php-guard /
oauth-server
@@ -40,7 +40,7 @@ discard block |
||
| 40 | 40 | public function __construct(array $config = []) |
| 41 | 41 | { |
| 42 | 42 | if (array_diff(self::MINIMAL_CONFIG, array_keys($config))) { |
| 43 | - throw new \Exception('Missing minimal configuration. Required : ' . implode(', ', self::MINIMAL_CONFIG)); |
|
| 43 | + throw new \Exception('Missing minimal configuration. Required : '.implode(', ', self::MINIMAL_CONFIG)); |
|
| 44 | 44 | } |
| 45 | 45 | |
| 46 | 46 | $this->config = array_merge(self::DEFAULT_CONFIG, $config); |
@@ -52,7 +52,7 @@ discard block |
||
| 52 | 52 | * @throws \Exception |
| 53 | 53 | */ |
| 54 | 54 | public function getConfig(string $name) { |
| 55 | - if(!array_key_exists($name, $this->config)) { |
|
| 55 | + if (!array_key_exists($name, $this->config)) { |
|
| 56 | 56 | throw new \Exception("Unknown config '$name' in ".implode(', ', array_keys($this->config))); |
| 57 | 57 | } |
| 58 | 58 | return $this->config[$name]; |
@@ -34,10 +34,10 @@ discard block |
||
| 34 | 34 | public function __construct(array $storages) |
| 35 | 35 | { |
| 36 | 36 | foreach (static::STORAGES_INTERFACES as $name => $interface) { |
| 37 | - if(!isset($storages[$name])) { |
|
| 37 | + if (!isset($storages[$name])) { |
|
| 38 | 38 | throw new \Exception("Missing storage '$name'"); |
| 39 | 39 | } |
| 40 | - if(!is_a($storages[$name], $interface)) { |
|
| 40 | + if (!is_a($storages[$name], $interface)) { |
|
| 41 | 41 | throw new \Exception("Storage '$name' must implement '$interface'"); |
| 42 | 42 | } |
| 43 | 43 | $this->storages[$name] = $storages[$name]; |
@@ -50,7 +50,7 @@ discard block |
||
| 50 | 50 | * @throws \Exception |
| 51 | 51 | */ |
| 52 | 52 | public function getStorage(string $name) { |
| 53 | - if(!isset($this->storages[$name])) { |
|
| 53 | + if (!isset($this->storages[$name])) { |
|
| 54 | 54 | throw new \Exception("Unknown storage '$name'"); |
| 55 | 55 | } |
| 56 | 56 | return $this->storages[$name]; |
@@ -29,7 +29,7 @@ |
||
| 29 | 29 | */ |
| 30 | 30 | public function __construct(array $authenticators) |
| 31 | 31 | { |
| 32 | - if(!isset($authenticators[ClientPasswordAuthenticator::class])) { |
|
| 32 | + if (!isset($authenticators[ClientPasswordAuthenticator::class])) { |
|
| 33 | 33 | throw new \Exception('Authorization server MUST support the HTTP Basic authentication scheme'); |
| 34 | 34 | } |
| 35 | 35 | $this->authenticators = $authenticators; |
@@ -212,7 +212,7 @@ |
||
| 212 | 212 | } |
| 213 | 213 | else { |
| 214 | 214 | if (count($redirectUris) == 1) { |
| 215 | - $redirectUri = $redirectUris[0]; |
|
| 215 | + $redirectUri = $redirectUris[0]; |
|
| 216 | 216 | } |
| 217 | 217 | else { |
| 218 | 218 | throw new OAuthException('invalid_request', 'The request is missing the required parameter redirect_uri.', |
@@ -85,10 +85,10 @@ discard block |
||
| 85 | 85 | |
| 86 | 86 | function handleRequest(ServerRequestInterface $request): ResponseInterface |
| 87 | 87 | { |
| 88 | - if($request->getMethod() === 'GET') { |
