mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-11-08 13:42:25 +05:30
Fix phpstan issues
This commit is contained in:
sephster
parent
7bc1ec643e
commit
c4c354e2df
@ -1,8 +1,6 @@
|
|||||||
includes:
|
includes:
|
||||||
- vendor/phpstan/phpstan-phpunit/extension.neon
|
- vendor/phpstan/phpstan-phpunit/extension.neon
|
||||||
- vendor/phpstan/phpstan-phpunit/rules.neon
|
- vendor/phpstan/phpstan-phpunit/rules.neon
|
||||||
- vendor/phpstan/phpstan-phpunit/strictRules.neon
|
|
||||||
- vendor/phpstan/phpstan-strict-rules/rules.neon
|
|
||||||
services:
|
services:
|
||||||
-
|
-
|
||||||
class: LeagueTests\PHPStan\AbstractGrantExtension
|
class: LeagueTests\PHPStan\AbstractGrantExtension
|
||||||
|
|||||||
@ -63,7 +63,7 @@ class BearerTokenValidator implements AuthorizationValidatorInterface
|
|||||||
}
|
}
|
||||||
|
|
||||||
$header = $request->getHeader('authorization');
|
$header = $request->getHeader('authorization');
|
||||||
$jwt = trim(preg_replace('/^(?:\s+)?Bearer\s/', '', $header[0]));
|
$jwt = trim((string) preg_replace('/^(?:\s+)?Bearer\s/', '', $header[0]));
|
||||||
|
|
||||||
try {
|
try {
|
||||||
// Attempt to parse and validate the JWT
|
// Attempt to parse and validate the JWT
|
||||||
|
|||||||
@ -19,7 +19,7 @@ use LogicException;
|
|||||||
trait CryptTrait
|
trait CryptTrait
|
||||||
{
|
{
|
||||||
/**
|
/**
|
||||||
* @var string|Key
|
* @var string|Key|null
|
||||||
*/
|
*/
|
||||||
protected $encryptionKey;
|
protected $encryptionKey;
|
||||||
|
|
||||||
@ -39,9 +39,13 @@ trait CryptTrait
|
|||||||
return Crypto::encrypt($unencryptedData, $this->encryptionKey);
|
return Crypto::encrypt($unencryptedData, $this->encryptionKey);
|
||||||
}
|
}
|
||||||
|
|
||||||
return Crypto::encryptWithPassword($unencryptedData, $this->encryptionKey);
|
if (is_string($this->encryptionKey)) {
|
||||||
|
return Crypto::encryptWithPassword($unencryptedData, $this->encryptionKey);
|
||||||
|
}
|
||||||
|
|
||||||
|
throw new LogicException('Encryption key not set when attempting to encrypt');
|
||||||
} catch (Exception $e) {
|
} catch (Exception $e) {
|
||||||
throw new LogicException($e->getMessage(), null, $e);
|
throw new LogicException($e->getMessage(), 0, $e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -61,9 +65,13 @@ trait CryptTrait
|
|||||||
return Crypto::decrypt($encryptedData, $this->encryptionKey);
|
return Crypto::decrypt($encryptedData, $this->encryptionKey);
|
||||||
}
|
}
|
||||||
|
|
||||||
return Crypto::decryptWithPassword($encryptedData, $this->encryptionKey);
|
if (is_string($this->encryptionKey)) {
|
||||||
|
return Crypto::decryptWithPassword($encryptedData, $this->encryptionKey);
|
||||||
|
}
|
||||||
|
|
||||||
|
throw new LogicException('Encryption key not set when attempting to decrypt');
|
||||||
} catch (Exception $e) {
|
} catch (Exception $e) {
|
||||||
throw new LogicException($e->getMessage(), null, $e);
|
throw new LogicException($e->getMessage(), 0, $e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -48,7 +48,7 @@ trait AccessTokenTrait
|
|||||||
->setIssuedAt(time())
|
->setIssuedAt(time())
|
||||||
->setNotBefore(time())
|
->setNotBefore(time())
|
||||||
->setExpiration($this->getExpiryDateTime()->getTimestamp())
|
->setExpiration($this->getExpiryDateTime()->getTimestamp())
|
||||||
->setSubject($this->getUserIdentifier())
|
->setSubject((string) $this->getUserIdentifier())
|
||||||
->set('scopes', $this->getScopes())
|
->set('scopes', $this->getScopes())
|
||||||
->sign(new Sha256(), new Key($privateKey->getKeyPath(), $privateKey->getPassPhrase()))
|
