|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
declare(strict_types=1); |
|
4
|
|
|
|
|
5
|
|
|
/* |
|
6
|
|
|
* The MIT License (MIT) |
|
7
|
|
|
* |
|
8
|
|
|
* Copyright (c) 2014-2017 Spomky-Labs |
|
9
|
|
|
* |
|
10
|
|
|
* This software may be modified and distributed under the terms |
|
11
|
|
|
* of the MIT license. See the LICENSE file for details. |
|
12
|
|
|
*/ |
|
13
|
|
|
|
|
14
|
|
|
namespace OAuth2Framework\Bundle\Server\AuthorizationEndpointPlugin; |
|
15
|
|
|
|
|
16
|
|
|
use Assert\Assertion; |
|
17
|
|
|
use Doctrine\Bundle\DoctrineBundle\DependencyInjection\Compiler\DoctrineOrmMappingsPass; |
|
18
|
|
|
use Matthias\BundlePlugins\BundlePlugin; |
|
19
|
|
|
use OAuth2Framework\Bundle\Server\CommonPluginMethod; |
|
20
|
|
|
use OAuth2Framework\Bundle\Server\DependencyInjection\Compiler; |
|
21
|
|
|
use SpomkyLabs\JoseBundle\Helper\ConfigurationHelper; |
|
22
|
|
|
use Symfony\Component\Config\Definition\Builder\ArrayNodeDefinition; |
|
23
|
|
|
use Symfony\Component\Config\FileLocator; |
|
24
|
|
|
use Symfony\Component\DependencyInjection; |
|
25
|
|
|
use Symfony\Component\DependencyInjection\ContainerBuilder; |
|
26
|
|
|
use Symfony\Component\PropertyAccess\PropertyAccess; |
|
27
|
|
|
|
|
28
|
|
|
class AuthorizationEndpointPlugin extends CommonPluginMethod implements BundlePlugin, DependencyInjection\Extension\PrependExtensionInterface |
|
29
|
|
|
{ |
|
30
|
|
|
const ERROR_EMPTY_CLIENT_ASSERTION_SIGNATURE_ALGORITHMS = 'The parameter "signature_algorithms" must be set when the "client_assertion_jwt" authentication method is enabled.'; |
|
31
|
|
|
const ERROR_EMPTY_CLIENT_ASSERTION_KEY_ENCRYPTION_ALGORITHMS = 'The parameter "encryption.key_encryption_algorithms" must be set when "client_assertion_jwt" authentication method and encryption support are enabled.'; |
|
32
|
|
|
const ERROR_EMPTY_CLIENT_ASSERTION_CONTENT_ENCRYPTION_ALGORITHMS = 'The parameter "encryption.content_encryption_algorithms" must be set when "client_assertion_jwt" authentication method and encryption support are enabled.'; |
|
33
|
|
|
const ERROR_EMPTY_CLIENT_ASSERTION_KEY_SET = 'The parameter "encryption.key_set" must be set when "client_assertion_jwt" authentication method and encryption support are enabled.'; |
|
34
|
|
|
const ERROR_EMPTY_CLIENT_SECRET_BASIC_REALM = 'The child node "realm" at path must be configured.'; |
|
35
|
|
|
|
|
36
|
|
|
/** |
|
37
|
|
|
* {@inheritdoc} |
|
38
|
|
|
*/ |
|
39
|
|
|
public function name() |
|
40
|
|
|
{ |
|
41
|
|
|
return 'authorization_endpoint'; |
|
42
|
|
|
} |
|
43
|
|
|
|
|
44
|
|
|
/** |
|
45
|
|
|
* {@inheritdoc} |
|
46
|
|
|
*/ |
|
47
|
|
|
public function addConfiguration(ArrayNodeDefinition $pluginNode) |
|
48
|
|
|
{ |
|
49
|
|
|
$pluginNode |
|
|
|
|
|
|
50
|
|
|
->isRequired() |
|
51
|
|
|
->addDefaultsIfNotSet() |
|
52
|
|
|
->children() |
|
53
|
|
|
->scalarNode('login_route_name') |
|
54
|
|
|
->info('The name of the login route. Will be converted into URL and used to redirect the user if not logged in. If you use "FOSUserBundle", the route name should be "fos_user_security_login".') |
|
55
|
|
|
->isRequired() |
|
56
|
|
|
->end() |
|
57
|
|
|
->arrayNode('login_route_parameters') |
|
58
|
|
|
->info('Parameters associated to the login route (if needed).') |
