php-guard /
oauth-server
@@ -40,7 +40,7 @@ discard block |
||
| 40 | 40 | public function __construct(array $config = []) |
| 41 | 41 | { |
| 42 | 42 | if (array_diff(self::MINIMAL_CONFIG, array_keys($config))) { |
| 43 | - throw new \Exception('Missing minimal configuration. Required : ' . implode(', ', self::MINIMAL_CONFIG)); |
|
| 43 | + throw new \Exception('Missing minimal configuration. Required : '.implode(', ', self::MINIMAL_CONFIG)); |
|
| 44 | 44 | } |
| 45 | 45 | |
| 46 | 46 | $this->config = array_merge(self::DEFAULT_CONFIG, $config); |
@@ -52,7 +52,7 @@ discard block |
||
| 52 | 52 | * @throws \Exception |
| 53 | 53 | */ |
| 54 | 54 | public function getConfig(string $name) { |
| 55 | - if(!array_key_exists($name, $this->config)) { |
|
| 55 | + if (!array_key_exists($name, $this->config)) { |
|
| 56 | 56 | throw new \Exception("Unknown config '$name' in ".implode(', ', array_keys($this->config))); |
| 57 | 57 | } |
| 58 | 58 | return $this->config[$name]; |
@@ -34,10 +34,10 @@ discard block |
||
| 34 | 34 | public function __construct(array $storages) |
| 35 | 35 | { |
| 36 | 36 | foreach (static::STORAGES_INTERFACES as $name => $interface) { |
| 37 | - if(!isset($storages[$name])) { |
|
| 37 | + if (!isset($storages[$name])) { |
|
| 38 | 38 | throw new \Exception("Missing storage '$name'"); |
| 39 | 39 | } |
| 40 | - if(!is_a($storages[$name], $interface)) { |
|
| 40 | + if (!is_a($storages[$name], $interface)) { |
|
| 41 | 41 | throw new \Exception("Storage '$name' must implement '$interface'"); |
| 42 | 42 | } |
| 43 | 43 | $this->storages[$name] = $storages[$name]; |
@@ -50,7 +50,7 @@ discard block |
||
| 50 | 50 | * @throws \Exception |
| 51 | 51 | */ |
| 52 | 52 | public function getStorage(string $name) { |
| 53 | - if(!isset($this->storages[$name])) { |
|
| 53 | + if (!isset($this->storages[$name])) { |
|
| 54 | 54 | throw new \Exception("Unknown storage '$name'"); |
| 55 | 55 | } |
| 56 | 56 | return $this->storages[$name]; |
@@ -29,7 +29,7 @@ |
||
| 29 | 29 | */ |
| 30 | 30 | public function __construct(array $authenticators) |
| 31 | 31 | { |
| 32 | - if(!isset($authenticators[ClientPasswordAuthenticator::class])) { |
|
| 32 | + if (!isset($authenticators[ClientPasswordAuthenticator::class])) { |
|
| 33 | 33 | throw new \Exception('Authorization server MUST support the HTTP Basic authentication scheme'); |
| 34 | 34 | } |
| 35 | 35 | $this->authenticators = $authenticators; |
@@ -53,7 +53,7 @@ |
||
| 53 | 53 | if (!$this->scopePolicyManager->checkScope($client, $scope)) { |
| 54 | 54 | $supportedScopes = implode(', ', $this->scopePolicyManager->getSupportedScopes($client)); |
| 55 | 55 | throw new OAuthException('invalid_scope', |
| 56 | - 'Some of requested scopes are not supported. Scope supported : ' . $supportedScopes, |
|
| 56 | + 'Some of requested scopes are not supported. Scope supported : '.$supportedScopes, |
|
| 57 | 57 | 'https://tools.ietf.org/html/rfc6749#section-4.1'); |
| 58 | 58 | } |
| 59 | 59 | |
@@ -65,18 +65,18 @@ discard block |
||
| 65 | 65 | } |
| 66 | 66 | |
| 67 | 67 | $refreshToken = $request->getParsedBody()['refresh_token'] ?? ''; |
| 68 | - if(!$refreshToken) { |
|
| 68 | + if (!$refreshToken) { |
|
| 69 | 69 | throw new OAuthException('invalid_request', 'Missing a required parameter : refresh_token', |
| 70 | 70 | 'https://tools.ietf.org/html/rfc6749#section-4.3'); |
| 71 | 71 | } |
| 72 | 72 | |
| 73 | 73 | $refreshToken = $this->refreshTokenStorage->get($refreshToken); |
| 74 | - if(!$refreshToken || $refreshToken->getClientId() !== $client->getIdentifier()) { |
|
| 74 | + if (!$refreshToken || $refreshToken->getClientId() !== $client->getIdentifier()) { |
|
| 75 | 75 | throw new OAuthException('invalid_grant', 'Refresh token is invalid', |
| 76 | 76 | 'https://tools.ietf.org/html/rfc6749#section-4.3'); |
| 77 | 77 | } |
| 78 | 78 | |
| 79 | - if(!is_null($refreshToken->getExpiresAt()) && $refreshToken->getExpiresAt() < time()) { |
