redCOMPONENT-COM / redCORE

extensions/libraries/redcore/api/oauth2/OpenID/GrantType/AuthorizationCode.php

Indentation +16 added lines, -16 removed lines

@@ -11,23 +11,23 @@
  */
 class AuthorizationCode extends BaseAuthorizationCode
 {
-    public function createAccessToken(AccessTokenInterface $accessToken, $client_id, $user_id, $scope)
-    {
-        $includeRefreshToken = true;
-        if (isset($this->authCode['id_token'])) {
-            // OpenID Connect requests include the refresh token only if the
-            // offline_access scope has been requested and granted.
-            $scopes = explode(' ', trim($scope));
-            $includeRefreshToken = in_array('offline_access', $scopes);
-        }
+	public function createAccessToken(AccessTokenInterface $accessToken, $client_id, $user_id, $scope)
+	{
+		$includeRefreshToken = true;
+		if (isset($this->authCode['id_token'])) {
+			// OpenID Connect requests include the refresh token only if the
+			// offline_access scope has been requested and granted.
+			$scopes = explode(' ', trim($scope));
+			$includeRefreshToken = in_array('offline_access', $scopes);
+		}
 
-        $token = $accessToken->createAccessToken($client_id, $user_id, $scope, $includeRefreshToken);
-        if (isset($this->authCode['id_token'])) {
-            $token['id_token'] = $this->authCode['id_token'];
-        }
+		$token = $accessToken->createAccessToken($client_id, $user_id, $scope, $includeRefreshToken);
+		if (isset($this->authCode['id_token'])) {
+			$token['id_token'] = $this->authCode['id_token'];
+		}
 
-        $this->storage->expireAuthorizationCode($this->authCode['code']);
+		$this->storage->expireAuthorizationCode($this->authCode['code']);
 
-        return $token;
-    }
+		return $token;
+	}
 }

extensions/libraries/redcore/api/oauth2/OpenID/Controller/AuthorizeControllerInterface.php

Indentation +3 added lines, -3 removed lines

@@ -4,7 +4,7 @@
 
 interface AuthorizeControllerInterface
 {
-    const RESPONSE_TYPE_ID_TOKEN = 'id_token';
-    const RESPONSE_TYPE_ID_TOKEN_TOKEN = 'id_token token';
-    const RESPONSE_TYPE_CODE_ID_TOKEN  = 'code id_token';
+	const RESPONSE_TYPE_ID_TOKEN = 'id_token';
+	const RESPONSE_TYPE_ID_TOKEN_TOKEN = 'id_token token';
+	const RESPONSE_TYPE_CODE_ID_TOKEN  = 'code id_token';
 }

extensions/libraries/redcore/api/oauth2/OpenID/Controller/UserInfoController.php

Indentation +39 added lines, -39 removed lines

@@ -16,43 +16,43 @@
  */
 class UserInfoController extends ResourceController implements UserInfoControllerInterface
 {
-    private $token;
-
-    protected $tokenType;
-    protected $tokenStorage;
-    protected $userClaimsStorage;
-    protected $config;
-    protected $scopeUtil;
-
-    public function __construct(TokenTypeInterface $tokenType, AccessTokenInterface $tokenStorage, UserClaimsInterface $userClaimsStorage, $config = array(), ScopeInterface $scopeUtil = null)
-    {
-        $this->tokenType = $tokenType;
-        $this->tokenStorage = $tokenStorage;
-        $this->userClaimsStorage = $userClaimsStorage;
-
-        $this->config = array_merge(array(
-            'www_realm' => 'Service',
-        ), $config);
-
-        if (is_null($scopeUtil)) {
-            $scopeUtil = new Scope();
-        }
-        $this->scopeUtil = $scopeUtil;
-    }
-
-    public function handleUserInfoRequest(RequestInterface $request, ResponseInterface $response)
-    {
-        if (!$this->verifyResourceRequest($request, $response, 'openid')) {
-            return;
-        }
-
-        $token = $this->getToken();
-        $claims = $this->userClaimsStorage->getUserClaims($token['user_id'], $token['scope']);
-        // The sub Claim MUST always be returned in the UserInfo Response.
-        // http://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse
-        $claims += array(
-            'sub' => $token['user_id'],
-        );
-        $response->addParameters($claims);
-    }
+	private $token;
+
+	protected $tokenType;
+	protected $tokenStorage;
+	protected $userClaimsStorage;
+	protected $config;
+	protected $scopeUtil;
+
+	public function __construct(TokenTypeInterface $tokenType, AccessTokenInterface $tokenStorage, UserClaimsInterface $userClaimsStorage, $config = array(), ScopeInterface $scopeUtil = null)
+	{
+		$this->tokenType = $tokenType;
+		$this->tokenStorage = $tokenStorage;
+		$this->userClaimsStorage = $userClaimsStorage;
+
+		$this->config = array_merge(array(
+			'www_realm' => 'Service',
+		), $config);
+
+		if (is_null($scopeUtil)) {
+			$scopeUtil = new Scope();
+		}
+		$this->scopeUtil = $scopeUtil;
+	}
+
+	public function handleUserInfoRequest(RequestInterface $request, ResponseInterface $response)
+	{
+		if (!$this->verifyResourceRequest($request, $response, 'openid')) {
+			return;
+		}
+
+		$token = $this->getToken();
+		$claims = $this->userClaimsStorage->getUserClaims($token['user_id'], $token['scope']);
+		// The sub Claim MUST always be returned in the UserInfo Response.
+		// http://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse
+		$claims += array(
+			'sub' => $token['user_id'],
+		);
+		$response->addParameters($claims);
+	}
 }