|
59
|
|
|
->useAttributeAsKey('name') |
|
60
|
|
|
->prototype('scalar')->end() |
|
61
|
|
|
->treatNullLike([]) |
|
62
|
|
|
->end() |
|
63
|
|
|
->scalarNode('user_account_manager') |
|
64
|
|
|
->info('The user account manager.') |
|
65
|
|
|
->isRequired() |
|
66
|
|
|
->end() |
|
67
|
|
|
->scalarNode('template') |
|
68
|
|
|
->info('The consent page template.') |
|
69
|
|
|
->cannotBeEmpty() |
|
70
|
|
|
->defaultValue('@OAuth2FrameworkServerBundle/authorization/authorization.html.twig') |
|
71
|
|
|
->end() |
|
72
|
|
|
->booleanNode('allow_scope_selection') |
|
73
|
|
|
->info('If true, resource owners will be able to select the scope on the consent page. This option is useless if the "ScopeManagerPlugin" is not enabled.') |
|
74
|
|
|
->defaultFalse() |
|
75
|
|
|
->end() |
|
76
|
|
|
->scalarNode('path') |
|
77
|
|
|
->info('The path to the authorization endpoint.') |
|
78
|
|
|
->defaultValue('/oauth/v2/authorize') |
|
79
|
|
|
->end() |
|
80
|
|
|
->end(); |
|
81
|
|
|
$this->addFormSection($pluginNode); |
|
82
|
|
|
$this->addOptionSection($pluginNode); |
|
83
|
|
|
$this->addAuthorizationRequestSection($pluginNode); |
|
84
|
|
|
$this->addPreConfiguredAuthorizationSection($pluginNode); |
|
85
|
|
|
} |
|
86
|
|
|
|
|
87
|
|
|
private function addFormSection(ArrayNodeDefinition $node) |
|
88
|
|
|
{ |
|
89
|
|
|
$node |
|
90
|
|
|
->children() |
|
91
|
|
|
->arrayNode('form') |
|
92
|
|
|
->addDefaultsIfNotSet() |
|
93
|
|
|
->children() |
|
94
|
|
|
->scalarNode('type') |
|
95
|
|
|
->info('The form type.') |
|
96
|
|
|
->defaultValue('OAuth2Framework\Bundle\Server\Form\Type\AuthorizationType') |
|
97
|
|
|
->end() |
|
98
|
|
|
->scalarNode('handler') |
|
99
|
|
|
->info('The form handler.') |
|
100
|
|
|
->defaultValue('oauth2_server.authorization_endpoint.form_handler.default') |
|
101
|
|
|
->end() |
|
102
|
|
|
->scalarNode('name') |
|
103
|
|
|
->info('The form name.') |
|
104
|
|
|
->defaultValue('oauth2_server_authorization_form') |
|
105
|
|
|
|
|
106
|
|
|
->end() |
|
107
|
|
|
->arrayNode('validation_groups') |
|
108
|
|
|
->info('Validation group associated to the authorization form.') |
|
109
|
|
|
->prototype('scalar')->end() |
|
110
|
|
|
->defaultValue(['Authorize', 'Default']) |
|
111
|
|
|
->end() |
|
112
|
|
|
->end() |
|
113
|
|
|
->end() |
|
114
|
|
|
->end(); |
|
115
|
|
|
} |
|
116
|
|
|
|
|
117
|
|
|
/** |
|
118
|
|
|
* @param \Symfony\Component\Config\Definition\Builder\ArrayNodeDefinition $node |
|
119
|
|
|
*/ |
|
120
|
|
|
private function addAuthorizationRequestSection(ArrayNodeDefinition $node) |
|
121
|
|
|
{ |
|
122
|
|
|
$node |
|
|
|
|
|
|
123
|
|
|
->children() |
|
124
|
|
|
->arrayNode('request_object') |
|
125
|
|
|
->validate()->ifTrue($this->areClientAssertionSignatureAlgorithmsInvalid())->thenInvalid(self::ERROR_EMPTY_CLIENT_ASSERTION_SIGNATURE_ALGORITHMS)->end() |
|
126
|
|
|
->validate()->ifTrue($this->isClientAssertionEncryptionParameterInvalid('key_encryption_algorithms'))->thenInvalid(self::ERROR_EMPTY_CLIENT_ASSERTION_KEY_ENCRYPTION_ALGORITHMS)->end() |
|
127
|
|
|
->validate()->ifTrue($this->isClientAssertionEncryptionParameterInvalid('content_encryption_algorithms'))->thenInvalid(self::ERROR_EMPTY_CLIENT_ASSERTION_CONTENT_ENCRYPTION_ALGORITHMS)->end() |
