mirror of
https://github.com/elyby/oauth2-server.git
synced 2025-05-31 14:12:07 +05:30
Compare commits
12 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
f78dc2eca0 | ||
|
105b3116dc | ||
|
01677a564e | ||
|
|
4c4b0633b1 | ||
|
c4a75b2880 | ||
|
|
e091d48127 | ||
|
|
a798cfdc5d | ||
|
|
56e8d374fb | ||
|
|
b1bfff7325 | ||
|
|
32cde01ab2 | ||
|
|
11ccc305d0 | ||
|
|
d7df2f7e24 |
@@ -1,5 +1,14 @@
|
||||
# Changelog
|
||||
|
||||
## 5.1.3 (released 2016-10-12)
|
||||
|
||||
* Fixed WWW-Authenticate header (Issue #669)
|
||||
* Increase the recommended RSA key length from 1024 to 2048 bits (Issue #668)
|
||||
|
||||
## 5.1.2 (released 2016-09-19)
|
||||
|
||||
* Fixed `finalizeScopes` call (Issue #650)
|
||||
|
||||
## 5.1.1 (released 2016-07-26)
|
||||
|
||||
* Improved test suite (Issue #614)
|
||||
|
||||
@@ -9,8 +9,7 @@
|
||||
"league/event": "^2.1",
|
||||
"lcobucci/jwt": "^3.1",
|
||||
"paragonie/random_compat": "^1.1 || ^2.0",
|
||||
"psr/http-message": "^1.0",
|
||||
"league/openid-connect-claims": "^1.1.0"
|
||||
"psr/http-message": "^1.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"phpunit/phpunit": "^4.8 || ^5.0",
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
## Installation
|
||||
|
||||
0. Run `composer install` in this directory to install dependencies
|
||||
0. Create a private key `openssl genrsa -out private.key 1024`
|
||||
0. Create a private key `openssl genrsa -out private.key 2048`
|
||||
0. Create a public key `openssl rsa -in private.key -pubout > public.key`
|
||||
0. `cd` into the public directory
|
||||
0. Start a PHP server `php -S localhost:4444`
|
||||
|
||||
@@ -31,7 +31,6 @@ $app->add(
|
||||
$app->get(
|
||||
'/users',
|
||||
function (ServerRequestInterface $request, ResponseInterface $response) use ($app) {
|
||||
|
||||
$users = [
|
||||
[
|
||||
'id' => 123,
|
||||
@@ -70,4 +69,4 @@ $app->get(
|
||||
}
|
||||
);
|
||||
|
||||
$app->run();
|
||||
$app->run();
|
||||
|
||||
@@ -30,9 +30,9 @@ $app = new App([
|
||||
$accessTokenRepository = new AccessTokenRepository(); // instance of AccessTokenRepositoryInterface
|
||||
|
||||
// Path to public and private keys
|
||||
$privateKey = 'file://'.__DIR__.'/../private.key';
|
||||
$privateKey = 'file://' . __DIR__ . '/../private.key';
|
||||
//$privateKey = new CryptKey('file://path/to/private.key', 'passphrase'); // if private key has a pass phrase
|
||||
$publicKey = 'file://'.__DIR__.'/../public.key';
|
||||
$publicKey = 'file://' . __DIR__ . '/../public.key';
|
||||
|
||||
// Setup the authorization server
|
||||
$server = new AuthorizationServer(
|
||||
|
||||
@@ -23,8 +23,8 @@ $app = new App([
|
||||
new ClientRepository(), // instance of ClientRepositoryInterface
|
||||
new AccessTokenRepository(), // instance of AccessTokenRepositoryInterface
|
||||
new ScopeRepository(), // instance of ScopeRepositoryInterface
|
||||
'file://'.__DIR__.'/../private.key', // path to private key
|
||||
'file://'.__DIR__.'/../public.key' // path to public key
|
||||
'file://' . __DIR__ . '/../private.key', // path to private key
|
||||
'file://' . __DIR__ . '/../public.key' // path to public key
|
||||
);
|
||||
|
||||
$grant = new PasswordGrant(
|
||||
@@ -54,19 +54,17 @@ $app->post(
|
||||
|
||||
// Try to respond to the access token request
|
||||
return $server->respondToAccessTokenRequest($request, $response);
|
||||
|
||||
} catch (OAuthServerException $exception) {
|
||||
|
||||
// All instances of OAuthServerException can be converted to a PSR-7 response
|
||||
return $exception->generateHttpResponse($response);
|
||||
|
||||
} catch (\Exception $exception) {
|
||||
|
||||
// Catch unexpected exceptions
|
||||
$body = $response->getBody();
|
||||
$body->write($exception->getMessage());
|
||||
return $response->withStatus(500)->withBody($body);
|
||||
|
||||
return $response->withStatus(500)->withBody($body);
|
||||
}
|
||||
}
|
||||
);
|
||||
|
||||
@@ -54,7 +54,7 @@ class ScopeRepository implements ScopeRepositoryInterface