extensions/libraries/redcore/api/oauth2/OpenID/Controller/AuthorizeController.php

Indentation +92 added lines, -92 removed lines

@@ -11,96 +11,96 @@
  */
 class AuthorizeController extends BaseAuthorizeController implements AuthorizeControllerInterface
 {
-    private $nonce;
-
-    protected function setNotAuthorizedResponse(RequestInterface $request, ResponseInterface $response, $redirect_uri, $user_id = null)
-    {
-        $prompt = $request->query('prompt', 'consent');
-        if ($prompt == 'none') {
-            if (is_null($user_id)) {
-                $error = 'login_required';
-                $error_message = 'The user must log in';
-            } else {
-                $error = 'interaction_required';
-                $error_message = 'The user must grant access to your application';
-            }
-        } else {
-            $error = 'consent_required';
-            $error_message = 'The user denied access to your application';
-        }
-
-        $response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $this->getState(), $error, $error_message);
-    }
-
-    protected function buildAuthorizeParameters($request, $response, $user_id)
-    {
-        if (!$params = parent::buildAuthorizeParameters($request, $response, $user_id)) {
-            return;
-        }
-
-        // Generate an id token if needed.
-        if ($this->needsIdToken($this->getScope()) && $this->getResponseType() == self::RESPONSE_TYPE_AUTHORIZATION_CODE) {
-            $params['id_token'] = $this->responseTypes['id_token']->createIdToken($this->getClientId(), $user_id, $this->nonce);
-        }
-
-        // add the nonce to return with the redirect URI
-        $params['nonce'] = $this->nonce;
-
-        return $params;
-    }
-
-    public function validateAuthorizeRequest(RequestInterface $request, ResponseInterface $response)
-    {
-        if (!parent::validateAuthorizeRequest($request, $response)) {
-            return false;
-        }
-
-        $nonce = $request->query('nonce');
-
-        // Validate required nonce for "id_token" and "id_token token"
-        if (!$nonce && in_array($this->getResponseType(), array(self::RESPONSE_TYPE_ID_TOKEN, self::RESPONSE_TYPE_ID_TOKEN_TOKEN))) {
-            $response->setError(400, 'invalid_nonce', 'This application requires you specify a nonce parameter');
-
-            return false;
-        }
-
-        $this->nonce = $nonce;
-
-        return true;
-    }
-
-    protected function getValidResponseTypes()
-    {
-        return array(
-            self::RESPONSE_TYPE_ACCESS_TOKEN,
-            self::RESPONSE_TYPE_AUTHORIZATION_CODE,
-            self::RESPONSE_TYPE_ID_TOKEN,
-            self::RESPONSE_TYPE_ID_TOKEN_TOKEN,
-            self::RESPONSE_TYPE_CODE_ID_TOKEN,
-        );
-    }
-
-    /**
-     * Returns whether the current request needs to generate an id token.
-     *
-     * ID Tokens are a part of the OpenID Connect specification, so this
-     * method checks whether OpenID Connect is enabled in the server settings
-     * and whether the openid scope was requested.
-     *
-     * @param $request_scope
-     *  A space-separated string of scopes.
-     *
-     * @return
-     *   TRUE if an id token is needed, FALSE otherwise.
-     */
-    public function needsIdToken($request_scope)
-    {
-        // see if the "openid" scope exists in the requested scope
-        return $this->scopeUtil->checkScope('openid', $request_scope);
-    }
-
-    public function getNonce()
-    {
-        return $this->nonce;
-    }
+	private $nonce;
+
+	protected function setNotAuthorizedResponse(RequestInterface $request, ResponseInterface $response, $redirect_uri, $user_id = null)
+	{
+		$prompt = $request->query('prompt', 'consent');
+		if ($prompt == 'none') {
+			if (is_null($user_id)) {
+				$error = 'login_required';
+				$error_message = 'The user must log in';
+			} else {
+				$error = 'interaction_required';
+				$error_message = 'The user must grant access to your application';
+			}
+		} else {
+			$error = 'consent_required';
+			$error_message = 'The user denied access to your application';
+		}
+
+		$response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $this->getState(), $error, $error_message);
+	}
+
+	protected function buildAuthorizeParameters($request, $response, $user_id)
+	{
+		if (!$params = parent::buildAuthorizeParameters($request, $response, $user_id)) {
+			return;
+		}
+
+		// Generate an id token if needed.
+		if ($this->needsIdToken($this->getScope()) && $this->getResponseType() == self::RESPONSE_TYPE_AUTHORIZATION_CODE) {
+			$params['id_token'] = $this->responseTypes['id_token']->createIdToken($this->getClientId(), $user_id, $this->nonce);
+		}
+
+		// add the nonce to return with the redirect URI
+		$params['nonce'] = $this->nonce;
+
+		return $params;
+	}
+
+	public function validateAuthorizeRequest(RequestInterface $request, ResponseInterface $response)
+	{
+		if (!parent::validateAuthorizeRequest($request, $response)) {
+			return false;
+		}
+
+		$nonce = $request->query('nonce');
+
+		// Validate required nonce for "id_token" and "id_token token"
+		if (!$nonce && in_array($this->getResponseType(), array(self::RESPONSE_TYPE_ID_TOKEN, self::RESPONSE_TYPE_ID_TOKEN_TOKEN))) {
+			$response->setError(400, 'invalid_nonce', 'This application requires you specify a nonce parameter');
+
+			return false;
+		}
+
+		$this->nonce = $nonce;
+
+		return true;
+	}
+
+	protected function getValidResponseTypes()
+	{
+		return array(
+			self::RESPONSE_TYPE_ACCESS_TOKEN,
+			self::RESPONSE_TYPE_AUTHORIZATION_CODE,
+			self::RESPONSE_TYPE_ID_TOKEN,
+			self::RESPONSE_TYPE_ID_TOKEN_TOKEN,
+			self::RESPONSE_TYPE_CODE_ID_TOKEN,
+		);
+	}
+
+	/**
+	 * Returns whether the current request needs to generate an id token.
+	 *
+	 * ID Tokens are a part of the OpenID Connect specification, so this
+	 * method checks whether OpenID Connect is enabled in the server settings
+	 * and whether the openid scope was requested.
+	 *
+	 * @param $request_scope
+	 *  A space-separated string of scopes.
+	 *
+	 * @return
+	 *   TRUE if an id token is needed, FALSE otherwise.
+	 */
+	public function needsIdToken($request_scope)
+	{
+		// see if the "openid" scope exists in the requested scope
+		return $this->scopeUtil->checkScope('openid', $request_scope);
+	}
+
+	public function getNonce()
+	{
+		return $this->nonce;
+	}
 }