|
128
|
|
|
->validate()->ifTrue($this->isClientAssertionEncryptionParameterInvalid('key_set'))->thenInvalid(self::ERROR_EMPTY_CLIENT_ASSERTION_KEY_SET)->end() |
|
129
|
|
|
->addDefaultsIfNotSet() |
|
130
|
|
|
->children() |
|
131
|
|
|
->booleanNode('enabled')->defaultFalse()->end() |
|
132
|
|
|
->booleanNode('allow_unsecured_connections')->defaultFalse()->end() |
|
133
|
|
|
->arrayNode('signature_algorithms') |
|
134
|
|
|
->info('Supported signature algorithms.') |
|
135
|
|
|
->useAttributeAsKey('name') |
|
136
|
|
|
->prototype('scalar')->end() |
|
137
|
|
|
->treatNullLike([]) |
|
138
|
|
|
->end() |
|
139
|
|
|
->arrayNode('claim_checkers') |
|
140
|
|
|
->info('Checkers will verify the JWT claims.') |
|
141
|
|
|
->useAttributeAsKey('name') |
|
142
|
|
|
->prototype('scalar')->end() |
|
143
|
|
|
->treatNullLike(['exp', 'iat', 'nbf', 'authorization_endpoint_aud']) |
|
144
|
|
|
->end() |
|
145
|
|
|
->arrayNode('header_checkers') |
|
146
|
|
|
->info('Checkers will verify the JWT headers.') |
|
147
|
|
|
->useAttributeAsKey('name') |
|
148
|
|
|
->prototype('scalar')->end() |
|
149
|
|
|
->treatNullLike(['crit']) |
|
150
|
|
|
->end() |
|
151
|
|
|
->arrayNode('encryption') |
|
152
|
|
|
->addDefaultsIfNotSet() |
|
153
|
|
|
->children() |
|
154
|
|
|
->booleanNode('enabled')->defaultFalse()->end() |
|
155
|
|
|
->booleanNode('required')->defaultFalse()->end() |
|
156
|
|
|
->scalarNode('key_set')->defaultNull()->end() |
|
157
|
|
|
->arrayNode('key_encryption_algorithms') |
|
158
|
|
|
->info('Supported key encryption algorithms.') |
|
159
|
|
|
->useAttributeAsKey('name') |
|
160
|
|
|
->prototype('scalar')->end() |
|
161
|
|
|
->treatNullLike([]) |
|
162
|
|
|
->end() |
|
163
|
|
|
->arrayNode('content_encryption_algorithms') |
|
164
|
|
|
->info('Supported content encryption algorithms.') |
|
165
|
|
|
->useAttributeAsKey('name') |
|
166
|
|
|
->prototype('scalar')->end() |
|
167
|
|
|
->treatNullLike([]) |
|
168
|
|
|
->end() |
|
169
|
|
|
->end() |
|
170
|
|
|
->end() |
|
171
|
|
|
->arrayNode('reference') |
|
172
|
|
|
->children() |
|
173
|
|
|
->booleanNode('enabled') |
|
174
|
|
|
->info('If true, request object Uris will be allowed. This option is useless if request object support is not enabled.') |
|
175
|
|
|
->defaultFalse() |
|
176
|
|
|
->end() |
|
177
|
|
|
->booleanNode('uris_registration_required') |
|
178
|
|
|
->info('If true, allowed request object Uris must be registered by the client. Request objects by reference must be enabled. Default value is true (highly recommended).') |
|
179
|
|
|
->defaultTrue() |
|
180
|
|
|
->end() |
|
181
|
|
|
->end() |
|
182
|
|
|
->end() |
|
183
|
|
|
->end() |
|
184
|
|
|
->end() |
|
185
|
|
|
->end(); |
|
186
|
|
|
} |
|
187
|
|
|
|
|
188
|
|
|
/** |
|
189
|
|
|
* @param \Symfony\Component\Config\Definition\Builder\ArrayNodeDefinition $node |
|
190
|
|
|
*/ |
|
191
|
|
|
private function addOptionSection(ArrayNodeDefinition $node) |
|
192
|
|
|
{ |
|
193
|
|
|
$node |
|
194
|
|
|
->children() |
|
195
|
|
|
->arrayNode('option') |
|
196
|
|
|
->addDefaultsIfNotSet() |
|
197
|
|
|
->children() |
|
198
|
|
|
->booleanNode('enforce_secured_redirect_uri') |
|
199
|
|
|
->info('If true, the "redirect_uri" parameter must be a secured URL (https scheme).') |