|
||||
$scope->setIdentifier('email');
|
||||
$scopes[] = $scope;
|
||||
}
|
||||
|
||||
|
||||
return $scopes;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -75,7 +75,7 @@ class BearerTokenValidator implements AuthorizationValidatorInterface
|
||||
} catch (\InvalidArgumentException $exception) {
|
||||
// JWT couldn't be parsed so return the request as is
|
||||
throw OAuthServerException::accessDenied($exception->getMessage());
|
||||
} catch(\RuntimeException $exception){
|
||||
} catch (\RuntimeException $exception) {
|
||||
//JWR couldn't be parsed so return the request as is
|
||||
throw OAuthServerException::accessDenied('Error while decoding to JSON');
|
||||
}
|
||||
|
||||
@@ -267,7 +267,7 @@ class OAuthServerException extends \Exception
|
||||
) {
|
||||
$authScheme = 'Bearer';
|
||||
}
|
||||
$headers[] = 'WWW-Authenticate: ' . $authScheme . ' realm="OAuth"';
|
||||
$headers['WWW-Authenticate'] = $authScheme . ' realm="OAuth"';
|
||||
}
|
||||
// @codeCoverageIgnoreEnd
|
||||
return $headers;
|
||||
|
||||
@@ -9,7 +9,6 @@
|
||||
|
||||
namespace League\OAuth2\Server\Exception;
|
||||
|
||||
|
||||
class UniqueTokenIdentifierConstraintViolationException extends OAuthServerException
|
||||
{
|
||||
public static function create()
|
||||
|
||||
@@ -345,6 +345,7 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
$accessToken->setIdentifier($this->generateUniqueIdentifier());
|
||||
try {
|
||||
$this->accessTokenRepository->persistNewAccessToken($accessToken);
|
||||
|
||||
return $accessToken;
|
||||
} catch (UniqueTokenIdentifierConstraintViolationException $e) {
|
||||
if ($maxGenerationAttempts === 0) {
|
||||
@@ -391,6 +392,7 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
$authCode->setIdentifier($this->generateUniqueIdentifier());
|
||||
try {
|
||||
$this->authCodeRepository->persistNewAuthCode($authCode);
|
||||
|
||||
return $authCode;
|
||||
} catch (UniqueTokenIdentifierConstraintViolationException $e) {
|
||||
if ($maxGenerationAttempts === 0) {
|
||||
@@ -420,6 +422,7 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
$refreshToken->setIdentifier($this->generateUniqueIdentifier());
|
||||
try {
|
||||
$this->refreshTokenRepository->persistNewRefreshToken($refreshToken);
|
||||
|
||||
return $refreshToken;
|
||||
} catch (UniqueTokenIdentifierConstraintViolationException $e) {
|
||||
if ($maxGenerationAttempts === 0) {
|
||||
|
||||
@@ -151,6 +151,13 @@ class ImplicitGrant extends AbstractAuthorizeGrant
|
||||
: $client->getRedirectUri()
|
||||
);
|
||||
|
||||
// Finalize the requested scopes
|
||||
$scopes = $this->scopeRepository->finalizeScopes(
|
||||
$scopes,
|
||||
$this->getIdentifier(),
|
||||
$client
|
||||
);
|
||||
|
||||
$stateParameter = $this->getQueryStringParameter('state', $request);
|
||||
|
||||
$authorizationRequest = new AuthorizationRequest();
|
||||
|
||||
@@ -66,12 +66,14 @@ class AuthorizationRequest
|
||||
|
||||
/**
|
||||
* The code challenge (if provided)
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
protected $codeChallenge;
|
||||
|
||||
/**
|
||||
* The code challenge method (if provided)
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
protected $codeChallengeMethod;
|
||||
|
||||
@@ -68,6 +68,7 @@ class BearerTokenResponse extends AbstractResponseType
|
||||
* this class rather than the default.
|
||||
*
|
||||
* @param AccessTokenEntityInterface $accessToken
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
protected function getExtraParams(AccessTokenEntityInterface $accessToken)
|
||||
|
||||
@@ -1,46 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace League\OAuth2\Server\TokenSigner;
|
||||
|
||||
use Lcobucci\JWT\Signer;
|
||||
|
||||
class HmacTokenSigner implements TokenSignerInterface
|
||||
{
|
||||
/**
|
||||
* @var \Lcobucci\JWT\Signer
|
||||
*/
|
||||
private $signer;
|
||||
|
||||
/**
|
||||
* @var string
|
||||
*/
|
||||
private $key;
|
||||
|
||||
/**
|
||||
* TokenSignerInterface constructor.