extensions/libraries/redcore/api/oauth2/OpenID/Controller/UserInfoControllerInterface.php

Indentation +1 added lines, -1 removed lines

@@ -19,5 +19,5 @@
  */
 interface UserInfoControllerInterface
 {
-    public function handleUserInfoRequest(RequestInterface $request, ResponseInterface $response);
+	public function handleUserInfoRequest(RequestInterface $request, ResponseInterface $response);
 }

extensions/libraries/redcore/api/oauth2/OpenID/Storage/UserClaimsInterface.php

Indentation +25 added lines, -25 removed lines

@@ -8,31 +8,31 @@
  */
 interface UserClaimsInterface
 {
-    // valid scope values to pass into the user claims API call
-    const VALID_CLAIMS = 'profile email address phone';
+	// valid scope values to pass into the user claims API call
+	const VALID_CLAIMS = 'profile email address phone';
 
-    // fields returned for the claims above
-    const PROFILE_CLAIM_VALUES  = 'name family_name given_name middle_name nickname preferred_username profile picture website gender birthdate zoneinfo locale updated_at';
-    const EMAIL_CLAIM_VALUES    = 'email email_verified';
-    const ADDRESS_CLAIM_VALUES  = 'formatted street_address locality region postal_code country';
-    const PHONE_CLAIM_VALUES    = 'phone_number phone_number_verified';
+	// fields returned for the claims above
+	const PROFILE_CLAIM_VALUES  = 'name family_name given_name middle_name nickname preferred_username profile picture website gender birthdate zoneinfo locale updated_at';
+	const EMAIL_CLAIM_VALUES    = 'email email_verified';
+	const ADDRESS_CLAIM_VALUES  = 'formatted street_address locality region postal_code country';
+	const PHONE_CLAIM_VALUES    = 'phone_number phone_number_verified';
 