|
200
|
|
|
->defaultFalse() |
|
201
|
|
|
->end() |
|
202
|
|
|
->booleanNode('enforce_redirect_uri_storage') |
|
203
|
|
|
->info('If true, all clients must register at least one redirect URI.') |
|
204
|
|
|
->defaultFalse() |
|
205
|
|
|
->end() |
|
206
|
|
|
->booleanNode('enforce_state') |
|
207
|
|
|
->info('If true, the "state" parameter is mandatory (highly recommended).') |
|
208
|
|
|
->defaultFalse() |
|
209
|
|
|
->end() |
|
210
|
|
|
->booleanNode('allow_response_mode_parameter') |
|
211
|
|
|
->info('If true, the "response_mode" parameter is allowed (required if the "FormPostResponseModePlugin" is enabled).') |
|
212
|
|
|
->defaultFalse() |
|
213
|
|
|
->end() |
|
214
|
|
|
->end() |
|
215
|
|
|
->end() |
|
216
|
|
|
->end(); |
|
217
|
|
|
} |
|
218
|
|
|
|
|
219
|
|
|
/** |
|
220
|
|
|
* @param \Symfony\Component\Config\Definition\Builder\ArrayNodeDefinition $node |
|
221
|
|
|
*/ |
|
222
|
|
|
private function addPreConfiguredAuthorizationSection(ArrayNodeDefinition $node) |
|
223
|
|
|
{ |
|
224
|
|
|
$node |
|
225
|
|
|
->children() |
|
226
|
|
|
->arrayNode('pre_configured_authorization') |
|
227
|
|
|
->validate() |
|
228
|
|
|
->ifTrue(function ($value) { |
|
229
|
|
|
if (false === $value['enabled']) { |
|
230
|
|
|
return false; |
|
231
|
|
|
} |
|
232
|
|
|
|
|
233
|
|
|
return empty($value['class']) || !class_exists($value['class']); |
|
234
|
|
|
}) |
|
235
|
|
|
->thenInvalid('The class is not set or does not exist.') |
|
236
|
|
|
->end() |
|
237
|
|
|
->addDefaultsIfNotSet() |
|
238
|
|
|
->children() |
|
239
|
|
|
->booleanNode('enabled') |
|
240
|
|
|
->info('If true, the pre-configured authorization feature will be enabled.') |
|
241
|
|
|
->defaultFalse() |
|
242
|
|
|
->end() |
|
243
|
|
|
->scalarNode('class') |
|
244
|
|
|
->info('The class.') |
|
245
|
|
|
->end() |
|
246
|
|
|
->scalarNode('manager') |
|
247
|
|
|
->info('The manager.') |
|
248
|
|
|
->defaultValue('oauth2_server.authorization_endpoint.pre_configured_authorization.manager.default') |
|
249
|
|
|
->end() |
|
250
|
|
|
->end() |
|
251
|
|
|
->end() |
|
252
|
|
|
->end(); |
|
253
|
|
|
} |
|
254
|
|
|
|
|
255
|
|
|
/** |
|
256
|
|
|
* {@inheritdoc} |
|
257
|
|
|
*/ |
|
258
|
|
|
public function load(array $pluginConfiguration, DependencyInjection\ContainerBuilder $container) |
|
259
|
|
|
{ |
|
260
|
|
|
$files = $this->initConfigurationParametersAndAliases($pluginConfiguration, $container); |
|
261
|
|
|
$this->loadFiles($container, $files); |
|
262
|
|
|
} |
|
263
|
|
|
|
|
264
|
|
|
/** |
|
265
|
|
|
* @param array $pluginConfiguration |
|
266
|
|
|
* @param \Symfony\Component\DependencyInjection\ContainerBuilder $container |
|
267
|
|
|
* |
|
268
|
|
|
* @return string[] |
|
269
|
|
|
*/ |
|
270
|
|
|
private function initConfigurationParametersAndAliases(array $pluginConfiguration, DependencyInjection\ContainerBuilder $container) |
|
271
|
|
|
{ |
|
272
|
|
|
$files = []; |
|
273
|
|
|
$accessor = PropertyAccess::createPropertyAccessor(); |
|
274
|
|
|
$parameters = [ |
|
275
|
|
|
'oauth2_server.authorization_endpoint.form_handler' => ['type' => 'alias', 'path' => '[form][handler]'], |
|
276
|
|
|
'oauth2_server.authorization_endpoint.user_account_manager' => ['type' => 'alias', 'path' => '[user_account_manager]'], |
