php-guard /
oauth-server
@@ -14,5 +14,5 @@ |
||
| 14 | 14 | interface ScopePolicyInterface |
| 15 | 15 | { |
| 16 | 16 | // function check(array $scope, ClientInterface $client): bool ; |
| 17 | - function getDefaultScopes(ClientInterface $client) : ?array ; |
|
| 17 | + function getDefaultScopes(ClientInterface $client) : ?array; |
|
| 18 | 18 | } |
| 19 | 19 | \ No newline at end of file |
@@ -53,7 +53,7 @@ |
||
| 53 | 53 | if (!$this->scopePolicyManager->checkScope($client, $scope)) { |
| 54 | 54 | $supportedScopes = implode(', ', $this->scopePolicyManager->getSupportedScopes($client)); |
| 55 | 55 | throw new OAuthException('invalid_scope', |
| 56 | - 'Some of requested scopes are not supported. Scope supported : ' . $supportedScopes, |
|
| 56 | + 'Some of requested scopes are not supported. Scope supported : '.$supportedScopes, |
|
| 57 | 57 | 'https://tools.ietf.org/html/rfc6749#section-4.1'); |
| 58 | 58 | } |
| 59 | 59 | |
@@ -63,14 +63,14 @@ discard block |
||
| 63 | 63 | 'https://tools.ietf.org/html/rfc6749#section-5.2'); |
| 64 | 64 | } |
| 65 | 65 | |
| 66 | - $username= $request->getParsedBody()['username'] ?? ''; |
|
| 67 | - if(!$username) { |
|
| 66 | + $username = $request->getParsedBody()['username'] ?? ''; |
|
| 67 | + if (!$username) { |
|
| 68 | 68 | throw new OAuthException('invalid_request', 'Missing a required parameter : username', |
| 69 | 69 | 'https://tools.ietf.org/html/rfc6749#section-4.3'); |
| 70 | 70 | } |
| 71 | 71 | |
| 72 | - $password= $request->getParsedBody()['password'] ?? ''; |
|
| 73 | - if(!$password) { |
|
| 72 | + $password = $request->getParsedBody()['password'] ?? ''; |
|
| 73 | + if (!$password) { |
|
| 74 | 74 | throw new OAuthException('invalid_request', 'Missing a required parameter : password', |
| 75 | 75 | 'https://tools.ietf.org/html/rfc6749#section-4.3'); |
| 76 | 76 | } |
@@ -79,7 +79,7 @@ discard block |
||
| 79 | 79 | if (!$this->scopePolicyManager->checkScope($client, $scope)) { |
| 80 | 80 | $supportedScopes = implode(', ', $this->scopePolicyManager->getSupportedScopes($client)); |
| 81 | 81 | throw new OAuthException('invalid_scope', |
| 82 | - 'Some of requested scopes are not supported. Scope supported : ' . $supportedScopes, |
|
| 82 | + 'Some of requested scopes are not supported. Scope supported : '.$supportedScopes, |
|
| 83 | 83 | 'https://tools.ietf.org/html/rfc6749#section-4.1'); |
| 84 | 84 | } |
| 85 | 85 | |
@@ -85,8 +85,7 @@ |
||
| 85 | 85 | |
| 86 | 86 | try { |
| 87 | 87 | $resourceOwner = $this->resourceOwnerProvider->authenticate($username, $password); |
| 88 | - } |
|
| 89 | - catch (\Exception $e) { |
|
| 88 | + } catch (\Exception $e) { |
|
| 90 | 89 | throw new OAuthException('invalid_grant', $e->getMessage(), |
| 91 | 90 | 'https://tools.ietf.org/html/rfc6749#section-4.3'); |
| 92 | 91 | } |
@@ -65,18 +65,18 @@ discard block |
||
| 65 | 65 | } |
| 66 | 66 | |
| 67 | 67 | $refreshToken = $request->getParsedBody()['refresh_token'] ?? ''; |
| 68 | - if(!$refreshToken) { |
|
| 68 | + if (!$refreshToken) { |
|
| 69 | 69 | throw new OAuthException('invalid_request', 'Missing a required parameter : refresh_token', |
| 70 | 70 | 'https://tools.ietf.org/html/rfc6749#section-4.3'); |
| 71 | 71 | } |
| 72 | 72 | |
| 73 | 73 | $refreshToken = $this->refreshTokenStorage->get($refreshToken); |
| 74 | - if(!$refreshToken || $refreshToken->getClientId() !== $client->getIdentifier()) { |
|
| 74 | + if (!$refreshToken || $refreshToken->getClientId() !== $client->getIdentifier()) { |
|
| 75 | 75 | throw new OAuthException('invalid_grant', 'Refresh token is invalid', |
| 76 | 76 | 'https://tools.ietf.org/html/rfc6749#section-4.3'); |
| 77 | 77 | } |
| 78 | 78 | |
| 79 | - if(!is_null($refreshToken->getExpiresAt()) && $refreshToken->getExpiresAt() < time()) { |
|
| 79 | + if (!is_null($refreshToken->getExpiresAt()) && $refreshToken->getExpiresAt() < time()) { |
