diff options
author | Mario <mario@mariovavti.com> | 2023-10-05 11:33:28 +0000 |
---|---|---|
committer | Mario <mario@mariovavti.com> | 2023-10-05 11:33:28 +0000 |
commit | 6920fb2793265e5c9cdcdc8325398b07f216f184 (patch) | |
tree | bfd9458aa25c602b2e1c63740fa14e1b6002b15e /vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller | |
parent | 3d1171de8d72d9c400c76fed6e947fef80fa9804 (diff) | |
download | volse-hubzilla-6920fb2793265e5c9cdcdc8325398b07f216f184.tar.gz volse-hubzilla-6920fb2793265e5c9cdcdc8325398b07f216f184.tar.bz2 volse-hubzilla-6920fb2793265e5c9cdcdc8325398b07f216f184.zip |
composer update oauth2 server
Diffstat (limited to 'vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller')
-rw-r--r-- | vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeController.php | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeController.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeController.php index 54c5f9a63..52e183bb3 100644 --- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeController.php +++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeController.php @@ -17,6 +17,16 @@ class AuthorizeController extends BaseAuthorizeController implements AuthorizeCo private $nonce; /** + * @var mixed + */ + protected $code_challenge; + + /** + * @var mixed + */ + protected $code_challenge_method; + + /** * Set not authorized response * * @param RequestInterface $request @@ -65,6 +75,10 @@ class AuthorizeController extends BaseAuthorizeController implements AuthorizeCo // add the nonce to return with the redirect URI $params['nonce'] = $this->nonce; + // Add PKCE code challenge. + $params['code_challenge'] = $this->code_challenge; + $params['code_challenge_method'] = $this->code_challenge_method; + return $params; } @@ -90,6 +104,32 @@ class AuthorizeController extends BaseAuthorizeController implements AuthorizeCo $this->nonce = $nonce; + $code_challenge = $request->query('code_challenge'); + $code_challenge_method = $request->query('code_challenge_method'); + + if ($this->config['enforce_pkce']) { + if (!$code_challenge) { + $response->setError(400, 'missing_code_challenge', 'This application requires you provide a PKCE code challenge'); + + return false; + } + + if (preg_match('/^[A-Za-z0-9-._~]{43,128}$/', $code_challenge) !== 1) { + $response->setError(400, 'invalid_code_challenge', 'The PKCE code challenge supplied is invalid'); + + return false; + } + + if (!in_array($code_challenge_method, array('plain', 'S256'), true)) { + $response->setError(400, 'missing_code_challenge_method', 'This application requires you specify a PKCE code challenge method'); + + return false; + } + } + + $this->code_challenge = $code_challenge; + $this->code_challenge_method = $code_challenge_method; + return true; } |