Fix phpstan issues

This commit is contained in:
sephster 2019-07-01 19:17:43 +01:00
parent 7bc1ec643e
commit c4c354e2df
No known key found for this signature in database
GPG Key ID: 077754CA23023F4F
15 changed files with 79 additions and 46 deletions

View File

@ -1,8 +1,6 @@
includes: includes:
- vendor/phpstan/phpstan-phpunit/extension.neon - vendor/phpstan/phpstan-phpunit/extension.neon
- vendor/phpstan/phpstan-phpunit/rules.neon - vendor/phpstan/phpstan-phpunit/rules.neon
- vendor/phpstan/phpstan-phpunit/strictRules.neon
- vendor/phpstan/phpstan-strict-rules/rules.neon
services: services:
- -
class: LeagueTests\PHPStan\AbstractGrantExtension class: LeagueTests\PHPStan\AbstractGrantExtension

View File

@ -63,7 +63,7 @@ class BearerTokenValidator implements AuthorizationValidatorInterface
} }
$header = $request->getHeader('authorization'); $header = $request->getHeader('authorization');
$jwt = trim(preg_replace('/^(?:\s+)?Bearer\s/', '', $header[0])); $jwt = trim((string) preg_replace('/^(?:\s+)?Bearer\s/', '', $header[0]));
try { try {
// Attempt to parse and validate the JWT // Attempt to parse and validate the JWT

View File

@ -19,7 +19,7 @@ use LogicException;
trait CryptTrait trait CryptTrait
{ {
/** /**
* @var string|Key * @var string|Key|null
*/ */
protected $encryptionKey; protected $encryptionKey;
@ -39,9 +39,13 @@ trait CryptTrait
return Crypto::encrypt($unencryptedData, $this->encryptionKey); return Crypto::encrypt($unencryptedData, $this->encryptionKey);
} }
return Crypto::encryptWithPassword($unencryptedData, $this->encryptionKey); if (is_string($this->encryptionKey)) {
return Crypto::encryptWithPassword($unencryptedData, $this->encryptionKey);
}
throw new LogicException('Encryption key not set when attempting to encrypt');
} catch (Exception $e) { } catch (Exception $e) {
throw new LogicException($e->getMessage(), null, $e); throw new LogicException($e->getMessage(), 0, $e);
} }
} }
@ -61,9 +65,13 @@ trait CryptTrait
return Crypto::decrypt($encryptedData, $this->encryptionKey); return Crypto::decrypt($encryptedData, $this->encryptionKey);
} }
return Crypto::decryptWithPassword($encryptedData, $this->encryptionKey); if (is_string($this->encryptionKey)) {
return Crypto::decryptWithPassword($encryptedData, $this->encryptionKey);
}
throw new LogicException('Encryption key not set when attempting to decrypt');
} catch (Exception $e) { } catch (Exception $e) {
throw new LogicException($e->getMessage(), null, $e); throw new LogicException($e->getMessage(), 0, $e);
} }
} }

View File

@ -48,7 +48,7 @@ trait AccessTokenTrait
->setIssuedAt(time()) ->setIssuedAt(time())
->setNotBefore(time()) ->setNotBefore(time())
->setExpiration($this->getExpiryDateTime()->getTimestamp()) ->setExpiration($this->getExpiryDateTime()->getTimestamp())
->setSubject($this->getUserIdentifier()) ->setSubject((string) $this->getUserIdentifier())
->set('scopes', $this->getScopes()) ->set('scopes', $this->getScopes())
->sign(new Sha256(), new Key($privateKey->getKeyPath(), $privateKey->getPassPhrase())) ->sign(new Sha256(), new Key($privateKey->getKeyPath(), $privateKey->getPassPhrase()))
->getToken(); ->getToken();

View File

@ -308,7 +308,9 @@ class OAuthServerException extends Exception
$response = $response->withHeader($header, $content); $response = $response->withHeader($header, $content);
} }
$response->getBody()->write(json_encode($payload, $jsonOptions)); $responseBody = json_encode($payload, $jsonOptions) ?: 'JSON encoding of payload failed';
$response->getBody()->write($responseBody);
return $response->withStatus($this->getHttpStatusCode()); return $response->withStatus($this->getHttpStatusCode());
} }