->sign(new Sha256(), new Key($privateKey->getKeyPath(), $privateKey->getPassPhrase()))
|
||||||
->getToken();
|
->getToken();
|
||||||
|
|||||||
@ -308,7 +308,9 @@ class OAuthServerException extends Exception
|
|||||||
$response = $response->withHeader($header, $content);
|
$response = $response->withHeader($header, $content);
|
||||||
}
|
}
|
||||||
|
|
||||||
$response->getBody()->write(json_encode($payload, $jsonOptions));
|
$responseBody = json_encode($payload, $jsonOptions) ?: 'JSON encoding of payload failed';
|
||||||
|
|
||||||
|
$response->getBody()->write($responseBody);
|
||||||
|
|
||||||
return $response->withStatus($this->getHttpStatusCode());
|
return $response->withStatus($this->getHttpStatusCode());
|
||||||
}
|
}
|
||||||
|
|||||||
@ -185,7 +185,7 @@ abstract class AbstractGrant implements GrantTypeInterface
|
|||||||
throw OAuthServerException::invalidClient($request);
|
throw OAuthServerException::invalidClient($request);
|
||||||
}
|
}
|
||||||
|
|
||||||
$client = $this->clientRepository->getClientEntity($clientId);
|
$client = $this->getClientEntityOrFail($clientId, $request);
|
||||||
|
|
||||||
// If a redirect URI is provided ensure it matches what is pre-registered
|
// If a redirect URI is provided ensure it matches what is pre-registered
|
||||||
$redirectUri = $this->getRequestParameter('redirect_uri', $request, null);
|
$redirectUri = $this->getRequestParameter('redirect_uri', $request, null);
|
||||||
|
|||||||
@ -142,19 +142,21 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (isset($this->codeChallengeVerifiers[$authCodePayload->code_challenge_method])) {
|
if (property_exists($authCodePayload, 'code_challenge_method')) {
|
||||||
$codeChallengeVerifier = $this->codeChallengeVerifiers[$authCodePayload->code_challenge_method];
|
if (isset($this->codeChallengeVerifiers[$authCodePayload->code_challenge_method])) {
|
||||||
|
$codeChallengeVerifier = $this->codeChallengeVerifiers[$authCodePayload->code_challenge_method];
|
||||||
|
|
||||||
if ($codeChallengeVerifier->verifyCodeChallenge($codeVerifier, $authCodePayload->code_challenge) === false) {
|
if ($codeChallengeVerifier->verifyCodeChallenge($codeVerifier, $authCodePayload->code_challenge) === false) {
|
||||||
throw OAuthServerException::invalidGrant('Failed to verify `code_verifier`.');
|
throw OAuthServerException::invalidGrant('Failed to verify `code_verifier`.');
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
throw OAuthServerException::serverError(
|
||||||
|
sprintf(
|
||||||
|
'Unsupported code challenge method `%s`',
|
||||||
|
$authCodePayload->code_challenge_method
|
||||||
|
)
|
||||||
|
);
|
||||||
}
|
}
|
||||||
} else {
|
|
||||||
throw OAuthServerException::serverError(
|
|
||||||
sprintf(
|
|
||||||
'Unsupported code challenge method `%s`',
|
|
||||||
$authCodePayload->code_challenge_method
|
|
||||||
)
|
|
||||||
);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -351,12 +353,18 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
|
|||||||
'code_challenge_method' => $authorizationRequest->getCodeChallengeMethod(),
|
'code_challenge_method' => $authorizationRequest->getCodeChallengeMethod(),
|
||||||
];
|
];
|
||||||
|
|
||||||
|
$jsonPayload = json_encode($payload);
|
||||||
|
|
||||||
|
if ($jsonPayload === false) {
|
||||||
|
throw new LogicException('An error was encountered when JSON encoding the authorization request response');
|
||||||
|
}
|
||||||
|
|
||||||
$response = new RedirectResponse();
|
$response = new RedirectResponse();
|
||||||
$response->setRedirectUri(
|
$response->setRedirectUri(