|
277
|
|
|
'oauth2_server.authorization_endpoint.template' => ['type' => 'parameter', 'path' => '[template]'], |
|
278
|
|
|
'oauth2_server.authorization_endpoint.allow_scope_selection' => ['type' => 'parameter', 'path' => '[allow_scope_selection]'], |
|
279
|
|
|
'oauth2_server.authorization_endpoint.type' => ['type' => 'parameter', 'path' => '[form][type]'], |
|
280
|
|
|
'oauth2_server.authorization_endpoint.name' => ['type' => 'parameter', 'path' => '[form][name]'], |
|
281
|
|
|
'oauth2_server.authorization_endpoint.validation_groups' => ['type' => 'parameter', 'path' => '[form][validation_groups]'], |
|
282
|
|
|
'oauth2_server.authorization_endpoint.login_route_name' => ['type' => 'parameter', 'path' => '[login_route_name]'], |
|
283
|
|
|
'oauth2_server.authorization_endpoint.login_route_parameters' => ['type' => 'parameter', 'path' => '[login_route_parameters]'], |
|
284
|
|
|
'oauth2_server.authorization_endpoint.path' => ['type' => 'parameter', 'path' => '[path]'], |
|
285
|
|
|
'oauth2_server.authorization_endpoint.option.allow_response_mode_parameter' => ['type' => 'parameter', 'path' => '[option][allow_response_mode_parameter]'], |
|
286
|
|
|
'oauth2_server.authorization_endpoint.option.enforce_secured_redirect_uri' => ['type' => 'parameter', 'path' => '[option][enforce_secured_redirect_uri]'], |
|
287
|
|
|
'oauth2_server.authorization_endpoint.option.enforce_redirect_uri_storage' => ['type' => 'parameter', 'path' => '[option][enforce_secured_redirect_uri]'], |
|
288
|
|
|
'oauth2_server.authorization_endpoint.option.enforce_state' => ['type' => 'parameter', 'path' => '[option][enforce_state]'], |
|
289
|
|
|
]; |
|
290
|
|
|
|
|
291
|
|
|
$parameters['oauth2_server.authorization_request_loader.request_object.enabled'] = ['type' => 'parameter', 'path' => '[request_object][enabled]']; |
|
292
|
|
|
if (true === $accessor->getValue($pluginConfiguration, '[request_object][enabled]')) { |
|
293
|
|
|
$files[] = 'jwt.checkers'; |
|
294
|
|
|
$parameters['oauth2_server.authorization_request_loader.request_object.allow_unsecured_connections'] = ['type' => 'parameter', 'path' => '[request_object][allow_unsecured_connections]']; |
|
295
|
|
|
$parameters['oauth2_server.authorization_request_loader.request_object.signature_algorithms'] = ['type' => 'parameter', 'path' => '[request_object][signature_algorithms]']; |
|
296
|
|
|
$parameters['oauth2_server.authorization_request_loader.request_object.claim_checkers'] = ['type' => 'parameter', 'path' => '[request_object][claim_checkers]']; |
|
297
|
|
|
$parameters['oauth2_server.authorization_request_loader.request_object.header_checkers'] = ['type' => 'parameter', 'path' => '[request_object][header_checkers]']; |
|
298
|
|
|
|
|
299
|
|
|
$parameters['oauth2_server.authorization_request_loader.request_object.encryption.enabled'] = ['type' => 'parameter', 'path' => '[request_object][encryption][enabled]']; |
|
300
|
|
|
if (true === $accessor->getValue($pluginConfiguration, '[request_object][encryption][enabled]')) { |
|
301
|
|
|
$parameters['oauth2_server.authorization_request_loader.request_object.encryption.key_encryption_algorithms'] = ['type' => 'parameter', 'path' => '[request_object][encryption][key_encryption_algorithms]']; |
|
302
|
|
