mirror of
https://github.com/elyby/oauth2-server.git
synced 2025-05-31 14:12:07 +05:30
Compare commits
12 Commits
8.0.0
...
abstract_c
| Author | SHA1 | Date | |
|---|---|---|---|
|
4ab302a969 | ||
|
|
d40a37570c | ||
|
|
01d652ab29 | ||
|
|
f604109168 | ||
|
7db4cdb875 | ||
|
|
4673e7de89 | ||
|
|
0b0b43d433 | ||
|
|
cd8742f630 | ||
|
|
2097edd6eb | ||
|
|
705120c974 | ||
|
|
8a78e00a2e | ||
|
3413c20590 |
@@ -4,6 +4,15 @@ All notable changes to this project will be documented in this file.
|
||||
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
|
||||
and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
|
||||
|
||||
## [Unreleased]
|
||||
|
||||
### Added (v9)
|
||||
- A CryptKeyInterface to allow developers to change the CryptKey implementation with greater ease (PR #1044)
|
||||
|
||||
### Fixed
|
||||
- Clients are now explicitly prevented from using the Client Credentials grant unless they are confidential to conform
|
||||
with the OAuth2 spec (PR #1035)
|
||||
|
||||
## [8.0.0] - released 2019-07-13
|
||||
|
||||
### Added
|
||||
|
||||
@@ -40,12 +40,12 @@ class AuthorizationServer implements EmitterAwareInterface
|
||||
protected $grantTypeAccessTokenTTL = [];
|
||||
|
||||
/**
|
||||
* @var CryptKey
|
||||
* @var CryptKeyInterface
|
||||
*/
|
||||
protected $privateKey;
|
||||
|
||||
/**
|
||||
* @var CryptKey
|
||||
* @var CryptKeyInterface
|
||||
*/
|
||||
protected $publicKey;
|
||||
|
||||
@@ -85,7 +85,7 @@ class AuthorizationServer implements EmitterAwareInterface
|
||||
* @param ClientRepositoryInterface $clientRepository
|
||||
* @param AccessTokenRepositoryInterface $accessTokenRepository
|
||||
* @param ScopeRepositoryInterface $scopeRepository
|
||||
* @param CryptKey|string $privateKey
|
||||
* @param CryptKeyInterface|string $privateKey
|
||||
* @param string|Key $encryptionKey
|
||||
* @param null|ResponseTypeInterface $responseType
|
||||
*/
|
||||
@@ -101,7 +101,7 @@ class AuthorizationServer implements EmitterAwareInterface
|
||||
$this->accessTokenRepository = $accessTokenRepository;
|
||||
$this->scopeRepository = $scopeRepository;
|
||||
|
||||
if ($privateKey instanceof CryptKey === false) {
|
||||
if ($privateKey instanceof CryptKeyInterface === false) {
|
||||
$privateKey = new CryptKey($privateKey);
|
||||
}
|
||||
|
||||
|
||||
@@ -14,7 +14,7 @@ use InvalidArgumentException;
|
||||
use Lcobucci\JWT\Parser;
|
||||
use Lcobucci\JWT\Signer\Rsa\Sha256;
|
||||
use Lcobucci\JWT\ValidationData;
|
||||
use League\OAuth2\Server\CryptKey;
|
||||
use League\OAuth2\Server\CryptKeyInterface;
|
||||
use League\OAuth2\Server\CryptTrait;
|
||||
use League\OAuth2\Server\Exception\OAuthServerException;
|
||||
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
|
||||
@@ -31,7 +31,7 @@ class BearerTokenValidator implements AuthorizationValidatorInterface
|
||||
private $accessTokenRepository;
|
||||
|
||||
/**
|
||||
* @var CryptKey
|
||||
* @var CryptKeyInterface
|
||||
*/
|
||||
protected $publicKey;
|
||||
|
||||
@@ -46,9 +46,9 @@ class BearerTokenValidator implements AuthorizationValidatorInterface
|
||||
/**
|
||||
* Set the public key
|
||||
*
|
||||
* @param CryptKey $key
|
||||
* @param CryptKeyInterface $key
|
||||
*/
|
||||
public function setPublicKey(CryptKey $key)
|
||||
public function setPublicKey(CryptKeyInterface $key)
|
||||
{
|
||||
$this->publicKey = $key;
|
||||
}
|
||||
|
||||
@@ -14,7 +14,7 @@ namespace League\OAuth2\Server;
|
||||
use LogicException;
|
||||
use RuntimeException;
|
||||
|
||||
class CryptKey
|
||||
class CryptKey implements CryptKeyInterface
|
||||
{
|
||||
const RSA_KEY_PATTERN =
|
||||
'/^(-----BEGIN (RSA )?(PUBLIC|PRIVATE) KEY-----)\R.*(-----END (RSA )?(PUBLIC|PRIVATE) KEY-----)\R?$/s';
|
||||
@@ -102,9 +102,7 @@ class CryptKey
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve key path.