|
| 80 | 80 | $this->refreshTokenStorage->revoke($refreshToken->getToken()); |
| 81 | 81 | |
| 82 | 82 | throw new OAuthException('invalid_grant', 'Refresh token has expired', |
@@ -84,16 +84,16 @@ discard block |
||
| 84 | 84 | } |
| 85 | 85 | |
| 86 | 86 | $includedScopes = isset($request->getParsedBody()['scope']) ? explode(' ', $request->getParsedBody()['scope']) : null; |
| 87 | - if(is_array($includedScopes) && !empty(array_diff($includedScopes, explode(' ', $refreshToken->getToken())))) { |
|
| 87 | + if (is_array($includedScopes) && !empty(array_diff($includedScopes, explode(' ', $refreshToken->getToken())))) { |
|
| 88 | 88 | throw new OAuthException('invalid_scope', |
| 89 | - 'Some of scope included are not granted for this token. Scope granted : ' . $refreshToken->getScope(), |
|
| 89 | + 'Some of scope included are not granted for this token. Scope granted : '.$refreshToken->getScope(), |
|
| 90 | 90 | 'https://tools.ietf.org/html/rfc6749#section-6'); |
| 91 | 91 | } |
| 92 | 92 | |
| 93 | 93 | // issue an access token token and, optionally, a refresh token |
| 94 | 94 | $accessToken = $this->accessTokenStorage->create($client->getIdentifier(), $refreshToken->getUserId(), $refreshToken->getScope()); |
| 95 | 95 | $newRefreshToken = null; |
| 96 | - if($this->configurationRepository->getConfig(Config::REGENERATE_REFRESH_TOKENS_AFTER_USE)) { |
|
| 96 | + if ($this->configurationRepository->getConfig(Config::REGENERATE_REFRESH_TOKENS_AFTER_USE)) { |
|
| 97 | 97 | $this->refreshTokenStorage->revoke($refreshToken->getToken()); |
| 98 | 98 | $newRefreshToken = $this->refreshTokenStorage->create( |
| 99 | 99 | $refreshToken->getClientId(), $refreshToken->getUserId(), $refreshToken->getScope())->getToken(); |
@@ -73,7 +73,7 @@ |
||
| 73 | 73 | |
| 74 | 74 | $this->authorizationCodeStorage->revoke($authorizationCode->getCode()); |
| 75 | 75 | |
| 76 | - if($authorizationCode->getExpiresAt() < time()) { |
|
| 76 | + if ($authorizationCode->getExpiresAt() < time()) { |
|
| 77 | 77 | throw new OAuthException('invalid_grant', 'Authorization code has expired', |
| 78 | 78 | 'https://tools.ietf.org/html/rfc6749#section-4.1.3'); |
| 79 | 79 | } |
@@ -96,11 +96,11 @@ |
||
| 96 | 96 | * @throws \Exception |
| 97 | 97 | */ |
| 98 | 98 | public function validate() { |
| 99 | - if(!$this->responseType) { |
|
| 99 | + if (!$this->responseType) { |
|
| 100 | 100 | throw new \Exception('Missing response_type parameter'); |
| 101 | 101 | } |
| 102 | 102 | |
| 103 | - if(!$this->clientId) { |
|
| 103 | + if (!$this->clientId) { |
|
| 104 | 104 | throw new \Exception('Missing client_id parameter'); |
| 105 | 105 | } |
| 106 | 106 | return true; |
@@ -30,12 +30,12 @@ |
||
| 30 | 30 | { |
| 31 | 31 | $missingClaims = array_diff(self::REQUIRED_CLAIMS, array_keys($claims)); |
| 32 | 32 | if (!empty($missingClaims)) { |
| 33 | - throw new \Exception('Missing claims : ' . implode(', ', $missingClaims)); |
|
| 33 | + throw new \Exception('Missing claims : '.implode(', ', $missingClaims)); |
|
| 34 | 34 | } |
| 35 | 35 | |
| 36 | 36 | $undefinedClaims = array_diff(array_keys($claims), self::DEFINED_CLAIMS); |
| 37 | 37 | if (!empty($undefinedClaims)) { |
| 38 | - throw new \Exception('Undefined claims : ' . implode(', ', $undefinedClaims)); |
|
| 38 | + throw new \Exception('Undefined claims : '.implode(', ', $undefinedClaims)); |
|
| 39 | 39 | } |
| 40 | 40 | |
| 41 | 41 | // todo check nonce required if present in authentication request |
@@ -159,7 +159,7 @@ discard block |
||
| 159 | 159 | } |
| 160 | 160 | |
| 161 | 161 | // OpenID |
| 162 | - if(!in_array('openid', $scope)) { |
|
| 162 | + if (!in_array('openid', $scope)) { |
|
| 163 | 163 | return compact('client', 'redirectUri', 'responseTypes', 'data', 'scope', 'isSecure'); |
| 164 | 164 | } |
| 165 | 165 | |
