composer update oauth2 server

author: Mario <mario@mariovavti.com> 2023-10-05 11:33:28 +0000
committer: Mario <mario@mariovavti.com> 2023-10-05 11:33:28 +0000
commit: 6920fb2793265e5c9cdcdc8325398b07f216f184 (patch)
tree: bfd9458aa25c602b2e1c63740fa14e1b6002b15e /vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/AuthorizationCode.php
parent: 3d1171de8d72d9c400c76fed6e947fef80fa9804 (diff)
download: volse-hubzilla-6920fb2793265e5c9cdcdc8325398b07f216f184.tar.gz
volse-hubzilla-6920fb2793265e5c9cdcdc8325398b07f216f184.tar.bz2
volse-hubzilla-6920fb2793265e5c9cdcdc8325398b07f216f184.zip
1 files changed, 35 insertions, 0 deletions
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/AuthorizationCode.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/AuthorizationCode.php
index 784f6b3a3..5bcb4f253 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/AuthorizationCode.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/AuthorizationCode.php
@@ -84,6 +84,41 @@ class AuthorizationCode implements GrantTypeInterface
             return false;
         }
 
+        if (isset($authCode['code_challenge']) && $authCode['code_challenge']) {
+            if (!($code_verifier = $request->request('code_verifier'))) {
+                $response->setError(400, 'code_verifier_missing', "The PKCE code verifier parameter is required.");
+
+                return false;
+            }
+            // Validate code_verifier according to RFC-7636
+            // @see: https://tools.ietf.org/html/rfc7636#section-4.1
+            if (preg_match('/^[A-Za-z0-9-._~]{43,128}$/', $code_verifier) !== 1) {
+                $response->setError(400, 'code_verifier_invalid', "The PKCE code verifier parameter is invalid.");
+
+                return false;
+            }
+            $code_verifier = $request->request('code_verifier');
+            switch ($authCode['code_challenge_method']) {
+                case 'S256':
+                    $code_verifier_hashed = strtr(rtrim(base64_encode(hash('sha256', $code_verifier, true)), '='), '+/', '-_');
+                    break;
+
+                case 'plain':
+                    $code_verifier_hashed = $code_verifier;
+                    break;
+
+                default:
+                    $response->setError(400, 'code_challenge_method_invalid', "Unknown PKCE code challenge method.");
+
+                return FALSE;
+            }
+            if ($code_verifier_hashed !== $authCode['code_challenge']) {
+                $response->setError(400, 'code_verifier_mismatch', "The PKCE code verifier parameter does not match the code challenge.");
+
+                return FALSE;
+            }
+        }
+
         if (!isset($authCode['code'])) {
             $authCode['code'] = $code; // used to expire the code after the access token is granted
         }
author	Mario <mario@mariovavti.com>	2023-10-05 11:33:28 +0000
committer	Mario <mario@mariovavti.com>	2023-10-05 11:33:28 +0000
commit	6920fb2793265e5c9cdcdc8325398b07f216f184 (patch)
tree	bfd9458aa25c602b2e1c63740fa14e1b6002b15e /vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/AuthorizationCode.php
parent	3d1171de8d72d9c400c76fed6e947fef80fa9804 (diff)
download	volse-hubzilla-6920fb2793265e5c9cdcdc8325398b07f216f184.tar.gz volse-hubzilla-6920fb2793265e5c9cdcdc8325398b07f216f184.tar.bz2 volse-hubzilla-6920fb2793265e5c9cdcdc8325398b07f216f184.zip