|
| 88 | + if ($request->getMethod() === 'GET') { |
|
| 89 | 89 | $requestData = $request->getQueryParams(); |
| 90 | 90 | } |
| 91 | - else if($request->getMethod() === 'POST') { |
|
| 91 | + else if ($request->getMethod() === 'POST') { |
|
| 92 | 92 | $requestData = $request->getParsedBody(); |
| 93 | 93 | } |
| 94 | 94 | else { |
@@ -132,15 +132,15 @@ discard block |
||
| 132 | 132 | $responseData = [ |
| 133 | 133 | 'error' => $e->getError() |
| 134 | 134 | ]; |
| 135 | - if($e->getErrorDescription()) { |
|
| 135 | + if ($e->getErrorDescription()) { |
|
| 136 | 136 | $responseData['error_description'] = $e->getErrorDescription(); |
| 137 | 137 | } |
| 138 | - if($e->getErrorUri()) { |
|
| 138 | + if ($e->getErrorUri()) { |
|
| 139 | 139 | $responseData['error_uri'] = $e->getErrorUri(); |
| 140 | 140 | } |
| 141 | 141 | } |
| 142 | 142 | |
| 143 | - if(!empty($this->state)) { |
|
| 143 | + if (!empty($this->state)) { |
|
| 144 | 144 | $responseData['state'] = $this->state; |
| 145 | 145 | } |
| 146 | 146 | |
@@ -179,7 +179,7 @@ discard block |
||
| 179 | 179 | |
| 180 | 180 | $supportedResponseTypes = $this->client->getMetadata()->getResponseTypes() ?: ['code']; |
| 181 | 181 | foreach (explode(' ', $requestData['response_type']) as $responseType) { |
| 182 | - if(!in_array($responseType, $supportedResponseTypes)) { |
|
| 182 | + if (!in_array($responseType, $supportedResponseTypes)) { |
|
| 183 | 183 | throw new OAuthException('unsupported_response_type', |
| 184 | 184 | 'The authorization server does not support obtaining an authorization code using this method.', |
| 185 | 185 | 'https://tools.ietf.org/html/rfc6749#section-4.1'); |
@@ -227,7 +227,7 @@ discard block |
||
| 227 | 227 | } |
| 228 | 228 | try { |
| 229 | 229 | $redirectUri = new Uri($redirectUri); |
| 230 | - if($redirectUri->getFragment()) { |
|
| 230 | + if ($redirectUri->getFragment()) { |
|
| 231 | 231 | throw new \InvalidArgumentException('The endpoint URI must not include a fragment component.'); |
| 232 | 232 | } |
| 233 | 233 | $this->redirectUri = $redirectUri; |
@@ -87,11 +87,9 @@ discard block |
||
| 87 | 87 | { |
| 88 | 88 | if($request->getMethod() === 'GET') { |
| 89 | 89 | $requestData = $request->getQueryParams(); |
| 90 | - } |
|
| 91 | - else if($request->getMethod() === 'POST') { |
|
| 90 | + } else if($request->getMethod() === 'POST') { |
|
| 92 | 91 | $requestData = $request->getParsedBody(); |
| 93 | - } |
|
| 94 | - else { |
|
| 92 | + } else { |
|
| 95 | 93 | return new Response(404); |
| 96 | 94 | } |
| 97 | 95 | |
@@ -215,12 +213,10 @@ discard block |
||
| 215 | 213 | throw new OAuthException('invalid_request', 'The request includes the invalid parameter redirect_uri.', |
| 216 | 214 | 'https://tools.ietf.org/html/rfc6749#section-4.1'); |
| 217 | 215 | } |
| 218 | - } |
|
| 219 | - else { |
|
| 216 | + } else { |
|
| 220 | 217 | if (count($redirectUris) == 1) { |
| 221 | 218 | $redirectUri = $redirectUris[0]; |
| 222 | - } |
|
| 223 | - else { |
|