@@ -204,7 +204,7 @@ discard block |
||
| 204 | 204 | if (!$scopePolicyManager->checkScope($client, $scope)) { |
| 205 | 205 | $supportedScopes = implode(', ', $scopePolicyManager->getSupportedScopes($client)); |
| 206 | 206 | throw new OAuthException('invalid_scope', |
| 207 | - 'Some of requested scopes are not supported. Scope supported : ' . $supportedScopes, |
|
| 207 | + 'Some of requested scopes are not supported. Scope supported : '.$supportedScopes, |
|
| 208 | 208 | 'https://tools.ietf.org/html/rfc6749#section-4.1'); |
| 209 | 209 | } |
| 210 | 210 | |
@@ -213,13 +213,13 @@ discard block |
||
| 213 | 213 | |
| 214 | 214 | protected function checkRedirectionEndpointConfidentiality(ClientInterface $client, array $responseTypes, Uri $redirectUri) : bool { |
| 215 | 215 | $enforceTls = $this->server->getConfigurationRepository()->getConfig(Config::ENFORCE_TLS); |
| 216 | - if($redirectUri->getScheme() === 'https') { |
|
| 216 | + if ($redirectUri->getScheme() === 'https') { |
|
| 217 | 217 | return true; |
| 218 | 218 | } |
| 219 | 219 | |
| 220 | 220 | foreach ($responseTypes as $responseType) { |
| 221 | - if($responseType->requireTLS()) { |
|
| 222 | - if($enforceTls === true || (is_null($enforceTls) && $client->isTLSSupported())) { |
|
| 221 | + if ($responseType->requireTLS()) { |
|
| 222 | + if ($enforceTls === true || (is_null($enforceTls) && $client->isTLSSupported())) { |
|
| 223 | 223 | throw new OAuthException('access_denied', |
| 224 | 224 | 'Require the use of TLS for the redirect URI', |
| 225 | 225 | 'https://tools.ietf.org/html/rfc6749#section-3.1.2.1'); |
@@ -340,12 +340,12 @@ discard block |
||
| 340 | 340 | $responseType = $this->server->getResponseTypeRepository()->getResponseType($responseTypeName); |
| 341 | 341 | if (!$responseType) { |
| 342 | 342 | throw new OAuthException('invalid_request', |
| 343 | - 'Unknown response_type : ' . $responseTypeName); |
|
| 343 | + 'Unknown response_type : '.$responseTypeName); |
|
| 344 | 344 | } |
| 345 | 345 | |
| 346 | 346 | if (!$responseType->isMultiValuedResponseTypeSupported() == ResponseTypeInterface::RESPONSE_MODE_FRAGMENT) { |
| 347 | 347 | throw new OAuthException('invalid_request', |
| 348 | - 'Multi-valued response_type not supported with response_type : ' . $responseTypeName); |
|
| 348 | + 'Multi-valued response_type not supported with response_type : '.$responseTypeName); |
|
| 349 | 349 | } |
| 350 | 350 | |
| 351 | 351 | $responseTypes[] = $responseType; |
@@ -393,7 +393,7 @@ discard block |
||
| 393 | 393 | |
| 394 | 394 | if (!in_array($responseMode, $supportedResponsesModes)) { |
| 395 | 395 | throw new OAuthException('invalid_request', |
| 396 | - 'Unsupported response_mode. Supported response_mode are : ' . implode(', ', $supportedResponsesModes)); |
|
| 396 | + 'Unsupported response_mode. Supported response_mode are : '.implode(', ', $supportedResponsesModes)); |
|
| 397 | 397 | } |
| 398 | 398 | |
| 399 | 399 | if ($responseMode === ResponseTypeInterface::RESPONSE_MODE_QUERY && !$isResponseModeQueryAllowed) { |
@@ -68,8 +68,7 @@ |
||
| 68 | 68 | // https://developer.okta.com/docs/api/resources/oidc#parameter-details |
| 69 | 69 | if (isset($data['response_mode']) && $data['response_mode'] == 'post_message') { |
| 70 | 70 | return $this->popupResponse(['access_token' => 'a'], $redirectUri); |
| 71 | - } |
|
| 72 | - else { |
|
| 71 | + } else { |
|
| 73 | 72 | return new AuthorizationResponse($redirectUri); |
| 74 | 73 | } |
| 75 | 74 | } |
@@ -31,7 +31,7 @@ |
||
| 31 | 31 | * @return array |
| 32 | 32 | */ |
| 33 | 33 | public function handle(ServerRequestInterface $request, ResourceOwnerInterface $resourceOwner, |
| 34 | - RegisteredClient $client, ?array $scope = null): array |
|
| 34 | + RegisteredClient $client, ?array $scope = null): array |
|
| 35 | 35 | { |
| 36 | 36 | return []; |
| 37 | 37 | } |
