1 | <?php |
||
2 | |||
3 | declare(strict_types=1); |
||
4 | |||
5 | /* |
||
6 | * The MIT License (MIT) |
||
7 | * |
||
8 | * Copyright (c) 2014-2019 Spomky-Labs |
||
9 | * |
||
10 | * This software may be modified and distributed under the terms |
||
11 | * of the MIT license. See the LICENSE file for details. |
||
12 | */ |
||
13 | |||
14 | namespace OAuth2Framework\Component\AuthorizationCodeGrant; |
||
15 | |||
16 | use OAuth2Framework\Component\AuthorizationCodeGrant\PKCEMethod\PKCEMethodManager; |
||
17 | use OAuth2Framework\Component\AuthorizationEndpoint\AuthorizationRequest\AuthorizationRequest; |
||
18 | use OAuth2Framework\Component\AuthorizationEndpoint\ResponseType\ResponseType; |
||
19 | use OAuth2Framework\Component\Core\DataBag\DataBag; |
||
20 | use OAuth2Framework\Component\Core\Message\OAuth2Error; |
||
21 | use OAuth2Framework\Component\Core\TokenType\TokenType; |
||
22 | use function Safe\sprintf; |
||
23 | |||
24 | final class AuthorizationCodeResponseType implements ResponseType |
||
25 | { |
||
26 | /** |
||
27 | * @var int |
||
28 | */ |
||
29 | private $authorizationCodeLifetime; |
||
30 | |||
31 | /** |
||
32 | * @var bool |
||
33 | */ |
||
34 | private $pkceForPublicClientsEnforced; |
||
35 | |||
36 | /** |
||
37 | * @var AuthorizationCodeRepository |
||
38 | */ |
||
39 | private $authorizationCodeRepository; |
||
40 | |||
41 | /** |
||
42 | * @var PKCEMethodManager |
||
43 | */ |
||
44 | private $pkceMethodManager; |
||
45 | |||
46 | public function __construct(AuthorizationCodeRepository $authorizationCodeRepository, int $authorizationCodeLifetime, PKCEMethodManager $pkceMethodManager, bool $pkceForPublicClientsEnforced) |
||
47 | { |
||
48 | $this->authorizationCodeRepository = $authorizationCodeRepository; |
||
49 | $this->authorizationCodeLifetime = $authorizationCodeLifetime; |
||
50 | $this->pkceMethodManager = $pkceMethodManager; |
||
51 | $this->pkceForPublicClientsEnforced = $pkceForPublicClientsEnforced; |
||
52 | } |
||
53 | |||
54 | public function associatedGrantTypes(): array |
||
55 | { |
||
56 | return ['authorization_code']; |
||
57 | } |
||
58 | |||
59 | public function name(): string |
||
60 | { |
||
61 | return 'code'; |
||
62 | } |
||
63 | |||
64 | public function getResponseMode(): string |
||
65 | { |
||
66 | return self::RESPONSE_TYPE_MODE_QUERY; |
||
67 | } |
||
68 | |||
69 | public function preProcess(AuthorizationRequest $authorization): void |
||
70 | { |
||
71 | $queryParams = $authorization->getQueryParams(); |
||
72 | |||
73 | if (!\array_key_exists('code_challenge', $queryParams)) { |
||
74 | if (true === $this->pkceForPublicClientsEnforced && $authorization->getClient()->isPublic()) { |
||
75 | throw OAuth2Error::invalidRequest('Non-confidential clients must set a proof key (PKCE) for code exchange.'); |
||
76 | } |
||
77 | } else { |
||
78 | $codeChallengeMethod = \array_key_exists('code_challenge_method', $queryParams) ? $queryParams['code_challenge_method'] : 'plain'; |
||
79 | if (!$this->pkceMethodManager->has($codeChallengeMethod)) { |
||
80 | throw OAuth2Error::invalidRequest(sprintf('The challenge method "%s" is not supported.', $codeChallengeMethod)); |
||
81 | } |
||
82 | } |
||
83 | |||
84 | $authorizationCode = $this->authorizationCodeRepository->create( |
||
85 | $authorization->getClient()->getClientId(), |
||
86 | $authorization->getUserAccount()->getUserAccountId(), |
||
87 | $authorization->getQueryParams(), |
||
88 | $authorization->getRedirectUri(), |
||
89 | (new \DateTimeImmutable())->setTimestamp(time() + $this->authorizationCodeLifetime), |
||
0 ignored issues
–
show
Bug
introduced
by
Loading history...
|
|||
90 | new DataBag([]), |
||
91 | $authorization->getMetadata(), |
||
92 | null !== $authorization->getResourceServer() ? $authorization->getResourceServer()->getResourceServerId() : null |
||
93 | ); |
||
94 | $this->authorizationCodeRepository->save($authorizationCode); |
||
95 | $authorization->setResponseParameter('code', $authorizationCode->getId()->getValue()); |
||
96 | } |
||
97 | |||
98 | public function process(AuthorizationRequest $authorization, TokenType $tokenType): void |
||
99 | { |
||
100 | //Nothing to do |
||
101 | } |
||
102 | } |
||
103 |