|
$parameters['oauth2_server.authorization_request_loader.request_object.encryption.content_encryption_algorithms'] = ['type' => 'parameter', 'path' => '[request_object][encryption][content_encryption_algorithms]']; |
|
303
|
|
|
$parameters['oauth2_server.authorization_request_loader.request_object.encryption.required'] = ['type' => 'parameter', 'path' => '[request_object][encryption][required]']; |
|
304
|
|
|
$parameters['oauth2_server.authorization_request_loader.request_object.encryption.key_set'] = ['type' => 'alias', 'path' => '[request_object][encryption][key_set]']; |
|
305
|
|
|
} |
|
306
|
|
|
|
|
307
|
|
|
$parameters['oauth2_server.authorization_request_loader.request_object.reference_enabled'] = ['type' => 'parameter', 'path' => '[request_object][reference][enabled]']; |
|
308
|
|
|
$parameters['oauth2_server.authorization_request_loader.request_object.reference_uris_registration_required'] = ['type' => 'parameter', 'path' => '[request_object][reference][uris_registration_required]']; |
|
309
|
|
|
} |
|
310
|
|
|
|
|
311
|
|
|
if (true === $accessor->getValue($pluginConfiguration, '[pre_configured_authorization][enabled]')) { |
|
312
|
|
|
$files[] = 'pre_configured_authorization'; |
|
313
|
|
|
$files[] = 'extensions/pre_configured_authorizations'; |
|
314
|
|
|
$parameters['oauth2_server.authorization_endpoint.pre_configured_authorization.class'] = ['type' => 'parameter', 'path' => '[pre_configured_authorization][class]']; |
|
315
|
|
|
$parameters['oauth2_server.authorization_endpoint.pre_configured_authorization.manager'] = ['type' => 'alias', 'path' => '[pre_configured_authorization][manager]']; |
|
316
|
|
|
} |
|
317
|
|
|
|
|
318
|
|
|
$this->loadParameters($parameters, $pluginConfiguration, $container); |
|
319
|
|
|
|
|
320
|
|
|
return $files; |
|
321
|
|
|
} |
|
322
|
|
|
|
|
323
|
|
|
/** |
|
324
|
|
|
* @param \Symfony\Component\DependencyInjection\ContainerBuilder $container |
|
325
|
|
|
* @param string[] $files |
|
326
|
|
|
*/ |
|
327
|
|
|
private function loadFiles(DependencyInjection\ContainerBuilder $container, array $files) |
|
328
|
|
|
{ |
|
329
|
|
|
$loader = new DependencyInjection\Loader\YamlFileLoader($container, new FileLocator(__DIR__.'/Resources/config')); |
|
330
|
|
|
$files = array_merge( |
|
331
|
|
|
[ |
|
332
|
|
|
'authorization.endpoint', |
|
333
|
|
|
'authorization.factory', |
|
334
|
|
|
'authorization.form', |
|
335
|
|
|
'response_modes', |
|
336
|
|
|
'parameter.checker', |
|
337
|
|
|
], |
|
338
|
|
|
$files |
|
339
|
|
|
); |
|
340
|
|
|
|
|
341
|
|
|
foreach ($files as $basename) { |
|
342
|
|
|
$loader->load(sprintf('%s.yml', $basename)); |
|
343
|
|
|
} |
|
344
|
|
|
} |
|
345
|
|
|
|
|
346
|
|
|
/** |
|
347
|
|
|
* {@inheritdoc} |
|
348
|
|
|
*/ |
|
349
|
|
|
public function build(DependencyInjection\ContainerBuilder $container) |
|
350
|
|
|
{ |
|
351
|
|
|
$mappings = [ |
|
352
|
|
|
realpath(__DIR__.'/Resources/config/doctrine-mapping/library') => 'OAuth2Framework\Component\Server\Endpoint\Authorization\PreConfiguredAuthorization', |
|
353
|
|
|
realpath(__DIR__.'/Resources/config/doctrine-mapping/bundle') => 'OAuth2Framework\Bundle\Server\Model', |
|
354
|
|
|
]; |
|
355
|
|
|
if (class_exists('Doctrine\Bundle\DoctrineBundle\DependencyInjection\Compiler\DoctrineOrmMappingsPass')) { |