|
||||||
$this->makeRedirectUri(
|
$this->makeRedirectUri(
|
||||||
$finalRedirectUri,
|
$finalRedirectUri,
|
||||||
[
|
[
|
||||||
'code' => $this->encrypt(json_encode($payload)),
|
'code' => $this->encrypt($jsonPayload),
|
||||||
'state' => $authorizationRequest->getState(),
|
'state' => $authorizationRequest->getState(),
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
|
|||||||
@ -21,7 +21,7 @@ interface ClientRepositoryInterface extends RepositoryInterface
|
|||||||
*
|
*
|
||||||
* @param string $clientIdentifier The client's identifier
|
* @param string $clientIdentifier The client's identifier
|
||||||
*
|
*
|
||||||
* @return ClientEntityInterface
|
* @return ClientEntityInterface|null
|
||||||
*/
|
*/
|
||||||
public function getClientEntity($clientIdentifier);
|
public function getClientEntity($clientIdentifier);
|
||||||
|
|
||||||
|
|||||||
@ -22,7 +22,7 @@ interface ScopeRepositoryInterface extends RepositoryInterface
|
|||||||
*
|
*
|
||||||
* @param string $identifier The scope identifier
|
* @param string $identifier The scope identifier
|
||||||
*
|
*
|
||||||
* @return ScopeEntityInterface
|
* @return ScopeEntityInterface|null
|
||||||
*/
|
*/
|
||||||
public function getScopeEntityByIdentifier($identifier);
|
public function getScopeEntityByIdentifier($identifier);
|
||||||
|
|
||||||
|
|||||||
@ -22,7 +22,7 @@ interface UserRepositoryInterface extends RepositoryInterface
|
|||||||
* @param string $grantType The grant type used
|
* @param string $grantType The grant type used
|
||||||
* @param ClientEntityInterface $clientEntity
|
* @param ClientEntityInterface $clientEntity
|
||||||
*
|
*
|
||||||
* @return UserEntityInterface
|
* @return UserEntityInterface|null
|
||||||
*/
|
*/
|
||||||
public function getUserEntityByUserCredentials(
|
public function getUserEntityByUserCredentials(
|
||||||
$username,
|
$username,
|
||||||
|
|||||||
@ -111,7 +111,7 @@ class AuthorizationRequest
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return UserEntityInterface
|
* @return UserEntityInterface|null
|
||||||
*/
|
*/
|
||||||
public function getUser()
|
public function getUser()
|
||||||
{
|
{
|
||||||
|
|||||||
@ -14,6 +14,7 @@ namespace League\OAuth2\Server\ResponseTypes;
|
|||||||
use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
|
use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
|
||||||
use League\OAuth2\Server\Entities\RefreshTokenEntityInterface;
|
use League\OAuth2\Server\Entities\RefreshTokenEntityInterface;
|
||||||
use Psr\Http\Message\ResponseInterface;
|
use Psr\Http\Message\ResponseInterface;
|
||||||
|
use \LogicException;
|
||||||
|
|
||||||
class BearerTokenResponse extends AbstractResponseType
|
class BearerTokenResponse extends AbstractResponseType
|
||||||
{
|
{
|
||||||
@ -31,23 +32,27 @@ class BearerTokenResponse extends AbstractResponseType
|
|||||||
];
|
];
|
||||||
|
|
||||||
if ($this->refreshToken instanceof RefreshTokenEntityInterface) {
|
if ($this->refreshToken instanceof RefreshTokenEntityInterface) {
|
||||||
$refreshToken = $this->encrypt(
|
$refreshTokenPayload = json_encode([
|
||||||
json_encode(
|
'client_id' => $this->accessToken->getClient()->getIdentifier(),
|
||||||
[
|
'refresh_token_id' => $this->refreshToken->getIdentifier(),
|
||||||
'client_id' => $this->accessToken->getClient()->getIdentifier(),
|
'access_token_id' => $this->accessToken->getIdentifier(),
|
||||||
'refresh_token_id' => $this->refreshToken->getIdentifier(),
|
'scopes' => $this->accessToken->getScopes(),
|
||||||
'access_token_id' => $this->accessToken->getIdentifier(),