View File

@ -185,7 +185,7 @@ abstract class AbstractGrant implements GrantTypeInterface
throw OAuthServerException::invalidClient($request); throw OAuthServerException::invalidClient($request);
} }
$client = $this->clientRepository->getClientEntity($clientId); $client = $this->getClientEntityOrFail($clientId, $request);
// If a redirect URI is provided ensure it matches what is pre-registered // If a redirect URI is provided ensure it matches what is pre-registered
$redirectUri = $this->getRequestParameter('redirect_uri', $request, null); $redirectUri = $this->getRequestParameter('redirect_uri', $request, null);

View File

@ -142,19 +142,21 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
); );
} }
if (isset($this->codeChallengeVerifiers[$authCodePayload->code_challenge_method])) { if (property_exists($authCodePayload, 'code_challenge_method')) {
$codeChallengeVerifier = $this->codeChallengeVerifiers[$authCodePayload->code_challenge_method]; if (isset($this->codeChallengeVerifiers[$authCodePayload->code_challenge_method])) {
$codeChallengeVerifier = $this->codeChallengeVerifiers[$authCodePayload->code_challenge_method];
if ($codeChallengeVerifier->verifyCodeChallenge($codeVerifier, $authCodePayload->code_challenge) === false) { if ($codeChallengeVerifier->verifyCodeChallenge($codeVerifier, $authCodePayload->code_challenge) === false) {
throw OAuthServerException::invalidGrant('Failed to verify `code_verifier`.'); throw OAuthServerException::invalidGrant('Failed to verify `code_verifier`.');
}
} else {
throw OAuthServerException::serverError(
sprintf(
'Unsupported code challenge method `%s`',
$authCodePayload->code_challenge_method
)
);
} }
} else {
throw OAuthServerException::serverError(
sprintf(
'Unsupported code challenge method `%s`',
$authCodePayload->code_challenge_method
)
);
} }
} }
@ -351,12 +353,18 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
'code_challenge_method' => $authorizationRequest->getCodeChallengeMethod(), 'code_challenge_method' => $authorizationRequest->getCodeChallengeMethod(),
]; ];
$jsonPayload = json_encode($payload);
if ($jsonPayload === false) {
throw new LogicException('An error was encountered when JSON encoding the authorization request response');
}
$response = new RedirectResponse(); $response = new RedirectResponse();
$response->setRedirectUri( $response->setRedirectUri(
$this->makeRedirectUri( $this->makeRedirectUri(
$finalRedirectUri, $finalRedirectUri,
[ [
'code' => $this->encrypt(json_encode($payload)), 'code' => $this->encrypt($jsonPayload),
'state' => $authorizationRequest->getState(), 'state' => $authorizationRequest->getState(),
] ]
) )

View File

@ -21,7 +21,7 @@ interface ClientRepositoryInterface extends RepositoryInterface
* *
* @param string $clientIdentifier The client's identifier * @param string $clientIdentifier The client's identifier
* *
* @return ClientEntityInterface * @return ClientEntityInterface|null
*/ */
public function getClientEntity($clientIdentifier); public function getClientEntity($clientIdentifier);

View File

@ -22,7 +22,7 @@ interface ScopeRepositoryInterface extends RepositoryInterface
* *
* @param string $identifier The scope identifier * @param string $identifier The scope identifier
* *
* @return ScopeEntityInterface * @return ScopeEntityInterface|null
*/ */
public function getScopeEntityByIdentifier($identifier); public function getScopeEntityByIdentifier($identifier);

View File

@ -22,7 +22,7 @@ interface UserRepositoryInterface extends RepositoryInterface
* @param string $grantType The grant type used * @param string $grantType The grant type used
* @param ClientEntityInterface $clientEntity * @param ClientEntityInterface $clientEntity
* *
* @return UserEntityInterface * @return UserEntityInterface|null
*/ */
public function getUserEntityByUserCredentials( public function getUserEntityByUserCredentials(
$username, $username,