|
| 79 | + if (!is_null($refreshToken->getExpiresAt()) && $refreshToken->getExpiresAt() < time()) { |
|
| 80 | 80 | $this->refreshTokenStorage->revoke($refreshToken->getToken()); |
| 81 | 81 | |
| 82 | 82 | throw new OAuthException('invalid_grant', 'Refresh token has expired', |
@@ -84,16 +84,16 @@ discard block |
||
| 84 | 84 | } |
| 85 | 85 | |
| 86 | 86 | $includedScopes = isset($request->getParsedBody()['scope']) ? explode(' ', $request->getParsedBody()['scope']) : null; |
| 87 | - if(is_array($includedScopes) && !empty(array_diff($includedScopes, explode(' ', $refreshToken->getToken())))) { |
|
| 87 | + if (is_array($includedScopes) && !empty(array_diff($includedScopes, explode(' ', $refreshToken->getToken())))) { |
|
| 88 | 88 | throw new OAuthException('invalid_scope', |
| 89 | - 'Some of scope included are not granted for this token. Scope granted : ' . $refreshToken->getScope(), |
|
| 89 | + 'Some of scope included are not granted for this token. Scope granted : '.$refreshToken->getScope(), |
|
| 90 | 90 | 'https://tools.ietf.org/html/rfc6749#section-6'); |
| 91 | 91 | } |
| 92 | 92 | |
| 93 | 93 | // issue an access token token and, optionally, a refresh token |
| 94 | 94 | $accessToken = $this->accessTokenStorage->create($client->getIdentifier(), $refreshToken->getUserId(), $refreshToken->getScope()); |
| 95 | 95 | $newRefreshToken = null; |
| 96 | - if($this->configurationRepository->getConfig(Config::REGENERATE_REFRESH_TOKENS_AFTER_USE)) { |
|
| 96 | + if ($this->configurationRepository->getConfig(Config::REGENERATE_REFRESH_TOKENS_AFTER_USE)) { |
|
| 97 | 97 | $this->refreshTokenStorage->revoke($refreshToken->getToken()); |
| 98 | 98 | $newRefreshToken = $this->refreshTokenStorage->create( |
| 99 | 99 | $refreshToken->getClientId(), $refreshToken->getUserId(), $refreshToken->getScope())->getToken(); |
@@ -63,14 +63,14 @@ discard block |
||
| 63 | 63 | 'https://tools.ietf.org/html/rfc6749#section-5.2'); |
| 64 | 64 | } |
| 65 | 65 | |
| 66 | - $username= $request->getParsedBody()['username'] ?? ''; |
|
| 67 | - if(!$username) { |
|
| 66 | + $username = $request->getParsedBody()['username'] ?? ''; |
|
| 67 | + if (!$username) { |
|
| 68 | 68 | throw new OAuthException('invalid_request', 'Missing a required parameter : username', |
| 69 | 69 | 'https://tools.ietf.org/html/rfc6749#section-4.3'); |
| 70 | 70 | } |
| 71 | 71 | |
| 72 | - $password= $request->getParsedBody()['password'] ?? ''; |
|
| 73 | - if(!$password) { |
|
| 72 | + $password = $request->getParsedBody()['password'] ?? ''; |
|
| 73 | + if (!$password) { |
|
| 74 | 74 | throw new OAuthException('invalid_request', 'Missing a required parameter : password', |
| 75 | 75 | 'https://tools.ietf.org/html/rfc6749#section-4.3'); |
| 76 | 76 | } |
@@ -79,7 +79,7 @@ discard block |
||
| 79 | 79 | if (!$this->scopePolicyManager->checkScope($client, $scope)) { |
| 80 | 80 | $supportedScopes = implode(', ', $this->scopePolicyManager->getSupportedScopes($client)); |
| 81 | 81 | throw new OAuthException('invalid_scope', |
| 82 | - 'Some of requested scopes are not supported. Scope supported : ' . $supportedScopes, |
|
| 82 | + 'Some of requested scopes are not supported. Scope supported : '.$supportedScopes, |
|
| 83 | 83 | 'https://tools.ietf.org/html/rfc6749#section-4.1'); |
| 84 | 84 | } |
| 85 | 85 | |
@@ -85,8 +85,7 @@ |
||
| 85 | 85 | |
| 86 | 86 | try { |
| 87 | 87 | $resourceOwner = $this->resourceOwnerProvider->authenticate($username, $password); |
| 88 | - } |
|
| 89 | - catch (\Exception $e) { |
|
| 88 | + } catch (\Exception $e) { |
|
| 90 | 89 | throw new OAuthException('invalid_grant', $e->getMessage(), |
| 91 | 90 | 'https://tools.ietf.org/html/rfc6749#section-4.3'); |
| 92 | 91 | } |
@@ -73,7 +73,7 @@ |
||
| 73 | 73 | |
| 74 | 74 | $this->authorizationCodeStorage->revoke($authorizationCode->getCode()); |
| 75 | 75 | |
| 76 | - if($authorizationCode->getExpiresAt() < time()) { |