|
||||
*
|
||||
* @return string
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function getKeyPath()
|
||||
{
|
||||
@@ -112,9 +110,7 @@ class CryptKey
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve key pass phrase.
|
||||
*
|
||||
* @return null|string
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function getPassPhrase()
|
||||
{
|
||||
|
||||
20
src/CryptKeyInterface.php
Normal file
20
src/CryptKeyInterface.php
Normal file
@@ -0,0 +1,20 @@
|
||||
<?php
|
||||
|
||||
namespace League\OAuth2\Server;
|
||||
|
||||
interface CryptKeyInterface
|
||||
{
|
||||
/**
|
||||
* Retrieve key path.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function getKeyPath();
|
||||
|
||||
/**
|
||||
* Retrieve key pass phrase.
|
||||
*
|
||||
* @return null|string
|
||||
*/
|
||||
public function getPassPhrase();
|
||||
}
|
||||
@@ -9,14 +9,14 @@
|
||||
|
||||
namespace League\OAuth2\Server\Entities;
|
||||
|
||||
use League\OAuth2\Server\CryptKey;
|
||||
use League\OAuth2\Server\CryptKeyInterface;
|
||||
|
||||
interface AccessTokenEntityInterface extends TokenInterface
|
||||
{
|
||||
/**
|
||||
* Set a private key used to encrypt the access token.
|
||||
*/
|
||||
public function setPrivateKey(CryptKey $privateKey);
|
||||
public function setPrivateKey(CryptKeyInterface $privateKey);
|
||||
|
||||
/**
|
||||
* Generate a string representation of the access token.
|
||||
|
||||
@@ -14,21 +14,21 @@ use Lcobucci\JWT\Builder;
|
||||
use Lcobucci\JWT\Signer\Key;
|
||||
use Lcobucci\JWT\Signer\Rsa\Sha256;
|
||||
use Lcobucci\JWT\Token;
|
||||
use League\OAuth2\Server\CryptKey;
|
||||
use League\OAuth2\Server\CryptKeyInterface;
|
||||
use League\OAuth2\Server\Entities\ClientEntityInterface;
|
||||
use League\OAuth2\Server\Entities\ScopeEntityInterface;
|
||||
|
||||
trait AccessTokenTrait
|
||||
{
|
||||
/**
|
||||
* @var CryptKey
|
||||
* @var CryptKeyInterface
|
||||
*/
|
||||
private $privateKey;
|
||||
|
||||
/**
|
||||
* Set the private key used to encrypt this access token.