|
356
|
|
|
$container->addCompilerPass(DoctrineOrmMappingsPass::createYamlMappingDriver($mappings, [])); |
|
357
|
|
|
} |
|
358
|
|
|
|
|
359
|
|
|
$container->addCompilerPass(new Compiler\AuthorizationEndpointMetadataCompilerPass()); |
|
360
|
|
|
$container->addCompilerPass(new Compiler\AuthorizationFactoryMetadataCompilerPass()); |
|
361
|
|
|
$container->addCompilerPass(new Compiler\AuthorizationFactoryCompilerPass()); |
|
362
|
|
|
$container->addCompilerPass(new Compiler\AuthorizationRequestLoaderCompilerPass()); |
|
363
|
|
|
$container->addCompilerPass(new Compiler\ParameterCheckerCompilerPass()); |
|
364
|
|
|
$container->addCompilerPass(new Compiler\AuthorizationEndpointExtensionCompilerPass()); |
|
365
|
|
|
} |
|
366
|
|
|
|
|
367
|
|
|
/** |
|
368
|
|
|
* {@inheritdoc} |
|
369
|
|
|
*/ |
|
370
|
|
|
public function boot(DependencyInjection\ContainerInterface $container) |
|
371
|
|
|
{ |
|
372
|
|
|
$container->get('twig.loader')->addPath(__DIR__.DIRECTORY_SEPARATOR.'Resources'.DIRECTORY_SEPARATOR.'views', 'OAuth2FrameworkServerBundle'); |
|
373
|
|
|
} |
|
374
|
|
|
|
|
375
|
|
|
/** |
|
376
|
|
|
* {@inheritdoc} |
|
377
|
|
|
*/ |
|
378
|
|
|
public function prepend(ContainerBuilder $container) |
|
379
|
|
|
{ |
|
380
|
|
|
$config = current($container->getExtensionConfig('oauth2_server')); |
|
381
|
|
|
if (array_key_exists('token_endpoint', $config)) { |
|
382
|
|
|
foreach (['user_account_manager'] as $name) { |
|
383
|
|
|
$config[$this->name()][$name] = $config['token_endpoint'][$name]; |
|
384
|
|
|
} |
|
385
|
|
|
} |
|
386
|
|
|
$container->prependExtensionConfig('oauth2_server', $config); |
|
387
|
|
|
|
|
388
|
|
|
$bundles = $container->getParameter('kernel.bundles'); |
|
389
|
|
|
Assertion::keyExists($bundles, 'SpomkyLabsJoseBundle', 'The "Spomky-Labs/JoseBundle" must be enabled.'); |
|
390
|
|
|
|
|
391
|
|
|
$bundle_config = current($container->getExtensionConfig('oauth2_server'))[$this->name()]; |
|
392
|
|
|
|
|
393
|
|
|
if (true === $bundle_config['request_object']['enabled']) { |
|
394
|
|
|
$this->updateJoseBundleConfigurationForVerifier($container, 'authorization_endpoint_authorization_request', $bundle_config['request_object']); |
|
395
|
|
|
$this->updateJoseBundleConfigurationForDecrypter($container, 'authorization_endpoint_authorization_request', $bundle_config['request_object']); |
|
396
|
|
|
$this->updateJoseBundleConfigurationForChecker($container, 'authorization_endpoint_authorization_request', $bundle_config['request_object']); |
|
397
|
|
|
$this->updateJoseBundleConfigurationForJWTLoader($container, 'authorization_endpoint_authorization_request', $bundle_config['request_object']); |
|
398
|
|
|
} |
|
399
|
|
|
} |
|
400
|
|
|
|
|
401
|
|
|
/** |
|
402
|
|
|
* @param \Symfony\Component\DependencyInjection\ContainerBuilder $container |
|
403
|
|
|
* @param string $service_name |
|
404
|
|
|
* @param array $bundle_config |
|
405
|
|
|
*/ |
|
406
|
|
|
private function updateJoseBundleConfigurationForVerifier(ContainerBuilder $container, $service_name, array $bundle_config) |
|
407
|
|
|
{ |
|
408
|
|
|
ConfigurationHelper::addVerifier($container, $service_name, $bundle_config['signature_algorithms'], false); |
|
409
|
|
|
} |
|
410
