|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
declare(strict_types=1); |
|
4
|
|
|
|
|
5
|
|
|
namespace Facile\OpenIDClient\ConformanceTest\RpTest; |
|
6
|
|
|
|
|
7
|
|
|
use Facile\JoseVerifier\JWK\MemoryJwksProvider; |
|
8
|
|
|
use Http\Discovery\Psr17FactoryDiscovery; |
|
9
|
|
|
use Http\Discovery\Psr18ClientDiscovery; |
|
10
|
|
|
use Psr\Http\Client\ClientInterface as HttpClient; |
|
11
|
|
|
use Psr\Http\Message\RequestFactoryInterface; |
|
12
|
|
|
use Psr\Http\Message\ResponseInterface; |
|
13
|
|
|
use Facile\OpenIDClient\Client\ClientBuilder; |
|
14
|
|
|
use Facile\OpenIDClient\Issuer\IssuerBuilder; |
|
15
|
|
|
use Facile\OpenIDClient\Service\RegistrationService; |
|
16
|
|
|
use function array_merge; |
|
17
|
|
|
use Http\Client\Common\HttpMethodsClientInterface; |
|
18
|
|
|
use Jose\Component\Core\JWKSet; |
|
19
|
|
|
use Psr\Container\ContainerInterface; |
|
20
|
|
|
use Psr\Http\Message\ServerRequestInterface; |
|
21
|
|
|
use Facile\OpenIDClient\Client\ClientInterface; |
|
22
|
|
|
use Facile\OpenIDClient\ConformanceTest\TestInfo; |
|
23
|
|
|
use Facile\OpenIDClient\Exception\OAuth2Exception; |
|
24
|
|
|
use Facile\OpenIDClient\Exception\RemoteException; |
|
25
|
|
|
use Facile\OpenIDClient\Client\Metadata\ClientMetadata; |
|
26
|
|
|
use Laminas\Diactoros\ServerRequestFactory; |
|
27
|
|
|
use function json_decode; |
|
28
|
|
|
use function json_encode; |
|
29
|
|
|
|
|
30
|
|
|
abstract class AbstractRpTest implements RpTestInterface |
|
31
|
|
|
{ |
|
32
|
|
|
protected const REDIRECT_URI = 'https://rp.test/callback'; |
|
33
|
|
|
|
|
34
|
|
|
/** @var ContainerInterface */ |
|
35
|
|
|
private $container; |
|
36
|
|
|
|
|
37
|
|
|
public function __construct(ContainerInterface $container) |
|
38
|
|
|
{ |
|
39
|
|
|
$this->container = $container; |
|
40
|
|
|
} |
|
41
|
|
|
|
|
42
|
|
|
/** |
|
43
|
|
|
* @return ContainerInterface |
|
44
|
|
|
*/ |
|
45
|
|
|
public function getContainer(): ContainerInterface |
|
46
|
|
|
{ |
|
47
|
|
|
return $this->container; |
|
48
|
|
|
} |
|
49
|
|
|
|
|
50
|
|
|
public function registerClient(TestInfo $testInfo, array $metadata = [], JWKSet $jwks = null): ClientInterface |
|
51
|
|
|
{ |
|
52
|
|
|
$issuer = (new IssuerBuilder()) |
|
53
|
|
|
->build($testInfo->getRpUri() . '/' . $this->getTestId() . '/.well-known/openid-configuration'); |
|
54
|
|
|
|
|
55
|
|
|
$registrationService = new RegistrationService(); |
|
|
|
|
|
|
56
|
|
|
|
|
57
|
|
|
$metadata = array_merge([ |
|
58
|
|
|
'client_name' => 'php-openid-client/v1.x (https://github.com/facile-it/php-openid-client)', |
|
59
|
|
|
'redirect_uris' => [static::REDIRECT_URI], |
|
60
|
|
|
'contacts' => [ |
|
61
|
|
|
'[email protected]', |
|
62
|
|
|
], |
|
63
|
|
|
'grant_types' => [ |
|
64
|
|
|
'authorization_code', |
|
65
|
|
|
'implicit', |
|
66
|
|
|
], |
|
67
|
|
|
'response_types' => [ |
|
68
|
|
|
$testInfo->getResponseType(), |
|
69
|
|
|
], |
|
70
|
|
|
], $metadata); |
|
71
|
|
|
|
|
72
|
|
|
try { |
|
73
|
|
|
$clientMetadata = ClientMetadata::fromArray($registrationService->register($issuer, $metadata)); |
|
74
|
|
|
} catch (OAuth2Exception $e) { |
|
75
|
|
|
echo sprintf('%s (%s)', $e->getMessage(), $e->getDescription()) . PHP_EOL; |
|
76
|
|
|
throw $e; |
|
77
|
|
|
} catch (RemoteException $e) { |
|
78
|
|
|
echo $e->getResponse()->getBody() . PHP_EOL; |
|
79
|
|
|
throw $e; |
|
80
|
|
|
} |
|
81
|
|
|
|
|
82
|
|
|
return (new ClientBuilder()) |
|
83
|
|
|
->setIssuer($issuer) |
|
84
|
|
|
->setClientMetadata($clientMetadata) |
|
85
|
|
|
->setJwksProvider(new MemoryJwksProvider(json_decode(json_encode($jwks ?? ['keys' => []]), true))) |
|
86
|
|
|
->build(); |
|
87
|
|
|
} |
|
88
|
|
|
|
|
89
|
|
|
protected function httpGet(string $uri, array $headers = []): ResponseInterface |
|
90
|
|
|
{ |
|
91
|
|
|
/** @var HttpClient $client */ |
|
92
|
|
|
$httpClient = $this->getContainer()->has(HttpClient::class) |
|
93
|
|
|
? $this->getContainer()->get(HttpClient::class) |
|
94
|
|
|
: Psr18ClientDiscovery::find(); |
|
95
|
|
|
$requestFactory = $this->getContainer()->has(RequestFactoryInterface::class) |
|
96
|
|
|
? $this->getContainer()->get(RequestFactoryInterface::class) |
|
97
|
|
|
: Psr17FactoryDiscovery::findRequestFactory(); |
|
98
|
|
|
|
|
99
|
|
|
$request = $requestFactory->createRequest('GET', $uri); |
|
100
|
|
|
|
|
101
|
|
|
foreach ($headers as $key => $value) { |
|
102
|
|
|
$request = $request->withHeader($key, $value); |
|
103
|
|
|
} |
|
104
|
|
|
|
|
105
|
|
|
return $httpClient->sendRequest($request); |
|
106
|
|
|
} |
|
107
|
|
|
|
|
108
|
|
|
protected function simulateAuthRedirect(string $uri, string $accept = 'application/json'): ServerRequestInterface |
|
109
|
|
|
{ |
|
110
|
|
|
$response = $this->httpGet($uri, ['accept' => $accept]); |
|
111
|
|
|
|
|
112
|
|
|
$serverRequestFactory = new ServerRequestFactory(); |
|
113
|
|
|
|
|
114
|
|
|
/** @var string $location */ |
|
115
|
|
|
$location = $response->getHeader('location')[0] ?? null; |
|
116
|
|
|
|
|
117
|
|
|
return $serverRequestFactory->createServerRequest('GET', $location); |
|
118
|
|
|
} |
|
119
|
|
|
} |
|
120
|
|
|
|
facile-it /
php-openid-client
This check compares calls to functions or methods with their respective definitions. If the call has less arguments than are defined, it raises an issue.
If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. Please note the @ignore annotation hint above.