|
||||
*/
|
||||
public function setPrivateKey(CryptKey $privateKey)
|
||||
public function setPrivateKey(CryptKeyInterface $privateKey)
|
||||
{
|
||||
$this->privateKey = $privateKey;
|
||||
}
|
||||
@@ -36,11 +36,11 @@ trait AccessTokenTrait
|
||||
/**
|
||||
* Generate a JWT from the access token
|
||||
*
|
||||
* @param CryptKey $privateKey
|
||||
* @param CryptKeyInterface $privateKey
|
||||
*
|
||||
* @return Token
|
||||
*/
|
||||
private function convertToJWT(CryptKey $privateKey)
|
||||
private function convertToJWT(CryptKeyInterface $privateKey)
|
||||
{
|
||||
return (new Builder())
|
||||
->setAudience($this->getClient()->getIdentifier())
|
||||
|
||||
@@ -15,7 +15,7 @@ use DateTimeImmutable;
|
||||
use Error;
|
||||
use Exception;
|
||||
use League\Event\EmitterAwareTrait;
|
||||
use League\OAuth2\Server\CryptKey;
|
||||
use League\OAuth2\Server\CryptKeyInterface;
|
||||
use League\OAuth2\Server\CryptTrait;
|
||||
use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
|
||||
use League\OAuth2\Server\Entities\AuthCodeEntityInterface;
|
||||
@@ -83,7 +83,7 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
protected $refreshTokenTTL;
|
||||
|
||||
/**
|
||||
* @var CryptKey
|
||||
* @var CryptKeyInterface
|
||||
*/
|
||||
protected $privateKey;
|
||||
|
||||
@@ -151,9 +151,9 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
/**
|
||||
* Set the private key
|
||||
*
|
||||
* @param CryptKey $key
|
||||
* @param CryptKeyInterface $key
|
||||
*/
|
||||
public function setPrivateKey(CryptKey $key)
|
||||
public function setPrivateKey(CryptKeyInterface $key)
|
||||
{
|
||||
$this->privateKey = $key;
|
||||
}
|
||||
|
||||
@@ -12,6 +12,7 @@
|
||||
namespace League\OAuth2\Server\Grant;
|
||||
|
||||
use DateInterval;
|
||||
use League\OAuth2\Server\Exception\OAuthServerException;
|
||||
use League\OAuth2\Server\RequestEvent;
|
||||
use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
@@ -29,8 +30,19 @@ class ClientCredentialsGrant extends AbstractGrant
|
||||
ResponseTypeInterface $responseType,
|
||||
DateInterval $accessTokenTTL
|
||||
) {
|
||||
list($clientId) = $this->getClientCredentials($request);
|
||||
|
||||
$client = $this->getClientEntityOrFail($clientId, $request);
|
||||
|
||||
if (!$client->isConfidential()) {
|
||||
$this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
|
||||
|
||||
throw OAuthServerException::invalidClient($request);
|
||||
}
|
||||
|
||||
// Validate request
|
||||
$client = $this->validateClient($request);
|
||||
$this->validateClient($request);
|
||||
|
||||
$scopes = $this->validateScopes($this->getRequestParameter('scope', $request, $this->defaultScope));
|
||||
|
||||
// Finalize the requested scopes
|
||||
|
||||
@@ -14,7 +14,7 @@ namespace League\OAuth2\Server\Grant;
|
||||
use DateInterval;
|
||||
use Defuse\Crypto\Key;
|
||||
use League\Event\EmitterAwareInterface;
|
||||
use League\OAuth2\Server\CryptKey;
|
||||
use League\OAuth2\Server\CryptKeyInterface;
|
||||
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
|
||||
use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
|
||||
use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
|
||||
@@ -131,9 +131,9 @@ interface GrantTypeInterface extends EmitterAwareInterface
|
||||
/**
|
||||
* Set the path to the private key.
|
||||
*
|
||||
* @param CryptKey $privateKey
|
||||
* @param CryptKeyInterface $privateKey
|
||||
*/
|
||||
public function setPrivateKey(CryptKey $privateKey);
|
||||
public function setPrivateKey(CryptKeyInterface $privateKey);
|
||||
|
||||
/**
|
||||
* Set the encryption key
|
||||
|
||||
@@ -23,7 +23,7 @@ class ResourceServer
|
||||
private $accessTokenRepository;
|
||||
|
||||
/**
|
||||
* @var CryptKey
|
||||
* @var CryptKeyInterface
|
||||
*/
|
||||
private $publicKey;
|
||||
|
||||
@@ -36,7 +36,7 @@ class ResourceServer
|
||||
* New server instance.