|
|
|
|
|
411
|
|
|
/** |
|
412
|
|
|
* @param \Symfony\Component\DependencyInjection\ContainerBuilder $container |
|
413
|
|
|
* @param string $service_name |
|
414
|
|
|
* @param array $bundle_config |
|
415
|
|
|
*/ |
|
416
|
|
|
private function updateJoseBundleConfigurationForDecrypter(ContainerBuilder $container, $service_name, array $bundle_config) |
|
417
|
|
|
{ |
|
418
|
|
|
if (true === $bundle_config['encryption']['enabled']) { |
|
419
|
|
|
ConfigurationHelper::addDecrypter($container, $service_name, $bundle_config['encryption']['key_encryption_algorithms'], $bundle_config['encryption']['content_encryption_algorithms'], ['DEF'], false); |
|
420
|
|
|
} |
|
421
|
|
|
} |
|
422
|
|
|
|
|
423
|
|
|
/** |
|
424
|
|
|
* @param \Symfony\Component\DependencyInjection\ContainerBuilder $container |
|
425
|
|
|
* @param string $service_name |
|
426
|
|
|
* @param array $bundle_config |
|
427
|
|
|
*/ |
|
428
|
|
|
private function updateJoseBundleConfigurationForChecker(ContainerBuilder $container, $service_name, array $bundle_config) |
|
429
|
|
|
{ |
|
430
|
|
|
ConfigurationHelper::addChecker($container, $service_name, $bundle_config['header_checkers'], $bundle_config['claim_checkers'], false); |
|
431
|
|
|
} |
|
432
|
|
|
|
|
433
|
|
|
/** |
|
434
|
|
|
* @param \Symfony\Component\DependencyInjection\ContainerBuilder $container |
|
435
|
|
|
* @param string $service_name |
|
436
|
|
|
* @param array $bundle_config |
|
437
|
|
|
*/ |
|
438
|
|
|
private function updateJoseBundleConfigurationForJWTLoader(ContainerBuilder $container, $service_name, array $bundle_config) |
|
439
|
|
|
{ |
|
440
|
|
|
$decrypter = null; |
|
441
|
|
|
if (true === $bundle_config['encryption']['enabled']) { |
|
442
|
|
|
$decrypter = sprintf('jose.decrypter.%s', $service_name); |
|
443
|
|
|
} |
|
444
|
|
|
ConfigurationHelper::addJWTLoader($container, $service_name, sprintf('jose.verifier.%s', $service_name), sprintf('jose.checker.%s', $service_name), $decrypter, false); |
|
445
|
|
|
} |
|
446
|
|
|
|
|
447
|
|
|
/** |
|
448
|
|
|
* @return \Closure |
|
449
|
|
|
*/ |
|
450
|
|
|
private function areClientAssertionSignatureAlgorithmsInvalid() |
|
451
|
|
|
{ |
|
452
|
|
|
return function ($data) { |
|
453
|
|
|
if (false === $data['enabled']) { |
|
454
|
|
|
return false; |
|
455
|
|
|
} |
|
456
|
|
|
|
|
457
|
|
|
return empty($data['signature_algorithms']); |
|
458
|
|
|
}; |
|
459
|
|
|
} |
|
460
|
|
|
|
|
461
|
|
|
/** |
|
462
|
|
|
* @param string $parameter |
|
463
|
|
|
* |
|
464
|
|
|
* @return \Closure |
|
465
|
|
|
*/ |
|
466
|
|
|
private function isClientAssertionEncryptionParameterInvalid($parameter) |
|
467
|
|
|
{ |
|
468
|
|
|
return function ($data) use ($parameter) { |
|
469
|
|
|
if (false === $data['encryption']['enabled']) { |
|
470
|
|
|
return false; |
|
471
|
|
|
} |
|
472
|
|
|
|
|
473
|
|
|
return empty($data['encryption'][$parameter]); |
|
474
|
|
|
}; |
|
475
|
|
|
} |
|
476
|
|
|
} |
|
477
|
|
|
|
OAuth2-Framework /
oauth2-framework
Loading history...
This check looks for calls to methods that do not seem to exist on a given type. It looks for the method on the type itself as well as in inherited classes or implemented interfaces.
This is most likely a typographical error or the method has been renamed.