View File

@ -111,7 +111,7 @@ class AuthorizationRequest
} }
/** /**
* @return UserEntityInterface * @return UserEntityInterface|null
*/ */
public function getUser() public function getUser()
{ {

View File

@ -14,6 +14,7 @@ namespace League\OAuth2\Server\ResponseTypes;
use League\OAuth2\Server\Entities\AccessTokenEntityInterface; use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
use League\OAuth2\Server\Entities\RefreshTokenEntityInterface; use League\OAuth2\Server\Entities\RefreshTokenEntityInterface;
use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ResponseInterface;
use \LogicException;
class BearerTokenResponse extends AbstractResponseType class BearerTokenResponse extends AbstractResponseType
{ {
@ -31,23 +32,27 @@ class BearerTokenResponse extends AbstractResponseType
]; ];
if ($this->refreshToken instanceof RefreshTokenEntityInterface) { if ($this->refreshToken instanceof RefreshTokenEntityInterface) {
$refreshToken = $this->encrypt( $refreshTokenPayload = json_encode([
json_encode( 'client_id' => $this->accessToken->getClient()->getIdentifier(),
[ 'refresh_token_id' => $this->refreshToken->getIdentifier(),
'client_id' => $this->accessToken->getClient()->getIdentifier(), 'access_token_id' => $this->accessToken->getIdentifier(),
'refresh_token_id' => $this->refreshToken->getIdentifier(), 'scopes' => $this->accessToken->getScopes(),
'access_token_id' => $this->accessToken->getIdentifier(), 'user_id' => $this->accessToken->getUserIdentifier(),
'scopes' => $this->accessToken->getScopes(), 'expire_time' => $this->refreshToken->getExpiryDateTime()->getTimestamp(),
'user_id' => $this->accessToken->getUserIdentifier(), ]);
'expire_time' => $this->refreshToken->getExpiryDateTime()->getTimestamp(),
]
)
);
$responseParams['refresh_token'] = $refreshToken; if ($refreshTokenPayload === false) {
throw new LogicException('Error encountered JSON encoding the refresh token payload');
}
$responseParams['refresh_token'] = $this->encrypt($refreshTokenPayload);
} }
$responseParams = array_merge($this->getExtraParams($this->accessToken), $responseParams); $responseParams = json_encode(array_merge($this->getExtraParams($this->accessToken), $responseParams));
if ($responseParams === false) {
throw new LogicException('Error encountered JSON encoding response parameters');
}
$response = $response $response = $response
->withStatus(200) ->withStatus(200)
@ -55,7 +60,7 @@ class BearerTokenResponse extends AbstractResponseType
->withHeader('cache-control', 'no-store') ->withHeader('cache-control', 'no-store')
->withHeader('content-type', 'application/json; charset=UTF-8'); ->withHeader('content-type', 'application/json; charset=UTF-8');
$response->getBody()->write(json_encode($responseParams)); $response->getBody()->write($responseParams);
return $response; return $response;
} }

View File

@ -85,7 +85,9 @@ class OAuthServerExceptionTest extends TestCase
$previous = new Exception('This is the previous'); $previous = new Exception('This is the previous');
$exceptionWithPrevious = OAuthServerException::accessDenied(null, null, $previous); $exceptionWithPrevious = OAuthServerException::accessDenied(null, null, $previous);
$this->assertSame('This is the previous', $exceptionWithPrevious->getPrevious()->getMessage()); $previousMessage = $exceptionWithPrevious->getPrevious() !== null ? $exceptionWithPrevious->getPrevious()->getMessage() : null;
$this->assertSame('This is the previous', $previousMessage);
} }
public function testDoesNotHavePrevious() public function testDoesNotHavePrevious()

