
|
path: api/models/authentication/ConfirmEmailForm.php
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Property api\\\\models\\\\authentication\\\\ForgotPasswordForm\\:\\:\\$captcha has no type specified\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/models/authentication/ForgotPasswordForm.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Property api\\\\models\\\\authentication\\\\ForgotPasswordForm\\:\\:\\$login has no type specified\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/models/authentication/ForgotPasswordForm.php
|
|
||||||
|
|
||||||
-
|
-
|
||||||
message: "#^Property api\\\\models\\\\authentication\\\\RecoverPasswordForm\\:\\:\\$key has no type specified\\.$#"
|
message: "#^Property api\\\\models\\\\authentication\\\\RecoverPasswordForm\\:\\:\\$key has no type specified\\.$#"
|
||||||
count: 1
|
count: 1
|
||||||
@ -695,46 +535,6 @@ parameters:
|
|||||||
count: 1
|
count: 1
|
||||||
path: api/modules/oauth/models/OauthClientTypeForm.php
|
path: api/modules/oauth/models/OauthClientTypeForm.php
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\modules\\\\oauth\\\\models\\\\OauthProcess\\:\\:buildCompleteErrorResponse\\(\\) return type has no value type specified in iterable type array\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/modules/oauth/models/OauthProcess.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\modules\\\\oauth\\\\models\\\\OauthProcess\\:\\:buildIssueErrorResponse\\(\\) return type has no value type specified in iterable type array\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/modules/oauth/models/OauthProcess.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\modules\\\\oauth\\\\models\\\\OauthProcess\\:\\:buildScopesArray\\(\\) return type has no value type specified in iterable type array\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/modules/oauth/models/OauthProcess.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\modules\\\\oauth\\\\models\\\\OauthProcess\\:\\:buildSuccessResponse\\(\\) return type has no value type specified in iterable type array\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/modules/oauth/models/OauthProcess.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\modules\\\\oauth\\\\models\\\\OauthProcess\\:\\:complete\\(\\) return type has no value type specified in iterable type array\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/modules/oauth/models/OauthProcess.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\modules\\\\oauth\\\\models\\\\OauthProcess\\:\\:getScopesList\\(\\) return type has no value type specified in iterable type array\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/modules/oauth/models/OauthProcess.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\modules\\\\oauth\\\\models\\\\OauthProcess\\:\\:getToken\\(\\) return type has no value type specified in iterable type array\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/modules/oauth/models/OauthProcess.php
|
|
||||||
|
|
||||||
-
|
|
||||||
message: "#^Method api\\\\modules\\\\oauth\\\\models\\\\OauthProcess\\:\\:validate\\(\\) return type has no value type specified in iterable type array\\.$#"
|
|
||||||
count: 1
|
|
||||||
path: api/modules/oauth/models/OauthProcess.php
|
|
||||||
|
|
||||||
-
|
-
|
||||||
message: "#^Method api\\\\modules\\\\session\\\\Module\\:\\:error\\(\\) has parameter \\$message with no type specified\\.$#"
|
message: "#^Method api\\\\modules\\\\session\\\\Module\\:\\:error\\(\\) has parameter \\$message with no type specified\\.$#"
|
||||||
count: 1
|
count: 1
|
||||||
|
Loading…
Reference in New Issue
Block a user