-    /**
-     * Return claims about the provided user id.
-     *
-     * Groups of claims are returned based on the requested scopes. No group
-     * is required, and no claim is required.
-     *
-     * @param $user_id
-     * The id of the user for which claims should be returned.
-     * @param $scope
-     * The requested scope.
-     * Scopes with matching claims: profile, email, address, phone.
-     *
-     * @return
-     * An array in the claim => value format.
-     *
-     * @see http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims
-     */
-    public function getUserClaims($user_id, $scope);
+	/**
+	 * Return claims about the provided user id.
+	 *
+	 * Groups of claims are returned based on the requested scopes. No group
+	 * is required, and no claim is required.
+	 *
+	 * @param $user_id
+	 * The id of the user for which claims should be returned.
+	 * @param $scope
+	 * The requested scope.
+	 * Scopes with matching claims: profile, email, address, phone.
+	 *
+	 * @return
+	 * An array in the claim => value format.
+	 *
+	 * @see http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims
+	 */
+	public function getUserClaims($user_id, $scope);
 }

extensions/libraries/redcore/api/oauth2/OpenID/Storage/AuthorizationCodeInterface.php

Indentation +22 added lines, -22 removed lines

@@ -12,26 +12,26 @@
  */
 interface AuthorizationCodeInterface extends BaseAuthorizationCodeInterface
 {
-    /**
-     * Take the provided authorization code values and store them somewhere.
-     *
-     * This function should be the storage counterpart to getAuthCode().
-     *
-     * If storage fails for some reason, we're not currently checking for
-     * any sort of success/failure, so you should bail out of the script
-     * and provide a descriptive fail message.
-     *
-     * Required for OAuth2::GRANT_TYPE_AUTH_CODE.
-     *
-     * @param $code                authorization code to be stored.
-     * @param $client_id           client identifier to be stored.
-     * @param $user_id             user identifier to be stored.
-     * @param string $redirect_uri redirect URI(s) to be stored in a space-separated string.
-     * @param int    $expires      expiration to be stored as a Unix timestamp.
-     * @param string $scope        OPTIONAL scopes to be stored in space-separated string.
-     * @param string $id_token     OPTIONAL the OpenID Connect id_token.
-     *
-     * @ingroup oauth2_section_4
-     */
-    public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null);
+	/**
+	 * Take the provided authorization code values and store them somewhere.
+	 *
+	 * This function should be the storage counterpart to getAuthCode().
+	 *
+	 * If storage fails for some reason, we're not currently checking for
+	 * any sort of success/failure, so you should bail out of the script
+	 * and provide a descriptive fail message.
+	 *
+	 * Required for OAuth2::GRANT_TYPE_AUTH_CODE.
+	 *
+	 * @param $code                authorization code to be stored.
+	 * @param $client_id           client identifier to be stored.
+	 * @param $user_id             user identifier to be stored.
+	 * @param string $redirect_uri redirect URI(s) to be stored in a space-separated string.
+	 * @param int    $expires      expiration to be stored as a Unix timestamp.
+	 * @param string $scope        OPTIONAL scopes to be stored in space-separated string.
+	 * @param string $id_token     OPTIONAL the OpenID Connect id_token.
+	 *
+	 * @ingroup oauth2_section_4
+	 */
+	public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null);
 }

extensions/libraries/redcore/api/oauth2/OpenID/ResponseType/AuthorizationCode.php