|
||||
*
|
||||
* @param \Lcobucci\JWT\Signer $signer
|
||||
* @param string $key
|
||||
*/
|
||||
public function __construct(Signer $signer, $key)
|
||||
{
|
||||
$this->signer = $signer;
|
||||
$this->key = $key;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return \Lcobucci\JWT\Signer
|
||||
*/
|
||||
public function getSigner()
|
||||
{
|
||||
return $this->signer;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return string
|
||||
*/
|
||||
public function getKey()
|
||||
{
|
||||
return $this->key;
|
||||
}
|
||||
}
|
||||
@@ -1,47 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace League\OAuth2\Server\TokenSigner;
|
||||
|
||||
use Lcobucci\JWT\Signer;
|
||||
use League\OAuth2\Server\CryptKey;
|
||||
|
||||
class RsaKeyTokenSigner implements TokenSignerInterface
|
||||
{
|
||||
/**
|
||||
* @var \Lcobucci\JWT\Signer
|
||||
*/
|
||||
private $signer;
|
||||
|
||||
/**
|
||||
* @var \League\OAuth2\Server\CryptKey
|
||||
*/
|
||||
private $key;
|
||||
|
||||
/**
|
||||
* TokenSignerInterface constructor.
|
||||
*
|
||||
* @param \Lcobucci\JWT\Signer $signer
|
||||
* @param CryptKey $privateKey
|
||||
*/
|
||||
public function __construct(Signer $signer, CryptKey $privateKey)
|
||||
{
|
||||
$this->signer = $signer;
|
||||
$this->key = new Signer\Key($privateKey->getKeyPath(), $privateKey->getPassPhrase());
|
||||
}
|
||||
|
||||
/**
|
||||
* @return \Lcobucci\JWT\Signer
|
||||
*/
|
||||
public function getSigner()
|
||||
{
|
||||
return $this->signer;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return CryptKey
|
||||
*/
|
||||
public function getKey()
|
||||
{
|
||||
return $this->key;
|
||||
}
|
||||
}
|
||||
@@ -1,16 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace League\OAuth2\Server\TokenSigner;
|
||||
|
||||
interface TokenSignerInterface
|
||||
{
|
||||
/**
|
||||
* @return \Lcobucci\JWT\Signer
|
||||
*/
|
||||
public function getSigner();
|
||||
|
||||
/**
|
||||
* @return mixed
|
||||
*/
|
||||
public function getKey();
|
||||
}
|
||||
@@ -137,7 +137,6 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
|
||||
$this->assertTrue($grant->validateAuthorizationRequest($request) instanceof AuthorizationRequest);
|
||||
}
|
||||
|
||||
|
||||
public function testValidateAuthorizationRequestCodeChallenge()
|
||||
{
|
||||
$client = new ClientEntity();
|
||||
|
||||
@@ -9,11 +9,13 @@ use League\OAuth2\Server\Grant\ImplicitGrant;
|
||||
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
|
||||
use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
|
||||
use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
|
||||
use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
|
||||
use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
|
||||
use League\OAuth2\Server\ResponseTypes\RedirectResponse;
|
||||
use LeagueTests\Stubs\AccessTokenEntity;
|
||||
use LeagueTests\Stubs\ClientEntity;
|
||||
use LeagueTests\Stubs\CryptTraitStub;
|
||||
use LeagueTests\Stubs\ScopeEntity;
|
||||
use LeagueTests\Stubs\StubResponseType;
|
||||
use LeagueTests\Stubs\UserEntity;
|
||||
use Zend\Diactoros\ServerRequest;
|
||||
@@ -86,8 +88,14 @@ class ImplicitGrantTest extends \PHPUnit_Framework_TestCase
|
||||
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||
$clientRepositoryMock->method('getClientEntity')->willReturn($client);
|
||||
|
||||
$scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
|
||||
$scopeEntity = new ScopeEntity();
|
||||
$scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scopeEntity);
|
||||
$scopeRepositoryMock->method('finalizeScopes')->willReturnArgument(0);
|
||||
|
||||
$grant = new ImplicitGrant(new \DateInterval('PT10M'));
|
||||
$grant->setClientRepository($clientRepositoryMock);
|
||||
$grant->setScopeRepository($scopeRepositoryMock);
|
||||
|
||||
$request = new ServerRequest(
|
||||
[],
|
||||
@@ -114,8 +122,14 @@ class ImplicitGrantTest extends \PHPUnit_Framework_TestCase
|
||||
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||
$clientRepositoryMock->method('getClientEntity')->willReturn($client);
|
||||
|
||||
$scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
|
||||
$scopeEntity = new ScopeEntity();
|
||||
$scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scopeEntity);
|
||||
$scopeRepositoryMock->method('finalizeScopes')->willReturnArgument(0);
|
||||
|
||||
$grant = new ImplicitGrant(new \DateInterval('PT10M'));
|
||||
$grant->setClientRepository($clientRepositoryMock);
|
||||
$grant->setScopeRepository($scopeRepositoryMock);
|
||||
|
||||
$request = new ServerRequest(
|
||||
[],
|
||||
|
||||
Reference in New Issue
Block a user