|
||||
*
|
||||
* @param AccessTokenRepositoryInterface $accessTokenRepository
|
||||
* @param CryptKey|string $publicKey
|
||||
* @param CryptKeyInterface|string $publicKey
|
||||
* @param null|AuthorizationValidatorInterface $authorizationValidator
|
||||
*/
|
||||
public function __construct(
|
||||
@@ -46,7 +46,7 @@ class ResourceServer
|
||||
) {
|
||||
$this->accessTokenRepository = $accessTokenRepository;
|
||||
|
||||
if ($publicKey instanceof CryptKey === false) {
|
||||
if ($publicKey instanceof CryptKeyInterface === false) {
|
||||
$publicKey = new CryptKey($publicKey);
|
||||
}
|
||||
$this->publicKey = $publicKey;
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
|
||||
namespace League\OAuth2\Server\ResponseTypes;
|
||||
|
||||
use League\OAuth2\Server\CryptKey;
|
||||
use League\OAuth2\Server\CryptKeyInterface;
|
||||
use League\OAuth2\Server\CryptTrait;
|
||||
use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
|
||||
use League\OAuth2\Server\Entities\RefreshTokenEntityInterface;
|
||||
@@ -31,7 +31,7 @@ abstract class AbstractResponseType implements ResponseTypeInterface
|
||||
protected $refreshToken;
|
||||
|
||||
/**
|
||||
* @var CryptKey
|
||||
* @var CryptKeyInterface
|
||||
*/
|
||||
protected $privateKey;
|
||||
|
||||
@@ -54,9 +54,9 @@ abstract class AbstractResponseType implements ResponseTypeInterface
|
||||
/**
|
||||
* Set the private key
|
||||
*
|
||||
* @param CryptKey $key
|
||||
* @param CryptKeyInterface $key
|
||||
*/
|
||||
public function setPrivateKey(CryptKey $key)
|
||||
public function setPrivateKey(CryptKeyInterface $key)
|
||||
{
|
||||
$this->privateKey = $key;
|
||||
}
|
||||
|
||||
@@ -4,7 +4,7 @@ namespace LeagueTests;
|
||||
|
||||
use DateInterval;
|
||||
use League\OAuth2\Server\AuthorizationServer;
|
||||
use League\OAuth2\Server\CryptKey;
|
||||
use League\OAuth2\Server\CryptKeyInterface;
|
||||
use League\OAuth2\Server\Exception\OAuthServerException;
|
||||
use League\OAuth2\Server\Grant\AuthCodeGrant;
|
||||
use League\OAuth2\Server\Grant\ClientCredentialsGrant;
|
||||
@@ -62,8 +62,11 @@ class AuthorizationServerTest extends TestCase
|
||||
|
||||
public function testRespondToRequest()
|
||||
{
|
||||
$client = new ClientEntity();
|
||||
$client->setConfidential();
|
||||
|
||||
$clientRepository = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||
$clientRepository->method('getClientEntity')->willReturn(new ClientEntity());
|
||||
$clientRepository->method('getClientEntity')->willReturn($client);
|
||||
|
||||
$scope = new ScopeEntity();
|
||||
$scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
|
||||
@@ -150,7 +153,7 @@ class AuthorizationServerTest extends TestCase
|
||||
$encryptionKey = 'file://' . __DIR__ . '/Stubs/public.key';
|
||||
|
||||
$responseTypePrototype = new class extends BearerTokenResponse {
|
||||
/* @return null|CryptKey */
|
||||
/* @return null|CryptKeyInterface */
|
||||
public function getPrivateKey()
|
||||
{
|
||||
return $this->privateKey;
|
||||
|
||||
@@ -29,6 +29,8 @@ class ClientCredentialsGrantTest extends TestCase
|
||||
public function testRespondToRequest()
|
||||
{
|
||||
$client = new ClientEntity();
|
||||
$client->setConfidential();
|
||||
|
||||
$clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||
$clientRepositoryMock->method('getClientEntity')->willReturn($client);
|
||||
|
||||
|
||||
@@ -24,8 +24,11 @@ class AuthorizationServerMiddlewareTest extends TestCase
|
||||
|
||||
public function testValidResponse()
|
||||
{
|
||||
$client = new ClientEntity();
|
||||
$client->setConfidential();
|
||||
|
||||
$clientRepository = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
|
||||
$clientRepository->method('getClientEntity')->willReturn(new ClientEntity());
|
||||
$clientRepository->method('getClientEntity')->willReturn($client);
|
||||
|
||||
$scopeEntity = new ScopeEntity;
|
||||
$scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
|
||||
|
||||
Reference in New Issue
Block a user