ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2024-11-27 01:02:12 +05:30
Code Issues Packages Projects Releases Wiki Activity

Removed chmod from CryptKey and add toggle to disable checking

Browse Source
This commit is contained in:
Yannick de Lange 2017-08-01 14:59:21 +02:00
parent 7c2218fdcc
commit 2aca909d20
2 changed files with 18 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/CryptKey.php
View File

@ -29,8 +29,9 @@ class CryptKey
/** /**
* @param string $keyPath * @param string $keyPath
* @param null|string $passPhrase * @param null|string $passPhrase
* @param bool $keyPermissionsCheck
*/ */
public function __construct($keyPath, $passPhrase = null) public function __construct($keyPath, $passPhrase = null, $keyPermissionsCheck = true)
{ {
if (preg_match(self::RSA_KEY_PATTERN, $keyPath)) { if (preg_match(self::RSA_KEY_PATTERN, $keyPath)) {
$keyPath = $this->saveKeyToFile($keyPath); $keyPath = $this->saveKeyToFile($keyPath);
@ -44,21 +45,15 @@ class CryptKey
throw new \LogicException(sprintf('Key path "%s" does not exist or is not readable', $keyPath)); throw new \LogicException(sprintf('Key path "%s" does not exist or is not readable', $keyPath));
} }
if ($keyPermissionsCheck === true) {
// Verify the permissions of the key // Verify the permissions of the key
$keyPathPerms = decoct(fileperms($keyPath) & 0777); $keyPathPerms = decoct(fileperms($keyPath) & 0777);
if ($keyPathPerms !== '600') { if (in_array($keyPathPerms, ['600', '660'], true) === false) {
// Attempt to correct the permissions trigger_error(sprintf(
if (chmod($keyPath, 0600) === false) { 'Key file "%s" permissions are not correct, should be 600 or 660 instead of %s',
// @codeCoverageIgnoreStart
trigger_error(
sprintf(
'Key file "%s" permissions are not correct, should be 600 instead of %s, unable to automatically resolve the issue',
$keyPath, $keyPath,
$keyPathPerms $keyPathPerms
), ), E_USER_NOTICE);
E_USER_NOTICE
);
// @codeCoverageIgnoreEnd
} }
} }

7
tests/AuthorizationServerTest.php
View File

@ -26,6 +26,13 @@ use Zend\Diactoros\ServerRequestFactory;
class AuthorizationServerTest extends \PHPUnit_Framework_TestCase class AuthorizationServerTest extends \PHPUnit_Framework_TestCase
{ {
public function setUp()
{
// Make sure the keys have the correct permissions.
chmod(__DIR__ . '/Stubs/private.key', 0600);
chmod(__DIR__ . '/Stubs/public.key', 0600);
}
public function testRespondToRequestInvalidGrantType() public function testRespondToRequestInvalidGrantType()
{ {
$server = new AuthorizationServer( $server = new AuthorizationServer(