|
'user_id' => $this->accessToken->getUserIdentifier(),
|
||||||
'scopes' => $this->accessToken->getScopes(),
|
'expire_time' => $this->refreshToken->getExpiryDateTime()->getTimestamp(),
|
||||||
'user_id' => $this->accessToken->getUserIdentifier(),
|
]);
|
||||||
'expire_time' => $this->refreshToken->getExpiryDateTime()->getTimestamp(),
|
|
||||||
]
|
|
||||||
)
|
|
||||||
);
|
|
||||||
|
|
||||||
$responseParams['refresh_token'] = $refreshToken;
|
if ($refreshTokenPayload === false) {
|
||||||
|
throw new LogicException('Error encountered JSON encoding the refresh token payload');
|
||||||
|
}
|
||||||
|
|
||||||
|
$responseParams['refresh_token'] = $this->encrypt($refreshTokenPayload);
|
||||||
}
|
}
|
||||||
|
|
||||||
$responseParams = array_merge($this->getExtraParams($this->accessToken), $responseParams);
|
$responseParams = json_encode(array_merge($this->getExtraParams($this->accessToken), $responseParams));
|
||||||
|
|
||||||
|
if ($responseParams === false) {
|
||||||
|
throw new LogicException('Error encountered JSON encoding response parameters');
|
||||||
|
}
|
||||||
|
|
||||||
$response = $response
|
$response = $response
|
||||||
->withStatus(200)
|
->withStatus(200)
|
||||||
@ -55,7 +60,7 @@ class BearerTokenResponse extends AbstractResponseType
|
|||||||
->withHeader('cache-control', 'no-store')
|
->withHeader('cache-control', 'no-store')
|
||||||
->withHeader('content-type', 'application/json; charset=UTF-8');
|
->withHeader('content-type', 'application/json; charset=UTF-8');
|
||||||
|
|
||||||
$response->getBody()->write(json_encode($responseParams));
|
$response->getBody()->write($responseParams);
|
||||||
|
|
||||||
return $response;
|
return $response;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -85,7 +85,9 @@ class OAuthServerExceptionTest extends TestCase
|
|||||||
$previous = new Exception('This is the previous');
|
$previous = new Exception('This is the previous');
|
||||||
$exceptionWithPrevious = OAuthServerException::accessDenied(null, null, $previous);
|
$exceptionWithPrevious = OAuthServerException::accessDenied(null, null, $previous);
|
||||||
|
|
||||||
$this->assertSame('This is the previous', $exceptionWithPrevious->getPrevious()->getMessage());
|
$previousMessage = $exceptionWithPrevious->getPrevious() !== null ? $exceptionWithPrevious->getPrevious()->getMessage() : null;
|
||||||
|
|
||||||
|
$this->assertSame('This is the previous', $previousMessage);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testDoesNotHavePrevious()
|
public function testDoesNotHavePrevious()
|
||||||
|
|||||||
@ -273,7 +273,7 @@ class ImplicitGrantTest extends TestCase
|
|||||||
$accessToken = new AccessTokenEntity();
|
$accessToken = new AccessTokenEntity();
|
||||||
$accessToken->setClient($client);
|
$accessToken->setClient($client);
|
||||||
|
|
||||||
/** @var AccessTokenRepositoryInterface|\PHPUnit_Framework_MockObject_MockObject $accessTokenRepositoryMock */
|
/** @var AccessTokenRepositoryInterface|\PHPUnit\Framework\MockObject\MockObject $accessTokenRepositoryMock */
|
||||||
$accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
|
$accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
|
||||||
$accessTokenRepositoryMock->method('getNewToken')->willReturn($accessToken);
|
$accessTokenRepositoryMock->method('getNewToken')->willReturn($accessToken);
|
||||||
$accessTokenRepositoryMock->expects($this->at(0))->method('persistNewAccessToken')->willThrowException(UniqueTokenIdentifierConstraintViolationException::create());
|