| 219 | + } else { |
|
| 224 | 220 | throw new OAuthException('invalid_request', 'The request is missing the required parameter redirect_uri.', |
| 225 | 221 | 'https://tools.ietf.org/html/rfc6749#section-4.1'); |
| 226 | 222 | } |
@@ -231,8 +227,7 @@ discard block |
||
| 231 | 227 | throw new \InvalidArgumentException('The endpoint URI must not include a fragment component.'); |
| 232 | 228 | } |
| 233 | 229 | $this->redirectUri = $redirectUri; |
| 234 | - } |
|
| 235 | - catch (\InvalidArgumentException $e) { |
|
| 230 | + } catch (\InvalidArgumentException $e) { |
|
| 236 | 231 | throw new OAuthException('invalid_request', 'The request includes the malformed parameter redirect_uri. '.$e->getMessage(), |
| 237 | 232 | 'https://tools.ietf.org/html/rfc6749#section-4.1'); |
| 238 | 233 | } |
@@ -49,7 +49,7 @@ discard block |
||
| 49 | 49 | */ |
| 50 | 50 | public function verifyScopes(ClientInterface $client, array $scopes): void |
| 51 | 51 | { |
| 52 | - if(empty($scopes)) { |
|
| 52 | + if (empty($scopes)) { |
|
| 53 | 53 | throw new OAuthException('invalid_scope', |
| 54 | 54 | 'The request scope is unknown.', |
| 55 | 55 | 'https://tools.ietf.org/html/rfc6749#section-4.1'); |
@@ -57,7 +57,7 @@ discard block |
||
| 57 | 57 | |
| 58 | 58 | if ($client instanceof RegisteredClient && is_array($client->getMetadata()->getScope())) { |
| 59 | 59 | $supportedScopes = explode(' ', $client->getMetadata()->getScope()); |
| 60 | - if(!empty(array_diff($scopes, $supportedScopes))) { |
|
| 60 | + if (!empty(array_diff($scopes, $supportedScopes))) { |
|
| 61 | 61 | throw new OAuthException('invalid_scope', |
| 62 | 62 | 'The request scope is invalid. Supported scopes : '.$client->getMetadata()->getScope(), |
| 63 | 63 | 'https://tools.ietf.org/html/rfc6749#section-4.1'); |
@@ -47,7 +47,7 @@ |
||
| 47 | 47 | */ |
| 48 | 48 | $scope = $requestData['scope'] ?? ''; |
| 49 | 49 | $scopes = explode(' ', $scope); |
| 50 | - if(!in_array('openid', $scopes)) { |
|
| 50 | + if (!in_array('openid', $scopes)) { |
|
| 51 | 51 | return parent::handleRequest($request); |
| 52 | 52 | } |
| 53 | 53 | |
@@ -121,8 +121,7 @@ |
||
| 121 | 121 | * specified in the Authorization Request using the application/x-www-form-urlencoded format, |
| 122 | 122 | * unless a different Response Mode was specified. |
| 123 | 123 | */ |
| 124 | - } |
|
| 125 | - catch (OAuthException $e) { |
|
| 124 | + } catch (OAuthException $e) { |
|
| 126 | 125 | /** |
| 127 | 126 | * If the Authorization Server encounters any error, it MUST return an error response, per Section 3.1.2.6. |
| 128 | 127 | */ |
@@ -24,7 +24,7 @@ |
||
| 24 | 24 | int $expiresAt, ?string $requestedScope = null, ?string $redirectUri = null, |
| 25 | 25 | ?string $codeChallenge = null, ?string $codeChallengeMethod = null) |
| 26 | 26 | { |
| 27 | - parent::__construct($code, $scope, $clientIdentifier, $resourceOwnerIdentifier, $expiresAt, $requestedScope, $redirectUri); |
|
| 27 | + parent::__construct($code, $scope, $clientIdentifier, $resourceOwnerIdentifier, $expiresAt, $requestedScope, $redirectUri); |