View File

@ -273,7 +273,7 @@ class ImplicitGrantTest extends TestCase
$accessToken = new AccessTokenEntity(); $accessToken = new AccessTokenEntity();
$accessToken->setClient($client); $accessToken->setClient($client);
/** @var AccessTokenRepositoryInterface|\PHPUnit_Framework_MockObject_MockObject $accessTokenRepositoryMock */ /** @var AccessTokenRepositoryInterface|\PHPUnit\Framework\MockObject\MockObject $accessTokenRepositoryMock */
$accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock(); $accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
$accessTokenRepositoryMock->method('getNewToken')->willReturn($accessToken); $accessTokenRepositoryMock->method('getNewToken')->willReturn($accessToken);
$accessTokenRepositoryMock->expects($this->at(0))->method('persistNewAccessToken')->willThrowException(UniqueTokenIdentifierConstraintViolationException::create()); $accessTokenRepositoryMock->expects($this->at(0))->method('persistNewAccessToken')->willThrowException(UniqueTokenIdentifierConstraintViolationException::create());
@ -298,7 +298,7 @@ class ImplicitGrantTest extends TestCase
$authRequest->setGrantTypeId('authorization_code'); $authRequest->setGrantTypeId('authorization_code');
$authRequest->setUser(new UserEntity()); $authRequest->setUser(new UserEntity());
/** @var AccessTokenRepositoryInterface|\PHPUnit_Framework_MockObject_MockObject $accessTokenRepositoryMock */ /** @var AccessTokenRepositoryInterface|\PHPUnit\Framework\MockObject\MockObject $accessTokenRepositoryMock */
$accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock(); $accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
$accessTokenRepositoryMock->method('getNewToken')->willReturn(new AccessTokenEntity()); $accessTokenRepositoryMock->method('getNewToken')->willReturn(new AccessTokenEntity());
$accessTokenRepositoryMock->method('persistNewAccessToken')->willThrowException(OAuthServerException::serverError('something bad happened')); $accessTokenRepositoryMock->method('persistNewAccessToken')->willThrowException(OAuthServerException::serverError('something bad happened'));
@ -325,7 +325,7 @@ class ImplicitGrantTest extends TestCase
$authRequest->setGrantTypeId('authorization_code'); $authRequest->setGrantTypeId('authorization_code');
$authRequest->setUser(new UserEntity()); $authRequest->setUser(new UserEntity());
/** @var AccessTokenRepositoryInterface|\PHPUnit_Framework_MockObject_MockObject $accessTokenRepositoryMock */ /** @var AccessTokenRepositoryInterface|\PHPUnit\Framework\MockObject\MockObject $accessTokenRepositoryMock */
$accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock(); $accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
$accessTokenRepositoryMock->method('getNewToken')->willReturn(new AccessTokenEntity()); $accessTokenRepositoryMock->method('getNewToken')->willReturn(new AccessTokenEntity());
$accessTokenRepositoryMock->method('persistNewAccessToken')->willThrowException(UniqueTokenIdentifierConstraintViolationException::create()); $accessTokenRepositoryMock->method('persistNewAccessToken')->willThrowException(UniqueTokenIdentifierConstraintViolationException::create());

View File

@ -26,6 +26,11 @@ class CryptKeyTest extends TestCase
public function testKeyFileCreation() public function testKeyFileCreation()
{ {
$keyContent = file_get_contents(__DIR__ . '/../Stubs/public.key'); $keyContent = file_get_contents(__DIR__ . '/../Stubs/public.key');
if (!is_string($keyContent)) {
$this->fail('The public key stub is not a string');
}
$key = new CryptKey($keyContent); $key = new CryptKey($keyContent);
$this->assertEquals( $this->assertEquals(
@ -34,6 +39,11 @@ class CryptKeyTest extends TestCase
); );
$keyContent = file_get_contents(__DIR__ . '/../Stubs/private.key.crlf'); $keyContent = file_get_contents(__DIR__ . '/../Stubs/private.key.crlf');
if (!is_string($keyContent)) {
$this->fail('The private key (crlf) stub is not a string');
}
$key = new CryptKey($keyContent); $key = new CryptKey($keyContent);
$this->assertEquals( $this->assertEquals(