$accessTokenRepositoryMock->expects($this->at(0))->method('persistNewAccessToken')->willThrowException(UniqueTokenIdentifierConstraintViolationException::create());
|
||||||
@ -298,7 +298,7 @@ class ImplicitGrantTest extends TestCase
|
|||||||
$authRequest->setGrantTypeId('authorization_code');
|
$authRequest->setGrantTypeId('authorization_code');
|
||||||
$authRequest->setUser(new UserEntity());
|
$authRequest->setUser(new UserEntity());
|
||||||
|
|
||||||
/** @var AccessTokenRepositoryInterface|\PHPUnit_Framework_MockObject_MockObject $accessTokenRepositoryMock */
|
/** @var AccessTokenRepositoryInterface|\PHPUnit\Framework\MockObject\MockObject $accessTokenRepositoryMock */
|
||||||
$accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
|
$accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
|
||||||
$accessTokenRepositoryMock->method('getNewToken')->willReturn(new AccessTokenEntity());
|
$accessTokenRepositoryMock->method('getNewToken')->willReturn(new AccessTokenEntity());
|
||||||
$accessTokenRepositoryMock->method('persistNewAccessToken')->willThrowException(OAuthServerException::serverError('something bad happened'));
|
$accessTokenRepositoryMock->method('persistNewAccessToken')->willThrowException(OAuthServerException::serverError('something bad happened'));
|
||||||
@ -325,7 +325,7 @@ class ImplicitGrantTest extends TestCase
|
|||||||
$authRequest->setGrantTypeId('authorization_code');
|
$authRequest->setGrantTypeId('authorization_code');
|
||||||
$authRequest->setUser(new UserEntity());
|
$authRequest->setUser(new UserEntity());
|
||||||
|
|
||||||
/** @var AccessTokenRepositoryInterface|\PHPUnit_Framework_MockObject_MockObject $accessTokenRepositoryMock */
|
/** @var AccessTokenRepositoryInterface|\PHPUnit\Framework\MockObject\MockObject $accessTokenRepositoryMock */
|
||||||
$accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
|
$accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
|
||||||
$accessTokenRepositoryMock->method('getNewToken')->willReturn(new AccessTokenEntity());
|
$accessTokenRepositoryMock->method('getNewToken')->willReturn(new AccessTokenEntity());
|
||||||
$accessTokenRepositoryMock->method('persistNewAccessToken')->willThrowException(UniqueTokenIdentifierConstraintViolationException::create());
|
$accessTokenRepositoryMock->method('persistNewAccessToken')->willThrowException(UniqueTokenIdentifierConstraintViolationException::create());
|
||||||
|
|||||||
@ -26,6 +26,11 @@ class CryptKeyTest extends TestCase
|
|||||||
public function testKeyFileCreation()
|
public function testKeyFileCreation()
|
||||||
{
|
{
|
||||||
$keyContent = file_get_contents(__DIR__ . '/../Stubs/public.key');
|
$keyContent = file_get_contents(__DIR__ . '/../Stubs/public.key');
|
||||||
|
|
||||||
|
if (!is_string($keyContent)) {
|
||||||
|
$this->fail('The public key stub is not a string');
|
||||||
|
}
|
||||||
|
|
||||||
$key = new CryptKey($keyContent);
|
$key = new CryptKey($keyContent);
|
||||||
|
|
||||||
$this->assertEquals(
|
$this->assertEquals(
|
||||||
@ -34,6 +39,11 @@ class CryptKeyTest extends TestCase
|
|||||||
);
|
);
|
||||||
|
|
||||||
$keyContent = file_get_contents(__DIR__ . '/../Stubs/private.key.crlf');
|
$keyContent = file_get_contents(__DIR__ . '/../Stubs/private.key.crlf');
|
||||||
|
|
||||||
|
if (!is_string($keyContent)) {
|
||||||
|
$this->fail('The private key (crlf) stub is not a string');
|
||||||
|
}
|
||||||
|
|
||||||
$key = new CryptKey($keyContent);
|
$key = new CryptKey($keyContent);
|
||||||
|
|
||||||
$this->assertEquals(
|
$this->assertEquals(
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user