|
| 28 | 28 | $this->codeChallenge = $codeChallenge; |
| 29 | 29 | $this->codeChallengeMethod = $codeChallengeMethod; |
| 30 | 30 | } |
@@ -88,9 +88,9 @@ |
||
| 88 | 88 | */ |
| 89 | 89 | $status = 400; |
| 90 | 90 | $headers = ['Content-Type' => 'application/json']; |
| 91 | - if($e->getError() === 'invalid_client') { |
|
| 91 | + if ($e->getError() === 'invalid_client') { |
|
| 92 | 92 | $status = 401; |
| 93 | - if($request->hasHeader('Authorization')) { |
|
| 93 | + if ($request->hasHeader('Authorization')) { |
|
| 94 | 94 | $headers['WWW-Authenticate'] = 'Basic'; |
| 95 | 95 | } |
| 96 | 96 | } |
@@ -57,8 +57,8 @@ discard block |
||
| 57 | 57 | $clientAuthenticationMethodUsed = null; |
| 58 | 58 | $authenticated = false; |
| 59 | 59 | foreach ($this->clientAuthenticationMethods as $identifier => $clientAuthenticationMethod) { |
| 60 | - if($clientAuthenticationMethod->support($request, $requestData)) { |
|
| 61 | - if($clientAuthenticationMethodUsedIdentifier) { |
|
| 60 | + if ($clientAuthenticationMethod->support($request, $requestData)) { |
|
| 61 | + if ($clientAuthenticationMethodUsedIdentifier) { |
|
| 62 | 62 | throw new OAuthException('invalid_request', |
| 63 | 63 | 'The request utilizes more than one mechanism for authenticating the client.', |
| 64 | 64 | 'https://tools.ietf.org/html/rfc6749#section-3.2.1'); |
@@ -68,8 +68,8 @@ discard block |
||
| 68 | 68 | } |
| 69 | 69 | } |
| 70 | 70 | |
| 71 | - if($clientAuthenticationMethodUsed) { |
|
| 72 | - if(!$client = $clientAuthenticationMethod->authenticate($request, $requestData)) { |
|
| 71 | + if ($clientAuthenticationMethodUsed) { |
|
| 72 | + if (!$client = $clientAuthenticationMethod->authenticate($request, $requestData)) { |
|
| 73 | 73 | throw new OAuthException('invalid_client', |
| 74 | 74 | 'Client authentication failed. Unknown client.', |
| 75 | 75 | 'https://tools.ietf.org/html/rfc6749#section-3.2.1'); |
@@ -85,7 +85,7 @@ discard block |
||
| 85 | 85 | 'https://tools.ietf.org/html/rfc6749#section-4.1'); |
| 86 | 86 | } |
| 87 | 87 | |
| 88 | - if($client->hasCredentials()) { |
|
| 88 | + if ($client->hasCredentials()) { |
|
| 89 | 89 | if (!$authenticated) { |
| 90 | 90 | throw new OAuthException('invalid_client', 'Client authentication failed. No client authentication included', |
| 91 | 91 | 'https://tools.ietf.org/html/rfc6749#section-3.2.1'); |
@@ -96,7 +96,7 @@ discard block |
||
| 96 | 96 | } |
| 97 | 97 | |
| 98 | 98 | $tokenEndpointAuthMethod = $client->getMetadata()->getTokenEndpointAuthMethod() ?: 'client_secret_basic'; |
| 99 | - if($tokenEndpointAuthMethod !== $clientAuthenticationMethodUsedIdentifier) { |
|
| 99 | + if ($tokenEndpointAuthMethod !== $clientAuthenticationMethodUsedIdentifier) { |
|
| 100 | 100 | throw new OAuthException('invalid_client', |
| 101 | 101 | 'Client authentication failed. Unsupported authentication method.', |
| 102 | 102 | 'https://tools.ietf.org/html/rfc6749#section-3.2.1'); |