Indentation +46 added lines, -46 removed lines

@@ -11,50 +11,50 @@
  */
 class AuthorizationCode extends BaseAuthorizationCode implements AuthorizationCodeInterface
 {
-    public function __construct(AuthorizationCodeStorageInterface $storage, array $config = array())
-    {
-        parent::__construct($storage, $config);
-    }
-
-    public function getAuthorizeResponse($params, $user_id = null)
-    {
-        // build the URL to redirect to
-        $result = array('query' => array());
-
-        $params += array('scope' => null, 'state' => null, 'id_token' => null);
-
-        $result['query']['code'] = $this->createAuthorizationCode($params['client_id'], $user_id, $params['redirect_uri'], $params['scope'], $params['id_token']);
-
-        if (isset($params['state'])) {
-            $result['query']['state'] = $params['state'];
-        }
-
-        return array($params['redirect_uri'], $result);
-    }
-
-    /**
-     * Handle the creation of the authorization code.
-     *
-     * @param $client_id
-     * Client identifier related to the authorization code
-     * @param $user_id
-     * User ID associated with the authorization code
-     * @param $redirect_uri
-     * An absolute URI to which the authorization server will redirect the
-     * user-agent to when the end-user authorization step is completed.
-     * @param $scope
-     * (optional) Scopes to be stored in space-separated string.
-     * @param $id_token
-     * (optional) The OpenID Connect id_token.
-     *
-     * @see http://tools.ietf.org/html/rfc6749#section-4
-     * @ingroup oauth2_section_4
-     */
-    public function createAuthorizationCode($client_id, $user_id, $redirect_uri, $scope = null, $id_token = null)
-    {
-        $code = $this->generateAuthorizationCode();
-        $this->storage->setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, time() + $this->config['auth_code_lifetime'], $scope, $id_token);
-
-        return $code;
-    }
+	public function __construct(AuthorizationCodeStorageInterface $storage, array $config = array())
+	{
+		parent::__construct($storage, $config);
+	}
+
+	public function getAuthorizeResponse($params, $user_id = null)
+	{
+		// build the URL to redirect to
+		$result = array('query' => array());
+
+		$params += array('scope' => null, 'state' => null, 'id_token' => null);
+
+		$result['query']['code'] = $this->createAuthorizationCode($params['client_id'], $user_id, $params['redirect_uri'], $params['scope'], $params['id_token']);
+
+		if (isset($params['state'])) {
+			$result['query']['state'] = $params['state'];
+		}
+
+		return array($params['redirect_uri'], $result);
+	}
+
+	/**
+	 * Handle the creation of the authorization code.
+	 *
+	 * @param $client_id
+	 * Client identifier related to the authorization code
+	 * @param $user_id
+	 * User ID associated with the authorization code
+	 * @param $redirect_uri
+	 * An absolute URI to which the authorization server will redirect the
+	 * user-agent to when the end-user authorization step is completed.
+	 * @param $scope
+	 * (optional) Scopes to be stored in space-separated string.
+	 * @param $id_token
+	 * (optional) The OpenID Connect id_token.
+	 *
+	 * @see http://tools.ietf.org/html/rfc6749#section-4
+	 * @ingroup oauth2_section_4
+	 */
+	public function createAuthorizationCode($client_id, $user_id, $redirect_uri, $scope = null, $id_token = null)
+	{
+		$code = $this->generateAuthorizationCode();
+		$this->storage->setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, time() + $this->config['auth_code_lifetime'], $scope, $id_token);
+
+		return $code;
+	}
 }

extensions/libraries/redcore/api/oauth2/OpenID/ResponseType/IdTokenInterface.php

Indentation +20 added lines, -20 removed lines

@@ -6,24 +6,24 @@
 
 interface IdTokenInterface extends ResponseTypeInterface
 {
-    /**
-     * Create the id token.
-     *
-     * If Authorization Code Flow is used, the id_token is generated when the
-     * authorization code is issued, and later returned from the token endpoint
-     * together with the access_token.
-     * If the Implicit Flow is used, the token and id_token are generated and
-     * returned together.
-     *
-     * @param string $client_id    The client id.
-     * @param string $user_id      The user id.
-     * @param string $nonce        OPTIONAL The nonce.
-     * @param string $userClaims   OPTIONAL Claims about the user.
-     * @param string $access_token OPTIONAL The access token, if known.
-     *
-     * @return string The ID Token represented as a JSON Web Token (JWT).
-     *
-     * @see http://openid.net/specs/openid-connect-core-1_0.html#IDToken
-     */
-    public function createIdToken($client_id, $userInfo, $nonce = null, $userClaims = null, $access_token = null);
+	/**
+	 * Create the id token.
+	 *
+	 * If Authorization Code Flow is used, the id_token is generated when the
+	 * authorization code is issued, and later returned from the token endpoint
+	 * together with the access_token.
+	 * If the Implicit Flow is used, the token and id_token are generated and
+	 * returned together.
+	 *
+	 * @param string $client_id    The client id.
+	 * @param string $user_id      The user id.
+	 * @param string $nonce        OPTIONAL The nonce.
+	 * @param string $userClaims   OPTIONAL Claims about the user.
+	 * @param string $access_token OPTIONAL The access token, if known.
+	 *
+	 * @return string The ID Token represented as a JSON Web Token (JWT).
+	 *
+	 * @see http://openid.net/specs/openid-connect-core-1_0.html#IDToken
+	 */
+	public function createIdToken($client_id, $userInfo, $nonce = null, $userClaims = null, $access_token = null);
 }