|
| 76 | + if ($authorizationCode->getExpiresAt() < time()) { |
|
| 77 | 77 | throw new OAuthException('invalid_grant', 'Authorization code has expired', |
| 78 | 78 | 'https://tools.ietf.org/html/rfc6749#section-4.1.3'); |
| 79 | 79 | } |
@@ -51,7 +51,7 @@ |
||
| 51 | 51 | { |
| 52 | 52 | if ($client instanceof RegisteredClient && is_array($client->getMetadata()->getScope())) { |
| 53 | 53 | $supportedScopes = explode(' ', $client->getMetadata()->getScope()); |
| 54 | - if(empty($scopes) || !empty(array_diff($scopes, $supportedScopes))) { |
|
| 54 | + if (empty($scopes) || !empty(array_diff($scopes, $supportedScopes))) { |
|
| 55 | 55 | throw new OAuthException('invalid_scope', |
| 56 | 56 | 'The request scope is invalid. Supported scopes : '.$client->getMetadata()->getScope(), |
| 57 | 57 | 'https://tools.ietf.org/html/rfc6749#section-4.1'); |
@@ -212,7 +212,7 @@ |
||
| 212 | 212 | } |
| 213 | 213 | else { |
| 214 | 214 | if (count($redirectUris) == 1) { |
| 215 | - $redirectUri = $redirectUris[0]; |
|
| 215 | + $redirectUri = $redirectUris[0]; |
|
| 216 | 216 | } |
| 217 | 217 | else { |
| 218 | 218 | throw new OAuthException('invalid_request', 'The request is missing the required parameter redirect_uri.', |
@@ -124,14 +124,14 @@ discard block |
||
| 124 | 124 | * If the Authorization Server encounters any error, it MUST return an error response, per Section 3.1.2.6. |
| 125 | 125 | */ |
| 126 | 126 | $uri = $this->getRedirectUri(); |
| 127 | - if(!empty($this->state)) { |
|
| 127 | + if (!empty($this->state)) { |
|
| 128 | 128 | $uri = Uri::withQueryValue($uri, 'state', $this->state); |
| 129 | 129 | } |
| 130 | 130 | $uri = Uri::withQueryValue($uri, 'error', $e->getError()); |
| 131 | - if($e->getErrorDescription()) { |
|
| 131 | + if ($e->getErrorDescription()) { |
|
| 132 | 132 | $uri = Uri::withQueryValue($uri, 'error_description', $e->getErrorDescription()); |
| 133 | 133 | } |
| 134 | - if($e->getErrorUri()) { |
|
| 134 | + if ($e->getErrorUri()) { |
|
| 135 | 135 | $uri = Uri::withQueryValue($uri, 'error_uri', $e->getErrorUri()); |
| 136 | 136 | } |
| 137 | 137 | return new Response(302, ['Location' => $uri]); |
@@ -173,7 +173,7 @@ discard block |
||
| 173 | 173 | |
| 174 | 174 | $supportedResponseTypes = $this->client->getMetadata()->getResponseTypes() ?: ['code']; |
| 175 | 175 | foreach (explode(' ', $requestData['response_type']) as $responseType) { |
| 176 | - if(!in_array($responseType, $supportedResponseTypes)) { |
|
| 176 | + if (!in_array($responseType, $supportedResponseTypes)) { |
|
| 177 | 177 | throw new OAuthException('unsupported_response_type', |
| 178 | 178 | 'The authorization server does not support obtaining an authorization code using this method.', |
| 179 | 179 | 'https://tools.ietf.org/html/rfc6749#section-4.1'); |
@@ -209,12 +209,10 @@ discard block |
||
| 209 | 209 | throw new OAuthException('invalid_request', 'The request includes the invalid parameter redirect_uri.', |
| 210 | 210 | 'https://tools.ietf.org/html/rfc6749#section-4.1'); |
| 211 | 211 | } |
| 212 | - } |
|
| 213 | - else { |
|
| 212 | + } else { |
|
| 214 | 213 | if (count($redirectUris) == 1) { |
| 215 | 214 | $redirectUri = $redirectUris[0]; |
| 216 | - } |
|
| 217 | - else { |
|
| 215 | + } else { |
|
| 218 | 216 | throw new OAuthException('invalid_request', 'The request is missing the required parameter redirect_uri.', |
| 219 | 217 | 'https://tools.ietf.org/html/rfc6749#section-4.1'); |
| 220 | 218 | } |
@@ -222,8 +220,7 @@ discard block |
||
| 222 | 220 | try { |
| 223 | 221 | |
| 224 | 222 | $this->redirectUri = new Uri($redirectUri); |
| 225 | - } |
|
| 226 | - catch (\InvalidArgumentException $e) { |
|
| 223 | + } catch (\InvalidArgumentException $e) { |
|
| 227 | 224 | throw new OAuthException('invalid_request', 'The request includes the malformed parameter redirect_uri.', |
| 228 | 225 | 'https://tools.ietf.org/html/rfc6749#section-4.1'); |
| 229 | 226 | } |
